U ^|@sxddlZddlZddlZddlmZGdddeZGdddeZGdddeZGd d d eZ Gd d d eZ dS) N)deepcopyc@s,eZdZddZddZddZddZd S) StatementcCs<ddddddg|_t||_||_||_||dS)NSidZEffect PrincipalZActionResource Condition)_Statement__fieldsr_Statement__ori_statement_Statement__changing_statement source_policyreloadvalidate)self statementr rt/private/var/folders/jy/z5cx64ws53l45w5zsz2gpzmr7vwnlm/T/pip-unpacked-wheel-kzygz1kn/awspolicy/aws_policy_modules.py__init__s  zStatement.__init__cCst|jtk rtddS)Nz:Error parsing statement. Input is not a valid JSON object.typecontentdict ValueErrorrrrrr szStatement.validatecCsP|jD],}t||dk r.t|||j|<q |j|=q t|j|_|dS)NT)rkeysgetattrr rr r rfieldrrrsaves  zStatement.savecCs2t|j|_|jD]}t|||j|dqdSN)rr rrsetattrgetrrrrr s  zStatement.reloadN)__name__ __module__ __qualname__rr rr rrrrrs rc@sNeZdZddZddZddZddZd d Zd d Zd dZ dddZ dS) PolicyBasecKs:|d|_|d|_||dd|jD|_dS)z resourceIdentifer: CMK Id or Arn, S3 Bucket Name etc. serviceModule: e.g. boto3.client('kms'), session.client('kms'), boto3.client('s3') etc. Z serviceModuleZresourceIdentifercSsg|]}|ddqS)rr .0rrrr &sz'PolicyBase.__init__..N)_PolicyBase__serviceModule_PolicyBase__resourceIdentiferr r rZsidsrkwargsrrrrs   zPolicyBase.__init__cCst|jtk rtddS)Nz7Error parsing policy. Input is not a valid JSON object.rrrrrr 'szPolicyBase.validatecCs@d}|jD](}|dds*dt||d<|d7}q |dS)Nrrr)rr strr)rcrrrr fill_up_sids*s    zPolicyBase.fill_up_sidscCstd|rdSdSdS)Nz [A-Z0-9]{21}FT)recompilematch)rprrrZ__is_principal_valid1szPolicyBase.__is_principal_validcsjD]t}|d}t|tkr|d}|rt|tk r@|g}fdd|D}t|dkrrtdt|q||d<qdS)NrZAWScsg|]}|r|qSr)_PolicyBase__is_principal_valid)r(r5rrrr)?s z:PolicyBase.clean_up_deleted_principals..rz'Statement {} has no valid AWS principal) rr rrlistlenrformatr/)rrZ principalZaws_principalsZvalid_aws_principalsrrrclean_up_deleted_principals7s      z&PolicyBase.clean_up_deleted_principalscs6fdd|jD}t|dkr$dSt|d|SdS)Ncs g|]}|ddkr|qS)rNr&r'sidrrr)Esz/PolicyBase.select_statement..r)rr8)rr<Z searchingrr;rselect_statementDs zPolicyBase.select_statementcCs<||_|j|_|jD]}t|||j|dqdSr) get_policyrrZ_PolicyBase__fieldsrr rrrrr Js   zPolicyBase.reloadFcCs6||r|t|j}||}||Sr)r r:jsondumpsr put_policyr )rZclean_deleted_principals policy_stringresprrrrOs  zPolicyBase.saveN)F) r!r"r#rr r1r6r:r=r rrrrrr$s  r$cs,eZdZfddZddZddZZS) KmsPolicyc stt|jf|dSr)superrDrr, __class__rrrYszKmsPolicy.__init__cCs |jj|jdd}t|dS)Ndefault)KeyId PolicyNamePolicy)r*Zget_key_policyr+r?loadsrrCrrrr>[szKmsPolicy.get_policycCs|jj|jd|d}|S)NrH)rIrJrK)r*Zput_key_policyr+rrBrCrrrrA^szKmsPolicy.put_policyr!r"r#rr>rA __classcell__rrrFrrDXs rDcs,eZdZfddZddZddZZS) BucketPolicyc stt|jf|dSr)rErQrr,rFrrrcszBucketPolicy.__init__cCs|jj|jd}t|dS)N)BucketrK)r*Zget_bucket_policyr+r?rLrMrrrr>eszBucketPolicy.get_policycCs|jj|j|d}|S)N)rRrK)r*Zput_bucket_policyr+rNrrrrAhszBucketPolicy.put_policyrOrrrFrrQbs rQcs,eZdZfddZddZddZZS)IamRoleTrustPolicyc stt|jf|dSr)rErSrr,rFrrrmszIamRoleTrustPolicy.__init__cCs|jj|jd}|ddS)N)RoleNameZRoleZAssumeRolePolicyDocument)r*Zget_roler+rMrrrr>oszIamRoleTrustPolicy.get_policycCs|jj|j|d}|S)N)rTZPolicyDocument)r*Zupdate_assume_role_policyr+rNrrrrArszIamRoleTrustPolicy.put_policyrOrrrFrrSls rS) r?Zboto3r2copyrobjectrr$rDrQrSrrrrs  ;