#########################
### modify check mode ###
#########################
- name: check mode modify audit policy directory
  win_audit_rule:
    path: "{{ test_audit_rule_folder }}"
    user: "{{ test_audit_rule_user }}"
    rights: "{{ test_audit_rule_new_rights }}"
    state: present
    audit_flags: "{{ test_audit_rule_audit_flags }}"
  register: directory
  check_mode: yes

- name: check mode modify audit policy file
  win_audit_rule:
    path: "{{ test_audit_rule_file }}"
    user: "{{ test_audit_rule_user }}"
    rights: "{{ test_audit_rule_new_rights }}"
    state: present
    audit_flags: "{{ test_audit_rule_audit_flags }}"
    inheritance_flags: none
  register: file
  check_mode: yes

- name: check mode modify audit policy registry
  win_audit_rule:
    path: "{{ test_audit_rule_registry }}"
    user: "{{ test_audit_rule_user }}"
    rights: "{{ test_audit_rule_new_rights }}"
    state: present
    audit_flags: "{{ test_audit_rule_audit_flags }}"
  register: registry
  check_mode: yes

- name: check mode modify get directory rule results
  test_get_audit_rule:
    path: "{{ test_audit_rule_folder }}"
    user: "{{ test_audit_rule_user }}"
    rights: "{{ test_audit_rule_new_rights }}"
    audit_flags: "{{ test_audit_rule_audit_flags }}"
  register: directory_results

- name: check mode modify get file rule results
  test_get_audit_rule:
    path: "{{ test_audit_rule_file }}"
    user: "{{ test_audit_rule_user }}"
    rights: "{{ test_audit_rule_new_rights }}"
    audit_flags: "{{ test_audit_rule_audit_flags }}"
    inheritance_flags: none
  register: file_results

- name: check mode modify get REGISTRY rule results
  test_get_audit_rule:
    path: "{{ test_audit_rule_registry }}"
    user: "{{ test_audit_rule_user }}"
    rights: "{{ test_audit_rule_new_rights }}"
    audit_flags: "{{ test_audit_rule_audit_flags }}"
  register: registry_results

- name: check mode modify assert that change is needed but rights still equal the original rights and not test_audit_rule_new_rights
  assert:
    that:
    - directory is changed
    - file is changed
    - registry is changed
    - not directory_results.matching_rule_found and directory_results.path_type == 'directory'
    - not file_results.matching_rule_found and file_results.path_type == 'file'
    - not registry_results.matching_rule_found and registry_results.path_type == 'registry'

##############
### modify ###
##############
- name: modify audit policy directory
  win_audit_rule:
    path: "{{ test_audit_rule_folder }}"
    user: "{{ test_audit_rule_user }}"
    rights: "{{ test_audit_rule_new_rights }}"
    state: present
    audit_flags: "{{ test_audit_rule_audit_flags }}"
  register: directory

- name: modify audit policy file
  win_audit_rule:
    path: "{{ test_audit_rule_file }}"
    user: "{{ test_audit_rule_user }}"
    rights: "{{ test_audit_rule_new_rights }}"
    state: present
    audit_flags: "{{ test_audit_rule_audit_flags }}"
    inheritance_flags: none
  register: file

- name: modify audit policy registry
  win_audit_rule:
    path: "{{ test_audit_rule_registry }}"
    user: "{{ test_audit_rule_user }}"
    rights: "{{ test_audit_rule_new_rights }}"
    state: present
    audit_flags: "{{ test_audit_rule_audit_flags }}"
  register: registry

- name: modify get directory rule results
  test_get_audit_rule:
    path: "{{ test_audit_rule_folder }}"
    user: "{{ test_audit_rule_user }}"
    rights: "{{ test_audit_rule_new_rights }}"
    audit_flags: "{{ test_audit_rule_audit_flags }}"
  register: directory_results

- name: modify get file rule results
  test_get_audit_rule:
    path: "{{ test_audit_rule_file }}"
    user: "{{ test_audit_rule_user }}"
    rights: "{{ test_audit_rule_new_rights }}"
    audit_flags: "{{ test_audit_rule_audit_flags }}"
    inheritance_flags: none
  register: file_results

- name: modify get REGISTRY rule results
  test_get_audit_rule:
    path: "{{ test_audit_rule_registry }}"
    user: "{{ test_audit_rule_user }}"
    rights: "{{ test_audit_rule_new_rights }}"
    audit_flags: "{{ test_audit_rule_audit_flags }}"
  register: registry_results

- name: modify assert that the rules were modified and a change is detected
  assert:
    that:
    - directory is changed
    - file is changed
    - registry is changed
    - directory_results.matching_rule_found and directory_results.path_type == 'directory'
    - file_results.matching_rule_found and file_results.path_type == 'file'
    - registry_results.matching_rule_found and registry_results.path_type == 'registry'

#####################################
### idempotent test modify a rule ###
#####################################
- name: idempotent modify audit policy directory
  win_audit_rule:
    path: "{{ test_audit_rule_folder }}"
    user: "{{ test_audit_rule_user }}"
    rights: "{{ test_audit_rule_new_rights }}"
    state: present
    audit_flags: "{{ test_audit_rule_audit_flags }}"
  register: directory

- name: idempotent modify audit policy file
  win_audit_rule:
    path: "{{ test_audit_rule_file }}"
    user: "{{ test_audit_rule_user }}"
    rights: "{{ test_audit_rule_new_rights }}"
    state: present
    audit_flags: "{{ test_audit_rule_audit_flags }}"
    inheritance_flags: none
  register: file

- name: idempotent modify audit policy registry
  win_audit_rule:
    path: "{{ test_audit_rule_registry }}"
    user: "{{ test_audit_rule_user }}"
    rights: "{{ test_audit_rule_new_rights }}"
    state: present
    audit_flags: "{{ test_audit_rule_audit_flags }}"
  register: registry

- name: idempotent modify assert that and a change is not detected
  assert:
    that:
    - directory is not changed and directory.path_type == 'directory'
    - file is not changed and file.path_type == 'file'
    - registry is not changed and registry.path_type == 'registry'