Use "password" for additional Postgres databases, not "pass"

Being more explicit sounds better.
3 years ago · 46a4034d3e
parent 3a037a5993
commit 46a4034d3e
4 changed files with 19 additions and 19 deletions
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@ -894,77 +894,77 @@ matrix_postgres_additional_databases: |
    ([{
      'name': 'matrix_appservice_discord',
      'username': 'matrix_appservice_discord',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_discord.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_discord.db.secret') | string,
    }] if matrix_appservice_discord_enabled else [])
    + ([{
      'name': 'matrix_appservice_slack',
      'username': 'matrix_appservice_slack',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_slack.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_slack.db.secret') | string,
    }] if matrix_appservice_slack_enabled else [])
    + ([{
      'name': 'matrix_appservice_irc',
      'username': 'matrix_appservice_irc',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_irc.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_irc.db.secret') | string,
    }] if matrix_appservice_irc_enabled else [])
    + ([{
      'name': 'mautrix_bridge_facebook',
      'username': 'mautrix_bridge_facebook',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_facebook.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_facebook.db.secret') | string,
    }] if matrix_mautrix_facebook_enabled else [])
    + ([{
      'name': 'mautrix_bridge_hangouts',
      'username': 'mautrix_bridge_hangouts',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_hangouts.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_hangouts.db.secret') | string,
    }] if matrix_mautrix_hangouts_enabled else [])
    + ([{
      'name': 'mautrix_bridge_telegram',
      'username': 'mautrix_bridge_telegram',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_telegram.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_telegram.db.secret') | string,
    }] if matrix_mautrix_telegram_enabled else [])
    + ([{
      'name': 'mautrix_bridge_whatsapp',
      'username': 'mautrix_bridge_whatsapp',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_whatsapp.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_whatsapp.db.secret') | string,
    }] if matrix_mautrix_whatsapp_enabled else [])
    + ([{
      'name': 'matrix_bridge_sms',
      'username': 'matrix_bridge_sms',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'bridge_sms.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'bridge_sms.db.secret') | string,
    }] if matrix_sms_bridge_enabled else [])
    + ([{
      'name': 'matrix_puppet_skype',
      'username': 'matrix_puppet_skype',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_skype.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_skype.db.secret') | string,
    }] if matrix_mx_puppet_skype_enabled else [])
    + ([{
      'name': 'matrix_puppet_slack',
      'username': 'matrix_puppet_slack',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_slack.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_slack.db.secret') | string,
    }] if matrix_mx_puppet_slack_enabled else [])
    + ([{
      'name': 'matrix_puppet_twitter',
      'username': 'matrix_puppet_twitter',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_twitter.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_twitter.db.secret') | string,
    }] if matrix_mx_puppet_twitter_enabled else [])
    + ([{
      'name': 'matrix_puppet_instagram',
      'username': 'matrix_puppet_instagram',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_insta.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_insta.db.secret') | string,
    }] if matrix_mx_puppet_instagram_enabled else [])
    + ([{
      'name': 'matrix_puppet_discord',
      'username': 'matrix_puppet_discord',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_puppet.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_puppet.db.secret') | string,
    }] if matrix_mx_puppet_discord_enabled else [])
    + ([{
      'name': 'matrix_puppet_steam',
      'username': 'matrix_puppet_steam',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_steam.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_steam.db.secret') | string,
    }] if matrix_mx_puppet_steam_enabled else [])
    + ([{
      'name': 'matrix_dimension',
      'username': 'matrix_dimension',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'dimension.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'dimension.db.secret') | string,
    }] if matrix_dimension_enabled else [])
  }}

--- a/roles/matrix-postgres/defaults/main.yml
+++ b/roles/matrix-postgres/defaults/main.yml
@ -37,8 +37,8 @@ matrix_postgres_container_postgres_bind_port: ""
 # matrix_postgres_additional_databases:
 #   - name: matrix_appservice_discord
 #     username: matrix_appservice_discord
-#     pass: some_password
+#     password: some_password
 #   - name: matrix_appservice_slack
 #     username: matrix_appservice_slack
-#     pass: some_password
+#     password: some_password
 matrix_postgres_additional_databases: []
--- a/roles/matrix-postgres/tasks/util/create_additional_database.yml
+++ b/roles/matrix-postgres/tasks/util/create_additional_database.yml
@ -6,7 +6,7 @@
  fail:
    msg: "Additional database definition ({{ additional_db }} lacks a required key: {{ item }}"
  when: "item not in additional_db"
-  with_items: "{{ ['name', 'username', 'pass'] }}"
+  with_items: "{{ ['name', 'username', 'password'] }}"

 # The SQL statements that we'll run against Postgres are stored in a file that others can't read.
 # This file will be mounted into the container and fed to Postgres.
--- a/roles/matrix-postgres/templates/init-additional-db-user-and-role.sql.j2
+++ b/roles/matrix-postgres/templates/init-additional-db-user-and-role.sql.j2
@ -10,7 +10,7 @@ $$;

 -- This is useful for initial user creation (since we don't assign a password above) and for handling subsequent password changes
 -- TODO - we should escape quotes in the password.
-ALTER ROLE {{ additional_db.username }} PASSWORD '{{ additional_db.pass }}';
+ALTER ROLE {{ additional_db.username }} PASSWORD '{{ additional_db.password }}';

 -- This will generate an error on subsequent execution
 CREATE DATABASE {{ additional_db.name }} WITH LC_CTYPE 'C' LC_COLLATE 'C' OWNER {{ additional_db.username }};