---
- name: create temp directory
  ansible.builtin.tempfile:
    state: directory
  register: tmp_file
  changed_when: false

- name: find vault path
  ansible.builtin.command: 'bash -c "command -v vault"'
  register: output_vault_binary_path
  failed_when: false
  changed_when: false

- name: find local vault binary version
  become: true
  environment:
    DBUS_SESSION_BUS_ADDRESS: /dev/null
    VAULT_ADDR: 'https://127.0.0.1:8200'
  ansible.builtin.shell: "{{ output_vault_binary_path.stdout }} version | sed -E 's/Vault[[:space:]]+v([0-9.-]+)(\\b|$).*$/\\1/'"
  when: output_vault_binary_path.rc == 0
  register: output_vault_binary_version
  changed_when: false

- name: set binary facts
  ansible.builtin.set_fact:
    hc_vault_binary_installed: "{{ 'true' if output_vault_binary_path.rc == 0 else 'false' }}"
    hc_vault_binary_path: "{{ output_vault_binary_path.stdout | default(hc_vault_default_binary_path, true) }}"
    hc_vault_local_binary_version: "{{ output_vault_binary_version.get('stdout', None) }}"

- name: run prerequisite tasks
  ansible.builtin.import_tasks: prerequisites.yml

- name: install vault binary
  ansible.builtin.import_tasks: install_binary.yml

- name: install vault service
  ansible.builtin.import_tasks: install_service.yml

- name: run security configuration
  ansible.builtin.import_tasks: security.yml

- name: find vault initialization status
  ansible.builtin.command: '{{ output_vault_binary_path.stdout }} operator init -status -tls-skip-verify'
  become: true
  register: hc_vault_init_status
  environment:
    DBUS_SESSION_BUS_ADDRESS: /dev/null
    VAULT_ADDR: 'https://127.0.0.1:8200'
  failed_when: hc_vault_init_status.rc == 1
  changed_when: false

- name: initialize vault
  ansible.builtin.import_tasks: initialize.yml
  when: hc_vault_initialize and hc_vault_init_status.rc == 2

- name: cleanup
  become: true
  ansible.builtin.file:
    path: '{{ tmp_file.path }}'
    state: absent
  changed_when: false

- name: flush handlers
  meta: flush_handlers