---
- name: Playbook to ensure
  hosts: ipaserver
  become: no
  gather_facts: yes

  tasks:
  - name: Setup testing environment.
    include_tasks: env_setup.yml

  - name: Add test host.
    ipahost:
      ipaadmin_password: SomeADMINpassword
      name: "iron01.{{ safezone }}"
      ip_address: 192.168.1.253
      force: yes

  - name: Cleanup test records.
    ipadnsrecord:
      ipaadmin_password: SomeADMINpassword
      zone_name: safezone.test
      records:
        - name: iron01
          ns_rec: iron01
          ds_record:
          - 1234 3 3 84763786e4213cca9a6938dba5dacd64f87ec216
          - 1234 3 3 84763786e4213cca9a6938dba5dacd64f87ec222
          - 5555 5 5 84763786e4213cca9a6938dba5dacd64f87ec222
          cert_record:
          - 1 1234 3 AwIBAgIUb14+Oug2nPMIIBdTCCAR+g
          - 2 567 4 AwIBAgIUb14+Oug2nPMIIBdTCCAR+g
      state: absent

  - name: Add NS records to test.
    ipadnsrecord:
      ipaadmin_password: SomeADMINpassword
      zone_name: safezone.test
      records:
        - name: iron01
          ns_rec: iron01
    register: result
    failed_when: result.failed or not result.changed

  - name: Add DS records to test.
    ipadnsrecord:
      ipaadmin_password: SomeADMINpassword
      zone_name: safezone.test
      records:
        - name: iron01
          ds_record:
          - 1234 3 3 84763786e4213cca9a6938dba5dacd64f87ec216
          - 1234 3 3 84763786e4213cca9a6938dba5dacd64f87ec222
    register: result
    failed_when: result.failed or not result.changed

  - name: Add CERT records to test.
    ipadnsrecord:
      ipaadmin_password: SomeADMINpassword
      zone_name: safezone.test
      records:
        - name: host01
          cert_record:
          - 1 1234 3 AwIBAgIUb14+Oug2nPMIIBdTCCAR+g
          - 5 555 4 AwIBAgIUb14+Oug2nPMIIBdTCCAAS+g
    register: result
    failed_when: result.failed or not result.changed

  - name: Modify CERT record.
    ipadnsrecord:
      ipaadmin_password: SomeADMINpassword
      zone_name: safezone.test
      name: host01
      cert_type: 2
      cert_key_tag: 567
      cert_algorithm: 4
      cert_rec: 1 1234 3 AwIBAgIUb14+Oug2nPMIIBdTCCAR+g
    register: result
    failed_when: result.failed or not result.changed

  - name: Verify modified CERT records exists.
    ipadnsrecord:
      ipaadmin_password: SomeADMINpassword
      zone_name: safezone.test
      records:
        - name: host01
          cert_record: 2 567 4 AwIBAgIUb14+Oug2nPMIIBdTCCAR+g
    register: result
    failed_when: result.failed or result.changed

  - name: Verify if old CERT record does not exist.
    ipadnsrecord:
      ipaadmin_password: SomeADMINpassword
      zone_name: safezone.test
      records:
        - name: host01
          cert_record: 1 1234 3 AwIBAgIUb14+Oug2nPMIIBdTCCAR+g
      state: absent
    register: result
    failed_when: result.failed or result.changed

  - name: Verify if unmodified CERT record does exist.
    ipadnsrecord:
      ipaadmin_password: SomeADMINpassword
      zone_name: safezone.test
      records:
        - name: host01
          cert_record: 5 555 4 AwIBAgIUb14+Oug2nPMIIBdTCCAAS+g
    register: result
    failed_when: result.failed or result.changed

  - name: Try to modify the same DS record twice.
    ipadnsrecord:
      ipaadmin_password: SomeADMINpassword
      zone_name: safezone.test
      records:
        - name: iron01
          ds_key_tag: 5555
          ds_algorithm: 5
          ds_digest_type: 5
          ds_digest: 84763786e4213cca9a6938dba5dacd64f87ec222
          ds_record: 1234 3 3 84763786e4213cca9a6938dba5dacd64f87ec216

        - name: iron01
          ds_key_tag: 5555
          ds_algorithm: 5
          ds_digest_type: 5
          ds_digest: 84763786e4213cca9a6938dba5dacd64f87ec222
          ds_record: 1234 3 3 84763786e4213cca9a6938dba5dacd64f87ec216
    register: result
    failed_when: not result.failed or "DS record does not contain" not in result.msg

  - name: Verify if unmodified DS record still exists.
    ipadnsrecord:
      ipaadmin_password: SomeADMINpassword
      zone_name: safezone.test
      records:
        - name: iron01
          ds_record: 1234 3 3 84763786e4213cca9a6938dba5dacd64f87ec222
    register: result
    failed_when: result.failed or result.changed

  - name: Verify DS record was modified
    ipadnsrecord:
      ipaadmin_password: SomeADMINpassword
      zone_name: safezone.test
      records:
        - name: iron01
          ds_record: 5555 5 5 84763786e4213cca9a6938dba5dacd64f87ec222
    register: result
    failed_when: result.failed or result.changed

  - name: Verify if modified DS record was not created.
    ipadnsrecord:
      ipaadmin_password: SomeADMINpassword
      zone_name: safezone.test
      records:
        - name: iron01
          ds_record: 1234 3 3 84763786e4213cca9a6938dba5dacd64f87ec216
      state: absent
    register: result
    failed_when: result.failed or result.changed

  - name: Cleanup test records.
    ipadnsrecord:
      ipaadmin_password: SomeADMINpassword
      zone_name: safezone.test
      records:
        - name: iron01
          ds_record:
          - 1234 3 3 84763786e4213cca9a6938dba5dacd64f87ec216
          - 1234 3 3 84763786e4213cca9a6938dba5dacd64f87ec222
          - 5555 5 5 84763786e4213cca9a6938dba5dacd64f87ec222
        - name: host01
          cert_record:
          - 1 1234 3 AwIBAgIUb14+Oug2nPMIIBdTCCAR+g
          - 2 567 4 AwIBAgIUb14+Oug2nPMIIBdTCCAR+g
      state: absent
  # cleanup
  - name: Cleanup test environment.
    include_tasks: env_cleanup.yml