From a8520c60ce84fc6a1cdcab15c646419b9ebec735 Mon Sep 17 00:00:00 2001
From: Chris Balmer <git@chrisbalmer.io>
Date: Thu, 11 Mar 2021 20:57:56 -0500
Subject: [PATCH 1/3] First run at adding splunk.secret text option

---
 roles/splunk/defaults/main.yml                 |  3 ++-
 roles/splunk/tasks/configure_splunk_secret.yml | 14 +++++++++++++-
 roles/splunk/templates/splunk.secret.j2        |  1 +
 scripts/generate-secrets.sh                    | 12 ++++++++++++
 4 files changed, 28 insertions(+), 2 deletions(-)
 create mode 100644 roles/splunk/templates/splunk.secret.j2
 create mode 100755 scripts/generate-secrets.sh

diff --git a/roles/splunk/defaults/main.yml b/roles/splunk/defaults/main.yml
index e3dfb3e9..4f3f2944 100644
--- a/roles/splunk/defaults/main.yml
+++ b/roles/splunk/defaults/main.yml
@@ -20,7 +20,8 @@ clientName: undefined
 splunk_admin_username: admin
 splunk_admin_password: undefined # Use ansible-vault encrypt_string, e.g. ansible-vault encrypt_string --ask-vault-pass 'var_value_to_encrypt' --name 'var_name'
 splunk_configure_secret: false # If set to true, you need to update files/splunk.secret
-splunk_secret_file: splunk.secret # Used to specify your splunk.secret filename(s), files should be placed in the "files" folder of the role
+#splunk_secret_file: splunk.secret # Used to specify your splunk.secret filename(s), files should be placed in the "files" folder of the role
+#splunk_secret_text: 
 # Although there are tasks for the following Splunk configurations in this role, they are not included in any tasks by default. You can add them to your install_splunk.yml if you would like to have Ansible manage any of these files
 splunk_configure_authentication: false
 ad_bind_password: undefined # Use ansible-vault encrypt_string, e.g. ansible-vault encrypt_string --ask-vault-pass 'var_value_to_encrypt' --name 'var_name'
diff --git a/roles/splunk/tasks/configure_splunk_secret.yml b/roles/splunk/tasks/configure_splunk_secret.yml
index 4c8d0f67..a0dc2f5f 100644
--- a/roles/splunk/tasks/configure_splunk_secret.yml
+++ b/roles/splunk/tasks/configure_splunk_secret.yml
@@ -7,4 +7,16 @@
     mode: 0644
   become: true
   notify: restart splunk
-  when: splunk_configure_secret
+  when: splunk_configure_secret and splunk_secret_file is defined
+
+- name: Install splunk.secret
+  template:
+    src: splunk.secret.j2
+    dest: "{{ splunk_home }}/etc/auth/splunk.secret"
+    owner: "{{ splunk_nix_user }}"
+    group: "{{ splunk_nix_group }}"
+    mode: 0644
+  become: true
+  notify: restart splunk
+  when: splunk_configure_secret and splunk_secret_text is defined
+
diff --git a/roles/splunk/templates/splunk.secret.j2 b/roles/splunk/templates/splunk.secret.j2
new file mode 100644
index 00000000..dfdee4f9
--- /dev/null
+++ b/roles/splunk/templates/splunk.secret.j2
@@ -0,0 +1 @@
+{{ splunk_secret_text }}
\ No newline at end of file
diff --git a/scripts/generate-secrets.sh b/scripts/generate-secrets.sh
new file mode 100755
index 00000000..e56fb00c
--- /dev/null
+++ b/scripts/generate-secrets.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+
+docker_id=$(docker run --rm -d -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=doesntmatter" splunk/universalforwarder)
+
+while [ ! $(docker inspect --format '{{json .State.Health.Status}}' $docker_id) = "\"healthy\"" ]
+do
+  sleep 2
+done
+
+docker exec $docker_id sudo cat /opt/splunkforwarder/etc/auth/splunk.secret
+docker container stop $docker_id

From 05401eecf0091f8b0431f02833d7f43fdfa66695 Mon Sep 17 00:00:00 2001
From: Chris Balmer <git@chrisbalmer.io>
Date: Wed, 17 Mar 2021 19:56:07 -0400
Subject: [PATCH 2/3] Making changes to align with role standards

---
 roles/splunk/defaults/main.yml                 |  4 ++--
 roles/splunk/tasks/configure_splunk_secret.yml |  4 ++--
 scripts/generate-secrets.sh                    | 12 ------------
 3 files changed, 4 insertions(+), 16 deletions(-)
 delete mode 100755 scripts/generate-secrets.sh

diff --git a/roles/splunk/defaults/main.yml b/roles/splunk/defaults/main.yml
index 4f3f2944..d508d2ab 100644
--- a/roles/splunk/defaults/main.yml
+++ b/roles/splunk/defaults/main.yml
@@ -20,8 +20,8 @@ clientName: undefined
 splunk_admin_username: admin
 splunk_admin_password: undefined # Use ansible-vault encrypt_string, e.g. ansible-vault encrypt_string --ask-vault-pass 'var_value_to_encrypt' --name 'var_name'
 splunk_configure_secret: false # If set to true, you need to update files/splunk.secret
-#splunk_secret_file: splunk.secret # Used to specify your splunk.secret filename(s), files should be placed in the "files" folder of the role
-#splunk_secret_text: 
+splunk_secret_file: undefined # Used to specify your splunk.secret filename(s), files should be placed in the "files" folder of the role
+splunk_secret_text: undefined # Used to specify your splunk.secret via a text value
 # Although there are tasks for the following Splunk configurations in this role, they are not included in any tasks by default. You can add them to your install_splunk.yml if you would like to have Ansible manage any of these files
 splunk_configure_authentication: false
 ad_bind_password: undefined # Use ansible-vault encrypt_string, e.g. ansible-vault encrypt_string --ask-vault-pass 'var_value_to_encrypt' --name 'var_name'
diff --git a/roles/splunk/tasks/configure_splunk_secret.yml b/roles/splunk/tasks/configure_splunk_secret.yml
index a0dc2f5f..019df4c7 100644
--- a/roles/splunk/tasks/configure_splunk_secret.yml
+++ b/roles/splunk/tasks/configure_splunk_secret.yml
@@ -1,4 +1,4 @@
-- name: Install splunk.secret
+- name: Install splunk.secret from file
   copy:
     src: "{{ splunk_secret_file }}"
     dest: "{{ splunk_home }}/etc/auth/splunk.secret"
@@ -9,7 +9,7 @@
   notify: restart splunk
   when: splunk_configure_secret and splunk_secret_file is defined
 
-- name: Install splunk.secret
+- name: Install splunk.secret from text
   template:
     src: splunk.secret.j2
     dest: "{{ splunk_home }}/etc/auth/splunk.secret"
diff --git a/scripts/generate-secrets.sh b/scripts/generate-secrets.sh
deleted file mode 100755
index e56fb00c..00000000
--- a/scripts/generate-secrets.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-
-
-docker_id=$(docker run --rm -d -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=doesntmatter" splunk/universalforwarder)
-
-while [ ! $(docker inspect --format '{{json .State.Health.Status}}' $docker_id) = "\"healthy\"" ]
-do
-  sleep 2
-done
-
-docker exec $docker_id sudo cat /opt/splunkforwarder/etc/auth/splunk.secret
-docker container stop $docker_id

From b04cfe032ee2d430af4a2d037ceff80c2d163dc0 Mon Sep 17 00:00:00 2001
From: Chris Balmer <git@chrisbalmer.io>
Date: Mon, 29 Mar 2021 20:44:08 -0400
Subject: [PATCH 3/3] Updating conditionals for splunk_secret tasks

---
 roles/splunk/tasks/configure_splunk_secret.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/roles/splunk/tasks/configure_splunk_secret.yml b/roles/splunk/tasks/configure_splunk_secret.yml
index 019df4c7..8b23bf4d 100644
--- a/roles/splunk/tasks/configure_splunk_secret.yml
+++ b/roles/splunk/tasks/configure_splunk_secret.yml
@@ -7,7 +7,9 @@
     mode: 0644
   become: true
   notify: restart splunk
-  when: splunk_configure_secret and splunk_secret_file is defined
+  when: 
+    - splunk_configure_secret
+    - splunk_secret_file != 'undefined'
 
 - name: Install splunk.secret from text
   template:
@@ -18,5 +20,6 @@
     mode: 0644
   become: true
   notify: restart splunk
-  when: splunk_configure_secret and splunk_secret_text is defined
-
+  when: 
+    - splunk_configure_secret
+    - splunk_secret_text != 'undefined'