- name: Get secrets for SNMP manager
  set_fact:
    manager: '{{ lookup("passwordstore", "host/"+snmp_manager.name, returnall=true, missing="empty") | from_yaml }}'

- name: Generate SNMP passwords
  delegate_to: localhost
  command: 'snmpv3-hashgen --yaml --user {{ manager.snmp_user }} --auth {{ manager.snmp_pass }} --priv {{ manager.snmp_pass }} --hash sha1 --engine {{ snmp_engine_id }}'
  check_mode: false
  changed_when: false
  register: snmp_config

- name: Get SNMP password hash
  set_fact:
    snmp_hashes: '{{ (snmp_config.stdout | from_yaml).snmpv3.hashes }}'

- name: Set SNMP engine ID
  ansible.netcommon.cli_command:
    command: "{{ item }}"
    prompt: "% Warning: All SNMP users will be deleted\\. Do you want to continue\\? \\[Y/N\\]:"
    answer: "y"
  loop:
    - configure
    - snmp-server local-engineid {{ snmp_engine_id }}
    - exit
  when: not ansible_check_mode

- name: Create SNMP user
  ansible.netcommon.cli_config:
    config: "snmp-server user {{ manager.snmp_user }} public v3 encrypted auth sha {{ snmp_hashes.auth | upper }} priv des56 {{ snmp_hashes.priv[:32] | upper }}"
  notify: write config