# Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---

- name: Create namespace
  kubernetes.core.k8s:
    api_version: v1
    kind: Namespace
    name: "{{ namespace }}"
    state: present

- name: Encrypt timescaledb username
  shell: |
    set -o pipefail
    echo -n "{{ timescaledb_user }}" | base64
  register: timescaledb_user_encrypted
  changed_when: false
  no_log: true

- name: Encrypt timescaledb password
  shell: |
    set -o pipefail
    echo -n "{{ timescaledb_password }}" | base64
  register: timescaledb_password_encrypted
  changed_when: false
  no_log: true

- name: Encrypt mysqldb username
  shell: |
    set -o pipefail
    echo -n "{{ mysqldb_user }}" | base64
  register: mysqldb_user_encrypted
  changed_when: false
  no_log: true

- name: Encrypt mysqldb password
  shell: |
    set -o pipefail
    echo -n "{{ mysqldb_password }}" | base64
  register: mysqldb_password_encrypted
  changed_when: false
  no_log: true

- name: Encrypt mysqldb password for root user
  shell: |
    set -o pipefail
    echo -n "{{ mysqldb_root_password }}" | base64
  register: mysqldb_root_password_encrypted
  changed_when: false
  no_log: true

- name: Kubernetes secrets
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Secret
      metadata:
        name: "{{ secrets_name }}"
        namespace: "{{ namespace }}"
      type: Opaque
      data:
        timescaledb_user: "{{ timescaledb_user_encrypted.stdout }}"
        timescaledb_password: "{{ timescaledb_password_encrypted.stdout }}"
        sqldb_user: "{{ mysqldb_user_encrypted.stdout }}"
        sqldb_password: "{{ mysqldb_password_encrypted.stdout }}"
        sqldb_root_password: "{{ mysqldb_root_password_encrypted.stdout }}"