Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

COOK-2153 Fixed idempotence issues with user LWRP #31

Closed
wants to merge 1 commit into from

2 participants

@milosgajdos83

By incorrectly I mean it was using incorrect combination of
list_user_permissions command which was making the LWRP to be
NON-idempotent and was setting the permissions when they already
have been set. According to docs the correct commands are:

list_user_permissions [-p ]

ie. you MUST supply the username as it's a mandatory argument.

Examples:

[sensu] ~ $ sudo rabbitmqctl list_user_permissions |foo

Error: invalid command 'list_user_permissions'
[sensu] ~ $ sudo rabbitmqctl list_user_permissions |sensu
Error: invalid command 'list_user_permissions'
[sensu] ~ $ sudo rabbitmqctl list_user_permissions sensu
Listing permissions for user "sensu" ...
/sensu .* .* .*
...done.
[sensu] ~ $ sudo rabbitmqctl list_user_permissions -p /sensu sensu
Listing permissions for user "sensu" ...
/sensu .* .* .*
...done.
[sensu] ~ $

@milosgajdos83 milosgajdos83 Fixed the user LWRP as it was setting permissions incorrectly.
By incorrectly I mean it was using incorrect combination of
list_user_permissions command which was making the LWRP to be
NON-idempotent and was setting the permissions when they already
have been set. According to docs the correct commands are:

list_user_permissions [-p <vhostpath>] <username>

ie. you MUST supply the username as it's a mandatory argument.
04de4af
@mattray

I'm merging this, but it's not completely right yet.

rabbitmqctl list_user_permissions sensu

will return nothing if the user has no privileges, but does exist. Error code is the same either way, so it would disallow you from setting privileges. Working on a fix.

@mattray

Going to use this:
rabbitmqctl -q list_user_permissions sensu | grep "^/"

@mattray

Fixed in upcoming 2.0 branch here: https://github.com/mattray/rabbitmq/tree/2.0
The regex got a little more accurate too
rabbitmqctl -q list_user_permissions #{name} | grep \"^#{vhost}\s\""

@mattray mattray closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jan 3, 2013
  1. @milosgajdos83

    Fixed the user LWRP as it was setting permissions incorrectly.

    milosgajdos83 authored
    By incorrectly I mean it was using incorrect combination of
    list_user_permissions command which was making the LWRP to be
    NON-idempotent and was setting the permissions when they already
    have been set. According to docs the correct commands are:
    
    list_user_permissions [-p <vhostpath>] <username>
    
    ie. you MUST supply the username as it's a mandatory argument.
This page is out of date. Refresh to see the latest.
Showing with 2 additions and 2 deletions.
  1. +2 −2 providers/user.rb
View
4 providers/user.rb
@@ -36,13 +36,13 @@
action :set_permissions do
if new_resource.vhost
execute "rabbitmqctl set_permissions -p #{new_resource.vhost} #{new_resource.user} #{new_resource.permissions}" do
- not_if "rabbitmqctl list_user_permissions | grep #{new_resource.user}"
+ not_if "rabbitmqctl list_user_permissions -p #{new_resource.vhost} #{new_resource.user}"
Chef::Log.info "Setting RabbitMQ user permissions for '#{new_resource.user}' on vhost #{new_resource.vhost}."
new_resource.updated_by_last_action(true)
end
else
execute "rabbitmqctl set_permissions #{new_resource.user} #{new_resource.permissions}" do
- not_if "rabbitmqctl list_user_permissions | grep #{new_resource.user}"
+ not_if "rabbitmqctl list_user_permissions #{new_resource.user}"
Chef::Log.info "Setting RabbitMQ user permissions for '#{new_resource.user}'."
new_resource.updated_by_last_action(true)
end
Something went wrong with that request. Please try again.