Description
Describe the bug
I am trying to run a flower instance on a remote rabbitmq broker (running in kubernetes) to create a simple dashboard for monitoring purposes. But we want the rabbitmq user used by flower to have strictly readonly permissions because the dashboard is meant to be accessed by non-admin people for quick and autonomous visualization of their tasks, so we must ensure flower doesn't have any write access to the broker.
I have created a user myuser with the management role, and these permissions:
| Virtual host | Configure regexp | Write regexp | Read regexp |
|---|---|---|---|
| myvhost | .* |
However, launching flower fails even though authentication and authorization seems to function correctly:
2024-08-16 17:04:27.701518+00:00 [info] <0.14389.9> connection <0.14389.9> (REDACTED): user 'myuser' authenticated and granted access to vhost 'myvhost'
[...]
amqp.exceptions.AccessRefused: Exchange.declare: (403) ACCESS_REFUSED - access to exchange 'reply.celery.pidbox' in vhost 'myvhost' refused for user 'myvhost'
At this point, flower tries continuously the same thing and enters an infinite error loop.
Does flower absolutely need some write access to function correctly ? If so, where can I find the exact permission requirements for flower with rabbitmq as the broker ?
Thanks in advance.
To Reproduce
Steps to reproduce the behavior:
- run RabbitMQ instance with a vhost named 'myvhost'
- Create a RabbitMQ user
myuserwith permissions as described above ('management' role AND readonly permissions on themyvhost) - Create and use a local python venv with flower and celery installed
- Run
celery --broker=amqp://myuser:<myuser_password>@<server_url>:5672/myvhost flower
Expected behavior
Flower can correctly see myvhost's queues content without needing write access to the vhost
System information
Remote:
rabbitmq 3.11
Local:
python 3.12
flower 2.0.1