THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
ACL file format for brokers.
Notes on file formats
- A line starting with the character '#' will be considered a comment, and will be ignored.
- Since the '#' char (and others that are commonly used for comments) are commonly found in routing keys and other AMQP literals, it is simpler (for now) to hold off on allowing trailing comments (ie comments in which everything following a '#' is considered a comment). This could be reviewed later once the rest of the format is firmed up.
- Group lists may be extended to the following line by terminating the line with the '\' character. However, this may only occur after the group name or any of the names following the group name. Empty extension lines (ie just a '\' character) are not permitted.
# Examples of extending group lists using a trailing '\' character group group1 name1 name2 \ name3 name4 \ name 5 group group2 \ group1 \ name6 # The following are illegal: # '\' must be after group name group \ group3 name7 name8 # No empty extension lines group group4 name9 \ \ name10
- All permission rules are limited to a single line.
- Rules are interpreted from the top of the file down until the name match is obtained; at which point processing stops.
- The last line of the file (whether present or not) will be "acl deny"
- Group names may contain only a-z, A-Z, 0-9, '-','_'.
- Rules must be preceded by any group definitions they may use; any name not previously defined as a group will be assumed to be that of an individual.
user-list = user1 user2 user3 ... group-name-list = group1 group2 group3 ... group <group-name> = [user-list] [group-name-list] permission = [allow|allow-log|deny|deny-log] action = [consume|publish|create|access|bind|unbind|delete|purge] object = [queue|exchange|routingkey] property = [temporary|durable|owner] acl permission [<group-name|user-name>] [action] [object=<object-name>] [property=<property-value>]
Example file:
# Some groups group admin ted martin group user-consume martin ted group user2 kim user-consume rob # Some rules acl allow carlt create exchange=carl.* acl deny rob create queue acl allow guest bind exchange=amq.topic routingkey=stocks.ibm.# owner=self acl allow user-consume create queue=tmp.* acl allow admin acl allow bind owner=self acl allow consume owner=self acl allow publisher publish temporary=true acl allow publisher create queue=RequestQueue acl allow consumer consume temporary=true acl allow consumer create temporary=true acl deny