Support topic authorization #73
Conversation
|
I close-reopened to trigger CI |
|
could you please rebase the PR https://docs.ansible.com/ansible/latest/dev_guide/developing_rebasing.html#rebasing-your-branch |
There was a problem hiding this comment.
Thanks! Also please add a changelog fragment https://docs.ansible.com/ansible/latest/community/development_process.html#creating-a-changelog-fragment
plugins/modules/rabbitmq_user.py
Outdated
| # Add user to server and assign some topic permissions on / vhost. | ||
| # The user doesn't have topic permission rules for other vhosts | ||
| - community.rabbitmq.rabbitmq_user: |
There was a problem hiding this comment.
| # Add user to server and assign some topic permissions on / vhost. | |
| # The user doesn't have topic permission rules for other vhosts | |
| - community.rabbitmq.rabbitmq_user: | |
| - name: Add user to server and assign some topic permissions on / vhost, the user doesn't have topic permission rules for other vhosts | |
| community.rabbitmq.rabbitmq_user: |
Or something. - name: statement is required in EXAMPLES according to the development doc
Also there's the sanity error:
00:52 >>> Standard Output
00:52 plugins/modules/rabbitmq_user.py:143:-1: traceback: SyntaxError: invalid escape sequence \.
plugins/modules/rabbitmq_user.py
Outdated
| description: | ||
| - A list of dicts, each dict contains vhost, exchange, read_priv and write_priv, | ||
| and represents a topic permission rule for that vhost. | ||
| - By default vhost is / and exchange is amq.topic. |
There was a problem hiding this comment.
| - By default vhost is / and exchange is amq.topic. | |
| - By default vhost is C(/) and exchange is C(amq.topic). | |
| - Supported since RabbitMQ 3.7.0. |
There was a problem hiding this comment.
I'd also put a note here that the feature has been added in RabbitMQ 3.7.0.
There was a problem hiding this comment.
or "supported since ..."
There was a problem hiding this comment.
and that the option is ignored otherwise / the module will fail. Though I didn't look at the code so far, so I have no idea how it is implemented.
|
Tests are working on the main branch now. @abompard Could you rebase or merge in master? |
[Topic authorization](https://www.rabbitmq.com/access-control.html#topic-authorisation) has been added in RabbitMQ 3.7.0. Only the full topic permission list is supported for now, similar to the existing vhost permission list. Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
The default vhost is now `/` and the default exchange is `amq.topic`. Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
abompard
force-pushed
the
topic-authz
branch
from
3e898ae to
0d17953
Compare
|
Done, thanks! |
|
Oh wait there were review suggestions, let me implement them first |
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
|
@Andersson007 I've implemented your suggestions in a separate commit for ease of review, but I can squash it in the main commit if you prefer. |
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
@abompard thanks for fixing! No need to squash, we'll do it when merging. Please fix it a bit. I think you can try to remove the generator ( |
|
also |
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
|
please ping us again when CI is green (or if you need help with it) and the PR is ready for review |
|
It's green @Andersson007 ! :-) |
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
|
@cognifloyd if the PR is fine for you, feel free to merge of course. |
|
@abompard thanks for the contribution! @cognifloyd thanks for reviewing and merging! |
SUMMARY
Add support for topic authorizations in the user module
Topic authorization has been added in RabbitMQ 3.7.0.
Only the full topic permission list is supported for now, similar to the existing vhost permission list.
ISSUE TYPE
COMPONENT NAME
rabbitmq_userADDITIONAL INFORMATION
I think there may be places for code refactoring in this change, but not as much as one would think since the format is not identical, and we still want different error messages between vhost authorization and topic authorization.