Add role prefix to variables for the orchestrator role

This resolves the var-naming[no-role-prefix] warning from ansible-lint. This also requires updating the Terraform configuration for the BOD Docker instance.
cisagov · Apr 5, 2024 · 72a048a · 72a048a
1 parent f311437
commit 72a048a
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 24 deletions.
diff --git a/ansible/roles/orchestrator/tasks/main.yml b/ansible/roles/orchestrator/tasks/main.yml
@@ -19,20 +19,20 @@
     src: mongodb_credentials.yml.j2
   loop:
     # reporter
-    - database: "{{ reporter_db }}"
+    - database: "{{ orchestrator_reporter_db }}"
       filename: cyhy_read_creds.yml
-      username: "{{ reporter_user }}"
-      password: "{{ reporter_pw }}"
+      username: "{{ orchestrator_reporter_user }}"
+      password: "{{ orchestrator_reporter_pw }}"
     # scan-reader
-    - database: "{{ scan_reader_db }}"
+    - database: "{{ orchestrator_scan_reader_db }}"
       filename: scan_read_creds.yml
-      username: "{{ scan_reader_user }}"
-      password: "{{ scan_reader_pw }}"
+      username: "{{ orchestrator_scan_reader_user }}"
+      password: "{{ orchestrator_scan_reader_pw }}"
     # scan-writer
-    - database: "{{ scan_writer_db }}"
+    - database: "{{ orchestrator_scan_writer_db }}"
       filename: scan_write_creds.yml
-      username: "{{ scan_writer_user }}"
-      password: "{{ scan_writer_pw }}"
+      username: "{{ orchestrator_scan_writer_user }}"
+      password: "{{ orchestrator_scan_writer_pw }}"
   loop_control:
     label: "{{ item.filename }}"
 

diff --git a/ansible/roles/orchestrator/templates/aws_config.j2 b/ansible/roles/orchestrator/templates/aws_config.j2
@@ -1,7 +1,7 @@
 [profile lambda]
-region = {{ aws_region }}
+region = {{ orchestrator_aws_region }}
 
 [profile elasticsearch]
 credential_source = Ec2InstanceMetadata
-region = {{ dmarc_import_aws_region }}
-role_arn = {{ dmarc_import_es_role }}
+region = {{ orchestrator_dmarc_import_aws_region }}
+role_arn = {{ orchestrator_dmarc_import_es_role }}
diff --git a/ansible/roles/orchestrator/vars/main.yml b/ansible/roles/orchestrator/vars/main.yml
@@ -1,21 +1,21 @@
 ---
 # reporter mongo username
-reporter_user: "{{ lookup('aws_ssm', '/cyhy/mongo/users/reporter/user') }}"
+orchestrator_reporter_user: "{{ lookup('aws_ssm', '/cyhy/mongo/users/reporter/user') }}"
 # reporter mongo password
-reporter_pw: "{{ lookup('aws_ssm', '/cyhy/mongo/users/reporter/password') }}"
+orchestrator_reporter_pw: "{{ lookup('aws_ssm', '/cyhy/mongo/users/reporter/password') }}"
 # reporter mongo database
-reporter_db: "{{ lookup('aws_ssm', '/cyhy/mongo/users/reporter/database') }}"
+orchestrator_reporter_db: "{{ lookup('aws_ssm', '/cyhy/mongo/users/reporter/database') }}"
 
 # scan-reader mongo username
-scan_reader_user: "{{ lookup('aws_ssm', '/cyhy/mongo/users/scan-reader/user') }}"
+orchestrator_scan_reader_user: "{{ lookup('aws_ssm', '/cyhy/mongo/users/scan-reader/user') }}"
 # scan-reader mongo password
-scan_reader_pw: "{{ lookup('aws_ssm', '/cyhy/mongo/users/scan-reader/password') }}"
+orchestrator_scan_reader_pw: "{{ lookup('aws_ssm', '/cyhy/mongo/users/scan-reader/password') }}"
 # scan-reader mongo database
-scan_reader_db: "{{ lookup('aws_ssm', '/cyhy/mongo/users/scan-reader/database') }}"
+orchestrator_scan_reader_db: "{{ lookup('aws_ssm', '/cyhy/mongo/users/scan-reader/database') }}"
 
 # scan-writer mongo username
-scan_writer_user: "{{ lookup('aws_ssm', '/cyhy/mongo/users/scan-writer/user') }}"
+orchestrator_scan_writer_user: "{{ lookup('aws_ssm', '/cyhy/mongo/users/scan-writer/user') }}"
 # scan-writer mongo password
-scan_writer_pw: "{{ lookup('aws_ssm', '/cyhy/mongo/users/scan-writer/password') }}"
+orchestrator_scan_writer_pw: "{{ lookup('aws_ssm', '/cyhy/mongo/users/scan-writer/password') }}"
 # scan-writer mongo database
-scan_writer_db: "{{ lookup('aws_ssm', '/cyhy/mongo/users/scan-writer/database') }}"
+orchestrator_scan_writer_db: "{{ lookup('aws_ssm', '/cyhy/mongo/users/scan-writer/database') }}"
diff --git a/terraform/bod_docker_ec2.tf b/terraform/bod_docker_ec2.tf
@@ -163,7 +163,6 @@ module "bod_docker_ansible_provisioner" {
   ]
   dry_run = false
   envs = [
-    "aws_region=${var.aws_region}",
     "bastion_host=${aws_instance.bod_bastion.public_ip}",
     "client_cert_update_ses_aws_region=${var.ses_aws_region}",
     "client_cert_update_ses_send_email_role=${var.ses_role_arn}",
@@ -174,10 +173,11 @@ module "bod_docker_ansible_provisioner" {
     "cyhy_mailer_docker_compose_override_file_for_mailer=${var.docker_mailer_override_filename}",
     "cyhy_mailer_ses_aws_region=${var.ses_aws_region}",
     "cyhy_mailer_ses_send_email_role=${var.ses_role_arn}",
-    "dmarc_import_aws_region=${var.dmarc_import_aws_region}",
-    "dmarc_import_es_role=${var.dmarc_import_es_role_arn}",
     "host=${aws_instance.bod_docker.private_ip}",
     "host_groups=docker,bod_docker",
+    "orchestrator_aws_region=${var.aws_region}",
+    "orchestrator_dmarc_import_aws_region=${var.dmarc_import_aws_region}",
+    "orchestrator_dmarc_import_es_role=${var.dmarc_import_es_role_arn}",
     "production_workspace=${local.production_workspace}",
   ]
   playbook = "../ansible/playbook.yml"