Account for corner case where pre-existing generated secret exists

- If a secret by the name awx-secret-key exists in the namespace and a custom secret_key_secret is specified, the secret name set will be incorrect, resulting in an incorrect status. Signed-off-by: Christian M. Adams <[email protected]>
ansible · Jan 12, 2024 · 2ef52cd · 2ef52cd
1 parent 9a95f53
commit 2ef52cd
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 9 deletions.
diff --git a/roles/installer/tasks/admin_password_configuration.yml b/roles/installer/tasks/admin_password_configuration.yml
@@ -40,7 +40,7 @@
 
 - name: Set admin password secret
   set_fact:
-    __admin_password_secret: '{{ _generated_admin_password["resources"] | default([]) | length | ternary(_generated_admin_password, _admin_password_secret) }}'
+    __admin_password_secret: "{{ admin_password_secret | length | ternary(_admin_password_secret, _generated_admin_password) }}"
   no_log: "{{ no_log }}"
 
 - name: Store admin password
@@ -58,4 +58,6 @@
         namespace: "{{ ansible_operator_meta.namespace }}"
         ownerReferences: null
   no_log: "{{ no_log }}"
-  when: not garbage_collect_secrets | bool
+  when:
+    - not garbage_collect_secrets | bool
+    - _generated_admin_password["resources"] | default([]) | length
diff --git a/roles/installer/tasks/broadcast_websocket_configuration.yml b/roles/installer/tasks/broadcast_websocket_configuration.yml
@@ -42,7 +42,7 @@
 - name: Set broadcast websocket secret
   set_fact:
     # yamllint disable-line rule:line-length
-    __broadcast_websocket_secret: '{{ _generated_broadcast_websocket["resources"] | default([]) | length | ternary(_generated_broadcast_websocket, _broadcast_websocket_secret)  }}'  # noqa 204
+    __broadcast_websocket_secret: "{{ broadcast_websocket_secret | length | ternary(_broadcast_websocket_secret, _generated_broadcast_websocket) }}"
   no_log: "{{ no_log }}"
 
 - name: Store broadcast websocket secret name
@@ -60,4 +60,6 @@
         namespace: "{{ ansible_operator_meta.namespace }}"
         ownerReferences: null
   no_log: "{{ no_log }}"
-  when: not garbage_collect_secrets | bool
+  when:
+    - not garbage_collect_secrets | bool
+    - _generated_broadcast_websocket["resources"] | default([]) | length
diff --git a/roles/installer/tasks/database_configuration.yml b/roles/installer/tasks/database_configuration.yml
@@ -85,7 +85,7 @@
 
 - name: Set PostgreSQL Configuration
   set_fact:
-    pg_config: '{{ _generated_pg_config_resources["resources"] | default([]) | length | ternary(_generated_pg_config_resources, _pg_config) }}'
+    pg_config: "{{ postgres_configuration_secret | length | ternary(_pg_config, _generated_pg_config_resources) }}"
   no_log: "{{ no_log }}"
 
 - name: Set actual postgres configuration secret used
@@ -102,8 +102,9 @@
         namespace: "{{ ansible_operator_meta.namespace }}"
         ownerReferences: null
   no_log: "{{ no_log }}"
-  when: not garbage_collect_secrets | bool
-
+  when:
+    - not garbage_collect_secrets | bool
+    - _generated_pg_config_resources["resources"] | default([]) | length
 - name: Store Database Configuration
   set_fact:
     awx_postgres_user: "{{ pg_config['resources'][0]['data']['username'] | b64decode }}"

diff --git a/roles/installer/tasks/secret_key_configuration.yml b/roles/installer/tasks/secret_key_configuration.yml
@@ -40,7 +40,7 @@
 
 - name: Set secret key secret
   set_fact:
-    secret_key: '{{ _generated_secret_key["resources"] | default([]) | length | ternary(_generated_secret_key, _secret_key_secret)  }}'
+    secret_key: "{{ secret_key_secret | length | ternary(_secret_key_secret, _generated_secret_key) }}"
   no_log: "{{ no_log }}"
 
 - name: Store secret key secret name
@@ -58,4 +58,6 @@
         namespace: "{{ ansible_operator_meta.namespace }}"
         ownerReferences: null
   no_log: "{{ no_log }}"
-  when: not garbage_collect_secrets | bool
+  when:
+    - not garbage_collect_secrets | bool
+    - _generated_secret_key["resources"] | default([]) | length