- name: pre-setup
  cs_role:
    name: "testRole"
  register: testRole
- name: verify pre-setup
  assert:
    that:
    - testRole is successful

- name: setup
  cs_role_permission:
    name: "fakeRolePerm"
    role: "{{ testRole.id }}"
    state: absent
  register: roleperm
- name: verify setup
  assert:
    that:
    - roleperm is successful

- name: setup2
  cs_role_permission:
    name: "fakeRolePerm2"
    role: "{{ testRole.id }}"
    state: absent
  register: roleperm2
- name: verify setup2
  assert:
    that:
    - roleperm2 is successful

- name: test fail if missing name
  cs_role_permission:
    role: "{{ testRole.id }}"
  register: roleperm
  ignore_errors: true
- name: verify results of fail if missing name
  assert:
    that:
    - roleperm is failed
    - 'roleperm.msg == "missing required arguments: name"'

- name: test fail if missing role
  cs_role_permission:
    name: "fakeRolePerm"
  register: roleperm
  ignore_errors: true
- name: verify results of fail if missing role
  assert:
    that:
    - roleperm is failed
    - 'roleperm.msg == "missing required arguments: role"'

- name: test fail if role does not exist
  cs_role_permission:
    name: "fakeRolePerm"
    role: "testtest"
  register: roleperm
  ignore_errors: true
- name: verify results of fail if role does not exist
  assert:
    that:
    - roleperm is failed
    - roleperm.msg == "Role 'testtest' not found"

- name: test fail if state is incorrcect
  cs_role_permission:
    state: badstate
    role: "{{ testRole.id }}"
    name: "fakeRolePerm"
    permission: allow
  register: roleperm
  ignore_errors: true
- name: verify results of fail if state is incorrcect
  assert:
    that:
    - roleperm is failed
    - 'roleperm.msg == "value of state must be one of: present, absent, got: badstate"'

- name: test create role permission in check mode
  cs_role_permission:
    role: "{{ testRole.id }}"
    name: "fakeRolePerm"
    permission: allow
    description: "fakeRolePerm description"
  register: roleperm
  check_mode: yes
- name: verify results of role permission in check mode
  assert:
    that:
    - roleperm is successful
    - roleperm is changed

- name: test create role permission
  cs_role_permission:
    role: "{{ testRole.id }}"
    name: "fakeRolePerm"
    permission: allow
    description: "fakeRolePerm description"
  register: roleperm
- name: verify results of role permission
  assert:
    that:
    - roleperm is successful
    - roleperm is changed
    - roleperm.name == "fakeRolePerm"
    - roleperm.permission == "allow"
    - roleperm.description == "fakeRolePerm description"

- name: test create role permission idempotency
  cs_role_permission:
    role: "{{ testRole.id }}"
    name: "fakeRolePerm"
    permission: allow
    description: "fakeRolePerm description"
  register: roleperm
- name: verify results of role permission idempotency
  assert:
    that:
    - roleperm is successful
    - roleperm is not changed
    - roleperm.name == "fakeRolePerm"
    - roleperm.permission == "allow"
    - roleperm.description == "fakeRolePerm description"

- name: test update role permission in check_mode
  cs_role_permission:
    role: "{{ testRole.id }}"
    name: "fakeRolePerm"
    permission: deny
    description: "fakeRolePerm description"
  register: roleperm
  check_mode: yes
- name: verify results of update role permission in check mode
  assert:
    that:
    - roleperm is successful
    - roleperm is changed
    - roleperm.name == "fakeRolePerm"
    - roleperm.permission == "allow"
    - roleperm.description == "fakeRolePerm description"

- name: test update role permission
  cs_role_permission:
    role: "{{ testRole.id }}"
    name: "fakeRolePerm"
    permission: deny
    description: "fakeRolePerm description"
  register: roleperm
- name: verify results of update role permission
  assert:
    that:
    - roleperm is successful
    - roleperm is changed
    - roleperm.name == "fakeRolePerm"
    - roleperm.permission == "deny"
    - roleperm.description == "fakeRolePerm description"

- name: test update role permission idempotency
  cs_role_permission:
    role: "{{ testRole.id }}"
    name: "fakeRolePerm"
    permission: deny
    description: "fakeRolePerm description"
  register: roleperm
- name: verify results of update role permission idempotency
  assert:
    that:
    - roleperm is successful
    - roleperm is not changed
    - roleperm.name == "fakeRolePerm"
    - roleperm.permission == "deny"
    - roleperm.description == "fakeRolePerm description"

- name: test create a second role permission
  cs_role_permission:
    role: "{{ testRole.id }}"
    name: "fakeRolePerm2"
    permission: allow
  register: roleperm2
- name: verify results of create a second role permission
  assert:
    that:
    - roleperm2 is successful
    - roleperm2 is changed
    - roleperm2.name == "fakeRolePerm2"

- name: test update rules order in check_mode
  cs_role_permission:
    role: "{{ testRole.id }}"
    name: "fakeRolePerm"
    parent: "{{ roleperm2.id }}"
  register: roleperm
  check_mode: yes
- name: verify results of update rule order check mode
  assert:
    that:
    - roleperm is successful
    - roleperm is changed
    - roleperm.name == "fakeRolePerm"

- name: test update rules order
  cs_role_permission:
    role: "{{ testRole.id }}"
    name: "fakeRolePerm"
    parent: "{{ roleperm2.id }}"
  register: roleperm
- name: verify results of update rule order
  assert:
    that:
    - roleperm is successful
    - roleperm is changed
    - roleperm.name == "fakeRolePerm"

- name: test update rules order to the top of the list
  cs_role_permission:
    role: "{{ testRole.id }}"
    name: "fakeRolePerm"
    parent: 0
  register: roleperm
- name: verify results of update rule order to the top of the list
  assert:
    that:
    - roleperm is successful
    - roleperm is changed
    - roleperm.name == "fakeRolePerm"

- name: test update rules order with parent NAME
  cs_role_permission:
    role: "{{ testRole.id }}"
    name: "fakeRolePerm"
    parent: "{{ roleperm2.name }}"
  register: roleperm
- name: verify results of update rule order with parent NAME
  assert:
    that:
    - roleperm is successful
    - roleperm is changed
    - roleperm.name == "fakeRolePerm"

- name: test fail if permission AND parent args are present
  cs_role_permission:
    role: "{{ testRole.id }}"
    name: "fakeRolePerm"
    permission: allow
    parent: 0
  register: roleperm
  ignore_errors: true
- name: verify results of fail if permission AND parent args are present
  assert:
    that:
    - roleperm is failed
    - 'roleperm.msg == "parameters are mutually exclusive: permission|parent"'

- name: test fail if parent does not exist
  cs_role_permission:
    role: "{{ testRole.id }}"
    name: "fakeRolePerm"
    parent: "badParent"
  register: roleperm
  ignore_errors: true
- name: verify results of fail if parent does not exist
  assert:
    that:
    - roleperm is failed
    - roleperm.msg == "Parent rule 'badParent' not found"

- name: test remove role permission in check_mode
  cs_role_permission:
    role: "{{ testRole.id }}"
    name: "fakeRolePerm"
    state: absent
  register: roleperm
  check_mode: yes
- name: verify results of rename role permission in check_mode
  assert:
    that:
    - roleperm is successful
    - roleperm is changed

- name: test remove role permission
  cs_role_permission:
    role: "{{ testRole.id }}"
    name: "fakeRolePerm"
    state: absent
  register: roleperm
- name: verify results of remove role permission
  assert:
    that:
    - roleperm is successful
    - roleperm is changed

- name: remove second role permission
  cs_role_permission:
    role: "{{ testRole.id }}"
    name: "fakeRolePerm2"
    state: absent
  register: roleperm
- name: verify results of remove second role permission
  assert:
    that:
    - roleperm is successful
    - roleperm is changed