unable to publish to exchange with a non guest user
1,865 views
Skip to first unread message
Stanislav Plescan
Apr 23, 2020, 4:36:58 AM4/23/20
to rabbitmq-users
Hi guys,
I need some help here. I have the following setup:
Ubuntu 18.04.3 + rabbitmq-server 3.6.10-1
I've created a new exchange(test), a durable queue(test) and a binding between them:
# rabbitmqadmin declare exchange name=test type=fanout
# rabbitmqadmin declare queue name=test durable=true
# rabbitmqadmin declare binding source=test destination=test
Then I've created a user and set ALL permissions for it:
# rabbitmqctl add_user test_user "xxxxxxxxxx"
# rabbitmqctl set_permissions -p / test_user ".*" ".*" ".*"
I'm to authenticate using these new credentials:
# rabbitmqctl authenticate_user 'test_user' 'xxxxxxxxxxx'
Authenticating user "test_user"
Success
And I can see its permissions:
# rabbitmqctl list_permissions -p /
Listing permissions in vhost "/"
guest .* .* .*
test .* .* .*
When I'm trying to publish or run any sort of commands using this new user I'm getting a permissions error like the one below:
# rabbitmqadmin -H localhost -u test_user -p "xxxxxxxxxxx" publish exchange="test" routing_key="xxxxx"
test
*** Access refused: /api/exchanges/%2F/kelvatek_faultcenter_reports/publish
# rabbitmqadmin --node=rabbit@localhost --username=test_user --password="xxxxxxxxxxxx" list queues
*** Access refused: /api/queues?columns=name,messages
The log file contains the following error for both commands:
HTTP access denied: user 'test_user' - Not management user
when I'm trying to publish using the default guest account everything works fine.
Am I missing another set of permissions somewhere?
Regards
Wesley Peng
Apr 23, 2020, 4:48:33 AM4/23/20
to Stanislav Plescan, rabbitmq-users
Your operations seem correct, but your rabbitmq is quite old, can you upgrade it then give another try? Also since you were using a fanout exchange you don’t need a routing key.
Regards
23 квітня 2020 р., 16:37:05,від "Stanislav Plescan" <plescans...@gmail.com>:
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/2d1d228b-36ae-4cfa-93a4-97f1a1b33cea%40googlegroups.com.
Stanislav Plescan
Apr 23, 2020, 7:44:04 AM4/23/20
to rabbitmq-users
I've upgraded as per your recommendation to rabbitmq-server 3.8.3-1
Also I've recreated the user and the exchange + queue and still get the same error when trying to publish anything with the newly created user:
rabbitmqadmin -H localhost -u test_user -p "xxxxxx" publish exchange="test" routing_key="123"
test
*** Access refused: /api/exchanges/%2F/kelvatek_faultcenter_reports/publish
Please advise.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitm...@googlegroups.com.
Wesley Peng
Apr 23, 2020, 8:35:50 AM4/23/20
to Stanislav Plescan, rabbitmq-users
Hi
I will give a test by using your conditions tomorrow. Currently I am not at office.
Regards
23 квітня 2020 р., 19:44:12,від "Stanislav Plescan" <plescans...@gmail.com>:
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/6b207023-4fe1-46ba-8017-118359473d1c%40googlegroups.com.
Wesley Peng
Apr 23, 2020, 9:11:23 PM4/23/20
to rabbitm...@googlegroups.com
I have tested it and verified that, you must have the new added user as administrator, then the publish via rabbitmqadmin could be successful.
Such as:
root@ubuntu:~# rabbitmqctl set_user_tags wesley administrator
Setting tags for user "wesley" to [administrator] ...
root@ubuntu:~# ./rabbitmqadmin list users
+--------+--------------------------------+--------------------------------------------------+---------------+
| name | hashing_algorithm | password_hash | tags |
+--------+--------------------------------+--------------------------------------------------+---------------+
| guest | rabbit_password_hashing_sha256 | HzHlxdnBU... | administrator |
| wesley | rabbit_password_hashing_sha256 | B881SX9s... | administrator |
+--------+--------------------------------+--------------------------------------------------+---------------+
root@ubuntu:~# ./rabbitmqadmin -u wesley -p "***" publish exchange="wes-test" routing_key="" payload="hello world"
Message published
The new added user without administrator tag can be used within program, but if doing via HTTP API, it must be an administrator user.
Regards.
23 April 2020, 16:37:05, by "Stanislav Plescan" <plescans...@gmail.com>:
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/2d1d228b-36ae-4cfa-93a4-97f1a1b33cea%40googlegroups.com.
Stanislav Plescan
Apr 24, 2020, 6:48:30 AM4/24/20
to rabbitmq-users
thank you, that clarified things for us
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitm...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages