---
# tasks file for secrets role

- name: "Validate secrets_dest parameter"
  ansible.builtin.fail:
    msg: "secrets_dest is required but not defined"
  when: secrets_dest is not defined or secrets_dest == ""

- name: "Validate secrets_user parameter"
  ansible.builtin.fail:
    msg: "secrets_user is required but not defined"
  when: secrets_user is not defined or secrets_user == ""

- name: "Validate secrets_group parameter"
  ansible.builtin.fail:
    msg: "secrets_group is required but not defined"
  when: secrets_group is not defined or secrets_group == ""

- name: "Create secrets destination directory"
  ansible.builtin.file:
    path: "{{ secrets_dest }}"
    state: directory
    owner: "{{ secrets_user }}"
    group: "{{ secrets_group }}"
    mode: "{{ secrets_dir_mode }}"

- name: "Save variables as secret files"
  ansible.builtin.copy:
    content: "{{ lookup('vars', item) }}"
    dest: "{{ secrets_dest }}/{{ item }}"
    owner: "{{ secrets_user }}"
    group: "{{ secrets_group }}"
    mode: "{{ secrets_file_mode }}"
  loop: "{{ secrets_vars }}"
  when: secrets_vars | length > 0
  no_log: true

- name: "Copy secret files"
  ansible.builtin.copy:
    src: "{{ item }}"
    dest: "{{ secrets_dest }}/{{ item | basename }}"
    owner: "{{ secrets_user }}"
    group: "{{ secrets_group }}"
    mode: "{{ secrets_file_mode }}"
  loop: "{{ secrets_files }}"
  when: secrets_files | length > 0