I have an fanout exchange (named : test_exchange) for which I allow users to dynamically create queues. In order to prevent them to create whatever they want I have restricted their access this way:
Configure : test_exchange.*
Write : test_exchange.*
Read : test_exchange.*
When creating a queue to bind to the exchange, they have to use the following naming convention : test_exchange.(some guid), for example : test_exchange.hjLgS6JRTzbuQ48FyWFIZQ
This works fine. Except that they can also create exchanges if they respect the naming convention.
According to RabbitMQ documentation
QueueDeclare : needs the configure rights
QueueBind : needs the write rights
The problem is that to create an exchange you need the same configure rights.
What could be the solution to allow a consumer to only create a queue, and bind it to a specific exchange ?
And no other access rights?
Related
I'm attempting to update the "Springwolf" library (used to document async API definitions) to support rabbit consumer listeners using spring cloud functions for spring cloud stream. In order to accomplish this I need to find from application context
spring cloud functions defined.
map this to a channel name
map that channel name to its binding.. hopefully pulling out exchange, queue and routing key values.
I've been able to successfully track down the defined functions, get the expected payload type of the function, and map that to a channel name using defined values in application.properties.
Depending on our application properties are set up I can get the other info from there but this is not always possible. Is there a way I can pull this data from defined spring beans.
I've found bean "bindingService" has a private field "consumerBindings" which has a field "destination" which has a field "bindings" and those bindings have all of the details that I need... but given they're private and buried I don't think this would be a good way to go.
I've also found spring.cloud.stream-org.springframework.cloud.stream.config.BindingServiceProperties has a "getBindings" method on it, but those values appear to be incomplete. for instance with a rabbit consumer defined as below the "group name" is generated randomly but its name is not available from the Bindings provided in BindingServiceProperties
spring.cloud.stream.bindings.anotherConsumerMethod-in-0.destination=someDestination2
spring.cloud.stream.bindings.anotherConsumerMethod-in-0.consumer.bindingRoutingKey=testgroup.testDestination.queue2
Any help/guidance would be awesome... also if the answer is "you can't do this" I completely understand.
Since Redis supports ACL from v6.How can we achieve authorization at the key pattern? We want to implement a system in which multiple services have their own key pattern and we don't want any service can read other service's data.
For example:
Service Name
Keys Pattern
Service A
Service_A_::_
Service B
Service_B_::_
so that service A can't read data of service B and vice-versa.
Design the key as
{namespace}:{object type}:{identifier}:{optional name}.
Example :
public:users:{1234}:purchase
Key patterns restrictions can be done using ~:.
Example ~public: when used with setuser will allow user to have access to public namespaces. More information available at https://redis.io/topics/acl
We are trying to build a Nservicebus service that can communicated with form and wpf based clients using WCF. I have read that you can inherit from WcfService.
like:
public class ThirdPartyWebSvc : WcfService<ThirdPartyCmd, ThirdPartyCmdResponse>
And then you simple create a endpoint in the app.config and you done like described here. but the problem is that i have to create a endpoint for every command.
I would like to have a single endpoint that excepts any command and returns its response.
public class ThirdPartyWebSvc : WcfService<ICommand, IMessage>
Can someone point me in the right direction? Using Nservicebus for client communication can't be done for us and i don't want to build a proxy like server unless thats the only way to do it.
Thanks
So from what I can gather, you want to expose a WCF service operation which consumers can call to polymorphically pass one of a number of possible commands to, and then have the service route that command to the correct NServiceBus endpoint which then handles the command.
Firstly, in order to achieve this you should forget about using the NserviceBus.WcfService base class, because to use this you must closely follow the guidance in the article you linked in your post.
Instead, you could:
design your service operation contract to accept polymorphic requests by using the ServiceKnownType attribute on your operation definition, adding all possible command types,
host the service using a regular System.ServiceModel.ServiceHost(), and then configure an NserviceBus.IBus in the startup of your hosted WCF service, and
define your UnicastBusConfig config section in your service config file by adding all the command types along with the recipient queue addresses
However, you now have the following drawbacks:
Because of the requirement to be able to pass in implementations of ICommand into the service, you will need to recompile your operation contract each time you need to add a new command type.
You will need to manage a large quantity of routing information in the config file, and if any of the recipient endpoints change, you will need to change your service config.
If your service has availability problems then no more messages to any of your NSB endpoints.
You will need to write code to handle what to do if you do not receive a response message from the NSB endpoints in a timely manner, and this logic may depend on the type of command sent.
I hope you are beginning to see how centralizing this functionality is not a great idea.
All the above problems would go away if you could get your clients to send commands to the bus in the standard way, but without msmq how can you do that?
Well, for a start you could look at using one of the other supported transports.
If none of these work for you and you have to use WCF hosted services, then you must follow the guidance in the linked article. This guidance is there to steer you in the correct direction - multiple WCF services sounds like a pain, until you try to centralize them into a single service - then the pain gets bigger, not less.
Good Day.
Is there a way to retrieve routing keys for an existing exchange (fanout or topic) via the browser based UI?
I don't have access to the client source code (producer) to see which routing keys are being sent to the model.
Thank you.
Edit:
The idea is to try and latch on to an existing fanout exchange (which I cannot reconfigure). I want to create a new exchange, bind it to this one and only filter out certain messages.
Use the HTTP API:
http://localhost:15672/api/exchanges/vhost/name/bindings/source
A list of all bindings in which a given exchange is the source.
for example:
http://localhost:15672/api/exchanges/%2F/my_exchange/bindings/source
[
{
"source":"my_exchange",
"vhost":"/",
"destination":"my_queue",
"destination_type":"queue",
"routing_key":"my_routkey",
"arguments":{
},
"properties_key":"my_routkey"
}
]
I am designing an application that creates, uses and deletes MSMQ message queues. Each queue has custom properties which I am currently storing in a file.
I find this messy however and the whole system could go down if this file were to dissappear.
Is there a way I can bind custom properties (e.g. a property xml string) to the actual message queues which I am using?
Cheers,
Shane
While I don't know if that is possible you many not want your configuration to go down with the queue either. I would suggest some other kind of external storage mechanism. You could use another queue that holds messages for each queue configuration(just make sure it's a durable one). You could also look into using a database to hold your configuration and make sure that is backed up.
The queues are either defined in Active Directory or as text files (in the system32\msmq\storage\LQS folder), for public and private respectively.
In theory you may be able to add custom properties to the public queue object in AD.
Similarly, you may be able to add text to the private queue text file (although it may get stripped out should the queue properties be changed).