community.rabbitmq.rabbitmq_user module – Manage RabbitMQ users

Note

This module is part of the community.rabbitmq collection (version 1.4.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.rabbitmq.

To use it in a playbook, specify: community.rabbitmq.rabbitmq_user.

Synopsis

  • Add or remove users to RabbitMQ and assign permissions

Parameters

Parameter

Comments

configure_priv

string

Regular expression to restrict configure actions on a resource for the specified vhost.

By default all actions are restricted.

This option will be ignored when permissions option is used.

Default: "^$"

force

boolean

Deletes and recreates the user.

Choices:

  • false ← (default)

  • true

login_host

string

added in community.rabbitmq 1.3.0

Hostname of API.

login_password

string

added in community.rabbitmq 1.3.0

Login password of the management API.

login_port

string

added in community.rabbitmq 1.3.0

login_port of access from API.

Default: "15672"

login_protocol

string

added in community.rabbitmq 1.3.0

Specify which TCP/IP protocol will be used.

Choices:

  • "http" ← (default)

  • "https"

login_user

string

added in community.rabbitmq 1.3.0

Administrator’s username the management API.

node

string

erlang node name of the rabbit we wish to configure

Default: "rabbit"

password

string

Password of user to add.

To change the password of an existing user, you must also specify update_password=always.

permissions

list / elements=dictionary

a list of dicts, each dict contains vhost, configure_priv, write_priv, and read_priv, and represents a permission rule for that vhost.

This option should be preferable when you care about all permissions of the user.

You should use vhost, configure_priv, write_priv, and read_priv options instead if you care about permissions for just some vhosts.

Default: []

read_priv

string

Regular expression to restrict configure actions on a resource for the specified vhost.

By default all actions are restricted.

This option will be ignored when permissions option is used.

Default: "^$"

state

string

Specify if user is to be added or removed

Choices:

  • "present" ← (default)

  • "absent"

tags

string

User tags specified as comma delimited.

The suggested tags to use are management, policymaker, monitoring and administrator.

topic_permissions

list / elements=dictionary

added in community.rabbitmq 1.2.0

A list of dicts, each dict contains vhost, exchange, read_priv and write_priv, and represents a topic permission rule for that vhost.

By default vhost is / and exchange is amq.topic.

Supported since RabbitMQ 3.7.0. If RabbitMQ is older and topic_permissions are set, the module will fail.

Default: []

update_password

string

on_create will only set the password for newly created users. always will update passwords if they differ.

Choices:

  • "on_create" ← (default)

  • "always"

user

aliases: username, name

string / required

Name of user to add

vhost

string

vhost to apply access privileges.

This option will be ignored when permissions option is used.

Default: "/"

write_priv

string

Regular expression to restrict configure actions on a resource for the specified vhost.

By default all actions are restricted.

This option will be ignored when permissions option is used.

Default: "^$"

Examples

- name: |-
    Add user to server and assign full access control on / vhost.
    The user might have permission rules for other vhost but you don't care.
  community.rabbitmq.rabbitmq_user:
    user: joe
    password: changeme
    vhost: /
    configure_priv: .*
    read_priv: .*
    write_priv: .*
    state: present

- name: |-
    Add user to server and assign full access control on / vhost.
    The user doesn't have permission rules for other vhosts
  community.rabbitmq.rabbitmq_user:
    user: joe
    password: changeme
    permissions:
      - vhost: /
        configure_priv: .*
        read_priv: .*
        write_priv: .*
    state: present

- name: |-
    Add user to server and assign some topic permissions on / vhost.
    The user doesn't have topic permission rules for other vhosts
  community.rabbitmq.rabbitmq_user:
    user: joe
    password: changeme
    topic_permissions:
      - vhost: /
        exchange: amq.topic
        read_priv: .*
        write_priv: 'prod\\.logging\\..*'
    state: present

- name: Add or Update a user using the API
  community.rabbitmq.rabbitmq_user:
    user: joe
    password: changeme
    tags: monitoring
    login_protocol: https
    login_host: localhost
    login_port: 15672
    login_user: admin
    login_password: changeadmin
    permissions:
          - vhost: /
            configure_priv: .*
            read_priv: .*
            write_priv: .*
    topic_permissions:
      - vhost: /
        exchange: amq.topic
        read_priv: .*
        write_priv: 'prod\\.logging\\..*'
    state: present


- name: Remove a user using the API
  community.rabbitmq.rabbitmq_user:
    user: joe
    password: changeme
    tags: monitoring
    login_protocol: https
    login_host: localhost
    login_port: 15672
    login_user: admin
    login_password: changeadmin
    state: absent

Authors

  • Chris Hoffman (@chrishoffman)