Use "password" for additional Postgres databases, not "pass"

Being more explicit sounds better.

group_vars/matrix_servers

@@ -894,77 +894,77 @@ matrix_postgres_additional_databases: |
     ([{
       'name': 'matrix_appservice_discord',
       'username': 'matrix_appservice_discord',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_discord.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_discord.db.secret') | string,
     }] if matrix_appservice_discord_enabled else [])
     + ([{
       'name': 'matrix_appservice_slack',
       'username': 'matrix_appservice_slack',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_slack.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_slack.db.secret') | string,
     }] if matrix_appservice_slack_enabled else [])
     + ([{
       'name': 'matrix_appservice_irc',
       'username': 'matrix_appservice_irc',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_irc.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_irc.db.secret') | string,
     }] if matrix_appservice_irc_enabled else [])
     + ([{
       'name': 'mautrix_bridge_facebook',
       'username': 'mautrix_bridge_facebook',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_facebook.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_facebook.db.secret') | string,
     }] if matrix_mautrix_facebook_enabled else [])
     + ([{
       'name': 'mautrix_bridge_hangouts',
       'username': 'mautrix_bridge_hangouts',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_hangouts.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_hangouts.db.secret') | string,
     }] if matrix_mautrix_hangouts_enabled else [])
     + ([{
       'name': 'mautrix_bridge_telegram',
       'username': 'mautrix_bridge_telegram',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_telegram.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_telegram.db.secret') | string,
     }] if matrix_mautrix_telegram_enabled else [])
     + ([{
       'name': 'mautrix_bridge_whatsapp',
       'username': 'mautrix_bridge_whatsapp',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_whatsapp.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_whatsapp.db.secret') | string,
     }] if matrix_mautrix_whatsapp_enabled else [])
     + ([{
       'name': 'matrix_bridge_sms',
       'username': 'matrix_bridge_sms',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'bridge_sms.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'bridge_sms.db.secret') | string,
     }] if matrix_sms_bridge_enabled else [])
     + ([{
       'name': 'matrix_puppet_skype',
       'username': 'matrix_puppet_skype',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_skype.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_skype.db.secret') | string,
     }] if matrix_mx_puppet_skype_enabled else [])
     + ([{
       'name': 'matrix_puppet_slack',
       'username': 'matrix_puppet_slack',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_slack.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_slack.db.secret') | string,
     }] if matrix_mx_puppet_slack_enabled else [])
     + ([{
       'name': 'matrix_puppet_twitter',
       'username': 'matrix_puppet_twitter',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_twitter.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_twitter.db.secret') | string,
     }] if matrix_mx_puppet_twitter_enabled else [])
     + ([{
       'name': 'matrix_puppet_instagram',
       'username': 'matrix_puppet_instagram',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_insta.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_insta.db.secret') | string,
     }] if matrix_mx_puppet_instagram_enabled else [])
     + ([{
       'name': 'matrix_puppet_discord',
       'username': 'matrix_puppet_discord',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_puppet.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_puppet.db.secret') | string,
     }] if matrix_mx_puppet_discord_enabled else [])
     + ([{
       'name': 'matrix_puppet_steam',
       'username': 'matrix_puppet_steam',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_steam.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_steam.db.secret') | string,
     }] if matrix_mx_puppet_steam_enabled else [])
     + ([{
       'name': 'matrix_dimension',
       'username': 'matrix_dimension',
-      'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'dimension.db.secret') | string
+      'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'dimension.db.secret') | string,
     }] if matrix_dimension_enabled else [])
   }}
 

roles/matrix-postgres/defaults/main.yml

@@ -37,8 +37,8 @@ matrix_postgres_container_postgres_bind_port: ""
 # matrix_postgres_additional_databases:
 #   - name: matrix_appservice_discord
 #     username: matrix_appservice_discord
-#     pass: some_password
+#     password: some_password
 #   - name: matrix_appservice_slack
 #     username: matrix_appservice_slack
-#     pass: some_password
+#     password: some_password
 matrix_postgres_additional_databases: []

roles/matrix-postgres/tasks/util/create_additional_database.yml

@@ -6,7 +6,7 @@
   fail:
     msg: "Additional database definition ({{ additional_db }} lacks a required key: {{ item }}"
   when: "item not in additional_db"
-  with_items: "{{ ['name', 'username', 'pass'] }}"
+  with_items: "{{ ['name', 'username', 'password'] }}"
 
 # The SQL statements that we'll run against Postgres are stored in a file that others can't read.
 # This file will be mounted into the container and fed to Postgres.

roles/matrix-postgres/templates/init-additional-db-user-and-role.sql.j2

@@ -10,7 +10,7 @@ $$;
 
 -- This is useful for initial user creation (since we don't assign a password above) and for handling subsequent password changes
 -- TODO - we should escape quotes in the password.
-ALTER ROLE {{ additional_db.username }} PASSWORD '{{ additional_db.pass }}';
+ALTER ROLE {{ additional_db.username }} PASSWORD '{{ additional_db.password }}';
 
 -- This will generate an error on subsequent execution
 CREATE DATABASE {{ additional_db.name }} WITH LC_CTYPE 'C' LC_COLLATE 'C' OWNER {{ additional_db.username }};