# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---

- name: Include provision_idrac vars
  include_vars: "{{ playbook_dir }}/../roles/provision_idrac/vars/main.yml"
  run_once: true

- name: Include control_plane_common vars
  include_vars: "{{ playbook_dir }}/../roles/control_plane_common/vars/main.yml"
  run_once: true

- name: Include idrac_vars.yml
  include_vars: "{{ playbook_dir }}/../{{ idrac_input_filename }}"
  run_once: true

- name: Warning - waiting for one minute
  pause:
    minutes: 1
    prompt: "{{ enable_2fa_warning_msg }}"
  run_once: true

- name: Set two_factor_authentication in lowercase
  set_fact:
    two_factor_authentication: "{{ two_factor_authentication | lower }}"

- name: Assert two_factor_authentication value
  assert:
    that:
      - two_factor_authentication | length > 1
      - two_factor_authentication == "enabled" or two_factor_authentication == "disabled"
    success_msg: "{{ simple_2fa_success_msg }}"
    fail_msg: "{{ simple_2fa_fail_msg }}"

- name: Disable 2FA message
  fail:
    msg: "{{ idrac_2fa_disable_msg }}"
  when: two_factor_authentication == "disabled"

- block:
    - name: Check idrac_tools_vars.yml file is encrypted
      command: cat "{{ playbook_dir }}/../{{ idrac_tools_vars_filename }}"
      changed_when: false
      run_once: true
      register: config_content
    
    - name: Decrpyt idrac_tools_vars.yml
      command: >-
        ansible-vault decrypt "{{ playbook_dir }}/../{{ idrac_tools_vars_filename }}"
        --vault-password-file "{{ playbook_dir }}/../{{ idrac_tools_vaultname }}"
      changed_when: false
      run_once: true
      when: "'$ANSIBLE_VAULT;' in config_content.stdout"
    
    - name: Include variable file idrac_tools_vars.yml
      include_vars: "{{ playbook_dir }}/../{{ idrac_tools_vars_filename }}"
      run_once: true
      no_log: true
    
    - name: Validate SMTP parameters are not empty
      fail:
        msg: "{{ smtp_input_fail_msg }}"
      when:
        - dns_domain_name | length < 1 or
          ipv4_static_dns1 | length < 1 or
          ipv4_static_dns2 | length < 1 or
          smtp_server_ip | length < 1 or
          smtp_username | length < 1 or
          smtp_password | length < 1 or
          use_email_address_2fa | length < 1 

    - name: Assert use_email_address_2fa value
      assert:
        that: '"@" in use_email_address_2fa'
        success_msg: "{{ email_address_success_msg }}"
        fail_msg: "{{ email_address_fail_msg }}"

    - name: Encrypt idrac_tools_vars.yml
      command: >-
        ansible-vault encrypt "{{ playbook_dir }}/../{{ idrac_tools_vars_filename }}"
        --vault-password-file "{{ playbook_dir }}/../{{ idrac_tools_vaultname }}"
      changed_when: false
      run_once: true
      when: "'$ANSIBLE_VAULT;' in config_content.stdout"
  when: two_factor_authentication == "enabled"