From 5ab535f83f63144d2aeb6f3719c8d899ab94412d Mon Sep 17 00:00:00 2001 From: Alexey Ermakov Date: Fri, 16 Apr 2021 10:24:35 +0200 Subject: [PATCH] Allow not specifying a policy for a role Signed-off-by: Alexey Ermakov --- sevenseconds/config/iam.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sevenseconds/config/iam.py b/sevenseconds/config/iam.py index d8a5e0e..c6c85d7 100644 --- a/sevenseconds/config/iam.py +++ b/sevenseconds/config/iam.py @@ -84,10 +84,10 @@ def configure_iam_policy(account: AccountData): expected_policy_document = json.loads( json.dumps(role_cfg.get('policy')).replace('{account_id}', account.id)) + expected_policies = {role_name: expected_policy_document} if expected_policy_document else {} policies = {p.policy_name: p.policy_document for p in role.policies.all()} - expected_policies = {role_name: expected_policy_document} if policies != expected_policies: - with ActionOnExit('Updating policy for role {role_name}..', **vars()): + with ActionOnExit('Updating policy for role {role_name}..', **vars()) as act: for name, document in expected_policies.items(): iam.RolePolicy(role_name, name).put(PolicyDocument=json.dumps(document)) for policy_name in policies: