Merge pull request #5 from adamburns7933/fix-exclude-arg

Fix exclude arg
primeharbor · Sep 7, 2024 · fc57235 · fc57235
2 parents b3dc6ff + 3cba5e2
commit fc57235
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 2 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
-iam_definition.json
+iam_definition.json
+venv/
diff --git a/README.md b/README.md
@@ -23,6 +23,16 @@ The addition of an action to these lists can be subjective. Is a pull request in
 
 The script [policy-generation.py](scripts/policy-generation.py) allows you to customize your policies to an extent. If there are specific actions you want to exclude from the explicit deny, you can specify them using `--exclude-actions`. If there are a handful of resource ARNs that you need to access, say a specific S3 Bucket, you can use the `--exclude-resources` flag, and they will be added to the policy using a `NotResource` field.
 
+First, install the script's dependencies. A [Python venv](https://docs.python.org/3/library/venv.html) is an easy way:
+
+```bash
+python3 -m venv venv
+source venv/bin/activate
+pip install -r requirements.txt
+```
+
+Then you can run the script:
+
 ```bash
 usage: policy-generation.py [-h] [--debug] --risk {PrivEsc,ResourceExposure,CredentialExposure,DataAccess,ALL}
                             [--exclude-resources EXCLUDE_RESOURCES [EXCLUDE_RESOURCES ...]]

diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1 @@
+PyYAML==6.0.2
diff --git a/scripts/policy-generation.py b/scripts/policy-generation.py
@@ -52,7 +52,7 @@ def main(args):
             statement['Resource'] = "*"
 
         for action_name in action_list[risk_type]['Actions']:
-            if action_name.lower in excluded_actions:
+            if action_name.lower() in excluded_actions:
                 continue
             if type(action_name) is str:
                 statement['Action'].append(action_name)