---
- fail:
    msg: >
      openshift_hosted_registry_storage_s3_accesskey and
      openshift_hosted_registry_storage_s3_secretkey are required
  when: openshift.hosted.registry.storage.s3.accesskey | default(none) is none or openshift.hosted.registry.storage.s3.secretkey | default(none) is none

- fail:
    msg: >
      openshift_hosted_registry_storage_s3_bucket and
      openshift_hosted_registry_storage_s3_region are required
  when: openshift.hosted.registry.storage.s3.bucket | default(none) is none or openshift.hosted.registry.storage.s3.region | default(none) is none

# If cloudfront is being used, fail if we don't have all the required variables
- assert:
    that:
      - "openshift_hosted_registry_storage_s3_cloudfront_baseurl is not defined or openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile | default(none) is not none"
      - "openshift_hosted_registry_storage_s3_cloudfront_baseurl is not defined or openshift_hosted_registry_storage_s3_cloudfront_keypairid | default(none) is not none"
    msg: >
      When openshift_hosted_registry_storage_s3_cloudfront_baseurl is provided
      openshift_hosted_registry_storage_s3_cloudfront_keypairid and
      openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile are required


# Inject the cloudfront private key as a secret when required
- block:

    - name: Create registry secret for cloudfront
      oc_secret:
        state: present
        namespace: "{{ openshift.hosted.registry.namespace | default('default') }}"
        name: docker-registry-s3-cloudfront
        contents:
          - path: cloudfront.pem
            data: "{{ lookup('file', openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile) }}"

    - name: Add cloudfront secret to the registry deployment config
      command: >
        oc volume dc/docker-registry --add --name=cloudfront-vol
        --namespace="{{ openshift.hosted.registry.namespace | default('default') }}"
        -m /etc/origin --type=secret --secret-name=docker-registry-s3-cloudfront
      register: cloudfront_vol_attach
      failed_when:
        - "'already exists' not in cloudfront_vol_attach.stderr"
        - "cloudfront_vol_attach.rc != 0"

  when: openshift_hosted_registry_storage_s3_cloudfront_baseurl | default(none) is not none