Skip to content
This repository has been archived by the owner. It is now read-only.

Commit

Permalink
Allow not specifying a policy for a role
Browse files Browse the repository at this point in the history 
Signed-off-by: Alexey Ermakov <alexey.ermakov@zalando.de>
  • Loading branch information
@aermakov-zalando
aermakov-zalando committed Apr 16, 2021
1 parent 026a806 commit 5ab535f
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions sevenseconds/config/iam.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,10 +84,10 @@ def configure_iam_policy(account: AccountData):

expected_policy_document = json.loads(
json.dumps(role_cfg.get('policy')).replace('{account_id}', account.id))
expected_policies = {role_name: expected_policy_document} if expected_policy_document else {}
policies = {p.policy_name: p.policy_document for p in role.policies.all()}
expected_policies = {role_name: expected_policy_document}
if policies != expected_policies:
with ActionOnExit('Updating policy for role {role_name}..', **vars()):
with ActionOnExit('Updating policy for role {role_name}..', **vars()) as act:
for name, document in expected_policies.items():
iam.RolePolicy(role_name, name).put(PolicyDocument=json.dumps(document))
for policy_name in policies:
Expand Down

0 comments on commit 5ab535f

Please sign in to comment.