Introduce 'shovel disable_tls_peer_verification_for_all_source_uris'

Author: michaelklishin

src/cli.rs

@@ -2892,7 +2892,7 @@ pub fn get_subcommands(pre_flight_settings: PreFlightSettings) -> [Command; 1] {
         )].map(|cmd| cmd.infer_long_args(pre_flight_settings.infer_long_options))
 }
 
-pub fn shovel_subcommands(pre_flight_settings: PreFlightSettings) -> [Command; 5] {
+pub fn shovel_subcommands(pre_flight_settings: PreFlightSettings) -> [Command; 6] {
     let list_all_cmd = Command::new("list_all")
         .long_about("Lists shovels in all virtual hosts")
         .after_help(color_print::cformat!(
@@ -3041,12 +3041,29 @@ pub fn shovel_subcommands(pre_flight_settings: PreFlightSettings) -> [Command; 5
                 .required(true),
         );
 
+    let disable_tls_peer_verification_cmd = Command::new("disable_tls_peer_verification_for_all_source_uris")
+        // shorter, displayed in the shovels group's help
+        .about(color_print::cstr!("<bold><red>Use only in emergency cases</red></bold>. Disables TLS peer verification for all shovels."))
+        // longer, displayed in the command's help
+        .long_about(color_print::cstr!("<bold><red>Use only in emergency cases</red></bold>. Disables TLS peer verification for all shovels by updating their source and destination URIs' 'verify' parameter."))
+        .after_help(color_print::cformat!(
+            r#"<bold>Doc guides</bold>:
+
+ * {}
+ * {}
+ * {}"#,
+            SHOVEL_GUIDE_URL,
+            TLS_GUIDE_URL,
+            "https://www.rabbitmq.com/docs/shovel#tls-connections"
+        ));
+
     [
         list_all_cmd,
         list_cmd,
         declare_091_cmd,
         declare_10_cmd,
         delete_cmd,
+        disable_tls_peer_verification_cmd,
     ]
     .map(|cmd| cmd.infer_long_args(pre_flight_settings.infer_long_options))
 }
@@ -3387,9 +3404,9 @@ fn federation_subcommands(pre_flight_settings: PreFlightSettings) -> [Command; 7
 
     let disable_tls_peer_verification_cmd = Command::new("disable_tls_peer_verification_for_all_upstreams")
         // shorter, displayed in the federation group's help
-        .about(color_print::cstr!("<bold><red>Use only to undo incorrect URI changes</red></bold>. Disables TLS peer verification for all federation upstreams."))
+        .about(color_print::cstr!("<bold><red>Use only in emergency cases</red></bold>. Disables TLS peer verification for all federation upstreams."))
         // longer, displayed in the command's help
-        .long_about(color_print::cstr!("<bold><red>Use only to undo incorrect URI changes</red></bold>. Disables TLS peer verification for all federation upstreams by updating their 'verify' parameter."))
+        .long_about(color_print::cstr!("<bold><red>Use only in emergency cases</red></bold>. Disables TLS peer verification for all federation upstreams by updating their 'verify' parameter."))
 
         .after_help(color_print::cformat!(
             r#"<bold>Doc guides</bold>:

src/commands.rs

@@ -34,6 +34,7 @@ use rabbitmq_http_client::requests::{
     FEDERATION_UPSTREAM_COMPONENT, FederationResourceCleanupMode, FederationUpstreamParams,
     PolicyParams, QueueFederationParams, RuntimeParameterDefinition,
 };
+use rabbitmq_http_client::requests::shovels::OwnedShovelParams;
 
 use rabbitmq_http_client::transformers::{TransformationChain, VirtualHostTransformationChain};
 use rabbitmq_http_client::{password_hashing, requests, responses};
@@ -732,6 +733,47 @@ pub fn disable_tls_peer_verification_for_all_federation_upstreams(
     Ok(())
 }
 
+pub fn disable_tls_peer_verification_for_all_shovels(
+    client: APIClient,
+) -> Result<(), CommandRunError> {
+    // Get all runtime parameters of "shovel" component
+    let all_params = client.list_runtime_parameters()?;
+    let shovel_params: Vec<_> = all_params
+        .into_iter()
+        .filter(|p| p.component == "shovel")
+        .collect();
+
+    for param in shovel_params {
+        // Convert the runtime parameter to OwnedShovelParams for easier manipulation
+        let owned_params = match OwnedShovelParams::try_from(param.clone()) {
+            Ok(params) => params,
+            Err(_) => continue, // Skip malformed shovel parameters
+        };
+
+        let original_source_uri = &owned_params.source_uri;
+        let original_destination_uri = &owned_params.destination_uri;
+
+        // Skip shovels with empty URIs
+        if original_source_uri.is_empty() || original_destination_uri.is_empty() {
+            continue;
+        }
+
+        let updated_source_uri = disable_tls_peer_verification(original_source_uri)?;
+        let updated_destination_uri = disable_tls_peer_verification(original_destination_uri)?;
+
+        if original_source_uri != &updated_source_uri || original_destination_uri != &updated_destination_uri {
+            let mut updated_params = owned_params;
+            updated_params.source_uri = updated_source_uri;
+            updated_params.destination_uri = updated_destination_uri;
+
+            let param = RuntimeParameterDefinition::from(&updated_params);
+            client.upsert_runtime_parameter(&param)?;
+        }
+    }
+
+    Ok(())
+}
+
 //
 // Feature flags
 //

src/main.rs

@@ -1071,6 +1071,10 @@ fn dispatch_common_subcommand(
             let result = commands::list_shovels_in(client, &vhost);
             res_handler.tabular_result(result)
         }
+        ("shovels", "disable_tls_peer_verification_for_all_source_uris") => {
+            let result = commands::disable_tls_peer_verification_for_all_shovels(client);
+            res_handler.no_output_on_success(result);
+        }
         ("streams", "declare") => {
             let result = commands::declare_stream(client, &vhost, second_level_args);
             res_handler.no_output_on_success(result);