valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-07 08:58:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

INFRA-4445 - sort policy docs so they compare equal when they in fact are

Browse Source
This commit is contained in:
Tom Williams 2017-02-28 23:54:41 -05:00
parent e6d6de6062
commit 474dc619ba
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
salt/states/boto_iam_role.py
View File

@ -269,11 +269,11 @@ def _role_present(
if not policy_document: if not policy_document:
policy = __salt__['boto_iam.build_policy'](region, key, keyid, policy = __salt__['boto_iam.build_policy'](region, key, keyid,
profile) profile)
if role['assume_role_policy_document'] != policy: if _sort_policy(role['assume_role_policy_document']) != _sort_policy(policy):
update_needed = True update_needed = True
_policy_document = policy _policy_document = policy
else: else:
if role['assume_role_policy_document'] != policy_document: if _sort_policy(role['assume_role_policy_document']) != _sort_policy(policy_document):
update_needed = True update_needed = True
_policy_document = policy_document _policy_document = policy_document
if update_needed: if update_needed:
@ -357,6 +357,19 @@ def _instance_profile_associated(
return ret return ret
def _sort_policy(doc):
# List-type sub-items in policies don't happen to be order-sensitive, but
# compare operations will render them unequal, leading to non-idempotent
# state runs. We'll sort any list-type subitems before comparison to reduce
# the likelihood of false negatives.
if isinstance(doc, list):
return sorted([_sort_policy(i) for i in doc])
elif isinstance(doc, dict):
return dict([(k, _sort_policy(v)) for k, v in doc.items()])
else:
return doc
def _policies_present( def _policies_present(
name, name,
policies=None, policies=None,