private static void cleanUpIAM(Regions testRegion, String testResourcePrefix, Date createdBeforeThreshold, AWSCredentialsProvider awsCredentials) { AmazonIdentityManagement iamClient = AmazonIdentityManagementClientBuilder.standard() .withCredentials(awsCredentials) .withRegion(testRegion) .build(); IAMPolicyManager iamPolicyManager = IAMPolicyManager.fromCredentials(awsCredentials, new ClientConfiguration()); LOG.info("Cleaning IAM policies..."); ListPoliciesRequest listPoliciesRequest = new ListPoliciesRequest().withPathPrefix(IAMPolicyManager.PATH_PREFIX); List<Policy> policies = iamClient.listPolicies(listPoliciesRequest).getPolicies(); for (Policy policy: policies) { if (policy.getPolicyName().startsWith(testResourcePrefix) && policy.getCreateDate().before(createdBeforeThreshold)) { LOG.info("Cleaning up policy: " + policy.getPolicyName()); IAMPolicyName iamPolicyName = IAMPolicyName.fromString(policy.getPolicyName()); iamPolicyManager.detachAllPrincipals(iamPolicyName.group); DeletePolicyRequest deletePolicyRequest = new DeletePolicyRequest().withPolicyArn(policy.getArn()); iamClient.deletePolicy(deletePolicyRequest); } } LOG.info("Cleaning IAM roles created for the assume role tests..."); ListRolesRequest listRolesRequest = new ListRolesRequest().withPathPrefix(IAMHelper.PATH); List<Role> roles = iamClient.listRoles(listRolesRequest).getRoles(); for (Role role: roles) { if (role.getRoleName().startsWith(AssumedRoleTestContext.ROLE_PREFIX) && role.getCreateDate().before(createdBeforeThreshold)) { LOG.info("Cleaning up role: " + role.getRoleName()); DeleteRoleRequest deleteRoleRequest = new DeleteRoleRequest().withRoleName(role.getRoleName()); iamClient.deleteRole(deleteRoleRequest); } } }
@Override public void execute(Context context) throws Exception { String name = resource.remoteInstanceProfile.getInstanceProfileName(); logger.info("delete instance profile and related role and policy, name={}", name); if (!resource.remoteInstanceProfile.getRoles().isEmpty()) { // if the associated role doesn't exist anymore, skip to delete (this is not expected state, cmn create role for every instance profile) AWS.iam.iam.removeRoleFromInstanceProfile(new RemoveRoleFromInstanceProfileRequest() .withInstanceProfileName(name) .withRoleName(name)); AWS.iam.iam.deleteRolePolicy(new DeleteRolePolicyRequest().withRoleName(name).withPolicyName(name)); AWS.iam.iam.deleteRole(new DeleteRoleRequest().withRoleName(name)); } AWS.iam.iam.deleteInstanceProfile(new DeleteInstanceProfileRequest().withInstanceProfileName(name)); }
@Override public void delete(DeleteRoleRequest request) { delete(request, null); }
@Override public void delete(DeleteRoleRequest request, ResultCapture<Void> extractor) { resource.performAction("Delete", request, extractor); }
/** * Performs the <code>Delete</code> action. * * <p> * The following request parameters will be populated from the data of this * <code>Role</code> resource, and any conflicting parameter value set in * the request will be overridden: * <ul> * <li> * <b><code>RoleName</code></b> * - mapped from the <code>Name</code> identifier. * </li> * </ul> * * <p> * * @see DeleteRoleRequest */ void delete(DeleteRoleRequest request);
/** * Performs the <code>Delete</code> action and use a ResultCapture to * retrieve the low-level client response. * * <p> * The following request parameters will be populated from the data of this * <code>Role</code> resource, and any conflicting parameter value set in * the request will be overridden: * <ul> * <li> * <b><code>RoleName</code></b> * - mapped from the <code>Name</code> identifier. * </li> * </ul> * * <p> * * @see DeleteRoleRequest */ void delete(DeleteRoleRequest request, ResultCapture<Void> extractor);
