---
- name: Install Secrets Store
  block:
# https://github.com/kubernetes-sigs/secrets-store-csi-driver/tree/master/charts/secrets-store-csi-driver
    - name: Defined Secrets Store repository
      kubernetes.core.helm_repository:
        name: secrets-store-csi-driver
        repo_url: "https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts"

    - name: Deploy Secrets Store chart
      kubernetes.core.helm:
        context: "{{ my_context }}"
        name: csi-secrets-store
        release_namespace: "kube-system"
        chart_version: "{{ storage_secrets_store_version }}"
        chart_ref: secrets-store-csi-driver/secrets-store-csi-driver

    # https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass
    - name: Deploy Secrets Store CSI driver provider gopass
      kubernetes.core.k8s:
        state: "present"
        context: "{{ my_context }}"
        namespace: "kube-system"
        apply: true
        resource_definition: "{{ lookup('file', 'secrets-provider-gopass/provider-gopass-installer.yaml') | from_yaml }}"

    # https://github.com/Azure/secrets-store-csi-driver-provider-azure
    - name: Deploy Secrets Store CSI driver provider azure
      kubernetes.core.helm_repository:
        name: csi-secrets-store-provider-azure
        repo_url: "https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts"
    - name: Deploy Secrets Store chart
      kubernetes.core.helm:
        context: "{{ my_context }}"
        name: csi-secrets-store-provider-azure
        release_namespace: "kube-system"
        chart_version: "{{ storage_secrets_store_azure_version }}"
        chart_ref: csi-secrets-store-provider-azure/csi-secrets-store-provider-azure
        values:
          secrets-store-csi-driver:
            install: false
  when:
    - storage_secrets_store_enabled
  tags:
    - storage
    - secrets-store

# https://github.com/hashicorp/vault-csi-provider

- name: Secret Store need to be absent
  block:
    - name: Uninstall Secrets Store
      kubernetes.core.helm:
        context: "{{ my_context }}"
        name: "{{ item }}"
        state: absent
        release_namespace: "kube-system"
      with_items:
        - "csi-secrets-store"
        - "csi-secrets-store-provider-azure"
    - name: Remove Gopass provider
      kubernetes.core.k8s:
        state: absent
        context: "{{ my_context }}"
        namespace: "kube-system"
        resource_definition: "{{ lookup('file', item) | from_yaml }}"
      with_items:
        - "secrets-provider-gopass/provider-gopass-installer.yaml"

  when:
    - not storage_secrets_store_enabled
  tags:
    - secrets-store
    - storage