---
- name: Check if Policies shall be overwritten
  local_action: stat path="{{ node_custom_config }}/keystone/policy.json"
  register: keystone_policy

- name: Check if Keystone Domain specific settings enabled
  local_action: stat path="{{ node_custom_config }}/keystone/domains"
  register: keystone_domain_cfg

- name: Ensuring config directories exist
  file:
    path: "{{ node_config_directory }}/{{ item }}"
    state: "directory"
    recurse: yes
  with_items:
    - "keystone"
    - "keystone-fernet"
    - "keystone-ssh"

- name: Creating Keystone Domain directory
  file:
    dest: "{{ node_config_directory }}/{{ item }}/domains/"
    state: "directory"
  when:
      keystone_domain_cfg.stat.exists
  with_items:
    - "keystone"

- name: Copying over config.json files for services
  template:
    src: "{{ item }}.json.j2"
    dest: "{{ node_config_directory }}/{{ item }}/config.json"
  with_items:
    - "keystone"
    - "keystone-fernet"
    - "keystone-ssh"

- name: Copying over keystone.conf
  merge_configs:
    vars:
      service_name: "{{ item }}"
    sources:
      - "{{ role_path }}/templates/keystone.conf.j2"
      - "{{ node_custom_config }}/global.conf"
      - "{{ node_custom_config }}/database.conf"
      - "{{ node_custom_config }}/messaging.conf"
      - "{{ node_custom_config }}/keystone.conf"
      - "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/keystone.conf"
    dest: "{{ node_config_directory }}/{{ item }}/keystone.conf"
  with_items:
    - "keystone"
    - "keystone-fernet"
    - "keystone-ssh"

- name: Copying Keystone Domain specific settings
  copy:
    src: "{{ item }}"
    dest: "{{ node_config_directory }}/keystone/domains/"
  with_fileglob:
    - "{{ node_custom_config }}/keystone/domains/*"

- name: Copying over existing policy.json
  template:
    src: "{{ node_custom_config }}/keystone/policy.json"
    dest: "{{ node_config_directory }}/keystone/policy.json"
  when:
    keystone_policy.stat.exists

- name: Copying over wsgi-keystone.conf
  template:
    src: "{{ item }}"
    dest: "{{ node_config_directory }}/keystone/wsgi-keystone.conf"
  with_first_found:
    - "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/wsgi-keystone.conf"
    - "{{ node_custom_config }}/keystone/wsgi-keystone.conf"
    - "wsgi-keystone.conf.j2"

- name: Copying over keystone-paste.ini
  merge_configs:
    sources:
      - "{{ role_path }}/templates/keystone-paste.ini.j2"
      - "{{ node_custom_config }}/keystone/keystone-paste.ini"
      - "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/keystone-paste.ini"
    dest: "{{ node_config_directory }}/keystone/keystone-paste.ini"

- name: Generate the required cron jobs for the node
  local_action: "command python {{ role_path }}/files/fernet_rotate_cron_generator.py -t {{ (fernet_token_expiry | int) // 60 }} -i {{ groups['keystone'].index(inventory_hostname) }} -n {{ (groups['keystone'] | length) }}"
  register: cron_jobs_json
  when: keystone_token_provider == 'fernet'

- name: Save the returned from cron jobs for building the crontab
  set_fact:
    cron_jobs: "{{ (cron_jobs_json.stdout | from_json).cron_jobs }}"
  when: keystone_token_provider == 'fernet'

- name: Copying files for keystone-fernet
  template:
    src: "{{ item.src }}"
    dest: "{{ node_config_directory }}/keystone-fernet/{{ item.dest }}"
  with_items:
    - { src: "crontab.j2", dest: "crontab" }
    - { src: "fernet-rotate.sh.j2", dest: "fernet-rotate.sh" }
    - { src: "fernet-node-sync.sh.j2", dest: "fernet-node-sync.sh" }
    - { src: "id_rsa", dest: "id_rsa" }
    - { src: "ssh_config.j2", dest: "ssh_config" }
  when: keystone_token_provider == 'fernet'

- name: Copying files for keystone-ssh
  template:
    src: "{{ item.src }}"
    dest: "{{ node_config_directory }}/keystone-ssh/{{ item.dest }}"
  with_items:
    - { src: "sshd_config.j2", dest: "sshd_config" }
    - { src: "id_rsa.pub", dest: "id_rsa.pub" }
  when: keystone_token_provider == 'fernet'