Brian Saville

RETEST

@jetersen sorry, I've been vacationing for a couple of weeks. Yes, there are some security flaws in this depending on the job configuration. I was thinking I should probably remove...

@jetersen, any feedback on this?

I fixed a bug that we identified when we changed the TTL on the approle auth. The child tokens were still created with their default TTL, which was much longer...

Thanks @Sinkler for catching that. I found that I actually needed some more infrastructure around this to work properly since channels were attempting to reinitialize queues and exchanges on reopen....

@mosquito the py35/py36-uvloop tox tests are failing, but I'm not sure what to do about those. They appear to be unrelated to my PR.

@mosquito I have updated the PR if you could take a look again. Thanks!

I think you cannot use the ssl enum for the protocol version, you need to use an int or str instead. I see https://github.com/mosquito/aio-pika/issues/161#issuecomment-440830531 as an example of using `ssl_version=3`.

#62684 will fix this hopefully, but even more, I think it might have already been addressed by commits in master around the vault functionality. Just an FYI. I'll leave this...

@jetersen thanks for taking a look at this again. In addition to the code review changes, I also implemented a disable flag for sub-folders and jobs, which should prevent escalation...