4.1.0: Introduce a way to protect a virtual host from deletion (backport #13015) #13017
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![mergify[bot]](https://avatars.githubusercontent.com/in/10562?s=60&v=4){kind=small}
Accidental "fat finger" virtual deletion accidents
would be easier to avoid if there was a protection mechanism
that would apply equally even to CLI tools and external
applications that do not use confirmations for deletion
operations.
This introduce the following changes:
* Virtual host metadata now supports a new queue,
'protected_from_deletion', which, when set,
will be considered by key virtual host deletion function(s)
* DELETE /api/vhosts/{name} was adapted to handle
such blocked deletion attempts to respond with
a 412 Precondition Failed status
* 'rabbitmqctl list_vhosts' and 'rabbitmqctl delete_vhost'
were adapted accordingly
* DELETE /api/vhosts/{name}/deletion/protection
is a new endpoint that can be used to remove
the protective seal (the metadata key)
* POST /api/vhosts/{name}/deletion/protection
marks the virtual host as protected
In the case of the HTTP API, all operations on
virtual host metadata require administrative
privileges from the target user.
Other considerations:
* When a virtual host does not exist, the behavior
remains the same: the original, protection-unaware
code path is used to preserve backwards compatibility
References #12772.
(cherry picked from commit f62d46c)
(cherry picked from commit c95a95f)
(cherry picked from commit 6281dcb)
(cherry picked from commit 9ef226e)
…itions exported over the HTTP API (cherry picked from commit 315c247)
that features a deletion-protected virtual host. (cherry picked from commit 1d88a9d)
(cherry picked from commit faa4f5a)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Accidental "fat finger" virtual deletion accidents #12772 would be easier to avoid if there was a protection mechanism that would apply equally even to CLI tools and external applications that do not use confirmations for deletion operations.
This introduce the following changes:
DELETE /api/vhosts/{name}was adapted to handle such blocked deletion attempts to respond with a 412 Precondition Failed statusrabbitmqctl list_vhostsandrabbitmqctl delete_vhostwere adapted accordinglyDELETE /api/vhosts/{name}/deletion/protectionis a new endpoint that can be used to remove the protective seal (the metadata key)POST /api/vhosts/{name}/deletion/protectionmarks the virtual host as protectedIn the case of the HTTP API, all operations on
virtual host metadata require administrative
privileges.
Other considerations:
Closes #12772.
This is an automatic backport of pull request #13015 done by [Mergify](https://mergify.com).