---
# hashistack variable injection playbook
- name: "Load global variables"
  block:
    - name: "Stat global configuration file"
      ansible.builtin.stat:
        path: "{{ configuration_directory }}/{{ configuration_global_vars_file }}"
      register: _global_config_file
      delegate_to: localhost

    - name: "Make sure global configuration file exists"
      ansible.builtin.assert:
        that:
          - _global_config_file.stat.exists
        fail_msg: >-
          Main configuration file {{ _global_config_file.stat.path }} was not found, cannot continue without it.
      delegate_to: localhost

    - name: "Load global variables"
      ansible.builtin.include_vars:
        dir: "{{ configuration_directory }}"
        files_matching: "{{ configuration_global_vars_file }}"
        depth: 1
      delegate_to: localhost

- name: "Load credentials variables"
  block:
    - name: "Stat credentials file"
      ansible.builtin.stat:
        path: "{{ sub_configuration_directories['secrets'] }}/{{ configuration_credentials_vars_file }}"
      register: _credentials_file
      delegate_to: localhost

    - name: "Stat vault credentials file"
      ansible.builtin.stat:
        path: "{{ sub_configuration_directories['secrets'] }}/vault.yml"
      register: _vault_credentials_file
      delegate_to: localhost

    - name: "Make sure credentials file exists"
      ansible.builtin.assert:
        that:
          - _credentials_file.stat.exists
        fail_msg: >-
          Credentials file {{ _credentials_file.stat.path }} was not found, cannot continue without it.
      delegate_to: localhost

    - name: "Load credentials variables"
      ansible.builtin.include_vars:
        dir: "{{ sub_configuration_directories['secrets'] }}"
        files_matching: "{{ configuration_credentials_vars_file }}"
        depth: 1
        name: _credentials
      delegate_to: localhost

    - name: "Load vault credentials if vault.yml exists"
      ansible.builtin.include_vars:
        dir: "{{ sub_configuration_directories['secrets'] }}"
        files_matching: "vault.yml"
        depth: 1
        name: _vault_credentials
      when: _vault_credentials_file.stat.exists
      delegate_to: localhost

    - name: "Merge vault credentials into _credentials"
      vars:
        _config_to_merge:
          vault: "{{ _vault_credentials }}"
      ansible.builtin.set_fact:
        _credentials: "{{ _credentials | combine(_vault_credentials, recursive=true) }}"
      when: _vault_credentials_file.stat.exists
      delegate_to: localhost

- name: "Load group specific variables"
  block:
    - name: "Stat group specific config file"
      ansible.builtin.stat:
        path: "{{ configuration_directory }}/{{ group_name }}/{{ configuration_global_vars_file }}"
      register: _group_config_file
      loop: "{{ group_names }}"
      loop_control:
        loop_var: group_name

    - name: Load group specific variables
      ansible.builtin.include_vars:
        dir: "{{ configuration_directory }}/{{ item.group_name }}"
        files_matching: "{{ configuration_global_vars_file }}"
        depth: 1
      loop: "{{ _group_config_file.results }}"
      when: item.stat.exists
        and item.group_name in group_names
      loop_control:
        loop_var: item
      delegate_to: localhost

- name: "Load host specific variables"
  block:
    - name: "Stat host specific config file"
      ansible.builtin.stat:
        path: "{{ configuration_directory }}/{{ group_name }}/{{ inventory_hostname }}/{{ configuration_global_vars_file }}"
      register: _host_config_file
      loop: "{{ group_names }}"
      loop_control:
        loop_var: group_name
      delegate_to: localhost

    - name: Load host specific variables
      ansible.builtin.include_vars:
        dir: "{{ configuration_directory }}/{{ item.group_name }}/{{ inventory_hostname }}"
        files_matching: "{{ configuration_global_vars_file }}"
      loop: "{{ _host_config_file.results }}"
      when: item.stat.exists
      loop_control:
        loop_var: item
      delegate_to: localhost

- name: "Ensure remote directories exists"
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    owner: root
    group: root
    mode: 0755
    recurse: yes
  loop:
    - "{{ hashistack_remote_config_dir }}"
    - "{{ hashistack_remote_data_dir }}"

- name: "Load custom CA certificates"
  block:
    - name: "Check if CA directory exists"
      ansible.builtin.stat:
        path: "{{ sub_configuration_directories['certificates'] }}/ca"
      register: _hashistack_ca_directory
      delegate_to: localhost

    - name: "Find custom ca certificates to copy"
      ansible.builtin.find:
        paths: "{{ sub_configuration_directories['certificates'] }}/ca"
        patterns: "*.crt"
      register: _hashistack_cacert_files
      delegate_to: localhost
      when: _hashistack_ca_directory.stat.exists and _hashistack_ca_directory.stat.isdir

    - ansible.builtin.debug:
        msg: "{{ _hashistack_cacert_files }}"

    - name: "Ensure remote ca directory exists"
      ansible.builtin.file:
        path: "{{ hashistack_remote_config_dir }}/ca"
        state: directory
        owner: root
        group: root
        mode: 0755

    - name: "Copy custom ca certificates"
      ansible.builtin.copy:
        src: "{{ item.path }}"
        dest: "{{ hashistack_remote_config_dir }}/ca/{{ item.path | basename }}"
        owner: root
        group: root
        mode: 0644
      loop: "{{ _hashistack_cacert_files.files }}"
      register: _hashistack_copied_ca

    - name: "Copy and update trust store"
      block:
        - name: "Copy ca certificates to /usr/loca/share/ca-certificates"
          ansible.builtin.file:
            state: link
            src: "{{ item.dest }}"
            dest: "/usr/local/share/ca-certificates/hashistack-customca-{{ item.dest | basename }}"
            owner: root
            group: root
          loop: "{{ _hashistack_copied_ca.results }}"
          register: _hashistack_usr_local_share_ca_certificates

        - name: "Update the trust store"
          ansible.builtin.command: update-ca-certificates
          changed_when: false
          when: _hashistack_usr_local_share_ca_certificates.changed

    # - name: "Initialize list of CA certificates"
    #   ansible.builtin.set_fact:
    #     hashistack_cacert_extra_files: []
    #   delegate_to: localhost

    # - name: "Add custom CA to list of extra certificates"
    #   ansible.builtin.set_fact:
    #     hashistack_cacert_extra_files: "{{
    #       hashistack_cacert_extra_files | default([])
    #       + [{'src': item.path, 'dest': '/etc/ssl/certs/hashistack-custom-' + item.path | basename}] }}"
    #   loop: "{{ _hashistack_cacert_files.files }}"
    #   delegate_to: localhost
    #   when: _hashistack_cacert_files.matched > 0

- name: "Merge consul configurations"
  ansible.builtin.import_tasks:
    file: "consul/consul_vars.yml"
  when:
    - enable_consul | bool
    - "('consul_servers' in group_names) or ('consul_agents' in group_names)"

- name: "Merge vault configurations"
  ansible.builtin.import_tasks:
    file: "vault/vault_vars.yml"
  when:
    - enable_vault | bool
    - "'vault_servers' in group_names"

- debug:
    msg: "{{ deploy_haproxy_frontends }}"

- debug:
    msg: "{{ deploy_haproxy_backends }}"
# - fail: