Class: AwsIamPolicy
Defined Under Namespace
Classes: Backend
Constant Summary
collapse
- EXPECTED_CRITERIA =
Note that we also accept downcases and symbol versions of these
%w{
Action
Effect
Resource
Sid
}.freeze- UNIMPLEMENTED_CRITERIA =
%w{
Conditional
NotAction
NotPrincipal
NotResource
Principal
}.freeze
Instance Attribute Summary collapse
Instance Method Summary
collapse
#exists?, included
#catch_aws_errors, #check_resource_param_names, #initialize, #inspec_runner
Instance Attribute Details
#arn ⇒ Object
Returns the value of attribute arn.
17
18
19
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 17
def arn
@arn
end
|
#attachment_count ⇒ Object
Returns the value of attribute attachment_count.
17
18
19
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 17
def attachment_count
@attachment_count
end
|
#default_version_id ⇒ Object
Returns the value of attribute default_version_id.
17
18
19
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 17
def default_version_id
@default_version_id
end
|
Instance Method Details
#attached? ⇒ Boolean
39
40
41
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 39
def attached?
!attachment_count.zero?
end
|
#attached_groups ⇒ Object
49
50
51
52
53
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 49
def attached_groups
return @attached_groups if defined? @attached_groups
fetch_attached_entities
@attached_groups
end
|
#attached_roles ⇒ Object
55
56
57
58
59
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 55
def attached_roles
return @attached_roles if defined? @attached_roles
fetch_attached_entities
@attached_roles
end
|
#attached_to_group?(group_name) ⇒ Boolean
65
66
67
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 65
def attached_to_group?(group_name)
attached_groups.include?(group_name)
end
|
#attached_to_role?(role_name) ⇒ Boolean
69
70
71
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 69
def attached_to_role?(role_name)
attached_roles.include?(role_name)
end
|
#attached_to_user?(user_name) ⇒ Boolean
61
62
63
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 61
def attached_to_user?(user_name)
attached_users.include?(user_name)
end
|
#attached_users ⇒ Object
43
44
45
46
47
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 43
def attached_users
return @attached_users if defined? @attached_users
fetch_attached_entities
@attached_users
end
|
#has_statement?(provided_criteria = {}) ⇒ Boolean
97
98
99
100
101
102
103
104
105
106
107
108
109
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 97
def has_statement?(provided_criteria = {})
return nil unless exists?
raw_criteria = provided_criteria.dup criteria = has_statement__validate_criteria(raw_criteria)
@normalized_statements ||= has_statement__normalize_statements
statements = has_statement__focus_on_sid(@normalized_statements, criteria)
statements.any? do |statement|
true && \
has_statement__effect(statement, criteria) && \
has_statement__array_criterion(:action, statement, criteria) && \
has_statement__array_criterion(:resource, statement, criteria)
end
end
|
#policy ⇒ Object
73
74
75
76
77
78
79
80
81
82
83
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 73
def policy
return nil unless exists?
return @policy if defined?(@policy)
catch_aws_errors do
backend = BackendFactory.create(inspec_runner)
gpv_response = backend.get_policy_version(policy_arn: arn, version_id: default_version_id)
@policy = JSON.parse(URI.decode_www_form_component(gpv_response.policy_version.document))
end
@policy
end
|
#statement_count ⇒ Object
85
86
87
88
89
90
91
92
93
94
95
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 85
def statement_count
return nil unless exists?
if policy['Statement'].is_a? Array
policy['Statement'].count
else
return 1
end
end
|
#to_s ⇒ Object
35
36
37
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 35
def to_s
"Policy #{@policy_name}"
end
|