search

ansible-middleware / amq

A collection to manage AMQ brokers
Apache License 2.0
17 stars 11 forks source link

Duplicate security-settings blocks in broker.xml #12

Closed RobertFloor closed 2 years ago

RobertFloor commented 2 years ago
SUMMARY

Repeated running of the playbooks creates multiple security-setting blocks in the broker.xml. When I run the user-roles.yml task multiple times it creates repeated blocks in etc/broker.xml. This is not the desired configuration for the broker.xml for AMQ.

ISSUE TYPE
ANSIBLE VERSION

❯ ansible --version

ansible [core 2.13.3]
  config file = /Users/robertfloor/amq/playbooks/ansible.cfg
  configured module search path = ['/Users/robertfloor/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/Cellar/ansible/6.3.0/libexec/lib/python3.10/site-packages/ansible
  ansible collection location = /Users/robertfloor/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.10.6 (main, Aug 11 2022, 13:49:25) [Clang 13.1.6 (clang-1316.0.21.2.5)]
  jinja version = 3.1.2
  libyaml = True

I get this problem when I run multiple times this command with default settings

ansible-playbook -i hosts_vagrant.yml activemq.yml -v

etc/broker.xml

   <security-settings>
      <security-setting match="#">
        <permission type="createNonDurableQueue" roles="amq"/>
        <permission type="deleteNonDurableQueue" roles="amq"/>
        <permission type="createDurableQueue" roles="amq"/>
        <permission type="deleteDurableQueue" roles="amq"/>
        <permission type="createAddress" roles="amq"/>
        <permission type="deleteAddress" roles="amq"/>
        <permission type="consume" roles="amq"/>
        <permission type="browse" roles="amq"/>
        <permission type="send" roles="amq"/>
        <!-- we need this otherwise ./artemis data imp wouldn't work -->
        <permission type="manage" roles="amq"/>
      </security-setting>
      <security-setting match="#">
        <permission type="createNonDurableQueue" roles="amq"/>
        <permission type="deleteNonDurableQueue" roles="amq"/>
        <permission type="createDurableQueue" roles="amq"/>
        <permission type="deleteDurableQueue" roles="amq"/>
        <permission type="createAddress" roles="amq"/>
        <permission type="deleteAddress" roles="amq"/>
        <permission type="consume" roles="amq"/>
        <permission type="browse" roles="amq"/>
        <permission type="send" roles="amq"/>
        <permission type="manage" roles="amq"/>
      </security-setting>
      <security-setting match="#">
        <permission type="createNonDurableQueue" roles="amq"/>
        <permission type="deleteNonDurableQueue" roles="amq"/>
        <permission type="createDurableQueue" roles="amq"/>
        <permission type="deleteDurableQueue" roles="amq"/>
        <permission type="createAddress" roles="amq"/>
        <permission type="deleteAddress" roles="amq"/>
        <permission type="consume" roles="amq"/>
        <permission type="browse" roles="amq"/>
        <permission type="send" roles="amq"/>
        <permission type="manage" roles="amq"/>
        </security-setting>
    </security-settings>

I believe it is caused by this task

- name: Create messaging roles permissions
  xml:
    path: "{{ amq_broker.instance_home }}/etc/broker.xml"
    xpath: /conf:configuration/core:core/core:security-settings
    input_type: xml
    add_children: "{{ lookup('template', 'security_settings.broker.xml.j2') }}"
    namespaces:
      conf: urn:activemq
      core: urn:activemq:core
    pretty_print: yes
  changed_when: False
  loop: "{{ amq_broker_roles }}"
  become: yes
  become_user: "{{ amq_broker_service_user }}"
guidograzioli commented 2 years ago

reproduced