@cloud-copilot/iam-simulate 0.1.19 → 0.1.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/StatementAnalysis.d.ts +4 -4
- package/dist/cjs/StatementAnalysis.d.ts.map +1 -1
- package/dist/cjs/StatementAnalysis.js +2 -2
- package/dist/cjs/StatementAnalysis.js.map +1 -1
- package/dist/cjs/action/action.d.ts +3 -3
- package/dist/cjs/action/action.d.ts.map +1 -1
- package/dist/cjs/action/action.js +7 -7
- package/dist/cjs/action/action.js.map +1 -1
- package/dist/cjs/condition/BaseConditionOperator.d.ts +2 -2
- package/dist/cjs/condition/BaseConditionOperator.d.ts.map +1 -1
- package/dist/cjs/condition/arn/ArnEquals.d.ts +1 -1
- package/dist/cjs/condition/arn/ArnEquals.d.ts.map +1 -1
- package/dist/cjs/condition/arn/ArnEquals.js.map +1 -1
- package/dist/cjs/condition/arn/ArnLike.d.ts +1 -1
- package/dist/cjs/condition/arn/ArnLike.d.ts.map +1 -1
- package/dist/cjs/condition/arn/ArnLike.js +2 -2
- package/dist/cjs/condition/arn/ArnLike.js.map +1 -1
- package/dist/cjs/condition/arn/ArnNotEquals.d.ts +1 -1
- package/dist/cjs/condition/arn/ArnNotEquals.d.ts.map +1 -1
- package/dist/cjs/condition/arn/ArnNotEquals.js.map +1 -1
- package/dist/cjs/condition/arn/ArnNotLike.d.ts +1 -1
- package/dist/cjs/condition/arn/ArnNotLike.d.ts.map +1 -1
- package/dist/cjs/condition/arn/ArnNotLike.js +2 -2
- package/dist/cjs/condition/arn/ArnNotLike.js.map +1 -1
- package/dist/cjs/condition/arn/arn.d.ts +2 -2
- package/dist/cjs/condition/arn/arn.d.ts.map +1 -1
- package/dist/cjs/condition/arn/arn.js +3 -1
- package/dist/cjs/condition/arn/arn.js.map +1 -1
- package/dist/cjs/condition/baseConditionperatorTests.d.ts +1 -1
- package/dist/cjs/condition/baseConditionperatorTests.d.ts.map +1 -1
- package/dist/cjs/condition/baseConditionperatorTests.js +2 -2
- package/dist/cjs/condition/baseConditionperatorTests.js.map +1 -1
- package/dist/cjs/condition/binary/BinaryEquals.d.ts +1 -1
- package/dist/cjs/condition/binary/BinaryEquals.d.ts.map +1 -1
- package/dist/cjs/condition/binary/BinaryEquals.js +1 -1
- package/dist/cjs/condition/binary/BinaryEquals.js.map +1 -1
- package/dist/cjs/condition/boolean/Bool.d.ts +1 -1
- package/dist/cjs/condition/boolean/Bool.d.ts.map +1 -1
- package/dist/cjs/condition/boolean/Bool.js +10 -5
- package/dist/cjs/condition/boolean/Bool.js.map +1 -1
- package/dist/cjs/condition/condition.d.ts.map +1 -1
- package/dist/cjs/condition/condition.js +48 -24
- package/dist/cjs/condition/condition.js.map +1 -1
- package/dist/cjs/condition/conditionUtil.d.ts +1 -1
- package/dist/cjs/condition/conditionUtil.d.ts.map +1 -1
- package/dist/cjs/condition/conditionUtil.js +4 -1
- package/dist/cjs/condition/conditionUtil.js.map +1 -1
- package/dist/cjs/condition/date/DateEquals.d.ts +1 -1
- package/dist/cjs/condition/date/DateEquals.d.ts.map +1 -1
- package/dist/cjs/condition/date/DateEquals.js +2 -2
- package/dist/cjs/condition/date/DateEquals.js.map +1 -1
- package/dist/cjs/condition/date/DateGreaterThan.d.ts +1 -1
- package/dist/cjs/condition/date/DateGreaterThan.d.ts.map +1 -1
- package/dist/cjs/condition/date/DateGreaterThan.js +2 -2
- package/dist/cjs/condition/date/DateGreaterThan.js.map +1 -1
- package/dist/cjs/condition/date/DateGreaterThanEquals.d.ts +1 -1
- package/dist/cjs/condition/date/DateGreaterThanEquals.d.ts.map +1 -1
- package/dist/cjs/condition/date/DateGreaterThanEquals.js +2 -2
- package/dist/cjs/condition/date/DateGreaterThanEquals.js.map +1 -1
- package/dist/cjs/condition/date/DateLessThan.d.ts +1 -1
- package/dist/cjs/condition/date/DateLessThan.d.ts.map +1 -1
- package/dist/cjs/condition/date/DateLessThan.js +2 -2
- package/dist/cjs/condition/date/DateLessThan.js.map +1 -1
- package/dist/cjs/condition/date/DateLessThanEquals.d.ts +1 -1
- package/dist/cjs/condition/date/DateLessThanEquals.d.ts.map +1 -1
- package/dist/cjs/condition/date/DateLessThanEquals.js +2 -2
- package/dist/cjs/condition/date/DateLessThanEquals.js.map +1 -1
- package/dist/cjs/condition/date/DateNotEquals.d.ts +1 -1
- package/dist/cjs/condition/date/DateNotEquals.d.ts.map +1 -1
- package/dist/cjs/condition/date/DateNotEquals.js +2 -2
- package/dist/cjs/condition/date/DateNotEquals.js.map +1 -1
- package/dist/cjs/condition/date/date.d.ts +1 -1
- package/dist/cjs/condition/date/date.d.ts.map +1 -1
- package/dist/cjs/condition/date/date.js +1 -1
- package/dist/cjs/condition/date/date.js.map +1 -1
- package/dist/cjs/condition/ipaddress/IpAddress.d.ts +1 -1
- package/dist/cjs/condition/ipaddress/IpAddress.d.ts.map +1 -1
- package/dist/cjs/condition/ipaddress/IpAddress.js +2 -2
- package/dist/cjs/condition/ipaddress/IpAddress.js.map +1 -1
- package/dist/cjs/condition/ipaddress/NotIpAddress.d.ts +1 -1
- package/dist/cjs/condition/ipaddress/NotIpAddress.d.ts.map +1 -1
- package/dist/cjs/condition/ipaddress/NotIpAddress.js +2 -2
- package/dist/cjs/condition/ipaddress/NotIpAddress.js.map +1 -1
- package/dist/cjs/condition/ipaddress/ip.d.ts +1 -1
- package/dist/cjs/condition/ipaddress/ip.d.ts.map +1 -1
- package/dist/cjs/condition/ipaddress/ip.js +1 -1
- package/dist/cjs/condition/ipaddress/ip.js.map +1 -1
- package/dist/cjs/condition/ipaddress/ipv4.d.ts.map +1 -1
- package/dist/cjs/condition/ipaddress/ipv4.js +2 -2
- package/dist/cjs/condition/ipaddress/ipv4.js.map +1 -1
- package/dist/cjs/condition/ipaddress/ipv6.js +1 -1
- package/dist/cjs/condition/ipaddress/ipv6.js.map +1 -1
- package/dist/cjs/condition/numeric/NumericEquals.d.ts +1 -1
- package/dist/cjs/condition/numeric/NumericEquals.d.ts.map +1 -1
- package/dist/cjs/condition/numeric/NumericEquals.js +2 -2
- package/dist/cjs/condition/numeric/NumericEquals.js.map +1 -1
- package/dist/cjs/condition/numeric/NumericGreaterThan.d.ts +1 -1
- package/dist/cjs/condition/numeric/NumericGreaterThan.d.ts.map +1 -1
- package/dist/cjs/condition/numeric/NumericGreaterThan.js +2 -2
- package/dist/cjs/condition/numeric/NumericGreaterThan.js.map +1 -1
- package/dist/cjs/condition/numeric/NumericGreaterThanEquals.d.ts +1 -1
- package/dist/cjs/condition/numeric/NumericGreaterThanEquals.d.ts.map +1 -1
- package/dist/cjs/condition/numeric/NumericGreaterThanEquals.js +2 -2
- package/dist/cjs/condition/numeric/NumericGreaterThanEquals.js.map +1 -1
- package/dist/cjs/condition/numeric/NumericLessThan.d.ts +1 -1
- package/dist/cjs/condition/numeric/NumericLessThan.d.ts.map +1 -1
- package/dist/cjs/condition/numeric/NumericLessThan.js +2 -2
- package/dist/cjs/condition/numeric/NumericLessThan.js.map +1 -1
- package/dist/cjs/condition/numeric/NumericLessThanEquals.d.ts +1 -1
- package/dist/cjs/condition/numeric/NumericLessThanEquals.d.ts.map +1 -1
- package/dist/cjs/condition/numeric/NumericLessThanEquals.js +2 -2
- package/dist/cjs/condition/numeric/NumericLessThanEquals.js.map +1 -1
- package/dist/cjs/condition/numeric/NumericNotEquals.d.ts +1 -1
- package/dist/cjs/condition/numeric/NumericNotEquals.d.ts.map +1 -1
- package/dist/cjs/condition/numeric/NumericNotEquals.js +2 -2
- package/dist/cjs/condition/numeric/NumericNotEquals.js.map +1 -1
- package/dist/cjs/condition/numeric/numeric.d.ts +1 -1
- package/dist/cjs/condition/numeric/numeric.d.ts.map +1 -1
- package/dist/cjs/condition/numeric/numeric.js +1 -1
- package/dist/cjs/condition/numeric/numeric.js.map +1 -1
- package/dist/cjs/condition/string/StringEquals.d.ts +1 -1
- package/dist/cjs/condition/string/StringEquals.d.ts.map +1 -1
- package/dist/cjs/condition/string/StringEquals.js +2 -2
- package/dist/cjs/condition/string/StringEquals.js.map +1 -1
- package/dist/cjs/condition/string/StringEqualsIgnoreCase.d.ts +1 -1
- package/dist/cjs/condition/string/StringEqualsIgnoreCase.d.ts.map +1 -1
- package/dist/cjs/condition/string/StringEqualsIgnoreCase.js +2 -2
- package/dist/cjs/condition/string/StringEqualsIgnoreCase.js.map +1 -1
- package/dist/cjs/condition/string/StringLike.d.ts +1 -1
- package/dist/cjs/condition/string/StringLike.d.ts.map +1 -1
- package/dist/cjs/condition/string/StringLike.js +2 -2
- package/dist/cjs/condition/string/StringLike.js.map +1 -1
- package/dist/cjs/condition/string/StringNotEquals.d.ts +1 -1
- package/dist/cjs/condition/string/StringNotEquals.d.ts.map +1 -1
- package/dist/cjs/condition/string/StringNotEquals.js +2 -2
- package/dist/cjs/condition/string/StringNotEquals.js.map +1 -1
- package/dist/cjs/condition/string/StringNotEqualsIgnoreCase.d.ts +1 -1
- package/dist/cjs/condition/string/StringNotEqualsIgnoreCase.d.ts.map +1 -1
- package/dist/cjs/condition/string/StringNotEqualsIgnoreCase.js +2 -2
- package/dist/cjs/condition/string/StringNotEqualsIgnoreCase.js.map +1 -1
- package/dist/cjs/condition/string/StringNotLike.d.ts +1 -1
- package/dist/cjs/condition/string/StringNotLike.d.ts.map +1 -1
- package/dist/cjs/condition/string/StringNotLike.js +2 -2
- package/dist/cjs/condition/string/StringNotLike.js.map +1 -1
- package/dist/cjs/context_keys/contextKeyTypes.d.ts.map +1 -1
- package/dist/cjs/context_keys/contextKeyTypes.js.map +1 -1
- package/dist/cjs/context_keys/contextKeys.d.ts +1 -1
- package/dist/cjs/context_keys/contextKeys.d.ts.map +1 -1
- package/dist/cjs/context_keys/contextKeys.js +12 -8
- package/dist/cjs/context_keys/contextKeys.js.map +1 -1
- package/dist/cjs/context_keys/findContextKeys.d.ts +1 -1
- package/dist/cjs/context_keys/findContextKeys.d.ts.map +1 -1
- package/dist/cjs/context_keys/findContextKeys.js +3 -3
- package/dist/cjs/context_keys/findContextKeys.js.map +1 -1
- package/dist/cjs/core_engine/coreSimulatorEngine.d.ts +4 -4
- package/dist/cjs/core_engine/coreSimulatorEngine.d.ts.map +1 -1
- package/dist/cjs/core_engine/coreSimulatorEngine.js +34 -15
- package/dist/cjs/core_engine/coreSimulatorEngine.js.map +1 -1
- package/dist/cjs/evaluate.d.ts +1 -1
- package/dist/cjs/evaluate.d.ts.map +1 -1
- package/dist/cjs/explain/displayExplainCli.d.ts +1 -1
- package/dist/cjs/explain/displayExplainCli.d.ts.map +1 -1
- package/dist/cjs/explain/displayExplainCli.js +11 -10
- package/dist/cjs/explain/displayExplainCli.js.map +1 -1
- package/dist/cjs/explain/statementExplain.d.ts.map +1 -1
- package/dist/cjs/explain/statementExplain.js.map +1 -1
- package/dist/cjs/global_conditions/globalConditionKeys.d.ts +1 -1
- package/dist/cjs/global_conditions/globalConditionKeys.d.ts.map +1 -1
- package/dist/cjs/global_conditions/globalConditionKeys.js +159 -159
- package/dist/cjs/global_conditions/globalConditionKeys.js.map +1 -1
- package/dist/cjs/index.d.ts.map +1 -1
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/principal/principal.d.ts +3 -3
- package/dist/cjs/principal/principal.d.ts.map +1 -1
- package/dist/cjs/principal/principal.js +23 -20
- package/dist/cjs/principal/principal.js.map +1 -1
- package/dist/cjs/request/request.d.ts +4 -4
- package/dist/cjs/request/request.d.ts.map +1 -1
- package/dist/cjs/request/request.js.map +1 -1
- package/dist/cjs/request/requestPrincipal.d.ts.map +1 -1
- package/dist/cjs/request/requestPrincipal.js +1 -1
- package/dist/cjs/request/requestPrincipal.js.map +1 -1
- package/dist/cjs/request/requestResource.d.ts.map +1 -1
- package/dist/cjs/request/requestResource.js +5 -5
- package/dist/cjs/request/requestResource.js.map +1 -1
- package/dist/cjs/requestContext.d.ts.map +1 -1
- package/dist/cjs/requestContext.js.map +1 -1
- package/dist/cjs/resource/resource.d.ts +3 -3
- package/dist/cjs/resource/resource.d.ts.map +1 -1
- package/dist/cjs/resource/resource.js +22 -18
- package/dist/cjs/resource/resource.js.map +1 -1
- package/dist/cjs/services/DefaultServiceAuthorizer.d.ts +2 -2
- package/dist/cjs/services/DefaultServiceAuthorizer.d.ts.map +1 -1
- package/dist/cjs/services/DefaultServiceAuthorizer.js +7 -3
- package/dist/cjs/services/DefaultServiceAuthorizer.js.map +1 -1
- package/dist/cjs/services/ServiceAuthorizer.d.ts +2 -2
- package/dist/cjs/services/ServiceAuthorizer.d.ts.map +1 -1
- package/dist/cjs/simulation_engine/contextKeys.d.ts.map +1 -1
- package/dist/cjs/simulation_engine/contextKeys.js +2 -5
- package/dist/cjs/simulation_engine/contextKeys.js.map +1 -1
- package/dist/cjs/simulation_engine/simulation.d.ts.map +1 -1
- package/dist/cjs/simulation_engine/simulationEngine.d.ts +18 -5
- package/dist/cjs/simulation_engine/simulationEngine.d.ts.map +1 -1
- package/dist/cjs/simulation_engine/simulationEngine.js +40 -17
- package/dist/cjs/simulation_engine/simulationEngine.js.map +1 -1
- package/dist/cjs/simulation_engine/unsafeSimulationEngine.d.ts +3 -3
- package/dist/cjs/simulation_engine/unsafeSimulationEngine.d.ts.map +1 -1
- package/dist/cjs/simulation_engine/unsafeSimulationEngine.js +4 -4
- package/dist/cjs/simulation_engine/unsafeSimulationEngine.js.map +1 -1
- package/dist/cjs/util.d.ts +6 -6
- package/dist/cjs/util.d.ts.map +1 -1
- package/dist/cjs/util.js +28 -28
- package/dist/cjs/util.js.map +1 -1
- package/dist/esm/StatementAnalysis.d.ts +4 -4
- package/dist/esm/StatementAnalysis.d.ts.map +1 -1
- package/dist/esm/StatementAnalysis.js +2 -2
- package/dist/esm/StatementAnalysis.js.map +1 -1
- package/dist/esm/action/action.d.ts +3 -3
- package/dist/esm/action/action.d.ts.map +1 -1
- package/dist/esm/action/action.js +7 -7
- package/dist/esm/action/action.js.map +1 -1
- package/dist/esm/condition/BaseConditionOperator.d.ts +2 -2
- package/dist/esm/condition/BaseConditionOperator.d.ts.map +1 -1
- package/dist/esm/condition/arn/ArnEquals.d.ts +1 -1
- package/dist/esm/condition/arn/ArnEquals.d.ts.map +1 -1
- package/dist/esm/condition/arn/ArnEquals.js +1 -1
- package/dist/esm/condition/arn/ArnEquals.js.map +1 -1
- package/dist/esm/condition/arn/ArnLike.d.ts +1 -1
- package/dist/esm/condition/arn/ArnLike.d.ts.map +1 -1
- package/dist/esm/condition/arn/ArnLike.js +3 -3
- package/dist/esm/condition/arn/ArnLike.js.map +1 -1
- package/dist/esm/condition/arn/ArnNotEquals.d.ts +1 -1
- package/dist/esm/condition/arn/ArnNotEquals.d.ts.map +1 -1
- package/dist/esm/condition/arn/ArnNotEquals.js +1 -1
- package/dist/esm/condition/arn/ArnNotEquals.js.map +1 -1
- package/dist/esm/condition/arn/ArnNotLike.d.ts +1 -1
- package/dist/esm/condition/arn/ArnNotLike.d.ts.map +1 -1
- package/dist/esm/condition/arn/ArnNotLike.js +3 -3
- package/dist/esm/condition/arn/ArnNotLike.js.map +1 -1
- package/dist/esm/condition/arn/arn.d.ts +2 -2
- package/dist/esm/condition/arn/arn.d.ts.map +1 -1
- package/dist/esm/condition/arn/arn.js +4 -2
- package/dist/esm/condition/arn/arn.js.map +1 -1
- package/dist/esm/condition/baseConditionperatorTests.d.ts +1 -1
- package/dist/esm/condition/baseConditionperatorTests.d.ts.map +1 -1
- package/dist/esm/condition/baseConditionperatorTests.js +5 -5
- package/dist/esm/condition/baseConditionperatorTests.js.map +1 -1
- package/dist/esm/condition/binary/BinaryEquals.d.ts +1 -1
- package/dist/esm/condition/binary/BinaryEquals.d.ts.map +1 -1
- package/dist/esm/condition/binary/BinaryEquals.js +2 -2
- package/dist/esm/condition/binary/BinaryEquals.js.map +1 -1
- package/dist/esm/condition/boolean/Bool.d.ts +1 -1
- package/dist/esm/condition/boolean/Bool.d.ts.map +1 -1
- package/dist/esm/condition/boolean/Bool.js +11 -6
- package/dist/esm/condition/boolean/Bool.js.map +1 -1
- package/dist/esm/condition/condition.d.ts.map +1 -1
- package/dist/esm/condition/condition.js +48 -24
- package/dist/esm/condition/condition.js.map +1 -1
- package/dist/esm/condition/conditionUtil.d.ts +1 -1
- package/dist/esm/condition/conditionUtil.d.ts.map +1 -1
- package/dist/esm/condition/conditionUtil.js +5 -2
- package/dist/esm/condition/conditionUtil.js.map +1 -1
- package/dist/esm/condition/date/DateEquals.d.ts +1 -1
- package/dist/esm/condition/date/DateEquals.d.ts.map +1 -1
- package/dist/esm/condition/date/DateEquals.js +3 -3
- package/dist/esm/condition/date/DateEquals.js.map +1 -1
- package/dist/esm/condition/date/DateGreaterThan.d.ts +1 -1
- package/dist/esm/condition/date/DateGreaterThan.d.ts.map +1 -1
- package/dist/esm/condition/date/DateGreaterThan.js +3 -3
- package/dist/esm/condition/date/DateGreaterThan.js.map +1 -1
- package/dist/esm/condition/date/DateGreaterThanEquals.d.ts +1 -1
- package/dist/esm/condition/date/DateGreaterThanEquals.d.ts.map +1 -1
- package/dist/esm/condition/date/DateGreaterThanEquals.js +3 -3
- package/dist/esm/condition/date/DateGreaterThanEquals.js.map +1 -1
- package/dist/esm/condition/date/DateLessThan.d.ts +1 -1
- package/dist/esm/condition/date/DateLessThan.d.ts.map +1 -1
- package/dist/esm/condition/date/DateLessThan.js +3 -3
- package/dist/esm/condition/date/DateLessThan.js.map +1 -1
- package/dist/esm/condition/date/DateLessThanEquals.d.ts +1 -1
- package/dist/esm/condition/date/DateLessThanEquals.d.ts.map +1 -1
- package/dist/esm/condition/date/DateLessThanEquals.js +3 -3
- package/dist/esm/condition/date/DateLessThanEquals.js.map +1 -1
- package/dist/esm/condition/date/DateNotEquals.d.ts +1 -1
- package/dist/esm/condition/date/DateNotEquals.d.ts.map +1 -1
- package/dist/esm/condition/date/DateNotEquals.js +3 -3
- package/dist/esm/condition/date/DateNotEquals.js.map +1 -1
- package/dist/esm/condition/date/date.d.ts +1 -1
- package/dist/esm/condition/date/date.d.ts.map +1 -1
- package/dist/esm/condition/date/date.js +2 -2
- package/dist/esm/condition/date/date.js.map +1 -1
- package/dist/esm/condition/ipaddress/IpAddress.d.ts +1 -1
- package/dist/esm/condition/ipaddress/IpAddress.d.ts.map +1 -1
- package/dist/esm/condition/ipaddress/IpAddress.js +3 -3
- package/dist/esm/condition/ipaddress/IpAddress.js.map +1 -1
- package/dist/esm/condition/ipaddress/NotIpAddress.d.ts +1 -1
- package/dist/esm/condition/ipaddress/NotIpAddress.d.ts.map +1 -1
- package/dist/esm/condition/ipaddress/NotIpAddress.js +3 -3
- package/dist/esm/condition/ipaddress/NotIpAddress.js.map +1 -1
- package/dist/esm/condition/ipaddress/ip.d.ts +1 -1
- package/dist/esm/condition/ipaddress/ip.d.ts.map +1 -1
- package/dist/esm/condition/ipaddress/ip.js +3 -3
- package/dist/esm/condition/ipaddress/ip.js.map +1 -1
- package/dist/esm/condition/ipaddress/ipv4.d.ts.map +1 -1
- package/dist/esm/condition/ipaddress/ipv4.js +2 -2
- package/dist/esm/condition/ipaddress/ipv4.js.map +1 -1
- package/dist/esm/condition/ipaddress/ipv6.js +1 -1
- package/dist/esm/condition/ipaddress/ipv6.js.map +1 -1
- package/dist/esm/condition/numeric/NumericEquals.d.ts +1 -1
- package/dist/esm/condition/numeric/NumericEquals.d.ts.map +1 -1
- package/dist/esm/condition/numeric/NumericEquals.js +3 -3
- package/dist/esm/condition/numeric/NumericEquals.js.map +1 -1
- package/dist/esm/condition/numeric/NumericGreaterThan.d.ts +1 -1
- package/dist/esm/condition/numeric/NumericGreaterThan.d.ts.map +1 -1
- package/dist/esm/condition/numeric/NumericGreaterThan.js +3 -3
- package/dist/esm/condition/numeric/NumericGreaterThan.js.map +1 -1
- package/dist/esm/condition/numeric/NumericGreaterThanEquals.d.ts +1 -1
- package/dist/esm/condition/numeric/NumericGreaterThanEquals.d.ts.map +1 -1
- package/dist/esm/condition/numeric/NumericGreaterThanEquals.js +3 -3
- package/dist/esm/condition/numeric/NumericGreaterThanEquals.js.map +1 -1
- package/dist/esm/condition/numeric/NumericLessThan.d.ts +1 -1
- package/dist/esm/condition/numeric/NumericLessThan.d.ts.map +1 -1
- package/dist/esm/condition/numeric/NumericLessThan.js +3 -3
- package/dist/esm/condition/numeric/NumericLessThan.js.map +1 -1
- package/dist/esm/condition/numeric/NumericLessThanEquals.d.ts +1 -1
- package/dist/esm/condition/numeric/NumericLessThanEquals.d.ts.map +1 -1
- package/dist/esm/condition/numeric/NumericLessThanEquals.js +3 -3
- package/dist/esm/condition/numeric/NumericLessThanEquals.js.map +1 -1
- package/dist/esm/condition/numeric/NumericNotEquals.d.ts +1 -1
- package/dist/esm/condition/numeric/NumericNotEquals.d.ts.map +1 -1
- package/dist/esm/condition/numeric/NumericNotEquals.js +3 -3
- package/dist/esm/condition/numeric/NumericNotEquals.js.map +1 -1
- package/dist/esm/condition/numeric/numeric.d.ts +1 -1
- package/dist/esm/condition/numeric/numeric.d.ts.map +1 -1
- package/dist/esm/condition/numeric/numeric.js +2 -2
- package/dist/esm/condition/numeric/numeric.js.map +1 -1
- package/dist/esm/condition/string/StringEquals.d.ts +1 -1
- package/dist/esm/condition/string/StringEquals.d.ts.map +1 -1
- package/dist/esm/condition/string/StringEquals.js +4 -4
- package/dist/esm/condition/string/StringEquals.js.map +1 -1
- package/dist/esm/condition/string/StringEqualsIgnoreCase.d.ts +1 -1
- package/dist/esm/condition/string/StringEqualsIgnoreCase.d.ts.map +1 -1
- package/dist/esm/condition/string/StringEqualsIgnoreCase.js +4 -4
- package/dist/esm/condition/string/StringEqualsIgnoreCase.js.map +1 -1
- package/dist/esm/condition/string/StringLike.d.ts +1 -1
- package/dist/esm/condition/string/StringLike.d.ts.map +1 -1
- package/dist/esm/condition/string/StringLike.js +4 -4
- package/dist/esm/condition/string/StringLike.js.map +1 -1
- package/dist/esm/condition/string/StringNotEquals.d.ts +1 -1
- package/dist/esm/condition/string/StringNotEquals.d.ts.map +1 -1
- package/dist/esm/condition/string/StringNotEquals.js +4 -4
- package/dist/esm/condition/string/StringNotEquals.js.map +1 -1
- package/dist/esm/condition/string/StringNotEqualsIgnoreCase.d.ts +1 -1
- package/dist/esm/condition/string/StringNotEqualsIgnoreCase.d.ts.map +1 -1
- package/dist/esm/condition/string/StringNotEqualsIgnoreCase.js +4 -4
- package/dist/esm/condition/string/StringNotEqualsIgnoreCase.js.map +1 -1
- package/dist/esm/condition/string/StringNotLike.d.ts +1 -1
- package/dist/esm/condition/string/StringNotLike.d.ts.map +1 -1
- package/dist/esm/condition/string/StringNotLike.js +4 -4
- package/dist/esm/condition/string/StringNotLike.js.map +1 -1
- package/dist/esm/context_keys/contextKeyTypes.d.ts.map +1 -1
- package/dist/esm/context_keys/contextKeyTypes.js.map +1 -1
- package/dist/esm/context_keys/contextKeys.d.ts +1 -1
- package/dist/esm/context_keys/contextKeys.d.ts.map +1 -1
- package/dist/esm/context_keys/contextKeys.js +14 -10
- package/dist/esm/context_keys/contextKeys.js.map +1 -1
- package/dist/esm/context_keys/findContextKeys.d.ts +1 -1
- package/dist/esm/context_keys/findContextKeys.d.ts.map +1 -1
- package/dist/esm/context_keys/findContextKeys.js +5 -5
- package/dist/esm/context_keys/findContextKeys.js.map +1 -1
- package/dist/esm/core_engine/coreSimulatorEngine.d.ts +4 -4
- package/dist/esm/core_engine/coreSimulatorEngine.d.ts.map +1 -1
- package/dist/esm/core_engine/coreSimulatorEngine.js +40 -21
- package/dist/esm/core_engine/coreSimulatorEngine.js.map +1 -1
- package/dist/esm/evaluate.d.ts +1 -1
- package/dist/esm/evaluate.d.ts.map +1 -1
- package/dist/esm/explain/displayExplainCli.d.ts +1 -1
- package/dist/esm/explain/displayExplainCli.d.ts.map +1 -1
- package/dist/esm/explain/displayExplainCli.js +11 -10
- package/dist/esm/explain/displayExplainCli.js.map +1 -1
- package/dist/esm/explain/statementExplain.d.ts.map +1 -1
- package/dist/esm/explain/statementExplain.js.map +1 -1
- package/dist/esm/global_conditions/globalConditionKeys.d.ts +1 -1
- package/dist/esm/global_conditions/globalConditionKeys.d.ts.map +1 -1
- package/dist/esm/global_conditions/globalConditionKeys.js +159 -159
- package/dist/esm/global_conditions/globalConditionKeys.js.map +1 -1
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/principal/principal.d.ts +3 -3
- package/dist/esm/principal/principal.d.ts.map +1 -1
- package/dist/esm/principal/principal.js +24 -21
- package/dist/esm/principal/principal.js.map +1 -1
- package/dist/esm/request/request.d.ts +4 -4
- package/dist/esm/request/request.d.ts.map +1 -1
- package/dist/esm/request/request.js +3 -3
- package/dist/esm/request/request.js.map +1 -1
- package/dist/esm/request/requestPrincipal.d.ts.map +1 -1
- package/dist/esm/request/requestPrincipal.js +1 -1
- package/dist/esm/request/requestPrincipal.js.map +1 -1
- package/dist/esm/request/requestResource.d.ts.map +1 -1
- package/dist/esm/request/requestResource.js +5 -5
- package/dist/esm/request/requestResource.js.map +1 -1
- package/dist/esm/requestContext.d.ts.map +1 -1
- package/dist/esm/requestContext.js.map +1 -1
- package/dist/esm/resource/resource.d.ts +3 -3
- package/dist/esm/resource/resource.d.ts.map +1 -1
- package/dist/esm/resource/resource.js +23 -19
- package/dist/esm/resource/resource.js.map +1 -1
- package/dist/esm/services/DefaultServiceAuthorizer.d.ts +2 -2
- package/dist/esm/services/DefaultServiceAuthorizer.d.ts.map +1 -1
- package/dist/esm/services/DefaultServiceAuthorizer.js +8 -4
- package/dist/esm/services/DefaultServiceAuthorizer.js.map +1 -1
- package/dist/esm/services/ServiceAuthorizer.d.ts +2 -2
- package/dist/esm/services/ServiceAuthorizer.d.ts.map +1 -1
- package/dist/esm/simulation_engine/contextKeys.d.ts.map +1 -1
- package/dist/esm/simulation_engine/contextKeys.js +5 -8
- package/dist/esm/simulation_engine/contextKeys.js.map +1 -1
- package/dist/esm/simulation_engine/simulation.d.ts.map +1 -1
- package/dist/esm/simulation_engine/simulationEngine.d.ts +18 -5
- package/dist/esm/simulation_engine/simulationEngine.d.ts.map +1 -1
- package/dist/esm/simulation_engine/simulationEngine.js +49 -26
- package/dist/esm/simulation_engine/simulationEngine.js.map +1 -1
- package/dist/esm/simulation_engine/unsafeSimulationEngine.d.ts +3 -3
- package/dist/esm/simulation_engine/unsafeSimulationEngine.d.ts.map +1 -1
- package/dist/esm/simulation_engine/unsafeSimulationEngine.js +8 -8
- package/dist/esm/simulation_engine/unsafeSimulationEngine.js.map +1 -1
- package/dist/esm/util.d.ts +6 -6
- package/dist/esm/util.d.ts.map +1 -1
- package/dist/esm/util.js +28 -28
- package/dist/esm/util.js.map +1 -1
- package/package.json +7 -3
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import { ValidationError } from
|
|
2
|
-
import { RequestAnalysis } from
|
|
3
|
-
import { Simulation } from
|
|
4
|
-
import { SimulationOptions } from
|
|
1
|
+
import { ValidationError } from '@cloud-copilot/iam-policy';
|
|
2
|
+
import { RequestAnalysis } from '../evaluate.js';
|
|
3
|
+
import { Simulation } from './simulation.js';
|
|
4
|
+
import { SimulationOptions } from './simulationOptions.js';
|
|
5
5
|
export interface SimulationErrors {
|
|
6
6
|
identityPolicyErrors?: Record<string, ValidationError[]>;
|
|
7
7
|
seviceControlPolicyErrors?: Record<string, ValidationError[]>;
|
|
@@ -11,6 +11,16 @@ export interface SimulationErrors {
|
|
|
11
11
|
export interface SimulationResult {
|
|
12
12
|
errors?: SimulationErrors;
|
|
13
13
|
analysis?: RequestAnalysis;
|
|
14
|
+
/**
|
|
15
|
+
* Any context keys provided in the request that were filtered out before
|
|
16
|
+
* policy evaluation because they do not apply to the action/resource type.
|
|
17
|
+
*
|
|
18
|
+
* This will only be present if the request passes validation to reach the
|
|
19
|
+
* policy evaluation stage.
|
|
20
|
+
*
|
|
21
|
+
* If no context keys were ignored, this will be present and an empty array.
|
|
22
|
+
*/
|
|
23
|
+
ignoredContextKeys?: string[];
|
|
14
24
|
}
|
|
15
25
|
/**
|
|
16
26
|
* Run a simulation with validation
|
|
@@ -20,5 +30,8 @@ export interface SimulationResult {
|
|
|
20
30
|
* @returns
|
|
21
31
|
*/
|
|
22
32
|
export declare function runSimulation(simulation: Simulation, simulationOptions: Partial<SimulationOptions>): Promise<SimulationResult>;
|
|
23
|
-
export declare function normalizeSimulationParameters(simulation: Simulation): Promise<
|
|
33
|
+
export declare function normalizeSimulationParameters(simulation: Simulation): Promise<{
|
|
34
|
+
validContextValues: Record<string, string | string[]>;
|
|
35
|
+
ignoredContextKeys: string[];
|
|
36
|
+
}>;
|
|
24
37
|
//# sourceMappingURL=simulationEngine.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"simulationEngine.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":"AACA,OAAO,
|
|
1
|
+
{"version":3,"file":"simulationEngine.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":"AACA,OAAO,EAML,eAAe,EAChB,MAAM,2BAA2B,CAAA;AAIlC,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAKhD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAE1D,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAA;IACxD,yBAAyB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAA;IAC7D,oBAAoB,CAAC,EAAE,eAAe,EAAE,CAAA;IACxC,OAAO,EAAE,MAAM,CAAA;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,CAAC,EAAE,gBAAgB,CAAA;IACzB,QAAQ,CAAC,EAAE,eAAe,CAAA;IAE1B;;;;;;;;OAQG;IACH,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAA;CAC9B;AAED;;;;;;GAMG;AACH,wBAAsB,aAAa,CACjC,UAAU,EAAE,UAAU,EACtB,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAC5C,OAAO,CAAC,gBAAgB,CAAC,CAqJ3B;AAED,wBAAsB,6BAA6B,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC;IACnF,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAA;IACrD,kBAAkB,EAAE,MAAM,EAAE,CAAA;CAC7B,CAAC,CAoCD"}
|
|
@@ -50,8 +50,12 @@ async function runSimulation(simulation, simulationOptions) {
|
|
|
50
50
|
policies: validPolicies
|
|
51
51
|
};
|
|
52
52
|
});
|
|
53
|
-
const resourcePolicyErrors = simulation.resourcePolicy
|
|
54
|
-
|
|
53
|
+
const resourcePolicyErrors = simulation.resourcePolicy
|
|
54
|
+
? (0, iam_policy_1.validateResourcePolicy)(simulation.resourcePolicy)
|
|
55
|
+
: [];
|
|
56
|
+
const permissionBoundaries = simulation.permissionBoundaryPolicies
|
|
57
|
+
? []
|
|
58
|
+
: undefined;
|
|
55
59
|
const permissionBoundaryErrors = {};
|
|
56
60
|
simulation.permissionBoundaryPolicies?.map((pb) => {
|
|
57
61
|
const { name, policy } = pb;
|
|
@@ -76,15 +80,17 @@ async function runSimulation(simulation, simulationOptions) {
|
|
|
76
80
|
}
|
|
77
81
|
};
|
|
78
82
|
}
|
|
79
|
-
const resourcePolicy = simulation.resourcePolicy
|
|
80
|
-
|
|
83
|
+
const resourcePolicy = simulation.resourcePolicy
|
|
84
|
+
? (0, iam_policy_1.loadPolicy)(simulation.resourcePolicy)
|
|
85
|
+
: undefined;
|
|
86
|
+
if (simulation.request.action.split(':').length != 2) {
|
|
81
87
|
return {
|
|
82
88
|
errors: {
|
|
83
89
|
message: 'invalid.action'
|
|
84
90
|
}
|
|
85
91
|
};
|
|
86
92
|
}
|
|
87
|
-
const [service, action] = simulation.request.action.split(
|
|
93
|
+
const [service, action] = simulation.request.action.split(':');
|
|
88
94
|
const validService = await (0, iam_data_1.iamServiceExists)(service);
|
|
89
95
|
if (!validService) {
|
|
90
96
|
return {
|
|
@@ -104,7 +110,7 @@ async function runSimulation(simulation, simulationOptions) {
|
|
|
104
110
|
const resourceArn = simulation.request.resource.resource;
|
|
105
111
|
const isWildCardOnlyAction = await (0, util_js_1.isWildcardOnlyAction)(service, action);
|
|
106
112
|
if (isWildCardOnlyAction) {
|
|
107
|
-
if (resourceArn !==
|
|
113
|
+
if (resourceArn !== '*') {
|
|
108
114
|
return {
|
|
109
115
|
errors: {
|
|
110
116
|
message: 'must.use.wildcard'
|
|
@@ -129,48 +135,65 @@ async function runSimulation(simulation, simulationOptions) {
|
|
|
129
135
|
};
|
|
130
136
|
}
|
|
131
137
|
}
|
|
132
|
-
const
|
|
138
|
+
const { validContextValues, ignoredContextKeys } = await normalizeSimulationParameters(simulation);
|
|
133
139
|
const simulationResult = (0, coreSimulatorEngine_js_1.authorize)({
|
|
134
140
|
request: new request_js_1.AwsRequestImpl(simulation.request.principal, {
|
|
135
141
|
resource: simulation.request.resource.resource,
|
|
136
142
|
accountId: simulation.request.resource.accountId
|
|
137
|
-
}, simulation.request.action, new requestContext_js_1.RequestContextImpl(
|
|
143
|
+
}, simulation.request.action, new requestContext_js_1.RequestContextImpl(validContextValues)),
|
|
138
144
|
identityPolicies,
|
|
139
145
|
serviceControlPolicies,
|
|
140
146
|
resourcePolicy,
|
|
141
147
|
permissionBoundaries
|
|
142
148
|
});
|
|
143
149
|
return {
|
|
144
|
-
analysis: simulationResult
|
|
150
|
+
analysis: simulationResult,
|
|
151
|
+
ignoredContextKeys
|
|
145
152
|
};
|
|
146
153
|
}
|
|
147
154
|
async function normalizeSimulationParameters(simulation) {
|
|
148
|
-
const [service, action] = simulation.request.action.split(
|
|
155
|
+
const [service, action] = simulation.request.action.split(':');
|
|
149
156
|
const resourceArn = simulation.request.resource.resource;
|
|
150
157
|
const contextVariablesForAction = new Set(await (0, contextKeys_js_2.allowedContextKeysForRequest)(service, action, resourceArn));
|
|
151
158
|
//Get the types of the context variables and set a string or array of strings based on that.
|
|
152
|
-
const
|
|
159
|
+
const validContextValues = {};
|
|
160
|
+
const ignoredContextKeys = [];
|
|
153
161
|
for (const key of Object.keys(simulation.request.contextVariables)) {
|
|
154
162
|
const value = simulation.request.contextVariables[key];
|
|
155
163
|
const lowerCaseKey = key.toLowerCase();
|
|
156
|
-
if (contextVariablesForAction.has(lowerCaseKey) ||
|
|
164
|
+
if (contextVariablesForAction.has(lowerCaseKey) ||
|
|
165
|
+
listHasVariableKeyMatch(lowerCaseKey, contextVariablesForAction)) {
|
|
157
166
|
const conditionType = await (0, contextKeys_js_1.typeForContextKey)(lowerCaseKey);
|
|
158
167
|
const normalizedKey = await (0, contextKeys_js_1.normalizeContextKeyCase)(key);
|
|
159
168
|
if ((0, contextKeyTypes_js_1.isConditionKeyArray)(conditionType)) {
|
|
160
|
-
|
|
169
|
+
validContextValues[normalizedKey] = [value].flat();
|
|
161
170
|
}
|
|
162
171
|
else if (Array.isArray(value)) {
|
|
163
|
-
|
|
172
|
+
validContextValues[normalizedKey] = value[0];
|
|
164
173
|
}
|
|
165
174
|
else {
|
|
166
|
-
|
|
175
|
+
validContextValues[normalizedKey] = value;
|
|
167
176
|
}
|
|
168
177
|
}
|
|
178
|
+
else {
|
|
179
|
+
ignoredContextKeys.push(key);
|
|
180
|
+
}
|
|
169
181
|
}
|
|
170
|
-
return
|
|
182
|
+
return {
|
|
183
|
+
validContextValues,
|
|
184
|
+
ignoredContextKeys
|
|
185
|
+
};
|
|
171
186
|
}
|
|
187
|
+
/**
|
|
188
|
+
* Evaluates a context key with a variable such as `aws:PrincipalTag/Foo` to see
|
|
189
|
+
* if it matches any of the context variables in the allowed variables set.
|
|
190
|
+
*
|
|
191
|
+
* @param lowerCaseKey The lower case key to check for a match.
|
|
192
|
+
* @param contextVariables The set of context variables to check against.
|
|
193
|
+
* @returns True if the key has a variable match, false otherwise.
|
|
194
|
+
*/
|
|
172
195
|
function listHasVariableKeyMatch(lowerCaseKey, contextVariables) {
|
|
173
|
-
const firstSlashIndex = lowerCaseKey.indexOf(
|
|
196
|
+
const firstSlashIndex = lowerCaseKey.indexOf('/');
|
|
174
197
|
if (firstSlashIndex === -1) {
|
|
175
198
|
return false;
|
|
176
199
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"simulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"simulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":";;AAkDA,sCAwJC;AAED,sEAuCC;AAnPD,sDAA2E;AAC3E,0DAOkC;AAClC,2EAAwE;AACxE,mEAA2F;AAC3F,kFAAyF;AAEzF,sDAAsD;AACtD,4DAAyD;AACzD,wCAA4E;AAC5E,qDAA+D;AA2B/D;;;;;;GAMG;AACI,KAAK,UAAU,aAAa,CACjC,UAAsB,EACtB,iBAA6C;IAE7C,MAAM,oBAAoB,GAAsC,EAAE,CAAA;IAClE,MAAM,gBAAgB,GAAa,EAAE,CAAA;IACrC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QAC5C,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,KAAK,CAAA;QAC9B,MAAM,gBAAgB,GAAG,IAAA,mCAAsB,EAAC,MAAM,CAAC,CAAA;QACvD,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACjC,gBAAgB,CAAC,IAAI,CAAC,IAAA,uBAAU,EAAC,MAAM,CAAC,CAAC,CAAA;QAC3C,CAAC;aAAM,CAAC;YACN,oBAAoB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAA;QAC/C,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,yBAAyB,GAAsC,EAAE,CAAA;IACvE,MAAM,sBAAsB,GAA6B,UAAU,CAAC,sBAAsB,CAAC,GAAG,CAC5F,CAAC,GAAG,EAAE,EAAE;QACN,MAAM,IAAI,GAAG,GAAG,CAAC,aAAa,CAAA;QAC9B,MAAM,aAAa,GAAa,EAAE,CAAA;QAElC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;YAC7B,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,KAAK,CAAA;YAC9B,MAAM,gBAAgB,GAAG,IAAA,yCAA4B,EAAC,MAAM,CAAC,CAAA;YAC7D,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAChC,yBAAyB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAA;YACpD,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,IAAI,CAAC,IAAA,uBAAU,EAAC,MAAM,CAAC,CAAC,CAAA;YACxC,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,QAAQ,EAAE,aAAa;SACxB,CAAA;IACH,CAAC,CACF,CAAA;IAED,MAAM,oBAAoB,GAAG,UAAU,CAAC,cAAc;QACpD,CAAC,CAAC,IAAA,mCAAsB,EAAC,UAAU,CAAC,cAAc,CAAC;QACnD,CAAC,CAAC,EAAE,CAAA;IAEN,MAAM,oBAAoB,GAAyB,UAAU,CAAC,0BAA0B;QACtF,CAAC,CAAC,EAAE;QACJ,CAAC,CAAC,SAAS,CAAA;IACb,MAAM,wBAAwB,GAAsC,EAAE,CAAA;IACtE,UAAU,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE;QAChD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,CAAA;QAC3B,MAAM,gBAAgB,GAAG,IAAA,mCAAsB,EAAC,MAAM,CAAC,CAAA;QACvD,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACjC,oBAAqB,CAAC,IAAI,CAAC,IAAA,uBAAU,EAAC,MAAM,CAAC,CAAC,CAAA;QAChD,CAAC;aAAM,CAAC;YACN,wBAAwB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAA;QACnD,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,IACE,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,MAAM,GAAG,CAAC;QAC5C,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,MAAM,GAAG,CAAC;QACjD,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,MAAM,GAAG,CAAC;QAChD,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAC/B,CAAC;QACD,OAAO;YACL,MAAM,EAAE;gBACN,oBAAoB;gBACpB,yBAAyB;gBACzB,oBAAoB;gBACpB,OAAO,EAAE,eAAe;aACzB;SACF,CAAA;IACH,CAAC;IAED,MAAM,cAAc,GAAG,UAAU,CAAC,cAAc;QAC9C,CAAC,CAAC,IAAA,uBAAU,EAAC,UAAU,CAAC,cAAc,CAAC;QACvC,CAAC,CAAC,SAAS,CAAA;IAEb,IAAI,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACrD,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,gBAAgB;aAC1B;SACF,CAAA;IACH,CAAC;IAED,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC9D,MAAM,YAAY,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,CAAC,CAAA;IACpD,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,iBAAiB;aAC3B;SACF,CAAA;IACH,CAAC;IACD,MAAM,WAAW,GAAG,MAAM,IAAA,0BAAe,EAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IAC1D,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,gBAAgB;aAC1B;SACF,CAAA;IACH,CAAC;IAED,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAA;IACxD,MAAM,oBAAoB,GAAG,MAAM,IAAA,8BAAoB,EAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IACxE,IAAI,oBAAoB,EAAE,CAAC;QACzB,IAAI,WAAW,KAAK,GAAG,EAAE,CAAC;YACxB,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,mBAAmB;iBAC7B;aACF,CAAA;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,aAAa,GAAG,MAAM,IAAA,mCAAyB,EAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAA;QACnF,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,mBAAmB;iBAC7B;aACF,CAAA;QACH,CAAC;aAAM,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,yBAAyB;iBACnC;aACF,CAAA;QACH,CAAC;IACH,CAAC;IAED,MAAM,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,GAAG,MAAM,6BAA6B,CAAC,UAAU,CAAC,CAAA;IAElG,MAAM,gBAAgB,GAAG,IAAA,kCAAS,EAAC;QACjC,OAAO,EAAE,IAAI,2BAAc,CACzB,UAAU,CAAC,OAAO,CAAC,SAAS,EAC5B;YACE,QAAQ,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ;YAC9C,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS;SACjD,EACD,UAAU,CAAC,OAAO,CAAC,MAAM,EACzB,IAAI,sCAAkB,CAAC,kBAAkB,CAAC,CAC3C;QACD,gBAAgB;QAChB,sBAAsB;QACtB,cAAc;QACd,oBAAoB;KACrB,CAAC,CAAA;IAEF,OAAO;QACL,QAAQ,EAAE,gBAAgB;QAC1B,kBAAkB;KACnB,CAAA;AACH,CAAC;AAEM,KAAK,UAAU,6BAA6B,CAAC,UAAsB;IAIxE,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC9D,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAA;IACxD,MAAM,yBAAyB,GAAG,IAAI,GAAG,CACvC,MAAM,IAAA,6CAA4B,EAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CACjE,CAAA;IAED,4FAA4F;IAC5F,MAAM,kBAAkB,GAAsC,EAAE,CAAA;IAChE,MAAM,kBAAkB,GAAa,EAAE,CAAA;IACvC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACnE,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAA;QACtD,MAAM,YAAY,GAAG,GAAG,CAAC,WAAW,EAAE,CAAA;QACtC,IACE,yBAAyB,CAAC,GAAG,CAAC,YAAY,CAAC;YAC3C,uBAAuB,CAAC,YAAY,EAAE,yBAAyB,CAAC,EAChE,CAAC;YACD,MAAM,aAAa,GAAG,MAAM,IAAA,kCAAiB,EAAC,YAAY,CAAC,CAAA;YAC3D,MAAM,aAAa,GAAG,MAAM,IAAA,wCAAuB,EAAC,GAAG,CAAC,CAAA;YAExD,IAAI,IAAA,wCAAmB,EAAC,aAAa,CAAC,EAAE,CAAC;gBACvC,kBAAkB,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAA;YACpD,CAAC;iBAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChC,kBAAkB,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;YAC9C,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,aAAa,CAAC,GAAG,KAAK,CAAA;YAC3C,CAAC;QACH,CAAC;aAAM,CAAC;YACN,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC9B,CAAC;IACH,CAAC;IAED,OAAO;QACL,kBAAkB;QAClB,kBAAkB;KACnB,CAAA;AACH,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,uBAAuB,CAAC,YAAoB,EAAE,gBAA6B;IAClF,MAAM,eAAe,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACjD,IAAI,eAAe,KAAK,CAAC,CAAC,EAAE,CAAC;QAC3B,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,GAAG,CAAC,CAAC,CAAA;IACzD,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;QACxC,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAChC,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { type EvaluationResult } from
|
|
2
|
-
import { Simulation } from
|
|
3
|
-
import { SimulationOptions } from
|
|
1
|
+
import { type EvaluationResult } from '../evaluate.js';
|
|
2
|
+
import { Simulation } from './simulation.js';
|
|
3
|
+
import { SimulationOptions } from './simulationOptions.js';
|
|
4
4
|
/**
|
|
5
5
|
* Runs a simulation without input validation or context variable verification.
|
|
6
6
|
* Use this if you know what you're doing.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"unsafeSimulationEngine.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/unsafeSimulationEngine.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,gBAAgB,
|
|
1
|
+
{"version":3,"file":"unsafeSimulationEngine.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/unsafeSimulationEngine.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AAGtD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAE1D;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CACjC,UAAU,EAAE,UAAU,EACtB,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAC5C,gBAAgB,CAuClB"}
|
|
@@ -14,20 +14,20 @@ const requestContext_js_1 = require("../requestContext.js");
|
|
|
14
14
|
* @returns The result of the simulation.
|
|
15
15
|
*/
|
|
16
16
|
function runUnsafeSimulation(simulation, simulationOptions) {
|
|
17
|
-
const identityPolicies = Object.values(simulation.identityPolicies).map(p => (0, iam_policy_1.loadPolicy)(p.policy));
|
|
17
|
+
const identityPolicies = Object.values(simulation.identityPolicies).map((p) => (0, iam_policy_1.loadPolicy)(p.policy));
|
|
18
18
|
const serviceControlPolicies = simulation.serviceControlPolicies.map((scp) => {
|
|
19
19
|
const ouId = scp.orgIdentifier;
|
|
20
|
-
const policies = scp.policies.map(val => (0, iam_policy_1.loadPolicy)(val.policy));
|
|
20
|
+
const policies = scp.policies.map((val) => (0, iam_policy_1.loadPolicy)(val.policy));
|
|
21
21
|
return {
|
|
22
22
|
orgIdentifier: ouId,
|
|
23
23
|
policies: policies
|
|
24
24
|
};
|
|
25
25
|
});
|
|
26
|
-
const permissionBoundaries = simulation.permissionBoundaryPolicies?.map(val => (0, iam_policy_1.loadPolicy)(val.policy)) ?? undefined;
|
|
26
|
+
const permissionBoundaries = simulation.permissionBoundaryPolicies?.map((val) => (0, iam_policy_1.loadPolicy)(val.policy)) ?? undefined;
|
|
27
27
|
const requestContext = new requestContext_js_1.RequestContextImpl(simulation.request.contextVariables);
|
|
28
28
|
const request = new request_js_1.AwsRequestImpl(simulation.request.principal, {
|
|
29
29
|
resource: simulation.request.resource.resource,
|
|
30
|
-
accountId: simulation.request.resource.accountId
|
|
30
|
+
accountId: simulation.request.resource.accountId
|
|
31
31
|
}, simulation.request.action, requestContext);
|
|
32
32
|
const analysis = (0, coreSimulatorEngine_js_1.authorize)({
|
|
33
33
|
request,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"unsafeSimulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/unsafeSimulationEngine.ts"],"names":[],"mappings":";;AAgBA,
|
|
1
|
+
{"version":3,"file":"unsafeSimulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/unsafeSimulationEngine.ts"],"names":[],"mappings":";;AAgBA,kDA0CC;AA1DD,0DAAsD;AACtD,kFAAyF;AAEzF,sDAAsD;AACtD,4DAAyD;AAIzD;;;;;;;GAOG;AACH,SAAgB,mBAAmB,CACjC,UAAsB,EACtB,iBAA6C;IAE7C,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAC5E,IAAA,uBAAU,EAAC,CAAC,CAAC,MAAM,CAAC,CACrB,CAAA;IACD,MAAM,sBAAsB,GAA6B,UAAU,CAAC,sBAAsB,CAAC,GAAG,CAC5F,CAAC,GAAG,EAAE,EAAE;QACN,MAAM,IAAI,GAAG,GAAG,CAAC,aAAa,CAAA;QAC9B,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,uBAAU,EAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAA;QAElE,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,QAAQ,EAAE,QAAQ;SACnB,CAAA;IACH,CAAC,CACF,CAAA;IAED,MAAM,oBAAoB,GACxB,UAAU,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,uBAAU,EAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,SAAS,CAAA;IAE1F,MAAM,cAAc,GAAG,IAAI,sCAAkB,CAAC,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;IAClF,MAAM,OAAO,GAAG,IAAI,2BAAc,CAChC,UAAU,CAAC,OAAO,CAAC,SAAS,EAC5B;QACE,QAAQ,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ;QAC9C,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS;KACjD,EACD,UAAU,CAAC,OAAO,CAAC,MAAM,EACzB,cAAc,CACf,CAAA;IAED,MAAM,QAAQ,GAAG,IAAA,kCAAS,EAAC;QACzB,OAAO;QACP,gBAAgB;QAChB,sBAAsB;QACtB,cAAc,EAAE,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,IAAA,uBAAU,EAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS;QAC7F,oBAAoB;KACrB,CAAC,CAAA;IAEF,OAAO,QAAQ,CAAC,MAAM,CAAA;AACxB,CAAC"}
|
package/dist/cjs/util.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { ResourceType } from '@cloud-copilot/iam-data';
|
|
2
|
+
import { Resource } from '@cloud-copilot/iam-policy';
|
|
2
3
|
import { AwsRequest } from './request/request.js';
|
|
3
4
|
export interface StringReplaceOptions {
|
|
4
5
|
replaceWildcards: boolean;
|
|
@@ -26,8 +27,6 @@ export interface ArnParts {
|
|
|
26
27
|
region: string | undefined;
|
|
27
28
|
accountId: string | undefined;
|
|
28
29
|
resource: string | undefined;
|
|
29
|
-
resourceType: string | undefined;
|
|
30
|
-
resourcePath: string | undefined;
|
|
31
30
|
}
|
|
32
31
|
/**
|
|
33
32
|
* Split an ARN into its parts
|
|
@@ -37,13 +36,14 @@ export interface ArnParts {
|
|
|
37
36
|
*/
|
|
38
37
|
export declare function splitArnParts(arn: string): ArnParts;
|
|
39
38
|
/**
|
|
40
|
-
*
|
|
41
|
-
*
|
|
39
|
+
* Get the product/id segments of the resource portion of an ARN.
|
|
40
|
+
* The first segment is the product segment and the second segment is the resource id segment.
|
|
41
|
+
* This could be split by a colon or a slash, so it checks for both. It also checks for S3 buckets/objects.
|
|
42
42
|
*
|
|
43
|
-
* @param resource The resource to
|
|
43
|
+
* @param resource The resource to get the resource segments. Must be an ARN resource.
|
|
44
44
|
* @returns a tuple with the first segment being the product segment (including the separator) and the second segment being the resource id.
|
|
45
45
|
*/
|
|
46
|
-
export declare function getResourceSegments(resource:
|
|
46
|
+
export declare function getResourceSegments(resource: Resource): [string, string];
|
|
47
47
|
/**
|
|
48
48
|
* Checks if a value is defined and not null and narrows the type to the defined type
|
|
49
49
|
*
|
package/dist/cjs/util.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../src/util.ts"],"names":[],"mappings":"AAAA,OAAO,EAA4C,YAAY,EAAE,MAAM,yBAAyB,CAAA;AAChG,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AAIjD,MAAM,WAAW,oBAAoB;IACnC,gBAAgB,EAAE,OAAO,CAAA;IACzB,cAAc,EAAE,OAAO,CAAA;CACxB;AAOD;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,
|
|
1
|
+
{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../src/util.ts"],"names":[],"mappings":"AAAA,OAAO,EAA4C,YAAY,EAAE,MAAM,yBAAyB,CAAA;AAChG,OAAO,EAAE,QAAQ,EAAE,MAAM,2BAA2B,CAAA;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AAIjD,MAAM,WAAW,oBAAoB;IACnC,gBAAgB,EAAE,OAAO,CAAA;IACzB,cAAc,EAAE,OAAO,CAAA;CACxB;AAOD;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,UAAU,EACnB,cAAc,EAAE;IAAE,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAAC,cAAc,EAAE,KAAK,CAAA;CAAE,GACpE,MAAM,CAAA;AACT,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,UAAU,EACnB,cAAc,CAAC,EAAE,OAAO,CAAC,oBAAoB,CAAC,GAC7C;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;CAAE,CAAA;AA+IzC,MAAM,WAAW,QAAQ;IACvB,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,OAAO,EAAE,MAAM,GAAG,SAAS,CAAA;IAC3B,MAAM,EAAE,MAAM,GAAG,SAAS,CAAA;IAC1B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;CAG7B;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,QAAQ,CAenD;AAED;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CA2BxE;AAED;;;;;GAKG;AACH,wBAAgB,SAAS,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,SAAS,GAAG,KAAK,IAAI,CAAC,CAE7D;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,SAAS,GAAG,KAAK,IAAI,SAAS,CAExE;AAED;;;;;;;GAOG;AACH,wBAAsB,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAG5F;AAED;;;;;;;GAOG;AACH,wBAAsB,yBAAyB,CAC7C,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,YAAY,EAAE,CAAC,CAiBzB;AAED;;;;;GAKG;AACH,wBAAgB,6BAA6B,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAOrE;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAExD;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAY9D;AAID;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAE3D;AAID;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAEvD;AAID;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAE7D"}
|
package/dist/cjs/util.js
CHANGED
|
@@ -22,25 +22,25 @@ const defaultStringReplaceOptions = {
|
|
|
22
22
|
function convertIamString(value, request, replaceOptions) {
|
|
23
23
|
const options = { ...defaultStringReplaceOptions, ...replaceOptions };
|
|
24
24
|
const errors = [];
|
|
25
|
-
const newValue = value.replaceAll(/(\$\{.*?\})|(\*)|(\?)/
|
|
26
|
-
if (match ==
|
|
25
|
+
const newValue = value.replaceAll(/(\$\{.*?\})|(\*)|(\?)/gi, (match, args) => {
|
|
26
|
+
if (match == '?') {
|
|
27
27
|
return replacementValue(match, '\\?', '.', options);
|
|
28
28
|
// return '.'
|
|
29
29
|
}
|
|
30
|
-
else if (match ==
|
|
31
|
-
return replacementValue(match, '\\*',
|
|
30
|
+
else if (match == '*') {
|
|
31
|
+
return replacementValue(match, '\\*', '.*?', options);
|
|
32
32
|
// return ".*?"
|
|
33
33
|
}
|
|
34
|
-
else if (match ==
|
|
35
|
-
return replacementValue(match,
|
|
34
|
+
else if (match == '${*}') {
|
|
35
|
+
return replacementValue(match, '\\$\\{\\*\\}', '\\*', options);
|
|
36
36
|
// return "\\*"
|
|
37
37
|
}
|
|
38
|
-
else if (match ==
|
|
39
|
-
return replacementValue(match,
|
|
38
|
+
else if (match == '${?}') {
|
|
39
|
+
return replacementValue(match, '\\$\\{\\?\\}', '\\?', options);
|
|
40
40
|
// return "\\?"
|
|
41
41
|
}
|
|
42
|
-
else if (match ==
|
|
43
|
-
return replacementValue(match,
|
|
42
|
+
else if (match == '${$}') {
|
|
43
|
+
return replacementValue(match, '\\$\\{\\$\\}', '\\$', options);
|
|
44
44
|
// return "\\$"
|
|
45
45
|
}
|
|
46
46
|
//
|
|
@@ -148,34 +148,34 @@ function splitArnParts(arn) {
|
|
|
148
148
|
const service = parts.at(2);
|
|
149
149
|
const region = parts.at(3);
|
|
150
150
|
const accountId = parts.at(4);
|
|
151
|
-
const resource = parts.slice(5).join(
|
|
152
|
-
let resourceType = undefined;
|
|
153
|
-
let resourcePath = undefined;
|
|
154
|
-
if (resource?.includes('/') || resource?.includes(':')) {
|
|
155
|
-
const [resourceTypeSegment, resourcePathSegment] = getResourceSegments(resource);
|
|
156
|
-
resourceType = resourceTypeSegment;
|
|
157
|
-
resourcePath = resourcePathSegment;
|
|
158
|
-
}
|
|
151
|
+
const resource = parts.slice(5).join(':');
|
|
159
152
|
return {
|
|
160
153
|
partition,
|
|
161
154
|
service,
|
|
162
155
|
region,
|
|
163
156
|
accountId,
|
|
164
|
-
resource
|
|
165
|
-
resourceType,
|
|
166
|
-
resourcePath
|
|
157
|
+
resource
|
|
167
158
|
};
|
|
168
159
|
}
|
|
169
160
|
/**
|
|
170
|
-
*
|
|
171
|
-
*
|
|
161
|
+
* Get the product/id segments of the resource portion of an ARN.
|
|
162
|
+
* The first segment is the product segment and the second segment is the resource id segment.
|
|
163
|
+
* This could be split by a colon or a slash, so it checks for both. It also checks for S3 buckets/objects.
|
|
172
164
|
*
|
|
173
|
-
* @param resource The resource to
|
|
165
|
+
* @param resource The resource to get the resource segments. Must be an ARN resource.
|
|
174
166
|
* @returns a tuple with the first segment being the product segment (including the separator) and the second segment being the resource id.
|
|
175
167
|
*/
|
|
176
168
|
function getResourceSegments(resource) {
|
|
177
|
-
|
|
178
|
-
|
|
169
|
+
if (!resource.isArnResource()) {
|
|
170
|
+
throw new Error(`Resource ${resource.value()} is not an ARN resource`);
|
|
171
|
+
}
|
|
172
|
+
const resourceString = resource.resource();
|
|
173
|
+
// This is terrible, and I hate it
|
|
174
|
+
if (resource.service() === 's3' && resource.account() === '' && resource.region() === '') {
|
|
175
|
+
return ['', resourceString];
|
|
176
|
+
}
|
|
177
|
+
const slashIndex = resourceString.indexOf('/');
|
|
178
|
+
const colonIndex = resourceString.indexOf(':');
|
|
179
179
|
let splitIndex = slashIndex;
|
|
180
180
|
if (slashIndex != -1 && colonIndex != -1) {
|
|
181
181
|
splitIndex = Math.min(slashIndex, colonIndex) + 1;
|
|
@@ -189,7 +189,7 @@ function getResourceSegments(resource) {
|
|
|
189
189
|
else {
|
|
190
190
|
throw new Error(`Unable to split resource ${resource}`);
|
|
191
191
|
}
|
|
192
|
-
return [
|
|
192
|
+
return [resourceString.slice(0, splitIndex), resourceString.slice(splitIndex)];
|
|
193
193
|
}
|
|
194
194
|
/**
|
|
195
195
|
* Checks if a value is defined and not null and narrows the type to the defined type
|
|
@@ -266,7 +266,7 @@ function convertResourcePatternToRegex(pattern) {
|
|
|
266
266
|
* @returns the lowercased strings
|
|
267
267
|
*/
|
|
268
268
|
function lowerCaseAll(strings) {
|
|
269
|
-
return strings.map(s => s.toLowerCase());
|
|
269
|
+
return strings.map((s) => s.toLowerCase());
|
|
270
270
|
}
|
|
271
271
|
/**
|
|
272
272
|
* Gets the IAM variables from a string
|
package/dist/cjs/util.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"util.js","sourceRoot":"","sources":["../../src/util.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"util.js","sourceRoot":"","sources":["../../src/util.ts"],"names":[],"mappings":";;AAkCA,4CAkFC;AA4ED,sCAeC;AAUD,kDA2BC;AAQD,8BAEC;AAQD,oCAEC;AAUD,oDAGC;AAUD,8DAqBC;AAQD,sEAOC;AAQD,oCAEC;AAQD,wDAYC;AAUD,4CAEC;AAUD,oCAEC;AAUD,gDAEC;AArYD,sDAAgG;AAIhG,MAAM,cAAc,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,CAAA;AAOvC,MAAM,2BAA2B,GAAyB;IACxD,gBAAgB,EAAE,IAAI;IACtB,cAAc,EAAE,IAAI;CACrB,CAAA;AAoBD,SAAgB,gBAAgB,CAC9B,KAAa,EACb,OAAmB,EACnB,cAA8C;IAE9C,MAAM,OAAO,GAAG,EAAE,GAAG,2BAA2B,EAAE,GAAG,cAAc,EAAE,CAAA;IAErE,MAAM,MAAM,GAAa,EAAE,CAAA;IAC3B,MAAM,QAAQ,GAAG,KAAK,CAAC,UAAU,CAAC,yBAAyB,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QAC3E,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;YACjB,OAAO,gBAAgB,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;YACnD,aAAa;QACf,CAAC;aAAM,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;YACxB,OAAO,gBAAgB,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,CAAA;YACrD,eAAe;QACjB,CAAC;aAAM,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,gBAAgB,CAAC,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE,OAAO,CAAC,CAAA;YAC9D,eAAe;QACjB,CAAC;aAAM,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,gBAAgB,CAAC,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE,OAAO,CAAC,CAAA;YAC9D,eAAe;QACjB,CAAC;aAAM,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,gBAAgB,CAAC,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE,OAAO,CAAC,CAAA;YAC9D,eAAe;QACjB,CAAC;QACD,EAAE;QACF,4BAA4B;QAC5B,MAAM,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QAExC,IAAI,YAAY,GAAG,SAAS,CAAA;QAC5B,MAAM,YAAY,GAAG,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QAC9C,IAAI,YAAY,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YAC7B,MAAM,iBAAiB,GAAG,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YAC5C,IAAI,iBAAiB,EAAE,UAAU,CAAC,GAAG,CAAC,IAAI,iBAAiB,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1E,YAAY,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YAC/C,CAAC;QACH,CAAC;QACD,MAAM,YAAY,GAAG,YAAY,CAAC,EAAE,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAA;QAE/C,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,iBAAiB,EAAE,GAAG,qBAAqB,CAC7E,OAAO,EACP,YAAY,CACb,CAAA;QAED,IAAI,YAAY,EAAE,CAAC;YACjB,wDAAwD;YACxD,OAAO,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAA;QACpF,CAAC;aAAM,IAAI,YAAY,EAAE,CAAC;YACxB;;;cAGE;YACF,wDAAwD;YACxD,OAAO,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAA;QACpF,CAAC;aAAM,CAAC;YACN,IAAI,iBAAiB,IAAI,SAAS,EAAE,CAAC;gBACnC,MAAM,CAAC,IAAI,CACT,IAAI,YAAY,sFAAsF,CACvG,CAAA;YACH,CAAC;iBAAM,IAAI,iBAAiB,IAAI,YAAY,EAAE,CAAC;gBAC7C,MAAM,CAAC,IAAI,CACT,IAAI,YAAY,2FAA2F,CAC5G,CAAA;YACH,CAAC;YACD;;cAEE;YACF,OAAO,KAAK,CAAA;QACd,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAA;IAC7C,CAAC,CAAC,CAAA;IAEF,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;QAC5B,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,CAAA;IAC5C,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,IAAI,MAAM,CAAC,GAAG,GAAG,QAAQ,GAAG,GAAG,CAAC,EAAE,CAAA;AACtD,CAAC;AAED;;;;;GAKG;AACH,SAAS,qBAAqB,CAAC,GAAW;IACxC,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAA;AACnD,CAAC;AAED;;;;;;GAMG;AACH,SAAS,qBAAqB,CAC5B,OAAmB,EACnB,cAAsB;IAEtB,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,cAAc,CAAC,EAAE,CAAC;QAC9C,OAAO;YACL,KAAK,EAAE,SAAS;SACjB,CAAA;IACH,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAA;IAC3D,IAAI,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC;QAC7B,OAAO,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAA;IAClC,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,CAAA;AAChC,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,gBAAgB,CACvB,QAAgB,EAChB,OAAe,EACf,KAAa,EACb,OAA6B;IAE7B,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;QAC5B,OAAO,QAAQ,CAAA;IACjB,CAAC;IACD,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;QAC7B,OAAO,KAAK,CAAA;IACd,CAAC;IACD,OAAO,OAAO,CAAA;AAChB,CAAC;AAYD;;;;;GAKG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC5B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC7B,MAAM,OAAO,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC3B,MAAM,MAAM,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC1B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC7B,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAEzC,OAAO;QACL,SAAS;QACT,OAAO;QACP,MAAM;QACN,SAAS;QACT,QAAQ;KACT,CAAA;AACH,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,mBAAmB,CAAC,QAAkB;IACpD,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,YAAY,QAAQ,CAAC,KAAK,EAAE,yBAAyB,CAAC,CAAA;IACxE,CAAC;IAED,MAAM,cAAc,GAAG,QAAQ,CAAC,QAAQ,EAAE,CAAA;IAE1C,kCAAkC;IAClC,IAAI,QAAQ,CAAC,OAAO,EAAE,KAAK,IAAI,IAAI,QAAQ,CAAC,OAAO,EAAE,KAAK,EAAE,IAAI,QAAQ,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE,CAAC;QACzF,OAAO,CAAC,EAAE,EAAE,cAAc,CAAC,CAAA;IAC7B,CAAC;IAED,MAAM,UAAU,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAC9C,MAAM,UAAU,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAE9C,IAAI,UAAU,GAAG,UAAU,CAAA;IAC3B,IAAI,UAAU,IAAI,CAAC,CAAC,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QACzC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,CAAA;IACnD,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,4BAA4B,QAAQ,EAAE,CAAC,CAAA;IACzD,CAAC;IAED,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,EAAE,cAAc,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAA;AAChF,CAAC;AAED;;;;;GAKG;AACH,SAAgB,SAAS,CAAI,KAAoB;IAC/C,OAAO,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,CAAA;AAC9C,CAAC;AAED;;;;;GAKG;AACH,SAAgB,YAAY,CAAI,KAAoB;IAClD,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;AAC1B,CAAC;AAED;;;;;;;GAOG;AACI,KAAK,UAAU,oBAAoB,CAAC,OAAe,EAAE,MAAc;IACxE,MAAM,aAAa,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IAC7D,OAAO,aAAa,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,CAAA;AACjD,CAAC;AAED;;;;;;;GAOG;AACI,KAAK,UAAU,yBAAyB,CAC7C,OAAe,EACf,MAAc,EACd,QAAgB;IAEhB,MAAM,aAAa,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IAC7D,IAAI,aAAa,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,IAAI,MAAM,mCAAmC,CAAC,CAAA;IAC1E,CAAC;IAED,MAAM,qBAAqB,GAAmB,EAAE,CAAA;IAChD,KAAK,MAAM,EAAE,IAAI,aAAa,CAAC,aAAa,EAAE,CAAC;QAC7C,MAAM,YAAY,GAAG,MAAM,IAAA,iCAAsB,EAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,CAAA;QACnE,MAAM,OAAO,GAAG,6BAA6B,CAAC,YAAY,CAAC,GAAG,CAAC,CAAA;QAC/D,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAA;QACjD,IAAI,KAAK,EAAE,CAAC;YACV,qBAAqB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QAC1C,CAAC;IACH,CAAC;IAED,OAAO,qBAAqB,CAAA;AAC9B,CAAC;AAED;;;;;GAKG;AACH,SAAgB,6BAA6B,CAAC,OAAe;IAC3D,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,EAAE;QACpD,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;QAC/D,OAAO,MAAM,SAAS,SAAS,CAAA;IACjC,CAAC,CAAC,CAAA;IACF,OAAO,IAAI,KAAK,GAAG,CAAA;AACrB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,YAAY,CAAC,OAAiB;IAC5C,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAA;AAC5C,CAAC;AAED;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,KAAa;IAClD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,CAAA;IACzC,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACvB,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YACjC,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC7B,OAAO,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;YACxC,CAAC;YACD,OAAO,UAAU,CAAA;QACnB,CAAC,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC;AAED,MAAM,mBAAmB,GAAG,wCAAwC,CAAA;AAEpE;;;;;GAKG;AACH,SAAgB,gBAAgB,CAAC,SAAiB;IAChD,OAAO,mBAAmB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;AAC5C,CAAC;AAED,MAAM,YAAY,GAAG,gCAAgC,CAAA;AAErD;;;;;GAKG;AACH,SAAgB,YAAY,CAAC,SAAiB;IAC5C,OAAO,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;AACrC,CAAC;AAED,MAAM,qBAAqB,GAAG,0CAA0C,CAAA;AAExE;;;;;GAKG;AACH,SAAgB,kBAAkB,CAAC,SAAiB;IAClD,OAAO,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;AAC9C,CAAC"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import { Statement } from
|
|
2
|
-
import { ConditionMatchResult } from
|
|
3
|
-
import { StatementExplain } from
|
|
4
|
-
import { PrincipalMatchResult } from
|
|
1
|
+
import { Statement } from '@cloud-copilot/iam-policy';
|
|
2
|
+
import { ConditionMatchResult } from './condition/condition.js';
|
|
3
|
+
import { StatementExplain } from './explain/statementExplain.js';
|
|
4
|
+
import { PrincipalMatchResult } from './principal/principal.js';
|
|
5
5
|
/**
|
|
6
6
|
* The result of analyzing a statement against a request.
|
|
7
7
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"StatementAnalysis.d.ts","sourceRoot":"","sources":["../../src/StatementAnalysis.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,
|
|
1
|
+
{"version":3,"file":"StatementAnalysis.d.ts","sourceRoot":"","sources":["../../src/StatementAnalysis.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AACrD,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAA;AAC/D,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAA;AAChE,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAA;AAE/D;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC;;OAEG;IACH,SAAS,EAAE,SAAS,CAAA;IAEpB;;OAEG;IACH,aAAa,EAAE,OAAO,CAAA;IAEtB;;OAEG;IACH,WAAW,EAAE,OAAO,CAAA;IAEpB;;OAEG;IACH,cAAc,EAAE,oBAAoB,CAAA;IAEpC;;OAEG;IACH,cAAc,EAAE,oBAAoB,CAAA;IAEpC,OAAO,CAAC,EAAE,gBAAgB,CAAA;CAC3B;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO,CAU7E;AAsBD,wBAAgB,6BAA6B,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO,CAUnF;AAED,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,IAAI,CACZ,iBAAiB,EACjB,aAAa,GAAG,gBAAgB,GAAG,gBAAgB,GAAG,eAAe,CACtE,GACA,OAAO,CAST"}
|
|
@@ -41,9 +41,9 @@ export function identityStatementExplicitDeny(statement) {
|
|
|
41
41
|
return false;
|
|
42
42
|
}
|
|
43
43
|
export function statementMatches(analysis) {
|
|
44
|
-
return analysis.resourceMatch &&
|
|
44
|
+
return (analysis.resourceMatch &&
|
|
45
45
|
analysis.actionMatch &&
|
|
46
46
|
analysis.conditionMatch === 'Match' &&
|
|
47
|
-
['Match', 'AccountLevelMatch', 'SessionRoleMatch', 'SessionUserMatch'].includes(analysis.principalMatch);
|
|
47
|
+
['Match', 'AccountLevelMatch', 'SessionRoleMatch', 'SessionUserMatch'].includes(analysis.principalMatch));
|
|
48
48
|
}
|
|
49
49
|
//# sourceMappingURL=StatementAnalysis.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"StatementAnalysis.js","sourceRoot":"","sources":["../../src/StatementAnalysis.ts"],"names":[],"mappings":"AAsCA;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CAAC,SAA4B;IAClE,
|
|
1
|
+
{"version":3,"file":"StatementAnalysis.js","sourceRoot":"","sources":["../../src/StatementAnalysis.ts"],"names":[],"mappings":"AAsCA;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CAAC,SAA4B;IAClE,IACE,SAAS,CAAC,aAAa;QACvB,SAAS,CAAC,WAAW;QACrB,SAAS,CAAC,cAAc,KAAK,OAAO;QACpC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,OAAO,EACxC,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED,wFAAwF;AACxF,kCAAkC;AAClC,+BAA+B;AAC/B,gDAAgD;AAChD,kDAAkD;AAClD,qBAAqB;AACrB,MAAM;AACN,iBAAiB;AACjB,IAAI;AAEJ,uFAAuF;AACvF,kCAAkC;AAClC,+BAA+B;AAC/B,gDAAgD;AAChD,iDAAiD;AACjD,qBAAqB;AACrB,MAAM;AACN,iBAAiB;AACjB,IAAI;AAEJ,MAAM,UAAU,6BAA6B,CAAC,SAA4B;IACxE,IACE,SAAS,CAAC,aAAa;QACvB,SAAS,CAAC,WAAW;QACrB,SAAS,CAAC,cAAc,KAAK,OAAO;QACpC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,MAAM,EACvC,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,QAGC;IAED,OAAO,CACL,QAAQ,CAAC,aAAa;QACtB,QAAQ,CAAC,WAAW;QACpB,QAAQ,CAAC,cAAc,KAAK,OAAO;QACnC,CAAC,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAC7E,QAAQ,CAAC,cAAc,CACxB,CACF,CAAA;AACH,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { Action, Statement } from
|
|
2
|
-
import { ActionExplain, StatementExplain } from
|
|
3
|
-
import { AwsRequest } from
|
|
1
|
+
import { Action, Statement } from '@cloud-copilot/iam-policy';
|
|
2
|
+
import { ActionExplain, StatementExplain } from '../explain/statementExplain.js';
|
|
3
|
+
import { AwsRequest } from '../request/request.js';
|
|
4
4
|
/**
|
|
5
5
|
* Check if a request matches the Action or NotAction elements of a statement.
|
|
6
6
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"action.d.ts","sourceRoot":"","sources":["../../../src/action/action.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,2BAA2B,
|
|
1
|
+
{"version":3,"file":"action.d.ts","sourceRoot":"","sources":["../../../src/action/action.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAC7D,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAA;AAChF,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAElD;;;;;;GAMG;AACH,wBAAgB,8BAA8B,CAC5C,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,SAAS,GACnB;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,YAAY,CAAC,CAAA;CAAE,CAejF;AAgBD;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,UAAU,EACnB,OAAO,EAAE,MAAM,EAAE,GAChB;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,QAAQ,EAAE,aAAa,EAAE,CAAA;CAAE,CAIjD;AAED;;;;;;GAMG;AACH,wBAAgB,wBAAwB,CACtC,OAAO,EAAE,UAAU,EACnB,OAAO,EAAE,MAAM,EAAE,GAChB;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,QAAQ,EAAE,aAAa,EAAE,CAAA;CAAE,CASjD"}
|
|
@@ -32,7 +32,7 @@ function convertActionToRegex(action) {
|
|
|
32
32
|
if (action.indexOf(':') != -1) {
|
|
33
33
|
throw new Error('Action should not contain a colon');
|
|
34
34
|
}
|
|
35
|
-
const pattern =
|
|
35
|
+
const pattern = '^' + action.replace(/\?/g, '.').replace(/\*/g, '.*?') + '$';
|
|
36
36
|
return new RegExp(pattern, 'i');
|
|
37
37
|
}
|
|
38
38
|
/**
|
|
@@ -43,8 +43,8 @@ function convertActionToRegex(action) {
|
|
|
43
43
|
* @returns true if the request matches any of the actions, false otherwise
|
|
44
44
|
*/
|
|
45
45
|
export function requestMatchesActions(request, actions) {
|
|
46
|
-
const explains = actions.map(action => requestMatchesSingleAction(request, action));
|
|
47
|
-
const matches = explains.some(explain => explain.matches);
|
|
46
|
+
const explains = actions.map((action) => requestMatchesSingleAction(request, action));
|
|
47
|
+
const matches = explains.some((explain) => explain.matches);
|
|
48
48
|
return { matches, explains };
|
|
49
49
|
}
|
|
50
50
|
/**
|
|
@@ -55,26 +55,26 @@ export function requestMatchesActions(request, actions) {
|
|
|
55
55
|
* @returns true if the request does not match any of the actions, false if the request matches any of the actions
|
|
56
56
|
*/
|
|
57
57
|
export function requestMatchesNotActions(request, actions) {
|
|
58
|
-
const explains = actions.map(action => {
|
|
58
|
+
const explains = actions.map((action) => {
|
|
59
59
|
const explain = requestMatchesSingleAction(request, action);
|
|
60
60
|
explain.matches = !explain.matches;
|
|
61
61
|
return explain;
|
|
62
62
|
});
|
|
63
|
-
const matches = !explains.some(explain => !explain.matches);
|
|
63
|
+
const matches = !explains.some((explain) => !explain.matches);
|
|
64
64
|
return { matches, explains };
|
|
65
65
|
}
|
|
66
66
|
function requestMatchesSingleAction(request, action) {
|
|
67
67
|
if (action.isWildcardAction()) {
|
|
68
68
|
return {
|
|
69
69
|
action: action.value(),
|
|
70
|
-
matches: true
|
|
70
|
+
matches: true
|
|
71
71
|
};
|
|
72
72
|
}
|
|
73
73
|
else if (action.isServiceAction()) {
|
|
74
74
|
if (request.action.service() != action.service()) {
|
|
75
75
|
return {
|
|
76
76
|
action: action.value(),
|
|
77
|
-
matches: false
|
|
77
|
+
matches: false
|
|
78
78
|
};
|
|
79
79
|
}
|
|
80
80
|
const actionRegex = convertActionToRegex(action.action());
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"action.js","sourceRoot":"","sources":["../../../src/action/action.ts"],"names":[],"mappings":"AAIA;;;;;;GAMG;AACH,MAAM,UAAU,8BAA8B,
|
|
1
|
+
{"version":3,"file":"action.js","sourceRoot":"","sources":["../../../src/action/action.ts"],"names":[],"mappings":"AAIA;;;;;;GAMG;AACH,MAAM,UAAU,8BAA8B,CAC5C,OAAmB,EACnB,SAAoB;IAEpB,IAAI,SAAS,CAAC,iBAAiB,EAAE,EAAE,CAAC;QAClC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,qBAAqB,CAAC,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC,CAAA;QACjF,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,EAAE,CAAC;YAC/B,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAE,EAAE,CAAA;QACvD,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,CAAA;IACpD,CAAC;SAAM,IAAI,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;QAC5C,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,wBAAwB,CAAC,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC,CAAA;QACvF,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,EAAE,CAAC;YAClC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAE,EAAE,CAAA;QAC1D,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,UAAU,EAAE,QAAQ,EAAE,EAAE,CAAA;IACvD,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAA;AACjE,CAAC;AAED;;;;;GAKG;AACH,SAAS,oBAAoB,CAAC,MAAc;IAC1C,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAA;IACtD,CAAC;IACD,MAAM,OAAO,GAAG,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,GAAG,CAAA;IAC5E,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;AACjC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CACnC,OAAmB,EACnB,OAAiB;IAEjB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,0BAA0B,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAA;IACrF,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;IAC3D,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAA;AAC9B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,wBAAwB,CACtC,OAAmB,EACnB,OAAiB;IAEjB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE;QACtC,MAAM,OAAO,GAAG,0BAA0B,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QAC3D,OAAO,CAAC,OAAO,GAAG,CAAC,OAAO,CAAC,OAAO,CAAA;QAClC,OAAO,OAAO,CAAA;IAChB,CAAC,CAAC,CAAA;IAEF,MAAM,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;IAC7D,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAA;AAC9B,CAAC;AAED,SAAS,0BAA0B,CAAC,OAAmB,EAAE,MAAc;IACrE,IAAI,MAAM,CAAC,gBAAgB,EAAE,EAAE,CAAC;QAC9B,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE;YACtB,OAAO,EAAE,IAAI;SACd,CAAA;IACH,CAAC;SAAM,IAAI,MAAM,CAAC,eAAe,EAAE,EAAE,CAAC;QACpC,IAAI,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC;YACjD,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE;gBACtB,OAAO,EAAE,KAAK;aACf,CAAA;QACH,CAAC;QACD,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAA;QACzD,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAA;QACzD,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE;YACtB,OAAO;SACR,CAAA;IACH,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;AACxC,CAAC"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { ConditionValueExplain } from
|
|
2
|
-
import { AwsRequest } from
|
|
1
|
+
import { ConditionValueExplain } from '../explain/statementExplain.js';
|
|
2
|
+
import { AwsRequest } from '../request/request.js';
|
|
3
3
|
export interface BaseConditionOperator {
|
|
4
4
|
name: string;
|
|
5
5
|
matches: (request: AwsRequest, keyValue: string, policyValues: string[]) => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"BaseConditionOperator.d.ts","sourceRoot":"","sources":["../../../src/condition/BaseConditionOperator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,
|
|
1
|
+
{"version":3,"file":"BaseConditionOperator.d.ts","sourceRoot":"","sources":["../../../src/condition/BaseConditionOperator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAA;AACtE,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAElD,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,CACP,OAAO,EAAE,UAAU,EACnB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EAAE,KACnB;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,QAAQ,EAAE,qBAAqB,EAAE,CAAA;KAAE,CAAA;IAC5D,eAAe,EAAE,OAAO,CAAA;IACxB,eAAe,EAAE,OAAO,CAAA;IACxB,UAAU,EAAE,OAAO,CAAA;CACpB"}
|