]>
git.immae.eu Git - github/fretlink/ansible-rabbitmq.git/blob - library/rabbitmq_user_3_7_9.py
2 # -*- coding: utf-8 -*-
4 # (c) 2013, Chatham Financial <oss@chathamfinancial.com>
5 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
7 from __future__
import absolute_import
, division
, print_function
11 ANSIBLE_METADATA
= {'metadata_version': '1.1',
12 'status': ['preview'],
13 'supported_by': 'community'}
18 module: rabbitmq_user_3_7_9
19 short_description: Adds or removes users to RabbitMQ
21 - Add or remove users to RabbitMQ and assign permissions
23 author: '"Chris Hoffman (@chrishoffman)"'
30 aliases: [username, name]
33 - Password of user to add.
34 - To change the password of an existing user, you must also specify
40 - User tags specified as comma delimited
45 - a list of dicts, each dict contains vhost, configure_priv, write_priv, and read_priv,
46 and represents a permission rule for that vhost.
47 - This option should be preferable when you care about all permissions of the user.
48 - You should use vhost, configure_priv, write_priv, and read_priv options instead
49 if you care about permissions for just some vhosts.
54 - vhost to apply access privileges.
55 - This option will be ignored when permissions option is used.
60 - erlang node name of the rabbit we wish to configure
66 - Regular expression to restrict configure actions on a resource
67 for the specified vhost.
68 - By default all actions are restricted.
69 - This option will be ignored when permissions option is used.
74 - Regular expression to restrict configure actions on a resource
75 for the specified vhost.
76 - By default all actions are restricted.
77 - This option will be ignored when permissions option is used.
82 - Regular expression to restrict configure actions on a resource
83 for the specified vhost.
84 - By default all actions are restricted.
85 - This option will be ignored when permissions option is used.
90 - Deletes and recreates the user.
93 choices: [ "yes", "no" ]
96 - Specify if user is to be added or removed
99 choices: [present, absent]
103 # Add user to server and assign full access control on / vhost.
104 # The user might have permission rules for other vhost but you don't care.
105 - rabbitmq_user_3_7_9:
114 # Add user to server and assign full access control on / vhost.
115 # The user doesn't have permission rules for other vhosts
116 - rabbitmq_user_3_7_9:
127 from ansible
.module_utils
.basic
import AnsibleModule
130 class RabbitMqUser(object):
131 def __init__(self
, module
, username
, password
, tags
, permissions
,
132 node
, bulk_permissions
=False):
134 self
.username
= username
135 self
.password
= password
140 self
.tags
= tags
.split(',')
142 self
.permissions
= permissions
143 self
.bulk_permissions
= bulk_permissions
146 self
._permissions
= []
147 self
._rabbitmqctl
= module
.get_bin_path('rabbitmqctl', True)
149 def _exec(self
, args
, run_in_check_mode
=False):
150 if not self
.module
.check_mode
or run_in_check_mode
:
151 cmd
= [self
._rabbitmqctl
, '-q']
152 if self
.node
is not None:
153 cmd
.extend(['-n', self
.node
])
154 rc
, out
, err
= self
.module
.run_command(cmd
+ args
, check_rc
=True)
155 return out
.splitlines() if len(out
.strip()) else []
159 users
= self
._exec
(self
._list
_args
(['list_users']), True)
161 for user_tag
in users
:
162 if '\t' not in user_tag
:
165 user
, tags
= user_tag
.split('\t')
167 if user
== self
.username
:
168 for c
in ['[', ']', ' ']:
169 tags
= tags
.replace(c
, '')
172 self
._tags
= tags
.split(',')
176 self
._permissions
= self
._get
_permissions
()
180 def _get_permissions(self
):
181 perms_out
= self
._exec
(self
._list
_args
(['list_user_permissions', self
.username
]), True)
184 for perm
in perms_out
:
185 vhost
, configure_priv
, write_priv
, read_priv
= perm
.split('\t')
186 if not self
.bulk_permissions
:
187 if vhost
== self
.permissions
[0]['vhost']:
188 perms_list
.append(dict(vhost
=vhost
, configure_priv
=configure_priv
,
189 write_priv
=write_priv
, read_priv
=read_priv
))
192 perms_list
.append(dict(vhost
=vhost
, configure_priv
=configure_priv
,
193 write_priv
=write_priv
, read_priv
=read_priv
))
197 Monkey Patching the 'rabbitmq_user_3_7_9' ansible module for 3.7.9 rabbit version
198 where headers were added in the output
199 Cf: https://github.com/rabbitmq/rabbitmq-cli/issues/264
201 def _list_args(self
, args
):
202 return args
+ ['--no-table-headers']
205 if self
.password
is not None:
206 self
._exec
(['add_user', self
.username
, self
.password
])
208 self
._exec
(['add_user', self
.username
, ''])
209 self
._exec
(['clear_password', self
.username
])
212 self
._exec
(['delete_user', self
.username
])
215 self
._exec
(['set_user_tags', self
.username
] + self
.tags
)
217 def set_permissions(self
):
218 for permission
in self
._permissions
:
219 if permission
not in self
.permissions
:
220 cmd
= ['clear_permissions', '-p']
221 cmd
.append(permission
['vhost'])
222 cmd
.append(self
.username
)
224 for permission
in self
.permissions
:
225 if permission
not in self
._permissions
:
226 cmd
= ['set_permissions', '-p']
227 cmd
.append(permission
['vhost'])
228 cmd
.append(self
.username
)
229 cmd
.append(permission
['configure_priv'])
230 cmd
.append(permission
['write_priv'])
231 cmd
.append(permission
['read_priv'])
234 def has_tags_modifications(self
):
235 return set(self
.tags
) != set(self
._tags
)
237 def has_permissions_modifications(self
):
238 return sorted(self
._permissions
) != sorted(self
.permissions
)
243 user
=dict(required
=True, aliases
=['username', 'name']),
244 password
=dict(default
=None, no_log
=True),
245 tags
=dict(default
=None),
246 permissions
=dict(default
=list(), type='list'),
247 vhost
=dict(default
='/'),
248 configure_priv
=dict(default
='^$'),
249 write_priv
=dict(default
='^$'),
250 read_priv
=dict(default
='^$'),
251 force
=dict(default
='no', type='bool'),
252 state
=dict(default
='present', choices
=['present', 'absent']),
253 node
=dict(default
=None)
255 module
= AnsibleModule(
256 argument_spec
=arg_spec
,
257 supports_check_mode
=True
260 username
= module
.params
['user']
261 password
= module
.params
['password']
262 tags
= module
.params
['tags']
263 permissions
= module
.params
['permissions']
264 vhost
= module
.params
['vhost']
265 configure_priv
= module
.params
['configure_priv']
266 write_priv
= module
.params
['write_priv']
267 read_priv
= module
.params
['read_priv']
268 force
= module
.params
['force']
269 state
= module
.params
['state']
270 node
= module
.params
['node']
272 bulk_permissions
= True
276 'configure_priv': configure_priv
,
277 'write_priv': write_priv
,
278 'read_priv': read_priv
280 permissions
.append(perm
)
281 bulk_permissions
= False
283 rabbitmq_user_3_7_9
= RabbitMqUser(module
, username
, password
, tags
, permissions
,
284 node
, bulk_permissions
=bulk_permissions
)
286 result
= dict(changed
=False, user
=username
, state
=state
)
288 if rabbitmq_user_3_7_9
.get():
289 if state
== 'absent':
290 rabbitmq_user_3_7_9
.delete()
291 result
['changed'] = True
294 rabbitmq_user_3_7_9
.delete()
295 rabbitmq_user_3_7_9
.add()
296 rabbitmq_user_3_7_9
.get()
297 result
['changed'] = True
299 if rabbitmq_user_3_7_9
.has_tags_modifications():
300 rabbitmq_user_3_7_9
.set_tags()
301 result
['changed'] = True
303 if rabbitmq_user_3_7_9
.has_permissions_modifications():
304 rabbitmq_user_3_7_9
.set_permissions()
305 result
['changed'] = True
306 elif state
== 'present':
307 rabbitmq_user_3_7_9
.add()
308 rabbitmq_user_3_7_9
.set_tags()
309 rabbitmq_user_3_7_9
.set_permissions()
310 result
['changed'] = True
312 module
.exit_json(**result
)
314 if __name__
== '__main__':