---
- name: "Consul"
  block:
    - name: "Include ednz_cloud.hashicorp_consul"
      ansible.builtin.include_role:
        name: ednz_cloud.hashicorp_consul

    - name: "Wait for consul cluster to initialize" # noqa: run-once[task]
      block:
        - name: "Wait for consul nodes to stabilize"
          ansible.builtin.wait_for:
            host: "{{ api_interface_address }}"
            port: "{{ consul_api_port[consul_api_scheme] }}"
            delay: 10

        - name: "Waiting for consul api to respond"
          ansible.builtin.uri:
            url: "{{ consul_api_addr }}"
            validate_certs: no
            return_content: yes
            status_code:
              - 200
          until: uri_output.status == 200
          retries: 24
          delay: 5
          register: uri_output

    - name: "Initialize consul cluster" # noqa: run-once[task]
      community.general.consul_acl_bootstrap:
        bootstrap_secret: "{{ _credentials.consul.root_token.secret_id }}"
        host: "{{ api_interface_address }}"
        port: "{{ consul_api_port[consul_api_scheme] }}"
        scheme: "{{ consul_api_scheme }}"
        state: present
      register: _consul_init_secret
      when:
        - consul_init_server
        - hashicorp_consul_configuration.acl.enabled

    - name: "Create consul agents token"
      when:
        - consul_init_server
        - hashicorp_consul_configuration.acl.enabled
      block:
        - name: "Create consul agents token" # noqa: run-once[task] no-handler
          block:
            - name: "Create consul agent policy"
              community.general.consul_policy:
                token: "{{ _credentials.consul.root_token.secret_id }}"
                host: "{{ api_interface_address }}"
                port: "{{ consul_api_port[consul_api_scheme] }}"
                scheme: "{{ consul_api_scheme }}"
                validate_certs: false
                state: present
                name: agents-policy
                rules: "{{ consul_default_agent_policy }}"
              register: _consul_agent_policy

            - name: "Create consul agents token"
              community.general.consul_token:
                token: "{{ _credentials.consul.root_token.secret_id }}"
                host: "{{ api_interface_address }}"
                port: "{{ consul_api_port[consul_api_scheme] }}"
                scheme: "{{ consul_api_scheme }}"
                validate_certs: false
                accessor_id: "{{ _credentials.consul.tokens.agent.accessor_id }}"
                secret_id: "{{ _credentials.consul.tokens.agent.secret_id }}"
                policies:
                  - id: "{{ _consul_agent_policy.policy.ID }}"
                state: present
              register: _consul_agent_token

            - name: "Restart consul service" # noqa: no-handler
              ansible.builtin.service:
                name: "{{ hashicorp_consul_service_name }}"
                state: restarted
              throttle: 1
              when: _consul_agent_token.changed