Skip to content

Writing

See the examples under https://github.com/salesforce/policy_sentry/tree/master/examples/library-usage/writing.

command.write_policy

Given a Policy Sentry YML template, write a least-privilege IAM Policy in CRUD mode or Actions mode.

RegisterLengthOption

Mark this option as getting a _length option

RegisterLengthOptionHelp

Translate help for the hidden _length suffix

RegisterMinimizeLengthCommand

Translate any opt= to opt_length= as needed

parse_args(self, ctx, args)

Given a context and a list of arguments this creates the parser and parses the arguments, then modifies the context as necessary. This is automatically invoked by :meth:make_context.

Source code in policy_sentry/command/write_policy.py
def parse_args(self, ctx, args):
    options = [o for o in ctx.command.params
               if getattr(o, 'register_length', None)]
    prefixes = {p for p in sum([o.opts for o in options], [])
                if p.startswith('--')}
    for i, a in enumerate(args):
        a = a.split('=')
        if a[0] in prefixes:
            if len(a) > 1:
                args[i] = a[0]
                args.insert(i + 1, a[0] + '_length=' + a[1])
            else:
                # check if next argument is naked
                if len(args) > i + 1 and not args[i + 1].startswith('--'):
                    value = args[i + 1]
                    args[i + 1] = a[0] + '_length=' + value
    return super().parse_args(ctx, args)

write_policy_with_template(cfg, minimize=None)

This function is called by write-policy so the config can be passed in as a dict without running into a Click-related error. Use this function, rather than the write-policy function, if you are using Policy Sentry as a python library.

Parameters:

Name Type Description Default
cfg

The loaded YAML as a dict. Must follow Policy Sentry dictated format.

required
minimize

Minimize the resulting statement with safe usage of wildcards to reduce policy length. Set this to the character length you want - for example, 0, or 4. Defaults to none.

None

Returns:

Type Description
Dictionary

The JSON policy

Source code in policy_sentry/command/write_policy.py
def write_policy_with_template(cfg, minimize=None):
    """
    This function is called by write-policy so the config can be passed in as a dict without running into a Click-related error. Use this function, rather than the write-policy function, if you are using Policy Sentry as a python library.

    Arguments:
        cfg: The loaded YAML as a dict. Must follow Policy Sentry dictated format.
        minimize: Minimize the resulting statement with *safe* usage of wildcards to reduce policy length. Set this to the character length you want - for example, 0, or 4. Defaults to none.
    Returns:
        Dictionary: The JSON policy
    """
    sid_group = SidGroup()
    policy = sid_group.process_template(cfg, minimize)
    return policy