---
- name: Setup OpenSSL
  include_role:
    name: setup_openssl

- name: Register registry cleanup
  command: 'true'
  # this must be registered before setup_docker is included
  # otherwise setup_docker's own cleanup handler will run before registry cleanup, which will cause registry cleanup to fail
  notify: Remove test registry

- name: Setup Docker
  include_role:
    name: setup_docker

- name: Create random name prefix and test registry name
  set_fact:
    name_prefix: "{{ 'ansible-test-%0x' % ((2**32) | random) }}"
    registry_name: "{{ 'ansible-test-registry-%0x' % ((2**32) | random) }}"
    nginx_name: "{{ 'ansible-test-registry-frontend-%0x' % ((2**32) | random) }}"
- name: Create image and container list
  set_fact:
    inames: []
    cnames:
    - "{{ registry_name }}"
    - "{{ nginx_name }}"
    vnames:
    - "{{ nginx_name }}"

- debug:
    msg: "Using name prefix {{ name_prefix }} and test registry name {{ registry_name }}"

- block:
  - name: Start test registry
    docker_container:
      name: "{{ registry_name }}"
      image: registry:2.6.1
      ports: 5000
    register: registry_container

  - name: Get registry URL
    set_fact:
      registry_address: "localhost:{{ registry_container.container.NetworkSettings.Ports['5000/tcp'].0.HostPort }}"

  - name: Start nginx frontend for registry
    docker_volume:
      name: "{{ nginx_name }}"
      state: present

  - name: Create container for nginx frontend for registry
    docker_container:
      state: stopped
      name: "{{ nginx_name }}"
      image: nginx:alpine
      ports: 5000
      links:
        - "{{ registry_name }}:real-registry"
      volumes:
        - "{{ nginx_name }}:/etc/nginx/"
    register: nginx_container

  - name: Copy static files into volume
    command: docker cp {{ role_path }}/files/{{ item }} {{ nginx_name }}:/etc/nginx/{{ item }}
    loop:
      - "nginx.conf"
      - "nginx.htpasswd"

  - name: Create private key for frontend certificate
    openssl_privatekey:
      path: "{{ output_dir }}/cert.key"
      type: ECC
      curve: secp256r1
  - name: Create CSR for frontend certificate
    openssl_csr:
      path: "{{ output_dir }}/cert.csr"
      privatekey_path: "{{ output_dir }}/cert.key"
      subject_alt_name:
        - "DNS:test-registry.ansible.com"
  - name: Create frontend certificate
    openssl_certificate:
      path: "{{ output_dir }}/cert.pem"
      csr_path: "{{ output_dir }}/cert.csr"
      privatekey_path: "{{ output_dir }}/cert.key"
      provider: selfsigned

  - name: Copy dynamic files into volume
    command: docker cp {{ output_dir }}/{{ item }} {{ nginx_name }}:/etc/nginx/{{ item }}
    loop:
      - "cert.pem"
      - "cert.key"

  - name: Start nginx frontend for registry
    docker_container:
      name: "{{ nginx_name }}"
      state: started
    register: nginx_container

  - debug: var=nginx_container.container.NetworkSettings

  - name: Wait for registry frontend
    uri:
      url: "https://{{ nginx_container.container.NetworkSettings.IPAddress }}:5000/v2/"
      url_username: testuser
      url_password: hunter2
      validate_certs: no
    register: result
    until: result is success
    retries: 5
    delay: 1

  - name: Get registry URL
    set_fact:
      registry_frontend_address: "localhost:{{ nginx_container.container.NetworkSettings.Ports['5000/tcp'].0.HostPort }}"

  - debug: msg="Registry available under {{ registry_address }}, NGINX frontend available under {{ registry_frontend_address }}"

  when: docker_py_version is version('1.8.0', '>=') and docker_api_version is version('1.20', '>=')

- fail: msg="Too old docker / docker-py version to run docker_image tests!"
  when: not(docker_py_version is version('1.8.0', '>=') and docker_api_version is version('1.20', '>=')) and (ansible_distribution != 'CentOS' or ansible_distribution_major_version|int > 6)