---
- name: install pip
  package:
    name:
      - python3-pip
      - python3-setuptools
    state: present

- name: install pam-tester
  ansible.builtin.pip:
    name: pam-tester
    state: present

- name: set password for test
  ansible.builtin.set_fact:
    test_pw: myTest!pw

- name: set locale for test
  ansible.builtin.set_fact:
    locale: en_US.UTF-8
  when:
    - ansible_facts.os_family == 'RedHat'
    - ansible_facts.distribution_major_version < '8'

- name: create testuser
  user:
    name: testuser
    password: "{{ test_pw | password_hash('sha512') }}"

- name: check successful login with correct password
  ansible.builtin.shell:
    cmd: pam-tester --user testuser --password {{ test_pw }}
  environment:
    TMPDIR: /var/tmp
    LC_ALL: "{{ locale | default('C.UTF-8') }}"
    LANG: "{{ locale | default('C.UTF-8') }}"

- name: check unsuccessful login with incorrect password
  ansible.builtin.shell:
    cmd: pam-tester --user testuser --password {{ test_pw }}fail --expectfail
  environment:
    TMPDIR: /var/tmp
    LC_ALL: "{{ locale | default('C.UTF-8') }}"
    LANG: "{{ locale | default('C.UTF-8') }}"
  with_sequence: count=6

- name: check unsuccessful login, with correct password (lockout)
  ansible.builtin.shell:
    cmd: pam-tester --user testuser --password {{ test_pw }} --expectfail
  environment:
    TMPDIR: /var/tmp
    LC_ALL: "{{ locale | default('C.UTF-8') }}"
    LANG: "{{ locale | default('C.UTF-8') }}"

- name: wait for account to unlock
  pause:
    seconds: 20

- name: check successful login
  ansible.builtin.shell:
    cmd: pam-tester --user testuser --password {{ test_pw }}
  environment:
    TMPDIR: /var/tmp
    LC_ALL: "{{ locale | default('C.UTF-8') }}"
    LANG: "{{ locale | default('C.UTF-8') }}"