[jira] [Commented] (JAMES-3475) RabbitMQMailQueue should not require administrative rights

Thu, 10 Dec 2020 21:44:04 -0800 


    [ 
https://issues.apache.org/jira/browse/JAMES-3475?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17247649#comment-17247649
 ] 

Benoit Tellier commented on JAMES-3475:
---------------------------------------

https://www.mail-archive.com/[email protected]/msg69190.html 
boostraps a mailing list discussion around this topic!

> RabbitMQMailQueue should not require administrative rights
> ----------------------------------------------------------
>
>                 Key: JAMES-3475
>                 URL: https://issues.apache.org/jira/browse/JAMES-3475
>             Project: James Server
>          Issue Type: Improvement
>          Components: Queue, rabbitmq
>    Affects Versions: master
>            Reporter: Benoit Tellier
>            Priority: Major
>         Attachments: 20201211_115241.jpg, 20201211_115802.jpg
>
>
> ## Why
> Today, James requires management API rights to list mail queues.
> Why?
>  - List of mailqueues can be heterogeneous across the cluster (especially in 
> case of specialized instances)
>  - AMQP client do not support listing mail queues
>  - Thus we ended up relying on the management plugin.
> This, of course, is a security violation, as it might lead to right 
> escalation, and might affect other tenants co-hosted on RabbitMQ.
> ## Definition of Done
>  - [ ] James no longer require administrative rights
>  - [ ] An ADR needs to be written about this
> ## How
> As deleting a mail queue is not a supporting implementation, we can rely on a 
> `Set<String>` cassandra table containing the names of the mail queues in use.
> James nodes can then rely on this to know if a mail queue is used or not.
> Eventual consistency will be achieved between this cassandra view and the 
> actual rabbitMQ content:
>  - Register a created queue in Cassandra first, then create it in Rabbit.
>  - Given a cassandra registered queue, not existing in rabbit, a james node 
> restart configured with that queue will create the queue in rabbit.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to