Skip to content

querying.arns

querying.arns

See the examples under https://github.com/salesforce/policy_sentry/tree/master/examples/library-usage/querying

Methods that execute specific queries against the SQLite database for the ARN table. This supports the policy_sentry query functionality

get_arn_data(service_prefix, resource_type_name)

Get details about ARNs in JSON format.

Parameters:

Name Type Description Default
service_prefix

An AWS service prefix, like s3 or kms

required
resource_type_name

The name of a resource type, like bucket or object. To get details on ALL arns in a service, specify "*" here.

required

Returns:

Type Description
Dictionary

Metadata about an ARN type

get_arn_type_details(service_prefix, resource_type_name)

Get details about ARNs in JSON format.

Parameters:

Name Type Description Default
service_prefix

An AWS service prefix, like s3 or kms

required
resource_type_name

The name of a resource type, like bucket or object. To get details on ALL arns in a service, specify "*" here.

required

Returns:

Type Description
Dictionary

Metadata about an ARN type

get_arn_types_for_service(service_prefix)

Get a list of available ARN short names per AWS service.

Parameters:

Name Type Description Default
service_prefix

An AWS service prefix, like s3 or kms

required

Returns:

Type Description
List

A list of ARN types, like bucket or object

get_matching_raw_arns(arn)

Given a user-supplied ARN, return the list of raw_arns since that is used as a unique identifier throughout this library

Parameters:

Name Type Description Default
arn

The user-supplied arn, like arn:aws:s3:::mybucket

required

Returns:

Type Description
list(str)

The list of raw ARNs stored in the database, like 'arn:${Partition}:s3:::${BucketName}'

get_raw_arns_for_service(service_prefix)

Get a list of available raw ARNs per AWS service

Parameters:

Name Type Description Default
service_prefix

An AWS service prefix, like s3 or kms

required

Returns:

Type Description
List

A list of raw ARNs

get_resource_type_name_with_raw_arn(raw_arn)

Given a raw ARN, return the resource type name as shown in the database.

Parameters:

Name Type Description Default
raw_arn

The raw ARN stored in the database, like 'arn:${Partition}:s3:::${BucketName}'

required

Returns:

Type Description
String

The resource type name, like bucket