IAM - Add Validation on duplicate role names

2019-11-11 08:21:42 +00:00 · 2019-11-11 08:21:42 +00:00 · 422bca8e90
commit 422bca8e90
parent e750e3ace0
2 changed files with 25 additions and 0 deletions
--- a/moto/iam/models.py
+++ b/moto/iam/models.py
@ -898,6 +898,10 @@ class IAMBackend(BaseBackend):
                    permissions_boundary
                ),
            )
+        if [role for role in self.get_roles() if role.name == role_name]:
+            raise EntityAlreadyExists(
+                "Role with name {0} already exists.".format(role_name)
+            )

        clean_tags = self._tag_verification(tags)
        role = Role(
--- a/tests/test_iam/test_iam.py
+++ b/tests/test_iam/test_iam.py
@ -18,6 +18,7 @@ from nose.tools import raises

 from datetime import datetime
 from tests.helpers import requires_boto_gte
+from uuid import uuid4


 MOCK_CERT = """-----BEGIN CERTIFICATE-----
@ -2050,6 +2051,26 @@ def test_create_role_with_permissions_boundary():
    conn.list_roles().get("Roles")[0].get("PermissionsBoundary").should.equal(expected)


+@mock_iam
+def test_create_role_with_same_name_should_fail():
+    iam = boto3.client("iam", region_name="us-east-1")
+    test_role_name = str(uuid4())
+    iam.create_role(
+        RoleName=test_role_name, AssumeRolePolicyDocument="policy", Description="test"
+    )
+    # Create the role again, and verify that it fails
+    with assert_raises(ClientError) as err:
+        iam.create_role(
+            RoleName=test_role_name,
+            AssumeRolePolicyDocument="policy",
+            Description="test",
+        )
+    err.exception.response["Error"]["Code"].should.equal("EntityAlreadyExists")
+    err.exception.response["Error"]["Message"].should.equal(
+        "Role with name {0} already exists.".format(test_role_name)
+    )
+
+
@mock_iam
 def test_create_open_id_connect_provider():
    client = boto3.client("iam", region_name="us-east-1")