@cloud-copilot/iam-policy 0.1.87 → 0.1.89
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/index.d.ts +2 -1
- package/dist/cjs/index.d.ts.map +1 -1
- package/dist/cjs/index.js +5 -1
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/lint/lint.d.ts +10 -0
- package/dist/cjs/lint/lint.d.ts.map +1 -1
- package/dist/cjs/lint/lint.js +51 -0
- package/dist/cjs/lint/lint.js.map +1 -1
- package/dist/cjs/parser.d.ts +6 -2
- package/dist/cjs/parser.d.ts.map +1 -1
- package/dist/cjs/parser.js +10 -2
- package/dist/cjs/parser.js.map +1 -1
- package/dist/cjs/validate/validateTypes.d.ts.map +1 -1
- package/dist/cjs/validate/validateTypes.js +0 -1
- package/dist/cjs/validate/validateTypes.js.map +1 -1
- package/dist/cjs/validatedPolicy.d.ts +40 -0
- package/dist/cjs/validatedPolicy.d.ts.map +1 -0
- package/dist/cjs/validatedPolicy.js +30 -0
- package/dist/cjs/validatedPolicy.js.map +1 -0
- package/dist/esm/index.d.ts +2 -1
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.js +2 -1
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/lint/lint.d.ts +10 -0
- package/dist/esm/lint/lint.d.ts.map +1 -1
- package/dist/esm/lint/lint.js +50 -0
- package/dist/esm/lint/lint.js.map +1 -1
- package/dist/esm/parser.d.ts +6 -2
- package/dist/esm/parser.d.ts.map +1 -1
- package/dist/esm/parser.js +10 -2
- package/dist/esm/parser.js.map +1 -1
- package/dist/esm/validate/validateTypes.d.ts.map +1 -1
- package/dist/esm/validate/validateTypes.js +0 -1
- package/dist/esm/validate/validateTypes.js.map +1 -1
- package/dist/esm/validatedPolicy.d.ts +40 -0
- package/dist/esm/validatedPolicy.d.ts.map +1 -0
- package/dist/esm/validatedPolicy.js +26 -0
- package/dist/esm/validatedPolicy.js.map +1 -0
- package/package.json +1 -1
package/dist/cjs/index.d.ts
CHANGED
|
@@ -6,7 +6,8 @@ export type { Policy } from './policies/policy.js';
|
|
|
6
6
|
export type { AccountPrincipal, AwsPrincipal, CanonicalUserPrincipal, FederatedPrincipal, Principal, PrincipalType, ServicePrincipal, WildcardPrincipal } from './principals/principal.js';
|
|
7
7
|
export type { Resource, ArnResource } from './resources/resource.js';
|
|
8
8
|
export type { ActionStatement, NotActionStatement, NotPrincipalStatement, NotResourceStatement, PrincipalStatement, ResourceStatement, Statement } from './statements/statement.js';
|
|
9
|
-
export { lintPolicy } from './lint/lint.js';
|
|
9
|
+
export { lintPolicy, lintResourcePolicy } from './lint/lint.js';
|
|
10
|
+
export { createValidatedPolicy, isValidatedPolicy, type ValidatedPolicy } from './validatedPolicy.js';
|
|
10
11
|
export { validatePolicySyntax, type ValidationError } from './validate/validate.js';
|
|
11
12
|
export { validateEndpointPolicy, validateIdentityPolicy, validateResourceControlPolicy, validateResourcePolicy, validateServiceControlPolicy, validateSessionPolicy, validateTrustPolicy } from './validate/validateTypes.js';
|
|
12
13
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/cjs/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAC5F,YAAY,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAC1D,YAAY,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAA;AACzF,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,YAAY,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAClD,YAAY,EACV,gBAAgB,EAChB,YAAY,EACZ,sBAAsB,EACtB,kBAAkB,EAClB,SAAS,EACT,aAAa,EACb,gBAAgB,EAChB,iBAAiB,EAClB,MAAM,2BAA2B,CAAA;AAClC,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACpE,YAAY,EACV,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,oBAAoB,EACpB,kBAAkB,EAClB,iBAAiB,EACjB,SAAS,EACV,MAAM,2BAA2B,CAAA;AAClC,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAC5F,YAAY,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAC1D,YAAY,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAA;AACzF,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,YAAY,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAClD,YAAY,EACV,gBAAgB,EAChB,YAAY,EACZ,sBAAsB,EACtB,kBAAkB,EAClB,SAAS,EACT,aAAa,EACb,gBAAgB,EAChB,iBAAiB,EAClB,MAAM,2BAA2B,CAAA;AAClC,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACpE,YAAY,EACV,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,oBAAoB,EACpB,kBAAkB,EAClB,iBAAiB,EACjB,SAAS,EACV,MAAM,2BAA2B,CAAA;AAClC,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAA;AAC/D,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,KAAK,eAAe,EACrB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,oBAAoB,EAAE,KAAK,eAAe,EAAE,MAAM,wBAAwB,CAAA;AACnF,OAAO,EACL,sBAAsB,EACtB,sBAAsB,EACtB,6BAA6B,EAC7B,sBAAsB,EACtB,4BAA4B,EAC5B,qBAAqB,EACrB,mBAAmB,EACpB,MAAM,6BAA6B,CAAA"}
|
package/dist/cjs/index.js
CHANGED
|
@@ -1,10 +1,14 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.validateTrustPolicy = exports.validateSessionPolicy = exports.validateServiceControlPolicy = exports.validateResourcePolicy = exports.validateResourceControlPolicy = exports.validateIdentityPolicy = exports.validateEndpointPolicy = exports.validatePolicySyntax = exports.lintPolicy = exports.loadPolicy = void 0;
|
|
3
|
+
exports.validateTrustPolicy = exports.validateSessionPolicy = exports.validateServiceControlPolicy = exports.validateResourcePolicy = exports.validateResourceControlPolicy = exports.validateIdentityPolicy = exports.validateEndpointPolicy = exports.validatePolicySyntax = exports.isValidatedPolicy = exports.createValidatedPolicy = exports.lintResourcePolicy = exports.lintPolicy = exports.loadPolicy = void 0;
|
|
4
4
|
var parser_js_1 = require("./parser.js");
|
|
5
5
|
Object.defineProperty(exports, "loadPolicy", { enumerable: true, get: function () { return parser_js_1.loadPolicy; } });
|
|
6
6
|
var lint_js_1 = require("./lint/lint.js");
|
|
7
7
|
Object.defineProperty(exports, "lintPolicy", { enumerable: true, get: function () { return lint_js_1.lintPolicy; } });
|
|
8
|
+
Object.defineProperty(exports, "lintResourcePolicy", { enumerable: true, get: function () { return lint_js_1.lintResourcePolicy; } });
|
|
9
|
+
var validatedPolicy_js_1 = require("./validatedPolicy.js");
|
|
10
|
+
Object.defineProperty(exports, "createValidatedPolicy", { enumerable: true, get: function () { return validatedPolicy_js_1.createValidatedPolicy; } });
|
|
11
|
+
Object.defineProperty(exports, "isValidatedPolicy", { enumerable: true, get: function () { return validatedPolicy_js_1.isValidatedPolicy; } });
|
|
8
12
|
var validate_js_1 = require("./validate/validate.js");
|
|
9
13
|
Object.defineProperty(exports, "validatePolicySyntax", { enumerable: true, get: function () { return validate_js_1.validatePolicySyntax; } });
|
|
10
14
|
var validateTypes_js_1 = require("./validate/validateTypes.js");
|
package/dist/cjs/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAGA,yCAAwC;AAA/B,uGAAA,UAAU,OAAA;AAsBnB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAGA,yCAAwC;AAA/B,uGAAA,UAAU,OAAA;AAsBnB,0CAA+D;AAAtD,qGAAA,UAAU,OAAA;AAAE,6GAAA,kBAAkB,OAAA;AACvC,2DAI6B;AAH3B,2HAAA,qBAAqB,OAAA;AACrB,uHAAA,iBAAiB,OAAA;AAGnB,sDAAmF;AAA1E,mHAAA,oBAAoB,OAAA;AAC7B,gEAQoC;AAPlC,0HAAA,sBAAsB,OAAA;AACtB,0HAAA,sBAAsB,OAAA;AACtB,iIAAA,6BAA6B,OAAA;AAC7B,0HAAA,sBAAsB,OAAA;AACtB,gIAAA,4BAA4B,OAAA;AAC5B,yHAAA,qBAAqB,OAAA;AACrB,uHAAA,mBAAmB,OAAA"}
|
package/dist/cjs/lint/lint.d.ts
CHANGED
|
@@ -9,6 +9,16 @@ import { type ValidationCallbacks, type ValidationError } from '../validate/vali
|
|
|
9
9
|
* @returns an array of validation errors including both syntax errors and lint warnings
|
|
10
10
|
*/
|
|
11
11
|
export declare function lintPolicy(policyDocument: any, validationCallbacks?: ValidationCallbacks): ValidationError[];
|
|
12
|
+
/**
|
|
13
|
+
* Lints a resource policy document. Runs the resource-policy syntax validation
|
|
14
|
+
* plus the generic lint rules and the resource-policy-specific check for
|
|
15
|
+
* statements missing both `Principal` and `NotPrincipal`. AWS accepts such
|
|
16
|
+
* statements syntactically, but they can never match a request.
|
|
17
|
+
*
|
|
18
|
+
* @param policyDocument - the raw resource policy document to lint
|
|
19
|
+
* @returns an array of validation errors including syntax errors and lint warnings
|
|
20
|
+
*/
|
|
21
|
+
export declare function lintResourcePolicy(policyDocument: any): ValidationError[];
|
|
12
22
|
/**
|
|
13
23
|
* Finds actions in a policy document that have the format "service:" — a
|
|
14
24
|
* service prefix followed by a colon but no action name. AWS allows this
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"lint.d.ts","sourceRoot":"","sources":["../../../src/lint/lint.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,KAAK,mBAAmB,EACxB,KAAK,eAAe,EACrB,MAAM,yBAAyB,CAAA;
|
|
1
|
+
{"version":3,"file":"lint.d.ts","sourceRoot":"","sources":["../../../src/lint/lint.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,KAAK,mBAAmB,EACxB,KAAK,eAAe,EACrB,MAAM,yBAAyB,CAAA;AAGhC;;;;;;;;GAQG;AACH,wBAAgB,UAAU,CACxB,cAAc,EAAE,GAAG,EACnB,mBAAmB,GAAE,mBAAwB,GAC5C,eAAe,EAAE,CAKnB;AAED;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAAC,cAAc,EAAE,GAAG,GAAG,eAAe,EAAE,CAMzE;AAgFD;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,cAAc,EAAE,GAAG,GAAG,eAAe,EAAE,CAoCvE;AAED;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAAC,cAAc,EAAE,GAAG,GAAG,eAAe,EAAE,CA8BxE"}
|
package/dist/cjs/lint/lint.js
CHANGED
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.lintPolicy = lintPolicy;
|
|
4
|
+
exports.lintResourcePolicy = lintResourcePolicy;
|
|
4
5
|
exports.findEmptyActions = findEmptyActions;
|
|
5
6
|
exports.findDuplicateSids = findDuplicateSids;
|
|
6
7
|
const validate_js_1 = require("../validate/validate.js");
|
|
8
|
+
const validateTypes_js_1 = require("../validate/validateTypes.js");
|
|
7
9
|
/**
|
|
8
10
|
* Lints an IAM policy document by running all syntax validation checks from
|
|
9
11
|
* {@link validatePolicySyntax} plus additional best-practice checks that AWS
|
|
@@ -19,6 +21,55 @@ function lintPolicy(policyDocument, validationCallbacks = {}) {
|
|
|
19
21
|
allErrors.push(...findEmptyActions(policyDocument));
|
|
20
22
|
return allErrors;
|
|
21
23
|
}
|
|
24
|
+
/**
|
|
25
|
+
* Lints a resource policy document. Runs the resource-policy syntax validation
|
|
26
|
+
* plus the generic lint rules and the resource-policy-specific check for
|
|
27
|
+
* statements missing both `Principal` and `NotPrincipal`. AWS accepts such
|
|
28
|
+
* statements syntactically, but they can never match a request.
|
|
29
|
+
*
|
|
30
|
+
* @param policyDocument - the raw resource policy document to lint
|
|
31
|
+
* @returns an array of validation errors including syntax errors and lint warnings
|
|
32
|
+
*/
|
|
33
|
+
function lintResourcePolicy(policyDocument) {
|
|
34
|
+
const errors = (0, validateTypes_js_1.validateResourcePolicy)(policyDocument);
|
|
35
|
+
errors.push(...findDuplicateSids(policyDocument));
|
|
36
|
+
errors.push(...findEmptyActions(policyDocument));
|
|
37
|
+
errors.push(...findStatementsWithoutPrincipal(policyDocument));
|
|
38
|
+
return errors;
|
|
39
|
+
}
|
|
40
|
+
/**
|
|
41
|
+
* Finds statements in a resource policy that have neither a `Principal` nor a
|
|
42
|
+
* `NotPrincipal` element. AWS accepts these syntactically but they can never
|
|
43
|
+
* match a request, which is almost always an authoring mistake.
|
|
44
|
+
*
|
|
45
|
+
* @param policyDocument - the raw resource policy document to check
|
|
46
|
+
* @returns an array of validation errors, one for each statement missing both Principal and NotPrincipal
|
|
47
|
+
*/
|
|
48
|
+
function findStatementsWithoutPrincipal(policyDocument) {
|
|
49
|
+
if (typeof policyDocument !== 'object' || policyDocument === null) {
|
|
50
|
+
return [];
|
|
51
|
+
}
|
|
52
|
+
const rawStatements = policyDocument.Statement;
|
|
53
|
+
if (rawStatements === undefined) {
|
|
54
|
+
return [];
|
|
55
|
+
}
|
|
56
|
+
const statements = Array.isArray(rawStatements) ? rawStatements : [rawStatements];
|
|
57
|
+
const isArray = Array.isArray(rawStatements);
|
|
58
|
+
const errors = [];
|
|
59
|
+
for (let i = 0; i < statements.length; i++) {
|
|
60
|
+
const statement = statements[i];
|
|
61
|
+
if (typeof statement !== 'object' || statement === null) {
|
|
62
|
+
continue;
|
|
63
|
+
}
|
|
64
|
+
if (statement.Principal === undefined && statement.NotPrincipal === undefined) {
|
|
65
|
+
errors.push({
|
|
66
|
+
path: isArray ? `Statement[${i}]` : 'Statement',
|
|
67
|
+
message: 'One of Principal or NotPrincipal is required in a resource policy'
|
|
68
|
+
});
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
return errors;
|
|
72
|
+
}
|
|
22
73
|
/**
|
|
23
74
|
* Checks a single action string for issues with the action part after the
|
|
24
75
|
* colon. Flags two cases:
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"lint.js","sourceRoot":"","sources":["../../../src/lint/lint.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"lint.js","sourceRoot":"","sources":["../../../src/lint/lint.ts"],"names":[],"mappings":";;AAgBA,gCAQC;AAWD,gDAMC;AAwFD,4CAoCC;AAWD,8CA8BC;AA9MD,yDAIgC;AAChC,mEAAqE;AAErE;;;;;;;;GAQG;AACH,SAAgB,UAAU,CACxB,cAAmB,EACnB,sBAA2C,EAAE;IAE7C,MAAM,SAAS,GAAG,IAAA,kCAAoB,EAAC,cAAc,EAAE,mBAAmB,CAAC,CAAA;IAC3E,SAAS,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,cAAc,CAAC,CAAC,CAAA;IACpD,SAAS,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC,CAAA;IACnD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,kBAAkB,CAAC,cAAmB;IACpD,MAAM,MAAM,GAAG,IAAA,yCAAsB,EAAC,cAAc,CAAC,CAAA;IACrD,MAAM,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,cAAc,CAAC,CAAC,CAAA;IACjD,MAAM,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC,CAAA;IAChD,MAAM,CAAC,IAAI,CAAC,GAAG,8BAA8B,CAAC,cAAc,CAAC,CAAC,CAAA;IAC9D,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,8BAA8B,CAAC,cAAmB;IACzD,IAAI,OAAO,cAAc,KAAK,QAAQ,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;QAClE,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,aAAa,GAAG,cAAc,CAAC,SAAS,CAAA;IAC9C,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QAChC,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAA;IACjF,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;IAE5C,MAAM,MAAM,GAAsB,EAAE,CAAA;IACpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;QAC/B,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;YACxD,SAAQ;QACV,CAAC;QACD,IAAI,SAAS,CAAC,SAAS,KAAK,SAAS,IAAI,SAAS,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;YAC9E,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW;gBAC/C,OAAO,EAAE,mEAAmE;aAC7E,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,SAAS,gBAAgB,CAAC,MAAc,EAAE,IAAY;IACpD,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,OAAO,EAAE,CAAA;IACX,CAAC;IACD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,EAAE,CAAA;IACX,CAAC;IACD,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,OAAO;YACL;gBACE,IAAI;gBACJ,OAAO,EAAE,iCAAiC;aAC3C;SACF,CAAA;IACH,CAAC;IACD,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QACjC,OAAO;YACL;gBACE,IAAI;gBACJ,OAAO,EAAE,4BAA4B;aACtC;SACF,CAAA;IACH,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,gBAAgB,CAAC,cAAmB;IAClD,IAAI,OAAO,cAAc,KAAK,QAAQ,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;QAClE,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,SAAS,CAAC;QACxD,CAAC,CAAC,cAAc,CAAC,SAAS;QAC1B,CAAC,CAAC,cAAc,CAAC,SAAS,KAAK,SAAS;YACtC,CAAC,CAAC,CAAC,cAAc,CAAC,SAAS,CAAC;YAC5B,CAAC,CAAC,EAAE,CAAA;IAER,MAAM,MAAM,GAAsB,EAAE,CAAA;IACpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;QAC/B,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;YACxD,SAAQ;QACV,CAAC;QACD,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,CAAA;QAE1F,KAAK,MAAM,KAAK,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,CAAC;YAC5C,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,CAAA;YAC9B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACxB,SAAQ;YACV,CAAC;YACD,MAAM,SAAS,GAAG,GAAG,QAAQ,IAAI,KAAK,EAAE,CAAA;YACxC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC9B,MAAM,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC,CAAA;YACpD,CAAC;iBAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACtC,MAAM,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,SAAS,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;gBAClE,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,iBAAiB,CAAC,cAAmB;IACnD,IAAI,OAAO,cAAc,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,EAAE,SAAS,CAAC,EAAE,CAAC;QACpF,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,iBAAiB,GAAG,cAAc,CAAC,SAAS,CAAC,MAAM,CACvD,CAAC,GAA6B,EAAE,SAAc,EAAE,KAAa,EAAE,EAAE;QAC/D,IAAI,SAAS,CAAC,GAAG,EAAE,CAAC;YAClB,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,CAAA;YACzB,CAAC;YACD,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,aAAa,KAAK,OAAO,CAAC,CAAA;QACpD,CAAC;QACD,OAAO,GAAG,CAAA;IACZ,CAAC,EACD,EAA8B,CAC/B,CAAA;IAED,MAAM,MAAM,GAAsB,EAAE,CAAA;IACpC,KAAK,MAAM,CAAC,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAW,iBAAiB,CAAC,EAAE,CAAC;QACpE,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI;oBACJ,OAAO,EAAE,oCAAoC;iBAC9C,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC"}
|
package/dist/cjs/parser.d.ts
CHANGED
|
@@ -1,8 +1,12 @@
|
|
|
1
1
|
import { type Policy } from './policies/policy.js';
|
|
2
2
|
/**
|
|
3
|
-
* Load a Policy from a policy document
|
|
3
|
+
* Load a Policy from a policy document. If a {@link ValidatedPolicy} is passed,
|
|
4
|
+
* the raw document and metadata are extracted from it automatically. When both
|
|
5
|
+
* the ValidatedPolicy carries metadata and the caller supplies explicit metadata,
|
|
6
|
+
* the explicit metadata takes precedence.
|
|
4
7
|
*
|
|
5
|
-
* @param policyDocument the policy document JSON object
|
|
8
|
+
* @param policyDocument the policy document JSON object, or a ValidatedPolicy
|
|
9
|
+
* @param metadata optional metadata to attach to the loaded Policy
|
|
6
10
|
* @returns the Policy object for the backing policy document
|
|
7
11
|
*/
|
|
8
12
|
export declare function loadPolicy<T = undefined>(policyDocument: any, metadata?: T): Policy<T>;
|
package/dist/cjs/parser.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../../src/parser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,MAAM,EAAc,MAAM,sBAAsB,CAAA;
|
|
1
|
+
{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../../src/parser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,MAAM,EAAc,MAAM,sBAAsB,CAAA;AAG9D;;;;;;;;;GASG;AACH,wBAAgB,UAAU,CAAC,CAAC,GAAG,SAAS,EAAE,cAAc,EAAE,GAAG,EAAE,QAAQ,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAKtF"}
|
package/dist/cjs/parser.js
CHANGED
|
@@ -2,13 +2,21 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.loadPolicy = loadPolicy;
|
|
4
4
|
const policy_js_1 = require("./policies/policy.js");
|
|
5
|
+
const validatedPolicy_js_1 = require("./validatedPolicy.js");
|
|
5
6
|
/**
|
|
6
|
-
* Load a Policy from a policy document
|
|
7
|
+
* Load a Policy from a policy document. If a {@link ValidatedPolicy} is passed,
|
|
8
|
+
* the raw document and metadata are extracted from it automatically. When both
|
|
9
|
+
* the ValidatedPolicy carries metadata and the caller supplies explicit metadata,
|
|
10
|
+
* the explicit metadata takes precedence.
|
|
7
11
|
*
|
|
8
|
-
* @param policyDocument the policy document JSON object
|
|
12
|
+
* @param policyDocument the policy document JSON object, or a ValidatedPolicy
|
|
13
|
+
* @param metadata optional metadata to attach to the loaded Policy
|
|
9
14
|
* @returns the Policy object for the backing policy document
|
|
10
15
|
*/
|
|
11
16
|
function loadPolicy(policyDocument, metadata) {
|
|
17
|
+
if ((0, validatedPolicy_js_1.isValidatedPolicy)(policyDocument)) {
|
|
18
|
+
return new policy_js_1.PolicyImpl(policyDocument.policyDocument, metadata ?? policyDocument.metadata);
|
|
19
|
+
}
|
|
12
20
|
return new policy_js_1.PolicyImpl(policyDocument, metadata);
|
|
13
21
|
}
|
|
14
22
|
//# sourceMappingURL=parser.js.map
|
package/dist/cjs/parser.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parser.js","sourceRoot":"","sources":["../../src/parser.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"parser.js","sourceRoot":"","sources":["../../src/parser.ts"],"names":[],"mappings":";;AAaA,gCAKC;AAlBD,oDAA8D;AAC9D,6DAAwD;AAExD;;;;;;;;;GASG;AACH,SAAgB,UAAU,CAAgB,cAAmB,EAAE,QAAY;IACzE,IAAI,IAAA,sCAAiB,EAAC,cAAc,CAAC,EAAE,CAAC;QACtC,OAAO,IAAI,sBAAU,CAAC,cAAc,CAAC,cAAc,EAAE,QAAQ,IAAI,cAAc,CAAC,QAAQ,CAAC,CAAA;IAC3F,CAAC;IACD,OAAO,IAAI,sBAAU,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAA;AACjD,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validateTypes.d.ts","sourceRoot":"","sources":["../../../src/validate/validateTypes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAwB,KAAK,eAAe,EAAE,MAAM,eAAe,CAAA;AAE1E;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAarE;AAED;;;;;GAKG;AACH,wBAAgB,4BAA4B,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAe3E;AAED;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,
|
|
1
|
+
{"version":3,"file":"validateTypes.d.ts","sourceRoot":"","sources":["../../../src/validate/validateTypes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAwB,KAAK,eAAe,EAAE,MAAM,eAAe,CAAA;AAE1E;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAarE;AAED;;;;;GAKG;AACH,wBAAgB,4BAA4B,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAe3E;AAED;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CASrE;AAED;;;;;GAKG;AACH,wBAAgB,6BAA6B,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAoD5E;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAelE;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAkBrE;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAapE"}
|
|
@@ -58,7 +58,6 @@ function validateResourcePolicy(policy) {
|
|
|
58
58
|
const policyType = 'a resource policy';
|
|
59
59
|
const errors = [];
|
|
60
60
|
errors.push(...validateAtLeastOneOf(statement, ['Action', 'NotAction'], path, policyType));
|
|
61
|
-
errors.push(...validateAtLeastOneOf(statement, ['Principal', 'NotPrincipal'], path, policyType));
|
|
62
61
|
return errors;
|
|
63
62
|
}
|
|
64
63
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validateTypes.js","sourceRoot":"","sources":["../../../src/validate/validateTypes.ts"],"names":[],"mappings":";;AAQA,wDAaC;AAQD,oEAeC;AAUD,
|
|
1
|
+
{"version":3,"file":"validateTypes.js","sourceRoot":"","sources":["../../../src/validate/validateTypes.ts"],"names":[],"mappings":";;AAQA,wDAaC;AAQD,oEAeC;AAUD,wDASC;AAQD,sEAoDC;AAQD,kDAeC;AAQD,wDAkBC;AAQD,sDAaC;AAjMD,+CAA0E;AAE1E;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,MAAW;IAChD,OAAO,IAAA,kCAAoB,EAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,8BAA8B,CAAA;YACjD,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACxF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,4BAA4B,CAAC,MAAW;IACtD,MAAM,UAAU,GAAG,0BAA0B,CAAA;IAE7C,OAAO,IAAA,kCAAoB,EAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACxF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAE9F,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,sBAAsB,CAAC,MAAW;IAChD,OAAO,IAAA,kCAAoB,EAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,mBAAmB,CAAA;YACtC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,6BAA6B,CAAC,MAAW;IACvD,MAAM,UAAU,GAAG,2BAA2B,CAAA;IAE9C,OAAO,IAAA,kCAAoB,EAAC,MAAM,EAAE;QAClC,eAAe,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE;YACjC,IAAI,OAAO,KAAK,YAAY,EAAE,CAAC;gBAC7B,OAAO;oBACL;wBACE,IAAI,EAAE,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;wBAC9C,OAAO,EAAE,mCAAmC,UAAU,EAAE;qBACzD;iBACF,CAAA;YACH,CAAC;YACD,OAAO,EAAE,CAAA;QACX,CAAC;QACD,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,MAAM,GAAsB,EAAE,CAAA;YAEpC,IAAI,SAAS,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAChC,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,GAAG,IAAI,SAAS;oBACtB,OAAO,EAAE,4BAA4B,UAAU,EAAE;iBAClD,CAAC,CAAA;YACJ,CAAC;YAED,IAAI,SAAS,CAAC,SAAS,KAAK,GAAG,EAAE,CAAC;gBAChC,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,SAAS,CAAC,SAAS,IAAI,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,YAAY;oBACnE,OAAO,EAAE,4BAA4B,UAAU,EAAE;iBAClD,CAAC,CAAA;YACJ,CAAC;YAED,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,cAAc,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACxF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC7E,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,OAAO,MAAM,CAAA;QACf,CAAC;QAED,cAAc,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE;YAC/B,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;gBACnB,OAAO;oBACL;wBACE,IAAI;wBACJ,OAAO,EAAE,2BAA2B,UAAU,EAAE;qBACjD;iBACF,CAAA;YACH,CAAC;YACD,OAAO,EAAE,CAAA;QACX,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,mBAAmB,CAAC,MAAW;IAC7C,OAAO,IAAA,kCAAoB,EAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,gBAAgB,CAAA;YACnC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACtF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CACT,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACpF,CAAA;YACD,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,MAAW;IAChD,OAAO,IAAA,kCAAoB,EAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,oBAAoB,CAAA;YACvC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YACvF,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAChF,IAAI,SAAS,CAAC,SAAS,IAAI,SAAS,CAAC,SAAS,KAAK,GAAG,EAAE,CAAC;gBACvD,MAAM,CAAC,IAAI,CAAC;oBACV,OAAO,EAAE,4BAA4B,UAAU,EAAE;oBACjD,IAAI,EAAE,GAAG,IAAI,YAAY;iBAC1B,CAAC,CAAA;YACJ,CAAC;YACD,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,qBAAqB,CAAC,MAAW;IAC/C,OAAO,IAAA,kCAAoB,EAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,kBAAkB,CAAA;YACrC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACxF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,oBAAoB,CAC3B,SAAc,EACd,cAAwB,EACxB,IAAY,EACZ,UAAkB;IAElB,MAAM,aAAa,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAA;IACxE,IAAI,OAAO,GAAG,UAAU,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,mBAAmB,UAAU,EAAE,CAAA;IAClF,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,OAAO,GAAG,GAAG,cAAc,CAAC,CAAC,CAAC,mBAAmB,UAAU,EAAE,CAAA;IAC/D,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO;YACL;gBACE,IAAI;gBACJ,OAAO;aACR;SACF,CAAA;IACH,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,wBAAwB,CAC/B,SAAc,EACd,gBAA0B,EAC1B,IAAY,EACZ,UAAkB;IAElB,MAAM,MAAM,GAAsB,EAAE,CAAA;IACpC,KAAK,MAAM,KAAK,IAAI,gBAAgB,EAAE,CAAC;QACrC,IAAI,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;YACrB,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,GAAG,IAAI,KAAK,KAAK,EAAE;gBACzB,OAAO,EAAE,GAAG,KAAK,sBAAsB,UAAU,EAAE;aACpD,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
import type { ValidationError } from './validate/validate.js';
|
|
2
|
+
/**
|
|
3
|
+
* A policy document that has been validated. Carries the raw policy document,
|
|
4
|
+
* optional metadata, and the validation result so that downstream consumers
|
|
5
|
+
* can skip re-validation.
|
|
6
|
+
*
|
|
7
|
+
* Every field is a plain value — no class instances — so the entire object
|
|
8
|
+
* survives JSON serialization (e.g. through SharedArrayBuffer) unchanged.
|
|
9
|
+
*/
|
|
10
|
+
export interface ValidatedPolicy<T = undefined> {
|
|
11
|
+
/** Discriminant for runtime detection via {@link isValidatedPolicy}. */
|
|
12
|
+
readonly __validated: true;
|
|
13
|
+
/** The raw policy JSON document. */
|
|
14
|
+
readonly policyDocument: any;
|
|
15
|
+
/** Optional metadata carried through to {@link loadPolicy} (e.g. `{ name: string }` for error reporting). */
|
|
16
|
+
readonly metadata?: T;
|
|
17
|
+
/** Validation errors. An empty array means the policy is valid. */
|
|
18
|
+
readonly errors: readonly ValidationError[];
|
|
19
|
+
}
|
|
20
|
+
/**
|
|
21
|
+
* Validates a policy document using the provided validation function and
|
|
22
|
+
* bundles the result with the raw document and optional metadata.
|
|
23
|
+
*
|
|
24
|
+
* The caller chooses the validation function, so this factory is agnostic
|
|
25
|
+
* to the policy type (identity, SCP, RCP, resource, trust, endpoint, etc.).
|
|
26
|
+
*
|
|
27
|
+
* @param policyDocument the raw policy JSON document
|
|
28
|
+
* @param validateFn a validation function that returns an array of errors (empty if valid)
|
|
29
|
+
* @param metadata optional metadata to carry with the validated policy
|
|
30
|
+
* @returns a ValidatedPolicy containing the raw document, metadata, and validation errors
|
|
31
|
+
*/
|
|
32
|
+
export declare function createValidatedPolicy<T = undefined>(policyDocument: any, validateFn: (policy: any) => ValidationError[], metadata?: T): ValidatedPolicy<T>;
|
|
33
|
+
/**
|
|
34
|
+
* Type guard that checks whether a value is a {@link ValidatedPolicy}.
|
|
35
|
+
*
|
|
36
|
+
* @param value the value to check
|
|
37
|
+
* @returns true if the value is a ValidatedPolicy
|
|
38
|
+
*/
|
|
39
|
+
export declare function isValidatedPolicy(value: any): value is ValidatedPolicy;
|
|
40
|
+
//# sourceMappingURL=validatedPolicy.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"validatedPolicy.d.ts","sourceRoot":"","sources":["../../src/validatedPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AAE7D;;;;;;;GAOG;AACH,MAAM,WAAW,eAAe,CAAC,CAAC,GAAG,SAAS;IAC5C,wEAAwE;IACxE,QAAQ,CAAC,WAAW,EAAE,IAAI,CAAA;IAE1B,oCAAoC;IACpC,QAAQ,CAAC,cAAc,EAAE,GAAG,CAAA;IAE5B,6GAA6G;IAC7G,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;IAErB,mEAAmE;IACnE,QAAQ,CAAC,MAAM,EAAE,SAAS,eAAe,EAAE,CAAA;CAC5C;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,qBAAqB,CAAC,CAAC,GAAG,SAAS,EACjD,cAAc,EAAE,GAAG,EACnB,UAAU,EAAE,CAAC,MAAM,EAAE,GAAG,KAAK,eAAe,EAAE,EAC9C,QAAQ,CAAC,EAAE,CAAC,GACX,eAAe,CAAC,CAAC,CAAC,CAGpB;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,GAAG,GAAG,KAAK,IAAI,eAAe,CAEtE"}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.createValidatedPolicy = createValidatedPolicy;
|
|
4
|
+
exports.isValidatedPolicy = isValidatedPolicy;
|
|
5
|
+
/**
|
|
6
|
+
* Validates a policy document using the provided validation function and
|
|
7
|
+
* bundles the result with the raw document and optional metadata.
|
|
8
|
+
*
|
|
9
|
+
* The caller chooses the validation function, so this factory is agnostic
|
|
10
|
+
* to the policy type (identity, SCP, RCP, resource, trust, endpoint, etc.).
|
|
11
|
+
*
|
|
12
|
+
* @param policyDocument the raw policy JSON document
|
|
13
|
+
* @param validateFn a validation function that returns an array of errors (empty if valid)
|
|
14
|
+
* @param metadata optional metadata to carry with the validated policy
|
|
15
|
+
* @returns a ValidatedPolicy containing the raw document, metadata, and validation errors
|
|
16
|
+
*/
|
|
17
|
+
function createValidatedPolicy(policyDocument, validateFn, metadata) {
|
|
18
|
+
const errors = validateFn(policyDocument);
|
|
19
|
+
return { __validated: true, policyDocument, metadata, errors };
|
|
20
|
+
}
|
|
21
|
+
/**
|
|
22
|
+
* Type guard that checks whether a value is a {@link ValidatedPolicy}.
|
|
23
|
+
*
|
|
24
|
+
* @param value the value to check
|
|
25
|
+
* @returns true if the value is a ValidatedPolicy
|
|
26
|
+
*/
|
|
27
|
+
function isValidatedPolicy(value) {
|
|
28
|
+
return !!value && value.__validated === true;
|
|
29
|
+
}
|
|
30
|
+
//# sourceMappingURL=validatedPolicy.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"validatedPolicy.js","sourceRoot":"","sources":["../../src/validatedPolicy.ts"],"names":[],"mappings":";;AAoCA,sDAOC;AAQD,8CAEC;AA7BD;;;;;;;;;;;GAWG;AACH,SAAgB,qBAAqB,CACnC,cAAmB,EACnB,UAA8C,EAC9C,QAAY;IAEZ,MAAM,MAAM,GAAG,UAAU,CAAC,cAAc,CAAC,CAAA;IACzC,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAA;AAChE,CAAC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAAC,KAAU;IAC1C,OAAO,CAAC,CAAC,KAAK,IAAI,KAAK,CAAC,WAAW,KAAK,IAAI,CAAA;AAC9C,CAAC"}
|
package/dist/esm/index.d.ts
CHANGED
|
@@ -6,7 +6,8 @@ export type { Policy } from './policies/policy.js';
|
|
|
6
6
|
export type { AccountPrincipal, AwsPrincipal, CanonicalUserPrincipal, FederatedPrincipal, Principal, PrincipalType, ServicePrincipal, WildcardPrincipal } from './principals/principal.js';
|
|
7
7
|
export type { Resource, ArnResource } from './resources/resource.js';
|
|
8
8
|
export type { ActionStatement, NotActionStatement, NotPrincipalStatement, NotResourceStatement, PrincipalStatement, ResourceStatement, Statement } from './statements/statement.js';
|
|
9
|
-
export { lintPolicy } from './lint/lint.js';
|
|
9
|
+
export { lintPolicy, lintResourcePolicy } from './lint/lint.js';
|
|
10
|
+
export { createValidatedPolicy, isValidatedPolicy, type ValidatedPolicy } from './validatedPolicy.js';
|
|
10
11
|
export { validatePolicySyntax, type ValidationError } from './validate/validate.js';
|
|
11
12
|
export { validateEndpointPolicy, validateIdentityPolicy, validateResourceControlPolicy, validateResourcePolicy, validateServiceControlPolicy, validateSessionPolicy, validateTrustPolicy } from './validate/validateTypes.js';
|
|
12
13
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/esm/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAC5F,YAAY,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAC1D,YAAY,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAA;AACzF,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,YAAY,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAClD,YAAY,EACV,gBAAgB,EAChB,YAAY,EACZ,sBAAsB,EACtB,kBAAkB,EAClB,SAAS,EACT,aAAa,EACb,gBAAgB,EAChB,iBAAiB,EAClB,MAAM,2BAA2B,CAAA;AAClC,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACpE,YAAY,EACV,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,oBAAoB,EACpB,kBAAkB,EAClB,iBAAiB,EACjB,SAAS,EACV,MAAM,2BAA2B,CAAA;AAClC,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAC5F,YAAY,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAC1D,YAAY,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAA;AACzF,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,YAAY,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAClD,YAAY,EACV,gBAAgB,EAChB,YAAY,EACZ,sBAAsB,EACtB,kBAAkB,EAClB,SAAS,EACT,aAAa,EACb,gBAAgB,EAChB,iBAAiB,EAClB,MAAM,2BAA2B,CAAA;AAClC,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACpE,YAAY,EACV,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,oBAAoB,EACpB,kBAAkB,EAClB,iBAAiB,EACjB,SAAS,EACV,MAAM,2BAA2B,CAAA;AAClC,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAA;AAC/D,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,KAAK,eAAe,EACrB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,oBAAoB,EAAE,KAAK,eAAe,EAAE,MAAM,wBAAwB,CAAA;AACnF,OAAO,EACL,sBAAsB,EACtB,sBAAsB,EACtB,6BAA6B,EAC7B,sBAAsB,EACtB,4BAA4B,EAC5B,qBAAqB,EACrB,mBAAmB,EACpB,MAAM,6BAA6B,CAAA"}
|
package/dist/esm/index.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
export { loadPolicy } from './parser.js';
|
|
2
|
-
export { lintPolicy } from './lint/lint.js';
|
|
2
|
+
export { lintPolicy, lintResourcePolicy } from './lint/lint.js';
|
|
3
|
+
export { createValidatedPolicy, isValidatedPolicy } from './validatedPolicy.js';
|
|
3
4
|
export { validatePolicySyntax } from './validate/validate.js';
|
|
4
5
|
export { validateEndpointPolicy, validateIdentityPolicy, validateResourceControlPolicy, validateResourcePolicy, validateServiceControlPolicy, validateSessionPolicy, validateTrustPolicy } from './validate/validateTypes.js';
|
|
5
6
|
//# sourceMappingURL=index.js.map
|
package/dist/esm/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAsBxC,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAsBxC,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAA;AAC/D,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EAElB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,oBAAoB,EAAwB,MAAM,wBAAwB,CAAA;AACnF,OAAO,EACL,sBAAsB,EACtB,sBAAsB,EACtB,6BAA6B,EAC7B,sBAAsB,EACtB,4BAA4B,EAC5B,qBAAqB,EACrB,mBAAmB,EACpB,MAAM,6BAA6B,CAAA"}
|
package/dist/esm/lint/lint.d.ts
CHANGED
|
@@ -9,6 +9,16 @@ import { type ValidationCallbacks, type ValidationError } from '../validate/vali
|
|
|
9
9
|
* @returns an array of validation errors including both syntax errors and lint warnings
|
|
10
10
|
*/
|
|
11
11
|
export declare function lintPolicy(policyDocument: any, validationCallbacks?: ValidationCallbacks): ValidationError[];
|
|
12
|
+
/**
|
|
13
|
+
* Lints a resource policy document. Runs the resource-policy syntax validation
|
|
14
|
+
* plus the generic lint rules and the resource-policy-specific check for
|
|
15
|
+
* statements missing both `Principal` and `NotPrincipal`. AWS accepts such
|
|
16
|
+
* statements syntactically, but they can never match a request.
|
|
17
|
+
*
|
|
18
|
+
* @param policyDocument - the raw resource policy document to lint
|
|
19
|
+
* @returns an array of validation errors including syntax errors and lint warnings
|
|
20
|
+
*/
|
|
21
|
+
export declare function lintResourcePolicy(policyDocument: any): ValidationError[];
|
|
12
22
|
/**
|
|
13
23
|
* Finds actions in a policy document that have the format "service:" — a
|
|
14
24
|
* service prefix followed by a colon but no action name. AWS allows this
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"lint.d.ts","sourceRoot":"","sources":["../../../src/lint/lint.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,KAAK,mBAAmB,EACxB,KAAK,eAAe,EACrB,MAAM,yBAAyB,CAAA;
|
|
1
|
+
{"version":3,"file":"lint.d.ts","sourceRoot":"","sources":["../../../src/lint/lint.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,KAAK,mBAAmB,EACxB,KAAK,eAAe,EACrB,MAAM,yBAAyB,CAAA;AAGhC;;;;;;;;GAQG;AACH,wBAAgB,UAAU,CACxB,cAAc,EAAE,GAAG,EACnB,mBAAmB,GAAE,mBAAwB,GAC5C,eAAe,EAAE,CAKnB;AAED;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAAC,cAAc,EAAE,GAAG,GAAG,eAAe,EAAE,CAMzE;AAgFD;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,cAAc,EAAE,GAAG,GAAG,eAAe,EAAE,CAoCvE;AAED;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAAC,cAAc,EAAE,GAAG,GAAG,eAAe,EAAE,CA8BxE"}
|
package/dist/esm/lint/lint.js
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { validatePolicySyntax } from '../validate/validate.js';
|
|
2
|
+
import { validateResourcePolicy } from '../validate/validateTypes.js';
|
|
2
3
|
/**
|
|
3
4
|
* Lints an IAM policy document by running all syntax validation checks from
|
|
4
5
|
* {@link validatePolicySyntax} plus additional best-practice checks that AWS
|
|
@@ -14,6 +15,55 @@ export function lintPolicy(policyDocument, validationCallbacks = {}) {
|
|
|
14
15
|
allErrors.push(...findEmptyActions(policyDocument));
|
|
15
16
|
return allErrors;
|
|
16
17
|
}
|
|
18
|
+
/**
|
|
19
|
+
* Lints a resource policy document. Runs the resource-policy syntax validation
|
|
20
|
+
* plus the generic lint rules and the resource-policy-specific check for
|
|
21
|
+
* statements missing both `Principal` and `NotPrincipal`. AWS accepts such
|
|
22
|
+
* statements syntactically, but they can never match a request.
|
|
23
|
+
*
|
|
24
|
+
* @param policyDocument - the raw resource policy document to lint
|
|
25
|
+
* @returns an array of validation errors including syntax errors and lint warnings
|
|
26
|
+
*/
|
|
27
|
+
export function lintResourcePolicy(policyDocument) {
|
|
28
|
+
const errors = validateResourcePolicy(policyDocument);
|
|
29
|
+
errors.push(...findDuplicateSids(policyDocument));
|
|
30
|
+
errors.push(...findEmptyActions(policyDocument));
|
|
31
|
+
errors.push(...findStatementsWithoutPrincipal(policyDocument));
|
|
32
|
+
return errors;
|
|
33
|
+
}
|
|
34
|
+
/**
|
|
35
|
+
* Finds statements in a resource policy that have neither a `Principal` nor a
|
|
36
|
+
* `NotPrincipal` element. AWS accepts these syntactically but they can never
|
|
37
|
+
* match a request, which is almost always an authoring mistake.
|
|
38
|
+
*
|
|
39
|
+
* @param policyDocument - the raw resource policy document to check
|
|
40
|
+
* @returns an array of validation errors, one for each statement missing both Principal and NotPrincipal
|
|
41
|
+
*/
|
|
42
|
+
function findStatementsWithoutPrincipal(policyDocument) {
|
|
43
|
+
if (typeof policyDocument !== 'object' || policyDocument === null) {
|
|
44
|
+
return [];
|
|
45
|
+
}
|
|
46
|
+
const rawStatements = policyDocument.Statement;
|
|
47
|
+
if (rawStatements === undefined) {
|
|
48
|
+
return [];
|
|
49
|
+
}
|
|
50
|
+
const statements = Array.isArray(rawStatements) ? rawStatements : [rawStatements];
|
|
51
|
+
const isArray = Array.isArray(rawStatements);
|
|
52
|
+
const errors = [];
|
|
53
|
+
for (let i = 0; i < statements.length; i++) {
|
|
54
|
+
const statement = statements[i];
|
|
55
|
+
if (typeof statement !== 'object' || statement === null) {
|
|
56
|
+
continue;
|
|
57
|
+
}
|
|
58
|
+
if (statement.Principal === undefined && statement.NotPrincipal === undefined) {
|
|
59
|
+
errors.push({
|
|
60
|
+
path: isArray ? `Statement[${i}]` : 'Statement',
|
|
61
|
+
message: 'One of Principal or NotPrincipal is required in a resource policy'
|
|
62
|
+
});
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
return errors;
|
|
66
|
+
}
|
|
17
67
|
/**
|
|
18
68
|
* Checks a single action string for issues with the action part after the
|
|
19
69
|
* colon. Flags two cases:
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"lint.js","sourceRoot":"","sources":["../../../src/lint/lint.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,EAGrB,MAAM,yBAAyB,CAAA;
|
|
1
|
+
{"version":3,"file":"lint.js","sourceRoot":"","sources":["../../../src/lint/lint.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,EAGrB,MAAM,yBAAyB,CAAA;AAChC,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAA;AAErE;;;;;;;;GAQG;AACH,MAAM,UAAU,UAAU,CACxB,cAAmB,EACnB,sBAA2C,EAAE;IAE7C,MAAM,SAAS,GAAG,oBAAoB,CAAC,cAAc,EAAE,mBAAmB,CAAC,CAAA;IAC3E,SAAS,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,cAAc,CAAC,CAAC,CAAA;IACpD,SAAS,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC,CAAA;IACnD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,kBAAkB,CAAC,cAAmB;IACpD,MAAM,MAAM,GAAG,sBAAsB,CAAC,cAAc,CAAC,CAAA;IACrD,MAAM,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,cAAc,CAAC,CAAC,CAAA;IACjD,MAAM,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC,CAAA;IAChD,MAAM,CAAC,IAAI,CAAC,GAAG,8BAA8B,CAAC,cAAc,CAAC,CAAC,CAAA;IAC9D,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,8BAA8B,CAAC,cAAmB;IACzD,IAAI,OAAO,cAAc,KAAK,QAAQ,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;QAClE,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,aAAa,GAAG,cAAc,CAAC,SAAS,CAAA;IAC9C,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QAChC,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAA;IACjF,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;IAE5C,MAAM,MAAM,GAAsB,EAAE,CAAA;IACpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;QAC/B,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;YACxD,SAAQ;QACV,CAAC;QACD,IAAI,SAAS,CAAC,SAAS,KAAK,SAAS,IAAI,SAAS,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;YAC9E,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW;gBAC/C,OAAO,EAAE,mEAAmE;aAC7E,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,SAAS,gBAAgB,CAAC,MAAc,EAAE,IAAY;IACpD,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,OAAO,EAAE,CAAA;IACX,CAAC;IACD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,EAAE,CAAA;IACX,CAAC;IACD,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,OAAO;YACL;gBACE,IAAI;gBACJ,OAAO,EAAE,iCAAiC;aAC3C;SACF,CAAA;IACH,CAAC;IACD,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QACjC,OAAO;YACL;gBACE,IAAI;gBACJ,OAAO,EAAE,4BAA4B;aACtC;SACF,CAAA;IACH,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAAC,cAAmB;IAClD,IAAI,OAAO,cAAc,KAAK,QAAQ,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;QAClE,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,SAAS,CAAC;QACxD,CAAC,CAAC,cAAc,CAAC,SAAS;QAC1B,CAAC,CAAC,cAAc,CAAC,SAAS,KAAK,SAAS;YACtC,CAAC,CAAC,CAAC,cAAc,CAAC,SAAS,CAAC;YAC5B,CAAC,CAAC,EAAE,CAAA;IAER,MAAM,MAAM,GAAsB,EAAE,CAAA;IACpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;QAC/B,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;YACxD,SAAQ;QACV,CAAC;QACD,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,CAAA;QAE1F,KAAK,MAAM,KAAK,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,CAAC;YAC5C,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,CAAA;YAC9B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACxB,SAAQ;YACV,CAAC;YACD,MAAM,SAAS,GAAG,GAAG,QAAQ,IAAI,KAAK,EAAE,CAAA;YACxC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC9B,MAAM,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC,CAAA;YACpD,CAAC;iBAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACtC,MAAM,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,SAAS,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;gBAClE,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,iBAAiB,CAAC,cAAmB;IACnD,IAAI,OAAO,cAAc,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,EAAE,SAAS,CAAC,EAAE,CAAC;QACpF,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,iBAAiB,GAAG,cAAc,CAAC,SAAS,CAAC,MAAM,CACvD,CAAC,GAA6B,EAAE,SAAc,EAAE,KAAa,EAAE,EAAE;QAC/D,IAAI,SAAS,CAAC,GAAG,EAAE,CAAC;YAClB,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,CAAA;YACzB,CAAC;YACD,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,aAAa,KAAK,OAAO,CAAC,CAAA;QACpD,CAAC;QACD,OAAO,GAAG,CAAA;IACZ,CAAC,EACD,EAA8B,CAC/B,CAAA;IAED,MAAM,MAAM,GAAsB,EAAE,CAAA;IACpC,KAAK,MAAM,CAAC,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAW,iBAAiB,CAAC,EAAE,CAAC;QACpE,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI;oBACJ,OAAO,EAAE,oCAAoC;iBAC9C,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC"}
|
package/dist/esm/parser.d.ts
CHANGED
|
@@ -1,8 +1,12 @@
|
|
|
1
1
|
import { type Policy } from './policies/policy.js';
|
|
2
2
|
/**
|
|
3
|
-
* Load a Policy from a policy document
|
|
3
|
+
* Load a Policy from a policy document. If a {@link ValidatedPolicy} is passed,
|
|
4
|
+
* the raw document and metadata are extracted from it automatically. When both
|
|
5
|
+
* the ValidatedPolicy carries metadata and the caller supplies explicit metadata,
|
|
6
|
+
* the explicit metadata takes precedence.
|
|
4
7
|
*
|
|
5
|
-
* @param policyDocument the policy document JSON object
|
|
8
|
+
* @param policyDocument the policy document JSON object, or a ValidatedPolicy
|
|
9
|
+
* @param metadata optional metadata to attach to the loaded Policy
|
|
6
10
|
* @returns the Policy object for the backing policy document
|
|
7
11
|
*/
|
|
8
12
|
export declare function loadPolicy<T = undefined>(policyDocument: any, metadata?: T): Policy<T>;
|
package/dist/esm/parser.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../../src/parser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,MAAM,EAAc,MAAM,sBAAsB,CAAA;
|
|
1
|
+
{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../../src/parser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,MAAM,EAAc,MAAM,sBAAsB,CAAA;AAG9D;;;;;;;;;GASG;AACH,wBAAgB,UAAU,CAAC,CAAC,GAAG,SAAS,EAAE,cAAc,EAAE,GAAG,EAAE,QAAQ,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAKtF"}
|
package/dist/esm/parser.js
CHANGED
|
@@ -1,11 +1,19 @@
|
|
|
1
1
|
import { PolicyImpl } from './policies/policy.js';
|
|
2
|
+
import { isValidatedPolicy } from './validatedPolicy.js';
|
|
2
3
|
/**
|
|
3
|
-
* Load a Policy from a policy document
|
|
4
|
+
* Load a Policy from a policy document. If a {@link ValidatedPolicy} is passed,
|
|
5
|
+
* the raw document and metadata are extracted from it automatically. When both
|
|
6
|
+
* the ValidatedPolicy carries metadata and the caller supplies explicit metadata,
|
|
7
|
+
* the explicit metadata takes precedence.
|
|
4
8
|
*
|
|
5
|
-
* @param policyDocument the policy document JSON object
|
|
9
|
+
* @param policyDocument the policy document JSON object, or a ValidatedPolicy
|
|
10
|
+
* @param metadata optional metadata to attach to the loaded Policy
|
|
6
11
|
* @returns the Policy object for the backing policy document
|
|
7
12
|
*/
|
|
8
13
|
export function loadPolicy(policyDocument, metadata) {
|
|
14
|
+
if (isValidatedPolicy(policyDocument)) {
|
|
15
|
+
return new PolicyImpl(policyDocument.policyDocument, metadata ?? policyDocument.metadata);
|
|
16
|
+
}
|
|
9
17
|
return new PolicyImpl(policyDocument, metadata);
|
|
10
18
|
}
|
|
11
19
|
//# sourceMappingURL=parser.js.map
|
package/dist/esm/parser.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parser.js","sourceRoot":"","sources":["../../src/parser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,UAAU,EAAE,MAAM,sBAAsB,CAAA;
|
|
1
|
+
{"version":3,"file":"parser.js","sourceRoot":"","sources":["../../src/parser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,UAAU,EAAE,MAAM,sBAAsB,CAAA;AAC9D,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AAExD;;;;;;;;;GASG;AACH,MAAM,UAAU,UAAU,CAAgB,cAAmB,EAAE,QAAY;IACzE,IAAI,iBAAiB,CAAC,cAAc,CAAC,EAAE,CAAC;QACtC,OAAO,IAAI,UAAU,CAAC,cAAc,CAAC,cAAc,EAAE,QAAQ,IAAI,cAAc,CAAC,QAAQ,CAAC,CAAA;IAC3F,CAAC;IACD,OAAO,IAAI,UAAU,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAA;AACjD,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validateTypes.d.ts","sourceRoot":"","sources":["../../../src/validate/validateTypes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAwB,KAAK,eAAe,EAAE,MAAM,eAAe,CAAA;AAE1E;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAarE;AAED;;;;;GAKG;AACH,wBAAgB,4BAA4B,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAe3E;AAED;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,
|
|
1
|
+
{"version":3,"file":"validateTypes.d.ts","sourceRoot":"","sources":["../../../src/validate/validateTypes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAwB,KAAK,eAAe,EAAE,MAAM,eAAe,CAAA;AAE1E;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAarE;AAED;;;;;GAKG;AACH,wBAAgB,4BAA4B,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAe3E;AAED;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CASrE;AAED;;;;;GAKG;AACH,wBAAgB,6BAA6B,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAoD5E;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAelE;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAkBrE;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAapE"}
|
|
@@ -49,7 +49,6 @@ export function validateResourcePolicy(policy) {
|
|
|
49
49
|
const policyType = 'a resource policy';
|
|
50
50
|
const errors = [];
|
|
51
51
|
errors.push(...validateAtLeastOneOf(statement, ['Action', 'NotAction'], path, policyType));
|
|
52
|
-
errors.push(...validateAtLeastOneOf(statement, ['Principal', 'NotPrincipal'], path, policyType));
|
|
53
52
|
return errors;
|
|
54
53
|
}
|
|
55
54
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validateTypes.js","sourceRoot":"","sources":["../../../src/validate/validateTypes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAwB,MAAM,eAAe,CAAA;AAE1E;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAW;IAChD,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,8BAA8B,CAAA;YACjD,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACxF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,4BAA4B,CAAC,MAAW;IACtD,MAAM,UAAU,GAAG,0BAA0B,CAAA;IAE7C,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACxF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAE9F,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAW;IAChD,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,mBAAmB,CAAA;YACtC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,
|
|
1
|
+
{"version":3,"file":"validateTypes.js","sourceRoot":"","sources":["../../../src/validate/validateTypes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAwB,MAAM,eAAe,CAAA;AAE1E;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAW;IAChD,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,8BAA8B,CAAA;YACjD,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACxF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,4BAA4B,CAAC,MAAW;IACtD,MAAM,UAAU,GAAG,0BAA0B,CAAA;IAE7C,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACxF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAE9F,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAW;IAChD,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,mBAAmB,CAAA;YACtC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,6BAA6B,CAAC,MAAW;IACvD,MAAM,UAAU,GAAG,2BAA2B,CAAA;IAE9C,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,eAAe,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE;YACjC,IAAI,OAAO,KAAK,YAAY,EAAE,CAAC;gBAC7B,OAAO;oBACL;wBACE,IAAI,EAAE,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;wBAC9C,OAAO,EAAE,mCAAmC,UAAU,EAAE;qBACzD;iBACF,CAAA;YACH,CAAC;YACD,OAAO,EAAE,CAAA;QACX,CAAC;QACD,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,MAAM,GAAsB,EAAE,CAAA;YAEpC,IAAI,SAAS,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAChC,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,GAAG,IAAI,SAAS;oBACtB,OAAO,EAAE,4BAA4B,UAAU,EAAE;iBAClD,CAAC,CAAA;YACJ,CAAC;YAED,IAAI,SAAS,CAAC,SAAS,KAAK,GAAG,EAAE,CAAC;gBAChC,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,SAAS,CAAC,SAAS,IAAI,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,YAAY;oBACnE,OAAO,EAAE,4BAA4B,UAAU,EAAE;iBAClD,CAAC,CAAA;YACJ,CAAC;YAED,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,cAAc,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACxF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC7E,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,OAAO,MAAM,CAAA;QACf,CAAC;QAED,cAAc,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE;YAC/B,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;gBACnB,OAAO;oBACL;wBACE,IAAI;wBACJ,OAAO,EAAE,2BAA2B,UAAU,EAAE;qBACjD;iBACF,CAAA;YACH,CAAC;YACD,OAAO,EAAE,CAAA;QACX,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAW;IAC7C,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,gBAAgB,CAAA;YACnC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACtF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CACT,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACpF,CAAA;YACD,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAW;IAChD,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,oBAAoB,CAAA;YACvC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YACvF,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAChF,IAAI,SAAS,CAAC,SAAS,IAAI,SAAS,CAAC,SAAS,KAAK,GAAG,EAAE,CAAC;gBACvD,MAAM,CAAC,IAAI,CAAC;oBACV,OAAO,EAAE,4BAA4B,UAAU,EAAE;oBACjD,IAAI,EAAE,GAAG,IAAI,YAAY;iBAC1B,CAAC,CAAA;YACJ,CAAC;YACD,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,MAAW;IAC/C,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,kBAAkB,CAAA;YACrC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CACT,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CACxF,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,oBAAoB,CAC3B,SAAc,EACd,cAAwB,EACxB,IAAY,EACZ,UAAkB;IAElB,MAAM,aAAa,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAA;IACxE,IAAI,OAAO,GAAG,UAAU,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,mBAAmB,UAAU,EAAE,CAAA;IAClF,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,OAAO,GAAG,GAAG,cAAc,CAAC,CAAC,CAAC,mBAAmB,UAAU,EAAE,CAAA;IAC/D,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO;YACL;gBACE,IAAI;gBACJ,OAAO;aACR;SACF,CAAA;IACH,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,wBAAwB,CAC/B,SAAc,EACd,gBAA0B,EAC1B,IAAY,EACZ,UAAkB;IAElB,MAAM,MAAM,GAAsB,EAAE,CAAA;IACpC,KAAK,MAAM,KAAK,IAAI,gBAAgB,EAAE,CAAC;QACrC,IAAI,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;YACrB,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,GAAG,IAAI,KAAK,KAAK,EAAE;gBACzB,OAAO,EAAE,GAAG,KAAK,sBAAsB,UAAU,EAAE;aACpD,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
import type { ValidationError } from './validate/validate.js';
|
|
2
|
+
/**
|
|
3
|
+
* A policy document that has been validated. Carries the raw policy document,
|
|
4
|
+
* optional metadata, and the validation result so that downstream consumers
|
|
5
|
+
* can skip re-validation.
|
|
6
|
+
*
|
|
7
|
+
* Every field is a plain value — no class instances — so the entire object
|
|
8
|
+
* survives JSON serialization (e.g. through SharedArrayBuffer) unchanged.
|
|
9
|
+
*/
|
|
10
|
+
export interface ValidatedPolicy<T = undefined> {
|
|
11
|
+
/** Discriminant for runtime detection via {@link isValidatedPolicy}. */
|
|
12
|
+
readonly __validated: true;
|
|
13
|
+
/** The raw policy JSON document. */
|
|
14
|
+
readonly policyDocument: any;
|
|
15
|
+
/** Optional metadata carried through to {@link loadPolicy} (e.g. `{ name: string }` for error reporting). */
|
|
16
|
+
readonly metadata?: T;
|
|
17
|
+
/** Validation errors. An empty array means the policy is valid. */
|
|
18
|
+
readonly errors: readonly ValidationError[];
|
|
19
|
+
}
|
|
20
|
+
/**
|
|
21
|
+
* Validates a policy document using the provided validation function and
|
|
22
|
+
* bundles the result with the raw document and optional metadata.
|
|
23
|
+
*
|
|
24
|
+
* The caller chooses the validation function, so this factory is agnostic
|
|
25
|
+
* to the policy type (identity, SCP, RCP, resource, trust, endpoint, etc.).
|
|
26
|
+
*
|
|
27
|
+
* @param policyDocument the raw policy JSON document
|
|
28
|
+
* @param validateFn a validation function that returns an array of errors (empty if valid)
|
|
29
|
+
* @param metadata optional metadata to carry with the validated policy
|
|
30
|
+
* @returns a ValidatedPolicy containing the raw document, metadata, and validation errors
|
|
31
|
+
*/
|
|
32
|
+
export declare function createValidatedPolicy<T = undefined>(policyDocument: any, validateFn: (policy: any) => ValidationError[], metadata?: T): ValidatedPolicy<T>;
|
|
33
|
+
/**
|
|
34
|
+
* Type guard that checks whether a value is a {@link ValidatedPolicy}.
|
|
35
|
+
*
|
|
36
|
+
* @param value the value to check
|
|
37
|
+
* @returns true if the value is a ValidatedPolicy
|
|
38
|
+
*/
|
|
39
|
+
export declare function isValidatedPolicy(value: any): value is ValidatedPolicy;
|
|
40
|
+
//# sourceMappingURL=validatedPolicy.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"validatedPolicy.d.ts","sourceRoot":"","sources":["../../src/validatedPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AAE7D;;;;;;;GAOG;AACH,MAAM,WAAW,eAAe,CAAC,CAAC,GAAG,SAAS;IAC5C,wEAAwE;IACxE,QAAQ,CAAC,WAAW,EAAE,IAAI,CAAA;IAE1B,oCAAoC;IACpC,QAAQ,CAAC,cAAc,EAAE,GAAG,CAAA;IAE5B,6GAA6G;IAC7G,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;IAErB,mEAAmE;IACnE,QAAQ,CAAC,MAAM,EAAE,SAAS,eAAe,EAAE,CAAA;CAC5C;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,qBAAqB,CAAC,CAAC,GAAG,SAAS,EACjD,cAAc,EAAE,GAAG,EACnB,UAAU,EAAE,CAAC,MAAM,EAAE,GAAG,KAAK,eAAe,EAAE,EAC9C,QAAQ,CAAC,EAAE,CAAC,GACX,eAAe,CAAC,CAAC,CAAC,CAGpB;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,GAAG,GAAG,KAAK,IAAI,eAAe,CAEtE"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Validates a policy document using the provided validation function and
|
|
3
|
+
* bundles the result with the raw document and optional metadata.
|
|
4
|
+
*
|
|
5
|
+
* The caller chooses the validation function, so this factory is agnostic
|
|
6
|
+
* to the policy type (identity, SCP, RCP, resource, trust, endpoint, etc.).
|
|
7
|
+
*
|
|
8
|
+
* @param policyDocument the raw policy JSON document
|
|
9
|
+
* @param validateFn a validation function that returns an array of errors (empty if valid)
|
|
10
|
+
* @param metadata optional metadata to carry with the validated policy
|
|
11
|
+
* @returns a ValidatedPolicy containing the raw document, metadata, and validation errors
|
|
12
|
+
*/
|
|
13
|
+
export function createValidatedPolicy(policyDocument, validateFn, metadata) {
|
|
14
|
+
const errors = validateFn(policyDocument);
|
|
15
|
+
return { __validated: true, policyDocument, metadata, errors };
|
|
16
|
+
}
|
|
17
|
+
/**
|
|
18
|
+
* Type guard that checks whether a value is a {@link ValidatedPolicy}.
|
|
19
|
+
*
|
|
20
|
+
* @param value the value to check
|
|
21
|
+
* @returns true if the value is a ValidatedPolicy
|
|
22
|
+
*/
|
|
23
|
+
export function isValidatedPolicy(value) {
|
|
24
|
+
return !!value && value.__validated === true;
|
|
25
|
+
}
|
|
26
|
+
//# sourceMappingURL=validatedPolicy.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"validatedPolicy.js","sourceRoot":"","sources":["../../src/validatedPolicy.ts"],"names":[],"mappings":"AAwBA;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,qBAAqB,CACnC,cAAmB,EACnB,UAA8C,EAC9C,QAAY;IAEZ,MAAM,MAAM,GAAG,UAAU,CAAC,cAAc,CAAC,CAAA;IACzC,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAA;AAChE,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAU;IAC1C,OAAO,CAAC,CAAC,KAAK,IAAI,KAAK,CAAC,WAAW,KAAK,IAAI,CAAA;AAC9C,CAAC"}
|