add var to make the creds optional

This commit is contained in:
cbackas 2023-06-13 11:08:14 -05:00
parent ceda4c41cc
commit 0e701bbece
4 changed files with 27 additions and 4 deletions

View file

@ -885,6 +885,8 @@ matrix_synapse_ext_synapse_s3_storage_provider_config_region_name: ''
matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url: ''
matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id: ''
matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key: ''
# Enable this to use EC2 instance profile metadata to grab IAM credentials instead of passing credentials directly.
matrix_synapse_ext_synapse_s3_storage_provider_config_ec2_instance_profile: false
matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled: false
matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key: ''
matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo: 'AES256'

View file

@ -1,14 +1,27 @@
---
- name: Set base required s3-storage-provider settings
set_fact:
base_s3_storage_provider_config:
- "matrix_synapse_ext_synapse_s3_storage_provider_config_bucket"
- "matrix_synapse_ext_synapse_s3_storage_provider_config_region_name"
- "matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url"
- name: Set optional required s3-storage-provider settings
set_fact:
optional_s3_storage_provider_config:
- "matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id"
- "matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key"
- name: Prepare a list of required s3-storage-provider settings
set_fact:
required_s3_settings: "{{ base_s3_storage_provider_config + (optional_s3_storage_provider_config if not matrix_synapse_ext_synapse_s3_storage_provider_config_ec2_instance_profile|default(false)|bool else []) }}"
- name: Fail if required s3-storage-provider settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`) for using s3-storage-provider.
when: "vars[item] == ''"
with_items:
- "matrix_synapse_ext_synapse_s3_storage_provider_config_bucket"
- "matrix_synapse_ext_synapse_s3_storage_provider_config_region_name"
- "matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url"
with_items: "{{ required_s3_settings }}"
- name: Fail if required matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url looks invalid
ansible.builtin.fail:

View file

@ -1,3 +1,7 @@
{% if not matrix_synapse_ext_synapse_s3_storage_provider_config_ec2_instance_profile|default(false)|bool %}
AWS_ACCESS_KEY_ID={{ matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id }}
AWS_SECRET_ACCESS_KEY={{ matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key }}
{% endif %}
AWS_DEFAULT_REGION={{ matrix_synapse_ext_synapse_s3_storage_provider_config_region_name }}
ENDPOINT={{ matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url }}

View file

@ -6,6 +6,10 @@ config:
bucket: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_bucket | to_json }}
region_name: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_region_name | to_json }}
endpoint_url: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url | to_json }}
{% if not matrix_synapse_ext_synapse_s3_storage_provider_config_ec2_instance_profile|default(false)|bool %}
access_key_id: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id | to_json }}
secret_access_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key | to_json }}
{% endif %}
{% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %}
sse_customer_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key | to_json }}