---
- name: Check if there are any super users defined.
  k8s_exec:
    namespace: "{{ ansible_operator_meta.namespace }}"
    pod: "{{ awx_web_pod_name }}"
    container: "{{ ansible_operator_meta.name }}-web"
    command: >-
      bash -c "echo 'from django.contrib.auth.models import User;
      nsu = User.objects.filter(is_superuser=True, username=\"{{ admin_user }}\").count();
      exit(0 if nsu > 0 else 1)'
      | awx-manage shell"
  ignore_errors: true
  register: users_result
  changed_when: users_result.return_code > 0

- name: Create super user via Django if it doesn't exist.
  k8s_exec:
    namespace: "{{ ansible_operator_meta.namespace }}"
    pod: "{{ awx_web_pod_name }}"
    container: "{{ ansible_operator_meta.name }}-web"
    command: bash -c "ANSIBLE_REVERSE_RESOURCE_SYNC=false awx-manage createsuperuser --username={{ admin_user | quote }} --email={{ admin_email | quote }} --noinput"
  register: result
  changed_when: "'That username is already taken' not in result.stderr"
  failed_when: "'That username is already taken' not in result.stderr and 'Superuser created successfully' not in result.stdout"
  no_log: "{{ no_log }}"
  when: users_result.return_code > 0

- name: Update Django super user password
  k8s_exec:
    namespace: "{{ ansible_operator_meta.namespace }}"
    pod: "{{ awx_web_pod_name }}"
    container: "{{ ansible_operator_meta.name }}-web"
    command: awx-manage update_password --username='{{ admin_user }}' --password='{{ admin_password }}'
  register: result
  changed_when: "'Password updated' in result.stdout"
  no_log: "{{ no_log }}"
  when: users_result.return_code > 0

- name: Check if legacy queue is present
  k8s_exec:
    namespace: "{{ ansible_operator_meta.namespace }}"
    pod: "{{ awx_web_pod_name }}"
    container: "{{ ansible_operator_meta.name }}-web"
    command: >-
      bash -c "awx-manage list_instances | grep '^\[tower capacity=[0-9]*\]'"
  register: legacy_queue
  changed_when: false
  ignore_errors: true

- name: Unregister legacy queue
  k8s_exec:
    namespace: "{{ ansible_operator_meta.namespace }}"
    pod: "{{ awx_web_pod_name }}"
    container: "{{ ansible_operator_meta.name }}-web"
    command: >-
      bash -c "awx-manage unregister_queue --queuename=tower"
  when: "'[tower capacity=' in legacy_queue.stdout"

- name: Check for specified default execution environment pull credentials
  k8s_info:
    kind: Secret
    namespace: '{{ ansible_operator_meta.namespace }}'
    name: '{{ ee_pull_credentials_secret }}'
  register: _custom_execution_environments_pull_credentials
  when: ee_pull_credentials_secret | length

- name: Set execution environment pull credential secret
  set_fact:
    _execution_environments_pull_credentials: >-
      {{ _custom_execution_environments_pull_credentials["resources"] | default([]) | length
      | ternary(_custom_execution_environments_pull_credentials, []) }}
  no_log: "{{ no_log }}"

- name: Register default execution environments (without authentication)
  k8s_exec:
    namespace: "{{ ansible_operator_meta.namespace }}"
    pod: "{{ awx_web_pod_name }}"
    container: "{{ ansible_operator_meta.name }}-web"
    command: >-
      bash -c "awx-manage register_default_execution_environments"
  register: ree
  changed_when: "'changed: True' in ree.stdout"
  when: not _execution_environments_pull_credentials['resources'] | default([]) | length

- block:
    - name: Store default execution environment pull credentials
      set_fact:
        default_execution_environment_pull_credentials_user: "{{ _execution_environments_pull_credentials['resources'][0]['data']['username'] | b64decode }}"
        default_execution_environment_pull_credentials_pass: "{{ _execution_environments_pull_credentials['resources'][0]['data']['password'] | b64decode }}"
        default_execution_environment_pull_credentials_url: "{{ _execution_environments_pull_credentials['resources'][0]['data']['url'] | b64decode }}"
        default_execution_environment_pull_credentials_url_verify: >-
          {{ _execution_environments_pull_credentials['resources'][0]['data']['ssl_verify'] | default("True"|b64encode) | b64decode }}
      no_log: "{{ no_log }}"

    - name: Register default execution environments (with authentication)
      k8s_exec:
        namespace: "{{ ansible_operator_meta.namespace }}"
        pod: "{{ awx_web_pod_name }}"
        container: "{{ ansible_operator_meta.name }}-web"
        command: >-
          bash -c "awx-manage register_default_execution_environments
          --registry-username='{{ default_execution_environment_pull_credentials_user }}'
          --registry-password='{{ default_execution_environment_pull_credentials_pass }}'
          --registry-url='{{ default_execution_environment_pull_credentials_url }}'
          --verify-ssl='{{ default_execution_environment_pull_credentials_url_verify }}'"
      register: ree
      changed_when: "'changed: True' in ree.stdout"
      no_log: "{{ no_log }}"
  when: _execution_environments_pull_credentials['resources'] | default([]) | length

- name: Create preload data if necessary.  # noqa 305
  k8s_exec:
    namespace: "{{ ansible_operator_meta.namespace }}"
    pod: "{{ awx_web_pod_name }}"
    container: "{{ ansible_operator_meta.name }}-web"
    command: >-
      bash -c "ANSIBLE_REVERSE_RESOURCE_SYNC=false awx-manage create_preload_data"
  register: cdo
  changed_when: "'added' in cdo.stdout"
  when: create_preload_data | bool