def main(self):
if self.args.get('recursive') or self.args.get('pretend'):
# Figure out what we have to delete
req = GetInstanceProfile(
config=self.config,
service=self.service,
InstanceProfileName=self.args['InstanceProfileName'],
DelegateAccount=self.args.get('DelegateAccount'))
response = req.main()
roles = []
for role in response.get('InstanceProfile', {}).get('Roles') or []:
roles.append({
'arn': role.get('Arn'),
'name': role.get('RoleName')
})
else:
# Just in case
roles = []
if self.args.get('pretend'):
return {'roles': roles}
else:
if self.args.get('recursive'):
for role in roles:
req = RemoveRoleFromInstanceProfile(
config=self.config,
service=self.service,
RoleName=role['name'],
InstanceProfileName=self.args['InstanceProfileName'],
DelegateAccount=self.args.get('DelegateAccount'))
req.main()
return self.send()
def main(self):
if self.args.get('recursive') or self.args.get('pretend'):
# Figure out what we have to delete
req = GetInstanceProfile.from_other(
self, InstanceProfileName=self.args['InstanceProfileName'],
DelegateAccount=self.args.get('DelegateAccount'))
response = req.main()
roles = []
for role in response.get('InstanceProfile', {}).get('Roles') or []:
roles.append({'arn': role.get('Arn'),
'name': role.get('RoleName')})
else:
# Just in case
roles = []
if self.args.get('pretend'):
return {'roles': roles}
else:
if self.args.get('recursive'):
for role in roles:
req = RemoveRoleFromInstanceProfile.from_other(
self, RoleName=role['name'],
InstanceProfileName=self.args['InstanceProfileName'],
DelegateAccount=self.args.get('DelegateAccount'))
req.main()
return self.send()
def main(self):
if self.args.get('recursive') or self.args.get('pretend'):
# Figure out what we have to delete
req = ListInstanceProfilesForRole.from_other(
self,
RoleName=self.args['RoleName'],
DelegateAccount=self.args.get('DelegateAccount'))
response = req.main()
instance_profiles = []
for profile in response.get('InstanceProfiles') or []:
instance_profiles.append({
'arn':
profile.get('Arn'),
'name':
profile.get('InstanceProfileName')
})
req = ListRolePolicies.from_other(
self,
RoleName=self.args['RoleName'],
DelegateAccount=self.args.get('DelegateAccount'))
response = req.main()
policies = []
for policy in response.get('PolicyNames') or []:
policies.append(policy)
else:
# Just in case
instance_profiles = []
policies = []
if self.args.get('pretend'):
return {
'instance_profiles': instance_profiles,
'policies': policies
}
else:
if self.args.get('recursive'):
for profile in instance_profiles:
req = RemoveRoleFromInstanceProfile.from_other(
self,
RoleName=self.args['RoleName'],
InstanceProfileName=profile['name'],
DelegateAccount=self.args.get('DelegateAccount'))
req.main()
for policy in policies:
req = DeleteRolePolicy.from_other(
self,
RoleName=self.args['RoleName'],
PolicyName=policy,
DelegateAccount=self.args.get('DelegateAccount'))
req.main()
return self.send()
def main(self):
if self.args.get('recursive') or self.args.get('pretend'):
# Figure out what we have to delete
req = ListInstanceProfilesForRole.from_other(
self, RoleName=self.args['RoleName'],
DelegateAccount=self.args.get('DelegateAccount'))
response = req.main()
instance_profiles = []
for profile in response.get('InstanceProfiles') or []:
instance_profiles.append(
{'arn': profile.get('Arn'),
'name': profile.get('InstanceProfileName')})
req = ListRolePolicies.from_other(
self, RoleName=self.args['RoleName'],
DelegateAccount=self.args.get('DelegateAccount'))
response = req.main()
policies = []
for policy in response.get('PolicyNames') or []:
policies.append(policy)
else:
# Just in case
instance_profiles = []
policies = []
if self.args.get('pretend'):
return {'instance_profiles': instance_profiles,
'policies': policies}
else:
if self.args.get('recursive'):
for profile in instance_profiles:
req = RemoveRoleFromInstanceProfile.from_other(
self, RoleName=self.args['RoleName'],
InstanceProfileName=profile['name'],
DelegateAccount=self.args.get('DelegateAccount'))
req.main()
for policy in policies:
req = DeleteRolePolicy.from_other(
self, RoleName=self.args['RoleName'],
PolicyName=policy,
DelegateAccount=self.args.get('DelegateAccount'))
req.main()
return self.send()
def main(self):
if self.args.get('recursive') or self.args.get('pretend'):
# Figure out what we have to delete
req = GetInstanceProfile.from_other(
self,
InstanceProfileName=self.args['InstanceProfileName'],
DelegateAccount=self.args.get('DelegateAccount'))
response = req.main()
roles = []
for role in response.get('InstanceProfile', {}).get('Roles') or []:
roles.append({
'arn': role.get('Arn'),
'name': role.get('RoleName')
})
else:
# Just in case
roles = []
if self.args.get('pretend'):
return {'roles': roles}
else:
if self.args.get('recursive'):
for role in roles:
req = RemoveRoleFromInstanceProfile.from_other(
self,
RoleName=role['name'],
InstanceProfileName=self.args['InstanceProfileName'],
DelegateAccount=self.args.get('DelegateAccount'))
req.main()
# This role could be attached to another instance
# profile, which means that a truly-recursive delete
# would need to also remove it from that instance
# profile, delete all of the role's policies, and
# so on. The failure modes for this are rather nasty,
# so we don't tell DeleteRole to delete recursively;
# if the same role belongs to more than one instance
# profile then DeleteRole will simply fail harmlessly.
req = DeleteRole.from_other(
self,
RoleName=role['name'],
DelegateAccount=self.args.get('DelegateAccount'))
req.main()
return self.send()
def main(self):
if self.args.get('recursive') or self.args.get('pretend'):
# Figure out what we have to delete
req = GetInstanceProfile.from_other(
self, InstanceProfileName=self.args['InstanceProfileName'],
DelegateAccount=self.args.get('DelegateAccount'))
response = req.main()
roles = []
for role in response.get('InstanceProfile', {}).get('Roles') or []:
roles.append({'arn': role.get('Arn'),
'name': role.get('RoleName')})
else:
# Just in case
roles = []
if self.args.get('pretend'):
return {'roles': roles}
else:
if self.args.get('recursive'):
for role in roles:
req = RemoveRoleFromInstanceProfile.from_other(
self, RoleName=role['name'],
InstanceProfileName=self.args['InstanceProfileName'],
DelegateAccount=self.args.get('DelegateAccount'))
req.main()
# This role could be attached to another instance
# profile, which means that a truly-recursive delete
# would need to also remove it from that instance
# profile, delete all of the role's policies, and
# so on. The failure modes for this are rather nasty,
# so we don't tell DeleteRole to delete recursively;
# if the same role belongs to more than one instance
# profile then DeleteRole will simply fail harmlessly.
req = DeleteRole.from_other(
self, RoleName=role['name'],
DelegateAccount=self.args.get('DelegateAccount'))
req.main()
return self.send()
