Mik*_*hao 5 ansible ansible-2.x
我试图通过以下方式删除用户:
- name: "Remove user abc"
iam_user:
name: abc
state: absent
它给了我以下错误:
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: DeleteConflictException: An error occurred (DeleteConflict) when calling the DeleteUser operation: Cannot delete entity, must delete access keys first.
fatal: [localhost]: FAILED! => {
"changed": false,
"error": {
"code": "DeleteConflict",
"message": "Cannot delete entity, must delete access keys first.",
"type": "Sender"
},
"response_metadata": {
"http_headers": {
"content-length": "298",
"content-type": "text/xml",
"date": "Thu, 12 Jul 2018 20:53:02 GMT",
"x-amzn-requestid": "91913df0-8615-11e8-b3e7-b16567885120"
},
"http_status_code": 409,
"request_id": "91913df0-8615-11e8-b3e7-b16567885120",
"retry_attempts": 0
}
}
味精:
无法删除用户 intelerad-billing-mzhao-client-creator-user:调用 DeleteUser 操作时发生错误 (DeleteConflict):无法删除实体,必须先删除访问密钥。
似乎甚至没有可删除访问密钥的 ansible 模块。
任何提示?
在用户删除方面,AWS IAM API 很挑剔。如果为用户分配了访问密钥或用户的登录配置文件不存在,则可以阻止删除。
有趣的是,Ansible 有两个模块可以用来删除用户:iamand iam_user,但是一个是关于访问密钥的错误,另一个是关于不存在的登录配置文件的错误。
因此,让我们继续并利用 AWS CLI 来实现这一目标。
这本剧本对我有用,可以创建和删除带有密钥的用户。
---
- name: Create / Delete IAM user with keys
hosts: localhost
connection: local
vars:
username: foo
tasks:
- name: Create user with keys
iam:
iam_type: user
name: "{{ username }}"
state: present
access_key_state: create
key_count: 2
- name: Get all the access keys
shell: aws iam list-access-keys --user-name {{ username }} --query 'AccessKeyMetadata[*].AccessKeyId'
register: access_key_list
- name: Delete each key
shell: aws iam delete-access-key --access-key-id {{ item }} --user-name {{ username }}
loop: "{{ access_key_list.stdout | from_json }}"
- name: Delete user
iam_user:
name: "{{ username }}"
state: absent
注意删除任务是iam_user。这是因为iam如果用户登录配置文件不存在,plain会出错。
希望有帮助!
| 归档时间: |
|
| 查看次数: |
577 次 |
| 最近记录: |