---
- name: Check if MinIO vault file exists
  stat:
    path: "{{ minio_vault_file }}"
  delegate_to: localhost
  register: minio_vault_stat
  become: no

- name: Optionally load MinIO secrets from vault
  include_vars:
    file: "{{ minio_vault_file }}"
  when: minio_vault_stat.stat.exists
  no_log: yes
  delegate_to: localhost
  become: no

- name: Set MinIO root password from vault or generate
  set_fact:
    minio_root_password: "{{ vault_minio_root_password | default(lookup('password', '/dev/null length=32 chars=ascii_letters,digits,punctuation')) }}"
  no_log: yes

- name: Set MinIO root user from vault or use default
  set_fact:
    minio_root_user: "{{ vault_minio_root_user | default('minioadmin') }}"
  no_log: yes

- name: Ensure MinIO stack directory exists
  file:
    path: "{{ minio_stack_path }}"
    state: directory
    mode: '0755'

- name: Create MinIO stack .env file
  template:
    src: "{{ minio_env_template }}"
    dest: "{{ minio_stack_path }}/.env"
    owner: "{{ ansible_user }}"
    group: "{{ ansible_user }}"
    mode: '0600'

- name: Deploy MinIO stack
  community.docker.docker_compose_v2:
    project_src: "{{ minio_stack_path }}"
    state: present
    pull: always
  register: minio_compose_result

- name: Check MinIO container status
  shell: |
    docker compose -f {{ minio_stack_path }}/docker-compose.yml ps minio | grep -Eiq "Up|running"
  register: minio_state
  changed_when: false
  until: minio_state.rc == 0
  retries: "{{ ((minio_wait_timeout | int) + (minio_wait_interval | int) - 1) // (minio_wait_interval | int) }}"
  delay: "{{ minio_wait_interval | int }}"
  failed_when: minio_state.rc != 0
  when: not ansible_check_mode

- name: Check MinIO logs for readiness
  shell: docker compose logs minio 2>&1 | grep -Ei "(API:|WebUI:|MinIO Object Storage Server)" || true
  args:
    chdir: "{{ minio_stack_path }}"
  register: minio_logs
  until: minio_logs.stdout != ""
  retries: 6
  delay: 10
  changed_when: false
  failed_when: false
  when: not ansible_check_mode

- name: Verify MinIO health endpoint
  uri:
    url: "http://127.0.0.1:9000/minio/health/live"
    method: GET
    status_code: [200, 404, 502, 503]
    timeout: 5
  register: minio_health_check
  ignore_errors: yes
  changed_when: false
  when: not ansible_check_mode

- name: Display MinIO status
  debug:
    msg: "MinIO health check: {{ 'SUCCESS' if minio_health_check.status == 200 else 'FAILED - Status: ' + (minio_health_check.status|string) }}"
  when: not ansible_check_mode

- name: Record MinIO deployment facts
  set_fact:
    minio_stack_changed: "{{ minio_compose_result.changed | default(false) }}"
    minio_health_status: "{{ minio_health_check.status | default('unknown') }}"