Skip to content

querying.conditions

querying.conditions

See the examples under https://github.com/salesforce/policy_sentry/tree/master/examples/library-usage/querying

Methods that execute specific queries against the SQLite database for the CONDITIONS table. This supports the policy_sentry query functionality

get_condition_key_details(service_prefix, condition_key_name)

Get details about a specific condition key in JSON format

Parameters:

Name Type Description Default
service_prefix

An AWS service prefix, like ec2 or kms

required
condition_key_name

The name of a condition key, like ec2:Vpc

required

Returns:

Type Description
Dictionary

Metadata about the condition key

get_condition_keys_available_to_raw_arn(raw_arn)

Get a list of condition keys available to a RAW ARN

Parameters:

Name Type Description Default
raw_arn

The value in the database, like arn:${Partition}:s3:::${BucketName}/${ObjectName}

required

Returns:

Type Description
List

A list of condition keys

get_condition_value_type(condition_key)

Get the data type of the condition key - like Date, String, etc.

Parameters:

Name Type Description Default
condition_key

A condition key, like a4b:filters_deviceType

required

Returns:

Type Description
String

type of the condition key, like Bool, Date, String, etc.

get_conditions_for_action_and_raw_arn(action, raw_arn)

Get a list of conditions available to an action.

Parameters:

Name Type Description Default
action

The IAM action, like s3:GetObject

required
raw_arn

The raw ARN format specific to the action

required

Returns:

Type Description
List

A list of condition keys