我正在编写一个 python 脚本来扫描所有 S3 存储桶和文件。我希望脚本记录策略文档中向公众公开的每个文件,我的意思是它具有: "Effect": "Allow"
和 "Principal": "*"
.所以我的代码中有这一行:
bucket_policy = storageClient.get_bucket_policy(Bucket='mybucket-documents-2017')
print(bucket_policy)
它返回一个字符串:
{
'Policy':
u'{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"",
"Effect":"Allow",
"Principal":
{"AWS":"arn:aws:iam::000000000000:user/myuser"},
"Action":"s3:GetObject",
"Resource":"arn:aws:s3:::mybucket-documents-2017/*"
},
{
"Sid":"",
"Effect":"Allow",
"Principal":{"AWS":"arn:aws:iam::0000000000000:user/myuser"},
"Action":"s3:PutObject",
"Resource":"arn:aws:s3:::mybucket-documents-2017/*"
}]
}',
'ResponseMetadata': {
'HTTPStatusCode': 200, 'RetryAttempts': 0, 'HostId': '0EkHM/G1rnRjZH3lhTim1uaDG+5dCJmbJAhSVTnniGsNZIAl6SOMlYgbJOR0XAJOtzmXuu/CSd0=', 'RequestId': '037CADEB6342E9C
2', 'HTTPHeaders': {'x-amz-id-2': '0EkHM/G1rnRjZH3lhTim1uaDG+5dCJmbJAhSVTnniGsNZIAl6SOMlYgbJOR0XAJOtzmXuu/CSd0=', 'server': 'AmazonS3', 'transfer-encoding': 'chunked', 'x-amz-request-id': '037CADEB634
2E9C2', 'date': 'Fri, 11 Aug 2017 10:03:21 GMT', 'content-type': 'application/json'}
}
}
当我做类似的事情时:
for policy in bucket_policy:
print(policy[0])
或
for policy in bucket_policy['Policy']:
print(policy[0])
我什么也没得到。
如何通过解析策略文档来获取Effect
和Principal
的值?
最佳答案
您需要首先将该字符串加载到 native 数据类型中:
import json
policy = json.loads(bucket_policy['Policy'])
这将允许您循环遍历 Statement
数组。
for statement in policy['statement']:
print(statement['Effect'])
关于python - 如何解析 boto3 的政策文档响应,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45635232/