Feat[MQB]: Add authn plugin config and controller (#740)

Signed-off-by: Emelia Lei <[email protected]>

Author: emelialei88

.github/workflows/build.yaml

@@ -64,7 +64,7 @@ jobs:
             -DBDE_BUILD_TARGET_CPP17=ON \
             -DCMAKE_PREFIX_PATH=${{ github.workspace }}/deps/srcs/bde-tools/BdeBuildSystem \
             -DCMAKE_INSTALL_LIBDIR=lib64
-          cmake --build build/blazingmq --parallel 8 --target bmqbrkr bmqtool bmqstoragetool all.it
+          cmake --build build/blazingmq --parallel 8 --target bmqbrkr bmqtool bmqstoragetool all.it bmqauthnpass bmqauthnfail
 
       - name: Clean-up build directories before caching
         run: |

CMakeLists.txt

@@ -123,6 +123,8 @@ if (NOT DEFINED INSTALL_TARGETS)
   set(BMQ_TARGET_E_BMQBRKR_NEEDED      YES)
   set(BMQ_TARGET_TUTORIAL_NEEDED       YES)
   set(BMQ_TARGET_PROMETHEUS_NEEDED     NO)
+  set(BMQ_TARGET_AUTHNPASS_NEEDED      YES)
+  set(BMQ_TARGET_AUTHNFAIL_NEEDED      YES)
 else()
   bbproject_check_install_target("bmqbrkr"         installBMQBRKR)
   bbproject_check_install_target("BMQBRKR_NIGHTLY" installNightly)
@@ -144,13 +146,17 @@ else()
   set(BMQ_TARGET_MQB_NEEDED            NO)
   set(BMQ_TARGET_TUTORIAL_NEEDED       NO)
   set(BMQ_TARGET_PROMETHEUS_NEEDED     NO)
+  set(BMQ_TARGET_AUTHNPASS_NEEDED      NO)
+  set(BMQ_TARGET_AUTHNFAIL_NEEDED      NO)
 
   bbproject_check_install_target("bmq"            installBMQ)
   bbproject_check_install_target("mqb"            installMQB)
   bbproject_check_install_target("bmqbrkrcfg"     installBMQBRKRCFG)
   bbproject_check_install_target("bmqtool"        installBMQTOOL)
   bbproject_check_install_target("bmqstoragetool" installBMQSTORAGETOOL)
   bbproject_check_install_target("prometheus"     installPROMETHEUS)
+  bbproject_check_install_target("authnpass"      installAUTHNPASS)
+  bbproject_check_install_target("authnfail"      installAUTHNFAIL)
 
   if (installBMQ)
     set(BMQ_TARGET_BMQ_NEEDED YES)
@@ -189,6 +195,18 @@ else()
     set(BMQ_TARGET_MQB_NEEDED        YES)
     set(BMQ_TARGET_PROMETHEUS_NEEDED YES)
   endif()
+
+  if (installAUTHNPASS)
+    set(BMQ_TARGET_BMQ_NEEDED       YES)
+    set(BMQ_TARGET_MQB_NEEDED       YES)
+    set(BMQ_TARGET_AUTHNPASS_NEEDED YES)
+  endif()
+
+  if (installAUTHNFAIL)
+    set(BMQ_TARGET_BMQ_NEEDED       YES)
+    set(BMQ_TARGET_MQB_NEEDED       YES)
+    set(BMQ_TARGET_AUTHNFAIL_NEEDED YES)
+  endif()
 endif()
 
 find_package(Git)
@@ -305,7 +323,7 @@ add_subdirectory( "src/integration-tests" )
 #                                   PLUGINS
 # -----------------------------------------------------------------------------
 
-# Install all the headers for mqb + bmq 
+# Install all the headers for mqb + bmq
 install(TARGETS bmqbrkr_plugins
         EXPORT BmqbrkrPluginsTargets
         FILE_SET HEADERS

bin/build-darwin.sh

@@ -109,7 +109,7 @@ CMAKE_OPTIONS=(\
 
 PKG_CONFIG_PATH="${DIR_INSTALL}/lib/pkgconfig:${BREW_PKG_CONFIG_PATH}" \
 cmake -B "${DIR_BUILD}/blazingmq" -S "${DIR_ROOT}" "${CMAKE_OPTIONS[@]}"
-make -C "${DIR_BUILD}/blazingmq" -j 16
+cmake --build "${DIR_BUILD}/blazingmq" --parallel 16 --target bmqbrkr bmqtool all.it bmqauthnpass bmqauthnfail
 
 echo broker is here: "${DIR_BUILD}/blazingmq/src/applications/bmqbrkr/bmqbrkr.tsk"
 echo to run the broker: "${DIR_BUILD}/blazingmq/src/applications/bmqbrkr/run"

docker/build_deps.sh

@@ -49,7 +49,7 @@ fetch_deps() {
 configure() {
     PATH="$PATH:$(realpath srcs/bde-tools/bin)"
     export PATH
-    eval "$(bbs_build_env -u opt_64_cpp17)"
+    eval "$(bbs_build_env -u opt_64_cpp17_pic)"
 }
 
 build_bde() {
@@ -68,7 +68,7 @@ build_ntf() {
         --without-usage-examples     \
         --without-applications       \
         --without-warnings-as-errors \
-        --ufid opt_64_cpp17
+        --ufid opt_64_cpp17_pic
     make -j8
     make install
     popd

src/groups/mqb/group/mqb.mem

@@ -1,4 +1,5 @@
 mqba
+mqbauthn
 mqbblp
 mqbc
 mqbcfg

src/groups/mqb/mqba/mqba_application.cpp

@@ -24,6 +24,7 @@
 #include <mqba_domainmanager.h>
 #include <mqba_initialconnectionhandler.h>
 #include <mqba_sessionnegotiator.h>
+#include <mqbauthn_authenticationcontroller.h>
 #include <mqbblp_clustercatalog.h>
 #include <mqbblp_relayqueueengine.h>
 #include <mqbcfg_brokerconfig.h>
@@ -166,6 +167,7 @@ Application::Application(bdlmt::EventScheduler* scheduler,
 , d_allocatorsStatContext_p(allocatorsStatContext)
 , d_pluginManager_mp()
 , d_statController_mp()
+, d_authenticationController_mp()
 , d_configProvider_mp()
 , d_dispatcher_mp()
 , d_transportManager_mp()
@@ -253,7 +255,8 @@ int Application::start(bsl::ostream& errorDescription)
         rc_DOMAINMANAGER                     = -8,
         rc_TRANSPORTMANAGER_LISTEN           = -9,
         rc_ADMIN_POOL_START_FAILURE          = -10,
-        rc_PLUGINMANAGER                     = -11
+        rc_PLUGINMANAGER                     = -11,
+        rc_AUTHENTICATIONCONTROLLER          = -12,
     };
 
     int rc = rc_SUCCESS;
@@ -295,6 +298,17 @@ int Application::start(bsl::ostream& errorDescription)
         return (rc * 100) + rc_STATCONTROLLER;  // RETURN
     }
 
+    // Start the AuthenticationController
+    d_authenticationController_mp.load(
+        new (*d_allocator_p) mqbauthn::AuthenticationController(
+            d_pluginManager_mp.get(),
+            d_allocators.get("AuthenticationController")),
+        d_allocator_p);
+    rc = d_authenticationController_mp->start(errorDescription);
+    if (rc != 0) {
+        return (rc * 100) + rc_AUTHENTICATIONCONTROLLER;  // RETURN
+    }
+
     // Start the config provider
     d_configProvider_mp.load(new (*d_allocator_p) ConfigProvider(
                                  d_allocators.get("ConfigProvider")),
@@ -527,6 +541,7 @@ void Application::stop()
     STOP_OBJ(d_dispatcher_mp, "Dispatcher");
     STOP_OBJ(d_configProvider_mp, "ConfigProvider");
     STOP_OBJ(d_statController_mp, "StatController");
+    STOP_OBJ(d_authenticationController_mp, "AuthenticationController");
     STOP_OBJ(d_pluginManager_mp, "PluginManager");
 
     // and now DESTROY everything
@@ -536,6 +551,7 @@ void Application::stop()
     DESTROY_OBJ(d_dispatcher_mp, "Dispatcher");
     DESTROY_OBJ(d_configProvider_mp, "ConfigProvider");
     DESTROY_OBJ(d_statController_mp, "StatController");
+    DESTROY_OBJ(d_authenticationController_mp, "AuthenticationController");
     DESTROY_OBJ(d_pluginManager_mp, "PluginManager");
 
     BALL_LOG_INFO << "BMQbrkr stopped";

src/groups/mqb/mqba/mqba_application.h

@@ -27,6 +27,7 @@
 
 // MQB
 #include <mqba_commandrouter.h>
+#include <mqbauthn_authenticationcontroller.h>
 #include <mqbcmd_messages.h>
 #include <mqbconfm_messages.h>
 #include <mqbi_cluster.h>
@@ -97,18 +98,20 @@ class Application {
 
   private:
     // PRIVATE TYPES
-    typedef bslma::ManagedPtr<mqbplug::PluginManager>   PluginManagerMp;
-    typedef bslma::ManagedPtr<mqbblp::ClusterCatalog>   ClusterCatalogMp;
-    typedef bslma::ManagedPtr<ConfigProvider>           ConfigProviderMp;
-    typedef bslma::ManagedPtr<Dispatcher>               DispatcherMp;
-    typedef bslma::ManagedPtr<DomainManager>            DomainManagerMp;
-    typedef bslma::ManagedPtr<mqbstat::StatController>  StatControllerMp;
+    typedef bslma::ManagedPtr<mqbplug::PluginManager>  PluginManagerMp;
+    typedef bslma::ManagedPtr<mqbblp::ClusterCatalog>  ClusterCatalogMp;
+    typedef bslma::ManagedPtr<ConfigProvider>          ConfigProviderMp;
+    typedef bslma::ManagedPtr<Dispatcher>              DispatcherMp;
+    typedef bslma::ManagedPtr<DomainManager>           DomainManagerMp;
+    typedef bslma::ManagedPtr<mqbstat::StatController> StatControllerMp;
+    typedef bslma::ManagedPtr<mqbauthn::AuthenticationController>
+        AuthenticationControllerMp;
     typedef bslma::ManagedPtr<mqbnet::TransportManager> TransportManagerMp;
     typedef bdlcc::SharedObjectPool<
         bdlbb::Blob,
         bdlcc::ObjectPoolFunctors::DefaultCreator,
         bdlcc::ObjectPoolFunctors::RemoveAll<bdlbb::Blob> >
-        BlobSpPool;
+                                                           BlobSpPool;
     typedef bsl::vector<bsl::shared_ptr<mqbnet::Session> > Sessions;
 
     // Data members
@@ -144,6 +147,9 @@ class Application {
     /// Statistics controller component.
     StatControllerMp d_statController_mp;
 
+    /// Authentication controller component.
+    AuthenticationControllerMp d_authenticationController_mp;
+
     ConfigProviderMp d_configProvider_mp;
 
     DispatcherMp d_dispatcher_mp;

src/groups/mqb/mqba/package/mqba.dep

@@ -1,3 +1,4 @@
+mqbauthn
 mqbblp
 mqbcmd
 mqbnet

src/groups/mqb/mqbauthn/mqbauthn_authenticationcontroller.cpp

@@ -0,0 +1,161 @@
+// Copyright 2017-2023 Bloomberg Finance L.P.
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// mqbauthn_authenticationcontroller.cpp                          -*-C++-*-
+#include <mqbauthn_authenticationcontroller.h>
+
+#include <mqbscm_version.h>
+// BMQ
+#include <bmqtsk_alarmlog.h>
+#include <bmqu_memoutstream.h>
+
+// MQB
+#include <mqbcfg_brokerconfig.h>
+#include <mqbcfg_messages.h>
+#include <mqbplug_authenticator.h>
+#include <mqbplug_pluginfactory.h>
+
+// BDE
+#include <bsl_string.h>
+#include <bsl_unordered_set.h>
+
+namespace BloombergLP {
+namespace mqbauthn {
+
+namespace {
+
+typedef bsl::unordered_set<mqbplug::PluginFactory*> PluginFactories;
+
+}  // close unnamed namespace
+
+// ------------------------------
+// class AuthenticationController
+// ------------------------------
+
+AuthenticationController::AuthenticationController(
+    mqbplug::PluginManager* pluginManager,
+    bslma::Allocator*       allocator)
+: d_pluginManager_p(pluginManager)
+, d_allocator_p(allocator)
+{
+}
+
+int AuthenticationController::start(bsl::ostream& errorDescription)
+{
+    enum RcEnum {
+        // Enum for the various RC error categories
+        rc_SUCCESS             = 0,
+        rc_DUPLICATE_MECHANISM = -1
+    };
+
+    int                rc = rc_SUCCESS;
+    bmqu::MemOutStream errorStream(d_allocator_p);
+
+    // Assign fallback principal
+    bdlb::NullableValue<bsl::string> fallbackPrincipal =
+        mqbcfg::BrokerConfig::get().authentication().fallbackPrincipal();
+    if (!fallbackPrincipal.isNull()) {
+        d_principal = fallbackPrincipal.value();
+    }
+
+    // Initialize Authenticators from plugins
+    {
+        PluginFactories pluginFactories(d_allocator_p);
+        d_pluginManager_p->get(mqbplug::PluginType::e_AUTHENTICATOR,
+                               &pluginFactories);
+
+        for (PluginFactories::const_iterator factoryIt =
+                 pluginFactories.cbegin();
+             factoryIt != pluginFactories.cend();
+             ++factoryIt) {
+            mqbplug::AuthenticatorPluginFactory* factory =
+                dynamic_cast<mqbplug::AuthenticatorPluginFactory*>(*factoryIt);
+            AuthenticatorMp authenticator = factory->create(d_allocator_p);
+
+            // Check if there's an authenticator with duplicate mechanism
+            AuthenticatorMap::const_iterator cit = d_authenticators.find(
+                authenticator->mechanism());
+            if (cit != d_authenticators.cend()) {
+                errorDescription << "Attempting to create duplicate "
+                                    "authenticator with mechanism '"
+                                 << authenticator->mechanism();
+                return rc_DUPLICATE_MECHANISM;
+            }
+
+            // Start the authenticator
+            if (int status = authenticator->start(errorStream)) {
+                BMQTSK_ALARMLOG_ALARM("#AUTHENTICATION")
+                    << "Failed to start Authenticator '"
+                    << authenticator->name() << "' [rc: " << status
+                    << ", error: '" << errorStream.str() << "']"
+                    << BMQTSK_ALARMLOG_END;
+                errorStream.reset();
+                continue;  // CONTINUE
+            }
+
+            // Add the authenticator into the collection
+            d_authenticators.emplace(
+                authenticator->mechanism(),
+                bslmf::MovableRefUtil::move(authenticator));
+        }
+    }
+
+    return rc;
+}
+
+void AuthenticationController::stop()
+{
+}
+
+int AuthenticationController::authenticate(
+    bsl::ostream&                                   errorDescription,
+    bsl::shared_ptr<mqbplug::AuthenticationResult>* result,
+    bslstl::StringRef                               mechanism,
+    const mqbplug::AuthenticationData&              input)
+{
+    enum RcEnum {
+        // Enum for the various RC error categories
+        rc_SUCCESS                 = 0,
+        rc_AUTHENTICATION_FAILED   = -1,
+        rc_MECHANISM_NOT_SUPPORTED = -2
+    };
+
+    int                rc = rc_SUCCESS;
+    bmqu::MemOutStream errorStream(d_allocator_p);
+
+    AuthenticatorMap::const_iterator cit = d_authenticators.find(mechanism);
+    if (cit != d_authenticators.cend()) {
+        const AuthenticatorMp& authenticator = cit->second;
+        rc = authenticator->authenticate(errorStream, result, input);
+        if (rc != rc_SUCCESS) {
+            errorDescription << "AuthenticationController: failed to "
+                                "authenticate with mechanism '"
+                             << mechanism << "'. (rc = " << rc
+                             << "). Detailed error: " << errorStream.str();
+            return (rc * 10 + rc_AUTHENTICATION_FAILED);
+        }
+    }
+    else {
+        errorDescription
+            << "AuthenticationController: authentication mechanism '"
+            << mechanism << "' not supported.";
+        return (rc * 10 + rc_MECHANISM_NOT_SUPPORTED);
+    }
+
+    return rc_SUCCESS;
+}
+
+}  // close package namespace
+}  // close enterprise namespace