Hi, We are using following ACL rights for a scenario similar to yours.
acl allow event-consumer create queue name=event-listener-* acl allow event-consumer delete queue name=event-listener-* acl allow event-consumer consume queue name=event-listener-* acl allow event-consumer access queue name=event-listener-* acl allow event-consumer purge queue name=event-listener-* acl allow event-consumer bind exchange name=foo.bar queuename=event-listener-* routingkey=event acl allow event-consumer unbind exchange name=foo.bar queuename=event-listener-* routingkey=event I'm not saying this is the only possibility, but it works for us. Can you send in a bigger peace of the log file? The Python client is sending several AMQP commands when creating the receiver and it is not really clear which exactly failed. Regards JAkub On Mon, Sep 5, 2011 at 11:28, Cajus Pollmeier <[email protected]> wrote: > Hi all, > > I'm currently stumbling with creating proper ACLs for my needs - maybe > there's someone who can throw some light on it :-) > > Let there be an eventing mechanism using the build in XML exchange. It's > used as "foo.bar". Messages sent there have the routing key "event". After > some tries (looks like nested groups don't work like shown in the > documentation and the keywords allow-log/deny-log do not work) I ended up > with this not working definition: > > 8<------------------------------------------------ > group event-publisher test@QPID > group event-consumer test@QPID > > acl allow event-publisher all queue name=foo.bar > acl allow event-publisher all exchange name=foo.bar > acl allow event-publisher publish exchange name=foo.bar routingkey=event > > acl allow event-consumer all queue name=event-listener-* exclusive=true > acl allow event-consumer consume exchange name=foo.bar routingkey=event > queuename=event-listener-* > 8<------------------------------------------------ > > Something with the "*" is not working like I was hoping. Does it only extend > the dot seperated notation? qpidd claims: > > 2011-09-05 11:25:24 debug ACL: name > 'event-listener-19ebd276-1ad7-4637-87bb-4fbd8fb56ddb' didn't match with name > 'foo.bar' given in the rule > 2011-09-05 11:25:24 debug No successful match, defaulting to the decision > mode deny > > The consumer uses this address definition in python: > > domain = 'foo.bar' > queue = 'event-listener-%s' % uuid4() > address = """%s; { > create: always, > delete: always, > link: { > x-bindings: [ > { > exchange: '%s', > queue: %s, > key: event, > arguments: { xquery: %r} > } > ] > } > }""" % (queue, domain, queue, xquery) > > What would be the recommended way to do this? > > ATB, > Cajus > > --------------------------------------------------------------------- > Apache Qpid - AMQP Messaging Implementation > Project: http://qpid.apache.org > Use/Interact: mailto:[email protected] > > --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:[email protected]
