- name: failure check bind with host header but no wc or sni
  win_iis_webbinding:
    name: "{{ test_iis_site_name }}"
    state: present
    host_header: test.com
    protocol: https
    ip: '*'
    port: 443
    certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
    ssl_flags: 0
  register: failure
  failed_when:
    - failure.msg != "You cannot specify host headers with SSL unless it is a wildcard certificate."
    - failure.msg != "You cannot specify host headers with SSL unless it is a wildcard certificate or SNI is enabled."

- debug:
    var: failure
    verbosity: 1

- block:
  - name: get all websites from server
    raw: powershell.exe "(get-website).name"
    register: existing_sites

  - name: ensure all sites are removed for clean testing
    win_iis_website:
      name: "{{ item }}"
      state: absent
    with_items:
      - "{{ existing_sites.stdout_lines }}"

  - name: add sites
    win_iis_website:
      name: "{{ item.name }}"
      state: started
      ip: 127.0.0.1
      port: "{{ item.port }}"
      physical_path: c:\inetpub\wwwroot
    with_items:
      - {name: testconflict1, port: 8080}
      - {name: testconflict2, port: 8081}

  - name: add https binding to testconflict1
    win_iis_webbinding:
      name: testconflict1
      state: present
      protocol: https
      port: 443
      ip: 127.0.0.1
      certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"

  - name: add https binding to testconflict2 (expect failure)
    win_iis_webbinding:
      name: testconflict2
      state: present
      protocol: https
      ip: 127.0.0.1
      port: 443
      certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
    register: failure
    failed_when: '"A conflicting binding has been found on the same ip" not in failure.msg'

  - debug:
      var: failure
      verbosity: 1

  always:
  - name: remove websites
    win_iis_website:
      name: "{{ item }}"
      state: absent
    with_items:
      - testconflict1
      - testconflict2