---
- name: Test netgroup members should be case insensitive.
  hosts: "{{ ipa_test_host | default('ipaserver') }}"
  become: no
  gather_facts: no

  vars:
    groups_present:
      - eleMENT1
      - Element2
      - eLeMenT3
      - ElemENT4


  tasks:
  - name: Test netgroup member case insensitive
    block:
    # SETUP
    - name: Get Domain from server name
      ansible.builtin.set_fact:
        ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}"
      when: ipaserver_domain is not defined

    - name: Ensure test groups exist.
      ipagroup:
        ipaadmin_password: SomeADMINpassword
        name: "{{ item }}"
      loop: "{{ groups_present }}"

    - name: Ensure test hostgroups exist.
      ipahostgroup:
        ipaadmin_password: SomeADMINpassword
        name: "hostgroup{{ item }}"
      loop: "{{ groups_present }}"

    - name: Ensure test netgroups exist.
      ipanetgroup:
        ipaadmin_password: SomeADMINpassword
        name: "netgroup{{ item }}"
      loop: "{{ groups_present }}"

    - name: Ensure test hosts exist.
      ipahost:
        ipaadmin_password: SomeADMINpassword
        name: "{{ item }}.{{ ipaserver_domain }}"
        force: yes
      loop: "{{ groups_present }}"

    - name: Ensure test users exist.
      ipauser:
        ipaadmin_password: SomeADMINpassword
        name: "user{{ item }}"
        first: "{{ item }}"
        last: "{{ item }}"
      loop: "{{ groups_present }}"

    - name: Ensure netgroups don't exist
      ipanetgroup:
        ipaadmin_password: SomeADMINpassword
        name: "{{ item }}"
        state: absent
      loop: "{{ groups_present }}"

    # TESTS
    - name: Start tests.
      ansible.builtin.debug:
        msg: "Tests are starting."

    - name: Ensure netgroups exist
      ipanetgroup:
        ipaadmin_password: SomeADMINpassword
        name: "{{ item }}"
      loop: "{{ groups_present }}"
      register: result
      failed_when: result.failed or not result.changed

    - name: Ensure netgroups exist with members
      ipanetgroup:
        ipaadmin_password: SomeADMINpassword
        name: "{{ item }}"
        hostgroup: "hostgroup{{ item }}"
        host: "{{ item }}.{{ ipaserver_domain }}"
        group: "{{ item }}"
        user: "user{{ item }}"
        netgroup: "netgroup{{ item }}"
        action: member
      loop: "{{ groups_present }}"
      register: result
      failed_when: result.failed or not result.changed

    - name: Ensure netgroups exist with members, lowercase
      ipanetgroup:
        ipaadmin_password: SomeADMINpassword
        name: "{{ item }}"
        hostgroup: "hostgroup{{ item | lower }}"
        host: "{{ item | lower }}.{{ ipaserver_domain }}"
        group: "{{ item | lower }}"
        user: "user{{ item | lower }}"
        netgroup: "netgroup{{ item | lower }}"
        action: member
      loop: "{{ groups_present }}"
      register: result
      failed_when: result.failed or result.changed

    - name: Ensure netgroups exist with members, uppercase
      ipanetgroup:
        ipaadmin_password: SomeADMINpassword
        name: "{{ item }}"
        hostgroup: "hostgroup{{ item | upper }}"
        host: "{{ item | upper }}.{{ ipaserver_domain }}"
        group: "{{ item | upper }}"
        user: "user{{ item | upper }}"
        netgroup: "netgroup{{ item | upper }}"
        action: member
      loop: "{{ groups_present }}"
      register: result
      failed_when: result.failed or result.changed

    - name: Ensure netgroup member is absent
      ipanetgroup:
        ipaadmin_password: SomeADMINpassword
        name: "{{ item }}"
        hostgroup: "hostgroup{{ item }}"
        host: "{{ item }}.{{ ipaserver_domain }}"
        group: "{{ item }}"
        user: "user{{ item }}"
        netgroup: "netgroup{{ item }}"
        action: member
        state: absent
      loop: "{{ groups_present }}"
      register: result
      failed_when: result.failed or not result.changed

    - name: Ensure netgroup member is absent, lowercase
      ipanetgroup:
        ipaadmin_password: SomeADMINpassword
        name: "{{ item }}"
        hostgroup: "hostgroup{{ item | lower }}"
        host: "{{ item | lower }}.{{ ipaserver_domain }}"
        group: "{{ item | lower }}"
        user: "user{{ item | lower }}"
        netgroup: "netgroup{{ item | lower }}"
        action: member
        state: absent
      loop: "{{ groups_present }}"
      register: result
      failed_when: result.failed or result.changed

    - name: Ensure netgroup member is absent, uppercase
      ipanetgroup:
        ipaadmin_password: SomeADMINpassword
        name: "{{ item }}"
        hostgroup: "hostgroup{{ item | upper }}"
        host: "{{ item | upper }}.{{ ipaserver_domain }}"
        group: "{{ item | upper }}"
        user: "user{{ item | upper }}"
        netgroup: "netgroup{{ item | upper }}"
        action: member
        state: absent
      loop: "{{ groups_present }}"
      register: result
      failed_when: result.failed or result.changed

    - name: Ensure netgroup member is present, uppercase
      ipanetgroup:
        ipaadmin_password: SomeADMINpassword
        name: "{{ item }}"
        hostgroup: "hostgroup{{ item | upper }}"
        host: "{{ item | upper }}.{{ ipaserver_domain }}"
        group: "{{ item | upper }}"
        user: "user{{ item | upper }}"
        netgroup: "netgroup{{ item | upper }}"
        action: member
      loop: "{{ groups_present }}"
      register: result
      failed_when: result.failed or not result.changed

    - name: Ensure netgroup member is present, lowercase
      ipanetgroup:
        ipaadmin_password: SomeADMINpassword
        name: "{{ item }}"
        hostgroup: "hostgroup{{ item | lower }}"
        host: "{{ item | lower }}.{{ ipaserver_domain }}"
        group: "{{ item | lower }}"
        user: "user{{ item | lower }}"
        netgroup: "netgroup{{ item | lower }}"
        action: member
      loop: "{{ groups_present }}"
      register: result
      failed_when: result.failed or result.changed

    - name: Ensure netgroup member is present, mixed case
      ipanetgroup:
        ipaadmin_password: SomeADMINpassword
        name: "{{ item }}"
        hostgroup: "hostgroup{{ item }}"
        host: "{{ item }}.{{ ipaserver_domain }}"
        group: "{{ item }}"
        user: "user{{ item }}"
        netgroup: "netgroup{{ item }}"
        action: member
      loop: "{{ groups_present }}"
      register: result
      failed_when: result.failed or result.changed

    - name: End tests.
      ansible.builtin.debug:
        msg: "All tests executed."

    always:
    # cleanup
    - name: Ensure netgroups do not exist
      ipanetgroup:
        ipaadmin_password: SomeADMINpassword
        name: "{{ item }}"
        state: absent
      loop: "{{ groups_present }}"

    - name: Ensure test groups do not exist.
      ipagroup:
        ipaadmin_password: SomeADMINpassword
        name: "{{ item }}"
        state: absent
      loop: "{{ groups_present }}"

    - name: Ensure test hostgroups do not exist.
      ipahostgroup:
        ipaadmin_password: SomeADMINpassword
        name: "hostgroup{{ item }}"
        state: absent
      loop: "{{ groups_present }}"

    - name: Ensure test netgroups do not exist.
      ipanetgroup:
        ipaadmin_password: SomeADMINpassword
        name: "netgroup{{ item }}"
        state: absent
      loop: "{{ groups_present }}"

    - name: Ensure test hosts do not exist.
      ipahost:
        ipaadmin_password: SomeADMINpassword
        name: "{{ item }}.{{ ipaserver_domain }}"
        state: absent
      loop: "{{ groups_present }}"

    - name: Ensure test users do not exist.
      ipauser:
        ipaadmin_password: SomeADMINpassword
        name: "user{{ item }}"
        state: absent
      loop: "{{ groups_present }}"