From 5aa652c6fdfe97d01990ba977e9bf515ce70280c Mon Sep 17 00:00:00 2001
From: Kalle Lehtonen <kjl@iki.fi>
Date: Tue, 5 Apr 2016 16:55:49 +0300
Subject: [PATCH] Fix and add more error handling for role policies

In case role policy was deleted, we did not handle at all if there

was authorization issue to do the deletion. Also add message when

role is not found and the policy is skipped.
---
 cloud/amazon/iam_policy.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/cloud/amazon/iam_policy.py b/cloud/amazon/iam_policy.py
index 700cd5b2007..35c9d4e6cc8 100644
--- a/cloud/amazon/iam_policy.py
+++ b/cloud/amazon/iam_policy.py
@@ -184,7 +184,7 @@ def role_action(module, iam, name, policy_name, skip, pdoc, state):
   except boto.exception.BotoServerError as e:
     if e.error_code == "NoSuchEntity":
       # Role doesn't exist so it's safe to assume the policy doesn't either
-      module.exit_json(changed=False)
+      module.exit_json(changed=False, msg="No such role, policy will be skipped.")
     else:
       module.fail_json(msg=e.message)
 
@@ -211,6 +211,8 @@ def role_action(module, iam, name, policy_name, skip, pdoc, state):
           changed = False
           module.exit_json(changed=changed,
                            msg="%s policy is already absent" % policy_name)
+        else:
+          module.fail_json(msg=err.message)
 
     updated_policies = [cp for cp in iam.list_role_policies(name).
                                         list_role_policies_result.