---
- name: get resource group info
  become: true
  become_user: root
#  become_method: runas
  hosts: localhost
  roles:
    - role: azure_createRG
    - role: azure_createwindowsvm-demo
  tasks:
  - name: make host group from survey hosts list
    add_host:
      hostname: "{{nic_info.networkinterfaces[0].ip_configurations[0].private_ip_address}}"
      #hostname: "{{ hostname }}.adagility.net"
      groups: new_group
      ansible_connection: winrm
      ansible_port: 5985
      ansible_winrm_server_cert_validation: ignore
      ansible_user: ApeAdmin
      ansible_password: "{{password}}"
      ansible_winrm_transport: ntlm
      #ansible_user: "{{ansible_user}}"
      #ansible_password: "{{ansible_password}}"
  - name: create hostgroup for ad group creation 
    add_host: 
      hostname: awe-mps-006.adagility.net
      groups: ad_group
      ansible_connection: winrm
      ansible_port: 5985
      ansible_winrm_server_cert_validation: ignore
      ansible_user: "{{ansible_user}}"
      ansible_password: "{{ansible_password}}"
      ansible_winrm_transport: kerberos

  environment:
    - AZURE_CLIENT_ID: 141cd3f9-e466-4086-bfe9-9d6873a84084
    - AZURE_SECRET: "{{secret}}"
    - AZURE_SUBSCRIPTION_ID: dd4dbc55-c970-4a1f-8ddd-8cb7ae7900dd
    - AZURE_TENANT: 03a0b8f2-7896-4d4d-bd81-9d6314ae3e15

- name: Onboard vm 
  gather_facts: no
  hosts: new_group
  roles:
    - role: win_ping
    - role: windows_install-check-mk
    - role: windows_install-sentinelone
    - role: windows_install-windirstat
    - role: windows_domain-join
    - role: windows_finalize

- name: Create admin group
  gather_facts: 
  hosts: ad_group
  tasks:
    - name: Create ad security group for Devices
      community.windows.win_domain_group:
        name: G-MGMT-LA-DEVADM-{{ hostname|upper }}
        path: OU=Local_Admin,OU=Device_Privileges,OU=Management_Groups,OU=Aperam,DC=ADAGILITY,DC=NET
        domain_username: "{{domain_admin}}"
        domain_password: "{{domain_password}}"
        state: present
        scope: global
        
- name: Destroy demo RG
  become: true
  become_user: root
#  become_method: runas
  hosts: localhost
  tasks:
    - name: delete RG 
      azure_rm_resourcegroup:
        name: "{{ RG_name }}"
        force_delete_nonempty: yes
        state: absent
  environment:
    - AZURE_CLIENT_ID: 141cd3f9-e466-4086-bfe9-9d6873a84084
    - AZURE_SECRET: "{{secret}}"
    - AZURE_SUBSCRIPTION_ID: dd4dbc55-c970-4a1f-8ddd-8cb7ae7900dd
    - AZURE_TENANT: 03a0b8f2-7896-4d4d-bd81-9d6314ae3e15