def gen_statement(entries): ''' Generates S3 bucket policy statments ''' statements = [] data = {} for entry in entries: (effect, action, user, user_acct, path, condition) = split_parameter(entry) statements.append(statement.make_statement(user_acct, user, path, action, effect, condition)) data['Statement'] = statements return data
def test_jgp_make_statement(): ''' Test make_statement in c3.utils.jgp.statement ''' statement = c3statement.make_statement( '086441151436', 'root', 'cgm-cloudtrail/*', 's3:GetBucketAcl','Allow', 'empty') assert statement == { 'Action': ['s3:GetBucketAcl'], 'Resource': ['arn:aws:s3:::cgm-cloudtrail/*'], 'Effect': 'Allow', 'Principal': {'AWS': ['arn:aws:iam::086441151436:root']}} statement = c3statement.make_statement( '086441151436','root', 'cgm-cloudtrail/AWSLogs/150620942615/*', 's3:PutObject','Allow', 'StringEquals,s3:x-amz-acl,bucket-owner-full-control') assert statement == { 'Action': ['s3:PutObject'], 'Resource': ['arn:aws:s3:::cgm-cloudtrail/AWSLogs/150620942615/*'], 'Effect': 'Allow', 'Condition': { 'StringEquals': {'s3:x-amz-acl': 'bucket-owner-full-control'}}, 'Principal': {'AWS': ['arn:aws:iam::086441151436:root']}}