Thanks Jakub, I'm working thru all the access violations now until
everything's clean.
ATB,
Cajus
On Mon, 5 Sep 2011 12:24:37 +0200, Jakub Scholz wrote:
Hi,
We are using following ACL rights for a scenario similar to yours.
acl allow event-consumer create queue name=event-listener-*
acl allow event-consumer delete queue name=event-listener-*
acl allow event-consumer consume queue name=event-listener-*
acl allow event-consumer access queue name=event-listener-*
acl allow event-consumer purge queue name=event-listener-*
acl allow event-consumer bind exchange name=foo.bar
queuename=event-listener-* routingkey=event
acl allow event-consumer unbind exchange name=foo.bar
queuename=event-listener-* routingkey=event
I'm not saying this is the only possibility, but it works for us. Can
you send in a bigger peace of the log file? The Python client is
sending several AMQP commands when creating the receiver and it is
not
really clear which exactly failed.
Regards
JAkub
On Mon, Sep 5, 2011 at 11:28, Cajus Pollmeier <[email protected]>
wrote:
Hi all,
I'm currently stumbling with creating proper ACLs for my needs -
maybe
there's someone who can throw some light on it :-)
Let there be an eventing mechanism using the build in XML exchange.
It's
used as "foo.bar". Messages sent there have the routing key "event".
After
some tries (looks like nested groups don't work like shown in the
documentation and the keywords allow-log/deny-log do not work) I
ended up
with this not working definition:
8<------------------------------------------------
group event-publisher test@QPID
group event-consumer test@QPID
acl allow event-publisher all queue name=foo.bar
acl allow event-publisher all exchange name=foo.bar
acl allow event-publisher publish exchange name=foo.bar
routingkey=event
acl allow event-consumer all queue name=event-listener-*
exclusive=true
acl allow event-consumer consume exchange name=foo.bar
routingkey=event
queuename=event-listener-*
8<------------------------------------------------
Something with the "*" is not working like I was hoping. Does it
only extend
the dot seperated notation? qpidd claims:
2011-09-05 11:25:24 debug ACL: name
'event-listener-19ebd276-1ad7-4637-87bb-4fbd8fb56ddb' didn't match
with name
'foo.bar' given in the rule
2011-09-05 11:25:24 debug No successful match, defaulting to the
decision
mode deny
The consumer uses this address definition in python:
domain = 'foo.bar'
queue = 'event-listener-%s' % uuid4()
address = """%s; {
create: always,
delete: always,
link: {
x-bindings: [
{
exchange: '%s',
queue: %s,
key: event,
arguments: { xquery: %r}
}
]
}
}""" % (queue, domain, queue, xquery)
What would be the recommended way to do this?
ATB,
Cajus
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
