def initialize(access_level_overrides_file, fetch, build):
"""
Initialize the local data file to store AWS IAM information, which can be used to generate IAM policies, and for
querying the database.
"""
if not access_level_overrides_file:
overrides_file = LOCAL_ACCESS_OVERRIDES_FILE
else:
overrides_file = access_level_overrides_file
# Create the config directory
database_path = create_policy_sentry_config_directory()
# Copy over the html docs, which will be used to build the database
create_html_docs_directory()
# Create overrides file, which allows us to override the Access Levels
# provided by AWS documentation
file_list = [
f for f in os.listdir(BUNDLED_DATA_DIRECTORY)
if os.path.isfile(os.path.join(BUNDLED_DATA_DIRECTORY, f))
]
for file in file_list:
if file.endswith(".yml"):
shutil.copy(os.path.join(BUNDLED_DATA_DIRECTORY, file),
CONFIG_DIRECTORY)
logger.debug("copying overrides file %s to %s", file,
CONFIG_DIRECTORY)
print("Database will be stored here: " + database_path)
if not build and not fetch:
# copy from the bundled database location to the destination path
shutil.copy(BUNDLED_DATASTORE_FILE_PATH, database_path)
# --fetch: wget the AWS IAM Actions, Resources and Condition Keys pages and store them locally.
# if --build and --fetch are both supplied, just do --fetch
if fetch:
# `wget` the html docs to the local directory
update_html_docs_directory(LOCAL_HTML_DIRECTORY_PATH)
create_database(CONFIG_DIRECTORY, overrides_file)
# initialize --build
if build or access_level_overrides_file or fetch:
create_database(CONFIG_DIRECTORY, overrides_file)
print("Created the database!")
# Query the database for all the services that are now in the database.
all_aws_service_prefixes = get_all_service_prefixes()
total_count_of_services = str(len(all_aws_service_prefixes))
print("Initialization complete!")
print(f"Total AWS services in the IAM database: {total_count_of_services}")
logger.debug("\nService prefixes:")
logger.debug(", ".join(all_aws_service_prefixes))
import os
from pathlib import Path
sys.path.append(str(Path(os.path.dirname(__file__)).parent))
from policy_sentry.shared.awsdocs import create_database, update_html_docs_directory
from policy_sentry.shared.constants import (
BUNDLED_ACCESS_OVERRIDES_FILE,
BUNDLED_DATA_DIRECTORY,
# BUNDLED_DATASTORE_FILE_PATH,
BUNDLED_HTML_DIRECTORY_PATH)
BASE_DIR = str(
os.path.abspath(os.path.join(os.path.dirname(__file__), os.path.pardir)))
if __name__ == '__main__':
print(
"Downloading the latest AWS documentation from the Actions, Resources, and Condition Keys page"
)
update_html_docs_directory(BUNDLED_HTML_DIRECTORY_PATH)
# Can't use the version of the same variable from the policy_sentry/shares/constants.py
# file because of some syspath nonsense.
BUNDLED_DATASTORE_FILE_PATH = os.path.join(
str(Path(os.path.dirname(__file__))), "policy_sentry", "shared",
"data", "iam-definition.json")
if os.path.exists(BUNDLED_DATASTORE_FILE_PATH):
print("Datastore exists. Deleting then rebuilding...")
os.remove(BUNDLED_DATASTORE_FILE_PATH)
print("Building the IAM database")
create_database(BUNDLED_DATA_DIRECTORY, BUNDLED_ACCESS_OVERRIDES_FILE)
# print("Exporting the IAM database to CSV")
# write_iam_database_to_csv()