Understand the effective permissions of your policies
Project description
PolicyGlass allows you to analyse one or more AWS policies’ effective permissions in aggregate, by restating them in the form of PolicyShards which are always Allow, never Deny.
PolicyGlass will always result in only allow PolicyShard objects, no matter how complex the policy. This makes understanding the effect of your policies programmatically a breeze.
Try it out
Try out custom policies quickly without installing anything with the PolicyGlass Sandbox.
Installation
pip install policyglassUsage
Let’s take two policies, a and b and pit them against each other.
>>> from policyglass import Policy, policy_shards_effect
>>> policy_a = Policy(**{
... "Version": "2012-10-17",
... "Statement": [
... {
... "Effect": "Allow",
... "Action": [
... "s3:*"
... ],
... "Resource": "*"
... }
... ]
... })
>>> policy_b = Policy(**{
... "Version": "2012-10-17",
... "Statement": [
... {
... "Effect": "Deny",
... "Action": [
... "s3:*"
... ],
... "Resource": "arn:aws:s3:::examplebucket/*"
... }
... ]
... })
>>> policy_shards = [*policy_a.policy_shards, *policy_b.policy_shards]
>>> effect = policy_shards_effect(policy_shards)
>>> effect
[PolicyShard(effect='Allow',
effective_action=EffectiveAction(inclusion=Action('s3:*'),
exclusions=frozenset()),
effective_resource=EffectiveResource(inclusion=Resource('*'),
exclusions=frozenset({Resource('arn:aws:s3:::examplebucket/*')})),
effective_principal=EffectivePrincipal(inclusion=Principal(type='AWS', value='*'),
exclusions=frozenset()),
effective_condition=EffectiveCondition(inclusions=frozenset(), exclusions=frozenset()))]Two policies, two statements, resulting in a single allow PolicyShard. More complex policies will result in multiple shards, but they will always be allows, no matter how complex the policy.
You can also make them human readable!
>>> from policyglass import explain_policy_shards
>>> explain_policy_shards(effect)
['Allow action s3:* on resource * (except for arn:aws:s3:::examplebucket/*) with principal AWS *.']Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file policyglass-0.8.0.tar.gz.
File metadata
- Download URL: policyglass-0.8.0.tar.gz
- Upload date:
- Size: 18.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.7.1 importlib_metadata/4.10.0 pkginfo/1.8.2 requests/2.27.1 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f97dfeb647abad8bb8e284ba860887d559a483ffbf1b9cf366f69d92cc4344ac |
|
| MD5 | 793cc7b9fd97f038df573190a5f0d368 |
|
| BLAKE2b-256 | d219312450a0b7c06770c7d044db0dbdc056f06ca6b68144d5f9176ffa8f66ce |
File details
Details for the file policyglass-0.8.0-py3-none-any.whl.
File metadata
- Download URL: policyglass-0.8.0-py3-none-any.whl
- Upload date:
- Size: 23.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.7.1 importlib_metadata/4.10.0 pkginfo/1.8.2 requests/2.27.1 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 20ae7de87a42665cc1882d67e1477c1eaf5059e82b01501e18d38999a81e6c89 |
|
| MD5 | 9acd381ef3756709fdfe818250176b1c |
|
| BLAKE2b-256 | 071ac4abbd637760c0972614426d7770f35666a44aa597e5ae76c131a2690003 |
