Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
0.20
-
None
Description
ACL rules use 'name=value' formatting. In the case of ACL rule PUBLISH EXCHANGE the exchange name must be specified with a name= setting. However, in the case of the default exchange the exchange name is blank. There is no way to specify a blank exchange name and there is no acceptable workaround.
The proposal is to add keyword amq.default to the ACL syntax so that when a PUBLISH EXCHANGE rule exchange name is specified with this keyword then the run-time rule will actually match a blank exchange name.
acl allow bob publish exchange name=amq.default routingkey=bobPrivate acl deny all publish exchange name=amq.default routingkey=bobPrivate
Impact assessment:
| Design consideration | Proposed feature |
|---|---|
| Threading model | n/a |
| Memory management | n/a |
| Automated testing approach | easy to test |
| Impact on public API | Adds new keyword to ACL file syntax |
|
n/a |
|
No. Old code will try to match literal 'amq.default' text |
| Performance implications | Per-message publish exchange lookup tests a bool in the rule before checking that the name in the lookup is blank |
| Security implications | New method already protected by ACL |
| Platform support | n/a |
| Logging | no change |
| Monitoring | no change |
| Management | no change |