root
/
rabbitmq-server
mirror of https://github.com/rabbitmq/rabbitmq-server.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add read to topic permissions 

Part of rabbitmq/rabbitmq-server#1085
This commit is contained in:
Arnaud Cogoluègnes 2017-01-23 10:12:03 +01:00
parent cbab77e34c
commit 57f2eff218
6 changed files with 26 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
deps/rabbitmq_cli/lib/rabbitmq/cli/ctl/commands/set_topic_permissions_command.ex vendored
View File

@ -29,25 +29,25 @@ defmodule RabbitMQ.CLI.Ctl.Commands.SetTopicPermissionsCommand do
def validate([], _) do def validate([], _) do
{:validation_failure, :not_enough_args} {:validation_failure, :not_enough_args}
end end
def validate([_|_] = args, _) when length(args) < 3 do def validate([_|_] = args, _) when length(args) < 4 do
{:validation_failure, :not_enough_args} {:validation_failure, :not_enough_args}
end end
def validate([_|_] = args, _) when length(args) > 3 do def validate([_|_] = args, _) when length(args) > 4 do
{:validation_failure, :too_many_args} {:validation_failure, :too_many_args}
end end
def validate(_, _), do: :ok def validate(_, _), do: :ok
def run([user, exchange, pattern], %{node: node_name, vhost: vhost}) do def run([user, exchange, writePerm, readPerm], %{node: node_name, vhost: vhost}) do
:rabbit_misc.rpc_call(node_name, :rabbit_misc.rpc_call(node_name,
:rabbit_auth_backend_internal, :rabbit_auth_backend_internal,
:set_topic_permissions, :set_topic_permissions,
[user, vhost, exchange, pattern, Helpers.cli_acting_user()] [user, vhost, exchange, writePerm, readPerm, Helpers.cli_acting_user()]
) )
end end
def usage, do: "set_topic_permissions [-p <vhost>] <user> <exchange> <pattern>" def usage, do: "set_topic_permissions [-p <vhost>] <user> <exchange> <write> <read>"
def banner([user, exchange, _], %{vhost: vhost}), do: "Setting topic permissions on \"#{exchange}\" for user \"#{user}\" in vhost \"#{vhost}\" ..." def banner([user, exchange, _, _], %{vhost: vhost}), do: "Setting topic permissions on \"#{exchange}\" for user \"#{user}\" in vhost \"#{vhost}\" ..."
end end

4
deps/rabbitmq_cli/test/clear_topic_permissions_command_test.exs vendored
View File

@ -39,8 +39,8 @@ defmodule ClearTopicPermissionsTest do
end end
setup context do setup context do
set_topic_permissions(@user, @specific_vhost, "amq.topic", "^a") set_topic_permissions(@user, @specific_vhost, "amq.topic", "^a", "^b")
set_topic_permissions(@user, @specific_vhost, "topic1", "^a") set_topic_permissions(@user, @specific_vhost, "topic1", "^a", "^b")
{ {
:ok, :ok,
opts: %{node: get_rabbit_hostname, vhost: context[:vhost]} opts: %{node: get_rabbit_hostname, vhost: context[:vhost]}

8
deps/rabbitmq_cli/test/list_topic_permissions_command_test.exs vendored
View File

@ -32,8 +32,8 @@ defmodule ListTopicPermissionsCommandTest do
add_vhost(@vhost) add_vhost(@vhost)
add_user(@user, @password) add_user(@user, @password)
set_topic_permissions(@user, @vhost, "amq.topic", "^a") set_topic_permissions(@user, @vhost, "amq.topic", "^a", "^b")
set_topic_permissions(@user, @vhost, "topic1", "^a") set_topic_permissions(@user, @vhost, "topic1", "^a", "^b")
on_exit([], fn -> on_exit([], fn ->
clear_topic_permissions(@user, @vhost) clear_topic_permissions(@user, @vhost)
@ -82,8 +82,8 @@ defmodule ListTopicPermissionsCommandTest do
permissions = @command.run([], Map.merge(context[:opts], %{vhost: @vhost})) permissions = @command.run([], Map.merge(context[:opts], %{vhost: @vhost}))
assert Enum.count(permissions) == 2 assert Enum.count(permissions) == 2
assert Enum.sort(permissions) == [ assert Enum.sort(permissions) == [
[user: @user, exchange: "amq.topic", pattern: "^a"], [user: @user, exchange: "amq.topic", write: "^a", read: "^b"],
[user: @user, exchange: "topic1", pattern: "^a"] [user: @user, exchange: "topic1", write: "^a", read: "^b"]
] ]
end end

4
deps/rabbitmq_cli/test/list_user_topic_permissions_command_test.exs vendored
View File

@ -24,8 +24,8 @@ defmodule ListUserTopicPermissionsCommandTest do
RabbitMQ.CLI.Core.Distribution.start() RabbitMQ.CLI.Core.Distribution.start()
:net_kernel.connect_node(get_rabbit_hostname) :net_kernel.connect_node(get_rabbit_hostname)
set_topic_permissions("guest", "/", "amq.topic", "^a") set_topic_permissions("guest", "/", "amq.topic", "^a", "^b")
set_topic_permissions("guest", "/", "topic1", "^a") set_topic_permissions("guest", "/", "topic1", "^a", "^b")
on_exit([], fn -> on_exit([], fn ->
clear_topic_permissions("guest", "/") clear_topic_permissions("guest", "/")

18
deps/rabbitmq_cli/test/set_topic_permissions_command_test.exs vendored
View File

@ -63,7 +63,8 @@ defmodule SetTopicPermissionsCommandTest do
assert @command.validate([], %{}) == {:validation_failure, :not_enough_args} assert @command.validate([], %{}) == {:validation_failure, :not_enough_args}
assert @command.validate(["insufficient"], %{}) == {:validation_failure, :not_enough_args} assert @command.validate(["insufficient"], %{}) == {:validation_failure, :not_enough_args}
assert @command.validate(["not", "enough"], %{}) == {:validation_failure, :not_enough_args} assert @command.validate(["not", "enough"], %{}) == {:validation_failure, :not_enough_args}
assert @command.validate(["this", "is", "too", "many"], %{}) == {:validation_failure, :too_many_args} assert @command.validate(["still", "not", "enough"], %{}) == {:validation_failure, :not_enough_args}
assert @command.validate(["this", "is", "way", "too", "many"], %{}) == {:validation_failure, :too_many_args}
end end
@tag user: @user, vhost: @vhost @tag user: @user, vhost: @vhost
@ -71,11 +72,12 @@ defmodule SetTopicPermissionsCommandTest do
vhost_opts = Map.merge(context[:opts], %{vhost: context[:vhost]}) vhost_opts = Map.merge(context[:opts], %{vhost: context[:vhost]})
assert @command.run( assert @command.run(
[context[:user], "amq.topic", "^a"], [context[:user], "amq.topic", "^a", "^b"],
vhost_opts vhost_opts
) == :ok ) == :ok
assert List.first(list_user_topic_permissions(context[:user]))[:pattern] == "^a" assert List.first(list_user_topic_permissions(context[:user]))[:write] == "^a"
assert List.first(list_user_topic_permissions(context[:user]))[:read] == "^b"
end end
test "run: throws a badrpc when instructed to contact an unreachable RabbitMQ node" do test "run: throws a badrpc when instructed to contact an unreachable RabbitMQ node" do
@ -83,13 +85,13 @@ defmodule SetTopicPermissionsCommandTest do
:net_kernel.connect_node(target) :net_kernel.connect_node(target)
opts = %{node: target, vhost: @vhost} opts = %{node: target, vhost: @vhost}
assert @command.run([@user, "amq.topic", "^a"], opts) == {:badrpc, :nodedown} assert @command.run([@user, "amq.topic", "^a", "^b"], opts) == {:badrpc, :nodedown}
end end
@tag user: "interloper", vhost: @root @tag user: "interloper", vhost: @root
test "run: an invalid user returns a no-such-user error", context do test "run: an invalid user returns a no-such-user error", context do
assert @command.run( assert @command.run(
[context[:user], "amq.topic", "^a"], [context[:user], "amq.topic", "^a", "^b"],
context[:opts] context[:opts]
) == {:error, {:no_such_user, context[:user]}} ) == {:error, {:no_such_user, context[:user]}}
end end
@ -99,7 +101,7 @@ defmodule SetTopicPermissionsCommandTest do
vhost_opts = Map.merge(context[:opts], %{vhost: context[:vhost]}) vhost_opts = Map.merge(context[:opts], %{vhost: context[:vhost]})
assert @command.run( assert @command.run(
[context[:user], "amq.topic", "^a"], [context[:user], "amq.topic", "^a", "^b"],
vhost_opts vhost_opts
) == {:error, {:no_such_vhost, context[:vhost]}} ) == {:error, {:no_such_vhost, context[:vhost]}}
@ -110,7 +112,7 @@ defmodule SetTopicPermissionsCommandTest do
test "run: invalid regex patterns return error", context do test "run: invalid regex patterns return error", context do
n = Enum.count(list_user_topic_permissions(context[:user])) n = Enum.count(list_user_topic_permissions(context[:user]))
{:error, {:invalid_regexp, _, _}} = @command.run( {:error, {:invalid_regexp, _, _}} = @command.run(
[context[:user], "amq.topic", "["], [context[:user], "amq.topic", "[", "^b"],
context[:opts] context[:opts]
) )
assert Enum.count(list_user_topic_permissions(context[:user])) == n assert Enum.count(list_user_topic_permissions(context[:user])) == n
@ -120,7 +122,7 @@ defmodule SetTopicPermissionsCommandTest do
test "banner", context do test "banner", context do
vhost_opts = Map.merge(context[:opts], %{vhost: context[:vhost]}) vhost_opts = Map.merge(context[:opts], %{vhost: context[:vhost]})
assert @command.banner([context[:user], "amq.topic", "^a"], vhost_opts) assert @command.banner([context[:user], "amq.topic", "^a", "^b"], vhost_opts)
=~ ~r/Setting topic permissions on \"amq.topic\" for user \"#{context[:user]}\" in vhost \"#{context[:vhost]}\" \.\.\./ =~ ~r/Setting topic permissions on \"amq.topic\" for user \"#{context[:user]}\" in vhost \"#{context[:vhost]}\" \.\.\./
end end
end end

4
deps/rabbitmq_cli/test/test_helper.exs vendored
View File

@ -174,12 +174,12 @@ defmodule TestHelper do
) )
end end
def set_topic_permissions(user, vhost, exchange, pattern) do def set_topic_permissions(user, vhost, exchange, writePerm, readPerm) do
:rpc.call( :rpc.call(
get_rabbit_hostname, get_rabbit_hostname,
:rabbit_auth_backend_internal, :rabbit_auth_backend_internal,
:set_topic_permissions, :set_topic_permissions,
[user, vhost, exchange, pattern, "acting-user"], [user, vhost, exchange, writePerm, readPerm, "acting-user"],
:infinity :infinity
) )
end end