VhN:dZdZdZddlmZddlmZddlmZddlmZddlmZdd lm Z dd l m Z dd l m Z ejd d ZdZdZdZdZdZdZejddZdZej0ddZej4de j6dZdZedk(reyy)a --- module: iam_group version_added: 1.0.0 version_added_collection: community.aws short_description: Manage AWS IAM groups description: - Manage AWS IAM groups. author: - Nick Aslanidis (@naslanidis) - Maksym Postument (@infectsoldier) options: name: description: - The name of the group. - >- Note: Group names are unique within an account. Paths (O(path)) do B(not) affect the uniqueness requirements of O(name). For example it is not permitted to have both C(/Path1/MyGroup) and C(/Path2/MyGroup) in the same account. - The alias O(group_name) was added in release 7.2.0. required: true aliases: ['group_name'] type: str path: description: - The group path. - For more information about IAM paths, see the AWS IAM identifiers documentation U(https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html). aliases: ['prefix', 'path_prefix'] version_added: 7.1.0 type: str managed_policies: description: - A list of managed policy ARNs or friendly names to attach to the role. - If known, it is recommended to use ARNs rather than friendly names to avoid additional lookups. - To embed an inline policy, use M(amazon.aws.iam_policy). required: false type: list elements: str default: [] aliases: ['managed_policy'] users: description: - A list of existing users to add as members of the group. required: false type: list elements: str default: [] state: description: - Create or remove the IAM group. required: true choices: [ 'present', 'absent' ] type: str purge_policies: description: - When O(purge_policies=true) any managed policies not listed in O(managed_policies) will be detatched. required: false default: false type: bool aliases: ['purge_policy', 'purge_managed_policies'] purge_users: description: - When O(purge_users=true) users which are not included in I(users) will be detached. required: false default: false type: bool extends_documentation_fragment: - amazon.aws.common.modules - amazon.aws.region.modules - amazon.aws.boto3 ak # Note: These examples do not set authentication details, see the AWS Guide for details. - name: Create a group amazon.aws.iam_group: name: testgroup1 state: present - name: Create a group and attach a managed policy using its ARN amazon.aws.iam_group: name: testgroup1 managed_policies: - arn:aws:iam::aws:policy/AmazonSNSFullAccess state: present - name: Create a group with users as members and attach a managed policy using its ARN amazon.aws.iam_group: name: testgroup1 managed_policies: - arn:aws:iam::aws:policy/AmazonSNSFullAccess users: - test_user1 - test_user2 state: present - name: Remove all managed policies from an existing group with an empty list amazon.aws.iam_group: name: testgroup1 state: present purge_policies: true - name: Remove all group members from an existing group amazon.aws.iam_group: name: testgroup1 managed_policies: - arn:aws:iam::aws:policy/AmazonSNSFullAccess purge_users: true state: present - name: Delete the group amazon.aws.iam_group: name: testgroup1 state: absent a iam_group: description: Dictionary containing all the group information including group membership. returned: success type: complex contains: group: description: Dictionary containing all the group information. returned: success type: complex contains: arn: description: The Amazon Resource Name (ARN) specifying the group. type: str sample: "arn:aws:iam::1234567890:group/testgroup1" create_date: description: The date and time, in ISO 8601 date-time format, when the group was created. type: str sample: "2017-02-08T04:36:28+00:00" group_id: description: The stable and unique string identifying the group. type: str sample: AGPA12345EXAMPLE54321 group_name: description: The friendly name that identifies the group. type: str sample: testgroup1 path: description: The path to the group. type: str sample: / users: description: List containing all the group members. returned: success type: complex contains: arn: description: The Amazon Resource Name (ARN) specifying the user. type: str sample: "arn:aws:iam::1234567890:user/test_user1" create_date: description: The date and time, in ISO 8601 date-time format, when the user was created. type: str sample: "2017-02-08T04:36:28+00:00" user_id: description: The stable and unique string identifying the user. type: str sample: AIDA12345EXAMPLE54321 user_name: description: The friendly name that identifies the user. type: str sample: testgroup1 path: description: The path to the user. type: str sample: / attached_policies: version_added: 7.1.0 description: - List containing basic information about managed policies attached to the group. returned: success type: complex contains: policy_arn: description: The Amazon Resource Name (ARN) specifying the managed policy. type: str sample: "arn:aws:iam::123456789012:policy/test_policy" policy_name: description: The friendly name that identifies the policy. type: str sample: test_policy )AnsibleIAMError)IAMErrorHandler)$convert_managed_policy_names_to_arns) get_iam_group)normalize_iam_group)validate_iam_identifiers)AnsibleAWSModule)AWSRetryzupdate group pathc|y|djd|k(ry|jry|jd|dd|y)NFGroupPathT GroupName) aws_retryrNewPath)get check_mode update_group) connectionmodule group_infopaths h/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/amazon/aws/plugins/modules/iam_group.py ensure_pathrs\ |'v&$. W%k2 cv|D]4}tjd|d|jd||6y)Nzdetach policy from groupTrr PolicyArn)rdeletion_error_handlerdetach_group_policyrr group_namepolicies policy_arns rdetach_policiesr%sLF  X.. |;/WX  * * J* FFrcv|D]4}tjd|d|jd||6y)Nzattach policy to groupTr)rcommon_error_handlerattach_group_policyr!s rattach_policiesr*sE tT,,~j\-STU_UsUstjJ  rcb|y|r t||}|dd}t|||}|Dcgc]}|d }}tt|t|z } g} |r tt|t|z } | s| sy|jryt |||| t |||| ycc}w)NFr rrT)rget_attached_policy_listlistsetrr%r*) rrrmanaged_policiespurge_policiesr"current_attached_policies_descpolicycurrent_attached_policiespolicies_to_addpolicies_to_removes rensure_managed_policiesr6s? L\]G$[1J%=j&R\%]"Ca b !4 b b3/037P3QQRO!#&?"@3GWCX"XY #5 J 4FGJ OD !!cs B,cv|D]4}tjd|d|jd||6y)Nz add user r'TrrUserName)rr(add_user_to_grouprrr"membersusers radd_group_membersr>sD gI,,yi-HI*JfJfgj4  rcv|D]4}tjd|d|jd||6y)Nz remove user rTr8)rrremove_user_from_groupr;s rremove_group_membersrAsE sP..dV;/OPQ[QrQrsj4  rc2|y|dd}|dDcgc]}|d }}tt|t|z }g} |r tt|t|z } |s| sy|jryt||||t |||| ycc}w)NFr rUsersr9T)r-r.rr>rA) rrrusers purge_usersr"membercurrent_group_membersmembers_to_addmembers_to_removes rensure_group_membersrJs }G$[1J>H>QRFVJ/RR#e*s+@'AABN %:!;c%j!HI "3 j&*nEVZ9JK !Ss Bz create groupct||}|rd|fSd|i}|||d<|jr|jd||jdddi|}d|vrg|d<d|fS) NFrr T)changed create_paramsrrC)rr exit_json create_group)rrr"rgroupparamss rget_or_create_grouprS5s *j 1E e|: &F vV< #J # # =d =f =Eeg ;rc *t|||jd|jd\}}|t||||jdz}|t||||jd|jdz}|t ||||jd|jdz}|j r|j |t||jd}t|||jd}||d<|j |t| y) Nnamerr/r0rDrErLAttachedPolicies)rL iam_group) rSrRrr6rJrrOrr,r)rrrLrr#s rcreate_or_update_grouprYKs0-j&&--PVBWY_YfYfgmYnoGZ { f G & () &' G # g m$ G)z6==+@AJ' FFMM&rArJrSrYrr^list_error_handlerr~r,r__name__rNrrrsH T+ ZG RTShQW\XP&%%&9:;$F :  0&%%n56*%QP(''7#8#4$##$EFVGV &F zFr