---
- name: Secrets Store
  block:
  - name: Defined secrets-storage state to present
    set_fact:
      storage_secrets_store_state: present
    when:
      - storage_secrets_store|bool

  - name: find state of secrets-storage
    set_fact:
      storage_secrets_store_state: absent
    when:
      - not storage_secrets_store|bool

# https://github.com/kubernetes-sigs/secrets-store-csi-driver/tree/master/charts/secrets-store-csi-driver
  - name: Defined Secrets Store repository
    kubernetes.core.helm_repository:
      name: secrets-store-csi-driver
      repo_url: "https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts"

  - name: Deploy Secrets Store chart
    kubernetes.core.helm:
      context: "{{ my_context }}"
      state: "{{ storage_secrets_store_state }}"
      name: csi-secrets-store
      chart_ref: secrets-store-csi-driver/secrets-store-csi-driver

  # https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass
  - name: Deploy Secrets Store CSI driver provider gopass
    kubernetes.core.k8s:
      state: "{{ storage_secrets_store_state }}"
      context: "{{ my_context }}"
      namespace: "{{ storage_localpath_namespace }}"
      apply: true
      resource_definition: "{{ lookup('file', 'secrets-provider-gopass/provider-gopass-installer.yaml') | from_yaml }}"

  tags:
    - storage
    - secrets-store

# https://github.com/hashicorp/vault-csi-provider
# https://github.com/Azure/secrets-store-csi-driver-provider-azure