@cloud-copilot/iam-lens 0.1.3 → 0.1.5

package/dist/esm/simulate.js

@@ -0,0 +1,118 @@
+import { iamActionDetails } from '@cloud-copilot/iam-data';
+import { runSimulation } from '@cloud-copilot/iam-simulate';
+import { splitArnParts } from '@cloud-copilot/iam-utils';
+import { createContextKeys } from './contextKeys.js';
+import { getAllPoliciesForPrincipal, isServiceLinkedRole } from './principals.js';
+import { getAccountIdForResource, getRcpsForResource, getResourcePolicyForResource } from './resources.js';
+export async function simulateRequest(simulationRequest, collectClient) {
+    simulationRequest.resourceAccount =
+        simulationRequest.resourceAccount ||
+            (await getAccountIdForResource(collectClient, simulationRequest.resourceArn));
+    if (!simulationRequest.resourceAccount) {
+        throw new Error(`Unable to find account ID for resource ${simulationRequest.resourceArn}`);
+    }
+    const actionParts = simulationRequest.action.split(':');
+    const service = actionParts[0];
+    const serviceAction = actionParts[1];
+    const actionDetails = await iamActionDetails(service, serviceAction);
+    if (!actionDetails) {
+        throw new Error(`Unable to find action details for ${simulationRequest.action}`);
+    }
+    if (actionDetails.isWildcardOnly) {
+        simulationRequest.resourceAccount = splitArnParts(simulationRequest.principal).accountId;
+    }
+    //Lookup the principal policies
+    const principalPolicies = await getAllPoliciesForPrincipal(collectClient, simulationRequest.principal);
+    const resourcePolicy = await getResourcePolicyForResource(collectClient, simulationRequest.resourceArn);
+    const resourceRcps = await getRcpsForResource(collectClient, simulationRequest.resourceArn);
+    const context = await createContextKeys(collectClient, simulationRequest, simulationRequest.customContextKeys);
+    const applicableScps = isServiceLinkedRole(simulationRequest.principal)
+        ? []
+        : principalPolicies.scps;
+    const simulation = {
+        request: {
+            action: simulationRequest.action,
+            resource: {
+                resource: simulationRequest.resourceArn,
+                accountId: simulationRequest.resourceAccount
+            },
+            principal: simulationRequest.principal,
+            contextVariables: context
+        },
+        identityPolicies: prepareIdentityPolicies(simulationRequest.principal, principalPolicies),
+        serviceControlPolicies: applicableScps,
+        resourceControlPolicies: rcpsForRequest(simulationRequest.principal, actionDetails.isWildcardOnly, resourceRcps, principalPolicies.scps),
+        resourcePolicy: resourcePolicy,
+        permissionBoundaryPolicies: preparePermissionBoundary(principalPolicies)
+    };
+    const result = await runSimulation(simulation, {});
+    return result;
+}
+function rcpsForRequest(principalArn, actionIsWildcard, resourceRcps, principalRcps) {
+    if (isServiceLinkedRole(principalArn)) {
+        return [];
+    }
+    let theRcps = resourceRcps;
+    if (actionIsWildcard) {
+        theRcps = principalRcps;
+    }
+    return theRcps.map((rcp) => {
+        rcp.orgIdentifier;
+        return {
+            orgIdentifier: rcp.orgIdentifier,
+            policies: rcp.policies.filter((policy) => {
+                return !policy.name.toLowerCase().endsWith('rcpfullawsaccess');
+            })
+        };
+    });
+}
+function prepareIdentityPolicies(principalArn, principalPolicies) {
+    //Collect unique managed policies
+    const uniqueIdentityPolicies = {};
+    principalPolicies.managedPolicies.forEach((policy) => {
+        if (!uniqueIdentityPolicies[policy.arn]) {
+            uniqueIdentityPolicies[policy.arn] = {
+                name: policy.arn,
+                policy: policy.policy
+            };
+        }
+    });
+    principalPolicies.groupPolicies?.forEach((groupPolicy) => {
+        groupPolicy.managedPolicies.forEach((policy) => {
+            if (!uniqueIdentityPolicies[policy.arn]) {
+                uniqueIdentityPolicies[policy.arn] = {
+                    name: policy.arn,
+                    policy: policy.policy
+                };
+            }
+        });
+    });
+    const identityPolicies = Object.values(uniqueIdentityPolicies);
+    principalPolicies.inlinePolicies.forEach((policy) => {
+        identityPolicies.push({
+            name: `${principalArn}#${policy.name}`,
+            policy: policy.policy
+        });
+    });
+    principalPolicies.groupPolicies?.forEach((groupPolicy) => {
+        groupPolicy.inlinePolicies.forEach((policy) => {
+            identityPolicies.push({
+                name: `${groupPolicy.group}#${policy.name}`,
+                policy: policy.policy
+            });
+        });
+    });
+    return identityPolicies;
+}
+function preparePermissionBoundary(principalPolicies) {
+    if (principalPolicies.permissionBoundary) {
+        return [
+            {
+                name: principalPolicies.permissionBoundary.arn,
+                policy: principalPolicies.permissionBoundary.policy
+            }
+        ];
+    }
+    return undefined;
+}
+//# sourceMappingURL=simulate.js.map

package/dist/esm/simulate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"simulate.js","sourceRoot":"","sources":["../../src/simulate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC1D,OAAO,EAAE,aAAa,EAAc,MAAM,6BAA6B,CAAA;AACvE,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAA;AAExD,OAAO,EAAe,iBAAiB,EAAE,MAAM,kBAAkB,CAAA;AACjE,OAAO,EAAE,0BAA0B,EAAE,mBAAmB,EAAqB,MAAM,iBAAiB,CAAA;AACpG,OAAO,EACL,uBAAuB,EACvB,kBAAkB,EAClB,4BAA4B,EAC7B,MAAM,gBAAgB,CAAA;AAWvB,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,iBAAoC,EACpC,aAA+B;IAE/B,iBAAiB,CAAC,eAAe;QAC/B,iBAAiB,CAAC,eAAe;YACjC,CAAC,MAAM,uBAAuB,CAAC,aAAa,EAAE,iBAAiB,CAAC,WAAW,CAAC,CAAC,CAAA;IAE/E,IAAI,CAAC,iBAAiB,CAAC,eAAe,EAAE,CAAC;QACvC,MAAM,IAAI,KAAK,CAAC,0CAA0C,iBAAiB,CAAC,WAAW,EAAE,CAAC,CAAA;IAC5F,CAAC;IAED,MAAM,WAAW,GAAG,iBAAiB,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACvD,MAAM,OAAO,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;IAC9B,MAAM,aAAa,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;IACpC,MAAM,aAAa,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,aAAa,CAAC,CAAA;IACpE,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,qCAAqC,iBAAiB,CAAC,MAAM,EAAE,CAAC,CAAA;IAClF,CAAC;IAED,IAAI,aAAa,CAAC,cAAc,EAAE,CAAC;QACjC,iBAAiB,CAAC,eAAe,GAAG,aAAa,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC,SAAU,CAAA;IAC3F,CAAC;IAED,+BAA+B;IAC/B,MAAM,iBAAiB,GAAG,MAAM,0BAA0B,CACxD,aAAa,EACb,iBAAiB,CAAC,SAAS,CAC5B,CAAA;IAED,MAAM,cAAc,GAAG,MAAM,4BAA4B,CACvD,aAAa,EACb,iBAAiB,CAAC,WAAW,CAC9B,CAAA;IAED,MAAM,YAAY,GAAG,MAAM,kBAAkB,CAAC,aAAa,EAAE,iBAAiB,CAAC,WAAW,CAAC,CAAA;IAE3F,MAAM,OAAO,GAAG,MAAM,iBAAiB,CACrC,aAAa,EACb,iBAAiB,EACjB,iBAAiB,CAAC,iBAAiB,CACpC,CAAA;IAED,MAAM,cAAc,GAAG,mBAAmB,CAAC,iBAAiB,CAAC,SAAS,CAAC;QACrE,CAAC,CAAC,EAAE;QACJ,CAAC,CAAC,iBAAiB,CAAC,IAAI,CAAA;IAE1B,MAAM,UAAU,GAAe;QAC7B,OAAO,EAAE;YACP,MAAM,EAAE,iBAAiB,CAAC,MAAM;YAChC,QAAQ,EAAE;gBACR,QAAQ,EAAE,iBAAiB,CAAC,WAAW;gBACvC,SAAS,EAAE,iBAAiB,CAAC,eAAe;aAC7C;YACD,SAAS,EAAE,iBAAiB,CAAC,SAAS;YACtC,gBAAgB,EAAE,OAAO;SAC1B;QACD,gBAAgB,EAAE,uBAAuB,CAAC,iBAAiB,CAAC,SAAS,EAAE,iBAAiB,CAAC;QACzF,sBAAsB,EAAE,cAAc;QACtC,uBAAuB,EAAE,cAAc,CACrC,iBAAiB,CAAC,SAAS,EAC3B,aAAa,CAAC,cAAc,EAC5B,YAAY,EACZ,iBAAiB,CAAC,IAAI,CACvB;QACD,cAAc,EAAE,cAAc;QAC9B,0BAA0B,EAAE,yBAAyB,CAAC,iBAAiB,CAAC;KACzE,CAAA;IAED,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,UAAU,EAAE,EAAE,CAAC,CAAA;IAElD,OAAO,MAAM,CAAA;AACf,CAAC;AAED,SAAS,cAAc,CACrB,YAAoB,EACpB,gBAAyB,EACzB,YAAqC,EACrC,aAAsC;IAEtC,IAAI,mBAAmB,CAAC,YAAY,CAAC,EAAE,CAAC;QACtC,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,OAAO,GAAG,YAAY,CAAA;IAE1B,IAAI,gBAAgB,EAAE,CAAC;QACrB,OAAO,GAAG,aAAa,CAAA;IACzB,CAAC;IAED,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACzB,GAAG,CAAC,aAAa,CAAA;QACjB,OAAO;YACL,aAAa,EAAE,GAAG,CAAC,aAAa;YAChC,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE;gBACvC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAA;YAChE,CAAC,CAAC;SACH,CAAA;IACH,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,SAAS,uBAAuB,CAC9B,YAAoB,EACpB,iBAAoC;IAEpC,iCAAiC;IACjC,MAAM,sBAAsB,GAAkD,EAAE,CAAA;IAChF,iBAAiB,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;QACnD,IAAI,CAAC,sBAAsB,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACxC,sBAAsB,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG;gBACnC,IAAI,EAAE,MAAM,CAAC,GAAG;gBAChB,MAAM,EAAE,MAAM,CAAC,MAAM;aACtB,CAAA;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IACF,iBAAiB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;QACvD,WAAW,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;YAC7C,IAAI,CAAC,sBAAsB,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxC,sBAAsB,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG;oBACnC,IAAI,EAAE,MAAM,CAAC,GAAG;oBAChB,MAAM,EAAE,MAAM,CAAC,MAAM;iBACtB,CAAA;YACH,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAA;IAE9D,iBAAiB,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;QAClD,gBAAgB,CAAC,IAAI,CAAC;YACpB,IAAI,EAAE,GAAG,YAAY,IAAI,MAAM,CAAC,IAAI,EAAE;YACtC,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,iBAAiB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;QACvD,WAAW,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;YAC5C,gBAAgB,CAAC,IAAI,CAAC;gBACpB,IAAI,EAAE,GAAG,WAAW,CAAC,KAAK,IAAI,MAAM,CAAC,IAAI,EAAE;gBAC3C,MAAM,EAAE,MAAM,CAAC,MAAM;aACtB,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,OAAO,gBAAgB,CAAA;AACzB,CAAC;AAED,SAAS,yBAAyB,CAChC,iBAAoC;IAEpC,IAAI,iBAAiB,CAAC,kBAAkB,EAAE,CAAC;QACzC,OAAO;YACL;gBACE,IAAI,EAAE,iBAAiB,CAAC,kBAAkB,CAAC,GAAG;gBAC9C,MAAM,EAAE,iBAAiB,CAAC,kBAAkB,CAAC,MAAM;aACpD;SACF,CAAA;IACH,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cloud-copilot/iam-lens",
-  "version": "0.1.3",
+  "version": "0.1.5",
   "description": "Visibility in IAM in and across AWS accounts",
   "keywords": [
     "aws",
@@ -9,6 +9,9 @@
     "identity"
   ],
   "homepage": "https://github.com/cloud-copilot/iam-lens#readme",
+  "bin": {
+    "iam-lens": "dist/esm/cli.js"
+  },
   "exports": {
     ".": {
       "import": "./dist/esm/index.js",
@@ -107,8 +110,11 @@
     ]
   },
   "dependencies": {
+    "@cloud-copilot/cli": "^0.1.28",
     "@cloud-copilot/iam-collect": "^0.1.63",
+    "@cloud-copilot/iam-data": "^0.9.202505241",
     "@cloud-copilot/iam-policy": "^0.1.24",
-    "@cloud-copilot/iam-simulate": "^0.1.35"
+    "@cloud-copilot/iam-simulate": "^0.1.42",
+    "@cloud-copilot/iam-utils": "^0.1.7"
   }
 }

package/dist/cjs/util/arn.d.ts

@@ -1,26 +0,0 @@
-export interface ArnParts {
-    partition: string | undefined;
-    service: string | undefined;
-    region: string | undefined;
-    accountId: string | undefined;
-    resource: string | undefined;
-    resourceType: string | undefined;
-    resourcePath: string | undefined;
-}
-/**
- * Split an ARN into its parts
- *
- * @param arn the arn to split
- * @returns the parts of the ARN
- */
-export declare function splitArnParts(arn: string): ArnParts;
-/**
- * Get the product/id segments of the resource portion of an ARN.
- * The first segment is the product segment and the second segment is the resource id segment.
- * This could be split by a colon or a slash, so it checks for both. It also checks for S3 buckets/objects.
- *
- * @param resource The resource to get the resource segments. Must be an ARN resource.
- * @returns a tuple with the first segment being the product segment (without the separator) and the second segment being the resource id.
- */
-export declare function getResourceSegments(service: string, accountId: string, region: string, resourceString: string): [string, string];
-//# sourceMappingURL=arn.d.ts.map

package/dist/cjs/util/arn.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"arn.d.ts","sourceRoot":"","sources":["../../../src/util/arn.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,QAAQ;IACvB,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,OAAO,EAAE,MAAM,GAAG,SAAS,CAAA;IAC3B,MAAM,EAAE,MAAM,GAAG,SAAS,CAAA;IAC1B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;IAC5B,YAAY,EAAE,MAAM,GAAG,SAAS,CAAA;IAChC,YAAY,EAAE,MAAM,GAAG,SAAS,CAAA;CACjC;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,QAAQ,CAkBnD;AAED;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,MAAM,GACrB,CAAC,MAAM,EAAE,MAAM,CAAC,CA+BlB"}

package/dist/cjs/util/arn.js

@@ -1,68 +0,0 @@
-"use strict";
-// Copied from https://github.com/cloud-copilot/iam-simulate/blob/main/src/util.ts
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.splitArnParts = splitArnParts;
-exports.getResourceSegments = getResourceSegments;
-/**
- * Split an ARN into its parts
- *
- * @param arn the arn to split
- * @returns the parts of the ARN
- */
-function splitArnParts(arn) {
-    const parts = arn.split(':');
-    const partition = parts.at(1);
-    const service = parts.at(2);
-    const region = parts.at(3);
-    const accountId = parts.at(4);
-    const resource = parts.slice(5).join(':');
-    const [resourceType, resourcePath] = getResourceSegments(service, accountId, region, resource);
-    return {
-        partition,
-        service,
-        region,
-        accountId,
-        resource,
-        resourceType,
-        resourcePath
-    };
-}
-/**
- * Get the product/id segments of the resource portion of an ARN.
- * The first segment is the product segment and the second segment is the resource id segment.
- * This could be split by a colon or a slash, so it checks for both. It also checks for S3 buckets/objects.
- *
- * @param resource The resource to get the resource segments. Must be an ARN resource.
- * @returns a tuple with the first segment being the product segment (without the separator) and the second segment being the resource id.
- */
-function getResourceSegments(service, accountId, region, resourceString) {
-    // This is terrible, and I hate it
-    if ((service === 's3' && accountId === '' && region === '') ||
-        service === 'sns' ||
-        service === 'sqs') {
-        return ['', resourceString];
-    }
-    if (resourceString.startsWith('/')) {
-        resourceString = resourceString.slice(1);
-    }
-    const slashIndex = resourceString.indexOf('/');
-    const colonIndex = resourceString.indexOf(':');
-    let splitIndex = slashIndex;
-    if (slashIndex != -1 && colonIndex != -1) {
-        splitIndex = Math.min(slashIndex, colonIndex) + 1;
-    }
-    else if (slashIndex == -1 && colonIndex == -1) {
-        splitIndex = resourceString.length + 1;
-    }
-    else if (colonIndex == -1) {
-        splitIndex = slashIndex + 1;
-    }
-    else if (slashIndex == -1) {
-        splitIndex = colonIndex + 1;
-    }
-    else {
-        throw new Error(`Unable to split resource ${resourceString}`);
-    }
-    return [resourceString.slice(0, splitIndex - 1), resourceString.slice(splitIndex)];
-}
-//# sourceMappingURL=arn.js.map

package/dist/cjs/util/arn.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"arn.js","sourceRoot":"","sources":["../../../src/util/arn.ts"],"names":[],"mappings":";AAAA,kFAAkF;;AAkBlF,sCAkBC;AAUD,kDAoCC;AAtED;;;;;GAKG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC5B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC7B,MAAM,OAAO,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IAC5B,MAAM,MAAM,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IAC3B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IAC9B,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,GAAG,mBAAmB,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAA;IAE9F,OAAO;QACL,SAAS;QACT,OAAO;QACP,MAAM;QACN,SAAS;QACT,QAAQ;QACR,YAAY;QACZ,YAAY;KACb,CAAA;AACH,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,mBAAmB,CACjC,OAAe,EACf,SAAiB,EACjB,MAAc,EACd,cAAsB;IAEtB,kCAAkC;IAClC,IACE,CAAC,OAAO,KAAK,IAAI,IAAI,SAAS,KAAK,EAAE,IAAI,MAAM,KAAK,EAAE,CAAC;QACvD,OAAO,KAAK,KAAK;QACjB,OAAO,KAAK,KAAK,EACjB,CAAC;QACD,OAAO,CAAC,EAAE,EAAE,cAAc,CAAC,CAAA;IAC7B,CAAC;IAED,IAAI,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,cAAc,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAC1C,CAAC;IAED,MAAM,UAAU,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAC9C,MAAM,UAAU,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAE9C,IAAI,UAAU,GAAG,UAAU,CAAA;IAC3B,IAAI,UAAU,IAAI,CAAC,CAAC,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QACzC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,CAAA;IACnD,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAChD,UAAU,GAAG,cAAc,CAAC,MAAM,GAAG,CAAC,CAAA;IACxC,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,4BAA4B,cAAc,EAAE,CAAC,CAAA;IAC/D,CAAC;IAED,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,GAAG,CAAC,CAAC,EAAE,cAAc,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAA;AACpF,CAAC"}

package/dist/esm/util/arn.d.ts

@@ -1,26 +0,0 @@
-export interface ArnParts {
-    partition: string | undefined;
-    service: string | undefined;
-    region: string | undefined;
-    accountId: string | undefined;
-    resource: string | undefined;
-    resourceType: string | undefined;
-    resourcePath: string | undefined;
-}
-/**
- * Split an ARN into its parts
- *
- * @param arn the arn to split
- * @returns the parts of the ARN
- */
-export declare function splitArnParts(arn: string): ArnParts;
-/**
- * Get the product/id segments of the resource portion of an ARN.
- * The first segment is the product segment and the second segment is the resource id segment.
- * This could be split by a colon or a slash, so it checks for both. It also checks for S3 buckets/objects.
- *
- * @param resource The resource to get the resource segments. Must be an ARN resource.
- * @returns a tuple with the first segment being the product segment (without the separator) and the second segment being the resource id.
- */
-export declare function getResourceSegments(service: string, accountId: string, region: string, resourceString: string): [string, string];
-//# sourceMappingURL=arn.d.ts.map

package/dist/esm/util/arn.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"arn.d.ts","sourceRoot":"","sources":["../../../src/util/arn.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,QAAQ;IACvB,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,OAAO,EAAE,MAAM,GAAG,SAAS,CAAA;IAC3B,MAAM,EAAE,MAAM,GAAG,SAAS,CAAA;IAC1B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;IAC5B,YAAY,EAAE,MAAM,GAAG,SAAS,CAAA;IAChC,YAAY,EAAE,MAAM,GAAG,SAAS,CAAA;CACjC;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,QAAQ,CAkBnD;AAED;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,MAAM,GACrB,CAAC,MAAM,EAAE,MAAM,CAAC,CA+BlB"}

package/dist/esm/util/arn.js

@@ -1,64 +0,0 @@
-// Copied from https://github.com/cloud-copilot/iam-simulate/blob/main/src/util.ts
-/**
- * Split an ARN into its parts
- *
- * @param arn the arn to split
- * @returns the parts of the ARN
- */
-export function splitArnParts(arn) {
-    const parts = arn.split(':');
-    const partition = parts.at(1);
-    const service = parts.at(2);
-    const region = parts.at(3);
-    const accountId = parts.at(4);
-    const resource = parts.slice(5).join(':');
-    const [resourceType, resourcePath] = getResourceSegments(service, accountId, region, resource);
-    return {
-        partition,
-        service,
-        region,
-        accountId,
-        resource,
-        resourceType,
-        resourcePath
-    };
-}
-/**
- * Get the product/id segments of the resource portion of an ARN.
- * The first segment is the product segment and the second segment is the resource id segment.
- * This could be split by a colon or a slash, so it checks for both. It also checks for S3 buckets/objects.
- *
- * @param resource The resource to get the resource segments. Must be an ARN resource.
- * @returns a tuple with the first segment being the product segment (without the separator) and the second segment being the resource id.
- */
-export function getResourceSegments(service, accountId, region, resourceString) {
-    // This is terrible, and I hate it
-    if ((service === 's3' && accountId === '' && region === '') ||
-        service === 'sns' ||
-        service === 'sqs') {
-        return ['', resourceString];
-    }
-    if (resourceString.startsWith('/')) {
-        resourceString = resourceString.slice(1);
-    }
-    const slashIndex = resourceString.indexOf('/');
-    const colonIndex = resourceString.indexOf(':');
-    let splitIndex = slashIndex;
-    if (slashIndex != -1 && colonIndex != -1) {
-        splitIndex = Math.min(slashIndex, colonIndex) + 1;
-    }
-    else if (slashIndex == -1 && colonIndex == -1) {
-        splitIndex = resourceString.length + 1;
-    }
-    else if (colonIndex == -1) {
-        splitIndex = slashIndex + 1;
-    }
-    else if (slashIndex == -1) {
-        splitIndex = colonIndex + 1;
-    }
-    else {
-        throw new Error(`Unable to split resource ${resourceString}`);
-    }
-    return [resourceString.slice(0, splitIndex - 1), resourceString.slice(splitIndex)];
-}
-//# sourceMappingURL=arn.js.map

package/dist/esm/util/arn.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"arn.js","sourceRoot":"","sources":["../../../src/util/arn.ts"],"names":[],"mappings":"AAAA,kFAAkF;AAYlF;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC5B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC7B,MAAM,OAAO,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IAC5B,MAAM,MAAM,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IAC3B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IAC9B,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,GAAG,mBAAmB,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAA;IAE9F,OAAO;QACL,SAAS;QACT,OAAO;QACP,MAAM;QACN,SAAS;QACT,QAAQ;QACR,YAAY;QACZ,YAAY;KACb,CAAA;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CACjC,OAAe,EACf,SAAiB,EACjB,MAAc,EACd,cAAsB;IAEtB,kCAAkC;IAClC,IACE,CAAC,OAAO,KAAK,IAAI,IAAI,SAAS,KAAK,EAAE,IAAI,MAAM,KAAK,EAAE,CAAC;QACvD,OAAO,KAAK,KAAK;QACjB,OAAO,KAAK,KAAK,EACjB,CAAC;QACD,OAAO,CAAC,EAAE,EAAE,cAAc,CAAC,CAAA;IAC7B,CAAC;IAED,IAAI,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,cAAc,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAC1C,CAAC;IAED,MAAM,UAAU,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAC9C,MAAM,UAAU,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAE9C,IAAI,UAAU,GAAG,UAAU,CAAA;IAC3B,IAAI,UAAU,IAAI,CAAC,CAAC,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QACzC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,CAAA;IACnD,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAChD,UAAU,GAAG,cAAc,CAAC,MAAM,GAAG,CAAC,CAAA;IACxC,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,4BAA4B,cAAc,EAAE,CAAC,CAAA;IAC/D,CAAC;IAED,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,GAAG,CAAC,CAAC,EAAE,cAAc,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAA;AACpF,CAAC"}