def main():
argument_spec = dict(
name=dict(type='str', required=True),
path=dict(type='str', default="/"),
assume_role_policy_document=dict(type='json'),
managed_policy=dict(type='list', aliases=['managed_policies']),
max_session_duration=dict(type='int'),
state=dict(type='str',
choices=['present', 'absent'],
default='present'),
description=dict(type='str'),
boundary=dict(type='str', aliases=['boundary_policy_arn']),
create_instance_profile=dict(type='bool', default=True),
delete_instance_profile=dict(type='bool', default=False),
purge_policies=dict(type='bool', default=True),
)
module = AnsibleAWSModule(argument_spec=argument_spec,
required_if=[('state', 'present',
['assume_role_policy_document'])],
supports_check_mode=True)
if module.params.get('boundary'):
if module.params.get('create_instance_profile'):
module.fail_json(
msg=
"When using a boundary policy, `create_instance_profile` must be set to `false`."
)
if not module.params.get('boundary').startswith('arn:aws:iam'):
module.fail_json(msg="Boundary policy must be an ARN")
if module.params.get(
'boundary'
) is not None and not module.botocore_at_least('1.10.57'):
module.fail_json(
msg=
"When using a boundary policy, botocore must be at least v1.10.57. "
"Current versions: boto3-{boto3_version} botocore-{botocore_version}"
.format(**module._gather_versions()))
if module.params.get('max_session_duration'):
max_session_duration = module.params.get('max_session_duration')
if max_session_duration < 3600 or max_session_duration > 43200:
module.fail_json(
msg=
"max_session_duration must be between 1 and 12 hours (3600 and 43200 seconds)"
)
if module.params.get('path'):
path = module.params.get('path')
if not path.endswith('/') or not path.startswith('/'):
module.fail_json(msg="path must begin and end with /")
connection = module.client('iam')
state = module.params.get("state")
if state == 'present':
create_or_update_role(connection, module)
else:
destroy_role(connection, module)
def main():
argument_spec = dict(
name=dict(type='str', required=True),
path=dict(type='str', default="/"),
assume_role_policy_document=dict(type='json'),
managed_policy=dict(type='list', aliases=['managed_policies']),
state=dict(type='str',
choices=['present', 'absent'],
default='present'),
description=dict(type='str'),
boundary=dict(type='str', aliases=['boundary_policy_arn']),
create_instance_profile=dict(type='bool', default=True),
purge_policies=dict(type='bool', default=True),
)
module = AnsibleAWSModule(argument_spec=argument_spec,
required_if=[('state', 'present',
['assume_role_policy_document'])],
supports_check_mode=True)
if module.params.get('boundary') and module.params.get(
'create_instance_profile'):
module.fail_json(
msg=
"When using a boundary policy, `create_instance_profile` must be set to `false`."
)
if module.params.get(
'boundary'
) is not None and not module.botocore_at_least('1.10.57'):
module.fail_json(
msg=
"When using a boundary policy, botocore must be at least v1.10.57. "
"Current versions: boto3-{boto3_version} botocore-{botocore_version}"
.format(**module._gather_versions()))
connection = module.client('iam')
state = module.params.get("state")
if state == 'present':
create_or_update_role(connection, module)
else:
destroy_role(connection, module)
def main():
argument_spec = dict(
name=dict(type='str', required=True),
path=dict(type='str', default="/"),
assume_role_policy_document=dict(type='json'),
managed_policies=dict(type='list', aliases=['managed_policy']),
max_session_duration=dict(type='int'),
state=dict(type='str',
choices=['present', 'absent'],
default='present'),
description=dict(type='str'),
boundary=dict(type='str', aliases=['boundary_policy_arn']),
create_instance_profile=dict(type='bool', default=True),
delete_instance_profile=dict(type='bool', default=False),
purge_policies=dict(type='bool',
aliases=['purge_policy',
'purge_managed_policies']),
tags=dict(type='dict'),
purge_tags=dict(type='bool', default=True),
)
module = AnsibleAWSModule(argument_spec=argument_spec,
required_if=[('state', 'present',
['assume_role_policy_document'])],
supports_check_mode=True)
if module.params.get('purge_policies') is None:
module.deprecate(
'In Ansible 2.14 the default value of purge_policies will change from true to false.'
' To maintain the existing behaviour explicity set purge_policies=true',
version='2.14',
collection_name='ansible.builtin')
if module.params.get('boundary'):
if module.params.get('create_instance_profile'):
module.fail_json(
msg=
"When using a boundary policy, `create_instance_profile` must be set to `false`."
)
if not module.params.get('boundary').startswith('arn:aws:iam'):
module.fail_json(msg="Boundary policy must be an ARN")
if module.params.get(
'tags') is not None and not module.botocore_at_least('1.12.46'):
module.fail_json(
msg="When managing tags botocore must be at least v1.12.46. "
"Current versions: boto3-{boto3_version} botocore-{botocore_version}"
.format(**module._gather_versions()))
if module.params.get(
'boundary'
) is not None and not module.botocore_at_least('1.10.57'):
module.fail_json(
msg=
"When using a boundary policy, botocore must be at least v1.10.57. "
"Current versions: boto3-{boto3_version} botocore-{botocore_version}"
.format(**module._gather_versions()))
if module.params.get('max_session_duration'):
max_session_duration = module.params.get('max_session_duration')
if max_session_duration < 3600 or max_session_duration > 43200:
module.fail_json(
msg=
"max_session_duration must be between 1 and 12 hours (3600 and 43200 seconds)"
)
if module.params.get('path'):
path = module.params.get('path')
if not path.endswith('/') or not path.startswith('/'):
module.fail_json(msg="path must begin and end with /")
connection = module.client('iam',
retry_decorator=AWSRetry.jittered_backoff())
state = module.params.get("state")
if state == 'present':
create_or_update_role(connection, module)
else:
destroy_role(connection, module)
