From ef1fef97dee3ae291344478d987108836e9a664d Mon Sep 17 00:00:00 2001
From: Joel Diaz <jdiaz@redhat.com>
Date: Thu, 15 Oct 2015 14:16:38 -0400
Subject: Removed AWS keys from command line, and substituted with environment
 variable lookup.

---
 playbooks/adhoc/s3_registry/s3_registry.j2  |  4 ++--
 playbooks/adhoc/s3_registry/s3_registry.yml | 13 ++++++++++++-
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/playbooks/adhoc/s3_registry/s3_registry.j2 b/playbooks/adhoc/s3_registry/s3_registry.j2
index 026b24456..acfa89515 100644
--- a/playbooks/adhoc/s3_registry/s3_registry.j2
+++ b/playbooks/adhoc/s3_registry/s3_registry.j2
@@ -7,8 +7,8 @@ storage:
   cache:
     layerinfo: inmemory
   s3:
-    accesskey: {{ accesskey }}
-    secretkey: {{ secretkey }}
+    accesskey: {{ aws_access_key }}
+    secretkey: {{ aws_secret_key }}
     region: us-east-1
     bucket: {{ clusterid }}-docker
     encrypt: true
diff --git a/playbooks/adhoc/s3_registry/s3_registry.yml b/playbooks/adhoc/s3_registry/s3_registry.yml
index 30b873db3..92be64e17 100644
--- a/playbooks/adhoc/s3_registry/s3_registry.yml
+++ b/playbooks/adhoc/s3_registry/s3_registry.yml
@@ -10,11 +10,22 @@
   remote_user: root
   gather_facts: False
 
+  vars:
+    aws_access_key: "{{ lookup('env', 'AWS_SECRET_ACCESS_KEY') }}"
+    aws_secret_key: "{{ lookup('env', 'AWS_ACCESS_KEY_ID') }}"
   tasks:
 
+  - name: Check for AWS creds
+    fail: 
+      msg: "Couldn't find {{ item }} creds in ENV"
+    when: "{{ item }} == ''"
+    with_items:
+    - aws_access_key
+    - aws_secret_key
+
   - name: Create S3 bucket
     local_action:
-      module: s3 bucket="{{ clusterid }}-docker" mode=create aws_access_key={{ accesskey|quote }} aws_secret_key={{ secretkey|quote }}
+      module: s3 bucket="{{ clusterid }}-docker" mode=create
 
   - name: Generate docker registry config
     template: src="s3_registry.j2" dest="/root/config.yml" owner=root mode=0600
-- 
cgit v1.2.3