# SPDX-License-Identifier: MIT-0
---
# Helm needs to authenticate against registry.element.io to pull both the
# matrix-stack chart AND the Pro container images. We do both:
#   1. `helm registry login` so the chart pull works.
#   2. A docker-registry Secret in the namespace so pods can pull images.

- name: Log in to Element Helm/OCI registry
  ansible.builtin.command:
    cmd: >-
      {{ ess_pro_helm_install_dir }}/helm registry login {{ ess_pro_registry_url }}
      --username {{ ess_pro_registry_username | quote }}
      --password-stdin
    stdin: "{{ ess_pro_registry_token }}"
  register: helm_login
  changed_when: "'Login Succeeded' in (helm_login.stdout + helm_login.stderr)"
  no_log: true

- name: Create image pull Secret for the ESS namespace
  kubernetes.core.k8s:
    kubeconfig: "{{ ess_pro_kubeconfig }}"
    state: present
    definition:
      apiVersion: v1
      kind: Secret
      type: kubernetes.io/dockerconfigjson
      metadata:
        name: "{{ ess_pro_image_pull_secret_name }}"
        namespace: "{{ ess_pro_namespace }}"
        labels:
          app.kubernetes.io/managed-by: ansible
      data:
        .dockerconfigjson: "{{ _dockerconfig | to_json | b64encode }}"
  vars:
    _dockerconfig:
      auths:
        "{{ ess_pro_registry_url }}":
          username: "{{ ess_pro_registry_username }}"
          password: "{{ ess_pro_registry_token }}"
          auth: "{{ (ess_pro_registry_username ~ ':' ~ ess_pro_registry_token) | b64encode }}"
  no_log: true