Add the option to pass a string as policy

pull/18777/head
Michael Weinrich 10 years ago committed by Matt Clay
parent 869da89b35
commit a0466f1f8d

@ -40,7 +40,12 @@ options:
aliases: [] aliases: []
policy_document: policy_document:
description: description:
- The path to the properly json formatted policy file - The path to the properly json formatted policy file (mutually exclusive with C(policy_json))
required: false
aliases: []
policy_json:
description:
- A properly json formatted policy as string (mutually exclusive with C(policy_document), see https://github.com/ansible/ansible/issues/7005#issuecomment-42894813 on how to use it properly)
required: false required: false
aliases: [] aliases: []
state: state:
@ -109,6 +114,19 @@ task:
state: present state: present
with_items: new_groups.results with_items: new_groups.results
# Create a new S3 policy with prefix per user
tasks:
- name: Create S3 policy from template
iam_policy:
iam_type: user
iam_name: "{{ item.user }}"
policy_name: "s3_limited_access_{{ item.s3_user_prefix }}"
state: present
policy_json: " {{ lookup( 'template', 's3_policy.json.j2') }} "
with_items:
- user: s3_user
prefix: s3_user_prefix
''' '''
import json import json
import urllib import urllib
@ -271,6 +289,7 @@ def main():
iam_name=dict(default=None, required=False), iam_name=dict(default=None, required=False),
policy_name=dict(default=None, required=True), policy_name=dict(default=None, required=True),
policy_document=dict(default=None, required=False), policy_document=dict(default=None, required=False),
policy_json=dict(type='str', default=None, required=False),
skip_duplicates=dict(type='bool', default=True, required=False) skip_duplicates=dict(type='bool', default=True, required=False)
)) ))
@ -284,10 +303,19 @@ def main():
name = module.params.get('iam_name') name = module.params.get('iam_name')
policy_name = module.params.get('policy_name') policy_name = module.params.get('policy_name')
skip = module.params.get('skip_duplicates') skip = module.params.get('skip_duplicates')
if module.params.get('policy_document') != None and module.params.get('policy_json') != None:
module.fail_json(msg='Only one of "policy_document" or "policy_json" may be set')
if module.params.get('policy_document') != None: if module.params.get('policy_document') != None:
with open(module.params.get('policy_document'), 'r') as json_data: with open(module.params.get('policy_document'), 'r') as json_data:
pdoc = json.dumps(json.load(json_data)) pdoc = json.dumps(json.load(json_data))
json_data.close() json_data.close()
elif module.params.get('policy_json') != None:
try:
pdoc = json.dumps(json.loads(module.params.get('policy_json')))
except Exception as e:
module.fail_json(msg=str(e) + '\n' + module.params.get('policy_json'))
else: else:
pdoc=None pdoc=None

Loading…
Cancel
Save