in qs_cfn_lint_rules/IAMResourceWildcard.py [0:0]
def determine_wildcard_resource_violations(cfn, policy_path):
def _determine_if_safe(iam_method):
if iam_method.endswith('*'):
return True
return resource_only.get(iam_method, False)
violating_methods = []
policy = deep_get(cfn.template, policy_path, [])
if policy['Effect'] == 'Deny':
return violating_methods
if policy.get('Condition'):
return violating_methods
if isinstance(policy['Action'], six.string_types):
if not _determine_if_safe(policy['Action']):
violating_methods.append(policy_path + ['Action'])
if isinstance(policy['Action'], list):
for idx, iam_method in enumerate(policy['Action']):
if isinstance(iam_method, list):
for idxx, ia in enumerate(iam_method):
if not _determine_if_safe(ia):
violating_methods.append(policy_path + ['Action', idxx])
elif not _determine_if_safe(iam_method):
violating_methods.append(policy_path + ['Action', idx])
return violating_methods