@cloud-copilot/iam-simulate 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE.txt +661 -0
- package/README.md +5 -0
- package/dist/cjs/StatementAnalysis.d.ts +27 -0
- package/dist/cjs/StatementAnalysis.d.ts.map +1 -0
- package/dist/cjs/StatementAnalysis.js +3 -0
- package/dist/cjs/StatementAnalysis.js.map +1 -0
- package/dist/cjs/action/action.d.ts +27 -0
- package/dist/cjs/action/action.d.ts.map +1 -0
- package/dist/cjs/action/action.js +72 -0
- package/dist/cjs/action/action.js.map +1 -0
- package/dist/cjs/action.d.ts +4 -0
- package/dist/cjs/action.d.ts.map +1 -0
- package/dist/cjs/action.js +21 -0
- package/dist/cjs/action.js.map +1 -0
- package/dist/cjs/condition/BaseConditionOperator.d.ts +8 -0
- package/dist/cjs/condition/BaseConditionOperator.d.ts.map +1 -0
- package/dist/cjs/condition/BaseConditionOperator.js +3 -0
- package/dist/cjs/condition/BaseConditionOperator.js.map +1 -0
- package/dist/cjs/condition/arn/ArnEquals.d.ts +3 -0
- package/dist/cjs/condition/arn/ArnEquals.d.ts.map +1 -0
- package/dist/cjs/condition/arn/ArnEquals.js +11 -0
- package/dist/cjs/condition/arn/ArnEquals.js.map +1 -0
- package/dist/cjs/condition/arn/ArnLike.d.ts +3 -0
- package/dist/cjs/condition/arn/ArnLike.d.ts.map +1 -0
- package/dist/cjs/condition/arn/ArnLike.js +50 -0
- package/dist/cjs/condition/arn/ArnLike.js.map +1 -0
- package/dist/cjs/condition/arn/ArnNotEquals.d.ts +3 -0
- package/dist/cjs/condition/arn/ArnNotEquals.d.ts.map +1 -0
- package/dist/cjs/condition/arn/ArnNotEquals.js +11 -0
- package/dist/cjs/condition/arn/ArnNotEquals.js.map +1 -0
- package/dist/cjs/condition/arn/ArnNotLike.d.ts +3 -0
- package/dist/cjs/condition/arn/ArnNotLike.d.ts.map +1 -0
- package/dist/cjs/condition/arn/ArnNotLike.js +13 -0
- package/dist/cjs/condition/arn/ArnNotLike.js.map +1 -0
- package/dist/cjs/condition/baseConditionperatorTests.d.ts +12 -0
- package/dist/cjs/condition/baseConditionperatorTests.d.ts.map +1 -0
- package/dist/cjs/condition/baseConditionperatorTests.js +21 -0
- package/dist/cjs/condition/baseConditionperatorTests.js.map +1 -0
- package/dist/cjs/condition/binary/BinaryEquals.d.ts +7 -0
- package/dist/cjs/condition/binary/BinaryEquals.d.ts.map +1 -0
- package/dist/cjs/condition/binary/BinaryEquals.js +16 -0
- package/dist/cjs/condition/binary/BinaryEquals.js.map +1 -0
- package/dist/cjs/condition/boolean/Bool.d.ts +3 -0
- package/dist/cjs/condition/boolean/Bool.d.ts.map +1 -0
- package/dist/cjs/condition/boolean/Bool.js +20 -0
- package/dist/cjs/condition/boolean/Bool.js.map +1 -0
- package/dist/cjs/condition/condition.d.ts +6 -0
- package/dist/cjs/condition/condition.d.ts.map +1 -0
- package/dist/cjs/condition/condition.js +123 -0
- package/dist/cjs/condition/condition.js.map +1 -0
- package/dist/cjs/condition/date/DateEquals.d.ts +3 -0
- package/dist/cjs/condition/date/DateEquals.d.ts.map +1 -0
- package/dist/cjs/condition/date/DateEquals.js +17 -0
- package/dist/cjs/condition/date/DateEquals.js.map +1 -0
- package/dist/cjs/condition/date/DateGreaterThan.d.ts +3 -0
- package/dist/cjs/condition/date/DateGreaterThan.d.ts.map +1 -0
- package/dist/cjs/condition/date/DateGreaterThan.js +17 -0
- package/dist/cjs/condition/date/DateGreaterThan.js.map +1 -0
- package/dist/cjs/condition/date/DateGreaterThanEquals.d.ts +3 -0
- package/dist/cjs/condition/date/DateGreaterThanEquals.d.ts.map +1 -0
- package/dist/cjs/condition/date/DateGreaterThanEquals.js +17 -0
- package/dist/cjs/condition/date/DateGreaterThanEquals.js.map +1 -0
- package/dist/cjs/condition/date/DateLessThan.d.ts +3 -0
- package/dist/cjs/condition/date/DateLessThan.d.ts.map +1 -0
- package/dist/cjs/condition/date/DateLessThan.js +17 -0
- package/dist/cjs/condition/date/DateLessThan.js.map +1 -0
- package/dist/cjs/condition/date/DateLessThanEquals.d.ts +3 -0
- package/dist/cjs/condition/date/DateLessThanEquals.d.ts.map +1 -0
- package/dist/cjs/condition/date/DateLessThanEquals.js +17 -0
- package/dist/cjs/condition/date/DateLessThanEquals.js.map +1 -0
- package/dist/cjs/condition/date/DateNotEquals.d.ts +3 -0
- package/dist/cjs/condition/date/DateNotEquals.d.ts.map +1 -0
- package/dist/cjs/condition/date/DateNotEquals.js +29 -0
- package/dist/cjs/condition/date/DateNotEquals.js.map +1 -0
- package/dist/cjs/condition/date/date.d.ts +17 -0
- package/dist/cjs/condition/date/date.d.ts.map +1 -0
- package/dist/cjs/condition/date/date.js +42 -0
- package/dist/cjs/condition/date/date.js.map +1 -0
- package/dist/cjs/condition/ipaddress/IpAddress.d.ts +3 -0
- package/dist/cjs/condition/ipaddress/IpAddress.d.ts.map +1 -0
- package/dist/cjs/condition/ipaddress/IpAddress.js +27 -0
- package/dist/cjs/condition/ipaddress/IpAddress.js.map +1 -0
- package/dist/cjs/condition/ipaddress/NotIpAddress.d.ts +3 -0
- package/dist/cjs/condition/ipaddress/NotIpAddress.d.ts.map +1 -0
- package/dist/cjs/condition/ipaddress/NotIpAddress.js +31 -0
- package/dist/cjs/condition/ipaddress/NotIpAddress.js.map +1 -0
- package/dist/cjs/condition/ipaddress/ipv4.d.ts +24 -0
- package/dist/cjs/condition/ipaddress/ipv4.d.ts.map +1 -0
- package/dist/cjs/condition/ipaddress/ipv4.js +59 -0
- package/dist/cjs/condition/ipaddress/ipv4.js.map +1 -0
- package/dist/cjs/condition/ipaddress/ipv6.d.ts +24 -0
- package/dist/cjs/condition/ipaddress/ipv6.d.ts.map +1 -0
- package/dist/cjs/condition/ipaddress/ipv6.js +111 -0
- package/dist/cjs/condition/ipaddress/ipv6.js.map +1 -0
- package/dist/cjs/condition/numeric/NumericEquals.d.ts +3 -0
- package/dist/cjs/condition/numeric/NumericEquals.d.ts.map +1 -0
- package/dist/cjs/condition/numeric/NumericEquals.js +17 -0
- package/dist/cjs/condition/numeric/NumericEquals.js.map +1 -0
- package/dist/cjs/condition/numeric/NumericGreaterThan.d.ts +3 -0
- package/dist/cjs/condition/numeric/NumericGreaterThan.d.ts.map +1 -0
- package/dist/cjs/condition/numeric/NumericGreaterThan.js +17 -0
- package/dist/cjs/condition/numeric/NumericGreaterThan.js.map +1 -0
- package/dist/cjs/condition/numeric/NumericGreaterThanEquals.d.ts +3 -0
- package/dist/cjs/condition/numeric/NumericGreaterThanEquals.d.ts.map +1 -0
- package/dist/cjs/condition/numeric/NumericGreaterThanEquals.js +17 -0
- package/dist/cjs/condition/numeric/NumericGreaterThanEquals.js.map +1 -0
- package/dist/cjs/condition/numeric/NumericLessThan.d.ts +3 -0
- package/dist/cjs/condition/numeric/NumericLessThan.d.ts.map +1 -0
- package/dist/cjs/condition/numeric/NumericLessThan.js +17 -0
- package/dist/cjs/condition/numeric/NumericLessThan.js.map +1 -0
- package/dist/cjs/condition/numeric/NumericLessThanEquals.d.ts +3 -0
- package/dist/cjs/condition/numeric/NumericLessThanEquals.d.ts.map +1 -0
- package/dist/cjs/condition/numeric/NumericLessThanEquals.js +17 -0
- package/dist/cjs/condition/numeric/NumericLessThanEquals.js.map +1 -0
- package/dist/cjs/condition/numeric/NumericNotEquals.d.ts +3 -0
- package/dist/cjs/condition/numeric/NumericNotEquals.d.ts.map +1 -0
- package/dist/cjs/condition/numeric/NumericNotEquals.js +29 -0
- package/dist/cjs/condition/numeric/NumericNotEquals.js.map +1 -0
- package/dist/cjs/condition/numeric/numeric.d.ts +17 -0
- package/dist/cjs/condition/numeric/numeric.d.ts.map +1 -0
- package/dist/cjs/condition/numeric/numeric.js +41 -0
- package/dist/cjs/condition/numeric/numeric.js.map +1 -0
- package/dist/cjs/condition/string/StringEquals.d.ts +3 -0
- package/dist/cjs/condition/string/StringEquals.d.ts.map +1 -0
- package/dist/cjs/condition/string/StringEquals.js +14 -0
- package/dist/cjs/condition/string/StringEquals.js.map +1 -0
- package/dist/cjs/condition/string/StringEqualsIgnoreCase.d.ts +3 -0
- package/dist/cjs/condition/string/StringEqualsIgnoreCase.d.ts.map +1 -0
- package/dist/cjs/condition/string/StringEqualsIgnoreCase.js +17 -0
- package/dist/cjs/condition/string/StringEqualsIgnoreCase.js.map +1 -0
- package/dist/cjs/condition/string/StringLike.d.ts +3 -0
- package/dist/cjs/condition/string/StringLike.d.ts.map +1 -0
- package/dist/cjs/condition/string/StringLike.js +14 -0
- package/dist/cjs/condition/string/StringLike.js.map +1 -0
- package/dist/cjs/condition/string/StringNotEquals.d.ts +3 -0
- package/dist/cjs/condition/string/StringNotEquals.d.ts.map +1 -0
- package/dist/cjs/condition/string/StringNotEquals.js +14 -0
- package/dist/cjs/condition/string/StringNotEquals.js.map +1 -0
- package/dist/cjs/condition/string/StringNotEqualsIgnoreCase.d.ts +3 -0
- package/dist/cjs/condition/string/StringNotEqualsIgnoreCase.d.ts.map +1 -0
- package/dist/cjs/condition/string/StringNotEqualsIgnoreCase.js +13 -0
- package/dist/cjs/condition/string/StringNotEqualsIgnoreCase.js.map +1 -0
- package/dist/cjs/condition/string/StringNotLike.d.ts +3 -0
- package/dist/cjs/condition/string/StringNotLike.d.ts.map +1 -0
- package/dist/cjs/condition/string/StringNotLike.js +13 -0
- package/dist/cjs/condition/string/StringNotLike.js.map +1 -0
- package/dist/cjs/condition/strings/StringEquals.d.ts +3 -0
- package/dist/cjs/condition/strings/StringEquals.d.ts.map +1 -0
- package/dist/cjs/condition/strings/StringEquals.js +14 -0
- package/dist/cjs/condition/strings/StringEquals.js.map +1 -0
- package/dist/cjs/core_engine/coreSimulatorEngine.d.ts +44 -0
- package/dist/cjs/core_engine/coreSimulatorEngine.d.ts.map +1 -0
- package/dist/cjs/core_engine/coreSimulatorEngine.js +60 -0
- package/dist/cjs/core_engine/coreSimulatorEngine.js.map +1 -0
- package/dist/cjs/evaluate.d.ts +2 -0
- package/dist/cjs/evaluate.d.ts.map +1 -0
- package/dist/cjs/evaluate.js +3 -0
- package/dist/cjs/evaluate.js.map +1 -0
- package/dist/cjs/index.d.ts +1 -0
- package/dist/cjs/index.d.ts.map +1 -0
- package/dist/cjs/index.js +2 -0
- package/dist/cjs/index.js.map +1 -0
- package/dist/cjs/package.json +3 -0
- package/dist/cjs/principal/principal.d.ts +30 -0
- package/dist/cjs/principal/principal.d.ts.map +1 -0
- package/dist/cjs/principal/principal.js +107 -0
- package/dist/cjs/principal/principal.js.map +1 -0
- package/dist/cjs/request/request.d.ts +50 -0
- package/dist/cjs/request/request.d.ts.map +1 -0
- package/dist/cjs/request/request.js +41 -0
- package/dist/cjs/request/request.js.map +1 -0
- package/dist/cjs/request/requestAction.d.ts +27 -0
- package/dist/cjs/request/requestAction.d.ts.map +1 -0
- package/dist/cjs/request/requestAction.js +20 -0
- package/dist/cjs/request/requestAction.js.map +1 -0
- package/dist/cjs/request/requestPrincipal.d.ts +20 -0
- package/dist/cjs/request/requestPrincipal.d.ts.map +1 -0
- package/dist/cjs/request/requestPrincipal.js +17 -0
- package/dist/cjs/request/requestPrincipal.js.map +1 -0
- package/dist/cjs/request/requestResource.d.ts +37 -0
- package/dist/cjs/request/requestResource.d.ts.map +1 -0
- package/dist/cjs/request/requestResource.js +29 -0
- package/dist/cjs/request/requestResource.js.map +1 -0
- package/dist/cjs/request/requestSupplementalData.d.ts +19 -0
- package/dist/cjs/request/requestSupplementalData.d.ts.map +1 -0
- package/dist/cjs/request/requestSupplementalData.js +37 -0
- package/dist/cjs/request/requestSupplementalData.js.map +1 -0
- package/dist/cjs/request.d.ts +15 -0
- package/dist/cjs/request.d.ts.map +1 -0
- package/dist/cjs/request.js +17 -0
- package/dist/cjs/request.js.map +1 -0
- package/dist/cjs/requestContext.d.ts +63 -0
- package/dist/cjs/requestContext.d.ts.map +1 -0
- package/dist/cjs/requestContext.js +46 -0
- package/dist/cjs/requestContext.js.map +1 -0
- package/dist/cjs/resource/resource.d.ts +27 -0
- package/dist/cjs/resource/resource.d.ts.map +1 -0
- package/dist/cjs/resource/resource.js +100 -0
- package/dist/cjs/resource/resource.js.map +1 -0
- package/dist/cjs/services/DefaultServiceAuthorizer.d.ts +12 -0
- package/dist/cjs/services/DefaultServiceAuthorizer.d.ts.map +1 -0
- package/dist/cjs/services/DefaultServiceAuthorizer.js +79 -0
- package/dist/cjs/services/DefaultServiceAuthorizer.js.map +1 -0
- package/dist/cjs/services/ServiceAuthorizer.d.ts +11 -0
- package/dist/cjs/services/ServiceAuthorizer.d.ts.map +1 -0
- package/dist/cjs/services/ServiceAuthorizer.js +3 -0
- package/dist/cjs/services/ServiceAuthorizer.js.map +1 -0
- package/dist/cjs/util.d.ts +47 -0
- package/dist/cjs/util.d.ts.map +1 -0
- package/dist/cjs/util.js +180 -0
- package/dist/cjs/util.js.map +1 -0
- package/dist/esm/action/action.d.ts +19 -0
- package/dist/esm/action/action.d.ts.map +1 -0
- package/dist/esm/action/action.js +51 -0
- package/dist/esm/action/action.js.map +1 -0
- package/dist/esm/action.d.ts +4 -0
- package/dist/esm/action.d.ts.map +1 -0
- package/dist/esm/action.js +18 -0
- package/dist/esm/action.js.map +1 -0
- package/dist/esm/condition/BaseConditionOperator.d.ts +8 -0
- package/dist/esm/condition/BaseConditionOperator.d.ts.map +1 -0
- package/dist/esm/condition/BaseConditionOperator.js +2 -0
- package/dist/esm/condition/BaseConditionOperator.js.map +1 -0
- package/dist/esm/condition/condition.d.ts +5 -0
- package/dist/esm/condition/condition.d.ts.map +1 -0
- package/dist/esm/condition/condition.js +70 -0
- package/dist/esm/condition/condition.js.map +1 -0
- package/dist/esm/condition/strings/StringEquals.d.ts +3 -0
- package/dist/esm/condition/strings/StringEquals.d.ts.map +1 -0
- package/dist/esm/condition/strings/StringEquals.js +11 -0
- package/dist/esm/condition/strings/StringEquals.js.map +1 -0
- package/dist/esm/evaluate.d.ts +2 -0
- package/dist/esm/evaluate.d.ts.map +1 -0
- package/dist/esm/evaluate.js +2 -0
- package/dist/esm/evaluate.js.map +1 -0
- package/dist/esm/index.d.ts +1 -0
- package/dist/esm/index.d.ts.map +1 -0
- package/dist/esm/index.js +2 -0
- package/dist/esm/index.js.map +1 -0
- package/dist/esm/package.json +3 -0
- package/dist/esm/principal/principal.d.ts +31 -0
- package/dist/esm/principal/principal.d.ts.map +1 -0
- package/dist/esm/principal/principal.js +100 -0
- package/dist/esm/principal/principal.js.map +1 -0
- package/dist/esm/request/request.d.ts +52 -0
- package/dist/esm/request/request.d.ts.map +1 -0
- package/dist/esm/request/request.js +34 -0
- package/dist/esm/request/request.js.map +1 -0
- package/dist/esm/request/requestAction.d.ts +27 -0
- package/dist/esm/request/requestAction.d.ts.map +1 -0
- package/dist/esm/request/requestAction.js +15 -0
- package/dist/esm/request/requestAction.js.map +1 -0
- package/dist/esm/request/requestPrincipal.d.ts +20 -0
- package/dist/esm/request/requestPrincipal.d.ts.map +1 -0
- package/dist/esm/request/requestPrincipal.js +12 -0
- package/dist/esm/request/requestPrincipal.js.map +1 -0
- package/dist/esm/request/requestResource.d.ts +37 -0
- package/dist/esm/request/requestResource.d.ts.map +1 -0
- package/dist/esm/request/requestResource.js +24 -0
- package/dist/esm/request/requestResource.js.map +1 -0
- package/dist/esm/request/requestSupplementalData.d.ts +19 -0
- package/dist/esm/request/requestSupplementalData.d.ts.map +1 -0
- package/dist/esm/request/requestSupplementalData.js +30 -0
- package/dist/esm/request/requestSupplementalData.js.map +1 -0
- package/dist/esm/request.d.ts +15 -0
- package/dist/esm/request.d.ts.map +1 -0
- package/dist/esm/request.js +9 -0
- package/dist/esm/request.js.map +1 -0
- package/dist/esm/requestContext.d.ts +63 -0
- package/dist/esm/requestContext.d.ts.map +1 -0
- package/dist/esm/requestContext.js +39 -0
- package/dist/esm/requestContext.js.map +1 -0
- package/dist/esm/resource/resource.d.ts +12 -0
- package/dist/esm/resource/resource.d.ts.map +1 -0
- package/dist/esm/resource/resource.js +97 -0
- package/dist/esm/resource/resource.js.map +1 -0
- package/dist/esm/util.d.ts +15 -0
- package/dist/esm/util.d.ts.map +1 -0
- package/dist/esm/util.js +97 -0
- package/dist/esm/util.js.map +1 -0
- package/package.json +45 -0
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
function convertActionToRegex(action) {
|
|
2
|
+
return action.replace(/\?/g, '.').replace(/\*/g, '.*');
|
|
3
|
+
}
|
|
4
|
+
export function requestMatchesAction(request, actions) {
|
|
5
|
+
for (const action of actions) {
|
|
6
|
+
if (action.isWildcardAction()) {
|
|
7
|
+
return true;
|
|
8
|
+
}
|
|
9
|
+
else if (action.isServiceAction()) {
|
|
10
|
+
const actionRegex = new RegExp(convertActionToRegex(action.value()));
|
|
11
|
+
if (actionRegex.test(request.action)) {
|
|
12
|
+
return true;
|
|
13
|
+
}
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
return false;
|
|
17
|
+
}
|
|
18
|
+
//# sourceMappingURL=action.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"action.js","sourceRoot":"","sources":["../../src/action.ts"],"names":[],"mappings":"AAGA,SAAS,oBAAoB,CAAC,MAAc;IAC1C,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;AACzD,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,OAAgB,EAAE,OAAiB;IACtE,KAAI,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,MAAM,CAAC,gBAAgB,EAAE,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC;QACd,CAAC;aAAM,IAAG,MAAM,CAAC,eAAe,EAAE,EAAE,CAAC;YACnC,MAAM,WAAW,GAAG,IAAI,MAAM,CAAC,oBAAoB,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YACrE,IAAG,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBACpC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IAEH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import { AwsRequest } from "../request/request.js";
|
|
2
|
+
export interface BaseConditionOperator {
|
|
3
|
+
name: string;
|
|
4
|
+
matches: (request: AwsRequest, keyValue: string, policyValues: string[]) => boolean;
|
|
5
|
+
allowsVariables: boolean;
|
|
6
|
+
allowsWildcards: boolean;
|
|
7
|
+
}
|
|
8
|
+
//# sourceMappingURL=BaseConditionOperator.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"BaseConditionOperator.d.ts","sourceRoot":"","sources":["../../../src/condition/BaseConditionOperator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAEnD,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,CAAC,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK,OAAO,CAAA;IACnF,eAAe,EAAE,OAAO,CAAA;IACxB,eAAe,EAAE,OAAO,CAAA;CACzB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"BaseConditionOperator.js","sourceRoot":"","sources":["../../../src/condition/BaseConditionOperator.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import { Condition } from '@cloud-copilot/iam-policy';
|
|
2
|
+
import { AwsRequest } from '../request/request';
|
|
3
|
+
export type ConditionMatchResult = 'Match' | 'NoMatch' | 'Unknown';
|
|
4
|
+
export declare function singleConditionMatchesRequest(request: AwsRequest, condition: Condition): ConditionMatchResult;
|
|
5
|
+
//# sourceMappingURL=condition.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"condition.d.ts","sourceRoot":"","sources":["../../../src/condition/condition.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAGhD,MAAM,MAAM,oBAAoB,GAAG,OAAO,GAAG,SAAS,GAAG,SAAS,CAAA;AAelE,wBAAgB,6BAA6B,CAAC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,GAAG,oBAAoB,CA6D7G"}
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
import { convertIamStringToRegex } from '../util.js';
|
|
2
|
+
const baseOperations = {
|
|
3
|
+
'stringequals': (request, keyValue, policyValues) => {
|
|
4
|
+
const patterns = policyValues.map(value => convertIamStringToRegex(value, request, { replaceWildcards: false }));
|
|
5
|
+
return patterns.some(pattern => pattern.test(keyValue));
|
|
6
|
+
},
|
|
7
|
+
'stringnotequals': (request, keyValue, policyValues) => {
|
|
8
|
+
const patterns = policyValues.map(value => convertIamStringToRegex(value, request, { replaceWildcards: false }));
|
|
9
|
+
return !patterns.some(pattern => pattern.test(keyValue));
|
|
10
|
+
}
|
|
11
|
+
};
|
|
12
|
+
export function singleConditionMatchesRequest(request, condition) {
|
|
13
|
+
const key = condition.conditionKey();
|
|
14
|
+
const policyValues = condition.conditionValues();
|
|
15
|
+
const baseOperation = baseOperations[condition.operation().baseOperator().toLowerCase()];
|
|
16
|
+
const keyExists = request.contextKeyExists(key);
|
|
17
|
+
const keyValue = keyExists ? request.getContextKeyValue(key) : undefined;
|
|
18
|
+
if (condition.operation().setOperator()) {
|
|
19
|
+
const setOperator = condition.operation().setOperator();
|
|
20
|
+
if (setOperator === 'ForAnyValue') {
|
|
21
|
+
if (!keyExists || !keyValue || !keyValue.isArrayValue()) {
|
|
22
|
+
return 'NoMatch';
|
|
23
|
+
}
|
|
24
|
+
if (!baseOperation) {
|
|
25
|
+
return 'Unknown';
|
|
26
|
+
}
|
|
27
|
+
//Do the loop
|
|
28
|
+
const anyMatch = keyValue.values.some(value => {
|
|
29
|
+
return baseOperation(request, value, policyValues);
|
|
30
|
+
});
|
|
31
|
+
return anyMatch ? 'Match' : 'NoMatch';
|
|
32
|
+
}
|
|
33
|
+
else if (setOperator === 'ForAllValues') {
|
|
34
|
+
if (!keyExists) {
|
|
35
|
+
return 'Match';
|
|
36
|
+
}
|
|
37
|
+
if (!keyValue || !keyValue.isArrayValue()) {
|
|
38
|
+
return 'NoMatch';
|
|
39
|
+
}
|
|
40
|
+
if (!baseOperation) {
|
|
41
|
+
return 'Unknown';
|
|
42
|
+
}
|
|
43
|
+
//Do the loop
|
|
44
|
+
const anyNotMatch = keyValue.values.some(value => {
|
|
45
|
+
return !baseOperation(request, value, policyValues);
|
|
46
|
+
});
|
|
47
|
+
return anyNotMatch ? 'NoMatch' : 'Match';
|
|
48
|
+
}
|
|
49
|
+
else {
|
|
50
|
+
throw new Error(`Unknown set operator: ${setOperator}`);
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
if (condition.operation().isIfExists() || condition.operation().baseOperator().toLowerCase().includes('not')) {
|
|
54
|
+
//Check if it exists, return true if it doesn't
|
|
55
|
+
//Double check what happens here if the key is not a valid key or is of the wrong type
|
|
56
|
+
if (!keyExists) {
|
|
57
|
+
return 'Match';
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
if (!keyValue || !keyValue.isStringValue()) {
|
|
61
|
+
//Set operator is required for a multi-value key
|
|
62
|
+
return 'NoMatch';
|
|
63
|
+
}
|
|
64
|
+
if (!baseOperation) {
|
|
65
|
+
return 'Unknown';
|
|
66
|
+
}
|
|
67
|
+
const matches = baseOperation(request, keyValue.value, policyValues);
|
|
68
|
+
return matches ? 'Match' : 'NoMatch';
|
|
69
|
+
}
|
|
70
|
+
//# sourceMappingURL=condition.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"condition.js","sourceRoot":"","sources":["../../../src/condition/condition.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAMrD,MAAM,cAAc,GAAiC;IACnD,cAAc,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAW,EAAE;QAC3D,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,uBAAuB,CAAC,KAAK,EAAE,OAAO,EAAE,EAAC,gBAAgB,EAAE,KAAK,EAAC,CAAC,CAAC,CAAA;QAC9G,OAAO,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAA;IACzD,CAAC;IACD,iBAAiB,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAW,EAAE;QAC9D,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,uBAAuB,CAAC,KAAK,EAAE,OAAO,EAAE,EAAC,gBAAgB,EAAE,KAAK,EAAC,CAAC,CAAC,CAAA;QAC9G,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAA;IAC1D,CAAC;CACF,CAAA;AAED,MAAM,UAAU,6BAA6B,CAAC,OAAmB,EAAE,SAAoB;IACrF,MAAM,GAAG,GAAG,SAAS,CAAC,YAAY,EAAE,CAAA;IACpC,MAAM,YAAY,GAAG,SAAS,CAAC,eAAe,EAAE,CAAA;IAChD,MAAM,aAAa,GAAG,cAAc,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC,YAAY,EAAE,CAAC,WAAW,EAAE,CAAC,CAAA;IACxF,MAAM,SAAS,GAAG,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAA;IAC/C,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IAExE,IAAG,SAAS,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;QACvC,MAAM,WAAW,GAAG,SAAS,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,CAAA;QACvD,IAAG,WAAW,KAAK,aAAa,EAAE,CAAC;YACjC,IAAG,CAAC,SAAS,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,EAAE,CAAC;gBACvD,OAAO,SAAS,CAAA;YAClB,CAAC;YAED,IAAG,CAAC,aAAa,EAAE,CAAC;gBAClB,OAAO,SAAS,CAAA;YAClB,CAAC;YACD,aAAa;YACb,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE;gBAC5C,OAAO,aAAa,CAAC,OAAO,EAAE,KAAK,EAAE,YAAY,CAAC,CAAA;YACpD,CAAC,CAAC,CAAA;YACF,OAAO,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAA;QACvC,CAAC;aAAM,IAAI,WAAW,KAAK,cAAc,EAAE,CAAC;YAC1C,IAAG,CAAC,SAAS,EAAE,CAAC;gBACd,OAAO,OAAO,CAAA;YAChB,CAAC;YACD,IAAG,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,EAAE,CAAC;gBACzC,OAAO,SAAS,CAAA;YAClB,CAAC;YACD,IAAG,CAAC,aAAa,EAAE,CAAC;gBAClB,OAAO,SAAS,CAAA;YAClB,CAAC;YACD,aAAa;YACb,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE;gBAC/C,OAAO,CAAC,aAAa,CAAC,OAAO,EAAE,KAAK,EAAE,YAAY,CAAC,CAAA;YACrD,CAAC,CAAC,CAAA;YAEF,OAAO,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAA;QAC1C,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,yBAAyB,WAAW,EAAE,CAAC,CAAA;QACzD,CAAC;IACH,CAAC;IAED,IAAG,SAAS,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC,YAAY,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5G,+CAA+C;QAC/C,sFAAsF;QACtF,IAAG,CAAC,SAAS,EAAE,CAAC;YACd,OAAO,OAAO,CAAA;QAChB,CAAC;IACH,CAAC;IAED,IAAG,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC;QAC1C,gDAAgD;QAChD,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,IAAG,CAAC,aAAa,EAAE,CAAC;QAClB,OAAO,SAAS,CAAA;IAClB,CAAC;IACD,MAAM,OAAO,GAAG,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC,CAAA;IACpE,OAAO,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAA;AACtC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"StringEquals.d.ts","sourceRoot":"","sources":["../../../../src/condition/strings/StringEquals.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAEpE,eAAO,MAAM,YAAY,EAAE,qBAQ1B,CAAA"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { convertIamStringToRegex } from "../../util.js";
|
|
2
|
+
export const StringEquals = {
|
|
3
|
+
name: 'StringEquals',
|
|
4
|
+
matches: (request, keyValue, policyValues) => {
|
|
5
|
+
const patterns = policyValues.map(value => convertIamStringToRegex(value, request, { replaceWildcards: false }));
|
|
6
|
+
return patterns.some(pattern => pattern.test(keyValue));
|
|
7
|
+
},
|
|
8
|
+
allowsVariables: true,
|
|
9
|
+
allowsWildcards: false
|
|
10
|
+
};
|
|
11
|
+
//# sourceMappingURL=StringEquals.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"StringEquals.js","sourceRoot":"","sources":["../../../../src/condition/strings/StringEquals.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAC;AAGxD,MAAM,CAAC,MAAM,YAAY,GAA0B;IACjD,IAAI,EAAE,cAAc;IACpB,OAAO,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,EAAE;QAC3C,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,uBAAuB,CAAC,KAAK,EAAE,OAAO,EAAE,EAAC,gBAAgB,EAAE,KAAK,EAAC,CAAC,CAAC,CAAA;QAC9G,OAAO,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAA;IACzD,CAAC;IACD,eAAe,EAAE,IAAI;IACrB,eAAe,EAAE,KAAK;CACvB,CAAA"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"evaluate.d.ts","sourceRoot":"","sources":["../../src/evaluate.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,QAAQ,GAAG,uBAAuB,GAAG,kBAAkB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"evaluate.js","sourceRoot":"","sources":["../../src/evaluate.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
import { Principal } from "@cloud-copilot/iam-policy";
|
|
2
|
+
import { AwsRequest } from "../request/request.js";
|
|
3
|
+
type PrincipalMatchResult = 'Match' | 'NoMatch' | 'AccountLevelMatch';
|
|
4
|
+
/**
|
|
5
|
+
* Check to see if a request matches a Principal element in an IAM policy statement
|
|
6
|
+
*
|
|
7
|
+
* @param request the request to check
|
|
8
|
+
* @param principal the list of principals in the Principal element of the Statement
|
|
9
|
+
* @returns if the request matches the Principal element, and if so, how it matches
|
|
10
|
+
*/
|
|
11
|
+
export declare function requestMatchesPrincipal(request: AwsRequest, principal: Principal[]): PrincipalMatchResult;
|
|
12
|
+
/**
|
|
13
|
+
* Check to see if a request matches a NotPrincipal element in an IAM policy statement
|
|
14
|
+
*
|
|
15
|
+
* @param request the request to check
|
|
16
|
+
* @param notPrincipal the list of principals in the NotPrincipal element of the Statement
|
|
17
|
+
* @returns
|
|
18
|
+
*/
|
|
19
|
+
export declare function requestMatchesNotPrincipal(request: AwsRequest, notPrincipal: Principal[]): PrincipalMatchResult;
|
|
20
|
+
/**
|
|
21
|
+
* Check to see if a request matches a principal statement
|
|
22
|
+
*
|
|
23
|
+
* @param request the request to check
|
|
24
|
+
* @param principalStatement the principal statement to check the request against
|
|
25
|
+
* @returns if the request matches the principal statement, and if so, how it matches
|
|
26
|
+
*/
|
|
27
|
+
export declare function requestMatchesPrincipalStatement(request: AwsRequest, principalStatement: Principal): PrincipalMatchResult;
|
|
28
|
+
export declare function isAssumedRoleArn(principal: string): boolean;
|
|
29
|
+
export declare function roleArnFromAssumedRoleArn(assumedRoleArn: string): string;
|
|
30
|
+
export {};
|
|
31
|
+
//# sourceMappingURL=principal.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"principal.d.ts","sourceRoot":"","sources":["../../../src/principal/principal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AA4CnD,KAAK,oBAAoB,GAAG,OAAO,GAAG,SAAS,GAAG,mBAAmB,CAAA;AAErE;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,oBAAoB,CAWzG;AAED;;;;;;GAMG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,oBAAoB,CAiB/G;AAED;;;;;;GAMG;AACH,wBAAgB,gCAAgC,CAAC,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,SAAS,GAAG,oBAAoB,CAgDzH;AAID,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAE3D;AAED,wBAAgB,yBAAyB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,CAKxE"}
|
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Check to see if a request matches a Principal element in an IAM policy statement
|
|
3
|
+
*
|
|
4
|
+
* @param request the request to check
|
|
5
|
+
* @param principal the list of principals in the Principal element of the Statement
|
|
6
|
+
* @returns if the request matches the Principal element, and if so, how it matches
|
|
7
|
+
*/
|
|
8
|
+
export function requestMatchesPrincipal(request, principal) {
|
|
9
|
+
const matches = principal.map(principalStatement => requestMatchesPrincipalStatement(request, principalStatement));
|
|
10
|
+
if (matches.includes('Match')) {
|
|
11
|
+
return 'Match';
|
|
12
|
+
}
|
|
13
|
+
if (matches.includes('AccountLevelMatch')) {
|
|
14
|
+
return 'AccountLevelMatch';
|
|
15
|
+
}
|
|
16
|
+
return 'NoMatch';
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Check to see if a request matches a NotPrincipal element in an IAM policy statement
|
|
20
|
+
*
|
|
21
|
+
* @param request the request to check
|
|
22
|
+
* @param notPrincipal the list of principals in the NotPrincipal element of the Statement
|
|
23
|
+
* @returns
|
|
24
|
+
*/
|
|
25
|
+
export function requestMatchesNotPrincipal(request, notPrincipal) {
|
|
26
|
+
const matches = notPrincipal.map(principalStatement => requestMatchesPrincipalStatement(request, principalStatement));
|
|
27
|
+
if (matches.includes('Match')) {
|
|
28
|
+
return 'NoMatch';
|
|
29
|
+
}
|
|
30
|
+
/**
|
|
31
|
+
* Need to do research on this. If there is an account level match on a NotPrincipal, does that
|
|
32
|
+
* mean it tentatively matches the NotPrincipal, or does it mean it does not match the NotPrincipal?
|
|
33
|
+
*
|
|
34
|
+
* We need to test this.
|
|
35
|
+
*/
|
|
36
|
+
if (matches.includes('AccountLevelMatch')) {
|
|
37
|
+
return 'NoMatch';
|
|
38
|
+
}
|
|
39
|
+
return 'Match';
|
|
40
|
+
}
|
|
41
|
+
/**
|
|
42
|
+
* Check to see if a request matches a principal statement
|
|
43
|
+
*
|
|
44
|
+
* @param request the request to check
|
|
45
|
+
* @param principalStatement the principal statement to check the request against
|
|
46
|
+
* @returns if the request matches the principal statement, and if so, how it matches
|
|
47
|
+
*/
|
|
48
|
+
export function requestMatchesPrincipalStatement(request, principalStatement) {
|
|
49
|
+
if (principalStatement.isServicePrincipal()) {
|
|
50
|
+
if (principalStatement.service() === request.principal.value()) {
|
|
51
|
+
return 'Match';
|
|
52
|
+
}
|
|
53
|
+
return 'NoMatch';
|
|
54
|
+
}
|
|
55
|
+
if (principalStatement.isCanonicalUserPrincipal()) {
|
|
56
|
+
if (principalStatement.canonicalUser() === request.principal.value()) {
|
|
57
|
+
return 'Match';
|
|
58
|
+
}
|
|
59
|
+
return 'NoMatch';
|
|
60
|
+
}
|
|
61
|
+
if (principalStatement.isFederatedPrincipal()) {
|
|
62
|
+
if (principalStatement.federated() === request.principal.value()) {
|
|
63
|
+
return 'Match';
|
|
64
|
+
}
|
|
65
|
+
return 'NoMatch';
|
|
66
|
+
}
|
|
67
|
+
if (principalStatement.isWildcardPrincipal()) {
|
|
68
|
+
return 'Match';
|
|
69
|
+
}
|
|
70
|
+
if (principalStatement.isAccountPrincipal()) {
|
|
71
|
+
if (principalStatement.accountId() === request.principal.accountId()) {
|
|
72
|
+
return 'AccountLevelMatch';
|
|
73
|
+
}
|
|
74
|
+
return 'NoMatch';
|
|
75
|
+
}
|
|
76
|
+
if (principalStatement.isAwsPrincipal()) {
|
|
77
|
+
if (isAssumedRoleArn(request.principal.value())) {
|
|
78
|
+
const sessionArn = request.principal.value();
|
|
79
|
+
const roleArn = roleArnFromAssumedRoleArn(sessionArn);
|
|
80
|
+
if (principalStatement.arn() === roleArn || principalStatement.arn() === sessionArn) {
|
|
81
|
+
return 'Match';
|
|
82
|
+
}
|
|
83
|
+
}
|
|
84
|
+
if (principalStatement.arn() === request.principal.value()) {
|
|
85
|
+
return 'Match';
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
return 'NoMatch';
|
|
89
|
+
}
|
|
90
|
+
const assumedRoleArnRegex = /^arn:aws:sts::\d{12}:assumed-role\/.*$/;
|
|
91
|
+
export function isAssumedRoleArn(principal) {
|
|
92
|
+
return assumedRoleArnRegex.test(principal);
|
|
93
|
+
}
|
|
94
|
+
export function roleArnFromAssumedRoleArn(assumedRoleArn) {
|
|
95
|
+
const stsParts = assumedRoleArn.split(':');
|
|
96
|
+
const resourceParts = stsParts.at(-1).split('/');
|
|
97
|
+
const rolePathAndName = resourceParts.slice(1, -1).join('/');
|
|
98
|
+
return `arn:aws:iam::${stsParts[4]}:role/${rolePathAndName}`;
|
|
99
|
+
}
|
|
100
|
+
//# sourceMappingURL=principal.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"principal.js","sourceRoot":"","sources":["../../../src/principal/principal.ts"],"names":[],"mappings":"AA+CA;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAAmB,EAAE,SAAsB;IACjF,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,kBAAkB,CAAC,EAAE,CAAC,gCAAgC,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC,CAAA;IAClH,IAAG,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,IAAG,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;QACzC,OAAO,mBAAmB,CAAA;IAC5B,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,0BAA0B,CAAC,OAAmB,EAAE,YAAyB;IACvF,MAAM,OAAO,GAAG,YAAY,CAAC,GAAG,CAAC,kBAAkB,CAAC,EAAE,CAAC,gCAAgC,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC,CAAA;IACrH,IAAG,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,OAAO,SAAS,CAAA;IAClB,CAAC;IAED;;;;;OAKG;IACH,IAAG,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;QACzC,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,gCAAgC,CAAC,OAAmB,EAAE,kBAA6B;IACjG,IAAG,kBAAkB,CAAC,kBAAkB,EAAE,EAAE,CAAC;QAC3C,IAAG,kBAAkB,CAAC,OAAO,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC;YAC9D,OAAO,OAAO,CAAA;QAChB,CAAC;QACD,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,IAAG,kBAAkB,CAAC,wBAAwB,EAAE,EAAE,CAAC;QACjD,IAAG,kBAAkB,CAAC,aAAa,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC;YACpE,OAAO,OAAO,CAAA;QAChB,CAAC;QACD,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,IAAG,kBAAkB,CAAC,oBAAoB,EAAE,EAAE,CAAC;QAC7C,IAAG,kBAAkB,CAAC,SAAS,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC;YAChE,OAAO,OAAO,CAAA;QAChB,CAAC;QACD,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,IAAG,kBAAkB,CAAC,mBAAmB,EAAE,EAAE,CAAC;QAC5C,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,IAAG,kBAAkB,CAAC,kBAAkB,EAAE,EAAE,CAAC;QAC3C,IAAG,kBAAkB,CAAC,SAAS,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,CAAC;YACpE,OAAO,mBAAmB,CAAA;QAC5B,CAAC;QACD,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,IAAG,kBAAkB,CAAC,cAAc,EAAE,EAAE,CAAC;QACvC,IAAG,gBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC;YAC/C,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAA;YAC5C,MAAM,OAAO,GAAG,yBAAyB,CAAC,UAAU,CAAC,CAAA;YACrD,IAAG,kBAAkB,CAAC,GAAG,EAAE,KAAM,OAAO,IAAI,kBAAkB,CAAC,GAAG,EAAE,KAAK,UAAU,EAAE,CAAC;gBACpF,OAAO,OAAO,CAAA;YAChB,CAAC;QACH,CAAC;QAED,IAAG,kBAAkB,CAAC,GAAG,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC;YAC1D,OAAO,OAAO,CAAA;QAChB,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,MAAM,mBAAmB,GAAG,wCAAwC,CAAA;AAEpE,MAAM,UAAU,gBAAgB,CAAC,SAAiB;IAChD,OAAO,mBAAmB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;AAC5C,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,cAAsB;IAC9D,MAAM,QAAQ,GAAG,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC1C,MAAM,aAAa,GAAG,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACjD,MAAM,eAAe,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAC5D,OAAO,gBAAgB,QAAQ,CAAC,CAAC,CAAC,SAAS,eAAe,EAAE,CAAA;AAC9D,CAAC"}
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
import { ContextKey, RequestContext } from "../requestContext.js";
|
|
2
|
+
import { RequestAction } from "./requestAction.js";
|
|
3
|
+
import { RequestPrincipal } from "./requestPrincipal.js";
|
|
4
|
+
import { RequestResource } from "./requestResource.js";
|
|
5
|
+
import { RequestSupplementalData } from "./requestSupplementalData.js";
|
|
6
|
+
/**
|
|
7
|
+
* A request to be evaluated by the policy engine
|
|
8
|
+
*/
|
|
9
|
+
export interface AwsRequest {
|
|
10
|
+
principal: RequestPrincipal;
|
|
11
|
+
/**
|
|
12
|
+
* The action to be performed
|
|
13
|
+
*/
|
|
14
|
+
action: RequestAction;
|
|
15
|
+
/**
|
|
16
|
+
* The resource to be acted upon
|
|
17
|
+
*/
|
|
18
|
+
resource?: RequestResource;
|
|
19
|
+
/**
|
|
20
|
+
* The context of the request
|
|
21
|
+
*/
|
|
22
|
+
context: RequestContext;
|
|
23
|
+
/**
|
|
24
|
+
* Checks to see if a context key is valid for the request and
|
|
25
|
+
* exists in the context
|
|
26
|
+
*
|
|
27
|
+
* @param key the key to check for existence
|
|
28
|
+
* @returns true if the key is valid for the request and exists in the request context.
|
|
29
|
+
*/
|
|
30
|
+
contextKeyExists(key: string): boolean;
|
|
31
|
+
/**
|
|
32
|
+
* Gets the value of a context key, if it is valid for the request and exist, otherwise throws an error
|
|
33
|
+
* @param key the key to get the value of
|
|
34
|
+
*
|
|
35
|
+
* @returns the value of the context key
|
|
36
|
+
*/
|
|
37
|
+
getContextKeyValue(key: string): ContextKey;
|
|
38
|
+
}
|
|
39
|
+
export declare class AwsRequestImpl implements AwsRequest {
|
|
40
|
+
readonly principalString: string;
|
|
41
|
+
readonly resourceString: string | undefined;
|
|
42
|
+
readonly actionString: string;
|
|
43
|
+
readonly context: RequestContext;
|
|
44
|
+
readonly supplementalData: RequestSupplementalData;
|
|
45
|
+
constructor(principalString: string, resourceString: string | undefined, actionString: string, context: RequestContext, supplementalData: RequestSupplementalData);
|
|
46
|
+
get action(): RequestAction;
|
|
47
|
+
get resource(): RequestResource;
|
|
48
|
+
get principal(): RequestPrincipal;
|
|
49
|
+
contextKeyExists(key: string): boolean;
|
|
50
|
+
getContextKeyValue(key: string): ContextKey;
|
|
51
|
+
}
|
|
52
|
+
//# sourceMappingURL=request.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"request.d.ts","sourceRoot":"","sources":["../../../src/request/request.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,EAAE,aAAa,EAAqB,MAAM,oBAAoB,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAwB,MAAM,uBAAuB,CAAC;AAC/E,OAAO,EAAE,eAAe,EAAuB,MAAM,sBAAsB,CAAC;AAC5E,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AAEvE;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,gBAAgB,CAAC;IAE5B;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,QAAQ,CAAC,EAAE,eAAe,CAAC;IAE3B;;OAEG;IACH,OAAO,EAAE,cAAc,CAAA;IAEvB;;;;;;OAMG;IACH,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAEvC;;;;;OAKG;IACH,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAAC;CAC7C;AAED,qBAAa,cAAe,YAAW,UAAU;aAEnB,eAAe,EAAE,MAAM;aACvB,cAAc,EAAE,MAAM,GAAG,SAAS;aAClC,YAAY,EAAE,MAAM;aACpB,OAAO,EAAE,cAAc;aACvB,gBAAgB,EAAE,uBAAuB;gBAJzC,eAAe,EAAE,MAAM,EACvB,cAAc,EAAE,MAAM,GAAG,SAAS,EAClC,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,cAAc,EACvB,gBAAgB,EAAE,uBAAuB;IAIrE,IAAI,MAAM,IAAI,aAAa,CAE1B;IAED,IAAI,QAAQ,IAAI,eAAe,CAK9B;IAED,IAAI,SAAS,IAAI,gBAAgB,CAEhC;IAGM,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAKtC,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU;CAMnD"}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
import { RequestActionImpl } from "./requestAction.js";
|
|
2
|
+
import { RequestPrincipalImpl } from "./requestPrincipal.js";
|
|
3
|
+
import { ResourceRequestImpl } from "./requestResource.js";
|
|
4
|
+
export class AwsRequestImpl {
|
|
5
|
+
constructor(principalString, resourceString, actionString, context, supplementalData) {
|
|
6
|
+
this.principalString = principalString;
|
|
7
|
+
this.resourceString = resourceString;
|
|
8
|
+
this.actionString = actionString;
|
|
9
|
+
this.context = context;
|
|
10
|
+
this.supplementalData = supplementalData;
|
|
11
|
+
}
|
|
12
|
+
get action() {
|
|
13
|
+
return new RequestActionImpl(this.actionString);
|
|
14
|
+
}
|
|
15
|
+
get resource() {
|
|
16
|
+
if (this.resourceString === undefined) {
|
|
17
|
+
throw new Error('Resource is undefined');
|
|
18
|
+
}
|
|
19
|
+
return new ResourceRequestImpl(this.resourceString);
|
|
20
|
+
}
|
|
21
|
+
get principal() {
|
|
22
|
+
return new RequestPrincipalImpl(this.principalString);
|
|
23
|
+
}
|
|
24
|
+
contextKeyExists(key) {
|
|
25
|
+
return this.supplementalData.contextKeyValidForRequest(key) && this.context.contextKeyExists(key);
|
|
26
|
+
}
|
|
27
|
+
getContextKeyValue(key) {
|
|
28
|
+
if (!this.contextKeyExists(key)) {
|
|
29
|
+
throw new Error(`Invalid context key: ${key}`);
|
|
30
|
+
}
|
|
31
|
+
return this.context.contextKeyValue(key);
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
//# sourceMappingURL=request.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"request.js","sourceRoot":"","sources":["../../../src/request/request.ts"],"names":[],"mappings":"AACA,OAAO,EAAiB,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACtE,OAAO,EAAoB,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAC/E,OAAO,EAAmB,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AA0C5E,MAAM,OAAO,cAAc;IAEzB,YAA4B,eAAuB,EACvB,cAAkC,EAClC,YAAoB,EACpB,OAAuB,EACvB,gBAAyC;QAJzC,oBAAe,GAAf,eAAe,CAAQ;QACvB,mBAAc,GAAd,cAAc,CAAoB;QAClC,iBAAY,GAAZ,YAAY,CAAQ;QACpB,YAAO,GAAP,OAAO,CAAgB;QACvB,qBAAgB,GAAhB,gBAAgB,CAAyB;IAErE,CAAC;IAED,IAAI,MAAM;QACR,OAAO,IAAI,iBAAiB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAClD,CAAC;IAED,IAAI,QAAQ;QACV,IAAG,IAAI,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;QAC1C,CAAC;QACD,OAAO,IAAI,mBAAmB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,oBAAoB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACxD,CAAC;IAGM,gBAAgB,CAAC,GAAW;QACjC,OAAO,IAAI,CAAC,gBAAgB,CAAC,yBAAyB,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACpG,CAAC;IAGM,kBAAkB,CAAC,GAAW;QACnC,IAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,EAAE,CAAC,CAAA;QAChD,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IAC3C,CAAC;CACF"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* A service action: `"service:Action"`
|
|
3
|
+
*/
|
|
4
|
+
export interface RequestAction {
|
|
5
|
+
/**
|
|
6
|
+
* The raw string value of the action
|
|
7
|
+
*/
|
|
8
|
+
value(): string;
|
|
9
|
+
/**
|
|
10
|
+
* The service of the action
|
|
11
|
+
*
|
|
12
|
+
* Guaranteed to be lowercase
|
|
13
|
+
*/
|
|
14
|
+
service(): string;
|
|
15
|
+
/**
|
|
16
|
+
* The action within the service
|
|
17
|
+
*/
|
|
18
|
+
action(): string;
|
|
19
|
+
}
|
|
20
|
+
export declare class RequestActionImpl implements RequestAction {
|
|
21
|
+
private readonly rawValue;
|
|
22
|
+
constructor(rawValue: string);
|
|
23
|
+
value(): string;
|
|
24
|
+
service(): string;
|
|
25
|
+
action(): string;
|
|
26
|
+
}
|
|
27
|
+
//# sourceMappingURL=requestAction.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"requestAction.d.ts","sourceRoot":"","sources":["../../../src/request/requestAction.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,KAAK,IAAI,MAAM,CAAA;IAEf;;;;OAIG;IACH,OAAO,IAAI,MAAM,CAAA;IAEjB;;OAEG;IACH,MAAM,IAAI,MAAM,CAAA;CACjB;AAED,qBAAa,iBAAkB,YAAW,aAAa;IACzC,OAAO,CAAC,QAAQ,CAAC,QAAQ;gBAAR,QAAQ,EAAE,MAAM;IAEtC,KAAK,IAAI,MAAM;IAIf,OAAO,IAAI,MAAM;IAIjB,MAAM,IAAI,MAAM;CAGxB"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
export class RequestActionImpl {
|
|
2
|
+
constructor(rawValue) {
|
|
3
|
+
this.rawValue = rawValue;
|
|
4
|
+
}
|
|
5
|
+
value() {
|
|
6
|
+
return this.rawValue;
|
|
7
|
+
}
|
|
8
|
+
service() {
|
|
9
|
+
return this.rawValue.split(':')[0].toLowerCase();
|
|
10
|
+
}
|
|
11
|
+
action() {
|
|
12
|
+
return this.rawValue.split(':')[1];
|
|
13
|
+
}
|
|
14
|
+
}
|
|
15
|
+
//# sourceMappingURL=requestAction.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"requestAction.js","sourceRoot":"","sources":["../../../src/request/requestAction.ts"],"names":[],"mappings":"AAsBA,MAAM,OAAO,iBAAiB;IAC5B,YAA6B,QAAgB;QAAhB,aAAQ,GAAR,QAAQ,CAAQ;IAAG,CAAC;IAE1C,KAAK;QACV,OAAO,IAAI,CAAC,QAAQ,CAAA;IACtB,CAAC;IAEM,OAAO;QACZ,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,CAAA;IACnD,CAAC;IAEM,MAAM;QACX,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;IACpC,CAAC;CACF"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* A principal in a request
|
|
3
|
+
*/
|
|
4
|
+
export interface RequestPrincipal {
|
|
5
|
+
/**
|
|
6
|
+
* The raw string of the principal
|
|
7
|
+
*/
|
|
8
|
+
value(): string;
|
|
9
|
+
/**
|
|
10
|
+
* The account id of the principal, if the principal is an ARN that has an account ID, otherwise undefined
|
|
11
|
+
*/
|
|
12
|
+
accountId(): string | undefined;
|
|
13
|
+
}
|
|
14
|
+
export declare class RequestPrincipalImpl implements RequestPrincipal {
|
|
15
|
+
private readonly rawValue;
|
|
16
|
+
constructor(rawValue: string);
|
|
17
|
+
accountId(): string | undefined;
|
|
18
|
+
value(): string;
|
|
19
|
+
}
|
|
20
|
+
//# sourceMappingURL=requestPrincipal.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"requestPrincipal.d.ts","sourceRoot":"","sources":["../../../src/request/requestPrincipal.ts"],"names":[],"mappings":"AACA;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAE/B;;OAEG;IACH,KAAK,IAAI,MAAM,CAAC;IAEhB;;OAEG;IACH,SAAS,IAAI,MAAM,GAAG,SAAS,CAAC;CAEjC;AAED,qBAAa,oBAAqB,YAAW,gBAAgB;IAC/C,OAAO,CAAC,QAAQ,CAAC,QAAQ;gBAAR,QAAQ,EAAE,MAAM;IAE7C,SAAS,IAAI,MAAM,GAAG,SAAS;IAIxB,KAAK,IAAI,MAAM;CAGvB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"requestPrincipal.js","sourceRoot":"","sources":["../../../src/request/requestPrincipal.ts"],"names":[],"mappings":"AAkBA,MAAM,OAAO,oBAAoB;IAC/B,YAA6B,QAAgB;QAAhB,aAAQ,GAAR,QAAQ,CAAQ;IAAG,CAAC;IAEjD,SAAS;QACP,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC;IAEM,KAAK;QACV,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;CACF"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
export interface RequestResource {
|
|
2
|
+
/**
|
|
3
|
+
* The raw string of the resource
|
|
4
|
+
*/
|
|
5
|
+
value(): string;
|
|
6
|
+
/**
|
|
7
|
+
* The partition of the ARN
|
|
8
|
+
*/
|
|
9
|
+
partition(): string;
|
|
10
|
+
/**
|
|
11
|
+
* The service of the ARN
|
|
12
|
+
*/
|
|
13
|
+
service(): string;
|
|
14
|
+
/**
|
|
15
|
+
* The region of the ARN
|
|
16
|
+
*/
|
|
17
|
+
region(): string;
|
|
18
|
+
/**
|
|
19
|
+
* The account of the ARN
|
|
20
|
+
*/
|
|
21
|
+
account(): string;
|
|
22
|
+
/**
|
|
23
|
+
* The resource of the ARN
|
|
24
|
+
*/
|
|
25
|
+
resource(): string;
|
|
26
|
+
}
|
|
27
|
+
export declare class ResourceRequestImpl implements RequestResource {
|
|
28
|
+
private readonly rawValue;
|
|
29
|
+
constructor(rawValue: string);
|
|
30
|
+
partition(): string;
|
|
31
|
+
service(): string;
|
|
32
|
+
region(): string;
|
|
33
|
+
account(): string;
|
|
34
|
+
resource(): string;
|
|
35
|
+
value(): string;
|
|
36
|
+
}
|
|
37
|
+
//# sourceMappingURL=requestResource.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"requestResource.d.ts","sourceRoot":"","sources":["../../../src/request/requestResource.ts"],"names":[],"mappings":"AACA,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,KAAK,IAAI,MAAM,CAAA;IAEf;;OAEG;IACH,SAAS,IAAI,MAAM,CAAA;IAEnB;;OAEG;IACH,OAAO,IAAI,MAAM,CAAA;IAEjB;;OAEG;IACH,MAAM,IAAI,MAAM,CAAA;IAEhB;;OAEG;IACH,OAAO,IAAI,MAAM,CAAA;IAEjB;;OAEG;IACH,QAAQ,IAAI,MAAM,CAAA;CACnB;AAGD,qBAAa,mBAAoB,YAAW,eAAe;IAC7C,OAAO,CAAC,QAAQ,CAAC,QAAQ;gBAAR,QAAQ,EAAE,MAAM;IAE7C,SAAS,IAAI,MAAM;IAInB,OAAO,IAAI,MAAM;IAIjB,MAAM,IAAI,MAAM;IAIhB,OAAO,IAAI,MAAM;IAIjB,QAAQ,IAAI,MAAM;IAIlB,KAAK,IAAI,MAAM;CAGhB"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
export class ResourceRequestImpl {
|
|
2
|
+
constructor(rawValue) {
|
|
3
|
+
this.rawValue = rawValue;
|
|
4
|
+
}
|
|
5
|
+
partition() {
|
|
6
|
+
return this.value().split(":").at(1);
|
|
7
|
+
}
|
|
8
|
+
service() {
|
|
9
|
+
return this.value().split(":").at(2);
|
|
10
|
+
}
|
|
11
|
+
region() {
|
|
12
|
+
return this.value().split(":").at(3);
|
|
13
|
+
}
|
|
14
|
+
account() {
|
|
15
|
+
return this.value().split(":").at(4);
|
|
16
|
+
}
|
|
17
|
+
resource() {
|
|
18
|
+
return this.value().split(":").slice(5).join(":");
|
|
19
|
+
}
|
|
20
|
+
value() {
|
|
21
|
+
return this.rawValue;
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
//# sourceMappingURL=requestResource.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"requestResource.js","sourceRoot":"","sources":["../../../src/request/requestResource.ts"],"names":[],"mappings":"AAkCA,MAAM,OAAO,mBAAmB;IAC9B,YAA6B,QAAgB;QAAhB,aAAQ,GAAR,QAAQ,CAAQ;IAAG,CAAC;IAEjD,SAAS;QACP,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IACvC,CAAC;IAED,OAAO;QACL,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IACvC,CAAC;IAED,MAAM;QACJ,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IACvC,CAAC;IAED,OAAO;QACL,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IACvC,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACnD,CAAC;IAED,KAAK;QACH,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;CACF"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Supplemental data for the request
|
|
3
|
+
*/
|
|
4
|
+
export interface RequestSupplementalData {
|
|
5
|
+
contextKeysForAction: string[];
|
|
6
|
+
contextKeysForResource: string[];
|
|
7
|
+
contextKeysForPrincipal: string[];
|
|
8
|
+
contextKeyValidForRequest: (key: string) => boolean;
|
|
9
|
+
}
|
|
10
|
+
export declare class RequestSupplementalDataImpl implements RequestSupplementalData {
|
|
11
|
+
readonly contextKeysForAction: string[];
|
|
12
|
+
readonly contextKeysForResource: string[];
|
|
13
|
+
readonly contextKeysForPrincipal: string[];
|
|
14
|
+
private allActions;
|
|
15
|
+
constructor(contextKeysForAction: string[], contextKeysForResource: string[], contextKeysForPrincipal: string[]);
|
|
16
|
+
contextKeyValidForRequest(key: string): boolean;
|
|
17
|
+
}
|
|
18
|
+
export declare const MockRequestSupplementalData: RequestSupplementalData;
|
|
19
|
+
//# sourceMappingURL=requestSupplementalData.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"requestSupplementalData.d.ts","sourceRoot":"","sources":["../../../src/request/requestSupplementalData.ts"],"names":[],"mappings":"AACA;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,sBAAsB,EAAE,MAAM,EAAE,CAAC;IACjC,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,yBAAyB,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC;CACrD;AAED,qBAAa,2BAA4B,YAAW,uBAAuB;aAI7C,oBAAoB,EAAE,MAAM,EAAE;aAC9B,sBAAsB,EAAE,MAAM,EAAE;aAChC,uBAAuB,EAAE,MAAM,EAAE;IAJ7D,OAAO,CAAC,UAAU,CAA0B;gBAEhB,oBAAoB,EAAE,MAAM,EAAE,EAC9B,sBAAsB,EAAE,MAAM,EAAE,EAChC,uBAAuB,EAAE,MAAM,EAAE;IAY7D,yBAAyB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;CAMhD;AAED,eAAO,MAAM,2BAA2B,EAAE,uBAKzC,CAAA"}
|