- name: Prepare random number
  set_fact:
    rpfx: "{{ resource_group | hash('md5') | truncate(7, True, '') }}{{ 1000 | random }}"
  run_once: yes

- name: Create instance of Key Vault
  azure_rm_keyvault:
    resource_group: "{{ resource_group }}"
    vault_name: "vault{{ rpfx }}"
    enabled_for_deployment: yes
    vault_tenant: "{{ azure_tenant }}"
    sku:
      name: standard
      family: A
    access_policies:
      - tenant_id: "{{ azure_tenant }}"
        object_id: 97567bfa-cf13-4217-8fa3-cc56bc1867fe
        keys:
          - get
          - list
          - update
          - create
          - import
          - delete
          - recover
          - backup
          - restore
        secrets:
          - get
          - list
          - set
          - delete
          - recover
          - backup
          - restore
  register: output

- name: create a kevyault secret
  block:
    - azure_rm_keyvaultsecret:
        keyvault_uri: https://vault{{ rpfx }}.vault.azure.net
        secret_name: testsecret
        secret_value: 'mysecret'
        tags:
          testing: test
          delete: on-exit
      register: output
    - assert:
        that: output.changed
  rescue:
    - azure_rm_keyvaultsecret:
        keyvault_uri: https://vault{{ rpfx }}.vault.azure.net
        state: absent
        secret_name: testsecret

- name: delete a kevyault secret
  azure_rm_keyvaultsecret:
    keyvault_uri: https://vault{{ rpfx }}.vault.azure.net
    state: absent
    secret_name: testsecret
  register: output

- assert:
    that: output.changed