---
- name: make sure win output dir exists
  win_file:
    path: "{{win_output_dir}}"
    state: directory

- name: reboot with defaults
  win_reboot:

- name: test with negative values for delays
  win_reboot:
    post_reboot_delay: -0.5
    pre_reboot_delay: -61

- name: schedule a reboot for sometime in the future
  win_command: shutdown.exe /r /t 599

- name: reboot with a shutdown already scheduled
  win_reboot:

# test a reboot that reboots again during the test_command phase
- name: create test file
  win_file:
    path: '{{win_output_dir}}\win_reboot_test'
    state: touch

- name: reboot with secondary reboot stage
  win_reboot:
    test_command: powershell.exe -NoProfile -EncodedCommand {{lookup('template', 'post_reboot.ps1')|b64encode(encoding='utf-16-le')}}

- name: reboot with test command that fails
  win_reboot:
    test_command: 'FAIL'
    reboot_timeout: 120
  register: reboot_fail_test
  failed_when: "reboot_fail_test.msg != 'Timed out waiting for post-reboot test command (timeout=120)'"

# try and reboot the host with a non admin user, we expect an error here
# this requires a bit of setup to create the user and allow it to connect
# over WinRM
- name: create password fact
  set_fact:
    standard_user: ansible_user_test
    standard_pass: password123! + {{ lookup('password', '/dev/null chars=ascii_letters,digits length=8') }}

- name: get original SDDL for WinRM listener
  win_shell: (Get-Item -Path WSMan:\localhost\Service\RootSDDL).Value
  register: original_sddl

- name: create standard user
  win_user:
    name: '{{standard_user}}'
    password: '{{standard_pass}}'
    update_password: always
    groups: Users
    state: present
  register: user_res

- name: add standard user to WinRM listener
  win_shell: |
    $sid = New-Object -TypeName System.Security.Principal.SecurityIdentifier -ArgumentList "{{user_res.sid}}"
    $sd = New-Object -TypeName System.Security.AccessControl.CommonSecurityDescriptor -ArgumentList $false, $false, "{{original_sddl.stdout_lines[0]}}"
    $sd.DiscretionaryAcl.AddAccess(
        [System.Security.AccessControl.AccessControlType]::Allow,
        $sid,
        (0x80000000 -bor 0x20000000),
        [System.Security.AccessControl.InheritanceFlags]::None,
        [System.Security.AccessControl.PropagationFlags]::None
    )
    $new_sddl = $sd.GetSddlForm([System.Security.AccessControl.AccessControlSections]::All)
    Set-Item -Path WSMan:\localhost\Service\RootSDDL -Value $new_sddl -Force

- block:
    - name: fail to reboot with non admin user
      win_reboot:
      vars:
        ansible_user: '{{standard_user}}'
        ansible_password: '{{standard_pass}}'
        ansible_winrm_transport: ntlm
      register: fail_shutdown
      failed_when: "fail_shutdown.msg != 'Reboot command failed, error was:  Access is denied.(5)'"

  always:
    - name: set the original SDDL to the WinRM listener
      win_shell: 'Set-Item -Path WSMan:\localhost\Service\RootSDDL -Value "{{original_sddl.stdout_lines[0]}}" -Force'

    - name: remove standard user
      win_user:
        name: '{{standard_user}}'
        state: absent

- name: Use invalid parameter
  reboot:
    foo: bar
  ignore_errors: true
  register: invalid_parameter

- name: Ensure task fails with error
  assert:
    that:
    - invalid_parameter is failed
    - "invalid_parameter.msg == 'Invalid options for reboot: foo'"