---
- name: Test servicedelegationtarget_hostprincipal
  hosts: "{{ ipa_test_host | default('ipaserver') }}"
  become: no
  gather_facts: yes

  tasks:
  # setup
  - name: Include tasks ../env_freeipa_facts.yml
    ansible.builtin.include_tasks: ../env_freeipa_facts.yml

  - name: Host principals are only possible with IPA 4.9.0+
    when: ipa_version is version('4.9.0', '>=')
    block:

    # SET FACTS

    - name: Get Domain from server name
      ansible.builtin.set_fact:
        ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}"
      when: ipaserver_domain is not defined

    - name: Get REALM from server name
      ansible.builtin.set_fact:
        ipaserver_realm: "{{ ipaserver_domain | upper }}"
      when: ipaserver_realm is not defined

    - name: Set test-host fqdn
      ansible.builtin.set_fact:
        test_host_fqdn: "{{ 'test-host.' + ipaserver_domain }}"
        test_host_fqdn_realm: "{{ 'test-host.' + ipaserver_domain + '@' + ipaserver_realm }}"

    # CLEANUP TEST ITEMS

    - name: Ensure servicedelegationtarget test-delegation-target is absent
      ipaservicedelegationtarget:
        ipaadmin_password: SomeADMINpassword
        ipaapi_context: "{{ ipa_context | default(omit) }}"
        name: test-delegation-target
        state: absent

    - name: Ensure host is absent
      ipahost:
        ipaadmin_password: SomeADMINpassword
        ipaapi_context: "{{ ipa_context | default(omit) }}"
        name: "{{ test_host_fqdn }}"
        state: absent

    # CREATE TEST ITEMS

    - name: Ensure host is present
      ipahost:
        ipaadmin_password: SomeADMINpassword
        ipaapi_context: "{{ ipa_context | default(omit) }}"
        name: "{{ test_host_fqdn }}"
        force: yes

    - name: Ensure servicedelegationtarget test-delegation-target is present
      ipaservicedelegationtarget:
        ipaadmin_password: SomeADMINpassword
        ipaapi_context: "{{ ipa_context | default(omit) }}"
        name: test-delegation-target
      register: result
      failed_when: not result.changed or result.failed

    # TESTS

    - name: Ensure servicedelegationtarget test-delegation-target member host principal "{{ test_host_fqdn }}" is present
      ipaservicedelegationtarget:
        ipaadmin_password: SomeADMINpassword
        ipaapi_context: "{{ ipa_context | default(omit) }}"
        name: test-delegation-target
        principal: "{{ test_host_fqdn }}"
        action: member
      register: result
      failed_when: not result.changed or result.failed

    - name: Ensure servicedelegationtarget test-delegation-target member host principal "{{ test_host_fqdn }}" is present again
      ipaservicedelegationtarget:
        ipaadmin_password: SomeADMINpassword
        ipaapi_context: "{{ ipa_context | default(omit) }}"
        name: test-delegation-target
        principal: "{{ test_host_fqdn }}"
        action: member
      register: result
      failed_when: result.changed or result.failed

    - name: Ensure servicedelegationtarget test-delegation-target member host principal "{{ test_host_fqdn_realm }}" is present unchanged
      ipaservicedelegationtarget:
        ipaadmin_password: SomeADMINpassword
        ipaapi_context: "{{ ipa_context | default(omit) }}"
        name: test-delegation-target
        principal: "{{ test_host_fqdn_realm }}"
        action: member
      register: result
      failed_when: result.changed or result.failed

    - name: Ensure servicedelegationtarget test-delegation-target member host principal "{{ 'host/' + test_host_fqdn_realm }}" is present unchanged
      ipaservicedelegationtarget:
        ipaadmin_password: SomeADMINpassword
        ipaapi_context: "{{ ipa_context | default(omit) }}"
        name: test-delegation-target
        principal: "{{ 'host/' + test_host_fqdn_realm }}"
        action: member
      register: result
      failed_when: result.changed or result.failed

    - name: Ensure servicedelegationtarget test-delegation-target member host principal "{{ test_host_fqdn_realm }}" is absent
      ipaservicedelegationtarget:
        ipaadmin_password: SomeADMINpassword
        ipaapi_context: "{{ ipa_context | default(omit) }}"
        name: test-delegation-target
        principal: "{{ test_host_fqdn_realm }}"
        action: member
        state: absent
      register: result
      failed_when: not result.changed or result.failed

    - name: Ensure servicedelegationtarget test-delegation-target member host principal "{{ test_host_fqdn }}" is absent unchanged
      ipaservicedelegationtarget:
        ipaadmin_password: SomeADMINpassword
        ipaapi_context: "{{ ipa_context | default(omit) }}"
        name: test-delegation-target
        principal: "{{ test_host_fqdn }}"
        action: member
        state: absent
      register: result
      failed_when: result.changed or result.failed

    # CLEANUP TEST ITEMS

    - name: Ensure servicedelegationtarget test-delegation-target is absent
      ipaservicedelegationtarget:
        ipaadmin_password: SomeADMINpassword
        ipaapi_context: "{{ ipa_context | default(omit) }}"
        name: test-delegation-target
        state: absent
      register: result
      failed_when: not result.changed or result.failed

    - name: Ensure host is absent
      ipahost:
        ipaadmin_password: SomeADMINpassword
        ipaapi_context: "{{ ipa_context | default(omit) }}"
        name: "{{ test_host_fqdn }}"
        state: absent
      register: result
      failed_when: not result.changed or result.failed