def create_policy_sid_namespace(service,
access_level,
resource_type_name,
condition_block=None):
"""
Simply generates the SID name. The SID groups ARN types that share an access level.
For example, S3 objects vs. SSM Parameter have different ARN types - as do S3 objects vs S3 buckets. That's how we
choose to group them.
Arguments:
service: `ssm`
access_level: `Read`
resource_type_name: `parameter`
condition_block: `{"condition_key_string": "ec2:ResourceTag/purpose", "condition_type_string": "StringEquals", "condition_value": "test"}`
Returns:
String: A string like `SsmReadParameter`
"""
# Sanitize the resource_type_name; otherwise we hit some list conversion
# errors
resource_type_name = re.sub("[^A-Za-z0-9]+", "", resource_type_name)
# Also remove the space from the Access level, if applicable. This only
# applies for "Permissions management"
access_level = re.sub("[^A-Za-z0-9]+", "", access_level)
sid_namespace_prefix = (
capitalize_first_character(strip_special_characters(service)) +
capitalize_first_character(access_level) +
capitalize_first_character(resource_type_name))
if condition_block:
condition_key_namespace = re.sub(
"[^A-Za-z0-9]+", "", condition_block["condition_key_string"])
condition_type_namespace = condition_block["condition_type_string"]
condition_value_namespace = re.sub("[^A-Za-z0-9]+", "",
condition_block["condition_value"])
sid_namespace_condition_suffix = (
f"{capitalize_first_character(condition_key_namespace)}"
f"{capitalize_first_character(condition_type_namespace)}"
f"{capitalize_first_character(condition_value_namespace)}")
sid_namespace = sid_namespace_prefix + sid_namespace_condition_suffix
else:
sid_namespace = sid_namespace_prefix
return sid_namespace
def create_policy_sid_namespace(service, access_level, resource_type_name):
"""
Simply generates the SID name. The SID groups ARN types that share an access level.
For example, S3 objects vs. SSM Parameter have different ARN types - as do S3 objects vs S3 buckets. That's how we choose to group them.
:param service: "ssm"
:param access_level: "Read"
:param resource_type_name: "parameter"
:return: SsmReadParameter
:rtype: str
"""
# Sanitize the resource_type_name; otherwise we hit some list conversion
# errors
resource_type_name = re.sub('[^A-Za-z0-9]+', '', resource_type_name)
# Also remove the space from the Access level, if applicable. This only
# applies for "Permissions management"
access_level = re.sub('[^A-Za-z0-9]+', '', access_level)
sid_namespace = capitalize_first_character(service) + capitalize_first_character(
access_level) + capitalize_first_character(resource_type_name)
return sid_namespace