feat: validate a single scp resolves #18

aquia-inc · Apr 28, 2023 · d83c2ae · d83c2ae
1 parent 60f2e11
commit d83c2ae
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 22 deletions.
diff --git a/scpkit/main.py b/scpkit/main.py
@@ -5,15 +5,16 @@
 Options:
     -h --help                   Show this screen.
     --version                   Show version.
-    --sourcefiles sourcefiles   Directory path to SCP files in json format
+    --sourcefiles sourcefiles   Directory path to SCP files in json format or a single SCP file
     --outdir outdir             Directory to write new SCP files [Default: ./]
     --profile profile           AWS profile name
     --validate-after-merge      Validate the policies after merging them
     --readable                  Leave indentation and some whitespace to make the SCPs readable
 """
 from docopt import docopt
 from .src.validate import validate_policies
-from .src.merge import scp_merge, get_files_in_dir
+from .src.merge import scp_merge
+from .src.util import get_files_in_dir
 
 def main():
     arguments = {

diff --git a/scpkit/src/merge.py b/scpkit/src/merge.py
@@ -1,4 +1,4 @@
-from .util import write_json, find_key_in_json, load_json, make_actions_and_resources_lists, dump_json
+from .util import write_json, find_key_in_json, load_json, make_actions_and_resources_lists, dump_json, get_files_in_dir
 from copy import deepcopy
 from pathlib import Path
 from .model import SCP
@@ -86,19 +86,6 @@ def scp_merge(**kwargs):
         validate_policies(scps, kwargs['profile'], kwargs['outdir'])
 
 
-def get_files_in_dir(folder):
-    """Loads all JSON files from a directory
-    Args:
-        folder (str): Folder that contains JSON files
-    Returns:
-        [list]: list of JSON content from all files
-    """
-
-    p = Path(folder)
-    all_content = [ SCP(name=file.name, content=load_json(file)) for file in list(p.glob('**/*.json')) ]
-    return all_content
-
-
 def combine_similar_sids(content):
     """Combines SIDs that have the same Resource, Effect, and Condition (if exists)
 

diff --git a/scpkit/src/util.py b/scpkit/src/util.py
@@ -1,5 +1,6 @@
 import json
 from pathlib import Path
+from .model import SCP
 
 
 def load_json(filepath):
@@ -49,16 +50,27 @@ def dump_json(content, readable=False):
         return json.dumps(content)
 
 
-def get_filepaths_in_dir(folder):
-    """Loads all JSON filepaths from a directory
+def get_files_in_dir(filepath):
+    """Loads all JSON files from a directory
     Args:
-        folder (str): Folder that contains JSON files
+        filepath (str): Folder that contains JSON files or an individual json file
     Returns:
-        [list]: list of JSON files in a directory
+        [list]: list of JSON content from all files
     """
 
-    p = Path(folder)
-    all_content = [ file for file in list(p.glob('**/*.json')) ]
+    p = Path(filepath)
+
+    if not p.exists():
+        raise FileNotFoundError(f"The file {p} does not exist.")
+
+    if p.is_dir(): 
+        p = list(p.glob('**/*.json'))
+    elif p.is_file():
+        p = [p]
+    else:
+        raise Exception
+
+    all_content = [ SCP(name=file.name, content=load_json(file)) for file in p ]
     return all_content
 
 

diff --git a/tests/testfiles/test-scp-1.json b/tests/testfiles/test-scp-1.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Deny",
+            "Action": [
+                "account:DisableRegion",
+                "account:EnableRegion"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/tests/testfiles/test-scp-2.json b/tests/testfiles/test-scp-2.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Effect": "Deny",
+        "Action": "ec2:RunInstances",
+        "Resource": "arn:aws:ec2:*:*:instance/*",
+        "Condition": {
+            "StringNotEquals": {
+                "ec2:MetadataHttpTokens": "required"
+            }
+        }
+      }
+    ]
+}