def create_policy(self, description, path, policy_document, policy_name): iam_policy_document_validator = IAMPolicyDocumentValidator(policy_document) iam_policy_document_validator.validate() policy = ManagedPolicy( policy_name, description=description, document=policy_document, path=path, ) self.managed_policies[policy.arn] = policy return policy
def create_policy_version(self, policy_arn, policy_document, set_as_default): iam_policy_document_validator = IAMPolicyDocumentValidator(policy_document) iam_policy_document_validator.validate() policy = self.get_policy(policy_arn) if not policy: raise IAMNotFoundException("Policy not found") version = PolicyVersion(policy_arn, policy_document, set_as_default) policy.versions.append(version) version.version_id = 'v{0}'.format(policy.next_version_num) policy.next_version_num += 1 if set_as_default: policy.default_version_id = version.version_id return version
def create_policy_version(self, policy_arn, policy_document, set_as_default): iam_policy_document_validator = IAMPolicyDocumentValidator(policy_document) iam_policy_document_validator.validate() policy = self.get_policy(policy_arn) if not policy: raise IAMNotFoundException("Policy not found") if len(policy.versions) >= 5: raise IAMLimitExceededException("A managed policy can have up to 5 versions. Before you create a new version, you must delete an existing version.") set_as_default = (set_as_default == "true") # convert it to python bool version = PolicyVersion(policy_arn, policy_document, set_as_default) policy.versions.append(version) version.version_id = 'v{0}'.format(policy.next_version_num) policy.next_version_num += 1 if set_as_default: policy.update_default_version(version.version_id) return version
def put_registry_policy(self, policy_text): try: iam_policy_document_validator = IAMPolicyDocumentValidator( policy_text) iam_policy_document_validator.validate() self._validate_registry_policy_action(policy_text) except MalformedPolicyDocument: raise InvalidParameterException( "Invalid parameter at 'PolicyText' failed to satisfy constraint: " "'Invalid registry policy provided'") self.registry_policy = policy_text return { "registryId": get_account_id(), "policyText": policy_text, }
def set_repository_policy(self, registry_id, repository_name, policy_text): repo = self._get_repository(repository_name, registry_id) try: iam_policy_document_validator = IAMPolicyDocumentValidator( policy_text) # the repository policy can be defined without a resource field iam_policy_document_validator._validate_resource_exist = lambda: None # the repository policy can have the old version 2008-10-17 iam_policy_document_validator._validate_version = lambda: None iam_policy_document_validator.validate() except MalformedPolicyDocument: raise InvalidParameterException( "Invalid parameter at 'PolicyText' failed to satisfy constraint: " "'Invalid repository policy provided'") repo.policy = policy_text return { "registryId": repo.registry_id, "repositoryName": repository_name, "policyText": repo.policy, }
def put_group_policy(self, group_name, policy_name, policy_json): group = self.get_group(group_name) iam_policy_document_validator = IAMPolicyDocumentValidator(policy_json) iam_policy_document_validator.validate() group.put_policy(policy_name, policy_json)
def put_role_policy(self, role_name, policy_name, policy_json): role = self.get_role(role_name) iam_policy_document_validator = IAMPolicyDocumentValidator(policy_json) iam_policy_document_validator.validate() role.put_policy(policy_name, policy_json)
def put_user_policy(self, user_name, policy_name, policy_json): user = self.get_user(user_name) iam_policy_document_validator = IAMPolicyDocumentValidator(policy_json) iam_policy_document_validator.validate() user.put_policy(policy_name, policy_json)