service: rename secrets return variable

2025-04-04 22:13:07 +03:00
parent 9bb2b24948
commit 68b3dcb49c
4 changed files with 7 additions and 7 deletions
--- a/roles/service/meta/argument_specs.yaml
+++ b/roles/service/meta/argument_specs.yaml
@@ -93,7 +93,7 @@ argument_specs:
        description:
          - A list of secrets available to the service container in /run/secrets/<service name>-<secret name>
          - >
-            A dict of secrets and their values (including autogenerated values) is available as `_service_podman_secrets` for use
+            A dict of secrets and their values (including autogenerated values) is available as `service_podman_secrets` for use
            in tepmlates or environment variables. This should only be used if the container doesn't support reading the secret from file
        type: list
        required: false
--- a/roles/service/tasks/secrets.yaml
+++ b/roles/service/tasks/secrets.yaml
@@ -16,7 +16,7 @@

 - name: Store secrets in a variable for later
  ansible.builtin.set_fact:
-    _service_podman_secrets: >
+    service_podman_secrets: >
      {{ _service_podman_secret_info.secrets
        | map(attribute='Spec.Name')
        | zip(_service_podman_secret_info.secrets | map(attribute='SecretData'))
--- a/roles/synapse/tasks/main.yaml
+++ b/roles/synapse/tasks/main.yaml
@@ -68,8 +68,8 @@
    matrix_authentication_service_domain: "{{ synapse_mas_domain }}"
    matrix_authentication_service_homeserver_name: "{{ synapse_server_name }}"
    matrix_authentication_service_homeserver_address: http://synapse:8009
-    matrix_authentication_service_client_secret: "{{ _service_podman_secrets['synapse-mas-client-secret'] }}"
-    matrix_authentication_service_homeserver_secret: "{{ _service_podman_secrets['synapse-mas-homeserver-secret'] }}"
+    matrix_authentication_service_client_secret: "{{ service_podman_secrets['synapse-mas-client-secret'] }}"
+    matrix_authentication_service_homeserver_secret: "{{ service_podman_secrets['synapse-mas-homeserver-secret'] }}"

    matrix_authentication_service_email_smtp_server: "{{ synapse_email_smtp_server }}"
    matrix_authentication_service_email_smtp_user: "{{ synapse_email_smtp_user }}"
--- a/roles/synapse/templates/homeserver.yaml.j2
+++ b/roles/synapse/templates/homeserver.yaml.j2
@@ -29,7 +29,7 @@ database:
  args:
    host: synapse-postgres
    user: synapse
-    password: "{{ _service_database_password }}"
+    password: "{{ service_podman_secrets['synapse-postgres'] }}"
    dbname: synapse

 caches:
@@ -112,6 +112,6 @@ experimental_features:
    issuer: http://matrix-authentication-service:8080/
    client_id: 0000000000000000000SYNAPSE
    client_auth_method: client_secret_basic
-    client_secret: "{{ _service_podman_secrets['synapse-mas-client-secret'] }}"
-    admin_token: "{{ _service_podman_secrets['synapse-mas-homeserver-secret'] }}"
+    client_secret: "{{ service_podman_secrets['synapse-mas-client-secret'] }}"
+    admin_token: "{{ service_podman_secrets['synapse-mas-homeserver-secret'] }}"
    account_management_url: "https://{{ synapse_mas_domain }}/account"