def write_policy(input_file, minimize, minimize_length, fmt, verbose):
"""
Write least-privilege IAM policies, restricting all actions to resource ARNs.
"""
if verbose:
log_level = getattr(logging, verbose.upper())
set_stream_logger(level=log_level)
if input_file:
cfg = read_yaml_file(input_file)
else:
try:
cfg = yaml.safe_load(sys.stdin)
except yaml.YAMLError as exc:
logger.critical(exc)
sys.exit()
min_length = None
if minimize:
min_length = minimize_length
policy = write_policy_with_template(cfg, min_length)
if fmt == "yaml":
policy_str = yaml.dump(policy, sort_keys=False)
else:
indent = 4 if fmt == "json" else None
policy_str = json.dumps(policy, indent=indent)
if fmt == "terraform":
obj = {'policy': policy_str}
policy_str = json.dumps(obj)
print(policy_str)
def action_table(name, service, access_level, condition, resource_type, fmt,
verbose):
"""Query the Action Table from the Policy Sentry database"""
if verbose:
log_level = getattr(logging, verbose.upper())
set_stream_logger(level=log_level)
query_action_table(name, service, access_level, condition, resource_type,
fmt)
def initialize_command(access_level_overrides_file, fetch, build, verbose):
"""
CLI command for initializing the local data file
"""
if verbose:
log_level = getattr(logging, verbose.upper())
set_stream_logger(level=log_level)
initialize(access_level_overrides_file, fetch, build)
def create_template(output_file, template_type, verbose):
"""
Writes YML file templates for use in the write-policy
command, so users can fill out the fields
without needing to look up the required format.
"""
if verbose:
log_level = getattr(logging, verbose.upper())
set_stream_logger(level=log_level)
filename = Path(output_file).resolve()
if template_type == "actions":
actions_template = create_actions_template()
with open(filename, "a") as file_obj:
for line in actions_template:
file_obj.write(line)
if template_type == "crud":
crud_template = create_crud_template()
with open(filename, "a") as file_obj:
for line in crud_template:
file_obj.write(line)
print(f"write-policy template file written to: {filename}")
def condition_table(name, service, fmt, verbose):
"""Query the condition table from the Policy Sentry database"""
if verbose:
log_level = getattr(logging, verbose.upper())
set_stream_logger(level=log_level)
query_condition_table(name, service, fmt)
def arn_table(name, service, list_arn_types, fmt="json", verbose=None):
"""Query the ARN Table from the Policy Sentry database"""
if verbose:
log_level = getattr(logging, verbose.upper())
set_stream_logger(level=log_level)
query_arn_table(name, service, list_arn_types, fmt)
