https://github.com/dsander/rabbitcage
A AMQP firewall which allows to restrict user access to RabbitMQ using ACLs.
https://github.com/dsander/rabbitcage
Last synced: over 1 year ago
JSON representation
A AMQP firewall which allows to restrict user access to RabbitMQ using ACLs.
- Host: GitHub
- URL: https://github.com/dsander/rabbitcage
- Owner: dsander
- License: mit
- Created: 2009-12-20T15:53:26.000Z (over 16 years ago)
- Default Branch: master
- Last Pushed: 2009-12-21T22:39:30.000Z (over 16 years ago)
- Last Synced: 2025-03-18T11:05:32.166Z (over 1 year ago)
- Language: Ruby
- Homepage:
- Size: 85.9 KB
- Stars: 24
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.markdown
- License: LICENSE
Awesome Lists containing this project
README
# RabbitCage
**WARNING: This project is at a very early stage of development. The command line options and the config file format will most likely change in future versions.**
RabbitCage is a AMQP application firewall build on EventMachine. The code has been heavily inspired by mojombo's awesome [ProxyMachine](http://github.com/mojombo/proxymachine/).
RabbitCage was written because RabbitMQ's access control capabilities are rather limited.
RabbitCage works as a transparent, content aware proxy between the connecting client and a AMQP broker (currently only tested with RabbitMQ). Based on configured ACL-like rules RabbitCage will either forward or reject the message. Messages sent from the broker are forwarded directly to the client using EventMachine's [proxy incoming to](http://eventmachine.rubyforge.org/EventMachine/Connection.html#M000275), though it will just affect the client -> server performance.
## Installation
sudo gem install rabbitcage
## Running
Usage:
rabbitcage -c [-h ] [-p ]
Options:
-c, --config CONFIG Configuration file
-h, --host HOST Hostname to bind. Default 0.0.0.0
-p, --port PORT Port to listen on. Default 5672
-r, --remote-host HOST Hostname of the RabbitMQ server to connect to. Default 'localhost'
-x, --remote-port PORT Port of the RabbitMQ server to connect to. Default 5673
-v Verbose output (denied requests).
-V Very verbose output (denied requests/allowed requests).
-D Debug output (denied requests/allowed requests/debug info).
## Example config file
# Basic syntax:
# allow|deny 'username'|:all, AMQP method|:all, AMQP class|:all, Hash of AMQP method properties
#
# This example will allow the admin user to perform any action on the broker.
# A guest is allowed to consume every exchange which name does not start with 'private_' and
# register every queue which name does not start with 'reserved_'
include RabbitCageACL
config do
allow 'admin', :all, :all
allow 'guest', :all, :queue, :name => /^(?!reserved_)/
allow 'guest', :all, :exchange, :name => /^(?!private_)/
allow 'guest', [:consume, :get], :basic
allow 'guest', :all, :connection
allow 'guest', :all, :channel
allow 'guest', :all, :access
default :deny
end
## Performance
Here are some basic performance measurements which compares a raw connection to RabbitMQ with a filtered one. Check the [spec/performance/test.rb](http://github.com/dsander/rabbitcage/blob/master/spec/performance/test.rb) script to get information about how the tests were run. If you have a more benchmark results or suggestions about how to change the benchmark, please let me know.
Average message delay:
RabbitMQ : 0.00293165922164917
RabbitCache : 0.00457870006561279
For a 1kb message do 1000 times:
RabbitMQ push to queue : 0.443398952484131
RabbitMQ pop from queue: 0.711700439453125
RabbitMQ async get : 0.847184419631958
RabbitCache push to queue : 0.764634847640991
RabbitCache pop from queue: 1.02018523216248
RabbitCache async get : 0.852582693099976
## Note on Patches/Pull Requests
* Fork the project.
* Make your feature addition or bug fix.
* Add tests for it. This is important so I don't break it in a
future version unintentionally.
* Commit, do not mess with rakefile, version, or history.
(if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
* Send me a pull request. Bonus points for topic branches.
## Copyright
Copyright (c) 2009 Dominik Sander. See LICENSE for details.