@cloud-copilot/iam-expand 0.7.0-rc2 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +85 -36
- package/dist/cjs/cli.js +16 -2
- package/dist/cjs/cli.js.map +1 -1
- package/dist/cjs/expand_file.js +1 -1
- package/dist/cjs/expand_file.js.map +1 -1
- package/dist/cjs/index.d.ts +3 -2
- package/dist/cjs/index.d.ts.map +1 -1
- package/dist/cjs/index.js +3 -2
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/invert.d.ts +1 -1
- package/dist/cjs/invert.d.ts.map +1 -1
- package/dist/cjs/invert.js +2 -2
- package/dist/cjs/invert.js.map +1 -1
- package/dist/esm/cli.js +17 -3
- package/dist/esm/cli.js.map +1 -1
- package/dist/esm/expand_file.js +2 -2
- package/dist/esm/expand_file.js.map +1 -1
- package/dist/esm/index.d.ts +3 -2
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.js +2 -1
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/invert.d.ts +1 -1
- package/dist/esm/invert.d.ts.map +1 -1
- package/dist/esm/invert.js +1 -1
- package/dist/esm/invert.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Expand IAM Actions
|
|
2
|
-
Built in the Unix philosophy, this is a small tool that does one thing well:
|
|
2
|
+
Built in the Unix philosophy, this is a small tool that does one thing well: explain IAM actions with wildcards.
|
|
3
3
|
|
|
4
4
|
Use this to:
|
|
5
5
|
1) Expand wildcards when you are not allowed to use them in your policies.
|
|
@@ -66,6 +66,20 @@ s3:PutObjectVersionTagging
|
|
|
66
66
|
s3:PutStorageLensConfigurationTaggin
|
|
67
67
|
```
|
|
68
68
|
|
|
69
|
+
### Inverting Actions
|
|
70
|
+
Use this to find all actions that are not in a set of patterns
|
|
71
|
+
```bash
|
|
72
|
+
iam-expand --invert s3:Get*Tagging s3:Put*Tagging
|
|
73
|
+
#Outputs all actions that are not Get*Tagging or Put*Tagging
|
|
74
|
+
a2c:GetContainerizationJobDetails
|
|
75
|
+
a2c:GetDeploymentJobDetails
|
|
76
|
+
a2c:StartContainerizationJob
|
|
77
|
+
a2c:StartDeploymentJob
|
|
78
|
+
a4b:ApproveSkill
|
|
79
|
+
a4b:AssociateContactWithAddressBook
|
|
80
|
+
...
|
|
81
|
+
```
|
|
82
|
+
|
|
69
83
|
### Help
|
|
70
84
|
Run the command with no options to show usage:
|
|
71
85
|
```bash
|
|
@@ -85,21 +99,6 @@ iam-expand --expand-asterisk "*"
|
|
|
85
99
|
# Returns very many strings, very very fast. 📚 🚀
|
|
86
100
|
```
|
|
87
101
|
|
|
88
|
-
#### `--expand-service-asterisk`
|
|
89
|
-
By default, a service name followed by a `*` (such as `s3:*` or `lambda:*`) will not be expanded. If you want to expand these you can set this flag.
|
|
90
|
-
```bash
|
|
91
|
-
iam-expand "s3:*"
|
|
92
|
-
# Returns the service:* action
|
|
93
|
-
s3:*
|
|
94
|
-
|
|
95
|
-
iam-expand --expand-service-asterisk "s3:*"
|
|
96
|
-
# Returns all the s3 actions in order. 🪣
|
|
97
|
-
s3:AbortMultipartUpload
|
|
98
|
-
s3:AssociateAccessGrantsIdentityCenter
|
|
99
|
-
s3:BypassGovernanceRetention
|
|
100
|
-
...
|
|
101
|
-
```
|
|
102
|
-
|
|
103
102
|
#### `--error-on-invalid-format`
|
|
104
103
|
By default, if an invalid format is passed in, such as:
|
|
105
104
|
* `s3Get*Tagging` (missing a separator) or
|
|
@@ -147,6 +146,27 @@ iam-expand --invalid-action-behavior=include "ec2:DestroyAvailabilityZone"
|
|
|
147
146
|
ec2:DestroyAvailabilityZone
|
|
148
147
|
```
|
|
149
148
|
|
|
149
|
+
#### `--invert`
|
|
150
|
+
Use this to find all actions that are not in a set of patterns. Only works for actions passed as arguments, or unstructured content from stdin.
|
|
151
|
+
```bash
|
|
152
|
+
iam-expand --invert s3:Get*Tagging s3:Put*Tagging
|
|
153
|
+
#Outputs all actions that are not Get*Tagging or Put*Tagging
|
|
154
|
+
a2c:GetContainerizationJobDetails
|
|
155
|
+
a2c:GetDeploymentJobDetails
|
|
156
|
+
a2c:StartContainerizationJob
|
|
157
|
+
a2c:StartDeploymentJob
|
|
158
|
+
a4b:ApproveSkill
|
|
159
|
+
a4b:AssociateContactWithAddressBook
|
|
160
|
+
...
|
|
161
|
+
```
|
|
162
|
+
|
|
163
|
+
#### `--invert-not-actions`
|
|
164
|
+
*This operates only on JSON input*. It will recursively search the JSON document for any `NotAction` that is a string or and array of strings. The `NotAction` will be replaced with an `Action` key that is the inverse of the `NotAction` actions or patterns.
|
|
165
|
+
```bash
|
|
166
|
+
cat policy.json | iam-expand --invert-not-actions
|
|
167
|
+
```
|
|
168
|
+
See [Read from Stdin](#read-from-stdin) for more details
|
|
169
|
+
|
|
150
170
|
#### `--show-data-version`
|
|
151
171
|
Show the version of the data that is being used to expand the actions and exit.
|
|
152
172
|
|
|
@@ -238,9 +258,51 @@ Gives this file in `expanded-policy.json`
|
|
|
238
258
|
}
|
|
239
259
|
```
|
|
240
260
|
|
|
261
|
+
You can also invert the `NotAction` using `--invert-not-actions`. This will replace the `NotAction` element with an `Action` element that is the inverse of actions listed in the `NotAction`.
|
|
262
|
+
```bash
|
|
263
|
+
cat policy.json | iam-expand --invert-not-actions > inverted-policy.json
|
|
264
|
+
```
|
|
265
|
+
|
|
266
|
+
Gives this file in `inverted-policy.json`
|
|
267
|
+
```json
|
|
268
|
+
{
|
|
269
|
+
"Version": "2012-10-17",
|
|
270
|
+
"Statement": [
|
|
271
|
+
{
|
|
272
|
+
"Effect": "Allow",
|
|
273
|
+
// Was "s3:Get*Tagging"
|
|
274
|
+
"Action": [
|
|
275
|
+
"s3:GetBucketTagging",
|
|
276
|
+
"s3:GetJobTagging",
|
|
277
|
+
"s3:GetObjectTagging",
|
|
278
|
+
"s3:GetObjectVersionTagging",
|
|
279
|
+
"s3:GetStorageLensConfigurationTagging"
|
|
280
|
+
],
|
|
281
|
+
"Resource": "*"
|
|
282
|
+
},
|
|
283
|
+
{
|
|
284
|
+
"Effect": "Deny",
|
|
285
|
+
// Was NotAction: ["s3:Get*Tagging", "s3:Put*Tagging"]
|
|
286
|
+
// Now is Action: everything but the Get*Tagging and Put*Tagging actions
|
|
287
|
+
"Action": [
|
|
288
|
+
"a2c:GetContainerizationJobDetails",
|
|
289
|
+
"a2c:GetDeploymentJobDetails",
|
|
290
|
+
"a2c:StartContainerizationJob",
|
|
291
|
+
...
|
|
292
|
+
"xray:UntagResource",
|
|
293
|
+
"xray:UpdateGroup",
|
|
294
|
+
"xray:UpdateSamplingRule",
|
|
295
|
+
],
|
|
296
|
+
"Resource": "*"
|
|
297
|
+
}
|
|
298
|
+
]
|
|
299
|
+
}
|
|
300
|
+
```
|
|
301
|
+
|
|
302
|
+
|
|
241
303
|
You can also use this to expand the actions from the output of commands.
|
|
242
304
|
```bash
|
|
243
|
-
aws iam get-account-authorization-details --output json | iam-expand --
|
|
305
|
+
aws iam get-account-authorization-details --output json | iam-expand --read-wait-ms=20_000 > expanded-authorization-details.json
|
|
244
306
|
# Now you can search the output for actions you are interested in
|
|
245
307
|
grep -n "kms:DisableKey" expanded-authorization-details.json
|
|
246
308
|
```
|
|
@@ -313,7 +375,9 @@ expandIamActions(['s3:Get*Tagging', 's3:Put*Tagging'])
|
|
|
313
375
|
]
|
|
314
376
|
```
|
|
315
377
|
|
|
316
|
-
## API
|
|
378
|
+
## API Reference
|
|
379
|
+
|
|
380
|
+
## `expandIamActions`
|
|
317
381
|
`expandIamActions(actionStringOrStrings: string | string[], overrideOptions?: Partial<ExpandIamActionsOptions>)` is the main function that will expand the actions of the IAM policy. Takes a string or array of strings and returns an array of strings that the input matches.
|
|
318
382
|
|
|
319
383
|
## Only Valid Values
|
|
@@ -338,22 +402,6 @@ expandIamActions('*', { expandAsterisk: true })
|
|
|
338
402
|
//Many many strings. 🫢
|
|
339
403
|
]
|
|
340
404
|
```
|
|
341
|
-
### `expandServiceAsterisk`
|
|
342
|
-
By default, a service name followed by a `*` (such as `s3:*` or `lambda:*`) will not be expanded. If you want to expand these you can set this option to `true`.
|
|
343
|
-
|
|
344
|
-
```typescript
|
|
345
|
-
import { expandIamActions } from '@cloud-copilot/iam-expand';
|
|
346
|
-
|
|
347
|
-
//Returns the unexpanded value
|
|
348
|
-
expandIamActions('s3:*')
|
|
349
|
-
['s3:*']
|
|
350
|
-
|
|
351
|
-
//Returns the expanded value
|
|
352
|
-
expandIamActions('s3:*', { expandServiceAsterisk: true })
|
|
353
|
-
[
|
|
354
|
-
//All the s3 actions. 🫢
|
|
355
|
-
]
|
|
356
|
-
```
|
|
357
405
|
|
|
358
406
|
### `errorOnInvalidFormat`
|
|
359
407
|
By default, if an invalid format is passed in, such as:
|
|
@@ -389,7 +437,7 @@ expandIamActions('r2:Get*Tagging', { errorOnInvalidService: true })
|
|
|
389
437
|
//Uncaught Error: Service not found: r2
|
|
390
438
|
```
|
|
391
439
|
|
|
392
|
-
|
|
440
|
+
### `invalidActionBehavior`
|
|
393
441
|
By default, if an action is passed in that does not exist in the IAM data, it will be silently ignored and left out of the output. There are two options to override this behavior: `Error` and `Include`.
|
|
394
442
|
|
|
395
443
|
```typescript
|
|
@@ -412,4 +460,5 @@ expandIamActions('ec2:DestroyAvailabilityZone', { invalidActionBehavior: Invalid
|
|
|
412
460
|
['ec2:DestroyAvailabilityZone']
|
|
413
461
|
```
|
|
414
462
|
|
|
415
|
-
|
|
463
|
+
## `invertIamActions`
|
|
464
|
+
`invertIamActions(actionString: string): string` will take an action string and return all actions not matching . For example `s3:Get*Tagging` will return all actions from all services except those s3 actions that match the pattern `Get*Tagging`.
|
package/dist/cjs/cli.js
CHANGED
|
@@ -7,6 +7,7 @@ const expand_js_1 = require("./expand.js");
|
|
|
7
7
|
const invert_js_1 = require("./invert.js");
|
|
8
8
|
const commandName = 'iam-expand';
|
|
9
9
|
const dataPackage = '@cloud-copilot/iam-data';
|
|
10
|
+
const fiveDays = 432_000_000;
|
|
10
11
|
/**
|
|
11
12
|
* Run a function and print the results to the console
|
|
12
13
|
*
|
|
@@ -24,6 +25,17 @@ async function runAndPrint(func) {
|
|
|
24
25
|
process.exit(1);
|
|
25
26
|
}
|
|
26
27
|
}
|
|
28
|
+
/**
|
|
29
|
+
* Check the age of the data package and print a warning if it is over five days old.
|
|
30
|
+
*/
|
|
31
|
+
async function checkDataAge() {
|
|
32
|
+
const dataFrom = await (0, iam_data_1.iamDataUpdatedAt)();
|
|
33
|
+
const dataAge = Date.now() - dataFrom.getTime();
|
|
34
|
+
if (dataAge > fiveDays) {
|
|
35
|
+
console.warn('Warning: The data package is over five days old. Please run:');
|
|
36
|
+
console.warn(` iam-expand --show-data-version`);
|
|
37
|
+
}
|
|
38
|
+
}
|
|
27
39
|
/**
|
|
28
40
|
* Print the usage of the CLI to the console
|
|
29
41
|
*/
|
|
@@ -45,7 +57,7 @@ function printUsage() {
|
|
|
45
57
|
console.log(' --invert-not-actions: If JSON, replace NotAction strings or arrays with Action arrays that have the inverse actions');
|
|
46
58
|
console.log('CLI Behavior Options:');
|
|
47
59
|
console.log(' --show-data-version: Print the version of the iam-data package being used and exit');
|
|
48
|
-
console.log(' --read-wait-ms:
|
|
60
|
+
console.log(' --read-wait-ms: Milliseconds to wait for the first byte from stdin before timing out.');
|
|
49
61
|
console.log(' Example: --read-wait-ms=10_000');
|
|
50
62
|
process.exit(1);
|
|
51
63
|
}
|
|
@@ -91,6 +103,7 @@ async function run() {
|
|
|
91
103
|
if (options.invert) {
|
|
92
104
|
printWarnings(['--invert is not supported when processing JSON, ignoring. Did you mean --invert-not-actions ?']);
|
|
93
105
|
}
|
|
106
|
+
await checkDataAge();
|
|
94
107
|
return;
|
|
95
108
|
}
|
|
96
109
|
else if (stdInResult.strings) {
|
|
@@ -108,12 +121,13 @@ async function run() {
|
|
|
108
121
|
warnings.push('--invert-not-actions is only supported when processing JSON, ignoring.');
|
|
109
122
|
}
|
|
110
123
|
if (options.invert) {
|
|
111
|
-
await runAndPrint(() => (0, invert_js_1.
|
|
124
|
+
await runAndPrint(() => (0, invert_js_1.invertIamActions)(actionStrings, options));
|
|
112
125
|
}
|
|
113
126
|
else {
|
|
114
127
|
await runAndPrint(() => (0, expand_js_1.expandIamActions)(actionStrings, options));
|
|
115
128
|
}
|
|
116
129
|
printWarnings(warnings);
|
|
130
|
+
await checkDataAge();
|
|
117
131
|
return;
|
|
118
132
|
}
|
|
119
133
|
printUsage();
|
package/dist/cjs/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";;;AAEA,sDAA2E;AAC3E,iDAA4D;AAC5D,2CAA+C;AAC/C,
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";;;AAEA,sDAA2E;AAC3E,iDAA4D;AAC5D,2CAA+C;AAC/C,2CAA+C;AAE/C,MAAM,WAAW,GAAG,YAAY,CAAA;AAChC,MAAM,WAAW,GAAG,yBAAyB,CAAA;AAC7C,MAAM,QAAQ,GAAG,WAAW,CAAA;AAE5B;;;;GAIG;AACH,KAAK,UAAU,WAAW,CAAC,IAA6B;IACtD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAI,EAAE,CAAA;QAC3B,KAAK,MAAM,MAAM,IAAI,MAAM,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACrB,CAAC;IACH,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA;QACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,YAAY;IACzB,MAAM,QAAQ,GAAG,MAAM,IAAA,2BAAgB,GAAE,CAAA;IACzC,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,OAAO,EAAE,CAAA;IAE/C,IAAG,OAAO,GAAG,QAAQ,EAAE,CAAC;QACtB,OAAO,CAAC,IAAI,CAAC,8DAA8D,CAAC,CAAA;QAC5E,OAAO,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAA;IAClD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,UAAU;IACjB,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAA;IACzD,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;IACrB,OAAO,CAAC,GAAG,CAAC,KAAK,WAAW,oCAAoC,CAAC,CAAA;IACjE,OAAO,CAAC,GAAG,CAAC,2BAA2B,WAAW,YAAY,CAAC,CAAA;IAC/D,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAA;IACxC,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAA;IACtE,OAAO,CAAC,GAAG,CAAC,+FAA+F,CAAC,CAAA;IAC5G,OAAO,CAAC,GAAG,CAAC,wEAAwE,CAAC,CAAA;IACrF,OAAO,CAAC,GAAG,CAAC,gFAAgF,CAAC,CAAA;IAC7F,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAA;IAC9E,OAAO,CAAC,GAAG,CAAC,mEAAmE,CAAC,CAAA;IAChF,OAAO,CAAC,GAAG,CAAC,yFAAyF,CAAC,CAAA;IAEtG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAA;IACjC,OAAO,CAAC,GAAG,CAAC,oEAAoE,CAAC,CAAA;IACjF,OAAO,CAAC,GAAG,CAAC,uHAAuH,CAAC,CAAA;IAGpI,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAA;IACpC,OAAO,CAAC,GAAG,CAAC,sFAAsF,CAAC,CAAA;IACnG,OAAO,CAAC,GAAG,CAAC,yFAAyF,CAAC,CAAA;IACtG,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAA;IAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC;AAED;;;;GAIG;AACH,SAAS,aAAa,CAAC,QAAkB;IACvC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,OAAO,CAAC,IAAI,CAAC,WAAW,OAAO,EAAE,CAAC,CAAA;IACpC,CAAC;AACH,CAAC;AAED,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,gCAAgC;AACpE,MAAM,aAAa,GAAa,EAAE,CAAA;AAClC,MAAM,aAAa,GAAa,EAAE,CAAA;AAElC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,IAAG,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzB,CAAC;SAAM,CAAC;QACN,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,OAAO,GAAG,IAAA,6BAAc,EAAC,aAAa,CAAC,CAAA;IAC7C,IAAG,OAAO,CAAC,eAAe,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,MAAM,IAAA,yBAAc,GAAE,CAAA;QACtC,MAAM,SAAS,GAAG,MAAM,IAAA,2BAAgB,GAAE,CAAA;QAC1C,OAAO,CAAC,GAAG,CAAC,GAAG,WAAW,aAAa,OAAO,EAAE,CAAC,CAAA;QACjD,OAAO,CAAC,GAAG,CAAC,sBAAsB,MAAM,IAAA,2BAAgB,GAAE,EAAE,CAAC,CAAA;QAC7D,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAA;QAClC,OAAO,CAAC,GAAG,CAAC,gBAAgB,WAAW,EAAE,CAAC,CAAA;QAC1C,OAAO,CAAC,GAAG,CAAC,mBAAmB,WAAW,EAAE,CAAC,CAAA;QAC7C,OAAM;IACR,CAAC;IAED,MAAM,QAAQ,GAAa,EAAE,CAAA;IAE7B,IAAG,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,6CAA6C;QAC7C,MAAM,WAAW,GAAG,MAAM,IAAA,yBAAU,EAAC,OAAO,CAAC,CAAA;QAC7C,IAAG,WAAW,CAAC,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;YACxD,IAAG,OAAO,CAAC,MAAM,EAAE,CAAC;gBAClB,aAAa,CAAC,CAAC,+FAA+F,CAAC,CAAC,CAAA;YAClH,CAAC;YACD,MAAM,YAAY,EAAE,CAAA;YACpB,OAAM;QACR,CAAC;aAAM,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YAC/B,MAAM,YAAY,GAAG,WAAW,CAAC,OAAO,CAAA;YACxC,IAAG,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC3B,IAAG,OAAO,CAAC,cAAc,EAAE,CAAC;oBAC1B,QAAQ,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAA;gBACxF,CAAC;YACH,CAAC;YACD,aAAa,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAA;QACrC,CAAC;IACH,CAAC;IAED,IAAG,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,IAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,CAAC,wEAAwE,CAAC,CAAA;QACzF,CAAC;QACD,IAAG,OAAO,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,WAAW,CAAC,GAAG,EAAE,CAAC,IAAA,4BAAgB,EAAC,aAAa,EAAE,OAAO,CAAC,CAAC,CAAA;QACnE,CAAC;aAAM,CAAC;YACN,MAAM,WAAW,CAAC,GAAG,EAAE,CAAC,IAAA,4BAAgB,EAAC,aAAa,EAAE,OAAO,CAAC,CAAC,CAAA;QACnE,CAAC;QAED,aAAa,CAAC,QAAQ,CAAC,CAAA;QACvB,MAAM,YAAY,EAAE,CAAA;QACpB,OAAM;IACR,CAAC;IAED,UAAU,EAAE,CAAA;AACd,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA"}
|
package/dist/cjs/expand_file.js
CHANGED
|
@@ -31,7 +31,7 @@ async function expandJsonDocument(options, document, key) {
|
|
|
31
31
|
}
|
|
32
32
|
if (typeof document === 'object' && document !== null) {
|
|
33
33
|
if (options.invertNotActions && document.NotAction && isStringOrArrayofStrings(document.NotAction)) {
|
|
34
|
-
document.Action = (0, invert_js_1.
|
|
34
|
+
document.Action = (0, invert_js_1.invertIamActions)(document.NotAction);
|
|
35
35
|
delete document.NotAction;
|
|
36
36
|
}
|
|
37
37
|
for (const key of Object.keys(document)) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"expand_file.js","sourceRoot":"","sources":["../../src/expand_file.ts"],"names":[],"mappings":";;AAoBA,gDA+BC;AAnDD,2CAAwE;AACxE,
|
|
1
|
+
{"version":3,"file":"expand_file.js","sourceRoot":"","sources":["../../src/expand_file.ts"],"names":[],"mappings":";;AAoBA,gDA+BC;AAnDD,2CAAwE;AACxE,2CAA+C;AAM/C,MAAM,cAAc,GAAwD;IAC1E,gBAAgB,EAAE,KAAK;CACxB,CAAA;AAED;;;;;;;;GAQG;AACI,KAAK,UAAU,kBAAkB,CAAC,OAA2C,EAAE,QAAa,EAAE,GAAY;IAC/G,OAAO,GAAG,EAAC,GAAG,cAAc,EAAE,GAAG,OAAO,EAAC,CAAC;IAE1C,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;QAC5C,IAAI,wBAAwB,CAAC,QAAQ,CAAC,EAAE,CAAC;YACvC,OAAO,IAAA,4BAAgB,EAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,EAAE,CAAC;QACnB,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,MAAM,kBAAkB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtD,IAAG,OAAO,CAAC,gBAAgB,IAAI,QAAQ,CAAC,SAAS,IAAI,wBAAwB,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAClG,QAAQ,CAAC,MAAM,GAAG,IAAA,4BAAgB,EAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;YACtD,OAAO,QAAQ,CAAC,SAAS,CAAA;QAC3B,CAAC;QAED,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACxC,QAAQ,CAAC,GAAG,CAAC,GAAG,MAAM,kBAAkB,CAAC,OAAO,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;QACxE,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;GAKG;AACH,SAAS,wBAAwB,CAAC,KAAU;IAC1C,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC;AACjH,CAAC"}
|
package/dist/cjs/index.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
export { extractActionsFromLineOfInput } from './cli_utils.js';
|
|
2
|
-
export { ExpandIamActionsOptions, InvalidActionBehavior
|
|
3
|
-
export { expandJsonDocument } from './expand_file.js';
|
|
2
|
+
export { expandIamActions, type ExpandIamActionsOptions, type InvalidActionBehavior } from './expand.js';
|
|
3
|
+
export { expandJsonDocument, type ExpandJsonDocumentOptions } from './expand_file.js';
|
|
4
|
+
export { invertIamActions as invert } from './invert.js';
|
|
4
5
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/cjs/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,6BAA6B,EAAE,MAAM,gBAAgB,CAAC;AAC/D,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,6BAA6B,EAAE,MAAM,gBAAgB,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAAE,KAAK,uBAAuB,EAAE,KAAK,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACzG,OAAO,EAAE,kBAAkB,EAAE,KAAK,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AACtF,OAAO,EAAE,gBAAgB,IAAI,MAAM,EAAE,MAAM,aAAa,CAAC"}
|
package/dist/cjs/index.js
CHANGED
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
3
|
+
exports.invert = exports.expandJsonDocument = exports.expandIamActions = exports.extractActionsFromLineOfInput = void 0;
|
|
4
4
|
var cli_utils_js_1 = require("./cli_utils.js");
|
|
5
5
|
Object.defineProperty(exports, "extractActionsFromLineOfInput", { enumerable: true, get: function () { return cli_utils_js_1.extractActionsFromLineOfInput; } });
|
|
6
6
|
var expand_js_1 = require("./expand.js");
|
|
7
|
-
Object.defineProperty(exports, "InvalidActionBehavior", { enumerable: true, get: function () { return expand_js_1.InvalidActionBehavior; } });
|
|
8
7
|
Object.defineProperty(exports, "expandIamActions", { enumerable: true, get: function () { return expand_js_1.expandIamActions; } });
|
|
9
8
|
var expand_file_js_1 = require("./expand_file.js");
|
|
10
9
|
Object.defineProperty(exports, "expandJsonDocument", { enumerable: true, get: function () { return expand_file_js_1.expandJsonDocument; } });
|
|
10
|
+
var invert_js_1 = require("./invert.js");
|
|
11
|
+
Object.defineProperty(exports, "invert", { enumerable: true, get: function () { return invert_js_1.invertIamActions; } });
|
|
11
12
|
//# sourceMappingURL=index.js.map
|
package/dist/cjs/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAAA,+CAA+D;AAAtD,6HAAA,6BAA6B,OAAA;AACtC,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAAA,+CAA+D;AAAtD,6HAAA,6BAA6B,OAAA;AACtC,yCAAyG;AAAhG,6GAAA,gBAAgB,OAAA;AACzB,mDAAsF;AAA7E,oHAAA,kBAAkB,OAAA;AAC3B,yCAAyD;AAAhD,mGAAA,gBAAgB,OAAU"}
|
package/dist/cjs/invert.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
export interface InvertIamActionsOptions {
|
|
2
2
|
}
|
|
3
|
-
export declare function
|
|
3
|
+
export declare function invertIamActions(actionStringOrStrings: string | string[], overrideOptions?: Partial<InvertIamActionsOptions>): Promise<string[]>;
|
|
4
4
|
//# sourceMappingURL=invert.d.ts.map
|
package/dist/cjs/invert.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"invert.d.ts","sourceRoot":"","sources":["../../src/invert.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,uBAAuB;CACvC;AAID,wBAAsB,
|
|
1
|
+
{"version":3,"file":"invert.d.ts","sourceRoot":"","sources":["../../src/invert.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,uBAAuB;CACvC;AAID,wBAAsB,gBAAgB,CAAC,qBAAqB,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,eAAe,CAAC,EAAE,OAAO,CAAC,uBAAuB,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAoDtJ"}
|
package/dist/cjs/invert.js
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
3
|
+
exports.invertIamActions = invertIamActions;
|
|
4
4
|
const iam_data_1 = require("@cloud-copilot/iam-data");
|
|
5
5
|
const util_js_1 = require("./util.js");
|
|
6
6
|
const defaultOptions = {};
|
|
7
|
-
async function
|
|
7
|
+
async function invertIamActions(actionStringOrStrings, overrideOptions) {
|
|
8
8
|
const options = { ...defaultOptions, ...overrideOptions };
|
|
9
9
|
if (!actionStringOrStrings) {
|
|
10
10
|
throw new Error('at least one action must be provided to invert');
|
package/dist/cjs/invert.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"invert.js","sourceRoot":"","sources":["../../src/invert.ts"],"names":[],"mappings":";;AAQA,
|
|
1
|
+
{"version":3,"file":"invert.js","sourceRoot":"","sources":["../../src/invert.ts"],"names":[],"mappings":";;AAQA,4CAoDC;AA5DD,sDAA8E;AAC9E,uCAAuE;AAKvE,MAAM,cAAc,GAA4B,EAAE,CAAA;AAE3C,KAAK,UAAU,gBAAgB,CAAC,qBAAwC,EAAE,eAAkD;IACjI,MAAM,OAAO,GAAG,EAAC,GAAG,cAAc,EAAE,GAAG,eAAe,EAAC,CAAA;IAEvD,IAAG,CAAC,qBAAqB,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAA;IACnE,CAAC;IAED,IAAI,eAAe,GAAG,KAAK,CAAA;IAC3B,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAU,CAAA;IAC3C,MAAM,eAAe,GAA6B,EAAE,CAAA;IAEpD,MAAM,eAAe,GAAG,KAAK,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAA;IAC9G,KAAI,MAAM,MAAM,IAAI,eAAe,EAAE,CAAC;QACpC,IAAG,MAAM,CAAC,KAAK,CAAC,6BAAmB,CAAC,EAAE,CAAC;YACrC,eAAe,GAAG,IAAI,CAAA;YACtB,MAAM;QACR,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC/B,IAAG,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtB,SAAS;QACX,CAAC;QACD,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAA;QACxE,IAAG,eAAe,CAAC,KAAK,CAAC,6BAAmB,CAAC,EAAE,CAAC;YAC9C,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;YAC9B,SAAS;QACX,CAAC;QACD,IAAG,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,CAAA;QAC/B,CAAC;QACD,eAAe,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAA,gCAAsB,EAAC,eAAe,CAAC,CAAC,CAAA;IACxE,CAAC;IAED,IAAG,eAAe,EAAE,CAAC;QACnB,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,IAAA,yBAAc,GAAE,CAAA;IAC1C,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,UAAU,EAAE,EAAE;QACzE,IAAG,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;YACrC,OAAO,EAAE,CAAA;QACX,CAAC;QACD,MAAM,cAAc,GAAG,MAAM,IAAA,+BAAoB,EAAC,UAAU,CAAC,CAAA;QAC7D,MAAM,yBAAyB,GAAG,eAAe,CAAC,UAAU,CAAC,IAAI,EAAE,CAAA;QACnE,IAAG,yBAAyB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1C,OAAO,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,UAAU,IAAI,MAAM,EAAE,CAAC,CAAA;QAChE,CAAC;QACD,OAAO,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE;YACpC,OAAO,CAAC,yBAAyB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAA;QAC1E,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,UAAU,IAAI,MAAM,EAAE,CAAC,CAAA;IAC7C,CAAC,CAAC,CAAC,CAAA;IAEH,OAAQ,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;AACxD,CAAC"}
|
package/dist/esm/cli.js
CHANGED
|
@@ -2,9 +2,10 @@
|
|
|
2
2
|
import { iamDataUpdatedAt, iamDataVersion } from "@cloud-copilot/iam-data";
|
|
3
3
|
import { convertOptions, parseStdIn } from "./cli_utils.js";
|
|
4
4
|
import { expandIamActions } from "./expand.js";
|
|
5
|
-
import {
|
|
5
|
+
import { invertIamActions } from "./invert.js";
|
|
6
6
|
const commandName = 'iam-expand';
|
|
7
7
|
const dataPackage = '@cloud-copilot/iam-data';
|
|
8
|
+
const fiveDays = 432000000;
|
|
8
9
|
/**
|
|
9
10
|
* Run a function and print the results to the console
|
|
10
11
|
*
|
|
@@ -22,6 +23,17 @@ async function runAndPrint(func) {
|
|
|
22
23
|
process.exit(1);
|
|
23
24
|
}
|
|
24
25
|
}
|
|
26
|
+
/**
|
|
27
|
+
* Check the age of the data package and print a warning if it is over five days old.
|
|
28
|
+
*/
|
|
29
|
+
async function checkDataAge() {
|
|
30
|
+
const dataFrom = await iamDataUpdatedAt();
|
|
31
|
+
const dataAge = Date.now() - dataFrom.getTime();
|
|
32
|
+
if (dataAge > fiveDays) {
|
|
33
|
+
console.warn('Warning: The data package is over five days old. Please run:');
|
|
34
|
+
console.warn(` iam-expand --show-data-version`);
|
|
35
|
+
}
|
|
36
|
+
}
|
|
25
37
|
/**
|
|
26
38
|
* Print the usage of the CLI to the console
|
|
27
39
|
*/
|
|
@@ -43,7 +55,7 @@ function printUsage() {
|
|
|
43
55
|
console.log(' --invert-not-actions: If JSON, replace NotAction strings or arrays with Action arrays that have the inverse actions');
|
|
44
56
|
console.log('CLI Behavior Options:');
|
|
45
57
|
console.log(' --show-data-version: Print the version of the iam-data package being used and exit');
|
|
46
|
-
console.log(' --read-wait-ms:
|
|
58
|
+
console.log(' --read-wait-ms: Milliseconds to wait for the first byte from stdin before timing out.');
|
|
47
59
|
console.log(' Example: --read-wait-ms=10_000');
|
|
48
60
|
process.exit(1);
|
|
49
61
|
}
|
|
@@ -89,6 +101,7 @@ async function run() {
|
|
|
89
101
|
if (options.invert) {
|
|
90
102
|
printWarnings(['--invert is not supported when processing JSON, ignoring. Did you mean --invert-not-actions ?']);
|
|
91
103
|
}
|
|
104
|
+
await checkDataAge();
|
|
92
105
|
return;
|
|
93
106
|
}
|
|
94
107
|
else if (stdInResult.strings) {
|
|
@@ -106,12 +119,13 @@ async function run() {
|
|
|
106
119
|
warnings.push('--invert-not-actions is only supported when processing JSON, ignoring.');
|
|
107
120
|
}
|
|
108
121
|
if (options.invert) {
|
|
109
|
-
await runAndPrint(() =>
|
|
122
|
+
await runAndPrint(() => invertIamActions(actionStrings, options));
|
|
110
123
|
}
|
|
111
124
|
else {
|
|
112
125
|
await runAndPrint(() => expandIamActions(actionStrings, options));
|
|
113
126
|
}
|
|
114
127
|
printWarnings(warnings);
|
|
128
|
+
await checkDataAge();
|
|
115
129
|
return;
|
|
116
130
|
}
|
|
117
131
|
printUsage();
|
package/dist/esm/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAC3E,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAC3E,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE/C,MAAM,WAAW,GAAG,YAAY,CAAA;AAChC,MAAM,WAAW,GAAG,yBAAyB,CAAA;AAC7C,MAAM,QAAQ,GAAG,SAAW,CAAA;AAE5B;;;;GAIG;AACH,KAAK,UAAU,WAAW,CAAC,IAA6B;IACtD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAI,EAAE,CAAA;QAC3B,KAAK,MAAM,MAAM,IAAI,MAAM,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACrB,CAAC;IACH,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA;QACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,YAAY;IACzB,MAAM,QAAQ,GAAG,MAAM,gBAAgB,EAAE,CAAA;IACzC,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,OAAO,EAAE,CAAA;IAE/C,IAAG,OAAO,GAAG,QAAQ,EAAE,CAAC;QACtB,OAAO,CAAC,IAAI,CAAC,8DAA8D,CAAC,CAAA;QAC5E,OAAO,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAA;IAClD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,UAAU;IACjB,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAA;IACzD,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;IACrB,OAAO,CAAC,GAAG,CAAC,KAAK,WAAW,oCAAoC,CAAC,CAAA;IACjE,OAAO,CAAC,GAAG,CAAC,2BAA2B,WAAW,YAAY,CAAC,CAAA;IAC/D,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAA;IACxC,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAA;IACtE,OAAO,CAAC,GAAG,CAAC,+FAA+F,CAAC,CAAA;IAC5G,OAAO,CAAC,GAAG,CAAC,wEAAwE,CAAC,CAAA;IACrF,OAAO,CAAC,GAAG,CAAC,gFAAgF,CAAC,CAAA;IAC7F,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAA;IAC9E,OAAO,CAAC,GAAG,CAAC,mEAAmE,CAAC,CAAA;IAChF,OAAO,CAAC,GAAG,CAAC,yFAAyF,CAAC,CAAA;IAEtG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAA;IACjC,OAAO,CAAC,GAAG,CAAC,oEAAoE,CAAC,CAAA;IACjF,OAAO,CAAC,GAAG,CAAC,uHAAuH,CAAC,CAAA;IAGpI,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAA;IACpC,OAAO,CAAC,GAAG,CAAC,sFAAsF,CAAC,CAAA;IACnG,OAAO,CAAC,GAAG,CAAC,yFAAyF,CAAC,CAAA;IACtG,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAA;IAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC;AAED;;;;GAIG;AACH,SAAS,aAAa,CAAC,QAAkB;IACvC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,OAAO,CAAC,IAAI,CAAC,WAAW,OAAO,EAAE,CAAC,CAAA;IACpC,CAAC;AACH,CAAC;AAED,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,gCAAgC;AACpE,MAAM,aAAa,GAAa,EAAE,CAAA;AAClC,MAAM,aAAa,GAAa,EAAE,CAAA;AAElC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,IAAG,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzB,CAAC;SAAM,CAAC;QACN,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,OAAO,GAAG,cAAc,CAAC,aAAa,CAAC,CAAA;IAC7C,IAAG,OAAO,CAAC,eAAe,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,MAAM,cAAc,EAAE,CAAA;QACtC,MAAM,SAAS,GAAG,MAAM,gBAAgB,EAAE,CAAA;QAC1C,OAAO,CAAC,GAAG,CAAC,GAAG,WAAW,aAAa,OAAO,EAAE,CAAC,CAAA;QACjD,OAAO,CAAC,GAAG,CAAC,sBAAsB,MAAM,gBAAgB,EAAE,EAAE,CAAC,CAAA;QAC7D,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAA;QAClC,OAAO,CAAC,GAAG,CAAC,gBAAgB,WAAW,EAAE,CAAC,CAAA;QAC1C,OAAO,CAAC,GAAG,CAAC,mBAAmB,WAAW,EAAE,CAAC,CAAA;QAC7C,OAAM;IACR,CAAC;IAED,MAAM,QAAQ,GAAa,EAAE,CAAA;IAE7B,IAAG,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,6CAA6C;QAC7C,MAAM,WAAW,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,CAAA;QAC7C,IAAG,WAAW,CAAC,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;YACxD,IAAG,OAAO,CAAC,MAAM,EAAE,CAAC;gBAClB,aAAa,CAAC,CAAC,+FAA+F,CAAC,CAAC,CAAA;YAClH,CAAC;YACD,MAAM,YAAY,EAAE,CAAA;YACpB,OAAM;QACR,CAAC;aAAM,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YAC/B,MAAM,YAAY,GAAG,WAAW,CAAC,OAAO,CAAA;YACxC,IAAG,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC3B,IAAG,OAAO,CAAC,cAAc,EAAE,CAAC;oBAC1B,QAAQ,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAA;gBACxF,CAAC;YACH,CAAC;YACD,aAAa,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAA;QACrC,CAAC;IACH,CAAC;IAED,IAAG,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,IAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,CAAC,wEAAwE,CAAC,CAAA;QACzF,CAAC;QACD,IAAG,OAAO,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,WAAW,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC,CAAA;QACnE,CAAC;aAAM,CAAC;YACN,MAAM,WAAW,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC,CAAA;QACnE,CAAC;QAED,aAAa,CAAC,QAAQ,CAAC,CAAA;QACvB,MAAM,YAAY,EAAE,CAAA;QACpB,OAAM;IACR,CAAC;IAED,UAAU,EAAE,CAAA;AACd,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA"}
|
package/dist/esm/expand_file.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { expandIamActions } from "./expand.js";
|
|
2
|
-
import {
|
|
2
|
+
import { invertIamActions } from "./invert.js";
|
|
3
3
|
const defaultOptions = {
|
|
4
4
|
invertNotActions: false
|
|
5
5
|
};
|
|
@@ -28,7 +28,7 @@ export async function expandJsonDocument(options, document, key) {
|
|
|
28
28
|
}
|
|
29
29
|
if (typeof document === 'object' && document !== null) {
|
|
30
30
|
if (options.invertNotActions && document.NotAction && isStringOrArrayofStrings(document.NotAction)) {
|
|
31
|
-
document.Action =
|
|
31
|
+
document.Action = invertIamActions(document.NotAction);
|
|
32
32
|
delete document.NotAction;
|
|
33
33
|
}
|
|
34
34
|
for (const key of Object.keys(document)) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"expand_file.js","sourceRoot":"","sources":["../../src/expand_file.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAA2B,MAAM,aAAa,CAAC;AACxE,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"expand_file.js","sourceRoot":"","sources":["../../src/expand_file.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAA2B,MAAM,aAAa,CAAC;AACxE,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAM/C,MAAM,cAAc,GAAwD;IAC1E,gBAAgB,EAAE,KAAK;CACxB,CAAA;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,OAA2C,EAAE,QAAa,EAAE,GAAY;IAC/G,OAAO,GAAG,EAAC,GAAG,cAAc,EAAE,GAAG,OAAO,EAAC,CAAC;IAE1C,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;QAC5C,IAAI,wBAAwB,CAAC,QAAQ,CAAC,EAAE,CAAC;YACvC,OAAO,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,EAAE,CAAC;QACnB,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,MAAM,kBAAkB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtD,IAAG,OAAO,CAAC,gBAAgB,IAAI,QAAQ,CAAC,SAAS,IAAI,wBAAwB,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAClG,QAAQ,CAAC,MAAM,GAAG,gBAAgB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;YACtD,OAAO,QAAQ,CAAC,SAAS,CAAA;QAC3B,CAAC;QAED,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACxC,QAAQ,CAAC,GAAG,CAAC,GAAG,MAAM,kBAAkB,CAAC,OAAO,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;QACxE,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;GAKG;AACH,SAAS,wBAAwB,CAAC,KAAU;IAC1C,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC;AACjH,CAAC"}
|
package/dist/esm/index.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
export { extractActionsFromLineOfInput } from './cli_utils.js';
|
|
2
|
-
export { ExpandIamActionsOptions, InvalidActionBehavior
|
|
3
|
-
export { expandJsonDocument } from './expand_file.js';
|
|
2
|
+
export { expandIamActions, type ExpandIamActionsOptions, type InvalidActionBehavior } from './expand.js';
|
|
3
|
+
export { expandJsonDocument, type ExpandJsonDocumentOptions } from './expand_file.js';
|
|
4
|
+
export { invertIamActions as invert } from './invert.js';
|
|
4
5
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/esm/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,6BAA6B,EAAE,MAAM,gBAAgB,CAAC;AAC/D,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,6BAA6B,EAAE,MAAM,gBAAgB,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAAE,KAAK,uBAAuB,EAAE,KAAK,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACzG,OAAO,EAAE,kBAAkB,EAAE,KAAK,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AACtF,OAAO,EAAE,gBAAgB,IAAI,MAAM,EAAE,MAAM,aAAa,CAAC"}
|
package/dist/esm/index.js
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
export { extractActionsFromLineOfInput } from './cli_utils.js';
|
|
2
|
-
export {
|
|
2
|
+
export { expandIamActions } from './expand.js';
|
|
3
3
|
export { expandJsonDocument } from './expand_file.js';
|
|
4
|
+
export { invertIamActions as invert } from './invert.js';
|
|
4
5
|
//# sourceMappingURL=index.js.map
|
package/dist/esm/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,6BAA6B,EAAE,MAAM,gBAAgB,CAAC;AAC/D,OAAO,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,6BAA6B,EAAE,MAAM,gBAAgB,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAA4D,MAAM,aAAa,CAAC;AACzG,OAAO,EAAE,kBAAkB,EAAkC,MAAM,kBAAkB,CAAC;AACtF,OAAO,EAAE,gBAAgB,IAAI,MAAM,EAAE,MAAM,aAAa,CAAC"}
|
package/dist/esm/invert.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
export interface InvertIamActionsOptions {
|
|
2
2
|
}
|
|
3
|
-
export declare function
|
|
3
|
+
export declare function invertIamActions(actionStringOrStrings: string | string[], overrideOptions?: Partial<InvertIamActionsOptions>): Promise<string[]>;
|
|
4
4
|
//# sourceMappingURL=invert.d.ts.map
|
package/dist/esm/invert.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"invert.d.ts","sourceRoot":"","sources":["../../src/invert.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,uBAAuB;CACvC;AAID,wBAAsB,
|
|
1
|
+
{"version":3,"file":"invert.d.ts","sourceRoot":"","sources":["../../src/invert.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,uBAAuB;CACvC;AAID,wBAAsB,gBAAgB,CAAC,qBAAqB,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,eAAe,CAAC,EAAE,OAAO,CAAC,uBAAuB,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAoDtJ"}
|
package/dist/esm/invert.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { iamActionsForService, iamServiceKeys } from "@cloud-copilot/iam-data";
|
|
2
2
|
import { allAsterisksPattern, convertStringToPattern } from "./util.js";
|
|
3
3
|
const defaultOptions = {};
|
|
4
|
-
export async function
|
|
4
|
+
export async function invertIamActions(actionStringOrStrings, overrideOptions) {
|
|
5
5
|
const options = { ...defaultOptions, ...overrideOptions };
|
|
6
6
|
if (!actionStringOrStrings) {
|
|
7
7
|
throw new Error('at least one action must be provided to invert');
|
package/dist/esm/invert.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"invert.js","sourceRoot":"","sources":["../../src/invert.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAA;AAC9E,OAAO,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAA;AAKvE,MAAM,cAAc,GAA4B,EAAE,CAAA;AAElD,MAAM,CAAC,KAAK,UAAU,
|
|
1
|
+
{"version":3,"file":"invert.js","sourceRoot":"","sources":["../../src/invert.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAA;AAC9E,OAAO,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAA;AAKvE,MAAM,cAAc,GAA4B,EAAE,CAAA;AAElD,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,qBAAwC,EAAE,eAAkD;IACjI,MAAM,OAAO,GAAG,EAAC,GAAG,cAAc,EAAE,GAAG,eAAe,EAAC,CAAA;IAEvD,IAAG,CAAC,qBAAqB,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAA;IACnE,CAAC;IAED,IAAI,eAAe,GAAG,KAAK,CAAA;IAC3B,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAU,CAAA;IAC3C,MAAM,eAAe,GAA6B,EAAE,CAAA;IAEpD,MAAM,eAAe,GAAG,KAAK,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAA;IAC9G,KAAI,MAAM,MAAM,IAAI,eAAe,EAAE,CAAC;QACpC,IAAG,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE,CAAC;YACrC,eAAe,GAAG,IAAI,CAAA;YACtB,MAAM;QACR,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC/B,IAAG,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtB,SAAS;QACX,CAAC;QACD,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAA;QACxE,IAAG,eAAe,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE,CAAC;YAC9C,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;YAC9B,SAAS;QACX,CAAC;QACD,IAAG,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,CAAA;QAC/B,CAAC;QACD,eAAe,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,eAAe,CAAC,CAAC,CAAA;IACxE,CAAC;IAED,IAAG,eAAe,EAAE,CAAC;QACnB,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,cAAc,EAAE,CAAA;IAC1C,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,UAAU,EAAE,EAAE;QACzE,IAAG,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;YACrC,OAAO,EAAE,CAAA;QACX,CAAC;QACD,MAAM,cAAc,GAAG,MAAM,oBAAoB,CAAC,UAAU,CAAC,CAAA;QAC7D,MAAM,yBAAyB,GAAG,eAAe,CAAC,UAAU,CAAC,IAAI,EAAE,CAAA;QACnE,IAAG,yBAAyB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1C,OAAO,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,UAAU,IAAI,MAAM,EAAE,CAAC,CAAA;QAChE,CAAC;QACD,OAAO,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE;YACpC,OAAO,CAAC,yBAAyB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAA;QAC1E,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,UAAU,IAAI,MAAM,EAAE,CAAC,CAAA;IAC7C,CAAC,CAAC,CAAC,CAAA;IAEH,OAAQ,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;AACxD,CAAC"}
|