in taskcat/iam_policy/policy.py [0:0]
def _policy_from_resource_types(self, resource_types: List[str]):
with open(self._data_file_path, encoding="utf-8") as _f:
data = json.load(_f)
_policy = {"Version": "2012-10-17", "Statement": []}
_statements: dict = {
"create": set(),
"read": set(),
"update": set(),
"delete": set(),
}
for resource in resource_types:
for k, v in data.get(
resource, self._generate_placeholder(resource)
).items():
for action in v:
_statements[k].add(action)
for k, v in _statements.items():
_policy["Statement"].append(
{
"Sid": f"{k.upper()}Actions",
"Effect": "Allow",
"Action": sorted(v),
"Resource": "*",
}
)
LOG.warning(
"NOTE: The generated IAM policy will contain <service>:* IAM Actions where a"
+ " coverage gap exists within the CloudFormation Resource Spec"
)
LOG.warning(
"Provide feedback to the CloudFormation team via: "
+ "https://github.com/aws-cloudformation/cloudformation-coverage-roadmap "
)
return _policy