Python Statement.get_principal_list Exemples

Langage de programmation: Python

Espace de nommage/Pack: pycfmodel.model.resources.properties.statement

Class/Type: Statement

Méthode/Fonction: get_principal_list

Exemples au hotexamples.com: 2

Python Statement.get_principal_list - 2 exemples trouvés. Ce sont les exemples réels les mieux notés de pycfmodel.model.resources.properties.statement.Statement.get_principal_list extraits de projets open source. Vous pouvez noter les exemples pour nous aider à en améliorer la qualité.

Méthodes fréquemment utilisées

Afficher Cacher

Statement(11)

get_action_list(2)

get_principal_list(2)

actions_with(1)

get_expanded_action_list(1)

Méthodes fréquemment utilisées

Statement (11)

get_action_list (2)

get_principal_list (2)

actions_with (1)

get_expanded_action_list (1)

Exemple #1

0

Afficher le fichier

def _do_statement_check(self, result: Result, logical_id: str, statement: Statement, filters_available_context: Dict, resource: Resource): if statement.Effect == "Allow": for principal in statement.get_principal_list(): account_id = get_account_id_from_principal(principal) filters_available_context["principal"] = principal filters_available_context["account_id"] = account_id if ( # checks if principal is a canonical id and is allowed principal not in self.valid_principals # if it wasn't a canonical id and contains a valid account id and account_id not in self.valid_principals # if principal is an AWS service and not principal.endswith(".amazonaws.com")): if statement.Condition and statement.Condition.dict(): # Ignoring condition checks since they will get reviewed in other rules and future improvements pass elif not self._config.aws_account_id: logger.warning( f"Not adding {type(self).__name__} failure in {logical_id} " f"because no AWS Account ID was found in the config." ) elif principal.startswith( "GETATT") or principal.startswith("UNDEFINED_"): self.add_failure_to_result( result, self.REASON.format(logical_id, principal), rule_mode=RuleMode.DEBUG, resource_ids={logical_id}, context=filters_available_context, resource_types={resource.Type}, ) else: self.add_failure_to_result( result, self.REASON.format(logical_id, principal), resource_ids={logical_id}, context=filters_available_context, resource_types={resource.Type}, )

Exemple #2

0

Afficher le fichier

Fichier : cross_account_trust.py Projet : bbhunt-2020/Canivete

def _do_statement_check(self, result: Result, logical_id: str, statement: Statement, filters_available_context: Dict): if statement.Effect == "Allow": for principal in statement.get_principal_list(): account_id = get_account_id_from_principal(principal) filters_available_context["principal"] = principal filters_available_context["account_id"] = account_id if ( # checks if principal is a canonical id and is whitelisted principal not in self.valid_principals # if it wasn't a canonical id and contains a valid account id and account_id not in self.valid_principals # if principal is an AWS service and not principal.endswith(".amazonaws.com")): if statement.Condition and statement.Condition.dict(): logger.warning( f"Not adding {type(self).__name__} failure in {logical_id} " f"because there are conditions: {statement.Condition}" ) elif not self._config.aws_account_id: logger.warning( f"Not adding {type(self).__name__} failure in {logical_id} " f"because no AWS Account ID was found in the config." ) elif "GETATT" in principal or "UNDEFINED_" in principal: self.add_failure_to_result( result, self.REASON.format(logical_id, principal), rule_mode=RuleMode.DEBUG, resource_ids={logical_id}, context=filters_available_context, ) else: self.add_failure_to_result( result, self.REASON.format(logical_id, principal), resource_ids={logical_id}, context=filters_available_context, )