---
# A Note about ec2 environment variable name preference:
#  - EC2_URL -> AWS_URL
#  - EC2_ACCESS_KEY -> AWS_ACCESS_KEY_ID -> AWS_ACCESS_KEY
#  - EC2_SECRET_KEY -> AWS_SECRET_ACCESS_KEY -> AWX_SECRET_KEY
#  - EC2_REGION -> AWS_REGION
#

# - include: ../../setup_ec2/tasks/common.yml module_name: ec2_instance

- block:

    # ============================================================
    - name: set connection information for all tasks
      set_fact:
        aws_connection_info: &aws_connection_info
          aws_access_key: "{{ aws_access_key }}"
          aws_secret_key: "{{ aws_secret_key }}"
          security_token: "{{ security_token }}"
          region: "{{ aws_region }}"
      no_log: true

    - name: Create VPC for use in testing
      ec2_vpc_net:
        name: "{{ resource_prefix }}-vpc"
        cidr_block: 10.22.32.0/23
        tags:
          Name: Ansible ec2_instance Testing VPC
        tenancy: default
        <<: *aws_connection_info
      register: testing_vpc

    - name: Create internet gateway for use in testing
      ec2_vpc_igw:
        vpc_id: "{{ testing_vpc.vpc.id }}"
        state: present
        <<: *aws_connection_info
      register: igw

    - name: Create default subnet in zone A
      ec2_vpc_subnet:
        state: present
        vpc_id: "{{ testing_vpc.vpc.id }}"
        cidr: 10.22.32.0/24
        az: "{{ aws_region }}a"
        resource_tags:
          Name: "{{ resource_prefix }}-subnet-a"
        <<: *aws_connection_info
      register: testing_subnet_a

    - name: Create secondary subnet in zone B
      ec2_vpc_subnet:
        state: present
        vpc_id: "{{ testing_vpc.vpc.id }}"
        cidr: 10.22.33.0/24
        az: "{{ aws_region }}b"
        resource_tags:
          Name: "{{ resource_prefix }}-subnet-b"
        <<: *aws_connection_info
      register: testing_subnet_b

    - name: create routing rules
      ec2_vpc_route_table:
        vpc_id: "{{ testing_vpc.vpc.id }}"
        tags:
          created: "{{ resource_prefix }}-route"
        routes:
          - dest: 0.0.0.0/0
            gateway_id: "{{ igw.gateway_id }}"
        subnets:
          - "{{ testing_subnet_a.subnet.id }}"
          - "{{ testing_subnet_b.subnet.id }}"
        <<: *aws_connection_info

    - name: create a security group with the vpc
      ec2_group:
        name: "{{ resource_prefix }}-sg"
        description: a security group for ansible tests
        vpc_id: "{{ testing_vpc.vpc.id }}"
        rules:
          - proto: tcp
            from_port: 22
            to_port: 22
            cidr_ip: 0.0.0.0/0
          - proto: tcp
            from_port: 80
            to_port: 80
            cidr_ip: 0.0.0.0/0
        <<: *aws_connection_info
      register: sg

    - include_tasks: tasks/termination_protection.yml
    - include_tasks: tasks/tags_and_vpc_settings.yml
    - include_tasks: tasks/external_resource_attach.yml
    - include_tasks: tasks/block_devices.yml
    - include_tasks: tasks/default_vpc_tests.yml
    - include_tasks: tasks/iam_instance_role.yml


    # ============================================================

  always:
    - name: remove any instances in the test VPC
      ec2_instance:
        filters:
          vpc_id: "{{ testing_vpc.vpc.id }}"
        state: absent
        <<: *aws_connection_info
      register: removed
      until: removed is not failed
      ignore_errors: yes
      retries: 10

    - name: remove ENIs
      ec2_eni_facts:
        filters:
          vpc-id: "{{ testing_vpc.vpc.id }}"
        <<: *aws_connection_info
      register: enis

    - name: delete all ENIs
      ec2_eni:
        eni_id: "{{ item.id }}"
        state: absent
        <<: *aws_connection_info
      until: removed is not failed
      with_items: "{{ enis.network_interfaces }}"
      ignore_errors: yes
      retries: 10

    - name: remove the security group
      ec2_group:
        name: "{{ resource_prefix }}-sg"
        description: a security group for ansible tests
        vpc_id: "{{ testing_vpc.vpc.id }}"
        state: absent
        <<: *aws_connection_info
      register: removed
      until: removed is not failed
      ignore_errors: yes
      retries: 10

    - name: remove routing rules
      ec2_vpc_route_table:
        state: absent
        vpc_id: "{{ testing_vpc.vpc.id }}"
        tags:
          created: "{{ resource_prefix }}-route"
        routes:
          - dest: 0.0.0.0/0
            gateway_id: "{{ igw.gateway_id }}"
        subnets:
          - "{{ testing_subnet_a.subnet.id }}"
          - "{{ testing_subnet_b.subnet.id }}"
        <<: *aws_connection_info
      register: removed
      until: removed is not failed
      ignore_errors: yes
      retries: 10

    - name: remove internet gateway
      ec2_vpc_igw:
        vpc_id: "{{ testing_vpc.vpc.id }}"
        state: absent
        <<: *aws_connection_info
      register: removed
      until: removed is not failed
      ignore_errors: yes
      retries: 10

    - name: remove subnet A
      ec2_vpc_subnet:
        state: absent
        vpc_id: "{{ testing_vpc.vpc.id }}"
        cidr: 10.22.32.0/24
        <<: *aws_connection_info
      register: removed
      until: removed is not failed
      ignore_errors: yes
      retries: 10

    - name: remove subnet B
      ec2_vpc_subnet:
        state: absent
        vpc_id: "{{ testing_vpc.vpc.id }}"
        cidr: 10.22.33.0/24
        <<: *aws_connection_info
      register: removed
      until: removed is not failed
      ignore_errors: yes
      retries: 10

    - name: remove the VPC
      ec2_vpc_net:
        name: "{{ resource_prefix }}-vpc"
        cidr_block: 10.22.32.0/23
        state: absent
        tags:
          Name: Ansible Testing VPC
        tenancy: default
        <<: *aws_connection_info
      register: removed
      until: removed is not failed
      ignore_errors: yes
      retries: 10