@cloud-copilot/iam-shrink 0.1.2 → 0.1.4

package/src/shrink.ts

@@ -1,6 +1,6 @@
-import { expandIamActions } from '@cloud-copilot/iam-expand';
-import { ShrinkValidationError } from './errors.js';
-import { validateShrinkResults } from './validate.js';
+import { expandIamActions } from '@cloud-copilot/iam-expand'
+import { ShrinkValidationError } from './errors.js'
+import { validateShrinkResults } from './validate.js'
 
 export interface ShrinkOptions {
   iterations: number
@@ -23,34 +23,46 @@ const defaultOptions: ShrinkOptions = {
  * @param iterations the number of iterations to run the shrink operations
  * @returns the smallest list of patterns that will match only the actions specified by desiredPatterns and not match any of the excludedPatterns or any actions not specified by desiredPatterns.
  */
-export async function shrink(desiredPatterns: string[], shrinkOptions?: Partial<ShrinkOptions>): Promise<string[]> {
+export async function shrink(
+  desiredPatterns: string[],
+  shrinkOptions?: Partial<ShrinkOptions>
+): Promise<string[]> {
   //Check for an all actions wildcard
-  const wildCard = desiredPatterns.find(pattern => collapseAsterisks(pattern) === '*');
-  if(wildCard) {
-    return ["*"];
+  const wildCard = desiredPatterns.find((pattern) => collapseAsterisks(pattern) === '*')
+  if (wildCard) {
+    return ['*']
   }
 
-  const options = {...defaultOptions, ...shrinkOptions}
-  const targetActions = await expandIamActions(desiredPatterns, {expandServiceAsterisk: true})
-  const expandedActionsByService = groupActionsByService(targetActions);
-  const services = Array.from(expandedActionsByService.keys()).sort();
+  const options = { ...defaultOptions, ...shrinkOptions }
+  const targetActions = await expandIamActions(desiredPatterns)
+  const expandedActionsByService = groupActionsByService(targetActions)
+  const services = Array.from(expandedActionsByService.keys()).sort()
 
-  const reducedActions: string[] = [];
-  for(const service of services) {
+  const reducedActions: string[] = []
+  for (const service of services) {
     const desiredActions = expandedActionsByService.get(service)!
-    const possibleActions = mapActions(await expandIamActions(`${service}:*`, {expandServiceAsterisk: true}))
-    const reducedServiceActions = shrinkResolvedList(desiredActions.withoutService, possibleActions, options.iterations)
+    const possibleActions = mapActions(await expandIamActions(`${service}:*`))
+    const reducedServiceActions = shrinkResolvedList(
+      desiredActions.withoutService,
+      possibleActions,
+      options.iterations
+    )
 
     //Validation
-    const reducedServiceActionsWithService = reducedServiceActions.map(action => `${service}:${action}`);
-    const invalidMatch = await validateShrinkResults(desiredActions.withService, reducedServiceActionsWithService);
-    if(invalidMatch) {
-      throw new ShrinkValidationError(desiredPatterns, invalidMatch);
+    const reducedServiceActionsWithService = reducedServiceActions.map(
+      (action) => `${service}:${action}`
+    )
+    const invalidMatch = await validateShrinkResults(
+      desiredActions.withService,
+      reducedServiceActionsWithService
+    )
+    if (invalidMatch) {
+      throw new ShrinkValidationError(desiredPatterns, invalidMatch)
     }
     reducedActions.push(...reducedServiceActionsWithService)
   }
 
-  return reducedActions;
+  return reducedActions
 }
 
 /**
@@ -60,7 +72,7 @@ export async function shrink(desiredPatterns: string[], shrinkOptions?: Partial<
  * @returns an array of just the action strings such as ['GetObject', 'DescribeInstances']
  */
 export function mapActions(actions: string[]): string[] {
-  return actions.map(action => action.split(":")[1]);
+  return actions.map((action) => action.split(':')[1])
 }
 
 /**
@@ -73,18 +85,19 @@ export function mapActions(actions: string[]): string[] {
  * @param actions the array of service:action strings such as ['s3:GetObject', 'ec2:DescribeInstances']
  * @returns a map of service to an object with two arrays: withService and withoutService
  */
-export function groupActionsByService(actions: string[]): Map<string, {withService: string[], withoutService: string[]}> {
-  const serviceMap = new Map<string, {withService: string[], withoutService: string[]}>();
-  actions.forEach(actionString => {
-    const [service, action] = actionString.split(":");
+export function groupActionsByService(
+  actions: string[]
+): Map<string, { withService: string[]; withoutService: string[] }> {
+  const serviceMap = new Map<string, { withService: string[]; withoutService: string[] }>()
+  actions.forEach((actionString) => {
+    const [service, action] = actionString.split(':')
     if (!serviceMap.has(service)) {
-      serviceMap.set(service, {withService: [], withoutService: []});
+      serviceMap.set(service, { withService: [], withoutService: [] })
     }
-    serviceMap.get(service)!.withService.push(actionString);
-    serviceMap.get(service)!.withoutService.push(action);
-
-  });
-  return serviceMap;
+    serviceMap.get(service)!.withService.push(actionString)
+    serviceMap.get(service)!.withoutService.push(action)
+  })
+  return serviceMap
 }
 
 /**
@@ -96,40 +109,43 @@ export function groupActionsByService(actions: string[]): Map<string, {withServi
  * @param iterations the number of iterations to run the shrink operations
  * @returns the smallest list of patterns that when compared to possibleActions will match only the desiredActions and no others
  */
-export function shrinkResolvedList(desiredActions: string[], possibleActions: string[], iterations: number): string[] {
+export function shrinkResolvedList(
+  desiredActions: string[],
+  possibleActions: string[],
+  iterations: number
+): string[] {
   const desiredActionSet = new Set(desiredActions)
-  const undesiredActions = possibleActions.filter(action => !desiredActionSet.has(action))
+  const undesiredActions = possibleActions.filter((action) => !desiredActionSet.has(action))
 
-  if(undesiredActions.length === 0) {
+  if (undesiredActions.length === 0) {
     // If there are no undesired actions, that means we want all actions
-    return ["*"];
+    return ['*']
   }
 
   // Iteratively shrink based on the most commmon sequence until we can't shrink anymore
-  let previousActionListLength = desiredActions.length;
+  let previousActionListLength = desiredActions.length
   let actionList = desiredActions.slice()
 
   do {
-    previousActionListLength = actionList.length;
-    actionList = shrinkIteration(actionList, undesiredActions, false);
+    previousActionListLength = actionList.length
+    actionList = shrinkIteration(actionList, undesiredActions, false)
     iterations = iterations - 1
-    if(iterations <= 0) {
+    if (iterations <= 0) {
       return actionList
     }
-  } while (actionList.length < previousActionListLength);
-
+  } while (actionList.length < previousActionListLength)
 
   // Iteratively shrink based on all common sequences until we can't shrink anymore
   do {
-    previousActionListLength = actionList.length;
-    actionList = shrinkIteration(actionList, undesiredActions, true);
+    previousActionListLength = actionList.length
+    actionList = shrinkIteration(actionList, undesiredActions, true)
     iterations = iterations - 1
-    if(iterations <= 0) {
+    if (iterations <= 0) {
       return actionList
     }
-  } while (actionList.length < previousActionListLength);
+  } while (actionList.length < previousActionListLength)
 
-  return actionList;
+  return actionList
 }
 
 /**
@@ -140,25 +156,33 @@ export function shrinkResolvedList(desiredActions: string[], possibleActions: st
  * @param deep if true, will shrink based on all common sequences, otherwise will only shrink based on the most common sequence
  * @returns the smallest list of actions that will match only the desiredActions and not match any of the undesiredActions or any actions not specified by desiredActions.
  */
-export function shrinkIteration(desiredActions: string[], undesiredActions: string[], deep: boolean): string[] {
+export function shrinkIteration(
+  desiredActions: string[],
+  undesiredActions: string[],
+  deep: boolean
+): string[] {
   // Find all common words in the strings in the desiredActions array
-  const commonSequences = findCommonSequences(desiredActions).filter(sequence => sequence.sequence != "*");;
+  const commonSequences = findCommonSequences(desiredActions).filter(
+    (sequence) => sequence.sequence != '*'
+  )
   commonSequences.sort((a, b) => {
-    return b.frequency - a.frequency;
-  });
+    return b.frequency - a.frequency
+  })
 
-  const sequencesToProcess = deep ? commonSequences : commonSequences.slice(0, 1);
+  const sequencesToProcess = deep ? commonSequences : commonSequences.slice(0, 1)
 
   // Reduce the actions based on the common sequences
   let reducedActions = desiredActions
-  for(const sequence of sequencesToProcess) {
+  for (const sequence of sequencesToProcess) {
     const reducedIteration = Array.from(
-      new Set(reducedActions.map(action => reduceAction(action, sequence.sequence, undesiredActions)))
-    );
-    reducedActions = consolidateWildcardPatterns(reducedIteration);
+      new Set(
+        reducedActions.map((action) => reduceAction(action, sequence.sequence, undesiredActions))
+      )
+    )
+    reducedActions = consolidateWildcardPatterns(reducedIteration)
   }
 
-  return reducedActions;
+  return reducedActions
 }
 
 /**
@@ -170,75 +194,78 @@ export function shrinkIteration(desiredActions: string[], undesiredActions: stri
  * @param undesiredActions the list of actions that should not match the reduced action
  * @returns the reduced action with as many parts replaced with asterisks as possible while still matching the desired actions and not matching any of the undesired actions
  */
-export function reduceAction(desiredAction: string, sequence: string, undesiredActions: string[]): string {
-  const testArray = splitActionIntoParts(desiredAction);
-  if(testArray.length === 1) {
-    return desiredAction;
+export function reduceAction(
+  desiredAction: string,
+  sequence: string,
+  undesiredActions: string[]
+): string {
+  const testArray = splitActionIntoParts(desiredAction)
+  if (testArray.length === 1) {
+    return desiredAction
   }
-  const indexOfSequence = testArray.indexOf(sequence);
-  let shorterValue = desiredAction ;
+  const indexOfSequence = testArray.indexOf(sequence)
+  let shorterValue = desiredAction
 
-  if(indexOfSequence === 0) {
-    const tempArray = testArray.slice();
+  if (indexOfSequence === 0) {
+    const tempArray = testArray.slice()
     //Iterate though ever following element and see if replacing the sequence with the first common sequence results in a failure
-    for(let i = 1; i < testArray.length; i++) {
-      tempArray[i] = "*";
-      const tempString = collapseAsterisks(tempArray.join(""));
-      const problemMatch = wildcardActionMatchesAnyString(tempString, undesiredActions);
-      if(problemMatch) {
+    for (let i = 1; i < testArray.length; i++) {
+      tempArray[i] = '*'
+      const tempString = collapseAsterisks(tempArray.join(''))
+      const problemMatch = wildcardActionMatchesAnyString(tempString, undesiredActions)
+      if (problemMatch) {
         // Stopping here seems to work the best
-        break;
+        break
       }
-      shorterValue = tempString;
+      shorterValue = tempString
     }
 
     //its at the beginning
-  } else if(indexOfSequence === testArray.length - 1) {
+  } else if (indexOfSequence === testArray.length - 1) {
     //its at the end
-    const tempArray = testArray.slice();
+    const tempArray = testArray.slice()
     //Iterate through the array backwards and see if replace the items with * results in a failure
-    for(let i = testArray.length - 2; i >= 0; i--) {
-      tempArray[i] = "*";
-      const tempString = collapseAsterisks(tempArray.join(""));
-      const problemMatch = wildcardActionMatchesAnyString(tempString, undesiredActions);
-      if(problemMatch) {
+    for (let i = testArray.length - 2; i >= 0; i--) {
+      tempArray[i] = '*'
+      const tempString = collapseAsterisks(tempArray.join(''))
+      const problemMatch = wildcardActionMatchesAnyString(tempString, undesiredActions)
+      if (problemMatch) {
         // Stopping here seems to work the best
-        break;
+        break
       }
 
-      shorterValue = tempString;
+      shorterValue = tempString
     }
-  } else if(indexOfSequence > 0) {
+  } else if (indexOfSequence > 0) {
     //its in the middle
-    const tempArray = testArray.slice();
+    const tempArray = testArray.slice()
     //Iterate forward through the array and see if replacing the items with * results in a failure
-    for(let i = indexOfSequence + 1; i < testArray.length; i++) {
-      tempArray[i] = "*";
-      const tempString = collapseAsterisks(tempArray.join(""));
-      const problemMatch = wildcardActionMatchesAnyString(tempString, undesiredActions);
-      if(problemMatch) {
+    for (let i = indexOfSequence + 1; i < testArray.length; i++) {
+      tempArray[i] = '*'
+      const tempString = collapseAsterisks(tempArray.join(''))
+      const problemMatch = wildcardActionMatchesAnyString(tempString, undesiredActions)
+      if (problemMatch) {
         //This replacement cased a prolem match, so revert it before going backwards in the strings
         tempArray[i] = testArray[i]
         // Stopping here seems to work the best
-        break;
+        break
       }
-      shorterValue = tempString;
+      shorterValue = tempString
     }
     //Iterate through the array backwards and see if replace the items with * results in a failure
-    for(let i = indexOfSequence - 1; i >= 0; i--) {
-      tempArray[i] = "*";
-      const tempString = collapseAsterisks(tempArray.join(""));
-      const problemMatch = wildcardActionMatchesAnyString(tempString, undesiredActions);
-      if(problemMatch) {
+    for (let i = indexOfSequence - 1; i >= 0; i--) {
+      tempArray[i] = '*'
+      const tempString = collapseAsterisks(tempArray.join(''))
+      const problemMatch = wildcardActionMatchesAnyString(tempString, undesiredActions)
+      if (problemMatch) {
         // Stopping here seems to work the best
-        break;
+        break
       }
-      shorterValue = tempString;
+      shorterValue = tempString
     }
-
   }
 
-  return shorterValue;
+  return shorterValue
 }
 
 /**
@@ -258,8 +285,8 @@ export function collapseAsterisks(wildcardAction: string): string {
  * @returns a regular expression that will match the wildcard action
  */
 export function regexForWildcardAction(wildcardAction: string): RegExp {
-  wildcardAction = collapseAsterisks(wildcardAction);
-  const pattern = "^" + wildcardAction.replace(/\*/g, '.*?') + "$"
+  wildcardAction = collapseAsterisks(wildcardAction)
+  const pattern = '^' + wildcardAction.replace(/\*/g, '.*?') + '$'
   return new RegExp(pattern, 'i')
 }
 
@@ -274,10 +301,10 @@ export function wildcardActionMatchesAnyString(wildcardAction: string, strings:
   const regex = regexForWildcardAction(wildcardAction)
   for (const string of strings) {
     if (regex.test(string)) {
-      return true;
+      return true
     }
   }
-  return false;
+  return false
 }
 
 /**
@@ -294,10 +321,9 @@ export function splitActionIntoParts(input: string): string[] {
   // Split the string using a regex that finds transitions from lower to upper case or asterisks
   // and keeps sequences of uppercase letters together
   // return input.split(/(?<=[a-z])(?=[A-Z])|(?<=[A-Z])(?=[A-Z][a-z])/);
-  return input.split(/(?<=[a-z])(?=[A-Z])|(?<=[A-Z])(?=[A-Z][a-z])|(?=[*])|(?<=[*])/);
+  return input.split(/(?<=[a-z])(?=[A-Z])|(?<=[A-Z])(?=[A-Z][a-z])|(?=[*])|(?<=[*])/)
 }
 
-
 /**
  * Given a list of strings and a list of strings those parts are in, count the number of times each part appears in the strings
  *
@@ -306,19 +332,19 @@ export function splitActionIntoParts(input: string): string[] {
  * @returns Returns a map of the substring to the number of times it appears in the actions
  */
 export function countSubstrings(substrings: string[], actions: string[]): Map<string, number> {
-  const substringCount = new Map<string, number>();
-  substrings.forEach(substring => {
-    let count = 0;
-    actions.forEach(action => {
+  const substringCount = new Map<string, number>()
+  substrings.forEach((substring) => {
+    let count = 0
+    actions.forEach((action) => {
       if (action.includes(substring)) {
-        count++;
+        count++
       }
-    });
+    })
     if (count > 0) {
-      substringCount.set(substring, count);
+      substringCount.set(substring, count)
     }
-  });
-  return substringCount;
+  })
+  return substringCount
 }
 
 /**
@@ -327,20 +353,22 @@ export function countSubstrings(substrings: string[], actions: string[]): Map<st
  * @param actions the list of actions to find common sequences in
  * @returns an array of objects with the sequence, frequency, and length of the common sequences
  */
-export function findCommonSequences(actions: string[]): { sequence: string, frequency: number, length: number }[] {
-  const allSubstrings = new Set<string>();
-  actions.forEach(action => {
-    splitActionIntoParts(action).forEach(substring => allSubstrings.add(substring));
-  });
+export function findCommonSequences(
+  actions: string[]
+): { sequence: string; frequency: number; length: number }[] {
+  const allSubstrings = new Set<string>()
+  actions.forEach((action) => {
+    splitActionIntoParts(action).forEach((substring) => allSubstrings.add(substring))
+  })
 
-  const substringCount = countSubstrings(Array.from(allSubstrings), actions);
+  const substringCount = countSubstrings(Array.from(allSubstrings), actions)
 
-  const result: any[] = [];
+  const result: any[] = []
   substringCount.forEach((frequency, sequence) => {
-    result.push({ sequence, frequency, length: sequence.length });
-  });
+    result.push({ sequence, frequency, length: sequence.length })
+  })
 
-  return result;
+  return result
 }
 
 /**
@@ -355,20 +383,24 @@ export function findCommonSequences(actions: string[]): { sequence: string, freq
  */
 export function consolidateWildcardPatterns(patterns: string[]): string[] {
   // Sort patterns to handle simpler cases first
-  patterns.sort((a, b) => b.length - a.length);
+  patterns.sort((a, b) => b.length - a.length)
 
-  let consolidatedPatterns: string[] = [];
-  for(const pattern of patterns) {
+  let consolidatedPatterns: string[] = []
+  for (const pattern of patterns) {
     //If it's already covered, skip it
-    const coveredByExistingPattern = consolidatedPatterns.some(consolidated => matchesPattern(consolidated, pattern))
-    if(coveredByExistingPattern) {
-      continue;
+    const coveredByExistingPattern = consolidatedPatterns.some((consolidated) =>
+      matchesPattern(consolidated, pattern)
+    )
+    if (coveredByExistingPattern) {
+      continue
     }
 
     //If it subsumes any existing patterns, remove them
-    consolidatedPatterns = consolidatedPatterns.filter(consolidated =>  !matchesPattern(pattern, consolidated));
+    consolidatedPatterns = consolidatedPatterns.filter(
+      (consolidated) => !matchesPattern(pattern, consolidated)
+    )
 
-    consolidatedPatterns.push(pattern);
+    consolidatedPatterns.push(pattern)
   }
   return consolidatedPatterns
 }
@@ -380,6 +412,6 @@ export function consolidateWildcardPatterns(patterns: string[]): string[] {
  * @returns true if the specific string matches the general pattern
  */
 function matchesPattern(general: string, specific: string): boolean {
-  const regex = new RegExp("^" + general.replace(/\*/g, ".*") + "$");
-  return regex.test(specific);
-}
+  const regex = new RegExp('^' + general.replace(/\*/g, '.*') + '$')
+  return regex.test(specific)
+}

package/src/shrink_file.test.ts

@@ -1,7 +1,7 @@
-import { beforeEach } from "node:test";
-import { describe, expect, it, vi } from "vitest";
-import { shrink } from './shrink.js';
-import { shrinkJsonDocument } from "./shrink_file.js";
+import { beforeEach } from 'node:test'
+import { describe, expect, it, vi } from 'vitest'
+import { shrink } from './shrink.js'
+import { shrinkJsonDocument } from './shrink_file.js'
 
 vi.mock('./shrink.js')
 

package/src/shrink_file.ts

@@ -1,4 +1,4 @@
-import { ShrinkOptions, shrink } from "./shrink.js";
+import { ShrinkOptions, shrink } from './shrink.js'
 
 /**
  * Takes any JSON document and shrinks any Action or NotAction array of strings in the document.
@@ -9,30 +9,34 @@ import { ShrinkOptions, shrink } from "./shrink.js";
  * @param key the key of the current node in the document
  * @returns the original JSON document with any actions expanded in place
  */
-export async function shrinkJsonDocument(options: Partial<ShrinkOptions>, document: any, key?: string): Promise<any> {
+export async function shrinkJsonDocument(
+  options: Partial<ShrinkOptions>,
+  document: any,
+  key?: string
+): Promise<any> {
   if (key === 'Action' || key === 'NotAction') {
     // if (typeof document === 'string') {
     //   // return shrink([document], options);
     // }
     if (Array.isArray(document) && document.length > 0 && typeof document[0] === 'string') {
-      return shrink(document, options);
+      return shrink(document, options)
     }
   }
 
   if (Array.isArray(document)) {
-    const results = [];
+    const results = []
     for (const item of document) {
-      results.push(await shrinkJsonDocument(options, item));
+      results.push(await shrinkJsonDocument(options, item))
     }
-    return results;
+    return results
   }
 
   if (typeof document === 'object' && document !== null) {
     for (const key of Object.keys(document)) {
-      document[key] = await shrinkJsonDocument(options, document[key], key);
+      document[key] = await shrinkJsonDocument(options, document[key], key)
     }
-    return document;
+    return document
   }
 
-  return document;
-}
+  return document
+}

package/src/validate.test.ts

@@ -1,22 +1,21 @@
-import { expandIamActions } from '@cloud-copilot/iam-expand';
-import { describe, expect, it, vi } from "vitest";
-import { validateShrinkResults } from './validate.js';
+import { expandIamActions } from '@cloud-copilot/iam-expand'
+import { describe, expect, it, vi } from 'vitest'
+import { validateShrinkResults } from './validate.js'
 vi.mock('@cloud-copilot/iam-expand')
 
-const mockExpandIamActions = vi.mocked(expandIamActions);
+const mockExpandIamActions = vi.mocked(expandIamActions)
 
-
-describe("validate", () => {
+describe('validate', () => {
   it('should return nothing if the actions are valid', async () => {
     // Given a list of desired actions
-    const desiredActions = ['s3:GetObject', 's3:PutObject', 's3:DeleteObject'];
+    const desiredActions = ['s3:GetObject', 's3:PutObject', 's3:DeleteObject']
     // And a list of patterns
-    const patterns = ['s3:*Object'];
+    const patterns = ['s3:*Object']
     // And the patterns include an undesired action
-    mockExpandIamActions.mockResolvedValue(['s3:GetObject', 's3:PutObject', 's3:DeleteObject']);
+    mockExpandIamActions.mockResolvedValue(['s3:GetObject', 's3:PutObject', 's3:DeleteObject'])
 
     // When the patterns are validated
-    const result = await validateShrinkResults(desiredActions, patterns);
+    const result = await validateShrinkResults(desiredActions, patterns)
 
     // Then the validation should fail
     expect(result).toBeUndefined()
@@ -24,32 +23,31 @@ describe("validate", () => {
 
   it('should find an undesired action', async () => {
     // Given a list of desired actions
-    const desiredActions = ['s3:GetObject', 's3:PutObject'];
+    const desiredActions = ['s3:GetObject', 's3:PutObject']
     // And a list of patterns
-    const patterns = ['s3:*Object'];
+    const patterns = ['s3:*Object']
     // And the patterns include an undesired action
-    mockExpandIamActions.mockResolvedValue(['s3:GetObject', 's3:PutObject', 's3:DeleteObject']);
+    mockExpandIamActions.mockResolvedValue(['s3:GetObject', 's3:PutObject', 's3:DeleteObject'])
 
     // When the patterns are validated
-    const result = await validateShrinkResults(desiredActions, patterns);
+    const result = await validateShrinkResults(desiredActions, patterns)
 
     // Then the validation should fail
-    expect(result).toEqual('Undesired action: s3:DeleteObject');
+    expect(result).toEqual('Undesired action: s3:DeleteObject')
   })
 
   it('should find a missing action', async () => {
     // Given a list of desired actions
-    const desiredActions = ['s3:GetObject', 's3:PutObject'];
+    const desiredActions = ['s3:GetObject', 's3:PutObject']
     // And a list of patterns
-    const patterns = ['s3:Get*'];
+    const patterns = ['s3:Get*']
     // And the patterns are missing an action
-    mockExpandIamActions.mockResolvedValue(['s3:GetObject']);
+    mockExpandIamActions.mockResolvedValue(['s3:GetObject'])
 
     // When the patterns are validated
-    const result = await validateShrinkResults(desiredActions, patterns);
+    const result = await validateShrinkResults(desiredActions, patterns)
 
     // Then the validation should fail
-    expect(result).toEqual('Missing action s3:PutObject');
+    expect(result).toEqual('Missing action s3:PutObject')
   })
-
 })

package/src/validate.ts

@@ -1,4 +1,4 @@
-import { expandIamActions } from "@cloud-copilot/iam-expand";
+import { expandIamActions } from '@cloud-copilot/iam-expand'
 
 /**
  * Checks a list of patterns against a list of desired actions to validate:
@@ -9,21 +9,24 @@ import { expandIamActions } from "@cloud-copilot/iam-expand";
  * @param patterns The list of patterns that the algorithm has derived
  * @returns the first match error if any, otherwise undefined
  */
-export async function validateShrinkResults(desiredActions: string[], patterns: string[]): Promise<string | undefined> {
-  const desiredActionSet = new Set(desiredActions);
-  const expandedAfterActions = await expandIamActions(patterns, {expandServiceAsterisk: true});
-  const expandedAfterActionSet = new Set(expandedAfterActions);
-  for(const afterAction of expandedAfterActions) {
-    if(!desiredActionSet.has(afterAction)) {
-      return `Undesired action: ${afterAction}`;
+export async function validateShrinkResults(
+  desiredActions: string[],
+  patterns: string[]
+): Promise<string | undefined> {
+  const desiredActionSet = new Set(desiredActions)
+  const expandedAfterActions = await expandIamActions(patterns)
+  const expandedAfterActionSet = new Set(expandedAfterActions)
+  for (const afterAction of expandedAfterActions) {
+    if (!desiredActionSet.has(afterAction)) {
+      return `Undesired action: ${afterAction}`
     }
   }
 
-  for(const desiredAction of desiredActions) {
-    if(!expandedAfterActionSet.has(desiredAction)) {
+  for (const desiredAction of desiredActions) {
+    if (!expandedAfterActionSet.has(desiredAction)) {
       return `Missing action ${desiredAction}`
     }
   }
 
-  return undefined;
-}
+  return undefined
+}

package/dist/cjs/stdin.d.ts

@@ -1,7 +0,0 @@
-/**
- * Read from stdin until the stream ends, timeout, or an error occurs
- *
- * @returns the string input from stdin
- */
-export declare function readStdin(readWait: number | undefined): Promise<string>;
-//# sourceMappingURL=stdin.d.ts.map