- name: validate cert parameter
  fail:
    msg: certs variable must be a dict or a list
  when: (certs is not defined) or ((certs is not mapping) and (certs | type_debug != 'list'))


- name: validate common parameter
  fail:
    msg: common variable must be a dict
  when: (common is defined) and (common is not mapping)


- name: validate certificates
  include_tasks: validate.yml
  loop: "{{ certs if (certs | type_debug == 'list') else [certs] }}"
  loop_control:
    loop_var: cert


- name: process certificates with acme dns
  include_tasks: acme_dns.yml
  loop: "{{ certs if (certs | type_debug == 'list') else [certs] }}"
  loop_control:
    loop_var: cert
  when: services.acme_dns is defined


- name: process certificates with standalone dns
  include_tasks: external_ns.yml
  loop: "{{ certs if (certs | type_debug == 'list') else [certs] }}"
  loop_control:
    loop_var: cert
  when: (services.external_ns is defined) and (services.acme_dns is not defined)


- name: process certificates with internal ca
  include_tasks: internal_ca.yml
  loop: "{{ certs if (certs | type_debug == 'list') else [certs] }}"
  loop_control:
    loop_var: cert
  when: (services.ca is defined) and (services.external_ns is not defined) and (services.acme_dns is not defined)