def remove_existing_user_policies(role_name, all_policy_list): regex = re.compile(f"{role_name}-\d*of\d*") for policy in all_policy_list: if (regex.match(policy['PolicyName'])): logging.info(f'Removing policy: {policy["PolicyName"]}') aws_caller.remove_policy_being_replaced(policy['Arn'], role_name) logging.info(f'Policy: {policy["PolicyName"]} - Removed')
def test_handling_of_detach_role_policy_other_error( self, mock_detach_role_policy, mock_delete_policy, mock_list_policy_versions): mock_detach_role_policy.side_effect = botocore.exceptions.ClientError( {'Error': { 'Code': 'OtherError' }}, 'IAM') try: aws_caller.remove_policy_being_replaced( 'arn:aws:iam::111122223333:policy/test_policy', 'test_role') except botocore.exceptions.ClientError as e: print(f'Passed as raised error: {e}')
def test_handling_of_detach_role_policy_correct_error( self, mock_detach_role_policy, mock_delete_policy, mock_list_policy_versions): mock_detach_role_policy.side_effect = botocore.exceptions.ClientError( {'Error': { 'Code': 'NoSuchEntity' }}, 'IAM') try: aws_caller.remove_policy_being_replaced( 'arn:aws:iam::111122223333:policy/test_policy', 'test_role') except botocore.exceptions.ClientError: self.fail('error was not handled in function')
def test_policy_version_deletion_logic(self, mock_detach_role_policy, mock_list_policy_versions, mock_delete_policy_version, mock_delete_policy): mock_list_policy_versions.return_value = mock_list_policy_versions_response calls = [ call(PolicyArn='test_arn', VersionId='non_default_1'), call(PolicyArn='test_arn', VersionId='non_default_2'), call(PolicyArn='test_arn', VersionId='non_default_3') ] aws_caller.remove_policy_being_replaced('test_arn', 'test_role') mock_delete_policy_version.assert_has_calls(calls, any_order=True) mock_delete_policy.assert_called_once_with(PolicyArn='test_arn')