@cloud-copilot/iam-shrink 0.1.8 → 0.1.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/workflows/pr-checks.yml +15 -2
- package/CHANGELOG.md +9 -0
- package/README.md +21 -0
- package/dist/cjs/cli.js +6 -0
- package/dist/cjs/cli.js.map +1 -1
- package/dist/cjs/shrink.d.ts +10 -0
- package/dist/cjs/shrink.d.ts.map +1 -1
- package/dist/cjs/shrink.js +81 -5
- package/dist/cjs/shrink.js.map +1 -1
- package/dist/esm/cli.js +7 -1
- package/dist/esm/cli.js.map +1 -1
- package/dist/esm/shrink.d.ts +10 -0
- package/dist/esm/shrink.d.ts.map +1 -1
- package/dist/esm/shrink.js +79 -5
- package/dist/esm/shrink.js.map +1 -1
- package/package.json +2 -2
- package/src/cli.ts +7 -1
- package/src/shrink.test.ts +137 -3
- package/src/shrink.ts +108 -7
|
@@ -83,5 +83,18 @@ jobs:
|
|
|
83
83
|
- name: Install GuardDog
|
|
84
84
|
run: pip install guarddog
|
|
85
85
|
|
|
86
|
-
-
|
|
87
|
-
|
|
86
|
+
- name: Run GuardDog scan on src
|
|
87
|
+
run: guarddog npm scan src/ --exit-non-zero-on-finding
|
|
88
|
+
|
|
89
|
+
- name: Check if package.json changed
|
|
90
|
+
id: package_check
|
|
91
|
+
run: |
|
|
92
|
+
if git diff --name-only origin/${{ github.event.pull_request.base.ref }}...HEAD | grep -q '^package\.json$'; then
|
|
93
|
+
echo "changed=true" >> $GITHUB_OUTPUT
|
|
94
|
+
else
|
|
95
|
+
echo "changed=false" >> $GITHUB_OUTPUT
|
|
96
|
+
fi
|
|
97
|
+
|
|
98
|
+
- name: Conditionally run verify on package.json
|
|
99
|
+
if: steps.package_check.outputs.changed == 'true'
|
|
100
|
+
run: guarddog npm verify package.json --exclude-rules empty_information --exit-non-zero-on-finding
|
package/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,12 @@
|
|
|
1
|
+
## [0.1.10](https://github.com/cloud-copilot/iam-shrink/compare/v0.1.9...v0.1.10) (2025-04-10)
|
|
2
|
+
|
|
3
|
+
## [0.1.9](https://github.com/cloud-copilot/iam-shrink/compare/v0.1.8...v0.1.9) (2025-04-09)
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
### Features
|
|
7
|
+
|
|
8
|
+
* Add the ability to specify what access levels should be reduced. ([af2c090](https://github.com/cloud-copilot/iam-shrink/commit/af2c0909ffdd974de576e7c35320b93ebbc92760))
|
|
9
|
+
|
|
1
10
|
## [0.1.8](https://github.com/cloud-copilot/iam-shrink/compare/v0.1.7...v0.1.8) (2025-04-08)
|
|
2
11
|
|
|
3
12
|
|
package/README.md
CHANGED
|
@@ -165,6 +165,27 @@ cat readonly.json | iam-shrink --iterations 0 | wc -m
|
|
|
165
165
|
|
|
166
166
|
If you want to shrink the policy as much as possible, you can use `--iterations 0`. This will keep shrinking the policy until it can't be reduced any further.
|
|
167
167
|
|
|
168
|
+
## Specify Access Levels
|
|
169
|
+
|
|
170
|
+
AWS has [Access Levels](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html#actions_table) that are assigned to all permissions in IAM. They are:
|
|
171
|
+
|
|
172
|
+
- `List`
|
|
173
|
+
- `Read`
|
|
174
|
+
- `Write`
|
|
175
|
+
- `Tagging`
|
|
176
|
+
- `Permissions management`
|
|
177
|
+
|
|
178
|
+
By default iam-shrink will shrink all actions regardless of their access level. You can specify a list of access levels using the `--levels` argument to shrink only those actions.
|
|
179
|
+
|
|
180
|
+
```bash
|
|
181
|
+
# Shrink all actions
|
|
182
|
+
cat big-policy.json | iam-shrink
|
|
183
|
+
|
|
184
|
+
# Shrink only Read, List, and Tagging actions. Write, and Permissions management actions will be included without any wildcards
|
|
185
|
+
cat big-policy.json | iam-shrink --levels read list tagging
|
|
186
|
+
|
|
187
|
+
```
|
|
188
|
+
|
|
168
189
|
## Other CLI Options
|
|
169
190
|
|
|
170
191
|
- `--remove-sids`: Remove all `Sid` fields from the policy.
|
package/dist/cjs/cli.js
CHANGED
|
@@ -35,6 +35,12 @@ async function run() {
|
|
|
35
35
|
description: 'How many iterations of shrinking should be executed, defaults to 2; zero or less means no limit',
|
|
36
36
|
values: 'single'
|
|
37
37
|
},
|
|
38
|
+
levels: {
|
|
39
|
+
type: 'enum',
|
|
40
|
+
description: 'The access levels to reduce in the policy, defaults to all levels',
|
|
41
|
+
values: 'multiple',
|
|
42
|
+
validValues: shrink_js_1.allActionAccessLevels
|
|
43
|
+
},
|
|
38
44
|
readWaitMs: {
|
|
39
45
|
description: 'Milliseconds to wait for the first byte from stdin before timing out',
|
|
40
46
|
values: 'single',
|
package/dist/cjs/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";;;AAEA,4CAAsD;AACtD,sDAA0E;AAC1E,iDAAsE;AACtE,
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";;;AAEA,4CAAsD;AACtD,sDAA0E;AAC1E,iDAAsE;AACtE,2CAA0E;AAE1E,MAAM,WAAW,GAAG,yBAAyB,CAAA;AAE7C,KAAK,UAAU,cAAc,CAAC,OAAiB,EAAE,aAAqC;IACpF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAM,EAAC,OAAO,EAAE,aAAa,CAAC,CAAA;QACnD,KAAK,MAAM,MAAM,IAAI,MAAM,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACrB,CAAC;IACH,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA;QACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,GAAG,GAAG,IAAA,uBAAiB,EAC3B,YAAY,EACZ,EAAE,EACF;QACE,UAAU,EAAE;YACV,IAAI,EAAE,SAAS;YACf,WAAW,EAAE,8CAA8C;YAC3D,SAAS,EAAE,GAAG;SACf;QACD,gBAAgB,EAAE;YAChB,IAAI,EAAE,SAAS;YACf,WAAW,EAAE,0CAA0C;YACvD,SAAS,EAAE,GAAG;SACf;QACD,UAAU,EAAE;YACV,IAAI,EAAE,QAAQ;YACd,WAAW,EACT,iGAAiG;YACnG,MAAM,EAAE,QAAQ;SACjB;QACD,MAAM,EAAE;YACN,IAAI,EAAE,MAAM;YACZ,WAAW,EAAE,mEAAmE;YAChF,MAAM,EAAE,UAAU;YAClB,WAAW,EAAE,iCAAqB;SACnC;QACD,UAAU,EAAE;YACV,WAAW,EAAE,sEAAsE;YACnF,MAAM,EAAE,QAAQ;YAChB,IAAI,EAAE,QAAQ;SACf;QACD,eAAe,EAAE;YACf,SAAS,EAAE,GAAG;YACd,WAAW,EAAE,+DAA+D;YAC5E,IAAI,EAAE,SAAS;SAChB;KACF,EACD;QACE,YAAY,EAAE,QAAQ;QACtB,sBAAsB,EAAE,IAAI;KAC7B,CACF,CAAA;IAED,IAAI,GAAG,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,MAAM,IAAA,yBAAc,GAAE,CAAA;QACtC,OAAO,CAAC,GAAG,CAAC,GAAG,WAAW,aAAa,OAAO,EAAE,CAAC,CAAA;QACjD,OAAO,CAAC,GAAG,CAAC,sBAAsB,MAAM,IAAA,2BAAgB,GAAE,EAAE,CAAC,CAAA;QAC7D,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAA;QAClC,OAAO,CAAC,GAAG,CAAC,gBAAgB,WAAW,EAAE,CAAC,CAAA;QAC1C,OAAO,CAAC,GAAG,CAAC,mBAAmB,WAAW,EAAE,CAAC,CAAA;QAC7C,OAAM;IACR,CAAC;IAED,MAAM,aAAa,GAAG,GAAG,CAAC,QAAQ,CAAA;IAElC,MAAM,UAAU,GAAG,EAAE,GAAG,GAAG,CAAC,IAAI,EAAE,UAAU,EAAE,IAAA,wCAAyB,EAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAA;IAC9F,IAAI,UAAU,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACxC,OAAO,UAAU,CAAC,UAAU,CAAA;IAC9B,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,6CAA6C;QAC7C,MAAM,WAAW,GAAG,MAAM,IAAA,yBAAU,EAAC,UAAU,CAAC,CAAA;QAChD,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;YACvB,MAAM,MAAM,GAAG,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YAClD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC,CAAA;YAC7D,OAAM;QACR,CAAC;aAAM,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YAC/B,aAAa,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,OAAO,CAAC,CAAA;QAC5C,CAAC;IACH,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,cAAc,CAAC,aAAa,EAAE,UAAU,CAAC,CAAA;QAC/C,OAAM;IACR,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAA;IACtD,GAAG,CAAC,SAAS,EAAE,CAAA;AACjB,CAAC;AAED,GAAG,EAAE;KACF,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC;KACD,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;KACd,OAAO,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA"}
|
package/dist/cjs/shrink.d.ts
CHANGED
|
@@ -1,6 +1,9 @@
|
|
|
1
|
+
export type ActionAccessLevel = 'read' | 'write' | 'list' | 'tagging' | 'permissions';
|
|
2
|
+
export declare const allActionAccessLevels: ActionAccessLevel[];
|
|
1
3
|
export interface ShrinkOptions {
|
|
2
4
|
iterations: number;
|
|
3
5
|
removeSids: boolean;
|
|
6
|
+
levels: ActionAccessLevel[];
|
|
4
7
|
}
|
|
5
8
|
/**
|
|
6
9
|
* Shrink the list of desired patterns minus the excluded patterns to the smallest list of patterns
|
|
@@ -129,4 +132,11 @@ export declare function findCommonSequences(actions: string[]): {
|
|
|
129
132
|
* @returns the consolidated list of patterns
|
|
130
133
|
*/
|
|
131
134
|
export declare function consolidateWildcardPatterns(patterns: string[]): string[];
|
|
135
|
+
/**
|
|
136
|
+
* Check if all access levels are included in the set
|
|
137
|
+
*
|
|
138
|
+
* @param accessLevels the set of ActionAccessLevel values to check
|
|
139
|
+
* @returns true if all access levels are included
|
|
140
|
+
*/
|
|
141
|
+
export declare function isAllAccessLevels(accessLevels: Set<ActionAccessLevel>): boolean;
|
|
132
142
|
//# sourceMappingURL=shrink.d.ts.map
|
package/dist/cjs/shrink.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shrink.d.ts","sourceRoot":"","sources":["../../src/shrink.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"shrink.d.ts","sourceRoot":"","sources":["../../src/shrink.ts"],"names":[],"mappings":"AAKA,MAAM,MAAM,iBAAiB,GAAG,MAAM,GAAG,OAAO,GAAG,MAAM,GAAG,SAAS,GAAG,aAAa,CAAA;AACrF,eAAO,MAAM,qBAAqB,EAAE,iBAAiB,EAMpD,CAAA;AAYD,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,OAAO,CAAA;IACnB,MAAM,EAAE,iBAAiB,EAAE,CAAA;CAC5B;AAQD;;;;;;;;;;;;GAYG;AACH,wBAAsB,MAAM,CAC1B,eAAe,EAAE,MAAM,EAAE,EACzB,aAAa,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,GACrC,OAAO,CAAC,MAAM,EAAE,CAAC,CAkDnB;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAEtD;AAED;;;;;;;;;GASG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,MAAM,EAAE,GAChB,GAAG,CAAC,MAAM,EAAE;IAAE,WAAW,EAAE,MAAM,EAAE,CAAC;IAAC,cAAc,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC,CAWlE;AAED;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAChC,cAAc,EAAE,MAAM,EAAE,EACxB,eAAe,EAAE,MAAM,EAAE,EACzB,UAAU,EAAE,MAAM,GACjB,MAAM,EAAE,CAiCV;AAED;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAC7B,cAAc,EAAE,MAAM,EAAE,EACxB,gBAAgB,EAAE,MAAM,EAAE,EAC1B,IAAI,EAAE,OAAO,GACZ,MAAM,EAAE,CAuBV;AAED;;;;;;;;GAQG;AACH,wBAAgB,YAAY,CAC1B,aAAa,EAAE,MAAM,EACrB,QAAQ,EAAE,MAAM,EAChB,gBAAgB,EAAE,MAAM,EAAE,GACzB,MAAM,CAoER;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,CAEhE;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,CAIrE;AAED;;;;;;GAMG;AACH,wBAAgB,8BAA8B,CAAC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAQjG;AAED;;;;;;;;;GASG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAK5D;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,UAAU,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAc5F;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,MAAM,EAAE,GAChB;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,EAAE,CAc3D;AAED;;;;;;;;;GASG;AACH,wBAAgB,2BAA2B,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAsBxE;AAkED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,YAAY,EAAE,GAAG,CAAC,iBAAiB,CAAC,GAAG,OAAO,CAK/E"}
|
package/dist/cjs/shrink.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.allActionAccessLevels = void 0;
|
|
3
4
|
exports.shrink = shrink;
|
|
4
5
|
exports.mapActions = mapActions;
|
|
5
6
|
exports.groupActionsByService = groupActionsByService;
|
|
@@ -13,12 +14,29 @@ exports.splitActionIntoParts = splitActionIntoParts;
|
|
|
13
14
|
exports.countSubstrings = countSubstrings;
|
|
14
15
|
exports.findCommonSequences = findCommonSequences;
|
|
15
16
|
exports.consolidateWildcardPatterns = consolidateWildcardPatterns;
|
|
17
|
+
exports.isAllAccessLevels = isAllAccessLevels;
|
|
18
|
+
const iam_data_1 = require("@cloud-copilot/iam-data");
|
|
16
19
|
const iam_expand_1 = require("@cloud-copilot/iam-expand");
|
|
17
20
|
const errors_js_1 = require("./errors.js");
|
|
18
21
|
const validate_js_1 = require("./validate.js");
|
|
22
|
+
exports.allActionAccessLevels = [
|
|
23
|
+
'read',
|
|
24
|
+
'write',
|
|
25
|
+
'list',
|
|
26
|
+
'tagging',
|
|
27
|
+
'permissions'
|
|
28
|
+
];
|
|
29
|
+
const actionLevelMap = {
|
|
30
|
+
Read: 'read',
|
|
31
|
+
Write: 'write',
|
|
32
|
+
List: 'list',
|
|
33
|
+
Tagging: 'tagging',
|
|
34
|
+
'Permissions management': 'permissions'
|
|
35
|
+
};
|
|
19
36
|
const defaultOptions = {
|
|
20
37
|
iterations: 2,
|
|
21
|
-
removeSids: false
|
|
38
|
+
removeSids: false,
|
|
39
|
+
levels: exports.allActionAccessLevels
|
|
22
40
|
};
|
|
23
41
|
/**
|
|
24
42
|
* Shrink the list of desired patterns minus the excluded patterns to the smallest list of patterns
|
|
@@ -35,11 +53,15 @@ const defaultOptions = {
|
|
|
35
53
|
*/
|
|
36
54
|
async function shrink(desiredPatterns, shrinkOptions) {
|
|
37
55
|
//Check for an all actions wildcard
|
|
56
|
+
const options = { ...defaultOptions, ...shrinkOptions };
|
|
57
|
+
if (options.levels.length === 0) {
|
|
58
|
+
options.levels = exports.allActionAccessLevels;
|
|
59
|
+
}
|
|
60
|
+
const reducibleAccessLevelsSet = new Set(options.levels);
|
|
38
61
|
const wildCard = desiredPatterns.find((pattern) => collapseAsterisks(pattern) === '*');
|
|
39
|
-
if (wildCard) {
|
|
62
|
+
if (wildCard && isAllAccessLevels(reducibleAccessLevelsSet)) {
|
|
40
63
|
return ['*'];
|
|
41
64
|
}
|
|
42
|
-
const options = { ...defaultOptions, ...shrinkOptions };
|
|
43
65
|
const targetActions = await (0, iam_expand_1.expandIamActions)(desiredPatterns);
|
|
44
66
|
const expandedActionsByService = groupActionsByService(targetActions);
|
|
45
67
|
const services = Array.from(expandedActionsByService.keys()).sort();
|
|
@@ -47,9 +69,13 @@ async function shrink(desiredPatterns, shrinkOptions) {
|
|
|
47
69
|
for (const service of services) {
|
|
48
70
|
const desiredActions = expandedActionsByService.get(service);
|
|
49
71
|
const possibleActions = mapActions(await (0, iam_expand_1.expandIamActions)(`${service}:*`));
|
|
50
|
-
const
|
|
72
|
+
const filteredActions = await filterActionsByAccessLevel(service, desiredActions.withoutService, reducibleAccessLevelsSet);
|
|
73
|
+
const reducedServiceActions = shrinkResolvedList(filteredActions.reducibleActions, possibleActions, options.iterations);
|
|
51
74
|
//Validation
|
|
52
|
-
const reducedServiceActionsWithService =
|
|
75
|
+
const reducedServiceActionsWithService = [
|
|
76
|
+
...reducedServiceActions.map((action) => `${service}:${action}`),
|
|
77
|
+
...filteredActions.unreducibleActions.map((action) => `${service}:${action}`)
|
|
78
|
+
].sort();
|
|
53
79
|
const invalidMatch = await (0, validate_js_1.validateShrinkResults)(desiredActions.withService, reducedServiceActionsWithService);
|
|
54
80
|
if (invalidMatch) {
|
|
55
81
|
throw new errors_js_1.ShrinkValidationError(desiredPatterns, invalidMatch);
|
|
@@ -354,4 +380,54 @@ function matchesPattern(general, specific) {
|
|
|
354
380
|
const regex = new RegExp('^' + general.replace(/\*/g, '.*') + '$');
|
|
355
381
|
return regex.test(specific);
|
|
356
382
|
}
|
|
383
|
+
/**
|
|
384
|
+
* Get the ActionAccessLevel option value for a given ActionDataAccessLevel
|
|
385
|
+
*
|
|
386
|
+
* @param accessLevel the ActionDataAccessLevel to convert
|
|
387
|
+
* @returns the corresponding ActionAccessLevel
|
|
388
|
+
* @throws if the access level is not recognized
|
|
389
|
+
*/
|
|
390
|
+
function optionAccessLevelForDataAccessLevel(accessLevel) {
|
|
391
|
+
const result = actionLevelMap[accessLevel];
|
|
392
|
+
if (result) {
|
|
393
|
+
return result;
|
|
394
|
+
}
|
|
395
|
+
throw new Error(`Unknown access level: ${accessLevel}`);
|
|
396
|
+
}
|
|
397
|
+
/**
|
|
398
|
+
* Filter actions into reducable and unreduceable based on the provided access levels
|
|
399
|
+
*
|
|
400
|
+
* @param service the service the actions belong to
|
|
401
|
+
* @param actions the list of actions to filter
|
|
402
|
+
* @param reducibleAccessLevels the set of ActionAccessLevel values that are considered reducible
|
|
403
|
+
* @returns an object with two arrays: reducibleActions and unreducibleActions
|
|
404
|
+
*/
|
|
405
|
+
async function filterActionsByAccessLevel(service, actions, reducibleAccessLevels) {
|
|
406
|
+
if (isAllAccessLevels(reducibleAccessLevels)) {
|
|
407
|
+
return { reducibleActions: actions, unreducibleActions: [] };
|
|
408
|
+
}
|
|
409
|
+
const reducibleActions = [];
|
|
410
|
+
const unreducibleActions = [];
|
|
411
|
+
for (const action of actions) {
|
|
412
|
+
const details = await (0, iam_data_1.iamActionDetails)(service, action);
|
|
413
|
+
const accessLevel = optionAccessLevelForDataAccessLevel(details.accessLevel);
|
|
414
|
+
if (reducibleAccessLevels.has(accessLevel)) {
|
|
415
|
+
reducibleActions.push(action);
|
|
416
|
+
}
|
|
417
|
+
else {
|
|
418
|
+
unreducibleActions.push(action);
|
|
419
|
+
}
|
|
420
|
+
}
|
|
421
|
+
return { reducibleActions, unreducibleActions };
|
|
422
|
+
}
|
|
423
|
+
/**
|
|
424
|
+
* Check if all access levels are included in the set
|
|
425
|
+
*
|
|
426
|
+
* @param accessLevels the set of ActionAccessLevel values to check
|
|
427
|
+
* @returns true if all access levels are included
|
|
428
|
+
*/
|
|
429
|
+
function isAllAccessLevels(accessLevels) {
|
|
430
|
+
return (accessLevels.size >= exports.allActionAccessLevels.length &&
|
|
431
|
+
!exports.allActionAccessLevels.find((level) => !accessLevels.has(level)));
|
|
432
|
+
}
|
|
357
433
|
//# sourceMappingURL=shrink.js.map
|
package/dist/cjs/shrink.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shrink.js","sourceRoot":"","sources":["../../src/shrink.ts"],"names":[],"mappings":";;AA2BA,wBAwCC;AAQD,gCAEC;AAYD,sDAaC;AAWD,gDAqCC;AAUD,0CA2BC;AAWD,oCAwEC;AAQD,8CAEC;AAQD,wDAIC;AASD,wEAQC;AAYD,oDAKC;AASD,0CAcC;AAQD,kDAgBC;AAYD,kEAsBC;AAvZD,0DAA4D;AAC5D,2CAAmD;AACnD,+CAAqD;AAOrD,MAAM,cAAc,GAAkB;IACpC,UAAU,EAAE,CAAC;IACb,UAAU,EAAE,KAAK;CAClB,CAAA;AAED;;;;;;;;;;;;GAYG;AACI,KAAK,UAAU,MAAM,CAC1B,eAAyB,EACzB,aAAsC;IAEtC,mCAAmC;IACnC,MAAM,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,CAAA;IACtF,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,CAAA;IACd,CAAC;IAED,MAAM,OAAO,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,aAAa,EAAE,CAAA;IACvD,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,EAAC,eAAe,CAAC,CAAA;IAC7D,MAAM,wBAAwB,GAAG,qBAAqB,CAAC,aAAa,CAAC,CAAA;IACrE,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAA;IAEnE,MAAM,cAAc,GAAa,EAAE,CAAA;IACnC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,cAAc,GAAG,wBAAwB,CAAC,GAAG,CAAC,OAAO,CAAE,CAAA;QAC7D,MAAM,eAAe,GAAG,UAAU,CAAC,MAAM,IAAA,6BAAgB,EAAC,GAAG,OAAO,IAAI,CAAC,CAAC,CAAA;QAC1E,MAAM,qBAAqB,GAAG,kBAAkB,CAC9C,cAAc,CAAC,cAAc,EAC7B,eAAe,EACf,OAAO,CAAC,UAAU,CACnB,CAAA;QAED,YAAY;QACZ,MAAM,gCAAgC,GAAG,qBAAqB,CAAC,GAAG,CAChE,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,OAAO,IAAI,MAAM,EAAE,CACnC,CAAA;QACD,MAAM,YAAY,GAAG,MAAM,IAAA,mCAAqB,EAC9C,cAAc,CAAC,WAAW,EAC1B,gCAAgC,CACjC,CAAA;QACD,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,IAAI,iCAAqB,CAAC,eAAe,EAAE,YAAY,CAAC,CAAA;QAChE,CAAC;QACD,cAAc,CAAC,IAAI,CAAC,GAAG,gCAAgC,CAAC,CAAA;IAC1D,CAAC;IAED,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,UAAU,CAAC,OAAiB;IAC1C,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;AACtD,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,qBAAqB,CACnC,OAAiB;IAEjB,MAAM,UAAU,GAAG,IAAI,GAAG,EAA+D,CAAA;IACzF,OAAO,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,EAAE;QAC/B,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACjD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC,CAAA;QAClE,CAAC;QACD,UAAU,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QACvD,UAAU,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IACtD,CAAC,CAAC,CAAA;IACF,OAAO,UAAU,CAAA;AACnB,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,kBAAkB,CAChC,cAAwB,EACxB,eAAyB,EACzB,UAAkB;IAElB,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,CAAA;IAChD,MAAM,gBAAgB,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAA;IAE1F,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,oEAAoE;QACpE,OAAO,CAAC,GAAG,CAAC,CAAA;IACd,CAAC;IAED,sFAAsF;IACtF,IAAI,wBAAwB,GAAG,cAAc,CAAC,MAAM,CAAA;IACpD,IAAI,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,CAAA;IAEvC,GAAG,CAAC;QACF,wBAAwB,GAAG,UAAU,CAAC,MAAM,CAAA;QAC5C,UAAU,GAAG,eAAe,CAAC,UAAU,EAAE,gBAAgB,EAAE,KAAK,CAAC,CAAA;QACjE,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;QAC3B,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;YACpB,OAAO,UAAU,CAAA;QACnB,CAAC;IACH,CAAC,QAAQ,UAAU,CAAC,MAAM,GAAG,wBAAwB,EAAC;IAEtD,iFAAiF;IACjF,GAAG,CAAC;QACF,wBAAwB,GAAG,UAAU,CAAC,MAAM,CAAA;QAC5C,UAAU,GAAG,eAAe,CAAC,UAAU,EAAE,gBAAgB,EAAE,IAAI,CAAC,CAAA;QAChE,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;QAC3B,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;YACpB,OAAO,UAAU,CAAA;QACnB,CAAC;IACH,CAAC,QAAQ,UAAU,CAAC,MAAM,GAAG,wBAAwB,EAAC;IAEtD,OAAO,UAAU,CAAA;AACnB,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,eAAe,CAC7B,cAAwB,EACxB,gBAA0B,EAC1B,IAAa;IAEb,mEAAmE;IACnE,MAAM,eAAe,GAAG,mBAAmB,CAAC,cAAc,CAAC,CAAC,MAAM,CAChE,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,IAAI,GAAG,CACvC,CAAA;IACD,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC5B,OAAO,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAA;IAClC,CAAC,CAAC,CAAA;IAEF,MAAM,kBAAkB,GAAG,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;IAE/E,mDAAmD;IACnD,IAAI,cAAc,GAAG,cAAc,CAAA;IACnC,KAAK,MAAM,QAAQ,IAAI,kBAAkB,EAAE,CAAC;QAC1C,MAAM,gBAAgB,GAAG,KAAK,CAAC,IAAI,CACjC,IAAI,GAAG,CACL,cAAc,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAC1F,CACF,CAAA;QACD,cAAc,GAAG,2BAA2B,CAAC,gBAAgB,CAAC,CAAA;IAChE,CAAC;IAED,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,YAAY,CAC1B,aAAqB,EACrB,QAAgB,EAChB,gBAA0B;IAE1B,MAAM,SAAS,GAAG,oBAAoB,CAAC,aAAa,CAAC,CAAA;IACrD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,aAAa,CAAA;IACtB,CAAC;IACD,MAAM,eAAe,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;IACnD,IAAI,YAAY,GAAG,aAAa,CAAA;IAEhC,IAAI,eAAe,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,6HAA6H;QAC7H,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC1C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;QAED,sBAAsB;IACxB,CAAC;SAAM,IAAI,eAAe,KAAK,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpD,gBAAgB;QAChB,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YAED,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;IACH,CAAC;SAAM,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;QAC/B,mBAAmB;QACnB,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,eAAe,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5D,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,2FAA2F;gBAC3F,SAAS,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAA;gBAC3B,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;QACD,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,eAAe,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC9C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAA;AACrB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAAC,cAAsB;IACtD,OAAO,cAAc,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;AAC5C,CAAC;AAED;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,cAAsB;IAC3D,cAAc,GAAG,iBAAiB,CAAC,cAAc,CAAC,CAAA;IAClD,MAAM,OAAO,GAAG,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,GAAG,CAAA;IAChE,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;AACjC,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,8BAA8B,CAAC,cAAsB,EAAE,OAAiB;IACtF,MAAM,KAAK,GAAG,sBAAsB,CAAC,cAAc,CAAC,CAAA;IACpD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACvB,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,oBAAoB,CAAC,KAAa;IAChD,8FAA8F;IAC9F,oDAAoD;IACpD,sEAAsE;IACtE,OAAO,KAAK,CAAC,KAAK,CAAC,+DAA+D,CAAC,CAAA;AACrF,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,eAAe,CAAC,UAAoB,EAAE,OAAiB;IACrE,MAAM,cAAc,GAAG,IAAI,GAAG,EAAkB,CAAA;IAChD,UAAU,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE;QAC/B,IAAI,KAAK,GAAG,CAAC,CAAA;QACb,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;YACzB,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC/B,KAAK,EAAE,CAAA;YACT,CAAC;QACH,CAAC,CAAC,CAAA;QACF,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACd,cAAc,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;QACtC,CAAC;IACH,CAAC,CAAC,CAAA;IACF,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,mBAAmB,CACjC,OAAiB;IAEjB,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAA;IACvC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;QACzB,oBAAoB,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAA;IACnF,CAAC,CAAC,CAAA;IAEF,MAAM,cAAc,GAAG,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,OAAO,CAAC,CAAA;IAE1E,MAAM,MAAM,GAAU,EAAE,CAAA;IACxB,cAAc,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE;QAC7C,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;IAC/D,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,2BAA2B,CAAC,QAAkB;IAC5D,8CAA8C;IAC9C,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAA;IAE5C,IAAI,oBAAoB,GAAa,EAAE,CAAA;IACvC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,kCAAkC;QAClC,MAAM,wBAAwB,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE,CAC1E,cAAc,CAAC,YAAY,EAAE,OAAO,CAAC,CACtC,CAAA;QACD,IAAI,wBAAwB,EAAE,CAAC;YAC7B,SAAQ;QACV,CAAC;QAED,mDAAmD;QACnD,oBAAoB,GAAG,oBAAoB,CAAC,MAAM,CAChD,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,CAAC,CACzD,CAAA;QAED,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IACpC,CAAC;IACD,OAAO,oBAAoB,CAAA;AAC7B,CAAC;AAED;;;;;GAKG;AACH,SAAS,cAAc,CAAC,OAAe,EAAE,QAAgB;IACvD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,GAAG,CAAC,CAAA;IAClE,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;AAC7B,CAAC"}
|
|
1
|
+
{"version":3,"file":"shrink.js","sourceRoot":"","sources":["../../src/shrink.ts"],"names":[],"mappings":";;;AAiDA,wBAqDC;AAQD,gCAEC;AAYD,sDAaC;AAWD,gDAqCC;AAUD,0CA2BC;AAWD,oCAwEC;AAQD,8CAEC;AAQD,wDAIC;AASD,wEAQC;AAYD,oDAKC;AASD,0CAcC;AAQD,kDAgBC;AAYD,kEAsBC;AAwED,8CAKC;AAvgBD,sDAA0D;AAC1D,0DAA4D;AAC5D,2CAAmD;AACnD,+CAAqD;AAGxC,QAAA,qBAAqB,GAAwB;IACxD,MAAM;IACN,OAAO;IACP,MAAM;IACN,SAAS;IACT,aAAa;CACd,CAAA;AAID,MAAM,cAAc,GAAqD;IACvE,IAAI,EAAE,MAAM;IACZ,KAAK,EAAE,OAAO;IACd,IAAI,EAAE,MAAM;IACZ,OAAO,EAAE,SAAS;IAClB,wBAAwB,EAAE,aAAa;CACxC,CAAA;AAQD,MAAM,cAAc,GAAkB;IACpC,UAAU,EAAE,CAAC;IACb,UAAU,EAAE,KAAK;IACjB,MAAM,EAAE,6BAAqB;CAC9B,CAAA;AAED;;;;;;;;;;;;GAYG;AACI,KAAK,UAAU,MAAM,CAC1B,eAAyB,EACzB,aAAsC;IAEtC,mCAAmC;IACnC,MAAM,OAAO,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,aAAa,EAAE,CAAA;IACvD,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,OAAO,CAAC,MAAM,GAAG,6BAAqB,CAAA;IACxC,CAAC;IACD,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;IAExD,MAAM,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,CAAA;IACtF,IAAI,QAAQ,IAAI,iBAAiB,CAAC,wBAAwB,CAAC,EAAE,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,CAAA;IACd,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,EAAC,eAAe,CAAC,CAAA;IAC7D,MAAM,wBAAwB,GAAG,qBAAqB,CAAC,aAAa,CAAC,CAAA;IACrE,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAA;IAEnE,MAAM,cAAc,GAAa,EAAE,CAAA;IACnC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,cAAc,GAAG,wBAAwB,CAAC,GAAG,CAAC,OAAO,CAAE,CAAA;QAC7D,MAAM,eAAe,GAAG,UAAU,CAAC,MAAM,IAAA,6BAAgB,EAAC,GAAG,OAAO,IAAI,CAAC,CAAC,CAAA;QAC1E,MAAM,eAAe,GAAG,MAAM,0BAA0B,CACtD,OAAO,EACP,cAAc,CAAC,cAAc,EAC7B,wBAAwB,CACzB,CAAA;QAED,MAAM,qBAAqB,GAAG,kBAAkB,CAC9C,eAAe,CAAC,gBAAgB,EAChC,eAAe,EACf,OAAO,CAAC,UAAU,CACnB,CAAA;QAED,YAAY;QACZ,MAAM,gCAAgC,GAAG;YACvC,GAAG,qBAAqB,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,OAAO,IAAI,MAAM,EAAE,CAAC;YAChE,GAAG,eAAe,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,OAAO,IAAI,MAAM,EAAE,CAAC;SAC9E,CAAC,IAAI,EAAE,CAAA;QAER,MAAM,YAAY,GAAG,MAAM,IAAA,mCAAqB,EAC9C,cAAc,CAAC,WAAW,EAC1B,gCAAgC,CACjC,CAAA;QACD,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,IAAI,iCAAqB,CAAC,eAAe,EAAE,YAAY,CAAC,CAAA;QAChE,CAAC;QACD,cAAc,CAAC,IAAI,CAAC,GAAG,gCAAgC,CAAC,CAAA;IAC1D,CAAC;IAED,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,UAAU,CAAC,OAAiB;IAC1C,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;AACtD,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,qBAAqB,CACnC,OAAiB;IAEjB,MAAM,UAAU,GAAG,IAAI,GAAG,EAA+D,CAAA;IACzF,OAAO,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,EAAE;QAC/B,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACjD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC,CAAA;QAClE,CAAC;QACD,UAAU,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QACvD,UAAU,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IACtD,CAAC,CAAC,CAAA;IACF,OAAO,UAAU,CAAA;AACnB,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,kBAAkB,CAChC,cAAwB,EACxB,eAAyB,EACzB,UAAkB;IAElB,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,CAAA;IAChD,MAAM,gBAAgB,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAA;IAE1F,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,oEAAoE;QACpE,OAAO,CAAC,GAAG,CAAC,CAAA;IACd,CAAC;IAED,sFAAsF;IACtF,IAAI,wBAAwB,GAAG,cAAc,CAAC,MAAM,CAAA;IACpD,IAAI,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,CAAA;IAEvC,GAAG,CAAC;QACF,wBAAwB,GAAG,UAAU,CAAC,MAAM,CAAA;QAC5C,UAAU,GAAG,eAAe,CAAC,UAAU,EAAE,gBAAgB,EAAE,KAAK,CAAC,CAAA;QACjE,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;QAC3B,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;YACpB,OAAO,UAAU,CAAA;QACnB,CAAC;IACH,CAAC,QAAQ,UAAU,CAAC,MAAM,GAAG,wBAAwB,EAAC;IAEtD,iFAAiF;IACjF,GAAG,CAAC;QACF,wBAAwB,GAAG,UAAU,CAAC,MAAM,CAAA;QAC5C,UAAU,GAAG,eAAe,CAAC,UAAU,EAAE,gBAAgB,EAAE,IAAI,CAAC,CAAA;QAChE,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;QAC3B,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;YACpB,OAAO,UAAU,CAAA;QACnB,CAAC;IACH,CAAC,QAAQ,UAAU,CAAC,MAAM,GAAG,wBAAwB,EAAC;IAEtD,OAAO,UAAU,CAAA;AACnB,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,eAAe,CAC7B,cAAwB,EACxB,gBAA0B,EAC1B,IAAa;IAEb,mEAAmE;IACnE,MAAM,eAAe,GAAG,mBAAmB,CAAC,cAAc,CAAC,CAAC,MAAM,CAChE,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,IAAI,GAAG,CACvC,CAAA;IACD,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC5B,OAAO,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAA;IAClC,CAAC,CAAC,CAAA;IAEF,MAAM,kBAAkB,GAAG,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;IAE/E,mDAAmD;IACnD,IAAI,cAAc,GAAG,cAAc,CAAA;IACnC,KAAK,MAAM,QAAQ,IAAI,kBAAkB,EAAE,CAAC;QAC1C,MAAM,gBAAgB,GAAG,KAAK,CAAC,IAAI,CACjC,IAAI,GAAG,CACL,cAAc,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAC1F,CACF,CAAA;QACD,cAAc,GAAG,2BAA2B,CAAC,gBAAgB,CAAC,CAAA;IAChE,CAAC;IAED,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,YAAY,CAC1B,aAAqB,EACrB,QAAgB,EAChB,gBAA0B;IAE1B,MAAM,SAAS,GAAG,oBAAoB,CAAC,aAAa,CAAC,CAAA;IACrD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,aAAa,CAAA;IACtB,CAAC;IACD,MAAM,eAAe,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;IACnD,IAAI,YAAY,GAAG,aAAa,CAAA;IAEhC,IAAI,eAAe,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,6HAA6H;QAC7H,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC1C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;QAED,sBAAsB;IACxB,CAAC;SAAM,IAAI,eAAe,KAAK,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpD,gBAAgB;QAChB,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YAED,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;IACH,CAAC;SAAM,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;QAC/B,mBAAmB;QACnB,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,eAAe,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5D,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,2FAA2F;gBAC3F,SAAS,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAA;gBAC3B,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;QACD,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,eAAe,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC9C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAA;AACrB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAAC,cAAsB;IACtD,OAAO,cAAc,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;AAC5C,CAAC;AAED;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,cAAsB;IAC3D,cAAc,GAAG,iBAAiB,CAAC,cAAc,CAAC,CAAA;IAClD,MAAM,OAAO,GAAG,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,GAAG,CAAA;IAChE,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;AACjC,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,8BAA8B,CAAC,cAAsB,EAAE,OAAiB;IACtF,MAAM,KAAK,GAAG,sBAAsB,CAAC,cAAc,CAAC,CAAA;IACpD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACvB,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,oBAAoB,CAAC,KAAa;IAChD,8FAA8F;IAC9F,oDAAoD;IACpD,sEAAsE;IACtE,OAAO,KAAK,CAAC,KAAK,CAAC,+DAA+D,CAAC,CAAA;AACrF,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,eAAe,CAAC,UAAoB,EAAE,OAAiB;IACrE,MAAM,cAAc,GAAG,IAAI,GAAG,EAAkB,CAAA;IAChD,UAAU,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE;QAC/B,IAAI,KAAK,GAAG,CAAC,CAAA;QACb,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;YACzB,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC/B,KAAK,EAAE,CAAA;YACT,CAAC;QACH,CAAC,CAAC,CAAA;QACF,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACd,cAAc,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;QACtC,CAAC;IACH,CAAC,CAAC,CAAA;IACF,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,mBAAmB,CACjC,OAAiB;IAEjB,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAA;IACvC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;QACzB,oBAAoB,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAA;IACnF,CAAC,CAAC,CAAA;IAEF,MAAM,cAAc,GAAG,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,OAAO,CAAC,CAAA;IAE1E,MAAM,MAAM,GAAU,EAAE,CAAA;IACxB,cAAc,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE;QAC7C,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;IAC/D,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,2BAA2B,CAAC,QAAkB;IAC5D,8CAA8C;IAC9C,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAA;IAE5C,IAAI,oBAAoB,GAAa,EAAE,CAAA;IACvC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,kCAAkC;QAClC,MAAM,wBAAwB,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE,CAC1E,cAAc,CAAC,YAAY,EAAE,OAAO,CAAC,CACtC,CAAA;QACD,IAAI,wBAAwB,EAAE,CAAC;YAC7B,SAAQ;QACV,CAAC;QAED,mDAAmD;QACnD,oBAAoB,GAAG,oBAAoB,CAAC,MAAM,CAChD,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,CAAC,CACzD,CAAA;QAED,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IACpC,CAAC;IACD,OAAO,oBAAoB,CAAA;AAC7B,CAAC;AAED;;;;;GAKG;AACH,SAAS,cAAc,CAAC,OAAe,EAAE,QAAgB;IACvD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,GAAG,CAAC,CAAA;IAClE,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;AAC7B,CAAC;AAED;;;;;;GAMG;AACH,SAAS,mCAAmC,CAC1C,WAAkC;IAElC,MAAM,MAAM,GAAG,cAAc,CAAC,WAAW,CAAC,CAAA;IAC1C,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,MAAM,CAAA;IACf,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,yBAAyB,WAAW,EAAE,CAAC,CAAA;AACzD,CAAC;AAED;;;;;;;GAOG;AAEH,KAAK,UAAU,0BAA0B,CACvC,OAAe,EACf,OAAiB,EACjB,qBAA6C;IAE7C,IAAI,iBAAiB,CAAC,qBAAqB,CAAC,EAAE,CAAC;QAC7C,OAAO,EAAE,gBAAgB,EAAE,OAAO,EAAE,kBAAkB,EAAE,EAAE,EAAE,CAAA;IAC9D,CAAC;IAED,MAAM,gBAAgB,GAAa,EAAE,CAAA;IACrC,MAAM,kBAAkB,GAAa,EAAE,CAAA;IAEvC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QACvD,MAAM,WAAW,GAAG,mCAAmC,CACrD,OAAO,CAAC,WAAoC,CAC7C,CAAA;QACD,IAAI,qBAAqB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;YAC3C,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAC/B,CAAC;aAAM,CAAC;YACN,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QACjC,CAAC;IACH,CAAC;IAED,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,CAAA;AACjD,CAAC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAAC,YAAoC;IACpE,OAAO,CACL,YAAY,CAAC,IAAI,IAAI,6BAAqB,CAAC,MAAM;QACjD,CAAC,6BAAqB,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CACjE,CAAA;AACH,CAAC"}
|
package/dist/esm/cli.js
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
import { parseCliArguments } from '@cloud-copilot/cli';
|
|
3
3
|
import { iamDataUpdatedAt, iamDataVersion } from '@cloud-copilot/iam-data';
|
|
4
4
|
import { convertNumberOfIterations, parseStdIn } from './cli_utils.js';
|
|
5
|
-
import { shrink } from './shrink.js';
|
|
5
|
+
import { allActionAccessLevels, shrink } from './shrink.js';
|
|
6
6
|
const dataPackage = '@cloud-copilot/iam-data';
|
|
7
7
|
async function shrinkAndPrint(actions, shrinkOptions) {
|
|
8
8
|
try {
|
|
@@ -33,6 +33,12 @@ async function run() {
|
|
|
33
33
|
description: 'How many iterations of shrinking should be executed, defaults to 2; zero or less means no limit',
|
|
34
34
|
values: 'single'
|
|
35
35
|
},
|
|
36
|
+
levels: {
|
|
37
|
+
type: 'enum',
|
|
38
|
+
description: 'The access levels to reduce in the policy, defaults to all levels',
|
|
39
|
+
values: 'multiple',
|
|
40
|
+
validValues: allActionAccessLevels
|
|
41
|
+
},
|
|
36
42
|
readWaitMs: {
|
|
37
43
|
description: 'Milliseconds to wait for the first byte from stdin before timing out',
|
|
38
44
|
values: 'single',
|
package/dist/esm/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAA;AACtD,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAA;AAC1E,OAAO,EAAE,yBAAyB,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AACtE,OAAO,EAAE,MAAM,EAAiB,MAAM,aAAa,CAAA;
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAA;AACtD,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAA;AAC1E,OAAO,EAAE,yBAAyB,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AACtE,OAAO,EAAE,qBAAqB,EAAE,MAAM,EAAiB,MAAM,aAAa,CAAA;AAE1E,MAAM,WAAW,GAAG,yBAAyB,CAAA;AAE7C,KAAK,UAAU,cAAc,CAAC,OAAiB,EAAE,aAAqC;IACpF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,EAAE,aAAa,CAAC,CAAA;QACnD,KAAK,MAAM,MAAM,IAAI,MAAM,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACrB,CAAC;IACH,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA;QACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,GAAG,GAAG,iBAAiB,CAC3B,YAAY,EACZ,EAAE,EACF;QACE,UAAU,EAAE;YACV,IAAI,EAAE,SAAS;YACf,WAAW,EAAE,8CAA8C;YAC3D,SAAS,EAAE,GAAG;SACf;QACD,gBAAgB,EAAE;YAChB,IAAI,EAAE,SAAS;YACf,WAAW,EAAE,0CAA0C;YACvD,SAAS,EAAE,GAAG;SACf;QACD,UAAU,EAAE;YACV,IAAI,EAAE,QAAQ;YACd,WAAW,EACT,iGAAiG;YACnG,MAAM,EAAE,QAAQ;SACjB;QACD,MAAM,EAAE;YACN,IAAI,EAAE,MAAM;YACZ,WAAW,EAAE,mEAAmE;YAChF,MAAM,EAAE,UAAU;YAClB,WAAW,EAAE,qBAAqB;SACnC;QACD,UAAU,EAAE;YACV,WAAW,EAAE,sEAAsE;YACnF,MAAM,EAAE,QAAQ;YAChB,IAAI,EAAE,QAAQ;SACf;QACD,eAAe,EAAE;YACf,SAAS,EAAE,GAAG;YACd,WAAW,EAAE,+DAA+D;YAC5E,IAAI,EAAE,SAAS;SAChB;KACF,EACD;QACE,YAAY,EAAE,QAAQ;QACtB,sBAAsB,EAAE,IAAI;KAC7B,CACF,CAAA;IAED,IAAI,GAAG,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,MAAM,cAAc,EAAE,CAAA;QACtC,OAAO,CAAC,GAAG,CAAC,GAAG,WAAW,aAAa,OAAO,EAAE,CAAC,CAAA;QACjD,OAAO,CAAC,GAAG,CAAC,sBAAsB,MAAM,gBAAgB,EAAE,EAAE,CAAC,CAAA;QAC7D,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAA;QAClC,OAAO,CAAC,GAAG,CAAC,gBAAgB,WAAW,EAAE,CAAC,CAAA;QAC1C,OAAO,CAAC,GAAG,CAAC,mBAAmB,WAAW,EAAE,CAAC,CAAA;QAC7C,OAAM;IACR,CAAC;IAED,MAAM,aAAa,GAAG,GAAG,CAAC,QAAQ,CAAA;IAElC,MAAM,UAAU,GAAG,EAAE,GAAG,GAAG,CAAC,IAAI,EAAE,UAAU,EAAE,yBAAyB,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAA;IAC9F,IAAI,UAAU,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACxC,OAAO,UAAU,CAAC,UAAU,CAAA;IAC9B,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,6CAA6C;QAC7C,MAAM,WAAW,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAA;QAChD,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;YACvB,MAAM,MAAM,GAAG,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YAClD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC,CAAA;YAC7D,OAAM;QACR,CAAC;aAAM,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YAC/B,aAAa,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,OAAO,CAAC,CAAA;QAC5C,CAAC;IACH,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,cAAc,CAAC,aAAa,EAAE,UAAU,CAAC,CAAA;QAC/C,OAAM;IACR,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAA;IACtD,GAAG,CAAC,SAAS,EAAE,CAAA;AACjB,CAAC;AAED,GAAG,EAAE;KACF,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC;KACD,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;KACd,OAAO,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA"}
|
package/dist/esm/shrink.d.ts
CHANGED
|
@@ -1,6 +1,9 @@
|
|
|
1
|
+
export type ActionAccessLevel = 'read' | 'write' | 'list' | 'tagging' | 'permissions';
|
|
2
|
+
export declare const allActionAccessLevels: ActionAccessLevel[];
|
|
1
3
|
export interface ShrinkOptions {
|
|
2
4
|
iterations: number;
|
|
3
5
|
removeSids: boolean;
|
|
6
|
+
levels: ActionAccessLevel[];
|
|
4
7
|
}
|
|
5
8
|
/**
|
|
6
9
|
* Shrink the list of desired patterns minus the excluded patterns to the smallest list of patterns
|
|
@@ -129,4 +132,11 @@ export declare function findCommonSequences(actions: string[]): {
|
|
|
129
132
|
* @returns the consolidated list of patterns
|
|
130
133
|
*/
|
|
131
134
|
export declare function consolidateWildcardPatterns(patterns: string[]): string[];
|
|
135
|
+
/**
|
|
136
|
+
* Check if all access levels are included in the set
|
|
137
|
+
*
|
|
138
|
+
* @param accessLevels the set of ActionAccessLevel values to check
|
|
139
|
+
* @returns true if all access levels are included
|
|
140
|
+
*/
|
|
141
|
+
export declare function isAllAccessLevels(accessLevels: Set<ActionAccessLevel>): boolean;
|
|
132
142
|
//# sourceMappingURL=shrink.d.ts.map
|
package/dist/esm/shrink.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shrink.d.ts","sourceRoot":"","sources":["../../src/shrink.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"shrink.d.ts","sourceRoot":"","sources":["../../src/shrink.ts"],"names":[],"mappings":"AAKA,MAAM,MAAM,iBAAiB,GAAG,MAAM,GAAG,OAAO,GAAG,MAAM,GAAG,SAAS,GAAG,aAAa,CAAA;AACrF,eAAO,MAAM,qBAAqB,EAAE,iBAAiB,EAMpD,CAAA;AAYD,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,OAAO,CAAA;IACnB,MAAM,EAAE,iBAAiB,EAAE,CAAA;CAC5B;AAQD;;;;;;;;;;;;GAYG;AACH,wBAAsB,MAAM,CAC1B,eAAe,EAAE,MAAM,EAAE,EACzB,aAAa,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,GACrC,OAAO,CAAC,MAAM,EAAE,CAAC,CAkDnB;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAEtD;AAED;;;;;;;;;GASG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,MAAM,EAAE,GAChB,GAAG,CAAC,MAAM,EAAE;IAAE,WAAW,EAAE,MAAM,EAAE,CAAC;IAAC,cAAc,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC,CAWlE;AAED;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAChC,cAAc,EAAE,MAAM,EAAE,EACxB,eAAe,EAAE,MAAM,EAAE,EACzB,UAAU,EAAE,MAAM,GACjB,MAAM,EAAE,CAiCV;AAED;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAC7B,cAAc,EAAE,MAAM,EAAE,EACxB,gBAAgB,EAAE,MAAM,EAAE,EAC1B,IAAI,EAAE,OAAO,GACZ,MAAM,EAAE,CAuBV;AAED;;;;;;;;GAQG;AACH,wBAAgB,YAAY,CAC1B,aAAa,EAAE,MAAM,EACrB,QAAQ,EAAE,MAAM,EAChB,gBAAgB,EAAE,MAAM,EAAE,GACzB,MAAM,CAoER;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,CAEhE;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,CAIrE;AAED;;;;;;GAMG;AACH,wBAAgB,8BAA8B,CAAC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAQjG;AAED;;;;;;;;;GASG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAK5D;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,UAAU,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAc5F;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,MAAM,EAAE,GAChB;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,EAAE,CAc3D;AAED;;;;;;;;;GASG;AACH,wBAAgB,2BAA2B,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAsBxE;AAkED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,YAAY,EAAE,GAAG,CAAC,iBAAiB,CAAC,GAAG,OAAO,CAK/E"}
|
package/dist/esm/shrink.js
CHANGED
|
@@ -1,9 +1,25 @@
|
|
|
1
|
+
import { iamActionDetails } from '@cloud-copilot/iam-data';
|
|
1
2
|
import { expandIamActions } from '@cloud-copilot/iam-expand';
|
|
2
3
|
import { ShrinkValidationError } from './errors.js';
|
|
3
4
|
import { validateShrinkResults } from './validate.js';
|
|
5
|
+
export const allActionAccessLevels = [
|
|
6
|
+
'read',
|
|
7
|
+
'write',
|
|
8
|
+
'list',
|
|
9
|
+
'tagging',
|
|
10
|
+
'permissions'
|
|
11
|
+
];
|
|
12
|
+
const actionLevelMap = {
|
|
13
|
+
Read: 'read',
|
|
14
|
+
Write: 'write',
|
|
15
|
+
List: 'list',
|
|
16
|
+
Tagging: 'tagging',
|
|
17
|
+
'Permissions management': 'permissions'
|
|
18
|
+
};
|
|
4
19
|
const defaultOptions = {
|
|
5
20
|
iterations: 2,
|
|
6
|
-
removeSids: false
|
|
21
|
+
removeSids: false,
|
|
22
|
+
levels: allActionAccessLevels
|
|
7
23
|
};
|
|
8
24
|
/**
|
|
9
25
|
* Shrink the list of desired patterns minus the excluded patterns to the smallest list of patterns
|
|
@@ -20,11 +36,15 @@ const defaultOptions = {
|
|
|
20
36
|
*/
|
|
21
37
|
export async function shrink(desiredPatterns, shrinkOptions) {
|
|
22
38
|
//Check for an all actions wildcard
|
|
39
|
+
const options = { ...defaultOptions, ...shrinkOptions };
|
|
40
|
+
if (options.levels.length === 0) {
|
|
41
|
+
options.levels = allActionAccessLevels;
|
|
42
|
+
}
|
|
43
|
+
const reducibleAccessLevelsSet = new Set(options.levels);
|
|
23
44
|
const wildCard = desiredPatterns.find((pattern) => collapseAsterisks(pattern) === '*');
|
|
24
|
-
if (wildCard) {
|
|
45
|
+
if (wildCard && isAllAccessLevels(reducibleAccessLevelsSet)) {
|
|
25
46
|
return ['*'];
|
|
26
47
|
}
|
|
27
|
-
const options = { ...defaultOptions, ...shrinkOptions };
|
|
28
48
|
const targetActions = await expandIamActions(desiredPatterns);
|
|
29
49
|
const expandedActionsByService = groupActionsByService(targetActions);
|
|
30
50
|
const services = Array.from(expandedActionsByService.keys()).sort();
|
|
@@ -32,9 +52,13 @@ export async function shrink(desiredPatterns, shrinkOptions) {
|
|
|
32
52
|
for (const service of services) {
|
|
33
53
|
const desiredActions = expandedActionsByService.get(service);
|
|
34
54
|
const possibleActions = mapActions(await expandIamActions(`${service}:*`));
|
|
35
|
-
const
|
|
55
|
+
const filteredActions = await filterActionsByAccessLevel(service, desiredActions.withoutService, reducibleAccessLevelsSet);
|
|
56
|
+
const reducedServiceActions = shrinkResolvedList(filteredActions.reducibleActions, possibleActions, options.iterations);
|
|
36
57
|
//Validation
|
|
37
|
-
const reducedServiceActionsWithService =
|
|
58
|
+
const reducedServiceActionsWithService = [
|
|
59
|
+
...reducedServiceActions.map((action) => `${service}:${action}`),
|
|
60
|
+
...filteredActions.unreducibleActions.map((action) => `${service}:${action}`)
|
|
61
|
+
].sort();
|
|
38
62
|
const invalidMatch = await validateShrinkResults(desiredActions.withService, reducedServiceActionsWithService);
|
|
39
63
|
if (invalidMatch) {
|
|
40
64
|
throw new ShrinkValidationError(desiredPatterns, invalidMatch);
|
|
@@ -339,4 +363,54 @@ function matchesPattern(general, specific) {
|
|
|
339
363
|
const regex = new RegExp('^' + general.replace(/\*/g, '.*') + '$');
|
|
340
364
|
return regex.test(specific);
|
|
341
365
|
}
|
|
366
|
+
/**
|
|
367
|
+
* Get the ActionAccessLevel option value for a given ActionDataAccessLevel
|
|
368
|
+
*
|
|
369
|
+
* @param accessLevel the ActionDataAccessLevel to convert
|
|
370
|
+
* @returns the corresponding ActionAccessLevel
|
|
371
|
+
* @throws if the access level is not recognized
|
|
372
|
+
*/
|
|
373
|
+
function optionAccessLevelForDataAccessLevel(accessLevel) {
|
|
374
|
+
const result = actionLevelMap[accessLevel];
|
|
375
|
+
if (result) {
|
|
376
|
+
return result;
|
|
377
|
+
}
|
|
378
|
+
throw new Error(`Unknown access level: ${accessLevel}`);
|
|
379
|
+
}
|
|
380
|
+
/**
|
|
381
|
+
* Filter actions into reducable and unreduceable based on the provided access levels
|
|
382
|
+
*
|
|
383
|
+
* @param service the service the actions belong to
|
|
384
|
+
* @param actions the list of actions to filter
|
|
385
|
+
* @param reducibleAccessLevels the set of ActionAccessLevel values that are considered reducible
|
|
386
|
+
* @returns an object with two arrays: reducibleActions and unreducibleActions
|
|
387
|
+
*/
|
|
388
|
+
async function filterActionsByAccessLevel(service, actions, reducibleAccessLevels) {
|
|
389
|
+
if (isAllAccessLevels(reducibleAccessLevels)) {
|
|
390
|
+
return { reducibleActions: actions, unreducibleActions: [] };
|
|
391
|
+
}
|
|
392
|
+
const reducibleActions = [];
|
|
393
|
+
const unreducibleActions = [];
|
|
394
|
+
for (const action of actions) {
|
|
395
|
+
const details = await iamActionDetails(service, action);
|
|
396
|
+
const accessLevel = optionAccessLevelForDataAccessLevel(details.accessLevel);
|
|
397
|
+
if (reducibleAccessLevels.has(accessLevel)) {
|
|
398
|
+
reducibleActions.push(action);
|
|
399
|
+
}
|
|
400
|
+
else {
|
|
401
|
+
unreducibleActions.push(action);
|
|
402
|
+
}
|
|
403
|
+
}
|
|
404
|
+
return { reducibleActions, unreducibleActions };
|
|
405
|
+
}
|
|
406
|
+
/**
|
|
407
|
+
* Check if all access levels are included in the set
|
|
408
|
+
*
|
|
409
|
+
* @param accessLevels the set of ActionAccessLevel values to check
|
|
410
|
+
* @returns true if all access levels are included
|
|
411
|
+
*/
|
|
412
|
+
export function isAllAccessLevels(accessLevels) {
|
|
413
|
+
return (accessLevels.size >= allActionAccessLevels.length &&
|
|
414
|
+
!allActionAccessLevels.find((level) => !accessLevels.has(level)));
|
|
415
|
+
}
|
|
342
416
|
//# sourceMappingURL=shrink.js.map
|
package/dist/esm/shrink.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shrink.js","sourceRoot":"","sources":["../../src/shrink.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAA;AAC5D,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAA;AACnD,OAAO,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAA;AAOrD,MAAM,cAAc,GAAkB;IACpC,UAAU,EAAE,CAAC;IACb,UAAU,EAAE,KAAK;CAClB,CAAA;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,MAAM,CAC1B,eAAyB,EACzB,aAAsC;IAEtC,mCAAmC;IACnC,MAAM,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,CAAA;IACtF,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,CAAA;IACd,CAAC;IAED,MAAM,OAAO,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,aAAa,EAAE,CAAA;IACvD,MAAM,aAAa,GAAG,MAAM,gBAAgB,CAAC,eAAe,CAAC,CAAA;IAC7D,MAAM,wBAAwB,GAAG,qBAAqB,CAAC,aAAa,CAAC,CAAA;IACrE,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAA;IAEnE,MAAM,cAAc,GAAa,EAAE,CAAA;IACnC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,cAAc,GAAG,wBAAwB,CAAC,GAAG,CAAC,OAAO,CAAE,CAAA;QAC7D,MAAM,eAAe,GAAG,UAAU,CAAC,MAAM,gBAAgB,CAAC,GAAG,OAAO,IAAI,CAAC,CAAC,CAAA;QAC1E,MAAM,qBAAqB,GAAG,kBAAkB,CAC9C,cAAc,CAAC,cAAc,EAC7B,eAAe,EACf,OAAO,CAAC,UAAU,CACnB,CAAA;QAED,YAAY;QACZ,MAAM,gCAAgC,GAAG,qBAAqB,CAAC,GAAG,CAChE,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,OAAO,IAAI,MAAM,EAAE,CACnC,CAAA;QACD,MAAM,YAAY,GAAG,MAAM,qBAAqB,CAC9C,cAAc,CAAC,WAAW,EAC1B,gCAAgC,CACjC,CAAA;QACD,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,IAAI,qBAAqB,CAAC,eAAe,EAAE,YAAY,CAAC,CAAA;QAChE,CAAC;QACD,cAAc,CAAC,IAAI,CAAC,GAAG,gCAAgC,CAAC,CAAA;IAC1D,CAAC;IAED,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CAAC,OAAiB;IAC1C,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;AACtD,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,qBAAqB,CACnC,OAAiB;IAEjB,MAAM,UAAU,GAAG,IAAI,GAAG,EAA+D,CAAA;IACzF,OAAO,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,EAAE;QAC/B,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACjD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC,CAAA;QAClE,CAAC;QACD,UAAU,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QACvD,UAAU,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IACtD,CAAC,CAAC,CAAA;IACF,OAAO,UAAU,CAAA;AACnB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,kBAAkB,CAChC,cAAwB,EACxB,eAAyB,EACzB,UAAkB;IAElB,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,CAAA;IAChD,MAAM,gBAAgB,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAA;IAE1F,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,oEAAoE;QACpE,OAAO,CAAC,GAAG,CAAC,CAAA;IACd,CAAC;IAED,sFAAsF;IACtF,IAAI,wBAAwB,GAAG,cAAc,CAAC,MAAM,CAAA;IACpD,IAAI,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,CAAA;IAEvC,GAAG,CAAC;QACF,wBAAwB,GAAG,UAAU,CAAC,MAAM,CAAA;QAC5C,UAAU,GAAG,eAAe,CAAC,UAAU,EAAE,gBAAgB,EAAE,KAAK,CAAC,CAAA;QACjE,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;QAC3B,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;YACpB,OAAO,UAAU,CAAA;QACnB,CAAC;IACH,CAAC,QAAQ,UAAU,CAAC,MAAM,GAAG,wBAAwB,EAAC;IAEtD,iFAAiF;IACjF,GAAG,CAAC;QACF,wBAAwB,GAAG,UAAU,CAAC,MAAM,CAAA;QAC5C,UAAU,GAAG,eAAe,CAAC,UAAU,EAAE,gBAAgB,EAAE,IAAI,CAAC,CAAA;QAChE,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;QAC3B,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;YACpB,OAAO,UAAU,CAAA;QACnB,CAAC;IACH,CAAC,QAAQ,UAAU,CAAC,MAAM,GAAG,wBAAwB,EAAC;IAEtD,OAAO,UAAU,CAAA;AACnB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,eAAe,CAC7B,cAAwB,EACxB,gBAA0B,EAC1B,IAAa;IAEb,mEAAmE;IACnE,MAAM,eAAe,GAAG,mBAAmB,CAAC,cAAc,CAAC,CAAC,MAAM,CAChE,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,IAAI,GAAG,CACvC,CAAA;IACD,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC5B,OAAO,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAA;IAClC,CAAC,CAAC,CAAA;IAEF,MAAM,kBAAkB,GAAG,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;IAE/E,mDAAmD;IACnD,IAAI,cAAc,GAAG,cAAc,CAAA;IACnC,KAAK,MAAM,QAAQ,IAAI,kBAAkB,EAAE,CAAC;QAC1C,MAAM,gBAAgB,GAAG,KAAK,CAAC,IAAI,CACjC,IAAI,GAAG,CACL,cAAc,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAC1F,CACF,CAAA;QACD,cAAc,GAAG,2BAA2B,CAAC,gBAAgB,CAAC,CAAA;IAChE,CAAC;IAED,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,YAAY,CAC1B,aAAqB,EACrB,QAAgB,EAChB,gBAA0B;IAE1B,MAAM,SAAS,GAAG,oBAAoB,CAAC,aAAa,CAAC,CAAA;IACrD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,aAAa,CAAA;IACtB,CAAC;IACD,MAAM,eAAe,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;IACnD,IAAI,YAAY,GAAG,aAAa,CAAA;IAEhC,IAAI,eAAe,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,6HAA6H;QAC7H,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC1C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;QAED,sBAAsB;IACxB,CAAC;SAAM,IAAI,eAAe,KAAK,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpD,gBAAgB;QAChB,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YAED,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;IACH,CAAC;SAAM,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;QAC/B,mBAAmB;QACnB,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,eAAe,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5D,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,2FAA2F;gBAC3F,SAAS,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAA;gBAC3B,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;QACD,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,eAAe,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC9C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAA;AACrB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,cAAsB;IACtD,OAAO,cAAc,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;AAC5C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CAAC,cAAsB;IAC3D,cAAc,GAAG,iBAAiB,CAAC,cAAc,CAAC,CAAA;IAClD,MAAM,OAAO,GAAG,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,GAAG,CAAA;IAChE,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;AACjC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,8BAA8B,CAAC,cAAsB,EAAE,OAAiB;IACtF,MAAM,KAAK,GAAG,sBAAsB,CAAC,cAAc,CAAC,CAAA;IACpD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACvB,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,oBAAoB,CAAC,KAAa;IAChD,8FAA8F;IAC9F,oDAAoD;IACpD,sEAAsE;IACtE,OAAO,KAAK,CAAC,KAAK,CAAC,+DAA+D,CAAC,CAAA;AACrF,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,eAAe,CAAC,UAAoB,EAAE,OAAiB;IACrE,MAAM,cAAc,GAAG,IAAI,GAAG,EAAkB,CAAA;IAChD,UAAU,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE;QAC/B,IAAI,KAAK,GAAG,CAAC,CAAA;QACb,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;YACzB,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC/B,KAAK,EAAE,CAAA;YACT,CAAC;QACH,CAAC,CAAC,CAAA;QACF,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACd,cAAc,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;QACtC,CAAC;IACH,CAAC,CAAC,CAAA;IACF,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CACjC,OAAiB;IAEjB,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAA;IACvC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;QACzB,oBAAoB,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAA;IACnF,CAAC,CAAC,CAAA;IAEF,MAAM,cAAc,GAAG,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,OAAO,CAAC,CAAA;IAE1E,MAAM,MAAM,GAAU,EAAE,CAAA;IACxB,cAAc,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE;QAC7C,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;IAC/D,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,2BAA2B,CAAC,QAAkB;IAC5D,8CAA8C;IAC9C,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAA;IAE5C,IAAI,oBAAoB,GAAa,EAAE,CAAA;IACvC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,kCAAkC;QAClC,MAAM,wBAAwB,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE,CAC1E,cAAc,CAAC,YAAY,EAAE,OAAO,CAAC,CACtC,CAAA;QACD,IAAI,wBAAwB,EAAE,CAAC;YAC7B,SAAQ;QACV,CAAC;QAED,mDAAmD;QACnD,oBAAoB,GAAG,oBAAoB,CAAC,MAAM,CAChD,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,CAAC,CACzD,CAAA;QAED,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IACpC,CAAC;IACD,OAAO,oBAAoB,CAAA;AAC7B,CAAC;AAED;;;;;GAKG;AACH,SAAS,cAAc,CAAC,OAAe,EAAE,QAAgB;IACvD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,GAAG,CAAC,CAAA;IAClE,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;AAC7B,CAAC"}
|
|
1
|
+
{"version":3,"file":"shrink.js","sourceRoot":"","sources":["../../src/shrink.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAA;AAC5D,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAA;AACnD,OAAO,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAA;AAGrD,MAAM,CAAC,MAAM,qBAAqB,GAAwB;IACxD,MAAM;IACN,OAAO;IACP,MAAM;IACN,SAAS;IACT,aAAa;CACd,CAAA;AAID,MAAM,cAAc,GAAqD;IACvE,IAAI,EAAE,MAAM;IACZ,KAAK,EAAE,OAAO;IACd,IAAI,EAAE,MAAM;IACZ,OAAO,EAAE,SAAS;IAClB,wBAAwB,EAAE,aAAa;CACxC,CAAA;AAQD,MAAM,cAAc,GAAkB;IACpC,UAAU,EAAE,CAAC;IACb,UAAU,EAAE,KAAK;IACjB,MAAM,EAAE,qBAAqB;CAC9B,CAAA;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,MAAM,CAC1B,eAAyB,EACzB,aAAsC;IAEtC,mCAAmC;IACnC,MAAM,OAAO,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,aAAa,EAAE,CAAA;IACvD,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,OAAO,CAAC,MAAM,GAAG,qBAAqB,CAAA;IACxC,CAAC;IACD,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;IAExD,MAAM,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,CAAA;IACtF,IAAI,QAAQ,IAAI,iBAAiB,CAAC,wBAAwB,CAAC,EAAE,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,CAAA;IACd,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,gBAAgB,CAAC,eAAe,CAAC,CAAA;IAC7D,MAAM,wBAAwB,GAAG,qBAAqB,CAAC,aAAa,CAAC,CAAA;IACrE,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAA;IAEnE,MAAM,cAAc,GAAa,EAAE,CAAA;IACnC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,cAAc,GAAG,wBAAwB,CAAC,GAAG,CAAC,OAAO,CAAE,CAAA;QAC7D,MAAM,eAAe,GAAG,UAAU,CAAC,MAAM,gBAAgB,CAAC,GAAG,OAAO,IAAI,CAAC,CAAC,CAAA;QAC1E,MAAM,eAAe,GAAG,MAAM,0BAA0B,CACtD,OAAO,EACP,cAAc,CAAC,cAAc,EAC7B,wBAAwB,CACzB,CAAA;QAED,MAAM,qBAAqB,GAAG,kBAAkB,CAC9C,eAAe,CAAC,gBAAgB,EAChC,eAAe,EACf,OAAO,CAAC,UAAU,CACnB,CAAA;QAED,YAAY;QACZ,MAAM,gCAAgC,GAAG;YACvC,GAAG,qBAAqB,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,OAAO,IAAI,MAAM,EAAE,CAAC;YAChE,GAAG,eAAe,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,OAAO,IAAI,MAAM,EAAE,CAAC;SAC9E,CAAC,IAAI,EAAE,CAAA;QAER,MAAM,YAAY,GAAG,MAAM,qBAAqB,CAC9C,cAAc,CAAC,WAAW,EAC1B,gCAAgC,CACjC,CAAA;QACD,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,IAAI,qBAAqB,CAAC,eAAe,EAAE,YAAY,CAAC,CAAA;QAChE,CAAC;QACD,cAAc,CAAC,IAAI,CAAC,GAAG,gCAAgC,CAAC,CAAA;IAC1D,CAAC;IAED,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CAAC,OAAiB;IAC1C,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;AACtD,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,qBAAqB,CACnC,OAAiB;IAEjB,MAAM,UAAU,GAAG,IAAI,GAAG,EAA+D,CAAA;IACzF,OAAO,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,EAAE;QAC/B,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACjD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC,CAAA;QAClE,CAAC;QACD,UAAU,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QACvD,UAAU,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IACtD,CAAC,CAAC,CAAA;IACF,OAAO,UAAU,CAAA;AACnB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,kBAAkB,CAChC,cAAwB,EACxB,eAAyB,EACzB,UAAkB;IAElB,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,CAAA;IAChD,MAAM,gBAAgB,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAA;IAE1F,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,oEAAoE;QACpE,OAAO,CAAC,GAAG,CAAC,CAAA;IACd,CAAC;IAED,sFAAsF;IACtF,IAAI,wBAAwB,GAAG,cAAc,CAAC,MAAM,CAAA;IACpD,IAAI,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,CAAA;IAEvC,GAAG,CAAC;QACF,wBAAwB,GAAG,UAAU,CAAC,MAAM,CAAA;QAC5C,UAAU,GAAG,eAAe,CAAC,UAAU,EAAE,gBAAgB,EAAE,KAAK,CAAC,CAAA;QACjE,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;QAC3B,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;YACpB,OAAO,UAAU,CAAA;QACnB,CAAC;IACH,CAAC,QAAQ,UAAU,CAAC,MAAM,GAAG,wBAAwB,EAAC;IAEtD,iFAAiF;IACjF,GAAG,CAAC;QACF,wBAAwB,GAAG,UAAU,CAAC,MAAM,CAAA;QAC5C,UAAU,GAAG,eAAe,CAAC,UAAU,EAAE,gBAAgB,EAAE,IAAI,CAAC,CAAA;QAChE,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;QAC3B,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;YACpB,OAAO,UAAU,CAAA;QACnB,CAAC;IACH,CAAC,QAAQ,UAAU,CAAC,MAAM,GAAG,wBAAwB,EAAC;IAEtD,OAAO,UAAU,CAAA;AACnB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,eAAe,CAC7B,cAAwB,EACxB,gBAA0B,EAC1B,IAAa;IAEb,mEAAmE;IACnE,MAAM,eAAe,GAAG,mBAAmB,CAAC,cAAc,CAAC,CAAC,MAAM,CAChE,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,IAAI,GAAG,CACvC,CAAA;IACD,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC5B,OAAO,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAA;IAClC,CAAC,CAAC,CAAA;IAEF,MAAM,kBAAkB,GAAG,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;IAE/E,mDAAmD;IACnD,IAAI,cAAc,GAAG,cAAc,CAAA;IACnC,KAAK,MAAM,QAAQ,IAAI,kBAAkB,EAAE,CAAC;QAC1C,MAAM,gBAAgB,GAAG,KAAK,CAAC,IAAI,CACjC,IAAI,GAAG,CACL,cAAc,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAC1F,CACF,CAAA;QACD,cAAc,GAAG,2BAA2B,CAAC,gBAAgB,CAAC,CAAA;IAChE,CAAC;IAED,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,YAAY,CAC1B,aAAqB,EACrB,QAAgB,EAChB,gBAA0B;IAE1B,MAAM,SAAS,GAAG,oBAAoB,CAAC,aAAa,CAAC,CAAA;IACrD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,aAAa,CAAA;IACtB,CAAC;IACD,MAAM,eAAe,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;IACnD,IAAI,YAAY,GAAG,aAAa,CAAA;IAEhC,IAAI,eAAe,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,6HAA6H;QAC7H,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC1C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;QAED,sBAAsB;IACxB,CAAC;SAAM,IAAI,eAAe,KAAK,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpD,gBAAgB;QAChB,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YAED,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;IACH,CAAC;SAAM,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;QAC/B,mBAAmB;QACnB,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,CAAA;QACnC,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,eAAe,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5D,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,2FAA2F;gBAC3F,SAAS,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAA;gBAC3B,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;QACD,8FAA8F;QAC9F,KAAK,IAAI,CAAC,GAAG,eAAe,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC9C,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;YAClB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACxD,MAAM,YAAY,GAAG,8BAA8B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;YACjF,IAAI,YAAY,EAAE,CAAC;gBACjB,uCAAuC;gBACvC,MAAK;YACP,CAAC;YACD,YAAY,GAAG,UAAU,CAAA;QAC3B,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAA;AACrB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,cAAsB;IACtD,OAAO,cAAc,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;AAC5C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CAAC,cAAsB;IAC3D,cAAc,GAAG,iBAAiB,CAAC,cAAc,CAAC,CAAA;IAClD,MAAM,OAAO,GAAG,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,GAAG,CAAA;IAChE,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;AACjC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,8BAA8B,CAAC,cAAsB,EAAE,OAAiB;IACtF,MAAM,KAAK,GAAG,sBAAsB,CAAC,cAAc,CAAC,CAAA;IACpD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACvB,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,oBAAoB,CAAC,KAAa;IAChD,8FAA8F;IAC9F,oDAAoD;IACpD,sEAAsE;IACtE,OAAO,KAAK,CAAC,KAAK,CAAC,+DAA+D,CAAC,CAAA;AACrF,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,eAAe,CAAC,UAAoB,EAAE,OAAiB;IACrE,MAAM,cAAc,GAAG,IAAI,GAAG,EAAkB,CAAA;IAChD,UAAU,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE;QAC/B,IAAI,KAAK,GAAG,CAAC,CAAA;QACb,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;YACzB,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC/B,KAAK,EAAE,CAAA;YACT,CAAC;QACH,CAAC,CAAC,CAAA;QACF,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACd,cAAc,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;QACtC,CAAC;IACH,CAAC,CAAC,CAAA;IACF,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CACjC,OAAiB;IAEjB,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAA;IACvC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;QACzB,oBAAoB,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAA;IACnF,CAAC,CAAC,CAAA;IAEF,MAAM,cAAc,GAAG,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,OAAO,CAAC,CAAA;IAE1E,MAAM,MAAM,GAAU,EAAE,CAAA;IACxB,cAAc,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE;QAC7C,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;IAC/D,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,2BAA2B,CAAC,QAAkB;IAC5D,8CAA8C;IAC9C,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAA;IAE5C,IAAI,oBAAoB,GAAa,EAAE,CAAA;IACvC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,kCAAkC;QAClC,MAAM,wBAAwB,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE,CAC1E,cAAc,CAAC,YAAY,EAAE,OAAO,CAAC,CACtC,CAAA;QACD,IAAI,wBAAwB,EAAE,CAAC;YAC7B,SAAQ;QACV,CAAC;QAED,mDAAmD;QACnD,oBAAoB,GAAG,oBAAoB,CAAC,MAAM,CAChD,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,CAAC,CACzD,CAAA;QAED,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IACpC,CAAC;IACD,OAAO,oBAAoB,CAAA;AAC7B,CAAC;AAED;;;;;GAKG;AACH,SAAS,cAAc,CAAC,OAAe,EAAE,QAAgB;IACvD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,GAAG,CAAC,CAAA;IAClE,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;AAC7B,CAAC;AAED;;;;;;GAMG;AACH,SAAS,mCAAmC,CAC1C,WAAkC;IAElC,MAAM,MAAM,GAAG,cAAc,CAAC,WAAW,CAAC,CAAA;IAC1C,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,MAAM,CAAA;IACf,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,yBAAyB,WAAW,EAAE,CAAC,CAAA;AACzD,CAAC;AAED;;;;;;;GAOG;AAEH,KAAK,UAAU,0BAA0B,CACvC,OAAe,EACf,OAAiB,EACjB,qBAA6C;IAE7C,IAAI,iBAAiB,CAAC,qBAAqB,CAAC,EAAE,CAAC;QAC7C,OAAO,EAAE,gBAAgB,EAAE,OAAO,EAAE,kBAAkB,EAAE,EAAE,EAAE,CAAA;IAC9D,CAAC;IAED,MAAM,gBAAgB,GAAa,EAAE,CAAA;IACrC,MAAM,kBAAkB,GAAa,EAAE,CAAA;IAEvC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QACvD,MAAM,WAAW,GAAG,mCAAmC,CACrD,OAAO,CAAC,WAAoC,CAC7C,CAAA;QACD,IAAI,qBAAqB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;YAC3C,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAC/B,CAAC;aAAM,CAAC;YACN,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QACjC,CAAC;IACH,CAAC;IAED,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,CAAA;AACjD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,YAAoC;IACpE,OAAO,CACL,YAAY,CAAC,IAAI,IAAI,qBAAqB,CAAC,MAAM;QACjD,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CACjE,CAAA;AACH,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cloud-copilot/iam-shrink",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.10",
|
|
4
4
|
"description": "Shrink IAM Policies",
|
|
5
5
|
"scripts": {
|
|
6
6
|
"build": "npx tsc -p tsconfig.cjs.json && npx tsc -p tsconfig.esm.json && ./postbuild.sh",
|
|
@@ -52,7 +52,7 @@
|
|
|
52
52
|
},
|
|
53
53
|
"peerDependencies": {
|
|
54
54
|
"@cloud-copilot/iam-data": ">=0.7.0 <1.0.0",
|
|
55
|
-
"@cloud-copilot/iam-expand": ">=0.6
|
|
55
|
+
"@cloud-copilot/iam-expand": ">=0.11.6 <1.0.0"
|
|
56
56
|
},
|
|
57
57
|
"prettier": "@cloud-copilot/prettier-config",
|
|
58
58
|
"release": {
|
package/src/cli.ts
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
import { parseCliArguments } from '@cloud-copilot/cli'
|
|
4
4
|
import { iamDataUpdatedAt, iamDataVersion } from '@cloud-copilot/iam-data'
|
|
5
5
|
import { convertNumberOfIterations, parseStdIn } from './cli_utils.js'
|
|
6
|
-
import { shrink, ShrinkOptions } from './shrink.js'
|
|
6
|
+
import { allActionAccessLevels, shrink, ShrinkOptions } from './shrink.js'
|
|
7
7
|
|
|
8
8
|
const dataPackage = '@cloud-copilot/iam-data'
|
|
9
9
|
|
|
@@ -40,6 +40,12 @@ async function run() {
|
|
|
40
40
|
'How many iterations of shrinking should be executed, defaults to 2; zero or less means no limit',
|
|
41
41
|
values: 'single'
|
|
42
42
|
},
|
|
43
|
+
levels: {
|
|
44
|
+
type: 'enum',
|
|
45
|
+
description: 'The access levels to reduce in the policy, defaults to all levels',
|
|
46
|
+
values: 'multiple',
|
|
47
|
+
validValues: allActionAccessLevels
|
|
48
|
+
},
|
|
43
49
|
readWaitMs: {
|
|
44
50
|
description: 'Milliseconds to wait for the first byte from stdin before timing out',
|
|
45
51
|
values: 'single',
|
package/src/shrink.test.ts
CHANGED
|
@@ -1,11 +1,14 @@
|
|
|
1
|
+
import { iamActionDetails } from '@cloud-copilot/iam-data'
|
|
1
2
|
import { expandIamActions } from '@cloud-copilot/iam-expand'
|
|
2
3
|
import { beforeEach } from 'node:test'
|
|
3
4
|
import { describe, expect, it, vi } from 'vitest'
|
|
4
5
|
import {
|
|
6
|
+
ActionAccessLevel,
|
|
5
7
|
consolidateWildcardPatterns,
|
|
6
8
|
countSubstrings,
|
|
7
9
|
findCommonSequences,
|
|
8
10
|
groupActionsByService,
|
|
11
|
+
isAllAccessLevels,
|
|
9
12
|
mapActions,
|
|
10
13
|
reduceAction,
|
|
11
14
|
regexForWildcardAction,
|
|
@@ -18,10 +21,12 @@ import {
|
|
|
18
21
|
import { validateShrinkResults } from './validate.js'
|
|
19
22
|
|
|
20
23
|
vi.mock('@cloud-copilot/iam-expand')
|
|
24
|
+
vi.mock('@cloud-copilot/iam-data')
|
|
21
25
|
vi.mock('./validate.js')
|
|
22
26
|
|
|
23
27
|
const mockExpandIamActions = vi.mocked(expandIamActions)
|
|
24
28
|
const mockValidateShrinkResults = vi.mocked(validateShrinkResults)
|
|
29
|
+
const mockIamActionDetails = vi.mocked(iamActionDetails)
|
|
25
30
|
|
|
26
31
|
beforeEach(() => {
|
|
27
32
|
vi.resetAllMocks()
|
|
@@ -542,10 +547,10 @@ describe('shrink.ts', () => {
|
|
|
542
547
|
})
|
|
543
548
|
|
|
544
549
|
//When shrink is called
|
|
545
|
-
const result = await shrink(actions, {})
|
|
550
|
+
const result = await shrink(actions, { levels: [] })
|
|
546
551
|
|
|
547
552
|
//Then we should get the reduced actions
|
|
548
|
-
expect(result).toEqual(['s3:Get*VersionAcl', 's3:*Tagging'])
|
|
553
|
+
expect(result).toEqual(['s3:Get*VersionAcl', 's3:*Tagging'].sort())
|
|
549
554
|
})
|
|
550
555
|
|
|
551
556
|
it('should throw an error if the shrink does not validate', async () => {
|
|
@@ -569,7 +574,7 @@ describe('shrink.ts', () => {
|
|
|
569
574
|
)
|
|
570
575
|
})
|
|
571
576
|
|
|
572
|
-
it('should return an all actions wildcard if one is provided', async () => {
|
|
577
|
+
it('should return an all actions wildcard if one is provided and all accessLevels are reducible', async () => {
|
|
573
578
|
//Given a list of actions that includes a global wildcard
|
|
574
579
|
const actions = ['*', 's3:GetObjectTagging', 's3:PutObjectTagging']
|
|
575
580
|
|
|
@@ -580,6 +585,24 @@ describe('shrink.ts', () => {
|
|
|
580
585
|
expect(result).toEqual(['*'])
|
|
581
586
|
})
|
|
582
587
|
|
|
588
|
+
it('should not return an all actions wildcard if one is provided and all accessLevels are reducible', async () => {
|
|
589
|
+
//Given a list of actions that includes a global wildcard
|
|
590
|
+
const actions = ['*', 's3:GetObjectTagging', 's3:PutObjectTagging']
|
|
591
|
+
|
|
592
|
+
mockIamActionDetails.mockImplementation(async (service: string, action: string) => {
|
|
593
|
+
if (action.startsWith('Get')) {
|
|
594
|
+
return { accessLevel: 'Read' }
|
|
595
|
+
}
|
|
596
|
+
return { accessLevel: 'Permissions management' } as any
|
|
597
|
+
})
|
|
598
|
+
|
|
599
|
+
//When shrink is called
|
|
600
|
+
const result = await shrink(actions, { levels: ['read'] })
|
|
601
|
+
|
|
602
|
+
//Then we should get back the single wildcard
|
|
603
|
+
expect(result.length > 1).toBe(true)
|
|
604
|
+
})
|
|
605
|
+
|
|
583
606
|
it('should return an all actions wildcard if a string of multiple asterisks is included', async () => {
|
|
584
607
|
//Given a list of actions that includes a global wildcard
|
|
585
608
|
const actions = ['***', 's3:GetObjectTagging', 's3:PutObjectTagging']
|
|
@@ -590,5 +613,116 @@ describe('shrink.ts', () => {
|
|
|
590
613
|
//Then we should get back the single wildcard
|
|
591
614
|
expect(result).toEqual(['*'])
|
|
592
615
|
})
|
|
616
|
+
|
|
617
|
+
it('should only reduce actions for the specified access types', async () => {
|
|
618
|
+
//Given a list of actions
|
|
619
|
+
const actions = [
|
|
620
|
+
's3:GetObjectTagging',
|
|
621
|
+
's3:GetObject',
|
|
622
|
+
's3:GetObjectVersionAcl',
|
|
623
|
+
's3:GetObjectVersions',
|
|
624
|
+
's3:PutObjectTagging',
|
|
625
|
+
's3:PutObject',
|
|
626
|
+
's3:PutObjectVersionAcl',
|
|
627
|
+
's3:PutObjectVersions',
|
|
628
|
+
's3:GetBucketTagging',
|
|
629
|
+
's3:GetObjectVersionAcl',
|
|
630
|
+
's3:ListAllMyBuckets',
|
|
631
|
+
's3:ListBucket',
|
|
632
|
+
's3:ListBucketVersions'
|
|
633
|
+
]
|
|
634
|
+
|
|
635
|
+
mockIamActionDetails.mockImplementation(async (service: string, action: string) => {
|
|
636
|
+
if (action.startsWith('Get')) {
|
|
637
|
+
return { accessLevel: 'Read' }
|
|
638
|
+
}
|
|
639
|
+
if (action.startsWith('Put')) {
|
|
640
|
+
return { accessLevel: 'Write' }
|
|
641
|
+
}
|
|
642
|
+
if (action.startsWith('List')) {
|
|
643
|
+
return { accessLevel: 'List' }
|
|
644
|
+
}
|
|
645
|
+
return { accessLevel: 'other' } as any
|
|
646
|
+
})
|
|
647
|
+
|
|
648
|
+
//This makes everything in the list above valid
|
|
649
|
+
mockExpandIamActions.mockImplementation(async (actions: string | string[]) => {
|
|
650
|
+
return [actions].flat()
|
|
651
|
+
})
|
|
652
|
+
|
|
653
|
+
//When shrink is called with only Read access types
|
|
654
|
+
const result = await shrink(actions, { levels: ['list', 'read'] })
|
|
655
|
+
|
|
656
|
+
//Then we should get the reduced actions for Read and List access types
|
|
657
|
+
expect(result).toEqual(
|
|
658
|
+
[
|
|
659
|
+
's3:Get*',
|
|
660
|
+
's3:List*',
|
|
661
|
+
's3:PutObject',
|
|
662
|
+
's3:PutObjectTagging',
|
|
663
|
+
's3:PutObjectVersionAcl',
|
|
664
|
+
's3:PutObjectVersions'
|
|
665
|
+
].sort()
|
|
666
|
+
)
|
|
667
|
+
})
|
|
668
|
+
})
|
|
669
|
+
|
|
670
|
+
describe('isAllAccessLevels', () => {
|
|
671
|
+
it('should return true if all access levels are reducible', async () => {
|
|
672
|
+
//Given a list of all access levels
|
|
673
|
+
const levels = new Set<ActionAccessLevel>(['read', 'write', 'list', 'permissions', 'tagging'])
|
|
674
|
+
|
|
675
|
+
//When we check if all access levels are reducible
|
|
676
|
+
const result = isAllAccessLevels(levels)
|
|
677
|
+
|
|
678
|
+
//Then we should get true
|
|
679
|
+
expect(result).toBe(true)
|
|
680
|
+
})
|
|
681
|
+
|
|
682
|
+
it('should return false if one is missing', async () => {
|
|
683
|
+
//Given a list of all access levels
|
|
684
|
+
const levels = new Set<ActionAccessLevel>(['read', 'write', 'list', 'permissions'])
|
|
685
|
+
|
|
686
|
+
//When we check if all access levels are reducible
|
|
687
|
+
const result = isAllAccessLevels(levels)
|
|
688
|
+
|
|
689
|
+
//Then we should get true
|
|
690
|
+
expect(result).toBe(false)
|
|
691
|
+
})
|
|
692
|
+
|
|
693
|
+
it('should return false if one is missing but a fake one is added', async () => {
|
|
694
|
+
//Given a list of all access levels
|
|
695
|
+
const levels = new Set<ActionAccessLevel>([
|
|
696
|
+
'read',
|
|
697
|
+
'write',
|
|
698
|
+
'list',
|
|
699
|
+
'permissions',
|
|
700
|
+
'fake'
|
|
701
|
+
] as any)
|
|
702
|
+
|
|
703
|
+
//When we check if all access levels are reducible
|
|
704
|
+
const result = isAllAccessLevels(levels)
|
|
705
|
+
|
|
706
|
+
//Then we should get true
|
|
707
|
+
expect(result).toBe(false)
|
|
708
|
+
})
|
|
709
|
+
|
|
710
|
+
it('should return true all are present but there is an extra value', async () => {
|
|
711
|
+
//Given a list of all access levels
|
|
712
|
+
const levels = new Set<ActionAccessLevel>([
|
|
713
|
+
'read',
|
|
714
|
+
'write',
|
|
715
|
+
'list',
|
|
716
|
+
'permissions',
|
|
717
|
+
'tagging',
|
|
718
|
+
'fake'
|
|
719
|
+
] as any)
|
|
720
|
+
|
|
721
|
+
//When we check if all access levels are reducible
|
|
722
|
+
const result = isAllAccessLevels(levels)
|
|
723
|
+
|
|
724
|
+
//Then we should get true
|
|
725
|
+
expect(result).toBe(true)
|
|
726
|
+
})
|
|
593
727
|
})
|
|
594
728
|
})
|
package/src/shrink.ts
CHANGED
|
@@ -1,15 +1,37 @@
|
|
|
1
|
+
import { iamActionDetails } from '@cloud-copilot/iam-data'
|
|
1
2
|
import { expandIamActions } from '@cloud-copilot/iam-expand'
|
|
2
3
|
import { ShrinkValidationError } from './errors.js'
|
|
3
4
|
import { validateShrinkResults } from './validate.js'
|
|
4
5
|
|
|
6
|
+
export type ActionAccessLevel = 'read' | 'write' | 'list' | 'tagging' | 'permissions'
|
|
7
|
+
export const allActionAccessLevels: ActionAccessLevel[] = [
|
|
8
|
+
'read',
|
|
9
|
+
'write',
|
|
10
|
+
'list',
|
|
11
|
+
'tagging',
|
|
12
|
+
'permissions'
|
|
13
|
+
]
|
|
14
|
+
|
|
15
|
+
type ActionDataAccessLevel = 'Read' | 'Write' | 'List' | 'Tagging' | 'Permissions management'
|
|
16
|
+
|
|
17
|
+
const actionLevelMap: Record<ActionDataAccessLevel, ActionAccessLevel> = {
|
|
18
|
+
Read: 'read',
|
|
19
|
+
Write: 'write',
|
|
20
|
+
List: 'list',
|
|
21
|
+
Tagging: 'tagging',
|
|
22
|
+
'Permissions management': 'permissions'
|
|
23
|
+
}
|
|
24
|
+
|
|
5
25
|
export interface ShrinkOptions {
|
|
6
26
|
iterations: number
|
|
7
27
|
removeSids: boolean
|
|
28
|
+
levels: ActionAccessLevel[]
|
|
8
29
|
}
|
|
9
30
|
|
|
10
31
|
const defaultOptions: ShrinkOptions = {
|
|
11
32
|
iterations: 2,
|
|
12
|
-
removeSids: false
|
|
33
|
+
removeSids: false,
|
|
34
|
+
levels: allActionAccessLevels
|
|
13
35
|
}
|
|
14
36
|
|
|
15
37
|
/**
|
|
@@ -30,12 +52,17 @@ export async function shrink(
|
|
|
30
52
|
shrinkOptions?: Partial<ShrinkOptions>
|
|
31
53
|
): Promise<string[]> {
|
|
32
54
|
//Check for an all actions wildcard
|
|
55
|
+
const options = { ...defaultOptions, ...shrinkOptions }
|
|
56
|
+
if (options.levels.length === 0) {
|
|
57
|
+
options.levels = allActionAccessLevels
|
|
58
|
+
}
|
|
59
|
+
const reducibleAccessLevelsSet = new Set(options.levels)
|
|
60
|
+
|
|
33
61
|
const wildCard = desiredPatterns.find((pattern) => collapseAsterisks(pattern) === '*')
|
|
34
|
-
if (wildCard) {
|
|
62
|
+
if (wildCard && isAllAccessLevels(reducibleAccessLevelsSet)) {
|
|
35
63
|
return ['*']
|
|
36
64
|
}
|
|
37
65
|
|
|
38
|
-
const options = { ...defaultOptions, ...shrinkOptions }
|
|
39
66
|
const targetActions = await expandIamActions(desiredPatterns)
|
|
40
67
|
const expandedActionsByService = groupActionsByService(targetActions)
|
|
41
68
|
const services = Array.from(expandedActionsByService.keys()).sort()
|
|
@@ -44,16 +71,24 @@ export async function shrink(
|
|
|
44
71
|
for (const service of services) {
|
|
45
72
|
const desiredActions = expandedActionsByService.get(service)!
|
|
46
73
|
const possibleActions = mapActions(await expandIamActions(`${service}:*`))
|
|
47
|
-
const
|
|
74
|
+
const filteredActions = await filterActionsByAccessLevel(
|
|
75
|
+
service,
|
|
48
76
|
desiredActions.withoutService,
|
|
77
|
+
reducibleAccessLevelsSet
|
|
78
|
+
)
|
|
79
|
+
|
|
80
|
+
const reducedServiceActions = shrinkResolvedList(
|
|
81
|
+
filteredActions.reducibleActions,
|
|
49
82
|
possibleActions,
|
|
50
83
|
options.iterations
|
|
51
84
|
)
|
|
52
85
|
|
|
53
86
|
//Validation
|
|
54
|
-
const reducedServiceActionsWithService =
|
|
55
|
-
(action) => `${service}:${action}`
|
|
56
|
-
|
|
87
|
+
const reducedServiceActionsWithService = [
|
|
88
|
+
...reducedServiceActions.map((action) => `${service}:${action}`),
|
|
89
|
+
...filteredActions.unreducibleActions.map((action) => `${service}:${action}`)
|
|
90
|
+
].sort()
|
|
91
|
+
|
|
57
92
|
const invalidMatch = await validateShrinkResults(
|
|
58
93
|
desiredActions.withService,
|
|
59
94
|
reducedServiceActionsWithService
|
|
@@ -417,3 +452,69 @@ function matchesPattern(general: string, specific: string): boolean {
|
|
|
417
452
|
const regex = new RegExp('^' + general.replace(/\*/g, '.*') + '$')
|
|
418
453
|
return regex.test(specific)
|
|
419
454
|
}
|
|
455
|
+
|
|
456
|
+
/**
|
|
457
|
+
* Get the ActionAccessLevel option value for a given ActionDataAccessLevel
|
|
458
|
+
*
|
|
459
|
+
* @param accessLevel the ActionDataAccessLevel to convert
|
|
460
|
+
* @returns the corresponding ActionAccessLevel
|
|
461
|
+
* @throws if the access level is not recognized
|
|
462
|
+
*/
|
|
463
|
+
function optionAccessLevelForDataAccessLevel(
|
|
464
|
+
accessLevel: ActionDataAccessLevel
|
|
465
|
+
): ActionAccessLevel {
|
|
466
|
+
const result = actionLevelMap[accessLevel]
|
|
467
|
+
if (result) {
|
|
468
|
+
return result
|
|
469
|
+
}
|
|
470
|
+
throw new Error(`Unknown access level: ${accessLevel}`)
|
|
471
|
+
}
|
|
472
|
+
|
|
473
|
+
/**
|
|
474
|
+
* Filter actions into reducable and unreduceable based on the provided access levels
|
|
475
|
+
*
|
|
476
|
+
* @param service the service the actions belong to
|
|
477
|
+
* @param actions the list of actions to filter
|
|
478
|
+
* @param reducibleAccessLevels the set of ActionAccessLevel values that are considered reducible
|
|
479
|
+
* @returns an object with two arrays: reducibleActions and unreducibleActions
|
|
480
|
+
*/
|
|
481
|
+
|
|
482
|
+
async function filterActionsByAccessLevel(
|
|
483
|
+
service: string,
|
|
484
|
+
actions: string[],
|
|
485
|
+
reducibleAccessLevels: Set<ActionAccessLevel>
|
|
486
|
+
): Promise<{ reducibleActions: string[]; unreducibleActions: string[] }> {
|
|
487
|
+
if (isAllAccessLevels(reducibleAccessLevels)) {
|
|
488
|
+
return { reducibleActions: actions, unreducibleActions: [] }
|
|
489
|
+
}
|
|
490
|
+
|
|
491
|
+
const reducibleActions: string[] = []
|
|
492
|
+
const unreducibleActions: string[] = []
|
|
493
|
+
|
|
494
|
+
for (const action of actions) {
|
|
495
|
+
const details = await iamActionDetails(service, action)
|
|
496
|
+
const accessLevel = optionAccessLevelForDataAccessLevel(
|
|
497
|
+
details.accessLevel as ActionDataAccessLevel
|
|
498
|
+
)
|
|
499
|
+
if (reducibleAccessLevels.has(accessLevel)) {
|
|
500
|
+
reducibleActions.push(action)
|
|
501
|
+
} else {
|
|
502
|
+
unreducibleActions.push(action)
|
|
503
|
+
}
|
|
504
|
+
}
|
|
505
|
+
|
|
506
|
+
return { reducibleActions, unreducibleActions }
|
|
507
|
+
}
|
|
508
|
+
|
|
509
|
+
/**
|
|
510
|
+
* Check if all access levels are included in the set
|
|
511
|
+
*
|
|
512
|
+
* @param accessLevels the set of ActionAccessLevel values to check
|
|
513
|
+
* @returns true if all access levels are included
|
|
514
|
+
*/
|
|
515
|
+
export function isAllAccessLevels(accessLevels: Set<ActionAccessLevel>): boolean {
|
|
516
|
+
return (
|
|
517
|
+
accessLevels.size >= allActionAccessLevels.length &&
|
|
518
|
+
!allActionAccessLevels.find((level) => !accessLevels.has(level))
|
|
519
|
+
)
|
|
520
|
+
}
|