---
# file: roles/haproxy/tasks/secrest.yml

- name: "handle secret {{ user }}"
  block:
    - name: "get {{ user }} from hashicorp vault"
      set_fact:
        "{{ user }}": "{{ lookup('hashi_vault', 'secret=talas-kv/data/' + host_vars_location + '/' + ansible_hostname)['haproxy_basicauth_' + user + '_password'] }}"
  rescue:
    - name: "generate a random password for {{ user }}"
      set_fact:
        password: "{{ lookup('password','/dev/null chars=ascii_letters,digits length=50') }}"
    - name: "patching hashicorp vault with generated {{ user }}"
      delegate_to: localhost
      become: no
      command: "vault kv patch talas-kv/{{ host_vars_location }}/{{ ansible_hostname }} haproxy_basicauth_{{ user }}_password={{ password }}"
    - name: "assign password value to {{ user }}"
      set_fact:
        "haproxy_basicauth_{{ user }}_password": "{{ password }}"
  tags: haproxy