def unknown_actions(): iam_actions_from_api_calls = set() for api_call in all_aws_api_methods(): x = api_call.split(":") r = Record(x[0] + ".amazonaws.com", x[1]) statement = r.to_statement() if statement is not None: iam_actions_from_api_calls.add(statement.Action[0].json_repr()) known_actions = all_known_iam_permissions() return iam_actions_from_api_calls.difference(known_actions)
def test_should_convert_api_gateway_events_properly(): record = Record("apigateway.amazonaws.com", "CreateRestApi") expected_statment = Statement( Effect="Allow", Action=[ Action("apigateway", "POST"), ], Resource=["arn:aws:apigateway:*::/restapis"] ) assert record.to_statement() == expected_statment
def test_should_convert_special_actions_properly(): record = Record("lambda", "ListVersionsByFunction20150331") expected_statment = Statement( Effect="Allow", Action=[ Action("lambda", "ListVersionsByFunction"), ], Resource=["*"] ) assert record.to_statement() == expected_statment
def test_should_convert_special_event_sources_properly(): record = Record("monitoring.amazonaws.com", "DescribeLogStreams") expected_statment = Statement( Effect="Allow", Action=[ Action("cloudwatch", "DescribeLogStreams"), ], Resource=["*"] ) assert record.to_statement() == expected_statment
def test_should_convert_into_iam_statement(): record = Record("autoscaling.amazonaws.com", "DescribeLaunchConfigurations") expected_statment = Statement( Effect="Allow", Action=[ Action('autoscaling', 'DescribeLaunchConfigurations'), ], Resource=["*"] ) assert record.to_statement() == expected_statment
def test_should_convert_api_gateway_events_with_parameters_properly(): record = Record("apigateway.amazonaws.com", "UpdateMethod") expected_statment = Statement( Effect="Allow", Action=[ Action("apigateway", "PATCH"), ], Resource=["arn:aws:apigateway:*::/restapis/*/resources/*/methods/*"] ) assert record.to_statement() == expected_statment