From 0ada399b330fbc84a1a1179ad0e827e0735e1912 Mon Sep 17 00:00:00 2001 From: Javier Juarez Date: Tue, 24 Apr 2018 22:08:33 +0200 Subject: [PATCH] Add loopback_users parameter (adds ability to allow guest user to login remotely) (#699) * Adds new parameter loopback_users, defaulting to ["guest"] --- manifests/config.pp | 1 + manifests/init.pp | 2 ++ manifests/params.pp | 1 + spec/classes/rabbitmq_spec.rb | 25 +++++++++++++++++++++++++ templates/rabbitmq.config.erb | 1 + 5 files changed, 30 insertions(+) diff --git a/manifests/config.pp b/manifests/config.pp index a1cdf267b..35e9c8c39 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -77,6 +77,7 @@ $inetrc_config = $rabbitmq::inetrc_config $inetrc_config_path = $rabbitmq::inetrc_config_path $ssl_erl_dist = $rabbitmq::ssl_erl_dist + $loopback_users = $rabbitmq::loopback_users if $ssl_only { $default_ssl_env_variables = {} diff --git a/manifests/init.pp b/manifests/init.pp index 12b0bd78e..7748e623a 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -186,6 +186,7 @@ # @param rabbitmq_home OS dependent. default defined in param.pp. The home directory of the rabbitmq deamon. # @param $rabbitmqadmin_package OS dependent. default defined in param.pp. If undef: install rabbitmqadmin via archive, otherwise via package # @param $archive_options. default defined in param.pp. Extra options to Archive resource to download rabbitmqadmin file +# @param $loopback_users. default defined in param.pp. This option configures a list of users to allow access via the loopback interfaces class rabbitmq( Boolean $admin_enable = $rabbitmq::params::admin_enable, Enum['ram', 'disk', 'disc'] $cluster_node_type = $rabbitmq::params::cluster_node_type, @@ -278,6 +279,7 @@ Boolean $ssl_erl_dist = $rabbitmq::params::ssl_erl_dist, Optional[String] $rabbitmqadmin_package = $rabbitmq::params::rabbitmqadmin_package, Array $archive_options = $rabbitmq::params::archive_options, + Array $loopback_users = $rabbitmq::params::loopback_users, ) inherits rabbitmq::params { if $ssl_only and ! $ssl { diff --git a/manifests/params.pp b/manifests/params.pp index f54c8f468..98a2f9c06 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -145,4 +145,5 @@ $inetrc_config = 'rabbitmq/inetrc.erb' $inetrc_config_path = '/etc/rabbitmq/inetrc' $archive_options = [] + $loopback_users = ['guest'] } diff --git a/spec/classes/rabbitmq_spec.rb b/spec/classes/rabbitmq_spec.rb index 4c2a5be0c..10c89bbaf 100644 --- a/spec/classes/rabbitmq_spec.rb +++ b/spec/classes/rabbitmq_spec.rb @@ -1411,6 +1411,31 @@ end end + describe 'rabbitmq-loopback_users by default' do + it 'sets the loopback_users parameter in the config file' do + is_expected.to contain_file('rabbitmq.config'). \ + with_content(%r{\{loopback_users, \[<<"guest">>\]\}}) + end + end + + describe 'rabbitmq-loopback_users allow connections via loopback interfaces' do + let(:params) { { loopback_users: [] } } + + it 'sets the loopback_users parameter in the config file' do + is_expected.to contain_file('rabbitmq.config'). \ + with_content(%r{\{loopback_users, \[\]\}}) + end + end + + describe 'rabbitmq-loopback_users allow connections via loopback interfaces to a group of users' do + let(:params) { { loopback_users: %w[user1 user2] } } + + it 'sets the loopback_users parameter in the config file' do + is_expected.to contain_file('rabbitmq.config'). \ + with_content(%r{\{loopback_users, \[<<\"user1\">>, <<\"user2\">>\]\}}) + end + end + ## ## rabbitmq::service ## diff --git a/templates/rabbitmq.config.erb b/templates/rabbitmq.config.erb index 791c919b8..af45aa87f 100644 --- a/templates/rabbitmq.config.erb +++ b/templates/rabbitmq.config.erb @@ -8,6 +8,7 @@ <%- if @heartbeat -%> {heartbeat, <%=@heartbeat%>}, <% end -%> + {loopback_users, [<%= @loopback_users.map { |u| "<<\"#{u}\">>" }.join(', ') %>]}, <% if @auth_backends -%> {auth_backends, [<%= @auth_backends.map { |v| "#{v}" }.join(', ') %>]}, <% elsif @ldap_auth -%>