tomzx/policy-evaluator

Policy evaluator based on AWS AMI Policies.

dev-master / 0.1.x-dev 2018-02-19 23:16 UTC

This package is auto-updated.

Last update: 2024-10-10 08:04:18 UTC


README

License Latest Stable Version Latest Unstable Version Build Status Code Quality Code Coverage Total Downloads

Policy Evaluator is a simple system based on AWS Policies. Given a set of statements, Policy Evaluator will then be able to answers to queries about whether this set of policies is allowed (or not) to perform a given action on a given resource.

Getting started

php composer.phar require tomzx/policy-evaluator

Example

use tomzx\PolicyEvaluator\Evaluator;
use tomzx\PolicyEvaluator\Resource;

Resource::$prefix = 'arn';

$evaluator = new Evaluator([
	'Statement' => [
		[
			'Action' => 'service:*',
			'Resource' => 'arn:aws:*',
			'Effect' => 'Allow',
		],
		[
			'Action' => 's3:*',
			'Resource' => 'arn:aws:s3:::my-bucket/*',
			'Effect' => 'Allow',
		],
	],
]);

$evaluator->canExecuteActionOnResource('service:test', 'arn:aws:test');
$evaluator->canExecuteActionOnResource('s3:GetObject', 'arn:aws:s3:::my-bucket/some-file');

Variables support

use tomzx\PolicyEvaluator\Evaluator;
use tomzx\PolicyEvaluator\Resource;

Resource::$prefix = 'arn';

$evaluator = new Evaluator([
	'Statement' => [
		[
			'Action' => 'service:*',
			'Resource' => 'arn:aws:${aws:username}',
			'Effect' => 'Allow',
		],
	],
]);

$evaluator->canExecuteActionOnResource('service:test', 'arn:aws:test', [
    'aws:username' => 'someUsername',
]);

License

The code is licensed under the MIT license. See LICENSE.