#!/usr/bin/python
# -*- coding: utf-8 -*-

# Copyright: (c) 2018, Kevin Subileau (@ksubileau)
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

ANSIBLE_METADATA = {'metadata_version': '1.1',
                    'status': ['preview'],
                    'supported_by': 'community'}

DOCUMENTATION = r'''
---
module: win_rds_rap
short_description: Manage Resource Authorization Policies (RAP) on a Remote Desktop Gateway server
description:
  - Creates, removes and configures a Remote Desktop resource authorization policy (RD RAP).
  - A RD RAP allows you to specify the network resources (computers) that users can connect
    to remotely through a Remote Desktop Gateway server.
version_added: "2.8"
author:
  - Kevin Subileau (@ksubileau)
options:
  name:
    description:
      - Name of the resource authorization policy.
    required: yes
  state:
    description:
      - The state of resource authorization policy.
      - If C(absent) will ensure the policy is removed.
      - If C(present) will ensure the policy is configured and exists.
      - If C(enabled) will ensure the policy is configured, exists and enabled.
      - If C(disabled) will ensure the policy is configured, exists, but disabled.
    choices: [ absent, present, enabled, disabled ]
    default: present
  description:
    description:
      - Optionnal description of the resource authorization policy.
  user_groups:
    description:
      - List of user groups that are associated with this resource authorization policy (RAP).
        A user must belong to one of these groups to access the RD Gateway server.
      - Required when a new RAP is created.
    type: list
  allowed_ports:
    description:
      - List of port numbers through which connections are allowed for this policy.
      - To allow connections through any port, specify 'any'.
    type: list
  computer_group_type:
    description:
      - 'The computer group type:'
      - 'C(rdg_group): RD Gateway-managed group'
      - 'C(ad_network_resource_group): Active Directory Domain Services network resource group'
      - 'C(allow_any): Allow users to connect to any network resource.'
    choices: [ rdg_group, ad_network_resource_group, allow_any ]
  computer_group:
    description:
      - The computer group name that is associated with this resource authorization policy (RAP).
      - This is required when I(computer_group_type) is C(rdg_group) or C(ad_network_resource_group).
requirements:
  - Windows Server 2008R2 (6.1) or higher.
  - The Windows Feature "RDS-Gateway" must be enabled.
'''

EXAMPLES = r'''
- name: Create a new RDS RAP
  win_rds_rap:
    name: My RAP
    description: 'Allow all users to connect to any resource through ports 3389 and 3390'
    user_groups:
      - BUILTIN\users
    computer_group_type: allow_any
    allowed_ports:
      - 3389
      - 3390
    state: enabled
'''

RETURN = r'''
'''