---
- name: setup
  cs_user: username={{ cs_resource_prefix }}_user state=absent
  register: user
- name: verify setup
  assert:
    that:
    - user is successful

- name: test fail if missing username
  action: cs_user
  register: user
  ignore_errors: true
- name: verify results of fail if missing params
  assert:
    that:
    - user is failed
    - 'user.msg == "missing required arguments: username"'

- name: test fail if missing params if state=present
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
  register: user
  ignore_errors: true
- name: verify results of fail if missing params if state=present
  assert:
    that:
    - user is failed
    - 'user.msg == "missing required arguments: account, email, password, first_name, last_name"'

- name: test create user in check mode
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    password: "{{ cs_resource_prefix }}_password"
    last_name: "{{ cs_resource_prefix }}_last_name"
    first_name: "{{ cs_resource_prefix }}_first_name"
    email: "{{ cs_resource_prefix }}@example.com"
    account: "admin"
  register: user
  check_mode: true
- name: verify results of create user in check mode
  assert:
    that:
    - user is successful
    - user is changed

- name: test create user
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    password: "{{ cs_resource_prefix }}_password"
    last_name: "{{ cs_resource_prefix }}_last_name"
    first_name: "{{ cs_resource_prefix }}_first_name"
    email: "{{ cs_resource_prefix }}@example.com"
    account: "admin"
  register: user
- name: verify results of create user
  assert:
    that:
    - user is successful
    - user is changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.first_name == "{{ cs_resource_prefix }}_first_name"
    - user.last_name == "{{ cs_resource_prefix }}_last_name"
    - user.email == "{{ cs_resource_prefix }}@example.com"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state == "enabled"
    - user.domain == "ROOT"
    - user.user_api_key is not defined

- name: test create user idempotence
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    password: "{{ cs_resource_prefix }}_password"
    last_name: "{{ cs_resource_prefix }}_last_name"
    first_name: "{{ cs_resource_prefix }}_first_name"
    email: "{{ cs_resource_prefix }}@example.com"
    account: "admin"
  register: user
- name: verify results of create user idempotence
  assert:
    that:
    - user is successful
    - user is not changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.first_name == "{{ cs_resource_prefix }}_first_name"
    - user.last_name == "{{ cs_resource_prefix }}_last_name"
    - user.email == "{{ cs_resource_prefix }}@example.com"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state == "enabled"
    - user.domain == "ROOT"
    - user.user_api_key is not defined

- name: test create account
  cs_account:
    name: "{{ cs_resource_prefix }}_acc"
    username: "{{ cs_resource_prefix }}_acc_username"
    password: "{{ cs_resource_prefix }}_acc_password"
    last_name: "{{ cs_resource_prefix }}_acc_last_name"
    first_name: "{{ cs_resource_prefix }}_acc_first_name"
    email: "{{ cs_resource_prefix }}@example.com"
    network_domain: "example.com"
  register: acc
- name: verify results of create account
  assert:
    that:
    - acc is successful
    - acc is changed
    - acc.name == "{{ cs_resource_prefix }}_acc"
    - acc.network_domain == "example.com"
    - acc.account_type == "user"
    - acc.state == "enabled"
    - acc.domain == "ROOT"
    - acc is changed

- name: test create user2 in check mode
  cs_user:
    username: "{{ cs_resource_prefix }}_user2"
    password: "{{ cs_resource_prefix }}_password2"
    last_name: "{{ cs_resource_prefix }}_last_name2"
    first_name: "{{ cs_resource_prefix }}_first_name2"
    email: "{{ cs_resource_prefix }}@example2.com"
    account: "{{ cs_resource_prefix }}_acc"
    keys_registered: true
  check_mode: true
  register: user
- name: verify results of create user idempotence
  assert:
    that:
    - user is successful
    - user is changed

- name: test create user2
  cs_user:
    username: "{{ cs_resource_prefix }}_user2"
    password: "{{ cs_resource_prefix }}_password2"
    last_name: "{{ cs_resource_prefix }}_last_name2"
    first_name: "{{ cs_resource_prefix }}_first_name2"
    email: "{{ cs_resource_prefix }}@example2.com"
    account: "{{ cs_resource_prefix }}_acc"
    keys_registered: true
  register: user
- name: verify results of create user idempotence
  assert:
    that:
    - user is successful
    - user is changed
    - user.username == "{{ cs_resource_prefix }}_user2"
    - user.first_name == "{{ cs_resource_prefix }}_first_name2"
    - user.last_name == "{{ cs_resource_prefix }}_last_name2"
    - user.email == "{{ cs_resource_prefix }}@example2.com"
    - user.account_type == "user"
    - user.account == "{{ cs_resource_prefix }}_acc"
    - user.state == "enabled"
    - user.domain == "ROOT"
    - user.user_api_key is defined

- name: test create user2 idempotence
  cs_user:
    username: "{{ cs_resource_prefix }}_user2"
    password: "{{ cs_resource_prefix }}_password2"
    last_name: "{{ cs_resource_prefix }}_last_name2"
    first_name: "{{ cs_resource_prefix }}_first_name2"
    email: "{{ cs_resource_prefix }}@example2.com"
    account: "{{ cs_resource_prefix }}_acc"
    keys_registered: true
  register: user
- name: verify results of create user idempotence
  assert:
    that:
    - user is successful
    - user is not changed
    - user.username == "{{ cs_resource_prefix }}_user2"
    - user.first_name == "{{ cs_resource_prefix }}_first_name2"
    - user.last_name == "{{ cs_resource_prefix }}_last_name2"
    - user.email == "{{ cs_resource_prefix }}@example2.com"
    - user.account_type == "user"
    - user.account == "{{ cs_resource_prefix }}_acc"
    - user.state == "enabled"
    - user.domain == "ROOT"
    - user.user_api_key is defined

- name: test update user in check mode
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    password: "{{ cs_resource_prefix }}_password"
    last_name: "{{ cs_resource_prefix }}_last_name1"
    first_name: "{{ cs_resource_prefix }}_first_name1"
    email: "{{ cs_resource_prefix }}@example.com1"
    account: "admin"
    keys_registered: true
  register: user
  check_mode: true
- name: verify results of update user in check mode
  assert:
    that:
    - user is successful
    - user is changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.first_name == "{{ cs_resource_prefix }}_first_name"
    - user.last_name == "{{ cs_resource_prefix }}_last_name"
    - user.email == "{{ cs_resource_prefix }}@example.com"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state == "enabled"
    - user.domain == "ROOT"
    - user.user_api_key is not defined

- name: test update user
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    password: "{{ cs_resource_prefix }}_password"
    last_name: "{{ cs_resource_prefix }}_last_name1"
    first_name: "{{ cs_resource_prefix }}_first_name1"
    email: "{{ cs_resource_prefix }}@example.com1"
    account: "admin"
    keys_registered: true
  register: user
- name: verify results of update user
  assert:
    that:
    - user is successful
    - user is changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.first_name == "{{ cs_resource_prefix }}_first_name1"
    - user.last_name == "{{ cs_resource_prefix }}_last_name1"
    - user.email == "{{ cs_resource_prefix }}@example.com1"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state == "enabled"
    - user.domain == "ROOT"
    - user.user_api_key is defined

- name: test update user idempotence
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    password: "{{ cs_resource_prefix }}_password"
    last_name: "{{ cs_resource_prefix }}_last_name1"
    first_name: "{{ cs_resource_prefix }}_first_name1"
    email: "{{ cs_resource_prefix }}@example.com1"
    account: "admin"
    keys_registered: true
  register: user
- name: verify results of update user idempotence
  assert:
    that:
    - user is successful
    - user is not changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.first_name == "{{ cs_resource_prefix }}_first_name1"
    - user.last_name == "{{ cs_resource_prefix }}_last_name1"
    - user.email == "{{ cs_resource_prefix }}@example.com1"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state == "enabled"
    - user.domain == "ROOT"
    - user.user_api_key is defined

- name: test lock user in check mode
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    state: locked
  register: user
  check_mode: true
- name: verify results of lock user in check mode
  assert:
    that:
    - user is successful
    - user is changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state != "locked"
    - user.domain == "ROOT"

- name: test lock user
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    state: locked
  register: user
- name: verify results of lock user
  assert:
    that:
    - user is successful
    - user is changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state == "locked"
    - user.domain == "ROOT"

- name: test lock user idempotence
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    state: locked
  register: user
- name: verify results of lock user idempotence
  assert:
    that:
    - user is successful
    - user is not changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state == "locked"
    - user.domain == "ROOT"

- name: test disable user in check mode
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    state: disabled
  register: user
  check_mode: true
- name: verify results of disable user in check mode
  assert:
    that:
    - user is successful
    - user is changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state != "disabled"
    - user.domain == "ROOT"

- name: test disable user
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    state: disabled
  register: user
- name: verify results of disable user
  assert:
    that:
    - user is successful
    - user is changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state == "disabled"
    - user.domain == "ROOT"

- name: test disable user idempotence
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    state: disabled
  register: user
- name: verify results of disable user idempotence
  assert:
    that:
    - user is successful
    - user is not changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state == "disabled"
    - user.domain == "ROOT"

- name: test lock disabled user in check mode
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    state: locked
  register: user
  check_mode: true
- name: verify results of lock disabled user in check mode
  assert:
    that:
    - user is successful
    - user is changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state == "disabled"
    - user.domain == "ROOT"

- name: test lock disabled user
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    state: locked
  register: user
- name: verify results of lock disabled user
  assert:
    that:
    - user is successful
    - user is changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state == "locked"
    - user.domain == "ROOT"

- name: test lock disabled user idempotence
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    state: locked
  register: user
- name: verify results of lock disabled user idempotence
  assert:
    that:
    - user is successful
    - user is not changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state == "locked"
    - user.domain == "ROOT"

- name: test enable user in check mode
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    state: enabled
  register: user
  check_mode: true
- name: verify results of enable user in check mode
  assert:
    that:
    - user is successful
    - user is changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state != "enabled"
    - user.domain == "ROOT"

- name: test enable user
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    state: enabled
  register: user
- name: verify results of enable user
  assert:
    that:
    - user is successful
    - user is changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state == "enabled"
    - user.domain == "ROOT"

- name: test enable user idempotence using unlocked
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    state: unlocked
  register: user
- name: verify results of enable user idempotence
  assert:
    that:
    - user is successful
    - user is not changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state == "enabled"
    - user.domain == "ROOT"

- name: test remove user in check mode
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    state: absent
  register: user
  check_mode: true
- name: verify results of remove user in check mode
  assert:
    that:
    - user is successful
    - user is changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state == "enabled"
    - user.domain == "ROOT"

- name: test remove user
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    state: absent
  register: user
- name: verify results of remove user
  assert:
    that:
    - user is successful
    - user is changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state == "enabled"
    - user.domain == "ROOT"

- name: test remove user idempotence
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    state: absent
  register: user
- name: verify results of remove user idempotence
  assert:
    that:
    - user is successful
    - user is not changed

- name: test create locked user
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    password: "{{ cs_resource_prefix }}_password"
    last_name: "{{ cs_resource_prefix }}_last_name"
    first_name: "{{ cs_resource_prefix }}_first_name"
    email: "{{ cs_resource_prefix }}@example.com"
    account: "admin"
    state: locked
  register: user
- name: verify results of create locked user
  assert:
    that:
    - user is successful
    - user is changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.first_name == "{{ cs_resource_prefix }}_first_name"
    - user.last_name == "{{ cs_resource_prefix }}_last_name"
    - user.email == "{{ cs_resource_prefix }}@example.com"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state == "locked"
    - user.domain == "ROOT"

- name: test remove locked user
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    state: absent
  register: user
- name: verify results of remove locked user
  assert:
    that:
    - user is successful
    - user is changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state == "locked"
    - user.domain == "ROOT"

- name: test create disabled user
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    password: "{{ cs_resource_prefix }}_password"
    last_name: "{{ cs_resource_prefix }}_last_name"
    first_name: "{{ cs_resource_prefix }}_first_name"
    email: "{{ cs_resource_prefix }}@example.com"
    account: "admin"
    state: disabled
  register: user
- name: verify results of create disabled user
  assert:
    that:
    - user is successful
    - user is changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.first_name == "{{ cs_resource_prefix }}_first_name"
    - user.last_name == "{{ cs_resource_prefix }}_last_name"
    - user.email == "{{ cs_resource_prefix }}@example.com"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state == "disabled"
    - user.domain == "ROOT"

- name: test remove disabled user
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    state: absent
  register: user
- name: verify results of remove disabled user
  assert:
    that:
    - user is successful
    - user is changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state == "disabled"
    - user.domain == "ROOT"

- name: test create enabled user
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    password: "{{ cs_resource_prefix }}_password"
    last_name: "{{ cs_resource_prefix }}_last_name"
    first_name: "{{ cs_resource_prefix }}_first_name"
    email: "{{ cs_resource_prefix }}@example.com"
    account: "admin"
    state: enabled
  register: user
- name: verify results of create enabled user
  assert:
    that:
    - user is successful
    - user is changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.first_name == "{{ cs_resource_prefix }}_first_name"
    - user.last_name == "{{ cs_resource_prefix }}_last_name"
    - user.email == "{{ cs_resource_prefix }}@example.com"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state == "enabled"
    - user.domain == "ROOT"

- name: test remove enabled user
  cs_user:
    username: "{{ cs_resource_prefix }}_user"
    state: absent
  register: user
- name: verify results of remove enabled user
  assert:
    that:
    - user is successful
    - user is changed
    - user.username == "{{ cs_resource_prefix }}_user"
    - user.account_type == "root_admin"
    - user.account == "admin"
    - user.state == "enabled"
    - user.domain == "ROOT"