Python 3.x 如何从AWS策略文档中获取操作值并将其存储为列表?
我需要从AWS策略文档中获取“操作”值。 在某些策略中,操作值有一个值列表(如策略1),在某些策略中,操作有一个字符串值(如策略2) 我需要的是: 我想从策略中获取操作值并将其存储为列表 (此处,策略1给出了预期输出,但策略2失败。) 政策1:Python 3.x 如何从AWS策略文档中获取操作值并将其存储为列表?,python-3.x,string,list,amazon-web-services,amazon-iam,Python 3.x,String,List,Amazon Web Services,Amazon Iam,我需要从AWS策略文档中获取“操作”值。 在某些策略中,操作值有一个值列表(如策略1),在某些策略中,操作有一个字符串值(如策略2) 我需要的是: 我想从策略中获取操作值并将其存储为列表 (此处,策略1给出了预期输出,但策略2失败。) 政策1: document_values: [{'Version': '2012-10-17', 'Statement': [{'Sid': 'VisualEditor0', 'Effect': 'Allow', 'Action': ['iam:CreateIns
document_values:
[{'Version': '2012-10-17', 'Statement': [{'Sid': 'VisualEditor0', 'Effect': 'Allow', 'Action': ['iam:CreateInstanceProfile', 'iam:DeleteInstanceProfile', 'iam:GetRole', 'iam:GetInstanceProfile', 'iam:GetPolicy', 'iam:ListGroupPolicies', 'iam:GetAccessKeyLastUsed'],'Resource': ['arn:aws:iam::*:policy/*','arn:aws:iam::*:instance-profile/*']}, {'Sid': 'VisualEditor1', 'Effect': 'Allow', 'Action': ['iam:ListPolicies', 'iam:ListRoles', 'iam:ListGroups'],'Resource': '*'}]}]
['iam:CreateInstanceProfile', 'iam:DeleteInstanceProfile', 'iam:GetRole', 'iam:GetInstanceProfile', 'iam:GetPolicy', 'iam:ListGroupPolicies', 'iam:GetAccessKeyLastUsed','iam:ListPolicies', 'iam:ListRoles', 'iam:ListGroups']
document_values:
[{'Version': '2012-10-17', 'Statement': [{'Sid': 'VisualEditor0', 'Effect': 'Allow', 'Action': 'sts:AssumeRole', 'Resource':'*"}]}]
['s', 't', 's', ':', 'A', 's', 's', 'u', 'm', 'e', 'R', 'o', 'l', 'e']
['sts:AsseumeRole']
输出-策略1:
document_values:
[{'Version': '2012-10-17', 'Statement': [{'Sid': 'VisualEditor0', 'Effect': 'Allow', 'Action': ['iam:CreateInstanceProfile', 'iam:DeleteInstanceProfile', 'iam:GetRole', 'iam:GetInstanceProfile', 'iam:GetPolicy', 'iam:ListGroupPolicies', 'iam:GetAccessKeyLastUsed'],'Resource': ['arn:aws:iam::*:policy/*','arn:aws:iam::*:instance-profile/*']}, {'Sid': 'VisualEditor1', 'Effect': 'Allow', 'Action': ['iam:ListPolicies', 'iam:ListRoles', 'iam:ListGroups'],'Resource': '*'}]}]
['iam:CreateInstanceProfile', 'iam:DeleteInstanceProfile', 'iam:GetRole', 'iam:GetInstanceProfile', 'iam:GetPolicy', 'iam:ListGroupPolicies', 'iam:GetAccessKeyLastUsed','iam:ListPolicies', 'iam:ListRoles', 'iam:ListGroups']
document_values:
[{'Version': '2012-10-17', 'Statement': [{'Sid': 'VisualEditor0', 'Effect': 'Allow', 'Action': 'sts:AssumeRole', 'Resource':'*"}]}]
['s', 't', 's', ':', 'A', 's', 's', 'u', 'm', 'e', 'R', 'o', 'l', 'e']
['sts:AsseumeRole']
政策2:
document_values:
[{'Version': '2012-10-17', 'Statement': [{'Sid': 'VisualEditor0', 'Effect': 'Allow', 'Action': ['iam:CreateInstanceProfile', 'iam:DeleteInstanceProfile', 'iam:GetRole', 'iam:GetInstanceProfile', 'iam:GetPolicy', 'iam:ListGroupPolicies', 'iam:GetAccessKeyLastUsed'],'Resource': ['arn:aws:iam::*:policy/*','arn:aws:iam::*:instance-profile/*']}, {'Sid': 'VisualEditor1', 'Effect': 'Allow', 'Action': ['iam:ListPolicies', 'iam:ListRoles', 'iam:ListGroups'],'Resource': '*'}]}]
['iam:CreateInstanceProfile', 'iam:DeleteInstanceProfile', 'iam:GetRole', 'iam:GetInstanceProfile', 'iam:GetPolicy', 'iam:ListGroupPolicies', 'iam:GetAccessKeyLastUsed','iam:ListPolicies', 'iam:ListRoles', 'iam:ListGroups']
document_values:
[{'Version': '2012-10-17', 'Statement': [{'Sid': 'VisualEditor0', 'Effect': 'Allow', 'Action': 'sts:AssumeRole', 'Resource':'*"}]}]
['s', 't', 's', ':', 'A', 's', 's', 'u', 'm', 'e', 'R', 'o', 'l', 'e']
['sts:AsseumeRole']
产出政策2:
document_values:
[{'Version': '2012-10-17', 'Statement': [{'Sid': 'VisualEditor0', 'Effect': 'Allow', 'Action': ['iam:CreateInstanceProfile', 'iam:DeleteInstanceProfile', 'iam:GetRole', 'iam:GetInstanceProfile', 'iam:GetPolicy', 'iam:ListGroupPolicies', 'iam:GetAccessKeyLastUsed'],'Resource': ['arn:aws:iam::*:policy/*','arn:aws:iam::*:instance-profile/*']}, {'Sid': 'VisualEditor1', 'Effect': 'Allow', 'Action': ['iam:ListPolicies', 'iam:ListRoles', 'iam:ListGroups'],'Resource': '*'}]}]
['iam:CreateInstanceProfile', 'iam:DeleteInstanceProfile', 'iam:GetRole', 'iam:GetInstanceProfile', 'iam:GetPolicy', 'iam:ListGroupPolicies', 'iam:GetAccessKeyLastUsed','iam:ListPolicies', 'iam:ListRoles', 'iam:ListGroups']
document_values:
[{'Version': '2012-10-17', 'Statement': [{'Sid': 'VisualEditor0', 'Effect': 'Allow', 'Action': 'sts:AssumeRole', 'Resource':'*"}]}]
['s', 't', 's', ':', 'A', 's', 's', 'u', 'm', 'e', 'R', 'o', 'l', 'e']
['sts:AsseumeRole']
政策2的预期产出:
document_values:
[{'Version': '2012-10-17', 'Statement': [{'Sid': 'VisualEditor0', 'Effect': 'Allow', 'Action': ['iam:CreateInstanceProfile', 'iam:DeleteInstanceProfile', 'iam:GetRole', 'iam:GetInstanceProfile', 'iam:GetPolicy', 'iam:ListGroupPolicies', 'iam:GetAccessKeyLastUsed'],'Resource': ['arn:aws:iam::*:policy/*','arn:aws:iam::*:instance-profile/*']}, {'Sid': 'VisualEditor1', 'Effect': 'Allow', 'Action': ['iam:ListPolicies', 'iam:ListRoles', 'iam:ListGroups'],'Resource': '*'}]}]
['iam:CreateInstanceProfile', 'iam:DeleteInstanceProfile', 'iam:GetRole', 'iam:GetInstanceProfile', 'iam:GetPolicy', 'iam:ListGroupPolicies', 'iam:GetAccessKeyLastUsed','iam:ListPolicies', 'iam:ListRoles', 'iam:ListGroups']
document_values:
[{'Version': '2012-10-17', 'Statement': [{'Sid': 'VisualEditor0', 'Effect': 'Allow', 'Action': 'sts:AssumeRole', 'Resource':'*"}]}]
['s', 't', 's', ':', 'A', 's', 's', 'u', 'm', 'e', 'R', 'o', 'l', 'e']
['sts:AsseumeRole']
Python代码:
我正在为这两个策略执行相同的代码
inline_services = [j for i in [i['Action'] for i in document_values[0]['Statement']] for j in i]
print(inline_services)
如何从策略文档中获取操作值,而不考虑字符串或列表..?您可以创建简单的函数,而不是编写长列表理解:
p1 = [{'Version': '2012-10-17', 'Statement': [{'Sid': 'VisualEditor0', 'Effect': 'Allow', 'Action': ['iam:CreateInstanceProfile', 'iam:DeleteInstanceProfile', 'iam:GetRole', 'iam:GetInstanceProfile', 'iam:GetPolicy', 'iam:ListGroupPolicies', 'iam:GetAccessKeyLastUsed'],'Resource': ['arn:aws:iam::*:policy/*','arn:aws:iam::*:instance-profile/*']}, {'Sid': 'VisualEditor1', 'Effect': 'Allow', 'Action': ['iam:ListPolicies', 'iam:ListRoles', 'iam:ListGroups'],'Resource': '*'}]}]
p2 = [{'Version': '2012-10-17', 'Statement': [{'Sid': 'VisualEditor0', 'Effect': 'Allow', 'Action': 'sts:AssumeRole', 'Resource':'*'}]}]
def get_actions(policy_doc):
actions_list = []
for i in policy_doc[0]['Statement']:
actions_list += i['Action'] if isinstance(i['Action'], list) else [i['Action']]
return actions_list
print(get_actions(p1))
print(get_actions(p2))
输出:
['iam:CreateInstanceProfile', 'iam:DeleteInstanceProfile', 'iam:GetRole', 'iam:GetInstanceProfile', 'iam:GetPolicy', 'iam:ListGroupPolicies', 'iam:GetAccessKeyLastUsed', 'iam:ListPolicies', 'iam:ListRoles', 'iam:ListGroups']
['sts:AssumeRole']