---
- include_vars: openshift.yml

- name: Set kubernetes_namespace
  set_fact:
    kubernetes_namespace: "{{ openshift_project }}"

- name: Ensure workspace directories exist
  file:
    path: "{{ item  }}"
    state: directory
  with_items:
    - "{{ kubernetes_base_path }}"
    - "{{ openshift_oc_config_file | dirname }}"

- name: Authenticate with OpenShift via user and password
  shell: |
    {{ openshift_oc_bin }} login {{ openshift_host }} \
      -u {{ openshift_user }} \
      -p {{ openshift_password }} \
      --insecure-skip-tls-verify={{ openshift_skip_tls_verify | default(false) | bool }}
  when:
    - openshift_user is defined
    - openshift_password is defined
    - openshift_token is not defined
  register: openshift_auth_result
  ignore_errors: true
  no_log: true

- name: OpenShift authentication failed on TLS verification
  fail:
    msg: "Failed to verify TLS, consider settings openshift_skip_tls_verify=True {{ openshift_auth_result.stderr }}"
  when:
    - openshift_skip_tls_verify is not defined or not openshift_skip_tls_verify
    - openshift_auth_result.rc != 0
    - openshift_auth_result.stderr | search("certificate that does not match its hostname")

- name: OpenShift authentication failed
  fail:
    msg: "{{ openshift_auth_result.stderr }}"
  when: openshift_auth_result.rc != 0

- name: Authenticate with OpenShift via token
  shell: |
    {{ openshift_oc_bin }} login {{ openshift_host }} \
      --token {{ openshift_token }} \
      --insecure-skip-tls-verify={{ openshift_skip_tls_verify | default(false) | bool }}
  when: openshift_token is defined
  no_log: true

- name: Get Project Detail
  shell: "{{ openshift_oc_bin }} get project {{ openshift_project }}"
  register: project_details
  ignore_errors: yes

- name: Create AWX Openshift Project
  shell: "{{ openshift_oc_bin }} new-project {{ openshift_project }}"
  when: project_details.rc != 0

- name: Ensure PostgreSQL PVC is available
  block:
    - name: Check PVC status
      command: "{{ openshift_oc_bin }} get pvc {{ openshift_pg_pvc_name }} -n {{ openshift_project }} -o=jsonpath='{.status.phase}'"
      register: pg_pvc_status
      ignore_errors: yes

    - name: Ensure PostgreSQL PVC is available
      assert:
        that:
          - pg_pvc_status.stdout == "Bound"
        msg: "Ensure a PVC named '{{ openshift_pg_pvc_name }}' is created and bound in the '{{ openshift_project }}' namespace."
  when:
    - pg_hostname is not defined or pg_hostname == ''
    - openshift_pg_emptydir is defined and (openshift_pg_emptydir | bool) != true

- name: Set postgresql service name
  set_fact:
    postgresql_service_name: "postgresql"
  when: "pg_hostname is not defined or pg_hostname == ''"