def instance_profile(name, role_name=None): try: profile = iam.get_instance_profile(name) except boto.exception.BotoServerError: profile = None if profile is None: iam.create_instance_profile(name) profile = iam.get_instance_profile(name) roles = profile['get_instance_profile_response'][ 'get_instance_profile_result']['instance_profile']['roles'] should_add = False should_remove = False if role_name is None: if len(roles) != 0: should_remove = True if role_name is not None: if len(roles) == 0: should_add = True elif roles['member']['role_name'] != role_name: should_remove = True should_add = True if should_remove: iam.remove_role_from_instance_profile(name, roles['member']['role_name']) if should_add: iam.add_role_to_instance_profile(name, role_name) if role_name is not None and len(roles) != 0: should_add = True
def update_iam_role(iam, role_name, assume_role_policy_file, permission_policy_file): try: iam.get_role(role_name) except: print role_name + ' role not found. Creating role ' iam.create_role(role_name) print 'Updating assume role policy of ' + role_name with open(assume_role_policy_file, "r") as myfile: policy = myfile.read() iam.update_assume_role_policy(role_name, policy) print 'Updating attached permission policies of ' + role_name for rp in iam.list_role_policies(role_name).get('list_role_policies_response').get('list_role_policies_result').get('policy_names'): iam.delete_role_policy(role_name, rp) with open(permission_policy_file, "r") as myfile: policy = myfile.read() iam.put_role_policy(role_name, role_name + '_permission_policy', policy) try: iam.get_instance_profile(role_name) except: print role_name + ' instance profile not found. Creating instance profile' iam.create_instance_profile(role_name) print 'Updating role and instance profile association of ' + role_name for ip in iam.list_instance_profiles_for_role(role_name).get('list_instance_profiles_for_role_response').get('list_instance_profiles_for_role_result').get('instance_profiles'): iam.remove_role_from_instance_profile(role_name, role_name) iam.add_role_to_instance_profile(role_name, role_name)
def main(): argument_spec = ec2_argument_spec() argument_spec.update(dict( profile_name = dict(default=None,required=True), state = dict(default='present', choices=['present', 'absent']), ) ) module = AnsibleModule( argument_spec=argument_spec ) profile_name = module.params.get('profile_name') region, ec2_url, aws_connect_params = get_aws_connection_info(module) iam = connect_to_aws(boto.iam, region, **aws_connect_params) state = module.params.get('state') missing = False try: iam.get_instance_profile(profile_name) except boto.exception.BotoServerError as e: if e.status == 404: missing = True if state == 'present': if missing: iam.create_instance_profile(profile_name) module.exit_json(changed = missing) elif state == 'absent': if not missing: iam.delete_instance_profile(profile_name) module.exit_json(changed = not missing)
def create_role(module, iam, name, path, role_list, prof_list): changed = False try: if name not in role_list: changed = True iam.create_role( name, path=path).create_role_response.create_role_result.role.role_name if name not in prof_list: iam.create_instance_profile(name, path=path) iam.add_role_to_instance_profile(name, name) except boto.exception.BotoServerError, err: module.fail_json(changed=changed, msg=str(err))
def create_role(iam, name, path, role_list, prof_list): changed = False if name not in role_list: changed = True iam.create_role( name, path=path).create_role_response.create_role_result.role.role_name if name not in prof_list: iam.create_instance_profile(name, path=path) iam.add_role_to_instance_profile(name, name) updated_role_list = [rl['role_name'] for rl in iam.list_roles().list_roles_response. list_roles_result.roles] return changed, updated_role_list
def create_role(module, iam, name, path, role_list, prof_list, trust_policy_doc): changed = False iam_role_result = None instance_profile_result = None try: if name not in role_list: changed = True iam_role_result = iam.create_role( name, assume_role_policy_document=trust_policy_doc, path=path).create_role_response.create_role_result.role if name not in prof_list: instance_profile_result = iam.create_instance_profile(name, path=path) \ .create_instance_profile_response.create_instance_profile_result.instance_profile iam.add_role_to_instance_profile(name, name) else: instance_profile_result = iam.get_instance_profile( name ).get_instance_profile_response.get_instance_profile_result.instance_profile except boto.exception.BotoServerError as err: module.fail_json(changed=changed, msg=str(err)) else: updated_role_list = list_all_roles(iam) iam_role_result = iam.get_role( name).get_role_response.get_role_result.role return changed, updated_role_list, iam_role_result, instance_profile_result
def create_role(module, iam, name, path, role_list, prof_list, trust_policy_doc): changed = False iam_role_result = None instance_profile_result = None try: if name not in role_list: changed = True iam_role_result = iam.create_role(name, assume_role_policy_document=trust_policy_doc, path=path).create_role_response.create_role_result.role.role_name if name not in prof_list: instance_profile_result = iam.create_instance_profile(name, path=path).create_instance_profile_response.create_instance_profile_result.instance_profile iam.add_role_to_instance_profile(name, name) except boto.exception.BotoServerError as err: module.fail_json(changed=changed, msg=str(err)) else: updated_role_list = list_all_roles(iam) return changed, updated_role_list, iam_role_result, instance_profile_result