---

- name: Check the OpenAPI format version
  assert:
    that:
    - "threescale_cicd_openapi_file_version == '2.0'"
    msg: "Currently only the OpenAPI/Swagger 2.0 is handled. If needed, fill an issue or submit a pull request!"

- name: Make sure there is one and exactly one security requirement
  assert:
    that:
    - 'threescale_cicd_api_security_requirements|length == 1'
    msg: >-
      You have {{ threescale_cicd_api_security_requirements|length }} global security requirements.
      There must be one and only one security requirement.

- name: Make sure the security scheme is consistent with 3scale
  assert:
    that:
    - >-
      'type' in threescale_cicd_api_security_scheme and threescale_cicd_api_security_scheme.type == 'apiKey'
      or (threescale_cicd_api_security_scheme.type == 'oauth2' and threescale_cicd_sso_issuer_endpoint is defined)
    msg: >-
      The embedded security definition {{ threescale_cicd_api_security_scheme_name }} is not compatible with 3scale.
      Please make sure you chose an "apiKey" or "oauth2" scheme.
      Also, if you chose "oauth2", you will need to pass the threescale_cicd_sso_issuer_endpoint extra variable.
      The security definition you chose: {{ threescale_cicd_api_security_scheme|to_nice_json }}

- name: Make sure the Private Base URL is defined
  assert:
    that:
    - 'threescale_cicd_private_base_url is defined'
    msg: >-
      Either the private base url or the tuple backend hostname/scheme must be declared as extra variables
      (either threescale_cicd_private_base_url or threescale_cicd_api_backend_scheme / threescale_cicd_api_backend_hostname)

- name: Smoketests consistency
  assert:
    that:
    # Operation must exists
    - 'threescale_cicd_openapi_smoketest_operation in threescale_cicd_api_operations'
    # Must be a GET
    - "threescale_cicd_api_operations[threescale_cicd_openapi_smoketest_operation].verb == 'get'"
    # Must NOT have a placeholder in the path
    - 'threescale_cicd_api_operations[threescale_cicd_openapi_smoketest_operation].path.find("{") == -1'
    msg: "The smoketest operation {{ threescale_cicd_openapi_smoketest_operation }} must be a GET and cannot have a placeholder in its path."
  when: 'threescale_cicd_openapi_smoketest_operation|length > 0'

- name: Make sure the 'application' OAuth flow is enabled if smoke tests are required
  assert:
    that:
    - "'application' in threescale_cicd_oicd_flows|default([ threescale_cicd_api_security_scheme.flow ])"
    msg: >-
      Since 3scale AMP 2.5, you need to explicitely add the "application" flow to the supported
      OAuth flows if you want to run smoke tests. You can either disable smoke tests
      (-e threescale_cicd_openapi_smoketest_operation="") or enable the application flow
      (-e threescale_cicd_oicd_flows="{{ [ 'application', threescale_cicd_api_security_scheme.flow ] }}").
  when: >-
    threescale_cicd_api_security_scheme.type == 'oauth2'
    and threescale_cicd_openapi_smoketest_operation|length > 0
    and threescale_cicd_capabilities.oidc_configuration_api|bool

- debug:
    msg: "Will work on service with system_name = {{ threescale_cicd_api_system_name }}"