---
- name: Setting Dummy Connections
  ansible.builtin.set_fact:
    dummy_gerritconn:
      - name: dummy-gerrit-conn
        hostname: dummy-gerrit.local
        username: zuul
        sshkey: dummygerritsecret
      - name: dummy-gerrit-conn-dup
        hostname: dummy-gerrit.local
        username: zuul
        sshkey: dummygerritsecret
    dummy_githubconns:
      - name: dummy-github-conn
        secrets: githubconnectionsecret
      - name: dummy-github-conn-dup
        secrets: githubconnectionsecret
    dummy_gitlabconns:
      - name: dummy-gitlab-conn
        secrets: gitlabconnectionsecret
    dummy_gitconns:
      - name: dummy-git-conn
        baseurl: git://test
    dummy_elasticsearchconns:
      - name: dummy-elasticsearch-conn
        uri: http://test:9200
        basicAuthSecret: es-basicauth
    dummy_pagureconns:
      - name: dummy-pagure-conn
        secrets: pagureconnectionsecret
    dummy_smtpconns:
      - name: dummy-smtp-conn
        server: smtp.domain.com
        secrets: smtp-secret

- name: Create SMTP Connection Secret
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Secret
      metadata:
        name: smtp-secret
        namespace: sf
      data:
        password: "{{ 'smtp-password' | b64encode }}"

- name: Create ElasticSearch Connection Secret
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Secret
      metadata:
        name: es-basicauth
        namespace: sf
      data:
        username: "{{ 'es-username' | b64encode }}"
        password: "{{ 'es-password' | b64encode }}"

- name: Create Gerrit Connection Secret
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Secret
      metadata:
        name: dummygerritsecret
        namespace: sf
      data:
        priv: "{{ '0000000000000000000000000000000000000000' | b64encode }}"

- name: Create GitHub Connection Secret
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Secret
      metadata:
        name: githubconnectionsecret
        namespace: sf
      data:
        webhook_token: "{{ '0000000000000000000000000000000000000000' | b64encode }}"
        api_token: "{{ 'ghp_51abcFzcvf3GxOJpPFUKxsT6JIL3Nnbf39E' | b64encode }}"

- name: Create GitLab Connection Secret
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Secret
      metadata:
        name: gitlabconnectionsecret
        namespace: sf
      data:
        api_token: "{{ '0000000000000000000000000000000000000000' | b64encode }}"
        api_token_name: "{{ 'apiTokenName' | b64encode }}"
        webhook_token: "{{ '0000000000000000000000000000000000000000' | b64encode }}"
        sshkey: "{{ '0000000000000000000000000000000000000000' | b64encode }}"

- name: Create Pagure Connection Secret
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Secret
      metadata:
        name: pagureconnectionsecret
        namespace: sf
      data:
        api_token: "{{ 'ghp_51abcFzcvf3GxOJpPFUKxsT6JIL3Nnbf39E' | b64encode }}"

- set_fact:
    gerritconns_orig:
      - name: gerrit
        username: zuul
        hostname: gerrit-sshd.sf
        puburl: https://gerrit.sfop.me

- block:
    - name: Add dummy Zuul connections
      ansible.builtin.include_role:
        name: "update-custom-resource"
      vars:
        cr_spec:
          zuul:
            gerritconns: "{{ gerritconns_orig + dummy_gerritconn }}"
            githubconns: "{{ dummy_githubconns }}"
            gitlabconns: "{{ dummy_gitlabconns }}"
            gitconns: "{{ dummy_gitconns }}"
            elasticsearchconns: "{{ dummy_elasticsearchconns }}"
            pagureconns: "{{ dummy_pagureconns }}"
            smtpconns: "{{ dummy_smtpconns }}"

    - name: Wait for the new Zuul connections to appear in the Zuul API
      ansible.builtin.uri:
        url: "https://{{ zuul_endpoint }}/api/connections"
        method: GET
        return_content: true
        validate_certs: "{{ validate_certs }}"
      register: this
      until:
        - "'dummy-gerrit-conn' in this.content"
        - "'dummy-gerrit-conn-dup' in this.content"
        - "'dummy-github-conn' in this.content"
        - "'dummy-github-conn-dup' in this.content"
        - "'dummy-gitlab-conn' in this.content"
        - "'dummy-git-conn' in this.content"
        - "'dummy-pagure-conn' in this.content"
      retries: "{{ zuul_api_retries }}"
      delay: "{{ zuul_api_delay }}"

    # For non SourceInterface connection such as elasticsearch and smtp (which does not appear in the Zuul API connections endpoint)
    # we, at least, check zuul.conf to ensure the connection is defined in the Zuul config
    - name: Ensure the new Zuul connections (non SourceInterface) exist in the scheduler's zuul.conf
      ansible.builtin.shell: |
        kubectl exec zuul-scheduler-0 -- grep "dummy-elasticsearch-conn" /etc/zuul/zuul.conf
        kubectl exec zuul-scheduler-0 -- grep "dummy-smtp-conn" /etc/zuul/zuul.conf

    - name: Ensure ElasticSearch URI is configured with basic auth
      ansible.builtin.shell: |
        kubectl exec zuul-scheduler-0 -- grep "http://es-username:es-password@test:9200" /etc/zuul/zuul.conf

    - name: Ensure SMTP password is present
      ansible.builtin.shell: |
        kubectl exec zuul-scheduler-0 -- grep "smtp-password" /etc/zuul/zuul.conf

    - name: Ensure the new Zuul dummy gerrit secret exist in the scheduler's zuul.conf
      ansible.builtin.shell: |
        set -e
        kubectl exec zuul-scheduler-0 -- grep dummygerritsecret /etc/zuul/zuul.conf
        kubectl exec zuul-scheduler-0 -- cat /var/lib/zuul-dummygerritsecret/..data/priv

    - name: Delete the dummy Zuul connections
      ansible.builtin.include_role:
        name: "update-custom-resource"
      vars:
        cr_spec:
          zuul:
            gerritconns: "{{ gerritconns_orig }}"
            githubconns: []
            gitlabconns: []
            gitconns: []
            elasticsearchconns: []
            pagureconns: []
            smtpconns: []

    - name: Wait for the dummy Zuul connections to be removed from the API
      ansible.builtin.uri:
        url: "https://{{ zuul_endpoint }}/api/connections"
        method: GET
        return_content: true
        validate_certs: "{{ validate_certs }}"
      register: this
      until:
        - "'dummy-gerrit-conn' not in this.content"
        - "'dummy-gerrit-conn-dup' not in this.content"
        - "'dummy-github-conn' not in this.content"
        - "'dummy-github-conn-dup' not in this.content"
        - "'dummy-gitlab-conn' not in this.content"
        - "'dummy-git-conn' not in this.content"
        - "'dummy-pagure-conn' not in this.content"
      retries: "{{ zuul_api_retries }}"
      delay: "{{ zuul_api_delay }}"

    # For non SourceInterface connection such as elasticsearch (which does not appear in the Zuul API connections endpoint)
    # we, at least, check zuul.conf to ensure the connection is no longer defined in the Zuul config
    - name: Ensure the new Zuul connections (non SourceInterface) no longer exist in the scheduler's zuul.conf
      ansible.builtin.shell: |
        kubectl exec zuul-scheduler-0 -- grep "dummy-elasticsearch-conn" /etc/zuul/zuul.conf
        kubectl exec zuul-scheduler-0 -- grep "dummy-smtp-conn" /etc/zuul/zuul.conf
      register: grep_result
      failed_when: grep_result is success

  always:
    - name: Delete GitHub Connection Secret
      kubernetes.core.k8s:
        state: absent
        api_version: v1
        kind: Secret
        namespace: sf
        name: githubconnectionsecret

    - name: Delete GitLab Connection Secret
      kubernetes.core.k8s:
        state: absent
        api_version: v1
        kind: Secret
        namespace: sf
        name: gitlabconnectionsecret

    - name: Delete Pagure Connection Secret
      kubernetes.core.k8s:
        state: absent
        api_version: v1
        kind: Secret
        namespace: sf
        name: pagureconnectionsecret