Confirmed users
1,927
edits
Auto-tools/Projects/Pulse: Difference between revisions
Jump to navigation
Jump to search
→Security Model
No edit summary |
|||
| Line 78: | Line 78: | ||
* Only the user that created a particular queue should be allowed to consume from it. | * Only the user that created a particular queue should be allowed to consume from it. | ||
Since exchange and queue permissions go together, we'll need exchange and queue naming conventions mixed with restrictive permissions. Each publishing user, in addition to being restricted to a particular vhost, will also be restricted to a particular | Since exchange and queue permissions go together, we'll need exchange and queue naming conventions mixed with restrictive permissions. Each publishing user, in addition to being restricted to a particular vhost, will also be restricted to a particular exchange name. For example, the BuildBot publisher will have permissions of <code>"^exchange/build$" "^exchange/build$" "^exchange/build$"</code>. | ||
Similarly, we'll need a name convention for queues, e.g. queue/<username>/<applabel>. Consumers will have full permissions to queue/<username>/* and read permissions to exchange/*. This will both prevent consumer users from writing to existing exchanges as well as prevent them from consuming from the queues of other users (we may have to have certain restrictions on characters allowed in usernames to prevent possible collisions, e.g. disallow slashes). For convenience, if a consumer creates a nondurable queue, mozillapulse can assign a random suffix to the user's standard queue name prefix, i.e. queue/<username>/<random string>, since the user wouldn't be able to create nor access a completely random server-assigned name. | Similarly, we'll need a name convention for queues, e.g. queue/<username>/<applabel>. Consumers will have full permissions to queue/<username>/* and read permissions to exchange/*. This will both prevent consumer users from writing to existing exchanges as well as prevent them from consuming from the queues of other users (we may have to have certain restrictions on characters allowed in usernames to prevent possible collisions, e.g. disallow slashes). For convenience, if a consumer creates a nondurable queue, mozillapulse can assign a random suffix to the user's standard queue name prefix, i.e. queue/<username>/<random string>, since the user wouldn't be able to create nor access a completely random server-assigned name. | ||