Improve iam_group exception handling (#45599)

* Improve iam_group exception handling Use AnsibleAWSModule for iam_group and handle BotoCoreErrors as well as ClientErrors. Use fail_json_aws to improve error messages * Add minimal iam_group test suite Update some of the read-only IAM permissions (this is not sufficient to run the test suite but it gets further than it did until it tries to add a (non-existent) user) * Clean up after tests
2025-07-22 21:00:22 -07:00 · 2018-09-18 09:53:44 +10:00 · 2018-09-18 09:53:44 +10:00 · d2569a3f7d
commit d2569a3f7d
parent 5c49641798
4 changed files with 115 additions and 78 deletions
--- a/hacking/aws_config/testing_policies/security-policy.json
+++ b/hacking/aws_config/testing_policies/security-policy.json
@ -3,12 +3,16 @@
    "Statement": [
        {
            "Action": [
+                "iam:GetGroup",
                "iam:GetInstanceProfile",
                "iam:GetPolicy",
                "iam:GetPolicyVersion",
                "iam:GetRole",
                "iam:GetRolePolicy",
+                "iam:GetUser",
+                "iam:ListAttachedGroupPolicies",
                "iam:ListAttachedRolePolicies",
+                "iam:ListAttachedUserPolicies",
                "iam:ListGroups",
                "iam:ListInstanceProfiles",
                "iam:ListInstanceProfilesForRole",