def unknown_actions():
iam_actions_from_api_calls = set()
for api_call in all_aws_api_methods():
x = api_call.split(":")
r = Record(x[0] + ".amazonaws.com", x[1])
statement = r.to_statement()
if statement is not None:
iam_actions_from_api_calls.add(statement.Action[0].json_repr())
known_actions = all_known_iam_permissions()
return iam_actions_from_api_calls.difference(known_actions)
def test_should_convert_api_gateway_events_properly():
record = Record("apigateway.amazonaws.com", "CreateRestApi")
expected_statment = Statement(
Effect="Allow",
Action=[
Action("apigateway", "POST"),
],
Resource=["arn:aws:apigateway:*::/restapis"]
)
assert record.to_statement() == expected_statment
def test_should_convert_special_actions_properly():
record = Record("lambda", "ListVersionsByFunction20150331")
expected_statment = Statement(
Effect="Allow",
Action=[
Action("lambda", "ListVersionsByFunction"),
],
Resource=["*"]
)
assert record.to_statement() == expected_statment
def test_should_convert_special_event_sources_properly():
record = Record("monitoring.amazonaws.com", "DescribeLogStreams")
expected_statment = Statement(
Effect="Allow",
Action=[
Action("cloudwatch", "DescribeLogStreams"),
],
Resource=["*"]
)
assert record.to_statement() == expected_statment
def test_should_convert_into_iam_statement():
record = Record("autoscaling.amazonaws.com", "DescribeLaunchConfigurations")
expected_statment = Statement(
Effect="Allow",
Action=[
Action('autoscaling', 'DescribeLaunchConfigurations'),
],
Resource=["*"]
)
assert record.to_statement() == expected_statment
def test_should_convert_api_gateway_events_with_parameters_properly():
record = Record("apigateway.amazonaws.com", "UpdateMethod")
expected_statment = Statement(
Effect="Allow",
Action=[
Action("apigateway", "PATCH"),
],
Resource=["arn:aws:apigateway:*::/restapis/*/resources/*/methods/*"]
)
assert record.to_statement() == expected_statment