def _fmt_attached_policies(policies): def _fpolicies(policies): fpolicies = [] for policy in policies: if policy['PolicyArn'].startswith('arn:aws:iam::aws:policy/'): pn = policy['PolicyArn'].replace('arn:aws:iam::aws:policy/', '') fpolicies.append({ 'Type': 'global', 'PolicyName': pn, 'PolicyArn': policy['PolicyArn'] }) else: fpolicies.append({ 'Type': 'local', 'PolicyName': policy['PolicyName'], 'PolicyArn': policy['PolicyArn'] }) return fpolicies items = _fpolicies(policies) schema = [ ('Type', 'Type', None), ('PolicyName', 'PolicyName', None), ('PolicyArn', 'PolicyArn', None), ] return tablefmt.list_to_table(items, schema, header=False, align=None, sortby='PolicyName')
def _fmt(items): """Format tags, discard cloudformation tags.""" schema = [ ('name', 'GroupName', None), ('id', 'GroupId', None), ] return tablefmt.list_to_table(items, schema, header=False, align=None)
def _fmt(items): """Format list.""" schema = [ ('item', None, None), ] return tablefmt.list_to_table( items, schema, header=False, align=None )
def _fmt(items): """Format tags, discard cloudformation tags.""" filtered = [ item for item in items if not item['Key'].startswith('aws:cloudformation:') ] schema = [ ('key', 'Key', None), ('value', 'Value', None), ] return tablefmt.list_to_table( filtered, schema, header=False, align=None )
def _fmt_trusted_entities(policy): def _root_is_trusted(statement): return bool((statement['Action'] == 'sts:AssumeRole' and statement['Effect'] == 'Allow' and 'AWS' in statement['Principal'])) def _service_is_trusted(statement): return bool((statement['Action'] == 'sts:AssumeRole' and statement['Effect'] == 'Allow' and 'Service' in statement['Principal'])) def _saml_is_trusted(statement): return bool((statement['Action'] == 'sts:AssumeRoleWithSAML' and statement['Effect'] == 'Allow')) def _trusted_entities(pol): entities = [] for statement in pol['Statement']: if _root_is_trusted(statement): entities.append({ 'Type': 'Account', 'Entity': statement['Principal']['AWS'] }) if _service_is_trusted(statement): entities.append({ 'Type': 'Service', 'Entity': statement['Principal']['Service'] }) if _saml_is_trusted(statement): if 'Federated' in statement['Principal']: princ_list = statement['Principal']['Federated'] if isinstance(princ_list, str): entities.append({ 'Type': 'SAMLProvider', 'Entity': princ_list }) else: princ_list.sort() for principal in princ_list: entities.append({ 'Type': 'SAMLProvider', 'Entity': principal }) return entities items = _trusted_entities(policy) schema = [('Type', 'Type', None), ('Entity', 'Entity', None)] return tablefmt.list_to_table(items, schema, header=False, align=None)
def _fmt_trusted_entities(policy): def _statement_principals(statement): entities = [] if (statement['Action'] == 'sts:AssumeRole' and statement['Effect'] == 'Allow' and 'AWS' in statement['Principal']): principals = statement['Principal']['AWS'] if isinstance(principals, str): principals = [principals] principals.sort() for principal in principals: parts = principal.split(':') parts[5] = parts[5].replace('/', ':') entities.append({'Entity': parts[5], 'Arn': principal}) return entities def _statement_saml_providers(statement): entities = [] if (statement['Action'] == 'sts:AssumeRoleWithSAML' and statement['Effect'] == 'Allow'): saml_providers = statement['Principal']['Federated'] if isinstance(saml_providers, str): saml_providers = [saml_providers] saml_providers.sort() for saml_provider in saml_providers: parts = saml_provider.split(':') parts[5] = parts[5].replace('/', ':') entities.append({'Entity': parts[5], 'Arn': saml_provider}) return entities def _statement_services(statement): entities = [] if (statement['Action'] == 'sts:AssumeRole' and statement['Effect'] == 'Allow' and 'Service' in statement['Principal']): services = statement['Principal']['Service'] if isinstance(services, str): services = [services] services.sort() for service in services: entities.append({ 'Entity': 'service:%s' % service, 'Arn': service }) return entities # pylint: disable=R0912 def _trusted_entities(pol): entities = [] for statement in pol['Statement']: principals = _statement_principals(statement) if principals: for principal in principals: entities.append(principal) saml_providers = _statement_saml_providers(statement) if saml_providers: for saml_provider in saml_providers: entities.append(saml_provider) services = _statement_services(statement) if services: for service in services: entities.append(service) return entities items = _trusted_entities(policy) schema = [('Entity', 'Entity', None), ('Arn', 'Arn', None)] return tablefmt.list_to_table(items, schema, header=False, align=None)