diff options
author | Michael Baydoun <mbaydoun@fhlbi.com> | 2016-07-18 13:10:59 +0000 |
---|---|---|
committer | Matt Clay <matt@mystile.com> | 2016-12-08 11:24:45 -0500 |
commit | 3818cc2b959e9b320691fcde6c2342e80083797e (patch) | |
tree | 16e6831f3486bdcea3a60915df45291f34dbaa03 /lib/ansible/modules/cloud/amazon/iam_policy.py | |
parent | 906b457bf19f247e2ad65e2dd6bc7502724f5cd8 (diff) | |
download | ansible-3818cc2b959e9b320691fcde6c2342e80083797e.tar.gz |
fixes issues where iam_policy incorrected reported changed
Diffstat (limited to 'lib/ansible/modules/cloud/amazon/iam_policy.py')
-rw-r--r-- | lib/ansible/modules/cloud/amazon/iam_policy.py | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/lib/ansible/modules/cloud/amazon/iam_policy.py b/lib/ansible/modules/cloud/amazon/iam_policy.py index 572e5eca93..4ab1e0c75c 100644 --- a/lib/ansible/modules/cloud/amazon/iam_policy.py +++ b/lib/ansible/modules/cloud/amazon/iam_policy.py @@ -137,6 +137,7 @@ def user_action(module, iam, name, policy_name, skip, pdoc, state): current_policies = [cp for cp in iam.get_all_user_policies(name). list_user_policies_result. policy_names] + pol = "" for pol in current_policies: ''' urllib is needed here because boto returns url encoded strings instead @@ -144,14 +145,13 @@ def user_action(module, iam, name, policy_name, skip, pdoc, state): if urllib.unquote(iam.get_user_policy(name, pol). get_user_policy_result.policy_document) == pdoc: policy_match = True - if policy_match: - msg=("The policy document you specified already exists " - "under the name %s." % pol) + break + if state == 'present': # If policy document does not already exist (either it's changed # or the policy is not present) or if we're not skipping dupes then # make the put call. Note that the put call does a create or update. - if not policy_match or not skip: + if (not policy_match or not skip) and pol != name: changed = True iam.put_user_policy(name, policy_name, pdoc) elif state == 'absent': @@ -189,18 +189,18 @@ def role_action(module, iam, name, policy_name, skip, pdoc, state): module.fail_json(msg=e.message) try: + pol = "" for pol in current_policies: if urllib.unquote(iam.get_role_policy(name, pol). get_role_policy_result.policy_document) == pdoc: policy_match = True - if policy_match: - msg=("The policy document you specified already exists " - "under the name %s." % pol) + break + if state == 'present': # If policy document does not already exist (either it's changed # or the policy is not present) or if we're not skipping dupes then # make the put call. Note that the put call does a create or update. - if not policy_match or not skip: + if (not policy_match or not skip) and pol != name: changed = True iam.put_role_policy(name, policy_name, pdoc) elif state == 'absent': @@ -234,6 +234,7 @@ def group_action(module, iam, name, policy_name, skip, pdoc, state): current_policies = [cp for cp in iam.get_all_group_policies(name). list_group_policies_result. policy_names] + pol = "" for pol in current_policies: if urllib.unquote(iam.get_group_policy(name, pol). get_group_policy_result.policy_document) == pdoc: @@ -241,11 +242,12 @@ def group_action(module, iam, name, policy_name, skip, pdoc, state): if policy_match: msg=("The policy document you specified already exists " "under the name %s." % pol) + break if state == 'present': # If policy document does not already exist (either it's changed # or the policy is not present) or if we're not skipping dupes then # make the put call. Note that the put call does a create or update. - if not policy_match or not skip: + if (not policy_match or not skip) and pol != name: changed = True iam.put_group_policy(name, policy_name, pdoc) elif state == 'absent': |