From aba401851bcba1c92080055091ee627c1a632612 Mon Sep 17 00:00:00 2001 From: Mark Peek Date: Mon, 24 May 2021 07:08:33 -0700 Subject: [PATCH] Add static definitions for Conditions to allow for better linting --- MANIFEST.in | 1 + awacs/aws.py | 674 ++++++++++++++++++++++++++++++--- scripts/generate_conditions.py | 62 +++ 3 files changed, 688 insertions(+), 49 deletions(-) create mode 100755 scripts/generate_conditions.py diff --git a/MANIFEST.in b/MANIFEST.in index 7267514d..a12dd022 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -10,3 +10,4 @@ recursive-include tests *.py exclude Makefile exclude mypy.ini recursive-exclude scrape * +recursive-exclude scripts * diff --git a/awacs/aws.py b/awacs/aws.py index 7007b541..a71ac70c 100644 --- a/awacs/aws.py +++ b/awacs/aws.py @@ -205,52 +205,628 @@ class PolicyDocument(Policy): pass -_condition_strings = [ - "ArnEquals", - "ArnNotEquals", - "ArnLike", - "ArnNotLike", - "Bool", - "DateEquals", - "DateNotEquals", - "DateLessThan", - "DateLessThanEquals", - "DateGreaterThan", - "DateGreaterThanEquals", - "IpAddress", - "NotIpAddress", - "Null", - "NumericEquals", - "NumericNotEquals", - "NumericLessThan", - "NumericLessThanEquals", - "NumericGreaterThan", - "NumericGreaterThanEquals", - "StringEquals", - "StringNotEquals", - "StringEqualsIgnoreCase", - "StringNotEqualsIgnoreCase", - "StringLike", - "StringNotLike", -] - -_condition_qualifier_strings = ["ForAnyValue", "ForAllValues"] - - -def make_condition(type_name: str, condition_name: str) -> None: - globals()[type_name] = type( - type_name, (ConditionElement,), dict(condition=condition_name) - ) - globals()[type_name + "IfExists"] = type( - type_name + "IfExists", - (ConditionElement,), - dict(condition=condition_name + "IfExists"), - ) - - -# Create condition classes -for i in _condition_strings: - make_condition(i, i) - - for qual in _condition_qualifier_strings: - make_condition(qual + i, "%s:%s" % (qual, i)) +# Generated Conditions + + +class ArnEquals(ConditionElement): + condition = "ArnEquals" + + +class ArnEqualsIfExists(ConditionElement): + condition = "ArnEqualsIfExists" + + +class ForAnyValueArnEquals(ConditionElement): + condition = "ForAnyValue:ArnEquals" + + +class ForAnyValueArnEqualsIfExists(ConditionElement): + condition = "ForAnyValue:ArnEqualsIfExists" + + +class ForAllValuesArnEquals(ConditionElement): + condition = "ForAllValues:ArnEquals" + + +class ForAllValuesArnEqualsIfExists(ConditionElement): + condition = "ForAllValues:ArnEqualsIfExists" + + +class ArnNotEquals(ConditionElement): + condition = "ArnNotEquals" + + +class ArnNotEqualsIfExists(ConditionElement): + condition = "ArnNotEqualsIfExists" + + +class ForAnyValueArnNotEquals(ConditionElement): + condition = "ForAnyValue:ArnNotEquals" + + +class ForAnyValueArnNotEqualsIfExists(ConditionElement): + condition = "ForAnyValue:ArnNotEqualsIfExists" + + +class ForAllValuesArnNotEquals(ConditionElement): + condition = "ForAllValues:ArnNotEquals" + + +class ForAllValuesArnNotEqualsIfExists(ConditionElement): + condition = "ForAllValues:ArnNotEqualsIfExists" + + +class ArnLike(ConditionElement): + condition = "ArnLike" + + +class ArnLikeIfExists(ConditionElement): + condition = "ArnLikeIfExists" + + +class ForAnyValueArnLike(ConditionElement): + condition = "ForAnyValue:ArnLike" + + +class ForAnyValueArnLikeIfExists(ConditionElement): + condition = "ForAnyValue:ArnLikeIfExists" + + +class ForAllValuesArnLike(ConditionElement): + condition = "ForAllValues:ArnLike" + + +class ForAllValuesArnLikeIfExists(ConditionElement): + condition = "ForAllValues:ArnLikeIfExists" + + +class ArnNotLike(ConditionElement): + condition = "ArnNotLike" + + +class ArnNotLikeIfExists(ConditionElement): + condition = "ArnNotLikeIfExists" + + +class ForAnyValueArnNotLike(ConditionElement): + condition = "ForAnyValue:ArnNotLike" + + +class ForAnyValueArnNotLikeIfExists(ConditionElement): + condition = "ForAnyValue:ArnNotLikeIfExists" + + +class ForAllValuesArnNotLike(ConditionElement): + condition = "ForAllValues:ArnNotLike" + + +class ForAllValuesArnNotLikeIfExists(ConditionElement): + condition = "ForAllValues:ArnNotLikeIfExists" + + +class Bool(ConditionElement): + condition = "Bool" + + +class BoolIfExists(ConditionElement): + condition = "BoolIfExists" + + +class ForAnyValueBool(ConditionElement): + condition = "ForAnyValue:Bool" + + +class ForAnyValueBoolIfExists(ConditionElement): + condition = "ForAnyValue:BoolIfExists" + + +class ForAllValuesBool(ConditionElement): + condition = "ForAllValues:Bool" + + +class ForAllValuesBoolIfExists(ConditionElement): + condition = "ForAllValues:BoolIfExists" + + +class DateEquals(ConditionElement): + condition = "DateEquals" + + +class DateEqualsIfExists(ConditionElement): + condition = "DateEqualsIfExists" + + +class ForAnyValueDateEquals(ConditionElement): + condition = "ForAnyValue:DateEquals" + + +class ForAnyValueDateEqualsIfExists(ConditionElement): + condition = "ForAnyValue:DateEqualsIfExists" + + +class ForAllValuesDateEquals(ConditionElement): + condition = "ForAllValues:DateEquals" + + +class ForAllValuesDateEqualsIfExists(ConditionElement): + condition = "ForAllValues:DateEqualsIfExists" + + +class DateNotEquals(ConditionElement): + condition = "DateNotEquals" + + +class DateNotEqualsIfExists(ConditionElement): + condition = "DateNotEqualsIfExists" + + +class ForAnyValueDateNotEquals(ConditionElement): + condition = "ForAnyValue:DateNotEquals" + + +class ForAnyValueDateNotEqualsIfExists(ConditionElement): + condition = "ForAnyValue:DateNotEqualsIfExists" + + +class ForAllValuesDateNotEquals(ConditionElement): + condition = "ForAllValues:DateNotEquals" + + +class ForAllValuesDateNotEqualsIfExists(ConditionElement): + condition = "ForAllValues:DateNotEqualsIfExists" + + +class DateLessThan(ConditionElement): + condition = "DateLessThan" + + +class DateLessThanIfExists(ConditionElement): + condition = "DateLessThanIfExists" + + +class ForAnyValueDateLessThan(ConditionElement): + condition = "ForAnyValue:DateLessThan" + + +class ForAnyValueDateLessThanIfExists(ConditionElement): + condition = "ForAnyValue:DateLessThanIfExists" + + +class ForAllValuesDateLessThan(ConditionElement): + condition = "ForAllValues:DateLessThan" + + +class ForAllValuesDateLessThanIfExists(ConditionElement): + condition = "ForAllValues:DateLessThanIfExists" + + +class DateLessThanEquals(ConditionElement): + condition = "DateLessThanEquals" + + +class DateLessThanEqualsIfExists(ConditionElement): + condition = "DateLessThanEqualsIfExists" + + +class ForAnyValueDateLessThanEquals(ConditionElement): + condition = "ForAnyValue:DateLessThanEquals" + + +class ForAnyValueDateLessThanEqualsIfExists(ConditionElement): + condition = "ForAnyValue:DateLessThanEqualsIfExists" + + +class ForAllValuesDateLessThanEquals(ConditionElement): + condition = "ForAllValues:DateLessThanEquals" + + +class ForAllValuesDateLessThanEqualsIfExists(ConditionElement): + condition = "ForAllValues:DateLessThanEqualsIfExists" + + +class DateGreaterThan(ConditionElement): + condition = "DateGreaterThan" + + +class DateGreaterThanIfExists(ConditionElement): + condition = "DateGreaterThanIfExists" + + +class ForAnyValueDateGreaterThan(ConditionElement): + condition = "ForAnyValue:DateGreaterThan" + + +class ForAnyValueDateGreaterThanIfExists(ConditionElement): + condition = "ForAnyValue:DateGreaterThanIfExists" + + +class ForAllValuesDateGreaterThan(ConditionElement): + condition = "ForAllValues:DateGreaterThan" + + +class ForAllValuesDateGreaterThanIfExists(ConditionElement): + condition = "ForAllValues:DateGreaterThanIfExists" + + +class DateGreaterThanEquals(ConditionElement): + condition = "DateGreaterThanEquals" + + +class DateGreaterThanEqualsIfExists(ConditionElement): + condition = "DateGreaterThanEqualsIfExists" + + +class ForAnyValueDateGreaterThanEquals(ConditionElement): + condition = "ForAnyValue:DateGreaterThanEquals" + + +class ForAnyValueDateGreaterThanEqualsIfExists(ConditionElement): + condition = "ForAnyValue:DateGreaterThanEqualsIfExists" + + +class ForAllValuesDateGreaterThanEquals(ConditionElement): + condition = "ForAllValues:DateGreaterThanEquals" + + +class ForAllValuesDateGreaterThanEqualsIfExists(ConditionElement): + condition = "ForAllValues:DateGreaterThanEqualsIfExists" + + +class IpAddress(ConditionElement): + condition = "IpAddress" + + +class IpAddressIfExists(ConditionElement): + condition = "IpAddressIfExists" + + +class ForAnyValueIpAddress(ConditionElement): + condition = "ForAnyValue:IpAddress" + + +class ForAnyValueIpAddressIfExists(ConditionElement): + condition = "ForAnyValue:IpAddressIfExists" + + +class ForAllValuesIpAddress(ConditionElement): + condition = "ForAllValues:IpAddress" + + +class ForAllValuesIpAddressIfExists(ConditionElement): + condition = "ForAllValues:IpAddressIfExists" + + +class NotIpAddress(ConditionElement): + condition = "NotIpAddress" + + +class NotIpAddressIfExists(ConditionElement): + condition = "NotIpAddressIfExists" + + +class ForAnyValueNotIpAddress(ConditionElement): + condition = "ForAnyValue:NotIpAddress" + + +class ForAnyValueNotIpAddressIfExists(ConditionElement): + condition = "ForAnyValue:NotIpAddressIfExists" + + +class ForAllValuesNotIpAddress(ConditionElement): + condition = "ForAllValues:NotIpAddress" + + +class ForAllValuesNotIpAddressIfExists(ConditionElement): + condition = "ForAllValues:NotIpAddressIfExists" + + +class Null(ConditionElement): + condition = "Null" + + +class NullIfExists(ConditionElement): + condition = "NullIfExists" + + +class ForAnyValueNull(ConditionElement): + condition = "ForAnyValue:Null" + + +class ForAnyValueNullIfExists(ConditionElement): + condition = "ForAnyValue:NullIfExists" + + +class ForAllValuesNull(ConditionElement): + condition = "ForAllValues:Null" + + +class ForAllValuesNullIfExists(ConditionElement): + condition = "ForAllValues:NullIfExists" + + +class NumericEquals(ConditionElement): + condition = "NumericEquals" + + +class NumericEqualsIfExists(ConditionElement): + condition = "NumericEqualsIfExists" + + +class ForAnyValueNumericEquals(ConditionElement): + condition = "ForAnyValue:NumericEquals" + + +class ForAnyValueNumericEqualsIfExists(ConditionElement): + condition = "ForAnyValue:NumericEqualsIfExists" + + +class ForAllValuesNumericEquals(ConditionElement): + condition = "ForAllValues:NumericEquals" + + +class ForAllValuesNumericEqualsIfExists(ConditionElement): + condition = "ForAllValues:NumericEqualsIfExists" + + +class NumericNotEquals(ConditionElement): + condition = "NumericNotEquals" + + +class NumericNotEqualsIfExists(ConditionElement): + condition = "NumericNotEqualsIfExists" + + +class ForAnyValueNumericNotEquals(ConditionElement): + condition = "ForAnyValue:NumericNotEquals" + + +class ForAnyValueNumericNotEqualsIfExists(ConditionElement): + condition = "ForAnyValue:NumericNotEqualsIfExists" + + +class ForAllValuesNumericNotEquals(ConditionElement): + condition = "ForAllValues:NumericNotEquals" + + +class ForAllValuesNumericNotEqualsIfExists(ConditionElement): + condition = "ForAllValues:NumericNotEqualsIfExists" + + +class NumericLessThan(ConditionElement): + condition = "NumericLessThan" + + +class NumericLessThanIfExists(ConditionElement): + condition = "NumericLessThanIfExists" + + +class ForAnyValueNumericLessThan(ConditionElement): + condition = "ForAnyValue:NumericLessThan" + + +class ForAnyValueNumericLessThanIfExists(ConditionElement): + condition = "ForAnyValue:NumericLessThanIfExists" + + +class ForAllValuesNumericLessThan(ConditionElement): + condition = "ForAllValues:NumericLessThan" + + +class ForAllValuesNumericLessThanIfExists(ConditionElement): + condition = "ForAllValues:NumericLessThanIfExists" + + +class NumericLessThanEquals(ConditionElement): + condition = "NumericLessThanEquals" + + +class NumericLessThanEqualsIfExists(ConditionElement): + condition = "NumericLessThanEqualsIfExists" + + +class ForAnyValueNumericLessThanEquals(ConditionElement): + condition = "ForAnyValue:NumericLessThanEquals" + + +class ForAnyValueNumericLessThanEqualsIfExists(ConditionElement): + condition = "ForAnyValue:NumericLessThanEqualsIfExists" + + +class ForAllValuesNumericLessThanEquals(ConditionElement): + condition = "ForAllValues:NumericLessThanEquals" + + +class ForAllValuesNumericLessThanEqualsIfExists(ConditionElement): + condition = "ForAllValues:NumericLessThanEqualsIfExists" + + +class NumericGreaterThan(ConditionElement): + condition = "NumericGreaterThan" + + +class NumericGreaterThanIfExists(ConditionElement): + condition = "NumericGreaterThanIfExists" + + +class ForAnyValueNumericGreaterThan(ConditionElement): + condition = "ForAnyValue:NumericGreaterThan" + + +class ForAnyValueNumericGreaterThanIfExists(ConditionElement): + condition = "ForAnyValue:NumericGreaterThanIfExists" + + +class ForAllValuesNumericGreaterThan(ConditionElement): + condition = "ForAllValues:NumericGreaterThan" + + +class ForAllValuesNumericGreaterThanIfExists(ConditionElement): + condition = "ForAllValues:NumericGreaterThanIfExists" + + +class NumericGreaterThanEquals(ConditionElement): + condition = "NumericGreaterThanEquals" + + +class NumericGreaterThanEqualsIfExists(ConditionElement): + condition = "NumericGreaterThanEqualsIfExists" + + +class ForAnyValueNumericGreaterThanEquals(ConditionElement): + condition = "ForAnyValue:NumericGreaterThanEquals" + + +class ForAnyValueNumericGreaterThanEqualsIfExists(ConditionElement): + condition = "ForAnyValue:NumericGreaterThanEqualsIfExists" + + +class ForAllValuesNumericGreaterThanEquals(ConditionElement): + condition = "ForAllValues:NumericGreaterThanEquals" + + +class ForAllValuesNumericGreaterThanEqualsIfExists(ConditionElement): + condition = "ForAllValues:NumericGreaterThanEqualsIfExists" + + +class StringEquals(ConditionElement): + condition = "StringEquals" + + +class StringEqualsIfExists(ConditionElement): + condition = "StringEqualsIfExists" + + +class ForAnyValueStringEquals(ConditionElement): + condition = "ForAnyValue:StringEquals" + + +class ForAnyValueStringEqualsIfExists(ConditionElement): + condition = "ForAnyValue:StringEqualsIfExists" + + +class ForAllValuesStringEquals(ConditionElement): + condition = "ForAllValues:StringEquals" + + +class ForAllValuesStringEqualsIfExists(ConditionElement): + condition = "ForAllValues:StringEqualsIfExists" + + +class StringNotEquals(ConditionElement): + condition = "StringNotEquals" + + +class StringNotEqualsIfExists(ConditionElement): + condition = "StringNotEqualsIfExists" + + +class ForAnyValueStringNotEquals(ConditionElement): + condition = "ForAnyValue:StringNotEquals" + + +class ForAnyValueStringNotEqualsIfExists(ConditionElement): + condition = "ForAnyValue:StringNotEqualsIfExists" + + +class ForAllValuesStringNotEquals(ConditionElement): + condition = "ForAllValues:StringNotEquals" + + +class ForAllValuesStringNotEqualsIfExists(ConditionElement): + condition = "ForAllValues:StringNotEqualsIfExists" + + +class StringEqualsIgnoreCase(ConditionElement): + condition = "StringEqualsIgnoreCase" + + +class StringEqualsIgnoreCaseIfExists(ConditionElement): + condition = "StringEqualsIgnoreCaseIfExists" + + +class ForAnyValueStringEqualsIgnoreCase(ConditionElement): + condition = "ForAnyValue:StringEqualsIgnoreCase" + + +class ForAnyValueStringEqualsIgnoreCaseIfExists(ConditionElement): + condition = "ForAnyValue:StringEqualsIgnoreCaseIfExists" + + +class ForAllValuesStringEqualsIgnoreCase(ConditionElement): + condition = "ForAllValues:StringEqualsIgnoreCase" + + +class ForAllValuesStringEqualsIgnoreCaseIfExists(ConditionElement): + condition = "ForAllValues:StringEqualsIgnoreCaseIfExists" + + +class StringNotEqualsIgnoreCase(ConditionElement): + condition = "StringNotEqualsIgnoreCase" + + +class StringNotEqualsIgnoreCaseIfExists(ConditionElement): + condition = "StringNotEqualsIgnoreCaseIfExists" + + +class ForAnyValueStringNotEqualsIgnoreCase(ConditionElement): + condition = "ForAnyValue:StringNotEqualsIgnoreCase" + + +class ForAnyValueStringNotEqualsIgnoreCaseIfExists(ConditionElement): + condition = "ForAnyValue:StringNotEqualsIgnoreCaseIfExists" + + +class ForAllValuesStringNotEqualsIgnoreCase(ConditionElement): + condition = "ForAllValues:StringNotEqualsIgnoreCase" + + +class ForAllValuesStringNotEqualsIgnoreCaseIfExists(ConditionElement): + condition = "ForAllValues:StringNotEqualsIgnoreCaseIfExists" + + +class StringLike(ConditionElement): + condition = "StringLike" + + +class StringLikeIfExists(ConditionElement): + condition = "StringLikeIfExists" + + +class ForAnyValueStringLike(ConditionElement): + condition = "ForAnyValue:StringLike" + + +class ForAnyValueStringLikeIfExists(ConditionElement): + condition = "ForAnyValue:StringLikeIfExists" + + +class ForAllValuesStringLike(ConditionElement): + condition = "ForAllValues:StringLike" + + +class ForAllValuesStringLikeIfExists(ConditionElement): + condition = "ForAllValues:StringLikeIfExists" + + +class StringNotLike(ConditionElement): + condition = "StringNotLike" + + +class StringNotLikeIfExists(ConditionElement): + condition = "StringNotLikeIfExists" + + +class ForAnyValueStringNotLike(ConditionElement): + condition = "ForAnyValue:StringNotLike" + + +class ForAnyValueStringNotLikeIfExists(ConditionElement): + condition = "ForAnyValue:StringNotLikeIfExists" + + +class ForAllValuesStringNotLike(ConditionElement): + condition = "ForAllValues:StringNotLike" + + +class ForAllValuesStringNotLikeIfExists(ConditionElement): + condition = "ForAllValues:StringNotLikeIfExists" diff --git a/scripts/generate_conditions.py b/scripts/generate_conditions.py new file mode 100755 index 00000000..c90b6196 --- /dev/null +++ b/scripts/generate_conditions.py @@ -0,0 +1,62 @@ +#!/usr/bin/env python3 + +condition_strings = [ + "ArnEquals", + "ArnNotEquals", + "ArnLike", + "ArnNotLike", + "Bool", + "DateEquals", + "DateNotEquals", + "DateLessThan", + "DateLessThanEquals", + "DateGreaterThan", + "DateGreaterThanEquals", + "IpAddress", + "NotIpAddress", + "Null", + "NumericEquals", + "NumericNotEquals", + "NumericLessThan", + "NumericLessThanEquals", + "NumericGreaterThan", + "NumericGreaterThanEquals", + "StringEquals", + "StringNotEquals", + "StringEqualsIgnoreCase", + "StringNotEqualsIgnoreCase", + "StringLike", + "StringNotLike", +] + +condition_qualifier_strings = ["ForAnyValue", "ForAllValues"] + + +def make_condition(type_name: str, condition_name: str) -> None: + print(f'class {type_name}(ConditionElement):') + print(f' condition = "{condition_name}"') + print("") + print("") + print(f'class {type_name}IfExists(ConditionElement):') + print(f' condition = "{condition_name}IfExists"') + print("") + print("") + + # Previous dynamic creation in aws.py + # + # globals()[type_name] = type( + # type_name, (ConditionElement,), dict(condition=condition_name) + # ) + # globals()[type_name + "IfExists"] = type( + # type_name + "IfExists", + # (ConditionElement,), + # dict(condition=condition_name + "IfExists"), + # ) + + +# Create condition classes +for condition in condition_strings: + make_condition(condition, condition) + + for qual in condition_qualifier_strings: + make_condition(f"{qual}{condition}", f"{qual}:{condition}")