Adding support for specifying a PermissionsBoundary ARN in calls to i… (#2182)

* Adding support for specifying a PermissionsBoundary ARN in calls to iam.create_role Closes #2181 * Correcting whitespace error * Adding support for Role PermissionsBoundary to be returned from calls to list_roles * Raise ClientError when a bad permissions boundary ARN is supplied
2019-05-21 12:44:06 -04:00 · 2019-05-21 12:44:06 -04:00 · b8ba7980a0
commit b8ba7980a0
parent 33efe07b43
3 changed files with 45 additions and 6 deletions
--- a/moto/iam/responses.py
+++ b/moto/iam/responses.py
@ -175,9 +175,11 @@ class IamResponse(BaseResponse):
        path = self._get_param('Path')
        assume_role_policy_document = self._get_param(
            'AssumeRolePolicyDocument')
+        permissions_boundary = self._get_param(
+            'PermissionsBoundary')

        role = iam_backend.create_role(
-            role_name, assume_role_policy_document, path)
+            role_name, assume_role_policy_document, path, permissions_boundary)
        template = self.response_template(CREATE_ROLE_TEMPLATE)
        return template.render(role=role)

@ -1000,6 +1002,12 @@ CREATE_ROLE_TEMPLATE = """<CreateRoleResponse xmlns="https://iam.amazonaws.com/d
      <AssumeRolePolicyDocument>{{ role.assume_role_policy_document }}</AssumeRolePolicyDocument>
      <CreateDate>{{ role.create_date }}</CreateDate>
      <RoleId>{{ role.id }}</RoleId>
+      {% if role.permissions_boundary %}
+      <PermissionsBoundary>
+          <PermissionsBoundaryType>PermissionsBoundaryPolicy</PermissionsBoundaryType>
+          <PermissionsBoundaryArn>{{ role.permissions_boundary }}</PermissionsBoundaryArn>
+      </PermissionsBoundary>
+      {% endif %}
    </Role>
  </CreateRoleResult>
  <ResponseMetadata>
@ -1102,6 +1110,12 @@ LIST_ROLES_TEMPLATE = """<ListRolesResponse xmlns="https://iam.amazonaws.com/doc
        <AssumeRolePolicyDocument>{{ role.assume_role_policy_document }}</AssumeRolePolicyDocument>
        <CreateDate>{{ role.create_date }}</CreateDate>
        <RoleId>{{ role.id }}</RoleId>
+        {% if role.permissions_boundary %}
+        <PermissionsBoundary>
+          <PermissionsBoundaryType>PermissionsBoundaryPolicy</PermissionsBoundaryType>
+          <PermissionsBoundaryArn>{{ role.permissions_boundary }}</PermissionsBoundaryArn>
+        </PermissionsBoundary>
+        {% endif %}
      </member>
      {% endfor %}
    </Roles>