npm - @cloud-copilot/iam-expand - Versions diffs - 0.1.6 → 0.1.8 - Mend

@cloud-copilot/iam-expand 0.1.6 → 0.1.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/README.md +254 -203
package/dist/cjs/cli.js +8 -7
package/dist/cjs/cli.js.map +1 -1
package/dist/cjs/expand.d.ts +1 -13
package/dist/cjs/expand.d.ts.map +1 -1
package/dist/cjs/expand.js +5 -21
package/dist/cjs/expand.js.map +1 -1
package/dist/cjs/expand_file.js +1 -1
package/dist/cjs/expand_file.js.map +1 -1
package/dist/esm/cli.js +8 -7
package/dist/esm/cli.js.map +1 -1
package/dist/esm/expand.d.ts +1 -13
package/dist/esm/expand.d.ts.map +1 -1
package/dist/esm/expand.js +5 -21
package/dist/esm/expand.js.map +1 -1
package/dist/esm/expand_file.js +1 -1
package/dist/esm/expand_file.js.map +1 -1
package/examples/README.md +3 -0
package/examples/download-and-expand-authorization-details.sh +8 -0
package/examples/download-and-expand-policies.sh +22 -0
package/package.json +1 -1
package/src/cli.ts +9 -7
package/src/expand.test.ts +39 -79
package/src/expand.ts +7 -38
package/src/expand_file.test.ts +0 -2
package/src/expand_file.ts +1 -1

package/README.md CHANGED Viewed

@@ -1,255 +1,172 @@
 # Expand IAM Actions
-This will expand the actions of the IAM policy to show the individual actions. Useful for when you want to see the individual actions that are included in a wildcard action or are not allowed to use wildcards for security or compliance reasons.
-Published in ESM and CommonJS and available as a [CLI](#cli).
+Built in the Unix philosophy, this is a small tool that does one thing well: expand IAM actions with wildcards to their list of matching actions.
 Use this to:
-1) Expand out wildcards in actions when you are not allowed to use wildcards in your IAM policy.
-2) Get an exhaustive list of actions that are included in a policy and quickly search it for interesting actions.
-3) Investigate where dangerous or dubious actions are being used in your policies.
+1) Expand wildcards when you are not allowed to use them in your policies.
+2) Get an exhaustive list of actions that are included in a policy to quickly search it for interesting actions.
+3) Investigate where interesting or dubious actions are being used in your policies.
+Published as an [npm package](#typescriptnodejs-usage) in ESM and CommonJS plus available as a [CLI](#cli).
+All information is sourced from [@cloud-copilot/iam-data](https://github.com/cloud-copilot/iam-data) which is updated daily.
+## Only Valid Values
+`iam-expand` intends to only return valid, actual actions, if any invalid values are passed in such as an invalid format or a service/action that does not exist, they will be left out of the output. There are options to override this behavior.
-## Installation
+## CLI
+There is a CLI! The [examples folder](examples/README.md) has examples showing how to use the CLI to find interesting actions in your IAM policies.
+### Global CLI Installation
+You can install it globally. This also works in the default AWS CloudShell!
 ```bash
 npm install -g @cloud-copilot/iam-expand
 ```
+*Depending on your configuration sudo may be required to install globally.*
-### AWS CloudShell Installation
-The AWS CloudShell automatically has node and npm installed, so you can install this and run it straight from the console. You'll need to use sudo to install it globally.
+### Install CLI In a Project
+You can also install the CLI in a project and run it with `npx`.
 ```bash
-sudo npm install -g @cloud-copilot/iam-expand
+npm install @cloud-copilot/iam-expand
+# Run with npx inside your project
+npx @cloud-copilot/iam-expand
 ```
-## Typescript/NodeJS Usage
-```typescript
-import { expandIamActions } from '@cloud-copilot/iam-expand';
-expandIamActions('s3:Get*Tagging')
-[
-  's3:GetBucketTagging',
-  's3:GetJobTagging',
-  's3:GetObjectTagging',
-  's3:GetObjectVersionTagging',
-  's3:GetStorageLensConfigurationTagging'
-]
-expandIamActions(['s3:Get*Tagging', 's3:Put*Tagging'])
-[
-  's3:GetBucketTagging',
-  's3:GetJobTagging',
-  's3:GetObjectTagging',
-  's3:GetObjectVersionTagging',
-  's3:GetStorageLensConfigurationTagging',
-  's3:PutBucketTagging',
-  's3:PutJobTagging',
-  's3:PutObjectTagging',
-  's3:PutObjectVersionTagging',
-  's3:PutStorageLensConfigurationTagging'
-]
+### Expand Actions
+The simplest usage is to pass in the actions you want to expand.
+```bash
+iam-expand s3:Get*Tagging
+# Outputs all Get*Tagging actions
+s3:GetBucketTagging
+s3:GetJobTagging
+s3:GetObjectTagging
+s3:GetObjectVersionTagging
+s3:GetStorageLensConfigurationTaggin
 ```
-## API
-`expandIamActions(actionStringOrStrings: string | string[], overrideOptions?: Partial<ExpandIamActionsOptions>)` is the main function that will expand the actions of the IAM policy. Takes a string or array of strings and returns an array of strings that the input matches.
-## Only Valid Values
-`expandIamActions` intends to only return valid actual actions, if any invalid values are passed in such as an invalid format or a service/action that does not exist, they will be left out of the output. There are options to override this behavior.
-## Options
-`expandIamActions` an optional second argument that is an object with the following options:
-### `expandAsterisk`
-By default, a single `*` not be expanded. We assume that if you want a list of all IAM actions there are other sources you will check, such as [@cloud-copilot/iam-data](https://github.com/cloud-copilot/iam-data). If you want to expand a single `*` you can set this option to `true`.
-```typescript
-import { expandIamActions } from '@cloud-copilot/iam-expand';
-//Returns the unexpanded value
-expandIamActions('*')
-['*']
-//Returns the expanded value
-expandIamActions('*', { expandAsterisk: true })
-[
-  //Many many strings. 🫢
-]
+```bash
+iam-expand s3:Get*Tagging s3:Put*Tagging
+# Outputs the combination of Get*Tagging and Put*Tagging actions deduplicated and sorted
+s3:GetBucketTagging
+s3:GetJobTagging
+s3:GetObjectTagging
+s3:GetObjectVersionTagging
+s3:GetStorageLensConfigurationTagging
+s3:PutBucketTagging
+s3:PutJobTagging
+s3:PutObjectTagging
+s3:PutObjectVersionTagging
+s3:PutStorageLensConfigurationTaggin
 ```
-### `expandServiceAsterisk`
-By default, a service name followed by a `*` (such as `s3:*` or `lambda:*`) will not be expanded. If you want to expand these you can set this option to `true`.
-```typescript
-import { expandIamActions } from '@cloud-copilot/iam-expand';
-//Returns the unexpanded value
-expandIamActions('s3:*')
-['s3:*']
-//Returns the expanded value
-expandIamActions('s3:*', { expandServiceAsterisk: true })
-[
-  //All the s3 actions. 🫢
-]
+### Help
+Run the command with no options to show usage:
+```bash
+iam-expand
 ```
-### `distinct`
-If you include multiple patterns that have overlapping matching actions, the same action will be included multiple times in the output. If you want to remove duplicates you can set this option to `true`.
-```typescript
-import { expandIamActions } from '@cloud-copilot/iam-expand';
+### Options
-//Returns duplication values (s3:GetObjectTagging)
-expandIamActions(['s3:GetObject*','s3:Get*Tagging'])
-[
-  's3:GetObject',
-  's3:GetObjectAcl',
-  's3:GetObjectAttributes',
-  's3:GetObjectLegalHold',
-  's3:GetObjectRetention',
-  's3:GetObjectTagging',
-  ...
-  's3:GetObjectTagging',
-  's3:GetObjectVersionTagging',
-  's3:GetStorageLensConfigurationTagging'
-]
+#### `--expand-asterisk`
+By default, a single `*` will not be expanded. If you want to expand a single `*` you can set this flag.
+```bash
+iam-expand "*"
+# Returns the asterisk
+*
-//Duplicates removed and order maintained
-expandIamActions(['s3:GetObject*','s3:Get*Tagging'],{distinct:true})
-[
-  's3:GetObject',
-  's3:GetObjectAcl',
-  's3:GetObjectAttributes',
-  's3:GetObjectLegalHold',
-  's3:GetObjectRetention',
-  's3:GetObjectTagging',
-  's3:GetObjectTorrent',
-  's3:GetObjectVersion',
-  's3:GetObjectVersionAcl',
-  's3:GetObjectVersionAttributes',
-  's3:GetObjectVersionForReplication',
-  's3:GetObjectVersionTagging',
-  's3:GetObjectVersionTorrent',
-  's3:GetBucketTagging',
-  's3:GetJobTagging',
-  's3:GetStorageLensConfigurationTagging'
-]
+iam-expand --expand-asterisk "*"
+# Returns very many strings, very very fast. 📚 🚀
 ```
-### `sort`
-By default, the output will be sorted based on the order of the input. If you want the output to be sorted alphabetically you can set this option to `true`.
-```typescript
-import { expandIamActions } from '@cloud-copilot/iam-expand';
-//By default the output is sorted based on the order of the input
-expandIamActions(['s3:Get*Tagging','ec2:*Tags'])
-[
-  's3:GetBucketTagging',
-  's3:GetJobTagging',
-  's3:GetObjectTagging',
-  's3:GetObjectVersionTagging',
-  's3:GetStorageLensConfigurationTagging',
-  'ec2:CreateTags',
-  'ec2:DeleteTags',
-  'ec2:DescribeTags'
-]
-//Output is sorted alphabetically
-expandIamActions(['s3:Get*Tagging','ec2:*Tags'], {sort: true})
-[
-  'ec2:CreateTags',
-  'ec2:DeleteTags',
-  'ec2:DescribeTags',
-  's3:GetBucketTagging',
-  's3:GetJobTagging',
-  's3:GetObjectTagging',
-  's3:GetObjectVersionTagging',
-  's3:GetStorageLensConfigurationTagging'
-]
+#### `--expand-service-asterisk`
+By default, a service name followed by a `*` (such as `s3:*` or `lambda:*`) will not be expanded. If you want to expand these you can set this flag.
+```bash
+iam-expand "s3:*"
+# Returns the service:* action
+s3:*
+iam-expand --expand-service-asterisk "s3:*"
+# Returns all the s3 actions in order. 🪣
+s3:AbortMultipartUpload
+s3:AssociateAccessGrantsIdentityCenter
+s3:BypassGovernanceRetention
+...
 ```
-### `errorOnInvalidFormat`
+#### `--error-on-invalid-format`
 By default, if an invalid format is passed in, such as:
 *  `s3Get*Tagging` (missing a separator) or
 *  `s3:Get:Tagging*` (too many separators)
-it will be silenty ignored and left out of the output. If you want to throw an error when an invalid format is passed in you can set this option to `true`.
-```typescript
-import { expandIamActions } from '@cloud-copilot/iam-expand';
+it will be silenty ignored and left out of the output. If you want to throw an error when an invalid format is passed in you can set this flag.
-//Ignore invalid format
-expandIamActions('s3Get*Tagging')
-[]
+```bash
+iam-expand "s3Get*Tagging"
+# Returns nothing
-//Throw an error on invalid format
-expandIamActions('s3Get*Tagging', { errorOnInvalidFormat: true })
-//Uncaught Error: Invalid action format: s3Get*Tagging
+iam-expand --error-on-invalid-format "s3Get*Tagging"
+# Throws an error and returns a non zero exit code
+# Error: Invalid action format: s3Get*Tagging
 ```
-### `errorOnMissingService`
-By default, if a service is passed in that does not exist in the IAM data, it will be silently ignored and left out of the output. If you want to throw an error when a service is passed in that does not exist you can set this option to `true`.
-```typescript
-import { expandIamActions } from '@cloud-copilot/iam-expand';
+#### `--error-on-invalid-service`
+By default, if a service is passed in that does not exist in the IAM data, it will be silently ignored and left out of the output. If you want to throw an error when a service is passed in that does not exist you can set this flag.
-//Ignore missing service
-expandIamActions('r2:Get*Tagging')
-[]
+```bash
+iam-expand "r2:Get*Tagging"
+# Returns nothing
-//Throw an error on missing service
-expandIamActions('r2:Get*Tagging', { errorOnMissingService: true })
-//Uncaught Error: Service not found: r2
+iam-expand --error-on-invalid-service "r2:Get*Tagging"
+# Throws an error and returns a non zero exit code
+# Error: Service not found: r2
 ```
-## CLI
-There is a CLI!
+#### `--invalid-action-behavior`
+By default, if an action is passed in that does not exist in the IAM data, it will be silently ignored and left out of the output. There are two options to override this behavior: `error` and `include`.
-### Install Globally
 ```bash
-npm install -g @cloud-copilot/iam-expand
-```
-yarn (yarn does not automatically add peer dependencies, so need to add the data package explicitly)
-```
-yarn global add @cloud-copilot/iam-data
-yarn global add @cloud-copilot/iam-expand
-```
+iam-expand "ec2:DestroyAvailabilityZone"
+# Returns nothing
-### AWS CloudShell Installation
-The AWS CloudShell automatically has node and npm installed, so you can install this and run it straight from the console. You'll need to use sudo to install it globally.
+iam-expand --invalid-action-behavior=remove "ec2:DestroyAvailabilityZone"
+# Returns nothing
-```bash
-sudo npm install -g @cloud-copilot/iam-expand
-```
+iam-expand --invalid-action-behavior=error "ec2:DestroyAvailabilityZone"
+# Throws an error and returns a non zero exit code
+# Error: Invalid action: ec2:DestroyAvailabilityZone
-### Run the script in a project that has the package installed
-```bash
-npx @cloud-copilot/iam-expand
+iam-expand --invalid-action-behavior=include "ec2:DestroyAvailabilityZone"
+# Returns the invalid action
+ec2:DestroyAvailabilityZone
 ```
-### Simple Usage
-The simplest usage is to pass in the actions you want to expand.
+#### `--show-data-version`
+Show the version of the data that is being used to expand the actions and exit.
 ```bash
-iam-expand s3:Get* s3:*Tag*
+iam-expand --show-data-version
+@cloud-copilot/iam-data version: 0.3.202409051
+Data last updated: Thu Sep 05 2024 04:46:39 GMT+0000 (Coordinated Universal Time)
+Update with either:
+  npm update @cloud-copilot/iam-data
+  npm update -g @cloud-copilot/iam-data
 ```
-You can pass in all options available through the api as dash separated flags.
+#### `--read-wait-time`
+When reading from stdin (see [below](#read-from-stdin)) the CLI will wait 10 seconds for the first byte to be read before timing out. This is enough time for most operations. If you want to wait longer you can set this flag to the number of milliseconds you want to wait.
-_Prints all matching actions for s3:Get*Tagging, s3:*Tag*, and ec2:* in alphabetical order with duplicates removed:_
 ```bash
-iam-expand s3:Get*Tagging s3:*Tag* ec2:* --expand-service-asterisk --distinct --sort
-```
+cat policy.json | iam-expand
+# Will wait for 10 seconds for input, which is plenty of time for a local file.
-### Help
-Running the command with no options shows usage help;
-```bash
-iam-expand
+curl "https://governmentsecrets.s3.amazonaws.com/bigfile.json" | iam-expand --read-wait-time=20_000
+# Will wait for 20 seconds for the first byte from curl before timing out. Adjust as needed
 ```
 ### Read from stdin
 If no actions are passed as arguments, the CLI will read from stdin.
 #### Expanding JSON input
-If the input is a valid json document, the CLI will find every instance of `Action` and 'NotAcion' that is a string or an array of strings and expand them. This is useful for finding all the actions in a policy document or set of documents.
+If the input is a valid json document, the CLI will find every instance of `Action` and `NotAction` that is a string or an array of strings and expand them. This is useful for finding all the actions in a policy document or set of documents.
 Given `policy.json`
 ```json
@@ -315,16 +232,15 @@ Gives this file in `expanded-policy.json`
 You can also use this to expand the actions from the output of commands.
 ```bash
-aws iam get-account-authorization-details --output json | iam-expand --expand-service-asterisk --read-wait-time=20_000 > expanded-inline-policies.json
+aws iam get-account-authorization-details --output json | iam-expand --expand-service-asterisk --read-wait-time=20_000 > expanded-authorization-details.json
 # Now you can search the output for actions you are interested in
 grep -n "kms:DisableKey" expanded-inline-policies.json
 ```
-_--expand-service-asterisk makes sure kms:* is expaneded out so you can find the DisableKey action. --read-wait-time=20_000 gives the cli command more time to return it's first byte of output_
 #### Expanding arbitrary input
-If the input from stdin is not json, the content is searched for actions that are then expanded. This is really meant to be abused. It essentialy greps the content for anything resembling and action and expands it. Throw anything at it and it will find all the actions it can and expand them.
+If the input from stdin is not json, the content is searched for IAM actions then expands them. Throw anything at it and it will find all the actions it can and expand them.
-You can echo some content:
+You can echo content:
 ```bash
 echo "s3:Get*Tagging" | iam-expand
 ```
@@ -346,7 +262,7 @@ cat template.yaml | iam-expand
 Or even some HTML:
 ```bash
-curl "https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SecurityAudit.html" | iam-expand
+curl "https://docs.aws.amazon.com/aws-managed-policy/latest/reference/ReadOnlyAccess.html" | iam-expand
 ```
 Or the output of any command.
@@ -354,3 +270,138 @@ Or the output of any command.
 Because of the likelyhood of finding an aseterik `*` in the input; if the value to stdin is not a valid json document the stdin option will not find or expand a single `*` even if `--expand-asterisk` is passed.
 Please give this anything you can think of and open an issue if you see an opportunity for improvement.
+## Typescript/NodeJS Usage
+## Add to a project
+```bash
+npm install @cloud-copilot/iam-expand
+```
+```typescript
+import { expandIamActions } from '@cloud-copilot/iam-expand';
+expandIamActions('s3:Get*Tagging')
+[
+  's3:GetBucketTagging',
+  's3:GetJobTagging',
+  's3:GetObjectTagging',
+  's3:GetObjectVersionTagging',
+  's3:GetStorageLensConfigurationTagging'
+]
+expandIamActions(['s3:Get*Tagging', 's3:Put*Tagging'])
+[
+  's3:GetBucketTagging',
+  's3:GetJobTagging',
+  's3:GetObjectTagging',
+  's3:GetObjectVersionTagging',
+  's3:GetStorageLensConfigurationTagging',
+  's3:PutBucketTagging',
+  's3:PutJobTagging',
+  's3:PutObjectTagging',
+  's3:PutObjectVersionTagging',
+  's3:PutStorageLensConfigurationTagging'
+]
+```
+## API
+`expandIamActions(actionStringOrStrings: string | string[], overrideOptions?: Partial<ExpandIamActionsOptions>)` is the main function that will expand the actions of the IAM policy. Takes a string or array of strings and returns an array of strings that the input matches.
+## Only Valid Values
+`expandIamActions` intends to only return valid actual actions, if any invalid values are passed in such as an invalid format or a service/action that does not exist, they will be left out of the output. There are options to override this behavior.
+## Options
+`expandIamActions` an optional second argument that is an object with the following options:
+### `expandAsterisk`
+By default, a single `*` will not be expanded. If you want to expand a single `*` you can set this option to `true`.
+```typescript
+import { expandIamActions } from '@cloud-copilot/iam-expand';
+//Returns the unexpanded value
+expandIamActions('*')
+['*']
+//Returns the expanded value
+expandIamActions('*', { expandAsterisk: true })
+[
+  //Many many strings. 🫢
+]
+```
+### `expandServiceAsterisk`
+By default, a service name followed by a `*` (such as `s3:*` or `lambda:*`) will not be expanded. If you want to expand these you can set this option to `true`.
+```typescript
+import { expandIamActions } from '@cloud-copilot/iam-expand';
+//Returns the unexpanded value
+expandIamActions('s3:*')
+['s3:*']
+//Returns the expanded value
+expandIamActions('s3:*', { expandServiceAsterisk: true })
+[
+  //All the s3 actions. 🫢
+]
+```
+### `errorOnInvalidFormat`
+By default, if an invalid format is passed in, such as:
+*  `s3Get*Tagging` (missing a separator) or
+*  `s3:Get:Tagging*` (too many separators)
+it will be silenty ignored and left out of the output. If you want to throw an error when an invalid format is passed in you can set this option to `true`.
+```typescript
+import { expandIamActions } from '@cloud-copilot/iam-expand';
+//Ignore invalid format
+expandIamActions('s3Get*Tagging')
+[]
+//Throw an error on invalid format
+expandIamActions('s3Get*Tagging', { errorOnInvalidFormat: true })
+//Uncaught Error: Invalid action format: s3Get*Tagging
+```
+### `errorOnInvalidService`
+By default, if a service is passed in that does not exist in the IAM data, it will be silently ignored and left out of the output. If you want to throw an error when a service is passed in that does not exist you can set this option to `true`.
+```typescript
+import { expandIamActions } from '@cloud-copilot/iam-expand';
+//Ignore invalid service
+expandIamActions('r2:Get*Tagging')
+[]
+//Throw an error on invalid service
+expandIamActions('r2:Get*Tagging', { errorOnInvalidService: true })
+//Uncaught Error: Service not found: r2
+```
+## `invalidActionBehavior`
+By default, if an action is passed in that does not exist in the IAM data, it will be silently ignored and left out of the output. There are two options to override this behavior: `Error` and `Include`.
+```typescript
+import { expandIamActions, InvalidActionBehavior } from '@cloud-copilot/iam-expand';
+//Ignore invalid action by default
+expandIamActions('ec2:DestroyAvailabilityZone')
+[]
+//Ignore invalid action explicitly
+expandIamActions('ec2:DestroyAvailabilityZone', { invalidActionBehavior: InvalidActionBehavior.Remove })
+[]
+//Throw an error on invalid action
+expandIamActions('ec2:DestroyAvailabilityZone', { invalidActionBehavior: InvalidActionBehavior.Error })
+//Uncaught Error: Invalid action: ec2:DestroyAvailabilityZone
+//Include invalid action
+expandIamActions('ec2:DestroyAvailabilityZone', { invalidActionBehavior: InvalidActionBehavior.Include })
+['ec2:DestroyAvailabilityZone']
+```

package/dist/cjs/cli.js CHANGED Viewed

@@ -5,6 +5,7 @@ const iam_data_1 = require("@cloud-copilot/iam-data");
 const cli_utils_js_1 = require("./cli_utils.js");
 const expand_js_1 = require("./expand.js");
 const commandName = 'iam-expand';
+const dataPackage = '@cloud-copilot/iam-data';
 async function expandAndPrint(actionStrings, options) {
     try {
         const result = await (0, expand_js_1.expandIamActions)(actionStrings, options);
@@ -23,19 +24,17 @@ function printUsage() {
     console.log(`  ${commandName} [options] [action1] [action2] ...`);
     console.log(`  <input from stdout> | ${commandName} [options]`);
     console.log('Action Expanding Options:');
-    console.log('  --distinct: Remove duplicate actions');
-    console.log('  --sort: Sort the actions');
     console.log('  --expand-asterisk: Expand the * action to all actions');
     console.log('  --expand-service-asterisk: Expand service:* to all actions for that service');
-    console.log('  --error-on-missing-service: Throw an error if a service is not found');
     console.log('  --error-on-invalid-format: Throw an error if the action string is not in the correct format');
+    console.log('  --error-on-invalid-service: Throw an error if a service is not found');
     console.log('  --invalid-action-behavior: What to do when an invalid action is encountered:');
     console.log('    --invalid-action-behavior=remove: Remove the invalid action');
     console.log('    --invalid-action-behavior=include: Include the invalid action');
     console.log('    --invalid-action-behavior=error: Throw an error if an invalid action is encountered');
     console.log('CLI Behavior Options:');
     console.log('  --show-data-version: Print the version of the iam-data package being used and exit');
-    console.log('  --read-wait-time: Millisenconds to wait for input from stdin before timing out.');
+    console.log('  --read-wait-time: Millisenconds to wait for the first byte from stdin before timing out.');
     console.log('                    Example: --read-wait-time=10_000');
     process.exit(1);
 }
@@ -54,9 +53,11 @@ async function run() {
     const options = (0, cli_utils_js_1.convertOptions)(optionStrings);
     if (options.showDataVersion) {
         const version = await (0, iam_data_1.iamDataVersion)();
-        const updatedAt = await (0, iam_data_1.iamDataUpdatedAt)();
-        console.log(`@cloud-copilot/iam-data version: ${version}`);
-        console.log(`Data last updated: ${updatedAt}`);
+        const updatedAt = console.log(`${dataPackage} version: ${version}`);
+        console.log(`Data last updated: ${await (0, iam_data_1.iamDataUpdatedAt)()}`);
+        console.log(`Update with either:`);
+        console.log(`  npm update ${dataPackage}`);
+        console.log(`  npm update -g ${dataPackage}`);
         return;
     }
     if (actionStrings.length === 0) {

package/dist/cjs/cli.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";;;AAEA,sDAA2E;AAC3E,iDAA4D;AAC5D,2CAAwE;AAExE,MAAM,WAAW,GAAG,YAAY,CAAA;~~AAEhC~~,KAAK,UAAU,cAAc,CAAC,aAAuB,EAAE,OAAyC;IAC9F,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,4BAAgB,EAAC,aAAa,EAAE,OAAO,CAAC,CAAA;QAC7D,KAAK,MAAM,MAAM,IAAI,MAAM,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACrB,CAAC;IACH,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA;QACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;AACH,CAAC;AAED,SAAS,UAAU;IACjB,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAA;IACzD,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;IACrB,OAAO,CAAC,GAAG,CAAC,KAAK,WAAW,oCAAoC,CAAC,CAAA;IACjE,OAAO,CAAC,GAAG,CAAC,2BAA2B,WAAW,YAAY,CAAC,CAAA;IAC/D,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAA;IACxC,OAAO,CAAC,GAAG,CAAC,~~wCAAwC,CAAC,CAAA;IACrD,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAA;IACzC,OAAO,CAAC,GAAG,CAAC,~~yDAAyD,CAAC,CAAA;IACtE,OAAO,CAAC,GAAG,CAAC,+EAA+E,CAAC,CAAA;IAC5F,OAAO,CAAC,GAAG,CAAC,~~wEAAwE,~~CAAC,CAAA;~~IACrF~~,OAAO,CAAC,GAAG,CAAC~~,+FAA+F~~,CAAC,CAAA;~~IAC5G~~,OAAO,CAAC,GAAG,CAAC,gFAAgF,CAAC,CAAA;IAC7F,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAA;IAC9E,OAAO,CAAC,GAAG,CAAC,mEAAmE,CAAC,CAAA;IAChF,OAAO,CAAC,GAAG,CAAC,yFAAyF,CAAC,CAAA;IACtG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAA;IACpC,OAAO,CAAC,GAAG,CAAC,sFAAsF,CAAC,CAAA;IACnG,OAAO,CAAC,GAAG,CAAC,~~mFAAmF~~,CAAC,CAAA;~~IAChG~~,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAA;IACnE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC;AAED,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,gCAAgC;AACpE,MAAM,aAAa,GAAa,EAAE,CAAA;AAClC,MAAM,aAAa,GAAa,EAAE,CAAA;AAElC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,IAAG,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzB,CAAC;SAAM,CAAC;QACN,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,OAAO,GAAG,IAAA,6BAAc,EAAC,aAAa,CAAC,CAAA;IAC7C,IAAG,OAAO,CAAC,eAAe,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,MAAM,IAAA,yBAAc,GAAE,CAAA;QACtC,MAAM,SAAS,GAAG,MAAM,IAAA,2BAAgB,GAAE,CAAA;~~QAC1C~~,OAAO,CAAC,GAAG,CAAC,~~oCAAoC~~,OAAO,EAAE,CAAC,CAAA;~~QAC1D~~,OAAO,CAAC,GAAG,CAAC,~~sBAAsB~~,~~SAAS~~,EAAE,CAAC,CAAA;~~QAC9C~~,OAAM;IACR,CAAC;IAED,IAAG,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,6CAA6C;QAC7C,MAAM,WAAW,GAAG,MAAM,IAAA,yBAAU,EAAC,OAAO,CAAC,CAAA;QAC7C,IAAG,WAAW,CAAC,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;YACxD,OAAM;QACR,CAAC;aAAM,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YAC/B,MAAM,YAAY,GAAG,WAAW,CAAC,OAAO,CAAA;YACxC,IAAG,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;gBACrD,OAAO,CAAC,IAAI,CAAC,+EAA+E,CAAC,CAAA;YAC/F,CAAC;YACD,aAAa,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAA;QACrC,CAAC;IACH,CAAC;IAED,IAAG,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,MAAM,cAAc,CAAC,aAAa,EAAE,OAAO,CAAC,CAAA;QAC5C,OAAM;IACR,CAAC;IAED,UAAU,EAAE,CAAA;AACd,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA"}
1	+ {"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";;;AAEA,sDAA2E;AAC3E,iDAA4D;AAC5D,2CAAwE;AAExE,MAAM,WAAW,GAAG,YAAY,CAAA;AAChC,MAAM,WAAW,GAAG,yBAAyB,CAAA;AAE7C,KAAK,UAAU,cAAc,CAAC,aAAuB,EAAE,OAAyC;IAC9F,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,4BAAgB,EAAC,aAAa,EAAE,OAAO,CAAC,CAAA;QAC7D,KAAK,MAAM,MAAM,IAAI,MAAM,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACrB,CAAC;IACH,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA;QACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;AACH,CAAC;AAED,SAAS,UAAU;IACjB,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAA;IACzD,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;IACrB,OAAO,CAAC,GAAG,CAAC,KAAK,WAAW,oCAAoC,CAAC,CAAA;IACjE,OAAO,CAAC,GAAG,CAAC,2BAA2B,WAAW,YAAY,CAAC,CAAA;IAC/D,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAA;IACxC,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAA;IACtE,OAAO,CAAC,GAAG,CAAC,+EAA+E,CAAC,CAAA;IAC5F,OAAO,CAAC,GAAG,CAAC,+FAA+F,CAAC,CAAA;IAC5G,OAAO,CAAC,GAAG,CAAC,wEAAwE,CAAC,CAAA;IACrF,OAAO,CAAC,GAAG,CAAC,gFAAgF,CAAC,CAAA;IAC7F,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAA;IAC9E,OAAO,CAAC,GAAG,CAAC,mEAAmE,CAAC,CAAA;IAChF,OAAO,CAAC,GAAG,CAAC,yFAAyF,CAAC,CAAA;IACtG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAA;IACpC,OAAO,CAAC,GAAG,CAAC,sFAAsF,CAAC,CAAA;IACnG,OAAO,CAAC,GAAG,CAAC,4FAA4F,CAAC,CAAA;IACzG,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAA;IACnE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC;AAED,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,gCAAgC;AACpE,MAAM,aAAa,GAAa,EAAE,CAAA;AAClC,MAAM,aAAa,GAAa,EAAE,CAAA;AAElC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,IAAG,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzB,CAAC;SAAM,CAAC;QACN,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,OAAO,GAAG,IAAA,6BAAc,EAAC,aAAa,CAAC,CAAA;IAC7C,IAAG,OAAO,CAAC,eAAe,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,MAAM,IAAA,yBAAc,GAAE,CAAA;QACtC,MAAM,SAAS,GACf,OAAO,CAAC,GAAG,CAAC,GAAG,WAAW,aAAa,OAAO,EAAE,CAAC,CAAA;QACjD,OAAO,CAAC,GAAG,CAAC,sBAAsB,MAAM,IAAA,2BAAgB,GAAE,EAAE,CAAC,CAAA;QAC7D,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAA;QAClC,OAAO,CAAC,GAAG,CAAC,gBAAgB,WAAW,EAAE,CAAC,CAAA;QAC1C,OAAO,CAAC,GAAG,CAAC,mBAAmB,WAAW,EAAE,CAAC,CAAA;QAC7C,OAAM;IACR,CAAC;IAED,IAAG,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,6CAA6C;QAC7C,MAAM,WAAW,GAAG,MAAM,IAAA,yBAAU,EAAC,OAAO,CAAC,CAAA;QAC7C,IAAG,WAAW,CAAC,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;YACxD,OAAM;QACR,CAAC;aAAM,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YAC/B,MAAM,YAAY,GAAG,WAAW,CAAC,OAAO,CAAA;YACxC,IAAG,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;gBACrD,OAAO,CAAC,IAAI,CAAC,+EAA+E,CAAC,CAAA;YAC/F,CAAC;YACD,aAAa,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAA;QACrC,CAAC;IACH,CAAC;IAED,IAAG,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,MAAM,cAAc,CAAC,aAAa,EAAE,OAAO,CAAC,CAAA;QAC5C,OAAM;IACR,CAAC;IAED,UAAU,EAAE,CAAA;AACd,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA"}

package/dist/cjs/expand.d.ts CHANGED Viewed

@@ -31,13 +31,7 @@ export interface ExpandIamActionsOptions {
      * If false, an empty array will be returned
      * Default: false
      */
-    errorOnMissingService: boolean;
-    /**
-     * If true, only unique values will be returned, while maintaining order
-     * If false, all values will be returned, even if they are duplicates
-     * Default: false
-     */
-    distinct: boolean;
+    errorOnInvalidService: boolean;
     /**
      * The behavior to use when an invalid action is encountered without wildcards
      * @{InvalidActionBehavior.Remove} will remove the invalid action from the output
@@ -47,12 +41,6 @@ export interface ExpandIamActionsOptions {
      * Default: InvalidActionBehavior.Remove
      */
     invalidActionBehavior: InvalidActionBehavior;
-    /**
-     * If true, the returned array will be sorted
-     * If false, the returned array will be in the order they were expanded
-     * Default: false
-     */
-    sort: boolean;
 }
 /**
  * Expands an IAM action string that contains wildcards.

package/dist/cjs/expand.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"expand.d.ts","sourceRoot":"","sources":["../../src/expand.ts"],"names":[],"mappings":"AAEA,oBAAY,qBAAqB;IAC/B,MAAM,WAAW;IACjB,KAAK,UAAU;IACf,OAAO,YAAY;CACpB;AAED;;;GAGG;AACH,MAAM,WAAW,uBAAuB;IACtC;;;;OAIG;IACH,cAAc,EAAE,OAAO,CAAA;IAEvB;;;;OAIG;IACH,qBAAqB,EAAE,OAAO,CAAA;IAE9B;;;;OAIG;IACH,oBAAoB,EAAE,OAAO,CAAA;IAE7B;;;;OAIG;IACH,qBAAqB,EAAE,OAAO,CAAA;IAE9B~~;;;;OAIG;IACH,QAAQ,EAAE,OAAO,CAAA;IAGjB~~;;;;;;;OAOG;IACH,qBAAqB,EAAE,qBAAqB,CAAA;~~IAE5C;;;;OAIG~~;~~IACH,IAAI,EAAE,OAAO,CAAA;CACd;AAcD~~;;;;;;;;;;GAUG;AACH,wBAAsB,gBAAgB,CAAC,qBAAqB,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,eAAe,CAAC,EAAE,OAAO,CAAC,uBAAuB,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,~~CA0GtJ~~"}
1	+ {"version":3,"file":"expand.d.ts","sourceRoot":"","sources":["../../src/expand.ts"],"names":[],"mappings":"AAEA,oBAAY,qBAAqB;IAC/B,MAAM,WAAW;IACjB,KAAK,UAAU;IACf,OAAO,YAAY;CACpB;AAED;;;GAGG;AACH,MAAM,WAAW,uBAAuB;IACtC;;;;OAIG;IACH,cAAc,EAAE,OAAO,CAAA;IAEvB;;;;OAIG;IACH,qBAAqB,EAAE,OAAO,CAAA;IAE9B;;;;OAIG;IACH,oBAAoB,EAAE,OAAO,CAAA;IAE7B;;;;OAIG;IACH,qBAAqB,EAAE,OAAO,CAAA;IAE9B;;;;;;;OAOG;IACH,qBAAqB,EAAE,qBAAqB,CAAA;CAC7C;AAYD;;;;;;;;;;GAUG;AACH,wBAAsB,gBAAgB,CAAC,qBAAqB,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,eAAe,CAAC,EAAE,OAAO,CAAC,uBAAuB,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CA4FtJ"}