From 0a208bd1a9c9e9dbf0d13a89aba2d55bcef5484e Mon Sep 17 00:00:00 2001
From: Monty Taylor <mordred@inaugust.com>
Date: Fri, 25 Oct 2019 11:59:05 +0900
Subject: [PATCH] Add launchpadlib credentials to gerrit ansible

Gerrit needs to be able to update bugs on launchpad. For that we need
credentials.

Change-Id: I967ee8715e03298a2ab021f37e17dc5fbde6fee6
---
 .../files/gerrit-podman/docker-compose.yaml   |  1 +
 playbooks/roles/gerrit/tasks/main.yaml        | 19 +++++++++++++++++++
 .../roles/gerrit/templates/infra_lp_creds.j2  |  5 +++++
 playbooks/service-review-dev.yaml             |  3 +++
 4 files changed, 28 insertions(+)
 create mode 100644 playbooks/roles/gerrit/templates/infra_lp_creds.j2

diff --git a/playbooks/roles/gerrit/files/gerrit-podman/docker-compose.yaml b/playbooks/roles/gerrit/files/gerrit-podman/docker-compose.yaml
index 3ec71e443e..8faf28bea5 100644
--- a/playbooks/roles/gerrit/files/gerrit-podman/docker-compose.yaml
+++ b/playbooks/roles/gerrit/files/gerrit-podman/docker-compose.yaml
@@ -14,3 +14,4 @@ services:
       - /home/gerrit2/review_site/index:/var/gerrit/index
       - /home/gerrit2/review_site/logs:/var/log/gerrit
       - /home/gerrit2/review_site/static:/var/gerrit/static
+      - /home/gerrit2/.launchpadlib:/var/gerrit/.launchpadlib
diff --git a/playbooks/roles/gerrit/tasks/main.yaml b/playbooks/roles/gerrit/tasks/main.yaml
index b8614d2f00..be3c272978 100644
--- a/playbooks/roles/gerrit/tasks/main.yaml
+++ b/playbooks/roles/gerrit/tasks/main.yaml
@@ -98,6 +98,25 @@
     mode: 0644
   when: welcome_message_gerrit_ssh_public_key is defined
 
+# Make the directory even if we don't have creds to make
+# bind mounting in the docker-compose file simple.
+- name: Ensure launchpadlib directory exists
+  file:
+    state: directory
+    path: "{{ gerrit_home_dir }}/.launchpadlib"
+    owner: "{{ gerrit_user_name }}"
+    group: "{{ gerrit_user_name }}"
+    mode: 0775
+
+- name: Write Launchpad creds file
+  template:
+    src: infra_lp_creds.j2
+    dest: "{{ gerrit_home_dir }}/.launchpadlib/creds"
+    owner: "{{ gerrit_user_name }}"
+    group: "{{ gerrit_user_name }}"
+    mode: 0600
+  when: lp_access_token is defined
+
 - name: Copy static hooks
   copy:
     src: "hooks/{{ item }}"
diff --git a/playbooks/roles/gerrit/templates/infra_lp_creds.j2 b/playbooks/roles/gerrit/templates/infra_lp_creds.j2
new file mode 100644
index 0000000000..59fba116ae
--- /dev/null
+++ b/playbooks/roles/gerrit/templates/infra_lp_creds.j2
@@ -0,0 +1,5 @@
+[1]
+access_token = {{ gerrit_lp_access_token }}
+access_secret = {{ gerrit_lp_access_secret }}
+consumer_key = {{ gerrit_lp_consumer_key }}
+consumer_secret =
diff --git a/playbooks/service-review-dev.yaml b/playbooks/service-review-dev.yaml
index eb274834a8..e4a650a6c7 100644
--- a/playbooks/service-review-dev.yaml
+++ b/playbooks/service-review-dev.yaml
@@ -7,3 +7,6 @@
       gerrit_ssh_rsa_key_contents: "{{ gerrit_dev_ssh_rsa_key_contents }}"
       gerrit_ssh_rsa_pubkey_contents: "{{ gerrit_dev_ssh_rsa_pubkey_contents }}"
       gerrit_database_config_section: "{{ gerrit_dev_database_config_section }}"
+      gerrit_lp_access_token: "{{ gerrit_dev_lp_access_token }}"
+      gerrit_lp_access_secret: "{{ gerrit_dev_lp_access_secret }}"
+      gerrit_lp_consumer_key: "{{ gerrit_dev_lp_consumer_key }}"