def __init__(self,
host="localhost",
port=5672,
user="******",
password="******",
connection_attempts=3,
heartbeat_interval=3600,
virtual_host="/",
exchange="beer_garden",
ssl=None,
blocked_connection_timeout=None,
**kwargs):
self._host = host
self._port = port
self._user = user
self._password = password
self._connection_attempts = connection_attempts
self._heartbeat = kwargs.get("heartbeat", heartbeat_interval)
self._blocked_connection_timeout = blocked_connection_timeout
self._virtual_host = virtual_host
self._exchange = exchange
ssl = ssl or {}
self._ssl_enabled = ssl.get("enabled", False)
if not self._ssl_enabled:
self._ssl_options = None
elif PIKA_ONE:
ssl_context = pyssl.create_default_context(
cafile=ssl.get("ca_cert", None))
if ssl.get("ca_verify"):
ssl_context.verify_mode = pyssl.CERT_REQUIRED
else:
ssl_context.check_hostname = False
ssl_context.verify_mode = pyssl.CERT_NONE
self._ssl_options = SSLOptions(ssl_context,
server_hostname=self._host)
else:
mode = pyssl.CERT_REQUIRED if ssl.get(
"ca_verify") else pyssl.CERT_NONE
self._ssl_options = SSLOptions(
cafile=ssl.get("ca_cert", None),
verify_mode=mode,
server_hostname=self._host,
)
# Save the 'normal' params so they don't need to be reconstructed
self._conn_params = self.connection_parameters()
def connect(self):
""" Connect to broker """
logger.debug("Connecting to AMQP broker {}:{}".format(self.host, self.port))
try:
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
context.verify_mode = ssl.CERT_REQUIRED
context.load_verify_locations(cafile=self.caCertsFile)
context.load_cert_chain(self.certFile, keyfile=self.keyFile)
ssloptions = SSLOptions(context)
except Exception:
ssloptions = None
conn_params = ConnectionParameters(
host=self.host,
port=self.port,
ssl_options=ssloptions
)
if self.connection is not None:
logger.debug("Connect called on {}:{}, but connection already defined. Disconnecting and reconnecting".format(self.host, self.port))
self.disconnect()
self.connection = BlockingConnection(conn_params)
self.channel = self.connection.channel()
logger.debug("Connected to AMQP broker {}:{}".format(self.host, self.port))
def connect(self):
"""This method connects to RabbitMQ, returning the connection handle.
When the connection is established, the on_connection_open method
will be invoked by pika.
:rtype: pika.SelectConnection
"""
LOGGER.info("Connecting to %s", self._server_details.host)
credentials = PlainCredentials(self._server_details.username,
self._server_details.password)
connection_params = ConnectionParameters(
host=self._server_details.host,
port=self._server_details.port,
virtual_host=self._server_details.vhost,
credentials=credentials,
)
if self._server_details.uses_ssl:
cafile = os.getenv("REQUESTS_CA_BUNDLE")
ssl_context = ssl.create_default_context(cafile=cafile)
connection_params.ssl_options = SSLOptions(ssl_context)
return SelectConnection(
parameters=connection_params,
on_open_callback=self.on_connection_open,
on_open_error_callback=self.on_connection_open_error,
on_close_callback=self.on_connection_closed,
)
def __init__(
self,
host='localhost',
port=5672,
user='******',
password='******',
connection_attempts=3,
heartbeat_interval=3600,
virtual_host='/',
exchange='beer_garden',
ssl=None,
):
self._host = host
self._port = port
self._user = user
self._password = password
self._connection_attempts = connection_attempts
self._heartbeat_interval = heartbeat_interval
self._virtual_host = virtual_host
self._exchange = exchange
ssl = ssl or {}
self._ssl_enabled = ssl.get('enabled', False)
self._ssl_options = SSLOptions(
cafile=ssl.get('ca_cert', None),
verify_mode=pyssl.CERT_REQUIRED
if ssl.get('ca_verify') else pyssl.CERT_NONE,
)
# Save the 'normal' params so they don't need to be reconstructed
self._conn_params = self.connection_parameters()
def _configure_tls_parameters(parameters):
"""
Configure the pika connection parameters for TLS based on the configuration.
This modifies the object provided to it. This accounts for whether or not
the new API based on the standard library's SSLContext is available for
pika.
Args:
parameters (pika.ConnectionParameters): The connection parameters to apply
TLS connection settings to.
"""
cert = config.conf["tls"]["certfile"]
key = config.conf["tls"]["keyfile"]
if cert and key:
_log.info(
"Authenticating with server using x509 (certfile: %s, keyfile: %s)",
cert,
key,
)
parameters.credentials = pika.credentials.ExternalCredentials()
else:
cert, key = None, None
if SSLOptions is None:
parameters.ssl = True
parameters.ssl_options = {
"keyfile": key,
"certfile": cert,
"ca_certs": config.conf["tls"]["ca_cert"],
"cert_reqs": ssl.CERT_REQUIRED,
"ssl_version": ssl.PROTOCOL_TLSv1_2,
}
else:
ssl_context = ssl.create_default_context()
if config.conf["tls"]["ca_cert"]:
try:
ssl_context.load_verify_locations(
cafile=config.conf["tls"]["ca_cert"])
except ssl.SSLError as e:
raise ConfigurationException(
'The "ca_cert" setting in the "tls" section is invalid ({})'
.format(e))
ssl_context.options |= ssl.OP_NO_SSLv2
ssl_context.options |= ssl.OP_NO_SSLv3
ssl_context.options |= ssl.OP_NO_TLSv1
ssl_context.options |= ssl.OP_NO_TLSv1_1
ssl_context.verify_mode = ssl.CERT_REQUIRED
ssl_context.check_hostname = True
if cert and key:
try:
ssl_context.load_cert_chain(cert, key)
except ssl.SSLError as e:
raise ConfigurationException(
'The "keyfile" setting in the "tls" section is invalid ({})'
.format(e))
parameters.ssl_options = SSLOptions(ssl_context,
server_hostname=parameters.host)
def __init__(self, server_details: RabbitServerDetails):
credentials = PlainCredentials(server_details.username,
server_details.password)
self._connection_params = ConnectionParameters(
host=server_details.host,
port=server_details.port,
virtual_host=server_details.vhost,
credentials=credentials,
)
if server_details.uses_ssl:
cafile = os.getenv("REQUESTS_CA_BUNDLE")
ssl_context = ssl.create_default_context(cafile=cafile)
self._connection_params.ssl_options = SSLOptions(ssl_context)