policyuniverse
policyuniverse copied to clipboard
Netflix-Skunkworks
Parse and Process AWS IAM Policies, Statements, ARNs, and wildcards.
The Updater GitHub Action seems to have failed for quite some time. I attempt to run it in my own aws account; however, phantomjs doesn't seem to progress on the...
Hi, ARN class should implement __hash__ for ARN uniqueness, so it will be possible to use it as dict key and also to compare. I'll submit small PR.
dear maintainers, since I have recently started using this library a lot I would like to contribute a patch with types annotations so I stop putting comments for mypy :D...
Resolves #150. This is a demo of more accurate conditions handling within statement.py by addition of a new Condition class. This allows us to track the location of each condition...
From Policy Universe's `statement.py`, there's a lengthy comment on `StringNotLike` et al: > Extracts any ARNs, Account Numbers, UserIDs, Usernames, CIDRs, VPCs, and VPC Endpoints from a condition block. Ignores...
cc @k-bailey We have seen wildcards in account ID ARN field result in false positives for a resource being internet accessible when the resource is restricted to an AWS Org....
Pulling an example from the AWS documentation for API Gateway resource policies [here](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies-examples.html#apigateway-resource-policies-source-vpc-example): ``` % cat test.py from policyuniverse.policy import Policy from json import loads from pprint import pprint json_policy...
It would be nice if there was a small CLI tool available when you installed that would allow you to quickly expand wildcards without having to hop into a python...
As a user, I believe that the conditions_entries property on a Statement should reflect well-formed conditions when the Action is `iam:PassRole`. `iam:PassRole` uses a string based condition check. [The example...
Metadata
Owner
Metadata
Parse and Process AWS IAM Policies, Statements, ARNs, and wildcards.