mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-05-04 14:03:32 +08:00
56 lines
1.6 KiB
YAML
56 lines
1.6 KiB
YAML
---
|
|
|
|
# Ensure a user exists in RabbitMQ with permissions to only publish.
|
|
# This is intended to be something most applications can use, but if you need
|
|
# more flexibility, just use the rabbitmq_user module directly.
|
|
#
|
|
# Required parameters:
|
|
#
|
|
# - username (str): the username to create in RabbitMQ, which should match the
|
|
# CN of the certificate.
|
|
#
|
|
# Optional parameters:
|
|
#
|
|
# - sent_topics (str): A regular expression that must match the topic when a
|
|
# message is published by this user.
|
|
|
|
# See https://www.rabbitmq.com/access-control.html#permissions for details on
|
|
# the RabbitMQ permissions configuration.
|
|
|
|
- name: Validate username {{ username }}
|
|
assert:
|
|
that:
|
|
- username is defined
|
|
- username != "admin"
|
|
- username != "guest"
|
|
- username != "nagios-monitoring"
|
|
fail_msg: "This user name is reserved"
|
|
tags:
|
|
- config
|
|
- fedora-messaging
|
|
- rabbitmq_cluster
|
|
|
|
- debug:
|
|
msg: "Topic permissions: {{ topic_permissions }}"
|
|
tags:
|
|
- config
|
|
- fedora-messaging
|
|
- rabbitmq_cluster
|
|
|
|
# See https://www.rabbitmq.com/access-control.html#permissions for details on
|
|
# the RabbitMQ permissions configuration.
|
|
- name: Create the {{ username }} user in RabbitMQ
|
|
delegate_to: "{{ rabbitmq_server }}"
|
|
community.rabbitmq.rabbitmq_user:
|
|
user: "{{ username }}"
|
|
vhost: "{{ vhost }}"
|
|
read_priv: "{{ read_priv }}"
|
|
write_priv: "{{ write_priv }}"
|
|
configure_priv: "^$" # No configuration permissions
|
|
topic_permissions: "{{ topic_permissions }}"
|
|
state: present
|
|
tags:
|
|
- config
|
|
- fedora-messaging
|
|
- rabbitmq_cluster
|