Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Guess" missing events #22

Closed
flosell opened this issue Dec 21, 2017 · 1 comment
Closed

"Guess" missing events #22

flosell opened this issue Dec 21, 2017 · 1 comment
Labels
enhancement

Comments

@flosell
Copy link
Owner

flosell commented Dec 21, 2017
edited
Loading

AS AN engineer that wants to create policies for terraform or cloudformation runs
I WANT trailscraper to guess permissions that likely are also necessary for the same infrastructure
SO THAT the generated policy works not only for the exact circumstances (e.g. an initial terraform apply) but also similar ones (e.g. terraform destroy/update of resources)

Examples

  • We saw an event for iam:DeleteAccessKey so we also add iam:CreateAccessKey, iam:UpdateAccessKey and iam:ListAccessKeys

Notes

  • Cloudonauts sources could possibly be used as a datasource to generate which IAM permissions exist
  • Once we have a good list of IAM permissions we can find matching ones, e.g. Delete{Something} and Describe{Something} when we have a Create{Something} event
  • This could be a separate command to make it more flexible and composable: 
    $ trailscraper generate-policy | trailscraper expand-policy
@flosell flosell mentioned this issue Dec 21, 2017
Closed
@flosell flosell mentioned this issue May 20, 2018
Open
flosell added a commit that referenced this issue Jun 9, 2018
@flosell
Unify format for known iam actions to simplify code and compare diffe…
1cfd7c7 
…rent sources more easily #22
flosell added a commit that referenced this issue Jun 9, 2018
@flosell
Add basic support for guessing additional actions #22
353ee28
flosell added a commit that referenced this issue Jun 9, 2018
@flosell
Make linter happy #22
a6e8ca1
flosell added a commit that referenced this issue Jun 9, 2018
@flosell
Make imports in tests work in all python versions #22
e8f639b
flosell added a commit that referenced this issue Jun 10, 2018
@flosell
Add support for guessing Attach/Detach #22
aad8f60
flosell added a commit that referenced this issue Jun 10, 2018
@flosell
Make linter happy #22
ba7c76f
flosell added a commit that referenced this issue Jun 10, 2018
@flosell
Add support for guessing List #22
00d35a6
flosell added a commit that referenced this issue Jun 10, 2018
@flosell
Add notes for more actions still missing #22
f97e86e
flosell added a commit that referenced this issue Jun 10, 2018
@flosell
Add support for guessing Put and Get and plural List #22
d7ec40c
flosell added a commit that referenced this issue Jun 10, 2018
@flosell
Add notes for more actions still missing #22
6459eab
flosell added a commit that referenced this issue Jun 10, 2018
@flosell
Fix test naming for guessing #22
e576d92
flosell added a commit that referenced this issue Jun 10, 2018
@flosell
Allow customizing which actions are being guessed #22
a50d4a3
flosell added a commit that referenced this issue Jun 10, 2018
@flosell
Add documentation and changelog entry for guess command #22
d0d066e
@flosell
Copy link
Owner Author

flosell commented Jun 10, 2018

Basic support added trailscraper guess. More coverage and smarter guessing will be split out into separate issues

@flosell flosell closed this as completed Jun 10, 2018
This was referenced Jun 10, 2018
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@flosell