1. Advisor
  2. policyuniverse
  3. functions
  4. policyuniverse.all_permissions
View all policyuniverse analysis

How to use the policyuniverse.all_permissions function in policyuniverse

To help you get started, we’ve selected a few policyuniverse examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github Netflix-Skunkworks / policyuniverse / tests / TestMethods.py View on Github external
def test_get_actions_from_statement(self):
        statement = {
            "Action": "ec2:thispermissiondoesntexist",
            "NotAction": list(all_permissions),
            "Resource": "*",
            "Effect": "Allow"
        }
        expected_result = {"ec2:thispermissiondoesntexist"}
        result = get_actions_from_statement(statement)
        self.assertEqual(result, expected_result)
        get_actions_from_statement(dict(NotAction="abc"))
github Netflix-Skunkworks / policyuniverse / policyuniverse / expander_minimizer.py View on Github external
def _invert_actions(actions):
    from policyuniverse import all_permissions
    return all_permissions.difference(actions)
github Netflix-Skunkworks / policyuniverse / policyuniverse / expander_minimizer.py View on Github external
def _get_desired_actions_from_statement(statement):
    desired_actions = set()
    actions = _expand_wildcard_action(statement['Action'])

    for action in actions:
        if action not in all_permissions:
            raise Exception("Desired action not found in master permission list. {}".format(action))
        desired_actions.add(action)

    return desired_actions
github Netflix-Skunkworks / policyuniverse / policyuniverse / expander_minimizer.py View on Github external
def _expand_wildcard_action(action):
    """
    :param action: 'autoscaling:*'
    :return: A list of all autoscaling permissions matching the wildcard
    """
    if isinstance(action, list):
        expanded_actions = []
        for item in action:
            expanded_actions.extend(_expand_wildcard_action(item))
        return expanded_actions

    else:
        if '*' in action:
            expanded = [
                expanded_action.lower() for expanded_action in all_permissions if fnmatch.fnmatchcase(
                    expanded_action.lower(), action.lower()
                )
            ]

            # if we get a wildcard for a tech we've never heard of, just return the wildcard
            if not expanded:
                return [action.lower()]

            return expanded
        return [action.lower()]
github Netflix / repokid / repokid / utils / roledata.py View on Github external
for statement in policy.get("Statement"):
            if statement["Effect"].lower() == "allow":
                total_permissions = total_permissions.union(
                    get_actions_from_statement(statement)
                )
                if not (
                    "Sid" in statement
                    and statement["Sid"].startswith(STATEMENT_SKIP_SID)
                ):
                    # No Sid
                    # Sid exists, but doesn't start with STATEMENT_SKIP_SID
                    eligible_permissions = eligible_permissions.union(
                        get_actions_from_statement(statement)
                    )

    weird_permissions = total_permissions.difference(all_permissions)
    if weird_permissions and warn_unknown_perms:
        LOGGER.warn("Unknown permissions found: {}".format(weird_permissions))

    return total_permissions, eligible_permissions

policyuniverse

Parse and Process AWS IAM Policies, Statements, ARNs, and wildcards.

GitHub
Apache-2.0
Latest version published 11 months ago

Package Health Score

74 / 100
Full package analysis

Popular policyuniverse functions

Similar packages