[rabbitmq-discuss] access for writing to exchange

Ruby Cut ruby.cutter at gmail.com
Mon Feb 13 14:02:18 GMT 2012 

Hi,

Wouldn't it be enough to have only write permission to write to exchange,
provided I do passive mode,

Here is example ruby script I expected to work but it doesn't.

prep with
gem install bunny
gem install rspec

run with

rspec test.rb


test.rb:
--------------------------------------------------------------
require 'bunny'
system "sudo rabbitmqctl add_vhost /x"
system "sudo rabbitmqctl add_user writer 123"
# with this it works
# system "sudo rabbitmqctl set_permissions -p /x writer '.*' '.*'  'foo'"
# with this it doesn't
system "sudo rabbitmqctl set_permissions -p /x writer 'foo' '.*'  'foo'"
system "sudo rabbitmqctl add_user admin 321"
system "sudo rabbitmqctl set_permissions -p /x admin '.*' '.*'  '.*'"

describe "wonderful bunny permission tests" do
  it "should only push" do


    @admin = Bunny.new(:host => 'localhost',:vhost=> "/x", :port =>
5672,:user=>"admin",:pass=> "321" )
    @admin.start

    # create/get queue
    q = @admin.queue('myqueue')

    # create/get exchange
    exchange = @admin.exchange("myexchange",:type => :topic,:durable =>
true)

    # bind queue to exchange
    q.bind(exchange,:key => "#")

    ##############################
    @writer =  Bunny.new(:host => 'localhost',:vhost=> "/x", :port =>
5672,:user=>"writer",:pass=> "123",:logging=>true )
    @writer.start
    e = @writer.exchange("myexchange", :passive => true)
    e.publish "yo"

    q.pop[:payload].should == "yo"
  end

end

And reply is:
I, [2012-02-13 14:50:54#16707]  INFO -- send:
#<Qrack::Transport::Method:0x7fd6f3cee0d8
@payload=#<Qrack::Protocol::Exchange::Declare:0x7fd6f3cee5d8
@auto_delete=nil, @durable=nil, @passive=true, @nowait=nil, @type=:direct,
@exchange="myexchange", @arguments=nil, @internal=nil, @ticket=1>,
@channel=1>
I, [2012-02-13 14:50:54#16707]  INFO -- received:
#<Qrack::Transport::Method:0x7fd6f3ceb540
@payload=#<Qrack::Protocol::Channel::Close:0x7fd6f3ceb400 @method_id=10,
@class_id=40, @reply_text="ACCESS_REFUSED - access to exchange 'myexchange'
in vhost '/x' refused for user 'writer'", @reply_code=403>, @channel=1>


Why do I still need config permission, although I opened exchange with
passive option.

Rubycut
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20120213/e0fe5682/attachment.htm>

More information about the rabbitmq-discuss mailing list