Merge pull request #347 from kmcquade/fix/service-authz-url-in-iam-definition

Adds per-Service Authorization URL to IAM Definition and associated query method

Author: kmcquade

policy_sentry/bin/version.py

@@ -1,2 +1,2 @@
 # pylint: disable=missing-module-docstring
-__version__ = "0.11.6"
+__version__ = "0.11.7"

policy_sentry/querying/all.py

@@ -50,3 +50,11 @@ def get_all_actions(lowercase=False):
     # results = list(set(results))
     # results.sort()
     return all_actions
+
+
+def get_service_authorization_url(service_prefix: str) -> str:
+    """
+    Gets the URL to the Actions, Resources, and Condition Keys page for a particular service.
+    """
+    result = iam_definition.get(service_prefix).get("service_authorization_url")
+    return result

policy_sentry/shared/awsdocs.py

@@ -198,9 +198,13 @@ def create_database(destination_directory, access_level_overrides_file):
                     prefix = prefix.split('<code class="code">')[1]
                     prefix = chomp(prefix.split("</code>")[0])
                     break
+            # The URL to that service's Actions, Resources, and Condition Keys page
+            service_authorization_url_prefix = "https://docs.aws.amazon.com/service-authorization/latest/reference"
+            service_authorization_url = f"{service_authorization_url_prefix}/{filename}"
             service_schema = {
                 "service_name": service_name,
                 "prefix": prefix,
+                "service_authorization_url": service_authorization_url,
                 "privileges": {},
                 "resources": {},
                 "conditions": {},

policy_sentry/shared/data/iam-definition.json

@@ -25,6 +25,7 @@ def get_service_prefix_data(service_prefix):
     result = iam_definition.get(service_prefix, None)
     try:
         return result
-    # pylint: disable=bare-except
+    # pylint: disable=bare-except, inconsistent-return-statements
     except:
         logger.debug("Service prefix not %s found.", service_prefix)
+        return None

policy_sentry/shared/iam_data.py

@@ -2,7 +2,8 @@
 import json
 from policy_sentry.querying.all import (
     get_all_service_prefixes,
-    get_all_actions
+    get_all_actions,
+    get_service_authorization_url
 )
 from policy_sentry.command.query import query_action_table
 
@@ -50,3 +51,10 @@ def test_GH_296_query_all_actions_with_wildcard_resources(self):
             condition=None
         )
         self.assertTrue(len(result) > 3000)
+
+    def test_get_service_authorization_url(self):
+        result = get_service_authorization_url("a4b")
+        print(result)
+        expected_result = "https://docs.aws.amazon.com/service-authorization/latest/reference/list_alexaforbusiness.html"
+        self.assertTrue(result == expected_result)
+

test/querying/test_all.py

@@ -30,6 +30,7 @@ def test_get_service_prefix_data(self):
         desired_output_schema = Schema(
             {
                 "service_name": "AWS Cloud9",
+                "service_authorization_url": "https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscloud9.html",
                 "prefix": "cloud9",
                 "privileges": dict,
                 "resources": dict,