---

- name: Ensure di-authentication-service-grpc and di-authentication-service-rest is present
  apt:
    name: "{{ item }}"
    state: latest
    update_cache: yes
    cache_valid_time: 3600
  with_items:
    - "di-authentication-service"
  notify:
    - restart di-authentication-service-grpc
    - restart di-authentication-service-rest

- name: Restrict /etc/di directory
  file:
    path: "/etc/di"
    owner: "root"
    group: "di-config"
    mode: "0750"
    state: directory

- name: Restrict key directory
  file:
    path: "{{ di_authentication_service_jwt_key_path }}"
    owner: "root"
    group: "di-config"
    mode: "0750"
    state: directory

- name: Copy private key
  copy:
    content: "{{ di_authentication_service_jwt_private_key_content }}"
    dest: "{{ di_authentication_service_jwt_private_key_path }}"

- name: Copy public key
  copy:
    content: "{{ di_authentication_service_jwt_public_key_content }}"
    dest: "{{ di_authentication_service_jwt_public_key_path }}"

- name: Template di-authentication-service config
  template:
    src: "authentication-service.conf.j2"
    dest: "/etc/di/authentication-service-{{ item.protocol }}.conf"
    owner: "di"
    group: "di-config"
    mode: "0640"
  with_items:
    - protocol: "grpc"
      logfile: "{{ di_authentication_service_logfile_grpc }}"
      loglevel: "{{ di_authentication_service_loglevel_grpc }}"
    - protocol: "rest"
      logfile: "{{ di_authentication_service_logfile_rest }}"
      loglevel: "{{ di_authentication_service_loglevel_rest }}"
  notify:
    - restart di-authentication-service-grpc
    - restart di-authentication-service-rest

- name: enable di-authentication-service-grpc and di-authentication-service-rest
  service:
    name: "{{ item }}"
    enabled: yes
  with_items:
    - "di-authentication-service-grpc"
    - "di-authentication-service-rest"
  notify:
    - restart di-authentication-service-grpc
    - restart di-authentication-service-rest