From 5dba0c038b6c19a9b430210cfaaa7538e383cef9 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 14 Dec 2020 11:47:00 +0200
Subject: [PATCH] Make --tags=import-generic-sqlite-db commands not pass a
 sensitive connection string around

Instead of passing the connection string, we can now pass a name of a
variable, which contains a connection string.

Both are supported for having extra flexibility.
---
 .../tasks/setup_install.yml                   |  2 +-
 .../tasks/import_generic_sqlite_db.yml        | 27 ++++++++++++++-----
 2 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml
index 86a5fe517..a9d8da4c4 100644
--- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml
+++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml
@@ -15,7 +15,7 @@
         To continue using SQLite, opt into it explicitly: add `matrix_appservice_discord_database_engine: sqlite` to your vars.yml file and re-run this same command.
         Alternatively, to migrate your existing SQLite database to Postgres:
         1. Stop all services (`ansible-playbook -i inventory/hosts setup.yml --tags=stop`)
-        2. Import the SQLite database into Postgres (`ansible-playbook -v -i inventory/hosts setup.yml --tags=import-generic-sqlite-db --extra-vars='sqlite_database_path={{ matrix_appservice_discord_sqlite_database_path_local }} postgres_db_connection_string={{ matrix_appservice_discord_database_connString }}'`)
+        2. Import the SQLite database into Postgres (`ansible-playbook -v -i inventory/hosts setup.yml --tags=import-generic-sqlite-db --extra-vars='sqlite_database_path={{ matrix_appservice_discord_sqlite_database_path_local }} postgres_connection_string_variable_name=matrix_appservice_discord_database_connString'`)
         3. Re-run the playbook (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`)
     when: "matrix_appservice_discord_sqlite_database_path_local_stat_result.stat.exists"
   when: "matrix_appservice_discord_database_engine == 'postgres'"
diff --git a/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml b/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml
index f2798a73d..a42c6f552 100644
--- a/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml
+++ b/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml
@@ -12,13 +12,6 @@
     msg: "The `sqlite_database_path` variable needs to be provided to this playbook, via --extra-vars"
   when: "sqlite_database_path is not defined or sqlite_database_path.startswith('<')"
 
-- name: Fail if playbook called incorrectly
-  fail:
-    msg: >-
-      The `postgres_db_connection_string` variable needs to be provided to this playbook, via `--extra-vars`.
-      Example: `--extra-vars="postgres_db_connection_string=postgresql://username:password@localhost:<port>/database_name`"
-  when: "postgres_db_connection_string is not defined or not postgres_db_connection_string.startswith('postgresql://')"
-
 - name: Check if the provided SQLite database file exists
   stat:
     path: "{{ sqlite_database_path }}"
@@ -29,6 +22,26 @@
     msg: "File cannot be found on the server at {{ sqlite_database_path }}"
   when: "not sqlite_database_path_stat_result.stat.exists"
 
+# We either expect `postgres_db_connection_string` specifying a full Postgres database connection string,
+# or `postgres_connection_string_variable_name`, specifying a name of a variable, which contains a valid connection string.
+
+- block:
+    - name: Fail if postgres_connection_string_variable_name points to an undefined variable
+      fail: msg="postgres_connection_string_variable_name is defined, but there is no variable with the name `{{ postgres_connection_string_variable_name }}`"
+      when: "postgres_connection_string_variable_name not in vars"
+
+    - name: Get Postgres connection string from variable
+      set_fact:
+        postgres_db_connection_string: "{{ lookup('vars', postgres_connection_string_variable_name) }}"
+  when: 'postgres_connection_string_variable_name is defined'
+
+- name: Fail if playbook called incorrectly
+  fail:
+    msg: >-
+      Either a `postgres_db_connection_string` variable or a `postgres_connection_string_variable_name` needs to be provided to this playbook, via `--extra-vars`.
+      Example: `--extra-vars="postgres_db_connection_string=postgresql://username:password@localhost:<port>/database_name"` or `--extra-vars="postgres_connection_string_variable_name=matrix_appservice_discord_database_connString"`
+  when: "postgres_db_connection_string is not defined or not postgres_db_connection_string.startswith('postgresql://')"
+
 
 # Defaults