community.rabbitmq.rabbitmq_user module – Manage RabbitMQ users

Note

This module is part of the community.rabbitmq collection (version 1.2.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.rabbitmq.

To use it in a playbook, specify: community.rabbitmq.rabbitmq_user.

Synopsis

  • Add or remove users to RabbitMQ and assign permissions

Parameters

Parameter

Comments

configure_priv

string

Regular expression to restrict configure actions on a resource for the specified vhost.

By default all actions are restricted.

This option will be ignored when permissions option is used.

Default: “^$”

force

boolean

Deletes and recreates the user.

Choices:

  • no ← (default)

  • yes

node

string

erlang node name of the rabbit we wish to configure

Default: “rabbit”

password

string

Password of user to add.

To change the password of an existing user, you must also specify update_password=always.

permissions

list / elements=dictionary

a list of dicts, each dict contains vhost, configure_priv, write_priv, and read_priv, and represents a permission rule for that vhost.

This option should be preferable when you care about all permissions of the user.

You should use vhost, configure_priv, write_priv, and read_priv options instead if you care about permissions for just some vhosts.

Default: []

read_priv

string

Regular expression to restrict configure actions on a resource for the specified vhost.

By default all actions are restricted.

This option will be ignored when permissions option is used.

Default: “^$”

state

string

Specify if user is to be added or removed

Choices:

  • present ← (default)

  • absent

tags

string

User tags specified as comma delimited

topic_permissions

list / elements=dictionary

added in 1.2.0 of community.rabbitmq

A list of dicts, each dict contains vhost, exchange, read_priv and write_priv, and represents a topic permission rule for that vhost.

By default vhost is / and exchange is amq.topic.

Supported since RabbitMQ 3.7.0. If RabbitMQ is older and topic_permissions are set, the module will fail.

Default: []

update_password

string

on_create will only set the password for newly created users. always will update passwords if they differ.

Choices:

  • on_create ← (default)

  • always

user

aliases: username, name

string / required

Name of user to add

vhost

string

vhost to apply access privileges.

This option will be ignored when permissions option is used.

Default: “/”

write_priv

string

Regular expression to restrict configure actions on a resource for the specified vhost.

By default all actions are restricted.

This option will be ignored when permissions option is used.

Default: “^$”

Examples

- name: |-
    Add user to server and assign full access control on / vhost.
    The user might have permission rules for other vhost but you don't care.
  community.rabbitmq.rabbitmq_user:
    user: joe
    password: changeme
    vhost: /
    configure_priv: .*
    read_priv: .*
    write_priv: .*
    state: present

- name: |-
    Add user to server and assign full access control on / vhost.
    The user doesn't have permission rules for other vhosts
  community.rabbitmq.rabbitmq_user:
    user: joe
    password: changeme
    permissions:
      - vhost: /
        configure_priv: .*
        read_priv: .*
        write_priv: .*
    state: present

- name: |-
    Add user to server and assign some topic permissions on / vhost.
    The user doesn't have topic permission rules for other vhosts
  community.rabbitmq.rabbitmq_user:
    user: joe
    password: changeme
    topic_permissions:
      - vhost: /
        exchange: amq.topic
        read_priv: .*
        write_priv: 'prod\\.logging\\..*'
    state: present

Authors

  • Chris Hoffman (@chrishoffman)