@cloud-copilot/iam-policy 0.1.26 → 0.1.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/principals/principal.d.ts.map +1 -1
- package/dist/cjs/principals/principal.js +5 -2
- package/dist/cjs/principals/principal.js.map +1 -1
- package/dist/cjs/utils.js +1 -1
- package/dist/cjs/validate/validateTypes.d.ts +3 -1
- package/dist/cjs/validate/validateTypes.d.ts.map +1 -1
- package/dist/cjs/validate/validateTypes.js +3 -2
- package/dist/cjs/validate/validateTypes.js.map +1 -1
- package/dist/esm/principals/principal.d.ts.map +1 -1
- package/dist/esm/principals/principal.js +5 -2
- package/dist/esm/principals/principal.js.map +1 -1
- package/dist/esm/utils.js +1 -1
- package/dist/esm/validate/validateTypes.d.ts +3 -1
- package/dist/esm/validate/validateTypes.d.ts.map +1 -1
- package/dist/esm/validate/validateTypes.js +3 -2
- package/dist/esm/validate/validateTypes.js.map +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"principal.d.ts","sourceRoot":"","sources":["../../../src/principals/principal.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"principal.d.ts","sourceRoot":"","sources":["../../../src/principals/principal.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,aAAa,GAAG,KAAK,GAAG,SAAS,GAAG,WAAW,GAAG,eAAe,CAAA;AAE7E;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB;;OAEG;IACH,IAAI,IAAI,aAAa,CAAA;IAErB;;OAEG;IACH,KAAK,IAAI,MAAM,CAAA;IAEf;;OAEG;IACH,mBAAmB,IAAI,IAAI,IAAI,iBAAiB,CAAA;IAEhD;;OAEG;IACH,kBAAkB,IAAI,IAAI,IAAI,gBAAgB,CAAA;IAE9C;;OAEG;IACH,cAAc,IAAI,IAAI,IAAI,YAAY,CAAA;IAEtC;;OAEG;IACH,mBAAmB,IAAI,IAAI,IAAI,iBAAiB,CAAA;IAEhD;;OAEG;IACH,oBAAoB,IAAI,IAAI,IAAI,kBAAkB,CAAA;IAElD;;OAEG;IACH,wBAAwB,IAAI,IAAI,IAAI,sBAAsB,CAAA;IAE1D;;OAEG;IACH,kBAAkB,IAAI,IAAI,IAAI,gBAAgB,CAAA;CAC/C;AAED;;GAEG;AACH,MAAM,WAAW,iBAAkB,SAAQ,SAAS;IAClD;;OAEG;IACH,QAAQ,IAAI,GAAG,CAAA;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAiB,SAAQ,SAAS;IACjD;;OAEG;IACH,SAAS,IAAI,MAAM,CAAA;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,YAAa,SAAQ,SAAS;IAC7C,GAAG,IAAI,MAAM,CAAA;CACd;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAkB,SAAQ,SAAS;IAClD,QAAQ,IAAI,MAAM,CAAA;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAiB,SAAQ,SAAS;IACjD;;OAEG;IACH,OAAO,IAAI,MAAM,CAAA;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAmB,SAAQ,SAAS;IACnD;;OAEG;IACH,SAAS,IAAI,MAAM,CAAA;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAuB,SAAQ,SAAS;IACvD;;OAEG;IACH,aAAa,IAAI,MAAM,CAAA;CACxB;AAMD,qBAAa,aACX,YACE,SAAS,EACT,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAChB,kBAAkB,EAClB,sBAAsB;IAGtB,OAAO,CAAC,QAAQ,CAAC,aAAa;IAC9B,OAAO,CAAC,QAAQ,CAAC,WAAW;gBADX,aAAa,EAAE,aAAa,EAC5B,WAAW,EAAE,MAAM;IAG/B,KAAK,IAAI,MAAM;IAIf,IAAI,IAAI,aAAa;IAIrB,mBAAmB,IAAI,IAAI,IAAI,iBAAiB;IAIhD,kBAAkB,IAAI,IAAI,IAAI,gBAAgB;IAO9C,mBAAmB,IAAI,IAAI,IAAI,iBAAiB;IAOhD,cAAc,IAAI,IAAI,IAAI,YAAY;IAYtC,kBAAkB,IAAI,IAAI,IAAI,gBAAgB;IAI9C,oBAAoB,IAAI,IAAI,IAAI,kBAAkB;IAIlD,wBAAwB,IAAI,IAAI,IAAI,sBAAsB;IAI1D,QAAQ,IAAI,GAAG;IASf,SAAS,IAAI,MAAM;IAYnB,QAAQ,IAAI,MAAM;IASlB,GAAG,IAAI,MAAM;IASb,OAAO,IAAI,MAAM;IASjB,SAAS,IAAI,MAAM;IASnB,aAAa,IAAI,MAAM;CAQ/B"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.PrincipalImpl = void 0;
|
|
4
|
+
const utils_js_1 = require("../utils.js");
|
|
4
5
|
const accountIdRegex = /^[0-9]{12}$/;
|
|
5
6
|
const accountArnRegex = /^arn:.*?:iam::[0-9]{12}:root$/;
|
|
6
7
|
const uniqueIdRegex = /^A[0-9A-Z]+$/;
|
|
@@ -18,7 +19,7 @@ class PrincipalImpl {
|
|
|
18
19
|
return this.principalType;
|
|
19
20
|
}
|
|
20
21
|
isWildcardPrincipal() {
|
|
21
|
-
return this.principalType === 'AWS' && this.principalId
|
|
22
|
+
return this.principalType === 'AWS' && (0, utils_js_1.isAllWildcards)(this.principalId);
|
|
22
23
|
}
|
|
23
24
|
isAccountPrincipal() {
|
|
24
25
|
if (this.principalType !== 'AWS') {
|
|
@@ -37,7 +38,9 @@ class PrincipalImpl {
|
|
|
37
38
|
return false;
|
|
38
39
|
}
|
|
39
40
|
const anyThis = this;
|
|
40
|
-
return (anyThis.principalId
|
|
41
|
+
return (!(0, utils_js_1.isAllWildcards)(anyThis.principalId) &&
|
|
42
|
+
!anyThis.isAccountPrincipal() &&
|
|
43
|
+
!anyThis.isUniqueIdPrincipal());
|
|
41
44
|
}
|
|
42
45
|
isServicePrincipal() {
|
|
43
46
|
return this.principalType === 'Service';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"principal.js","sourceRoot":"","sources":["../../../src/principals/principal.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"principal.js","sourceRoot":"","sources":["../../../src/principals/principal.ts"],"names":[],"mappings":";;;AAAA,0CAA4C;AAuH5C,MAAM,cAAc,GAAG,aAAa,CAAA;AACpC,MAAM,eAAe,GAAG,+BAA+B,CAAA;AACvD,MAAM,aAAa,GAAG,cAAc,CAAA;AAEpC,MAAa,aAAa;IAYL;IACA;IAFnB,YACmB,aAA4B,EAC5B,WAAmB;QADnB,kBAAa,GAAb,aAAa,CAAe;QAC5B,gBAAW,GAAX,WAAW,CAAQ;IACnC,CAAC;IAEG,KAAK;QACV,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,IAAI;QACT,OAAO,IAAI,CAAC,aAAa,CAAA;IAC3B,CAAC;IAEM,mBAAmB;QACxB,OAAO,IAAI,CAAC,aAAa,KAAK,KAAK,IAAI,IAAA,yBAAc,EAAC,IAAI,CAAC,WAAW,CAAC,CAAA;IACzE,CAAC;IAEM,kBAAkB;QACvB,IAAI,IAAI,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;YACjC,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;IACxF,CAAC;IAEM,mBAAmB;QACxB,IAAI,IAAI,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;YACjC,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;IAC7C,CAAC;IAEM,cAAc;QACnB,IAAI,IAAI,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;YACjC,OAAO,KAAK,CAAA;QACd,CAAC;QACD,MAAM,OAAO,GAAQ,IAAI,CAAA;QACzB,OAAO,CACL,CAAC,IAAA,yBAAc,EAAC,OAAO,CAAC,WAAW,CAAC;YACpC,CAAC,OAAO,CAAC,kBAAkB,EAAE;YAC7B,CAAC,OAAO,CAAC,mBAAmB,EAAE,CAC/B,CAAA;IACH,CAAC;IAEM,kBAAkB;QACvB,OAAO,IAAI,CAAC,aAAa,KAAK,SAAS,CAAA;IACzC,CAAC;IAEM,oBAAoB;QACzB,OAAO,IAAI,CAAC,aAAa,KAAK,WAAW,CAAA;IAC3C,CAAC;IAEM,wBAAwB;QAC7B,OAAO,IAAI,CAAC,aAAa,KAAK,eAAe,CAAA;IAC/C,CAAC;IAEM,QAAQ;QACb,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CACb,6FAA6F,CAC9F,CAAA;QACH,CAAC;QACD,OAAO,GAAG,CAAA;IACZ,CAAC;IAEM,SAAS;QACd,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CACb,6FAA6F,CAC9F,CAAA;QACH,CAAC;QACD,IAAI,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAC3C,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;QACvC,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,QAAQ;QACb,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CACb,8FAA8F,CAC/F,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,GAAG;QACR,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,+EAA+E,CAChF,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,OAAO;QACZ,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CACb,0FAA0F,CAC3F,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,SAAS;QACd,IAAI,IAAI,CAAC,aAAa,KAAK,WAAW,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CACb,gGAAgG,CACjG,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,aAAa;QAClB,IAAI,IAAI,CAAC,aAAa,KAAK,eAAe,EAAE,CAAC;YAC3C,MAAM,IAAI,KAAK,CACb,6GAA6G,CAC9G,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;CACF;AAnID,sCAmIC"}
|
package/dist/cjs/utils.js
CHANGED
|
@@ -8,6 +8,6 @@ exports.isAllWildcards = isAllWildcards;
|
|
|
8
8
|
* @returns True if the value is all wildcards, false otherwise
|
|
9
9
|
*/
|
|
10
10
|
function isAllWildcards(value) {
|
|
11
|
-
return value.match(
|
|
11
|
+
return value.match(/^\*+$/) !== null;
|
|
12
12
|
}
|
|
13
13
|
//# sourceMappingURL=utils.js.map
|
|
@@ -14,7 +14,9 @@ export declare function validateIdentityPolicy(policy: any): ValidationError[];
|
|
|
14
14
|
*/
|
|
15
15
|
export declare function validateServiceControlPolicy(policy: any): ValidationError[];
|
|
16
16
|
/**
|
|
17
|
-
* Validates a Resource Policy attached to an S3 bucket, SQS queue, or other resource
|
|
17
|
+
* Validates a Resource Policy attached to an S3 bucket, SQS queue, or other resource. \
|
|
18
|
+
*
|
|
19
|
+
* This is very generic and will not be able to validate all resource policies.
|
|
18
20
|
*
|
|
19
21
|
* @param policy the policy to validate
|
|
20
22
|
* @returns an array of validation errors
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validateTypes.d.ts","sourceRoot":"","sources":["../../../src/validate/validateTypes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAwB,eAAe,EAAE,MAAM,eAAe,CAAA;AAErE;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAarE;AAED;;;;;GAKG;AACH,wBAAgB,4BAA4B,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CA0D3E;AAED
|
|
1
|
+
{"version":3,"file":"validateTypes.d.ts","sourceRoot":"","sources":["../../../src/validate/validateTypes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAwB,eAAe,EAAE,MAAM,eAAe,CAAA;AAErE;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAarE;AAED;;;;;GAKG;AACH,wBAAgB,4BAA4B,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CA0D3E;AAED;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAYrE;AAED;;;;;GAKG;AACH,wBAAgB,6BAA6B,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAoD5E;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAelE;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAarE;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAapE"}
|
|
@@ -82,7 +82,9 @@ function validateServiceControlPolicy(policy) {
|
|
|
82
82
|
});
|
|
83
83
|
}
|
|
84
84
|
/**
|
|
85
|
-
* Validates a Resource Policy attached to an S3 bucket, SQS queue, or other resource
|
|
85
|
+
* Validates a Resource Policy attached to an S3 bucket, SQS queue, or other resource. \
|
|
86
|
+
*
|
|
87
|
+
* This is very generic and will not be able to validate all resource policies.
|
|
86
88
|
*
|
|
87
89
|
* @param policy the policy to validate
|
|
88
90
|
* @returns an array of validation errors
|
|
@@ -94,7 +96,6 @@ function validateResourcePolicy(policy) {
|
|
|
94
96
|
const errors = [];
|
|
95
97
|
errors.push(...validateAtLeastOneOf(statement, ['Action', 'NotAction'], path, policyType));
|
|
96
98
|
errors.push(...validateAtLeastOneOf(statement, ['Principal', 'NotPrincipal'], path, policyType));
|
|
97
|
-
errors.push(...validateAtLeastOneOf(statement, ['Resource', 'NotResource'], path, policyType));
|
|
98
99
|
return errors;
|
|
99
100
|
}
|
|
100
101
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validateTypes.js","sourceRoot":"","sources":["../../../src/validate/validateTypes.ts"],"names":[],"mappings":";;AAQA,wDAaC;AAQD,oEA0DC;
|
|
1
|
+
{"version":3,"file":"validateTypes.js","sourceRoot":"","sources":["../../../src/validate/validateTypes.ts"],"names":[],"mappings":";;AAQA,wDAaC;AAQD,oEA0DC;AAUD,wDAYC;AAQD,sEAoDC;AAQD,kDAeC;AAQD,wDAaC;AAQD,sDAaC;AA1OD,+CAAqE;AAErE;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,MAAW;IAChD,OAAO,IAAA,kCAAoB,EAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,8BAA8B,CAAA;YACjD,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACxF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,4BAA4B,CAAC,MAAW;IACtD,MAAM,UAAU,GAAG,0BAA0B,CAAA;IAE7C,MAAM,cAAc,GAAG,CAAC,MAAc,EAAE,IAAY,EAAE,IAAY,EAAqB,EAAE;QACvF,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAA;QACxE,IAAI,aAAa,KAAK,CAAC,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,CAAA;QACX,CAAC;QACD,IAAI,aAAa,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvC,OAAO,EAAE,CAAA;QACX,CAAC;QACD,OAAO;YACL;gBACE,IAAI;gBACJ,OAAO,EAAE,sDAAsD,IAAI,OAAO,UAAU,EAAE;aACvF;SACF,CAAA;IACH,CAAC,CAAA;IAED,OAAO,IAAA,kCAAoB,EAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CACzB,SAAS,EACT,CAAC,WAAW,EAAE,cAAc,EAAE,aAAa,CAAC,EAC5C,IAAI,EACJ,UAAU,CACX,CACF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC/E,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAE1F,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;gBACjC,IAAI,SAAS,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;oBAC/B,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI;wBACJ,OAAO,EAAE,kDAAkD,UAAU,EAAE;qBACxE,CAAC,CAAA;gBACJ,CAAC;gBACD,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC;oBACxB,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,GAAG,IAAI,aAAa;wBAC1B,OAAO,EAAE,sDAAsD,UAAU,EAAE;qBAC5E,CAAC,CAAA;gBACJ,CAAC;gBACD,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC;oBACxB,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,GAAG,IAAI,aAAa;wBAC1B,OAAO,EAAE,sDAAsD,UAAU,EAAE;qBAC5E,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;YACD,OAAO,MAAM,CAAA;QACf,CAAC;QACD,cAAc,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,CAAC,cAAc,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC;QACxE,iBAAiB,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,CAAC,cAAc,CAAC,MAAM,EAAE,IAAI,EAAE,WAAW,CAAC;KAC/E,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,sBAAsB,CAAC,MAAW;IAChD,OAAO,IAAA,kCAAoB,EAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,mBAAmB,CAAA;YACtC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CACT,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACpF,CAAA;YACD,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,6BAA6B,CAAC,MAAW;IACvD,MAAM,UAAU,GAAG,2BAA2B,CAAA;IAE9C,OAAO,IAAA,kCAAoB,EAAC,MAAM,EAAE;QAClC,eAAe,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE;YACjC,IAAI,OAAO,KAAK,YAAY,EAAE,CAAC;gBAC7B,OAAO;oBACL;wBACE,IAAI,EAAE,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;wBAC9C,OAAO,EAAE,mCAAmC,UAAU,EAAE;qBACzD;iBACF,CAAA;YACH,CAAC;YACD,OAAO,EAAE,CAAA;QACX,CAAC;QACD,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,MAAM,GAAsB,EAAE,CAAA;YAEpC,IAAI,SAAS,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAChC,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,GAAG,IAAI,SAAS;oBACtB,OAAO,EAAE,4BAA4B,UAAU,EAAE;iBAClD,CAAC,CAAA;YACJ,CAAC;YAED,IAAI,SAAS,CAAC,SAAS,KAAK,GAAG,EAAE,CAAC;gBAChC,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,SAAS,CAAC,SAAS,IAAI,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,YAAY;oBACnE,OAAO,EAAE,4BAA4B,UAAU,EAAE;iBAClD,CAAC,CAAA;YACJ,CAAC;YAED,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,cAAc,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACxF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC7E,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,OAAO,MAAM,CAAA;QACf,CAAC;QAED,cAAc,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE;YAC/B,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;gBACnB,OAAO;oBACL;wBACE,IAAI;wBACJ,OAAO,EAAE,2BAA2B,UAAU,EAAE;qBACjD;iBACF,CAAA;YACH,CAAC;YACD,OAAO,EAAE,CAAA;QACX,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,mBAAmB,CAAC,MAAW;IAC7C,OAAO,IAAA,kCAAoB,EAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,gBAAgB,CAAA;YACnC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACtF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CACT,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACpF,CAAA;YACD,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,MAAW;IAChD,OAAO,IAAA,kCAAoB,EAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,oBAAoB,CAAA;YACvC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,MAAM,CAAC,IAAI,CACT,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACpF,CAAA;YACD,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,qBAAqB,CAAC,MAAW;IAC/C,OAAO,IAAA,kCAAoB,EAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,kBAAkB,CAAA;YACrC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACxF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,oBAAoB,CAC3B,SAAc,EACd,cAAwB,EACxB,IAAY,EACZ,UAAkB;IAElB,MAAM,aAAa,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAA;IACxE,IAAI,OAAO,GAAG,UAAU,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,mBAAmB,UAAU,EAAE,CAAA;IAClF,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,OAAO,GAAG,GAAG,cAAc,CAAC,CAAC,CAAC,mBAAmB,UAAU,EAAE,CAAA;IAC/D,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO;YACL;gBACE,IAAI;gBACJ,OAAO;aACR;SACF,CAAA;IACH,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,wBAAwB,CAC/B,SAAc,EACd,gBAA0B,EAC1B,IAAY,EACZ,UAAkB;IAElB,MAAM,MAAM,GAAsB,EAAE,CAAA;IACpC,KAAK,MAAM,KAAK,IAAI,gBAAgB,EAAE,CAAC;QACrC,IAAI,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;YACrB,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,GAAG,IAAI,KAAK,KAAK,EAAE;gBACzB,OAAO,EAAE,GAAG,KAAK,sBAAsB,UAAU,EAAE;aACpD,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"principal.d.ts","sourceRoot":"","sources":["../../../src/principals/principal.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"principal.d.ts","sourceRoot":"","sources":["../../../src/principals/principal.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,aAAa,GAAG,KAAK,GAAG,SAAS,GAAG,WAAW,GAAG,eAAe,CAAA;AAE7E;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB;;OAEG;IACH,IAAI,IAAI,aAAa,CAAA;IAErB;;OAEG;IACH,KAAK,IAAI,MAAM,CAAA;IAEf;;OAEG;IACH,mBAAmB,IAAI,IAAI,IAAI,iBAAiB,CAAA;IAEhD;;OAEG;IACH,kBAAkB,IAAI,IAAI,IAAI,gBAAgB,CAAA;IAE9C;;OAEG;IACH,cAAc,IAAI,IAAI,IAAI,YAAY,CAAA;IAEtC;;OAEG;IACH,mBAAmB,IAAI,IAAI,IAAI,iBAAiB,CAAA;IAEhD;;OAEG;IACH,oBAAoB,IAAI,IAAI,IAAI,kBAAkB,CAAA;IAElD;;OAEG;IACH,wBAAwB,IAAI,IAAI,IAAI,sBAAsB,CAAA;IAE1D;;OAEG;IACH,kBAAkB,IAAI,IAAI,IAAI,gBAAgB,CAAA;CAC/C;AAED;;GAEG;AACH,MAAM,WAAW,iBAAkB,SAAQ,SAAS;IAClD;;OAEG;IACH,QAAQ,IAAI,GAAG,CAAA;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAiB,SAAQ,SAAS;IACjD;;OAEG;IACH,SAAS,IAAI,MAAM,CAAA;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,YAAa,SAAQ,SAAS;IAC7C,GAAG,IAAI,MAAM,CAAA;CACd;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAkB,SAAQ,SAAS;IAClD,QAAQ,IAAI,MAAM,CAAA;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAiB,SAAQ,SAAS;IACjD;;OAEG;IACH,OAAO,IAAI,MAAM,CAAA;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAmB,SAAQ,SAAS;IACnD;;OAEG;IACH,SAAS,IAAI,MAAM,CAAA;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAuB,SAAQ,SAAS;IACvD;;OAEG;IACH,aAAa,IAAI,MAAM,CAAA;CACxB;AAMD,qBAAa,aACX,YACE,SAAS,EACT,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAChB,kBAAkB,EAClB,sBAAsB;IAGtB,OAAO,CAAC,QAAQ,CAAC,aAAa;IAC9B,OAAO,CAAC,QAAQ,CAAC,WAAW;gBADX,aAAa,EAAE,aAAa,EAC5B,WAAW,EAAE,MAAM;IAG/B,KAAK,IAAI,MAAM;IAIf,IAAI,IAAI,aAAa;IAIrB,mBAAmB,IAAI,IAAI,IAAI,iBAAiB;IAIhD,kBAAkB,IAAI,IAAI,IAAI,gBAAgB;IAO9C,mBAAmB,IAAI,IAAI,IAAI,iBAAiB;IAOhD,cAAc,IAAI,IAAI,IAAI,YAAY;IAYtC,kBAAkB,IAAI,IAAI,IAAI,gBAAgB;IAI9C,oBAAoB,IAAI,IAAI,IAAI,kBAAkB;IAIlD,wBAAwB,IAAI,IAAI,IAAI,sBAAsB;IAI1D,QAAQ,IAAI,GAAG;IASf,SAAS,IAAI,MAAM;IAYnB,QAAQ,IAAI,MAAM;IASlB,GAAG,IAAI,MAAM;IASb,OAAO,IAAI,MAAM;IASjB,SAAS,IAAI,MAAM;IASnB,aAAa,IAAI,MAAM;CAQ/B"}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { isAllWildcards } from '../utils.js';
|
|
1
2
|
const accountIdRegex = /^[0-9]{12}$/;
|
|
2
3
|
const accountArnRegex = /^arn:.*?:iam::[0-9]{12}:root$/;
|
|
3
4
|
const uniqueIdRegex = /^A[0-9A-Z]+$/;
|
|
@@ -13,7 +14,7 @@ export class PrincipalImpl {
|
|
|
13
14
|
return this.principalType;
|
|
14
15
|
}
|
|
15
16
|
isWildcardPrincipal() {
|
|
16
|
-
return this.principalType === 'AWS' && this.principalId
|
|
17
|
+
return this.principalType === 'AWS' && isAllWildcards(this.principalId);
|
|
17
18
|
}
|
|
18
19
|
isAccountPrincipal() {
|
|
19
20
|
if (this.principalType !== 'AWS') {
|
|
@@ -32,7 +33,9 @@ export class PrincipalImpl {
|
|
|
32
33
|
return false;
|
|
33
34
|
}
|
|
34
35
|
const anyThis = this;
|
|
35
|
-
return (anyThis.principalId
|
|
36
|
+
return (!isAllWildcards(anyThis.principalId) &&
|
|
37
|
+
!anyThis.isAccountPrincipal() &&
|
|
38
|
+
!anyThis.isUniqueIdPrincipal());
|
|
36
39
|
}
|
|
37
40
|
isServicePrincipal() {
|
|
38
41
|
return this.principalType === 'Service';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"principal.js","sourceRoot":"","sources":["../../../src/principals/principal.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"principal.js","sourceRoot":"","sources":["../../../src/principals/principal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AAuH5C,MAAM,cAAc,GAAG,aAAa,CAAA;AACpC,MAAM,eAAe,GAAG,+BAA+B,CAAA;AACvD,MAAM,aAAa,GAAG,cAAc,CAAA;AAEpC,MAAM,OAAO,aAAa;IAWxB,YACmB,aAA4B,EAC5B,WAAmB;QADnB,kBAAa,GAAb,aAAa,CAAe;QAC5B,gBAAW,GAAX,WAAW,CAAQ;IACnC,CAAC;IAEG,KAAK;QACV,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,IAAI;QACT,OAAO,IAAI,CAAC,aAAa,CAAA;IAC3B,CAAC;IAEM,mBAAmB;QACxB,OAAO,IAAI,CAAC,aAAa,KAAK,KAAK,IAAI,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;IACzE,CAAC;IAEM,kBAAkB;QACvB,IAAI,IAAI,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;YACjC,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;IACxF,CAAC;IAEM,mBAAmB;QACxB,IAAI,IAAI,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;YACjC,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;IAC7C,CAAC;IAEM,cAAc;QACnB,IAAI,IAAI,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;YACjC,OAAO,KAAK,CAAA;QACd,CAAC;QACD,MAAM,OAAO,GAAQ,IAAI,CAAA;QACzB,OAAO,CACL,CAAC,cAAc,CAAC,OAAO,CAAC,WAAW,CAAC;YACpC,CAAC,OAAO,CAAC,kBAAkB,EAAE;YAC7B,CAAC,OAAO,CAAC,mBAAmB,EAAE,CAC/B,CAAA;IACH,CAAC;IAEM,kBAAkB;QACvB,OAAO,IAAI,CAAC,aAAa,KAAK,SAAS,CAAA;IACzC,CAAC;IAEM,oBAAoB;QACzB,OAAO,IAAI,CAAC,aAAa,KAAK,WAAW,CAAA;IAC3C,CAAC;IAEM,wBAAwB;QAC7B,OAAO,IAAI,CAAC,aAAa,KAAK,eAAe,CAAA;IAC/C,CAAC;IAEM,QAAQ;QACb,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CACb,6FAA6F,CAC9F,CAAA;QACH,CAAC;QACD,OAAO,GAAG,CAAA;IACZ,CAAC;IAEM,SAAS;QACd,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CACb,6FAA6F,CAC9F,CAAA;QACH,CAAC;QACD,IAAI,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAC3C,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;QACvC,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,QAAQ;QACb,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CACb,8FAA8F,CAC/F,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,GAAG;QACR,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,+EAA+E,CAChF,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,OAAO;QACZ,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CACb,0FAA0F,CAC3F,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,SAAS;QACd,IAAI,IAAI,CAAC,aAAa,KAAK,WAAW,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CACb,gGAAgG,CACjG,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,aAAa;QAClB,IAAI,IAAI,CAAC,aAAa,KAAK,eAAe,EAAE,CAAC;YAC3C,MAAM,IAAI,KAAK,CACb,6GAA6G,CAC9G,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;CACF"}
|
package/dist/esm/utils.js
CHANGED
|
@@ -14,7 +14,9 @@ export declare function validateIdentityPolicy(policy: any): ValidationError[];
|
|
|
14
14
|
*/
|
|
15
15
|
export declare function validateServiceControlPolicy(policy: any): ValidationError[];
|
|
16
16
|
/**
|
|
17
|
-
* Validates a Resource Policy attached to an S3 bucket, SQS queue, or other resource
|
|
17
|
+
* Validates a Resource Policy attached to an S3 bucket, SQS queue, or other resource. \
|
|
18
|
+
*
|
|
19
|
+
* This is very generic and will not be able to validate all resource policies.
|
|
18
20
|
*
|
|
19
21
|
* @param policy the policy to validate
|
|
20
22
|
* @returns an array of validation errors
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validateTypes.d.ts","sourceRoot":"","sources":["../../../src/validate/validateTypes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAwB,eAAe,EAAE,MAAM,eAAe,CAAA;AAErE;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAarE;AAED;;;;;GAKG;AACH,wBAAgB,4BAA4B,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CA0D3E;AAED
|
|
1
|
+
{"version":3,"file":"validateTypes.d.ts","sourceRoot":"","sources":["../../../src/validate/validateTypes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAwB,eAAe,EAAE,MAAM,eAAe,CAAA;AAErE;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAarE;AAED;;;;;GAKG;AACH,wBAAgB,4BAA4B,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CA0D3E;AAED;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAYrE;AAED;;;;;GAKG;AACH,wBAAgB,6BAA6B,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAoD5E;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAelE;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAarE;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAapE"}
|
|
@@ -73,7 +73,9 @@ export function validateServiceControlPolicy(policy) {
|
|
|
73
73
|
});
|
|
74
74
|
}
|
|
75
75
|
/**
|
|
76
|
-
* Validates a Resource Policy attached to an S3 bucket, SQS queue, or other resource
|
|
76
|
+
* Validates a Resource Policy attached to an S3 bucket, SQS queue, or other resource. \
|
|
77
|
+
*
|
|
78
|
+
* This is very generic and will not be able to validate all resource policies.
|
|
77
79
|
*
|
|
78
80
|
* @param policy the policy to validate
|
|
79
81
|
* @returns an array of validation errors
|
|
@@ -85,7 +87,6 @@ export function validateResourcePolicy(policy) {
|
|
|
85
87
|
const errors = [];
|
|
86
88
|
errors.push(...validateAtLeastOneOf(statement, ['Action', 'NotAction'], path, policyType));
|
|
87
89
|
errors.push(...validateAtLeastOneOf(statement, ['Principal', 'NotPrincipal'], path, policyType));
|
|
88
|
-
errors.push(...validateAtLeastOneOf(statement, ['Resource', 'NotResource'], path, policyType));
|
|
89
90
|
return errors;
|
|
90
91
|
}
|
|
91
92
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validateTypes.js","sourceRoot":"","sources":["../../../src/validate/validateTypes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAmB,MAAM,eAAe,CAAA;AAErE;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAW;IAChD,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,8BAA8B,CAAA;YACjD,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACxF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,4BAA4B,CAAC,MAAW;IACtD,MAAM,UAAU,GAAG,0BAA0B,CAAA;IAE7C,MAAM,cAAc,GAAG,CAAC,MAAc,EAAE,IAAY,EAAE,IAAY,EAAqB,EAAE;QACvF,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAA;QACxE,IAAI,aAAa,KAAK,CAAC,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,CAAA;QACX,CAAC;QACD,IAAI,aAAa,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvC,OAAO,EAAE,CAAA;QACX,CAAC;QACD,OAAO;YACL;gBACE,IAAI;gBACJ,OAAO,EAAE,sDAAsD,IAAI,OAAO,UAAU,EAAE;aACvF;SACF,CAAA;IACH,CAAC,CAAA;IAED,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CACzB,SAAS,EACT,CAAC,WAAW,EAAE,cAAc,EAAE,aAAa,CAAC,EAC5C,IAAI,EACJ,UAAU,CACX,CACF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC/E,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAE1F,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;gBACjC,IAAI,SAAS,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;oBAC/B,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI;wBACJ,OAAO,EAAE,kDAAkD,UAAU,EAAE;qBACxE,CAAC,CAAA;gBACJ,CAAC;gBACD,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC;oBACxB,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,GAAG,IAAI,aAAa;wBAC1B,OAAO,EAAE,sDAAsD,UAAU,EAAE;qBAC5E,CAAC,CAAA;gBACJ,CAAC;gBACD,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC;oBACxB,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,GAAG,IAAI,aAAa;wBAC1B,OAAO,EAAE,sDAAsD,UAAU,EAAE;qBAC5E,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;YACD,OAAO,MAAM,CAAA;QACf,CAAC;QACD,cAAc,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,CAAC,cAAc,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC;QACxE,iBAAiB,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,CAAC,cAAc,CAAC,MAAM,EAAE,IAAI,EAAE,WAAW,CAAC;KAC/E,CAAC,CAAA;AACJ,CAAC;AAED
|
|
1
|
+
{"version":3,"file":"validateTypes.js","sourceRoot":"","sources":["../../../src/validate/validateTypes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAmB,MAAM,eAAe,CAAA;AAErE;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAW;IAChD,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,8BAA8B,CAAA;YACjD,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACxF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,4BAA4B,CAAC,MAAW;IACtD,MAAM,UAAU,GAAG,0BAA0B,CAAA;IAE7C,MAAM,cAAc,GAAG,CAAC,MAAc,EAAE,IAAY,EAAE,IAAY,EAAqB,EAAE;QACvF,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAA;QACxE,IAAI,aAAa,KAAK,CAAC,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,CAAA;QACX,CAAC;QACD,IAAI,aAAa,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvC,OAAO,EAAE,CAAA;QACX,CAAC;QACD,OAAO;YACL;gBACE,IAAI;gBACJ,OAAO,EAAE,sDAAsD,IAAI,OAAO,UAAU,EAAE;aACvF;SACF,CAAA;IACH,CAAC,CAAA;IAED,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CACzB,SAAS,EACT,CAAC,WAAW,EAAE,cAAc,EAAE,aAAa,CAAC,EAC5C,IAAI,EACJ,UAAU,CACX,CACF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC/E,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAE1F,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;gBACjC,IAAI,SAAS,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;oBAC/B,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI;wBACJ,OAAO,EAAE,kDAAkD,UAAU,EAAE;qBACxE,CAAC,CAAA;gBACJ,CAAC;gBACD,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC;oBACxB,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,GAAG,IAAI,aAAa;wBAC1B,OAAO,EAAE,sDAAsD,UAAU,EAAE;qBAC5E,CAAC,CAAA;gBACJ,CAAC;gBACD,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC;oBACxB,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,GAAG,IAAI,aAAa;wBAC1B,OAAO,EAAE,sDAAsD,UAAU,EAAE;qBAC5E,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;YACD,OAAO,MAAM,CAAA;QACf,CAAC;QACD,cAAc,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,CAAC,cAAc,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC;QACxE,iBAAiB,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,CAAC,cAAc,CAAC,MAAM,EAAE,IAAI,EAAE,WAAW,CAAC;KAC/E,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAW;IAChD,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,mBAAmB,CAAA;YACtC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CACT,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACpF,CAAA;YACD,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,6BAA6B,CAAC,MAAW;IACvD,MAAM,UAAU,GAAG,2BAA2B,CAAA;IAE9C,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,eAAe,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE;YACjC,IAAI,OAAO,KAAK,YAAY,EAAE,CAAC;gBAC7B,OAAO;oBACL;wBACE,IAAI,EAAE,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;wBAC9C,OAAO,EAAE,mCAAmC,UAAU,EAAE;qBACzD;iBACF,CAAA;YACH,CAAC;YACD,OAAO,EAAE,CAAA;QACX,CAAC;QACD,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,MAAM,GAAsB,EAAE,CAAA;YAEpC,IAAI,SAAS,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAChC,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,GAAG,IAAI,SAAS;oBACtB,OAAO,EAAE,4BAA4B,UAAU,EAAE;iBAClD,CAAC,CAAA;YACJ,CAAC;YAED,IAAI,SAAS,CAAC,SAAS,KAAK,GAAG,EAAE,CAAC;gBAChC,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,SAAS,CAAC,SAAS,IAAI,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,YAAY;oBACnE,OAAO,EAAE,4BAA4B,UAAU,EAAE;iBAClD,CAAC,CAAA;YACJ,CAAC;YAED,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,cAAc,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACxF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC7E,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,OAAO,MAAM,CAAA;QACf,CAAC;QAED,cAAc,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE;YAC/B,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;gBACnB,OAAO;oBACL;wBACE,IAAI;wBACJ,OAAO,EAAE,2BAA2B,UAAU,EAAE;qBACjD;iBACF,CAAA;YACH,CAAC;YACD,OAAO,EAAE,CAAA;QACX,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAW;IAC7C,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,gBAAgB,CAAA;YACnC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACtF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CACT,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACpF,CAAA;YACD,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAW;IAChD,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,oBAAoB,CAAA;YACvC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,MAAM,CAAC,IAAI,CACT,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACpF,CAAA;YACD,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,MAAW;IAC/C,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,kBAAkB,CAAA;YACrC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACxF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,oBAAoB,CAC3B,SAAc,EACd,cAAwB,EACxB,IAAY,EACZ,UAAkB;IAElB,MAAM,aAAa,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAA;IACxE,IAAI,OAAO,GAAG,UAAU,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,mBAAmB,UAAU,EAAE,CAAA;IAClF,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,OAAO,GAAG,GAAG,cAAc,CAAC,CAAC,CAAC,mBAAmB,UAAU,EAAE,CAAA;IAC/D,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO;YACL;gBACE,IAAI;gBACJ,OAAO;aACR;SACF,CAAA;IACH,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,wBAAwB,CAC/B,SAAc,EACd,gBAA0B,EAC1B,IAAY,EACZ,UAAkB;IAElB,MAAM,MAAM,GAAsB,EAAE,CAAA;IACpC,KAAK,MAAM,KAAK,IAAI,gBAAgB,EAAE,CAAC;QACrC,IAAI,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;YACrB,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,GAAG,IAAI,KAAK,KAAK,EAAE;gBACzB,OAAO,EAAE,GAAG,KAAK,sBAAsB,UAAU,EAAE;aACpD,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC"}
|