Fix and add more error handling for role policies

In case role policy was deleted, we did not handle at all if there was authorization issue to do the deletion. Also add message when role is not found and the policy is skipped.
2016-04-05 16:55:49 +03:00 · 2016-04-05 16:55:49 +03:00 · 5aa652c6fd
commit 5aa652c6fd
parent cf01087a30
1 changed files with 3 additions and 1 deletions
--- a/cloud/amazon/iam_policy.py
+++ b/cloud/amazon/iam_policy.py
@ -184,7 +184,7 @@ def role_action(module, iam, name, policy_name, skip, pdoc, state):
  except boto.exception.BotoServerError as e:
    if e.error_code == "NoSuchEntity":
      # Role doesn't exist so it's safe to assume the policy doesn't either
-      module.exit_json(changed=False)
+      module.exit_json(changed=False, msg="No such role, policy will be skipped.")
    else:
      module.fail_json(msg=e.message)

@ -211,6 +211,8 @@ def role_action(module, iam, name, policy_name, skip, pdoc, state):
          changed = False
          module.exit_json(changed=changed,
                           msg="%s policy is already absent" % policy_name)
+        else:
+          module.fail_json(msg=err.message)

    updated_policies = [cp for cp in iam.list_role_policies(name).
                                        list_role_policies_result.