# Copyright 2024 Google Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

---
# Pre-test setup
- name: Delete the test secret if it exists
  google.cloud.gcp_secret_manager:
    name: "{{ resource_name }}"
    version: "all"
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file | default(omit) }}"
    state: absent
# ----------------------------------------------------------
- name: Create a secret
  google.cloud.gcp_secret_manager:
    name: "{{ resource_name }}"
    value: "ansible-test-secret-value"
    labels:
      key1: "val1"
      key2: "val2"
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file | default(omit) }}"
    state: present
  register: result
- name: Assert changed is true
  ansible.builtin.assert:
    that:
      - result.changed == true
# ----------------------------------------------------------
- name: Create a secret that already exists
  google.cloud.gcp_secret_manager:
    name: "{{ resource_name }}"
    value: "ansible-test-secret-value"
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file | default(omit) }}"
    state: present
  register: result
- name: Assert changed is false
  ansible.builtin.assert:
    that:
      - result.changed == false
# ----------------------------------------------------------
- name: Add a new version to a secret
  google.cloud.gcp_secret_manager:
    name: "{{ resource_name }}"
    value: "ansible-test-secret-value-updated"
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file | default(omit) }}"
    state: present
  register: result
- name: Assert changed is true
  ansible.builtin.assert:
    that:
      - result.changed == true
# ----------------------------------------------------------
- name: Add a version that exists to a secret
  google.cloud.gcp_secret_manager:
    name: "{{ resource_name }}"
    value: "ansible-test-secret-value-updated"
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file | default(omit) }}"
    state: present
  register: result
- name: Assert changed is false
  ansible.builtin.assert:
    that:
      - result.changed == false
# ----------------------------------------------------------
- name: Ensure the secret exists
  google.cloud.gcp_secret_manager:
    name: "{{ resource_name }}"
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file | default(omit) }}"
    state: present
  register: result
- name: Assert changed is false
  ansible.builtin.assert:
    that:
      - result.changed == false
# ----------------------------------------------------------
- name: Delete the secret version
  google.cloud.gcp_secret_manager:
    name: "{{ resource_name }}"
    version: "1"
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file | default(omit) }}"
    state: absent
  register: result
- name: Assert changed is true
  ansible.builtin.assert:
    that:
      - result.changed == true
# ----------------------------------------------------------
- name: Delete the secret
  google.cloud.gcp_secret_manager:
    name: "{{ resource_name }}"
    version: "all"
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file | default(omit) }}"
    state: absent
  register: result
- name: Assert changed is true
  ansible.builtin.assert:
    that:
      - result.changed == true
# ----------------------------------------------------------
- name: Delete the secret that does not exist
  google.cloud.gcp_secret_manager:
    name: "{{ resource_name }}"
    version: "all"
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file | default(omit) }}"
    state: absent
  register: result
- name: Assert changed is false
  ansible.builtin.assert:
    that:
      - result.changed == false