---
- name: Create security group
  openstack.cloud.security_group:
     cloud: "{{ cloud }}"
     name: ansible_security_group
     state: present
     description: 'Created from Ansible playbook'
  register: security_group

- name: Assert return values of security_group module
  assert:
    that:
      - security_group.security_group.name == 'ansible_security_group'
      - security_group.security_group.description == 'Created from Ansible playbook'
      # allow new fields to be introduced but prevent fields from being removed
      - expected_fields|difference(security_group.security_group.keys())|length == 0

- name: List all security groups
  openstack.cloud.security_group_info:
     cloud: "{{ cloud }}"
  register: security_groups

- name: Assert return values of security_group_info module
  assert:
    that:
      - security_groups.security_groups | length > 0
      # allow new fields to be introduced but prevent fields from being removed
      - expected_fields|difference(security_groups.security_groups[0].keys())|length == 0

- name: Find security group by name
  openstack.cloud.security_group_info:
     cloud: "{{ cloud }}"
     name: ansible_security_group
  register: security_groups

- name: Check filter security group by name
  assert:
    that:
      - security_groups.security_groups | length  == 1
      - security_groups.security_groups.0.id == security_group.security_group.id

- name: Filter security group by description
  openstack.cloud.security_group_info:
     cloud: "{{ cloud }}"
     description: 'Created from Ansible playbook'
  register: security_groups

- name: Check filter security group by description
  assert:
    that:
      - security_groups.security_groups | length  == 1
      - security_groups.security_groups.0.id == security_group.security_group.id

- name: Filter security group by not_tags
  openstack.cloud.security_group_info:
     cloud: "{{ cloud }}"
     name: ansible_security_group
     not_tags:
       - ansibletag1
       - ansibletag2
  register: security_groups

- name: Check filter security group by not_tags
  assert:
    that:
      - security_groups.security_groups | length  == 1
      - security_groups.security_groups.0.id == security_group.security_group.id

- name: Delete security group
  openstack.cloud.security_group:
     cloud: "{{ cloud }}"
     name: ansible_security_group
     state: absent

- name: Create stateless security group
  openstack.cloud.security_group:
     cloud: "{{ cloud }}"
     name: ansible_security_group_stateless
     stateful: false
     state: present
     description: 'Created from Ansible playbook'
  register: security_group_stateless

- name: Assert return values of security_group module
  assert:
    that:
      - security_group_stateless.security_group.name == 'ansible_security_group_stateless'
      - security_group_stateless.security_group.stateful == False

- name: Delete stateless security group
  openstack.cloud.security_group:
     cloud: "{{ cloud }}"
     name: ansible_security_group_stateless
     state: absent

- include_tasks: rules.yml