From 99117a532b3acb069a02528174d430d9011d3f7f Mon Sep 17 00:00:00 2001
From: Anish Lakhwara <anish+github@lakhwara.com>
Date: Fri, 7 Jul 2023 09:15:36 -0700
Subject: [PATCH] feat: configure mongodb firewall (#949)

Co-authored-by: Anish Lakhwara <anish+git@lakhwara.com>
---
 ansible/playbooks/do_setup.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/ansible/playbooks/do_setup.yml b/ansible/playbooks/do_setup.yml
index 16d5907b..e7d117b5 100644
--- a/ansible/playbooks/do_setup.yml
+++ b/ansible/playbooks/do_setup.yml
@@ -166,6 +166,16 @@
       ansible.builtin.set_fact:
         lb_id: "{{ lb_id_result.stdout | from_json | json_query('load_balancers[0].id') }}"
 
+  # FIREWALL
+  # ===========================================
+    - name: d_ocean | db | get db firewall list
+      ansible.builtin.command: doctl db firewalls list {{ db_uuid }} -o json
+      register: db_firewalls
+
+    - name: d_ocean | db | configure firewall for mongoDB
+      ansible.builtin.command: doctl db firewalls append {{ db_uuid }} --rule k8s:{{ my_cluster.data.id }}
+      when: "db_firewalls.stdout == []"
+
   # DNS
   # ===========================================
     - name: d_ocean | dns | grab loadbalancer ip using doctl