def write_policy(input_file, minimize, minimize_length, fmt, verbose): """ Write least-privilege IAM policies, restricting all actions to resource ARNs. """ if verbose: log_level = getattr(logging, verbose.upper()) set_stream_logger(level=log_level) if input_file: cfg = read_yaml_file(input_file) else: try: cfg = yaml.safe_load(sys.stdin) except yaml.YAMLError as exc: logger.critical(exc) sys.exit() min_length = None if minimize: min_length = minimize_length policy = write_policy_with_template(cfg, min_length) if fmt == "yaml": policy_str = yaml.dump(policy, sort_keys=False) else: indent = 4 if fmt == "json" else None policy_str = json.dumps(policy, indent=indent) if fmt == "terraform": obj = {'policy': policy_str} policy_str = json.dumps(obj) print(policy_str)
def action_table(name, service, access_level, condition, resource_type, fmt, verbose): """Query the Action Table from the Policy Sentry database""" if verbose: log_level = getattr(logging, verbose.upper()) set_stream_logger(level=log_level) query_action_table(name, service, access_level, condition, resource_type, fmt)
def initialize_command(access_level_overrides_file, fetch, build, verbose): """ CLI command for initializing the local data file """ if verbose: log_level = getattr(logging, verbose.upper()) set_stream_logger(level=log_level) initialize(access_level_overrides_file, fetch, build)
def create_template(output_file, template_type, verbose): """ Writes YML file templates for use in the write-policy command, so users can fill out the fields without needing to look up the required format. """ if verbose: log_level = getattr(logging, verbose.upper()) set_stream_logger(level=log_level) filename = Path(output_file).resolve() if template_type == "actions": actions_template = create_actions_template() with open(filename, "a") as file_obj: for line in actions_template: file_obj.write(line) if template_type == "crud": crud_template = create_crud_template() with open(filename, "a") as file_obj: for line in crud_template: file_obj.write(line) print(f"write-policy template file written to: {filename}")
def condition_table(name, service, fmt, verbose): """Query the condition table from the Policy Sentry database""" if verbose: log_level = getattr(logging, verbose.upper()) set_stream_logger(level=log_level) query_condition_table(name, service, fmt)
def arn_table(name, service, list_arn_types, fmt="json", verbose=None): """Query the ARN Table from the Policy Sentry database""" if verbose: log_level = getattr(logging, verbose.upper()) set_stream_logger(level=log_level) query_arn_table(name, service, list_arn_types, fmt)