- name: Prepare random number
  set_fact:
    secgroupname: "sg{{ resource_group | hash('md5') | truncate(7, True, '') }}{{ 1000 | random }}"
  run_once: yes


- name: Create security group
  azure_rm_securitygroup:
      resource_group: "{{ resource_group }}"
      name: "{{ secgroupname }}"
      tags:
          testing: testing
          delete: on-exit
          foo: bar
      purge_rules: yes
      rules:
          - name: DenySSH
            protocol: Tcp
            destination_port_range: 22
            access: Deny
            priority: 100
            direction: Inbound
          - name: AllowSSH
            protocol: Tcp
            source_address_prefix: 174.109.158.0/24
            destination_port_range: 22
            access: Allow
            priority: 101
            direction: Inbound
  register: output

- assert: { that: "{{ output.state.rules | length }} == 2" }

- name: Gather facts by tags
  azure_rm_securitygroup_facts:
      resource_group: "{{ resource_group }}"
      tags:
        - testing
        - foo:bar
  register: output

- assert:
      that: azure_securitygroups | length == 1

- name: Add/Update rules on existing security group
  azure_rm_securitygroup:
      resource_group: "{{ resource_group }}"
      name: "{{ secgroupname }}"
      rules:
          - name: AllowSSH
            protocol: Tcp
            source_address_prefix: 174.108.158.0/24
            destination_port_range: 22
            access: Allow
            priority: 101
          - name: AllowSSHFromHome
            protocol: Tcp
            source_address_prefix: 174.109.158.0/24
            destination_port_range: 22-23
            priority: 102
  register: output

- assert: 
      that:
          - "{{ output.state.rules | length }} == 3"
          - output.state.rules[0].source_address_prefix == '174.108.158.0/24'

- name: Test idempotence
  azure_rm_securitygroup:
      resource_group: "{{ resource_group }}"
      name: "{{ secgroupname }}"
      rules:
          - name: AllowSSH
            protocol: Tcp
            source_address_prefix: 174.108.158.0/24
            destination_port_range: 22
            access: Allow
            priority: 101
          - name: AllowSSHFromHome
            protocol: Tcp
            source_address_prefix: 174.109.158.0/24
            destination_port_range: 22-23
            priority: 102
  register: output

- assert:
      that: not output.changed

- name: Update tags
  azure_rm_securitygroup:
      resource_group: "{{ resource_group }}"
      name: "{{ secgroupname }}"
      tags:
          testing: testing
          delete: never
          baz: bar
      append_tags: false
  register: output

- assert:
      that:
          - output.state.tags | length == 3
          - output.state.tags.delete == 'never'

- name: Purge tags
  azure_rm_securitygroup:
      resource_group: "{{ resource_group }}"
      name: "{{ secgroupname }}"
      append_tags: false
      tags:
          testing: testing
          delete: on-exit
  register: output

- assert:
      that:
          - output.state.tags | length == 2
          - output.state.tags.delete == 'on-exit'

- name: Gather facts for one accounts
  azure_rm_securitygroup_facts:
      resource_group: "{{ resource_group }}"
      name: "{{ secgroupname }}"
  register: output

- assert:
      that:
          - azure_securitygroups | length == 1

- name: Gather facts for all accounts
  azure_rm_securitygroup_facts:
      resource_group: "{{ resource_group }}"
  register: output

- assert:
      that:
          - azure_securitygroups | length > 0

- name: Create security group with source_address_prefixes
  azure_rm_securitygroup:
      resource_group: "{{ resource_group }}"
      name: "{{ secgroupname }}"
      tags:
          testing: testing
          delete: on-exit
          foo: bar
      purge_rules: yes
      rules:
          - name: AllowSSH
            protocol: Tcp
            source_address_prefix:
            - 52.100.120.240
            - 53.100.250.190
            - 54.110.200.200
            destination_port_range: 22
            access: Allow
            priority: 101
            direction: Inbound
  register: output

- assert:
    that:
    - "{{ output.state.rules | length }} == 1"
    - "{{ output.state.rules[0].source_address_prefixes | length }} == 3"
    - not output.state.rules[0].source_address_prefix

- name: Create security group with source_address_prefixes(idempontent)
  azure_rm_securitygroup:
      resource_group: "{{ resource_group }}"
      name: "{{ secgroupname }}"
      tags:
          testing: testing
          delete: on-exit
          foo: bar
      purge_rules: yes
      rules:
          - name: AllowSSH
            protocol: Tcp
            source_address_prefix:
            - 52.100.120.240
            - 53.100.250.190
            - 54.110.200.200
            destination_port_range: 22
            access: Allow
            priority: 101
            direction: Inbound
  register: output

- assert:
      that: not output.changed

- name: Add a single one group
  azure_rm_securitygroup:
      resource_group: "{{ resource_group }}"
      name: "{{ secgroupname }}"
      tags:
          testing: testing
          delete: on-exit
          foo: bar
      rules:
          - name: DenySSH
            protocol: Tcp
            source_address_prefix:
            - 54.120.120.240
            destination_port_range: 22
            access: Deny
            priority: 102
            direction: Inbound
  register: output

- assert:
     that: 
      - output.changed
      - "{{ output.state.rules | length }} == 2"

- name: Delete all security groups
  azure_rm_securitygroup:
      resource_group: "{{ resource_group }}"
      name: "{{ item.name }}"
      state: absent
  with_items: "{{ azure_securitygroups }}"

- name: Should have no security groups remaining
  azure_rm_securitygroup_facts:
      resource_group: "{{ resource_group }}"
  register: output

- assert:
      that:
          - azure_securitygroups | length == 0