Add --resource-type flag to policy_sentry query action-table command

[reetasingh]

What does this PR do?

Address #255 with the Bonus Points

1. Adding --resource-type flag to policy_sentry query action-table
2. Removing --wildcard-only flag from policy_sentry query action-table
3. Adding method get_actions_matching_arn_type
4. Modifying method get_actions_with_arn_type_and_access_level
5. Adding unit tests for the new methods added and methods modified
6. Adding integration tests for new --resource-type flag

What gif best describes this PR or how it makes you feel?

Completion checklist

• CHANGELOG.md has been updated to reflect the changes
• Additions and changes have unit tests
• Unit tests, Pylint, security testing, and Integration tests are passing.. GitHub actions does this automatically
• The pull request has been appropriately labeled using the provided PR labels

[reetasingh]

new method added

[reetasingh]

@kmcquade let me know your thoughts on this PR

[reetasingh]

for resource_type_name == '*' calling the existing get_actions_at_access_level_that_support_wildcard_arns_only method

[reetasingh]

for resource_type_name == '*' calling the existing get_actions_that_support_wildcard_arns_only method

[reetasingh]

in this way the get_actions_matching_arn_type will support both the case where resource_type_name='' or not ''

[reetasingh]

if resource_type_name !='*'

[reetasingh]

if resource_type_name !='*' this block will be executed

[reetasingh]

OutPut:

(venv) reetasingh-ltm8:policy_sentry reetasingh$ policy_sentry query action-table  --help
Usage: policy_sentry query action-table [OPTIONS]

  Query the Action Table from the Policy Sentry database

Options:
  --service TEXT                  Filter according to AWS service.  [required]
  --name TEXT                     The name of IAM Action. For example, if the
                                  action is "iam:ListUsers", supply
                                  "ListUsers" here.

  --access-level [read|write|list|tagging|permissions-management]
                                  Filter according to CRUD levels. Acceptable
                                  values are read, write, list, tagging,
                                  permissions-management

  --condition TEXT                Supply a condition key to show a list of all
                                  IAM actions that support the condition key.

  --resource-type TEXT            Supply a resource type to show a list of all
                                  IAM actions that support the resource type.

  --fmt [yaml|json]               Format output as YAML or JSON. Defaults to
                                  "yaml"

  -v, --verbosity LVL             Either CRITICAL, ERROR, WARNING, INFO or
                                  DEBUG

  --help                          Show this message and exit.
(venv) reetasingh-ltm8:policy_sentry reetasingh$ 

[reetasingh]

(venv) reetasingh-ltm8:policy_sentry reetasingh$ policy_sentry query action-table --service ssm --access-level write --resource-type parameter
Using the Local IAM definition: /Users/reetasingh/.policy_sentry/iam-definition.json. To leverage the bundled definition instead, remove the folder $HOME/.policy_sentry/
ssm WRITE actions that have the resource type PARAMETER:
[
    "ssm:DeleteParameter",
    "ssm:DeleteParameters",
    "ssm:LabelParameterVersion",
    "ssm:PutParameter"
]
(venv) reetasingh-ltm8:policy_sentry reetasingh$ policy_sentry query action-table --service secretsmanager --access-level list --resource-type '*'
Using the Local IAM definition: /Users/reetasingh/.policy_sentry/iam-definition.json. To leverage the bundled definition instead, remove the folder $HOME/.policy_sentry/
secretsmanager LIST actions that have the resource type *:
[
    "secretsmanager:ListSecrets"
]

[reetasingh]

(venv) reetasingh-ltm8:policy_sentry reetasingh$ policy_sentry query action-table --service secretsmanager  --resource-type '*'
Using the Local IAM definition: /Users/reetasingh/.policy_sentry/iam-definition.json. To leverage the bundled definition instead, remove the folder $HOME/.policy_sentry/
IAM actions under secretsmanager service that have the resource type *:
[
    "secretsmanager:GetRandomPassword",
    "secretsmanager:ListSecrets"
]
(venv) reetasingh-ltm8:policy_sentry reetasingh$ 

[reetasingh]

(venv) reetasingh-ltm8:policy_sentry reetasingh$ policy_sentry query action-table --service secretsmanager  --resource-type '*' --access-level read
Using the Local IAM definition: /Users/reetasingh/.policy_sentry/iam-definition.json. To leverage the bundled definition instead, remove the folder $HOME/.policy_sentry/
secretsmanager READ actions that have the resource type *:
[
    "secretsmanager:GetRandomPassword"
]

[reetasingh]

venv) reetasingh-ltm8:policy_sentry reetasingh$ policy_sentry query action-table --service ssm --resource-type parameter
Using the Local IAM definition: /Users/reetasingh/.policy_sentry/iam-definition.json. To leverage the bundled definition instead, remove the folder $HOME/.policy_sentry/
IAM actions under ssm service that have the resource type parameter:
[
    "ssm:AddTagsToResource",
    "ssm:DeleteParameter",
    "ssm:DeleteParameters",
    "ssm:GetParameter",
    "ssm:GetParameterHistory",
    "ssm:GetParameters",
    "ssm:GetParametersByPath",
    "ssm:LabelParameterVersion",
    "ssm:ListTagsForResource",
    "ssm:PutParameter",
    "ssm:RemoveTagsFromResource"
]

[kmcquade]

@reetasingh this looks awesome!

I'm good to merge this. But first - can you modify your PR so it updates the documentation for the query action-table section? https://policy-sentry.readthedocs.io/en/latest/querying/action-table/

[reetasingh]

https://policy-sentry.readthedocs.io/en/latest/querying/action-table/

@kmcquade updated docs f81e27c