@cloud-copilot/iam-expand 0.1.6 → 0.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +254 -203
- package/dist/cjs/cli.js +8 -7
- package/dist/cjs/cli.js.map +1 -1
- package/dist/cjs/expand.d.ts +1 -13
- package/dist/cjs/expand.d.ts.map +1 -1
- package/dist/cjs/expand.js +5 -21
- package/dist/cjs/expand.js.map +1 -1
- package/dist/cjs/expand_file.js +1 -1
- package/dist/cjs/expand_file.js.map +1 -1
- package/dist/esm/cli.js +8 -7
- package/dist/esm/cli.js.map +1 -1
- package/dist/esm/expand.d.ts +1 -13
- package/dist/esm/expand.d.ts.map +1 -1
- package/dist/esm/expand.js +5 -21
- package/dist/esm/expand.js.map +1 -1
- package/dist/esm/expand_file.js +1 -1
- package/dist/esm/expand_file.js.map +1 -1
- package/examples/README.md +3 -0
- package/examples/download-and-expand-authorization-details.sh +8 -0
- package/examples/download-and-expand-policies.sh +22 -0
- package/package.json +1 -1
- package/src/cli.ts +9 -7
- package/src/expand.test.ts +39 -79
- package/src/expand.ts +7 -38
- package/src/expand_file.test.ts +0 -2
- package/src/expand_file.ts +1 -1
package/dist/cjs/expand.js
CHANGED
|
@@ -13,10 +13,8 @@ const defaultOptions = {
|
|
|
13
13
|
expandAsterisk: false,
|
|
14
14
|
expandServiceAsterisk: false,
|
|
15
15
|
errorOnInvalidFormat: false,
|
|
16
|
-
|
|
16
|
+
errorOnInvalidService: false,
|
|
17
17
|
invalidActionBehavior: InvalidActionBehavior.Remove,
|
|
18
|
-
distinct: false,
|
|
19
|
-
sort: false
|
|
20
18
|
};
|
|
21
19
|
const allAsterisksPattern = /^\*+$/i;
|
|
22
20
|
/**
|
|
@@ -40,20 +38,8 @@ async function expandIamActions(actionStringOrStrings, overrideOptions) {
|
|
|
40
38
|
const actionLists = await Promise.all(actionStringOrStrings.map(async (actionString) => {
|
|
41
39
|
return expandIamActions(actionString, options);
|
|
42
40
|
}));
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
const aSet = new Set();
|
|
46
|
-
allMatches = allMatches.filter((value) => {
|
|
47
|
-
if (aSet.has(value)) {
|
|
48
|
-
return false;
|
|
49
|
-
}
|
|
50
|
-
aSet.add(value);
|
|
51
|
-
return true;
|
|
52
|
-
});
|
|
53
|
-
}
|
|
54
|
-
if (options.sort) {
|
|
55
|
-
allMatches.sort();
|
|
56
|
-
}
|
|
41
|
+
const allMatches = Array.from(new Set(actionLists.flat()));
|
|
42
|
+
allMatches.sort();
|
|
57
43
|
return allMatches;
|
|
58
44
|
}
|
|
59
45
|
const actionString = actionStringOrStrings.trim();
|
|
@@ -85,7 +71,7 @@ async function expandIamActions(actionStringOrStrings, overrideOptions) {
|
|
|
85
71
|
}
|
|
86
72
|
const [service, wildcardActions] = parts.map(part => part.toLowerCase());
|
|
87
73
|
if (!await (0, iam_data_1.iamServiceExists)(service)) {
|
|
88
|
-
if (options.
|
|
74
|
+
if (options.errorOnInvalidService) {
|
|
89
75
|
throw new Error(`Service not found: ${service}`);
|
|
90
76
|
}
|
|
91
77
|
return [];
|
|
@@ -121,9 +107,7 @@ async function expandIamActions(actionStringOrStrings, overrideOptions) {
|
|
|
121
107
|
const pattern = "^" + wildcardActions.replace(/\*/g, '.*?') + "$";
|
|
122
108
|
const regex = new RegExp(pattern, 'i');
|
|
123
109
|
const matchingActions = allActions.filter(action => regex.test(action)).map(action => `${service}:${action}`);
|
|
124
|
-
|
|
125
|
-
matchingActions.sort();
|
|
126
|
-
}
|
|
110
|
+
matchingActions.sort();
|
|
127
111
|
return matchingActions;
|
|
128
112
|
}
|
|
129
113
|
//# sourceMappingURL=expand.js.map
|
package/dist/cjs/expand.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"expand.js","sourceRoot":"","sources":["../../src/expand.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"expand.js","sourceRoot":"","sources":["../../src/expand.ts"],"names":[],"mappings":";;;AAyEA,4CA4FC;AArKD,sDAAmI;AAEnI,IAAY,qBAIX;AAJD,WAAY,qBAAqB;IAC/B,0CAAiB,CAAA;IACjB,wCAAe,CAAA;IACf,4CAAmB,CAAA;AACrB,CAAC,EAJW,qBAAqB,qCAArB,qBAAqB,QAIhC;AA8CD,MAAM,cAAc,GAA4B;IAC9C,cAAc,EAAE,KAAK;IACrB,qBAAqB,EAAE,KAAK;IAC5B,oBAAoB,EAAE,KAAK;IAC3B,qBAAqB,EAAE,KAAK;IAC5B,qBAAqB,EAAE,qBAAqB,CAAC,MAAM;CACpD,CAAA;AAED,MAAM,mBAAmB,GAAG,QAAQ,CAAA;AAEpC;;;;;;;;;;GAUG;AACI,KAAK,UAAU,gBAAgB,CAAC,qBAAwC,EAAE,eAAkD;IACjI,MAAM,OAAO,GAAG,EAAC,GAAG,cAAc,EAAE,GAAG,eAAe,EAAC,CAAA;IAEvD,IAAG,CAAC,qBAAqB,EAAE,CAAC;QAC1B,mDAAmD;QACnD,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAG,KAAK,CAAC,OAAO,CAAC,qBAAqB,CAAC,EAAE,CAAC;QACxC,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,GAAG,CAAC,KAAK,EAAE,YAAY,EAAE,EAAE;YACrF,OAAO,gBAAgB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC,CAAA;QAEH,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,CAAA;QAC1D,UAAU,CAAC,IAAI,EAAE,CAAA;QAEjB,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,MAAM,YAAY,GAAG,qBAAqB,CAAC,IAAI,EAAE,CAAA;IAEjD,IAAG,YAAY,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE,CAAC;QAC3C,IAAG,OAAO,CAAC,cAAc,EAAE,CAAC;YAC1B,mCAAmC;YACnC,MAAM,UAAU,GAAG,EAAE,CAAA;YACrB,MAAM,WAAW,GAAG,MAAM,IAAA,yBAAc,GAAE,CAAA;YAC1C,IAAI,KAAK,EAAE,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;gBACxC,MAAM,cAAc,GAAG,MAAM,IAAA,+BAAoB,EAAC,OAAO,CAAC,CAAA;gBAC1D,UAAU,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,OAAO,IAAI,MAAM,EAAE,CAAC,CAAC,CAAA;YAC1E,CAAC;YACD,OAAO,UAAU,CAAA;QACnB,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,CAAA;IACd,CAAC;IAED,IAAG,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/B,IAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,0BAA0B,YAAY,EAAE,CAAC,CAAA;QAC3D,CAAC;QACD,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACrC,IAAG,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,IAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,0BAA0B,YAAY,EAAE,CAAC,CAAA;QAC3D,CAAC;QACD,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAA;IACxE,IAAG,CAAC,MAAM,IAAA,2BAAgB,EAAC,OAAO,CAAC,EAAE,CAAC;QACpC,IAAG,OAAO,CAAC,qBAAqB,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,sBAAsB,OAAO,EAAE,CAAC,CAAA;QAClD,CAAC;QACD,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAG,eAAe,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE,CAAC;QAC9C,IAAG,OAAO,CAAC,qBAAqB,EAAE,CAAC;YACjC,MAAM,iBAAiB,GAAG,MAAM,IAAA,+BAAoB,EAAC,OAAO,CAAC,CAAA;YAC7D,OAAO,iBAAiB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,OAAO,IAAI,MAAM,EAAE,CAAC,CAAA;QAChE,CAAC;QACD,OAAO,CAAC,GAAG,OAAO,IAAI,CAAC,CAAA;IACzB,CAAC;IAED,IAAG,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/B,MAAM,YAAY,GAAG,MAAM,IAAA,0BAAe,EAAC,OAAO,EAAE,eAAe,CAAC,CAAA;QACpE,IAAG,YAAY,EAAE,CAAC;YAChB,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,EAAE,eAAe,CAAC,CAAA;YAChE,OAAO,CAAC,OAAO,GAAG,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;QACvC,CAAC;QAED,IAAG,OAAO,CAAC,qBAAqB,KAAK,qBAAqB,CAAC,MAAM,EAAE,CAAC;YAClE,OAAO,EAAE,CAAA;QACX,CAAC;aAAM,IAAG,OAAO,CAAC,qBAAqB,KAAK,qBAAqB,CAAC,OAAO,EAAE,CAAC;YAC1E,OAAO,CAAC,YAAY,CAAC,CAAA;QACvB,CAAC;aAAM,IAAG,OAAO,CAAC,qBAAqB,KAAK,qBAAqB,CAAC,KAAK,EAAE,CAAC;YACxE,MAAM,IAAI,KAAK,CAAC,mBAAmB,YAAY,EAAE,CAAC,CAAA;QACpD,CAAC;aAAM,CAAC;YACN,0BAA0B;YAC1B,MAAM,IAAI,KAAK,CAAC,kCAAkC,OAAO,CAAC,qBAAqB,EAAE,CAAC,CAAA;QACpF,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,IAAA,+BAAoB,EAAC,OAAO,CAAC,CAAA;IACtD,MAAM,OAAO,GAAG,GAAG,GAAG,eAAe,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,GAAG,CAAA;IACjE,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IACtC,MAAM,eAAe,GAAG,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,OAAO,IAAI,MAAM,EAAE,CAAC,CAAA;IAC7G,eAAe,CAAC,IAAI,EAAE,CAAA;IAEtB,OAAO,eAAe,CAAA;AACxB,CAAC"}
|
package/dist/cjs/expand_file.js
CHANGED
|
@@ -16,7 +16,7 @@ async function expandJsonDocument(options, document, key) {
|
|
|
16
16
|
return await (0, expand_js_1.expandIamActions)(document, options);
|
|
17
17
|
}
|
|
18
18
|
if (Array.isArray(document) && document.length > 0 && typeof document[0] === 'string') {
|
|
19
|
-
const value = await (0, expand_js_1.expandIamActions)(document, { ...options
|
|
19
|
+
const value = await (0, expand_js_1.expandIamActions)(document, { ...options });
|
|
20
20
|
return value;
|
|
21
21
|
}
|
|
22
22
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"expand_file.js","sourceRoot":"","sources":["../../src/expand_file.ts"],"names":[],"mappings":";;AAUA,gDA4BC;AAtCD,2CAAuE;AAEvE;;;;;;;GAOG;AACI,KAAK,UAAU,kBAAkB,CAAC,OAAyC,EAAE,QAAa,EAAE,GAAY;IAC7G,IAAG,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;QAC3C,IAAG,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAChC,OAAO,MAAM,IAAA,4BAAgB,EAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;QAClD,CAAC;QACD,IAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,QAAQ,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YACrF,MAAM,KAAK,GAAI,MAAM,IAAA,4BAAgB,EAAC,QAAQ,EAAE,EAAC,GAAG,OAAO,
|
|
1
|
+
{"version":3,"file":"expand_file.js","sourceRoot":"","sources":["../../src/expand_file.ts"],"names":[],"mappings":";;AAUA,gDA4BC;AAtCD,2CAAuE;AAEvE;;;;;;;GAOG;AACI,KAAK,UAAU,kBAAkB,CAAC,OAAyC,EAAE,QAAa,EAAE,GAAY;IAC7G,IAAG,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;QAC3C,IAAG,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAChC,OAAO,MAAM,IAAA,4BAAgB,EAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;QAClD,CAAC;QACD,IAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,QAAQ,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YACrF,MAAM,KAAK,GAAI,MAAM,IAAA,4BAAgB,EAAC,QAAQ,EAAE,EAAC,GAAG,OAAO,EAAC,CAAC,CAAA;YAC7D,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IAED,IAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3B,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;YAC7C,OAAO,kBAAkB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;QAC1C,CAAC,CAAC,CAAC,CAAA;IACL,CAAC;IAED,IAAG,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAChC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAClC,MAAM,SAAS,GAAQ,EAAE,CAAA;QACzB,KAAI,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACtB,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAA;YAC3B,SAAS,CAAC,GAAG,CAAC,GAAG,MAAM,kBAAkB,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,CAAA;QAChE,CAAC;QACD,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC"}
|
package/dist/esm/cli.js
CHANGED
|
@@ -3,6 +3,7 @@ import { iamDataUpdatedAt, iamDataVersion } from "@cloud-copilot/iam-data";
|
|
|
3
3
|
import { convertOptions, parseStdIn } from "./cli_utils.js";
|
|
4
4
|
import { expandIamActions } from "./expand.js";
|
|
5
5
|
const commandName = 'iam-expand';
|
|
6
|
+
const dataPackage = '@cloud-copilot/iam-data';
|
|
6
7
|
async function expandAndPrint(actionStrings, options) {
|
|
7
8
|
try {
|
|
8
9
|
const result = await expandIamActions(actionStrings, options);
|
|
@@ -21,19 +22,17 @@ function printUsage() {
|
|
|
21
22
|
console.log(` ${commandName} [options] [action1] [action2] ...`);
|
|
22
23
|
console.log(` <input from stdout> | ${commandName} [options]`);
|
|
23
24
|
console.log('Action Expanding Options:');
|
|
24
|
-
console.log(' --distinct: Remove duplicate actions');
|
|
25
|
-
console.log(' --sort: Sort the actions');
|
|
26
25
|
console.log(' --expand-asterisk: Expand the * action to all actions');
|
|
27
26
|
console.log(' --expand-service-asterisk: Expand service:* to all actions for that service');
|
|
28
|
-
console.log(' --error-on-missing-service: Throw an error if a service is not found');
|
|
29
27
|
console.log(' --error-on-invalid-format: Throw an error if the action string is not in the correct format');
|
|
28
|
+
console.log(' --error-on-invalid-service: Throw an error if a service is not found');
|
|
30
29
|
console.log(' --invalid-action-behavior: What to do when an invalid action is encountered:');
|
|
31
30
|
console.log(' --invalid-action-behavior=remove: Remove the invalid action');
|
|
32
31
|
console.log(' --invalid-action-behavior=include: Include the invalid action');
|
|
33
32
|
console.log(' --invalid-action-behavior=error: Throw an error if an invalid action is encountered');
|
|
34
33
|
console.log('CLI Behavior Options:');
|
|
35
34
|
console.log(' --show-data-version: Print the version of the iam-data package being used and exit');
|
|
36
|
-
console.log(' --read-wait-time: Millisenconds to wait for
|
|
35
|
+
console.log(' --read-wait-time: Millisenconds to wait for the first byte from stdin before timing out.');
|
|
37
36
|
console.log(' Example: --read-wait-time=10_000');
|
|
38
37
|
process.exit(1);
|
|
39
38
|
}
|
|
@@ -52,9 +51,11 @@ async function run() {
|
|
|
52
51
|
const options = convertOptions(optionStrings);
|
|
53
52
|
if (options.showDataVersion) {
|
|
54
53
|
const version = await iamDataVersion();
|
|
55
|
-
const updatedAt =
|
|
56
|
-
console.log(
|
|
57
|
-
console.log(`
|
|
54
|
+
const updatedAt = console.log(`${dataPackage} version: ${version}`);
|
|
55
|
+
console.log(`Data last updated: ${await iamDataUpdatedAt()}`);
|
|
56
|
+
console.log(`Update with either:`);
|
|
57
|
+
console.log(` npm update ${dataPackage}`);
|
|
58
|
+
console.log(` npm update -g ${dataPackage}`);
|
|
58
59
|
return;
|
|
59
60
|
}
|
|
60
61
|
if (actionStrings.length === 0) {
|
package/dist/esm/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAC3E,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAA2B,MAAM,aAAa,CAAC;AAExE,MAAM,WAAW,GAAG,YAAY,CAAA;
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAC3E,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAA2B,MAAM,aAAa,CAAC;AAExE,MAAM,WAAW,GAAG,YAAY,CAAA;AAChC,MAAM,WAAW,GAAG,yBAAyB,CAAA;AAE7C,KAAK,UAAU,cAAc,CAAC,aAAuB,EAAE,OAAyC;IAC9F,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAA;QAC7D,KAAK,MAAM,MAAM,IAAI,MAAM,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACrB,CAAC;IACH,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA;QACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;AACH,CAAC;AAED,SAAS,UAAU;IACjB,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAA;IACzD,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;IACrB,OAAO,CAAC,GAAG,CAAC,KAAK,WAAW,oCAAoC,CAAC,CAAA;IACjE,OAAO,CAAC,GAAG,CAAC,2BAA2B,WAAW,YAAY,CAAC,CAAA;IAC/D,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAA;IACxC,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAA;IACtE,OAAO,CAAC,GAAG,CAAC,+EAA+E,CAAC,CAAA;IAC5F,OAAO,CAAC,GAAG,CAAC,+FAA+F,CAAC,CAAA;IAC5G,OAAO,CAAC,GAAG,CAAC,wEAAwE,CAAC,CAAA;IACrF,OAAO,CAAC,GAAG,CAAC,gFAAgF,CAAC,CAAA;IAC7F,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAA;IAC9E,OAAO,CAAC,GAAG,CAAC,mEAAmE,CAAC,CAAA;IAChF,OAAO,CAAC,GAAG,CAAC,yFAAyF,CAAC,CAAA;IACtG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAA;IACpC,OAAO,CAAC,GAAG,CAAC,sFAAsF,CAAC,CAAA;IACnG,OAAO,CAAC,GAAG,CAAC,4FAA4F,CAAC,CAAA;IACzG,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAA;IACnE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC;AAED,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,gCAAgC;AACpE,MAAM,aAAa,GAAa,EAAE,CAAA;AAClC,MAAM,aAAa,GAAa,EAAE,CAAA;AAElC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,IAAG,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzB,CAAC;SAAM,CAAC;QACN,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,OAAO,GAAG,cAAc,CAAC,aAAa,CAAC,CAAA;IAC7C,IAAG,OAAO,CAAC,eAAe,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,MAAM,cAAc,EAAE,CAAA;QACtC,MAAM,SAAS,GACf,OAAO,CAAC,GAAG,CAAC,GAAG,WAAW,aAAa,OAAO,EAAE,CAAC,CAAA;QACjD,OAAO,CAAC,GAAG,CAAC,sBAAsB,MAAM,gBAAgB,EAAE,EAAE,CAAC,CAAA;QAC7D,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAA;QAClC,OAAO,CAAC,GAAG,CAAC,gBAAgB,WAAW,EAAE,CAAC,CAAA;QAC1C,OAAO,CAAC,GAAG,CAAC,mBAAmB,WAAW,EAAE,CAAC,CAAA;QAC7C,OAAM;IACR,CAAC;IAED,IAAG,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,6CAA6C;QAC7C,MAAM,WAAW,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,CAAA;QAC7C,IAAG,WAAW,CAAC,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;YACxD,OAAM;QACR,CAAC;aAAM,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YAC/B,MAAM,YAAY,GAAG,WAAW,CAAC,OAAO,CAAA;YACxC,IAAG,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;gBACrD,OAAO,CAAC,IAAI,CAAC,+EAA+E,CAAC,CAAA;YAC/F,CAAC;YACD,aAAa,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAA;QACrC,CAAC;IACH,CAAC;IAED,IAAG,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,MAAM,cAAc,CAAC,aAAa,EAAE,OAAO,CAAC,CAAA;QAC5C,OAAM;IACR,CAAC;IAED,UAAU,EAAE,CAAA;AACd,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA"}
|
package/dist/esm/expand.d.ts
CHANGED
|
@@ -31,13 +31,7 @@ export interface ExpandIamActionsOptions {
|
|
|
31
31
|
* If false, an empty array will be returned
|
|
32
32
|
* Default: false
|
|
33
33
|
*/
|
|
34
|
-
|
|
35
|
-
/**
|
|
36
|
-
* If true, only unique values will be returned, while maintaining order
|
|
37
|
-
* If false, all values will be returned, even if they are duplicates
|
|
38
|
-
* Default: false
|
|
39
|
-
*/
|
|
40
|
-
distinct: boolean;
|
|
34
|
+
errorOnInvalidService: boolean;
|
|
41
35
|
/**
|
|
42
36
|
* The behavior to use when an invalid action is encountered without wildcards
|
|
43
37
|
* @{InvalidActionBehavior.Remove} will remove the invalid action from the output
|
|
@@ -47,12 +41,6 @@ export interface ExpandIamActionsOptions {
|
|
|
47
41
|
* Default: InvalidActionBehavior.Remove
|
|
48
42
|
*/
|
|
49
43
|
invalidActionBehavior: InvalidActionBehavior;
|
|
50
|
-
/**
|
|
51
|
-
* If true, the returned array will be sorted
|
|
52
|
-
* If false, the returned array will be in the order they were expanded
|
|
53
|
-
* Default: false
|
|
54
|
-
*/
|
|
55
|
-
sort: boolean;
|
|
56
44
|
}
|
|
57
45
|
/**
|
|
58
46
|
* Expands an IAM action string that contains wildcards.
|
package/dist/esm/expand.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"expand.d.ts","sourceRoot":"","sources":["../../src/expand.ts"],"names":[],"mappings":"AAEA,oBAAY,qBAAqB;IAC/B,MAAM,WAAW;IACjB,KAAK,UAAU;IACf,OAAO,YAAY;CACpB;AAED;;;GAGG;AACH,MAAM,WAAW,uBAAuB;IACtC;;;;OAIG;IACH,cAAc,EAAE,OAAO,CAAA;IAEvB;;;;OAIG;IACH,qBAAqB,EAAE,OAAO,CAAA;IAE9B;;;;OAIG;IACH,oBAAoB,EAAE,OAAO,CAAA;IAE7B;;;;OAIG;IACH,qBAAqB,EAAE,OAAO,CAAA;IAE9B
|
|
1
|
+
{"version":3,"file":"expand.d.ts","sourceRoot":"","sources":["../../src/expand.ts"],"names":[],"mappings":"AAEA,oBAAY,qBAAqB;IAC/B,MAAM,WAAW;IACjB,KAAK,UAAU;IACf,OAAO,YAAY;CACpB;AAED;;;GAGG;AACH,MAAM,WAAW,uBAAuB;IACtC;;;;OAIG;IACH,cAAc,EAAE,OAAO,CAAA;IAEvB;;;;OAIG;IACH,qBAAqB,EAAE,OAAO,CAAA;IAE9B;;;;OAIG;IACH,oBAAoB,EAAE,OAAO,CAAA;IAE7B;;;;OAIG;IACH,qBAAqB,EAAE,OAAO,CAAA;IAE9B;;;;;;;OAOG;IACH,qBAAqB,EAAE,qBAAqB,CAAA;CAC7C;AAYD;;;;;;;;;;GAUG;AACH,wBAAsB,gBAAgB,CAAC,qBAAqB,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,eAAe,CAAC,EAAE,OAAO,CAAC,uBAAuB,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CA4FtJ"}
|
package/dist/esm/expand.js
CHANGED
|
@@ -9,10 +9,8 @@ const defaultOptions = {
|
|
|
9
9
|
expandAsterisk: false,
|
|
10
10
|
expandServiceAsterisk: false,
|
|
11
11
|
errorOnInvalidFormat: false,
|
|
12
|
-
|
|
12
|
+
errorOnInvalidService: false,
|
|
13
13
|
invalidActionBehavior: InvalidActionBehavior.Remove,
|
|
14
|
-
distinct: false,
|
|
15
|
-
sort: false
|
|
16
14
|
};
|
|
17
15
|
const allAsterisksPattern = /^\*+$/i;
|
|
18
16
|
/**
|
|
@@ -36,20 +34,8 @@ export async function expandIamActions(actionStringOrStrings, overrideOptions) {
|
|
|
36
34
|
const actionLists = await Promise.all(actionStringOrStrings.map(async (actionString) => {
|
|
37
35
|
return expandIamActions(actionString, options);
|
|
38
36
|
}));
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
const aSet = new Set();
|
|
42
|
-
allMatches = allMatches.filter((value) => {
|
|
43
|
-
if (aSet.has(value)) {
|
|
44
|
-
return false;
|
|
45
|
-
}
|
|
46
|
-
aSet.add(value);
|
|
47
|
-
return true;
|
|
48
|
-
});
|
|
49
|
-
}
|
|
50
|
-
if (options.sort) {
|
|
51
|
-
allMatches.sort();
|
|
52
|
-
}
|
|
37
|
+
const allMatches = Array.from(new Set(actionLists.flat()));
|
|
38
|
+
allMatches.sort();
|
|
53
39
|
return allMatches;
|
|
54
40
|
}
|
|
55
41
|
const actionString = actionStringOrStrings.trim();
|
|
@@ -81,7 +67,7 @@ export async function expandIamActions(actionStringOrStrings, overrideOptions) {
|
|
|
81
67
|
}
|
|
82
68
|
const [service, wildcardActions] = parts.map(part => part.toLowerCase());
|
|
83
69
|
if (!await iamServiceExists(service)) {
|
|
84
|
-
if (options.
|
|
70
|
+
if (options.errorOnInvalidService) {
|
|
85
71
|
throw new Error(`Service not found: ${service}`);
|
|
86
72
|
}
|
|
87
73
|
return [];
|
|
@@ -117,9 +103,7 @@ export async function expandIamActions(actionStringOrStrings, overrideOptions) {
|
|
|
117
103
|
const pattern = "^" + wildcardActions.replace(/\*/g, '.*?') + "$";
|
|
118
104
|
const regex = new RegExp(pattern, 'i');
|
|
119
105
|
const matchingActions = allActions.filter(action => regex.test(action)).map(action => `${service}:${action}`);
|
|
120
|
-
|
|
121
|
-
matchingActions.sort();
|
|
122
|
-
}
|
|
106
|
+
matchingActions.sort();
|
|
123
107
|
return matchingActions;
|
|
124
108
|
}
|
|
125
109
|
//# sourceMappingURL=expand.js.map
|
package/dist/esm/expand.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"expand.js","sourceRoot":"","sources":["../../src/expand.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAA;AAEnI,MAAM,CAAN,IAAY,qBAIX;AAJD,WAAY,qBAAqB;IAC/B,0CAAiB,CAAA;IACjB,wCAAe,CAAA;IACf,4CAAmB,CAAA;AACrB,CAAC,EAJW,qBAAqB,KAArB,qBAAqB,QAIhC;
|
|
1
|
+
{"version":3,"file":"expand.js","sourceRoot":"","sources":["../../src/expand.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAA;AAEnI,MAAM,CAAN,IAAY,qBAIX;AAJD,WAAY,qBAAqB;IAC/B,0CAAiB,CAAA;IACjB,wCAAe,CAAA;IACf,4CAAmB,CAAA;AACrB,CAAC,EAJW,qBAAqB,KAArB,qBAAqB,QAIhC;AA8CD,MAAM,cAAc,GAA4B;IAC9C,cAAc,EAAE,KAAK;IACrB,qBAAqB,EAAE,KAAK;IAC5B,oBAAoB,EAAE,KAAK;IAC3B,qBAAqB,EAAE,KAAK;IAC5B,qBAAqB,EAAE,qBAAqB,CAAC,MAAM;CACpD,CAAA;AAED,MAAM,mBAAmB,GAAG,QAAQ,CAAA;AAEpC;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,qBAAwC,EAAE,eAAkD;IACjI,MAAM,OAAO,GAAG,EAAC,GAAG,cAAc,EAAE,GAAG,eAAe,EAAC,CAAA;IAEvD,IAAG,CAAC,qBAAqB,EAAE,CAAC;QAC1B,mDAAmD;QACnD,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAG,KAAK,CAAC,OAAO,CAAC,qBAAqB,CAAC,EAAE,CAAC;QACxC,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,GAAG,CAAC,KAAK,EAAE,YAAY,EAAE,EAAE;YACrF,OAAO,gBAAgB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC,CAAA;QAEH,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,CAAA;QAC1D,UAAU,CAAC,IAAI,EAAE,CAAA;QAEjB,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,MAAM,YAAY,GAAG,qBAAqB,CAAC,IAAI,EAAE,CAAA;IAEjD,IAAG,YAAY,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE,CAAC;QAC3C,IAAG,OAAO,CAAC,cAAc,EAAE,CAAC;YAC1B,mCAAmC;YACnC,MAAM,UAAU,GAAG,EAAE,CAAA;YACrB,MAAM,WAAW,GAAG,MAAM,cAAc,EAAE,CAAA;YAC1C,IAAI,KAAK,EAAE,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;gBACxC,MAAM,cAAc,GAAG,MAAM,oBAAoB,CAAC,OAAO,CAAC,CAAA;gBAC1D,UAAU,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,OAAO,IAAI,MAAM,EAAE,CAAC,CAAC,CAAA;YAC1E,CAAC;YACD,OAAO,UAAU,CAAA;QACnB,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,CAAA;IACd,CAAC;IAED,IAAG,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/B,IAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,0BAA0B,YAAY,EAAE,CAAC,CAAA;QAC3D,CAAC;QACD,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACrC,IAAG,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,IAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,0BAA0B,YAAY,EAAE,CAAC,CAAA;QAC3D,CAAC;QACD,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAA;IACxE,IAAG,CAAC,MAAM,gBAAgB,CAAC,OAAO,CAAC,EAAE,CAAC;QACpC,IAAG,OAAO,CAAC,qBAAqB,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,sBAAsB,OAAO,EAAE,CAAC,CAAA;QAClD,CAAC;QACD,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAG,eAAe,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE,CAAC;QAC9C,IAAG,OAAO,CAAC,qBAAqB,EAAE,CAAC;YACjC,MAAM,iBAAiB,GAAG,MAAM,oBAAoB,CAAC,OAAO,CAAC,CAAA;YAC7D,OAAO,iBAAiB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,OAAO,IAAI,MAAM,EAAE,CAAC,CAAA;QAChE,CAAC;QACD,OAAO,CAAC,GAAG,OAAO,IAAI,CAAC,CAAA;IACzB,CAAC;IAED,IAAG,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/B,MAAM,YAAY,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,eAAe,CAAC,CAAA;QACpE,IAAG,YAAY,EAAE,CAAC;YAChB,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,eAAe,CAAC,CAAA;YAChE,OAAO,CAAC,OAAO,GAAG,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;QACvC,CAAC;QAED,IAAG,OAAO,CAAC,qBAAqB,KAAK,qBAAqB,CAAC,MAAM,EAAE,CAAC;YAClE,OAAO,EAAE,CAAA;QACX,CAAC;aAAM,IAAG,OAAO,CAAC,qBAAqB,KAAK,qBAAqB,CAAC,OAAO,EAAE,CAAC;YAC1E,OAAO,CAAC,YAAY,CAAC,CAAA;QACvB,CAAC;aAAM,IAAG,OAAO,CAAC,qBAAqB,KAAK,qBAAqB,CAAC,KAAK,EAAE,CAAC;YACxE,MAAM,IAAI,KAAK,CAAC,mBAAmB,YAAY,EAAE,CAAC,CAAA;QACpD,CAAC;aAAM,CAAC;YACN,0BAA0B;YAC1B,MAAM,IAAI,KAAK,CAAC,kCAAkC,OAAO,CAAC,qBAAqB,EAAE,CAAC,CAAA;QACpF,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,oBAAoB,CAAC,OAAO,CAAC,CAAA;IACtD,MAAM,OAAO,GAAG,GAAG,GAAG,eAAe,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,GAAG,CAAA;IACjE,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IACtC,MAAM,eAAe,GAAG,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,OAAO,IAAI,MAAM,EAAE,CAAC,CAAA;IAC7G,eAAe,CAAC,IAAI,EAAE,CAAA;IAEtB,OAAO,eAAe,CAAA;AACxB,CAAC"}
|
package/dist/esm/expand_file.js
CHANGED
|
@@ -13,7 +13,7 @@ export async function expandJsonDocument(options, document, key) {
|
|
|
13
13
|
return await expandIamActions(document, options);
|
|
14
14
|
}
|
|
15
15
|
if (Array.isArray(document) && document.length > 0 && typeof document[0] === 'string') {
|
|
16
|
-
const value = await expandIamActions(document, { ...options
|
|
16
|
+
const value = await expandIamActions(document, { ...options });
|
|
17
17
|
return value;
|
|
18
18
|
}
|
|
19
19
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"expand_file.js","sourceRoot":"","sources":["../../src/expand_file.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAA2B,MAAM,aAAa,CAAA;AAEvE;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,OAAyC,EAAE,QAAa,EAAE,GAAY;IAC7G,IAAG,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;QAC3C,IAAG,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAChC,OAAO,MAAM,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;QAClD,CAAC;QACD,IAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,QAAQ,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YACrF,MAAM,KAAK,GAAI,MAAM,gBAAgB,CAAC,QAAQ,EAAE,EAAC,GAAG,OAAO,
|
|
1
|
+
{"version":3,"file":"expand_file.js","sourceRoot":"","sources":["../../src/expand_file.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAA2B,MAAM,aAAa,CAAA;AAEvE;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,OAAyC,EAAE,QAAa,EAAE,GAAY;IAC7G,IAAG,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;QAC3C,IAAG,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAChC,OAAO,MAAM,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;QAClD,CAAC;QACD,IAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,QAAQ,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YACrF,MAAM,KAAK,GAAI,MAAM,gBAAgB,CAAC,QAAQ,EAAE,EAAC,GAAG,OAAO,EAAC,CAAC,CAAA;YAC7D,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IAED,IAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3B,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;YAC7C,OAAO,kBAAkB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;QAC1C,CAAC,CAAC,CAAC,CAAA;IACL,CAAC;IAED,IAAG,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAChC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAClC,MAAM,SAAS,GAAQ,EAAE,CAAA;QACzB,KAAI,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACtB,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAA;YAC3B,SAAS,CAAC,GAAG,CAAC,GAAG,MAAM,kBAAkB,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,CAAA;QAChE,CAAC;QACD,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
|
|
3
|
+
: <<'END_COMMENT'
|
|
4
|
+
This script will download all the account authorization details which contains
|
|
5
|
+
inline policies and expand them then save them to a file.
|
|
6
|
+
END_COMMENT
|
|
7
|
+
|
|
8
|
+
aws iam get-account-authorization-details --output json | iam-expand --expand-service-asterisk --read-wait-time=20_000 > expanded-authorization-details.json
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
|
|
3
|
+
: <<'END_COMMENT'
|
|
4
|
+
This script will download all customer-managed policies in the account, expand them, and save them to files
|
|
5
|
+
in the `policies` directory. The file name will be the policy name with the path as a prefix.
|
|
6
|
+
END_COMMENT
|
|
7
|
+
|
|
8
|
+
mkdir -p policies
|
|
9
|
+
|
|
10
|
+
# List all managed policies that are attached to any entity
|
|
11
|
+
policies=$(aws iam list-policies --scope All --only-attached --query 'Policies[].{Arn:Arn,VersionId:DefaultVersionId,Path:Path,Name:PolicyName}' --output json)
|
|
12
|
+
|
|
13
|
+
# Loop through each policy to get the default version and save it
|
|
14
|
+
echo "$policies" | jq -c '.[]' | while read -r line; do
|
|
15
|
+
arn=$(echo "$line" | jq -r '.Arn')
|
|
16
|
+
version_id=$(echo "$line" | jq -r '.VersionId')
|
|
17
|
+
path=$(echo "$line" | jq -r '.Path' | tr '/' '_')
|
|
18
|
+
name=$(echo "$line" | jq -r '.Name')
|
|
19
|
+
|
|
20
|
+
file_name="policies/${path}${name}.json"
|
|
21
|
+
aws iam get-policy-version --policy-arn "$arn" --version-id "$version_id" --query 'PolicyVersion.Document' --output json 2>/dev/null | iam-expand --read-wait-time=10_000 > $file_name
|
|
22
|
+
done
|
package/package.json
CHANGED
package/src/cli.ts
CHANGED
|
@@ -5,6 +5,7 @@ import { convertOptions, parseStdIn } from "./cli_utils.js";
|
|
|
5
5
|
import { expandIamActions, ExpandIamActionsOptions } from "./expand.js";
|
|
6
6
|
|
|
7
7
|
const commandName = 'iam-expand'
|
|
8
|
+
const dataPackage = '@cloud-copilot/iam-data'
|
|
8
9
|
|
|
9
10
|
async function expandAndPrint(actionStrings: string[], options: Partial<ExpandIamActionsOptions>) {
|
|
10
11
|
try {
|
|
@@ -24,19 +25,17 @@ function printUsage() {
|
|
|
24
25
|
console.log(` ${commandName} [options] [action1] [action2] ...`)
|
|
25
26
|
console.log(` <input from stdout> | ${commandName} [options]`)
|
|
26
27
|
console.log('Action Expanding Options:')
|
|
27
|
-
console.log(' --distinct: Remove duplicate actions')
|
|
28
|
-
console.log(' --sort: Sort the actions')
|
|
29
28
|
console.log(' --expand-asterisk: Expand the * action to all actions')
|
|
30
29
|
console.log(' --expand-service-asterisk: Expand service:* to all actions for that service')
|
|
31
|
-
console.log(' --error-on-missing-service: Throw an error if a service is not found')
|
|
32
30
|
console.log(' --error-on-invalid-format: Throw an error if the action string is not in the correct format')
|
|
31
|
+
console.log(' --error-on-invalid-service: Throw an error if a service is not found')
|
|
33
32
|
console.log(' --invalid-action-behavior: What to do when an invalid action is encountered:')
|
|
34
33
|
console.log(' --invalid-action-behavior=remove: Remove the invalid action')
|
|
35
34
|
console.log(' --invalid-action-behavior=include: Include the invalid action')
|
|
36
35
|
console.log(' --invalid-action-behavior=error: Throw an error if an invalid action is encountered')
|
|
37
36
|
console.log('CLI Behavior Options:')
|
|
38
37
|
console.log(' --show-data-version: Print the version of the iam-data package being used and exit')
|
|
39
|
-
console.log(' --read-wait-time: Millisenconds to wait for
|
|
38
|
+
console.log(' --read-wait-time: Millisenconds to wait for the first byte from stdin before timing out.')
|
|
40
39
|
console.log(' Example: --read-wait-time=10_000')
|
|
41
40
|
process.exit(1)
|
|
42
41
|
}
|
|
@@ -57,9 +56,12 @@ async function run() {
|
|
|
57
56
|
const options = convertOptions(optionStrings)
|
|
58
57
|
if(options.showDataVersion) {
|
|
59
58
|
const version = await iamDataVersion()
|
|
60
|
-
const updatedAt =
|
|
61
|
-
console.log(
|
|
62
|
-
console.log(`Data last updated: ${
|
|
59
|
+
const updatedAt =
|
|
60
|
+
console.log(`${dataPackage} version: ${version}`)
|
|
61
|
+
console.log(`Data last updated: ${await iamDataUpdatedAt()}`)
|
|
62
|
+
console.log(`Update with either:`)
|
|
63
|
+
console.log(` npm update ${dataPackage}`)
|
|
64
|
+
console.log(` npm update -g ${dataPackage}`)
|
|
63
65
|
return
|
|
64
66
|
}
|
|
65
67
|
|
package/src/expand.test.ts
CHANGED
|
@@ -211,11 +211,11 @@ describe("expand", () => {
|
|
|
211
211
|
})
|
|
212
212
|
|
|
213
213
|
describe("when the service in the action string does not exist", () => {
|
|
214
|
-
it("should return an empty array when
|
|
214
|
+
it("should return an empty array when errorOnInvalidService is false", async () => {
|
|
215
215
|
//Given actionString contains a service that does not exist
|
|
216
216
|
const actionString = 'fake:GetObject*'
|
|
217
217
|
//And errorOnMissingService is false
|
|
218
|
-
const options = {
|
|
218
|
+
const options = { errorOnInvalidService: false }
|
|
219
219
|
|
|
220
220
|
//When expand is called with actionString
|
|
221
221
|
const result = await expandIamActions(actionString, options)
|
|
@@ -224,11 +224,11 @@ describe("expand", () => {
|
|
|
224
224
|
expect(result).toEqual([])
|
|
225
225
|
})
|
|
226
226
|
|
|
227
|
-
it("should throw an error when
|
|
227
|
+
it("should throw an error when errorOnInvalidService is true", async () => {
|
|
228
228
|
//Given actionString contains a service that does not exist
|
|
229
229
|
const actionString = 'fake:GetObject*'
|
|
230
230
|
//And errorOnMissingService is true
|
|
231
|
-
const options = {
|
|
231
|
+
const options = { errorOnInvalidService: true }
|
|
232
232
|
|
|
233
233
|
//When expand is called with actionString
|
|
234
234
|
//Then an error should be thrown
|
|
@@ -327,7 +327,7 @@ describe("expand", () => {
|
|
|
327
327
|
//Given actionString is 's3:*Object'
|
|
328
328
|
const actionString = 's3:*Object'
|
|
329
329
|
//And s3 service exists
|
|
330
|
-
vi.mocked(iamServiceExists).
|
|
330
|
+
vi.mocked(iamServiceExists).mockResolvedValue(true)
|
|
331
331
|
//And there are matching actions
|
|
332
332
|
vi.mocked(iamActionsForService).mockResolvedValue([
|
|
333
333
|
'GetObject',
|
|
@@ -369,8 +369,8 @@ describe("expand", () => {
|
|
|
369
369
|
const result = await expandIamActions(actionString)
|
|
370
370
|
//Then result should be an array of actions
|
|
371
371
|
expect(result).toEqual([
|
|
372
|
-
's3:
|
|
373
|
-
's3:
|
|
372
|
+
's3:GetBanskyTagging',
|
|
373
|
+
's3:GetObjectTagging'
|
|
374
374
|
])
|
|
375
375
|
})
|
|
376
376
|
|
|
@@ -397,10 +397,10 @@ describe("expand", () => {
|
|
|
397
397
|
const result = await expandIamActions(actionString)
|
|
398
398
|
//Then result should be an array of actions
|
|
399
399
|
expect(result).toEqual([
|
|
400
|
-
's3:GetObjectTagging',
|
|
401
400
|
's3:GetBanskyTagging',
|
|
402
|
-
's3:
|
|
403
|
-
's3:GetSomethingTaggingSomething'
|
|
401
|
+
's3:GetObjectTagging',
|
|
402
|
+
's3:GetSomethingTaggingSomething',
|
|
403
|
+
's3:GetTagging'
|
|
404
404
|
])
|
|
405
405
|
})
|
|
406
406
|
})
|
|
@@ -449,81 +449,41 @@ describe("expand", () => {
|
|
|
449
449
|
})
|
|
450
450
|
})
|
|
451
451
|
|
|
452
|
-
|
|
453
|
-
|
|
454
|
-
|
|
455
|
-
|
|
456
|
-
|
|
457
|
-
|
|
458
|
-
|
|
459
|
-
vi.mocked(iamActionsForService).mockResolvedValue(['GetObject', 'PutObject', 'GetOtherObject'])
|
|
460
|
-
|
|
461
|
-
//When expand is called with actionString and distinct is false
|
|
462
|
-
const result = await expandIamActions(actionString, { distinct: false })
|
|
463
|
-
|
|
464
|
-
//Then result should be an array of actions, even if they are duplicates
|
|
465
|
-
expect(result).toEqual(['s3:GetObject', 's3:GetOtherObject', 's3:GetObject', 's3:PutObject', 's3:GetOtherObject'])
|
|
466
|
-
})
|
|
467
|
-
|
|
468
|
-
it('should return only unique values when distinct is true, and maintain order', async () => {
|
|
469
|
-
//Given two action strings
|
|
470
|
-
const actionString = ['s3:Get*','s3:*Object']
|
|
471
|
-
//And s3 service exists
|
|
472
|
-
vi.mocked(iamServiceExists).mockResolvedValue(true)
|
|
473
|
-
//And there are matching actions
|
|
474
|
-
vi.mocked(iamActionsForService).mockResolvedValue(['GetObject', 'PutObject', 'GetOtherObject'])
|
|
452
|
+
it('should return only unique values', async () => {
|
|
453
|
+
//Given two action strings
|
|
454
|
+
const actionString = ['s3:Get*','s3:*Object']
|
|
455
|
+
//And s3 service exists
|
|
456
|
+
vi.mocked(iamServiceExists).mockResolvedValue(true)
|
|
457
|
+
//And there are matching actions
|
|
458
|
+
vi.mocked(iamActionsForService).mockResolvedValue(['GetObject', 'PutObject', 'GetOtherObject'])
|
|
475
459
|
|
|
476
|
-
|
|
477
|
-
|
|
478
|
-
|
|
479
|
-
|
|
480
|
-
})
|
|
460
|
+
//When expand is called with actionStrings and distinct is true
|
|
461
|
+
const result = await expandIamActions(actionString)
|
|
462
|
+
//Then result should be an array of unique actions
|
|
463
|
+
expect(result).toEqual(['s3:GetObject', 's3:GetOtherObject', 's3:PutObject'])
|
|
481
464
|
})
|
|
482
465
|
|
|
483
|
-
|
|
484
|
-
|
|
485
|
-
|
|
486
|
-
|
|
487
|
-
|
|
488
|
-
|
|
489
|
-
|
|
490
|
-
|
|
491
|
-
|
|
492
|
-
|
|
493
|
-
|
|
494
|
-
|
|
495
|
-
|
|
496
|
-
|
|
497
|
-
return []
|
|
498
|
-
})
|
|
499
|
-
|
|
500
|
-
//When expand is called with actionStrings and sort is false
|
|
501
|
-
const result = await expandIamActions(actionString, { sort: false })
|
|
502
|
-
//Then result should be an array of actions in the order they were expanded
|
|
503
|
-
expect(result).toEqual(['s3:GetObject', 's3:GetBucket', 'ec2:DescribeInstances', 'ec2:DescribeVolumes'])
|
|
466
|
+
it('should return values sorted', async () => {
|
|
467
|
+
//Given two action strings
|
|
468
|
+
const actionString = ['s3:Get*','ec2:Describe*']
|
|
469
|
+
//And s3 service exists
|
|
470
|
+
vi.mocked(iamServiceExists).mockResolvedValue(true)
|
|
471
|
+
//And there are matching actions
|
|
472
|
+
vi.mocked(iamActionsForService).mockImplementation(async (service) => {
|
|
473
|
+
if(service === 's3') {
|
|
474
|
+
return ['GetObject', 'GetBucket']
|
|
475
|
+
}
|
|
476
|
+
if(service === 'ec2') {
|
|
477
|
+
return ['DescribeInstances', 'DescribeVolumes']
|
|
478
|
+
}
|
|
479
|
+
return []
|
|
504
480
|
})
|
|
505
481
|
|
|
506
|
-
|
|
507
|
-
|
|
508
|
-
const actionString = ['s3:Get*','ec2:Describe*']
|
|
509
|
-
//And s3 service exists
|
|
510
|
-
vi.mocked(iamServiceExists).mockResolvedValue(true)
|
|
511
|
-
//And there are matching actions
|
|
512
|
-
vi.mocked(iamActionsForService).mockImplementation(async (service) => {
|
|
513
|
-
if(service === 's3') {
|
|
514
|
-
return ['GetObject', 'GetBucket']
|
|
515
|
-
}
|
|
516
|
-
if(service === 'ec2') {
|
|
517
|
-
return ['DescribeInstances', 'DescribeVolumes']
|
|
518
|
-
}
|
|
519
|
-
return []
|
|
520
|
-
})
|
|
482
|
+
//When expand is called with actionStrings
|
|
483
|
+
const result = await expandIamActions(actionString)
|
|
521
484
|
|
|
522
|
-
|
|
523
|
-
|
|
524
|
-
//Then result should be an array of actions in the order they were expanded
|
|
525
|
-
expect(result).toEqual(['ec2:DescribeInstances', 'ec2:DescribeVolumes', 's3:GetBucket', 's3:GetObject'])
|
|
526
|
-
})
|
|
485
|
+
//Then result should be an array of sorted actions
|
|
486
|
+
expect(result).toEqual(['ec2:DescribeInstances', 'ec2:DescribeVolumes', 's3:GetBucket', 's3:GetObject'])
|
|
527
487
|
})
|
|
528
488
|
|
|
529
489
|
})
|