From b50af67e11932cfd2f3a62d5a787dccdae6b51b0 Mon Sep 17 00:00:00 2001
From: Lee Goolsbee <lgoolsbee@atlassian.com>
Date: Tue, 12 Nov 2024 16:09:22 -0600
Subject: [PATCH] add use of download_atlassian secret to OBR downloads

---
 .../tasks/jira-servicedesk_as_obr.yml            | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/roles/product_install/tasks/jira-servicedesk_as_obr.yml b/roles/product_install/tasks/jira-servicedesk_as_obr.yml
index d9ef2d7..9f1947b 100644
--- a/roles/product_install/tasks/jira-servicedesk_as_obr.yml
+++ b/roles/product_install/tasks/jira-servicedesk_as_obr.yml
@@ -119,11 +119,27 @@
     - ansible.builtin.debug:
         var: atl_obr_download
 
+    # optionally grab basic_auth creds from secrets_manager secret called 'download_atlassian'
+    - name: set basic_auth facts if the secret exists
+      ansible.builtin.set_fact:
+        download_atlassian_password: "{{ lookup('amazon.aws.secretsmanager_secret', atl_download_secret_name + '.password', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}"
+        download_atlassian_username: "{{ lookup('amazon.aws.secretsmanager_secret', atl_download_secret_name + '.username', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}"
+      failed_when: false
+      ignore_errors: yes
+      no_log: true
+      when:
+        - ansible_ec2_placement_region is defined
+        - atl_download_secret_name is defined
+      tags:
+        - runtime_pkg
+
     # Fetch obr and copy to temp
     - name: Fetch obr
       ansible.builtin.get_url:
         url: "{{ atl_obr_download_url }}"
         dest: "{{ atl_obr_download }}"
+        url_password: "{{ download_atlassian_password | default(omit) }}"
+        url_username: "{{ download_atlassian_username | default(omit) }}"
         mode: 0755
         force: true
         timeout: 600