@cloud-copilot/iam-simulate 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE.txt +661 -0
- package/README.md +5 -0
- package/dist/cjs/StatementAnalysis.d.ts +27 -0
- package/dist/cjs/StatementAnalysis.d.ts.map +1 -0
- package/dist/cjs/StatementAnalysis.js +3 -0
- package/dist/cjs/StatementAnalysis.js.map +1 -0
- package/dist/cjs/action/action.d.ts +27 -0
- package/dist/cjs/action/action.d.ts.map +1 -0
- package/dist/cjs/action/action.js +72 -0
- package/dist/cjs/action/action.js.map +1 -0
- package/dist/cjs/action.d.ts +4 -0
- package/dist/cjs/action.d.ts.map +1 -0
- package/dist/cjs/action.js +21 -0
- package/dist/cjs/action.js.map +1 -0
- package/dist/cjs/condition/BaseConditionOperator.d.ts +8 -0
- package/dist/cjs/condition/BaseConditionOperator.d.ts.map +1 -0
- package/dist/cjs/condition/BaseConditionOperator.js +3 -0
- package/dist/cjs/condition/BaseConditionOperator.js.map +1 -0
- package/dist/cjs/condition/arn/ArnEquals.d.ts +3 -0
- package/dist/cjs/condition/arn/ArnEquals.d.ts.map +1 -0
- package/dist/cjs/condition/arn/ArnEquals.js +11 -0
- package/dist/cjs/condition/arn/ArnEquals.js.map +1 -0
- package/dist/cjs/condition/arn/ArnLike.d.ts +3 -0
- package/dist/cjs/condition/arn/ArnLike.d.ts.map +1 -0
- package/dist/cjs/condition/arn/ArnLike.js +50 -0
- package/dist/cjs/condition/arn/ArnLike.js.map +1 -0
- package/dist/cjs/condition/arn/ArnNotEquals.d.ts +3 -0
- package/dist/cjs/condition/arn/ArnNotEquals.d.ts.map +1 -0
- package/dist/cjs/condition/arn/ArnNotEquals.js +11 -0
- package/dist/cjs/condition/arn/ArnNotEquals.js.map +1 -0
- package/dist/cjs/condition/arn/ArnNotLike.d.ts +3 -0
- package/dist/cjs/condition/arn/ArnNotLike.d.ts.map +1 -0
- package/dist/cjs/condition/arn/ArnNotLike.js +13 -0
- package/dist/cjs/condition/arn/ArnNotLike.js.map +1 -0
- package/dist/cjs/condition/baseConditionperatorTests.d.ts +12 -0
- package/dist/cjs/condition/baseConditionperatorTests.d.ts.map +1 -0
- package/dist/cjs/condition/baseConditionperatorTests.js +21 -0
- package/dist/cjs/condition/baseConditionperatorTests.js.map +1 -0
- package/dist/cjs/condition/binary/BinaryEquals.d.ts +7 -0
- package/dist/cjs/condition/binary/BinaryEquals.d.ts.map +1 -0
- package/dist/cjs/condition/binary/BinaryEquals.js +16 -0
- package/dist/cjs/condition/binary/BinaryEquals.js.map +1 -0
- package/dist/cjs/condition/boolean/Bool.d.ts +3 -0
- package/dist/cjs/condition/boolean/Bool.d.ts.map +1 -0
- package/dist/cjs/condition/boolean/Bool.js +20 -0
- package/dist/cjs/condition/boolean/Bool.js.map +1 -0
- package/dist/cjs/condition/condition.d.ts +6 -0
- package/dist/cjs/condition/condition.d.ts.map +1 -0
- package/dist/cjs/condition/condition.js +123 -0
- package/dist/cjs/condition/condition.js.map +1 -0
- package/dist/cjs/condition/date/DateEquals.d.ts +3 -0
- package/dist/cjs/condition/date/DateEquals.d.ts.map +1 -0
- package/dist/cjs/condition/date/DateEquals.js +17 -0
- package/dist/cjs/condition/date/DateEquals.js.map +1 -0
- package/dist/cjs/condition/date/DateGreaterThan.d.ts +3 -0
- package/dist/cjs/condition/date/DateGreaterThan.d.ts.map +1 -0
- package/dist/cjs/condition/date/DateGreaterThan.js +17 -0
- package/dist/cjs/condition/date/DateGreaterThan.js.map +1 -0
- package/dist/cjs/condition/date/DateGreaterThanEquals.d.ts +3 -0
- package/dist/cjs/condition/date/DateGreaterThanEquals.d.ts.map +1 -0
- package/dist/cjs/condition/date/DateGreaterThanEquals.js +17 -0
- package/dist/cjs/condition/date/DateGreaterThanEquals.js.map +1 -0
- package/dist/cjs/condition/date/DateLessThan.d.ts +3 -0
- package/dist/cjs/condition/date/DateLessThan.d.ts.map +1 -0
- package/dist/cjs/condition/date/DateLessThan.js +17 -0
- package/dist/cjs/condition/date/DateLessThan.js.map +1 -0
- package/dist/cjs/condition/date/DateLessThanEquals.d.ts +3 -0
- package/dist/cjs/condition/date/DateLessThanEquals.d.ts.map +1 -0
- package/dist/cjs/condition/date/DateLessThanEquals.js +17 -0
- package/dist/cjs/condition/date/DateLessThanEquals.js.map +1 -0
- package/dist/cjs/condition/date/DateNotEquals.d.ts +3 -0
- package/dist/cjs/condition/date/DateNotEquals.d.ts.map +1 -0
- package/dist/cjs/condition/date/DateNotEquals.js +29 -0
- package/dist/cjs/condition/date/DateNotEquals.js.map +1 -0
- package/dist/cjs/condition/date/date.d.ts +17 -0
- package/dist/cjs/condition/date/date.d.ts.map +1 -0
- package/dist/cjs/condition/date/date.js +42 -0
- package/dist/cjs/condition/date/date.js.map +1 -0
- package/dist/cjs/condition/ipaddress/IpAddress.d.ts +3 -0
- package/dist/cjs/condition/ipaddress/IpAddress.d.ts.map +1 -0
- package/dist/cjs/condition/ipaddress/IpAddress.js +27 -0
- package/dist/cjs/condition/ipaddress/IpAddress.js.map +1 -0
- package/dist/cjs/condition/ipaddress/NotIpAddress.d.ts +3 -0
- package/dist/cjs/condition/ipaddress/NotIpAddress.d.ts.map +1 -0
- package/dist/cjs/condition/ipaddress/NotIpAddress.js +31 -0
- package/dist/cjs/condition/ipaddress/NotIpAddress.js.map +1 -0
- package/dist/cjs/condition/ipaddress/ipv4.d.ts +24 -0
- package/dist/cjs/condition/ipaddress/ipv4.d.ts.map +1 -0
- package/dist/cjs/condition/ipaddress/ipv4.js +59 -0
- package/dist/cjs/condition/ipaddress/ipv4.js.map +1 -0
- package/dist/cjs/condition/ipaddress/ipv6.d.ts +24 -0
- package/dist/cjs/condition/ipaddress/ipv6.d.ts.map +1 -0
- package/dist/cjs/condition/ipaddress/ipv6.js +111 -0
- package/dist/cjs/condition/ipaddress/ipv6.js.map +1 -0
- package/dist/cjs/condition/numeric/NumericEquals.d.ts +3 -0
- package/dist/cjs/condition/numeric/NumericEquals.d.ts.map +1 -0
- package/dist/cjs/condition/numeric/NumericEquals.js +17 -0
- package/dist/cjs/condition/numeric/NumericEquals.js.map +1 -0
- package/dist/cjs/condition/numeric/NumericGreaterThan.d.ts +3 -0
- package/dist/cjs/condition/numeric/NumericGreaterThan.d.ts.map +1 -0
- package/dist/cjs/condition/numeric/NumericGreaterThan.js +17 -0
- package/dist/cjs/condition/numeric/NumericGreaterThan.js.map +1 -0
- package/dist/cjs/condition/numeric/NumericGreaterThanEquals.d.ts +3 -0
- package/dist/cjs/condition/numeric/NumericGreaterThanEquals.d.ts.map +1 -0
- package/dist/cjs/condition/numeric/NumericGreaterThanEquals.js +17 -0
- package/dist/cjs/condition/numeric/NumericGreaterThanEquals.js.map +1 -0
- package/dist/cjs/condition/numeric/NumericLessThan.d.ts +3 -0
- package/dist/cjs/condition/numeric/NumericLessThan.d.ts.map +1 -0
- package/dist/cjs/condition/numeric/NumericLessThan.js +17 -0
- package/dist/cjs/condition/numeric/NumericLessThan.js.map +1 -0
- package/dist/cjs/condition/numeric/NumericLessThanEquals.d.ts +3 -0
- package/dist/cjs/condition/numeric/NumericLessThanEquals.d.ts.map +1 -0
- package/dist/cjs/condition/numeric/NumericLessThanEquals.js +17 -0
- package/dist/cjs/condition/numeric/NumericLessThanEquals.js.map +1 -0
- package/dist/cjs/condition/numeric/NumericNotEquals.d.ts +3 -0
- package/dist/cjs/condition/numeric/NumericNotEquals.d.ts.map +1 -0
- package/dist/cjs/condition/numeric/NumericNotEquals.js +29 -0
- package/dist/cjs/condition/numeric/NumericNotEquals.js.map +1 -0
- package/dist/cjs/condition/numeric/numeric.d.ts +17 -0
- package/dist/cjs/condition/numeric/numeric.d.ts.map +1 -0
- package/dist/cjs/condition/numeric/numeric.js +41 -0
- package/dist/cjs/condition/numeric/numeric.js.map +1 -0
- package/dist/cjs/condition/string/StringEquals.d.ts +3 -0
- package/dist/cjs/condition/string/StringEquals.d.ts.map +1 -0
- package/dist/cjs/condition/string/StringEquals.js +14 -0
- package/dist/cjs/condition/string/StringEquals.js.map +1 -0
- package/dist/cjs/condition/string/StringEqualsIgnoreCase.d.ts +3 -0
- package/dist/cjs/condition/string/StringEqualsIgnoreCase.d.ts.map +1 -0
- package/dist/cjs/condition/string/StringEqualsIgnoreCase.js +17 -0
- package/dist/cjs/condition/string/StringEqualsIgnoreCase.js.map +1 -0
- package/dist/cjs/condition/string/StringLike.d.ts +3 -0
- package/dist/cjs/condition/string/StringLike.d.ts.map +1 -0
- package/dist/cjs/condition/string/StringLike.js +14 -0
- package/dist/cjs/condition/string/StringLike.js.map +1 -0
- package/dist/cjs/condition/string/StringNotEquals.d.ts +3 -0
- package/dist/cjs/condition/string/StringNotEquals.d.ts.map +1 -0
- package/dist/cjs/condition/string/StringNotEquals.js +14 -0
- package/dist/cjs/condition/string/StringNotEquals.js.map +1 -0
- package/dist/cjs/condition/string/StringNotEqualsIgnoreCase.d.ts +3 -0
- package/dist/cjs/condition/string/StringNotEqualsIgnoreCase.d.ts.map +1 -0
- package/dist/cjs/condition/string/StringNotEqualsIgnoreCase.js +13 -0
- package/dist/cjs/condition/string/StringNotEqualsIgnoreCase.js.map +1 -0
- package/dist/cjs/condition/string/StringNotLike.d.ts +3 -0
- package/dist/cjs/condition/string/StringNotLike.d.ts.map +1 -0
- package/dist/cjs/condition/string/StringNotLike.js +13 -0
- package/dist/cjs/condition/string/StringNotLike.js.map +1 -0
- package/dist/cjs/condition/strings/StringEquals.d.ts +3 -0
- package/dist/cjs/condition/strings/StringEquals.d.ts.map +1 -0
- package/dist/cjs/condition/strings/StringEquals.js +14 -0
- package/dist/cjs/condition/strings/StringEquals.js.map +1 -0
- package/dist/cjs/core_engine/coreSimulatorEngine.d.ts +44 -0
- package/dist/cjs/core_engine/coreSimulatorEngine.d.ts.map +1 -0
- package/dist/cjs/core_engine/coreSimulatorEngine.js +60 -0
- package/dist/cjs/core_engine/coreSimulatorEngine.js.map +1 -0
- package/dist/cjs/evaluate.d.ts +2 -0
- package/dist/cjs/evaluate.d.ts.map +1 -0
- package/dist/cjs/evaluate.js +3 -0
- package/dist/cjs/evaluate.js.map +1 -0
- package/dist/cjs/index.d.ts +1 -0
- package/dist/cjs/index.d.ts.map +1 -0
- package/dist/cjs/index.js +2 -0
- package/dist/cjs/index.js.map +1 -0
- package/dist/cjs/package.json +3 -0
- package/dist/cjs/principal/principal.d.ts +30 -0
- package/dist/cjs/principal/principal.d.ts.map +1 -0
- package/dist/cjs/principal/principal.js +107 -0
- package/dist/cjs/principal/principal.js.map +1 -0
- package/dist/cjs/request/request.d.ts +50 -0
- package/dist/cjs/request/request.d.ts.map +1 -0
- package/dist/cjs/request/request.js +41 -0
- package/dist/cjs/request/request.js.map +1 -0
- package/dist/cjs/request/requestAction.d.ts +27 -0
- package/dist/cjs/request/requestAction.d.ts.map +1 -0
- package/dist/cjs/request/requestAction.js +20 -0
- package/dist/cjs/request/requestAction.js.map +1 -0
- package/dist/cjs/request/requestPrincipal.d.ts +20 -0
- package/dist/cjs/request/requestPrincipal.d.ts.map +1 -0
- package/dist/cjs/request/requestPrincipal.js +17 -0
- package/dist/cjs/request/requestPrincipal.js.map +1 -0
- package/dist/cjs/request/requestResource.d.ts +37 -0
- package/dist/cjs/request/requestResource.d.ts.map +1 -0
- package/dist/cjs/request/requestResource.js +29 -0
- package/dist/cjs/request/requestResource.js.map +1 -0
- package/dist/cjs/request/requestSupplementalData.d.ts +19 -0
- package/dist/cjs/request/requestSupplementalData.d.ts.map +1 -0
- package/dist/cjs/request/requestSupplementalData.js +37 -0
- package/dist/cjs/request/requestSupplementalData.js.map +1 -0
- package/dist/cjs/request.d.ts +15 -0
- package/dist/cjs/request.d.ts.map +1 -0
- package/dist/cjs/request.js +17 -0
- package/dist/cjs/request.js.map +1 -0
- package/dist/cjs/requestContext.d.ts +63 -0
- package/dist/cjs/requestContext.d.ts.map +1 -0
- package/dist/cjs/requestContext.js +46 -0
- package/dist/cjs/requestContext.js.map +1 -0
- package/dist/cjs/resource/resource.d.ts +27 -0
- package/dist/cjs/resource/resource.d.ts.map +1 -0
- package/dist/cjs/resource/resource.js +100 -0
- package/dist/cjs/resource/resource.js.map +1 -0
- package/dist/cjs/services/DefaultServiceAuthorizer.d.ts +12 -0
- package/dist/cjs/services/DefaultServiceAuthorizer.d.ts.map +1 -0
- package/dist/cjs/services/DefaultServiceAuthorizer.js +79 -0
- package/dist/cjs/services/DefaultServiceAuthorizer.js.map +1 -0
- package/dist/cjs/services/ServiceAuthorizer.d.ts +11 -0
- package/dist/cjs/services/ServiceAuthorizer.d.ts.map +1 -0
- package/dist/cjs/services/ServiceAuthorizer.js +3 -0
- package/dist/cjs/services/ServiceAuthorizer.js.map +1 -0
- package/dist/cjs/util.d.ts +47 -0
- package/dist/cjs/util.d.ts.map +1 -0
- package/dist/cjs/util.js +180 -0
- package/dist/cjs/util.js.map +1 -0
- package/dist/esm/action/action.d.ts +19 -0
- package/dist/esm/action/action.d.ts.map +1 -0
- package/dist/esm/action/action.js +51 -0
- package/dist/esm/action/action.js.map +1 -0
- package/dist/esm/action.d.ts +4 -0
- package/dist/esm/action.d.ts.map +1 -0
- package/dist/esm/action.js +18 -0
- package/dist/esm/action.js.map +1 -0
- package/dist/esm/condition/BaseConditionOperator.d.ts +8 -0
- package/dist/esm/condition/BaseConditionOperator.d.ts.map +1 -0
- package/dist/esm/condition/BaseConditionOperator.js +2 -0
- package/dist/esm/condition/BaseConditionOperator.js.map +1 -0
- package/dist/esm/condition/condition.d.ts +5 -0
- package/dist/esm/condition/condition.d.ts.map +1 -0
- package/dist/esm/condition/condition.js +70 -0
- package/dist/esm/condition/condition.js.map +1 -0
- package/dist/esm/condition/strings/StringEquals.d.ts +3 -0
- package/dist/esm/condition/strings/StringEquals.d.ts.map +1 -0
- package/dist/esm/condition/strings/StringEquals.js +11 -0
- package/dist/esm/condition/strings/StringEquals.js.map +1 -0
- package/dist/esm/evaluate.d.ts +2 -0
- package/dist/esm/evaluate.d.ts.map +1 -0
- package/dist/esm/evaluate.js +2 -0
- package/dist/esm/evaluate.js.map +1 -0
- package/dist/esm/index.d.ts +1 -0
- package/dist/esm/index.d.ts.map +1 -0
- package/dist/esm/index.js +2 -0
- package/dist/esm/index.js.map +1 -0
- package/dist/esm/package.json +3 -0
- package/dist/esm/principal/principal.d.ts +31 -0
- package/dist/esm/principal/principal.d.ts.map +1 -0
- package/dist/esm/principal/principal.js +100 -0
- package/dist/esm/principal/principal.js.map +1 -0
- package/dist/esm/request/request.d.ts +52 -0
- package/dist/esm/request/request.d.ts.map +1 -0
- package/dist/esm/request/request.js +34 -0
- package/dist/esm/request/request.js.map +1 -0
- package/dist/esm/request/requestAction.d.ts +27 -0
- package/dist/esm/request/requestAction.d.ts.map +1 -0
- package/dist/esm/request/requestAction.js +15 -0
- package/dist/esm/request/requestAction.js.map +1 -0
- package/dist/esm/request/requestPrincipal.d.ts +20 -0
- package/dist/esm/request/requestPrincipal.d.ts.map +1 -0
- package/dist/esm/request/requestPrincipal.js +12 -0
- package/dist/esm/request/requestPrincipal.js.map +1 -0
- package/dist/esm/request/requestResource.d.ts +37 -0
- package/dist/esm/request/requestResource.d.ts.map +1 -0
- package/dist/esm/request/requestResource.js +24 -0
- package/dist/esm/request/requestResource.js.map +1 -0
- package/dist/esm/request/requestSupplementalData.d.ts +19 -0
- package/dist/esm/request/requestSupplementalData.d.ts.map +1 -0
- package/dist/esm/request/requestSupplementalData.js +30 -0
- package/dist/esm/request/requestSupplementalData.js.map +1 -0
- package/dist/esm/request.d.ts +15 -0
- package/dist/esm/request.d.ts.map +1 -0
- package/dist/esm/request.js +9 -0
- package/dist/esm/request.js.map +1 -0
- package/dist/esm/requestContext.d.ts +63 -0
- package/dist/esm/requestContext.d.ts.map +1 -0
- package/dist/esm/requestContext.js +39 -0
- package/dist/esm/requestContext.js.map +1 -0
- package/dist/esm/resource/resource.d.ts +12 -0
- package/dist/esm/resource/resource.d.ts.map +1 -0
- package/dist/esm/resource/resource.js +97 -0
- package/dist/esm/resource/resource.js.map +1 -0
- package/dist/esm/util.d.ts +15 -0
- package/dist/esm/util.d.ts.map +1 -0
- package/dist/esm/util.js +97 -0
- package/dist/esm/util.js.map +1 -0
- package/package.json +45 -0
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
import { Principal } from "@cloud-copilot/iam-policy";
|
|
2
|
+
import { AwsRequest } from "../request/request.js";
|
|
3
|
+
export type PrincipalMatchResult = 'Match' | 'NoMatch' | 'AccountLevelMatch';
|
|
4
|
+
/**
|
|
5
|
+
* Check to see if a request matches a Principal element in an IAM policy statement
|
|
6
|
+
*
|
|
7
|
+
* @param request the request to check
|
|
8
|
+
* @param principal the list of principals in the Principal element of the Statement
|
|
9
|
+
* @returns if the request matches the Principal element, and if so, how it matches
|
|
10
|
+
*/
|
|
11
|
+
export declare function requestMatchesPrincipal(request: AwsRequest, principal: Principal[]): PrincipalMatchResult;
|
|
12
|
+
/**
|
|
13
|
+
* Check to see if a request matches a NotPrincipal element in an IAM policy statement
|
|
14
|
+
*
|
|
15
|
+
* @param request the request to check
|
|
16
|
+
* @param notPrincipal the list of principals in the NotPrincipal element of the Statement
|
|
17
|
+
* @returns
|
|
18
|
+
*/
|
|
19
|
+
export declare function requestMatchesNotPrincipal(request: AwsRequest, notPrincipal: Principal[]): PrincipalMatchResult;
|
|
20
|
+
/**
|
|
21
|
+
* Check to see if a request matches a principal statement
|
|
22
|
+
*
|
|
23
|
+
* @param request the request to check
|
|
24
|
+
* @param principalStatement the principal statement to check the request against
|
|
25
|
+
* @returns if the request matches the principal statement, and if so, how it matches
|
|
26
|
+
*/
|
|
27
|
+
export declare function requestMatchesPrincipalStatement(request: AwsRequest, principalStatement: Principal): PrincipalMatchResult;
|
|
28
|
+
export declare function isAssumedRoleArn(principal: string): boolean;
|
|
29
|
+
export declare function roleArnFromAssumedRoleArn(assumedRoleArn: string): string;
|
|
30
|
+
//# sourceMappingURL=principal.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"principal.d.ts","sourceRoot":"","sources":["../../../src/principal/principal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AA4CnD,MAAM,MAAM,oBAAoB,GAAG,OAAO,GAAG,SAAS,GAAG,mBAAmB,CAAA;AAE5E;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,oBAAoB,CAWzG;AAED;;;;;;GAMG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,oBAAoB,CAiB/G;AAED;;;;;;GAMG;AACH,wBAAgB,gCAAgC,CAAC,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,SAAS,GAAG,oBAAoB,CAgDzH;AAID,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAE3D;AAED,wBAAgB,yBAAyB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,CAKxE"}
|
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.requestMatchesPrincipal = requestMatchesPrincipal;
|
|
4
|
+
exports.requestMatchesNotPrincipal = requestMatchesNotPrincipal;
|
|
5
|
+
exports.requestMatchesPrincipalStatement = requestMatchesPrincipalStatement;
|
|
6
|
+
exports.isAssumedRoleArn = isAssumedRoleArn;
|
|
7
|
+
exports.roleArnFromAssumedRoleArn = roleArnFromAssumedRoleArn;
|
|
8
|
+
/**
|
|
9
|
+
* Check to see if a request matches a Principal element in an IAM policy statement
|
|
10
|
+
*
|
|
11
|
+
* @param request the request to check
|
|
12
|
+
* @param principal the list of principals in the Principal element of the Statement
|
|
13
|
+
* @returns if the request matches the Principal element, and if so, how it matches
|
|
14
|
+
*/
|
|
15
|
+
function requestMatchesPrincipal(request, principal) {
|
|
16
|
+
const matches = principal.map(principalStatement => requestMatchesPrincipalStatement(request, principalStatement));
|
|
17
|
+
if (matches.includes('Match')) {
|
|
18
|
+
return 'Match';
|
|
19
|
+
}
|
|
20
|
+
if (matches.includes('AccountLevelMatch')) {
|
|
21
|
+
return 'AccountLevelMatch';
|
|
22
|
+
}
|
|
23
|
+
return 'NoMatch';
|
|
24
|
+
}
|
|
25
|
+
/**
|
|
26
|
+
* Check to see if a request matches a NotPrincipal element in an IAM policy statement
|
|
27
|
+
*
|
|
28
|
+
* @param request the request to check
|
|
29
|
+
* @param notPrincipal the list of principals in the NotPrincipal element of the Statement
|
|
30
|
+
* @returns
|
|
31
|
+
*/
|
|
32
|
+
function requestMatchesNotPrincipal(request, notPrincipal) {
|
|
33
|
+
const matches = notPrincipal.map(principalStatement => requestMatchesPrincipalStatement(request, principalStatement));
|
|
34
|
+
if (matches.includes('Match')) {
|
|
35
|
+
return 'NoMatch';
|
|
36
|
+
}
|
|
37
|
+
/**
|
|
38
|
+
* Need to do research on this. If there is an account level match on a NotPrincipal, does that
|
|
39
|
+
* mean it tentatively matches the NotPrincipal, or does it mean it does not match the NotPrincipal?
|
|
40
|
+
*
|
|
41
|
+
* We need to test this.
|
|
42
|
+
*/
|
|
43
|
+
if (matches.includes('AccountLevelMatch')) {
|
|
44
|
+
return 'NoMatch';
|
|
45
|
+
}
|
|
46
|
+
return 'Match';
|
|
47
|
+
}
|
|
48
|
+
/**
|
|
49
|
+
* Check to see if a request matches a principal statement
|
|
50
|
+
*
|
|
51
|
+
* @param request the request to check
|
|
52
|
+
* @param principalStatement the principal statement to check the request against
|
|
53
|
+
* @returns if the request matches the principal statement, and if so, how it matches
|
|
54
|
+
*/
|
|
55
|
+
function requestMatchesPrincipalStatement(request, principalStatement) {
|
|
56
|
+
if (principalStatement.isServicePrincipal()) {
|
|
57
|
+
if (principalStatement.service() === request.principal.value()) {
|
|
58
|
+
return 'Match';
|
|
59
|
+
}
|
|
60
|
+
return 'NoMatch';
|
|
61
|
+
}
|
|
62
|
+
if (principalStatement.isCanonicalUserPrincipal()) {
|
|
63
|
+
if (principalStatement.canonicalUser() === request.principal.value()) {
|
|
64
|
+
return 'Match';
|
|
65
|
+
}
|
|
66
|
+
return 'NoMatch';
|
|
67
|
+
}
|
|
68
|
+
if (principalStatement.isFederatedPrincipal()) {
|
|
69
|
+
if (principalStatement.federated() === request.principal.value()) {
|
|
70
|
+
return 'Match';
|
|
71
|
+
}
|
|
72
|
+
return 'NoMatch';
|
|
73
|
+
}
|
|
74
|
+
if (principalStatement.isWildcardPrincipal()) {
|
|
75
|
+
return 'Match';
|
|
76
|
+
}
|
|
77
|
+
if (principalStatement.isAccountPrincipal()) {
|
|
78
|
+
if (principalStatement.accountId() === request.principal.accountId()) {
|
|
79
|
+
return 'AccountLevelMatch';
|
|
80
|
+
}
|
|
81
|
+
return 'NoMatch';
|
|
82
|
+
}
|
|
83
|
+
if (principalStatement.isAwsPrincipal()) {
|
|
84
|
+
if (isAssumedRoleArn(request.principal.value())) {
|
|
85
|
+
const sessionArn = request.principal.value();
|
|
86
|
+
const roleArn = roleArnFromAssumedRoleArn(sessionArn);
|
|
87
|
+
if (principalStatement.arn() === roleArn || principalStatement.arn() === sessionArn) {
|
|
88
|
+
return 'Match';
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
if (principalStatement.arn() === request.principal.value()) {
|
|
92
|
+
return 'Match';
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
return 'NoMatch';
|
|
96
|
+
}
|
|
97
|
+
const assumedRoleArnRegex = /^arn:aws:sts::\d{12}:assumed-role\/.*$/;
|
|
98
|
+
function isAssumedRoleArn(principal) {
|
|
99
|
+
return assumedRoleArnRegex.test(principal);
|
|
100
|
+
}
|
|
101
|
+
function roleArnFromAssumedRoleArn(assumedRoleArn) {
|
|
102
|
+
const stsParts = assumedRoleArn.split(':');
|
|
103
|
+
const resourceParts = stsParts.at(-1).split('/');
|
|
104
|
+
const rolePathAndName = resourceParts.slice(1, -1).join('/');
|
|
105
|
+
return `arn:aws:iam::${stsParts[4]}:role/${rolePathAndName}`;
|
|
106
|
+
}
|
|
107
|
+
//# sourceMappingURL=principal.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"principal.js","sourceRoot":"","sources":["../../../src/principal/principal.ts"],"names":[],"mappings":";;AAsDA,0DAWC;AASD,gEAiBC;AASD,4EAgDC;AAID,4CAEC;AAED,8DAKC;AAlHD;;;;;;GAMG;AACH,SAAgB,uBAAuB,CAAC,OAAmB,EAAE,SAAsB;IACjF,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,kBAAkB,CAAC,EAAE,CAAC,gCAAgC,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC,CAAA;IAClH,IAAG,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,IAAG,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;QACzC,OAAO,mBAAmB,CAAA;IAC5B,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,0BAA0B,CAAC,OAAmB,EAAE,YAAyB;IACvF,MAAM,OAAO,GAAG,YAAY,CAAC,GAAG,CAAC,kBAAkB,CAAC,EAAE,CAAC,gCAAgC,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC,CAAA;IACrH,IAAG,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,OAAO,SAAS,CAAA;IAClB,CAAC;IAED;;;;;OAKG;IACH,IAAG,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;QACzC,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,gCAAgC,CAAC,OAAmB,EAAE,kBAA6B;IACjG,IAAG,kBAAkB,CAAC,kBAAkB,EAAE,EAAE,CAAC;QAC3C,IAAG,kBAAkB,CAAC,OAAO,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC;YAC9D,OAAO,OAAO,CAAA;QAChB,CAAC;QACD,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,IAAG,kBAAkB,CAAC,wBAAwB,EAAE,EAAE,CAAC;QACjD,IAAG,kBAAkB,CAAC,aAAa,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC;YACpE,OAAO,OAAO,CAAA;QAChB,CAAC;QACD,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,IAAG,kBAAkB,CAAC,oBAAoB,EAAE,EAAE,CAAC;QAC7C,IAAG,kBAAkB,CAAC,SAAS,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC;YAChE,OAAO,OAAO,CAAA;QAChB,CAAC;QACD,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,IAAG,kBAAkB,CAAC,mBAAmB,EAAE,EAAE,CAAC;QAC5C,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,IAAG,kBAAkB,CAAC,kBAAkB,EAAE,EAAE,CAAC;QAC3C,IAAG,kBAAkB,CAAC,SAAS,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,CAAC;YACpE,OAAO,mBAAmB,CAAA;QAC5B,CAAC;QACD,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,IAAG,kBAAkB,CAAC,cAAc,EAAE,EAAE,CAAC;QACvC,IAAG,gBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC;YAC/C,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAA;YAC5C,MAAM,OAAO,GAAG,yBAAyB,CAAC,UAAU,CAAC,CAAA;YACrD,IAAG,kBAAkB,CAAC,GAAG,EAAE,KAAM,OAAO,IAAI,kBAAkB,CAAC,GAAG,EAAE,KAAK,UAAU,EAAE,CAAC;gBACpF,OAAO,OAAO,CAAA;YAChB,CAAC;QACH,CAAC;QAED,IAAG,kBAAkB,CAAC,GAAG,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC;YAC1D,OAAO,OAAO,CAAA;QAChB,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,MAAM,mBAAmB,GAAG,wCAAwC,CAAA;AAEpE,SAAgB,gBAAgB,CAAC,SAAiB;IAChD,OAAO,mBAAmB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;AAC5C,CAAC;AAED,SAAgB,yBAAyB,CAAC,cAAsB;IAC9D,MAAM,QAAQ,GAAG,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC1C,MAAM,aAAa,GAAG,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACjD,MAAM,eAAe,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAC5D,OAAO,gBAAgB,QAAQ,CAAC,CAAC,CAAC,SAAS,eAAe,EAAE,CAAA;AAC9D,CAAC"}
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
import { ContextKey, RequestContext } from "../requestContext.js";
|
|
2
|
+
import { RequestAction } from "./requestAction.js";
|
|
3
|
+
import { RequestPrincipal } from "./requestPrincipal.js";
|
|
4
|
+
import { RequestResource } from "./requestResource.js";
|
|
5
|
+
/**
|
|
6
|
+
* A request to be evaluated by the policy engine
|
|
7
|
+
*/
|
|
8
|
+
export interface AwsRequest {
|
|
9
|
+
principal: RequestPrincipal;
|
|
10
|
+
/**
|
|
11
|
+
* The action to be performed
|
|
12
|
+
*/
|
|
13
|
+
action: RequestAction;
|
|
14
|
+
/**
|
|
15
|
+
* The resource to be acted upon
|
|
16
|
+
*/
|
|
17
|
+
resource?: RequestResource;
|
|
18
|
+
/**
|
|
19
|
+
* The context of the request
|
|
20
|
+
*/
|
|
21
|
+
context: RequestContext;
|
|
22
|
+
/**
|
|
23
|
+
* Checks to see if a context key is valid for the request and
|
|
24
|
+
* exists in the context
|
|
25
|
+
*
|
|
26
|
+
* @param key the key to check for existence
|
|
27
|
+
* @returns true if the key is valid for the request and exists in the request context.
|
|
28
|
+
*/
|
|
29
|
+
contextKeyExists(key: string): boolean;
|
|
30
|
+
/**
|
|
31
|
+
* Gets the value of a context key, if it is valid for the request and exist, otherwise throws an error
|
|
32
|
+
* @param key the key to get the value of
|
|
33
|
+
*
|
|
34
|
+
* @returns the value of the context key
|
|
35
|
+
*/
|
|
36
|
+
getContextKeyValue(key: string): ContextKey;
|
|
37
|
+
}
|
|
38
|
+
export declare class AwsRequestImpl implements AwsRequest {
|
|
39
|
+
readonly principalString: string;
|
|
40
|
+
readonly resourceString: string | undefined;
|
|
41
|
+
readonly actionString: string;
|
|
42
|
+
readonly context: RequestContext;
|
|
43
|
+
constructor(principalString: string, resourceString: string | undefined, actionString: string, context: RequestContext);
|
|
44
|
+
get action(): RequestAction;
|
|
45
|
+
get resource(): RequestResource;
|
|
46
|
+
get principal(): RequestPrincipal;
|
|
47
|
+
contextKeyExists(key: string): boolean;
|
|
48
|
+
getContextKeyValue(key: string): ContextKey;
|
|
49
|
+
}
|
|
50
|
+
//# sourceMappingURL=request.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"request.d.ts","sourceRoot":"","sources":["../../../src/request/request.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,EAAE,aAAa,EAAqB,MAAM,oBAAoB,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAwB,MAAM,uBAAuB,CAAC;AAC/E,OAAO,EAAE,eAAe,EAAuB,MAAM,sBAAsB,CAAC;AAE5E;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,gBAAgB,CAAC;IAE5B;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,QAAQ,CAAC,EAAE,eAAe,CAAC;IAE3B;;OAEG;IACH,OAAO,EAAE,cAAc,CAAA;IAEvB;;;;;;OAMG;IACH,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAEvC;;;;;OAKG;IACH,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAAC;CAC7C;AAED,qBAAa,cAAe,YAAW,UAAU;aAEnB,eAAe,EAAE,MAAM;aACvB,cAAc,EAAE,MAAM,GAAG,SAAS;aAClC,YAAY,EAAE,MAAM;aACpB,OAAO,EAAE,cAAc;gBAHvB,eAAe,EAAE,MAAM,EACvB,cAAc,EAAE,MAAM,GAAG,SAAS,EAClC,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,cAAc;IAInD,IAAI,MAAM,IAAI,aAAa,CAE1B;IAED,IAAI,QAAQ,IAAI,eAAe,CAK9B;IAED,IAAI,SAAS,IAAI,gBAAgB,CAEhC;IAGM,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAKtC,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU;CAMnD"}
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.AwsRequestImpl = void 0;
|
|
4
|
+
const requestAction_js_1 = require("./requestAction.js");
|
|
5
|
+
const requestPrincipal_js_1 = require("./requestPrincipal.js");
|
|
6
|
+
const requestResource_js_1 = require("./requestResource.js");
|
|
7
|
+
class AwsRequestImpl {
|
|
8
|
+
principalString;
|
|
9
|
+
resourceString;
|
|
10
|
+
actionString;
|
|
11
|
+
context;
|
|
12
|
+
constructor(principalString, resourceString, actionString, context) {
|
|
13
|
+
this.principalString = principalString;
|
|
14
|
+
this.resourceString = resourceString;
|
|
15
|
+
this.actionString = actionString;
|
|
16
|
+
this.context = context;
|
|
17
|
+
}
|
|
18
|
+
get action() {
|
|
19
|
+
return new requestAction_js_1.RequestActionImpl(this.actionString);
|
|
20
|
+
}
|
|
21
|
+
get resource() {
|
|
22
|
+
if (this.resourceString === undefined) {
|
|
23
|
+
throw new Error('Resource is undefined');
|
|
24
|
+
}
|
|
25
|
+
return new requestResource_js_1.ResourceRequestImpl(this.resourceString);
|
|
26
|
+
}
|
|
27
|
+
get principal() {
|
|
28
|
+
return new requestPrincipal_js_1.RequestPrincipalImpl(this.principalString);
|
|
29
|
+
}
|
|
30
|
+
contextKeyExists(key) {
|
|
31
|
+
return this.context.contextKeyExists(key);
|
|
32
|
+
}
|
|
33
|
+
getContextKeyValue(key) {
|
|
34
|
+
if (!this.contextKeyExists(key)) {
|
|
35
|
+
throw new Error(`Invalid context key: ${key}`);
|
|
36
|
+
}
|
|
37
|
+
return this.context.contextKeyValue(key);
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
exports.AwsRequestImpl = AwsRequestImpl;
|
|
41
|
+
//# sourceMappingURL=request.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"request.js","sourceRoot":"","sources":["../../../src/request/request.ts"],"names":[],"mappings":";;;AACA,yDAAsE;AACtE,+DAA+E;AAC/E,6DAA4E;AAyC5E,MAAa,cAAc;IAEG;IACA;IACA;IACA;IAH5B,YAA4B,eAAuB,EACvB,cAAkC,EAClC,YAAoB,EACpB,OAAuB;QAHvB,oBAAe,GAAf,eAAe,CAAQ;QACvB,mBAAc,GAAd,cAAc,CAAoB;QAClC,iBAAY,GAAZ,YAAY,CAAQ;QACpB,YAAO,GAAP,OAAO,CAAgB;IAEnD,CAAC;IAED,IAAI,MAAM;QACR,OAAO,IAAI,oCAAiB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAClD,CAAC;IAED,IAAI,QAAQ;QACV,IAAG,IAAI,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;QAC1C,CAAC;QACD,OAAO,IAAI,wCAAmB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,0CAAoB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACxD,CAAC;IAGM,gBAAgB,CAAC,GAAW;QACjC,OAAO,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;IAC5C,CAAC;IAGM,kBAAkB,CAAC,GAAW;QACnC,IAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,EAAE,CAAC,CAAA;QAChD,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IAC3C,CAAC;CACF;AApCD,wCAoCC"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* A service action: `"service:Action"`
|
|
3
|
+
*/
|
|
4
|
+
export interface RequestAction {
|
|
5
|
+
/**
|
|
6
|
+
* The raw string value of the action
|
|
7
|
+
*/
|
|
8
|
+
value(): string;
|
|
9
|
+
/**
|
|
10
|
+
* The service of the action
|
|
11
|
+
*
|
|
12
|
+
* Guaranteed to be lowercase
|
|
13
|
+
*/
|
|
14
|
+
service(): string;
|
|
15
|
+
/**
|
|
16
|
+
* The action within the service
|
|
17
|
+
*/
|
|
18
|
+
action(): string;
|
|
19
|
+
}
|
|
20
|
+
export declare class RequestActionImpl implements RequestAction {
|
|
21
|
+
private readonly rawValue;
|
|
22
|
+
constructor(rawValue: string);
|
|
23
|
+
value(): string;
|
|
24
|
+
service(): string;
|
|
25
|
+
action(): string;
|
|
26
|
+
}
|
|
27
|
+
//# sourceMappingURL=requestAction.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"requestAction.d.ts","sourceRoot":"","sources":["../../../src/request/requestAction.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,KAAK,IAAI,MAAM,CAAA;IAEf;;;;OAIG;IACH,OAAO,IAAI,MAAM,CAAA;IAEjB;;OAEG;IACH,MAAM,IAAI,MAAM,CAAA;CACjB;AAED,qBAAa,iBAAkB,YAAW,aAAa;IACzC,OAAO,CAAC,QAAQ,CAAC,QAAQ;gBAAR,QAAQ,EAAE,MAAM;IAEtC,KAAK,IAAI,MAAM;IAIf,OAAO,IAAI,MAAM;IAIjB,MAAM,IAAI,MAAM;CAGxB"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.RequestActionImpl = void 0;
|
|
4
|
+
class RequestActionImpl {
|
|
5
|
+
rawValue;
|
|
6
|
+
constructor(rawValue) {
|
|
7
|
+
this.rawValue = rawValue;
|
|
8
|
+
}
|
|
9
|
+
value() {
|
|
10
|
+
return this.rawValue;
|
|
11
|
+
}
|
|
12
|
+
service() {
|
|
13
|
+
return this.rawValue.split(':')[0].toLowerCase();
|
|
14
|
+
}
|
|
15
|
+
action() {
|
|
16
|
+
return this.rawValue.split(':')[1];
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
exports.RequestActionImpl = RequestActionImpl;
|
|
20
|
+
//# sourceMappingURL=requestAction.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"requestAction.js","sourceRoot":"","sources":["../../../src/request/requestAction.ts"],"names":[],"mappings":";;;AAsBA,MAAa,iBAAiB;IACC;IAA7B,YAA6B,QAAgB;QAAhB,aAAQ,GAAR,QAAQ,CAAQ;IAAG,CAAC;IAE1C,KAAK;QACV,OAAO,IAAI,CAAC,QAAQ,CAAA;IACtB,CAAC;IAEM,OAAO;QACZ,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,CAAA;IACnD,CAAC;IAEM,MAAM;QACX,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;IACpC,CAAC;CACF;AAdD,8CAcC"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* A principal in a request
|
|
3
|
+
*/
|
|
4
|
+
export interface RequestPrincipal {
|
|
5
|
+
/**
|
|
6
|
+
* The raw string of the principal
|
|
7
|
+
*/
|
|
8
|
+
value(): string;
|
|
9
|
+
/**
|
|
10
|
+
* The account id of the principal, if the principal is an ARN that has an account ID, otherwise undefined
|
|
11
|
+
*/
|
|
12
|
+
accountId(): string | undefined;
|
|
13
|
+
}
|
|
14
|
+
export declare class RequestPrincipalImpl implements RequestPrincipal {
|
|
15
|
+
private readonly rawValue;
|
|
16
|
+
constructor(rawValue: string);
|
|
17
|
+
accountId(): string | undefined;
|
|
18
|
+
value(): string;
|
|
19
|
+
}
|
|
20
|
+
//# sourceMappingURL=requestPrincipal.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"requestPrincipal.d.ts","sourceRoot":"","sources":["../../../src/request/requestPrincipal.ts"],"names":[],"mappings":"AACA;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAE/B;;OAEG;IACH,KAAK,IAAI,MAAM,CAAC;IAEhB;;OAEG;IACH,SAAS,IAAI,MAAM,GAAG,SAAS,CAAC;CAEjC;AAED,qBAAa,oBAAqB,YAAW,gBAAgB;IAC/C,OAAO,CAAC,QAAQ,CAAC,QAAQ;gBAAR,QAAQ,EAAE,MAAM;IAE7C,SAAS,IAAI,MAAM,GAAG,SAAS;IAIxB,KAAK,IAAI,MAAM;CAGvB"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.RequestPrincipalImpl = void 0;
|
|
4
|
+
class RequestPrincipalImpl {
|
|
5
|
+
rawValue;
|
|
6
|
+
constructor(rawValue) {
|
|
7
|
+
this.rawValue = rawValue;
|
|
8
|
+
}
|
|
9
|
+
accountId() {
|
|
10
|
+
return this.value().split(":").at(4);
|
|
11
|
+
}
|
|
12
|
+
value() {
|
|
13
|
+
return this.rawValue;
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
exports.RequestPrincipalImpl = RequestPrincipalImpl;
|
|
17
|
+
//# sourceMappingURL=requestPrincipal.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"requestPrincipal.js","sourceRoot":"","sources":["../../../src/request/requestPrincipal.ts"],"names":[],"mappings":";;;AAkBA,MAAa,oBAAoB;IACF;IAA7B,YAA6B,QAAgB;QAAhB,aAAQ,GAAR,QAAQ,CAAQ;IAAG,CAAC;IAEjD,SAAS;QACP,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC;IAEM,KAAK;QACV,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;CACF;AAVD,oDAUC"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
export interface RequestResource {
|
|
2
|
+
/**
|
|
3
|
+
* The raw string of the resource
|
|
4
|
+
*/
|
|
5
|
+
value(): string;
|
|
6
|
+
/**
|
|
7
|
+
* The partition of the ARN
|
|
8
|
+
*/
|
|
9
|
+
partition(): string;
|
|
10
|
+
/**
|
|
11
|
+
* The service of the ARN
|
|
12
|
+
*/
|
|
13
|
+
service(): string;
|
|
14
|
+
/**
|
|
15
|
+
* The region of the ARN
|
|
16
|
+
*/
|
|
17
|
+
region(): string;
|
|
18
|
+
/**
|
|
19
|
+
* The account of the ARN
|
|
20
|
+
*/
|
|
21
|
+
account(): string;
|
|
22
|
+
/**
|
|
23
|
+
* The resource of the ARN
|
|
24
|
+
*/
|
|
25
|
+
resource(): string;
|
|
26
|
+
}
|
|
27
|
+
export declare class ResourceRequestImpl implements RequestResource {
|
|
28
|
+
private readonly rawValue;
|
|
29
|
+
constructor(rawValue: string);
|
|
30
|
+
partition(): string;
|
|
31
|
+
service(): string;
|
|
32
|
+
region(): string;
|
|
33
|
+
account(): string;
|
|
34
|
+
resource(): string;
|
|
35
|
+
value(): string;
|
|
36
|
+
}
|
|
37
|
+
//# sourceMappingURL=requestResource.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"requestResource.d.ts","sourceRoot":"","sources":["../../../src/request/requestResource.ts"],"names":[],"mappings":"AACA,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,KAAK,IAAI,MAAM,CAAA;IAEf;;OAEG;IACH,SAAS,IAAI,MAAM,CAAA;IAEnB;;OAEG;IACH,OAAO,IAAI,MAAM,CAAA;IAEjB;;OAEG;IACH,MAAM,IAAI,MAAM,CAAA;IAEhB;;OAEG;IACH,OAAO,IAAI,MAAM,CAAA;IAEjB;;OAEG;IACH,QAAQ,IAAI,MAAM,CAAA;CACnB;AAGD,qBAAa,mBAAoB,YAAW,eAAe;IAC7C,OAAO,CAAC,QAAQ,CAAC,QAAQ;gBAAR,QAAQ,EAAE,MAAM;IAE7C,SAAS,IAAI,MAAM;IAInB,OAAO,IAAI,MAAM;IAIjB,MAAM,IAAI,MAAM;IAIhB,OAAO,IAAI,MAAM;IAIjB,QAAQ,IAAI,MAAM;IAIlB,KAAK,IAAI,MAAM;CAGhB"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.ResourceRequestImpl = void 0;
|
|
4
|
+
class ResourceRequestImpl {
|
|
5
|
+
rawValue;
|
|
6
|
+
constructor(rawValue) {
|
|
7
|
+
this.rawValue = rawValue;
|
|
8
|
+
}
|
|
9
|
+
partition() {
|
|
10
|
+
return this.value().split(":").at(1);
|
|
11
|
+
}
|
|
12
|
+
service() {
|
|
13
|
+
return this.value().split(":").at(2);
|
|
14
|
+
}
|
|
15
|
+
region() {
|
|
16
|
+
return this.value().split(":").at(3);
|
|
17
|
+
}
|
|
18
|
+
account() {
|
|
19
|
+
return this.value().split(":").at(4);
|
|
20
|
+
}
|
|
21
|
+
resource() {
|
|
22
|
+
return this.value().split(":").slice(5).join(":");
|
|
23
|
+
}
|
|
24
|
+
value() {
|
|
25
|
+
return this.rawValue;
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
exports.ResourceRequestImpl = ResourceRequestImpl;
|
|
29
|
+
//# sourceMappingURL=requestResource.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"requestResource.js","sourceRoot":"","sources":["../../../src/request/requestResource.ts"],"names":[],"mappings":";;;AAkCA,MAAa,mBAAmB;IACD;IAA7B,YAA6B,QAAgB;QAAhB,aAAQ,GAAR,QAAQ,CAAQ;IAAG,CAAC;IAEjD,SAAS;QACP,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IACvC,CAAC;IAED,OAAO;QACL,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IACvC,CAAC;IAED,MAAM;QACJ,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IACvC,CAAC;IAED,OAAO;QACL,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IACvC,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACnD,CAAC;IAED,KAAK;QACH,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;CACF;AA1BD,kDA0BC"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Supplemental data for the request
|
|
3
|
+
*/
|
|
4
|
+
export interface RequestSupplementalData {
|
|
5
|
+
contextKeysForAction: string[];
|
|
6
|
+
contextKeysForResource: string[];
|
|
7
|
+
contextKeysForPrincipal: string[];
|
|
8
|
+
contextKeyValidForRequest: (key: string) => boolean;
|
|
9
|
+
}
|
|
10
|
+
export declare class RequestSupplementalDataImpl implements RequestSupplementalData {
|
|
11
|
+
readonly contextKeysForAction: string[];
|
|
12
|
+
readonly contextKeysForResource: string[];
|
|
13
|
+
readonly contextKeysForPrincipal: string[];
|
|
14
|
+
private allActions;
|
|
15
|
+
constructor(contextKeysForAction: string[], contextKeysForResource: string[], contextKeysForPrincipal: string[]);
|
|
16
|
+
contextKeyValidForRequest(key: string): boolean;
|
|
17
|
+
}
|
|
18
|
+
export declare const MockRequestSupplementalData: RequestSupplementalData;
|
|
19
|
+
//# sourceMappingURL=requestSupplementalData.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"requestSupplementalData.d.ts","sourceRoot":"","sources":["../../../src/request/requestSupplementalData.ts"],"names":[],"mappings":"AACA;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,sBAAsB,EAAE,MAAM,EAAE,CAAC;IACjC,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,yBAAyB,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC;CACrD;AAED,qBAAa,2BAA4B,YAAW,uBAAuB;aAI7C,oBAAoB,EAAE,MAAM,EAAE;aAC9B,sBAAsB,EAAE,MAAM,EAAE;aAChC,uBAAuB,EAAE,MAAM,EAAE;IAJ7D,OAAO,CAAC,UAAU,CAA0B;gBAEhB,oBAAoB,EAAE,MAAM,EAAE,EAC9B,sBAAsB,EAAE,MAAM,EAAE,EAChC,uBAAuB,EAAE,MAAM,EAAE;IAY7D,yBAAyB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;CAMhD;AAED,eAAO,MAAM,2BAA2B,EAAE,uBAKzC,CAAA"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.MockRequestSupplementalData = exports.RequestSupplementalDataImpl = void 0;
|
|
4
|
+
class RequestSupplementalDataImpl {
|
|
5
|
+
contextKeysForAction;
|
|
6
|
+
contextKeysForResource;
|
|
7
|
+
contextKeysForPrincipal;
|
|
8
|
+
allActions = new Set();
|
|
9
|
+
constructor(contextKeysForAction, contextKeysForResource, contextKeysForPrincipal) {
|
|
10
|
+
this.contextKeysForAction = contextKeysForAction;
|
|
11
|
+
this.contextKeysForResource = contextKeysForResource;
|
|
12
|
+
this.contextKeysForPrincipal = contextKeysForPrincipal;
|
|
13
|
+
for (const action of contextKeysForAction) {
|
|
14
|
+
this.allActions.add(action);
|
|
15
|
+
}
|
|
16
|
+
for (const resource of contextKeysForResource) {
|
|
17
|
+
this.allActions.add(resource);
|
|
18
|
+
}
|
|
19
|
+
for (const principal of contextKeysForPrincipal) {
|
|
20
|
+
this.allActions.add(...[principal]);
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
contextKeyValidForRequest(key) {
|
|
24
|
+
/*
|
|
25
|
+
Todo: Add a way to check if the key has a slash in it such as aws:RequestKeys or aws:ResourceTagKeys
|
|
26
|
+
*/
|
|
27
|
+
return this.allActions.has(key);
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
exports.RequestSupplementalDataImpl = RequestSupplementalDataImpl;
|
|
31
|
+
exports.MockRequestSupplementalData = {
|
|
32
|
+
contextKeysForAction: [],
|
|
33
|
+
contextKeysForResource: [],
|
|
34
|
+
contextKeysForPrincipal: [],
|
|
35
|
+
contextKeyValidForRequest: (key) => true
|
|
36
|
+
};
|
|
37
|
+
//# sourceMappingURL=requestSupplementalData.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"requestSupplementalData.js","sourceRoot":"","sources":["../../../src/request/requestSupplementalData.ts"],"names":[],"mappings":";;;AAWA,MAAa,2BAA2B;IAIV;IACA;IACA;IAJpB,UAAU,GAAgB,IAAI,GAAG,EAAE,CAAC;IAE5C,YAA4B,oBAA8B,EAC9B,sBAAgC,EAChC,uBAAiC;QAFjC,yBAAoB,GAApB,oBAAoB,CAAU;QAC9B,2BAAsB,GAAtB,sBAAsB,CAAU;QAChC,4BAAuB,GAAvB,uBAAuB,CAAU;QAC3D,KAAI,MAAM,MAAM,IAAI,oBAAoB,EAAE,CAAC;YACzC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAC7B,CAAC;QACD,KAAI,MAAM,QAAQ,IAAI,sBAAsB,EAAE,CAAC;YAC7C,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;QAC/B,CAAC;QACD,KAAI,MAAM,SAAS,IAAI,uBAAuB,EAAE,CAAC;YAC/C,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAA;QACrC,CAAC;IACH,CAAC;IAED,yBAAyB,CAAC,GAAW;QACnC;;UAEE;QACF,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IACjC,CAAC;CACF;AAxBD,kEAwBC;AAEY,QAAA,2BAA2B,GAA4B;IAClE,oBAAoB,EAAE,EAAE;IACxB,sBAAsB,EAAE,EAAE;IAC1B,uBAAuB,EAAE,EAAE;IAC3B,yBAAyB,EAAE,CAAC,GAAW,EAAE,EAAE,CAAC,IAAI;CACjD,CAAA"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { RequestContext } from "./requestContext.js";
|
|
2
|
+
export interface Request {
|
|
3
|
+
principal: string;
|
|
4
|
+
action: string;
|
|
5
|
+
resource: string;
|
|
6
|
+
context: RequestContext;
|
|
7
|
+
}
|
|
8
|
+
export declare class RequestImpl implements Request {
|
|
9
|
+
readonly principal: string;
|
|
10
|
+
readonly resource: string;
|
|
11
|
+
readonly action: string;
|
|
12
|
+
readonly context: RequestContext;
|
|
13
|
+
constructor(principal: string, resource: string, action: string, context: RequestContext);
|
|
14
|
+
}
|
|
15
|
+
//# sourceMappingURL=request.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"request.d.ts","sourceRoot":"","sources":["../../src/request.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAErD,MAAM,WAAW,OAAO;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,cAAc,CAAA;CACxB;AAED,qBAAa,WAAY,YAAW,OAAO;aAEb,SAAS,EAAE,MAAM;aACjB,QAAQ,EAAE,MAAM;aAChB,MAAM,EAAE,MAAM;aACd,OAAO,EAAE,cAAc;gBAHvB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,cAAc;CAGpD"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.RequestImpl = void 0;
|
|
4
|
+
class RequestImpl {
|
|
5
|
+
principal;
|
|
6
|
+
resource;
|
|
7
|
+
action;
|
|
8
|
+
context;
|
|
9
|
+
constructor(principal, resource, action, context) {
|
|
10
|
+
this.principal = principal;
|
|
11
|
+
this.resource = resource;
|
|
12
|
+
this.action = action;
|
|
13
|
+
this.context = context;
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
exports.RequestImpl = RequestImpl;
|
|
17
|
+
//# sourceMappingURL=request.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"request.js","sourceRoot":"","sources":["../../src/request.ts"],"names":[],"mappings":";;;AASA,MAAa,WAAW;IAEM;IACA;IACA;IACA;IAH5B,YAA4B,SAAiB,EACjB,QAAgB,EAChB,MAAc,EACd,OAAuB;QAHvB,cAAS,GAAT,SAAS,CAAQ;QACjB,aAAQ,GAAR,QAAQ,CAAQ;QAChB,WAAM,GAAN,MAAM,CAAQ;QACd,YAAO,GAAP,OAAO,CAAgB;IAEnD,CAAC;CACF;AARD,kCAQC"}
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* The context metadata available in a request
|
|
3
|
+
*/
|
|
4
|
+
export interface RequestContext {
|
|
5
|
+
/**
|
|
6
|
+
* Check if a context key exists in a request
|
|
7
|
+
* @param name the name of the context key to check for, case insensitive
|
|
8
|
+
* @returns true if the context key exists, false otherwise
|
|
9
|
+
*/
|
|
10
|
+
contextKeyExists: (name: string) => boolean;
|
|
11
|
+
/**
|
|
12
|
+
* Get the value of a context key in a request
|
|
13
|
+
*
|
|
14
|
+
* @param name the name of the context key to get the value of, case insensitive
|
|
15
|
+
* @returns the value of the context key
|
|
16
|
+
*/
|
|
17
|
+
contextKeyValue: (name: string) => ContextKey;
|
|
18
|
+
}
|
|
19
|
+
/**
|
|
20
|
+
* A context key in a request
|
|
21
|
+
*/
|
|
22
|
+
export interface ContextKey {
|
|
23
|
+
/**
|
|
24
|
+
* The name of the context key
|
|
25
|
+
*/
|
|
26
|
+
name: string;
|
|
27
|
+
/**
|
|
28
|
+
* Check if the context key is a string value
|
|
29
|
+
*/
|
|
30
|
+
isStringValue(): this is StringContextKey;
|
|
31
|
+
/**
|
|
32
|
+
* Check if the context key is an array value
|
|
33
|
+
*/
|
|
34
|
+
isArrayValue(): this is ArrayContextKey;
|
|
35
|
+
}
|
|
36
|
+
export interface StringContextKey extends ContextKey {
|
|
37
|
+
/**
|
|
38
|
+
* The value of the context key if it is a string
|
|
39
|
+
*/
|
|
40
|
+
value: string;
|
|
41
|
+
}
|
|
42
|
+
export interface ArrayContextKey extends ContextKey {
|
|
43
|
+
/**
|
|
44
|
+
* The array of values of the context key if it is an array
|
|
45
|
+
*/
|
|
46
|
+
values: string[];
|
|
47
|
+
}
|
|
48
|
+
export declare class RequestContextImpl implements RequestContext {
|
|
49
|
+
private context;
|
|
50
|
+
constructor(values: Record<string, string | string[]>);
|
|
51
|
+
contextKeyExists(name: string): boolean;
|
|
52
|
+
contextKeyValue(name: string): ContextKey;
|
|
53
|
+
}
|
|
54
|
+
export declare class ContextKeyImpl implements ContextKey, StringContextKey, ArrayContextKey {
|
|
55
|
+
name: string;
|
|
56
|
+
private _val;
|
|
57
|
+
constructor(name: string, _val: string | string[]);
|
|
58
|
+
isStringValue(): this is StringContextKey;
|
|
59
|
+
isArrayValue(): this is ArrayContextKey;
|
|
60
|
+
get values(): string[];
|
|
61
|
+
get value(): string;
|
|
62
|
+
}
|
|
63
|
+
//# sourceMappingURL=requestContext.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"requestContext.d.ts","sourceRoot":"","sources":["../../src/requestContext.ts"],"names":[],"mappings":"AACA;;GAEG;AACH,MAAM,WAAW,cAAc;IAE7B;;;;OAIG;IACH,gBAAgB,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC;IAE5C;;;;;OAKG;IACH,eAAe,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,UAAU,CAAC;CAC/C;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;OAEG;IACH,aAAa,IAAI,IAAI,IAAI,gBAAgB,CAAC;IAE1C;;OAEG;IACH,YAAY,IAAI,IAAI,IAAI,eAAe,CAAC;CACzC;AAED,MAAM,WAAW,gBAAiB,SAAQ,UAAU;IAElD;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,eAAgB,SAAQ,UAAU;IAEjD;;OAEG;IAEH,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,qBAAa,kBAAmB,YAAW,cAAc;IACvD,OAAO,CAAC,OAAO,CAAsC;gBAEzC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAO9C,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAIvC,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU;CAIjD;AAED,qBAAa,cAAe,YAAW,UAAU,EAAE,gBAAgB,EAAE,eAAe;IAC/D,IAAI,EAAE,MAAM;IAAE,OAAO,CAAC,IAAI;gBAA1B,IAAI,EAAE,MAAM,EAAU,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE;IAEhE,aAAa,IAAI,IAAI,IAAI,gBAAgB;IAGzC,YAAY,IAAI,IAAI,IAAI,eAAe;IAIvC,IAAI,MAAM,IAAI,MAAM,EAAE,CAKrB;IAED,IAAI,KAAK,IAAI,MAAM,CAKlB;CACF"}
|