---
- name: Check if certificates already exists
  stat:
    path: "{{ local_certs_path }}"
  register: certificates_folder
  delegate_to: localhost
  become: no
  tags:
    - generate-certs


- block:

  - name: Local action | Create local temporary directory for certificates generation
    file:
      path: "{{ local_certs_path }}"
      mode: 0755
      state: directory

  - name: Local action | Check that the generation tool exists
  ## 732 will not be needed
    stat:
      path: "{{ local_certs_path }}/wazuh-cert-tool.sh"
    register: tool_package

  - name: Local action | Download certificates generation tool
  ## 732 will not be needed
    get_url:
      url: "{{ certs_gen_tool_url }}"
      dest: "{{ local_certs_path }}/wazuh-cert-tool.sh"
      #search-guard-tlstool-{{ certs_gen_tool_version }}.zip"
    when: not tool_package.stat.exists

#  - name: Local action | Extract the certificates generation tool
#  ## 732 will not be needed
#    unarchive:
#      src: "{{ local_certs_path }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip"
#      dest: "{{ local_certs_path }}/"

#  - name: Local action | Add the execution bit to the binary
#  ## 732 will not be needed
#    file:
#      dest: "{{ local_certs_path }}/tools/sgtlstool.sh"
#      mode: a+x

  - name: Local action | Prepare the certificates generation template file
## 732 need to resolve the certificate creation (config.yml)
    template:
      src: "templates/config.yml.j2"
      dest: "{{ local_certs_path }}/config.yml"
      mode: 0644
    register: tlsconfig_template

#  - name: Create a directory if it does not exist
#    file:
#      path: "{{ local_certs_path }}/certs/"
#      state: directory
#      mode: '0755'

#  - name: Local action | Check if root CA file exists
#    stat:
#      path: "{{ local_certs_path }}/certs/root-ca.key"
#    register: root_ca_file

  - name: Local action | Generate the node & admin certificates in local
    command: >-
      bash {{ local_certs_path }}/wazuh-cert-tool.sh
    become: yes

  - name: Get Certificate files
    find:
      paths: "{{ local_certs_path }}/certs"
      patterns: "*"
    register: certificate_files

  - name: Change Certificates Ownership
    file: 
      path: "{{ item.path }}"
      owner: "{{ ansible_effective_user_id }}"
      group: "{{ ansible_effective_user_id }}"
    become: yes
    with_items: "{{ certificate_files.files }}"

  run_once: true
  delegate_to: localhost
  become: no
  tags:
    - generate-certs
  when:
    - not certificates_folder.stat.exists