@cloud-copilot/iam-collect 0.1.68 → 0.1.69
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/indexing/indexMap.d.ts.map +1 -1
- package/dist/cjs/indexing/indexMap.js +2 -0
- package/dist/cjs/indexing/indexMap.js.map +1 -1
- package/dist/cjs/indexing/indexers/iamPrincipalsToTrustPolicies.d.ts +7 -0
- package/dist/cjs/indexing/indexers/iamPrincipalsToTrustPolicies.d.ts.map +1 -0
- package/dist/cjs/indexing/indexers/iamPrincipalsToTrustPolicies.js +59 -0
- package/dist/cjs/indexing/indexers/iamPrincipalsToTrustPolicies.js.map +1 -0
- package/dist/esm/indexing/indexMap.d.ts.map +1 -1
- package/dist/esm/indexing/indexMap.js +2 -0
- package/dist/esm/indexing/indexMap.js.map +1 -1
- package/dist/esm/indexing/indexers/iamPrincipalsToTrustPolicies.d.ts +7 -0
- package/dist/esm/indexing/indexers/iamPrincipalsToTrustPolicies.d.ts.map +1 -0
- package/dist/esm/indexing/indexers/iamPrincipalsToTrustPolicies.js +56 -0
- package/dist/esm/indexing/indexers/iamPrincipalsToTrustPolicies.js.map +1 -0
- package/package.json +2 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"indexMap.d.ts","sourceRoot":"","sources":["../../../src/indexing/indexMap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAoB,MAAM,gBAAgB,CAAA;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;
|
|
1
|
+
{"version":3,"file":"indexMap.d.ts","sourceRoot":"","sources":["../../../src/indexing/indexMap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAoB,MAAM,gBAAgB,CAAA;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AAyBtC;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,EAAE,CAE5E"}
|
|
@@ -5,10 +5,12 @@ const services_js_1 = require("../services.js");
|
|
|
5
5
|
const accountOrgs_js_1 = require("./indexers/accountOrgs.js");
|
|
6
6
|
const apigateways_js_1 = require("./indexers/apigateways.js");
|
|
7
7
|
const buckets_js_1 = require("./indexers/buckets.js");
|
|
8
|
+
const iamPrincipalsToTrustPolicies_js_1 = require("./indexers/iamPrincipalsToTrustPolicies.js");
|
|
8
9
|
const vpcEndpoints_js_1 = require("./indexers/vpcEndpoints.js");
|
|
9
10
|
const allIndexers = [
|
|
10
11
|
accountOrgs_js_1.AccountOrganizationIndexer,
|
|
11
12
|
apigateways_js_1.ApiGatewayIndexer,
|
|
13
|
+
iamPrincipalsToTrustPolicies_js_1.IamPrincipalsToTrustPoliciesIndexer,
|
|
12
14
|
buckets_js_1.S3BucketIndexer,
|
|
13
15
|
vpcEndpoints_js_1.VpcEndpointIndexer
|
|
14
16
|
];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"indexMap.js","sourceRoot":"","sources":["../../../src/indexing/indexMap.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"indexMap.js","sourceRoot":"","sources":["../../../src/indexing/indexMap.ts"],"names":[],"mappings":";;AAgCA,sDAEC;AAlCD,gDAA6D;AAE7D,8DAAsE;AACtE,8DAA6D;AAC7D,sDAAuD;AACvD,gGAAgG;AAChG,gEAA+D;AAE/D,MAAM,WAAW,GAAmB;IAClC,2CAA0B;IAC1B,kCAAiB;IACjB,qEAAmC;IACnC,4BAAe;IACf,oCAAkB;CACnB,CAAA;AAED,MAAM,QAAQ,GAAG,IAAI,GAAG,EAA0B,CAAA;AAElD,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,OAAO,GAAG,IAAA,8BAAgB,EAAC,OAAO,CAAC,UAAU,CAAC,CAAA;IACpD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAA;IAC3B,CAAC;IACD,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;AACtC,CAAC;AAED;;;;;GAKG;AACH,SAAgB,qBAAqB,CAAC,UAAsB;IAC1D,OAAO,QAAQ,CAAC,GAAG,CAAC,IAAA,8BAAgB,EAAC,UAAU,CAAC,CAAC,IAAI,EAAE,CAAA;AACzD,CAAC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import { Indexer } from '../indexer.js';
|
|
2
|
+
interface PrincipalsToTrustPoliciesIndex {
|
|
3
|
+
[key: string]: Partial<Record<'principal' | 'notprincipal', Record<string, string[]>>>;
|
|
4
|
+
}
|
|
5
|
+
export declare const IamPrincipalsToTrustPoliciesIndexer: Indexer<PrincipalsToTrustPoliciesIndex>;
|
|
6
|
+
export {};
|
|
7
|
+
//# sourceMappingURL=iamPrincipalsToTrustPolicies.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"iamPrincipalsToTrustPolicies.d.ts","sourceRoot":"","sources":["../../../../src/indexing/indexers/iamPrincipalsToTrustPolicies.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAA;AAEvC,UAAU,8BAA8B;IACtC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,WAAW,GAAG,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,CAAA;CACvF;AAID,eAAO,MAAM,mCAAmC,EAAE,OAAO,CAAC,8BAA8B,CAiCvF,CAAA"}
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.IamPrincipalsToTrustPoliciesIndexer = void 0;
|
|
4
|
+
const iam_policy_1 = require("@cloud-copilot/iam-policy");
|
|
5
|
+
const indexName = 'principals-to-trust-policies';
|
|
6
|
+
exports.IamPrincipalsToTrustPoliciesIndexer = {
|
|
7
|
+
awsService: 'iam',
|
|
8
|
+
name: 'principalsToTrustPolicies',
|
|
9
|
+
getCache: async (storage) => {
|
|
10
|
+
const data = await storage.getIndex(indexName, {});
|
|
11
|
+
return data;
|
|
12
|
+
},
|
|
13
|
+
saveCache: async (storage, cache, lockId) => {
|
|
14
|
+
return storage.saveIndex(indexName, cache, lockId);
|
|
15
|
+
},
|
|
16
|
+
updateCache: async (existingCache, accountId, regions, storage) => {
|
|
17
|
+
// Delete any existing record for the account
|
|
18
|
+
existingCache[accountId] = {};
|
|
19
|
+
// Get all the trust policies for the account
|
|
20
|
+
const roles = await storage.findResourceMetadata(accountId, {
|
|
21
|
+
service: 'iam',
|
|
22
|
+
resourceType: 'role',
|
|
23
|
+
account: accountId
|
|
24
|
+
});
|
|
25
|
+
for (const role of roles) {
|
|
26
|
+
const trustPolicy = await storage.getResourceMetadata(accountId, role.arn, 'trust-policy');
|
|
27
|
+
if (trustPolicy) {
|
|
28
|
+
const parsedPolicy = (0, iam_policy_1.loadPolicy)(trustPolicy);
|
|
29
|
+
updateCacheForPolicy(existingCache, accountId, role.arn, parsedPolicy);
|
|
30
|
+
}
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
};
|
|
34
|
+
function updateCacheForPolicy(cache, accountId, roleArn, policy) {
|
|
35
|
+
for (const statement of policy.statements()) {
|
|
36
|
+
if (statement.isAllow()) {
|
|
37
|
+
if (statement.isPrincipalStatement()) {
|
|
38
|
+
for (const principal of statement.principals()) {
|
|
39
|
+
updateCacheForPrincipal(cache, accountId, roleArn, 'principal', principal.value());
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
else if (statement.isNotPrincipalStatement()) {
|
|
43
|
+
for (const principal of statement.notPrincipals()) {
|
|
44
|
+
updateCacheForPrincipal(cache, accountId, roleArn, 'notprincipal', principal.value());
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
function updateCacheForPrincipal(cache, accountId, roleArn, type, principal) {
|
|
51
|
+
if (!cache[accountId][type]) {
|
|
52
|
+
cache[accountId][type] = {};
|
|
53
|
+
}
|
|
54
|
+
if (!cache[accountId][type][principal]) {
|
|
55
|
+
cache[accountId][type][principal] = [];
|
|
56
|
+
}
|
|
57
|
+
cache[accountId][type][principal].push(roleArn);
|
|
58
|
+
}
|
|
59
|
+
//# sourceMappingURL=iamPrincipalsToTrustPolicies.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"iamPrincipalsToTrustPolicies.js","sourceRoot":"","sources":["../../../../src/indexing/indexers/iamPrincipalsToTrustPolicies.ts"],"names":[],"mappings":";;;AAAA,0DAA8D;AAO9D,MAAM,SAAS,GAAG,8BAA8B,CAAA;AAEnC,QAAA,mCAAmC,GAA4C;IAC1F,UAAU,EAAE,KAAK;IACjB,IAAI,EAAE,2BAA2B;IACjC,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAC1B,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,CAAA;QAClD,OAAO,IAAI,CAAA;IACb,CAAC;IACD,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE;QAC1C,OAAO,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAA;IACpD,CAAC;IACD,WAAW,EAAE,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE;QAChE,6CAA6C;QAC7C,aAAa,CAAC,SAAS,CAAC,GAAG,EAAE,CAAA;QAE7B,6CAA6C;QAC7C,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,oBAAoB,CAAkB,SAAS,EAAE;YAC3E,OAAO,EAAE,KAAK;YACd,YAAY,EAAE,MAAM;YACpB,OAAO,EAAE,SAAS;SACnB,CAAC,CAAA;QAEF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,mBAAmB,CACnD,SAAS,EACT,IAAI,CAAC,GAAG,EACR,cAAc,CACf,CAAA;YACD,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,YAAY,GAAG,IAAA,uBAAU,EAAC,WAAW,CAAC,CAAA;gBAC5C,oBAAoB,CAAC,aAAa,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAA;YACxE,CAAC;QACH,CAAC;IACH,CAAC;CACF,CAAA;AAED,SAAS,oBAAoB,CAC3B,KAAqC,EACrC,SAAiB,EACjB,OAAe,EACf,MAAc;IAEd,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;QAC5C,IAAI,SAAS,CAAC,OAAO,EAAE,EAAE,CAAC;YACxB,IAAI,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;gBACrC,KAAK,MAAM,SAAS,IAAI,SAAS,CAAC,UAAU,EAAE,EAAE,CAAC;oBAC/C,uBAAuB,CAAC,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,WAAW,EAAE,SAAS,CAAC,KAAK,EAAE,CAAC,CAAA;gBACpF,CAAC;YACH,CAAC;iBAAM,IAAI,SAAS,CAAC,uBAAuB,EAAE,EAAE,CAAC;gBAC/C,KAAK,MAAM,SAAS,IAAI,SAAS,CAAC,aAAa,EAAE,EAAE,CAAC;oBAClD,uBAAuB,CAAC,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,cAAc,EAAE,SAAS,CAAC,KAAK,EAAE,CAAC,CAAA;gBACvF,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,uBAAuB,CAC9B,KAAqC,EACrC,SAAiB,EACjB,OAAe,EACf,IAAkC,EAClC,SAAiB;IAEjB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5B,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAA;IAC7B,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC;QACvC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,GAAG,EAAE,CAAA;IACxC,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;AACjD,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"indexMap.d.ts","sourceRoot":"","sources":["../../../src/indexing/indexMap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAoB,MAAM,gBAAgB,CAAA;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;
|
|
1
|
+
{"version":3,"file":"indexMap.d.ts","sourceRoot":"","sources":["../../../src/indexing/indexMap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAoB,MAAM,gBAAgB,CAAA;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AAyBtC;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,EAAE,CAE5E"}
|
|
@@ -2,10 +2,12 @@ import { lowerCaseService } from '../services.js';
|
|
|
2
2
|
import { AccountOrganizationIndexer } from './indexers/accountOrgs.js';
|
|
3
3
|
import { ApiGatewayIndexer } from './indexers/apigateways.js';
|
|
4
4
|
import { S3BucketIndexer } from './indexers/buckets.js';
|
|
5
|
+
import { IamPrincipalsToTrustPoliciesIndexer } from './indexers/iamPrincipalsToTrustPolicies.js';
|
|
5
6
|
import { VpcEndpointIndexer } from './indexers/vpcEndpoints.js';
|
|
6
7
|
const allIndexers = [
|
|
7
8
|
AccountOrganizationIndexer,
|
|
8
9
|
ApiGatewayIndexer,
|
|
10
|
+
IamPrincipalsToTrustPoliciesIndexer,
|
|
9
11
|
S3BucketIndexer,
|
|
10
12
|
VpcEndpointIndexer
|
|
11
13
|
];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"indexMap.js","sourceRoot":"","sources":["../../../src/indexing/indexMap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AAE7D,OAAO,EAAE,0BAA0B,EAAE,MAAM,2BAA2B,CAAA;AACtE,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAA;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA;AACvD,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAA;AAE/D,MAAM,WAAW,GAAmB;IAClC,0BAA0B;IAC1B,iBAAiB;IACjB,eAAe;IACf,kBAAkB;CACnB,CAAA;AAED,MAAM,QAAQ,GAAG,IAAI,GAAG,EAA0B,CAAA;AAElD,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;IACpD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAA;IAC3B,CAAC;IACD,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;AACtC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,UAAsB;IAC1D,OAAO,QAAQ,CAAC,GAAG,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC,IAAI,EAAE,CAAA;AACzD,CAAC"}
|
|
1
|
+
{"version":3,"file":"indexMap.js","sourceRoot":"","sources":["../../../src/indexing/indexMap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AAE7D,OAAO,EAAE,0BAA0B,EAAE,MAAM,2BAA2B,CAAA;AACtE,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAA;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA;AACvD,OAAO,EAAE,mCAAmC,EAAE,MAAM,4CAA4C,CAAA;AAChG,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAA;AAE/D,MAAM,WAAW,GAAmB;IAClC,0BAA0B;IAC1B,iBAAiB;IACjB,mCAAmC;IACnC,eAAe;IACf,kBAAkB;CACnB,CAAA;AAED,MAAM,QAAQ,GAAG,IAAI,GAAG,EAA0B,CAAA;AAElD,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;IACpD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAA;IAC3B,CAAC;IACD,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;AACtC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,UAAsB;IAC1D,OAAO,QAAQ,CAAC,GAAG,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC,IAAI,EAAE,CAAA;AACzD,CAAC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import { Indexer } from '../indexer.js';
|
|
2
|
+
interface PrincipalsToTrustPoliciesIndex {
|
|
3
|
+
[key: string]: Partial<Record<'principal' | 'notprincipal', Record<string, string[]>>>;
|
|
4
|
+
}
|
|
5
|
+
export declare const IamPrincipalsToTrustPoliciesIndexer: Indexer<PrincipalsToTrustPoliciesIndex>;
|
|
6
|
+
export {};
|
|
7
|
+
//# sourceMappingURL=iamPrincipalsToTrustPolicies.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"iamPrincipalsToTrustPolicies.d.ts","sourceRoot":"","sources":["../../../../src/indexing/indexers/iamPrincipalsToTrustPolicies.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAA;AAEvC,UAAU,8BAA8B;IACtC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,WAAW,GAAG,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,CAAA;CACvF;AAID,eAAO,MAAM,mCAAmC,EAAE,OAAO,CAAC,8BAA8B,CAiCvF,CAAA"}
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
import { loadPolicy } from '@cloud-copilot/iam-policy';
|
|
2
|
+
const indexName = 'principals-to-trust-policies';
|
|
3
|
+
export const IamPrincipalsToTrustPoliciesIndexer = {
|
|
4
|
+
awsService: 'iam',
|
|
5
|
+
name: 'principalsToTrustPolicies',
|
|
6
|
+
getCache: async (storage) => {
|
|
7
|
+
const data = await storage.getIndex(indexName, {});
|
|
8
|
+
return data;
|
|
9
|
+
},
|
|
10
|
+
saveCache: async (storage, cache, lockId) => {
|
|
11
|
+
return storage.saveIndex(indexName, cache, lockId);
|
|
12
|
+
},
|
|
13
|
+
updateCache: async (existingCache, accountId, regions, storage) => {
|
|
14
|
+
// Delete any existing record for the account
|
|
15
|
+
existingCache[accountId] = {};
|
|
16
|
+
// Get all the trust policies for the account
|
|
17
|
+
const roles = await storage.findResourceMetadata(accountId, {
|
|
18
|
+
service: 'iam',
|
|
19
|
+
resourceType: 'role',
|
|
20
|
+
account: accountId
|
|
21
|
+
});
|
|
22
|
+
for (const role of roles) {
|
|
23
|
+
const trustPolicy = await storage.getResourceMetadata(accountId, role.arn, 'trust-policy');
|
|
24
|
+
if (trustPolicy) {
|
|
25
|
+
const parsedPolicy = loadPolicy(trustPolicy);
|
|
26
|
+
updateCacheForPolicy(existingCache, accountId, role.arn, parsedPolicy);
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
};
|
|
31
|
+
function updateCacheForPolicy(cache, accountId, roleArn, policy) {
|
|
32
|
+
for (const statement of policy.statements()) {
|
|
33
|
+
if (statement.isAllow()) {
|
|
34
|
+
if (statement.isPrincipalStatement()) {
|
|
35
|
+
for (const principal of statement.principals()) {
|
|
36
|
+
updateCacheForPrincipal(cache, accountId, roleArn, 'principal', principal.value());
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
else if (statement.isNotPrincipalStatement()) {
|
|
40
|
+
for (const principal of statement.notPrincipals()) {
|
|
41
|
+
updateCacheForPrincipal(cache, accountId, roleArn, 'notprincipal', principal.value());
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
function updateCacheForPrincipal(cache, accountId, roleArn, type, principal) {
|
|
48
|
+
if (!cache[accountId][type]) {
|
|
49
|
+
cache[accountId][type] = {};
|
|
50
|
+
}
|
|
51
|
+
if (!cache[accountId][type][principal]) {
|
|
52
|
+
cache[accountId][type][principal] = [];
|
|
53
|
+
}
|
|
54
|
+
cache[accountId][type][principal].push(roleArn);
|
|
55
|
+
}
|
|
56
|
+
//# sourceMappingURL=iamPrincipalsToTrustPolicies.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"iamPrincipalsToTrustPolicies.js","sourceRoot":"","sources":["../../../../src/indexing/indexers/iamPrincipalsToTrustPolicies.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAU,MAAM,2BAA2B,CAAA;AAO9D,MAAM,SAAS,GAAG,8BAA8B,CAAA;AAEhD,MAAM,CAAC,MAAM,mCAAmC,GAA4C;IAC1F,UAAU,EAAE,KAAK;IACjB,IAAI,EAAE,2BAA2B;IACjC,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAC1B,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,CAAA;QAClD,OAAO,IAAI,CAAA;IACb,CAAC;IACD,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE;QAC1C,OAAO,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAA;IACpD,CAAC;IACD,WAAW,EAAE,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE;QAChE,6CAA6C;QAC7C,aAAa,CAAC,SAAS,CAAC,GAAG,EAAE,CAAA;QAE7B,6CAA6C;QAC7C,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,oBAAoB,CAAkB,SAAS,EAAE;YAC3E,OAAO,EAAE,KAAK;YACd,YAAY,EAAE,MAAM;YACpB,OAAO,EAAE,SAAS;SACnB,CAAC,CAAA;QAEF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,mBAAmB,CACnD,SAAS,EACT,IAAI,CAAC,GAAG,EACR,cAAc,CACf,CAAA;YACD,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,YAAY,GAAG,UAAU,CAAC,WAAW,CAAC,CAAA;gBAC5C,oBAAoB,CAAC,aAAa,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAA;YACxE,CAAC;QACH,CAAC;IACH,CAAC;CACF,CAAA;AAED,SAAS,oBAAoB,CAC3B,KAAqC,EACrC,SAAiB,EACjB,OAAe,EACf,MAAc;IAEd,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;QAC5C,IAAI,SAAS,CAAC,OAAO,EAAE,EAAE,CAAC;YACxB,IAAI,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;gBACrC,KAAK,MAAM,SAAS,IAAI,SAAS,CAAC,UAAU,EAAE,EAAE,CAAC;oBAC/C,uBAAuB,CAAC,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,WAAW,EAAE,SAAS,CAAC,KAAK,EAAE,CAAC,CAAA;gBACpF,CAAC;YACH,CAAC;iBAAM,IAAI,SAAS,CAAC,uBAAuB,EAAE,EAAE,CAAC;gBAC/C,KAAK,MAAM,SAAS,IAAI,SAAS,CAAC,aAAa,EAAE,EAAE,CAAC;oBAClD,uBAAuB,CAAC,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,cAAc,EAAE,SAAS,CAAC,KAAK,EAAE,CAAC,CAAA;gBACvF,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,uBAAuB,CAC9B,KAAqC,EACrC,SAAiB,EACjB,OAAe,EACf,IAAkC,EAClC,SAAiB;IAEjB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5B,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAA;IAC7B,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC;QACvC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,GAAG,EAAE,CAAA;IACxC,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;AACjD,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cloud-copilot/iam-collect",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.69",
|
|
4
4
|
"description": "Collect IAM information from AWS Accounts",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -133,6 +133,7 @@
|
|
|
133
133
|
"@aws-sdk/credential-providers": "^3.772.0",
|
|
134
134
|
"@aws-sdk/types": "^3.734.0",
|
|
135
135
|
"@cloud-copilot/cli": "^0.1.20",
|
|
136
|
+
"@cloud-copilot/iam-policy": "^0.1.24",
|
|
136
137
|
"@smithy/smithy-client": "^4.2.0",
|
|
137
138
|
"@smithy/util-retry": "^4.0.2",
|
|
138
139
|
"jsonc-parser": "^3.3.1"
|