- name: set connection information for all tasks
  set_fact:
    aws_connection_info: &aws_connection_info
      aws_access_key: "{{ aws_access_key }}"
      aws_secret_key: "{{ aws_secret_key }}"
      security_token: "{{ security_token }}"
      region: "{{ aws_region }}"
  no_log: true

- name: set iam password policy
  iam_password_policy:
    <<: *aws_connection_info
    state: present
    min_pw_length: 8
    require_symbols: false
    require_numbers: true
    require_uppercase: true
    require_lowercase: true
    allow_pw_change: true
    pw_max_age: 60
    pw_reuse_prevent: 5
    pw_expire: false
  register: result

- name: assert that changes were made
  assert:
    that:
      - result.changed

- name: verify iam password policy has been created
  iam_password_policy:
    <<: *aws_connection_info
    state: present
    min_pw_length: 8
    require_symbols: false
    require_numbers: true
    require_uppercase: true
    require_lowercase: true
    allow_pw_change: true
    pw_max_age: 60
    pw_reuse_prevent: 5
    pw_expire: false
  register: result

- name: assert that no changes were made
  assert:
    that:
      - not result.changed

- name: update iam password policy
  iam_password_policy:
    <<: *aws_connection_info
    state: present
    min_pw_length: 15
    require_symbols: true
    require_numbers: true
    require_uppercase: true
    require_lowercase: true
    allow_pw_change: true
    pw_max_age: 30
    pw_reuse_prevent: 10
    pw_expire: true
  register: result

- name: assert that updates were made
  assert:
    that:
      - result.changed

- name: remove iam password policy
  iam_password_policy:
    <<: *aws_connection_info
    state: absent
  register: result

- name: assert password policy has been removed
  assert:
    that:
      - result.changed

- name: verify password policy has been removed
  iam_password_policy:
    <<: *aws_connection_info
    state: absent
  register: result

- name: assert no changes were made
  assert:
    that:
      - not result.changed