WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-11 10:32:27 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
7d3598ccae98efbbb1ada1c75dd75df2fd4e9d9b
fedora-infra_ansible/roles/rabbit/queue/tasks/main.yml
Adam Williamson 359e69f519 rabbit/queue/tasks: allow specifying custom write_queues 
When creating a queue, the user is automatically created, but
there is no control over what queues the user can write to. A
user might need to write to queues other than ones prefixed with
their name (e.g. some users need to write to 'ci.*' queues).
This makes it possible to specify additional custom prefixes of
queues the user will be permitted to write to.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2020-04-24 21:34:07 +02:00

64 lines
2.5 KiB
YAML
Raw Blame History

---
# Ensure a user, queue, and bindings for that queue exist in RabbitMQ.
# This is intended to be something most applications can use, but if you need
# more flexibility, just use the rabbitmq_* modules directly.
#
# Required parameters:
#
# - username (str): the username to create in RabbitMQ, which should match the
# CN of the certificate.
# - queue_name (str): The name of the queue to create. This must be prefixed
# with your username. For example, with a username of
# "bodhi", your queue could be named "bodhi_masher".
# - routing_keys (list): A list of strings to use as routing keys.
#
# Optional parameters:
#
# - write_queues (list): A list of queue name prefixes to which the user will
# be allowed to publish.
- assert:
that:
- "queue_name.startswith(username)"
fail_msg: "Your queue name must be prefixed with your username"
# See https://www.rabbitmq.com/access-control.html#permissions for details on
# the RabbitMQ permissions configuration.
- name: Create the {{ username }} user in RabbitMQ
delegate_to: "{{ rabbitmq_server }}"
rabbitmq_user:
user: "{{ username }}"
vhost: "{{ vhost }}"
# Read from queues prefixed with their name and bind to the topic exchange
read_priv: "^(zmq\\.topic)|^(amq\\.topic)|({{ username }}.*)$"
# Write to queues prefixed with their name and any prefixes in
# write_queues, and publish to the topic exchange
write_priv: "^(amq\\.topic)|({{ username }}.*){% for queue in write_queues|default([]) %}|({{ queue }}.*){% endfor %}$"
configure_priv: "^$" # No configuration permissions
state: present
- name: Create the {{ queue_name }} queue in RabbitMQ
delegate_to: "{{ rabbitmq_server }}"
rabbitmq_queue:
name: "{{ queue_name }}"
vhost: "{{ vhost }}"
auto_delete: no
durable: yes
state: present
login_user: admin
login_password: "{{ (env == 'production')|ternary(rabbitmq_admin_password_production, rabbitmq_admin_password_staging) }}"
- name: Bind the {{ queue_name }} queue to the topic exchange
delegate_to: "{{ rabbitmq_server }}"
rabbitmq_binding:
name: "amq.topic"
destination: "{{ queue_name }}"
destination_type: queue
routing_key: "{{ item }}"
vhost: "{{ vhost }}"
state: present
login_user: admin
login_password: "{{ (env == 'production')|ternary(rabbitmq_admin_password_production, rabbitmq_admin_password_staging) }}"
loop: "{{ routing_keys }}"
Reference in New Issue View Git Blame Copy Permalink