search

ansible-collections / community.rabbitmq

Manage RabbitMQ with Ansible
http://galaxy.ansible.com/community/rabbitmq
Other
31 stars 46 forks source link

Add a module to manage operator policies #49

Open baptistedaroit opened 3 years ago

baptistedaroit commented 3 years ago
SUMMARY

The rabbitmq_policy module currently supports the management of "standard" policies for RabbitMQ. Nevertheless, it does not allow to manage operator policies .

ISSUE TYPE
COMPONENT NAME

rabbitmq_operator_policy

ADDITIONAL INFORMATION

This new module would allow to manage RabbitMQ operator policies (enforced policies set by administrators that cannot be overwritten by standard users).

Moreover, the two rabbitmqctl commands are quite similar, as you can see from the usage manual:

rabbitmqctl [--node <node>] [--longnames] [--quiet] set_policy [--vhost <vhost>] [--priority <priority>] [--apply-to <apply-to>] <name> <pattern> <definition>
rabbitmqctl [--node <node>] [--longnames] [--quiet] set_operator_policy [--vhost <vhost>] [--priority <priority>] [--apply-to <apply-to>] <name> <pattern> <definition>

So I think we can rely on the existing rabbitmq_policy module to build one for operator policies.

It can be used to set a maximum message TTL on a specific vhost, on which you don't want to allow message retention, for example.

- name: "Set RabbitMQ operator policy"
  rabbitmq_operator_policy:
    node: "rabbit@hostname"
    name: "one-week-message-ttl"
    vhost: "1w-message-ttl-vhost"
    pattern: ".*"
    priority: "0"
    state: "present"
    apply_to: "all"
    tags:
      message-ttl: 604800000
baptistedaroit commented 3 years ago

Hello, If you are interested, I would be glad to help by raising a PR. Thank you!

odyssey4me commented 3 years ago

Of course, all contributions are welcome!

weisslj commented 3 years ago

@baptistedaroit Are you already working on a PR? We need this as well, and I am thinking about implementing as Python module this instead of doing it manually via command / rabbitmqctl.

baptistedaroit commented 2 years ago

Hello @weisslj,

Sorry for the delay! I implemented a module but I didn't actually raise a PR about it.

I will try to do it in the following weeks.

maciejharczuk commented 1 year ago

Hi @baptistedaroit, Any chance you'll raise that PR? If not, I can have a go at it, but since you already have the module implemented, it'd be a bit of wasted effort.

fozatkardouh commented 1 year ago

Hi @baptistedaroit, I would like to ask about the status update of this PR. Any chance we can see it before the end of the next month? Thank you for your efforts :)

frittentheke commented 7 months ago

Hello @weisslj,

Sorry for the delay! I implemented a module but I didn't actually raise a PR about it.

I will try to do it in the following weeks.

@baptistedaroit are you still intending to push this PR?

matthieu-reussner-wday commented 1 week ago

Hello,

Rather than creating a new module, would it make sense to add a new options to specify what kind of policy this applies to to the existing community.rabbitmq.rabbitmq_policy ? 

- name: ensure the default vhost contains the HA policy
  community.rabbitmq.rabbitmq_policy:
    name: HA
    pattern: .*
    policy_type: operator
    tags:
      ha-mode: all

If so, the change become trivial and I happily raise a PR for it this week. To keep backward compatibility, it would be best to not require the option and default to "policy" (operator_policy being the other option)

Kind regards