Add iam remove_role_from_instance_profile. Closes #563.

2016-05-04 22:25:46 -04:00 · 2016-05-04 22:25:46 -04:00 · 68de6feb01
commit 68de6feb01
parent 8ce2d3c8bf
3 changed files with 38 additions and 0 deletions
--- a/moto/iam/models.py
+++ b/moto/iam/models.py
@ -299,6 +299,11 @@ class IAMBackend(BaseBackend):
        role = self.get_role(role_name)
        profile.roles.append(role)

+    def remove_role_from_instance_profile(self, profile_name, role_name):
+        profile = self.get_instance_profile(profile_name)
+        role = self.get_role(role_name)
+        profile.roles.remove(role)
+
    def get_all_server_certs(self, marker=None):
        return self.certificates.values()

--- a/moto/iam/responses.py
+++ b/moto/iam/responses.py
@ -75,6 +75,14 @@ class IamResponse(BaseResponse):
        template = self.response_template(ADD_ROLE_TO_INSTANCE_PROFILE_TEMPLATE)
        return template.render()

+    def remove_role_from_instance_profile(self):
+        profile_name = self._get_param('InstanceProfileName')
+        role_name = self._get_param('RoleName')
+
+        iam_backend.remove_role_from_instance_profile(profile_name, role_name)
+        template = self.response_template(REMOVE_ROLE_FROM_INSTANCE_PROFILE_TEMPLATE)
+        return template.render()
+
    def list_roles(self):
        roles = iam_backend.get_roles()

@ -349,6 +357,12 @@ ADD_ROLE_TO_INSTANCE_PROFILE_TEMPLATE = """<AddRoleToInstanceProfileResponse xml
  </ResponseMetadata>
 </AddRoleToInstanceProfileResponse>"""

+REMOVE_ROLE_FROM_INSTANCE_PROFILE_TEMPLATE = """<RemoveRoleFromInstanceProfileResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
+  <ResponseMetadata>
+    <RequestId>12657608-99f2-11e1-a4c3-27EXAMPLE804</RequestId>
+  </ResponseMetadata>
+</RemoveRoleFromInstanceProfileResponse>"""
+
 LIST_ROLES_TEMPLATE = """<ListRolesResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
  <ListRolesResult>
    <IsTruncated>false</IsTruncated>
--- a/tests/test_iam/test_iam.py
+++ b/tests/test_iam/test_iam.py
@ -40,6 +40,7 @@ def test_upload_server_cert():
    cert.server_certificate_name.should.equal("certname")
    cert.arn.should.equal("arn:aws:iam::123456789012:server-certificate/certname")

+
@mock_iam()
@raises(BotoServerError)
 def test_get_role__should_throw__when_role_does_not_exist():
@ -47,6 +48,7 @@ def test_get_role__should_throw__when_role_does_not_exist():

    conn.get_role('unexisting_role')

+
@mock_iam()
 def test_create_role_and_instance_profile():
    conn = boto.connect_iam()
@ -68,6 +70,23 @@ def test_create_role_and_instance_profile():
    conn.list_roles().roles[0].role_name.should.equal('my-role')


+@mock_iam()
+def test_remove_role_from_instance_profile():
+    conn = boto.connect_iam()
+    conn.create_instance_profile("my-profile", path="my-path")
+    conn.create_role("my-role", assume_role_policy_document="some policy", path="my-path")
+    conn.add_role_to_instance_profile("my-profile", "my-role")
+
+    profile = conn.get_instance_profile("my-profile")
+    role_from_profile = list(profile.roles.values())[0]
+    role_from_profile['role_name'].should.equal("my-role")
+
+    conn.remove_role_from_instance_profile("my-profile", "my-role")
+
+    profile = conn.get_instance_profile("my-profile")
+    dict(profile.roles).should.be.empty
+
+
@mock_iam()
 def test_list_instance_profiles():
    conn = boto.connect_iam()