moto/scripts/update_managed_policies.py

81 lines
2.3 KiB
Python
Raw Normal View History

#!/usr/bin/env python
# This updates our local copies of AWS' managed policies
# Invoked via `make update_managed_policies`
#
# Credit goes to
# https://gist.github.com/gene1wood/55b358748be3c314f956
from botocore.exceptions import NoCredentialsError
from datetime import datetime
import boto3
import json
import sys
output_file = "./moto/iam/aws_managed_policies.py"
def json_serial(obj):
"""JSON serializer for objects not serializable by default json code"""
if isinstance(obj, datetime):
serial = obj.isoformat()
return serial
raise TypeError("Type not serializable")
2020-10-06 06:46:05 +00:00
client = boto3.client("iam")
policies = {}
2020-10-06 06:46:05 +00:00
paginator = client.get_paginator("list_policies")
try:
2020-10-06 06:46:05 +00:00
response_iterator = paginator.paginate(Scope="AWS")
for response in response_iterator:
2020-10-06 06:46:05 +00:00
for policy in response["Policies"]:
policy.pop("AttachmentCount", None)
policy.pop("IsAttachable", None)
policy.pop("IsDefaultVersion", None)
policy.pop("PolicyId", None)
policy_name = policy.pop("PolicyName")
policies[policy_name] = policy
except NoCredentialsError:
print("USAGE:")
print("Put your AWS credentials into ~/.aws/credentials and run:")
print(__file__)
print("")
print("Or specify them on the command line:")
2020-10-06 06:46:05 +00:00
print(
"AWS_ACCESS_KEY_ID=your_personal_access_key AWS_SECRET_ACCESS_KEY=your_personal_secret {}".format(
__file__
)
)
print("")
sys.exit(1)
for policy_name in policies:
# We don't need the ARN afterwards
policy_arn = policies[policy_name].pop("Arn")
response = client.get_policy_version(
PolicyArn=policy_arn,
2020-10-06 06:46:05 +00:00
VersionId=policies[policy_name]["DefaultVersionId"],
)
for key in response["PolicyVersion"]:
if key in ["DefaultVersionId", "Path", "Document", "UpdateDate"]:
2020-10-06 06:46:05 +00:00
policies[policy_name][key] = response["PolicyVersion"][key]
2020-10-06 06:46:05 +00:00
with open(output_file, "w") as f:
triple_quote = '"""'
f.write("# Imported via `make aws_managed_policies`\n")
2020-10-06 06:46:05 +00:00
f.write("aws_managed_policies_data = {}\n".format(triple_quote))
f.write(
json.dumps(
policies,
sort_keys=True,
indent=1,
separators=(",", ":"),
2020-10-06 06:46:05 +00:00
default=json_serial,
)
)
f.write("{}\n".format(triple_quote))