From 8e4060aa5af520258f9467c585144a52f4989773 Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Tue, 5 May 2026 03:42:48 +0000
Subject: [PATCH] fix: require microservices doppler token

---
 ansible/roles/doppler-bootstrap/tasks/main.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/doppler-bootstrap/tasks/main.yml b/ansible/roles/doppler-bootstrap/tasks/main.yml
index c04eab9..62ec075 100644
--- a/ansible/roles/doppler-bootstrap/tasks/main.yml
+++ b/ansible/roles/doppler-bootstrap/tasks/main.yml
@@ -12,6 +12,12 @@
       - ghcr_read_token | default("") | length > 0
     fail_msg: ghcr_username and ghcr_read_token must be provided for private MicroServices image pulls.
 
+- name: Ensure OpenStaticFish MicroServices Doppler token is provided
+  assert:
+    that:
+      - doppler_openstaticfish_microservices_service_token | default("") | length > 0
+    fail_msg: doppler_openstaticfish_microservices_service_token must be provided for MicroServices runtime secrets.
+
 - name: Ensure external-secrets namespace exists
   shell: kubectl create namespace external-secrets --dry-run=client -o yaml | kubectl apply -f -
   changed_when: true
@@ -35,7 +41,6 @@
     --dry-run=client -o yaml | kubectl apply -f -
   changed_when: true
   no_log: true
-  when: doppler_openstaticfish_microservices_service_token | default("") | length > 0
 
 - name: Apply GHCR pull secret for private MicroServices images
   shell: >-