Set the sent_topics for openqa

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2023-05-15 15:06:01 +02:00 · 2023-05-15 15:06:01 +02:00 · 4d36f9ed50
commit 4d36f9ed50
parent 11b3c5c935
3 changed files with 13 additions and 28 deletions
--- a/playbooks/groups/openqa.yml
+++ b/playbooks/groups/openqa.yml
@ -45,9 +45,7 @@
    username: "openqa"
    queue_name: "openqa{{ openqa_env_suffix }}_scheduler"
    routing_keys: "{{ openqa_amqp_scheduler_routing_keys }}"
-    write_queues:
-        - "ci"
-        - "openqa"
+    sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(openqa|ci)\..*
    vars:
      # yes, even the staging scheduler listens to production, it
      # has to or else it wouldn't schedule any jobs
@ -58,9 +56,7 @@
    username: "openqa{{ openqa_env_suffix }}"
    queue_name: "openqa{{ openqa_env_suffix }}_resultsdb_reporter"
    routing_keys: "{{ openqa_amqp_resultsdb_reporter_routing_keys }}"
-    write_queues:
-        - "ci"
-        - "openqa"
+    sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(openqa|ci)\..*
    vars:
      # for this role to work correctly we do need to look like a
      # staging server
@ -68,12 +64,8 @@
      env_suffix: "{{ openqa_env_suffix }}"
    tags: ['rabbit']
  - role: rabbit/queue
-    username: "openqa{{ openqa_env_suffix }}"
    queue_name: "openqa{{ openqa_env_suffix }}_wiki_reporter"
    routing_keys: "{{ openqa_amqp_wiki_reporter_routing_keys }}"
-    write_queues:
-        - "ci"
-        - "openqa"
    vars:
      # for this role to work correctly we do need to look like a
      # staging server
@ -83,12 +75,7 @@
    # relvalconsumer queue, we still use openqa auth for this as it's
    # easy that way
  - role: rabbit/queue
-    username: "openqa"
    queue_name: "openqa_relvalconsumer{{ relvalconsumer_env_suffix }}"
-    routing_keys: "{{ relvalconsumer_amqp_routing_keys }}"
-    write_queues:
-        - "ci"
-        - "openqa"
    vars:
      # yes, even the staging scheduler listens to production, it
      # has to or else it wouldn't schedule any jobs
@ -99,12 +86,8 @@
    # relvalamiconsumer queue, we still use openqa auth for this as it's
    # easy that way
  - role: rabbit/queue
-    username: "openqa"
    queue_name: "openqa_relvalamiconsumer{{ relvalconsumer_env_suffix }}"
    routing_keys: "{{ relvalamiconsumer_amqp_routing_keys }}"
-    write_queues:
-        - "ci"
-        - "openqa"
    vars:
      # yes, even the staging updater listens to production, it
      # has to as we never publish fedimg.image.publish on stg
@ -119,9 +102,7 @@
    username: "openqa{{ checkcompose_env_suffix }}"
    queue_name: "openqa{{ checkcompose_env_suffix }}_checkcomp"
    routing_keys: "{{ checkcompose_amqp_routing_keys }}"
-    write_queues:
-        - "ci"
-        - "openqa"
+    sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(openqa|ci)\..*
    vars:
      # for this role to work correctly we do need to look like a
      # staging server
@ -133,12 +114,8 @@
    # fedora_nightlies queue, we still use openqa auth for this as it's
    # easy that way
  - role: rabbit/queue
-    username: "openqa"
    queue_name: "openqa_fedora_nightlies"
    routing_keys: "{{ fedora_nightlies_amqp_routing_keys }}"
-    write_queues:
-        - "ci"
-        - "openqa"
    vars:
      env: "production"
    tags: ['rabbit']
--- a/roles/rabbit/queue/tasks/main.yml
+++ b/roles/rabbit/queue/tasks/main.yml
@ -15,8 +15,8 @@
 #
 # Optional parameters:
 #
-#   - write_queues (list): A list of queue name prefixes to which the user will
-#                          be allowed to publish.
+#   - sent_topics (str): A regular expression that must match the topic when a
+#                        message is published by this user.
 #   - thresholds (dict): A dictionary with two keys: "warning" and "critical".
 #                        The values are numbers. Generate an alert in Nagios if
 #                        the number of messages go above these values.
@ -26,6 +26,7 @@
    that:
    - "queue_name.startswith(username)"
    fail_msg: "Your queue name must be prefixed with your username"
+  when: username is defined
  tags:
    - fedora-messaging
    - rabbitmq_cluster
@ -34,6 +35,7 @@
    name: rabbit/user
  vars:
    publish_only: false
+  when: username is defined
  tags:
    - fedora-messaging
    - rabbitmq_cluster
--- a/roles/rabbit/user/tasks/main.yml
+++ b/roles/rabbit/user/tasks/main.yml
@ -8,6 +8,11 @@
 #
 #   - username (str): the username to create in RabbitMQ, which should match the
 #                     CN of the certificate.
+#
+# Optional parameters:
+#
+#   - sent_topics (str): A regular expression that must match the topic when a
+#                        message is published by this user.

 # See https://www.rabbitmq.com/access-control.html#permissions for details on
 # the RabbitMQ permissions configuration.
@ -15,6 +20,7 @@
 - name: Validate username {{ username }}
  assert:
    that:
+    - username is defined
    - username != "admin"
    - username != "guest"
    - username != "nagios-monitoring"