policyuniverse
policyuniverse copied to clipboard
Parse and Process AWS IAM Policies, Statements, ARNs, and wildcards.
`policyuniverse/tests/test_expander_minimizer.py::TestMethods::test_expand_1` and `policyuniverse/tests/test_expander_minimizer.py::TestMethods::test_expand_minimize_over_policies` can fail when running with `pytest --flake-finder --flake-runs=2`.
Howdy! I noticed that policyuniverse doesn't detect possible bucket sniping - i.e. when a bucket it not owned by the account you expect it to be, as S3 ARNs don't...
Changed the `aws_service_match` in order to support ARNs like `member.org.stacksets.cloudformation.amazonaws.com` from https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-cloudformation.html . Added test service ARNs and a test to make sure that the `tech` property won't be affected...
IAM entities can be referred to via IAM UniqueIDs to prevent name reuse collisions for critical policy objects. Policy assumes all Principals are ARNs--most processing loops over the `principals` property...
This is the proposed change to fix #36 - note that this change *removes* a property as I don't believe it's relevant, but if preferred, I could readd that and...
It would be great if there is a module / function which can return supported resources for a given action. Currently based on my search there is no easily consumable...