From 48de31d042a085f1c52c0062a60ee4c77829a7d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Fri, 14 Feb 2020 11:22:44 +0100
Subject: [PATCH] RabbitMQ: leave it to apps to grant access to the
 nagios-monitoring user
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Because those vhosts may not be created yet when the main RabbitMQ
playbook is run.

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 roles/bodhi2/base/tasks/main.yml      | 17 ++++++++++++++++-
 roles/odcs/backend/tasks/main.yml     | 16 ++++++++++++++++
 roles/rabbitmq_cluster/tasks/main.yml | 16 ----------------
 3 files changed, 32 insertions(+), 17 deletions(-)

diff --git a/roles/bodhi2/base/tasks/main.yml b/roles/bodhi2/base/tasks/main.yml
index c98974375c..0bd4ff9fac 100644
--- a/roles/bodhi2/base/tasks/main.yml
+++ b/roles/bodhi2/base/tasks/main.yml
@@ -78,6 +78,21 @@
   - config
   - bodhi
 
+- name: Grant the nagios-monitoring user access to the bodhi vhost
+  run_once: true
+  delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
+  rabbitmq_user:
+    user: nagios-monitoring
+    vhost: /bodhi
+    configure_priv: "^$"
+    read_priv: "^$"
+    write_priv: "^$"
+    tags: monitoring
+  tags:
+  - rabbitmq_cluster
+  - config
+  - bodhi
+
 # Create a user for Celery
 # - name: Create a user for Celery usage
 #   run_once: true
@@ -106,4 +121,4 @@
   tags:
   - rabbitmq_cluster
   - config
-  - bodhi
\ No newline at end of file
+  - bodhi
diff --git a/roles/odcs/backend/tasks/main.yml b/roles/odcs/backend/tasks/main.yml
index 42b3cb5459..9bea0d49c8 100644
--- a/roles/odcs/backend/tasks/main.yml
+++ b/roles/odcs/backend/tasks/main.yml
@@ -140,6 +140,22 @@
   - odcs
   - odcs/backend
 
+- name: Grant the nagios-monitoring user access to the odcs vhost
+  run_once: true
+  delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
+  rabbitmq_user:
+    user: nagios-monitoring
+    vhost: /odcs
+    configure_priv: "^$"
+    read_priv: "^$"
+    write_priv: "^$"
+    tags: monitoring
+  tags:
+  - rabbitmq_cluster
+  - config
+  - odcs
+  - odcs/backend
+
 # Create a user with:
 - name: Create a user for odcs access
   run_once: true
diff --git a/roles/rabbitmq_cluster/tasks/main.yml b/roles/rabbitmq_cluster/tasks/main.yml
index d30f9ddb69..f12ffa6878 100644
--- a/roles/rabbitmq_cluster/tasks/main.yml
+++ b/roles/rabbitmq_cluster/tasks/main.yml
@@ -225,14 +225,6 @@
         configure_priv: "^$"
         read_priv: "^$"
         write_priv: "^$"
-      - vhost: /bodhi
-        configure_priv: "^$"
-        read_priv: "^$"
-        write_priv: "^$"
-      - vhost: /odcs
-        configure_priv: "^$"
-        read_priv: "^$"
-        write_priv: "^$"
     tags: monitoring
   when: env == "staging" and inventory_hostname.startswith('rabbitmq01')
   tags:
@@ -257,14 +249,6 @@
         configure_priv: "^$"
         read_priv: "^$"
         write_priv: "^$"
-      - vhost: /bodhi
-        configure_priv: "^$"
-        read_priv: "^$"
-        write_priv: "^$"
-      - vhost: /odcs
-        configure_priv: "^$"
-        read_priv: "^$"
-        write_priv: "^$"
     tags: monitoring
   when: env == "production" and inventory_hostname.startswith('rabbitmq01')
   tags: