Add support for iam:DetachRolePolicy and iam:DeleteRolePolicy. (#1052)

* Add support for iam:DetachRolePolicy and iam:DeleteRolePolicy. * Raise proper exceptions for iam:DetachRolePolicy and iam:DeleteRolePolicy when the policy doesn't exist.
2017-08-13 21:58:11 -07:00 · 2017-08-13 21:58:11 -07:00 · 672604d3e7
commit 672604d3e7
parent 9ebcaf561e
3 changed files with 81 additions and 0 deletions
--- a/moto/iam/models.py
+++ b/moto/iam/models.py
@ -76,6 +76,10 @@ class ManagedPolicy(Policy):
        self.attachment_count += 1
        role.managed_policies[self.name] = self

+    def detach_from_role(self, role):
+        self.attachment_count -= 1
+        del role.managed_policies[self.name]
+

 class AWSManagedPolicy(ManagedPolicy):
    """AWS-managed policy."""
@ -120,6 +124,13 @@ class Role(BaseModel):
    def put_policy(self, policy_name, policy_json):
        self.policies[policy_name] = policy_json

+    def delete_policy(self, policy_name):
+        try:
+            del self.policies[policy_name]
+        except KeyError:
+            raise IAMNotFoundException(
+                "The role policy with name {0} cannot be found.".format(policy_name))
+
    @property
    def physical_resource_id(self):
        return self.id
@ -497,6 +508,14 @@ class IAMBackend(BaseBackend):
        policy = arns[policy_arn]
        policy.attach_to_role(self.get_role(role_name))

+    def detach_role_policy(self, policy_arn, role_name):
+        arns = dict((p.arn, p) for p in self.managed_policies.values())
+        try:
+            policy = arns[policy_arn]
+            policy.detach_from_role(self.get_role(role_name))
+        except KeyError:
+            raise IAMNotFoundException("Policy {0} was not found.".format(policy_arn))
+
    def create_policy(self, description, path, policy_document, policy_name):
        policy = ManagedPolicy(
            policy_name,
@ -584,6 +603,10 @@ class IAMBackend(BaseBackend):
        role = self.get_role(role_name)
        role.put_policy(policy_name, policy_json)

+    def delete_role_policy(self, role_name, policy_name):
+        role = self.get_role(role_name)
+        role.delete_policy(policy_name)
+
    def get_role_policy(self, role_name, policy_name):
        role = self.get_role(role_name)
        for p, d in role.policies.items():