Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IAM Role Removal Does Not Require Removal of Permission Boundary #961

Merged
merged 3 commits into from
Mar 16, 2022
Merged

IAM Role Removal Does Not Require Removal of Permission Boundary #961

merged 3 commits into from
Mar 16, 2022

Conversation

phene
Copy link
Contributor

@phene phene commented Mar 3, 2022
edited
Loading

SUMMARY

Removes unnecessary removal of permission boundary from a role when deleting a role. Unlike inline policies, permission boundaries do not need to be removed from an IAM role before deleting the IAM role. This behavior causes issues when a permission boundary is inherited that prevents removal of the permission boundary.

Fixes #959

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

iam_role

@ansibullbot
Copy link

cc @jillr @markuman @s-hertel @tremble
click here for bot help

@ansibullbot ansibullbot added bug This issue/PR relates to a bug community_review module module needs_triage new_contributor Help guide this first time contributor plugins plugin (any type) small_patch Hopefully easy to review labels Mar 3, 2022
@softwarefactory-project-zuul
Copy link
Contributor

Build succeeded.

@markuman
Copy link
Member

@phene Thanks for your PR. Can you also please add a bugfixes changelog fragment?
https://docs.ansible.com/ansible/latest/community/development_process.html#creating-a-changelog-fragment
Otherwise LGTM

@markuman markuman added backport-2 PR should be backported to the stable-2 branch backport-3 PR should be backported to the stable-3 branch labels Mar 14, 2022
@phene
Copy link
Contributor Author

phene commented Mar 15, 2022

Changelog fragment added, @markuman

@softwarefactory-project-zuul
Copy link
Contributor

Build succeeded.

@tremble tremble added the mergeit Merge the PR (SoftwareFactory) label Mar 16, 2022
@tremble
Copy link
Contributor

tremble commented Mar 16, 2022

I've run the integration tests 'locally', and everything still works.

@phene Thanks for the PR, sorry it's taken a while to get it merged.

@softwarefactory-project-zuul
Copy link
Contributor

Build failed (gate pipeline). For information on how to proceed, see
http://docs.openstack.org/infra/manual/developers.html#automated-testing

@markuman
Copy link
Member

regate

@softwarefactory-project-zuul
Copy link
Contributor

Build succeeded (gate pipeline).

@softwarefactory-project-zuul softwarefactory-project-zuul bot merged commit e670b34 into ansible-collections:main Mar 16, 2022
@patchback
Copy link

patchback bot commented Mar 16, 2022
edited
Loading

Backport to stable-2: 💚 backport PR created

✅ Backport PR branch: patchback/backports/stable-2/e670b3488b6d61f7ca43c5cf70ce61699abef365/pr-961

Backported as #999

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

patchback bot pushed a commit that referenced this pull request Mar 16, 2022
@phene @patchback
IAM Role Removal Does Not Require Removal of Permission Boundary (#961)
1d368b4 
IAM Role Removal Does Not Require Removal of Permission Boundary

SUMMARY

Removes unnecessary removal of permission boundary from a role when deleting a role. Unlike inline policies, permission boundaries do not need to be removed from an IAM role before deleting the IAM role. This behavior causes issues when a permission boundary is inherited that prevents removal of the permission boundary.
Fixes #959

ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
iam_role

Reviewed-by: Markus Bergholz <git@osuv.de>
Reviewed-by: Mark Chappell <None>
(cherry picked from commit e670b34)
@patchback patchback bot mentioned this pull request Mar 16, 2022
Merged
@patchback
Copy link

patchback bot commented Mar 16, 2022
edited
Loading

Backport to stable-3: 💚 backport PR created

✅ Backport PR branch: patchback/backports/stable-3/e670b3488b6d61f7ca43c5cf70ce61699abef365/pr-961

Backported as #1000

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

patchback bot pushed a commit that referenced this pull request Mar 16, 2022
@phene @patchback
IAM Role Removal Does Not Require Removal of Permission Boundary (#961)
f97234a 
IAM Role Removal Does Not Require Removal of Permission Boundary

SUMMARY

Removes unnecessary removal of permission boundary from a role when deleting a role. Unlike inline policies, permission boundaries do not need to be removed from an IAM role before deleting the IAM role. This behavior causes issues when a permission boundary is inherited that prevents removal of the permission boundary.
Fixes #959

ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
iam_role

Reviewed-by: Markus Bergholz <git@osuv.de>
Reviewed-by: Mark Chappell <None>
(cherry picked from commit e670b34)
@patchback patchback bot mentioned this pull request Mar 16, 2022
Merged
softwarefactory-project-zuul bot pushed a commit that referenced this pull request Mar 16, 2022
@patchback
IAM Role Removal Does Not Require Removal of Permission Boundary (#961)…
71916f8 
… (#999)

[PR #961/e670b348 backport][stable-2] IAM Role Removal Does Not Require Removal of Permission Boundary

This is a backport of PR #961 as merged into main (e670b34).
SUMMARY

Removes unnecessary removal of permission boundary from a role when deleting a role. Unlike inline policies, permission boundaries do not need to be removed from an IAM role before deleting the IAM role. This behavior causes issues when a permission boundary is inherited that prevents removal of the permission boundary.
Fixes #959

ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME
iam_role
softwarefactory-project-zuul bot pushed a commit that referenced this pull request Mar 16, 2022
@patchback
IAM Role Removal Does Not Require Removal of Permission Boundary (#961)…
c088d93 
… (#1000)

[PR #961/e670b348 backport][stable-3] IAM Role Removal Does Not Require Removal of Permission Boundary

This is a backport of PR #961 as merged into main (e670b34).
SUMMARY

Removes unnecessary removal of permission boundary from a role when deleting a role. Unlike inline policies, permission boundaries do not need to be removed from an IAM role before deleting the IAM role. This behavior causes issues when a permission boundary is inherited that prevents removal of the permission boundary.
Fixes #959

ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME
iam_role
@renovate renovate bot mentioned this pull request Apr 6, 2022
Merged
1 task
abikouo pushed a commit to abikouo/community.aws that referenced this pull request Oct 24, 2023
@tremble
Unit test cleanup (ansible-collections#961)
898ade5 
Unit test cleanup

SUMMARY
Speaking to @mattclay, pytest based unit tests are generally considered preferred over unittest based unit tests.  For the sake of having "good" examples in amazon.aws, migrates unittest based tests over to pytest
Additionally:

Moves tests about to reflect module_utils
Cleans up the boto3/botocore test skipping
uses "pytest.raises" rather than try/except blocks
Cleans up unused variables
Cleans up unused imports
fixes s3_object unit test (was trying to import from the old location, redirects don't handle this)

ISSUE TYPE

Feature Pull Request

COMPONENT NAME
tests/units
ADDITIONAL INFORMATION

Reviewed-by: Alina Buzachis <None>
abikouo pushed a commit to abikouo/community.aws that referenced this pull request Oct 24, 2023
@phene @alinabuzachis
IAM Role Removal Does Not Require Removal of Permission Boundary (ans…
6c33cad 
…ible-collections#961)

IAM Role Removal Does Not Require Removal of Permission Boundary

SUMMARY

Removes unnecessary removal of permission boundary from a role when deleting a role. Unlike inline policies, permission boundaries do not need to be removed from an IAM role before deleting the IAM role. This behavior causes issues when a permission boundary is inherited that prevents removal of the permission boundary.
Fixes ansible-collections#959

ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
iam_role

Reviewed-by: Markus Bergholz <git@osuv.de>
Reviewed-by: Mark Chappell <None>

This commit was initially merged in https://github.com/ansible-collections/community.aws
See: ansible-collections@e670b34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tremble tremble tremble approved these changes

@markuman markuman markuman approved these changes

@alinabuzachis alinabuzachis Awaiting requested review from alinabuzachis

Assignees
No one assigned
Labels
backport-2 PR should be backported to the stable-2 branch backport-3 PR should be backported to the stable-3 branch bug This issue/PR relates to a bug community_review mergeit Merge the PR (SoftwareFactory) module module new_contributor Help guide this first time contributor plugins plugin (any type) small_patch Hopefully easy to review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Deleting an IAM Role Should Not Fail if Permission Boundary Cannot Be Removed
4 participants
@phene @ansibullbot @markuman @tremble