From 8ed0b1fe6194f2d59cd5edaf01e4b7ed8d7d0dae Mon Sep 17 00:00:00 2001
From: "Christian M. Adams" <rooftopcellist@gmail.com>
Date: Fri, 9 Apr 2021 16:32:59 -0400
Subject: [PATCH] Template only what is needed from secrets and awx cro

---
 ansible/templates/awxrestore_crd.yml.j2  |  2 +-
 roles/backup/tasks/awx-cro.yml           | 12 ++---
 roles/backup/tasks/postgres.yml          |  8 ++-
 roles/backup/tasks/secrets.yml           | 69 +++---------------------
 roles/backup/templates/awx_object.yml.j2 | 10 +---
 roles/backup/templates/secrets.yml.j2    | 10 ++++
 6 files changed, 28 insertions(+), 83 deletions(-)
 create mode 100644 roles/backup/templates/secrets.yml.j2

diff --git a/ansible/templates/awxrestore_crd.yml.j2 b/ansible/templates/awxrestore_crd.yml.j2
index e7e65923..e0ba2070 100644
--- a/ansible/templates/awxrestore_crd.yml.j2
+++ b/ansible/templates/awxrestore_crd.yml.j2
@@ -51,4 +51,4 @@ spec:
                   description: Custom postgres_configuration secret name
                   type: string
               oneOf:
-                - required: ["tower_name", "tower_backup_pvc"]
+                - required: ["tower_name", "tower_backup_pvc", "tower_backup_dir"]
diff --git a/roles/backup/tasks/awx-cro.yml b/roles/backup/tasks/awx-cro.yml
index a143b75e..b4d4056e 100644
--- a/roles/backup/tasks/awx-cro.yml
+++ b/roles/backup/tasks/awx-cro.yml
@@ -20,19 +20,13 @@
   set_fact:
     awx_spec: "{{ _awx['spec'] }}"
 
-- name: Template AWX object definition
-  template:
-    src: awx_object.yml.j2
-    dest: "{{ secrets_dir.path }}/awx_object.yml"
-    mode: '0600'
-
-- name: Set AWX object template file as var
+- name: Template secrets into yaml
   set_fact:
-    awx_object_template: "{{ lookup('file', '{{ secrets_dir.path }}/awx_object.yml') }}"
+    awx_definition_file: "{{ lookup('template', 'awx_object.yml.j2')}}"
 
 - name: Write awx object to pvc
   k8s_exec:
     namespace: "{{ tower_backup_pvc_namespace }}"
     pod: "{{ meta.name }}-db-management"
     command: >-
-      bash -c "echo '{{ awx_object_template }}' > {{ backup_dir }}/awx_object.yml"
+      bash -c "echo '{{ awx_definition_file }}' > {{ backup_dir }}/awx_object.yml"
diff --git a/roles/backup/tasks/postgres.yml b/roles/backup/tasks/postgres.yml
index 25b5434f..07ed178e 100644
--- a/roles/backup/tasks/postgres.yml
+++ b/roles/backup/tasks/postgres.yml
@@ -69,13 +69,17 @@
     namespace: "{{ tower_backup_pvc_namespace }}"
     pod: "{{ meta.name }}-db-management"
     command: >-
-      chmod 0600 {{ backup_dir }}/tower.db && chown postgres:root {{ backup_dir }}/tower.db
+      bash -c "chmod 0600 {{ backup_dir }}/tower.db && chown postgres:root {{ backup_dir }}/tower.db"
+
+- name: Get the postgres pod information
+  set_fact:
+    resolvable_db_host: "{{ awx_postgres_host }}.{{ meta.namespace }}.svc.cluster.local"
 
 - name: Set pg_dump command
   set_fact:
     pgdump: >-
       pg_dump --clean --create
-      -h {{ awx_postgres_host }}
+      -h {{ resolvable_db_host }}
       -U {{ awx_postgres_user }}
       -d {{ awx_postgres_database }}
       -p {{ awx_postgres_port }}
diff --git a/roles/backup/tasks/secrets.yml b/roles/backup/tasks/secrets.yml
index 047ab863..a250ddf7 100644
--- a/roles/backup/tasks/secrets.yml
+++ b/roles/backup/tasks/secrets.yml
@@ -1,8 +1,8 @@
 ---
 
 - name: Make temp secrets directory
-  tempfile:
-    prefix: "secrets-"
+  file:
+    path: "/tmp/secrets" #-{{ lookup('password', '/dev/null chars=ascii_lowercase,digits length=8')}}"
     state: directory
   register: secrets_dir
 
@@ -17,23 +17,6 @@
   set_fact:
     secret_key: "{{ _secret_key['resources'][0]['data']['secret_key'] | b64decode }}"
 
-- name: Template secret_key definition
-  template:
-    src: secret_key_secret.yml.j2
-    dest: "{{ secrets_dir.path }}/secret_key_secret.yml"
-    mode: '0700'
-
-- name: Set secret key template
-  set_fact:
-    secret_key_template: "{{ lookup('file', '{{ secrets_dir.path }}/secret_key_secret.yml') }}"
-
-- name: Write secret_key to pvc
-  k8s_exec:
-    namespace: "{{ tower_backup_pvc_namespace }}"
-    pod: "{{ meta.name }}-db-management"
-    command: >-
-      bash -c "echo '{{ secret_key_template }}' > {{ backup_dir }}/secret_key_secret.yml"
-
 - name: Get admin_password
   k8s_info:
     kind: Secret
@@ -45,23 +28,6 @@
   set_fact:
     admin_password: "{{ _admin_password['resources'][0]['data']['password'] | b64decode }}"
 
-- name: Template admin_password definition
-  template:
-    src: admin_password_secret.yml.j2
-    dest: "{{ secrets_dir.path }}/admin_password_secret.yml"
-    mode: '0700'
-
-- name: Set admin_password template
-  set_fact:
-    admin_password_template: "{{ lookup('file', '{{ secrets_dir.path }}/admin_password_secret.yml') }}"
-
-- name: Write secret_key to pvc
-  k8s_exec:
-    namespace: "{{ tower_backup_pvc_namespace }}"
-    pod: "{{ meta.name }}-db-management"
-    command: >-
-      bash -c "echo '{{ admin_password_template }}' > {{ backup_dir }}/admin_password_secret.yml"
-
 - name: Get broadcast_websocket
   k8s_info:
     kind: Secret
@@ -71,24 +37,7 @@
 
 - name: Set broadcast_websocket key
   set_fact:
-    secret_key: "{{ _broadcast_websocket['resources'][0]['data']['secret'] | b64decode }}"
-
-- name: Template broadcast_websocket definition
-  template:
-    src: broadcast_websocket_secret.yml.j2
-    dest: "{{ secrets_dir.path }}/broadcast_websocket_secret.yml"
-    mode: '0700'
-
-- name: Set broadcast_websocket template
-  set_fact:
-    broadcast_websocket_template: "{{ lookup('file', '{{ secrets_dir.path }}/broadcast_websocket_secret.yml') }}"
-
-- name: Write broadcast_websocket definition to pvc
-  k8s_exec:
-    namespace: "{{ tower_backup_pvc_namespace }}"
-    pod: "{{ meta.name }}-db-management"
-    command: >-
-      bash -c "echo '{{ broadcast_websocket_template }}' > {{ backup_dir }}/broadcast_websocket_secret.yml"
+    broadcast_websocket: "{{ _broadcast_websocket['resources'][0]['data']['secret'] | b64decode }}"
 
 - name: Get postgres configuration
   k8s_info:
@@ -106,19 +55,13 @@
     database_host: "{{ _postgres_configuration['resources'][0]['data']['host'] | b64decode }}"
     database_type: "{{ _postgres_configuration['resources'][0]['data']['type'] | b64decode }}"
 
-- name: Template postgres configuration definition
-  template:
-    src: postgres_secret.yml.j2
-    dest: "{{ secrets_dir.path }}/postgres_secret.yml"
-    mode: '0700'
-
-- name: Set postgres configuration
+- name: Template secrets into yaml
   set_fact:
-    postgres_secret_template: "{{ lookup('file', '{{ secrets_dir.path }}/postgres_secret.yml') }}"
+    secrets_file: "{{ lookup('template', 'secrets.yml.j2')}}"
 
 - name: Write postgres configuration to pvc
   k8s_exec:
     namespace: "{{ tower_backup_pvc_namespace }}"
     pod: "{{ meta.name }}-db-management"
     command: >-
-      bash -c "echo '{{ postgres_secret_template }}' > {{ backup_dir }}/postgres_secret.yml"
+      bash -c "echo '{{ secrets_file }}' > {{ backup_dir }}/secrets.yml"
diff --git a/roles/backup/templates/awx_object.yml.j2 b/roles/backup/templates/awx_object.yml.j2
index fd4e9d92..4165a370 100644
--- a/roles/backup/templates/awx_object.yml.j2
+++ b/roles/backup/templates/awx_object.yml.j2
@@ -1,9 +1,3 @@
 ---
-apiVersion: '{{ awx_api_version }}'
-kind: AWX
-metadata:
-{% raw %}
-  name: '{{ tower_name }}'
-  namespace: '{{ meta.namespace }}'
-{% endraw %}
-spec: {{ awx_spec }}
+awx_api_version: {{ awx_api_version }}
+awx_spec: {{ awx_spec }}
diff --git a/roles/backup/templates/secrets.yml.j2 b/roles/backup/templates/secrets.yml.j2
new file mode 100644
index 00000000..94bacea2
--- /dev/null
+++ b/roles/backup/templates/secrets.yml.j2
@@ -0,0 +1,10 @@
+---
+secret_key: {{ secret_key }}
+admin_password: {{ admin_password }}
+broadcast_websocket: {{ broadcast_websocket }}
+database_password: {{ database_password }}
+database_username: {{ database_username }}
+database_name: {{ database_name }}
+database_port: {{ database_port }}
+database_host: {{ database_host }}
+database_type: {{ database_type }}