---
- name: Test group
  hosts: "{{ ipa_test_host | default('ipaserver') }}"
  become: true
  gather_facts: false

  tasks:
  - name: Ensure users user1, user2 and user3 are absent
    ipauser:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: user1,user2,user3
      state: absent

  - name: Ensure group group3, group2 and group1 are absent
    ipagroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: group3,group2,group1
      state: absent

  - name: Ensure users user1..user3 are present
    ipauser:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      users:
      - name: user1
        first: user1
        last: Last
      - name: user2
        first: user2
        last: Last
      - name: user3
        first: user3
        last: Last
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure group1 is present
    ipagroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: group1
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure group1 is present again
    ipagroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: group1
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure group2 is present
    ipagroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: group2
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure group2 is present again
    ipagroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: group2
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure group3 is present
    ipagroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: group3
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure group3 is present again
    ipagroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: group3
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure groups group2 and group3 are present in group group1
    ipagroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: group1
      group:
      - group2
      - group3
      action: member
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure groups group2 and group3 are present in group group1 again
    ipagroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: group1
      group:
      - group2
      - group3
      action: member
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure group3 ia present in group group1
    ipagroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: group1
      group:
      - group3
      action: member
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure users user1, user2 and user3 are present in group group1
    ipagroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: group1
      user:
      - user1
      - user2
      - user3
      action: member
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure users user1, user2 and user3 are present in group group1 again
    ipagroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: group1
      user:
      - user1
      - user2
      - user3
      action: member
    register: result
    failed_when: result.changed or result.failed

  #- ipagroup:
  #    ipaadmin_password: SomeADMINpassword
  #    ipaapi_context: "{{ ipa_context | default(omit) }}"
  #    name: group1
  #    user:
  #    - user7
  #    action: member

  - name: Ensure user user7 is absent in group group1
    ipagroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: group1
      user:
      - user7
      action: member
      state: absent
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure group group4 is absent
    ipagroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: group4
      state: absent
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure group group3, group2 and group1 are absent
    ipagroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: group3,group2,group1
      state: absent
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure users user1, user2 and user3 are absent
    ipauser:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: user1,user2,user3
      state: absent
    register: result
    failed_when: not result.changed or result.failed