#!/usr/share/ucs-test/runner python3
## desc: Test appending and removing groups for all computer roles (except computers/ipmanagedclient)
## tags: [udm-computers]
## roles: [domaincontroller_master]
## exposure: careful
## packages:
##   - univention-config
##   - univention-directory-manager-tools


import univention.testing.udm as udm_test
import univention.testing.strings as uts
import univention.testing.utils as utils


if __name__ == '__main__':
	with udm_test.UCSTestUDM() as udm:
		for role in udm.COMPUTER_MODULES:
			if role == 'computers/ipmanagedclient':
				continue

			groups = (udm.create_group()[0], udm.create_group()[0], udm.create_group()[0], udm.create_group()[0])

			computerName = uts.random_name()
			computer = udm.create_object(role, name=computerName)

			udm.modify_object(role, dn=computer, append={'groups': groups})
			utils.wait_for_connector_replication()
			# validate group memberships set during modification
			for group in groups:
				utils.verify_ldap_object(group, {'memberUid': ['%s$' % computerName], 'uniqueMember': [computer]})

			udm.modify_object(role, dn=computer, remove={'groups': groups[:2]})
			utils.wait_for_connector_replication()
			# validate that group memberships of groups removed during seccond modification have been decomposed
			for group in groups[:2]:
				utils.verify_ldap_object(group, {'memberUid': [], 'uniqueMember': []})

			# validate that the other group memberships are still unimpaired after seccond modification
			for group in groups[2:]:
				utils.verify_ldap_object(group, {'memberUid': ['%s$' % computerName], 'uniqueMember': [computer]})
