@ -1,39 +1,37 @@
---
- name : set up aws connection info
- name : set up aws connection info
set_fact :
module_defaults :
aws_connection_info : &aws_connection_info
group/aws:
aws_access_key : "{{ aws_access_key }}"
aws_access_key : "{{ aws_access_key }}"
aws_secret_key : "{{ aws_secret_key }}"
aws_secret_key : "{{ aws_secret_key }}"
security_token : "{{ security_token }}"
security_token : "{{ security_token | default(omit) }}"
region : "{{ aws_region }}"
region : "{{ aws_region }}"
no_log : yes
block:
- name : ensure ansible user exists
- name : ensure ansible user exists
iam_user:
iam_user:
name : AnsibleTestUser
name : '{{ test_user }}'
state : present
state : present
<< : *aws_connection_info
- name : ensure group exists
- name : ensure group exists
iam_group:
iam_group:
name : ansible_test
name : '{{ test_group }}'
users:
users:
- AnsibleTestUser
- '{{ test_user }}'
state : present
state : present
<< : *aws_connection_info
register : iam_group
register : iam_group
- assert:
- assert:
that:
that:
- iam_group.users
- iam_group.iam_group.users
- iam_group is changed
- name : add non existent user to group
- name : add non existent user to group
iam_group:
iam_group:
name : ansible_test
name : '{{ test_group }}'
users:
users:
- AnsibleTestUser
- '{{ test_user }}'
- NonExistentUser
- NonExistentUser
state : present
state : present
<< : *aws_connection_info
ignore_errors : yes
ignore_errors : yes
register : iam_group
register : iam_group
@ -41,30 +39,87 @@
assert:
assert:
that:
that:
- iam_group is failed
- iam_group is failed
- iam_group.msg.startswith("Couldn't add user NonExistentUser to group ansible_test ")
- iam_group.msg.startswith("Couldn't add user NonExistentUser to group {{ test_group }} ")
- name : remove a user
- name : remove a user
iam_group:
iam_group:
name : ansible_test
name : '{{ test_group }}'
purge_users : True
purge_users : True
users : [ ]
users : [ ]
state : present
state : present
<< : *aws_connection_info
register : iam_group
register : iam_group
- assert:
- assert:
that:
that:
- iam_group.changed
- iam_group is changed
- not iam_group.users
- not iam_group.iam_group.users
- name : re-remove a user (no change)
iam_group:
name : '{{ test_group }}'
purge_users : True
users : [ ]
state : present
register : iam_group
- assert:
that:
- iam_group is not changed
- not iam_group.iam_group.users
- name : Add the user again
iam_group:
name : '{{ test_group }}'
users:
- '{{ test_user }}'
state : present
register : iam_group
- assert:
that:
- iam_group is changed
- iam_group.iam_group.users
- name : Re-add the user
iam_group:
name : '{{ test_group }}'
users:
- '{{ test_user }}'
state : present
register : iam_group
- assert:
that:
- iam_group is not changed
- iam_group.iam_group.users
- name : remove group
iam_group:
name : '{{ test_group }}'
state : absent
register : iam_group
- assert:
that:
- iam_group is changed
- name : re-remove group
iam_group:
name : '{{ test_group }}'
state : absent
register : iam_group
- assert:
that:
- iam_group is not changed
always:
- name : remove group
- name : remove group
iam_group:
iam_group:
name : ansible_test
name : '{{ test_group }}'
state : absent
state : absent
<< : *aws_connection_info
- name : remove ansible user
- name : remove ansible user
iam_user:
iam_user:
name : AnsibleTestUser
name : '{{ test_user }}'
state : absent
state : absent
<< : *aws_connection_info