in social-media/create-aml-model.py [0:0]
def determine_changed_bucket_policy(existing_bucket_policy, target_bucket_policy):
if existing_bucket_policy == '':
return target_bucket_policy
json_policy = json.loads(existing_bucket_policy)
target_statement = json.loads(target_bucket_policy)['Statement'][0]
target_resource_arn = target_statement['Resource'][0]
for statement in json_policy['Statement']:
if (
statement.has_key('Principal') and
statement['Principal'].has_key('Service') and
statement['Principal']['Service'] == 'machinelearning.amazonaws.com' and
statement['Effect'] == "Allow" and
"s3:GetObject" in statement['Action']
):
if target_resource_arn == statement['Resource'] or target_resource_arn in statement['Resource']:
# no change required
return None
elif isinstance(statement['Resource'], str) or isinstance(statement['Resource'], unicode):
# convert the resource value to a list
statement['Resource'] = [statement['Resource']]
# If we reach here then we know that resource is a list that doesn't contain target_resource_arn
statement['Resource'].append(target_resource_arn)
return json.dumps(json_policy)
# If we reach here then we know that simplest change is to append the desired statement into the policy.
json_policy['Statement'].append(target_statement)
return json.dumps(json_policy)