---
# A Note about ec2 environment variable name preference:
#  - EC2_URL -> AWS_URL
#  - EC2_ACCESS_KEY -> AWS_ACCESS_KEY_ID -> AWS_ACCESS_KEY
#  - EC2_SECRET_KEY -> AWS_SECRET_ACCESS_KEY -> AWX_SECRET_KEY
#  - EC2_REGION -> AWS_REGION
#
# TODO - name: test 'validate_certs' parameter
# TODO - name: test creating key pair with another_key_material with force=yes
# ============================================================
# - include: ../../setup_ec2/tasks/common.yml module_name=ec2_key

- block:

    # ============================================================
    - name: test with no parameters
      ec2_key:
      register: result
      ignore_errors: true

    - name: assert failure when called with no parameters
      assert:
        that:
           - 'result.failed'
           - 'result.msg == "missing required arguments: name"'

    # ============================================================
    - name: test removing a non-existent key pair
      ec2_key:
        name='{{ec2_key_name}}'
        ec2_region={{ec2_region}}
        ec2_access_key={{ec2_access_key}}
        ec2_secret_key={{ec2_secret_key}}
        security_token={{security_token}}
        state=absent
      register: result

    - name: assert removing a non-existent key pair
      assert:
        that:
          - 'not result.changed'

    # ============================================================
    - name: test creating a new key pair
      ec2_key:
        name='{{ec2_key_name}}'
        ec2_region={{ec2_region}}
        ec2_access_key={{ec2_access_key}}
        ec2_secret_key={{ec2_secret_key}}
        security_token={{security_token}}
        state=present
      register: result

    - name: assert creating a new key pair
      assert:
        that:
           - 'result.changed'
           - '"key" in result'
           - '"name" in result.key'
           - '"fingerprint" in result.key'
           - '"private_key" in result.key'
           - 'result.key.name == "{{ec2_key_name}}"'

    # ============================================================
    - name: test removing an existent key
      ec2_key:
        name='{{ec2_key_name}}'
        state=absent
      environment:
        EC2_REGION: '{{ec2_region}}'
        EC2_ACCESS_KEY: '{{ec2_access_key}}'
        EC2_SECRET_KEY: '{{ec2_secret_key}}'
        EC2_SECURITY_TOKEN: '{{security_token|default("")}}'
      register: result

    - name: assert removing an existent key
      assert:
        that:
           - 'result.changed'
           - '"key" in result'
           - 'result.key == None'

    # ============================================================
    - name: test state=present with key_material
      ec2_key:
        name='{{ec2_key_name}}'
        key_material='{{key_material}}'
        state=present
      environment:
        EC2_REGION: '{{ec2_region}}'
        EC2_ACCESS_KEY: '{{ec2_access_key}}'
        EC2_SECRET_KEY: '{{ec2_secret_key}}'
        EC2_SECURITY_TOKEN: '{{security_token|default("")}}'
      register: result

    - name: assert state=present with key_material
      assert:
        that:
           - 'result.changed == True'
           - '"key" in result'
           - '"name" in result.key'
           - '"fingerprint" in result.key'
           - '"private_key" not in result.key'
           - 'result.key.name == "{{ec2_key_name}}"'
           - 'result.key.fingerprint == "{{fingerprint}}"'

    # ============================================================

    - name: test force=no with another_key_material (expect changed=false)
      ec2_key:
        name: '{{ ec2_key_name }}'
        ec2_region: '{{ ec2_region }}'
        ec2_access_key: '{{ ec2_access_key }}'
        ec2_secret_key: '{{ ec2_secret_key }}'
        security_token: '{{ security_token }}'
        key_material: '{{ another_key_material }}'
        force: no
      register: result

    - name: assert force=no with another_key_material (expect changed=false)
      assert:
        that:
          - 'not result.changed'
          - 'result.key.fingerprint == "{{ fingerprint }}"'

    # ============================================================

    - name: test updating a key pair using another_key_material (expect changed=True)
      ec2_key:
        name: '{{ ec2_key_name }}'
        ec2_region: '{{ ec2_region }}'
        ec2_access_key: '{{ ec2_access_key }}'
        ec2_secret_key: '{{ ec2_secret_key }}'
        security_token: '{{ security_token }}'
        key_material: '{{ another_key_material }}'
      register: result

    - name: assert updating a key pair using another_key_material (expect changed=True)
      assert:
        that:
          - 'result.changed'
          - 'result.key.fingerprint != "{{ fingerprint }}"'

    # ============================================================

  always:

    # ============================================================
    - name: test state=absent (expect changed=true)
      ec2_key:
        name='{{ec2_key_name}}'
        ec2_region='{{ec2_region}}'
        ec2_access_key='{{ec2_access_key}}'
        ec2_secret_key='{{ec2_secret_key}}'
        security_token='{{security_token}}'
        state=absent
      register: result

    - name: assert state=absent with key_material (expect changed=true)
      assert:
        that:
           - 'result.changed'
           - '"key" in result'
           - 'result.key == None'