-
Notifications
You must be signed in to change notification settings - Fork 135
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add --resource-type
flag to policy_sentry query action-table
command
#261
Conversation
--resource-type
flag to policy_sentry query action-table
command
def get_actions_with_arn_type_and_access_level( | ||
service_prefix, resource_type_name, access_level | ||
): | ||
def get_actions_matching_arn_type(service_prefix, resource_type_name): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
new method added
@kmcquade let me know your thoughts on this PR |
results = [] | ||
|
||
if resource_type_name == '*': | ||
return get_actions_at_access_level_that_support_wildcard_arns_only(service_prefix, access_level) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
for resource_type_name == '*' calling the existing get_actions_at_access_level_that_support_wildcard_arns_only method
""" | ||
if resource_type_name == '*': | ||
return get_actions_that_support_wildcard_arns_only(service_prefix) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
for resource_type_name == '*' calling the existing get_actions_that_support_wildcard_arns_only method
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in this way the get_actions_matching_arn_type will support both the case where resource_type_name='' or not ''
service_prefix_data = get_service_prefix_data(service_prefix) | ||
results = [] | ||
|
||
for action_name, action_data in service_prefix_data["privileges"].items(): | ||
if action_data["access_level"] == access_level: | ||
if service_prefix == "all": |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if resource_type_name !='*'
|
||
if resource_type_name == '*': | ||
return get_actions_at_access_level_that_support_wildcard_arns_only(service_prefix, access_level) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if resource_type_name !='*' this block will be executed
OutPut:
|
|
|
|
|
@reetasingh this looks awesome! I'm good to merge this. But first - can you modify your PR so it updates the documentation for the |
…and (salesforce#261) * add resource type flag in query action-table * add unit test * updating doc for resource-type param
What does this PR do?
Address #255 with the Bonus Points
policy_sentry query action-table
policy_sentry query action-table
get_actions_matching_arn_type
get_actions_with_arn_type_and_access_level
-resource-type
flagWhat gif best describes this PR or how it makes you feel?
Completion checklist