squareops · amanravi-squareops · Mar 28, 2025 · Mar 31, 2025 · Mar 31, 2025 · Mar 31, 2025
diff --git a/README.md b/README.md
@@ -84,7 +84,9 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | Version of the Jenkins chart that will be used to deploy Jenkins application. | `string` | `"2025.2.0"` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Name of the Kubernetes namespace where the Jenkins deployment will be deployed. | `string` | `"sonarqube"` | no |
-| <a name="input_sonarqube_config"></a> [sonarqube\_config](#input\_sonarqube\_config) | Specify the configuration settings for Sonarqube, including the hostname, storage options, and custom YAML values. | `any` | <pre>{<br/>  "grafana_monitoring_enabled": false,<br/>  "hostname": "",<br/>  "postgresql_external_server_url": "",<br/>  "postgresql_password_external": "",<br/>  "postgresql_volume_size": "",<br/>  "sonarqube_volume_size": "",<br/>  "storage_class_name": "",<br/>  "values_yaml": ""<br/>}</pre> | no |
+
+| <a name="input_sonarqube_config"></a> [sonarqube\_config](#input\_sonarqube\_config) | Specify the configuration settings for Sonarqube, including the hostname, storage options, and custom YAML values. | `any` | <pre>{<br/>  "grafana_monitoring_enabled": false,<br/>  "hostname": "",<br/>  "postgresql_external_server_url": "",<br/>  "postgresql_password_external": "",<br/>  "postgresql_volume_size": "",<br/>  "sonarqube_volume_size": "",<br/>  "storage_class_name": "",<br/>  "updateExistingSonarqube": false,<br/>  "values_yaml": ""<br/>}</pre> | no |
+
 
 ## Outputs
 

diff --git a/examples/complete/aws/README.md b/examples/complete/aws/README.md
@@ -50,6 +50,7 @@ No requirements.
 
 | Name | Source | Version |
 |------|--------|---------|
+
 | <a name="module_sonarqube"></a> [sonarqube](#module\_sonarqube) | squareops/sonarqube/kubernetes | 3.1.0 |
 
 ## Resources

diff --git a/examples/complete/aws/main.tf b/examples/complete/aws/main.tf
@@ -8,7 +8,6 @@ locals {
     Department = "Engineering"
   }
 }
-
 module "sonarqube" {
   source  = "squareops/sonarqube/kubernetes"
   version = "3.1.0"
@@ -19,10 +18,14 @@ module "sonarqube" {
     sonarqube_volume_size          = "5Gi"
     postgresql_volume_size         = "10Gi"
     grafana_monitoring_enabled     = false
-    monitoringPasscode             = "xxxxxxx"
-    sonarqube_current_password     = "xxxxxxx"     # if you upgrade sonarqube then you have to provide your previous sonarqube password ##Secret name=sonarqube-postgresql
-    postgresql_current_password    = "xxxxxxxxxxx" # if you upgrade sonarqube then you have to provide your previous postgresql password ##Secret name=sonarqube-sonarqube-admin-password
+    monitoringPasscode             = ""
     postgresql_password_external   = ""
     postgresql_external_server_url = ""
+    sonarqube_password             = "" # secret must be 15 characters long and contain at least one uppercase letter, one lowercase letter, one number, and one special character
+
+    updateExistingSonarqube         = false # if you have existing sonarqube and want to upgrade,then enable it.
+    updateExistingSonarqubePassword = false #if you want to update password,enable it and pass sonarqube_current_password(old),sonarqube_password(new)
+    sonarqube_current_password      = ""    # if you upgrade sonarqube then you have to provide your previous sonarqube password ##Secret name=sonarqube-sonarqube-admin-password
+    postgresql_current_password     = ""    # if you upgrade sonarqube then you have to provide your previous postgresql password  ##Secret name=sonarqube-postgresql
   }
 }
diff --git a/examples/complete/azure/main.tf b/examples/complete/azure/main.tf
@@ -11,18 +11,22 @@ locals {
 
 module "sonarqube" {
   source  = "squareops/sonarqube/kubernetes"
-  version = "3.1.0"
+  version = "3.1.1"
   sonarqube_config = {
     hostname                       = "sonarqube.squareops.in"
     values_yaml                    = file("./helm/values.yaml")
     storage_class_name             = "gp2"
     sonarqube_volume_size          = "5Gi"
     postgresql_volume_size         = "10Gi"
     grafana_monitoring_enabled     = false
-    monitoringPasscode             = "xxxxxxx"
-    sonarqube_current_password     = "xxxxxxx"     # if you upgrade sonarqube then you have to provide your previous sonarqube password ##Secret name=sonarqube-postgresql
-    postgresql_current_password    = "xxxxxxxxxxx" # if you upgrade sonarqube then you have to provide your previous postgresql password ##Secret name=sonarqube-sonarqube-admin-password
+    monitoringPasscode             = ""
     postgresql_password_external   = ""
     postgresql_external_server_url = ""
+    sonarqube_password             = ""
+
+    updateExistingSonarqube     = false # if you have existing sonarqube and want to upgrade,then enable it.
+    updateExistingSonarqubePassword  = false #if you want to update password,enable it and pass sonarqube_current_password(old),sonarqube_password(new)
+    sonarqube_current_password  = "xxxxxx" # if you upgrade sonarqube then you have to provide your previous sonarqube password ##Secret name=sonarqube-sonarqube-admin-password
+    postgresql_current_password = "xxxxxxx" # if you upgrade sonarqube then you have to provide your previous postgresql password  ##Secret name=sonarqube-postgresql
   }
 }
diff --git a/examples/complete/gcp/main.tf b/examples/complete/gcp/main.tf
@@ -11,18 +11,23 @@ locals {
 
 module "sonarqube" {
   source  = "squareops/sonarqube/kubernetes"
-  version = "3.1.0"
+  version = "3.1.1"
+
   sonarqube_config = {
     hostname                       = "sonarqube.squareops.in"
     values_yaml                    = file("./helm/values.yaml")
     storage_class_name             = "gp2"
     sonarqube_volume_size          = "5Gi"
     postgresql_volume_size         = "10Gi"
-    grafana_monitoring_enabled     = false
-    monitoringPasscode             = "xxxxxxx"
-    sonarqube_current_password     = "xxxxxxx"     # if you upgrade sonarqube then you have to provide your previous sonarqube password ##Secret name=sonarqube-postgresql
-    postgresql_current_password    = "xxxxxxxxxxx" # if you upgrade sonarqube then you have to provide your previous postgresql password ##Secret name=sonarqube-sonarqube-admin-password
+    grafana_monitoring_enabled     = falset
+    monitoringPasscode             = ""
     postgresql_password_external   = ""
     postgresql_external_server_url = ""
+    sonarqube_password             = ""
+
+    updateExistingSonarqube     = false # if you have existing sonarqube and want to upgrade,then enable it.
+    updateExistingSonarqubePassword  = false #if you want to update password,enable it and pass sonarqube_current_password(old),sonarqube_password(new)
+    sonarqube_current_password  = "xxxxxx" # if you upgrade sonarqube then you have to provide your previous sonarqube password ##Secret name=sonarqube-sonarqube-admin-password
+    postgresql_current_password = "xxxxxxx" # if you upgrade sonarqube then you have to provide your previous postgresql password  ##Secret name=sonarqube-postgresql
   }
 }
diff --git a/main.tf b/main.tf
@@ -1,5 +1,9 @@
 locals {
   count = var.sonarqube_config.postgresql_external_server_url != "" ? [] : [1]
+
+  effective_sonarqube_password  = var.sonarqube_config.sonarqube_password != "" ? var.sonarqube_config.sonarqube_password : random_password.sonarqube_password.result
+
+  effective_postgresql_password = var.sonarqube_config.postgresql_current_password != "" && var.sonarqube_config.updateExistingSonarqube == true ? var.sonarqube_config.postgresql_current_password : random_password.postgresql_password.result
 }
 resource "random_password" "sonarqube_password" {
   length  = 20
@@ -39,8 +43,8 @@ resource "helm_release" "sonarqube" {
       postgresql_password            = var.sonarqube_config.postgresql_current_password != "" ? var.sonarqube_config.postgresql_current_password : random_password.postgresql_password.result
       postgresql_disk_size           = var.sonarqube_config.postgresql_volume_size
       prometheus_exporter_enable     = var.sonarqube_config.grafana_monitoring_enabled
-      postgresql_password_external   = var.sonarqube_config.postgresql_password_external
       postgresql_external_server_url = var.sonarqube_config.postgresql_external_server_url
+      postgresql_password_external   = var.sonarqube_config.postgresql_password_external
 
     }),
     var.sonarqube_config.values_yaml
@@ -95,3 +99,47 @@ resource "kubernetes_manifest" "migration_job" {
     }
   }
 }
+
+
+resource "kubernetes_manifest" "sonarqube_password_reset_job" {
+  count = var.sonarqube_config.updateExistingSonarqubePassword ? 1 : 0
+
+  manifest = {
+    apiVersion = "batch/v1"
+    kind       = "Job"
+    metadata = {
+      name      = "sonarqube-password-reset"
+      namespace = "sonarqube"
+    }
+    spec = {
+      backoffLimit = 4
+      completions  = 1
+      parallelism  = 1
+      ttlSecondsAfterFinished: 60  
+      template = {
+        spec = {
+          restartPolicy = "Never"
+          containers = [
+            {
+              name  = "password-reset"
+              image = "curlimages/curl:8.5.0"
+              command = [
+                "sh", "-c", <<-EOT
+                  echo "Resetting SonarQube admin password..." &&
+                  curl -s -X POST -u admin:"${var.sonarqube_config.sonarqube_current_password}" \
+                    "http://sonarqube-sonarqube:9000/api/users/change_password" \
+                    --data-urlencode "login=admin" \
+                    --data-urlencode "previousPassword=${var.sonarqube_config.sonarqube_current_password}" \
+                    --data-urlencode "password=${var.sonarqube_config.sonarqube_password}" \
+                    -w "%%{http_code}" -o /dev/null
+                  echo "Password change complete."
+                EOT
+              ]
+            }
+          ]
+        }
+      }
+    }
+  }
+}
+
diff --git a/outputs.tf b/outputs.tf
@@ -2,13 +2,13 @@ output "sonarqube" {
   description = "Sonarqube Credentials "
   value = {
     username = "admin",
-    password = nonsensitive(random_password.sonarqube_password.result),
+    password = nonsensitive(local.effective_sonarqube_password),
     url      = var.sonarqube_config.hostname
   }
 }
 
 output "sonarqube_postgresql_password" {
-  value       = random_password.postgresql_password.result
+  value       = nonsensitive(local.effective_postgresql_password)
   description = "Password for the PostgreSQL database deployed with SonarQube"
   sensitive   = true
 }

diff --git a/variables.tf b/variables.tf
@@ -9,6 +9,7 @@ variable "sonarqube_config" {
     grafana_monitoring_enabled     = false
     postgresql_password_external   = ""
     postgresql_external_server_url = ""
+    updateExistingSonarqube        = false
   }
   description = "Specify the configuration settings for Sonarqube, including the hostname, storage options, and custom YAML values."
 }
@@ -19,6 +20,7 @@ variable "chart_version" {
   description = "Version of the Jenkins chart that will be used to deploy Jenkins application."
 }
 
+
 variable "namespace" {
   type        = string
   default     = "sonarqube"