1. Advisor
  2. policyuniverse
  3. functions
  4. policyuniverse.expand_policy
View all policyuniverse analysis

How to use the policyuniverse.expand_policy function in policyuniverse

To help you get started, we’ve selected a few policyuniverse examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github Netflix-Skunkworks / policyuniverse / tests / TestMethods.py View on Github external
self.assertEqual(expanded_policy, EXPANDED_POLICY_1)
        policy = {
            "Statement": {
                "NotAction": ["ec2:thispermissiondoesntexist"],
                "Resource": "*",
                "Effect": "Deny"
            }
        }
        expected_policy = {
            "Statement": [{
                "NotAction": ["ec2:thispermissiondoesntexist"],
                "Resource": "*",
                "Effect": "Deny"
            }]
        }
        expanded_policy = expand_policy(policy=dc(policy), expand_deny=False)
        self.assertEqual(expanded_policy, expected_policy)
        expanded_policy = expand_policy(policy=dc(policy), expand_deny=True)
        self.assertEqual(type(expanded_policy['Statement']), list)
github Netflix-Skunkworks / policyuniverse / tests / TestMethods.py View on Github external
def test_expand_1(self):
        expanded_policy = expand_policy(policy=dc(WILDCARD_POLICY_1))
        self.assertEqual(expanded_policy, EXPANDED_POLICY_1)
        policy = {
            "Statement": {
                "NotAction": ["ec2:thispermissiondoesntexist"],
                "Resource": "*",
                "Effect": "Deny"
            }
        }
        expected_policy = {
            "Statement": [{
                "NotAction": ["ec2:thispermissiondoesntexist"],
                "Resource": "*",
                "Effect": "Deny"
            }]
        }
        expanded_policy = expand_policy(policy=dc(policy), expand_deny=False)
github Netflix-Skunkworks / policyuniverse / tests / TestMethods.py View on Github external
def test_expand_2(self):
        expanded_policy = expand_policy(policy=dc(WILDCARD_POLICY_2))
        self.assertEqual(expanded_policy, EXPANDED_POLICY_2)
github Netflix / repokid / repokid / utils / roledata.py View on Github external
Given a set of policies for a role, return a set of all allowed permissions

    Args:
        policy_dict
        warn_unknown_perms

    Returns
        tuple
        set - all permissions allowed by the policies
        set - all permisisons allowed by the policies not marked with STATEMENT_SKIP_SID
    """
    total_permissions = set()
    eligible_permissions = set()

    for policy_name, policy in list(policy_dict.items()):
        policy = expand_policy(policy=policy, expand_deny=False)
        for statement in policy.get("Statement"):
            if statement["Effect"].lower() == "allow":
                total_permissions = total_permissions.union(
                    get_actions_from_statement(statement)
                )
                if not (
                    "Sid" in statement
                    and statement["Sid"].startswith(STATEMENT_SKIP_SID)
                ):
                    # No Sid
                    # Sid exists, but doesn't start with STATEMENT_SKIP_SID
                    eligible_permissions = eligible_permissions.union(
                        get_actions_from_statement(statement)
                    )

    weird_permissions = total_permissions.difference(all_permissions)

policyuniverse

Parse and Process AWS IAM Policies, Statements, ARNs, and wildcards.

GitHub
Apache-2.0
Latest version published 5 months ago

Package Health Score

77 / 100
Full package analysis

Popular policyuniverse functions

Similar packages