From 359e69f519148b82863ddc16b5841cd68a9e73e1 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Thu, 1 Aug 2019 15:59:38 -0700 Subject: [PATCH] rabbit/queue/tasks: allow specifying custom write_queues When creating a queue, the user is automatically created, but there is no control over what queues the user can write to. A user might need to write to queues other than ones prefixed with their name (e.g. some users need to write to 'ci.*' queues). This makes it possible to specify additional custom prefixes of queues the user will be permitted to write to. Signed-off-by: Adam Williamson --- roles/rabbit/queue/tasks/main.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/roles/rabbit/queue/tasks/main.yml b/roles/rabbit/queue/tasks/main.yml index 031b506808..846b3bcced 100644 --- a/roles/rabbit/queue/tasks/main.yml +++ b/roles/rabbit/queue/tasks/main.yml @@ -12,6 +12,11 @@ # with your username. For example, with a username of # "bodhi", your queue could be named "bodhi_masher". # - routing_keys (list): A list of strings to use as routing keys. +# +# Optional parameters: +# +# - write_queues (list): A list of queue name prefixes to which the user will +# be allowed to publish. - assert: that: @@ -25,8 +30,11 @@ rabbitmq_user: user: "{{ username }}" vhost: "{{ vhost }}" - read_priv: "^(zmq\\.topic)|^(amq\\.topic)|({{ username }}.*)$" # Read from queues prefixed with their name and bind to the topic exchange - write_priv: "^(amq\\.topic)|({{ username }}.*)$" # Write to queues prefixed with their name and publish to the topic exchange + # Read from queues prefixed with their name and bind to the topic exchange + read_priv: "^(zmq\\.topic)|^(amq\\.topic)|({{ username }}.*)$" + # Write to queues prefixed with their name and any prefixes in + # write_queues, and publish to the topic exchange + write_priv: "^(amq\\.topic)|({{ username }}.*){% for queue in write_queues|default([]) %}|({{ queue }}.*){% endfor %}$" configure_priv: "^$" # No configuration permissions state: present