diff --git a/rabbitmq_plugin b/rabbitmq_plugin new file mode 100644 index 00000000000..0fe0d91a5b9 --- /dev/null +++ b/rabbitmq_plugin @@ -0,0 +1,116 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# (c) 2013, Chatham Financial +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +DOCUMENTATION = ''' +--- +module: rabbitmq_plugin +short_description: Adds or removes users to RabbitMQ +description: + - Enables or disables RabbitMQ plugins +version_added: 1.1 +author: Chris Hoffman +options: + names: + description: + - Comma-separated list of plugin names + required: true + default: null + aliases: [name] + new_only: + description: + - Only enable missing plugins + - Does not disable plugins that are not in the names list + required: false + default: no + choices: [yes, no] + state: + description: + - Specify if pluginss are to be enabled or disabled + required: false + default: enabled + choices: [enabled, disabled] +examples: + - code: rabbitmq_plugin names=rabbitmq_management state=enabled + description: Enables the rabbitmq_management plugin +''' + +class RabbitMqPlugins(object): + def __init__(self, module): + self.module = module + + def _exec(self, args): + cmd = ["rabbitmq-plugins"] + rc, out, err = self.module.run_command(cmd + args, check_rc=True) + return out.splitlines() + + def get_all(self): + return self._exec(["list", "-E", "-m"]) + + def enable(self, name): + if not self.module.check_mode: + self._exec(["enable", name]) + + def disable(self, name): + if not self.module.check_mode: + self._exec(["disable", name]) + +def main(): + arg_spec = dict( + names=dict(required=True, aliases=['name']), + new_only=dict(default='no', choices=BOOLEANS), + state=dict(default='enabled', choices=['enabled', 'disabled']) + ) + module = AnsibleModule( + argument_spec=arg_spec, + supports_check_mode=True + ) + + names = module.params['names'].split(',') + new_only = module.boolean(module.params['new_only']) + state = module.params['state'] + + rabbitmq_plugins = RabbitMqPlugins(module) + enabled_plugins = rabbitmq_plugins.get_all() + + enabled = [] + disabled = [] + if state == 'enabled': + if not new_only: + for plugin in enabled_plugins: + if plugin not in names: + rabbitmq_plugins.disable(plugin) + disabled.append(plugin) + + for name in names: + if name not in enabled_plugins: + rabbitmq_plugins.enable(name) + enabled.append(name) + else: + for plugin in enabled_plugins: + if plugin in names: + rabbitmq_plugins.disable(plugin) + disabled.append(plugin) + + changed = len(enabled) > 0 or len(disabled) > 0 + module.exit_json(changed=changed, enabled=enabled, disabled=disabled) + +# this is magic, see lib/ansible/module_common.py +#<> +main() diff --git a/rabbitmq_user b/rabbitmq_user new file mode 100644 index 00000000000..12c98048679 --- /dev/null +++ b/rabbitmq_user @@ -0,0 +1,245 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# (c) 2013, Chatham Financial +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +DOCUMENTATION = ''' +--- +module: rabbitmq_user +short_description: Adds or removes users to RabbitMQ +description: + - Add or remove users to RabbitMQ and assign permissions +version_added: 1.1 +author: Chris Hoffman +options: + user: + description: + - Name of user to add + required: true + default: null + aliases: [username, name] + password: + description: + - Password of user to add + required: false + default: null + tags: + description: + - User tags specified as comma delimited + required: false + default: null + vhost: + description: + - vhost to apply access privileges. + required: false + default: / + configure_priv: + description: + - Regular expression to restrict configure actions on a resource + for the specified vhost. + - By default all actions are restricted. + required: false + default: ^$ + write_priv: + description: + - Regular expression to restrict configure actions on a resource + for the specified vhost. + - By default all actions are restricted. + required: false + default: ^$ + read_priv: + description: + - Regular expression to restrict configure actions on a resource + for the specified vhost. + - By default all actions are restricted. + required: false + default: ^$ + force: + description: + - Deletes and recreates the user. + required: false + default: no + choices: [yes, no] + state: + description: + - Specify if user is to be added or removed + required: false + default: present + choices: [present, absent] +examples: + - code: rabbitmq_user user=joe password=changeme vhost="/" configure_priv=".*" read_priv=".*" write_priv=".*" state=present + description: Add user to server and assign full access control +''' + +class RabbitMqUser(object): + def __init__(self, module, username, password, tags, vhost, configure_priv, write_priv, read_priv): + self.module = module + self.username = username + self.password = password + if tags is None: + self.tags = [] + else: + self.tags = tags.split(',') + + permissions = dict( + vhost=vhost, + configure_priv=configure_priv, + write_priv=write_priv, + read_priv=read_priv + ) + self.permissions = permissions + + self._tags = None + self._permissions = None + + def _exec(self, args): + cmd = ["rabbitmqctl", "-q"] + rc, out, err = self.module.run_command(cmd + args, check_rc=True) + return out.splitlines() + + def get(self): + users = self._exec(["list_users"]) + + for user_tag in users: + user, tags = user_tag.split('\t') + + if user == self.username: + for c in ['[',']',' ']: + tags = tags.replace(c, '') + + if tags != '': + self._tags = tags.split(',') + else: + self._tags = [] + + self._permissions = self._get_permissions() + + return True + + return False + + def _get_permissions(self): + perms_out = self._exec(["list_user_permissions", self.username]) + + for perm in perms_out: + vhost, configure_priv, write_priv, read_priv = perm.split('\t') + if vhost == self.permissions['vhost']: + return dict(vhost=vhost, configure_priv=configure_priv, write_priv=write_priv, read_priv=read_priv) + + return dict() + + def add(self): + if not self.module.check_mode: + self._exec(["add_user", self.username, self.password]) + + + def delete(self): + if not self.module.check_mode: + self._exec(["delete_user", self.username]) + + def set_tags(self): + if not self.module.check_mode: + self._exec(["set_user_tags", self.username] + self.tags) + + def set_permissions(self): + if not self.module.check_mode: + cmd = ["set_permissions"] + cmd.append('-p') + cmd.append(self.permissions['vhost']) + cmd.append(self.username) + cmd.append(self.permissions['configure_priv']) + cmd.append(self.permissions['write_priv']) + cmd.append(self.permissions['read_priv']) + self._exec(cmd) + + def has_tags_modifications(self): + if (not self._tags and len(self.tags) > 0) or (not self.tags and len(self._tags) > 0): + return True + else: + for tag in self._tags: + if tag not in self.tags: + return True + + for tag in self.tags: + if tag not in self._tags: + return True + + return False + + def has_permissions_modifications(self): + return self._permissions != self.permissions + +def main(): + arg_spec = dict( + user=dict(required=True, aliases=['username', 'name']), + password=dict(default=None), + tags=dict(default=None), + vhost=dict(default='/'), + configure_priv=dict(default='^$'), + write_priv=dict(default='^$'), + read_priv=dict(default='^$'), + force=dict(default='no', choices=BOOLEANS), + state=dict(default='present', choices=['present', 'absent']) + ) + module = AnsibleModule( + argument_spec=arg_spec, + supports_check_mode=True + ) + + username = module.params['user'] + password = module.params['password'] + tags = module.params['tags'] + vhost = module.params['vhost'] + configure_priv = module.params['configure_priv'] + write_priv = module.params['write_priv'] + read_priv = module.params['read_priv'] + force = module.boolean(module.params['force']) + state = module.params['state'] + + rabbitmq_user = RabbitMqUser(module, username, password, tags, vhost, configure_priv, write_priv, read_priv) + + changed = False + if rabbitmq_user.get(): + if state == 'absent': + rabbitmq_user.delete() + changed = True + else: + if force: + rabbitmq_user.delete() + rabbitmq_user.add() + rabbitmq_user.get() + changed = True + + if rabbitmq_user.has_tags_modifications(): + rabbitmq_user.set_tags() + changed = True + + if rabbitmq_user.has_permissions_modifications(): + rabbitmq_user.set_permissions() + changed = True + elif state == 'present': + rabbitmq_user.add() + rabbitmq_user.set_tags() + rabbitmq_user.set_permissions() + changed = True + + module.exit_json(changed=changed) + +# this is magic, see lib/ansible/module_common.py +#<> +main()