@cloud-copilot/iam-policy 0.1.5-2 → 0.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +101 -107
- package/dist/cjs/actions/action.d.ts +1 -7
- package/dist/cjs/actions/action.d.ts.map +1 -1
- package/dist/cjs/actions/action.js +0 -9
- package/dist/cjs/actions/action.js.map +1 -1
- package/dist/cjs/conditions/condition.d.ts +1 -7
- package/dist/cjs/conditions/condition.d.ts.map +1 -1
- package/dist/cjs/conditions/condition.js +0 -8
- package/dist/cjs/conditions/condition.js.map +1 -1
- package/dist/cjs/index.d.ts +7 -7
- package/dist/cjs/index.d.ts.map +1 -1
- package/dist/cjs/index.js +1 -2
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/parser.d.ts +1 -2
- package/dist/cjs/parser.d.ts.map +1 -1
- package/dist/cjs/parser.js +1 -5
- package/dist/cjs/parser.js.map +1 -1
- package/dist/cjs/policies/policy.d.ts +3 -13
- package/dist/cjs/policies/policy.d.ts.map +1 -1
- package/dist/cjs/policies/policy.js +3 -21
- package/dist/cjs/policies/policy.js.map +1 -1
- package/dist/cjs/principals/principal.d.ts +1 -7
- package/dist/cjs/principals/principal.d.ts.map +1 -1
- package/dist/cjs/principals/principal.js +0 -9
- package/dist/cjs/principals/principal.js.map +1 -1
- package/dist/cjs/resources/resource.d.ts +1 -7
- package/dist/cjs/resources/resource.d.ts.map +1 -1
- package/dist/cjs/resources/resource.js +0 -8
- package/dist/cjs/resources/resource.js.map +1 -1
- package/dist/cjs/statements/statement.d.ts +20 -64
- package/dist/cjs/statements/statement.d.ts.map +1 -1
- package/dist/cjs/statements/statement.js +20 -68
- package/dist/cjs/statements/statement.js.map +1 -1
- package/dist/cjs/validate/testutil.d.ts +3 -0
- package/dist/cjs/validate/testutil.d.ts.map +1 -0
- package/dist/cjs/validate/testutil.js +21 -0
- package/dist/cjs/validate/testutil.js.map +1 -0
- package/dist/cjs/validate/validate.js +13 -10
- package/dist/cjs/validate/validate.js.map +1 -1
- package/dist/cjs/validate/validateTypes.js +4 -4
- package/dist/cjs/validate/validateTypes.js.map +1 -1
- package/dist/esm/actions/action.d.ts +1 -7
- package/dist/esm/actions/action.d.ts.map +1 -1
- package/dist/esm/actions/action.js +0 -8
- package/dist/esm/actions/action.js.map +1 -1
- package/dist/esm/conditions/condition.d.ts +1 -7
- package/dist/esm/conditions/condition.d.ts.map +1 -1
- package/dist/esm/conditions/condition.js +0 -8
- package/dist/esm/conditions/condition.js.map +1 -1
- package/dist/esm/index.d.ts +7 -7
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.js +1 -1
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/parser.d.ts +1 -2
- package/dist/esm/parser.d.ts.map +1 -1
- package/dist/esm/parser.js +1 -4
- package/dist/esm/parser.js.map +1 -1
- package/dist/esm/policies/policy.d.ts +3 -13
- package/dist/esm/policies/policy.d.ts.map +1 -1
- package/dist/esm/policies/policy.js +3 -18
- package/dist/esm/policies/policy.js.map +1 -1
- package/dist/esm/principals/principal.d.ts +1 -7
- package/dist/esm/principals/principal.d.ts.map +1 -1
- package/dist/esm/principals/principal.js +0 -8
- package/dist/esm/principals/principal.js.map +1 -1
- package/dist/esm/resources/resource.d.ts +1 -7
- package/dist/esm/resources/resource.d.ts.map +1 -1
- package/dist/esm/resources/resource.js +0 -8
- package/dist/esm/resources/resource.js.map +1 -1
- package/dist/esm/statements/statement.d.ts +20 -64
- package/dist/esm/statements/statement.d.ts.map +1 -1
- package/dist/esm/statements/statement.js +20 -59
- package/dist/esm/statements/statement.js.map +1 -1
- package/dist/esm/validate/testutil.d.ts +3 -0
- package/dist/esm/validate/testutil.d.ts.map +1 -0
- package/dist/esm/validate/testutil.js +18 -0
- package/dist/esm/validate/testutil.js.map +1 -0
- package/dist/esm/validate/validate.js +13 -10
- package/dist/esm/validate/validate.js.map +1 -1
- package/dist/esm/validate/validateTypes.js +4 -4
- package/dist/esm/validate/validateTypes.js.map +1 -1
- package/package.json +1 -1
- package/dist/cjs/annotations/annotations.d.ts +0 -55
- package/dist/cjs/annotations/annotations.d.ts.map +0 -1
- package/dist/cjs/annotations/annotations.js +0 -29
- package/dist/cjs/annotations/annotations.js.map +0 -1
- package/dist/esm/annotations/annotations.d.ts +0 -55
- package/dist/esm/annotations/annotations.d.ts.map +0 -1
- package/dist/esm/annotations/annotations.js +0 -24
- package/dist/esm/annotations/annotations.js.map +0 -1
@@ -1,4 +1,3 @@
|
|
1
|
-
import { Annotated, Annotations } from '../annotations/annotations.js';
|
2
1
|
export type PrincipalType = 'AWS' | 'Service' | 'Federated' | 'CanonicalUser';
|
3
2
|
/**
|
4
3
|
* A Principal in a policy statement
|
@@ -41,8 +40,6 @@ export interface Principal {
|
|
41
40
|
*/
|
42
41
|
isAccountPrincipal(): this is AccountPrincipal;
|
43
42
|
}
|
44
|
-
export interface AnnotatedPrincipal extends Principal, Annotated {
|
45
|
-
}
|
46
43
|
/**
|
47
44
|
* A wildcard principal: `"*"`
|
48
45
|
*/
|
@@ -101,13 +98,10 @@ export interface CanonicalUserPrincipal extends Principal {
|
|
101
98
|
*/
|
102
99
|
canonicalUser(): string;
|
103
100
|
}
|
104
|
-
export declare class PrincipalImpl implements Principal,
|
101
|
+
export declare class PrincipalImpl implements Principal, WildcardPrincipal, AccountPrincipal, UniqueIdPrincipal, AwsPrincipal, ServicePrincipal, FederatedPrincipal, CanonicalUserPrincipal {
|
105
102
|
private readonly principalType;
|
106
103
|
private readonly principalId;
|
107
|
-
private readonly annotationStore;
|
108
104
|
constructor(principalType: PrincipalType, principalId: string);
|
109
|
-
addAnnotation(key: string, value: string): void;
|
110
|
-
getAnnotations(): Annotations;
|
111
105
|
value(): string;
|
112
106
|
type(): PrincipalType;
|
113
107
|
isWildcardPrincipal(): this is WildcardPrincipal;
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"principal.d.ts","sourceRoot":"","sources":["../../../src/principals/principal.ts"],"names":[],"mappings":"AAAA,
|
1
|
+
{"version":3,"file":"principal.d.ts","sourceRoot":"","sources":["../../../src/principals/principal.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GAAG,KAAK,GAAG,SAAS,GAAG,WAAW,GAAG,eAAe,CAAA;AAE7E;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB;;OAEG;IACH,IAAI,IAAI,aAAa,CAAA;IAErB;;OAEG;IACH,KAAK,IAAI,MAAM,CAAA;IAEf;;OAEG;IACH,mBAAmB,IAAI,IAAI,IAAI,iBAAiB,CAAA;IAEhD;;OAEG;IACH,kBAAkB,IAAI,IAAI,IAAI,gBAAgB,CAAA;IAE9C;;OAEG;IACH,cAAc,IAAI,IAAI,IAAI,YAAY,CAAA;IAEtC;;OAEG;IACH,mBAAmB,IAAI,IAAI,IAAI,iBAAiB,CAAA;IAEhD;;OAEG;IACH,oBAAoB,IAAI,IAAI,IAAI,kBAAkB,CAAA;IAElD;;OAEG;IACH,wBAAwB,IAAI,IAAI,IAAI,sBAAsB,CAAA;IAE1D;;OAEG;IACH,kBAAkB,IAAI,IAAI,IAAI,gBAAgB,CAAA;CAC/C;AAED;;GAEG;AACH,MAAM,WAAW,iBAAkB,SAAQ,SAAS;IAClD;;OAEG;IACH,QAAQ,IAAI,GAAG,CAAA;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAiB,SAAQ,SAAS;IACjD;;OAEG;IACH,SAAS,IAAI,MAAM,CAAA;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,YAAa,SAAQ,SAAS;IAC7C,GAAG,IAAI,MAAM,CAAA;CACd;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAkB,SAAQ,SAAS;IAClD,QAAQ,IAAI,MAAM,CAAA;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAiB,SAAQ,SAAS;IACjD;;OAEG;IACH,OAAO,IAAI,MAAM,CAAA;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAmB,SAAQ,SAAS;IACnD;;OAEG;IACH,SAAS,IAAI,MAAM,CAAA;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAuB,SAAQ,SAAS;IACvD;;OAEG;IACH,aAAa,IAAI,MAAM,CAAA;CACxB;AAMD,qBAAa,aACX,YACE,SAAS,EACT,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAChB,kBAAkB,EAClB,sBAAsB;IAGtB,OAAO,CAAC,QAAQ,CAAC,aAAa;IAC9B,OAAO,CAAC,QAAQ,CAAC,WAAW;gBADX,aAAa,EAAE,aAAa,EAC5B,WAAW,EAAE,MAAM;IAG/B,KAAK,IAAI,MAAM;IAIf,IAAI,IAAI,aAAa;IAIrB,mBAAmB,IAAI,IAAI,IAAI,iBAAiB;IAIhD,kBAAkB,IAAI,IAAI,IAAI,gBAAgB;IAO9C,mBAAmB,IAAI,IAAI,IAAI,iBAAiB;IAOhD,cAAc,IAAI,IAAI,IAAI,YAAY;IAUtC,kBAAkB,IAAI,IAAI,IAAI,gBAAgB;IAI9C,oBAAoB,IAAI,IAAI,IAAI,kBAAkB;IAIlD,wBAAwB,IAAI,IAAI,IAAI,sBAAsB;IAI1D,QAAQ,IAAI,GAAG;IASf,SAAS,IAAI,MAAM;IAYnB,QAAQ,IAAI,MAAM;IASlB,GAAG,IAAI,MAAM;IASb,OAAO,IAAI,MAAM;IASjB,SAAS,IAAI,MAAM;IASnB,aAAa,IAAI,MAAM;CAQ/B"}
|
@@ -1,24 +1,15 @@
|
|
1
1
|
"use strict";
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
3
3
|
exports.PrincipalImpl = void 0;
|
4
|
-
const annotations_js_1 = require("../annotations/annotations.js");
|
5
4
|
const accountIdRegex = /^[0-9]{12}$/;
|
6
5
|
const accountArnRegex = /^arn:.*?:iam::[0-9]{12}:root$/;
|
7
6
|
const uniqueIdRegex = /^A[0-9A-Z]+$/;
|
8
7
|
class PrincipalImpl {
|
9
8
|
principalType;
|
10
9
|
principalId;
|
11
|
-
annotationStore;
|
12
10
|
constructor(principalType, principalId) {
|
13
11
|
this.principalType = principalType;
|
14
12
|
this.principalId = principalId;
|
15
|
-
this.annotationStore = new annotations_js_1.AnnotationStore();
|
16
|
-
}
|
17
|
-
addAnnotation(key, value) {
|
18
|
-
this.annotationStore.addAnnotation(key, value);
|
19
|
-
}
|
20
|
-
getAnnotations() {
|
21
|
-
return this.annotationStore;
|
22
13
|
}
|
23
14
|
value() {
|
24
15
|
return this.principalId;
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"principal.js","sourceRoot":"","sources":["../../../src/principals/principal.ts"],"names":[],"mappings":";;;
|
1
|
+
{"version":3,"file":"principal.js","sourceRoot":"","sources":["../../../src/principals/principal.ts"],"names":[],"mappings":";;;AAqHA,MAAM,cAAc,GAAG,aAAa,CAAA;AACpC,MAAM,eAAe,GAAG,+BAA+B,CAAA;AACvD,MAAM,aAAa,GAAG,cAAc,CAAA;AAEpC,MAAa,aAAa;IAYL;IACA;IAFnB,YACmB,aAA4B,EAC5B,WAAmB;QADnB,kBAAa,GAAb,aAAa,CAAe;QAC5B,gBAAW,GAAX,WAAW,CAAQ;IACnC,CAAC;IAEG,KAAK;QACV,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,IAAI;QACT,OAAO,IAAI,CAAC,aAAa,CAAA;IAC3B,CAAC;IAEM,mBAAmB;QACxB,OAAO,IAAI,CAAC,aAAa,KAAK,KAAK,IAAI,IAAI,CAAC,WAAW,KAAK,GAAG,CAAA;IACjE,CAAC;IAEM,kBAAkB;QACvB,IAAI,IAAI,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;YACjC,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;IACxF,CAAC;IAEM,mBAAmB;QACxB,IAAI,IAAI,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;YACjC,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;IAC7C,CAAC;IAEM,cAAc;QACnB,IAAI,IAAI,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;YACjC,OAAO,KAAK,CAAA;QACd,CAAC;QACD,MAAM,OAAO,GAAQ,IAAI,CAAA;QACzB,OAAO,CACL,OAAO,CAAC,WAAW,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,CAC9F,CAAA;IACH,CAAC;IAEM,kBAAkB;QACvB,OAAO,IAAI,CAAC,aAAa,KAAK,SAAS,CAAA;IACzC,CAAC;IAEM,oBAAoB;QACzB,OAAO,IAAI,CAAC,aAAa,KAAK,WAAW,CAAA;IAC3C,CAAC;IAEM,wBAAwB;QAC7B,OAAO,IAAI,CAAC,aAAa,KAAK,eAAe,CAAA;IAC/C,CAAC;IAEM,QAAQ;QACb,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CACb,6FAA6F,CAC9F,CAAA;QACH,CAAC;QACD,OAAO,GAAG,CAAA;IACZ,CAAC;IAEM,SAAS;QACd,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CACb,6FAA6F,CAC9F,CAAA;QACH,CAAC;QACD,IAAI,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAC3C,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;QACvC,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,QAAQ;QACb,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CACb,8FAA8F,CAC/F,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,GAAG;QACR,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,+EAA+E,CAChF,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,OAAO;QACZ,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CACb,0FAA0F,CAC3F,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,SAAS;QACd,IAAI,IAAI,CAAC,aAAa,KAAK,WAAW,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CACb,gGAAgG,CACjG,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAEM,aAAa;QAClB,IAAI,IAAI,CAAC,aAAa,KAAK,eAAe,EAAE,CAAC;YAC3C,MAAM,IAAI,KAAK,CACb,6GAA6G,CAC9G,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;CACF;AAjID,sCAiIC"}
|
@@ -1,4 +1,3 @@
|
|
1
|
-
import { Annotated, Annotations } from '../annotations/annotations.js';
|
2
1
|
/**
|
3
2
|
* A resource string in an IAM policy
|
4
3
|
*/
|
@@ -16,8 +15,6 @@ export interface Resource {
|
|
16
15
|
*/
|
17
16
|
isArnResource(): this is ArnResource;
|
18
17
|
}
|
19
|
-
export interface AnnotatedResource extends Resource, Annotated {
|
20
|
-
}
|
21
18
|
export interface ArnResource extends Resource {
|
22
19
|
/**
|
23
20
|
* The partition of the ARN
|
@@ -40,12 +37,9 @@ export interface ArnResource extends Resource {
|
|
40
37
|
*/
|
41
38
|
resource(): string;
|
42
39
|
}
|
43
|
-
export declare class ResourceImpl implements Resource,
|
40
|
+
export declare class ResourceImpl implements Resource, ArnResource {
|
44
41
|
private readonly rawValue;
|
45
|
-
private readonly annotationStore;
|
46
42
|
constructor(rawValue: string);
|
47
|
-
addAnnotation(key: string, value: string): void;
|
48
|
-
getAnnotations(): Annotations;
|
49
43
|
partition(): string;
|
50
44
|
service(): string;
|
51
45
|
region(): string;
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"resource.d.ts","sourceRoot":"","sources":["../../../src/resources/resource.ts"],"names":[],"mappings":"
|
1
|
+
{"version":3,"file":"resource.d.ts","sourceRoot":"","sources":["../../../src/resources/resource.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB;;OAEG;IACH,KAAK,IAAI,MAAM,CAAA;IAEf;;OAEG;IACH,cAAc,IAAI,OAAO,CAAA;IAEzB;;OAEG;IACH,aAAa,IAAI,IAAI,IAAI,WAAW,CAAA;CACrC;AAED,MAAM,WAAW,WAAY,SAAQ,QAAQ;IAC3C;;OAEG;IACH,SAAS,IAAI,MAAM,CAAA;IAEnB;;OAEG;IACH,OAAO,IAAI,MAAM,CAAA;IAEjB;;OAEG;IACH,MAAM,IAAI,MAAM,CAAA;IAEhB;;OAEG;IACH,OAAO,IAAI,MAAM,CAAA;IAEjB;;OAEG;IACH,QAAQ,IAAI,MAAM,CAAA;CACnB;AAED,qBAAa,YAAa,YAAW,QAAQ,EAAE,WAAW;IAC5C,OAAO,CAAC,QAAQ,CAAC,QAAQ;gBAAR,QAAQ,EAAE,MAAM;IAE7C,SAAS,IAAI,MAAM;IASnB,OAAO,IAAI,MAAM;IASjB,MAAM,IAAI,MAAM;IAShB,OAAO,IAAI,MAAM;IASjB,QAAQ,IAAI,MAAM;IASlB,KAAK,IAAI,MAAM;IAIf,cAAc,IAAI,OAAO;IAIzB,aAAa,IAAI,IAAI,IAAI,WAAW;CAGrC"}
|
@@ -1,20 +1,12 @@
|
|
1
1
|
"use strict";
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
3
3
|
exports.ResourceImpl = void 0;
|
4
|
-
const annotations_js_1 = require("../annotations/annotations.js");
|
5
4
|
const utils_js_1 = require("../utils.js");
|
6
5
|
class ResourceImpl {
|
7
6
|
rawValue;
|
8
|
-
annotationStore = new annotations_js_1.AnnotationStore();
|
9
7
|
constructor(rawValue) {
|
10
8
|
this.rawValue = rawValue;
|
11
9
|
}
|
12
|
-
addAnnotation(key, value) {
|
13
|
-
this.annotationStore.addAnnotation(key, value);
|
14
|
-
}
|
15
|
-
getAnnotations() {
|
16
|
-
return this.annotationStore;
|
17
|
-
}
|
18
10
|
partition() {
|
19
11
|
if (!this.isArnResource()) {
|
20
12
|
throw new Error('Called partition on a resource without an ARN, use isArnResource before calling partition');
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"resource.js","sourceRoot":"","sources":["../../../src/resources/resource.ts"],"names":[],"mappings":";;;AAAA,
|
1
|
+
{"version":3,"file":"resource.js","sourceRoot":"","sources":["../../../src/resources/resource.ts"],"names":[],"mappings":";;;AAAA,0CAA4C;AAiD5C,MAAa,YAAY;IACM;IAA7B,YAA6B,QAAgB;QAAhB,aAAQ,GAAR,QAAQ,CAAQ;IAAG,CAAC;IAEjD,SAAS;QACP,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IACvC,CAAC;IAED,OAAO;QACL,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CACb,uFAAuF,CACxF,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IACvC,CAAC;IAED,MAAM;QACJ,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CACb,qFAAqF,CACtF,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IACvC,CAAC;IAED,OAAO;QACL,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CACb,uFAAuF,CACxF,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IACvC,CAAC;IAED,QAAQ;QACN,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACnD,CAAC;IAED,KAAK;QACH,OAAO,IAAI,CAAC,QAAQ,CAAA;IACtB,CAAC;IAED,cAAc;QACZ,OAAO,IAAA,yBAAc,EAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;IACtC,CAAC;IAED,aAAa;QACX,OAAO,CAAC,IAAI,CAAC,cAAc,EAAE,CAAA;IAC/B,CAAC;CACF;AA3DD,oCA2DC"}
|
@@ -1,8 +1,7 @@
|
|
1
|
-
import { Action
|
2
|
-
import {
|
3
|
-
import {
|
4
|
-
import {
|
5
|
-
import { AnnotatedResource, Resource } from '../resources/resource.js';
|
1
|
+
import { Action } from '../actions/action.js';
|
2
|
+
import { Condition } from '../conditions/condition.js';
|
3
|
+
import { Principal } from '../principals/principal.js';
|
4
|
+
import { Resource } from '../resources/resource.js';
|
6
5
|
/**
|
7
6
|
* Represents a statement in an IAM policy
|
8
7
|
*/
|
@@ -56,15 +55,6 @@ export interface Statement {
|
|
56
55
|
*/
|
57
56
|
isNotResourceStatement(): this is NotResourceStatement;
|
58
57
|
}
|
59
|
-
export interface AnnotatedStatement extends Annotated, Statement {
|
60
|
-
isActionStatement(): this is AnnotatedActionStatement;
|
61
|
-
isNotActionStatement(): this is AnnotatedNotActionStatement;
|
62
|
-
isPrincipalStatement(): this is AnnotatedPrincipalStatement;
|
63
|
-
isNotPrincipalStatement(): this is AnnotatedNotPrincipalStatement;
|
64
|
-
isResourceStatement(): this is AnnotatedResourceStatement;
|
65
|
-
isNotResourceStatement(): this is AnnotatedNotResourceStatement;
|
66
|
-
conditions(): AnnotatedCondition[];
|
67
|
-
}
|
68
58
|
/**
|
69
59
|
* Represents a statement in an IAM policy that has Action
|
70
60
|
*/
|
@@ -78,12 +68,6 @@ export interface ActionStatement extends Statement {
|
|
78
68
|
*/
|
79
69
|
actionIsArray(): boolean;
|
80
70
|
}
|
81
|
-
/**
|
82
|
-
* Represents a statement in an IAM policy that has Action and is annotated
|
83
|
-
*/
|
84
|
-
export interface AnnotatedActionStatement extends Annotated, ActionStatement {
|
85
|
-
actions(): AnnotatedAction[];
|
86
|
-
}
|
87
71
|
/**
|
88
72
|
* Represents a statement in an IAM policy that has NotAction
|
89
73
|
*/
|
@@ -97,12 +81,6 @@ export interface NotActionStatement extends Statement {
|
|
97
81
|
*/
|
98
82
|
notActionIsArray(): boolean;
|
99
83
|
}
|
100
|
-
/**
|
101
|
-
* Represents a statement in an IAM policy that has NotAction and is annotated
|
102
|
-
*/
|
103
|
-
export interface AnnotatedNotActionStatement extends Annotated, NotActionStatement {
|
104
|
-
notActions(): AnnotatedAction[];
|
105
|
-
}
|
106
84
|
/**
|
107
85
|
* Represents a statement in an IAM policy that has Resource
|
108
86
|
*/
|
@@ -120,9 +98,6 @@ export interface ResourceStatement extends Statement {
|
|
120
98
|
*/
|
121
99
|
resourceIsArray(): boolean;
|
122
100
|
}
|
123
|
-
export interface AnnotatedResourceStatement extends Annotated, ResourceStatement {
|
124
|
-
resources(): AnnotatedResource[];
|
125
|
-
}
|
126
101
|
/**
|
127
102
|
* Represents a statement in an IAM policy that has NotResource
|
128
103
|
*/
|
@@ -140,9 +115,6 @@ export interface NotResourceStatement extends Statement {
|
|
140
115
|
*/
|
141
116
|
notResourceIsArray(): boolean;
|
142
117
|
}
|
143
|
-
export interface AnnotatedNotResourceStatement extends Annotated, NotResourceStatement {
|
144
|
-
notResources(): AnnotatedResource[];
|
145
|
-
}
|
146
118
|
/**
|
147
119
|
* Represents a statement in an IAM policy that has Principal
|
148
120
|
*/
|
@@ -158,9 +130,10 @@ export interface PrincipalStatement extends Statement {
|
|
158
130
|
* @returns true if the principal type is an array of strings in the raw policy
|
159
131
|
*/
|
160
132
|
principalTypeIsArray(principalType: string): boolean;
|
161
|
-
|
162
|
-
|
163
|
-
|
133
|
+
/**
|
134
|
+
* Is the Principal element a single wildcard: `"*"`
|
135
|
+
*/
|
136
|
+
hasSingleWildcardPrincipal(): boolean;
|
164
137
|
}
|
165
138
|
/**
|
166
139
|
* Represents a statement in an IAM policy that has NotPrincipal
|
@@ -177,43 +150,31 @@ export interface NotPrincipalStatement extends Statement {
|
|
177
150
|
* @returns true if the NotPrincipal type is an array of strings in the raw policy
|
178
151
|
*/
|
179
152
|
notPrincipalTypeIsArray(notPrincipalType: string): boolean;
|
180
|
-
|
181
|
-
|
182
|
-
|
153
|
+
/**
|
154
|
+
* Is the NotPrincipal element a single wildcard: `"*"`
|
155
|
+
*/
|
156
|
+
hasSingleWildcardNotPrincipal(): boolean;
|
183
157
|
}
|
184
158
|
/**
|
185
159
|
* Implementation of the Statement interface and all its sub-interfaces
|
186
160
|
*/
|
187
|
-
export declare class StatementImpl implements Statement,
|
161
|
+
export declare class StatementImpl implements Statement, ActionStatement, NotActionStatement, ResourceStatement, NotResourceStatement, PrincipalStatement {
|
188
162
|
private readonly statementObject;
|
189
163
|
private readonly _index;
|
190
|
-
|
191
|
-
private readonly annotationStore;
|
192
|
-
private actionCache;
|
193
|
-
private notActionCache;
|
194
|
-
private principalCache;
|
195
|
-
private notPrincipalCache;
|
196
|
-
private resourceCache;
|
197
|
-
private notResourceCache;
|
198
|
-
private conditionCache;
|
199
|
-
constructor(statementObject: any, _index: number, stateful: boolean);
|
200
|
-
addAnnotation(key: string, value: string): void;
|
201
|
-
getAnnotations(): Annotations;
|
164
|
+
constructor(statementObject: any, _index: number);
|
202
165
|
index(): number;
|
203
166
|
sid(): string | undefined;
|
204
167
|
effect(): string;
|
205
168
|
isAllow(): boolean;
|
206
169
|
isDeny(): boolean;
|
207
170
|
isPrincipalStatement(): this is PrincipalStatement;
|
208
|
-
isPrincipalStatement(): this is AnnotatedPrincipalStatement;
|
209
171
|
isNotPrincipalStatement(): this is NotPrincipalStatement;
|
210
|
-
isNotPrincipalStatement(): this is AnnotatedNotPrincipalStatement;
|
211
172
|
principals(): Principal[];
|
212
|
-
principals(): AnnotatedPrincipal[];
|
213
173
|
principalTypeIsArray(principalType: string): boolean;
|
174
|
+
hasSingleWildcardPrincipal(): boolean;
|
214
175
|
notPrincipals(): Principal[];
|
215
|
-
notPrincipals(): AnnotatedPrincipal[];
|
216
176
|
notPrincipalTypeIsArray(notPrincipalType: string): boolean;
|
177
|
+
hasSingleWildcardNotPrincipal(): boolean;
|
217
178
|
/**
|
218
179
|
* Parse the principal object into PrincipalImpl objects.
|
219
180
|
*
|
@@ -223,30 +184,25 @@ export declare class StatementImpl implements Statement, AnnotatedStatement, Act
|
|
223
184
|
* @returns the backing principals for a Principal or NotPrincipal object
|
224
185
|
*/
|
225
186
|
private parsePrincipalObject;
|
226
|
-
isActionStatement(): this is
|
227
|
-
isNotActionStatement(): this is
|
187
|
+
isActionStatement(): this is ActionStatement;
|
188
|
+
isNotActionStatement(): this is NotActionStatement;
|
228
189
|
actions(): Action[];
|
229
|
-
actions(): AnnotatedAction[];
|
230
190
|
private createNewActions;
|
231
191
|
actionIsArray(): boolean;
|
232
192
|
notActions(): Action[];
|
233
|
-
notActions(): AnnotatedAction[];
|
234
193
|
private createNewNotActions;
|
235
194
|
notActionIsArray(): boolean;
|
236
|
-
isResourceStatement(): this is
|
237
|
-
isNotResourceStatement(): this is
|
195
|
+
isResourceStatement(): this is ResourceStatement;
|
196
|
+
isNotResourceStatement(): this is NotResourceStatement;
|
238
197
|
resources(): Resource[];
|
239
|
-
resources(): AnnotatedResource[];
|
240
198
|
private createNewResources;
|
241
199
|
hasSingleResourceWildcard(): boolean;
|
242
200
|
resourceIsArray(): boolean;
|
243
201
|
notResources(): Resource[];
|
244
|
-
notResources(): AnnotatedResource[];
|
245
202
|
private createNewNotResources;
|
246
203
|
notResourceIsArray(): boolean;
|
247
204
|
hasSingleNotResourceWildcard(): boolean;
|
248
205
|
conditions(): Condition[];
|
249
|
-
conditions(): AnnotatedCondition[];
|
250
206
|
private createNewConditions;
|
251
207
|
}
|
252
208
|
//# sourceMappingURL=statement.d.ts.map
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"statement.d.ts","sourceRoot":"","sources":["../../../src/statements/statement.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAc,
|
1
|
+
{"version":3,"file":"statement.d.ts","sourceRoot":"","sources":["../../../src/statements/statement.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAc,MAAM,sBAAsB,CAAA;AACzD,OAAO,EAAE,SAAS,EAAiB,MAAM,4BAA4B,CAAA;AACrE,OAAO,EAAE,SAAS,EAAgC,MAAM,4BAA4B,CAAA;AACpF,OAAO,EAAE,QAAQ,EAAgB,MAAM,0BAA0B,CAAA;AAOjE;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB;;OAEG;IACH,KAAK,IAAI,MAAM,CAAA;IAEf;;OAEG;IACH,GAAG,IAAI,MAAM,GAAG,SAAS,CAAA;IAEzB;;OAEG;IACH,MAAM,IAAI,MAAM,CAAA;IAEhB;;OAEG;IACH,OAAO,IAAI,OAAO,CAAA;IAElB;;OAEG;IACH,MAAM,IAAI,OAAO,CAAA;IAEjB;;OAEG;IACH,UAAU,IAAI,SAAS,EAAE,CAAA;IAEzB;;OAEG;IACH,oBAAoB,IAAI,IAAI,IAAI,kBAAkB,CAAA;IAElD;;OAEG;IACH,uBAAuB,IAAI,IAAI,IAAI,qBAAqB,CAAA;IAExD;;OAEG;IACH,iBAAiB,IAAI,IAAI,IAAI,eAAe,CAAA;IAE5C;;OAEG;IACH,oBAAoB,IAAI,IAAI,IAAI,kBAAkB,CAAA;IAElD;;OAEG;IACH,mBAAmB,IAAI,IAAI,IAAI,iBAAiB,CAAA;IAEhD;;OAEG;IACH,sBAAsB,IAAI,IAAI,IAAI,oBAAoB,CAAA;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,eAAgB,SAAQ,SAAS;IAChD;;OAEG;IACH,OAAO,IAAI,MAAM,EAAE,CAAA;IAEnB;;OAEG;IACH,aAAa,IAAI,OAAO,CAAA;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAmB,SAAQ,SAAS;IACnD;;OAEG;IACH,UAAU,IAAI,MAAM,EAAE,CAAA;IAEtB;;OAEG;IACH,gBAAgB,IAAI,OAAO,CAAA;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,iBAAkB,SAAQ,SAAS;IAClD;;OAEG;IACH,SAAS,IAAI,QAAQ,EAAE,CAAA;IAEvB;;OAEG;IACH,yBAAyB,IAAI,OAAO,CAAA;IAEpC;;OAEG;IACH,eAAe,IAAI,OAAO,CAAA;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,oBAAqB,SAAQ,SAAS;IACrD;;OAEG;IACH,YAAY,IAAI,QAAQ,EAAE,CAAA;IAE1B;;OAEG;IACH,4BAA4B,IAAI,OAAO,CAAA;IAEvC;;OAEG;IACH,kBAAkB,IAAI,OAAO,CAAA;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,kBAAmB,SAAQ,SAAS;IACnD;;OAEG;IACH,UAAU,IAAI,SAAS,EAAE,CAAA;IAEzB;;;;;OAKG;IACH,oBAAoB,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAA;IAEpD;;OAEG;IACH,0BAA0B,IAAI,OAAO,CAAA;CACtC;AAED;;GAEG;AACH,MAAM,WAAW,qBAAsB,SAAQ,SAAS;IACtD;;OAEG;IACH,aAAa,IAAI,SAAS,EAAE,CAAA;IAE5B;;;;;OAKG;IACH,uBAAuB,CAAC,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAA;IAE1D;;OAEG;IACH,6BAA6B,IAAI,OAAO,CAAA;CACzC;AAED;;GAEG;AACH,qBAAa,aACX,YACE,SAAS,EACT,eAAe,EACf,kBAAkB,EAClB,iBAAiB,EACjB,oBAAoB,EACpB,kBAAkB;IAGlB,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,MAAM;gBADN,eAAe,EAAE,GAAG,EACpB,MAAM,EAAE,MAAM;IAG1B,KAAK,IAAI,MAAM;IAIf,GAAG,IAAI,MAAM,GAAG,SAAS;IAIzB,MAAM,IAAI,MAAM;IAIhB,OAAO,IAAI,OAAO;IAIlB,MAAM,IAAI,OAAO;IAIjB,oBAAoB,IAAI,IAAI,IAAI,kBAAkB;IAIlD,uBAAuB,IAAI,IAAI,IAAI,qBAAqB;IAIxD,UAAU,IAAI,SAAS,EAAE;IASzB,oBAAoB,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO;IAYpD,0BAA0B,IAAI,OAAO;IASrC,aAAa,IAAI,SAAS,EAAE;IAS5B,uBAAuB,CAAC,gBAAgB,EAAE,MAAM,GAAG,OAAO;IAY1D,6BAA6B,IAAI,OAAO;IAS/C;;;;;;;OAOG;IACH,OAAO,CAAC,oBAAoB;IAgBrB,iBAAiB,IAAI,IAAI,IAAI,eAAe;IAI5C,oBAAoB,IAAI,IAAI,IAAI,kBAAkB;IAIlD,OAAO,IAAI,MAAM,EAAE;IAS1B,OAAO,CAAC,gBAAgB;IAIjB,aAAa,IAAI,OAAO;IAIxB,UAAU,IAAI,MAAM,EAAE;IAS7B,OAAO,CAAC,mBAAmB;IAIpB,gBAAgB,IAAI,OAAO;IAI3B,mBAAmB,IAAI,IAAI,IAAI,iBAAiB;IAIhD,sBAAsB,IAAI,IAAI,IAAI,oBAAoB;IAItD,SAAS,IAAI,QAAQ,EAAE;IAS9B,OAAO,CAAC,kBAAkB;IAInB,yBAAyB,IAAI,OAAO;IASpC,eAAe,IAAI,OAAO;IAI1B,YAAY,IAAI,QAAQ,EAAE;IASjC,OAAO,CAAC,qBAAqB;IAMtB,kBAAkB,IAAI,OAAO;IAI7B,4BAA4B,IAAI,OAAO;IASvC,UAAU,IAAI,SAAS,EAAE;IAIhC,OAAO,CAAC,mBAAmB;CAa5B"}
|
@@ -2,7 +2,6 @@
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
3
3
|
exports.StatementImpl = void 0;
|
4
4
|
const action_js_1 = require("../actions/action.js");
|
5
|
-
const annotations_js_1 = require("../annotations/annotations.js");
|
6
5
|
const condition_js_1 = require("../conditions/condition.js");
|
7
6
|
const principal_js_1 = require("../principals/principal.js");
|
8
7
|
const resource_js_1 = require("../resources/resource.js");
|
@@ -12,26 +11,9 @@ const resource_js_1 = require("../resources/resource.js");
|
|
12
11
|
class StatementImpl {
|
13
12
|
statementObject;
|
14
13
|
_index;
|
15
|
-
|
16
|
-
annotationStore;
|
17
|
-
actionCache;
|
18
|
-
notActionCache;
|
19
|
-
principalCache;
|
20
|
-
notPrincipalCache;
|
21
|
-
resourceCache;
|
22
|
-
notResourceCache;
|
23
|
-
conditionCache;
|
24
|
-
constructor(statementObject, _index, stateful) {
|
14
|
+
constructor(statementObject, _index) {
|
25
15
|
this.statementObject = statementObject;
|
26
16
|
this._index = _index;
|
27
|
-
this.stateful = stateful;
|
28
|
-
this.annotationStore = new annotations_js_1.AnnotationStore();
|
29
|
-
}
|
30
|
-
addAnnotation(key, value) {
|
31
|
-
this.annotationStore.addAnnotation(key, value);
|
32
|
-
}
|
33
|
-
getAnnotations() {
|
34
|
-
return this.annotationStore;
|
35
17
|
}
|
36
18
|
index() {
|
37
19
|
return this._index;
|
@@ -58,13 +40,7 @@ class StatementImpl {
|
|
58
40
|
if (!this.isPrincipalStatement()) {
|
59
41
|
throw new Error('Called principals on a statement without Principal, use isPrincipalStatement before calling principals');
|
60
42
|
}
|
61
|
-
|
62
|
-
return this.parsePrincipalObject(this.statementObject.Principal);
|
63
|
-
}
|
64
|
-
if (!this.principalCache) {
|
65
|
-
this.principalCache = this.parsePrincipalObject(this.statementObject.Principal);
|
66
|
-
}
|
67
|
-
return this.principalCache;
|
43
|
+
return this.parsePrincipalObject(this.statementObject.Principal);
|
68
44
|
}
|
69
45
|
principalTypeIsArray(principalType) {
|
70
46
|
if (!this.isPrincipalStatement()) {
|
@@ -73,17 +49,17 @@ class StatementImpl {
|
|
73
49
|
return (typeof this.statementObject.Principal === 'object' &&
|
74
50
|
Array.isArray(this.statementObject.Principal[principalType]));
|
75
51
|
}
|
52
|
+
hasSingleWildcardPrincipal() {
|
53
|
+
if (!this.isPrincipalStatement()) {
|
54
|
+
throw new Error('Called hasSingleWildcardPrincipal on a statement without Principal, use isPrincipalStatement before calling hasSingleWildcardPrincipal');
|
55
|
+
}
|
56
|
+
return this.statementObject.Principal === '*';
|
57
|
+
}
|
76
58
|
notPrincipals() {
|
77
59
|
if (!this.isNotPrincipalStatement()) {
|
78
60
|
throw new Error('Called notPrincipals on a statement without NotPrincipal, use isNotPrincipalStatement before calling notPrincipals');
|
79
61
|
}
|
80
|
-
|
81
|
-
return this.parsePrincipalObject(this.statementObject.NotPrincipal);
|
82
|
-
}
|
83
|
-
if (!this.notPrincipalCache) {
|
84
|
-
this.notPrincipalCache = this.parsePrincipalObject(this.statementObject.NotPrincipal);
|
85
|
-
}
|
86
|
-
return this.notPrincipalCache;
|
62
|
+
return this.parsePrincipalObject(this.statementObject.NotPrincipal);
|
87
63
|
}
|
88
64
|
notPrincipalTypeIsArray(notPrincipalType) {
|
89
65
|
if (!this.isNotPrincipalStatement()) {
|
@@ -92,6 +68,12 @@ class StatementImpl {
|
|
92
68
|
return (typeof this.statementObject.NotPrincipal === 'object' &&
|
93
69
|
Array.isArray(this.statementObject.NotPrincipal[notPrincipalType]));
|
94
70
|
}
|
71
|
+
hasSingleWildcardNotPrincipal() {
|
72
|
+
if (!this.isNotPrincipalStatement()) {
|
73
|
+
throw new Error('Called hasSingleWildcardNotPrincipal on a statement without NotPrincipal, use isNotPrincipalStatement before calling hasSingleWildcardNotPrincipal');
|
74
|
+
}
|
75
|
+
return this.statementObject.NotPrincipal === '*';
|
76
|
+
}
|
95
77
|
/**
|
96
78
|
* Parse the principal object into PrincipalImpl objects.
|
97
79
|
*
|
@@ -125,13 +107,7 @@ class StatementImpl {
|
|
125
107
|
if (!this.isActionStatement()) {
|
126
108
|
throw new Error('Called actions on a statement without Action, use isActionStatement before calling actions');
|
127
109
|
}
|
128
|
-
|
129
|
-
return this.createNewActions();
|
130
|
-
}
|
131
|
-
if (!this.actionCache) {
|
132
|
-
this.actionCache = this.createNewActions();
|
133
|
-
}
|
134
|
-
return this.actionCache;
|
110
|
+
return this.createNewActions();
|
135
111
|
}
|
136
112
|
createNewActions() {
|
137
113
|
return [this.statementObject.Action].flat().map((action) => new action_js_1.ActionImpl(action));
|
@@ -143,13 +119,7 @@ class StatementImpl {
|
|
143
119
|
if (!this.isNotActionStatement()) {
|
144
120
|
throw new Error('Called notActions on a statement without NotAction, use isNotActionStatement before calling notActions');
|
145
121
|
}
|
146
|
-
|
147
|
-
return this.createNewNotActions();
|
148
|
-
}
|
149
|
-
if (!this.notActionCache) {
|
150
|
-
this.notActionCache = this.createNewNotActions();
|
151
|
-
}
|
152
|
-
return this.notActionCache;
|
122
|
+
return this.createNewNotActions();
|
153
123
|
}
|
154
124
|
createNewNotActions() {
|
155
125
|
return [this.statementObject.NotAction].flat().map((action) => new action_js_1.ActionImpl(action));
|
@@ -167,13 +137,7 @@ class StatementImpl {
|
|
167
137
|
if (!this.isResourceStatement()) {
|
168
138
|
throw new Error('Called resources on a statement without Resource, use isResourceStatement before calling resources');
|
169
139
|
}
|
170
|
-
|
171
|
-
return this.createNewResources();
|
172
|
-
}
|
173
|
-
if (!this.resourceCache) {
|
174
|
-
this.resourceCache = this.createNewResources();
|
175
|
-
}
|
176
|
-
return this.resourceCache;
|
140
|
+
return this.createNewResources();
|
177
141
|
}
|
178
142
|
createNewResources() {
|
179
143
|
return [this.statementObject.Resource].flat().map((resource) => new resource_js_1.ResourceImpl(resource));
|
@@ -191,13 +155,7 @@ class StatementImpl {
|
|
191
155
|
if (!this.isNotResourceStatement()) {
|
192
156
|
throw new Error('Called notResources on a statement without NotResource, use isNotResourceStatement before calling notResources');
|
193
157
|
}
|
194
|
-
|
195
|
-
return this.createNewNotResources();
|
196
|
-
}
|
197
|
-
if (!this.notResourceCache) {
|
198
|
-
this.notResourceCache = this.createNewNotResources();
|
199
|
-
}
|
200
|
-
return this.notResourceCache;
|
158
|
+
return this.createNewNotResources();
|
201
159
|
}
|
202
160
|
createNewNotResources() {
|
203
161
|
return [this.statementObject.NotResource]
|
@@ -214,13 +172,7 @@ class StatementImpl {
|
|
214
172
|
return this.statementObject.NotResource === '*';
|
215
173
|
}
|
216
174
|
conditions() {
|
217
|
-
|
218
|
-
return this.createNewConditions();
|
219
|
-
}
|
220
|
-
if (!this.conditionCache) {
|
221
|
-
this.conditionCache = this.createNewConditions();
|
222
|
-
}
|
223
|
-
return this.conditionCache;
|
175
|
+
return this.createNewConditions();
|
224
176
|
}
|
225
177
|
createNewConditions() {
|
226
178
|
if (!this.statementObject.Condition) {
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"statement.js","sourceRoot":"","sources":["../../../src/statements/statement.ts"],"names":[],"mappings":";;;AAAA,
|
1
|
+
{"version":3,"file":"statement.js","sourceRoot":"","sources":["../../../src/statements/statement.ts"],"names":[],"mappings":";;;AAAA,oDAAyD;AACzD,6DAAqE;AACrE,6DAAoF;AACpF,0DAAiE;AA4LjE;;GAEG;AACH,MAAa,aAAa;IAUL;IACA;IAFnB,YACmB,eAAoB,EACpB,MAAc;QADd,oBAAe,GAAf,eAAe,CAAK;QACpB,WAAM,GAAN,MAAM,CAAQ;IAC9B,CAAC;IAEG,KAAK;QACV,OAAO,IAAI,CAAC,MAAM,CAAA;IACpB,CAAC;IAEM,GAAG;QACR,OAAO,IAAI,CAAC,eAAe,CAAC,GAAG,CAAA;IACjC,CAAC;IAEM,MAAM;QACX,OAAO,IAAI,CAAC,eAAe,CAAC,MAAM,CAAA;IACpC,CAAC;IAEM,OAAO;QACZ,OAAO,IAAI,CAAC,MAAM,EAAE,KAAK,OAAO,CAAA;IAClC,CAAC;IAEM,MAAM;QACX,OAAO,IAAI,CAAC,MAAM,EAAE,KAAK,MAAM,CAAA;IACjC,CAAC;IAEM,oBAAoB;QACzB,OAAO,IAAI,CAAC,eAAe,CAAC,SAAS,KAAK,SAAS,CAAA;IACrD,CAAC;IAEM,uBAAuB;QAC5B,OAAO,IAAI,CAAC,eAAe,CAAC,YAAY,KAAK,SAAS,CAAA;IACxD,CAAC;IAEM,UAAU;QACf,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,wGAAwG,CACzG,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,CAAA;IAClE,CAAC;IAEM,oBAAoB,CAAC,aAAqB;QAC/C,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,4HAA4H,CAC7H,CAAA;QACH,CAAC;QACD,OAAO,CACL,OAAO,IAAI,CAAC,eAAe,CAAC,SAAS,KAAK,QAAQ;YAClD,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAC7D,CAAA;IACH,CAAC;IAEM,0BAA0B;QAC/B,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,wIAAwI,CACzI,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,eAAe,CAAC,SAAS,KAAK,GAAG,CAAA;IAC/C,CAAC;IAEM,aAAa;QAClB,IAAI,CAAC,IAAI,CAAC,uBAAuB,EAAE,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CACb,oHAAoH,CACrH,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,eAAe,CAAC,YAAY,CAAC,CAAA;IACrE,CAAC;IAEM,uBAAuB,CAAC,gBAAwB;QACrD,IAAI,CAAC,IAAI,CAAC,uBAAuB,EAAE,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CACb,wIAAwI,CACzI,CAAA;QACH,CAAC;QACD,OAAO,CACL,OAAO,IAAI,CAAC,eAAe,CAAC,YAAY,KAAK,QAAQ;YACrD,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,YAAY,CAAC,gBAAgB,CAAC,CAAC,CACnE,CAAA;IACH,CAAC;IAEM,6BAA6B;QAClC,IAAI,CAAC,IAAI,CAAC,uBAAuB,EAAE,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CACb,oJAAoJ,CACrJ,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,eAAe,CAAC,YAAY,KAAK,GAAG,CAAA;IAClD,CAAC;IAED;;;;;;;OAOG;IACK,oBAAoB,CAAC,UAAe;QAC1C,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YACnC,OAAO,CAAC,IAAI,4BAAa,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC,CAAA;QAC/C,CAAC;QACD,OAAO,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;aAC9B,GAAG,CAAC,CAAC,CAAC,aAAa,EAAE,cAAc,CAAC,EAAE,EAAE;YACvC,IAAI,OAAO,cAAc,KAAK,QAAQ,EAAE,CAAC;gBACvC,OAAO,IAAI,4BAAa,CAAC,aAA8B,EAAE,cAAc,CAAC,CAAA;YAC1E,CAAC;YACD,OAAO,MAAM,CAAC,OAAO,CAAC,cAAqB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE;gBAChE,OAAO,IAAI,4BAAa,CAAC,aAA8B,EAAE,KAAe,CAAC,CAAA;YAC3E,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC;aACD,IAAI,EAAE,CAAA;IACX,CAAC;IAEM,iBAAiB;QACtB,OAAO,IAAI,CAAC,eAAe,CAAC,MAAM,KAAK,SAAS,CAAA;IAClD,CAAC;IAEM,oBAAoB;QACzB,OAAO,IAAI,CAAC,eAAe,CAAC,SAAS,KAAK,SAAS,CAAA;IACrD,CAAC;IAEM,OAAO;QACZ,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CACb,4FAA4F,CAC7F,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAA;IAChC,CAAC;IAEO,gBAAgB;QACtB,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,MAAW,EAAE,EAAE,CAAC,IAAI,sBAAU,CAAC,MAAM,CAAC,CAAC,CAAA;IAC1F,CAAC;IAEM,aAAa;QAClB,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAA;IACnD,CAAC;IAEM,UAAU;QACf,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,wGAAwG,CACzG,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,mBAAmB,EAAE,CAAA;IACnC,CAAC;IAEO,mBAAmB;QACzB,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,MAAW,EAAE,EAAE,CAAC,IAAI,sBAAU,CAAC,MAAM,CAAC,CAAC,CAAA;IAC7F,CAAC;IAEM,gBAAgB;QACrB,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,CAAA;IACtD,CAAC;IAEM,mBAAmB;QACxB,OAAO,IAAI,CAAC,eAAe,CAAC,QAAQ,KAAK,SAAS,CAAA;IACpD,CAAC;IAEM,sBAAsB;QAC3B,OAAO,IAAI,CAAC,eAAe,CAAC,WAAW,KAAK,SAAS,CAAA;IACvD,CAAC;IAEM,SAAS;QACd,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CACb,oGAAoG,CACrG,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,kBAAkB,EAAE,CAAA;IAClC,CAAC;IAEO,kBAAkB;QACxB,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,QAAa,EAAE,EAAE,CAAC,IAAI,0BAAY,CAAC,QAAQ,CAAC,CAAC,CAAA;IAClG,CAAC;IAEM,yBAAyB;QAC9B,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CACb,oIAAoI,CACrI,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,eAAe,CAAC,QAAQ,KAAK,GAAG,CAAA;IAC9C,CAAC;IAEM,eAAe;QACpB,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAA;IACrD,CAAC;IAEM,YAAY;QACjB,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,gHAAgH,CACjH,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,qBAAqB,EAAE,CAAA;IACrC,CAAC;IAEO,qBAAqB;QAC3B,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC;aACtC,IAAI,EAAE;aACN,GAAG,CAAC,CAAC,QAAa,EAAE,EAAE,CAAC,IAAI,0BAAY,CAAC,QAAQ,CAAC,CAAC,CAAA;IACvD,CAAC;IAEM,kBAAkB;QACvB,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAA;IACxD,CAAC;IAEM,4BAA4B;QACjC,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,gJAAgJ,CACjJ,CAAA;QACH,CAAC;QACD,OAAO,IAAI,CAAC,eAAe,CAAC,WAAW,KAAK,GAAG,CAAA;IACjD,CAAC;IAEM,UAAU;QACf,OAAO,IAAI,CAAC,mBAAmB,EAAE,CAAA;IACnC,CAAC;IAEO,mBAAmB;QACzB,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,CAAC;YACpC,OAAO,EAAE,CAAA;QACX,CAAC;QAED,OAAO,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC;aAClD,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,OAAO,CAAC,EAAE,EAAE;YACxB,OAAO,MAAM,CAAC,OAAO,CAAC,OAAc,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,EAAE,SAAS,CAAC,EAAE,EAAE;gBACjE,OAAO,IAAI,4BAAa,CAAC,KAAK,EAAE,OAAO,EAAE,SAA8B,CAAC,CAAA;YAC1E,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC;aACD,IAAI,EAAE,CAAA;IACX,CAAC;CACF;AAvPD,sCAuPC"}
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"testutil.d.ts","sourceRoot":"","sources":["../../../src/validate/testutil.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAA;AAE/C,wBAAgB,UAAU,CAAC,MAAM,EAAE,eAAe,EAAE,GAAG,eAAe,EAAE,CAcvE"}
|
@@ -0,0 +1,21 @@
|
|
1
|
+
"use strict";
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
3
|
+
exports.sortErrors = sortErrors;
|
4
|
+
function sortErrors(errors) {
|
5
|
+
return errors.sort((a, b) => {
|
6
|
+
if (a.path < b.path) {
|
7
|
+
return -1;
|
8
|
+
}
|
9
|
+
else if (a.path > b.path) {
|
10
|
+
return 1;
|
11
|
+
}
|
12
|
+
else if (a.message < b.message) {
|
13
|
+
return -1;
|
14
|
+
}
|
15
|
+
else if (a.message > b.message) {
|
16
|
+
return 1;
|
17
|
+
}
|
18
|
+
return 0;
|
19
|
+
});
|
20
|
+
}
|
21
|
+
//# sourceMappingURL=testutil.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"testutil.js","sourceRoot":"","sources":["../../../src/validate/testutil.ts"],"names":[],"mappings":";;AAEA,gCAcC;AAdD,SAAgB,UAAU,CAAC,MAAyB;IAClD,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC1B,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YACpB,OAAO,CAAC,CAAC,CAAA;QACX,CAAC;aAAM,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3B,OAAO,CAAC,CAAA;QACV,CAAC;aAAM,IAAI,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC;YACjC,OAAO,CAAC,CAAC,CAAA;QACX,CAAC;aAAM,IAAI,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC;YACjC,OAAO,CAAC,CAAA;QACV,CAAC;QAED,OAAO,CAAC,CAAA;IACV,CAAC,CAAC,CAAA;AACJ,CAAC"}
|
@@ -33,7 +33,7 @@ function validatePolicySyntax(policyDocument, validationCallbacks = {}) {
|
|
33
33
|
allErrors.push(...validateDataTypeIfExists(policyDocument.Id, 'Id', 'string'));
|
34
34
|
if (!policyDocument.Statement) {
|
35
35
|
allErrors.push({
|
36
|
-
path: '
|
36
|
+
path: '',
|
37
37
|
message: 'Statement is required'
|
38
38
|
});
|
39
39
|
}
|
@@ -88,7 +88,13 @@ function validateStatement(statement, path, validationCallbacks) {
|
|
88
88
|
const statementErrors = [];
|
89
89
|
statementErrors.push(...validateKeys(statement, allowedStatementKeys, path));
|
90
90
|
statementErrors.push(...validateDataTypeIfExists(statement.Sid, `${path}.Sid`, 'string'));
|
91
|
-
if (statement.Effect
|
91
|
+
if (!statement.Effect) {
|
92
|
+
statementErrors.push({
|
93
|
+
path: `${path}`,
|
94
|
+
message: `Effect must be present and exactly "Allow" or "Deny"`
|
95
|
+
});
|
96
|
+
}
|
97
|
+
else if (statement.Effect !== 'Allow' && statement.Effect !== 'Deny') {
|
92
98
|
statementErrors.push({
|
93
99
|
path: `${path}.Effect`,
|
94
100
|
message: `Effect must be present and exactly "Allow" or "Deny"`
|
@@ -237,14 +243,14 @@ function validateCondition(condition, path) {
|
|
237
243
|
//If not valid pattern
|
238
244
|
if (!validConditionOperatorPattern.test(operator)) {
|
239
245
|
conditionErrors.push({
|
240
|
-
path: `${path}
|
246
|
+
path: `${path}.#${operator}`,
|
241
247
|
message: `Condition operator is invalid`
|
242
248
|
});
|
243
249
|
}
|
244
250
|
const splitOperator = operator.split(':');
|
245
251
|
if (splitOperator.length > 2) {
|
246
252
|
conditionErrors.push({
|
247
|
-
path: `${path}
|
253
|
+
path: `${path}.#${operator}`,
|
248
254
|
message: `Condition operator is invalid`
|
249
255
|
});
|
250
256
|
}
|
@@ -252,7 +258,7 @@ function validateCondition(condition, path) {
|
|
252
258
|
const setOperator = splitOperator[0].toLowerCase();
|
253
259
|
if (!allowedSetOperators.has(setOperator)) {
|
254
260
|
conditionErrors.push({
|
255
|
-
path: `${path}
|
261
|
+
path: `${path}.#${operator}`,
|
256
262
|
message: `Condition set operator must be either ForAllValues or ForAnyValue`
|
257
263
|
});
|
258
264
|
}
|
@@ -275,20 +281,17 @@ function validateCondition(condition, path) {
|
|
275
281
|
}
|
276
282
|
function validateKeys(object, allowedKeys, path) {
|
277
283
|
const keyErrors = [];
|
278
|
-
if (path != '') {
|
279
|
-
path = `${path}.`;
|
280
|
-
}
|
281
284
|
for (const key of Object.keys(object)) {
|
282
285
|
if (!allowedKeys.has(key)) {
|
283
286
|
keyErrors.push({
|
284
287
|
message: `Invalid key ${key}`,
|
285
|
-
path: `${path}
|
288
|
+
path: `${path}.#${key}`
|
286
289
|
});
|
287
290
|
}
|
288
291
|
else if (object[key] === undefined || object[key] === null) {
|
289
292
|
keyErrors.push({
|
290
293
|
message: `If present, ${key} cannot be null or undefined`,
|
291
|
-
path: `${path}
|
294
|
+
path: `${path}.${key}`
|
292
295
|
});
|
293
296
|
}
|
294
297
|
}
|