npm - @cloud-copilot/iam-simulate - Versions diffs - 0.1.0 - Mend

@cloud-copilot/iam-simulate 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (281) hide show

package/LICENSE.txt +661 -0
package/README.md +5 -0
package/dist/cjs/StatementAnalysis.d.ts +27 -0
package/dist/cjs/StatementAnalysis.d.ts.map +1 -0
package/dist/cjs/StatementAnalysis.js +3 -0
package/dist/cjs/StatementAnalysis.js.map +1 -0
package/dist/cjs/action/action.d.ts +27 -0
package/dist/cjs/action/action.d.ts.map +1 -0
package/dist/cjs/action/action.js +72 -0
package/dist/cjs/action/action.js.map +1 -0
package/dist/cjs/action.d.ts +4 -0
package/dist/cjs/action.d.ts.map +1 -0
package/dist/cjs/action.js +21 -0
package/dist/cjs/action.js.map +1 -0
package/dist/cjs/condition/BaseConditionOperator.d.ts +8 -0
package/dist/cjs/condition/BaseConditionOperator.d.ts.map +1 -0
package/dist/cjs/condition/BaseConditionOperator.js +3 -0
package/dist/cjs/condition/BaseConditionOperator.js.map +1 -0
package/dist/cjs/condition/arn/ArnEquals.d.ts +3 -0
package/dist/cjs/condition/arn/ArnEquals.d.ts.map +1 -0
package/dist/cjs/condition/arn/ArnEquals.js +11 -0
package/dist/cjs/condition/arn/ArnEquals.js.map +1 -0
package/dist/cjs/condition/arn/ArnLike.d.ts +3 -0
package/dist/cjs/condition/arn/ArnLike.d.ts.map +1 -0
package/dist/cjs/condition/arn/ArnLike.js +50 -0
package/dist/cjs/condition/arn/ArnLike.js.map +1 -0
package/dist/cjs/condition/arn/ArnNotEquals.d.ts +3 -0
package/dist/cjs/condition/arn/ArnNotEquals.d.ts.map +1 -0
package/dist/cjs/condition/arn/ArnNotEquals.js +11 -0
package/dist/cjs/condition/arn/ArnNotEquals.js.map +1 -0
package/dist/cjs/condition/arn/ArnNotLike.d.ts +3 -0
package/dist/cjs/condition/arn/ArnNotLike.d.ts.map +1 -0
package/dist/cjs/condition/arn/ArnNotLike.js +13 -0
package/dist/cjs/condition/arn/ArnNotLike.js.map +1 -0
package/dist/cjs/condition/baseConditionperatorTests.d.ts +12 -0
package/dist/cjs/condition/baseConditionperatorTests.d.ts.map +1 -0
package/dist/cjs/condition/baseConditionperatorTests.js +21 -0
package/dist/cjs/condition/baseConditionperatorTests.js.map +1 -0
package/dist/cjs/condition/binary/BinaryEquals.d.ts +7 -0
package/dist/cjs/condition/binary/BinaryEquals.d.ts.map +1 -0
package/dist/cjs/condition/binary/BinaryEquals.js +16 -0
package/dist/cjs/condition/binary/BinaryEquals.js.map +1 -0
package/dist/cjs/condition/boolean/Bool.d.ts +3 -0
package/dist/cjs/condition/boolean/Bool.d.ts.map +1 -0
package/dist/cjs/condition/boolean/Bool.js +20 -0
package/dist/cjs/condition/boolean/Bool.js.map +1 -0
package/dist/cjs/condition/condition.d.ts +6 -0
package/dist/cjs/condition/condition.d.ts.map +1 -0
package/dist/cjs/condition/condition.js +123 -0
package/dist/cjs/condition/condition.js.map +1 -0
package/dist/cjs/condition/date/DateEquals.d.ts +3 -0
package/dist/cjs/condition/date/DateEquals.d.ts.map +1 -0
package/dist/cjs/condition/date/DateEquals.js +17 -0
package/dist/cjs/condition/date/DateEquals.js.map +1 -0
package/dist/cjs/condition/date/DateGreaterThan.d.ts +3 -0
package/dist/cjs/condition/date/DateGreaterThan.d.ts.map +1 -0
package/dist/cjs/condition/date/DateGreaterThan.js +17 -0
package/dist/cjs/condition/date/DateGreaterThan.js.map +1 -0
package/dist/cjs/condition/date/DateGreaterThanEquals.d.ts +3 -0
package/dist/cjs/condition/date/DateGreaterThanEquals.d.ts.map +1 -0
package/dist/cjs/condition/date/DateGreaterThanEquals.js +17 -0
package/dist/cjs/condition/date/DateGreaterThanEquals.js.map +1 -0
package/dist/cjs/condition/date/DateLessThan.d.ts +3 -0
package/dist/cjs/condition/date/DateLessThan.d.ts.map +1 -0
package/dist/cjs/condition/date/DateLessThan.js +17 -0
package/dist/cjs/condition/date/DateLessThan.js.map +1 -0
package/dist/cjs/condition/date/DateLessThanEquals.d.ts +3 -0
package/dist/cjs/condition/date/DateLessThanEquals.d.ts.map +1 -0
package/dist/cjs/condition/date/DateLessThanEquals.js +17 -0
package/dist/cjs/condition/date/DateLessThanEquals.js.map +1 -0
package/dist/cjs/condition/date/DateNotEquals.d.ts +3 -0
package/dist/cjs/condition/date/DateNotEquals.d.ts.map +1 -0
package/dist/cjs/condition/date/DateNotEquals.js +29 -0
package/dist/cjs/condition/date/DateNotEquals.js.map +1 -0
package/dist/cjs/condition/date/date.d.ts +17 -0
package/dist/cjs/condition/date/date.d.ts.map +1 -0
package/dist/cjs/condition/date/date.js +42 -0
package/dist/cjs/condition/date/date.js.map +1 -0
package/dist/cjs/condition/ipaddress/IpAddress.d.ts +3 -0
package/dist/cjs/condition/ipaddress/IpAddress.d.ts.map +1 -0
package/dist/cjs/condition/ipaddress/IpAddress.js +27 -0
package/dist/cjs/condition/ipaddress/IpAddress.js.map +1 -0
package/dist/cjs/condition/ipaddress/NotIpAddress.d.ts +3 -0
package/dist/cjs/condition/ipaddress/NotIpAddress.d.ts.map +1 -0
package/dist/cjs/condition/ipaddress/NotIpAddress.js +31 -0
package/dist/cjs/condition/ipaddress/NotIpAddress.js.map +1 -0
package/dist/cjs/condition/ipaddress/ipv4.d.ts +24 -0
package/dist/cjs/condition/ipaddress/ipv4.d.ts.map +1 -0
package/dist/cjs/condition/ipaddress/ipv4.js +59 -0
package/dist/cjs/condition/ipaddress/ipv4.js.map +1 -0
package/dist/cjs/condition/ipaddress/ipv6.d.ts +24 -0
package/dist/cjs/condition/ipaddress/ipv6.d.ts.map +1 -0
package/dist/cjs/condition/ipaddress/ipv6.js +111 -0
package/dist/cjs/condition/ipaddress/ipv6.js.map +1 -0
package/dist/cjs/condition/numeric/NumericEquals.d.ts +3 -0
package/dist/cjs/condition/numeric/NumericEquals.d.ts.map +1 -0
package/dist/cjs/condition/numeric/NumericEquals.js +17 -0
package/dist/cjs/condition/numeric/NumericEquals.js.map +1 -0
package/dist/cjs/condition/numeric/NumericGreaterThan.d.ts +3 -0
package/dist/cjs/condition/numeric/NumericGreaterThan.d.ts.map +1 -0
package/dist/cjs/condition/numeric/NumericGreaterThan.js +17 -0
package/dist/cjs/condition/numeric/NumericGreaterThan.js.map +1 -0
package/dist/cjs/condition/numeric/NumericGreaterThanEquals.d.ts +3 -0
package/dist/cjs/condition/numeric/NumericGreaterThanEquals.d.ts.map +1 -0
package/dist/cjs/condition/numeric/NumericGreaterThanEquals.js +17 -0
package/dist/cjs/condition/numeric/NumericGreaterThanEquals.js.map +1 -0
package/dist/cjs/condition/numeric/NumericLessThan.d.ts +3 -0
package/dist/cjs/condition/numeric/NumericLessThan.d.ts.map +1 -0
package/dist/cjs/condition/numeric/NumericLessThan.js +17 -0
package/dist/cjs/condition/numeric/NumericLessThan.js.map +1 -0
package/dist/cjs/condition/numeric/NumericLessThanEquals.d.ts +3 -0
package/dist/cjs/condition/numeric/NumericLessThanEquals.d.ts.map +1 -0
package/dist/cjs/condition/numeric/NumericLessThanEquals.js +17 -0
package/dist/cjs/condition/numeric/NumericLessThanEquals.js.map +1 -0
package/dist/cjs/condition/numeric/NumericNotEquals.d.ts +3 -0
package/dist/cjs/condition/numeric/NumericNotEquals.d.ts.map +1 -0
package/dist/cjs/condition/numeric/NumericNotEquals.js +29 -0
package/dist/cjs/condition/numeric/NumericNotEquals.js.map +1 -0
package/dist/cjs/condition/numeric/numeric.d.ts +17 -0
package/dist/cjs/condition/numeric/numeric.d.ts.map +1 -0
package/dist/cjs/condition/numeric/numeric.js +41 -0
package/dist/cjs/condition/numeric/numeric.js.map +1 -0
package/dist/cjs/condition/string/StringEquals.d.ts +3 -0
package/dist/cjs/condition/string/StringEquals.d.ts.map +1 -0
package/dist/cjs/condition/string/StringEquals.js +14 -0
package/dist/cjs/condition/string/StringEquals.js.map +1 -0
package/dist/cjs/condition/string/StringEqualsIgnoreCase.d.ts +3 -0
package/dist/cjs/condition/string/StringEqualsIgnoreCase.d.ts.map +1 -0
package/dist/cjs/condition/string/StringEqualsIgnoreCase.js +17 -0
package/dist/cjs/condition/string/StringEqualsIgnoreCase.js.map +1 -0
package/dist/cjs/condition/string/StringLike.d.ts +3 -0
package/dist/cjs/condition/string/StringLike.d.ts.map +1 -0
package/dist/cjs/condition/string/StringLike.js +14 -0
package/dist/cjs/condition/string/StringLike.js.map +1 -0
package/dist/cjs/condition/string/StringNotEquals.d.ts +3 -0
package/dist/cjs/condition/string/StringNotEquals.d.ts.map +1 -0
package/dist/cjs/condition/string/StringNotEquals.js +14 -0
package/dist/cjs/condition/string/StringNotEquals.js.map +1 -0
package/dist/cjs/condition/string/StringNotEqualsIgnoreCase.d.ts +3 -0
package/dist/cjs/condition/string/StringNotEqualsIgnoreCase.d.ts.map +1 -0
package/dist/cjs/condition/string/StringNotEqualsIgnoreCase.js +13 -0
package/dist/cjs/condition/string/StringNotEqualsIgnoreCase.js.map +1 -0
package/dist/cjs/condition/string/StringNotLike.d.ts +3 -0
package/dist/cjs/condition/string/StringNotLike.d.ts.map +1 -0
package/dist/cjs/condition/string/StringNotLike.js +13 -0
package/dist/cjs/condition/string/StringNotLike.js.map +1 -0
package/dist/cjs/condition/strings/StringEquals.d.ts +3 -0
package/dist/cjs/condition/strings/StringEquals.d.ts.map +1 -0
package/dist/cjs/condition/strings/StringEquals.js +14 -0
package/dist/cjs/condition/strings/StringEquals.js.map +1 -0
package/dist/cjs/core_engine/coreSimulatorEngine.d.ts +44 -0
package/dist/cjs/core_engine/coreSimulatorEngine.d.ts.map +1 -0
package/dist/cjs/core_engine/coreSimulatorEngine.js +60 -0
package/dist/cjs/core_engine/coreSimulatorEngine.js.map +1 -0
package/dist/cjs/evaluate.d.ts +2 -0
package/dist/cjs/evaluate.d.ts.map +1 -0
package/dist/cjs/evaluate.js +3 -0
package/dist/cjs/evaluate.js.map +1 -0
package/dist/cjs/index.d.ts +1 -0
package/dist/cjs/index.d.ts.map +1 -0
package/dist/cjs/index.js +2 -0
package/dist/cjs/index.js.map +1 -0
package/dist/cjs/package.json +3 -0
package/dist/cjs/principal/principal.d.ts +30 -0
package/dist/cjs/principal/principal.d.ts.map +1 -0
package/dist/cjs/principal/principal.js +107 -0
package/dist/cjs/principal/principal.js.map +1 -0
package/dist/cjs/request/request.d.ts +50 -0
package/dist/cjs/request/request.d.ts.map +1 -0
package/dist/cjs/request/request.js +41 -0
package/dist/cjs/request/request.js.map +1 -0
package/dist/cjs/request/requestAction.d.ts +27 -0
package/dist/cjs/request/requestAction.d.ts.map +1 -0
package/dist/cjs/request/requestAction.js +20 -0
package/dist/cjs/request/requestAction.js.map +1 -0
package/dist/cjs/request/requestPrincipal.d.ts +20 -0
package/dist/cjs/request/requestPrincipal.d.ts.map +1 -0
package/dist/cjs/request/requestPrincipal.js +17 -0
package/dist/cjs/request/requestPrincipal.js.map +1 -0
package/dist/cjs/request/requestResource.d.ts +37 -0
package/dist/cjs/request/requestResource.d.ts.map +1 -0
package/dist/cjs/request/requestResource.js +29 -0
package/dist/cjs/request/requestResource.js.map +1 -0
package/dist/cjs/request/requestSupplementalData.d.ts +19 -0
package/dist/cjs/request/requestSupplementalData.d.ts.map +1 -0
package/dist/cjs/request/requestSupplementalData.js +37 -0
package/dist/cjs/request/requestSupplementalData.js.map +1 -0
package/dist/cjs/request.d.ts +15 -0
package/dist/cjs/request.d.ts.map +1 -0
package/dist/cjs/request.js +17 -0
package/dist/cjs/request.js.map +1 -0
package/dist/cjs/requestContext.d.ts +63 -0
package/dist/cjs/requestContext.d.ts.map +1 -0
package/dist/cjs/requestContext.js +46 -0
package/dist/cjs/requestContext.js.map +1 -0
package/dist/cjs/resource/resource.d.ts +27 -0
package/dist/cjs/resource/resource.d.ts.map +1 -0
package/dist/cjs/resource/resource.js +100 -0
package/dist/cjs/resource/resource.js.map +1 -0
package/dist/cjs/services/DefaultServiceAuthorizer.d.ts +12 -0
package/dist/cjs/services/DefaultServiceAuthorizer.d.ts.map +1 -0
package/dist/cjs/services/DefaultServiceAuthorizer.js +79 -0
package/dist/cjs/services/DefaultServiceAuthorizer.js.map +1 -0
package/dist/cjs/services/ServiceAuthorizer.d.ts +11 -0
package/dist/cjs/services/ServiceAuthorizer.d.ts.map +1 -0
package/dist/cjs/services/ServiceAuthorizer.js +3 -0
package/dist/cjs/services/ServiceAuthorizer.js.map +1 -0
package/dist/cjs/util.d.ts +47 -0
package/dist/cjs/util.d.ts.map +1 -0
package/dist/cjs/util.js +180 -0
package/dist/cjs/util.js.map +1 -0
package/dist/esm/action/action.d.ts +19 -0
package/dist/esm/action/action.d.ts.map +1 -0
package/dist/esm/action/action.js +51 -0
package/dist/esm/action/action.js.map +1 -0
package/dist/esm/action.d.ts +4 -0
package/dist/esm/action.d.ts.map +1 -0
package/dist/esm/action.js +18 -0
package/dist/esm/action.js.map +1 -0
package/dist/esm/condition/BaseConditionOperator.d.ts +8 -0
package/dist/esm/condition/BaseConditionOperator.d.ts.map +1 -0
package/dist/esm/condition/BaseConditionOperator.js +2 -0
package/dist/esm/condition/BaseConditionOperator.js.map +1 -0
package/dist/esm/condition/condition.d.ts +5 -0
package/dist/esm/condition/condition.d.ts.map +1 -0
package/dist/esm/condition/condition.js +70 -0
package/dist/esm/condition/condition.js.map +1 -0
package/dist/esm/condition/strings/StringEquals.d.ts +3 -0
package/dist/esm/condition/strings/StringEquals.d.ts.map +1 -0
package/dist/esm/condition/strings/StringEquals.js +11 -0
package/dist/esm/condition/strings/StringEquals.js.map +1 -0
package/dist/esm/evaluate.d.ts +2 -0
package/dist/esm/evaluate.d.ts.map +1 -0
package/dist/esm/evaluate.js +2 -0
package/dist/esm/evaluate.js.map +1 -0
package/dist/esm/index.d.ts +1 -0
package/dist/esm/index.d.ts.map +1 -0
package/dist/esm/index.js +2 -0
package/dist/esm/index.js.map +1 -0
package/dist/esm/package.json +3 -0
package/dist/esm/principal/principal.d.ts +31 -0
package/dist/esm/principal/principal.d.ts.map +1 -0
package/dist/esm/principal/principal.js +100 -0
package/dist/esm/principal/principal.js.map +1 -0
package/dist/esm/request/request.d.ts +52 -0
package/dist/esm/request/request.d.ts.map +1 -0
package/dist/esm/request/request.js +34 -0
package/dist/esm/request/request.js.map +1 -0
package/dist/esm/request/requestAction.d.ts +27 -0
package/dist/esm/request/requestAction.d.ts.map +1 -0
package/dist/esm/request/requestAction.js +15 -0
package/dist/esm/request/requestAction.js.map +1 -0
package/dist/esm/request/requestPrincipal.d.ts +20 -0
package/dist/esm/request/requestPrincipal.d.ts.map +1 -0
package/dist/esm/request/requestPrincipal.js +12 -0
package/dist/esm/request/requestPrincipal.js.map +1 -0
package/dist/esm/request/requestResource.d.ts +37 -0
package/dist/esm/request/requestResource.d.ts.map +1 -0
package/dist/esm/request/requestResource.js +24 -0
package/dist/esm/request/requestResource.js.map +1 -0
package/dist/esm/request/requestSupplementalData.d.ts +19 -0
package/dist/esm/request/requestSupplementalData.d.ts.map +1 -0
package/dist/esm/request/requestSupplementalData.js +30 -0
package/dist/esm/request/requestSupplementalData.js.map +1 -0
package/dist/esm/request.d.ts +15 -0
package/dist/esm/request.d.ts.map +1 -0
package/dist/esm/request.js +9 -0
package/dist/esm/request.js.map +1 -0
package/dist/esm/requestContext.d.ts +63 -0
package/dist/esm/requestContext.d.ts.map +1 -0
package/dist/esm/requestContext.js +39 -0
package/dist/esm/requestContext.js.map +1 -0
package/dist/esm/resource/resource.d.ts +12 -0
package/dist/esm/resource/resource.d.ts.map +1 -0
package/dist/esm/resource/resource.js +97 -0
package/dist/esm/resource/resource.js.map +1 -0
package/dist/esm/util.d.ts +15 -0
package/dist/esm/util.d.ts.map +1 -0
package/dist/esm/util.js +97 -0
package/dist/esm/util.js.map +1 -0
package/package.json +45 -0

package/dist/cjs/requestContext.js ADDED Viewed

@@ -0,0 +1,46 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ContextKeyImpl = exports.RequestContextImpl = void 0;
+class RequestContextImpl {
+    context = new Map();
+    constructor(values) {
+        for (const key in values) {
+            this.context.set(key.toLowerCase(), new ContextKeyImpl(key, values[key]));
+        }
+    }
+    contextKeyExists(name) {
+        return this.context.has(name.toLowerCase());
+    }
+    contextKeyValue(name) {
+        return this.context.get(name.toLowerCase());
+    }
+}
+exports.RequestContextImpl = RequestContextImpl;
+class ContextKeyImpl {
+    name;
+    _val;
+    constructor(name, _val) {
+        this.name = name;
+        this._val = _val;
+    }
+    isStringValue() {
+        return typeof this._val === 'string';
+    }
+    isArrayValue() {
+        return Array.isArray(this._val);
+    }
+    get values() {
+        if (Array.isArray(this._val)) {
+            return this._val;
+        }
+        throw new Error(`ContextKey ${this.name} is not an array`);
+    }
+    get value() {
+        if (typeof this._val === 'string') {
+            return this._val;
+        }
+        throw new Error(`ContextKey ${this.name} is not a string`);
+    }
+}
+exports.ContextKeyImpl = ContextKeyImpl;
+//# sourceMappingURL=requestContext.js.map

package/dist/cjs/requestContext.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"requestContext.js","sourceRoot":"","sources":["../../src/requestContext.ts"],"names":[],"mappings":";;;AA2DA,MAAa,kBAAkB;IACrB,OAAO,GAA4B,IAAI,GAAG,EAAE,CAAC;IAErD,YAAY,MAAyC;QACnD,KAAI,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;YACxB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE,IAAI,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IAGM,gBAAgB,CAAC,IAAY;QAClC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IAC9C,CAAC;IAEM,eAAe,CAAC,IAAY;QACjC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAe,CAAC;IAE5D,CAAC;CACF;AAlBD,gDAkBC;AAED,MAAa,cAAc;IACN;IAAsB;IAAzC,YAAmB,IAAY,EAAU,IAAuB;QAA7C,SAAI,GAAJ,IAAI,CAAQ;QAAU,SAAI,GAAJ,IAAI,CAAmB;IAAG,CAAC;IAEpE,aAAa;QACX,OAAO,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,CAAC;IACvC,CAAC;IACD,YAAY;QACV,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,IAAI,MAAM;QACR,IAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC,IAAI,CAAC;QACnB,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,cAAc,IAAI,CAAC,IAAI,kBAAkB,CAAC,CAAC;IAC7D,CAAC;IAED,IAAI,KAAK;QACP,IAAG,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC,IAAI,CAAC;QACnB,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,cAAc,IAAI,CAAC,IAAI,kBAAkB,CAAC,CAAC;IAC7D,CAAC;CACF;AAvBD,wCAuBC"}

package/dist/cjs/resource/resource.d.ts ADDED Viewed

@@ -0,0 +1,27 @@
+import { Resource, Statement } from "@cloud-copilot/iam-policy";
+import { AwsRequest } from "../request/request.js";
+/**
+ * Check if a request matches the Resource or NotResource elements of a statement.
+ *
+ * @param request the request to check
+ * @param statement the statement to check against
+ * @returns true if the request matches the resources in the statement, false otherwise
+ */
+export declare function requestMatchesStatementResources(request: AwsRequest, statement: Statement): boolean;
+/**
+ * Check if a request matches a set of resources.
+ *
+ * @param request the request to check
+ * @param policyResources the resources to check against
+ * @returns true if the request matches any of the resources, false otherwise
+ */
+export declare function requestMatchesResources(request: AwsRequest, policyResources: Resource[]): boolean;
+/**
+ * Check if a request matches a NotResource element in a policy.
+ *
+ * @param request the request to check
+ * @param policyResources the resources to check against
+ * @returns true if the request does not match any of the resources, false otherwise
+ */
+export declare function requestMatchesNotResources(request: AwsRequest, policyResources: Resource[]): boolean;
+//# sourceMappingURL=resource.d.ts.map

package/dist/cjs/resource/resource.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"resource.d.ts","sourceRoot":"","sources":["../../../src/resource/resource.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAmBnD;;;;;;GAMG;AACH,wBAAgB,gCAAgC,CAAC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,GAAG,OAAO,CAOnG;AAGD;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,QAAQ,EAAE,GAAG,OAAO,CAEjG;AAED;;;;;;GAMG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,QAAQ,EAAE,GAAG,OAAO,CAEpG"}

package/dist/cjs/resource/resource.js ADDED Viewed

@@ -0,0 +1,100 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requestMatchesStatementResources = requestMatchesStatementResources;
+exports.requestMatchesResources = requestMatchesResources;
+exports.requestMatchesNotResources = requestMatchesNotResources;
+const util_js_1 = require("../util.js");
+//TODO: Make a check to see if the action is a wildcard only action. This will have to happen outside of these functions.
+/**
+ * Convert a resource segment to a regular expression. This is without variables.
+ *
+ * @param segment the segment to convert to a regular expression
+ * @returns a regular that replaces any wildcards in the segment with the appropriate regular expression.
+ */
+function convertResourceSegmentToRegex(segment) {
+    if (segment.indexOf(':') != -1) {
+        throw new Error('Segment should not contain a colon');
+    }
+    const pattern = "^" + segment.replace(/\?/g, '.').replace(/\*/g, '.*?') + "$";
+    return new RegExp(pattern, 'i');
+}
+/**
+ * Check if a request matches the Resource or NotResource elements of a statement.
+ *
+ * @param request the request to check
+ * @param statement the statement to check against
+ * @returns true if the request matches the resources in the statement, false otherwise
+ */
+function requestMatchesStatementResources(request, statement) {
+    if (statement.isResourceStatement()) {
+        return requestMatchesResources(request, statement.resources());
+    }
+    else if (statement.isNotResourceStatement()) {
+        return requestMatchesNotResources(request, statement.notResources());
+    }
+    return true;
+}
+/**
+ * Check if a request matches a set of resources.
+ *
+ * @param request the request to check
+ * @param policyResources the resources to check against
+ * @returns true if the request matches any of the resources, false otherwise
+ */
+function requestMatchesResources(request, policyResources) {
+    return policyResources.some(policyResource => singleResourceMatchesRequest(request, policyResource));
+}
+/**
+ * Check if a request matches a NotResource element in a policy.
+ *
+ * @param request the request to check
+ * @param policyResources the resources to check against
+ * @returns true if the request does not match any of the resources, false otherwise
+ */
+function requestMatchesNotResources(request, policyResources) {
+    return !requestMatchesResources(request, policyResources);
+}
+/**
+ * Check if a single resource matches a request.
+ *
+ * @param request the request to check against
+ * @param policyResource the resource to check against
+ * @returns true if the request matches the resource, false otherwise
+ */
+function singleResourceMatchesRequest(request, policyResource) {
+    if (policyResource.isAllResources()) {
+        return true;
+    }
+    else if (policyResource.isArnResource()) {
+        if (!request.resource) {
+            return false;
+        }
+        const resource = request.resource;
+        if (!convertResourceSegmentToRegex(policyResource.partition()).test(resource.partition())) {
+            return false;
+        }
+        if (!convertResourceSegmentToRegex(policyResource.service()).test(resource.service())) {
+            return false;
+        }
+        if (!convertResourceSegmentToRegex(policyResource.region()).test(resource.region())) {
+            return false;
+        }
+        if (!convertResourceSegmentToRegex(policyResource.account()).test(resource.account())) {
+            return false;
+        }
+        //Wildcards and variables are not allowed in the product segment https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html "Incorrect wildcard usage"
+        const [policyProduct, policyResourceId] = (0, util_js_1.getResourceSegments)(policyResource.resource());
+        if (!resource.resource().startsWith(policyProduct)) {
+            return false;
+        }
+        const requestResourceId = resource.resource().slice(policyProduct.length);
+        if (!(0, util_js_1.convertIamStringToRegex)(policyResourceId, request).test(requestResourceId)) {
+            return false;
+        }
+        return true;
+    }
+    else {
+        throw new Error('Unknown resource type');
+    }
+}
+//# sourceMappingURL=resource.js.map

package/dist/cjs/resource/resource.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"resource.js","sourceRoot":"","sources":["../../../src/resource/resource.ts"],"names":[],"mappings":";;AA2BA,4EAOC;AAUD,0DAEC;AASD,gEAEC;AAvDD,wCAA0E;AAE1E,yHAAyH;AAEzH;;;;;GAKG;AACH,SAAS,6BAA6B,CAAC,OAAe;IACpD,IAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IACD,MAAM,OAAO,GAAG,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,GAAG,CAAA;IAC7E,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;AACjC,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,gCAAgC,CAAC,OAAmB,EAAE,SAAoB;IACxF,IAAG,SAAS,CAAC,mBAAmB,EAAE,EAAE,CAAC;QACnC,OAAO,uBAAuB,CAAC,OAAO,EAAE,SAAS,CAAC,SAAS,EAAE,CAAC,CAAC;IACjE,CAAC;SAAM,IAAG,SAAS,CAAC,sBAAsB,EAAE,EAAE,CAAC;QAC7C,OAAO,0BAA0B,CAAC,OAAO,EAAE,SAAS,CAAC,YAAY,EAAE,CAAC,CAAC;IACvE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAGD;;;;;;GAMG;AACH,SAAgB,uBAAuB,CAAC,OAAmB,EAAE,eAA2B;IACtF,OAAO,eAAe,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,4BAA4B,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC,CAAA;AACtG,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,0BAA0B,CAAC,OAAmB,EAAE,eAA2B;IACzF,OAAO,CAAC,uBAAuB,CAAC,OAAO,EAAE,eAAe,CAAC,CAAA;AAC3D,CAAC;AAED;;;;;;GAMG;AACH,SAAS,4BAA4B,CAAC,OAAmB,EAAE,cAAwB;IACjF,IAAG,cAAc,CAAC,cAAc,EAAE,EAAE,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;SAAM,IAAG,cAAc,CAAC,aAAa,EAAE,EAAE,CAAC;QACzC,IAAG,CAAC,OAAO,CAAC,QAAQ,EAAG,CAAC;YACtB,OAAO,KAAK,CAAA;QACd,CAAC;QAED,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAA;QACjC,IAAG,CAAC,6BAA6B,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC,EAAE,CAAC;YACzF,OAAO,KAAK,CAAA;QACd,CAAC;QAED,IAAG,CAAC,6BAA6B,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;YACrF,OAAO,KAAK,CAAA;QACd,CAAC;QAED,IAAG,CAAC,6BAA6B,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC;YACnF,OAAO,KAAK,CAAA;QACd,CAAC;QAED,IAAG,CAAC,6BAA6B,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;YACrF,OAAO,KAAK,CAAA;QACd,CAAC;QAED,gKAAgK;QAChK,MAAM,CAAC,aAAa,EAAE,gBAAgB,CAAC,GAAG,IAAA,6BAAmB,EAAC,cAAc,CAAC,QAAQ,EAAE,CAAC,CAAA;QAExF,IAAG,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;YAClD,OAAO,KAAK,CAAA;QACd,CAAC;QAED,MAAM,iBAAiB,GAAG,QAAQ,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,CAAA;QAEzE,IAAG,CAAC,IAAA,iCAAuB,EAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC;YAC/E,OAAO,KAAK,CAAA;QACd,CAAC;QAED,OAAO,IAAI,CAAA;IACb,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3C,CAAC;AACH,CAAC"}

package/dist/cjs/services/DefaultServiceAuthorizer.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import { EvaluationResult } from "../evaluate.js";
+import { StatementAnalysis } from "../StatementAnalysis.js";
+import { ServiceAuthorizationRequest, ServiceAuthorizer } from "./ServiceAuthorizer.js";
+export declare class DefaultServiceAuthorizer implements ServiceAuthorizer {
+    authorize(request: ServiceAuthorizationRequest): EvaluationResult;
+    identityStatementResult(request: ServiceAuthorizationRequest): EvaluationResult;
+    identityStatementAllows(statement: StatementAnalysis): boolean;
+    identityStatementUknownAllow(statement: StatementAnalysis): boolean;
+    identityStatementUknownDeny(statement: StatementAnalysis): boolean;
+    identityStatementExplicitDeny(statement: StatementAnalysis): boolean;
+}
+//# sourceMappingURL=DefaultServiceAuthorizer.d.ts.map

package/dist/cjs/services/DefaultServiceAuthorizer.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"DefaultServiceAuthorizer.d.ts","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,2BAA2B,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAIxF,qBAAa,wBAAyB,YAAW,iBAAiB;IACzD,SAAS,CAAC,OAAO,EAAE,2BAA2B,GAAG,gBAAgB;IAqBjE,uBAAuB,CAAC,OAAO,EAAE,2BAA2B,GAAG,gBAAgB;IAoB/E,uBAAuB,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO;IAU9D,4BAA4B,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO;IAUnE,2BAA2B,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO;IAUlE,6BAA6B,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO;CAS5E"}

package/dist/cjs/services/DefaultServiceAuthorizer.js ADDED Viewed

@@ -0,0 +1,79 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DefaultServiceAuthorizer = void 0;
+class DefaultServiceAuthorizer {
+    authorize(request) {
+        const identityStatementResult = this.identityStatementResult(request);
+        const principalAccount = request.request.principalAccountId;
+        const resourceAccount = request.request.resourceAccountId;
+        /**
+         * Add checks for:
+         * * resource policies
+         * * service control policies
+         * * boundary policies
+         * * vpc endpoint policies
+         * * session policies (maybe these are just part of identity policies?)
+         */
+        if (identityStatementResult === 'Allowed') {
+            if (principalAccount === resourceAccount) {
+                return identityStatementResult;
+            }
+            return 'ImplicitlyDenied';
+        }
+        return identityStatementResult;
+    }
+    identityStatementResult(request) {
+        const explicitDeny = request.identityStatements.some(s => this.identityStatementExplicitDeny(s));
+        if (explicitDeny) {
+            return 'ExplicitlyDenied';
+        }
+        const explicitAllow = request.identityStatements.some(s => this.identityStatementAllows(s));
+        const possibleDeny = request.identityStatements.some(s => this.identityStatementUknownDeny(s));
+        if (explicitAllow) {
+            return possibleDeny ? 'Unknown' : 'Allowed';
+        }
+        const possibleAllow = request.identityStatements.some(s => this.identityStatementUknownAllow(s));
+        if (possibleAllow) {
+            return 'Unknown';
+        }
+        return 'ImplicitlyDenied';
+    }
+    identityStatementAllows(statement) {
+        if (statement.resourceMatch &&
+            statement.actionMatch &&
+            statement.conditionMatch === 'Match' &&
+            statement.statement.effect() === 'Allow') {
+            return true;
+        }
+        return false;
+    }
+    identityStatementUknownAllow(statement) {
+        if (statement.resourceMatch &&
+            statement.actionMatch &&
+            statement.conditionMatch === 'Unknown' &&
+            statement.statement.effect() === 'Allow') {
+            return true;
+        }
+        return false;
+    }
+    identityStatementUknownDeny(statement) {
+        if (statement.resourceMatch &&
+            statement.actionMatch &&
+            statement.conditionMatch === 'Unknown' &&
+            statement.statement.effect() === 'Deny') {
+            return true;
+        }
+        return false;
+    }
+    identityStatementExplicitDeny(statement) {
+        if (statement.resourceMatch &&
+            statement.actionMatch &&
+            statement.conditionMatch === 'Match' &&
+            statement.statement.effect() === 'Deny') {
+            return true;
+        }
+        return false;
+    }
+}
+exports.DefaultServiceAuthorizer = DefaultServiceAuthorizer;
+//# sourceMappingURL=DefaultServiceAuthorizer.js.map

package/dist/cjs/services/DefaultServiceAuthorizer.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"DefaultServiceAuthorizer.js","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":";;;AAMA,MAAa,wBAAwB;IAC5B,SAAS,CAAC,OAAoC;QACnD,MAAM,uBAAuB,GAAG,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;QACtE,MAAM,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAA;QAC3D,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAA;QACzD;;;;;;;WAOG;QACH,IAAG,uBAAuB,KAAK,SAAS,EAAE,CAAC;YACzC,IAAG,gBAAgB,KAAK,eAAe,EAAE,CAAC;gBACxC,OAAO,uBAAuB,CAAA;YAChC,CAAC;YACD,OAAO,kBAAkB,CAAA;QAC3B,CAAC;QACD,OAAO,uBAAuB,CAAC;IACjC,CAAC;IAEM,uBAAuB,CAAC,OAAoC;QACjE,MAAM,YAAY,GAAG,OAAO,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,CAAC,CAAC,CAAC;QACjG,IAAG,YAAY,EAAE,CAAC;YAChB,OAAO,kBAAkB,CAAC;QAC5B,CAAC;QAED,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5F,MAAM,YAAY,GAAG,OAAO,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/F,IAAG,aAAa,EAAE,CAAC;YACjB,OAAO,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;QAC9C,CAAC;QAED,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC,CAAC,CAAC,CAAC;QACjG,IAAG,aAAa,EAAE,CAAC;YACjB,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,OAAO,kBAAkB,CAAA;IAC3B,CAAC;IAEM,uBAAuB,CAAC,SAA4B;QACzD,IAAG,SAAS,CAAC,aAAa;YACxB,SAAS,CAAC,WAAW;YACrB,SAAS,CAAC,cAAc,KAAK,OAAO;YACpC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,OAAO,EAAE,CAAC;YACzC,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAEM,4BAA4B,CAAC,SAA4B;QAC9D,IAAG,SAAS,CAAC,aAAa;YACxB,SAAS,CAAC,WAAW;YACrB,SAAS,CAAC,cAAc,KAAK,SAAS;YACtC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,OAAO,EAAE,CAAC;YACzC,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,KAAK,CAAA;IACd,CAAC;IAEM,2BAA2B,CAAC,SAA4B;QAC7D,IAAG,SAAS,CAAC,aAAa;YACxB,SAAS,CAAC,WAAW;YACrB,SAAS,CAAC,cAAc,KAAK,SAAS;YACtC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,MAAM,EAAE,CAAC;YACxC,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,KAAK,CAAA;IACd,CAAC;IAEM,6BAA6B,CAAC,SAA4B;QAC/D,IAAG,SAAS,CAAC,aAAa;YACxB,SAAS,CAAC,WAAW;YACrB,SAAS,CAAC,cAAc,KAAK,OAAO;YACpC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,MAAM,EAAE,CAAC;YACxC,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AAjFD,4DAiFC"}

package/dist/cjs/services/ServiceAuthorizer.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import { EvaluationResult } from "../evaluate.js";
+import { AwsRequest } from "../request/request.js";
+import { StatementAnalysis } from "../StatementAnalysis.js";
+export interface ServiceAuthorizationRequest {
+    request: AwsRequest;
+    identityStatements: StatementAnalysis[];
+}
+export interface ServiceAuthorizer {
+    authorize(request: ServiceAuthorizationRequest): EvaluationResult;
+}
+//# sourceMappingURL=ServiceAuthorizer.d.ts.map

package/dist/cjs/services/ServiceAuthorizer.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ServiceAuthorizer.d.ts","sourceRoot":"","sources":["../../../src/services/ServiceAuthorizer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D,MAAM,WAAW,2BAA2B;IAC1C,OAAO,EAAE,UAAU,CAAC;IACpB,kBAAkB,EAAE,iBAAiB,EAAE,CAAC;CACzC;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,CAAC,OAAO,EAAE,2BAA2B,GAAG,gBAAgB,CAAA;CAClE"}

package/dist/cjs/services/ServiceAuthorizer.js ADDED Viewed

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=ServiceAuthorizer.js.map

package/dist/cjs/services/ServiceAuthorizer.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"ServiceAuthorizer.js","sourceRoot":"","sources":["../../../src/services/ServiceAuthorizer.ts"],"names":[],"mappings":""}

package/dist/cjs/util.d.ts ADDED Viewed

@@ -0,0 +1,47 @@
+import { AwsRequest } from './request/request.js';
+interface StringReplaceOptions {
+    replaceWildcards: boolean;
+}
+/**
+ * This will convert a string to a regex that can be used to match against a string.
+ * This will replace any variables in the string with the value of the variable in the request context.
+ *
+ * @param value the string to convert to a regex
+ * @param requestContext the request context to get the variable values from
+ * @returns a regex that can be used to match against a string
+ */
+export declare function convertIamStringToRegex(value: string, request: AwsRequest, replaceOptions?: Partial<StringReplaceOptions>): RegExp;
+export interface ArnParts {
+    partition: string | undefined;
+    service: string | undefined;
+    region: string | undefined;
+    accountId: string | undefined;
+    resource: string | undefined;
+    resourceType: string | undefined;
+    resourcePath: string | undefined;
+}
+export declare function splitArnParts(arn: string): ArnParts;
+/**
+ * Splits a resource into two segments. The first segment is the product segment and the second segment is the resource id segment.
+ * This could be split by a colon or a slash, so it checks for both.
+ *
+ * @param resource The resource to split
+ * @returns a tuple with the first segment being the product segment (including the separator) and the second segment being the resource id.
+ */
+export declare function getResourceSegments(resource: string): [string, string];
+/**
+ * Checks if a value is defined and not null and narrows the type to the defined type
+ *
+ * @param value the value to check if it is defined
+ * @returns if the value is defined and not null
+ */
+export declare function isDefined<T>(value: T | undefined): value is T;
+/**
+ * Checks if a value is not defined or null
+ *
+ * @param value the value to check if it is not defined
+ * @returns if the value is not defined or null
+ */
+export declare function isNotDefined<T>(value: T | undefined): value is undefined;
+export {};
+//# sourceMappingURL=util.d.ts.map

package/dist/cjs/util.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../src/util.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AAIjD,UAAU,oBAAoB;IAC5B,gBAAgB,EAAE,OAAO,CAAA;CAC1B;AAMD;;;;;;;GAOG;AACH,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,oBAAoB,CAAC,GAAG,MAAM,CA4DlI;AAsCD,MAAM,WAAW,QAAQ;IACvB,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,OAAO,EAAE,MAAM,GAAG,SAAS,CAAA;IAC3B,MAAM,EAAE,MAAM,GAAG,SAAS,CAAA;IAC1B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;IAC5B,YAAY,EAAE,MAAM,GAAG,SAAS,CAAA;IAChC,YAAY,EAAE,MAAM,GAAG,SAAS,CAAA;CACjC;AAED,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,QAAQ,CAyBnD;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAgBtE;AAED;;;;;GAKG;AACH,wBAAgB,SAAS,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,SAAS,GAAG,KAAK,IAAI,CAAC,CAE7D;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,SAAS,GAAG,KAAK,IAAI,SAAS,CAExE"}

package/dist/cjs/util.js ADDED Viewed

@@ -0,0 +1,180 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.convertIamStringToRegex = convertIamStringToRegex;
+exports.splitArnParts = splitArnParts;
+exports.getResourceSegments = getResourceSegments;
+exports.isDefined = isDefined;
+exports.isNotDefined = isNotDefined;
+const matchesNothing = new RegExp('a^');
+const defaultStringReplaceOptions = {
+    replaceWildcards: true
+};
+/**
+ * This will convert a string to a regex that can be used to match against a string.
+ * This will replace any variables in the string with the value of the variable in the request context.
+ *
+ * @param value the string to convert to a regex
+ * @param requestContext the request context to get the variable values from
+ * @returns a regex that can be used to match against a string
+ */
+function convertIamStringToRegex(value, request, replaceOptions) {
+    const options = { ...defaultStringReplaceOptions, ...replaceOptions };
+    let invalidVariableFound = false;
+    const newValue = value.replaceAll(/(\$\{.*?\})|(\*)|(\?)/ig, (match, args) => {
+        if (match == "?") {
+            return replacementValue('\\?', '.', options.replaceWildcards);
+            // return '.'
+        }
+        else if (match == "*") {
+            return replacementValue('\\*', ".*?", options.replaceWildcards);
+            // return ".*?"
+        }
+        else if (match == "${*}") {
+            return replacementValue("\\$\\{\\*\\}", "\\*", options.replaceWildcards);
+            // return "\\*"
+        }
+        else if (match == "${?}") {
+            return replacementValue("\\$\\{\\?\\}", "\\?", options.replaceWildcards);
+            // return "\\?"
+        }
+        else if (match == "${$}") {
+            return replacementValue("\\$\\{\\$\\}", "\\$", options.replaceWildcards);
+            // return "\\$"
+        }
+        //
+        //This means it'a a variable
+        const inTheBrackets = match.slice(2, -1);
+        let defaultValue = undefined;
+        const defaultParts = inTheBrackets.split(', ');
+        if (defaultParts.length == 2) {
+            const segmentAfterComma = defaultParts.at(1);
+            if (segmentAfterComma?.startsWith("'") && segmentAfterComma.endsWith("'")) {
+                defaultValue = segmentAfterComma.slice(1, -1);
+            }
+        }
+        const variableName = defaultParts.at(0).trim();
+        const requestValue = getContextSingleValue(request, variableName);
+        if (requestValue) {
+            return escapeRegexCharacters(requestValue);
+        }
+        else if (defaultValue) {
+            /*
+              TODO: What happens in a request if a multi value context key is used in a string and there
+              is a default value? Will it use the default value or will it fail the condition test?
+            */
+            return escapeRegexCharacters(defaultValue);
+        }
+        else {
+            invalidVariableFound = true;
+            /*
+            https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#policy-vars-no-value
+            */
+            return "--undefined---";
+        }
+        throw new Error('This should never happen');
+    });
+    if (invalidVariableFound) {
+        return matchesNothing;
+    }
+    return new RegExp('^' + newValue + '$');
+}
+/**
+ * Replace regex characters in a string with their escaped versions
+ *
+ * @param str the string to escape regex characters in
+ * @returns the string with regex characters escaped
+ */
+function escapeRegexCharacters(str) {
+    return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+/**
+ * Get the string value of a context key only if it is a single value key
+ *
+ * @param requestContext the request context to get the value from
+ * @param contextKeyName the name of the context key to get the value of
+ * @returns the value of the context key if it is a single value key, undefined otherwise
+ */
+function getContextSingleValue(request, contextKeyName) {
+    if (!request.contextKeyExists(contextKeyName)) {
+        return undefined;
+    }
+    const keyValue = request.getContextKeyValue(contextKeyName);
+    if (keyValue.isStringValue()) {
+        return keyValue.value;
+    }
+    return undefined;
+}
+function replacementValue(rawString, wildcard, replaceWildcards) {
+    if (replaceWildcards) {
+        return wildcard;
+    }
+    return rawString;
+}
+function splitArnParts(arn) {
+    const parts = arn.split(':');
+    const partition = parts.at(1);
+    const service = parts.at(2);
+    const region = parts.at(3);
+    const accountId = parts.at(4);
+    const resource = parts.slice(5).join(":");
+    let resourceType = undefined;
+    let resourcePath = undefined;
+    if (resource?.includes('/') || resource?.includes(':')) {
+        const [resourceTypeSegment, resourcePathSegment] = getResourceSegments(resource);
+        resourceType = resourceTypeSegment;
+        resourcePath = resourcePathSegment;
+    }
+    return {
+        partition,
+        service,
+        region,
+        accountId,
+        resource,
+        resourceType,
+        resourcePath
+    };
+}
+/**
+ * Splits a resource into two segments. The first segment is the product segment and the second segment is the resource id segment.
+ * This could be split by a colon or a slash, so it checks for both.
+ *
+ * @param resource The resource to split
+ * @returns a tuple with the first segment being the product segment (including the separator) and the second segment being the resource id.
+ */
+function getResourceSegments(resource) {
+    const slashIndex = resource.indexOf('/');
+    const colonIndex = resource.indexOf(':');
+    let splitIndex = slashIndex;
+    if (slashIndex != -1 && colonIndex != -1) {
+        splitIndex = Math.min(slashIndex, colonIndex) + 1;
+    }
+    else if (colonIndex == -1) {
+        splitIndex = slashIndex + 1;
+    }
+    else if (slashIndex == -1) {
+        splitIndex = colonIndex + 1;
+    }
+    else {
+        throw new Error(`Unable to split resource ${resource}`);
+    }
+    return [resource.slice(0, splitIndex), resource.slice(splitIndex)];
+}
+/**
+ * Checks if a value is defined and not null and narrows the type to the defined type
+ *
+ * @param value the value to check if it is defined
+ * @returns if the value is defined and not null
+ */
+function isDefined(value) {
+    return value !== undefined && value !== null;
+}
+/**
+ * Checks if a value is not defined or null
+ *
+ * @param value the value to check if it is not defined
+ * @returns if the value is not defined or null
+ */
+function isNotDefined(value) {
+    return !isDefined(value);
+}
+//# sourceMappingURL=util.js.map

package/dist/cjs/util.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"util.js","sourceRoot":"","sources":["../../src/util.ts"],"names":[],"mappings":";;AAoBA,0DA4DC;AAgDD,sCAyBC;AASD,kDAgBC;AAQD,8BAEC;AAQD,oCAEC;AApMD,MAAM,cAAc,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,CAAA;AAMvC,MAAM,2BAA2B,GAAyB;IACxD,gBAAgB,EAAE,IAAI;CACvB,CAAA;AAED;;;;;;;GAOG;AACH,SAAgB,uBAAuB,CAAC,KAAa,EAAE,OAAmB,EAAE,cAA8C;IACxH,MAAM,OAAO,GAAG,EAAC,GAAG,2BAA2B,EAAE,GAAG,cAAc,EAAC,CAAA;IAEnE,IAAI,oBAAoB,GAAG,KAAK,CAAA;IAChC,MAAM,QAAQ,GAAG,KAAK,CAAC,UAAU,CAAC,yBAAyB,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QAC3E,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;YACjB,OAAO,gBAAgB,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAA;YAC7D,aAAa;QACf,CAAC;aAAM,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;YACxB,OAAO,gBAAgB,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAA;YAC/D,eAAe;QACjB,CAAC;aAAM,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,gBAAgB,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAA;YACxE,eAAe;QACjB,CAAC;aAAM,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,gBAAgB,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAA;YACxE,eAAe;QACjB,CAAC;aAAM,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,gBAAgB,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAA;YACxE,eAAe;QACjB,CAAC;QACD,EAAE;QACF,4BAA4B;QAC5B,MAAM,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QAExC,IAAI,YAAY,GAAG,SAAS,CAAA;QAC5B,MAAM,YAAY,GAAG,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QAC9C,IAAG,YAAY,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YAC5B,MAAM,iBAAiB,GAAG,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YAC5C,IAAG,iBAAiB,EAAE,UAAU,CAAC,GAAG,CAAC,IAAI,iBAAiB,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACzE,YAAY,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YAC/C,CAAC;QACH,CAAC;QACD,MAAM,YAAY,GAAG,YAAY,CAAC,EAAE,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAA;QAE/C,MAAM,YAAY,GAAG,qBAAqB,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;QAEjE,IAAG,YAAY,EAAE,CAAC;YAChB,OAAO,qBAAqB,CAAC,YAAY,CAAC,CAAA;QAC5C,CAAC;aAAM,IAAG,YAAY,EAAE,CAAC;YACvB;;;cAGE;YACF,OAAO,qBAAqB,CAAC,YAAY,CAAC,CAAA;QAC5C,CAAC;aAAM,CAAC;YACN,oBAAoB,GAAG,IAAI,CAAA;YAC3B;;cAEE;YACF,OAAO,gBAAgB,CAAA;QACzB,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAA;IAC7C,CAAC,CAAC,CAAA;IAEF,IAAG,oBAAoB,EAAE,CAAC;QACxB,OAAO,cAAc,CAAA;IACvB,CAAC;IACD,OAAO,IAAI,MAAM,CAAC,GAAG,GAAG,QAAQ,GAAG,GAAG,CAAC,CAAA;AACzC,CAAC;AAED;;;;;GAKG;AACH,SAAS,qBAAqB,CAAC,GAAW;IACxC,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC;AAED;;;;;;GAMG;AACH,SAAS,qBAAqB,CAAC,OAAmB,EAAE,cAAsB;IACxE,IAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,cAAc,CAAC,EAAE,CAAC;QAC7C,OAAO,SAAS,CAAA;IAClB,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAA;IAC3D,IAAG,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC;QAC5B,OAAO,QAAQ,CAAC,KAAK,CAAA;IACvB,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAS,gBAAgB,CAAC,SAAiB,EAAE,QAAgB,EAAE,gBAAyB;IACtF,IAAG,gBAAgB,EAAE,CAAC;QACpB,OAAO,QAAQ,CAAA;IACjB,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAYD,SAAgB,aAAa,CAAC,GAAW;IACvC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC5B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC7B,MAAM,OAAO,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC3B,MAAM,MAAM,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC1B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC7B,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAEzC,IAAI,YAAY,GAAG,SAAS,CAAA;IAC5B,IAAI,YAAY,GAAG,SAAS,CAAA;IAC5B,IAAG,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,IAAI,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACtD,MAAM,CAAC,mBAAmB,EAAE,mBAAmB,CAAC,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAA;QAChF,YAAY,GAAG,mBAAmB,CAAA;QAClC,YAAY,GAAG,mBAAmB,CAAA;IACpC,CAAC;IAED,OAAO;QACL,SAAS;QACT,OAAO;QACP,MAAM;QACN,SAAS;QACT,QAAQ;QACR,YAAY;QACZ,YAAY;KACb,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,mBAAmB,CAAC,QAAgB;IAClD,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACxC,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAExC,IAAI,UAAU,GAAG,UAAU,CAAA;IAC3B,IAAG,UAAU,IAAI,CAAC,CAAC,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QACxC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,CAAA;IACnD,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,4BAA4B,QAAQ,EAAE,CAAC,CAAA;IACzD,CAAC;IAED,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAA;AACpE,CAAC;AAED;;;;;GAKG;AACH,SAAgB,SAAS,CAAI,KAAoB;IAC/C,OAAO,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,CAAC;AAC/C,CAAC;AAED;;;;;GAKG;AACH,SAAgB,YAAY,CAAI,KAAoB;IAClD,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;AAC1B,CAAC"}

package/dist/esm/action/action.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import { Action } from "@cloud-copilot/iam-policy";
+import { AwsRequest } from "../request/request.js";
+/**
+ * Check if a request matches a set of actions.
+ *
+ * @param request the request to check
+ * @param actions the actions to check against
+ * @returns true if the request matches any of the actions, false otherwise
+ */
+export declare function requestMatchesActions(request: AwsRequest, actions: Action[]): boolean;
+/**
+ * Check if a request does not match a set of actions.
+ *
+ * @param request the request to check
+ * @param actions the actions to check against
+ * @returns true if the request does not match any of the actions, false if the request matches any of the actions
+ */
+export declare function requestMatchesNotActions(request: AwsRequest, actions: Action[]): boolean;
+//# sourceMappingURL=action.d.ts.map

package/dist/esm/action/action.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"action.d.ts","sourceRoot":"","sources":["../../../src/action/action.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAiBnD;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAiBrF;AAED;;;;;;GAMG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAExF"}

package/dist/esm/action/action.js ADDED Viewed

@@ -0,0 +1,51 @@
+/**
+ * Convert an action action (the part after the colon) to a regular expression.
+ *
+ * @param action the action to convert to a regular expression
+ * @returns a regular that replaces any wildcards in the action with the appropriate regular expression.
+ */
+function convertActionToRegex(action) {
+    if (action.indexOf(':') != -1) {
+        throw new Error('Action should not contain a colon');
+    }
+    const pattern = "^" + action.replace(/\?/g, '.').replace(/\*/g, '.*?') + "$";
+    return new RegExp(pattern, 'i');
+}
+/**
+ * Check if a request matches a set of actions.
+ *
+ * @param request the request to check
+ * @param actions the actions to check against
+ * @returns true if the request matches any of the actions, false otherwise
+ */
+export function requestMatchesActions(request, actions) {
+    for (const action of actions) {
+        if (action.isWildcardAction()) {
+            return true;
+        }
+        else if (action.isServiceAction()) {
+            if (request.action.service() != action.service()) {
+                continue;
+            }
+            const actionRegex = convertActionToRegex(action.action());
+            if (actionRegex.test(request.action.action())) {
+                return true;
+            }
+        }
+        else {
+            throw new Error('Unknown action type');
+        }
+    }
+    return false;
+}
+/**
+ * Check if a request does not match a set of actions.
+ *
+ * @param request the request to check
+ * @param actions the actions to check against
+ * @returns true if the request does not match any of the actions, false if the request matches any of the actions
+ */
+export function requestMatchesNotActions(request, actions) {
+    return !requestMatchesActions(request, actions);
+}
+//# sourceMappingURL=action.js.map

package/dist/esm/action/action.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"action.js","sourceRoot":"","sources":["../../../src/action/action.ts"],"names":[],"mappings":"AAGA;;;;;GAKG;AACH,SAAS,oBAAoB,CAAC,MAAc;IAC1C,IAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IACD,MAAM,OAAO,GAAG,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,GAAG,CAAA;IAC5E,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;AACjC,CAAC;AAGD;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAmB,EAAE,OAAiB;IAC1E,KAAI,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,MAAM,CAAC,gBAAgB,EAAE,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC;QACd,CAAC;aAAM,IAAG,MAAM,CAAC,eAAe,EAAE,EAAE,CAAC;YACnC,IAAG,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC;gBAChD,SAAQ;YACV,CAAC;YACD,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;YAC1D,IAAG,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC;gBAC7C,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,wBAAwB,CAAC,OAAmB,EAAE,OAAiB;IAC7E,OAAO,CAAC,qBAAqB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AAClD,CAAC"}

package/dist/esm/action.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import { Action } from "@cloud-copilot/iam-policy";
+import { Request } from "./request.js";
+export declare function requestMatchesAction(request: Request, actions: Action[]): boolean;
+//# sourceMappingURL=action.d.ts.map

package/dist/esm/action.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"action.d.ts","sourceRoot":"","sources":["../../src/action.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAMvC,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAajF"}