@cloud-copilot/iam-simulate 0.1.106 → 0.1.108

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. package/dist/cjs/StatementAnalysis.d.ts.map +1 -1
  2. package/dist/cjs/StatementAnalysis.js +0 -18
  3. package/dist/cjs/StatementAnalysis.js.map +1 -1
  4. package/dist/cjs/analysis/analyzeResults.d.ts +33 -2
  5. package/dist/cjs/analysis/analyzeResults.d.ts.map +1 -1
  6. package/dist/cjs/analysis/analyzeResults.js +35 -15
  7. package/dist/cjs/analysis/analyzeResults.js.map +1 -1
  8. package/dist/cjs/evaluate.d.ts +17 -0
  9. package/dist/cjs/evaluate.d.ts.map +1 -1
  10. package/dist/cjs/index.d.ts +2 -2
  11. package/dist/cjs/index.d.ts.map +1 -1
  12. package/dist/cjs/index.js.map +1 -1
  13. package/dist/cjs/services/DefaultServiceAuthorizer.d.ts +16 -0
  14. package/dist/cjs/services/DefaultServiceAuthorizer.d.ts.map +1 -1
  15. package/dist/cjs/services/DefaultServiceAuthorizer.js +149 -107
  16. package/dist/cjs/services/DefaultServiceAuthorizer.js.map +1 -1
  17. package/dist/esm/StatementAnalysis.d.ts.map +1 -1
  18. package/dist/esm/StatementAnalysis.js +0 -18
  19. package/dist/esm/StatementAnalysis.js.map +1 -1
  20. package/dist/esm/analysis/analyzeResults.d.ts +33 -2
  21. package/dist/esm/analysis/analyzeResults.d.ts.map +1 -1
  22. package/dist/esm/analysis/analyzeResults.js +35 -15
  23. package/dist/esm/analysis/analyzeResults.js.map +1 -1
  24. package/dist/esm/evaluate.d.ts +17 -0
  25. package/dist/esm/evaluate.d.ts.map +1 -1
  26. package/dist/esm/index.d.ts +2 -2
  27. package/dist/esm/index.d.ts.map +1 -1
  28. package/dist/esm/index.js.map +1 -1
  29. package/dist/esm/services/DefaultServiceAuthorizer.d.ts +16 -0
  30. package/dist/esm/services/DefaultServiceAuthorizer.d.ts.map +1 -1
  31. package/dist/esm/services/DefaultServiceAuthorizer.js +147 -107
  32. package/dist/esm/services/DefaultServiceAuthorizer.js.map +1 -1
  33. package/package.json +5 -5
package/dist/cjs/services/DefaultServiceAuthorizer.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"DefaultServiceAuthorizer.js","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":";;;AAAA,wDAMiC;AAKjC;;GAEG;AACH,MAAa,wBAAwB;IACnC;;;;;OAKG;IACI,SAAS,CAAC,OAAoC;QACnD,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,MAAM,CAAA;QAC5C,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,MAAM,CAAA;QAC5C,MAAM,aAAa,GAAG,OAAO,CAAC,eAAe,EAAE,MAAM,CAAA;QACrD,MAAM,uBAAuB,GAAG,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAA;QAC/D,MAAM,oBAAoB,GAAG,OAAO,CAAC,gBAAgB,EAAE,MAAM,CAAA;QAC7D,MAAM,wBAAwB,GAAG,OAAO,CAAC,0BAA0B,EAAE,MAAM,CAAA;QAC3E,MAAM,oBAAoB,GAAG,OAAO,CAAC,gBAAgB,EAAE,MAAM,CAAA;QAE7D,MAAM,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,CAAA;QAC9D,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,SAAS,EAAE,CAAA;QAC7D,MAAM,WAAW,GAAG,gBAAgB,KAAK,eAAe,CAAA;QAExD,MAAM,UAAU,GAUZ;YACF,WAAW;YACX,eAAe,EAAE,OAAO,CAAC,eAAe;YACxC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,0BAA0B,EAAE,OAAO,CAAC,0BAA0B;YAC9D,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;SAC3C,CAAA;QAED,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,MAAM,EAAE,SAAS;gBACjB,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,MAAM,EAAE,SAAS;gBACjB,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IAAI,aAAa,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;YACjD,OAAO;gBACL,MAAM,EAAE,aAAa;gBACrB,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IACE,oBAAoB,KAAK,kBAAkB;YAC3C,oBAAoB,KAAK,kBAAkB,EAC3C,CAAC;YACD,OAAO;gBACL,MAAM,EAAE,oBAAoB;gBAC5B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IACE,oBAAoB,KAAK,kBAAkB;YAC3C,oBAAoB,KAAK,kBAAkB,EAC3C,CAAC;YACD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IAAI,uBAAuB,KAAK,kBAAkB,EAAE,CAAC;YACnD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IAAI,wBAAwB,KAAK,kBAAkB,EAAE,CAAC;YACpD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,qBAAqB;QACrB,IAAI,IAAA,8BAAkB,EAAC,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC;YAC1D,oEAAoE;YACpE,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;gBACvC,OAAO;oBACL,MAAM,EAAE,SAAS;oBACjB,GAAG,UAAU;iBACd,CAAA;YACH,CAAC;YACD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,cAAc;QACd,IAAI,gBAAgB,KAAK,eAAe,EAAE,CAAC;YACzC,IAAI,wBAAwB,KAAK,kBAAkB,EAAE,CAAC;gBACpD;;;;;;;mBAOG;gBACH,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;oBACvC,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAA;oBACnD,IACE,IAAA,wBAAY,EAAC,SAAS,CAAC;wBACvB,OAAO,CAAC,oBAAoB,CAAC,cAAc,KAAK,WAAW,EAC3D,CAAC;wBACD,IACE,OAAO,CAAC,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAC3C,CAAC,SAAS,EAAE,EAAE,CACZ,SAAS,CAAC,cAAc,KAAK,OAAO,IAAI,SAAS,CAAC,sBAAsB,CAC3E,EACD,CAAC;4BACD,OAAO;gCACL,MAAM,EAAE,SAAS;gCACjB,GAAG,UAAU;6BACd,CAAA;wBACH,CAAC;oBACH,CAAC;oBAED,IACE,IAAA,4BAAgB,EAAC,SAAS,CAAC;wBAC3B,IAAA,wBAAY,EAAC,SAAS,CAAC;wBACvB,IAAA,8BAAkB,EAAC,SAAS,CAAC,EAC7B,CAAC;wBACD,IACE,OAAO,CAAC,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAC3C,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,cAAc,KAAK,OAAO,CACpD,EACD,CAAC;4BACD,OAAO;gCACL,MAAM,EAAE,SAAS;gCACjB,GAAG,UAAU;6BACd,CAAA;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,OAAO;oBACL,MAAM,EAAE,kBAAkB;oBAC1B,GAAG,UAAU;iBACd,CAAA;YACH,CAAC;YAED;;;;;;;;cAQE;YAEF,MAAM,cAAc,GAAG,IAAI,CAAC,6BAA6B,CACvD,WAAW,EACX,OAAO,CAAC,gBAAgB,EACxB,OAAO,CAAC,OAAO,CAAC,QAAQ,CACzB,CAAA;YACD,IACE,oBAAoB,KAAK,SAAS;gBAClC,CAAC,cAAc,IAAI,uBAAuB,KAAK,SAAS,CAAC,EACzD,CAAC;gBACD,OAAO;oBACL,MAAM,EAAE,SAAS;oBACjB,GAAG,UAAU;iBACd,CAAA;YACH,CAAC;YACD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,eAAe;QACf,IAAI,wBAAwB,KAAK,kBAAkB,EAAE,CAAC;YACpD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IAAI,oBAAoB,KAAK,SAAS,IAAI,oBAAoB,KAAK,mBAAmB,EAAE,CAAC;YACvF,IAAI,uBAAuB,KAAK,SAAS,EAAE,CAAC;gBAC1C,OAAO;oBACL,MAAM,EAAE,SAAS;oBACjB,GAAG,UAAU;iBACd,CAAA;YACH,CAAC;YACD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,OAAO;YACL,MAAM,EAAE,kBAAkB;YAC1B,GAAG,UAAU;SACd,CAAA;QAED;;;;;;;WAOG;IACL,CAAC;IAED;;;;;;OAMG;IACH,6BAA6B,CAC3B,WAAoB,EACpB,gBAAkC,EAClC,QAAyB;QAEzB,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,IAAI,CAAA;QACb,CAAC;QAED,OAAO,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAC1C,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,cAAc,KAAK,mBAAmB,CAChE,CAAA;IACH,CAAC;CACF;AA1PD,4DA0PC"}
1
+ {"version":3,"file":"DefaultServiceAuthorizer.js","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":";;;AAAA,wDAMiC;AAUjC;;;GAGG;AACH,MAAM,YAAY;IASa;IARrB,SAAS,GAAuB,IAAI,GAAG,EAAE,CAAA;IACzC,MAAM,CAAkB;IAEhC;;;;OAIG;IACH,YAA6B,UAA4B;QAA5B,eAAU,GAAV,UAAU,CAAkB;QACvD,IAAI,CAAC,MAAM,GAAG,UAAU,CAAA;IAC1B,CAAC;IAED;;;;;OAKG;IACH,GAAG,CAAC,MAAqB,EAAE,MAAwB;QACjD,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YAC1D,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAC5B,CAAC;QAED,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;IACxB,CAAC;IAED;;;;;;OAMG;IACK,SAAS,CAAC,SAA2B;QAC3C,sCAAsC;QACtC,IAAI,IAAI,CAAC,MAAM,KAAK,kBAAkB,EAAE,CAAC;YACvC,OAAM;QACR,CAAC;QACD,IAAI,SAAS,KAAK,kBAAkB,EAAE,CAAC;YACrC,IAAI,CAAC,MAAM,GAAG,kBAAkB,CAAA;QAClC,CAAC;aAAM,IAAI,SAAS,KAAK,kBAAkB,EAAE,CAAC;YAC5C,IAAI,CAAC,MAAM,GAAG,kBAAkB,CAAA;QAClC,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAA;IACpB,CAAC;IAED;;;;OAIG;IACH,YAAY;QACV,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;IACnC,CAAC;CACF;AAED;;GAEG;AACH,MAAa,wBAAwB;IACnC;;;;;OAKG;IACI,SAAS,CAAC,OAAoC;QACnD,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,MAAM,CAAA;QAC5C,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,MAAM,CAAA;QAC5C,MAAM,uBAAuB,GAAG,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAA;QAC/D,MAAM,oBAAoB,GAAG,OAAO,CAAC,gBAAgB,EAAE,MAAM,CAAA;QAC7D,MAAM,wBAAwB,GAAG,OAAO,CAAC,0BAA0B,EAAE,MAAM,CAAA;QAC3E,MAAM,oBAAoB,GAAG,OAAO,CAAC,gBAAgB,EAAE,MAAM,CAAA;QAE7D,MAAM,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,CAAA;QAC9D,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,SAAS,EAAE,CAAA;QAC7D,MAAM,WAAW,GAAG,gBAAgB,KAAK,eAAe,CAAA;QAExD,MAAM,UAAU,GAWZ;YACF,WAAW;YACX,eAAe,EAAE,OAAO,CAAC,eAAe;YACxC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,0BAA0B,EAAE,OAAO,CAAC,0BAA0B;YAC9D,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;SAC3C,CAAA;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAA;QACxD,MAAM,YAAY,GAAG,IAAI,YAAY,CAAC,UAAU,CAAC,CAAA;QAEjD,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,CAAA;QAClC,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,CAAA;QAElC,IACE,oBAAoB,KAAK,kBAAkB;YAC3C,oBAAoB,KAAK,kBAAkB,EAC3C,CAAC;YACD,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAA;QAChD,CAAC;QAED,IACE,oBAAoB,KAAK,kBAAkB;YAC3C,oBAAoB,KAAK,kBAAkB,EAC3C,CAAC;YACD,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAA;QAClD,CAAC;QAED,IAAI,uBAAuB,KAAK,kBAAkB,EAAE,CAAC;YACnD,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAA;QAClD,CAAC;QAED,IAAI,wBAAwB,KAAK,kBAAkB,EAAE,CAAC;YACpD,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAA;QAC5C,CAAC;QAED,cAAc;QACd,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,wBAAwB,KAAK,kBAAkB,EAAE,CAAC;gBACpD;;;;;;;mBAOG;gBACH,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;oBACvC,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAA;oBACnD,IACE,IAAA,wBAAY,EAAC,SAAS,CAAC;wBACvB,OAAO,CAAC,oBAAoB,CAAC,cAAc,KAAK,WAAW,EAC3D,CAAC;wBACD,qFAAqF;wBACrF,IACE,CAAC,OAAO,CAAC,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAC5C,CAAC,SAAS,EAAE,EAAE,CACZ,SAAS,CAAC,cAAc,KAAK,OAAO,IAAI,SAAS,CAAC,sBAAsB,CAC3E,EACD,CAAC;4BACD,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAA;wBAC5C,CAAC;oBACH,CAAC;yBAAM,IACL,IAAA,4BAAgB,EAAC,SAAS,CAAC;wBAC3B,IAAA,wBAAY,EAAC,SAAS,CAAC;wBACvB,IAAA,8BAAkB,EAAC,SAAS,CAAC,EAC7B,CAAC;wBACD,8FAA8F;wBAC9F,+BAA+B;wBAC/B,IACE,CAAC,OAAO,CAAC,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAC5C,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,cAAc,KAAK,OAAO,CACpD,EACD,CAAC;4BACD,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAA;wBAC5C,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,mHAAmH;wBACnH,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAA;oBAC5C,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,iGAAiG;oBACjG,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAA;gBAC5C,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,eAAe;YACf,IAAI,wBAAwB,KAAK,kBAAkB,EAAE,CAAC;gBACpD,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAA;YAC5C,CAAC;QACH,CAAC;QAED,MAAM,cAAc,GAAG,YAAY,CAAC,YAAY,EAAE,CAAA;QAClD,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChC,UAAU,CAAC,SAAS,GAAG,cAAc,CAAA;QACvC,CAAC;QAED,OAAO;YACL,MAAM,EAAE,YAAY,CAAC,SAAS,EAAE;YAChC,GAAG,UAAU;SACd,CAAA;QAED;;;;WAIG;IACL,CAAC;IAED;;;;;;OAMG;IACH,6BAA6B,CAC3B,WAAoB,EACpB,gBAAkC,EAClC,QAAyB;QAEzB,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,IAAI,CAAA;QACb,CAAC;QAED,OAAO,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAC1C,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,cAAc,KAAK,mBAAmB,CAChE,CAAA;IACH,CAAC;IAED;;;;;;;;;;;;;;OAcG;IACK,uBAAuB,CAAC,OAAoC;QAClE,MAAM,aAAa,GAAG,OAAO,CAAC,eAAe,EAAE,MAAM,CAAA;QACrD,MAAM,uBAAuB,GAAG,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAA;QAC/D,MAAM,oBAAoB,GAAG,OAAO,CAAC,gBAAgB,EAAE,MAAM,CAAA;QAE7D,MAAM,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,CAAA;QAC9D,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,SAAS,EAAE,CAAA;QAC7D,MAAM,WAAW,GAAG,gBAAgB,KAAK,eAAe,CAAA;QAExD,IAAI,aAAa,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;YACjD,OAAO,aAAa,CAAA;QACtB,CAAC;QAED,qBAAqB;QACrB,IAAI,IAAA,8BAAkB,EAAC,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC;YAC1D,oEAAoE;YACpE,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;gBACvC,OAAO,SAAS,CAAA;YAClB,CAAC;YACD,OAAO,kBAAkB,CAAA;QAC3B,CAAC;QAED,cAAc;QACd,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,cAAc,GAAG,IAAI,CAAC,6BAA6B,CACvD,WAAW,EACX,OAAO,CAAC,gBAAgB,EACxB,OAAO,CAAC,OAAO,CAAC,QAAQ,CACzB,CAAA;YACD,IACE,oBAAoB,KAAK,SAAS;gBAClC,CAAC,cAAc,IAAI,uBAAuB,KAAK,SAAS,CAAC,EACzD,CAAC;gBACD,OAAO,SAAS,CAAA;YAClB,CAAC;YACD,OAAO,kBAAkB,CAAA;QAC3B,CAAC;QAED,eAAe;QACf,IAAI,oBAAoB,KAAK,SAAS,IAAI,oBAAoB,KAAK,mBAAmB,EAAE,CAAC;YACvF,IAAI,uBAAuB,KAAK,SAAS,EAAE,CAAC;gBAC1C,OAAO,SAAS,CAAA;YAClB,CAAC;QACH,CAAC;QAED,OAAO,kBAAkB,CAAA;IAC3B,CAAC;CACF;AAjOD,4DAiOC"}
package/dist/esm/StatementAnalysis.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"StatementAnalysis.d.ts","sourceRoot":"","sources":["../../src/StatementAnalysis.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,SAAS,EAAE,KAAK,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAC1E,OAAO,EAAE,KAAK,oBAAoB,EAAE,MAAM,0BAA0B,CAAA;AACpE,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,+BAA+B,CAAA;AACrE,OAAO,EAAE,KAAK,oBAAoB,EAAE,MAAM,0BAA0B,CAAA;AAEpE;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAA;IAEhB;;OAEG;IACH,SAAS,EAAE,SAAS,CAAA;IAEpB;;OAEG;IACH,aAAa,EAAE,OAAO,CAAA;IAEtB;;OAEG;IACH,WAAW,EAAE,OAAO,CAAA;IAEpB;;OAEG;IACH,cAAc,EAAE,oBAAoB,CAAA;IAEpC;;OAEG;IACH,cAAc,EAAE,oBAAoB,CAAA;IAEpC;;OAEG;IACH,OAAO,EAAE,gBAAgB,CAAA;IAEzB;;OAEG;IACH,iBAAiB,CAAC,EAAE,SAAS,EAAE,CAAA;IAE/B;;OAEG;IACH,sBAAsB,CAAC,EAAE,OAAO,CAAA;CACjC;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO,CAU7E;AAsBD,wBAAgB,6BAA6B,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO,CAUnF;AAED,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,IAAI,CACZ,iBAAiB,EACjB,aAAa,GAAG,gBAAgB,GAAG,gBAAgB,GAAG,eAAe,CACtE,GACA,OAAO,CAST;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,IAAI,CAAC,iBAAiB,EAAE,aAAa,GAAG,gBAAgB,GAAG,eAAe,CAAC,GACpF,OAAO,CAQT"}
1
+ {"version":3,"file":"StatementAnalysis.d.ts","sourceRoot":"","sources":["../../src/StatementAnalysis.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,SAAS,EAAE,KAAK,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAC1E,OAAO,EAAE,KAAK,oBAAoB,EAAE,MAAM,0BAA0B,CAAA;AACpE,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,+BAA+B,CAAA;AACrE,OAAO,EAAE,KAAK,oBAAoB,EAAE,MAAM,0BAA0B,CAAA;AAEpE;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAA;IAEhB;;OAEG;IACH,SAAS,EAAE,SAAS,CAAA;IAEpB;;OAEG;IACH,aAAa,EAAE,OAAO,CAAA;IAEtB;;OAEG;IACH,WAAW,EAAE,OAAO,CAAA;IAEpB;;OAEG;IACH,cAAc,EAAE,oBAAoB,CAAA;IAEpC;;OAEG;IACH,cAAc,EAAE,oBAAoB,CAAA;IAEpC;;OAEG;IACH,OAAO,EAAE,gBAAgB,CAAA;IAEzB;;OAEG;IACH,iBAAiB,CAAC,EAAE,SAAS,EAAE,CAAA;IAE/B;;OAEG;IACH,sBAAsB,CAAC,EAAE,OAAO,CAAA;CACjC;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO,CAU7E;AAED,wBAAgB,6BAA6B,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO,CAUnF;AAED,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,IAAI,CACZ,iBAAiB,EACjB,aAAa,GAAG,gBAAgB,GAAG,gBAAgB,GAAG,eAAe,CACtE,GACA,OAAO,CAST;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,IAAI,CAAC,iBAAiB,EAAE,aAAa,GAAG,gBAAgB,GAAG,eAAe,CAAC,GACpF,OAAO,CAQT"}
package/dist/esm/StatementAnalysis.js CHANGED
@@ -17,24 +17,6 @@ export function identityStatementAllows(statement) {
17
17
  }
18
18
  return false;
19
19
  }
20
- // export function identityStatementUknownAllow(statement: StatementAnalysis): boolean {
21
- // if(statement.resourceMatch &&
22
- // statement.actionMatch &&
23
- // statement.conditionMatch === 'Unknown' &&
24
- // statement.statement.effect() === 'Allow') {
25
- // return true;
26
- // }
27
- // return false
28
- // }
29
- // export function identityStatementUknownDeny(statement: StatementAnalysis): boolean {
30
- // if(statement.resourceMatch &&
31
- // statement.actionMatch &&
32
- // statement.conditionMatch === 'Unknown' &&
33
- // statement.statement.effect() === 'Deny') {
34
- // return true;
35
- // }
36
- // return false
37
- // }
38
20
  export function identityStatementExplicitDeny(statement) {
39
21
  if (statement.resourceMatch &&
40
22
  statement.actionMatch &&
package/dist/esm/StatementAnalysis.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"StatementAnalysis.js","sourceRoot":"","sources":["../../src/StatementAnalysis.ts"],"names":[],"mappings":"AAAA,OAAO,EAAkC,MAAM,2BAA2B,CAAA;AAC1E,OAAO,EAA6B,MAAM,0BAA0B,CAAA;AACpE,OAAO,EAAyB,MAAM,+BAA+B,CAAA;AACrE,OAAO,EAA6B,MAAM,0BAA0B,CAAA;AAqDpE;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CAAC,SAA4B;IAClE,IACE,SAAS,CAAC,aAAa;QACvB,SAAS,CAAC,WAAW;QACrB,SAAS,CAAC,cAAc,KAAK,OAAO;QACpC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,OAAO,EACxC,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED,wFAAwF;AACxF,kCAAkC;AAClC,+BAA+B;AAC/B,gDAAgD;AAChD,kDAAkD;AAClD,qBAAqB;AACrB,MAAM;AACN,iBAAiB;AACjB,IAAI;AAEJ,uFAAuF;AACvF,kCAAkC;AAClC,+BAA+B;AAC/B,gDAAgD;AAChD,iDAAiD;AACjD,qBAAqB;AACrB,MAAM;AACN,iBAAiB;AACjB,IAAI;AAEJ,MAAM,UAAU,6BAA6B,CAAC,SAA4B;IACxE,IACE,SAAS,CAAC,aAAa;QACvB,SAAS,CAAC,WAAW;QACrB,SAAS,CAAC,cAAc,KAAK,OAAO;QACpC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,MAAM,EACvC,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,QAGC;IAED,OAAO,CACL,QAAQ,CAAC,aAAa;QACtB,QAAQ,CAAC,WAAW;QACpB,QAAQ,CAAC,cAAc,KAAK,OAAO;QACnC,CAAC,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAC7E,QAAQ,CAAC,cAAc,CACxB,CACF,CAAA;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CACrC,QAAqF;IAErF,OAAO,CACL,QAAQ,CAAC,aAAa;QACtB,QAAQ,CAAC,WAAW;QACpB,CAAC,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAC7E,QAAQ,CAAC,cAAc,CACxB,CACF,CAAA;AACH,CAAC"}
1
+ {"version":3,"file":"StatementAnalysis.js","sourceRoot":"","sources":["../../src/StatementAnalysis.ts"],"names":[],"mappings":"AAAA,OAAO,EAAkC,MAAM,2BAA2B,CAAA;AAC1E,OAAO,EAA6B,MAAM,0BAA0B,CAAA;AACpE,OAAO,EAAyB,MAAM,+BAA+B,CAAA;AACrE,OAAO,EAA6B,MAAM,0BAA0B,CAAA;AAqDpE;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CAAC,SAA4B;IAClE,IACE,SAAS,CAAC,aAAa;QACvB,SAAS,CAAC,WAAW;QACrB,SAAS,CAAC,cAAc,KAAK,OAAO;QACpC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,OAAO,EACxC,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED,MAAM,UAAU,6BAA6B,CAAC,SAA4B;IACxE,IACE,SAAS,CAAC,aAAa;QACvB,SAAS,CAAC,WAAW;QACrB,SAAS,CAAC,cAAc,KAAK,OAAO;QACpC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,MAAM,EACvC,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,QAGC;IAED,OAAO,CACL,QAAQ,CAAC,aAAa;QACtB,QAAQ,CAAC,WAAW;QACpB,QAAQ,CAAC,cAAc,KAAK,OAAO;QACnC,CAAC,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAC7E,QAAQ,CAAC,cAAc,CACxB,CACF,CAAA;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CACrC,QAAqF;IAErF,OAAO,CACL,QAAQ,CAAC,aAAa;QACtB,QAAQ,CAAC,WAAW;QACpB,CAAC,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAC7E,QAAQ,CAAC,cAAc,CACxB,CACF,CAAA;AACH,CAAC"}
package/dist/esm/analysis/analyzeResults.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { type RequestAnalysis } from '../evaluate.js';
1
+ import { type BlockedReason, type RequestAnalysis } from '../evaluate.js';
2
2
  /**
3
3
  * Analyze a RequestAnalysis to see if the request was allowed by identity policies.
4
4
  *
@@ -6,15 +6,46 @@ import { type RequestAnalysis } from '../evaluate.js';
6
6
  * @returns true if the request was allowed by identity policies, false otherwise
7
7
  */
8
8
  export declare function isAllowedByIdentityPolicies(requestAnalysis: RequestAnalysis): boolean;
9
- export type DenialPolicyType = 'identity' | 'resource' | 'scp' | 'rcp' | 'permissionBoundary' | 'endpointPolicy';
9
+ export type DenialPolicyType = BlockedReason;
10
10
  export type RequestDenial = {
11
+ /**
12
+ * The type of policy that caused the denial.
13
+ */
11
14
  policyType: DenialPolicyType;
15
+ /**
16
+ * This denial blocks a request that otherwise could have been allowed.
17
+ */
18
+ blocking?: true;
19
+ /**
20
+ * The identifier of the policy that caused the denial, if applicable. This could be a
21
+ * policy identifier or an organizational unit identifier for SCPs and RCPs.
22
+ */
12
23
  identifier?: string;
24
+ /**
25
+ * The type of denial.
26
+ */
13
27
  denialType: 'Implicit';
14
28
  } | {
29
+ /**
30
+ * The type of policy that caused the denial.
31
+ */
15
32
  policyType: DenialPolicyType;
33
+ /**
34
+ * This denial blocks a request that otherwise could have been allowed.
35
+ */
36
+ blocking?: true;
37
+ /**
38
+ * The identifier of the policy that caused the denial. May be undefined, for example
39
+ * in a resource policy.
40
+ */
16
41
  policyIdentifier?: string;
42
+ /**
43
+ * The statement ID (or index) of the denying statement, if applicable.
44
+ */
17
45
  statementId: string;
46
+ /**
47
+ * The type of denial.
48
+ */
18
49
  denialType: 'Explicit';
19
50
  };
20
51
  /**
package/dist/esm/analysis/analyzeResults.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"analyzeResults.d.ts","sourceRoot":"","sources":["../../../src/analysis/analyzeResults.ts"],"names":[],"mappings":"AAAA,OAAO,EAIL,KAAK,eAAe,EAGrB,MAAM,gBAAgB,CAAA;AAEvB;;;;;GAKG;AACH,wBAAgB,2BAA2B,CAAC,eAAe,EAAE,eAAe,GAAG,OAAO,CAOrF;AAED,MAAM,MAAM,gBAAgB,GACxB,UAAU,GACV,UAAU,GACV,KAAK,GACL,KAAK,GACL,oBAAoB,GACpB,gBAAgB,CAAA;AAEpB,MAAM,MAAM,aAAa,GACrB;IACE,UAAU,EAAE,gBAAgB,CAAA;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,UAAU,EAAE,UAAU,CAAA;CACvB,GACD;IACE,UAAU,EAAE,gBAAgB,CAAA;IAC5B,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,WAAW,EAAE,MAAM,CAAA;IACnB,UAAU,EAAE,UAAU,CAAA;CACvB,CAAA;AAEL;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,gBAAgB,CAAC,eAAe,EAAE,eAAe,GAAG,aAAa,EAAE,CAiBlF"}
1
+ {"version":3,"file":"analyzeResults.d.ts","sourceRoot":"","sources":["../../../src/analysis/analyzeResults.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,aAAa,EAIlB,KAAK,eAAe,EAGrB,MAAM,gBAAgB,CAAA;AAEvB;;;;;GAKG;AACH,wBAAgB,2BAA2B,CAAC,eAAe,EAAE,eAAe,GAAG,OAAO,CAOrF;AAED,MAAM,MAAM,gBAAgB,GAAG,aAAa,CAAA;AAE5C,MAAM,MAAM,aAAa,GACrB;IACE;;OAEG;IACH,UAAU,EAAE,gBAAgB,CAAA;IAE5B;;OAEG;IACH,QAAQ,CAAC,EAAE,IAAI,CAAA;IAEf;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;IAEnB;;OAEG;IACH,UAAU,EAAE,UAAU,CAAA;CACvB,GACD;IACE;;OAEG;IACH,UAAU,EAAE,gBAAgB,CAAA;IAE5B;;OAEG;IACH,QAAQ,CAAC,EAAE,IAAI,CAAA;IAEf;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAA;IAEzB;;OAEG;IACH,WAAW,EAAE,MAAM,CAAA;IAEnB;;OAEG;IACH,UAAU,EAAE,UAAU,CAAA;CACvB,CAAA;AAEL;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,gBAAgB,CAAC,eAAe,EAAE,eAAe,GAAG,aAAa,EAAE,CAqClF"}
package/dist/esm/analysis/analyzeResults.js CHANGED
@@ -31,28 +31,38 @@ export function isAllowedByIdentityPolicies(requestAnalysis) {
31
31
  export function getDenialReasons(requestAnalysis) {
32
32
  const denials = [];
33
33
  const overallResult = requestAnalysis.result;
34
- addSimplePolicyDenials(requestAnalysis.identityAnalysis, 'identity', overallResult, denials);
35
- addSimplePolicyDenials(requestAnalysis.resourceAnalysis, 'resource', overallResult, denials);
36
- addOuPolicyDenials(requestAnalysis.scpAnalysis, 'scp', overallResult, denials);
37
- addOuPolicyDenials(requestAnalysis.rcpAnalysis, 'rcp', overallResult, denials);
38
- addSimplePolicyDenials(requestAnalysis.permissionBoundaryAnalysis, 'permissionBoundary', overallResult, denials);
39
- addSimplePolicyDenials(requestAnalysis.endpointAnalysis, 'endpointPolicy', overallResult, denials);
34
+ const blockedBy = new Set(requestAnalysis.blockedBy ?? []);
35
+ addSimplePolicyDenials(requestAnalysis.identityAnalysis, 'identity', overallResult, blockedBy, denials);
36
+ addSimplePolicyDenials(requestAnalysis.resourceAnalysis, 'resource', overallResult, blockedBy, denials);
37
+ addOuPolicyDenials(requestAnalysis.scpAnalysis, 'scp', overallResult, blockedBy, denials);
38
+ addOuPolicyDenials(requestAnalysis.rcpAnalysis, 'rcp', overallResult, blockedBy, denials);
39
+ addSimplePolicyDenials(requestAnalysis.permissionBoundaryAnalysis, 'pb', overallResult, blockedBy, denials);
40
+ addSimplePolicyDenials(requestAnalysis.endpointAnalysis, 'vpce', overallResult, blockedBy, denials);
40
41
  return denials;
41
42
  }
42
43
  /**
43
44
  * Helper for identity-style policies (identity, resource, permissionBoundary, endpoint).
44
45
  * Adds denial reasons from a simple policy analysis.
45
46
  */
46
- function addSimplePolicyDenials(analysis, policyType, overallResult, denials) {
47
+ function addSimplePolicyDenials(analysis, policyType, overallResult, blockedBy, denials) {
47
48
  if (!analysis)
48
49
  return;
49
- if (analysis.result === 'ImplicitlyDenied' && overallResult === 'ImplicitlyDenied') {
50
- denials.push({ policyType, denialType: 'Implicit' });
50
+ const isBlocking = blockedBy.has(policyType);
51
+ const blocking = isBlocking ? { blocking: true } : {};
52
+ if (analysis.result === 'ImplicitlyDenied' &&
53
+ (isBlocking || overallResult === 'ImplicitlyDenied')) {
54
+ denials.push({
55
+ policyType,
56
+ denialType: 'Implicit',
57
+ ...blocking
58
+ });
51
59
  }
52
- else if (analysis.result === 'ExplicitlyDenied' && overallResult === 'ExplicitlyDenied') {
60
+ else if (analysis.result === 'ExplicitlyDenied' &&
61
+ (isBlocking || overallResult === 'ExplicitlyDenied')) {
53
62
  for (const stmt of analysis.denyStatements) {
54
63
  denials.push({
55
64
  policyType,
65
+ ...blocking,
56
66
  policyIdentifier: stmt.policyId,
57
67
  statementId: stmt.statement.sid() || stmt.statement.index().toString(),
58
68
  denialType: 'Explicit'
@@ -64,17 +74,26 @@ function addSimplePolicyDenials(analysis, policyType, overallResult, denials) {
64
74
  * Helper for OU-based policies (scp, rcp).
65
75
  * Adds denial reasons from an organizational policy analysis.
66
76
  */
67
- function addOuPolicyDenials(analysis, policyType, overallResult, denials) {
77
+ function addOuPolicyDenials(analysis, policyType, overallResult, blockedBy, denials) {
68
78
  if (!analysis)
69
79
  return;
70
- if (analysis.result === 'ImplicitlyDenied' && overallResult === 'ImplicitlyDenied') {
80
+ const isBlocking = blockedBy.has(policyType);
81
+ const blocking = isBlocking ? { blocking: true } : {};
82
+ if (analysis.result === 'ImplicitlyDenied' &&
83
+ (isBlocking || overallResult === 'ImplicitlyDenied')) {
71
84
  for (const ou of analysis.ouAnalysis) {
72
85
  if (ou.result === 'ImplicitlyDenied') {
73
- denials.push({ policyType, identifier: ou.orgIdentifier, denialType: 'Implicit' });
86
+ denials.push({
87
+ policyType,
88
+ identifier: ou.orgIdentifier,
89
+ denialType: 'Implicit',
90
+ ...blocking
91
+ });
74
92
  }
75
93
  }
76
94
  }
77
- else if (analysis.result === 'ExplicitlyDenied' && overallResult === 'ExplicitlyDenied') {
95
+ else if (analysis.result === 'ExplicitlyDenied' &&
96
+ (isBlocking || overallResult === 'ExplicitlyDenied')) {
78
97
  for (const ou of analysis.ouAnalysis) {
79
98
  if (ou.result === 'ExplicitlyDenied') {
80
99
  for (const stmt of ou.denyStatements) {
@@ -82,7 +101,8 @@ function addOuPolicyDenials(analysis, policyType, overallResult, denials) {
82
101
  policyType,
83
102
  policyIdentifier: stmt.policyId,
84
103
  statementId: stmt.statement.sid() || stmt.statement.index().toString(),
85
- denialType: 'Explicit'
104
+ denialType: 'Explicit',
105
+ ...blocking
86
106
  });
87
107
  }
88
108
  }
package/dist/esm/analysis/analyzeResults.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"analyzeResults.js","sourceRoot":"","sources":["../../../src/analysis/analyzeResults.ts"],"names":[],"mappings":"AAAA,OAAO,EAON,MAAM,gBAAgB,CAAA;AAEvB;;;;;GAKG;AACH,MAAM,UAAU,2BAA2B,CAAC,eAAgC;IAC1E,MAAM,gBAAgB,GAAG,eAAe,CAAC,gBAAgB,CAAA;IACzD,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,gBAAgB,CAAC,MAAM,KAAK,SAAS,CAAA;AAC9C,CAAC;AAuBD;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,gBAAgB,CAAC,eAAgC;IAC/D,MAAM,OAAO,GAAoB,EAAE,CAAA;IACnC,MAAM,aAAa,GAAG,eAAe,CAAC,MAAM,CAAA;IAE5C,sBAAsB,CAAC,eAAe,CAAC,gBAAgB,EAAE,UAAU,EAAE,aAAa,EAAE,OAAO,CAAC,CAAA;IAC5F,sBAAsB,CAAC,eAAe,CAAC,gBAAgB,EAAE,UAAU,EAAE,aAAa,EAAE,OAAO,CAAC,CAAA;IAC5F,kBAAkB,CAAC,eAAe,CAAC,WAAW,EAAE,KAAK,EAAE,aAAa,EAAE,OAAO,CAAC,CAAA;IAC9E,kBAAkB,CAAC,eAAe,CAAC,WAAW,EAAE,KAAK,EAAE,aAAa,EAAE,OAAO,CAAC,CAAA;IAC9E,sBAAsB,CACpB,eAAe,CAAC,0BAA0B,EAC1C,oBAAoB,EACpB,aAAa,EACb,OAAO,CACR,CAAA;IACD,sBAAsB,CAAC,eAAe,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,aAAa,EAAE,OAAO,CAAC,CAAA;IAElG,OAAO,OAAO,CAAA;AAChB,CAAC;AAED;;;GAGG;AACH,SAAS,sBAAsB,CAC7B,QAAyD,EACzD,UAA4B,EAC5B,aAA+B,EAC/B,OAAwB;IAExB,IAAI,CAAC,QAAQ;QAAE,OAAM;IAErB,IAAI,QAAQ,CAAC,MAAM,KAAK,kBAAkB,IAAI,aAAa,KAAK,kBAAkB,EAAE,CAAC;QACnF,OAAO,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC,CAAA;IACtD,CAAC;SAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,kBAAkB,IAAI,aAAa,KAAK,kBAAkB,EAAE,CAAC;QAC1F,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,cAAc,EAAE,CAAC;YAC3C,OAAO,CAAC,IAAI,CAAC;gBACX,UAAU;gBACV,gBAAgB,EAAE,IAAI,CAAC,QAAQ;gBAC/B,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE;gBACtE,UAAU,EAAE,UAAU;aACvB,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,kBAAkB,CACzB,QAA+C,EAC/C,UAA4B,EAC5B,aAA+B,EAC/B,OAAwB;IAExB,IAAI,CAAC,QAAQ;QAAE,OAAM;IAErB,IAAI,QAAQ,CAAC,MAAM,KAAK,kBAAkB,IAAI,aAAa,KAAK,kBAAkB,EAAE,CAAC;QACnF,KAAK,MAAM,EAAE,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YACrC,IAAI,EAAE,CAAC,MAAM,KAAK,kBAAkB,EAAE,CAAC;gBACrC,OAAO,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,UAAU,EAAE,EAAE,CAAC,aAAa,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC,CAAA;YACpF,CAAC;QACH,CAAC;IACH,CAAC;SAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,kBAAkB,IAAI,aAAa,KAAK,kBAAkB,EAAE,CAAC;QAC1F,KAAK,MAAM,EAAE,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YACrC,IAAI,EAAE,CAAC,MAAM,KAAK,kBAAkB,EAAE,CAAC;gBACrC,KAAK,MAAM,IAAI,IAAI,EAAE,CAAC,cAAc,EAAE,CAAC;oBACrC,OAAO,CAAC,IAAI,CAAC;wBACX,UAAU;wBACV,gBAAgB,EAAE,IAAI,CAAC,QAAQ;wBAC/B,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE;wBACtE,UAAU,EAAE,UAAU;qBACvB,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC"}
1
+ {"version":3,"file":"analyzeResults.js","sourceRoot":"","sources":["../../../src/analysis/analyzeResults.ts"],"names":[],"mappings":"AAAA,OAAO,EAQN,MAAM,gBAAgB,CAAA;AAEvB;;;;;GAKG;AACH,MAAM,UAAU,2BAA2B,CAAC,eAAgC;IAC1E,MAAM,gBAAgB,GAAG,eAAe,CAAC,gBAAgB,CAAA;IACzD,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,gBAAgB,CAAC,MAAM,KAAK,SAAS,CAAA;AAC9C,CAAC;AAuDD;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,gBAAgB,CAAC,eAAgC;IAC/D,MAAM,OAAO,GAAoB,EAAE,CAAA;IACnC,MAAM,aAAa,GAAG,eAAe,CAAC,MAAM,CAAA;IAC5C,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,eAAe,CAAC,SAAS,IAAI,EAAE,CAAC,CAAA;IAE1D,sBAAsB,CACpB,eAAe,CAAC,gBAAgB,EAChC,UAAU,EACV,aAAa,EACb,SAAS,EACT,OAAO,CACR,CAAA;IACD,sBAAsB,CACpB,eAAe,CAAC,gBAAgB,EAChC,UAAU,EACV,aAAa,EACb,SAAS,EACT,OAAO,CACR,CAAA;IACD,kBAAkB,CAAC,eAAe,CAAC,WAAW,EAAE,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,OAAO,CAAC,CAAA;IACzF,kBAAkB,CAAC,eAAe,CAAC,WAAW,EAAE,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,OAAO,CAAC,CAAA;IACzF,sBAAsB,CACpB,eAAe,CAAC,0BAA0B,EAC1C,IAAI,EACJ,aAAa,EACb,SAAS,EACT,OAAO,CACR,CAAA;IACD,sBAAsB,CACpB,eAAe,CAAC,gBAAgB,EAChC,MAAM,EACN,aAAa,EACb,SAAS,EACT,OAAO,CACR,CAAA;IAED,OAAO,OAAO,CAAA;AAChB,CAAC;AAED;;;GAGG;AACH,SAAS,sBAAsB,CAC7B,QAAyD,EACzD,UAA4B,EAC5B,aAA+B,EAC/B,SAA6B,EAC7B,OAAwB;IAExB,IAAI,CAAC,QAAQ;QAAE,OAAM;IAErB,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;IAC5C,MAAM,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,IAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;IAE9D,IACE,QAAQ,CAAC,MAAM,KAAK,kBAAkB;QACtC,CAAC,UAAU,IAAI,aAAa,KAAK,kBAAkB,CAAC,EACpD,CAAC;QACD,OAAO,CAAC,IAAI,CAAC;YACX,UAAU;YACV,UAAU,EAAE,UAAU;YACtB,GAAG,QAAQ;SACZ,CAAC,CAAA;IACJ,CAAC;SAAM,IACL,QAAQ,CAAC,MAAM,KAAK,kBAAkB;QACtC,CAAC,UAAU,IAAI,aAAa,KAAK,kBAAkB,CAAC,EACpD,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,cAAc,EAAE,CAAC;YAC3C,OAAO,CAAC,IAAI,CAAC;gBACX,UAAU;gBACV,GAAG,QAAQ;gBACX,gBAAgB,EAAE,IAAI,CAAC,QAAQ;gBAC/B,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE;gBACtE,UAAU,EAAE,UAAU;aACvB,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,kBAAkB,CACzB,QAA+C,EAC/C,UAA4B,EAC5B,aAA+B,EAC/B,SAA6B,EAC7B,OAAwB;IAExB,IAAI,CAAC,QAAQ;QAAE,OAAM;IAErB,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;IAC5C,MAAM,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,IAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;IAE9D,IACE,QAAQ,CAAC,MAAM,KAAK,kBAAkB;QACtC,CAAC,UAAU,IAAI,aAAa,KAAK,kBAAkB,CAAC,EACpD,CAAC;QACD,KAAK,MAAM,EAAE,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YACrC,IAAI,EAAE,CAAC,MAAM,KAAK,kBAAkB,EAAE,CAAC;gBACrC,OAAO,CAAC,IAAI,CAAC;oBACX,UAAU;oBACV,UAAU,EAAE,EAAE,CAAC,aAAa;oBAC5B,UAAU,EAAE,UAAU;oBACtB,GAAG,QAAQ;iBACZ,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC;SAAM,IACL,QAAQ,CAAC,MAAM,KAAK,kBAAkB;QACtC,CAAC,UAAU,IAAI,aAAa,KAAK,kBAAkB,CAAC,EACpD,CAAC;QACD,KAAK,MAAM,EAAE,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YACrC,IAAI,EAAE,CAAC,MAAM,KAAK,kBAAkB,EAAE,CAAC;gBACrC,KAAK,MAAM,IAAI,IAAI,EAAE,CAAC,cAAc,EAAE,CAAC;oBACrC,OAAO,CAAC,IAAI,CAAC;wBACX,UAAU;wBACV,gBAAgB,EAAE,IAAI,CAAC,QAAQ;wBAC/B,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE;wBACtE,UAAU,EAAE,UAAU;wBACtB,GAAG,QAAQ;qBACZ,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC"}
package/dist/esm/evaluate.d.ts CHANGED
@@ -1,6 +1,7 @@
1
1
  import { type StatementAnalysis } from './StatementAnalysis.js';
2
2
  export type EvaluationResult = 'Allowed' | 'ExplicitlyDenied' | 'ImplicitlyDenied';
3
3
  export type ResourceEvaluationResult = 'NotApplicable' | 'Allowed' | 'ExplicitlyDenied' | 'AllowedForAccount' | 'DeniedForAccount' | 'ImplicitlyDenied';
4
+ export type BlockedReason = 'scp' | 'rcp' | 'vpce' | 'identity' | 'resource' | 'pb';
4
5
  export interface IdentityAnalysis {
5
6
  result: EvaluationResult;
6
7
  denyStatements: StatementAnalysis[];
@@ -127,5 +128,21 @@ export interface RequestAnalysis {
127
128
  * If the role session name was ignored during discovery mode.
128
129
  */
129
130
  ignoredRoleSessionName?: boolean;
131
+ /**
132
+ * If the request has policies to allow the request in session, identity, and/or resource policies required, but was blocked
133
+ * by another policy, this includes the policy types that blocked the request.
134
+ *
135
+ * It is possible for a request to have been allowed by the identity policy but blocked by the resource policy and vice versa.
136
+ *
137
+ * If this array is undefined or empty, it means that the core session, identity, and/or resource policies did
138
+ * not grant permission. It does not mean that there are no guardrails in place, just that the request was
139
+ * not allowed by the core policies, so there is no need to look for guardrails that block an otherwise allowed request.
140
+ *
141
+ * "Allowed by core policies" means that it would have been allowed if not for the policies identified in `blockedBy`. So
142
+ * by removing the policies identified in `blockedBy`, the request would be allowed.
143
+ *
144
+ * Use this to discover what guardrails are in place that might block access even if it may be allowed by other policies.
145
+ */
146
+ blockedBy?: BlockedReason[];
130
147
  }
131
148
  //# sourceMappingURL=evaluate.d.ts.map
package/dist/esm/evaluate.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"evaluate.d.ts","sourceRoot":"","sources":["../../src/evaluate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAE/D,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,kBAAkB,GAAG,kBAAkB,CAAA;AAClF,MAAM,MAAM,wBAAwB,GAChC,eAAe,GACf,SAAS,GACT,kBAAkB,GAClB,mBAAmB,GACnB,kBAAkB,GAClB,kBAAkB,CAAA;AAEtB,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,gBAAgB,CAAA;IACxB,cAAc,EAAE,iBAAiB,EAAE,CAAA;IACnC,eAAe,EAAE,iBAAiB,EAAE,CAAA;IACpC,mBAAmB,EAAE,iBAAiB,EAAE,CAAA;CACzC;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,wBAAwB,CAAA;IAChC,cAAc,EAAE,iBAAiB,EAAE,CAAA;IACnC,eAAe,EAAE,iBAAiB,EAAE,CAAA;IACpC,mBAAmB,EAAE,iBAAiB,EAAE,CAAA;CACzC;AAED,MAAM,WAAW,aAAa;IAC5B,aAAa,EAAE,MAAM,CAAA;IACrB,MAAM,EAAE,gBAAgB,CAAA;IACxB,cAAc,EAAE,iBAAiB,EAAE,CAAA;IACnC,eAAe,EAAE,iBAAiB,EAAE,CAAA;IACpC,mBAAmB,EAAE,iBAAiB,EAAE,CAAA;CACzC;AAED,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,MAAM,EAAE,gBAAgB,CAAA;IACxB,UAAU,EAAE,aAAa,EAAE,CAAA;CAC5B;AAED,MAAM,WAAW,aAAa;IAC5B,aAAa,EAAE,MAAM,CAAA;IACrB,MAAM,EAAE,gBAAgB,CAAA;IACxB,cAAc,EAAE,iBAAiB,EAAE,CAAA;IACnC,eAAe,EAAE,iBAAiB,EAAE,CAAA;IACpC,mBAAmB,EAAE,iBAAiB,EAAE,CAAA;CACzC;AAED,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,MAAM,EAAE,gBAAgB,CAAA;IACxB,UAAU,EAAE,aAAa,EAAE,CAAA;CAC5B;AAED,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAA;IACV,GAAG,EAAE,MAAM,CAAA;IACX,MAAM,EAAE,MAAM,EAAE,CAAA;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,OAAO,CAAC,EAAE;QACR,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;IACD,GAAG,CAAC,EAAE;QACJ,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;IACD,GAAG,CAAC,EAAE;QACJ,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;IACD,QAAQ,CAAC,EAAE;QACT,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;IACD,QAAQ,CAAC,EAAE;QACT,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;IACD,kBAAkB,CAAC,EAAE;QACnB,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;IACD,cAAc,CAAC,EAAE;QACf,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;CACF;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,MAAM,EAAE,gBAAgB,CAAA;IAExB;;OAEG;IACH,WAAW,EAAE,OAAO,CAAA;IAEpB;;OAEG;IACH,eAAe,CAAC,EAAE,gBAAgB,GAAG,SAAS,CAAA;IAE9C;;OAEG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,CAAA;IAEnC;;OAEG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,CAAA;IAEnC;;OAEG;IACH,WAAW,CAAC,EAAE,WAAW,CAAA;IAEzB;;OAEG;IACH,WAAW,CAAC,EAAE,WAAW,CAAA;IAEzB;;OAEG;IACH,0BAA0B,CAAC,EAAE,gBAAgB,GAAG,SAAS,CAAA;IAEzD;;OAEG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,GAAG,SAAS,CAAA;IAE/C;;OAEG;IACH,iBAAiB,CAAC,EAAE,iBAAiB,CAAA;IAErC;;OAEG;IACH,sBAAsB,CAAC,EAAE,OAAO,CAAA;CACjC"}
1
+ {"version":3,"file":"evaluate.d.ts","sourceRoot":"","sources":["../../src/evaluate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAE/D,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,kBAAkB,GAAG,kBAAkB,CAAA;AAClF,MAAM,MAAM,wBAAwB,GAChC,eAAe,GACf,SAAS,GACT,kBAAkB,GAClB,mBAAmB,GACnB,kBAAkB,GAClB,kBAAkB,CAAA;AAEtB,MAAM,MAAM,aAAa,GAAG,KAAK,GAAG,KAAK,GAAG,MAAM,GAAG,UAAU,GAAG,UAAU,GAAG,IAAI,CAAA;AAEnF,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,gBAAgB,CAAA;IACxB,cAAc,EAAE,iBAAiB,EAAE,CAAA;IACnC,eAAe,EAAE,iBAAiB,EAAE,CAAA;IACpC,mBAAmB,EAAE,iBAAiB,EAAE,CAAA;CACzC;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,wBAAwB,CAAA;IAChC,cAAc,EAAE,iBAAiB,EAAE,CAAA;IACnC,eAAe,EAAE,iBAAiB,EAAE,CAAA;IACpC,mBAAmB,EAAE,iBAAiB,EAAE,CAAA;CACzC;AAED,MAAM,WAAW,aAAa;IAC5B,aAAa,EAAE,MAAM,CAAA;IACrB,MAAM,EAAE,gBAAgB,CAAA;IACxB,cAAc,EAAE,iBAAiB,EAAE,CAAA;IACnC,eAAe,EAAE,iBAAiB,EAAE,CAAA;IACpC,mBAAmB,EAAE,iBAAiB,EAAE,CAAA;CACzC;AAED,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,MAAM,EAAE,gBAAgB,CAAA;IACxB,UAAU,EAAE,aAAa,EAAE,CAAA;CAC5B;AAED,MAAM,WAAW,aAAa;IAC5B,aAAa,EAAE,MAAM,CAAA;IACrB,MAAM,EAAE,gBAAgB,CAAA;IACxB,cAAc,EAAE,iBAAiB,EAAE,CAAA;IACnC,eAAe,EAAE,iBAAiB,EAAE,CAAA;IACpC,mBAAmB,EAAE,iBAAiB,EAAE,CAAA;CACzC;AAED,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,MAAM,EAAE,gBAAgB,CAAA;IACxB,UAAU,EAAE,aAAa,EAAE,CAAA;CAC5B;AAED,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAA;IACV,GAAG,EAAE,MAAM,CAAA;IACX,MAAM,EAAE,MAAM,EAAE,CAAA;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,OAAO,CAAC,EAAE;QACR,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;IACD,GAAG,CAAC,EAAE;QACJ,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;IACD,GAAG,CAAC,EAAE;QACJ,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;IACD,QAAQ,CAAC,EAAE;QACT,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;IACD,QAAQ,CAAC,EAAE;QACT,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;IACD,kBAAkB,CAAC,EAAE;QACnB,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;IACD,cAAc,CAAC,EAAE;QACf,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;CACF;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,MAAM,EAAE,gBAAgB,CAAA;IAExB;;OAEG;IACH,WAAW,EAAE,OAAO,CAAA;IAEpB;;OAEG;IACH,eAAe,CAAC,EAAE,gBAAgB,GAAG,SAAS,CAAA;IAE9C;;OAEG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,CAAA;IAEnC;;OAEG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,CAAA;IAEnC;;OAEG;IACH,WAAW,CAAC,EAAE,WAAW,CAAA;IAEzB;;OAEG;IACH,WAAW,CAAC,EAAE,WAAW,CAAA;IAEzB;;OAEG;IACH,0BAA0B,CAAC,EAAE,gBAAgB,GAAG,SAAS,CAAA;IAEzD;;OAEG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,GAAG,SAAS,CAAA;IAE/C;;OAEG;IACH,iBAAiB,CAAC,EAAE,iBAAiB,CAAA;IAErC;;OAEG;IACH,sBAAsB,CAAC,EAAE,OAAO,CAAA;IAEhC;;;;;;;;;;;;;;OAcG;IACH,SAAS,CAAC,EAAE,aAAa,EAAE,CAAA;CAC5B"}
package/dist/esm/index.d.ts CHANGED
@@ -1,9 +1,9 @@
1
1
  export { getDenialReasons, type DenialPolicyType, type RequestDenial } from './analysis/analyzeResults.js';
2
2
  export { typeForContextKey } from './context_keys/contextKeys.js';
3
- export { type BaseConditionKeyType, isConditionKeyArray, type ConditionKeyType } from './context_keys/contextKeyTypes.js';
3
+ export { isConditionKeyArray, type BaseConditionKeyType, type ConditionKeyType } from './context_keys/contextKeyTypes.js';
4
4
  export { findContextKeys } from './context_keys/findContextKeys.js';
5
5
  export type { SimulationMode } from './core_engine/CoreSimulatorEngine.js';
6
- export type { EvaluationResult, IgnoredCondition, IgnoredConditions, RequestAnalysis } from './evaluate.js';
6
+ export type { BlockedReason, EvaluationResult, IgnoredCondition, IgnoredConditions, RequestAnalysis } from './evaluate.js';
7
7
  export type { ActionExplain, ConditionExplain, ConditionValueExplain, ExplainPrincipalMatch, PrincipalExplain, ResourceExplain, StatementExplain } from './explain/statementExplain.js';
8
8
  export { allowedContextKeysForRequest } from './simulation_engine/contextKeys.js';
9
9
  export type { Simulation, SimulationIdentityPolicy, SimulationOrgPolicies } from './simulation_engine/simulation.js';
package/dist/esm/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,KAAK,gBAAgB,EACrB,KAAK,aAAa,EACnB,MAAM,8BAA8B,CAAA;AACrC,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAA;AACjE,OAAO,EACL,KAAK,oBAAoB,EACzB,mBAAmB,EACnB,KAAK,gBAAgB,EACtB,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAA;AACnE,YAAY,EAAE,cAAc,EAAE,MAAM,sCAAsC,CAAA;AAC1E,YAAY,EACV,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,EAChB,MAAM,eAAe,CAAA;AACtB,YAAY,EACV,aAAa,EACb,gBAAgB,EAChB,qBAAqB,EACrB,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EACjB,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,4BAA4B,EAAE,MAAM,oCAAoC,CAAA;AACjF,YAAY,EACV,UAAU,EACV,wBAAwB,EACxB,qBAAqB,EACtB,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,yCAAyC,CAAA;AACvE,YAAY,EACV,qBAAqB,EACrB,oBAAoB,EACpB,gBAAgB,EAChB,wBAAwB,EACxB,oBAAoB,EACpB,8BAA8B,EAC9B,8BAA8B,EAC9B,iCAAiC,EACjC,gCAAgC,EACjC,MAAM,yCAAyC,CAAA;AAChD,YAAY,EAAE,iBAAiB,EAAE,MAAM,0CAA0C,CAAA;AACjF,OAAO,EAAE,mBAAmB,EAAE,MAAM,+CAA+C,CAAA;AACnF,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAA"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,KAAK,gBAAgB,EACrB,KAAK,aAAa,EACnB,MAAM,8BAA8B,CAAA;AACrC,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAA;AACjE,OAAO,EACL,mBAAmB,EACnB,KAAK,oBAAoB,EACzB,KAAK,gBAAgB,EACtB,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAA;AACnE,YAAY,EAAE,cAAc,EAAE,MAAM,sCAAsC,CAAA;AAC1E,YAAY,EACV,aAAa,EACb,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,EAChB,MAAM,eAAe,CAAA;AACtB,YAAY,EACV,aAAa,EACb,gBAAgB,EAChB,qBAAqB,EACrB,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EACjB,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,4BAA4B,EAAE,MAAM,oCAAoC,CAAA;AACjF,YAAY,EACV,UAAU,EACV,wBAAwB,EACxB,qBAAqB,EACtB,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,yCAAyC,CAAA;AACvE,YAAY,EACV,qBAAqB,EACrB,oBAAoB,EACpB,gBAAgB,EAChB,wBAAwB,EACxB,oBAAoB,EACpB,8BAA8B,EAC9B,8BAA8B,EAC9B,iCAAiC,EACjC,gCAAgC,EACjC,MAAM,yCAAyC,CAAA;AAChD,YAAY,EAAE,iBAAiB,EAAE,MAAM,0CAA0C,CAAA;AACjF,OAAO,EAAE,mBAAmB,EAAE,MAAM,+CAA+C,CAAA;AACnF,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAA"}
package/dist/esm/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAGjB,MAAM,8BAA8B,CAAA;AACrC,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAA;AACjE,OAAO,EAEL,mBAAmB,EAEpB,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAA;AAiBnE,OAAO,EAAE,4BAA4B,EAAE,MAAM,oCAAoC,CAAA;AAMjF,OAAO,EAAE,aAAa,EAAE,MAAM,yCAAyC,CAAA;AAavE,OAAO,EAAE,mBAAmB,EAAE,MAAM,+CAA+C,CAAA;AACnF,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAA"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAGjB,MAAM,8BAA8B,CAAA;AACrC,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAA;AACjE,OAAO,EACL,mBAAmB,EAGpB,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAA;AAkBnE,OAAO,EAAE,4BAA4B,EAAE,MAAM,oCAAoC,CAAA;AAMjF,OAAO,EAAE,aAAa,EAAE,MAAM,yCAAyC,CAAA;AAavE,OAAO,EAAE,mBAAmB,EAAE,MAAM,+CAA+C,CAAA;AACnF,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAA"}
package/dist/esm/services/DefaultServiceAuthorizer.d.ts CHANGED
@@ -20,5 +20,21 @@ export declare class DefaultServiceAuthorizer implements ServiceAuthorizer {
20
20
  * @returns true if the service trusts the principal's account IAM policies
21
21
  */
22
22
  serviceTrustsPrincipalAccount(sameAccount: boolean, resourceAnalysis: ResourceAnalysis, resource: RequestResource): boolean;
23
+ /**
24
+ * Evaluations whether the minimum requirements for the request to be allowed are met based on the core policies
25
+ * - Identity
26
+ * - Resource
27
+ * - Session
28
+ *
29
+ * Depending on the service, and whether the principal and resources are in the same account, the requirements may differ.
30
+ * For same account requests, for most services an Allow in the resource policy or the identity policy is sufficient to
31
+ * allow the request, so this function will return 'Allowed'. If there is an explicit deny elsewhere, that is not considered.
32
+ * This function only determines if there are enough core policies to allow the request, and final determination of the
33
+ * request is done elsewhere.
34
+ *
35
+ * @param request the service authorization request containing all analyses
36
+ * @returns 'Allowed' if the core policies allow the request, otherwise may return 'ImplicitlyDenied' or 'ExplicitlyDenied' depending on the analyses
37
+ */
38
+ private initialEvaluationResult;
23
39
  }
24
40
  //# sourceMappingURL=DefaultServiceAuthorizer.d.ts.map
package/dist/esm/services/DefaultServiceAuthorizer.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"DefaultServiceAuthorizer.d.ts","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,KAAK,eAAe,EAAE,KAAK,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AAC5E,OAAO,EAAE,KAAK,eAAe,EAAE,MAAM,+BAA+B,CAAA;AACpE,OAAO,EAAE,KAAK,2BAA2B,EAAE,KAAK,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAEjG;;GAEG;AACH,qBAAa,wBAAyB,YAAW,iBAAiB;IAChE;;;;;OAKG;IACI,SAAS,CAAC,OAAO,EAAE,2BAA2B,GAAG,eAAe;IA+NvE;;;;;;OAMG;IACH,6BAA6B,CAC3B,WAAW,EAAE,OAAO,EACpB,gBAAgB,EAAE,gBAAgB,EAClC,QAAQ,EAAE,eAAe,GACxB,OAAO;CASX"}
1
+ {"version":3,"file":"DefaultServiceAuthorizer.d.ts","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":"AAOA,OAAO,EAGL,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACtB,MAAM,gBAAgB,CAAA;AACvB,OAAO,EAAE,KAAK,eAAe,EAAE,MAAM,+BAA+B,CAAA;AACpE,OAAO,EAAE,KAAK,2BAA2B,EAAE,KAAK,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAuEjG;;GAEG;AACH,qBAAa,wBAAyB,YAAW,iBAAiB;IAChE;;;;;OAKG;IACI,SAAS,CAAC,OAAO,EAAE,2BAA2B,GAAG,eAAe;IAuIvE;;;;;;OAMG;IACH,6BAA6B,CAC3B,WAAW,EAAE,OAAO,EACpB,gBAAgB,EAAE,gBAAgB,EAClC,QAAQ,EAAE,eAAe,GACxB,OAAO;IAUV;;;;;;;;;;;;;;OAcG;IACH,OAAO,CAAC,uBAAuB;CA+ChC"}