Take some precautions against misuse of the rabbit roles

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2019-09-27 18:21:04 +02:00 · 2019-09-27 18:21:04 +02:00 · 449b5988d0
commit 449b5988d0
parent f6a71cf48d
2 changed files with 19 additions and 0 deletions
--- a/roles/rabbit/queue/tasks/main.yml
+++ b/roles/rabbit/queue/tasks/main.yml
@ -28,6 +28,15 @@
    fail_msg: "Your queue name must be prefixed with your username"
  tags: fedora-messaging

+- name: Validate the user parameter
+  assert:
+    that:
+    - username != "admin"
+    - username != "guest"
+    - username != "nagios-monitoring"
+    fail_msg: "This user name is reserved"
+  tags: fedora-messaging
+
 # See https://www.rabbitmq.com/access-control.html#permissions for details on
 # the RabbitMQ permissions configuration.
 - name: Create the {{ username }} user in RabbitMQ
--- a/roles/rabbit/user/tasks/main.yml
+++ b/roles/rabbit/user/tasks/main.yml
@ -11,6 +11,16 @@

 # See https://www.rabbitmq.com/access-control.html#permissions for details on
 # the RabbitMQ permissions configuration.
+
+- name: Validate parameters
+  assert:
+    that:
+    - username != "admin"
+    - username != "guest"
+    - username != "nagios-monitoring"
+    fail_msg: "This user name is reserved"
+  tags: fedora-messaging
+
 - name: Create the user in RabbitMQ
  delegate_to: "{{ rabbitmq_server }}"
  rabbitmq_user: