- name: create a new acl token
  consul_acl:
    mgmt_token: '{{mgmt_token}}'
    host: '{{acl_host}}'
    name: 'New ACL'
  register: new_ruleless

- name: verify ruleless key created
  assert:
    that:
      - new_ruleless.token | length == 36
      - new_ruleless.name == 'New ACL'

- name: add rules to an acl token
  consul_acl:
    mgmt_token: '{{mgmt_token}}'
    host: '{{acl_host}}'
    name: 'With rule'
    rules:
      - key: 'foo'
        policy: read
      - key: 'private/foo'
        policy: deny
  register: with_rules

- name: verify rules created
  assert:
    that:
      - with_rules.token | length == 36
      - with_rules.name == 'With rule'
      - with_rules.rules | match('.*"foo".*')
      - with_rules.rules | match('.*"private/foo".*')

- name: clear up
  consul_acl:
    mgmt_token: '{{mgmt_token}}'
    host: '{{acl_host}}'
    token: '{{item}}'
    state: absent
  with_items:
    - '{{new_ruleless.token}}'
    - '{{with_rules.token}}'