michaelklishin
commented
4 years ago I am not sure what else we can improve. The logs in acse an incorrect backend response looks like this:
2020-06-03 22:21:44.466 [info] <0.593.0> accepting AMQP connection <0.593.0> (127.0.0.1:50091 -> 127.0.0.1:5672)
2020-06-03 22:21:44.469 [debug] <0.593.0> auth_backend_http: GET http://localhost:8000/auth/user?username=2admin&password=guest
2020-06-03 22:21:44.549 [debug] <0.593.0> auth_backend_http: response code is 200, body: "lollllz"
2020-06-03 22:21:44.549 [error] <0.593.0> Error on AMQP connection <0.593.0> (127.0.0.1:50091 -> 127.0.0.1:5672, state: starting):
PLAIN login refused: rabbit_auth_backend_http failed authenticating 2admin: {bad_response,
"lollllz"}
2020-06-03 22:21:47.550 [info] <0.593.0> closing AMQP connection <0.593.0> (127.0.0.1:50091 -> 127.0.0.1:5672)So both the reason and the returned value are specific enough.
Questions around misbehaving backing services do not go away, so current logging verbosity could be insufficient. It could also be the case that some recent logging improvements only have shipped some 5-6 weeks ago in
3.8.3.If the backing service does not respond as expected, all operations should deny authentication/authorization.
https://github.com/rabbitmq/discussions/issues/19 is an ongoing source of evidence and suggestions.