Secretfixed

README.md

@@ -84,7 +84,9 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | Version of the Jenkins chart that will be used to deploy Jenkins application. | `string` | `"2025.2.0"` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Name of the Kubernetes namespace where the Jenkins deployment will be deployed. | `string` | `"sonarqube"` | no |
-| <a name="input_sonarqube_config"></a> [sonarqube\_config](#input\_sonarqube\_config) | Specify the configuration settings for Sonarqube, including the hostname, storage options, and custom YAML values. | `any` | <pre>{<br/>  "grafana_monitoring_enabled": false,<br/>  "hostname": "",<br/>  "postgresql_external_server_url": "",<br/>  "postgresql_password_external": "",<br/>  "postgresql_volume_size": "",<br/>  "sonarqube_volume_size": "",<br/>  "storage_class_name": "",<br/>  "values_yaml": ""<br/>}</pre> | no |
+
+| <a name="input_sonarqube_config"></a> [sonarqube\_config](#input\_sonarqube\_config) | Specify the configuration settings for Sonarqube, including the hostname, storage options, and custom YAML values. | `any` | <pre>{<br/>  "grafana_monitoring_enabled": false,<br/>  "hostname": "",<br/>  "postgresql_external_server_url": "",<br/>  "postgresql_password_external": "",<br/>  "postgresql_volume_size": "",<br/>  "sonarqube_volume_size": "",<br/>  "storage_class_name": "",<br/>  "updateExistingSonarqube": false,<br/>  "values_yaml": ""<br/>}</pre> | no |
+
 
 ## Outputs
 

examples/complete/aws/main.tf

@@ -8,10 +8,9 @@ locals {
     Department = "Engineering"
   }
 }
-
 module "sonarqube" {
   source  = "squareops/sonarqube/kubernetes"
-  version = "3.1.0"
+  version = "3.1.1"
   sonarqube_config = {
     hostname                       = "sonarqube.squareops.in"
     values_yaml                    = file("./helm/values.yaml")
@@ -24,5 +23,11 @@ module "sonarqube" {
     postgresql_current_password    = "xxxxxxxxxxx" # if you upgrade sonarqube then you have to provide your previous postgresql password ##Secret name=sonarqube-sonarqube-admin-password
     postgresql_password_external   = ""
     postgresql_external_server_url = ""
+    sonarqube_password             = "xxxxx"
+
+    updateExistingSonarqube     = false # if you have existing sonarqube and want to upgrade,then enable it.
+    updateExistingSonarqubePassword  = false #if you want to update password,enable it and pass sonarqube_current_password(old),sonarqube_password(new)
+    sonarqube_current_password  = "xxxxxx" # if you upgrade sonarqube then you have to provide your previous sonarqube password ##Secret name=sonarqube-sonarqube-admin-password
+    postgresql_current_password = "xxxxxxx" # if you upgrade sonarqube then you have to provide your previous postgresql password  ##Secret name=sonarqube-postgresql
   }
 }

examples/complete/azure/main.tf

@@ -11,7 +11,7 @@ locals {
 
 module "sonarqube" {
   source  = "squareops/sonarqube/kubernetes"
-  version = "3.1.0"
+  version = "3.1.1"
   sonarqube_config = {
     hostname                       = "sonarqube.squareops.in"
     values_yaml                    = file("./helm/values.yaml")
@@ -22,7 +22,14 @@ module "sonarqube" {
     monitoringPasscode             = "xxxxxxx"
     sonarqube_current_password     = "xxxxxxx"     # if you upgrade sonarqube then you have to provide your previous sonarqube password ##Secret name=sonarqube-postgresql
     postgresql_current_password    = "xxxxxxxxxxx" # if you upgrade sonarqube then you have to provide your previous postgresql password ##Secret name=sonarqube-sonarqube-admin-password
+
     postgresql_password_external   = ""
     postgresql_external_server_url = ""
+    sonarqube_password             = ""
+
+    updateExistingSonarqube     = false # if you have existing sonarqube and want to upgrade,then enable it.
+    updateExistingSonarqubePassword  = false #if you want to update password,enable it and pass sonarqube_current_password(old),sonarqube_password(new)
+    sonarqube_current_password  = "xxxxxx" # if you upgrade sonarqube then you have to provide your previous sonarqube password ##Secret name=sonarqube-sonarqube-admin-password
+    postgresql_current_password = "xxxxxxx" # if you upgrade sonarqube then you have to provide your previous postgresql password  ##Secret name=sonarqube-postgresql
   }
 }

examples/complete/gcp/main.tf

@@ -11,7 +11,7 @@ locals {
 
 module "sonarqube" {
   source  = "squareops/sonarqube/kubernetes"
-  version = "3.1.0"
+  version = "3.1.1"
   sonarqube_config = {
     hostname                       = "sonarqube.squareops.in"
     values_yaml                    = file("./helm/values.yaml")
@@ -24,5 +24,11 @@ module "sonarqube" {
     postgresql_current_password    = "xxxxxxxxxxx" # if you upgrade sonarqube then you have to provide your previous postgresql password ##Secret name=sonarqube-sonarqube-admin-password
     postgresql_password_external   = ""
     postgresql_external_server_url = ""
+    sonarqube_password             = ""
+
+    updateExistingSonarqube     = false # if you have existing sonarqube and want to upgrade,then enable it.
+    updateExistingSonarqubePassword  = false #if you want to update password,enable it and pass sonarqube_current_password(old),sonarqube_password(new)
+    sonarqube_current_password  = "xxxxxx" # if you upgrade sonarqube then you have to provide your previous sonarqube password ##Secret name=sonarqube-sonarqube-admin-password
+    postgresql_current_password = "xxxxxxx" # if you upgrade sonarqube then you have to provide your previous postgresql password  ##Secret name=sonarqube-postgresql
   }
 }

main.tf

@@ -1,6 +1,23 @@
 locals {
   count = var.sonarqube_config.postgresql_external_server_url != "" ? [] : [1]
+
+  effective_sonarqube_password = (
+    var.sonarqube_config.updateExistingSonarqubePassword == true
+    ? var.sonarqube_config.sonarqube_password
+    : (
+      var.sonarqube_config.sonarqube_password != ""
+      ? var.sonarqube_config.sonarqube_password
+      : random_password.sonarqube_password.result
+    )
+  )
+
+  effective_postgresql_password = (
+    var.sonarqube_config.postgresql_current_password != "" && var.sonarqube_config.updateExistingSonarqube == true
+    ? var.sonarqube_config.postgresql_current_password
+    : random_password.postgresql_password.result
+  )
 }
+
 resource "random_password" "sonarqube_password" {
   length  = 20
   special = true
@@ -39,8 +56,8 @@ resource "helm_release" "sonarqube" {
       postgresql_password            = var.sonarqube_config.postgresql_current_password != "" ? var.sonarqube_config.postgresql_current_password : random_password.postgresql_password.result
       postgresql_disk_size           = var.sonarqube_config.postgresql_volume_size
       prometheus_exporter_enable     = var.sonarqube_config.grafana_monitoring_enabled
-      postgresql_password_external   = var.sonarqube_config.postgresql_password_external
       postgresql_external_server_url = var.sonarqube_config.postgresql_external_server_url
+      postgresql_password_external   = var.sonarqube_config.postgresql_password_external
 
     }),
     var.sonarqube_config.values_yaml
@@ -62,6 +79,7 @@ resource "helm_release" "sonarqube" {
   }
 }
 resource "kubernetes_manifest" "migration_job" {
+  count = var.sonarqube_config.updateExistingSonarqube ? 1 : 0
   manifest = {
     apiVersion = "batch/v1"
     kind       = "Job"
@@ -95,3 +113,47 @@ resource "kubernetes_manifest" "migration_job" {
     }
   }
 }
+
+
+resource "kubernetes_manifest" "sonarqube_password_reset_job" {
+  count = var.sonarqube_config.updateExistingSonarqubePassword ? 1 : 0
+
+  manifest = {
+    apiVersion = "batch/v1"
+    kind       = "Job"
+    metadata = {
+      name      = "sonarqube-password-reset"
+      namespace = "sonarqube"
+    }
+    spec = {
+      backoffLimit = 4
+      completions  = 1
+      parallelism  = 1
+      ttlSecondsAfterFinished: 60  
+      template = {
+        spec = {
+          restartPolicy = "Never"
+          containers = [
+            {
+              name  = "password-reset"
+              image = "curlimages/curl:8.5.0"
+              command = [
+                "sh", "-c", <<-EOT
+                  echo "Resetting SonarQube admin password..." &&
+                  curl -s -X POST -u admin:"${var.sonarqube_config.sonarqube_current_password}" \
+                    "http://sonarqube-sonarqube:9000/api/users/change_password" \
+                    --data-urlencode "login=admin" \
+                    --data-urlencode "previousPassword=${var.sonarqube_config.sonarqube_current_password}" \
+                    --data-urlencode "password=${var.sonarqube_config.sonarqube_password}" \
+                    -w "%%{http_code}" -o /dev/null
+                  echo "Password change complete."
+                EOT
+              ]
+            }
+          ]
+        }
+      }
+    }
+  }
+}
+

outputs.tf

@@ -2,13 +2,13 @@ output "sonarqube" {
   description = "Sonarqube Credentials "
   value = {
     username = "admin",
-    password = nonsensitive(random_password.sonarqube_password.result),
+    password = nonsensitive(local.effective_sonarqube_password),
     url      = var.sonarqube_config.hostname
   }
 }
 
 output "sonarqube_postgresql_password" {
-  value       = random_password.postgresql_password.result
+  value       = nonsensitive(local.effective_postgresql_password)
   description = "Password for the PostgreSQL database deployed with SonarQube"
   sensitive   = true
 }

variables.tf

@@ -9,6 +9,7 @@ variable "sonarqube_config" {
     grafana_monitoring_enabled     = false
     postgresql_password_external   = ""
     postgresql_external_server_url = ""
+    updateExistingSonarqube        = false
   }
   description = "Specify the configuration settings for Sonarqube, including the hostname, storage options, and custom YAML values."
 }
@@ -19,6 +20,7 @@ variable "chart_version" {
   description = "Version of the Jenkins chart that will be used to deploy Jenkins application."
 }
 
+
 variable "namespace" {
   type        = string
   default     = "sonarqube"