Ejemplo n.º 1
0
def initialize(access_level_overrides_file, fetch, build):
    """
    Initialize the local database to store AWS IAM information, which can be used to generate IAM policies, and for
    querying the database.
    """
    if not access_level_overrides_file:
        overrides_file = HOME + CONFIG_DIRECTORY + 'access-level-overrides.yml'
    else:
        overrides_file = access_level_overrides_file
    # Create the config directory
    database_path = create_policy_sentry_config_directory()

    # Copy over the html docs, which will be used to build the database
    create_html_docs_directory()

    # Create the directory to download IAM policies to
    create_policy_analysis_directory()

    # Create audit directory to host list of permissions for analyze_iam_policy
    create_audit_directory()

    # Create overrides file, which allows us to override the Access Levels
    # provided by AWS documentation
    create_default_overrides_file()

    # Create the default reporting configuration file. This is used by
    # analyze_iam_policy
    create_default_report_config_file()

    if not build and not fetch:
        # copy from the bundled database location to the destination path
        shutil.copy(BUNDLED_DATABASE_FILE_PATH, database_path)

    # Connect to the database at that path with SQLAlchemy
    db_session = connect_db(database_path, initialization=True)

    # --fetch: wget the AWS IAM Actions, Resources and Condition Keys pages and store them locally.
    # if --build and --fetch are both supplied, just do --fetch
    if fetch:
        # `wget` the html docs to the local directory
        update_html_docs_directory(HTML_DIRECTORY_PATH)
        # Update the links.yml file
        prefix_list = create_service_links_mapping_file(
            HTML_DIRECTORY_PATH, LINKS_YML_FILE_LOCAL)
        print(f"Services: {prefix_list}")

    # initialize --build
    if build or access_level_overrides_file or fetch:
        # Use the list of services that were listed in the links.yml file
        all_aws_services = get_list_of_service_prefixes_from_links_file(
            LINKS_YML_FILE_LOCAL)
        print(f"Services to build for: ${LINKS_YML_FILE_LOCAL}")
        # Fill in the database with data on the AWS services
        create_database(db_session, all_aws_services, overrides_file)
        print("Created tables for all services!")

    # Query the database for all the services that are now in the database.
    all_aws_service_prefixes = get_all_service_prefixes(db_session)
    total_count_of_services = str(len(all_aws_service_prefixes))
    print(f"{total_count_of_services} AWS services in the database. \nServices: {all_aws_service_prefixes}")
Ejemplo n.º 2
0
def initialize(access_level_overrides_file, fetch, build, log_level):
    """
    Initialize the local database to store AWS IAM information, which can be used to generate IAM policies, and for
    querying the database.
    """
    set_log_level(logger, log_level)

    if not access_level_overrides_file:
        overrides_file = HOME + CONFIG_DIRECTORY + "access-level-overrides.yml"
    else:
        overrides_file = access_level_overrides_file
    # Create the config directory
    database_path = create_policy_sentry_config_directory()

    # Copy over the html docs, which will be used to build the database
    create_html_docs_directory()

    # Create overrides file, which allows us to override the Access Levels
    # provided by AWS documentation
    create_default_overrides_file()

    print("Database will be stored here: %s", database_path)

    if not build and not fetch:
        # copy from the bundled database location to the destination path
        shutil.copy(BUNDLED_DATABASE_FILE_PATH, database_path)

    # Connect to the database at that path with SQLAlchemy
    db_session = connect_db(database_path, initialization=True)

    # --fetch: wget the AWS IAM Actions, Resources and Condition Keys pages and store them locally.
    # if --build and --fetch are both supplied, just do --fetch
    if fetch:
        # `wget` the html docs to the local directory
        update_html_docs_directory(HTML_DIRECTORY_PATH)
        # Update the links.yml file
        prefix_list = create_service_links_mapping_file(
            HTML_DIRECTORY_PATH, LINKS_YML_FILE_LOCAL)
        print(f"Services: {prefix_list}")

    # initialize --build
    if build or access_level_overrides_file or fetch:
        # Use the list of services that were listed in the links.yml file
        all_aws_services = get_list_of_service_prefixes_from_links_file(
            LINKS_YML_FILE_LOCAL)
        logger.debug("Services to build are stored in: %s",
                     LINKS_YML_FILE_LOCAL)
        # Fill in the database with data on the AWS services
        create_database(db_session, all_aws_services, overrides_file)
        print("Created tables for all services!")

    # Query the database for all the services that are now in the database.
    all_aws_service_prefixes = get_all_service_prefixes(db_session)
    total_count_of_services = str(len(all_aws_service_prefixes))
    print("Initialization complete!")
    print(f"Total AWS services in the IAM database: {total_count_of_services}")
    logger.debug("\nService prefixes:")
    logger.debug(", ".join(all_aws_service_prefixes))
Ejemplo n.º 3
0
def build_database():
    print(BUNDLED_DATABASE_FILE_PATH)
    if os.path.exists(BUNDLED_DATABASE_FILE_PATH):
        os.remove(BUNDLED_DATABASE_FILE_PATH)
    db_session = connect_db(BUNDLED_DATABASE_FILE_PATH, initialization=True)
    all_aws_services = get_list_of_service_prefixes_from_links_file(
        LINKS_YML_FILE_IN_PACKAGE)
    create_database(db_session, all_aws_services,
                    DEFAULT_ACCESS_OVERRIDES_FILE)
Ejemplo n.º 4
0
def initialize(access_level_overrides_file, fetch):
    """
    Create a local database to store AWS IAM information, which can be used to generate IAM policies and analyze them
    for least privilege.
    """

    # Create the config directory
    database_path = create_policy_sentry_config_directory()

    # Copy over the html docs, which will be used to build the database
    create_html_docs_directory()

    # Create the directory to download IAM policies to
    create_policy_analysis_directory()

    # Create audit directory to host list of permissions for analyze_iam_policy
    create_audit_directory()

    # Create overrides file, which allows us to override the Access Levels
    # provided by AWS documentation
    create_default_overrides_file()

    # Create the default reporting configuration file. This is used by
    # analyze_iam_policy
    create_default_report_config_file()

    # If the user specifies fetch, wget the AWS IAM Actions, Resources and Condition Keys pages and store them locally.
    if fetch:
        # `wget` the html docs to the local directory
        update_html_docs_directory(HTML_DIRECTORY_PATH)
        # Update the links.yml file
        prefix_list = create_service_links_mapping_file(
            HTML_DIRECTORY_PATH, LINKS_YML_FILE_LOCAL)
        print(f"Services: {prefix_list}")

    # Connect to the database at that path with SQLAlchemy
    db_session = connect_db(database_path, initialization=True)

    # Use the list of services that were listed in the links.yml file
    all_aws_services = get_list_of_service_prefixes_from_links_file(
        LINKS_YML_FILE_LOCAL)
    print(f"Services to build for: ${LINKS_YML_FILE_LOCAL}")

    # Fill in the database with data on the AWS services
    create_database(db_session, all_aws_services, access_level_overrides_file)
    print("Created tables for all services!")

    # Query the database for all the services that are now in the database.
    all_aws_service_prefixes = get_all_service_prefixes(db_session)
    total_count_of_services = str(len(all_aws_service_prefixes))
    print(
        f"{total_count_of_services} AWS services in the database. \nServices: {all_aws_service_prefixes}"
    )
Ejemplo n.º 5
0
def initialize():
    """
    Create a local database to store AWS IAM information, which can be used to generate IAM policies and analyze them for least privilege.
    """
    # Create the config directory
    database_path = create_policy_sentry_config_directory()
    # Create audit directory to host list of permissions for analyze_iam_policy
    create_audit_directory()
    # Connect to the database at that path with sqlalchemy
    db_session = connect_db(database_path)
    # Fill in the database with data on the AWS services
    create_database(db_session, ALL_AWS_SERVICES)
    print("Created tables for all services!")
Ejemplo n.º 6
0
def initialize(access_level_overrides_file):
    """
    Create a local database to store AWS IAM information, which can be used to generate IAM policies and analyze them for least privilege.
    """

    # Create the config directory
    database_path = create_policy_sentry_config_directory()
    # Create the directory to download IAM policies to
    create_policy_analysis_directory()
    # Create audit directory to host list of permissions for analyze_iam_policy
    create_audit_directory()
    # Create overrides file, which allows us to override the Access Levels provided by AWS documentation
    create_default_overrides_file()
    # Connect to the database at that path with sqlalchemy
    db_session = connect_db(database_path)
    # Fill in the database with data on the AWS services
    create_database(db_session, ALL_AWS_SERVICES, access_level_overrides_file)
    print("Created tables for all services!")