@cloud-copilot/iam-expand 0.1.3 → 0.1.5

package/src/expand.ts

@@ -16,14 +16,14 @@ export interface ExpandIamActionsOptions {
    * If false, a single `*` will be returned as is
    * Default: false
    */
-  expandAsterik: boolean
+  expandAsterisk: boolean
 
   /**
    * If true, `service:*` will be expanded to all actions for that service
    * If false, `service:*` will be returned as is
    * Default: false
    */
-  expandServiceAsterik: boolean
+  expandServiceAsterisk: boolean
 
   /**
    * If true, an error will be thrown if the action string is not in the correct format
@@ -66,8 +66,8 @@ export interface ExpandIamActionsOptions {
 }
 
 const defaultOptions: ExpandIamActionsOptions = {
-  expandAsterik: false,
-  expandServiceAsterik: false,
+  expandAsterisk: false,
+  expandServiceAsterisk: false,
   errorOnInvalidFormat: false,
   errorOnMissingService: false,
   invalidActionBehavior: InvalidActionBehavior.Remove,
@@ -75,7 +75,7 @@ const defaultOptions: ExpandIamActionsOptions = {
   sort: false
 }
 
-const allAsteriksPattern = /^\*+$/i
+const allAsterisksPattern = /^\*+$/i
 
 /**
  * Expands an IAM action string that contains wildcards.
@@ -88,7 +88,7 @@ const allAsteriksPattern = /^\*+$/i
  * @param overrideOptions Options to override the default behavior
  * @returns An array of expanded action strings flattend to a single array
  */
-export function expandIamActions(actionStringOrStrings: string | string[], overrideOptions?: Partial<ExpandIamActionsOptions>): string[] {
+export async function expandIamActions(actionStringOrStrings: string | string[], overrideOptions?: Partial<ExpandIamActionsOptions>): Promise<string[]> {
   const options = {...defaultOptions, ...overrideOptions}
 
   if(!actionStringOrStrings) {
@@ -97,7 +97,12 @@ export function expandIamActions(actionStringOrStrings: string | string[], overr
   }
 
   if(Array.isArray(actionStringOrStrings)) {
-    let allMatches = actionStringOrStrings.flatMap(actionString => expandIamActions(actionString, options))
+    const actionLists = await Promise.all(actionStringOrStrings.map(async (actionString) => {
+      return expandIamActions(actionString, options);
+    }))
+
+    let allMatches = actionLists.flat()
+
     if(options.distinct) {
       const aSet = new Set<string>()
       allMatches = allMatches.filter((value) => {
@@ -116,12 +121,16 @@ export function expandIamActions(actionStringOrStrings: string | string[], overr
 
   const actionString = actionStringOrStrings.trim()
 
-  if(actionString.match(allAsteriksPattern)) {
-    if(options.expandAsterik) {
+  if(actionString.match(allAsterisksPattern)) {
+    if(options.expandAsterisk) {
       //If that's really what you want...
-      return iamServiceKeys().flatMap(
-        service => iamActionsForService(service).map(action => `${service}:${action}`)
-      )
+      const allActions = []
+      const serviceKeys = await iamServiceKeys()
+      for await (const service of serviceKeys) {
+        const serviceActions = await iamActionsForService(service)
+        allActions.push(...serviceActions.map(action => `${service}:${action}`))
+      }
+      return allActions
     }
     return ['*']
   }
@@ -142,24 +151,26 @@ export function expandIamActions(actionStringOrStrings: string | string[], overr
   }
 
   const [service, wildcardActions] = parts.map(part => part.toLowerCase())
-  if(!iamServiceExists(service)) {
+  if(!await iamServiceExists(service)) {
     if(options.errorOnMissingService) {
       throw new Error(`Service not found: ${service}`)
     }
     return []
   }
 
-  if(wildcardActions.match(allAsteriksPattern)) {
-    if(options.expandServiceAsterik) {
-      return iamActionsForService(service).map(action => `${service}:${action}`)
+  if(wildcardActions.match(allAsterisksPattern)) {
+    if(options.expandServiceAsterisk) {
+      const actionsForService = await iamActionsForService(service)
+      return actionsForService.map(action => `${service}:${action}`)
     }
     return [`${service}:*`]
   }
 
   if(!actionString.includes('*')) {
-    const actionExists = iamActionExists(service, wildcardActions)
+    const actionExists = await iamActionExists(service, wildcardActions)
     if(actionExists) {
-      return [service + ":" + iamActionDetails(service, wildcardActions).name]
+      const details = await iamActionDetails(service, wildcardActions)
+      return [service + ":" + details.name]
     }
 
     if(options.invalidActionBehavior === InvalidActionBehavior.Remove) {
@@ -174,7 +185,7 @@ export function expandIamActions(actionStringOrStrings: string | string[], overr
     }
   }
 
-  const allActions = iamActionsForService(service)
+  const allActions = await iamActionsForService(service)
   const pattern = "^" + wildcardActions.replace(/\*/g, '.*?') + "$"
   const regex = new RegExp(pattern, 'i')
   const matchingActions = allActions.filter(action => regex.test(action)).map(action => `${service}:${action}`)

package/src/expand_file.test.ts

@@ -0,0 +1,107 @@
+import { beforeEach } from "node:test";
+import { describe, expect, it, vi } from "vitest";
+import { expandIamActions } from "./expand.js";
+import { expandJsonDocument } from "./expand_file.js";
+
+vi.mock('./expand.js')
+
+beforeEach(() => {
+  vi.resetAllMocks()
+})
+
+describe('expand_file', () => {
+  describe('expandJsonDocument', () => {
+    it('should return a document without actions as is', async () => {
+      // Given a document without actions
+      const document = {
+        "key": "value",
+        "key2": ["value1", "value2"]
+      }
+
+      // When the document is expanded
+      const result = await expandJsonDocument({}, document)
+
+      // Then the document should be returned as is
+      expect(result).toEqual(document)
+    })
+
+    it('should expand a string action', async () => {
+      // Given a document with an action
+      const document = {
+        a: {
+          b: {
+            "Action": "s3:Get*"
+          }
+        }
+      }
+      vi.mocked(expandIamActions).mockResolvedValue(["s3:GetObject", "s3:GetBucket"])
+
+      // When the document is expanded
+      const result = await expandJsonDocument({}, document)
+
+      // Then the action should be expanded
+      const expected = JSON.parse(JSON.stringify(document))
+      expected.a.b.Action = ["s3:GetObject", "s3:GetBucket"]
+      expect(result).toEqual(expected)
+    })
+
+    it('should expand an array of string actions', async () => {
+      // Given a document with an action
+      const document = {
+        a: {
+          b: {
+            "Action": ["s3:Get*", "s3:Put*"]
+          }
+        }
+      }
+      vi.mocked(expandIamActions).mockImplementation(async (actions, options) =>{
+        expect(options?.distinct).toBe(true)
+        return ["s3:GetObject", "s3:GetBucket", "s3:PutObject", "s3:PutBucket"]
+      })
+
+      // When the document is expanded
+      const result = await expandJsonDocument({}, document)
+
+      // Then the action should be expanded
+      const expected = JSON.parse(JSON.stringify(document))
+      expected.a.b.Action = ["s3:GetObject", "s3:GetBucket", "s3:PutObject", "s3:PutBucket"]
+      expect(result).toEqual(expected)
+    })
+
+    it('should not expand an Action if it is an object', async () => {
+      // Given a document with an action
+      const document = {
+        a: {
+          b: {
+            "Action": {
+              "key": "value"
+            }
+          }
+        }
+      }
+
+      // When the document is expanded
+      const result = await expandJsonDocument({}, document)
+
+      // Then the document should be returned as is
+      expect(result).toEqual(document)
+    })
+
+    it('should not expand an Action if it is an array of numbers', async () => {
+      // Given a document with an action
+      const document = {
+        a: {
+          b: {
+            "Action": [1, 2, 3]
+          }
+        }
+      }
+
+      // When the document is expanded
+      const result = await expandJsonDocument({}, document)
+
+      // Then the document should be returned as is
+      expect(result).toEqual(document)
+    })
+  })
+})

package/src/expand_file.ts

@@ -0,0 +1,39 @@
+import { expandIamActions, ExpandIamActionsOptions } from "./expand.js"
+
+/**
+ * Takes any JSON document and expands any Action found in the document
+ *
+ * @param options the options to use when expanding the actions
+ * @param document the JSON document to expand
+ * @param key the key of the current node in the document
+ * @returns the expanded JSON document
+ */
+export async function expandJsonDocument(options: Partial<ExpandIamActionsOptions>, document: any, key?: string): Promise<any> {
+  if(key === 'Action') {
+    if(typeof document === 'string') {
+      return await expandIamActions(document, options)
+    }
+    if(Array.isArray(document) && document.length > 0 && typeof document[0] === 'string') {
+      const value =  await expandIamActions(document, {...options, distinct: true})
+      return value
+    }
+  }
+
+  if(Array.isArray(document)) {
+    return Promise.all(document.map(async (item) => {
+      return expandJsonDocument(options, item)
+    }))
+  }
+
+  if(typeof document === 'object') {
+    const keys = Object.keys(document)
+    const newObject: any = {}
+    for(const key of keys) {
+      const value = document[key]
+      newObject[key] = await expandJsonDocument(options, value, key)
+    }
+    return newObject
+  }
+
+  return document
+}