---
- name: Fix Grafana VPN Access - Update Middleware to ipAllowList
  hosts: production
  gather_facts: no
  become: no

  tasks:
    - name: Backup current middlewares.yml
      shell: |
        cd ~/deployment/stacks/traefik/dynamic
        cp middlewares.yml middlewares.yml.backup.$(date +%Y%m%d_%H%M%S)
      args:
        executable: /bin/bash

    - name: Update middlewares.yml - Change ipWhiteList to ipAllowList
      shell: |
        cd ~/deployment/stacks/traefik/dynamic
        sed -i 's/ipWhiteList:/ipAllowList:/g' middlewares.yml
        sed -i 's/ipWhitelist/ipAllowList/g' middlewares.yml
        # Validate YAML syntax
        python3 -c "import yaml; yaml.safe_load(open('middlewares.yml')); print('YAML valid')"
      args:
        executable: /bin/bash

    - name: Display updated grafana-vpn-only middleware
      shell: |
        cd ~/deployment/stacks/traefik/dynamic
        grep -A 6 'grafana-vpn-only:' middlewares.yml
      args:
        executable: /bin/bash
      register: grafana_middleware

    - name: Show updated middleware
      debug:
        msg: "{{ grafana_middleware.stdout_lines }}"

    - name: Restart Traefik to apply changes
      command: docker compose restart traefik
      args:
        chdir: ~/deployment/stacks/traefik
      register: traefik_restart

    - name: Wait for Traefik to restart
      pause:
        seconds: 5

    - name: Check Traefik logs for deprecation warnings
      shell: |
        cd ~/deployment/stacks/traefik
        docker compose logs traefik --tail=20 2>&1 | grep -i 'allowlist\|whitelist\|deprecated' || echo "No warnings found"
      args:
        executable: /bin/bash
      register: traefik_warnings

    - name: Display Traefik warnings
      debug:
        msg: "{{ traefik_warnings.stdout_lines }}"

    - name: Verify Traefik status
      command: docker compose ps traefik
      args:
        chdir: ~/deployment/stacks/traefik
      register: traefik_status

    - name: Display Traefik status
      debug:
        msg: "{{ traefik_status.stdout_lines }}"