valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-08 01:18:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add delete_policies arg

Browse Source
This commit is contained in:
J. Lim 2015-05-28 11:49:15 -07:00
parent ea413bcb83
commit da93f8566c
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
salt/states/boto_iam_role.py
View File

@ -72,6 +72,10 @@ with the role. This is the default behavior of the AWS console.
- profile: - profile:
key: GKTADJGHEIQSXMKKRBJ08H key: GKTADJGHEIQSXMKKRBJ08H
keyid: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs keyid: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
If ``delete_policies: False`` is specified, existing policies that are not in
the given list of policies will not be deleted. These allow manual
modifications on the IAM role to be persistent.
''' '''
from __future__ import absolute_import from __future__ import absolute_import
import salt.utils.dictupdate as dictupdate import salt.utils.dictupdate as dictupdate
@ -95,7 +99,8 @@ def present(
region=None, region=None,
key=None, key=None,
keyid=None, keyid=None,
profile=None): profile=None,
delete_policies=True):
''' '''
Ensure the IAM role exists. Ensure the IAM role exists.
@ -170,7 +175,8 @@ def present(
ret['result'] = _ret['result'] ret['result'] = _ret['result']
if ret['result'] is False: if ret['result'] is False:
return ret return ret
_ret = _policies_present(name, _policies, region, key, keyid, profile) _ret = _policies_present(name, _policies, region, key, keyid, profile,
delete_policies)
ret['changes'] = dictupdate.update(ret['changes'], _ret['changes']) ret['changes'] = dictupdate.update(ret['changes'], _ret['changes'])
ret['comment'] = ' '.join([ret['comment'], _ret['comment']]) ret['comment'] = ' '.join([ret['comment'], _ret['comment']])
if not _ret['result']: if not _ret['result']:
@ -305,7 +311,8 @@ def _policies_present(
region=None, region=None,
key=None, key=None,
keyid=None, keyid=None,
profile=None): profile=None,
delete_policies=True):
ret = {'result': True, 'comment': '', 'changes': {}} ret = {'result': True, 'comment': '', 'changes': {}}
policies_to_create = {} policies_to_create = {}
policies_to_delete = [] policies_to_delete = []
@ -318,7 +325,7 @@ def _policies_present(
_list = __salt__['boto_iam.list_role_policies'](name, region, key, keyid, _list = __salt__['boto_iam.list_role_policies'](name, region, key, keyid,
profile) profile)
for policy_name in _list: for policy_name in _list:
if policy_name not in policies: if delete_policies and policy_name not in policies:
policies_to_delete.append(policy_name) policies_to_delete.append(policy_name)
if policies_to_create or policies_to_delete: if policies_to_create or policies_to_delete:
_to_modify = list(policies_to_delete) _to_modify = list(policies_to_delete)
@ -357,7 +364,7 @@ def _policies_present(
profile) profile)
ret['changes']['new'] = {'policies': _list} ret['changes']['new'] = {'policies': _list}
ret['result'] = False ret['result'] = False
msg = 'Failed to add policy {0} to role {1}' msg = 'Failed to remove policy {0} from role {1}'
ret['comment'] = msg.format(policy_name, name) ret['comment'] = msg.format(policy_name, name)
return ret return ret
_list = __salt__['boto_iam.list_role_policies'](name, region, key, _list = __salt__['boto_iam.list_role_policies'](name, region, key,