memberships.py 文件源码-python代码片段

memberships.py 文件源码

python

阅读 24 收藏 0 点赞 0 评论 0

项目：analytics-platform-ops 作者: ministryofjustice 项目源码文件源码

def detach_bucket_policies(event, context):
    """
    Detaches the team bucket IAM policies from the user's IAM role

    event = {
        "user": {"username": "alice"},
        "team": {"slug": "justice-league"}
    }
    """

    username = event["user"]["username"]
    team_slug = event["team"]["slug"]

    client = boto3.client("iam")
    errors = []
    for policy_type in [POLICY_READ_WRITE, POLICY_READ_ONLY]:
        # Be sure we detach all policies without stopping early
        try:
            client.detach_role_policy(
                RoleName=naming.role_name(username),
                PolicyArn=policy_arn(team_slug, policy_type),
            )
        except botocore.exceptions.ClientError as error:
            # Ignoring this error raised when detaching a policy not attached
            if error.response["Error"]["Code"] != "NoSuchEntity":
                errors.append(error)
        except Exception as error:
            # Other exceptions are saved and raised after the loop
            errors.append(error)

    if errors:
        message = "One or more errors occurred while detaching policies from role: {}".format(
            errors)
        LOG.error(message)
        raise Exception(message)