From c437abf0aa6c9443ffb2f692e79f393d08d75719 Mon Sep 17 00:00:00 2001
From: "Hugh A. Miles II" <hughmil3s@gmail.com>
Date: Tue, 7 Nov 2017 11:53:39 -0800
Subject: [PATCH] Remove extra ensure iam statement (#45)

Remove extra statement for `Ensure grains.cluster_name iam role exists`  :smiling_face_with_open_mouth_and_cold_sweat:

@mistercrunch
---
 ops/orca/states/superset.sls | 57 ++++++++++++++++--------------------
 1 file changed, 25 insertions(+), 32 deletions(-)

diff --git a/ops/orca/states/superset.sls b/ops/orca/states/superset.sls
index 7feb509f8f204..c1d3275ca6ac7 100644
--- a/ops/orca/states/superset.sls
+++ b/ops/orca/states/superset.sls
@@ -24,6 +24,31 @@ Ensure {{ grains.cluster_name }} iam role exists:
     - policies_from_pillars:
         - orca_iam_policies
     - profile: orca_profile
+    - policies:
+        'superset-s3-read-write':
+          Version: '2012-10-17'
+          Statement:
+            - Sid: 'SupersetServiceFullObjectPermissions'
+              Action:
+                - 's3:AbortMultipartUpload'
+                - 's3:Get*'
+                - 's3:Put*'
+                - 's3:Delete*'
+                - 's3:List*'
+              Effect: 'Allow'
+              Resource:
+                - 'arn:aws:s3:::lyft-superset-{{grains.service_instance}}-iad'
+                - 'arn:aws:s3:::lyft-superset-{{grains.service_instance}}-iad/*'
+            - Sid: 'SupersetServiceListPermissions'
+              Action:
+                - 's3:List*'
+              Effect: 'Allow'
+              Resource:
+                - 'arn:aws:s3:::lyft-superset-{{grains.service_instance}}-iad'
+              Condition:
+                - 's3:prefix':
+                  - 'arn:aws:s3:::lyft-superset-{{grains.service_instance}}-iad'
+                  - 'arn:aws:s3:::lyft-superset-{{grains.service_instance}}-iad/*'
 
 Ensure {{ grains.cluster_name }} asg exists:
   boto_asg.present:
@@ -110,37 +135,6 @@ Ensure {{ grains.cluster_name }}-canary asg exists:
     - profile: orca_profile
 {% endif %}
 
-Ensure {{ grains.cluster_name }} iam role exists:
-  boto_iam_role.present:
-    - name: {{ grains.cluster_name }}
-    - policies_from_pillars:
-        - orca_iam_policies
-    - profile: orca_profile
-    - policies:
-        'superset-s3-read-write':
-          Version: '2012-10-17'
-          Statement:
-            - Sid: 'SupersetServiceFullObjectPermissions'
-              Action:
-                - 's3:AbortMultipartUpload'
-                - 's3:Get*'
-                - 's3:Put*'
-                - 's3:Delete*'
-                - 's3:List*'
-              Effect: 'Allow'
-              Resource:
-                - 'arn:aws:s3:::lyft-superset-{{grains.service_instance}}-iad'
-                - 'arn:aws:s3:::lyft-superset-{{grains.service_instance}}-iad/*'
-            - Sid: 'SupersetServiceListPermissions'
-              Action:
-                - 's3:List*'
-              Effect: 'Allow'
-              Resource:
-                - 'arn:aws:s3:::lyft-superset-{{grains.service_instance}}-iad'
-              Condition:
-                - 's3:prefix':
-                  - 'arn:aws:s3:::lyft-superset-{{grains.service_instance}}-iad'
-                  - 'arn:aws:s3:::lyft-superset-{{grains.service_instance}}-iad/*'
 
 Ensure lyft-superset-{{grains.service_instance}}-iad bucket exists:
   boto_s3_bucket.present:
@@ -175,4 +169,3 @@ Ensure lyft-superset-{{grains.service_instance}}-iad bucket exists:
             Condition:
               "Null":
                 "s3:x-amz-server-side-encryption": "true"
-