---
- name: Check if there are any super users defined.
  k8s_exec:
    namespace: "{{ meta.namespace }}"
    pod: "{{ tower_pod_name }}"
    container: "{{ meta.name }}-task"
    command: >-
      bash -c "echo 'from django.contrib.auth.models import User;
      nsu = User.objects.filter(is_superuser=True, username=\"{{ admin_user }}\").count();
      exit(0 if nsu > 0 else 1)'
      | awx-manage shell"
  ignore_errors: true
  register: users_result
  changed_when: users_result.return_code > 0

- name: Update super user password via Django if it does exist (same password is a noop)
  k8s_exec:
    namespace: "{{ meta.namespace }}"
    pod: "{{ tower_pod_name }}"
    container: "{{ meta.name }}-task"
    command: >-
      bash -c "awx-manage update_password --username '{{ admin_user }}' --password '{{ admin_password }}'"
  register: update_pw_result
  changed_when: users_result.stdout == 'Password not updated'
  when: users_result.return_code == 0

- name: Create super user via Django if it doesn't exist.
  k8s_exec:
    namespace: "{{ meta.namespace }}"
    pod: "{{ tower_pod_name }}"
    container: "{{ meta.name }}-task"
    command: >-
      bash -c "echo \"from django.contrib.auth.models import User;
      User.objects.create_superuser('{{ admin_user }}', '{{ admin_email }}', '{{ admin_password }}')\"
      | awx-manage shell"
  when: users_result.return_code > 0

- name: Create preload data if necessary.  # noqa 305
  k8s_exec:
    namespace: "{{ meta.namespace }}"
    pod: "{{ tower_pod_name }}"
    container: "{{ meta.name }}-task"
    command: >-
      bash -c "awx-manage create_preload_data"
  register: cdo
  changed_when: "'added' in cdo.stdout"
  when: create_preload_data | bool

- name: Check if legacy queue is present
  k8s_exec:
    namespace: "{{ meta.namespace }}"
    pod: "{{ tower_pod_name }}"
    container: "{{ meta.name }}-task"
    command: >-
      bash -c "awx-manage list_instances | grep '^\[tower capacity=[0-9]*\]'"
  register: legacy_queue
  changed_when: false

- name: Unregister legacy queue
  k8s_exec:
    namespace: "{{ meta.namespace }}"
    pod: "{{ tower_pod_name }}"
    container: "{{ meta.name }}-task"
    command: >-
      bash -c "awx-manage unregister_queue --queuename=tower"
  when: "'[tower capacity=' in legacy_queue.stdout"

- name: Check for specified default execution environment pull credentials
  k8s_info:
    kind: Secret
    namespace: '{{ meta.namespace }}'
    name: '{{ ee_pull_credentials_secret }}'
  register: _custom_execution_environments_pull_credentials
  when: ee_pull_credentials_secret | length

- name: Check for default execution environment pull credentials
  k8s_info:
    kind: Secret
    namespace: '{{ meta.namespace }}'
    name: '{{ meta.name }}-ee-pull-credentials'
  register: _default_execution_environments_pull_credentials

- name: Set admin password secret
  set_fact:
    _execution_environments_pull_credentials: >-
      {{ _custom_execution_environments_pull_credentials["resources"] | default([]) | length
      | ternary(_custom_execution_environments_pull_credentials, _default_execution_environments_pull_credentials) }}
- name: Register default execution environments (without authentication)
  k8s_exec:
    namespace: "{{ meta.namespace }}"
    pod: "{{ tower_pod_name }}"
    container: "{{ meta.name }}-task"
    command: >-
      bash -c "awx-manage register_default_execution_environments"
  register: ree
  changed_when: "'changed: True' in ree.stdout"
  when: not _execution_environments_pull_credentials['resources'] | default([]) | length

- block:
    - name: Store default execution environment pull credentials
      set_fact:
        default_execution_environment_pull_credentials_user: "{{ _execution_environments_pull_credentials['resources'][0]['data']['username'] | b64decode }}"
        default_execution_environment_pull_credentials_pass: "{{ _execution_environments_pull_credentials['resources'][0]['data']['password'] | b64decode }}"
        default_execution_environment_pull_credentials_url: "{{ _execution_environments_pull_credentials['resources'][0]['data']['url'] | b64decode }}"
        default_execution_environment_pull_credentials_url_verify: >-
          {{ _execution_environments_pull_credentials['resources'][0]['data']['ssl_verify'] | default("True"|b64encode) | b64decode }}
    - name: Register default execution environments (with authentication)
      k8s_exec:
        namespace: "{{ meta.namespace }}"
        pod: "{{ tower_pod_name }}"
        container: "{{ meta.name }}-task"
        command: >-
          bash -c "awx-manage register_default_execution_environments
          --registry-username='{{ default_execution_environment_pull_credentials_user }}'
          --registry-password='{{ default_execution_environment_pull_credentials_pass }}'
          --registry-url='{{ default_execution_environment_pull_credentials_url }}'
          --verify-ssl='{{ default_execution_environment_pull_credentials_url_verify }}'"
      register: ree
      changed_when: "'changed: True' in ree.stdout"
  when: _execution_environments_pull_credentials['resources'] | default([]) | length