Skip to content

Commit

Permalink
Optionally block enabling configured feature flags via Management UI/API
Browse files Browse the repository at this point in the history 
Useful to avoid accidentally enabling for example experiemental
feature flags from the Management UI on sensitive clusters.
  • Loading branch information
@gomoripeti
gomoripeti committed Mar 5, 2024
1 parent a40f231 commit 52878cd
Showing 1 changed file with 17 additions and 7 deletions.
24 changes: 17 additions & 7 deletions deps/rabbitmq_management/src/rabbit_mgmt_wm_feature_flag_enable.erl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,13 +38,18 @@ accept_content(ReqData, #context{} = Context) ->
NameS = rabbit_mgmt_util:id(name, ReqData),
try
Name = list_to_existing_atom(binary_to_list(NameS)),
case rabbit_feature_flags:enable(Name) of
ok ->
{true, ReqData, Context};
{error, Reason1} ->
FormattedReason1 = rabbit_ff_extra:format_error(Reason1),
rabbit_mgmt_util:bad_request(
list_to_binary(FormattedReason1), ReqData, Context)
case is_feature_flag_blocked(Name) of
{true, Message} ->
rabbit_web_dispatch_access_control:not_authorised(Message, ReqData, Context);
false ->
case rabbit_feature_flags:enable(Name) of
ok ->
{true, ReqData, Context};
{error, Reason1} ->
FormattedReason1 = rabbit_ff_extra:format_error(Reason1),
rabbit_mgmt_util:bad_request(
list_to_binary(FormattedReason1), ReqData, Context)
end
end
catch
_:badarg ->
Expand All @@ -53,3 +58,8 @@ accept_content(ReqData, #context{} = Context) ->
rabbit_mgmt_util:bad_request(
list_to_binary(FormattedReason2), ReqData, Context)
end.

-spec is_feature_flag_blocked(rabbit_feature_flags:feature_name()) -> {true, string()} | false.
is_feature_flag_blocked(Name) ->
BlockedFFs = application:get_env(rabbitmq_management, blocked_feature_flags, []),
proplists:get_value(Name, BlockedFFs, false).

0 comments on commit 52878cd

Please sign in to comment.