---
# See repository **.env.sample** — copy to **.env** (gitignored).
- name: Stat repository .env for Velero
  ansible.builtin.stat:
    path: "{{ noble_repo_root }}/.env"
  register: noble_deploy_env_file
  changed_when: false

- name: Load NOBLE_VELERO_S3_BUCKET from .env when unset
  ansible.builtin.shell: |
    set -a
    . "{{ noble_repo_root }}/.env"
    set +a
    echo "${NOBLE_VELERO_S3_BUCKET:-}"
  register: noble_velero_s3_bucket_from_env
  when:
    - noble_deploy_env_file.stat.exists | default(false)
    - noble_velero_s3_bucket | default('') | length == 0
  changed_when: false

- name: Apply NOBLE_VELERO_S3_BUCKET from .env
  ansible.builtin.set_fact:
    noble_velero_s3_bucket: "{{ noble_velero_s3_bucket_from_env.stdout | trim }}"
  when:
    - noble_velero_s3_bucket_from_env is defined
    - (noble_velero_s3_bucket_from_env.stdout | default('') | trim | length) > 0

- name: Load NOBLE_VELERO_S3_URL from .env when unset
  ansible.builtin.shell: |
    set -a
    . "{{ noble_repo_root }}/.env"
    set +a
    echo "${NOBLE_VELERO_S3_URL:-}"
  register: noble_velero_s3_url_from_env
  when:
    - noble_deploy_env_file.stat.exists | default(false)
    - noble_velero_s3_url | default('') | length == 0
  changed_when: false

- name: Apply NOBLE_VELERO_S3_URL from .env
  ansible.builtin.set_fact:
    noble_velero_s3_url: "{{ noble_velero_s3_url_from_env.stdout | trim }}"
  when:
    - noble_velero_s3_url_from_env is defined
    - (noble_velero_s3_url_from_env.stdout | default('') | trim | length) > 0

- name: Create velero-cloud-credentials from .env when keys present
  ansible.builtin.shell: |
    set -euo pipefail
    set -a
    . "{{ noble_repo_root }}/.env"
    set +a
    if [ -z "${NOBLE_VELERO_AWS_ACCESS_KEY_ID:-}" ] || [ -z "${NOBLE_VELERO_AWS_SECRET_ACCESS_KEY:-}" ]; then
      echo SKIP
      exit 0
    fi
    CLOUD="$(printf '[default]\naws_access_key_id=%s\naws_secret_access_key=%s\n' \
      "${NOBLE_VELERO_AWS_ACCESS_KEY_ID}" "${NOBLE_VELERO_AWS_SECRET_ACCESS_KEY}")"
    kubectl -n velero create secret generic velero-cloud-credentials \
      --from-literal=cloud="${CLOUD}" \
      --dry-run=client -o yaml | kubectl apply -f -
    echo APPLIED
  environment:
    KUBECONFIG: "{{ noble_kubeconfig }}"
  when: noble_deploy_env_file.stat.exists | default(false)
  no_log: true
  register: noble_velero_secret_from_env
  changed_when: "'APPLIED' in (noble_velero_secret_from_env.stdout | default(''))"