Allow iam_policy to maintain idempotentce if the role referenced has been removed
This commit is contained in:
parent
f35ab5faca
commit
6fc58855b9
1 changed files with 8 additions and 0 deletions
|
@ -183,6 +183,14 @@ def role_action(module, iam, name, policy_name, skip, pdoc, state):
|
||||||
current_policies = [cp for cp in iam.list_role_policies(name).
|
current_policies = [cp for cp in iam.list_role_policies(name).
|
||||||
list_role_policies_result.
|
list_role_policies_result.
|
||||||
policy_names]
|
policy_names]
|
||||||
|
except boto.exception.BotoServerError as e:
|
||||||
|
if e.error_code == "NoSuchEntity":
|
||||||
|
# Role doesn't exist so it's safe to assume the policy doesn't either
|
||||||
|
module.exit_json(changed=False)
|
||||||
|
else:
|
||||||
|
module.fail_json(e.message)
|
||||||
|
|
||||||
|
try:
|
||||||
for pol in current_policies:
|
for pol in current_policies:
|
||||||
if urllib.unquote(iam.get_role_policy(name, pol).
|
if urllib.unquote(iam.get_role_policy(name, pol).
|
||||||
get_role_policy_result.policy_document) == pdoc:
|
get_role_policy_result.policy_document) == pdoc:
|
||||||
|
|
Loading…
Reference in a new issue