@cloud-copilot/iam-lens 0.1.0 → 0.1.2

package/dist/cjs/resources.d.ts

@@ -0,0 +1,19 @@
+import { Simulation } from '@cloud-copilot/iam-simulate';
+import { IamCollectClient } from './collect/client.js';
+/**
+ * Get the account ID for a given resource ARN. Lookup index if necessary to find the account ID.
+ *
+ * @param collectClient the IAM collect client to use for retrieving the account ID
+ * @param resourceArn the ARN of the resource to get the account ID for
+ * @returns the account ID for the specified resource, or undefined if not found
+ */
+export declare function getAccountIdForResource(collectClient: IamCollectClient, resourceArn: string): Promise<string | undefined>;
+/**
+ * Get the resource control policies (RCPs) for a given resource ARN.
+ *
+ * @param collectClient the IAM collect client to use for retrieving RCPs
+ * @param resourceArn the ARN of the resource to get RCPs for
+ * @returns an array of resource control policies for the specified resource
+ */
+export declare function getRcpsForResource(collectClient: IamCollectClient, resourceArn: string): Promise<Simulation['resourceControlPolicies']>;
+//# sourceMappingURL=resources.d.ts.map

package/dist/cjs/resources.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resources.d.ts","sourceRoot":"","sources":["../../src/resources.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAA;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AAGtD;;;;;;GAMG;AACH,wBAAsB,uBAAuB,CAC3C,aAAa,EAAE,gBAAgB,EAC/B,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAc7B;AAED;;;;;;GAMG;AACH,wBAAsB,kBAAkB,CACtC,aAAa,EAAE,gBAAgB,EAC/B,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,UAAU,CAAC,yBAAyB,CAAC,CAAC,CAMhD"}

package/dist/cjs/resources.js

@@ -0,0 +1,43 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getAccountIdForResource = getAccountIdForResource;
+exports.getRcpsForResource = getRcpsForResource;
+const arn_js_1 = require("./util/arn.js");
+/**
+ * Get the account ID for a given resource ARN. Lookup index if necessary to find the account ID.
+ *
+ * @param collectClient the IAM collect client to use for retrieving the account ID
+ * @param resourceArn the ARN of the resource to get the account ID for
+ * @returns the account ID for the specified resource, or undefined if not found
+ */
+async function getAccountIdForResource(collectClient, resourceArn) {
+    const arnParts = (0, arn_js_1.splitArnParts)(resourceArn);
+    let accountId = arnParts.accountId;
+    if (accountId) {
+        return accountId;
+    }
+    if (arnParts.service === 's3' && arnParts.resourceType === '') {
+        const bucketName = arnParts.resourcePath;
+        return collectClient.getAccountIdForBucket(bucketName);
+    }
+    else if (arnParts.service === 'apigateway' && arnParts.resourceType === 'restapis') {
+        const apiId = arnParts.resourcePath;
+        return collectClient.getAccountIdForRestApi(apiId);
+    }
+    return undefined;
+}
+/**
+ * Get the resource control policies (RCPs) for a given resource ARN.
+ *
+ * @param collectClient the IAM collect client to use for retrieving RCPs
+ * @param resourceArn the ARN of the resource to get RCPs for
+ * @returns an array of resource control policies for the specified resource
+ */
+async function getRcpsForResource(collectClient, resourceArn) {
+    const accountId = await getAccountIdForResource(collectClient, resourceArn);
+    if (!accountId) {
+        throw new Error(`Unable to determine account ID for resource ARN: ${resourceArn}`);
+    }
+    return collectClient.getRcpHierarchyForAccount(accountId);
+}
+//# sourceMappingURL=resources.js.map

package/dist/cjs/resources.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resources.js","sourceRoot":"","sources":["../../src/resources.ts"],"names":[],"mappings":";;AAWA,0DAiBC;AASD,gDASC;AA5CD,0CAA6C;AAE7C;;;;;;GAMG;AACI,KAAK,UAAU,uBAAuB,CAC3C,aAA+B,EAC/B,WAAmB;IAEnB,MAAM,QAAQ,GAAG,IAAA,sBAAa,EAAC,WAAW,CAAC,CAAA;IAC3C,IAAI,SAAS,GAAG,QAAQ,CAAC,SAAS,CAAA;IAClC,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,SAAS,CAAA;IAClB,CAAC;IACD,IAAI,QAAQ,CAAC,OAAO,KAAK,IAAI,IAAI,QAAQ,CAAC,YAAY,KAAK,EAAE,EAAE,CAAC;QAC9D,MAAM,UAAU,GAAG,QAAQ,CAAC,YAAa,CAAA;QACzC,OAAO,aAAa,CAAC,qBAAqB,CAAC,UAAU,CAAC,CAAA;IACxD,CAAC;SAAM,IAAI,QAAQ,CAAC,OAAO,KAAK,YAAY,IAAI,QAAQ,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;QACrF,MAAM,KAAK,GAAG,QAAQ,CAAC,YAAa,CAAA;QACpC,OAAO,aAAa,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAA;IACpD,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,kBAAkB,CACtC,aAA+B,EAC/B,WAAmB;IAEnB,MAAM,SAAS,GAAG,MAAM,uBAAuB,CAAC,aAAa,EAAE,WAAW,CAAC,CAAA;IAC3E,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,oDAAoD,WAAW,EAAE,CAAC,CAAA;IACpF,CAAC;IACD,OAAO,aAAa,CAAC,yBAAyB,CAAC,SAAS,CAAC,CAAA;AAC3D,CAAC"}

package/dist/cjs/util/arn.d.ts

@@ -0,0 +1,26 @@
+export interface ArnParts {
+    partition: string | undefined;
+    service: string | undefined;
+    region: string | undefined;
+    accountId: string | undefined;
+    resource: string | undefined;
+    resourceType: string | undefined;
+    resourcePath: string | undefined;
+}
+/**
+ * Split an ARN into its parts
+ *
+ * @param arn the arn to split
+ * @returns the parts of the ARN
+ */
+export declare function splitArnParts(arn: string): ArnParts;
+/**
+ * Get the product/id segments of the resource portion of an ARN.
+ * The first segment is the product segment and the second segment is the resource id segment.
+ * This could be split by a colon or a slash, so it checks for both. It also checks for S3 buckets/objects.
+ *
+ * @param resource The resource to get the resource segments. Must be an ARN resource.
+ * @returns a tuple with the first segment being the product segment (without the separator) and the second segment being the resource id.
+ */
+export declare function getResourceSegments(service: string, accountId: string, region: string, resourceString: string): [string, string];
+//# sourceMappingURL=arn.d.ts.map

package/dist/cjs/util/arn.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"arn.d.ts","sourceRoot":"","sources":["../../../src/util/arn.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,QAAQ;IACvB,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,OAAO,EAAE,MAAM,GAAG,SAAS,CAAA;IAC3B,MAAM,EAAE,MAAM,GAAG,SAAS,CAAA;IAC1B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;IAC5B,YAAY,EAAE,MAAM,GAAG,SAAS,CAAA;IAChC,YAAY,EAAE,MAAM,GAAG,SAAS,CAAA;CACjC;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,QAAQ,CAkBnD;AAED;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,MAAM,GACrB,CAAC,MAAM,EAAE,MAAM,CAAC,CA+BlB"}

package/dist/cjs/util/arn.js

@@ -0,0 +1,68 @@
+"use strict";
+// Copied from https://github.com/cloud-copilot/iam-simulate/blob/main/src/util.ts
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.splitArnParts = splitArnParts;
+exports.getResourceSegments = getResourceSegments;
+/**
+ * Split an ARN into its parts
+ *
+ * @param arn the arn to split
+ * @returns the parts of the ARN
+ */
+function splitArnParts(arn) {
+    const parts = arn.split(':');
+    const partition = parts.at(1);
+    const service = parts.at(2);
+    const region = parts.at(3);
+    const accountId = parts.at(4);
+    const resource = parts.slice(5).join(':');
+    const [resourceType, resourcePath] = getResourceSegments(service, accountId, region, resource);
+    return {
+        partition,
+        service,
+        region,
+        accountId,
+        resource,
+        resourceType,
+        resourcePath
+    };
+}
+/**
+ * Get the product/id segments of the resource portion of an ARN.
+ * The first segment is the product segment and the second segment is the resource id segment.
+ * This could be split by a colon or a slash, so it checks for both. It also checks for S3 buckets/objects.
+ *
+ * @param resource The resource to get the resource segments. Must be an ARN resource.
+ * @returns a tuple with the first segment being the product segment (without the separator) and the second segment being the resource id.
+ */
+function getResourceSegments(service, accountId, region, resourceString) {
+    // This is terrible, and I hate it
+    if ((service === 's3' && accountId === '' && region === '') ||
+        service === 'sns' ||
+        service === 'sqs') {
+        return ['', resourceString];
+    }
+    if (resourceString.startsWith('/')) {
+        resourceString = resourceString.slice(1);
+    }
+    const slashIndex = resourceString.indexOf('/');
+    const colonIndex = resourceString.indexOf(':');
+    let splitIndex = slashIndex;
+    if (slashIndex != -1 && colonIndex != -1) {
+        splitIndex = Math.min(slashIndex, colonIndex) + 1;
+    }
+    else if (slashIndex == -1 && colonIndex == -1) {
+        splitIndex = resourceString.length + 1;
+    }
+    else if (colonIndex == -1) {
+        splitIndex = slashIndex + 1;
+    }
+    else if (slashIndex == -1) {
+        splitIndex = colonIndex + 1;
+    }
+    else {
+        throw new Error(`Unable to split resource ${resourceString}`);
+    }
+    return [resourceString.slice(0, splitIndex - 1), resourceString.slice(splitIndex)];
+}
+//# sourceMappingURL=arn.js.map

package/dist/cjs/util/arn.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"arn.js","sourceRoot":"","sources":["../../../src/util/arn.ts"],"names":[],"mappings":";AAAA,kFAAkF;;AAkBlF,sCAkBC;AAUD,kDAoCC;AAtED;;;;;GAKG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC5B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC7B,MAAM,OAAO,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IAC5B,MAAM,MAAM,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IAC3B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IAC9B,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,GAAG,mBAAmB,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAA;IAE9F,OAAO;QACL,SAAS;QACT,OAAO;QACP,MAAM;QACN,SAAS;QACT,QAAQ;QACR,YAAY;QACZ,YAAY;KACb,CAAA;AACH,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,mBAAmB,CACjC,OAAe,EACf,SAAiB,EACjB,MAAc,EACd,cAAsB;IAEtB,kCAAkC;IAClC,IACE,CAAC,OAAO,KAAK,IAAI,IAAI,SAAS,KAAK,EAAE,IAAI,MAAM,KAAK,EAAE,CAAC;QACvD,OAAO,KAAK,KAAK;QACjB,OAAO,KAAK,KAAK,EACjB,CAAC;QACD,OAAO,CAAC,EAAE,EAAE,cAAc,CAAC,CAAA;IAC7B,CAAC;IAED,IAAI,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,cAAc,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAC1C,CAAC;IAED,MAAM,UAAU,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAC9C,MAAM,UAAU,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAE9C,IAAI,UAAU,GAAG,UAAU,CAAA;IAC3B,IAAI,UAAU,IAAI,CAAC,CAAC,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QACzC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,CAAA;IACnD,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAChD,UAAU,GAAG,cAAc,CAAC,MAAM,GAAG,CAAC,CAAA;IACxC,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,4BAA4B,cAAc,EAAE,CAAC,CAAA;IAC/D,CAAC;IAED,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,GAAG,CAAC,CAAC,EAAE,cAAc,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAA;AACpF,CAAC"}

package/dist/esm/accounts.d.ts

@@ -0,0 +1,3 @@
+import { AwsIamStore } from '@cloud-copilot/iam-collect';
+export declare function accountExists(storageClient: AwsIamStore, accountId: string): Promise<boolean>;
+//# sourceMappingURL=accounts.d.ts.map

package/dist/esm/accounts.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"accounts.d.ts","sourceRoot":"","sources":["../../src/accounts.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AAExD,wBAAsB,aAAa,CACjC,aAAa,EAAE,WAAW,EAC1B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,OAAO,CAAC,CAGlB"}

package/dist/esm/accounts.js

@@ -0,0 +1,5 @@
+export async function accountExists(storageClient, accountId) {
+    const accounts = await storageClient.listAccountIds();
+    return accounts.includes(accountId);
+}
+//# sourceMappingURL=accounts.js.map

package/dist/esm/accounts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"accounts.js","sourceRoot":"","sources":["../../src/accounts.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,aAA0B,EAC1B,SAAiB;IAEjB,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,cAAc,EAAE,CAAA;IACrD,OAAO,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;AACrC,CAAC"}

package/dist/esm/collect/client.d.ts

@@ -0,0 +1,238 @@
+import { AwsIamStore } from '@cloud-copilot/iam-collect';
+export interface SimulationOrgPolicies {
+    orgIdentifier: string;
+    policies: {
+        name: string;
+        policy: any;
+    }[];
+}
+interface IamUserMetadata {
+    arn: string;
+    path: string;
+    permissionBoundary: string;
+    id: string;
+    name: string;
+    created: string;
+}
+export interface OrgPolicy {
+    arn: string;
+    name: string;
+    policy: any;
+}
+export interface ManagedPolicy {
+    arn: string;
+    name: string;
+    policy: any;
+}
+export interface InlinePolicy {
+    name: string;
+    policy: any;
+}
+interface OrgAccount {
+    ou: string;
+    rcps: string[];
+    scps: string[];
+}
+type OrgAccounts = Record<string, OrgAccount>;
+interface OrgUnitDetails {
+    parent: string | undefined;
+    scps: string[];
+    rcps: string[];
+}
+type OrgUnits = Record<string, OrgUnitDetails>;
+type OrgPolicyType = 'scps' | 'rcps';
+interface OrganizationMetadata {
+    id: string;
+    arn: string;
+    rootOu: string;
+    rootAccountArn: string;
+    rootAccountId: string;
+    features: {
+        AISERVICES_OPT_OUT_POLICY?: boolean;
+        BACKUP_POLICY?: boolean;
+        RESOURCE_CONTROL_POLICY?: boolean;
+        SERVICE_CONTROL_POLICY?: boolean;
+        TAG_POLICY?: boolean;
+    };
+}
+export declare class IamCollectClient {
+    private storageClient;
+    constructor(storageClient: AwsIamStore);
+    /**
+     * Checks if an account exists in the store.
+     * @param accountId The ID of the account to check.
+     * @returns True if the account exists, false otherwise.
+     */
+    accountExists(accountId: string): Promise<boolean>;
+    /**
+     * Checks if a principal exists in the store.
+     * @param principalArn The ARN of the principal to check.
+     * @returns True if the principal exists, false otherwise.
+     */
+    principalExists(principalArn: string): Promise<boolean>;
+    /**
+     * Gets the SCP Hierarchy for an account. The first element is the root, the last element is the account itself.
+     * @param accountId The ID of the account to get the SCP Hierarchy for.
+     * @returns The SCP Hierarchy for the account.
+     */
+    getScpHierarchyForAccount(accountId: string): Promise<SimulationOrgPolicies[]>;
+    /**
+     * Gets the policy hierarchy for an account for a given policy type.
+     * @param accountId The ID of the account.
+     * @param policyType The type of policy ('scps' or 'rcps').
+     * @returns The policy hierarchy for the account.
+     */
+    getOrgPolicyHierarchyForAccount(accountId: string, policyType: OrgPolicyType): Promise<SimulationOrgPolicies[]>;
+    /**
+     * Gets the OUs for an account. The first element is the root,
+     * the last element is the parent OU of the account.
+     * @param accountId The ID of the account to get the OUs for.
+     * @returns The OUs for the account.
+     */
+    getOrgUnitHierarchyForAccount(accountId: string): Promise<string[]>;
+    /**
+     * Gets the org unit ID for an account.
+     * @param accountId The ID of the account.
+     * @returns The org unit ID for the account, or undefined if not found.
+     */
+    getOrgUnitIdForAccount(accountId: string): Promise<string | undefined>;
+    /**
+     * Gets the parent org unit ID for a given org unit.
+     * @param orgId The ID of the organization.
+     * @param ouId The ID of the org unit.
+     * @returns The parent org unit ID, or undefined if not found.
+     */
+    getParentOrgUnitIdForOrgUnit(orgId: string, ouId: string): Promise<string | undefined>;
+    /**
+     * Gets the SCPs for an account.
+     * @param accountId The ID of the account.
+     * @returns The SCPs for the account.
+     */
+    getScpsForAccount(accountId: string): Promise<OrgPolicy[]>;
+    /**
+     * Gets the org policies for an account for a given policy type.
+     * @param accountId The ID of the account.
+     * @param policyType The type of policy ('scps' or 'rcps').
+     * @returns The org policies for the account.
+     */
+    getOrgPoliciesForAccount(accountId: string, policyType: OrgPolicyType): Promise<OrgPolicy[]>;
+    /**
+     * Gets the account data for an organization.
+     * @param orgId The ID of the organization.
+     * @returns The account data for the organization.
+     */
+    getAccountDataForOrg(orgId: string): Promise<OrgAccounts>;
+    /**
+     * Gets the org units data for an organization.
+     * @param orgId The ID of the organization.
+     * @returns The org units data for the organization.
+     */
+    getOrgUnitsDataForOrg(orgId: string): Promise<OrgUnits>;
+    /**
+     * Gets a specific org policy.
+     * @param orgId The ID of the organization.
+     * @param policyType The type of policy ('scps' or 'rcps').
+     * @param policyArn The ARN of the policy.
+     * @returns The org policy.
+     */
+    getOrgPolicy(orgId: string, policyType: OrgPolicyType, policyArn: string): Promise<OrgPolicy>;
+    /**
+     * Gets the RCPs for an account.
+     * @param accountId The ID of the account.
+     * @returns The RCPs for the account.
+     */
+    getRcpsForAccount(accountId: string): Promise<OrgPolicy[]>;
+    /**
+     * Gets the RCP hierarchy for an account.
+     * @param accountId The ID of the account.
+     * @returns The RCP hierarchy for the account.
+     */
+    getRcpHierarchyForAccount(accountId: string): Promise<SimulationOrgPolicies[]>;
+    /**
+     * Gets the SCPs for an org unit.
+     * @param orgId The ID of the organization.
+     * @param orgUnitId The ID of the org unit.
+     * @returns The SCPs for the org unit.
+     */
+    getScpsForOrgUnit(orgId: string, orgUnitId: string): Promise<OrgPolicy[]>;
+    /**
+     * Gets the org policies for an org unit for a given policy type.
+     * @param orgId The ID of the organization.
+     * @param orgUnitId The ID of the org unit.
+     * @param policyType The type of policy ('scps' or 'rcps').
+     * @returns The org policies for the org unit.
+     */
+    getOrgPoliciesForOrgUnit(orgId: string, orgUnitId: string, policyType: OrgPolicyType): Promise<OrgPolicy[]>;
+    /**
+     * Gets the RCPs for an org unit.
+     * @param orgId The ID of the organization.
+     * @param orgUnitId The ID of the org unit.
+     * @returns The RCPs for the org unit.
+     */
+    getRcpsForOrgUnit(orgId: string, orgUnitId: string): Promise<OrgPolicy[]>;
+    /**
+     * Gets the org ID for an account.
+     * @param accountId The ID of the account.
+     * @returns The org ID for the account, or undefined if not found.
+     */
+    getOrgIdForAccount(accountId: string): Promise<string | undefined>;
+    /**
+     * Gets the account ID for a given S3 bucket name.
+     * @param bucketName The name of the bucket.
+     * @returns The account ID for the bucket, or undefined if not found.
+     */
+    getAccountIdForBucket(bucketName: string): Promise<string | undefined>;
+    /**
+     * Gets the account ID for a given API Gateway ARN.
+     * @param apiArn The ARN of the API Gateway.
+     * @returns The account ID for the API Gateway, or undefined if not found.
+     */
+    getAccountIdForRestApi(apiArn: string): Promise<string | undefined>;
+    /**
+     * Gets the managed policies attached to a user.
+     * @param userArn The ARN of the user.
+     * @returns The managed policies for the user.
+     */
+    getManagedPoliciesForUser(userArn: string): Promise<ManagedPolicy[]>;
+    getManagedPolicy(accountId: string, policyArn: string): Promise<ManagedPolicy>;
+    /**
+     * Gets the inline policies attached to a user.
+     * @param userArn The ARN of the user.
+     * @returns The inline policies for the user.
+     */
+    getInlinePoliciesForUser(userArn: string): Promise<InlinePolicy[]>;
+    getIamUserMetadata(userArn: string): Promise<IamUserMetadata | undefined>;
+    /**
+     * Gets the permissions boundary policy attached to a user, if any.
+     *
+     * @param userArn The ARN of the user.
+     * @returns The permissions boundary policy as an OrgPolicy, or undefined if none is set.
+     */
+    getPermissionsBoundaryForUser(userArn: string): Promise<ManagedPolicy | undefined>;
+    /**
+     * Gets the group ARNs that the user is a member of.
+     * @param userArn The ARN of the user.
+     * @returns An array of group ARNs the user belongs to.
+     */
+    getGroupsForUser(userArn: string): Promise<string[]>;
+    /**
+     * Gets the managed policies attached to a group.
+     *
+     * @param groupArn The ARN of the group.
+     * @returns The managed policies for the group.
+     */
+    getManagedPoliciesForGroup(groupArn: string): Promise<ManagedPolicy[]>;
+    getInlinePoliciesForGroup(groupArn: string): Promise<InlinePolicy[]>;
+    getManagedPoliciesForRole(roleArn: string): Promise<ManagedPolicy[]>;
+    getInlinePoliciesForRole(roleArn: string): Promise<InlinePolicy[]>;
+    getPermissionsBoundaryForRole(roleArn: string): Promise<ManagedPolicy | undefined>;
+    /**
+     * Get the metadata for an organization.
+     *
+     * @param organizationId the id of the organization
+     * @returns the metadata for the organization
+     */
+    getOrganizationMetadata(organizationId: string): Promise<OrganizationMetadata>;
+}
+export {};
+//# sourceMappingURL=client.d.ts.map

package/dist/esm/collect/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../src/collect/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AAIxD,MAAM,WAAW,qBAAqB;IACpC,aAAa,EAAE,MAAM,CAAA;IACrB,QAAQ,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,GAAG,CAAA;KAAE,EAAE,CAAA;CAC1C;AAED,UAAU,eAAe;IACvB,GAAG,EAAE,MAAM,CAAA;IACX,IAAI,EAAE,MAAM,CAAA;IACZ,kBAAkB,EAAE,MAAM,CAAA;IAC1B,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;CAChB;AAOD,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,MAAM,CAAA;IACX,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,GAAG,CAAA;CACZ;AAOD,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,MAAM,CAAA;IACX,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,GAAG,CAAA;CACZ;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,GAAG,CAAA;CACZ;AAED,UAAU,UAAU;IAClB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,EAAE,CAAA;IACd,IAAI,EAAE,MAAM,EAAE,CAAA;CACf;AAED,KAAK,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAA;AAc7C,UAAU,cAAc;IACtB,MAAM,EAAE,MAAM,GAAG,SAAS,CAAA;IAC1B,IAAI,EAAE,MAAM,EAAE,CAAA;IACd,IAAI,EAAE,MAAM,EAAE,CAAA;CACf;AAED,KAAK,QAAQ,GAAG,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAA;AAE9C,KAAK,aAAa,GAAG,MAAM,GAAG,MAAM,CAAA;AAEpC,UAAU,oBAAoB;IAC5B,EAAE,EAAE,MAAM,CAAA;IACV,GAAG,EAAE,MAAM,CAAA;IACX,MAAM,EAAE,MAAM,CAAA;IACd,cAAc,EAAE,MAAM,CAAA;IACtB,aAAa,EAAE,MAAM,CAAA;IACrB,QAAQ,EAAE;QACR,yBAAyB,CAAC,EAAE,OAAO,CAAA;QACnC,aAAa,CAAC,EAAE,OAAO,CAAA;QACvB,uBAAuB,CAAC,EAAE,OAAO,CAAA;QACjC,sBAAsB,CAAC,EAAE,OAAO,CAAA;QAChC,UAAU,CAAC,EAAE,OAAO,CAAA;KACrB,CAAA;CACF;AAyED,qBAAa,gBAAgB;IACf,OAAO,CAAC,aAAa;gBAAb,aAAa,EAAE,WAAW;IAE9C;;;;OAIG;IACG,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKxD;;;;OAIG;IACG,eAAe,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAU7D;;;;OAIG;IACG,yBAAyB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,EAAE,CAAC;IAIpF;;;;;OAKG;IACG,+BAA+B,CACnC,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,aAAa,GACxB,OAAO,CAAC,qBAAqB,EAAE,CAAC;IAuCnC;;;;;OAKG;IACG,6BAA6B,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAkBzE;;;;OAIG;IACG,sBAAsB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAU5E;;;;;OAKG;IACG,4BAA4B,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAM5F;;;;OAIG;IACG,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IAIhE;;;;;OAKG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,aAAa,GACxB,OAAO,CAAC,SAAS,EAAE,CAAC;IAkBvB;;;;OAIG;IACG,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAI/D;;;;OAIG;IACG,qBAAqB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IAI7D;;;;;;OAMG;IACG,YAAY,CAChB,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,aAAa,EACzB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,SAAS,CAAC;IAoBrB;;;;OAIG;IACG,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IAIhE;;;;OAIG;IACG,yBAAyB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,EAAE,CAAC;IAIpF;;;;;OAKG;IACG,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IAI/E;;;;;;OAMG;IACG,wBAAwB,CAC5B,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,aAAa,GACxB,OAAO,CAAC,SAAS,EAAE,CAAC;IAavB;;;;;OAKG;IACG,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IAI/E;;;;OAIG;IACG,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAMxE;;;;OAIG;IACG,qBAAqB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAS5E;;;;OAIG;IACG,sBAAsB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IASzE;;;;OAIG;IACG,yBAAyB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAkBpE,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAiBpF;;;;OAIG;IACG,wBAAwB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;IAalE,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,SAAS,CAAC;IAU/E;;;;;OAKG;IACG,6BAA6B,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,SAAS,CAAC;IAgBxF;;;;OAIG;IACG,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAW1D;;;;;OAKG;IACG,0BAA0B,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAkBtE,yBAAyB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;IAapE,yBAAyB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAkBpE,wBAAwB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;IAalE,6BAA6B,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,SAAS,CAAC;IAgBxF;;;;;OAKG;IACG,uBAAuB,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC;CAMrF"}