ansible/test/integration/targets/ecs_ecr/tasks/main.yml

---
- set_fact:
    ecr_name: '{{ resource_prefix }}-ecr'

- block:

    - name: When creating with check mode
      ecs_ecr:
        name: '{{ ecr_name }}'
        region: '{{ ec2_region }}'
        ec2_access_key: '{{ec2_access_key}}'
        ec2_secret_key: '{{ec2_secret_key}}'
        security_token: '{{security_token}}'
      register: result
      check_mode: yes

    - name: it should skip, change and create
      assert:
        that:
          - result is skipped
          - result is changed
          - result.created


    - name: When specifying a registry that is inaccessible
      ecs_ecr:
        registry_id: 999999999999
        name: '{{ ecr_name }}'
        region: '{{ ec2_region }}'
        ec2_access_key: '{{ec2_access_key}}'
        ec2_secret_key: '{{ec2_secret_key}}'
        security_token: '{{security_token}}'
      register: result
      ignore_errors: true

    - name: it should fail with an AccessDeniedException
      assert:
        that:
          - result is failed
          - '"AccessDeniedException" in result.msg'


    - name: When creating a repository
      ecs_ecr:
        name: '{{ ecr_name }}'
        region: '{{ ec2_region }}'
        ec2_access_key: '{{ec2_access_key}}'
        ec2_secret_key: '{{ec2_secret_key}}'
        security_token: '{{security_token}}'
      register: result

    - name: it should change and create
      assert:
        that:
          - result is changed
          - result.created


    - name: When creating a repository that already exists in check mode
      ecs_ecr:
        name: '{{ ecr_name }}'
        region: '{{ ec2_region }}'
        ec2_access_key: '{{ec2_access_key}}'
        ec2_secret_key: '{{ec2_secret_key}}'
        security_token: '{{security_token}}'
      register: result
      check_mode: yes

    - name: it should not skip, should not change
      assert:
        that:
          - result is not skipped
          - result is not changed


    - name: When creating a repository that already exists
      ecs_ecr:
        name: '{{ ecr_name }}'
        region: '{{ ec2_region }}'
        ec2_access_key: '{{ec2_access_key}}'
        ec2_secret_key: '{{ec2_secret_key}}'
        security_token: '{{security_token}}'
      register: result

    - name: it should not change
      assert:
        that:
          - result is not changed


    - name: When in check mode, and deleting a policy that does not exist
      ecs_ecr:
        region: '{{ ec2_region }}'
        name: '{{ ecr_name }}'
        ec2_access_key: '{{ec2_access_key}}'
        ec2_secret_key: '{{ec2_secret_key}}'
        security_token: '{{security_token}}'
        delete_policy: yes
      register: result
      check_mode: yes

    - name: it should not skip and not change
      assert:
        that:
          - result is not skipped
          - result is not changed


    - name: When in check mode, setting policy on a repository that has no policy
      ecs_ecr:
        region: '{{ ec2_region }}'
        name: '{{ ecr_name }}'
        policy: '{{ policy }}'
        ec2_access_key: '{{ec2_access_key}}'
        ec2_secret_key: '{{ec2_secret_key}}'
        security_token: '{{security_token}}'
      register: result
      check_mode: yes

    - name: it should skip, change and not create
      assert:
        that:
          - result is skipped
          - result is changed
          - not result.created


    - name: When setting policy on a repository that has no policy
      ecs_ecr:
        region: '{{ ec2_region }}'
        name: '{{ ecr_name }}'
        policy: '{{ policy }}'
        ec2_access_key: '{{ec2_access_key}}'
        ec2_secret_key: '{{ec2_secret_key}}'
        security_token: '{{security_token}}'
      register: result

    - name: it should change and not create
      assert:
        that:
          - result is changed
          - not result.created


    - name: When in check mode, and deleting a policy that exists
      ecs_ecr:
        region: '{{ ec2_region }}'
        name: '{{ ecr_name }}'
        delete_policy: yes
        ec2_access_key: '{{ec2_access_key}}'
        ec2_secret_key: '{{ec2_secret_key}}'
        security_token: '{{security_token}}'
      register: result
      check_mode: yes

    - name: it should skip, change but not create
      assert:
        that:
          - result is skipped
          - result is changed
          - not result.created


    - name: When deleting a policy that exists
      ecs_ecr:
        region: '{{ ec2_region }}'
        name: '{{ ecr_name }}'
        delete_policy: yes
        ec2_access_key: '{{ec2_access_key}}'
        ec2_secret_key: '{{ec2_secret_key}}'
        security_token: '{{security_token}}'
      register: result

    - name: it should change and not create
      assert:
        that:
          - result is changed
          - not result.created


    - name: When setting a policy as a string
      ecs_ecr:
        region: '{{ ec2_region }}'
        name: '{{ ecr_name }}'
        policy: '{{ policy | to_json }}'
        ec2_access_key: '{{ec2_access_key}}'
        ec2_secret_key: '{{ec2_secret_key}}'
        security_token: '{{security_token}}'
      register: result

    - name: it should change and not create
      assert:
        that:
          - result is changed
          - not result.created


    - name: When setting a policy to its current value
      ecs_ecr:
        region: '{{ ec2_region }}'
        name: '{{ ecr_name }}'
        policy: '{{ policy }}'
        ec2_access_key: '{{ec2_access_key}}'
        ec2_secret_key: '{{ec2_secret_key}}'
        security_token: '{{security_token}}'
      register: result

    - name: it should not change
      assert:
        that:
          - result is not changed


    - name: When omitting policy on a repository that has a policy
      ecs_ecr:
        region: '{{ ec2_region }}'
        name: '{{ ecr_name }}'
        ec2_access_key: '{{ec2_access_key}}'
        ec2_secret_key: '{{ec2_secret_key}}'
        security_token: '{{security_token}}'
      register: result

    - name: it should not change
      assert:
        that:
          - result is not changed


    - name: When specifying both policy and delete_policy
      ecs_ecr:
        region: '{{ ec2_region }}'
        name: '{{ ecr_name }}'
        policy: '{{ policy }}'
        delete_policy: yes
        ec2_access_key: '{{ec2_access_key}}'
        ec2_secret_key: '{{ec2_secret_key}}'
        security_token: '{{security_token}}'
      register: result
      ignore_errors: true

    - name: it should fail
      assert:
        that:
          - result is failed


    - name: When specifying invalid JSON for policy
      ecs_ecr:
        region: '{{ ec2_region }}'
        name: '{{ ecr_name }}'
        policy_text: "Ceci n'est pas une JSON"
        ec2_access_key: '{{ec2_access_key}}'
        ec2_secret_key: '{{ec2_secret_key}}'
        security_token: '{{security_token}}'
      register: result
      ignore_errors: true

    - name: it should fail
      assert:
        that:
          - result is failed


    - name: When in check mode, deleting a policy that exists
      ecs_ecr:
        name: '{{ ecr_name }}'
        region: '{{ ec2_region }}'
        state: absent
        ec2_access_key: '{{ec2_access_key}}'
        ec2_secret_key: '{{ec2_secret_key}}'
        security_token: '{{security_token}}'
      register: result
      check_mode: yes

    - name: it should skip, change and not create
      assert:
        that:
          - result is skipped
          - result is changed
          - not result.created


    - name: When deleting a policy that exists
      ecs_ecr:
        name: '{{ ecr_name }}'
        region: '{{ ec2_region }}'
        state: absent
        ec2_access_key: '{{ec2_access_key}}'
        ec2_secret_key: '{{ec2_secret_key}}'
        security_token: '{{security_token}}'
      register: result

    - name: it should change
      assert:
        that:
          - result is changed


    - name: When in check mode, deleting a policy that does not exist
      ecs_ecr:
        name: '{{ ecr_name }}'
        region: '{{ ec2_region }}'
        state: absent
        ec2_access_key: '{{ec2_access_key}}'
        ec2_secret_key: '{{ec2_secret_key}}'
        security_token: '{{security_token}}'
      register: result
      check_mode: yes

    - name: it should not change
      assert:
        that:
          - result is not skipped
          - result is not changed


    - name: When deleting a policy that does not exist
      ecs_ecr:
        name: '{{ ecr_name }}'
        region: '{{ ec2_region }}'
        state: absent
        ec2_access_key: '{{ec2_access_key}}'
        ec2_secret_key: '{{ec2_secret_key}}'
        security_token: '{{security_token}}'
      register: result

    - name: it should not change
      assert:
        that:
          - result is not changed

  always:

    - name: Delete lingering ECR repository
      ecs_ecr:
        name: '{{ ecr_name }}'
        region: '{{ ec2_region }}'
        state: absent
        ec2_access_key: '{{ec2_access_key}}'
        ec2_secret_key: '{{ec2_secret_key}}'
        security_token: '{{security_token}}'