def print_policy(arn_dict_with_actions_and_resources,
db_session,
minimize=None):
"""
Builds the policy dictionary given the output of write_policy_with_access_levels or write_policy_with_actions.
"""
statement = []
all_actions = get_all_actions(db_session)
for sid in arn_dict_with_actions_and_resources:
actions = arn_dict_with_actions_and_resources[sid]['actions']
if minimize is not None and isinstance(minimize, int):
actions = minimize_statement_actions(actions,
all_actions,
minchars=minimize)
statement.append({
"Sid":
arn_dict_with_actions_and_resources[sid]['name'],
"Effect":
"Allow",
"Action":
actions,
"Resource":
arn_dict_with_actions_and_resources[sid]['arns']
})
policy = {"Version": policy_language_version, "Statement": statement}
return policy
def print_policy(arn_dict_with_actions_and_resources,
db_session,
minimize=None):
"""
Prints the least privilege policy
"""
statement = []
all_actions = get_all_actions(db_session)
for sid in arn_dict_with_actions_and_resources:
actions = arn_dict_with_actions_and_resources[sid]['actions']
if minimize is not None and isinstance(minimize, int):
actions = minimize_statement_actions(actions,
all_actions,
minchars=minimize)
statement.append({
"Sid":
arn_dict_with_actions_and_resources[sid]['name'],
"Effect":
"Allow",
"Action":
actions,
"Resource":
arn_dict_with_actions_and_resources[sid]['arns']
})
policy = {"Version": POLICY_LANGUAGE_VERSION, "Statement": statement}
return policy
def test_minimize_statement_actions(self):
actions_to_minimize = [
"kms:creategrant", "kms:createcustomkeystore",
"ec2:authorizesecuritygroupegress",
"ec2:authorizesecuritygroupingress"
]
desired_result = ['ec2:authorizes*', 'kms:createc*', 'kms:createg*']
all_actions = get_all_actions(db_session)
minchars = None
# minimized_actions_list = minimize_statement_actions(desired_actions, all_actions, minchars)
self.assertListEqual(
sorted(
minimize_statement_actions(actions_to_minimize, all_actions,
minchars)), sorted(desired_result))