File: setup.sh

package info (click to toggle)
rabbitmq-server 4.0.5-8
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 37,972 kB
  • sloc: erlang: 257,835; javascript: 22,466; sh: 3,037; makefile: 2,517; python: 1,966; xml: 646; cs: 335; java: 244; ruby: 212; php: 100; perl: 63; awk: 13
file content (81 lines) | stat: -rwxr-xr-x 3,215 bytes parent folder | download | duplicates (5)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
#!/usr/bin/env bash

gem list cf-uaac | grep cf-uaac || exit 1
gem list bunny | grep bunny || exit 1

target=${UAA_HOST:="http://localhost:8080/uaa"}
# export to use a different ctl, e.g. if the node was built from source
ctl=${RABBITMQCTL:="rabbitmqctl"}

# Target the server
uaac target $target

# Get admin client to manage UAA
uaac token client get admin -s adminsecret

# Set permission to list signing keys
uaac client update admin --authorities "clients.read clients.secret clients.write uaa.admin clients.admin scim.write scim.read uaa.resource"

# Rabbit UAA user
# The user name and password needed to retrieve access tokens,
# RabbiMQ does not have to be aware of this credentials.
uaac user add rabbit_super -p rabbit_super --email rabbit_super@example.com
uaac user add rabbit_nosuper -p rabbit_nosuper --email rabbit_nosuper@example.com

# Create permissions
# Uaa groups will become scopes, which should define RabbitMQ permissions and tags.
uaac group add "rabbitmq.read:*/*"
uaac group add "rabbitmq.write:*/*"
uaac group add "rabbitmq.configure:*/*"

uaac group add "rabbitmq.write:uaa_vhost/*"
uaac group add "rabbitmq.read:uaa_vhost/some*"

uaac group add "rabbitmq.tag:administrator"

# Assigning groups to users.
# rabbit_super will be able to read,write and configure any resources.
# They will be able to connect to the management plugin as well.
uaac member add "rabbitmq.read:*/*" rabbit_super
uaac member add "rabbitmq.write:*/*" rabbit_super
uaac member add "rabbitmq.configure:*/*" rabbit_super
uaac member add "rabbitmq.tag:administrator" rabbit_super

# rabbit_nosuper will be able to read uaa_vhost resources starting with some
# and write to any uaa_vhost resources
uaac member add "rabbitmq.write:uaa_vhost/*" rabbit_nosuper
uaac member add "rabbitmq.read:uaa_vhost/some*" rabbit_nosuper

# Configure RabbiqMQ
# Add uaa_vhost and other vhost to check permissions
$ctl add_vhost uaa_vhost
$ctl add_vhost other_vhost

# add e.g. --access_token_validity 60 --refresh_token_validity 3600 to experiment with token validity
uaac client add rabbit_client --name rabbit_client --scope 'rabbitmq.*' --authorized_grant_types password,client_credentials --authorities rabbitmq --secret rabbit_secret --redirect_uri 'http://localhost:15672'

# Set guest user permissions to create queues.
$ctl set_permissions -p uaa_vhost guest '.*' '.*' '.*'
$ctl set_permissions -p other_vhost guest '.*' '.*' '.*'

# Get access tokens
uaac token owner get rabbit_client rabbit_super -s rabbit_secret -p rabbit_super
uaac token owner get rabbit_client rabbit_nosuper -s rabbit_secret -p rabbit_nosuper

echo "Auth info for rabbit_nosuper user
This user will have read access to uaa_vhost resources,
which name start with some and write access to all uaa_vhost resources.
Use access_token as a RabbitMQ password, the username is ignored"
echo
uaac context rabbit_nosuper
echo

echo "Auth info for rabbit_super user
This user will have full access to all rabbitmq vhosts.
Use access_token as a RabbitMQ password, the username is ignored"
echo
uaac context rabbit_super
echo

# Create queues
ruby demo/declare_queues.rb uaa_vhost/some_queue uaa_vhost/other_queue other_vhost/some_queue other_vhost/other_queue