def _fmt_attached_policies(policies):
def _fpolicies(policies):
fpolicies = []
for policy in policies:
if policy['PolicyArn'].startswith('arn:aws:iam::aws:policy/'):
pn = policy['PolicyArn'].replace('arn:aws:iam::aws:policy/',
'')
fpolicies.append({
'Type': 'global',
'PolicyName': pn,
'PolicyArn': policy['PolicyArn']
})
else:
fpolicies.append({
'Type': 'local',
'PolicyName': policy['PolicyName'],
'PolicyArn': policy['PolicyArn']
})
return fpolicies
items = _fpolicies(policies)
schema = [
('Type', 'Type', None),
('PolicyName', 'PolicyName', None),
('PolicyArn', 'PolicyArn', None),
]
return tablefmt.list_to_table(items,
schema,
header=False,
align=None,
sortby='PolicyName')
def _fmt(items):
"""Format tags, discard cloudformation tags."""
schema = [
('name', 'GroupName', None),
('id', 'GroupId', None),
]
return tablefmt.list_to_table(items, schema, header=False, align=None)
def _fmt(items):
"""Format list."""
schema = [
('item', None, None),
]
return tablefmt.list_to_table(
items, schema, header=False, align=None
)
def _fmt(items):
"""Format tags, discard cloudformation tags."""
filtered = [
item for item in items
if not item['Key'].startswith('aws:cloudformation:')
]
schema = [
('key', 'Key', None),
('value', 'Value', None),
]
return tablefmt.list_to_table(
filtered, schema, header=False, align=None
)
def _fmt_trusted_entities(policy):
def _root_is_trusted(statement):
return bool((statement['Action'] == 'sts:AssumeRole'
and statement['Effect'] == 'Allow'
and 'AWS' in statement['Principal']))
def _service_is_trusted(statement):
return bool((statement['Action'] == 'sts:AssumeRole'
and statement['Effect'] == 'Allow'
and 'Service' in statement['Principal']))
def _saml_is_trusted(statement):
return bool((statement['Action'] == 'sts:AssumeRoleWithSAML'
and statement['Effect'] == 'Allow'))
def _trusted_entities(pol):
entities = []
for statement in pol['Statement']:
if _root_is_trusted(statement):
entities.append({
'Type': 'Account',
'Entity': statement['Principal']['AWS']
})
if _service_is_trusted(statement):
entities.append({
'Type': 'Service',
'Entity': statement['Principal']['Service']
})
if _saml_is_trusted(statement):
if 'Federated' in statement['Principal']:
princ_list = statement['Principal']['Federated']
if isinstance(princ_list, str):
entities.append({
'Type': 'SAMLProvider',
'Entity': princ_list
})
else:
princ_list.sort()
for principal in princ_list:
entities.append({
'Type': 'SAMLProvider',
'Entity': principal
})
return entities
items = _trusted_entities(policy)
schema = [('Type', 'Type', None), ('Entity', 'Entity', None)]
return tablefmt.list_to_table(items, schema, header=False, align=None)
def _fmt_trusted_entities(policy):
def _statement_principals(statement):
entities = []
if (statement['Action'] == 'sts:AssumeRole'
and statement['Effect'] == 'Allow'
and 'AWS' in statement['Principal']):
principals = statement['Principal']['AWS']
if isinstance(principals, str):
principals = [principals]
principals.sort()
for principal in principals:
parts = principal.split(':')
parts[5] = parts[5].replace('/', ':')
entities.append({'Entity': parts[5], 'Arn': principal})
return entities
def _statement_saml_providers(statement):
entities = []
if (statement['Action'] == 'sts:AssumeRoleWithSAML'
and statement['Effect'] == 'Allow'):
saml_providers = statement['Principal']['Federated']
if isinstance(saml_providers, str):
saml_providers = [saml_providers]
saml_providers.sort()
for saml_provider in saml_providers:
parts = saml_provider.split(':')
parts[5] = parts[5].replace('/', ':')
entities.append({'Entity': parts[5], 'Arn': saml_provider})
return entities
def _statement_services(statement):
entities = []
if (statement['Action'] == 'sts:AssumeRole'
and statement['Effect'] == 'Allow'
and 'Service' in statement['Principal']):
services = statement['Principal']['Service']
if isinstance(services, str):
services = [services]
services.sort()
for service in services:
entities.append({
'Entity': 'service:%s' % service,
'Arn': service
})
return entities
# pylint: disable=R0912
def _trusted_entities(pol):
entities = []
for statement in pol['Statement']:
principals = _statement_principals(statement)
if principals:
for principal in principals:
entities.append(principal)
saml_providers = _statement_saml_providers(statement)
if saml_providers:
for saml_provider in saml_providers:
entities.append(saml_provider)
services = _statement_services(statement)
if services:
for service in services:
entities.append(service)
return entities
items = _trusted_entities(policy)
schema = [('Entity', 'Entity', None), ('Arn', 'Arn', None)]
return tablefmt.list_to_table(items, schema, header=False, align=None)