# Copyright (c) 2019 Dell Inc. or its subsidiaries. All Rights Reserved.
---
- name: Get the vault pod name
  shell: >
    kubectl get pods
    --namespace={{ ngci_vault_namespace }}
    --selector=app=vault
    --output=jsonpath='{.items..metadata.name}'
  register: pod_vault_name

- name: Get vault login token
  shell: >
    kubectl get secret {{ ngci_vault_root_token_secret }}
    --namespace={{ ngci_vault_namespace }}
    --output=jsonpath="{['data']['root_token']}" | base64 --decode
  register: ldap_login_token
  no_log: "{{ enforce_no_log }}"

- name: Read postgresql credentials on Vault
  shell: >
    kubectl exec -t {{ pod_vault_name.stdout }}
    --namespace={{ ngci_vault_namespace }}
    -- sh -c
    'env VAULT_ADDR={{ vault_local_address }}
    VAULT_TOKEN={{ ldap_login_token.stdout }}
    vault kv get -format=json "{{ postgresql_credential_path }}"'
  register: kubectl_stdout
  no_log: "{{ enforce_no_log }}"

- name: Set the vault property
  set_fact:
    postgresql_credentials_tmp: "{{ kubectl_stdout.stdout | from_json }}"
  no_log: "{{ enforce_no_log }}"

- name: Set identity_details property
  set_fact:
    postgresql_credentials: "{{ postgresql_credentials_tmp.data.postgresql_credentials|from_json }}"
  no_log: "{{ enforce_no_log }}"