def tag_policy(self): policy_arn = self._get_param("PolicyArn") tags = self._get_multi_param("Tags.member") tags = {tag["Key"]: tag["Value"] for tag in tags or []} policy = moto_iam_backend.get_policy(policy_arn) policy.tags.update(tags) return ""
def iam_response_simulate_principal_policy(self): def build_evaluation(action_name, resource_name, policy_statements): for statement in policy_statements: # TODO Implement evaluation logic here if (action_name in statement["Action"] and resource_name in statement["Resource"] and statement["Effect"] == "Allow"): return { "actionName": action_name, "resourceName": resource_name, "decision": "allowed", "matchedStatements": [], } return { "actionName": action_name, "resourceName": resource_name, "decision": "explicitDeny", } policy = moto_iam_backend.get_policy( self._get_param("PolicySourceArn")) policy_statements = json.loads(policy.document)["Statement"] actions = self._get_multi_param("ActionNames.member") resource_arns = self._get_multi_param("ResourceArns.member") evaluations = [] for action in actions: for resource_arn in resource_arns: evaluations.append( build_evaluation(action, resource_arn, policy_statements)) template = self.response_template(SIMULATE_PRINCIPAL_POLICY_RESPONSE) return template.render(evaluations=evaluations)
def tag_policy(self): policy_arn = self._get_param('PolicyArn') tags = self._get_multi_param('Tags.member') tags = {tag['Key']: tag['Value'] for tag in tags or []} policy = moto_iam_backend.get_policy(policy_arn) policy.tags.update(tags) return ''
def iam_response_simulate_principal_policy(self): def build_evaluation(action_name, resource_name, policy_statements): for statement in policy_statements: # TODO Implement evaluation logic here if action_name in statement['Action'] \ and resource_name in statement['Resource'] \ and statement['Effect'] == 'Allow': return { 'actionName': action_name, 'resourceName': resource_name, 'decision': 'allowed', 'matchedStatements': [] } return { 'actionName': action_name, 'resourceName': resource_name, 'decision': 'explicitDeny' } policy = moto_iam_backend.get_policy(self._get_param('PolicySourceArn')) policy_statements = json.loads(policy.document)['Statement'] actions = self._get_multi_param('ActionNames.member') resource_arns = self._get_multi_param('ResourceArns.member') evaluations = [] for action in actions: for resource_arn in resource_arns: evaluations.append(build_evaluation(action, resource_arn, policy_statements)) template = self.response_template(SIMULATE_PRINCIPAL_POLICY_RESPONSE) return template.render(evaluations=evaluations)
def simulate_principal_policy( self, context: RequestContext, policy_source_arn: arnType, action_names: ActionNameListType, policy_input_list: SimulationPolicyListType = None, permissions_boundary_policy_input_list: SimulationPolicyListType = None, resource_arns: ResourceNameListType = None, resource_policy: policyDocumentType = None, resource_owner: ResourceNameType = None, caller_arn: ResourceNameType = None, context_entries: ContextEntryListType = None, resource_handling_option: ResourceHandlingOptionType = None, max_items: maxItemsType = None, marker: markerType = None, ) -> SimulatePolicyResponse: policy = moto_iam_backend.get_policy(policy_source_arn) policy_version = moto_iam_backend.get_policy_version( policy_source_arn, policy.default_version_id) try: policy_statements = json.loads(policy_version.document).get( "Statement", []) except Exception: raise NoSuchEntityException("Policy not found") evaluations = [ self.build_evaluation_result(action_name, resource_arn, policy_statements) for action_name in action_names for resource_arn in resource_arns ] response = SimulatePolicyResponse() response["IsTruncated"] = False response["EvaluationResults"] = evaluations return response
def untag_policy(self): policy_arn = self._get_param("PolicyArn") tag_keys = self._get_multi_param("TagKeys.member") policy = moto_iam_backend.get_policy(policy_arn) policy.tags = { k: v for k, v in policy.tags.items() if k not in tag_keys } return ""