internet/community.general
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-05-07 22:02:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add helper function so that IAM policies can be compared for equality and update s3_bucket to take advantage of helper function

Browse Source
This commit is contained in:
Rob White
2016-12-22 23:22:40 +11:00
committed by Ryan S. Brown
parent e66501b0b7
commit 62dfa2ad11
3 changed files with 79 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
lib/ansible/modules/cloud/amazon/GUIDELINES.md Normal file → Executable file
View File

@@ -233,6 +233,34 @@ result = connection.aws_call()
module.exit_json(changed=True, **camel_dict_to_snake_dict(result))
```
### Dealing with IAM JSON policy
If your module accepts IAM JSON policies then set the type to 'json' in the module spec. For example"
```python
argument_spec.update(
dict(
policy=dict(required=False, default=None, type='json'),
)
)
```
Note that AWS is unlikely to return the policy in the same order that is was submitted. Therefore, a helper
function has been created to order policies before comparison.
```python
# Get the policy from AWS
current_policy = aws_object.get_policy()
# Compare the user submitted policy to the current policy but sort them first
if sort_json_policy_dict(user_policy) == sort_json_policy_dict(current_policy):
# Nothing to do
pass
else:
# Update the policy
aws_object.set_policy(user_policy)
```
### Helper functions
Along with the connection functions in Ansible ec2.py module_utils, there are some other useful functions detailed below.
@@ -261,4 +289,10 @@ Opposite of above. Converts an Ansible dict to a boto3 tag list of dicts.
Pass this function a list of security group names or combination of security group names and IDs and this function will
return a list of IDs. You should also pass the VPC ID if known because security group names are not necessarily unique
across VPCs.
across VPCs.
### sort_json_policy_dict
Pass any JSON policy dict to this function in order to sort any list contained therein. This is useful
because AWS rarely return lists in the same order that they were submitted so without this function, comparison
of identical policies returns false.

2
lib/ansible/modules/cloud/amazon/s3_bucket.py Normal file → Executable file
View File

@@ -213,7 +213,7 @@ def _create_or_update_bucket(connection, module, location):
# only show changed if there was already a policy
changed = bool(current_policy)
elif current_policy != policy:
elif sort_json_policy_dict(current_policy) != sort_json_policy_dict(policy):
try:
bucket.set_policy(json.dumps(policy))
changed = True