---
# Copyright 2016, Tata Consultancy Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Get project id for managed resources
  delegate_to: "{{ designate_service_setup_host }}"
  vars:
    ansible_python_interpreter: "{{ designate_service_setup_host_python_interpreter }}"
  openstack.cloud.project_info:
    cloud: default
    name: "{{ designate_managed_resource_project_name }}"
    interface: internal
    validate_certs: "{{ not (keystone_service_internaluri_insecure | bool) }}"
  register: _get_managed_resource_project
  until: _get_managed_resource_project is success
  retries: 5
  delay: 15

- name: Store project id for managed resources
  ansible.builtin.set_fact:
    designate_managed_resource_tenant_id: "{{ _get_managed_resource_project.projects[0].id }}"

- name: Copy designate config
  openstack.config_template.config_template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "{{ item.owner | default(designate_system_user_name) }}"
    group: "{{ item.group | default(designate_system_group_name) }}"
    mode: "0644"
    config_overrides: "{{ item.config_overrides }}"
    config_type: "{{ item.config_type }}"
  with_items:
    - src: "designate.conf.j2"
      dest: "/etc/designate/designate.conf"
      config_overrides: "{{ designate_designate_conf_overrides }}"
      config_type: "ini"
    - src: "api-paste.ini.j2"
      dest: "/etc/designate/api-paste.ini"
      config_overrides: "{{ designate_api_paste_ini_overrides }}"
      config_type: "ini"
    - src: "rootwrap.conf.j2"
      dest: "/etc/designate/rootwrap.conf"
      owner: "root"
      group: "root"
      config_overrides: "{{ designate_rootwrap_conf_overrides }}"
      config_type: "ini"
  notify: Restart designate services

- name: Implement policy.yaml if there are overrides configured
  openstack.config_template.config_template:
    content: "{{ designate_policy_overrides }}"
    dest: "/etc/designate/policy.yaml"
    owner: "{{ designate_system_user_name }}"
    group: "{{ designate_system_group_name }}"
    mode: "0644"
    config_type: yaml
  when:
    - designate_policy_overrides | length > 0
  tags:
    - designate-policy-override

- name: Remove legacy policy.yaml file
  ansible.builtin.file:
    path: "/etc/designate/policy.yaml"
    state: absent
  when:
    - designate_policy_overrides | length == 0
  tags:
    - designate-policy-override

- name: Create Designate rndc key file
  ansible.builtin.template:
    src: rndc.key.j2
    dest: "{{ item.file }}"
    owner: "{{ item.owner | default('root') }}"
    group: "{{ item.group | default('root') }}"
    mode: "{{ item.mode | default('0600') }}"
  with_items: "{{ designate_rndc_keys }}"
  when: designate_rndc_keys is defined

- name: Copy rootwrap filters
  ansible.builtin.copy:
    src: "{{ item }}"
    dest: "/etc/designate/rootwrap.d/"
    owner: "root"
    group: "root"
    mode: "0644"
  with_fileglob:
    - rootwrap.d/*
  notify: Restart designate services