Add loopback_users parameter (adds ability to allow guest user to log…

…in remotely) (#699) * Adds new parameter loopback_users, defaulting to ["guest"]
voxpupuli · Apr 24, 2018 · 0ada399 · 0ada399
1 parent 2a1010d
commit 0ada399
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 0 deletions.
diff --git a/manifests/config.pp b/manifests/config.pp
@@ -77,6 +77,7 @@
   $inetrc_config                       = $rabbitmq::inetrc_config
   $inetrc_config_path                  = $rabbitmq::inetrc_config_path
   $ssl_erl_dist                        = $rabbitmq::ssl_erl_dist
+  $loopback_users                      = $rabbitmq::loopback_users
 
   if $ssl_only {
     $default_ssl_env_variables = {}

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -186,6 +186,7 @@
 # @param rabbitmq_home OS dependent. default defined in param.pp. The home directory of the rabbitmq deamon.
 # @param $rabbitmqadmin_package OS dependent. default defined in param.pp. If undef: install rabbitmqadmin via archive, otherwise via package
 # @param $archive_options. default defined in param.pp.  Extra options to Archive resource to download rabbitmqadmin file
+# @param $loopback_users. default defined in param.pp. This option configures a list of users to allow access via the loopback interfaces
 class rabbitmq(
   Boolean $admin_enable                                            = $rabbitmq::params::admin_enable,
   Enum['ram', 'disk', 'disc'] $cluster_node_type                   = $rabbitmq::params::cluster_node_type,
@@ -278,6 +279,7 @@
   Boolean $ssl_erl_dist                                            = $rabbitmq::params::ssl_erl_dist,
   Optional[String] $rabbitmqadmin_package                          = $rabbitmq::params::rabbitmqadmin_package,
   Array $archive_options                                           = $rabbitmq::params::archive_options,
+  Array $loopback_users                                            = $rabbitmq::params::loopback_users,
 ) inherits rabbitmq::params {
 
   if $ssl_only and ! $ssl {

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -145,4 +145,5 @@
   $inetrc_config                       = 'rabbitmq/inetrc.erb'
   $inetrc_config_path                  = '/etc/rabbitmq/inetrc'
   $archive_options                     = []
+  $loopback_users                      = ['guest']
 }
diff --git a/spec/classes/rabbitmq_spec.rb b/spec/classes/rabbitmq_spec.rb
@@ -1411,6 +1411,31 @@
         end
       end
 
+      describe 'rabbitmq-loopback_users by default' do
+        it 'sets the loopback_users parameter in the config file' do
+          is_expected.to contain_file('rabbitmq.config'). \
+            with_content(%r{\{loopback_users, \[<<"guest">>\]\}})
+        end
+      end
+
+      describe 'rabbitmq-loopback_users allow connections via loopback interfaces' do
+        let(:params) { { loopback_users: [] } }
+
+        it 'sets the loopback_users parameter in the config file' do
+          is_expected.to contain_file('rabbitmq.config'). \
+            with_content(%r{\{loopback_users, \[\]\}})
+        end
+      end
+
+      describe 'rabbitmq-loopback_users allow connections via loopback interfaces to a group of users' do
+        let(:params) { { loopback_users: %w[user1 user2] } }
+
+        it 'sets the loopback_users parameter in the config file' do
+          is_expected.to contain_file('rabbitmq.config'). \
+            with_content(%r{\{loopback_users, \[<<\"user1\">>, <<\"user2\">>\]\}})
+        end
+      end
+
       ##
       ## rabbitmq::service
       ##

diff --git a/templates/rabbitmq.config.erb b/templates/rabbitmq.config.erb
@@ -8,6 +8,7 @@
 <%- if @heartbeat -%>
     {heartbeat, <%=@heartbeat%>},
 <% end -%>
+    {loopback_users, [<%= @loopback_users.map { |u| "<<\"#{u}\">>" }.join(', ') %>]},
 <% if @auth_backends -%>
     {auth_backends, [<%= @auth_backends.map { |v| "#{v}" }.join(', ') %>]},
 <% elsif @ldap_auth -%>