RabbitMQ: Why does flower try to create exchanges (IIUC) ? Can't we run flower on RabbitMQ with a strictly readonly user ?

[adamency]

Describe the bug

I am trying to run a flower instance on a remote rabbitmq broker (running in kubernetes) to create a simple dashboard for monitoring purposes. But we want the rabbitmq user used by flower to have strictly readonly permissions because the dashboard is meant to be accessed by non-admin people for quick and autonomous visualization of their tasks, so we must ensure flower doesn't have any write access to the broker.

I have created a user myuser with the management role, and these permissions:

Virtual host	Configure regexp	Write regexp	Read regexp
myvhost			.*

However, launching flower fails even though authentication and authorization seems to function correctly:

2024-08-16 17:04:27.701518+00:00 [info] <0.14389.9> connection <0.14389.9> (REDACTED): user 'myuser' authenticated and granted access to vhost 'myvhost'
[...]
amqp.exceptions.AccessRefused: Exchange.declare: (403) ACCESS_REFUSED - access to exchange 'reply.celery.pidbox' in vhost 'myvhost' refused for user 'myvhost'

At this point, flower tries continuously the same thing and enters an infinite error loop.

Does flower absolutely need some write access to function correctly ? If so, where can I find the exact permission requirements for flower with rabbitmq as the broker ?

Thanks in advance.

To Reproduce
Steps to reproduce the behavior:

1. run RabbitMQ instance with a vhost named 'myvhost'
2. Create a RabbitMQ user myuser with permissions as described above ('management' role AND readonly permissions on the myvhost)
3. Create and use a local python venv with flower and celery installed
4. Run celery --broker=amqp://myuser:<myuser_password>@<server_url>:5672/myvhost flower

Expected behavior
Flower can correctly see myvhost's queues content without needing write access to the vhost

System information
Remote:
rabbitmq 3.11
Local:
python 3.12
flower 2.0.1