def create_role(iam, name, path, role_list, prof_list):
changed = False
if name not in role_list:
changed = True
iam.create_role(
name, path=path).create_role_response.create_role_result.role.role_name
if name not in prof_list:
iam.create_instance_profile(name, path=path)
iam.add_role_to_instance_profile(name, name)
updated_role_list = [rl['role_name'] for rl in iam.list_roles().list_roles_response.
list_roles_result.roles]
return changed, updated_role_list
def test_iam(app):
iam = boto.iam.connect_to_region(app.config["identity"]['region'],
aws_access_key_id=app.config['keys.key_id'],
aws_secret_access_key=app.config['keys.key_secret'],
security_token=app.config['keys.key_token'])
roles = iam.list_roles();
print type(roles)
for role in roles["list_roles_response"]["list_roles_result"]["roles"]:
print role
print
users = iam.get_all_users();
for user in users.items():
print
print user
def test_iam(app):
iam = boto.iam.connect_to_region(
app.config["identity"]['region'],
aws_access_key_id=app.config['keys.key_id'],
aws_secret_access_key=app.config['keys.key_secret'],
security_token=app.config['keys.key_token'])
roles = iam.list_roles()
print type(roles)
for role in roles["list_roles_response"]["list_roles_result"]["roles"]:
print role
print
users = iam.get_all_users()
for user in users.items():
print
print user
def delete_role(iam, name, role_list, prof_list):
changed = False
if name in role_list:
cur_ins_prof = [rp['instance_profile_name'] for rp in
iam.list_instance_profiles_for_role(name).
list_instance_profiles_for_role_result.
instance_profiles]
for profile in cur_ins_prof:
iam.remove_role_from_instance_profile(profile, name)
iam.delete_role(name)
changed = True
for prof in prof_list:
if name == prof:
iam.delete_instance_profile(name)
updated_role_list = [rl['role_name'] for rl in iam.list_roles().list_roles_response.
list_roles_result.roles]
return changed, updated_role_list
def create_role(module, iam, name, path, role_list, prof_list):
changed = False
try:
if name not in role_list:
changed = True
iam.create_role(
name, path=path).create_role_response.create_role_result.role.role_name
if name not in prof_list:
iam.create_instance_profile(name, path=path)
iam.add_role_to_instance_profile(name, name)
except boto.exception.BotoServerError, err:
module.fail_json(changed=changed, msg=str(err))
else:
updated_role_list = [rl['role_name'] for rl in iam.list_roles().list_roles_response.
list_roles_result.roles]
return changed, updated_role_list
def delete_role(module, iam, name, role_list, prof_list):
changed = False
try:
if name in role_list:
cur_ins_prof = [rp['instance_profile_name'] for rp in
iam.list_instance_profiles_for_role(name).
list_instance_profiles_for_role_result.
instance_profiles]
for profile in cur_ins_prof:
iam.remove_role_from_instance_profile(profile, name)
try:
iam.delete_role(name)
def get_iam_roles(iam):
return [
rl['role_name']
for rl in iam.list_roles().list_roles_response.list_roles_result.roles
]
try:
if name not in role_list:
changed = True
iam.create_role(
name, path=path
).create_role_response.create_role_result.role.role_name
if name not in prof_list:
iam.create_instance_profile(name, path=path)
iam.add_role_to_instance_profile(name, name)
except boto.exception.BotoServerError, err:
module.fail_json(changed=changed, msg=str(err))
else:
updated_role_list = [
rl['role_name'] for rl in
iam.list_roles().list_roles_response.list_roles_result.roles
]
return changed, updated_role_list
def delete_role(module, iam, name, role_list, prof_list):
changed = False
try:
if name in role_list:
cur_ins_prof = [
rp['instance_profile_name']
for rp in iam.list_instance_profiles_for_role(name).
list_instance_profiles_for_role_result.instance_profiles
]
for profile in cur_ins_prof:
iam.remove_role_from_instance_profile(profile, name)
def create_role(module, iam, name, path, role_list, prof_list):
changed = False
try:
if name not in role_list:
changed = True
iam.create_role(
name, path=path).create_role_response.create_role_result.role.role_name
if name not in prof_list:
iam.create_instance_profile(name, path=path)
iam.add_role_to_instance_profile(name, name)
except boto.exception.BotoServerError, err:
module.fail_json(changed=changed, msg=str(err))
else:
updated_role_list = [rl['role_name'] for rl in iam.list_roles().list_roles_response.
list_roles_result.roles]
return changed, updated_role_list
def delete_role(module, iam, name, role_list, prof_list):
changed = False
try:
if name in role_list:
cur_ins_prof = [rp['instance_profile_name'] for rp in
iam.list_instance_profiles_for_role(name).
list_instance_profiles_for_role_result.
instance_profiles]
for profile in cur_ins_prof:
iam.remove_role_from_instance_profile(profile, name)
try:
iam.delete_role(name)
try:
if name not in role_list:
changed = True
iam.create_role(
name, path=path
).create_role_response.create_role_result.role.role_name
if name not in prof_list:
iam.create_instance_profile(name, path=path)
iam.add_role_to_instance_profile(name, name)
except boto.exception.BotoServerError, err:
module.fail_json(changed=changed, msg=str(err))
else:
updated_role_list = [
rl['role_name'] for rl in
iam.list_roles().list_roles_response.list_roles_result.roles
]
return changed, updated_role_list
def delete_role(module, iam, name, role_list, prof_list):
changed = False
try:
if name in role_list:
cur_ins_prof = [
rp['instance_profile_name']
for rp in iam.list_instance_profiles_for_role(name).
list_instance_profiles_for_role_result.instance_profiles
]
for profile in cur_ins_prof:
iam.remove_role_from_instance_profile(profile, name)
