---
# Copyright Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


# All variables intended for modification should be placed in this file.
# All variables within this role should have a prefix of "cifmw_manage_secrets"
cifmw_manage_secrets_basedir: "{{ cifmw_basedir }}"

cifmw_manage_secrets_owner: "{{ ansible_user_id }}"

# pull-secret management
cifmw_manage_secrets_pullsecret_dest: >-
  {{ (cifmw_manage_secrets_basedir,
      'secrets', 'pull_secret.json') | path_join
  }}
cifmw_manage_secrets_pullsecret_file: null
cifmw_manage_secrets_pullsecret_content: null

# CI Token management
cifmw_manage_secrets_citoken_dest: >-
  {{ (cifmw_manage_secrets_basedir,
      'secrets', 'ci_token') | path_join
  }}
cifmw_manage_secrets_citoken_file: null
cifmw_manage_secrets_citoken_content: null

# kubeconfig and kubeadmin-password file management
cifmw_manage_secrets_kube_dest: >-
  {{
    (ansible_user_dir, '.kube') | path_join
  }}
cifmw_manage_secrets_kube_content: null
cifmw_manage_secrets_kube_file: null
cifmw_manage_secrets_kube_type: null

# For nova_migration, we have to stick to ECDSA
# due to FIPS. Please check:
# https://github.com/openstack-k8s-operators/install_yamls/commit/9c8619c62b7892372e20c63ac6f1cc7dcd2298c2
cifmw_manage_secrets_ssh_type: "{{ cifmw_ssh_keytype | default('ecdsa') }}"
cifmw_manage_secrets_ssh_size: "{{ cifmw_ssh_keysize | default(521) }}"
cifmw_manage_secrets_dataplane_ssh_name: ansibleee-ssh-key-id_ecdsa
cifmw_manage_secrets_dataplane_ssh_metaname: dataplane-ansible-ssh-private-key-secret

# osp secrets management
cifmw_manage_secrets_ospsecrets_manifests_dest: "{{ cifmw_manifests | default(cifmw_manage_secrets_basedir ~ '/artifacts/manifests') }}/osp_secrets"
cifmw_manage_secrets_ospsecrets_list: []

# reproducer secrets
cifmw_manage_secrets_reproducer_secrets: []