D6284: automation: detach policies before deleting role
indygreg (Gregory Szorc)
phabricator at mercurial-scm.org
Fri Apr 19 12:20:55 UTC 2019
indygreg created this revision.
Herald added a subscriber: mercurial-devel.
Herald added a reviewer: hg-reviewers.
REVISION SUMMARY
You can't delete an IAM role that has attached policies.
With this change, the purge-ec2-resources command now works.
REPOSITORY
rHG Mercurial
REVISION DETAIL
https://phab.mercurial-scm.org/D6284
AFFECTED FILES
contrib/automation/hgautomation/aws.py
CHANGE DETAILS
diff --git a/contrib/automation/hgautomation/aws.py b/contrib/automation/hgautomation/aws.py
--- a/contrib/automation/hgautomation/aws.py
+++ b/contrib/automation/hgautomation/aws.py
@@ -505,6 +505,10 @@
for role in iamresource.roles.all():
if role.name.startswith(prefix):
+ for p in role.attached_policies.all():
+ print('detaching policy %s from %s' % (p.arn, role.name))
+ role.detach_policy(PolicyArn=p.arn)
+
print('removing role %s' % role.name)
role.delete()
To: indygreg, #hg-reviewers
Cc: mercurial-devel
More information about the Mercurial-devel
mailing list