From 68b3dcb49c17fef4eb654bd88077570257b4bdaa Mon Sep 17 00:00:00 2001
From: uumas <gitcommit@uumas.fi>
Date: Fri, 4 Apr 2025 22:13:07 +0300
Subject: [PATCH] service: rename secrets return variable

---
 roles/service/meta/argument_specs.yaml     | 2 +-
 roles/service/tasks/secrets.yaml           | 2 +-
 roles/synapse/tasks/main.yaml              | 4 ++--
 roles/synapse/templates/homeserver.yaml.j2 | 6 +++---
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/roles/service/meta/argument_specs.yaml b/roles/service/meta/argument_specs.yaml
index dc33f36..d363f13 100644
--- a/roles/service/meta/argument_specs.yaml
+++ b/roles/service/meta/argument_specs.yaml
@@ -93,7 +93,7 @@ argument_specs:
         description:
           - A list of secrets available to the service container in /run/secrets/<service name>-<secret name>
           - >
-            A dict of secrets and their values (including autogenerated values) is available as `_service_podman_secrets` for use
+            A dict of secrets and their values (including autogenerated values) is available as `service_podman_secrets` for use
             in tepmlates or environment variables. This should only be used if the container doesn't support reading the secret from file
         type: list
         required: false
diff --git a/roles/service/tasks/secrets.yaml b/roles/service/tasks/secrets.yaml
index 2db6e59..863178e 100644
--- a/roles/service/tasks/secrets.yaml
+++ b/roles/service/tasks/secrets.yaml
@@ -16,7 +16,7 @@
 
 - name: Store secrets in a variable for later
   ansible.builtin.set_fact:
-    _service_podman_secrets: >
+    service_podman_secrets: >
       {{ _service_podman_secret_info.secrets
         | map(attribute='Spec.Name')
         | zip(_service_podman_secret_info.secrets | map(attribute='SecretData'))
diff --git a/roles/synapse/tasks/main.yaml b/roles/synapse/tasks/main.yaml
index 37bf16f..7d97f45 100644
--- a/roles/synapse/tasks/main.yaml
+++ b/roles/synapse/tasks/main.yaml
@@ -68,8 +68,8 @@
     matrix_authentication_service_domain: "{{ synapse_mas_domain }}"
     matrix_authentication_service_homeserver_name: "{{ synapse_server_name }}"
     matrix_authentication_service_homeserver_address: http://synapse:8009
-    matrix_authentication_service_client_secret: "{{ _service_podman_secrets['synapse-mas-client-secret'] }}"
-    matrix_authentication_service_homeserver_secret: "{{ _service_podman_secrets['synapse-mas-homeserver-secret'] }}"
+    matrix_authentication_service_client_secret: "{{ service_podman_secrets['synapse-mas-client-secret'] }}"
+    matrix_authentication_service_homeserver_secret: "{{ service_podman_secrets['synapse-mas-homeserver-secret'] }}"
 
     matrix_authentication_service_email_smtp_server: "{{ synapse_email_smtp_server }}"
     matrix_authentication_service_email_smtp_user: "{{ synapse_email_smtp_user }}"
diff --git a/roles/synapse/templates/homeserver.yaml.j2 b/roles/synapse/templates/homeserver.yaml.j2
index 98910df..08835e4 100644
--- a/roles/synapse/templates/homeserver.yaml.j2
+++ b/roles/synapse/templates/homeserver.yaml.j2
@@ -29,7 +29,7 @@ database:
   args:
     host: synapse-postgres
     user: synapse
-    password: "{{ _service_database_password }}"
+    password: "{{ service_podman_secrets['synapse-postgres'] }}"
     dbname: synapse
 
 caches:
@@ -112,6 +112,6 @@ experimental_features:
     issuer: http://matrix-authentication-service:8080/
     client_id: 0000000000000000000SYNAPSE
     client_auth_method: client_secret_basic
-    client_secret: "{{ _service_podman_secrets['synapse-mas-client-secret'] }}"
-    admin_token: "{{ _service_podman_secrets['synapse-mas-homeserver-secret'] }}"
+    client_secret: "{{ service_podman_secrets['synapse-mas-client-secret'] }}"
+    admin_token: "{{ service_podman_secrets['synapse-mas-homeserver-secret'] }}"
     account_management_url: "https://{{ synapse_mas_domain }}/account"