[ansible-lint] prefix variable names for rabbit/user role
ansible-lint requires that variables for roles are prefixed with the name of the role. This commit prefixes the variables for the rabbit/user role with user_ as required by ansible-lint Signed-off-by: Ryan Lerch <rlerch@redhat.com>
This commit is contained in:
Aurélien Bompard
parent
cae52420bb
commit
4a4e7e07cb
34 changed files with 89 additions and 89 deletions
|
|
@ -31,8 +31,8 @@
|
|||
certname: "{{wildcard_cert_name}}"
|
||||
SSLCertificateChainFile: "{{wildcard_int_file}}"
|
||||
- role: rabbit/user
|
||||
username: "batcave{{ env_suffix }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(ansible|git|infragit|logger)\..*
|
||||
user_username: "batcave{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(ansible|git|infragit|logger)\..*
|
||||
- role: rabbit/queue
|
||||
username: "mirror_pagure_ansible{{ env_suffix }}"
|
||||
queue_name: "mirror_pagure_ansible{{ env_suffix }}"
|
||||
|
|
|
|||
|
|
@ -120,8 +120,8 @@
|
|||
|
||||
- sudo
|
||||
- role: rabbit/user
|
||||
username: "koji{{ env_suffix }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.buildsys\..*
|
||||
user_username: "koji{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.buildsys\..*
|
||||
|
||||
tasks:
|
||||
- import_tasks: "{{ tasks_path }}/motd.yml"
|
||||
|
|
|
|||
|
|
@ -34,8 +34,8 @@
|
|||
when: env == "production"
|
||||
# Set up for fedora-messaging
|
||||
- role: rabbit/user
|
||||
username: "logging{{ env_suffix }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.logging\.stats\..*
|
||||
user_username: "logging{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.logging\.stats\..*
|
||||
- logging
|
||||
|
||||
pre_tasks:
|
||||
|
|
|
|||
|
|
@ -98,8 +98,8 @@
|
|||
- role: mailman3
|
||||
# Set up for fedora-messaging
|
||||
- role: rabbit/user
|
||||
username: "mailman{{ env_suffix }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.mailman\..*
|
||||
user_username: "mailman{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.mailman\..*
|
||||
|
||||
tasks:
|
||||
- name: install more needed packages
|
||||
|
|
|
|||
|
|
@ -52,18 +52,18 @@
|
|||
# user and impersonate prod openqa on the message bus, which is
|
||||
# not a huge deal. fixing it would be kinda tedious.
|
||||
- role: rabbit/user
|
||||
username: "{{ openqa_amqp_prod_username }}"
|
||||
publish_only: false
|
||||
sent_topics: ^org\.fedoraproject\.prod\.(openqa|ci)\..*
|
||||
user_username: "{{ openqa_amqp_prod_username }}"
|
||||
user_publish_only: false
|
||||
user_sent_topics: ^org\.fedoraproject\.prod\.(openqa|ci)\..*
|
||||
vars:
|
||||
env: "production"
|
||||
env_suffix: ""
|
||||
tags: ['rabbit']
|
||||
|
||||
- role: rabbit/user
|
||||
username: "{{ openqa_amqp_stg_username }}"
|
||||
publish_only: false
|
||||
sent_topics: ^org\.fedoraproject\.stg\.(openqa|ci)\..*
|
||||
user_username: "{{ openqa_amqp_stg_username }}"
|
||||
user_publish_only: false
|
||||
user_sent_topics: ^org\.fedoraproject\.stg\.(openqa|ci)\..*
|
||||
vars:
|
||||
env: "staging"
|
||||
env_suffix: ".stg"
|
||||
|
|
|
|||
|
|
@ -93,8 +93,8 @@
|
|||
- {role: hosts, when: env == "staging"}
|
||||
# Set up for fedora-messaging
|
||||
- role: rabbit/user
|
||||
username: "pagure{{ env_suffix }}"
|
||||
sent_topics:
|
||||
user_username: "pagure{{ env_suffix }}"
|
||||
user_sent_topics:
|
||||
^(io\.pagure\.{{ env_short }}|org\.fedoraproject\.{{ env_short }}\.(pagure|git|logger))\..*
|
||||
|
||||
handlers:
|
||||
|
|
|
|||
|
|
@ -146,8 +146,8 @@
|
|||
when: "'releng_compose' in group_names"
|
||||
|
||||
- role: rabbit/user
|
||||
username: "pungi{{ env_suffix }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(pungi|compose|logger)\..*
|
||||
user_username: "pungi{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(pungi|compose|logger)\..*
|
||||
|
||||
- {
|
||||
role: "push-container-registry",
|
||||
|
|
|
|||
|
|
@ -54,8 +54,8 @@
|
|||
- role: fedoraloveskde/build
|
||||
when: master_sundries_node|bool
|
||||
- role: rabbit/user
|
||||
username: "sundries{{ env_suffix }}"
|
||||
sent_topics: ^$
|
||||
user_username: "sundries{{ env_suffix }}"
|
||||
user_sent_topics: ^$
|
||||
when: master_sundries_node|bool and deployment_type == "stg"
|
||||
- role: nfs/client
|
||||
mnt_dir: '/srv/docs'
|
||||
|
|
|
|||
|
|
@ -34,8 +34,8 @@
|
|||
- apache
|
||||
# Set up for fedora-messaging
|
||||
- role: rabbit/user
|
||||
username: "mediawiki{{ env_suffix }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(wiki|logger)\..*
|
||||
user_username: "mediawiki{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(wiki|logger)\..*
|
||||
when: inventory_hostname.startswith('wiki01')
|
||||
- { role: nfs/client, when: env == "staging", mnt_dir: '/mnt/web/attachments', nfs_src_dir: 'fedora_app_staging/app/attachments', mount_stg: true }
|
||||
- { role: nfs/client, when: env != "staging", mnt_dir: '/mnt/web/attachments', nfs_src_dir: 'fedora_app/app/attachments' }
|
||||
|
|
|
|||
|
|
@ -61,8 +61,8 @@
|
|||
|
||||
roles:
|
||||
- role: rabbit/user
|
||||
username: "tahrir{{ env_suffix }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.badges\..*
|
||||
user_username: "tahrir{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.badges\..*
|
||||
tags:
|
||||
- config
|
||||
- fedora-messaging
|
||||
|
|
|
|||
|
|
@ -12,8 +12,8 @@
|
|||
roles:
|
||||
|
||||
- role: rabbit/user
|
||||
username: "bugzilla2fedmsg{{ env_suffix }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.bugzilla\..*
|
||||
user_username: "bugzilla2fedmsg{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.bugzilla\..*
|
||||
|
||||
- role: openshift/project
|
||||
project_app: bugzilla2fedmsg
|
||||
|
|
|
|||
|
|
@ -11,8 +11,8 @@
|
|||
|
||||
roles:
|
||||
- role: rabbit/user
|
||||
username: "cloud-image-uploader{{ env_suffix }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fedora_image_uploader\..*
|
||||
user_username: "cloud-image-uploader{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fedora_image_uploader\..*
|
||||
|
||||
- role: rabbit/queue
|
||||
username: "cloud-image-uploader{{ env_suffix }}"
|
||||
|
|
|
|||
|
|
@ -11,8 +11,8 @@
|
|||
|
||||
roles:
|
||||
- role: rabbit/user
|
||||
username: "discourse2fedmsg{{ env_suffix }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.discourse\..*
|
||||
user_username: "discourse2fedmsg{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.discourse\..*
|
||||
|
||||
- role: openshift/project
|
||||
project_app: discourse2fedmsg
|
||||
|
|
|
|||
|
|
@ -33,8 +33,8 @@
|
|||
|
||||
roles:
|
||||
- role: rabbit/user
|
||||
username: "elections{{ env_suffix }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fedora_elections\..*
|
||||
user_username: "elections{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fedora_elections\..*
|
||||
|
||||
- role: openshift/project
|
||||
project_app: elections
|
||||
|
|
|
|||
|
|
@ -11,8 +11,8 @@
|
|||
|
||||
roles:
|
||||
- role: rabbit/user
|
||||
username: "fedocal{{ env_suffix }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fedocal\..*
|
||||
user_username: "fedocal{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fedocal\..*
|
||||
|
||||
- role: openshift/project
|
||||
project_app: fedocal
|
||||
|
|
|
|||
|
|
@ -29,9 +29,9 @@
|
|||
- apply-appowners
|
||||
|
||||
- role: rabbit/user
|
||||
username: greenwave{{ env_suffix }}
|
||||
queue_name: greenwave{{ env_suffix }}
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.greenwave\..*
|
||||
user_username: greenwave{{ env_suffix }}
|
||||
user_queue_name: greenwave{{ env_suffix }}
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.greenwave\..*
|
||||
|
||||
- role: openshift/secret-file
|
||||
app: greenwave
|
||||
|
|
|
|||
|
|
@ -40,8 +40,8 @@
|
|||
|
||||
roles:
|
||||
- role: rabbit/user
|
||||
username: "kerneltest{{ env_suffix }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.kerneltest\..*
|
||||
user_username: "kerneltest{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.kerneltest\..*
|
||||
|
||||
- role: openshift/project
|
||||
project_app: kerneltest
|
||||
|
|
|
|||
|
|
@ -32,8 +32,8 @@
|
|||
|
||||
roles:
|
||||
- role: rabbit/user
|
||||
username: "maubot{{ env_suffix }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(meetbot|maubot)\..*
|
||||
user_username: "maubot{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(meetbot|maubot)\..*
|
||||
|
||||
- role: openshift/project
|
||||
project_app: maubot
|
||||
|
|
|
|||
|
|
@ -11,8 +11,8 @@
|
|||
|
||||
roles:
|
||||
- role: rabbit/user
|
||||
username: "mdapi{{ env_suffix }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.mdapi\..*
|
||||
user_username: "mdapi{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.mdapi\..*
|
||||
|
||||
- role: openshift/project
|
||||
project_app: mdapi
|
||||
|
|
|
|||
|
|
@ -38,8 +38,8 @@
|
|||
|
||||
roles:
|
||||
- role: rabbit/user
|
||||
username: "mirrormanager{{ env_suffix }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.mirrormanager\..*
|
||||
user_username: "mirrormanager{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.mirrormanager\..*
|
||||
tags:
|
||||
- config
|
||||
- fedora-messaging
|
||||
|
|
|
|||
|
|
@ -21,8 +21,8 @@
|
|||
- patrikp
|
||||
|
||||
- role: rabbit/user
|
||||
username: "monitor-gating{{ env_suffix }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.monitor-gating\..*
|
||||
user_username: "monitor-gating{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.monitor-gating\..*
|
||||
|
||||
- role: openshift/keytab
|
||||
app: monitor-gating
|
||||
|
|
|
|||
|
|
@ -13,8 +13,8 @@
|
|||
|
||||
roles:
|
||||
- role: rabbit/user
|
||||
username: "noggin{{ env_suffix }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fas\..*
|
||||
user_username: "noggin{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fas\..*
|
||||
|
||||
- role: openshift/project
|
||||
project_app: noggin-centos
|
||||
|
|
|
|||
|
|
@ -13,8 +13,8 @@
|
|||
|
||||
roles:
|
||||
- role: rabbit/user
|
||||
username: "noggin{{ env_suffix }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fas\..*
|
||||
user_username: "noggin{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fas\..*
|
||||
|
||||
- role: openshift/project
|
||||
project_app: noggin
|
||||
|
|
|
|||
|
|
@ -135,8 +135,8 @@
|
|||
|
||||
# Configurations for Fedora messaging
|
||||
- role: rabbit/user
|
||||
username: "openscanhub{{ env_suffix }}"
|
||||
sent_topics: "{{ openscanhub_sent_topics }}"
|
||||
user_username: "openscanhub{{ env_suffix }}"
|
||||
user_sent_topics: "{{ openscanhub_sent_topics }}"
|
||||
|
||||
- role: rabbit/queue
|
||||
username: "openscanhub{{ env_suffix }}"
|
||||
|
|
|
|||
|
|
@ -101,5 +101,5 @@
|
|||
privatefile: "rabbitmq/{{env}}/pki/private/planet{{env_suffix}}.key"
|
||||
|
||||
- role: rabbit/user
|
||||
username: "planet{{ env_suffix }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.planet\..*
|
||||
user_username: "planet{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.planet\..*
|
||||
|
|
|
|||
|
|
@ -16,8 +16,8 @@
|
|||
ansible.builtin.include_role:
|
||||
name: rabbit/user
|
||||
vars:
|
||||
username: toddlers{{ env_suffix }}
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.toddlers\..*
|
||||
user_username: toddlers{{ env_suffix }}
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.toddlers\..*
|
||||
|
||||
- name: Setup Rabbit Queue
|
||||
ansible.builtin.include_role:
|
||||
|
|
|
|||
|
|
@ -12,8 +12,8 @@
|
|||
|
||||
roles:
|
||||
- role: rabbit/user
|
||||
username: "anitya{{ env_suffix }}"
|
||||
sent_topics: ^org\.release-monitoring\.{{ env_short }}\.anitya\..*
|
||||
user_username: "anitya{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.release-monitoring\.{{ env_short }}\.anitya\..*
|
||||
- role: openshift/project
|
||||
project_app: release-monitoring
|
||||
project_description: release-monitoring
|
||||
|
|
|
|||
|
|
@ -39,8 +39,8 @@
|
|||
|
||||
roles:
|
||||
- role: rabbit/user
|
||||
username: "resultsdb{{ env_suffix }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.resultsdb\..*
|
||||
user_username: "resultsdb{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.resultsdb\..*
|
||||
|
||||
# The openshift/project role breaks if the project already exists:
|
||||
# https://pagure.io/fedora-infrastructure/issue/6404
|
||||
|
|
|
|||
|
|
@ -42,8 +42,8 @@
|
|||
|
||||
roles:
|
||||
- role: rabbit/user
|
||||
username: "waiverdb{{ env_suffix }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.waiverdb\..*
|
||||
user_username: "waiverdb{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.waiverdb\..*
|
||||
|
||||
# The openshift/project role breaks if the project already exists:
|
||||
# https://pagure.io/fedora-infrastructure/issue/6404
|
||||
|
|
|
|||
|
|
@ -35,8 +35,8 @@
|
|||
|
||||
roles:
|
||||
- role: rabbit/user
|
||||
username: "webhook2fedmsg{{ env_suffix }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(github|discourse)\..*
|
||||
user_username: "webhook2fedmsg{{ env_suffix }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(github|discourse)\..*
|
||||
|
||||
- role: openshift/project
|
||||
project_app: webhook2fedmsg
|
||||
|
|
|
|||
|
|
@ -56,8 +56,8 @@
|
|||
- name: "make sure the user exists on broker"
|
||||
include_role: name=rabbit/user
|
||||
vars:
|
||||
- username: "{{ item.username }}{{ env_suffix }}"
|
||||
sent_topics: "{{ item.sent_topics }}"
|
||||
- user_username: "{{ item.username }}{{ env_suffix }}"
|
||||
user_sent_topics: "{{ item.sent_topics }}"
|
||||
with_items: "{{ messaging.certificates }}"
|
||||
tags:
|
||||
- fedora-messaging
|
||||
|
|
|
|||
|
|
@ -1,23 +1,23 @@
|
|||
---
|
||||
rabbitmq_server: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
|
||||
vhost: /pubsub
|
||||
publish_only: true
|
||||
user_rabbitmq_server: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
|
||||
user_vhost: /pubsub
|
||||
user_publish_only: true
|
||||
|
||||
# Read privileges:
|
||||
# If publish_only: no reading. Otherwise, read from queues prefixed
|
||||
# with their name and bind to the topic exchange
|
||||
read_priv: "{{ publish_only|ternary('^$', '^(zmq\\.topic)|^(amq\\.topic)|(' + username + '.*)$') }}"
|
||||
user_read_priv: "{{ user_publish_only|ternary('^$', '^(zmq\\.topic)|^(amq\\.topic)|(' + user_username + '.*)$') }}"
|
||||
|
||||
# Write privileges:
|
||||
# If publish_only: only write to the exchange. Otherwise, write to
|
||||
# queues prefixed with their name and any prefixes in write_queues,
|
||||
# and publish to the topic exchange
|
||||
write_priv: "^(amq\\.topic){% if not publish_only %}|({{ username }}.*){% for queue in write_queues|default([]) %}|({{ queue }}.*){% endfor %}{% endif %}$"
|
||||
user_write_priv: "^(amq\\.topic){% if not user_publish_only %}|({{ username }}.*){% for queue in write_queues|default([]) %}|({{ queue }}.*){% endfor %}{% endif %}$"
|
||||
|
||||
# Topic authorization:
|
||||
# Ref: https://www.rabbitmq.com/access-control.html#topic-authorisation
|
||||
sent_topics: .*
|
||||
topic_permissions:
|
||||
user_sent_topics: .*
|
||||
user_topic_permissions:
|
||||
- vhost: "{{ vhost }}"
|
||||
read_priv: .*
|
||||
write_priv: "{{ sent_topics }}"
|
||||
|
|
|
|||
|
|
@ -17,13 +17,13 @@
|
|||
# See https://www.rabbitmq.com/access-control.html#permissions for details on
|
||||
# the RabbitMQ permissions configuration.
|
||||
|
||||
- name: Validate username {{ username }}
|
||||
- name: Validate username {{ user_username }}
|
||||
assert:
|
||||
that:
|
||||
- username is defined
|
||||
- username != "admin"
|
||||
- username != "guest"
|
||||
- username != "nagios-monitoring"
|
||||
- user_username is defined
|
||||
- user_username != "admin"
|
||||
- user_username != "guest"
|
||||
- user_username != "nagios-monitoring"
|
||||
fail_msg: "This user name is reserved"
|
||||
tags:
|
||||
- config
|
||||
|
|
@ -31,7 +31,7 @@
|
|||
- rabbitmq_cluster
|
||||
|
||||
- debug:
|
||||
msg: "Topic permissions: {{ topic_permissions }}"
|
||||
msg: "Topic permissions: {{ user_topic_permissions }}"
|
||||
tags:
|
||||
- config
|
||||
- fedora-messaging
|
||||
|
|
@ -39,15 +39,15 @@
|
|||
|
||||
# See https://www.rabbitmq.com/access-control.html#permissions for details on
|
||||
# the RabbitMQ permissions configuration.
|
||||
- name: Create the {{ username }} user in RabbitMQ
|
||||
delegate_to: "{{ rabbitmq_server }}"
|
||||
- name: Create the {{ user_username }} user in RabbitMQ
|
||||
delegate_to: "{{ user_rabbitmq_server }}"
|
||||
community.rabbitmq.rabbitmq_user:
|
||||
user: "{{ username }}"
|
||||
vhost: "{{ vhost }}"
|
||||
read_priv: "{{ read_priv }}"
|
||||
write_priv: "{{ write_priv }}"
|
||||
user: "{{ user_username }}"
|
||||
vhost: "{{ user_vhost }}"
|
||||
read_priv: "{{ user_read_priv }}"
|
||||
write_priv: "{{ user_write_priv }}"
|
||||
configure_priv: "^$" # No configuration permissions
|
||||
topic_permissions: "{{ topic_permissions }}"
|
||||
topic_permissions: "{{ user_topic_permissions }}"
|
||||
state: present
|
||||
tags:
|
||||
- config
|
||||
|
|
|
|||
|
|
@ -99,8 +99,8 @@
|
|||
import_role:
|
||||
name: rabbit/user
|
||||
vars:
|
||||
username: "{{ botnames[env] }}"
|
||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.meetbot\..*
|
||||
user_username: "{{ botnames[env] }}"
|
||||
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.meetbot\..*
|
||||
when:
|
||||
- inventory_hostname.startswith('value02')
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue