@cloud-copilot/iam-expand 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +15 -6
- package/package.json +9 -2
- package/src/cli_utils.test.ts +1 -0
- package/src/cli_utils.ts +1 -1
- package/src/expand.test.ts +4 -4
- package/src/expand.ts +3 -2
package/README.md
CHANGED
|
@@ -8,6 +8,11 @@ Use this to:
|
|
|
8
8
|
2) Get an exhaustive list of actions that are included in a policy and quickly search it for interesting actions.
|
|
9
9
|
3) Investigate where dangerous or dubious actions are being used in your policies.
|
|
10
10
|
|
|
11
|
+
## Installation
|
|
12
|
+
```bash
|
|
13
|
+
npm install -g @cloud-copilot/iam-expand
|
|
14
|
+
```
|
|
15
|
+
|
|
11
16
|
```typescript
|
|
12
17
|
import { expandIamActions } from '@cloud-copilot/iam-expand';
|
|
13
18
|
|
|
@@ -36,13 +41,13 @@ expandIamActions(['s3:Get*Tagging', 's3:Put*Tagging'])
|
|
|
36
41
|
```
|
|
37
42
|
|
|
38
43
|
## API
|
|
39
|
-
`expandIamActions` is the main function that will expand the actions of the IAM policy. Takes a string or array of strings and returns an array of strings that the input matches.
|
|
44
|
+
`expandIamActions(actionStringOrStrings: string | string[], overrideOptions?: Partial<ExpandIamActionsOptions>)` is the main function that will expand the actions of the IAM policy. Takes a string or array of strings and returns an array of strings that the input matches.
|
|
40
45
|
|
|
41
46
|
## Only Valid Values
|
|
42
47
|
`expandIamActions` intends to only return valid actual actions, if any invalid values are passed in such as an invalid format or a service/action that does not exist, they will be left out of the output. There are options to override this behavior.
|
|
43
48
|
|
|
44
49
|
## Options
|
|
45
|
-
`expandIamActions`
|
|
50
|
+
`expandIamActions` an optional second argument that is an object with the following options:
|
|
46
51
|
|
|
47
52
|
### `expandAsterik`
|
|
48
53
|
By default, a single `*` not be expanded. We assume that if you want a list of all IAM actions there are other sources you will check, such as [@cloud-copilot/iam-data](https://github.com/cloud-copilot/iam-data). If you want to expand a single `*` you can set this option to `true`.
|
|
@@ -189,18 +194,22 @@ expandIamActions('r2:Get*Tagging', { errorOnMissingService: true })
|
|
|
189
194
|
```
|
|
190
195
|
|
|
191
196
|
## CLI
|
|
192
|
-
There is a CLI
|
|
197
|
+
There is a CLI!
|
|
193
198
|
|
|
194
|
-
### Install
|
|
199
|
+
### Install Globally
|
|
195
200
|
```bash
|
|
196
201
|
npm install -g @cloud-copilot/iam-expand
|
|
197
202
|
```
|
|
198
|
-
|
|
203
|
+
yarn (yarn does not automatically add peer dependencies, so need to add the data package explicitly)
|
|
199
204
|
```
|
|
205
|
+
yarn global add @cloud-copilot/iam-data
|
|
200
206
|
yarn global add @cloud-copilot/iam-expand
|
|
201
207
|
```
|
|
202
208
|
|
|
203
|
-
|
|
209
|
+
### Run the sciprt in a project that has the package installed
|
|
210
|
+
```bash
|
|
211
|
+
npx @cloud-copilot/iam-expand
|
|
212
|
+
```
|
|
204
213
|
|
|
205
214
|
### Simple Usage
|
|
206
215
|
The simplest usage is to pass in the actions you want to expand.
|
package/package.json
CHANGED
|
@@ -1,8 +1,11 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cloud-copilot/iam-expand",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.1",
|
|
4
4
|
"description": "Expand AWS IAM Actions with Wildcards",
|
|
5
|
-
"repository":
|
|
5
|
+
"repository": {
|
|
6
|
+
"type": "git",
|
|
7
|
+
"url": "git+https://github.com/cloud-copilot/iam-expand.git"
|
|
8
|
+
},
|
|
6
9
|
"exports": {
|
|
7
10
|
".": {
|
|
8
11
|
"import": "./dist/esm/index.js",
|
|
@@ -22,6 +25,10 @@
|
|
|
22
25
|
],
|
|
23
26
|
"author": "David Kerber <dave@cloudcopilot.io>",
|
|
24
27
|
"license": "GPL-3.0-or-later",
|
|
28
|
+
"bugs": {
|
|
29
|
+
"url": "https://github.com/cloud-copilot/iam-expand/issues"
|
|
30
|
+
},
|
|
31
|
+
"homepage": "https://github.com/cloud-copilot/iam-expand#readme",
|
|
25
32
|
"devDependencies": {
|
|
26
33
|
"@types/node": "^22.5.0",
|
|
27
34
|
"typescript": "^5.5.4",
|
package/src/cli_utils.test.ts
CHANGED
|
@@ -14,6 +14,7 @@ const extractScenarios = [
|
|
|
14
14
|
{input: ' "s3:Get*", "s3:Put*"', expected: ['s3:Get*', 's3:Put*']},
|
|
15
15
|
{input: ' `s3:Get*`, `s3:Put*`', expected: ['s3:Get*', 's3:Put*']},
|
|
16
16
|
{input: ` 's3:Get*', 's3:Put*'`, expected: ['s3:Get*', 's3:Put*']},
|
|
17
|
+
{input: ` 'resource-Groups:Get*'`, expected: ['resource-Groups:Get*']},
|
|
17
18
|
{input: `s3:Get*, s3:Put*`, expected: ['s3:Get*', 's3:Put*']},
|
|
18
19
|
{input: "s3:Put*", expected: ['s3:Put*']},
|
|
19
20
|
{input: ":s3:Put*", expected: []},
|
package/src/cli_utils.ts
CHANGED
|
@@ -50,7 +50,7 @@ export function convertOptions(optionArgs: string[]): Partial<CliOptions> {
|
|
|
50
50
|
return options
|
|
51
51
|
}
|
|
52
52
|
|
|
53
|
-
const actionPattern = /\:?([a-zA-Z0-9]+:[a-zA-Z0-9*]+)/g;
|
|
53
|
+
const actionPattern = /\:?([a-zA-Z0-9-]+:[a-zA-Z0-9*]+)/g;
|
|
54
54
|
export function extractActionsFromLineOfInput(line: string): string[] {
|
|
55
55
|
const matches = line.matchAll(actionPattern)
|
|
56
56
|
|
package/src/expand.test.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { iamActionExists, iamActionsForService, iamServiceExists, iamServiceKeys } from '@cloud-copilot/iam-data'
|
|
1
|
+
import { iamActionDetails, iamActionExists, iamActionsForService, iamServiceExists, iamServiceKeys } from '@cloud-copilot/iam-data'
|
|
2
2
|
import { beforeEach, describe, expect, it, vi } from 'vitest'
|
|
3
3
|
import { expandIamActions, InvalidActionBehavior } from "./expand.js"
|
|
4
4
|
|
|
@@ -92,17 +92,18 @@ describe("expand", () => {
|
|
|
92
92
|
describe("invalid action name", () => {
|
|
93
93
|
it('should return an action without wildcards if it is a valid action', () => {
|
|
94
94
|
//Given actionString contains a valid action
|
|
95
|
-
const actionString = 's3:
|
|
95
|
+
const actionString = 's3:getobject'
|
|
96
96
|
//And s3 the service exists
|
|
97
97
|
vi.mocked(iamServiceExists).mockReturnValue(true)
|
|
98
98
|
//And the action does not
|
|
99
99
|
vi.mocked(iamActionExists).mockReturnValue(true)
|
|
100
|
+
vi.mocked(iamActionDetails).mockReturnValue({name: 'GetObject'} as any)
|
|
100
101
|
|
|
101
102
|
//When expand is called with actionString
|
|
102
103
|
const result = expandIamActions(actionString)
|
|
103
104
|
|
|
104
105
|
//Then result should be an array with the actionString
|
|
105
|
-
expect(result).toEqual([
|
|
106
|
+
expect(result).toEqual(['s3:GetObject'])
|
|
106
107
|
})
|
|
107
108
|
|
|
108
109
|
it("should remove an invalid action if invalidActionBehavior is Remove", () => {
|
|
@@ -519,5 +520,4 @@ describe("expand", () => {
|
|
|
519
520
|
})
|
|
520
521
|
})
|
|
521
522
|
|
|
522
|
-
|
|
523
523
|
})
|
package/src/expand.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { iamActionExists, iamActionsForService, iamServiceExists, iamServiceKeys } from '@cloud-copilot/iam-data'
|
|
1
|
+
import { iamActionDetails, iamActionExists, iamActionsForService, iamServiceExists, iamServiceKeys } from '@cloud-copilot/iam-data'
|
|
2
2
|
|
|
3
3
|
export enum InvalidActionBehavior {
|
|
4
4
|
Remove = "Remove",
|
|
@@ -159,8 +159,9 @@ export function expandIamActions(actionStringOrStrings: string | string[], overr
|
|
|
159
159
|
if(!actionString.includes('*')) {
|
|
160
160
|
const actionExists = iamActionExists(service, wildcardActions)
|
|
161
161
|
if(actionExists) {
|
|
162
|
-
return [
|
|
162
|
+
return [service + ":" + iamActionDetails(service, wildcardActions).name]
|
|
163
163
|
}
|
|
164
|
+
|
|
164
165
|
if(options.invalidActionBehavior === InvalidActionBehavior.Remove) {
|
|
165
166
|
return []
|
|
166
167
|
} else if(options.invalidActionBehavior === InvalidActionBehavior.Include) {
|