npm - @cloud-copilot/iam-expand - Versions diffs - 0.1.8 → 0.1.10 - Mend

@cloud-copilot/iam-expand 0.1.8 → 0.1.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

package/README.md +6 -6
package/dist/cjs/cli.js +2 -2
package/dist/cjs/cli.js.map +1 -1
package/dist/cjs/cli_utils.d.ts +1 -1
package/dist/cjs/cli_utils.d.ts.map +1 -1
package/dist/cjs/cli_utils.js +1 -1
package/dist/cjs/cli_utils.js.map +1 -1
package/dist/esm/cli.js +2 -2
package/dist/esm/cli.js.map +1 -1
package/dist/esm/cli_utils.d.ts +1 -1
package/dist/esm/cli_utils.d.ts.map +1 -1
package/dist/esm/cli_utils.js +1 -1
package/dist/esm/cli_utils.js.map +1 -1
package/package.json +4 -1
package/examples/README.md +0 -3
package/examples/download-and-expand-authorization-details.sh +0 -8
package/examples/download-and-expand-policies.sh +0 -22
package/postbuild.sh +0 -13
package/src/cli.ts +0 -94
package/src/cli_utils.test.ts +0 -147
package/src/cli_utils.ts +0 -84
package/src/expand.test.ts +0 -489
package/src/expand.ts +0 -166
package/src/expand_file.test.ts +0 -184
package/src/expand_file.ts +0 -39
package/src/index.ts +0 -1
package/src/stdin.ts +0 -34
package/tsconfig.cjs.json +0 -11
package/tsconfig.esm.json +0 -14
package/tsconfig.json +0 -22

package/src/expand.test.ts DELETED Viewed

@@ -1,489 +0,0 @@
-import { iamActionDetails, iamActionExists, iamActionsForService, iamServiceExists, iamServiceKeys } from '@cloud-copilot/iam-data'
-import { beforeEach, describe, expect, it, vi } from 'vitest'
-import { expandIamActions, InvalidActionBehavior } from "./expand.js"
-vi.mock('@cloud-copilot/iam-data')
-beforeEach(() => {
-  vi.resetAllMocks()
-  // jest.resetAllMocks()
-})
-describe("expand", () => {
-  it("should return an empty array when actionString is null", async () => {
-    //Given actionString is null
-    const actionString = null
-    //When expand is called with actionString
-    const result = await expandIamActions(actionString as any)
-    //Then result should be an empty array
-    expect(result).toEqual([])
-  })
-  it("should return '*' when actionString is '*' and expandAsterisk is false", async () => {
-    //Given actionString is '*'
-    const actionString = '*'
-    //When expand is called with actionString
-    const result = await expandIamActions(actionString)
-    //Then result should be '*'
-    expect(result).toEqual(['*'])
-  })
-  it('should return "*" when action string multiple asterisks and expandAsterisk is false', async () => {
-    //Given actionString is multiple asterisks
-    const actionString = '***'
-    //And expandAsterisk is false
-    const options = { expandAsterisk: false }
-    //When expand is called with actionString and options
-    const result = await expandIamActions(actionString, options)
-    //Then result should be '*'
-    expect(result).toEqual(['*'])
-  })
-  it("should expand all actions for all services when actionString is '*' and expandAsterisk is true", async () => {
-    //Given actionString is '*'
-    const actionString = '*'
-    //And expandAsterisk is true
-    const options = { expandAsterisk: true }
-    //And there are services
-    vi.mocked(iamServiceKeys).mockResolvedValue(['s3', 'ec2'])
-    //And there are actions for the services
-    vi.mocked(iamActionsForService).mockImplementation(async (service) => {
-      if(service === 's3') {
-        return ['action1', 'action2']
-      }
-      if(service === 'ec2') {
-        return ['action3', 'action4']
-      }
-      return []
-    })
-    //When expand is called with actionString and options
-    const result = await expandIamActions(actionString, options)
-    //Then result should be an array of all actions for all services
-    expect(result.sort()).toEqual([
-      'ec2:action3',
-      'ec2:action4',
-      's3:action1',
-      's3:action2'
-    ])
-  })
-  it("should do a case insensitive match for the service in the action string", async () => {
-    //Given actionString is 'S3:GetObject'
-    const actionString = 'S3:get*'
-    //And s3 service exists
-    vi.mocked(iamServiceExists).mockImplementation(async (s) => s === 's3')
-    //And there are matching actions
-    vi.mocked(iamActionsForService).mockResolvedValue(['GetObject'])
-    //When expand is called with actionString
-    const result = await expandIamActions(actionString)
-    //Then result should be an array with the actionString
-    expect(result).toEqual(['s3:GetObject'])
-  })
-  describe("invalid action name", () => {
-    it('should return an action without wildcards if it is a valid action', async () => {
-      //Given actionString contains a valid action
-      const actionString = 's3:getobject'
-      //And s3 the service exists
-      vi.mocked(iamServiceExists).mockResolvedValue(true)
-      //And the action does not
-      vi.mocked(iamActionExists).mockResolvedValue(true)
-      vi.mocked(iamActionDetails).mockResolvedValue({name: 'GetObject'} as any)
-      //When expand is called with actionString
-      const result = await expandIamActions(actionString)
-      //Then result should be an array with the actionString
-      expect(result).toEqual(['s3:GetObject'])
-    })
-    it("should remove an invalid action if invalidActionBehavior is Remove", async () => {
-      //Given actionString contains an invalid action
-      const actionString = 's3:DoSomethingDumb'
-      //And invalidActionBehavior is Remove
-      const options = { invalidActionBehavior: InvalidActionBehavior.Remove }
-      //And s3 the service exists
-      vi.mocked(iamServiceExists).mockResolvedValue(true)
-      //And the action does not
-      vi.mocked(iamActionExists).mockResolvedValue(false)
-      //When expand is called with actionString
-      const result = await expandIamActions(actionString, options)
-      //Then result should be an array with the valid action
-      expect(result).toEqual([])
-    })
-    it("should include an invalid action if invalidActionBehavior is Include", async () => {
-      //Given actionString contains an invalid action
-      const actionString = 's3:DoSomethingSilly'
-      //And invalidActionBehavior is Include
-      const options = { invalidActionBehavior: InvalidActionBehavior.Include }
-      //And s3 the service exists
-      vi.mocked(iamServiceExists).mockResolvedValue(true)
-      //And the action does not
-      vi.mocked(iamActionExists).mockResolvedValue(false)
-      //When expand is called with actionString
-      const result = await expandIamActions(actionString, options)
-      //Then result should be an array with the invalid action
-      expect(result).toEqual([actionString])
-    })
-    it('should throw an error if the action is invalid and invalidActionBehavior is Error', async () => {
-      //Given actionString contains an invalid action
-      const actionString = 's3:AbsurdlyInvalidAction'
-      //And invalidActionBehavior is Error
-      const options = { invalidActionBehavior: InvalidActionBehavior.Error }
-      //And s3 the service exists
-      vi.mocked(iamServiceExists).mockResolvedValue(true)
-      //And the action does not
-      vi.mocked(iamActionExists).mockResolvedValue(false)
-      //When expand is called with actionString
-      //Then an error should be thrown
-      expect(
-        expandIamActions(actionString, options)
-      ).rejects.toThrowError('Invalid action')
-    })
-  })
-  describe("when the actions string is in the wrong format", () => {
-    it("should return an empty array when there are too many parts and errorOnInvalidFormat is false", async () => {
-      //Given actionString is in the wrong format
-      const actionString = 's3:GetObject:Extra*'
-      //And errorOnInvalidFormat is false
-      const options = { errorOnInvalidFormat: false }
-      //When expand is called with actionString
-      const result = await expandIamActions(actionString, options)
-      //Then result should be an empty array
-      expect(result).toEqual([])
-    })
-    it("should return an empty array when there are too few parts and errorOnInvalidFormat is false", async () => {
-      //Given actionString has no :
-      const actionString = 's3GetObject*'
-      //And errorOnInvalidFormat is false
-      const options = { errorOnInvalidFormat: false }
-      //When expand is called with actionString
-      const result = await expandIamActions(actionString, options)
-      //Then result should be an empty array
-      expect(result).toEqual([])
-    })
-    it("should throw an error when there are too many parts and errorOnInvalidFormat is true", async () => {
-      //Given actionString is in the wrong format
-      const actionString = 's3:GetObject:Extra*'
-      //And errorOnInvalidFormat is true
-      const options = { errorOnInvalidFormat: true }
-      //When expand is called with actionString
-      //Then an error should be thrown
-      expect(
-        () => expandIamActions(actionString, options)
-      ).rejects.toThrowError('Invalid action format')
-    })
-    it("should throw an error when there are too few parts and errorOnInvalidFormat is true", async () => {
-      //Given actionString has no :
-      const actionString = 's3GetObject*'
-      //And errorOnInvalidFormat is true
-      const options = { errorOnInvalidFormat: true }
-      //When expand is called with actionString
-      //Then an error should be thrown
-      expect(
-        () => expandIamActions(actionString, options)
-      ).rejects.toThrowError('Invalid action format')
-    })
-  })
-  describe("when the service in the action string does not exist", () => {
-    it("should return an empty array when errorOnInvalidService is false", async () => {
-      //Given actionString contains a service that does not exist
-      const actionString = 'fake:GetObject*'
-      //And errorOnMissingService is false
-      const options = { errorOnInvalidService: false }
-      //When expand is called with actionString
-      const result = await expandIamActions(actionString, options)
-      //Then result should be an empty array
-      expect(result).toEqual([])
-    })
-    it("should throw an error when errorOnInvalidService is true", async () => {
-      //Given actionString contains a service that does not exist
-      const actionString = 'fake:GetObject*'
-      //And errorOnMissingService is true
-      const options = { errorOnInvalidService: true }
-      //When expand is called with actionString
-      //Then an error should be thrown
-      expect(
-        () => expandIamActions(actionString, options)
-      ).rejects.toThrowError('Service not found')
-    })
-  })
-  describe("when the action string contains a wildcard for a service", () => {
-    it("should expand not expand the wildcard when expandServiceAsterisk is false", async () => {
-      //Given actionString is 's3:*'
-      const actionString = 's3:*'
-      //And expandServiceAsterisk is false
-      const options = { expandServiceAsterisk: false }
-      //And s3 service exists
-      vi.mocked(iamServiceExists).mockResolvedValue(true)
-      //And there are matching actions
-      vi.mocked(iamActionsForService).mockResolvedValue(['GetObject', 'PutObject'])
-      //When expand is called with actionString
-      const result = await expandIamActions(actionString, options)
-      //Then result should be an array with the original string
-      expect(result).toEqual([actionString])
-    })
-    it("should expand not expand the wildcard when there are multiple asterisks and expandServiceAsterisk is false", async () => {
-      //Given actionString has multiple asterisks for the actions
-      const actionString = 's3:****'
-      //And expandServiceAsterisk is false
-      const options = { expandServiceAsterisk: false }
-      //And s3 service exists
-      vi.mocked(iamServiceExists).mockResolvedValue(true)
-      //And there are matching actions
-      vi.mocked(iamActionsForService).mockResolvedValue(['GetObject', 'PutObject'])
-      //When expand is called with actionString
-      const result = await expandIamActions(actionString, options)
-      //Then result should be an array with the original string
-      expect(result).toEqual(['s3:*'])
-    })
-    it("should expand the wildcard when expandServiceAsterisk is true", async () => {
-      //Given actionString is 's3:*'
-      const actionString = 's3:*'
-      //And expandServiceAsterisk is true
-      const options = { expandServiceAsterisk: true }
-      //And s3 service exists
-      vi.mocked(iamServiceExists).mockResolvedValue(true)
-      //And there are matching actions
-      vi.mocked(iamActionsForService).mockResolvedValue(['GetObject', 'PutObject'])
-      //When expand is called with actionString
-      const result = await expandIamActions(actionString, options)
-      //Then result should be an array of actions
-      expect(result).toEqual([
-        's3:GetObject',
-        's3:PutObject'
-      ])
-    })
-  })
-  describe("when the action string contains wildcards", () => {
-    it('should expand the wildcard actions at the end', async () => {
-      //Given actionString is 's3:Get*'
-      const actionString = 's3:Get*'
-      //And s3 service exists
-      vi.mocked(iamServiceExists).mockResolvedValue(true)
-      //And there are matching actions
-      vi.mocked(iamActionsForService).mockResolvedValue([
-        'GetObject',
-        'GetObjectAcl',
-        'GetObjectTagging',
-        'GetObjectTorrent',
-        'PutObject',
-        'PutObjectAcl',
-        'SomethingGetSomething'
-      ])
-      //When expand is called with actionString
-      const result = await expandIamActions(actionString)
-      //Then result should be an array of actions
-      expect(result).toEqual([
-        's3:GetObject',
-        's3:GetObjectAcl',
-        's3:GetObjectTagging',
-        's3:GetObjectTorrent'
-      ])
-    })
-    it('should expand the wildcard actions at the beginning', async () => {
-      //Given actionString is 's3:*Object'
-      const actionString = 's3:*Object'
-      //And s3 service exists
-      vi.mocked(iamServiceExists).mockResolvedValue(true)
-      //And there are matching actions
-      vi.mocked(iamActionsForService).mockResolvedValue([
-        'GetObject',
-        'GetObjectAcl',
-        'GetObjectTagging',
-        'GetObjectTorrent',
-        'PutObject',
-        'PutObjectAcl',
-        'SomethingGetSomething'
-      ])
-      //When expand is called with actionString
-      const result = await expandIamActions(actionString)
-      //Then result should be an array of actions
-      expect(result).toEqual([
-        's3:GetObject',
-        's3:PutObject'
-      ])
-    })
-    it('should expand the wildcard actions in the middle', async () => {
-      //Given actionString is 's3:Get*Tagging'
-      const actionString = 's3:Get*Tagging'
-      //And s3 service exists
-      vi.mocked(iamServiceExists).mockResolvedValue(true)
-      //And there are matching actions
-      vi.mocked(iamActionsForService).mockResolvedValue([
-        'GetObject',
-        'GetObjectAcl',
-        'GetObjectTagging',
-        'GetBanskyTagging',
-        'GetObjectTorrent',
-        'PutObject',
-        'PutObjectAcl',
-        'SomethingGetSomething'
-      ])
-      //When expand is called with actionString
-      const result = await expandIamActions(actionString)
-      //Then result should be an array of actions
-      expect(result).toEqual([
-        's3:GetBanskyTagging',
-        's3:GetObjectTagging'
-      ])
-    })
-    it('should expand multiple wildcards', async () => {
-      //Given actionString is 's3:Get*Tagging*'
-      const actionString = 's3:Get*Tagging*'
-      //And s3 service exists
-      vi.mocked(iamServiceExists).mockResolvedValue(true)
-      //And there are matching actions
-      vi.mocked(iamActionsForService).mockResolvedValue([
-        'GetObject',
-        'GetObjectAcl',
-        'GetObjectTagging',
-        'GetBanskyTagging',
-        'GetTagging',
-        'GetObjectTorrent',
-        'GetSomethingTaggingSomething',
-        'PutObject',
-        'PutObjectAcl',
-        'SomethingGetSomething'
-      ])
-      //When expand is called with actionString
-      const result = await expandIamActions(actionString)
-      //Then result should be an array of actions
-      expect(result).toEqual([
-        's3:GetBanskyTagging',
-        's3:GetObjectTagging',
-        's3:GetSomethingTaggingSomething',
-        's3:GetTagging'
-      ])
-    })
-  })
-  describe("when actionStrings is an array", () => {
-    it("should return an empty array when actionStrings is an empty array", async () => {
-      //Given actionStrings is an empty array
-      const actionStrings: string[] = []
-      //When expand is called with actionStrings
-      const result = await expandIamActions(actionStrings)
-      //Then result should be an empty array
-      expect(result).toEqual([])
-    })
-    it("should return an array of expanded actions when actionStrings is an array of action strings", async () => {
-      //Given actionStrings is an array of action strings
-      const actionStrings = [
-        's3:Get*',
-        'ec2:*Instances'
-      ]
-      //And s3 and ec2 services exist
-      vi.mocked(iamServiceExists).mockResolvedValue(true)
-      //And there are actions for the services
-      vi.mocked(iamActionsForService).mockImplementation(async (service) => {
-        if(service === 's3') {
-          return ['GetObject', 'GetObjectTagging', 'PutObject', 'PutObjectTagging']
-        }
-        if(service === 'ec2') {
-          return ['RunInstances', 'TerminateInstances']
-        }
-        return []
-      })
-      //When expand is called with actionStrings
-      const result = await expandIamActions(actionStrings)
-      //Then result should be an array of expanded actions
-      expect(result.sort()).toEqual([
-        'ec2:RunInstances',
-        'ec2:TerminateInstances',
-        's3:GetObject',
-        's3:GetObjectTagging',
-      ])
-    })
-  })
-  it('should return only unique values', async () => {
-    //Given two action strings
-    const actionString = ['s3:Get*','s3:*Object']
-    //And s3 service exists
-    vi.mocked(iamServiceExists).mockResolvedValue(true)
-    //And there are matching actions
-    vi.mocked(iamActionsForService).mockResolvedValue(['GetObject', 'PutObject', 'GetOtherObject'])
-    //When expand is called with actionStrings and distinct is true
-    const result = await expandIamActions(actionString)
-    //Then result should be an array of unique actions
-    expect(result).toEqual(['s3:GetObject', 's3:GetOtherObject', 's3:PutObject'])
-  })
-  it('should return values sorted', async () => {
-    //Given two action strings
-    const actionString = ['s3:Get*','ec2:Describe*']
-    //And s3 service exists
-    vi.mocked(iamServiceExists).mockResolvedValue(true)
-    //And there are matching actions
-    vi.mocked(iamActionsForService).mockImplementation(async (service) => {
-      if(service === 's3') {
-        return ['GetObject', 'GetBucket']
-      }
-      if(service === 'ec2') {
-        return ['DescribeInstances', 'DescribeVolumes']
-      }
-      return []
-    })
-    //When expand is called with actionStrings
-    const result = await expandIamActions(actionString)
-    //Then result should be an array of sorted actions
-    expect(result).toEqual(['ec2:DescribeInstances', 'ec2:DescribeVolumes', 's3:GetBucket', 's3:GetObject'])
-  })
-})

package/src/expand.ts DELETED Viewed

@@ -1,166 +0,0 @@
-import { iamActionDetails, iamActionExists, iamActionsForService, iamServiceExists, iamServiceKeys } from '@cloud-copilot/iam-data'
-export enum InvalidActionBehavior {
-  Remove = "Remove",
-  Error = "Error",
-  Include = "Include",
-}
-/**
- * Options for the expand function
- *
- */
-export interface ExpandIamActionsOptions {
-  /**
-   * If true, a single `*` will be expanded to all actions for all services
-   * If false, a single `*` will be returned as is
-   * Default: false
-   */
-  expandAsterisk: boolean
-  /**
-   * If true, `service:*` will be expanded to all actions for that service
-   * If false, `service:*` will be returned as is
-   * Default: false
-   */
-  expandServiceAsterisk: boolean
-  /**
-   * If true, an error will be thrown if the action string is not in the correct format
-   * If false, an empty array will be returned
-   * Default: false
-   */
-  errorOnInvalidFormat: boolean
-  /**
-   * If true, an error will be thrown if the service in the action string does not exist
-   * If false, an empty array will be returned
-   * Default: false
-   */
-  errorOnInvalidService: boolean
-  /**
-   * The behavior to use when an invalid action is encountered without wildcards
-   * @{InvalidActionBehavior.Remove} will remove the invalid action from the output
-   * @{InvalidActionBehavior.Error} will throw an error if an invalid action is encountered
-   * @{InvalidActionBehavior.Include} will include the invalid action in the output
-   *
-   * Default: InvalidActionBehavior.Remove
-   */
-  invalidActionBehavior: InvalidActionBehavior
-}
-const defaultOptions: ExpandIamActionsOptions = {
-  expandAsterisk: false,
-  expandServiceAsterisk: false,
-  errorOnInvalidFormat: false,
-  errorOnInvalidService: false,
-  invalidActionBehavior: InvalidActionBehavior.Remove,
-}
-const allAsterisksPattern = /^\*+$/i
-/**
- * Expands an IAM action string that contains wildcards.
- * If the action string contains no wildcards, it is returned as is.
- * @see {@link ExpandIamActionsOptions} for options to customize behavior
- *
- * If any options are set to throw an error, the function will throw an error if validation fails for a single value.
- *
- * @param actionStringOrStrings An IAM action or array IAM action(s) that may contain wildcards
- * @param overrideOptions Options to override the default behavior
- * @returns An array of expanded action strings flattend to a single array
- */
-export async function expandIamActions(actionStringOrStrings: string | string[], overrideOptions?: Partial<ExpandIamActionsOptions>): Promise<string[]> {
-  const options = {...defaultOptions, ...overrideOptions}
-  if(!actionStringOrStrings) {
-    //Just in case the user passes in null or undefined
-    return []
-  }
-  if(Array.isArray(actionStringOrStrings)) {
-    const actionLists = await Promise.all(actionStringOrStrings.map(async (actionString) => {
-      return expandIamActions(actionString, options);
-    }))
-    const allMatches = Array.from(new Set(actionLists.flat()))
-    allMatches.sort()
-    return allMatches
-  }
-  const actionString = actionStringOrStrings.trim()
-  if(actionString.match(allAsterisksPattern)) {
-    if(options.expandAsterisk) {
-      //If that's really what you want...
-      const allActions = []
-      const serviceKeys = await iamServiceKeys()
-      for await (const service of serviceKeys) {
-        const serviceActions = await iamActionsForService(service)
-        allActions.push(...serviceActions.map(action => `${service}:${action}`))
-      }
-      return allActions
-    }
-    return ['*']
-  }
-  if(!actionString.includes(':')) {
-    if(options.errorOnInvalidFormat) {
-      throw new Error(`Invalid action format: ${actionString}`)
-    }
-    return []
-  }
-  const parts = actionString.split(':')
-  if(parts.length !== 2) {
-    if(options.errorOnInvalidFormat) {
-      throw new Error(`Invalid action format: ${actionString}`)
-    }
-    return []
-  }
-  const [service, wildcardActions] = parts.map(part => part.toLowerCase())
-  if(!await iamServiceExists(service)) {
-    if(options.errorOnInvalidService) {
-      throw new Error(`Service not found: ${service}`)
-    }
-    return []
-  }
-  if(wildcardActions.match(allAsterisksPattern)) {
-    if(options.expandServiceAsterisk) {
-      const actionsForService = await iamActionsForService(service)
-      return actionsForService.map(action => `${service}:${action}`)
-    }
-    return [`${service}:*`]
-  }
-  if(!actionString.includes('*')) {
-    const actionExists = await iamActionExists(service, wildcardActions)
-    if(actionExists) {
-      const details = await iamActionDetails(service, wildcardActions)
-      return [service + ":" + details.name]
-    }
-    if(options.invalidActionBehavior === InvalidActionBehavior.Remove) {
-      return []
-    } else if(options.invalidActionBehavior === InvalidActionBehavior.Include) {
-      return [actionString]
-    } else if(options.invalidActionBehavior === InvalidActionBehavior.Error) {
-      throw new Error(`Invalid action: ${actionString}`)
-    } else {
-      //This should never happen
-      throw new Error(`Invalid invalidActionBehavior: ${options.invalidActionBehavior}`)
-    }
-  }
-  const allActions = await iamActionsForService(service)
-  const pattern = "^" + wildcardActions.replace(/\*/g, '.*?') + "$"
-  const regex = new RegExp(pattern, 'i')
-  const matchingActions = allActions.filter(action => regex.test(action)).map(action => `${service}:${action}`)
-  matchingActions.sort()
-  return matchingActions
-}