---
- block:
    - name: set up aws connection info
      set_fact:
        aws_connection_info: &aws_connection_info
          aws_access_key: "{{ aws_access_key }}"
          aws_secret_key: "{{ aws_secret_key }}"
          security_token: "{{ security_token }}"
          region: "{{ aws_region }}"
      no_log: yes

    - name: Create a group with self-referring rule
      ec2_group:
        name: '{{ec2_group_name}}-auto-create-1'
        vpc_id: '{{ vpc_result.vpc.id }}'
        description: '{{ec2_group_description}}'
        rules:
        - proto: "tcp"
          from_port: 8000
          to_port: 8100
          group_name: '{{ec2_group_name}}-auto-create-1'
        <<: *aws_connection_info
        state: present
      register: result

    - name: Create a second group rule
      ec2_group:
        name: '{{ec2_group_name}}-auto-create-2'
        vpc_id: '{{ vpc_result.vpc.id }}'
        description: '{{ec2_group_description}}'
        <<: *aws_connection_info
        state: present

    - name: Create a series of rules with a recently created group as target
      ec2_group:
        name: '{{ec2_group_name}}-auto-create-1'
        vpc_id: '{{ vpc_result.vpc.id }}'
        description: '{{ec2_group_description}}'
        purge_rules: false
        rules:
        - proto: "tcp"
          from_port: "{{ item }}"
          to_port: "{{ item }}"
          group_name: '{{ec2_group_name}}-auto-create-2'
        <<: *aws_connection_info
        state: present
      register: result
      with_items:
        - 20
        - 40
        - 60
        - 80

    - name: Create a group with only the default rule
      ec2_group:
        name: '{{ec2_group_name}}-auto-create-1'
        vpc_id: '{{ vpc_result.vpc.id }}'
        description: '{{ec2_group_description}}'
        rules:
        - proto: "tcp"
          from_port: 8182
          to_port: 8182
          group_name: '{{ec2_group_name}}-auto-create-3'
        <<: *aws_connection_info
        state: present
      register: result
      ignore_errors: true

    - name: assert you can't create a new group from a rule target with no description
      assert:
        that:
          - result is failed

    - name: Create a group with a target of a separate group
      ec2_group:
        name: '{{ec2_group_name}}-auto-create-1'
        vpc_id: '{{ vpc_result.vpc.id }}'
        description: '{{ec2_group_description}}'
        rules:
        - proto: tcp
          ports:
            - 22
            - 80
          group_name: '{{ec2_group_name}}-auto-create-3'
          group_desc: '{{ec2_group_description}}'
        <<: *aws_connection_info
        state: present
      register: result

    - name: Create a 4th group
      ec2_group:
        name: '{{ec2_group_name}}-auto-create-4'
        vpc_id: '{{ vpc_result.vpc.id }}'
        description: '{{ec2_group_description}}'
        <<: *aws_connection_info
        state: present
        rules:
        - proto: tcp
          ports:
            - 22
          cidr_ip: 0.0.0.0/0

    - name: use recently created group in a rule
      ec2_group:
        name: '{{ec2_group_name}}-auto-create-5'
        vpc_id: '{{ vpc_result.vpc.id }}'
        description: '{{ec2_group_description}}'
        rules:
        - proto: tcp
          ports:
            - 443
          group_name: '{{ec2_group_name}}-auto-create-4'
        <<: *aws_connection_info
        state: present

  always:
    - name: tidy up egress rule test security group
      ec2_group:
        name: '{{ec2_group_name}}-auto-create-{{ item }}'
        state: absent
        vpc_id: '{{ vpc_result.vpc.id }}'
        <<: *aws_connection_info
      ignore_errors: yes
      with_items: [5, 4, 3, 2, 1]
    - name: tidy up egress rule test security group
      ec2_group:
        name: '{{ec2_group_name}}-auto-create-{{ item }}'
        state: absent
        vpc_id: '{{ vpc_result.vpc.id }}'
        <<: *aws_connection_info
      ignore_errors: yes
      with_items: [1, 2, 3, 4, 5]