community.rabbitmq icon indicating copy to clipboard operation
community.rabbitmq copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

Add a module to manage operator policies

Open baptistedaroit opened this issue 4 years ago • 8 comments

SUMMARY

The rabbitmq_policy module currently supports the management of "standard" policies for RabbitMQ. Nevertheless, it does not allow to manage operator policies .

ISSUE TYPE
  • Feature Idea
COMPONENT NAME

rabbitmq_operator_policy

ADDITIONAL INFORMATION

This new module would allow to manage RabbitMQ operator policies (enforced policies set by administrators that cannot be overwritten by standard users).

Moreover, the two rabbitmqctl commands are quite similar, as you can see from the usage manual:

rabbitmqctl [--node <node>] [--longnames] [--quiet] set_policy [--vhost <vhost>] [--priority <priority>] [--apply-to <apply-to>] <name> <pattern> <definition>
rabbitmqctl [--node <node>] [--longnames] [--quiet] set_operator_policy [--vhost <vhost>] [--priority <priority>] [--apply-to <apply-to>] <name> <pattern> <definition>

So I think we can rely on the existing rabbitmq_policy module to build one for operator policies.

It can be used to set a maximum message TTL on a specific vhost, on which you don't want to allow message retention, for example.

- name: "Set RabbitMQ operator policy"
  rabbitmq_operator_policy:
    node: "rabbit@hostname"
    name: "one-week-message-ttl"
    vhost: "1w-message-ttl-vhost"
    pattern: ".*"
    priority: "0"
    state: "present"
    apply_to: "all"
    tags:
      message-ttl: 604800000

baptistedaroit avatar Dec 10 '20 14:12 baptistedaroit

Hello, If you are interested, I would be glad to help by raising a PR. Thank you!

baptistedaroit avatar Dec 10 '20 14:12 baptistedaroit

Of course, all contributions are welcome!

odyssey4me avatar Feb 19 '21 19:02 odyssey4me

@baptistedaroit Are you already working on a PR? We need this as well, and I am thinking about implementing as Python module this instead of doing it manually via command / rabbitmqctl.

weisslj avatar May 19 '21 07:05 weisslj

Hello @weisslj,

Sorry for the delay! I implemented a module but I didn't actually raise a PR about it.

I will try to do it in the following weeks.

baptistedaroit avatar Jun 14 '22 13:06 baptistedaroit

Hi @baptistedaroit, Any chance you'll raise that PR? If not, I can have a go at it, but since you already have the module implemented, it'd be a bit of wasted effort.

maciejharczuk avatar Jan 26 '23 21:01 maciejharczuk

Hi @baptistedaroit, I would like to ask about the status update of this PR. Any chance we can see it before the end of the next month? Thank you for your efforts :)

fozatkardouh avatar Aug 23 '23 13:08 fozatkardouh

Hello @weisslj,

Sorry for the delay! I implemented a module but I didn't actually raise a PR about it.

I will try to do it in the following weeks.

@baptistedaroit are you still intending to push this PR?

frittentheke avatar Mar 01 '24 09:03 frittentheke

Hello,

Rather than creating a new module, would it make sense to add a new options to specify what kind of policy this applies to to the existing community.rabbitmq.rabbitmq_policy ?

- name: ensure the default vhost contains the HA policy
  community.rabbitmq.rabbitmq_policy:
    name: HA
    pattern: .*
    policy_type: operator
    tags:
      ha-mode: all

If so, the change become trivial and I happily raise a PR for it this week. To keep backward compatibility, it would be best to not require the option and default to "policy" (operator_policy being the other option)

Kind regards

matthieu-reussner-wday avatar Sep 30 '24 12:09 matthieu-reussner-wday