def query_arn_table(name, service, list_arn_types, fmt):
"""Query the ARN Table from the Policy Sentry database. Use this one when leveraging Policy Sentry as a library."""
if os.path.exists(LOCAL_DATASTORE_FILE_PATH):
logger.info(
f"Using the Local IAM definition: {LOCAL_DATASTORE_FILE_PATH}. To leverage the bundled definition instead, remove the folder $HOME/.policy_sentry/"
)
else:
# Otherwise, leverage the datastore inside the python package
logger.debug("Leveraging the bundled IAM Definition.")
# Get a list of all RAW ARN formats available through the service.
if name is None and list_arn_types is False:
output = get_raw_arns_for_service(service)
print(yaml.dump(output)) if fmt == "yaml" else [
print(item) for item in output
]
# Get a list of all the ARN types per service, paired with the RAW ARNs
elif name is None and list_arn_types:
output = get_arn_types_for_service(service)
print(yaml.dump(output)) if fmt == "yaml" else [
print(json.dumps(output, indent=4))
]
# Get the raw ARN format for the `cloud9` service with the short name
# `environment`
else:
output = get_arn_type_details(service, name)
print(yaml.dump(output)) if fmt == "yaml" else [
print(json.dumps(output, indent=4))
]
return output
def test_get_arn_type_details(self):
"""querying.arns.get_arn_type_details: Tests function that grabs details about a specific ARN name"""
desired_output = {
"resource_type_name": "environment",
"raw_arn": "arn:${Partition}:cloud9:${Region}:${Account}:environment:${ResourceId}",
"condition_keys": None,
}
output = get_arn_type_details(db_session, "cloud9", "environment")
self.assertEqual(desired_output, output)
def test_get_arn_type_details(self):
"""querying.arns.get_arn_type_details: Tests function that grabs details about a specific ARN name"""
expected_results = {
"resource_type_name": "environment",
"raw_arn": "arn:${Partition}:cloud9:${Region}:${Account}:environment:${ResourceId}",
"condition_keys": ["aws:ResourceTag/${TagKey}"],
}
results = get_arn_type_details("cloud9", "environment")
# print(json.dumps(results, indent=4))
self.assertEqual(results, expected_results)
def arn_table(name, service, list_arn_types):
"""Query the ARN Table from the Policy Sentry database"""
db_session = connect_db(DATABASE_FILE_PATH)
# Get a list of all RAW ARN formats available through the service.
if name is None and list_arn_types is False:
raw_arns = get_raw_arns_for_service(db_session, service)
for item in raw_arns:
print(item)
# Get a list of all the ARN types per service, paired with the RAW ARNs
elif name is None and list_arn_types:
output = get_arn_types_for_service(db_session, service)
print(json.dumps(output, indent=4))
# Get the raw ARN format for the `cloud9` service with the short name
# `environment`
else:
output = get_arn_type_details(db_session, service, name)
print(json.dumps(output, indent=4))
def query_arn_table(name, service, list_arn_types, fmt):
"""Query the ARN Table from the Policy Sentry database. Use this one when leveraging Policy Sentry as a library."""
# Get a list of all RAW ARN formats available through the service.
if name is None and list_arn_types is False:
output = get_raw_arns_for_service(service)
print(yaml.dump(output)) if fmt == "yaml" else [
print(item) for item in output
]
# Get a list of all the ARN types per service, paired with the RAW ARNs
elif name is None and list_arn_types:
output = get_arn_types_for_service(service)
print(yaml.dump(output)) if fmt == "yaml" else [
print(json.dumps(output, indent=4))
]
# Get the raw ARN format for the `cloud9` service with the short name
# `environment`
else:
output = get_arn_type_details(service, name)
print(yaml.dump(output)) if fmt == "yaml" else [
print(json.dumps(output, indent=4))
]
return output
#!/usr/bin/env python
from policy_sentry.querying.arns import get_arn_type_details
import json
if __name__ == '__main__':
output = get_arn_type_details("cloud9", "environment")
print(json.dumps(output, indent=4))
"""
Output:
{
"resource_type_name": "environment",
"raw_arn": "arn:${Partition}:cloud9:${Region}:${Account}:environment:${ResourceId}",
"condition_keys": None
}
"""
#!/usr/bin/env python
from policy_sentry.shared.database import connect_db
from policy_sentry.querying.arns import get_arn_type_details
import json
if __name__ == '__main__':
db_session = connect_db('bundled')
output = get_arn_type_details(db_session, "cloud9", "environment")
print(json.dumps(output, indent=4))
"""
Output:
{
"resource_type_name": "environment",
"raw_arn": "arn:${Partition}:cloud9:${Region}:${Account}:environment:${ResourceId}",
"condition_keys": None
}
"""
