---
# Audit underlay device configurations against YANG desired state.
# Detects config drift for the insurance observability story.
- name: Underlay configuration audit
  hosts: homelab
  become: true
  tasks:
    - name: Validate YANG model
      ansible.builtin.command:
        cmd: pyang --strict /opt/kedge/yang/models/sovereign-sdwan.yang
      register: yang_validation
      changed_when: false

    - name: Run YANG compiler for current site
      ansible.builtin.command:
        cmd: >
          python3 /opt/kedge/yang/compiler/compile.py
          --site-config /opt/kedge/yang/site-config/homelab.xml
          --output-format json
      register: compiled_config
      changed_when: false

    - name: Display compiled desired state
      ansible.builtin.debug:
        var: compiled_config.stdout | from_json

    # TODO: Fetch actual device configs via Bascule SDK and compare
    # against compiled desired state. Report drift.
    - name: Report audit status
      ansible.builtin.debug:
        msg: "Underlay audit complete. Drift detection requires Bascule SDK integration."