# This playbook should be included with `include_tasks` as the first task
# of a test playbook that requires FreeIPA information.
#
# Available Facts:
#
# ipa_version: The installed FreeIPA version.
# ipa_api_version: The installed FreeIPA API version.
#
---
- name: Retrieving FreeIPA version.
  ansible.builtin.shell:
    cmd: 'ipa --version | sed -n "s/VERSION: \([^,]*\).*API_VERSION: \([^,]*\).*/\1\\n\2/p"'
  register: ipa_cmd_version

- name: Verify if host is an IPA server or client.
  ansible.builtin.shell:
    cmd: |
      echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin
      RESULT=$(KRB5CCNAME={{ krb5ccname }} ipa server-show `hostname` && echo SERVER || echo CLIENT)
      kdestroy -A -c {{ krb5ccname }}
      echo $RESULT
  vars:
    krb5ccname: "__check_ipa_host_is_client_or_server__"
  register: output

- name: Set FreeIPA facts.
  ansible.builtin.set_fact:
    ipa_version: "{{ ipa_cmd_version.stdout_lines[0] }}"
    ipa_api_version: "{{ ipa_cmd_version.stdout_lines[1] }}"
    ipa_host_is_client: "{{ (output.stdout_lines[-1] == 'CLIENT') | bool }}"
    trust_test_is_supported: no

- name: Ensure ipaserver_domain is set
  when: ipaserver_domain is not defined
  block:
  - name: Get Domain from server name
    ansible.builtin.set_fact:
      ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}"
    when: "'fqdn' in ansible_facts"

  - name: Set Domain to 'ipa.test' if FQDN could not be retrieved.
    ansible.builtin.set_fact:
      ipaserver_domain: "ipa.test"
    when: "'fqdn' not in ansible_facts"