---
# =============================================================================
# tasks/assert.yml — Validation stricte du paramétrage avant exécution
# =============================================================================

- name: "Assert | remote_users_fact_state est défini"
  ansible.builtin.assert:
    that:
      - remote_users_fact_state is defined
      - remote_users_fact_state | length > 0
    fail_msg: >-
      remote_users_fact_state n'est pas défini.
      Valeurs acceptées : present, absent, noop
    quiet: true

- name: "Assert | remote_users_fact_state contient une valeur valide"
  ansible.builtin.assert:
    that:
      - remote_users_fact_state in _remote_users_fact_valid_states
    fail_msg: >-
      remote_users_fact_state='{{ remote_users_fact_state }}' invalide.
      Valeurs acceptées : {{ _remote_users_fact_valid_states | join(', ') }}
    quiet: true
  vars:
    _remote_users_fact_valid_states:
      - present
      - absent
      - noop

- name: "Assert | remote_users_fact_dir est un chemin absolu"
  ansible.builtin.assert:
    that:
      - remote_users_fact_dir is defined
      - remote_users_fact_dir | length > 0
      - remote_users_fact_dir is match('^/')
    fail_msg: >-
      remote_users_fact_dir='{{ remote_users_fact_dir | default('') }}'
      doit être un chemin absolu (ex: /etc/ansible/facts.d)
    quiet: true
  when: remote_users_fact_state != "noop"

- name: "Assert | remote_users_fact_name est défini et valide"
  ansible.builtin.assert:
    that:
      - remote_users_fact_name is defined
      - remote_users_fact_name | length > 0
      - remote_users_fact_name is match('^[a-zA-Z0-9_.-]+\.fact$')
    fail_msg: >-
      remote_users_fact_name='{{ remote_users_fact_name | default('') }}'
      doit correspondre au pattern [a-zA-Z0-9_.-]+.fact
    quiet: true
  when: remote_users_fact_state != "noop"

- name: "Assert | remote_users_fact_owner est défini"
  ansible.builtin.assert:
    that:
      - remote_users_fact_owner is defined
      - remote_users_fact_owner | length > 0
    fail_msg: >-
      remote_users_fact_owner ne peut pas être vide
    quiet: true
  when: remote_users_fact_state == "present"

- name: "Assert | remote_users_fact_group est défini"
  ansible.builtin.assert:
    that:
      - remote_users_fact_group is defined
      - remote_users_fact_group | length > 0
    fail_msg: >-
      remote_users_fact_group ne peut pas être vide
    quiet: true
  when: remote_users_fact_state == "present"

- name: "Assert | remote_users_fact_validate est un booléen"
  ansible.builtin.assert:
    that:
      - remote_users_fact_validate | string | lower in ['true', 'false', 'yes', 'no']
    fail_msg: >-
      remote_users_fact_validate='{{ remote_users_fact_validate }}'
      doit être un booléen (true/false)
    quiet: true
  when: remote_users_fact_state == "present"

- name: "Assert | remote_users_fact_display_summary est un booléen"
  ansible.builtin.assert:
    that:
      - remote_users_fact_display_summary | string | lower in ['true', 'false', 'yes', 'no']
    fail_msg: >-
      remote_users_fact_display_summary='{{ remote_users_fact_display_summary }}'
      doit être un booléen (true/false)
    quiet: true
  when: remote_users_fact_state == "present"

- name: "Assert | remote_users_fact_warn_verdicts est une liste"
  ansible.builtin.assert:
    that:
      - remote_users_fact_warn_verdicts is defined
      - remote_users_fact_warn_verdicts is iterable
      - remote_users_fact_warn_verdicts is not string
    fail_msg: >-
      remote_users_fact_warn_verdicts doit être une liste
      (ex: [WHO_SUP_TOTAL, WHO_INF_TOTAL])
    quiet: true
  when: remote_users_fact_state == "present"

- name: "Assert | remote_users_fact_warn_verdicts contient des verdicts valides"
  ansible.builtin.assert:
    that:
      - item in _remote_users_fact_valid_verdicts
    fail_msg: >-
      Verdict '{{ item }}' invalide dans remote_users_fact_warn_verdicts.
      Valeurs acceptées : {{ _remote_users_fact_valid_verdicts | join(', ') }}
    quiet: true
  loop: "{{ remote_users_fact_warn_verdicts }}"
  vars:
    _remote_users_fact_valid_verdicts:
      - FIABLE
      - OK
      - NEUTRE
      - WHO_SUP_TOTAL
      - WHO_INF_TOTAL
      - WHO_SEUL
      - PROTO_SEUL
  when: remote_users_fact_state == "present"

- name: "Assert | Résumé du paramétrage validé"
  ansible.builtin.debug:
    msg: >-
      Assertions OK — state={{ remote_users_fact_state }}
      {% if remote_users_fact_state == 'present' %}
      dir={{ remote_users_fact_dir }}
      name={{ remote_users_fact_name }}
      validate={{ remote_users_fact_validate }}
      summary={{ remote_users_fact_display_summary }}
      {% endif %}