2 files changed, 323 insertions, 11 deletions
diff --git a/library/rabbitmq_user_3_7_9.py b/library/rabbitmq_user_3_7_9.py
new file mode 100755
index 0000000..5be78b7
--- /dev/null
+++ b/library/rabbitmq_user_3_7_9.py
@@ -0,0 +1,315 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+# (c) 2013, Chatham Financial <oss@chathamfinancial.com>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+                    'status': ['preview'],
+                    'supported_by': 'community'}
+DOCUMENTATION = '''
+---
+module: rabbitmq_user_3_7_9
+short_description: Adds or removes users to RabbitMQ
+description:
+  - Add or remove users to RabbitMQ and assign permissions
+version_added: "1.1"
+author: '"Chris Hoffman (@chrishoffman)"'
+options:
+  user:
+    description:
+      - Name of user to add
+    required: true
+    default: null
+    aliases: [username, name]
+  password:
+    description:
+      - Password of user to add.
+      - To change the password of an existing user, you must also specify
+        C(force=yes).
+    required: false
+    default: null
+  tags:
+    description:
+      - User tags specified as comma delimited
+    required: false
+    default: null
+  permissions:
+    description:
+      - a list of dicts, each dict contains vhost, configure_priv, write_priv, and read_priv,
+        and represents a permission rule for that vhost.
+      - This option should be preferable when you care about all permissions of the user.
+      - You should use vhost, configure_priv, write_priv, and read_priv options instead
+        if you care about permissions for just some vhosts.
+    required: false
+    default: []
+  vhost:
+    description:
+      - vhost to apply access privileges.
+      - This option will be ignored when permissions option is used.
+    required: false
+    default: /
+  node:
+    description:
+      - erlang node name of the rabbit we wish to configure
+    required: false
+    default: rabbit
+    version_added: "1.2"
+  configure_priv:
+    description:
+      - Regular expression to restrict configure actions on a resource
+        for the specified vhost.
+      - By default all actions are restricted.
+      - This option will be ignored when permissions option is used.
+    required: false
+    default: ^$
+  write_priv:
+    description:
+      - Regular expression to restrict configure actions on a resource
+        for the specified vhost.
+      - By default all actions are restricted.
+      - This option will be ignored when permissions option is used.
+    required: false
+    default: ^$
+  read_priv:
+    description:
+      - Regular expression to restrict configure actions on a resource
+        for the specified vhost.
+      - By default all actions are restricted.
+      - This option will be ignored when permissions option is used.
+    required: false
+    default: ^$
+  force:
+    description:
+      - Deletes and recreates the user.
+    required: false
+    default: "no"
+    choices: [ "yes", "no" ]
+  state:
+    description:
+      - Specify if user is to be added or removed
+    required: false
+    default: present
+    choices: [present, absent]
+'''
+EXAMPLES = '''
+# Add user to server and assign full access control on / vhost.
+# The user might have permission rules for other vhost but you don't care.
+- rabbitmq_user_3_7_9:
+    user: joe
+    password: changeme
+    vhost: /
+    configure_priv: .*
+    read_priv: .*
+    write_priv: .*
+    state: present
+# Add user to server and assign full access control on / vhost.
+# The user doesn't have permission rules for other vhosts
+- rabbitmq_user_3_7_9:
+    user: joe
+    password: changeme
+    permissions:
+      - vhost: /
+        configure_priv: .*
+        read_priv: .*
+        write_priv: .*
+    state: present
+'''
+from ansible.module_utils.basic import AnsibleModule
+class RabbitMqUser(object):
+    def __init__(self, module, username, password, tags, permissions,
+                 node, bulk_permissions=False):
+        self.module = module
+        self.username = username
+        self.password = password
+        self.node = node
+        if not tags:
+            self.tags = list()
+        else:
+            self.tags = tags.split(',')
+        self.permissions = permissions
+        self.bulk_permissions = bulk_permissions
+        self._tags = None
+        self._permissions = []
+        self._rabbitmqctl = module.get_bin_path('rabbitmqctl', True)
+    def _exec(self, args, run_in_check_mode=False):
+        if not self.module.check_mode or run_in_check_mode:
+            cmd = [self._rabbitmqctl, '-q']
+            if self.node is not None:
+                cmd.extend(['-n', self.node])
+            rc, out, err = self.module.run_command(cmd + args, check_rc=True)
+            return out.splitlines() if len(out.strip()) else []
+        return list()
+    def get(self):
+        users = self._exec(self._list_args(['list_users']), True)
+        for user_tag in users:
+            if '\t' not in user_tag:
+                continue
+            user, tags = user_tag.split('\t')
+            if user == self.username:
+                for c in ['[', ']', ' ']:
+                    tags = tags.replace(c, '')
+                if tags != '':
+                    self._tags = tags.split(',')
+                else:
+                    self._tags = list()
+                self._permissions = self._get_permissions()
+                return True
+        return False
+    def _get_permissions(self):
+        perms_out = self._exec(self._list_args(['list_user_permissions', self.username]), True)
+        perms_list = list()
+        for perm in perms_out:
+            vhost, configure_priv, write_priv, read_priv = perm.split('\t')
+            if not self.bulk_permissions:
+                if vhost == self.permissions[0]['vhost']:
+                    perms_list.append(dict(vhost=vhost, configure_priv=configure_priv,
+                                           write_priv=write_priv, read_priv=read_priv))
+                    break
+            else:
+                perms_list.append(dict(vhost=vhost, configure_priv=configure_priv,
+                                       write_priv=write_priv, read_priv=read_priv))
+        return perms_list
+    '''
+    Monkey Patching the 'rabbitmq_user_3_7_9' ansible module for 3.7.9 rabbit version
+    where headers were added in the output
+    Cf: https://github.com/rabbitmq/rabbitmq-cli/issues/264
+    '''
+    def _list_args(self, args):
+        return args + ['--no-table-headers']
+    def add(self):
+        if self.password is not None:
+            self._exec(['add_user', self.username, self.password])
+        else:
+            self._exec(['add_user', self.username, ''])
+            self._exec(['clear_password', self.username])
+    def delete(self):
+        self._exec(['delete_user', self.username])
+    def set_tags(self):
+        self._exec(['set_user_tags', self.username] + self.tags)
+    def set_permissions(self):
+        for permission in self._permissions:
+            if permission not in self.permissions:
+                cmd = ['clear_permissions', '-p']
+                cmd.append(permission['vhost'])
+                cmd.append(self.username)
+                self._exec(cmd)
+        for permission in self.permissions:
+            if permission not in self._permissions:
+                cmd = ['set_permissions', '-p']
+                cmd.append(permission['vhost'])
+                cmd.append(self.username)
+                cmd.append(permission['configure_priv'])
+                cmd.append(permission['write_priv'])
+                cmd.append(permission['read_priv'])
+                self._exec(cmd)
+    def has_tags_modifications(self):
+        return set(self.tags) != set(self._tags)
+    def has_permissions_modifications(self):
+        return sorted(self._permissions) != sorted(self.permissions)
+def main():
+    arg_spec = dict(
+        user=dict(required=True, aliases=['username', 'name']),
+        password=dict(default=None, no_log=True),
+        tags=dict(default=None),
+        permissions=dict(default=list(), type='list'),
+        vhost=dict(default='/'),
+        configure_priv=dict(default='^$'),
+        write_priv=dict(default='^$'),
+        read_priv=dict(default='^$'),
+        force=dict(default='no', type='bool'),
+        state=dict(default='present', choices=['present', 'absent']),
+        node=dict(default=None)
+    )
+    module = AnsibleModule(
+        argument_spec=arg_spec,
+        supports_check_mode=True
+    )
+    username = module.params['user']
+    password = module.params['password']
+    tags = module.params['tags']
+    permissions = module.params['permissions']
+    vhost = module.params['vhost']
+    configure_priv = module.params['configure_priv']
+    write_priv = module.params['write_priv']
+    read_priv = module.params['read_priv']
+    force = module.params['force']
+    state = module.params['state']
+    node = module.params['node']
+    bulk_permissions = True
+    if not permissions:
+        perm = {
+            'vhost': vhost,
+            'configure_priv': configure_priv,
+            'write_priv': write_priv,
+            'read_priv': read_priv
+        }
+        permissions.append(perm)
+        bulk_permissions = False
+    rabbitmq_user_3_7_9 = RabbitMqUser(module, username, password, tags, permissions,
+                                 node, bulk_permissions=bulk_permissions)
+    result = dict(changed=False, user=username, state=state)
+    if rabbitmq_user_3_7_9.get():
+        if state == 'absent':
+            rabbitmq_user_3_7_9.delete()
+            result['changed'] = True
+        else:
+            if force:
+                rabbitmq_user_3_7_9.delete()
+                rabbitmq_user_3_7_9.add()
+                rabbitmq_user_3_7_9.get()
+                result['changed'] = True
+            if rabbitmq_user_3_7_9.has_tags_modifications():
+                rabbitmq_user_3_7_9.set_tags()
+                result['changed'] = True
+            if rabbitmq_user_3_7_9.has_permissions_modifications():
+                rabbitmq_user_3_7_9.set_permissions()
+                result['changed'] = True
+    elif state == 'present':
+        rabbitmq_user_3_7_9.add()
+        rabbitmq_user_3_7_9.set_tags()
+        rabbitmq_user_3_7_9.set_permissions()
+        result['changed'] = True
+    module.exit_json(**result)
+if __name__ == '__main__':
+    main()
diff --git a/tasks/rabbitmq_users.yml b/tasks/rabbitmq_users.yml
index 7bba65e..d09d624 100644
--- a/tasks/rabbitmq_users.yml
+++ b/tasks/rabbitmq_users.yml
@@ -10,15 +10,14 @@
    tags: "{{ item['tags']|default(omit) }}"
    permissions: "{{ item['permissions']|default(omit) }}"
    state: present
+  run_once: rabbitmq_enable_clustering is defined and rabbitmq_enable_clustering
+  delegate_to: "{{ rabbitmq_master|default(omit) }}"
  become: true
  with_items: "{{ rabbitmq_users }}"
-  when: >
+  when: rabbitmq_debian_version is version('3.7.9', '<')
-        (rabbitmq_enable_clustering is defined and
-          not rabbitmq_enable_clustering) or
-          rabbitmq_enable_clustering is not defined
- name: rabbitmq_users | creating rabbitmq users
+- name: rabbitmq_users | creating rabbitmq users (rabbit >= 3.7.9)
-  rabbitmq_user:
+  rabbitmq_user_3_7_9:
    name: "{{ item['name'] }}"
    password: "{{ item['password'] }}"
    vhost: "{{ item['vhost']|default(omit) }}"
@@ -28,10 +27,8 @@
    tags: "{{ item['tags']|default(omit) }}"
    permissions: "{{ item['permissions']|default(omit) }}"
    state: present
-  run_once: yes
+  run_once: rabbitmq_enable_clustering is defined and rabbitmq_enable_clustering
-  delegate_to: "{{ rabbitmq_master }}"
+  delegate_to: "{{ rabbitmq_master|default(omit) }}"
  become: true
  with_items: "{{ rabbitmq_users }}"
-  when: >
+  when: rabbitmq_debian_version is version('3.7.9', '>=')
-        rabbitmq_enable_clustering is defined and
-          rabbitmq_enable_clustering

diff --git a/library/rabbitmq_user_3_7_9.py b/library/rabbitmq_user_3_7_9.py new file mode 100755 index 0000000..5be78b7 --- /dev/null +++ b/library/rabbitmq_user_3_7_9.py
@@ -0,0 +1,315 @@
		1	#!/usr/bin/python
		2	# -- coding: utf-8 --
		3
		4	# (c) 2013, Chatham Financial <oss@chathamfinancial.com>
		5	# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
		6
		7	from __future__ import absolute_import, division, print_function
		8	__metaclass__ = type
		9
		10
		11	ANSIBLE_METADATA = {'metadata_version': '1.1',
		12	'status': ['preview'],
		13	'supported_by': 'community'}
		14
		15
		16	DOCUMENTATION = '''
		17	---
		18	module: rabbitmq_user_3_7_9
		19	short_description: Adds or removes users to RabbitMQ
		20	description:
		21	- Add or remove users to RabbitMQ and assign permissions
		22	version_added: "1.1"
		23	author: '"Chris Hoffman (@chrishoffman)"'
		24	options:
		25	user:
		26	description:
		27	- Name of user to add
		28	required: true
		29	default: null
		30	aliases: [username, name]
		31	password:
		32	description:
		33	- Password of user to add.
		34	- To change the password of an existing user, you must also specify
		35	C(force=yes).
		36	required: false
		37	default: null
		38	tags:
		39	description:
		40	- User tags specified as comma delimited
		41	required: false
		42	default: null
		43	permissions:
		44	description:
		45	- a list of dicts, each dict contains vhost, configure_priv, write_priv, and read_priv,
		46	and represents a permission rule for that vhost.
		47	- This option should be preferable when you care about all permissions of the user.
		48	- You should use vhost, configure_priv, write_priv, and read_priv options instead
		49	if you care about permissions for just some vhosts.
		50	required: false
		51	default: []
		52	vhost:
		53	description:
		54	- vhost to apply access privileges.
		55	- This option will be ignored when permissions option is used.
		56	required: false
		57	default: /
		58	node:
		59	description:
		60	- erlang node name of the rabbit we wish to configure
		61	required: false
		62	default: rabbit
		63	version_added: "1.2"
		64	configure_priv:
		65	description:
		66	- Regular expression to restrict configure actions on a resource
		67	for the specified vhost.
		68	- By default all actions are restricted.
		69	- This option will be ignored when permissions option is used.
		70	required: false
		71	default: ^$
		72	write_priv:
		73	description:
		74	- Regular expression to restrict configure actions on a resource
		75	for the specified vhost.
		76	- By default all actions are restricted.
		77	- This option will be ignored when permissions option is used.
		78	required: false
		79	default: ^$
		80	read_priv:
		81	description:
		82	- Regular expression to restrict configure actions on a resource
		83	for the specified vhost.
		84	- By default all actions are restricted.
		85	- This option will be ignored when permissions option is used.
		86	required: false
		87	default: ^$
		88	force:
		89	description:
		90	- Deletes and recreates the user.
		91	required: false
		92	default: "no"
		93	choices: [ "yes", "no" ]
		94	state:
		95	description:
		96	- Specify if user is to be added or removed
		97	required: false
		98	default: present
		99	choices: [present, absent]
		100	'''
		101
		102	EXAMPLES = '''
		103	# Add user to server and assign full access control on / vhost.
		104	# The user might have permission rules for other vhost but you don't care.
		105	- rabbitmq_user_3_7_9:
		106	user: joe
		107	password: changeme
		108	vhost: /
		109	configure_priv: .*
		110	read_priv: .*
		111	write_priv: .*
		112	state: present
		113
		114	# Add user to server and assign full access control on / vhost.
		115	# The user doesn't have permission rules for other vhosts
		116	- rabbitmq_user_3_7_9:
		117	user: joe
		118	password: changeme
		119	permissions:
		120	- vhost: /
		121	configure_priv: .*
		122	read_priv: .*
		123	write_priv: .*
		124	state: present
		125	'''
		126
		127	from ansible.module_utils.basic import AnsibleModule
		128
		129
		130	class RabbitMqUser(object):
		131	def __init__(self, module, username, password, tags, permissions,
		132	node, bulk_permissions=False):
		133	self.module = module
		134	self.username = username
		135	self.password = password
		136	self.node = node
		137	if not tags:
		138	self.tags = list()
		139	else:
		140	self.tags = tags.split(',')
		141
		142	self.permissions = permissions
		143	self.bulk_permissions = bulk_permissions
		144
		145	self._tags = None
		146	self._permissions = []
		147	self._rabbitmqctl = module.get_bin_path('rabbitmqctl', True)
		148
		149	def _exec(self, args, run_in_check_mode=False):
		150	if not self.module.check_mode or run_in_check_mode:
		151	cmd = [self._rabbitmqctl, '-q']
		152	if self.node is not None:
		153	cmd.extend(['-n', self.node])
		154	rc, out, err = self.module.run_command(cmd + args, check_rc=True)
		155	return out.splitlines() if len(out.strip()) else []
		156	return list()
		157
		158	def get(self):
		159	users = self._exec(self._list_args(['list_users']), True)
		160
		161	for user_tag in users:
		162	if '\t' not in user_tag:
		163	continue
		164
		165	user, tags = user_tag.split('\t')
		166
		167	if user == self.username:
		168	for c in ['[', ']', ' ']:
		169	tags = tags.replace(c, '')
		170
		171	if tags != '':
		172	self._tags = tags.split(',')
		173	else:
		174	self._tags = list()
		175
		176	self._permissions = self._get_permissions()
		177	return True
		178	return False
		179
		180	def _get_permissions(self):
		181	perms_out = self._exec(self._list_args(['list_user_permissions', self.username]), True)
		182
		183	perms_list = list()
		184	for perm in perms_out:
		185	vhost, configure_priv, write_priv, read_priv = perm.split('\t')
		186	if not self.bulk_permissions:
		187	if vhost == self.permissions[0]['vhost']:
		188	perms_list.append(dict(vhost=vhost, configure_priv=configure_priv,
		189	write_priv=write_priv, read_priv=read_priv))
		190	break
		191	else:
		192	perms_list.append(dict(vhost=vhost, configure_priv=configure_priv,
		193	write_priv=write_priv, read_priv=read_priv))
		194	return perms_list
		195
		196	'''
		197	Monkey Patching the 'rabbitmq_user_3_7_9' ansible module for 3.7.9 rabbit version
		198	where headers were added in the output
		199	Cf: https://github.com/rabbitmq/rabbitmq-cli/issues/264
		200	'''
		201	def _list_args(self, args):
		202	return args + ['--no-table-headers']
		203
		204	def add(self):
		205	if self.password is not None:
		206	self._exec(['add_user', self.username, self.password])
		207	else:
		208	self._exec(['add_user', self.username, ''])
		209	self._exec(['clear_password', self.username])
		210
		211	def delete(self):
		212	self._exec(['delete_user', self.username])
		213
		214	def set_tags(self):
		215	self._exec(['set_user_tags', self.username] + self.tags)
		216
		217	def set_permissions(self):
		218	for permission in self._permissions:
		219	if permission not in self.permissions:
		220	cmd = ['clear_permissions', '-p']
		221	cmd.append(permission['vhost'])
		222	cmd.append(self.username)
		223	self._exec(cmd)
		224	for permission in self.permissions:
		225	if permission not in self._permissions:
		226	cmd = ['set_permissions', '-p']
		227	cmd.append(permission['vhost'])
		228	cmd.append(self.username)
		229	cmd.append(permission['configure_priv'])
		230	cmd.append(permission['write_priv'])
		231	cmd.append(permission['read_priv'])
		232	self._exec(cmd)
		233
		234	def has_tags_modifications(self):
		235	return set(self.tags) != set(self._tags)
		236
		237	def has_permissions_modifications(self):
		238	return sorted(self._permissions) != sorted(self.permissions)
		239
		240
		241	def main():
		242	arg_spec = dict(
		243	user=dict(required=True, aliases=['username', 'name']),
		244	password=dict(default=None, no_log=True),
		245	tags=dict(default=None),
		246	permissions=dict(default=list(), type='list'),
		247	vhost=dict(default='/'),
		248	configure_priv=dict(default='^$'),
		249	write_priv=dict(default='^$'),
		250	read_priv=dict(default='^$'),
		251	force=dict(default='no', type='bool'),
		252	state=dict(default='present', choices=['present', 'absent']),
		253	node=dict(default=None)
		254	)
		255	module = AnsibleModule(
		256	argument_spec=arg_spec,
		257	supports_check_mode=True
		258	)
		259
		260	username = module.params['user']
		261	password = module.params['password']
		262	tags = module.params['tags']
		263	permissions = module.params['permissions']
		264	vhost = module.params['vhost']
		265	configure_priv = module.params['configure_priv']
		266	write_priv = module.params['write_priv']
		267	read_priv = module.params['read_priv']
		268	force = module.params['force']
		269	state = module.params['state']
		270	node = module.params['node']
		271
		272	bulk_permissions = True
		273	if not permissions:
		274	perm = {
		275	'vhost': vhost,
		276	'configure_priv': configure_priv,
		277	'write_priv': write_priv,
		278	'read_priv': read_priv
		279	}
		280	permissions.append(perm)
		281	bulk_permissions = False
		282
		283	rabbitmq_user_3_7_9 = RabbitMqUser(module, username, password, tags, permissions,
		284	node, bulk_permissions=bulk_permissions)
		285
		286	result = dict(changed=False, user=username, state=state)
		287
		288	if rabbitmq_user_3_7_9.get():
		289	if state == 'absent':
		290	rabbitmq_user_3_7_9.delete()
		291	result['changed'] = True
		292	else:
		293	if force:
		294	rabbitmq_user_3_7_9.delete()
		295	rabbitmq_user_3_7_9.add()
		296	rabbitmq_user_3_7_9.get()
		297	result['changed'] = True
		298
		299	if rabbitmq_user_3_7_9.has_tags_modifications():
		300	rabbitmq_user_3_7_9.set_tags()
		301	result['changed'] = True
		302
		303	if rabbitmq_user_3_7_9.has_permissions_modifications():
		304	rabbitmq_user_3_7_9.set_permissions()
		305	result['changed'] = True
		306	elif state == 'present':
		307	rabbitmq_user_3_7_9.add()
		308	rabbitmq_user_3_7_9.set_tags()
		309	rabbitmq_user_3_7_9.set_permissions()
		310	result['changed'] = True
		311
		312	module.exit_json(**result)
		313
		314	if __name__ == '__main__':
		315	main()


diff --git a/tasks/rabbitmq_users.yml b/tasks/rabbitmq_users.yml index 7bba65e..d09d624 100644 --- a/tasks/rabbitmq_users.yml +++ b/tasks/rabbitmq_users.yml
@@ -10,15 +10,14 @@
10	tags: "{{ item['tags']\|default(omit) }}"	10	tags: "{{ item['tags']\|default(omit) }}"
11	permissions: "{{ item['permissions']\|default(omit) }}"	11	permissions: "{{ item['permissions']\|default(omit) }}"
12	state: present	12	state: present
		13	run_once: rabbitmq_enable_clustering is defined and rabbitmq_enable_clustering
		14	delegate_to: "{{ rabbitmq_master\|default(omit) }}"
13	become: true	15	become: true
14	with_items: "{{ rabbitmq_users }}"	16	with_items: "{{ rabbitmq_users }}"
15	when: >	17	when: rabbitmq_debian_version is version('3.7.9', '<')
16	(rabbitmq_enable_clustering is defined and
17	not rabbitmq_enable_clustering) or
18	rabbitmq_enable_clustering is not defined
19		18
20	- name: rabbitmq_users \| creating rabbitmq users	19	- name: rabbitmq_users \| creating rabbitmq users (rabbit >= 3.7.9)
21	rabbitmq_user:	20	rabbitmq_user_3_7_9:
22	name: "{{ item['name'] }}"	21	name: "{{ item['name'] }}"
23	password: "{{ item['password'] }}"	22	password: "{{ item['password'] }}"
24	vhost: "{{ item['vhost']\|default(omit) }}"	23	vhost: "{{ item['vhost']\|default(omit) }}"
@@ -28,10 +27,8 @@
28	tags: "{{ item['tags']\|default(omit) }}"	27	tags: "{{ item['tags']\|default(omit) }}"
29	permissions: "{{ item['permissions']\|default(omit) }}"	28	permissions: "{{ item['permissions']\|default(omit) }}"
30	state: present	29	state: present
31	run_once: yes	30	run_once: rabbitmq_enable_clustering is defined and rabbitmq_enable_clustering
32	delegate_to: "{{ rabbitmq_master }}"	31	delegate_to: "{{ rabbitmq_master\|default(omit) }}"
33	become: true	32	become: true
34	with_items: "{{ rabbitmq_users }}"	33	with_items: "{{ rabbitmq_users }}"
35	when: >	34	when: rabbitmq_debian_version is version('3.7.9', '>=')
36	rabbitmq_enable_clustering is defined and
37	rabbitmq_enable_clustering