archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #831 from viruxel/devel

Browse Source 
Enable managing multiple user permissions from one shot
reviewable/pr18780/r1
Brian Coca 9 years ago
parent bec32094ae 09268b1a48
commit 7c50f4cc8f
1 changed files with 65 additions and 21 deletions
Show Stats Download Patch File Download Diff File

86
messaging/rabbitmq_user.py
Unescape Escape View File

@ -45,9 +45,19 @@ options:
- User tags specified as comma delimited - User tags specified as comma delimited
required: false required: false
default: null default: null
permissions:
description:
- a list of dicts, each dict contains vhost, configure_priv, write_priv, and read_priv,
and represents a permission rule for that vhost.
- This option should be preferable when you care about all permissions of the user.
- You should use vhost, configure_priv, write_priv, and read_priv options instead
if you care about permissions for just some vhosts.
required: false
default: []
vhost: vhost:
description: description:
- vhost to apply access privileges. - vhost to apply access privileges.
- This option will be ignored when permissions option is used.
required: false required: false
default: / default: /
node: node:
@ -61,6 +71,7 @@ options:
- Regular expression to restrict configure actions on a resource - Regular expression to restrict configure actions on a resource
for the specified vhost. for the specified vhost.
- By default all actions are restricted. - By default all actions are restricted.
- This option will be ignored when permissions option is used.
required: false required: false
default: ^$ default: ^$
write_priv: write_priv:
@ -68,6 +79,7 @@ options:
- Regular expression to restrict configure actions on a resource - Regular expression to restrict configure actions on a resource
for the specified vhost. for the specified vhost.
- By default all actions are restricted. - By default all actions are restricted.
- This option will be ignored when permissions option is used.
required: false required: false
default: ^$ default: ^$
read_priv: read_priv:
@ -75,6 +87,7 @@ options:
- Regular expression to restrict configure actions on a resource - Regular expression to restrict configure actions on a resource
for the specified vhost. for the specified vhost.
- By default all actions are restricted. - By default all actions are restricted.
- This option will be ignored when permissions option is used.
required: false required: false
default: ^$ default: ^$
force: force:
@ -92,7 +105,8 @@ options:
''' '''
EXAMPLES = ''' EXAMPLES = '''
# Add user to server and assign full access control # Add user to server and assign full access control on / vhost.
# The user might have permission rules for other vhost but you don't care.
- rabbitmq_user: user=joe - rabbitmq_user: user=joe
password=changeme password=changeme
vhost=/ vhost=/
@ -100,10 +114,18 @@ EXAMPLES = '''
read_priv=.* read_priv=.*
write_priv=.* write_priv=.*
state=present state=present
# Add user to server and assign full access control on / vhost.
# The user doesn't have permission rules for other vhosts
- rabbitmq_user: user=joe
password=changeme
permissions=[{vhost='/', configure_priv='.*', read_priv='.*', write_priv='.*'}]
state=present
''' '''
class RabbitMqUser(object): class RabbitMqUser(object):
def __init__(self, module, username, password, tags, vhost, configure_priv, write_priv, read_priv, node): def __init__(self, module, username, password, tags, permissions,
node, bulk_permissions=False):
self.module = module self.module = module
self.username = username self.username = username
self.password = password self.password = password
@ -113,13 +135,8 @@ class RabbitMqUser(object):
else: else:
self.tags = tags.split(',') self.tags = tags.split(',')
permissions = dict(
vhost=vhost,
configure_priv=configure_priv,
write_priv=write_priv,
read_priv=read_priv
)
self.permissions = permissions self.permissions = permissions
self.bulk_permissions = bulk_permissions
self._tags = None self._tags = None
self._permissions = None self._permissions = None
@ -157,12 +174,18 @@ class RabbitMqUser(object):
def _get_permissions(self): def _get_permissions(self):
perms_out = self._exec(['list_user_permissions', self.username], True) perms_out = self._exec(['list_user_permissions', self.username], True)
perms_list = list()
for perm in perms_out: for perm in perms_out:
vhost, configure_priv, write_priv, read_priv = perm.split('\t') vhost, configure_priv, write_priv, read_priv = perm.split('\t')
if vhost == self.permissions['vhost']: if not self.bulk_permissions:
return dict(vhost=vhost, configure_priv=configure_priv, write_priv=write_priv, read_priv=read_priv) if vhost == self.permissions[0]['vhost']:
perms_list.append(dict(vhost=vhost, configure_priv=configure_priv,
return dict() write_priv=write_priv, read_priv=read_priv))
break
else:
perms_list.append(dict(vhost=vhost, configure_priv=configure_priv,
write_priv=write_priv, read_priv=read_priv))
return perms_list
def add(self): def add(self):
if self.password is not None: if self.password is not None:
@ -178,14 +201,21 @@ class RabbitMqUser(object):
self._exec(['set_user_tags', self.username] + self.tags) self._exec(['set_user_tags', self.username] + self.tags)
def set_permissions(self): def set_permissions(self):
cmd = ['set_permissions'] for permission in self._permissions:
cmd.append('-p') if permission not in self.permissions:
cmd.append(self.permissions['vhost']) cmd = ['clear_permissions', '-p']
cmd.append(self.username) cmd.append(permission['vhost'])
cmd.append(self.permissions['configure_priv']) cmd.append(self.username)
cmd.append(self.permissions['write_priv']) self._exec(cmd)
cmd.append(self.permissions['read_priv']) for permission in self.permissions:
self._exec(cmd) if permission not in self._permissions:
cmd = ['set_permissions', '-p']
cmd.append(permission['vhost'])
cmd.append(self.username)
cmd.append(permission['configure_priv'])
cmd.append(permission['write_priv'])
cmd.append(permission['read_priv'])
self._exec(cmd)
def has_tags_modifications(self): def has_tags_modifications(self):
return set(self.tags) != set(self._tags) return set(self.tags) != set(self._tags)
@ -198,6 +228,7 @@ def main():
user=dict(required=True, aliases=['username', 'name']), user=dict(required=True, aliases=['username', 'name']),
password=dict(default=None), password=dict(default=None),
tags=dict(default=None), tags=dict(default=None),
permissions=dict(default=list()),
vhost=dict(default='/'), vhost=dict(default='/'),
configure_priv=dict(default='^$'), configure_priv=dict(default='^$'),
write_priv=dict(default='^$'), write_priv=dict(default='^$'),
@ -214,6 +245,7 @@ def main():
username = module.params['user'] username = module.params['user']
password = module.params['password'] password = module.params['password']
tags = module.params['tags'] tags = module.params['tags']
permissions = module.params['permissions']
vhost = module.params['vhost'] vhost = module.params['vhost']
configure_priv = module.params['configure_priv'] configure_priv = module.params['configure_priv']
write_priv = module.params['write_priv'] write_priv = module.params['write_priv']
@ -222,7 +254,19 @@ def main():
state = module.params['state'] state = module.params['state']
node = module.params['node'] node = module.params['node']
rabbitmq_user = RabbitMqUser(module, username, password, tags, vhost, configure_priv, write_priv, read_priv, node) bulk_permissions = True
if permissions == []:
perm = {
'vhost': vhost,
'configure_priv': configure_priv,
'write_priv': write_priv,
'read_priv': read_priv
}
permissions.append(perm)
bulk_permissions = False
rabbitmq_user = RabbitMqUser(module, username, password, tags, permissions,
node, bulk_permissions=bulk_permissions)
changed = False changed = False
if rabbitmq_user.get(): if rabbitmq_user.get():

Write Preview
Loading…
Cancel
Save