Rabbitmq user permission fixes (#49404)

* Simplify permission changing code for rabbitmq_user module * Add check for multiple permission dicts for same host to rabbitmq_user module * Add docstring for _get_permission method of rabbitmq_user * Fix method that compares vhost permissions in rabbitmq_user * Add tests for rabbitmq_user module * Add helper function for simulating collections.Counter functionality
author: Pavlos Tzianos <pavlos.tzianos@gmail.com> 2018-12-07 14:19:08 +0100
committer: John R Barker <john@johnrbarker.com> 2018-12-07 13:19:08 +0000
commit: a4eb4b2551c62c350100b7e3dbf8692295db13b3 (patch)
tree: 6c1dbdde6f35bbbccfc63eeddeaeae0c1c7b9bd9 /lib/ansible/modules/messaging
parent: a1a0893ebd106d6ad3f889ae08ecd81141d34cea (diff)
download: ansible-a4eb4b2551c62c350100b7e3dbf8692295db13b3.tar.gz
1 files changed, 25 insertions, 21 deletions
diff --git a/lib/ansible/modules/messaging/rabbitmq/rabbitmq_user.py b/lib/ansible/modules/messaging/rabbitmq/rabbitmq_user.py
index c7ba6f6d27..5be2339e2f 100644
--- a/lib/ansible/modules/messaging/rabbitmq/rabbitmq_user.py
+++ b/lib/ansible/modules/messaging/rabbitmq/rabbitmq_user.py
@@ -117,9 +117,9 @@ EXAMPLES = '''
         write_priv: .*
     state: present
 '''
-import operator
 
 from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.common.collections import count
 
 
 class RabbitMqUser(object):
@@ -173,6 +173,7 @@ class RabbitMqUser(object):
         return False
 
     def _get_permissions(self):
+        """Get permissions of the user from RabbitMQ."""
         perms_out = [perm for perm in self._exec(['list_user_permissions', self.username], True) if perm.strip()]
 
         perms_list = list()
@@ -211,28 +212,28 @@ class RabbitMqUser(object):
         self._exec(['set_user_tags', self.username] + self.tags)
 
     def set_permissions(self):
-        for permission in self._permissions:
-            if permission not in self.permissions:
-                cmd = ['clear_permissions', '-p']
-                cmd.append(permission['vhost'])
-                cmd.append(self.username)
-                self._exec(cmd)
-        for permission in self.permissions:
-            if permission not in self._permissions:
-                cmd = ['set_permissions', '-p']
-                cmd.append(permission['vhost'])
-                cmd.append(self.username)
-                cmd.append(permission['configure_priv'])
-                cmd.append(permission['write_priv'])
-                cmd.append(permission['read_priv'])
-                self._exec(cmd)
+        permissions_to_clear = [permission for permission in self._permissions if permission not in self.permissions]
+        permissions_to_add = [permission for permission in self.permissions if permission not in self._permissions]
+        for permission in permissions_to_clear:
+            cmd = 'clear_permissions -p {vhost} {username}'.format(username=self.username,
+                                                                   vhost=permission['vhost'])
+            self._exec(cmd.split(' '))
+        for permission in permissions_to_add:
+            cmd = ('set_permissions -p {vhost} {username} {configure_priv} {write_priv} {read_priv}'
+                   .format(username=self.username, **permission))
+            self._exec(cmd.split(' '))
 
     def has_tags_modifications(self):
         return set(self.tags) != set(self._tags)
 
     def has_permissions_modifications(self):
-        sort_key_fetch = operator.itemgetter('vhost')
-        return sorted(self._permissions, key=sort_key_fetch) != sorted(self.permissions, key=sort_key_fetch)
+        def to_permission_tuple(vhost_permission_dict):
+            return vhost_permission_dict['vhost'], vhost_permission_dict
+
+        def permission_dict(vhost_permission_list):
+            return dict(map(to_permission_tuple, vhost_permission_list))
+
+        return permission_dict(self._permissions) != permission_dict(self.permissions)
 
 
 def main():
@@ -268,8 +269,12 @@ def main():
     node = module.params['node']
     update_password = module.params['update_password']
 
-    bulk_permissions = True
-    if not permissions:
+    if permissions:
+        vhosts = map(lambda permission: permission.get('vhost', '/'), permissions)
+        if any(map(lambda count: count > 1, count(vhosts).values())):
+            module.fail_json(msg="Error parsing permissions: You can't have two permission dicts for the same vhost")
+        bulk_permissions = True
+    else:
         perm = {
             'vhost': vhost,
             'configure_priv': configure_priv,
@@ -283,7 +288,6 @@ def main():
                                  node, bulk_permissions=bulk_permissions)
 
     result = dict(changed=False, user=username, state=state)
-
     if rabbitmq_user.get():
         if state == 'absent':
             rabbitmq_user.delete()
author	Pavlos Tzianos <pavlos.tzianos@gmail.com>	2018-12-07 14:19:08 +0100
committer	John R Barker <john@johnrbarker.com>	2018-12-07 13:19:08 +0000
commit	a4eb4b2551c62c350100b7e3dbf8692295db13b3 (patch)
tree	6c1dbdde6f35bbbccfc63eeddeaeae0c1c7b9bd9 /lib/ansible/modules/messaging
parent	a1a0893ebd106d6ad3f889ae08ecd81141d34cea (diff)
download	ansible-a4eb4b2551c62c350100b7e3dbf8692295db13b3.tar.gz