def __init__(self, policy): self.policy = policy self.statements = [] statement_structure = ensure_array(self.policy.get("Statement", [])) for statement in statement_structure: self.statements.append(Statement(statement))
def get_actions_from_statement(statement): allowed_actions = set() actions = ensure_array(statement.get("Action", [])) for action in actions: allowed_actions = allowed_actions.union( set(_expand_wildcard_action(action))) inverted_actions = set() not_actions = ensure_array(statement.get("NotAction", [])) for action in not_actions: inverted_actions = inverted_actions.union( set(_expand_wildcard_action(action))) if inverted_actions: actions = _invert_actions(inverted_actions) allowed_actions = allowed_actions.union(actions) return allowed_actions
def expand_policy(policy=None, expand_deny=False): # Perform a deepcopy to avoid mutating the input result = copy.deepcopy(policy) result["Statement"] = ensure_array(result["Statement"]) for statement in result["Statement"]: if statement["Effect"].lower() == "deny" and not expand_deny: continue actions = get_actions_from_statement(statement) if "NotAction" in statement: del statement["NotAction"] statement["Action"] = sorted(list(actions)) return result
def test_ensure_array_non_sequence_input(self): for obj in ("abc", b"abc", 1, {"a": 1}): self.assertListEqual(ensure_array(obj), [obj])
def test_ensure_array_sequence_input(self): for obj in ([1, 2], (3, 4), CustomSequence(5, 6)): self.assertIs(ensure_array(obj), obj)
def resources(self): if "NotResource" in self.statement: return set(["*"]) resources = ensure_array(self.statement.get("Resource")) return set(resources)
def _actions(self): actions = self.statement.get("Action") if not actions: return set() actions = ensure_array(actions) return set(actions)