def query_arn_table(name, service, list_arn_types, fmt):
"""Query the ARN Table from the Policy Sentry database. Use this one when leveraging Policy Sentry as a library."""
if os.path.exists(LOCAL_DATASTORE_FILE_PATH):
logger.info(
f"Using the Local IAM definition: {LOCAL_DATASTORE_FILE_PATH}. To leverage the bundled definition instead, remove the folder $HOME/.policy_sentry/"
)
else:
# Otherwise, leverage the datastore inside the python package
logger.debug("Leveraging the bundled IAM Definition.")
# Get a list of all RAW ARN formats available through the service.
if name is None and list_arn_types is False:
output = get_raw_arns_for_service(service)
print(yaml.dump(output)) if fmt == "yaml" else [
print(item) for item in output
]
# Get a list of all the ARN types per service, paired with the RAW ARNs
elif name is None and list_arn_types:
output = get_arn_types_for_service(service)
print(yaml.dump(output)) if fmt == "yaml" else [
print(json.dumps(output, indent=4))
]
# Get the raw ARN format for the `cloud9` service with the short name
# `environment`
else:
output = get_arn_type_details(service, name)
print(yaml.dump(output)) if fmt == "yaml" else [
print(json.dumps(output, indent=4))
]
return output
def test_get_raw_arns_for_service(self):
"""test_get_raw_arns_for_service: Tests function that grabs a list of raw ARNs per service"""
desired_output = [
"arn:${Partition}:s3:${Region}:${Account}:accesspoint/${AccessPointName}",
"arn:${Partition}:s3:::${BucketName}",
"arn:${Partition}:s3:::${BucketName}/${ObjectName}",
"arn:${Partition}:s3:${Region}:${Account}:job/${JobId}"
]
output = get_raw_arns_for_service(db_session, "s3")
self.maxDiff = None
self.assertListEqual(desired_output, output)
def test_get_raw_arns_for_service(self):
"""querying.arns.get_raw_arns_for_service"""
desired_output = [
"arn:${Partition}:s3:${Region}:${Account}:accesspoint/${AccessPointName}",
"arn:${Partition}:s3:::${BucketName}",
"arn:${Partition}:s3:::${BucketName}/${ObjectName}",
"arn:${Partition}:s3:${Region}:${Account}:job/${JobId}",
]
output = get_raw_arns_for_service("s3")
self.maxDiff = None
self.assertListEqual(output, desired_output)
def test_get_raw_arns_for_service(self):
"""querying.arns.get_raw_arns_for_service"""
expected_results = [
"arn:${Partition}:s3:${Region}:${Account}:accesspoint/${AccessPointName}",
"arn:${Partition}:s3:::${BucketName}",
"arn:${Partition}:s3:::${BucketName}/${ObjectName}",
"arn:${Partition}:s3:${Region}:${Account}:job/${JobId}",
"arn:${Partition}:s3:${Region}:${Account}:storage-lens/${ConfigId}"
]
results = get_raw_arns_for_service("s3")
self.maxDiff = None
for expected_result in expected_results:
self.assertTrue(expected_result in results)
def arn_table(name, service, list_arn_types):
"""Query the ARN Table from the Policy Sentry database"""
db_session = connect_db(DATABASE_FILE_PATH)
# Get a list of all RAW ARN formats available through the service.
if name is None and list_arn_types is False:
raw_arns = get_raw_arns_for_service(db_session, service)
for item in raw_arns:
print(item)
# Get a list of all the ARN types per service, paired with the RAW ARNs
elif name is None and list_arn_types:
output = get_arn_types_for_service(db_session, service)
print(json.dumps(output, indent=4))
# Get the raw ARN format for the `cloud9` service with the short name
# `environment`
else:
output = get_arn_type_details(db_session, service, name)
print(json.dumps(output, indent=4))
def query_arn_table(name, service, list_arn_types, fmt):
"""Query the ARN Table from the Policy Sentry database. Use this one when leveraging Policy Sentry as a library."""
# Get a list of all RAW ARN formats available through the service.
if name is None and list_arn_types is False:
output = get_raw_arns_for_service(service)
print(yaml.dump(output)) if fmt == "yaml" else [
print(item) for item in output
]
# Get a list of all the ARN types per service, paired with the RAW ARNs
elif name is None and list_arn_types:
output = get_arn_types_for_service(service)
print(yaml.dump(output)) if fmt == "yaml" else [
print(json.dumps(output, indent=4))
]
# Get the raw ARN format for the `cloud9` service with the short name
# `environment`
else:
output = get_arn_type_details(service, name)
print(yaml.dump(output)) if fmt == "yaml" else [
print(json.dumps(output, indent=4))
]
return output
#!/usr/bin/env python
from policy_sentry.shared.database import connect_db
from policy_sentry.querying.arns import get_raw_arns_for_service
import json
if __name__ == '__main__':
db_session = connect_db('bundled')
output = get_raw_arns_for_service(db_session, "s3")
print(json.dumps(output, indent=4))
"""
Output:
[
"arn:${Partition}:s3:${Region}:${Account}:accesspoint/${AccessPointName}",
"arn:${Partition}:s3:::${BucketName}",
"arn:${Partition}:s3:::${BucketName}/${ObjectName}",
"arn:${Partition}:s3:${Region}:${Account}:job/${JobId}"
]
"""
#!/usr/bin/env python
from policy_sentry.querying.arns import get_raw_arns_for_service
import json
if __name__ == '__main__':
output = get_raw_arns_for_service("s3")
print(json.dumps(output, indent=4))
"""
Output:
[
"arn:${Partition}:s3:${Region}:${Account}:accesspoint/${AccessPointName}",
"arn:${Partition}:s3:::${BucketName}",
"arn:${Partition}:s3:::${BucketName}/${ObjectName}",
"arn:${Partition}:s3:${Region}:${Account}:job/${JobId}"
]
"""