@cloud-copilot/iam-policy 0.0.1

package/README.md

@@ -0,0 +1,135 @@
+# IAM Policy Parser
+
+This is a simple IAM policy library that allows you parse and navigate IAM policies without worry about the more difficult details of parsing policies.
+
+This may be updated in the future to allow modifying policies, right now it's read-only.
+
+**This does not validate policies**, it only parses them. If you pass in totally invalid JSON it will fail in glorious and unpredictable ways.
+
+Here are some ways it helps:
+
+## Normalizing Policy Elements that are Objects/Array of Object or String/Array of Strings
+```typescript
+import{ loadPolicy } from '@cloud-copilot/iam-policy'
+
+//Statement can be an array of objects
+const policyOne = {
+  {
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Sid": "ArrayStatement",
+        "Effect": "Allow",
+        "Action": [
+          "s3:GetObject",
+        ],
+        "Resource": "arn:aws:s3:::government-secrets/*"
+      }
+    ]
+  }
+};
+
+//Statement can also be a single object
+const policyTwo = {
+  {
+    "Version": "2012-10-17",
+    "Statement": {
+      "Sid": "ObjectStatement",
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetObject",
+      ],
+      "Resource": "arn:aws:s3:::government-secrets/*"
+    }
+  }
+};
+
+//In both cases you can use the `statements` function to get an array of statements
+const p1 = loadPolicy(policyOne);
+const p2 = loadPolicy(policyTwo);
+console.log(p1.statements()[0].sid()); //ArrayStatement
+console.log(p2.statements()[0].sid()); //ObjectStatement
+```
+
+There is similar support for condition values, principals, and resources.
+
+## Mutually Exclusive Policy Elements
+
+In IAM policies there are some elements that are mutually exclusive. For example, you can't have a `Principal` and a `NotPrincipal` in the same statement. We leverage the Typescript type system to make sure you only access data that is confirmed to exist in the policy.
+
+```typescript
+import{ loadPolicy } from '@cloud-copilot/iam-policy'
+const actionPolicy = {
+  {
+    "Version": "2012-10-17",
+    "Statement": {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetObject",
+      ],
+      "Resource": "arn:aws:s3:::government-secrets/*"
+    }
+  }
+};
+
+const p = loadPolicy(actionPolicy);
+const statement = p.statements()[0]; // Get the first statement out
+
+statement.actions() // Causes a compile time error becuase we haven't confirmed the statement has actions
+
+if(statement.isActionStatement()) {
+  statement.actions() // Now we can access the actions because the type has been confirmed
+}
+
+if(statement.isNotActionStatement()) {
+  // This will not exectue because the statement does not have a NotAction element
+}
+```
+
+`isNotActionStatement` checks for the presence of the NotAction element and is not the inverse of `isActionStatement`. It's possible for a statement to return false for both `isActionStatement` and `isNotActionStatement` if both elements are absent in the statement.
+
+There is similar support for `Action`, `NotAction`, `Principal`, `NotPrincipal`, `Resource`, and `NotResource` elements.
+
+## Flatten Complex Structures
+
+We simplify processing of elements by flattening them into an array of homogenous objects. For example the Principal element can be a string or an object; the object values can be strings or arrays of strings.  We flatten those into an array of objects similar to what you would define in a terraform policy.
+
+```typescript
+import{ loadPolicy } from '@cloud-copilot/iam-policy'
+
+const principalPolicy = {
+  {
+    "Version": "2012-10-17",
+    "Statement": {
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": [
+          "arn:aws:iam::123456789012:root",
+          "arn:aws:iam::123456789013:user/FoxMulder"
+        ],
+        "CanonicalUser": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be",
+        "Federated": "cognito-identity.amazonaws.com"
+      },
+      "Action": [
+        "s3:GetObject",
+      ],
+      "Resource": "arn:aws:s3:::government-secrets/*"
+    }
+  }
+};
+
+const p = loadPolicy(principalPolicy);
+
+const statement = p.statements()[0]; // Get the first statement out
+if(statement.isPrincipalStatement()) {
+  //Get an array of 4 Principal objects with a type and value
+  const principals = statement.principals();
+  principals[0].type() //AWS
+  principals[0].value() //arn:aws:iam::123456789012:root
+  ...
+  principals[3].type() //Federated
+  principals[3].value() //arn:aws:iam::123456789012:root
+}
+```
+
+There is flattening for the `Condition` element.

package/dist/cjs/actions/action.d.ts

@@ -0,0 +1,51 @@
+export type ActionType = 'service' | 'wildcard';
+/**
+ * An Action string in an IAM policy
+ */
+export interface Action {
+    /**
+     * The type of actions
+     */
+    type(): ActionType;
+    /**
+     * The raw string of the action
+     */
+    value(): string;
+    /**
+     * Whether the action is a wildcard action: `"*"`
+     */
+    isWildcardAction(): boolean;
+    /**
+     * Whether the action is a service action: `"service:Action"`
+     */
+    isServiceAction(): boolean;
+}
+/**
+ * A wildcard action: `"*"`
+ */
+export interface WildcardAction extends Action {
+}
+/**
+ * A service action: `"service:Action"`
+ */
+export interface ServiceAction extends Action {
+    /**
+     * The service of the action
+     */
+    service(): string;
+    /**
+     * The action within the service
+     */
+    action(): string;
+}
+export declare class ActionImpl implements Action, WildcardAction, ServiceAction {
+    private readonly rawValue;
+    constructor(rawValue: string);
+    type(): ActionType;
+    value(): string;
+    isWildcardAction(): this is WildcardAction;
+    isServiceAction(): this is ServiceAction;
+    service(): string;
+    action(): string;
+}
+//# sourceMappingURL=action.d.ts.map

package/dist/cjs/actions/action.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"action.d.ts","sourceRoot":"","sources":["../../../src/actions/action.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,UAAU,GAAG,SAAS,GAAG,UAAU,CAAA;AAE/C;;GAEG;AACH,MAAM,WAAW,MAAM;IACrB;;OAEG;IACH,IAAI,IAAI,UAAU,CAAA;IAElB;;OAEG;IACH,KAAK,IAAI,MAAM,CAAA;IAEf;;OAEG;IACH,gBAAgB,IAAI,OAAO,CAAA;IAE3B;;OAEG;IACH,eAAe,IAAI,OAAO,CAAA;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,cAAe,SAAQ,MAAM;CAC7C;AAED;;GAEG;AACH,MAAM,WAAW,aAAc,SAAQ,MAAM;IAC3C;;OAEG;IACH,OAAO,IAAI,MAAM,CAAA;IAEjB;;OAEG;IACH,MAAM,IAAI,MAAM,CAAA;CACjB;AAED,qBAAa,UAAW,YAAW,MAAM,EAAG,cAAc,EAAE,aAAa;IAC3D,OAAO,CAAC,QAAQ,CAAC,QAAQ;gBAAR,QAAQ,EAAE,MAAM;IAEtC,IAAI,IAAI,UAAU;IAOlB,KAAK,IAAI,MAAM;IAIf,gBAAgB,IAAI,IAAI,IAAI,cAAc;IAI1C,eAAe,IAAI,IAAI,IAAI,aAAa;IAIxC,OAAO,IAAI,MAAM;IAIjB,MAAM,IAAI,MAAM;CAGxB"}

package/dist/cjs/actions/action.js

@@ -0,0 +1,33 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ActionImpl = void 0;
+const utils_js_1 = require("../utils.js");
+class ActionImpl {
+    rawValue;
+    constructor(rawValue) {
+        this.rawValue = rawValue;
+    }
+    type() {
+        if ((0, utils_js_1.isAllWildcards)(this.rawValue)) {
+            return 'wildcard';
+        }
+        return 'service';
+    }
+    value() {
+        return this.rawValue;
+    }
+    isWildcardAction() {
+        return this.type() === 'wildcard';
+    }
+    isServiceAction() {
+        return this.type() === 'service';
+    }
+    service() {
+        return this.rawValue.split(':')[0];
+    }
+    action() {
+        return this.rawValue.split(':')[1];
+    }
+}
+exports.ActionImpl = ActionImpl;
+//# sourceMappingURL=action.js.map

package/dist/cjs/actions/action.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"action.js","sourceRoot":"","sources":["../../../src/actions/action.ts"],"names":[],"mappings":";;;AAAA,0CAA4C;AAkD5C,MAAa,UAAU;IACQ;IAA7B,YAA6B,QAAgB;QAAhB,aAAQ,GAAR,QAAQ,CAAQ;IAAG,CAAC;IAE1C,IAAI;QACT,IAAG,IAAA,yBAAc,EAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjC,OAAO,UAAU,CAAA;QACnB,CAAC;QACD,OAAO,SAAS,CAAA;IAClB,CAAC;IAEM,KAAK;QACV,OAAO,IAAI,CAAC,QAAQ,CAAA;IACtB,CAAC;IAEM,gBAAgB;QACrB,OAAO,IAAI,CAAC,IAAI,EAAE,KAAK,UAAU,CAAA;IACnC,CAAC;IAEM,eAAe;QACpB,OAAO,IAAI,CAAC,IAAI,EAAE,KAAK,SAAS,CAAA;IAClC,CAAC;IAEM,OAAO;QACZ,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;IACpC,CAAC;IAEM,MAAM;QACX,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;IACpC,CAAC;CACF;AA7BD,gCA6BC"}

package/dist/cjs/conditions/condition.d.ts

@@ -0,0 +1,15 @@
+export interface Condition {
+    operation(): string;
+    conditionKey(): string;
+    conditionValues(): string[];
+}
+export declare class ConditionImpl implements Condition {
+    private readonly op;
+    private readonly key;
+    private readonly values;
+    constructor(op: string, key: string, values: string | string[]);
+    operation(): string;
+    conditionKey(): string;
+    conditionValues(): string[];
+}
+//# sourceMappingURL=condition.d.ts.map

package/dist/cjs/conditions/condition.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"condition.d.ts","sourceRoot":"","sources":["../../../src/conditions/condition.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,SAAS;IACxB,SAAS,IAAI,MAAM,CAAA;IACnB,YAAY,IAAI,MAAM,CAAA;IACtB,eAAe,IAAI,MAAM,EAAE,CAAA;CAC5B;AAED,qBAAa,aAAc,YAAW,SAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,EAAE;IAAU,OAAO,CAAC,QAAQ,CAAC,GAAG;IAAU,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAjE,EAAE,EAAE,MAAM,EAAmB,GAAG,EAAE,MAAM,EAAmB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE;IAE1G,SAAS,IAAI,MAAM;IAInB,YAAY,IAAI,MAAM;IAItB,eAAe,IAAI,MAAM,EAAE;CAGnC"}

package/dist/cjs/conditions/condition.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ConditionImpl = void 0;
+class ConditionImpl {
+    op;
+    key;
+    values;
+    constructor(op, key, values) {
+        this.op = op;
+        this.key = key;
+        this.values = values;
+    }
+    operation() {
+        return this.op;
+    }
+    conditionKey() {
+        return this.key;
+    }
+    conditionValues() {
+        return typeof this.values === 'string' ? [this.values] : this.values;
+    }
+}
+exports.ConditionImpl = ConditionImpl;
+//# sourceMappingURL=condition.js.map

package/dist/cjs/conditions/condition.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"condition.js","sourceRoot":"","sources":["../../../src/conditions/condition.ts"],"names":[],"mappings":";;;AAMA,MAAa,aAAa;IACK;IAA6B;IAA8B;IAAxF,YAA6B,EAAU,EAAmB,GAAW,EAAmB,MAAyB;QAApF,OAAE,GAAF,EAAE,CAAQ;QAAmB,QAAG,GAAH,GAAG,CAAQ;QAAmB,WAAM,GAAN,MAAM,CAAmB;IAAG,CAAC;IAE9G,SAAS;QACd,OAAO,IAAI,CAAC,EAAE,CAAA;IAChB,CAAC;IAEM,YAAY;QACjB,OAAO,IAAI,CAAC,GAAG,CAAA;IACjB,CAAC;IAEM,eAAe;QACpB,OAAO,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAA;IACtE,CAAC;CACF;AAdD,sCAcC"}

package/dist/cjs/conditions/conditions.d.ts

@@ -0,0 +1,15 @@
+export interface Condition {
+    operation(): string;
+    conditionKey(): string;
+    conditionValues(): string[];
+}
+export declare class ConditionImpl implements Condition {
+    private readonly op;
+    private readonly key;
+    private readonly values;
+    constructor(op: string, key: string, values: string | string[]);
+    operation(): string;
+    conditionKey(): string;
+    conditionValues(): string[];
+}
+//# sourceMappingURL=conditions.d.ts.map

package/dist/cjs/conditions/conditions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"conditions.d.ts","sourceRoot":"","sources":["../../../src/conditions/conditions.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,SAAS;IACxB,SAAS,IAAI,MAAM,CAAA;IACnB,YAAY,IAAI,MAAM,CAAA;IACtB,eAAe,IAAI,MAAM,EAAE,CAAA;CAC5B;AAED,qBAAa,aAAc,YAAW,SAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,EAAE;IAAU,OAAO,CAAC,QAAQ,CAAC,GAAG;IAAU,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAjE,EAAE,EAAE,MAAM,EAAmB,GAAG,EAAE,MAAM,EAAmB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE;IAE1G,SAAS,IAAI,MAAM;IAInB,YAAY,IAAI,MAAM;IAItB,eAAe,IAAI,MAAM,EAAE;CAGnC"}

package/dist/cjs/conditions/conditions.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ConditionImpl = void 0;
+class ConditionImpl {
+    op;
+    key;
+    values;
+    constructor(op, key, values) {
+        this.op = op;
+        this.key = key;
+        this.values = values;
+    }
+    operation() {
+        return this.op;
+    }
+    conditionKey() {
+        return this.key;
+    }
+    conditionValues() {
+        return typeof this.values === 'string' ? [this.values] : this.values;
+    }
+}
+exports.ConditionImpl = ConditionImpl;
+//# sourceMappingURL=conditions.js.map

package/dist/cjs/conditions/conditions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"conditions.js","sourceRoot":"","sources":["../../../src/conditions/conditions.ts"],"names":[],"mappings":";;;AAMA,MAAa,aAAa;IACK;IAA6B;IAA8B;IAAxF,YAA6B,EAAU,EAAmB,GAAW,EAAmB,MAAyB;QAApF,OAAE,GAAF,EAAE,CAAQ;QAAmB,QAAG,GAAH,GAAG,CAAQ;QAAmB,WAAM,GAAN,MAAM,CAAmB;IAAG,CAAC;IAE9G,SAAS;QACd,OAAO,IAAI,CAAC,EAAE,CAAA;IAChB,CAAC;IAEM,YAAY;QACjB,OAAO,IAAI,CAAC,GAAG,CAAA;IACjB,CAAC;IAEM,eAAe;QACpB,OAAO,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAA;IACtE,CAAC;CACF;AAdD,sCAcC"}

package/dist/cjs/index.d.ts

@@ -0,0 +1,8 @@
+export type { Action, ActionType, ServiceAction, WildcardAction } from './actions/action.js';
+export type { Condition } from './conditions/condition.js';
+export { loadPolicy } from './parser.js';
+export type { Policy } from './policies/policy.js';
+export type { Principal, PrincipalType } from './principals/principal.js';
+export type { Resource } from './resources/resource.js';
+export type { ActionStatement, NotActionStatement, NotPrincipalStatement, NotResourceStatement, PrincipalStatement, ResourceStatement, Statement } from './statements/statement.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/cjs/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAC5F,YAAY,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAC1D,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,YAAY,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAClD,YAAY,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAA;AACzE,YAAY,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAA;AACvD,YAAY,EAAE,eAAe,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA"}

package/dist/cjs/index.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadPolicy = void 0;
+var parser_js_1 = require("./parser.js");
+Object.defineProperty(exports, "loadPolicy", { enumerable: true, get: function () { return parser_js_1.loadPolicy; } });
+//# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAEA,yCAAwC;AAA/B,uGAAA,UAAU,OAAA"}

package/dist/cjs/package.json

@@ -0,0 +1,3 @@
+{
+    "type": "commonjs"
+}

package/dist/cjs/parser.d.ts

@@ -0,0 +1,9 @@
+import { PolicyImpl } from "./policies/policy.js";
+/**
+ * Load a Policy from a policy document
+ *
+ * @param policyDocument the policy document JSON object
+ * @returns the Policy object for the backing policy document
+ */
+export declare function loadPolicy(policyDocument: any): PolicyImpl;
+//# sourceMappingURL=parser.d.ts.map

package/dist/cjs/parser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../../src/parser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAElD;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,cAAc,EAAE,GAAG,cAE7C"}

package/dist/cjs/parser.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadPolicy = loadPolicy;
+const policy_js_1 = require("./policies/policy.js");
+/**
+ * Load a Policy from a policy document
+ *
+ * @param policyDocument the policy document JSON object
+ * @returns the Policy object for the backing policy document
+ */
+function loadPolicy(policyDocument) {
+    return new policy_js_1.PolicyImpl(policyDocument);
+}
+//# sourceMappingURL=parser.js.map

package/dist/cjs/parser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"parser.js","sourceRoot":"","sources":["../../src/parser.ts"],"names":[],"mappings":";;AAQA,gCAEC;AAVD,oDAAkD;AAElD;;;;;GAKG;AACH,SAAgB,UAAU,CAAC,cAAmB;IAC1C,OAAO,IAAI,sBAAU,CAAC,cAAc,CAAC,CAAC;AAC1C,CAAC"}

package/dist/cjs/policies/policy.d.ts

@@ -0,0 +1,14 @@
+import { Statement } from '../statements/statement.js';
+export interface Policy {
+    version(): string | undefined;
+    id(): string | undefined;
+    statements(): Statement[];
+}
+export declare class PolicyImpl {
+    private readonly policyObject;
+    constructor(policyObject: any);
+    version(): string | undefined;
+    id(): string | undefined;
+    statements(): Statement[];
+}
+//# sourceMappingURL=policy.d.ts.map

package/dist/cjs/policies/policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../../src/policies/policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAiB,MAAM,4BAA4B,CAAA;AAErE,MAAM,WAAW,MAAM;IACrB,OAAO,IAAI,MAAM,GAAG,SAAS,CAAA;IAC7B,EAAE,IAAI,MAAM,GAAG,SAAS,CAAA;IACxB,UAAU,IAAI,SAAS,EAAE,CAAA;CAC1B;AAED,qBAAa,UAAU;IACT,OAAO,CAAC,QAAQ,CAAC,YAAY;gBAAZ,YAAY,EAAE,GAAG;IAEvC,OAAO,IAAI,MAAM,GAAG,SAAS;IAI7B,EAAE,IAAI,MAAM,GAAG,SAAS;IAIxB,UAAU,IAAI,SAAS,EAAE;CAGjC"}

package/dist/cjs/policies/policy.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PolicyImpl = void 0;
+const statement_js_1 = require("../statements/statement.js");
+class PolicyImpl {
+    policyObject;
+    constructor(policyObject) {
+        this.policyObject = policyObject;
+    }
+    version() {
+        return this.policyObject.Version;
+    }
+    id() {
+        return this.policyObject.Id;
+    }
+    statements() {
+        return [this.policyObject.Statement].flat().map((statement) => new statement_js_1.StatementImpl(statement));
+    }
+}
+exports.PolicyImpl = PolicyImpl;
+//# sourceMappingURL=policy.js.map

package/dist/cjs/policies/policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../src/policies/policy.ts"],"names":[],"mappings":";;;AAAA,6DAAqE;AAQrE,MAAa,UAAU;IACQ;IAA7B,YAA6B,YAAiB;QAAjB,iBAAY,GAAZ,YAAY,CAAK;IAAG,CAAC;IAE3C,OAAO;QACZ,OAAO,IAAI,CAAC,YAAY,CAAC,OAAO,CAAA;IAClC,CAAC;IAEM,EAAE;QACP,OAAO,IAAI,CAAC,YAAY,CAAC,EAAE,CAAA;IAC7B,CAAC;IAEM,UAAU;QACf,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,SAAc,EAAE,EAAE,CAAC,IAAI,4BAAa,CAAC,SAAS,CAAC,CAAC,CAAA;IACnG,CAAC;CACF;AAdD,gCAcC"}

package/dist/cjs/principals/principal.d.ts

@@ -0,0 +1,21 @@
+export type PrincipalType = 'AWS' | 'Service' | 'Federated' | 'CanonicalUser';
+export interface Principal {
+    type(): PrincipalType;
+    value(): string;
+}
+export declare class PrincipalImpl {
+    private readonly principalType;
+    private readonly principalId;
+    constructor(principalType: PrincipalType, principalId: string);
+    value(): string;
+    type(): PrincipalType;
+}
+export declare class AwsPrincipal extends PrincipalImpl {
+}
+export declare class ServicePrincipal extends PrincipalImpl {
+}
+export declare class FederatedPrincipal extends PrincipalImpl {
+}
+export declare class CanonicalUserPrincipal extends PrincipalImpl {
+}
+//# sourceMappingURL=principal.d.ts.map

package/dist/cjs/principals/principal.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"principal.d.ts","sourceRoot":"","sources":["../../../src/principals/principal.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GAAG,KAAK,GAAG,SAAS,GAAG,WAAW,GAAG,eAAe,CAAA;AAE7E,MAAM,WAAW,SAAS;IACxB,IAAI,IAAI,aAAa,CAAA;IACrB,KAAK,IAAI,MAAM,CAAA;CAChB;AAED,qBAAa,aAAa;IACZ,OAAO,CAAC,QAAQ,CAAC,aAAa;IAAiB,OAAO,CAAC,QAAQ,CAAC,WAAW;gBAA1D,aAAa,EAAE,aAAa,EAAmB,WAAW,EAAE,MAAM;IAExF,KAAK,IAAI,MAAM;IAIf,IAAI,IAAI,aAAa;CAG7B;AAGD,qBAAa,YAAa,SAAQ,aAAa;CAC9C;AAGD,qBAAa,gBAAiB,SAAQ,aAAa;CAClD;AAGD,qBAAa,kBAAmB,SAAQ,aAAa;CACpD;AAGD,qBAAa,sBAAuB,SAAQ,aAAa;CACxD"}

package/dist/cjs/principals/principal.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CanonicalUserPrincipal = exports.FederatedPrincipal = exports.ServicePrincipal = exports.AwsPrincipal = exports.PrincipalImpl = void 0;
+class PrincipalImpl {
+    principalType;
+    principalId;
+    constructor(principalType, principalId) {
+        this.principalType = principalType;
+        this.principalId = principalId;
+    }
+    value() {
+        return this.principalId;
+    }
+    type() {
+        return this.principalType;
+    }
+}
+exports.PrincipalImpl = PrincipalImpl;
+//AWS
+class AwsPrincipal extends PrincipalImpl {
+}
+exports.AwsPrincipal = AwsPrincipal;
+//Service
+class ServicePrincipal extends PrincipalImpl {
+}
+exports.ServicePrincipal = ServicePrincipal;
+//Federated
+class FederatedPrincipal extends PrincipalImpl {
+}
+exports.FederatedPrincipal = FederatedPrincipal;
+//CanonicalUser
+class CanonicalUserPrincipal extends PrincipalImpl {
+}
+exports.CanonicalUserPrincipal = CanonicalUserPrincipal;
+//# sourceMappingURL=principal.js.map

package/dist/cjs/principals/principal.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"principal.js","sourceRoot":"","sources":["../../../src/principals/principal.ts"],"names":[],"mappings":";;;AAOA,MAAa,aAAa;IACK;IAA+C;IAA5E,YAA6B,aAA4B,EAAmB,WAAmB;QAAlE,kBAAa,GAAb,aAAa,CAAe;QAAmB,gBAAW,GAAX,WAAW,CAAQ;IAAG,CAAC;IAE5F,KAAK;QACV,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,IAAI;QACT,OAAO,IAAI,CAAC,aAAa,CAAA;IAC3B,CAAC;CACF;AAVD,sCAUC;AAED,KAAK;AACL,MAAa,YAAa,SAAQ,aAAa;CAC9C;AADD,oCACC;AAED,SAAS;AACT,MAAa,gBAAiB,SAAQ,aAAa;CAClD;AADD,4CACC;AAED,WAAW;AACX,MAAa,kBAAmB,SAAQ,aAAa;CACpD;AADD,gDACC;AAED,eAAe;AACf,MAAa,sBAAuB,SAAQ,aAAa;CACxD;AADD,wDACC"}

package/dist/cjs/principals/principals.d.ts

@@ -0,0 +1,21 @@
+export type PrincipalType = 'AWS' | 'Service' | 'Federated' | 'CanonicalUser';
+export interface Principal {
+    type(): PrincipalType;
+    value(): string;
+}
+export declare class PrincipalImpl {
+    private readonly principalType;
+    private readonly principalId;
+    constructor(principalType: PrincipalType, principalId: string);
+    value(): string;
+    type(): PrincipalType;
+}
+export declare class AwsPrincipal extends PrincipalImpl {
+}
+export declare class ServicePrincipal extends PrincipalImpl {
+}
+export declare class FederatedPrincipal extends PrincipalImpl {
+}
+export declare class CanonicalUserPrincipal extends PrincipalImpl {
+}
+//# sourceMappingURL=principals.d.ts.map

package/dist/cjs/principals/principals.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"principals.d.ts","sourceRoot":"","sources":["../../../src/principals/principals.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GAAG,KAAK,GAAG,SAAS,GAAG,WAAW,GAAG,eAAe,CAAA;AAE7E,MAAM,WAAW,SAAS;IACxB,IAAI,IAAI,aAAa,CAAA;IACrB,KAAK,IAAI,MAAM,CAAA;CAChB;AAED,qBAAa,aAAa;IACZ,OAAO,CAAC,QAAQ,CAAC,aAAa;IAAiB,OAAO,CAAC,QAAQ,CAAC,WAAW;gBAA1D,aAAa,EAAE,aAAa,EAAmB,WAAW,EAAE,MAAM;IAExF,KAAK,IAAI,MAAM;IAIf,IAAI,IAAI,aAAa;CAG7B;AAGD,qBAAa,YAAa,SAAQ,aAAa;CAC9C;AAGD,qBAAa,gBAAiB,SAAQ,aAAa;CAClD;AAGD,qBAAa,kBAAmB,SAAQ,aAAa;CACpD;AAGD,qBAAa,sBAAuB,SAAQ,aAAa;CACxD"}

package/dist/cjs/principals/principals.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CanonicalUserPrincipal = exports.FederatedPrincipal = exports.ServicePrincipal = exports.AwsPrincipal = exports.PrincipalImpl = void 0;
+class PrincipalImpl {
+    principalType;
+    principalId;
+    constructor(principalType, principalId) {
+        this.principalType = principalType;
+        this.principalId = principalId;
+    }
+    value() {
+        return this.principalId;
+    }
+    type() {
+        return this.principalType;
+    }
+}
+exports.PrincipalImpl = PrincipalImpl;
+//AWS
+class AwsPrincipal extends PrincipalImpl {
+}
+exports.AwsPrincipal = AwsPrincipal;
+//Service
+class ServicePrincipal extends PrincipalImpl {
+}
+exports.ServicePrincipal = ServicePrincipal;
+//Federated
+class FederatedPrincipal extends PrincipalImpl {
+}
+exports.FederatedPrincipal = FederatedPrincipal;
+//CanonicalUser
+class CanonicalUserPrincipal extends PrincipalImpl {
+}
+exports.CanonicalUserPrincipal = CanonicalUserPrincipal;
+//# sourceMappingURL=principals.js.map

package/dist/cjs/principals/principals.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"principals.js","sourceRoot":"","sources":["../../../src/principals/principals.ts"],"names":[],"mappings":";;;AAOA,MAAa,aAAa;IACK;IAA+C;IAA5E,YAA6B,aAA4B,EAAmB,WAAmB;QAAlE,kBAAa,GAAb,aAAa,CAAe;QAAmB,gBAAW,GAAX,WAAW,CAAQ;IAAG,CAAC;IAE5F,KAAK;QACV,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,IAAI;QACT,OAAO,IAAI,CAAC,aAAa,CAAA;IAC3B,CAAC;CACF;AAVD,sCAUC;AAED,KAAK;AACL,MAAa,YAAa,SAAQ,aAAa;CAC9C;AADD,oCACC;AAED,SAAS;AACT,MAAa,gBAAiB,SAAQ,aAAa;CAClD;AADD,4CACC;AAED,WAAW;AACX,MAAa,kBAAmB,SAAQ,aAAa;CACpD;AADD,gDACC;AAED,eAAe;AACf,MAAa,sBAAuB,SAAQ,aAAa;CACxD;AADD,wDACC"}

package/dist/cjs/resources/resource.d.ts

@@ -0,0 +1,20 @@
+/**
+ * A resource string in an IAM policy
+ */
+export interface Resource {
+    /**
+     * The raw string of the resource
+     */
+    value(): string;
+    /**
+     * Whether the resource is all resources: `"*"`
+     */
+    isAllResources(): boolean;
+}
+export declare class ResourceImpl implements Resource {
+    private readonly rawValue;
+    constructor(rawValue: string);
+    value(): string;
+    isAllResources(): boolean;
+}
+//# sourceMappingURL=resource.d.ts.map

package/dist/cjs/resources/resource.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resource.d.ts","sourceRoot":"","sources":["../../../src/resources/resource.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB;;OAEG;IACH,KAAK,IAAI,MAAM,CAAA;IAEf;;OAEG;IACH,cAAc,IAAI,OAAO,CAAA;CAC1B;AAGD,qBAAa,YAAa,YAAW,QAAQ;IAC/B,OAAO,CAAC,QAAQ,CAAC,QAAQ;gBAAR,QAAQ,EAAE,MAAM;IAEtC,KAAK,IAAI,MAAM;IAIf,cAAc,IAAI,OAAO;CAGjC"}

package/dist/cjs/resources/resource.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ResourceImpl = void 0;
+const utils_js_1 = require("../utils.js");
+class ResourceImpl {
+    rawValue;
+    constructor(rawValue) {
+        this.rawValue = rawValue;
+    }
+    value() {
+        return this.rawValue;
+    }
+    isAllResources() {
+        return (0, utils_js_1.isAllWildcards)(this.rawValue);
+    }
+}
+exports.ResourceImpl = ResourceImpl;
+//# sourceMappingURL=resource.js.map

package/dist/cjs/resources/resource.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resource.js","sourceRoot":"","sources":["../../../src/resources/resource.ts"],"names":[],"mappings":";;;AAAA,0CAA6C;AAkB7C,MAAa,YAAY;IACM;IAA7B,YAA6B,QAAgB;QAAhB,aAAQ,GAAR,QAAQ,CAAQ;IAAG,CAAC;IAE1C,KAAK;QACV,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAEM,cAAc;QACnB,OAAO,IAAA,yBAAc,EAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;IACtC,CAAC;CACF;AAVD,oCAUC"}