in resource-selector-lambda/handler.py [0:0]
def getRoles(self, config):
# build up boto3 client for iam
rolesArn=[]
iam = boto3.client('iam')
paginator = iam.get_paginator('list_roles')
page_iterator = paginator.paginate(PathPrefix=self.rolePath)
for page in page_iterator:
# Iterate through roles
for role in page['Roles']:
# get role tags
roleTags = iam.list_role_tags(RoleName=role['RoleName'])
# if role name criteria provided
if self.roleName:
# check if it match with current role
if self.roleName in role['RoleName']:
# if role has tags, check if it macth with tag criteria
if 'Tags' in roleTags:
if self.searchObject(roleTags['Tags'], config):
rolesArn.append(role['Arn'])
# if mo tag criteria provided, retur nrole
elif not 'Tags' in config:
rolesArn.append(role['Arn'])
# if no role name criteria provided in configuration, check tag criteria only
elif 'Tags' in roleTags and self.searchObject(roleTags['Tags'], config):
rolesArn.append(role['Arn'])
# if role doens't have tags and no tags criteria specified in configuration, return all roles
elif not 'Tags' in roleTags and not 'Tags' in config:
rolesArn.append(role['Arn'])
# turn list into a comma separated string and place it in our response
self.setOutput(rolesArn)