@cloud-copilot/iam-simulate 0.1.0 → 0.1.2

package/dist/cjs/condition/baseConditionperatorTests.js

@@ -9,7 +9,7 @@ function testOperator(name, tests, operator) {
         for (const test of tests) {
             it(test.name, () => {
                 //Given the request
-                const request = new request_js_1.AwsRequestImpl('', '', '', new requestContext_js_1.RequestContextImpl(test.requestContext || {}));
+                const request = new request_js_1.AwsRequestImpl('', { resource: '', accountId: '' }, '', new requestContext_js_1.RequestContextImpl(test.requestContext || {}));
                 //When the condition is evaluated
                 const result = operator.matches(request, test.testValue, test.policyValues);
                 //Then the result should be as expected

package/dist/cjs/condition/baseConditionperatorTests.js.map

@@ -1 +1 @@
-{"version":3,"file":"baseConditionperatorTests.js","sourceRoot":"","sources":["../../../src/condition/baseConditionperatorTests.ts"],"names":[],"mappings":";;AAaA,oCAcC;AA3BD,mCAAyC;AACzC,sDAAsD;AACtD,4DAAyD;AAWzD,SAAgB,YAAY,CAAC,IAAY,EAAE,KAAyB,EAAE,QAA+B;IACnG,IAAA,iBAAQ,EAAC,IAAI,EAAE,EAAE,CAAC,EAAE;QAClB,KAAI,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACxB,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE;gBACjB,mBAAmB;gBACnB,MAAM,OAAO,GAAG,IAAI,2BAAc,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,IAAI,sCAAkB,CAAC,IAAI,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,CAAA;gBACjG,iCAAiC;gBACjC,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC,CAAA;gBAE3E,uCAAuC;gBACvC,IAAA,eAAM,EAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;YACpC,CAAC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC"}
+{"version":3,"file":"baseConditionperatorTests.js","sourceRoot":"","sources":["../../../src/condition/baseConditionperatorTests.ts"],"names":[],"mappings":";;AAaA,oCAcC;AA3BD,mCAAyC;AACzC,sDAAsD;AACtD,4DAAyD;AAWzD,SAAgB,YAAY,CAAC,IAAY,EAAE,KAAyB,EAAE,QAA+B;IACnG,IAAA,iBAAQ,EAAC,IAAI,EAAE,EAAE,CAAC,EAAE;QAClB,KAAI,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACxB,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE;gBACjB,mBAAmB;gBACnB,MAAM,OAAO,GAAG,IAAI,2BAAc,CAAC,EAAE,EAAE,EAAC,QAAQ,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAC,EAAE,EAAE,EAAE,IAAI,sCAAkB,CAAC,IAAI,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,CAAA;gBAC5H,iCAAiC;gBACjC,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC,CAAA;gBAE3E,uCAAuC;gBACvC,IAAA,eAAM,EAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;YACpC,CAAC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC"}

package/dist/cjs/core_engine/coreSimulatorEngine.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"coreSimulatorEngine.d.ts","sourceRoot":"","sources":["../../../src/core_engine/coreSimulatorEngine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAC;AAGnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAGnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;OAEG;IACH,OAAO,EAAE,UAAU,CAAC;IAEpB;;OAEG;IACH,gBAAgB,EAAE,MAAM,EAAE,CAAA;CAC3B;AAID;;;;;;;GAOG;AACH,wBAAgB,SAAS,CAAC,OAAO,EAAE,oBAAoB,GAAG,gBAAgB,CAOzE;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,oBAAoB,GAAG,iBAAiB,CAGrF;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,gBAAgB,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,UAAU,GAAG,iBAAiB,EAAE,CAgB5G"}
+{"version":3,"file":"coreSimulatorEngine.d.ts","sourceRoot":"","sources":["../../../src/core_engine/coreSimulatorEngine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAC;AAGnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAGnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;OAEG;IACH,OAAO,EAAE,UAAU,CAAC;IAEpB;;OAEG;IACH,gBAAgB,EAAE,MAAM,EAAE,CAAA;CAC3B;AAID;;;;;;;GAOG;AACH,wBAAgB,SAAS,CAAC,OAAO,EAAE,oBAAoB,GAAG,gBAAgB,CAOzE;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,oBAAoB,GAAG,iBAAiB,CAMrF;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,gBAAgB,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,UAAU,GAAG,iBAAiB,EAAE,CAe5G"}

package/dist/cjs/core_engine/coreSimulatorEngine.js

@@ -33,7 +33,10 @@ function authorize(request) {
  */
 function getServiceAuthorizer(request) {
     const serviceName = request.request.action.service().toLowerCase();
-    return new serviceEngines[serviceName] || new DefaultServiceAuthorizer_js_1.DefaultServiceAuthorizer;
+    if (serviceEngines[serviceName]) {
+        return new serviceEngines[serviceName]();
+    }
+    return new DefaultServiceAuthorizer_js_1.DefaultServiceAuthorizer;
 }
 /**
  * Analyzes a set of identity policies

package/dist/cjs/core_engine/coreSimulatorEngine.js.map

@@ -1 +1 @@
-{"version":3,"file":"coreSimulatorEngine.js","sourceRoot":"","sources":["../../../src/core_engine/coreSimulatorEngine.ts"],"names":[],"mappings":";;AAmCA,8BAOC;AASD,oDAGC;AASD,0DAgBC;AA9ED,mDAAqE;AACrE,4DAAqE;AAGrE,yDAA2E;AAC3E,yFAAmF;AAmBnF,MAAM,cAAc,GAAgD,EAAE,CAAC;AAEvE;;;;;;;GAOG;AACH,SAAgB,SAAS,CAAC,OAA6B;IACrD,MAAM,gBAAgB,GAAG,uBAAuB,CAAC,OAAO,CAAC,gBAAgB,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5F,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IACxD,OAAO,iBAAiB,CAAC,SAAS,CAAC;QACjC,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,kBAAkB,EAAE,gBAAgB;KACrC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,oBAAoB,CAAC,OAA6B;IAChE,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,WAAW,EAAE,CAAC;IACnE,OAAO,IAAI,cAAc,CAAC,WAAW,CAAC,IAAI,IAAI,sDAAwB,CAAC;AACzE,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,uBAAuB,CAAC,gBAA0B,EAAE,OAAmB;IACrF,MAAM,QAAQ,GAAwB,EAAE,CAAC;IACzC,KAAI,MAAM,MAAM,IAAI,gBAAgB,EAAE,CAAC;QACrC,KAAI,MAAM,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;YAE3C,QAAQ,CAAC,IAAI,CAAC;gBACZ,SAAS;gBACT,aAAa,EAAE,IAAA,8CAAgC,EAAC,OAAO,EAAE,SAAS,CAAC;gBACnE,WAAW,EAAE,IAAA,0CAA8B,EAAC,OAAO,EAAE,SAAS,CAAC;gBAC/D,cAAc,EAAE,IAAA,uCAAwB,EAAC,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC;gBACzE,cAAc,EAAE,OAAO;aACxB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
+{"version":3,"file":"coreSimulatorEngine.js","sourceRoot":"","sources":["../../../src/core_engine/coreSimulatorEngine.ts"],"names":[],"mappings":";;AAmCA,8BAOC;AASD,oDAMC;AASD,0DAeC;AAhFD,mDAAqE;AACrE,4DAAqE;AAGrE,yDAA2E;AAC3E,yFAAmF;AAmBnF,MAAM,cAAc,GAAgD,EAAE,CAAC;AAEvE;;;;;;;GAOG;AACH,SAAgB,SAAS,CAAC,OAA6B;IACrD,MAAM,gBAAgB,GAAG,uBAAuB,CAAC,OAAO,CAAC,gBAAgB,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5F,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IACxD,OAAO,iBAAiB,CAAC,SAAS,CAAC;QACjC,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,kBAAkB,EAAE,gBAAgB;KACrC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,oBAAoB,CAAC,OAA6B;IAChE,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,WAAW,EAAE,CAAC;IACnE,IAAG,cAAc,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/B,OAAO,IAAI,cAAc,CAAC,WAAW,CAAC,EAAE,CAAC;IAC3C,CAAC;IACD,OAAO,IAAI,sDAAwB,CAAC;AACtC,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,uBAAuB,CAAC,gBAA0B,EAAE,OAAmB;IACrF,MAAM,QAAQ,GAAwB,EAAE,CAAC;IACzC,KAAI,MAAM,MAAM,IAAI,gBAAgB,EAAE,CAAC;QACrC,KAAI,MAAM,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;YAC3C,QAAQ,CAAC,IAAI,CAAC;gBACZ,SAAS;gBACT,aAAa,EAAE,IAAA,8CAAgC,EAAC,OAAO,EAAE,SAAS,CAAC;gBACnE,WAAW,EAAE,IAAA,0CAA8B,EAAC,OAAO,EAAE,SAAS,CAAC;gBAC/D,cAAc,EAAE,IAAA,uCAAwB,EAAC,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC;gBACzE,cAAc,EAAE,OAAO;aACxB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/cjs/index.d.ts

@@ -1 +1,5 @@
+export { authorize, type AuthorizationRequest } from './core_engine/coreSimulatorEngine.js';
+export { type EvaluationResult } from './evaluate.js';
+export { AwsRequestImpl, type AwsRequest } from './request/request.js';
+export { RequestContextImpl, type RequestContext } from './requestContext.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/cjs/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":""}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AAC5F,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,KAAK,UAAU,EAAE,MAAM,sBAAsB,CAAC;AACvE,OAAO,EAAE,kBAAkB,EAAE,KAAK,cAAc,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/cjs/index.js

@@ -1,2 +1,10 @@
 "use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RequestContextImpl = exports.AwsRequestImpl = exports.authorize = void 0;
+var coreSimulatorEngine_js_1 = require("./core_engine/coreSimulatorEngine.js");
+Object.defineProperty(exports, "authorize", { enumerable: true, get: function () { return coreSimulatorEngine_js_1.authorize; } });
+var request_js_1 = require("./request/request.js");
+Object.defineProperty(exports, "AwsRequestImpl", { enumerable: true, get: function () { return request_js_1.AwsRequestImpl; } });
+var requestContext_js_1 = require("./requestContext.js");
+Object.defineProperty(exports, "RequestContextImpl", { enumerable: true, get: function () { return requestContext_js_1.RequestContextImpl; } });
 //# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":""}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAAA,+EAA4F;AAAnF,mHAAA,SAAS,OAAA;AAElB,mDAAuE;AAA9D,4GAAA,cAAc,OAAA;AACvB,yDAA8E;AAArE,uHAAA,kBAAkB,OAAA"}

package/dist/cjs/request/request.d.ts

@@ -14,7 +14,7 @@ export interface AwsRequest {
     /**
      * The resource to be acted upon
      */
-    resource?: RequestResource;
+    resource: RequestResource;
     /**
      * The context of the request
      */
@@ -37,10 +37,16 @@ export interface AwsRequest {
 }
 export declare class AwsRequestImpl implements AwsRequest {
     readonly principalString: string;
-    readonly resourceString: string | undefined;
+    readonly resourceIdentifier: {
+        resource: string;
+        accountId: string;
+    };
     readonly actionString: string;
     readonly context: RequestContext;
-    constructor(principalString: string, resourceString: string | undefined, actionString: string, context: RequestContext);
+    constructor(principalString: string, resourceIdentifier: {
+        resource: string;
+        accountId: string;
+    }, actionString: string, context: RequestContext);
     get action(): RequestAction;
     get resource(): RequestResource;
     get principal(): RequestPrincipal;

package/dist/cjs/request/request.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"request.d.ts","sourceRoot":"","sources":["../../../src/request/request.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,EAAE,aAAa,EAAqB,MAAM,oBAAoB,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAwB,MAAM,uBAAuB,CAAC;AAC/E,OAAO,EAAE,eAAe,EAAuB,MAAM,sBAAsB,CAAC;AAE5E;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,gBAAgB,CAAC;IAE5B;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,QAAQ,CAAC,EAAE,eAAe,CAAC;IAE3B;;OAEG;IACH,OAAO,EAAE,cAAc,CAAA;IAEvB;;;;;;OAMG;IACH,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAEvC;;;;;OAKG;IACH,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAAC;CAC7C;AAED,qBAAa,cAAe,YAAW,UAAU;aAEnB,eAAe,EAAE,MAAM;aACvB,cAAc,EAAE,MAAM,GAAG,SAAS;aAClC,YAAY,EAAE,MAAM;aACpB,OAAO,EAAE,cAAc;gBAHvB,eAAe,EAAE,MAAM,EACvB,cAAc,EAAE,MAAM,GAAG,SAAS,EAClC,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,cAAc;IAInD,IAAI,MAAM,IAAI,aAAa,CAE1B;IAED,IAAI,QAAQ,IAAI,eAAe,CAK9B;IAED,IAAI,SAAS,IAAI,gBAAgB,CAEhC;IAGM,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAKtC,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU;CAMnD"}
+{"version":3,"file":"request.d.ts","sourceRoot":"","sources":["../../../src/request/request.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,EAAE,aAAa,EAAqB,MAAM,oBAAoB,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAwB,MAAM,uBAAuB,CAAC;AAC/E,OAAO,EAAE,eAAe,EAAuB,MAAM,sBAAsB,CAAC;AAE5E;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,gBAAgB,CAAC;IAE5B;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,QAAQ,EAAE,eAAe,CAAC;IAE1B;;OAEG;IACH,OAAO,EAAE,cAAc,CAAA;IAEvB;;;;;;OAMG;IACH,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAEvC;;;;;OAKG;IACH,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAAC;CAC7C;AAED,qBAAa,cAAe,YAAW,UAAU;aAEnB,eAAe,EAAE,MAAM;aACvB,kBAAkB,EAAE;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAC;aACzD,YAAY,EAAE,MAAM;aACpB,OAAO,EAAE,cAAc;gBAHvB,eAAe,EAAE,MAAM,EACvB,kBAAkB,EAAE;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAC,EACzD,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,cAAc;IAInD,IAAI,MAAM,IAAI,aAAa,CAE1B;IAED,IAAI,QAAQ,IAAI,eAAe,CAE9B;IAED,IAAI,SAAS,IAAI,gBAAgB,CAEhC;IAGM,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAKtC,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU;CAOnD"}

package/dist/cjs/request/request.js

@@ -6,12 +6,12 @@ const requestPrincipal_js_1 = require("./requestPrincipal.js");
 const requestResource_js_1 = require("./requestResource.js");
 class AwsRequestImpl {
     principalString;
-    resourceString;
+    resourceIdentifier;
     actionString;
     context;
-    constructor(principalString, resourceString, actionString, context) {
+    constructor(principalString, resourceIdentifier, actionString, context) {
         this.principalString = principalString;
-        this.resourceString = resourceString;
+        this.resourceIdentifier = resourceIdentifier;
         this.actionString = actionString;
         this.context = context;
     }
@@ -19,10 +19,7 @@ class AwsRequestImpl {
         return new requestAction_js_1.RequestActionImpl(this.actionString);
     }
     get resource() {
-        if (this.resourceString === undefined) {
-            throw new Error('Resource is undefined');
-        }
-        return new requestResource_js_1.ResourceRequestImpl(this.resourceString);
+        return new requestResource_js_1.ResourceRequestImpl(this.resourceIdentifier.resource, this.resourceIdentifier.accountId);
     }
     get principal() {
         return new requestPrincipal_js_1.RequestPrincipalImpl(this.principalString);

package/dist/cjs/request/request.js.map

@@ -1 +1 @@
-{"version":3,"file":"request.js","sourceRoot":"","sources":["../../../src/request/request.ts"],"names":[],"mappings":";;;AACA,yDAAsE;AACtE,+DAA+E;AAC/E,6DAA4E;AAyC5E,MAAa,cAAc;IAEG;IACA;IACA;IACA;IAH5B,YAA4B,eAAuB,EACvB,cAAkC,EAClC,YAAoB,EACpB,OAAuB;QAHvB,oBAAe,GAAf,eAAe,CAAQ;QACvB,mBAAc,GAAd,cAAc,CAAoB;QAClC,iBAAY,GAAZ,YAAY,CAAQ;QACpB,YAAO,GAAP,OAAO,CAAgB;IAEnD,CAAC;IAED,IAAI,MAAM;QACR,OAAO,IAAI,oCAAiB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAClD,CAAC;IAED,IAAI,QAAQ;QACV,IAAG,IAAI,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;QAC1C,CAAC;QACD,OAAO,IAAI,wCAAmB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,0CAAoB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACxD,CAAC;IAGM,gBAAgB,CAAC,GAAW;QACjC,OAAO,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;IAC5C,CAAC;IAGM,kBAAkB,CAAC,GAAW;QACnC,IAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,EAAE,CAAC,CAAA;QAChD,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IAC3C,CAAC;CACF;AApCD,wCAoCC"}
+{"version":3,"file":"request.js","sourceRoot":"","sources":["../../../src/request/request.ts"],"names":[],"mappings":";;;AACA,yDAAsE;AACtE,+DAA+E;AAC/E,6DAA4E;AAyC5E,MAAa,cAAc;IAEG;IACA;IACA;IACA;IAH5B,YAA4B,eAAuB,EACvB,kBAAyD,EACzD,YAAoB,EACpB,OAAuB;QAHvB,oBAAe,GAAf,eAAe,CAAQ;QACvB,uBAAkB,GAAlB,kBAAkB,CAAuC;QACzD,iBAAY,GAAZ,YAAY,CAAQ;QACpB,YAAO,GAAP,OAAO,CAAgB;IAEnD,CAAC;IAED,IAAI,MAAM;QACR,OAAO,IAAI,oCAAiB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAClD,CAAC;IAED,IAAI,QAAQ;QACV,OAAO,IAAI,wCAAmB,CAAC,IAAI,CAAC,kBAAkB,CAAC,QAAQ,EAAE,IAAI,CAAC,kBAAkB,CAAC,SAAS,CAAC,CAAC;IACtG,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,0CAAoB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACxD,CAAC;IAGM,gBAAgB,CAAC,GAAW;QACjC,OAAO,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;IAC5C,CAAC;IAGM,kBAAkB,CAAC,GAAW;QACnC,IAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,EAAE,CAAC,CAAA;QAChD,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IAC3C,CAAC;CAEF;AAlCD,wCAkCC"}

package/dist/cjs/request/requestResource.d.ts

@@ -23,15 +23,21 @@ export interface RequestResource {
      * The resource of the ARN
      */
     resource(): string;
+    /**
+     * The account ID of the resource, independent of what is in the ARN
+     */
+    accountId(): string;
 }
 export declare class ResourceRequestImpl implements RequestResource {
     private readonly rawValue;
-    constructor(rawValue: string);
+    private readonly accountIdString;
+    constructor(rawValue: string, accountIdString: string);
     partition(): string;
     service(): string;
     region(): string;
     account(): string;
     resource(): string;
     value(): string;
+    accountId(): string;
 }
 //# sourceMappingURL=requestResource.d.ts.map

package/dist/cjs/request/requestResource.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"requestResource.d.ts","sourceRoot":"","sources":["../../../src/request/requestResource.ts"],"names":[],"mappings":"AACA,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,KAAK,IAAI,MAAM,CAAA;IAEf;;OAEG;IACH,SAAS,IAAI,MAAM,CAAA;IAEnB;;OAEG;IACH,OAAO,IAAI,MAAM,CAAA;IAEjB;;OAEG;IACH,MAAM,IAAI,MAAM,CAAA;IAEhB;;OAEG;IACH,OAAO,IAAI,MAAM,CAAA;IAEjB;;OAEG;IACH,QAAQ,IAAI,MAAM,CAAA;CACnB;AAGD,qBAAa,mBAAoB,YAAW,eAAe;IAC7C,OAAO,CAAC,QAAQ,CAAC,QAAQ;gBAAR,QAAQ,EAAE,MAAM;IAE7C,SAAS,IAAI,MAAM;IAInB,OAAO,IAAI,MAAM;IAIjB,MAAM,IAAI,MAAM;IAIhB,OAAO,IAAI,MAAM;IAIjB,QAAQ,IAAI,MAAM;IAIlB,KAAK,IAAI,MAAM;CAGhB"}
+{"version":3,"file":"requestResource.d.ts","sourceRoot":"","sources":["../../../src/request/requestResource.ts"],"names":[],"mappings":"AACA,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,KAAK,IAAI,MAAM,CAAA;IAEf;;OAEG;IACH,SAAS,IAAI,MAAM,CAAA;IAEnB;;OAEG;IACH,OAAO,IAAI,MAAM,CAAA;IAEjB;;OAEG;IACH,MAAM,IAAI,MAAM,CAAA;IAEhB;;OAEG;IACH,OAAO,IAAI,MAAM,CAAA;IAEjB;;OAEG;IACH,QAAQ,IAAI,MAAM,CAAA;IAElB;;OAEG;IACH,SAAS,IAAI,MAAM,CAAA;CACpB;AAGD,qBAAa,mBAAoB,YAAW,eAAe;IAC7C,OAAO,CAAC,QAAQ,CAAC,QAAQ;IAAU,OAAO,CAAC,QAAQ,CAAC,eAAe;gBAAlD,QAAQ,EAAE,MAAM,EAAmB,eAAe,EAAE,MAAM;IAEvF,SAAS,IAAI,MAAM;IAInB,OAAO,IAAI,MAAM;IAIjB,MAAM,IAAI,MAAM;IAIhB,OAAO,IAAI,MAAM;IAIjB,QAAQ,IAAI,MAAM;IAIlB,KAAK,IAAI,MAAM;IAIf,SAAS,IAAI,MAAM;CAGpB"}

package/dist/cjs/request/requestResource.js

@@ -3,8 +3,10 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.ResourceRequestImpl = void 0;
 class ResourceRequestImpl {
     rawValue;
-    constructor(rawValue) {
+    accountIdString;
+    constructor(rawValue, accountIdString) {
         this.rawValue = rawValue;
+        this.accountIdString = accountIdString;
     }
     partition() {
         return this.value().split(":").at(1);
@@ -24,6 +26,9 @@ class ResourceRequestImpl {
     value() {
         return this.rawValue;
     }
+    accountId() {
+        return this.accountIdString;
+    }
 }
 exports.ResourceRequestImpl = ResourceRequestImpl;
 //# sourceMappingURL=requestResource.js.map

package/dist/cjs/request/requestResource.js.map

@@ -1 +1 @@
-{"version":3,"file":"requestResource.js","sourceRoot":"","sources":["../../../src/request/requestResource.ts"],"names":[],"mappings":";;;AAkCA,MAAa,mBAAmB;IACD;IAA7B,YAA6B,QAAgB;QAAhB,aAAQ,GAAR,QAAQ,CAAQ;IAAG,CAAC;IAEjD,SAAS;QACP,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IACvC,CAAC;IAED,OAAO;QACL,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IACvC,CAAC;IAED,MAAM;QACJ,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IACvC,CAAC;IAED,OAAO;QACL,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IACvC,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACnD,CAAC;IAED,KAAK;QACH,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;CACF;AA1BD,kDA0BC"}
+{"version":3,"file":"requestResource.js","sourceRoot":"","sources":["../../../src/request/requestResource.ts"],"names":[],"mappings":";;;AAuCA,MAAa,mBAAmB;IACD;IAAmC;IAAhE,YAA6B,QAAgB,EAAmB,eAAuB;QAA1D,aAAQ,GAAR,QAAQ,CAAQ;QAAmB,oBAAe,GAAf,eAAe,CAAQ;IAAI,CAAC;IAE5F,SAAS;QACP,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IACvC,CAAC;IAED,OAAO;QACL,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IACvC,CAAC;IAED,MAAM;QACJ,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IACvC,CAAC;IAED,OAAO;QACL,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IACvC,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACnD,CAAC;IAED,KAAK;QACH,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED,SAAS;QACP,OAAO,IAAI,CAAC,eAAe,CAAA;IAC7B,CAAC;CACF;AA9BD,kDA8BC"}

package/dist/cjs/services/DefaultServiceAuthorizer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"DefaultServiceAuthorizer.d.ts","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,2BAA2B,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAIxF,qBAAa,wBAAyB,YAAW,iBAAiB;IACzD,SAAS,CAAC,OAAO,EAAE,2BAA2B,GAAG,gBAAgB;IAqBjE,uBAAuB,CAAC,OAAO,EAAE,2BAA2B,GAAG,gBAAgB;IAoB/E,uBAAuB,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO;IAU9D,4BAA4B,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO;IAUnE,2BAA2B,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO;IAUlE,6BAA6B,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO;CAS5E"}
+{"version":3,"file":"DefaultServiceAuthorizer.d.ts","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,2BAA2B,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAExF,qBAAa,wBAAyB,YAAW,iBAAiB;IACzD,SAAS,CAAC,OAAO,EAAE,2BAA2B,GAAG,gBAAgB;IAqBjE,uBAAuB,CAAC,OAAO,EAAE,2BAA2B,GAAG,gBAAgB;IAoB/E,uBAAuB,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO;IAU9D,4BAA4B,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO;IAUnE,2BAA2B,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO;IAUlE,6BAA6B,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO;CAS5E"}

package/dist/cjs/services/DefaultServiceAuthorizer.js

@@ -4,8 +4,8 @@ exports.DefaultServiceAuthorizer = void 0;
 class DefaultServiceAuthorizer {
     authorize(request) {
         const identityStatementResult = this.identityStatementResult(request);
-        const principalAccount = request.request.principalAccountId;
-        const resourceAccount = request.request.resourceAccountId;
+        const principalAccount = request.request.principal.accountId();
+        const resourceAccount = request.request.resource?.accountId();
         /**
          * Add checks for:
          * * resource policies

package/dist/cjs/services/DefaultServiceAuthorizer.js.map

@@ -1 +1 @@
-{"version":3,"file":"DefaultServiceAuthorizer.js","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":";;;AAMA,MAAa,wBAAwB;IAC5B,SAAS,CAAC,OAAoC;QACnD,MAAM,uBAAuB,GAAG,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;QACtE,MAAM,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAA;QAC3D,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAA;QACzD;;;;;;;WAOG;QACH,IAAG,uBAAuB,KAAK,SAAS,EAAE,CAAC;YACzC,IAAG,gBAAgB,KAAK,eAAe,EAAE,CAAC;gBACxC,OAAO,uBAAuB,CAAA;YAChC,CAAC;YACD,OAAO,kBAAkB,CAAA;QAC3B,CAAC;QACD,OAAO,uBAAuB,CAAC;IACjC,CAAC;IAEM,uBAAuB,CAAC,OAAoC;QACjE,MAAM,YAAY,GAAG,OAAO,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,CAAC,CAAC,CAAC;QACjG,IAAG,YAAY,EAAE,CAAC;YAChB,OAAO,kBAAkB,CAAC;QAC5B,CAAC;QAED,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5F,MAAM,YAAY,GAAG,OAAO,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/F,IAAG,aAAa,EAAE,CAAC;YACjB,OAAO,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;QAC9C,CAAC;QAED,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC,CAAC,CAAC,CAAC;QACjG,IAAG,aAAa,EAAE,CAAC;YACjB,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,OAAO,kBAAkB,CAAA;IAC3B,CAAC;IAEM,uBAAuB,CAAC,SAA4B;QACzD,IAAG,SAAS,CAAC,aAAa;YACxB,SAAS,CAAC,WAAW;YACrB,SAAS,CAAC,cAAc,KAAK,OAAO;YACpC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,OAAO,EAAE,CAAC;YACzC,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAEM,4BAA4B,CAAC,SAA4B;QAC9D,IAAG,SAAS,CAAC,aAAa;YACxB,SAAS,CAAC,WAAW;YACrB,SAAS,CAAC,cAAc,KAAK,SAAS;YACtC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,OAAO,EAAE,CAAC;YACzC,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,KAAK,CAAA;IACd,CAAC;IAEM,2BAA2B,CAAC,SAA4B;QAC7D,IAAG,SAAS,CAAC,aAAa;YACxB,SAAS,CAAC,WAAW;YACrB,SAAS,CAAC,cAAc,KAAK,SAAS;YACtC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,MAAM,EAAE,CAAC;YACxC,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,KAAK,CAAA;IACd,CAAC;IAEM,6BAA6B,CAAC,SAA4B;QAC/D,IAAG,SAAS,CAAC,aAAa;YACxB,SAAS,CAAC,WAAW;YACrB,SAAS,CAAC,cAAc,KAAK,OAAO;YACpC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,MAAM,EAAE,CAAC;YACxC,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AAjFD,4DAiFC"}
+{"version":3,"file":"DefaultServiceAuthorizer.js","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":";;;AAIA,MAAa,wBAAwB;IAC5B,SAAS,CAAC,OAAoC;QACnD,MAAM,uBAAuB,GAAG,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;QACtE,MAAM,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,CAAA;QAC9D,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,SAAS,EAAE,CAAA;QAC7D;;;;;;;WAOG;QACH,IAAG,uBAAuB,KAAK,SAAS,EAAE,CAAC;YACzC,IAAG,gBAAgB,KAAK,eAAe,EAAE,CAAC;gBACxC,OAAO,uBAAuB,CAAA;YAChC,CAAC;YACD,OAAO,kBAAkB,CAAA;QAC3B,CAAC;QACD,OAAO,uBAAuB,CAAC;IACjC,CAAC;IAEM,uBAAuB,CAAC,OAAoC;QACjE,MAAM,YAAY,GAAG,OAAO,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,CAAC,CAAC,CAAC;QACjG,IAAG,YAAY,EAAE,CAAC;YAChB,OAAO,kBAAkB,CAAC;QAC5B,CAAC;QAED,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5F,MAAM,YAAY,GAAG,OAAO,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/F,IAAG,aAAa,EAAE,CAAC;YACjB,OAAO,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;QAC9C,CAAC;QAED,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC,CAAC,CAAC,CAAC;QACjG,IAAG,aAAa,EAAE,CAAC;YACjB,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,OAAO,kBAAkB,CAAA;IAC3B,CAAC;IAEM,uBAAuB,CAAC,SAA4B;QACzD,IAAG,SAAS,CAAC,aAAa;YACxB,SAAS,CAAC,WAAW;YACrB,SAAS,CAAC,cAAc,KAAK,OAAO;YACpC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,OAAO,EAAE,CAAC;YACzC,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAEM,4BAA4B,CAAC,SAA4B;QAC9D,IAAG,SAAS,CAAC,aAAa;YACxB,SAAS,CAAC,WAAW;YACrB,SAAS,CAAC,cAAc,KAAK,SAAS;YACtC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,OAAO,EAAE,CAAC;YACzC,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,KAAK,CAAA;IACd,CAAC;IAEM,2BAA2B,CAAC,SAA4B;QAC7D,IAAG,SAAS,CAAC,aAAa;YACxB,SAAS,CAAC,WAAW;YACrB,SAAS,CAAC,cAAc,KAAK,SAAS;YACtC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,MAAM,EAAE,CAAC;YACxC,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,KAAK,CAAA;IACd,CAAC;IAEM,6BAA6B,CAAC,SAA4B;QAC/D,IAAG,SAAS,CAAC,aAAa;YACxB,SAAS,CAAC,WAAW;YACrB,SAAS,CAAC,cAAc,KAAK,OAAO;YACpC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,MAAM,EAAE,CAAC;YACxC,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AAjFD,4DAiFC"}

package/dist/cjs/simulation_engine/contextKeys.d.ts

@@ -0,0 +1,3 @@
+export declare function allowedContextKeysForRequest(service: string, action: string, resource: string): Promise<string[]>;
+export declare function convertPatternToRegex(pattern: string): string;
+//# sourceMappingURL=contextKeys.d.ts.map

package/dist/cjs/simulation_engine/contextKeys.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"contextKeys.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/contextKeys.ts"],"names":[],"mappings":"AAEA,wBAAsB,4BAA4B,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CA4BvH;AAED,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAsB7D"}

package/dist/cjs/simulation_engine/contextKeys.js

@@ -0,0 +1,53 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.allowedContextKeysForRequest = allowedContextKeysForRequest;
+exports.convertPatternToRegex = convertPatternToRegex;
+const iam_data_1 = require("@cloud-copilot/iam-data");
+async function allowedContextKeysForRequest(service, action, resource) {
+    const actionDetails = await (0, iam_data_1.iamActionDetails)(service, action);
+    const actionConditionKeys = actionDetails.conditionKeys;
+    if (actionDetails.resourceTypes.length === 0) {
+        return actionConditionKeys;
+    }
+    const matchingResourceTypes = [];
+    for (const rt of actionDetails.resourceTypes) {
+        const resourceType = await (0, iam_data_1.iamResourceTypeDetails)(service, rt.name);
+        const pattern = convertPatternToRegex(resourceType.arn);
+        const match = resource.match(new RegExp(pattern));
+        if (match) {
+            matchingResourceTypes.push(resourceType);
+        }
+    }
+    if (matchingResourceTypes.length != 1) {
+        const matchNames = matchingResourceTypes.map(rt => rt.key).join(", ");
+        throw new Error(`found ${matchingResourceTypes.length} matching resource types for ${resource}: ${matchNames}`);
+    }
+    console.log(matchingResourceTypes[0].key);
+    return [
+        ...matchingResourceTypes[0].conditionKeys,
+        ...actionConditionKeys
+    ];
+}
+function convertPatternToRegex(pattern) {
+    const regex = pattern.replace(/\$\{.*?\}/g, (match) => {
+        const name = match.substring(2, match.length - 1);
+        const camelName = name.at(0)?.toLowerCase() + name.substring(1);
+        return `(?<${camelName}>(.*?))`;
+    });
+    return `^${regex}$`;
+    // const parts = pattern.split('/')
+    // const lastPart = parts[parts.length - 1]
+    // const modifiedParts = parts.map((part) => {
+    //   if (part.startsWith('${') && part.endsWith('}')) {
+    //     const name = part.substring(2, part.length - 1)
+    //     const camelName = name.at(0)?.toLowerCase() + name.substring(1)
+    //     if (part === lastPart) {
+    //       return `(?<${camelName}>(.*))`
+    //     }
+    //     return `(?<${camelName}>([^\/]+))`
+    //   }
+    //   return part
+    // })
+    // return modifiedParts.join('\/')
+}
+//# sourceMappingURL=contextKeys.js.map

package/dist/cjs/simulation_engine/contextKeys.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"contextKeys.js","sourceRoot":"","sources":["../../../src/simulation_engine/contextKeys.ts"],"names":[],"mappings":";;AAEA,oEA4BC;AAED,sDAsBC;AAtDD,sDAAiG;AAE1F,KAAK,UAAU,4BAA4B,CAAC,OAAe,EAAE,MAAc,EAAE,QAAgB;IAClG,MAAM,aAAa,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9D,MAAM,mBAAmB,GAAG,aAAa,CAAC,aAAa,CAAC;IACxD,IAAG,aAAa,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,OAAO,mBAAmB,CAAA;IAC5B,CAAC;IAED,MAAM,qBAAqB,GAAmB,EAAE,CAAC;IACjD,KAAI,MAAM,EAAE,IAAI,aAAa,CAAC,aAAa,EAAE,CAAC;QAC5C,MAAM,YAAY,GAAG,MAAM,IAAA,iCAAsB,EAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;QACpE,MAAM,OAAO,GAAG,qBAAqB,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QACxD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;QAClD,IAAG,KAAK,EAAE,CAAC;YACT,qBAAqB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAED,IAAG,qBAAqB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACrC,MAAM,UAAU,GAAG,qBAAqB,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtE,MAAM,IAAI,KAAK,CAAC,SAAS,qBAAqB,CAAC,MAAM,gCAAgC,QAAQ,KAAK,UAAU,EAAE,CAAC,CAAC;IAClH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAE1C,OAAO;QACL,GAAG,qBAAqB,CAAC,CAAC,CAAC,CAAC,aAAa;QACzC,GAAG,mBAAmB;KACvB,CAAA;AACH,CAAC;AAED,SAAgB,qBAAqB,CAAC,OAAe;IACnD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,EAAE;QACpD,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;QAC/D,OAAO,MAAM,SAAS,SAAS,CAAA;IACjC,CAAC,CAAC,CAAA;IACF,OAAO,IAAI,KAAK,GAAG,CAAA;IAEnB,mCAAmC;IACnC,2CAA2C;IAC3C,8CAA8C;IAC9C,uDAAuD;IACvD,sDAAsD;IACtD,sEAAsE;IACtE,+BAA+B;IAC/B,uCAAuC;IACvC,QAAQ;IACR,yCAAyC;IACzC,MAAM;IACN,gBAAgB;IAChB,KAAK;IACL,kCAAkC;AACpC,CAAC"}

package/dist/cjs/simulation_engine/simulationEngine.d.ts

@@ -0,0 +1,25 @@
+import { ValidationError } from "@cloud-copilot/iam-policy";
+interface SimulationOptions {
+    assumeSecureTransport: boolean;
+}
+interface Simulation {
+    request: {
+        principal: string;
+        action: string;
+        resource: {
+            resource: string;
+            accountId: string;
+        };
+        contextVariables: Record<string, any>;
+    };
+    identityPolicies: Record<string, any>[];
+}
+export interface SimulationErrors {
+    identityPolicyErrors?: Record<string, ValidationError[]>;
+    message: string;
+}
+export interface SimulationResult {
+}
+export declare function runSimulation(simulation: Simulation, simulationOptions: SimulationOptions): Promise<SimulationResult>;
+export {};
+//# sourceMappingURL=simulationEngine.d.ts.map

package/dist/cjs/simulation_engine/simulationEngine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"simulationEngine.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":"AACA,OAAO,EAAwB,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAElF,UAAU,iBAAiB;IACzB,qBAAqB,EAAE,OAAO,CAAA;CAC/B;AAED,UAAU,UAAU;IAClB,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,EAAE;YACR,QAAQ,EAAE,MAAM,CAAC;YACjB,SAAS,EAAE,MAAM,CAAA;SAClB,CAAA;QACD,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;KACvC,CAAA;IAED,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,CAAC;CACzC;AAED,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;IACzD,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;CAEhC;AAED,wBAAsB,aAAa,CAAC,UAAU,EAAE,UAAU,EAAE,iBAAiB,EAAE,iBAAiB,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAoC3H"}

package/dist/cjs/simulation_engine/simulationEngine.js

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runSimulation = runSimulation;
+const iam_data_1 = require("@cloud-copilot/iam-data");
+const iam_policy_1 = require("@cloud-copilot/iam-policy");
+async function runSimulation(simulation, simulationOptions) {
+    const identityPolicyErrors = Object.keys(simulation.identityPolicies).reduce((acc, key) => {
+        acc[key] == (0, iam_policy_1.validatePolicySyntax)(simulation.identityPolicies[key]);
+        return acc;
+    }, {});
+    const errorCount = Object.values(identityPolicyErrors).flat().length;
+    if (errorCount > 0) {
+        return {
+            identityPolicyErrors
+        };
+    }
+    if (simulation.request.action.split(":").length != 2) {
+        return {
+            message: 'invalid.action'
+        };
+    }
+    const [service, action] = simulation.request.action.split(":");
+    const validService = await (0, iam_data_1.iamServiceExists)(service);
+    if (!validService) {
+        return {
+            message: 'invalid.service'
+        };
+    }
+    const validAction = await (0, iam_data_1.iamActionExists)(service, action);
+    if (!validAction) {
+        return {
+            message: 'invalid.action'
+        };
+    }
+    // Implementation goes here
+    return {};
+}
+//# sourceMappingURL=simulationEngine.js.map

package/dist/cjs/simulation_engine/simulationEngine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"simulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":";;AA8BA,sCAoCC;AAlED,sDAA4E;AAC5E,0DAAkF;AA6B3E,KAAK,UAAU,aAAa,CAAC,UAAsB,EAAE,iBAAoC;IAC9F,MAAM,oBAAoB,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,GAAW,EAAE,EAAE;QAChG,GAAG,CAAC,GAAG,CAAC,IAAI,IAAA,iCAAoB,EAAC,UAAU,CAAC,gBAAgB,CAAC,GAAU,CAAC,CAAC,CAAC;QAC1E,OAAO,GAAG,CAAA;IACZ,CAAC,EAAE,EAAuC,CAAC,CAAC;IAE5C,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC;IACrE,IAAG,UAAU,GAAG,CAAC,EAAE,CAAC;QAClB,OAAO;YACL,oBAAoB;SACrB,CAAA;IACH,CAAC;IAED,IAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACpD,OAAO;YACL,OAAO,EAAE,gBAAgB;SAC1B,CAAA;IACH,CAAC;IAED,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/D,MAAM,YAAY,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,CAAC,CAAC;IACrD,IAAG,CAAC,YAAY,EAAE,CAAC;QACjB,OAAO;YACL,OAAO,EAAE,iBAAiB;SAC3B,CAAA;IACH,CAAC;IACD,MAAM,WAAW,GAAG,MAAM,IAAA,0BAAe,EAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC3D,IAAG,CAAC,WAAW,EAAE,CAAC;QAChB,OAAO;YACL,OAAO,EAAE,gBAAgB;SAC1B,CAAA;IACH,CAAC;IAED,2BAA2B;IAC3B,OAAO,EAAsB,CAAC;AAEhC,CAAC"}

package/dist/esm/StatementAnalysis.d.ts

@@ -0,0 +1,27 @@
+import { Statement } from "@cloud-copilot/iam-policy";
+import { ConditionMatchResult } from "./condition/condition.js";
+import { PrincipalMatchResult } from "./principal/principal.js";
+/**
+ * The result of analyzing a statement against a request.
+ *
+ */
+export interface StatementAnalysis {
+    /**
+     * The statement being analyzed.
+     */
+    statement: Statement;
+    /**
+     * Whether the Resource or NotResource – if any – matches the request.
+     */
+    resourceMatch: boolean;
+    /**
+     * Whether the Action or NotAction matches the request.
+     */
+    actionMatch: boolean;
+    /**
+     * Whether the Principal or NotPrincipal – if any – matches the request.
+     */
+    principalMatch: PrincipalMatchResult;
+    conditionMatch: ConditionMatchResult;
+}
+//# sourceMappingURL=StatementAnalysis.d.ts.map

package/dist/esm/StatementAnalysis.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"StatementAnalysis.d.ts","sourceRoot":"","sources":["../../src/StatementAnalysis.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAEhE;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC;;OAEG;IACH,SAAS,EAAE,SAAS,CAAC;IAErB;;OAEG;IACH,aAAa,EAAE,OAAO,CAAC;IAEvB;;OAEG;IACH,WAAW,EAAE,OAAO,CAAC;IAErB;;OAEG;IACH,cAAc,EAAE,oBAAoB,CAAA;IACpC,cAAc,EAAE,oBAAoB,CAAA;CACrC"}

package/dist/esm/StatementAnalysis.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=StatementAnalysis.js.map

package/dist/esm/StatementAnalysis.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"StatementAnalysis.js","sourceRoot":"","sources":["../../src/StatementAnalysis.ts"],"names":[],"mappings":""}

package/dist/esm/action/action.d.ts

@@ -1,5 +1,13 @@
-import { Action } from "@cloud-copilot/iam-policy";
+import { Action, Statement } from "@cloud-copilot/iam-policy";
 import { AwsRequest } from "../request/request.js";
+/**
+ * Check if a request matches the Action or NotAction elements of a statement.
+ *
+ * @param request the request to check
+ * @param statement the statement to check against
+ * @returns true if the request matches the Action or NotAction in the statement, false otherwise
+ */
+export declare function requestMatchesStatementActions(request: AwsRequest, statement: Statement): boolean;
 /**
  * Check if a request matches a set of actions.
  *

package/dist/esm/action/action.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"action.d.ts","sourceRoot":"","sources":["../../../src/action/action.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAiBnD;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAiBrF;AAED;;;;;;GAMG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAExF"}
+{"version":3,"file":"action.d.ts","sourceRoot":"","sources":["../../../src/action/action.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAGnD;;;;;;GAMG;AACH,wBAAgB,8BAA8B,CAAC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,GAAG,OAAO,CAOjG;AAiBD;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAiBrF;AAED;;;;;;GAMG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAExF"}

package/dist/esm/action/action.js

@@ -1,3 +1,19 @@
+/**
+ * Check if a request matches the Action or NotAction elements of a statement.
+ *
+ * @param request the request to check
+ * @param statement the statement to check against
+ * @returns true if the request matches the Action or NotAction in the statement, false otherwise
+ */
+export function requestMatchesStatementActions(request, statement) {
+    if (statement.isActionStatement()) {
+        return requestMatchesActions(request, statement.actions());
+    }
+    else if (statement.isNotActionStatement()) {
+        return requestMatchesNotActions(request, statement.notActions());
+    }
+    throw new Error('Statement has neither Actions nor NotActions');
+}
 /**
  * Convert an action action (the part after the colon) to a regular expression.
  *

package/dist/esm/action/action.js.map

@@ -1 +1 @@
-{"version":3,"file":"action.js","sourceRoot":"","sources":["../../../src/action/action.ts"],"names":[],"mappings":"AAGA;;;;;GAKG;AACH,SAAS,oBAAoB,CAAC,MAAc;IAC1C,IAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IACD,MAAM,OAAO,GAAG,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,GAAG,CAAA;IAC5E,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;AACjC,CAAC;AAGD;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAmB,EAAE,OAAiB;IAC1E,KAAI,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,MAAM,CAAC,gBAAgB,EAAE,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC;QACd,CAAC;aAAM,IAAG,MAAM,CAAC,eAAe,EAAE,EAAE,CAAC;YACnC,IAAG,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC;gBAChD,SAAQ;YACV,CAAC;YACD,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;YAC1D,IAAG,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC;gBAC7C,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,wBAAwB,CAAC,OAAmB,EAAE,OAAiB;IAC7E,OAAO,CAAC,qBAAqB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AAClD,CAAC"}
+{"version":3,"file":"action.js","sourceRoot":"","sources":["../../../src/action/action.ts"],"names":[],"mappings":"AAIA;;;;;;GAMG;AACH,MAAM,UAAU,8BAA8B,CAAC,OAAmB,EAAE,SAAoB;IACtF,IAAG,SAAS,CAAC,iBAAiB,EAAE,EAAE,CAAC;QACjC,OAAO,qBAAqB,CAAC,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC;IAC7D,CAAC;SAAM,IAAI,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;QAC5C,OAAO,wBAAwB,CAAC,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC,CAAC;IACnE,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;AAClE,CAAC;AAED;;;;;GAKG;AACH,SAAS,oBAAoB,CAAC,MAAc;IAC1C,IAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IACD,MAAM,OAAO,GAAG,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,GAAG,CAAA;IAC5E,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;AACjC,CAAC;AAGD;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAmB,EAAE,OAAiB;IAC1E,KAAI,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,MAAM,CAAC,gBAAgB,EAAE,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC;QACd,CAAC;aAAM,IAAG,MAAM,CAAC,eAAe,EAAE,EAAE,CAAC;YACnC,IAAG,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC;gBAChD,SAAQ;YACV,CAAC;YACD,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;YAC1D,IAAG,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC;gBAC7C,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,wBAAwB,CAAC,OAAmB,EAAE,OAAiB;IAC7E,OAAO,CAAC,qBAAqB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AAClD,CAAC"}

package/dist/esm/condition/arn/ArnEquals.d.ts

@@ -0,0 +1,3 @@
+import { BaseConditionOperator } from "../BaseConditionOperator.js";
+export declare const ArnEquals: BaseConditionOperator;
+//# sourceMappingURL=ArnEquals.d.ts.map

package/dist/esm/condition/arn/ArnEquals.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ArnEquals.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/ArnEquals.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAGpE,eAAO,MAAM,SAAS,EAAE,qBAKvB,CAAA"}

package/dist/esm/condition/arn/ArnEquals.js

@@ -0,0 +1,8 @@
+import { ArnLike } from "./ArnLike.js";
+export const ArnEquals = {
+    name: 'ArnEquals',
+    matches: ArnLike.matches,
+    allowsVariables: ArnLike.allowsVariables,
+    allowsWildcards: ArnLike.allowsWildcards
+};
+//# sourceMappingURL=ArnEquals.js.map

package/dist/esm/condition/arn/ArnEquals.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ArnEquals.js","sourceRoot":"","sources":["../../../../src/condition/arn/ArnEquals.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,MAAM,CAAC,MAAM,SAAS,GAA0B;IAC9C,IAAI,EAAE,WAAW;IACjB,OAAO,EAAE,OAAO,CAAC,OAAO;IACxB,eAAe,EAAE,OAAO,CAAC,eAAe;IACxC,eAAe,EAAE,OAAO,CAAC,eAAe;CACzC,CAAA"}

package/dist/esm/condition/arn/ArnLike.d.ts

@@ -0,0 +1,3 @@
+import { BaseConditionOperator } from "../BaseConditionOperator.js";
+export declare const ArnLike: BaseConditionOperator;
+//# sourceMappingURL=ArnLike.d.ts.map

package/dist/esm/condition/arn/ArnLike.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ArnLike.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/ArnLike.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAEpE,eAAO,MAAM,OAAO,EAAE,qBAOrB,CAAA"}

package/dist/esm/condition/arn/ArnLike.js

@@ -0,0 +1,47 @@
+import { convertIamStringToRegex, isNotDefined, splitArnParts } from "../../util.js";
+export const ArnLike = {
+    name: 'ArnLike',
+    matches: (request, keyValue, policyValues) => {
+        return policyValues.some(policyArn => arnMatches(policyArn, keyValue, request));
+    },
+    allowsVariables: true,
+    allowsWildcards: true
+};
+/**
+ * Checks to see if a single ARN matches in ArnLike format
+ *
+ * @param policyArn the ARN to check against
+ * @param requestArn the ARN to check
+ * @param request the request to check
+ * @returns if the ARN matches
+ */
+function arnMatches(policyArn, requestArn, request) {
+    const policyParts = splitArnParts(policyArn);
+    const requestParts = splitArnParts(requestArn);
+    // If any of the parts are missing, return false
+    if (isNotDefined(policyParts.partition) ||
+        isNotDefined(policyParts.service) ||
+        isNotDefined(policyParts.region) ||
+        isNotDefined(policyParts.accountId) ||
+        isNotDefined(policyParts.resource)) {
+        return false;
+    }
+    // If any of the parts are missing, return false
+    if (isNotDefined(requestParts.partition) ||
+        isNotDefined(requestParts.service) ||
+        isNotDefined(requestParts.region) ||
+        isNotDefined(requestParts.accountId) ||
+        isNotDefined(requestParts.resource)) {
+        return false;
+    }
+    const replaceAndMatch = (policyPart, requestPart) => {
+        const pattern = convertIamStringToRegex(policyPart, request, { replaceWildcards: true });
+        return pattern.test(requestPart);
+    };
+    return replaceAndMatch(policyParts.partition, requestParts.partition) &&
+        replaceAndMatch(policyParts.service, requestParts.service) &&
+        replaceAndMatch(policyParts.region, requestParts.region) &&
+        replaceAndMatch(policyParts.accountId, requestParts.accountId) &&
+        replaceAndMatch(policyParts.resource, requestParts.resource);
+}
+//# sourceMappingURL=ArnLike.js.map

package/dist/esm/condition/arn/ArnLike.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ArnLike.js","sourceRoot":"","sources":["../../../../src/condition/arn/ArnLike.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,uBAAuB,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAGrF,MAAM,CAAC,MAAM,OAAO,GAA0B;IAC5C,IAAI,EAAE,SAAS;IACf,OAAO,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,EAAE;QAC3C,OAAO,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAA;IACjF,CAAC;IACD,eAAe,EAAE,IAAI;IACrB,eAAe,EAAE,IAAI;CACtB,CAAA;AAED;;;;;;;GAOG;AACH,SAAS,UAAU,CAAC,SAAiB,EAAE,UAAkB,EAAE,OAAmB;IAC5E,MAAM,WAAW,GAAG,aAAa,CAAC,SAAS,CAAC,CAAA;IAC5C,MAAM,YAAY,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;IAC9C,gDAAgD;IAChD,IAAG,YAAY,CAAC,WAAW,CAAC,SAAS,CAAC;QACnC,YAAY,CAAC,WAAW,CAAC,OAAO,CAAC;QACjC,YAAY,CAAC,WAAW,CAAC,MAAM,CAAC;QAChC,YAAY,CAAC,WAAW,CAAC,SAAS,CAAC;QACnC,YAAY,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;QACtC,OAAO,KAAK,CAAA;IACd,CAAC;IAED,gDAAgD;IAChD,IAAG,YAAY,CAAC,YAAY,CAAC,SAAS,CAAC;QACpC,YAAY,CAAC,YAAY,CAAC,OAAO,CAAC;QAClC,YAAY,CAAC,YAAY,CAAC,MAAM,CAAC;QACjC,YAAY,CAAC,YAAY,CAAC,SAAS,CAAC;QACpC,YAAY,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvC,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,eAAe,GAAG,CAAC,UAAkB,EAAE,WAAmB,EAAW,EAAE;QAC3E,MAAM,OAAO,GAAG,uBAAuB,CAAC,UAAU,EAAE,OAAO,EAAE,EAAC,gBAAgB,EAAE,IAAI,EAAC,CAAC,CAAA;QACtF,OAAO,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;IAClC,CAAC,CAAA;IAED,OAAO,eAAe,CAAC,WAAW,CAAC,SAAS,EAAE,YAAY,CAAC,SAAS,CAAC;QAC9D,eAAe,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC;QAC1D,eAAe,CAAC,WAAW,CAAC,MAAM,EAAE,YAAY,CAAC,MAAM,CAAC;QACxD,eAAe,CAAC,WAAW,CAAC,SAAS,EAAE,YAAY,CAAC,SAAS,CAAC;QAC9D,eAAe,CAAC,WAAW,CAAC,QAAQ,EAAE,YAAY,CAAC,QAAQ,CAAC,CAAA;AAErE,CAAC"}

package/dist/esm/condition/arn/ArnNotEquals.d.ts

@@ -0,0 +1,3 @@
+import { BaseConditionOperator } from "../BaseConditionOperator.js";
+export declare const ArnNotEquals: BaseConditionOperator;
+//# sourceMappingURL=ArnNotEquals.d.ts.map

package/dist/esm/condition/arn/ArnNotEquals.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ArnNotEquals.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/ArnNotEquals.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAGpE,eAAO,MAAM,YAAY,EAAE,qBAK1B,CAAA"}

package/dist/esm/condition/arn/ArnNotEquals.js

@@ -0,0 +1,8 @@
+import { ArnNotLike } from "./ArnNotLike.js";
+export const ArnNotEquals = {
+    name: 'ArnNotEquals',
+    matches: ArnNotLike.matches,
+    allowsVariables: ArnNotLike.allowsVariables,
+    allowsWildcards: ArnNotLike.allowsWildcards
+};
+//# sourceMappingURL=ArnNotEquals.js.map

package/dist/esm/condition/arn/ArnNotEquals.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ArnNotEquals.js","sourceRoot":"","sources":["../../../../src/condition/arn/ArnNotEquals.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAE7C,MAAM,CAAC,MAAM,YAAY,GAA0B;IACjD,IAAI,EAAE,cAAc;IACpB,OAAO,EAAE,UAAU,CAAC,OAAO;IAC3B,eAAe,EAAE,UAAU,CAAC,eAAe;IAC3C,eAAe,EAAE,UAAU,CAAC,eAAe;CAC5C,CAAA"}

package/dist/esm/condition/arn/ArnNotLike.d.ts

@@ -0,0 +1,3 @@
+import { BaseConditionOperator } from "../BaseConditionOperator.js";
+export declare const ArnNotLike: BaseConditionOperator;
+//# sourceMappingURL=ArnNotLike.d.ts.map

package/dist/esm/condition/arn/ArnNotLike.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ArnNotLike.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/ArnNotLike.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAGpE,eAAO,MAAM,UAAU,EAAE,qBAOxB,CAAA"}

package/dist/esm/condition/arn/ArnNotLike.js

@@ -0,0 +1,10 @@
+import { ArnLike } from "./ArnLike.js";
+export const ArnNotLike = {
+    name: 'ArnNotLike',
+    matches: (request, keyValue, policyValues) => {
+        return !ArnLike.matches(request, keyValue, policyValues);
+    },
+    allowsVariables: true,
+    allowsWildcards: true
+};
+//# sourceMappingURL=ArnNotLike.js.map