Can the SEMP – REST API work with a READ-ONLY user? If so, how do you create one?

brenda · October 23, 2019, 8:03pm

Example:
Legacy SEMP to create a queue

platform: Solace PubSub+ Enterprise Version 9.2.0.14

We want to do the following CLI commands over SEMP:

enable > configure > message-spool message-vpn default > create queue Q1
enable > configure > message-spool message-vpn default > queue Q1 > access-type exclusive
enable > configure > message-spool message-vpn default > queue Q1 > permission all delete
enable > configure > message-spool message-vpn default > queue Q1 > subscription topic a/>
enable > configure > message-spool message-vpn default > queue Q1 > no shutdown

So we issue the following legacy SEMP messages (illustrated with curl)

curl -u admin:admin -d '<rpc semp-version="soltr/9_2_0VMR">
    <message-spool>
        <vpn-name>default</vpn-name>
        <create>
            <queue>
                <name>Q1</name>
            </queue>
        </create>
    </message-spool>
</rpc>' http://192.168.133.77:8080/SEMP

curl -u admin:admin -d '<rpc semp-version="soltr/9_2_0VMR">
    <message-spool>
        <vpn-name>default</vpn-name>
        <queue>
            <name>Q1</name>
            <access-type>
                <exclusive></exclusive>
            </access-type>
        </queue>
    </message-spool>
</rpc>' http://192.168.133.77:8080/SEMP


curl -u admin:admin -d '<rpc semp-version="soltr/9_2_0VMR">
    <message-spool>
        <vpn-name>default</vpn-name>
        <queue>
            <name>Q1</name>
            <permission>
                <all></all>
                <delete></delete>
            </permission>
        </queue>
    </message-spool>
</rpc>' http://192.168.133.77:8080/SEMP

curl -u admin:admin -d '<rpc semp-version="soltr/9_2_0VMR">
    <message-spool>
        <vpn-name>default</vpn-name>
        <queue>
            <name>Q1</name>
            <subscription>
                <topic>a/></topic>
            </subscription>
        </queue>
    </message-spool>
</rpc>' http://192.168.133.77:8080/SEMP

curl -u admin:admin -d '<rpc semp-version="soltr/9_2_0VMR">
    <message-spool>
        <vpn-name>default</vpn-name>
        <queue>
            <name>Q1</name>
            <no>
               <shutdown></shutdown>
            </no>
        </queue>
    </message-spool>
</rpc>' http://192.168.133.77:8080/SEMP

Of course, you will need a management username with more than read-only permission for this. I have illustrated using the admin user.

To find the xml syntax to use, there is a “cli-to-semp” utility on the broker. If you ssh to the broker and get a shell in the application container (eg by running solacectl shell) you will be able to run cli-to-semp. Here is an example:

[appuser@vmr-133-77 ~]$ cli-to-semp 'enable configure message-spool message-vpn default queue Q1 access-type exclusive'
SEMP Request:
<rpc semp-version="soltr/9_2_0VMR">
    <message-spool>
        <vpn-name>default</vpn-name>
        <queue>
            <name>Q1</name>
            <access-type>
                <exclusive></exclusive>
            </access-type>
        </queue>
    </message-spool>
</rpc>

Topic		Replies	Views
Read-only User for SEMP API PubSub+ Event Broker	4	43	January 6, 2025
Programmatically get admin info Connectors & Integrations	1	36	July 21, 2020
How to provision RDP client users using SEMP PubSub+ Event Broker semp	1	106	September 27, 2023
Is there a difference for Solace CLI Commands in PubSub+ Cloud / Software Event Broker / Appliance PubSub+ Event Broker cli , solace-cloud , solacepubsub	3	156	October 30, 2023
SEMP script required for Enabling/Disabling VPN PubSub+ Event Broker	8	455	July 9, 2021

Can the SEMP – REST API work with a READ-ONLY user? If so, how do you create one?

Related topics