From 512e727ac6d5be49c2c29fe2baf3f0fbe9b7ea4a Mon Sep 17 00:00:00 2001 From: feng <1304903146@qq.com> Date: Tue, 10 Sep 2024 17:42:59 +0800 Subject: [PATCH] feat: Postgresql support ssl --- .../change_secret/database/mysql/main.yml | 21 +++++++++++-------- .../database/postgresql/main.yml | 17 +++++++++++++++ .../gather_accounts/database/mysql/main.yml | 9 +++++--- .../database/postgresql/main.yml | 9 ++++++++ .../push_account/database/mysql/main.yml | 21 +++++++++++-------- .../push_account/database/postgresql/main.yml | 17 +++++++++++++++ .../remove_account/database/mysql/main.yml | 9 +++++--- .../database/postgresql/main.yml | 9 ++++++++ .../verify_account/database/mysql/main.yml | 9 +++++--- .../database/postgresql/main.yml | 9 ++++++++ .../gather_facts/database/mysql/main.yml | 9 +++++--- .../gather_facts/database/postgresql/main.yml | 9 ++++++++ .../automations/ping/database/mysql/main.yml | 9 +++++--- .../ping/database/postgresql/main.yml | 9 ++++++++ 14 files changed, 133 insertions(+), 33 deletions(-) diff --git a/apps/accounts/automations/change_secret/database/mysql/main.yml b/apps/accounts/automations/change_secret/database/mysql/main.yml index f36eff171..15648e76d 100644 --- a/apps/accounts/automations/change_secret/database/mysql/main.yml +++ b/apps/accounts/automations/change_secret/database/mysql/main.yml @@ -4,6 +4,9 @@ ansible_python_interpreter: /opt/py3/bin/python db_name: "{{ jms_asset.spec_info.db_name }}" check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}" + ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}" + ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}" + ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}" tasks: - name: Test MySQL connection @@ -13,9 +16,9 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" check_hostname: "{{ check_ssl if check_ssl else omit }}" - ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}" - client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}" - client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}" + ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}" + client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}" + client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}" filter: version register: db_info @@ -30,9 +33,9 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" check_hostname: "{{ check_ssl if check_ssl else omit }}" - ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}" - client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}" - client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}" + ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}" + client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}" + client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}" name: "{{ account.username }}" password: "{{ account.secret }}" host: "%" @@ -47,7 +50,7 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" check_hostname: "{{ check_ssl if check_ssl else omit }}" - ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}" - client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}" - client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}" + ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}" + client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}" + client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}" filter: version diff --git a/apps/accounts/automations/change_secret/database/postgresql/main.yml b/apps/accounts/automations/change_secret/database/postgresql/main.yml index 9d55a898e..b73baac4a 100644 --- a/apps/accounts/automations/change_secret/database/postgresql/main.yml +++ b/apps/accounts/automations/change_secret/database/postgresql/main.yml @@ -2,6 +2,11 @@ gather_facts: no vars: ansible_python_interpreter: /opt/py3/bin/python + check_ssl: "{{ jms_asset.spec_info.use_ssl }}" + check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}" + ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}" + ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}" + ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}" tasks: - name: Test PostgreSQL connection @@ -11,6 +16,10 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" login_db: "{{ jms_asset.spec_info.db_name }}" + ca_cert: "{{ ca_cert if check_ca and ca_cert | length > 0 else omit }}" + ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}" + ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}" + ssl_mode: "{{ 'verify-full' if check_ca else 'require' if check_ssl else 'prefer' }}" register: result failed_when: not result.is_available @@ -28,6 +37,10 @@ db: "{{ jms_asset.spec_info.db_name }}" name: "{{ account.username }}" password: "{{ account.secret }}" + ca_cert: "{{ ca_cert if check_ca and ca_cert | length > 0 else omit }}" + ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}" + ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}" + ssl_mode: "{{ 'verify-full' if check_ca else 'require' if check_ssl else 'prefer' }}" role_attr_flags: LOGIN ignore_errors: true when: result is succeeded @@ -39,3 +52,7 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" db: "{{ jms_asset.spec_info.db_name }}" + ca_cert: "{{ ca_cert if check_ca and ca_cert | length > 0 else omit }}" + ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}" + ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}" + ssl_mode: "{{ 'verify-full' if check_ca else 'require' if check_ssl else 'prefer' }}" diff --git a/apps/accounts/automations/gather_accounts/database/mysql/main.yml b/apps/accounts/automations/gather_accounts/database/mysql/main.yml index e36925209..92121189d 100644 --- a/apps/accounts/automations/gather_accounts/database/mysql/main.yml +++ b/apps/accounts/automations/gather_accounts/database/mysql/main.yml @@ -3,6 +3,9 @@ vars: ansible_python_interpreter: /opt/py3/bin/python check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}" + ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}" + ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}" + ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}" tasks: - name: Get info @@ -12,9 +15,9 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" check_hostname: "{{ check_ssl if check_ssl else omit }}" - ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}" - client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}" - client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}" + ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}" + client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}" + client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}" filter: users register: db_info diff --git a/apps/accounts/automations/gather_accounts/database/postgresql/main.yml b/apps/accounts/automations/gather_accounts/database/postgresql/main.yml index ce5ed181c..fd27ab132 100644 --- a/apps/accounts/automations/gather_accounts/database/postgresql/main.yml +++ b/apps/accounts/automations/gather_accounts/database/postgresql/main.yml @@ -2,6 +2,11 @@ gather_facts: no vars: ansible_python_interpreter: /opt/py3/bin/python + check_ssl: "{{ jms_asset.spec_info.use_ssl }}" + check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}" + ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}" + ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}" + ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}" tasks: - name: Get info @@ -11,6 +16,10 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" login_db: "{{ jms_asset.spec_info.db_name }}" + ca_cert: "{{ ca_cert if check_ca and ca_cert | length > 0 else omit }}" + ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}" + ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}" + ssl_mode: "{{ 'verify-full' if check_ca else 'require' if check_ssl else 'prefer' }}" filter: "roles" register: db_info diff --git a/apps/accounts/automations/push_account/database/mysql/main.yml b/apps/accounts/automations/push_account/database/mysql/main.yml index f36eff171..15648e76d 100644 --- a/apps/accounts/automations/push_account/database/mysql/main.yml +++ b/apps/accounts/automations/push_account/database/mysql/main.yml @@ -4,6 +4,9 @@ ansible_python_interpreter: /opt/py3/bin/python db_name: "{{ jms_asset.spec_info.db_name }}" check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}" + ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}" + ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}" + ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}" tasks: - name: Test MySQL connection @@ -13,9 +16,9 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" check_hostname: "{{ check_ssl if check_ssl else omit }}" - ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}" - client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}" - client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}" + ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}" + client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}" + client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}" filter: version register: db_info @@ -30,9 +33,9 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" check_hostname: "{{ check_ssl if check_ssl else omit }}" - ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}" - client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}" - client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}" + ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}" + client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}" + client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}" name: "{{ account.username }}" password: "{{ account.secret }}" host: "%" @@ -47,7 +50,7 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" check_hostname: "{{ check_ssl if check_ssl else omit }}" - ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}" - client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}" - client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}" + ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}" + client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}" + client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}" filter: version diff --git a/apps/accounts/automations/push_account/database/postgresql/main.yml b/apps/accounts/automations/push_account/database/postgresql/main.yml index 265401fbd..3678e4fe2 100644 --- a/apps/accounts/automations/push_account/database/postgresql/main.yml +++ b/apps/accounts/automations/push_account/database/postgresql/main.yml @@ -2,6 +2,11 @@ gather_facts: no vars: ansible_python_interpreter: /opt/py3/bin/python + check_ssl: "{{ jms_asset.spec_info.use_ssl }}" + check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}" + ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}" + ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}" + ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}" tasks: - name: Test PostgreSQL connection @@ -11,6 +16,10 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" login_db: "{{ jms_asset.spec_info.db_name }}" + ca_cert: "{{ ca_cert if check_ca and ca_cert | length > 0 else omit }}" + ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}" + ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}" + ssl_mode: "{{ 'verify-full' if check_ca else 'require' if check_ssl else 'prefer' }}" register: result failed_when: not result.is_available @@ -28,6 +37,10 @@ db: "{{ jms_asset.spec_info.db_name }}" name: "{{ account.username }}" password: "{{ account.secret }}" + ca_cert: "{{ ca_cert if check_ca and ca_cert | length > 0 else omit }}" + ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}" + ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}" + ssl_mode: "{{ 'verify-full' if check_ca else 'require' if check_ssl else 'prefer' }}" role_attr_flags: LOGIN ignore_errors: true when: result is succeeded @@ -40,6 +53,10 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" db: "{{ jms_asset.spec_info.db_name }}" + ca_cert: "{{ ca_cert if check_ca and ca_cert | length > 0 else omit }}" + ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}" + ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}" + ssl_mode: "{{ 'verify-full' if check_ca else 'require' if check_ssl else 'prefer' }}" when: - result is succeeded - change_info is succeeded diff --git a/apps/accounts/automations/remove_account/database/mysql/main.yml b/apps/accounts/automations/remove_account/database/mysql/main.yml index a8700850f..07b84a58b 100644 --- a/apps/accounts/automations/remove_account/database/mysql/main.yml +++ b/apps/accounts/automations/remove_account/database/mysql/main.yml @@ -3,6 +3,9 @@ vars: ansible_python_interpreter: /opt/py3/bin/python check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}" + ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}" + ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}" + ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}" tasks: - name: "Remove account" @@ -12,8 +15,8 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" check_hostname: "{{ check_ssl if check_ssl else omit }}" - ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}" - client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}" - client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}" + ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}" + client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}" + client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}" name: "{{ account.username }}" state: absent diff --git a/apps/accounts/automations/remove_account/database/postgresql/main.yml b/apps/accounts/automations/remove_account/database/postgresql/main.yml index 7004dc945..4738fcd04 100644 --- a/apps/accounts/automations/remove_account/database/postgresql/main.yml +++ b/apps/accounts/automations/remove_account/database/postgresql/main.yml @@ -2,6 +2,11 @@ gather_facts: no vars: ansible_python_interpreter: /opt/py3/bin/python + check_ssl: "{{ jms_asset.spec_info.use_ssl }}" + check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}" + ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}" + ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}" + ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}" tasks: - name: "Remove account" @@ -12,4 +17,8 @@ login_port: "{{ jms_asset.port }}" db: "{{ jms_asset.spec_info.db_name }}" name: "{{ account.username }}" + ca_cert: "{{ ca_cert if check_ca and ca_cert | length > 0 else omit }}" + ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}" + ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}" + ssl_mode: "{{ 'verify-full' if check_ca else 'require' if check_ssl else 'prefer' }}" state: absent diff --git a/apps/accounts/automations/verify_account/database/mysql/main.yml b/apps/accounts/automations/verify_account/database/mysql/main.yml index e2768d2c2..ab6a4d33b 100644 --- a/apps/accounts/automations/verify_account/database/mysql/main.yml +++ b/apps/accounts/automations/verify_account/database/mysql/main.yml @@ -3,6 +3,9 @@ vars: ansible_python_interpreter: /opt/py3/bin/python check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}" + ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}" + ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}" + ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}" tasks: - name: Verify account @@ -12,7 +15,7 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" check_hostname: "{{ check_ssl if check_ssl else omit }}" - ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}" - client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}" - client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}" + ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}" + client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}" + client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}" filter: version diff --git a/apps/accounts/automations/verify_account/database/postgresql/main.yml b/apps/accounts/automations/verify_account/database/postgresql/main.yml index 564749425..24fdd6cb6 100644 --- a/apps/accounts/automations/verify_account/database/postgresql/main.yml +++ b/apps/accounts/automations/verify_account/database/postgresql/main.yml @@ -2,6 +2,11 @@ gather_facts: no vars: ansible_python_interpreter: /opt/py3/bin/python + check_ssl: "{{ jms_asset.spec_info.use_ssl }}" + check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}" + ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}" + ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}" + ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}" tasks: - name: Verify account @@ -11,5 +16,9 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" db: "{{ jms_asset.spec_info.db_name }}" + ca_cert: "{{ ca_cert if check_ca and ca_cert | length > 0 else omit }}" + ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}" + ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}" + ssl_mode: "{{ 'verify-full' if check_ca else 'require' if check_ssl else 'prefer' }}" register: result failed_when: not result.is_available diff --git a/apps/assets/automations/gather_facts/database/mysql/main.yml b/apps/assets/automations/gather_facts/database/mysql/main.yml index 348a2150d..24d0acde4 100644 --- a/apps/assets/automations/gather_facts/database/mysql/main.yml +++ b/apps/assets/automations/gather_facts/database/mysql/main.yml @@ -3,6 +3,9 @@ vars: ansible_python_interpreter: /opt/py3/bin/python check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}" + ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}" + ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}" + ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}" tasks: - name: Get info @@ -12,9 +15,9 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" check_hostname: "{{ check_ssl if check_ssl else omit }}" - ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}" - client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}" - client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}" + ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}" + client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}" + client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}" filter: version register: db_info diff --git a/apps/assets/automations/gather_facts/database/postgresql/main.yml b/apps/assets/automations/gather_facts/database/postgresql/main.yml index c35d2ab7b..e7bea6002 100644 --- a/apps/assets/automations/gather_facts/database/postgresql/main.yml +++ b/apps/assets/automations/gather_facts/database/postgresql/main.yml @@ -2,6 +2,11 @@ gather_facts: no vars: ansible_python_interpreter: /opt/py3/bin/python + check_ssl: "{{ jms_asset.spec_info.use_ssl }}" + check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}" + ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}" + ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}" + ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}" tasks: - name: Get info @@ -11,6 +16,10 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" login_db: "{{ jms_asset.spec_info.db_name }}" + ca_cert: "{{ ca_cert if check_ca and ca_cert | length > 0 else omit }}" + ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}" + ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}" + ssl_mode: "{{ 'verify-full' if check_ca else 'require' if check_ssl else 'prefer' }}" register: db_info - name: Define info by set_fact diff --git a/apps/assets/automations/ping/database/mysql/main.yml b/apps/assets/automations/ping/database/mysql/main.yml index f99333bdb..2a05ee2ab 100644 --- a/apps/assets/automations/ping/database/mysql/main.yml +++ b/apps/assets/automations/ping/database/mysql/main.yml @@ -3,6 +3,9 @@ vars: ansible_python_interpreter: /opt/py3/bin/python check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}" + ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}" + ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}" + ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}" tasks: - name: Test MySQL connection @@ -12,7 +15,7 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" check_hostname: "{{ check_ssl if check_ssl else omit }}" - ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}" - client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}" - client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}" + ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}" + client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}" + client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}" filter: version diff --git a/apps/assets/automations/ping/database/postgresql/main.yml b/apps/assets/automations/ping/database/postgresql/main.yml index bf50d7a2b..3b29340e0 100644 --- a/apps/assets/automations/ping/database/postgresql/main.yml +++ b/apps/assets/automations/ping/database/postgresql/main.yml @@ -2,6 +2,11 @@ gather_facts: no vars: ansible_python_interpreter: /opt/py3/bin/python + check_ssl: "{{ jms_asset.spec_info.use_ssl }}" + check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}" + ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}" + ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}" + ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}" tasks: - name: Test PostgreSQL connection @@ -11,5 +16,9 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" login_db: "{{ jms_asset.spec_info.db_name }}" + ca_cert: "{{ ca_cert if check_ca and ca_cert | length > 0 else omit }}" + ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}" + ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}" + ssl_mode: "{{ 'verify-full' if check_ca else 'require' if check_ssl else 'prefer' }}" register: result failed_when: not result.is_available