# --------------------------------------
# -- Create kubernetes user
# --------------------------------------
# -- 1. Install packages
# -- 2. Generate certificate
# -- 3. Add user to kubernetes
# -- 4. Remove certificates (Optional)
# --------------------------------------
---
- name: Ensure required packages are installed
  tags: packages
  block:
  # -------------------------
  # -- Prepare kubectl repo
  # -------------------------
    - name: Add an apt signing key for Kubernetes
      become: true
      apt_key:
        url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
        state: present

    - name: Adding apt repository for Kubernetes
      become: true
      apt_repository:
        repo: deb https://apt.kubernetes.io/ kubernetes-xenial main
        state: present
        filename: kubernetes.list

    # --------------------------------------
    # -- Install yq
    # --------------------------------------
    - name: Ensure yq is installed
      become: true
      get_url:
        url: "https://github.com/mikefarah/yq/releases/download/{{ yq.version }}/{{ yq.binary }}"
        dest: /usr/bin/yq
        mode: "0777"

    - block:
      - name: Download kubectl release
        uri:
          url: https://dl.k8s.io/release/{{ kubectl.version }}/bin/linux/{{ kubectl.arch }}/kubectl
          dest: /tmp

      - name: Download the kubectl checksum file
        uri:
          url: https://dl.k8s.io/{{ kubectl.version }}/bin/linux/{{ kubectl.arch }}/kubectl.sha256
          dest: /tmp

      - name: Validate the kubectl binary against the checksum file
        shell: echo "$(cat /tmp/kubectl.sha256)  /tmp/kubectl" | sha256sum --check
        register: result

      - name: Assert that the kubectl binary is OK
        vars:
          expected: "/tmp/kubectl: OK"
        assert:
          that:
            - result.stdout == expected
          fail_msg: "{{ result.stdout }}"
          success_msg: "{{ result.stdout }}"

    - name: Ensure openssl is installed
      become: true
      package:
        name: "openssl"
        state: present

    - name: Create a directory if it does not exist
      ansible.builtin.file:
        path: "{{ working_dir }}"
        state: directory
        mode: "0775"

- name: Create kubernetes user
  loop: "{{ users }}"
  include_tasks: create-user.yaml
  vars:
    certificate_expires_in: "{{ item.certificate_expires_in | default('500') }}"
    username: "{{ item.username }}"
    cluster: "{{ item.cluster }}"
    binding_type: "{{ item.binding_type | default('ClusterRoleBinding') }}"
    role_type: "{{ item.role_type | default('ClusterRole') }}"
    role: "{{ item.role | default('cluster-admin') }}"