def __init__(self, policy):
self.policy = policy
self.statements = []
statement_structure = ensure_array(self.policy.get("Statement", []))
for statement in statement_structure:
self.statements.append(Statement(statement))
def get_actions_from_statement(statement):
allowed_actions = set()
actions = ensure_array(statement.get("Action", []))
for action in actions:
allowed_actions = allowed_actions.union(
set(_expand_wildcard_action(action)))
inverted_actions = set()
not_actions = ensure_array(statement.get("NotAction", []))
for action in not_actions:
inverted_actions = inverted_actions.union(
set(_expand_wildcard_action(action)))
if inverted_actions:
actions = _invert_actions(inverted_actions)
allowed_actions = allowed_actions.union(actions)
return allowed_actions
def expand_policy(policy=None, expand_deny=False):
# Perform a deepcopy to avoid mutating the input
result = copy.deepcopy(policy)
result["Statement"] = ensure_array(result["Statement"])
for statement in result["Statement"]:
if statement["Effect"].lower() == "deny" and not expand_deny:
continue
actions = get_actions_from_statement(statement)
if "NotAction" in statement:
del statement["NotAction"]
statement["Action"] = sorted(list(actions))
return result
def test_ensure_array_non_sequence_input(self):
for obj in ("abc", b"abc", 1, {"a": 1}):
self.assertListEqual(ensure_array(obj), [obj])
def test_ensure_array_sequence_input(self):
for obj in ([1, 2], (3, 4), CustomSequence(5, 6)):
self.assertIs(ensure_array(obj), obj)
def resources(self):
if "NotResource" in self.statement:
return set(["*"])
resources = ensure_array(self.statement.get("Resource"))
return set(resources)
def _actions(self):
actions = self.statement.get("Action")
if not actions:
return set()
actions = ensure_array(actions)
return set(actions)
