def principals(self):
principals = Elements()
for i in range(len(self.statements)):
principals.extend([
p for p in self.statements[i].principals()
if p not in principals
])
return principals
def resolve(self):
if self._Actions is not None:
return self._Actions
if self._explicit_actions is None:
self._resolve_action_statement()
if self._explicit_resources is None:
self._resolve_resource_statement()
if self._explicit_principals is None:
self._resolve_principal_statement()
actions = Elements()
for action in self.actions():
# Rewrite
resources = Elements()
for affected in ACTIONS[action]["Affects"]:
resources.extend(Elements(
[r for r in self._explicit_resources.get(affected)
if r not in resources]))
for resource in resources:
# Action conditions comprise of resource level permission conditions
# variants AND statement conditions
condition = self._explicit_resource_conditions[resource.id()]
condition = [
{**condition[i], **self._explicit_conditions}
for i in range(len(condition))]
condition = json.dumps(condition) \
if len(condition[0]) > 0 else "[]"
for principal in self._explicit_principals:
actions.append(Action(
properties={
"Name": action,
"Description": ACTIONS[action]["Description"],
"Effect": self._statement["Effect"],
"Access": ACTIONS[action]["Access"],
"Reference": ACTIONS[action]["Reference"],
"Condition": condition
},
source=principal, target=resource))
# Unset resource level permission conditions
for resource in self._explicit_resources:
resource.condition = []
self._Actions = actions
return self._Actions
