##############
### CM Add ###
##############
#changed true, check nothing present
- name: CM add https binding no header
  win_iis_webbinding:
    name: "{{ test_iis_site_name }}"
    state: present
    protocol: "{{ https_vars.protocol }}"
    ip: "{{ https_vars.ip }}"
    port: "{{ https_vars.port }}"
    certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
  register: https_no_header
  check_mode: yes

- name: CM get binding info no header
  test_get_webbindings:
    name: "{{ test_iis_site_name }}"
    protocol: "{{ https_vars.protocol }}"
    ip: "{{ https_vars.ip }}"
    port: "{{ https_vars.port }}"
  register: get_https_no_header
  changed_when: false

- name: CM add https binding with header and SNI
  win_iis_webbinding:
    name: "{{ test_iis_site_name }}"
    state: present
    host_header: "{{ https_header_vars.header }}"
    protocol: "{{ https_header_vars.protocol }}"
    ip: "{{ https_header_vars.ip }}"
    port: "{{ https_header_vars.port }}"
    ssl_flags: 1
    certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
  register: https_header
  check_mode: yes

- name: CM get binding info header
  test_get_webbindings:
    name: "{{ test_iis_site_name }}"
    host_header: "{{ https_header_vars.header }}"
    protocol: "{{ https_header_vars.protocol }}"
    ip: "{{ https_header_vars.ip }}"
    port: "{{ https_header_vars.port }}"
  register: get_https_header
  changed_when: false

- name: CM assert changed, but not added
  assert:
    that:
    - https_no_header is changed
    - https_no_header.operation_type == 'added'
    - https_no_header.binding_info is none
    - get_https_no_header.binding is not defined
    - https_header is changed
    - https_header.operation_type == 'added'
    - https_header.binding_info is none
    - get_https_header.binding is not defined

###########
### Add ###
###########
#changed true, new bindings present
- name: add https binding no header
  win_iis_webbinding:
    name: "{{ test_iis_site_name }}"
    state: present
    protocol: "{{ https_vars.protocol }}"
    ip: "{{ https_vars.ip }}"
    port: "{{ https_vars.port }}"
    certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
  register: https_no_header

- name: get binding info no header
  test_get_webbindings:
    name: "{{ test_iis_site_name }}"
    protocol: "{{ https_vars.protocol }}"
    ip: "{{ https_vars.ip }}"
    port: "{{ https_vars.port }}"
  register: get_https_no_header
  changed_when: false

- name: add https binding with header SNI
  win_iis_webbinding:
    name: "{{ test_iis_site_name }}"
    state: present
    host_header: "{{ https_header_vars.header }}"
    protocol: "{{ https_header_vars.protocol }}"
    ip: "{{ https_header_vars.ip }}"
    port: "{{ https_header_vars.port }}"
    ssl_flags: 1
    certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
  register: https_header

- name: get binding info header
  test_get_webbindings:
    name: "{{ test_iis_site_name }}"
    host_header: "{{ https_header_vars.header }}"
    protocol: "{{ https_header_vars.protocol }}"
    ip: "{{ https_header_vars.ip }}"
    port: "{{ https_header_vars.port }}"
  register: get_https_header
  changed_when: false

- name: assert changed and added
  assert:
    that:
    - https_no_header is changed
    - https_no_header.operation_type == 'added'
    - https_no_header.binding_info is defined
    - https_no_header.binding_info.protocol == "{{ https_vars.protocol }}"
    - https_no_header.binding_info.ip == "{{ https_vars.ip }}"
    - https_no_header.binding_info.port == {{ https_vars.port }}
    - https_no_header.binding_info.hostheader == ''
    - https_no_header.binding_info.certificateHash == "{{ thumbprint1.stdout_lines[0] }}"
    - https_header is changed
    - https_header.operation_type == 'added'
    - https_header.binding_info is defined
    - https_header.binding_info.hostheader == "{{ https_header_vars.header }}"
    - https_header.binding_info.protocol == "{{ https_header_vars.protocol }}"
    - https_header.binding_info.ip == "{{ https_header_vars.ip }}"
    - https_header.binding_info.port == {{ https_header_vars.port }}
    - https_header.binding_info.certificateHash == "{{ thumbprint1.stdout_lines[0] }}"
    - https_header.binding_info.sslFlags == 1

################
### Idem Add ###
################
#changed false
- name: idem add https binding no header
  win_iis_webbinding:
    name: "{{ test_iis_site_name }}"
    state: present
    protocol: https
    ip: '*'
    port: 443
    certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
  register: https_no_header

- name: idem add https binding with header and SNI
  win_iis_webbinding:
    name: "{{ test_iis_site_name }}"
    state: present
    host_header: test.com
    protocol: https
    ip: '*'
    port: 443
    ssl_flags: 1
    certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
  register: https_header

- name: idem assert not changed
  assert:
    that:
    - https_no_header is not changed
    - https_header is not changed

#################
### CM Modify ###
#################
# changed true, verify no changes occurred

#modify sni
- name: CM modify https binding with header, change cert
  win_iis_webbinding:
    name: "{{ test_iis_site_name }}"
    state: present
    host_header: "{{ https_header_vars.header }}"
    protocol: "{{ https_header_vars.protocol }}"
    ip: "{{ https_header_vars.ip }}"
    port: "{{ https_header_vars.port }}"
    ssl_flags: 1
    certificate_hash: "{{ thumbprint2.stdout_lines[0] }}"
  register: https_header
  check_mode: yes

- name: get binding info header
  test_get_webbindings:
    name: "{{ test_iis_site_name }}"
    host_header: "{{ https_header_vars.header }}"
    protocol: "{{ https_header_vars.protocol }}"
    ip: "{{ https_header_vars.ip }}"
    port: "{{ https_header_vars.port }}"
  register: get_https_header
  changed_when: false

- name: CM assert changed but old cert
  assert:
    that:
    - https_header is changed
    - https_header.operation_type == 'updated'
    - https_header.binding_info is defined
    - https_header.binding_info.ip == "{{ https_header_vars.ip }}"
    - https_header.binding_info.port == {{ https_header_vars.port }}
    - https_header.binding_info.protocol == "{{ https_header_vars.protocol }}"
    - https_header.binding_info.hostheader == "{{ https_header_vars.header }}"
    - https_header.binding_info.certificateHash == "{{ thumbprint1.stdout_lines[0] }}"
    - https_header.binding_info.sslFlags == 1
    - get_https_header.binding is defined
    - get_https_header.binding.ip == "{{ https_header_vars.ip }}"
    - get_https_header.binding.port == {{ https_header_vars.port }}
    - get_https_header.binding.protocol == "{{ https_header_vars.protocol }}"
    - get_https_header.binding.hostheader == "{{ https_header_vars.header }}"
    - get_https_header.binding.certificateHash == "{{ thumbprint1.stdout_lines[0] }}"
    - get_https_header.binding.sslFlags == 1

##############
### Modify ###
##############
# modify ssl flags
- name:  modify https binding with header, change cert
  win_iis_webbinding:
    name: "{{ test_iis_site_name }}"
    state: present
    host_header: "{{ https_header_vars.header }}"
    protocol: "{{ https_header_vars.protocol }}"
    ip: "{{ https_header_vars.ip }}"
    port: "{{ https_header_vars.port }}"
    ssl_flags: 1
    certificate_hash: "{{ thumbprint2.stdout_lines[0] }}"
  register: https_header

- name: get binding info header
  test_get_webbindings:
    name: "{{ test_iis_site_name }}"
    host_header: "{{ https_header_vars.header }}"
    protocol: "{{ https_header_vars.protocol }}"
    ip: "{{ https_header_vars.ip }}"
    port: "{{ https_header_vars.port }}"
  register: get_https_header
  changed_when: false

- name:  modify assert changed and new cert
  assert:
    that:
    - https_header is changed
    - https_header.operation_type == 'updated'
    - https_header.binding_info is defined
    - https_header.binding_info.ip == "{{ https_header_vars.ip }}"
    - https_header.binding_info.port == {{ https_header_vars.port }}
    - https_header.binding_info.protocol == "{{ https_header_vars.protocol }}"
    - https_header.binding_info.hostheader == "{{ https_header_vars.header }}"
    - https_header.binding_info.certificateHash == "{{ thumbprint2.stdout_lines[0] }}"
    - https_header.binding_info.sslFlags == 1
    - get_https_header.binding is defined
    - get_https_header.binding.ip == "{{ https_header_vars.ip }}"
    - get_https_header.binding.port == {{ https_header_vars.port }}
    - get_https_header.binding.protocol == "{{ https_header_vars.protocol }}"
    - get_https_header.binding.hostheader == "{{ https_header_vars.header }}"
    - get_https_header.binding.certificateHash == "{{ thumbprint2.stdout_lines[0] }}"
    - get_https_header.binding.sslFlags == 1

###################
### Idem Modify ###
###################
#changed false

#idem modify ssl flags
- name: idem modify https binding with header, enable SNI and change cert
  win_iis_webbinding:
    name: "{{ test_iis_site_name }}"
    state: present
    host_header: "{{ https_header_vars.header }}"
    protocol: "{{ https_header_vars.protocol }}"
    ip: "{{ https_header_vars.ip }}"
    port: "{{ https_header_vars.port }}"
    ssl_flags: 1
    certificate_hash: "{{ thumbprint2.stdout_lines[0] }}"
  register: https_header

- name: idem assert not changed
  assert:
    that:
    - https_header is not changed

#################
### CM Remove ###
#################
#changed true, bindings still present
- name: cm remove https binding no header
  win_iis_webbinding:
    name: "{{ test_iis_site_name }}"
    state: absent
    protocol: "{{ https_vars.protocol }}"
    ip: "{{ https_vars.ip }}"
    port: "{{ https_vars.port }}"
  register: https_no_header
  check_mode: yes

- name: get binding info no header
  test_get_webbindings:
    name: "{{ test_iis_site_name }}"
    protocol: "{{ https_vars.protocol }}"
    ip: "{{ https_vars.ip }}"
    port: "{{ https_vars.port }}"
  register: get_https_no_header
  changed_when: false

- name: cm remove https binding with header
  win_iis_webbinding:
    name: "{{ test_iis_site_name }}"
    state: absent
    host_header: "{{ https_header_vars.header }}"
    protocol: "{{ https_header_vars.protocol }}"
    ip: "{{ https_header_vars.ip }}"
    port: "{{ https_header_vars.port }}"
  register: https_header
  check_mode: yes

- name: get binding info header
  test_get_webbindings:
    name: "{{ test_iis_site_name }}"
    host_header: "{{ https_header_vars.header }}"
    protocol: "{{ https_header_vars.protocol }}"
    ip: "{{ https_header_vars.ip }}"
    port: "{{ https_header_vars.port }}"
  register: get_https_header
  changed_when: false

- name: cm remove assert changed, but still present
  assert:
    that:
    - https_no_header is changed
    - https_no_header.operation_type == 'removed'
    - https_no_header.binding_info is defined
    - https_no_header.binding_info.ip == "{{ https_vars.ip }}"
    - https_no_header.binding_info.port == {{ https_vars.port }}
    - https_no_header.binding_info.protocol == "{{ https_vars.protocol }}"
    - get_https_no_header.binding is defined
    - get_https_no_header.binding.ip == "{{ https_vars.ip }}"
    - get_https_no_header.binding.port == {{ https_vars.port }}
    - get_https_no_header.binding.protocol == "{{ https_vars.protocol }}"
    - get_https_no_header.binding.certificateHash == "{{ thumbprint1.stdout_lines[0] }}"
    - https_header is changed
    - https_header.binding_info is defined
    - https_header.operation_type == 'removed'
    - https_header.binding_info.ip == "{{ https_header_vars.ip }}"
    - https_header.binding_info.port == {{ https_header_vars.port }}
    - https_header.binding_info.protocol == "{{ https_header_vars.protocol }}"
    - https_header.binding_info.hostheader == "{{ https_header_vars.header }}"
    - get_https_header.binding is defined
    - get_https_header.binding.ip == "{{ https_header_vars.ip }}"
    - get_https_header.binding.port == {{ https_header_vars.port }}
    - get_https_header.binding.protocol == "{{ https_header_vars.protocol }}"
    - get_https_header.binding.hostheader == "{{ https_header_vars.header }}"
    - get_https_header.binding.certificateHash == "{{ thumbprint2.stdout_lines[0] }}"

##############
### remove ###
##############
#changed true, bindings gone
- name: remove https binding no header
  win_iis_webbinding:
    name: "{{ test_iis_site_name }}"
    state: absent
    protocol: "{{ https_vars.protocol }}"
    ip: "{{ https_vars.ip }}"
    port: "{{ https_vars.port }}"
  register: https_no_header

- name: get binding info no header
  test_get_webbindings:
    name: "{{ test_iis_site_name }}"
    protocol: "{{ https_vars.protocol }}"
    ip: "{{ https_vars.ip }}"
    port: "{{ https_vars.port }}"
  register: get_https_no_header
  changed_when: false

- name: remove https binding with header
  win_iis_webbinding:
    name: "{{ test_iis_site_name }}"
    state: absent
    host_header: "{{ https_header_vars.header }}"
    protocol: "{{ https_header_vars.protocol }}"
    ip: "{{ https_header_vars.ip }}"
    port: "{{ https_header_vars.port }}"
  register: https_header

- name: get binding info header
  test_get_webbindings:
    name: "{{ test_iis_site_name }}"
    host_header: "{{ https_header_vars.header }}"
    protocol: "{{ https_header_vars.protocol }}"
    ip: "{{ https_header_vars.ip }}"
    port: "{{ https_header_vars.port }}"
  register: get_https_header
  changed_when: false

- name: remove assert changed and gone
  assert:
    that:
    - https_no_header is changed
    - https_no_header.binding_info is defined
    - https_no_header.operation_type == 'removed'
    - https_no_header.binding_info.ip == "{{ https_vars.ip }}"
    - https_no_header.binding_info.port == {{ https_vars.port }}
    - https_no_header.binding_info.protocol == "{{ https_vars.protocol }}"
    - get_https_no_header.binding is not defined
    - https_header is changed
    - https_header.binding_info is defined
    - https_header.operation_type == 'removed'
    - https_header.binding_info.ip == "{{ https_header_vars.ip }}"
    - https_header.binding_info.port == {{ https_header_vars.port }}
    - https_header.binding_info.protocol == "{{ https_header_vars.protocol }}"
    - https_header.binding_info.hostheader == "{{ https_header_vars.header }}"
    - get_https_header.binding is not defined

###################
### remove idem ###
###################
#change false, bindings gone
- name: idem remove https binding no header
  win_iis_webbinding:
    name: "{{ test_iis_site_name }}"
    state: absent
    protocol: "{{ https_vars.protocol }}"
    ip: "{{ https_vars.ip }}"
    port: "{{ https_vars.port }}"
  register: https_no_header

- name: get binding info no header
  test_get_webbindings:
    name: "{{ test_iis_site_name }}"
    protocol: "{{ https_vars.protocol }}"
    ip: "{{ https_vars.ip }}"
    port: "{{ https_vars.port }}"
  register: get_https_no_header
  changed_when: false

- name: idem remove https binding with header
  win_iis_webbinding:
    name: "{{ test_iis_site_name }}"
    state: absent
    host_header: "{{ https_header_vars.header }}"
    protocol: "{{ https_header_vars.protocol }}"
    ip: "{{ https_header_vars.ip }}"
    port: "{{ https_header_vars.port }}"
  register: https_header

- name: get binding info header
  test_get_webbindings:
    name: "{{ test_iis_site_name }}"
    host_header: "{{ https_header_vars.header }}"
    protocol: "{{ https_header_vars.protocol }}"
    ip: "{{ https_header_vars.ip }}"
    port: "{{ https_header_vars.port }}"
  register: get_https_header
  changed_when: false

- name: idem remove assert changed and gone
  assert:
    that:
    - https_no_header is not changed
    - https_no_header.binding_info is not defined
    - get_https_no_header.binding is not defined
    - https_header is not changed
    - https_header.binding_info is not defined
    - get_https_header.binding is not defined