# Test code for win_group_membership

# (c) 2017, Andrew Saraceni <andrew.saraceni@gmail.com>
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.

- name: Remove potentially leftover group members
  win_group_membership:
    name: "{{ win_local_group }}"
    members:
      - Administrator
      - Guest
      - NT AUTHORITY\SYSTEM
      - NT AUTHORITY\NETWORK SERVICE
    state: absent


- name: Add user to fake group
  win_group_membership:
    name: FakeGroup
    members:
      - Administrator
    state: present
  register: add_user_to_fake_group
  failed_when: add_user_to_fake_group.changed != false or add_user_to_fake_group.msg != "Could not find local group FakeGroup"


- name: Add fake local user
  win_group_membership:
    name: "{{ win_local_group }}"
    members:
      - FakeUser
    state: present
  register: add_fake_local_user
  failed_when: add_fake_local_user.changed != false or add_fake_local_user.msg != "Could not resolve group member FakeUser"


- name: Add fake FQDN domain user
  win_group_membership:
    name: "{{ win_local_group }}"
    members:
      - FakeUser@domain.fake
    state: present
  register: add_fake_fqdn_domain_user
  failed_when: add_fake_fqdn_domain_user.changed != false or add_fake_fqdn_domain_user.msg != "Could not resolve NetBIOS name for domain domain.fake"


- name: Add users to group
  win_group_membership: &wgm_present
    name: "{{ win_local_group }}"
    members:
      - Administrator
      - Guest
      - NT AUTHORITY\SYSTEM
    state: present
  register: add_users_to_group

- name: Test add_users_to_group (normal mode)
  assert:
    that:
    - add_users_to_group.changed == true
    - add_users_to_group.added == ["Administrator", "Guest", "NT AUTHORITY\\SYSTEM"]
    - add_users_to_group.members == ["Administrator", "Guest", "NT AUTHORITY\\SYSTEM"]
  when: not in_check_mode

- name: Test add_users_to_group (check-mode)
  assert:
    that:
    - add_users_to_group.changed == true
    - add_users_to_group.added == []
    - add_users_to_group.members == []
  when: in_check_mode


- name: Add users to group (again)
  win_group_membership: *wgm_present
  register: add_users_to_group_again

- name: Test add_users_to_group_again (normal mode)
  assert:
    that:
    - add_users_to_group_again.changed == false
    - add_users_to_group_again.added == []
    - add_users_to_group_again.members == ["Administrator", "Guest", "NT AUTHORITY\\SYSTEM"]
  when: not in_check_mode


- name: Add different syntax users to group (again)
  win_group_membership:
    <<: *wgm_present
    members:
      - "{{ ansible_hostname }}\\Administrator"
      - .\Guest
  register: add_different_syntax_users_to_group_again

- name: Test add_different_syntax_users_to_group_again (normal mode)
  assert:
    that:
    - add_different_syntax_users_to_group_again.changed == false
    - add_different_syntax_users_to_group_again.added == []
    - add_different_syntax_users_to_group_again.members == ["Administrator", "Guest", "NT AUTHORITY\\SYSTEM"]
  when: not in_check_mode

- name: Test add_different_syntax_users_to_group_again (check-mode)
  assert:
    that:
    - add_different_syntax_users_to_group_again.changed == true
    - add_different_syntax_users_to_group_again.added == []
    - add_different_syntax_users_to_group_again.members == []
  when: in_check_mode


- name: Add another user to group
  win_group_membership: &wgma_present
    <<: *wgm_present
    members:
      - NT AUTHORITY\NETWORK SERVICE
  register: add_another_user_to_group

- name: Test add_another_user_to_group (normal mode)
  assert:
    that:
    - add_another_user_to_group.changed == true
    - add_another_user_to_group.added == ["NT AUTHORITY\\NETWORK SERVICE"]
    - add_another_user_to_group.members == ["Administrator", "Guest", "NT AUTHORITY\\SYSTEM", "NT AUTHORITY\\NETWORK SERVICE"]
  when: not in_check_mode

- name: Test add_another_user_to_group (check-mode)
  assert:
    that:
    - add_another_user_to_group.changed == true
    - add_another_user_to_group.added == []
    - add_another_user_to_group.members == []
  when: in_check_mode


- name: Add another user to group (again)
  win_group_membership: *wgma_present
  register: add_another_user_to_group_again

- name: Test add_another_user_to_group_1_again (normal mode)
  assert:
    that:
    - add_another_user_to_group_again.changed == false
    - add_another_user_to_group_again.added == []
    - add_another_user_to_group_again.members == ["Administrator", "Guest", "NT AUTHORITY\\SYSTEM", "NT AUTHORITY\\NETWORK SERVICE"]
  when: not in_check_mode


- name: Remove users from group
  win_group_membership: &wgm_absent
    <<: *wgm_present
    state: absent
  register: remove_users_from_group

- name: Test remove_users_from_group (normal mode)
  assert:
    that:
    - remove_users_from_group.changed == true
    - remove_users_from_group.removed == ["Administrator", "Guest", "NT AUTHORITY\\SYSTEM"]
    - remove_users_from_group.members == ["NT AUTHORITY\\NETWORK SERVICE"]
  when: not in_check_mode

- name: Test remove_users_from_group (check-mode)
  assert:
    that:
    - remove_users_from_group.changed == false
    - remove_users_from_group.removed == []
    - remove_users_from_group.members == []
  when: in_check_mode


- name: Remove users from group (again)
  win_group_membership: *wgm_absent
  register: remove_users_from_group_again

- name: Test remove_users_from_group_again (normal mode)
  assert:
    that:
    - remove_users_from_group_again.changed == false
    - remove_users_from_group_again.removed == []
    - remove_users_from_group_again.members == ["NT AUTHORITY\\NETWORK SERVICE"]
  when: not in_check_mode


- name: Remove different syntax users from group (again)
  win_group_membership:
    <<: *wgm_absent
    members:
      - "{{ ansible_hostname }}\\Administrator"
      - .\Guest
  register: remove_different_syntax_users_from_group_again

- name: Test remove_different_syntax_users_from_group_again (normal mode)
  assert:
    that:
    - remove_different_syntax_users_from_group_again.changed == false
    - remove_different_syntax_users_from_group_again.removed == []
    - remove_different_syntax_users_from_group_again.members == ["NT AUTHORITY\\NETWORK SERVICE"]
  when: not in_check_mode

- name: Test add_different_syntax_users_to_group_again (check-mode)
  assert:
    that:
    - remove_different_syntax_users_from_group_again.changed == false
    - remove_different_syntax_users_from_group_again.removed == []
    - remove_different_syntax_users_from_group_again.members == []
  when: in_check_mode


- name: Remove another user from group
  win_group_membership: &wgma_absent
    <<: *wgm_absent
    members:
      - NT AUTHORITY\NETWORK SERVICE
  register: remove_another_user_from_group

- name: Test remove_another_user_from_group (normal mode)
  assert:
    that:
    - remove_another_user_from_group.changed == true
    - remove_another_user_from_group.removed == ["NT AUTHORITY\\NETWORK SERVICE"]
    - remove_another_user_from_group.members == []
  when: not in_check_mode

- name: Test remove_another_user_from_group (check-mode)
  assert:
    that:
    - remove_another_user_from_group.changed == false
    - remove_another_user_from_group.removed == []
    - remove_another_user_from_group.members == []
  when: in_check_mode


- name: Remove another user from group (again)
  win_group_membership: *wgma_absent
  register: remove_another_user_from_group_again

- name: Test remove_another_user_from_group_again (normal mode)
  assert:
    that:
    - remove_another_user_from_group_again.changed == false
    - remove_another_user_from_group_again.removed == []
    - remove_another_user_from_group_again.members == []
  when: not in_check_mode