feat(permission): add module for interacting with RabbitMQ permissions

rhblind · rhblind · commit d4e1ff709c40 · 2025-03-05T11:50:47.000+01:00
+ Implement functions to get, set, and delete permissions for users on specific vhosts
+ Add tests for permission functions
+ Include fixture for get_permissions API response
diff --git a/lib/ex_rabbitmq_admin/permission.ex b/lib/ex_rabbitmq_admin/permission.ex
@@ -0,0 +1,60 @@
+defmodule ExRabbitMQAdmin.Permission do
+  @moduledoc """
+  This module contains functions for interacting with RabbitMQ permissions.
+  """
+  require Logger
+
+  import ExRabbitMQAdmin.Options,
+    only: [put_vhost_permissions: 0, format_error: 1]
+
+  @api_namespace "/api/permissions"
+
+  @doc """
+  Get a list of permissions for all users.
+  """
+  @spec get_permissions(client :: Tesla.Client.t()) :: {:ok, Tesla.Env.t()} | {:error, term()}
+  def get_permissions(client), do: Tesla.get(client, @api_namespace)
+
+  @doc """
+  Get list of permissions for a user on a specific vhost.
+  """
+  @spec get_vhost_user_permissions(
+          client :: Tesla.Client.t(),
+          vhost :: String.t(),
+          user :: String.t()
+        ) ::
+          {:ok, Tesla.Env.t()} | {:error, term()}
+  def get_vhost_user_permissions(client, vhost, user),
+    do: Tesla.get(client, "#{@api_namespace}/#{vhost}/#{user}")
+
+  @doc """
+  Set permissions for a user on a specific vhost.
+  """
+  @spec put_vhost_user_permissions(
+          client :: Tesla.Client.t(),
+          vhost :: String.t(),
+          user :: String.t(),
+          opts :: Keyword.t()
+        ) ::
+          {:ok, Tesla.Env.t()} | no_return()
+  def put_vhost_user_permissions(client, vhost, user, opts) do
+    case NimbleOptions.validate(opts, put_vhost_permissions()) do
+      {:ok, opts} ->
+        Tesla.put(client, "#{@api_namespace}/#{vhost}/#{user}", Enum.into(opts, %{}))
+
+      {:error, error} ->
+        raise ArgumentError, format_error(error)
+    end
+  end
+
+  @doc """
+  Delete permissions for a user on a specific vhost.
+  """
+  @spec delete_vhost_user_permissions(
+          client :: Tesla.Client.t(),
+          vhost :: String.t(),
+          user :: String.t()
+        ) :: {:ok, Tesla.Env.t()} | {:error, term()}
+  def delete_vhost_user_permissions(client, vhost, user),
+    do: Tesla.delete(client, "#{@api_namespace}/#{vhost}/#{user}")
+end
diff --git a/test/ex_rabbitmq_admin/permission_test.exs b/test/ex_rabbitmq_admin/permission_test.exs
@@ -0,0 +1,40 @@
+defmodule ExRabbitmqAdmin.PermissionTest do
+  use ExRabbitMQAdmin.TestCase, async: true
+  alias ExRabbitMQAdmin.Permission
+
+  setup do
+    mock(fn
+      %{method: :get, url: "https://rabbitmq.example.com:5672/api/permissions"} ->
+        %Tesla.Env{status: 200, body: read_json("get_permissions.json")}
+
+      %{method: :put, url: "https://rabbitmq.example.com:5672/api/permissions/my-vhost/testuser"} ->
+        %Tesla.Env{status: 201}
+
+      %{
+        method: :delete,
+        url: "https://rabbitmq.example.com:5672/api/permissions/my-vhost/testuser"
+      } ->
+        %Tesla.Env{status: 204, body: ""}
+    end)
+  end
+
+  test "can get a list of permissions for all users" do
+    assert {:ok, %Tesla.Env{status: 200, body: _body}} =
+             Client.client() |> Permission.get_permissions()
+  end
+
+  test "can set permissions for a user on a specific vhost" do
+    assert {:ok, %Tesla.Env{status: 201}} =
+             Client.client()
+             |> Permission.put_vhost_user_permissions("my-vhost", "testuser",
+               configure: ".*",
+               write: ".*",
+               read: ".*"
+             )
+  end
+
+  test "can delete permissions for a user on a specific vhost" do
+    assert {:ok, %Tesla.Env{status: 204, body: ""}} =
+             Client.client() |> Permission.delete_vhost_user_permissions("my-vhost", "testuser")
+  end
+end
diff --git a/test/support/fixtures/get_permissions.json b/test/support/fixtures/get_permissions.json
@@ -0,0 +1,37 @@
+[
+  {
+    "configure": ".*",
+    "read": ".*",
+    "user": "guest",
+    "vhost": "/",
+    "write": ".*"
+  },
+  {
+    "configure": ".*",
+    "read": ".*",
+    "user": "guest",
+    "vhost": "my-vhost",
+    "write": ".*"
+  },
+  {
+    "configure": "(^$)",
+    "read": "(^amq\\.direct|.*)",
+    "user": "testuser",
+    "vhost": "my-vhost",
+    "write": "(^$)"
+  },
+  {
+    "configure": ".*",
+    "read": ".*",
+    "user": "guest",
+    "vhost": "test",
+    "write": ".*"
+  },
+  {
+    "configure": "(^amq\\.direct|.*)",
+    "read": "(^amq\\.direct|.*)",
+    "user": "testuser",
+    "vhost": "test",
+    "write": "(^amq\\.direct|.*)"
+  }
+]
