---
# Playbook to clean up ArgoCD, Cert Manager, and container-mom-system namespaces
- name: Clean up OpenShift resources for testing
  hosts: localhost
  connection: local
  gather_facts: false
  vars_files:
    - ../secrets.yml

  pre_tasks:
    - name: Verify cluster variables are set
      ansible.builtin.assert:
        that:
          - cluster_region is defined
          - cluster_name is defined
        fail_msg: "Cluster region and name must be defined in inventory"

    - name: Retrieve kubeadmin password for the cluster
      ansible.builtin.set_fact:
        kubeadmin_password: "{{ vars[cluster_region][cluster_name]['kubeadmin_password'] | default('') }}"

    - name: Verify kubeadmin password exists
      ansible.builtin.assert:
        that: kubeadmin_password | length > 0
        fail_msg: "Kubeadmin password for {{ cluster_region }}.{{ cluster_name }} not found in vault"

  roles:
    - role: kubernetes_auth

  tasks:
    - name: Warn user about cleanup
      ansible.builtin.pause:
        prompt: "This playbook will delete ArgoCD, Cert-Manager, and container-mom-system namespaces. Press Enter to continue or Ctrl+C to cancel"
      
    # Remove ArgoCD resources first
    - name: Remove ArgoCD Repository Secret
      kubernetes.core.k8s:
        state: absent
        api_version: v1
        kind: Secret
        name: private-repo-creds
        namespace: argocd
        kubeconfig: "{{ k8s_auth_params.kubeconfig }}"
        validate_certs: "{{ k8s_auth_params.validate_certs }}"
      ignore_errors: true
    
    - name: Remove ArgoCD Application resources
      kubernetes.core.k8s:
        state: absent
        api_version: argoproj.io/v1alpha1
        kind: Application
        name: app-of-apps
        namespace: argocd
        kubeconfig: "{{ k8s_auth_params.kubeconfig }}"
        validate_certs: "{{ k8s_auth_params.validate_certs }}"
      ignore_errors: true
    
    - name: Remove ArgoCD Project resources
      kubernetes.core.k8s:
        state: absent
        api_version: argoproj.io/v1alpha1
        kind: AppProject
        name: container-mom
        namespace: argocd
        kubeconfig: "{{ k8s_auth_params.kubeconfig }}"
        validate_certs: "{{ k8s_auth_params.validate_certs }}"
      ignore_errors: true
      
    - name: Remove CertManager ClusterIssuer
      kubernetes.core.k8s:
        state: absent
        api_version: cert-manager.io/v1
        kind: ClusterIssuer
        name: letsencrypt-prod
        kubeconfig: "{{ k8s_auth_params.kubeconfig }}"
        validate_certs: "{{ k8s_auth_params.validate_certs }}"
      ignore_errors: true
      
    - name: Remove ArgoCD namespace
      kubernetes.core.k8s:
        state: absent
        api_version: v1
        kind: Namespace
        name: argocd
        kubeconfig: "{{ k8s_auth_params.kubeconfig }}"
        validate_certs: "{{ k8s_auth_params.validate_certs }}"
      ignore_errors: true
    
    - name: Remove Cert Manager namespace
      kubernetes.core.k8s:
        state: absent
        api_version: v1
        kind: Namespace
        name: cert-manager
        kubeconfig: "{{ k8s_auth_params.kubeconfig }}"
        validate_certs: "{{ k8s_auth_params.validate_certs }}"
      ignore_errors: true
      
    - name: Remove container-mom-system namespace
      kubernetes.core.k8s:
        state: absent
        api_version: v1
        kind: Namespace
        name: container-mom-system
        kubeconfig: "{{ k8s_auth_params.kubeconfig }}"
        validate_certs: "{{ k8s_auth_params.validate_certs }}"
      ignore_errors: true
      
    - name: Remove OpenShift OAuth client
      kubernetes.core.k8s:
        state: absent
        api_version: oauth.openshift.io/v1
        kind: OAuthClient
        name: "{{ cluster_name }}-oauth-client"
        kubeconfig: "{{ k8s_auth_params.kubeconfig }}"
        validate_certs: "{{ k8s_auth_params.validate_certs }}"
      ignore_errors: true
      
    - name: Remove Google Secret in openshift-config
      kubernetes.core.k8s:
        state: absent
        api_version: v1
        kind: Secret
        name: google-secret
        namespace: openshift-config
        kubeconfig: "{{ k8s_auth_params.kubeconfig }}"
        validate_certs: "{{ k8s_auth_params.validate_certs }}"
      ignore_errors: true
      
    - name: Remove ArgoCD ClusterRoleBinding
      kubernetes.core.k8s:
        state: absent
        api_version: rbac.authorization.k8s.io/v1
        kind: ClusterRoleBinding
        name: argocd-cluster-admin
        kubeconfig: "{{ k8s_auth_params.kubeconfig }}"
        validate_certs: "{{ k8s_auth_params.validate_certs }}"
      ignore_errors: true
      
    - name: Remove Google ClusterRoleBindings
      kubernetes.core.k8s:
        state: absent
        api_version: rbac.authorization.k8s.io/v1
        kind: ClusterRoleBinding
        name: "{{ item }}"
        kubeconfig: "{{ k8s_auth_params.kubeconfig }}"
        validate_certs: "{{ k8s_auth_params.validate_certs }}"
      ignore_errors: true
      loop:
        - google-cluster-admin
        - google-cluster-viewer-container-mom
        
    - name: Reset OAuth configuration
      kubernetes.core.k8s:
        state: present
        definition:
          apiVersion: config.openshift.io/v1
          kind: OAuth
          metadata:
            name: cluster
          spec:
            identityProviders: []
        kubeconfig: "{{ k8s_auth_params.kubeconfig }}"
        validate_certs: "{{ k8s_auth_params.validate_certs }}"
      ignore_errors: true

  post_tasks:
    - name: Cleanup temporary files
      ansible.builtin.file:
        path: "{{ kubeconfig_cleanup_dir }}"
        state: absent
      when: kubeconfig_cleanup_required | default(false)
      ignore_errors: true