Migrate iam_role and iam_role_info modules from community.aws

ansible-collections · Oct 6, 2023 · 94f032a · 94f032a
1 parent 3b5c0d0
commit 94f032a
Show file tree

Hide file tree

Showing 16 changed files with 969 additions and 1,074 deletions.
diff --git a/changelogs/fragments/migrate_iam_role.yml b/changelogs/fragments/migrate_iam_role.yml
@@ -0,0 +1,7 @@
+major_changes:
+- iam_role - The module has been migrated from the ``community.aws`` collection. Playbooks
+  using the Fully Qualified Collection Name for this module should be updated to use
+  ``amazon.aws.iam_role`` (https://github.com/ansible-collections/amazon.aws/pull/1760).
+- iam_role_info - The module has been migrated from the ``community.aws`` collection.
+  Playbooks using the Fully Qualified Collection Name for this module should be updated
+  to use ``amazon.aws.iam_role_info`` (https://github.com/ansible-collections/amazon.aws/pull/1760).
diff --git a/meta/runtime.yml b/meta/runtime.yml
@@ -72,6 +72,8 @@ action_groups:
     - iam_instance_profile_info
     - iam_policy
     - iam_policy_info
+    - iam_role
+    - iam_role_info
     - iam_user
     - iam_user_info
     - kms_key
@@ -143,4 +145,4 @@ plugin_routing:
       redirect: amazon.aws.ssm_parameter
     aws_secret:
       # Deprecation for this alias should not *start* prior to 2024-09-01
-      redirect: amazon.aws.secretsmanager_secret
+      redirect: amazon.aws.secretsmanager_secret
diff --git a/plugins/modules/iam_role.py b/plugins/modules/iam_role.py
@@ -8,6 +8,7 @@
 ---
 module: iam_role
 version_added: 1.0.0
+version_added_collection: community.aws
 short_description: Manage AWS IAM roles
 description:
   - Manage AWS IAM roles.
@@ -45,7 +46,7 @@
     description:
       - A list of managed policy ARNs, managed policy ARNs or friendly names.
       - To remove all policies set I(purge_polices=true) and I(managed_policies=[None]).
-      - To embed an inline policy, use M(community.aws.iam_policy).
+      - To embed an inline policy, use M(amazon.aws.iam_policy).
     aliases: ['managed_policy']
     type: list
     elements: str
@@ -100,28 +101,28 @@
 # Note: These examples do not set authentication details, see the AWS Guide for details.
 
 - name: Create a role with description and tags
-  community.aws.iam_role:
+  amazon.aws.iam_role:
     name: mynewrole
     assume_role_policy_document: "{{ lookup('file','policy.json') }}"
     description: This is My New Role
     tags:
       env: dev
 
 - name: "Create a role and attach a managed policy called 'PowerUserAccess'"
-  community.aws.iam_role:
+  amazon.aws.iam_role:
     name: mynewrole
     assume_role_policy_document: "{{ lookup('file','policy.json') }}"
     managed_policies:
       - arn:aws:iam::aws:policy/PowerUserAccess
 
 - name: Keep the role created above but remove all managed policies
-  community.aws.iam_role:
+  amazon.aws.iam_role:
     name: mynewrole
     assume_role_policy_document: "{{ lookup('file','policy.json') }}"
     managed_policies: []
 
 - name: Delete the role
-  community.aws.iam_role:
+  amazon.aws.iam_role:
     name: mynewrole
     assume_role_policy_document: "{{ lookup('file', 'policy.json') }}"
     state: absent
@@ -232,7 +233,7 @@
 from ansible_collections.amazon.aws.plugins.module_utils.tagging import boto3_tag_list_to_ansible_dict
 from ansible_collections.amazon.aws.plugins.module_utils.tagging import compare_aws_tags
 
-from ansible_collections.community.aws.plugins.module_utils.modules import AnsibleCommunityAWSModule as AnsibleAWSModule
+from ansible_collections.amazon.aws.plugins.module_utils.modules import AnsibleAWSModule
 
 
 @AWSRetry.jittered_backoff()
@@ -732,7 +733,7 @@ def main():
         "All return values other than iam_role and changed have been deprecated and "
         "will be removed in a release after 2023-12-01.",
         date="2023-12-01",
-        collection_name="community.aws",
+        collection_name="amazon.aws",
     )
 
     module.deprecate(
@@ -741,7 +742,7 @@ def main():
         "iam_role.assume_role_policy_document_raw return value already returns the "
         "policy document in this future format.",
         date="2023-12-01",
-        collection_name="community.aws",
+        collection_name="amazon.aws",
     )
 
     if module.params.get("boundary"):

diff --git a/plugins/modules/iam_role_info.py b/plugins/modules/iam_role_info.py
@@ -8,6 +8,7 @@
 ---
 module: iam_role_info
 version_added: 1.0.0
+version_added_collection: community.aws
 short_description: Gather information on IAM roles
 description:
     - Gathers information about IAM roles.
@@ -34,15 +35,15 @@
 
 EXAMPLES = r"""
 - name: find all existing IAM roles
-  community.aws.iam_role_info:
+  amazon.aws.iam_role_info:
   register: result
 
 - name: describe a single role
-  community.aws.iam_role_info:
+  amazon.aws.iam_role_info:
     name: MyIAMRole
 
 - name: describe all roles matching a path prefix
-  community.aws.iam_role_info:
+  amazon.aws.iam_role_info:
     path_prefix: /application/path
 """
 
@@ -163,7 +164,7 @@
 from ansible_collections.amazon.aws.plugins.module_utils.retries import AWSRetry
 from ansible_collections.amazon.aws.plugins.module_utils.tagging import boto3_tag_list_to_ansible_dict
 
-from ansible_collections.community.aws.plugins.module_utils.modules import AnsibleCommunityAWSModule as AnsibleAWSModule
+from ansible_collections.amazon.aws.plugins.module_utils.modules import AnsibleAWSModule
 
 
 @AWSRetry.jittered_backoff()
@@ -278,7 +279,7 @@ def main():
         ".assume_role_policy_document_raw return value already returns the "
         "policy document in this future format.",
         date="2023-12-01",
-        collection_name="community.aws",
+        collection_name="amazon.aws",
     )
 
     module.exit_json(changed=False, iam_roles=describe_iam_roles(module, client))

diff --git a/tests/integration/targets/iam_role/defaults/main.yml b/tests/integration/targets/iam_role/defaults/main.yml
@@ -1,6 +1,5 @@
----
 test_role: '{{ resource_prefix }}-role'
-test_path: '/{{ resource_prefix }}/'
-safe_managed_policy: 'AWSDenyAll'
+test_path: /{{ resource_prefix }}/
+safe_managed_policy: AWSDenyAll
 custom_policy_name: '{{ resource_prefix }}-denyall'
-boundary_policy: 'arn:aws:iam::aws:policy/AWSDenyAll'
+boundary_policy: arn:aws:iam::aws:policy/AWSDenyAll
diff --git a/tests/integration/targets/iam_role/tasks/boundary_policy.yml b/tests/integration/targets/iam_role/tasks/boundary_policy.yml
@@ -1,94 +1,86 @@
----
-- name: "Create minimal role with no boundary policy"
+- name: Create minimal role with no boundary policy
   iam_role:
-    name: "{{ test_role }}"
+    name: '{{ test_role }}'
     create_instance_profile: no
   register: iam_role
-
 - assert:
     that:
-      - iam_role is changed
-      - iam_role.iam_role.role_name == test_role
+    - iam_role is changed
+    - iam_role.iam_role.role_name == test_role
 
-- name: "Configure Boundary Policy (CHECK MODE)"
+- name: Configure Boundary Policy (CHECK MODE)
   iam_role:
-    name: "{{ test_role }}"
+    name: '{{ test_role }}'
     create_instance_profile: no
-    boundary: "{{ boundary_policy }}"
+    boundary: '{{ boundary_policy }}'
   check_mode: yes
   register: iam_role
-
 - assert:
     that:
-      - iam_role is changed
+    - iam_role is changed
 
-- name: "Configure Boundary Policy"
+- name: Configure Boundary Policy
   iam_role:
-    name: "{{ test_role }}"
+    name: '{{ test_role }}'
     create_instance_profile: no
-    boundary: "{{ boundary_policy }}"
+    boundary: '{{ boundary_policy }}'
   register: iam_role
-
 - assert:
     that:
-      - iam_role is changed
-      - iam_role.iam_role.role_name == test_role
+    - iam_role is changed
+    - iam_role.iam_role.role_name == test_role
 
-- name: "Configure Boundary Policy (no change) - check mode"
+- name: Configure Boundary Policy (no change) - check mode
   iam_role:
-    name: "{{ test_role }}"
+    name: '{{ test_role }}'
     create_instance_profile: no
-    boundary: "{{ boundary_policy }}"
+    boundary: '{{ boundary_policy }}'
   register: iam_role
   check_mode: yes
-
 - assert:
     that:
-      - iam_role is not changed
+    - iam_role is not changed
 
-- name: "Configure Boundary Policy (no change)"
+- name: Configure Boundary Policy (no change)
   iam_role:
-    name: "{{ test_role }}"
+    name: '{{ test_role }}'
     create_instance_profile: no
-    boundary: "{{ boundary_policy }}"
+    boundary: '{{ boundary_policy }}'
   register: iam_role
-
 - assert:
     that:
-      - iam_role is not changed
-      - iam_role.iam_role.role_name == test_role
+    - iam_role is not changed
+    - iam_role.iam_role.role_name == test_role
 
-- name: "iam_role_info after adding boundary policy"
+- name: iam_role_info after adding boundary policy
   iam_role_info:
-    name: "{{ test_role }}"
+    name: '{{ test_role }}'
   register: role_info
-
 - assert:
     that:
-      - role_info is succeeded
-      - role_info.iam_roles | length == 1
-      - 'role_info.iam_roles[0].arn.startswith("arn")'
-      - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )'
-      - '"assume_role_policy_document" in role_info.iam_roles[0]'
-      - '"create_date" in role_info.iam_roles[0]'
-      - '"description" not in role_info.iam_roles[0]'
-      - role_info.iam_roles[0].inline_policies | length == 0
-      - role_info.iam_roles[0].instance_profiles | length == 0
-      - role_info.iam_roles[0].managed_policies | length == 0
-      - role_info.iam_roles[0].max_session_duration == 3600
-      - role_info.iam_roles[0].path == '/'
-      - role_info.iam_roles[0].permissions_boundary.permissions_boundary_arn == boundary_policy
-      - role_info.iam_roles[0].permissions_boundary.permissions_boundary_type == 'Policy'
-      - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id
-      - role_info.iam_roles[0].role_name == test_role
+    - role_info is succeeded
+    - role_info.iam_roles | length == 1
+    - role_info.iam_roles[0].arn.startswith("arn")
+    - role_info.iam_roles[0].arn.endswith("role/" + test_role )
+    - '"assume_role_policy_document" in role_info.iam_roles[0]'
+    - '"create_date" in role_info.iam_roles[0]'
+    - '"description" not in role_info.iam_roles[0]'
+    - role_info.iam_roles[0].inline_policies | length == 0
+    - role_info.iam_roles[0].instance_profiles | length == 0
+    - role_info.iam_roles[0].managed_policies | length == 0
+    - role_info.iam_roles[0].max_session_duration == 3600
+    - role_info.iam_roles[0].path == '/'
+    - role_info.iam_roles[0].permissions_boundary.permissions_boundary_arn == boundary_policy
+    - role_info.iam_roles[0].permissions_boundary.permissions_boundary_type == 'Policy'
+    - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id
+    - role_info.iam_roles[0].role_name == test_role
 
-- name: "Remove IAM Role"
+- name: Remove IAM Role
   iam_role:
     state: absent
-    name: "{{ test_role }}"
+    name: '{{ test_role }}'
     delete_instance_profile: yes
   register: iam_role
-
 - assert:
     that:
-      - iam_role is changed
+    - iam_role is changed