Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
iam_policy - complete 5.0.0 deprecation cycles

SUMMARY

skip_duplicates now defaults to False
policy_document has been dropped.

ISSUE TYPE

Feature Pull Request

COMPONENT NAME
plugins/modules/iam_policy.py
ADDITIONAL INFORMATION

Reviewed-by: Markus Bergholz <[email protected]>

This commit was initially merged in https://github.com/ansible-collections/community.aws
See: ansible-collections@0782121
  • Loading branch information
tremble authored and goneri committed Sep 21, 2022
1 parent 3c4ef79 commit 0199ec1
Show file tree
Hide file tree
Showing 3 changed files with 46 additions and 120 deletions.
60 changes: 5 additions & 55 deletions plugins/modules/iam_policy.py
Original file line number Diff line number Diff line change
Expand Up @@ -32,17 +32,9 @@
- The name label for the policy to create or remove.
required: true
type: str
policy_document:
description:
- The path to the properly json formatted policy file.
- Mutually exclusive with I(policy_json).
- This option has been deprecated and will be removed in a release after 2022-06-01. The existing behavior can be
reproduced by using the I(policy_json) option and reading the file using the lookup plugin.
type: str
policy_json:
description:
- A properly json formatted policy as string.
- Mutually exclusive with I(policy_document).
- See U(https://github.com/ansible/ansible/issues/7005#issuecomment-42894813) on how to use it properly.
type: json
state:
Expand All @@ -55,9 +47,7 @@
description:
- When I(skip_duplicates=true) the module looks for any policies that match the document you pass in.
If there is a match it will not make a new policy object with the same rules.
- The current default is C(true). However, this behavior can be confusing and as such the default will
change to C(false) in a release after 2022-06-01. To maintain
the existing behavior explicitly set I(skip_duplicates=true).
default: false
type: bool
author:
Expand All @@ -70,15 +60,6 @@
'''

EXAMPLES = '''
# Create a policy with the name of 'Admin' to the group 'administrators'
- name: Assign a policy called Admin to the administrators group
community.aws.iam_policy:
iam_type: group
iam_name: administrators
policy_name: Admin
state: present
policy_document: admin_policy.json
# Advanced example, create two new groups and add a READ-ONLY policy to both
# groups.
- name: Create Two Groups, Mario and Luigi
Expand Down Expand Up @@ -139,11 +120,10 @@ class PolicyError(Exception):

class Policy:

def __init__(self, client, name, policy_name, policy_document, policy_json, skip_duplicates, state, check_mode):
def __init__(self, client, name, policy_name, policy_json, skip_duplicates, state, check_mode):
self.client = client
self.name = name
self.policy_name = policy_name
self.policy_document = policy_document
self.policy_json = policy_json
self.skip_duplicates = skip_duplicates
self.state = state
Expand Down Expand Up @@ -188,25 +168,12 @@ def delete(self):

def get_policy_text(self):
try:
if self.policy_document is not None:
return self.get_policy_from_document()
if self.policy_json is not None:
return self.get_policy_from_json()
except json.JSONDecodeError as e:
raise PolicyError('Failed to decode the policy as valid JSON: %s' % str(e))
return None

def get_policy_from_document(self):
try:
with open(self.policy_document, 'r') as json_data:
pdoc = json.load(json_data)
json_data.close()
except IOError as e:
if e.errno == 2:
raise PolicyError('policy_document {0:!r} does not exist'.format(self.policy_document))
raise
return pdoc

def get_policy_from_json(self):
if isinstance(self.policy_json, string_types):
pdoc = json.loads(self.policy_json)
Expand Down Expand Up @@ -301,42 +268,25 @@ def main():
state=dict(default='present', choices=['present', 'absent']),
iam_name=dict(required=True),
policy_name=dict(required=True),
policy_document=dict(default=None, required=False),
policy_json=dict(type='json', default=None, required=False),
skip_duplicates=dict(type='bool', default=None, required=False)
skip_duplicates=dict(type='bool', default=False, required=False)
)
mutually_exclusive = [['policy_document', 'policy_json']]
required_if = [
('state', 'present', ('policy_document', 'policy_json'), True),
('state', 'present', ('policy_json',), True),
]

module = AnsibleAWSModule(
argument_spec=argument_spec,
mutually_exclusive=mutually_exclusive,
required_if=required_if,
supports_check_mode=True
)

skip_duplicates = module.params.get('skip_duplicates')

if (skip_duplicates is None):
module.deprecate('The skip_duplicates behaviour has caused confusion and'
' will be disabled by default in a release after 2022-06-01',
date='2022-06-01', collection_name='community.aws')
skip_duplicates = True

if module.params.get('policy_document'):
module.deprecate('The policy_document option has been deprecated and'
' will be removed in a release after 2022-06-01',
date='2022-06-01', collection_name='community.aws')

args = dict(
client=module.client('iam', retry_decorator=AWSRetry.jittered_backoff()),
name=module.params.get('iam_name'),
policy_name=module.params.get('policy_name'),
policy_document=module.params.get('policy_document'),
policy_json=module.params.get('policy_json'),
skip_duplicates=skip_duplicates,
skip_duplicates=module.params.get('skip_duplicates'),
state=module.params.get('state'),
check_mode=module.check_mode,
)
Expand Down
24 changes: 0 additions & 24 deletions tests/integration/targets/iam_policy/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,24 +9,6 @@
collections:
- amazon.aws
block:
# ============================================================
- name: Create a temporary folder for the policies
tempfile:
state: directory
register: tmpdir
- name: Copy over policy
copy:
src: no_access.json
dest: "{{ tmpdir.path }}"
- name: Copy over other policy
copy:
src: no_access_with_id.json
dest: "{{ tmpdir.path }}"
- name: Copy over other policy
copy:
src: no_access_with_second_id.json
dest: "{{ tmpdir.path }}"

# ============================================================
- name: Create user for tests
iam_user:
Expand Down Expand Up @@ -91,9 +73,3 @@
state: absent
name: "{{ iam_name }}"
ignore_errors: yes

# ============================================================
- name: Delete temporary folder containing the policies
file:
state: absent
path: "{{ tmpdir.path }}/"
Loading

0 comments on commit 0199ec1

Please sign in to comment.