Fix api keys secret generation

tasks/main.yml

@@ -111,12 +111,15 @@
         context: "{{ my_context }}"
         apply: true
         namespace: "{{ cert_manager_namespace }}"
-        resource_definition: "{{ lookup('template', 'api-key-secret.yml.j2') | from_yaml }}"
+        resource_definition: "{{ lookup('template', 'api-key-secret.yml.j2') | from_yaml_all }}"
       with_items:
         - "{{ cert_manager_issuer }}"
+        #- "{{ cert_manager_issuer | json_query(\"solvers.[?solver=="dns01"]\") }}"
       when:
         - item.acme_provider is defined
-        - item.dns_provider is defined
+        - item.solvers is defined
+        #- item.solvers.[].solver == "dns01"
+        #- item.solvers.[].dns_provider is defined
 
 # Tempo ici
 

templates/api-key-secret.yml.j2

@@ -1,14 +1,19 @@
+{% for i in item.solvers %}
+{% if i.solver == "dns01" %}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: "{{ item.dns_provider }}-api-key"
+  name: "{{ i.dns_provider }}-api-key"
 type: Opaque
 data:
-{% if item.dns_provider == "cloudflare" %}
+{% if i.dns_provider == "cloudflare" %}
-  api-key: "{{ item.cloudflare_api_key | b64encode }}"
+  api-key: "{{ i.cloudflare_api_key | b64encode }}"
-{% elif item.dns_provider == "route53" %}
+{% elif i.dns_provider == "route53" %}
   secret-access-key: "{{ lookup('hashi_vault', 'secret=clusters/route53:secret-access-key') | b64encode }}"
-{% elif item.dns_provider == "ovh" %}
+{% elif i.dns_provider == "ovh" %}
-  applicationSecret: "{{ item.applicationSecret | b64encode }}"
+  applicationSecret: "{{ i.applicationSecret | b64encode }}"
 {% endif %}
+
+{% endif %}
+{% endfor %}