---

- when: ansible_service_broker_certs_dir is undefined
  block:
  - name: Create ansible-service-broker cert directory
    file:
      path: "{{ openshift.common.config_base }}/ansible-service-broker"
      state: directory
      mode: 0755
    check_mode: no

  - name: Create self signing ca cert
    command: 'openssl req -nodes -x509 -newkey rsa:4096 -keyout {{ openshift.common.config_base }}/ansible-service-broker/key.pem -out {{ openshift.common.config_base }}/ansible-service-broker/cert.pem -days 365 -subj "/CN=asb-etcd.openshift-ansible-service-broker.svc"'
    args:
      creates: '{{ openshift.common.config_base }}/ansible-service-broker/cert.pem'

  - name: Create self signed client cert
    command: '{{ item.cmd }}'
    args:
      creates: '{{ item.creates }}'
    with_items:
    - cmd: openssl genrsa -out {{ openshift.common.config_base }}/ansible-service-broker/client.key 2048
      creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.key'
    - cmd: 'openssl req -new -key {{ openshift.common.config_base }}/ansible-service-broker/client.key -out {{ openshift.common.config_base }}/ansible-service-broker/client.csr -subj "/CN=client"'
      creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.csr'
    - cmd: openssl x509 -req -in {{ openshift.common.config_base }}/ansible-service-broker/client.csr -CA {{ openshift.common.config_base }}/ansible-service-broker/cert.pem -CAkey {{ openshift.common.config_base }}/ansible-service-broker/key.pem -CAcreateserial -out {{ openshift.common.config_base }}/ansible-service-broker/client.pem -days 1024
      creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.pem'

  - set_fact:
      ansible_service_broker_certs_dir: "{{ openshift.common.config_base }}/ansible-service-broker"

- name: Read in certs for etcd
  slurp:
    src: '{{ ansible_service_broker_certs_dir }}/{{ item }}'
  register: asb_etcd_certs
  with_items:
  - cert.pem
  - client.pem
  - client.key

- set_fact:
    etcd_ca_cert: "{{ asb_etcd_certs.results.0.content | b64decode }}"
    etcd_client_cert: "{{ asb_etcd_certs.results.1.content | b64decode }}"
    etcd_client_key: "{{ asb_etcd_certs.results.2.content | b64decode }}"