1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
config = dict(
routing_nitpicky=False,
routing_policy={
# The gist here is that only messages signed by the
# bodhi-app0{1,2,3,4,5,6,7,8} certificates may bear the
# "org.fedoraproject.prod.bodhi.update.request.stable" topic, or else
# they fail validation and are either dropped or marked as invalid
# (depending on the consumer's wishes).
#
# There is another option that we do not set. If `routing_nitpicky` is
# set to True, then a given message's topic *must* appear in this list
# in order for it to pass validation. For instance, we have
# routing_nitpicky set to False by default and no
# "org.fedoraproject.prod.logger.log" topics appear in this policy,
# therefore, any message bearing that topic and *any* certificate signed
# by our CA may pass validation.
#
# ** policy dynamically generated from inventory vars
# See ansible/filter_plugins/fedmsg.py for this inversion filter.
{% for topic, certs in groups | invert_fedmsg_policy(hostvars, env) %}
"{{topic}}": [
{% for cert in certs %}
"{{ cert }}",
{% endfor %}
],
{% endfor %}
},
)
|
