Add support for iam:DetachRolePolicy and iam:DeleteRolePolicy. (#1052)

* Add support for iam:DetachRolePolicy and iam:DeleteRolePolicy.

* Raise proper exceptions for iam:DetachRolePolicy and iam:DeleteRolePolicy when the policy doesn't exist.

moto/iam/models.py

@@ -76,6 +76,10 @@ class ManagedPolicy(Policy):
         self.attachment_count += 1
         role.managed_policies[self.name] = self
 
+    def detach_from_role(self, role):
+        self.attachment_count -= 1
+        del role.managed_policies[self.name]
+
 
 class AWSManagedPolicy(ManagedPolicy):
     """AWS-managed policy."""
@@ -120,6 +124,13 @@ class Role(BaseModel):
     def put_policy(self, policy_name, policy_json):
         self.policies[policy_name] = policy_json
 
+    def delete_policy(self, policy_name):
+        try:
+            del self.policies[policy_name]
+        except KeyError:
+            raise IAMNotFoundException(
+                "The role policy with name {0} cannot be found.".format(policy_name))
+
     @property
     def physical_resource_id(self):
         return self.id
@@ -497,6 +508,14 @@ class IAMBackend(BaseBackend):
         policy = arns[policy_arn]
         policy.attach_to_role(self.get_role(role_name))
 
+    def detach_role_policy(self, policy_arn, role_name):
+        arns = dict((p.arn, p) for p in self.managed_policies.values())
+        try:
+            policy = arns[policy_arn]
+            policy.detach_from_role(self.get_role(role_name))
+        except KeyError:
+            raise IAMNotFoundException("Policy {0} was not found.".format(policy_arn))
+
     def create_policy(self, description, path, policy_document, policy_name):
         policy = ManagedPolicy(
             policy_name,
@@ -584,6 +603,10 @@ class IAMBackend(BaseBackend):
         role = self.get_role(role_name)
         role.put_policy(policy_name, policy_json)
 
+    def delete_role_policy(self, role_name, policy_name):
+        role = self.get_role(role_name)
+        role.delete_policy(policy_name)
+
     def get_role_policy(self, role_name, policy_name):
         role = self.get_role(role_name)
         for p, d in role.policies.items():

moto/iam/responses.py

@@ -13,6 +13,13 @@ class IamResponse(BaseResponse):
         template = self.response_template(ATTACH_ROLE_POLICY_TEMPLATE)
         return template.render()
 
+    def detach_role_policy(self):
+        role_name = self._get_param('RoleName')
+        policy_arn = self._get_param('PolicyArn')
+        iam_backend.detach_role_policy(policy_arn, role_name)
+        template = self.response_template(GENERIC_EMPTY_TEMPLATE)
+        return template.render(name="DetachRolePolicyResponse")
+
     def create_policy(self):
         description = self._get_param('Description')
         path = self._get_param('Path')
@@ -82,6 +89,13 @@ class IamResponse(BaseResponse):
         template = self.response_template(GENERIC_EMPTY_TEMPLATE)
         return template.render(name="PutRolePolicyResponse")
 
+    def delete_role_policy(self):
+        role_name = self._get_param('RoleName')
+        policy_name = self._get_param('PolicyName')
+        iam_backend.delete_role_policy(role_name, policy_name)
+        template = self.response_template(GENERIC_EMPTY_TEMPLATE)
+        return template.render(name="DeleteRolePolicyResponse")
+
     def get_role_policy(self):
         role_name = self._get_param('RoleName')
         policy_name = self._get_param('PolicyName')
@@ -446,6 +460,12 @@ ATTACH_ROLE_POLICY_TEMPLATE = """<AttachRolePolicyResponse>
   </ResponseMetadata>
 </AttachRolePolicyResponse>"""
 
+DETACH_ROLE_POLICY_TEMPLATE = """<DetachRolePolicyResponse>
+  <ResponseMetadata>
+    <RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId>
+  </ResponseMetadata>
+</DetachRolePolicyResponse>"""
+
 CREATE_POLICY_TEMPLATE = """<CreatePolicyResponse>
   <CreatePolicyResult>
     <Policy>