We are currently evaluating NServiceBus in combination with RabbitMQ, and we have a security-related question. Basically, we would like to avoid giving more permissions than they should to application users on the broker. Therefore, we think they should not necessarily be able to create/delete exchanges, bindings and queues. The necessary broker config should be done beforehand.
I was thinking this was one of the goals of having installers in NServiceBus, but this does not seem to work. Our idea was to start our application in “Install mode” with a RabbitMQ user having administrative privileges, creating all queues, exchanges and bindings, but without starting the endpoint.
Then we would start it normally, with restricted rights (basic publish/consume) on the previously created artifacts. However, when starting an endpoint or sending a message, NServiceBus seems to systematically try to configure exchanges, bindings and queues even if they exists, which fails if the user does not have permissions.
Does someone have any idea on how could we separate deployment/broker config and runtime security needs?
Thanks for reaching out to us. Unfortunatelly for now our services require priviledges to create queues/exchanges and bindings. Each endpoint when started create neccessary queues/exchanges for it’s needs (unfortunatelly there is no API to check if queue exists, so the only way to be sure is to re-declare it), infrastructure for delays (which is fairly complex) and creating bindings for types that it subscribes to. At the moment we don’t have functionality allowing to disable that behavior. I will create an issue on github so that we can consider implementing such a feature. However it is unlikely that we will implement it soon.