Replies: 1 comment
-
|
@Stromner if your code is public, then perhaps share a link. If not, then the first step is to publish it under the same license as RabbitMQ (MPLv2) plus sign our CLA. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Is your feature request related to a problem? Please describe.
We manage a RabbitMQ instance shared across multiple teams. To minimize cross-team interference, each team is assigned its own vhost, and all messages from the default vhost are forwarded into these team-specific vhosts so they can manage them independently.
However this creates an issue when using the default OAuth2 plugin for access control. To prevent teams from accidentally modifying resources in other teams’ vhosts, we would need to configure separate scopes for each vhost and assign them to the corresponding team. With current solution that is a lot of static roles that needs to be created, assigned and managed.
As a workaround we've extended the plugin to allow roles based on the user’s AD group memberships. This works well but it would be ideal to have official support so we don’t need to maintain our own patched version and keep it up to date with the official changes.
Describe the solution you'd like
Add a new entrypoint to the rabbitmq_auth_backend_oauth2 where you could specify a specific AD field to create roles form
Describe alternatives you've considered
No response
Additional context
No response
Beta Was this translation helpful? Give feedback.
All reactions