Overview

This resource allows you to manage a MQ autorizations.

Here is an example on how you should use this:

mq_authorization { "group/mymqgroup->MYQM1/qmgr/self":
  ensure    => 'present',
  authority => ['allmqi', 'dlt', 'chg', 'dsp', 'ctrl', 'system'],
}

Experience the Power of Puppet for IBM MQ

If you want to play and experiment with Puppet and IBM MQ, please take a look at our playgrounds. At our playgrounds, we provide you with a pre-installed environment, where you experiment fast and easy.

Attributes

Attribute Name Short Description
authority The authority given to specfied user or group on specfied object.
disable_corrective_change Disable the modification of a resource when Puppet decides it is a corrective change.
disable_corrective_ensure Disable the creation or removal of a resource when Puppet decides is a corrective change.
ensure The basic property that the resource should be in.
entity The specfied entity you want to authorize.
entity_type The specfied entity type.
mq_type The mq type.
name The full name of the object which security you want to manage.
profile The profile.
provider resource.
qmgr The queue manager.

authority

The authority given to specfied user or group on specfied object.

You MUST specfify the indivdual authorities. The generic authorities

  • all
  • alladm
  • allmqi
  • system

Are NOT supported at this point in time.

Back to overview of mq_authorization

disable_corrective_change

Disable the modification of a resource when Puppet decides it is a corrective change.

(requires easy_type V2.11.0 or higher)

When using a Puppet Server, Puppet knows about adaptive and corrective changes. A corrective change is when Puppet notices that the resource has changed, but the catalog has not changed. This can occur for example, when a user, by accident or willingly, changed something on the system that Puppet is managing. The normal Puppet process then repairs this and puts the resource back in the state as defined in the catalog. This process is precisely what you want most of the time, but not always. This can sometimes also occur when a hardware or network error occurs. Then Puppet cannot correctly determine the current state of the system and thinks the resource is changed, while in fact, it is not. Letting Puppet recreate remove or change the resource in these cases, is NOT wat you want.

Using the disable_corrective_change parameter, you can disable corrective changes on the current resource.

Here is an example of this:

crucial_resource {'be_carefull':
  ...
  disable_corrective_change => true,
  ...
}

When a corrective ensure does happen on the resource Puppet will not modify the resource and signal an error:

    Error: Corrective change present requested by catalog, but disabled by parameter disable_corrective_change
    Error: /Stage[main]/Main/Crucial_resource[be_carefull]/parameter: change from '10' to '20' failed: Corrective change present requested by catalog, but disabled by parameter disable_corrective_change. (corrective)

Back to overview of mq_authorization

disable_corrective_ensure

Disable the creation or removal of a resource when Puppet decides is a corrective change.

(requires easy_type V2.11.0 or higher)

When using a Puppet Server, Puppet knows about adaptive and corrective changes. A corrective change is when Puppet notices that the resource has changed, but the catalog has not changed. This can occur for example, when a user, by accident or willingly, changed something on the system that Puppet is managing. The normal Puppet process then repairs this and puts the resource back in the state as defined in the catalog. This process is precisely what you want most of the time, but not always. This can sometimes also occur when a hardware or network error occurs. Then Puppet cannot correctly determine the current state of the system and thinks the resource is changed, while in fact, it is not. Letting Puppet recreate remove or change the resource in these cases, is NOT wat you want.

Using the disable_corrective_ensure parameter, you can disable corrective ensure present or ensure absent actions on the current resource.

Here is an example of this:

crucial_resource {'be_carefull':
  ensure                    => 'present',
  ...
  disable_corrective_ensure => true,
  ...
}

When a corrective ensure does happen on the resource Puppet will not create or remove the resource and signal an error:

    Error: Corrective ensure present requested by catalog, but disabled by parameter disable_corrective_ensure.
    Error: /Stage[main]/Main/Crucial_resource[be_carefull]/ensure: change from 'absent' to 'present' failed: Corrective ensure present requested by catalog, but disabled by parameter disable_corrective_ensure. (corrective)

Back to overview of mq_authorization

ensure

The basic property that the resource should be in.

Valid values are present, absent.

Back to overview of mq_authorization

entity

The specfied entity you want to authorize.

This is a puppet parameter and not a managed property. Therefor it is only used during creation of the resource. Changes to this parameter in your manifest, do NOT result in modifications on the system.

Back to overview of mq_authorization

entity_type

The specfied entity type. You want to authorize.

This is a puppet parameter and not a managed property. Therefor it is only used during creation of the resource. Changes to this parameter in your manifest, do NOT result in modifications on the system.

Valid values are principal, group.

Back to overview of mq_authorization

mq_type

The mq type.

This is a puppet parameter and not a managed property. Therefor it is only used during creation of the resource. Changes to this parameter in your manifest, do NOT result in modifications on the system.

Valid values are authinfo, channel, chl, clntconn, clcn, comminfo, listener, lstr, namelist, nl, process, prcs, queue, q, qmgr, rqmname, rqmn, service, srvc, topic, topic.

Back to overview of mq_authorization

name

The full name of the object which security you want to manage. The full name constists of the name of the Queue manager, a slash and then the name of the object. Here is an example:

QMGR1/MY.FIRST.CHANNEL

Back to overview of mq_authorization

profile

The profile.

This is a puppet parameter and not a managed property. Therefor it is only used during creation of the resource. Changes to this parameter in your manifest, do NOT result in modifications on the system.

Back to overview of mq_authorization

provider

The specific backend to use for this mq_authorization resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.Available providers are:

simple
Manage MQ Authorizations

Back to overview of mq_authorization

qmgr

The queue manager.

This is a puppet parameter and not a managed property. Therefor it is only used during creation of the resource. Changes to this parameter in your manifest, do NOT result in modifications on the system.

Back to overview of mq_authorization