---
# Playbook: app/ssh_client_config.yml
# Purpose: Ensure ~/.ssh/config has convenient host aliases for project envs.
# Targets: localhost
# Tags: app, ssh-config
#
# Example:
#   ssh projectA-dev
#   ssh projectA-qa
#   ssh projectA-prod

- name: Configure SSH client aliases for app projects
  hosts: localhost
  connection: local
  gather_facts: false
  vars:
    manage_ssh_config: "{{ manage_ssh_config | default(false) }}"
    ssh_config_path: "{{ lookup('ansible.builtin.env', 'HOME') + '/.ssh/config' }}"
    selected_projects: >-
      {{
        (app_projects | dict2items | map(attribute='key') | list)
        if (app_project is not defined or app_project | length == 0)
        else [app_project]
      }}

  tasks:
    - name: Skip if SSH config management disabled
      ansible.builtin.meta: end_play
      when: not manage_ssh_config | bool

    - name: Ensure ~/.ssh directory exists
      ansible.builtin.file:
        path: "{{ lookup('ansible.builtin.env', 'HOME') + '/.ssh' }}"
        state: directory
        mode: "0700"

    - name: Add SSH config entries for each project/env
      community.general.ssh_config:
        user_ssh_config_file: "{{ ssh_config_path }}"
        host: "{{ app_projects[item.0].envs[item.1].name | default(item.0 ~ '-' ~ item.1) }}"
        hostname: "{{ (app_projects[item.0].envs[item.1].ip | string).split('/')[0] }}"
        user: "{{ appuser_name | default('appuser') }}"
        identity_file: "{{ ssh_identity_file | default(omit) }}"
        state: present
      loop: "{{ selected_projects | product(['dev', 'qa', 'prod']) | list }}"
      when:
        - app_projects[item.0] is defined
        - app_projects[item.0].envs[item.1] is defined
        - (app_projects[item.0].envs[item.1].ip | default('')) | length > 0