Server IP : 85.214.239.14 / Your IP : 13.58.32.115 Web Server : Apache/2.4.62 (Debian) System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64 User : www-data ( 33) PHP Version : 7.4.18 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : OFF | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /usr/lib/python3/dist-packages/ansible_collections/amazon/aws/plugins/modules/ |
Upload File : |
#!/usr/bin/python # This file is part of Ansible # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) from __future__ import (absolute_import, division, print_function) __metaclass__ = type DOCUMENTATION = ''' --- module: iam_policy_info version_added: 5.0.0 short_description: Retrieve inline IAM policies for users, groups, and roles description: - Supports fetching of inline IAM policies for IAM users, groups and roles. - This module was originally added to C(community.aws) in release 1.0.0. options: iam_type: description: - Type of IAM resource you wish to retrieve inline policies for. required: true choices: [ "user", "group", "role"] type: str iam_name: description: - Name of IAM resource you wish to retrieve inline policies for. In other words, the user name, group name or role name. required: true type: str policy_name: description: - Name of a specific IAM inline policy you with to retrieve. required: false type: str author: - Mark Chappell (@tremble) extends_documentation_fragment: - amazon.aws.aws - amazon.aws.ec2 - amazon.aws.boto3 ''' EXAMPLES = ''' - name: Describe all inline IAM policies on an IAM User amazon.aws.iam_policy_info: iam_type: user iam_name: example_user - name: Describe a specific inline policy on an IAM Role amazon.aws.iam_policy_info: iam_type: role iam_name: example_role policy_name: example_policy ''' RETURN = ''' policies: description: A list containing the matching IAM inline policy names and their data returned: success type: complex contains: policy_name: description: The Name of the inline policy returned: success type: str policy_document: description: The JSON document representing the inline IAM policy returned: success type: list policy_names: description: A list of matching names of the IAM inline policies on the queried object returned: success type: list all_policy_names: description: A list of names of all of the IAM inline policies on the queried object returned: success type: list ''' try: import botocore except ImportError: pass from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule from ansible_collections.amazon.aws.plugins.module_utils.core import is_boto3_error_code from ansible_collections.amazon.aws.plugins.module_utils.ec2 import AWSRetry class Policy: def __init__(self, client, name, policy_name): self.client = client self.name = name self.policy_name = policy_name self.changed = False @staticmethod def _iam_type(): return '' def _list(self, name): return {} def list(self): return self._list(self.name).get('PolicyNames', []) def _get(self, name, policy_name): return '{}' def get(self, policy_name): return self._get(self.name, policy_name)['PolicyDocument'] def get_all(self): policies = list() for policy in self.list(): policies.append({"policy_name": policy, "policy_document": self.get(policy)}) return policies def run(self): policy_list = self.list() ret_val = { 'changed': False, self._iam_type() + '_name': self.name, 'all_policy_names': policy_list } if self.policy_name is None: ret_val.update(policies=self.get_all()) ret_val.update(policy_names=policy_list) elif self.policy_name in policy_list: ret_val.update(policies=[{ "policy_name": self.policy_name, "policy_document": self.get(self.policy_name)}]) ret_val.update(policy_names=[self.policy_name]) return ret_val class UserPolicy(Policy): @staticmethod def _iam_type(): return 'user' def _list(self, name): return self.client.list_user_policies(aws_retry=True, UserName=name) def _get(self, name, policy_name): return self.client.get_user_policy(aws_retry=True, UserName=name, PolicyName=policy_name) class RolePolicy(Policy): @staticmethod def _iam_type(): return 'role' def _list(self, name): return self.client.list_role_policies(aws_retry=True, RoleName=name) def _get(self, name, policy_name): return self.client.get_role_policy(aws_retry=True, RoleName=name, PolicyName=policy_name) class GroupPolicy(Policy): @staticmethod def _iam_type(): return 'group' def _list(self, name): return self.client.list_group_policies(aws_retry=True, GroupName=name) def _get(self, name, policy_name): return self.client.get_group_policy(aws_retry=True, GroupName=name, PolicyName=policy_name) def main(): argument_spec = dict( iam_type=dict(required=True, choices=['user', 'group', 'role']), iam_name=dict(required=True), policy_name=dict(default=None, required=False), ) module = AnsibleAWSModule(argument_spec=argument_spec, supports_check_mode=True) args = dict( client=module.client('iam', retry_decorator=AWSRetry.jittered_backoff()), name=module.params.get('iam_name'), policy_name=module.params.get('policy_name'), ) iam_type = module.params.get('iam_type') try: if iam_type == 'user': policy = UserPolicy(**args) elif iam_type == 'role': policy = RolePolicy(**args) elif iam_type == 'group': policy = GroupPolicy(**args) module.exit_json(**(policy.run())) except is_boto3_error_code('NoSuchEntity') as e: module.exit_json(changed=False, msg=e.response['Error']['Message']) except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: # pylint: disable=duplicate-except module.fail_json_aws(e) if __name__ == '__main__': main()