---

- name: create an ACL with rules
  consul_acl:
    host: "{{ acl_host }}"
    mgmt_token: "{{ mgmt_token }}"
    name: "{{ test_consul_acl_token_name }}"
    rules:
      - event: "bbq"
        policy: write
      - key: "foo"
        policy: read
      - key: "private"
        policy: deny
      - keyring: write
      - node: "hgs4"
        policy: write
      - operator: read
      - query: ""
        policy: write
      - service: "consul"
        policy: write
      - session: "standup"
        policy: write
  register: created_acl

- name: verify created ACL's rules
  assert:
    that:
      - created_acl.changed
      - created_acl.operation == "create"
      - created_acl.token | length == 36
      - (created_acl.rules | json_query("event.bbq.policy")) == "write"
      - (created_acl.rules | json_query("key.foo.policy")) == "read"
      - (created_acl.rules | json_query("key.private.policy")) == "deny"
      - (created_acl.rules | json_query("keyring")) == "write"
      - (created_acl.rules | json_query("node.hgs4.policy")) == "write"
      - (created_acl.rules | json_query("operator")) == "read"
      - (created_acl.rules | json_query('query."".policy')) == "write"
      - (created_acl.rules | json_query("service.consul.policy")) == "write"
      - (created_acl.rules | json_query("session.standup.policy")) == "write"

- name: create same ACL
  consul_acl:
    host: "{{ acl_host }}"
    mgmt_token: "{{ mgmt_token }}"
    name: "{{ test_consul_acl_token_name }}"
    rules:
      - event: "bbq"
        policy: write
      - key: "foo"
        policy: read
      - key: "private"
        policy: deny
      - keyring: write
      - node: "hgs4"
        policy: write
      - operator: read
      - query: ""
        policy: write
      - service: "consul"
        policy: write
      - session: "standup"
        policy: write
  register: doubly_created_acl

- name: verify idempotence when creating ACL
  assert:
    that:
      - not doubly_created_acl.changed

- name: clean up
  consul_acl:
    host: "{{ acl_host }}"
    mgmt_token: "{{ mgmt_token }}"
    token: "{{ doubly_created_acl.token }}"
    state: absent