From a44d3f81453598e7d66b6025e46078667da69344 Mon Sep 17 00:00:00 2001 From: bmeehan Date: Wed, 13 Mar 2024 09:11:19 +1100 Subject: [PATCH 1/5] ITPLT-3591 allow basic_auth creds from secrets_manager --- roles/bitbucket_mesh/defaults/main.yml | 6 +++++- roles/bitbucket_mesh/tasks/main.yml | 24 ++++++++++++++++++++---- 2 files changed, 25 insertions(+), 5 deletions(-) diff --git a/roles/bitbucket_mesh/defaults/main.yml b/roles/bitbucket_mesh/defaults/main.yml index cb3e292..555d898 100644 --- a/roles/bitbucket_mesh/defaults/main.yml +++ b/roles/bitbucket_mesh/defaults/main.yml @@ -1,3 +1,7 @@ mesh_install_dir: /opt/atlassian/mesh bitbucket_mesh_maven_repo: https://packages.atlassian.com/maven-external -bitbucket_mesh_version: "1.3.1" \ No newline at end of file +bitbucket_mesh_version: "1.3.1" + +# if basic_auth is required for download of atlassian installable artifact, provide the name of an AWS Secrets Manager secret +# with values for both password and username +atl_download_secret_name: '' \ No newline at end of file diff --git a/roles/bitbucket_mesh/tasks/main.yml b/roles/bitbucket_mesh/tasks/main.yml index 5de31ba..0105214 100644 --- a/roles/bitbucket_mesh/tasks/main.yml +++ b/roles/bitbucket_mesh/tasks/main.yml @@ -13,15 +13,31 @@ - "{{ atl_home_base }}/{{ atl_product_user }}" - "{{ mesh_install_dir }}" +# optionally grab basic_auth creds from secrets_manager secret called 'download_atlassian' +- name: set basic_auth facts if the secret exists + ansible.builtin.set_fact: + download_atlassian_password: "{{ lookup('amazon.aws.aws_secret', atl_download_secret_name + '.password', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" + download_atlassian_username: "{{ lookup('amazon.aws.aws_secret', atl_download_secret_name + '.username', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" + failed_when: false + ignore_errors: yes + no_log: true + when: + - ansible_ec2_placement_region is defined + - atl_download_secret_name is defined + tags: + - runtime_pkg + - name: download the mesh distribution using maven community.general.maven_artifact: - group_id: "com.atlassian.bitbucket.mesh" artifact_id: "mesh-distribution" - extension: "tar.gz" - version: "{{ atl_product_version }}" - repository_url: "{{ bitbucket_mesh_maven_repo }}" dest: "{{ mesh_install_dir }}" + extension: "tar.gz" + group_id: "com.atlassian.bitbucket.mesh" keep_name: yes + password: "{{ download_atlassian_password | default(omit) }}" + repository_url: "{{ bitbucket_mesh_maven_repo }}" + username: "{{ download_atlassian_username | default(omit) }}" + version: "{{ atl_product_version }}" mode: "0644" owner: "{{ atl_product_user_uid }}" group: "{{ atl_product_user_uid }}" From 5af606f7be44faa09a2730923557c7626725bb7c Mon Sep 17 00:00:00 2001 From: bmeehan Date: Wed, 13 Mar 2024 09:18:46 +1100 Subject: [PATCH 2/5] ITPLT-3591 fix indent --- roles/bitbucket_mesh/tasks/main.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/bitbucket_mesh/tasks/main.yml b/roles/bitbucket_mesh/tasks/main.yml index 0105214..814a038 100644 --- a/roles/bitbucket_mesh/tasks/main.yml +++ b/roles/bitbucket_mesh/tasks/main.yml @@ -15,16 +15,16 @@ # optionally grab basic_auth creds from secrets_manager secret called 'download_atlassian' - name: set basic_auth facts if the secret exists - ansible.builtin.set_fact: + ansible.builtin.set_fact: download_atlassian_password: "{{ lookup('amazon.aws.aws_secret', atl_download_secret_name + '.password', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" download_atlassian_username: "{{ lookup('amazon.aws.aws_secret', atl_download_secret_name + '.username', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" - failed_when: false - ignore_errors: yes - no_log: true - when: + failed_when: false + ignore_errors: yes + no_log: true + when: - ansible_ec2_placement_region is defined - atl_download_secret_name is defined - tags: + tags: - runtime_pkg - name: download the mesh distribution using maven From 89773b68f37511ecd9a37b121c34c11df3bb76ef Mon Sep 17 00:00:00 2001 From: bmeehan Date: Wed, 13 Mar 2024 09:19:32 +1100 Subject: [PATCH 3/5] ITPLT-3591 fix indent --- roles/bitbucket_mesh/tasks/main.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/roles/bitbucket_mesh/tasks/main.yml b/roles/bitbucket_mesh/tasks/main.yml index 814a038..e7b2f2b 100644 --- a/roles/bitbucket_mesh/tasks/main.yml +++ b/roles/bitbucket_mesh/tasks/main.yml @@ -15,17 +15,17 @@ # optionally grab basic_auth creds from secrets_manager secret called 'download_atlassian' - name: set basic_auth facts if the secret exists - ansible.builtin.set_fact: - download_atlassian_password: "{{ lookup('amazon.aws.aws_secret', atl_download_secret_name + '.password', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" - download_atlassian_username: "{{ lookup('amazon.aws.aws_secret', atl_download_secret_name + '.username', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" - failed_when: false - ignore_errors: yes - no_log: true - when: - - ansible_ec2_placement_region is defined - - atl_download_secret_name is defined - tags: - - runtime_pkg + ansible.builtin.set_fact: + download_atlassian_password: "{{ lookup('amazon.aws.aws_secret', atl_download_secret_name + '.password', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" + download_atlassian_username: "{{ lookup('amazon.aws.aws_secret', atl_download_secret_name + '.username', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" + failed_when: false + ignore_errors: yes + no_log: true + when: + - ansible_ec2_placement_region is defined + - atl_download_secret_name is defined + tags: + - runtime_pkg - name: download the mesh distribution using maven community.general.maven_artifact: From 79ae9dc5df8b0d191661c300df7f0f50a2cb9e7a Mon Sep 17 00:00:00 2001 From: bmeehan Date: Wed, 13 Mar 2024 09:31:29 +1100 Subject: [PATCH 4/5] ITPLT-3591 switch to using the get_url module --- roles/bitbucket_mesh/tasks/main.yml | 42 +++++++++++++++++++---------- 1 file changed, 28 insertions(+), 14 deletions(-) diff --git a/roles/bitbucket_mesh/tasks/main.yml b/roles/bitbucket_mesh/tasks/main.yml index e7b2f2b..823a4dd 100644 --- a/roles/bitbucket_mesh/tasks/main.yml +++ b/roles/bitbucket_mesh/tasks/main.yml @@ -27,21 +27,35 @@ tags: - runtime_pkg -- name: download the mesh distribution using maven - community.general.maven_artifact: - artifact_id: "mesh-distribution" +# Fetch binary and copy to temp +# optionally use basic_auth creds from secrets_manager +- name: Fetch binary + ansible.builtin.get_url: + url: "{{ atl_product_download_url }}" dest: "{{ mesh_install_dir }}" - extension: "tar.gz" - group_id: "com.atlassian.bitbucket.mesh" - keep_name: yes - password: "{{ download_atlassian_password | default(omit) }}" - repository_url: "{{ bitbucket_mesh_maven_repo }}" - username: "{{ download_atlassian_username | default(omit) }}" - version: "{{ atl_product_version }}" - mode: "0644" - owner: "{{ atl_product_user_uid }}" - group: "{{ atl_product_user_uid }}" - register: maven_download + url_password: "{{ download_atlassian_password | default(omit) }}" + url_username: "{{ download_atlassian_username | default(omit) }}" + owner: "{{ atl_product_user }}" + group: "{{ atl_product_user }}" + mode: 0644 + force: false + register: atl_product_completed + +# - name: download the mesh distribution using maven +# community.general.maven_artifact: +# artifact_id: "mesh-distribution" +# dest: "{{ mesh_install_dir }}" +# extension: "tar.gz" +# group_id: "com.atlassian.bitbucket.mesh" +# keep_name: yes +# password: "{{ download_atlassian_password | default(omit) }}" +# repository_url: "{{ bitbucket_mesh_maven_repo }}" +# username: "{{ download_atlassian_username | default(omit) }}" +# version: "{{ atl_product_version }}" +# mode: "0644" +# owner: "{{ atl_product_user_uid }}" +# group: "{{ atl_product_user_uid }}" +# register: maven_download - name: extract the downloaded artifact ansible.builtin.unarchive: From 2d4e58b73ad1621a95a0f057cdbc55e3404ac217 Mon Sep 17 00:00:00 2001 From: bmeehan Date: Wed, 13 Mar 2024 09:54:41 +1100 Subject: [PATCH 5/5] ITPLT-3591 correct the registered output var --- roles/bitbucket_mesh/tasks/main.yml | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/roles/bitbucket_mesh/tasks/main.yml b/roles/bitbucket_mesh/tasks/main.yml index 823a4dd..44f72aa 100644 --- a/roles/bitbucket_mesh/tasks/main.yml +++ b/roles/bitbucket_mesh/tasks/main.yml @@ -13,6 +13,7 @@ - "{{ atl_home_base }}/{{ atl_product_user }}" - "{{ mesh_install_dir }}" + # optionally grab basic_auth creds from secrets_manager secret called 'download_atlassian' - name: set basic_auth facts if the secret exists ansible.builtin.set_fact: @@ -39,23 +40,7 @@ group: "{{ atl_product_user }}" mode: 0644 force: false - register: atl_product_completed - -# - name: download the mesh distribution using maven -# community.general.maven_artifact: -# artifact_id: "mesh-distribution" -# dest: "{{ mesh_install_dir }}" -# extension: "tar.gz" -# group_id: "com.atlassian.bitbucket.mesh" -# keep_name: yes -# password: "{{ download_atlassian_password | default(omit) }}" -# repository_url: "{{ bitbucket_mesh_maven_repo }}" -# username: "{{ download_atlassian_username | default(omit) }}" -# version: "{{ atl_product_version }}" -# mode: "0644" -# owner: "{{ atl_product_user_uid }}" -# group: "{{ atl_product_user_uid }}" -# register: maven_download + register: maven_download - name: extract the downloaded artifact ansible.builtin.unarchive: