- name: Run Post-deployment admin setup steps, test, and compliance scan
  hosts: "{{ cifmw_target_host | default('localhost') }}"
  gather_facts: true
  tasks:
    - name: Run cifmw_setup admin_setup.yml
      ansible.builtin.import_role:
        name: cifmw_setup
        tasks_from: admin_setup.yml
      tags:
        - admin-setup

    # FDP Update - OpenStack package updates across all layers
    - name: FDP Update - Validate required variables
      when: cifmw_fdp_update_enabled | default(false) | bool
      tags:
        - fdp-update
      block:
        - name: Validate required variables are set
          ansible.builtin.assert:
            that:
              - cifmw_fdp_update_target_package is defined
              - cifmw_fdp_update_target_package | length > 0
              - cifmw_fdp_update_repo_baseurl is defined
              - cifmw_fdp_update_repo_baseurl | length > 0
            fail_msg: |
              Required variables are missing!

              You must set:
                - cifmw_fdp_update_target_package: Name of the RPM package to update
                - cifmw_fdp_update_repo_baseurl: Repository base URL containing the updated package
            success_msg: "Required variables validated successfully"

        - name: Update control plane container images
          ansible.builtin.import_role:
            name: fdp_update_container_images
          vars:
            cifmw_fdp_update_container_images_target_package: "{{ cifmw_fdp_update_target_package }}"
            cifmw_fdp_update_container_images_repo_baseurl: "{{ cifmw_fdp_update_repo_baseurl }}"

        - name: Update EDPM (containers and host packages)
          ansible.builtin.import_role:
            name: fdp_update_edpm
          vars:
            cifmw_fdp_update_edpm_repo_baseurl: "{{ cifmw_fdp_update_repo_baseurl }}"

    - name: Run Test
      ansible.builtin.import_role:
        name: cifmw_setup
        tasks_from: run_tests.yml
      tags:
        - run-tests

    - name: Run compliance scan for controllers
      ansible.builtin.import_role:
        name: compliance
      vars:
        cifmw_compliance_podman_username: "{{ cifmw_registry_token.credentials.username }}"
        cifmw_compliance_podman_password: "{{ cifmw_registry_token.credentials.password }}"
      when: cifmw_run_operators_compliance_scans | default(false) | bool
      tags:
        - compliance

- name: Run compliance scan for computes
  hosts: "{{ groups['computes'] | default ([]) }}"
  gather_facts: true
  tasks:
    - name: Run compliance scan for one compute
      ansible.builtin.import_role:
        name: compliance
        tasks_from: run_compute_node_scans.yml
      run_once: true
      when: cifmw_run_compute_compliance_scans | default(false) | bool
  tags:
    - compliance

- name: Run backup and restore test
  hosts: "{{ cifmw_target_host | default('localhost') }}"
  gather_facts: true
  tasks:
    - name: Run backup/restore end-to-end orchestration
      ansible.builtin.import_role:
        name: cifmw_backup_restore
        tasks_from: e2e.yml
      when: cifmw_run_backup_restore_test | default(false) | bool
  tags:
    - backup-restore

- name: Run hooks and inject status flag
  hosts: "{{ cifmw_target_host | default('localhost') }}"
  gather_facts: true
  tasks:
    - name: Run pre_end hooks
      tags:
        - pre-end
      vars:
        step: pre_end
      ansible.builtin.import_role:
        name: run_hook

    - name: Inject success flag
      ansible.builtin.file:
        path: "{{ ansible_user_dir }}/cifmw-success"
        state: touch
        mode: "0644"

- name: Run log related tasks
  hosts: "{{ cifmw_target_host | default('localhost') }}"
  gather_facts: false
  tasks:
    - name: Run logging
      ansible.builtin.import_role:
        name: cifmw_setup
        tasks_from: run_logs.yml
      tags:
        - logs