openstack/openstack-helm-infra
Code Issues Proposed changes

[rabbitmq] Set password for guest user rabbitmq

Browse Source 
Guest account is enabled by default and has access to all
vhosts. Allow to change guest password during rabbitmq
configuration.

Change-Id: If23ab8d5587b13e628bce5bcb135a367324dca80
This commit is contained in:
Vasyl Saienko 2024-09-13 13:06:38 +00:00
parent 298c333ac7
commit 5d086878a2
6 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rabbitmq/Chart.yaml
View File

@ -15,6 +15,6 @@ apiVersion: v1
appVersion: v3.12.0
description: OpenStack-Helm RabbitMQ
name: rabbitmq
version: 0.1.39
version: 0.1.40
home: https://github.com/rabbitmq/rabbitmq-server
...

10
rabbitmq/templates/bin/_rabbitmq-password-hash.py.tpl
View File

@ -26,6 +26,7 @@ import re
user = os.environ['RABBITMQ_ADMIN_USERNAME']
password = os.environ['RABBITMQ_ADMIN_PASSWORD']
guest_password = os.environ['RABBITMQ_GUEST_PASSWORD']
output_file = os.environ['RABBITMQ_DEFINITION_FILE']
def hash_rabbit_password(password):
@ -42,7 +43,14 @@ output = {
"password_hash": hash_rabbit_password(password),
"hashing_algorithm": "rabbit_password_hashing_sha512",
"tags": "administrator"
}]
},
{
"name": "guest",
"password_hash": hash_rabbit_password(guest_password),
"hashing_algorithm": "rabbit_password_hashing_sha512",
"tags": "administrator"
}
]
}
if 'RABBITMQ_USERS' in os.environ:

1
rabbitmq/templates/secret-rabbit-admin.yaml
View File

@ -29,4 +29,5 @@ type: Opaque
data:
RABBITMQ_ADMIN_USERNAME: {{ $envAll.Values.endpoints.oslo_messaging.auth.user.username | b64enc }}
RABBITMQ_ADMIN_PASSWORD: {{ $envAll.Values.endpoints.oslo_messaging.auth.user.password | b64enc }}
RABBITMQ_GUEST_PASSWORD: {{ $envAll.Values.endpoints.oslo_messaging.auth.guest.password | b64enc }}
{{- end }}

5
rabbitmq/templates/statefulset.yaml
View File

@ -144,6 +144,11 @@ spec:
secretKeyRef:
name: {{ printf "%s-%s" $envAll.deployment_name "admin-user" | quote }}
key: RABBITMQ_ADMIN_PASSWORD
- name: RABBITMQ_GUEST_PASSWORD
valueFrom:
secretKeyRef:
name: {{ printf "%s-%s" $envAll.deployment_name "admin-user" | quote }}
key: RABBITMQ_GUEST_PASSWORD
- name: RABBITMQ_DEFINITION_FILE
value: "{{ index $envAll.Values.conf.rabbitmq "management.load_definitions" }}"
{{- if .Values.conf.users }}

2
rabbitmq/values.yaml
View File

@ -390,6 +390,8 @@ endpoints:
user:
username: rabbitmq
password: password
guest:
password: password
hosts:
default: rabbitmq
# NOTE(portdirect): the public host is only used to the management WUI

1
releasenotes/notes/rabbitmq.yaml
View File

@ -39,4 +39,5 @@ rabbitmq:
- 0.1.37 Update rabbitmq readiness/liveness command
- 0.1.38 Do not use hardcoded username in rabbitmq chown container
- 0.1.39 Allow to bootstrap rabbitmq with initial config
- 0.1.40 Set password for guest user rabbitmq
...