---
- name: Setup Microsoft defender
  hosts: all
  become: yes
  become_user: root

  vars:
     pyInstallDir : "/srv/python37_install/"

  tasks:

   - name: check if defender is still installed
     ansible.builtin.stat:
         path: /etc/opt/microsoft/mdatp/mdatp_onboard.json
     register: mdatp_onboard

   - name: end Play if defender still exits
     ansible.builtin.meta: end_play
     when: mdatp_onboard.stat.exists


    # Setup prerequisites

   - name: Install packages
     ansible.builtin.yum:
      name:
       - openssl-devel
       - bzip2-devel
       - libffi-devel
       - zlib-devel
       - xz-devel
       - yum-utils
      state: present


  # Install Python-37

   - name: Check if Python3.7 can be called
     ansible.builtin.shell: python3.7 -V
     register: phytonExists
     ignore_errors: true

   - name: create install directory
     ansible.builtin.file:
      path: "{{ pyInstallDir }}"
      state: directory
     when: phytonExists.rc != "0"

   - name: extract Phyton Source File
     ansible.builtin.unarchive:
       src: "{{item}}"
       dest: "{{ pyInstallDir }}"
       remote_src: no
     with_fileglob:
       - /srv/defender_install/Python-3.7.11.tgz
     when: phytonExists.rc != "0"

   - name: compile python
     ansible.builtin.command: "{{ pyInstallDir }}/Python-3.7.11/configure --enable-optimizations"
     args:
       chdir: "{{ pyInstallDir }}/Python-3.7.11"
     when: phytonExists.rc != "0"

   - name: compile python
     ansible.builtin.command: make altinstall
     args:
       chdir: "{{ pyInstallDir }}/Python-3.7.11"
     when: phytonExists.rc != "0"

  #Install Defender

   - name: Create MDATP directories
     ansible.builtin.file:
       path: /etc/opt/microsoft/mdatp/
       recurse: true
       state: directory
       mode: 0755
       owner: root
       group: root

   - name: Register mdatp_onboard.json
     ansible.builtin.stat:
       path: /etc/opt/microsoft/mdatp/mdatp_onboard.json
     register: mdatp_onboard

   - name: Extract Licence File
     ansible.builtin.unarchive:
       src: "{{item}}"
       dest: /etc/opt/microsoft/mdatp
       remote_src: no
     with_fileglob:
       - /srv/defender_install/WindowsDefenderATPOnboardingPackage.zip
     when: not mdatp_onboard.stat.exists

   - name: install defender
     ansible.builtin.yum:
       name:
        - mdatp
       state: present

   - name: register defender lic
     ansible.builtin.command: "python3.7 /etc/opt/microsoft/mdatp/MicrosoftDefenderATPOnboardingLinuxServer.py"
     args:
       chdir: /etc/opt/microsoft/mdatp

   - name: Test Scan wit EICAR String
     ansible.builtin.command: echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > /tmp/test.txt

   - name: list all threads
     ansible.builtin.command: mdatp threat list
     register: mdatp_result

   - name: Check thread tesult
     debug:
      msg: "Defender has dedect {{ mdatp_result  }}"


   - name: disable realtime protection - full configuration will be done later
     ansible.builtin.command: mdatp config real-time-protection --value disabled