---
- name: Test dnsconfig
  hosts: "{{ ipa_test_host | default('ipaserver') }}"
  become: true
  gather_facts: true

  tasks:
  # Setup.
  - name: Ensure forwarders are absent.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forwarders:
        - ip_address: 8.8.8.8
        - ip_address: 8.8.4.4
        - ip_address: 2001:4860:4860::8888
        - ip_address: 2001:4860:4860::8888
          port: 53
      state: absent
      action: member

  # Tests.
  - name: Set config to invalid IPv4.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forwarders:
        - ip_address: 1.2.3.500
    register: result
    failed_when: not result.failed or "Invalid IP for DNS forwarder" not in result.msg

  - name: Set config to invalid IP.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forwarders:
        - ip_address: 1.in.va.lid
    register: result
    failed_when: not result.failed or "Invalid IP for DNS forwarder" not in result.msg

  - name: Set config to invalid IPv6.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forwarders:
        - ip_address: fd00::invalid
    register: result
    failed_when: not result.failed or "Invalid IP for DNS forwarder" not in result.msg

  - name: Set dnsconfig.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forwarders:
        - ip_address: 8.8.8.8
        - ip_address: 8.8.4.4
        - ip_address: 2001:4860:4860::8888
          port: 53
      forward_policy: only
      allow_sync_ptr: yes
    register: result
    failed_when: not result.changed or result.failed

  - name: Set dnsconfig, with the same values.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forwarders:
        - ip_address: 8.8.8.8
        - ip_address: 8.8.4.4
        - ip_address: 2001:4860:4860::8888
          port: 53
      forward_policy: only
      allow_sync_ptr: yes
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure forwarder 8.8.8.8 is absent.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forwarders:
        - ip_address: 8.8.8.8
      state: absent
      action: member
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure forwarder 8.8.8.8 is absent, again.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forwarders:
        - ip_address: 8.8.8.8
      state: absent
      action: member
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure forwarder 8.8.4.4 is present.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forwarders:
        - ip_address: 8.8.4.4
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure forwarder 8.8.8.8 is present.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forwarders:
        - ip_address: 8.8.8.8
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure forwarder 8.8.4.4 is present.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forwarders:
        - ip_address: 8.8.4.4
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure forwarders are absent.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forwarders:
        - ip_address: 8.8.4.4
        - ip_address: 8.8.8.8
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure forwarders are absent, again.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forwarders:
        - ip_address: 8.8.4.4
        - ip_address: 8.8.8.8
    register: result
    failed_when: result.changed or result.failed

  - name: Disable global forwarders.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forward_policy: none
    register: result
    failed_when: not result.changed or result.failed

  - name: Disable global forwarders, again.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forward_policy: none
    register: result
    failed_when: result.changed or result.failed

  - name: Re-enable global forwarders.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forward_policy: first
    register: result
    failed_when: not result.changed or result.failed

  - name: Re-enable global forwarders, again.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forward_policy: first
    register: result
    failed_when: result.changed or result.failed

  - name: Disable PTR record synchronization.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      allow_sync_ptr: no
    register: result
    failed_when: not result.changed or result.failed

  - name: Disable PTR record synchronization, again.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      allow_sync_ptr: no
    register: result
    failed_when: result.changed or result.failed

  - name: Re-enable PTR record synchronization.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      allow_sync_ptr: yes
    register: result
    failed_when: not result.changed or result.failed

  - name: Re-enable PTR record synchronization, again.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      allow_sync_ptr: yes
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure all forwarders are absent.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forwarders:
        - ip_address: 8.8.8.8
        - ip_address: 8.8.4.4
        - ip_address: 2001:4860:4860::8888
          port: 53
      state: absent
      action: member
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure all forwarders are absent, again.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forwarders:
        - ip_address: 8.8.8.8
        - ip_address: 8.8.4.4
        - ip_address: 2001:4860:4860::8888
          port: 53
      state: absent
      action: member
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure forwarder is present.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forwarders:
        - ip_address: 8.8.8.8
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure forwarders is not present.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forwarders:
        - ip_address: 8.8.4.4
    check_mode: yes
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure forwarders are present.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forwarders:
        - ip_address: 8.8.4.4
        - ip_address: 8.8.8.8
      action: member
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure forwarders are present, again.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forwarders:
        - ip_address: 8.8.4.4
        - ip_address: 8.8.8.8
      action: member
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure another forwarder is present.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forwarders:
        - ip_address: 8.8.4.4
      action: member
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure forwarders are present.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forwarders:
        - ip_address: 8.8.4.4
        - ip_address: 8.8.8.8
      action: member
    register: result
    failed_when: result.changed or result.failed

  # Cleanup.
  - name: Ensure forwarders are absent.
    ipadnsconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      forwarders:
        - ip_address: 8.8.8.8
        - ip_address: 8.8.4.4
        - ip_address: 2001:4860:4860::8888
        - ip_address: 2001:4860:4860::8888
          port: 53
      state: absent
      action: member