---

- name: Get secret definition from pvc
  k8s_exec:
    namespace: "{{ backup_pvc_namespace }}"
    pod: "{{ meta.name }}-db-management"
    command: >-
      bash -c "cat '{{ backup_dir }}/secrets.yml'"
  register: _secrets

- name: Create Temporary secrets file
  tempfile:
    state: file
    suffix: .json
  register: tmp_secrets

- name: Write vars to file locally
  copy:
    dest: "{{ tmp_secrets.path }}"
    content: "{{ _secrets.stdout }}"
    mode: 0640

- name: Include secret vars from backup
  include_vars: "{{ tmp_secrets.path }}"

- name: If deployment is managed, set the database_host in the pg config secret
  block:
    - name: Set new database host
      set_fact:
        database_host: "{{ deployment_name }}-postgres"

    - name: Set tmp postgres secret dict
      set_fact:
        _pg_secret: "{{ secrets['postgresConfigurationSecret'] }}"

    - name: Change postgres host value
      set_fact:
        _pg_data: "{{ _pg_secret['data'] | combine({'host': database_host | b64encode }) }}"

    - name: Create a postgres secret with the new host value
      set_fact:
        _pg_secret: "{{ _pg_secret | combine({'data': _pg_data}) }}"

    - name: Create a new dict of secrets with the new postgres secret
      set_fact:
        secrets: "{{ secrets | combine({'postgresConfigurationSecret': _pg_secret}) }}"
  when: secrets['postgresConfigurationSecret']['data']['type'] | b64decode == 'managed'

- name: Apply secret
  k8s:
    state: present
    namespace: "{{ meta.namespace }}"
    apply: yes
    wait: yes
    template: "secrets.yml.j2"