Absent unction was not working on user with login profile

also fixed the exception handling
This commit is contained in:
Rabenstein 2015-11-04 14:54:46 +01:00
parent 79e253053a
commit 76cd8381f8

View file

@ -192,14 +192,18 @@ def create_user(module, iam, name, pwd, path, key_state, key_count):
def delete_user(module, iam, name): def delete_user(module, iam, name):
del_meta = ''
try: try:
current_keys = [ck['access_key_id'] for ck in current_keys = [ck['access_key_id'] for ck in
iam.get_all_access_keys(name).list_access_keys_result.access_key_metadata] iam.get_all_access_keys(name).list_access_keys_result.access_key_metadata]
for key in current_keys: for key in current_keys:
iam.delete_access_key(key, name) iam.delete_access_key(key, name)
login_profile = iam.get_login_profiles(name)
if login_profile:
iam.delete_login_profile(name)
del_meta = iam.delete_user(name).delete_user_response del_meta = iam.delete_user(name).delete_user_response
except boto.exception.BotoServerError, err: except Exception as ex:
error_msg = boto_exception(err) module.fail_json(changed=False, msg="delete failed %s" %ex)
if ('must detach all policies first') in error_msg: if ('must detach all policies first') in error_msg:
for policy in iam.get_all_user_policies(name).list_user_policies_result.policy_names: for policy in iam.get_all_user_policies(name).list_user_policies_result.policy_names:
iam.delete_user_policy(name, policy) iam.delete_user_policy(name, policy)
@ -213,7 +217,7 @@ def delete_user(module, iam, name):
"currently supported by boto. Please detach the polices " "currently supported by boto. Please detach the polices "
"through the console and try again." % name) "through the console and try again." % name)
else: else:
module.fail_json(changed=changed, msg=str(err)) module.fail_json(changed=changed, msg=str(del_meta))
else: else:
changed = True changed = True
return del_meta, name, changed return del_meta, name, changed
@ -647,15 +651,20 @@ def main():
else: else:
module.exit_json( module.exit_json(
changed=changed, groups=user_groups, user_name=name, keys=key_list) changed=changed, groups=user_groups, user_name=name, keys=key_list)
elif state == 'update' and not user_exists: elif state == 'update' and not user_exists:
module.fail_json( module.fail_json(
msg="The user %s does not exit. No update made." % name) msg="The user %s does not exit. No update made." % name)
elif state == 'absent': elif state == 'absent':
if name in orig_user_list: if user_exists:
try:
set_users_groups(module, iam, name, '') set_users_groups(module, iam, name, '')
del_meta, name, changed = delete_user(module, iam, name) del_meta, name, changed = delete_user(module, iam, name)
module.exit_json( module.exit_json(deleted_user=name, changed=changed, orig_user_list=orig_user_list)
deletion_meta=del_meta, deleted_user=name, changed=changed)
except Exception as ex:
module.fail_json(changed=changed, msg=str(ex))
else: else:
module.exit_json( module.exit_json(
changed=False, msg="User %s is already absent from your AWS IAM users" % name) changed=False, msg="User %s is already absent from your AWS IAM users" % name)
@ -687,9 +696,11 @@ def main():
if not new_path and not new_name: if not new_path and not new_name:
module.exit_json( module.exit_json(
changed=changed, group_name=name, group_path=cur_path) changed=changed, group_name=name, group_path=cur_path)
elif state == 'update' and not group_exists: elif state == 'update' and not group_exists:
module.fail_json( module.fail_json(
changed=changed, msg="Update Failed. Group %s doesn't seem to exit!" % name) changed=changed, msg="Update Failed. Group %s doesn't seem to exit!" % name)
elif state == 'absent': elif state == 'absent':
if name in orig_group_list: if name in orig_group_list:
removed_group, changed = delete_group(iam=iam, name=name) removed_group, changed = delete_group(iam=iam, name=name)