Skip to content

feat: create oauth2 auth trigger, integrate it with rabbitmq scaler#7454

Merged
wozniakjan merged 24 commits into
kedacore:mainfrom
KyriosGN0:rmq-oauth2
May 25, 2026
Merged

feat: create oauth2 auth trigger, integrate it with rabbitmq scaler#7454
wozniakjan merged 24 commits into
kedacore:mainfrom
KyriosGN0:rmq-oauth2

Conversation

@KyriosGN0

@KyriosGN0 KyriosGN0 commented Feb 14, 2026

Copy link
Copy Markdown
Contributor

Provide a description of what has been changed

This PR add a new OAuth2 spec to to TriggerAuth crd, this spec will generate an access token that is returned to the scaler.
This PR also integrates this new spec to RabbitMQ scaler (currently only for http connection)
this allows people who use RabbitMQ with OAuth to use a timed access token instead of username/password

Checklist

  • When introducing a new scaler, I agree with the scaling governance policy
  • I have verified that my change is according to the deprecations & breaking changes policy
  • Tests have been added (if applicable)
  • Ensure make generate-scalers-schema has been run to update any outdated generated files
  • Changelog has been updated and is aligned with our changelog requirements, only when the change impacts end users
  • A PR is opened to update the documentation on (repo) (if applicable)
  • Commits are signed with Developer Certificate of Origin (DCO - learn more)

Fixes #7379
Fixes #7525
Docs kedacore/keda-docs#1707

@KyriosGN0 KyriosGN0 requested a review from a team as a code owner February 14, 2026 13:26
@github-actions

Copy link
Copy Markdown

Thank you for your contribution! 🙏

Please understand that we will do our best to review your PR and give you feedback as soon as possible, but please bear with us if it takes a little longer as expected.

While you are waiting, make sure to:

  • Add an entry in our changelog in alphabetical order and link related issue
  • Update the documentation, if needed
  • Add unit & e2e tests for your changes
  • GitHub checks are passing
  • Is the DCO check failing? Here is how you can fix DCO issues

Once the initial tests are successful, a KEDA member will ensure that the e2e tests are run. Once the e2e tests have been successfully completed, the PR may be merged at a later date. Please be patient.

Learn more about our contribution guide.

@snyk-io

snyk-io Bot commented Feb 14, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Comment thread CHANGELOG.md Outdated
@keda-automation keda-automation requested a review from a team February 16, 2026 19:09

@zroubalik zroubalik left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please also open docs PR (documenting both new TriggerAuth config and RabbitMQ)?

Comment thread pkg/scalers/liiklus/LiiklusService_grpc.pb.go Outdated
@keda-automation keda-automation requested a review from a team February 25, 2026 22:01
@KyriosGN0

Copy link
Copy Markdown
Contributor Author

hey @rickbrouwer, could you give my PR another look? Thanks!

@KyriosGN0

Copy link
Copy Markdown
Contributor Author

hey @rickbrouwer, could you look at the PR again? i fixed the changelog issue

@KyriosGN0

Copy link
Copy Markdown
Contributor Author

hey @rickbrouwer, small ping for this PR
Thanks in advance!

Comment thread .golangci.yml Outdated
Comment thread apis/keda/v1alpha1/triggerauthentication_webhook.go Outdated
@keda-automation keda-automation requested a review from a team April 6, 2026 18:42
@KyriosGN0

Copy link
Copy Markdown
Contributor Author

btw @rickbrouwer do i need to open a PR to helm chart? i do modify the CRDs but i assume they are generated when a release is done right?

@rickbrouwer

Copy link
Copy Markdown
Member

It all looks good to me! Great!
Do you think you could make an e2e so we can be sure it works?

@KyriosGN0

Copy link
Copy Markdown
Contributor Author

It all looks good to me! Great!

Do you think you could make an e2e so we can be sure it works?

I did test it locally to make sure this works, will add E2E test

@KyriosGN0

Copy link
Copy Markdown
Contributor Author

@rickbrouwer added E2E tests for it

@rickbrouwer

Copy link
Copy Markdown
Member

can you check the semgrep findings?

@KyriosGN0

Copy link
Copy Markdown
Contributor Author

@rickbrouwer i see the same pattern in other tests as well

NoAuthConnectionString = fmt.Sprintf("amqp://rabbitmq.%s.svc.cluster.local", rmqNamespace)

connectionString = fmt.Sprintf("amqp://%s:%s@rabbitmq.%s.svc.cluster.local", user, password, rmqNamespace)

@rickbrouwer

rickbrouwer commented Apr 9, 2026

Copy link
Copy Markdown
Member

/run-e2e rabbit*
Update: You can check the progress here

KyriosGN0 and others added 17 commits May 25, 2026 09:56
Signed-off-by: AvivGuiser <[email protected]>
Signed-off-by: AvivGuiser <[email protected]>
Signed-off-by: AvivGuiser <[email protected]>
Signed-off-by: AvivGuiser <[email protected]>
Signed-off-by: AvivGuiser <[email protected]>
Signed-off-by: AvivGuiser <[email protected]>
Signed-off-by: AvivGuiser <[email protected]>
@wozniakjan

wozniakjan commented May 25, 2026

Copy link
Copy Markdown
Member

/run-e2e rabbit
Update: You can check the progress here

passed tests: 14
Execution of tests/scalers/rabbitmq/rabbitmq_queue_http_dpratio/rabbitmq_queue_http_dpratio_test.go, has passed after "one" attempts
Execution of tests/scalers/rabbitmq/rabbitmq_queue_http_regex/rabbitmq_queue_http_regex_test.go, has passed after "one" attempts
Execution of tests/scalers/rabbitmq/rabbitmq_queue_http_regex_vhost/rabbitmq_queue_http_regex_vhost_test.go, has passed after "one" attempts
Execution of tests/scalers/rabbitmq/rabbitmq_queue_http_aad_wi/rabbitmq_queue_http_aad_wi_test.go, has passed after "one" attempts
Execution of tests/scalers/rabbitmq/rabbitmq_queue_http_vhost/rabbitmq_queue_http_vhost_test.go, has passed after "one" attempts
Execution of tests/scalers/rabbitmq/rabbitmq_queue_http_eqct/rabbitmq_queue_http_eqct_test.go, has passed after "one" attempts
Execution of tests/scalers/rabbitmq/rabbitmq_queue_http_regex_aad_wi/rabbitmq_queue_http_regex_aad_wi_test.go, has passed after "one" attempts
Execution of tests/scalers/rabbitmq/rabbitmq_queue_http_dget/rabbitmq_queue_http_dget_test.go, has passed after "one" attempts
Execution of tests/scalers/rabbitmq/rabbitmq_queue_http/rabbitmq_queue_http_test.go, has passed after "one" attempts
Execution of tests/scalers/rabbitmq/rabbitmq_queue_amqp/rabbitmq_queue_amqp_test.go, has passed after "one" attempts
Execution of tests/scalers/rabbitmq/rabbitmq_queue_amqp_vhost/rabbitmq_queue_amqp_vhost_test.go, has passed after "one" attempts
Execution of tests/scalers/rabbitmq/rabbitmq_queue_http_oauth2/rabbitmq_queue_http_oauth2_test.go, has passed after "one" attempts
Execution of tests/scalers/rabbitmq/rabbitmq_queue_amqp_auth/rabbitmq_queue_amqp_auth_test.go, has passed after "one" attempts
Execution of tests/scalers/rabbitmq/rabbitmq_queue_http_auth/rabbitmq_queue_http_auth_test.go, has passed after "one" attempts
failed tests: 0

@wozniakjan wozniakjan enabled auto-merge (squash) May 25, 2026 08:20
@wozniakjan wozniakjan dismissed rickbrouwer’s stale review May 25, 2026 08:21

changelog updated

@wozniakjan wozniakjan added the Awaiting/2nd-approval This PR needs one more approval review label May 25, 2026
@rickbrouwer rickbrouwer added waiting-for-e2e and removed Awaiting/2nd-approval This PR needs one more approval review labels May 25, 2026
@wozniakjan wozniakjan merged commit 6330ba5 into kedacore:main May 25, 2026
26 checks passed
shcherbak pushed a commit to shcherbak/keda that referenced this pull request Jun 3, 2026
…edacore#7454)

* feat: create oauth2 auth trigger, integrate it with rabbitmq scaler

Signed-off-by: AvivGuiser <[email protected]>

* updated scaler-schema

Signed-off-by: AvivGuiser <[email protected]>

* update changelog

Signed-off-by: AvivGuiser <[email protected]>

* fix changelog and manifests

Signed-off-by: AvivGuiser <[email protected]>

* fix changelog

Signed-off-by: AvivGuiser <[email protected]>

* fix changelog

Signed-off-by: AvivGuiser <[email protected]>

* remove unrelated changes

Signed-off-by: AvivGuiser <[email protected]>

* remove unrelated changes

Signed-off-by: AvivGuiser <[email protected]>

* remove unrelated changes

Signed-off-by: AvivGuiser <[email protected]>

* fix conflicts

Signed-off-by: AvivGuiser <[email protected]>

* remvoe test files

Signed-off-by: AvivGuiser <[email protected]>

* validate the url is only http/https

Signed-off-by: AvivGuiser <[email protected]>

* remove revive rule from .golangci.yml

Signed-off-by: AvivGuiser <[email protected]>

* add E2E tests for rabbitmq oauth2

Signed-off-by: AvivGuiser <[email protected]>

* fix unrelerated diffs after rebase

Signed-off-by: AvivGuiser <[email protected]>

* make clientSecret optional and make ClientCredential as default for type

Signed-off-by: AvivGuiser <[email protected]>

* update cluster trigger auth yml

Signed-off-by: AvivGuiser <[email protected]>

* block basic-auth and oauth2 in rabbitmq scaler, fix http client

Signed-off-by: AvivGuiser <[email protected]>

* remove webhook validation for client secret

Signed-off-by: AvivGuiser <[email protected]>

* update changelog.md

Signed-off-by: AvivGuiser <[email protected]>

* use authentication.OAuth and other fixes

Signed-off-by: AvivGuiser <[email protected]>

* update scalers-schema.yaml

Signed-off-by: AvivGuiser <[email protected]>

* fix conflicts

Signed-off-by: AvivGuiser <[email protected]>

* update changelog.md

Signed-off-by: AvivGuiser <[email protected]>

---------

Signed-off-by: AvivGuiser <[email protected]>
Signed-off-by: AvivGuiser <[email protected]>
Signed-off-by: Yurii Shcherbak <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add AWS IAM/OAuth2 Authentication Support for RabbitMQ Scaler (Amazon MQ) suppport generic oauth2 in RabbitMQ scaler

6 participants