---
# Tasks for container-mom-operator integration

# First, check if the required Forgejo credentials are available
- name: Verify Forgejo vault credentials are available
  ansible.builtin.assert:
    that:
      - global.forgejo is defined
      - global.forgejo.admin_username is defined
      - global.forgejo.admin_password is defined
    quiet: true
    fail_msg: "Required Forgejo credentials not found in vault. Please ensure global.forgejo.* variables are set."
    success_msg: "Forgejo credentials found in vault."

# Set API token - use vault value or fallback to empty string
- name: Set API token variable
  ansible.builtin.set_fact:
    forgejo_api_token: "{{ global.forgejo.api_token | default('') }}"

# Create Forgejo credentials secret for container-mom-operator
- name: Create Forgejo credentials secret for container-mom-operator
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Secret
      metadata:
        name: forgejo-credentials
        namespace: container-mom-system
      type: Opaque
      stringData:
        token: "{{ global.forgejo.api_token | default('') }}"
        username: "{{ global.forgejo.admin_username | default('') }}"
        password: "{{ global.forgejo.admin_password | default('') }}"
    kubeconfig: "{{ k8s_auth_params.kubeconfig }}"
    validate_certs: "{{ k8s_auth_params.validate_certs }}"

# Create ArgoCD integration secret for container-mom-operator
- name: Create ArgoCD integration secret for container-mom-operator
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Secret
      metadata:
        name: argocd-credentials
        namespace: container-mom-system
      type: Opaque
      stringData:
        namespace: "{{ argocd_namespace }}"
        url: "{{ argocd_url }}"
        token: "{{ global.argocd.auth_token | default('') }}"
    kubeconfig: "{{ k8s_auth_params.kubeconfig }}"
    validate_certs: "{{ k8s_auth_params.validate_certs }}"

# Check which Cloudflare credential format is used and set appropriate variables
- name: Set Cloudflare credential variables based on available format
  set_fact:
    cloudflare_api_token: "{{ global.cloudflare.api_token | default('') if global.cloudflare is mapping else global.cloudflare | default('') }}"
    cloudflare_zone_id: "{{ global.cloudflare.zone_id | default('') if global.cloudflare is mapping else '' }}"
    cloudflare_router_url: "{{ global.cloudflare.router_url | default('router-default.apps.hub.euw.container.mom') if global.cloudflare is mapping else 'router-default.apps.hub.euw.container.mom' }}"
  no_log: true

# Create the Cloudflare credentials secret
- name: Create Cloudflare credentials secret
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Secret
      metadata:
        name: cloudflare-credentials
        namespace: container-mom-system
      type: Opaque
      stringData:
        CLOUDFLARE_API_TOKEN: "{{ cloudflare_api_token }}"
        CLOUDFLARE_ZONE_ID: "{{ cloudflare_zone_id }}"
        OPENSHIFT_ROUTER_URL: "{{ cloudflare_router_url }}"
    kubeconfig: "{{ k8s_auth_params.kubeconfig }}"
    validate_certs: "{{ k8s_auth_params.validate_certs }}"
  when: global.cloudflare is defined or cloudflare_zone_id is defined
  no_log: true

# Create main operator secret with Stripe and Auth0 credentials
- name: Create container-mom-operator-secret for operator
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Secret
      metadata:
        name: container-mom-operator-secret
        namespace: container-mom-system
        annotations:
          "helm.sh/resource-policy": keep
      type: Opaque
      stringData:
        STRIPE_SECRET_KEY: "{{ global.stripe.secretKey | default('sk_test_placeholder') }}"
        STRIPE_WEBHOOK_SECRET: "{{ global.stripe.webhookSecret | default('whsec_placeholder') }}"
        AUTH0_CLIENT_ID: "{{ global.auth0.clientId | default('auth0_client_id_placeholder') }}"
        AUTH0_CLIENT_SECRET: "{{ global.auth0.clientSecret | default('auth0_client_secret_placeholder') }}"
        AUTH0_SECRET: "{{ global.auth0.secret | default('auth0_secret_placeholder') }}"
        CLUSTER_EUW_TOKEN: "{{ global.clusters.euw.token | default('cluster_euw_token_placeholder') }}"
        CLUSTER_NAE_TOKEN: "{{ global.clusters.nae.token | default('cluster_nae_token_placeholder') }}"
        CLUSTER_EUNE_TOKEN: "{{ global.clusters.eune.token | default('cluster_eune_token_placeholder') }}"
        CLOUDFLARE_API_TOKEN: "{{ cloudflare_api_token }}"
        CLOUDFLARE_ZONE_ID: "{{ cloudflare_zone_id }}"
        OPENSHIFT_ROUTER_URL: "{{ cloudflare_router_url }}"
    kubeconfig: "{{ k8s_auth_params.kubeconfig }}"
    validate_certs: "{{ k8s_auth_params.validate_certs }}"
  no_log: true

# Create container-mom-config ConfigMap for additional configuration
- name: Create container-mom-config ConfigMap
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: ConfigMap
      metadata:
        name: container-mom-config
        namespace: container-mom-system
      data:
        # URLs and endpoints
        FORGEJO_URL: "{{ forgejo_url }}"
        FORGEJO_ORG: "{{ forgejo_org }}"
        ARGOCD_NAMESPACE: "{{ argocd_namespace }}"

        # Domain configuration
        BASE_DOMAIN: "{{ base_domain }}"

        # Optional: Default storage class
        DEFAULT_STORAGE_CLASS: "{{ openshift_default_storage_class | default('gp2') }}"
    kubeconfig: "{{ k8s_auth_params.kubeconfig }}"
    validate_certs: "{{ k8s_auth_params.validate_certs }}"