Merge pull request #223 from duo-labs/lru_cache

Lru cache

Author: 0xdabbad00

parliament/__init__.py

@@ -1,7 +1,7 @@
 """
 This library is a linter for AWS IAM policies.
 """
-__version__ = "1.6.0"
+__version__ = "1.6.1"
 
 import fnmatch
 import functools
@@ -229,7 +229,7 @@ def is_glob_match(s1, s2):
     return s1[0] == s2[0] and is_glob_match(s1[1:], s2[1:])
 
 
-@functools.lru_cache(maxsize=1024)
+@functools.lru_cache(maxsize=10240)
 def expand_action(action, raise_exceptions=True):
     """
     Converts "iam:*List*" to

parliament/statement.py

@@ -147,12 +147,16 @@ def is_valid_account_id(str):
     "aws:CalledViaLast": "String",
     "aws:CurrentTime": "Date",
     "aws:EpochTime": "Date",  # This needs to accept Date or Numeric
+    "aws:FederatedProvider": "String",
     "aws:MultiFactorAuthAge": "Numeric",
     "aws:MultiFactorAuthPresent": "Bool",
     "aws:PrincipalAccount": "String",
     "aws:PrincipalOrgID": "String",
     "aws:PrincipalArn": "Arn",
+    "aws:PrincipalIsAWSService": "Bool",
     "aws:PrincipalOrgPaths": "String",
+    "aws:PrincipalServiceName": "String",
+    "aws:PrincipalServiceNamesList": "String",
     "aws:PrincipalTag": "String",
     "aws:PrincipalType": "String",
     "aws:RequestedRegion": "String",
@@ -162,11 +166,16 @@ def is_valid_account_id(str):
     "aws:PrincipalTag/*": "String",
     "aws:PrincipalType": "String",
     "aws:Referer": "String",
+    "aws:RequestedRegion": "String",
     "aws:RequestTag/*": "String",
+    "aws:ResourceAccount": "String",
+    "aws:ResourceOrgID": "String",
+    "aws:ResourceOrgPaths": "String",
     "aws:ResourceTag/*": "String",
     "aws:SecureTransport": "Bool",
     "aws:SourceAccount": "String",
     "aws:SourceArn": "Arn",
+    "aws:SourceIdentity": "String",
     "aws:SourceIp": "Ip",
     "aws:SourceVpc": "String",
     "aws:SourceVpce": "String",

tests/unit/test_action_expansion.py

@@ -9,42 +9,36 @@ class TestActionExpansion:
 
     def test_expand_action_no_expansion(self):
         expanded_actions = expand_action("s3:listallmybuckets")
-        assert (
-            len(expanded_actions),
-            len([{"service": "s3", "action": "ListAllMyBuckets"}]),
+        assert len(expanded_actions) == len(
+            [{"service": "s3", "action": "ListAllMyBuckets"}]
         )
 
     def test_expand_action_with_expansion(self):
         expanded_actions = expand_action("s3:listallmybucke*")
-        assert (
-            len(expanded_actions),
-            len([{"service": "s3", "action": "ListAllMyBuckets"}]),
+        assert len(expanded_actions) == len(
+            [{"service": "s3", "action": "ListAllMyBuckets"}]
         )
 
     def test_expand_action_with_casing(self):
         expanded_actions = expand_action("iAm:li*sTuS*rs")
-        assert (len(expanded_actions), len([{"service": "iam", "action": "ListUsers"}]))
+        assert len(expanded_actions) == len([{"service": "iam", "action": "ListUsers"}])
 
     def test_expand_action_with_expansion_for_prefix_used_multiple_times(self):
         expanded_actions = expand_action("ses:Describe*")
-        assert (
-            len(expanded_actions),
-            len(
-                [
-                    {"service": "ses", "action": "DescribeActiveReceiptRuleSet"},
-                    {"service": "ses", "action": "DescribeConfigurationSet"},
-                    {"service": "ses", "action": "DescribeReceiptRule"},
-                    {"service": "ses", "action": "DescribeReceiptRuleSet"},
-                ]
-            ),
+        assert len(expanded_actions) == len(
+            [
+                {"service": "ses", "action": "DescribeActiveReceiptRuleSet"},
+                {"service": "ses", "action": "DescribeConfigurationSet"},
+                {"service": "ses", "action": "DescribeReceiptRule"},
+                {"service": "ses", "action": "DescribeReceiptRuleSet"},
+            ]
         )
 
     def test_expand_action_with_permission_only_action(self):
         # There are 17 privileges list as "logs.CreateLogDelivery [permission only]"
         expanded_actions = expand_action("logs:GetLogDelivery")
-        assert (
-            len(expanded_actions),
-            len([{"service": "logs", "action": "GetLogDelivery"}]),
+        assert len(expanded_actions) == len(
+            [{"service": "logs", "action": "GetLogDelivery"}]
         )
 
     def test_exception_malformed(self):