Utilities¶
util.policy_files¶
A few methods for parsing policies.
-
policy_sentry.util.policy_files.
get_actions_from_json_policy_file
(file)¶ read the json policy file and return a list of actions
-
policy_sentry.util.policy_files.
get_actions_from_policy
(data)¶ Given a policy dictionary, create a list of the actions
-
policy_sentry.util.policy_files.
get_actions_from_statement
(statement)¶ Given a statement dictionary, create a list of the actions
util.arns¶
Functions to use for parsing ARNs, matching ARN types, and getting the right fragment/component from an ARN string,
-
policy_sentry.util.arns.
arn_has_colons
(arn)¶ Given an ARN, determine if the ARN has colons in it. Just useful for the hacky methods for parsing ARN namespaces. See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html for more details on ARN namespacing.
-
policy_sentry.util.arns.
arn_has_slash
(arn)¶ Given an ARN, determine if the ARN has a stash in it. Just useful for the hacky methods for parsing ARN namespaces. See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html for more details on ARN namespacing.
-
policy_sentry.util.arns.
does_arn_match
(arn_to_test, arn_in_database)¶ Given two ARNs, determine if they have the same resource type. :param arn_to_test: ARN provided by user :param arn_in_database: Raw ARN that exists in the policy sentry database :return: result of whether or not the ARNs match
-
policy_sentry.util.arns.
get_account_from_arn
(arn)¶ Given an ARN, return the account ID in the ARN, if it is available. In certain cases like S3 it is not
-
policy_sentry.util.arns.
get_partition_from_arn
(arn)¶ Given an ARN string, return the partition string. This is usually aws unless you are in C2S or AWS GovCloud.
-
policy_sentry.util.arns.
get_region_from_arn
(arn)¶ Given an ARN, return the region in the ARN, if it is available. In certain cases like S3 it is not
-
policy_sentry.util.arns.
get_resource_from_arn
(arn)¶ Given an ARN, parse it according to ARN namespacing and return the resource. See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html for more details on ARN namespacing.
-
policy_sentry.util.arns.
get_resource_path_from_arn
(arn)¶ Given an ARN, parse it according to ARN namespacing and return the resource path. See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html for more details on ARN namespacing.
-
policy_sentry.util.arns.
get_resource_string
(arn)¶ Given an ARN, return the string after the account ID, no matter the ARN format.
Parameters: arn – arn:partition:service:region:account-id:resourcetype/resource Returns: resourcetype/resource
-
policy_sentry.util.arns.
get_service_from_arn
(arn)¶ Given an ARN string, return the service
-
policy_sentry.util.arns.
parse_arn
(arn)¶ Given an ARN, split up the ARN into the ARN namespacing schema dictated by the AWS docs.
-
policy_sentry.util.arns.
parse_arn_for_resource_type
(arn)¶ Parses the resource string (resourcetype/resource and other variants) and grab the resource type.
Parameters: arn – Returns:
util.file¶
Functions that relate to manipulating files, loading files, and managing filepaths.
-
policy_sentry.util.file.
read_yaml_file
(filename)¶ Reads a YAML file, safe loads, and returns the dictionary
Parameters: filename – name of the yaml file Returns: dictionary of YAML file contents
util.actions¶
Text operations specific to IAM actions
-
policy_sentry.util.actions.
get_action_name_from_action
(action)¶ Returns the lowercase action name from a service:action combination :param action: ec2:DescribeInstance :return: describeinstance
-
policy_sentry.util.actions.
get_full_action_name
(service, action_name)¶ Gets the proper formatting for an action - the service, plus colon, plus action name. :param service: service name, like s3 :param action_name: action name, like createbucket :return: the resulting string
-
policy_sentry.util.actions.
get_lowercase_action_list
(action_list)¶ Given a list of actions, return the list but in lowercase format
-
policy_sentry.util.actions.
get_service_from_action
(action)¶ Returns the service name from a service:action combination :param action: ec2:DescribeInstance :return: ec2