@cloud-copilot/iam-policy 0.0.8 → 0.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/index.d.ts +1 -1
- package/dist/cjs/index.d.ts.map +1 -1
- package/dist/cjs/principals/principal.d.ts +37 -9
- package/dist/cjs/principals/principal.d.ts.map +1 -1
- package/dist/cjs/principals/principal.js +66 -17
- package/dist/cjs/principals/principal.js.map +1 -1
- package/dist/esm/index.d.ts +1 -1
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/principals/principal.d.ts +37 -9
- package/dist/esm/principals/principal.d.ts.map +1 -1
- package/dist/esm/principals/principal.js +65 -12
- package/dist/esm/principals/principal.js.map +1 -1
- package/package.json +1 -1
package/dist/cjs/index.d.ts
CHANGED
|
@@ -3,7 +3,7 @@ export type { Condition } from './conditions/condition.js';
|
|
|
3
3
|
export type { ConditionOperation, SetOperator } from './conditions/conditionOperation.js';
|
|
4
4
|
export { loadPolicy } from './parser.js';
|
|
5
5
|
export type { Policy } from './policies/policy.js';
|
|
6
|
-
export type { Principal, PrincipalType } from './principals/principal.js';
|
|
6
|
+
export type { AccountPrincipal, AwsPrincipal, CanonicalUserPrincipal, FederatedPrincipal, Principal, PrincipalType, ServicePrincipal, WildcardPrincipal } from './principals/principal.js';
|
|
7
7
|
export type { Resource } from './resources/resource.js';
|
|
8
8
|
export type { ActionStatement, NotActionStatement, NotPrincipalStatement, NotResourceStatement, PrincipalStatement, ResourceStatement, Statement } from './statements/statement.js';
|
|
9
9
|
export { validatePolicySyntax, type ValidationError } from './validate/validate.js';
|
package/dist/cjs/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAC5F,YAAY,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAC1D,YAAY,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAA;AACzF,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,YAAY,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAClD,YAAY,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAA;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAC5F,YAAY,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAC1D,YAAY,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAA;AACzF,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,YAAY,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAClD,YAAY,EAAE,gBAAgB,EAAE,YAAY,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,SAAS,EAAE,aAAa,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAA;AAC1L,YAAY,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAA;AACvD,YAAY,EAAE,eAAe,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AACnL,OAAO,EAAE,oBAAoB,EAAE,KAAK,eAAe,EAAE,MAAM,wBAAwB,CAAA"}
|
|
@@ -2,20 +2,48 @@ export type PrincipalType = 'AWS' | 'Service' | 'Federated' | 'CanonicalUser';
|
|
|
2
2
|
export interface Principal {
|
|
3
3
|
type(): PrincipalType;
|
|
4
4
|
value(): string;
|
|
5
|
+
isWildcardPrincipal(): this is WildcardPrincipal;
|
|
6
|
+
isServicePrincipal(): this is ServicePrincipal;
|
|
7
|
+
isAwsPrincipal(): this is AwsPrincipal;
|
|
8
|
+
isFederatedPrincipal(): this is FederatedPrincipal;
|
|
9
|
+
isCanonicalUserPrincipal(): this is CanonicalUserPrincipal;
|
|
10
|
+
isAccountPrincipal(): this is AccountPrincipal;
|
|
5
11
|
}
|
|
6
|
-
export
|
|
12
|
+
export interface WildcardPrincipal extends Principal {
|
|
13
|
+
wildcard(): '*';
|
|
14
|
+
}
|
|
15
|
+
export interface AccountPrincipal extends Principal {
|
|
16
|
+
accountId(): string;
|
|
17
|
+
}
|
|
18
|
+
export interface AwsPrincipal extends Principal {
|
|
19
|
+
arn(): string;
|
|
20
|
+
}
|
|
21
|
+
export interface ServicePrincipal extends Principal {
|
|
22
|
+
service(): string;
|
|
23
|
+
}
|
|
24
|
+
export interface FederatedPrincipal extends Principal {
|
|
25
|
+
federated(): string;
|
|
26
|
+
}
|
|
27
|
+
export interface CanonicalUserPrincipal extends Principal {
|
|
28
|
+
canonicalUser(): string;
|
|
29
|
+
}
|
|
30
|
+
export declare class PrincipalImpl implements Principal, WildcardPrincipal, AccountPrincipal, AwsPrincipal, ServicePrincipal, FederatedPrincipal, CanonicalUserPrincipal {
|
|
7
31
|
private readonly principalType;
|
|
8
32
|
private readonly principalId;
|
|
9
33
|
constructor(principalType: PrincipalType, principalId: string);
|
|
10
34
|
value(): string;
|
|
11
35
|
type(): PrincipalType;
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
36
|
+
isWildcardPrincipal(): this is WildcardPrincipal;
|
|
37
|
+
isAccountPrincipal(): this is AccountPrincipal;
|
|
38
|
+
isAwsPrincipal(): this is AwsPrincipal;
|
|
39
|
+
isServicePrincipal(): this is ServicePrincipal;
|
|
40
|
+
isFederatedPrincipal(): this is FederatedPrincipal;
|
|
41
|
+
isCanonicalUserPrincipal(): this is CanonicalUserPrincipal;
|
|
42
|
+
wildcard(): '*';
|
|
43
|
+
accountId(): string;
|
|
44
|
+
arn(): string;
|
|
45
|
+
service(): string;
|
|
46
|
+
federated(): string;
|
|
47
|
+
canonicalUser(): string;
|
|
20
48
|
}
|
|
21
49
|
//# sourceMappingURL=principal.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"principal.d.ts","sourceRoot":"","sources":["../../../src/principals/principal.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GAAG,KAAK,GAAG,SAAS,GAAG,WAAW,GAAG,eAAe,CAAA;AAE7E,MAAM,WAAW,SAAS;IACxB,IAAI,IAAI,aAAa,CAAA;IACrB,KAAK,IAAI,MAAM,CAAA;CAChB;AAED,
|
|
1
|
+
{"version":3,"file":"principal.d.ts","sourceRoot":"","sources":["../../../src/principals/principal.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GAAG,KAAK,GAAG,SAAS,GAAG,WAAW,GAAG,eAAe,CAAA;AAE7E,MAAM,WAAW,SAAS;IACxB,IAAI,IAAI,aAAa,CAAA;IACrB,KAAK,IAAI,MAAM,CAAA;IAEf,mBAAmB,IAAI,IAAI,IAAI,iBAAiB,CAAA;IAChD,kBAAkB,IAAI,IAAI,IAAI,gBAAgB,CAAA;IAC9C,cAAc,IAAI,IAAI,IAAI,YAAY,CAAA;IACtC,oBAAoB,IAAI,IAAI,IAAI,kBAAkB,CAAA;IAClD,wBAAwB,IAAI,IAAI,IAAI,sBAAsB,CAAA;IAC1D,kBAAkB,IAAI,IAAI,IAAI,gBAAgB,CAAA;CAE/C;AAED,MAAM,WAAW,iBAAkB,SAAQ,SAAS;IAClD,QAAQ,IAAI,GAAG,CAAA;CAChB;AAED,MAAM,WAAW,gBAAiB,SAAQ,SAAS;IACjD,SAAS,IAAI,MAAM,CAAA;CACpB;AAED,MAAM,WAAW,YAAa,SAAQ,SAAS;IAC7C,GAAG,IAAI,MAAM,CAAA;CACd;AAED,MAAM,WAAW,gBAAiB,SAAQ,SAAS;IACjD,OAAO,IAAI,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,kBAAmB,SAAQ,SAAS;IACnD,SAAS,IAAI,MAAM,CAAA;CACpB;AAED,MAAM,WAAW,sBAAuB,SAAQ,SAAS;IACvD,aAAa,IAAI,MAAM,CAAA;CACxB;AAKD,qBAAa,aAAc,YAAW,SAAS,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,YAAY,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,sBAAsB;IAClJ,OAAO,CAAC,QAAQ,CAAC,aAAa;IAAiB,OAAO,CAAC,QAAQ,CAAC,WAAW;gBAA1D,aAAa,EAAE,aAAa,EAAmB,WAAW,EAAE,MAAM;IAExF,KAAK,IAAI,MAAM;IAIf,IAAI,IAAI,aAAa;IAIrB,mBAAmB,IAAI,IAAI,IAAI,iBAAiB;IAIhD,kBAAkB,IAAI,IAAI,IAAI,gBAAgB;IAO9C,cAAc,IAAI,IAAI,IAAI,YAAY;IAQtC,kBAAkB,IAAI,IAAI,IAAI,gBAAgB;IAI9C,oBAAoB,IAAI,IAAI,IAAI,kBAAkB;IAIlD,wBAAwB,IAAI,IAAI,IAAI,sBAAsB;IAI1D,QAAQ,IAAI,GAAG;IAOf,SAAS,IAAI,MAAM;IAUnB,GAAG,IAAI,MAAM;IAOb,OAAO,IAAI,MAAM;IAOjB,SAAS,IAAI,MAAM;IAOnB,aAAa,IAAI,MAAM;CAO/B"}
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
3
|
+
exports.PrincipalImpl = void 0;
|
|
4
|
+
const accountIdRegex = /^[0-9]{12}$/;
|
|
5
|
+
const accountArnRegex = /^arn:.*?:iam::[0-9]{12}:root$/;
|
|
4
6
|
class PrincipalImpl {
|
|
5
7
|
principalType;
|
|
6
8
|
principalId;
|
|
@@ -14,22 +16,69 @@ class PrincipalImpl {
|
|
|
14
16
|
type() {
|
|
15
17
|
return this.principalType;
|
|
16
18
|
}
|
|
19
|
+
isWildcardPrincipal() {
|
|
20
|
+
return this.principalType === 'AWS' && this.principalId === '*';
|
|
21
|
+
}
|
|
22
|
+
isAccountPrincipal() {
|
|
23
|
+
if (this.principalType !== 'AWS') {
|
|
24
|
+
return false;
|
|
25
|
+
}
|
|
26
|
+
return accountIdRegex.test(this.principalId) || accountArnRegex.test(this.principalId);
|
|
27
|
+
}
|
|
28
|
+
isAwsPrincipal() {
|
|
29
|
+
if (this.principalType !== 'AWS') {
|
|
30
|
+
return false;
|
|
31
|
+
}
|
|
32
|
+
return this.principalId != "*" && !this.isAccountPrincipal();
|
|
33
|
+
}
|
|
34
|
+
isServicePrincipal() {
|
|
35
|
+
return this.principalType === 'Service';
|
|
36
|
+
}
|
|
37
|
+
isFederatedPrincipal() {
|
|
38
|
+
return this.principalType === 'Federated';
|
|
39
|
+
}
|
|
40
|
+
isCanonicalUserPrincipal() {
|
|
41
|
+
return this.principalType === 'CanonicalUser';
|
|
42
|
+
}
|
|
43
|
+
wildcard() {
|
|
44
|
+
if (!this.isWildcardPrincipal()) {
|
|
45
|
+
throw new Error('Principal is not a wildcard principal, call isWildcardPrincipal() before calling wildcard()');
|
|
46
|
+
}
|
|
47
|
+
return '*';
|
|
48
|
+
}
|
|
49
|
+
accountId() {
|
|
50
|
+
if (!this.isAccountPrincipal()) {
|
|
51
|
+
throw new Error('Principal is not an account principal, call isAccountPrincipal() before calling accountId()');
|
|
52
|
+
}
|
|
53
|
+
if (accountArnRegex.test(this.principalId)) {
|
|
54
|
+
return this.principalId.split(':')[4];
|
|
55
|
+
}
|
|
56
|
+
return this.principalId;
|
|
57
|
+
}
|
|
58
|
+
arn() {
|
|
59
|
+
if (!this.isAwsPrincipal()) {
|
|
60
|
+
throw new Error('Principal is not an AWS principal, call isAwsPrincipal() before calling arn()');
|
|
61
|
+
}
|
|
62
|
+
return this.principalId;
|
|
63
|
+
}
|
|
64
|
+
service() {
|
|
65
|
+
if (!this.isServicePrincipal()) {
|
|
66
|
+
throw new Error('Principal is not a service principal, call isServicePrincipal() before calling service()');
|
|
67
|
+
}
|
|
68
|
+
return this.principalId;
|
|
69
|
+
}
|
|
70
|
+
federated() {
|
|
71
|
+
if (this.principalType !== 'Federated') {
|
|
72
|
+
throw new Error('Principal is not a federated principal, call isFederatedPrincipal() before calling federated()');
|
|
73
|
+
}
|
|
74
|
+
return this.principalId;
|
|
75
|
+
}
|
|
76
|
+
canonicalUser() {
|
|
77
|
+
if (this.principalType !== 'CanonicalUser') {
|
|
78
|
+
throw new Error('Principal is not a canonical user principal, call isCanonicalUserPrincipal() before calling canonicalUser()');
|
|
79
|
+
}
|
|
80
|
+
return this.principalId;
|
|
81
|
+
}
|
|
17
82
|
}
|
|
18
83
|
exports.PrincipalImpl = PrincipalImpl;
|
|
19
|
-
//AWS
|
|
20
|
-
class AwsPrincipal extends PrincipalImpl {
|
|
21
|
-
}
|
|
22
|
-
exports.AwsPrincipal = AwsPrincipal;
|
|
23
|
-
//Service
|
|
24
|
-
class ServicePrincipal extends PrincipalImpl {
|
|
25
|
-
}
|
|
26
|
-
exports.ServicePrincipal = ServicePrincipal;
|
|
27
|
-
//Federated
|
|
28
|
-
class FederatedPrincipal extends PrincipalImpl {
|
|
29
|
-
}
|
|
30
|
-
exports.FederatedPrincipal = FederatedPrincipal;
|
|
31
|
-
//CanonicalUser
|
|
32
|
-
class CanonicalUserPrincipal extends PrincipalImpl {
|
|
33
|
-
}
|
|
34
|
-
exports.CanonicalUserPrincipal = CanonicalUserPrincipal;
|
|
35
84
|
//# sourceMappingURL=principal.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"principal.js","sourceRoot":"","sources":["../../../src/principals/principal.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"principal.js","sourceRoot":"","sources":["../../../src/principals/principal.ts"],"names":[],"mappings":";;;AAuCA,MAAM,cAAc,GAAG,aAAa,CAAA;AACpC,MAAM,eAAe,GAAG,+BAA+B,CAAA;AAEvD,MAAa,aAAa;IACK;IAA+C;IAA5E,YAA6B,aAA4B,EAAmB,WAAmB;QAAlE,kBAAa,GAAb,aAAa,CAAe;QAAmB,gBAAW,GAAX,WAAW,CAAQ;IAAG,CAAC;IAE5F,KAAK;QACV,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,IAAI;QACT,OAAO,IAAI,CAAC,aAAa,CAAA;IAC3B,CAAC;IAEM,mBAAmB;QACxB,OAAO,IAAI,CAAC,aAAa,KAAK,KAAK,IAAI,IAAI,CAAC,WAAW,KAAK,GAAG,CAAA;IACjE,CAAC;IAEM,kBAAkB;QACvB,IAAG,IAAI,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;YAChC,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;IACxF,CAAC;IAEM,cAAc;QACnB,IAAG,IAAI,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;YAChC,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAA;IAC9D,CAAC;IAGM,kBAAkB;QACvB,OAAO,IAAI,CAAC,aAAa,KAAK,SAAS,CAAA;IACzC,CAAC;IAEM,oBAAoB;QACzB,OAAO,IAAI,CAAC,aAAa,KAAK,WAAW,CAAA;IAC3C,CAAC;IAEM,wBAAwB;QAC7B,OAAO,IAAI,CAAC,aAAa,KAAK,eAAe,CAAA;IAC/C,CAAC;IAEM,QAAQ;QACb,IAAG,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,6FAA6F,CAAC,CAAA;QAChH,CAAC;QACD,OAAO,GAAG,CAAA;IACZ,CAAC;IAEM,SAAS;QACd,IAAG,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,6FAA6F,CAAC,CAAA;QAChH,CAAC;QACD,IAAG,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAC1C,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;QACvC,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,GAAG;QACR,IAAG,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,+EAA+E,CAAC,CAAA;QAClG,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,OAAO;QACZ,IAAG,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,0FAA0F,CAAC,CAAA;QAC7G,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,SAAS;QACd,IAAG,IAAI,CAAC,aAAa,KAAK,WAAW,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,gGAAgG,CAAC,CAAA;QACnH,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,aAAa;QAClB,IAAG,IAAI,CAAC,aAAa,KAAK,eAAe,EAAE,CAAC;YAC1C,MAAM,IAAI,KAAK,CAAC,6GAA6G,CAAC,CAAA;QAChI,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;CAEF;AAvFD,sCAuFC"}
|
package/dist/esm/index.d.ts
CHANGED
|
@@ -3,7 +3,7 @@ export type { Condition } from './conditions/condition.js';
|
|
|
3
3
|
export type { ConditionOperation, SetOperator } from './conditions/conditionOperation.js';
|
|
4
4
|
export { loadPolicy } from './parser.js';
|
|
5
5
|
export type { Policy } from './policies/policy.js';
|
|
6
|
-
export type { Principal, PrincipalType } from './principals/principal.js';
|
|
6
|
+
export type { AccountPrincipal, AwsPrincipal, CanonicalUserPrincipal, FederatedPrincipal, Principal, PrincipalType, ServicePrincipal, WildcardPrincipal } from './principals/principal.js';
|
|
7
7
|
export type { Resource } from './resources/resource.js';
|
|
8
8
|
export type { ActionStatement, NotActionStatement, NotPrincipalStatement, NotResourceStatement, PrincipalStatement, ResourceStatement, Statement } from './statements/statement.js';
|
|
9
9
|
export { validatePolicySyntax, type ValidationError } from './validate/validate.js';
|
package/dist/esm/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAC5F,YAAY,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAC1D,YAAY,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAA;AACzF,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,YAAY,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAClD,YAAY,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAA;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAC5F,YAAY,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAC1D,YAAY,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAA;AACzF,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,YAAY,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAClD,YAAY,EAAE,gBAAgB,EAAE,YAAY,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,SAAS,EAAE,aAAa,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAA;AAC1L,YAAY,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAA;AACvD,YAAY,EAAE,eAAe,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AACnL,OAAO,EAAE,oBAAoB,EAAE,KAAK,eAAe,EAAE,MAAM,wBAAwB,CAAA"}
|
|
@@ -2,20 +2,48 @@ export type PrincipalType = 'AWS' | 'Service' | 'Federated' | 'CanonicalUser';
|
|
|
2
2
|
export interface Principal {
|
|
3
3
|
type(): PrincipalType;
|
|
4
4
|
value(): string;
|
|
5
|
+
isWildcardPrincipal(): this is WildcardPrincipal;
|
|
6
|
+
isServicePrincipal(): this is ServicePrincipal;
|
|
7
|
+
isAwsPrincipal(): this is AwsPrincipal;
|
|
8
|
+
isFederatedPrincipal(): this is FederatedPrincipal;
|
|
9
|
+
isCanonicalUserPrincipal(): this is CanonicalUserPrincipal;
|
|
10
|
+
isAccountPrincipal(): this is AccountPrincipal;
|
|
5
11
|
}
|
|
6
|
-
export
|
|
12
|
+
export interface WildcardPrincipal extends Principal {
|
|
13
|
+
wildcard(): '*';
|
|
14
|
+
}
|
|
15
|
+
export interface AccountPrincipal extends Principal {
|
|
16
|
+
accountId(): string;
|
|
17
|
+
}
|
|
18
|
+
export interface AwsPrincipal extends Principal {
|
|
19
|
+
arn(): string;
|
|
20
|
+
}
|
|
21
|
+
export interface ServicePrincipal extends Principal {
|
|
22
|
+
service(): string;
|
|
23
|
+
}
|
|
24
|
+
export interface FederatedPrincipal extends Principal {
|
|
25
|
+
federated(): string;
|
|
26
|
+
}
|
|
27
|
+
export interface CanonicalUserPrincipal extends Principal {
|
|
28
|
+
canonicalUser(): string;
|
|
29
|
+
}
|
|
30
|
+
export declare class PrincipalImpl implements Principal, WildcardPrincipal, AccountPrincipal, AwsPrincipal, ServicePrincipal, FederatedPrincipal, CanonicalUserPrincipal {
|
|
7
31
|
private readonly principalType;
|
|
8
32
|
private readonly principalId;
|
|
9
33
|
constructor(principalType: PrincipalType, principalId: string);
|
|
10
34
|
value(): string;
|
|
11
35
|
type(): PrincipalType;
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
36
|
+
isWildcardPrincipal(): this is WildcardPrincipal;
|
|
37
|
+
isAccountPrincipal(): this is AccountPrincipal;
|
|
38
|
+
isAwsPrincipal(): this is AwsPrincipal;
|
|
39
|
+
isServicePrincipal(): this is ServicePrincipal;
|
|
40
|
+
isFederatedPrincipal(): this is FederatedPrincipal;
|
|
41
|
+
isCanonicalUserPrincipal(): this is CanonicalUserPrincipal;
|
|
42
|
+
wildcard(): '*';
|
|
43
|
+
accountId(): string;
|
|
44
|
+
arn(): string;
|
|
45
|
+
service(): string;
|
|
46
|
+
federated(): string;
|
|
47
|
+
canonicalUser(): string;
|
|
20
48
|
}
|
|
21
49
|
//# sourceMappingURL=principal.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"principal.d.ts","sourceRoot":"","sources":["../../../src/principals/principal.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GAAG,KAAK,GAAG,SAAS,GAAG,WAAW,GAAG,eAAe,CAAA;AAE7E,MAAM,WAAW,SAAS;IACxB,IAAI,IAAI,aAAa,CAAA;IACrB,KAAK,IAAI,MAAM,CAAA;CAChB;AAED,
|
|
1
|
+
{"version":3,"file":"principal.d.ts","sourceRoot":"","sources":["../../../src/principals/principal.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GAAG,KAAK,GAAG,SAAS,GAAG,WAAW,GAAG,eAAe,CAAA;AAE7E,MAAM,WAAW,SAAS;IACxB,IAAI,IAAI,aAAa,CAAA;IACrB,KAAK,IAAI,MAAM,CAAA;IAEf,mBAAmB,IAAI,IAAI,IAAI,iBAAiB,CAAA;IAChD,kBAAkB,IAAI,IAAI,IAAI,gBAAgB,CAAA;IAC9C,cAAc,IAAI,IAAI,IAAI,YAAY,CAAA;IACtC,oBAAoB,IAAI,IAAI,IAAI,kBAAkB,CAAA;IAClD,wBAAwB,IAAI,IAAI,IAAI,sBAAsB,CAAA;IAC1D,kBAAkB,IAAI,IAAI,IAAI,gBAAgB,CAAA;CAE/C;AAED,MAAM,WAAW,iBAAkB,SAAQ,SAAS;IAClD,QAAQ,IAAI,GAAG,CAAA;CAChB;AAED,MAAM,WAAW,gBAAiB,SAAQ,SAAS;IACjD,SAAS,IAAI,MAAM,CAAA;CACpB;AAED,MAAM,WAAW,YAAa,SAAQ,SAAS;IAC7C,GAAG,IAAI,MAAM,CAAA;CACd;AAED,MAAM,WAAW,gBAAiB,SAAQ,SAAS;IACjD,OAAO,IAAI,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,kBAAmB,SAAQ,SAAS;IACnD,SAAS,IAAI,MAAM,CAAA;CACpB;AAED,MAAM,WAAW,sBAAuB,SAAQ,SAAS;IACvD,aAAa,IAAI,MAAM,CAAA;CACxB;AAKD,qBAAa,aAAc,YAAW,SAAS,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,YAAY,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,sBAAsB;IAClJ,OAAO,CAAC,QAAQ,CAAC,aAAa;IAAiB,OAAO,CAAC,QAAQ,CAAC,WAAW;gBAA1D,aAAa,EAAE,aAAa,EAAmB,WAAW,EAAE,MAAM;IAExF,KAAK,IAAI,MAAM;IAIf,IAAI,IAAI,aAAa;IAIrB,mBAAmB,IAAI,IAAI,IAAI,iBAAiB;IAIhD,kBAAkB,IAAI,IAAI,IAAI,gBAAgB;IAO9C,cAAc,IAAI,IAAI,IAAI,YAAY;IAQtC,kBAAkB,IAAI,IAAI,IAAI,gBAAgB;IAI9C,oBAAoB,IAAI,IAAI,IAAI,kBAAkB;IAIlD,wBAAwB,IAAI,IAAI,IAAI,sBAAsB;IAI1D,QAAQ,IAAI,GAAG;IAOf,SAAS,IAAI,MAAM;IAUnB,GAAG,IAAI,MAAM;IAOb,OAAO,IAAI,MAAM;IAOjB,SAAS,IAAI,MAAM;IAOnB,aAAa,IAAI,MAAM;CAO/B"}
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
const accountIdRegex = /^[0-9]{12}$/;
|
|
2
|
+
const accountArnRegex = /^arn:.*?:iam::[0-9]{12}:root$/;
|
|
1
3
|
export class PrincipalImpl {
|
|
2
4
|
constructor(principalType, principalId) {
|
|
3
5
|
this.principalType = principalType;
|
|
@@ -9,17 +11,68 @@ export class PrincipalImpl {
|
|
|
9
11
|
type() {
|
|
10
12
|
return this.principalType;
|
|
11
13
|
}
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
}
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
14
|
+
isWildcardPrincipal() {
|
|
15
|
+
return this.principalType === 'AWS' && this.principalId === '*';
|
|
16
|
+
}
|
|
17
|
+
isAccountPrincipal() {
|
|
18
|
+
if (this.principalType !== 'AWS') {
|
|
19
|
+
return false;
|
|
20
|
+
}
|
|
21
|
+
return accountIdRegex.test(this.principalId) || accountArnRegex.test(this.principalId);
|
|
22
|
+
}
|
|
23
|
+
isAwsPrincipal() {
|
|
24
|
+
if (this.principalType !== 'AWS') {
|
|
25
|
+
return false;
|
|
26
|
+
}
|
|
27
|
+
return this.principalId != "*" && !this.isAccountPrincipal();
|
|
28
|
+
}
|
|
29
|
+
isServicePrincipal() {
|
|
30
|
+
return this.principalType === 'Service';
|
|
31
|
+
}
|
|
32
|
+
isFederatedPrincipal() {
|
|
33
|
+
return this.principalType === 'Federated';
|
|
34
|
+
}
|
|
35
|
+
isCanonicalUserPrincipal() {
|
|
36
|
+
return this.principalType === 'CanonicalUser';
|
|
37
|
+
}
|
|
38
|
+
wildcard() {
|
|
39
|
+
if (!this.isWildcardPrincipal()) {
|
|
40
|
+
throw new Error('Principal is not a wildcard principal, call isWildcardPrincipal() before calling wildcard()');
|
|
41
|
+
}
|
|
42
|
+
return '*';
|
|
43
|
+
}
|
|
44
|
+
accountId() {
|
|
45
|
+
if (!this.isAccountPrincipal()) {
|
|
46
|
+
throw new Error('Principal is not an account principal, call isAccountPrincipal() before calling accountId()');
|
|
47
|
+
}
|
|
48
|
+
if (accountArnRegex.test(this.principalId)) {
|
|
49
|
+
return this.principalId.split(':')[4];
|
|
50
|
+
}
|
|
51
|
+
return this.principalId;
|
|
52
|
+
}
|
|
53
|
+
arn() {
|
|
54
|
+
if (!this.isAwsPrincipal()) {
|
|
55
|
+
throw new Error('Principal is not an AWS principal, call isAwsPrincipal() before calling arn()');
|
|
56
|
+
}
|
|
57
|
+
return this.principalId;
|
|
58
|
+
}
|
|
59
|
+
service() {
|
|
60
|
+
if (!this.isServicePrincipal()) {
|
|
61
|
+
throw new Error('Principal is not a service principal, call isServicePrincipal() before calling service()');
|
|
62
|
+
}
|
|
63
|
+
return this.principalId;
|
|
64
|
+
}
|
|
65
|
+
federated() {
|
|
66
|
+
if (this.principalType !== 'Federated') {
|
|
67
|
+
throw new Error('Principal is not a federated principal, call isFederatedPrincipal() before calling federated()');
|
|
68
|
+
}
|
|
69
|
+
return this.principalId;
|
|
70
|
+
}
|
|
71
|
+
canonicalUser() {
|
|
72
|
+
if (this.principalType !== 'CanonicalUser') {
|
|
73
|
+
throw new Error('Principal is not a canonical user principal, call isCanonicalUserPrincipal() before calling canonicalUser()');
|
|
74
|
+
}
|
|
75
|
+
return this.principalId;
|
|
76
|
+
}
|
|
24
77
|
}
|
|
25
78
|
//# sourceMappingURL=principal.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"principal.js","sourceRoot":"","sources":["../../../src/principals/principal.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"principal.js","sourceRoot":"","sources":["../../../src/principals/principal.ts"],"names":[],"mappings":"AAuCA,MAAM,cAAc,GAAG,aAAa,CAAA;AACpC,MAAM,eAAe,GAAG,+BAA+B,CAAA;AAEvD,MAAM,OAAO,aAAa;IACxB,YAA6B,aAA4B,EAAmB,WAAmB;QAAlE,kBAAa,GAAb,aAAa,CAAe;QAAmB,gBAAW,GAAX,WAAW,CAAQ;IAAG,CAAC;IAE5F,KAAK;QACV,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,IAAI;QACT,OAAO,IAAI,CAAC,aAAa,CAAA;IAC3B,CAAC;IAEM,mBAAmB;QACxB,OAAO,IAAI,CAAC,aAAa,KAAK,KAAK,IAAI,IAAI,CAAC,WAAW,KAAK,GAAG,CAAA;IACjE,CAAC;IAEM,kBAAkB;QACvB,IAAG,IAAI,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;YAChC,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;IACxF,CAAC;IAEM,cAAc;QACnB,IAAG,IAAI,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;YAChC,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAA;IAC9D,CAAC;IAGM,kBAAkB;QACvB,OAAO,IAAI,CAAC,aAAa,KAAK,SAAS,CAAA;IACzC,CAAC;IAEM,oBAAoB;QACzB,OAAO,IAAI,CAAC,aAAa,KAAK,WAAW,CAAA;IAC3C,CAAC;IAEM,wBAAwB;QAC7B,OAAO,IAAI,CAAC,aAAa,KAAK,eAAe,CAAA;IAC/C,CAAC;IAEM,QAAQ;QACb,IAAG,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,6FAA6F,CAAC,CAAA;QAChH,CAAC;QACD,OAAO,GAAG,CAAA;IACZ,CAAC;IAEM,SAAS;QACd,IAAG,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,6FAA6F,CAAC,CAAA;QAChH,CAAC;QACD,IAAG,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAC1C,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;QACvC,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,GAAG;QACR,IAAG,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,+EAA+E,CAAC,CAAA;QAClG,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,OAAO;QACZ,IAAG,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,0FAA0F,CAAC,CAAA;QAC7G,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,SAAS;QACd,IAAG,IAAI,CAAC,aAAa,KAAK,WAAW,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,gGAAgG,CAAC,CAAA;QACnH,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,aAAa;QAClB,IAAG,IAAI,CAAC,aAAa,KAAK,eAAe,EAAE,CAAC;YAC1C,MAAM,IAAI,KAAK,CAAC,6GAA6G,CAAC,CAAA;QAChI,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;CAEF"}
|