---
- name: Make sure the certificate directory exits
  file:
    path={{ kube_cert_dir }}
    state=directory
    mode=o-rwx
    group={{ kube_cert_group }}

- name: Make sure the tokens directory exits
  file:
    path={{ kube_token_dir }}
    state=directory
    mode=o-rwx
    group={{ kube_cert_group }}

- name: Make sure the users directory exits
  file:
    path={{ kube_users_dir }}
    state=directory
    mode=o-rwx
    group={{ kube_cert_group }}

- name: Populate users for basic auth in API
  lineinfile:
    dest: "{{ kube_users_dir }}/known_users.csv"
    create: yes
    line: '{{ item.value.pass }},{{ item.key }},{{ item.value.role }}'
    backup: yes
  with_dict: "{{ kube_users }}"
  when: inventory_hostname in "{{ groups['kube-master'] }}"
  notify: set secret_changed

- name: Check if a certificate already exists
  stat:
    path: "{{ kube_cert_dir }}/ca.pem"
  register: kubecert

- include: gen_certs.yml
  when: not kubecert.stat.exists

- include: gen_tokens.yml