npm - @cloud-copilot/iam-simulate - Versions diffs - 0.1.12 → 0.1.14 - Mend

@cloud-copilot/iam-simulate 0.1.12 → 0.1.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (329) hide show

package/dist/esm/services/DefaultServiceAuthorizer.js CHANGED Viewed

@@ -1,161 +1,125 @@
+import { isAssumedRoleArn, isFederatedUserArn, isIamUserArn } from "../util.js";
 /**
  * The default authorizer for services.
  */
 export class DefaultServiceAuthorizer {
     authorize(request) {
-        const scpResult = this.serviceControlPolicyResult(request);
-        const identityStatementResult = this.identityStatementResult(request);
-        const resourcePolicyResult = this.resourcePolicyResult(request);
+        const scpResult = request.scpAnalysis.result;
+        const identityStatementResult = request.identityAnalysis.result;
+        const resourcePolicyResult = request.resourceAnalysis?.result;
+        const permissionBoundaryResult = request.permissionBoundaryAnalysis?.result;
         const principalAccount = request.request.principal.accountId();
         const resourceAccount = request.request.resource?.accountId();
+        const sameAccount = principalAccount === resourceAccount;
+        const baseResult = {
+            sameAccount,
+            identityAnalysis: request.identityAnalysis,
+            scpAnalysis: request.scpAnalysis,
+            resourceAnalysis: request.resourceAnalysis,
+            permissionBoundaryAnalysis: request.permissionBoundaryAnalysis
+        };
         if (scpResult !== 'Allowed') {
-            return scpResult;
+            return {
+                result: scpResult,
+                ...baseResult
+            };
         }
         if (resourcePolicyResult === 'ExplicitlyDenied' || resourcePolicyResult === 'DeniedForAccount') {
-            return 'ExplicitlyDenied';
+            return {
+                result: 'ExplicitlyDenied',
+                ...baseResult
+            };
         }
         if (identityStatementResult === 'ExplicitlyDenied') {
-            return 'ExplicitlyDenied';
+            return {
+                result: 'ExplicitlyDenied',
+                ...baseResult
+            };
+        }
+        if (permissionBoundaryResult === 'ExplicitlyDenied') {
+            return {
+                result: 'ExplicitlyDenied',
+                ...baseResult
+            };
         }
         //Same Account
         if (principalAccount === resourceAccount) {
-            if (resourcePolicyResult === 'Allowed' || resourcePolicyResult === 'AllowedForAccount' || identityStatementResult === 'Allowed') {
-                return 'Allowed';
+            if (permissionBoundaryResult === 'ImplicitlyDenied') {
+                /**
+                 * If the permission boundary is an implicit deny
+                 *
+                 * If the request is from an assumed role ARN AND the resource policy allows the assumed role (session) ARN = ALLOW
+                 * If the request is from an IAM user ARN AND the resource policy allows the IAM user ARN = ALLOW
+                 * If the request is from a federated user ARN AND the resource policy allows the federated user ARN = ALLOW
+                 * The request is allowed: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+                 */
+                if (resourcePolicyResult === 'Allowed') {
+                    const principal = request.request.principal.value();
+                    if (isAssumedRoleArn(principal) || isIamUserArn(principal) || isFederatedUserArn(principal)) {
+                        if (request.resourceAnalysis.allowStatements.some(statement => statement.principalMatch === 'Match')) {
+                            return {
+                                result: 'Allowed',
+                                ...baseResult
+                            };
+                        }
+                    }
+                }
+                return {
+                    result: 'ImplicitlyDenied',
+                    ...baseResult
+                };
+            }
+            /*
+              TODO: Implicit denies in identity policies
+              I think if the identity policy has an implicit deny for assumed roles or federated users,
+              then the resource policy must have the federerated or assumed role ARN exactly.
+              That doesn't seem right though. I know many cases where the resource policy has the role ARN and it works
+              Need to add some tests for this.
+            */
+            if (resourcePolicyResult === 'Allowed' || identityStatementResult === 'Allowed') {
+                return {
+                    result: 'Allowed',
+                    ...baseResult
+                };
             }
-            return 'ImplicitlyDenied';
+            return {
+                result: 'ImplicitlyDenied',
+                ...baseResult
+            };
         }
         //Cross Account
+        if (permissionBoundaryResult === 'ImplicitlyDenied') {
+            return {
+                result: 'ImplicitlyDenied',
+                ...baseResult
+            };
+        }
         if (resourcePolicyResult === 'Allowed' || resourcePolicyResult === 'AllowedForAccount') {
             if (identityStatementResult === 'Allowed') {
-                return 'Allowed';
+                return {
+                    result: 'Allowed',
+                    ...baseResult
+                };
             }
-            return 'ImplicitlyDenied';
-        }
-        return 'ImplicitlyDenied';
+            return {
+                result: 'ImplicitlyDenied',
+                ...baseResult
+            };
+        }
+        return {
+            result: 'ImplicitlyDenied',
+            ...baseResult
+        };
         /**
          * Add checks for:
+         * * session policies
+         * * resource control policies
          * * root user
          * * service linked roles
-         * * resource control policies
-         * * boundary policies
          * * vpc endpoint policies
-         * * session policies (maybe these are just part of identity policies?)
          */
     }
-    /**
-     * Determine the result of the SCP analysis.
-     *
-     * @param request The request to authorize.
-     * @returns The result of the SCP analysis.
-     */
-    serviceControlPolicyResult(request) {
-        const orgAllows = request.scpAnalysis.map((scpAnalysis) => {
-            return scpAnalysis.statementAnalysis.some((statement) => {
-                return this.identityStatementAllows(statement);
-            });
-        });
-        if (orgAllows.includes(false)) {
-            return 'ImplicitlyDenied';
-        }
-        const anyScpDeny = request.scpAnalysis.some((scpAnalysis) => {
-            return scpAnalysis.statementAnalysis.some((statement) => {
-                return this.identityStatementExplicitDeny(statement);
-            });
-        });
-        if (anyScpDeny) {
-            return 'ExplicitlyDenied';
-        }
-        return 'Allowed';
-    }
-    /**
-     * Evaluate the identity statements to determine the result.
-     *
-     * @param request The request to authorize.
-     * @returns The result of the identity statement analysis.
-     */
-    identityStatementResult(request) {
-        const explicitDeny = request.identityStatements.some(s => this.identityStatementExplicitDeny(s));
-        if (explicitDeny) {
-            return 'ExplicitlyDenied';
-        }
-        const explicitAllow = request.identityStatements.some(s => this.identityStatementAllows(s));
-        const possibleDeny = request.identityStatements.some(s => this.identityStatementUknownDeny(s));
-        if (explicitAllow) {
-            return possibleDeny ? 'Unknown' : 'Allowed';
-        }
-        const possibleAllow = request.identityStatements.some(s => this.identityStatementUknownAllow(s));
-        if (possibleAllow) {
-            return 'Unknown';
-        }
-        return 'ImplicitlyDenied';
-    }
-    /**
-     * Evaluate the resource policy to determine the result.
-     *
-     * @param request the request to authorize
-     * @returns the result of the resource policy analysis
-     */
-    resourcePolicyResult(request) {
-        if (!request.resourceAnalysis) {
-            return 'NotApplicable';
-        }
-        const denyStatements = request.resourceAnalysis.filter(s => this.identityStatementExplicitDeny(s));
-        if (denyStatements.some(s => s.principalMatch === 'Match')) {
-            return 'ExplicitlyDenied';
-        }
-        if (denyStatements.some(s => s.principalMatch === 'AccountLevelMatch')) {
-            return 'DeniedForAccount';
-        }
-        const allowStatements = request.resourceAnalysis.filter(s => this.identityStatementAllows(s));
-        if (allowStatements.some(s => s.principalMatch === 'Match')) {
-            return 'Allowed';
-        }
-        if (allowStatements.some(s => s.principalMatch === 'AccountLevelMatch')) {
-            return 'AllowedForAccount';
-        }
-        return 'ImplicityDenied';
-    }
-    /**
-     * Checks if a statement is an identity statement that allows the request.
-     *
-     * @param statement The statement to check.
-     * @returns Whether the statement is an identity statement that allows the request.
-     */
-    identityStatementAllows(statement) {
-        if (statement.resourceMatch &&
-            statement.actionMatch &&
-            statement.conditionMatch === 'Match' &&
-            statement.statement.effect() === 'Allow') {
-            return true;
-        }
-        return false;
-    }
-    identityStatementUknownAllow(statement) {
-        if (statement.resourceMatch &&
-            statement.actionMatch &&
-            statement.conditionMatch === 'Unknown' &&
-            statement.statement.effect() === 'Allow') {
-            return true;
-        }
-        return false;
-    }
-    identityStatementUknownDeny(statement) {
-        if (statement.resourceMatch &&
-            statement.actionMatch &&
-            statement.conditionMatch === 'Unknown' &&
-            statement.statement.effect() === 'Deny') {
-            return true;
-        }
-        return false;
-    }
-    identityStatementExplicitDeny(statement) {
-        if (statement.resourceMatch &&
-            statement.actionMatch &&
-            statement.conditionMatch === 'Match' &&
-            statement.statement.effect() === 'Deny') {
-            return true;
-        }
-        return false;
-    }
 }
 //# sourceMappingURL=DefaultServiceAuthorizer.js.map

package/dist/esm/services/DefaultServiceAuthorizer.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"DefaultServiceAuthorizer.js","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":"~~AAIA~~;;GAEG;AACH,MAAM,OAAO,wBAAwB;IAC5B,SAAS,CAAC,OAAoC;QACnD,MAAM,SAAS,GAAG,~~IAAI~~,CAAC,~~0BAA0B~~,CAAC,~~OAAO~~,CAAC~~,CAAC~~;~~QAC3D~~,MAAM,uBAAuB,GAAG,~~IAAI~~,CAAC,~~uBAAuB~~,CAAC,~~OAAO~~,CAAC~~,CAAC~~;~~QACtE~~,MAAM,oBAAoB,GAAG,~~IAAI~~,CAAC,~~oBAAoB~~,~~CAAC~~,OAAO,CAAC,~~CAAC~~;~~QAEhE~~,MAAM,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,CAAA;QAC9D,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,SAAS,EAAE,CAAA;~~QAE7D~~,~~IAAG~~,~~SAAS~~,KAAK,~~SAAS~~,~~EAAE,CAAC~~;~~YAC3B~~,~~OAAO~~,~~SAAS~~,~~CAAA~~;~~QAClB~~,~~CAAC~~;~~QAED~~,~~IAAG~~,~~oBAAoB~~,~~KAAK~~,~~kBAAkB~~,~~IAAI~~,~~oBAAoB~~,~~KAAK,kBAAkB,~~EAAE,~~CAAC;YAC9F,~~OAAO,~~kBAAkB~~,~~CAAA~~;~~QAC3B~~,~~CAAC;QAED~~,~~IAAG,uBAAuB,KAAK,kBAAkB,~~EAAE,~~CAAC;YAClD,~~OAAO,~~kBAAkB,CAAA;QAC3B,~~CAAC~~;QAED~~,~~cAAc~~;~~QACd~~,~~IAAG~~,~~gBAAgB~~,~~KAAK~~,~~eAAe~~,~~EAAE~~,~~CAAC~~;~~YACxC~~,IAAG,~~oBAAoB,KAAK,~~SAAS,~~IAAI,oBAAoB,~~KAAK,~~mBAAmB,IAAI,uBAAuB,KAAK,~~SAAS,EAAE,CAAC;~~gBAC/H~~,OAAO,~~SAAS~~,~~CAAA;YAClB~~,~~CAAC~~;~~YACD~~,~~OAAO~~,~~kBAAkB~~,CAAA;~~QAC3B~~,CAAC;QAED,~~eAAe;QACf,~~IAAG,oBAAoB,KAAK,~~SAAS~~,IAAI,oBAAoB,KAAK,~~mBAAmB~~,EAAE,CAAC;~~YACtF~~,~~IAAG~~,~~uBAAuB~~,~~KAAK,SAAS,~~EAAE,~~CAAC~~;~~gBACzC~~,~~OAAO~~,~~SAAS,CAAA~~;~~YAClB~~,~~CAAC;YACD,OAAO,kBAAkB,~~CAAA;~~QAC3B~~,CAAC;QAED,~~OAAO~~,~~kBAAkB~~,~~CAAA;QAEzB;;;;;;;;WAQG;IACL~~,~~CAAC;IAED;;;;;OAKG;IACI~~,~~0BAA0B~~,CAAC~~,OAAoC~~;~~QACpE~~,~~MAAM,SAAS,GAAG,~~OAAO~~,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE~~;~~YACxD~~,~~OAAO~~,~~WAAW,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,SAAS,~~EAAE,~~EAAE~~;~~gBACtD~~,~~OAAO~~,~~IAAI,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAA~~;~~YAChD~~,~~CAAC,CAAC,~~CAAA;~~QACJ~~,CAAC~~,CAAC,CAAA~~;~~QAEF~~,IAAG,~~SAAS~~,~~CAAC,QAAQ,CAAC,~~KAAK,~~CAAC~~,EAAE,CAAC;~~YAC7B~~,OAAO~~,kBAAkB,CAAA~~;~~QAC3B~~,~~CAAC;QAED,~~MAAM,~~UAAU,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,WAAW,~~EAAE,~~EAAE~~;~~YAC1D~~,~~OAAO~~,~~WAAW,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE~~;~~gBACtD~~,~~OAAO,IAAI,CAAC,6BAA6B,CAAC,SAAS,CAAC,~~CAAA;~~YACtD~~,CAAC~~,CAAC,CAAA~~;~~QACJ~~,~~CAAC,CAAC,CAAA~~;~~QAEF~~,IAAG,~~UAAU~~,~~EAAE~~,~~CAAC;YACd~~,~~OAAO~~,~~kBAAkB,CAAA;QAC3B,~~CAAC;~~QAED~~,~~OAAO~~,~~SAAS~~,~~CAAA;IAClB~~,~~CAAC;IAED;;;;;OAKG;IACI,uBAAuB,CAAC,OAAoC;QACjE,MAAM,YAAY,GAAG,OAAO,CAAC,~~kBAAkB,~~CAAC,IAAI,CAAC,CAAC,CAAC,~~EAAE,CAAC~~,IAAI,CAAC,6BAA6B,CAAC,CAAC,CAAC,CAAC,CAAC~~;~~QACjG~~,IAAG,~~YAAY~~,~~EAAE~~,~~CAAC;YAChB~~,~~OAAO~~,~~kBAAkB,~~CAAC;~~QAC5B~~,~~CAAC;QAED,~~MAAM,~~aAAa~~,GAAG,OAAO,CAAC,~~kBAAkB~~,CAAC,~~IAAI~~,CAAC,~~CAAC~~,~~CAAC,~~EAAE,~~CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,CAAC~~;~~QAC5F~~,~~MAAM~~,~~YAAY~~,~~GAAG,OAAO,~~CAAC,~~kBAAkB~~,CAAC,IAAI,~~CAAC~~,CAAC,~~CAAC~~,~~EAAE,~~CAAC,IAAI,~~CAAC~~,~~2BAA2B,~~CAAC,~~CAAC~~,CAAC,~~CAAC~~,CAAC;~~QAC/F~~,IAAG,~~aAAa,EAAE,CAAC;YACjB,~~OAAO,~~YAAY,~~CAAC,~~CAAC~~,CAAC,~~SAAS~~,CAAC,~~CAAC~~,CAAC,SAAS,CAAC~~;QAC9C~~,~~CAAC;QAED,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,~~EAAE,CAAC,~~IAAI~~,CAAC,~~4BAA4B~~,~~CAAC~~,~~CAAC~~,CAAC,~~CAAC~~,CAAC;~~QACjG~~,~~IAAG~~,~~aAAa~~,EAAE,~~CAAC~~;~~YACjB~~,~~OAAO~~,~~SAAS,CAAC~~;~~QACnB~~,~~CAAC;QAED,OAAO,kBAAkB,~~CAAA;~~IAC3B~~,CAAC;~~IAED;;;;;OAKG;IACI~~,~~oBAAoB,~~CAAC~~,OAAoC~~;~~QAC9D~~,~~IAAG,~~CAAC,OAAO,~~CAAC~~,~~gBAAgB,~~EAAE,~~CAAC~~;~~YAC7B~~,~~OAAO~~,~~eAAe~~,CAAA;~~QACxB~~,CAAC;~~QAED,MAAM,cAAc,GAAG,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,CAAC,CAAC,CAAC~~;~~QACnG~~,IAAG,~~cAAc~~,~~CAAC~~,IAAI,~~CAAC~~,~~CAAC~~,~~CAAC~~,EAAE,CAAC,~~CAAC,CAAC,cAAc,KAAK,~~OAAO,~~CAAC~~,EAAE,~~CAAC~~;~~YAC1D~~,~~OAAO~~,~~kBAAkB~~,CAAA;~~QAC3B~~,CAAC;~~QACD~~,~~IAAG~~,~~cAAc~~,~~CAAC,IAAI,CAAC,CAAC,CAAC,~~EAAE,~~CAAC~~,~~CAAC~~,~~CAAC,cAAc,KAAK,mBAAmB,CAAC,EAAE,CAAC~~;~~YACtE~~,~~OAAO,kBAAkB,~~CAAA;~~QAC3B~~,CAAC;QAED,~~MAAM,~~eAAe~~,GAAG,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,CAAC~~;~~QAC9F~~,IAAG,~~eAAe~~,~~CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,~~KAAK,~~OAAO~~,~~CAAC,~~EAAE,CAAC;~~YAC3D~~,OAAO~~,SAAS,CAAA~~;~~QAClB~~,~~CAAC;QACD~~,~~IAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,~~EAAE,~~CAAC~~,~~CAAC~~,~~CAAC,cAAc,KAAK,mBAAmB,CAAC,EAAE,CAAC~~;~~YACvE~~,~~OAAO,mBAAmB,~~CAAA;~~QAC5B~~,CAAC;QAED,~~OAAO,iBAAiB,CAAA;IAE1B,CAAC;IAED;;;;;OAKG;IACI,uBAAuB,CAAC,SAA4B;QACzD,~~IAAG,~~SAAS~~,~~CAAC,aAAa;YACxB,SAAS,CAAC,WAAW;YACrB,SAAS,CAAC,cAAc,~~KAAK,~~OAAO;YACpC,~~SAAS,~~CAAC~~,~~SAAS~~,~~CAAC,MAAM,EAAE,~~KAAK,~~OAAO~~,EAAE,CAAC;~~YACzC~~,~~OAAO~~,~~IAAI~~,~~CAAC;QAChB,CAAC;QACD,OAAO,~~KAAK,~~CAAC;IACf,CAAC;IAEM,4BAA4B,CAAC,SAA4B;QAC9D,IAAG,~~SAAS,~~CAAC~~,~~aAAa;YACxB,SAAS,~~CAAC~~,WAAW~~;~~YACrB~~,~~SAAS,CAAC,cAAc,KAAK,SAAS~~;~~YACtC~~,~~SAAS,CAAC,SAAS,CAAC,~~MAAM,EAAE,~~KAAK,OAAO,EAAE,CAAC~~;~~YACzC~~,~~OAAO~~,~~IAAI,CAAC~~;~~QAChB~~,~~CAAC;QACD,OAAO,KAAK,~~CAAA;~~IACd~~,CAAC;~~IAEM~~,~~2BAA2B,CAAC,SAA4B~~;~~QAC7D~~,~~IAAG,SAAS,CAAC,aAAa;YACxB,SAAS,CAAC,WAAW;YACrB,SAAS,CAAC,cAAc,KAAK,SAAS;YACtC,SAAS,CAAC,SAAS,CAAC,~~MAAM,EAAE,~~KAAK,MAAM,EAAE,CAAC~~;~~YACxC~~,~~OAAO~~,~~IAAI,CAAC~~;~~QAChB~~,~~CAAC;QACD,OAAO,KAAK,~~CAAA;~~IACd~~,CAAC;~~IAEM~~,~~6BAA6B,CAAC,SAA4B;QAC/D,IAAG,SAAS,CAAC,aAAa;YACxB,SAAS,CAAC,WAAW;YACrB,SAAS,CAAC,cAAc,KAAK,~~OAAO;~~YACpC~~,~~SAAS,CAAC,SAAS,CAAC,~~MAAM,EAAE,~~KAAK,MAAM,EAAE,CAAC~~;~~YACxC~~,~~OAAO~~,~~IAAI,CAAC~~;~~QAChB~~,~~CAAC~~;~~QACD,OAAO,KAAK,CAAC~~;~~IACf~~,CAAC;CACF"}
1	+ {"version":3,"file":"DefaultServiceAuthorizer.js","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAGhF;;GAEG;AACH,MAAM,OAAO,wBAAwB;IAC5B,SAAS,CAAC,OAAoC;QACnD,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC;QAC7C,MAAM,uBAAuB,GAAG,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC;QAChE,MAAM,oBAAoB,GAAG,OAAO,CAAC,gBAAgB,EAAE,MAAM,CAAA;QAC7D,MAAM,wBAAwB,GAAG,OAAO,CAAC,0BAA0B,EAAE,MAAM,CAAA;QAE3E,MAAM,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,CAAA;QAC9D,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,SAAS,EAAE,CAAA;QAC7D,MAAM,WAAW,GAAG,gBAAgB,KAAK,eAAe,CAAA;QAExD,MAAM,UAAU,GAAmI;YACjJ,WAAW;YACX,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,0BAA0B,EAAE,OAAO,CAAC,0BAA0B;SAC/D,CAAA;QAED,IAAG,SAAS,KAAK,SAAS,EAAE,CAAC;YAC3B,OAAO;gBACL,MAAM,EAAE,SAAS;gBACjB,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IAAG,oBAAoB,KAAK,kBAAkB,IAAI,oBAAoB,KAAK,kBAAkB,EAAE,CAAC;YAC9F,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IAAG,uBAAuB,KAAK,kBAAkB,EAAE,CAAC;YAClD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IAAG,wBAAwB,KAAK,kBAAkB,EAAE,CAAC;YACnD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,cAAc;QACd,IAAG,gBAAgB,KAAK,eAAe,EAAE,CAAC;YAExC,IAAG,wBAAwB,KAAK,kBAAkB,EAAE,CAAC;gBACnD;;;;;;;mBAOG;gBACH,IAAG,oBAAoB,KAAK,SAAS,EAAE,CAAC;oBACtC,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAA;oBACnD,IAAG,gBAAgB,CAAC,SAAS,CAAC,IAAI,YAAY,CAAC,SAAS,CAAC,IAAI,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC;wBAC3F,IAAG,OAAO,CAAC,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,SAAS,CAAC,cAAc,KAAK,OAAO,CAAC,EAAC,CAAC;4BACnG,OAAO;gCACL,MAAM,EAAE,SAAS;gCACjB,GAAG,UAAU;6BACd,CAAA;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,OAAO;oBACL,MAAM,EAAE,kBAAkB;oBAC1B,GAAG,UAAU;iBACd,CAAA;YACH,CAAC;YAGD;;;;;;;;cAQE;YACF,IAAG,oBAAoB,KAAK,SAAS,IAAI,uBAAuB,KAAK,SAAS,EAAE,CAAC;gBAC/E,OAAO;oBACL,MAAM,EAAE,SAAS;oBACjB,GAAG,UAAU;iBACd,CAAA;YACH,CAAC;YACD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,eAAe;QACf,IAAG,wBAAwB,KAAK,kBAAkB,EAAE,CAAC;YACnD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IAAG,oBAAoB,KAAK,SAAS,IAAI,oBAAoB,KAAK,mBAAmB,EAAE,CAAC;YACtF,IAAG,uBAAuB,KAAK,SAAS,EAAE,CAAC;gBACzC,OAAO;oBACL,MAAM,EAAE,SAAS;oBACjB,GAAG,UAAU;iBACd,CAAA;YACH,CAAC;YACD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,OAAO;YACL,MAAM,EAAE,kBAAkB;YAC1B,GAAG,UAAU;SACd,CAAA;QAED;;;;;;;WAOG;IACL,CAAC;CACF"}

package/dist/esm/services/ServiceAuthorizer.d.ts CHANGED Viewed

@@ -1,14 +1,13 @@
-import { EvaluationResult } from "../evaluate.js";
+import { IdentityAnalysis, RequestAnalysis, ResourceAnalysis, ScpAnalysis } from "../evaluate.js";
 import { AwsRequest } from "../request/request.js";
-import { SCPAnalysis } from "../SCPAnalysis.js";
-import { StatementAnalysis } from "../StatementAnalysis.js";
 export interface ServiceAuthorizationRequest {
     request: AwsRequest;
-    identityStatements: StatementAnalysis[];
-    scpAnalysis: SCPAnalysis[];
-    resourceAnalysis: StatementAnalysis[];
+    identityAnalysis: IdentityAnalysis;
+    scpAnalysis: ScpAnalysis;
+    resourceAnalysis: ResourceAnalysis;
+    permissionBoundaryAnalysis: IdentityAnalysis | undefined;
 }
 export interface ServiceAuthorizer {
-    authorize(request: ServiceAuthorizationRequest): EvaluationResult;
+    authorize(request: ServiceAuthorizationRequest): RequestAnalysis;
 }
 //# sourceMappingURL=ServiceAuthorizer.d.ts.map

package/dist/esm/services/ServiceAuthorizer.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"ServiceAuthorizer.d.ts","sourceRoot":"","sources":["../../../src/services/ServiceAuthorizer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,~~MAAM~~,~~gBAAgB,CAAC;AAClD,OAAO,~~EAAE,~~UAAU~~,EAAE,~~MAAM,uBAAuB,CAAC;AACnD,OAAO,EAAE,~~WAAW,EAAE,MAAM,~~mBAAmB~~,CAAC;~~AAChD~~,OAAO,EAAE,~~iBAAiB~~,EAAE,MAAM,~~yBAAyB~~,CAAC;~~AAE5D~~,MAAM,WAAW,2BAA2B;IAC1C,OAAO,EAAE,UAAU,CAAC;IACpB,~~kBAAkB~~,EAAE,~~iBAAiB~~,~~EAAE,~~CAAC;~~IACxC~~,WAAW,EAAE,WAAW,~~EAAE,~~CAAC;~~IAC3B~~,gBAAgB,EAAE,~~iBAAiB~~,EAAE,CAAC;~~CACvC~~;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,CAAC,OAAO,EAAE,2BAA2B,GAAG,~~gBAAgB~~,CAAA;~~CAClE~~"}
1	+ {"version":3,"file":"ServiceAuthorizer.d.ts","sourceRoot":"","sources":["../../../src/services/ServiceAuthorizer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClG,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAEnD,MAAM,WAAW,2BAA2B;IAC1C,OAAO,EAAE,UAAU,CAAC;IACpB,gBAAgB,EAAE,gBAAgB,CAAC;IACnC,WAAW,EAAE,WAAW,CAAC;IACzB,gBAAgB,EAAE,gBAAgB,CAAC;IACnC,0BAA0B,EAAE,gBAAgB,GAAG,SAAS,CAAC;CAC1D;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,CAAC,OAAO,EAAE,2BAA2B,GAAG,eAAe,CAAA;CACjE"}

package/dist/esm/simulation_engine/simulation.d.ts CHANGED Viewed

@@ -20,5 +20,9 @@ export interface Simulation {
         }[];
     }[];
     resourcePolicy?: any;
+    permissionBoundaryPolicies?: {
+        name: string;
+        policy: any;
+    }[];
 }
 //# sourceMappingURL=simulation.d.ts.map

package/dist/esm/simulation_engine/simulation.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"simulation.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/simulation.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,EAAE;YACR,QAAQ,EAAE,MAAM,CAAC;YACjB,SAAS,EAAE,MAAM,CAAA;SAClB,CAAA;QACD,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;KACrD,CAAA;IAED,gBAAgB,EAAE;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,GAAG,CAAA;KAAC,EAAE,CAAC;IAChD,sBAAsB,EAAE;QACtB,aAAa,EAAE,MAAM,CAAC;QACtB,QAAQ,EAAE;YAAC,IAAI,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,GAAG,CAAA;SAAC,EAAE,CAAA;KACxC,EAAE,CAAC;IACJ,cAAc,CAAC,EAAE,GAAG,CAAC;~~CACtB~~"}
1	+ {"version":3,"file":"simulation.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/simulation.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,EAAE;YACR,QAAQ,EAAE,MAAM,CAAC;YACjB,SAAS,EAAE,MAAM,CAAA;SAClB,CAAA;QACD,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;KACrD,CAAA;IAED,gBAAgB,EAAE;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,GAAG,CAAA;KAAC,EAAE,CAAC;IAChD,sBAAsB,EAAE;QACtB,aAAa,EAAE,MAAM,CAAC;QACtB,QAAQ,EAAE;YAAC,IAAI,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,GAAG,CAAA;SAAC,EAAE,CAAA;KACxC,EAAE,CAAC;IACJ,cAAc,CAAC,EAAE,GAAG,CAAA;IACpB,0BAA0B,CAAC,EAAG;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,GAAG,CAAA;KAAC,EAAE,CAAA;CAC5D"}

package/dist/esm/simulation_engine/simulationEngine.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { ValidationError } from "@cloud-copilot/iam-policy";
-import { EvaluationResult } from "../evaluate.js";
+import { RequestAnalysis } from "../evaluate.js";
 import { Simulation } from "./simulation.js";
 import { SimulationOptions } from "./simulationOptions.js";
 export interface SimulationErrors {
@@ -10,9 +10,7 @@ export interface SimulationErrors {
 }
 export interface SimulationResult {
     errors?: SimulationErrors;
-    result?: {
-        evaluationResult: EvaluationResult;
-    };
+    analysis?: RequestAnalysis;
 }
 /**
  * Run a simulation with validation

package/dist/esm/simulation_engine/simulationEngine.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"simulationEngine.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":"AACA,OAAO,EAAoG,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAI9J,OAAO,EAAE,~~gBAAgB~~,EAAE,MAAM,gBAAgB,CAAC;~~AAKlD~~,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;IACzD,yBAAyB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;IAC9D,oBAAoB,CAAC,EAAE,eAAe,EAAE,CAAC;IACzC,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,CAAC,EAAE,gBAAgB,CAAC;IAC1B,~~MAAM~~,CAAC,EAAE~~;QACP~~,~~gBAAgB~~,~~EAAE,gBAAgB,~~CAAA;~~KACnC,CAAA~~;~~CACF;~~AAED;;;;;;GAMG;AACH,wBAAsB,aAAa,CAAC,UAAU,EAAE,UAAU,EAAE,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC,~~CA+HpI~~;AAED,wBAAsB,6BAA6B,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC,CA0BtH"}
1	+ {"version":3,"file":"simulationEngine.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":"AACA,OAAO,EAAoG,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAI9J,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAKjD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;IACzD,yBAAyB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;IAC9D,oBAAoB,CAAC,EAAE,eAAe,EAAE,CAAC;IACzC,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,CAAC,EAAE,gBAAgB,CAAC;IAC1B,QAAQ,CAAC,EAAE,eAAe,CAAA;CAC3B;AAED;;;;;;GAMG;AACH,wBAAsB,aAAa,CAAC,UAAU,EAAE,UAAU,EAAE,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC,CA2IpI;AAED,wBAAsB,6BAA6B,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC,CA0BtH"}

package/dist/esm/simulation_engine/simulationEngine.js CHANGED Viewed

@@ -47,8 +47,21 @@ export async function runSimulation(simulation, simulationOptions) {
         };
     });
     const resourcePolicyErrors = simulation.resourcePolicy ? validateResourcePolicy(simulation.resourcePolicy) : [];
+    const permissionBoundaries = simulation.permissionBoundaryPolicies ? [] : undefined;
+    const permissionBoundaryErrors = {};
+    simulation.permissionBoundaryPolicies?.map((pb) => {
+        const { name, policy } = pb;
+        const validationErrors = validateIdentityPolicy(policy);
+        if (validationErrors.length == 0) {
+            permissionBoundaries.push(loadPolicy(policy));
+        }
+        else {
+            permissionBoundaryErrors[name] = validationErrors;
+        }
+    });
     if (Object.keys(identityPolicyErrors).length > 0 ||
         Object.keys(seviceControlPolicyErrors).length > 0 ||
+        Object.keys(permissionBoundaryErrors).length > 0 ||
         resourcePolicyErrors.length > 0) {
         return {
             errors: {
@@ -120,12 +133,11 @@ export async function runSimulation(simulation, simulationOptions) {
         }, simulation.request.action, new RequestContextImpl(contextValues)),
         identityPolicies,
         serviceControlPolicies,
-        resourcePolicy
+        resourcePolicy,
+        permissionBoundaries
     });
     return {
-        result: {
-            evaluationResult: simulationResult
-        }
+        analysis: simulationResult
     };
 }
 export async function normalizeSimulationParameters(simulation) {

package/dist/esm/simulation_engine/simulationEngine.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"simulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC5E,OAAO,EAAE,UAAU,EAAU,sBAAsB,EAAE,sBAAsB,EAAE,4BAA4B,EAAmB,MAAM,2BAA2B,CAAC;AAC9J,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AAC5F,OAAO,EAAE,SAAS,EAA0B,MAAM,uCAAuC,CAAC;AAE1F,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAC7E,OAAO,EAAE,4BAA4B,EAAE,MAAM,kBAAkB,CAAC;~~AAkBhE~~;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,UAAsB,EAAE,iBAA6C;IACvG,MAAM,oBAAoB,GAAsC,EAAE,CAAC;IACnE,MAAM,gBAAgB,GAAa,EAAE,CAAC;IACtC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QAC5C,MAAM,EAAC,IAAI,EAAE,MAAM,EAAC,GAAG,KAAK,CAAC;QAC7B,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAC;QACxD,IAAG,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YAChC,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,oBAAoB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC;QAChD,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,yBAAyB,GAAsC,EAAE,CAAC;IACxE,MAAM,sBAAsB,GAA6B,UAAU,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACrG,MAAM,IAAI,GAAG,GAAG,CAAC,aAAa,CAAC;QAC/B,MAAM,aAAa,GAAa,EAAE,CAAC;QAEnC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;YAC7B,MAAM,EAAC,IAAI,EAAE,MAAM,EAAC,GAAG,KAAK,CAAC;YAC7B,MAAM,gBAAgB,GAAG,4BAA4B,CAAC,MAAM,CAAC,CAAC;YAC9D,IAAG,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC/B,yBAAyB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC;YACrD,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;YACzC,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,QAAQ,EAAE,aAAa;SACxB,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,oBAAoB,GAAG,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,sBAAsB,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAEhH,IAAG,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,MAAM,GAAG,CAAC;QAC5C,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,MAAM,GAAG,CAAC;QACjD,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,OAAO;YACL,MAAM,EAAE;gBACN,oBAAoB;gBACpB,yBAAyB;gBACzB,oBAAoB;gBACpB,OAAO,EAAE,eAAe;aACzB;SACF,CAAA;IACH,CAAC;IAED,MAAM,cAAc,GAAG,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAErG,IAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACpD,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,gBAAgB;aAC1B;SACF,CAAA;IACH,CAAC;IAED,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/D,MAAM,YAAY,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACrD,IAAG,CAAC,YAAY,EAAE,CAAC;QACjB,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,iBAAiB;aAC3B;SACF,CAAA;IACH,CAAC;IACD,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC3D,IAAG,CAAC,WAAW,EAAE,CAAC;QAChB,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,gBAAgB;aAC1B;SACF,CAAA;IACH,CAAC;IAED,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;IACzD,MAAM,oBAAoB,GAAG,MAAM,oBAAoB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACzE,IAAG,oBAAoB,EAAE,CAAC;QACxB,IAAG,WAAW,KAAK,GAAG,EAAE,CAAC;YACvB,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,mBAAmB;iBAC7B;aACF,CAAA;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,aAAa,GAAG,MAAM,yBAAyB,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;QACpF,IAAG,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,mBAAmB;iBAC7B;aAEF,CAAA;QACH,CAAC;aAAM,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,yBAAyB;iBACnC;aACF,CAAA;QACH,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,6BAA6B,CAAC,UAAU,CAAC,CAAC;IAEtE,MAAM,gBAAgB,GAAG,SAAS,CAAC;QACjC,OAAO,EAAE,IAAI,cAAc,CACzB,UAAU,CAAC,OAAO,CAAC,SAAS,EAC5B;YACE,QAAQ,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ;YAC9C,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS;SACjD,EACD,UAAU,CAAC,OAAO,CAAC,MAAM,EACzB,IAAI,kBAAkB,CAAC,aAAa,CAAC,CACtC;QACD,gBAAgB;QAChB,sBAAsB;QACtB,cAAc;~~KACf~~,CAAC,CAAA;IAEF,OAAO;QACL,~~MAAM~~,EAAE~~;YACN~~,gBAAgB~~,EAAE,gBAAgB~~;~~SACnC;KACF~~,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,6BAA6B,CAAC,UAAsB;IACxE,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;IACzD,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC,MAAM,4BAA4B,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,CAAA;IAE3G,4FAA4F;IAC5F,MAAM,kBAAkB,GAAsC,EAAE,CAAC;IACjE,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACnE,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACvD,MAAM,YAAY,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QACvC,IAAI,yBAAyB,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,uBAAuB,CAAC,YAAY,EAAE,yBAAyB,CAAC,EAAE,CAAC;YAEpH,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,YAAY,CAAC,CAAC;YAC5D,MAAM,aAAa,GAAG,MAAM,uBAAuB,CAAC,GAAG,CAAC,CAAC;YAEzD,IAAG,mBAAmB,CAAC,aAAa,CAAC,EAAE,CAAC;gBACtC,kBAAkB,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;YACrD,CAAC;iBAAM,IAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC/B,kBAAkB,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC/C,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC;YAC5C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,kBAAkB,CAAA;AAC3B,CAAC;AAED,SAAS,uBAAuB,CAAC,YAAoB,EAAE,gBAA6B;IAClF,MAAM,eAAe,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAClD,IAAG,eAAe,KAAK,CAAC,CAAC,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,GAAG,CAAC,CAAC,CAAC;IAC1D,KAAI,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;QACvC,IAAG,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC"}
1	+ {"version":3,"file":"simulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC5E,OAAO,EAAE,UAAU,EAAU,sBAAsB,EAAE,sBAAsB,EAAE,4BAA4B,EAAmB,MAAM,2BAA2B,CAAC;AAC9J,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AAC5F,OAAO,EAAE,SAAS,EAA0B,MAAM,uCAAuC,CAAC;AAE1F,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAC7E,OAAO,EAAE,4BAA4B,EAAE,MAAM,kBAAkB,CAAC;AAgBhE;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,UAAsB,EAAE,iBAA6C;IACvG,MAAM,oBAAoB,GAAsC,EAAE,CAAC;IACnE,MAAM,gBAAgB,GAAa,EAAE,CAAC;IACtC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QAC5C,MAAM,EAAC,IAAI,EAAE,MAAM,EAAC,GAAG,KAAK,CAAC;QAC7B,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAC;QACxD,IAAG,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YAChC,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,oBAAoB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC;QAChD,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,yBAAyB,GAAsC,EAAE,CAAC;IACxE,MAAM,sBAAsB,GAA6B,UAAU,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACrG,MAAM,IAAI,GAAG,GAAG,CAAC,aAAa,CAAC;QAC/B,MAAM,aAAa,GAAa,EAAE,CAAC;QAEnC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;YAC7B,MAAM,EAAC,IAAI,EAAE,MAAM,EAAC,GAAG,KAAK,CAAC;YAC7B,MAAM,gBAAgB,GAAG,4BAA4B,CAAC,MAAM,CAAC,CAAC;YAC9D,IAAG,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC/B,yBAAyB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC;YACrD,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;YACzC,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,QAAQ,EAAE,aAAa;SACxB,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,oBAAoB,GAAG,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,sBAAsB,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAEhH,MAAM,oBAAoB,GAAyB,UAAU,CAAC,0BAA0B,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAC1G,MAAM,wBAAwB,GAAsC,EAAE,CAAC;IACvE,UAAU,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE;QAChD,MAAM,EAAC,IAAI,EAAE,MAAM,EAAC,GAAG,EAAE,CAAC;QAC1B,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAC;QACxD,IAAG,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YAChC,oBAAqB,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;QACjD,CAAC;aAAM,CAAC;YACN,wBAAwB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC;QACpD,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,IAAG,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,MAAM,GAAG,CAAC;QAC5C,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,MAAM,GAAG,CAAC;QACjD,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,MAAM,GAAG,CAAC;QAChD,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,OAAO;YACL,MAAM,EAAE;gBACN,oBAAoB;gBACpB,yBAAyB;gBACzB,oBAAoB;gBACpB,OAAO,EAAE,eAAe;aACzB;SACF,CAAA;IACH,CAAC;IAED,MAAM,cAAc,GAAG,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAErG,IAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACpD,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,gBAAgB;aAC1B;SACF,CAAA;IACH,CAAC;IAED,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/D,MAAM,YAAY,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACrD,IAAG,CAAC,YAAY,EAAE,CAAC;QACjB,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,iBAAiB;aAC3B;SACF,CAAA;IACH,CAAC;IACD,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC3D,IAAG,CAAC,WAAW,EAAE,CAAC;QAChB,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,gBAAgB;aAC1B;SACF,CAAA;IACH,CAAC;IAED,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;IACzD,MAAM,oBAAoB,GAAG,MAAM,oBAAoB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACzE,IAAG,oBAAoB,EAAE,CAAC;QACxB,IAAG,WAAW,KAAK,GAAG,EAAE,CAAC;YACvB,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,mBAAmB;iBAC7B;aACF,CAAA;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,aAAa,GAAG,MAAM,yBAAyB,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;QACpF,IAAG,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,mBAAmB;iBAC7B;aAEF,CAAA;QACH,CAAC;aAAM,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,yBAAyB;iBACnC;aACF,CAAA;QACH,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,6BAA6B,CAAC,UAAU,CAAC,CAAC;IAEtE,MAAM,gBAAgB,GAAG,SAAS,CAAC;QACjC,OAAO,EAAE,IAAI,cAAc,CACzB,UAAU,CAAC,OAAO,CAAC,SAAS,EAC5B;YACE,QAAQ,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ;YAC9C,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS;SACjD,EACD,UAAU,CAAC,OAAO,CAAC,MAAM,EACzB,IAAI,kBAAkB,CAAC,aAAa,CAAC,CACtC;QACD,gBAAgB;QAChB,sBAAsB;QACtB,cAAc;QACd,oBAAoB;KACrB,CAAC,CAAA;IAEF,OAAO;QACL,QAAQ,EAAE,gBAAgB;KAC3B,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,6BAA6B,CAAC,UAAsB;IACxE,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;IACzD,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC,MAAM,4BAA4B,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,CAAA;IAE3G,4FAA4F;IAC5F,MAAM,kBAAkB,GAAsC,EAAE,CAAC;IACjE,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACnE,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACvD,MAAM,YAAY,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QACvC,IAAI,yBAAyB,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,uBAAuB,CAAC,YAAY,EAAE,yBAAyB,CAAC,EAAE,CAAC;YAEpH,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,YAAY,CAAC,CAAC;YAC5D,MAAM,aAAa,GAAG,MAAM,uBAAuB,CAAC,GAAG,CAAC,CAAC;YAEzD,IAAG,mBAAmB,CAAC,aAAa,CAAC,EAAE,CAAC;gBACtC,kBAAkB,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;YACrD,CAAC;iBAAM,IAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC/B,kBAAkB,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC/C,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC;YAC5C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,kBAAkB,CAAA;AAC3B,CAAC;AAED,SAAS,uBAAuB,CAAC,YAAoB,EAAE,gBAA6B;IAClF,MAAM,eAAe,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAClD,IAAG,eAAe,KAAK,CAAC,CAAC,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,GAAG,CAAC,CAAC,CAAC;IAC1D,KAAI,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;QACvC,IAAG,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC"}

package/dist/esm/simulation_engine/unsafeSimulationEngine.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"unsafeSimulationEngine.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/unsafeSimulationEngine.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAGvD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,UAAU,EAAE,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAAG,gBAAgB,~~CAuB3H~~"}
1	+ {"version":3,"file":"unsafeSimulationEngine.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/unsafeSimulationEngine.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAGvD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,UAAU,EAAE,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAAG,gBAAgB,CA6B3H"}

package/dist/esm/simulation_engine/unsafeSimulationEngine.js CHANGED Viewed

@@ -20,16 +20,19 @@ export function runUnsafeSimulation(simulation, simulationOptions) {
             policies: policies
         };
     });
+    const permissionBoundaries = simulation.permissionBoundaryPolicies?.map(val => loadPolicy(val.policy)) ?? undefined;
     const requestContext = new RequestContextImpl(simulation.request.contextVariables);
     const request = new AwsRequestImpl(simulation.request.principal, {
         resource: simulation.request.resource.resource,
         accountId: simulation.request.resource.accountId,
     }, simulation.request.action, requestContext);
-    return authorize({
+    const analysis = authorize({
         request,
         identityPolicies,
         serviceControlPolicies,
-        resourcePolicy: simulation.resourcePolicy ? loadPolicy(simulation.resourcePolicy) : undefined
+        resourcePolicy: simulation.resourcePolicy ? loadPolicy(simulation.resourcePolicy) : undefined,
+        permissionBoundaries
     });
+    return analysis.result;
 }
 //# sourceMappingURL=unsafeSimulationEngine.js.map

package/dist/esm/simulation_engine/unsafeSimulationEngine.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"unsafeSimulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/unsafeSimulationEngine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,SAAS,EAA0B,MAAM,uCAAuC,CAAC;AAE1F,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAI1D;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CAAC,UAAsB,EAAE,iBAA6C;IACvG,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;IACnG,MAAM,sBAAsB,GAA6B,UAAU,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACrG,MAAM,IAAI,GAAG,GAAG,CAAC,aAAa,CAAC;QAC/B,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;QAEjE,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,QAAQ,EAAE,QAAQ;SACnB,CAAA;IACH,CAAC,CAAC,CAAA;~~IACF~~,MAAM,cAAc,GAAG,IAAI,kBAAkB,CAAC,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;IAClF,MAAM,OAAO,GAAG,IAAI,cAAc,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,EAAE;QAC/D,QAAQ,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ;QAC9C,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS;KACjD,EAAE,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAE9C,~~OAAO~~,SAAS,CAAC;~~QACf~~,OAAO;QACP,gBAAgB;QAChB,sBAAsB;QACtB,cAAc,EAAE,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS;~~KAC9F~~,CAAC,CAAC;~~AACL~~,CAAC"}
1	+ {"version":3,"file":"unsafeSimulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/unsafeSimulationEngine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,SAAS,EAA0B,MAAM,uCAAuC,CAAC;AAE1F,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAI1D;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CAAC,UAAsB,EAAE,iBAA6C;IACvG,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;IACnG,MAAM,sBAAsB,GAA6B,UAAU,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACrG,MAAM,IAAI,GAAG,GAAG,CAAC,aAAa,CAAC;QAC/B,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;QAEjE,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,QAAQ,EAAE,QAAQ;SACnB,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,oBAAoB,GAAG,UAAU,CAAC,0BAA0B,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,SAAS,CAAC;IAEpH,MAAM,cAAc,GAAG,IAAI,kBAAkB,CAAC,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;IAClF,MAAM,OAAO,GAAG,IAAI,cAAc,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,EAAE;QAC/D,QAAQ,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ;QAC9C,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS;KACjD,EAAE,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAE9C,MAAM,QAAQ,GAAG,SAAS,CAAC;QACzB,OAAO;QACP,gBAAgB;QAChB,sBAAsB;QACtB,cAAc,EAAE,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS;QAC7F,oBAAoB;KACrB,CAAC,CAAC;IAEH,OAAO,QAAQ,CAAC,MAAM,CAAC;AACzB,CAAC"}

package/dist/esm/util.d.ts CHANGED Viewed

@@ -1,7 +1,8 @@
 import { ResourceType } from '@cloud-copilot/iam-data';
 import { AwsRequest } from './request/request.js';
-interface StringReplaceOptions {
+export interface StringReplaceOptions {
     replaceWildcards: boolean;
+    convertToRegex: boolean;
 }
 /**
  * This will convert a string to a regex that can be used to match against a string.
@@ -11,7 +12,14 @@ interface StringReplaceOptions {
  * @param requestContext the request context to get the variable values from
  * @returns a regex that can be used to match against a string
  */
-export declare function convertIamStringToRegex(value: string, request: AwsRequest, replaceOptions?: Partial<StringReplaceOptions>): RegExp;
+export declare function convertIamString(value: string, request: AwsRequest, replaceOptions: {
+    replaceWildcards?: boolean;
+    convertToRegex: false;
+}): string;
+export declare function convertIamString(value: string, request: AwsRequest, replaceOptions?: Partial<StringReplaceOptions>): {
+    pattern: RegExp;
+    errors?: string[];
+};
 export interface ArnParts {
     partition: string | undefined;
     service: string | undefined;
@@ -89,5 +97,25 @@ export declare function lowerCaseAll(strings: string[]): string[];
  * @returns the variables in the string, if any
  */
 export declare function getVariablesFromString(value: string): string[];
-export {};
+/**
+ * Tests if a principal string is an assumed role ARN
+ *
+ * @param principal the principal string to test
+ * @returns true if the principal is an assumed role ARN, false otherwise
+ */
+export declare function isAssumedRoleArn(principal: string): boolean;
+/**
+ * Test if a principal string is an IAM user ARN
+ *
+ * @param principal the principal string to test
+ * @returns true if the principal is an IAM user ARN, false otherwise
+ */
+export declare function isIamUserArn(principal: string): boolean;
+/**
+ * Test if a principal string is a federated user ARN
+ *
+ * @param principal the principal string to test
+ * @returns true if the principal is a federated user ARN, false otherwise
+ */
+export declare function isFederatedUserArn(principal: string): boolean;
 //# sourceMappingURL=util.d.ts.map

package/dist/esm/util.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../src/util.ts"],"names":[],"mappings":"AAAA,OAAO,EAA4C,YAAY,EAAE,MAAM,yBAAyB,CAAA;AAChG,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AAIjD,~~UAAU~~,oBAAoB;~~IAC5B~~,gBAAgB,EAAE,OAAO,CAAA;~~CAC1B~~;~~AAMD~~;;;;;;;GAOG;AACH,wBAAgB,~~uBAAuB~~,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,oBAAoB,CAAC,GAAG,MAAM,~~CA4DlI~~;~~AA8CD~~,MAAM,WAAW,QAAQ;IACvB,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,OAAO,EAAE,MAAM,GAAG,SAAS,CAAA;IAC3B,MAAM,EAAE,MAAM,GAAG,SAAS,CAAA;IAC1B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;IAC5B,YAAY,EAAE,MAAM,GAAG,SAAS,CAAA;IAChC,YAAY,EAAE,MAAM,GAAG,SAAS,CAAA;CACjC;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,QAAQ,CAyBnD;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAgBtE;AAED;;;;;GAKG;AACH,wBAAgB,SAAS,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,SAAS,GAAG,KAAK,IAAI,CAAC,CAE7D;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,SAAS,GAAG,KAAK,IAAI,SAAS,CAExE;AAED;;;;;;;GAOG;AACH,wBAAsB,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAG5F;AAED;;;;;;;GAOG;AACH,wBAAsB,yBAAyB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAiB1H;AAED;;;;;GAKG;AACH,wBAAgB,6BAA6B,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAOrE;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAExD;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAY9D"}
1	+ {"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../src/util.ts"],"names":[],"mappings":"AAAA,OAAO,EAA4C,YAAY,EAAE,MAAM,yBAAyB,CAAA;AAChG,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AAIjD,MAAM,WAAW,oBAAoB;IACnC,gBAAgB,EAAE,OAAO,CAAA;IACzB,cAAc,EAAE,OAAO,CAAA;CACxB;AAOD;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE;IAAC,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAAC,cAAc,EAAE,KAAK,CAAA;CAAC,GAAG,MAAM,CAAC;AAClJ,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,oBAAoB,CAAC,GAAG;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;CAAC,CAAC;AA4H3J,MAAM,WAAW,QAAQ;IACvB,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,OAAO,EAAE,MAAM,GAAG,SAAS,CAAA;IAC3B,MAAM,EAAE,MAAM,GAAG,SAAS,CAAA;IAC1B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;IAC5B,YAAY,EAAE,MAAM,GAAG,SAAS,CAAA;IAChC,YAAY,EAAE,MAAM,GAAG,SAAS,CAAA;CACjC;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,QAAQ,CAyBnD;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAgBtE;AAED;;;;;GAKG;AACH,wBAAgB,SAAS,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,SAAS,GAAG,KAAK,IAAI,CAAC,CAE7D;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,SAAS,GAAG,KAAK,IAAI,SAAS,CAExE;AAED;;;;;;;GAOG;AACH,wBAAsB,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAG5F;AAED;;;;;;;GAOG;AACH,wBAAsB,yBAAyB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAiB1H;AAED;;;;;GAKG;AACH,wBAAgB,6BAA6B,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAOrE;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAExD;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAY9D;AAID;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAE3D;AAID;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAEvD;AAID;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAE7D"}