# Copyright (c) 2019 Dell Inc. or its subsidiaries. All Rights Reserved.
---
- name: Get the vault pod name
  shell: >
    kubectl get pods
    --namespace={{ ngci_vault_namespace }}
    --selector=app=vault
    --output=jsonpath='{.items..metadata.name}'
  register: pod_vault_name

- name: Get vault login token
  shell: >
    kubectl get secret {{ ngci_vault_root_token_secret }}
    --namespace={{ ngci_vault_namespace }}
    --output=jsonpath="{['data']['root_token']}" | base64 --decode
  register: ldap_login_token
  no_log: "{{ enforce_no_log }}"

- name: Retrieve consul pod name
  shell: >
    kubectl get pods
    --namespace={{ ngci_consul_namespace }}
    --selector=release=ngci-secret-storage
    --output=jsonpath='{.items..metadata.name}'
  register: consul_pod_name

- name: Retrieve AWX credentials from provided path in VAULT
  shell: >
    kubectl exec -it {{ pod_vault_name.stdout }}
    --namespace={{ ngci_vault_namespace }}
    -- sh -c
    'env VAULT_ADDR={{ vault_local_address }} VAULT_TOKEN={{ ldap_login_token.stdout }} vault kv get -format=json {{ awx_details_path }}'
  register: vault_awx_creds_result
  no_log: "{{ enforce_no_log }}"
  until: vault_awx_creds_result.rc == 0
  delay: 30
  retries: 30

- name: Convert awx creds data to json
  set_fact:
    vault_awx_creds: "{{ vault_awx_creds_result.stdout | from_json }}"
  no_log: "{{ enforce_no_log }}"

- name: Retrieve current admin password
  set_fact:
    awx_admin_password: "{{ vault_awx_creds.data.admin.password }}"
    awx_admin_username: "{{ vault_awx_creds.data.admin.username }}"
  no_log: "{{ enforce_no_log }}"