--- - name: set up aws connection info module_defaults: group/aws: aws_access_key: "{{ aws_access_key }}" aws_secret_key: "{{ aws_secret_key }}" security_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" block: - name: ensure improper usage of parameters fails gracefully iam_user_info: path: '{{ test_path }}' group: '{{ test_group }}' ignore_errors: yes register: iam_user_info_path_group - assert: that: - iam_user_info_path_group is failed - 'iam_user_info_path_group.msg == "parameters are mutually exclusive: group|path"' - name: ensure exception handling fails as expected iam_user_info: region: 'bogus' path: '' ignore_errors: yes register: iam_user_info - assert: that: - iam_user_info is failed - '"user" in iam_user_info.msg' - name: ensure exception handling fails as expected with group iam_user_info: region: 'bogus' group: '{{ test_group }}' ignore_errors: yes register: iam_user_info - assert: that: - iam_user_info is failed - '"group" in iam_user_info.msg' - name: ensure exception handling fails as expected with default path iam_user_info: region: 'bogus' ignore_errors: yes register: iam_user_info - assert: that: - iam_user_info is failed - '"path" in iam_user_info.msg' - name: ensure ansible user exists iam_user: name: '{{ test_user }}' state: present register: iam_user - name: ensure the info used to validate other tests is valid set_fact: test_iam_user: '{{ iam_user.iam_user.user }}' - assert: that: - 'test_iam_user.arn.startswith("arn:aws:iam")' - 'test_iam_user.arn.endswith("user/" + test_user )' - test_iam_user.create_date is not none - test_iam_user.path == '{{ test_path }}' - test_iam_user.user_id is not none - test_iam_user.user_name == '{{ test_user }}' - name: get info on IAM user(s) iam_user_info: register: iam_user_info - assert: that: - iam_user_info.iam_users | length != 0 - name: get info on IAM user(s) with name iam_user_info: name: '{{ test_user }}' register: iam_user_info - debug: var=iam_user_info - assert: that: - iam_user_info.iam_users | length == 1 - iam_user_info.iam_users[0].arn == test_iam_user.arn - iam_user_info.iam_users[0].create_date == test_iam_user.create_date - iam_user_info.iam_users[0].path == test_iam_user.path - iam_user_info.iam_users[0].user_id == test_iam_user.user_id - iam_user_info.iam_users[0].user_name == test_iam_user.user_name - name: get info on IAM user(s) on path iam_user_info: path: '{{ test_path }}' name: '{{ test_user }}' register: iam_user_info - assert: that: - iam_user_info.iam_users | length == 1 - iam_user_info.iam_users[0].arn == test_iam_user.arn - iam_user_info.iam_users[0].create_date == test_iam_user.create_date - iam_user_info.iam_users[0].path == test_iam_user.path - iam_user_info.iam_users[0].user_id == test_iam_user.user_id - iam_user_info.iam_users[0].user_name == test_iam_user.user_name - name: ensure group exists iam_group: name: '{{ test_group }}' users: - '{{ test_user }}' state: present register: iam_group - name: get info on IAM user(s) in group iam_user_info: group: '{{ test_group }}' name: '{{ test_user }}' register: iam_user_info - assert: that: - iam_user_info.iam_users | length == 1 - iam_user_info.iam_users[0].arn == test_iam_user.arn - iam_user_info.iam_users[0].create_date == test_iam_user.create_date - iam_user_info.iam_users[0].path == test_iam_user.path - iam_user_info.iam_users[0].user_id == test_iam_user.user_id - iam_user_info.iam_users[0].user_name == test_iam_user.user_name - name: remove user from group iam_group: name: '{{ test_group }}' purge_users: True users: [] state: present register: iam_group - name: get info on IAM user(s) after removing from group iam_user_info: group: '{{ test_group }}' name: '{{ test_user }}' register: iam_user_info - name: assert empty list of users for group are returned assert: that: - iam_user_info.iam_users | length == 0 - name: ensure ansible users exist iam_user: name: '{{ item }}' state: present with_items: '{{ test_users }}' - name: get info on multiple IAM user(s) iam_user_info: register: iam_user_info - assert: that: - iam_user_info.iam_users | length != 0 - name: ensure multiple user group exists with single user iam_group: name: '{{ test_group }}' users: - '{{ test_user }}' state: present register: iam_group - name: get info on IAM user(s) in group iam_user_info: group: '{{ test_group }}' register: iam_user_info - assert: that: - iam_user_info.iam_users | length == 1 - name: add all users to group iam_group: name: '{{ test_group }}' users: '{{ test_users }}' state: present register: iam_group - name: get info on multiple IAM user(s) in group iam_user_info: group: '{{ test_group }}' register: iam_user_info - assert: that: - iam_user_info.iam_users | length == test_users | length - name: purge users from group iam_group: name: '{{ test_group }}' purge_users: True users: [] state: present register: iam_group - name: ensure info is empty for empty group iam_user_info: group: '{{ test_group }}' register: iam_user_info - assert: that: - iam_user_info.iam_users | length == 0 - name: get info on IAM user(s) after removing from group iam_user_info: group: '{{ test_group }}' register: iam_user_info - name: assert empty list of users for group are returned assert: that: - iam_user_info.iam_users | length == 0 always: - name: remove group iam_group: name: '{{ test_group }}' state: absent - name: remove ansible users iam_user: name: '{{ item }}' state: absent with_items: '{{ test_users }}'