- name: Prepare random number
  set_fact:
    rpfx: "{{ resource_group | hash('md5') | truncate(7, True, '') }}{{ 1000 | random }}"
  run_once: yes

- name: Create instance of Key Vault -- check mode
  azure_rm_keyvault:
    resource_group: "{{ resource_group }}"
    vault_name: "vault{{ rpfx }}"
    vault_tenant: 11111111-1111-1111-1111-111122223333
    enabled_for_deployment: yes
    sku:
      name: standard
      family: A
    access_policies:
      - object_id: 99998888-8666-4144-9199-2d7cd0111111
        keys:
          - get
          - list
  check_mode: yes
  register: output
- name: Assert the resource instance is well created
  assert:
    that:
      - output.changed

- name: Create instance of Key Vault
  azure_rm_keyvault:
    resource_group: "{{ resource_group }}"
    vault_name: "vault{{ rpfx }}"
    vault_tenant: 11111111-1111-1111-1111-111122223333
    enabled_for_deployment: yes
    sku:
      name: standard
      family: A
    access_policies:
      - object_id: 99998888-8666-4144-9199-2d7cd0111111
        keys:
          - get
          - list
  register: output
- name: Assert the resource instance is well created
  assert:
    that:
      - output.changed

- name: Create again instance of Key Vault
  azure_rm_keyvault:
    resource_group: "{{ resource_group }}"
    vault_name: "vault{{ rpfx }}"
    vault_tenant: 11111111-1111-1111-1111-111122223333
    enabled_for_deployment: yes
    sku:
      name: standard
      family: A
    access_policies:
      - object_id: 99998888-8666-4144-9199-2d7cd0111111
        keys:
          - get
          - list
  register: output
- name: Assert the state has not changed
  assert:
    that:
      - output.changed == false

- name: Update existing Key Vault (add a rule and tags)
  azure_rm_keyvault:
    resource_group: "{{ resource_group }}"
    vault_name: "vault{{ rpfx }}"
    vault_tenant: 11111111-1111-1111-1111-111122223333
    enabled_for_deployment: yes
    sku:
      name: standard
      family: A
    access_policies:
      - object_id: 99998888-8666-4144-9199-2d7cd0111111
        certificates:
          - get
          - list
      - object_id: 11112222-8666-4144-9199-2d7cd0111111
        keys:
          - get
          - list
    tags:
      aaa: bbb
  register: output
- name: Assert the state has changed
  assert:
    that:
      - output.changed == true

- name: Use REST API to retrieve keyvault (as facts not available yet)
  azure_rm_resource_facts:
    api_version: '2018-02-14'
    resource_group: "{{ resource_group }}"
    provider: keyvault
    resource_type: vaults
    resource_name: "vault{{ rpfx }}"
  register: output
- name: Assert the facts are properly set
  assert:
    that:
      - output.response[0].tags.aaa == "bbb"

- name: Delete instance of Key Vault -- check mode
  azure_rm_keyvault:
    resource_group: "{{ resource_group }}"
    vault_name: "vault{{ rpfx }}"
    state: absent
  check_mode: yes
  register: output
- name: Assert the state has changed
  assert:
    that:
      - output.changed

- name: Delete instance of Key Vault
  azure_rm_keyvault:
    resource_group: "{{ resource_group }}"
    vault_name: "vault{{ rpfx }}"
    state: absent
  register: output
- name: Assert the state has changed
  assert:
    that:
      - output.changed

- name: Delete unexisting instance of Key Vault
  azure_rm_keyvault:
    resource_group: "{{ resource_group }}"
    vault_name: "vault{{ rpfx }}"
    state: absent
  register: output
- name: Assert the state has changed
  assert:
    that:
      - output.changed == false