blsmith/dc-deployments-automation
1
0
Fork 0
mirror of https://bitbucket.org/atlassian/dc-deployments-automation.git synced 2025-12-16 18:03:06 -06:00
Code Issues Packages Projects Releases Wiki Activity

change atl_db_password to use the aws_secrets_manager lookups

Browse Source
This commit is contained in:
Andy Rajagopalan
2020-07-29 11:54:27 -07:00
parent 18ede3f854
commit 83ab6009c8
1 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
roles/database_init/tasks/main.yml
View File

@@ -1,13 +1,14 @@
---
- name: debug message
debug: msg="{{ lookup('aws_secret','atl_db_root_password_secret', region='atl_aws_region') }}"
#- name: debug message
# debug: msg="{{ (lookup('aws_secret', atl_db_root_password_secret, region=atl_aws_region) | from_json.get('password')) }}"
- name: Create application DB user
postgresql_user:
login_host: "{{ atl_db_host }}"
login_user: "{{ atl_db_root_user }}"
login_password: "{{ atl_db_root_password }}"
#login_password: "{{ atl_db_root_password }}"
login_password: "{{ (lookup('aws_secret',atl_db_root_password_secret, region=atl_aws_region) | from_json | json_query('password')) }}"
port: "{{ atl_db_port }}"
name: "{{ atl_jdbc_user }}"
password: "{{ atl_jdbc_password }}"
@@ -17,7 +18,8 @@
postgresql_query:
login_host: "{{ atl_db_host }}"
login_user: "{{ atl_db_root_user }}"
login_password: "{{ atl_db_root_password }}"
#login_password: "{{ atl_db_root_password }}"
login_password: "{{ (lookup('aws_secret',atl_db_root_password_secret, region=atl_aws_region) | from_json | json_query('password')) }}"
db: "{{ atl_db_root_db_name }}"
query: "SELECT datname FROM pg_database;"
register: dbcluster_db_names
@@ -28,7 +30,8 @@
postgresql_privs:
login_host: "{{ atl_db_host }}"
login_user: "{{ atl_db_root_user }}"
login_password: "{{ atl_db_root_password }}"
#login_password: "{{ atl_db_root_password }}"
login_password: "{{ (lookup('aws_secret',atl_db_root_password_secret, region=atl_aws_region) | from_json | json_query('password')) }}"
database: postgres
roles: "{{ atl_db_root_user }}"
objs: "{{ atl_jdbc_user }}"
@@ -39,7 +42,8 @@
postgresql_db:
login_host: "{{ atl_db_host }}"
login_user: "{{ atl_db_root_user }}"
login_password: "{{ atl_db_root_password }}"
#login_password: "{{ atl_db_root_password }}"
login_password: "{{ (lookup('aws_secret',atl_db_root_password_secret, region=atl_aws_region) | from_json | json_query('password')) }}"
port: "{{ atl_db_port }}"
name: "{{ atl_jdbc_db_name }}"
owner: "{{ atl_jdbc_user }}"
@@ -57,7 +61,8 @@
postgresql_query:
login_host: "{{ atl_db_host }}"
login_user: "{{ atl_db_root_user }}"
login_password: "{{ atl_db_root_password }}"
#login_password: "{{ atl_db_root_password }}"
login_password: "{{ (lookup('aws_secret',atl_db_root_password_secret, region=atl_aws_region) | from_json | json_query('password')) }}"
db: "{{ atl_jdbc_db_name }}"
query: "ALTER SCHEMA public OWNER to {{ atl_db_root_user }};"
@@ -65,7 +70,8 @@
postgresql_query:
login_host: "{{ atl_db_host }}"
login_user: "{{ atl_db_root_user }}"
login_password: "{{ atl_db_root_password }}"
#login_password: "{{ atl_db_root_password }}"
login_password: "{{ (lookup('aws_secret',atl_db_root_password_secret, region=atl_aws_region) | from_json | json_query('password')) }}"
db: "{{ atl_jdbc_db_name }}"
query: "GRANT ALL ON SCHEMA public TO {{ atl_db_root_user }};"
@@ -73,6 +79,7 @@
postgresql_query:
login_host: "{{ atl_db_host }}"
login_user: "{{ atl_db_root_user }}"
login_password: "{{ atl_db_root_password }}"
#login_password: "{{ atl_db_root_password }}"
login_password: "{{ (lookup('aws_secret',atl_db_root_password_secret, region=atl_aws_region) | from_json | json_query('password')) }}"
db: "{{ atl_jdbc_db_name }}"
query: "GRANT ALL ON SCHEMA public TO {{ atl_jdbc_user }};"