From b60803ee5ce01e203bfab058b41de328bb4cc758 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Fri, 14 Feb 2020 15:37:47 +0100
Subject: [PATCH] RabbitMQ: don't overwrite the admin user
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Users are shared between virtualhosts.

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 roles/bodhi2/base/tasks/main.yml  |  2 --
 roles/odcs/backend/tasks/main.yml | 21 +++++++++++++++++----
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/roles/bodhi2/base/tasks/main.yml b/roles/bodhi2/base/tasks/main.yml
index 0bd4ff9fac..9855b113b0 100644
--- a/roles/bodhi2/base/tasks/main.yml
+++ b/roles/bodhi2/base/tasks/main.yml
@@ -72,7 +72,6 @@
     configure_priv: .*
     read_priv: .*
     write_priv: .*
-    tags: management
   tags:
   - rabbitmq_cluster
   - config
@@ -87,7 +86,6 @@
     configure_priv: "^$"
     read_priv: "^$"
     write_priv: "^$"
-    tags: monitoring
   tags:
   - rabbitmq_cluster
   - config
diff --git a/roles/odcs/backend/tasks/main.yml b/roles/odcs/backend/tasks/main.yml
index 9bea0d49c8..60073dfbfd 100644
--- a/roles/odcs/backend/tasks/main.yml
+++ b/roles/odcs/backend/tasks/main.yml
@@ -108,17 +108,16 @@
   - odcs
   - odcs/backend
 
-- name: Create the admin user for the odcs vhost (prod)
+- name: Create the odcs-admin user for the odcs vhost (prod)
   run_once: true
   delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
   rabbitmq_user:
-    user: admin
+    user: odcs-admin
     password: "{{ (env == 'production')|ternary(rabbitmq_odcs_admin_password_production, rabbitmq_odcs_admin_password_staging) }}"
     vhost: /odcs
     configure_priv: .*
     read_priv: .*
     write_priv: .*
-    tags: management
   tags:
   - rabbitmq_cluster
   - config
@@ -140,6 +139,21 @@
   - odcs
   - odcs/backend
 
+- name: Grant the admin user access to the odcs vhost
+  run_once: true
+  delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
+  rabbitmq_user:
+    user: admin
+    vhost: /odcs
+    configure_priv: .*
+    read_priv: .*
+    write_priv: .*
+  tags:
+  - rabbitmq_cluster
+  - config
+  - odcs
+  - odcs/backend
+
 - name: Grant the nagios-monitoring user access to the odcs vhost
   run_once: true
   delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
@@ -149,7 +163,6 @@
     configure_priv: "^$"
     read_priv: "^$"
     write_priv: "^$"
-    tags: monitoring
   tags:
   - rabbitmq_cluster
   - config