community.rabbitmq.rabbitmq_user module – Manage RabbitMQ users
Note
This module is part of the community.rabbitmq collection (version 1.4.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.rabbitmq
.
To use it in a playbook, specify: community.rabbitmq.rabbitmq_user
.
Synopsis
Add or remove users to RabbitMQ and assign permissions
Parameters
Parameter |
Comments |
---|---|
Regular expression to restrict configure actions on a resource for the specified vhost. By default all actions are restricted. This option will be ignored when permissions option is used. Default: |
|
Deletes and recreates the user. Choices:
|
|
Hostname of API. |
|
Login password of the management API. |
|
login_port of access from API. Default: |
|
Specify which TCP/IP protocol will be used. Choices:
|
|
Administrator’s username the management API. |
|
erlang node name of the rabbit we wish to configure Default: |
|
Password of user to add. To change the password of an existing user, you must also specify |
|
a list of dicts, each dict contains vhost, configure_priv, write_priv, and read_priv, and represents a permission rule for that vhost. This option should be preferable when you care about all permissions of the user. You should use vhost, configure_priv, write_priv, and read_priv options instead if you care about permissions for just some vhosts. Default: |
|
Regular expression to restrict configure actions on a resource for the specified vhost. By default all actions are restricted. This option will be ignored when permissions option is used. Default: |
|
Specify if user is to be added or removed Choices:
|
|
User tags specified as comma delimited. The suggested tags to use are management, policymaker, monitoring and administrator. |
|
A list of dicts, each dict contains vhost, exchange, read_priv and write_priv, and represents a topic permission rule for that vhost. By default vhost is Supported since RabbitMQ 3.7.0. If RabbitMQ is older and topic_permissions are set, the module will fail. Default: |
|
Choices:
|
|
Name of user to add |
|
vhost to apply access privileges. This option will be ignored when permissions option is used. Default: |
|
Regular expression to restrict configure actions on a resource for the specified vhost. By default all actions are restricted. This option will be ignored when permissions option is used. Default: |
Examples
- name: |-
Add user to server and assign full access control on / vhost.
The user might have permission rules for other vhost but you don't care.
community.rabbitmq.rabbitmq_user:
user: joe
password: changeme
vhost: /
configure_priv: .*
read_priv: .*
write_priv: .*
state: present
- name: |-
Add user to server and assign full access control on / vhost.
The user doesn't have permission rules for other vhosts
community.rabbitmq.rabbitmq_user:
user: joe
password: changeme
permissions:
- vhost: /
configure_priv: .*
read_priv: .*
write_priv: .*
state: present
- name: |-
Add user to server and assign some topic permissions on / vhost.
The user doesn't have topic permission rules for other vhosts
community.rabbitmq.rabbitmq_user:
user: joe
password: changeme
topic_permissions:
- vhost: /
exchange: amq.topic
read_priv: .*
write_priv: 'prod\\.logging\\..*'
state: present
- name: Add or Update a user using the API
community.rabbitmq.rabbitmq_user:
user: joe
password: changeme
tags: monitoring
login_protocol: https
login_host: localhost
login_port: 15672
login_user: admin
login_password: changeadmin
permissions:
- vhost: /
configure_priv: .*
read_priv: .*
write_priv: .*
topic_permissions:
- vhost: /
exchange: amq.topic
read_priv: .*
write_priv: 'prod\\.logging\\..*'
state: present
- name: Remove a user using the API
community.rabbitmq.rabbitmq_user:
user: joe
password: changeme
tags: monitoring
login_protocol: https
login_host: localhost
login_port: 15672
login_user: admin
login_password: changeadmin
state: absent