Python Elements.update示例，lib.graph.base.Elements.update Python示例

示例#1

0

显示文件

    def principals(self):

        principals = Elements()
        for _, policy in self.documents.items():
            results = policy.principals()
            principals.update(results)
        return principals

示例#2

0

显示文件

文件： policy.py 项目： bbhunt-2020/Canivete

    def principals(self):

        principals = Elements()

        for policy in self.documents.values():
            principals.update(policy.principals())

        return principals

示例#3

0

显示文件

文件： policy.py 项目： bbhunt-2020/Canivete

    def actions(self):

        actions = Elements()

        for statement in self.statements:
            actions.update(statement.actions())

        return actions

示例#4

0

显示文件

文件： policy.py 项目： bbhunt-2020/Canivete

    def principals(self):

        principals = Elements()

        for statement in self.statements:
            principals.update(statement.principals())

        return principals

示例#5

0

显示文件

    def resolve(self):

        if self._Actions is not None:
            return self._Actions

        if self._explicit_actions is None:
            self._resolve_action_statement()
        if self._explicit_resources is None:
            self._resolve_resource_statement()
        if self._explicit_principals is None:
            self._resolve_principal_statement()

        actions = Elements()

        for action in self.actions():

            # Rewrite
            resources = Elements()
            for affected in ACTIONS[action]["Affects"]:
                resources.update(
                    Elements(self._explicit_resources.get(affected)))

            for resource in resources:

                # Action conditions comprise of resource level permission conditions
                # variants AND statement conditions

                condition = self._explicit_resource_conditions[resource.id()]

                condition = [{
                    **condition[i],
                    **self._explicit_conditions
                } for i in range(len(condition))]

                condition = json.dumps(condition) \
                    if len(condition[0]) > 0 else "[]"

                for principal in self._explicit_principals:
                    actions.add(
                        Action(properties={
                            "Name": action,
                            "Description": ACTIONS[action]["Description"],
                            "Effect": self._statement["Effect"],
                            "Access": ACTIONS[action]["Access"],
                            "Reference": ACTIONS[action]["Reference"],
                            "Condition": condition
                        },
                               source=principal,
                               target=resource))

        # Unset resource level permission conditions
        for resource in self._explicit_resources:
            resource.condition = []

        self._Actions = actions

        return self._Actions

示例#6

0

显示文件

文件： policy.py 项目： bbhunt-2020/Canivete

    def actions(self):

        actions = Elements()

        for document in self.documents.values():
            actions.update(document.actions())

        console.info(f"{self.__class__.__name__} {self.__resource} "
                     f"resolved to {len(actions)} Action(s)")

        return actions

示例#7

0

显示文件

文件： policy.py 项目： bbhunt-2020/Canivete

    def actions(self):

        if self._actions is not None:
            return self._actions

        (principals, actions, resources,
         conditions) = (self.principals(), Elements(), self.resources(),
                        self.conditions())

        for action in self._get_actions():

            action_resources = Elements()

            # Actions that do not affect specific resource types.
            if ACTIONS[action]["Affects"] == {}:
                action_resources.update(
                    Elements(self.__resources.get("CatchAll")))

            for affected_type in ACTIONS[action]["Affects"].keys():
                # Ignore mutable actions affecting built in policies
                if (affected_type == "AWS::Iam::Policy"
                        and ACTIONS[action]["Access"]
                        in ["Permissions Management", "Write"]):
                    action_resources.update([
                        a for a in resources.get(affected_type)
                        if str(a).split(':')[4] != "aws"
                    ])
                else:
                    action_resources.update(resources.get(affected_type))

            for resource in action_resources:
                # Action conditions comprise of resource-level conditions and statement conditions
                resource_conditions = list(conditions[str(resource)] if str(
                    resource) in conditions else [{}])

                statement_conditions = dict(
                    self.__statement["Condition"] if "Condition" in
                    self.__statement.keys() else {})
                # Add the two together
                condition = json.dumps([
                    {
                        **resource_conditions[i],
                        **statement_conditions
                    } for i in range(len(resource_conditions))
                ]) if (len(resource_conditions[0]) + len(statement_conditions)) > 0  \
                    else "[]"

                # Incorporate all items from ACTIONS.py
                supplementary = next((ACTIONS[action]["Affects"][r]
                                      for r in resource.labels()
                                      if r in ACTIONS[action]["Affects"]), {})

                for principal in self._principals:

                    actions.add(
                        Action(properties={
                            "Name": action,
                            "Description": ACTIONS[action]["Description"],
                            "Effect": self.__statement["Effect"],
                            "Access": ACTIONS[action]["Access"],
                            "Reference": ACTIONS[action]["Reference"],
                            "Condition": condition,
                            **supplementary
                        },
                               source=principal,
                               target=resource))

        # Unset resource level permission conditions
        for resource in self._resources:
            resource.condition = []

        self._actions = actions

        return self._actions

示例#8

0

显示文件

    def resolve(self):

        actions = Elements()
        for _, policy in self.documents.items():
            actions.update(policy.resolve())
        return actions

示例#9

0

显示文件

 def resolve(self):
     actions = Elements()
     for i in range(len(self.statements)):
         actions.update(self.statements[i].resolve())
     return actions

示例#10

0

显示文件

 def principals(self):
     principals = Elements()
     for i in range(len(self.statements)):
         principals.update(self.statements[i].principals())
     return principals

示例#11

0

显示文件

文件： policy.py 项目： zhangaz1/awspx

    def resolve(self):

        if self._Actions is not None:
            return self._Actions

        if self._explicit_actions is None:
            self._resolve_action_statement()
        if self._explicit_resources is None:
            self._resolve_resource_statement()
        if self._explicit_principals is None:
            self._resolve_principal_statement()

        actions = Elements()

        for action in self.actions():

            resources = Elements()

            # Actions that do not affect specific resource types.

            if ACTIONS[action]["Affects"] == {}:

                resources.update(
                    Elements(self._explicit_resources.get("CatchAll")))

            for affected_type in ACTIONS[action]["Affects"].keys():

                affected = self._explicit_resources.get(affected_type)

                # Ignore mutable actions affecting built in policies

                if affected_type == "AWS::Iam::Policy" \
                        and ACTIONS[action]["Access"] in ["Permissions Management", "Write"]:
                    affected = [
                        a for a in affected if str(a).split(':')[4] != "aws"
                    ]

                resources.update(Elements(affected))

            for resource in resources:

                # Action conditions comprise of resource level permission conditions
                # variants AND statement conditions

                condition = self._explicit_resource_conditions[resource.id()]

                condition = [{
                    **condition[i],
                    **self._explicit_conditions
                } for i in range(len(condition))]

                condition = json.dumps(condition) \
                    if len(condition[0]) > 0 else "[]"

                supplementary = next((ACTIONS[action]["Affects"][r]
                                      for r in resource.labels()
                                      if r in ACTIONS[action]["Affects"]), {})

                for principal in self._explicit_principals:
                    actions.add(
                        Action(properties={
                            "Name": action,
                            "Description": ACTIONS[action]["Description"],
                            "Effect": self._statement["Effect"],
                            "Access": ACTIONS[action]["Access"],
                            "Reference": ACTIONS[action]["Reference"],
                            "Condition": condition,
                            **supplementary
                        },
                               source=principal,
                               target=resource))

        # Unset resource level permission conditions
        for resource in self._explicit_resources:
            resource.condition = []

        self._Actions = actions

        return self._Actions