Fix and add more error handling for role policies

In case role policy was deleted, we did not handle at all if there

was authorization issue to do the deletion. Also add message when

role is not found and the policy is skipped.
This commit is contained in:
Kalle Lehtonen 2016-04-05 16:55:49 +03:00 committed by Jonathan Davila
parent cf01087a30
commit 5aa652c6fd

View file

@ -184,7 +184,7 @@ def role_action(module, iam, name, policy_name, skip, pdoc, state):
except boto.exception.BotoServerError as e: except boto.exception.BotoServerError as e:
if e.error_code == "NoSuchEntity": if e.error_code == "NoSuchEntity":
# Role doesn't exist so it's safe to assume the policy doesn't either # Role doesn't exist so it's safe to assume the policy doesn't either
module.exit_json(changed=False) module.exit_json(changed=False, msg="No such role, policy will be skipped.")
else: else:
module.fail_json(msg=e.message) module.fail_json(msg=e.message)
@ -211,6 +211,8 @@ def role_action(module, iam, name, policy_name, skip, pdoc, state):
changed = False changed = False
module.exit_json(changed=changed, module.exit_json(changed=changed,
msg="%s policy is already absent" % policy_name) msg="%s policy is already absent" % policy_name)
else:
module.fail_json(msg=err.message)
updated_policies = [cp for cp in iam.list_role_policies(name). updated_policies = [cp for cp in iam.list_role_policies(name).
list_role_policies_result. list_role_policies_result.