---
- name: Podman Host | AUDIT | Gather rootless user facts
  ansible.builtin.user:
    name: "{{ _podman_host_rootless_user }}"
  register: _podman_host_rootless_user_facts

- name: Podman Host | AUDIT | Resolve name of user's primary group
  ansible.builtin.getent:
    database: group
    key: "{{ _podman_host_rootless_user_facts.group }}"
  register: _podman_host_rootless_user_group

- name: Podman Host | AUDIT | Check if user is in subuid file
  ansible.builtin.lineinfile:
    path: /etc/subuid
    regexp: '^{{ _podman_host_rootless_user }}:.*$'
    state: absent
  register: _podman_host_uid_line_found
  check_mode: true
  failed_when: false
  changed_when: false

- name: Podman Host | AUDIT | Check if group is in subgid file
  ansible.builtin.lineinfile:
    path: /etc/subgid
    regexp: '^{{ _podman_host_rootless_user_group.ansible_facts.getent_group | first }}:.*$'
    state: absent
  register: _podman_host_gid_line_found
  check_mode: true
  failed_when: false
  changed_when: false

- name: Podman Host | AUDIT | Assert that user is in subuid file exactly once
  ansible.builtin.assert:
    that:
      - _podman_host_uid_line_found.found == 1

- name: Podman Host | AUDIT | Assert that group is in subgid file exactly once
  ansible.builtin.assert:
    that:
      - _podman_host_gid_line_found.found == 1