[rabbitmq-discuss] default_user vs definitions

Dmitry Andrianov dmitry.andrianov at alertme.com
Tue Jul 8 16:02:00 BST 2014 

Hello.

RabbitMQ 3.3.4. In the rabbitmq.config we have both default user and 
loading of definitions JSON like that:

   {rabbit, [
       {default_user, <<"default">>},
       {default_pass, <<"password">>},
...
     ]},
   {rabbitmq_management, [{load_definitions, 
"/etc/rabbitmq/definitions.json"}]},

And if we have users in that JSON - they get created. However if we 
remove users from JSON, the default one does not get created. (We 
stopping, removing mnesia and starting again). Disabling definition JSON 
makes default user to appear.
I am not sure if it is an intended behaviour or just some race condition 
when the server core makes a wrong decision regarding is it the first 
start or not because management plugin has already created some entities.

The reason why we prefer creating user with rabbitmq.config is because 
the password there is plaintext while definitions requires a hash.
Usernames and passwords get populated from some master file during the 
deployment. We need plaintext password for clients so it is already in 
that file. Using JSON would require us to also add the same password but 
in hashed form to the same master config which does not feel right. 
Maintaining this pass+hash pair in multiple config files won't be very 
pleasant. I considered generating hashed value from plaintext during 
deployment myself given your algorithm is straightforward but it does 
not feel right either - this will introduce unnecessary coupling and if 
one day you change your hashing algorithm everything will break.

So are there any options here?

1. The fact default_user is ignored - is it a feature or a bug?
2. is there any way to supply plaintext passwords with definitions JSON?
3. Any other approach I should consider instead?

Many thanks.
Dmitry
This email is for the use of the intended recipient(s) only.
If you have received this email in error, please notify the sender immediately and then delete it.
If you are not the intended recipient, you must not use, disclose or distribute this email without the
author's prior permission. AlertMe.com Ltd. is not responsible for any personal views expressed
in this message or any attachments that are those of the individual sender.

AlertMe.com Ltd, 30 Station Road, Cambridge, CB1 2RE, UK.
Registered in England, Company number 578 2908, VAT registration number GB 895 9914 42.

More information about the rabbitmq-discuss mailing list