Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PR #1892/9e45fc20 backport][stable-7] iam_group - add support for setting the path #1898

Merged
merged 1 commit into from
Dec 4, 2023
Merged

[PR #1892/9e45fc20 backport][stable-7] iam_group - add support for setting the path #1898

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions changelogs/fragments/20231130-iam_group.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
minor_changes:
- iam_group - add support for setting group path (https://github.com/ansible-collections/amazon.aws/pull/1892).
- iam_group - adds attached_policies return value (https://github.com/ansible-collections/amazon.aws/pull/1892).
- iam_group - code refactored to avoid single long function (https://github.com/ansible-collections/amazon.aws/pull/1892).
29 changes: 29 additions & 0 deletions plugins/module_utils/iam.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
from ansible.module_utils.common.dict_transformations import camel_dict_to_snake_dict

from .arn import parse_aws_arn
from .arn import validate_aws_arn
from .botocore import is_boto3_error_code
from .exceptions import AnsibleAWSError
from .retries import AWSRetry
Expand Down Expand Up @@ -72,6 +73,34 @@ def _remove_role_from_instance_profile(client, **kwargs):
client.remove_role_from_instance_profile(**kwargs)


@AWSRetry.jittered_backoff()
def _list_managed_policies(client, **kwargs):
paginator = client.get_paginator("list_policies")
return paginator.paginate(**kwargs).build_full_result()


def list_managed_policies(client):
try:
return _list_managed_policies(client)["Policies"]
except (botocore.exceptions.BotoCoreError, botocore.exceptions.ClientError) as e:
raise AnsibleIAMError(message="Failed to list all managed policies", exception=e)


def convert_managed_policy_names_to_arns(client, policy_names):
if all(validate_aws_arn(policy, service="iam") for policy in policy_names if policy is not None):
return policy_names
allpolicies = {}
policies = list_managed_policies(client)

for policy in policies:
allpolicies[policy["PolicyName"]] = policy["Arn"]
allpolicies[policy["Arn"]] = policy["Arn"]
try:
return [allpolicies[policy] for policy in policy_names if policy is not None]
except KeyError as e:
raise AnsibleIAMError(message="Failed to find policy by name:" + str(e))


def get_aws_account_id(module):
"""Given an AnsibleAWSModule instance, get the active AWS account ID"""

Expand Down
Loading