Simplify logic around "present" state and skip dupes. If the policy doesn't exist or the policy document doesn't match or if we're not skipping dupes, then we go ahead and update the respective user/group/role policy.
This commit is contained in:
Bermudez, Jaime
Matt Clay
parent
f654bd45f8
commit
efbdea909e
1 changed files with 21 additions and 16 deletions
|
|
@ -144,12 +144,14 @@ def user_action(module, iam, name, policy_name, skip, pdoc, state):
|
|||
if urllib.unquote(iam.get_user_policy(name, pol).
|
||||
get_user_policy_result.policy_document) == pdoc:
|
||||
policy_match = True
|
||||
|
||||
if state == 'present' and skip:
|
||||
if policy_name not in current_policies and not policy_match:
|
||||
changed = True
|
||||
iam.put_user_policy(name, policy_name, pdoc)
|
||||
elif state == 'present' and not skip:
|
||||
if policy_match:
|
||||
msg=("The policy document you specified already exists "
|
||||
"under the name %s." % pol)
|
||||
if state == 'present':
|
||||
# If policy document does not already exist (either it's changed
|
||||
# or the policy is not present) or if we're not skipping dupes then
|
||||
# make the put call. Note that the put call does a create or update.
|
||||
if not policy_match or not skip:
|
||||
changed = True
|
||||
iam.put_user_policy(name, policy_name, pdoc)
|
||||
elif state == 'absent':
|
||||
|
|
@ -191,11 +193,14 @@ def role_action(module, iam, name, policy_name, skip, pdoc, state):
|
|||
if urllib.unquote(iam.get_role_policy(name, pol).
|
||||
get_role_policy_result.policy_document) == pdoc:
|
||||
policy_match = True
|
||||
if state == 'present' and skip:
|
||||
if policy_name not in current_policies and not policy_match:
|
||||
changed = True
|
||||
iam.put_role_policy(name, policy_name, pdoc)
|
||||
elif state == 'present' and not skip:
|
||||
if policy_match:
|
||||
msg=("The policy document you specified already exists "
|
||||
"under the name %s." % pol)
|
||||
if state == 'present':
|
||||
# If policy document does not already exist (either it's changed
|
||||
# or the policy is not present) or if we're not skipping dupes then
|
||||
# make the put call. Note that the put call does a create or update.
|
||||
if not policy_match or not skip:
|
||||
changed = True
|
||||
iam.put_role_policy(name, policy_name, pdoc)
|
||||
elif state == 'absent':
|
||||
|
|
@ -234,11 +239,11 @@ def group_action(module, iam, name, policy_name, skip, pdoc, state):
|
|||
if policy_match:
|
||||
msg=("The policy document you specified already exists "
|
||||
"under the name %s." % pol)
|
||||
if state == 'present' and skip:
|
||||
if policy_name not in current_policies and not policy_match:
|
||||
changed = True
|
||||
iam.put_group_policy(name, policy_name, pdoc)
|
||||
elif state == 'present' and not skip:
|
||||
if state == 'present':
|
||||
# If policy document does not already exist (either it's changed
|
||||
# or the policy is not present) or if we're not skipping dupes then
|
||||
# make the put call. Note that the put call does a create or update.
|
||||
if not policy_match or not skip:
|
||||
changed = True
|
||||
iam.put_group_policy(name, policy_name, pdoc)
|
||||
elif state == 'absent':
|
||||
|
|
|
|||
Loading…
Reference in a new issue