Rabbitmq permissions

Question

I'm working with rabbitmq permissions with python. The application has multiple clients and one service provider. I want to limit clients to specific queues while service provider should be capable to read all queues and not write to any. I try to set permissions as follow:

For service provider account I have set the following

rabbitmqctl set_permissions -p vhost service_provider ".*-client-queues" "" ".*-client-queues"

For clients I did

 rabbitmqctl set_permissions -p vhost client1 "client1-client-queues" "client1-client-queues" ""

And the message is never delivered to service provider. However, if I set

rabbitmqctl set_permissions -p vhost client1 ".*" ".*" ".*"

it works. But I need to limit the clients to specific queues. Does anyone of you try to achieve such thing? Any hints will be appreciated. Thanks.

Answer 1

What I'm missing is the exchange name while I set the permissions. I've solved my problem with the following permissions: (I'm using default exchange)

For clients:

rabbitmqctl set_permissions -p vhost client1 "client1-client-queues|amq\.default" "client1-client-queues|amq\.default" "amq\.default"

For service provider:

set_permissions -p vhost service_provider ".*-client-queues|amq\.default" "amq\.default" ".*-client-queues|amq\.default"

Answer 2

service_provider and client1 must be the users that the respective components use instead of the default (guest) to connect to the RabbitMQ broker.

You need to create the users and set their passwords with rabbitmqctl add_user ..., then let the respective components use them.

Also note that the exchanges that you use to publish messages to, must match the write permission that you specify. See here for details.

I suggest you add the permissions one-by-one, so you see rapidly what you are doing wrong.