Existing bindings are not removed

[abompard]

Existing bindings on the broker that have been removed from the configuration file are not deleted.
On the one hand it feels like they should be, to allow users to remove erroneous bindings without asking their broker admin. On the other hand it allows serverside declaration of bindings and just an empty [[bindings]] section in the configuration file, which avoids repeating oneself.

I still think we should remove them, the configuration already duplicates the server declarations wrt queues anyway.

[jeremycline]

It does seem like it would be nice to remove bindings. However, I don't see any way to list the existing bindings for a queue via the Pika API - I'm not sure if there's an AMQP method for that, but if there is Pika doesn't seem to have an API for it. The HTTP API does have a way to do that, but that means the client would need access to the API, and also write access to the queue and read access to the exchange (https://www.rabbitmq.com/access-control.html#permissions).

I do see how this is going to be a problem since either configuration mistakes will happen, or the needs of the app will change and there's no way in the Ansible set up currently to remove things... Or even see what bindings you currently have. I have been thinking about seeing what it would take for external auth for the management interface to work so we can have folks log in and get a "monitoring" account that's read-only.