---
- name: test remove http range rule in check mode
  cs_securitygroup_rule:
    security_group: default
    start_port: 8000
    end_port: 8888
    cidr: 1.2.3.4/32
    state: absent
  register: sg_rule
  check_mode: true
- name: verify create http range rule in check mode
  assert:
    that:
    - sg_rule|success
    - sg_rule|changed
    - sg_rule.type == 'ingress'
    - sg_rule.security_group == 'default'
    - sg_rule.protocol == 'tcp'
    - sg_rule.start_port == 8000
    - sg_rule.end_port == 8888
    - sg_rule.cidr == '1.2.3.4/32'

- name: test remove http range rule
  cs_securitygroup_rule:
    security_group: default
    start_port: 8000
    end_port: 8888
    cidr: 1.2.3.4/32
    state: absent
  register: sg_rule
- name: verify create http range rule
  assert:
    that:
    - sg_rule|success
    - sg_rule|changed
    - sg_rule.type == 'ingress'
    - sg_rule.security_group == 'default'
    - sg_rule.protocol == 'tcp'
    - sg_rule.start_port == 8000
    - sg_rule.end_port == 8888
    - sg_rule.cidr == '1.2.3.4/32'

- name: test remove http range rule idempotence
  cs_securitygroup_rule:
    security_group: default
    start_port: 8000
    end_port: 8888
    cidr: 1.2.3.4/32
    state: absent
  register: sg_rule
- name: verify create http range rule idempotence
  assert:
    that:
    - sg_rule|success
    - not sg_rule|changed

- name: test remove single port udp rule in check mode
  cs_securitygroup_rule:
    security_group: default
    port: 5353
    protocol: udp
    type: egress
    user_security_group: '{{ cs_resource_prefix }}_sg'
    state: absent
  register: sg_rule
  check_mode: true
- name: verify remove single port udp rule in check mode
  assert:
    that:
    - sg_rule|success
    - sg_rule|changed
    - sg_rule.type == 'egress'
    - sg_rule.security_group == 'default'
    - sg_rule.protocol == 'udp'
    - sg_rule.start_port == 5353
    - sg_rule.end_port == 5353
    - sg_rule.user_security_group == '{{ cs_resource_prefix }}_sg'

- name: test remove single port udp rule
  cs_securitygroup_rule:
    security_group: default
    port: 5353
    protocol: udp
    type: egress
    user_security_group: '{{ cs_resource_prefix }}_sg'
    state: absent
  register: sg_rule
- name: verify remove single port udp rule
  assert:
    that:
    - sg_rule|success
    - sg_rule|changed
    - sg_rule.type == 'egress'
    - sg_rule.security_group == 'default'
    - sg_rule.protocol == 'udp'
    - sg_rule.start_port == 5353
    - sg_rule.end_port == 5353
    - sg_rule.user_security_group == '{{ cs_resource_prefix }}_sg'

- name: test remove single port udp rule idempotence
  cs_securitygroup_rule:
    security_group: default
    port: 5353
    protocol: udp
    type: egress
    user_security_group: '{{ cs_resource_prefix }}_sg'
    state: absent
  register: sg_rule
- name: verify remove single port udp rule idempotence
  assert:
    that:
    - sg_rule|success
    - not sg_rule|changed

- name: test remove icmp rule in check mode
  cs_securitygroup_rule:
    security_group: default
    protocol: icmp
    type: ingress
    icmp_type: -1
    icmp_code: -1
    state: absent
  register: sg_rule
  check_mode: true
- name: verify icmp rule in check mode
  assert:
    that:
    - sg_rule|success
    - sg_rule|changed
    - sg_rule.type == 'ingress'
    - sg_rule.security_group == 'default'
    - sg_rule.cidr == '0.0.0.0/0'
    - sg_rule.protocol == 'icmp'
    - sg_rule.icmp_code == -1
    - sg_rule.icmp_type == -1

- name: test remove icmp rule
  cs_securitygroup_rule:
    security_group: default
    protocol: icmp
    type: ingress
    icmp_type: -1
    icmp_code: -1
    state: absent
  register: sg_rule
- name: verify icmp rule
  assert:
    that:
    - sg_rule|success
    - sg_rule|changed
    - sg_rule.type == 'ingress'
    - sg_rule.security_group == 'default'
    - sg_rule.cidr == '0.0.0.0/0'
    - sg_rule.protocol == 'icmp'
    - sg_rule.icmp_code == -1
    - sg_rule.icmp_type == -1

- name: test remove icmp rule idempotence
  cs_securitygroup_rule:
    security_group: default
    protocol: icmp
    type: ingress
    icmp_type: -1
    icmp_code: -1
    state: absent
  register: sg_rule
- name: verify icmp rule idempotence
  assert:
    that:
    - sg_rule|success
    - not sg_rule|changed