We have customized the way MQTT and WEB MQTT plugins works. Can we contribute this custom code back to open source?

[Biswajit Rout]

Hello All,

We have customized the way MQTT and WEB MQTT plugins works.

For MQTT, we have customized the MQTT plugin code to have Fingerprint-based-Authentication (client / device provides certificate to publish message to the broker. We extract the fingerprint from the client certificate and then verify with our system by calling REST service) before publishing messages to the broker. 

And in the same way for WEB MQTT, we have customized the WEB MQTT plugin code to have oAuth-token-based-Authentication (series of REST service calls to our system).before subscribing to a message already available in the broker.

All these customization is configurable through advanced.config

Can we contribute this custom code back to open source?

~ Biswajit

[Luke Bakken]

Hi Biswajit,

You are welcome to open pull requests on GitHub:

https://github.com/rabbitmq/rabbitmq-mqtt/

https://github.com/rabbitmq/rabbitmq-web-mqtt/

We will review the code changes to see if they are useful to include in the official plugins. We require that the pull requests include tests for new features and that the code format follows the style of the existing code.

Thanks!

Luke

[Biswajit Rout]

Hi Luke,

Considering that both intended contributions are connected to RabbitMQ and the counterpart is Pivotal in both cases, 

Can you please inquire with the admins of rabbitmq-web-mqtt is by signing the CCLA of rabbitmq-mqtt (see attached and referenced below highlighted in green) would suffice to make both contributions, or if the “old” contribution agreement indicated in the rabbitmq-web-mqtt (see below highlighted in teal) needs to be signed as well?

 

 

rabbitmq-mqtt

 

Contribution Guidelines à https://github.com/rabbitmq/rabbitmq-mqtt/blob/master/CONTRIBUTING.md

 

Contributor Agreement à https://cla.pivotal.io/sign/rabbitmq (see attached)

 

 

rabbitmq-web-mqtt

 

Contribution Guidelines à https://github.com/rabbitmq/rabbitmq-web-mqtt/blob/master/CONTRIBUTING.md

 

Contributor Agreement à https://github.com/rabbitmq/ca#how-to-submit

Best regards,

Biswajit

[Luke Bakken]

Hi Biswajit,

We just haven't updated the document for rabbitmq-web-mqtt.

When you open the pull request(s), there should be an automatic process in place where you can sign the contributor agreement. If that doesn't happen, let me know.

Thanks,

Luke

[Shambhavi Kumari]

Hi Luke,

On behalf of Biswajit.

we are getting this error at the time of pulling the request.

PFA.

Thanks and Regards,

Shambhavi

[Luke Bakken]

Hi Shambhavi,

I have never seen that issue before. Please re-try to open the request.

What is the URL of your fork, and what branch contains your changes?

Thanks,

Lukeu

[Shambhavi Kumari]

Hi Luke,

Now I am able to take a pull request. But not able to sign the CLA as sign corporate CLA. I am blocked to fill the Github Organization.

So, can you let us know what is the steps to submit the CLA as corporate.

Thanks

Shambhavi

[Luke Bakken]

Hi,

I don't see your pull request listed here - https://github.com/rabbitmq/rabbitmq-mqtt/pulls

Please open it and we will deal with the CLA some other way. It's not necessary to sign that to just open a PR.

Thanks,

Luke

[Shambhavi Kumari]

Hi Luke,

Please let us know, which would be the best way to provide a “signed” CLA.

Thanks,

Shambhavi

[Luke Bakken]

Hello,

Please open the pull request first. Thanks!

On Thursday, November 21, 2019 at 5:16:59 AM UTC-8, Shambhavi Kumari wrote:

Hi Luke,

[Shambhavi Kumari]

Hi Luke,

I have created a pull request  https://github.com/rabbitmq/rabbitmq-web-mqtt/pull/63. But not able to proceed further with the CLA. Please let us know some other way to sign the CLA as it is important for us to sign it.

Thanks,

Shambhavi

[Michael Klishin]

Thanks but your PR as it stands would not even compile as it references modules that are not present in either MQTT or Web MQTT plugins.

It would be nice to have a set of steps that would allow us to test it, too.

I am highly skeptical that in its current form it has a chance of getting past core team's QA. There is no problem statement, no explanation of how this would fit into

the existing pluggable authN/authZ framework or steps to reproduce. Can you share any of those things on this list first?

As for CLA, we haven't seen this before. I don't think Pivotal has a signed PDF process similar to what we had 5-6 years ago.

We'll have to ask legal for advice which can take a while.

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/f6dc705b-12be-4970-920d-16cd2f6b9987%40googlegroups.com.

--

MK

Staff Software Engineer, Pivotal/RabbitMQ

[Michael Klishin]

The PR submitted to date was closed.

Instead of adding reverts or manual reverts to this PR create a new branch with only the relevant changes, and submit that with any dependencies necessary (this PR references modules that do not exist anywhere) some additional information requested above:

 * How do other RabbitMQ users benefit from this change?
 * How does it fit into the existing authN/authZ framework?

 * Why can't it be achieved using, say, rabbitmq_auth_backend_http, a custom service and rabbitmq_auth_backend_cache to mitigate the overhead?

 * How do we test it?

Then we would consider it

[Shambhavi Kumari]

Hi Michael,

 Below are the answers to your requested queries-

  * How do other RabbitMQ users benefit from this change?

   Any user who wants also additional business logic to be implemented for authentication and authorization based   on a REST based controller.

 * How does it fit into the existing authN/authZ framework?

  An additional layer where we use combination of device certificate fingerprint and REST based services to hit our  internal A&A implementation. Any user who wants     additional layer of authentication on top of the broker provided security can use this plugin.       

 * Why can't it be achieved using, say, rabbitmq_auth_backend_http, a custom service and rabbitmq_auth_backend_cache to mitigate the overhead? 

There is an additional layer of logic that has been implemented where we call chain of services to pass through before we allow messages to read or written by a device connected to the queue using MQTT / Web MQTT plugins.

 * How do we test it?

Sample web service stub can be used to prove the points. 

 

 

Thanks,

 Shambhavi

[Wesley Peng]

Hi

on 2019/12/30 17:27, Shambhavi Kumari wrote:
> * How do other RabbitMQ users benefit from this change?
>
> Any user who wants also additional business logic to be implemented for
> authentication and authorization based   on a REST based controller.
>

Have you run some performance test? how about the QPS/error rate etc
after enabling this feature?

regards.