I use the Bunny gem and configured a user in RabbitMQ like this:
virtual host /
configure: device1\..*
write: .*
read: device1\..*
The goal is: the user should be able to create a queue named like this: device1.mail and should be able to read / write to it. To all other queues I only want to give the user write access (but not read).
When I try to write to an existing durable queue named calc with Bunny I get an error:
conn = Bunny.new('amqp://device1:[email protected]:5672')
conn.start
ch = conn.create_channel
q = ch.queue("calc", durable: true)
Bunny::AccessRefused (ACCESS_REFUSED - access to queue 'calc' in vhost '/' refused for user 'device1')
When I set the configure rights to .* for the user, then it works. I'm able to write to the queue, but not read. However like that the user can create queues named like he wants...
So it seems the configure right is needed in order to open the queue (even though it's an existing queue?).
What am I missing here?
You need to set passive to true when declaring the queue. With passive set to true the configure permission will not applied and an error will be raised if the user try to create a non pre-defined queue.
q = ch.queue("calc", durable: true, passive: true)