def policy_sort()

in modular_api/web_service/iam.py [0:0]

• 31 lines of code
• 14 McCabe index (conditional complexity)

def policy_sort(policy_list: list) -> dict:
    """
    Sort all user policies by "Effect" - Allow/Deny.
    """
    deny_actions = dict()
    allow_actions = dict()
    # todo check for old-style policies, remove after 3.85 prod update
    for item in policy_list:
        if item.get('Group') or item.get('MountPoint'):
            _LOG.error(f'Found old style RBAC v1 policy. Some policy still '
                       f'contains "MountPoint":"{item.get("MountPoint")}" and/or'
                       f' "Group":"{item.get("Group")}"')
            raise ModularApiConfigurationException(
                f'Invalid policies detected. Please contact support team'
            )
    # =====
    for item in policy_list:
        module = item['Module']
        allow = True if item['Effect'] == ALLOW else False
        resources = item['Resources']
        if allow:
            if module not in allow_actions.keys():
                allow_actions[module] = []
            allow_actions[module].extend(resources)
        else:
            if module not in deny_actions.keys():
                deny_actions[module] = []
            deny_actions[module].extend(resources)

    policy = {ALLOW: set(), DENY: set()}
    for module, items in allow_actions.items():
        for value in items:
            policy[ALLOW].add(f'/{module}@{value}')
    for module, items in deny_actions.items():
        for value in items:
            policy[DENY].add(f'/{module}@{value}')

    return policy