mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2024-09-14 20:13:21 +02:00 
			
		
		
		
	
		
			
				
	
	
		
			230 lines
		
	
	
	
		
			7 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
			
		
		
	
	
			230 lines
		
	
	
	
		
			7 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
| #!/usr/bin/python
 | |
| # -*- coding: utf-8 -*-
 | |
| 
 | |
| # (c) 2013, Chatham Financial <oss@chathamfinancial.com>
 | |
| #
 | |
| # This file is part of Ansible
 | |
| #
 | |
| # Ansible is free software: you can redistribute it and/or modify
 | |
| # it under the terms of the GNU General Public License as published by
 | |
| # the Free Software Foundation, either version 3 of the License, or
 | |
| # (at your option) any later version.
 | |
| #
 | |
| # Ansible is distributed in the hope that it will be useful,
 | |
| # but WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 | |
| # GNU General Public License for more details.
 | |
| #
 | |
| # You should have received a copy of the GNU General Public License
 | |
| # along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
 | |
| 
 | |
| DOCUMENTATION = '''
 | |
| ---
 | |
| module: rabbitmq_user
 | |
| short_description: Adds or removes users to RabbitMQ
 | |
| description:
 | |
|   - Add or remove users to RabbitMQ and assign permissions
 | |
| version_added: "1.1"
 | |
| author: Chris Hoffman
 | |
| options:
 | |
|   user:
 | |
|     description:
 | |
|       - Name of user to add
 | |
|     required: true
 | |
|     default: null
 | |
|     aliases: [username, name]
 | |
|   password:
 | |
|     description:
 | |
|       - Password of user to add
 | |
|     required: false
 | |
|     default: null
 | |
|   tags:
 | |
|     description:
 | |
|       - User tags specified as comma delimited
 | |
|     required: false
 | |
|     default: null
 | |
|   vhost:
 | |
|     description:
 | |
|       - vhost to apply access privileges.
 | |
|     required: false
 | |
|     default: /
 | |
|   configure_priv:
 | |
|     description:
 | |
|       - Regular expression to restrict configure actions on a resource
 | |
|         for the specified vhost.
 | |
|       - By default all actions are restricted.
 | |
|     required: false
 | |
|     default: ^$
 | |
|   write_priv:
 | |
|     description:
 | |
|       - Regular expression to restrict configure actions on a resource
 | |
|         for the specified vhost.
 | |
|       - By default all actions are restricted.
 | |
|     required: false
 | |
|     default: ^$
 | |
|   read_priv:
 | |
|     description:
 | |
|       - Regular expression to restrict configure actions on a resource
 | |
|         for the specified vhost.
 | |
|       - By default all actions are restricted.
 | |
|     required: false
 | |
|     default: ^$
 | |
|   force:
 | |
|     description:
 | |
|       - Deletes and recreates the user.
 | |
|     required: false
 | |
|     default: "no"
 | |
|     choices: [ "yes", "no" ]
 | |
|   state:
 | |
|     description:
 | |
|       - Specify if user is to be added or removed
 | |
|     required: false
 | |
|     default: present
 | |
|     choices: [present, absent]
 | |
| examples:
 | |
|   - code: rabbitmq_user user=joe password=changeme vhost=/ configure_priv=.* read_priv=.* write_priv=.* state=present
 | |
|     description: Add user to server and assign full access control
 | |
| '''
 | |
| 
 | |
| class RabbitMqUser(object):
 | |
|     def __init__(self, module, username, password, tags, vhost, configure_priv, write_priv, read_priv):
 | |
|         self.module = module
 | |
|         self.username = username
 | |
|         self.password = password
 | |
|         if tags is None:
 | |
|             self.tags = list()
 | |
|         else:
 | |
|             self.tags = tags.split(',')
 | |
| 
 | |
|         permissions = dict(
 | |
|             vhost=vhost,
 | |
|             configure_priv=configure_priv,
 | |
|             write_priv=write_priv,
 | |
|             read_priv=read_priv
 | |
|         )
 | |
|         self.permissions = permissions
 | |
| 
 | |
|         self._tags = None
 | |
|         self._permissions = None
 | |
|         self._rabbitmqctl = module.get_bin_path('rabbitmqctl', True)
 | |
| 
 | |
|     def _exec(self, args, run_in_check_mode=False):
 | |
|         if not self.module.check_mode or (self.module.check_mode and run_in_check_mode):
 | |
|             cmd = [self._rabbitmqctl, '-q']
 | |
|             rc, out, err = self.module.run_command(cmd + args, check_rc=True)
 | |
|             return out.splitlines()
 | |
|         return list()
 | |
| 
 | |
|     def get(self):
 | |
|         users = self._exec(['list_users'], True)
 | |
| 
 | |
|         for user_tag in users:
 | |
|             user, tags = user_tag.split('\t')
 | |
| 
 | |
|             if user == self.username:
 | |
|                 for c in ['[',']',' ']:
 | |
|                     tags = tags.replace(c, '')
 | |
| 
 | |
|                 if tags != '':
 | |
|                     self._tags = tags.split(',')
 | |
|                 else:
 | |
|                     self._tags = list()
 | |
| 
 | |
|                 self._permissions = self._get_permissions()
 | |
|                 return True
 | |
|         return False
 | |
| 
 | |
|     def _get_permissions(self):
 | |
|         perms_out = self._exec(['list_user_permissions', self.username], True)
 | |
| 
 | |
|         for perm in perms_out:
 | |
|             vhost, configure_priv, write_priv, read_priv = perm.split('\t')
 | |
|             if vhost == self.permissions['vhost']:
 | |
|                 return dict(vhost=vhost, configure_priv=configure_priv, write_priv=write_priv, read_priv=read_priv)
 | |
| 
 | |
|         return dict()
 | |
| 
 | |
|     def add(self):
 | |
|         self._exec(['add_user', self.username, self.password])
 | |
| 
 | |
|     def delete(self):
 | |
|         self._exec(['delete_user', self.username])
 | |
| 
 | |
|     def set_tags(self):
 | |
|         self._exec(['set_user_tags', self.username] + self.tags)
 | |
| 
 | |
|     def set_permissions(self):
 | |
|         cmd = ['set_permissions']
 | |
|         cmd.append('-p')
 | |
|         cmd.append(self.permissions['vhost'])
 | |
|         cmd.append(self.username)
 | |
|         cmd.append(self.permissions['configure_priv'])
 | |
|         cmd.append(self.permissions['write_priv'])
 | |
|         cmd.append(self.permissions['read_priv'])
 | |
|         self._exec(cmd)
 | |
| 
 | |
|     def has_tags_modifications(self):
 | |
|         return set(self.tags) != set(self._tags)
 | |
| 
 | |
|     def has_permissions_modifications(self):
 | |
|         return self._permissions != self.permissions
 | |
| 
 | |
| def main():
 | |
|     arg_spec = dict(
 | |
|         user=dict(required=True, aliases=['username', 'name']),
 | |
|         password=dict(default=None),
 | |
|         tags=dict(default=None),
 | |
|         vhost=dict(default='/'),
 | |
|         configure_priv=dict(default='^$'),
 | |
|         write_priv=dict(default='^$'),
 | |
|         read_priv=dict(default='^$'),
 | |
|         force=dict(default='no', type='bool'),
 | |
|         state=dict(default='present', choices=['present', 'absent'])
 | |
|     )
 | |
|     module = AnsibleModule(
 | |
|         argument_spec=arg_spec,
 | |
|         supports_check_mode=True
 | |
|     )
 | |
| 
 | |
|     username = module.params['user']
 | |
|     password = module.params['password']
 | |
|     tags = module.params['tags']
 | |
|     vhost = module.params['vhost']
 | |
|     configure_priv = module.params['configure_priv']
 | |
|     write_priv = module.params['write_priv']
 | |
|     read_priv = module.params['read_priv']
 | |
|     force = module.params['force']
 | |
|     state = module.params['state']
 | |
| 
 | |
|     rabbitmq_user = RabbitMqUser(module, username, password, tags, vhost, configure_priv, write_priv, read_priv)
 | |
| 
 | |
|     changed = False
 | |
|     if rabbitmq_user.get():
 | |
|         if state == 'absent':
 | |
|             rabbitmq_user.delete()
 | |
|             changed = True
 | |
|         else:
 | |
|             if force:
 | |
|                 rabbitmq_user.delete()
 | |
|                 rabbitmq_user.add()
 | |
|                 rabbitmq_user.get()
 | |
|                 changed = True
 | |
| 
 | |
|             if rabbitmq_user.has_tags_modifications():
 | |
|                 rabbitmq_user.set_tags()
 | |
|                 changed = True
 | |
| 
 | |
|             if rabbitmq_user.has_permissions_modifications():
 | |
|                 rabbitmq_user.set_permissions()
 | |
|                 changed = True
 | |
|     elif state == 'present':
 | |
|         rabbitmq_user.add()
 | |
|         rabbitmq_user.set_tags()
 | |
|         rabbitmq_user.set_permissions()
 | |
|         changed = True
 | |
| 
 | |
|     module.exit_json(changed=changed, user=username, state=state)
 | |
| 
 | |
| # this is magic, see lib/ansible/module_common.py
 | |
| #<<INCLUDE_ANSIBLE_MODULE_COMMON>>
 | |
| main()
 |