You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Benoit Tellier (Jira)" <se...@james.apache.org> on 2020/12/11 05:35:00 UTC
[jira] [Created] (JAMES-3475) RabbitMQMailQueue should not require
administrative rights
Benoit Tellier created JAMES-3475:
-------------------------------------
Summary: RabbitMQMailQueue should not require administrative rights
Key: JAMES-3475
URL: https://issues.apache.org/jira/browse/JAMES-3475
Project: James Server
Issue Type: Improvement
Components: Queue, rabbitmq
Affects Versions: master
Reporter: Benoit Tellier
Attachments: 20201211_115241.jpg, 20201211_115802.jpg
## Why
Today, James requires management API rights to list mail queues.
Why?
- List of mailqueues can be heterogeneous across the cluster (especially in case of specialized instances)
- AMQP client do not support listing mail queues
- Thus we ended up relying on the management plugin.
This, of course, is a security violation, as it might lead to right escalation, and might affect other tenants co-hosted on RabbitMQ.
## Definition of Done
- [ ] James no longer require administrative rights
- [ ] An ADR needs to be written about this
## How
As deleting a mail queue is not a supporting implementation, we can rely on a `Set<String>` cassandra table containing the names of the mail queues in use.
James nodes can then rely on this to know if a mail queue is used or not.
Eventual consistency will be achieved between this cassandra view and the actual rabbitMQ content:
- Register a created queue in Cassandra first, then create it in Rabbit.
- Given a cassandra registered queue, not existing in rabbit, a james node restart configured with that queue will create the queue in rabbit.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org