---
- debug:
      msg: "START vyos_firewall_interfaces replaced integration tests on connection={{ ansible_connection }}"

- include_tasks: _remove_config.yaml

- include_tasks: _remove_firewall_config.yaml

- include_tasks: _populate_rule_sets.yaml

- include_tasks: _populate.yaml

- block:
  - name: Replace device configurations of listed firewall rules with provided configurations
    vyos_firewall_interfaces: &replaced
      config:
        - name: 'eth1'
          access_rules:
            - afi: 'ipv4'
              rules:
                - name: 'OUTBOUND'
                  direction: 'out'
            - afi: 'ipv6'
              rules:
                - name: 'V6-LOCAL'
                  direction: 'local'
        - name: 'eth2'
          access_rules:
            - afi: 'ipv4'
              rules:
                - name: 'INBOUND'
                  direction: 'in'
      state: replaced
    register: result

  - name: Assert that correct set of commands were generated
    assert:
        that:
            - "{{ replaced['commands'] | symmetric_difference(result['commands']) |length == 0 }}"

  - name: Assert that before dicts are correctly generated
    assert:
        that:
            - "{{ populate | symmetric_difference(result['before']) |length == 0 }}"

  - name: Assert that after dict is correctly generated
    assert:
        that:
            - "{{ replaced['after'] | symmetric_difference(result['after']) |length == 0 }}"

  - name: Replace device configurations of listed firewall rules with provided configurarions (IDEMPOTENT)
    vyos_firewall_interfaces: *replaced
    register: result

  - name: Assert that task was idempotent
    assert:
        that:
            - "result['changed'] == false"

  - name: Assert that before dict is correctly generated
    assert:
        that:
            - "{{ replaced['after'] | symmetric_difference(result['before']) |length == 0 }}"

  always:
  - include_tasks: _remove_config.yaml

  - include_tasks: _remove_firewall_config.yaml