---
- name: Verify automatisch role
  hosts: localhost
  gather_facts: false
  vars:
    automatisch_data_dir: /tmp/sovereign_test/automatisch
    automatisch_domain: automate.test.example.com
    automatisch_version: latest
    automatisch_encryption_key: test_automatisch_encryption_key
    automatisch_webhook_secret_key: test_automatisch_webhook_secret
    automatisch_app_secret_key: test_automatisch_app_secret
    automatisch_db_password: test_automatisch_db

  tasks:
    - name: Check automatisch data directory exists
      ansible.builtin.stat:
        path: "/tmp/sovereign_test/automatisch"
      register: data_dir_stat

    - name: Assert automatisch data directory is present
      ansible.builtin.assert:
        that: data_dir_stat.stat.isdir
        fail_msg: "Data directory /tmp/sovereign_test/automatisch was not created"

    - name: Check docker-compose.yml exists
      ansible.builtin.stat:
        path: "/tmp/sovereign_test/automatisch/docker-compose.yml"
      register: compose_stat

    - name: Assert docker-compose.yml was rendered
      ansible.builtin.assert:
        that: compose_stat.stat.exists
        fail_msg: "docker-compose.yml was not rendered for automatisch"

    - name: Read docker-compose.yml
      ansible.builtin.slurp:
        src: "/tmp/sovereign_test/automatisch/docker-compose.yml"
      register: compose_raw

    - name: Set compose content fact
      ansible.builtin.set_fact:
        compose: "{{ compose_raw.content | b64decode }}"

    - name: Assert automatisch image is present
      ansible.builtin.assert:
        that: "'automatischio/automatisch' in compose"
        fail_msg: "automatischio/automatisch image not found in docker-compose.yml"

    - name: Assert automatisch domain traefik rule is present
      ansible.builtin.assert:
        that: "'Host(`automate.test.example.com`)' in compose"
        fail_msg: "Traefik rule for automate.test.example.com not found in docker-compose.yml"

    - name: Assert Authentik forward auth middleware is present
      ansible.builtin.assert:
        that: "'outpost.goauthentik.io/auth/traefik' in compose"
        fail_msg: "Authentik forward auth address not found in docker-compose.yml"

    - name: Assert encryption key is present in compose
      ansible.builtin.assert:
        that: "'test_automatisch_encryption_key' in compose"
        fail_msg: "automatisch_encryption_key not found in docker-compose.yml"

    - name: Assert GELF logging address is present
      ansible.builtin.assert:
        that: "'udp://127.0.0.1:12201' in compose"
        fail_msg: "GELF logging address udp://127.0.0.1:12201 not found in docker-compose.yml"

    - name: Assert sovereign network is external
      ansible.builtin.assert:
        that: "'external: true' in compose"
        fail_msg: "external: true not found in docker-compose.yml networks section"

    - name: Assert worker service is present
      ansible.builtin.assert:
        that: "'automatisch-worker' in compose"
        fail_msg: "automatisch-worker service not found in docker-compose.yml"

    - name: Assert Redis service is present
      ansible.builtin.assert:
        that: "'automatisch-redis' in compose"
        fail_msg: "automatisch-redis service not found in docker-compose.yml"