Collected TODOs in the header of the access_control file.

2019-07-26 21:23:15 +02:00 · 2019-07-26 21:23:15 +02:00 · de70d1787c
commit de70d1787c
parent f3f47d44ac
1 changed files with 14 additions and 2 deletions
--- a/moto/core/access_control.py
+++ b/moto/core/access_control.py
@ -1,3 +1,17 @@
+"""
+This implementation is NOT complete, there are many things to improve.
+The following is a list of the most important missing features and inaccuracies.
+
+TODO add support for more principals, apart from IAM users and assumed IAM roles
+TODO add support for the Resource and Condition parts of IAM policies
+TODO add support and create tests for all services in moto (for example, API Gateway is probably not supported currently)
+TODO implement service specific error messages (currently, EC2 and S3 are supported separately, everything else defaults to the errors IAM returns)
+TODO include information about the action's resource in error messages (once the Resource element in IAM policies is supported)
+TODO check all other actions that are performed by the action called by the user (for example, autoscaling:CreateAutoScalingGroup requires permission for iam:CreateServiceLinkedRole too - see https://docs.aws.amazon.com/autoscaling/ec2/userguide/control-access-using-iam.html)
+TODO add support for resource-based policies
+
+"""
+
 import json
 import logging
 import re
@ -319,8 +333,6 @@ class IAMPolicyStatement(object):
            if self._check_element_matches("Action", action):
                is_action_concerned = True

-        # TODO: check Resource/NotResource and Condition
-
        if is_action_concerned:
            if self._statement["Effect"] == "Allow":
                return PermissionResult.PERMITTED