Utilities¶
util.policy_files¶
A few methods for parsing policies.
-
policy_sentry.util.policy_files.
get_actions_from_json_policy_file
(file)¶ read the json policy file and return a list of actions
-
policy_sentry.util.policy_files.
get_actions_from_policy
(data)¶ Given a policy dictionary, create a list of the actions
-
policy_sentry.util.policy_files.
get_actions_from_statement
(statement)¶ Given a statement dictionary, create a list of the actions
util.arns¶
Functions to use for parsing ARNs, matching ARN types, and getting the right fragment/component from an ARN string,
-
policy_sentry.util.arns.
arn_has_colons
(arn)¶ Given an ARN, determine if the ARN has colons in it. Just useful for the hacky methods for parsing ARN namespaces. See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html for more details on ARN namespacing.
-
policy_sentry.util.arns.
arn_has_slash
(arn)¶ Given an ARN, determine if the ARN has a stash in it. Just useful for the hacky methods for parsing ARN namespaces. See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html for more details on ARN namespacing.
-
policy_sentry.util.arns.
does_arn_match
(arn_to_test, arn_in_database)¶ Given two ARNs, determine if they match. The cases supported are outlined below.
Case 1: arn:partition:service:region:account-id:resource
Case 2: arn:partition:service:region:account-id:resourcetype/resource
Case 3: arn:partition:service:region:account-id:resourcetype/resource/qualifier
Case 4: arn:partition:service:region:account-id:resourcetype/resource:qualifier
Case 5: arn:partition:service:region:account-id:resourcetype:resource
Case 6: arn:partition:service:region:account-id:resourcetype:resource:qualifier
Source: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-arns
Parameters: arn – ARN to parse Returns: result of whether or not the ARNs match
-
policy_sentry.util.arns.
get_account_from_arn
(arn)¶ Given an ARN, return the account ID in the ARN, if it is available. In certain cases like S3 it is not
-
policy_sentry.util.arns.
get_partition_from_arn
(arn)¶ Given an ARN string, return the partition string. This is usually aws unless you are in C2S or AWS GovCloud.
-
policy_sentry.util.arns.
get_region_from_arn
(arn)¶ Given an ARN, return the region in the ARN, if it is available. In certain cases like S3 it is not
-
policy_sentry.util.arns.
get_resource_from_arn
(arn)¶ Given an ARN, parse it according to ARN namespacing and return the resource. See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html for more details on ARN namespacing.
-
policy_sentry.util.arns.
get_resource_path_from_arn
(arn)¶ Given an ARN, parse it according to ARN namespacing and return the resource path. See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html for more details on ARN namespacing.
-
policy_sentry.util.arns.
get_service_from_arn
(arn)¶ Given an ARN string, return the service
-
policy_sentry.util.arns.
parse_arn
(arn)¶ Given an ARN, split up the ARN into the ARN namespacing schema dictated by the AWS docs.
util.file¶
Functions that relate to manipulating files, loading files, and managing filepaths.
-
policy_sentry.util.file.
check_valid_file_path
(file)¶ Checks if the file path is valid.
Parameters: file – The file to check. Returns: True if it exists, False if it does not Return type: bool
-
policy_sentry.util.file.
create_directory_if_it_doesnt_exist
(directory)¶ Equivalent of mkdir -p
-
policy_sentry.util.file.
list_files_in_directory
(directory)¶ Equivalent of ls command, and return the list of files
-
policy_sentry.util.file.
read_this_file
(filename)¶ Read a file at a path and return the lines from each file
-
policy_sentry.util.file.
read_yaml_file
(filename)¶ Reads a YAML file, safe loads, and returns the dictionary
Parameters: filename – name of the yaml file Returns: dictionary of YAML file contents
-
policy_sentry.util.file.
write_json_file
(filename, json_contents)¶ Description: Writes a YAML file :param json_contents: a dictionary used to build the JSON. This is the IAM Policy built by write_policy functions. :param filename: name of the yaml file, which should include the path
util.actions¶
Text operations specific to IAM actions
-
policy_sentry.util.actions.
get_action_name_from_action
(action)¶ Returns the lowercase action name from a service:action combination :param action: ec2:DescribeInstance :return: describeinstance
-
policy_sentry.util.actions.
get_full_action_name
(service, action_name)¶ Gets the proper formatting for an action - the service, plus colon, plus action name. :param service: service name, like s3 :param action_name: action name, like createbucket :return: the resulting string
-
policy_sentry.util.actions.
get_lowercase_action_list
(action_list)¶ Given a list of actions, return the list but in lowercase format
-
policy_sentry.util.actions.
get_service_from_action
(action)¶ Returns the service name from a service:action combination :param action: ec2:DescribeInstance :return: ec2