Rabbitmq: Enable communication to management API over HTTPS (#18437)

* Enable communication to management API over HTTPS.
* Specify version added tags to new parameters
* Set proper parameter type.
* Corrected version_added numbers.
* Extracted commons to ansible utils.
* Fix PEP8 error
* Fix documentation extension syntax.

Fixes #22953
This commit is contained in:
Jorge Rodriguez (A.K.A. Tiriel) 2018-10-10 06:25:08 +02:00 committed by Abhijeet Kasurde
parent 5e67981dd2
commit e7ddff1928
5 changed files with 142 additions and 110 deletions

View file

@ -0,0 +1,19 @@
# -*- coding: utf-8 -*-
#
# Copyright: (c) 2016, Jorge Rodriguez <jorge.rodriguez@tiriel.eu>
#
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
def rabbitmq_argument_spec():
return dict(
login_user=dict(default='guest', type='str'),
login_password=dict(default='guest', type='str', no_log=True),
login_host=dict(default='localhost', type='str'),
login_port=dict(default='15672', type='str'),
login_protocol=dict(default='http', choices=['http', 'https'], type='str'),
cacert=dict(required=False, type='path', default=None),
cert=dict(required=False, type='path', default=None),
key=dict(required=False, type='path', default=None),
vhost=dict(default='/', type='str'),
)

View file

@ -36,26 +36,6 @@ options:
- source exchange to create binding on.
required: true
aliases: [ "src", "source" ]
login_user:
description:
- rabbitMQ user for the connection.
default: guest
login_password:
description:
- rabbitMQ password for the connection.
default: false
login_host:
description:
- rabbitMQ host for the connection.
default: localhost
login_port:
description:
- rabbitMQ management API port.
default: 15672
vhost:
description:
- rabbitMQ virtual host.
default: "/"
destination:
description:
- destination exchange or queue for the binding.
@ -73,8 +53,11 @@ options:
default: "#"
arguments:
description:
- extra arguments for exchange. If defined this argument is a key/value dictionary.
- extra arguments for exchange. If defined this argument is a key/value dictionary
required: false
default: {}
extends_documentation_fragment:
- rabbitmq
'''
EXAMPLES = '''
@ -104,6 +87,7 @@ except ImportError:
from ansible.module_utils.six.moves.urllib import parse as urllib_parse
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.rabbitmq import rabbitmq_argument_spec
class RabbitMqBinding(object):
@ -117,13 +101,18 @@ class RabbitMqBinding(object):
self.login_password = self.module.params['login_password']
self.login_host = self.module.params['login_host']
self.login_port = self.module.params['login_port']
self.login_protocol = self.module.params['login_protocol']
self.vhost = self.module.params['vhost']
self.destination = self.module.params['destination']
self.destination_type = 'q' if self.module.params['destination_type'] == 'queue' else 'e'
self.routing_key = self.module.params['routing_key']
self.arguments = self.module.params['arguments']
self.base_url = 'http://{0}:{1}/api/bindings'.format(self.login_host,
self.login_port)
self.verify = self.module.params['cacert']
self.cert = self.module.params['cert']
self.key = self.module.params['key']
self.base_url = '{0}://{1}:{2}/api/bindings'.format(self.login_protocol,
self.login_host,
self.login_port)
self.url = '{0}/{1}/e/{2}/{3}/{4}/{5}'.format(self.base_url,
urllib_parse.quote(self.vhost, safe=''),
urllib_parse.quote(self.name, safe=''),
@ -253,6 +242,8 @@ class RabbitMqBinding(object):
urllib_parse.quote(self.destination, safe=''))
self.api_result = self.request.post(self.url,
auth=self.authentication,
verify=self.cacert,
cert=(self.cert, self.key),
headers={"content-type": "application/json"},
data=json.dumps({
'routing_key': self.routing_key,
@ -277,23 +268,20 @@ class RabbitMqBinding(object):
def main():
module = AnsibleModule(
argument_spec=dict(
argument_spec = rabbitmq_argument_spec()
argument_spec.update(
dict(
state=dict(default='present', choices=['present', 'absent'], type='str'),
name=dict(required=True, aliases=["src", "source"], type='str'),
login_user=dict(default='guest', type='str'),
login_password=dict(default='guest', type='str', no_log=True),
login_host=dict(default='localhost', type='str'),
login_port=dict(default='15672', type='str'),
vhost=dict(default='/', type='str'),
destination=dict(required=True, aliases=["dst", "dest"], type='str'),
destination_type=dict(required=True, aliases=["type", "dest_type"], choices=["queue", "exchange"],
type='str'),
routing_key=dict(default='#', type='str'),
arguments=dict(default=dict(), type='dict')
),
supports_check_mode=True
)
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
if not HAS_REQUESTS:
module.fail_json(msg="requests library is required for this module. To install, use `pip install requests`")

View file

@ -35,31 +35,6 @@ options:
choices: [ "present", "absent" ]
required: false
default: present
login_user:
description:
- rabbitMQ user for connection
required: false
default: guest
login_password:
description:
- rabbitMQ password for connection
required: false
default: false
login_host:
description:
- rabbitMQ host for connection
required: false
default: localhost
login_port:
description:
- rabbitMQ management api port
required: false
default: 15672
vhost:
description:
- rabbitMQ virtual host
required: false
default: "/"
durable:
description:
- whether exchange is durable or not
@ -90,6 +65,8 @@ options:
- extra arguments for exchange. If defined this argument is a key/value dictionary
required: false
default: {}
extends_documentation_fragment:
- rabbitmq
'''
EXAMPLES = '''
@ -114,30 +91,27 @@ except ImportError:
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.six.moves.urllib import parse as urllib_parse
from ansible.module_utils.rabbitmq import rabbitmq_argument_spec
def main():
module = AnsibleModule(
argument_spec=dict(
argument_spec = rabbitmq_argument_spec()
argument_spec.update(
dict(
state=dict(default='present', choices=['present', 'absent'], type='str'),
name=dict(required=True, type='str'),
login_user=dict(default='guest', type='str'),
login_password=dict(default='guest', type='str', no_log=True),
login_host=dict(default='localhost', type='str'),
login_port=dict(default='15672', type='str'),
vhost=dict(default='/', type='str'),
durable=dict(default=True, type='bool'),
auto_delete=dict(default=False, type='bool'),
internal=dict(default=False, type='bool'),
exchange_type=dict(default='direct', aliases=['type'], type='str'),
arguments=dict(default=dict(), type='dict')
),
supports_check_mode=True
)
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
result = dict(changed=False, name=module.params['name'])
url = "http://%s:%s/api/exchanges/%s/%s" % (
url = "%s://%s:%s/api/exchanges/%s/%s" % (
module.params['login_protocol'],
module.params['login_host'],
module.params['login_port'],
urllib_parse.quote(module.params['vhost'], ''),
@ -147,8 +121,11 @@ def main():
if not HAS_REQUESTS:
module.fail_json(msg="requests library is required for this module. To install, use `pip install requests`")
result = dict(changed=False, name=module.params['name'])
# Check if exchange already exists
r = requests.get(url, auth=(module.params['login_user'], module.params['login_password']))
r = requests.get(url, auth=(module.params['login_user'], module.params['login_password']),
verify=module.params['cacert'], cert=(module.params['cert'], module.params['key']))
if r.status_code == 200:
exchange_exists = True
@ -199,10 +176,13 @@ def main():
"internal": module.params['internal'],
"type": module.params['exchange_type'],
"arguments": module.params['arguments']
})
}),
verify=module.params['cacert'],
cert=(module.params['cert'], module.params['key'])
)
elif module.params['state'] == 'absent':
r = requests.delete(url, auth=(module.params['login_user'], module.params['login_password']))
r = requests.delete(url, auth=(module.params['login_user'], module.params['login_password']),
verify=module.params['cacert'], cert=(module.params['cert'], module.params['key']))
# RabbitMQ 3.6.7 changed this response code from 204 to 201
if r.status_code == 204 or r.status_code == 201:
@ -216,8 +196,10 @@ def main():
)
else:
result['changed'] = False
module.exit_json(**result)
module.exit_json(
changed=False,
name=module.params['name']
)
if __name__ == '__main__':

View file

@ -34,27 +34,6 @@ options:
- Only present implemented atm
choices: [ "present", "absent" ]
default: present
login_user:
description:
- rabbitMQ user for connection
default: guest
login_password:
description:
- rabbitMQ password for connection
type: bool
default: 'no'
login_host:
description:
- rabbitMQ host for connection
default: localhost
login_port:
description:
- rabbitMQ management api port
default: 15672
vhost:
description:
- rabbitMQ virtual host
default: "/"
durable:
description:
- whether queue is durable or not
@ -95,6 +74,8 @@ options:
description:
- extra arguments for queue. If defined this argument is a key/value dictionary
default: {}
extends_documentation_fragment:
- rabbitmq
'''
EXAMPLES = '''
@ -120,18 +101,16 @@ except ImportError:
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.six.moves.urllib import parse as urllib_parse
from ansible.module_utils.rabbitmq import rabbitmq_argument_spec
def main():
module = AnsibleModule(
argument_spec=dict(
argument_spec = rabbitmq_argument_spec()
argument_spec.update(
dict(
state=dict(default='present', choices=['present', 'absent'], type='str'),
name=dict(required=True, type='str'),
login_user=dict(default='guest', type='str'),
login_password=dict(default='guest', type='str', no_log=True),
login_host=dict(default='localhost', type='str'),
login_port=dict(default='15672', type='str'),
vhost=dict(default='/', type='str'),
durable=dict(default=True, type='bool'),
auto_delete=dict(default=False, type='bool'),
message_ttl=dict(default=None, type='int'),
@ -141,11 +120,12 @@ def main():
dead_letter_routing_key=dict(default=None, type='str'),
arguments=dict(default=dict(), type='dict'),
max_priority=dict(default=None, type='int')
),
supports_check_mode=True
)
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
url = "http://%s:%s/api/queues/%s/%s" % (
url = "%s://%s:%s/api/queues/%s/%s" % (
module.params['login_protocol'],
module.params['login_host'],
module.params['login_port'],
urllib_parse.quote(module.params['vhost'], ''),
@ -158,7 +138,8 @@ def main():
result = dict(changed=False, name=module.params['name'])
# Check if queue already exists
r = requests.get(url, auth=(module.params['login_user'], module.params['login_password']))
r = requests.get(url, auth=(module.params['login_user'], module.params['login_password']),
verify=module.params['cacert'], cert=(module.params['cert'], module.params['key']))
if r.status_code == 200:
queue_exists = True
@ -244,10 +225,13 @@ def main():
"durable": module.params['durable'],
"auto_delete": module.params['auto_delete'],
"arguments": module.params['arguments']
})
}),
verify=module.params['cacert'],
cert=(module.params['cert'], module.params['key'])
)
elif module.params['state'] == 'absent':
r = requests.delete(url, auth=(module.params['login_user'], module.params['login_password']))
r = requests.delete(url, auth=(module.params['login_user'], module.params['login_password']),
verify=module.params['cacert'], cert=(module.params['cert'], module.params['key']))
# RabbitMQ 3.6.7 changed this response code from 204 to 201
if r.status_code == 204 or r.status_code == 201:
@ -261,8 +245,10 @@ def main():
)
else:
result['changed'] = False
module.exit_json(**result)
module.exit_json(
changed=False,
name=module.params['name']
)
if __name__ == '__main__':

View file

@ -0,0 +1,57 @@
# Copyright: (c) 2016, Jorge Rodriguez <jorge.rodriguez@tiriel.eu>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
class ModuleDocFragment(object):
# Parameters for RabbitMQ modules
DOCUMENTATION = '''
options:
login_user:
description:
- rabbitMQ user for connection.
required: false
default: guest
login_password:
description:
- rabbitMQ password for connection.
required: false
default: false
login_host:
description:
- rabbitMQ host for connection.
required: false
default: localhost
login_port:
description:
- rabbitMQ management API port.
required: false
default: 15672
login_protocol:
description:
- rabbitMQ management API protocol.
choices: [ http , https ]
required: false
default: http
version_added: "2.3"
cacert:
description:
- CA certificate to verify SSL connection to management API.
required: false
version_added: "2.3"
cert:
description:
- Client certificate to send on SSL connections to management API.
required: false
version_added: "2.3"
key:
description:
- Private key matching the client certificate.
required: false
version_added: "2.3"
vhost:
description:
- rabbitMQ virtual host.
required: false
default: "/"
'''