#!/usr/bin/env python # -*- coding: utf-8 -*- """ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: MIT-0 * * Permission is hereby granted, free of charge, to any person obtaining a copy of this * software and associated documentation files (the "Software"), to deal in the Software * without restriction, including without limitation the rights to use, copy, modify, * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to * permit persons to whom the Software is furnished to do so. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ import os from typing import Optional, Tuple, List from .constants import GROUP_ACCOUNT_PREFIX, GROUP_ORG_PREFIX __all__ = ["get_env_list", "parse_group"] def get_env_list(key: str) -> List[str]: """ Return an optional environment variable as a list """ value = os.getenv(key, "").split(",") return list(filter(None, value)) def parse_group(group_name: str) -> Tuple[Optional[str], str]: """ Parse a group name into the account name and permission set name """ account_name = None permission_set_name = None # ex. AWS-A-AccountA-DeveloperAccess if group_name.startswith(GROUP_ACCOUNT_PREFIX): group_parts = group_name.replace(GROUP_ACCOUNT_PREFIX, "").rsplit("-", 1) account_name = group_parts[2] # AccountA permission_set_name = group_parts[3] # DeveloperAccess # ex. AWS-O-AWSReadOnlyAccess elif group_name.startswith(GROUP_ORG_PREFIX): group_parts = group_name.split("-", 2) permission_set_name = group_parts[2] # AWSReadOnlyAccess else: raise Exception(f"Unrecognized group name: {group_name}") return (account_name, permission_set_name)