Merge pull request #56 from cisagov/improvement/update_usage_of_ansib…

…le-role-cyhy-core Update the role for changes in `cisagov/ansible-role-cyhy-core`
cisagov · Jul 10, 2024 · f5bf2e4 · f5bf2e4
2 parents d504cb6 + 6a867dc
commit f5bf2e4
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -46,9 +46,11 @@ None.
 
 | Variable | Description | Default | Required |
 |----------|-------------|---------|----------|
-| cyhy_archive_file_owner_group | The name of the group that should own any files or directories created by this role. | [Omitted](https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#making-variables-optional) | No |
-| cyhy_archive_file_owner_username | The name of the user that should own any files or directories created by this role. | [Omitted](https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#making-variables-optional) | No |
-| cyhy_archive_maxmind_license_key | The MaxMind license key that provides access to a GeoIP2 database subscription. | n/a | Yes |
+| cyhy\_archive\_file\_owner\_group | The name of the group that should own any files or directories created by this role. | [Omitted](https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#making-variables-optional) | No |
+| cyhy\_archive\_file\_owner\_username | The name of the user that should own any files or directories created by this role. | [Omitted](https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#making-variables-optional) | No |
+| cyhy\_archive\_install\_geoipupdate | Whether to install the MaxMind geoipupdate tool. | `false` | No |
+| cyhy\_archive\_maxmind\_account\_id | The MaxMind account ID for access to a GeoIP2 database subscription. | n/a | Yes |
+| cyhy\_archive\_maxmind\_license\_key | The MaxMind license key that provides access to a GeoIP2 database subscription. | n/a | Yes |
 
 ## Dependencies ##
 

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+# This mirrors the defaults in cisagov/ansible-role-cyhy-core and
+# cisagov/ansible-role-geoip2
+cyhy_archive_install_geoipupdate: false
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
@@ -9,4 +9,5 @@
       ansible.builtin.include_role: # noqa var-naming[no-role-prefix]
         name: ansible-role-cyhy-archive
       vars:
+        cyhy_archive_maxmind_account_id: "{{ lookup('aws_ssm', '/cyhy/core/geoip/account_id', region='us-east-1') }}"
         cyhy_archive_maxmind_license_key: "{{ lookup('aws_ssm', '/cyhy/core/geoip/license_key', region='us-east-1') }}"
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -3,6 +3,8 @@
   ansible.builtin.include_role:
     name: cyhy_core
   vars:
+    cyhy_core_install_geoipupdate: "{{ cyhy_archive_install_geoipupdate }}"
+    cyhy_core_maxmind_account_id: "{{ cyhy_archive_maxmind_account_id }}"
     cyhy_core_maxmind_license_key: "{{ cyhy_archive_maxmind_license_key }}"
 
 - name: Create the /var/cyhy/scripts directory

diff --git a/terraform/user.tf b/terraform/user.tf
@@ -10,6 +10,9 @@ module "user" {
     aws.images-staging-ssm                 = aws
   }
 
-  entity         = "ansible-role-cyhy-archive"
-  ssm_parameters = ["/cyhy/core/geoip/license_key"]
+  entity = "ansible-role-cyhy-archive"
+  ssm_parameters = [
+    "/cyhy/core/geoip/account_id",
+    "/cyhy/core/geoip/license_key",
+  ]
 }