|
|
|
@ -45,9 +45,19 @@ options:
|
|
|
|
|
- User tags specified as comma delimited
|
|
|
|
|
required: false
|
|
|
|
|
default: null
|
|
|
|
|
permissions:
|
|
|
|
|
description:
|
|
|
|
|
- a list of dicts, each dict contains vhost, configure_priv, write_priv, and read_priv,
|
|
|
|
|
and represents a permission rule for that vhost.
|
|
|
|
|
- This option should be preferable when you care about all permissions of the user.
|
|
|
|
|
- You should use vhost, configure_priv, write_priv, and read_priv options instead
|
|
|
|
|
if you care about permissions for just some vhosts.
|
|
|
|
|
required: false
|
|
|
|
|
default: []
|
|
|
|
|
vhost:
|
|
|
|
|
description:
|
|
|
|
|
- vhost to apply access privileges.
|
|
|
|
|
- This option will be ignored when permissions option is used.
|
|
|
|
|
required: false
|
|
|
|
|
default: /
|
|
|
|
|
node:
|
|
|
|
@ -61,6 +71,7 @@ options:
|
|
|
|
|
- Regular expression to restrict configure actions on a resource
|
|
|
|
|
for the specified vhost.
|
|
|
|
|
- By default all actions are restricted.
|
|
|
|
|
- This option will be ignored when permissions option is used.
|
|
|
|
|
required: false
|
|
|
|
|
default: ^$
|
|
|
|
|
write_priv:
|
|
|
|
@ -68,6 +79,7 @@ options:
|
|
|
|
|
- Regular expression to restrict configure actions on a resource
|
|
|
|
|
for the specified vhost.
|
|
|
|
|
- By default all actions are restricted.
|
|
|
|
|
- This option will be ignored when permissions option is used.
|
|
|
|
|
required: false
|
|
|
|
|
default: ^$
|
|
|
|
|
read_priv:
|
|
|
|
@ -75,6 +87,7 @@ options:
|
|
|
|
|
- Regular expression to restrict configure actions on a resource
|
|
|
|
|
for the specified vhost.
|
|
|
|
|
- By default all actions are restricted.
|
|
|
|
|
- This option will be ignored when permissions option is used.
|
|
|
|
|
required: false
|
|
|
|
|
default: ^$
|
|
|
|
|
force:
|
|
|
|
@ -92,7 +105,8 @@ options:
|
|
|
|
|
'''
|
|
|
|
|
|
|
|
|
|
EXAMPLES = '''
|
|
|
|
|
# Add user to server and assign full access control
|
|
|
|
|
# Add user to server and assign full access control on / vhost.
|
|
|
|
|
# The user might have permission rules for other vhost but you don't care.
|
|
|
|
|
- rabbitmq_user: user=joe
|
|
|
|
|
password=changeme
|
|
|
|
|
vhost=/
|
|
|
|
@ -100,10 +114,18 @@ EXAMPLES = '''
|
|
|
|
|
read_priv=.*
|
|
|
|
|
write_priv=.*
|
|
|
|
|
state=present
|
|
|
|
|
|
|
|
|
|
# Add user to server and assign full access control on / vhost.
|
|
|
|
|
# The user doesn't have permission rules for other vhosts
|
|
|
|
|
- rabbitmq_user: user=joe
|
|
|
|
|
password=changeme
|
|
|
|
|
permissions=[{vhost='/', configure_priv='.*', read_priv='.*', write_priv='.*'}]
|
|
|
|
|
state=present
|
|
|
|
|
'''
|
|
|
|
|
|
|
|
|
|
class RabbitMqUser(object):
|
|
|
|
|
def __init__(self, module, username, password, tags, vhost, configure_priv, write_priv, read_priv, node):
|
|
|
|
|
def __init__(self, module, username, password, tags, permissions,
|
|
|
|
|
node, bulk_permissions=False):
|
|
|
|
|
self.module = module
|
|
|
|
|
self.username = username
|
|
|
|
|
self.password = password
|
|
|
|
@ -113,13 +135,8 @@ class RabbitMqUser(object):
|
|
|
|
|
else:
|
|
|
|
|
self.tags = tags.split(',')
|
|
|
|
|
|
|
|
|
|
permissions = dict(
|
|
|
|
|
vhost=vhost,
|
|
|
|
|
configure_priv=configure_priv,
|
|
|
|
|
write_priv=write_priv,
|
|
|
|
|
read_priv=read_priv
|
|
|
|
|
)
|
|
|
|
|
self.permissions = permissions
|
|
|
|
|
self.bulk_permissions = bulk_permissions
|
|
|
|
|
|
|
|
|
|
self._tags = None
|
|
|
|
|
self._permissions = None
|
|
|
|
@ -157,12 +174,18 @@ class RabbitMqUser(object):
|
|
|
|
|
def _get_permissions(self):
|
|
|
|
|
perms_out = self._exec(['list_user_permissions', self.username], True)
|
|
|
|
|
|
|
|
|
|
perms_list = list()
|
|
|
|
|
for perm in perms_out:
|
|
|
|
|
vhost, configure_priv, write_priv, read_priv = perm.split('\t')
|
|
|
|
|
if vhost == self.permissions['vhost']:
|
|
|
|
|
return dict(vhost=vhost, configure_priv=configure_priv, write_priv=write_priv, read_priv=read_priv)
|
|
|
|
|
|
|
|
|
|
return dict()
|
|
|
|
|
if not self.bulk_permissions:
|
|
|
|
|
if vhost == self.permissions[0]['vhost']:
|
|
|
|
|
perms_list.append(dict(vhost=vhost, configure_priv=configure_priv,
|
|
|
|
|
write_priv=write_priv, read_priv=read_priv))
|
|
|
|
|
break
|
|
|
|
|
else:
|
|
|
|
|
perms_list.append(dict(vhost=vhost, configure_priv=configure_priv,
|
|
|
|
|
write_priv=write_priv, read_priv=read_priv))
|
|
|
|
|
return perms_list
|
|
|
|
|
|
|
|
|
|
def add(self):
|
|
|
|
|
if self.password is not None:
|
|
|
|
@ -178,14 +201,21 @@ class RabbitMqUser(object):
|
|
|
|
|
self._exec(['set_user_tags', self.username] + self.tags)
|
|
|
|
|
|
|
|
|
|
def set_permissions(self):
|
|
|
|
|
cmd = ['set_permissions']
|
|
|
|
|
cmd.append('-p')
|
|
|
|
|
cmd.append(self.permissions['vhost'])
|
|
|
|
|
cmd.append(self.username)
|
|
|
|
|
cmd.append(self.permissions['configure_priv'])
|
|
|
|
|
cmd.append(self.permissions['write_priv'])
|
|
|
|
|
cmd.append(self.permissions['read_priv'])
|
|
|
|
|
self._exec(cmd)
|
|
|
|
|
for permission in self._permissions:
|
|
|
|
|
if permission not in self.permissions:
|
|
|
|
|
cmd = ['clear_permissions', '-p']
|
|
|
|
|
cmd.append(permission['vhost'])
|
|
|
|
|
cmd.append(self.username)
|
|
|
|
|
self._exec(cmd)
|
|
|
|
|
for permission in self.permissions:
|
|
|
|
|
if permission not in self._permissions:
|
|
|
|
|
cmd = ['set_permissions', '-p']
|
|
|
|
|
cmd.append(permission['vhost'])
|
|
|
|
|
cmd.append(self.username)
|
|
|
|
|
cmd.append(permission['configure_priv'])
|
|
|
|
|
cmd.append(permission['write_priv'])
|
|
|
|
|
cmd.append(permission['read_priv'])
|
|
|
|
|
self._exec(cmd)
|
|
|
|
|
|
|
|
|
|
def has_tags_modifications(self):
|
|
|
|
|
return set(self.tags) != set(self._tags)
|
|
|
|
@ -198,6 +228,7 @@ def main():
|
|
|
|
|
user=dict(required=True, aliases=['username', 'name']),
|
|
|
|
|
password=dict(default=None),
|
|
|
|
|
tags=dict(default=None),
|
|
|
|
|
permissions=dict(default=list()),
|
|
|
|
|
vhost=dict(default='/'),
|
|
|
|
|
configure_priv=dict(default='^$'),
|
|
|
|
|
write_priv=dict(default='^$'),
|
|
|
|
@ -214,6 +245,7 @@ def main():
|
|
|
|
|
username = module.params['user']
|
|
|
|
|
password = module.params['password']
|
|
|
|
|
tags = module.params['tags']
|
|
|
|
|
permissions = module.params['permissions']
|
|
|
|
|
vhost = module.params['vhost']
|
|
|
|
|
configure_priv = module.params['configure_priv']
|
|
|
|
|
write_priv = module.params['write_priv']
|
|
|
|
@ -222,7 +254,19 @@ def main():
|
|
|
|
|
state = module.params['state']
|
|
|
|
|
node = module.params['node']
|
|
|
|
|
|
|
|
|
|
rabbitmq_user = RabbitMqUser(module, username, password, tags, vhost, configure_priv, write_priv, read_priv, node)
|
|
|
|
|
bulk_permissions = True
|
|
|
|
|
if permissions == []:
|
|
|
|
|
perm = {
|
|
|
|
|
'vhost': vhost,
|
|
|
|
|
'configure_priv': configure_priv,
|
|
|
|
|
'write_priv': write_priv,
|
|
|
|
|
'read_priv': read_priv
|
|
|
|
|
}
|
|
|
|
|
permissions.append(perm)
|
|
|
|
|
bulk_permissions = False
|
|
|
|
|
|
|
|
|
|
rabbitmq_user = RabbitMqUser(module, username, password, tags, permissions,
|
|
|
|
|
node, bulk_permissions=bulk_permissions)
|
|
|
|
|
|
|
|
|
|
changed = False
|
|
|
|
|
if rabbitmq_user.get():
|
|
|
|
|