@cloud-copilot/iam-shrink 0.1.7 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/workflows/pr-checks.yml +15 -2
- package/CHANGELOG.md +15 -0
- package/README.md +26 -0
- package/dist/cjs/cli.js +18 -1
- package/dist/cjs/cli.js.map +1 -1
- package/dist/cjs/shrink.d.ts +11 -0
- package/dist/cjs/shrink.d.ts.map +1 -1
- package/dist/cjs/shrink.js +82 -5
- package/dist/cjs/shrink.js.map +1 -1
- package/dist/cjs/shrink_file.d.ts.map +1 -1
- package/dist/cjs/shrink_file.js +6 -1
- package/dist/cjs/shrink_file.js.map +1 -1
- package/dist/esm/cli.js +19 -2
- package/dist/esm/cli.js.map +1 -1
- package/dist/esm/shrink.d.ts +11 -0
- package/dist/esm/shrink.d.ts.map +1 -1
- package/dist/esm/shrink.js +80 -5
- package/dist/esm/shrink.js.map +1 -1
- package/dist/esm/shrink_file.d.ts.map +1 -1
- package/dist/esm/shrink_file.js +6 -1
- package/dist/esm/shrink_file.js.map +1 -1
- package/package.json +1 -1
- package/src/cli.ts +19 -2
- package/src/shrink.test.ts +137 -3
- package/src/shrink.ts +110 -7
- package/src/shrink_file.test.ts +63 -0
- package/src/shrink_file.ts +5 -1
|
@@ -83,5 +83,18 @@ jobs:
|
|
|
83
83
|
- name: Install GuardDog
|
|
84
84
|
run: pip install guarddog
|
|
85
85
|
|
|
86
|
-
-
|
|
87
|
-
|
|
86
|
+
- name: Run GuardDog scan on src
|
|
87
|
+
run: guarddog npm scan src/ --exit-non-zero-on-finding
|
|
88
|
+
|
|
89
|
+
- name: Check if package.json changed
|
|
90
|
+
id: package_check
|
|
91
|
+
run: |
|
|
92
|
+
if git diff --name-only origin/${{ github.event.pull_request.base.ref }}...HEAD | grep -q '^package\.json$'; then
|
|
93
|
+
echo "changed=true" >> $GITHUB_OUTPUT
|
|
94
|
+
else
|
|
95
|
+
echo "changed=false" >> $GITHUB_OUTPUT
|
|
96
|
+
fi
|
|
97
|
+
|
|
98
|
+
- name: Conditionally run verify on package.json
|
|
99
|
+
if: steps.package_check.outputs.changed == 'true'
|
|
100
|
+
run: guarddog npm verify package.json --exclude-rules empty_information --exit-non-zero-on-finding
|
package/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,18 @@
|
|
|
1
|
+
## [0.1.9](https://github.com/cloud-copilot/iam-shrink/compare/v0.1.8...v0.1.9) (2025-04-09)
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
### Features
|
|
5
|
+
|
|
6
|
+
* Add the ability to specify what access levels should be reduced. ([af2c090](https://github.com/cloud-copilot/iam-shrink/commit/af2c0909ffdd974de576e7c35320b93ebbc92760))
|
|
7
|
+
|
|
8
|
+
## [0.1.8](https://github.com/cloud-copilot/iam-shrink/compare/v0.1.7...v0.1.8) (2025-04-08)
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
### Features
|
|
12
|
+
|
|
13
|
+
* Add cli option to eliminate whitespace form output. ([cd13dc8](https://github.com/cloud-copilot/iam-shrink/commit/cd13dc89b5ad7dcb0db0cc3ac60289695e494256))
|
|
14
|
+
* Add option to remove Sids from policy documents. ([45d7086](https://github.com/cloud-copilot/iam-shrink/commit/45d7086eee71fee38f87edccad9da9273a6ecaf8))
|
|
15
|
+
|
|
1
16
|
## [0.1.7](https://github.com/cloud-copilot/iam-shrink/compare/v0.1.6...v0.1.7) (2025-04-05)
|
|
2
17
|
|
|
3
18
|
## [0.1.6](https://github.com/cloud-copilot/iam-shrink/compare/v0.1.5...v0.1.6) (2025-03-19)
|
package/README.md
CHANGED
|
@@ -165,6 +165,32 @@ cat readonly.json | iam-shrink --iterations 0 | wc -m
|
|
|
165
165
|
|
|
166
166
|
If you want to shrink the policy as much as possible, you can use `--iterations 0`. This will keep shrinking the policy until it can't be reduced any further.
|
|
167
167
|
|
|
168
|
+
## Specify Access Levels
|
|
169
|
+
|
|
170
|
+
AWS has [Access Levels](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html#actions_table) that are assigned to all permissions in IAM. They are:
|
|
171
|
+
|
|
172
|
+
- `List`
|
|
173
|
+
- `Read`
|
|
174
|
+
- `Write`
|
|
175
|
+
- `Tagging`
|
|
176
|
+
- `Permissions management`
|
|
177
|
+
|
|
178
|
+
By default iam-shrink will shrink all actions regardless of their access level. You can specify a list of access levels using the `--levels` argument to shrink only those actions.
|
|
179
|
+
|
|
180
|
+
```bash
|
|
181
|
+
# Shrink all actions
|
|
182
|
+
cat big-policy.json | iam-shrink
|
|
183
|
+
|
|
184
|
+
# Shrink only Read, List, and Tagging actions. Write, and Permissions management actions will be included without any wildcards
|
|
185
|
+
cat big-policy.json | iam-shrink --levels read list tagging
|
|
186
|
+
|
|
187
|
+
```
|
|
188
|
+
|
|
189
|
+
## Other CLI Options
|
|
190
|
+
|
|
191
|
+
- `--remove-sids`: Remove all `Sid` fields from the policy.
|
|
192
|
+
- `--remove-whitespace`: Remove all whitespace from the output.
|
|
193
|
+
|
|
168
194
|
## Use in TypeScript/Node
|
|
169
195
|
|
|
170
196
|
You can use the shrink function in your own code.
|
package/dist/cjs/cli.js
CHANGED
|
@@ -20,11 +20,27 @@ async function shrinkAndPrint(actions, shrinkOptions) {
|
|
|
20
20
|
}
|
|
21
21
|
async function run() {
|
|
22
22
|
const cli = (0, cli_1.parseCliArguments)('iam-shrink', {}, {
|
|
23
|
+
removeSids: {
|
|
24
|
+
type: 'boolean',
|
|
25
|
+
description: 'Remove Sid fields from the policy statements',
|
|
26
|
+
character: 's'
|
|
27
|
+
},
|
|
28
|
+
removeWhitespace: {
|
|
29
|
+
type: 'boolean',
|
|
30
|
+
description: 'Remove whitespace from the policy output',
|
|
31
|
+
character: 'w'
|
|
32
|
+
},
|
|
23
33
|
iterations: {
|
|
24
34
|
type: 'number',
|
|
25
35
|
description: 'How many iterations of shrinking should be executed, defaults to 2; zero or less means no limit',
|
|
26
36
|
values: 'single'
|
|
27
37
|
},
|
|
38
|
+
levels: {
|
|
39
|
+
type: 'enum',
|
|
40
|
+
description: 'The access levels to reduce in the policy, defaults to all levels',
|
|
41
|
+
values: 'multiple',
|
|
42
|
+
validValues: shrink_js_1.allActionAccessLevels
|
|
43
|
+
},
|
|
28
44
|
readWaitMs: {
|
|
29
45
|
description: 'Milliseconds to wait for the first byte from stdin before timing out',
|
|
30
46
|
values: 'single',
|
|
@@ -57,7 +73,8 @@ async function run() {
|
|
|
57
73
|
//If no actions are provided, read from stdin
|
|
58
74
|
const stdInResult = await (0, cli_utils_js_1.parseStdIn)(shrinkArgs);
|
|
59
75
|
if (stdInResult.object) {
|
|
60
|
-
|
|
76
|
+
const spaces = shrinkArgs.removeWhitespace ? 0 : 2;
|
|
77
|
+
console.log(JSON.stringify(stdInResult.object, null, spaces));
|
|
61
78
|
return;
|
|
62
79
|
}
|
|
63
80
|
else if (stdInResult.strings) {
|
package/dist/cjs/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";;;AAEA,4CAAsD;AACtD,sDAA0E;AAC1E,iDAAsE;AACtE,
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";;;AAEA,4CAAsD;AACtD,sDAA0E;AAC1E,iDAAsE;AACtE,2CAA0E;AAE1E,MAAM,WAAW,GAAG,yBAAyB,CAAA;AAE7C,KAAK,UAAU,cAAc,CAAC,OAAiB,EAAE,aAAqC;IACpF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAM,EAAC,OAAO,EAAE,aAAa,CAAC,CAAA;QACnD,KAAK,MAAM,MAAM,IAAI,MAAM,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACrB,CAAC;IACH,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA;QACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,GAAG,GAAG,IAAA,uBAAiB,EAC3B,YAAY,EACZ,EAAE,EACF;QACE,UAAU,EAAE;YACV,IAAI,EAAE,SAAS;YACf,WAAW,EAAE,8CAA8C;YAC3D,SAAS,EAAE,GAAG;SACf;QACD,gBAAgB,EAAE;YAChB,IAAI,EAAE,SAAS;YACf,WAAW,EAAE,0CAA0C;YACvD,SAAS,EAAE,GAAG;SACf;QACD,UAAU,EAAE;YACV,IAAI,EAAE,QAAQ;YACd,WAAW,EACT,iGAAiG;YACnG,MAAM,EAAE,QAAQ;SACjB;QACD,MAAM,EAAE;YACN,IAAI,EAAE,MAAM;YACZ,WAAW,EAAE,mEAAmE;YAChF,MAAM,EAAE,UAAU;YAClB,WAAW,EAAE,iCAAqB;SACnC;QACD,UAAU,EAAE;YACV,WAAW,EAAE,sEAAsE;YACnF,MAAM,EAAE,QAAQ;YAChB,IAAI,EAAE,QAAQ;SACf;QACD,eAAe,EAAE;YACf,SAAS,EAAE,GAAG;YACd,WAAW,EAAE,+DAA+D;YAC5E,IAAI,EAAE,SAAS;SAChB;KACF,EACD;QACE,YAAY,EAAE,QAAQ;QACtB,sBAAsB,EAAE,IAAI;KAC7B,CACF,CAAA;IAED,IAAI,GAAG,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,MAAM,IAAA,yBAAc,GAAE,CAAA;QACtC,OAAO,CAAC,GAAG,CAAC,GAAG,WAAW,aAAa,OAAO,EAAE,CAAC,CAAA;QACjD,OAAO,CAAC,GAAG,CAAC,sBAAsB,MAAM,IAAA,2BAAgB,GAAE,EAAE,CAAC,CAAA;QAC7D,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAA;QAClC,OAAO,CAAC,GAAG,CAAC,gBAAgB,WAAW,EAAE,CAAC,CAAA;QAC1C,OAAO,CAAC,GAAG,CAAC,mBAAmB,WAAW,EAAE,CAAC,CAAA;QAC7C,OAAM;IACR,CAAC;IAED,MAAM,aAAa,GAAG,GAAG,CAAC,QAAQ,CAAA;IAElC,MAAM,UAAU,GAAG,EAAE,GAAG,GAAG,CAAC,IAAI,EAAE,UAAU,EAAE,IAAA,wCAAyB,EAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAA;IAC9F,IAAI,UAAU,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACxC,OAAO,UAAU,CAAC,UAAU,CAAA;IAC9B,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,6CAA6C;QAC7C,MAAM,WAAW,GAAG,MAAM,IAAA,yBAAU,EAAC,UAAU,CAAC,CAAA;QAChD,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;YACvB,MAAM,MAAM,GAAG,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YAClD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC,CAAA;YAC7D,OAAM;QACR,CAAC;aAAM,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YAC/B,aAAa,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,OAAO,CAAC,CAAA;QAC5C,CAAC;IACH,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,cAAc,CAAC,aAAa,EAAE,UAAU,CAAC,CAAA;QAC/C,OAAM;IACR,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAA;IACtD,GAAG,CAAC,SAAS,EAAE,CAAA;AACjB,CAAC;AAED,GAAG,EAAE;KACF,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC;KACD,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;KACd,OAAO,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA"}
|
package/dist/cjs/shrink.d.ts
CHANGED
|
@@ -1,5 +1,9 @@
|
|
|
1
|
+
export type ActionAccessLevel = 'read' | 'write' | 'list' | 'tagging' | 'permissions';
|
|
2
|
+
export declare const allActionAccessLevels: ActionAccessLevel[];
|
|
1
3
|
export interface ShrinkOptions {
|
|
2
4
|
iterations: number;
|
|
5
|
+
removeSids: boolean;
|
|
6
|
+
levels: ActionAccessLevel[];
|
|
3
7
|
}
|
|
4
8
|
/**
|
|
5
9
|
* Shrink the list of desired patterns minus the excluded patterns to the smallest list of patterns
|
|
@@ -128,4 +132,11 @@ export declare function findCommonSequences(actions: string[]): {
|
|
|
128
132
|
* @returns the consolidated list of patterns
|
|
129
133
|
*/
|
|
130
134
|
export declare function consolidateWildcardPatterns(patterns: string[]): string[];
|
|
135
|
+
/**
|
|
136
|
+
* Check if all access levels are included in the set
|
|
137
|
+
*
|
|
138
|
+
* @param accessLevels the set of ActionAccessLevel values to check
|
|
139
|
+
* @returns true if all access levels are included
|
|
140
|
+
*/
|
|
141
|
+
export declare function isAllAccessLevels(accessLevels: Set<ActionAccessLevel>): boolean;
|
|
131
142
|
//# sourceMappingURL=shrink.d.ts.map
|
package/dist/cjs/shrink.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shrink.d.ts","sourceRoot":"","sources":["../../src/shrink.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"shrink.d.ts","sourceRoot":"","sources":["../../src/shrink.ts"],"names":[],"mappings":"AAKA,MAAM,MAAM,iBAAiB,GAAG,MAAM,GAAG,OAAO,GAAG,MAAM,GAAG,SAAS,GAAG,aAAa,CAAA;AACrF,eAAO,MAAM,qBAAqB,EAAE,iBAAiB,EAMpD,CAAA;AAYD,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,OAAO,CAAA;IACnB,MAAM,EAAE,iBAAiB,EAAE,CAAA;CAC5B;AAQD;;;;;;;;;;;;GAYG;AACH,wBAAsB,MAAM,CAC1B,eAAe,EAAE,MAAM,EAAE,EACzB,aAAa,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,GACrC,OAAO,CAAC,MAAM,EAAE,CAAC,CAkDnB;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAEtD;AAED;;;;;;;;;GASG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,MAAM,EAAE,GAChB,GAAG,CAAC,MAAM,EAAE;IAAE,WAAW,EAAE,MAAM,EAAE,CAAC;IAAC,cAAc,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC,CAWlE;AAED;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAChC,cAAc,EAAE,MAAM,EAAE,EACxB,eAAe,EAAE,MAAM,EAAE,EACzB,UAAU,EAAE,MAAM,GACjB,MAAM,EAAE,CAiCV;AAED;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAC7B,cAAc,EAAE,MAAM,EAAE,EACxB,gBAAgB,EAAE,MAAM,EAAE,EAC1B,IAAI,EAAE,OAAO,GACZ,MAAM,EAAE,CAuBV;AAED;;;;;;;;GAQG;AACH,wBAAgB,YAAY,CAC1B,aAAa,EAAE,MAAM,EACrB,QAAQ,EAAE,MAAM,EAChB,gBAAgB,EAAE,MAAM,EAAE,GACzB,MAAM,CAoER;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,CAEhE;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,CAIrE;AAED;;;;;;GAMG;AACH,wBAAgB,8BAA8B,CAAC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAQjG;AAED;;;;;;;;;GASG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAK5D;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,UAAU,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAc5F;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,MAAM,EAAE,GAChB;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,EAAE,CAc3D;AAED;;;;;;;;;GASG;AACH,wBAAgB,2BAA2B,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAsBxE;AAkED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,YAAY,EAAE,GAAG,CAAC,iBAAiB,CAAC,GAAG,OAAO,CAK/E"}
|
package/dist/cjs/shrink.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.allActionAccessLevels = void 0;
|
|
3
4
|
exports.shrink = shrink;
|
|
4
5
|
exports.mapActions = mapActions;
|
|
5
6
|
exports.groupActionsByService = groupActionsByService;
|
|
@@ -13,11 +14,29 @@ exports.splitActionIntoParts = splitActionIntoParts;
|
|
|
13
14
|
exports.countSubstrings = countSubstrings;
|
|
14
15
|
exports.findCommonSequences = findCommonSequences;
|
|
15
16
|
exports.consolidateWildcardPatterns = consolidateWildcardPatterns;
|
|
17
|
+
exports.isAllAccessLevels = isAllAccessLevels;
|
|
18
|
+
const iam_data_1 = require("@cloud-copilot/iam-data");
|
|
16
19
|
const iam_expand_1 = require("@cloud-copilot/iam-expand");
|
|
17
20
|
const errors_js_1 = require("./errors.js");
|
|
18
21
|
const validate_js_1 = require("./validate.js");
|
|
22
|
+
exports.allActionAccessLevels = [
|
|
23
|
+
'read',
|
|
24
|
+
'write',
|
|
25
|
+
'list',
|
|
26
|
+
'tagging',
|
|
27
|
+
'permissions'
|
|
28
|
+
];
|
|
29
|
+
const actionLevelMap = {
|
|
30
|
+
Read: 'read',
|
|
31
|
+
Write: 'write',
|
|
32
|
+
List: 'list',
|
|
33
|
+
Tagging: 'tagging',
|
|
34
|
+
'Permissions management': 'permissions'
|
|
35
|
+
};
|
|
19
36
|
const defaultOptions = {
|
|
20
|
-
iterations: 2
|
|
37
|
+
iterations: 2,
|
|
38
|
+
removeSids: false,
|
|
39
|
+
levels: exports.allActionAccessLevels
|
|
21
40
|
};
|
|
22
41
|
/**
|
|
23
42
|
* Shrink the list of desired patterns minus the excluded patterns to the smallest list of patterns
|
|
@@ -34,11 +53,15 @@ const defaultOptions = {
|
|
|
34
53
|
*/
|
|
35
54
|
async function shrink(desiredPatterns, shrinkOptions) {
|
|
36
55
|
//Check for an all actions wildcard
|
|
56
|
+
const options = { ...defaultOptions, ...shrinkOptions };
|
|
57
|
+
if (options.levels.length === 0) {
|
|
58
|
+
options.levels = exports.allActionAccessLevels;
|
|
59
|
+
}
|
|
60
|
+
const reducibleAccessLevelsSet = new Set(options.levels);
|
|
37
61
|
const wildCard = desiredPatterns.find((pattern) => collapseAsterisks(pattern) === '*');
|
|
38
|
-
if (wildCard) {
|
|
62
|
+
if (wildCard && isAllAccessLevels(reducibleAccessLevelsSet)) {
|
|
39
63
|
return ['*'];
|
|
40
64
|
}
|
|
41
|
-
const options = { ...defaultOptions, ...shrinkOptions };
|
|
42
65
|
const targetActions = await (0, iam_expand_1.expandIamActions)(desiredPatterns);
|
|
43
66
|
const expandedActionsByService = groupActionsByService(targetActions);
|
|
44
67
|
const services = Array.from(expandedActionsByService.keys()).sort();
|
|
@@ -46,9 +69,13 @@ async function shrink(desiredPatterns, shrinkOptions) {
|
|
|
46
69
|
for (const service of services) {
|
|
47
70
|
const desiredActions = expandedActionsByService.get(service);
|
|
48
71
|
const possibleActions = mapActions(await (0, iam_expand_1.expandIamActions)(`${service}:*`));
|
|
49
|
-
const
|
|
72
|
+
const filteredActions = await filterActionsByAccessLevel(service, desiredActions.withoutService, reducibleAccessLevelsSet);
|
|
73
|
+
const reducedServiceActions = shrinkResolvedList(filteredActions.reducibleActions, possibleActions, options.iterations);
|
|
50
74
|
//Validation
|
|
51
|
-
const reducedServiceActionsWithService =
|
|
75
|
+
const reducedServiceActionsWithService = [
|
|
76
|
+
...reducedServiceActions.map((action) => `${service}:${action}`),
|
|
77
|
+
...filteredActions.unreducibleActions.map((action) => `${service}:${action}`)
|
|
78
|
+
].sort();
|
|
52
79
|
const invalidMatch = await (0, validate_js_1.validateShrinkResults)(desiredActions.withService, reducedServiceActionsWithService);
|
|
53
80
|
if (invalidMatch) {
|
|
54
81
|
throw new errors_js_1.ShrinkValidationError(desiredPatterns, invalidMatch);
|
|
@@ -353,4 +380,54 @@ function matchesPattern(general, specific) {
|
|
|
353
380
|
const regex = new RegExp('^' + general.replace(/\*/g, '.*') + '$');
|
|
354
381
|
return regex.test(specific);
|
|
355
382
|
}
|
|
383
|
+
/**
|
|
384
|
+
* Get the ActionAccessLevel option value for a given ActionDataAccessLevel
|
|
385
|
+
*
|
|
386
|
+
* @param accessLevel the ActionDataAccessLevel to convert
|
|
387
|
+
* @returns the corresponding ActionAccessLevel
|
|
388
|
+
* @throws if the access level is not recognized
|
|
389
|
+
*/
|
|
390
|
+
function optionAccessLevelForDataAccessLevel(accessLevel) {
|
|
391
|
+
const result = actionLevelMap[accessLevel];
|
|
392
|
+
if (result) {
|
|
393
|
+
return result;
|
|
394
|
+
}
|
|
395
|
+
throw new Error(`Unknown access level: ${accessLevel}`);
|
|
396
|
+
}
|
|
397
|
+
/**
|
|
398
|
+
* Filter actions into reducable and unreduceable based on the provided access levels
|
|
399
|
+
*
|
|
400
|
+
* @param service the service the actions belong to
|
|
401
|
+
* @param actions the list of actions to filter
|
|
402
|
+
* @param reducibleAccessLevels the set of ActionAccessLevel values that are considered reducible
|
|
403
|
+
* @returns an object with two arrays: reducibleActions and unreducibleActions
|
|
404
|
+
*/
|
|
405
|
+
async function filterActionsByAccessLevel(service, actions, reducibleAccessLevels) {
|
|
406
|
+
if (isAllAccessLevels(reducibleAccessLevels)) {
|
|
407
|
+
return { reducibleActions: actions, unreducibleActions: [] };
|
|
408
|
+
}
|
|
409
|
+
const reducibleActions = [];
|
|
410
|
+
const unreducibleActions = [];
|
|
411
|
+
for (const action of actions) {
|
|
412
|
+
const details = await (0, iam_data_1.iamActionDetails)(service, action);
|
|
413
|
+
const accessLevel = optionAccessLevelForDataAccessLevel(details.accessLevel);
|
|
414
|
+
if (reducibleAccessLevels.has(accessLevel)) {
|
|
415
|
+
reducibleActions.push(action);
|
|
416
|
+
}
|
|
417
|
+
else {
|
|
418
|
+
unreducibleActions.push(action);
|
|
419
|
+
}
|
|
420
|
+
}
|
|
421
|
+
return { reducibleActions, unreducibleActions };
|
|
422
|
+
}
|
|
423
|
+
/**
|
|
424
|
+
* Check if all access levels are included in the set
|
|
425
|
+
*
|
|
426
|
+
* @param accessLevels the set of ActionAccessLevel values to check
|
|
427
|
+
* @returns true if all access levels are included
|
|
428
|
+
*/
|
|
429
|
+
function isAllAccessLevels(accessLevels) {
|
|
430
|
+
return (accessLevels.size >= exports.allActionAccessLevels.length &&
|
|
431
|
+
!exports.allActionAccessLevels.find((level) => !accessLevels.has(level)));
|
|
432
|
+
}
|
|
356
433
|
//# sourceMappingURL=shrink.js.map
|
package/dist/cjs/shrink.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shrink.js","sourceRoot":"","sources":["../../src/shrink.ts"],"names":[],"mappings":";;AAyBA,wBAwCC;AAQD,gCAEC;AAYD,sDAaC;AAWD,gDAqCC;AAUD,0CA2BC;AAWD,oCAwEC;AAQD,8CAEC;AAQD,wDAIC;AASD,wEAQC;AAYD,oDAKC;AASD,0CAcC;AAQD,kDAgBC;AAYD,kEAsBC;AArZD,0DAA4D;AAC5D,2CAAmD;AACnD,+CAAqD;AAMrD,MAAM,cAAc,GAAkB;IACpC,UAAU,EAAE,CAAC;CACd,CAAA;AAED;;;;;;;;;;;;GAYG;AACI,KAAK,UAAU,MAAM,CAC1B,eAAyB,EACzB,aAAsC;IAEtC,mCAAmC;IACnC,MAAM,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,CAAA;IACtF,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,CAAA;IACd,CAAC;IAED,MAAM,OAAO,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,aAAa,EAAE,CAAA;IACvD,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,EAAC,eAAe,CAAC,CAAA;IAC7D,MAAM,wBAAwB,GAAG,qBAAqB,CAAC,aAAa,CAAC,CAAA;IACrE,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAA;IAEnE,MAAM,cAAc,GAAa,EAAE,CAAA;IACnC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,cAAc,GAAG,wBAAwB,CAAC,GAAG,CAAC,OAAO,CAAE,CAAA;QAC7D,MAAM,eAAe,GAAG,UAAU,CAAC,MAAM,IAAA,6BAAgB,EAAC,GAAG,OAAO,IAAI,CAAC,CAAC,CAAA;QAC1E,MAAM,qBAAqB,GAAG,kBAAkB,CAC9C,cAAc,CAAC,cAAc,EAC7B,eAAe,EACf,OAAO,CAAC,UAAU,CACnB,CAAA;QAED,YAAY;QACZ,MAAM,gCAAgC,GAAG,qBAAqB,CAAC,GAAG,CAChE,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,OAAO,IAAI,MAAM,EAAE,CACnC,CAAA;QACD,MAAM,YAAY,GAAG,MAAM,IAAA,mCAAqB,EAC9C,cAAc,CAAC,WAAW,EAC1B,gCAAgC,CACjC,CAAA;QACD,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,IAAI,iCAAqB,CAAC,eAAe,EAAE,YAAY,CAAC,CAAA;QAChE,CAAC;QACD,cAAc,CAAC,IAAI,CAAC,GAAG,gCAAgC,CAAC,CAAA;IAC1D,CAAC;IAED,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,UAAU,CAAC,OAAiB;IAC1C,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;AACtD,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,qBAAqB,CACnC,OAAiB;IAEjB,MAAM,UAAU,GAAG,IAAI,GAAG,EAA+D,CAAA;IACzF,OAAO,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,EAAE;QAC/B,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACjD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC,CAAA;QAClE,CAAC;QACD,UAAU,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QACvD,UAAU,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IACtD,CAAC,CAAC,CAAA;IACF,OAAO,UAAU,CAAA;AACnB,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,kBAAkB,CAChC,cAAwB,EACxB,eAAyB,EACzB,UAAkB;IAElB,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,CAAA;IAChD,MAAM,gBAAgB,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAA;IAE1F,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,oEAAoE;QACpE,OAAO,CAAC,GAAG,CAAC,CAAA;IACd,CAAC;IAED,sFAAsF;IACtF,IAAI,wBAAwB,GAAG,cAAc,CAAC,MAAM,CAAA;IACpD,IAAI,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,CAAA;IAEvC,GAAG,CAAC;QACF,wBAAwB,GAAG,UAAU,CAAC,MAAM,CAAA;QAC5C,UAAU,GAAG,eAAe,CAAC,UAAU,EAAE,gBAAgB,EAAE,KAAK,CAAC,CAAA;QACjE,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;QAC3B,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;YACpB,OAAO,UAAU,CAAA;QACnB,CAAC;IACH,CAAC,QAAQ,UAAU,CAAC,MAAM,GAAG,wBAAwB,EAAC;IAEtD,iFAAiF;IACjF,GAAG,CAAC;QACF,wBAAwB,GAAG,UAAU,CAAC,MAAM,CAAA;QAC5C,UAAU,GAAG,eAAe,CAAC,UAAU,EAAE,gBAAgB,EAAE,IAAI,CAAC,CAAA;QAChE,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;QAC3B,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;YACpB,OAAO,UAAU,CAAA;QACnB,CAAC;IACH,CAAC,QAAQ,UAAU,CAAC,MAAM,GAAG,wBAAwB,EAAC;IAEtD,OAAO,UAAU,CAAA;AACnB,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,eAAe,CAC7B,cAAwB,EACxB,gBAA0B,EAC1B,IAAa;IAEb,mEAAmE;IACnE,MAAM,eAAe,GAAG,mBAAmB,CAAC,cAAc,CAAC,CAAC,MAAM,CAChE,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,IAAI,GAAG,CACvC,CAAA;IACD,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC5B,OAAO,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAA;IAClC,CAAC,CAAC,CAAA;IAEF,MAAM,kBAAkB,GAAG,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;IAE/E,mDAAmD;IACnD,IAAI,cAAc,GAAG,cAAc,CAAA;IACnC,KAAK,MAAM,QAAQ,IAAI,kBAAkB,EAAE,CAAC;QAC1C,MAAM,gBAAgB,GAAG,KAAK,CAAC,IAAI,CACjC,IAAI,GAAG,CACL,cAAc,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAC1F,CACF,CAAA;QACD,cAAc,GAAG,2BAA2B,CAAC,gBAAgB,CAAC,CAAA;IAChE,CAAC;IAED,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,YAAY,CAC1B,aAAqB,EACrB,QAAgB,EAChB,gBAA0B;IAE1B,MAAM,SAAS,GAAG,oBAAoB,CAAC,aAAa,CAAC,CAAA;IACrD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,aAAa,CAAA;IACtB,CAAC;IACD,MAAM,eAAe,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;IACnD,IAAI,YAAY,GAAG,aAAa,CAAA;IAEhC,IAAI,eAAe,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,6HAA6H;QAC7H,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC1C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;QAED,sBAAsB;IACxB,CAAC;SAAM,IAAI,eAAe,KAAK,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpD,gBAAgB;QAChB,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YAED,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;IACH,CAAC;SAAM,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;QAC/B,mBAAmB;QACnB,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,eAAe,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5D,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,2FAA2F;gBAC3F,SAAS,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAA;gBAC3B,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;QACD,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,eAAe,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC9C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAA;AACrB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAAC,cAAsB;IACtD,OAAO,cAAc,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;AAC5C,CAAC;AAED;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,cAAsB;IAC3D,cAAc,GAAG,iBAAiB,CAAC,cAAc,CAAC,CAAA;IAClD,MAAM,OAAO,GAAG,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,GAAG,CAAA;IAChE,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;AACjC,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,8BAA8B,CAAC,cAAsB,EAAE,OAAiB;IACtF,MAAM,KAAK,GAAG,sBAAsB,CAAC,cAAc,CAAC,CAAA;IACpD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACvB,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,oBAAoB,CAAC,KAAa;IAChD,8FAA8F;IAC9F,oDAAoD;IACpD,sEAAsE;IACtE,OAAO,KAAK,CAAC,KAAK,CAAC,+DAA+D,CAAC,CAAA;AACrF,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,eAAe,CAAC,UAAoB,EAAE,OAAiB;IACrE,MAAM,cAAc,GAAG,IAAI,GAAG,EAAkB,CAAA;IAChD,UAAU,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE;QAC/B,IAAI,KAAK,GAAG,CAAC,CAAA;QACb,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;YACzB,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC/B,KAAK,EAAE,CAAA;YACT,CAAC;QACH,CAAC,CAAC,CAAA;QACF,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACd,cAAc,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;QACtC,CAAC;IACH,CAAC,CAAC,CAAA;IACF,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,mBAAmB,CACjC,OAAiB;IAEjB,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAA;IACvC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;QACzB,oBAAoB,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAA;IACnF,CAAC,CAAC,CAAA;IAEF,MAAM,cAAc,GAAG,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,OAAO,CAAC,CAAA;IAE1E,MAAM,MAAM,GAAU,EAAE,CAAA;IACxB,cAAc,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE;QAC7C,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;IAC/D,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,2BAA2B,CAAC,QAAkB;IAC5D,8CAA8C;IAC9C,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAA;IAE5C,IAAI,oBAAoB,GAAa,EAAE,CAAA;IACvC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,kCAAkC;QAClC,MAAM,wBAAwB,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE,CAC1E,cAAc,CAAC,YAAY,EAAE,OAAO,CAAC,CACtC,CAAA;QACD,IAAI,wBAAwB,EAAE,CAAC;YAC7B,SAAQ;QACV,CAAC;QAED,mDAAmD;QACnD,oBAAoB,GAAG,oBAAoB,CAAC,MAAM,CAChD,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,CAAC,CACzD,CAAA;QAED,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IACpC,CAAC;IACD,OAAO,oBAAoB,CAAA;AAC7B,CAAC;AAED;;;;;GAKG;AACH,SAAS,cAAc,CAAC,OAAe,EAAE,QAAgB;IACvD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,GAAG,CAAC,CAAA;IAClE,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;AAC7B,CAAC"}
|
|
1
|
+
{"version":3,"file":"shrink.js","sourceRoot":"","sources":["../../src/shrink.ts"],"names":[],"mappings":";;;AAiDA,wBAqDC;AAQD,gCAEC;AAYD,sDAaC;AAWD,gDAqCC;AAUD,0CA2BC;AAWD,oCAwEC;AAQD,8CAEC;AAQD,wDAIC;AASD,wEAQC;AAYD,oDAKC;AASD,0CAcC;AAQD,kDAgBC;AAYD,kEAsBC;AAwED,8CAKC;AAvgBD,sDAA0D;AAC1D,0DAA4D;AAC5D,2CAAmD;AACnD,+CAAqD;AAGxC,QAAA,qBAAqB,GAAwB;IACxD,MAAM;IACN,OAAO;IACP,MAAM;IACN,SAAS;IACT,aAAa;CACd,CAAA;AAID,MAAM,cAAc,GAAqD;IACvE,IAAI,EAAE,MAAM;IACZ,KAAK,EAAE,OAAO;IACd,IAAI,EAAE,MAAM;IACZ,OAAO,EAAE,SAAS;IAClB,wBAAwB,EAAE,aAAa;CACxC,CAAA;AAQD,MAAM,cAAc,GAAkB;IACpC,UAAU,EAAE,CAAC;IACb,UAAU,EAAE,KAAK;IACjB,MAAM,EAAE,6BAAqB;CAC9B,CAAA;AAED;;;;;;;;;;;;GAYG;AACI,KAAK,UAAU,MAAM,CAC1B,eAAyB,EACzB,aAAsC;IAEtC,mCAAmC;IACnC,MAAM,OAAO,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,aAAa,EAAE,CAAA;IACvD,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,OAAO,CAAC,MAAM,GAAG,6BAAqB,CAAA;IACxC,CAAC;IACD,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;IAExD,MAAM,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,CAAA;IACtF,IAAI,QAAQ,IAAI,iBAAiB,CAAC,wBAAwB,CAAC,EAAE,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,CAAA;IACd,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,EAAC,eAAe,CAAC,CAAA;IAC7D,MAAM,wBAAwB,GAAG,qBAAqB,CAAC,aAAa,CAAC,CAAA;IACrE,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAA;IAEnE,MAAM,cAAc,GAAa,EAAE,CAAA;IACnC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,cAAc,GAAG,wBAAwB,CAAC,GAAG,CAAC,OAAO,CAAE,CAAA;QAC7D,MAAM,eAAe,GAAG,UAAU,CAAC,MAAM,IAAA,6BAAgB,EAAC,GAAG,OAAO,IAAI,CAAC,CAAC,CAAA;QAC1E,MAAM,eAAe,GAAG,MAAM,0BAA0B,CACtD,OAAO,EACP,cAAc,CAAC,cAAc,EAC7B,wBAAwB,CACzB,CAAA;QAED,MAAM,qBAAqB,GAAG,kBAAkB,CAC9C,eAAe,CAAC,gBAAgB,EAChC,eAAe,EACf,OAAO,CAAC,UAAU,CACnB,CAAA;QAED,YAAY;QACZ,MAAM,gCAAgC,GAAG;YACvC,GAAG,qBAAqB,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,OAAO,IAAI,MAAM,EAAE,CAAC;YAChE,GAAG,eAAe,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,OAAO,IAAI,MAAM,EAAE,CAAC;SAC9E,CAAC,IAAI,EAAE,CAAA;QAER,MAAM,YAAY,GAAG,MAAM,IAAA,mCAAqB,EAC9C,cAAc,CAAC,WAAW,EAC1B,gCAAgC,CACjC,CAAA;QACD,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,IAAI,iCAAqB,CAAC,eAAe,EAAE,YAAY,CAAC,CAAA;QAChE,CAAC;QACD,cAAc,CAAC,IAAI,CAAC,GAAG,gCAAgC,CAAC,CAAA;IAC1D,CAAC;IAED,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,UAAU,CAAC,OAAiB;IAC1C,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;AACtD,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,qBAAqB,CACnC,OAAiB;IAEjB,MAAM,UAAU,GAAG,IAAI,GAAG,EAA+D,CAAA;IACzF,OAAO,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,EAAE;QAC/B,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACjD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC,CAAA;QAClE,CAAC;QACD,UAAU,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QACvD,UAAU,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IACtD,CAAC,CAAC,CAAA;IACF,OAAO,UAAU,CAAA;AACnB,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,kBAAkB,CAChC,cAAwB,EACxB,eAAyB,EACzB,UAAkB;IAElB,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,CAAA;IAChD,MAAM,gBAAgB,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAA;IAE1F,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,oEAAoE;QACpE,OAAO,CAAC,GAAG,CAAC,CAAA;IACd,CAAC;IAED,sFAAsF;IACtF,IAAI,wBAAwB,GAAG,cAAc,CAAC,MAAM,CAAA;IACpD,IAAI,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,CAAA;IAEvC,GAAG,CAAC;QACF,wBAAwB,GAAG,UAAU,CAAC,MAAM,CAAA;QAC5C,UAAU,GAAG,eAAe,CAAC,UAAU,EAAE,gBAAgB,EAAE,KAAK,CAAC,CAAA;QACjE,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;QAC3B,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;YACpB,OAAO,UAAU,CAAA;QACnB,CAAC;IACH,CAAC,QAAQ,UAAU,CAAC,MAAM,GAAG,wBAAwB,EAAC;IAEtD,iFAAiF;IACjF,GAAG,CAAC;QACF,wBAAwB,GAAG,UAAU,CAAC,MAAM,CAAA;QAC5C,UAAU,GAAG,eAAe,CAAC,UAAU,EAAE,gBAAgB,EAAE,IAAI,CAAC,CAAA;QAChE,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;QAC3B,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;YACpB,OAAO,UAAU,CAAA;QACnB,CAAC;IACH,CAAC,QAAQ,UAAU,CAAC,MAAM,GAAG,wBAAwB,EAAC;IAEtD,OAAO,UAAU,CAAA;AACnB,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,eAAe,CAC7B,cAAwB,EACxB,gBAA0B,EAC1B,IAAa;IAEb,mEAAmE;IACnE,MAAM,eAAe,GAAG,mBAAmB,CAAC,cAAc,CAAC,CAAC,MAAM,CAChE,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,IAAI,GAAG,CACvC,CAAA;IACD,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC5B,OAAO,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAA;IAClC,CAAC,CAAC,CAAA;IAEF,MAAM,kBAAkB,GAAG,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;IAE/E,mDAAmD;IACnD,IAAI,cAAc,GAAG,cAAc,CAAA;IACnC,KAAK,MAAM,QAAQ,IAAI,kBAAkB,EAAE,CAAC;QAC1C,MAAM,gBAAgB,GAAG,KAAK,CAAC,IAAI,CACjC,IAAI,GAAG,CACL,cAAc,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAC1F,CACF,CAAA;QACD,cAAc,GAAG,2BAA2B,CAAC,gBAAgB,CAAC,CAAA;IAChE,CAAC;IAED,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,YAAY,CAC1B,aAAqB,EACrB,QAAgB,EAChB,gBAA0B;IAE1B,MAAM,SAAS,GAAG,oBAAoB,CAAC,aAAa,CAAC,CAAA;IACrD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,aAAa,CAAA;IACtB,CAAC;IACD,MAAM,eAAe,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;IACnD,IAAI,YAAY,GAAG,aAAa,CAAA;IAEhC,IAAI,eAAe,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,6HAA6H;QAC7H,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC1C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;QAED,sBAAsB;IACxB,CAAC;SAAM,IAAI,eAAe,KAAK,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpD,gBAAgB;QAChB,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YAED,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;IACH,CAAC;SAAM,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;QAC/B,mBAAmB;QACnB,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,eAAe,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5D,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,2FAA2F;gBAC3F,SAAS,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAA;gBAC3B,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;QACD,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,eAAe,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC9C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAA;AACrB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAAC,cAAsB;IACtD,OAAO,cAAc,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;AAC5C,CAAC;AAED;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,cAAsB;IAC3D,cAAc,GAAG,iBAAiB,CAAC,cAAc,CAAC,CAAA;IAClD,MAAM,OAAO,GAAG,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,GAAG,CAAA;IAChE,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;AACjC,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,8BAA8B,CAAC,cAAsB,EAAE,OAAiB;IACtF,MAAM,KAAK,GAAG,sBAAsB,CAAC,cAAc,CAAC,CAAA;IACpD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACvB,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,oBAAoB,CAAC,KAAa;IAChD,8FAA8F;IAC9F,oDAAoD;IACpD,sEAAsE;IACtE,OAAO,KAAK,CAAC,KAAK,CAAC,+DAA+D,CAAC,CAAA;AACrF,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,eAAe,CAAC,UAAoB,EAAE,OAAiB;IACrE,MAAM,cAAc,GAAG,IAAI,GAAG,EAAkB,CAAA;IAChD,UAAU,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE;QAC/B,IAAI,KAAK,GAAG,CAAC,CAAA;QACb,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;YACzB,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC/B,KAAK,EAAE,CAAA;YACT,CAAC;QACH,CAAC,CAAC,CAAA;QACF,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACd,cAAc,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;QACtC,CAAC;IACH,CAAC,CAAC,CAAA;IACF,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,mBAAmB,CACjC,OAAiB;IAEjB,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAA;IACvC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;QACzB,oBAAoB,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAA;IACnF,CAAC,CAAC,CAAA;IAEF,MAAM,cAAc,GAAG,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,OAAO,CAAC,CAAA;IAE1E,MAAM,MAAM,GAAU,EAAE,CAAA;IACxB,cAAc,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE;QAC7C,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;IAC/D,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,2BAA2B,CAAC,QAAkB;IAC5D,8CAA8C;IAC9C,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAA;IAE5C,IAAI,oBAAoB,GAAa,EAAE,CAAA;IACvC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,kCAAkC;QAClC,MAAM,wBAAwB,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE,CAC1E,cAAc,CAAC,YAAY,EAAE,OAAO,CAAC,CACtC,CAAA;QACD,IAAI,wBAAwB,EAAE,CAAC;YAC7B,SAAQ;QACV,CAAC;QAED,mDAAmD;QACnD,oBAAoB,GAAG,oBAAoB,CAAC,MAAM,CAChD,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,CAAC,CACzD,CAAA;QAED,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IACpC,CAAC;IACD,OAAO,oBAAoB,CAAA;AAC7B,CAAC;AAED;;;;;GAKG;AACH,SAAS,cAAc,CAAC,OAAe,EAAE,QAAgB;IACvD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,GAAG,CAAC,CAAA;IAClE,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;AAC7B,CAAC;AAED;;;;;;GAMG;AACH,SAAS,mCAAmC,CAC1C,WAAkC;IAElC,MAAM,MAAM,GAAG,cAAc,CAAC,WAAW,CAAC,CAAA;IAC1C,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,MAAM,CAAA;IACf,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,yBAAyB,WAAW,EAAE,CAAC,CAAA;AACzD,CAAC;AAED;;;;;;;GAOG;AAEH,KAAK,UAAU,0BAA0B,CACvC,OAAe,EACf,OAAiB,EACjB,qBAA6C;IAE7C,IAAI,iBAAiB,CAAC,qBAAqB,CAAC,EAAE,CAAC;QAC7C,OAAO,EAAE,gBAAgB,EAAE,OAAO,EAAE,kBAAkB,EAAE,EAAE,EAAE,CAAA;IAC9D,CAAC;IAED,MAAM,gBAAgB,GAAa,EAAE,CAAA;IACrC,MAAM,kBAAkB,GAAa,EAAE,CAAA;IAEvC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QACvD,MAAM,WAAW,GAAG,mCAAmC,CACrD,OAAO,CAAC,WAAoC,CAC7C,CAAA;QACD,IAAI,qBAAqB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;YAC3C,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAC/B,CAAC;aAAM,CAAC;YACN,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QACjC,CAAC;IACH,CAAC;IAED,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,CAAA;AACjD,CAAC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAAC,YAAoC;IACpE,OAAO,CACL,YAAY,CAAC,IAAI,IAAI,6BAAqB,CAAC,MAAM;QACjD,CAAC,6BAAqB,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CACjE,CAAA;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shrink_file.d.ts","sourceRoot":"","sources":["../../src/shrink_file.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAU,MAAM,aAAa,CAAA;AAEnD;;;;;;;;GAQG;AACH,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,OAAO,CAAC,aAAa,CAAC,EAC/B,QAAQ,EAAE,GAAG,EACb,GAAG,CAAC,EAAE,MAAM,GACX,OAAO,CAAC,GAAG,CAAC,
|
|
1
|
+
{"version":3,"file":"shrink_file.d.ts","sourceRoot":"","sources":["../../src/shrink_file.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAU,MAAM,aAAa,CAAA;AAEnD;;;;;;;;GAQG;AACH,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,OAAO,CAAC,aAAa,CAAC,EAC/B,QAAQ,EAAE,GAAG,EACb,GAAG,CAAC,EAAE,MAAM,GACX,OAAO,CAAC,GAAG,CAAC,CA8Bd"}
|
package/dist/cjs/shrink_file.js
CHANGED
|
@@ -29,7 +29,12 @@ async function shrinkJsonDocument(options, document, key) {
|
|
|
29
29
|
}
|
|
30
30
|
if (typeof document === 'object' && document !== null) {
|
|
31
31
|
for (const key of Object.keys(document)) {
|
|
32
|
-
|
|
32
|
+
if (key === 'Sid' && typeof document[key] === 'string' && options.removeSids) {
|
|
33
|
+
delete document[key];
|
|
34
|
+
}
|
|
35
|
+
else {
|
|
36
|
+
document[key] = await shrinkJsonDocument(options, document[key], key);
|
|
37
|
+
}
|
|
33
38
|
}
|
|
34
39
|
return document;
|
|
35
40
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shrink_file.js","sourceRoot":"","sources":["../../src/shrink_file.ts"],"names":[],"mappings":";;AAWA,
|
|
1
|
+
{"version":3,"file":"shrink_file.js","sourceRoot":"","sources":["../../src/shrink_file.ts"],"names":[],"mappings":";;AAWA,gDAkCC;AA7CD,2CAAmD;AAEnD;;;;;;;;GAQG;AACI,KAAK,UAAU,kBAAkB,CACtC,OAA+B,EAC/B,QAAa,EACb,GAAY;IAEZ,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;QAC5C,sCAAsC;QACtC,2CAA2C;QAC3C,IAAI;QACJ,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,QAAQ,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YACtF,OAAO,IAAA,kBAAM,EAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;QAClC,CAAC;IACH,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,EAAE,CAAA;QAClB,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,MAAM,kBAAkB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAA;QACvD,CAAC;QACD,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACxC,IAAI,GAAG,KAAK,KAAK,IAAI,OAAO,QAAQ,CAAC,GAAG,CAAC,KAAK,QAAQ,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;gBAC7E,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAA;YACtB,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,GAAG,CAAC,GAAG,MAAM,kBAAkB,CAAC,OAAO,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAA;YACvE,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC"}
|
package/dist/esm/cli.js
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
import { parseCliArguments } from '@cloud-copilot/cli';
|
|
3
3
|
import { iamDataUpdatedAt, iamDataVersion } from '@cloud-copilot/iam-data';
|
|
4
4
|
import { convertNumberOfIterations, parseStdIn } from './cli_utils.js';
|
|
5
|
-
import { shrink } from './shrink.js';
|
|
5
|
+
import { allActionAccessLevels, shrink } from './shrink.js';
|
|
6
6
|
const dataPackage = '@cloud-copilot/iam-data';
|
|
7
7
|
async function shrinkAndPrint(actions, shrinkOptions) {
|
|
8
8
|
try {
|
|
@@ -18,11 +18,27 @@ async function shrinkAndPrint(actions, shrinkOptions) {
|
|
|
18
18
|
}
|
|
19
19
|
async function run() {
|
|
20
20
|
const cli = parseCliArguments('iam-shrink', {}, {
|
|
21
|
+
removeSids: {
|
|
22
|
+
type: 'boolean',
|
|
23
|
+
description: 'Remove Sid fields from the policy statements',
|
|
24
|
+
character: 's'
|
|
25
|
+
},
|
|
26
|
+
removeWhitespace: {
|
|
27
|
+
type: 'boolean',
|
|
28
|
+
description: 'Remove whitespace from the policy output',
|
|
29
|
+
character: 'w'
|
|
30
|
+
},
|
|
21
31
|
iterations: {
|
|
22
32
|
type: 'number',
|
|
23
33
|
description: 'How many iterations of shrinking should be executed, defaults to 2; zero or less means no limit',
|
|
24
34
|
values: 'single'
|
|
25
35
|
},
|
|
36
|
+
levels: {
|
|
37
|
+
type: 'enum',
|
|
38
|
+
description: 'The access levels to reduce in the policy, defaults to all levels',
|
|
39
|
+
values: 'multiple',
|
|
40
|
+
validValues: allActionAccessLevels
|
|
41
|
+
},
|
|
26
42
|
readWaitMs: {
|
|
27
43
|
description: 'Milliseconds to wait for the first byte from stdin before timing out',
|
|
28
44
|
values: 'single',
|
|
@@ -55,7 +71,8 @@ async function run() {
|
|
|
55
71
|
//If no actions are provided, read from stdin
|
|
56
72
|
const stdInResult = await parseStdIn(shrinkArgs);
|
|
57
73
|
if (stdInResult.object) {
|
|
58
|
-
|
|
74
|
+
const spaces = shrinkArgs.removeWhitespace ? 0 : 2;
|
|
75
|
+
console.log(JSON.stringify(stdInResult.object, null, spaces));
|
|
59
76
|
return;
|
|
60
77
|
}
|
|
61
78
|
else if (stdInResult.strings) {
|
package/dist/esm/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAA;AACtD,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAA;AAC1E,OAAO,EAAE,yBAAyB,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AACtE,OAAO,EAAE,MAAM,EAAiB,MAAM,aAAa,CAAA;
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAA;AACtD,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAA;AAC1E,OAAO,EAAE,yBAAyB,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AACtE,OAAO,EAAE,qBAAqB,EAAE,MAAM,EAAiB,MAAM,aAAa,CAAA;AAE1E,MAAM,WAAW,GAAG,yBAAyB,CAAA;AAE7C,KAAK,UAAU,cAAc,CAAC,OAAiB,EAAE,aAAqC;IACpF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,EAAE,aAAa,CAAC,CAAA;QACnD,KAAK,MAAM,MAAM,IAAI,MAAM,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACrB,CAAC;IACH,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA;QACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,GAAG,GAAG,iBAAiB,CAC3B,YAAY,EACZ,EAAE,EACF;QACE,UAAU,EAAE;YACV,IAAI,EAAE,SAAS;YACf,WAAW,EAAE,8CAA8C;YAC3D,SAAS,EAAE,GAAG;SACf;QACD,gBAAgB,EAAE;YAChB,IAAI,EAAE,SAAS;YACf,WAAW,EAAE,0CAA0C;YACvD,SAAS,EAAE,GAAG;SACf;QACD,UAAU,EAAE;YACV,IAAI,EAAE,QAAQ;YACd,WAAW,EACT,iGAAiG;YACnG,MAAM,EAAE,QAAQ;SACjB;QACD,MAAM,EAAE;YACN,IAAI,EAAE,MAAM;YACZ,WAAW,EAAE,mEAAmE;YAChF,MAAM,EAAE,UAAU;YAClB,WAAW,EAAE,qBAAqB;SACnC;QACD,UAAU,EAAE;YACV,WAAW,EAAE,sEAAsE;YACnF,MAAM,EAAE,QAAQ;YAChB,IAAI,EAAE,QAAQ;SACf;QACD,eAAe,EAAE;YACf,SAAS,EAAE,GAAG;YACd,WAAW,EAAE,+DAA+D;YAC5E,IAAI,EAAE,SAAS;SAChB;KACF,EACD;QACE,YAAY,EAAE,QAAQ;QACtB,sBAAsB,EAAE,IAAI;KAC7B,CACF,CAAA;IAED,IAAI,GAAG,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,MAAM,cAAc,EAAE,CAAA;QACtC,OAAO,CAAC,GAAG,CAAC,GAAG,WAAW,aAAa,OAAO,EAAE,CAAC,CAAA;QACjD,OAAO,CAAC,GAAG,CAAC,sBAAsB,MAAM,gBAAgB,EAAE,EAAE,CAAC,CAAA;QAC7D,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAA;QAClC,OAAO,CAAC,GAAG,CAAC,gBAAgB,WAAW,EAAE,CAAC,CAAA;QAC1C,OAAO,CAAC,GAAG,CAAC,mBAAmB,WAAW,EAAE,CAAC,CAAA;QAC7C,OAAM;IACR,CAAC;IAED,MAAM,aAAa,GAAG,GAAG,CAAC,QAAQ,CAAA;IAElC,MAAM,UAAU,GAAG,EAAE,GAAG,GAAG,CAAC,IAAI,EAAE,UAAU,EAAE,yBAAyB,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAA;IAC9F,IAAI,UAAU,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACxC,OAAO,UAAU,CAAC,UAAU,CAAA;IAC9B,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,6CAA6C;QAC7C,MAAM,WAAW,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAA;QAChD,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;YACvB,MAAM,MAAM,GAAG,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YAClD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC,CAAA;YAC7D,OAAM;QACR,CAAC;aAAM,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YAC/B,aAAa,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,OAAO,CAAC,CAAA;QAC5C,CAAC;IACH,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,cAAc,CAAC,aAAa,EAAE,UAAU,CAAC,CAAA;QAC/C,OAAM;IACR,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAA;IACtD,GAAG,CAAC,SAAS,EAAE,CAAA;AACjB,CAAC;AAED,GAAG,EAAE;KACF,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC;KACD,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;KACd,OAAO,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA"}
|
package/dist/esm/shrink.d.ts
CHANGED
|
@@ -1,5 +1,9 @@
|
|
|
1
|
+
export type ActionAccessLevel = 'read' | 'write' | 'list' | 'tagging' | 'permissions';
|
|
2
|
+
export declare const allActionAccessLevels: ActionAccessLevel[];
|
|
1
3
|
export interface ShrinkOptions {
|
|
2
4
|
iterations: number;
|
|
5
|
+
removeSids: boolean;
|
|
6
|
+
levels: ActionAccessLevel[];
|
|
3
7
|
}
|
|
4
8
|
/**
|
|
5
9
|
* Shrink the list of desired patterns minus the excluded patterns to the smallest list of patterns
|
|
@@ -128,4 +132,11 @@ export declare function findCommonSequences(actions: string[]): {
|
|
|
128
132
|
* @returns the consolidated list of patterns
|
|
129
133
|
*/
|
|
130
134
|
export declare function consolidateWildcardPatterns(patterns: string[]): string[];
|
|
135
|
+
/**
|
|
136
|
+
* Check if all access levels are included in the set
|
|
137
|
+
*
|
|
138
|
+
* @param accessLevels the set of ActionAccessLevel values to check
|
|
139
|
+
* @returns true if all access levels are included
|
|
140
|
+
*/
|
|
141
|
+
export declare function isAllAccessLevels(accessLevels: Set<ActionAccessLevel>): boolean;
|
|
131
142
|
//# sourceMappingURL=shrink.d.ts.map
|
package/dist/esm/shrink.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shrink.d.ts","sourceRoot":"","sources":["../../src/shrink.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"shrink.d.ts","sourceRoot":"","sources":["../../src/shrink.ts"],"names":[],"mappings":"AAKA,MAAM,MAAM,iBAAiB,GAAG,MAAM,GAAG,OAAO,GAAG,MAAM,GAAG,SAAS,GAAG,aAAa,CAAA;AACrF,eAAO,MAAM,qBAAqB,EAAE,iBAAiB,EAMpD,CAAA;AAYD,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,OAAO,CAAA;IACnB,MAAM,EAAE,iBAAiB,EAAE,CAAA;CAC5B;AAQD;;;;;;;;;;;;GAYG;AACH,wBAAsB,MAAM,CAC1B,eAAe,EAAE,MAAM,EAAE,EACzB,aAAa,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,GACrC,OAAO,CAAC,MAAM,EAAE,CAAC,CAkDnB;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAEtD;AAED;;;;;;;;;GASG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,MAAM,EAAE,GAChB,GAAG,CAAC,MAAM,EAAE;IAAE,WAAW,EAAE,MAAM,EAAE,CAAC;IAAC,cAAc,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC,CAWlE;AAED;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAChC,cAAc,EAAE,MAAM,EAAE,EACxB,eAAe,EAAE,MAAM,EAAE,EACzB,UAAU,EAAE,MAAM,GACjB,MAAM,EAAE,CAiCV;AAED;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAC7B,cAAc,EAAE,MAAM,EAAE,EACxB,gBAAgB,EAAE,MAAM,EAAE,EAC1B,IAAI,EAAE,OAAO,GACZ,MAAM,EAAE,CAuBV;AAED;;;;;;;;GAQG;AACH,wBAAgB,YAAY,CAC1B,aAAa,EAAE,MAAM,EACrB,QAAQ,EAAE,MAAM,EAChB,gBAAgB,EAAE,MAAM,EAAE,GACzB,MAAM,CAoER;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,CAEhE;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,CAIrE;AAED;;;;;;GAMG;AACH,wBAAgB,8BAA8B,CAAC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAQjG;AAED;;;;;;;;;GASG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAK5D;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,UAAU,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAc5F;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,MAAM,EAAE,GAChB;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,EAAE,CAc3D;AAED;;;;;;;;;GASG;AACH,wBAAgB,2BAA2B,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAsBxE;AAkED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,YAAY,EAAE,GAAG,CAAC,iBAAiB,CAAC,GAAG,OAAO,CAK/E"}
|
package/dist/esm/shrink.js
CHANGED
|
@@ -1,8 +1,25 @@
|
|
|
1
|
+
import { iamActionDetails } from '@cloud-copilot/iam-data';
|
|
1
2
|
import { expandIamActions } from '@cloud-copilot/iam-expand';
|
|
2
3
|
import { ShrinkValidationError } from './errors.js';
|
|
3
4
|
import { validateShrinkResults } from './validate.js';
|
|
5
|
+
export const allActionAccessLevels = [
|
|
6
|
+
'read',
|
|
7
|
+
'write',
|
|
8
|
+
'list',
|
|
9
|
+
'tagging',
|
|
10
|
+
'permissions'
|
|
11
|
+
];
|
|
12
|
+
const actionLevelMap = {
|
|
13
|
+
Read: 'read',
|
|
14
|
+
Write: 'write',
|
|
15
|
+
List: 'list',
|
|
16
|
+
Tagging: 'tagging',
|
|
17
|
+
'Permissions management': 'permissions'
|
|
18
|
+
};
|
|
4
19
|
const defaultOptions = {
|
|
5
|
-
iterations: 2
|
|
20
|
+
iterations: 2,
|
|
21
|
+
removeSids: false,
|
|
22
|
+
levels: allActionAccessLevels
|
|
6
23
|
};
|
|
7
24
|
/**
|
|
8
25
|
* Shrink the list of desired patterns minus the excluded patterns to the smallest list of patterns
|
|
@@ -19,11 +36,15 @@ const defaultOptions = {
|
|
|
19
36
|
*/
|
|
20
37
|
export async function shrink(desiredPatterns, shrinkOptions) {
|
|
21
38
|
//Check for an all actions wildcard
|
|
39
|
+
const options = { ...defaultOptions, ...shrinkOptions };
|
|
40
|
+
if (options.levels.length === 0) {
|
|
41
|
+
options.levels = allActionAccessLevels;
|
|
42
|
+
}
|
|
43
|
+
const reducibleAccessLevelsSet = new Set(options.levels);
|
|
22
44
|
const wildCard = desiredPatterns.find((pattern) => collapseAsterisks(pattern) === '*');
|
|
23
|
-
if (wildCard) {
|
|
45
|
+
if (wildCard && isAllAccessLevels(reducibleAccessLevelsSet)) {
|
|
24
46
|
return ['*'];
|
|
25
47
|
}
|
|
26
|
-
const options = { ...defaultOptions, ...shrinkOptions };
|
|
27
48
|
const targetActions = await expandIamActions(desiredPatterns);
|
|
28
49
|
const expandedActionsByService = groupActionsByService(targetActions);
|
|
29
50
|
const services = Array.from(expandedActionsByService.keys()).sort();
|
|
@@ -31,9 +52,13 @@ export async function shrink(desiredPatterns, shrinkOptions) {
|
|
|
31
52
|
for (const service of services) {
|
|
32
53
|
const desiredActions = expandedActionsByService.get(service);
|
|
33
54
|
const possibleActions = mapActions(await expandIamActions(`${service}:*`));
|
|
34
|
-
const
|
|
55
|
+
const filteredActions = await filterActionsByAccessLevel(service, desiredActions.withoutService, reducibleAccessLevelsSet);
|
|
56
|
+
const reducedServiceActions = shrinkResolvedList(filteredActions.reducibleActions, possibleActions, options.iterations);
|
|
35
57
|
//Validation
|
|
36
|
-
const reducedServiceActionsWithService =
|
|
58
|
+
const reducedServiceActionsWithService = [
|
|
59
|
+
...reducedServiceActions.map((action) => `${service}:${action}`),
|
|
60
|
+
...filteredActions.unreducibleActions.map((action) => `${service}:${action}`)
|
|
61
|
+
].sort();
|
|
37
62
|
const invalidMatch = await validateShrinkResults(desiredActions.withService, reducedServiceActionsWithService);
|
|
38
63
|
if (invalidMatch) {
|
|
39
64
|
throw new ShrinkValidationError(desiredPatterns, invalidMatch);
|
|
@@ -338,4 +363,54 @@ function matchesPattern(general, specific) {
|
|
|
338
363
|
const regex = new RegExp('^' + general.replace(/\*/g, '.*') + '$');
|
|
339
364
|
return regex.test(specific);
|
|
340
365
|
}
|
|
366
|
+
/**
|
|
367
|
+
* Get the ActionAccessLevel option value for a given ActionDataAccessLevel
|
|
368
|
+
*
|
|
369
|
+
* @param accessLevel the ActionDataAccessLevel to convert
|
|
370
|
+
* @returns the corresponding ActionAccessLevel
|
|
371
|
+
* @throws if the access level is not recognized
|
|
372
|
+
*/
|
|
373
|
+
function optionAccessLevelForDataAccessLevel(accessLevel) {
|
|
374
|
+
const result = actionLevelMap[accessLevel];
|
|
375
|
+
if (result) {
|
|
376
|
+
return result;
|
|
377
|
+
}
|
|
378
|
+
throw new Error(`Unknown access level: ${accessLevel}`);
|
|
379
|
+
}
|
|
380
|
+
/**
|
|
381
|
+
* Filter actions into reducable and unreduceable based on the provided access levels
|
|
382
|
+
*
|
|
383
|
+
* @param service the service the actions belong to
|
|
384
|
+
* @param actions the list of actions to filter
|
|
385
|
+
* @param reducibleAccessLevels the set of ActionAccessLevel values that are considered reducible
|
|
386
|
+
* @returns an object with two arrays: reducibleActions and unreducibleActions
|
|
387
|
+
*/
|
|
388
|
+
async function filterActionsByAccessLevel(service, actions, reducibleAccessLevels) {
|
|
389
|
+
if (isAllAccessLevels(reducibleAccessLevels)) {
|
|
390
|
+
return { reducibleActions: actions, unreducibleActions: [] };
|
|
391
|
+
}
|
|
392
|
+
const reducibleActions = [];
|
|
393
|
+
const unreducibleActions = [];
|
|
394
|
+
for (const action of actions) {
|
|
395
|
+
const details = await iamActionDetails(service, action);
|
|
396
|
+
const accessLevel = optionAccessLevelForDataAccessLevel(details.accessLevel);
|
|
397
|
+
if (reducibleAccessLevels.has(accessLevel)) {
|
|
398
|
+
reducibleActions.push(action);
|
|
399
|
+
}
|
|
400
|
+
else {
|
|
401
|
+
unreducibleActions.push(action);
|
|
402
|
+
}
|
|
403
|
+
}
|
|
404
|
+
return { reducibleActions, unreducibleActions };
|
|
405
|
+
}
|
|
406
|
+
/**
|
|
407
|
+
* Check if all access levels are included in the set
|
|
408
|
+
*
|
|
409
|
+
* @param accessLevels the set of ActionAccessLevel values to check
|
|
410
|
+
* @returns true if all access levels are included
|
|
411
|
+
*/
|
|
412
|
+
export function isAllAccessLevels(accessLevels) {
|
|
413
|
+
return (accessLevels.size >= allActionAccessLevels.length &&
|
|
414
|
+
!allActionAccessLevels.find((level) => !accessLevels.has(level)));
|
|
415
|
+
}
|
|
341
416
|
//# sourceMappingURL=shrink.js.map
|
package/dist/esm/shrink.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shrink.js","sourceRoot":"","sources":["../../src/shrink.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAA;AAC5D,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAA;AACnD,OAAO,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAA;AAMrD,MAAM,cAAc,GAAkB;IACpC,UAAU,EAAE,CAAC;CACd,CAAA;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,MAAM,CAC1B,eAAyB,EACzB,aAAsC;IAEtC,mCAAmC;IACnC,MAAM,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,CAAA;IACtF,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,CAAA;IACd,CAAC;IAED,MAAM,OAAO,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,aAAa,EAAE,CAAA;IACvD,MAAM,aAAa,GAAG,MAAM,gBAAgB,CAAC,eAAe,CAAC,CAAA;IAC7D,MAAM,wBAAwB,GAAG,qBAAqB,CAAC,aAAa,CAAC,CAAA;IACrE,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAA;IAEnE,MAAM,cAAc,GAAa,EAAE,CAAA;IACnC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,cAAc,GAAG,wBAAwB,CAAC,GAAG,CAAC,OAAO,CAAE,CAAA;QAC7D,MAAM,eAAe,GAAG,UAAU,CAAC,MAAM,gBAAgB,CAAC,GAAG,OAAO,IAAI,CAAC,CAAC,CAAA;QAC1E,MAAM,qBAAqB,GAAG,kBAAkB,CAC9C,cAAc,CAAC,cAAc,EAC7B,eAAe,EACf,OAAO,CAAC,UAAU,CACnB,CAAA;QAED,YAAY;QACZ,MAAM,gCAAgC,GAAG,qBAAqB,CAAC,GAAG,CAChE,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,OAAO,IAAI,MAAM,EAAE,CACnC,CAAA;QACD,MAAM,YAAY,GAAG,MAAM,qBAAqB,CAC9C,cAAc,CAAC,WAAW,EAC1B,gCAAgC,CACjC,CAAA;QACD,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,IAAI,qBAAqB,CAAC,eAAe,EAAE,YAAY,CAAC,CAAA;QAChE,CAAC;QACD,cAAc,CAAC,IAAI,CAAC,GAAG,gCAAgC,CAAC,CAAA;IAC1D,CAAC;IAED,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CAAC,OAAiB;IAC1C,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;AACtD,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,qBAAqB,CACnC,OAAiB;IAEjB,MAAM,UAAU,GAAG,IAAI,GAAG,EAA+D,CAAA;IACzF,OAAO,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,EAAE;QAC/B,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACjD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC,CAAA;QAClE,CAAC;QACD,UAAU,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QACvD,UAAU,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IACtD,CAAC,CAAC,CAAA;IACF,OAAO,UAAU,CAAA;AACnB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,kBAAkB,CAChC,cAAwB,EACxB,eAAyB,EACzB,UAAkB;IAElB,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,CAAA;IAChD,MAAM,gBAAgB,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAA;IAE1F,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,oEAAoE;QACpE,OAAO,CAAC,GAAG,CAAC,CAAA;IACd,CAAC;IAED,sFAAsF;IACtF,IAAI,wBAAwB,GAAG,cAAc,CAAC,MAAM,CAAA;IACpD,IAAI,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,CAAA;IAEvC,GAAG,CAAC;QACF,wBAAwB,GAAG,UAAU,CAAC,MAAM,CAAA;QAC5C,UAAU,GAAG,eAAe,CAAC,UAAU,EAAE,gBAAgB,EAAE,KAAK,CAAC,CAAA;QACjE,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;QAC3B,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;YACpB,OAAO,UAAU,CAAA;QACnB,CAAC;IACH,CAAC,QAAQ,UAAU,CAAC,MAAM,GAAG,wBAAwB,EAAC;IAEtD,iFAAiF;IACjF,GAAG,CAAC;QACF,wBAAwB,GAAG,UAAU,CAAC,MAAM,CAAA;QAC5C,UAAU,GAAG,eAAe,CAAC,UAAU,EAAE,gBAAgB,EAAE,IAAI,CAAC,CAAA;QAChE,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;QAC3B,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;YACpB,OAAO,UAAU,CAAA;QACnB,CAAC;IACH,CAAC,QAAQ,UAAU,CAAC,MAAM,GAAG,wBAAwB,EAAC;IAEtD,OAAO,UAAU,CAAA;AACnB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,eAAe,CAC7B,cAAwB,EACxB,gBAA0B,EAC1B,IAAa;IAEb,mEAAmE;IACnE,MAAM,eAAe,GAAG,mBAAmB,CAAC,cAAc,CAAC,CAAC,MAAM,CAChE,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,IAAI,GAAG,CACvC,CAAA;IACD,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC5B,OAAO,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAA;IAClC,CAAC,CAAC,CAAA;IAEF,MAAM,kBAAkB,GAAG,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;IAE/E,mDAAmD;IACnD,IAAI,cAAc,GAAG,cAAc,CAAA;IACnC,KAAK,MAAM,QAAQ,IAAI,kBAAkB,EAAE,CAAC;QAC1C,MAAM,gBAAgB,GAAG,KAAK,CAAC,IAAI,CACjC,IAAI,GAAG,CACL,cAAc,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAC1F,CACF,CAAA;QACD,cAAc,GAAG,2BAA2B,CAAC,gBAAgB,CAAC,CAAA;IAChE,CAAC;IAED,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,YAAY,CAC1B,aAAqB,EACrB,QAAgB,EAChB,gBAA0B;IAE1B,MAAM,SAAS,GAAG,oBAAoB,CAAC,aAAa,CAAC,CAAA;IACrD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,aAAa,CAAA;IACtB,CAAC;IACD,MAAM,eAAe,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;IACnD,IAAI,YAAY,GAAG,aAAa,CAAA;IAEhC,IAAI,eAAe,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,6HAA6H;QAC7H,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC1C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;QAED,sBAAsB;IACxB,CAAC;SAAM,IAAI,eAAe,KAAK,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpD,gBAAgB;QAChB,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YAED,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;IACH,CAAC;SAAM,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;QAC/B,mBAAmB;QACnB,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,eAAe,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5D,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,2FAA2F;gBAC3F,SAAS,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAA;gBAC3B,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;QACD,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,eAAe,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC9C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAA;AACrB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,cAAsB;IACtD,OAAO,cAAc,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;AAC5C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CAAC,cAAsB;IAC3D,cAAc,GAAG,iBAAiB,CAAC,cAAc,CAAC,CAAA;IAClD,MAAM,OAAO,GAAG,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,GAAG,CAAA;IAChE,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;AACjC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,8BAA8B,CAAC,cAAsB,EAAE,OAAiB;IACtF,MAAM,KAAK,GAAG,sBAAsB,CAAC,cAAc,CAAC,CAAA;IACpD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACvB,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,oBAAoB,CAAC,KAAa;IAChD,8FAA8F;IAC9F,oDAAoD;IACpD,sEAAsE;IACtE,OAAO,KAAK,CAAC,KAAK,CAAC,+DAA+D,CAAC,CAAA;AACrF,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,eAAe,CAAC,UAAoB,EAAE,OAAiB;IACrE,MAAM,cAAc,GAAG,IAAI,GAAG,EAAkB,CAAA;IAChD,UAAU,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE;QAC/B,IAAI,KAAK,GAAG,CAAC,CAAA;QACb,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;YACzB,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC/B,KAAK,EAAE,CAAA;YACT,CAAC;QACH,CAAC,CAAC,CAAA;QACF,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACd,cAAc,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;QACtC,CAAC;IACH,CAAC,CAAC,CAAA;IACF,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CACjC,OAAiB;IAEjB,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAA;IACvC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;QACzB,oBAAoB,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAA;IACnF,CAAC,CAAC,CAAA;IAEF,MAAM,cAAc,GAAG,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,OAAO,CAAC,CAAA;IAE1E,MAAM,MAAM,GAAU,EAAE,CAAA;IACxB,cAAc,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE;QAC7C,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;IAC/D,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,2BAA2B,CAAC,QAAkB;IAC5D,8CAA8C;IAC9C,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAA;IAE5C,IAAI,oBAAoB,GAAa,EAAE,CAAA;IACvC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,kCAAkC;QAClC,MAAM,wBAAwB,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE,CAC1E,cAAc,CAAC,YAAY,EAAE,OAAO,CAAC,CACtC,CAAA;QACD,IAAI,wBAAwB,EAAE,CAAC;YAC7B,SAAQ;QACV,CAAC;QAED,mDAAmD;QACnD,oBAAoB,GAAG,oBAAoB,CAAC,MAAM,CAChD,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,CAAC,CACzD,CAAA;QAED,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IACpC,CAAC;IACD,OAAO,oBAAoB,CAAA;AAC7B,CAAC;AAED;;;;;GAKG;AACH,SAAS,cAAc,CAAC,OAAe,EAAE,QAAgB;IACvD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,GAAG,CAAC,CAAA;IAClE,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;AAC7B,CAAC"}
|
|
1
|
+
{"version":3,"file":"shrink.js","sourceRoot":"","sources":["../../src/shrink.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAA;AAC5D,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAA;AACnD,OAAO,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAA;AAGrD,MAAM,CAAC,MAAM,qBAAqB,GAAwB;IACxD,MAAM;IACN,OAAO;IACP,MAAM;IACN,SAAS;IACT,aAAa;CACd,CAAA;AAID,MAAM,cAAc,GAAqD;IACvE,IAAI,EAAE,MAAM;IACZ,KAAK,EAAE,OAAO;IACd,IAAI,EAAE,MAAM;IACZ,OAAO,EAAE,SAAS;IAClB,wBAAwB,EAAE,aAAa;CACxC,CAAA;AAQD,MAAM,cAAc,GAAkB;IACpC,UAAU,EAAE,CAAC;IACb,UAAU,EAAE,KAAK;IACjB,MAAM,EAAE,qBAAqB;CAC9B,CAAA;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,MAAM,CAC1B,eAAyB,EACzB,aAAsC;IAEtC,mCAAmC;IACnC,MAAM,OAAO,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,aAAa,EAAE,CAAA;IACvD,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,OAAO,CAAC,MAAM,GAAG,qBAAqB,CAAA;IACxC,CAAC;IACD,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;IAExD,MAAM,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,CAAA;IACtF,IAAI,QAAQ,IAAI,iBAAiB,CAAC,wBAAwB,CAAC,EAAE,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,CAAA;IACd,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,gBAAgB,CAAC,eAAe,CAAC,CAAA;IAC7D,MAAM,wBAAwB,GAAG,qBAAqB,CAAC,aAAa,CAAC,CAAA;IACrE,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAA;IAEnE,MAAM,cAAc,GAAa,EAAE,CAAA;IACnC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,cAAc,GAAG,wBAAwB,CAAC,GAAG,CAAC,OAAO,CAAE,CAAA;QAC7D,MAAM,eAAe,GAAG,UAAU,CAAC,MAAM,gBAAgB,CAAC,GAAG,OAAO,IAAI,CAAC,CAAC,CAAA;QAC1E,MAAM,eAAe,GAAG,MAAM,0BAA0B,CACtD,OAAO,EACP,cAAc,CAAC,cAAc,EAC7B,wBAAwB,CACzB,CAAA;QAED,MAAM,qBAAqB,GAAG,kBAAkB,CAC9C,eAAe,CAAC,gBAAgB,EAChC,eAAe,EACf,OAAO,CAAC,UAAU,CACnB,CAAA;QAED,YAAY;QACZ,MAAM,gCAAgC,GAAG;YACvC,GAAG,qBAAqB,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,OAAO,IAAI,MAAM,EAAE,CAAC;YAChE,GAAG,eAAe,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,OAAO,IAAI,MAAM,EAAE,CAAC;SAC9E,CAAC,IAAI,EAAE,CAAA;QAER,MAAM,YAAY,GAAG,MAAM,qBAAqB,CAC9C,cAAc,CAAC,WAAW,EAC1B,gCAAgC,CACjC,CAAA;QACD,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,IAAI,qBAAqB,CAAC,eAAe,EAAE,YAAY,CAAC,CAAA;QAChE,CAAC;QACD,cAAc,CAAC,IAAI,CAAC,GAAG,gCAAgC,CAAC,CAAA;IAC1D,CAAC;IAED,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CAAC,OAAiB;IAC1C,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;AACtD,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,qBAAqB,CACnC,OAAiB;IAEjB,MAAM,UAAU,GAAG,IAAI,GAAG,EAA+D,CAAA;IACzF,OAAO,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,EAAE;QAC/B,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACjD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC,CAAA;QAClE,CAAC;QACD,UAAU,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QACvD,UAAU,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IACtD,CAAC,CAAC,CAAA;IACF,OAAO,UAAU,CAAA;AACnB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,kBAAkB,CAChC,cAAwB,EACxB,eAAyB,EACzB,UAAkB;IAElB,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,CAAA;IAChD,MAAM,gBAAgB,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAA;IAE1F,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,oEAAoE;QACpE,OAAO,CAAC,GAAG,CAAC,CAAA;IACd,CAAC;IAED,sFAAsF;IACtF,IAAI,wBAAwB,GAAG,cAAc,CAAC,MAAM,CAAA;IACpD,IAAI,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,CAAA;IAEvC,GAAG,CAAC;QACF,wBAAwB,GAAG,UAAU,CAAC,MAAM,CAAA;QAC5C,UAAU,GAAG,eAAe,CAAC,UAAU,EAAE,gBAAgB,EAAE,KAAK,CAAC,CAAA;QACjE,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;QAC3B,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;YACpB,OAAO,UAAU,CAAA;QACnB,CAAC;IACH,CAAC,QAAQ,UAAU,CAAC,MAAM,GAAG,wBAAwB,EAAC;IAEtD,iFAAiF;IACjF,GAAG,CAAC;QACF,wBAAwB,GAAG,UAAU,CAAC,MAAM,CAAA;QAC5C,UAAU,GAAG,eAAe,CAAC,UAAU,EAAE,gBAAgB,EAAE,IAAI,CAAC,CAAA;QAChE,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;QAC3B,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;YACpB,OAAO,UAAU,CAAA;QACnB,CAAC;IACH,CAAC,QAAQ,UAAU,CAAC,MAAM,GAAG,wBAAwB,EAAC;IAEtD,OAAO,UAAU,CAAA;AACnB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,eAAe,CAC7B,cAAwB,EACxB,gBAA0B,EAC1B,IAAa;IAEb,mEAAmE;IACnE,MAAM,eAAe,GAAG,mBAAmB,CAAC,cAAc,CAAC,CAAC,MAAM,CAChE,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,IAAI,GAAG,CACvC,CAAA;IACD,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC5B,OAAO,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAA;IAClC,CAAC,CAAC,CAAA;IAEF,MAAM,kBAAkB,GAAG,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;IAE/E,mDAAmD;IACnD,IAAI,cAAc,GAAG,cAAc,CAAA;IACnC,KAAK,MAAM,QAAQ,IAAI,kBAAkB,EAAE,CAAC;QAC1C,MAAM,gBAAgB,GAAG,KAAK,CAAC,IAAI,CACjC,IAAI,GAAG,CACL,cAAc,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAC1F,CACF,CAAA;QACD,cAAc,GAAG,2BAA2B,CAAC,gBAAgB,CAAC,CAAA;IAChE,CAAC;IAED,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,YAAY,CAC1B,aAAqB,EACrB,QAAgB,EAChB,gBAA0B;IAE1B,MAAM,SAAS,GAAG,oBAAoB,CAAC,aAAa,CAAC,CAAA;IACrD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,aAAa,CAAA;IACtB,CAAC;IACD,MAAM,eAAe,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;IACnD,IAAI,YAAY,GAAG,aAAa,CAAA;IAEhC,IAAI,eAAe,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,6HAA6H;QAC7H,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC1C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;QAED,sBAAsB;IACxB,CAAC;SAAM,IAAI,eAAe,KAAK,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpD,gBAAgB;QAChB,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YAED,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;IACH,CAAC;SAAM,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;QAC/B,mBAAmB;QACnB,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,eAAe,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5D,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,2FAA2F;gBAC3F,SAAS,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAA;gBAC3B,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;QACD,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,eAAe,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC9C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAA;AACrB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,cAAsB;IACtD,OAAO,cAAc,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;AAC5C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CAAC,cAAsB;IAC3D,cAAc,GAAG,iBAAiB,CAAC,cAAc,CAAC,CAAA;IAClD,MAAM,OAAO,GAAG,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,GAAG,CAAA;IAChE,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;AACjC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,8BAA8B,CAAC,cAAsB,EAAE,OAAiB;IACtF,MAAM,KAAK,GAAG,sBAAsB,CAAC,cAAc,CAAC,CAAA;IACpD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACvB,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,oBAAoB,CAAC,KAAa;IAChD,8FAA8F;IAC9F,oDAAoD;IACpD,sEAAsE;IACtE,OAAO,KAAK,CAAC,KAAK,CAAC,+DAA+D,CAAC,CAAA;AACrF,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,eAAe,CAAC,UAAoB,EAAE,OAAiB;IACrE,MAAM,cAAc,GAAG,IAAI,GAAG,EAAkB,CAAA;IAChD,UAAU,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE;QAC/B,IAAI,KAAK,GAAG,CAAC,CAAA;QACb,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;YACzB,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC/B,KAAK,EAAE,CAAA;YACT,CAAC;QACH,CAAC,CAAC,CAAA;QACF,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACd,cAAc,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;QACtC,CAAC;IACH,CAAC,CAAC,CAAA;IACF,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CACjC,OAAiB;IAEjB,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAA;IACvC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;QACzB,oBAAoB,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAA;IACnF,CAAC,CAAC,CAAA;IAEF,MAAM,cAAc,GAAG,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,OAAO,CAAC,CAAA;IAE1E,MAAM,MAAM,GAAU,EAAE,CAAA;IACxB,cAAc,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE;QAC7C,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;IAC/D,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,2BAA2B,CAAC,QAAkB;IAC5D,8CAA8C;IAC9C,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAA;IAE5C,IAAI,oBAAoB,GAAa,EAAE,CAAA;IACvC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,kCAAkC;QAClC,MAAM,wBAAwB,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE,CAC1E,cAAc,CAAC,YAAY,EAAE,OAAO,CAAC,CACtC,CAAA;QACD,IAAI,wBAAwB,EAAE,CAAC;YAC7B,SAAQ;QACV,CAAC;QAED,mDAAmD;QACnD,oBAAoB,GAAG,oBAAoB,CAAC,MAAM,CAChD,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,CAAC,CACzD,CAAA;QAED,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IACpC,CAAC;IACD,OAAO,oBAAoB,CAAA;AAC7B,CAAC;AAED;;;;;GAKG;AACH,SAAS,cAAc,CAAC,OAAe,EAAE,QAAgB;IACvD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,GAAG,CAAC,CAAA;IAClE,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;AAC7B,CAAC;AAED;;;;;;GAMG;AACH,SAAS,mCAAmC,CAC1C,WAAkC;IAElC,MAAM,MAAM,GAAG,cAAc,CAAC,WAAW,CAAC,CAAA;IAC1C,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,MAAM,CAAA;IACf,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,yBAAyB,WAAW,EAAE,CAAC,CAAA;AACzD,CAAC;AAED;;;;;;;GAOG;AAEH,KAAK,UAAU,0BAA0B,CACvC,OAAe,EACf,OAAiB,EACjB,qBAA6C;IAE7C,IAAI,iBAAiB,CAAC,qBAAqB,CAAC,EAAE,CAAC;QAC7C,OAAO,EAAE,gBAAgB,EAAE,OAAO,EAAE,kBAAkB,EAAE,EAAE,EAAE,CAAA;IAC9D,CAAC;IAED,MAAM,gBAAgB,GAAa,EAAE,CAAA;IACrC,MAAM,kBAAkB,GAAa,EAAE,CAAA;IAEvC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QACvD,MAAM,WAAW,GAAG,mCAAmC,CACrD,OAAO,CAAC,WAAoC,CAC7C,CAAA;QACD,IAAI,qBAAqB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;YAC3C,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAC/B,CAAC;aAAM,CAAC;YACN,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QACjC,CAAC;IACH,CAAC;IAED,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,CAAA;AACjD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,YAAoC;IACpE,OAAO,CACL,YAAY,CAAC,IAAI,IAAI,qBAAqB,CAAC,MAAM;QACjD,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CACjE,CAAA;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shrink_file.d.ts","sourceRoot":"","sources":["../../src/shrink_file.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAU,MAAM,aAAa,CAAA;AAEnD;;;;;;;;GAQG;AACH,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,OAAO,CAAC,aAAa,CAAC,EAC/B,QAAQ,EAAE,GAAG,EACb,GAAG,CAAC,EAAE,MAAM,GACX,OAAO,CAAC,GAAG,CAAC,
|
|
1
|
+
{"version":3,"file":"shrink_file.d.ts","sourceRoot":"","sources":["../../src/shrink_file.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAU,MAAM,aAAa,CAAA;AAEnD;;;;;;;;GAQG;AACH,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,OAAO,CAAC,aAAa,CAAC,EAC/B,QAAQ,EAAE,GAAG,EACb,GAAG,CAAC,EAAE,MAAM,GACX,OAAO,CAAC,GAAG,CAAC,CA8Bd"}
|
package/dist/esm/shrink_file.js
CHANGED
|
@@ -26,7 +26,12 @@ export async function shrinkJsonDocument(options, document, key) {
|
|
|
26
26
|
}
|
|
27
27
|
if (typeof document === 'object' && document !== null) {
|
|
28
28
|
for (const key of Object.keys(document)) {
|
|
29
|
-
|
|
29
|
+
if (key === 'Sid' && typeof document[key] === 'string' && options.removeSids) {
|
|
30
|
+
delete document[key];
|
|
31
|
+
}
|
|
32
|
+
else {
|
|
33
|
+
document[key] = await shrinkJsonDocument(options, document[key], key);
|
|
34
|
+
}
|
|
30
35
|
}
|
|
31
36
|
return document;
|
|
32
37
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shrink_file.js","sourceRoot":"","sources":["../../src/shrink_file.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiB,MAAM,EAAE,MAAM,aAAa,CAAA;AAEnD;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,OAA+B,EAC/B,QAAa,EACb,GAAY;IAEZ,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;QAC5C,sCAAsC;QACtC,2CAA2C;QAC3C,IAAI;QACJ,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,QAAQ,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YACtF,OAAO,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;QAClC,CAAC;IACH,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,EAAE,CAAA;QAClB,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,MAAM,kBAAkB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAA;QACvD,CAAC;QACD,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACxC,QAAQ,CAAC,GAAG,CAAC,GAAG,MAAM,kBAAkB,CAAC,OAAO,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAA;
|
|
1
|
+
{"version":3,"file":"shrink_file.js","sourceRoot":"","sources":["../../src/shrink_file.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiB,MAAM,EAAE,MAAM,aAAa,CAAA;AAEnD;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,OAA+B,EAC/B,QAAa,EACb,GAAY;IAEZ,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;QAC5C,sCAAsC;QACtC,2CAA2C;QAC3C,IAAI;QACJ,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,QAAQ,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YACtF,OAAO,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;QAClC,CAAC;IACH,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,EAAE,CAAA;QAClB,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,MAAM,kBAAkB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAA;QACvD,CAAC;QACD,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACxC,IAAI,GAAG,KAAK,KAAK,IAAI,OAAO,QAAQ,CAAC,GAAG,CAAC,KAAK,QAAQ,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;gBAC7E,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAA;YACtB,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,GAAG,CAAC,GAAG,MAAM,kBAAkB,CAAC,OAAO,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAA;YACvE,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC"}
|
package/package.json
CHANGED
package/src/cli.ts
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
import { parseCliArguments } from '@cloud-copilot/cli'
|
|
4
4
|
import { iamDataUpdatedAt, iamDataVersion } from '@cloud-copilot/iam-data'
|
|
5
5
|
import { convertNumberOfIterations, parseStdIn } from './cli_utils.js'
|
|
6
|
-
import { shrink, ShrinkOptions } from './shrink.js'
|
|
6
|
+
import { allActionAccessLevels, shrink, ShrinkOptions } from './shrink.js'
|
|
7
7
|
|
|
8
8
|
const dataPackage = '@cloud-copilot/iam-data'
|
|
9
9
|
|
|
@@ -24,12 +24,28 @@ async function run() {
|
|
|
24
24
|
'iam-shrink',
|
|
25
25
|
{},
|
|
26
26
|
{
|
|
27
|
+
removeSids: {
|
|
28
|
+
type: 'boolean',
|
|
29
|
+
description: 'Remove Sid fields from the policy statements',
|
|
30
|
+
character: 's'
|
|
31
|
+
},
|
|
32
|
+
removeWhitespace: {
|
|
33
|
+
type: 'boolean',
|
|
34
|
+
description: 'Remove whitespace from the policy output',
|
|
35
|
+
character: 'w'
|
|
36
|
+
},
|
|
27
37
|
iterations: {
|
|
28
38
|
type: 'number',
|
|
29
39
|
description:
|
|
30
40
|
'How many iterations of shrinking should be executed, defaults to 2; zero or less means no limit',
|
|
31
41
|
values: 'single'
|
|
32
42
|
},
|
|
43
|
+
levels: {
|
|
44
|
+
type: 'enum',
|
|
45
|
+
description: 'The access levels to reduce in the policy, defaults to all levels',
|
|
46
|
+
values: 'multiple',
|
|
47
|
+
validValues: allActionAccessLevels
|
|
48
|
+
},
|
|
33
49
|
readWaitMs: {
|
|
34
50
|
description: 'Milliseconds to wait for the first byte from stdin before timing out',
|
|
35
51
|
values: 'single',
|
|
@@ -68,7 +84,8 @@ async function run() {
|
|
|
68
84
|
//If no actions are provided, read from stdin
|
|
69
85
|
const stdInResult = await parseStdIn(shrinkArgs)
|
|
70
86
|
if (stdInResult.object) {
|
|
71
|
-
|
|
87
|
+
const spaces = shrinkArgs.removeWhitespace ? 0 : 2
|
|
88
|
+
console.log(JSON.stringify(stdInResult.object, null, spaces))
|
|
72
89
|
return
|
|
73
90
|
} else if (stdInResult.strings) {
|
|
74
91
|
actionStrings.push(...stdInResult.strings)
|
package/src/shrink.test.ts
CHANGED
|
@@ -1,11 +1,14 @@
|
|
|
1
|
+
import { iamActionDetails } from '@cloud-copilot/iam-data'
|
|
1
2
|
import { expandIamActions } from '@cloud-copilot/iam-expand'
|
|
2
3
|
import { beforeEach } from 'node:test'
|
|
3
4
|
import { describe, expect, it, vi } from 'vitest'
|
|
4
5
|
import {
|
|
6
|
+
ActionAccessLevel,
|
|
5
7
|
consolidateWildcardPatterns,
|
|
6
8
|
countSubstrings,
|
|
7
9
|
findCommonSequences,
|
|
8
10
|
groupActionsByService,
|
|
11
|
+
isAllAccessLevels,
|
|
9
12
|
mapActions,
|
|
10
13
|
reduceAction,
|
|
11
14
|
regexForWildcardAction,
|
|
@@ -18,10 +21,12 @@ import {
|
|
|
18
21
|
import { validateShrinkResults } from './validate.js'
|
|
19
22
|
|
|
20
23
|
vi.mock('@cloud-copilot/iam-expand')
|
|
24
|
+
vi.mock('@cloud-copilot/iam-data')
|
|
21
25
|
vi.mock('./validate.js')
|
|
22
26
|
|
|
23
27
|
const mockExpandIamActions = vi.mocked(expandIamActions)
|
|
24
28
|
const mockValidateShrinkResults = vi.mocked(validateShrinkResults)
|
|
29
|
+
const mockIamActionDetails = vi.mocked(iamActionDetails)
|
|
25
30
|
|
|
26
31
|
beforeEach(() => {
|
|
27
32
|
vi.resetAllMocks()
|
|
@@ -542,10 +547,10 @@ describe('shrink.ts', () => {
|
|
|
542
547
|
})
|
|
543
548
|
|
|
544
549
|
//When shrink is called
|
|
545
|
-
const result = await shrink(actions, {})
|
|
550
|
+
const result = await shrink(actions, { levels: [] })
|
|
546
551
|
|
|
547
552
|
//Then we should get the reduced actions
|
|
548
|
-
expect(result).toEqual(['s3:Get*VersionAcl', 's3:*Tagging'])
|
|
553
|
+
expect(result).toEqual(['s3:Get*VersionAcl', 's3:*Tagging'].sort())
|
|
549
554
|
})
|
|
550
555
|
|
|
551
556
|
it('should throw an error if the shrink does not validate', async () => {
|
|
@@ -569,7 +574,7 @@ describe('shrink.ts', () => {
|
|
|
569
574
|
)
|
|
570
575
|
})
|
|
571
576
|
|
|
572
|
-
it('should return an all actions wildcard if one is provided', async () => {
|
|
577
|
+
it('should return an all actions wildcard if one is provided and all accessLevels are reducible', async () => {
|
|
573
578
|
//Given a list of actions that includes a global wildcard
|
|
574
579
|
const actions = ['*', 's3:GetObjectTagging', 's3:PutObjectTagging']
|
|
575
580
|
|
|
@@ -580,6 +585,24 @@ describe('shrink.ts', () => {
|
|
|
580
585
|
expect(result).toEqual(['*'])
|
|
581
586
|
})
|
|
582
587
|
|
|
588
|
+
it('should not return an all actions wildcard if one is provided and all accessLevels are reducible', async () => {
|
|
589
|
+
//Given a list of actions that includes a global wildcard
|
|
590
|
+
const actions = ['*', 's3:GetObjectTagging', 's3:PutObjectTagging']
|
|
591
|
+
|
|
592
|
+
mockIamActionDetails.mockImplementation(async (service: string, action: string) => {
|
|
593
|
+
if (action.startsWith('Get')) {
|
|
594
|
+
return { accessLevel: 'Read' }
|
|
595
|
+
}
|
|
596
|
+
return { accessLevel: 'Permissions management' } as any
|
|
597
|
+
})
|
|
598
|
+
|
|
599
|
+
//When shrink is called
|
|
600
|
+
const result = await shrink(actions, { levels: ['read'] })
|
|
601
|
+
|
|
602
|
+
//Then we should get back the single wildcard
|
|
603
|
+
expect(result.length > 1).toBe(true)
|
|
604
|
+
})
|
|
605
|
+
|
|
583
606
|
it('should return an all actions wildcard if a string of multiple asterisks is included', async () => {
|
|
584
607
|
//Given a list of actions that includes a global wildcard
|
|
585
608
|
const actions = ['***', 's3:GetObjectTagging', 's3:PutObjectTagging']
|
|
@@ -590,5 +613,116 @@ describe('shrink.ts', () => {
|
|
|
590
613
|
//Then we should get back the single wildcard
|
|
591
614
|
expect(result).toEqual(['*'])
|
|
592
615
|
})
|
|
616
|
+
|
|
617
|
+
it('should only reduce actions for the specified access types', async () => {
|
|
618
|
+
//Given a list of actions
|
|
619
|
+
const actions = [
|
|
620
|
+
's3:GetObjectTagging',
|
|
621
|
+
's3:GetObject',
|
|
622
|
+
's3:GetObjectVersionAcl',
|
|
623
|
+
's3:GetObjectVersions',
|
|
624
|
+
's3:PutObjectTagging',
|
|
625
|
+
's3:PutObject',
|
|
626
|
+
's3:PutObjectVersionAcl',
|
|
627
|
+
's3:PutObjectVersions',
|
|
628
|
+
's3:GetBucketTagging',
|
|
629
|
+
's3:GetObjectVersionAcl',
|
|
630
|
+
's3:ListAllMyBuckets',
|
|
631
|
+
's3:ListBucket',
|
|
632
|
+
's3:ListBucketVersions'
|
|
633
|
+
]
|
|
634
|
+
|
|
635
|
+
mockIamActionDetails.mockImplementation(async (service: string, action: string) => {
|
|
636
|
+
if (action.startsWith('Get')) {
|
|
637
|
+
return { accessLevel: 'Read' }
|
|
638
|
+
}
|
|
639
|
+
if (action.startsWith('Put')) {
|
|
640
|
+
return { accessLevel: 'Write' }
|
|
641
|
+
}
|
|
642
|
+
if (action.startsWith('List')) {
|
|
643
|
+
return { accessLevel: 'List' }
|
|
644
|
+
}
|
|
645
|
+
return { accessLevel: 'other' } as any
|
|
646
|
+
})
|
|
647
|
+
|
|
648
|
+
//This makes everything in the list above valid
|
|
649
|
+
mockExpandIamActions.mockImplementation(async (actions: string | string[]) => {
|
|
650
|
+
return [actions].flat()
|
|
651
|
+
})
|
|
652
|
+
|
|
653
|
+
//When shrink is called with only Read access types
|
|
654
|
+
const result = await shrink(actions, { levels: ['list', 'read'] })
|
|
655
|
+
|
|
656
|
+
//Then we should get the reduced actions for Read and List access types
|
|
657
|
+
expect(result).toEqual(
|
|
658
|
+
[
|
|
659
|
+
's3:Get*',
|
|
660
|
+
's3:List*',
|
|
661
|
+
's3:PutObject',
|
|
662
|
+
's3:PutObjectTagging',
|
|
663
|
+
's3:PutObjectVersionAcl',
|
|
664
|
+
's3:PutObjectVersions'
|
|
665
|
+
].sort()
|
|
666
|
+
)
|
|
667
|
+
})
|
|
668
|
+
})
|
|
669
|
+
|
|
670
|
+
describe('isAllAccessLevels', () => {
|
|
671
|
+
it('should return true if all access levels are reducible', async () => {
|
|
672
|
+
//Given a list of all access levels
|
|
673
|
+
const levels = new Set<ActionAccessLevel>(['read', 'write', 'list', 'permissions', 'tagging'])
|
|
674
|
+
|
|
675
|
+
//When we check if all access levels are reducible
|
|
676
|
+
const result = isAllAccessLevels(levels)
|
|
677
|
+
|
|
678
|
+
//Then we should get true
|
|
679
|
+
expect(result).toBe(true)
|
|
680
|
+
})
|
|
681
|
+
|
|
682
|
+
it('should return false if one is missing', async () => {
|
|
683
|
+
//Given a list of all access levels
|
|
684
|
+
const levels = new Set<ActionAccessLevel>(['read', 'write', 'list', 'permissions'])
|
|
685
|
+
|
|
686
|
+
//When we check if all access levels are reducible
|
|
687
|
+
const result = isAllAccessLevels(levels)
|
|
688
|
+
|
|
689
|
+
//Then we should get true
|
|
690
|
+
expect(result).toBe(false)
|
|
691
|
+
})
|
|
692
|
+
|
|
693
|
+
it('should return false if one is missing but a fake one is added', async () => {
|
|
694
|
+
//Given a list of all access levels
|
|
695
|
+
const levels = new Set<ActionAccessLevel>([
|
|
696
|
+
'read',
|
|
697
|
+
'write',
|
|
698
|
+
'list',
|
|
699
|
+
'permissions',
|
|
700
|
+
'fake'
|
|
701
|
+
] as any)
|
|
702
|
+
|
|
703
|
+
//When we check if all access levels are reducible
|
|
704
|
+
const result = isAllAccessLevels(levels)
|
|
705
|
+
|
|
706
|
+
//Then we should get true
|
|
707
|
+
expect(result).toBe(false)
|
|
708
|
+
})
|
|
709
|
+
|
|
710
|
+
it('should return true all are present but there is an extra value', async () => {
|
|
711
|
+
//Given a list of all access levels
|
|
712
|
+
const levels = new Set<ActionAccessLevel>([
|
|
713
|
+
'read',
|
|
714
|
+
'write',
|
|
715
|
+
'list',
|
|
716
|
+
'permissions',
|
|
717
|
+
'tagging',
|
|
718
|
+
'fake'
|
|
719
|
+
] as any)
|
|
720
|
+
|
|
721
|
+
//When we check if all access levels are reducible
|
|
722
|
+
const result = isAllAccessLevels(levels)
|
|
723
|
+
|
|
724
|
+
//Then we should get true
|
|
725
|
+
expect(result).toBe(true)
|
|
726
|
+
})
|
|
593
727
|
})
|
|
594
728
|
})
|
package/src/shrink.ts
CHANGED
|
@@ -1,13 +1,37 @@
|
|
|
1
|
+
import { iamActionDetails } from '@cloud-copilot/iam-data'
|
|
1
2
|
import { expandIamActions } from '@cloud-copilot/iam-expand'
|
|
2
3
|
import { ShrinkValidationError } from './errors.js'
|
|
3
4
|
import { validateShrinkResults } from './validate.js'
|
|
4
5
|
|
|
6
|
+
export type ActionAccessLevel = 'read' | 'write' | 'list' | 'tagging' | 'permissions'
|
|
7
|
+
export const allActionAccessLevels: ActionAccessLevel[] = [
|
|
8
|
+
'read',
|
|
9
|
+
'write',
|
|
10
|
+
'list',
|
|
11
|
+
'tagging',
|
|
12
|
+
'permissions'
|
|
13
|
+
]
|
|
14
|
+
|
|
15
|
+
type ActionDataAccessLevel = 'Read' | 'Write' | 'List' | 'Tagging' | 'Permissions management'
|
|
16
|
+
|
|
17
|
+
const actionLevelMap: Record<ActionDataAccessLevel, ActionAccessLevel> = {
|
|
18
|
+
Read: 'read',
|
|
19
|
+
Write: 'write',
|
|
20
|
+
List: 'list',
|
|
21
|
+
Tagging: 'tagging',
|
|
22
|
+
'Permissions management': 'permissions'
|
|
23
|
+
}
|
|
24
|
+
|
|
5
25
|
export interface ShrinkOptions {
|
|
6
26
|
iterations: number
|
|
27
|
+
removeSids: boolean
|
|
28
|
+
levels: ActionAccessLevel[]
|
|
7
29
|
}
|
|
8
30
|
|
|
9
31
|
const defaultOptions: ShrinkOptions = {
|
|
10
|
-
iterations: 2
|
|
32
|
+
iterations: 2,
|
|
33
|
+
removeSids: false,
|
|
34
|
+
levels: allActionAccessLevels
|
|
11
35
|
}
|
|
12
36
|
|
|
13
37
|
/**
|
|
@@ -28,12 +52,17 @@ export async function shrink(
|
|
|
28
52
|
shrinkOptions?: Partial<ShrinkOptions>
|
|
29
53
|
): Promise<string[]> {
|
|
30
54
|
//Check for an all actions wildcard
|
|
55
|
+
const options = { ...defaultOptions, ...shrinkOptions }
|
|
56
|
+
if (options.levels.length === 0) {
|
|
57
|
+
options.levels = allActionAccessLevels
|
|
58
|
+
}
|
|
59
|
+
const reducibleAccessLevelsSet = new Set(options.levels)
|
|
60
|
+
|
|
31
61
|
const wildCard = desiredPatterns.find((pattern) => collapseAsterisks(pattern) === '*')
|
|
32
|
-
if (wildCard) {
|
|
62
|
+
if (wildCard && isAllAccessLevels(reducibleAccessLevelsSet)) {
|
|
33
63
|
return ['*']
|
|
34
64
|
}
|
|
35
65
|
|
|
36
|
-
const options = { ...defaultOptions, ...shrinkOptions }
|
|
37
66
|
const targetActions = await expandIamActions(desiredPatterns)
|
|
38
67
|
const expandedActionsByService = groupActionsByService(targetActions)
|
|
39
68
|
const services = Array.from(expandedActionsByService.keys()).sort()
|
|
@@ -42,16 +71,24 @@ export async function shrink(
|
|
|
42
71
|
for (const service of services) {
|
|
43
72
|
const desiredActions = expandedActionsByService.get(service)!
|
|
44
73
|
const possibleActions = mapActions(await expandIamActions(`${service}:*`))
|
|
45
|
-
const
|
|
74
|
+
const filteredActions = await filterActionsByAccessLevel(
|
|
75
|
+
service,
|
|
46
76
|
desiredActions.withoutService,
|
|
77
|
+
reducibleAccessLevelsSet
|
|
78
|
+
)
|
|
79
|
+
|
|
80
|
+
const reducedServiceActions = shrinkResolvedList(
|
|
81
|
+
filteredActions.reducibleActions,
|
|
47
82
|
possibleActions,
|
|
48
83
|
options.iterations
|
|
49
84
|
)
|
|
50
85
|
|
|
51
86
|
//Validation
|
|
52
|
-
const reducedServiceActionsWithService =
|
|
53
|
-
(action) => `${service}:${action}`
|
|
54
|
-
|
|
87
|
+
const reducedServiceActionsWithService = [
|
|
88
|
+
...reducedServiceActions.map((action) => `${service}:${action}`),
|
|
89
|
+
...filteredActions.unreducibleActions.map((action) => `${service}:${action}`)
|
|
90
|
+
].sort()
|
|
91
|
+
|
|
55
92
|
const invalidMatch = await validateShrinkResults(
|
|
56
93
|
desiredActions.withService,
|
|
57
94
|
reducedServiceActionsWithService
|
|
@@ -415,3 +452,69 @@ function matchesPattern(general: string, specific: string): boolean {
|
|
|
415
452
|
const regex = new RegExp('^' + general.replace(/\*/g, '.*') + '$')
|
|
416
453
|
return regex.test(specific)
|
|
417
454
|
}
|
|
455
|
+
|
|
456
|
+
/**
|
|
457
|
+
* Get the ActionAccessLevel option value for a given ActionDataAccessLevel
|
|
458
|
+
*
|
|
459
|
+
* @param accessLevel the ActionDataAccessLevel to convert
|
|
460
|
+
* @returns the corresponding ActionAccessLevel
|
|
461
|
+
* @throws if the access level is not recognized
|
|
462
|
+
*/
|
|
463
|
+
function optionAccessLevelForDataAccessLevel(
|
|
464
|
+
accessLevel: ActionDataAccessLevel
|
|
465
|
+
): ActionAccessLevel {
|
|
466
|
+
const result = actionLevelMap[accessLevel]
|
|
467
|
+
if (result) {
|
|
468
|
+
return result
|
|
469
|
+
}
|
|
470
|
+
throw new Error(`Unknown access level: ${accessLevel}`)
|
|
471
|
+
}
|
|
472
|
+
|
|
473
|
+
/**
|
|
474
|
+
* Filter actions into reducable and unreduceable based on the provided access levels
|
|
475
|
+
*
|
|
476
|
+
* @param service the service the actions belong to
|
|
477
|
+
* @param actions the list of actions to filter
|
|
478
|
+
* @param reducibleAccessLevels the set of ActionAccessLevel values that are considered reducible
|
|
479
|
+
* @returns an object with two arrays: reducibleActions and unreducibleActions
|
|
480
|
+
*/
|
|
481
|
+
|
|
482
|
+
async function filterActionsByAccessLevel(
|
|
483
|
+
service: string,
|
|
484
|
+
actions: string[],
|
|
485
|
+
reducibleAccessLevels: Set<ActionAccessLevel>
|
|
486
|
+
): Promise<{ reducibleActions: string[]; unreducibleActions: string[] }> {
|
|
487
|
+
if (isAllAccessLevels(reducibleAccessLevels)) {
|
|
488
|
+
return { reducibleActions: actions, unreducibleActions: [] }
|
|
489
|
+
}
|
|
490
|
+
|
|
491
|
+
const reducibleActions: string[] = []
|
|
492
|
+
const unreducibleActions: string[] = []
|
|
493
|
+
|
|
494
|
+
for (const action of actions) {
|
|
495
|
+
const details = await iamActionDetails(service, action)
|
|
496
|
+
const accessLevel = optionAccessLevelForDataAccessLevel(
|
|
497
|
+
details.accessLevel as ActionDataAccessLevel
|
|
498
|
+
)
|
|
499
|
+
if (reducibleAccessLevels.has(accessLevel)) {
|
|
500
|
+
reducibleActions.push(action)
|
|
501
|
+
} else {
|
|
502
|
+
unreducibleActions.push(action)
|
|
503
|
+
}
|
|
504
|
+
}
|
|
505
|
+
|
|
506
|
+
return { reducibleActions, unreducibleActions }
|
|
507
|
+
}
|
|
508
|
+
|
|
509
|
+
/**
|
|
510
|
+
* Check if all access levels are included in the set
|
|
511
|
+
*
|
|
512
|
+
* @param accessLevels the set of ActionAccessLevel values to check
|
|
513
|
+
* @returns true if all access levels are included
|
|
514
|
+
*/
|
|
515
|
+
export function isAllAccessLevels(accessLevels: Set<ActionAccessLevel>): boolean {
|
|
516
|
+
return (
|
|
517
|
+
accessLevels.size >= allActionAccessLevels.length &&
|
|
518
|
+
!allActionAccessLevels.find((level) => !accessLevels.has(level))
|
|
519
|
+
)
|
|
520
|
+
}
|
package/src/shrink_file.test.ts
CHANGED
|
@@ -69,4 +69,67 @@ describe('shrinkJsonDocument', () => {
|
|
|
69
69
|
Action: 's3:GetObject'
|
|
70
70
|
})
|
|
71
71
|
})
|
|
72
|
+
|
|
73
|
+
it('Should remove SIDs when requested', async () => {
|
|
74
|
+
//Given a JSON document with SIDs
|
|
75
|
+
const document = {
|
|
76
|
+
Version: '2012-10-17',
|
|
77
|
+
Statement: [
|
|
78
|
+
{
|
|
79
|
+
Sid: 'AllowS3Read',
|
|
80
|
+
Action: ['s3:GetObject'],
|
|
81
|
+
Resource: 'arn:aws:s3:::my_bucket'
|
|
82
|
+
}
|
|
83
|
+
]
|
|
84
|
+
}
|
|
85
|
+
|
|
86
|
+
//And a new array of actions is returned
|
|
87
|
+
vi.mocked(shrink).mockResolvedValue(['s3:*'])
|
|
88
|
+
|
|
89
|
+
//When shrinkJsonDocument is called with removeSids option
|
|
90
|
+
const result = await shrinkJsonDocument({ removeSids: true }, document)
|
|
91
|
+
|
|
92
|
+
//Then the SIDs are removed from the document
|
|
93
|
+
expect(result).toEqual({
|
|
94
|
+
Version: '2012-10-17',
|
|
95
|
+
Statement: [
|
|
96
|
+
{
|
|
97
|
+
Action: ['s3:*'],
|
|
98
|
+
Resource: 'arn:aws:s3:::my_bucket'
|
|
99
|
+
}
|
|
100
|
+
]
|
|
101
|
+
})
|
|
102
|
+
})
|
|
103
|
+
|
|
104
|
+
it('should leave sids in place when removeSids is false', async () => {
|
|
105
|
+
//Given a JSON document with SIDs
|
|
106
|
+
const document = {
|
|
107
|
+
Version: '2012-10-17',
|
|
108
|
+
Statement: [
|
|
109
|
+
{
|
|
110
|
+
Sid: 'AllowS3Read',
|
|
111
|
+
Action: ['s3:GetObject'],
|
|
112
|
+
Resource: 'arn:aws:s3:::my_bucket'
|
|
113
|
+
}
|
|
114
|
+
]
|
|
115
|
+
}
|
|
116
|
+
|
|
117
|
+
//And a new array of actions is returned
|
|
118
|
+
vi.mocked(shrink).mockResolvedValue(['s3:*'])
|
|
119
|
+
|
|
120
|
+
//When shrinkJsonDocument is called without removeSids option
|
|
121
|
+
const result = await shrinkJsonDocument({}, document)
|
|
122
|
+
|
|
123
|
+
//Then the SIDs are left in place
|
|
124
|
+
expect(result).toEqual({
|
|
125
|
+
Version: '2012-10-17',
|
|
126
|
+
Statement: [
|
|
127
|
+
{
|
|
128
|
+
Sid: 'AllowS3Read',
|
|
129
|
+
Action: ['s3:*'],
|
|
130
|
+
Resource: 'arn:aws:s3:::my_bucket'
|
|
131
|
+
}
|
|
132
|
+
]
|
|
133
|
+
})
|
|
134
|
+
})
|
|
72
135
|
})
|
package/src/shrink_file.ts
CHANGED
|
@@ -33,7 +33,11 @@ export async function shrinkJsonDocument(
|
|
|
33
33
|
|
|
34
34
|
if (typeof document === 'object' && document !== null) {
|
|
35
35
|
for (const key of Object.keys(document)) {
|
|
36
|
-
|
|
36
|
+
if (key === 'Sid' && typeof document[key] === 'string' && options.removeSids) {
|
|
37
|
+
delete document[key]
|
|
38
|
+
} else {
|
|
39
|
+
document[key] = await shrinkJsonDocument(options, document[key], key)
|
|
40
|
+
}
|
|
37
41
|
}
|
|
38
42
|
return document
|
|
39
43
|
}
|