#15192 by @lukebakken with a CI fix (backport #15193)#15194
Merged
michaelklishin merged 3 commits intov4.2.xfrom Dec 31, 2025
Merged
#15192 by @lukebakken with a CI fix (backport #15193)#15194michaelklishin merged 3 commits intov4.2.xfrom
michaelklishin merged 3 commits intov4.2.xfrom
Conversation
The etcd peer discovery plugin crashes during startup when username and
password authentication is configured. The crash occurs with a
`function_clause` error in `rabbit_data_coercion:to_list/1` when it
receives a double-wrapped encrypted password structure like `{encrypted,
{plaintext, Binary}}`.
This change adds authentication to the etcd test suite to reproduce the
bug. The test suite now starts etcd with authentication enabled, creates
a `rabbitmq` user with password `s3kR37`, and passes these credentials
to the etcd client. The test also ensures the `credentials_obfuscation`
application starts before the etcd client to properly encrypt passwords.
The bug occurs in `deobfuscate/1` which wraps an already-encrypted
password with another `{encrypted, ...}` tuple, creating the
double-wrapped structure that causes `to_list/1` to fail.
Fixes #15191
(cherry picked from commit 604a7c1)
The `deobfuscate/1` function wraps an already-encrypted password with
another `{encrypted, ...}` tuple, creating a double-wrapped structure
like `{encrypted, {encrypted, Binary}}`. This causes
`rabbit_data_coercion:to_list/1` to fail with a `function_clause` error
because it has no clause matching the double-wrapped structure.
This change removes the extra wrapping in `deobfuscate/1`. The password
parameter is already in the correct format `{encrypted, Binary}` or
`{plaintext, Binary}` from the `obfuscate/1` call, so it passes directly
to `credentials_obfuscation:decrypt/1` without modification.
This matches the pattern used in other modules like
`rabbit_federation_util` and `amqp_direct_connection` which call
`credentials_obfuscation:decrypt/1` directly on encrypted values.
Fixes #15191
(cherry picked from commit b27de42)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is #15192 by @lukebakken with a CI-related test suite change from me.
This is an automatic backport of pull request #15193 done by Mergify.