cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Simplify logic around "present" state and skip dupes. If the policy doesn't exist or the policy document doesn't match or if we're not skipping dupes, then we go ahead and update the respective user/group/role policy.

Browse source
This commit is contained in:
Bermudez, Jaime 2015-10-22 14:54:28 -04:00 committed by Matt Clay
parent f654bd45f8
commit efbdea909e
1 changed files with 21 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
lib/ansible/modules/cloud/amazon/iam_policy.py
View file

@ -144,12 +144,14 @@ def user_action(module, iam, name, policy_name, skip, pdoc, state):
if urllib.unquote(iam.get_user_policy(name, pol). if urllib.unquote(iam.get_user_policy(name, pol).
get_user_policy_result.policy_document) == pdoc: get_user_policy_result.policy_document) == pdoc:
policy_match = True policy_match = True
if policy_match:
if state == 'present' and skip: msg=("The policy document you specified already exists "
if policy_name not in current_policies and not policy_match: "under the name %s." % pol)
changed = True if state == 'present':
iam.put_user_policy(name, policy_name, pdoc) # If policy document does not already exist (either it's changed
elif state == 'present' and not skip: # or the policy is not present) or if we're not skipping dupes then
# make the put call. Note that the put call does a create or update.
if not policy_match or not skip:
changed = True changed = True
iam.put_user_policy(name, policy_name, pdoc) iam.put_user_policy(name, policy_name, pdoc)
elif state == 'absent': elif state == 'absent':
@ -191,11 +193,14 @@ def role_action(module, iam, name, policy_name, skip, pdoc, state):
if urllib.unquote(iam.get_role_policy(name, pol). if urllib.unquote(iam.get_role_policy(name, pol).
get_role_policy_result.policy_document) == pdoc: get_role_policy_result.policy_document) == pdoc:
policy_match = True policy_match = True
if state == 'present' and skip: if policy_match:
if policy_name not in current_policies and not policy_match: msg=("The policy document you specified already exists "
changed = True "under the name %s." % pol)
iam.put_role_policy(name, policy_name, pdoc) if state == 'present':
elif state == 'present' and not skip: # If policy document does not already exist (either it's changed
# or the policy is not present) or if we're not skipping dupes then
# make the put call. Note that the put call does a create or update.
if not policy_match or not skip:
changed = True changed = True
iam.put_role_policy(name, policy_name, pdoc) iam.put_role_policy(name, policy_name, pdoc)
elif state == 'absent': elif state == 'absent':
@ -234,11 +239,11 @@ def group_action(module, iam, name, policy_name, skip, pdoc, state):
if policy_match: if policy_match:
msg=("The policy document you specified already exists " msg=("The policy document you specified already exists "
"under the name %s." % pol) "under the name %s." % pol)
if state == 'present' and skip: if state == 'present':
if policy_name not in current_policies and not policy_match: # If policy document does not already exist (either it's changed
changed = True # or the policy is not present) or if we're not skipping dupes then
iam.put_group_policy(name, policy_name, pdoc) # make the put call. Note that the put call does a create or update.
elif state == 'present' and not skip: if not policy_match or not skip:
changed = True changed = True
iam.put_group_policy(name, policy_name, pdoc) iam.put_group_policy(name, policy_name, pdoc)
elif state == 'absent': elif state == 'absent':