1 require File.expand_path(File.join(File.dirname(__FILE__), '..', 'rabbitmqctl'))
2 Puppet::Type.type(:rabbitmq_user).provide(
4 parent: Puppet::Provider::Rabbitmqctl
6 has_command(:rabbitmqctl, 'rabbitmqctl') do
7 environment HOME: '/tmp'
10 confine feature: :posix
12 def initialize(value = {})
18 user_list = run_with_retries do
19 rabbitmqctl('-q', 'list_users')
22 user_list.split(%r{\n}).map do |line|
23 raise Puppet::Error, "Cannot parse invalid user line: #{line}" unless line =~ %r{^(\S+)\s+\[(.*?)\]$}
24 user = Regexp.last_match(1)
25 tags = Regexp.last_match(2).split(%r{,\s*})
34 def self.prefetch(resources)
36 resources.each_key do |user|
37 if (provider = users.find { |u| u.name == user })
38 resources[user].provider = provider
44 @property_hash[:ensure] == :present
48 # Fail here (rather than a validate block in the type) if password is not
49 # set, so that "puppet resource" still works.
50 raise Puppet::Error, "Password is a required parameter for rabbitmq_user (user: #{name})" if @resource[:password].nil?
52 rabbitmqctl('add_user', @resource[:name], @resource[:password])
54 tags = @resource[:tags]
55 tags << admin_tag if @resource[:admin] == :true
56 rabbitmqctl('set_user_tags', @resource[:name], tags) unless tags.empty?
58 @property_hash[:ensure] = :present
62 rabbitmqctl('delete_user', @resource[:name])
63 @property_hash[:ensure] = :absent
66 def password=(password)
67 rabbitmqctl('change_password', @resource[:name], password)
72 def check_password(password)
73 check_access_control = [
74 'rabbit_access_control:check_user_pass_login(',
75 %[list_to_binary("#{@resource[:name]}"), ],
76 %[list_to_binary("#{password}")).]
79 response = rabbitmqctl('eval', check_access_control.join)
80 !response.include? 'refused'
84 # do not expose the administrator tag for admins
85 @property_hash[:tags].reject { |tag| tag == admin_tag }
89 @property_flush[:tags] = tags
93 usertags = get_user_tags
94 raise Puppet::Error, "Could not match line '#{resource[:name]} (true|false)' from list_users (perhaps you are running on an older version of rabbitmq that does not support admin users?)" unless usertags
95 (:true if usertags.include?('administrator')) || :false
102 usertags = get_user_tags
103 usertags.delete('administrator')
104 rabbitmqctl('set_user_tags', resource[:name], usertags.entries.sort)
109 @property_hash[:tags].include?(admin_tag) ? :true : :false
113 @property_flush[:admin] = state
117 return if @property_flush.empty?
118 tags = @property_flush[:tags] || @resource[:tags]
119 tags << admin_tag if @resource[:admin] == :true
120 rabbitmqctl('set_user_tags', @resource[:name], tags)
121 @property_flush.clear