@cloud-copilot/iam-expand 0.1.5 → 0.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +22 -8
- package/dist/cjs/cli.js +4 -1
- package/dist/cjs/cli.js.map +1 -1
- package/dist/cjs/expand_file.js +1 -1
- package/dist/cjs/expand_file.js.map +1 -1
- package/dist/esm/cli.js +5 -2
- package/dist/esm/cli.js.map +1 -1
- package/dist/esm/expand_file.js +1 -1
- package/dist/esm/expand_file.js.map +1 -1
- package/package.json +1 -1
- package/src/cli.ts +5 -2
- package/src/expand_file.test.ts +79 -0
- package/src/expand_file.ts +1 -1
package/README.md
CHANGED
|
@@ -13,6 +13,14 @@ Use this to:
|
|
|
13
13
|
npm install -g @cloud-copilot/iam-expand
|
|
14
14
|
```
|
|
15
15
|
|
|
16
|
+
### AWS CloudShell Installation
|
|
17
|
+
The AWS CloudShell automatically has node and npm installed, so you can install this and run it straight from the console. You'll need to use sudo to install it globally.
|
|
18
|
+
|
|
19
|
+
```bash
|
|
20
|
+
sudo npm install -g @cloud-copilot/iam-expand
|
|
21
|
+
```
|
|
22
|
+
|
|
23
|
+
## Typescript/NodeJS Usage
|
|
16
24
|
```typescript
|
|
17
25
|
import { expandIamActions } from '@cloud-copilot/iam-expand';
|
|
18
26
|
|
|
@@ -206,7 +214,14 @@ yarn global add @cloud-copilot/iam-data
|
|
|
206
214
|
yarn global add @cloud-copilot/iam-expand
|
|
207
215
|
```
|
|
208
216
|
|
|
209
|
-
###
|
|
217
|
+
### AWS CloudShell Installation
|
|
218
|
+
The AWS CloudShell automatically has node and npm installed, so you can install this and run it straight from the console. You'll need to use sudo to install it globally.
|
|
219
|
+
|
|
220
|
+
```bash
|
|
221
|
+
sudo npm install -g @cloud-copilot/iam-expand
|
|
222
|
+
```
|
|
223
|
+
|
|
224
|
+
### Run the script in a project that has the package installed
|
|
210
225
|
```bash
|
|
211
226
|
npx @cloud-copilot/iam-expand
|
|
212
227
|
```
|
|
@@ -234,8 +249,7 @@ iam-expand
|
|
|
234
249
|
If no actions are passed as arguments, the CLI will read from stdin.
|
|
235
250
|
|
|
236
251
|
#### Expanding JSON input
|
|
237
|
-
If the input is a valid json document, the CLI will find every instance of `Action` that is a string
|
|
238
|
-
or an array of strings and expand them. This is useful for finding all the actions in a policy document or set of documents.
|
|
252
|
+
If the input is a valid json document, the CLI will find every instance of `Action` and 'NotAcion' that is a string or an array of strings and expand them. This is useful for finding all the actions in a policy document or set of documents.
|
|
239
253
|
|
|
240
254
|
Given `policy.json`
|
|
241
255
|
```json
|
|
@@ -249,8 +263,8 @@ Given `policy.json`
|
|
|
249
263
|
"Resource": "*"
|
|
250
264
|
},
|
|
251
265
|
{
|
|
252
|
-
"Effect": "
|
|
253
|
-
"
|
|
266
|
+
"Effect": "Deny",
|
|
267
|
+
"NotAction": ["s3:Get*Tagging", "s3:Put*Tagging"],
|
|
254
268
|
"Resource": "*"
|
|
255
269
|
}
|
|
256
270
|
]
|
|
@@ -279,9 +293,9 @@ Gives this file in `expanded-policy.json`
|
|
|
279
293
|
"Resource": "*"
|
|
280
294
|
},
|
|
281
295
|
{
|
|
282
|
-
"Effect": "
|
|
296
|
+
"Effect": "Deny",
|
|
283
297
|
// Was ["s3:Get*Tagging", "s3:Put*Tagging"]
|
|
284
|
-
"
|
|
298
|
+
"NotAction": [
|
|
285
299
|
"s3:GetBucketTagging",
|
|
286
300
|
"s3:GetJobTagging",
|
|
287
301
|
"s3:GetObjectTagging",
|
|
@@ -303,7 +317,7 @@ You can also use this to expand the actions from the output of commands.
|
|
|
303
317
|
```bash
|
|
304
318
|
aws iam get-account-authorization-details --output json | iam-expand --expand-service-asterisk --read-wait-time=20_000 > expanded-inline-policies.json
|
|
305
319
|
# Now you can search the output for actions you are interested in
|
|
306
|
-
grep "kms:DisableKey" expanded-inline-policies.json
|
|
320
|
+
grep -n "kms:DisableKey" expanded-inline-policies.json
|
|
307
321
|
```
|
|
308
322
|
_--expand-service-asterisk makes sure kms:* is expaneded out so you can find the DisableKey action. --read-wait-time=20_000 gives the cli command more time to return it's first byte of output_
|
|
309
323
|
|
package/dist/cjs/cli.js
CHANGED
|
@@ -53,7 +53,10 @@ for (const arg of args) {
|
|
|
53
53
|
async function run() {
|
|
54
54
|
const options = (0, cli_utils_js_1.convertOptions)(optionStrings);
|
|
55
55
|
if (options.showDataVersion) {
|
|
56
|
-
|
|
56
|
+
const version = await (0, iam_data_1.iamDataVersion)();
|
|
57
|
+
const updatedAt = await (0, iam_data_1.iamDataUpdatedAt)();
|
|
58
|
+
console.log(`@cloud-copilot/iam-data version: ${version}`);
|
|
59
|
+
console.log(`Data last updated: ${updatedAt}`);
|
|
57
60
|
return;
|
|
58
61
|
}
|
|
59
62
|
if (actionStrings.length === 0) {
|
package/dist/cjs/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";;;AAEA,
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";;;AAEA,sDAA2E;AAC3E,iDAA4D;AAC5D,2CAAwE;AAExE,MAAM,WAAW,GAAG,YAAY,CAAA;AAEhC,KAAK,UAAU,cAAc,CAAC,aAAuB,EAAE,OAAyC;IAC9F,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,4BAAgB,EAAC,aAAa,EAAE,OAAO,CAAC,CAAA;QAC7D,KAAK,MAAM,MAAM,IAAI,MAAM,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACrB,CAAC;IACH,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA;QACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;AACH,CAAC;AAED,SAAS,UAAU;IACjB,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAA;IACzD,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;IACrB,OAAO,CAAC,GAAG,CAAC,KAAK,WAAW,oCAAoC,CAAC,CAAA;IACjE,OAAO,CAAC,GAAG,CAAC,2BAA2B,WAAW,YAAY,CAAC,CAAA;IAC/D,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAA;IACxC,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAA;IACrD,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAA;IACzC,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAA;IACtE,OAAO,CAAC,GAAG,CAAC,+EAA+E,CAAC,CAAA;IAC5F,OAAO,CAAC,GAAG,CAAC,wEAAwE,CAAC,CAAA;IACrF,OAAO,CAAC,GAAG,CAAC,+FAA+F,CAAC,CAAA;IAC5G,OAAO,CAAC,GAAG,CAAC,gFAAgF,CAAC,CAAA;IAC7F,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAA;IAC9E,OAAO,CAAC,GAAG,CAAC,mEAAmE,CAAC,CAAA;IAChF,OAAO,CAAC,GAAG,CAAC,yFAAyF,CAAC,CAAA;IACtG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAA;IACpC,OAAO,CAAC,GAAG,CAAC,sFAAsF,CAAC,CAAA;IACnG,OAAO,CAAC,GAAG,CAAC,mFAAmF,CAAC,CAAA;IAChG,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAA;IACnE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC;AAED,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,gCAAgC;AACpE,MAAM,aAAa,GAAa,EAAE,CAAA;AAClC,MAAM,aAAa,GAAa,EAAE,CAAA;AAElC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,IAAG,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzB,CAAC;SAAM,CAAC;QACN,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,OAAO,GAAG,IAAA,6BAAc,EAAC,aAAa,CAAC,CAAA;IAC7C,IAAG,OAAO,CAAC,eAAe,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,MAAM,IAAA,yBAAc,GAAE,CAAA;QACtC,MAAM,SAAS,GAAG,MAAM,IAAA,2BAAgB,GAAE,CAAA;QAC1C,OAAO,CAAC,GAAG,CAAC,oCAAoC,OAAO,EAAE,CAAC,CAAA;QAC1D,OAAO,CAAC,GAAG,CAAC,sBAAsB,SAAS,EAAE,CAAC,CAAA;QAC9C,OAAM;IACR,CAAC;IAED,IAAG,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,6CAA6C;QAC7C,MAAM,WAAW,GAAG,MAAM,IAAA,yBAAU,EAAC,OAAO,CAAC,CAAA;QAC7C,IAAG,WAAW,CAAC,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;YACxD,OAAM;QACR,CAAC;aAAM,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YAC/B,MAAM,YAAY,GAAG,WAAW,CAAC,OAAO,CAAA;YACxC,IAAG,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;gBACrD,OAAO,CAAC,IAAI,CAAC,+EAA+E,CAAC,CAAA;YAC/F,CAAC;YACD,aAAa,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAA;QACrC,CAAC;IACH,CAAC;IAED,IAAG,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,MAAM,cAAc,CAAC,aAAa,EAAE,OAAO,CAAC,CAAA;QAC5C,OAAM;IACR,CAAC;IAED,UAAU,EAAE,CAAA;AACd,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA"}
|
package/dist/cjs/expand_file.js
CHANGED
|
@@ -11,7 +11,7 @@ const expand_js_1 = require("./expand.js");
|
|
|
11
11
|
* @returns the expanded JSON document
|
|
12
12
|
*/
|
|
13
13
|
async function expandJsonDocument(options, document, key) {
|
|
14
|
-
if (key === 'Action') {
|
|
14
|
+
if (key === 'Action' || key === 'NotAction') {
|
|
15
15
|
if (typeof document === 'string') {
|
|
16
16
|
return await (0, expand_js_1.expandIamActions)(document, options);
|
|
17
17
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"expand_file.js","sourceRoot":"","sources":["../../src/expand_file.ts"],"names":[],"mappings":";;AAUA,gDA4BC;AAtCD,2CAAuE;AAEvE;;;;;;;GAOG;AACI,KAAK,UAAU,kBAAkB,CAAC,OAAyC,EAAE,QAAa,EAAE,GAAY;IAC7G,IAAG,GAAG,KAAK,QAAQ,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"expand_file.js","sourceRoot":"","sources":["../../src/expand_file.ts"],"names":[],"mappings":";;AAUA,gDA4BC;AAtCD,2CAAuE;AAEvE;;;;;;;GAOG;AACI,KAAK,UAAU,kBAAkB,CAAC,OAAyC,EAAE,QAAa,EAAE,GAAY;IAC7G,IAAG,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;QAC3C,IAAG,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAChC,OAAO,MAAM,IAAA,4BAAgB,EAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;QAClD,CAAC;QACD,IAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,QAAQ,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YACrF,MAAM,KAAK,GAAI,MAAM,IAAA,4BAAgB,EAAC,QAAQ,EAAE,EAAC,GAAG,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAC,CAAC,CAAA;YAC7E,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IAED,IAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3B,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;YAC7C,OAAO,kBAAkB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;QAC1C,CAAC,CAAC,CAAC,CAAA;IACL,CAAC;IAED,IAAG,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAChC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAClC,MAAM,SAAS,GAAQ,EAAE,CAAA;QACzB,KAAI,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACtB,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAA;YAC3B,SAAS,CAAC,GAAG,CAAC,GAAG,MAAM,kBAAkB,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,CAAA;QAChE,CAAC;QACD,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC"}
|
package/dist/esm/cli.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
import { iamDataVersion } from "@cloud-copilot/iam-data";
|
|
2
|
+
import { iamDataUpdatedAt, iamDataVersion } from "@cloud-copilot/iam-data";
|
|
3
3
|
import { convertOptions, parseStdIn } from "./cli_utils.js";
|
|
4
4
|
import { expandIamActions } from "./expand.js";
|
|
5
5
|
const commandName = 'iam-expand';
|
|
@@ -51,7 +51,10 @@ for (const arg of args) {
|
|
|
51
51
|
async function run() {
|
|
52
52
|
const options = convertOptions(optionStrings);
|
|
53
53
|
if (options.showDataVersion) {
|
|
54
|
-
|
|
54
|
+
const version = await iamDataVersion();
|
|
55
|
+
const updatedAt = await iamDataUpdatedAt();
|
|
56
|
+
console.log(`@cloud-copilot/iam-data version: ${version}`);
|
|
57
|
+
console.log(`Data last updated: ${updatedAt}`);
|
|
55
58
|
return;
|
|
56
59
|
}
|
|
57
60
|
if (actionStrings.length === 0) {
|
package/dist/esm/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAC3E,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAA2B,MAAM,aAAa,CAAC;AAExE,MAAM,WAAW,GAAG,YAAY,CAAA;AAEhC,KAAK,UAAU,cAAc,CAAC,aAAuB,EAAE,OAAyC;IAC9F,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAA;QAC7D,KAAK,MAAM,MAAM,IAAI,MAAM,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACrB,CAAC;IACH,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA;QACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;AACH,CAAC;AAED,SAAS,UAAU;IACjB,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAA;IACzD,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;IACrB,OAAO,CAAC,GAAG,CAAC,KAAK,WAAW,oCAAoC,CAAC,CAAA;IACjE,OAAO,CAAC,GAAG,CAAC,2BAA2B,WAAW,YAAY,CAAC,CAAA;IAC/D,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAA;IACxC,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAA;IACrD,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAA;IACzC,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAA;IACtE,OAAO,CAAC,GAAG,CAAC,+EAA+E,CAAC,CAAA;IAC5F,OAAO,CAAC,GAAG,CAAC,wEAAwE,CAAC,CAAA;IACrF,OAAO,CAAC,GAAG,CAAC,+FAA+F,CAAC,CAAA;IAC5G,OAAO,CAAC,GAAG,CAAC,gFAAgF,CAAC,CAAA;IAC7F,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAA;IAC9E,OAAO,CAAC,GAAG,CAAC,mEAAmE,CAAC,CAAA;IAChF,OAAO,CAAC,GAAG,CAAC,yFAAyF,CAAC,CAAA;IACtG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAA;IACpC,OAAO,CAAC,GAAG,CAAC,sFAAsF,CAAC,CAAA;IACnG,OAAO,CAAC,GAAG,CAAC,mFAAmF,CAAC,CAAA;IAChG,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAA;IACnE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC;AAED,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,gCAAgC;AACpE,MAAM,aAAa,GAAa,EAAE,CAAA;AAClC,MAAM,aAAa,GAAa,EAAE,CAAA;AAElC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,IAAG,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzB,CAAC;SAAM,CAAC;QACN,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,OAAO,GAAG,cAAc,CAAC,aAAa,CAAC,CAAA;IAC7C,IAAG,OAAO,CAAC,eAAe,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,MAAM,cAAc,EAAE,CAAA;QACtC,MAAM,SAAS,GAAG,MAAM,gBAAgB,EAAE,CAAA;QAC1C,OAAO,CAAC,GAAG,CAAC,oCAAoC,OAAO,EAAE,CAAC,CAAA;QAC1D,OAAO,CAAC,GAAG,CAAC,sBAAsB,SAAS,EAAE,CAAC,CAAA;QAC9C,OAAM;IACR,CAAC;IAED,IAAG,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,6CAA6C;QAC7C,MAAM,WAAW,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,CAAA;QAC7C,IAAG,WAAW,CAAC,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;YACxD,OAAM;QACR,CAAC;aAAM,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YAC/B,MAAM,YAAY,GAAG,WAAW,CAAC,OAAO,CAAA;YACxC,IAAG,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;gBACrD,OAAO,CAAC,IAAI,CAAC,+EAA+E,CAAC,CAAA;YAC/F,CAAC;YACD,aAAa,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAA;QACrC,CAAC;IACH,CAAC;IAED,IAAG,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,MAAM,cAAc,CAAC,aAAa,EAAE,OAAO,CAAC,CAAA;QAC5C,OAAM;IACR,CAAC;IAED,UAAU,EAAE,CAAA;AACd,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA"}
|
package/dist/esm/expand_file.js
CHANGED
|
@@ -8,7 +8,7 @@ import { expandIamActions } from "./expand.js";
|
|
|
8
8
|
* @returns the expanded JSON document
|
|
9
9
|
*/
|
|
10
10
|
export async function expandJsonDocument(options, document, key) {
|
|
11
|
-
if (key === 'Action') {
|
|
11
|
+
if (key === 'Action' || key === 'NotAction') {
|
|
12
12
|
if (typeof document === 'string') {
|
|
13
13
|
return await expandIamActions(document, options);
|
|
14
14
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"expand_file.js","sourceRoot":"","sources":["../../src/expand_file.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAA2B,MAAM,aAAa,CAAA;AAEvE;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,OAAyC,EAAE,QAAa,EAAE,GAAY;IAC7G,IAAG,GAAG,KAAK,QAAQ,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"expand_file.js","sourceRoot":"","sources":["../../src/expand_file.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAA2B,MAAM,aAAa,CAAA;AAEvE;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,OAAyC,EAAE,QAAa,EAAE,GAAY;IAC7G,IAAG,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;QAC3C,IAAG,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAChC,OAAO,MAAM,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;QAClD,CAAC;QACD,IAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,QAAQ,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YACrF,MAAM,KAAK,GAAI,MAAM,gBAAgB,CAAC,QAAQ,EAAE,EAAC,GAAG,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAC,CAAC,CAAA;YAC7E,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IAED,IAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3B,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;YAC7C,OAAO,kBAAkB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;QAC1C,CAAC,CAAC,CAAC,CAAA;IACL,CAAC;IAED,IAAG,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAChC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAClC,MAAM,SAAS,GAAQ,EAAE,CAAA;QACzB,KAAI,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACtB,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAA;YAC3B,SAAS,CAAC,GAAG,CAAC,GAAG,MAAM,kBAAkB,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,CAAA;QAChE,CAAC;QACD,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC"}
|
package/package.json
CHANGED
package/src/cli.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
2
|
|
|
3
|
-
import { iamDataVersion } from "@cloud-copilot/iam-data";
|
|
3
|
+
import { iamDataUpdatedAt, iamDataVersion } from "@cloud-copilot/iam-data";
|
|
4
4
|
import { convertOptions, parseStdIn } from "./cli_utils.js";
|
|
5
5
|
import { expandIamActions, ExpandIamActionsOptions } from "./expand.js";
|
|
6
6
|
|
|
@@ -56,7 +56,10 @@ for (const arg of args) {
|
|
|
56
56
|
async function run() {
|
|
57
57
|
const options = convertOptions(optionStrings)
|
|
58
58
|
if(options.showDataVersion) {
|
|
59
|
-
|
|
59
|
+
const version = await iamDataVersion()
|
|
60
|
+
const updatedAt = await iamDataUpdatedAt()
|
|
61
|
+
console.log(`@cloud-copilot/iam-data version: ${version}`)
|
|
62
|
+
console.log(`Data last updated: ${updatedAt}`)
|
|
60
63
|
return
|
|
61
64
|
}
|
|
62
65
|
|
package/src/expand_file.test.ts
CHANGED
|
@@ -103,5 +103,84 @@ describe('expand_file', () => {
|
|
|
103
103
|
// Then the document should be returned as is
|
|
104
104
|
expect(result).toEqual(document)
|
|
105
105
|
})
|
|
106
|
+
|
|
107
|
+
it('should expand a string NotAction', async () => {
|
|
108
|
+
// Given a document with an action
|
|
109
|
+
const document = {
|
|
110
|
+
a: {
|
|
111
|
+
b: {
|
|
112
|
+
"NotAction": "s3:Get*"
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
vi.mocked(expandIamActions).mockResolvedValue(["s3:GetObject", "s3:GetBucket"])
|
|
117
|
+
|
|
118
|
+
// When the document is expanded
|
|
119
|
+
const result = await expandJsonDocument({}, document)
|
|
120
|
+
|
|
121
|
+
// Then the action should be expanded
|
|
122
|
+
const expected = JSON.parse(JSON.stringify(document))
|
|
123
|
+
expected.a.b.NotAction = ["s3:GetObject", "s3:GetBucket"]
|
|
124
|
+
expect(result).toEqual(expected)
|
|
125
|
+
})
|
|
126
|
+
|
|
127
|
+
it('should expand an array of string NotActions', async () => {
|
|
128
|
+
// Given a document with an action
|
|
129
|
+
const document = {
|
|
130
|
+
a: {
|
|
131
|
+
b: {
|
|
132
|
+
"NotAction": ["s3:Get*", "s3:Put*"]
|
|
133
|
+
}
|
|
134
|
+
}
|
|
135
|
+
}
|
|
136
|
+
vi.mocked(expandIamActions).mockImplementation(async (actions, options) =>{
|
|
137
|
+
expect(options?.distinct).toBe(true)
|
|
138
|
+
return ["s3:GetObject", "s3:GetBucket", "s3:PutObject", "s3:PutBucket"]
|
|
139
|
+
})
|
|
140
|
+
|
|
141
|
+
// When the document is expanded
|
|
142
|
+
const result = await expandJsonDocument({}, document)
|
|
143
|
+
|
|
144
|
+
// Then the action should be expanded
|
|
145
|
+
const expected = JSON.parse(JSON.stringify(document))
|
|
146
|
+
expected.a.b.NotAction = ["s3:GetObject", "s3:GetBucket", "s3:PutObject", "s3:PutBucket"]
|
|
147
|
+
expect(result).toEqual(expected)
|
|
148
|
+
})
|
|
149
|
+
|
|
150
|
+
it('should not expand a NotAction if it is an object', async () => {
|
|
151
|
+
// Given a document with an action
|
|
152
|
+
const document = {
|
|
153
|
+
a: {
|
|
154
|
+
b: {
|
|
155
|
+
"NotAction": {
|
|
156
|
+
"key": "value"
|
|
157
|
+
}
|
|
158
|
+
}
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
|
|
162
|
+
// When the document is expanded
|
|
163
|
+
const result = await expandJsonDocument({}, document)
|
|
164
|
+
|
|
165
|
+
// Then the document should be returned as is
|
|
166
|
+
expect(result).toEqual(document)
|
|
167
|
+
})
|
|
168
|
+
|
|
169
|
+
it('should not expand a NotAction if it is an array of numbers', async () => {
|
|
170
|
+
// Given a document with an action
|
|
171
|
+
const document = {
|
|
172
|
+
a: {
|
|
173
|
+
b: {
|
|
174
|
+
"NotAction": [1, 2, 3]
|
|
175
|
+
}
|
|
176
|
+
}
|
|
177
|
+
}
|
|
178
|
+
|
|
179
|
+
// When the document is expanded
|
|
180
|
+
const result = await expandJsonDocument({}, document)
|
|
181
|
+
|
|
182
|
+
// Then the document should be returned as is
|
|
183
|
+
expect(result).toEqual(document)
|
|
184
|
+
})
|
|
106
185
|
})
|
|
107
186
|
})
|
package/src/expand_file.ts
CHANGED
|
@@ -9,7 +9,7 @@ import { expandIamActions, ExpandIamActionsOptions } from "./expand.js"
|
|
|
9
9
|
* @returns the expanded JSON document
|
|
10
10
|
*/
|
|
11
11
|
export async function expandJsonDocument(options: Partial<ExpandIamActionsOptions>, document: any, key?: string): Promise<any> {
|
|
12
|
-
if(key === 'Action') {
|
|
12
|
+
if(key === 'Action' || key === 'NotAction') {
|
|
13
13
|
if(typeof document === 'string') {
|
|
14
14
|
return await expandIamActions(document, options)
|
|
15
15
|
}
|