From f6014995d3359210df8654a88f191298a5eb8630 Mon Sep 17 00:00:00 2001
From: W <willg258@hotmail.co.uk>
Date: Tue, 14 Nov 2023 17:08:26 +0000
Subject: [PATCH] nomis-xtag-secrets

nomis-xtag-secrets
---
 .../ami_nomis_rhel_7_9_weblogic_xtag_10_3.yml |  2 +
 ansible/group_vars/server_type_nomis_xtag.yml |  2 +
 .../nomis-xtag-weblogic/defaults/main.yml     |  8 +++-
 .../nomis-xtag-weblogic/tasks/get-facts.yml   | 45 ++++++++++++++-----
 4 files changed, 44 insertions(+), 13 deletions(-)

diff --git a/ansible/group_vars/ami_nomis_rhel_7_9_weblogic_xtag_10_3.yml b/ansible/group_vars/ami_nomis_rhel_7_9_weblogic_xtag_10_3.yml
index 838de8034..d073f8609 100644
--- a/ansible/group_vars/ami_nomis_rhel_7_9_weblogic_xtag_10_3.yml
+++ b/ansible/group_vars/ami_nomis_rhel_7_9_weblogic_xtag_10_3.yml
@@ -29,3 +29,5 @@ ami_roles_list:
 
 # the below vars are defined in multiple groups.  Keep the values the same to avoid unexpected behaviour
 roles_list: "{{ (ami_roles_list | default([]) | difference(server_type_roles_list | default([]))) + (server_type_roles_list | default([])) }}"
+
+use_ssm_params: true
diff --git a/ansible/group_vars/server_type_nomis_xtag.yml b/ansible/group_vars/server_type_nomis_xtag.yml
index 5c5831bcd..38e646407 100644
--- a/ansible/group_vars/server_type_nomis_xtag.yml
+++ b/ansible/group_vars/server_type_nomis_xtag.yml
@@ -30,3 +30,5 @@ collectd_monitored_services_servertype:
     shell_cmd: "systemctl is-active wls_adminserver"
   - metric_name: wlsmanagedserver
     shell_cmd: "systemctl is-active wls_managedserver"
+
+use_ssm_params: true
\ No newline at end of file
diff --git a/ansible/roles/nomis-xtag-weblogic/defaults/main.yml b/ansible/roles/nomis-xtag-weblogic/defaults/main.yml
index 04e4414de..c72a5bb83 100644
--- a/ansible/roles/nomis-xtag-weblogic/defaults/main.yml
+++ b/ansible/roles/nomis-xtag-weblogic/defaults/main.yml
@@ -29,12 +29,18 @@ weblogic_servers:
   - { name: AdminServer }
 
 db_config: "{{ db_configs[weblogic_db_name] }}"
-xtag_ssm_passwords:
+
+use_ssm_params: false
+xtag_secretsmanager_passwords:
   weblogic:
     parameter: "/oracle/weblogic/{{ nomis_environment }}/passwords"
+    secret: "/oracle/weblogic/{{ nomis_environment }}/passwords"
     users:
       - weblogic: auto
   db:
     parameter: "/oracle/database/{{ db_config.db_name }}/weblogic-passwords"
+    secret: "/oracle/database/{{ db_config.db_name }}/weblogic-passwords"
     users:
       - xtag:
+
+xtag_ssm_passwords: "{{ xtag_secretsmanager_passwords }}"
\ No newline at end of file
diff --git a/ansible/roles/nomis-xtag-weblogic/tasks/get-facts.yml b/ansible/roles/nomis-xtag-weblogic/tasks/get-facts.yml
index 244e6d1b9..77c66693d 100644
--- a/ansible/roles/nomis-xtag-weblogic/tasks/get-facts.yml
+++ b/ansible/roles/nomis-xtag-weblogic/tasks/get-facts.yml
@@ -1,14 +1,35 @@
 ---
-- name: Get SSM parameters
-  import_role:
-    name: ssm-passwords
-  vars:
-    ssm_passwords: "{{ xtag_ssm_passwords }}"
+- name: Get secretsmanager passwords
+  block:
+    - name: secretsmanager passwords
+      import_role:
+        name: secretsmanager-passwords
+      vars:
+        secretsmanager_passwords: "{{ xtag_secretsmanager_passwords }}"
 
-- name: Get SSM parameters
-  set_fact:
-    weblogic_admin_password: "{{ ssm_passwords_dict['weblogic'].passwords[weblogic_admin_username] }}"
-    weblogic_db_password: "{{ ssm_passwords_dict['db'].passwords[weblogic_db_username] }}"
+    - name: secretsmanager passwords
+      set_fact:
+        weblogic_admin_password: "{{ secretsmanager_passwords_dict['weblogic'].passwords[weblogic_admin_username] }}"
+        weblogic_db_password: "{{ secretsmanager_passwords_dict['db'].passwords[weblogic_db_username] }}"
+
+  when: not use_ssm_params
+  
+
+- name: Get SSM params
+  block:
+    - name: Get SSM parameters
+      import_role:
+        name: ssm-passwords
+      vars:
+        ssm_passwords: "{{ xtag_ssm_passwords }}"
+
+    - name: Get SSM parameters
+      set_fact:
+        weblogic_admin_password: "{{ ssm_passwords_dict['weblogic'].passwords[weblogic_admin_username] }}"
+        weblogic_db_password: "{{ ssm_passwords_dict['db'].passwords[weblogic_db_username] }}"
+      when: ssm_passwords_dict is defined
+
+  when: use_ssm_params
 
 - debug:
     msg: "Configuring Oracle DB {{ weblogic_db_name }} on {{ weblogic_db_hostname_a }},{{ weblogic_db_hostname_b }} with username {{ weblogic_db_username }}"
@@ -19,7 +40,7 @@
 - debug:
     msg: "Configuring NDH EMS server to {{ ndh_ems_server }}"
 
-- name: Check all SSM parameters and tags are set
+- name: Check all secrets and tags are set
   set_fact:
     weblogic_all_variables_set: true
   when:
@@ -31,7 +52,7 @@
     - weblogic_db_hostname_b|length > 0
     - ndh_ems_server|length > 0
 
-- name: Fail if missing SSM parameters or tags
+- name: Fail if missing secrets or tags
   fail:
-    msg: Ensure all required SSM parameters and tags are set
+    msg: Ensure all required secrets and tags are set
   when: not weblogic_all_variables_set|default(false)