---
- name: Verify graylog role
  hosts: localhost
  gather_facts: false
  vars:
    graylog_data_dir: /tmp/sovereign_test/graylog

  tasks:
    - name: Check graylog data directory exists
      ansible.builtin.stat:
        path: /tmp/sovereign_test/graylog
      register: data_dir_stat

    - name: Assert graylog data directory is present
      ansible.builtin.assert:
        that: data_dir_stat.stat.isdir
        fail_msg: "Data directory /tmp/sovereign_test/graylog was not created"

    - name: Check graylog data subdirectory exists
      ansible.builtin.stat:
        path: /tmp/sovereign_test/graylog/data
      register: data_subdir_stat

    - name: Assert graylog data subdirectory is present
      ansible.builtin.assert:
        that: data_subdir_stat.stat.isdir
        fail_msg: "Directory /tmp/sovereign_test/graylog/data was not created"

    - name: Check graylog config directory exists
      ansible.builtin.stat:
        path: /tmp/sovereign_test/graylog/config
      register: config_dir_stat

    - name: Assert graylog config directory is present
      ansible.builtin.assert:
        that: config_dir_stat.stat.isdir
        fail_msg: "Directory /tmp/sovereign_test/graylog/config was not created"

    - name: Check graylog opensearch directory exists
      ansible.builtin.stat:
        path: /tmp/sovereign_test/graylog/opensearch
      register: opensearch_dir_stat

    - name: Assert graylog opensearch directory is present
      ansible.builtin.assert:
        that: opensearch_dir_stat.stat.isdir
        fail_msg: "Directory /tmp/sovereign_test/graylog/opensearch was not created"

    - name: Check docker-compose.yml exists
      ansible.builtin.stat:
        path: /tmp/sovereign_test/graylog/docker-compose.yml
      register: compose_stat

    - name: Assert docker-compose.yml was rendered
      ansible.builtin.assert:
        that: compose_stat.stat.exists
        fail_msg: "docker-compose.yml was not rendered for graylog"

    - name: Read docker-compose.yml
      ansible.builtin.slurp:
        src: /tmp/sovereign_test/graylog/docker-compose.yml
      register: compose_raw

    - name: Set compose content fact
      ansible.builtin.set_fact:
        compose: "{{ compose_raw.content | b64decode }}"

    - name: Assert graylog image reference in compose
      ansible.builtin.assert:
        that: "'graylog/graylog:6.0' in compose"
        fail_msg: "Expected image 'graylog/graylog:6.0' not found in docker-compose.yml"

    - name: Assert graylog host rule in compose
      ansible.builtin.assert:
        that: "'Host(`logs.test.example.com`)' in compose"
        fail_msg: "Expected Host rule for logs.test.example.com not found in docker-compose.yml"

    - name: Assert GELF UDP port binding in compose
      ansible.builtin.assert:
        that: "'12201/udp' in compose"
        fail_msg: "Expected GELF UDP port binding 12201/udp not found in docker-compose.yml"

    - name: Assert sovereign network is external in compose
      ansible.builtin.assert:
        that: "'external: true' in compose"
        fail_msg: "Expected 'external: true' not found in docker-compose.yml"

    - name: Assert graylog password secret in compose
      ansible.builtin.assert:
        that: "'test_graylog_secret_min_16_chars' in compose"
        fail_msg: "Expected graylog_password_secret 'test_graylog_secret_min_16_chars' not found in docker-compose.yml"

    - name: Assert graylog root password sha2 in compose
      ansible.builtin.assert:
        that: "'test_sha256_placeholder' in compose"
        fail_msg: "Expected graylog_root_password_sha2 'test_sha256_placeholder' not found in docker-compose.yml"