---
- name: Verify Samba AD DC setup
  when: samba_verify | bool
  block:

    - name: Run 'samba-tool domain info'
      command: samba-tool domain info 127.0.0.1
      register: domain_info
      changed_when: false

    - name: Assert that the domain is provisioned
      assert:
        that:
          - "'Netbios name' in domain_info.stdout"
          - "'Server Role: ACTIVE DIRECTORY DOMAIN CONTROLLER' in domain_info.stdout"

    - name: Attempt kinit with administrator
      command: echo "{{ samba_admin_password }}" | kinit administrator@{{ samba_realm }}
      register: kinit_result
      changed_when: false
      failed_when: kinit_result.rc != 0

    - name: Check Kerberos ticket
      command: klist
      register: klist_result
      changed_when: false

    - name: Assert Kerberos ticket exists
      assert:
        that:
          - "'krbtgt/{{ samba_realm }}@{{ samba_realm }}' in klist_result.stdout"

    - name: Check Samba AD DC service status
      service_facts:

    - name: Assert samba-ad-dc service is active
      assert:
        that:
          - "'samba-ad-dc' in ansible_facts.services"
          - ansible_facts.services['samba-ad-dc'].state == 'running'