def create_role(iam, name, path, role_list, prof_list): changed = False if name not in role_list: changed = True iam.create_role( name, path=path).create_role_response.create_role_result.role.role_name if name not in prof_list: iam.create_instance_profile(name, path=path) iam.add_role_to_instance_profile(name, name) updated_role_list = [rl['role_name'] for rl in iam.list_roles().list_roles_response. list_roles_result.roles] return changed, updated_role_list
def test_iam(app): iam = boto.iam.connect_to_region(app.config["identity"]['region'], aws_access_key_id=app.config['keys.key_id'], aws_secret_access_key=app.config['keys.key_secret'], security_token=app.config['keys.key_token']) roles = iam.list_roles(); print type(roles) for role in roles["list_roles_response"]["list_roles_result"]["roles"]: print role print users = iam.get_all_users(); for user in users.items(): print print user
def test_iam(app): iam = boto.iam.connect_to_region( app.config["identity"]['region'], aws_access_key_id=app.config['keys.key_id'], aws_secret_access_key=app.config['keys.key_secret'], security_token=app.config['keys.key_token']) roles = iam.list_roles() print type(roles) for role in roles["list_roles_response"]["list_roles_result"]["roles"]: print role print users = iam.get_all_users() for user in users.items(): print print user
def delete_role(iam, name, role_list, prof_list): changed = False if name in role_list: cur_ins_prof = [rp['instance_profile_name'] for rp in iam.list_instance_profiles_for_role(name). list_instance_profiles_for_role_result. instance_profiles] for profile in cur_ins_prof: iam.remove_role_from_instance_profile(profile, name) iam.delete_role(name) changed = True for prof in prof_list: if name == prof: iam.delete_instance_profile(name) updated_role_list = [rl['role_name'] for rl in iam.list_roles().list_roles_response. list_roles_result.roles] return changed, updated_role_list
def create_role(module, iam, name, path, role_list, prof_list): changed = False try: if name not in role_list: changed = True iam.create_role( name, path=path).create_role_response.create_role_result.role.role_name if name not in prof_list: iam.create_instance_profile(name, path=path) iam.add_role_to_instance_profile(name, name) except boto.exception.BotoServerError, err: module.fail_json(changed=changed, msg=str(err)) else: updated_role_list = [rl['role_name'] for rl in iam.list_roles().list_roles_response. list_roles_result.roles] return changed, updated_role_list def delete_role(module, iam, name, role_list, prof_list): changed = False try: if name in role_list: cur_ins_prof = [rp['instance_profile_name'] for rp in iam.list_instance_profiles_for_role(name). list_instance_profiles_for_role_result. instance_profiles] for profile in cur_ins_prof: iam.remove_role_from_instance_profile(profile, name) try: iam.delete_role(name)
def get_iam_roles(iam): return [ rl['role_name'] for rl in iam.list_roles().list_roles_response.list_roles_result.roles ]
try: if name not in role_list: changed = True iam.create_role( name, path=path ).create_role_response.create_role_result.role.role_name if name not in prof_list: iam.create_instance_profile(name, path=path) iam.add_role_to_instance_profile(name, name) except boto.exception.BotoServerError, err: module.fail_json(changed=changed, msg=str(err)) else: updated_role_list = [ rl['role_name'] for rl in iam.list_roles().list_roles_response.list_roles_result.roles ] return changed, updated_role_list def delete_role(module, iam, name, role_list, prof_list): changed = False try: if name in role_list: cur_ins_prof = [ rp['instance_profile_name'] for rp in iam.list_instance_profiles_for_role(name). list_instance_profiles_for_role_result.instance_profiles ] for profile in cur_ins_prof: iam.remove_role_from_instance_profile(profile, name)