--- - set_fact: ecr_name: '{{ resource_prefix }}-ecr' - block: - name: set connection information for all tasks set_fact: aws_connection_info: &aws_connection_info aws_access_key: "{{ aws_access_key }}" aws_secret_key: "{{ aws_secret_key }}" security_token: "{{ security_token }}" region: "{{ aws_region }}" no_log: yes - name: When creating with check mode ecs_ecr: name: '{{ ecr_name }}' <<: *aws_connection_info register: result check_mode: yes - name: it should skip, change and create assert: that: - result is skipped - result is changed - result.created - name: When specifying a registry that is inaccessible ecs_ecr: registry_id: 999999999999 name: '{{ ecr_name }}' <<: *aws_connection_info register: result ignore_errors: true - name: it should fail with an AccessDeniedException assert: that: - result is failed - '"AccessDeniedException" in result.msg' - name: When creating a repository ecs_ecr: name: '{{ ecr_name }}' <<: *aws_connection_info register: result - name: it should change and create assert: that: - result is changed - result.created - name: it should have been configured as mutable by default assert: that: - result.repository.imageTagMutability == "MUTABLE" - name: When creating a repository that already exists in check mode ecs_ecr: name: '{{ ecr_name }}' <<: *aws_connection_info register: result check_mode: yes - name: it should not skip, should not change assert: that: - result is not skipped - result is not changed - name: When creating a repository that already exists ecs_ecr: name: '{{ ecr_name }}' <<: *aws_connection_info register: result - name: it should not change assert: that: - result is not changed - name: When in check mode, and deleting a policy that does not exist ecs_ecr: name: '{{ ecr_name }}' purge_policy: yes <<: *aws_connection_info register: result check_mode: yes - name: it should not skip and not change assert: that: - result is not skipped - result is not changed - name: When in check mode, setting policy on a repository that has no policy ecs_ecr: name: '{{ ecr_name }}' policy: '{{ policy }}' <<: *aws_connection_info register: result check_mode: yes - name: it should skip, change and not create assert: that: - result is skipped - result is changed - not result.created - name: When setting policy on a repository that has no policy ecs_ecr: name: '{{ ecr_name }}' policy: '{{ policy }}' <<: *aws_connection_info register: result - name: it should change and not create assert: that: - result is changed - not result.created - name: When in check mode, and deleting a policy that exists ecs_ecr: name: '{{ ecr_name }}' delete_policy: yes <<: *aws_connection_info register: result check_mode: yes - name: it should skip, change but not create, have deprecations assert: that: - result is skipped - result is changed - not result.created - result.deprecations - name: When in check mode, and purging a policy that exists ecs_ecr: name: '{{ ecr_name }}' purge_policy: yes <<: *aws_connection_info register: result check_mode: yes - name: it should skip, change but not create, no deprecations assert: that: - result is skipped - result is changed - not result.created - result.deprecations is not defined - name: When purging a policy that exists ecs_ecr: name: '{{ ecr_name }}' purge_policy: yes <<: *aws_connection_info register: result - name: it should change and not create assert: that: - result is changed - not result.created - name: When setting a policy as a string ecs_ecr: name: '{{ ecr_name }}' policy: '{{ policy | to_json }}' <<: *aws_connection_info register: result - name: it should change and not create assert: that: - result is changed - not result.created - name: When setting a policy to its current value ecs_ecr: name: '{{ ecr_name }}' policy: '{{ policy }}' <<: *aws_connection_info register: result - name: it should not change assert: that: - result is not changed - name: When omitting policy on a repository that has a policy ecs_ecr: name: '{{ ecr_name }}' <<: *aws_connection_info register: result - name: it should not change assert: that: - result is not changed - name: When specifying both policy and purge_policy ecs_ecr: name: '{{ ecr_name }}' policy: '{{ policy }}' purge_policy: yes <<: *aws_connection_info register: result ignore_errors: true - name: it should fail assert: that: - result is failed - name: When specifying invalid JSON for policy ecs_ecr: name: '{{ ecr_name }}' policy: "Ceci n'est pas une JSON" <<: *aws_connection_info register: result ignore_errors: true - name: it should fail assert: that: - result is failed - name: When in check mode, and purging a lifecycle policy that does not exists ecs_ecr: name: '{{ ecr_name }}' purge_lifecycle_policy: yes <<: *aws_connection_info register: result check_mode: yes - name: it should not skip and not change assert: that: - not result is skipped - not result is changed - name: When in check mode, setting lifecyle policy on a repository that has no policy ecs_ecr: name: '{{ ecr_name }}' lifecycle_policy: '{{ lifecycle_policy }}' <<: *aws_connection_info register: result check_mode: yes - name: it should skip, change and not create assert: that: - result is skipped - result is changed - not result.created - name: When setting lifecycle policy on a repository that has no policy ecs_ecr: name: '{{ ecr_name }}' lifecycle_policy: '{{ lifecycle_policy }}' <<: *aws_connection_info register: result - name: it should change and not create assert: that: - result is changed - not result.created - result.lifecycle_policy is defined - result.lifecycle_policy.rules|length == 1 - name: When in check mode, and purging a lifecyle policy that exists ecs_ecr: name: '{{ ecr_name }}' purge_lifecycle_policy: yes <<: *aws_connection_info register: result check_mode: yes - name: it should skip, change but not create assert: that: - result is skipped - result is changed - not result.created - name: When purging a lifecycle policy that exists ecs_ecr: name: '{{ ecr_name }}' purge_lifecycle_policy: yes <<: *aws_connection_info register: result - name: it should change and not create assert: that: - result is changed - not result.created - name: When setting a lifecyle policy as a string ecs_ecr: name: '{{ ecr_name }}' lifecycle_policy: '{{ lifecycle_policy | to_json }}' <<: *aws_connection_info register: result - name: it should change and not create assert: that: - result is changed - not result.created - name: When setting a lifecycle policy to its current value ecs_ecr: name: '{{ ecr_name }}' lifecycle_policy: '{{ lifecycle_policy }}' <<: *aws_connection_info register: result - name: it should not change assert: that: - not result is changed - name: When omitting lifecycle policy on a repository that has a policy ecs_ecr: name: '{{ ecr_name }}' <<: *aws_connection_info register: result - name: it should not change assert: that: - not result is changed - name: When specifying both lifecycle_policy and purge_lifecycle_policy ecs_ecr: name: '{{ ecr_name }}' lifecycle_policy: '{{ lifecycle_policy }}' purge_lifecycle_policy: yes <<: *aws_connection_info register: result ignore_errors: true - name: it should fail assert: that: - result is failed - name: When specifying invalid JSON for lifecycle policy ecs_ecr: name: '{{ ecr_name }}' lifecycle_policy: "Ceci n'est pas une JSON" <<: *aws_connection_info register: result ignore_errors: true - name: it should fail assert: that: - result is failed - name: When specifying an invalid document for lifecycle policy ecs_ecr: name: '{{ ecr_name }}' lifecycle_policy: rules: - invalid: "Ceci n'est pas une rule" <<: *aws_connection_info register: result ignore_errors: true - name: it should fail assert: that: - result is failed - name: When in check mode, deleting a repository that exists ecs_ecr: name: '{{ ecr_name }}' state: absent <<: *aws_connection_info register: result check_mode: yes - name: it should skip, change and not create assert: that: - result is skipped - result is changed - not result.created - name: When deleting a repository that exists ecs_ecr: name: '{{ ecr_name }}' state: absent <<: *aws_connection_info register: result - name: it should change assert: that: - result is changed - name: When in check mode, deleting a repository that does not exist ecs_ecr: name: '{{ ecr_name }}' state: absent <<: *aws_connection_info register: result check_mode: yes - name: it should not change assert: that: - result is not skipped - result is not changed - name: When deleting a repository that does not exist ecs_ecr: name: '{{ ecr_name }}' state: absent <<: *aws_connection_info register: result - name: it should not change assert: that: - result is not changed - name: When creating an immutable repository ecs_ecr: name: '{{ ecr_name }}' region: '{{ ec2_region }}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' image_tag_mutability: immutable register: result - name: it should change and create assert: that: - result is changed - result.created - name: it should have been configured as immutable assert: that: - result.repository.imageTagMutability == "IMMUTABLE" - name: When configuring an existing immutable repository to be mutable in check mode ecs_ecr: name: '{{ ecr_name }}' region: '{{ ec2_region }}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' image_tag_mutability: mutable register: result check_mode: yes - name: it should skip, change and configured mutable assert: that: - result is skipped - result is changed - result.repository.imageTagMutability == "MUTABLE" - name: When configuring an existing immutable repository to be mutable ecs_ecr: name: '{{ ecr_name }}' region: '{{ ec2_region }}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' image_tag_mutability: mutable register: result - name: it should change and configured mutable assert: that: - result is changed - result.repository.imageTagMutability == "MUTABLE" - name: When configuring an already mutable repository to be mutable ecs_ecr: name: '{{ ecr_name }}' region: '{{ ec2_region }}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' image_tag_mutability: mutable register: result - name: it should not change assert: that: - result is not changed always: - name: Delete lingering ECR repository ecs_ecr: name: '{{ ecr_name }}' state: absent <<: *aws_connection_info