---
# ============================================================
- name: test register email identity
  block:
    - name: register email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: present
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
      register: result
    - name: assert changed is True
      assert:
        that:
          - result.changed == True
    - import_tasks: assert_defaults.yaml
      vars:
        identity: "{{ email_identity }}"
  always:
    - name: cleanup email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: absent
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
# ============================================================
- name: test register domain identity
  block:
    - name: register domain identity
      aws_ses_identity:
        identity: "{{ domain_identity }}"
        state: present
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
      register: result
    - name: assert changed is True
      assert:
        that:
          - result.changed == True
    - import_tasks: assert_defaults.yaml
      vars:
        identity: "{{ domain_identity }}"
    - name: assert verification_attributes.verification_token is defined
      assert:
        that:
          - result.verification_attributes.verification_token
  always:
    - name: cleanup domain identity
      aws_ses_identity:
        identity: "{{ domain_identity }}"
        state: absent
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
# ============================================================
- name: test email_identity unchanged when already existing
  block:
    - name: register identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: present
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
    - name: duplicate register identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: present
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
      register: result
    - name: assert changed is False
      assert:
        that:
          - result.changed == False
    - import_tasks: assert_defaults.yaml
      vars:
        identity: "{{ email_identity }}"
  always:
    - name: cleanup identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: absent
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
# ============================================================
- name: test domain_identity unchanged when already existing
  block:
    - name: register identity
      aws_ses_identity:
        identity: "{{ domain_identity }}"
        state: present
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
    - name: duplicate register identity
      aws_ses_identity:
        identity: "{{ domain_identity }}"
        state: present
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
      register: result
    - name: assert changed is False
      assert:
        that:
          - result.changed == False
    - import_tasks: assert_defaults.yaml
      vars:
        identity: "{{ domain_identity }}"
  always:
    - name: cleanup identity
      aws_ses_identity:
        identity: "{{ domain_identity }}"
        state: absent
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
# ============================================================
- name: remove non-existent email identity
  aws_ses_identity:
    identity: "{{ email_identity }}"
    state: absent
    region: "{{ ec2_region }}"
    aws_access_key: "{{ ec2_access_key }}"
    aws_secret_key: "{{ ec2_secret_key }}"
    security_token: "{{security_token}}"
  register: result
- name: assert changed is False
  assert:
    that:
      - result.changed == False
# ============================================================
- name: remove non-existent domain identity
  aws_ses_identity:
    identity: "{{ domain_identity }}"
    state: absent
    region: "{{ ec2_region }}"
    aws_access_key: "{{ ec2_access_key }}"
    aws_secret_key: "{{ ec2_secret_key }}"
    security_token: "{{security_token}}"
  register: result
- name: assert changed is False
  assert:
    that:
      - result.changed == False
# ============================================================
- name: test set notification queues
  block:
    - name: test topic
      sns_topic:
        name: "{{ notification_queue_name }}-{{ item }}"
        state: present
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
      register: topic_info
      with_items:
        - bounce
        - complaint
        - delivery
    - name: register email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: present
        bounce_notifications:
          topic: "{{ topic_info.results[0].sns_arn }}"
        complaint_notifications:
          topic: "{{ topic_info.results[1].sns_arn }}"
        delivery_notifications:
          topic: "{{ topic_info.results[2].sns_arn }}"
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
      register: result
    - name: assert notification settings
      assert:
        that:
          - result.notification_attributes.bounce_topic == topic_info.results[0].sns_arn
          - result.notification_attributes.complaint_topic == topic_info.results[1].sns_arn
          - result.notification_attributes.delivery_topic == topic_info.results[2].sns_arn
    - name: assert notification headers unchanged
      assert:
        that:
          - result.notification_attributes.headers_in_bounce_notifications_enabled == False
          - result.notification_attributes.headers_in_complaint_notifications_enabled == False
          - result.notification_attributes.headers_in_delivery_notifications_enabled == False
  always:
    - name: cleanup topics
      sns_topic:
        name: "{{ notification_queue_name }}-{{ item }}"
        state: absent
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
      with_items:
        - bounce
        - complaint
        - delivery
    - name: cleanup email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: absent
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
# ============================================================
- name: test change notification queues after create
  block:
    - name: test topic
      sns_topic:
        name: "{{ notification_queue_name }}-{{ item }}"
        state: present
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
      register: topic_info
      with_items:
        - bounce
        - complaint
        - delivery
    - name: register email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: present
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
    - name: set notification topics
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: present
        bounce_notifications:
          topic: "{{ topic_info.results[0].sns_arn }}"
        complaint_notifications:
          topic: "{{ topic_info.results[1].sns_arn }}"
        delivery_notifications:
          topic: "{{ topic_info.results[2].sns_arn }}"
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
      register: result
    - name: assert changed is True
      assert:
        that:
          - result.changed == True
    - name: assert notification settings
      assert:
        that:
          - result.notification_attributes.bounce_topic == topic_info.results[0].sns_arn
          - result.notification_attributes.complaint_topic == topic_info.results[1].sns_arn
          - result.notification_attributes.delivery_topic == topic_info.results[2].sns_arn
  always:
    - name: cleanup topics
      sns_topic:
        name: "{{ notification_queue_name }}-{{ item }}"
        state: absent
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
      with_items:
        - bounce
        - complaint
        - delivery
    - name: cleanup email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: absent
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
# ============================================================
- name: test include headers on notification queues
  block:
    - name: register email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: present
        bounce_notifications:
          include_headers: Yes
        complaint_notifications:
          include_headers: Yes
        delivery_notifications:
          include_headers: Yes
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
      register: result
    - name: assert notification headers enabled
      assert:
        that:
          - result.notification_attributes.headers_in_bounce_notifications_enabled == True
          - result.notification_attributes.headers_in_complaint_notifications_enabled == True
          - result.notification_attributes.headers_in_delivery_notifications_enabled == True
  always:
    - name: cleanup email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: absent
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
# ============================================================
- name: test disable feedback forwarding
  block:
    - name: test topic
      sns_topic:
        name: "{{ notification_queue_name }}-{{ item }}"
        state: present
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
      register: topic_info
      with_items:
        - bounce
        - complaint
    - name: register email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: present
        bounce_notifications:
          topic: "{{ topic_info.results[0].sns_arn }}"
        complaint_notifications:
          topic: "{{ topic_info.results[1].sns_arn }}"
        feedback_forwarding: No
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
      register: result
    - name: assert feedback_forwarding == False
      assert:
        that:
          - result.notification_attributes.forwarding_enabled == False
  always:
    - name: cleanup topics
      sns_topic:
        name: "{{ notification_queue_name }}-{{ item }}"
        state: absent
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
      with_items:
        - bounce
        - complaint
    - name: cleanup email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: absent
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
# ============================================================
- name: test disable feedback forwarding fails if no topics
  block:
    - name: register identity
      aws_ses_identity:
        identity: "{{ domain_identity }}"
        state: present
        feedback_forwarding: No
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"
      register: result
      failed_when: result.failed == False
    - name: assert error.code == InvalidParameterValue
      assert:
        that:
          - result.error.code == 'InvalidParameterValue'
  always:
    - name: cleanup identity
      aws_ses_identity:
        identity: "{{ domain_identity }}"
        state: absent
        region: "{{ ec2_region }}"
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        security_token: "{{security_token}}"