diff --git a/elements/rabbitmq-server/README.md b/elements/rabbitmq-server/README.md index 5202997d4..2e8e0a9b7 100644 --- a/elements/rabbitmq-server/README.md +++ b/elements/rabbitmq-server/README.md @@ -17,7 +17,13 @@ this in Heat: nova: username: nova password: SuperSecret - tags: administrator + tags: + - administrator + - monitoring + permissions: + conf: .* + write: .* + read: .* password_handle: {Ref: RabbitMQPasswordHandle} Using cfn-signal, we will feed back a generated password into the handle diff --git a/elements/rabbitmq-server/os-refresh-config/post-configure.d/50-rabbitmq-passwords b/elements/rabbitmq-server/os-refresh-config/post-configure.d/50-rabbitmq-passwords index 2cc06db28..990d72f0a 100755 --- a/elements/rabbitmq-server/os-refresh-config/post-configure.d/50-rabbitmq-passwords +++ b/elements/rabbitmq-server/os-refresh-config/post-configure.d/50-rabbitmq-passwords @@ -74,7 +74,6 @@ LOG.info("need = %s" % need) for need_user in need: detail = user_map[need_user] username = detail['username'] - tags = detail['tags'] if username not in have: if 'password' in detail: password = detail['password'] @@ -90,11 +89,19 @@ for need_user in need: PASSWORD_HANDLE]) else: print '%s:%s' % (username, password) - args = ['rabbitmqctl', 'set_user_tags', username] - args.extend(tags) - subprocess.check_call(args, stdout=sys.stderr) + if 'permissions' in detail: + args = ['rabbitmqctl', 'set_permissions', username] + args.append(detail['permissions']['conf']) + args.append(detail['permissions']['write']) + args.append(detail['permissions']['read']) + subprocess.check_call(args, stdout=sys.stderr) + if 'tags' in detail: + tags = detail['tags'] + args = ['rabbitmqctl', 'set_user_tags', username] + args.extend(tags) + subprocess.check_call(args, stdout=sys.stderr) have = set(get_existing_users().keys()) if want - have: - LOG.error('Desired users missing: want=%s have=%s', (want, have)) + LOG.error('Desired users missing: want=%s have=%s', want, have) sys.exit(1)