- name: Set variables ansible.builtin.set_fact: resource_prefix: "{{ 999999999999999999994 | random | to_uuid }}" run_once: true - name: Try to return non-existent group using display name azure_rm_adgroup_info: attribute_name: "displayName" attribute_value: "{{ resource_prefix }}-Group-Root" register: get_nonexistent_group_display_name_shouldfail failed_when: - get_nonexistent_group_display_name_shouldfail.ad_groups != [] - name: Create Group Root azure_rm_adgroup: display_name: "{{ resource_prefix }}-Group-Root" mail_nickname: "{{ resource_prefix }}-Group-Root" description: 'for test' state: 'present' register: group_create_changed_shouldpass - name: Create Group Should Return Not Changed azure_rm_adgroup: display_name: "{{ resource_prefix }}-Group-Root" mail_nickname: "{{ resource_prefix }}-Group-Root" description: 'for test' state: 'present' register: group_create_unchanged_shouldpass - name: Assert Otherwise Changed Returns are Equal ansible.builtin.assert: that: - group_create_changed_shouldpass.changed == True - group_create_unchanged_shouldpass.changed == False - group_create_changed_shouldpass.display_name == group_create_unchanged_shouldpass.display_name - group_create_changed_shouldpass.mail_enabled == group_create_unchanged_shouldpass.mail_enabled - group_create_changed_shouldpass.mail_nickname == group_create_unchanged_shouldpass.mail_nickname - group_create_changed_shouldpass.object_id == group_create_unchanged_shouldpass.object_id - group_create_changed_shouldpass.security_enabled == group_create_unchanged_shouldpass.security_enabled - name: Return previously created group using object_id azure_rm_adgroup_info: object_id: "{{ group_create_unchanged_shouldpass.object_id }}" register: get_created_object_id_shouldpass - name: Assert Returns are Equal to Created Group ansible.builtin.assert: that: - get_created_object_id_shouldpass.ad_groups[0].object_id == group_create_unchanged_shouldpass.object_id - get_created_object_id_shouldpass.ad_groups[0].description == 'for test' - name: Create Group Member 1 azure_rm_adgroup: display_name: "{{ resource_prefix }}-Group-Member-1" mail_nickname: "{{ resource_prefix }}-Group-Member-1" state: 'present' register: create_pass_first - name: Create Group Member 2 azure_rm_adgroup: display_name: "{{ resource_prefix }}-Group-Member-2" mail_nickname: "{{ resource_prefix }}-Group-Member-2" state: 'present' register: create_pass_second - name: Ensure member is in group using display_name and mail_nickname azure_rm_adgroup: display_name: "{{ resource_prefix }}-Group-Root" mail_nickname: "{{ resource_prefix }}-Group-Root" state: 'present' present_members: - "{{ create_pass_first.object_id }}" - "{{ create_pass_second.object_id }}" register: add_pass - name: Validate members are in the group ansible.builtin.assert: that: - add_pass.group_members[0].object_id == create_pass_first.object_id or add_pass.group_members[1].object_id == create_pass_first.object_id - add_pass.group_members[1].object_id == create_pass_second.object_id or add_pass.group_members[0].object_id == create_pass_second.object_id - name: Ensure member is in group that is already present using object_id azure_rm_adgroup: object_id: "{{ group_create_changed_shouldpass.object_id }}" state: 'present' present_members: - "{{ create_pass_first.object_id }}" register: add_already_present_member_to_group_shouldpass - name: Validate nothing changed from already present member ansible.builtin.assert: that: - add_already_present_member_to_group_shouldpass.changed == false - name: Ensure member is not in group using object_id azure_rm_adgroup: object_id: "{{ group_create_changed_shouldpass.object_id }}" state: 'present' absent_members: - "{{ create_pass_second.object_id }}" register: remove_member_from_group_shouldpass - name: Validate Group Member 1 is in the group and Group Member 2 is not ansible.builtin.assert: that: - remove_member_from_group_shouldpass.group_members[0].object_id == create_pass_first.object_id - remove_member_from_group_shouldpass.group_members | length == 1 - name: Ensure member is not in group that is already not in group using display_name and mail_nickname azure_rm_adgroup: display_name: "{{ resource_prefix }}-Group-Root" mail_nickname: "{{ resource_prefix }}-Group-Root" state: 'present' absent_members: - "{{ create_pass_second.object_id }}" register: remove_already_absent_member_from_group_shouldpass - name: Validate nothing changed from already absent member ansible.builtin.assert: that: - remove_already_absent_member_from_group_shouldpass.changed == false - name: Return a specific group using object_id azure_rm_adgroup_info: object_id: "{{ group_create_changed_shouldpass.object_id }}" register: object_id_shouldpass - name: Return a specific group using object_id and return_owners azure_rm_adgroup_info: object_id: "{{ group_create_changed_shouldpass.object_id }}" return_owners: true register: object_id_return_owners_shouldpass - name: Return a specific group using object_id and return_owners and return_group_members azure_rm_adgroup_info: object_id: "{{ group_create_changed_shouldpass.object_id }}" return_owners: true return_group_members: true register: object_id_return_owners_and_group_members_shouldpass - name: Return a specific group using object_id and member_groups azure_rm_adgroup_info: object_id: "{{ group_create_changed_shouldpass.object_id }}" return_member_groups: true register: object_id_return_member_groups_shouldpass - name: Return a specific group using object_id and check_membership azure_rm_adgroup_info: object_id: "{{ group_create_changed_shouldpass.object_id }}" check_membership: "{{ create_pass_first.object_id }}" register: object_id_return_check_membership_shouldpass - name: Return a specific group using displayName attribute azure_rm_adgroup_info: attribute_name: "displayName" attribute_value: "{{ group_create_changed_shouldpass.display_name }}" register: displayname_attribute_shouldpass - name: Return a specific group using mailNickname filter azure_rm_adgroup_info: odata_filter: "mailNickname eq '{{ group_create_changed_shouldpass.mail_nickname }}'" register: mailnickname_filter_shouldpass - name: Return a different group using displayName attribute azure_rm_adgroup_info: attribute_name: "displayName" attribute_value: "{{ create_pass_second.display_name }}" register: displayname_attribute_different_shouldpass - name: Assert All Returns Are Equal ansible.builtin.assert: that: - object_id_shouldpass == displayname_attribute_shouldpass - object_id_shouldpass == mailnickname_filter_shouldpass - name: Assert Returns Are Not Equal ansible.builtin.assert: that: - object_id_shouldpass != displayname_attribute_different_shouldpass - name: Delete group Group Root on object_id azure_rm_adgroup: object_id: "{{ group_create_unchanged_shouldpass.object_id }}" state: 'absent' register: group_delete_group_root_shouldpass - name: Try to return now deleted group Group Root using object_id azure_rm_adgroup_info: object_id: "{{ group_create_unchanged_shouldpass.object_id }}" register: get_deleted_object_group_root_shouldfail failed_when: - '"does not exist or one of its queried" not in get_deleted_object_group_root_shouldfail.msg' - name: Delete group Group Member 1 on object_id azure_rm_adgroup: object_id: "{{ create_pass_first.object_id }}" state: 'absent' register: group_delete_group_member_1_shouldpass - name: Try to return now deleted group Group Member 1 using object_id azure_rm_adgroup_info: object_id: "{{ create_pass_first.object_id }}" register: get_deleted_object_group_member_1_shouldfail failed_when: - '"does not exist or one of its queried" not in get_deleted_object_group_member_1_shouldfail.msg' - name: Delete group Group Member 2 on object_id azure_rm_adgroup: object_id: "{{ create_pass_second.object_id }}" state: 'absent' register: group_delete_group_member_2_shouldpass - name: Try to return now deleted group Group Member 2 using object_id azure_rm_adgroup_info: object_id: "{{ create_pass_second.object_id }}" register: get_deleted_object_group_member_2_shouldfail failed_when: - '"does not exist or one of its queried" not in get_deleted_object_group_member_2_shouldfail.msg'