Skip to content

feat: expand capability of '*' querying action table #521

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Dec 4, 2024

Conversation

Scribbd
Copy link
Contributor

@Scribbd Scribbd commented Nov 25, 2024

What does this PR do?

This change expands the capability of using policy_sentry query action-table -s [service] -n "*" to also be able to filter based on a prefix. Example:

policy_sentry query action-table -s s3 -n "GetObject*"                                                                                                            21:20:33
{
    "s3": [
        {
            "action": "s3:GetObject",
            "description": "Grants permission to retrieve objects from Amazon S3",
            "access_level": "Read",
            "api_documentation_link": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html",
            "resource_arn_format": "arn:${Partition}:s3:::${BucketName}/${ObjectName}",
            "condition_keys": [],
            "dependent_actions": []
        },
        ...
        {
            "action": "s3:GetObjectAcl",
            "description": "Grants permission to return the access control list (ACL) of an object",
            "access_level": "Read",
            "api_documentation_link": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html",
            "resource_arn_format": "arn:${Partition}:s3:::${BucketName}/${ObjectName}",
            "condition_keys": [],
            "dependent_actions": []
        },
        ...
}

Normally, I use something like policy_sentry query action-table -s s3 | grep "s3:List*" to see what permissions I give when using stars in my policies. But occasionally, I just need a little more information than just a plain text list.

What gif best describes this PR or how it makes you feel?

Just making a little adjustment. Bones.

Completion checklist

Let me know if more tests are needed.

@Scribbd
Copy link
Contributor Author

Scribbd commented Nov 26, 2024

It looks like I am failing on a workflow that is using python 3.8. Is this intended and should I reimplement the change that is compatible with the eol python 3.8?

@gruebel
Copy link
Collaborator

gruebel commented Nov 28, 2024

let's wait till end of this month. then I will do a new release with an updated DB. After that I will remove Python 3.8 support.

@gruebel
Copy link
Collaborator

gruebel commented Dec 1, 2024

@Scribbd Ok, I dropped Python 3.8. So, feel free to rebase your PR.

Copy link
Collaborator

@gruebel gruebel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks, looks good 🍻

@gruebel gruebel merged commit 1e64b8b into salesforce:master Dec 4, 2024
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants