---
- block:
  - name: Make sure we're not already using Docker swarm
    docker_swarm:
      state: absent
      force: true

  - name: Create a Swarm cluster
    docker_swarm:
      state: present
      advertise_addr: "{{ansible_default_ipv4.address}}"

  - name: Parameter name should be required
    docker_secret:
      state: present
    ignore_errors: yes
    register: output

  - name: assert failure when called with no name
    assert:
      that:
         - 'output.failed'
         - 'output.msg == "missing required arguments: name"'

  - name: Test parameters
    docker_secret:
      name: foo
      state: present
    ignore_errors: yes
    register: output

  - name: assert failure when called with no data
    assert:
      that:
         - 'output.failed'
         - 'output.msg == "state is present but all of the following are missing: data"'

  - name: Create secret
    docker_secret:
      name: db_password
      data: opensesame!
      state: present
    register: output

  - name: Create variable secret_id
    set_fact:
      secret_id: "{{ output.secret_id }}"

  - name: Inspect secret
    command: "docker secret inspect {{ secret_id }}"
    register: inspect

  - debug: var=inspect

  - name: assert secret creation succeeded
    assert:
      that:
         - "'db_password' in inspect.stdout"
         - "'ansible_key' in inspect.stdout"

  - name: Create secret again
    docker_secret:
      name: db_password
      data: opensesame!
      state: present
    register: output

  - name: assert create secret is idempotent
    assert:
      that:
         - not output.changed

  - name: Create secret again (base64)
    docker_secret:
      name: db_password
      data: b3BlbnNlc2FtZSE=
      data_is_b64: true
      state: present
    register: output

  - name: assert create secret (base64) is idempotent
    assert:
      that:
         - not output.changed

  - name: Update secret
    docker_secret:
      name: db_password
      data: newpassword!
      state: present
    register: output

  - name: assert secret was updated
    assert:
      that:
         - output.changed
         - output.secret_id != secret_id

  - name: Remove secret
    docker_secret:
      name: db_password
      state: absent

  - name: Check that secret is removed
    command: "docker secret inspect {{ secret_id }}"
    register: output
    ignore_errors: yes

  - name: assert secret was removed
    assert:
      that:
        - output.failed

  always:
  - name: Remove Swarm cluster
    docker_swarm:
      state: absent
      force: true