---
#  Copyright (c) 2019 Red Hat, Inc.
#
#  This file is part of ARA Records Ansible.
#
#  ARA Records Ansible is free software: you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation, either version 3 of the License, or
#  (at your option) any later version.
#
#  ARA Records Ansible is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.

- become: yes
  become_user: "{{ ara_server_user }}"
  block:
    - name: Verify if a configuration file exists
      stat:
        path: "{{ ara_server_settings }}"
      register: settings_stat

    # If no secret key has been provided and this isn't the first time we are
    # running, recover the secret key from the existing configuration file.
    - when:
        - ara_server_secret_key is none
        - settings_stat.stat.exists
      block:
        - name: Read the configuration file
          command: cat "{{ ara_server_settings }}"
          changed_when: false
          no_log: yes
          register: settings_contents

        - name: Recover existing secret key
          vars:
            config: "{{ settings_contents.stdout | from_yaml }}"
          set_fact:
            ara_server_secret_key: "{{ config[ara_server_env]['SECRET_KEY'] }}"
          no_log: yes

    # If no secret key has been provided and this is the first time we are
    # running, generate a new random secret key that will be persisted in the
    # configuration file.
    - when:
        - ara_server_secret_key is none
        - not settings_stat.stat.exists
      block:
        - name: Generate a random secret key
          environment:
            PATH: "{{ path_with_virtualenv | default(omit) }}"
          command: python3 -c "from django.utils.crypto import get_random_string; print(get_random_string(length=50))"
          no_log: yes
          register: generated_key

        - name: Set ara_server_secret_key
          set_fact:
            ara_server_secret_key: "{{ generated_key.stdout }}"
          no_log: yes

    - name: Reconcile configuration
      vars:
        reconciled_configuration:
          ALLOWED_HOSTS: "{{ ara_server_allowed_hosts }}"
          BASE_DIR: "{{ ara_server_base_dir }}"
          CORS_ORIGIN_ALLOW_ALL: "{{ ara_server_cors_origin_allow_all }}"
          CORS_ORIGIN_WHITELIST: "{{ ara_server_cors_origin_whitelist }}"
          DATABASES:
            default:
              ENGINE: "{{ ara_server_database_engine }}"
              NAME: "{{ ara_server_database_name }}"
              USER: "{{ ara_server_database_user }}"
              PASSWORD: "{{ ara_server_database_password }}"
              HOST: "{{ ara_server_database_host }}"
              PORT: "{{ ara_server_database_port }}"
          DEBUG: "{{ ara_server_debug }}"
          LOGGING: "{{ ara_server_logging }}"
          LOG_LEVEL: "{{ ara_server_log_level }}"
          MEDIA_ROOT: "{{ ara_server_media_root }}"
          MEDIA_URL: "{{ ara_server_media_url }}"
          STATIC_ROOT: "{{ ara_server_static_root }}"
          STATIC_URL: "{{ ara_server_static_url }}"
          SECRET_KEY: "{{ ara_server_secret_key }}"
      set_fact:
        ara_server_configuration: "{'{{ ara_server_env }}': {{ reconciled_configuration }} }"

- name: Configure ara-server
  become: yes
  copy:
    content: |
      ---
      # Managed by the ara_server Ansible role
      {{ ara_server_configuration | to_nice_yaml(indent=2) }}
    dest: "{{ ara_server_settings }}"
    owner: "{{ ara_server_user }}"
    group: "{{ ara_server_group }}"
    mode: 0750
  notify:
    - restart ara-server
  no_log: yes