Manage role is importing default passwords from engineblock role

[precurse]

Hello,

I'm in the process of testing out manage. I've run into an issue where one of the tasks is importing the default variables from the engineblock role here: https://github.com/OpenConext/OpenConext-deploy/blob/2bf406cedbb0ec1493a94678d97164a29667ae23/roles/manage-server/tasks/main.yml#L35-L37

Which is then overriding our group_vars set engine_api_profile_password variable with the text secret from this line: https://github.com/OpenConext/OpenConext-deploy/blob/master/roles/engineblock/defaults/main.yml#L57

It ultimately ends up setting the Manage application.yml file's push password to secret.

One way to fix this is by commenting out all passwords from the role default variables file. This is probably the safest way since there's no chance of accidentally successfully running a deployment with secret set as the password.

Any thoughts?

Thanks

[quartje]

Hi Andrew!

You're right, the task that included the Engineblock variables would override the secrets include task. I've fixed this by moving the shared variables to the root group_vars/all.yml file. I believe that should fix this issue.

Thanks for investigating this issue!