#  handle setting up to call the bitbucket api

- name: retrieve cloudformation facts
  amazon.aws.cloudformation_info:
    stack_name: '{{ atl_aws_stack_id }}'
    region: '{{ ansible_ec2_placement_region }}'
    stack_resources: yes
  register: cfn_stack_facts

- name: set fact for the MeshRegistrationCredentialsSecret
  ansible.builtin.set_fact:
    mesh_registration_credential_secret: "{{ cfn_stack_facts.cloudformation[atl_aws_stack_name].stack_resources.MeshRegistrationCredentialsSecret }}"
  # NOTE: we decided we want to barf early if the secret doesnt exist as ll the rest of this is somewhat useless if we cant register nodes
  # when:
  #   - cfn_stack_facts.cloudformation[stack_name].stack_resources.MeshRegistrationCredentialsSecret is defined

- name: get the mesh registration username
  ansible.builtin.set_fact:
    mesh_registration_username: "{{ lookup('amazon.aws.secretsmanager_secret', secretpath, region=ansible_ec2_placement_region, bypath=false, nested=true) }}"
  ignore_errors: no
  vars:
    secretpath: "{{ mesh_registration_credential_secret }}.username"

- name: get the mesh registration password
  ansible.builtin.set_fact:
    mesh_registration_password: "{{ lookup('amazon.aws.secretsmanager_secret', secretpath, region=ansible_ec2_placement_region, bypath=false, nested=true) }}"
  ignore_errors: no
  vars:
    secretpath: "{{ mesh_registration_credential_secret }}.password"
  no_log: True

- name: generate the basic auth string
  ansible.builtin.set_fact:
    mesh_basic_auth: "{{ auth_string | b64encode }}"
  vars:
    auth_string: "{{ mesh_registration_username }}:{{ mesh_registration_password }}"
  no_log: True