policyuniverse icon indicating copy to clipboard operation
policyuniverse copied to clipboard

Published 20 hours ago verified publisher icon Netflix-Skunkworks

CLI for expansion

Open mwarkentin opened this issue 4 years ago • 7 comments

It would be nice if there was a small CLI tool available when you installed that would allow you to quickly expand wildcards without having to hop into a python shell. Imagining something like:

policyuniverse expand --action 'swf:res*'
"Action": [
              "swf:respondactivitytaskcanceled",
              "swf:respondactivitytaskcompleted",
              "swf:respondactivitytaskfailed",
              "swf:responddecisiontaskcompleted"
            ]

Alternatively if you wanted to output the full policy:

policyuniverse expand --action 'swf:res*' --resource '*' --effect 'Allow'
{
        "Statement": [{
            "Action": [
              "swf:respondactivitytaskcanceled",
              "swf:respondactivitytaskcompleted",
              "swf:respondactivitytaskfailed",
              "swf:responddecisiontaskcompleted"
            ],
            "Resource": "*",
            "Effect": "Allow"
          }]
      }

mwarkentin avatar Mar 26 '20 14:03 mwarkentin

I was hoping the same, but for minification ;)

TryTryAgain avatar Jun 23 '21 06:06 TryTryAgain

@TryTryAgain Same. I'd like given a policy, make it smaller

getsec avatar Jun 24 '21 16:06 getsec

@mwarkentin - Cloudsplaining does have an expand-policy subcommand. It would be pretty straightforward to also have a minimize-policy subcommand as well

image

kmcquade avatar Jun 25 '21 18:06 kmcquade

This does sound neat, but since policyuniverse is more of a library than a CLI tool, I'm thinking @kmcquade's plug sounds pretty good. 😉

That being said, I'm more than happy to review a PR (or a proposal) for a CLI.

patricksanders avatar Jun 25 '21 19:06 patricksanders

Shameless plug, but check out my project aws-policy-generator. It uses policyuniverse under the hood to do all the heavy lifting.

jtyers avatar Jun 22 '22 08:06 jtyers

Neat, thanks for sharing @jtyers!

patricksanders avatar Jun 22 '22 17:06 patricksanders

That’s awesome!!

On Wed, Jun 22, 2022 at 11:42 AM Patrick Sanders @.***> wrote:

Neat, thanks for sharing @jtyers https://github.com/jtyers!

— Reply to this email directly, view it on GitHub https://github.com/Netflix-Skunkworks/policyuniverse/issues/38#issuecomment-1163425761, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB5DLJVGTS7WVWU3H2Z6ZXTVQNF7VANCNFSM4LUIAUXA . You are receiving this because you are subscribed to this thread.Message ID: @.***>

scriptsrc avatar Jun 22 '22 18:06 scriptsrc