Utilities

util.policy_files

A few methods for parsing policies.

policy_sentry.util.policy_files.get_actions_from_json_policy_file(file)

read the json policy file and return a list of actions

policy_sentry.util.policy_files.get_actions_from_policy(data)

Given a policy dictionary, create a list of the actions

policy_sentry.util.policy_files.get_actions_from_statement(statement)

Given a statement dictionary, create a list of the actions

util.arns

Functions to use for parsing ARNs, matching ARN types, and getting the right fragment/component from an ARN string,

policy_sentry.util.arns.arn_has_colons(arn)

Given an ARN, determine if the ARN has colons in it. Just useful for the hacky methods for parsing ARN namespaces. See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html for more details on ARN namespacing.

policy_sentry.util.arns.arn_has_slash(arn)

Given an ARN, determine if the ARN has a stash in it. Just useful for the hacky methods for parsing ARN namespaces. See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html for more details on ARN namespacing.

policy_sentry.util.arns.does_arn_match(arn_to_test, arn_in_database)

Given two ARNs, determine if they have the same resource type. :param arn_to_test: ARN provided by user :param arn_in_database: Raw ARN that exists in the policy sentry database :return: result of whether or not the ARNs match

policy_sentry.util.arns.get_account_from_arn(arn)

Given an ARN, return the account ID in the ARN, if it is available. In certain cases like S3 it is not

policy_sentry.util.arns.get_partition_from_arn(arn)

Given an ARN string, return the partition string. This is usually aws unless you are in C2S or AWS GovCloud.

policy_sentry.util.arns.get_region_from_arn(arn)

Given an ARN, return the region in the ARN, if it is available. In certain cases like S3 it is not

policy_sentry.util.arns.get_resource_from_arn(arn)

Given an ARN, parse it according to ARN namespacing and return the resource. See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html for more details on ARN namespacing.

policy_sentry.util.arns.get_resource_path_from_arn(arn)

Given an ARN, parse it according to ARN namespacing and return the resource path. See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html for more details on ARN namespacing.

policy_sentry.util.arns.get_resource_string(arn)

Given an ARN, return the string after the account ID, no matter the ARN format.

Parameters:arn – arn:partition:service:region:account-id:resourcetype/resource
Returns:resourcetype/resource
policy_sentry.util.arns.get_service_from_arn(arn)

Given an ARN string, return the service

policy_sentry.util.arns.parse_arn(arn)

Given an ARN, split up the ARN into the ARN namespacing schema dictated by the AWS docs.

policy_sentry.util.arns.parse_arn_for_resource_type(arn)

Parses the resource string (resourcetype/resource and other variants) and grab the resource type.

Parameters:arn
Returns:

util.file

Functions that relate to manipulating files, loading files, and managing filepaths.

policy_sentry.util.file.read_yaml_file(filename)

Reads a YAML file, safe loads, and returns the dictionary

Parameters:filename – name of the yaml file
Returns:dictionary of YAML file contents

util.actions

Text operations specific to IAM actions

policy_sentry.util.actions.get_action_name_from_action(action)

Returns the lowercase action name from a service:action combination :param action: ec2:DescribeInstance :return: describeinstance

policy_sentry.util.actions.get_full_action_name(service, action_name)

Gets the proper formatting for an action - the service, plus colon, plus action name. :param service: service name, like s3 :param action_name: action name, like createbucket :return: the resulting string

policy_sentry.util.actions.get_lowercase_action_list(action_list)

Given a list of actions, return the list but in lowercase format

policy_sentry.util.actions.get_service_from_action(action)

Returns the service name from a service:action combination :param action: ec2:DescribeInstance :return: ec2