1 require File.expand_path(File.join(File.dirname(__FILE__), '..', 'rabbitmqctl'))
2 Puppet::Type.type(:rabbitmq_user_permissions).provide(:rabbitmqctl, parent: Puppet::Provider::Rabbitmqctl) do
3 if Puppet::PUPPETVERSION.to_f < 3
4 commands rabbitmqctl: 'rabbitmqctl'
6 has_command(:rabbitmqctl, 'rabbitmqctl') do
7 environment HOME: '/tmp'
11 confine feature: :posix
13 # cache users permissions
14 def self.users(name, vhost)
15 @users = {} unless @users
18 user_permission_list = run_with_retries do
19 rabbitmqctl('-q', 'list_user_permissions', name)
21 user_permission_list.split(%r{\n}).each do |line|
22 line = strip_backslashes(line)
23 raise Puppet::Error, "cannot parse line from list_user_permissions:#{line}" unless line =~ %r{^(\S+)\s+(\S*)\s+(\S*)\s+(\S*)$}
24 @users[name][Regexp.last_match(1)] =
25 { configure: Regexp.last_match(2), read: Regexp.last_match(4), write: Regexp.last_match(3) }
31 def users(name, vhost)
32 self.class.users(name, vhost)
39 @should_user = resource[:name].split('@')[0]
47 @should_vhost = resource[:name].split('@')[1]
52 resource[:configure_permission] ||= "''"
53 resource[:read_permission] ||= "''"
54 resource[:write_permission] ||= "''"
55 rabbitmqctl('set_permissions', '-p', should_vhost, should_user, resource[:configure_permission], resource[:write_permission], resource[:read_permission])
59 rabbitmqctl('clear_permissions', '-p', should_vhost, should_user)
62 # I am implementing prefetching in exists b/c I need to be sure
63 # that the rabbitmq package is installed before I make this call.
65 users(should_user, should_vhost)
68 def configure_permission
69 users(should_user, should_vhost)[:configure]
72 def configure_permission=(_perm)
77 users(should_user, should_vhost)[:read]
80 def read_permission=(_perm)
85 users(should_user, should_vhost)[:write]
88 def write_permission=(_perm)
92 # implement memoization so that we only call set_permissions once
94 return if @permissions_set
96 @permissions_set = true
97 resource[:configure_permission] ||= configure_permission
98 resource[:read_permission] ||= read_permission
99 resource[:write_permission] ||= write_permission
104 resource[:configure_permission],
105 resource[:write_permission],
106 resource[:read_permission]
110 def self.strip_backslashes(string)
111 # See: https://github.com/rabbitmq/rabbitmq-server/blob/v1_7/docs/rabbitmqctl.1.pod#output-escaping
112 string.gsub(%r{\\\\}, '\\')