def _calculate_no_repo_permissions(self) -> None:
if not self.policies:
return
try:
previous_policy = self.policies[-2]
except IndexError:
previous_policy = {}
new_policy = self.policies[-1]
try:
newly_added_permissions = find_newly_added_permissions(
previous_policy.get("Policy", {}),
new_policy.get("Policy", {}),
minimize=True,
)
except IAMActionError:
logger.error(
"failed to calculate no-repo permissions for %s",
self.arn,
exc_info=True,
)
return
current_time = int(time.time())
# iterate through a copy of self.no_repo_permissions and remove expired items from
# the source dict
for permission, expiration in copy.copy(
self.no_repo_permissions).items():
if current_time > expiration:
self.no_repo_permissions.pop(permission)
expire_time = current_time + self._no_repo_secs
existing_no_repo = self.no_repo_permissions.keys()
for permission in newly_added_permissions:
if not fnmatch.filter(existing_no_repo, permission):
self.no_repo_permissions[permission] = expire_time
def _calculate_no_repo_permissions(self) -> None:
if not self.policies:
return
try:
previous_policy = self.policies[-2]
except IndexError:
previous_policy = {}
new_policy = self.policies[-1]
newly_added_permissions = find_newly_added_permissions(
previous_policy.get("Policy", {}), new_policy.get("Policy", {}))
current_time = int(time.time())
# iterate through a copy of self.no_repo_permissions and remove expired items from
# the source dict
for permission, expiration in copy.copy(
self.no_repo_permissions).items():
if current_time > expiration:
self.no_repo_permissions.pop(permission)
expire_time = current_time + self._no_repo_secs
for permission in newly_added_permissions:
self.no_repo_permissions[permission] = expire_time