Merge "Provide a way to set user permission for rabbitmq users"

elements/rabbitmq-server/README.md

@@ -17,7 +17,13 @@ this in Heat:
           nova:
             username: nova
             password: SuperSecret
-            tags: administrator
+            tags: 
+              - administrator
+              - monitoring
+            permissions:
+              conf: .*
+              write: .*
+              read: .*
         password_handle: {Ref: RabbitMQPasswordHandle}
 
 Using cfn-signal, we will feed back a generated password into the handle

elements/rabbitmq-server/os-refresh-config/post-configure.d/50-rabbitmq-passwords

@@ -74,7 +74,6 @@ LOG.info("need = %s" % need)
 for need_user in need:
     detail = user_map[need_user]
     username = detail['username']
-    tags = detail['tags']
     if username not in have:
         if 'password' in detail:
             password = detail['password']
@@ -90,11 +89,19 @@ for need_user in need:
                                    PASSWORD_HANDLE])
         else:
             print '%s:%s' % (username, password)
-    args = ['rabbitmqctl', 'set_user_tags', username]
-    args.extend(tags)
-    subprocess.check_call(args, stdout=sys.stderr)
+    if 'permissions' in detail:
+        args = ['rabbitmqctl', 'set_permissions', username]
+        args.append(detail['permissions']['conf'])
+        args.append(detail['permissions']['write'])
+        args.append(detail['permissions']['read'])
+        subprocess.check_call(args, stdout=sys.stderr)
+    if 'tags' in detail:
+        tags = detail['tags']
+        args = ['rabbitmqctl', 'set_user_tags', username]
+        args.extend(tags)
+        subprocess.check_call(args, stdout=sys.stderr)
 
 have = set(get_existing_users().keys())
 if want - have:
-    LOG.error('Desired users missing: want=%s have=%s', (want, have))
+    LOG.error('Desired users missing: want=%s have=%s', want, have)
     sys.exit(1)