update password functionality

Author: divyanshujainSquareops

examples/complete/aws/main.tf

@@ -1,14 +1,13 @@
 locals {
-  name        = ""
-  region      = ""
+  name        = "test"
+  region      = "us-east-1"
   environment = ""
   additional_tags = {
     Owner      = "organization_name"
     Expires    = "Never"
     Department = "Engineering"
   }
 }
-
 module "sonarqube" {
   source  = "squareops/sonarqube/kubernetes"
   version = "3.1.1"
@@ -22,10 +21,11 @@ module "sonarqube" {
     monitoringPasscode             = ""
     postgresql_password_external   = ""
     postgresql_external_server_url = ""
-    sonarqube_password             = ""
+    sonarqube_password             = "xxxxx"
 
     updateExistingSonarqube     = false # if you have existing sonarqube and want to upgrade,then enable it.
-    sonarqube_current_password  = "xxxxx" # if you upgrade sonarqube then you have to provide your previous sonarqube password ##Secret name=sonarqube-postgresql
+    updateExistingSonarqubePassword  = false #if you want ti update password,enable it and pass sonarqube_current_password(old),sonarqube_password(new)
+    sonarqube_current_password  = "xxxxxx" # if you upgrade sonarqube then you have to provide your previous sonarqube password ##Secret name=sonarqube-postgresql
     postgresql_current_password = "xxxxxxx" # if you upgrade sonarqube then you have to provide your previous postgresql password ##Secret name=sonarqube-sonarqube-admin-password
   }
 }

examples/complete/aws/provider.tf

@@ -6,11 +6,11 @@ provider "aws" {
 }
 
 data "aws_eks_cluster" "cluster" {
-  name = ""
+  name = "test-divyanshu"
 }
 
 data "aws_eks_cluster_auth" "cluster" {
-  name = ""
+  name = "test-divyanshu"
 }
 
 

main.tf

@@ -1,5 +1,9 @@
 locals {
   count = var.sonarqube_config.postgresql_external_server_url != "" ? [] : [1]
+
+  effective_sonarqube_password  = var.sonarqube_config.sonarqube_password != "" ? var.sonarqube_config.sonarqube_password : random_password.sonarqube_password.result
+
+  effective_postgresql_password = var.sonarqube_config.postgresql_current_password != "" && var.sonarqube_config.updateExistingSonarqube == true ? var.sonarqube_config.postgresql_current_password : random_password.postgresql_password.result
 }
 resource "random_password" "sonarqube_password" {
   length  = 20
@@ -34,9 +38,9 @@ resource "helm_release" "sonarqube" {
       volume_size                    = var.sonarqube_config.sonarqube_volume_size
       sonarqube_sc                   = var.sonarqube_config.storage_class_name
       postgresql_enable              = var.sonarqube_config.postgresql_external_server_url != "" ? false : true
-      sonarqube_password             = var.sonarqube_config.sonarqube_password != "" ? var.sonarqube_config.sonarqube_password : random_password.sonarqube_password.result
+      sonarqube_password             = local.effective_sonarqube_password
       sonarqube_current_password     = var.sonarqube_config.updateExistingSonarqube == true ? var.sonarqube_config.sonarqube_current_password : "admin"
-      postgresql_password            = var.sonarqube_config.postgresql_current_password != "" && var.sonarqube_config.updateExistingSonarqube == true ? var.sonarqube_config.postgresql_current_password : random_password.postgresql_password.result
+      postgresql_password            = local.effective_postgresql_password
       postgresql_disk_size           = var.sonarqube_config.postgresql_volume_size
       prometheus_exporter_enable     = var.sonarqube_config.grafana_monitoring_enabled
       postgresql_external_server_url = var.sonarqube_config.postgresql_external_server_url
@@ -96,3 +100,47 @@ resource "kubernetes_manifest" "migration_job" {
     }
   }
 }
+
+
+resource "kubernetes_manifest" "sonarqube_password_reset_job" {
+  count = var.sonarqube_config.updateExistingSonarqubePassword ? 1 : 0
+
+  manifest = {
+    apiVersion = "batch/v1"
+    kind       = "Job"
+    metadata = {
+      name      = "sonarqube-password-reset"
+      namespace = "sonarqube"
+    }
+    spec = {
+      backoffLimit = 4
+      completions  = 1
+      parallelism  = 1
+      ttlSecondsAfterFinished: 60  
+      template = {
+        spec = {
+          restartPolicy = "Never"
+          containers = [
+            {
+              name  = "password-reset"
+              image = "curlimages/curl:8.5.0"
+              command = [
+                "sh", "-c", <<-EOT
+                  echo "Resetting SonarQube admin password..." &&
+                  curl -s -X POST -u admin:"${var.sonarqube_config.sonarqube_current_password}" \
+                    "http://sonarqube-sonarqube:9000/api/users/change_password" \
+                    --data-urlencode "login=admin" \
+                    --data-urlencode "previousPassword=${var.sonarqube_config.sonarqube_current_password}" \
+                    --data-urlencode "password=${var.sonarqube_config.sonarqube_password}" \
+                    -w "%%{http_code}" -o /dev/null
+                  echo "Password change complete."
+                EOT
+              ]
+            }
+          ]
+        }
+      }
+    }
+  }
+}
+

outputs.tf

@@ -2,13 +2,13 @@ output "sonarqube" {
   description = "Sonarqube Credentials "
   value = {
     username = "admin",
-    password = nonsensitive(random_password.sonarqube_password.result),
+    password = nonsensitive(local.effective_sonarqube_password),
     url      = var.sonarqube_config.hostname
   }
 }
 
 output "sonarqube_postgresql_password" {
-  value       = random_password.postgresql_password.result
+  value       = nonsensitive(local.effective_postgresql_password)
   description = "Password for the PostgreSQL database deployed with SonarQube"
   sensitive   = true
 }