- name: Create security group
  azure_rm_securitygroup:
      resource_group: "{{ resource_group }}"
      name: mysecgroup
      tags:
          testing: testing
          delete: on-exit
          foo: bar
      purge_rules: yes
      rules:
          - name: DenySSH
            protocol: Tcp
            destination_port_range: 22
            access: Deny
            priority: 100
            direction: Inbound
          - name: 'AllowSSH'
            protocol: Tcp
            source_address_prefix: '174.109.158.0/24'
            destination_port_range: 22
            access: Allow
            priority: 101
            direction: Inbound
  register: output

- assert: { that: "{{ output.state.rules | length }} == 2" }

- name: Gather facts by tags
  azure_rm_securitygroup_facts:
      resource_group: "{{ resource_group }}"
      tags:
        - testing
        - foo:bar
  register: output

- assert:
      that: azure_securitygroups | length == 1

- name: Add/Update rules on existing security group
  azure_rm_securitygroup:
      resource_group: "{{ resource_group }}"
      name: mysecgroup
      rules:
          - name: DenySSH
            protocol: Tcp
            destination_port_range: 22-23
            access: Deny
            priority: 100
          - name: AllowSSHFromHome
            protocol: Tcp
            source_address_prefix: '174.109.158.0/24'
            destination_port_range: 22-23
            priority: 102
  register: output

- assert: { that: "{{ output.state.rules | length }} == 3" }

- name: Test idempotence
  azure_rm_securitygroup:
      resource_group: "{{ resource_group }}"
      name: mysecgroup
      rules:
          - name: DenySSH
            protocol: Tcp
            destination_port_range: 22-23
            access: Deny
            priority: 100
          - name: AllowSSHFromHome
            protocol: Tcp
            source_address_prefix: '174.109.158.0/24'
            destination_port_range: 22-23
            priority: 102
  register: output

- assert:
      that: not output.changed

- name: Update tags
  azure_rm_securitygroup:
      resource_group: "{{ resource_group }}"
      name: mysecgroup
      tags:
          testing: testing
          delete: never
          baz: bar
  register: output

- assert:
      that:
          - output.state.tags | length == 3
          - output.state.tags.delete == 'never'

- name: Purge tags
  azure_rm_securitygroup:
      resource_group: "{{ resource_group }}"
      name: mysecgroup
      tags:
          testing: testing
          delete: on-exit
  register: output

- assert:
      that:
          - output.state.tags | length == 2
          - output.state.tags.delete == 'on-exit'

- name: Gather facts for one accounts
  azure_rm_securitygroup_facts:
      resource_group: "{{ resource_group }}"
      name: mysecgroup
  register: output

- assert:
      that:
          - azure_securitygroups | length == 1

- name: Gather facts for all accounts
  azure_rm_securitygroup_facts:
      resource_group: "{{ resource_group }}"
  register: output

- assert:
      that:
          - azure_securitygroups | length > 0

- name: Delete all security groups
  azure_rm_securitygroup:
      resource_group: "{{ resource_group }}"
      name: "{{ item.name }}"
      state: absent
  with_items: "{{ azure_securitygroups }}"

- name: Should have no security groups remaining
  azure_rm_securitygroup_facts:
      resource_group: "{{ resource_group }}"
  register: output

- assert:
      that:
          - azure_securitygroups | length == 0