- class EffectivePrincipal(inclusion, exclusions=None)
EffectivePrincipals are the representation of the difference between an Principal and its exclusion.
The allowed Principal is the difference (subtraction) of the excluded Principals from the included Principal.
- exclusions: FrozenSet[policyglass.effective_arp.T]
Exclusions must always be a subset of the include and must not be subsets of each other
- inclusion: policyglass.effective_arp.T
Inclusion must be a superset of any exclusions
- class Principal(type, value)
A class which represents a single Principal including its type.
Objects of this type are typically generated by the
- Return type
- __init__(type, value)
Create a new model by parsing and validating input data from keyword arguments.
Raises ValidationError if the input data cannot be parsed to form a valid model.
- property account_id: Optional[str]
Return the account id of this Principal if there is one.
- property arn_elements: List[str]
Return a list of arn elements, replacing blanks with
- property is_account: bool
Return true if the prinncipal is an account.
Whether this object contains all the elements of another object (i.e. is a subset of the other object).
other (object) – The object to determine if our object contains.
ValueError – If the other object is not of the same type as this object.
- Return type
- class PrincipalCollection
A collection of Principals of different types, unique to PolicyGlass.
- class PrincipalType
A principal type, e.g. Federated or AWS.
See AWS JSON policy elements: Principal for more.