---
- name: setup vpn customer gateway absent
  cs_vpn_customer_gateway:
    name: ansible_vpn_customer_gw
    state: absent
  register: vcg
- name: verify setup vpn customer gateway absent
  assert:
    that:
    - vcg is successful

- name: test create vpn customer gateway in check mode
  cs_vpn_customer_gateway:
    name: ansible_vpn_customer_gw
    cidr: 192.168.123.0/24
    esp_policy: aes256-sha1;modp1536
    gateway: 10.10.0.1
    ike_policy: aes256-sha1;modp1536
    ipsec_psk: ~S3¢r3Tk3Y¼
    esp_lifetime: 3600
  check_mode: true
  register: vcg
- name: verify test create vpn customer gateway in check mode
  assert:
    that:
    - vcg is changed

- name: test create vpn customer gateway
  cs_vpn_customer_gateway:
    name: ansible_vpn_customer_gw
    cidr: 192.168.123.0/24
    esp_policy: aes256-sha1;modp1536
    gateway: 10.10.0.1
    ike_policy: aes256-sha1;modp1536
    ipsec_psk: ~S3¢r3Tk3Y¼
    esp_lifetime: 3600
  register: vcg
- name: verify test create vpn customer gateway
  assert:
    that:
    - vcg is changed
    - "vcg.cidrs == ['192.168.123.0/24']"
    - vcg.dpd == false
    - vcg.esp_lifetime == 3600
    - vcg.esp_policy == 'aes256-sha1;modp1536'
    - vcg.force_encap == false
    - vcg.ike_policy == 'aes256-sha1;modp1536'
    - vcg.gateway == '10.10.0.1'
    - vcg.name == 'ansible_vpn_customer_gw'
    - vcg.ike_lifetime == 86400

- name: test create vpn customer gateway idempotency
  cs_vpn_customer_gateway:
    name: ansible_vpn_customer_gw
    cidr: 192.168.123.0/24
    esp_policy: aes256-sha1;modp1536
    gateway: 10.10.0.1
    ike_policy: aes256-sha1;modp1536
    ipsec_psk: ~S3¢r3Tk3Y¼
    esp_lifetime: 3600
  register: vcg
- name: verify test create vpn customer gateway idempotency
  assert:
    that:
    - vcg is not changed
    - "vcg.cidrs == ['192.168.123.0/24']"
    - vcg.dpd == false
    - vcg.esp_lifetime == 3600
    - vcg.esp_policy == 'aes256-sha1;modp1536'
    - vcg.force_encap == false
    - vcg.ike_policy == 'aes256-sha1;modp1536'
    - vcg.gateway == '10.10.0.1'
    - vcg.name == 'ansible_vpn_customer_gw'
    - vcg.ike_lifetime == 86400

- name: test update vpn customer gateway in check mode
  cs_vpn_customer_gateway:
    name: ansible_vpn_customer_gw
    cidrs:
    - 192.168.123.0/24
    - 192.168.124.0/24
    esp_policy: aes256-sha1;modp1536
    gateway: 10.10.1.1
    ike_policy: aes256-sha1;modp1536
    ipsec_psk: ~S3¢r3Tk3Y@
    esp_lifetime: 1800
    ike_lifetime: 23200
    force_encap: true
  check_mode: true
  register: vcg
- name: verify test update vpn customer gateway in check mode
  assert:
    that:
    - vcg is changed
    - "vcg.cidrs == ['192.168.123.0/24']"
    - vcg.dpd == false
    - vcg.esp_lifetime == 3600
    - vcg.esp_policy == 'aes256-sha1;modp1536'
    - vcg.force_encap == false
    - vcg.ike_policy == 'aes256-sha1;modp1536'
    - vcg.gateway == '10.10.0.1'
    - vcg.name == 'ansible_vpn_customer_gw'
    - vcg.ike_lifetime == 86400

- name: test update vpn customer gateway
  cs_vpn_customer_gateway:
    name: ansible_vpn_customer_gw
    cidrs:
    - 192.168.123.0/24
    - 192.168.124.0/24
    esp_policy: aes256-sha1;modp1536
    gateway: 10.10.1.1
    ike_policy: aes256-sha1;modp1536
    ipsec_psk: ~S3¢r3Tk3Y@
    esp_lifetime: 1800
    ike_lifetime: 23200
    force_encap: true
  register: vcg
- name: verify test update vpn customer gateway
  assert:
    that:
    - vcg is changed
    - "vcg.cidrs == ['192.168.123.0/24', '192.168.124.0/24']"
    - vcg.dpd == false
    - vcg.esp_lifetime == 1800
    - vcg.esp_policy == 'aes256-sha1;modp1536'
    - vcg.force_encap == true
    - vcg.ike_policy == 'aes256-sha1;modp1536'
    - vcg.gateway == '10.10.1.1'
    - vcg.name == 'ansible_vpn_customer_gw'
    - vcg.ike_lifetime == 23200

- name: test update vpn customer gateway idempotence
  cs_vpn_customer_gateway:
    name: ansible_vpn_customer_gw
    cidrs:
    - 192.168.123.0/24
    - 192.168.124.0/24
    esp_policy: aes256-sha1;modp1536
    gateway: 10.10.1.1
    ike_policy: aes256-sha1;modp1536
    ipsec_psk: ~S3¢r3Tk3Y@
    esp_lifetime: 1800
    ike_lifetime: 23200
    force_encap: true
  register: vcg
- name: verify test update vpn customer gateway idempotence
  assert:
    that:
    - vcg is not changed
    - "vcg.cidrs == ['192.168.123.0/24', '192.168.124.0/24']"
    - vcg.dpd == false
    - vcg.esp_lifetime == 1800
    - vcg.esp_policy == 'aes256-sha1;modp1536'
    - vcg.force_encap == true
    - vcg.ike_policy == 'aes256-sha1;modp1536'
    - vcg.gateway == '10.10.1.1'
    - vcg.name == 'ansible_vpn_customer_gw'
    - vcg.ike_lifetime == 23200

- name: test remove vpn customer gateway in check mode
  cs_vpn_customer_gateway:
    name: ansible_vpn_customer_gw
    state: absent
  check_mode: true
  register: vcg
- name: verify test remove vpn customer gateway in check mode
  assert:
    that:
    - vcg is changed
    - "vcg.cidrs == ['192.168.123.0/24', '192.168.124.0/24']"
    - vcg.dpd == false
    - vcg.esp_lifetime == 1800
    - vcg.esp_policy == 'aes256-sha1;modp1536'
    - vcg.force_encap == true
    - vcg.ike_policy == 'aes256-sha1;modp1536'
    - vcg.gateway == '10.10.1.1'
    - vcg.name == 'ansible_vpn_customer_gw'
    - vcg.ike_lifetime == 23200

- name: test remove vpn customer gateway
  cs_vpn_customer_gateway:
    name: ansible_vpn_customer_gw
    state: absent
  register: vcg
- name: verify test remove vpn customer gateway
  assert:
    that:
    - vcg is changed
    - "vcg.cidrs == ['192.168.123.0/24', '192.168.124.0/24']"
    - vcg.dpd == false
    - vcg.esp_lifetime == 1800
    - vcg.esp_policy == 'aes256-sha1;modp1536'
    - vcg.force_encap == true
    - vcg.ike_policy == 'aes256-sha1;modp1536'
    - vcg.gateway == '10.10.1.1'
    - vcg.name == 'ansible_vpn_customer_gw'
    - vcg.ike_lifetime == 23200

- name: test remove vpn customer gateway idempotence
  cs_vpn_customer_gateway:
    name: ansible_vpn_customer_gw
    state: absent
  register: vcg
- name: verify test remove vpn customer gateway idempotence
  assert:
    that:
    - vcg is not changed