forked from mariuszwojcik/RabbitMQTools
-
Notifications
You must be signed in to change notification settings - Fork 0
/
AddPermission.ps1
104 lines (81 loc) · 4.3 KB
/
AddPermission.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
<#
.Synopsis
Adds permissions to virtual host for a user.
.DESCRIPTION
The Add-RabbitMQPermission cmdlet allows to add user permissions to virtual host.
To add permissions to remote server you need to provide -ComputerName.
The cmdlet is using REST Api provided by RabbitMQ Management Plugin. For more information go to: https://www.rabbitmq.com/management.html
To support requests using default virtual host (/), the cmdlet will temporarily disable UnEscapeDotsAndSlashes flag on UriParser. For more information check get-help about_UnEsapingDotsAndSlashes.
.EXAMPLE
Add-RabbitMQPermission -VirtualHost '/' -User Admin -Configure .* -Read .* -Write .*
Add configure, read and write permissions for user Admin to default virtual host (/).
.EXAMPLE
Add-RabbitMQPermission -ComputerName rabbitmq.server.com '/' Admin .* .* .*
Add configure, read and write permissions for user Admin to default virtual host (/) on server rabbitmq.server.com. This command uses positional parameters.
.INPUTS
You can pipe VirtualHost, User, Configure, Read, Write and ComputerName to this cmdlet.
.LINK
https://www.rabbitmq.com/management.html - information about RabbitMQ management plugin.
#>
function Add-RabbitMQPermission
{
[CmdletBinding(DefaultParameterSetName='defaultLogin', SupportsShouldProcess=$true, ConfirmImpact="Medium")]
Param
(
# Virtual host to set permission for.
[parameter(Mandatory=$true, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true, Position=0)]
[Alias("vhost", "vh")]
[string]$VirtualHost,
# Name of user to set permission for.
[parameter(Mandatory=$true, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true, Position=1)]
[string]$User,
# Configure permission regexp.
[parameter(Mandatory=$true, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true, Position=2)]
[string]$Configure,
# Read permission regexp.
[parameter(Mandatory=$true, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true, Position=3)]
[string]$Read,
# Write permission regexp.
[parameter(Mandatory=$true, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true, Position=4)]
[string]$Write,
# Name of the computer hosting RabbitMQ server. Defalut value is localhost.
[parameter(ValueFromPipelineByPropertyName=$true)]
[Alias("HostName", "hn", "cn")]
[string]$ComputerName = $defaultComputerName,
# UserName to use when logging to RabbitMq server.
[Parameter(Mandatory=$true, ParameterSetName='login')]
[string]$UserName,
# Password to use when logging to RabbitMq server.
[Parameter(Mandatory=$true, ParameterSetName='login')]
[string]$Password,
# Credentials to use when logging to RabbitMQ server.
[Parameter(Mandatory=$true, ParameterSetName='cred')]
[PSCredential]$Credentials
)
Begin
{
$Credentials = NormaliseCredentials
$p = Get-RabbitMQPermission -ComputerName $ComputerName -Credentials $Credentials -VirtualHost $VirtualHost -User $User
if ($p) { throw "Permissions to virtual host $VirtualHost for user $User already exist. To change permissions use Set-RabbitMQPermission cmdlet." }
$cnt = 0
}
Process
{
if ($pscmdlet.ShouldProcess("server: $ComputerName", "Create permission to virtual host $VirtualHost for user $User : $Configure, $Read $Write"))
{
$url = "http://$([System.Web.HttpUtility]::UrlEncode($ComputerName)):15672/api/permissions/$([System.Web.HttpUtility]::UrlEncode($VirtualHost))/$([System.Web.HttpUtility]::UrlEncode($User))"
$body = @{
'configure' = $Configure
'read' = $Read
'write' = $Write
} | ConvertTo-Json
$result = Invoke-RestMethod $url -Credential $Credentials -AllowEscapedDotsAndSlashes -DisableKeepAlive -ErrorAction Continue -Method Put -ContentType "application/json" -Body $body
Write-Verbose "Created permission to $VirtualHost for $User : $Configure, $Read, $Write"
$cnt++
}
}
End
{
if ($cnt -gt 1) { Write-Verbose "Created $cnt permissions." }
}
}