Introduce two new shovel commands

michaelklishin · michaelklishin · commit 99cafa5dbfe5 · 2025-09-22T18:17:23.000-04:00
to be used in case of an emergency.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,14 +1,31 @@
 # rabbitmqadmin-ng Change Log
 
+## v2.12.0 (in development)
+
+### Enhancements
+
+ * `shovel disable_tls_peer_verification_for_all_source_uris` is a new command that disables TLS peer verification
+   for all shovel source URIs.
+
+   **Important**: this command should **only** be used to undo incorrect shovel source URIs, after a bad deployment, for example,
+   if [peer verification](https://www.rabbitmq.com/docs/ssl#peer-verification) was enabled before certificates and keys were
+   deployed.
+
+  * `shovel disable_tls_peer_verification_for_all_source_uris` is a new command that disables TLS peer verification
+    for all shovel source URIs.
+
+    **Important**: this command should **only** be used to undo incorrect shovel destination URIs (see above).
+
 ## v2.11.0 (Sep 22, 2025)
 
 ### Enhancements
 
 * `federation disable_tls_peer_verification_for_all_upstreams` is a new command that disables TLS peer verification
   for all federation upstreams. 
 
-  **Important**: this command should **only** be used to undo incorrect federation upstream URI, for example,
-  if [peer verification](https://www.rabbitmq.com/docs/ssl#peer-verification) was enabled prematurely.
+  **Important**: this command should **only** be used to correct federation upstream URI after a bad deployment, for example,
+  if [peer verification](https://www.rabbitmq.com/docs/ssl#peer-verification) was enabled before certificates and keys were
+  deployed.
 
 ### Upgrades
 
diff --git a/src/cli.rs b/src/cli.rs
@@ -2892,7 +2892,7 @@ pub fn get_subcommands(pre_flight_settings: PreFlightSettings) -> [Command; 1] {
         )].map(|cmd| cmd.infer_long_args(pre_flight_settings.infer_long_options))
 }
 
-pub fn shovel_subcommands(pre_flight_settings: PreFlightSettings) -> [Command; 6] {
+pub fn shovel_subcommands(pre_flight_settings: PreFlightSettings) -> [Command; 7] {
     let list_all_cmd = Command::new("list_all")
         .long_about("Lists shovels in all virtual hosts")
         .after_help(color_print::cformat!(
@@ -3043,9 +3043,23 @@ pub fn shovel_subcommands(pre_flight_settings: PreFlightSettings) -> [Command; 6
 
     let disable_tls_peer_verification_cmd = Command::new("disable_tls_peer_verification_for_all_source_uris")
         // shorter, displayed in the shovels group's help
-        .about(color_print::cstr!("<bold><red>Use only in emergency cases</red></bold>. Disables TLS peer verification for all shovels."))
+        .about(color_print::cstr!("<bold><red>Use only in case of emergency</red></bold>. Disables TLS peer verification for all shovels."))
         // longer, displayed in the command's help
-        .long_about(color_print::cstr!("<bold><red>Use only in emergency cases</red></bold>. Disables TLS peer verification for all shovels by updating their source and destination URIs' 'verify' parameter."))
+        .long_about(color_print::cstr!("<bold><red>Use only in case of emergency</red></bold>. Disables TLS peer verification for all shovels by updating their source and destination URIs' 'verify' parameter."))
+        .after_help(color_print::cformat!(
+            r#"<bold>Doc guides</bold>:
+
+ * {}
+ * {}
+ * {}"#,
+            SHOVEL_GUIDE_URL,
+            TLS_GUIDE_URL,
+            "https://www.rabbitmq.com/docs/shovel#tls-connections"
+        ));
+
+    let disable_tls_peer_verification_dest_cmd = Command::new("disable_tls_peer_verification_for_all_destination_uris")
+        .about(color_print::cstr!("<bold><red>Use only in case of emergency</red></bold>. Disables TLS peer verification for all shovel destination URIs."))
+        .long_about(color_print::cstr!("<bold><red>Use only in case of emergency</red></bold>. Disables TLS peer verification for all shovel destination URIs by updating their 'verify' parameter."))
         .after_help(color_print::cformat!(
             r#"<bold>Doc guides</bold>:
 
@@ -3064,6 +3078,7 @@ pub fn shovel_subcommands(pre_flight_settings: PreFlightSettings) -> [Command; 6
         declare_10_cmd,
         delete_cmd,
         disable_tls_peer_verification_cmd,
+        disable_tls_peer_verification_dest_cmd,
     ]
     .map(|cmd| cmd.infer_long_args(pre_flight_settings.infer_long_options))
 }
@@ -3404,9 +3419,9 @@ fn federation_subcommands(pre_flight_settings: PreFlightSettings) -> [Command; 7
 
     let disable_tls_peer_verification_cmd = Command::new("disable_tls_peer_verification_for_all_upstreams")
         // shorter, displayed in the federation group's help
-        .about(color_print::cstr!("<bold><red>Use only in emergency cases</red></bold>. Disables TLS peer verification for all federation upstreams."))
+        .about(color_print::cstr!("<bold><red>Use only in case of emergency</red></bold>. Disables TLS peer verification for all federation upstreams."))
         // longer, displayed in the command's help
-        .long_about(color_print::cstr!("<bold><red>Use only in emergency cases</red></bold>. Disables TLS peer verification for all federation upstreams by updating their 'verify' parameter."))
+        .long_about(color_print::cstr!("<bold><red>Use only in case of emergency</red></bold>. Disables TLS peer verification for all federation upstreams by updating their 'verify' parameter."))
 
         .after_help(color_print::cformat!(
             r#"<bold>Doc guides</bold>:
diff --git a/src/commands.rs b/src/commands.rs
@@ -736,34 +736,63 @@ pub fn disable_tls_peer_verification_for_all_federation_upstreams(
 pub fn disable_tls_peer_verification_for_all_shovels(
     client: APIClient,
 ) -> Result<(), CommandRunError> {
-    // Get all runtime parameters of "shovel" component
     let all_params = client.list_runtime_parameters()?;
     let shovel_params: Vec<_> = all_params
         .into_iter()
         .filter(|p| p.component == "shovel")
         .collect();
 
     for param in shovel_params {
-        // Convert the runtime parameter to OwnedShovelParams for easier manipulation
         let owned_params = match OwnedShovelParams::try_from(param.clone()) {
             Ok(params) => params,
-            Err(_) => continue, // Skip malformed shovel parameters
+            Err(_) => continue,
         };
 
         let original_source_uri = &owned_params.source_uri;
-        let original_destination_uri = &owned_params.destination_uri;
 
-        // Skip shovels with empty URIs
-        if original_source_uri.is_empty() || original_destination_uri.is_empty() {
+        if original_source_uri.is_empty() {
             continue;
         }
 
         let updated_source_uri = disable_tls_peer_verification(original_source_uri)?;
-        let updated_destination_uri = disable_tls_peer_verification(original_destination_uri)?;
 
-        if original_source_uri != &updated_source_uri || original_destination_uri != &updated_destination_uri {
+        if original_source_uri != &updated_source_uri {
             let mut updated_params = owned_params;
             updated_params.source_uri = updated_source_uri;
+
+            let param = RuntimeParameterDefinition::from(&updated_params);
+            client.upsert_runtime_parameter(&param)?;
+        }
+    }
+
+    Ok(())
+}
+
+pub fn disable_tls_peer_verification_for_all_destination_uris(
+    client: APIClient,
+) -> Result<(), CommandRunError> {
+    let all_params = client.list_runtime_parameters()?;
+    let shovel_params: Vec<_> = all_params
+        .into_iter()
+        .filter(|p| p.component == "shovel")
+        .collect();
+
+    for param in shovel_params {
+        let owned_params = match OwnedShovelParams::try_from(param.clone()) {
+            Ok(params) => params,
+            Err(_) => continue,
+        };
+
+        let original_destination_uri = &owned_params.destination_uri;
+
+        if original_destination_uri.is_empty() {
+            continue;
+        }
+
+        let updated_destination_uri = disable_tls_peer_verification(original_destination_uri)?;
+
+        if original_destination_uri != &updated_destination_uri {
+            let mut updated_params = owned_params;
             updated_params.destination_uri = updated_destination_uri;
 
             let param = RuntimeParameterDefinition::from(&updated_params);
diff --git a/src/main.rs b/src/main.rs
@@ -1075,6 +1075,10 @@ fn dispatch_common_subcommand(
             let result = commands::disable_tls_peer_verification_for_all_shovels(client);
             res_handler.no_output_on_success(result);
         }
+        ("shovels", "disable_tls_peer_verification_for_all_destination_uris") => {
+            let result = commands::disable_tls_peer_verification_for_all_destination_uris(client);
+            res_handler.no_output_on_success(result);
+        }
         ("streams", "declare") => {
             let result = commands::declare_stream(client, &vhost, second_level_args);
             res_handler.no_output_on_success(result);
diff --git a/tests/shovel_destination_uri_modification_tests.rs b/tests/shovel_destination_uri_modification_tests.rs
diff --git a/tests/shovel_source_uri_modification_tests.rs b/tests/shovel_source_uri_modification_tests.rs
