npm - @cloud-copilot/iam-simulate - Versions diffs - 0.1.12 → 0.1.14 - Mend

@cloud-copilot/iam-simulate 0.1.12 → 0.1.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (329) hide show

package/dist/cjs/util.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.convertIamStringToRegex = convertIamStringToRegex;
+exports.convertIamString = convertIamString;
 exports.splitArnParts = splitArnParts;
 exports.getResourceSegments = getResourceSegments;
 exports.isDefined = isDefined;
@@ -10,41 +10,37 @@ exports.getResourceTypesForAction = getResourceTypesForAction;
 exports.convertResourcePatternToRegex = convertResourcePatternToRegex;
 exports.lowerCaseAll = lowerCaseAll;
 exports.getVariablesFromString = getVariablesFromString;
+exports.isAssumedRoleArn = isAssumedRoleArn;
+exports.isIamUserArn = isIamUserArn;
+exports.isFederatedUserArn = isFederatedUserArn;
 const iam_data_1 = require("@cloud-copilot/iam-data");
 const matchesNothing = new RegExp('a^');
 const defaultStringReplaceOptions = {
-    replaceWildcards: true
+    replaceWildcards: true,
+    convertToRegex: true
 };
-/**
- * This will convert a string to a regex that can be used to match against a string.
- * This will replace any variables in the string with the value of the variable in the request context.
- *
- * @param value the string to convert to a regex
- * @param requestContext the request context to get the variable values from
- * @returns a regex that can be used to match against a string
- */
-function convertIamStringToRegex(value, request, replaceOptions) {
+function convertIamString(value, request, replaceOptions) {
     const options = { ...defaultStringReplaceOptions, ...replaceOptions };
-    let invalidVariableFound = false;
+    const errors = [];
     const newValue = value.replaceAll(/(\$\{.*?\})|(\*)|(\?)/ig, (match, args) => {
         if (match == "?") {
-            return replacementValue('\\?', '.', options.replaceWildcards);
+            return replacementValue(match, '\\?', '.', options);
             // return '.'
         }
         else if (match == "*") {
-            return replacementValue('\\*', ".*?", options.replaceWildcards);
+            return replacementValue(match, '\\*', ".*?", options);
             // return ".*?"
         }
         else if (match == "${*}") {
-            return replacementValue("\\$\\{\\*\\}", "\\*", options.replaceWildcards);
+            return replacementValue(match, "\\$\\{\\*\\}", "\\*", options);
             // return "\\*"
         }
         else if (match == "${?}") {
-            return replacementValue("\\$\\{\\?\\}", "\\?", options.replaceWildcards);
+            return replacementValue(match, "\\$\\{\\?\\}", "\\?", options);
             // return "\\?"
         }
         else if (match == "${$}") {
-            return replacementValue("\\$\\{\\$\\}", "\\$", options.replaceWildcards);
+            return replacementValue(match, "\\$\\{\\$\\}", "\\$", options);
             // return "\\$"
         }
         //
@@ -59,30 +55,40 @@ function convertIamStringToRegex(value, request, replaceOptions) {
             }
         }
         const variableName = defaultParts.at(0).trim();
-        const requestValue = getContextSingleValue(request, variableName);
+        const { value: requestValue, error: requestValueError } = getContextSingleValue(request, variableName);
         if (requestValue) {
-            return escapeRegexCharacters(requestValue);
+            //TODO: Maybe escpae the * in the resolved value to ${*}
+            return options.convertToRegex ? escapeRegexCharacters(requestValue) : requestValue;
         }
         else if (defaultValue) {
             /*
               TODO: What happens in a request if a multi value context key is used in a string and there
               is a default value? Will it use the default value or will it fail the condition test?
             */
-            return escapeRegexCharacters(defaultValue);
+            //TODO: Maybe escpae the * in the resolved value to ${*}
+            return options.convertToRegex ? escapeRegexCharacters(defaultValue) : defaultValue;
         }
         else {
-            invalidVariableFound = true;
+            if (requestValueError == 'missing') {
+                errors.push(`{${variableName}} not found in request context, and no default value provided. This will never match`);
+            }
+            else if (requestValueError == 'multivalue') {
+                errors.push(`{${variableName}} is a multi value context key, and cannot be used for replacement. This will never match`);
+            }
             /*
             https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#policy-vars-no-value
             */
-            return "--undefined---";
+            return match;
         }
         throw new Error('This should never happen');
     });
-    if (invalidVariableFound) {
-        return matchesNothing;
+    if (!options.convertToRegex) {
+        return newValue;
     }
-    return new RegExp('^' + newValue + '$');
+    if (errors.length > 0) {
+        return { pattern: matchesNothing, errors };
+    }
+    return { pattern: new RegExp('^' + newValue + '$') };
 }
 /**
  * Replace regex characters in a string with their escaped versions
@@ -102,27 +108,33 @@ function escapeRegexCharacters(str) {
  */
 function getContextSingleValue(request, contextKeyName) {
     if (!request.contextKeyExists(contextKeyName)) {
-        return undefined;
+        return {
+            error: 'missing'
+        };
     }
     const keyValue = request.getContextKeyValue(contextKeyName);
     if (keyValue.isStringValue()) {
-        return keyValue.value;
+        return { value: keyValue.value };
     }
-    return undefined;
+    return { error: 'multivalue' };
 }
 /**
  * Get the replacement value for a string
  *
+ * @param originalString the original string to replace the value of
  * @param rawString the string to replace the value in
  * @param wildcard the value to replace the wildcard with
  * @param replaceWildcards if the wildcard or raw string should be used
  * @returns
  */
-function replacementValue(rawString, wildcard, replaceWildcards) {
-    if (replaceWildcards) {
-        return wildcard;
+function replacementValue(original, escaped, regex, options) {
+    if (!options.convertToRegex) {
+        return original;
+    }
+    if (options.replaceWildcards) {
+        return regex;
     }
-    return rawString;
+    return escaped;
 }
 /**
  * Split an ARN into its parts
@@ -275,4 +287,34 @@ function getVariablesFromString(value) {
     }
     return [];
 }
+const assumedRoleArnRegex = /^arn:aws:sts::\d{12}:assumed-role\/.*$/;
+/**
+ * Tests if a principal string is an assumed role ARN
+ *
+ * @param principal the principal string to test
+ * @returns true if the principal is an assumed role ARN, false otherwise
+ */
+function isAssumedRoleArn(principal) {
+    return assumedRoleArnRegex.test(principal);
+}
+const userArnRegex = /^arn:aws:iam::\d{12}:user\/.*$/;
+/**
+ * Test if a principal string is an IAM user ARN
+ *
+ * @param principal the principal string to test
+ * @returns true if the principal is an IAM user ARN, false otherwise
+ */
+function isIamUserArn(principal) {
+    return userArnRegex.test(principal);
+}
+const federatedUserArnRegex = /^arn:aws:sts::\d{12}:federated-user\/.*$/;
+/**
+ * Test if a principal string is a federated user ARN
+ *
+ * @param principal the principal string to test
+ * @returns true if the principal is a federated user ARN, false otherwise
+ */
+function isFederatedUserArn(principal) {
+    return federatedUserArnRegex.test(principal);
+}
 //# sourceMappingURL=util.js.map

package/dist/cjs/util.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"util.js","sourceRoot":"","sources":["../../src/util.ts"],"names":[],"mappings":";;~~AAqBA~~,~~0DA4DC~~;~~AA8DD~~,sCAyBC;AASD,kDAgBC;AAQD,8BAEC;AAQD,oCAEC;AAUD,oDAGC;AAUD,8DAiBC;AAQD,sEAOC;AAQD,oCAEC;AAQD,wDAYC;~~AA1SD~~,sDAAgG;AAGhG,MAAM,cAAc,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,CAAA;~~AAMvC~~,MAAM,2BAA2B,GAAyB;IACxD,gBAAgB,EAAE,IAAI;~~CACvB~~,CAAA;~~AAED;;;;;;;GAOG;AACH~~,SAAgB,~~uBAAuB~~,CAAC,KAAa,EAAE,OAAmB,EAAE,cAA8C;~~IACxH~~,MAAM,OAAO,GAAG,EAAC,GAAG,2BAA2B,EAAE,GAAG,cAAc,EAAC,CAAA;IAEnE,~~IAAI~~,~~oBAAoB~~,~~GAAG~~,~~KAAK~~,CAAA;~~IAChC~~,MAAM,QAAQ,GAAG,KAAK,CAAC,UAAU,CAAC,yBAAyB,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QAC3E,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;YACjB,OAAO,gBAAgB,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,CAAC,~~gBAAgB,CAAC,~~CAAA;~~YAC7D~~,aAAa;QACf,CAAC;aAAM,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;YACxB,OAAO,gBAAgB,CAAC,KAAK,EAAE,KAAK,EAAE,~~OAAO~~,~~CAAC~~,~~gBAAgB~~,CAAC,CAAA;~~YAC/D~~,eAAe;QACjB,CAAC;aAAM,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,gBAAgB,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,CAAC,~~gBAAgB,CAAC,~~CAAA;~~YACxE~~,eAAe;QACjB,CAAC;aAAM,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,gBAAgB,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,CAAC,~~gBAAgB,CAAC,~~CAAA;~~YACxE~~,eAAe;QACjB,CAAC;aAAM,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,gBAAgB,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,CAAC,~~gBAAgB,CAAC,~~CAAA;~~YACxE~~,eAAe;QACjB,CAAC;QACD,EAAE;QACF,4BAA4B;QAC5B,MAAM,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QAExC,IAAI,YAAY,GAAG,SAAS,CAAA;QAC5B,MAAM,YAAY,GAAG,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QAC9C,IAAG,YAAY,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YAC5B,MAAM,iBAAiB,GAAG,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YAC5C,IAAG,iBAAiB,EAAE,UAAU,CAAC,GAAG,CAAC,IAAI,iBAAiB,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACzE,YAAY,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YAC/C,CAAC;QACH,CAAC;QACD,MAAM,YAAY,GAAG,YAAY,CAAC,EAAE,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAA;QAE/C,MAAM,YAAY,GAAG,qBAAqB,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;~~QAEjE~~,IAAG,YAAY,EAAE,CAAC;YAChB,OAAO,qBAAqB,CAAC,YAAY,CAAC,CAAA;~~QAC5C~~,CAAC;aAAM,IAAG,YAAY,EAAE,CAAC;YACvB;;;cAGE;~~YACF~~,OAAO,qBAAqB,CAAC,YAAY,CAAC,CAAA;~~QAC5C~~,CAAC;aAAM,CAAC;YACN,~~oBAAoB~~,~~GAAG~~,IAAI,CAAA;~~YAC3B~~;;cAEE;YACF,OAAO,~~gBAAgB~~,CAAA;~~QACzB~~,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAA;IAC7C,CAAC,CAAC,CAAA;IAEF,IAAG,~~oBAAoB~~,EAAE,CAAC;~~QACxB~~,OAAO,cAAc,CAAA;~~IACvB~~,CAAC;~~IACD~~,OAAO,IAAI,MAAM,CAAC,GAAG,GAAG,QAAQ,GAAG,GAAG,CAAC,CAAA;~~AACzC~~,CAAC;AAED;;;;;GAKG;AACH,SAAS,qBAAqB,CAAC,GAAW;IACxC,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC;AAED;;;;;;GAMG;AACH,SAAS,qBAAqB,CAAC,OAAmB,EAAE,cAAsB;IACxE,IAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,cAAc,CAAC,EAAE,CAAC;QAC7C,OAAO,SAAS,CAAA;~~IAClB~~,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAA;IAC3D,IAAG,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC;QAC5B,OAAO,QAAQ,CAAC,KAAK,CAAA;~~IACvB~~,CAAC;IAED,OAAO,~~SAAS~~,CAAA;~~AAClB~~,CAAC;AAED~~;;;;;;;GAOG~~;AACH,SAAS,gBAAgB,CAAC,~~SAAiB~~,EAAE,~~QAAgB~~,EAAE,~~gBAAyB~~;~~IACtF~~,IAAG,~~gBAAgB~~,EAAE,CAAC;~~QACpB~~,OAAO,QAAQ,CAAA;IACjB,CAAC;IACD,OAAO,~~SAAS~~,CAAA;~~AAClB~~,CAAC;AAYD;;;;;GAKG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC5B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC7B,MAAM,OAAO,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC3B,MAAM,MAAM,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC1B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC7B,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAEzC,IAAI,YAAY,GAAG,SAAS,CAAA;IAC5B,IAAI,YAAY,GAAG,SAAS,CAAA;IAC5B,IAAG,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,IAAI,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACtD,MAAM,CAAC,mBAAmB,EAAE,mBAAmB,CAAC,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAA;QAChF,YAAY,GAAG,mBAAmB,CAAA;QAClC,YAAY,GAAG,mBAAmB,CAAA;IACpC,CAAC;IAED,OAAO;QACL,SAAS;QACT,OAAO;QACP,MAAM;QACN,SAAS;QACT,QAAQ;QACR,YAAY;QACZ,YAAY;KACb,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,mBAAmB,CAAC,QAAgB;IAClD,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACxC,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAExC,IAAI,UAAU,GAAG,UAAU,CAAA;IAC3B,IAAG,UAAU,IAAI,CAAC,CAAC,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QACxC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,CAAA;IACnD,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,4BAA4B,QAAQ,EAAE,CAAC,CAAA;IACzD,CAAC;IAED,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAA;AACpE,CAAC;AAED;;;;;GAKG;AACH,SAAgB,SAAS,CAAI,KAAoB;IAC/C,OAAO,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,CAAC;AAC/C,CAAC;AAED;;;;;GAKG;AACH,SAAgB,YAAY,CAAI,KAAoB;IAClD,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;AAC1B,CAAC;AAED;;;;;;;GAOG;AACI,KAAK,UAAU,oBAAoB,CAAC,OAAe,EAAE,MAAc;IACxE,MAAM,aAAa,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IAC7D,OAAO,aAAa,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,CAAA;AACjD,CAAC;AAED;;;;;;;GAOG;AACI,KAAK,UAAU,yBAAyB,CAAC,OAAe,EAAE,MAAc,EAAE,QAAgB;IAC/F,MAAM,aAAa,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IAC7D,IAAG,aAAa,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,IAAI,MAAM,mCAAmC,CAAC,CAAA;IAC1E,CAAC;IAED,MAAM,qBAAqB,GAAmB,EAAE,CAAC;IACjD,KAAI,MAAM,EAAE,IAAI,aAAa,CAAC,aAAa,EAAE,CAAC;QAC5C,MAAM,YAAY,GAAG,MAAM,IAAA,iCAAsB,EAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;QACpE,MAAM,OAAO,GAAG,6BAA6B,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QAChE,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;QAClD,IAAG,KAAK,EAAE,CAAC;YACT,qBAAqB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAED,OAAO,qBAAqB,CAAA;AAC9B,CAAC;AAED;;;;;GAKG;AACH,SAAgB,6BAA6B,CAAC,OAAe;IAC3D,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,EAAE;QACpD,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;QAC/D,OAAO,MAAM,SAAS,SAAS,CAAA;IACjC,CAAC,CAAC,CAAA;IACF,OAAO,IAAI,KAAK,GAAG,CAAA;AACrB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,YAAY,CAAC,OAAiB;IAC5C,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAA;AAC1C,CAAC;AAED;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,KAAa;IAClD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,CAAA;IACzC,IAAG,OAAO,EAAE,CAAC;QACX,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACvB,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YACjC,IAAG,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC5B,OAAO,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;YACxC,CAAC;YACD,OAAO,UAAU,CAAA;QACnB,CAAC,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC"}
1	+ {"version":3,"file":"util.js","sourceRoot":"","sources":["../../src/util.ts"],"names":[],"mappings":";;AAyBA,4CAuEC;AAoED,sCAyBC;AASD,kDAgBC;AAQD,8BAEC;AAQD,oCAEC;AAUD,oDAGC;AAUD,8DAiBC;AAQD,sEAOC;AAQD,oCAEC;AAQD,wDAYC;AAUD,4CAEC;AAUD,oCAEC;AAUD,gDAEC;AAnWD,sDAAgG;AAGhG,MAAM,cAAc,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,CAAA;AAOvC,MAAM,2BAA2B,GAAyB;IACxD,gBAAgB,EAAE,IAAI;IACtB,cAAc,EAAE,IAAI;CACrB,CAAA;AAYD,SAAgB,gBAAgB,CAAC,KAAa,EAAE,OAAmB,EAAE,cAA8C;IACjH,MAAM,OAAO,GAAG,EAAC,GAAG,2BAA2B,EAAE,GAAG,cAAc,EAAC,CAAA;IAEnE,MAAM,MAAM,GAAa,EAAE,CAAA;IAC3B,MAAM,QAAQ,GAAG,KAAK,CAAC,UAAU,CAAC,yBAAyB,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QAC3E,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;YACjB,OAAO,gBAAgB,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;YACnD,aAAa;QACf,CAAC;aAAM,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;YACxB,OAAO,gBAAgB,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,CAAA;YACrD,eAAe;QACjB,CAAC;aAAM,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,gBAAgB,CAAC,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE,OAAO,CAAC,CAAA;YAC9D,eAAe;QACjB,CAAC;aAAM,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,gBAAgB,CAAC,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE,OAAO,CAAC,CAAA;YAC9D,eAAe;QACjB,CAAC;aAAM,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,gBAAgB,CAAC,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE,OAAO,CAAC,CAAA;YAC9D,eAAe;QACjB,CAAC;QACD,EAAE;QACF,4BAA4B;QAC5B,MAAM,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QAExC,IAAI,YAAY,GAAG,SAAS,CAAA;QAC5B,MAAM,YAAY,GAAG,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QAC9C,IAAG,YAAY,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YAC5B,MAAM,iBAAiB,GAAG,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YAC5C,IAAG,iBAAiB,EAAE,UAAU,CAAC,GAAG,CAAC,IAAI,iBAAiB,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACzE,YAAY,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YAC/C,CAAC;QACH,CAAC;QACD,MAAM,YAAY,GAAG,YAAY,CAAC,EAAE,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAA;QAE/C,MAAM,EAAC,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,iBAAiB,EAAC,GAAG,qBAAqB,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;QAEpG,IAAG,YAAY,EAAE,CAAC;YAChB,wDAAwD;YACxD,OAAO,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAA;QACpF,CAAC;aAAM,IAAG,YAAY,EAAE,CAAC;YACvB;;;cAGE;YACH,wDAAwD;YACvD,OAAO,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAA;QACpF,CAAC;aAAM,CAAC;YACN,IAAG,iBAAiB,IAAI,SAAS,EAAE,CAAC;gBAClC,MAAM,CAAC,IAAI,CAAC,IAAI,YAAY,sFAAsF,CAAC,CAAA;YACrH,CAAC;iBAAM,IAAG,iBAAiB,IAAI,YAAY,EAAE,CAAC;gBAC5C,MAAM,CAAC,IAAI,CAAC,IAAI,YAAY,2FAA2F,CAAC,CAAA;YAC1H,CAAC;YACD;;cAEE;YACF,OAAO,KAAK,CAAA;QACd,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAA;IAC7C,CAAC,CAAC,CAAA;IAEF,IAAG,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;QAC3B,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,IAAG,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrB,OAAO,EAAC,OAAO,EAAE,cAAc,EAAE,MAAM,EAAC,CAAA;IAC1C,CAAC;IAED,OAAO,EAAC,OAAO,EAAE,IAAI,MAAM,CAAC,GAAG,GAAG,QAAQ,GAAG,GAAG,CAAC,EAAC,CAAA;AACpD,CAAC;AAED;;;;;GAKG;AACH,SAAS,qBAAqB,CAAC,GAAW;IACxC,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC;AAED;;;;;;GAMG;AACH,SAAS,qBAAqB,CAAC,OAAmB,EAAE,cAAsB;IACxE,IAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,cAAc,CAAC,EAAE,CAAC;QAC7C,OAAO;YACL,KAAK,EAAE,SAAS;SACjB,CAAA;IACH,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAA;IAC3D,IAAG,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC;QAC5B,OAAO,EAAC,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAC,CAAA;IAChC,CAAC;IAED,OAAO,EAAC,KAAK,EAAE,YAAY,EAAC,CAAA;AAC9B,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,gBAAgB,CAAC,QAAgB,EAAE,OAAe,EAAE,KAAa,EAAE,OAA6B;IACvG,IAAG,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;QAC3B,OAAO,QAAQ,CAAA;IACjB,CAAC;IACD,IAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;QAC5B,OAAO,KAAK,CAAA;IACd,CAAC;IACD,OAAO,OAAO,CAAA;AAChB,CAAC;AAYD;;;;;GAKG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC5B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC7B,MAAM,OAAO,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC3B,MAAM,MAAM,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC1B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC7B,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAEzC,IAAI,YAAY,GAAG,SAAS,CAAA;IAC5B,IAAI,YAAY,GAAG,SAAS,CAAA;IAC5B,IAAG,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,IAAI,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACtD,MAAM,CAAC,mBAAmB,EAAE,mBAAmB,CAAC,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAA;QAChF,YAAY,GAAG,mBAAmB,CAAA;QAClC,YAAY,GAAG,mBAAmB,CAAA;IACpC,CAAC;IAED,OAAO;QACL,SAAS;QACT,OAAO;QACP,MAAM;QACN,SAAS;QACT,QAAQ;QACR,YAAY;QACZ,YAAY;KACb,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,mBAAmB,CAAC,QAAgB;IAClD,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACxC,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAExC,IAAI,UAAU,GAAG,UAAU,CAAA;IAC3B,IAAG,UAAU,IAAI,CAAC,CAAC,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QACxC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,CAAA;IACnD,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,4BAA4B,QAAQ,EAAE,CAAC,CAAA;IACzD,CAAC;IAED,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAA;AACpE,CAAC;AAED;;;;;GAKG;AACH,SAAgB,SAAS,CAAI,KAAoB;IAC/C,OAAO,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,CAAC;AAC/C,CAAC;AAED;;;;;GAKG;AACH,SAAgB,YAAY,CAAI,KAAoB;IAClD,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;AAC1B,CAAC;AAED;;;;;;;GAOG;AACI,KAAK,UAAU,oBAAoB,CAAC,OAAe,EAAE,MAAc;IACxE,MAAM,aAAa,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IAC7D,OAAO,aAAa,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,CAAA;AACjD,CAAC;AAED;;;;;;;GAOG;AACI,KAAK,UAAU,yBAAyB,CAAC,OAAe,EAAE,MAAc,EAAE,QAAgB;IAC/F,MAAM,aAAa,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IAC7D,IAAG,aAAa,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,IAAI,MAAM,mCAAmC,CAAC,CAAA;IAC1E,CAAC;IAED,MAAM,qBAAqB,GAAmB,EAAE,CAAC;IACjD,KAAI,MAAM,EAAE,IAAI,aAAa,CAAC,aAAa,EAAE,CAAC;QAC5C,MAAM,YAAY,GAAG,MAAM,IAAA,iCAAsB,EAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;QACpE,MAAM,OAAO,GAAG,6BAA6B,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QAChE,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;QAClD,IAAG,KAAK,EAAE,CAAC;YACT,qBAAqB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAED,OAAO,qBAAqB,CAAA;AAC9B,CAAC;AAED;;;;;GAKG;AACH,SAAgB,6BAA6B,CAAC,OAAe;IAC3D,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,EAAE;QACpD,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;QAC/D,OAAO,MAAM,SAAS,SAAS,CAAA;IACjC,CAAC,CAAC,CAAA;IACF,OAAO,IAAI,KAAK,GAAG,CAAA;AACrB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,YAAY,CAAC,OAAiB;IAC5C,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAA;AAC1C,CAAC;AAED;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,KAAa;IAClD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,CAAA;IACzC,IAAG,OAAO,EAAE,CAAC;QACX,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACvB,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YACjC,IAAG,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC5B,OAAO,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;YACxC,CAAC;YACD,OAAO,UAAU,CAAA;QACnB,CAAC,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC;AAED,MAAM,mBAAmB,GAAG,wCAAwC,CAAA;AAEpE;;;;;GAKG;AACH,SAAgB,gBAAgB,CAAC,SAAiB;IAChD,OAAO,mBAAmB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;AAC5C,CAAC;AAED,MAAM,YAAY,GAAG,gCAAgC,CAAA;AAErD;;;;;GAKG;AACH,SAAgB,YAAY,CAAC,SAAiB;IAC5C,OAAO,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;AACrC,CAAC;AAED,MAAM,qBAAqB,GAAG,0CAA0C,CAAA;AAExE;;;;;GAKG;AACH,SAAgB,kBAAkB,CAAC,SAAiB;IAClD,OAAO,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;AAC9C,CAAC"}

package/dist/esm/StatementAnalysis.d.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import { Statement } from "@cloud-copilot/iam-policy";
 import { ConditionMatchResult } from "./condition/condition.js";
+import { StatementExplain } from "./explain/statementExplain.js";
 import { PrincipalMatchResult } from "./principal/principal.js";
 /**
  * The result of analyzing a statement against a request.
@@ -22,6 +23,19 @@ export interface StatementAnalysis {
      * Whether the Principal or NotPrincipal – if any – matches the request.
      */
     principalMatch: PrincipalMatchResult;
+    /**
+     * Whether the Conditions matches the request.
+     */
     conditionMatch: ConditionMatchResult;
+    explain?: StatementExplain;
 }
+/**
+ * Checks if a statement is an identity statement that allows the request.
+ *
+ * @param statement The statement to check.
+ * @returns Whether the statement is an identity statement that allows the request.
+ */
+export declare function identityStatementAllows(statement: StatementAnalysis): boolean;
+export declare function identityStatementExplicitDeny(statement: StatementAnalysis): boolean;
+export declare function statementMatches(analysis: Pick<StatementAnalysis, 'actionMatch' | 'conditionMatch' | 'principalMatch' | 'resourceMatch'>): boolean;
 //# sourceMappingURL=StatementAnalysis.d.ts.map

package/dist/esm/StatementAnalysis.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"StatementAnalysis.d.ts","sourceRoot":"","sources":["../../src/StatementAnalysis.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAEhE;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC;;OAEG;IACH,SAAS,EAAE,SAAS,CAAC;IAErB;;OAEG;IACH,aAAa,EAAE,OAAO,CAAC;IAEvB;;OAEG;IACH,WAAW,EAAE,OAAO,CAAC;IAErB;;OAEG;IACH,cAAc,EAAE,oBAAoB,CAAA;~~IACpC~~,cAAc,EAAE,oBAAoB,CAAA;~~CACrC~~"}
1	+ {"version":3,"file":"StatementAnalysis.d.ts","sourceRoot":"","sources":["../../src/StatementAnalysis.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAEhE;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC;;OAEG;IACH,SAAS,EAAE,SAAS,CAAC;IAErB;;OAEG;IACH,aAAa,EAAE,OAAO,CAAC;IAEvB;;OAEG;IACH,WAAW,EAAE,OAAO,CAAC;IAErB;;OAEG;IACH,cAAc,EAAE,oBAAoB,CAAA;IAEpC;;OAEG;IACH,cAAc,EAAE,oBAAoB,CAAA;IAEpC,OAAO,CAAC,EAAE,gBAAgB,CAAA;CAC3B;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO,CAQ7E;AAsBD,wBAAgB,6BAA6B,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO,CAQnF;AAED,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,iBAAiB,EAAE,aAAa,GAAG,gBAAgB,GAAG,gBAAgB,GAAG,eAAe,CAAC,GAAG,OAAO,CAKlJ"}

package/dist/esm/StatementAnalysis.js CHANGED Viewed

@@ -1,2 +1,49 @@
-export {};
+/**
+ * Checks if a statement is an identity statement that allows the request.
+ *
+ * @param statement The statement to check.
+ * @returns Whether the statement is an identity statement that allows the request.
+ */
+export function identityStatementAllows(statement) {
+    if (statement.resourceMatch &&
+        statement.actionMatch &&
+        statement.conditionMatch === 'Match' &&
+        statement.statement.effect() === 'Allow') {
+        return true;
+    }
+    return false;
+}
+// export function identityStatementUknownAllow(statement: StatementAnalysis): boolean {
+//   if(statement.resourceMatch &&
+//     statement.actionMatch &&
+//     statement.conditionMatch === 'Unknown' &&
+//     statement.statement.effect() === 'Allow') {
+//       return true;
+//   }
+//   return false
+// }
+// export function identityStatementUknownDeny(statement: StatementAnalysis): boolean {
+//   if(statement.resourceMatch &&
+//     statement.actionMatch &&
+//     statement.conditionMatch === 'Unknown' &&
+//     statement.statement.effect() === 'Deny') {
+//       return true;
+//   }
+//   return false
+// }
+export function identityStatementExplicitDeny(statement) {
+    if (statement.resourceMatch &&
+        statement.actionMatch &&
+        statement.conditionMatch === 'Match' &&
+        statement.statement.effect() === 'Deny') {
+        return true;
+    }
+    return false;
+}
+export function statementMatches(analysis) {
+    return analysis.resourceMatch &&
+        analysis.actionMatch &&
+        analysis.conditionMatch === 'Match' &&
+        ['Match', 'AccountLevelMatch', 'SessionRoleMatch', 'SessionUserMatch'].includes(analysis.principalMatch);
+}
 //# sourceMappingURL=StatementAnalysis.js.map

package/dist/esm/StatementAnalysis.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"StatementAnalysis.js","sourceRoot":"","sources":["../../src/StatementAnalysis.ts"],"names":[],"mappings":""}
1	+ {"version":3,"file":"StatementAnalysis.js","sourceRoot":"","sources":["../../src/StatementAnalysis.ts"],"names":[],"mappings":"AAsCA;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CAAC,SAA4B;IAClE,IAAG,SAAS,CAAC,aAAa;QACxB,SAAS,CAAC,WAAW;QACrB,SAAS,CAAC,cAAc,KAAK,OAAO;QACpC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,OAAO,EAAE,CAAC;QACzC,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,wFAAwF;AACxF,kCAAkC;AAClC,+BAA+B;AAC/B,gDAAgD;AAChD,kDAAkD;AAClD,qBAAqB;AACrB,MAAM;AACN,iBAAiB;AACjB,IAAI;AAEJ,uFAAuF;AACvF,kCAAkC;AAClC,+BAA+B;AAC/B,gDAAgD;AAChD,iDAAiD;AACjD,qBAAqB;AACrB,MAAM;AACN,iBAAiB;AACjB,IAAI;AAEJ,MAAM,UAAU,6BAA6B,CAAC,SAA4B;IACxE,IAAG,SAAS,CAAC,aAAa;QACxB,SAAS,CAAC,WAAW;QACrB,SAAS,CAAC,cAAc,KAAK,OAAO;QACpC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,MAAM,EAAE,CAAC;QACxC,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,QAAwG;IACvI,OAAO,QAAQ,CAAC,aAAa;QAC3B,QAAQ,CAAC,WAAW;QACpB,QAAQ,CAAC,cAAc,KAAK,OAAO;QACnC,CAAC,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;AAC7G,CAAC"}

package/dist/esm/action/action.d.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { Action, Statement } from "@cloud-copilot/iam-policy";
+import { ActionExplain, StatementExplain } from "../explain/statementExplain.js";
 import { AwsRequest } from "../request/request.js";
 /**
  * Check if a request matches the Action or NotAction elements of a statement.
@@ -7,7 +8,10 @@ import { AwsRequest } from "../request/request.js";
  * @param statement the statement to check against
  * @returns true if the request matches the Action or NotAction in the statement, false otherwise
  */
-export declare function requestMatchesStatementActions(request: AwsRequest, statement: Statement): boolean;
+export declare function requestMatchesStatementActions(request: AwsRequest, statement: Statement): {
+    matches: boolean;
+    details: Pick<StatementExplain, 'actions' | 'notActions'>;
+};
 /**
  * Check if a request matches a set of actions.
  *
@@ -15,7 +19,10 @@ export declare function requestMatchesStatementActions(request: AwsRequest, stat
  * @param actions the actions to check against
  * @returns true if the request matches any of the actions, false otherwise
  */
-export declare function requestMatchesActions(request: AwsRequest, actions: Action[]): boolean;
+export declare function requestMatchesActions(request: AwsRequest, actions: Action[]): {
+    matches: boolean;
+    explains: ActionExplain[];
+};
 /**
  * Check if a request does not match a set of actions.
  *
@@ -23,5 +30,8 @@ export declare function requestMatchesActions(request: AwsRequest, actions: Acti
  * @param actions the actions to check against
  * @returns true if the request does not match any of the actions, false if the request matches any of the actions
  */
-export declare function requestMatchesNotActions(request: AwsRequest, actions: Action[]): boolean;
+export declare function requestMatchesNotActions(request: AwsRequest, actions: Action[]): {
+    matches: boolean;
+    explains: ActionExplain[];
+};
 //# sourceMappingURL=action.d.ts.map

package/dist/esm/action/action.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"action.d.ts","sourceRoot":"","sources":["../../../src/action/action.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;~~AAGnD~~;;;;;;GAMG;AACH,wBAAgB,8BAA8B,CAAC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,GAAG,OAAO,~~CAOjG~~;AAiBD;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,~~CAiBrF~~;AAED;;;;;;GAMG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,~~CAExF~~"}
1	+ {"version":3,"file":"action.d.ts","sourceRoot":"","sources":["../../../src/action/action.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AACjF,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAEnD;;;;;;GAMG;AACH,wBAAgB,8BAA8B,CAAC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,GAAG;IAAC,OAAO,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,YAAY,CAAC,CAAA;CAAC,CAevK;AAiBD;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG;IAAC,OAAO,EAAE,OAAO,CAAC;IAAC,QAAQ,EAAE,aAAa,EAAE,CAAA;CAAC,CAI3H;AAED;;;;;;GAMG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG;IAAC,OAAO,EAAE,OAAO,CAAC;IAAC,QAAQ,EAAE,aAAa,EAAE,CAAA;CAAC,CAS9H"}

package/dist/esm/action/action.js CHANGED Viewed

@@ -7,10 +7,18 @@
  */
 export function requestMatchesStatementActions(request, statement) {
     if (statement.isActionStatement()) {
-        return requestMatchesActions(request, statement.actions());
+        const { matches, explains } = requestMatchesActions(request, statement.actions());
+        if (!statement.actionIsArray()) {
+            return { matches, details: { actions: explains[0] } };
+        }
+        return { matches, details: { actions: explains } };
     }
     else if (statement.isNotActionStatement()) {
-        return requestMatchesNotActions(request, statement.notActions());
+        const { matches, explains } = requestMatchesNotActions(request, statement.notActions());
+        if (!statement.notActionIsArray()) {
+            return { matches, details: { notActions: explains[0] } };
+        }
+        return { matches, details: { notActions: explains } };
     }
     throw new Error('Statement has neither Actions nor NotActions');
 }
@@ -35,24 +43,9 @@ function convertActionToRegex(action) {
  * @returns true if the request matches any of the actions, false otherwise
  */
 export function requestMatchesActions(request, actions) {
-    for (const action of actions) {
-        if (action.isWildcardAction()) {
-            return true;
-        }
-        else if (action.isServiceAction()) {
-            if (request.action.service() != action.service()) {
-                continue;
-            }
-            const actionRegex = convertActionToRegex(action.action());
-            if (actionRegex.test(request.action.action())) {
-                return true;
-            }
-        }
-        else {
-            throw new Error('Unknown action type');
-        }
-    }
-    return false;
+    const explains = actions.map(action => requestMatchesSingleAction(request, action));
+    const matches = explains.some(explain => explain.matches);
+    return { matches, explains };
 }
 /**
  * Check if a request does not match a set of actions.
@@ -62,6 +55,35 @@ export function requestMatchesActions(request, actions) {
  * @returns true if the request does not match any of the actions, false if the request matches any of the actions
  */
 export function requestMatchesNotActions(request, actions) {
-    return !requestMatchesActions(request, actions);
+    const explains = actions.map(action => {
+        const explain = requestMatchesSingleAction(request, action);
+        explain.matches = !explain.matches;
+        return explain;
+    });
+    const matches = !explains.some(explain => !explain.matches);
+    return { matches, explains };
+}
+function requestMatchesSingleAction(request, action) {
+    if (action.isWildcardAction()) {
+        return {
+            action: action.value(),
+            matches: true,
+        };
+    }
+    else if (action.isServiceAction()) {
+        if (request.action.service() != action.service()) {
+            return {
+                action: action.value(),
+                matches: false,
+            };
+        }
+        const actionRegex = convertActionToRegex(action.action());
+        const matches = actionRegex.test(request.action.action());
+        return {
+            action: action.value(),
+            matches
+        };
+    }
+    throw new Error('Unknown action type');
 }
 //# sourceMappingURL=action.js.map

package/dist/esm/action/action.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"action.js","sourceRoot":"","sources":["../../../src/action/action.ts"],"names":[],"mappings":"AAIA;;;;;;GAMG;AACH,MAAM,UAAU,8BAA8B,CAAC,OAAmB,EAAE,SAAoB;IACtF,IAAG,SAAS,CAAC,iBAAiB,EAAE,EAAE,CAAC;QACjC,OAAO,qBAAqB,CAAC,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC;~~IAC7D~~,CAAC;SAAM,IAAI,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;QAC5C,OAAO,wBAAwB,CAAC,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC,CAAC;~~IACnE~~,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;AAClE,CAAC;AAED;;;;;GAKG;AACH,SAAS,oBAAoB,CAAC,MAAc;IAC1C,IAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IACD,MAAM,OAAO,GAAG,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,GAAG,CAAA;IAC5E,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;AACjC,CAAC;AAGD;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAmB,EAAE,OAAiB;IAC1E,~~KAAI,~~MAAM,MAAM,~~IAAI~~,OAAO,EAAE,CAAC;~~QAC5B~~,~~IAAI,~~MAAM,CAAC,~~gBAAgB~~,~~EAAE~~,EAAE,CAAC;~~YAC9B~~,OAAO,~~IAAI~~,CAAC;~~QACd~~,CAAC;~~aAAM~~,~~IAAG,~~MAAM,CAAC,~~eAAe~~,EAAE,~~EAAE~~,CAAC;~~YACnC~~,~~IAAG~~,OAAO,CAAC,MAAM,CAAC,OAAO,~~EAAE~~,~~IAAI~~,~~MAAM~~,CAAC,OAAO,~~EAAE~~,~~EAAE~~,~~CAAC~~;~~gBAChD~~,~~SAAQ~~;~~YACV~~,CAAC;~~YACD~~,MAAM,~~WAAW~~,GAAG,~~oBAAoB~~,CAAC,~~MAAM~~,CAAC,~~MAAM~~,EAAE,CAAC,CAAC~~;YAC1D~~,~~IAAG~~,~~WAAW,~~CAAC,~~IAAI~~,CAAC,OAAO,CAAC,~~MAAM~~,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC;~~gBAC7C~~,OAAO,IAAI,~~CAAC~~;~~YACd~~,CAAC;~~QACH~~,CAAC~~;aAAM~~,CAAC;~~YACN~~,MAAM,IAAI,~~KAAK~~,CAAC,~~qBAAqB~~,~~CAAC~~,CAAC;~~QACzC~~,~~CAAC~~;~~IACH~~,CAAC;~~IACD~~,OAAO,KAAK,~~CAAC~~;~~AACf~~,CAAC;~~AAED;;;;;;GAMG;AACH~~,MAAM,~~UAAU~~,~~wBAAwB~~,CAAC,~~OAAmB~~,EAAE,~~OAAiB~~;~~IAC7E~~,OAAO,CAAC,~~qBAAqB~~,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;~~AAClD~~,CAAC"}
1	+ {"version":3,"file":"action.js","sourceRoot":"","sources":["../../../src/action/action.ts"],"names":[],"mappings":"AAIA;;;;;;GAMG;AACH,MAAM,UAAU,8BAA8B,CAAC,OAAmB,EAAE,SAAoB;IACtF,IAAG,SAAS,CAAC,iBAAiB,EAAE,EAAE,CAAC;QACjC,MAAM,EAAC,OAAO,EAAE,QAAQ,EAAC,GAAG,qBAAqB,CAAC,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC;QAChF,IAAG,CAAC,SAAS,CAAC,aAAa,EAAE,EAAE,CAAC;YAC9B,OAAO,EAAC,OAAO,EAAE,OAAO,EAAE,EAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAC,EAAC,CAAC;QACpD,CAAC;QACD,OAAO,EAAC,OAAO,EAAE,OAAO,EAAE,EAAC,OAAO,EAAE,QAAQ,EAAC,EAAC,CAAC;IACjD,CAAC;SAAM,IAAI,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;QAC5C,MAAM,EAAC,OAAO,EAAE,QAAQ,EAAC,GAAG,wBAAwB,CAAC,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC,CAAC;QACtF,IAAG,CAAC,SAAS,CAAC,gBAAgB,EAAE,EAAE,CAAC;YACjC,OAAO,EAAC,OAAO,EAAE,OAAO,EAAE,EAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAC,EAAC,CAAC;QACvD,CAAC;QACD,OAAO,EAAC,OAAO,EAAE,OAAO,EAAE,EAAC,UAAU,EAAE,QAAQ,EAAC,EAAC,CAAC;IACpD,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;AAClE,CAAC;AAED;;;;;GAKG;AACH,SAAS,oBAAoB,CAAC,MAAc;IAC1C,IAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IACD,MAAM,OAAO,GAAG,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,GAAG,CAAA;IAC5E,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;AACjC,CAAC;AAGD;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAmB,EAAE,OAAiB;IAC1E,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,0BAA0B,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;IACpF,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC1D,OAAO,EAAC,OAAO,EAAE,QAAQ,EAAC,CAAC;AAC7B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,wBAAwB,CAAC,OAAmB,EAAE,OAAiB;IAC7E,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;QACpC,MAAM,OAAO,GAAG,0BAA0B,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QAC3D,OAAO,CAAC,OAAO,GAAG,CAAC,OAAO,CAAC,OAAO,CAAA;QAClC,OAAO,OAAO,CAAA;IAChB,CAAC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5D,OAAO,EAAC,OAAO,EAAE,QAAQ,EAAC,CAAC;AAC7B,CAAC;AAED,SAAS,0BAA0B,CAAC,OAAmB,EAAE,MAAc;IACrE,IAAI,MAAM,CAAC,gBAAgB,EAAE,EAAE,CAAC;QAC9B,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE;YACtB,OAAO,EAAE,IAAI;SACd,CAAA;IACH,CAAC;SAAM,IAAG,MAAM,CAAC,eAAe,EAAE,EAAE,CAAC;QACnC,IAAG,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC;YAChD,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE;gBACtB,OAAO,EAAE,KAAK;aACf,CAAA;QACH,CAAC;QACD,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAC1D,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAA;QACzD,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE;YACtB,OAAO;SACR,CAAA;IACH,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;AACzC,CAAC"}

package/dist/esm/condition/BaseConditionOperator.d.ts CHANGED Viewed

@@ -1,8 +1,13 @@
+import { ConditionValueExplain } from "../explain/statementExplain.js";
 import { AwsRequest } from "../request/request.js";
 export interface BaseConditionOperator {
     name: string;
-    matches: (request: AwsRequest, keyValue: string, policyValues: string[]) => boolean;
+    matches: (request: AwsRequest, keyValue: string, policyValues: string[]) => {
+        matches: boolean;
+        explains: ConditionValueExplain[];
+    };
     allowsVariables: boolean;
     allowsWildcards: boolean;
+    isNegative: boolean;
 }
 //# sourceMappingURL=BaseConditionOperator.d.ts.map

package/dist/esm/condition/BaseConditionOperator.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"BaseConditionOperator.d.ts","sourceRoot":"","sources":["../../../src/condition/BaseConditionOperator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAEnD,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,CAAC,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK,OAAO,CAAA;~~IACnF~~,eAAe,EAAE,OAAO,CAAA;IACxB,eAAe,EAAE,OAAO,CAAA;~~CACzB~~"}
1	+ {"version":3,"file":"BaseConditionOperator.d.ts","sourceRoot":"","sources":["../../../src/condition/BaseConditionOperator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAEnD,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,CAAC,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,QAAQ,EAAE,qBAAqB,EAAE,CAAA;KAAE,CAAA;IACnI,eAAe,EAAE,OAAO,CAAA;IACxB,eAAe,EAAE,OAAO,CAAA;IACxB,UAAU,EAAE,OAAO,CAAA;CACpB"}

package/dist/esm/condition/arn/ArnEquals.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"ArnEquals.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/ArnEquals.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAGpE,eAAO,MAAM,SAAS,EAAE,~~qBAKvB~~,CAAA"}
1	+ {"version":3,"file":"ArnEquals.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/ArnEquals.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAGpE,eAAO,MAAM,SAAS,EAAE,qBAMvB,CAAA"}

package/dist/esm/condition/arn/ArnEquals.js CHANGED Viewed

@@ -3,6 +3,7 @@ export const ArnEquals = {
     name: 'ArnEquals',
     matches: ArnLike.matches,
     allowsVariables: ArnLike.allowsVariables,
-    allowsWildcards: ArnLike.allowsWildcards
+    allowsWildcards: ArnLike.allowsWildcards,
+    isNegative: ArnLike.isNegative
 };
 //# sourceMappingURL=ArnEquals.js.map

package/dist/esm/condition/arn/ArnEquals.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"ArnEquals.js","sourceRoot":"","sources":["../../../../src/condition/arn/ArnEquals.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,MAAM,CAAC,MAAM,SAAS,GAA0B;IAC9C,IAAI,EAAE,WAAW;IACjB,OAAO,EAAE,OAAO,CAAC,OAAO;IACxB,eAAe,EAAE,OAAO,CAAC,eAAe;IACxC,eAAe,EAAE,OAAO,CAAC,eAAe;~~CACzC~~,CAAA"}
1	+ {"version":3,"file":"ArnEquals.js","sourceRoot":"","sources":["../../../../src/condition/arn/ArnEquals.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,MAAM,CAAC,MAAM,SAAS,GAA0B;IAC9C,IAAI,EAAE,WAAW;IACjB,OAAO,EAAE,OAAO,CAAC,OAAO;IACxB,eAAe,EAAE,OAAO,CAAC,eAAe;IACxC,eAAe,EAAE,OAAO,CAAC,eAAe;IACxC,UAAU,EAAE,OAAO,CAAC,UAAU;CAC/B,CAAA"}

package/dist/esm/condition/arn/ArnLike.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"ArnLike.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/ArnLike.ts"],"names":[],"mappings":"~~AAEA~~,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;~~AAEpE~~,eAAO,MAAM,OAAO,EAAE,~~qBAOrB~~,CAAA"}
1	+ {"version":3,"file":"ArnLike.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/ArnLike.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAGpE,eAAO,MAAM,OAAO,EAAE,qBAerB,CAAA"}

package/dist/esm/condition/arn/ArnLike.js CHANGED Viewed

@@ -1,47 +1,15 @@
-import { convertIamStringToRegex, isNotDefined, splitArnParts } from "../../util.js";
+import { arnMatches } from "./arn.js";
 export const ArnLike = {
     name: 'ArnLike',
     matches: (request, keyValue, policyValues) => {
-        return policyValues.some(policyArn => arnMatches(policyArn, keyValue, request));
+        const explains = policyValues.map(policyArn => arnMatches(policyArn, keyValue, request, true));
+        return {
+            matches: explains.some(explain => explain.matches),
+            explains
+        };
     },
     allowsVariables: true,
-    allowsWildcards: true
+    allowsWildcards: true,
+    isNegative: false
 };
-/**
- * Checks to see if a single ARN matches in ArnLike format
- *
- * @param policyArn the ARN to check against
- * @param requestArn the ARN to check
- * @param request the request to check
- * @returns if the ARN matches
- */
-function arnMatches(policyArn, requestArn, request) {
-    const policyParts = splitArnParts(policyArn);
-    const requestParts = splitArnParts(requestArn);
-    // If any of the parts are missing, return false
-    if (isNotDefined(policyParts.partition) ||
-        isNotDefined(policyParts.service) ||
-        isNotDefined(policyParts.region) ||
-        isNotDefined(policyParts.accountId) ||
-        isNotDefined(policyParts.resource)) {
-        return false;
-    }
-    // If any of the parts are missing, return false
-    if (isNotDefined(requestParts.partition) ||
-        isNotDefined(requestParts.service) ||
-        isNotDefined(requestParts.region) ||
-        isNotDefined(requestParts.accountId) ||
-        isNotDefined(requestParts.resource)) {
-        return false;
-    }
-    const replaceAndMatch = (policyPart, requestPart) => {
-        const pattern = convertIamStringToRegex(policyPart, request, { replaceWildcards: true });
-        return pattern.test(requestPart);
-    };
-    return replaceAndMatch(policyParts.partition, requestParts.partition) &&
-        replaceAndMatch(policyParts.service, requestParts.service) &&
-        replaceAndMatch(policyParts.region, requestParts.region) &&
-        replaceAndMatch(policyParts.accountId, requestParts.accountId) &&
-        replaceAndMatch(policyParts.resource, requestParts.resource);
-}
 //# sourceMappingURL=ArnLike.js.map

package/dist/esm/condition/arn/ArnLike.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"ArnLike.js","sourceRoot":"","sources":["../../../../src/condition/arn/ArnLike.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,~~uBAAuB~~,EAAE,~~YAAY,EAAE,aAAa,EAAE,~~MAAM,~~eAAe~~,CAAC;~~AAGrF~~,MAAM,CAAC,MAAM,OAAO,GAA0B;IAC5C,IAAI,EAAE,SAAS;IACf,OAAO,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,EAAE;QAC3C,~~OAAO~~,YAAY,CAAC,~~IAAI~~,~~CAAC~~,SAAS,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,EAAE,QAAQ,EAAE,OAAO,~~CAAC,CAAC,CAAA;IACjF,CAAC;IACD,eAAe,~~EAAE,IAAI~~;IACrB~~,~~eAAe,EAAE,IAAI;CACtB,CAAA;AAED;;;;;;;GAOG;AACH,SAAS,UAAU,~~CAAC,~~SAAiB~~,~~EAAE,UAAkB,EAAE,OAAmB;IAC5E,MAAM,WAAW,GAAG,aAAa,CAAC,SAAS,CAAC,~~CAAA;~~IAC5C~~,~~MAAM,YAAY,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA~~;~~IAC9C~~,~~gDAAgD;IAChD~~,~~IAAG~~,~~YAAY~~,CAAC,~~WAAW~~,CAAC,~~SAAS,CAAC;QACnC,YAAY,CAAC,WAAW,CAAC,~~OAAO,CAAC~~;QACjC~~,~~YAAY,CAAC,WAAW,CAAC,MAAM,CAAC;QAChC,YAAY,CAAC,WAAW,CAAC,SAAS,CAAC;QACnC,YAAY,CAAC,WAAW,CAAC,QAAQ,CAAC,~~EAAE,CAAC~~;QACtC~~,OAAO,~~KAAK,CAAA;IACd,~~CAAC~~;IAED~~,~~gDAAgD;IAChD,IAAG,YAAY,CAAC,YAAY,CAAC,SAAS,CAAC;QACpC,YAAY,CAAC,YAAY,CAAC,~~OAAO,CAAC;~~QAClC~~,~~YAAY,CAAC,YAAY,CAAC,MAAM,CAAC;QACjC,YAAY,CAAC,YAAY,CAAC,SAAS,CAAC;QACpC,YAAY,CAAC,YAAY,CAAC,~~QAAQ~~,CAAC,EAAE,CAAC~~;~~QACvC~~,~~OAAO,KAAK,~~CAAA;~~IACd~~,CAAC;~~IAED~~,~~MAAM,~~eAAe,~~GAAG,CAAC,UAAkB,~~EAAE,~~WAAmB,EAAW,EAAE;QAC3E,MAAM,OAAO,GAAG,uBAAuB,CAAC,UAAU,EAAE,OAAO,EAAE,EAAC,gBAAgB,EAAE,~~IAAI~~,EAAC,CAAC,CAAA~~;~~QACtF~~,~~OAAO,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;IAClC,CAAC,CAAA;IAED,OAAO,~~eAAe,~~CAAC,WAAW,CAAC,SAAS,~~EAAE,~~YAAY,CAAC,SAAS,CAAC~~;~~QAC9D~~,~~eAAe~~,~~CAAC,WAAW,CAAC,OAAO,~~EAAE,~~YAAY,CAAC,OAAO,CAAC~~;~~QAC1D~~,~~eAAe,CAAC,WAAW,CAAC,MAAM,EAAE,YAAY,CAAC,MAAM,CAAC;QACxD,eAAe,CAAC,WAAW,CAAC,SAAS,EAAE,YAAY,CAAC,SAAS,CAAC;QAC9D,eAAe,CAAC,WAAW,CAAC,QAAQ,EAAE,YAAY,CAAC,QAAQ,CAAC,~~CAAA~~;AAErE,CAAC~~"}
1	+ {"version":3,"file":"ArnLike.js","sourceRoot":"","sources":["../../../../src/condition/arn/ArnLike.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAEtC,MAAM,CAAC,MAAM,OAAO,GAA0B;IAC5C,IAAI,EAAE,SAAS;IACf,OAAO,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,EAAE;QAC3C,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAC/B,SAAS,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,CAC5D,CAAA;QAED,OAAO;YACL,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC;YAClD,QAAQ;SACT,CAAA;IACH,CAAC;IACD,eAAe,EAAE,IAAI;IACrB,eAAe,EAAE,IAAI;IACrB,UAAU,EAAE,KAAK;CAClB,CAAA"}

package/dist/esm/condition/arn/ArnNotEquals.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"ArnNotEquals.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/ArnNotEquals.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAGpE,eAAO,MAAM,YAAY,EAAE,~~qBAK1B~~,CAAA"}
1	+ {"version":3,"file":"ArnNotEquals.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/ArnNotEquals.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAGpE,eAAO,MAAM,YAAY,EAAE,qBAM1B,CAAA"}

package/dist/esm/condition/arn/ArnNotEquals.js CHANGED Viewed

@@ -3,6 +3,7 @@ export const ArnNotEquals = {
     name: 'ArnNotEquals',
     matches: ArnNotLike.matches,
     allowsVariables: ArnNotLike.allowsVariables,
-    allowsWildcards: ArnNotLike.allowsWildcards
+    allowsWildcards: ArnNotLike.allowsWildcards,
+    isNegative: ArnNotLike.isNegative
 };
 //# sourceMappingURL=ArnNotEquals.js.map

package/dist/esm/condition/arn/ArnNotEquals.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"ArnNotEquals.js","sourceRoot":"","sources":["../../../../src/condition/arn/ArnNotEquals.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAE7C,MAAM,CAAC,MAAM,YAAY,GAA0B;IACjD,IAAI,EAAE,cAAc;IACpB,OAAO,EAAE,UAAU,CAAC,OAAO;IAC3B,eAAe,EAAE,UAAU,CAAC,eAAe;IAC3C,eAAe,EAAE,UAAU,CAAC,eAAe;~~CAC5C~~,CAAA"}
1	+ {"version":3,"file":"ArnNotEquals.js","sourceRoot":"","sources":["../../../../src/condition/arn/ArnNotEquals.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAE7C,MAAM,CAAC,MAAM,YAAY,GAA0B;IACjD,IAAI,EAAE,cAAc;IACpB,OAAO,EAAE,UAAU,CAAC,OAAO;IAC3B,eAAe,EAAE,UAAU,CAAC,eAAe;IAC3C,eAAe,EAAE,UAAU,CAAC,eAAe;IAC3C,UAAU,EAAE,UAAU,CAAC,UAAU;CAClC,CAAA"}

package/dist/esm/condition/arn/ArnNotLike.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"ArnNotLike.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/ArnNotLike.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAGpE,eAAO,MAAM,UAAU,EAAE,~~qBAOxB~~,CAAA"}
1	+ {"version":3,"file":"ArnNotLike.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/ArnNotLike.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAGpE,eAAO,MAAM,UAAU,EAAE,qBAexB,CAAA"}

package/dist/esm/condition/arn/ArnNotLike.js CHANGED Viewed

@@ -1,10 +1,15 @@
-import { ArnLike } from "./ArnLike.js";
+import { arnMatches } from "./arn.js";
 export const ArnNotLike = {
     name: 'ArnNotLike',
     matches: (request, keyValue, policyValues) => {
-        return !ArnLike.matches(request, keyValue, policyValues);
+        const explains = policyValues.map(policyArn => arnMatches(policyArn, keyValue, request, false));
+        return {
+            matches: !explains.some(explain => !explain.matches),
+            explains
+        };
     },
     allowsVariables: true,
-    allowsWildcards: true
+    allowsWildcards: true,
+    isNegative: true
 };
 //# sourceMappingURL=ArnNotLike.js.map

package/dist/esm/condition/arn/ArnNotLike.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"ArnNotLike.js","sourceRoot":"","sources":["../../../../src/condition/arn/ArnNotLike.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,~~OAAO~~,EAAE,MAAM,~~cAAc~~,CAAC;~~AAEvC~~,MAAM,CAAC,MAAM,UAAU,GAA0B;IAC/C,IAAI,EAAE,YAAY;IAClB,OAAO,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,EAAE;QAC3C,~~OAAO~~,CAAC,~~OAAO~~,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,EAAE,~~YAAY~~,CAAC,CAAA;~~IAC1D~~,CAAC;IACD,eAAe,EAAE,IAAI;IACrB,eAAe,EAAE,IAAI;~~CACtB~~,CAAA"}
1	+ {"version":3,"file":"ArnNotLike.js","sourceRoot":"","sources":["../../../../src/condition/arn/ArnNotLike.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAEtC,MAAM,CAAC,MAAM,UAAU,GAA0B;IAC/C,IAAI,EAAE,YAAY;IAClB,OAAO,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,EAAE;QAC3C,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAC/B,SAAS,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,CAAC,CAC7D,CAAA;QAED,OAAO;YACL,OAAO,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;YACpD,QAAQ;SACT,CAAA;IACH,CAAC;IACD,eAAe,EAAE,IAAI;IACrB,eAAe,EAAE,IAAI;IACrB,UAAU,EAAE,IAAI;CACjB,CAAA"}