Understand the effective permissions of your policies
Project description
PolicyGlass allows you to combine multiple AWS IAM policies/statements into their ‘effective permissions’, deduplicating permissions, and eliminating denied permissions along the way.
PolicyGlass will always result in only allow PolicyShard objects, no matter how complex the policy. This makes understanding the effect of your policies programtically a breeze.
Installation
pip install policyglassUsage
Let’s take two policies, a and b and pit them against each other.
>>> from policyglass import Policy, dedupe_policy_shards, policy_shards_effect
>>> policy_a = Policy(**{
... "Version": "2012-10-17",
... "Statement": [
... {
... "Effect": "Allow",
... "Action": [
... "s3:*"
... ],
... "Resource": "*"
... }
... ]
... })
>>> policy_b = Policy(**{
... "Version": "2012-10-17",
... "Statement": [
... {
... "Effect": "Deny",
... "Action": [
... "s3:*"
... ],
... "Resource": "arn:aws:s3:::examplebucket/*"
... }
... ]
... })
>>> policy_shards = [*policy_a.policy_shards, *policy_b.policy_shards]
>>> print(policy_shards_effect(policy_shards))
[PolicyShard(effect='Allow',
effective_action=EffectiveAction(inclusion=Action('s3:*'),
exclusions=frozenset()),
effective_resource=EffectiveResource(inclusion=Resource('*'),
exclusions=frozenset({Resource('arn:aws:s3:::examplebucket/*')})),
effective_principal=EffectivePrincipal(inclusion=Principal(type='AWS', value='*'),
exclusions=frozenset()),
conditions=frozenset(),
not_conditions=frozenset())]Two policies, two statements, resulting in a single allow PolicyShard. More complex policies will result in multiple shards, but they will always be allows, no matter how complex the policy.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file policyglass-0.3.0.tar.gz.
File metadata
- Download URL: policyglass-0.3.0.tar.gz
- Upload date:
- Size: 12.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.7.1 importlib_metadata/4.9.0 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
95b06a84a5df719ea1a3f25a2171ae68580bd76692a075eefcc8f13236d47dc4
|
|
| MD5 |
595cebcc7a0b23f04c2d1f6aeab16528
|
|
| BLAKE2b-256 |
6b81f96878de3d062270bd23d7cb36443d92057b6ababc89a4c79fe9b837ad0e
|
File details
Details for the file policyglass-0.3.0-py3-none-any.whl.
File metadata
- Download URL: policyglass-0.3.0-py3-none-any.whl
- Upload date:
- Size: 16.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.7.1 importlib_metadata/4.9.0 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
22b774f36a93a6dce64795628eb910faba80df443a93ce6f5ce94e09252f3c69
|
|
| MD5 |
575a26b43a6bb725771010e0223a8eb6
|
|
| BLAKE2b-256 |
216ffa45c504645f91b9054a36429d95e88f0f5b8b02f5928407f9b1a75887a7
|
