@cloud-copilot/iam-convert 0.1.3 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -1
- package/dist/cjs/cli.js +1 -1
- package/dist/cjs/cli.js.map +1 -1
- package/dist/cjs/convert.d.ts +4 -3
- package/dist/cjs/convert.d.ts.map +1 -1
- package/dist/cjs/convert.js +5 -4
- package/dist/cjs/convert.js.map +1 -1
- package/dist/cjs/converters/cdkPython.d.ts +32 -0
- package/dist/cjs/converters/cdkPython.d.ts.map +1 -0
- package/dist/cjs/converters/cdkPython.js +197 -0
- package/dist/cjs/converters/cdkPython.js.map +1 -0
- package/dist/cjs/converters/cdkTypescript.d.ts +29 -0
- package/dist/cjs/converters/cdkTypescript.d.ts.map +1 -0
- package/dist/cjs/converters/cdkTypescript.js +211 -0
- package/dist/cjs/converters/cdkTypescript.js.map +1 -0
- package/dist/esm/cli.js +1 -1
- package/dist/esm/cli.js.map +1 -1
- package/dist/esm/convert.d.ts +4 -3
- package/dist/esm/convert.d.ts.map +1 -1
- package/dist/esm/convert.js +5 -4
- package/dist/esm/convert.js.map +1 -1
- package/dist/esm/converters/cdkPython.d.ts +32 -0
- package/dist/esm/converters/cdkPython.d.ts.map +1 -0
- package/dist/esm/converters/cdkPython.js +193 -0
- package/dist/esm/converters/cdkPython.js.map +1 -0
- package/dist/esm/converters/cdkTypescript.d.ts +29 -0
- package/dist/esm/converters/cdkTypescript.d.ts.map +1 -0
- package/dist/esm/converters/cdkTypescript.js +207 -0
- package/dist/esm/converters/cdkTypescript.js.map +1 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -6,7 +6,10 @@ CLI and Node Library to convert JSON IAM Policy Documents to other formats for I
|
|
|
6
6
|
|
|
7
7
|
## Available Formats
|
|
8
8
|
|
|
9
|
-
- Terraform - an aws_iam_policy_document data source
|
|
9
|
+
- Terraform (tf) - an [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) data source
|
|
10
|
+
- CloudFormation (cf) - a [PolicyDocument](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html) resource in yaml
|
|
11
|
+
- Typescript CDK (cdk-ts) - an [iam.PolicyDocument](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_iam.PolicyDocument.html) from AWS CDK V2 aws-cdk-lib/aws-iam
|
|
12
|
+
- Python CDK (cdk-py) - a [PolicyDocument](https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_iam/PolicyDocument.html) using AWS CDK V2 aws_cdk.aws_iam
|
|
10
13
|
|
|
11
14
|
## Installation
|
|
12
15
|
|
package/dist/cjs/cli.js
CHANGED
|
@@ -23,7 +23,7 @@ async function run() {
|
|
|
23
23
|
description: 'The format to convert to',
|
|
24
24
|
type: 'enum',
|
|
25
25
|
values: 'single',
|
|
26
|
-
validValues: ['tf', 'cf']
|
|
26
|
+
validValues: ['tf', 'cf', 'cdk-ts', 'cdk-py']
|
|
27
27
|
},
|
|
28
28
|
file: {
|
|
29
29
|
description: 'A file to read the policy from. If not provided, stdin is used',
|
package/dist/cjs/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";;;AAEA,4CAAiE;AACjE,0DAA4E;AAC5E,2BAA6C;AAC7C,6CAAsC;AACtC,4CAA6C;AAE7C,KAAK,UAAU,GAAG;IAChB,MAAM,GAAG,GAAG,IAAA,uBAAiB,EAC3B,aAAa,EACb,EAAE,EACF;QACE,QAAQ,EAAE;YACR,WAAW,EACT,kFAAkF;YACpF,IAAI,EAAE,QAAQ;YACd,MAAM,EAAE,QAAQ;SACjB;QACD,aAAa,EAAE;YACb,WAAW,EACT,oGAAoG;YACtG,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,QAAQ;YAChB,WAAW,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC;SAC5B;QACD,MAAM,EAAE;YACN,WAAW,EAAE,0BAA0B;YACvC,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,QAAQ;YAChB,WAAW,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";;;AAEA,4CAAiE;AACjE,0DAA4E;AAC5E,2BAA6C;AAC7C,6CAAsC;AACtC,4CAA6C;AAE7C,KAAK,UAAU,GAAG;IAChB,MAAM,GAAG,GAAG,IAAA,uBAAiB,EAC3B,aAAa,EACb,EAAE,EACF;QACE,QAAQ,EAAE;YACR,WAAW,EACT,kFAAkF;YACpF,IAAI,EAAE,QAAQ;YACd,MAAM,EAAE,QAAQ;SACjB;QACD,aAAa,EAAE;YACb,WAAW,EACT,oGAAoG;YACtG,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,QAAQ;YAChB,WAAW,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC;SAC5B;QACD,MAAM,EAAE;YACN,WAAW,EAAE,0BAA0B;YACvC,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,QAAQ;YAChB,WAAW,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,CAAC;SAC9C;QACD,IAAI,EAAE;YACJ,WAAW,EAAE,gEAAgE;YAC7E,IAAI,EAAE,QAAQ;YACd,MAAM,EAAE,QAAQ;SACjB;KACO,EACV;QACE,cAAc,EAAE,KAAK;KACtB,CACF,CAAA;IAED,IAAI,cAAc,GAAuB,SAAS,CAAA;IAElD,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,MAAM,UAAU,GAAG,IAAA,eAAU,EAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC5C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,IAAI,CAAC,IAAI,iBAAiB,CAAC,CAAA;YACrD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;QACD,cAAc,GAAG,IAAA,iBAAY,EAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,KAAK,GAAG,MAAM,IAAA,eAAS,EAAC,SAAS,CAAC,CAAA;QAExC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CACX,uFAAuF,CACxF,CAAA;YACD,GAAG,CAAC,SAAS,EAAE,CAAA;YACf,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;QACD,cAAc,GAAG,KAAK,CAAA;IACxB,CAAC;IAED,MAAM,IAAI,GAAG,IAAA,sBAAY,EAAC,cAAc,CAAC,CAAA;IACzC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAA;QACtC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IACD,MAAM,YAAY,GAAG,IAAA,iCAAoB,EAAC,IAAI,CAAC,CAAA;IAC/C,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAA;QACxC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAA;QAC3B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,uBAAU,EAAC,IAAI,CAAC,CAAA;IAC/B,MAAM,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,IAAI,CAAA;IACtC,MAAM,MAAM,GAAG,IAAA,oBAAO,EAAC,MAAM,EAAE,MAAM,EAAE;QACrC,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ;QAC3B,aAAa,EAAE,GAAG,CAAC,IAAI,CAAC,aAAa,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;KACrE,CAAC,CAAA;IAEF,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;AACrB,CAAC;AAED,GAAG,EAAE;KACF,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC;KACD,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;KACd,OAAO,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA"}
|
package/dist/cjs/convert.d.ts
CHANGED
|
@@ -1,12 +1,13 @@
|
|
|
1
1
|
import { Policy } from '@cloud-copilot/iam-policy';
|
|
2
|
+
import { CdkPythonConverter } from './converters/cdkPython.js';
|
|
3
|
+
import { CdkTypescriptConverter } from './converters/cdkTypescript.js';
|
|
2
4
|
import { CloudFormationConverter } from './converters/cloudFormation.js';
|
|
3
5
|
import { TerraformConverter } from './converters/terraform.js';
|
|
4
6
|
declare const converters: {
|
|
5
|
-
/**
|
|
6
|
-
* Convert to Terraform
|
|
7
|
-
*/
|
|
8
7
|
tf: typeof TerraformConverter;
|
|
9
8
|
cf: typeof CloudFormationConverter;
|
|
9
|
+
'cdk-ts': typeof CdkTypescriptConverter;
|
|
10
|
+
'cdk-py': typeof CdkPythonConverter;
|
|
10
11
|
};
|
|
11
12
|
/**
|
|
12
13
|
* Convert a policy to a string in the specified format
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"convert.d.ts","sourceRoot":"","sources":["../../src/convert.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAA;AAClD,OAAO,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAA;AACxE,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAI9D,QAAA,MAAM,UAAU
|
|
1
|
+
{"version":3,"file":"convert.d.ts","sourceRoot":"","sources":["../../src/convert.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAA;AAClD,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAC9D,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAA;AACtE,OAAO,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAA;AACxE,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAI9D,QAAA,MAAM,UAAU;;;;;CAKf,CAAA;AAED;;;;;;;GAOG;AACH,wBAAgB,OAAO,CACrB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,OAAO,UAAU,EAC/B,OAAO,CAAC,EAAE;IAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAAC,aAAa,CAAC,EAAE,MAAM,CAAA;CAAE,GACtD,MAAM,CAWR"}
|
package/dist/cjs/convert.js
CHANGED
|
@@ -1,16 +1,17 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.convert = convert;
|
|
4
|
+
const cdkPython_js_1 = require("./converters/cdkPython.js");
|
|
5
|
+
const cdkTypescript_js_1 = require("./converters/cdkTypescript.js");
|
|
4
6
|
const cloudFormation_js_1 = require("./converters/cloudFormation.js");
|
|
5
7
|
const terraform_js_1 = require("./converters/terraform.js");
|
|
6
8
|
const defaults_js_1 = require("./defaults.js");
|
|
7
9
|
const StringBuffer_js_1 = require("./util/StringBuffer.js");
|
|
8
10
|
const converters = {
|
|
9
|
-
/**
|
|
10
|
-
* Convert to Terraform
|
|
11
|
-
*/
|
|
12
11
|
tf: terraform_js_1.TerraformConverter,
|
|
13
|
-
cf: cloudFormation_js_1.CloudFormationConverter
|
|
12
|
+
cf: cloudFormation_js_1.CloudFormationConverter,
|
|
13
|
+
'cdk-ts': cdkTypescript_js_1.CdkTypescriptConverter,
|
|
14
|
+
'cdk-py': cdkPython_js_1.CdkPythonConverter
|
|
14
15
|
};
|
|
15
16
|
/**
|
|
16
17
|
* Convert a policy to a string in the specified format
|
package/dist/cjs/convert.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"convert.js","sourceRoot":"","sources":["../../src/convert.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"convert.js","sourceRoot":"","sources":["../../src/convert.ts"],"names":[],"mappings":";;AAuBA,0BAeC;AArCD,4DAA8D;AAC9D,oEAAsE;AACtE,sEAAwE;AACxE,4DAA8D;AAC9D,+CAA8C;AAC9C,4DAAqD;AAErD,MAAM,UAAU,GAAG;IACjB,EAAE,EAAE,iCAAkB;IACtB,EAAE,EAAE,2CAAuB;IAC3B,QAAQ,EAAE,yCAAsB;IAChC,QAAQ,EAAE,iCAAkB;CAC7B,CAAA;AAED;;;;;;;GAOG;AACH,SAAgB,OAAO,CACrB,MAAc,EACd,MAA+B,EAC/B,OAAuD;IAEvD,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,uBAAuB,MAAM,EAAE,CAAC,CAAA;IAClD,CAAC;IAED,OAAO,GAAG,EAAE,GAAG,4BAAc,EAAE,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC,EAAE,CAAA;IAEnD,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAA;IAC1C,MAAM,YAAY,GAAG,IAAI,8BAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC,CAAA;IAC9E,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,YAAY,CAAC,CAAA;IACvC,OAAO,YAAY,CAAC,QAAQ,EAAE,CAAA;AAChC,CAAC"}
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
import { Policy } from '@cloud-copilot/iam-policy';
|
|
2
|
+
import { StringBuffer } from '../util/StringBuffer.js';
|
|
3
|
+
import { Converter } from './converter.js';
|
|
4
|
+
/**
|
|
5
|
+
* Converts an IAM policy into Python code for AWS CDK (using `aws_cdk.aws_iam`).
|
|
6
|
+
* Produces something like:
|
|
7
|
+
*
|
|
8
|
+
*/
|
|
9
|
+
export declare class CdkPythonConverter implements Converter {
|
|
10
|
+
convert(policy: Policy, sb: StringBuffer): void;
|
|
11
|
+
private convertActions;
|
|
12
|
+
private convertResources;
|
|
13
|
+
/**
|
|
14
|
+
* Convert Principals into Python code, e.g. `[iam.ArnPrincipal("arn..."), iam.ServicePrincipal("...")]`.
|
|
15
|
+
*
|
|
16
|
+
* If `*` is present (and singled out by your policy logic), we use `iam.AnyPrincipal()`.
|
|
17
|
+
* Otherwise, we pick principal classes based on `principal.type()`.
|
|
18
|
+
*/
|
|
19
|
+
private convertPrincipals;
|
|
20
|
+
/**
|
|
21
|
+
* Convert conditions into a Python dict structure, e.g.
|
|
22
|
+
*
|
|
23
|
+
* conditions={
|
|
24
|
+
* "StringEquals": {
|
|
25
|
+
* "aws:username": "FoxMulder",
|
|
26
|
+
* "aws:someKey": ["val1","val2"]
|
|
27
|
+
* }
|
|
28
|
+
* }
|
|
29
|
+
*/
|
|
30
|
+
private convertConditions;
|
|
31
|
+
}
|
|
32
|
+
//# sourceMappingURL=cdkPython.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cdkPython.d.ts","sourceRoot":"","sources":["../../../src/converters/cdkPython.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,MAAM,EAAuB,MAAM,2BAA2B,CAAA;AAC1F,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAA;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AAE1C;;;;GAIG;AACH,qBAAa,kBAAmB,YAAW,SAAS;IAClD,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,EAAE,YAAY;IAiExC,OAAO,CAAC,cAAc;IAiBtB,OAAO,CAAC,gBAAgB;IAiBxB;;;;;OAKG;IACH,OAAO,CAAC,iBAAiB;IA8CzB;;;;;;;;;OASG;IACH,OAAO,CAAC,iBAAiB;CAuD1B"}
|
|
@@ -0,0 +1,197 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.CdkPythonConverter = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Converts an IAM policy into Python code for AWS CDK (using `aws_cdk.aws_iam`).
|
|
6
|
+
* Produces something like:
|
|
7
|
+
*
|
|
8
|
+
*/
|
|
9
|
+
class CdkPythonConverter {
|
|
10
|
+
convert(policy, sb) {
|
|
11
|
+
// sb.pushLine('import aws_cdk.aws_iam as iam')
|
|
12
|
+
// sb.pushLine('')
|
|
13
|
+
sb.pushLine('policy_document = iam.PolicyDocument(');
|
|
14
|
+
sb.withIndent((docBuffer) => {
|
|
15
|
+
docBuffer.pushLine('statements=[');
|
|
16
|
+
docBuffer.withIndent((statementsBuffer) => {
|
|
17
|
+
const statements = policy.statements();
|
|
18
|
+
statements.forEach((statement, idx) => {
|
|
19
|
+
statementsBuffer.pushLine('iam.PolicyStatement(');
|
|
20
|
+
statementsBuffer.withIndent((stmtBuffer) => {
|
|
21
|
+
// Sid
|
|
22
|
+
if (statement.sid()) {
|
|
23
|
+
stmtBuffer.pushLine(`sid="${statement.sid()}",`);
|
|
24
|
+
}
|
|
25
|
+
if (statement.effect() && !statement.isAllow()) {
|
|
26
|
+
stmtBuffer.pushLine(`effect=Effect.DENY,`);
|
|
27
|
+
}
|
|
28
|
+
// Actions / NotActions
|
|
29
|
+
if (statement.isActionStatement()) {
|
|
30
|
+
this.convertActions(statement.actions(), 'actions', stmtBuffer);
|
|
31
|
+
}
|
|
32
|
+
else if (statement.isNotActionStatement()) {
|
|
33
|
+
// CDK also supports not_actions
|
|
34
|
+
this.convertActions(statement.notActions(), 'not_actions', stmtBuffer);
|
|
35
|
+
}
|
|
36
|
+
// Resources / NotResources
|
|
37
|
+
if (statement.isResourceStatement()) {
|
|
38
|
+
this.convertResources(statement.resources(), 'resources', stmtBuffer);
|
|
39
|
+
}
|
|
40
|
+
else if (statement.isNotResourceStatement()) {
|
|
41
|
+
this.convertResources(statement.notResources(), 'not_resources', stmtBuffer);
|
|
42
|
+
}
|
|
43
|
+
// Principals / NotPrincipals
|
|
44
|
+
if (statement.isPrincipalStatement()) {
|
|
45
|
+
this.convertPrincipals(statement.principals(), 'principals', statement.hasSingleWildcardPrincipal(), stmtBuffer);
|
|
46
|
+
}
|
|
47
|
+
else if (statement.isNotPrincipalStatement()) {
|
|
48
|
+
this.convertPrincipals(statement.notPrincipals(), 'not_principals', statement.hasSingleWildcardNotPrincipal(), stmtBuffer);
|
|
49
|
+
}
|
|
50
|
+
// Conditions
|
|
51
|
+
this.convertConditions(statement.conditions(), stmtBuffer);
|
|
52
|
+
});
|
|
53
|
+
statementsBuffer.pushLine('),'); // end of iam.PolicyStatement
|
|
54
|
+
});
|
|
55
|
+
});
|
|
56
|
+
docBuffer.pushLine('],'); // end of statements array
|
|
57
|
+
});
|
|
58
|
+
sb.pushLine(')'); // end of iam.PolicyDocument
|
|
59
|
+
}
|
|
60
|
+
convertActions(actions, propertyName, sb) {
|
|
61
|
+
if (!actions.length) {
|
|
62
|
+
return;
|
|
63
|
+
}
|
|
64
|
+
sb.pushLine(`${propertyName}=[`);
|
|
65
|
+
sb.withIndent((arrBuffer) => {
|
|
66
|
+
actions.forEach((action) => {
|
|
67
|
+
arrBuffer.pushLine(`"${action.value()}",`);
|
|
68
|
+
});
|
|
69
|
+
});
|
|
70
|
+
sb.pushLine('],');
|
|
71
|
+
}
|
|
72
|
+
convertResources(resources, propertyName, sb) {
|
|
73
|
+
if (!resources.length) {
|
|
74
|
+
return;
|
|
75
|
+
}
|
|
76
|
+
sb.pushLine(`${propertyName}=[`);
|
|
77
|
+
sb.withIndent((arrBuffer) => {
|
|
78
|
+
resources.forEach((res) => {
|
|
79
|
+
arrBuffer.pushLine(`"${res.value()}",`);
|
|
80
|
+
});
|
|
81
|
+
});
|
|
82
|
+
sb.pushLine('],');
|
|
83
|
+
}
|
|
84
|
+
/**
|
|
85
|
+
* Convert Principals into Python code, e.g. `[iam.ArnPrincipal("arn..."), iam.ServicePrincipal("...")]`.
|
|
86
|
+
*
|
|
87
|
+
* If `*` is present (and singled out by your policy logic), we use `iam.AnyPrincipal()`.
|
|
88
|
+
* Otherwise, we pick principal classes based on `principal.type()`.
|
|
89
|
+
*/
|
|
90
|
+
convertPrincipals(principals, propertyName, hasSingleWildcard, sb) {
|
|
91
|
+
if (hasSingleWildcard) {
|
|
92
|
+
sb.pushLine(`${propertyName}=[iam.StarPrincipal()],`);
|
|
93
|
+
return;
|
|
94
|
+
}
|
|
95
|
+
if (!principals.length) {
|
|
96
|
+
return;
|
|
97
|
+
}
|
|
98
|
+
sb.pushLine(`${propertyName}=[`);
|
|
99
|
+
sb.withIndent((arrBuffer) => {
|
|
100
|
+
for (const p of principals) {
|
|
101
|
+
const type = p.type(); // e.g. "AWS", "Service", "Federated", "*"
|
|
102
|
+
const value = p.value();
|
|
103
|
+
let principalCtor;
|
|
104
|
+
if (type === 'AWS') {
|
|
105
|
+
if (value === '*') {
|
|
106
|
+
principalCtor = 'iam.AnyPrincipal()';
|
|
107
|
+
}
|
|
108
|
+
else {
|
|
109
|
+
principalCtor = `iam.ArnPrincipal("${value}")`;
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
else if (type === 'Service') {
|
|
113
|
+
principalCtor = `iam.ServicePrincipal("${value}")`;
|
|
114
|
+
}
|
|
115
|
+
else if (type === 'Federated') {
|
|
116
|
+
// e.g. cognito-identity.amazonaws.com
|
|
117
|
+
// in TS: new iam.FederatedPrincipal(..., {...}, "sts.amazonaws.com")
|
|
118
|
+
// in Python, it's iam.FederatedPrincipal(..., {...}, "sts.amazonaws.com")
|
|
119
|
+
// We'll just provide an empty policy document for now.
|
|
120
|
+
principalCtor = `iam.FederatedPrincipal("${value}")`;
|
|
121
|
+
}
|
|
122
|
+
else {
|
|
123
|
+
// fallback
|
|
124
|
+
principalCtor = `iam.ArnPrincipal("${value}")`;
|
|
125
|
+
}
|
|
126
|
+
arrBuffer.pushLine(`${principalCtor},`);
|
|
127
|
+
}
|
|
128
|
+
});
|
|
129
|
+
sb.pushLine('],');
|
|
130
|
+
}
|
|
131
|
+
/**
|
|
132
|
+
* Convert conditions into a Python dict structure, e.g.
|
|
133
|
+
*
|
|
134
|
+
* conditions={
|
|
135
|
+
* "StringEquals": {
|
|
136
|
+
* "aws:username": "FoxMulder",
|
|
137
|
+
* "aws:someKey": ["val1","val2"]
|
|
138
|
+
* }
|
|
139
|
+
* }
|
|
140
|
+
*/
|
|
141
|
+
convertConditions(conditions, sb) {
|
|
142
|
+
if (!conditions.length) {
|
|
143
|
+
return;
|
|
144
|
+
}
|
|
145
|
+
// We'll build a nested object/dict in memory:
|
|
146
|
+
// { operator: { key: string | string[] } }
|
|
147
|
+
const conditionMap = {};
|
|
148
|
+
for (const cond of conditions) {
|
|
149
|
+
const operator = cond.operation().value(); // e.g. "StringEquals", "ForAnyValue:StringLike", etc.
|
|
150
|
+
const key = cond.conditionKey(); // e.g. "aws:username"
|
|
151
|
+
const vals = cond.conditionValues(); // string[]
|
|
152
|
+
if (!conditionMap[operator]) {
|
|
153
|
+
conditionMap[operator] = {};
|
|
154
|
+
}
|
|
155
|
+
if (!conditionMap[operator][key]) {
|
|
156
|
+
conditionMap[operator][key] = vals.length === 1 ? vals[0] : [...vals];
|
|
157
|
+
}
|
|
158
|
+
else {
|
|
159
|
+
// If already present, merge
|
|
160
|
+
const existing = conditionMap[operator][key];
|
|
161
|
+
if (Array.isArray(existing)) {
|
|
162
|
+
existing.push(...vals);
|
|
163
|
+
}
|
|
164
|
+
else {
|
|
165
|
+
conditionMap[operator][key] = [existing, ...vals];
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
}
|
|
169
|
+
sb.pushLine('conditions={');
|
|
170
|
+
sb.withIndent((conditionsBuffer) => {
|
|
171
|
+
for (const [op, keyMap] of Object.entries(conditionMap)) {
|
|
172
|
+
conditionsBuffer.pushLine(`"${op}": {`);
|
|
173
|
+
conditionsBuffer.withIndent((opBuffer) => {
|
|
174
|
+
for (const [k, val] of Object.entries(keyMap)) {
|
|
175
|
+
if (Array.isArray(val)) {
|
|
176
|
+
// e.g. "aws:prefix": ["val1", "val2"]
|
|
177
|
+
opBuffer.pushLine(`"${k}": [`);
|
|
178
|
+
opBuffer.withIndent((arrBuffer) => {
|
|
179
|
+
val.forEach((item) => {
|
|
180
|
+
arrBuffer.pushLine(`"${item}",`);
|
|
181
|
+
});
|
|
182
|
+
});
|
|
183
|
+
opBuffer.pushLine('],');
|
|
184
|
+
}
|
|
185
|
+
else {
|
|
186
|
+
opBuffer.pushLine(`"${k}": "${val}",`);
|
|
187
|
+
}
|
|
188
|
+
}
|
|
189
|
+
});
|
|
190
|
+
conditionsBuffer.pushLine('},');
|
|
191
|
+
}
|
|
192
|
+
});
|
|
193
|
+
sb.pushLine('},');
|
|
194
|
+
}
|
|
195
|
+
}
|
|
196
|
+
exports.CdkPythonConverter = CdkPythonConverter;
|
|
197
|
+
//# sourceMappingURL=cdkPython.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cdkPython.js","sourceRoot":"","sources":["../../../src/converters/cdkPython.ts"],"names":[],"mappings":";;;AAIA;;;;GAIG;AACH,MAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAc,EAAE,EAAgB;QACtC,+CAA+C;QAC/C,kBAAkB;QAElB,EAAE,CAAC,QAAQ,CAAC,uCAAuC,CAAC,CAAA;QACpD,EAAE,CAAC,UAAU,CAAC,CAAC,SAAS,EAAE,EAAE;YAC1B,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAA;YAClC,SAAS,CAAC,UAAU,CAAC,CAAC,gBAAgB,EAAE,EAAE;gBACxC,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,EAAE,CAAA;gBACtC,UAAU,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE;oBACpC,gBAAgB,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAA;oBACjD,gBAAgB,CAAC,UAAU,CAAC,CAAC,UAAU,EAAE,EAAE;wBACzC,MAAM;wBACN,IAAI,SAAS,CAAC,GAAG,EAAE,EAAE,CAAC;4BACpB,UAAU,CAAC,QAAQ,CAAC,QAAQ,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;wBAClD,CAAC;wBAED,IAAI,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,CAAC;4BAC/C,UAAU,CAAC,QAAQ,CAAC,qBAAqB,CAAC,CAAA;wBAC5C,CAAC;wBAED,uBAAuB;wBACvB,IAAI,SAAS,CAAC,iBAAiB,EAAE,EAAE,CAAC;4BAClC,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,UAAU,CAAC,CAAA;wBACjE,CAAC;6BAAM,IAAI,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;4BAC5C,gCAAgC;4BAChC,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,aAAa,EAAE,UAAU,CAAC,CAAA;wBACxE,CAAC;wBAED,2BAA2B;wBAC3B,IAAI,SAAS,CAAC,mBAAmB,EAAE,EAAE,CAAC;4BACpC,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,WAAW,EAAE,UAAU,CAAC,CAAA;wBACvE,CAAC;6BAAM,IAAI,SAAS,CAAC,sBAAsB,EAAE,EAAE,CAAC;4BAC9C,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,YAAY,EAAE,EAAE,eAAe,EAAE,UAAU,CAAC,CAAA;wBAC9E,CAAC;wBAED,6BAA6B;wBAC7B,IAAI,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;4BACrC,IAAI,CAAC,iBAAiB,CACpB,SAAS,CAAC,UAAU,EAAE,EACtB,YAAY,EACZ,SAAS,CAAC,0BAA0B,EAAE,EACtC,UAAU,CACX,CAAA;wBACH,CAAC;6BAAM,IAAI,SAAS,CAAC,uBAAuB,EAAE,EAAE,CAAC;4BAC/C,IAAI,CAAC,iBAAiB,CACpB,SAAS,CAAC,aAAa,EAAE,EACzB,gBAAgB,EAChB,SAAS,CAAC,6BAA6B,EAAE,EACzC,UAAU,CACX,CAAA;wBACH,CAAC;wBAED,aAAa;wBACb,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,UAAU,CAAC,CAAA;oBAC5D,CAAC,CAAC,CAAA;oBAEF,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA,CAAC,6BAA6B;gBAC/D,CAAC,CAAC,CAAA;YACJ,CAAC,CAAC,CAAA;YACF,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA,CAAC,0BAA0B;QACrD,CAAC,CAAC,CAAA;QACF,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA,CAAC,4BAA4B;IAC/C,CAAC;IAEO,cAAc,CACpB,OAAiB,EACjB,YAAuC,EACvC,EAAgB;QAEhB,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACpB,OAAM;QACR,CAAC;QACD,EAAE,CAAC,QAAQ,CAAC,GAAG,YAAY,IAAI,CAAC,CAAA;QAChC,EAAE,CAAC,UAAU,CAAC,CAAC,SAAS,EAAE,EAAE;YAC1B,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;gBACzB,SAAS,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;YAC5C,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QACF,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IACnB,CAAC;IAEO,gBAAgB,CACtB,SAAqB,EACrB,YAA2C,EAC3C,EAAgB;QAEhB,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;YACtB,OAAM;QACR,CAAC;QACD,EAAE,CAAC,QAAQ,CAAC,GAAG,YAAY,IAAI,CAAC,CAAA;QAChC,EAAE,CAAC,UAAU,CAAC,CAAC,SAAS,EAAE,EAAE;YAC1B,SAAS,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;gBACxB,SAAS,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;YACzC,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QACF,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IACnB,CAAC;IAED;;;;;OAKG;IACK,iBAAiB,CACvB,UAAuB,EACvB,YAA6C,EAC7C,iBAA0B,EAC1B,EAAgB;QAEhB,IAAI,iBAAiB,EAAE,CAAC;YACtB,EAAE,CAAC,QAAQ,CAAC,GAAG,YAAY,yBAAyB,CAAC,CAAA;YACrD,OAAM;QACR,CAAC;QACD,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;YACvB,OAAM;QACR,CAAC;QAED,EAAE,CAAC,QAAQ,CAAC,GAAG,YAAY,IAAI,CAAC,CAAA;QAChC,EAAE,CAAC,UAAU,CAAC,CAAC,SAAS,EAAE,EAAE;YAC1B,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;gBAC3B,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAA,CAAC,0CAA0C;gBAChE,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,EAAE,CAAA;gBAEvB,IAAI,aAAqB,CAAA;gBACzB,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;oBACnB,IAAI,KAAK,KAAK,GAAG,EAAE,CAAC;wBAClB,aAAa,GAAG,oBAAoB,CAAA;oBACtC,CAAC;yBAAM,CAAC;wBACN,aAAa,GAAG,qBAAqB,KAAK,IAAI,CAAA;oBAChD,CAAC;gBACH,CAAC;qBAAM,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;oBAC9B,aAAa,GAAG,yBAAyB,KAAK,IAAI,CAAA;gBACpD,CAAC;qBAAM,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;oBAChC,sCAAsC;oBACtC,qEAAqE;oBACrE,0EAA0E;oBAC1E,uDAAuD;oBACvD,aAAa,GAAG,2BAA2B,KAAK,IAAI,CAAA;gBACtD,CAAC;qBAAM,CAAC;oBACN,WAAW;oBACX,aAAa,GAAG,qBAAqB,KAAK,IAAI,CAAA;gBAChD,CAAC;gBAED,SAAS,CAAC,QAAQ,CAAC,GAAG,aAAa,GAAG,CAAC,CAAA;YACzC,CAAC;QACH,CAAC,CAAC,CAAA;QACF,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IACnB,CAAC;IAED;;;;;;;;;OASG;IACK,iBAAiB,CAAC,UAAuB,EAAE,EAAgB;QACjE,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;YACvB,OAAM;QACR,CAAC;QAED,8CAA8C;QAC9C,2CAA2C;QAC3C,MAAM,YAAY,GAAsD,EAAE,CAAA;QAE1E,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,CAAA,CAAC,sDAAsD;YAChG,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,EAAE,CAAA,CAAC,sBAAsB;YACtD,MAAM,IAAI,GAAG,IAAI,CAAC,eAAe,EAAE,CAAA,CAAC,WAAW;YAC/C,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAA;YAC7B,CAAC;YAED,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;gBACjC,YAAY,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAA;YACvE,CAAC;iBAAM,CAAC;gBACN,4BAA4B;gBAC5B,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAA;gBAC5C,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC5B,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAA;gBACxB,CAAC;qBAAM,CAAC;oBACN,YAAY,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,CAAA;gBACnD,CAAC;YACH,CAAC;QACH,CAAC;QAED,EAAE,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAA;QAC3B,EAAE,CAAC,UAAU,CAAC,CAAC,gBAAgB,EAAE,EAAE;YACjC,KAAK,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;gBACxD,gBAAgB,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;gBACvC,gBAAgB,CAAC,UAAU,CAAC,CAAC,QAAQ,EAAE,EAAE;oBACvC,KAAK,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;wBAC9C,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;4BACvB,sCAAsC;4BACtC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;4BAC9B,QAAQ,CAAC,UAAU,CAAC,CAAC,SAAS,EAAE,EAAE;gCAChC,GAAG,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;oCACnB,SAAS,CAAC,QAAQ,CAAC,IAAI,IAAI,IAAI,CAAC,CAAA;gCAClC,CAAC,CAAC,CAAA;4BACJ,CAAC,CAAC,CAAA;4BACF,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;wBACzB,CAAC;6BAAM,CAAC;4BACN,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,CAAA;wBACxC,CAAC;oBACH,CAAC;gBACH,CAAC,CAAC,CAAA;gBACF,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;YACjC,CAAC;QACH,CAAC,CAAC,CAAA;QACF,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IACnB,CAAC;CACF;AAzND,gDAyNC"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import { Policy } from '@cloud-copilot/iam-policy';
|
|
2
|
+
import { StringBuffer } from '../util/StringBuffer.js';
|
|
3
|
+
import { Converter } from './converter.js';
|
|
4
|
+
/**
|
|
5
|
+
* Converts an IAM policy into TypeScript code that uses the AWS CDK (v2)
|
|
6
|
+
* to build a new iam.PolicyDocument with multiple iam.PolicyStatement objects.
|
|
7
|
+
*/
|
|
8
|
+
export declare class CdkTypescriptConverter implements Converter {
|
|
9
|
+
convert(policy: Policy, sb: StringBuffer): void;
|
|
10
|
+
private convertActions;
|
|
11
|
+
private convertResources;
|
|
12
|
+
/**
|
|
13
|
+
* For Principals, we create new iam.Principal-based classes (e.g. ArnPrincipal, ServicePrincipal).
|
|
14
|
+
*/
|
|
15
|
+
private convertPrincipals;
|
|
16
|
+
/**
|
|
17
|
+
* Collect conditions by operation & key, then output them as:
|
|
18
|
+
* conditions: {
|
|
19
|
+
* StringEquals: {
|
|
20
|
+
* "aws:username": "FoxMulder"
|
|
21
|
+
* },
|
|
22
|
+
* ForAnyValue:StringLike: {
|
|
23
|
+
* "s3:prefix": ["foo/*", "bar/*"]
|
|
24
|
+
* }
|
|
25
|
+
* }
|
|
26
|
+
*/
|
|
27
|
+
private convertConditions;
|
|
28
|
+
}
|
|
29
|
+
//# sourceMappingURL=cdkTypescript.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cdkTypescript.d.ts","sourceRoot":"","sources":["../../../src/converters/cdkTypescript.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,MAAM,EAAuB,MAAM,2BAA2B,CAAA;AAC1F,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAA;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AAE1C;;;GAGG;AACH,qBAAa,sBAAuB,YAAW,SAAS;IACtD,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,EAAE,YAAY;IA2ExC,OAAO,CAAC,cAAc;IAuBtB,OAAO,CAAC,gBAAgB;IAkBxB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IA6CzB;;;;;;;;;;OAUG;IACH,OAAO,CAAC,iBAAiB;CA0D1B"}
|
|
@@ -0,0 +1,211 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.CdkTypescriptConverter = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Converts an IAM policy into TypeScript code that uses the AWS CDK (v2)
|
|
6
|
+
* to build a new iam.PolicyDocument with multiple iam.PolicyStatement objects.
|
|
7
|
+
*/
|
|
8
|
+
class CdkTypescriptConverter {
|
|
9
|
+
convert(policy, sb) {
|
|
10
|
+
// sb.pushLine("import * as iam from 'aws-cdk-lib/aws-iam';")
|
|
11
|
+
// sb.pushLine('')
|
|
12
|
+
sb.pushLine('const policyDocument = new iam.PolicyDocument({');
|
|
13
|
+
sb.withIndent((docBuffer) => {
|
|
14
|
+
docBuffer.pushLine('statements: [');
|
|
15
|
+
docBuffer.withIndent((stmtsBuffer) => {
|
|
16
|
+
const statements = policy.statements();
|
|
17
|
+
statements.forEach((statement, idx) => {
|
|
18
|
+
stmtsBuffer.pushLine('new iam.PolicyStatement({');
|
|
19
|
+
stmtsBuffer.withIndent((stmtBuffer) => {
|
|
20
|
+
// Sid
|
|
21
|
+
if (statement.sid()) {
|
|
22
|
+
stmtBuffer.pushLine(`sid: "${statement.sid()}",`);
|
|
23
|
+
}
|
|
24
|
+
// Effect (Allow/Deny)
|
|
25
|
+
// if isDeny() is false, we assume ALLOW; adjust if you prefer a default of DENY
|
|
26
|
+
const effect = statement.isDeny() ? 'DENY' : 'ALLOW';
|
|
27
|
+
if (statement.effect()) {
|
|
28
|
+
stmtBuffer.pushLine(`effect: iam.Effect.${effect.toUpperCase()},`);
|
|
29
|
+
}
|
|
30
|
+
// Actions / NotActions
|
|
31
|
+
if (statement.isActionStatement()) {
|
|
32
|
+
this.convertActions(statement.actions(), 'actions', stmtBuffer);
|
|
33
|
+
}
|
|
34
|
+
else if (statement.isNotActionStatement()) {
|
|
35
|
+
// CDK also supports 'notActions'
|
|
36
|
+
this.convertActions(statement.notActions(), 'notActions', stmtBuffer);
|
|
37
|
+
}
|
|
38
|
+
// Resources / NotResources
|
|
39
|
+
if (statement.isResourceStatement()) {
|
|
40
|
+
this.convertResources(statement.resources(), 'resources', stmtBuffer);
|
|
41
|
+
}
|
|
42
|
+
else if (statement.isNotResourceStatement()) {
|
|
43
|
+
// CDK also supports 'notResources'
|
|
44
|
+
this.convertResources(statement.notResources(), 'notResources', stmtBuffer);
|
|
45
|
+
}
|
|
46
|
+
// Principals / NotPrincipals
|
|
47
|
+
if (statement.isPrincipalStatement()) {
|
|
48
|
+
this.convertPrincipals(statement.principals(), 'principals', statement.hasSingleWildcardPrincipal(), stmtBuffer);
|
|
49
|
+
}
|
|
50
|
+
else if (statement.isNotPrincipalStatement()) {
|
|
51
|
+
this.convertPrincipals(statement.notPrincipals(), 'notPrincipals', statement.hasSingleWildcardNotPrincipal(), stmtBuffer);
|
|
52
|
+
}
|
|
53
|
+
// Conditions
|
|
54
|
+
this.convertConditions(statement.conditions(), stmtBuffer);
|
|
55
|
+
});
|
|
56
|
+
if (idx === statements.length - 1) {
|
|
57
|
+
stmtsBuffer.pushLine('})');
|
|
58
|
+
}
|
|
59
|
+
else {
|
|
60
|
+
stmtsBuffer.pushLine('}),');
|
|
61
|
+
}
|
|
62
|
+
// If you don't want a trailing comma after the last one, you can check idx < length - 1, etc.
|
|
63
|
+
});
|
|
64
|
+
});
|
|
65
|
+
docBuffer.pushLine(']');
|
|
66
|
+
});
|
|
67
|
+
sb.pushLine('});');
|
|
68
|
+
}
|
|
69
|
+
convertActions(actions, propertyName, sb) {
|
|
70
|
+
if (!actions.length) {
|
|
71
|
+
return;
|
|
72
|
+
}
|
|
73
|
+
sb.pushLine(`${propertyName}: [`);
|
|
74
|
+
sb.withIndent((arrBuffer) => {
|
|
75
|
+
const lastIndex = actions.length - 1;
|
|
76
|
+
actions.forEach((action, index) => {
|
|
77
|
+
let actionString = `"${action.value()}"`;
|
|
78
|
+
if (index < lastIndex) {
|
|
79
|
+
actionString += ',';
|
|
80
|
+
}
|
|
81
|
+
arrBuffer.pushLine(actionString);
|
|
82
|
+
});
|
|
83
|
+
});
|
|
84
|
+
sb.pushLine('],');
|
|
85
|
+
}
|
|
86
|
+
convertResources(resources, propertyName, sb) {
|
|
87
|
+
if (!resources.length) {
|
|
88
|
+
return;
|
|
89
|
+
}
|
|
90
|
+
sb.pushLine(`${propertyName}: [`);
|
|
91
|
+
sb.withIndent((arrBuffer) => {
|
|
92
|
+
resources.forEach((res) => {
|
|
93
|
+
arrBuffer.pushLine(`"${res.value()}",`);
|
|
94
|
+
});
|
|
95
|
+
});
|
|
96
|
+
sb.pushLine('],');
|
|
97
|
+
}
|
|
98
|
+
/**
|
|
99
|
+
* For Principals, we create new iam.Principal-based classes (e.g. ArnPrincipal, ServicePrincipal).
|
|
100
|
+
*/
|
|
101
|
+
convertPrincipals(principals, propertyName, hasSingleWildcard, sb) {
|
|
102
|
+
if (hasSingleWildcard) {
|
|
103
|
+
// If it is just "*", then new iam.AnyPrincipal()
|
|
104
|
+
sb.pushLine(`${propertyName}: [new iam.StarPrincipal()],`);
|
|
105
|
+
return;
|
|
106
|
+
}
|
|
107
|
+
if (!principals.length) {
|
|
108
|
+
return;
|
|
109
|
+
}
|
|
110
|
+
sb.pushLine(`${propertyName}: [`);
|
|
111
|
+
sb.withIndent((arrBuffer) => {
|
|
112
|
+
principals.forEach((p) => {
|
|
113
|
+
const type = p.type(); // e.g. "AWS", "Service", "Federated", or "*"
|
|
114
|
+
const value = p.value();
|
|
115
|
+
let principalCtor = '';
|
|
116
|
+
if (type === 'AWS') {
|
|
117
|
+
// Usually indicates an ARN principal
|
|
118
|
+
principalCtor = `new iam.ArnPrincipal("${value}")`;
|
|
119
|
+
}
|
|
120
|
+
else if (type === 'Service') {
|
|
121
|
+
principalCtor = `new iam.ServicePrincipal("${value}")`;
|
|
122
|
+
}
|
|
123
|
+
else if (type === 'Federated') {
|
|
124
|
+
// e.g. new iam.FederatedPrincipal('cognito-identity.amazonaws.com', {}, 'sts.amazonaws.com')
|
|
125
|
+
principalCtor = `new iam.FederatedPrincipal("${value}")`;
|
|
126
|
+
}
|
|
127
|
+
else if (type === 'CanonicalUser') {
|
|
128
|
+
principalCtor = `new iam.CanonicalUserPrincipal("${value}")`;
|
|
129
|
+
}
|
|
130
|
+
else {
|
|
131
|
+
// Fallback: treat as ArnPrincipal or something.
|
|
132
|
+
// Or you could switch to new iam.AccountPrincipal(value), depending on your usage.
|
|
133
|
+
principalCtor = `new iam.ArnPrincipal("${value}")`;
|
|
134
|
+
}
|
|
135
|
+
arrBuffer.pushLine(`${principalCtor},`);
|
|
136
|
+
});
|
|
137
|
+
});
|
|
138
|
+
sb.pushLine('],');
|
|
139
|
+
}
|
|
140
|
+
/**
|
|
141
|
+
* Collect conditions by operation & key, then output them as:
|
|
142
|
+
* conditions: {
|
|
143
|
+
* StringEquals: {
|
|
144
|
+
* "aws:username": "FoxMulder"
|
|
145
|
+
* },
|
|
146
|
+
* ForAnyValue:StringLike: {
|
|
147
|
+
* "s3:prefix": ["foo/*", "bar/*"]
|
|
148
|
+
* }
|
|
149
|
+
* }
|
|
150
|
+
*/
|
|
151
|
+
convertConditions(conditions, sb) {
|
|
152
|
+
if (!conditions.length) {
|
|
153
|
+
return;
|
|
154
|
+
}
|
|
155
|
+
// Construct a nested object: { [operator]: { [key]: string | string[] } }
|
|
156
|
+
// If multiple Condition objects share the same operator or key, you can combine them.
|
|
157
|
+
const conditionMap = {};
|
|
158
|
+
for (const cond of conditions) {
|
|
159
|
+
const operator = cond.operation().value(); // e.g. 'StringEquals' or 'ForAnyValue:StringLike'
|
|
160
|
+
const conditionKey = cond.conditionKey(); // e.g. 'aws:username'
|
|
161
|
+
const values = cond.conditionValues(); // array of strings
|
|
162
|
+
if (!conditionMap[operator]) {
|
|
163
|
+
conditionMap[operator] = {};
|
|
164
|
+
}
|
|
165
|
+
// If the same operator + key appear multiple times, we can merge them into an array
|
|
166
|
+
if (!conditionMap[operator][conditionKey]) {
|
|
167
|
+
// If there's only 1 value, store it directly. If >1, store array:
|
|
168
|
+
conditionMap[operator][conditionKey] = values.length === 1 ? values[0] : values;
|
|
169
|
+
}
|
|
170
|
+
else {
|
|
171
|
+
// Already have something there; ensure it’s an array and push new values
|
|
172
|
+
const existing = conditionMap[operator][conditionKey];
|
|
173
|
+
if (Array.isArray(existing)) {
|
|
174
|
+
existing.push(...values);
|
|
175
|
+
}
|
|
176
|
+
else {
|
|
177
|
+
// Convert existing single string to array
|
|
178
|
+
conditionMap[operator][conditionKey] = [existing, ...values];
|
|
179
|
+
}
|
|
180
|
+
}
|
|
181
|
+
}
|
|
182
|
+
sb.pushLine('conditions: {');
|
|
183
|
+
sb.withIndent((condBuffer) => {
|
|
184
|
+
Object.entries(conditionMap).forEach(([op, keyMap]) => {
|
|
185
|
+
condBuffer.pushLine(`${op}: {`);
|
|
186
|
+
condBuffer.withIndent((opBuffer) => {
|
|
187
|
+
Object.entries(keyMap).forEach(([k, val]) => {
|
|
188
|
+
if (Array.isArray(val)) {
|
|
189
|
+
// Convert to TS array e.g. ["val1", "val2"]
|
|
190
|
+
opBuffer.pushLine(`"${k}": [`);
|
|
191
|
+
opBuffer.withIndent((arrBuffer) => {
|
|
192
|
+
val.forEach((v) => {
|
|
193
|
+
arrBuffer.pushLine(`"${v}",`);
|
|
194
|
+
});
|
|
195
|
+
});
|
|
196
|
+
opBuffer.pushLine('],');
|
|
197
|
+
}
|
|
198
|
+
else {
|
|
199
|
+
// Single string
|
|
200
|
+
opBuffer.pushLine(`"${k}": "${val}",`);
|
|
201
|
+
}
|
|
202
|
+
});
|
|
203
|
+
});
|
|
204
|
+
condBuffer.pushLine('},');
|
|
205
|
+
});
|
|
206
|
+
});
|
|
207
|
+
sb.pushLine('},');
|
|
208
|
+
}
|
|
209
|
+
}
|
|
210
|
+
exports.CdkTypescriptConverter = CdkTypescriptConverter;
|
|
211
|
+
//# sourceMappingURL=cdkTypescript.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cdkTypescript.js","sourceRoot":"","sources":["../../../src/converters/cdkTypescript.ts"],"names":[],"mappings":";;;AAIA;;;GAGG;AACH,MAAa,sBAAsB;IACjC,OAAO,CAAC,MAAc,EAAE,EAAgB;QACtC,6DAA6D;QAC7D,kBAAkB;QAElB,EAAE,CAAC,QAAQ,CAAC,iDAAiD,CAAC,CAAA;QAC9D,EAAE,CAAC,UAAU,CAAC,CAAC,SAAS,EAAE,EAAE;YAC1B,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAA;YACnC,SAAS,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,EAAE;gBACnC,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,EAAE,CAAA;gBACtC,UAAU,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE;oBACpC,WAAW,CAAC,QAAQ,CAAC,2BAA2B,CAAC,CAAA;oBACjD,WAAW,CAAC,UAAU,CAAC,CAAC,UAAU,EAAE,EAAE;wBACpC,MAAM;wBACN,IAAI,SAAS,CAAC,GAAG,EAAE,EAAE,CAAC;4BACpB,UAAU,CAAC,QAAQ,CAAC,SAAS,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;wBACnD,CAAC;wBAED,sBAAsB;wBACtB,gFAAgF;wBAEhF,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAA;wBACpD,IAAI,SAAS,CAAC,MAAM,EAAE,EAAE,CAAC;4BACvB,UAAU,CAAC,QAAQ,CAAC,sBAAsB,MAAM,CAAC,WAAW,EAAE,GAAG,CAAC,CAAA;wBACpE,CAAC;wBAED,uBAAuB;wBACvB,IAAI,SAAS,CAAC,iBAAiB,EAAE,EAAE,CAAC;4BAClC,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,UAAU,CAAC,CAAA;wBACjE,CAAC;6BAAM,IAAI,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;4BAC5C,iCAAiC;4BACjC,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,YAAY,EAAE,UAAU,CAAC,CAAA;wBACvE,CAAC;wBAED,2BAA2B;wBAC3B,IAAI,SAAS,CAAC,mBAAmB,EAAE,EAAE,CAAC;4BACpC,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,WAAW,EAAE,UAAU,CAAC,CAAA;wBACvE,CAAC;6BAAM,IAAI,SAAS,CAAC,sBAAsB,EAAE,EAAE,CAAC;4BAC9C,mCAAmC;4BACnC,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,YAAY,EAAE,EAAE,cAAc,EAAE,UAAU,CAAC,CAAA;wBAC7E,CAAC;wBAED,6BAA6B;wBAC7B,IAAI,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;4BACrC,IAAI,CAAC,iBAAiB,CACpB,SAAS,CAAC,UAAU,EAAE,EACtB,YAAY,EACZ,SAAS,CAAC,0BAA0B,EAAE,EACtC,UAAU,CACX,CAAA;wBACH,CAAC;6BAAM,IAAI,SAAS,CAAC,uBAAuB,EAAE,EAAE,CAAC;4BAC/C,IAAI,CAAC,iBAAiB,CACpB,SAAS,CAAC,aAAa,EAAE,EACzB,eAAe,EACf,SAAS,CAAC,6BAA6B,EAAE,EACzC,UAAU,CACX,CAAA;wBACH,CAAC;wBAED,aAAa;wBACb,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,UAAU,CAAC,CAAA;oBAC5D,CAAC,CAAC,CAAA;oBAEF,IAAI,GAAG,KAAK,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBAClC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;oBAC5B,CAAC;yBAAM,CAAC;wBACN,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;oBAC7B,CAAC;oBACD,8FAA8F;gBAChG,CAAC,CAAC,CAAA;YACJ,CAAC,CAAC,CAAA;YACF,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;QACzB,CAAC,CAAC,CAAA;QACF,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;IACpB,CAAC;IAEO,cAAc,CACpB,OAAiB,EACjB,YAAsC,EACtC,EAAgB;QAEhB,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACpB,OAAM;QACR,CAAC;QAED,EAAE,CAAC,QAAQ,CAAC,GAAG,YAAY,KAAK,CAAC,CAAA;QACjC,EAAE,CAAC,UAAU,CAAC,CAAC,SAAS,EAAE,EAAE;YAC1B,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,CAAA;YACpC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE;gBAChC,IAAI,YAAY,GAAG,IAAI,MAAM,CAAC,KAAK,EAAE,GAAG,CAAA;gBACxC,IAAI,KAAK,GAAG,SAAS,EAAE,CAAC;oBACtB,YAAY,IAAI,GAAG,CAAA;gBACrB,CAAC;gBACD,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;YAClC,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QACF,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IACnB,CAAC;IAEO,gBAAgB,CACtB,SAAqB,EACrB,YAA0C,EAC1C,EAAgB;QAEhB,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;YACtB,OAAM;QACR,CAAC;QAED,EAAE,CAAC,QAAQ,CAAC,GAAG,YAAY,KAAK,CAAC,CAAA;QACjC,EAAE,CAAC,UAAU,CAAC,CAAC,SAAS,EAAE,EAAE;YAC1B,SAAS,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;gBACxB,SAAS,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;YACzC,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QACF,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IACnB,CAAC;IAED;;OAEG;IACK,iBAAiB,CACvB,UAAuB,EACvB,YAA4C,EAC5C,iBAA0B,EAC1B,EAAgB;QAEhB,IAAI,iBAAiB,EAAE,CAAC;YACtB,iDAAiD;YACjD,EAAE,CAAC,QAAQ,CAAC,GAAG,YAAY,8BAA8B,CAAC,CAAA;YAC1D,OAAM;QACR,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;YACvB,OAAM;QACR,CAAC;QAED,EAAE,CAAC,QAAQ,CAAC,GAAG,YAAY,KAAK,CAAC,CAAA;QACjC,EAAE,CAAC,UAAU,CAAC,CAAC,SAAS,EAAE,EAAE;YAC1B,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;gBACvB,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAA,CAAC,6CAA6C;gBACnE,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,EAAE,CAAA;gBAEvB,IAAI,aAAa,GAAG,EAAE,CAAA;gBACtB,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;oBACnB,qCAAqC;oBACrC,aAAa,GAAG,yBAAyB,KAAK,IAAI,CAAA;gBACpD,CAAC;qBAAM,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;oBAC9B,aAAa,GAAG,6BAA6B,KAAK,IAAI,CAAA;gBACxD,CAAC;qBAAM,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;oBAChC,6FAA6F;oBAC7F,aAAa,GAAG,+BAA+B,KAAK,IAAI,CAAA;gBAC1D,CAAC;qBAAM,IAAI,IAAI,KAAK,eAAe,EAAE,CAAC;oBACpC,aAAa,GAAG,mCAAmC,KAAK,IAAI,CAAA;gBAC9D,CAAC;qBAAM,CAAC;oBACN,gDAAgD;oBAChD,mFAAmF;oBACnF,aAAa,GAAG,yBAAyB,KAAK,IAAI,CAAA;gBACpD,CAAC;gBAED,SAAS,CAAC,QAAQ,CAAC,GAAG,aAAa,GAAG,CAAC,CAAA;YACzC,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QACF,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IACnB,CAAC;IAED;;;;;;;;;;OAUG;IACK,iBAAiB,CAAC,UAAuB,EAAE,EAAgB;QACjE,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;YACvB,OAAM;QACR,CAAC;QAED,0EAA0E;QAC1E,sFAAsF;QACtF,MAAM,YAAY,GAAsD,EAAE,CAAA;QAE1E,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,CAAA,CAAC,kDAAkD;YAC5F,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,EAAE,CAAA,CAAC,sBAAsB;YAC/D,MAAM,MAAM,GAAG,IAAI,CAAC,eAAe,EAAE,CAAA,CAAC,mBAAmB;YACzD,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAA;YAC7B,CAAC;YACD,oFAAoF;YACpF,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC1C,kEAAkE;gBAClE,YAAY,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAA;YACjF,CAAC;iBAAM,CAAC;gBACN,yEAAyE;gBACzE,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAA;gBACrD,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC5B,QAAQ,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAA;gBAC1B,CAAC;qBAAM,CAAC;oBACN,0CAA0C;oBAC1C,YAAY,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,MAAM,CAAC,CAAA;gBAC9D,CAAC;YACH,CAAC;QACH,CAAC;QAED,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAA;QAC5B,EAAE,CAAC,UAAU,CAAC,CAAC,UAAU,EAAE,EAAE;YAC3B,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE;gBACpD,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;gBAC/B,UAAU,CAAC,UAAU,CAAC,CAAC,QAAQ,EAAE,EAAE;oBACjC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE;wBAC1C,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;4BACvB,4CAA4C;4BAC5C,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;4BAC9B,QAAQ,CAAC,UAAU,CAAC,CAAC,SAAS,EAAE,EAAE;gCAChC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;oCAChB,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;gCAC/B,CAAC,CAAC,CAAA;4BACJ,CAAC,CAAC,CAAA;4BACF,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;wBACzB,CAAC;6BAAM,CAAC;4BACN,gBAAgB;4BAChB,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,CAAA;wBACxC,CAAC;oBACH,CAAC,CAAC,CAAA;gBACJ,CAAC,CAAC,CAAA;gBACF,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;YAC3B,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QACF,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IACnB,CAAC;CACF;AA1OD,wDA0OC"}
|
package/dist/esm/cli.js
CHANGED
|
@@ -21,7 +21,7 @@ async function run() {
|
|
|
21
21
|
description: 'The format to convert to',
|
|
22
22
|
type: 'enum',
|
|
23
23
|
values: 'single',
|
|
24
|
-
validValues: ['tf', 'cf']
|
|
24
|
+
validValues: ['tf', 'cf', 'cdk-ts', 'cdk-py']
|
|
25
25
|
},
|
|
26
26
|
file: {
|
|
27
27
|
description: 'A file to read the policy from. If not provided, stdin is used',
|
package/dist/esm/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAA;AACjE,OAAO,EAAE,UAAU,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAA;AAC5E,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,IAAI,CAAA;AAC7C,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AACtC,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAE7C,KAAK,UAAU,GAAG;IAChB,MAAM,GAAG,GAAG,iBAAiB,CAC3B,aAAa,EACb,EAAE,EACF;QACE,QAAQ,EAAE;YACR,WAAW,EACT,kFAAkF;YACpF,IAAI,EAAE,QAAQ;YACd,MAAM,EAAE,QAAQ;SACjB;QACD,aAAa,EAAE;YACb,WAAW,EACT,oGAAoG;YACtG,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,QAAQ;YAChB,WAAW,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC;SAC5B;QACD,MAAM,EAAE;YACN,WAAW,EAAE,0BAA0B;YACvC,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,QAAQ;YAChB,WAAW,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAA;AACjE,OAAO,EAAE,UAAU,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAA;AAC5E,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,IAAI,CAAA;AAC7C,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AACtC,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAE7C,KAAK,UAAU,GAAG;IAChB,MAAM,GAAG,GAAG,iBAAiB,CAC3B,aAAa,EACb,EAAE,EACF;QACE,QAAQ,EAAE;YACR,WAAW,EACT,kFAAkF;YACpF,IAAI,EAAE,QAAQ;YACd,MAAM,EAAE,QAAQ;SACjB;QACD,aAAa,EAAE;YACb,WAAW,EACT,oGAAoG;YACtG,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,QAAQ;YAChB,WAAW,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC;SAC5B;QACD,MAAM,EAAE;YACN,WAAW,EAAE,0BAA0B;YACvC,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,QAAQ;YAChB,WAAW,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,CAAC;SAC9C;QACD,IAAI,EAAE;YACJ,WAAW,EAAE,gEAAgE;YAC7E,IAAI,EAAE,QAAQ;YACd,MAAM,EAAE,QAAQ;SACjB;KACO,EACV;QACE,cAAc,EAAE,KAAK;KACtB,CACF,CAAA;IAED,IAAI,cAAc,GAAuB,SAAS,CAAA;IAElD,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,MAAM,UAAU,GAAG,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC5C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,IAAI,CAAC,IAAI,iBAAiB,CAAC,CAAA;YACrD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;QACD,cAAc,GAAG,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,SAAS,CAAC,CAAA;QAExC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CACX,uFAAuF,CACxF,CAAA;YACD,GAAG,CAAC,SAAS,EAAE,CAAA;YACf,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;QACD,cAAc,GAAG,KAAK,CAAA;IACxB,CAAC;IAED,MAAM,IAAI,GAAG,YAAY,CAAC,cAAc,CAAC,CAAA;IACzC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAA;QACtC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IACD,MAAM,YAAY,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAA;IAC/C,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAA;QACxC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAA;QAC3B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IAED,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,CAAA;IAC/B,MAAM,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,IAAI,CAAA;IACtC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE;QACrC,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ;QAC3B,aAAa,EAAE,GAAG,CAAC,IAAI,CAAC,aAAa,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;KACrE,CAAC,CAAA;IAEF,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;AACrB,CAAC;AAED,GAAG,EAAE;KACF,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC;KACD,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;KACd,OAAO,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA"}
|
package/dist/esm/convert.d.ts
CHANGED
|
@@ -1,12 +1,13 @@
|
|
|
1
1
|
import { Policy } from '@cloud-copilot/iam-policy';
|
|
2
|
+
import { CdkPythonConverter } from './converters/cdkPython.js';
|
|
3
|
+
import { CdkTypescriptConverter } from './converters/cdkTypescript.js';
|
|
2
4
|
import { CloudFormationConverter } from './converters/cloudFormation.js';
|
|
3
5
|
import { TerraformConverter } from './converters/terraform.js';
|
|
4
6
|
declare const converters: {
|
|
5
|
-
/**
|
|
6
|
-
* Convert to Terraform
|
|
7
|
-
*/
|
|
8
7
|
tf: typeof TerraformConverter;
|
|
9
8
|
cf: typeof CloudFormationConverter;
|
|
9
|
+
'cdk-ts': typeof CdkTypescriptConverter;
|
|
10
|
+
'cdk-py': typeof CdkPythonConverter;
|
|
10
11
|
};
|
|
11
12
|
/**
|
|
12
13
|
* Convert a policy to a string in the specified format
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"convert.d.ts","sourceRoot":"","sources":["../../src/convert.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAA;AAClD,OAAO,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAA;AACxE,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAI9D,QAAA,MAAM,UAAU
|
|
1
|
+
{"version":3,"file":"convert.d.ts","sourceRoot":"","sources":["../../src/convert.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAA;AAClD,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAC9D,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAA;AACtE,OAAO,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAA;AACxE,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAI9D,QAAA,MAAM,UAAU;;;;;CAKf,CAAA;AAED;;;;;;;GAOG;AACH,wBAAgB,OAAO,CACrB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,OAAO,UAAU,EAC/B,OAAO,CAAC,EAAE;IAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAAC,aAAa,CAAC,EAAE,MAAM,CAAA;CAAE,GACtD,MAAM,CAWR"}
|
package/dist/esm/convert.js
CHANGED
|
@@ -1,13 +1,14 @@
|
|
|
1
|
+
import { CdkPythonConverter } from './converters/cdkPython.js';
|
|
2
|
+
import { CdkTypescriptConverter } from './converters/cdkTypescript.js';
|
|
1
3
|
import { CloudFormationConverter } from './converters/cloudFormation.js';
|
|
2
4
|
import { TerraformConverter } from './converters/terraform.js';
|
|
3
5
|
import { defaultOptions } from './defaults.js';
|
|
4
6
|
import { StringBuffer } from './util/StringBuffer.js';
|
|
5
7
|
const converters = {
|
|
6
|
-
/**
|
|
7
|
-
* Convert to Terraform
|
|
8
|
-
*/
|
|
9
8
|
tf: TerraformConverter,
|
|
10
|
-
cf: CloudFormationConverter
|
|
9
|
+
cf: CloudFormationConverter,
|
|
10
|
+
'cdk-ts': CdkTypescriptConverter,
|
|
11
|
+
'cdk-py': CdkPythonConverter
|
|
11
12
|
};
|
|
12
13
|
/**
|
|
13
14
|
* Convert a policy to a string in the specified format
|
package/dist/esm/convert.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"convert.js","sourceRoot":"","sources":["../../src/convert.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAA;AACxE,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAA;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAA;AAErD,MAAM,UAAU,GAAG;IACjB
|
|
1
|
+
{"version":3,"file":"convert.js","sourceRoot":"","sources":["../../src/convert.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAC9D,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAA;AACtE,OAAO,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAA;AACxE,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAA;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAA;AAErD,MAAM,UAAU,GAAG;IACjB,EAAE,EAAE,kBAAkB;IACtB,EAAE,EAAE,uBAAuB;IAC3B,QAAQ,EAAE,sBAAsB;IAChC,QAAQ,EAAE,kBAAkB;CAC7B,CAAA;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,OAAO,CACrB,MAAc,EACd,MAA+B,EAC/B,OAAuD;IAEvD,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,uBAAuB,MAAM,EAAE,CAAC,CAAA;IAClD,CAAC;IAED,OAAO,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC,EAAE,CAAA;IAEnD,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAA;IAC1C,MAAM,YAAY,GAAG,IAAI,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC,CAAA;IAC9E,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,YAAY,CAAC,CAAA;IACvC,OAAO,YAAY,CAAC,QAAQ,EAAE,CAAA;AAChC,CAAC"}
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
import { Policy } from '@cloud-copilot/iam-policy';
|
|
2
|
+
import { StringBuffer } from '../util/StringBuffer.js';
|
|
3
|
+
import { Converter } from './converter.js';
|
|
4
|
+
/**
|
|
5
|
+
* Converts an IAM policy into Python code for AWS CDK (using `aws_cdk.aws_iam`).
|
|
6
|
+
* Produces something like:
|
|
7
|
+
*
|
|
8
|
+
*/
|
|
9
|
+
export declare class CdkPythonConverter implements Converter {
|
|
10
|
+
convert(policy: Policy, sb: StringBuffer): void;
|
|
11
|
+
private convertActions;
|
|
12
|
+
private convertResources;
|
|
13
|
+
/**
|
|
14
|
+
* Convert Principals into Python code, e.g. `[iam.ArnPrincipal("arn..."), iam.ServicePrincipal("...")]`.
|
|
15
|
+
*
|
|
16
|
+
* If `*` is present (and singled out by your policy logic), we use `iam.AnyPrincipal()`.
|
|
17
|
+
* Otherwise, we pick principal classes based on `principal.type()`.
|
|
18
|
+
*/
|
|
19
|
+
private convertPrincipals;
|
|
20
|
+
/**
|
|
21
|
+
* Convert conditions into a Python dict structure, e.g.
|
|
22
|
+
*
|
|
23
|
+
* conditions={
|
|
24
|
+
* "StringEquals": {
|
|
25
|
+
* "aws:username": "FoxMulder",
|
|
26
|
+
* "aws:someKey": ["val1","val2"]
|
|
27
|
+
* }
|
|
28
|
+
* }
|
|
29
|
+
*/
|
|
30
|
+
private convertConditions;
|
|
31
|
+
}
|
|
32
|
+
//# sourceMappingURL=cdkPython.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cdkPython.d.ts","sourceRoot":"","sources":["../../../src/converters/cdkPython.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,MAAM,EAAuB,MAAM,2BAA2B,CAAA;AAC1F,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAA;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AAE1C;;;;GAIG;AACH,qBAAa,kBAAmB,YAAW,SAAS;IAClD,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,EAAE,YAAY;IAiExC,OAAO,CAAC,cAAc;IAiBtB,OAAO,CAAC,gBAAgB;IAiBxB;;;;;OAKG;IACH,OAAO,CAAC,iBAAiB;IA8CzB;;;;;;;;;OASG;IACH,OAAO,CAAC,iBAAiB;CAuD1B"}
|
|
@@ -0,0 +1,193 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Converts an IAM policy into Python code for AWS CDK (using `aws_cdk.aws_iam`).
|
|
3
|
+
* Produces something like:
|
|
4
|
+
*
|
|
5
|
+
*/
|
|
6
|
+
export class CdkPythonConverter {
|
|
7
|
+
convert(policy, sb) {
|
|
8
|
+
// sb.pushLine('import aws_cdk.aws_iam as iam')
|
|
9
|
+
// sb.pushLine('')
|
|
10
|
+
sb.pushLine('policy_document = iam.PolicyDocument(');
|
|
11
|
+
sb.withIndent((docBuffer) => {
|
|
12
|
+
docBuffer.pushLine('statements=[');
|
|
13
|
+
docBuffer.withIndent((statementsBuffer) => {
|
|
14
|
+
const statements = policy.statements();
|
|
15
|
+
statements.forEach((statement, idx) => {
|
|
16
|
+
statementsBuffer.pushLine('iam.PolicyStatement(');
|
|
17
|
+
statementsBuffer.withIndent((stmtBuffer) => {
|
|
18
|
+
// Sid
|
|
19
|
+
if (statement.sid()) {
|
|
20
|
+
stmtBuffer.pushLine(`sid="${statement.sid()}",`);
|
|
21
|
+
}
|
|
22
|
+
if (statement.effect() && !statement.isAllow()) {
|
|
23
|
+
stmtBuffer.pushLine(`effect=Effect.DENY,`);
|
|
24
|
+
}
|
|
25
|
+
// Actions / NotActions
|
|
26
|
+
if (statement.isActionStatement()) {
|
|
27
|
+
this.convertActions(statement.actions(), 'actions', stmtBuffer);
|
|
28
|
+
}
|
|
29
|
+
else if (statement.isNotActionStatement()) {
|
|
30
|
+
// CDK also supports not_actions
|
|
31
|
+
this.convertActions(statement.notActions(), 'not_actions', stmtBuffer);
|
|
32
|
+
}
|
|
33
|
+
// Resources / NotResources
|
|
34
|
+
if (statement.isResourceStatement()) {
|
|
35
|
+
this.convertResources(statement.resources(), 'resources', stmtBuffer);
|
|
36
|
+
}
|
|
37
|
+
else if (statement.isNotResourceStatement()) {
|
|
38
|
+
this.convertResources(statement.notResources(), 'not_resources', stmtBuffer);
|
|
39
|
+
}
|
|
40
|
+
// Principals / NotPrincipals
|
|
41
|
+
if (statement.isPrincipalStatement()) {
|
|
42
|
+
this.convertPrincipals(statement.principals(), 'principals', statement.hasSingleWildcardPrincipal(), stmtBuffer);
|
|
43
|
+
}
|
|
44
|
+
else if (statement.isNotPrincipalStatement()) {
|
|
45
|
+
this.convertPrincipals(statement.notPrincipals(), 'not_principals', statement.hasSingleWildcardNotPrincipal(), stmtBuffer);
|
|
46
|
+
}
|
|
47
|
+
// Conditions
|
|
48
|
+
this.convertConditions(statement.conditions(), stmtBuffer);
|
|
49
|
+
});
|
|
50
|
+
statementsBuffer.pushLine('),'); // end of iam.PolicyStatement
|
|
51
|
+
});
|
|
52
|
+
});
|
|
53
|
+
docBuffer.pushLine('],'); // end of statements array
|
|
54
|
+
});
|
|
55
|
+
sb.pushLine(')'); // end of iam.PolicyDocument
|
|
56
|
+
}
|
|
57
|
+
convertActions(actions, propertyName, sb) {
|
|
58
|
+
if (!actions.length) {
|
|
59
|
+
return;
|
|
60
|
+
}
|
|
61
|
+
sb.pushLine(`${propertyName}=[`);
|
|
62
|
+
sb.withIndent((arrBuffer) => {
|
|
63
|
+
actions.forEach((action) => {
|
|
64
|
+
arrBuffer.pushLine(`"${action.value()}",`);
|
|
65
|
+
});
|
|
66
|
+
});
|
|
67
|
+
sb.pushLine('],');
|
|
68
|
+
}
|
|
69
|
+
convertResources(resources, propertyName, sb) {
|
|
70
|
+
if (!resources.length) {
|
|
71
|
+
return;
|
|
72
|
+
}
|
|
73
|
+
sb.pushLine(`${propertyName}=[`);
|
|
74
|
+
sb.withIndent((arrBuffer) => {
|
|
75
|
+
resources.forEach((res) => {
|
|
76
|
+
arrBuffer.pushLine(`"${res.value()}",`);
|
|
77
|
+
});
|
|
78
|
+
});
|
|
79
|
+
sb.pushLine('],');
|
|
80
|
+
}
|
|
81
|
+
/**
|
|
82
|
+
* Convert Principals into Python code, e.g. `[iam.ArnPrincipal("arn..."), iam.ServicePrincipal("...")]`.
|
|
83
|
+
*
|
|
84
|
+
* If `*` is present (and singled out by your policy logic), we use `iam.AnyPrincipal()`.
|
|
85
|
+
* Otherwise, we pick principal classes based on `principal.type()`.
|
|
86
|
+
*/
|
|
87
|
+
convertPrincipals(principals, propertyName, hasSingleWildcard, sb) {
|
|
88
|
+
if (hasSingleWildcard) {
|
|
89
|
+
sb.pushLine(`${propertyName}=[iam.StarPrincipal()],`);
|
|
90
|
+
return;
|
|
91
|
+
}
|
|
92
|
+
if (!principals.length) {
|
|
93
|
+
return;
|
|
94
|
+
}
|
|
95
|
+
sb.pushLine(`${propertyName}=[`);
|
|
96
|
+
sb.withIndent((arrBuffer) => {
|
|
97
|
+
for (const p of principals) {
|
|
98
|
+
const type = p.type(); // e.g. "AWS", "Service", "Federated", "*"
|
|
99
|
+
const value = p.value();
|
|
100
|
+
let principalCtor;
|
|
101
|
+
if (type === 'AWS') {
|
|
102
|
+
if (value === '*') {
|
|
103
|
+
principalCtor = 'iam.AnyPrincipal()';
|
|
104
|
+
}
|
|
105
|
+
else {
|
|
106
|
+
principalCtor = `iam.ArnPrincipal("${value}")`;
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
else if (type === 'Service') {
|
|
110
|
+
principalCtor = `iam.ServicePrincipal("${value}")`;
|
|
111
|
+
}
|
|
112
|
+
else if (type === 'Federated') {
|
|
113
|
+
// e.g. cognito-identity.amazonaws.com
|
|
114
|
+
// in TS: new iam.FederatedPrincipal(..., {...}, "sts.amazonaws.com")
|
|
115
|
+
// in Python, it's iam.FederatedPrincipal(..., {...}, "sts.amazonaws.com")
|
|
116
|
+
// We'll just provide an empty policy document for now.
|
|
117
|
+
principalCtor = `iam.FederatedPrincipal("${value}")`;
|
|
118
|
+
}
|
|
119
|
+
else {
|
|
120
|
+
// fallback
|
|
121
|
+
principalCtor = `iam.ArnPrincipal("${value}")`;
|
|
122
|
+
}
|
|
123
|
+
arrBuffer.pushLine(`${principalCtor},`);
|
|
124
|
+
}
|
|
125
|
+
});
|
|
126
|
+
sb.pushLine('],');
|
|
127
|
+
}
|
|
128
|
+
/**
|
|
129
|
+
* Convert conditions into a Python dict structure, e.g.
|
|
130
|
+
*
|
|
131
|
+
* conditions={
|
|
132
|
+
* "StringEquals": {
|
|
133
|
+
* "aws:username": "FoxMulder",
|
|
134
|
+
* "aws:someKey": ["val1","val2"]
|
|
135
|
+
* }
|
|
136
|
+
* }
|
|
137
|
+
*/
|
|
138
|
+
convertConditions(conditions, sb) {
|
|
139
|
+
if (!conditions.length) {
|
|
140
|
+
return;
|
|
141
|
+
}
|
|
142
|
+
// We'll build a nested object/dict in memory:
|
|
143
|
+
// { operator: { key: string | string[] } }
|
|
144
|
+
const conditionMap = {};
|
|
145
|
+
for (const cond of conditions) {
|
|
146
|
+
const operator = cond.operation().value(); // e.g. "StringEquals", "ForAnyValue:StringLike", etc.
|
|
147
|
+
const key = cond.conditionKey(); // e.g. "aws:username"
|
|
148
|
+
const vals = cond.conditionValues(); // string[]
|
|
149
|
+
if (!conditionMap[operator]) {
|
|
150
|
+
conditionMap[operator] = {};
|
|
151
|
+
}
|
|
152
|
+
if (!conditionMap[operator][key]) {
|
|
153
|
+
conditionMap[operator][key] = vals.length === 1 ? vals[0] : [...vals];
|
|
154
|
+
}
|
|
155
|
+
else {
|
|
156
|
+
// If already present, merge
|
|
157
|
+
const existing = conditionMap[operator][key];
|
|
158
|
+
if (Array.isArray(existing)) {
|
|
159
|
+
existing.push(...vals);
|
|
160
|
+
}
|
|
161
|
+
else {
|
|
162
|
+
conditionMap[operator][key] = [existing, ...vals];
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
}
|
|
166
|
+
sb.pushLine('conditions={');
|
|
167
|
+
sb.withIndent((conditionsBuffer) => {
|
|
168
|
+
for (const [op, keyMap] of Object.entries(conditionMap)) {
|
|
169
|
+
conditionsBuffer.pushLine(`"${op}": {`);
|
|
170
|
+
conditionsBuffer.withIndent((opBuffer) => {
|
|
171
|
+
for (const [k, val] of Object.entries(keyMap)) {
|
|
172
|
+
if (Array.isArray(val)) {
|
|
173
|
+
// e.g. "aws:prefix": ["val1", "val2"]
|
|
174
|
+
opBuffer.pushLine(`"${k}": [`);
|
|
175
|
+
opBuffer.withIndent((arrBuffer) => {
|
|
176
|
+
val.forEach((item) => {
|
|
177
|
+
arrBuffer.pushLine(`"${item}",`);
|
|
178
|
+
});
|
|
179
|
+
});
|
|
180
|
+
opBuffer.pushLine('],');
|
|
181
|
+
}
|
|
182
|
+
else {
|
|
183
|
+
opBuffer.pushLine(`"${k}": "${val}",`);
|
|
184
|
+
}
|
|
185
|
+
}
|
|
186
|
+
});
|
|
187
|
+
conditionsBuffer.pushLine('},');
|
|
188
|
+
}
|
|
189
|
+
});
|
|
190
|
+
sb.pushLine('},');
|
|
191
|
+
}
|
|
192
|
+
}
|
|
193
|
+
//# sourceMappingURL=cdkPython.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cdkPython.js","sourceRoot":"","sources":["../../../src/converters/cdkPython.ts"],"names":[],"mappings":"AAIA;;;;GAIG;AACH,MAAM,OAAO,kBAAkB;IAC7B,OAAO,CAAC,MAAc,EAAE,EAAgB;QACtC,+CAA+C;QAC/C,kBAAkB;QAElB,EAAE,CAAC,QAAQ,CAAC,uCAAuC,CAAC,CAAA;QACpD,EAAE,CAAC,UAAU,CAAC,CAAC,SAAS,EAAE,EAAE;YAC1B,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAA;YAClC,SAAS,CAAC,UAAU,CAAC,CAAC,gBAAgB,EAAE,EAAE;gBACxC,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,EAAE,CAAA;gBACtC,UAAU,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE;oBACpC,gBAAgB,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAA;oBACjD,gBAAgB,CAAC,UAAU,CAAC,CAAC,UAAU,EAAE,EAAE;wBACzC,MAAM;wBACN,IAAI,SAAS,CAAC,GAAG,EAAE,EAAE,CAAC;4BACpB,UAAU,CAAC,QAAQ,CAAC,QAAQ,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;wBAClD,CAAC;wBAED,IAAI,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,CAAC;4BAC/C,UAAU,CAAC,QAAQ,CAAC,qBAAqB,CAAC,CAAA;wBAC5C,CAAC;wBAED,uBAAuB;wBACvB,IAAI,SAAS,CAAC,iBAAiB,EAAE,EAAE,CAAC;4BAClC,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,UAAU,CAAC,CAAA;wBACjE,CAAC;6BAAM,IAAI,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;4BAC5C,gCAAgC;4BAChC,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,aAAa,EAAE,UAAU,CAAC,CAAA;wBACxE,CAAC;wBAED,2BAA2B;wBAC3B,IAAI,SAAS,CAAC,mBAAmB,EAAE,EAAE,CAAC;4BACpC,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,WAAW,EAAE,UAAU,CAAC,CAAA;wBACvE,CAAC;6BAAM,IAAI,SAAS,CAAC,sBAAsB,EAAE,EAAE,CAAC;4BAC9C,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,YAAY,EAAE,EAAE,eAAe,EAAE,UAAU,CAAC,CAAA;wBAC9E,CAAC;wBAED,6BAA6B;wBAC7B,IAAI,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;4BACrC,IAAI,CAAC,iBAAiB,CACpB,SAAS,CAAC,UAAU,EAAE,EACtB,YAAY,EACZ,SAAS,CAAC,0BAA0B,EAAE,EACtC,UAAU,CACX,CAAA;wBACH,CAAC;6BAAM,IAAI,SAAS,CAAC,uBAAuB,EAAE,EAAE,CAAC;4BAC/C,IAAI,CAAC,iBAAiB,CACpB,SAAS,CAAC,aAAa,EAAE,EACzB,gBAAgB,EAChB,SAAS,CAAC,6BAA6B,EAAE,EACzC,UAAU,CACX,CAAA;wBACH,CAAC;wBAED,aAAa;wBACb,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,UAAU,CAAC,CAAA;oBAC5D,CAAC,CAAC,CAAA;oBAEF,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA,CAAC,6BAA6B;gBAC/D,CAAC,CAAC,CAAA;YACJ,CAAC,CAAC,CAAA;YACF,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA,CAAC,0BAA0B;QACrD,CAAC,CAAC,CAAA;QACF,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA,CAAC,4BAA4B;IAC/C,CAAC;IAEO,cAAc,CACpB,OAAiB,EACjB,YAAuC,EACvC,EAAgB;QAEhB,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACpB,OAAM;QACR,CAAC;QACD,EAAE,CAAC,QAAQ,CAAC,GAAG,YAAY,IAAI,CAAC,CAAA;QAChC,EAAE,CAAC,UAAU,CAAC,CAAC,SAAS,EAAE,EAAE;YAC1B,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;gBACzB,SAAS,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;YAC5C,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QACF,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IACnB,CAAC;IAEO,gBAAgB,CACtB,SAAqB,EACrB,YAA2C,EAC3C,EAAgB;QAEhB,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;YACtB,OAAM;QACR,CAAC;QACD,EAAE,CAAC,QAAQ,CAAC,GAAG,YAAY,IAAI,CAAC,CAAA;QAChC,EAAE,CAAC,UAAU,CAAC,CAAC,SAAS,EAAE,EAAE;YAC1B,SAAS,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;gBACxB,SAAS,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;YACzC,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QACF,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IACnB,CAAC;IAED;;;;;OAKG;IACK,iBAAiB,CACvB,UAAuB,EACvB,YAA6C,EAC7C,iBAA0B,EAC1B,EAAgB;QAEhB,IAAI,iBAAiB,EAAE,CAAC;YACtB,EAAE,CAAC,QAAQ,CAAC,GAAG,YAAY,yBAAyB,CAAC,CAAA;YACrD,OAAM;QACR,CAAC;QACD,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;YACvB,OAAM;QACR,CAAC;QAED,EAAE,CAAC,QAAQ,CAAC,GAAG,YAAY,IAAI,CAAC,CAAA;QAChC,EAAE,CAAC,UAAU,CAAC,CAAC,SAAS,EAAE,EAAE;YAC1B,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;gBAC3B,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAA,CAAC,0CAA0C;gBAChE,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,EAAE,CAAA;gBAEvB,IAAI,aAAqB,CAAA;gBACzB,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;oBACnB,IAAI,KAAK,KAAK,GAAG,EAAE,CAAC;wBAClB,aAAa,GAAG,oBAAoB,CAAA;oBACtC,CAAC;yBAAM,CAAC;wBACN,aAAa,GAAG,qBAAqB,KAAK,IAAI,CAAA;oBAChD,CAAC;gBACH,CAAC;qBAAM,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;oBAC9B,aAAa,GAAG,yBAAyB,KAAK,IAAI,CAAA;gBACpD,CAAC;qBAAM,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;oBAChC,sCAAsC;oBACtC,qEAAqE;oBACrE,0EAA0E;oBAC1E,uDAAuD;oBACvD,aAAa,GAAG,2BAA2B,KAAK,IAAI,CAAA;gBACtD,CAAC;qBAAM,CAAC;oBACN,WAAW;oBACX,aAAa,GAAG,qBAAqB,KAAK,IAAI,CAAA;gBAChD,CAAC;gBAED,SAAS,CAAC,QAAQ,CAAC,GAAG,aAAa,GAAG,CAAC,CAAA;YACzC,CAAC;QACH,CAAC,CAAC,CAAA;QACF,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IACnB,CAAC;IAED;;;;;;;;;OASG;IACK,iBAAiB,CAAC,UAAuB,EAAE,EAAgB;QACjE,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;YACvB,OAAM;QACR,CAAC;QAED,8CAA8C;QAC9C,2CAA2C;QAC3C,MAAM,YAAY,GAAsD,EAAE,CAAA;QAE1E,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,CAAA,CAAC,sDAAsD;YAChG,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,EAAE,CAAA,CAAC,sBAAsB;YACtD,MAAM,IAAI,GAAG,IAAI,CAAC,eAAe,EAAE,CAAA,CAAC,WAAW;YAC/C,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAA;YAC7B,CAAC;YAED,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;gBACjC,YAAY,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAA;YACvE,CAAC;iBAAM,CAAC;gBACN,4BAA4B;gBAC5B,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAA;gBAC5C,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC5B,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAA;gBACxB,CAAC;qBAAM,CAAC;oBACN,YAAY,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,CAAA;gBACnD,CAAC;YACH,CAAC;QACH,CAAC;QAED,EAAE,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAA;QAC3B,EAAE,CAAC,UAAU,CAAC,CAAC,gBAAgB,EAAE,EAAE;YACjC,KAAK,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;gBACxD,gBAAgB,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;gBACvC,gBAAgB,CAAC,UAAU,CAAC,CAAC,QAAQ,EAAE,EAAE;oBACvC,KAAK,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;wBAC9C,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;4BACvB,sCAAsC;4BACtC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;4BAC9B,QAAQ,CAAC,UAAU,CAAC,CAAC,SAAS,EAAE,EAAE;gCAChC,GAAG,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;oCACnB,SAAS,CAAC,QAAQ,CAAC,IAAI,IAAI,IAAI,CAAC,CAAA;gCAClC,CAAC,CAAC,CAAA;4BACJ,CAAC,CAAC,CAAA;4BACF,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;wBACzB,CAAC;6BAAM,CAAC;4BACN,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,CAAA;wBACxC,CAAC;oBACH,CAAC;gBACH,CAAC,CAAC,CAAA;gBACF,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;YACjC,CAAC;QACH,CAAC,CAAC,CAAA;QACF,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IACnB,CAAC;CACF"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import { Policy } from '@cloud-copilot/iam-policy';
|
|
2
|
+
import { StringBuffer } from '../util/StringBuffer.js';
|
|
3
|
+
import { Converter } from './converter.js';
|
|
4
|
+
/**
|
|
5
|
+
* Converts an IAM policy into TypeScript code that uses the AWS CDK (v2)
|
|
6
|
+
* to build a new iam.PolicyDocument with multiple iam.PolicyStatement objects.
|
|
7
|
+
*/
|
|
8
|
+
export declare class CdkTypescriptConverter implements Converter {
|
|
9
|
+
convert(policy: Policy, sb: StringBuffer): void;
|
|
10
|
+
private convertActions;
|
|
11
|
+
private convertResources;
|
|
12
|
+
/**
|
|
13
|
+
* For Principals, we create new iam.Principal-based classes (e.g. ArnPrincipal, ServicePrincipal).
|
|
14
|
+
*/
|
|
15
|
+
private convertPrincipals;
|
|
16
|
+
/**
|
|
17
|
+
* Collect conditions by operation & key, then output them as:
|
|
18
|
+
* conditions: {
|
|
19
|
+
* StringEquals: {
|
|
20
|
+
* "aws:username": "FoxMulder"
|
|
21
|
+
* },
|
|
22
|
+
* ForAnyValue:StringLike: {
|
|
23
|
+
* "s3:prefix": ["foo/*", "bar/*"]
|
|
24
|
+
* }
|
|
25
|
+
* }
|
|
26
|
+
*/
|
|
27
|
+
private convertConditions;
|
|
28
|
+
}
|
|
29
|
+
//# sourceMappingURL=cdkTypescript.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cdkTypescript.d.ts","sourceRoot":"","sources":["../../../src/converters/cdkTypescript.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,MAAM,EAAuB,MAAM,2BAA2B,CAAA;AAC1F,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAA;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AAE1C;;;GAGG;AACH,qBAAa,sBAAuB,YAAW,SAAS;IACtD,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,EAAE,YAAY;IA2ExC,OAAO,CAAC,cAAc;IAuBtB,OAAO,CAAC,gBAAgB;IAkBxB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IA6CzB;;;;;;;;;;OAUG;IACH,OAAO,CAAC,iBAAiB;CA0D1B"}
|
|
@@ -0,0 +1,207 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Converts an IAM policy into TypeScript code that uses the AWS CDK (v2)
|
|
3
|
+
* to build a new iam.PolicyDocument with multiple iam.PolicyStatement objects.
|
|
4
|
+
*/
|
|
5
|
+
export class CdkTypescriptConverter {
|
|
6
|
+
convert(policy, sb) {
|
|
7
|
+
// sb.pushLine("import * as iam from 'aws-cdk-lib/aws-iam';")
|
|
8
|
+
// sb.pushLine('')
|
|
9
|
+
sb.pushLine('const policyDocument = new iam.PolicyDocument({');
|
|
10
|
+
sb.withIndent((docBuffer) => {
|
|
11
|
+
docBuffer.pushLine('statements: [');
|
|
12
|
+
docBuffer.withIndent((stmtsBuffer) => {
|
|
13
|
+
const statements = policy.statements();
|
|
14
|
+
statements.forEach((statement, idx) => {
|
|
15
|
+
stmtsBuffer.pushLine('new iam.PolicyStatement({');
|
|
16
|
+
stmtsBuffer.withIndent((stmtBuffer) => {
|
|
17
|
+
// Sid
|
|
18
|
+
if (statement.sid()) {
|
|
19
|
+
stmtBuffer.pushLine(`sid: "${statement.sid()}",`);
|
|
20
|
+
}
|
|
21
|
+
// Effect (Allow/Deny)
|
|
22
|
+
// if isDeny() is false, we assume ALLOW; adjust if you prefer a default of DENY
|
|
23
|
+
const effect = statement.isDeny() ? 'DENY' : 'ALLOW';
|
|
24
|
+
if (statement.effect()) {
|
|
25
|
+
stmtBuffer.pushLine(`effect: iam.Effect.${effect.toUpperCase()},`);
|
|
26
|
+
}
|
|
27
|
+
// Actions / NotActions
|
|
28
|
+
if (statement.isActionStatement()) {
|
|
29
|
+
this.convertActions(statement.actions(), 'actions', stmtBuffer);
|
|
30
|
+
}
|
|
31
|
+
else if (statement.isNotActionStatement()) {
|
|
32
|
+
// CDK also supports 'notActions'
|
|
33
|
+
this.convertActions(statement.notActions(), 'notActions', stmtBuffer);
|
|
34
|
+
}
|
|
35
|
+
// Resources / NotResources
|
|
36
|
+
if (statement.isResourceStatement()) {
|
|
37
|
+
this.convertResources(statement.resources(), 'resources', stmtBuffer);
|
|
38
|
+
}
|
|
39
|
+
else if (statement.isNotResourceStatement()) {
|
|
40
|
+
// CDK also supports 'notResources'
|
|
41
|
+
this.convertResources(statement.notResources(), 'notResources', stmtBuffer);
|
|
42
|
+
}
|
|
43
|
+
// Principals / NotPrincipals
|
|
44
|
+
if (statement.isPrincipalStatement()) {
|
|
45
|
+
this.convertPrincipals(statement.principals(), 'principals', statement.hasSingleWildcardPrincipal(), stmtBuffer);
|
|
46
|
+
}
|
|
47
|
+
else if (statement.isNotPrincipalStatement()) {
|
|
48
|
+
this.convertPrincipals(statement.notPrincipals(), 'notPrincipals', statement.hasSingleWildcardNotPrincipal(), stmtBuffer);
|
|
49
|
+
}
|
|
50
|
+
// Conditions
|
|
51
|
+
this.convertConditions(statement.conditions(), stmtBuffer);
|
|
52
|
+
});
|
|
53
|
+
if (idx === statements.length - 1) {
|
|
54
|
+
stmtsBuffer.pushLine('})');
|
|
55
|
+
}
|
|
56
|
+
else {
|
|
57
|
+
stmtsBuffer.pushLine('}),');
|
|
58
|
+
}
|
|
59
|
+
// If you don't want a trailing comma after the last one, you can check idx < length - 1, etc.
|
|
60
|
+
});
|
|
61
|
+
});
|
|
62
|
+
docBuffer.pushLine(']');
|
|
63
|
+
});
|
|
64
|
+
sb.pushLine('});');
|
|
65
|
+
}
|
|
66
|
+
convertActions(actions, propertyName, sb) {
|
|
67
|
+
if (!actions.length) {
|
|
68
|
+
return;
|
|
69
|
+
}
|
|
70
|
+
sb.pushLine(`${propertyName}: [`);
|
|
71
|
+
sb.withIndent((arrBuffer) => {
|
|
72
|
+
const lastIndex = actions.length - 1;
|
|
73
|
+
actions.forEach((action, index) => {
|
|
74
|
+
let actionString = `"${action.value()}"`;
|
|
75
|
+
if (index < lastIndex) {
|
|
76
|
+
actionString += ',';
|
|
77
|
+
}
|
|
78
|
+
arrBuffer.pushLine(actionString);
|
|
79
|
+
});
|
|
80
|
+
});
|
|
81
|
+
sb.pushLine('],');
|
|
82
|
+
}
|
|
83
|
+
convertResources(resources, propertyName, sb) {
|
|
84
|
+
if (!resources.length) {
|
|
85
|
+
return;
|
|
86
|
+
}
|
|
87
|
+
sb.pushLine(`${propertyName}: [`);
|
|
88
|
+
sb.withIndent((arrBuffer) => {
|
|
89
|
+
resources.forEach((res) => {
|
|
90
|
+
arrBuffer.pushLine(`"${res.value()}",`);
|
|
91
|
+
});
|
|
92
|
+
});
|
|
93
|
+
sb.pushLine('],');
|
|
94
|
+
}
|
|
95
|
+
/**
|
|
96
|
+
* For Principals, we create new iam.Principal-based classes (e.g. ArnPrincipal, ServicePrincipal).
|
|
97
|
+
*/
|
|
98
|
+
convertPrincipals(principals, propertyName, hasSingleWildcard, sb) {
|
|
99
|
+
if (hasSingleWildcard) {
|
|
100
|
+
// If it is just "*", then new iam.AnyPrincipal()
|
|
101
|
+
sb.pushLine(`${propertyName}: [new iam.StarPrincipal()],`);
|
|
102
|
+
return;
|
|
103
|
+
}
|
|
104
|
+
if (!principals.length) {
|
|
105
|
+
return;
|
|
106
|
+
}
|
|
107
|
+
sb.pushLine(`${propertyName}: [`);
|
|
108
|
+
sb.withIndent((arrBuffer) => {
|
|
109
|
+
principals.forEach((p) => {
|
|
110
|
+
const type = p.type(); // e.g. "AWS", "Service", "Federated", or "*"
|
|
111
|
+
const value = p.value();
|
|
112
|
+
let principalCtor = '';
|
|
113
|
+
if (type === 'AWS') {
|
|
114
|
+
// Usually indicates an ARN principal
|
|
115
|
+
principalCtor = `new iam.ArnPrincipal("${value}")`;
|
|
116
|
+
}
|
|
117
|
+
else if (type === 'Service') {
|
|
118
|
+
principalCtor = `new iam.ServicePrincipal("${value}")`;
|
|
119
|
+
}
|
|
120
|
+
else if (type === 'Federated') {
|
|
121
|
+
// e.g. new iam.FederatedPrincipal('cognito-identity.amazonaws.com', {}, 'sts.amazonaws.com')
|
|
122
|
+
principalCtor = `new iam.FederatedPrincipal("${value}")`;
|
|
123
|
+
}
|
|
124
|
+
else if (type === 'CanonicalUser') {
|
|
125
|
+
principalCtor = `new iam.CanonicalUserPrincipal("${value}")`;
|
|
126
|
+
}
|
|
127
|
+
else {
|
|
128
|
+
// Fallback: treat as ArnPrincipal or something.
|
|
129
|
+
// Or you could switch to new iam.AccountPrincipal(value), depending on your usage.
|
|
130
|
+
principalCtor = `new iam.ArnPrincipal("${value}")`;
|
|
131
|
+
}
|
|
132
|
+
arrBuffer.pushLine(`${principalCtor},`);
|
|
133
|
+
});
|
|
134
|
+
});
|
|
135
|
+
sb.pushLine('],');
|
|
136
|
+
}
|
|
137
|
+
/**
|
|
138
|
+
* Collect conditions by operation & key, then output them as:
|
|
139
|
+
* conditions: {
|
|
140
|
+
* StringEquals: {
|
|
141
|
+
* "aws:username": "FoxMulder"
|
|
142
|
+
* },
|
|
143
|
+
* ForAnyValue:StringLike: {
|
|
144
|
+
* "s3:prefix": ["foo/*", "bar/*"]
|
|
145
|
+
* }
|
|
146
|
+
* }
|
|
147
|
+
*/
|
|
148
|
+
convertConditions(conditions, sb) {
|
|
149
|
+
if (!conditions.length) {
|
|
150
|
+
return;
|
|
151
|
+
}
|
|
152
|
+
// Construct a nested object: { [operator]: { [key]: string | string[] } }
|
|
153
|
+
// If multiple Condition objects share the same operator or key, you can combine them.
|
|
154
|
+
const conditionMap = {};
|
|
155
|
+
for (const cond of conditions) {
|
|
156
|
+
const operator = cond.operation().value(); // e.g. 'StringEquals' or 'ForAnyValue:StringLike'
|
|
157
|
+
const conditionKey = cond.conditionKey(); // e.g. 'aws:username'
|
|
158
|
+
const values = cond.conditionValues(); // array of strings
|
|
159
|
+
if (!conditionMap[operator]) {
|
|
160
|
+
conditionMap[operator] = {};
|
|
161
|
+
}
|
|
162
|
+
// If the same operator + key appear multiple times, we can merge them into an array
|
|
163
|
+
if (!conditionMap[operator][conditionKey]) {
|
|
164
|
+
// If there's only 1 value, store it directly. If >1, store array:
|
|
165
|
+
conditionMap[operator][conditionKey] = values.length === 1 ? values[0] : values;
|
|
166
|
+
}
|
|
167
|
+
else {
|
|
168
|
+
// Already have something there; ensure it’s an array and push new values
|
|
169
|
+
const existing = conditionMap[operator][conditionKey];
|
|
170
|
+
if (Array.isArray(existing)) {
|
|
171
|
+
existing.push(...values);
|
|
172
|
+
}
|
|
173
|
+
else {
|
|
174
|
+
// Convert existing single string to array
|
|
175
|
+
conditionMap[operator][conditionKey] = [existing, ...values];
|
|
176
|
+
}
|
|
177
|
+
}
|
|
178
|
+
}
|
|
179
|
+
sb.pushLine('conditions: {');
|
|
180
|
+
sb.withIndent((condBuffer) => {
|
|
181
|
+
Object.entries(conditionMap).forEach(([op, keyMap]) => {
|
|
182
|
+
condBuffer.pushLine(`${op}: {`);
|
|
183
|
+
condBuffer.withIndent((opBuffer) => {
|
|
184
|
+
Object.entries(keyMap).forEach(([k, val]) => {
|
|
185
|
+
if (Array.isArray(val)) {
|
|
186
|
+
// Convert to TS array e.g. ["val1", "val2"]
|
|
187
|
+
opBuffer.pushLine(`"${k}": [`);
|
|
188
|
+
opBuffer.withIndent((arrBuffer) => {
|
|
189
|
+
val.forEach((v) => {
|
|
190
|
+
arrBuffer.pushLine(`"${v}",`);
|
|
191
|
+
});
|
|
192
|
+
});
|
|
193
|
+
opBuffer.pushLine('],');
|
|
194
|
+
}
|
|
195
|
+
else {
|
|
196
|
+
// Single string
|
|
197
|
+
opBuffer.pushLine(`"${k}": "${val}",`);
|
|
198
|
+
}
|
|
199
|
+
});
|
|
200
|
+
});
|
|
201
|
+
condBuffer.pushLine('},');
|
|
202
|
+
});
|
|
203
|
+
});
|
|
204
|
+
sb.pushLine('},');
|
|
205
|
+
}
|
|
206
|
+
}
|
|
207
|
+
//# sourceMappingURL=cdkTypescript.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cdkTypescript.js","sourceRoot":"","sources":["../../../src/converters/cdkTypescript.ts"],"names":[],"mappings":"AAIA;;;GAGG;AACH,MAAM,OAAO,sBAAsB;IACjC,OAAO,CAAC,MAAc,EAAE,EAAgB;QACtC,6DAA6D;QAC7D,kBAAkB;QAElB,EAAE,CAAC,QAAQ,CAAC,iDAAiD,CAAC,CAAA;QAC9D,EAAE,CAAC,UAAU,CAAC,CAAC,SAAS,EAAE,EAAE;YAC1B,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAA;YACnC,SAAS,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,EAAE;gBACnC,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,EAAE,CAAA;gBACtC,UAAU,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE;oBACpC,WAAW,CAAC,QAAQ,CAAC,2BAA2B,CAAC,CAAA;oBACjD,WAAW,CAAC,UAAU,CAAC,CAAC,UAAU,EAAE,EAAE;wBACpC,MAAM;wBACN,IAAI,SAAS,CAAC,GAAG,EAAE,EAAE,CAAC;4BACpB,UAAU,CAAC,QAAQ,CAAC,SAAS,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;wBACnD,CAAC;wBAED,sBAAsB;wBACtB,gFAAgF;wBAEhF,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAA;wBACpD,IAAI,SAAS,CAAC,MAAM,EAAE,EAAE,CAAC;4BACvB,UAAU,CAAC,QAAQ,CAAC,sBAAsB,MAAM,CAAC,WAAW,EAAE,GAAG,CAAC,CAAA;wBACpE,CAAC;wBAED,uBAAuB;wBACvB,IAAI,SAAS,CAAC,iBAAiB,EAAE,EAAE,CAAC;4BAClC,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,UAAU,CAAC,CAAA;wBACjE,CAAC;6BAAM,IAAI,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;4BAC5C,iCAAiC;4BACjC,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,YAAY,EAAE,UAAU,CAAC,CAAA;wBACvE,CAAC;wBAED,2BAA2B;wBAC3B,IAAI,SAAS,CAAC,mBAAmB,EAAE,EAAE,CAAC;4BACpC,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,WAAW,EAAE,UAAU,CAAC,CAAA;wBACvE,CAAC;6BAAM,IAAI,SAAS,CAAC,sBAAsB,EAAE,EAAE,CAAC;4BAC9C,mCAAmC;4BACnC,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,YAAY,EAAE,EAAE,cAAc,EAAE,UAAU,CAAC,CAAA;wBAC7E,CAAC;wBAED,6BAA6B;wBAC7B,IAAI,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;4BACrC,IAAI,CAAC,iBAAiB,CACpB,SAAS,CAAC,UAAU,EAAE,EACtB,YAAY,EACZ,SAAS,CAAC,0BAA0B,EAAE,EACtC,UAAU,CACX,CAAA;wBACH,CAAC;6BAAM,IAAI,SAAS,CAAC,uBAAuB,EAAE,EAAE,CAAC;4BAC/C,IAAI,CAAC,iBAAiB,CACpB,SAAS,CAAC,aAAa,EAAE,EACzB,eAAe,EACf,SAAS,CAAC,6BAA6B,EAAE,EACzC,UAAU,CACX,CAAA;wBACH,CAAC;wBAED,aAAa;wBACb,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,UAAU,CAAC,CAAA;oBAC5D,CAAC,CAAC,CAAA;oBAEF,IAAI,GAAG,KAAK,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBAClC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;oBAC5B,CAAC;yBAAM,CAAC;wBACN,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;oBAC7B,CAAC;oBACD,8FAA8F;gBAChG,CAAC,CAAC,CAAA;YACJ,CAAC,CAAC,CAAA;YACF,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;QACzB,CAAC,CAAC,CAAA;QACF,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;IACpB,CAAC;IAEO,cAAc,CACpB,OAAiB,EACjB,YAAsC,EACtC,EAAgB;QAEhB,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACpB,OAAM;QACR,CAAC;QAED,EAAE,CAAC,QAAQ,CAAC,GAAG,YAAY,KAAK,CAAC,CAAA;QACjC,EAAE,CAAC,UAAU,CAAC,CAAC,SAAS,EAAE,EAAE;YAC1B,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,CAAA;YACpC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE;gBAChC,IAAI,YAAY,GAAG,IAAI,MAAM,CAAC,KAAK,EAAE,GAAG,CAAA;gBACxC,IAAI,KAAK,GAAG,SAAS,EAAE,CAAC;oBACtB,YAAY,IAAI,GAAG,CAAA;gBACrB,CAAC;gBACD,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;YAClC,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QACF,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IACnB,CAAC;IAEO,gBAAgB,CACtB,SAAqB,EACrB,YAA0C,EAC1C,EAAgB;QAEhB,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;YACtB,OAAM;QACR,CAAC;QAED,EAAE,CAAC,QAAQ,CAAC,GAAG,YAAY,KAAK,CAAC,CAAA;QACjC,EAAE,CAAC,UAAU,CAAC,CAAC,SAAS,EAAE,EAAE;YAC1B,SAAS,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;gBACxB,SAAS,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;YACzC,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QACF,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IACnB,CAAC;IAED;;OAEG;IACK,iBAAiB,CACvB,UAAuB,EACvB,YAA4C,EAC5C,iBAA0B,EAC1B,EAAgB;QAEhB,IAAI,iBAAiB,EAAE,CAAC;YACtB,iDAAiD;YACjD,EAAE,CAAC,QAAQ,CAAC,GAAG,YAAY,8BAA8B,CAAC,CAAA;YAC1D,OAAM;QACR,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;YACvB,OAAM;QACR,CAAC;QAED,EAAE,CAAC,QAAQ,CAAC,GAAG,YAAY,KAAK,CAAC,CAAA;QACjC,EAAE,CAAC,UAAU,CAAC,CAAC,SAAS,EAAE,EAAE;YAC1B,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;gBACvB,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAA,CAAC,6CAA6C;gBACnE,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,EAAE,CAAA;gBAEvB,IAAI,aAAa,GAAG,EAAE,CAAA;gBACtB,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;oBACnB,qCAAqC;oBACrC,aAAa,GAAG,yBAAyB,KAAK,IAAI,CAAA;gBACpD,CAAC;qBAAM,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;oBAC9B,aAAa,GAAG,6BAA6B,KAAK,IAAI,CAAA;gBACxD,CAAC;qBAAM,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;oBAChC,6FAA6F;oBAC7F,aAAa,GAAG,+BAA+B,KAAK,IAAI,CAAA;gBAC1D,CAAC;qBAAM,IAAI,IAAI,KAAK,eAAe,EAAE,CAAC;oBACpC,aAAa,GAAG,mCAAmC,KAAK,IAAI,CAAA;gBAC9D,CAAC;qBAAM,CAAC;oBACN,gDAAgD;oBAChD,mFAAmF;oBACnF,aAAa,GAAG,yBAAyB,KAAK,IAAI,CAAA;gBACpD,CAAC;gBAED,SAAS,CAAC,QAAQ,CAAC,GAAG,aAAa,GAAG,CAAC,CAAA;YACzC,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QACF,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IACnB,CAAC;IAED;;;;;;;;;;OAUG;IACK,iBAAiB,CAAC,UAAuB,EAAE,EAAgB;QACjE,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;YACvB,OAAM;QACR,CAAC;QAED,0EAA0E;QAC1E,sFAAsF;QACtF,MAAM,YAAY,GAAsD,EAAE,CAAA;QAE1E,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,CAAA,CAAC,kDAAkD;YAC5F,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,EAAE,CAAA,CAAC,sBAAsB;YAC/D,MAAM,MAAM,GAAG,IAAI,CAAC,eAAe,EAAE,CAAA,CAAC,mBAAmB;YACzD,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAA;YAC7B,CAAC;YACD,oFAAoF;YACpF,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC1C,kEAAkE;gBAClE,YAAY,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAA;YACjF,CAAC;iBAAM,CAAC;gBACN,yEAAyE;gBACzE,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAA;gBACrD,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC5B,QAAQ,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAA;gBAC1B,CAAC;qBAAM,CAAC;oBACN,0CAA0C;oBAC1C,YAAY,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,MAAM,CAAC,CAAA;gBAC9D,CAAC;YACH,CAAC;QACH,CAAC;QAED,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAA;QAC5B,EAAE,CAAC,UAAU,CAAC,CAAC,UAAU,EAAE,EAAE;YAC3B,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE;gBACpD,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;gBAC/B,UAAU,CAAC,UAAU,CAAC,CAAC,QAAQ,EAAE,EAAE;oBACjC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE;wBAC1C,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;4BACvB,4CAA4C;4BAC5C,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;4BAC9B,QAAQ,CAAC,UAAU,CAAC,CAAC,SAAS,EAAE,EAAE;gCAChC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;oCAChB,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;gCAC/B,CAAC,CAAC,CAAA;4BACJ,CAAC,CAAC,CAAA;4BACF,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;wBACzB,CAAC;6BAAM,CAAC;4BACN,gBAAgB;4BAChB,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,CAAA;wBACxC,CAAC;oBACH,CAAC,CAAC,CAAA;gBACJ,CAAC,CAAC,CAAA;gBACF,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;YAC3B,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QACF,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IACnB,CAAC;CACF"}
|