---
- name: Vault API reachable?
  ansible.builtin.uri:
    url: "{{ vault_api_addr }}/v1/sys/health"
    method: GET
    # 200 if initialized, unsealed, and active
    # 429 if unsealed and standby
    # 472 if data recovery mode replication secondary and active
    # 473 if performance standby
    # 501 if not initialized
    # 503 if sealed
    # See: https://www.vaultproject.io/api/system/health.html
    status_code: 200, 429, 472, 473, 501, 503
    body_format: json
  register: check_result1
  retries: 6
  until: check_result1 is succeeded
  delay: 10
  changed_when: false

- name: Debug
  ansible.builtin.debug:
    var: check_result1.status
- name: Reading unseal key contents
  ansible.builtin.command: cat {{ item }}
  register: unseal_keys
  with_fileglob: "{{ vault_unseal_keys_dir_output }}/unseal*"
  delegate_to: localhost
  when: check_result1.status == 503
- name: Set_fact if  unseal files
  ansible.builtin.set_fact:
    vault_unseal_token: "{{ item.stdout }}"
  with_items: "{{ unseal_keys.results }}"
  when: check_result1.status == 503 and unseal_keys.results is defined

- name: Unseal vault with unseal keys
  ansible.builtin.shell: |
    vault operator unseal {{ item }}
  environment:
    VAULT_ADDR: "{{ vault_api_addr }}"
  with_items: "{{vault_unseal_token}}"
  when: check_result1.status == 503