---
- name: Test ipahost random password generation
  hosts: ipaserver
  become: true

  tasks:
  - name: Get Domain from server name
    ansible.builtin.set_fact:
      ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}"
    when: ipaserver_domain is not defined

  - name: Set host1_fqdn and host2_fqdn
    ansible.builtin.set_fact:
      host1_fqdn: "{{ 'host1.' + ipaserver_domain }}"
      host2_fqdn: "{{ 'host2.' + ipaserver_domain }}"
      server_fqdn: "{{ ansible_facts['fqdn'] }}"

  - name: Test hosts absent
    ipahost:
      ipaadmin_password: SomeADMINpassword
      name:
      - "{{ host1_fqdn }}"
      - "{{ host2_fqdn }}"
      update_dns: yes
      state: absent

  - name: Host "{{ host1_fqdn }}" present with random password
    ipahost:
      ipaadmin_password: SomeADMINpassword
      name: "{{ host1_fqdn }}"
      random: yes
      force: yes
      update_password: on_create
    register: ipahost
    failed_when: not ipahost.changed or ipahost.failed

  - name: Assert ipahost.host.randompassword is defined.
    ansible.builtin.assert:
      that:
      - ipahost.host.randompassword is defined

  - name: Print generated random password
    ansible.builtin.debug:
      var: ipahost.host.randompassword

  - name: Host "{{ host1_fqdn }}" absent
    ipahost:
      ipaadmin_password: SomeADMINpassword
      name:
      - "{{ host1_fqdn }}"
      state: absent

  - name: Host "{{ host1_fqdn }}" is present with random password using hosts parameter
    ipahost:
      ipaadmin_password: SomeADMINpassword
      hosts:
      - name: "{{ host1_fqdn }}"
        random: yes
        force: yes
      update_password: on_create
    register: ipahost
    failed_when: not ipahost.changed or
                 ipahost.host[host1_fqdn].randompassword is not defined or
                 ipahost.failed

  - name: Host "{{ host1_fqdn }}" absent
    ipahost:
      ipaadmin_password: SomeADMINpassword
      name:
      - "{{ host1_fqdn }}"
      state: absent

  - name: Hosts "{{ host1_fqdn }}" and "{{ host2_fqdn }}" present with random password
    ipahost:
      ipaadmin_password: SomeADMINpassword
      hosts:
      - name: "{{ host1_fqdn }}"
        random: yes
        force: yes
      - name: "{{ host2_fqdn }}"
        random: yes
        force: yes
      update_password: on_create
    register: ipahost
    failed_when: not ipahost.changed or ipahost.failed

  - name: Assert randompassword is defined for host1 and host2.
    ansible.builtin.assert:
      that:
      - ipahost.host[host1_fqdn].randompassword is defined
      - ipahost.host[host2_fqdn].randompassword is defined

  - name: Print generated random password for "{{ host1_fqdn }}"
    ansible.builtin.debug:
      var: ipahost.host[host1_fqdn].randompassword

  - name: Print generated random password for "{{ host2_fqdn }}"
    ansible.builtin.debug:
      var: ipahost.host[host2_fqdn].randompassword

  - name: Enrolled host "{{ server_fqdn }}" fails to set random password with update_password always
    ipahost:
      ipaadmin_password: SomeADMINpassword
      hosts:
      - name: "{{ server_fqdn }}"
        random: yes
      update_password: always
    register: ipahost
    failed_when: ipahost.changed or not ipahost.failed

  - name: Assert randompassword is not defined for 'ansible_fqdn'.
    ansible.builtin.assert:
      that:
      - ipahost.host[server_fqdn].randompassword is not defined
      - "'Password cannot be set on enrolled host' in ipahost.msg"

  - name: Hosts "{{ host1_fqdn }}" and "{{ host2_fqdn }}" absent
    ipahost:
      ipaadmin_password: SomeADMINpassword
      name:
      - "{{ host1_fqdn }}"
      - "{{ host2_fqdn }}"
      state: absent