STOMP-and-n6-related updates, fixes and enhancements, especially adding login-based authentication #2408
Commits on Sep 27, 2023
-
STOMP bots: several updates, fixes and improvements + some refactoring
The updates, fixes and improvements regard the *STOMP collector* and *STOMP output* bots. Important changes are described below... From now on, newer versions of the `stomp.py` package are supported -- including the latest (8.1.0). Now both STOMP bots coerce the `port` configuration parameter to int -- so that a string representing an integer number is also acceptable (even if not recommended) as a value of that parameter. In the *STOMP output* bot, a bug has been fixed: `AttributeError` caused by attempts to get unset attributes (`ssl_ca_cert` and companions...). The *STOMP collector*'s reconnection mechanism has been fixed: from now on, no reconnection attempts are made after `shutdown()`. Apart from that, reconnection is not attempted at all for versions of `stomp.py` older than 4.1.21 (as it did not work properly anyway). Also regarding the *STOMP collector* bot, the following (undocumented and unused) attributes of `StompCollectorBot` instances are no longer set in `init()`: `ssl_ca_cert`, `ssl_cl_cert`, `ssl_cl_cert_key`. Various checks have been improved/enhanced. Now, for example, both STOMP bot classes implement the `check()` static/class method -- whose role is to check ("statically", without the need to run the bot) configuration parameters; in particular, it checks whether necessary certificate files are accessible. When it comes to runtime (on-initialization) checks, one notable improvement is that now also the *STOMP output* bot will raise a `MissingDependencyError` if the `stomp.py` version is older than 4.1.8 (an analogous check has already been implemented by *STOMP collector*). The code of those bot classes have also been significantly refactored -- in particular, several common operations have been factored out and placed in a new mix-in class: `intelmq.lib.mixins.StompMixin`; its definition resides in a new module: `intelmq.lib.mixins.stomp`. -
STOMP bots: add support for authentication by
username+passwordEach of the *STOMP collector* and *STOMP output* bots obtained the following new configuration parameters: * `auth_by_ssl_client_certificate` (a Boolean flag; it is `True` by default -- to keep backward compatibility); * `username` and `password` -- to be used as STOMP authentication credentials (login and passcode), but *only* if the aforementioned parameter `auth_by_ssl_client_certificate` is `False`. If `auth_by_ssl_client_certificate` is `False`, then the (supported also previously...) `ssl_client_certificate` and `ssl_client_certificate_key` parameters are ignored (i.e., not only left unused, but also there are *no checks* whether the files they refer to actually exist).
-
doc: add/update/improve stuff related to STOMP bots and *n6*
The changes include also those regarding *feeds* (values of certain properties of the CERT.PL's "N6 Stomp Stream" feed entry have been updated/improved) and the *changelog*.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.