---
# ============================================================
- name: set up aws connection info
  set_fact:
    aws_connection_info: &aws_connection_info
      aws_access_key: "{{ aws_access_key }}"
      aws_secret_key: "{{ aws_secret_key }}"
      security_token: "{{ security_token }}"
      region: "{{ aws_region }}"
  no_log: yes

- name: test register email identity
  block:
    - name: register email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: present
        <<: *aws_connection_info
      register: result
    - name: assert changed is True
      assert:
        that:
          - result.changed == True
    - import_tasks: assert_defaults.yaml
      vars:
        identity: "{{ email_identity }}"
  always:
    - name: cleanup email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: absent
        <<: *aws_connection_info
# ============================================================
- name: test register domain identity
  block:
    - name: register domain identity
      aws_ses_identity:
        identity: "{{ domain_identity }}"
        state: present
        <<: *aws_connection_info
      register: result
    - name: assert changed is True
      assert:
        that:
          - result.changed == True
    - import_tasks: assert_defaults.yaml
      vars:
        identity: "{{ domain_identity }}"
    - name: assert verification_attributes.verification_token is defined
      assert:
        that:
          - result.verification_attributes.verification_token
  always:
    - name: cleanup domain identity
      aws_ses_identity:
        identity: "{{ domain_identity }}"
        state: absent
        <<: *aws_connection_info
# ============================================================
- name: test email_identity unchanged when already existing
  block:
    - name: register identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: present
        <<: *aws_connection_info
    - name: duplicate register identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: present
        <<: *aws_connection_info
      register: result
    - name: assert changed is False
      assert:
        that:
          - result.changed == False
    - import_tasks: assert_defaults.yaml
      vars:
        identity: "{{ email_identity }}"
  always:
    - name: cleanup identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: absent
        <<: *aws_connection_info
# ============================================================
- name: test domain_identity unchanged when already existing
  block:
    - name: register identity
      aws_ses_identity:
        identity: "{{ domain_identity }}"
        state: present
        <<: *aws_connection_info
    - name: duplicate register identity
      aws_ses_identity:
        identity: "{{ domain_identity }}"
        state: present
        <<: *aws_connection_info
      register: result
    - name: assert changed is False
      assert:
        that:
          - result.changed == False
    - import_tasks: assert_defaults.yaml
      vars:
        identity: "{{ domain_identity }}"
  always:
    - name: cleanup identity
      aws_ses_identity:
        identity: "{{ domain_identity }}"
        state: absent
        <<: *aws_connection_info
# ============================================================
- name: test register email identity check mode
  block:
    - name: register email identity check mode
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: present
        <<: *aws_connection_info
      register: result
      check_mode: True

    - name: assert changed is True
      assert:
        that:
          - result.changed == True

    - import_tasks: assert_defaults.yaml
      vars:
        identity: "{{ email_identity }}"

  always:
    - name: cleanup email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: absent
        <<: *aws_connection_info
      register: result

    - name: assert nothing to clean up since check mode
      assert:
        that:
          - result.changed == False
# ============================================================
- name: test register domain identity check mode
  block:
    - name: register domain identity check mode
      aws_ses_identity:
        identity: "{{ domain_identity }}"
        state: present
        <<: *aws_connection_info
      register: result
      check_mode: True

    - name: assert changed is True
      assert:
        that:
          - result.changed == True

    - import_tasks: assert_defaults.yaml
      vars:
        identity: "{{ domain_identity }}"

  always:
    - name: cleanup domain identity
      aws_ses_identity:
        identity: "{{ domain_identity }}"
        state: absent
        <<: *aws_connection_info
      register: result

    - name: assert nothing to clean up since check mode
      assert:
        that:
          - result.changed == False
# ============================================================
- name: remove non-existent email identity
  aws_ses_identity:
    identity: "{{ email_identity }}"
    state: absent
    <<: *aws_connection_info
  register: result
- name: assert changed is False
  assert:
    that:
      - result.changed == False
# ============================================================
- name: remove non-existent domain identity
  aws_ses_identity:
    identity: "{{ domain_identity }}"
    state: absent
    <<: *aws_connection_info
  register: result
- name: assert changed is False
  assert:
    that:
      - result.changed == False
# ============================================================
- name: test remove email identity check mode
  block:
    - name: register email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: present
        <<: *aws_connection_info
      register: result

    - name: remove email identity check mode
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: absent
        <<: *aws_connection_info
      register: result
      check_mode: True

    - name: assert changed is True
      assert:
        that:
          - result.changed == True
  always:
    - name: cleanup email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: absent
        <<: *aws_connection_info
      register: result

    - name: assert something to clean up since remove was check mode
      assert:
        that:
          - result.changed == True
# ============================================================
- name: test remove domain identity check mode
  block:
    - name: register domain identity
      aws_ses_identity:
        identity: "{{ domain_identity }}"
        state: present
        <<: *aws_connection_info
      register: result

    - name: remove domain identity check mode
      aws_ses_identity:
        identity: "{{ domain_identity }}"
        state: absent
        <<: *aws_connection_info
      register: result
      check_mode: True

    - name: assert changed is True
      assert:
        that:
          - result.changed == True
  always:
    - name: cleanup domain identity
      aws_ses_identity:
        identity: "{{ domain_identity }}"
        state: absent
        <<: *aws_connection_info
      register: result

    - name: assert something to clean up since remove was check mode
      assert:
        that:
          - result.changed == True
# ============================================================
- name: test set notification queues
  block:
    - name: test topic
      sns_topic:
        name: "{{ notification_queue_name }}-{{ item }}"
        state: present
        <<: *aws_connection_info
      register: topic_info
      with_items:
        - bounce
        - complaint
        - delivery
    - name: register email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: present
        bounce_notifications:
          topic: "{{ topic_info.results[0].sns_arn }}"
        complaint_notifications:
          topic: "{{ topic_info.results[1].sns_arn }}"
        delivery_notifications:
          topic: "{{ topic_info.results[2].sns_arn }}"
        <<: *aws_connection_info
      register: result
    - name: assert notification settings
      assert:
        that:
          - result.notification_attributes.bounce_topic == topic_info.results[0].sns_arn
          - result.notification_attributes.complaint_topic == topic_info.results[1].sns_arn
          - result.notification_attributes.delivery_topic == topic_info.results[2].sns_arn
    - name: assert notification headers unchanged
      assert:
        that:
          - result.notification_attributes.headers_in_bounce_notifications_enabled == False
          - result.notification_attributes.headers_in_complaint_notifications_enabled == False
          - result.notification_attributes.headers_in_delivery_notifications_enabled == False
  always:
    - name: cleanup topics
      sns_topic:
        name: "{{ notification_queue_name }}-{{ item }}"
        state: absent
        <<: *aws_connection_info
      with_items:
        - bounce
        - complaint
        - delivery
    - name: cleanup email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: absent
        <<: *aws_connection_info
# ============================================================
- name: test change notification queues after create
  block:
    - name: test topic
      sns_topic:
        name: "{{ notification_queue_name }}-{{ item }}"
        state: present
        <<: *aws_connection_info
      register: topic_info
      with_items:
        - bounce
        - complaint
        - delivery
    - name: register email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: present
        <<: *aws_connection_info
    - name: set notification topics
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: present
        bounce_notifications:
          topic: "{{ topic_info.results[0].sns_arn }}"
        complaint_notifications:
          topic: "{{ topic_info.results[1].sns_arn }}"
        delivery_notifications:
          topic: "{{ topic_info.results[2].sns_arn }}"
        <<: *aws_connection_info
      register: result
    - name: assert changed is True
      assert:
        that:
          - result.changed == True
    - name: assert notification settings
      assert:
        that:
          - result.notification_attributes.bounce_topic == topic_info.results[0].sns_arn
          - result.notification_attributes.complaint_topic == topic_info.results[1].sns_arn
          - result.notification_attributes.delivery_topic == topic_info.results[2].sns_arn
  always:
    - name: cleanup topics
      sns_topic:
        name: "{{ notification_queue_name }}-{{ item }}"
        state: absent
        <<: *aws_connection_info
      with_items:
        - bounce
        - complaint
        - delivery
    - name: cleanup email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: absent
        <<: *aws_connection_info
# ============================================================
- name: test change notification settings check mode
  block:
    - name: test topic
      sns_topic:
        name: "{{ notification_queue_name }}-{{ item }}"
        state: present
        <<: *aws_connection_info
      register: topic_info
      with_items:
        - bounce
        - complaint
        - delivery

    - name: register email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: present
        <<: *aws_connection_info

    - name: set notification settings check mode
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: present
        bounce_notifications:
          topic: "{{ topic_info.results[0].sns_arn }}"
          include_headers: Yes
        complaint_notifications:
          topic: "{{ topic_info.results[1].sns_arn }}"
          include_headers: Yes
        delivery_notifications:
          topic: "{{ topic_info.results[2].sns_arn }}"
          include_headers: Yes
        feedback_forwarding: No
        <<: *aws_connection_info
      register: result
      check_mode: True

    - name: assert changed is True
      assert:
        that:
          - result.changed == True

    - name: assert notification settings
      assert:
        that:
          - result.notification_attributes.bounce_topic == topic_info.results[0].sns_arn
          - result.notification_attributes.headers_in_bounce_notifications_enabled == True
          - result.notification_attributes.delivery_topic == topic_info.results[2].sns_arn
          - result.notification_attributes.headers_in_delivery_notifications_enabled == True
          - result.notification_attributes.complaint_topic == topic_info.results[1].sns_arn
          - result.notification_attributes.headers_in_complaint_notifications_enabled == True
          - result.notification_attributes.forwarding_enabled == False

    - name: re-register base email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: present
        <<: *aws_connection_info
      register: result

    - name: assert no change since notifications were check mode
      assert:
        that:
          - result.changed == False
          - "'bounce_topic' not in result.notification_attributes"
          - result.notification_attributes.headers_in_bounce_notifications_enabled == False
          - "'delivery_topic' not in result.notification_attributes"
          - result.notification_attributes.headers_in_delivery_notifications_enabled == False
          - "'complaint_topic' not in result.notification_attributes"
          - result.notification_attributes.headers_in_complaint_notifications_enabled == False
          - result.notification_attributes.forwarding_enabled == True

  always:
    - name: cleanup topics
      sns_topic:
        name: "{{ notification_queue_name }}-{{ item }}"
        state: absent
        <<: *aws_connection_info
      with_items:
        - bounce
        - complaint
        - delivery

    - name: cleanup email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: absent
        <<: *aws_connection_info
# ============================================================
- name: test include headers on notification queues
  block:
    - name: register email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: present
        bounce_notifications:
          include_headers: Yes
        complaint_notifications:
          include_headers: Yes
        delivery_notifications:
          include_headers: Yes
        <<: *aws_connection_info
      register: result
    - name: assert notification headers enabled
      assert:
        that:
          - result.notification_attributes.headers_in_bounce_notifications_enabled == True
          - result.notification_attributes.headers_in_complaint_notifications_enabled == True
          - result.notification_attributes.headers_in_delivery_notifications_enabled == True
  always:
    - name: cleanup email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: absent
        <<: *aws_connection_info
# ============================================================
- name: test disable feedback forwarding
  block:
    - name: test topic
      sns_topic:
        name: "{{ notification_queue_name }}-{{ item }}"
        state: present
        <<: *aws_connection_info
      register: topic_info
      with_items:
        - bounce
        - complaint
    - name: register email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: present
        bounce_notifications:
          topic: "{{ topic_info.results[0].sns_arn }}"
        complaint_notifications:
          topic: "{{ topic_info.results[1].sns_arn }}"
        feedback_forwarding: No
        <<: *aws_connection_info
      register: result
    - name: assert feedback_forwarding == False
      assert:
        that:
          - result.notification_attributes.forwarding_enabled == False
  always:
    - name: cleanup topics
      sns_topic:
        name: "{{ notification_queue_name }}-{{ item }}"
        state: absent
        <<: *aws_connection_info
      with_items:
        - bounce
        - complaint
    - name: cleanup email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: absent
        <<: *aws_connection_info
# ============================================================
- name: test disable feedback forwarding fails if no topics
  block:
    - name: register identity
      aws_ses_identity:
        identity: "{{ domain_identity }}"
        state: present
        feedback_forwarding: No
        <<: *aws_connection_info
      register: result
      failed_when: result.failed == False
    - name: assert error message starts with "Invalid Parameter Value"
      assert:
        that:
          - '"Invalid Parameter Value" in result.msg'
  always:
    - name: cleanup identity
      aws_ses_identity:
        identity: "{{ domain_identity }}"
        state: absent
        <<: *aws_connection_info
# ============================================================
- name: test disable feedback forwarding fails if no complaint topic
  block:
    - name: test topic
      sns_topic:
        name: "{{ notification_queue_name }}-bounce"
        state: present
        <<: *aws_connection_info
      register: topic_info
    - name: register email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: present
        bounce_notifications:
          topic: "{{ topic_info.sns_arn }}"
        feedback_forwarding: No
        <<: *aws_connection_info
      register: result
      failed_when: result.failed == False
    - name: assert error message starts with "Invalid Parameter Value"
      assert:
        that:
          - '"Invalid Parameter Value" in result.msg'
  always:
    - name: cleanup topics
      sns_topic:
        name: "{{ notification_queue_name }}-bounce"
        state: absent
        <<: *aws_connection_info
    - name: cleanup identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: absent
        <<: *aws_connection_info
# ============================================================
- name: test disable feedback forwarding fails if no bounce topic
  block:
    - name: test topic
      sns_topic:
        name: "{{ notification_queue_name }}-complaint"
        state: present
        <<: *aws_connection_info
      register: topic_info
    - name: register email identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: present
        complaint_notifications:
          topic: "{{ topic_info.sns_arn }}"
        feedback_forwarding: No
        <<: *aws_connection_info
      register: result
      failed_when: result.failed == False
    - name: assert error message starts with "Invalid Parameter Value"
      assert:
        that:
          - '"Invalid Parameter Value" in result.msg'
  always:
    - name: cleanup topics
      sns_topic:
        name: "{{ notification_queue_name }}-complaint"
        state: absent
        <<: *aws_connection_info
    - name: cleanup identity
      aws_ses_identity:
        identity: "{{ email_identity }}"
        state: absent
        <<: *aws_connection_info