[RabbitMQ] Remove guest admin account

Moved removal of guest user account to init for security and best practices. Change-Id: I333f2a0e3124646cf7432e742978a0f3d2277a51
2022-10-10 10:09:46 -04:00 · 2022-10-10 10:09:46 -04:00 · a480a58da5
parent 6852f7c8ed
commit a480a58da5
6 changed files with 9 additions and 11 deletions
--- a/helm-toolkit/Chart.yaml
+++ b/helm-toolkit/Chart.yaml
@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Helm-Toolkit
 name: helm-toolkit
-version: 0.2.48
+version: 0.2.49
 home: https://docs.openstack.org/openstack-helm
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png
 sources:
--- a/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl
+++ b/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl
@ -77,6 +77,11 @@ rabbitmqadmin_cli \
  password="${RABBITMQ_PASSWORD}" \
  tags="user"

+echo "Deleting Guest User"
+rabbitmqadmin_cli \
+  delete user \
+  name="guest" || true
+
 if [ "${RABBITMQ_VHOST}" != "/" ]
 then
  echo "Managing: vHost: ${RABBITMQ_VHOST}"
--- a/rabbitmq/Chart.yaml
+++ b/rabbitmq/Chart.yaml
@ -15,6 +15,6 @@ apiVersion: v1
 appVersion: v3.9.0
 description: OpenStack-Helm RabbitMQ
 name: rabbitmq
-version: 0.1.25
+version: 0.1.26
 home: https://github.com/rabbitmq/rabbitmq-server
 ...
--- a/rabbitmq/templates/bin/_rabbitmq-wait-for-cluster.sh.tpl
+++ b/rabbitmq/templates/bin/_rabbitmq-wait-for-cluster.sh.tpl
@ -78,12 +78,3 @@ if test "$(active_rabbit_nodes)" -gt "$RABBIT_REPLICA_COUNT"; then
    echo "Updated cluster:"
    rabbitmqctl -l -n "${PRIMARY_NODE}" cluster_status
 fi
-
-# Get current node list
-PRIMARY_NODE="$(sorted_node_list | awk '{ print $1; exit }')"
-# Delete guest admin user
-echo "Removing Guest admin user account"
-rabbitmqctl -l -n "${PRIMARY_NODE}" delete_user guest || true
-# List users
-echo "List user accounts"
-rabbitmqctl -l -n "${PRIMARY_NODE}" list_users || true
--- a/releasenotes/notes/helm-toolkit.yaml
+++ b/releasenotes/notes/helm-toolkit.yaml
@ -55,4 +55,5 @@ helm-toolkit:
  - 0.2.46 Fixed for getting kibana ingress value parameters
  - 0.2.47 Adjusting of kibana ingress value parameters
  - 0.2.48 Added verify_databases_backup_archives function call to backup process and added remote backup sha256 hash verification
+  - 0.2.49 Moved RabbitMQ Guest Admin removal to init
 ...
--- a/releasenotes/notes/rabbitmq.yaml
+++ b/releasenotes/notes/rabbitmq.yaml
@ -25,4 +25,5 @@ rabbitmq:
  - 0.1.23 Fixed guest account removal
  - 0.1.24 Added OCI registry authentication
  - 0.1.25 Add hostPort support
+  - 0.1.26 Moved guest admin removal to init template
 ...