---
# =============================================================================
# DRIFT-CHECK PLAYBOOK
# Purpose: Compare file on repo vs server to detect if they're in sync
# Usage: ansible-playbook drift-check.yml
# Output: SYNCED or OUT_OF_SYNC status
# =============================================================================

- name: Check file drift
  hosts: all
  gather_facts: false

  tasks:
    # ─────────────────────────────────────────────────────────────────────
    # TASK 1: Read local file from repo
    # Reads dvir.txt from the local repository using base64 encoding
    # ─────────────────────────────────────────────────────────────────────
    - name: Read local file
      slurp:
        src: "{{ playbook_dir }}/../../files/dvir.txt"
      delegate_to: localhost
      register: local_file

    # ─────────────────────────────────────────────────────────────────────
    # TASK 2: Read file from server
    # Attempts to read dvir.txt from /tmp on the target server
    # Failure is allowed here (we'll handle it in next task)
    # ─────────────────────────────────────────────────────────────────────
    - name: Read server file
      slurp:
        src: /tmp/dvir.txt
      register: server_file
      failed_when: false

    # ─────────────────────────────────────────────────────────────────────
    # TASK 3: Compare file contents (if server file exists)
    # Decodes base64 and compares content between repo and server
    # Sets drift_detected to true if content differs
    # ─────────────────────────────────────────────────────────────────────
    - name: Compare file contents
      set_fact:
        drift_detected: "{{ (local_file.content | b64decode) != (server_file.content | b64decode) }}"
      when: server_file.rc == 0

    # ─────────────────────────────────────────────────────────────────────
    # TASK 4: Mark as drift if server file is missing
    # If the server file doesn't exist, it's also considered drift
    # ─────────────────────────────────────────────────────────────────────
    - name: Mark as drift if server file missing
      set_fact:
        drift_detected: true
      when: server_file.rc != 0

    # ─────────────────────────────────────────────────────────────────────
    # TASK 5: Output SYNCED status
    # Displayed when file on server matches repo file exactly
    # ─────────────────────────────────────────────────────────────────────
    - name: Output SYNCED status
      debug:
        msg: "✓ dvir.txt is synced"
      when: not drift_detected

    # ─────────────────────────────────────────────────────────────────────
    # TASK 6: Output OUT_OF_SYNC status
    # Displayed when file on server differs from repo or is missing
    # ─────────────────────────────────────────────────────────────────────
    - name: Output OUT_OF_SYNC status
      debug:
        msg: "✗ dvir.txt is out of sync"
      when: drift_detected

    - name: Fail if drift detected
      fail:
        msg: "Configuration drift detected."
      when: drift_detected