Kinnaird McQuade kmcquade

## sqlite3-diff.sh
#!/usr/bin/env bash

cp policy_sentry/shared/data/aws.sqlite3 ~/.policy_sentry/db-old.sqlite3
policy_sentry initialize --fetch
cp ~/.policy_sentry/aws.sqlite3 ~/.policy_sentry/db-new.sqlite3

sqlite3 -header -csv ~/.policy_sentry/db-old.sqlite3 "select service, name, description, access_level, resource_type_name, resource_type_name_append_wildcard, resource_arn_format, condition_keys, dependent_actions from actiontable;" > actiontable-old.csv
sqlite3 -header -csv ~/.policy_sentry/db-old.sqlite3 "select resource_type_name, raw_arn, arn, partition, service, region, account, resource, resource_path, condition_keys from arntable;" > arntable-old.csv
sqlite3 -header -csv ~/.policy_sentry/db-old.sqlite3 "select service, condition_key_name, condition_key_service, description, condition_value_type from conditiontable;" > conditiontable-old.csv

## jlongman.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "A4bTaggingDevice",
            "Effect": "Allow",
            "Action": [
                "a4b:tagresource",
                "a4b:untagresource"
            ],

## jlongman-short.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "A4bTaggingDevice",
            "Effect": "Allow",
            "Action": [
                "a4b:t*",
                "a4b:un*"
            ],

## crud-result.yml
mode: crud
read:
- 'arn:aws:ssm:us-east-1:123456789012:parameter/myparameter'
write:
- 'arn:aws:ssm:us-east-1:123456789012:parameter/myparameter'
list:
- 'arn:aws:ssm:us-east-1:123456789012:parameter/myparameter'
tagging:
- 'arn:aws:secretsmanager:us-east-1:123456789012:secret:mysecret'
permissions-management:

## crud-input.yml
mode: crud
name: ''
# Specify resource ARNs
read:
- ''
write:
- ''
list:
- ''
tagging:

## crud-result.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "SsmReadParameter",
            "Effect": "Allow",
            "Action": [
                "ssm:GetParameter",
                "ssm:GetParameterHistory",
                "ssm:GetParameters",

## manual-policy-1.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject"
      ],
      "Resource": "arn:aws:s3:::my-bucket/*"
    }

## manual-policy-2.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Ec2WriteSecuritygroup",
            "Effect": "Allow",
            "Action": [
                "ec2:AuthorizeSecurityGroupEngress",
                "ec2:AuthorizeSecurityGroupIngress"
            ],

## bad-wildcard-policy.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject"
      ],
      "Resource": "*"
    }

## example-get-account-authorization-details.json
{
  "UserDetailList": [
    {
      "Path": "/",
      "UserName": "obama",
      "UserId": "YAAAAASSQUEEEN",
      "Arn": "arn:aws:iam::012345678901:user/obama",
      "CreateDate": "2019-12-18 19:10:08+00:00",
      "GroupList": [
        "admin"
	#!/usr/bin/env bash

	cp policy_sentry/shared/data/aws.sqlite3 ~/.policy_sentry/db-old.sqlite3
	policy_sentry initialize --fetch
	cp ~/.policy_sentry/aws.sqlite3 ~/.policy_sentry/db-new.sqlite3

	sqlite3 -header -csv ~/.policy_sentry/db-old.sqlite3 "select service, name, description, access_level, resource_type_name, resource_type_name_append_wildcard, resource_arn_format, condition_keys, dependent_actions from actiontable;" > actiontable-old.csv
	sqlite3 -header -csv ~/.policy_sentry/db-old.sqlite3 "select resource_type_name, raw_arn, arn, partition, service, region, account, resource, resource_path, condition_keys from arntable;" > arntable-old.csv
	sqlite3 -header -csv ~/.policy_sentry/db-old.sqlite3 "select service, condition_key_name, condition_key_service, description, condition_value_type from conditiontable;" > conditiontable-old.csv
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "A4bTaggingDevice",
	"Effect": "Allow",
	"Action": [
	"a4b:tagresource",
	"a4b:untagresource"
	],
	mode: crud
	read:
	- 'arn:aws:ssm:us-east-1:123456789012:parameter/myparameter'
	write:
	- 'arn:aws:ssm:us-east-1:123456789012:parameter/myparameter'
	list:
	- 'arn:aws:ssm:us-east-1:123456789012:parameter/myparameter'
	tagging:
	- 'arn:aws:secretsmanager:us-east-1:123456789012:secret:mysecret'
	permissions-management:
	mode: crud
	name: ''
	# Specify resource ARNs
	read:
	- ''
	write:
	- ''
	list:
	- ''
	tagging:
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "SsmReadParameter",
	"Effect": "Allow",
	"Action": [
	"ssm:GetParameter",
	"ssm:GetParameterHistory",
	"ssm:GetParameters",
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "Ec2WriteSecuritygroup",
	"Effect": "Allow",
	"Action": [
	"ec2:AuthorizeSecurityGroupEngress",
	"ec2:AuthorizeSecurityGroupIngress"
	],
	{
	"UserDetailList": [
	{
	"Path": "/",
	"UserName": "obama",
	"UserId": "YAAAAASSQUEEEN",
	"Arn": "arn:aws:iam::012345678901:user/obama",
	"CreateDate": "2019-12-18 19:10:08+00:00",
	"GroupList": [
	"admin"