def delete_role(module, iam, name, role_list, prof_list):
changed = False
try:
if name in role_list:
cur_ins_prof = [rp['instance_profile_name'] for rp in
iam.list_instance_profiles_for_role(name).
list_instance_profiles_for_role_result.
instance_profiles]
for profile in cur_ins_prof:
iam.remove_role_from_instance_profile(profile, name)
try:
iam.delete_role(name)
except boto.exception.BotoServerError, err:
error_msg = boto_exception(err)
if ('must detach all policies first') in error_msg:
for policy in iam.list_role_policies(name).list_role_policies_result.policy_names:
iam.delete_role_policy(name, policy)
try:
iam.delete_role(name)
except boto.exception.BotoServerError, err:
error_msg = boto_exception(err)
if ('must detach all policies first') in error_msg:
module.fail_json(changed=changed, msg="All inline polices have been removed. Though it appears"
"that %s has Managed Polices. This is not "
"currently supported by boto. Please detach the polices "
"through the console and try again." % name)
else:
module.fail_json(changed=changed, msg=str(err))
else:
changed = True
else:
def update_iam_role(iam, role_name, assume_role_policy_file,
permission_policy_file):
try:
iam.get_role(role_name)
except:
print role_name + ' role not found. Creating role '
iam.create_role(role_name)
print 'Updating assume role policy of ' + role_name
with open(assume_role_policy_file, "r") as myfile:
policy = myfile.read()
iam.update_assume_role_policy(role_name, policy)
print 'Updating attached permission policies of ' + role_name
for rp in iam.list_role_policies(role_name).get('list_role_policies_response').get('list_role_policies_result').get('policy_names'):
iam.delete_role_policy(role_name, rp)
with open(permission_policy_file, "r") as myfile:
policy = myfile.read()
iam.put_role_policy(role_name, role_name + '_permission_policy', policy)
try:
iam.get_instance_profile(role_name)
except:
print role_name + ' instance profile not found. Creating instance profile'
iam.create_instance_profile(role_name)
print 'Updating role and instance profile association of ' + role_name
for ip in iam.list_instance_profiles_for_role(role_name).get('list_instance_profiles_for_role_response').get('list_instance_profiles_for_role_result').get('instance_profiles'):
iam.remove_role_from_instance_profile(role_name, role_name)
iam.add_role_to_instance_profile(role_name, role_name)
def delete_role(module, iam, name, role_list, prof_list):
changed = False
try:
if name in role_list:
cur_ins_prof = [rp['instance_profile_name'] for rp in
iam.list_instance_profiles_for_role(name).
list_instance_profiles_for_role_result.
instance_profiles]
for profile in cur_ins_prof:
iam.remove_role_from_instance_profile(profile, name)
try:
iam.delete_role(name)
except boto.exception.BotoServerError, err:
error_msg = boto_exception(err)
if ('must detach all policies first') in error_msg:
for policy in iam.list_role_policies(name).list_role_policies_result.policy_names:
iam.delete_role_policy(name, policy)
try:
iam.delete_role(name)
except boto.exception.BotoServerError, err:
error_msg = boto_exception(err)
if ('must detach all policies first') in error_msg:
module.fail_json(changed=changed, msg="All inline polices have been removed. Though it appears"
"that %s has Managed Polices. This is not "
"currently supported by boto. Please detach the polices "
"through the console and try again." % name)
else:
module.fail_json(changed=changed, msg=str(err))
else:
changed = True
else:
def delete_role(iam, name, role_list, prof_list):
changed = False
if name in role_list:
cur_ins_prof = [rp['instance_profile_name'] for rp in
iam.list_instance_profiles_for_role(name).
list_instance_profiles_for_role_result.
instance_profiles]
for profile in cur_ins_prof:
iam.remove_role_from_instance_profile(profile, name)
iam.delete_role(name)
changed = True
for prof in prof_list:
if name == prof:
iam.delete_instance_profile(name)
updated_role_list = [rl['role_name'] for rl in iam.list_roles().list_roles_response.
list_roles_result.roles]
return changed, updated_role_list
def get_instance_profiles_for_role(iam, name):
return [
rp['instance_profile_name']
for rp in iam.list_instance_profiles_for_role(
name).list_instance_profiles_for_role_result.instance_profiles
]
