Esempi in Python per get_actions_matching_condition_crud_and_arn

Esempio n. 1

    def test_get_actions_matching_condition_crud_and_wildcard_arn(self):
        """querying.actions.get_actions_matching_condition_crud_and_wildcard_arn"""
        desired_results = [
            "swf:pollforactivitytask",
            "swf:pollfordecisiontask",
            "swf:respondactivitytaskcompleted",
            "swf:startworkflowexecution",
        ]
        results = get_actions_matching_condition_crud_and_arn(
            db_session, "swf:taskList.name", "Write", "*"
        )
        self.assertListEqual(desired_results, results)

        # This one leverages a condition key that is partway through a string in the database
        # - luckily, SQLAlchemy's ilike function allows us to find it anyway because it's a substring
        # kms:CallerAccount,kms:EncryptionAlgorithm,kms:EncryptionContextKeys,kms:ViaService
        desired_results = [
            "kms:decrypt",
            "kms:encrypt",
            "kms:generatedatakey",
            "kms:generatedatakeypair",
            "kms:generatedatakeypairwithoutplaintext",
            "kms:generatedatakeywithoutplaintext",
            "kms:reencryptfrom",
            "kms:reencryptto",
        ]
        results = get_actions_matching_condition_crud_and_arn(
            db_session, "kms:EncryptionAlgorithm", "Write", "*"
        )
        self.assertListEqual(desired_results, results)

Esempio n. 2

    def test_get_actions_matching_condition_crud_and_wildcard_arn(self):
        """querying.actions.get_actions_matching_condition_crud_and_wildcard_arn"""
        desired_results = [
            "swf:PollForActivityTask",
            "swf:PollForDecisionTask",
            "swf:RespondActivityTaskCompleted",
            "swf:StartWorkflowExecution",
        ]
        results = get_actions_matching_condition_crud_and_arn(
            db_session, "swf:taskList.name", "Write", "*")
        print(results)
        self.assertListEqual(desired_results, results)

        # This one leverages a condition key that is partway through a string in the database
        # - luckily, SQLAlchemy's ilike function allows us to find it anyway because it's a substring
        # kms:CallerAccount,kms:EncryptionAlgorithm,kms:EncryptionContextKeys,kms:ViaService
        desired_results = [
            "kms:Decrypt",
            "kms:Encrypt",
            "kms:GenerateDataKey",
            "kms:GenerateDataKeyPair",
            "kms:GenerateDataKeyPairWithoutPlaintext",
            "kms:GenerateDataKeyWithoutPlaintext",
            "kms:ReEncryptFrom",
            "kms:ReEncryptTo",
        ]
        print(results)
        results = get_actions_matching_condition_crud_and_arn(
            db_session, "kms:EncryptionAlgorithm", "Write", "*")
        self.assertListEqual(desired_results, results)

Esempio n. 3

 def test_get_actions_matching_condition_crud_and_arn(self):
     """test_get_actions_matching_condition_crud_and_arn: Get a list of IAM Actions matching condition key,
     CRUD level, and raw ARN"""
     results = get_actions_matching_condition_crud_and_arn(
         db_session, "elasticbeanstalk:InApplication", "List",
         "arn:${Partition}:elasticbeanstalk:${Region}:${Account}:environment/${ApplicationName}/${EnvironmentName}"
     )
     desired_results = [
         'elasticbeanstalk:describeenvironments',
     ]
     self.assertListEqual(desired_results, results)

Esempio n. 4

 def test_get_actions_matching_condition_crud_and_arn(self):
     """querying.actions.get_actions_matching_condition_crud_and_arn"""
     results = get_actions_matching_condition_crud_and_arn(
         db_session,
         "elasticbeanstalk:InApplication",
         "List",
         "arn:${Partition}:elasticbeanstalk:${Region}:${Account}:environment/${ApplicationName}/${EnvironmentName}",
     )
     desired_results = [
         "elasticbeanstalk:describeenvironments",
     ]
     self.assertListEqual(desired_results, results)

Esempio n. 5

    def test_get_actions_matching_condition_crud_and_wildcard_arn(self):
        """test_get_actions_matching_condition_crud_and_wildcard_arn: Get a list of IAM Actions matching condition key
        , CRUD level, and raw ARN. Raw ARN equals * in this case"""
        desired_results = [
            'swf:pollforactivitytask', 'swf:pollfordecisiontask',
            'swf:respondactivitytaskcompleted', 'swf:startworkflowexecution'
        ]
        results = get_actions_matching_condition_crud_and_arn(
            db_session, "swf:taskList.name", "Write", "*")
        self.assertListEqual(desired_results, results)

        # This one leverages a condition key that is partway through a string in the database
        # - luckily, SQLAlchemy's ilike function allows us to find it anyway because it's a substring
        # kms:CallerAccount,kms:EncryptionAlgorithm,kms:EncryptionContextKeys,kms:ViaService
        desired_results = [
            'kms:decrypt', 'kms:encrypt', 'kms:generatedatakey',
            'kms:generatedatakeypair',
            'kms:generatedatakeypairwithoutplaintext',
            'kms:generatedatakeywithoutplaintext', 'kms:reencryptfrom',
            'kms:reencryptto'
        ]
        results = get_actions_matching_condition_crud_and_arn(
            db_session, "kms:EncryptionAlgorithm", "Write", "*")
        self.assertListEqual(desired_results, results)

Esempio n. 6

#!/usr/bin/env python
from policy_sentry.shared.database import connect_db
from policy_sentry.querying.actions import get_actions_matching_condition_crud_and_arn
import json

if __name__ == '__main__':
    db_session = connect_db('bundled')
    results = get_actions_matching_condition_crud_and_arn(
        db_session, "ram:ResourceArn", "Permissions management",
        "arn:${Partition}:ram:${Region}:${Account}:resource-share/${ResourcePath}"
    )
    print(json.dumps(output, indent=4))
"""
Output:

[
    'ram:createresourceshare'
]
"""