[rabbitmq-tracing] why require a password, at all?

[Anthony Mastrean]

It seems odd that I should duplicate a password in the rabbitmq-tracing conf. Especially, if I already specified that user in, say, the management definitions file. I'm also concerned that this password is plaintext and doesn't support the hashed format. I'm sure I'm missing something about the way plugins work or what data they have access to. 

For example

rabbitmq.config

[
    {rabbitmq_management, [
        {load_definitions, "/etc/rabbitmq/definitions.json"}
    ]},
    {rabbitmq_tracing, [
        {username, <<"admin">>},
        {password, <<"password123">>}
    ]}
].

definitions.json

{
    "bindings": [],
    "exchanges": [],
    "parameters": [],
    "permissions": [
        {
            "configure": ".*",
            "read": ".*",
            "user": "admin",
            "vhost": "/",
            "write": ".*"
        }
    ],
    "policies": [],
    "queues": [],
    "users": [
        {
            "name": "admin",
            "password": "password123",
            "tags": "administrator"
        }
    ],
    "vhosts": [
        {
            "name": "/"
        }
    ]
}

[Anthony Mastrean]

While we're at it, I only just updated from RabbitMQ 3.6 to 3.7 (and I'm moving to 3.8 soon, don't worry). I was able to use the following tracing config before (note the "normal" quotes)

rabbitmq.config

[
    {rabbitmq_management, [
        {load_definitions, "/etc/rabbitmq/definitions.json"}
    ]},
    {rabbitmq_tracing, [
        {username, "admin"},
        {password, "password123"}
    ]}
].

That format is not working in 3.7! I get an obscure "could not start trace" error message. I noticed, in this comment, that the << and >> are significant. That's not a format I'm familiar with. It's not used anywhere else in any RabbitMQ conf format. And, it appears to be a breaking change that I didn't see this in any release notes.

[Luke Bakken]

Hi Anthony,

Please see a description of this plugin here:

https://github.com/rabbitmq/rabbitmq-tracing

A username and password is required since the plugin acts as as AMQP consumers, which require authentication information.

I don't know when the format for the username and password changed to require << >> characters, but they are significant. There are, in fact, a few places remaining in the Erlang term configuration file (rabbitmq.config / advanced.config) where they are required (see attached file).

Also, please note this disclaimer, which is why a plain-text password is considered acceptable (from https://github.com/rabbitmq/rabbitmq-tracing#performance):

this plugin is intended to be used in development and QA environments. It will increase RAM consumption and CPU usage of a node.

Thanks,

Luke

[Anthony Mastrean]

Thanks for the clarification on the use of << and >>. I don't use any of those other plugins, so I've never seen that format before and it wasn't registering as significant when I read the docs.

As for the plaintext password, understandable as a consumer process and in the context of dev/QA. I need to redesign the conf for this application so that we can load less secure defaults in dev/QA (for example, just leave the guest account enabled) and, in production, never ship tracing and always remove the guest account. So, thanks for that note!