################################
### check mode remove a rule ###
################################
- name: check mode remove directory rule
  win_audit_rule:
    path: "{{ test_audit_rule_folder }}"
    user: "{{ test_audit_rule_user }}"
    state: absent
  register: directory
  check_mode: yes

- name: check mode remove file rule
  win_audit_rule:
    path: "{{ test_audit_rule_file }}"
    user: "{{ test_audit_rule_user }}"
    state: absent
  register: file
  check_mode: yes

- name: check mode remove registry rule
  win_audit_rule:
    path: "{{ test_audit_rule_registry }}"
    user: "{{ test_audit_rule_user }}"
    state: absent
  register: registry
  check_mode: yes

- name: check mode remove get directory rule results
  test_get_audit_rule:
    path: "{{ test_audit_rule_folder }}"
    user: "{{ test_audit_rule_user }}"
    rights: "{{ test_audit_rule_new_rights }}"
    audit_flags: "{{ test_audit_rule_audit_flags }}"
  register: directory_results

- name: check mode remove get file rule results
  test_get_audit_rule:
    path: "{{ test_audit_rule_file }}"
    user: "{{ test_audit_rule_user }}"
    rights: "{{ test_audit_rule_new_rights }}"
    audit_flags: "{{ test_audit_rule_audit_flags }}"
    inheritance_flags: none
  register: file_results

- name: check mode remove get REGISTRY rule results
  test_get_audit_rule:
    path: "{{ test_audit_rule_registry }}"
    user: "{{ test_audit_rule_user }}"
    rights: "{{ test_audit_rule_new_rights }}"
    audit_flags: "{{ test_audit_rule_audit_flags }}"
  register: registry_results

- name: check mode remove assert that change detected, but rule is still present
  assert:
    that:
    - directory is changed
    - file is changed
    - registry is changed
    - directory_results.matching_rule_found and directory_results.path_type == 'directory'
    - file_results.matching_rule_found and file_results.path_type == 'file'
    - registry_results.matching_rule_found and registry_results.path_type == 'registry'

#####################
### remove a rule ###
#####################
- name: remove directory rule
  win_audit_rule:
    path: "{{ test_audit_rule_folder }}"
    user: "{{ test_audit_rule_user }}"
    state: absent
  register: directory

- name: remove file rule
  win_audit_rule:
    path: "{{ test_audit_rule_file }}"
    user: "{{ test_audit_rule_user }}"
    state: absent
  register: file

- name: remove registry rule
  win_audit_rule:
    path: "{{ test_audit_rule_registry }}"
    user: "{{ test_audit_rule_user }}"
    state: absent
  register: registry

- name: remove get directory rule results
  test_get_audit_rule:
    path: "{{ test_audit_rule_folder }}"
    user: "{{ test_audit_rule_user }}"
    rights: "{{ test_audit_rule_new_rights }}"
    audit_flags: "{{ test_audit_rule_audit_flags }}"
  register: directory_results

- name: remove get file rule results
  test_get_audit_rule:
    path: "{{ test_audit_rule_file }}"
    user: "{{ test_audit_rule_user }}"
    rights: "{{ test_audit_rule_new_rights }}"
    audit_flags: "{{ test_audit_rule_audit_flags }}"
    inheritance_flags: none
  register: file_results

- name: remove get REGISTRY rule results
  test_get_audit_rule:
    path: "{{ test_audit_rule_registry }}"
    user: "{{ test_audit_rule_user }}"
    rights: "{{ test_audit_rule_new_rights }}"
    audit_flags: "{{ test_audit_rule_audit_flags }}"
  register: registry_results

- name: remove assert that change detected and rule is gone
  assert:
    that:
    - directory is changed
    - file is changed
    - registry is changed
    - not directory_results.matching_rule_found and directory_results.path_type == 'directory'
    - not file_results.matching_rule_found and file_results.path_type == 'file'
    - not registry_results.matching_rule_found and registry_results.path_type == 'registry'

################################
### idempotent remove a rule ###
################################
- name: idempotent remove directory rule
  win_audit_rule:
    path: "{{ test_audit_rule_folder }}"
    user: "{{ test_audit_rule_user }}"
    state: absent
  register: directory

- name: idempotent remove file rule
  win_audit_rule:
    path: "{{ test_audit_rule_file }}"
    user: "{{ test_audit_rule_user }}"
    state: absent
  register: file

- name: idempotent remove registry rule
  win_audit_rule:
    path: "{{ test_audit_rule_registry }}"
    user: "{{ test_audit_rule_user }}"
    state: absent
  register: registry

- name: idempotent remove assert that no change detected
  assert:
    that:
    - directory is not changed and directory.path_type == 'directory'
    - file is not changed and file.path_type == 'file'
    - registry is not changed and registry.path_type == 'registry'