Fixes bugs, also added removal for insecure variables before uploading config to S3
This commit is contained in:
Arsenii Petrovich
parent
56ddeb89a4
commit
c008835868
|
|
@ -21,3 +21,4 @@ roles/main_infra/files/terraform.tfvars
|
|||
|
||||
group_vars/*.yml
|
||||
*.retry
|
||||
*.temp
|
||||
|
|
|
|||
|
|
@ -55,12 +55,12 @@
|
|||
|
||||
- name: Destroy S3 bucket
|
||||
s3_bucket:
|
||||
name: "{{ bucket }}"
|
||||
name: "{{ prefix }}-{{ bucket }}"
|
||||
state: absent
|
||||
force: yes
|
||||
when: user_answer.user_input|bool == True
|
||||
|
||||
- dynamodb_table:
|
||||
name: "{{ dynamodb_table }}"
|
||||
name: "{{ prefix }}-{{ dynamodb_table }}"
|
||||
state: absent
|
||||
when: user_answer.user_input|bool == True
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
- name: Create DynamoDB table
|
||||
dynamodb_table:
|
||||
name: "{{ dynamodb_table }}"
|
||||
name: "{{ prefix }}-{{ dynamodb_table }}"
|
||||
hash_key_name: LockID
|
||||
hash_key_type: STRING
|
||||
read_capacity: 1
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
region = "{{ ansible_env.AWS_REGION }}"
|
||||
bucket = "{{ bucket }}"
|
||||
dynamodb_table = "{{ dynamodb_table }}"
|
||||
bucket = "{{ prefix }}-{{ bucket }}"
|
||||
dynamodb_table = "{{ prefix }}-{{ dynamodb_table }}"
|
||||
key = "terraform.tfstate"
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
- name: Create S3 bucket
|
||||
aws_s3:
|
||||
bucket: "{{ bucket }}"
|
||||
bucket: "{{ prefix }}-{{ bucket }}"
|
||||
mode: create
|
||||
permission: private
|
||||
|
||||
- name: Apply tags and versioning to create S3 bucket
|
||||
s3_bucket:
|
||||
name: "{{ bucket }}"
|
||||
name: "{{ prefix }}-{{ bucket }}"
|
||||
versioning: yes
|
||||
tags:
|
||||
origin: terraform
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
|
||||
- name: Add lifecycle management policy to created S3 bucket
|
||||
s3_lifecycle:
|
||||
name: "{{ bucket }}"
|
||||
name: "{{ prefix }}-{{ bucket }}"
|
||||
rule_id: "expire"
|
||||
noncurrent_version_expiration_days: 90
|
||||
status: enabled
|
||||
|
|
@ -26,10 +26,27 @@
|
|||
register: stat_result
|
||||
when: upload_config_to_s3|bool == True
|
||||
|
||||
- name: Copy temporary file to be uploaded
|
||||
command: "cp {{ playbook_dir }}/group_vars/all.yml {{ playbook_dir }}/group_vars/all.yml.temp"
|
||||
when: upload_config_to_s3|bool == True
|
||||
|
||||
- name: Remove insecure variables
|
||||
- lineinfile:
|
||||
path: "{{ playbook_dir }}/group_vars/all.yml.temp"
|
||||
regexp: 'aws_.*'
|
||||
line: '<There was and aws-related insecure variable to keep at S3. Removed>'
|
||||
when: upload_config_to_s3|bool == True
|
||||
|
||||
- name: Upload config to S3 bucket
|
||||
aws_s3:
|
||||
bucket: "{{ bucket }}"
|
||||
bucket: "{{ prefix }}-{{ bucket }}"
|
||||
object: all.yml
|
||||
src: "{{ playbook_dir }}/group_vars/all.yml"
|
||||
src: "{{ playbook_dir }}/group_vars/all.yml.temp"
|
||||
mode: put
|
||||
when: stat_result.stat.exists == True and upload_config_to_s3|bool == True
|
||||
|
||||
- name: Remove temp file
|
||||
file:
|
||||
path: "{{ playbook_dir }}/group_vars/all.yml"
|
||||
state: absent
|
||||
when: upload_config_to_s3|bool == True
|
||||
|
|
|
|||
Loading…
Reference in New Issue