in qs_cfn_lint_rules/IAMResourceWildcard.py [0:0]
def determine_changes(self, cfn):
PERMS = determine_perms()
subs = []
# raise
_policy_paths = []
for match in self.match(cfn):
if match.policy_path in _policy_paths:
continue
_policy_paths.append(match.policy_path)
for _ppath in _policy_paths:
m2a= {}
_new_policies = []
policy = deep_get(cfn.template, _ppath, [])
# raise
for a in policy['Action']:
if isinstance(a, list) and (len(a) == 1):
a = a[0]
if PERMS.get(a):
for m in PERMS[a]:
if m2a.get(m):
m2a[m].add(a)
else:
m2a[m] = {a}
ignore = []
mod_policy = []
for _p1 in policy['Action']:
if isinstance(_p1, list):
for _p2 in _p1:
mod_policy.append(_p2)
else:
mod_policy.append(_p1)
for rn in sorted(m2a, key=lambda k:len(m2a[k])):
_al = [k for k in m2a[rn] if k not in ignore]
if _al:
_new_policies.append({'Effect':'Allow','Action':_al,'Resource':{'Fn::Ref':rn}})
ignore += _al
subs.append((_ppath, policy, _new_policies, {'append_after':True}))
for a in ignore:
subs.append(RuleMatch(_ppath + ['Action', mod_policy.index(a)], "WHATEVER", delete_lines=True))
# raise
return subs