internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-05-06 05:12:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
shanemcd-patch-1
awx-operator/roles/restore/tasks/secrets.yml
Christian M. Adams bfec61ad8d Dynamically collect secrets for backup & restore roles 
- This prevents us from overwriting vars unintentionally at restore time
  - This will make it easier to add secrets to be backed up in the future
  - Add generated secret names to awx spec backup
  - Fail early if secret status doesn't exist
  - Skip if secret is not in spec for non-generated secrets
  - Secret values must be b64 decoded before secret is created
  - Cleanup temp files
2021-06-15 14:17:02 -04:00

56 lines
1.5 KiB
YAML
Raw Permalink Blame History

---
- name: Get secret definition from pvc
k8s_exec:
namespace: "{{ backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-
bash -c "cat '{{ backup_dir }}/secrets.yml'"
register: _secrets
- name: Create Temporary secrets file
tempfile:
state: file
suffix: .json
register: tmp_secrets
- name: Write vars to file locally
copy:
dest: "{{ tmp_secrets.path }}"
content: "{{ _secrets.stdout }}"
mode: 0640
- name: Include secret vars from backup
include_vars: "{{ tmp_secrets.path }}"
- name: If deployment is managed, set the database_host in the pg config secret
block:
- name: Set new database host
set_fact:
database_host: "{{ deployment_name }}-postgres"
- name: Set tmp postgres secret dict
set_fact:
_pg_secret: "{{ secrets['postgresConfigurationSecret'] }}"
- name: Change postgres host value
set_fact:
_pg_data: "{{ _pg_secret['data'] | combine({'host': database_host | b64encode }) }}"
- name: Create a postgres secret with the new host value
set_fact:
_pg_secret: "{{ _pg_secret | combine({'data': _pg_data}) }}"
- name: Create a new dict of secrets with the new postgres secret
set_fact:
secrets: "{{ secrets | combine({'postgresConfigurationSecret': _pg_secret}) }}"
when: secrets['postgresConfigurationSecret']['data']['type'] | b64decode == 'managed'
- name: Apply secret
k8s:
state: present
namespace: "{{ meta.namespace }}"
apply: yes
wait: yes
template: "secrets.yml.j2"
Reference in New Issue View Git Blame Copy Permalink