add acl templating
This commit is contained in:
parent
c11da09e29
commit
51dc588864
@ -24,6 +24,18 @@ mosquitto_password_auth_file: "{{ mosquitto_base_dir }}/passwd"
|
||||
|
||||
mosquitto_acl_enabled: False
|
||||
mosquitto_acl_file: "{{ mosquitto_base_dir }}/aclfile"
|
||||
# mosquitto_acl: (defaults to not set)
|
||||
# - iot:
|
||||
# user: admin
|
||||
# acl_base: topic # (topic|pattern, defaults to topic)
|
||||
# acl_topic: "#"
|
||||
# acl_policy: readwrite
|
||||
# - readonly_iot:
|
||||
# user: user1
|
||||
# acl_base: topic
|
||||
# acl_topic: my/devices
|
||||
# acl_policy: readwrite
|
||||
|
||||
|
||||
mosquitto_tls_enabled: False
|
||||
mosquitto_ca_path: /etc/pki/tls/certs/
|
||||
|
@ -16,20 +16,31 @@
|
||||
when: not __mosquitto_passwd.stat.exists
|
||||
|
||||
# TODO: ugly workaround, move this to a custom module
|
||||
- name: Add users to password file
|
||||
shell: "mosquitto_passwd -b {{ mosquitto_password_auth_file }} {{ item.key }} {{ item.value.password }}"
|
||||
with_dict: "{{ mosquitto_password_auth_users | default('{}') }}"
|
||||
when: item.value.state == "present"
|
||||
changed_when: False
|
||||
no_log: True
|
||||
become: True
|
||||
become_user: root
|
||||
- block:
|
||||
- name: Add users to password file
|
||||
shell: "mosquitto_passwd -b {{ mosquitto_password_auth_file }} {{ item.key }} {{ item.value.password }}"
|
||||
with_dict: "{{ mosquitto_password_auth_users | default('{}') }}"
|
||||
when: item.value.state == "present"
|
||||
changed_when: False
|
||||
no_log: True
|
||||
|
||||
- name: Remove unnecessary users from password file
|
||||
shell: "mosquitto_passwd -D {{ mosquitto_password_auth_file }} {{ item.key }}"
|
||||
with_dict: "{{ mosquitto_password_auth_users | default('{}') }}"
|
||||
when: item.value.state == "absent"
|
||||
changed_when: False
|
||||
no_log: True
|
||||
- name: Remove unnecessary users from password file
|
||||
shell: "mosquitto_passwd -D {{ mosquitto_password_auth_file }} {{ item.key }}"
|
||||
with_dict: "{{ mosquitto_password_auth_users | default('{}') }}"
|
||||
when: item.value.state == "absent"
|
||||
changed_when: False
|
||||
no_log: True
|
||||
|
||||
- name: Create acl file at '{{ mosquitto_acl_file }}'
|
||||
template:
|
||||
src: "etc/mosquitto/acl.j2"
|
||||
dest: "{{ mosquitto_acl_file }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0600
|
||||
with_dict: "{{ mosquitto_password_auth_users | default('{}') }}"
|
||||
when:
|
||||
- mosquitto_acl_enabled
|
||||
- mosquitto_acl
|
||||
become: True
|
||||
become_user: root
|
||||
|
8
templates/etc/mosquitto/aclfile.j2
Normal file
8
templates/etc/mosquitto/aclfile.j2
Normal file
@ -0,0 +1,8 @@
|
||||
# {{ ansible_managed }}
|
||||
|
||||
{% for item in mosquitto_acl.values() %}
|
||||
{% if not item.user == "all" %}
|
||||
{{ item.user }}
|
||||
{% endif %}
|
||||
{{ item.acl_base if item.acl_base is defined else 'topic' }} {{ item.acl_policy }} {{ item.acl_topic }}
|
||||
{% endfor %}
|
@ -1,2 +0,0 @@
|
||||
##{{ ansible_managed }}
|
||||
demo:test
|
Loading…
Reference in New Issue
Block a user