def test_006_delete_non_existent_policy_by_arn(self):
policy_arn = 'arn:aws:iam::097064421904:policy/test_policy_ecr_ro'
# Do it this way so placebo-based testing works
iam_client = self.boto3_session.client('iam')
response = policy_m.delete_policy(client=iam_client,
policy_arn=policy_arn)
self.assertTrue("error" in response)
def test_005_delete_non_existent_policy_by_name(self):
data = self.test_data['policy_data']
policy_name = data['policy_name']
# Do it this way so placebo-based testing works
iam_client = self.boto3_session.client('iam')
response = policy_m.delete_policy(client=iam_client,
policy_name=policy_name)
self.assertTrue("error" in response)
def test_003_delete_existing_policy_by_name(self):
data = self.test_data['policy_data']
policy_name = data['policy_name']
# Do it this way so placebo-based testing works
iam_client = self.boto3_session.client('iam')
response = policy_m.delete_policy(client=iam_client,
policy_name=policy_name)
self.assertEqual(response['deleted'], True)
self.assertEqual(response['policy_name'], policy_name)
def test_004_delete_existing_policy_by_arn(self):
# Have to recreate policy because previous test deleted it
data = self.test_data['policy_data']
policy_resources = [self.test_data['ecr_repo_data']['repositoryArn']]
policy_doc_json_str = self.policy_document(policy_resources)
# Do it this way so placebo-based testing works
iam_client = self.boto3_session.client('iam')
response = policy_m.create_policy(client=iam_client,
policy_name=data['policy_name'],
policy_document=policy_doc_json_str,
description=data['policy_name'])
policy_arn = response['policy']['Arn']
response = policy_m.delete_policy(client=iam_client,
policy_arn=policy_arn)
self.assertEqual(response['deleted'], True)
self.assertEqual(response['policy_arn'], policy_arn)
def policy_action(module,
state=None,
policy_name=None,
policy_arn=None,
policy_document=None,
path=None,
description=None):
"""
Execute the actions needed to bring the policy into the specified state.
Args:
module (obj): Ansible module
state (str): Ansible state - 'present' | 'absent'
policy_name (str): Policy name. One and only one of policy name or policy ARN must be given.
policy_arn (str): Policy ARN. One and only one of policy name or policy ARN must be given.
policy_document(dict): JSON policy document
path (str): Policy path
description (str): Policy description. Defaults to 'policy_name'
Returns:
Success:
(bool) changed, (dict) policy object (see boto3.get_policy docs)
Failure:
Invokes module.fail_json with suitable text at point of error
"""
changed = False
policy = None
error = {}
if state == 'present':
try:
if isinstance(policy_document, dict):
policy_document = json.dumps(policy_document)
response = policy_m.create_policy(policy_name=policy_name,
path=path,
policy_document=policy_document,
description=description)
if 'error' in response:
error = response['error']
else:
if response['state'] == 'New':
changed = True
policy = response['policy']
except Exception as e:
module.fail_json(msg='policy action {0} failed: {1} {2}'.format(
'present', e, traceback.format_exc()))
elif state == 'absent':
try:
response = policy_m.delete_policy(policy_name=policy_name,
path=path)
if 'error' in response:
error = response['error']
else:
changed = True
policy = response['policy']
except Exception as e:
module.fail_json(msg='policy action {0} failed: {1} {2}'.format(
'absent', e, traceback.format_exc()))
else:
error = {"error": "state must be either 'present' or 'absent'"}
if error:
module.fail_json(msg='policy action failed: {0}'.format(error))
return changed, policy