Module `core.default.resources.simple.iam`

Set of constructs for adding permissions and authorization

Expand source code

"""Set of constructs for adding permissions and authorization

"""

from typing import Dict, FrozenSet, List, Optional, Union

from core.constructs.models import ImmutableModel
from core.constructs.cloud_output import Cloud_Output_Str
from core.constructs.types import cdev_str_model, cdev_str
from core.utils import hasher


class permission_model(ImmutableModel):
    actions: FrozenSet[str]
    cloud_id: cdev_str_model
    effect: str
    resource_suffix: Optional[str]
    hash: str

    class Config:
        use_enum_values = True
        # Beta Feature but should be fine since this is simple data
        frozen = True


class permission_arn_model(ImmutableModel):
    arn: str
    hash: str

    class Config:
        use_enum_values = True
        # Beta Feature but should be fine since this is simple data
        frozen = True


class Permission:
    """
    Permission that can be attached to a resource to give it permission to access other resources.
    """

    def __init__(
        self,
        actions: List[str],
        cloud_id: cdev_str,
        effect: str,
        resource_suffix: Optional[str] = "",
    ) -> None:
        """
        Arguments:
            actions (List[str]): List of the actions that this policy will include
            cloud_id (cdev_str): The cloud id of the resource that is giving the permission
            effect ('Allow', 'Deny'): Allow or Deny the permission
            resource_suffix (Optional[str]): Some permissions need suffixes added to the looked up aws resource (i.e. dynamodb streams )
        """
        self.actions = actions
        self.cloud_id = cloud_id
        self.effect = effect
        self.resource_suffix = resource_suffix

    def render(self) -> permission_model:

        return permission_model(
            actions=frozenset(self.actions),
            cloud_id=self.cloud_id.render()
            if isinstance(self.cloud_id, Cloud_Output_Str)
            else self.cloud_id,
            effect=self.effect,
            hash=self.hash(),
        )

    def hash(self) -> str:
        _hash = hasher.hash_list(
            [
                hasher.hash_list(self.actions),
                self.cloud_id.hash()
                if isinstance(self.cloud_id, Cloud_Output_Str)
                else self.cloud_id,
                self.effect,
            ]
        )

        return _hash


class PermissionArn:
    """
    Id of a permission that is already deployed on the cloud.
    """

    def __init__(self, arn: str) -> None:
        self.arn = arn

    def render(self) -> permission_arn_model:
        return permission_arn_model(arn=self.arn, hash=self.hash())

    def hash(self) -> str:
        return hasher.hash_string(self.arn)

Classes

class Permission (actions: List[str], cloud_id: ~cdev_str, effect: str, resource_suffix: Optional[str] = '')

Permission that can be attached to a resource to give it permission to access other resources.

Arguments

actions (List[str]): List of the actions that this policy will include cloud_id (cdev_str): The cloud id of the resource that is giving the permission effect ('Allow', 'Deny'): Allow or Deny the permission resource_suffix (Optional[str]): Some permissions need suffixes added to the looked up aws resource (i.e. dynamodb streams )

Expand source code

class Permission:
    """
    Permission that can be attached to a resource to give it permission to access other resources.
    """

    def __init__(
        self,
        actions: List[str],
        cloud_id: cdev_str,
        effect: str,
        resource_suffix: Optional[str] = "",
    ) -> None:
        """
        Arguments:
            actions (List[str]): List of the actions that this policy will include
            cloud_id (cdev_str): The cloud id of the resource that is giving the permission
            effect ('Allow', 'Deny'): Allow or Deny the permission
            resource_suffix (Optional[str]): Some permissions need suffixes added to the looked up aws resource (i.e. dynamodb streams )
        """
        self.actions = actions
        self.cloud_id = cloud_id
        self.effect = effect
        self.resource_suffix = resource_suffix

    def render(self) -> permission_model:

        return permission_model(
            actions=frozenset(self.actions),
            cloud_id=self.cloud_id.render()
            if isinstance(self.cloud_id, Cloud_Output_Str)
            else self.cloud_id,
            effect=self.effect,
            hash=self.hash(),
        )

    def hash(self) -> str:
        _hash = hasher.hash_list(
            [
                hasher.hash_list(self.actions),
                self.cloud_id.hash()
                if isinstance(self.cloud_id, Cloud_Output_Str)
                else self.cloud_id,
                self.effect,
            ]
        )

        return _hash

Methods

def hash(self) ‑> str

Expand source code

def hash(self) -> str:
    _hash = hasher.hash_list(
        [
            hasher.hash_list(self.actions),
            self.cloud_id.hash()
            if isinstance(self.cloud_id, Cloud_Output_Str)
            else self.cloud_id,
            self.effect,
        ]
    )

    return _hash

def render(self) ‑> permission_model

Expand source code

def render(self) -> permission_model:

    return permission_model(
        actions=frozenset(self.actions),
        cloud_id=self.cloud_id.render()
        if isinstance(self.cloud_id, Cloud_Output_Str)
        else self.cloud_id,
        effect=self.effect,
        hash=self.hash(),
    )

class PermissionArn (arn: str)

Id of a permission that is already deployed on the cloud.

Expand source code

class PermissionArn:
    """
    Id of a permission that is already deployed on the cloud.
    """

    def __init__(self, arn: str) -> None:
        self.arn = arn

    def render(self) -> permission_arn_model:
        return permission_arn_model(arn=self.arn, hash=self.hash())

    def hash(self) -> str:
        return hasher.hash_string(self.arn)

Methods

def hash(self) ‑> str

Expand source code

def hash(self) -> str:
    return hasher.hash_string(self.arn)

def render(self) ‑> permission_arn_model

Expand source code

def render(self) -> permission_arn_model:
    return permission_arn_model(arn=self.arn, hash=self.hash())

class permission_arn_model (**data: Any)

Create a new model by parsing and validating input data from keyword arguments.

Raises ValidationError if the input data cannot be parsed to form a valid model.

Expand source code

class permission_arn_model(ImmutableModel):
    arn: str
    hash: str

    class Config:
        use_enum_values = True
        # Beta Feature but should be fine since this is simple data
        frozen = True

Ancestors

ImmutableModel
pydantic.main.BaseModel
pydantic.utils.Representation

Class variables

var Config
var arn : str
var hash : str

class permission_model (**data: Any)

Create a new model by parsing and validating input data from keyword arguments.

Raises ValidationError if the input data cannot be parsed to form a valid model.

Expand source code

class permission_model(ImmutableModel):
    actions: FrozenSet[str]
    cloud_id: cdev_str_model
    effect: str
    resource_suffix: Optional[str]
    hash: str

    class Config:
        use_enum_values = True
        # Beta Feature but should be fine since this is simple data
        frozen = True

Ancestors

ImmutableModel
pydantic.main.BaseModel
pydantic.utils.Representation

Class variables

var Config
var actions : FrozenSet[str]
var cloud_id : ~cdev_str_model
var effect : str
var hash : str
var resource_suffix : Optional[str]