---
- name: Test hbacsvcgroup
  hosts: "{{ ipa_test_host | default('ipaserver') }}"
  become: true
  gather_facts: false

  tasks:
  - name: Ensure HBAC Service Group login is absent
    ipahbacsvcgroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: login
      state: absent

  - name: Ensure HBAC Service for sshd is present
    ipahbacsvc:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: login

  - name: Ensure HBAC Service Group login is present
    ipahbacsvcgroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: login
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure HBAC Service Group login is present again
    ipahbacsvcgroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: login
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure HBAC Service sshd is present in HBAC Service Group login
    ipahbacsvcgroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: login
      hbacsvc:
      - sshd
      action: member
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure HBAC Service sshd is present in HBAC Service Group login again
    ipahbacsvcgroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: login
      hbacsvc:
      - sshd
      action: member
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure HBAC Services sshd and foo are absent in HBAC Service Group login
    ipahbacsvcgroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: login
      hbacsvc:
      - sshd
      - foo
      action: member
      state: absent
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure HBAC Services sshd and foo are absent in HBAC Service Group login again
    ipahbacsvcgroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: login
      hbacsvc:
      - sshd
      - foo
      action: member
      state: absent
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure HBAC Service Group login is absent
    ipahbacsvcgroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: login
      state: absent
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure HBAC Service Group login is absent again
    ipahbacsvcgroup:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      name: login
      state: absent
    register: result
    failed_when: result.changed or result.failed