---
- block:
    - name: set up aws connection info
      set_fact:
        group_tmp_name: '{{ec2_group_name}}-numbered-protos'
        aws_connection_info: &aws_connection_info
          aws_access_key: "{{ aws_access_key }}"
          aws_secret_key: "{{ aws_secret_key }}"
          security_token: "{{ security_token }}"
          region: "{{ aws_region }}"
      no_log: yes

    - name: Create a group with numbered protocol (GRE)
      ec2_group:
        name: '{{ group_tmp_name }}'
        vpc_id: '{{ vpc_result.vpc.id }}'
        description: '{{ ec2_group_description }}'
        rules:
        - proto: 47
          to_port: -1
          from_port: -1
          cidr_ip: 0.0.0.0/0
        <<: *aws_connection_info
        state: present
      register: result

    - name: Create a group with a quoted proto
      ec2_group:
        name: '{{ group_tmp_name }}'
        vpc_id: '{{ vpc_result.vpc.id }}'
        description: '{{ ec2_group_description }}'
        rules:
        - proto: '47'
          to_port: -1
          from_port: -1
          cidr_ip: 0.0.0.0/0
        <<: *aws_connection_info
        state: present
      register: result
    - assert:
        that:
          - result is not changed
    - name: Add a tag with a numeric value
      ec2_group:
        name: '{{ group_tmp_name }}'
        vpc_id: '{{ vpc_result.vpc.id }}'
        description: '{{ ec2_group_description }}'
        tags:
          foo: 1
        <<: *aws_connection_info
    - name: Read a tag with a numeric value
      ec2_group:
        name: '{{ group_tmp_name }}'
        vpc_id: '{{ vpc_result.vpc.id }}'
        description: '{{ ec2_group_description }}'
        tags:
          foo: 1
        <<: *aws_connection_info
      register: result
    - assert:
        that:
          - result is not changed

  always:
    - name: tidy up egress rule test security group
      ec2_group:
        name: '{{group_tmp_name}}'
        state: absent
        vpc_id: '{{ vpc_result.vpc.id }}'
        <<: *aws_connection_info
      ignore_errors: yes