- block:

    - name: Create a local temporary directory
      shell: mktemp -d /tmp/ansible_test.XXXXXXXXX
      register: tempfile_result
      connection: local

    - set_fact:
        local_temp_dir: '{{ tempfile_result.stdout }}'
        # output_dir is hardcoded in test/runner/lib/executor.py and created there
        remote_dir: '{{ output_dir }}'
        symlinks:
          ansible-test-abs-link: /tmp/ansible-test-abs-link
          ansible-test-abs-link-dir: /tmp/ansible-test-abs-link-dir
          circles: ../
          invalid: invalid
          invalid2: ../invalid
          out_of_tree_circle: /tmp/ansible-test-link-dir/out_of_tree_circle
          subdir3: ../subdir2/subdir3

    - file: path={{local_temp_dir}} state=directory
      name: ensure temp dir exists

    # file cannot do this properly, use command instead
    - name: Create symbolic link
      command: "ln -s '{{ item.value }}' '{{ item.key }}'"
      args:
        chdir: '{{role_path}}/files/subdir/subdir1'
        warn: no
      with_dict: "{{ symlinks }}"

    - name: Create remote unprivileged remote user
      user:
        name: '{{ remote_unprivileged_user }}'
      register: user

    - file:
        path: "{{ user.home }}/.ssh"
        owner: '{{ remote_unprivileged_user }}'
        state: directory
        mode: 0700

    - name: Duplicate authorized_keys
      copy:
        src: $HOME/.ssh/authorized_keys
        dest: '{{ user.home }}/.ssh/authorized_keys'
        owner: '{{ remote_unprivileged_user }}'
        mode: 0600
        remote_src: yes

    - file:
        path: "{{ remote_dir }}"
        state: directory
      remote_user: '{{ remote_unprivileged_user }}'

    # execute tests tasks using an unprivileged user, this is useful to avoid
    # local/remote ambiguity when controller and managed hosts are identical.
    - import_tasks: tests.yml
      remote_user: '{{ remote_unprivileged_user }}'

  always:
    - name: Cleaning
      file:
        path: '{{ local_temp_dir }}'
        state: absent
      connection: local

    - name: Remove symbolic link
      file:
        path: '{{ role_path }}/files/subdir/subdir1/{{ item.key }}'
        state: absent
      connection: local
      with_dict: "{{ symlinks }}"

    - name: Remote unprivileged remote user
      user:
        name: '{{ remote_unprivileged_user }}'
        state: absent
        remove: yes