Set the RabbitMQ admin user permissions in a way that does not overwrite other vhosts

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2019-09-27 18:20:30 +02:00 · 2019-09-27 18:20:30 +02:00 · f6a71cf48d
commit f6a71cf48d
parent 71c04a9d6b
2 changed files with 20 additions and 70 deletions
--- a/roles/odcs/backend/tasks/main.yml
+++ b/roles/odcs/backend/tasks/main.yml
@ -108,38 +108,17 @@
  - odcs
  - odcs/backend

- name: Create the admin user for the odcs vhost
-  run_once: true
-  delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
-  rabbitmq_user:
-    user: admin
-    password: "{{ rabbitmq_odcs_admin_password_staging }}"
-    permissions:
-      - vhost: /odcs
-        configure_priv: .*
-        read_priv: .*
-        write_priv: .*
-    tags: management
-  when: env == "staging"
-  tags:
-  - rabbitmq_cluster
-  - config
-  - odcs
-  - odcs/backend
-
 - name: Create the admin user for the odcs vhost (prod)
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
  rabbitmq_user:
    user: admin
-    password: "{{ rabbitmq_odcs_admin_password_production }}"
-    permissions:
-      - vhost: /odcs
-        configure_priv: .*
-        read_priv: .*
-        write_priv: .*
+    password: "{{ (env == 'production')|ternary(rabbitmq_odcs_admin_password_production, rabbitmq_odcs_admin_password_staging) }}"
+    vhost: /odcs
+    configure_priv: .*
+    read_priv: .*
+    write_priv: .*
    tags: management
-  when: env != "staging"
  tags:
  - rabbitmq_cluster
  - config
@ -167,11 +146,10 @@
  delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
  rabbitmq_user:
    user: "odcs-private-queue{{ env_suffix }}"
-    permissions:
-      - vhost: /odcs
-        configure_priv: .*
-        write_priv: .*
-        read_priv: .*
+    vhost: /odcs
+    configure_priv: .*
+    write_priv: .*
+    read_priv: .*
    state: present
  tags:
  - rabbitmq_cluster