Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Speed improvements by converting privileges, resources, and conditions in the IAM definition to dicts instead of lists #240

Closed
kmcquade opened this issue Sep 29, 2020 · 0 comments
Closed

Speed improvements by converting privileges, resources, and conditions in the IAM definition to dicts instead of lists #240

kmcquade opened this issue Sep 29, 2020 · 0 comments

Comments

@kmcquade
Copy link
Collaborator

Ran some unit tests that printed out non-unique privileges to see if that would break anything. Looks like we are good to use dicts instead of lists, which should greatly improve speed issues.

import unittest
import json
from policy_sentry.shared.iam_data import iam_definition

class IAMDataChanges(unittest.TestCase):
    def test_unique_privilege_names_only(self):
        list_of_actions = []
        for service_prefix in iam_definition:
            for privilege in iam_definition[service_prefix].get("privileges"):
                list_of_actions.append(f"{service_prefix}:{privilege.get('privilege')}")
        set_of_actions = set(list_of_actions)
        print(len(list_of_actions))
        print(len(set_of_actions))
        # 7781 and 7781.
        # We are good to go. I'll convert it to dictionaries
    def test_unique_resource_names_only(self):
        list_of_resources = []
        for service_prefix in iam_definition:
            for resource in iam_definition[service_prefix].get("resources"):
                # Even though the resource doesn't have the service prefix included IRL,
                # this ensures all the list items are unique for our test.
                list_of_resources.append(f"{service_prefix}:{resource.get('resource')}")
        set_of_resources = set(list_of_resources)
        print(len(list_of_resources))
        print(len(set_of_resources))
        # 770 and 770. We are good to go

    def test_unique_condition_names_only(self):
        list_of_conditions = []
        for service_prefix in iam_definition:
            for condition in iam_definition[service_prefix].get("conditions"):
                # Even though the resource doesn't have the service prefix included IRL,
                # this ensures all the list items are unique for our test.
                list_of_conditions.append(f"{service_prefix}:{condition.get('condition')}")
        set_of_conditions = set(list_of_conditions)
        print(len(list_of_conditions))
        print(len(set_of_conditions))
        # 791 and 790. The only non-unique item is swf:workflowType.name, and if you look at the docs, it is pretty much the same so we won't be losing any valuale information by using this as a dictionary key
        extra_condition = set([x for x in list_of_conditions if list_of_conditions.count(x) > 1])
        print(extra_condition)

Working on this right now. Brb
@kmcquade kmcquade mentioned this issue Oct 1, 2020
Merged
3 tasks
@kmcquade kmcquade mentioned this issue Nov 13, 2020
Closed
saikirankv pushed a commit to saikirankv/policy_sentry that referenced this issue Nov 18, 2020
@kmcquade @saikirankv
Speed improvements by changing IAM definition - fixes salesforce#240 (s…
3b087a6 
…alesforce#242)

* Changes to IAM Definition - so far untested and have not adjusted query methods

* Speed improvements by changing the IAM definition

* Make pylint happy

* Refresh docs and fix tests

* Version bump
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kmcquade