@cloud-copilot/iam-simulate 0.1.13-1 → 0.1.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (303) hide show
  1. package/dist/cjs/StatementAnalysis.js +1 -1
  2. package/dist/cjs/StatementAnalysis.js.map +1 -1
  3. package/dist/cjs/action/action.js +1 -1
  4. package/dist/cjs/action/action.js.map +1 -1
  5. package/dist/cjs/condition/BaseConditionOperator.d.ts +6 -1
  6. package/dist/cjs/condition/BaseConditionOperator.d.ts.map +1 -1
  7. package/dist/cjs/condition/arn/ArnEquals.d.ts.map +1 -1
  8. package/dist/cjs/condition/arn/ArnEquals.js +2 -1
  9. package/dist/cjs/condition/arn/ArnEquals.js.map +1 -1
  10. package/dist/cjs/condition/arn/ArnLike.d.ts.map +1 -1
  11. package/dist/cjs/condition/arn/ArnLike.js +8 -40
  12. package/dist/cjs/condition/arn/ArnLike.js.map +1 -1
  13. package/dist/cjs/condition/arn/ArnNotEquals.d.ts.map +1 -1
  14. package/dist/cjs/condition/arn/ArnNotEquals.js +2 -1
  15. package/dist/cjs/condition/arn/ArnNotEquals.js.map +1 -1
  16. package/dist/cjs/condition/arn/ArnNotLike.d.ts.map +1 -1
  17. package/dist/cjs/condition/arn/ArnNotLike.js +8 -3
  18. package/dist/cjs/condition/arn/ArnNotLike.js.map +1 -1
  19. package/dist/cjs/condition/arn/arn.d.ts +12 -0
  20. package/dist/cjs/condition/arn/arn.d.ts.map +1 -0
  21. package/dist/cjs/condition/arn/arn.js +68 -0
  22. package/dist/cjs/condition/arn/arn.js.map +1 -0
  23. package/dist/cjs/condition/baseConditionperatorTests.d.ts +7 -1
  24. package/dist/cjs/condition/baseConditionperatorTests.d.ts.map +1 -1
  25. package/dist/cjs/condition/baseConditionperatorTests.js +17 -1
  26. package/dist/cjs/condition/baseConditionperatorTests.js.map +1 -1
  27. package/dist/cjs/condition/binary/BinaryEquals.d.ts.map +1 -1
  28. package/dist/cjs/condition/binary/BinaryEquals.js +14 -2
  29. package/dist/cjs/condition/binary/BinaryEquals.js.map +1 -1
  30. package/dist/cjs/condition/boolean/Bool.d.ts.map +1 -1
  31. package/dist/cjs/condition/boolean/Bool.js +36 -7
  32. package/dist/cjs/condition/boolean/Bool.js.map +1 -1
  33. package/dist/cjs/condition/condition.d.ts +39 -0
  34. package/dist/cjs/condition/condition.d.ts.map +1 -1
  35. package/dist/cjs/condition/condition.js +195 -112
  36. package/dist/cjs/condition/condition.js.map +1 -1
  37. package/dist/cjs/condition/conditionUtil.d.ts +10 -0
  38. package/dist/cjs/condition/conditionUtil.d.ts.map +1 -0
  39. package/dist/cjs/condition/conditionUtil.js +16 -0
  40. package/dist/cjs/condition/conditionUtil.js.map +1 -0
  41. package/dist/cjs/condition/date/DateEquals.d.ts.map +1 -1
  42. package/dist/cjs/condition/date/DateEquals.js +7 -2
  43. package/dist/cjs/condition/date/DateEquals.js.map +1 -1
  44. package/dist/cjs/condition/date/DateGreaterThan.d.ts.map +1 -1
  45. package/dist/cjs/condition/date/DateGreaterThan.js +7 -2
  46. package/dist/cjs/condition/date/DateGreaterThan.js.map +1 -1
  47. package/dist/cjs/condition/date/DateGreaterThanEquals.d.ts.map +1 -1
  48. package/dist/cjs/condition/date/DateGreaterThanEquals.js +7 -2
  49. package/dist/cjs/condition/date/DateGreaterThanEquals.js.map +1 -1
  50. package/dist/cjs/condition/date/DateLessThan.d.ts.map +1 -1
  51. package/dist/cjs/condition/date/DateLessThan.js +7 -2
  52. package/dist/cjs/condition/date/DateLessThan.js.map +1 -1
  53. package/dist/cjs/condition/date/DateLessThanEquals.d.ts.map +1 -1
  54. package/dist/cjs/condition/date/DateLessThanEquals.js +7 -2
  55. package/dist/cjs/condition/date/DateLessThanEquals.js.map +1 -1
  56. package/dist/cjs/condition/date/DateNotEquals.d.ts.map +1 -1
  57. package/dist/cjs/condition/date/DateNotEquals.js +11 -18
  58. package/dist/cjs/condition/date/DateNotEquals.js.map +1 -1
  59. package/dist/cjs/condition/date/date.d.ts +2 -1
  60. package/dist/cjs/condition/date/date.d.ts.map +1 -1
  61. package/dist/cjs/condition/date/date.js +20 -5
  62. package/dist/cjs/condition/date/date.js.map +1 -1
  63. package/dist/cjs/condition/ipaddress/IpAddress.d.ts.map +1 -1
  64. package/dist/cjs/condition/ipaddress/IpAddress.js +9 -16
  65. package/dist/cjs/condition/ipaddress/IpAddress.js.map +1 -1
  66. package/dist/cjs/condition/ipaddress/NotIpAddress.d.ts.map +1 -1
  67. package/dist/cjs/condition/ipaddress/NotIpAddress.js +9 -20
  68. package/dist/cjs/condition/ipaddress/NotIpAddress.js.map +1 -1
  69. package/dist/cjs/condition/ipaddress/ip.d.ts +10 -0
  70. package/dist/cjs/condition/ipaddress/ip.d.ts.map +1 -0
  71. package/dist/cjs/condition/ipaddress/ip.js +57 -0
  72. package/dist/cjs/condition/ipaddress/ip.js.map +1 -0
  73. package/dist/cjs/condition/numeric/NumericEquals.d.ts.map +1 -1
  74. package/dist/cjs/condition/numeric/NumericEquals.js +7 -2
  75. package/dist/cjs/condition/numeric/NumericEquals.js.map +1 -1
  76. package/dist/cjs/condition/numeric/NumericGreaterThan.d.ts.map +1 -1
  77. package/dist/cjs/condition/numeric/NumericGreaterThan.js +7 -2
  78. package/dist/cjs/condition/numeric/NumericGreaterThan.js.map +1 -1
  79. package/dist/cjs/condition/numeric/NumericGreaterThanEquals.d.ts.map +1 -1
  80. package/dist/cjs/condition/numeric/NumericGreaterThanEquals.js +7 -2
  81. package/dist/cjs/condition/numeric/NumericGreaterThanEquals.js.map +1 -1
  82. package/dist/cjs/condition/numeric/NumericLessThan.d.ts.map +1 -1
  83. package/dist/cjs/condition/numeric/NumericLessThan.js +7 -2
  84. package/dist/cjs/condition/numeric/NumericLessThan.js.map +1 -1
  85. package/dist/cjs/condition/numeric/NumericLessThanEquals.d.ts.map +1 -1
  86. package/dist/cjs/condition/numeric/NumericLessThanEquals.js +7 -2
  87. package/dist/cjs/condition/numeric/NumericLessThanEquals.js.map +1 -1
  88. package/dist/cjs/condition/numeric/NumericNotEquals.d.ts.map +1 -1
  89. package/dist/cjs/condition/numeric/NumericNotEquals.js +11 -18
  90. package/dist/cjs/condition/numeric/NumericNotEquals.js.map +1 -1
  91. package/dist/cjs/condition/numeric/numeric.d.ts +2 -1
  92. package/dist/cjs/condition/numeric/numeric.d.ts.map +1 -1
  93. package/dist/cjs/condition/numeric/numeric.js +18 -3
  94. package/dist/cjs/condition/numeric/numeric.js.map +1 -1
  95. package/dist/cjs/condition/string/StringEquals.d.ts.map +1 -1
  96. package/dist/cjs/condition/string/StringEquals.js +24 -3
  97. package/dist/cjs/condition/string/StringEquals.js.map +1 -1
  98. package/dist/cjs/condition/string/StringEqualsIgnoreCase.d.ts.map +1 -1
  99. package/dist/cjs/condition/string/StringEqualsIgnoreCase.js +23 -5
  100. package/dist/cjs/condition/string/StringEqualsIgnoreCase.js.map +1 -1
  101. package/dist/cjs/condition/string/StringLike.d.ts.map +1 -1
  102. package/dist/cjs/condition/string/StringLike.js +24 -3
  103. package/dist/cjs/condition/string/StringLike.js.map +1 -1
  104. package/dist/cjs/condition/string/StringNotEquals.d.ts.map +1 -1
  105. package/dist/cjs/condition/string/StringNotEquals.js +24 -3
  106. package/dist/cjs/condition/string/StringNotEquals.js.map +1 -1
  107. package/dist/cjs/condition/string/StringNotEqualsIgnoreCase.d.ts.map +1 -1
  108. package/dist/cjs/condition/string/StringNotEqualsIgnoreCase.js +25 -3
  109. package/dist/cjs/condition/string/StringNotEqualsIgnoreCase.js.map +1 -1
  110. package/dist/cjs/condition/string/StringNotLike.d.ts.map +1 -1
  111. package/dist/cjs/condition/string/StringNotLike.js +25 -3
  112. package/dist/cjs/condition/string/StringNotLike.js.map +1 -1
  113. package/dist/cjs/core_engine/coreSimulatorEngine.d.ts +11 -6
  114. package/dist/cjs/core_engine/coreSimulatorEngine.d.ts.map +1 -1
  115. package/dist/cjs/core_engine/coreSimulatorEngine.js +14 -4
  116. package/dist/cjs/core_engine/coreSimulatorEngine.js.map +1 -1
  117. package/dist/cjs/evaluate.d.ts +1 -0
  118. package/dist/cjs/evaluate.d.ts.map +1 -1
  119. package/dist/cjs/explain/displayExplainCli.d.ts.map +1 -1
  120. package/dist/cjs/explain/displayExplainCli.js +114 -10
  121. package/dist/cjs/explain/displayExplainCli.js.map +1 -1
  122. package/dist/cjs/explain/statementExplain.d.ts +2 -1
  123. package/dist/cjs/explain/statementExplain.d.ts.map +1 -1
  124. package/dist/cjs/explain/statementExplain.js.map +1 -1
  125. package/dist/cjs/principal/principal.d.ts +14 -2
  126. package/dist/cjs/principal/principal.d.ts.map +1 -1
  127. package/dist/cjs/principal/principal.js +51 -13
  128. package/dist/cjs/principal/principal.js.map +1 -1
  129. package/dist/cjs/resource/resource.js +3 -2
  130. package/dist/cjs/resource/resource.js.map +1 -1
  131. package/dist/cjs/services/DefaultServiceAuthorizer.d.ts.map +1 -1
  132. package/dist/cjs/services/DefaultServiceAuthorizer.js +53 -5
  133. package/dist/cjs/services/DefaultServiceAuthorizer.js.map +1 -1
  134. package/dist/cjs/services/ServiceAuthorizer.d.ts +1 -0
  135. package/dist/cjs/services/ServiceAuthorizer.d.ts.map +1 -1
  136. package/dist/cjs/simulation_engine/simulation.d.ts +4 -0
  137. package/dist/cjs/simulation_engine/simulation.d.ts.map +1 -1
  138. package/dist/cjs/simulation_engine/simulationEngine.d.ts.map +1 -1
  139. package/dist/cjs/simulation_engine/simulationEngine.js +18 -4
  140. package/dist/cjs/simulation_engine/simulationEngine.js.map +1 -1
  141. package/dist/cjs/simulation_engine/unsafeSimulationEngine.d.ts.map +1 -1
  142. package/dist/cjs/simulation_engine/unsafeSimulationEngine.js +5 -3
  143. package/dist/cjs/simulation_engine/unsafeSimulationEngine.js.map +1 -1
  144. package/dist/cjs/util.d.ts +31 -3
  145. package/dist/cjs/util.d.ts.map +1 -1
  146. package/dist/cjs/util.js +74 -32
  147. package/dist/cjs/util.js.map +1 -1
  148. package/dist/esm/StatementAnalysis.js +1 -1
  149. package/dist/esm/StatementAnalysis.js.map +1 -1
  150. package/dist/esm/action/action.js +1 -1
  151. package/dist/esm/action/action.js.map +1 -1
  152. package/dist/esm/condition/BaseConditionOperator.d.ts +6 -1
  153. package/dist/esm/condition/BaseConditionOperator.d.ts.map +1 -1
  154. package/dist/esm/condition/arn/ArnEquals.d.ts.map +1 -1
  155. package/dist/esm/condition/arn/ArnEquals.js +2 -1
  156. package/dist/esm/condition/arn/ArnEquals.js.map +1 -1
  157. package/dist/esm/condition/arn/ArnLike.d.ts.map +1 -1
  158. package/dist/esm/condition/arn/ArnLike.js +8 -40
  159. package/dist/esm/condition/arn/ArnLike.js.map +1 -1
  160. package/dist/esm/condition/arn/ArnNotEquals.d.ts.map +1 -1
  161. package/dist/esm/condition/arn/ArnNotEquals.js +2 -1
  162. package/dist/esm/condition/arn/ArnNotEquals.js.map +1 -1
  163. package/dist/esm/condition/arn/ArnNotLike.d.ts.map +1 -1
  164. package/dist/esm/condition/arn/ArnNotLike.js +8 -3
  165. package/dist/esm/condition/arn/ArnNotLike.js.map +1 -1
  166. package/dist/esm/condition/arn/arn.d.ts +12 -0
  167. package/dist/esm/condition/arn/arn.d.ts.map +1 -0
  168. package/dist/esm/condition/arn/arn.js +65 -0
  169. package/dist/esm/condition/arn/arn.js.map +1 -0
  170. package/dist/esm/condition/baseConditionperatorTests.d.ts +7 -1
  171. package/dist/esm/condition/baseConditionperatorTests.d.ts.map +1 -1
  172. package/dist/esm/condition/baseConditionperatorTests.js +17 -1
  173. package/dist/esm/condition/baseConditionperatorTests.js.map +1 -1
  174. package/dist/esm/condition/binary/BinaryEquals.d.ts.map +1 -1
  175. package/dist/esm/condition/binary/BinaryEquals.js +14 -2
  176. package/dist/esm/condition/binary/BinaryEquals.js.map +1 -1
  177. package/dist/esm/condition/boolean/Bool.d.ts.map +1 -1
  178. package/dist/esm/condition/boolean/Bool.js +37 -8
  179. package/dist/esm/condition/boolean/Bool.js.map +1 -1
  180. package/dist/esm/condition/condition.d.ts +39 -0
  181. package/dist/esm/condition/condition.d.ts.map +1 -1
  182. package/dist/esm/condition/condition.js +192 -112
  183. package/dist/esm/condition/condition.js.map +1 -1
  184. package/dist/esm/condition/conditionUtil.d.ts +10 -0
  185. package/dist/esm/condition/conditionUtil.d.ts.map +1 -0
  186. package/dist/esm/condition/conditionUtil.js +13 -0
  187. package/dist/esm/condition/conditionUtil.js.map +1 -0
  188. package/dist/esm/condition/date/DateEquals.d.ts.map +1 -1
  189. package/dist/esm/condition/date/DateEquals.js +7 -2
  190. package/dist/esm/condition/date/DateEquals.js.map +1 -1
  191. package/dist/esm/condition/date/DateGreaterThan.d.ts.map +1 -1
  192. package/dist/esm/condition/date/DateGreaterThan.js +7 -2
  193. package/dist/esm/condition/date/DateGreaterThan.js.map +1 -1
  194. package/dist/esm/condition/date/DateGreaterThanEquals.d.ts.map +1 -1
  195. package/dist/esm/condition/date/DateGreaterThanEquals.js +7 -2
  196. package/dist/esm/condition/date/DateGreaterThanEquals.js.map +1 -1
  197. package/dist/esm/condition/date/DateLessThan.d.ts.map +1 -1
  198. package/dist/esm/condition/date/DateLessThan.js +7 -2
  199. package/dist/esm/condition/date/DateLessThan.js.map +1 -1
  200. package/dist/esm/condition/date/DateLessThanEquals.d.ts.map +1 -1
  201. package/dist/esm/condition/date/DateLessThanEquals.js +7 -2
  202. package/dist/esm/condition/date/DateLessThanEquals.js.map +1 -1
  203. package/dist/esm/condition/date/DateNotEquals.d.ts.map +1 -1
  204. package/dist/esm/condition/date/DateNotEquals.js +12 -19
  205. package/dist/esm/condition/date/DateNotEquals.js.map +1 -1
  206. package/dist/esm/condition/date/date.d.ts +2 -1
  207. package/dist/esm/condition/date/date.d.ts.map +1 -1
  208. package/dist/esm/condition/date/date.js +20 -5
  209. package/dist/esm/condition/date/date.js.map +1 -1
  210. package/dist/esm/condition/ipaddress/IpAddress.d.ts.map +1 -1
  211. package/dist/esm/condition/ipaddress/IpAddress.js +9 -16
  212. package/dist/esm/condition/ipaddress/IpAddress.js.map +1 -1
  213. package/dist/esm/condition/ipaddress/NotIpAddress.d.ts.map +1 -1
  214. package/dist/esm/condition/ipaddress/NotIpAddress.js +9 -20
  215. package/dist/esm/condition/ipaddress/NotIpAddress.js.map +1 -1
  216. package/dist/esm/condition/ipaddress/ip.d.ts +10 -0
  217. package/dist/esm/condition/ipaddress/ip.d.ts.map +1 -0
  218. package/dist/esm/condition/ipaddress/ip.js +54 -0
  219. package/dist/esm/condition/ipaddress/ip.js.map +1 -0
  220. package/dist/esm/condition/numeric/NumericEquals.d.ts.map +1 -1
  221. package/dist/esm/condition/numeric/NumericEquals.js +7 -2
  222. package/dist/esm/condition/numeric/NumericEquals.js.map +1 -1
  223. package/dist/esm/condition/numeric/NumericGreaterThan.d.ts.map +1 -1
  224. package/dist/esm/condition/numeric/NumericGreaterThan.js +7 -2
  225. package/dist/esm/condition/numeric/NumericGreaterThan.js.map +1 -1
  226. package/dist/esm/condition/numeric/NumericGreaterThanEquals.d.ts.map +1 -1
  227. package/dist/esm/condition/numeric/NumericGreaterThanEquals.js +7 -2
  228. package/dist/esm/condition/numeric/NumericGreaterThanEquals.js.map +1 -1
  229. package/dist/esm/condition/numeric/NumericLessThan.d.ts.map +1 -1
  230. package/dist/esm/condition/numeric/NumericLessThan.js +7 -2
  231. package/dist/esm/condition/numeric/NumericLessThan.js.map +1 -1
  232. package/dist/esm/condition/numeric/NumericLessThanEquals.d.ts.map +1 -1
  233. package/dist/esm/condition/numeric/NumericLessThanEquals.js +7 -2
  234. package/dist/esm/condition/numeric/NumericLessThanEquals.js.map +1 -1
  235. package/dist/esm/condition/numeric/NumericNotEquals.d.ts.map +1 -1
  236. package/dist/esm/condition/numeric/NumericNotEquals.js +12 -19
  237. package/dist/esm/condition/numeric/NumericNotEquals.js.map +1 -1
  238. package/dist/esm/condition/numeric/numeric.d.ts +2 -1
  239. package/dist/esm/condition/numeric/numeric.d.ts.map +1 -1
  240. package/dist/esm/condition/numeric/numeric.js +18 -3
  241. package/dist/esm/condition/numeric/numeric.js.map +1 -1
  242. package/dist/esm/condition/string/StringEquals.d.ts.map +1 -1
  243. package/dist/esm/condition/string/StringEquals.js +25 -4
  244. package/dist/esm/condition/string/StringEquals.js.map +1 -1
  245. package/dist/esm/condition/string/StringEqualsIgnoreCase.d.ts.map +1 -1
  246. package/dist/esm/condition/string/StringEqualsIgnoreCase.js +24 -6
  247. package/dist/esm/condition/string/StringEqualsIgnoreCase.js.map +1 -1
  248. package/dist/esm/condition/string/StringLike.d.ts.map +1 -1
  249. package/dist/esm/condition/string/StringLike.js +25 -4
  250. package/dist/esm/condition/string/StringLike.js.map +1 -1
  251. package/dist/esm/condition/string/StringNotEquals.d.ts.map +1 -1
  252. package/dist/esm/condition/string/StringNotEquals.js +25 -4
  253. package/dist/esm/condition/string/StringNotEquals.js.map +1 -1
  254. package/dist/esm/condition/string/StringNotEqualsIgnoreCase.d.ts.map +1 -1
  255. package/dist/esm/condition/string/StringNotEqualsIgnoreCase.js +25 -3
  256. package/dist/esm/condition/string/StringNotEqualsIgnoreCase.js.map +1 -1
  257. package/dist/esm/condition/string/StringNotLike.d.ts.map +1 -1
  258. package/dist/esm/condition/string/StringNotLike.js +25 -3
  259. package/dist/esm/condition/string/StringNotLike.js.map +1 -1
  260. package/dist/esm/core_engine/coreSimulatorEngine.d.ts +11 -6
  261. package/dist/esm/core_engine/coreSimulatorEngine.d.ts.map +1 -1
  262. package/dist/esm/core_engine/coreSimulatorEngine.js +13 -4
  263. package/dist/esm/core_engine/coreSimulatorEngine.js.map +1 -1
  264. package/dist/esm/evaluate.d.ts +1 -0
  265. package/dist/esm/evaluate.d.ts.map +1 -1
  266. package/dist/esm/explain/displayExplainCli.d.ts.map +1 -1
  267. package/dist/esm/explain/displayExplainCli.js +114 -10
  268. package/dist/esm/explain/displayExplainCli.js.map +1 -1
  269. package/dist/esm/explain/statementExplain.d.ts +2 -1
  270. package/dist/esm/explain/statementExplain.d.ts.map +1 -1
  271. package/dist/esm/explain/statementExplain.js.map +1 -1
  272. package/dist/esm/principal/principal.d.ts +14 -2
  273. package/dist/esm/principal/principal.d.ts.map +1 -1
  274. package/dist/esm/principal/principal.js +49 -11
  275. package/dist/esm/principal/principal.js.map +1 -1
  276. package/dist/esm/resource/resource.js +4 -3
  277. package/dist/esm/resource/resource.js.map +1 -1
  278. package/dist/esm/services/DefaultServiceAuthorizer.d.ts.map +1 -1
  279. package/dist/esm/services/DefaultServiceAuthorizer.js +53 -5
  280. package/dist/esm/services/DefaultServiceAuthorizer.js.map +1 -1
  281. package/dist/esm/services/ServiceAuthorizer.d.ts +1 -0
  282. package/dist/esm/services/ServiceAuthorizer.d.ts.map +1 -1
  283. package/dist/esm/simulation_engine/simulation.d.ts +4 -0
  284. package/dist/esm/simulation_engine/simulation.d.ts.map +1 -1
  285. package/dist/esm/simulation_engine/simulationEngine.d.ts.map +1 -1
  286. package/dist/esm/simulation_engine/simulationEngine.js +19 -5
  287. package/dist/esm/simulation_engine/simulationEngine.js.map +1 -1
  288. package/dist/esm/simulation_engine/unsafeSimulationEngine.d.ts.map +1 -1
  289. package/dist/esm/simulation_engine/unsafeSimulationEngine.js +6 -4
  290. package/dist/esm/simulation_engine/unsafeSimulationEngine.js.map +1 -1
  291. package/dist/esm/util.d.ts +31 -3
  292. package/dist/esm/util.d.ts.map +1 -1
  293. package/dist/esm/util.js +70 -31
  294. package/dist/esm/util.js.map +1 -1
  295. package/package.json +2 -2
  296. package/dist/cjs/SCPAnalysis.d.ts +0 -6
  297. package/dist/cjs/SCPAnalysis.d.ts.map +0 -1
  298. package/dist/cjs/SCPAnalysis.js +0 -3
  299. package/dist/cjs/SCPAnalysis.js.map +0 -1
  300. package/dist/esm/SCPAnalysis.d.ts +0 -6
  301. package/dist/esm/SCPAnalysis.d.ts.map +0 -1
  302. package/dist/esm/SCPAnalysis.js +0 -2
  303. package/dist/esm/SCPAnalysis.js.map +0 -1
package/dist/cjs/simulation_engine/simulationEngine.js CHANGED
@@ -25,7 +25,7 @@ async function runSimulation(simulation, simulationOptions) {
25
25
  const { name, policy } = value;
26
26
  const validationErrors = (0, iam_policy_1.validateIdentityPolicy)(policy);
27
27
  if (validationErrors.length == 0) {
28
- identityPolicies.push((0, iam_policy_1.loadAnnotatedPolicy)(policy));
28
+ identityPolicies.push((0, iam_policy_1.loadPolicy)(policy));
29
29
  }
30
30
  else {
31
31
  identityPolicyErrors[name] = validationErrors;
@@ -42,7 +42,7 @@ async function runSimulation(simulation, simulationOptions) {
42
42
  seviceControlPolicyErrors[name] = validationErrors;
43
43
  }
44
44
  else {
45
- validPolicies.push((0, iam_policy_1.loadAnnotatedPolicy)(policy));
45
+ validPolicies.push((0, iam_policy_1.loadPolicy)(policy));
46
46
  }
47
47
  });
48
48
  return {
@@ -51,8 +51,21 @@ async function runSimulation(simulation, simulationOptions) {
51
51
  };
52
52
  });
53
53
  const resourcePolicyErrors = simulation.resourcePolicy ? (0, iam_policy_1.validateResourcePolicy)(simulation.resourcePolicy) : [];
54
+ const permissionBoundaries = simulation.permissionBoundaryPolicies ? [] : undefined;
55
+ const permissionBoundaryErrors = {};
56
+ simulation.permissionBoundaryPolicies?.map((pb) => {
57
+ const { name, policy } = pb;
58
+ const validationErrors = (0, iam_policy_1.validateIdentityPolicy)(policy);
59
+ if (validationErrors.length == 0) {
60
+ permissionBoundaries.push((0, iam_policy_1.loadPolicy)(policy));
61
+ }
62
+ else {
63
+ permissionBoundaryErrors[name] = validationErrors;
64
+ }
65
+ });
54
66
  if (Object.keys(identityPolicyErrors).length > 0 ||
55
67
  Object.keys(seviceControlPolicyErrors).length > 0 ||
68
+ Object.keys(permissionBoundaryErrors).length > 0 ||
56
69
  resourcePolicyErrors.length > 0) {
57
70
  return {
58
71
  errors: {
@@ -63,7 +76,7 @@ async function runSimulation(simulation, simulationOptions) {
63
76
  }
64
77
  };
65
78
  }
66
- const resourcePolicy = simulation.resourcePolicy ? (0, iam_policy_1.loadAnnotatedPolicy)(simulation.resourcePolicy) : undefined;
79
+ const resourcePolicy = simulation.resourcePolicy ? (0, iam_policy_1.loadPolicy)(simulation.resourcePolicy) : undefined;
67
80
  if (simulation.request.action.split(":").length != 2) {
68
81
  return {
69
82
  errors: {
@@ -124,7 +137,8 @@ async function runSimulation(simulation, simulationOptions) {
124
137
  }, simulation.request.action, new requestContext_js_1.RequestContextImpl(contextValues)),
125
138
  identityPolicies,
126
139
  serviceControlPolicies,
127
- resourcePolicy
140
+ resourcePolicy,
141
+ permissionBoundaries
128
142
  });
129
143
  return {
130
144
  analysis: simulationResult
package/dist/cjs/simulation_engine/simulationEngine.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"simulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":";;AAgCA,sCA6HC;AAED,sEA0BC;AAzLD,sDAA4E;AAC5E,0DAAgL;AAChL,2EAAyE;AACzE,mEAA4F;AAC5F,kFAA0F;AAE1F,sDAAuD;AACvD,4DAA0D;AAC1D,wCAA6E;AAC7E,qDAAgE;AAgBhE;;;;;;GAMG;AACI,KAAK,UAAU,aAAa,CAAC,UAAsB,EAAE,iBAA6C;IACvG,MAAM,oBAAoB,GAAsC,EAAE,CAAC;IACnE,MAAM,gBAAgB,GAAsB,EAAE,CAAC;IAC/C,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QAC5C,MAAM,EAAC,IAAI,EAAE,MAAM,EAAC,GAAG,KAAK,CAAC;QAC7B,MAAM,gBAAgB,GAAG,IAAA,mCAAsB,EAAC,MAAM,CAAC,CAAC;QACxD,IAAG,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YAChC,gBAAgB,CAAC,IAAI,CAAC,IAAA,gCAAmB,EAAC,MAAM,CAAC,CAAC,CAAC;QACrD,CAAC;aAAM,CAAC;YACN,oBAAoB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC;QAChD,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,yBAAyB,GAAsC,EAAE,CAAC;IACxE,MAAM,sBAAsB,GAA6B,UAAU,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACrG,MAAM,IAAI,GAAG,GAAG,CAAC,aAAa,CAAC;QAC/B,MAAM,aAAa,GAAsB,EAAE,CAAC;QAE5C,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;YAC7B,MAAM,EAAC,IAAI,EAAE,MAAM,EAAC,GAAG,KAAK,CAAC;YAC7B,MAAM,gBAAgB,GAAG,IAAA,yCAA4B,EAAC,MAAM,CAAC,CAAC;YAC9D,IAAG,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC/B,yBAAyB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC;YACrD,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,IAAI,CAAC,IAAA,gCAAmB,EAAC,MAAM,CAAC,CAAC,CAAC;YAClD,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,QAAQ,EAAE,aAAa;SACxB,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,oBAAoB,GAAG,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,IAAA,mCAAsB,EAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAEhH,IAAG,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,MAAM,GAAG,CAAC;QAC5C,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,MAAM,GAAG,CAAC;QACjD,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,OAAO;YACL,MAAM,EAAE;gBACN,oBAAoB;gBACpB,yBAAyB;gBACzB,oBAAoB;gBACpB,OAAO,EAAE,eAAe;aACzB;SACF,CAAA;IACH,CAAC;IAED,MAAM,cAAc,GAAG,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,IAAA,gCAAmB,EAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAE9G,IAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACpD,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,gBAAgB;aAC1B;SACF,CAAA;IACH,CAAC;IAED,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/D,MAAM,YAAY,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,CAAC,CAAC;IACrD,IAAG,CAAC,YAAY,EAAE,CAAC;QACjB,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,iBAAiB;aAC3B;SACF,CAAA;IACH,CAAC;IACD,MAAM,WAAW,GAAG,MAAM,IAAA,0BAAe,EAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC3D,IAAG,CAAC,WAAW,EAAE,CAAC;QAChB,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,gBAAgB;aAC1B;SACF,CAAA;IACH,CAAC;IAED,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;IACzD,MAAM,oBAAoB,GAAG,MAAM,IAAA,8BAAoB,EAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACzE,IAAG,oBAAoB,EAAE,CAAC;QACxB,IAAG,WAAW,KAAK,GAAG,EAAE,CAAC;YACvB,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,mBAAmB;iBAC7B;aACF,CAAA;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,aAAa,GAAG,MAAM,IAAA,mCAAyB,EAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;QACpF,IAAG,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,mBAAmB;iBAC7B;aAEF,CAAA;QACH,CAAC;aAAM,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,yBAAyB;iBACnC;aACF,CAAA;QACH,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,6BAA6B,CAAC,UAAU,CAAC,CAAC;IAEtE,MAAM,gBAAgB,GAAG,IAAA,kCAAS,EAAC;QACjC,OAAO,EAAE,IAAI,2BAAc,CACzB,UAAU,CAAC,OAAO,CAAC,SAAS,EAC5B;YACE,QAAQ,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ;YAC9C,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS;SACjD,EACD,UAAU,CAAC,OAAO,CAAC,MAAM,EACzB,IAAI,sCAAkB,CAAC,aAAa,CAAC,CACtC;QACD,gBAAgB;QAChB,sBAAsB;QACtB,cAAc;KACf,CAAC,CAAA;IAEF,OAAO;QACL,QAAQ,EAAE,gBAAgB;KAC3B,CAAA;AACH,CAAC;AAEM,KAAK,UAAU,6BAA6B,CAAC,UAAsB;IACxE,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;IACzD,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC,MAAM,IAAA,6CAA4B,EAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,CAAA;IAE3G,4FAA4F;IAC5F,MAAM,kBAAkB,GAAsC,EAAE,CAAC;IACjE,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACnE,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACvD,MAAM,YAAY,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QACvC,IAAI,yBAAyB,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,uBAAuB,CAAC,YAAY,EAAE,yBAAyB,CAAC,EAAE,CAAC;YAEpH,MAAM,aAAa,GAAG,MAAM,IAAA,kCAAiB,EAAC,YAAY,CAAC,CAAC;YAC5D,MAAM,aAAa,GAAG,MAAM,IAAA,wCAAuB,EAAC,GAAG,CAAC,CAAC;YAEzD,IAAG,IAAA,wCAAmB,EAAC,aAAa,CAAC,EAAE,CAAC;gBACtC,kBAAkB,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;YACrD,CAAC;iBAAM,IAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC/B,kBAAkB,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC/C,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC;YAC5C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,kBAAkB,CAAA;AAC3B,CAAC;AAED,SAAS,uBAAuB,CAAC,YAAoB,EAAE,gBAA6B;IAClF,MAAM,eAAe,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAClD,IAAG,eAAe,KAAK,CAAC,CAAC,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,GAAG,CAAC,CAAC,CAAC;IAC1D,KAAI,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;QACvC,IAAG,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC"}
1
+ {"version":3,"file":"simulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":";;AAgCA,sCA2IC;AAED,sEA0BC;AAvMD,sDAA4E;AAC5E,0DAA8J;AAC9J,2EAAyE;AACzE,mEAA4F;AAC5F,kFAA0F;AAE1F,sDAAuD;AACvD,4DAA0D;AAC1D,wCAA6E;AAC7E,qDAAgE;AAgBhE;;;;;;GAMG;AACI,KAAK,UAAU,aAAa,CAAC,UAAsB,EAAE,iBAA6C;IACvG,MAAM,oBAAoB,GAAsC,EAAE,CAAC;IACnE,MAAM,gBAAgB,GAAa,EAAE,CAAC;IACtC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QAC5C,MAAM,EAAC,IAAI,EAAE,MAAM,EAAC,GAAG,KAAK,CAAC;QAC7B,MAAM,gBAAgB,GAAG,IAAA,mCAAsB,EAAC,MAAM,CAAC,CAAC;QACxD,IAAG,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YAChC,gBAAgB,CAAC,IAAI,CAAC,IAAA,uBAAU,EAAC,MAAM,CAAC,CAAC,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,oBAAoB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC;QAChD,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,yBAAyB,GAAsC,EAAE,CAAC;IACxE,MAAM,sBAAsB,GAA6B,UAAU,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACrG,MAAM,IAAI,GAAG,GAAG,CAAC,aAAa,CAAC;QAC/B,MAAM,aAAa,GAAa,EAAE,CAAC;QAEnC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;YAC7B,MAAM,EAAC,IAAI,EAAE,MAAM,EAAC,GAAG,KAAK,CAAC;YAC7B,MAAM,gBAAgB,GAAG,IAAA,yCAA4B,EAAC,MAAM,CAAC,CAAC;YAC9D,IAAG,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC/B,yBAAyB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC;YACrD,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,IAAI,CAAC,IAAA,uBAAU,EAAC,MAAM,CAAC,CAAC,CAAC;YACzC,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,QAAQ,EAAE,aAAa;SACxB,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,oBAAoB,GAAG,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,IAAA,mCAAsB,EAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAEhH,MAAM,oBAAoB,GAAyB,UAAU,CAAC,0BAA0B,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAC1G,MAAM,wBAAwB,GAAsC,EAAE,CAAC;IACvE,UAAU,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE;QAChD,MAAM,EAAC,IAAI,EAAE,MAAM,EAAC,GAAG,EAAE,CAAC;QAC1B,MAAM,gBAAgB,GAAG,IAAA,mCAAsB,EAAC,MAAM,CAAC,CAAC;QACxD,IAAG,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YAChC,oBAAqB,CAAC,IAAI,CAAC,IAAA,uBAAU,EAAC,MAAM,CAAC,CAAC,CAAC;QACjD,CAAC;aAAM,CAAC;YACN,wBAAwB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC;QACpD,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,IAAG,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,MAAM,GAAG,CAAC;QAC5C,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,MAAM,GAAG,CAAC;QACjD,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,MAAM,GAAG,CAAC;QAChD,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,OAAO;YACL,MAAM,EAAE;gBACN,oBAAoB;gBACpB,yBAAyB;gBACzB,oBAAoB;gBACpB,OAAO,EAAE,eAAe;aACzB;SACF,CAAA;IACH,CAAC;IAED,MAAM,cAAc,GAAG,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,IAAA,uBAAU,EAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAErG,IAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACpD,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,gBAAgB;aAC1B;SACF,CAAA;IACH,CAAC;IAED,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/D,MAAM,YAAY,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,CAAC,CAAC;IACrD,IAAG,CAAC,YAAY,EAAE,CAAC;QACjB,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,iBAAiB;aAC3B;SACF,CAAA;IACH,CAAC;IACD,MAAM,WAAW,GAAG,MAAM,IAAA,0BAAe,EAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC3D,IAAG,CAAC,WAAW,EAAE,CAAC;QAChB,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,gBAAgB;aAC1B;SACF,CAAA;IACH,CAAC;IAED,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;IACzD,MAAM,oBAAoB,GAAG,MAAM,IAAA,8BAAoB,EAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACzE,IAAG,oBAAoB,EAAE,CAAC;QACxB,IAAG,WAAW,KAAK,GAAG,EAAE,CAAC;YACvB,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,mBAAmB;iBAC7B;aACF,CAAA;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,aAAa,GAAG,MAAM,IAAA,mCAAyB,EAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;QACpF,IAAG,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,mBAAmB;iBAC7B;aAEF,CAAA;QACH,CAAC;aAAM,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,yBAAyB;iBACnC;aACF,CAAA;QACH,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,6BAA6B,CAAC,UAAU,CAAC,CAAC;IAEtE,MAAM,gBAAgB,GAAG,IAAA,kCAAS,EAAC;QACjC,OAAO,EAAE,IAAI,2BAAc,CACzB,UAAU,CAAC,OAAO,CAAC,SAAS,EAC5B;YACE,QAAQ,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ;YAC9C,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS;SACjD,EACD,UAAU,CAAC,OAAO,CAAC,MAAM,EACzB,IAAI,sCAAkB,CAAC,aAAa,CAAC,CACtC;QACD,gBAAgB;QAChB,sBAAsB;QACtB,cAAc;QACd,oBAAoB;KACrB,CAAC,CAAA;IAEF,OAAO;QACL,QAAQ,EAAE,gBAAgB;KAC3B,CAAA;AACH,CAAC;AAEM,KAAK,UAAU,6BAA6B,CAAC,UAAsB;IACxE,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;IACzD,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC,MAAM,IAAA,6CAA4B,EAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,CAAA;IAE3G,4FAA4F;IAC5F,MAAM,kBAAkB,GAAsC,EAAE,CAAC;IACjE,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACnE,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACvD,MAAM,YAAY,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QACvC,IAAI,yBAAyB,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,uBAAuB,CAAC,YAAY,EAAE,yBAAyB,CAAC,EAAE,CAAC;YAEpH,MAAM,aAAa,GAAG,MAAM,IAAA,kCAAiB,EAAC,YAAY,CAAC,CAAC;YAC5D,MAAM,aAAa,GAAG,MAAM,IAAA,wCAAuB,EAAC,GAAG,CAAC,CAAC;YAEzD,IAAG,IAAA,wCAAmB,EAAC,aAAa,CAAC,EAAE,CAAC;gBACtC,kBAAkB,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;YACrD,CAAC;iBAAM,IAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC/B,kBAAkB,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC/C,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC;YAC5C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,kBAAkB,CAAA;AAC3B,CAAC;AAED,SAAS,uBAAuB,CAAC,YAAoB,EAAE,gBAA6B;IAClF,MAAM,eAAe,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAClD,IAAG,eAAe,KAAK,CAAC,CAAC,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,GAAG,CAAC,CAAC,CAAC;IAC1D,KAAI,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;QACvC,IAAG,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC"}
package/dist/cjs/simulation_engine/unsafeSimulationEngine.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"unsafeSimulationEngine.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/unsafeSimulationEngine.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAGvD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,UAAU,EAAE,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAAG,gBAAgB,CAyB3H"}
1
+ {"version":3,"file":"unsafeSimulationEngine.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/unsafeSimulationEngine.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAGvD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,UAAU,EAAE,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAAG,gBAAgB,CA6B3H"}
package/dist/cjs/simulation_engine/unsafeSimulationEngine.js CHANGED
@@ -14,15 +14,16 @@ const requestContext_js_1 = require("../requestContext.js");
14
14
  * @returns The result of the simulation.
15
15
  */
16
16
  function runUnsafeSimulation(simulation, simulationOptions) {
17
- const identityPolicies = Object.values(simulation.identityPolicies).map(p => (0, iam_policy_1.loadAnnotatedPolicy)(p.policy));
17
+ const identityPolicies = Object.values(simulation.identityPolicies).map(p => (0, iam_policy_1.loadPolicy)(p.policy));
18
18
  const serviceControlPolicies = simulation.serviceControlPolicies.map((scp) => {
19
19
  const ouId = scp.orgIdentifier;
20
- const policies = scp.policies.map(val => (0, iam_policy_1.loadAnnotatedPolicy)(val.policy));
20
+ const policies = scp.policies.map(val => (0, iam_policy_1.loadPolicy)(val.policy));
21
21
  return {
22
22
  orgIdentifier: ouId,
23
23
  policies: policies
24
24
  };
25
25
  });
26
+ const permissionBoundaries = simulation.permissionBoundaryPolicies?.map(val => (0, iam_policy_1.loadPolicy)(val.policy)) ?? undefined;
26
27
  const requestContext = new requestContext_js_1.RequestContextImpl(simulation.request.contextVariables);
27
28
  const request = new request_js_1.AwsRequestImpl(simulation.request.principal, {
28
29
  resource: simulation.request.resource.resource,
@@ -32,7 +33,8 @@ function runUnsafeSimulation(simulation, simulationOptions) {
32
33
  request,
33
34
  identityPolicies,
34
35
  serviceControlPolicies,
35
- resourcePolicy: simulation.resourcePolicy ? (0, iam_policy_1.loadAnnotatedPolicy)(simulation.resourcePolicy) : undefined
36
+ resourcePolicy: simulation.resourcePolicy ? (0, iam_policy_1.loadPolicy)(simulation.resourcePolicy) : undefined,
37
+ permissionBoundaries
36
38
  });
37
39
  return analysis.result;
38
40
  }
package/dist/cjs/simulation_engine/unsafeSimulationEngine.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"unsafeSimulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/unsafeSimulationEngine.ts"],"names":[],"mappings":";;AAgBA,kDAyBC;AAzCD,0DAAgE;AAChE,kFAA0F;AAE1F,sDAAuD;AACvD,4DAA0D;AAI1D;;;;;;;GAOG;AACH,SAAgB,mBAAmB,CAAC,UAAsB,EAAE,iBAA6C;IACvG,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAA,gCAAmB,EAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;IAC5G,MAAM,sBAAsB,GAA6B,UAAU,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACrG,MAAM,IAAI,GAAG,GAAG,CAAC,aAAa,CAAC;QAC/B,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,IAAA,gCAAmB,EAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;QAE1E,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,QAAQ,EAAE,QAAQ;SACnB,CAAA;IACH,CAAC,CAAC,CAAA;IACF,MAAM,cAAc,GAAG,IAAI,sCAAkB,CAAC,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;IAClF,MAAM,OAAO,GAAG,IAAI,2BAAc,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,EAAE;QAC/D,QAAQ,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ;QAC9C,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS;KACjD,EAAE,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAE9C,MAAM,QAAQ,GAAG,IAAA,kCAAS,EAAC;QACzB,OAAO;QACP,gBAAgB;QAChB,sBAAsB;QACtB,cAAc,EAAE,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,IAAA,gCAAmB,EAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS;KACvG,CAAC,CAAC;IAEH,OAAO,QAAQ,CAAC,MAAM,CAAC;AACzB,CAAC"}
1
+ {"version":3,"file":"unsafeSimulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/unsafeSimulationEngine.ts"],"names":[],"mappings":";;AAgBA,kDA6BC;AA7CD,0DAAuD;AACvD,kFAA0F;AAE1F,sDAAuD;AACvD,4DAA0D;AAI1D;;;;;;;GAOG;AACH,SAAgB,mBAAmB,CAAC,UAAsB,EAAE,iBAA6C;IACvG,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAA,uBAAU,EAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;IACnG,MAAM,sBAAsB,GAA6B,UAAU,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACrG,MAAM,IAAI,GAAG,GAAG,CAAC,aAAa,CAAC;QAC/B,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,IAAA,uBAAU,EAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;QAEjE,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,QAAQ,EAAE,QAAQ;SACnB,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,oBAAoB,GAAG,UAAU,CAAC,0BAA0B,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,IAAA,uBAAU,EAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,SAAS,CAAC;IAEpH,MAAM,cAAc,GAAG,IAAI,sCAAkB,CAAC,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;IAClF,MAAM,OAAO,GAAG,IAAI,2BAAc,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,EAAE;QAC/D,QAAQ,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ;QAC9C,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS;KACjD,EAAE,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAE9C,MAAM,QAAQ,GAAG,IAAA,kCAAS,EAAC;QACzB,OAAO;QACP,gBAAgB;QAChB,sBAAsB;QACtB,cAAc,EAAE,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,IAAA,uBAAU,EAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS;QAC7F,oBAAoB;KACrB,CAAC,CAAC;IAEH,OAAO,QAAQ,CAAC,MAAM,CAAC;AACzB,CAAC"}
package/dist/cjs/util.d.ts CHANGED
@@ -1,7 +1,8 @@
1
1
  import { ResourceType } from '@cloud-copilot/iam-data';
2
2
  import { AwsRequest } from './request/request.js';
3
- interface StringReplaceOptions {
3
+ export interface StringReplaceOptions {
4
4
  replaceWildcards: boolean;
5
+ convertToRegex: boolean;
5
6
  }
6
7
  /**
7
8
  * This will convert a string to a regex that can be used to match against a string.
@@ -11,7 +12,14 @@ interface StringReplaceOptions {
11
12
  * @param requestContext the request context to get the variable values from
12
13
  * @returns a regex that can be used to match against a string
13
14
  */
14
- export declare function convertIamStringToRegex(value: string, request: AwsRequest, replaceOptions?: Partial<StringReplaceOptions>): RegExp;
15
+ export declare function convertIamString(value: string, request: AwsRequest, replaceOptions: {
16
+ replaceWildcards?: boolean;
17
+ convertToRegex: false;
18
+ }): string;
19
+ export declare function convertIamString(value: string, request: AwsRequest, replaceOptions?: Partial<StringReplaceOptions>): {
20
+ pattern: RegExp;
21
+ errors?: string[];
22
+ };
15
23
  export interface ArnParts {
16
24
  partition: string | undefined;
17
25
  service: string | undefined;
@@ -89,5 +97,25 @@ export declare function lowerCaseAll(strings: string[]): string[];
89
97
  * @returns the variables in the string, if any
90
98
  */
91
99
  export declare function getVariablesFromString(value: string): string[];
92
- export {};
100
+ /**
101
+ * Tests if a principal string is an assumed role ARN
102
+ *
103
+ * @param principal the principal string to test
104
+ * @returns true if the principal is an assumed role ARN, false otherwise
105
+ */
106
+ export declare function isAssumedRoleArn(principal: string): boolean;
107
+ /**
108
+ * Test if a principal string is an IAM user ARN
109
+ *
110
+ * @param principal the principal string to test
111
+ * @returns true if the principal is an IAM user ARN, false otherwise
112
+ */
113
+ export declare function isIamUserArn(principal: string): boolean;
114
+ /**
115
+ * Test if a principal string is a federated user ARN
116
+ *
117
+ * @param principal the principal string to test
118
+ * @returns true if the principal is a federated user ARN, false otherwise
119
+ */
120
+ export declare function isFederatedUserArn(principal: string): boolean;
93
121
  //# sourceMappingURL=util.d.ts.map
package/dist/cjs/util.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../src/util.ts"],"names":[],"mappings":"AAAA,OAAO,EAA4C,YAAY,EAAE,MAAM,yBAAyB,CAAA;AAChG,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AAIjD,UAAU,oBAAoB;IAC5B,gBAAgB,EAAE,OAAO,CAAA;CAC1B;AAMD;;;;;;;GAOG;AACH,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,oBAAoB,CAAC,GAAG,MAAM,CA4DlI;AA8CD,MAAM,WAAW,QAAQ;IACvB,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,OAAO,EAAE,MAAM,GAAG,SAAS,CAAA;IAC3B,MAAM,EAAE,MAAM,GAAG,SAAS,CAAA;IAC1B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;IAC5B,YAAY,EAAE,MAAM,GAAG,SAAS,CAAA;IAChC,YAAY,EAAE,MAAM,GAAG,SAAS,CAAA;CACjC;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,QAAQ,CAyBnD;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAgBtE;AAED;;;;;GAKG;AACH,wBAAgB,SAAS,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,SAAS,GAAG,KAAK,IAAI,CAAC,CAE7D;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,SAAS,GAAG,KAAK,IAAI,SAAS,CAExE;AAED;;;;;;;GAOG;AACH,wBAAsB,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAG5F;AAED;;;;;;;GAOG;AACH,wBAAsB,yBAAyB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAiB1H;AAED;;;;;GAKG;AACH,wBAAgB,6BAA6B,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAOrE;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAExD;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAY9D"}
1
+ {"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../src/util.ts"],"names":[],"mappings":"AAAA,OAAO,EAA4C,YAAY,EAAE,MAAM,yBAAyB,CAAA;AAChG,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AAIjD,MAAM,WAAW,oBAAoB;IACnC,gBAAgB,EAAE,OAAO,CAAA;IACzB,cAAc,EAAE,OAAO,CAAA;CACxB;AAOD;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE;IAAC,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAAC,cAAc,EAAE,KAAK,CAAA;CAAC,GAAG,MAAM,CAAC;AAClJ,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,oBAAoB,CAAC,GAAG;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;CAAC,CAAC;AA4H3J,MAAM,WAAW,QAAQ;IACvB,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,OAAO,EAAE,MAAM,GAAG,SAAS,CAAA;IAC3B,MAAM,EAAE,MAAM,GAAG,SAAS,CAAA;IAC1B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;IAC5B,YAAY,EAAE,MAAM,GAAG,SAAS,CAAA;IAChC,YAAY,EAAE,MAAM,GAAG,SAAS,CAAA;CACjC;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,QAAQ,CAyBnD;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAgBtE;AAED;;;;;GAKG;AACH,wBAAgB,SAAS,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,SAAS,GAAG,KAAK,IAAI,CAAC,CAE7D;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,SAAS,GAAG,KAAK,IAAI,SAAS,CAExE;AAED;;;;;;;GAOG;AACH,wBAAsB,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAG5F;AAED;;;;;;;GAOG;AACH,wBAAsB,yBAAyB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAiB1H;AAED;;;;;GAKG;AACH,wBAAgB,6BAA6B,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAOrE;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAExD;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAY9D;AAID;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAE3D;AAID;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAEvD;AAID;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAE7D"}
package/dist/cjs/util.js CHANGED
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.convertIamStringToRegex = convertIamStringToRegex;
3
+ exports.convertIamString = convertIamString;
4
4
  exports.splitArnParts = splitArnParts;
5
5
  exports.getResourceSegments = getResourceSegments;
6
6
  exports.isDefined = isDefined;
@@ -10,41 +10,37 @@ exports.getResourceTypesForAction = getResourceTypesForAction;
10
10
  exports.convertResourcePatternToRegex = convertResourcePatternToRegex;
11
11
  exports.lowerCaseAll = lowerCaseAll;
12
12
  exports.getVariablesFromString = getVariablesFromString;
13
+ exports.isAssumedRoleArn = isAssumedRoleArn;
14
+ exports.isIamUserArn = isIamUserArn;
15
+ exports.isFederatedUserArn = isFederatedUserArn;
13
16
  const iam_data_1 = require("@cloud-copilot/iam-data");
14
17
  const matchesNothing = new RegExp('a^');
15
18
  const defaultStringReplaceOptions = {
16
- replaceWildcards: true
19
+ replaceWildcards: true,
20
+ convertToRegex: true
17
21
  };
18
- /**
19
- * This will convert a string to a regex that can be used to match against a string.
20
- * This will replace any variables in the string with the value of the variable in the request context.
21
- *
22
- * @param value the string to convert to a regex
23
- * @param requestContext the request context to get the variable values from
24
- * @returns a regex that can be used to match against a string
25
- */
26
- function convertIamStringToRegex(value, request, replaceOptions) {
22
+ function convertIamString(value, request, replaceOptions) {
27
23
  const options = { ...defaultStringReplaceOptions, ...replaceOptions };
28
- let invalidVariableFound = false;
24
+ const errors = [];
29
25
  const newValue = value.replaceAll(/(\$\{.*?\})|(\*)|(\?)/ig, (match, args) => {
30
26
  if (match == "?") {
31
- return replacementValue('\\?', '.', options.replaceWildcards);
27
+ return replacementValue(match, '\\?', '.', options);
32
28
  // return '.'
33
29
  }
34
30
  else if (match == "*") {
35
- return replacementValue('\\*', ".*?", options.replaceWildcards);
31
+ return replacementValue(match, '\\*', ".*?", options);
36
32
  // return ".*?"
37
33
  }
38
34
  else if (match == "${*}") {
39
- return replacementValue("\\$\\{\\*\\}", "\\*", options.replaceWildcards);
35
+ return replacementValue(match, "\\$\\{\\*\\}", "\\*", options);
40
36
  // return "\\*"
41
37
  }
42
38
  else if (match == "${?}") {
43
- return replacementValue("\\$\\{\\?\\}", "\\?", options.replaceWildcards);
39
+ return replacementValue(match, "\\$\\{\\?\\}", "\\?", options);
44
40
  // return "\\?"
45
41
  }
46
42
  else if (match == "${$}") {
47
- return replacementValue("\\$\\{\\$\\}", "\\$", options.replaceWildcards);
43
+ return replacementValue(match, "\\$\\{\\$\\}", "\\$", options);
48
44
  // return "\\$"
49
45
  }
50
46
  //
@@ -59,30 +55,40 @@ function convertIamStringToRegex(value, request, replaceOptions) {
59
55
  }
60
56
  }
61
57
  const variableName = defaultParts.at(0).trim();
62
- const requestValue = getContextSingleValue(request, variableName);
58
+ const { value: requestValue, error: requestValueError } = getContextSingleValue(request, variableName);
63
59
  if (requestValue) {
64
- return escapeRegexCharacters(requestValue);
60
+ //TODO: Maybe escpae the * in the resolved value to ${*}
61
+ return options.convertToRegex ? escapeRegexCharacters(requestValue) : requestValue;
65
62
  }
66
63
  else if (defaultValue) {
67
64
  /*
68
65
  TODO: What happens in a request if a multi value context key is used in a string and there
69
66
  is a default value? Will it use the default value or will it fail the condition test?
70
67
  */
71
- return escapeRegexCharacters(defaultValue);
68
+ //TODO: Maybe escpae the * in the resolved value to ${*}
69
+ return options.convertToRegex ? escapeRegexCharacters(defaultValue) : defaultValue;
72
70
  }
73
71
  else {
74
- invalidVariableFound = true;
72
+ if (requestValueError == 'missing') {
73
+ errors.push(`{${variableName}} not found in request context, and no default value provided. This will never match`);
74
+ }
75
+ else if (requestValueError == 'multivalue') {
76
+ errors.push(`{${variableName}} is a multi value context key, and cannot be used for replacement. This will never match`);
77
+ }
75
78
  /*
76
79
  https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#policy-vars-no-value
77
80
  */
78
- return "--undefined---";
81
+ return match;
79
82
  }
80
83
  throw new Error('This should never happen');
81
84
  });
82
- if (invalidVariableFound) {
83
- return matchesNothing;
85
+ if (!options.convertToRegex) {
86
+ return newValue;
84
87
  }
85
- return new RegExp('^' + newValue + '$');
88
+ if (errors.length > 0) {
89
+ return { pattern: matchesNothing, errors };
90
+ }
91
+ return { pattern: new RegExp('^' + newValue + '$') };
86
92
  }
87
93
  /**
88
94
  * Replace regex characters in a string with their escaped versions
@@ -102,27 +108,33 @@ function escapeRegexCharacters(str) {
102
108
  */
103
109
  function getContextSingleValue(request, contextKeyName) {
104
110
  if (!request.contextKeyExists(contextKeyName)) {
105
- return undefined;
111
+ return {
112
+ error: 'missing'
113
+ };
106
114
  }
107
115
  const keyValue = request.getContextKeyValue(contextKeyName);
108
116
  if (keyValue.isStringValue()) {
109
- return keyValue.value;
117
+ return { value: keyValue.value };
110
118
  }
111
- return undefined;
119
+ return { error: 'multivalue' };
112
120
  }
113
121
  /**
114
122
  * Get the replacement value for a string
115
123
  *
124
+ * @param originalString the original string to replace the value of
116
125
  * @param rawString the string to replace the value in
117
126
  * @param wildcard the value to replace the wildcard with
118
127
  * @param replaceWildcards if the wildcard or raw string should be used
119
128
  * @returns
120
129
  */
121
- function replacementValue(rawString, wildcard, replaceWildcards) {
122
- if (replaceWildcards) {
123
- return wildcard;
130
+ function replacementValue(original, escaped, regex, options) {
131
+ if (!options.convertToRegex) {
132
+ return original;
133
+ }
134
+ if (options.replaceWildcards) {
135
+ return regex;
124
136
  }
125
- return rawString;
137
+ return escaped;
126
138
  }
127
139
  /**
128
140
  * Split an ARN into its parts
@@ -275,4 +287,34 @@ function getVariablesFromString(value) {
275
287
  }
276
288
  return [];
277
289
  }
290
+ const assumedRoleArnRegex = /^arn:aws:sts::\d{12}:assumed-role\/.*$/;
291
+ /**
292
+ * Tests if a principal string is an assumed role ARN
293
+ *
294
+ * @param principal the principal string to test
295
+ * @returns true if the principal is an assumed role ARN, false otherwise
296
+ */
297
+ function isAssumedRoleArn(principal) {
298
+ return assumedRoleArnRegex.test(principal);
299
+ }
300
+ const userArnRegex = /^arn:aws:iam::\d{12}:user\/.*$/;
301
+ /**
302
+ * Test if a principal string is an IAM user ARN
303
+ *
304
+ * @param principal the principal string to test
305
+ * @returns true if the principal is an IAM user ARN, false otherwise
306
+ */
307
+ function isIamUserArn(principal) {
308
+ return userArnRegex.test(principal);
309
+ }
310
+ const federatedUserArnRegex = /^arn:aws:sts::\d{12}:federated-user\/.*$/;
311
+ /**
312
+ * Test if a principal string is a federated user ARN
313
+ *
314
+ * @param principal the principal string to test
315
+ * @returns true if the principal is a federated user ARN, false otherwise
316
+ */
317
+ function isFederatedUserArn(principal) {
318
+ return federatedUserArnRegex.test(principal);
319
+ }
278
320
  //# sourceMappingURL=util.js.map
package/dist/cjs/util.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"util.js","sourceRoot":"","sources":["../../src/util.ts"],"names":[],"mappings":";;AAqBA,0DA4DC;AA8DD,sCAyBC;AASD,kDAgBC;AAQD,8BAEC;AAQD,oCAEC;AAUD,oDAGC;AAUD,8DAiBC;AAQD,sEAOC;AAQD,oCAEC;AAQD,wDAYC;AA1SD,sDAAgG;AAGhG,MAAM,cAAc,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,CAAA;AAMvC,MAAM,2BAA2B,GAAyB;IACxD,gBAAgB,EAAE,IAAI;CACvB,CAAA;AAED;;;;;;;GAOG;AACH,SAAgB,uBAAuB,CAAC,KAAa,EAAE,OAAmB,EAAE,cAA8C;IACxH,MAAM,OAAO,GAAG,EAAC,GAAG,2BAA2B,EAAE,GAAG,cAAc,EAAC,CAAA;IAEnE,IAAI,oBAAoB,GAAG,KAAK,CAAA;IAChC,MAAM,QAAQ,GAAG,KAAK,CAAC,UAAU,CAAC,yBAAyB,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QAC3E,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;YACjB,OAAO,gBAAgB,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAA;YAC7D,aAAa;QACf,CAAC;aAAM,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;YACxB,OAAO,gBAAgB,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAA;YAC/D,eAAe;QACjB,CAAC;aAAM,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,gBAAgB,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAA;YACxE,eAAe;QACjB,CAAC;aAAM,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,gBAAgB,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAA;YACxE,eAAe;QACjB,CAAC;aAAM,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,gBAAgB,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAA;YACxE,eAAe;QACjB,CAAC;QACD,EAAE;QACF,4BAA4B;QAC5B,MAAM,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QAExC,IAAI,YAAY,GAAG,SAAS,CAAA;QAC5B,MAAM,YAAY,GAAG,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QAC9C,IAAG,YAAY,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YAC5B,MAAM,iBAAiB,GAAG,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YAC5C,IAAG,iBAAiB,EAAE,UAAU,CAAC,GAAG,CAAC,IAAI,iBAAiB,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACzE,YAAY,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YAC/C,CAAC;QACH,CAAC;QACD,MAAM,YAAY,GAAG,YAAY,CAAC,EAAE,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAA;QAE/C,MAAM,YAAY,GAAG,qBAAqB,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;QAEjE,IAAG,YAAY,EAAE,CAAC;YAChB,OAAO,qBAAqB,CAAC,YAAY,CAAC,CAAA;QAC5C,CAAC;aAAM,IAAG,YAAY,EAAE,CAAC;YACvB;;;cAGE;YACF,OAAO,qBAAqB,CAAC,YAAY,CAAC,CAAA;QAC5C,CAAC;aAAM,CAAC;YACN,oBAAoB,GAAG,IAAI,CAAA;YAC3B;;cAEE;YACF,OAAO,gBAAgB,CAAA;QACzB,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAA;IAC7C,CAAC,CAAC,CAAA;IAEF,IAAG,oBAAoB,EAAE,CAAC;QACxB,OAAO,cAAc,CAAA;IACvB,CAAC;IACD,OAAO,IAAI,MAAM,CAAC,GAAG,GAAG,QAAQ,GAAG,GAAG,CAAC,CAAA;AACzC,CAAC;AAED;;;;;GAKG;AACH,SAAS,qBAAqB,CAAC,GAAW;IACxC,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC;AAED;;;;;;GAMG;AACH,SAAS,qBAAqB,CAAC,OAAmB,EAAE,cAAsB;IACxE,IAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,cAAc,CAAC,EAAE,CAAC;QAC7C,OAAO,SAAS,CAAA;IAClB,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAA;IAC3D,IAAG,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC;QAC5B,OAAO,QAAQ,CAAC,KAAK,CAAA;IACvB,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,gBAAgB,CAAC,SAAiB,EAAE,QAAgB,EAAE,gBAAyB;IACtF,IAAG,gBAAgB,EAAE,CAAC;QACpB,OAAO,QAAQ,CAAA;IACjB,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAYD;;;;;GAKG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC5B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC7B,MAAM,OAAO,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC3B,MAAM,MAAM,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC1B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC7B,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAEzC,IAAI,YAAY,GAAG,SAAS,CAAA;IAC5B,IAAI,YAAY,GAAG,SAAS,CAAA;IAC5B,IAAG,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,IAAI,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACtD,MAAM,CAAC,mBAAmB,EAAE,mBAAmB,CAAC,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAA;QAChF,YAAY,GAAG,mBAAmB,CAAA;QAClC,YAAY,GAAG,mBAAmB,CAAA;IACpC,CAAC;IAED,OAAO;QACL,SAAS;QACT,OAAO;QACP,MAAM;QACN,SAAS;QACT,QAAQ;QACR,YAAY;QACZ,YAAY;KACb,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,mBAAmB,CAAC,QAAgB;IAClD,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACxC,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAExC,IAAI,UAAU,GAAG,UAAU,CAAA;IAC3B,IAAG,UAAU,IAAI,CAAC,CAAC,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QACxC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,CAAA;IACnD,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,4BAA4B,QAAQ,EAAE,CAAC,CAAA;IACzD,CAAC;IAED,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAA;AACpE,CAAC;AAED;;;;;GAKG;AACH,SAAgB,SAAS,CAAI,KAAoB;IAC/C,OAAO,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,CAAC;AAC/C,CAAC;AAED;;;;;GAKG;AACH,SAAgB,YAAY,CAAI,KAAoB;IAClD,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;AAC1B,CAAC;AAED;;;;;;;GAOG;AACI,KAAK,UAAU,oBAAoB,CAAC,OAAe,EAAE,MAAc;IACxE,MAAM,aAAa,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IAC7D,OAAO,aAAa,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,CAAA;AACjD,CAAC;AAED;;;;;;;GAOG;AACI,KAAK,UAAU,yBAAyB,CAAC,OAAe,EAAE,MAAc,EAAE,QAAgB;IAC/F,MAAM,aAAa,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IAC7D,IAAG,aAAa,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,IAAI,MAAM,mCAAmC,CAAC,CAAA;IAC1E,CAAC;IAED,MAAM,qBAAqB,GAAmB,EAAE,CAAC;IACjD,KAAI,MAAM,EAAE,IAAI,aAAa,CAAC,aAAa,EAAE,CAAC;QAC5C,MAAM,YAAY,GAAG,MAAM,IAAA,iCAAsB,EAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;QACpE,MAAM,OAAO,GAAG,6BAA6B,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QAChE,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;QAClD,IAAG,KAAK,EAAE,CAAC;YACT,qBAAqB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAED,OAAO,qBAAqB,CAAA;AAC9B,CAAC;AAED;;;;;GAKG;AACH,SAAgB,6BAA6B,CAAC,OAAe;IAC3D,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,EAAE;QACpD,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;QAC/D,OAAO,MAAM,SAAS,SAAS,CAAA;IACjC,CAAC,CAAC,CAAA;IACF,OAAO,IAAI,KAAK,GAAG,CAAA;AACrB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,YAAY,CAAC,OAAiB;IAC5C,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAA;AAC1C,CAAC;AAED;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,KAAa;IAClD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,CAAA;IACzC,IAAG,OAAO,EAAE,CAAC;QACX,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACvB,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YACjC,IAAG,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC5B,OAAO,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;YACxC,CAAC;YACD,OAAO,UAAU,CAAA;QACnB,CAAC,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC"}
1
+ {"version":3,"file":"util.js","sourceRoot":"","sources":["../../src/util.ts"],"names":[],"mappings":";;AAyBA,4CAuEC;AAoED,sCAyBC;AASD,kDAgBC;AAQD,8BAEC;AAQD,oCAEC;AAUD,oDAGC;AAUD,8DAiBC;AAQD,sEAOC;AAQD,oCAEC;AAQD,wDAYC;AAUD,4CAEC;AAUD,oCAEC;AAUD,gDAEC;AAnWD,sDAAgG;AAGhG,MAAM,cAAc,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,CAAA;AAOvC,MAAM,2BAA2B,GAAyB;IACxD,gBAAgB,EAAE,IAAI;IACtB,cAAc,EAAE,IAAI;CACrB,CAAA;AAYD,SAAgB,gBAAgB,CAAC,KAAa,EAAE,OAAmB,EAAE,cAA8C;IACjH,MAAM,OAAO,GAAG,EAAC,GAAG,2BAA2B,EAAE,GAAG,cAAc,EAAC,CAAA;IAEnE,MAAM,MAAM,GAAa,EAAE,CAAA;IAC3B,MAAM,QAAQ,GAAG,KAAK,CAAC,UAAU,CAAC,yBAAyB,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QAC3E,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;YACjB,OAAO,gBAAgB,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;YACnD,aAAa;QACf,CAAC;aAAM,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;YACxB,OAAO,gBAAgB,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,CAAA;YACrD,eAAe;QACjB,CAAC;aAAM,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,gBAAgB,CAAC,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE,OAAO,CAAC,CAAA;YAC9D,eAAe;QACjB,CAAC;aAAM,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,gBAAgB,CAAC,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE,OAAO,CAAC,CAAA;YAC9D,eAAe;QACjB,CAAC;aAAM,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,gBAAgB,CAAC,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE,OAAO,CAAC,CAAA;YAC9D,eAAe;QACjB,CAAC;QACD,EAAE;QACF,4BAA4B;QAC5B,MAAM,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QAExC,IAAI,YAAY,GAAG,SAAS,CAAA;QAC5B,MAAM,YAAY,GAAG,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QAC9C,IAAG,YAAY,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YAC5B,MAAM,iBAAiB,GAAG,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YAC5C,IAAG,iBAAiB,EAAE,UAAU,CAAC,GAAG,CAAC,IAAI,iBAAiB,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACzE,YAAY,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YAC/C,CAAC;QACH,CAAC;QACD,MAAM,YAAY,GAAG,YAAY,CAAC,EAAE,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAA;QAE/C,MAAM,EAAC,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,iBAAiB,EAAC,GAAG,qBAAqB,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;QAEpG,IAAG,YAAY,EAAE,CAAC;YAChB,wDAAwD;YACxD,OAAO,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAA;QACpF,CAAC;aAAM,IAAG,YAAY,EAAE,CAAC;YACvB;;;cAGE;YACH,wDAAwD;YACvD,OAAO,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAA;QACpF,CAAC;aAAM,CAAC;YACN,IAAG,iBAAiB,IAAI,SAAS,EAAE,CAAC;gBAClC,MAAM,CAAC,IAAI,CAAC,IAAI,YAAY,sFAAsF,CAAC,CAAA;YACrH,CAAC;iBAAM,IAAG,iBAAiB,IAAI,YAAY,EAAE,CAAC;gBAC5C,MAAM,CAAC,IAAI,CAAC,IAAI,YAAY,2FAA2F,CAAC,CAAA;YAC1H,CAAC;YACD;;cAEE;YACF,OAAO,KAAK,CAAA;QACd,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAA;IAC7C,CAAC,CAAC,CAAA;IAEF,IAAG,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;QAC3B,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,IAAG,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrB,OAAO,EAAC,OAAO,EAAE,cAAc,EAAE,MAAM,EAAC,CAAA;IAC1C,CAAC;IAED,OAAO,EAAC,OAAO,EAAE,IAAI,MAAM,CAAC,GAAG,GAAG,QAAQ,GAAG,GAAG,CAAC,EAAC,CAAA;AACpD,CAAC;AAED;;;;;GAKG;AACH,SAAS,qBAAqB,CAAC,GAAW;IACxC,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC;AAED;;;;;;GAMG;AACH,SAAS,qBAAqB,CAAC,OAAmB,EAAE,cAAsB;IACxE,IAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,cAAc,CAAC,EAAE,CAAC;QAC7C,OAAO;YACL,KAAK,EAAE,SAAS;SACjB,CAAA;IACH,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAA;IAC3D,IAAG,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC;QAC5B,OAAO,EAAC,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAC,CAAA;IAChC,CAAC;IAED,OAAO,EAAC,KAAK,EAAE,YAAY,EAAC,CAAA;AAC9B,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,gBAAgB,CAAC,QAAgB,EAAE,OAAe,EAAE,KAAa,EAAE,OAA6B;IACvG,IAAG,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;QAC3B,OAAO,QAAQ,CAAA;IACjB,CAAC;IACD,IAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;QAC5B,OAAO,KAAK,CAAA;IACd,CAAC;IACD,OAAO,OAAO,CAAA;AAChB,CAAC;AAYD;;;;;GAKG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC5B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC7B,MAAM,OAAO,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC3B,MAAM,MAAM,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC1B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC7B,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAEzC,IAAI,YAAY,GAAG,SAAS,CAAA;IAC5B,IAAI,YAAY,GAAG,SAAS,CAAA;IAC5B,IAAG,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,IAAI,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACtD,MAAM,CAAC,mBAAmB,EAAE,mBAAmB,CAAC,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAA;QAChF,YAAY,GAAG,mBAAmB,CAAA;QAClC,YAAY,GAAG,mBAAmB,CAAA;IACpC,CAAC;IAED,OAAO;QACL,SAAS;QACT,OAAO;QACP,MAAM;QACN,SAAS;QACT,QAAQ;QACR,YAAY;QACZ,YAAY;KACb,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,mBAAmB,CAAC,QAAgB;IAClD,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACxC,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAExC,IAAI,UAAU,GAAG,UAAU,CAAA;IAC3B,IAAG,UAAU,IAAI,CAAC,CAAC,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QACxC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,CAAA;IACnD,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,4BAA4B,QAAQ,EAAE,CAAC,CAAA;IACzD,CAAC;IAED,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAA;AACpE,CAAC;AAED;;;;;GAKG;AACH,SAAgB,SAAS,CAAI,KAAoB;IAC/C,OAAO,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,CAAC;AAC/C,CAAC;AAED;;;;;GAKG;AACH,SAAgB,YAAY,CAAI,KAAoB;IAClD,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;AAC1B,CAAC;AAED;;;;;;;GAOG;AACI,KAAK,UAAU,oBAAoB,CAAC,OAAe,EAAE,MAAc;IACxE,MAAM,aAAa,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IAC7D,OAAO,aAAa,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,CAAA;AACjD,CAAC;AAED;;;;;;;GAOG;AACI,KAAK,UAAU,yBAAyB,CAAC,OAAe,EAAE,MAAc,EAAE,QAAgB;IAC/F,MAAM,aAAa,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IAC7D,IAAG,aAAa,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,IAAI,MAAM,mCAAmC,CAAC,CAAA;IAC1E,CAAC;IAED,MAAM,qBAAqB,GAAmB,EAAE,CAAC;IACjD,KAAI,MAAM,EAAE,IAAI,aAAa,CAAC,aAAa,EAAE,CAAC;QAC5C,MAAM,YAAY,GAAG,MAAM,IAAA,iCAAsB,EAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;QACpE,MAAM,OAAO,GAAG,6BAA6B,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QAChE,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;QAClD,IAAG,KAAK,EAAE,CAAC;YACT,qBAAqB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAED,OAAO,qBAAqB,CAAA;AAC9B,CAAC;AAED;;;;;GAKG;AACH,SAAgB,6BAA6B,CAAC,OAAe;IAC3D,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,EAAE;QACpD,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;QAC/D,OAAO,MAAM,SAAS,SAAS,CAAA;IACjC,CAAC,CAAC,CAAA;IACF,OAAO,IAAI,KAAK,GAAG,CAAA;AACrB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,YAAY,CAAC,OAAiB;IAC5C,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAA;AAC1C,CAAC;AAED;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,KAAa;IAClD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,CAAA;IACzC,IAAG,OAAO,EAAE,CAAC;QACX,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACvB,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YACjC,IAAG,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC5B,OAAO,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;YACxC,CAAC;YACD,OAAO,UAAU,CAAA;QACnB,CAAC,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC;AAED,MAAM,mBAAmB,GAAG,wCAAwC,CAAA;AAEpE;;;;;GAKG;AACH,SAAgB,gBAAgB,CAAC,SAAiB;IAChD,OAAO,mBAAmB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;AAC5C,CAAC;AAED,MAAM,YAAY,GAAG,gCAAgC,CAAA;AAErD;;;;;GAKG;AACH,SAAgB,YAAY,CAAC,SAAiB;IAC5C,OAAO,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;AACrC,CAAC;AAED,MAAM,qBAAqB,GAAG,0CAA0C,CAAA;AAExE;;;;;GAKG;AACH,SAAgB,kBAAkB,CAAC,SAAiB;IAClD,OAAO,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;AAC9C,CAAC"}
package/dist/esm/StatementAnalysis.js CHANGED
@@ -44,6 +44,6 @@ export function statementMatches(analysis) {
44
44
  return analysis.resourceMatch &&
45
45
  analysis.actionMatch &&
46
46
  analysis.conditionMatch === 'Match' &&
47
- (analysis.principalMatch === 'Match' || analysis.principalMatch === 'AccountLevelMatch');
47
+ ['Match', 'AccountLevelMatch', 'SessionRoleMatch', 'SessionUserMatch'].includes(analysis.principalMatch);
48
48
  }
49
49
  //# sourceMappingURL=StatementAnalysis.js.map
package/dist/esm/StatementAnalysis.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"StatementAnalysis.js","sourceRoot":"","sources":["../../src/StatementAnalysis.ts"],"names":[],"mappings":"AAsCA;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CAAC,SAA4B;IAClE,IAAG,SAAS,CAAC,aAAa;QACxB,SAAS,CAAC,WAAW;QACrB,SAAS,CAAC,cAAc,KAAK,OAAO;QACpC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,OAAO,EAAE,CAAC;QACzC,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,wFAAwF;AACxF,kCAAkC;AAClC,+BAA+B;AAC/B,gDAAgD;AAChD,kDAAkD;AAClD,qBAAqB;AACrB,MAAM;AACN,iBAAiB;AACjB,IAAI;AAEJ,uFAAuF;AACvF,kCAAkC;AAClC,+BAA+B;AAC/B,gDAAgD;AAChD,iDAAiD;AACjD,qBAAqB;AACrB,MAAM;AACN,iBAAiB;AACjB,IAAI;AAEJ,MAAM,UAAU,6BAA6B,CAAC,SAA4B;IACxE,IAAG,SAAS,CAAC,aAAa;QACxB,SAAS,CAAC,WAAW;QACrB,SAAS,CAAC,cAAc,KAAK,OAAO;QACpC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,MAAM,EAAE,CAAC;QACxC,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,QAAwG;IACvI,OAAO,QAAQ,CAAC,aAAa;QAC3B,QAAQ,CAAC,WAAW;QACpB,QAAQ,CAAC,cAAc,KAAK,OAAO;QACnC,CAAC,QAAQ,CAAC,cAAc,KAAK,OAAO,IAAI,QAAQ,CAAC,cAAc,KAAK,mBAAmB,CAAC,CAAC;AAC7F,CAAC"}
1
+ {"version":3,"file":"StatementAnalysis.js","sourceRoot":"","sources":["../../src/StatementAnalysis.ts"],"names":[],"mappings":"AAsCA;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CAAC,SAA4B;IAClE,IAAG,SAAS,CAAC,aAAa;QACxB,SAAS,CAAC,WAAW;QACrB,SAAS,CAAC,cAAc,KAAK,OAAO;QACpC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,OAAO,EAAE,CAAC;QACzC,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,wFAAwF;AACxF,kCAAkC;AAClC,+BAA+B;AAC/B,gDAAgD;AAChD,kDAAkD;AAClD,qBAAqB;AACrB,MAAM;AACN,iBAAiB;AACjB,IAAI;AAEJ,uFAAuF;AACvF,kCAAkC;AAClC,+BAA+B;AAC/B,gDAAgD;AAChD,iDAAiD;AACjD,qBAAqB;AACrB,MAAM;AACN,iBAAiB;AACjB,IAAI;AAEJ,MAAM,UAAU,6BAA6B,CAAC,SAA4B;IACxE,IAAG,SAAS,CAAC,aAAa;QACxB,SAAS,CAAC,WAAW;QACrB,SAAS,CAAC,cAAc,KAAK,OAAO;QACpC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,MAAM,EAAE,CAAC;QACxC,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,QAAwG;IACvI,OAAO,QAAQ,CAAC,aAAa;QAC3B,QAAQ,CAAC,WAAW;QACpB,QAAQ,CAAC,cAAc,KAAK,OAAO;QACnC,CAAC,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;AAC7G,CAAC"}
package/dist/esm/action/action.js CHANGED
@@ -60,7 +60,7 @@ export function requestMatchesNotActions(request, actions) {
60
60
  explain.matches = !explain.matches;
61
61
  return explain;
62
62
  });
63
- const matches = explains.some(explain => explain.matches);
63
+ const matches = !explains.some(explain => !explain.matches);
64
64
  return { matches, explains };
65
65
  }
66
66
  function requestMatchesSingleAction(request, action) {
package/dist/esm/action/action.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"action.js","sourceRoot":"","sources":["../../../src/action/action.ts"],"names":[],"mappings":"AAIA;;;;;;GAMG;AACH,MAAM,UAAU,8BAA8B,CAAC,OAAmB,EAAE,SAAoB;IACtF,IAAG,SAAS,CAAC,iBAAiB,EAAE,EAAE,CAAC;QACjC,MAAM,EAAC,OAAO,EAAE,QAAQ,EAAC,GAAG,qBAAqB,CAAC,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC;QAChF,IAAG,CAAC,SAAS,CAAC,aAAa,EAAE,EAAE,CAAC;YAC9B,OAAO,EAAC,OAAO,EAAE,OAAO,EAAE,EAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAC,EAAC,CAAC;QACpD,CAAC;QACD,OAAO,EAAC,OAAO,EAAE,OAAO,EAAE,EAAC,OAAO,EAAE,QAAQ,EAAC,EAAC,CAAC;IACjD,CAAC;SAAM,IAAI,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;QAC5C,MAAM,EAAC,OAAO,EAAE,QAAQ,EAAC,GAAG,wBAAwB,CAAC,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC,CAAC;QACtF,IAAG,CAAC,SAAS,CAAC,gBAAgB,EAAE,EAAE,CAAC;YACjC,OAAO,EAAC,OAAO,EAAE,OAAO,EAAE,EAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAC,EAAC,CAAC;QACvD,CAAC;QACD,OAAO,EAAC,OAAO,EAAE,OAAO,EAAE,EAAC,UAAU,EAAE,QAAQ,EAAC,EAAC,CAAC;IACpD,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;AAClE,CAAC;AAED;;;;;GAKG;AACH,SAAS,oBAAoB,CAAC,MAAc;IAC1C,IAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IACD,MAAM,OAAO,GAAG,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,GAAG,CAAA;IAC5E,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;AACjC,CAAC;AAGD;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAmB,EAAE,OAAiB;IAC1E,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,0BAA0B,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;IACpF,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC1D,OAAO,EAAC,OAAO,EAAE,QAAQ,EAAC,CAAC;AAC7B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,wBAAwB,CAAC,OAAmB,EAAE,OAAiB;IAC7E,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;QACpC,MAAM,OAAO,GAAG,0BAA0B,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QAC3D,OAAO,CAAC,OAAO,GAAG,CAAC,OAAO,CAAC,OAAO,CAAA;QAClC,OAAO,OAAO,CAAA;IAChB,CAAC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC1D,OAAO,EAAC,OAAO,EAAE,QAAQ,EAAC,CAAC;AAC7B,CAAC;AAED,SAAS,0BAA0B,CAAC,OAAmB,EAAE,MAAc;IACrE,IAAI,MAAM,CAAC,gBAAgB,EAAE,EAAE,CAAC;QAC9B,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE;YACtB,OAAO,EAAE,IAAI;SACd,CAAA;IACH,CAAC;SAAM,IAAG,MAAM,CAAC,eAAe,EAAE,EAAE,CAAC;QACnC,IAAG,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC;YAChD,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE;gBACtB,OAAO,EAAE,KAAK;aACf,CAAA;QACH,CAAC;QACD,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAC1D,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAA;QACzD,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE;YACtB,OAAO;SACR,CAAA;IACH,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;AACzC,CAAC"}
1
+ {"version":3,"file":"action.js","sourceRoot":"","sources":["../../../src/action/action.ts"],"names":[],"mappings":"AAIA;;;;;;GAMG;AACH,MAAM,UAAU,8BAA8B,CAAC,OAAmB,EAAE,SAAoB;IACtF,IAAG,SAAS,CAAC,iBAAiB,EAAE,EAAE,CAAC;QACjC,MAAM,EAAC,OAAO,EAAE,QAAQ,EAAC,GAAG,qBAAqB,CAAC,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC;QAChF,IAAG,CAAC,SAAS,CAAC,aAAa,EAAE,EAAE,CAAC;YAC9B,OAAO,EAAC,OAAO,EAAE,OAAO,EAAE,EAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAC,EAAC,CAAC;QACpD,CAAC;QACD,OAAO,EAAC,OAAO,EAAE,OAAO,EAAE,EAAC,OAAO,EAAE,QAAQ,EAAC,EAAC,CAAC;IACjD,CAAC;SAAM,IAAI,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;QAC5C,MAAM,EAAC,OAAO,EAAE,QAAQ,EAAC,GAAG,wBAAwB,CAAC,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC,CAAC;QACtF,IAAG,CAAC,SAAS,CAAC,gBAAgB,EAAE,EAAE,CAAC;YACjC,OAAO,EAAC,OAAO,EAAE,OAAO,EAAE,EAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAC,EAAC,CAAC;QACvD,CAAC;QACD,OAAO,EAAC,OAAO,EAAE,OAAO,EAAE,EAAC,UAAU,EAAE,QAAQ,EAAC,EAAC,CAAC;IACpD,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;AAClE,CAAC;AAED;;;;;GAKG;AACH,SAAS,oBAAoB,CAAC,MAAc;IAC1C,IAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IACD,MAAM,OAAO,GAAG,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,GAAG,CAAA;IAC5E,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;AACjC,CAAC;AAGD;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAmB,EAAE,OAAiB;IAC1E,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,0BAA0B,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;IACpF,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC1D,OAAO,EAAC,OAAO,EAAE,QAAQ,EAAC,CAAC;AAC7B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,wBAAwB,CAAC,OAAmB,EAAE,OAAiB;IAC7E,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;QACpC,MAAM,OAAO,GAAG,0BAA0B,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QAC3D,OAAO,CAAC,OAAO,GAAG,CAAC,OAAO,CAAC,OAAO,CAAA;QAClC,OAAO,OAAO,CAAA;IAChB,CAAC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5D,OAAO,EAAC,OAAO,EAAE,QAAQ,EAAC,CAAC;AAC7B,CAAC;AAED,SAAS,0BAA0B,CAAC,OAAmB,EAAE,MAAc;IACrE,IAAI,MAAM,CAAC,gBAAgB,EAAE,EAAE,CAAC;QAC9B,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE;YACtB,OAAO,EAAE,IAAI;SACd,CAAA;IACH,CAAC;SAAM,IAAG,MAAM,CAAC,eAAe,EAAE,EAAE,CAAC;QACnC,IAAG,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC;YAChD,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE;gBACtB,OAAO,EAAE,KAAK;aACf,CAAA;QACH,CAAC;QACD,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAC1D,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAA;QACzD,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE;YACtB,OAAO;SACR,CAAA;IACH,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;AACzC,CAAC"}
package/dist/esm/condition/BaseConditionOperator.d.ts CHANGED
@@ -1,8 +1,13 @@
1
+ import { ConditionValueExplain } from "../explain/statementExplain.js";
1
2
  import { AwsRequest } from "../request/request.js";
2
3
  export interface BaseConditionOperator {
3
4
  name: string;
4
- matches: (request: AwsRequest, keyValue: string, policyValues: string[]) => boolean;
5
+ matches: (request: AwsRequest, keyValue: string, policyValues: string[]) => {
6
+ matches: boolean;
7
+ explains: ConditionValueExplain[];
8
+ };
5
9
  allowsVariables: boolean;
6
10
  allowsWildcards: boolean;
11
+ isNegative: boolean;
7
12
  }
8
13
  //# sourceMappingURL=BaseConditionOperator.d.ts.map
package/dist/esm/condition/BaseConditionOperator.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"BaseConditionOperator.d.ts","sourceRoot":"","sources":["../../../src/condition/BaseConditionOperator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAEnD,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,CAAC,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK,OAAO,CAAA;IACnF,eAAe,EAAE,OAAO,CAAA;IACxB,eAAe,EAAE,OAAO,CAAA;CACzB"}
1
+ {"version":3,"file":"BaseConditionOperator.d.ts","sourceRoot":"","sources":["../../../src/condition/BaseConditionOperator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAEnD,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,CAAC,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,QAAQ,EAAE,qBAAqB,EAAE,CAAA;KAAE,CAAA;IACnI,eAAe,EAAE,OAAO,CAAA;IACxB,eAAe,EAAE,OAAO,CAAA;IACxB,UAAU,EAAE,OAAO,CAAA;CACpB"}
package/dist/esm/condition/arn/ArnEquals.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"ArnEquals.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/ArnEquals.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAGpE,eAAO,MAAM,SAAS,EAAE,qBAKvB,CAAA"}
1
+ {"version":3,"file":"ArnEquals.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/ArnEquals.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAGpE,eAAO,MAAM,SAAS,EAAE,qBAMvB,CAAA"}
package/dist/esm/condition/arn/ArnEquals.js CHANGED
@@ -3,6 +3,7 @@ export const ArnEquals = {
3
3
  name: 'ArnEquals',
4
4
  matches: ArnLike.matches,
5
5
  allowsVariables: ArnLike.allowsVariables,
6
- allowsWildcards: ArnLike.allowsWildcards
6
+ allowsWildcards: ArnLike.allowsWildcards,
7
+ isNegative: ArnLike.isNegative
7
8
  };
8
9
  //# sourceMappingURL=ArnEquals.js.map
package/dist/esm/condition/arn/ArnEquals.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"ArnEquals.js","sourceRoot":"","sources":["../../../../src/condition/arn/ArnEquals.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,MAAM,CAAC,MAAM,SAAS,GAA0B;IAC9C,IAAI,EAAE,WAAW;IACjB,OAAO,EAAE,OAAO,CAAC,OAAO;IACxB,eAAe,EAAE,OAAO,CAAC,eAAe;IACxC,eAAe,EAAE,OAAO,CAAC,eAAe;CACzC,CAAA"}
1
+ {"version":3,"file":"ArnEquals.js","sourceRoot":"","sources":["../../../../src/condition/arn/ArnEquals.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,MAAM,CAAC,MAAM,SAAS,GAA0B;IAC9C,IAAI,EAAE,WAAW;IACjB,OAAO,EAAE,OAAO,CAAC,OAAO;IACxB,eAAe,EAAE,OAAO,CAAC,eAAe;IACxC,eAAe,EAAE,OAAO,CAAC,eAAe;IACxC,UAAU,EAAE,OAAO,CAAC,UAAU;CAC/B,CAAA"}
package/dist/esm/condition/arn/ArnLike.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"ArnLike.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/ArnLike.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAEpE,eAAO,MAAM,OAAO,EAAE,qBAOrB,CAAA"}
1
+ {"version":3,"file":"ArnLike.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/ArnLike.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAGpE,eAAO,MAAM,OAAO,EAAE,qBAerB,CAAA"}
package/dist/esm/condition/arn/ArnLike.js CHANGED
@@ -1,47 +1,15 @@
1
- import { convertIamStringToRegex, isNotDefined, splitArnParts } from "../../util.js";
1
+ import { arnMatches } from "./arn.js";
2
2
  export const ArnLike = {
3
3
  name: 'ArnLike',
4
4
  matches: (request, keyValue, policyValues) => {
5
- return policyValues.some(policyArn => arnMatches(policyArn, keyValue, request));
5
+ const explains = policyValues.map(policyArn => arnMatches(policyArn, keyValue, request, true));
6
+ return {
7
+ matches: explains.some(explain => explain.matches),
8
+ explains
9
+ };
6
10
  },
7
11
  allowsVariables: true,
8
- allowsWildcards: true
12
+ allowsWildcards: true,
13
+ isNegative: false
9
14
  };
10
- /**
11
- * Checks to see if a single ARN matches in ArnLike format
12
- *
13
- * @param policyArn the ARN to check against
14
- * @param requestArn the ARN to check
15
- * @param request the request to check
16
- * @returns if the ARN matches
17
- */
18
- function arnMatches(policyArn, requestArn, request) {
19
- const policyParts = splitArnParts(policyArn);
20
- const requestParts = splitArnParts(requestArn);
21
- // If any of the parts are missing, return false
22
- if (isNotDefined(policyParts.partition) ||
23
- isNotDefined(policyParts.service) ||
24
- isNotDefined(policyParts.region) ||
25
- isNotDefined(policyParts.accountId) ||
26
- isNotDefined(policyParts.resource)) {
27
- return false;
28
- }
29
- // If any of the parts are missing, return false
30
- if (isNotDefined(requestParts.partition) ||
31
- isNotDefined(requestParts.service) ||
32
- isNotDefined(requestParts.region) ||
33
- isNotDefined(requestParts.accountId) ||
34
- isNotDefined(requestParts.resource)) {
35
- return false;
36
- }
37
- const replaceAndMatch = (policyPart, requestPart) => {
38
- const pattern = convertIamStringToRegex(policyPart, request, { replaceWildcards: true });
39
- return pattern.test(requestPart);
40
- };
41
- return replaceAndMatch(policyParts.partition, requestParts.partition) &&
42
- replaceAndMatch(policyParts.service, requestParts.service) &&
43
- replaceAndMatch(policyParts.region, requestParts.region) &&
44
- replaceAndMatch(policyParts.accountId, requestParts.accountId) &&
45
- replaceAndMatch(policyParts.resource, requestParts.resource);
46
- }
47
15
  //# sourceMappingURL=ArnLike.js.map
package/dist/esm/condition/arn/ArnLike.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"ArnLike.js","sourceRoot":"","sources":["../../../../src/condition/arn/ArnLike.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,uBAAuB,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAGrF,MAAM,CAAC,MAAM,OAAO,GAA0B;IAC5C,IAAI,EAAE,SAAS;IACf,OAAO,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,EAAE;QAC3C,OAAO,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAA;IACjF,CAAC;IACD,eAAe,EAAE,IAAI;IACrB,eAAe,EAAE,IAAI;CACtB,CAAA;AAED;;;;;;;GAOG;AACH,SAAS,UAAU,CAAC,SAAiB,EAAE,UAAkB,EAAE,OAAmB;IAC5E,MAAM,WAAW,GAAG,aAAa,CAAC,SAAS,CAAC,CAAA;IAC5C,MAAM,YAAY,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;IAC9C,gDAAgD;IAChD,IAAG,YAAY,CAAC,WAAW,CAAC,SAAS,CAAC;QACnC,YAAY,CAAC,WAAW,CAAC,OAAO,CAAC;QACjC,YAAY,CAAC,WAAW,CAAC,MAAM,CAAC;QAChC,YAAY,CAAC,WAAW,CAAC,SAAS,CAAC;QACnC,YAAY,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;QACtC,OAAO,KAAK,CAAA;IACd,CAAC;IAED,gDAAgD;IAChD,IAAG,YAAY,CAAC,YAAY,CAAC,SAAS,CAAC;QACpC,YAAY,CAAC,YAAY,CAAC,OAAO,CAAC;QAClC,YAAY,CAAC,YAAY,CAAC,MAAM,CAAC;QACjC,YAAY,CAAC,YAAY,CAAC,SAAS,CAAC;QACpC,YAAY,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvC,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,eAAe,GAAG,CAAC,UAAkB,EAAE,WAAmB,EAAW,EAAE;QAC3E,MAAM,OAAO,GAAG,uBAAuB,CAAC,UAAU,EAAE,OAAO,EAAE,EAAC,gBAAgB,EAAE,IAAI,EAAC,CAAC,CAAA;QACtF,OAAO,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;IAClC,CAAC,CAAA;IAED,OAAO,eAAe,CAAC,WAAW,CAAC,SAAS,EAAE,YAAY,CAAC,SAAS,CAAC;QAC9D,eAAe,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC;QAC1D,eAAe,CAAC,WAAW,CAAC,MAAM,EAAE,YAAY,CAAC,MAAM,CAAC;QACxD,eAAe,CAAC,WAAW,CAAC,SAAS,EAAE,YAAY,CAAC,SAAS,CAAC;QAC9D,eAAe,CAAC,WAAW,CAAC,QAAQ,EAAE,YAAY,CAAC,QAAQ,CAAC,CAAA;AAErE,CAAC"}
1
+ {"version":3,"file":"ArnLike.js","sourceRoot":"","sources":["../../../../src/condition/arn/ArnLike.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAEtC,MAAM,CAAC,MAAM,OAAO,GAA0B;IAC5C,IAAI,EAAE,SAAS;IACf,OAAO,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,EAAE;QAC3C,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAC/B,SAAS,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,CAC5D,CAAA;QAED,OAAO;YACL,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC;YAClD,QAAQ;SACT,CAAA;IACH,CAAC;IACD,eAAe,EAAE,IAAI;IACrB,eAAe,EAAE,IAAI;IACrB,UAAU,EAAE,KAAK;CAClB,CAAA"}
package/dist/esm/condition/arn/ArnNotEquals.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"ArnNotEquals.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/ArnNotEquals.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAGpE,eAAO,MAAM,YAAY,EAAE,qBAK1B,CAAA"}
1
+ {"version":3,"file":"ArnNotEquals.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/ArnNotEquals.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAGpE,eAAO,MAAM,YAAY,EAAE,qBAM1B,CAAA"}
package/dist/esm/condition/arn/ArnNotEquals.js CHANGED
@@ -3,6 +3,7 @@ export const ArnNotEquals = {
3
3
  name: 'ArnNotEquals',
4
4
  matches: ArnNotLike.matches,
5
5
  allowsVariables: ArnNotLike.allowsVariables,
6
- allowsWildcards: ArnNotLike.allowsWildcards
6
+ allowsWildcards: ArnNotLike.allowsWildcards,
7
+ isNegative: ArnNotLike.isNegative
7
8
  };
8
9
  //# sourceMappingURL=ArnNotEquals.js.map
package/dist/esm/condition/arn/ArnNotEquals.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"ArnNotEquals.js","sourceRoot":"","sources":["../../../../src/condition/arn/ArnNotEquals.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAE7C,MAAM,CAAC,MAAM,YAAY,GAA0B;IACjD,IAAI,EAAE,cAAc;IACpB,OAAO,EAAE,UAAU,CAAC,OAAO;IAC3B,eAAe,EAAE,UAAU,CAAC,eAAe;IAC3C,eAAe,EAAE,UAAU,CAAC,eAAe;CAC5C,CAAA"}
1
+ {"version":3,"file":"ArnNotEquals.js","sourceRoot":"","sources":["../../../../src/condition/arn/ArnNotEquals.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAE7C,MAAM,CAAC,MAAM,YAAY,GAA0B;IACjD,IAAI,EAAE,cAAc;IACpB,OAAO,EAAE,UAAU,CAAC,OAAO;IAC3B,eAAe,EAAE,UAAU,CAAC,eAAe;IAC3C,eAAe,EAAE,UAAU,CAAC,eAAe;IAC3C,UAAU,EAAE,UAAU,CAAC,UAAU;CAClC,CAAA"}
package/dist/esm/condition/arn/ArnNotLike.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"ArnNotLike.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/ArnNotLike.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAGpE,eAAO,MAAM,UAAU,EAAE,qBAOxB,CAAA"}
1
+ {"version":3,"file":"ArnNotLike.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/ArnNotLike.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAGpE,eAAO,MAAM,UAAU,EAAE,qBAexB,CAAA"}
package/dist/esm/condition/arn/ArnNotLike.js CHANGED
@@ -1,10 +1,15 @@
1
- import { ArnLike } from "./ArnLike.js";
1
+ import { arnMatches } from "./arn.js";
2
2
  export const ArnNotLike = {
3
3
  name: 'ArnNotLike',
4
4
  matches: (request, keyValue, policyValues) => {
5
- return !ArnLike.matches(request, keyValue, policyValues);
5
+ const explains = policyValues.map(policyArn => arnMatches(policyArn, keyValue, request, false));
6
+ return {
7
+ matches: !explains.some(explain => !explain.matches),
8
+ explains
9
+ };
6
10
  },
7
11
  allowsVariables: true,
8
- allowsWildcards: true
12
+ allowsWildcards: true,
13
+ isNegative: true
9
14
  };
10
15
  //# sourceMappingURL=ArnNotLike.js.map