def remove_existing_user_policies(role_name, all_policy_list):
regex = re.compile(f"{role_name}-\d*of\d*")
for policy in all_policy_list:
if (regex.match(policy['PolicyName'])):
logging.info(f'Removing policy: {policy["PolicyName"]}')
aws_caller.remove_policy_being_replaced(policy['Arn'], role_name)
logging.info(f'Policy: {policy["PolicyName"]} - Removed')
def test_handling_of_detach_role_policy_other_error(
self, mock_detach_role_policy, mock_delete_policy,
mock_list_policy_versions):
mock_detach_role_policy.side_effect = botocore.exceptions.ClientError(
{'Error': {
'Code': 'OtherError'
}}, 'IAM')
try:
aws_caller.remove_policy_being_replaced(
'arn:aws:iam::111122223333:policy/test_policy', 'test_role')
except botocore.exceptions.ClientError as e:
print(f'Passed as raised error: {e}')
def test_handling_of_detach_role_policy_correct_error(
self, mock_detach_role_policy, mock_delete_policy,
mock_list_policy_versions):
mock_detach_role_policy.side_effect = botocore.exceptions.ClientError(
{'Error': {
'Code': 'NoSuchEntity'
}}, 'IAM')
try:
aws_caller.remove_policy_being_replaced(
'arn:aws:iam::111122223333:policy/test_policy', 'test_role')
except botocore.exceptions.ClientError:
self.fail('error was not handled in function')
def test_policy_version_deletion_logic(self, mock_detach_role_policy,
mock_list_policy_versions,
mock_delete_policy_version,
mock_delete_policy):
mock_list_policy_versions.return_value = mock_list_policy_versions_response
calls = [
call(PolicyArn='test_arn', VersionId='non_default_1'),
call(PolicyArn='test_arn', VersionId='non_default_2'),
call(PolicyArn='test_arn', VersionId='non_default_3')
]
aws_caller.remove_policy_being_replaced('test_arn', 'test_role')
mock_delete_policy_version.assert_has_calls(calls, any_order=True)
mock_delete_policy.assert_called_once_with(PolicyArn='test_arn')