Corrected bug in IAM delete_role() due to overloading of name 'role' … (#3019)

* Corrected bug in IAM delete_role() due to overloading of name 'role' in function * PR-requested fixes: added region to tests boto client create, reformatted with black Co-authored-by: Joseph Weitekamp <jweite@amazon.com>
2020-05-27 12:00:28 -04:00 · 2020-05-27 12:00:28 -04:00 · b7a1b666a8
commit b7a1b666a8
parent 97a6e8d9e8
2 changed files with 35 additions and 2 deletions
--- a/moto/iam/models.py
+++ b/moto/iam/models.py
@ -1148,8 +1148,8 @@ class IAMBackend(BaseBackend):
    def delete_role(self, role_name):
        role = self.get_role(role_name)
        for instance_profile in self.get_instance_profiles():
-            for role in instance_profile.roles:
-                if role.name == role_name:
+            for profile_role in instance_profile.roles:
+                if profile_role.name == role_name:
                    raise IAMConflictException(
                        code="DeleteConflict",
                        message="Cannot delete entity, must remove roles from instance profile first.",
--- a/tests/test_iam/test_iam.py
+++ b/tests/test_iam/test_iam.py
@ -2815,3 +2815,36 @@ def test_list_user_tags():
        [{"Key": "Stan", "Value": "The Caddy"}, {"Key": "like-a", "Value": "glove"}]
    )
    response["IsTruncated"].should_not.be.ok
+
+
+@mock_iam()
+def test_delete_role_with_instance_profiles_present():
+    iam = boto3.client("iam", region_name="us-east-1")
+
+    trust_policy = """
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Principal": {
+            "Service": "ec2.amazonaws.com"
+          },
+          "Action": "sts:AssumeRole"
+        }
+      ]
+    }
+        """
+    trust_policy = trust_policy.strip()
+
+    iam.create_role(RoleName="Role1", AssumeRolePolicyDocument=trust_policy)
+    iam.create_instance_profile(InstanceProfileName="IP1")
+    iam.add_role_to_instance_profile(InstanceProfileName="IP1", RoleName="Role1")
+
+    iam.create_role(RoleName="Role2", AssumeRolePolicyDocument=trust_policy)
+
+    iam.delete_role(RoleName="Role2")
+
+    role_names = [role["RoleName"] for role in iam.list_roles()["Roles"]]
+    assert "Role1" in role_names
+    assert "Role2" not in role_names