AlexTheOpsGuy
Reputation: 21
Authorize a RabbitMQ user to create a dynamic shovel via the API
I want to create a user that has only the authorization to create a dynamic shovel between 2 queues. The user should be able to make the following call to the API.
curl -u "shoveluser:superpassword" -X PUT "http://rabbitmq.mycompany.com:15672/api/parameters/shovel/%2f/shovelit" \
-H "content-type: application/json" \
-d @- <<EOF
{
"value": {
"src-uri": "amqp://",
"src-queue": "email.send.error",
"dest-uri": "amqp://",
"dest-queue": "email.send",
"delete-after": "queue-length"
}
}
EOF
But after calling it, I get the response:
{"error":"not_authorised","reason":"User not authorised to access object"}%
I set the following Topic permissions
| Virtual host | Exchange | Write regexp | Read regexp |
|---|---|---|---|
| / | email.send.error | .* | .* |
| / | email.send | .* | .* |
I also add the management-Tag to the user.
Upvotes: 1
Views: 26
Answers (1)
AlexTheOpsGuy
Reputation: 21
I had to set the tag policymaker for the new user in order for it to work.
https://www.rabbitmq.com/docs/shovel-dynamic#using-http-api
The endpoint requires that the user that invokes it has policymaker privileges (tag).
Upvotes: 0
Related Questions
- RabbitMQ Publish via Management HTTP API not_authorised but works in Web UI
- rabbitmq mqtt user permissions "Configure regexp"
- The strange behavior of `delete-after` attribute of dynamic shovel
- RabbitMQ moving messages from 1 Queue to another
- How to create queue in rabbitmq from spring-boot with rabbitmq docker
- Dynamic queue creation with RabbitMQ
- API design around RabbitMQ for publisher/subscriber
- Move message From one Queue to other Queue without deleting it Rabbitmq
- Ruby API (RabbitMQ create user)