rabbitmq_user.present change perms every start
8 views
Skip to first unread message
Руслан Гизатулин
Oct 20, 2022, 11:02:56 AM10/20/22
to Salt-users
Hi!
I use salt to setup rabbitmq cluster. Users created at first node only. After every apply formula there is change with diff:
Changes:
----------
perms:
----------
new:
----------
testuser1:
----------
configure:
.*
read:
.*
write:
.*
old:
----------
.:
*
----------
perms:
----------
new:
----------
testuser1:
----------
configure:
.*
read:
.*
write:
.*
old:
----------
.:
*
Permissions in formula look like - perms: [{ "testuser1": ['.*','.*','.*'] }]
Perhaps someone has already encountered such a problem? Or it is bug?
Vaarlion
Oct 24, 2022, 4:46:44 AM10/24/22
to Salt-users
I don't use the salt formula. It used shell cmd at the time and not the rabbitmq module.
This is the relevant snippet we have in our for user management:
```yaml
# Apply Clusterwide config only on master node and standalone node.
{% if salt['pillar.get']('rabbitmq:master', undefined) is not defined %}
# User management
{% for user_name, user_conf in salt['pillar.get']('rabbitmq:user', {}).items()|sort() %}
rabbitmq_manage_user_{{ user_name }}:
{%- if user_conf.present|default (true) == true %}
rabbitmq_user.present:
- name: {{ user_name }}
{%- if user_conf.password is defined %}
- password: {{ user_conf.password }}
{%- endif %}
{%- if user_conf.tags is defined %}
- tags:
{%- for tags in user_conf.tags %}
- {{ tags }}
{%- endfor %}
{%- endif %}
{%- if user_conf.permission is defined %}
- perms:
{%- for perm_vhost, perm_config in user_conf.permission.items()|sort() %}
- '{{ perm_vhost }}':
{%- for perm_value in perm_config if perm_config|length == 3 %}
- '{{ perm_value }}'
{%- endfor %}
{%- endfor %}
{%- endif %}
{%- else %}
rabbitmq_user.absent:
- name: {{ user_name }}
{%- endif %}
- require:
- service: rabbitmq-server
{% endfor %}
{% endif %}
```
```yaml
# exemple
rabbitmq:
user:
guest:
present: false # Disable a user, it's best to diable guest user, or at least change it's password.
admin:
password: "VeryHardPassword" # Password field is optional, but please set one !
tags: # Tags list are optional, see https://www.rabbitmq.com/management.html#permissions for the list of tags
- administrator
permission:
"/": # On wich vhost to apply the permission
- '.*' # On wich queue can he configure
- '.*' # On wich queue can he write
- '.*' # On wich queue can he read
"toto":
- '^adm\.' # Only allow for queue who start with adm
- '.*' # On wich queue can he write
- '.*' # On wich queue can he read
monitoring:
tags:
- monitoring
present: true # This is useless since it's the default value, but you can set it.
```
```yaml
# exemple
rabbitmq:
user:
guest:
present: false # Disable a user, it's best to diable guest user, or at least change it's password.
admin:
password: "VeryHardPassword" # Password field is optional, but please set one !
tags: # Tags list are optional, see https://www.rabbitmq.com/management.html#permissions for the list of tags
- administrator
permission:
"/": # On wich vhost to apply the permission
- '.*' # On wich queue can he configure
- '.*' # On wich queue can he write
- '.*' # On wich queue can he read
"toto":
- '^adm\.' # Only allow for queue who start with adm
- '.*' # On wich queue can he write
- '.*' # On wich queue can he read
monitoring:
tags:
- monitoring
present: true # This is useless since it's the default value, but you can set it.
Not sure if you are willing to do thing yourself ? if so this can help but isn't enough on it's own :)
Reply all
Reply to author
Forward
0 new messages