Class: AwsIamPolicy
Defined Under Namespace
Classes: Backend
Constant Summary
collapse
- EXPECTED_CRITERIA =
Note that we also accept downcases and symbol versions of these
%w{
Action
Effect
Resource
Sid
}.freeze
- UNIMPLEMENTED_CRITERIA =
%w{
Conditional
NotAction
NotPrincipal
NotResource
Principal
}.freeze
Instance Attribute Summary collapse
Instance Method Summary
collapse
#exists?, included
#catch_aws_errors, #check_resource_param_names, #initialize, #inspec_runner
Instance Attribute Details
#arn ⇒ Object
Returns the value of attribute arn.
21
22
23
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 21
def arn
@arn
end
|
#attachment_count ⇒ Object
Returns the value of attribute attachment_count.
21
22
23
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 21
def attachment_count
@attachment_count
end
|
#default_version_id ⇒ Object
Returns the value of attribute default_version_id.
21
22
23
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 21
def default_version_id
@default_version_id
end
|
Instance Method Details
#attached? ⇒ Boolean
43
44
45
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 43
def attached?
attachment_count > 0
end
|
#attached_groups ⇒ Object
54
55
56
57
58
59
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 54
def attached_groups
return @attached_groups if defined? @attached_groups
fetch_attached_entities
@attached_groups
end
|
#attached_roles ⇒ Object
61
62
63
64
65
66
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 61
def attached_roles
return @attached_roles if defined? @attached_roles
fetch_attached_entities
@attached_roles
end
|
#attached_to_group?(group_name) ⇒ Boolean
72
73
74
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 72
def attached_to_group?(group_name)
attached_groups.include?(group_name)
end
|
#attached_to_role?(role_name) ⇒ Boolean
76
77
78
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 76
def attached_to_role?(role_name)
attached_roles.include?(role_name)
end
|
#attached_to_user?(user_name) ⇒ Boolean
68
69
70
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 68
def attached_to_user?(user_name)
attached_users.include?(user_name)
end
|
#attached_users ⇒ Object
47
48
49
50
51
52
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 47
def attached_users
return @attached_users if defined? @attached_users
fetch_attached_entities
@attached_users
end
|
#has_statement?(provided_criteria = {}) ⇒ Boolean
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 105
def has_statement?(provided_criteria = {})
return nil unless exists?
raw_criteria = provided_criteria.dup criteria = has_statement__validate_criteria(raw_criteria)
@normalized_statements ||= has_statement__normalize_statements
statements = has_statement__focus_on_sid(@normalized_statements, criteria)
statements.any? do |statement|
true && \
has_statement__effect(statement, criteria) && \
has_statement__array_criterion(:action, statement, criteria) && \
has_statement__array_criterion(:resource, statement, criteria)
end
end
|
#policy ⇒ Object
80
81
82
83
84
85
86
87
88
89
90
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 80
def policy
return nil unless exists?
return @policy if defined?(@policy)
catch_aws_errors do
backend = BackendFactory.create(inspec_runner)
gpv_response = backend.get_policy_version(policy_arn: arn, version_id: default_version_id)
@policy = JSON.parse(URI.decode_www_form_component(gpv_response.policy_version.document))
end
@policy
end
|
#statement_count ⇒ Object
92
93
94
95
96
97
98
99
100
101
102
103
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 92
def statement_count
return nil unless exists?
if policy["Statement"].is_a? Array
policy["Statement"].count
else
1
end
end
|
#to_s ⇒ Object
39
40
41
|
# File 'lib/resources/aws/aws_iam_policy.rb', line 39
def to_s
"Policy #{@policy_name}"
end
|