Exemplo n.º 1
0
 def tag_policy(self):
     policy_arn = self._get_param("PolicyArn")
     tags = self._get_multi_param("Tags.member")
     tags = {tag["Key"]: tag["Value"] for tag in tags or []}
     policy = moto_iam_backend.get_policy(policy_arn)
     policy.tags.update(tags)
     return ""
Exemplo n.º 2
0
    def iam_response_simulate_principal_policy(self):
        def build_evaluation(action_name, resource_name, policy_statements):
            for statement in policy_statements:
                # TODO Implement evaluation logic here
                if (action_name in statement["Action"]
                        and resource_name in statement["Resource"]
                        and statement["Effect"] == "Allow"):

                    return {
                        "actionName": action_name,
                        "resourceName": resource_name,
                        "decision": "allowed",
                        "matchedStatements": [],
                    }

            return {
                "actionName": action_name,
                "resourceName": resource_name,
                "decision": "explicitDeny",
            }

        policy = moto_iam_backend.get_policy(
            self._get_param("PolicySourceArn"))
        policy_statements = json.loads(policy.document)["Statement"]
        actions = self._get_multi_param("ActionNames.member")
        resource_arns = self._get_multi_param("ResourceArns.member")
        evaluations = []
        for action in actions:
            for resource_arn in resource_arns:
                evaluations.append(
                    build_evaluation(action, resource_arn, policy_statements))

        template = self.response_template(SIMULATE_PRINCIPAL_POLICY_RESPONSE)
        return template.render(evaluations=evaluations)
Exemplo n.º 3
0
 def tag_policy(self):
     policy_arn = self._get_param('PolicyArn')
     tags = self._get_multi_param('Tags.member')
     tags = {tag['Key']: tag['Value'] for tag in tags or []}
     policy = moto_iam_backend.get_policy(policy_arn)
     policy.tags.update(tags)
     return ''
Exemplo n.º 4
0
    def iam_response_simulate_principal_policy(self):
        def build_evaluation(action_name, resource_name, policy_statements):
            for statement in policy_statements:
                # TODO Implement evaluation logic here
                if action_name in statement['Action'] \
                        and resource_name in statement['Resource'] \
                        and statement['Effect'] == 'Allow':

                    return {
                        'actionName': action_name,
                        'resourceName': resource_name,
                        'decision': 'allowed',
                        'matchedStatements': []
                    }

            return {
                'actionName': action_name,
                'resourceName': resource_name,
                'decision': 'explicitDeny'
            }

        policy = moto_iam_backend.get_policy(self._get_param('PolicySourceArn'))
        policy_statements = json.loads(policy.document)['Statement']
        actions = self._get_multi_param('ActionNames.member')
        resource_arns = self._get_multi_param('ResourceArns.member')
        evaluations = []
        for action in actions:
            for resource_arn in resource_arns:
                evaluations.append(build_evaluation(action, resource_arn, policy_statements))

        template = self.response_template(SIMULATE_PRINCIPAL_POLICY_RESPONSE)
        return template.render(evaluations=evaluations)
Exemplo n.º 5
0
    def simulate_principal_policy(
        self,
        context: RequestContext,
        policy_source_arn: arnType,
        action_names: ActionNameListType,
        policy_input_list: SimulationPolicyListType = None,
        permissions_boundary_policy_input_list: SimulationPolicyListType = None,
        resource_arns: ResourceNameListType = None,
        resource_policy: policyDocumentType = None,
        resource_owner: ResourceNameType = None,
        caller_arn: ResourceNameType = None,
        context_entries: ContextEntryListType = None,
        resource_handling_option: ResourceHandlingOptionType = None,
        max_items: maxItemsType = None,
        marker: markerType = None,
    ) -> SimulatePolicyResponse:
        policy = moto_iam_backend.get_policy(policy_source_arn)
        policy_version = moto_iam_backend.get_policy_version(
            policy_source_arn, policy.default_version_id)
        try:
            policy_statements = json.loads(policy_version.document).get(
                "Statement", [])
        except Exception:
            raise NoSuchEntityException("Policy not found")

        evaluations = [
            self.build_evaluation_result(action_name, resource_arn,
                                         policy_statements)
            for action_name in action_names for resource_arn in resource_arns
        ]

        response = SimulatePolicyResponse()
        response["IsTruncated"] = False
        response["EvaluationResults"] = evaluations
        return response
Exemplo n.º 6
0
 def untag_policy(self):
     policy_arn = self._get_param("PolicyArn")
     tag_keys = self._get_multi_param("TagKeys.member")
     policy = moto_iam_backend.get_policy(policy_arn)
     policy.tags = {
         k: v
         for k, v in policy.tags.items() if k not in tag_keys
     }
     return ""