Principal

Principal classes.

class EffectivePrincipal(inclusion, exclusions=None)

EffectivePrincipals are the representation of the difference between an Principal and its exclusion.

The allowed Principal is the difference (subtraction) of the excluded Principals from the included Principal.

exclusions: FrozenSet[policyglass.effective_arp.T]

Exclusions must always be a subset of the include and must not be subsets of each other

inclusion: policyglass.effective_arp.T

Inclusion must be a superset of any exclusions

class Principal(type, value)

A class which represents a single Principal including its type.

Objects of this type are typically generated by the Statement class.

Parameters
Return type

None

__init__(type, value)

Create a new model by parsing and validating input data from keyword arguments.

Raises ValidationError if the input data cannot be parsed to form a valid model.

Parameters
Return type

None

property account_id: Optional[str]

Return the account id of this Principal if there is one.

property arn_elements: List[str]

Return a list of arn elements, replacing blanks with "".

property is_account: bool

Return true if the prinncipal is an account.

issubset(other)

Whether this object contains all the elements of another object (i.e. is a subset of the other object).

Parameters

other (object) – The object to determine if our object contains.

Raises

ValueError – If the other object is not of the same type as this object.

Return type

bool

type: policyglass.principal.PrincipalType

Principal Type

value: policyglass.principal.PrincipalValue

Principal value

class PrincipalCollection

A collection of Principals of different types, unique to PolicyGlass.

property principals: List[policyglass.principal.Principal]
class PrincipalType

A principal type, e.g. Federated or AWS.

See AWS JSON policy elements: Principal for more.

class PrincipalValue

An ARN, wildcard, or other appropriate value of a policy Principal.

See AWS JSON policy elements: Principal for more.