---
# =============================================================================
# tasks/validate.yml — Validation du fact (exécution + parsing JSON)
# =============================================================================

- name: "Validate | Forcer le rechargement des facts"
  ansible.builtin.meta: flush_handlers

- name: "Validate | Exécuter le script fact pour validation"
  ansible.builtin.command:
    cmd: "{{ remote_users_fact_dir }}/{{ remote_users_fact_name }}"
  register: _remote_users_fact_output
  changed_when: false
  failed_when: _remote_users_fact_output.rc != 0

- name: "Validate | Parser la sortie JSON"
  ansible.builtin.set_fact:
    _remote_users_fact_parsed: "{{ _remote_users_fact_output.stdout | from_json }}"

- name: "Validate | Vérifier la structure JSON — clés racine"
  ansible.builtin.assert:
    that:
      - _remote_users_fact_parsed.timestamp is defined
      - _remote_users_fact_parsed.sessions is defined
      - _remote_users_fact_parsed.users_remote is defined
      - _remote_users_fact_parsed.reliability is defined
      - _remote_users_fact_parsed.detection is defined
    fail_msg: "Clés racine manquantes dans la sortie JSON du fact"
    success_msg: "Clés racine OK"
    quiet: true

- name: "Validate | Vérifier la structure JSON — sessions"
  ansible.builtin.assert:
    that:
      - _remote_users_fact_parsed.sessions.ssh is defined
      - _remote_users_fact_parsed.sessions.citrix is defined
      - _remote_users_fact_parsed.sessions.horizon is defined
      - _remote_users_fact_parsed.sessions.total_by_protocol is defined
      - _remote_users_fact_parsed.sessions.who_remote is defined
      - _remote_users_fact_parsed.sessions.ssh | int >= 0
      - _remote_users_fact_parsed.sessions.citrix | int >= 0
      - _remote_users_fact_parsed.sessions.horizon | int >= 0
      - _remote_users_fact_parsed.sessions.total_by_protocol | int >= 0
      - _remote_users_fact_parsed.sessions.who_remote | int >= 0
    fail_msg: "Structure 'sessions' invalide ou valeurs négatives"
    success_msg: "Structure sessions OK"
    quiet: true

- name: "Validate | Vérifier la cohérence total = ssh + citrix + horizon"
  ansible.builtin.assert:
    that:
      - >-
        _remote_users_fact_parsed.sessions.total_by_protocol | int ==
        (_remote_users_fact_parsed.sessions.ssh | int +
         _remote_users_fact_parsed.sessions.citrix | int +
         _remote_users_fact_parsed.sessions.horizon | int)
    fail_msg: >-
      total_by_protocol ({{ _remote_users_fact_parsed.sessions.total_by_protocol }})
      != ssh+citrix+horizon
      ({{ _remote_users_fact_parsed.sessions.ssh }}
       +{{ _remote_users_fact_parsed.sessions.citrix }}
       +{{ _remote_users_fact_parsed.sessions.horizon }})
    success_msg: "Cohérence total OK"
    quiet: true

- name: "Validate | Vérifier la structure JSON — reliability"
  ansible.builtin.assert:
    that:
      - _remote_users_fact_parsed.reliability.ratio_who_over_total is defined
      - _remote_users_fact_parsed.reliability.verdict is defined
      - _remote_users_fact_parsed.reliability.detail is defined
      - _remote_users_fact_parsed.reliability.verdict in _remote_users_fact_valid_verdicts
    fail_msg: >-
      Structure 'reliability' invalide ou verdict inconnu :
      '{{ _remote_users_fact_parsed.reliability.verdict | default('UNDEFINED') }}'
    success_msg: "Structure reliability OK"
    quiet: true
  vars:
    _remote_users_fact_valid_verdicts:
      - FIABLE
      - OK
      - NEUTRE
      - WHO_SUP_TOTAL
      - WHO_INF_TOTAL
      - WHO_SEUL
      - PROTO_SEUL

- name: "Validate | Vérifier la structure JSON — detection"
  ansible.builtin.assert:
    that:
      - _remote_users_fact_parsed.detection.citrix_vda_installed is defined
      - _remote_users_fact_parsed.detection.horizon_agent_installed is defined
      - _remote_users_fact_parsed.detection.ssh_method is defined
      - _remote_users_fact_parsed.detection.citrix_method is defined
      - _remote_users_fact_parsed.detection.horizon_method is defined
    fail_msg: "Structure 'detection' invalide"
    success_msg: "Structure detection OK"
    quiet: true

- name: "Validate | Recharger ansible_local"
  ansible.builtin.setup:
    filter: ansible_local

- name: "Validate | Confirmer la présence dans ansible_local"
  ansible.builtin.assert:
    that:
      - ansible_local.remote_users is defined
      - ansible_local.remote_users.sessions is defined
      - ansible_local.remote_users.reliability is defined
    fail_msg: >-
      Le fact remote_users n'est pas visible dans ansible_local
      après rechargement. Vérifier les permissions et le format.
    success_msg: "Fact remote_users chargé dans ansible_local avec succès"