OAuth 2: Variable expansion, topic permissions vs resource permissions #14168
-
Community Support Policy
RabbitMQ version used4.0.3 How is RabbitMQ deployed?Community Docker image Steps to reproduce the behavior in question@MarcialRosales Upon upgrading from RabbitMQ 4.1.0 to 4.1.1, the issue in #13894 was resolved, however I'm still a bit confused why it did not work before. From what I understand, the change in 4.1.1 was only about supporting resource permissions in addition to topic permissions. Such that the pattern For the test, I only tried reading from the queue using the To clarify: There is no issue, just trying to understand the relationship between these permission types. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Hi @inseroaj , thanks for insisting on getting a clarification about the root cause. You were right, there was one more issue in 4.1.0 which it was also addressed in 4.1.1. The management ui, first of all, checks that the user has access to the vhost in addition to read access on the queue. However, the oauth2 backend did not support variable expansion when checking vhost access, only when checking against topic permissions. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the clarification. |
Beta Was this translation helpful? Give feedback.
Hi @inseroaj , thanks for insisting on getting a clarification about the root cause. You were right, there was one more issue in 4.1.0 which it was also addressed in 4.1.1. The management ui, first of all, checks that the user has access to the vhost in addition to read access on the queue. However, the oauth2 backend did not support variable expansion when checking vhost access, only when checking against topic permissions.