---

# creates kubernetes namespace with secrets for usage with mobene
# Parameters:
#   secrets for mobene/namespaces read from group_vars

- name: 'apply mobene setup to {{ host | default("kube_control_plane") }}'
  hosts: '{{ host | default("kube_control_plane") }}'
  serial: "{{ serial_number | default(10) }}"

  pre_tasks:
    - name: "Check if ansible version is at least {{ ansible_minimal_version }}"
      assert:
        that:
          - ansible_version.string is version(ansible_minimal_version, ">=")
        msg: "The ansible version has to be at least {{ ansible_minimal_version }}"
      tags:
        - always

    - name: "Import autodiscover pre-tasks"
      import_tasks: tasks/autodiscover_pre_tasks.yml
      become: false
      tags:
        - always

  roles:
    - role: kubernetes/namespace
      vars:
        k8s_namespace: cus-mobene-nsodev
        k8s_secrets:
          - name: connect-secrets
            data:
              JWT_SECRET: "{{ mobene.nsodev.connect.secrets.JWT_SECRET | string | b64encode }}"
              ADMIN_PASSWORD: "{{ mobene.nsodev.connect.secrets.ADMIN_PASSWORD | string | b64encode }}"
              ELASTIC_USERNAME: "{{ mobene.nsodev.connect.secrets.ELASTIC_USERNAME | string | b64encode }}"
              ELASTIC_PASSWORD: "{{ mobene.nsodev.connect.secrets.ELASTIC_PASSWORD | string | b64encode }}"
              DATASOURCE_USERNAME: "{{ mobene.nsodev.connect.secrets.DATASOURCE_USERNAME | string | b64encode }}"
              DATASOURCE_PASSWORD: "{{ mobene.nsodev.connect.secrets.DATASOURCE_PASSWORD | string | b64encode }}"
              MAIL_USER: "{{ mobene.nsodev.connect.secrets.MAIL_USER | string | b64encode }}"
              MAIL_PASSWORD: "{{ mobene.nsodev.connect.secrets.MAIL_PASSWORD | string | b64encode }}"
              OIDC_CLIENT_SECRET: "{{ mobene.nsodev.connect.secrets.OIDC_CLIENT_SECRET | string | b64encode }}"
          - name: iam-secrets
            data:
              JWT_SECRET: "{{ mobene.nsodev.iam.secrets.JWT_SECRET | string | b64encode }}"
              KEYCLOAK_ADMIN_PASSWORD: "{{ mobene.nsodev.iam.secrets.KEYCLOAK_ADMIN_PASSWORD | string | b64encode }}"
              KEYCLOAK_ADMIN_USERNAME: "{{ mobene.nsodev.iam.secrets.KEYCLOAK_ADMIN_USERNAME | string | b64encode }}"
          - name: sepa-exporter-secrets
            data:
              SMA_DOCUMENT_AUTH_TOKEN: "{{ mobene.nsodev.sepaExporter.secrets.SMA_DOCUMENT_AUTH_TOKEN | string | b64encode }}"
              SMA_WORKFLOW_AUTH_TOKEN: "{{ mobene.nsodev.sepaExporter.secrets.SMA_WORKFLOW_AUTH_TOKEN | string | b64encode }}"
          - name: uba-exporter-secrets
            data:
              SMA_DOCUMENT_AUTH_TOKEN: "{{ mobene.nsodev.ubaExporter.secrets.SMA_DOCUMENT_AUTH_TOKEN | string | b64encode }}"
              SMA_WORKFLOW_AUTH_TOKEN: "{{ mobene.nsodev.ubaExporter.secrets.SMA_WORKFLOW_AUTH_TOKEN | string | b64encode }}"
          - name: wordpress-secrets
            data:
              SMA_WORKFLOW_AUTH_TOKEN: "{{ mobene.nsodev.wordpress.secrets.SMA_WORKFLOW_AUTH_TOKEN | string | b64encode }}"
          - name: elastic-client-cert
            data:
              ca.crt: "{{ mobene.nsodev.elastic.secrets.caCrt | string | b64encode }}"
    - role: kubernetes/namespace
      vars:
        k8s_namespace: cus-mobene-cusqa
        k8s_secrets:
          - name: connect-secrets
            data:
              JWT_SECRET: "{{ mobene.cusqa.connect.secrets.JWT_SECRET | string | b64encode }}"
              ADMIN_PASSWORD: "{{ mobene.cusqa.connect.secrets.ADMIN_PASSWORD | string | b64encode }}"
              ELASTIC_USERNAME: "{{ mobene.cusqa.connect.secrets.ELASTIC_USERNAME | string | b64encode }}"
              ELASTIC_PASSWORD: "{{ mobene.cusqa.connect.secrets.ELASTIC_PASSWORD | string | b64encode }}"
              DATASOURCE_USERNAME: "{{ mobene.cusqa.connect.secrets.DATASOURCE_USERNAME | string | b64encode }}"
              DATASOURCE_PASSWORD: "{{ mobene.cusqa.connect.secrets.DATASOURCE_PASSWORD | string | b64encode }}"
              MAIL_USER: "{{ mobene.cusqa.connect.secrets.MAIL_USER | string | b64encode }}"
              MAIL_PASSWORD: "{{ mobene.cusqa.connect.secrets.MAIL_USER | string | b64encode }}"
              OIDC_CLIENT_SECRET: "{{ mobene.cusqa.connect.secrets.OIDC_CLIENT_SECRET | string | b64encode }}"
          - name: iam-secrets
            data:
              JWT_SECRET: "{{ mobene.cusqa.iam.secrets.JWT_SECRET | string | b64encode }}"
              KEYCLOAK_ADMIN_PASSWORD: "{{ mobene.cusqa.iam.secrets.KEYCLOAK_ADMIN_PASSWORD | string | b64encode }}"
              KEYCLOAK_ADMIN_USERNAME: "{{ mobene.cusqa.iam.secrets.KEYCLOAK_ADMIN_USERNAME | string | b64encode }}"
          - name: sepa-exporter-secrets
            data:
              SMA_DOCUMENT_AUTH_TOKEN: "{{ mobene.cusqa.sepaExporter.secrets.SMA_DOCUMENT_AUTH_TOKEN | string | b64encode }}"
              SMA_WORKFLOW_AUTH_TOKEN: "{{ mobene.cusqa.sepaExporter.secrets.SMA_WORKFLOW_AUTH_TOKEN | string | b64encode }}"
          - name: uba-exporter-secrets
            data:
              SMA_DOCUMENT_AUTH_TOKEN: "{{ mobene.cusqa.ubaExporter.secrets.SMA_DOCUMENT_AUTH_TOKEN | string | b64encode }}"
              SMA_WORKFLOW_AUTH_TOKEN: "{{ mobene.cusqa.ubaExporter.secrets.SMA_WORKFLOW_AUTH_TOKEN | string | b64encode }}"
          - name: wordpress-secrets
            data:
              SMA_WORKFLOW_AUTH_TOKEN: "{{ mobene.cusqa.wordpress.secrets.SMA_WORKFLOW_AUTH_TOKEN | string | b64encode }}"
          - name: elastic-client-cert
            data:
              ca.crt: "{{ mobene.cusqa.elastic.secrets.caCrt | string | b64encode }}"
    - role: kubernetes/namespace
      vars:
        k8s_namespace: cus-mobene-cusprod
        k8s_secrets:
          - name: connect-secrets
            data:
              JWT_SECRET: "{{ mobene.cusprod.connect.secrets.JWT_SECRET | string | b64encode }}"
              ADMIN_PASSWORD: "{{ mobene.cusprod.connect.secrets.ADMIN_PASSWORD | string | b64encode }}"
              ELASTIC_USERNAME: "{{ mobene.cusprod.connect.secrets.ELASTIC_USERNAME | string | b64encode }}"
              ELASTIC_PASSWORD: "{{ mobene.cusprod.connect.secrets.ELASTIC_PASSWORD | string | b64encode }}"
              DATASOURCE_USERNAME: "{{ mobene.cusprod.connect.secrets.DATASOURCE_USERNAME | string | b64encode }}"
              DATASOURCE_PASSWORD: "{{ mobene.cusprod.connect.secrets.DATASOURCE_PASSWORD | string | b64encode }}"
              MAIL_USER: "{{ mobene.cusprod.connect.secrets.MAIL_USER | string | b64encode }}"
              MAIL_PASSWORD: "{{ mobene.cusprod.connect.secrets.MAIL_USER | string | b64encode }}"
              OIDC_CLIENT_SECRET: "{{ mobene.cusprod.connect.secrets.OIDC_CLIENT_SECRET | string | b64encode }}"
          - name: iam-secrets
            data:
              JWT_SECRET: "{{ mobene.cusprod.iam.secrets.JWT_SECRET | string | b64encode }}"
              KEYCLOAK_ADMIN_PASSWORD: "{{ mobene.cusprod.iam.secrets.KEYCLOAK_ADMIN_PASSWORD | string | b64encode }}"
              KEYCLOAK_ADMIN_USERNAME: "{{ mobene.cusprod.iam.secrets.KEYCLOAK_ADMIN_USERNAME | string | b64encode }}"
          - name: sepa-exporter-secrets
            data:
              SMA_DOCUMENT_AUTH_TOKEN: "{{ mobene.cusprod.sepaExporter.secrets.SMA_DOCUMENT_AUTH_TOKEN | string | b64encode }}"
              SMA_WORKFLOW_AUTH_TOKEN: "{{ mobene.cusprod.sepaExporter.secrets.SMA_WORKFLOW_AUTH_TOKEN | string | b64encode }}"
          - name: uba-exporter-secrets
            data:
              SMA_DOCUMENT_AUTH_TOKEN: "{{ mobene.cusprod.ubaExporter.secrets.SMA_DOCUMENT_AUTH_TOKEN | string | b64encode }}"
              SMA_WORKFLOW_AUTH_TOKEN: "{{ mobene.cusprod.ubaExporter.secrets.SMA_WORKFLOW_AUTH_TOKEN | string | b64encode }}"
          - name: wordpress-secrets
            data:
              SMA_WORKFLOW_AUTH_TOKEN: "{{ mobene.cusprod.wordpress.secrets.SMA_WORKFLOW_AUTH_TOKEN | string | b64encode }}"
          - name: elastic-client-cert
            data:
              ca.crt: "{{ mobene.cusprod.elastic.secrets.caCrt | string | b64encode }}"