Skip to content
This repository has been archived by the owner on Jun 26, 2023. It is now read-only.

Commit

Permalink
Merge pull request duo-labs#223 from duo-labs/lru_cache
Browse files Browse the repository at this point in the history
Lru cache
  • Loading branch information
0xdabbad00 authored Sep 6, 2022
2 parents dad4197 + ba58b69 commit 1ead655
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 22 deletions.
4 changes: 2 additions & 2 deletions parliament/__init__.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
"""
This library is a linter for AWS IAM policies.
"""
__version__ = "1.6.0"
__version__ = "1.6.1"

import fnmatch
import functools
Expand Down Expand Up @@ -229,7 +229,7 @@ def is_glob_match(s1, s2):
return s1[0] == s2[0] and is_glob_match(s1[1:], s2[1:])


@functools.lru_cache(maxsize=1024)
@functools.lru_cache(maxsize=10240)
def expand_action(action, raise_exceptions=True):
"""
Converts "iam:*List*" to
Expand Down
9 changes: 9 additions & 0 deletions parliament/statement.py
Original file line number Diff line number Diff line change
Expand Up @@ -147,12 +147,16 @@ def is_valid_account_id(str):
"aws:CalledViaLast": "String",
"aws:CurrentTime": "Date",
"aws:EpochTime": "Date", # This needs to accept Date or Numeric
"aws:FederatedProvider": "String",
"aws:MultiFactorAuthAge": "Numeric",
"aws:MultiFactorAuthPresent": "Bool",
"aws:PrincipalAccount": "String",
"aws:PrincipalOrgID": "String",
"aws:PrincipalArn": "Arn",
"aws:PrincipalIsAWSService": "Bool",
"aws:PrincipalOrgPaths": "String",
"aws:PrincipalServiceName": "String",
"aws:PrincipalServiceNamesList": "String",
"aws:PrincipalTag": "String",
"aws:PrincipalType": "String",
"aws:RequestedRegion": "String",
Expand All @@ -162,11 +166,16 @@ def is_valid_account_id(str):
"aws:PrincipalTag/*": "String",
"aws:PrincipalType": "String",
"aws:Referer": "String",
"aws:RequestedRegion": "String",
"aws:RequestTag/*": "String",
"aws:ResourceAccount": "String",
"aws:ResourceOrgID": "String",
"aws:ResourceOrgPaths": "String",
"aws:ResourceTag/*": "String",
"aws:SecureTransport": "Bool",
"aws:SourceAccount": "String",
"aws:SourceArn": "Arn",
"aws:SourceIdentity": "String",
"aws:SourceIp": "Ip",
"aws:SourceVpc": "String",
"aws:SourceVpce": "String",
Expand Down
34 changes: 14 additions & 20 deletions tests/unit/test_action_expansion.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,42 +9,36 @@ class TestActionExpansion:

def test_expand_action_no_expansion(self):
expanded_actions = expand_action("s3:listallmybuckets")
assert (
len(expanded_actions),
len([{"service": "s3", "action": "ListAllMyBuckets"}]),
assert len(expanded_actions) == len(
[{"service": "s3", "action": "ListAllMyBuckets"}]
)

def test_expand_action_with_expansion(self):
expanded_actions = expand_action("s3:listallmybucke*")
assert (
len(expanded_actions),
len([{"service": "s3", "action": "ListAllMyBuckets"}]),
assert len(expanded_actions) == len(
[{"service": "s3", "action": "ListAllMyBuckets"}]
)

def test_expand_action_with_casing(self):
expanded_actions = expand_action("iAm:li*sTuS*rs")
assert (len(expanded_actions), len([{"service": "iam", "action": "ListUsers"}]))
assert len(expanded_actions) == len([{"service": "iam", "action": "ListUsers"}])

def test_expand_action_with_expansion_for_prefix_used_multiple_times(self):
expanded_actions = expand_action("ses:Describe*")
assert (
len(expanded_actions),
len(
[
{"service": "ses", "action": "DescribeActiveReceiptRuleSet"},
{"service": "ses", "action": "DescribeConfigurationSet"},
{"service": "ses", "action": "DescribeReceiptRule"},
{"service": "ses", "action": "DescribeReceiptRuleSet"},
]
),
assert len(expanded_actions) == len(
[
{"service": "ses", "action": "DescribeActiveReceiptRuleSet"},
{"service": "ses", "action": "DescribeConfigurationSet"},
{"service": "ses", "action": "DescribeReceiptRule"},
{"service": "ses", "action": "DescribeReceiptRuleSet"},
]
)

def test_expand_action_with_permission_only_action(self):
# There are 17 privileges list as "logs.CreateLogDelivery [permission only]"
expanded_actions = expand_action("logs:GetLogDelivery")
assert (
len(expanded_actions),
len([{"service": "logs", "action": "GetLogDelivery"}]),
assert len(expanded_actions) == len(
[{"service": "logs", "action": "GetLogDelivery"}]
)

def test_exception_malformed(self):
Expand Down

0 comments on commit 1ead655

Please sign in to comment.