mirror of https://github.com/ansible/ansible.git
commit
18a84a3c49
@ -0,0 +1,116 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
# (c) 2013, Chatham Financial <oss@chathamfinancial.com>
|
||||
#
|
||||
# This file is part of Ansible
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
DOCUMENTATION = '''
|
||||
---
|
||||
module: rabbitmq_plugin
|
||||
short_description: Adds or removes users to RabbitMQ
|
||||
description:
|
||||
- Enables or disables RabbitMQ plugins
|
||||
version_added: 1.1
|
||||
author: Chris Hoffman
|
||||
options:
|
||||
names:
|
||||
description:
|
||||
- Comma-separated list of plugin names
|
||||
required: true
|
||||
default: null
|
||||
aliases: [name]
|
||||
new_only:
|
||||
description:
|
||||
- Only enable missing plugins
|
||||
- Does not disable plugins that are not in the names list
|
||||
required: false
|
||||
default: no
|
||||
choices: [yes, no]
|
||||
state:
|
||||
description:
|
||||
- Specify if pluginss are to be enabled or disabled
|
||||
required: false
|
||||
default: enabled
|
||||
choices: [enabled, disabled]
|
||||
examples:
|
||||
- code: rabbitmq_plugin names=rabbitmq_management state=enabled
|
||||
description: Enables the rabbitmq_management plugin
|
||||
'''
|
||||
|
||||
class RabbitMqPlugins(object):
|
||||
def __init__(self, module):
|
||||
self.module = module
|
||||
|
||||
def _exec(self, args):
|
||||
cmd = ["rabbitmq-plugins"]
|
||||
rc, out, err = self.module.run_command(cmd + args, check_rc=True)
|
||||
return out.splitlines()
|
||||
|
||||
def get_all(self):
|
||||
return self._exec(["list", "-E", "-m"])
|
||||
|
||||
def enable(self, name):
|
||||
if not self.module.check_mode:
|
||||
self._exec(["enable", name])
|
||||
|
||||
def disable(self, name):
|
||||
if not self.module.check_mode:
|
||||
self._exec(["disable", name])
|
||||
|
||||
def main():
|
||||
arg_spec = dict(
|
||||
names=dict(required=True, aliases=['name']),
|
||||
new_only=dict(default='no', choices=BOOLEANS),
|
||||
state=dict(default='enabled', choices=['enabled', 'disabled'])
|
||||
)
|
||||
module = AnsibleModule(
|
||||
argument_spec=arg_spec,
|
||||
supports_check_mode=True
|
||||
)
|
||||
|
||||
names = module.params['names'].split(',')
|
||||
new_only = module.boolean(module.params['new_only'])
|
||||
state = module.params['state']
|
||||
|
||||
rabbitmq_plugins = RabbitMqPlugins(module)
|
||||
enabled_plugins = rabbitmq_plugins.get_all()
|
||||
|
||||
enabled = []
|
||||
disabled = []
|
||||
if state == 'enabled':
|
||||
if not new_only:
|
||||
for plugin in enabled_plugins:
|
||||
if plugin not in names:
|
||||
rabbitmq_plugins.disable(plugin)
|
||||
disabled.append(plugin)
|
||||
|
||||
for name in names:
|
||||
if name not in enabled_plugins:
|
||||
rabbitmq_plugins.enable(name)
|
||||
enabled.append(name)
|
||||
else:
|
||||
for plugin in enabled_plugins:
|
||||
if plugin in names:
|
||||
rabbitmq_plugins.disable(plugin)
|
||||
disabled.append(plugin)
|
||||
|
||||
changed = len(enabled) > 0 or len(disabled) > 0
|
||||
module.exit_json(changed=changed, enabled=enabled, disabled=disabled)
|
||||
|
||||
# this is magic, see lib/ansible/module_common.py
|
||||
#<<INCLUDE_ANSIBLE_MODULE_COMMON>>
|
||||
main()
|
@ -0,0 +1,245 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
# (c) 2013, Chatham Financial <oss@chathamfinancial.com>
|
||||
#
|
||||
# This file is part of Ansible
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
DOCUMENTATION = '''
|
||||
---
|
||||
module: rabbitmq_user
|
||||
short_description: Adds or removes users to RabbitMQ
|
||||
description:
|
||||
- Add or remove users to RabbitMQ and assign permissions
|
||||
version_added: 1.1
|
||||
author: Chris Hoffman
|
||||
options:
|
||||
user:
|
||||
description:
|
||||
- Name of user to add
|
||||
required: true
|
||||
default: null
|
||||
aliases: [username, name]
|
||||
password:
|
||||
description:
|
||||
- Password of user to add
|
||||
required: false
|
||||
default: null
|
||||
tags:
|
||||
description:
|
||||
- User tags specified as comma delimited
|
||||
required: false
|
||||
default: null
|
||||
vhost:
|
||||
description:
|
||||
- vhost to apply access privileges.
|
||||
required: false
|
||||
default: /
|
||||
configure_priv:
|
||||
description:
|
||||
- Regular expression to restrict configure actions on a resource
|
||||
for the specified vhost.
|
||||
- By default all actions are restricted.
|
||||
required: false
|
||||
default: ^$
|
||||
write_priv:
|
||||
description:
|
||||
- Regular expression to restrict configure actions on a resource
|
||||
for the specified vhost.
|
||||
- By default all actions are restricted.
|
||||
required: false
|
||||
default: ^$
|
||||
read_priv:
|
||||
description:
|
||||
- Regular expression to restrict configure actions on a resource
|
||||
for the specified vhost.
|
||||
- By default all actions are restricted.
|
||||
required: false
|
||||
default: ^$
|
||||
force:
|
||||
description:
|
||||
- Deletes and recreates the user.
|
||||
required: false
|
||||
default: no
|
||||
choices: [yes, no]
|
||||
state:
|
||||
description:
|
||||
- Specify if user is to be added or removed
|
||||
required: false
|
||||
default: present
|
||||
choices: [present, absent]
|
||||
examples:
|
||||
- code: rabbitmq_user user=joe password=changeme vhost="/" configure_priv=".*" read_priv=".*" write_priv=".*" state=present
|
||||
description: Add user to server and assign full access control
|
||||
'''
|
||||
|
||||
class RabbitMqUser(object):
|
||||
def __init__(self, module, username, password, tags, vhost, configure_priv, write_priv, read_priv):
|
||||
self.module = module
|
||||
self.username = username
|
||||
self.password = password
|
||||
if tags is None:
|
||||
self.tags = []
|
||||
else:
|
||||
self.tags = tags.split(',')
|
||||
|
||||
permissions = dict(
|
||||
vhost=vhost,
|
||||
configure_priv=configure_priv,
|
||||
write_priv=write_priv,
|
||||
read_priv=read_priv
|
||||
)
|
||||
self.permissions = permissions
|
||||
|
||||
self._tags = None
|
||||
self._permissions = None
|
||||
|
||||
def _exec(self, args):
|
||||
cmd = ["rabbitmqctl", "-q"]
|
||||
rc, out, err = self.module.run_command(cmd + args, check_rc=True)
|
||||
return out.splitlines()
|
||||
|
||||
def get(self):
|
||||
users = self._exec(["list_users"])
|
||||
|
||||
for user_tag in users:
|
||||
user, tags = user_tag.split('\t')
|
||||
|
||||
if user == self.username:
|
||||
for c in ['[',']',' ']:
|
||||
tags = tags.replace(c, '')
|
||||
|
||||
if tags != '':
|
||||
self._tags = tags.split(',')
|
||||
else:
|
||||
self._tags = []
|
||||
|
||||
self._permissions = self._get_permissions()
|
||||
|
||||
return True
|
||||
|
||||
return False
|
||||
|
||||
def _get_permissions(self):
|
||||
perms_out = self._exec(["list_user_permissions", self.username])
|
||||
|
||||
for perm in perms_out:
|
||||
vhost, configure_priv, write_priv, read_priv = perm.split('\t')
|
||||
if vhost == self.permissions['vhost']:
|
||||
return dict(vhost=vhost, configure_priv=configure_priv, write_priv=write_priv, read_priv=read_priv)
|
||||
|
||||
return dict()
|
||||
|
||||
def add(self):
|
||||
if not self.module.check_mode:
|
||||
self._exec(["add_user", self.username, self.password])
|
||||
|
||||
|
||||
def delete(self):
|
||||
if not self.module.check_mode:
|
||||
self._exec(["delete_user", self.username])
|
||||
|
||||
def set_tags(self):
|
||||
if not self.module.check_mode:
|
||||
self._exec(["set_user_tags", self.username] + self.tags)
|
||||
|
||||
def set_permissions(self):
|
||||
if not self.module.check_mode:
|
||||
cmd = ["set_permissions"]
|
||||
cmd.append('-p')
|
||||
cmd.append(self.permissions['vhost'])
|
||||
cmd.append(self.username)
|
||||
cmd.append(self.permissions['configure_priv'])
|
||||
cmd.append(self.permissions['write_priv'])
|
||||
cmd.append(self.permissions['read_priv'])
|
||||
self._exec(cmd)
|
||||
|
||||
def has_tags_modifications(self):
|
||||
if (not self._tags and len(self.tags) > 0) or (not self.tags and len(self._tags) > 0):
|
||||
return True
|
||||
else:
|
||||
for tag in self._tags:
|
||||
if tag not in self.tags:
|
||||
return True
|
||||
|
||||
for tag in self.tags:
|
||||
if tag not in self._tags:
|
||||
return True
|
||||
|
||||
return False
|
||||
|
||||
def has_permissions_modifications(self):
|
||||
return self._permissions != self.permissions
|
||||
|
||||
def main():
|
||||
arg_spec = dict(
|
||||
user=dict(required=True, aliases=['username', 'name']),
|
||||
password=dict(default=None),
|
||||
tags=dict(default=None),
|
||||
vhost=dict(default='/'),
|
||||
configure_priv=dict(default='^$'),
|
||||
write_priv=dict(default='^$'),
|
||||
read_priv=dict(default='^$'),
|
||||
force=dict(default='no', choices=BOOLEANS),
|
||||
state=dict(default='present', choices=['present', 'absent'])
|
||||
)
|
||||
module = AnsibleModule(
|
||||
argument_spec=arg_spec,
|
||||
supports_check_mode=True
|
||||
)
|
||||
|
||||
username = module.params['user']
|
||||
password = module.params['password']
|
||||
tags = module.params['tags']
|
||||
vhost = module.params['vhost']
|
||||
configure_priv = module.params['configure_priv']
|
||||
write_priv = module.params['write_priv']
|
||||
read_priv = module.params['read_priv']
|
||||
force = module.boolean(module.params['force'])
|
||||
state = module.params['state']
|
||||
|
||||
rabbitmq_user = RabbitMqUser(module, username, password, tags, vhost, configure_priv, write_priv, read_priv)
|
||||
|
||||
changed = False
|
||||
if rabbitmq_user.get():
|
||||
if state == 'absent':
|
||||
rabbitmq_user.delete()
|
||||
changed = True
|
||||
else:
|
||||
if force:
|
||||
rabbitmq_user.delete()
|
||||
rabbitmq_user.add()
|
||||
rabbitmq_user.get()
|
||||
changed = True
|
||||
|
||||
if rabbitmq_user.has_tags_modifications():
|
||||
rabbitmq_user.set_tags()
|
||||
changed = True
|
||||
|
||||
if rabbitmq_user.has_permissions_modifications():
|
||||
rabbitmq_user.set_permissions()
|
||||
changed = True
|
||||
elif state == 'present':
|
||||
rabbitmq_user.add()
|
||||
rabbitmq_user.set_tags()
|
||||
rabbitmq_user.set_permissions()
|
||||
changed = True
|
||||
|
||||
module.exit_json(changed=changed)
|
||||
|
||||
# this is magic, see lib/ansible/module_common.py
|
||||
#<<INCLUDE_ANSIBLE_MODULE_COMMON>>
|
||||
main()
|
Loading…
Reference in New Issue