From 83ab6009c878726e83691835e297be91cd424214 Mon Sep 17 00:00:00 2001 From: Andy Rajagopalan Date: Wed, 29 Jul 2020 11:54:27 -0700 Subject: [PATCH] change atl_db_password to use the aws_secrets_manager lookups --- roles/database_init/tasks/main.yml | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/roles/database_init/tasks/main.yml b/roles/database_init/tasks/main.yml index d726910..c4a7c88 100644 --- a/roles/database_init/tasks/main.yml +++ b/roles/database_init/tasks/main.yml @@ -1,13 +1,14 @@ --- -- name: debug message - debug: msg="{{ lookup('aws_secret','atl_db_root_password_secret', region='atl_aws_region') }}" +#- name: debug message + # debug: msg="{{ (lookup('aws_secret', atl_db_root_password_secret, region=atl_aws_region) | from_json.get('password')) }}" - name: Create application DB user postgresql_user: login_host: "{{ atl_db_host }}" login_user: "{{ atl_db_root_user }}" - login_password: "{{ atl_db_root_password }}" + #login_password: "{{ atl_db_root_password }}" + login_password: "{{ (lookup('aws_secret',atl_db_root_password_secret, region=atl_aws_region) | from_json | json_query('password')) }}" port: "{{ atl_db_port }}" name: "{{ atl_jdbc_user }}" password: "{{ atl_jdbc_password }}" @@ -17,7 +18,8 @@ postgresql_query: login_host: "{{ atl_db_host }}" login_user: "{{ atl_db_root_user }}" - login_password: "{{ atl_db_root_password }}" + #login_password: "{{ atl_db_root_password }}" + login_password: "{{ (lookup('aws_secret',atl_db_root_password_secret, region=atl_aws_region) | from_json | json_query('password')) }}" db: "{{ atl_db_root_db_name }}" query: "SELECT datname FROM pg_database;" register: dbcluster_db_names @@ -28,7 +30,8 @@ postgresql_privs: login_host: "{{ atl_db_host }}" login_user: "{{ atl_db_root_user }}" - login_password: "{{ atl_db_root_password }}" + #login_password: "{{ atl_db_root_password }}" + login_password: "{{ (lookup('aws_secret',atl_db_root_password_secret, region=atl_aws_region) | from_json | json_query('password')) }}" database: postgres roles: "{{ atl_db_root_user }}" objs: "{{ atl_jdbc_user }}" @@ -39,7 +42,8 @@ postgresql_db: login_host: "{{ atl_db_host }}" login_user: "{{ atl_db_root_user }}" - login_password: "{{ atl_db_root_password }}" + #login_password: "{{ atl_db_root_password }}" + login_password: "{{ (lookup('aws_secret',atl_db_root_password_secret, region=atl_aws_region) | from_json | json_query('password')) }}" port: "{{ atl_db_port }}" name: "{{ atl_jdbc_db_name }}" owner: "{{ atl_jdbc_user }}" @@ -57,7 +61,8 @@ postgresql_query: login_host: "{{ atl_db_host }}" login_user: "{{ atl_db_root_user }}" - login_password: "{{ atl_db_root_password }}" + #login_password: "{{ atl_db_root_password }}" + login_password: "{{ (lookup('aws_secret',atl_db_root_password_secret, region=atl_aws_region) | from_json | json_query('password')) }}" db: "{{ atl_jdbc_db_name }}" query: "ALTER SCHEMA public OWNER to {{ atl_db_root_user }};" @@ -65,7 +70,8 @@ postgresql_query: login_host: "{{ atl_db_host }}" login_user: "{{ atl_db_root_user }}" - login_password: "{{ atl_db_root_password }}" + #login_password: "{{ atl_db_root_password }}" + login_password: "{{ (lookup('aws_secret',atl_db_root_password_secret, region=atl_aws_region) | from_json | json_query('password')) }}" db: "{{ atl_jdbc_db_name }}" query: "GRANT ALL ON SCHEMA public TO {{ atl_db_root_user }};" @@ -73,6 +79,7 @@ postgresql_query: login_host: "{{ atl_db_host }}" login_user: "{{ atl_db_root_user }}" - login_password: "{{ atl_db_root_password }}" + #login_password: "{{ atl_db_root_password }}" + login_password: "{{ (lookup('aws_secret',atl_db_root_password_secret, region=atl_aws_region) | from_json | json_query('password')) }}" db: "{{ atl_jdbc_db_name }}" query: "GRANT ALL ON SCHEMA public TO {{ atl_jdbc_user }};"