@cloud-copilot/iam-policy 0.1.5-2 → 0.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +101 -107
- package/dist/cjs/actions/action.d.ts +1 -7
- package/dist/cjs/actions/action.d.ts.map +1 -1
- package/dist/cjs/actions/action.js +0 -9
- package/dist/cjs/actions/action.js.map +1 -1
- package/dist/cjs/conditions/condition.d.ts +1 -7
- package/dist/cjs/conditions/condition.d.ts.map +1 -1
- package/dist/cjs/conditions/condition.js +0 -8
- package/dist/cjs/conditions/condition.js.map +1 -1
- package/dist/cjs/index.d.ts +7 -7
- package/dist/cjs/index.d.ts.map +1 -1
- package/dist/cjs/index.js +1 -2
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/parser.d.ts +1 -2
- package/dist/cjs/parser.d.ts.map +1 -1
- package/dist/cjs/parser.js +1 -5
- package/dist/cjs/parser.js.map +1 -1
- package/dist/cjs/policies/policy.d.ts +3 -13
- package/dist/cjs/policies/policy.d.ts.map +1 -1
- package/dist/cjs/policies/policy.js +3 -21
- package/dist/cjs/policies/policy.js.map +1 -1
- package/dist/cjs/principals/principal.d.ts +1 -7
- package/dist/cjs/principals/principal.d.ts.map +1 -1
- package/dist/cjs/principals/principal.js +0 -9
- package/dist/cjs/principals/principal.js.map +1 -1
- package/dist/cjs/resources/resource.d.ts +1 -7
- package/dist/cjs/resources/resource.d.ts.map +1 -1
- package/dist/cjs/resources/resource.js +0 -8
- package/dist/cjs/resources/resource.js.map +1 -1
- package/dist/cjs/statements/statement.d.ts +20 -64
- package/dist/cjs/statements/statement.d.ts.map +1 -1
- package/dist/cjs/statements/statement.js +20 -68
- package/dist/cjs/statements/statement.js.map +1 -1
- package/dist/cjs/validate/testutil.d.ts +3 -0
- package/dist/cjs/validate/testutil.d.ts.map +1 -0
- package/dist/cjs/validate/testutil.js +21 -0
- package/dist/cjs/validate/testutil.js.map +1 -0
- package/dist/cjs/validate/validate.js +13 -10
- package/dist/cjs/validate/validate.js.map +1 -1
- package/dist/cjs/validate/validateTypes.js +4 -4
- package/dist/cjs/validate/validateTypes.js.map +1 -1
- package/dist/esm/actions/action.d.ts +1 -7
- package/dist/esm/actions/action.d.ts.map +1 -1
- package/dist/esm/actions/action.js +0 -8
- package/dist/esm/actions/action.js.map +1 -1
- package/dist/esm/conditions/condition.d.ts +1 -7
- package/dist/esm/conditions/condition.d.ts.map +1 -1
- package/dist/esm/conditions/condition.js +0 -8
- package/dist/esm/conditions/condition.js.map +1 -1
- package/dist/esm/index.d.ts +7 -7
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.js +1 -1
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/parser.d.ts +1 -2
- package/dist/esm/parser.d.ts.map +1 -1
- package/dist/esm/parser.js +1 -4
- package/dist/esm/parser.js.map +1 -1
- package/dist/esm/policies/policy.d.ts +3 -13
- package/dist/esm/policies/policy.d.ts.map +1 -1
- package/dist/esm/policies/policy.js +3 -18
- package/dist/esm/policies/policy.js.map +1 -1
- package/dist/esm/principals/principal.d.ts +1 -7
- package/dist/esm/principals/principal.d.ts.map +1 -1
- package/dist/esm/principals/principal.js +0 -8
- package/dist/esm/principals/principal.js.map +1 -1
- package/dist/esm/resources/resource.d.ts +1 -7
- package/dist/esm/resources/resource.d.ts.map +1 -1
- package/dist/esm/resources/resource.js +0 -8
- package/dist/esm/resources/resource.js.map +1 -1
- package/dist/esm/statements/statement.d.ts +20 -64
- package/dist/esm/statements/statement.d.ts.map +1 -1
- package/dist/esm/statements/statement.js +20 -59
- package/dist/esm/statements/statement.js.map +1 -1
- package/dist/esm/validate/testutil.d.ts +3 -0
- package/dist/esm/validate/testutil.d.ts.map +1 -0
- package/dist/esm/validate/testutil.js +18 -0
- package/dist/esm/validate/testutil.js.map +1 -0
- package/dist/esm/validate/validate.js +13 -10
- package/dist/esm/validate/validate.js.map +1 -1
- package/dist/esm/validate/validateTypes.js +4 -4
- package/dist/esm/validate/validateTypes.js.map +1 -1
- package/package.json +1 -1
- package/dist/cjs/annotations/annotations.d.ts +0 -55
- package/dist/cjs/annotations/annotations.d.ts.map +0 -1
- package/dist/cjs/annotations/annotations.js +0 -29
- package/dist/cjs/annotations/annotations.js.map +0 -1
- package/dist/esm/annotations/annotations.d.ts +0 -55
- package/dist/esm/annotations/annotations.d.ts.map +0 -1
- package/dist/esm/annotations/annotations.js +0 -24
- package/dist/esm/annotations/annotations.js.map +0 -1
package/README.md
CHANGED
@@ -5,64 +5,66 @@ This is a simple IAM policy library that allows you to safely parse and navigate
|
|
5
5
|
This may be updated in the future to allow modifying policies, right now it's read-only.
|
6
6
|
|
7
7
|
## Validate Policy Syntax with `validatePolicySyntax`
|
8
|
+
|
8
9
|
`validatePolicySyntax` is a syntax linter and will not validate the the policy is logical, secure, or correct.
|
9
10
|
|
10
11
|
This will take any object and return back an array of findings. If the array is empty then the policy is valid.
|
12
|
+
|
11
13
|
```typescript
|
12
14
|
import { validatePolicySyntax } from '@cloud-copilot/iam-policy'
|
13
15
|
|
14
16
|
validatePolicySyntax({
|
15
|
-
|
16
|
-
|
17
|
+
Version: '2012-10-17',
|
18
|
+
Statement: [
|
17
19
|
{
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
20
|
+
Sid: 'VisualEditor0',
|
21
|
+
Effect: 'Allow',
|
22
|
+
Action: 's3:GetObject',
|
23
|
+
Resource: 'arn:aws:s3:::mybucket/*'
|
22
24
|
}
|
23
25
|
]
|
24
|
-
})
|
26
|
+
}) // []
|
25
27
|
|
26
28
|
validatePolicySyntax({
|
27
|
-
|
28
|
-
|
29
|
+
Version: '2012-10-17',
|
30
|
+
Statement: [
|
29
31
|
{
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
32
|
+
Sid: 7,
|
33
|
+
Effect: 'Allow',
|
34
|
+
Action: 's3:GetObject',
|
35
|
+
Resource: 'arn:aws:s3:::mybucket/*'
|
34
36
|
}
|
35
37
|
]
|
36
|
-
})
|
37
|
-
|
38
|
+
}) // [{ message: 'Found data type number allowed type(s) are string', path: 'Statement[0].Sid'}]
|
38
39
|
|
39
40
|
/* It will attempt to find as many issues as possible in one pass */
|
40
41
|
validatePolicySyntax({
|
41
|
-
|
42
|
-
|
43
|
-
|
42
|
+
Version: '2012-10-17',
|
43
|
+
Comment: 'Jacob is kewl',
|
44
|
+
Statement: [
|
44
45
|
{
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
},
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
46
|
+
Sid: 'SomeStatement',
|
47
|
+
Effect: 7,
|
48
|
+
Action: 's3:GetObject',
|
49
|
+
Resource: 'arn:aws:s3:::mybucket/*'
|
50
|
+
},
|
51
|
+
{
|
52
|
+
Sid: 'SomeStatement',
|
53
|
+
Effect: ['Allow'],
|
54
|
+
Action: 's3:GetObject',
|
55
|
+
Resource: 'arn:aws:s3:::mybucket/*',
|
56
|
+
Condition: {
|
57
|
+
NumericLessThan: {
|
58
|
+
's3:max-keys': 7
|
57
59
|
},
|
58
|
-
|
59
|
-
|
60
|
-
|
60
|
+
StringLike: {
|
61
|
+
's3:authType': new RegExp(/REST.*/),
|
62
|
+
'aws:TagKeys/Foo': ['Bar*', 'Baz*']
|
61
63
|
}
|
62
64
|
}
|
63
65
|
}
|
64
66
|
]
|
65
|
-
})
|
67
|
+
}) /*
|
66
68
|
[
|
67
69
|
{ message: 'Invalid key Comment', path: 'Comment' },
|
68
70
|
{ message: 'Effect must be present and exactly "Allow" or "Deny"', path: 'Statement[0].Effect' },
|
@@ -74,56 +76,55 @@ validatePolicySyntax({
|
|
74
76
|
```
|
75
77
|
|
76
78
|
### Validate Specific Policy Types
|
77
|
-
There are functions to validate specific policy types, these do all of the general policy validation and additional checks for the specific policy type. For instance Service Control Policies only allow the Condition element when the Effect is Deny.
|
78
79
|
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
80
|
+
There are functions to validate specific policy types, these do all of the general policy validation and additional checks for the specific policy type. For instance Service Control Policies only allow the Condition element when the Effect is Deny.
|
81
|
+
|
82
|
+
- `validateIdentityPolicy(policy: any): ValidationError[]`
|
83
|
+
- `validateServiceControlPolicy(policy: any): ValidationError[]`
|
84
|
+
- `validateResourcePolicy(policy: any): ValidationError[]`
|
85
|
+
- `validateTrustPolicy(policy: any): ValidationError[]`
|
86
|
+
- `validateResourceControlPolicy(policy: any): ValidationError[]`
|
87
|
+
- `validateEndpointPolicy(policy: any): ValidationError[]`
|
88
|
+
- `validateSessionPolicy(policy: any): ValidationError[]`
|
86
89
|
|
87
90
|
## IAM Policy Parsing and Processing with `loadPolicy`
|
91
|
+
|
88
92
|
`loadPolicy` _**does not validate policies**_, if you want validation ahead of time use `validatePolicySyntax`.
|
89
93
|
|
90
94
|
### Normalizes Policy Elements that are Objects/Array of Objects or String/Array of Strings
|
95
|
+
|
91
96
|
```typescript
|
92
|
-
import{ loadPolicy } from '@cloud-copilot/iam-policy'
|
97
|
+
import { loadPolicy } from '@cloud-copilot/iam-policy'
|
93
98
|
|
94
99
|
//Statement can be an array of objects
|
95
100
|
const policyOne = {
|
96
|
-
|
97
|
-
|
101
|
+
Version: '2012-10-17',
|
102
|
+
Statement: [
|
98
103
|
{
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
],
|
104
|
-
"Resource": "arn:aws:s3:::government-secrets/*"
|
104
|
+
Sid: 'ArrayStatement',
|
105
|
+
Effect: 'Allow',
|
106
|
+
Action: ['s3:GetObject'],
|
107
|
+
Resource: 'arn:aws:s3:::government-secrets/*'
|
105
108
|
}
|
106
109
|
]
|
107
|
-
}
|
110
|
+
}
|
108
111
|
|
109
112
|
//Statement can also be a single object
|
110
113
|
const policyTwo = {
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
],
|
118
|
-
"Resource": "arn:aws:s3:::government-secrets/*"
|
114
|
+
Version: '2012-10-17',
|
115
|
+
Statement: {
|
116
|
+
Sid: 'ObjectStatement',
|
117
|
+
Effect: 'Allow',
|
118
|
+
Action: ['s3:GetObject'],
|
119
|
+
Resource: 'arn:aws:s3:::government-secrets/*'
|
119
120
|
}
|
120
|
-
}
|
121
|
+
}
|
121
122
|
|
122
123
|
//In both cases you can use the `statements` function to get an array of statements
|
123
|
-
const p1 = loadPolicy(policyOne)
|
124
|
-
const p2 = loadPolicy(policyTwo)
|
125
|
-
console.log(p1.statements()[0].sid())
|
126
|
-
console.log(p2.statements()[0].sid())
|
124
|
+
const p1 = loadPolicy(policyOne)
|
125
|
+
const p2 = loadPolicy(policyTwo)
|
126
|
+
console.log(p1.statements()[0].sid()) //ArrayStatement
|
127
|
+
console.log(p2.statements()[0].sid()) //ObjectStatement
|
127
128
|
```
|
128
129
|
|
129
130
|
There is similar support for condition values, principals, and resources.
|
@@ -167,36 +168,31 @@ There is similar support for `Action`, `NotAction`, `Principal`, `NotPrincipal`,
|
|
167
168
|
|
168
169
|
### Flatten Complex Structures
|
169
170
|
|
170
|
-
Simplifies complex elements by flattening them into an array of homogenous objects. For example the Principal value can be a string or an object; the object values can be strings or arrays of strings.
|
171
|
+
Simplifies complex elements by flattening them into an array of homogenous objects. For example the Principal value can be a string or an object; the object values can be strings or arrays of strings. We flatten those into an array of objects similar to what you would define in a terraform policy.
|
171
172
|
|
172
173
|
```typescript
|
173
|
-
import{ loadPolicy } from '@cloud-copilot/iam-policy'
|
174
|
+
import { loadPolicy } from '@cloud-copilot/iam-policy'
|
174
175
|
|
175
176
|
const principalPolicy = {
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
],
|
184
|
-
"CanonicalUser": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be",
|
185
|
-
"Federated": "cognito-identity.amazonaws.com"
|
177
|
+
Version: '2012-10-17',
|
178
|
+
Statement: {
|
179
|
+
Effect: 'Allow',
|
180
|
+
Principal: {
|
181
|
+
AWS: ['arn:aws:iam::123456789012:root', 'arn:aws:iam::123456789013:user/FoxMulder'],
|
182
|
+
CanonicalUser: '79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be',
|
183
|
+
Federated: 'cognito-identity.amazonaws.com'
|
186
184
|
},
|
187
|
-
|
188
|
-
|
189
|
-
],
|
190
|
-
"Resource": "arn:aws:s3:::government-secrets/*"
|
185
|
+
Action: ['s3:GetObject'],
|
186
|
+
Resource: 'arn:aws:s3:::government-secrets/*'
|
191
187
|
}
|
192
|
-
}
|
188
|
+
}
|
193
189
|
|
194
|
-
const p = loadPolicy(principalPolicy)
|
190
|
+
const p = loadPolicy(principalPolicy)
|
195
191
|
|
196
|
-
const statement = p.statements()[0]
|
197
|
-
if(statement.isPrincipalStatement()) {
|
192
|
+
const statement = p.statements()[0] // Get the first statement out
|
193
|
+
if (statement.isPrincipalStatement()) {
|
198
194
|
//Get an array of 4 Principal objects with a type and value
|
199
|
-
const principals = statement.principals()
|
195
|
+
const principals = statement.principals()
|
200
196
|
principals[0].type() //AWS
|
201
197
|
principals[0].value() //arn:aws:iam::123456789012:root
|
202
198
|
//and so on
|
@@ -208,37 +204,35 @@ if(statement.isPrincipalStatement()) {
|
|
208
204
|
There is similar flattening for the `Condition` element.
|
209
205
|
|
210
206
|
```typescript
|
211
|
-
import{ loadPolicy } from '@cloud-copilot/iam-policy'
|
207
|
+
import { loadPolicy } from '@cloud-copilot/iam-policy'
|
212
208
|
|
213
209
|
const principalPolicy = {
|
214
|
-
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
|
210
|
+
Version: '2012-10-17',
|
211
|
+
Statement: {
|
212
|
+
Effect: 'Allow',
|
213
|
+
Principal: {
|
214
|
+
AWS: 'arn:aws:iam::123456789012:root'
|
219
215
|
},
|
220
|
-
|
221
|
-
|
222
|
-
|
223
|
-
|
224
|
-
|
225
|
-
|
226
|
-
"s3:prefix": "home/${aws:username}",
|
227
|
-
"aws:PrincipalOrgID": "o-1234567890"
|
216
|
+
Action: ['s3:GetObject'],
|
217
|
+
Resource: 'arn:aws:s3:::government-secrets/*',
|
218
|
+
Condition: {
|
219
|
+
StringEquals: {
|
220
|
+
's3:prefix': 'home/${aws:username}',
|
221
|
+
'aws:PrincipalOrgID': 'o-1234567890'
|
228
222
|
},
|
229
|
-
|
230
|
-
|
231
|
-
|
223
|
+
StringLike: {
|
224
|
+
's3:authType': 'REST*',
|
225
|
+
'aws:TagKeys/Foo': ['Bar*', 'Baz*']
|
232
226
|
}
|
233
227
|
}
|
234
228
|
}
|
235
|
-
}
|
229
|
+
}
|
236
230
|
|
237
|
-
const p = loadPolicy(principalPolicy)
|
231
|
+
const p = loadPolicy(principalPolicy)
|
238
232
|
|
239
|
-
const statement = p.statements()[0]
|
233
|
+
const statement = p.statements()[0] // Get the first statement out
|
240
234
|
|
241
|
-
const conditions = statement.conditions()
|
235
|
+
const conditions = statement.conditions()
|
242
236
|
conditions[0].operation().value() //StringEquals
|
243
237
|
conditions[0].conditionKey() //s3:prefix
|
244
238
|
conditions[0].conditionValues() //[ home/${aws:username} ]
|
@@ -1,4 +1,3 @@
|
|
1
|
-
import { Annotated, Annotations } from '../annotations/annotations.js';
|
2
1
|
export type ActionType = 'service' | 'wildcard';
|
3
2
|
/**
|
4
3
|
* An Action string in an IAM policy
|
@@ -21,8 +20,6 @@ export interface Action {
|
|
21
20
|
*/
|
22
21
|
isServiceAction(): this is ServiceAction;
|
23
22
|
}
|
24
|
-
export interface AnnotatedAction extends Action, Annotated {
|
25
|
-
}
|
26
23
|
/**
|
27
24
|
* A wildcard action: `"*"`
|
28
25
|
*/
|
@@ -49,12 +46,9 @@ export interface ServiceAction extends Action {
|
|
49
46
|
*/
|
50
47
|
action(): string;
|
51
48
|
}
|
52
|
-
export declare class ActionImpl implements Action,
|
49
|
+
export declare class ActionImpl implements Action, WildcardAction, ServiceAction {
|
53
50
|
private readonly rawValue;
|
54
|
-
private readonly annotationStore;
|
55
51
|
constructor(rawValue: string);
|
56
|
-
addAnnotation(key: string, value: string): void;
|
57
|
-
getAnnotations(): Annotations;
|
58
52
|
type(): ActionType;
|
59
53
|
wildcardValue(): '*';
|
60
54
|
value(): string;
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"action.d.ts","sourceRoot":"","sources":["../../../src/actions/action.ts"],"names":[],"mappings":"
|
1
|
+
{"version":3,"file":"action.d.ts","sourceRoot":"","sources":["../../../src/actions/action.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,UAAU,GAAG,SAAS,GAAG,UAAU,CAAA;AAE/C;;GAEG;AACH,MAAM,WAAW,MAAM;IACrB;;OAEG;IACH,IAAI,IAAI,UAAU,CAAA;IAElB;;OAEG;IACH,KAAK,IAAI,MAAM,CAAA;IAEf;;OAEG;IACH,gBAAgB,IAAI,IAAI,IAAI,cAAc,CAAA;IAE1C;;OAEG;IACH,eAAe,IAAI,IAAI,IAAI,aAAa,CAAA;CACzC;AAED;;GAEG;AACH,MAAM,WAAW,cAAe,SAAQ,MAAM;IAC5C;;;;OAIG;IACH,aAAa,IAAI,GAAG,CAAA;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,aAAc,SAAQ,MAAM;IAC3C;;;;OAIG;IACH,OAAO,IAAI,MAAM,CAAA;IAEjB;;OAEG;IACH,MAAM,IAAI,MAAM,CAAA;CACjB;AAED,qBAAa,UAAW,YAAW,MAAM,EAAE,cAAc,EAAE,aAAa;IAC1D,OAAO,CAAC,QAAQ,CAAC,QAAQ;gBAAR,QAAQ,EAAE,MAAM;IAEtC,IAAI,IAAI,UAAU;IAOlB,aAAa,IAAI,GAAG;IAIpB,KAAK,IAAI,MAAM;IAIf,gBAAgB,IAAI,IAAI,IAAI,cAAc;IAI1C,eAAe,IAAI,IAAI,IAAI,aAAa;IAIxC,OAAO,IAAI,MAAM;IAIjB,MAAM,IAAI,MAAM;CAGxB"}
|
@@ -1,20 +1,11 @@
|
|
1
1
|
"use strict";
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
3
3
|
exports.ActionImpl = void 0;
|
4
|
-
const annotations_js_1 = require("../annotations/annotations.js");
|
5
4
|
const utils_js_1 = require("../utils.js");
|
6
5
|
class ActionImpl {
|
7
6
|
rawValue;
|
8
|
-
annotationStore;
|
9
7
|
constructor(rawValue) {
|
10
8
|
this.rawValue = rawValue;
|
11
|
-
this.annotationStore = new annotations_js_1.AnnotationStore();
|
12
|
-
}
|
13
|
-
addAnnotation(key, value) {
|
14
|
-
this.annotationStore.addAnnotation(key, value);
|
15
|
-
}
|
16
|
-
getAnnotations() {
|
17
|
-
return this.annotationStore;
|
18
9
|
}
|
19
10
|
type() {
|
20
11
|
if ((0, utils_js_1.isAllWildcards)(this.rawValue)) {
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"action.js","sourceRoot":"","sources":["../../../src/actions/action.ts"],"names":[],"mappings":";;;AAAA,
|
1
|
+
{"version":3,"file":"action.js","sourceRoot":"","sources":["../../../src/actions/action.ts"],"names":[],"mappings":";;;AAAA,0CAA4C;AA0D5C,MAAa,UAAU;IACQ;IAA7B,YAA6B,QAAgB;QAAhB,aAAQ,GAAR,QAAQ,CAAQ;IAAG,CAAC;IAE1C,IAAI;QACT,IAAI,IAAA,yBAAc,EAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,OAAO,UAAU,CAAA;QACnB,CAAC;QACD,OAAO,SAAS,CAAA;IAClB,CAAC;IAEM,aAAa;QAClB,OAAO,GAAG,CAAA;IACZ,CAAC;IAEM,KAAK;QACV,OAAO,IAAI,CAAC,QAAQ,CAAA;IACtB,CAAC;IAEM,gBAAgB;QACrB,OAAO,IAAI,CAAC,IAAI,EAAE,KAAK,UAAU,CAAA;IACnC,CAAC;IAEM,eAAe;QACpB,OAAO,IAAI,CAAC,IAAI,EAAE,KAAK,SAAS,CAAA;IAClC,CAAC;IAEM,OAAO;QACZ,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,CAAA;IACnD,CAAC;IAEM,MAAM;QACX,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;IACpC,CAAC;CACF;AAjCD,gCAiCC"}
|
@@ -1,4 +1,3 @@
|
|
1
|
-
import { Annotated, Annotations } from '../annotations/annotations.js';
|
2
1
|
import { ConditionOperation } from './conditionOperation.js';
|
3
2
|
export interface Condition {
|
4
3
|
/**
|
@@ -26,16 +25,11 @@ export interface Condition {
|
|
26
25
|
*/
|
27
26
|
valueIsArray(): boolean;
|
28
27
|
}
|
29
|
-
export
|
30
|
-
}
|
31
|
-
export declare class ConditionImpl implements Condition, AnnotatedCondition {
|
28
|
+
export declare class ConditionImpl implements Condition {
|
32
29
|
private readonly op;
|
33
30
|
private readonly key;
|
34
31
|
private readonly values;
|
35
|
-
private readonly annotations;
|
36
32
|
constructor(op: string, key: string, values: string | string[]);
|
37
|
-
addAnnotation(key: string, value: string): void;
|
38
|
-
getAnnotations(): Annotations;
|
39
33
|
operation(): ConditionOperation;
|
40
34
|
conditionKey(): string;
|
41
35
|
conditionValues(): string[];
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"condition.d.ts","sourceRoot":"","sources":["../../../src/conditions/condition.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
1
|
+
{"version":3,"file":"condition.d.ts","sourceRoot":"","sources":["../../../src/conditions/condition.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAA0B,MAAM,yBAAyB,CAAA;AAEpF,MAAM,WAAW,SAAS;IACxB;;;;OAIG;IACH,SAAS,IAAI,kBAAkB,CAAA;IAE/B;;;;OAIG;IACH,YAAY,IAAI,MAAM,CAAA;IAEtB;;;;OAIG;IACH,eAAe,IAAI,MAAM,EAAE,CAAA;IAE3B;;;;OAIG;IACH,YAAY,IAAI,OAAO,CAAA;CACxB;AAED,qBAAa,aAAc,YAAW,SAAS;IAE3C,OAAO,CAAC,QAAQ,CAAC,EAAE;IACnB,OAAO,CAAC,QAAQ,CAAC,GAAG;IACpB,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAFN,EAAE,EAAE,MAAM,EACV,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE;IAGrC,SAAS,IAAI,kBAAkB;IAI/B,YAAY,IAAI,MAAM;IAItB,eAAe,IAAI,MAAM,EAAE;IAI3B,YAAY,IAAI,OAAO;CAG/B"}
|
@@ -1,24 +1,16 @@
|
|
1
1
|
"use strict";
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
3
3
|
exports.ConditionImpl = void 0;
|
4
|
-
const annotations_js_1 = require("../annotations/annotations.js");
|
5
4
|
const conditionOperation_js_1 = require("./conditionOperation.js");
|
6
5
|
class ConditionImpl {
|
7
6
|
op;
|
8
7
|
key;
|
9
8
|
values;
|
10
|
-
annotations = new annotations_js_1.AnnotationStore();
|
11
9
|
constructor(op, key, values) {
|
12
10
|
this.op = op;
|
13
11
|
this.key = key;
|
14
12
|
this.values = values;
|
15
13
|
}
|
16
|
-
addAnnotation(key, value) {
|
17
|
-
this.annotations.addAnnotation(key, value);
|
18
|
-
}
|
19
|
-
getAnnotations() {
|
20
|
-
return this.annotations;
|
21
|
-
}
|
22
14
|
operation() {
|
23
15
|
return new conditionOperation_js_1.ConditionOperationImpl(this.op);
|
24
16
|
}
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"condition.js","sourceRoot":"","sources":["../../../src/conditions/condition.ts"],"names":[],"mappings":";;;AAAA,
|
1
|
+
{"version":3,"file":"condition.js","sourceRoot":"","sources":["../../../src/conditions/condition.ts"],"names":[],"mappings":";;;AAAA,mEAAoF;AAgCpF,MAAa,aAAa;IAEL;IACA;IACA;IAHnB,YACmB,EAAU,EACV,GAAW,EACX,MAAyB;QAFzB,OAAE,GAAF,EAAE,CAAQ;QACV,QAAG,GAAH,GAAG,CAAQ;QACX,WAAM,GAAN,MAAM,CAAmB;IACzC,CAAC;IAEG,SAAS;QACd,OAAO,IAAI,8CAAsB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAC5C,CAAC;IAEM,YAAY;QACjB,OAAO,IAAI,CAAC,GAAG,CAAA;IACjB,CAAC;IAEM,eAAe;QACpB,OAAO,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAA;IACtE,CAAC;IAEM,YAAY;QACjB,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IACnC,CAAC;CACF;AAtBD,sCAsBC"}
|
package/dist/cjs/index.d.ts
CHANGED
@@ -1,11 +1,11 @@
|
|
1
|
-
export type { Action, ActionType,
|
2
|
-
export type {
|
1
|
+
export type { Action, ActionType, ServiceAction, WildcardAction } from './actions/action.js';
|
2
|
+
export type { Condition } from './conditions/condition.js';
|
3
3
|
export type { ConditionOperation, SetOperator } from './conditions/conditionOperation.js';
|
4
|
-
export {
|
5
|
-
export type {
|
6
|
-
export type { AccountPrincipal,
|
7
|
-
export type {
|
8
|
-
export type { ActionStatement,
|
4
|
+
export { loadPolicy } from './parser.js';
|
5
|
+
export type { Policy } from './policies/policy.js';
|
6
|
+
export type { AccountPrincipal, AwsPrincipal, CanonicalUserPrincipal, FederatedPrincipal, Principal, PrincipalType, ServicePrincipal, WildcardPrincipal } from './principals/principal.js';
|
7
|
+
export type { Resource } from './resources/resource.js';
|
8
|
+
export type { ActionStatement, NotActionStatement, NotPrincipalStatement, NotResourceStatement, PrincipalStatement, ResourceStatement, Statement } from './statements/statement.js';
|
9
9
|
export { validatePolicySyntax, type ValidationError } from './validate/validate.js';
|
10
10
|
export { validateEndpointPolicy, validateIdentityPolicy, validateResourceControlPolicy, validateResourcePolicy, validateServiceControlPolicy, validateSessionPolicy, validateTrustPolicy } from './validate/validateTypes.js';
|
11
11
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/cjs/index.d.ts.map
CHANGED
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAC5F,YAAY,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAC1D,YAAY,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAA;AACzF,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,YAAY,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAClD,YAAY,EACV,gBAAgB,EAChB,YAAY,EACZ,sBAAsB,EACtB,kBAAkB,EAClB,SAAS,EACT,aAAa,EACb,gBAAgB,EAChB,iBAAiB,EAClB,MAAM,2BAA2B,CAAA;AAClC,YAAY,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAA;AACvD,YAAY,EACV,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,oBAAoB,EACpB,kBAAkB,EAClB,iBAAiB,EACjB,SAAS,EACV,MAAM,2BAA2B,CAAA;AAClC,OAAO,EAAE,oBAAoB,EAAE,KAAK,eAAe,EAAE,MAAM,wBAAwB,CAAA;AACnF,OAAO,EACL,sBAAsB,EACtB,sBAAsB,EACtB,6BAA6B,EAC7B,sBAAsB,EACtB,4BAA4B,EAC5B,qBAAqB,EACrB,mBAAmB,EACpB,MAAM,6BAA6B,CAAA"}
|
package/dist/cjs/index.js
CHANGED
@@ -1,8 +1,7 @@
|
|
1
1
|
"use strict";
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
3
|
-
exports.validateTrustPolicy = exports.validateSessionPolicy = exports.validateServiceControlPolicy = exports.validateResourcePolicy = exports.validateResourceControlPolicy = exports.validateIdentityPolicy = exports.validateEndpointPolicy = exports.validatePolicySyntax = exports.loadPolicy =
|
3
|
+
exports.validateTrustPolicy = exports.validateSessionPolicy = exports.validateServiceControlPolicy = exports.validateResourcePolicy = exports.validateResourceControlPolicy = exports.validateIdentityPolicy = exports.validateEndpointPolicy = exports.validatePolicySyntax = exports.loadPolicy = void 0;
|
4
4
|
var parser_js_1 = require("./parser.js");
|
5
|
-
Object.defineProperty(exports, "loadAnnotatedPolicy", { enumerable: true, get: function () { return parser_js_1.loadAnnotatedPolicy; } });
|
6
5
|
Object.defineProperty(exports, "loadPolicy", { enumerable: true, get: function () { return parser_js_1.loadPolicy; } });
|
7
6
|
var validate_js_1 = require("./validate/validate.js");
|
8
7
|
Object.defineProperty(exports, "validatePolicySyntax", { enumerable: true, get: function () { return validate_js_1.validatePolicySyntax; } });
|
package/dist/cjs/index.js.map
CHANGED
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAGA,yCAAwC;AAA/B,uGAAA,UAAU,OAAA;AAsBnB,sDAAmF;AAA1E,mHAAA,oBAAoB,OAAA;AAC7B,gEAQoC;AAPlC,0HAAA,sBAAsB,OAAA;AACtB,0HAAA,sBAAsB,OAAA;AACtB,iIAAA,6BAA6B,OAAA;AAC7B,0HAAA,sBAAsB,OAAA;AACtB,gIAAA,4BAA4B,OAAA;AAC5B,yHAAA,qBAAqB,OAAA;AACrB,uHAAA,mBAAmB,OAAA"}
|
package/dist/cjs/parser.d.ts
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
import {
|
1
|
+
import { type Policy } from './policies/policy.js';
|
2
2
|
/**
|
3
3
|
* Load a Policy from a policy document
|
4
4
|
*
|
@@ -6,5 +6,4 @@ import { AnnotatedPolicy, type Policy } from './policies/policy.js';
|
|
6
6
|
* @returns the Policy object for the backing policy document
|
7
7
|
*/
|
8
8
|
export declare function loadPolicy(policyDocument: any): Policy;
|
9
|
-
export declare function loadAnnotatedPolicy(policyDocument: any): AnnotatedPolicy;
|
10
9
|
//# sourceMappingURL=parser.d.ts.map
|
package/dist/cjs/parser.d.ts.map
CHANGED
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../../src/parser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
1
|
+
{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../../src/parser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,MAAM,EAAc,MAAM,sBAAsB,CAAA;AAE9D;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,cAAc,EAAE,GAAG,GAAG,MAAM,CAEtD"}
|
package/dist/cjs/parser.js
CHANGED
@@ -1,7 +1,6 @@
|
|
1
1
|
"use strict";
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
3
3
|
exports.loadPolicy = loadPolicy;
|
4
|
-
exports.loadAnnotatedPolicy = loadAnnotatedPolicy;
|
5
4
|
const policy_js_1 = require("./policies/policy.js");
|
6
5
|
/**
|
7
6
|
* Load a Policy from a policy document
|
@@ -10,9 +9,6 @@ const policy_js_1 = require("./policies/policy.js");
|
|
10
9
|
* @returns the Policy object for the backing policy document
|
11
10
|
*/
|
12
11
|
function loadPolicy(policyDocument) {
|
13
|
-
return new policy_js_1.PolicyImpl(policyDocument
|
14
|
-
}
|
15
|
-
function loadAnnotatedPolicy(policyDocument) {
|
16
|
-
return new policy_js_1.PolicyImpl(policyDocument, true);
|
12
|
+
return new policy_js_1.PolicyImpl(policyDocument);
|
17
13
|
}
|
18
14
|
//# sourceMappingURL=parser.js.map
|
package/dist/cjs/parser.js.map
CHANGED
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"parser.js","sourceRoot":"","sources":["../../src/parser.ts"],"names":[],"mappings":";;AAQA,gCAEC;
|
1
|
+
{"version":3,"file":"parser.js","sourceRoot":"","sources":["../../src/parser.ts"],"names":[],"mappings":";;AAQA,gCAEC;AAVD,oDAA8D;AAE9D;;;;;GAKG;AACH,SAAgB,UAAU,CAAC,cAAmB;IAC5C,OAAO,IAAI,sBAAU,CAAC,cAAc,CAAC,CAAA;AACvC,CAAC"}
|
@@ -1,5 +1,4 @@
|
|
1
|
-
import {
|
2
|
-
import { AnnotatedStatement, Statement } from '../statements/statement.js';
|
1
|
+
import { Statement } from '../statements/statement.js';
|
3
2
|
export interface Policy {
|
4
3
|
/**
|
5
4
|
* The version of the policy
|
@@ -18,22 +17,13 @@ export interface Policy {
|
|
18
17
|
*/
|
19
18
|
statementIsArray(): boolean;
|
20
19
|
}
|
21
|
-
export
|
22
|
-
statements(): AnnotatedStatement[];
|
23
|
-
}
|
24
|
-
export declare class PolicyImpl implements Policy, AnnotatedPolicy {
|
20
|
+
export declare class PolicyImpl implements Policy {
|
25
21
|
private readonly policyObject;
|
26
|
-
|
27
|
-
private readonly annotationStore;
|
28
|
-
private statementsCache;
|
29
|
-
constructor(policyObject: any, stateful: boolean);
|
22
|
+
constructor(policyObject: any);
|
30
23
|
version(): string | undefined;
|
31
24
|
id(): string | undefined;
|
32
25
|
statements(): Statement[];
|
33
|
-
statements(): AnnotatedStatement[];
|
34
26
|
private newStatements;
|
35
|
-
addAnnotation(key: string, value: string): void;
|
36
|
-
getAnnotations(): Annotations;
|
37
27
|
statementIsArray(): boolean;
|
38
28
|
}
|
39
29
|
//# sourceMappingURL=policy.d.ts.map
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../../src/policies/policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,
|
1
|
+
{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../../src/policies/policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAiB,MAAM,4BAA4B,CAAA;AAErE,MAAM,WAAW,MAAM;IACrB;;OAEG;IACH,OAAO,IAAI,MAAM,GAAG,SAAS,CAAA;IAE7B;;OAEG;IACH,EAAE,IAAI,MAAM,GAAG,SAAS,CAAA;IAExB;;OAEG;IACH,UAAU,IAAI,SAAS,EAAE,CAAA;IAEzB;;OAEG;IACH,gBAAgB,IAAI,OAAO,CAAA;CAC5B;AAED,qBAAa,UAAW,YAAW,MAAM;IAC3B,OAAO,CAAC,QAAQ,CAAC,YAAY;gBAAZ,YAAY,EAAE,GAAG;IAEvC,OAAO,IAAI,MAAM,GAAG,SAAS;IAI7B,EAAE,IAAI,MAAM,GAAG,SAAS;IAIxB,UAAU,IAAI,SAAS,EAAE;IAIhC,OAAO,CAAC,aAAa;IAMd,gBAAgB,IAAI,OAAO;CAGnC"}
|
@@ -1,17 +1,11 @@
|
|
1
1
|
"use strict";
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
3
3
|
exports.PolicyImpl = void 0;
|
4
|
-
const annotations_js_1 = require("../annotations/annotations.js");
|
5
4
|
const statement_js_1 = require("../statements/statement.js");
|
6
5
|
class PolicyImpl {
|
7
6
|
policyObject;
|
8
|
-
|
9
|
-
annotationStore;
|
10
|
-
statementsCache;
|
11
|
-
constructor(policyObject, stateful) {
|
7
|
+
constructor(policyObject) {
|
12
8
|
this.policyObject = policyObject;
|
13
|
-
this.stateful = stateful;
|
14
|
-
this.annotationStore = new annotations_js_1.AnnotationStore();
|
15
9
|
}
|
16
10
|
version() {
|
17
11
|
return this.policyObject.Version;
|
@@ -20,24 +14,12 @@ class PolicyImpl {
|
|
20
14
|
return this.policyObject.Id;
|
21
15
|
}
|
22
16
|
statements() {
|
23
|
-
|
24
|
-
return this.newStatements();
|
25
|
-
}
|
26
|
-
if (!this.statementsCache) {
|
27
|
-
this.statementsCache = this.newStatements();
|
28
|
-
}
|
29
|
-
return this.statementsCache;
|
17
|
+
return this.newStatements();
|
30
18
|
}
|
31
19
|
newStatements() {
|
32
20
|
return [this.policyObject.Statement]
|
33
21
|
.flat()
|
34
|
-
.map((statement, index) => new statement_js_1.StatementImpl(statement, index + 1
|
35
|
-
}
|
36
|
-
addAnnotation(key, value) {
|
37
|
-
this.annotationStore.addAnnotation(key, value);
|
38
|
-
}
|
39
|
-
getAnnotations() {
|
40
|
-
return this.annotationStore;
|
22
|
+
.map((statement, index) => new statement_js_1.StatementImpl(statement, index + 1));
|
41
23
|
}
|
42
24
|
statementIsArray() {
|
43
25
|
return Array.isArray(this.policyObject.Statement);
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../src/policies/policy.ts"],"names":[],"mappings":";;;AAAA,
|
1
|
+
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../src/policies/policy.ts"],"names":[],"mappings":";;;AAAA,6DAAqE;AAwBrE,MAAa,UAAU;IACQ;IAA7B,YAA6B,YAAiB;QAAjB,iBAAY,GAAZ,YAAY,CAAK;IAAG,CAAC;IAE3C,OAAO;QACZ,OAAO,IAAI,CAAC,YAAY,CAAC,OAAO,CAAA;IAClC,CAAC;IAEM,EAAE;QACP,OAAO,IAAI,CAAC,YAAY,CAAC,EAAE,CAAA;IAC7B,CAAC;IAEM,UAAU;QACf,OAAO,IAAI,CAAC,aAAa,EAAE,CAAA;IAC7B,CAAC;IAEO,aAAa;QACnB,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC;aACjC,IAAI,EAAE;aACN,GAAG,CAAC,CAAC,SAAc,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,4BAAa,CAAC,SAAS,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAA;IAC5E,CAAC;IAEM,gBAAgB;QACrB,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAA;IACnD,CAAC;CACF;AAxBD,gCAwBC"}
|