mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-04-30 21:41:53 +08:00
56 lines
1.6 KiB
YAML
56 lines
1.6 KiB
YAML
---
|
|
|
|
# Ensure a user exists in RabbitMQ with permissions to only publish.
|
|
# This is intended to be something most applications can use, but if you need
|
|
# more flexibility, just use the rabbitmq_user module directly.
|
|
#
|
|
# Required parameters:
|
|
#
|
|
# - user_name (str): the username to create in RabbitMQ, which should match the
|
|
# CN of the certificate.
|
|
#
|
|
# Optional parameters:
|
|
#
|
|
# - user_sent_topics (str): A regular expression that must match the topic when a
|
|
# message is published by this user.
|
|
|
|
# See https://www.rabbitmq.com/access-control.html#permissions for details on
|
|
# the RabbitMQ permissions configuration.
|
|
|
|
- name: Validate username {{ user_name }}
|
|
assert:
|
|
that:
|
|
- user_name is defined
|
|
- user_name != "admin"
|
|
- user_name != "guest"
|
|
- user_name != "nagios-monitoring"
|
|
fail_msg: "This user name is reserved"
|
|
tags:
|
|
- config
|
|
- fedora-messaging
|
|
- rabbitmq_cluster
|
|
|
|
- debug:
|
|
msg: "Topic permissions: {{ user_topic_permissions }}"
|
|
tags:
|
|
- config
|
|
- fedora-messaging
|
|
- rabbitmq_cluster
|
|
|
|
# See https://www.rabbitmq.com/access-control.html#permissions for details on
|
|
# the RabbitMQ permissions configuration.
|
|
- name: Create the {{ user_name }} user in RabbitMQ
|
|
delegate_to: "{{ user_rabbitmq_server }}"
|
|
community.rabbitmq.rabbitmq_user:
|
|
user: "{{ user_name }}"
|
|
vhost: "{{ user_vhost }}"
|
|
read_priv: "{{ user_read_priv }}"
|
|
write_priv: "{{ user_write_priv }}"
|
|
configure_priv: "^$" # No configuration permissions
|
|
topic_permissions: "{{ user_topic_permissions }}"
|
|
state: present
|
|
tags:
|
|
- config
|
|
- fedora-messaging
|
|
- rabbitmq_cluster
|