---
- name: Test dnszone
  hosts: ipaserver
  become: true
  gather_facts: true

  tasks:

  # Setup
  - name: Setup testing environment
    ansible.builtin.include_tasks: env_setup.yml

  - name: Ensure zone is present.
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      allow_sync_ptr: true
      dynamic_update: true
      dnssec: true
      allow_transfer:
        - 1.1.1.1
        - 2.2.2.2
      allow_query:
        - 1.1.1.1
        - 2.2.2.2
      refresh: 3600
      retry: 900
      expire: 1209600
      minimum: 3600
      ttl: 60
      default_ttl: 60
      name_server: ipaserver.test.local.
      skip_nameserver_check: true
      admin_email: admin@example.com
      nsec3param_rec: "1 7 100 abcd"
      state: present
    register: result
    failed_when: not result.changed or result.failed

  - name: Set different nsec3param_rec.
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      nsec3param_rec: "2 8 200 abcd"
    register: result
    failed_when: not result.changed or result.failed

  - name: Set same nsec3param_rec.
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      nsec3param_rec: "2 8 200 abcd"
    register: result
    failed_when: result.changed or result.failed

  - name: Set default_ttl to 1200
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      default_ttl: 1200
    register: result
    failed_when: not result.changed or result.failed

  - name: Set default_ttl to 1200, again
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      default_ttl: 1200
    register: result
    failed_when: result.changed or result.failed

  - name: Set ttl to 900
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      ttl: 900
    register: result
    failed_when: not result.changed or result.failed

  - name: Set ttl to 900, again
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      ttl: 900
    register: result
    failed_when: result.changed or result.failed

  - name: Set minimum to 1000
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      minimum: 1000
    register: result
    failed_when: not result.changed or result.failed

  - name: Set minimum to 1000, again
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      minimum: 1000
    register: result
    failed_when: result.changed or result.failed

  - name: Set expire to 1209601
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      expire: 1209601
    register: result
    failed_when: not result.changed or result.failed

  - name: Set expire to 1209601, again
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      expire: 1209601
    register: result
    failed_when: result.changed or result.failed

  - name: Set retry to 1200.
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      retry: 1200
    register: result
    failed_when: not result.changed or result.failed

  - name: Set retry to 1200, again.
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      retry: 1200
    register: result
    failed_when: result.changed or result.failed

  - name: Set refresh to 4000.
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      refresh: 4000
    register: result
    failed_when: not result.changed or result.failed

  - name: Set refresh to 4000, again.
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      refresh: 4000
    register: result
    failed_when: result.changed or result.failed

  - name: Set dnssec to false.
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      dnssec: false
    register: result
    failed_when: not result.changed or result.failed

  - name: Set dnssec to false, again.
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      dnssec: false
    register: result
    failed_when: result.changed or result.failed

  - name: Set allow_sync_ptr to false.
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      allow_sync_ptr: false
    register: result
    failed_when: not result.changed or result.failed

  - name: Set allow_sync_ptr to false, again.
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      allow_sync_ptr: false
    register: result
    failed_when: result.changed or result.failed

  - name: Set dynamic_update to false.
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      dynamic_update: false
    register: result
    failed_when: not result.changed or result.failed

  - name: Set dynamic_update to false, again.
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      dynamic_update: false
    register: result
    failed_when: result.changed or result.failed

  - name: Update allow_transfer.
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      allow_transfer:
        - 1.1.1.1
        - 2.2.2.2
        - 3.3.3.3
    register: result
    failed_when: not result.changed or result.failed

  - name: Update allow_transfer, again.
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      allow_transfer:
        - 1.1.1.1
        - 2.2.2.2
        - 3.3.3.3
    register: result
    failed_when: result.changed or result.failed

  - name: Remove allow transfer.
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      allow_transfer: []
    register: result
    failed_when: not result.changed or result.failed

  - name: Remove allow transfer, again.
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      allow_transfer: []
    register: result
    failed_when: result.changed or result.failed

  - name: Update allow_query.
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      allow_query:
        - 1.1.1.1
        - 2.2.2.2
        - 3.3.3.3
    register: result
    failed_when: not result.changed or result.failed

  - name: Update allow_query, again.
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      allow_query:
        - 1.1.1.1
        - 2.2.2.2
        - 3.3.3.3
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure allow query is empty.
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      allow_query: []
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure allow query is empty, again.
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      allow_query: []
    register: result
    failed_when: result.changed or result.failed

  - name: Update admin email.
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      admin_email: admin2@example.com
    register: result
    failed_when: not result.changed or result.failed

  - name: Update admin email, again.
    ipadnszone:
      ipaadmin_password: SomeADMINpassword
      name: testzone.local
      admin_email: admin2@example.com
    register: result
    failed_when: result.changed or result.failed

  # Teardown
  - name: Teardown testing environment
    ansible.builtin.include_tasks: env_teardown.yml