1

I'm setting up a new RabbitMQ service in iAPC (Swisscom app cloud) and I need to control the user access of the different producer/consumer application.

My access control requirement:

  • Application A can only write to queue X.
  • Application B can only read from queue X.

RabbitMQ provides usually user management functionalities. However, the whole user management in the admin section, RabbitMQ management GUI, is not available.

  • What solution does exist in iAPC to manage read/write permissions for different applications which have an app binding?
  • Is it even possible to setup different users?
Tamir Klein
  • 3,514
  • 1
  • 20
  • 38
simoncuche
  • 11
  • 2
  • Please don't ask questions about internal systems on Stack Overflow. You should use internal systems for such questions. – Lafunamor Apr 09 '19 at 11:49
  • Hi @Lafunamor this is unfortunately the suggested way [Swisscom](https://developer.swisscom.com) wants it's paying customers to ask for support. We have complained about this being an inappropriate use of stack overflow, but they still recommend that people should use stack overflow for this purpose. – Chris Jan 21 '20 at 13:59

1 Answers1

0

I believe there is no way to add additional users in these managed RabbitMQ service deployments provided by Swisscom. This is quite similar across all of the available shared services (e.g. ElasticSearch or MariaDB) which come with a preset of defined users. I assume that this is true because those are actually shared services (as opposed to dedicated ones), where there may be authentication / security concerns if you are allowed to administer existing users.

For anyone who is interested the way to access your RabbitMQ CloudFoundry service admin interface via the provided environment parameters to see what is possible:

  1. bind your RabbitMQ service to a running app instance (e.g. MY-APP)
  2. look at the environment of that app with cf env MY-APP

  3. tunnel the RabbitMQ management port to your localhost:

    cf ssh -N -T -L 15000:rabbitmq.service.consul:15672 MY-APP

  4. open a webbrowser and look at http://localhost:15000 RabbitMQ Admin Login

  5. Use the Username and Password you found in step (2) under rabbitmqent > credentials > management to log in RabbitMQ Admin Interface

Chris
  • 3,245
  • 4
  • 29
  • 53