Class: AwsIamPolicy

Inherits:
Object
  • Object
show all
Includes:
AwsSingularResourceMixin
Defined in:
lib/resources/aws/aws_iam_policy.rb

Defined Under Namespace

Classes: Backend

Constant Summary collapse

EXPECTED_CRITERIA =

Note that we also accept downcases and symbol versions of these

%w{
  Action
  Effect
  Resource
  Sid
}.freeze
UNIMPLEMENTED_CRITERIA =
%w{
  Conditional
  NotAction
  NotPrincipal
  NotResource
  Principal
}.freeze

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from AwsSingularResourceMixin

#exists?, included

Methods included from AwsResourceMixin

#catch_aws_errors, #check_resource_param_names, #initialize, #inspec_runner

Instance Attribute Details

#arnObject (readonly)

Returns the value of attribute arn.



21
22
23
# File 'lib/resources/aws/aws_iam_policy.rb', line 21

def arn
  @arn
end

#attachment_countObject (readonly)

Returns the value of attribute attachment_count.



21
22
23
# File 'lib/resources/aws/aws_iam_policy.rb', line 21

def attachment_count
  @attachment_count
end

#default_version_idObject (readonly)

Returns the value of attribute default_version_id.



21
22
23
# File 'lib/resources/aws/aws_iam_policy.rb', line 21

def default_version_id
  @default_version_id
end

Instance Method Details

#attached?Boolean

Returns:

  • (Boolean)


43
44
45
# File 'lib/resources/aws/aws_iam_policy.rb', line 43

def attached?
  attachment_count > 0
end

#attached_groupsObject



54
55
56
57
58
59
# File 'lib/resources/aws/aws_iam_policy.rb', line 54

def attached_groups
  return @attached_groups if defined? @attached_groups

  fetch_attached_entities
  @attached_groups
end

#attached_rolesObject



61
62
63
64
65
66
# File 'lib/resources/aws/aws_iam_policy.rb', line 61

def attached_roles
  return @attached_roles if defined? @attached_roles

  fetch_attached_entities
  @attached_roles
end

#attached_to_group?(group_name) ⇒ Boolean

Returns:

  • (Boolean)


72
73
74
# File 'lib/resources/aws/aws_iam_policy.rb', line 72

def attached_to_group?(group_name)
  attached_groups.include?(group_name)
end

#attached_to_role?(role_name) ⇒ Boolean

Returns:

  • (Boolean)


76
77
78
# File 'lib/resources/aws/aws_iam_policy.rb', line 76

def attached_to_role?(role_name)
  attached_roles.include?(role_name)
end

#attached_to_user?(user_name) ⇒ Boolean

Returns:

  • (Boolean)


68
69
70
# File 'lib/resources/aws/aws_iam_policy.rb', line 68

def attached_to_user?(user_name)
  attached_users.include?(user_name)
end

#attached_usersObject



47
48
49
50
51
52
# File 'lib/resources/aws/aws_iam_policy.rb', line 47

def attached_users
  return @attached_users if defined? @attached_users

  fetch_attached_entities
  @attached_users
end

#has_statement?(provided_criteria = {}) ⇒ Boolean

Returns:

  • (Boolean)


105
106
107
108
109
110
111
112
113
114
115
116
117
118
# File 'lib/resources/aws/aws_iam_policy.rb', line 105

def has_statement?(provided_criteria = {})
  return nil unless exists?

  raw_criteria = provided_criteria.dup # provided_criteria is used for output formatting - can't delete from it.
  criteria = has_statement__validate_criteria(raw_criteria)
  @normalized_statements ||= has_statement__normalize_statements
  statements = has_statement__focus_on_sid(@normalized_statements, criteria)
  statements.any? do |statement|
    true && \
      has_statement__effect(statement, criteria) && \
      has_statement__array_criterion(:action, statement, criteria) && \
      has_statement__array_criterion(:resource, statement, criteria)
  end
end

#policyObject



80
81
82
83
84
85
86
87
88
89
90
# File 'lib/resources/aws/aws_iam_policy.rb', line 80

def policy
  return nil unless exists?
  return @policy if defined?(@policy)

  catch_aws_errors do
    backend = BackendFactory.create(inspec_runner)
    gpv_response = backend.get_policy_version(policy_arn: arn, version_id: default_version_id)
    @policy = JSON.parse(URI.decode_www_form_component(gpv_response.policy_version.document))
  end
  @policy
end

#statement_countObject



92
93
94
95
96
97
98
99
100
101
102
103
# File 'lib/resources/aws/aws_iam_policy.rb', line 92

def statement_count
  return nil unless exists?

  # Typically it is an array of statements
  if policy["Statement"].is_a? Array
    policy["Statement"].count
  else
    # But if there is one statement, it is permissable to degenerate the array,
    # and place the statement as a hash directly under the 'Statement' key
    1
  end
end

#to_sObject



39
40
41
# File 'lib/resources/aws/aws_iam_policy.rb', line 39

def to_s
  "Policy #{@policy_name}"
end