From e24d06b1f69410a991c7e3313f674189935e43fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= <fzatlouk@redhat.com>
Date: Tue, 27 Sep 2022 20:51:43 +0200
Subject: [PATCH] Blockerbugs: spearate stg/prod credentials

---
 playbooks/openshift-apps/blockerbugs.yml      | 40 +++++++++++++++----
 .../blockerbugs/templates/cron.yml            | 14 ++++++-
 .../templates/deploymentconfig.yml            | 14 ++++++-
 3 files changed, 57 insertions(+), 11 deletions(-)

diff --git a/playbooks/openshift-apps/blockerbugs.yml b/playbooks/openshift-apps/blockerbugs.yml
index 3ca4c4ab9d..268877bccb 100644
--- a/playbooks/openshift-apps/blockerbugs.yml
+++ b/playbooks/openshift-apps/blockerbugs.yml
@@ -10,7 +10,7 @@
     - packages
 
 - name: setup the database
-  hosts: db01.stg.iad2.fedoraproject.org:db01.iad2.fedoraproject.org
+  hosts: db01.stg.iad2.fedoraproject.org
   gather_facts: no
   become: yes
   become_user: postgres
@@ -22,17 +22,43 @@
   tasks:
   - name: Create the database user
     postgresql_user:
-      name: "{{ blockerbugs_db_user }}"
-      password: "{{ blockerbugs_db_password }}"
+      name: "{{ stg_blockerbugs_db_user }}"
+      password: "{{ stg_blockerbugs_db_password }}"
   - name: Create the database itself
     postgresql_db:
-      name: "{{ blockerbugs_db_name  }}"
-      owner: "{{ blockerbugs_db_user }}"
+      name: "{{ stg_blockerbugs_db_name  }}"
+      owner: "{{ stg_blockerbugs_db_user }}"
       encoding: UTF-8
   - name: Test the database creation
     postgresql_db:
-      name: "{{ blockerbugs_db_name  }}"
-      owner: "{{ blockerbugs_db_user }}"
+      name: "{{ stg_blockerbugs_db_name  }}"
+      owner: "{{ stg_blockerbugs_db_user }}"
+      encoding: UTF-8
+
+- name: setup the database
+  hosts: db01.iad2.fedoraproject.org
+  gather_facts: no
+  become: yes
+  become_user: postgres
+  vars_files:
+  - /srv/web/infra/ansible/vars/global.yml
+  - "/srv/private/ansible/vars.yml"
+  - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml"
+
+  tasks:
+  - name: Create the database user
+    postgresql_user:
+      name: "{{ prod_blockerbugs_db_user }}"
+      password: "{{ prod_blockerbugs_db_password }}"
+  - name: Create the database itself
+    postgresql_db:
+      name: "{{ prod_blockerbugs_db_name  }}"
+      owner: "{{ prod_blockerbugs_db_user }}"
+      encoding: UTF-8
+  - name: Test the database creation
+    postgresql_db:
+      name: "{{ prod_blockerbugs_db_name  }}"
+      owner: "{{ prod_blockerbugs_db_user }}"
       encoding: UTF-8
 
 - name: make the app be real
diff --git a/roles/openshift-apps/blockerbugs/templates/cron.yml b/roles/openshift-apps/blockerbugs/templates/cron.yml
index f3d2600230..1636e44242 100644
--- a/roles/openshift-apps/blockerbugs/templates/cron.yml
+++ b/roles/openshift-apps/blockerbugs/templates/cron.yml
@@ -27,8 +27,13 @@ spec:
               value: "db01{{ env_suffix }}.iad2.fedoraproject.org"
             - name: POSTGRESQL_SERVICE_PORT
               value: "5432"
+{% if env == 'staging' %}
             - name: POSTGRESQL_PASSWORD
-              value: "{{ blockerbugs_db_password }}"
+              value: "{{ stg_blockerbugs_db_password }}"
+{% else %}
+            - name: POSTGRESQL_PASSWORD
+              value: "{{ prod_blockerbugs_db_password }}"
+{% endif %}
             - name: SECRET_KEY
               value: "{{ blockerbugs_secret_key }}"
             - name: BLOCKERBUGS_URL
@@ -55,8 +60,13 @@ spec:
               value: "{{ blockerbugs_pagure_url }}api/0/"
             - name: BUGZILLA_URL
               value: "{{ blockerbugs_bugzilla_url }}"
+{% if env == 'staging' %}
             - name: BUGZILLA_API_KEY
-              value: "{{ blockerbugs_bz_api_key }}"
+              value: "{{ stg_blockerbugs_bz_api_key }}"
+{% else %}
+            - name: BUGZILLA_API_KEY
+              value: "{{ prod_blockerbugs_bz_api_key }}"
+{% endif %}
             - name: BODHI_URL
               value: "https://bodhi{{ env_suffix }}.fedoraproject.org/"
             - name: OPENSHIFT_PROD
diff --git a/roles/openshift-apps/blockerbugs/templates/deploymentconfig.yml b/roles/openshift-apps/blockerbugs/templates/deploymentconfig.yml
index 3d6847ca6f..9760eb7b0e 100644
--- a/roles/openshift-apps/blockerbugs/templates/deploymentconfig.yml
+++ b/roles/openshift-apps/blockerbugs/templates/deploymentconfig.yml
@@ -45,8 +45,13 @@ spec:
           value: "db01{{ env_suffix }}.iad2.fedoraproject.org"
         - name: POSTGRESQL_SERVICE_PORT
           value: "5432"
+{% if env == 'staging' %}
         - name: POSTGRESQL_PASSWORD
-          value: "{{ blockerbugs_db_password }}"
+          value: "{{ stg_blockerbugs_db_password }}"
+{% else %}
+        - name: POSTGRESQL_PASSWORD
+          value: "{{ prod_blockerbugs_db_password }}"
+{% endif %}
         - name: SECRET_KEY
           value: "{{ blockerbugs_secret_key }}"
         - name: BLOCKERBUGS_URL
@@ -73,8 +78,13 @@ spec:
           value: "{{ blockerbugs_pagure_url }}api/0/"
         - name: BUGZILLA_URL
           value: "{{ blockerbugs_bugzilla_url }}"
+{% if env == 'staging' %}
         - name: BUGZILLA_API_KEY
-          value: "{{ blockerbugs_bz_api_key }}"
+          value: "{{ stg_blockerbugs_bz_api_key }}"
+{% else %}
+        - name: BUGZILLA_API_KEY
+          value: "{{ prod_blockerbugs_bz_api_key }}"
+{% endif %}
         - name: BODHI_URL
           value: "https://bodhi{{ env_suffix }}.fedoraproject.org/"
         - name: OPENSHIFT_PROD