def principals(self): principals = Elements() for i in range(len(self.statements)): principals.extend([ p for p in self.statements[i].principals() if p not in principals ]) return principals
def resolve(self): if self._Actions is not None: return self._Actions if self._explicit_actions is None: self._resolve_action_statement() if self._explicit_resources is None: self._resolve_resource_statement() if self._explicit_principals is None: self._resolve_principal_statement() actions = Elements() for action in self.actions(): # Rewrite resources = Elements() for affected in ACTIONS[action]["Affects"]: resources.extend(Elements( [r for r in self._explicit_resources.get(affected) if r not in resources])) for resource in resources: # Action conditions comprise of resource level permission conditions # variants AND statement conditions condition = self._explicit_resource_conditions[resource.id()] condition = [ {**condition[i], **self._explicit_conditions} for i in range(len(condition))] condition = json.dumps(condition) \ if len(condition[0]) > 0 else "[]" for principal in self._explicit_principals: actions.append(Action( properties={ "Name": action, "Description": ACTIONS[action]["Description"], "Effect": self._statement["Effect"], "Access": ACTIONS[action]["Access"], "Reference": ACTIONS[action]["Reference"], "Condition": condition }, source=principal, target=resource)) # Unset resource level permission conditions for resource in self._explicit_resources: resource.condition = [] self._Actions = actions return self._Actions