---
- block:
  - name: Create user with password
    ios_user:
      name: auth_user
      privilege: 15
      role: network-operator
      state: present
      provider: "{{ cli }}"
      configured_password: pass123

  - name: test login
    expect:
      command: "ssh auth_user@{{ ansible_ssh_host }} -p {{ ansible_ssh_port|default(22) }} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PubkeyAuthentication=no show version"
      responses:
        (?i)password: "pass123"

  - name: test login with invalid password (should fail)
    expect:
      command: "ssh auth_user@{{ ansible_ssh_host }} -p {{ ansible_ssh_port|default(22) }} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PubkeyAuthentication=no show version"
      responses:
        (?i)password: "badpass"
    ignore_errors: yes
    register: results

  - name: check that attempt failed
    assert:
      that:
        - results.failed

  always:
  - name: delete user
    ios_user:
      name: auth_user
      state: absent
      provider: "{{ cli }}"
    register: result

  - name: reset connection
    meta: reset_connection


- block:
  - name: Ensure ssh key is not world readable
    file:
      path: "{{ role_path }}/files/test_rsa"
      mode: 0600

  - name: Create user with sshkey
    ios_user:
      name: ssh_user
      privilege: 15
      role: network-operator
      state: present
      provider: "{{ cli }}"
      sshkey: "{{ lookup('file', 'files/test_rsa.pub') }}"

  - name: test sshkey login
    shell: "ssh ssh_user@{{ ansible_ssh_host }} -p {{ ansible_ssh_port|default(22) }} -o IdentityFile={{ role_path }}/files/test_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o BatchMode=yes -o PubkeyAuthentication=yes show version"

  - name: test login without sshkey (should fail)
    expect:
      command: "ssh ssh_user@{{ ansible_ssh_host }} -p {{ ansible_ssh_port|default(22) }} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PubkeyAuthentication=no show version"
      responses:
        (?i)password: badpass
    ignore_errors: yes
    register: results

  - name: check that attempt failed
    assert:
      that:
        - results.failed

  always:
  - name: delete user
    ios_user:
      name: ssh_user
      state: absent
      provider: "{{ cli }}"
    register: result

  - name: reset connection
    meta: reset_connection