diff --git a/library/new_rabbitmq_user.py b/library/new_rabbitmq_user.py new file mode 100644 index 00000000..95f10d5e --- /dev/null +++ b/library/new_rabbitmq_user.py @@ -0,0 +1,263 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# (c) 2013, Chatham Financial +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +DOCUMENTATION = ''' +--- +module: rabbitmq_user +short_description: Adds or removes users to RabbitMQ +description: + - Add or remove users to RabbitMQ and assign permissions +version_added: "1.1" +author: Chris Hoffman +options: + user: + description: + - Name of user to add + required: true + default: null + aliases: [username, name] + password: + description: + - Password of user to add. + - To change the password of an existing user, you must also specify + C(force=yes). + required: false + default: null + tags: + description: + - User tags specified as comma delimited + required: false + default: null + vhost: + description: + - vhost to apply access privileges. + required: false + default: / + node: + description: + - erlang node name of the rabbit we wish to configure + required: false + default: rabbit + version_added: "1.2" + configure_priv: + description: + - Regular expression to restrict configure actions on a resource + for the specified vhost. + - By default all actions are restricted. + required: false + default: ^$ + write_priv: + description: + - Regular expression to restrict configure actions on a resource + for the specified vhost. + - By default all actions are restricted. + required: false + default: ^$ + read_priv: + description: + - Regular expression to restrict configure actions on a resource + for the specified vhost. + - By default all actions are restricted. + required: false + default: ^$ + force: + description: + - Deletes and recreates the user. + required: false + default: "no" + choices: [ "yes", "no" ] + state: + description: + - Specify if user is to be added or removed + required: false + default: present + choices: [present, absent] + rabbitmqctl: + description: + - Custom path to rabbitmqctl + required: false + default: null +''' + +EXAMPLES = ''' +# Add user to server and assign full access control +- rabbitmq_user: user=joe + password=changeme + vhost=/ + configure_priv=.* + read_priv=.* + write_priv=.* + state=present +''' + +class RabbitMqUser(object): + def __init__(self, module, username, password, tags, vhost, configure_priv, write_priv, read_priv, node, rabbitmqctl): + self.module = module + self.username = username + self.password = password + self.node = node + if tags is None: + self.tags = list() + else: + self.tags = tags.split(',') + + permissions = dict( + vhost=vhost, + configure_priv=configure_priv, + write_priv=write_priv, + read_priv=read_priv + ) + self.permissions = permissions + + self._tags = None + self._permissions = None + if rabbitmqctl is None: + self._rabbitmqctl = module.get_bin_path('rabbitmqctl', True) + else: + self._rabbitmqctl = rabbitmqctl + + def _exec(self, args, run_in_check_mode=False): + if not self.module.check_mode or (self.module.check_mode and run_in_check_mode): + cmd = self._rabbitmqctl.split() + ['-q', '-n', self.node] + rc, out, err = self.module.run_command(cmd + args, check_rc=True) + return out.splitlines() + return list() + + def get(self): + users = self._exec(['list_users'], True) + + for user_tag in users: + user, tags = user_tag.split('\t') + + if user == self.username: + for c in ['[',']',' ']: + tags = tags.replace(c, '') + + if tags != '': + self._tags = tags.split(',') + else: + self._tags = list() + + self._permissions = self._get_permissions() + return True + return False + + def _get_permissions(self): + perms_out = self._exec(['list_user_permissions', self.username], True) + + for perm in perms_out: + vhost, configure_priv, write_priv, read_priv = perm.split('\t') + if vhost == self.permissions['vhost']: + return dict(vhost=vhost, configure_priv=configure_priv, write_priv=write_priv, read_priv=read_priv) + + return dict() + + def add(self): + if self.password is not None: + self._exec(['add_user', self.username, self.password]) + else: + self._exec(['add_user', self.username, '']) + self._exec(['clear_password', self.username]) + + def delete(self): + self._exec(['delete_user', self.username]) + + def set_tags(self): + self._exec(['set_user_tags', self.username] + self.tags) + + def set_permissions(self): + cmd = ['set_permissions'] + cmd.append('-p') + cmd.append(self.permissions['vhost']) + cmd.append(self.username) + cmd.append(self.permissions['configure_priv']) + cmd.append(self.permissions['write_priv']) + cmd.append(self.permissions['read_priv']) + self._exec(cmd) + + def has_tags_modifications(self): + return set(self.tags) != set(self._tags) + + def has_permissions_modifications(self): + return self._permissions != self.permissions + +def main(): + arg_spec = dict( + user=dict(required=True, aliases=['username', 'name']), + password=dict(default=None), + tags=dict(default=None), + vhost=dict(default='/'), + configure_priv=dict(default='^$'), + write_priv=dict(default='^$'), + read_priv=dict(default='^$'), + force=dict(default='no', type='bool'), + state=dict(default='present', choices=['present', 'absent']), + node=dict(default='rabbit'), + rabbitmqctl=dict(default=None, aliases=['rabbitmqctl']), + ) + module = AnsibleModule( + argument_spec=arg_spec, + supports_check_mode=True + ) + + username = module.params['user'] + password = module.params['password'] + tags = module.params['tags'] + vhost = module.params['vhost'] + configure_priv = module.params['configure_priv'] + write_priv = module.params['write_priv'] + read_priv = module.params['read_priv'] + force = module.params['force'] + state = module.params['state'] + node = module.params['node'] + rabbitmqctl = module.params['rabbitmqctl'] + + rabbitmq_user = RabbitMqUser(module, username, password, tags, vhost, configure_priv, write_priv, read_priv, node, rabbitmqctl) + + changed = False + if rabbitmq_user.get(): + if state == 'absent': + rabbitmq_user.delete() + changed = True + else: + if force: + rabbitmq_user.delete() + rabbitmq_user.add() + rabbitmq_user.get() + changed = True + + if rabbitmq_user.has_tags_modifications(): + rabbitmq_user.set_tags() + changed = True + + if rabbitmq_user.has_permissions_modifications(): + rabbitmq_user.set_permissions() + changed = True + elif state == 'present': + rabbitmq_user.add() + rabbitmq_user.set_tags() + rabbitmq_user.set_permissions() + changed = True + + module.exit_json(changed=changed, user=username, state=state) + +# import module snippets +from ansible.module_utils.basic import * +main() diff --git a/library/new_rabbitmq_vhost.py b/library/new_rabbitmq_vhost.py new file mode 100644 index 00000000..88435f46 --- /dev/null +++ b/library/new_rabbitmq_vhost.py @@ -0,0 +1,157 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# (c) 2013, Chatham Financial +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +DOCUMENTATION = ''' +--- +module: rabbitmq_vhost +short_description: Manage the state of a virtual host in RabbitMQ +description: + - Manage the state of a virtual host in RabbitMQ +version_added: "1.1" +author: Chris Hoffman +options: + name: + description: + - The name of the vhost to manage + required: true + default: null + aliases: [vhost] + node: + description: + - erlang node name of the rabbit we wish to configure + required: false + default: rabbit + version_added: "1.2" + tracing: + description: + - Enable/disable tracing for a vhost + default: "no" + choices: [ "yes", "no" ] + aliases: [trace] + state: + description: + - The state of vhost + default: present + choices: [present, absent] + rabbitmqctl: + description: + - Custom path to rabbitmqctl + required: false + default: null +''' + +EXAMPLES = ''' +# Ensure that the vhost /test exists. +- rabbitmq_vhost: name=/test state=present +''' + +class RabbitMqVhost(object): + def __init__(self, module, name, tracing, node, rabbitmqctl): + self.module = module + self.name = name + self.tracing = tracing + self.node = node + + self._tracing = False + if rabbitmqctl is None: + self._rabbitmqctl = module.get_bin_path('rabbitmqctl', True) + else: + self._rabbitmqctl = rabbitmqctl + + def _exec(self, args, run_in_check_mode=False): + if not self.module.check_mode or (self.module.check_mode and run_in_check_mode): + cmd = self._rabbitmqctl.split() + ['-q', '-n', self.node] + rc, out, err = self.module.run_command(cmd + args, check_rc=True) + return out.splitlines() + return list() + + def get(self): + vhosts = self._exec(['list_vhosts', 'name', 'tracing'], True) + + for vhost in vhosts: + name, tracing = vhost.split('\t') + if name == self.name: + self._tracing = self.module.boolean(tracing) + return True + return False + + def add(self): + return self._exec(['add_vhost', self.name]) + + def delete(self): + return self._exec(['delete_vhost', self.name]) + + def set_tracing(self): + if self.tracing != self._tracing: + if self.tracing: + self._enable_tracing() + else: + self._disable_tracing() + return True + return False + + def _enable_tracing(self): + return self._exec(['trace_on', '-p', self.name]) + + def _disable_tracing(self): + return self._exec(['trace_off', '-p', self.name]) + + +def main(): + arg_spec = dict( + name=dict(required=True, aliases=['vhost']), + rabbitmqctl=dict(default=None, aliases=['rabbitmqctl']), + tracing=dict(default='off', aliases=['trace'], type='bool'), + state=dict(default='present', choices=['present', 'absent']), + node=dict(default='rabbit'), + ) + + module = AnsibleModule( + argument_spec=arg_spec, + supports_check_mode=True + ) + + name = module.params['name'] + rabbitmqctl = module.params['rabbitmqctl'] + tracing = module.params['tracing'] + state = module.params['state'] + node = module.params['node'] + + rabbitmq_vhost = RabbitMqVhost(module, name, tracing, node, rabbitmqctl) + + changed = False + if rabbitmq_vhost.get(): + if state == 'absent': + rabbitmq_vhost.delete() + changed = True + else: + if rabbitmq_vhost.set_tracing(): + changed = True + elif state == 'present': + rabbitmq_vhost.add() + rabbitmq_vhost.set_tracing() + changed = True + + module.exit_json(changed=changed, name=name, state=state) + +# import module snippets +from ansible.module_utils.basic import * +main()