From a480a58da5ea8ed511a34fb3a3bb1b40bbccf056 Mon Sep 17 00:00:00 2001 From: ju217q Date: Mon, 10 Oct 2022 10:09:46 -0400 Subject: [PATCH] [RabbitMQ] Remove guest admin account Moved removal of guest user account to init for security and best practices. Change-Id: I333f2a0e3124646cf7432e742978a0f3d2277a51 --- helm-toolkit/Chart.yaml | 2 +- helm-toolkit/templates/scripts/_rabbit-init.sh.tpl | 5 +++++ rabbitmq/Chart.yaml | 2 +- rabbitmq/templates/bin/_rabbitmq-wait-for-cluster.sh.tpl | 9 --------- releasenotes/notes/helm-toolkit.yaml | 1 + releasenotes/notes/rabbitmq.yaml | 1 + 6 files changed, 9 insertions(+), 11 deletions(-) diff --git a/helm-toolkit/Chart.yaml b/helm-toolkit/Chart.yaml index 22ca47fac..41035e54b 100644 --- a/helm-toolkit/Chart.yaml +++ b/helm-toolkit/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Helm-Toolkit name: helm-toolkit -version: 0.2.48 +version: 0.2.49 home: https://docs.openstack.org/openstack-helm icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png sources: diff --git a/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl b/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl index 87872d6ff..3739f9554 100644 --- a/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl +++ b/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl @@ -77,6 +77,11 @@ rabbitmqadmin_cli \ password="${RABBITMQ_PASSWORD}" \ tags="user" +echo "Deleting Guest User" +rabbitmqadmin_cli \ + delete user \ + name="guest" || true + if [ "${RABBITMQ_VHOST}" != "/" ] then echo "Managing: vHost: ${RABBITMQ_VHOST}" diff --git a/rabbitmq/Chart.yaml b/rabbitmq/Chart.yaml index 40c4f766d..cbebafd9c 100644 --- a/rabbitmq/Chart.yaml +++ b/rabbitmq/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v3.9.0 description: OpenStack-Helm RabbitMQ name: rabbitmq -version: 0.1.25 +version: 0.1.26 home: https://github.com/rabbitmq/rabbitmq-server ... diff --git a/rabbitmq/templates/bin/_rabbitmq-wait-for-cluster.sh.tpl b/rabbitmq/templates/bin/_rabbitmq-wait-for-cluster.sh.tpl index 7ea2fa6d5..215e5b905 100644 --- a/rabbitmq/templates/bin/_rabbitmq-wait-for-cluster.sh.tpl +++ b/rabbitmq/templates/bin/_rabbitmq-wait-for-cluster.sh.tpl @@ -78,12 +78,3 @@ if test "$(active_rabbit_nodes)" -gt "$RABBIT_REPLICA_COUNT"; then echo "Updated cluster:" rabbitmqctl -l -n "${PRIMARY_NODE}" cluster_status fi - -# Get current node list -PRIMARY_NODE="$(sorted_node_list | awk '{ print $1; exit }')" -# Delete guest admin user -echo "Removing Guest admin user account" -rabbitmqctl -l -n "${PRIMARY_NODE}" delete_user guest || true -# List users -echo "List user accounts" -rabbitmqctl -l -n "${PRIMARY_NODE}" list_users || true diff --git a/releasenotes/notes/helm-toolkit.yaml b/releasenotes/notes/helm-toolkit.yaml index 6dcc3fae9..852bd5796 100644 --- a/releasenotes/notes/helm-toolkit.yaml +++ b/releasenotes/notes/helm-toolkit.yaml @@ -55,4 +55,5 @@ helm-toolkit: - 0.2.46 Fixed for getting kibana ingress value parameters - 0.2.47 Adjusting of kibana ingress value parameters - 0.2.48 Added verify_databases_backup_archives function call to backup process and added remote backup sha256 hash verification + - 0.2.49 Moved RabbitMQ Guest Admin removal to init ... diff --git a/releasenotes/notes/rabbitmq.yaml b/releasenotes/notes/rabbitmq.yaml index 3c5e704a8..70f5cce78 100644 --- a/releasenotes/notes/rabbitmq.yaml +++ b/releasenotes/notes/rabbitmq.yaml @@ -25,4 +25,5 @@ rabbitmq: - 0.1.23 Fixed guest account removal - 0.1.24 Added OCI registry authentication - 0.1.25 Add hostPort support + - 0.1.26 Moved guest admin removal to init template ...