---

- name: Scan subnet - {{ subnet.address }}
  ansible.builtin.command:
    cmd: nmap -sn "{{ subnet.address }}" -oX -
  become: true
  register: nmap_scan


- name: Get subnets Address'
  ansible.builtin.include_tasks:
    file: tasks/api_call.yaml
  vars:
    api_client_name: "{{ nofusscomputing_phpipam_scan_agent.client_name }}"
    api_token: "{{ nofusscomputing_phpipam_scan_agent.client_token }}"
    api_path: "{{ api_address }}"
    api_query_string: "filter_by=subnetId&filter_value={{ subnet.id }}"


- name: Load Subnet - {{ subnet.address }}
  ansible.builtin.set_fact:
    cached_subnet: "{{ lookup('file', cache_filepath) }}"
    cacheable: false
  no_log: true
  when: >
    api_call.status | default(0) | int != 404


- name: Process Scan Results - {{ subnet.address }}
  ansible.builtin.set_fact:
    subnet_scan_results: |-
      [
      {% for scanned_host in ((nmap_scan.stdout | ansible.utils.from_xml) | from_yaml).nmaprun.host | default([]) %}
        {% if
          scanned_host.address[0]['@addrtype'] | default('') == 'ipv4'
            or
          scanned_host.address['@addrtype'] | default('') == 'ipv4'
        %}
          {
            {% for cached_host in cached_subnet | default([]) -%}
              {%- if cached_host.ip == scanned_host.address['@addr'] | default(scanned_host.address[0]['@addr']) -%}
                "id": {{ cached_host.id }},
                {%- endif -%}
            {%- endfor %}
            "subnetId": "{{ subnet.id }}",
            "ip": "{{ scanned_host.address['@addr'] | default(scanned_host.address[0]['@addr']) }}",
            "lastSeen": "{{ (nmap_scan.start | split('.'))[0] }}",

            {% if scanned_host.hostnames.hostname is defined %}

              {% set ip_address = scanned_host.address['@addr'] | default(scanned_host.address[0]['@addr']) | split('.') %}

              {% if
                '.' in scanned_host.hostnames.hostname['@name'] | string
                  and
                (ip_address[0] + '-' + ip_address[1] + '-' + ip_address[2] + '-' + ip_address[3]) not in scanned_host.hostnames.hostname['@name'] | string
                  and
                (ip_address[3] + '-' + ip_address[2] + '-' + ip_address[1] + '-' + ip_address[0]) not in scanned_host.hostnames.hostname['@name'] | string
              %}

                "hostname": "{{ (scanned_host.hostnames.hostname['@name'] | split('.'))[0] }}",

              {% elif
                '.' not in scanned_host.hostnames.hostname['@name'] | string
                  and
                (ip_address[0] + '-' + ip_address[1] + '-' + ip_address[2] + '-' + ip_address[3]) not in scanned_host.hostnames.hostname['@name'] | string
                  and
                (ip_address[3] + '-' + ip_address[2] + '-' + ip_address[1] + '-' + ip_address[0]) not in scanned_host.hostnames.hostname['@name'] | string
              %}

                "hostname": "{{ scanned_host.hostnames.hostname['@name'] }}",

              {% endif %}

            {% endif %}

            {% if scanned_host.address['@addrtype'] | default(scanned_host.address[1]['@addrtype']) == 'mac' %}

              "mac": "{{ scanned_host.address['@addr'] | default(scanned_host.address[1]['@addr']) | upper }}"

            {% endif %}
          },
        {% endif %}
      {% endfor %}
      ]


- name: Force Failure for non-HTTPS Communication
  ansible.builtin.assert:
    that:
      - |-
        not
          (
            (
              'http:' in (nofusscomputing_phpipam_scan_agent.http_server | default(nfc_c_http_server) | string)
                and
              'http://127.0.0.1' not in (nofusscomputing_phpipam_scan_agent.http_server | default(nfc_c_http_server) | string)
            )
              and
            nofusscomputing_phpipam_scan_agent.auth_token | default('no-token-set') != 'no-token-set'
          )
    fail_msg: 'Failing task as an attempt was made to communicate with the server over a non-encrypted channel'
    success_msg: 'OK'


- name: To JSON - {{ subnet.address }}
  ansible.builtin.set_fact:
    subnet_scan_results: "{{ subnet_scan_results | from_yaml }}"


  # Note: Dont edit http_agent version as the build pipeline updates automagically!!
  #       see ci variable 'RELEASE_ADDITIONAL_ACTIONS_BUMP'
- name: Upload Scan Results - {{ subnet.address }}
  ansible.builtin.uri:
    headers:
      Authorization: "Bearer {{ nofusscomputing_phpipam_scan_agent.auth_token | default('no-token-set') }}"
    http_agent: nfc-phpipam-scan-agent/0.2.0-a2
    url: "{{
      nofusscomputing_phpipam_scan_agent.http_server | default(nfc_c_http_server)
      }}:{{ nofusscomputing_phpipam_scan_agent.http_port | default(nfc_c_http_port) }}/"
    method: POST
    body_format: json
    body: {
      "code": "{{ nofusscomputing_phpipam_scan_agent.scanagent_code }}",
      "scan": {
        "subnet": "{{ subnet.address }}",
        "results": "{{ subnet_scan_results }}",
        "tz": "{{ '%z' | strftime }}"
      }
    }
    validate_certs: true    # Ensure always true