Python get_dependent_actions Beispiele

Beispiel #1

 def test_get_dependent_actions_several(self):
     self.assertEqual(
         get_dependent_actions(db_session, dependent_actions_several), [
             "chime:getcdrbucket", "s3:getbucketacl",
             "s3:getbucketlocation", "s3:getbucketlogging",
             "s3:getbucketversioning", "s3:getbucketwebsite"
         ])

Beispiel #2

 def test_print_policy_with_actions_having_dependencies(self):
     desired_output = {
             "Version": "2012-10-17",
             "Statement": [
                 {
                     "Sid": "KmsPermissionsmanagementKey",
                     "Effect": "Allow",
                     "Action": [
                         "kms:creategrant"
                     ],
                     "Resource": [
                         "arn:aws:kms:${Region}:${Account}:key/${KeyId}"
                     ]
                 },
                 {
                     "Sid": "MultMultNone",
                     "Effect": "Allow",
                     "Action": [
                         "kms:createcustomkeystore",
                         "cloudhsm:describeclusters"
                     ],
                     "Resource": [
                         "*"
                     ]
                 }
             ]
         }
     supplied_actions = actions_test_data_1
     supplied_actions = get_dependent_actions(db_session, supplied_actions)
     arn_action_group = ArnActionGroup()
     arn_dict = arn_action_group.process_list_of_actions(supplied_actions, db_session)
     self.maxDiff = None
     policy = print_policy(arn_dict, db_session)
     self.assertDictEqual(policy, desired_output)

Beispiel #3

Datei: write_policy.py Projekt: ugoenyioha/policy_sentry

def write_policy_with_actions(cfg, db_session, minimize_statement=False):
    """
    Writes an IAM policy given a dict containing lists of actions.
    """
    roles_with_actions = Roles()
    roles_with_actions.process_actions_config(cfg)
    supplied_actions = []
    for role in roles_with_actions.get_roles():
        supplied_actions.extend(role[3].copy())
    supplied_actions = get_dependent_actions(db_session, supplied_actions)
    arn_action_group = ArnActionGroup()
    arn_dict = arn_action_group.process_list_of_actions(supplied_actions, db_session)
    policy = print_policy(arn_dict, db_session, minimize_statement)
    return policy

Beispiel #4

 def test_get_dependent_actions_double(self):
     self.assertEqual(
         get_dependent_actions(db_session, dependent_actions_double), [
             "shield:associatedrtlogbucket", "s3:getbucketpolicy",
             "s3:putbucketpolicy"
         ])

Beispiel #5

 def test_get_dependent_actions_single(self):
     self.assertEqual(
         get_dependent_actions(db_session, dependent_actions_single),
         ["ec2:associateiaminstanceprofile", "iam:passrole"])