-
Notifications
You must be signed in to change notification settings - Fork 395
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IAM Role Removal Does Not Require Removal of Permission Boundary #961
IAM Role Removal Does Not Require Removal of Permission Boundary #961
Conversation
…n boundary before deleting the role
@phene Thanks for your PR. Can you also please add a bugfixes changelog fragment? |
Changelog fragment added, @markuman |
changelogs/fragments/961-iam-role-should-not-remove-permission-boundary-before-deletion.yml
Outdated
Show resolved
Hide resolved
…-boundary-before-deletion.yml
I've run the integration tests 'locally', and everything still works. @phene Thanks for the PR, sorry it's taken a while to get it merged. |
regate |
Backport to stable-2: 💚 backport PR created✅ Backport PR branch: Backported as #999 🤖 @patchback |
IAM Role Removal Does Not Require Removal of Permission Boundary SUMMARY Removes unnecessary removal of permission boundary from a role when deleting a role. Unlike inline policies, permission boundaries do not need to be removed from an IAM role before deleting the IAM role. This behavior causes issues when a permission boundary is inherited that prevents removal of the permission boundary. Fixes #959 ISSUE TYPE Bugfix Pull Request COMPONENT NAME iam_role Reviewed-by: Markus Bergholz <git@osuv.de> Reviewed-by: Mark Chappell <None> (cherry picked from commit e670b34)
Backport to stable-3: 💚 backport PR created✅ Backport PR branch: Backported as #1000 🤖 @patchback |
IAM Role Removal Does Not Require Removal of Permission Boundary SUMMARY Removes unnecessary removal of permission boundary from a role when deleting a role. Unlike inline policies, permission boundaries do not need to be removed from an IAM role before deleting the IAM role. This behavior causes issues when a permission boundary is inherited that prevents removal of the permission boundary. Fixes #959 ISSUE TYPE Bugfix Pull Request COMPONENT NAME iam_role Reviewed-by: Markus Bergholz <git@osuv.de> Reviewed-by: Mark Chappell <None> (cherry picked from commit e670b34)
… (#999) [PR #961/e670b348 backport][stable-2] IAM Role Removal Does Not Require Removal of Permission Boundary This is a backport of PR #961 as merged into main (e670b34). SUMMARY Removes unnecessary removal of permission boundary from a role when deleting a role. Unlike inline policies, permission boundaries do not need to be removed from an IAM role before deleting the IAM role. This behavior causes issues when a permission boundary is inherited that prevents removal of the permission boundary. Fixes #959 ISSUE TYPE Bugfix Pull Request COMPONENT NAME iam_role
… (#1000) [PR #961/e670b348 backport][stable-3] IAM Role Removal Does Not Require Removal of Permission Boundary This is a backport of PR #961 as merged into main (e670b34). SUMMARY Removes unnecessary removal of permission boundary from a role when deleting a role. Unlike inline policies, permission boundaries do not need to be removed from an IAM role before deleting the IAM role. This behavior causes issues when a permission boundary is inherited that prevents removal of the permission boundary. Fixes #959 ISSUE TYPE Bugfix Pull Request COMPONENT NAME iam_role
Unit test cleanup SUMMARY Speaking to @mattclay, pytest based unit tests are generally considered preferred over unittest based unit tests. For the sake of having "good" examples in amazon.aws, migrates unittest based tests over to pytest Additionally: Moves tests about to reflect module_utils Cleans up the boto3/botocore test skipping uses "pytest.raises" rather than try/except blocks Cleans up unused variables Cleans up unused imports fixes s3_object unit test (was trying to import from the old location, redirects don't handle this) ISSUE TYPE Feature Pull Request COMPONENT NAME tests/units ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis <None>
…ible-collections#961) IAM Role Removal Does Not Require Removal of Permission Boundary SUMMARY Removes unnecessary removal of permission boundary from a role when deleting a role. Unlike inline policies, permission boundaries do not need to be removed from an IAM role before deleting the IAM role. This behavior causes issues when a permission boundary is inherited that prevents removal of the permission boundary. Fixes ansible-collections#959 ISSUE TYPE Bugfix Pull Request COMPONENT NAME iam_role Reviewed-by: Markus Bergholz <git@osuv.de> Reviewed-by: Mark Chappell <None> This commit was initially merged in https://github.com/ansible-collections/community.aws See: ansible-collections@e670b34
SUMMARY
Removes unnecessary removal of permission boundary from a role when deleting a role. Unlike inline policies, permission boundaries do not need to be removed from an IAM role before deleting the IAM role. This behavior causes issues when a permission boundary is inherited that prevents removal of the permission boundary.
Fixes #959
ISSUE TYPE
COMPONENT NAME
iam_role