---
- name: Set up combined ocp4_workload_quay_operator dictionary
  set_fact:
    ocp4_workload_quay_operator: >-
      {{ ocp4_workload_quay_operator_defaults
       | combine(ocp4_workload_quay_operator_vars    | default( {} ),
                 ocp4_workload_quay_operator_secrets | default( {} ), recursive=true)
      }}
- name: Print combined role variables
  debug:
    var: ocp4_workload_quay_operator
    verbosity: 2

- name: Setting up workload for user
  debug:
    msg: "Setting up workload for user ocp_username = {{ ocp_username }}"

- name: Get ClusterVersion
  k8s_facts:
    api_version: config.openshift.io/v1
    kind: ClusterVersion
    name: version
  register: r_cluster_version
- name: Set ocp4_workload_quay_operator_cluster_version fact
  set_fact:
    ocp4_workload_quay_operator_cluster_version: "{{ r_cluster_version.resources[0].status.history[0].version }}"
- name: Print OpenShift version
  debug:
    msg: "Installing Quay Operator for OpenShift Version: {{ ocp4_workload_quay_operator_cluster_version }}"

- name: Generate Quay Superuser Password
  when:
  - ocp4_workload_quay_operator.superuser_password is not defined or ocp4_workload_quay_operator.superuser_password|length == 0
  set_fact:
    ocp4_workload_quay_operator_superuser_password: "{{ lookup('password', '/dev/null length=12 chars=ascii_letters') }}"

- name: Use provided Quay Superuser Password
  when:
  - ocp4_workload_quay_operator.superuser_password is defined
  - ocp4_workload_quay_operator.superuser_password|length > 0
  set_fact:
    ocp4_workload_quay_operator_superuser_password: "{{ ocp4_workload_quay_operator.superuser_password }}"

- name: Use provided key file
  when: ocp4_workload_quay_operator.ssl_key | length > 0
  set_fact:
    ocp4_workload_quay_operator_ssl_key: ocp4_workload_quay_operator.ssl_key

- name: Otherwise check if key file exist on bastion VM
  become: yes
  become_user: root
  when: ocp4_workload_quay_operator.ssl_key | length == 0
  block:
  - name: Check for Key file on Bastion
    stat:
      path: "/home/{{ ansible_user }}/certificates/privkey.pem"
    register: r_ssl_key
  - name: Read Key file from Bastion
    when: r_ssl_key.stat.exists
    slurp:
      src: "/home/{{ ansible_user }}/certificates/privkey.pem"
    register: _quay_ssl_key_file
  - name: Set ocp4_workload_quay_operator_ssl_key
    when: r_ssl_key.stat.exists
    set_fact:
      ocp4_workload_quay_operator_ssl_key: "{{ _quay_ssl_key_file['content'] }}"

- name: Use provided certificate file
  when: ocp4_workload_quay_operator.ssl_certificate | length > 0
  set_fact:
    ocp4_workload_quay_operator_ssl_certificate: ocp4_workload_quay_operator.ssl_certificate

- name: Otherwise check if certificate file exist on bastion VM
  become: yes
  become_user: root
  when: ocp4_workload_quay_operator.ssl_certificate | length == 0
  block:
  - name: Check for Certificate file on Bastion
    stat:
      path: "/home/{{ ansible_user }}/certificates/fullchain.pem"
    register: r_ssl_cert
  - name: Read Certificate file from Bastion
    when: r_ssl_cert.stat.exists
    slurp:
      src: "/home/{{ ansible_user }}/certificates/fullchain.pem"
    register: _quay_ssl_cert_file
  - name: Set ocp4_workload_quay_operator_ssl_certificate
    when: r_ssl_cert.stat.exists
    set_fact:
      ocp4_workload_quay_operator_ssl_certificate: "{{ _quay_ssl_cert_file['content'] }}"

- name: Determine Cluster Base Domain for Quay Route
  k8s_facts:
    api_version: config.openshift.io/v1
    kind: Ingress
    name: cluster
  register: r_ingress_config

- name: Use Provided Quay route
  when:
  - ocp4_workload_quay_operator.route is defined
  - ocp4_workload_quay_operator.route | length > 0
  set_fact:
    ocp4_workload_quay_operator_quay_route: "{{ ocp4_workload_quay_operator.route }}"

- name: Otherwise use quay-{{guid}}.basedomain for the Quay route
  when: ocp4_workload_quay_operator.route is not defined or ocp4_workload_quay_operator.route | length == 0
  set_fact:
    ocp4_workload_quay_operator_quay_route: "quay-{{ guid }}.{{ r_ingress_config.resources[0].spec.domain }}"

- name: Create Quay Operator Resources
  k8s:
    state: present
    definition:  "{{ lookup('template', item ) | from_yaml }}"
  loop:
  - ./templates/project.j2
  - ./templates/catalogsourceconfig.j2
  - ./templates/operatorgroup.j2
  - ./templates/subscription.j2
  - ./templates/pull_secret.j2
  - ./templates/quay_superuser_secret.j2
  - ./templates/quay_config_secret.j2

- name: Create OpenShift Objects for Red Hat Quay Registry Certificates
  when:
  - ocp4_workload_quay_operator_ssl_certificate | length > 0
  - ocp4_workload_quay_operator_ssl_key | length > 0
  k8s:
    state: present
    definition: "{{ lookup('template', item ) | from_yaml }}"
  loop:
  - ./templates/quay_ssl_certificate_secret.j2

- name: Wait for ClusterServiceVersion to appear
  k8s_facts:
    api_version: operators.coreos.com/v1alpha1
    kind: ClusterServiceVersion
    namespace: "{{ ocp4_workload_quay_operator.project }}"
    name: "{{ ocp4_workload_quay_operator.starting_csv }}"
  register: r_csv
  until: r_csv.resources | length > 0
  retries: 30
  delay: 10

- name: Wait for Quay operator to be ready
  k8s_facts:
    api_version: v1
    kind: Deployment
    namespace: "{{ ocp4_workload_quay_operator.project }}"
    name: "quay-operator"
  register: r_qo_deployment
  retries: 30
  delay: 10
  until:
  - r_qo_deployment.resources | length | int > 0
  - r_qo_deployment.resources[0].status.availableReplicas is defined
  - r_qo_deployment.resources[0].status.availableReplicas | int == r_qo_deployment.resources[0].spec.replicas | int
 
- name: Create Red Hat Quay Registry
  k8s:
    state: present
    definition: "{{ lookup('template', item ) | from_yaml }}"
  loop:
  - ./templates/quay.j2

- name: Verify successful rollout
  when: ocp4_workload_quay_operator.verify_deployment | bool
  block:
  - name: Wait for Quay App Pod to appear
    k8s_facts:
      api_version: v1
      kind: Pod
      namespace: "{{ ocp4_workload_quay_operator.project }}"
      label_selectors:
      - app=quay-operator
      - quay-enterprise-component=app
    register: r_quay_pod
    until: r_quay_pod.resources | length > 0
    retries: 30
    delay: 10

  - name: Pause 10 seconds to give containers a chance to initialize
    pause:
      seconds: 10

  - name: Wait for Quay App Pod Status to be Ready
    k8s_facts:
      api_version: v1
      kind: Pod
      namespace: "{{ ocp4_workload_quay_operator.project }}"
      label_selectors:
      - app=quay-operator
      - quay-enterprise-component=app
    register: r_running_quay_pod
    until: >-
      r_running_quay_pod.resources[0].status.containerStatuses[0].ready | bool
    ignore_errors: true
    retries: 15
    delay: 5

  # - name: Restart crashing Pod to pick up SCC
  #   when:
  #   - not r_running_quay_pod.resources[0].status.containerStatuses[0].ready | bool
  #   - r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("CrashLoopBackOff")
  #     or r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("Error")
  #   k8s:
  #     state: absent
  #     api_version: v1
  #     kind: Pod
  #     name: "{{ r_running_quay_pod.resources[0].metadata.name }}"
  #     namespace: "{{ ocp4_workload_quay_operator.project }}"

- name: Get Quay Hostname
  k8s_facts:
    api_version: redhatcop.redhat.io/v1alpha1
    kind: QuayEcosystem
    name: "{{ ocp4_workload_quay_operator.name }}"
    namespace: "{{ ocp4_workload_quay_operator.project }}"
  register: r_quay

- name: Print Student as user.info
  debug:
    msg: "{{ item }}"
  with_items:
  - "user.info: Red Hat Quay is available at https://{{r_quay.resources[0].status.hostname }}."
  - "user.info: The Red Hat Quay Super User is {{ ocp4_workload_quay_operator.superuser_username }} with password {{ ocp4_workload_quay_operator_superuser_password }}"

# Leave this as the last task in the playbook.
- name: workload tasks complete
  debug:
    msg: "Workload Tasks completed successfully."
  when: not silent|bool