]> git.immae.eu Git - perso/Immae/Config/Ansible.git/blobdiff - roles/contexts/fretlink/templates/environment.j2
projects / perso / Immae / Config / Ansible.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Lookup psql passwords at runtime
[perso/Immae/Config/Ansible.git] / roles / contexts / fretlink / templates / environment.j2
diff --git a/roles/contexts/fretlink/templates/environment.j2 b/roles/contexts/fretlink/templates/environment.j2
index bb9328a5e190b605e7eed25739661cb07ff4d9b2..652fc8dc6be7578b8e6b483b40a20a18d58b599d 100644 (file)
--- a/roles/contexts/fretlink/templates/environment.j2
+++ b/roles/contexts/fretlink/templates/environment.j2
@@ -8,6 +8,14 @@ if ! $(echo "$PATH" | grep -q "$DIR/toolbox/scripts"); then
   PATH="$DIR/toolbox/scripts:$PATH"
 fi
 
+p() {
+  if [ -z "$2" ]; then
+    pass show Travail/Fretlink/$1
+  else
+    pass show Travail/Fretlink/$1 | grep "^$2:" | sed -e "s/^$2: //"
+  fi | head -n1
+}
+
 build_macaroon() {
   if [ "$1" = "--old" ]; then
     shift
@@ -28,8 +36,13 @@ build_macaroon() {
   target="uri://fretlink/$3"
   realm="$4"
 
-  cd "$HOME/workdir/haskell-commons"
+  pushd "$HOME/workdir/haskell-commons" >/dev/null 2>/dev/null
   MACAROON_PRIVATE_KEY="$secret" MACAROON_SECRET="$secret" stack exec macaroon-bakery -- $action --location "$target" --key-id "$src" $ttl "$realm"
+  popd 2>/dev/null >/dev/null
+}
+
+function capitalize() {
+  echo "$1" | sed -e 's!\(^\|-\)\(.\)!\U\2!g'
 }
 
 APP=$(basename $(pwd))
@@ -49,7 +62,7 @@ FL_APP_URL="$FL_APPS_SCHEME://$FL_APPS_HOST:$FL_APP_PORT"
 FL_CARRIER_DIRECTORY_PORT=8082
 FL_CARRIER_DIRECTORY_SECRET="{{ lookup('passwordstore', 'Travail/Fretlink/Macaroons/CarrierDirectory subkey=Secret') }}"
 FL_CARRIER_DIRECTORY_PRIVATE_KEY="{{ lookup('passwordstore', 'Travail/Fretlink/Macaroons/CarrierDirectory subkey=PrivateKey') }}"
-FL_CARRIER_DIRECTORY_URL="$FL_APPS_SCHEME://$FL_APPS_HOST:$FL_CARRIER_DIRECTORY_PORT/api/"
+FL_CARRIER_DIRECTORY_URL="$FL_APPS_SCHEME://$FL_APPS_HOST:$FL_CARRIER_DIRECTORY_PORT/api"
 
 FL_NOTIFIER_PORT=8081
 FL_NOTIFIER_SECRET="{{ lookup('passwordstore', 'Travail/Fretlink/Macaroons/Notifier subkey=Secret') }}"
@@ -63,26 +76,17 @@ FL_FREIGHT_PORT=8084
 FL_FREIGHT_SECRET="{{ lookup('passwordstore', 'Travail/Fretlink/Macaroons/Freight subkey=Secret') }}"
 
 FL_BOOKKEEPING_SECRET="dummy"
+FL_LANE_EXPLORER_SECRET="dummy"
 
 FL_PSQL_HOST="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Local subkey=Host') }}"
 FL_PSQL_PORT="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Local subkey=Port') }}"
 FL_PSQL_USER="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Local subkey=User') }}"
 FL_PSQL_PASSWORD="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Local') }}"
 
-FL_GEODATA_DEV_PSQL_HOST="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Dev/Geodata subkey=Host') }}"
-FL_GEODATA_DEV_PSQL_PORT="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Dev/Geodata subkey=Port') }}"
-FL_GEODATA_DEV_PSQL_USER="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Dev/Geodata subkey=User') }}"
-FL_GEODATA_DEV_PSQL_PASSWORD="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Dev/Geodata') }}"
-FL_GEODATA_DEV_PSQL_DB="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Dev/Geodata subkey=Database') }}"
-
-FL_NOTIFIER_DEV_PSQL_HOST="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Dev/Notifier subkey=Host') }}"
-FL_NOTIFIER_DEV_PSQL_PORT="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Dev/Notifier subkey=Port') }}"
-FL_NOTIFIER_DEV_PSQL_USER="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Dev/Notifier subkey=User') }}"
-FL_NOTIFIER_DEV_PSQL_PASSWORD="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Dev/Notifier') }}"
-FL_NOTIFIER_DEV_PSQL_DB="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Dev/Notifier subkey=Database') }}"
-
 FL_TOOLBOX_AGENT_MACAROON="{{ lookup('passwordstore', 'Travail/Fretlink/Macaroons/ToolboxAgent') }}"
 
+export FRETLINK_ENV="$APP ${FL_ENV:-local}"
+
 if [ -f "local.env.example" ]; then
   source local.env.example
 fi
@@ -109,17 +113,12 @@ if [ "$APP" != "app" ]; then
     export POSTGRESQL_ADDON_PASSWORD="$FL_PSQL_PASSWORD"
     export POSTGRESQL_ADDON_DB="$name"
   else
-    postgresql_host="FL_${name^^}_${FL_ENV^^}_PSQL_HOST"
-    postgresql_port="FL_${name^^}_${FL_ENV^^}_PSQL_PORT"
-    postgresql_user="FL_${name^^}_${FL_ENV^^}_PSQL_USER"
-    postgresql_password="FL_${name^^}_${FL_ENV^^}_PSQL_PASSWORD"
-    postgresql_db="FL_${name^^}_${FL_ENV^^}_PSQL_DB"
-    export FRETLINK_ENV="$FL_ENV"
-    export POSTGRESQL_ADDON_HOST="${!postgresql_host}"
-    export POSTGRESQL_ADDON_PORT="${!postgresql_port}"
-    export POSTGRESQL_ADDON_USER="${!postgresql_user}"
-    export POSTGRESQL_ADDON_PASSWORD="${!postgresql_password}"
-    export POSTGRESQL_ADDON_DB="${!postgresql_db}"
+    key=Psql/$(capitalize $FL_ENV)/$(capitalize $APP)
+    export POSTGRESQL_ADDON_HOST=$(p $key Host)
+    export POSTGRESQL_ADDON_PORT=$(p $key Port)
+    export POSTGRESQL_ADDON_USER=$(p $key User)
+    export POSTGRESQL_ADDON_PASSWORD=$(p $key)
+    export POSTGRESQL_ADDON_DB=$(p $key Database)
   fi
 fi
 
@@ -133,21 +132,35 @@ if [ "$APP" = "app" ]; then
   export FRETLINK_AMAZON_PUBLIC_KEY="password"
   export FRETLINK_AMAZON_PRIVATE_KEY="password"
   export FRETLINK_GMAPS_API_KEY="password"
+  export FRETLINK_PASSWORD_REQUEST_SECRET="password"
 
   # secret
   export FRETLINK_MACAROON_SECRET=$FL_APP_SECRET
 
   # carrier directory
-  export CARRIER_DIRECTORY_URI="$FL_CARRIER_DIRECTORY_URL"
+  export CARRIER_DIRECTORY_URI="$FL_CARRIER_DIRECTORY_URL/"
   export FRETLINK_CARDIR_URL="$FL_CARRIER_DIRECTORY_URL"
   export FRETLINK_CARDIR_ENABLED="true"
+  export FRETLINK_CARDIRV3_ACCESS_KEY="$(build_macaroon $FL_CARRIER_DIRECTORY_SECRET carrier-directory carrier-directory carrier-directory::read)"
 
   # notifier
   export FRETLINK_NOTIFIER_API=$FL_NOTIFIER_URL
-  export FRETLINK_NOTIFIER_ACCESS_KEY="$(build_macaroon --old $FL_NOTIFIER_PRIVATE_KEY notifier notifier messaging)"
+  export FRETLINK_NOTIFIER_ACCESS_KEY="$(build_macaroon $FL_NOTIFIER_SECRET notifier notifier messaging)"
   export FRETLINK_NOTIFIER_TRANSPOREON_ACCESS_KEY="$(build_macaroon --old $FL_NOTIFIER_PRIVATE_KEY notifier notifier external)"
   export FRETLINK_NOTIFIER_TRANSPOREON_ENABLED="true"
 
+  export FRETLINK_NOTIFIER_ENABLED="true"
+  export FRETLINK_NOTIFIER_AMQP_ENABLED="true"
+  export FRETLINK_NOTIFIER_AMQP_TLS="{{ lookup('passwordstore', 'Travail/Fretlink/Rabbitmq/Local/Notifier subkey=TLS') }}"
+  export FRETLINK_NOTIFIER_AMQP_USER="{{ lookup('passwordstore', 'Travail/Fretlink/Rabbitmq/Local/Notifier subkey=User') }}"
+  export FRETLINK_NOTIFIER_AMQP_PASSWORD="{{ lookup('passwordstore', 'Travail/Fretlink/Rabbitmq/Local/Notifier') }}"
+  export FRETLINK_NOTIFIER_AMQP_HOSTS="{{ lookup('passwordstore', 'Travail/Fretlink/Rabbitmq/Local/Notifier subkey=Hosts') }}"
+  export FRETLINK_NOTIFIER_AMQP_QUEUE="{{ lookup('passwordstore', 'Travail/Fretlink/Rabbitmq/Local/Notifier subkey=Queue') }}"
+  export FRETLINK_NOTIFIER_AMQP_EXCHANGE="{{ lookup('passwordstore', 'Travail/Fretlink/Rabbitmq/Local/Notifier subkey=Exchange') }}"
+  export FRETLINK_NOTIFIER_AMQP_PORT="{{ lookup('passwordstore', 'Travail/Fretlink/Rabbitmq/Local/Notifier subkey=Port') }}"
+  export FRETLINK_NOTIFIER_AMQP_VHOST="{{ lookup('passwordstore', 'Travail/Fretlink/Rabbitmq/Local/Notifier subkey=Vhost') }}"
+
+
   # admin-root
   export FRETLINK_ADMINROOT_URL=$FL_ADMIN_ROOT_URL
   export FRETLINK_ADMINROOT_ACCESS_KEY="$(build_macaroon $FL_ADMIN_ROOT_PRIVATE_KEY admin-root admin-root admin-root::token-delivery)"
@@ -155,6 +168,7 @@ if [ "$APP" = "app" ]; then
   # geodata
   export FRETLINK_GEODATA_API="{{ lookup('passwordstore', 'Travail/Fretlink/Macaroons/GeodataDev subkey=Url') }}"
   export FRETLINK_GEODATA_ACCESS_KEY="{{ lookup('passwordstore', 'Travail/Fretlink/Macaroons/GeodataDev') }}"
+  export GEODATA_URI="$FRETLINK_GEODATA_API"
 fi
 
 if [ "$APP" = "admin-root" ]; then
@@ -166,10 +180,12 @@ if [ "$APP" = "admin-root" ]; then
   export CARDIR_MACAROON_SECRET=$FL_CARRIER_DIRECTORY_SECRET
   export NOTIFIER_MACAROON_SECRET=$FL_NOTIFIER_SECRET
   export BOOKKEEPING_MACAROON_SECRET=$FL_BOOKKEEPING_SECRET
+  export LANE_EXPLORER_MACAROON_SECRET=$FL_LANE_EXPLORER_SECRET
 fi
 
 if [ "$APP" = "carrier-directory" ]; then
   export ADMIN_BASE_URL=$FL_APP_URL
+  export ACCESS_KEY="$(build_macaroon $FL_CARRIER_DIRECTORY_SECRET carrier-directory carrier-directory carrier-directory::read)"
 fi
 
 if [ "$APP" = "notifier" ]; then
@@ -178,6 +194,7 @@ if [ "$APP" = "notifier" ]; then
   export TEMPLATES_ASSETS_BASE_URL="http://dummy/"
   export TRANSPOREON_USER="{{ lookup('passwordstore', 'Travail/Fretlink/Transporeon/ApiTest subkey=Login') }}"
   export TRANSPOREON_PASSWORD="{{ lookup('passwordstore', 'Travail/Fretlink/Transporeon/ApiTest') }}"
+  export TRANSPOREON_HOST="api.test.transporeon.com"
   export TRANSPOREON_CALLBACK_USER="{{ lookup('passwordstore', 'Travail/Fretlink/Transporeon/NotifierCallbackTest subkey=Login') }}"
   export TRANSPOREON_CALLBACK_PASSWORD="{{ lookup('passwordstore', 'Travail/Fretlink/Transporeon/NotifierCallbackTest') }}"
 
@@ -188,7 +205,16 @@ if [ "$APP" = "notifier" ]; then
   export MACAROON="$(build_macaroon --old $FL_NOTIFIER_PRIVATE_KEY notifier notifier external)"
 
   # To push transporeon cargos to app
-  APP_TRANSPOREON_PUSH_MACAROON="$(build_macaroon $FL_APP_SECRET notifier app app::transporeon-cargos-write)"
+  export TRANSPOREON_APP_PUSH_URL="http://localhost:8080/api/transporeon/cargo"
+  export TRANSPOREON_APP_PUSH_MACAROON="$(build_macaroon $FL_APP_SECRET notifier app app::transporeon-cargos-write)"
+
+  # AMQP
+  export AMQP_VHOST="notifier"
+  export AMQP_USER="notifier"
+  export AMQP_PASSWORD="notifier"
+  export AMQP_QUEUE="notifier"
+  export AMQP_SERVER="localhost"
+  export AMQP_TLS="false"
 fi
 
 if [ "$APP" = "pricer" ]; then
My Ansible home manager - Deprecated