# Test code for the ACI modules
# Copyright: (c) 2017, Dag Wieers (dagwieers) <dag@wieers.com>
#
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

- name: Test that we have an ACI APIC host, ACI username and ACI password
  fail:
    msg: 'Please define the following variables: aci_hostname, aci_username and aci_password.'
  when: aci_hostname is not defined or aci_username is not defined or aci_password is not defined


# CLEAN ENVIRONMENT
- name: Remove any pre-existing certificate
  aci_aaa_user_certificate: &cert_absent
    host: '{{ aci_hostname }}'
    username: '{{ aci_username }}'
    password: '{{ aci_password }}'
    validate_certs: '{{ aci_validate_certs | default(false) }}'
    use_ssl: '{{ aci_use_ssl | default(true) }}'
    use_proxy: '{{ aci_use_proxy | default(true) }}'
    aaa_user: admin
    certificate_name: admin
    state: absent


# ADD USER CERTIFICATE
- name: Add user certificate (check_mode)
  aci_aaa_user_certificate: &cert_present
    host: '{{ aci_hostname }}'
    username: '{{ aci_username }}'
    password: '{{ aci_password }}'
    validate_certs: '{{ aci_validate_certs | default(false) }}'
    use_ssl: '{{ aci_use_ssl | default(true) }}'
    use_proxy: '{{ aci_use_proxy | default(true) }}'
    aaa_user: admin
    certificate_name: admin
    certificate: "{{ lookup('file', 'pki/admin.crt') }}"
    state: present
  check_mode: yes
  register: cm_add_cert

- name: Add user certificate (normal mode)
  aci_aaa_user_certificate: *cert_present
  register: nm_add_cert

- name: Add user certificate again (check mode)
  aci_aaa_user_certificate: *cert_present
  check_mode: yes
  register: cm_add_cert_again

- name: Add user certificate again (normal mode)
  aci_aaa_user_certificate: *cert_present
  register: nm_add_cert_again

- name: Verify add_cert
  assert:
    that:
    - cm_add_cert.changed == nm_add_cert.changed == true
    - cm_add_cert_again.changed == nm_add_cert_again.changed == false


# QUERY ALL USER CERTIFICATES
- name: Query all user certificates using signature-based authentication (check_mode)
  aci_aaa_user_certificate: &cert_query
    host: '{{ aci_hostname }}'
    username: '{{ aci_username }}'
    #password: '{{ aci_password }}'
    private_key: '{{ role_path }}/pki/admin.key'
    validate_certs: '{{ aci_validate_certs | default(false) }}'
    use_ssl: '{{ aci_use_ssl | default(true) }}'
    use_proxy: '{{ aci_use_proxy | default(true) }}'
    aaa_user: admin
    state: query
  check_mode: yes
  register: cm_query_all_certs

- name: Query all user certificates using signature-based authentication (normal mode)
  aci_aaa_user_certificate: *cert_query
  register: nm_query_all_certs

- name: Verify query_all_certs
  assert:
    that:
    - cm_query_all_certs.changed == nm_query_all_certs.changed == false
    # NOTE: Order of certs is not stable between calls
    #- cm_query_all_certs == nm_query_all_certs


# QUERY OUR USER CERTIFICATE
- name: Query our certificate using signature-based authentication (check_mode)
  aci_aaa_user_certificate:
    <<: *cert_query
    certificate_name: admin
  check_mode: yes
  register: cm_query_cert

- name: Query our certificate using signature-based authentication (normal mode)
  aci_aaa_user_certificate:
    <<: *cert_query
    certificate_name: admin
  register: nm_query_cert

- name: Verify query_cert
  assert:
    that:
    - cm_query_cert.changed == nm_query_cert.changed == false
    - cm_query_cert == nm_query_cert


# REMOVE CERTIFICATE
- name: Remove certificate (check_mode)
  aci_aaa_user_certificate: *cert_absent
  check_mode: yes
  register: cm_remove_cert

- name: Remove certificate (normal mode)
  aci_aaa_user_certificate: *cert_absent
  register: nm_remove_cert

- name: Remove certificate again (check_mode)
  aci_aaa_user_certificate: *cert_absent
  check_mode: yes
  register: cm_remove_cert_again

- name: Remove certificate again (normal mode)
  aci_aaa_user_certificate: *cert_absent
  register: nm_remove_cert_again

- name: Verify remove_cert
  assert:
    that:
    - cm_remove_cert.changed == nm_remove_cert.changed == true
    - cm_remove_cert_again.changed == nm_remove_cert_again.changed == false