From 03abce2d39a1ff4ad5d1f7f8d916ba33a3be44d5 Mon Sep 17 00:00:00 2001
From: Will Thames <will@thames.id.au>
Date: Mon, 16 Oct 2017 23:42:43 +1000
Subject: [PATCH] Add pagination for IAM group API calls (#31554)

get_group and list_attached_policies_for_groups can be paginated
so add pagination handling.

Fixes #31545
---
 lib/ansible/modules/cloud/amazon/iam_group.py | 50 +++++++++++++------
 1 file changed, 36 insertions(+), 14 deletions(-)

diff --git a/lib/ansible/modules/cloud/amazon/iam_group.py b/lib/ansible/modules/cloud/amazon/iam_group.py
index 1d29bf6f720..2f4292c2eaa 100644
--- a/lib/ansible/modules/cloud/amazon/iam_group.py
+++ b/lib/ansible/modules/cloud/amazon/iam_group.py
@@ -160,7 +160,7 @@ users:
 
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ec2 import camel_dict_to_snake_dict, ec2_argument_spec, get_aws_connection_info, boto3_conn
-from ansible.module_utils.ec2 import HAS_BOTO3
+from ansible.module_utils.ec2 import HAS_BOTO3, AWSRetry
 
 import traceback
 
@@ -227,7 +227,11 @@ def create_or_update_group(connection, module):
     changed = False
 
     # Get group
-    group = get_group(connection, module, params['GroupName'])
+    try:
+        group = get_group(connection, module, params['GroupName'])
+    except ClientError as e:
+        module.fail_json(msg=e.message, exception=traceback.format_exc(),
+                         **camel_dict_to_snake_dict(e.response))
 
     # If group is None, create it
     if group is None:
@@ -273,7 +277,12 @@ def create_or_update_group(connection, module):
         changed = True
 
     # Manage group memberships
-    current_group_members = get_group(connection, module, params['GroupName'])['Users']
+    try:
+        current_group_members = get_group(connection, module, params['GroupName'])['Users']
+    except ClientError as e:
+        module.fail_json(msg=e.message, exception=traceback.format_exc(),
+                         **camel_dict_to_snake_dict(e.response))
+
     current_group_members_list = []
     for member in current_group_members:
         current_group_members_list.append(member['UserName'])
@@ -303,7 +312,11 @@ def create_or_update_group(connection, module):
         changed = True
 
     # Get the group again
-    group = get_group(connection, module, params['GroupName'])
+    try:
+        group = get_group(connection, module, params['GroupName'])
+    except ClientError as e:
+        module.fail_json(msg=e.message, exception=traceback.format_exc(),
+                         **camel_dict_to_snake_dict(e.response))
 
     module.exit_json(changed=changed, iam_group=camel_dict_to_snake_dict(group))
 
@@ -313,7 +326,12 @@ def destroy_group(connection, module):
     params = dict()
     params['GroupName'] = module.params.get('name')
 
-    if get_group(connection, module, params['GroupName']):
+    try:
+        group = get_group(connection, module, params['GroupName'])
+    except ClientError as e:
+        module.fail_json(msg=e.message, exception=traceback.format_exc(),
+                         **camel_dict_to_snake_dict(e.response))
+    if group:
 
         # Remove any attached policies otherwise deletion fails
         try:
@@ -327,7 +345,11 @@ def destroy_group(connection, module):
 
         # Remove any users in the group otherwise deletion fails
         current_group_members_list = []
-        current_group_members = get_group(connection, module, params['GroupName'])['Users']
+        try:
+            current_group_members = get_group(connection, module, params['GroupName'])['Users']
+        except ClientError as e:
+            module.fail_json(msg=e.message, exception=traceback.format_exc(),
+                             **camel_dict_to_snake_dict(e.response))
         for member in current_group_members:
             current_group_members_list.append(member['UserName'])
         for user in current_group_members_list:
@@ -353,29 +375,29 @@ def destroy_group(connection, module):
     module.exit_json(changed=True)
 
 
+@AWSRetry.exponential_backoff()
 def get_group(connection, module, name):
-
-    params = dict()
-    params['GroupName'] = name
-
     try:
-        return connection.get_group(**params)
+        paginator = connection.get_paginator('get_group')
+        return paginator.paginate(GroupName=name).build_full_result()
     except ClientError as e:
         if e.response['Error']['Code'] == 'NoSuchEntity':
             return None
         else:
-            module.fail_json(msg=e.message, **camel_dict_to_snake_dict(e.response))
+            raise
 
 
+@AWSRetry.exponential_backoff()
 def get_attached_policy_list(connection, module, name):
 
     try:
-        return connection.list_attached_group_policies(GroupName=name)['AttachedPolicies']
+        paginator = connection.get_paginator('list_attached_group_policies')
+        return paginator.paginate(GroupName=name).build_full_result()['AttachedPolicies']
     except ClientError as e:
         if e.response['Error']['Code'] == 'NoSuchEntity':
             return None
         else:
-            module.fail_json(msg=e.message, **camel_dict_to_snake_dict(e.response))
+            raise
 
 
 def main():