From ed6ac1a11a6fcaaae6c0c62a69c29c22769e90a1 Mon Sep 17 00:00:00 2001 From: Christian Adams Date: Mon, 11 Mar 2024 16:34:43 -0400 Subject: [PATCH] Create a new postgres configuration secret when restoring a new instance (#1733) - This will avoid the operator changing the host value of the original deployments postgres_configuration_secret. As it was, restores broke the original deployment if it was still around before this change. Signed-off-by: Christian M. Adams --- roles/restore/tasks/secrets.yml | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/roles/restore/tasks/secrets.yml b/roles/restore/tasks/secrets.yml index 04ad21fdc..89a0454d8 100644 --- a/roles/restore/tasks/secrets.yml +++ b/roles/restore/tasks/secrets.yml @@ -19,6 +19,18 @@ include_vars: "{{ tmp_secrets.path }}" no_log: "{{ no_log }}" +- name: If deployment is managed, set the new postgres_configuration_secret name + block: + - name: Set new postgres_configuration_secret name + set_fact: + _generated_pg_secret_name: "{{ deployment_name }}-postgres-configuration" + + - name: Override postgres_configuration_secret + set_fact: + spec: + "{{ spec | combine({'postgres_configuration_secret': _generated_pg_secret_name}, recursive=True) }}" + when: secrets['postgresConfigurationSecret']['data']['type'] | b64decode == 'managed' + - name: If deployment is managed, set the database_host in the pg config secret block: - name: Set new database host @@ -31,12 +43,18 @@ _pg_secret: "{{ secrets['postgresConfigurationSecret'] }}" no_log: "{{ no_log }}" - - name: Change postgres host value + - name: Change postgres host and name value set_fact: _pg_data: "{{ _pg_secret['data'] | combine({'host': database_host | b64encode }) }}" + _pg_secret_name: "{{ deployment_name }}-postgres-configuration" + no_log: "{{ no_log }}" + + - name: Override postgres secret name + set_fact: + _pg_secret: "{{ _pg_secret | combine({'name': _pg_secret_name}) }}" no_log: "{{ no_log }}" - - name: Create a postgres secret with the new host value + - name: Override postgres secret host with new Postgres service set_fact: _pg_secret: "{{ _pg_secret | combine({'data': _pg_data}) }}" no_log: "{{ no_log }}"