@cloud-copilot/iam-simulate 0.1.37 → 0.1.38
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/condition/arn/arn.d.ts.map +1 -1
- package/dist/cjs/condition/arn/arn.js +3 -2
- package/dist/cjs/condition/arn/arn.js.map +1 -1
- package/dist/cjs/index.d.ts +1 -1
- package/dist/cjs/index.d.ts.map +1 -1
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/principal/principal.d.ts +0 -7
- package/dist/cjs/principal/principal.d.ts.map +1 -1
- package/dist/cjs/principal/principal.js +4 -17
- package/dist/cjs/principal/principal.js.map +1 -1
- package/dist/cjs/services/DefaultServiceAuthorizer.d.ts.map +1 -1
- package/dist/cjs/services/DefaultServiceAuthorizer.js +4 -4
- package/dist/cjs/services/DefaultServiceAuthorizer.js.map +1 -1
- package/dist/cjs/simulation_engine/simulation.d.ts +25 -18
- package/dist/cjs/simulation_engine/simulation.d.ts.map +1 -1
- package/dist/cjs/simulation_engine/simulationEngine.d.ts +1 -1
- package/dist/cjs/simulation_engine/simulationEngine.d.ts.map +1 -1
- package/dist/cjs/simulation_engine/simulationEngine.js +4 -4
- package/dist/cjs/simulation_engine/simulationEngine.js.map +1 -1
- package/dist/esm/condition/arn/arn.d.ts.map +1 -1
- package/dist/esm/condition/arn/arn.js +2 -1
- package/dist/esm/condition/arn/arn.js.map +1 -1
- package/dist/esm/index.d.ts +1 -1
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/principal/principal.d.ts +0 -7
- package/dist/esm/principal/principal.d.ts.map +1 -1
- package/dist/esm/principal/principal.js +2 -14
- package/dist/esm/principal/principal.js.map +1 -1
- package/dist/esm/services/DefaultServiceAuthorizer.d.ts.map +1 -1
- package/dist/esm/services/DefaultServiceAuthorizer.js +1 -1
- package/dist/esm/services/DefaultServiceAuthorizer.js.map +1 -1
- package/dist/esm/simulation_engine/simulation.d.ts +25 -18
- package/dist/esm/simulation_engine/simulation.d.ts.map +1 -1
- package/dist/esm/simulation_engine/simulationEngine.d.ts +1 -1
- package/dist/esm/simulation_engine/simulationEngine.d.ts.map +1 -1
- package/dist/esm/simulation_engine/simulationEngine.js +4 -4
- package/dist/esm/simulation_engine/simulationEngine.js.map +1 -1
- package/package.json +3 -2
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"arn.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/arn.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"arn.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/arn.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,qBAAqB,EAAE,MAAM,mCAAmC,CAAA;AACzE,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAA;AAGrD;;;;;;;GAOG;AACH,wBAAgB,UAAU,CACxB,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,UAAU,EACnB,WAAW,EAAE,OAAO,GACnB,qBAAqB,CAqEvB"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.arnMatches = arnMatches;
|
|
4
|
+
const iam_utils_1 = require("@cloud-copilot/iam-utils");
|
|
4
5
|
const util_js_1 = require("../../util.js");
|
|
5
6
|
/**
|
|
6
7
|
* Checks to see if a single ARN matches in ArnLike format
|
|
@@ -11,8 +12,8 @@ const util_js_1 = require("../../util.js");
|
|
|
11
12
|
* @returns if the ARN matches
|
|
12
13
|
*/
|
|
13
14
|
function arnMatches(policyArn, requestArn, request, expectMatch) {
|
|
14
|
-
const policyParts = (0,
|
|
15
|
-
const requestParts = (0,
|
|
15
|
+
const policyParts = (0, iam_utils_1.splitArnParts)(policyArn);
|
|
16
|
+
const requestParts = (0, iam_utils_1.splitArnParts)(requestArn);
|
|
16
17
|
// If any of the parts are missing, return false
|
|
17
18
|
if ((0, util_js_1.isNotDefined)(policyParts.partition) ||
|
|
18
19
|
(0, util_js_1.isNotDefined)(policyParts.service) ||
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"arn.js","sourceRoot":"","sources":["../../../../src/condition/arn/arn.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"arn.js","sourceRoot":"","sources":["../../../../src/condition/arn/arn.ts"],"names":[],"mappings":";;AAaA,gCA0EC;AAvFD,wDAAwD;AAGxD,2CAA8D;AAE9D;;;;;;;GAOG;AACH,SAAgB,UAAU,CACxB,SAAiB,EACjB,UAAkB,EAClB,OAAmB,EACnB,WAAoB;IAEpB,MAAM,WAAW,GAAG,IAAA,yBAAa,EAAC,SAAS,CAAC,CAAA;IAC5C,MAAM,YAAY,GAAG,IAAA,yBAAa,EAAC,UAAU,CAAC,CAAA;IAC9C,gDAAgD;IAChD,IACE,IAAA,sBAAY,EAAC,WAAW,CAAC,SAAS,CAAC;QACnC,IAAA,sBAAY,EAAC,WAAW,CAAC,OAAO,CAAC;QACjC,IAAA,sBAAY,EAAC,WAAW,CAAC,MAAM,CAAC;QAChC,IAAA,sBAAY,EAAC,WAAW,CAAC,SAAS,CAAC;QACnC,IAAA,sBAAY,EAAC,WAAW,CAAC,QAAQ,CAAC,EAClC,CAAC;QACD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,SAAS;YAChB,MAAM,EAAE,CAAC,aAAa,CAAC;SACxB,CAAA;IACH,CAAC;IAED,MAAM,iBAAiB,GAAG;QACxB,KAAK;QACL,WAAW,CAAC,SAAS;QACrB,WAAW,CAAC,OAAO;QACnB,WAAW,CAAC,MAAM;QAClB,WAAW,CAAC,SAAS;QACrB,WAAW,CAAC,QAAQ;KACrB;SACE,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CACZ,IAAA,0BAAgB,EAAC,IAAI,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,KAAK,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC,CACpF;SACA,IAAI,CAAC,GAAG,CAAC,CAAA;IAEZ,MAAM,aAAa,GAAG,iBAAiB,IAAI,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,iBAAiB,CAAA;IAEpF,gDAAgD;IAChD,IACE,IAAA,sBAAY,EAAC,YAAY,CAAC,SAAS,CAAC;QACpC,IAAA,sBAAY,EAAC,YAAY,CAAC,OAAO,CAAC;QAClC,IAAA,sBAAY,EAAC,YAAY,CAAC,MAAM,CAAC;QACjC,IAAA,sBAAY,EAAC,YAAY,CAAC,SAAS,CAAC;QACpC,IAAA,sBAAY,EAAC,YAAY,CAAC,QAAQ,CAAC,EACnC,CAAC;QACD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,SAAS;YAChB,aAAa;YACb,MAAM,EAAE,CAAC,gBAAgB,UAAU,sBAAsB,CAAC;SAC3D,CAAA;IACH,CAAC;IAED,MAAM,SAAS,GAAa,EAAE,CAAA;IAC9B,MAAM,eAAe,GAAG,CAAC,UAAkB,EAAE,WAAmB,EAAW,EAAE;QAC3E,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,IAAA,0BAAgB,EAAC,UAAU,EAAE,OAAO,EAAE,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC,CAAA;QAC7F,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,CAAA;QACjC,OAAO,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;IAClC,CAAC,CAAA;IAED,MAAM,OAAO,GACX,eAAe,CAAC,WAAW,CAAC,SAAS,EAAE,YAAY,CAAC,SAAS,CAAC;QAC9D,eAAe,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC;QAC1D,eAAe,CAAC,WAAW,CAAC,MAAM,EAAE,YAAY,CAAC,MAAM,CAAC;QACxD,eAAe,CAAC,WAAW,CAAC,SAAS,EAAE,YAAY,CAAC,SAAS,CAAC;QAC9D,eAAe,CAAC,WAAW,CAAC,QAAQ,EAAE,YAAY,CAAC,QAAQ,CAAC,CAAA;IAE9D,OAAO;QACL,OAAO,EAAE,OAAO,IAAI,WAAW,IAAI,SAAS,CAAC,MAAM,IAAI,CAAC;QACxD,KAAK,EAAE,SAAS;QAChB,aAAa;QACb,MAAM,EAAE,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;KACrD,CAAA;AACH,CAAC"}
|
package/dist/cjs/index.d.ts
CHANGED
|
@@ -4,7 +4,7 @@ export { findContextKeys } from './context_keys/findContextKeys.js';
|
|
|
4
4
|
export { type EvaluationResult } from './evaluate.js';
|
|
5
5
|
export type { ActionExplain, ConditionExplain, ConditionValueExplain, ExplainPrincipalMatch, PrincipalExplain, ResourceExplain, StatementExplain } from './explain/statementExplain.js';
|
|
6
6
|
export { allowedContextKeysForRequest } from './simulation_engine/contextKeys.js';
|
|
7
|
-
export type { Simulation } from './simulation_engine/simulation.js';
|
|
7
|
+
export type { Simulation, SimulationIdentityPolicy, SimulationOrgPolicies } from './simulation_engine/simulation.js';
|
|
8
8
|
export { runSimulation } from './simulation_engine/simulationEngine.js';
|
|
9
9
|
export type { SimulationErrors, SimulationResult } from './simulation_engine/simulationEngine.js';
|
|
10
10
|
export { type SimulationOptions } from './simulation_engine/simulationOptions.js';
|
package/dist/cjs/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAA;AACjE,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,KAAK,gBAAgB,EACtB,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAA;AACnE,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,eAAe,CAAA;AACrD,YAAY,EACV,aAAa,EACb,gBAAgB,EAChB,qBAAqB,EACrB,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EACjB,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,4BAA4B,EAAE,MAAM,oCAAoC,CAAA;AACjF,YAAY,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAA;AACjE,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,KAAK,gBAAgB,EACtB,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAA;AACnE,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,eAAe,CAAA;AACrD,YAAY,EACV,aAAa,EACb,gBAAgB,EAChB,qBAAqB,EACrB,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EACjB,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,4BAA4B,EAAE,MAAM,oCAAoC,CAAA;AACjF,YAAY,EACV,UAAU,EACV,wBAAwB,EACxB,qBAAqB,EACtB,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,yCAAyC,CAAA;AACvE,YAAY,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAA;AACjG,OAAO,EAAE,KAAK,iBAAiB,EAAE,MAAM,0CAA0C,CAAA;AACjF,OAAO,EAAE,mBAAmB,EAAE,MAAM,+CAA+C,CAAA;AACnF,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAA"}
|
package/dist/cjs/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAAA,gEAAiE;AAAxD,mHAAA,iBAAiB,OAAA;AAC1B,wEAI0C;AAFxC,yHAAA,mBAAmB,OAAA;AAGrB,wEAAmE;AAA1D,qHAAA,eAAe,OAAA;AAWxB,qEAAiF;AAAxE,8HAAA,4BAA4B,OAAA;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAAA,gEAAiE;AAAxD,mHAAA,iBAAiB,OAAA;AAC1B,wEAI0C;AAFxC,yHAAA,mBAAmB,OAAA;AAGrB,wEAAmE;AAA1D,qHAAA,eAAe,OAAA;AAWxB,qEAAiF;AAAxE,8HAAA,4BAA4B,OAAA;AAMrC,+EAAuE;AAA9D,oHAAA,aAAa,OAAA;AAGtB,2FAAmF;AAA1E,gIAAA,mBAAmB,OAAA;AAC5B,qCAAgD;AAAvC,+GAAA,oBAAoB,OAAA"}
|
|
@@ -32,13 +32,6 @@ export declare function requestMatchesNotPrincipal(request: AwsRequest, notPrinc
|
|
|
32
32
|
* @returns if the request matches the principal statement, and if so, how it matches
|
|
33
33
|
*/
|
|
34
34
|
export declare function requestMatchesPrincipalStatement(request: AwsRequest, principalStatement: Principal): PrincipalExplain;
|
|
35
|
-
/**
|
|
36
|
-
* Transfrom an assumed role session ARN into a role ARN
|
|
37
|
-
*
|
|
38
|
-
* @param assumedRoleArn the assumed role session ARN
|
|
39
|
-
* @returns the role ARN for the assumed role session
|
|
40
|
-
*/
|
|
41
|
-
export declare function roleArnFromAssumedRoleArn(assumedRoleArn: string): string;
|
|
42
35
|
/**
|
|
43
36
|
* Get a user ARN from a federated user ARN
|
|
44
37
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"principal.d.ts","sourceRoot":"","sources":["../../../src/principal/principal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;
|
|
1
|
+
{"version":3,"file":"principal.d.ts","sourceRoot":"","sources":["../../../src/principal/principal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAMhE,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAA;AACnF,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AA2ClD,MAAM,MAAM,oBAAoB,GAC5B,OAAO,GACP,SAAS,GACT,mBAAmB,GACnB,kBAAkB,GAClB,kBAAkB,CAAA;AAEtB;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,SAAS,EAAE,GACrB;IAAE,OAAO,EAAE,oBAAoB,CAAC;IAAC,QAAQ,EAAE,gBAAgB,EAAE,CAAA;CAAE,CAoCjE;AAED;;;;;;GAMG;AACH,wBAAgB,0BAA0B,CACxC,OAAO,EAAE,UAAU,EACnB,YAAY,EAAE,SAAS,EAAE,GACxB;IAAE,OAAO,EAAE,oBAAoB,CAAC;IAAC,QAAQ,EAAE,gBAAgB,EAAE,CAAA;CAAE,CA4CjE;AAED;;;;;;GAMG;AACH,wBAAgB,gCAAgC,CAC9C,OAAO,EAAE,UAAU,EACnB,kBAAkB,EAAE,SAAS,GAC5B,gBAAgB,CA+FlB;AAED;;;;;GAKG;AACH,wBAAgB,2BAA2B,CAAC,gBAAgB,EAAE,MAAM,GAAG,MAAM,CAK5E;AAED;;;;;;GAMG;AACH,wBAAgB,iCAAiC,CAC/C,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,SAAS,GACnB;IACD,OAAO,EAAE,oBAAoB,CAAA;IAC7B,OAAO,EAAE,IAAI,CAAC,gBAAgB,EAAE,YAAY,GAAG,eAAe,CAAC,CAAA;CAChE,CASA"}
|
|
@@ -3,10 +3,9 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.requestMatchesPrincipal = requestMatchesPrincipal;
|
|
4
4
|
exports.requestMatchesNotPrincipal = requestMatchesNotPrincipal;
|
|
5
5
|
exports.requestMatchesPrincipalStatement = requestMatchesPrincipalStatement;
|
|
6
|
-
exports.roleArnFromAssumedRoleArn = roleArnFromAssumedRoleArn;
|
|
7
6
|
exports.userArnFromFederatedUserArn = userArnFromFederatedUserArn;
|
|
8
7
|
exports.requestMatchesStatementPrincipals = requestMatchesStatementPrincipals;
|
|
9
|
-
const
|
|
8
|
+
const iam_utils_1 = require("@cloud-copilot/iam-utils");
|
|
10
9
|
/**
|
|
11
10
|
* Check to see if a request matches a Principal element in an IAM policy statement
|
|
12
11
|
*
|
|
@@ -154,9 +153,9 @@ function requestMatchesPrincipalStatement(request, principalStatement) {
|
|
|
154
153
|
};
|
|
155
154
|
}
|
|
156
155
|
if (principalStatement.isAwsPrincipal()) {
|
|
157
|
-
if ((0,
|
|
156
|
+
if ((0, iam_utils_1.isAssumedRoleArn)(request.principal.value())) {
|
|
158
157
|
const sessionArn = request.principal.value();
|
|
159
|
-
const roleArn =
|
|
158
|
+
const roleArn = (0, iam_utils_1.convertAssumedRoleArnToRoleArn)(sessionArn);
|
|
160
159
|
if (principalStatement.arn() === roleArn) {
|
|
161
160
|
return {
|
|
162
161
|
matches: 'SessionRoleMatch',
|
|
@@ -165,7 +164,7 @@ function requestMatchesPrincipalStatement(request, principalStatement) {
|
|
|
165
164
|
};
|
|
166
165
|
}
|
|
167
166
|
}
|
|
168
|
-
else if ((0,
|
|
167
|
+
else if ((0, iam_utils_1.isFederatedUserArn)(request.principal.value())) {
|
|
169
168
|
const sessionArn = request.principal.value();
|
|
170
169
|
const userArn = userArnFromFederatedUserArn(sessionArn);
|
|
171
170
|
if (principalStatement.arn() === userArn) {
|
|
@@ -188,18 +187,6 @@ function requestMatchesPrincipalStatement(request, principalStatement) {
|
|
|
188
187
|
principal: principalStatement.value()
|
|
189
188
|
};
|
|
190
189
|
}
|
|
191
|
-
/**
|
|
192
|
-
* Transfrom an assumed role session ARN into a role ARN
|
|
193
|
-
*
|
|
194
|
-
* @param assumedRoleArn the assumed role session ARN
|
|
195
|
-
* @returns the role ARN for the assumed role session
|
|
196
|
-
*/
|
|
197
|
-
function roleArnFromAssumedRoleArn(assumedRoleArn) {
|
|
198
|
-
const stsParts = assumedRoleArn.split(':');
|
|
199
|
-
const resourceParts = stsParts.at(-1).split('/');
|
|
200
|
-
const rolePathAndName = resourceParts.slice(1, -1).join('/');
|
|
201
|
-
return `arn:aws:iam::${stsParts[4]}:role/${rolePathAndName}`;
|
|
202
|
-
}
|
|
203
190
|
/**
|
|
204
191
|
* Get a user ARN from a federated user ARN
|
|
205
192
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"principal.js","sourceRoot":"","sources":["../../../src/principal/principal.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"principal.js","sourceRoot":"","sources":["../../../src/principal/principal.ts"],"names":[],"mappings":";;AAgEA,0DAuCC;AASD,gEA+CC;AASD,4EAkGC;AAQD,kEAKC;AASD,8EAeC;AA9SD,wDAIiC;AAoDjC;;;;;;GAMG;AACH,SAAgB,uBAAuB,CACrC,OAAmB,EACnB,SAAsB;IAEtB,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,kBAAkB,EAAE,EAAE,CACpD,gCAAgC,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAC9D,CAAA;IACD,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,KAAK,OAAO,CAAC,EAAE,CAAC;QACpD,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,QAAQ;SACT,CAAA;IACH,CAAC;IAED,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,KAAK,kBAAkB,CAAC,EAAE,CAAC;QAC/D,OAAO;YACL,OAAO,EAAE,kBAAkB;YAC3B,QAAQ;SACT,CAAA;IACH,CAAC;IAED,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,KAAK,kBAAkB,CAAC,EAAE,CAAC;QAC/D,OAAO;YACL,OAAO,EAAE,kBAAkB;YAC3B,QAAQ;SACT,CAAA;IACH,CAAC;IAED,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,KAAK,mBAAmB,CAAC,EAAE,CAAC;QAChE,OAAO;YACL,OAAO,EAAE,mBAAmB;YAC5B,QAAQ;SACT,CAAA;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,SAAS;QAClB,QAAQ;KACT,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,0BAA0B,CACxC,OAAmB,EACnB,YAAyB;IAEzB,wHAAwH;IACxH,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,kBAAkB,EAAE,EAAE;QACvD,MAAM,OAAO,GAAG,gCAAgC,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAA;QAC7E;;;;;WAKG;QACH,IACE,OAAO,CAAC,OAAO,KAAK,OAAO;YAC3B,OAAO,CAAC,OAAO,KAAK,mBAAmB;YACvC,OAAO,CAAC,OAAO,KAAK,kBAAkB;YACtC,OAAO,CAAC,OAAO,KAAK,kBAAkB,EACtC,CAAC;YACD,OAAO,CAAC,OAAO,GAAG,SAAS,CAAA;QAC7B,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,OAAO,GAAG,OAAO,CAAA;QAC3B,CAAC;QACD,OAAO,OAAO,CAAA;IAChB,CAAC,CAAC,CAAA;IAEF,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,KAAK,SAAS,CAAC,EAAE,CAAC;QACtD,OAAO;YACL,OAAO,EAAE,SAAS;YAClB,QAAQ;SACT,CAAA;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,OAAO;QAChB,QAAQ;KACT,CAAA;IAED,kCAAkC;IAClC,qBAAqB;IACrB,IAAI;IAEJ,8CAA8C;IAC9C,qBAAqB;IACrB,IAAI;IAEJ,iBAAiB;AACnB,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,gCAAgC,CAC9C,OAAmB,EACnB,kBAA6B;IAE7B,IAAI,kBAAkB,CAAC,kBAAkB,EAAE,EAAE,CAAC;QAC5C,IAAI,kBAAkB,CAAC,OAAO,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC;YAC/D,OAAO;gBACL,OAAO,EAAE,OAAO;gBAChB,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;aACtC,CAAA;QACH,CAAC;QACD,OAAO;YACL,OAAO,EAAE,SAAS;YAClB,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;SACtC,CAAA;IACH,CAAC;IAED,IAAI,kBAAkB,CAAC,wBAAwB,EAAE,EAAE,CAAC;QAClD,IAAI,kBAAkB,CAAC,aAAa,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC;YACrE,OAAO;gBACL,OAAO,EAAE,OAAO;gBAChB,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;aACtC,CAAA;QACH,CAAC;QACD,OAAO;YACL,OAAO,EAAE,SAAS;YAClB,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;SACtC,CAAA;IACH,CAAC;IAED,IAAI,kBAAkB,CAAC,oBAAoB,EAAE,EAAE,CAAC;QAC9C,IAAI,kBAAkB,CAAC,SAAS,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC;YACjE,OAAO;gBACL,OAAO,EAAE,OAAO;gBAChB,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;aACtC,CAAA;QACH,CAAC;QACD,OAAO;YACL,OAAO,EAAE,SAAS;YAClB,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;SACtC,CAAA;IACH,CAAC;IAED,IAAI,kBAAkB,CAAC,mBAAmB,EAAE,EAAE,CAAC;QAC7C,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;SACtC,CAAA;IACH,CAAC;IAED,IAAI,kBAAkB,CAAC,kBAAkB,EAAE,EAAE,CAAC;QAC5C,IAAI,kBAAkB,CAAC,SAAS,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,CAAC;YACrE,OAAO;gBACL,OAAO,EAAE,mBAAmB;gBAC5B,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;aACtC,CAAA;QACH,CAAC;QACD,OAAO;YACL,OAAO,EAAE,SAAS;YAClB,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;SACtC,CAAA;IACH,CAAC;IAED,IAAI,kBAAkB,CAAC,cAAc,EAAE,EAAE,CAAC;QACxC,IAAI,IAAA,4BAAgB,EAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC;YAChD,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAA;YAC5C,MAAM,OAAO,GAAG,IAAA,0CAA8B,EAAC,UAAU,CAAC,CAAA;YAC1D,IAAI,kBAAkB,CAAC,GAAG,EAAE,KAAK,OAAO,EAAE,CAAC;gBACzC,OAAO;oBACL,OAAO,EAAE,kBAAkB;oBAC3B,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;oBACrC,iBAAiB,EAAE,OAAO;iBAC3B,CAAA;YACH,CAAC;QACH,CAAC;aAAM,IAAI,IAAA,8BAAkB,EAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC;YACzD,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAA;YAC5C,MAAM,OAAO,GAAG,2BAA2B,CAAC,UAAU,CAAC,CAAA;YACvD,IAAI,kBAAkB,CAAC,GAAG,EAAE,KAAK,OAAO,EAAE,CAAC;gBACzC,OAAO;oBACL,OAAO,EAAE,kBAAkB;oBAC3B,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;oBACrC,iBAAiB,EAAE,OAAO;iBAC3B,CAAA;YACH,CAAC;QACH,CAAC;QAED,IAAI,kBAAkB,CAAC,GAAG,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC;YAC3D,OAAO;gBACL,OAAO,EAAE,OAAO;gBAChB,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;aACtC,CAAA;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,SAAS;QAClB,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;KACtC,CAAA;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,2BAA2B,CAAC,gBAAwB;IAClE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC5C,MAAM,QAAQ,GAAG,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAE,CAAA;IACjC,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAA;IAC1D,OAAO,gBAAgB,QAAQ,CAAC,CAAC,CAAC,SAAS,QAAQ,EAAE,CAAA;AACvD,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,iCAAiC,CAC/C,OAAmB,EACnB,SAAoB;IAKpB,IAAI,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;QACrC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,uBAAuB,CAAC,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC,CAAA;QACtF,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,UAAU,EAAE,QAAQ,EAAE,EAAE,CAAA;IACvD,CAAC;SAAM,IAAI,SAAS,CAAC,uBAAuB,EAAE,EAAE,CAAC;QAC/C,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,0BAA0B,CAAC,OAAO,EAAE,SAAS,CAAC,aAAa,EAAE,CAAC,CAAA;QAC5F,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAA;IAC1D,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAA;AACpE,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DefaultServiceAuthorizer.d.ts","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"DefaultServiceAuthorizer.d.ts","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAA;AAC/D,OAAO,EAAE,2BAA2B,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAEvF;;GAEG;AACH,qBAAa,wBAAyB,YAAW,iBAAiB;IACzD,SAAS,CAAC,OAAO,EAAE,2BAA2B,GAAG,eAAe;IAwKvE;;;;;;OAMG;IACH,6BAA6B,CAC3B,WAAW,EAAE,OAAO,EACpB,gBAAgB,EAAE,gBAAgB,EAClC,QAAQ,EAAE,eAAe,GACxB,OAAO;CASX"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.DefaultServiceAuthorizer = void 0;
|
|
4
|
-
const
|
|
4
|
+
const iam_utils_1 = require("@cloud-copilot/iam-utils");
|
|
5
5
|
/**
|
|
6
6
|
* The default authorizer for services.
|
|
7
7
|
*/
|
|
@@ -67,9 +67,9 @@ class DefaultServiceAuthorizer {
|
|
|
67
67
|
*/
|
|
68
68
|
if (resourcePolicyResult === 'Allowed') {
|
|
69
69
|
const principal = request.request.principal.value();
|
|
70
|
-
if ((0,
|
|
71
|
-
(0,
|
|
72
|
-
(0,
|
|
70
|
+
if ((0, iam_utils_1.isAssumedRoleArn)(principal) ||
|
|
71
|
+
(0, iam_utils_1.isIamUserArn)(principal) ||
|
|
72
|
+
(0, iam_utils_1.isFederatedUserArn)(principal)) {
|
|
73
73
|
if (request.resourceAnalysis.allowStatements.some((statement) => statement.principalMatch === 'Match')) {
|
|
74
74
|
return {
|
|
75
75
|
result: 'Allowed',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DefaultServiceAuthorizer.js","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"DefaultServiceAuthorizer.js","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":";;;AAAA,wDAA6F;AAK7F;;GAEG;AACH,MAAa,wBAAwB;IAC5B,SAAS,CAAC,OAAoC;QACnD,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,MAAM,CAAA;QAC5C,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,MAAM,CAAA;QAC5C,MAAM,uBAAuB,GAAG,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAA;QAC/D,MAAM,oBAAoB,GAAG,OAAO,CAAC,gBAAgB,EAAE,MAAM,CAAA;QAC7D,MAAM,wBAAwB,GAAG,OAAO,CAAC,0BAA0B,EAAE,MAAM,CAAA;QAE3E,MAAM,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,CAAA;QAC9D,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,SAAS,EAAE,CAAA;QAC7D,MAAM,WAAW,GAAG,gBAAgB,KAAK,eAAe,CAAA;QAExD,MAAM,UAAU,GAQZ;YACF,WAAW;YACX,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,0BAA0B,EAAE,OAAO,CAAC,0BAA0B;SAC/D,CAAA;QAED,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,MAAM,EAAE,SAAS;gBACjB,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,MAAM,EAAE,SAAS;gBACjB,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IACE,oBAAoB,KAAK,kBAAkB;YAC3C,oBAAoB,KAAK,kBAAkB,EAC3C,CAAC;YACD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IAAI,uBAAuB,KAAK,kBAAkB,EAAE,CAAC;YACnD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IAAI,wBAAwB,KAAK,kBAAkB,EAAE,CAAC;YACpD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,cAAc;QACd,IAAI,gBAAgB,KAAK,eAAe,EAAE,CAAC;YACzC,IAAI,wBAAwB,KAAK,kBAAkB,EAAE,CAAC;gBACpD;;;;;;;mBAOG;gBACH,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;oBACvC,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAA;oBACnD,IACE,IAAA,4BAAgB,EAAC,SAAS,CAAC;wBAC3B,IAAA,wBAAY,EAAC,SAAS,CAAC;wBACvB,IAAA,8BAAkB,EAAC,SAAS,CAAC,EAC7B,CAAC;wBACD,IACE,OAAO,CAAC,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAC3C,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,cAAc,KAAK,OAAO,CACpD,EACD,CAAC;4BACD,OAAO;gCACL,MAAM,EAAE,SAAS;gCACjB,GAAG,UAAU;6BACd,CAAA;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,OAAO;oBACL,MAAM,EAAE,kBAAkB;oBAC1B,GAAG,UAAU;iBACd,CAAA;YACH,CAAC;YAED;;;;;;;;cAQE;YAEF,MAAM,cAAc,GAAG,IAAI,CAAC,6BAA6B,CACvD,WAAW,EACX,OAAO,CAAC,gBAAgB,EACxB,OAAO,CAAC,OAAO,CAAC,QAAQ,CACzB,CAAA;YACD,IACE,oBAAoB,KAAK,SAAS;gBAClC,CAAC,cAAc,IAAI,uBAAuB,KAAK,SAAS,CAAC,EACzD,CAAC;gBACD,OAAO;oBACL,MAAM,EAAE,SAAS;oBACjB,GAAG,UAAU;iBACd,CAAA;YACH,CAAC;YACD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,eAAe;QACf,IAAI,wBAAwB,KAAK,kBAAkB,EAAE,CAAC;YACpD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IAAI,oBAAoB,KAAK,SAAS,IAAI,oBAAoB,KAAK,mBAAmB,EAAE,CAAC;YACvF,IAAI,uBAAuB,KAAK,SAAS,EAAE,CAAC;gBAC1C,OAAO;oBACL,MAAM,EAAE,SAAS;oBACjB,GAAG,UAAU;iBACd,CAAA;YACH,CAAC;YACD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,OAAO;YACL,MAAM,EAAE,kBAAkB;YAC1B,GAAG,UAAU;SACd,CAAA;QAED;;;;;;;WAOG;IACL,CAAC;IAED;;;;;;OAMG;IACH,6BAA6B,CAC3B,WAAoB,EACpB,gBAAkC,EAClC,QAAyB;QAEzB,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,IAAI,CAAA;QACb,CAAC;QAED,OAAO,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAC1C,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,cAAc,KAAK,mBAAmB,CAChE,CAAA;IACH,CAAC;CACF;AA7LD,4DA6LC"}
|
|
@@ -1,3 +1,20 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Represents the policies attached to an OU, or account
|
|
3
|
+
*/
|
|
4
|
+
export interface SimulationOrgPolicies {
|
|
5
|
+
orgIdentifier: string;
|
|
6
|
+
policies: {
|
|
7
|
+
name: string;
|
|
8
|
+
policy: any;
|
|
9
|
+
}[];
|
|
10
|
+
}
|
|
11
|
+
/**
|
|
12
|
+
* Represent a policy attached to an identity
|
|
13
|
+
*/
|
|
14
|
+
export interface SimulationIdentityPolicy {
|
|
15
|
+
name: string;
|
|
16
|
+
policy: any;
|
|
17
|
+
}
|
|
1
18
|
export interface Simulation {
|
|
2
19
|
request: {
|
|
3
20
|
principal: string;
|
|
@@ -8,29 +25,19 @@ export interface Simulation {
|
|
|
8
25
|
};
|
|
9
26
|
contextVariables: Record<string, string | string[]>;
|
|
10
27
|
};
|
|
11
|
-
identityPolicies:
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
name: string;
|
|
19
|
-
policy: any;
|
|
20
|
-
}[];
|
|
21
|
-
}[];
|
|
28
|
+
identityPolicies: SimulationIdentityPolicy[];
|
|
29
|
+
/**
|
|
30
|
+
* The service control policies that apply to the simulation.
|
|
31
|
+
* The root OU should be the first element in the array.
|
|
32
|
+
* The account specific SCPs should be the last element in the array.
|
|
33
|
+
*/
|
|
34
|
+
serviceControlPolicies: SimulationOrgPolicies[];
|
|
22
35
|
/**
|
|
23
36
|
* The resource control policies for the simulation.
|
|
24
37
|
* One per level of the OU/Account hierarchy.
|
|
25
38
|
* The default Resource Control Policy, RCPFullAWSAccess, is automatically added to the simulation.
|
|
26
39
|
*/
|
|
27
|
-
resourceControlPolicies:
|
|
28
|
-
orgIdentifier: string;
|
|
29
|
-
policies: {
|
|
30
|
-
name: string;
|
|
31
|
-
policy: any;
|
|
32
|
-
}[];
|
|
33
|
-
}[];
|
|
40
|
+
resourceControlPolicies: SimulationOrgPolicies[];
|
|
34
41
|
resourcePolicy?: any;
|
|
35
42
|
permissionBoundaryPolicies?: {
|
|
36
43
|
name: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"simulation.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/simulation.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,
|
|
1
|
+
{"version":3,"file":"simulation.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/simulation.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,aAAa,EAAE,MAAM,CAAA;IACrB,QAAQ,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,GAAG,CAAA;KAAE,EAAE,CAAA;CAC1C;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,GAAG,CAAA;CACZ;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAA;QACjB,MAAM,EAAE,MAAM,CAAA;QACd,QAAQ,EAAE;YACR,QAAQ,EAAE,MAAM,CAAA;YAChB,SAAS,EAAE,MAAM,CAAA;SAClB,CAAA;QACD,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAA;KACpD,CAAA;IAED,gBAAgB,EAAE,wBAAwB,EAAE,CAAA;IAE5C;;;;OAIG;IACH,sBAAsB,EAAE,qBAAqB,EAAE,CAAA;IAE/C;;;;OAIG;IACH,uBAAuB,EAAE,qBAAqB,EAAE,CAAA;IAEhD,cAAc,CAAC,EAAE,GAAG,CAAA;IACpB,0BAA0B,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,GAAG,CAAA;KAAE,EAAE,CAAA;CAC7D"}
|
|
@@ -4,7 +4,7 @@ import { Simulation } from './simulation.js';
|
|
|
4
4
|
import { SimulationOptions } from './simulationOptions.js';
|
|
5
5
|
export interface SimulationErrors {
|
|
6
6
|
identityPolicyErrors?: Record<string, ValidationError[]>;
|
|
7
|
-
|
|
7
|
+
serviceControlPolicyErrors?: Record<string, ValidationError[]>;
|
|
8
8
|
resourceControlPolicyErrors?: Record<string, ValidationError[]>;
|
|
9
9
|
permissionBoundaryErrors?: Record<string, ValidationError[]>;
|
|
10
10
|
resourcePolicyErrors?: ValidationError[];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"simulationEngine.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":"AACA,OAAO,EAOL,eAAe,EAChB,MAAM,2BAA2B,CAAA;AAIlC,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAKhD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAiB1D,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAA;IACxD,
|
|
1
|
+
{"version":3,"file":"simulationEngine.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":"AACA,OAAO,EAOL,eAAe,EAChB,MAAM,2BAA2B,CAAA;AAIlC,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAKhD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAiB1D,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAA;IACxD,0BAA0B,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAA;IAC9D,2BAA2B,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAA;IAC/D,wBAAwB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAA;IAC5D,oBAAoB,CAAC,EAAE,eAAe,EAAE,CAAA;IACxC,OAAO,EAAE,MAAM,CAAA;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,CAAC,EAAE,gBAAgB,CAAA;IACzB,QAAQ,CAAC,EAAE,eAAe,CAAA;IAE1B;;;;;OAKG;IACH,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB;;;;;;;;OAQG;IACH,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAA;CAC9B;AAED;;;;;;GAMG;AACH,wBAAsB,aAAa,CACjC,UAAU,EAAE,UAAU,EACtB,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAC5C,OAAO,CAAC,gBAAgB,CAAC,CAmL3B;AAED,wBAAsB,6BAA6B,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC;IACnF,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAA;IACrD,kBAAkB,EAAE,MAAM,EAAE,CAAA;CAC7B,CAAC,CAoCD"}
|
|
@@ -45,7 +45,7 @@ async function runSimulation(simulation, simulationOptions) {
|
|
|
45
45
|
identityPolicyErrors[name] = validationErrors;
|
|
46
46
|
}
|
|
47
47
|
});
|
|
48
|
-
const
|
|
48
|
+
const serviceControlPolicyErrors = {};
|
|
49
49
|
const serviceControlPolicies = simulation.serviceControlPolicies.map((scp) => {
|
|
50
50
|
const ouId = scp.orgIdentifier;
|
|
51
51
|
const validPolicies = [];
|
|
@@ -53,7 +53,7 @@ async function runSimulation(simulation, simulationOptions) {
|
|
|
53
53
|
const { name, policy } = value;
|
|
54
54
|
const validationErrors = (0, iam_policy_1.validateServiceControlPolicy)(policy);
|
|
55
55
|
if (validationErrors.length > 0) {
|
|
56
|
-
|
|
56
|
+
serviceControlPolicyErrors[name] = validationErrors;
|
|
57
57
|
}
|
|
58
58
|
else {
|
|
59
59
|
validPolicies.push((0, iam_policy_1.loadPolicy)(policy));
|
|
@@ -102,14 +102,14 @@ async function runSimulation(simulation, simulationOptions) {
|
|
|
102
102
|
}
|
|
103
103
|
});
|
|
104
104
|
if (Object.keys(identityPolicyErrors).length > 0 ||
|
|
105
|
-
Object.keys(
|
|
105
|
+
Object.keys(serviceControlPolicyErrors).length > 0 ||
|
|
106
106
|
Object.keys(resourceControlPolicyErrors).length > 0 ||
|
|
107
107
|
Object.keys(permissionBoundaryErrors).length > 0 ||
|
|
108
108
|
resourcePolicyErrors.length > 0) {
|
|
109
109
|
return {
|
|
110
110
|
errors: {
|
|
111
111
|
identityPolicyErrors,
|
|
112
|
-
|
|
112
|
+
serviceControlPolicyErrors: serviceControlPolicyErrors,
|
|
113
113
|
resourceControlPolicyErrors,
|
|
114
114
|
resourcePolicyErrors,
|
|
115
115
|
permissionBoundaryErrors,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"simulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":";;AA2EA,sCAsLC;AAED,sEAuCC;AA1SD,sDAA2E;AAC3E,0DAQkC;AAClC,2EAAwE;AACxE,mEAA2F;AAC3F,kFAAkF;AAElF,sDAAsD;AACtD,4DAAyD;AACzD,wCAA4E;AAC5E,qDAA+D;AAI/D,MAAM,WAAW,GAAG;IAClB,IAAI,EAAE,kBAAkB;IACxB,MAAM,EAAE;QACN,OAAO,EAAE,YAAY;QACrB,SAAS,EAAE;YACT;gBACE,MAAM,EAAE,OAAO;gBACf,SAAS,EAAE,GAAG;gBACd,MAAM,EAAE,GAAG;gBACX,QAAQ,EAAE,GAAG;aACd;SACF;KACF;CACF,CAAA;AAkCD;;;;;;GAMG;AACI,KAAK,UAAU,aAAa,CACjC,UAAsB,EACtB,iBAA6C;IAE7C,MAAM,oBAAoB,GAAsC,EAAE,CAAA;IAClE,MAAM,gBAAgB,GAAa,EAAE,CAAA;IACrC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QAC5C,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,KAAK,CAAA;QAC9B,MAAM,gBAAgB,GAAG,IAAA,mCAAsB,EAAC,MAAM,CAAC,CAAA;QACvD,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACjC,gBAAgB,CAAC,IAAI,CAAC,IAAA,uBAAU,EAAC,MAAM,CAAC,CAAC,CAAA;QAC3C,CAAC;aAAM,CAAC;YACN,oBAAoB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAA;QAC/C,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,
|
|
1
|
+
{"version":3,"file":"simulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":";;AA2EA,sCAsLC;AAED,sEAuCC;AA1SD,sDAA2E;AAC3E,0DAQkC;AAClC,2EAAwE;AACxE,mEAA2F;AAC3F,kFAAkF;AAElF,sDAAsD;AACtD,4DAAyD;AACzD,wCAA4E;AAC5E,qDAA+D;AAI/D,MAAM,WAAW,GAAG;IAClB,IAAI,EAAE,kBAAkB;IACxB,MAAM,EAAE;QACN,OAAO,EAAE,YAAY;QACrB,SAAS,EAAE;YACT;gBACE,MAAM,EAAE,OAAO;gBACf,SAAS,EAAE,GAAG;gBACd,MAAM,EAAE,GAAG;gBACX,QAAQ,EAAE,GAAG;aACd;SACF;KACF;CACF,CAAA;AAkCD;;;;;;GAMG;AACI,KAAK,UAAU,aAAa,CACjC,UAAsB,EACtB,iBAA6C;IAE7C,MAAM,oBAAoB,GAAsC,EAAE,CAAA;IAClE,MAAM,gBAAgB,GAAa,EAAE,CAAA;IACrC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QAC5C,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,KAAK,CAAA;QAC9B,MAAM,gBAAgB,GAAG,IAAA,mCAAsB,EAAC,MAAM,CAAC,CAAA;QACvD,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACjC,gBAAgB,CAAC,IAAI,CAAC,IAAA,uBAAU,EAAC,MAAM,CAAC,CAAC,CAAA;QAC3C,CAAC;aAAM,CAAC;YACN,oBAAoB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAA;QAC/C,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,0BAA0B,GAAsC,EAAE,CAAA;IACxE,MAAM,sBAAsB,GAAsB,UAAU,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QAC9F,MAAM,IAAI,GAAG,GAAG,CAAC,aAAa,CAAA;QAC9B,MAAM,aAAa,GAAa,EAAE,CAAA;QAElC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;YAC7B,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,KAAK,CAAA;YAC9B,MAAM,gBAAgB,GAAG,IAAA,yCAA4B,EAAC,MAAM,CAAC,CAAA;YAC7D,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAChC,0BAA0B,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAA;YACrD,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,IAAI,CAAC,IAAA,uBAAU,EAAC,MAAM,CAAC,CAAC,CAAA;YACxC,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,QAAQ,EAAE,aAAa;SACxB,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,2BAA2B,GAAsC,EAAE,CAAA;IACzE,MAAM,uBAAuB,GAAsB,UAAU,CAAC,uBAAuB,CAAC,GAAG,CACvF,CAAC,GAAG,EAAE,EAAE;QACN,MAAM,IAAI,GAAG,GAAG,CAAC,aAAa,CAAA;QAC9B,MAAM,aAAa,GAAa,EAAE,CAAA;QAClC,aAAa,CAAC,IAAI,CAAC,IAAA,uBAAU,EAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAA;QAElD,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;YAC7B,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,KAAK,CAAA;YAC9B,MAAM,gBAAgB,GAAG,IAAA,0CAA6B,EAAC,MAAM,CAAC,CAAA;YAC9D,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAChC,2BAA2B,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAA;YACtD,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,IAAI,CAAC,IAAA,uBAAU,EAAC,MAAM,CAAC,CAAC,CAAA;YACxC,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,QAAQ,EAAE,aAAa;SACxB,CAAA;IACH,CAAC,CACF,CAAA;IAED,MAAM,oBAAoB,GAAG,UAAU,CAAC,cAAc;QACpD,CAAC,CAAC,IAAA,mCAAsB,EAAC,UAAU,CAAC,cAAc,CAAC;QACnD,CAAC,CAAC,EAAE,CAAA;IAEN,MAAM,oBAAoB,GAAyB,UAAU,CAAC,0BAA0B;QACtF,CAAC,CAAC,EAAE;QACJ,CAAC,CAAC,SAAS,CAAA;IACb,MAAM,wBAAwB,GAAsC,EAAE,CAAA;IACtE,UAAU,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE;QAChD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,CAAA;QAC3B,MAAM,gBAAgB,GAAG,IAAA,mCAAsB,EAAC,MAAM,CAAC,CAAA;QACvD,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACjC,oBAAqB,CAAC,IAAI,CAAC,IAAA,uBAAU,EAAC,MAAM,CAAC,CAAC,CAAA;QAChD,CAAC;aAAM,CAAC;YACN,wBAAwB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAA;QACnD,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,IACE,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,MAAM,GAAG,CAAC;QAC5C,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC,MAAM,GAAG,CAAC;QAClD,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,MAAM,GAAG,CAAC;QACnD,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,MAAM,GAAG,CAAC;QAChD,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAC/B,CAAC;QACD,OAAO;YACL,MAAM,EAAE;gBACN,oBAAoB;gBACpB,0BAA0B,EAAE,0BAA0B;gBACtD,2BAA2B;gBAC3B,oBAAoB;gBACpB,wBAAwB;gBACxB,OAAO,EAAE,eAAe;aACzB;SACF,CAAA;IACH,CAAC;IAED,MAAM,cAAc,GAAG,UAAU,CAAC,cAAc;QAC9C,CAAC,CAAC,IAAA,uBAAU,EAAC,UAAU,CAAC,cAAc,CAAC;QACvC,CAAC,CAAC,SAAS,CAAA;IAEb,IAAI,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACrD,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,gBAAgB;aAC1B;SACF,CAAA;IACH,CAAC;IAED,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC9D,MAAM,YAAY,GAAG,MAAM,IAAA,2BAAgB,EAAC,OAAO,CAAC,CAAA;IACpD,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,iBAAiB;aAC3B;SACF,CAAA;IACH,CAAC;IACD,MAAM,WAAW,GAAG,MAAM,IAAA,0BAAe,EAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IAC1D,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,gBAAgB;aAC1B;SACF,CAAA;IACH,CAAC;IAED,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAA;IACxD,MAAM,oBAAoB,GAAG,MAAM,IAAA,8BAAoB,EAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IACxE,IAAI,YAAY,GAAuB,SAAS,CAAA;IAChD,IAAI,oBAAoB,EAAE,CAAC;QACzB,IAAI,WAAW,KAAK,GAAG,EAAE,CAAC;YACxB,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,mBAAmB;iBAC7B;aACF,CAAA;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,aAAa,GAAG,MAAM,IAAA,mCAAyB,EAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAA;QACnF,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,mBAAmB;iBAC7B;aACF,CAAA;QACH,CAAC;aAAM,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,yBAAyB;iBACnC;aACF,CAAA;QACH,CAAC;aAAM,CAAC;YACN,YAAY,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,GAAG,CAAA;QACrC,CAAC;IACH,CAAC;IAED,MAAM,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,GAAG,MAAM,6BAA6B,CAAC,UAAU,CAAC,CAAA;IAElG,MAAM,gBAAgB,GAAG,IAAA,kCAAS,EAAC;QACjC,OAAO,EAAE,IAAI,2BAAc,CACzB,UAAU,CAAC,OAAO,CAAC,SAAS,EAC5B;YACE,QAAQ,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ;YAC9C,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS;SACjD,EACD,UAAU,CAAC,OAAO,CAAC,MAAM,EACzB,IAAI,sCAAkB,CAAC,kBAAkB,CAAC,CAC3C;QACD,gBAAgB;QAChB,sBAAsB;QACtB,uBAAuB;QACvB,cAAc;QACd,oBAAoB;KACrB,CAAC,CAAA;IAEF,OAAO;QACL,QAAQ,EAAE,gBAAgB;QAC1B,kBAAkB;QAClB,YAAY;KACb,CAAA;AACH,CAAC;AAEM,KAAK,UAAU,6BAA6B,CAAC,UAAsB;IAIxE,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC9D,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAA;IACxD,MAAM,yBAAyB,GAAG,IAAI,GAAG,CACvC,MAAM,IAAA,6CAA4B,EAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CACjE,CAAA;IAED,4FAA4F;IAC5F,MAAM,kBAAkB,GAAsC,EAAE,CAAA;IAChE,MAAM,kBAAkB,GAAa,EAAE,CAAA;IACvC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACnE,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAA;QACtD,MAAM,YAAY,GAAG,GAAG,CAAC,WAAW,EAAE,CAAA;QACtC,IACE,yBAAyB,CAAC,GAAG,CAAC,YAAY,CAAC;YAC3C,uBAAuB,CAAC,YAAY,EAAE,yBAAyB,CAAC,EAChE,CAAC;YACD,MAAM,aAAa,GAAG,MAAM,IAAA,kCAAiB,EAAC,YAAY,CAAC,CAAA;YAC3D,MAAM,aAAa,GAAG,MAAM,IAAA,wCAAuB,EAAC,GAAG,CAAC,CAAA;YAExD,IAAI,IAAA,wCAAmB,EAAC,aAAa,CAAC,EAAE,CAAC;gBACvC,kBAAkB,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAA;YACpD,CAAC;iBAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChC,kBAAkB,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;YAC9C,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,aAAa,CAAC,GAAG,KAAK,CAAA;YAC3C,CAAC;QACH,CAAC;aAAM,CAAC;YACN,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC9B,CAAC;IACH,CAAC;IAED,OAAO;QACL,kBAAkB;QAClB,kBAAkB;KACnB,CAAA;AACH,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,uBAAuB,CAAC,YAAoB,EAAE,gBAA6B;IAClF,MAAM,eAAe,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACjD,IAAI,eAAe,KAAK,CAAC,CAAC,EAAE,CAAC;QAC3B,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,GAAG,CAAC,CAAC,CAAA;IACzD,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;QACxC,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAChC,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"arn.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/arn.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"arn.d.ts","sourceRoot":"","sources":["../../../../src/condition/arn/arn.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,qBAAqB,EAAE,MAAM,mCAAmC,CAAA;AACzE,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAA;AAGrD;;;;;;;GAOG;AACH,wBAAgB,UAAU,CACxB,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,UAAU,EACnB,WAAW,EAAE,OAAO,GACnB,qBAAqB,CAqEvB"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { splitArnParts } from '@cloud-copilot/iam-utils';
|
|
2
|
+
import { convertIamString, isNotDefined } from '../../util.js';
|
|
2
3
|
/**
|
|
3
4
|
* Checks to see if a single ARN matches in ArnLike format
|
|
4
5
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"arn.js","sourceRoot":"","sources":["../../../../src/condition/arn/arn.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"arn.js","sourceRoot":"","sources":["../../../../src/condition/arn/arn.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAA;AAGxD,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,eAAe,CAAA;AAE9D;;;;;;;GAOG;AACH,MAAM,UAAU,UAAU,CACxB,SAAiB,EACjB,UAAkB,EAClB,OAAmB,EACnB,WAAoB;IAEpB,MAAM,WAAW,GAAG,aAAa,CAAC,SAAS,CAAC,CAAA;IAC5C,MAAM,YAAY,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;IAC9C,gDAAgD;IAChD,IACE,YAAY,CAAC,WAAW,CAAC,SAAS,CAAC;QACnC,YAAY,CAAC,WAAW,CAAC,OAAO,CAAC;QACjC,YAAY,CAAC,WAAW,CAAC,MAAM,CAAC;QAChC,YAAY,CAAC,WAAW,CAAC,SAAS,CAAC;QACnC,YAAY,CAAC,WAAW,CAAC,QAAQ,CAAC,EAClC,CAAC;QACD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,SAAS;YAChB,MAAM,EAAE,CAAC,aAAa,CAAC;SACxB,CAAA;IACH,CAAC;IAED,MAAM,iBAAiB,GAAG;QACxB,KAAK;QACL,WAAW,CAAC,SAAS;QACrB,WAAW,CAAC,OAAO;QACnB,WAAW,CAAC,MAAM;QAClB,WAAW,CAAC,SAAS;QACrB,WAAW,CAAC,QAAQ;KACrB;SACE,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CACZ,gBAAgB,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,KAAK,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC,CACpF;SACA,IAAI,CAAC,GAAG,CAAC,CAAA;IAEZ,MAAM,aAAa,GAAG,iBAAiB,IAAI,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,iBAAiB,CAAA;IAEpF,gDAAgD;IAChD,IACE,YAAY,CAAC,YAAY,CAAC,SAAS,CAAC;QACpC,YAAY,CAAC,YAAY,CAAC,OAAO,CAAC;QAClC,YAAY,CAAC,YAAY,CAAC,MAAM,CAAC;QACjC,YAAY,CAAC,YAAY,CAAC,SAAS,CAAC;QACpC,YAAY,CAAC,YAAY,CAAC,QAAQ,CAAC,EACnC,CAAC;QACD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,SAAS;YAChB,aAAa;YACb,MAAM,EAAE,CAAC,gBAAgB,UAAU,sBAAsB,CAAC;SAC3D,CAAA;IACH,CAAC;IAED,MAAM,SAAS,GAAa,EAAE,CAAA;IAC9B,MAAM,eAAe,GAAG,CAAC,UAAkB,EAAE,WAAmB,EAAW,EAAE;QAC3E,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,gBAAgB,CAAC,UAAU,EAAE,OAAO,EAAE,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC,CAAA;QAC7F,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,CAAA;QACjC,OAAO,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;IAClC,CAAC,CAAA;IAED,MAAM,OAAO,GACX,eAAe,CAAC,WAAW,CAAC,SAAS,EAAE,YAAY,CAAC,SAAS,CAAC;QAC9D,eAAe,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC;QAC1D,eAAe,CAAC,WAAW,CAAC,MAAM,EAAE,YAAY,CAAC,MAAM,CAAC;QACxD,eAAe,CAAC,WAAW,CAAC,SAAS,EAAE,YAAY,CAAC,SAAS,CAAC;QAC9D,eAAe,CAAC,WAAW,CAAC,QAAQ,EAAE,YAAY,CAAC,QAAQ,CAAC,CAAA;IAE9D,OAAO;QACL,OAAO,EAAE,OAAO,IAAI,WAAW,IAAI,SAAS,CAAC,MAAM,IAAI,CAAC;QACxD,KAAK,EAAE,SAAS;QAChB,aAAa;QACb,MAAM,EAAE,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;KACrD,CAAA;AACH,CAAC"}
|
package/dist/esm/index.d.ts
CHANGED
|
@@ -4,7 +4,7 @@ export { findContextKeys } from './context_keys/findContextKeys.js';
|
|
|
4
4
|
export { type EvaluationResult } from './evaluate.js';
|
|
5
5
|
export type { ActionExplain, ConditionExplain, ConditionValueExplain, ExplainPrincipalMatch, PrincipalExplain, ResourceExplain, StatementExplain } from './explain/statementExplain.js';
|
|
6
6
|
export { allowedContextKeysForRequest } from './simulation_engine/contextKeys.js';
|
|
7
|
-
export type { Simulation } from './simulation_engine/simulation.js';
|
|
7
|
+
export type { Simulation, SimulationIdentityPolicy, SimulationOrgPolicies } from './simulation_engine/simulation.js';
|
|
8
8
|
export { runSimulation } from './simulation_engine/simulationEngine.js';
|
|
9
9
|
export type { SimulationErrors, SimulationResult } from './simulation_engine/simulationEngine.js';
|
|
10
10
|
export { type SimulationOptions } from './simulation_engine/simulationOptions.js';
|
package/dist/esm/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAA;AACjE,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,KAAK,gBAAgB,EACtB,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAA;AACnE,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,eAAe,CAAA;AACrD,YAAY,EACV,aAAa,EACb,gBAAgB,EAChB,qBAAqB,EACrB,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EACjB,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,4BAA4B,EAAE,MAAM,oCAAoC,CAAA;AACjF,YAAY,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAA;AACjE,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,KAAK,gBAAgB,EACtB,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAA;AACnE,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,eAAe,CAAA;AACrD,YAAY,EACV,aAAa,EACb,gBAAgB,EAChB,qBAAqB,EACrB,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EACjB,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,4BAA4B,EAAE,MAAM,oCAAoC,CAAA;AACjF,YAAY,EACV,UAAU,EACV,wBAAwB,EACxB,qBAAqB,EACtB,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,yCAAyC,CAAA;AACvE,YAAY,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAA;AACjG,OAAO,EAAE,KAAK,iBAAiB,EAAE,MAAM,0CAA0C,CAAA;AACjF,OAAO,EAAE,mBAAmB,EAAE,MAAM,+CAA+C,CAAA;AACnF,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAA"}
|
package/dist/esm/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAA;AACjE,OAAO,EAEL,mBAAmB,EAEpB,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAA;AAWnE,OAAO,EAAE,4BAA4B,EAAE,MAAM,oCAAoC,CAAA;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAA;AACjE,OAAO,EAEL,mBAAmB,EAEpB,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAA;AAWnE,OAAO,EAAE,4BAA4B,EAAE,MAAM,oCAAoC,CAAA;AAMjF,OAAO,EAAE,aAAa,EAAE,MAAM,yCAAyC,CAAA;AAGvE,OAAO,EAAE,mBAAmB,EAAE,MAAM,+CAA+C,CAAA;AACnF,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAA"}
|
|
@@ -32,13 +32,6 @@ export declare function requestMatchesNotPrincipal(request: AwsRequest, notPrinc
|
|
|
32
32
|
* @returns if the request matches the principal statement, and if so, how it matches
|
|
33
33
|
*/
|
|
34
34
|
export declare function requestMatchesPrincipalStatement(request: AwsRequest, principalStatement: Principal): PrincipalExplain;
|
|
35
|
-
/**
|
|
36
|
-
* Transfrom an assumed role session ARN into a role ARN
|
|
37
|
-
*
|
|
38
|
-
* @param assumedRoleArn the assumed role session ARN
|
|
39
|
-
* @returns the role ARN for the assumed role session
|
|
40
|
-
*/
|
|
41
|
-
export declare function roleArnFromAssumedRoleArn(assumedRoleArn: string): string;
|
|
42
35
|
/**
|
|
43
36
|
* Get a user ARN from a federated user ARN
|
|
44
37
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"principal.d.ts","sourceRoot":"","sources":["../../../src/principal/principal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;
|
|
1
|
+
{"version":3,"file":"principal.d.ts","sourceRoot":"","sources":["../../../src/principal/principal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAMhE,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAA;AACnF,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AA2ClD,MAAM,MAAM,oBAAoB,GAC5B,OAAO,GACP,SAAS,GACT,mBAAmB,GACnB,kBAAkB,GAClB,kBAAkB,CAAA;AAEtB;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,SAAS,EAAE,GACrB;IAAE,OAAO,EAAE,oBAAoB,CAAC;IAAC,QAAQ,EAAE,gBAAgB,EAAE,CAAA;CAAE,CAoCjE;AAED;;;;;;GAMG;AACH,wBAAgB,0BAA0B,CACxC,OAAO,EAAE,UAAU,EACnB,YAAY,EAAE,SAAS,EAAE,GACxB;IAAE,OAAO,EAAE,oBAAoB,CAAC;IAAC,QAAQ,EAAE,gBAAgB,EAAE,CAAA;CAAE,CA4CjE;AAED;;;;;;GAMG;AACH,wBAAgB,gCAAgC,CAC9C,OAAO,EAAE,UAAU,EACnB,kBAAkB,EAAE,SAAS,GAC5B,gBAAgB,CA+FlB;AAED;;;;;GAKG;AACH,wBAAgB,2BAA2B,CAAC,gBAAgB,EAAE,MAAM,GAAG,MAAM,CAK5E;AAED;;;;;;GAMG;AACH,wBAAgB,iCAAiC,CAC/C,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,SAAS,GACnB;IACD,OAAO,EAAE,oBAAoB,CAAA;IAC7B,OAAO,EAAE,IAAI,CAAC,gBAAgB,EAAE,YAAY,GAAG,eAAe,CAAC,CAAA;CAChE,CASA"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { isAssumedRoleArn, isFederatedUserArn } from '
|
|
1
|
+
import { convertAssumedRoleArnToRoleArn, isAssumedRoleArn, isFederatedUserArn } from '@cloud-copilot/iam-utils';
|
|
2
2
|
/**
|
|
3
3
|
* Check to see if a request matches a Principal element in an IAM policy statement
|
|
4
4
|
*
|
|
@@ -148,7 +148,7 @@ export function requestMatchesPrincipalStatement(request, principalStatement) {
|
|
|
148
148
|
if (principalStatement.isAwsPrincipal()) {
|
|
149
149
|
if (isAssumedRoleArn(request.principal.value())) {
|
|
150
150
|
const sessionArn = request.principal.value();
|
|
151
|
-
const roleArn =
|
|
151
|
+
const roleArn = convertAssumedRoleArnToRoleArn(sessionArn);
|
|
152
152
|
if (principalStatement.arn() === roleArn) {
|
|
153
153
|
return {
|
|
154
154
|
matches: 'SessionRoleMatch',
|
|
@@ -180,18 +180,6 @@ export function requestMatchesPrincipalStatement(request, principalStatement) {
|
|
|
180
180
|
principal: principalStatement.value()
|
|
181
181
|
};
|
|
182
182
|
}
|
|
183
|
-
/**
|
|
184
|
-
* Transfrom an assumed role session ARN into a role ARN
|
|
185
|
-
*
|
|
186
|
-
* @param assumedRoleArn the assumed role session ARN
|
|
187
|
-
* @returns the role ARN for the assumed role session
|
|
188
|
-
*/
|
|
189
|
-
export function roleArnFromAssumedRoleArn(assumedRoleArn) {
|
|
190
|
-
const stsParts = assumedRoleArn.split(':');
|
|
191
|
-
const resourceParts = stsParts.at(-1).split('/');
|
|
192
|
-
const rolePathAndName = resourceParts.slice(1, -1).join('/');
|
|
193
|
-
return `arn:aws:iam::${stsParts[4]}:role/${rolePathAndName}`;
|
|
194
|
-
}
|
|
195
183
|
/**
|
|
196
184
|
* Get a user ARN from a federated user ARN
|
|
197
185
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"principal.js","sourceRoot":"","sources":["../../../src/principal/principal.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"principal.js","sourceRoot":"","sources":["../../../src/principal/principal.ts"],"names":[],"mappings":"AACA,OAAO,EACL,8BAA8B,EAC9B,gBAAgB,EAChB,kBAAkB,EACnB,MAAM,0BAA0B,CAAA;AAoDjC;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CACrC,OAAmB,EACnB,SAAsB;IAEtB,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,kBAAkB,EAAE,EAAE,CACpD,gCAAgC,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAC9D,CAAA;IACD,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,KAAK,OAAO,CAAC,EAAE,CAAC;QACpD,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,QAAQ;SACT,CAAA;IACH,CAAC;IAED,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,KAAK,kBAAkB,CAAC,EAAE,CAAC;QAC/D,OAAO;YACL,OAAO,EAAE,kBAAkB;YAC3B,QAAQ;SACT,CAAA;IACH,CAAC;IAED,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,KAAK,kBAAkB,CAAC,EAAE,CAAC;QAC/D,OAAO;YACL,OAAO,EAAE,kBAAkB;YAC3B,QAAQ;SACT,CAAA;IACH,CAAC;IAED,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,KAAK,mBAAmB,CAAC,EAAE,CAAC;QAChE,OAAO;YACL,OAAO,EAAE,mBAAmB;YAC5B,QAAQ;SACT,CAAA;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,SAAS;QAClB,QAAQ;KACT,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,0BAA0B,CACxC,OAAmB,EACnB,YAAyB;IAEzB,wHAAwH;IACxH,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,kBAAkB,EAAE,EAAE;QACvD,MAAM,OAAO,GAAG,gCAAgC,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAA;QAC7E;;;;;WAKG;QACH,IACE,OAAO,CAAC,OAAO,KAAK,OAAO;YAC3B,OAAO,CAAC,OAAO,KAAK,mBAAmB;YACvC,OAAO,CAAC,OAAO,KAAK,kBAAkB;YACtC,OAAO,CAAC,OAAO,KAAK,kBAAkB,EACtC,CAAC;YACD,OAAO,CAAC,OAAO,GAAG,SAAS,CAAA;QAC7B,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,OAAO,GAAG,OAAO,CAAA;QAC3B,CAAC;QACD,OAAO,OAAO,CAAA;IAChB,CAAC,CAAC,CAAA;IAEF,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,KAAK,SAAS,CAAC,EAAE,CAAC;QACtD,OAAO;YACL,OAAO,EAAE,SAAS;YAClB,QAAQ;SACT,CAAA;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,OAAO;QAChB,QAAQ;KACT,CAAA;IAED,kCAAkC;IAClC,qBAAqB;IACrB,IAAI;IAEJ,8CAA8C;IAC9C,qBAAqB;IACrB,IAAI;IAEJ,iBAAiB;AACnB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,gCAAgC,CAC9C,OAAmB,EACnB,kBAA6B;IAE7B,IAAI,kBAAkB,CAAC,kBAAkB,EAAE,EAAE,CAAC;QAC5C,IAAI,kBAAkB,CAAC,OAAO,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC;YAC/D,OAAO;gBACL,OAAO,EAAE,OAAO;gBAChB,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;aACtC,CAAA;QACH,CAAC;QACD,OAAO;YACL,OAAO,EAAE,SAAS;YAClB,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;SACtC,CAAA;IACH,CAAC;IAED,IAAI,kBAAkB,CAAC,wBAAwB,EAAE,EAAE,CAAC;QAClD,IAAI,kBAAkB,CAAC,aAAa,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC;YACrE,OAAO;gBACL,OAAO,EAAE,OAAO;gBAChB,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;aACtC,CAAA;QACH,CAAC;QACD,OAAO;YACL,OAAO,EAAE,SAAS;YAClB,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;SACtC,CAAA;IACH,CAAC;IAED,IAAI,kBAAkB,CAAC,oBAAoB,EAAE,EAAE,CAAC;QAC9C,IAAI,kBAAkB,CAAC,SAAS,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC;YACjE,OAAO;gBACL,OAAO,EAAE,OAAO;gBAChB,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;aACtC,CAAA;QACH,CAAC;QACD,OAAO;YACL,OAAO,EAAE,SAAS;YAClB,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;SACtC,CAAA;IACH,CAAC;IAED,IAAI,kBAAkB,CAAC,mBAAmB,EAAE,EAAE,CAAC;QAC7C,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;SACtC,CAAA;IACH,CAAC;IAED,IAAI,kBAAkB,CAAC,kBAAkB,EAAE,EAAE,CAAC;QAC5C,IAAI,kBAAkB,CAAC,SAAS,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,CAAC;YACrE,OAAO;gBACL,OAAO,EAAE,mBAAmB;gBAC5B,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;aACtC,CAAA;QACH,CAAC;QACD,OAAO;YACL,OAAO,EAAE,SAAS;YAClB,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;SACtC,CAAA;IACH,CAAC;IAED,IAAI,kBAAkB,CAAC,cAAc,EAAE,EAAE,CAAC;QACxC,IAAI,gBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC;YAChD,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAA;YAC5C,MAAM,OAAO,GAAG,8BAA8B,CAAC,UAAU,CAAC,CAAA;YAC1D,IAAI,kBAAkB,CAAC,GAAG,EAAE,KAAK,OAAO,EAAE,CAAC;gBACzC,OAAO;oBACL,OAAO,EAAE,kBAAkB;oBAC3B,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;oBACrC,iBAAiB,EAAE,OAAO;iBAC3B,CAAA;YACH,CAAC;QACH,CAAC;aAAM,IAAI,kBAAkB,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC;YACzD,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAA;YAC5C,MAAM,OAAO,GAAG,2BAA2B,CAAC,UAAU,CAAC,CAAA;YACvD,IAAI,kBAAkB,CAAC,GAAG,EAAE,KAAK,OAAO,EAAE,CAAC;gBACzC,OAAO;oBACL,OAAO,EAAE,kBAAkB;oBAC3B,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;oBACrC,iBAAiB,EAAE,OAAO;iBAC3B,CAAA;YACH,CAAC;QACH,CAAC;QAED,IAAI,kBAAkB,CAAC,GAAG,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC;YAC3D,OAAO;gBACL,OAAO,EAAE,OAAO;gBAChB,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;aACtC,CAAA;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,SAAS;QAClB,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE;KACtC,CAAA;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,2BAA2B,CAAC,gBAAwB;IAClE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC5C,MAAM,QAAQ,GAAG,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAE,CAAA;IACjC,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAA;IAC1D,OAAO,gBAAgB,QAAQ,CAAC,CAAC,CAAC,SAAS,QAAQ,EAAE,CAAA;AACvD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,iCAAiC,CAC/C,OAAmB,EACnB,SAAoB;IAKpB,IAAI,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;QACrC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,uBAAuB,CAAC,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC,CAAA;QACtF,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,UAAU,EAAE,QAAQ,EAAE,EAAE,CAAA;IACvD,CAAC;SAAM,IAAI,SAAS,CAAC,uBAAuB,EAAE,EAAE,CAAC;QAC/C,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,0BAA0B,CAAC,OAAO,EAAE,SAAS,CAAC,aAAa,EAAE,CAAC,CAAA;QAC5F,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAA;IAC1D,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAA;AACpE,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DefaultServiceAuthorizer.d.ts","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"DefaultServiceAuthorizer.d.ts","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAA;AAC/D,OAAO,EAAE,2BAA2B,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAEvF;;GAEG;AACH,qBAAa,wBAAyB,YAAW,iBAAiB;IACzD,SAAS,CAAC,OAAO,EAAE,2BAA2B,GAAG,eAAe;IAwKvE;;;;;;OAMG;IACH,6BAA6B,CAC3B,WAAW,EAAE,OAAO,EACpB,gBAAgB,EAAE,gBAAgB,EAClC,QAAQ,EAAE,eAAe,GACxB,OAAO;CASX"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DefaultServiceAuthorizer.js","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"DefaultServiceAuthorizer.js","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AAK7F;;GAEG;AACH,MAAM,OAAO,wBAAwB;IAC5B,SAAS,CAAC,OAAoC;QACnD,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,MAAM,CAAA;QAC5C,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,MAAM,CAAA;QAC5C,MAAM,uBAAuB,GAAG,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAA;QAC/D,MAAM,oBAAoB,GAAG,OAAO,CAAC,gBAAgB,EAAE,MAAM,CAAA;QAC7D,MAAM,wBAAwB,GAAG,OAAO,CAAC,0BAA0B,EAAE,MAAM,CAAA;QAE3E,MAAM,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,CAAA;QAC9D,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,SAAS,EAAE,CAAA;QAC7D,MAAM,WAAW,GAAG,gBAAgB,KAAK,eAAe,CAAA;QAExD,MAAM,UAAU,GAQZ;YACF,WAAW;YACX,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,0BAA0B,EAAE,OAAO,CAAC,0BAA0B;SAC/D,CAAA;QAED,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,MAAM,EAAE,SAAS;gBACjB,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,MAAM,EAAE,SAAS;gBACjB,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IACE,oBAAoB,KAAK,kBAAkB;YAC3C,oBAAoB,KAAK,kBAAkB,EAC3C,CAAC;YACD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IAAI,uBAAuB,KAAK,kBAAkB,EAAE,CAAC;YACnD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IAAI,wBAAwB,KAAK,kBAAkB,EAAE,CAAC;YACpD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,cAAc;QACd,IAAI,gBAAgB,KAAK,eAAe,EAAE,CAAC;YACzC,IAAI,wBAAwB,KAAK,kBAAkB,EAAE,CAAC;gBACpD;;;;;;;mBAOG;gBACH,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;oBACvC,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAA;oBACnD,IACE,gBAAgB,CAAC,SAAS,CAAC;wBAC3B,YAAY,CAAC,SAAS,CAAC;wBACvB,kBAAkB,CAAC,SAAS,CAAC,EAC7B,CAAC;wBACD,IACE,OAAO,CAAC,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAC3C,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,cAAc,KAAK,OAAO,CACpD,EACD,CAAC;4BACD,OAAO;gCACL,MAAM,EAAE,SAAS;gCACjB,GAAG,UAAU;6BACd,CAAA;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,OAAO;oBACL,MAAM,EAAE,kBAAkB;oBAC1B,GAAG,UAAU;iBACd,CAAA;YACH,CAAC;YAED;;;;;;;;cAQE;YAEF,MAAM,cAAc,GAAG,IAAI,CAAC,6BAA6B,CACvD,WAAW,EACX,OAAO,CAAC,gBAAgB,EACxB,OAAO,CAAC,OAAO,CAAC,QAAQ,CACzB,CAAA;YACD,IACE,oBAAoB,KAAK,SAAS;gBAClC,CAAC,cAAc,IAAI,uBAAuB,KAAK,SAAS,CAAC,EACzD,CAAC;gBACD,OAAO;oBACL,MAAM,EAAE,SAAS;oBACjB,GAAG,UAAU;iBACd,CAAA;YACH,CAAC;YACD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,eAAe;QACf,IAAI,wBAAwB,KAAK,kBAAkB,EAAE,CAAC;YACpD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IAAI,oBAAoB,KAAK,SAAS,IAAI,oBAAoB,KAAK,mBAAmB,EAAE,CAAC;YACvF,IAAI,uBAAuB,KAAK,SAAS,EAAE,CAAC;gBAC1C,OAAO;oBACL,MAAM,EAAE,SAAS;oBACjB,GAAG,UAAU;iBACd,CAAA;YACH,CAAC;YACD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,OAAO;YACL,MAAM,EAAE,kBAAkB;YAC1B,GAAG,UAAU;SACd,CAAA;QAED;;;;;;;WAOG;IACL,CAAC;IAED;;;;;;OAMG;IACH,6BAA6B,CAC3B,WAAoB,EACpB,gBAAkC,EAClC,QAAyB;QAEzB,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,IAAI,CAAA;QACb,CAAC;QAED,OAAO,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAC1C,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,cAAc,KAAK,mBAAmB,CAChE,CAAA;IACH,CAAC;CACF"}
|
|
@@ -1,3 +1,20 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Represents the policies attached to an OU, or account
|
|
3
|
+
*/
|
|
4
|
+
export interface SimulationOrgPolicies {
|
|
5
|
+
orgIdentifier: string;
|
|
6
|
+
policies: {
|
|
7
|
+
name: string;
|
|
8
|
+
policy: any;
|
|
9
|
+
}[];
|
|
10
|
+
}
|
|
11
|
+
/**
|
|
12
|
+
* Represent a policy attached to an identity
|
|
13
|
+
*/
|
|
14
|
+
export interface SimulationIdentityPolicy {
|
|
15
|
+
name: string;
|
|
16
|
+
policy: any;
|
|
17
|
+
}
|
|
1
18
|
export interface Simulation {
|
|
2
19
|
request: {
|
|
3
20
|
principal: string;
|
|
@@ -8,29 +25,19 @@ export interface Simulation {
|
|
|
8
25
|
};
|
|
9
26
|
contextVariables: Record<string, string | string[]>;
|
|
10
27
|
};
|
|
11
|
-
identityPolicies:
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
name: string;
|
|
19
|
-
policy: any;
|
|
20
|
-
}[];
|
|
21
|
-
}[];
|
|
28
|
+
identityPolicies: SimulationIdentityPolicy[];
|
|
29
|
+
/**
|
|
30
|
+
* The service control policies that apply to the simulation.
|
|
31
|
+
* The root OU should be the first element in the array.
|
|
32
|
+
* The account specific SCPs should be the last element in the array.
|
|
33
|
+
*/
|
|
34
|
+
serviceControlPolicies: SimulationOrgPolicies[];
|
|
22
35
|
/**
|
|
23
36
|
* The resource control policies for the simulation.
|
|
24
37
|
* One per level of the OU/Account hierarchy.
|
|
25
38
|
* The default Resource Control Policy, RCPFullAWSAccess, is automatically added to the simulation.
|
|
26
39
|
*/
|
|
27
|
-
resourceControlPolicies:
|
|
28
|
-
orgIdentifier: string;
|
|
29
|
-
policies: {
|
|
30
|
-
name: string;
|
|
31
|
-
policy: any;
|
|
32
|
-
}[];
|
|
33
|
-
}[];
|
|
40
|
+
resourceControlPolicies: SimulationOrgPolicies[];
|
|
34
41
|
resourcePolicy?: any;
|
|
35
42
|
permissionBoundaryPolicies?: {
|
|
36
43
|
name: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"simulation.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/simulation.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,
|
|
1
|
+
{"version":3,"file":"simulation.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/simulation.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,aAAa,EAAE,MAAM,CAAA;IACrB,QAAQ,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,GAAG,CAAA;KAAE,EAAE,CAAA;CAC1C;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,GAAG,CAAA;CACZ;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAA;QACjB,MAAM,EAAE,MAAM,CAAA;QACd,QAAQ,EAAE;YACR,QAAQ,EAAE,MAAM,CAAA;YAChB,SAAS,EAAE,MAAM,CAAA;SAClB,CAAA;QACD,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAA;KACpD,CAAA;IAED,gBAAgB,EAAE,wBAAwB,EAAE,CAAA;IAE5C;;;;OAIG;IACH,sBAAsB,EAAE,qBAAqB,EAAE,CAAA;IAE/C;;;;OAIG;IACH,uBAAuB,EAAE,qBAAqB,EAAE,CAAA;IAEhD,cAAc,CAAC,EAAE,GAAG,CAAA;IACpB,0BAA0B,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,GAAG,CAAA;KAAE,EAAE,CAAA;CAC7D"}
|
|
@@ -4,7 +4,7 @@ import { Simulation } from './simulation.js';
|
|
|
4
4
|
import { SimulationOptions } from './simulationOptions.js';
|
|
5
5
|
export interface SimulationErrors {
|
|
6
6
|
identityPolicyErrors?: Record<string, ValidationError[]>;
|
|
7
|
-
|
|
7
|
+
serviceControlPolicyErrors?: Record<string, ValidationError[]>;
|
|
8
8
|
resourceControlPolicyErrors?: Record<string, ValidationError[]>;
|
|
9
9
|
permissionBoundaryErrors?: Record<string, ValidationError[]>;
|
|
10
10
|
resourcePolicyErrors?: ValidationError[];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"simulationEngine.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":"AACA,OAAO,EAOL,eAAe,EAChB,MAAM,2BAA2B,CAAA;AAIlC,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAKhD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAiB1D,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAA;IACxD,
|
|
1
|
+
{"version":3,"file":"simulationEngine.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":"AACA,OAAO,EAOL,eAAe,EAChB,MAAM,2BAA2B,CAAA;AAIlC,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAKhD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAiB1D,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAA;IACxD,0BAA0B,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAA;IAC9D,2BAA2B,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAA;IAC/D,wBAAwB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAA;IAC5D,oBAAoB,CAAC,EAAE,eAAe,EAAE,CAAA;IACxC,OAAO,EAAE,MAAM,CAAA;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,CAAC,EAAE,gBAAgB,CAAA;IACzB,QAAQ,CAAC,EAAE,eAAe,CAAA;IAE1B;;;;;OAKG;IACH,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB;;;;;;;;OAQG;IACH,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAA;CAC9B;AAED;;;;;;GAMG;AACH,wBAAsB,aAAa,CACjC,UAAU,EAAE,UAAU,EACtB,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAC5C,OAAO,CAAC,gBAAgB,CAAC,CAmL3B;AAED,wBAAsB,6BAA6B,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC;IACnF,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAA;IACrD,kBAAkB,EAAE,MAAM,EAAE,CAAA;CAC7B,CAAC,CAoCD"}
|
|
@@ -41,7 +41,7 @@ export async function runSimulation(simulation, simulationOptions) {
|
|
|
41
41
|
identityPolicyErrors[name] = validationErrors;
|
|
42
42
|
}
|
|
43
43
|
});
|
|
44
|
-
const
|
|
44
|
+
const serviceControlPolicyErrors = {};
|
|
45
45
|
const serviceControlPolicies = simulation.serviceControlPolicies.map((scp) => {
|
|
46
46
|
const ouId = scp.orgIdentifier;
|
|
47
47
|
const validPolicies = [];
|
|
@@ -49,7 +49,7 @@ export async function runSimulation(simulation, simulationOptions) {
|
|
|
49
49
|
const { name, policy } = value;
|
|
50
50
|
const validationErrors = validateServiceControlPolicy(policy);
|
|
51
51
|
if (validationErrors.length > 0) {
|
|
52
|
-
|
|
52
|
+
serviceControlPolicyErrors[name] = validationErrors;
|
|
53
53
|
}
|
|
54
54
|
else {
|
|
55
55
|
validPolicies.push(loadPolicy(policy));
|
|
@@ -98,14 +98,14 @@ export async function runSimulation(simulation, simulationOptions) {
|
|
|
98
98
|
}
|
|
99
99
|
});
|
|
100
100
|
if (Object.keys(identityPolicyErrors).length > 0 ||
|
|
101
|
-
Object.keys(
|
|
101
|
+
Object.keys(serviceControlPolicyErrors).length > 0 ||
|
|
102
102
|
Object.keys(resourceControlPolicyErrors).length > 0 ||
|
|
103
103
|
Object.keys(permissionBoundaryErrors).length > 0 ||
|
|
104
104
|
resourcePolicyErrors.length > 0) {
|
|
105
105
|
return {
|
|
106
106
|
errors: {
|
|
107
107
|
identityPolicyErrors,
|
|
108
|
-
|
|
108
|
+
serviceControlPolicyErrors: serviceControlPolicyErrors,
|
|
109
109
|
resourceControlPolicyErrors,
|
|
110
110
|
resourcePolicyErrors,
|
|
111
111
|
permissionBoundaryErrors,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"simulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC3E,OAAO,EACL,UAAU,EAEV,sBAAsB,EACtB,6BAA6B,EAC7B,sBAAsB,EACtB,4BAA4B,EAE7B,MAAM,2BAA2B,CAAA;AAClC,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAA;AACxE,OAAO,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAA;AAC3F,OAAO,EAAE,SAAS,EAAmB,MAAM,uCAAuC,CAAA;AAElF,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAA;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAA;AACzD,OAAO,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAA;AAC5E,OAAO,EAAE,4BAA4B,EAAE,MAAM,kBAAkB,CAAA;AAI/D,MAAM,WAAW,GAAG;IAClB,IAAI,EAAE,kBAAkB;IACxB,MAAM,EAAE;QACN,OAAO,EAAE,YAAY;QACrB,SAAS,EAAE;YACT;gBACE,MAAM,EAAE,OAAO;gBACf,SAAS,EAAE,GAAG;gBACd,MAAM,EAAE,GAAG;gBACX,QAAQ,EAAE,GAAG;aACd;SACF;KACF;CACF,CAAA;AAkCD;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,UAAsB,EACtB,iBAA6C;IAE7C,MAAM,oBAAoB,GAAsC,EAAE,CAAA;IAClE,MAAM,gBAAgB,GAAa,EAAE,CAAA;IACrC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QAC5C,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,KAAK,CAAA;QAC9B,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAA;QACvD,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACjC,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAA;QAC3C,CAAC;aAAM,CAAC;YACN,oBAAoB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAA;QAC/C,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,
|
|
1
|
+
{"version":3,"file":"simulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC3E,OAAO,EACL,UAAU,EAEV,sBAAsB,EACtB,6BAA6B,EAC7B,sBAAsB,EACtB,4BAA4B,EAE7B,MAAM,2BAA2B,CAAA;AAClC,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAA;AACxE,OAAO,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAA;AAC3F,OAAO,EAAE,SAAS,EAAmB,MAAM,uCAAuC,CAAA;AAElF,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAA;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAA;AACzD,OAAO,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAA;AAC5E,OAAO,EAAE,4BAA4B,EAAE,MAAM,kBAAkB,CAAA;AAI/D,MAAM,WAAW,GAAG;IAClB,IAAI,EAAE,kBAAkB;IACxB,MAAM,EAAE;QACN,OAAO,EAAE,YAAY;QACrB,SAAS,EAAE;YACT;gBACE,MAAM,EAAE,OAAO;gBACf,SAAS,EAAE,GAAG;gBACd,MAAM,EAAE,GAAG;gBACX,QAAQ,EAAE,GAAG;aACd;SACF;KACF;CACF,CAAA;AAkCD;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,UAAsB,EACtB,iBAA6C;IAE7C,MAAM,oBAAoB,GAAsC,EAAE,CAAA;IAClE,MAAM,gBAAgB,GAAa,EAAE,CAAA;IACrC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QAC5C,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,KAAK,CAAA;QAC9B,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAA;QACvD,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACjC,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAA;QAC3C,CAAC;aAAM,CAAC;YACN,oBAAoB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAA;QAC/C,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,0BAA0B,GAAsC,EAAE,CAAA;IACxE,MAAM,sBAAsB,GAAsB,UAAU,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QAC9F,MAAM,IAAI,GAAG,GAAG,CAAC,aAAa,CAAA;QAC9B,MAAM,aAAa,GAAa,EAAE,CAAA;QAElC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;YAC7B,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,KAAK,CAAA;YAC9B,MAAM,gBAAgB,GAAG,4BAA4B,CAAC,MAAM,CAAC,CAAA;YAC7D,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAChC,0BAA0B,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAA;YACrD,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAA;YACxC,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,QAAQ,EAAE,aAAa;SACxB,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,2BAA2B,GAAsC,EAAE,CAAA;IACzE,MAAM,uBAAuB,GAAsB,UAAU,CAAC,uBAAuB,CAAC,GAAG,CACvF,CAAC,GAAG,EAAE,EAAE;QACN,MAAM,IAAI,GAAG,GAAG,CAAC,aAAa,CAAA;QAC9B,MAAM,aAAa,GAAa,EAAE,CAAA;QAClC,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAA;QAElD,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;YAC7B,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,KAAK,CAAA;YAC9B,MAAM,gBAAgB,GAAG,6BAA6B,CAAC,MAAM,CAAC,CAAA;YAC9D,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAChC,2BAA2B,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAA;YACtD,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAA;YACxC,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,QAAQ,EAAE,aAAa;SACxB,CAAA;IACH,CAAC,CACF,CAAA;IAED,MAAM,oBAAoB,GAAG,UAAU,CAAC,cAAc;QACpD,CAAC,CAAC,sBAAsB,CAAC,UAAU,CAAC,cAAc,CAAC;QACnD,CAAC,CAAC,EAAE,CAAA;IAEN,MAAM,oBAAoB,GAAyB,UAAU,CAAC,0BAA0B;QACtF,CAAC,CAAC,EAAE;QACJ,CAAC,CAAC,SAAS,CAAA;IACb,MAAM,wBAAwB,GAAsC,EAAE,CAAA;IACtE,UAAU,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE;QAChD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,CAAA;QAC3B,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAA;QACvD,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACjC,oBAAqB,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAA;QAChD,CAAC;aAAM,CAAC;YACN,wBAAwB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAA;QACnD,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,IACE,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,MAAM,GAAG,CAAC;QAC5C,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC,MAAM,GAAG,CAAC;QAClD,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,MAAM,GAAG,CAAC;QACnD,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,MAAM,GAAG,CAAC;QAChD,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAC/B,CAAC;QACD,OAAO;YACL,MAAM,EAAE;gBACN,oBAAoB;gBACpB,0BAA0B,EAAE,0BAA0B;gBACtD,2BAA2B;gBAC3B,oBAAoB;gBACpB,wBAAwB;gBACxB,OAAO,EAAE,eAAe;aACzB;SACF,CAAA;IACH,CAAC;IAED,MAAM,cAAc,GAAG,UAAU,CAAC,cAAc;QAC9C,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,cAAc,CAAC;QACvC,CAAC,CAAC,SAAS,CAAA;IAEb,IAAI,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACrD,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,gBAAgB;aAC1B;SACF,CAAA;IACH,CAAC;IAED,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC9D,MAAM,YAAY,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAA;IACpD,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,iBAAiB;aAC3B;SACF,CAAA;IACH,CAAC;IACD,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IAC1D,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,gBAAgB;aAC1B;SACF,CAAA;IACH,CAAC;IAED,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAA;IACxD,MAAM,oBAAoB,GAAG,MAAM,oBAAoB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IACxE,IAAI,YAAY,GAAuB,SAAS,CAAA;IAChD,IAAI,oBAAoB,EAAE,CAAC;QACzB,IAAI,WAAW,KAAK,GAAG,EAAE,CAAC;YACxB,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,mBAAmB;iBAC7B;aACF,CAAA;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,aAAa,GAAG,MAAM,yBAAyB,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAA;QACnF,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,mBAAmB;iBAC7B;aACF,CAAA;QACH,CAAC;aAAM,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,yBAAyB;iBACnC;aACF,CAAA;QACH,CAAC;aAAM,CAAC;YACN,YAAY,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,GAAG,CAAA;QACrC,CAAC;IACH,CAAC;IAED,MAAM,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,GAAG,MAAM,6BAA6B,CAAC,UAAU,CAAC,CAAA;IAElG,MAAM,gBAAgB,GAAG,SAAS,CAAC;QACjC,OAAO,EAAE,IAAI,cAAc,CACzB,UAAU,CAAC,OAAO,CAAC,SAAS,EAC5B;YACE,QAAQ,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ;YAC9C,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS;SACjD,EACD,UAAU,CAAC,OAAO,CAAC,MAAM,EACzB,IAAI,kBAAkB,CAAC,kBAAkB,CAAC,CAC3C;QACD,gBAAgB;QAChB,sBAAsB;QACtB,uBAAuB;QACvB,cAAc;QACd,oBAAoB;KACrB,CAAC,CAAA;IAEF,OAAO;QACL,QAAQ,EAAE,gBAAgB;QAC1B,kBAAkB;QAClB,YAAY;KACb,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,6BAA6B,CAAC,UAAsB;IAIxE,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC9D,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAA;IACxD,MAAM,yBAAyB,GAAG,IAAI,GAAG,CACvC,MAAM,4BAA4B,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CACjE,CAAA;IAED,4FAA4F;IAC5F,MAAM,kBAAkB,GAAsC,EAAE,CAAA;IAChE,MAAM,kBAAkB,GAAa,EAAE,CAAA;IACvC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACnE,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAA;QACtD,MAAM,YAAY,GAAG,GAAG,CAAC,WAAW,EAAE,CAAA;QACtC,IACE,yBAAyB,CAAC,GAAG,CAAC,YAAY,CAAC;YAC3C,uBAAuB,CAAC,YAAY,EAAE,yBAAyB,CAAC,EAChE,CAAC;YACD,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,YAAY,CAAC,CAAA;YAC3D,MAAM,aAAa,GAAG,MAAM,uBAAuB,CAAC,GAAG,CAAC,CAAA;YAExD,IAAI,mBAAmB,CAAC,aAAa,CAAC,EAAE,CAAC;gBACvC,kBAAkB,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAA;YACpD,CAAC;iBAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChC,kBAAkB,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;YAC9C,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,aAAa,CAAC,GAAG,KAAK,CAAA;YAC3C,CAAC;QACH,CAAC;aAAM,CAAC;YACN,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC9B,CAAC;IACH,CAAC;IAED,OAAO;QACL,kBAAkB;QAClB,kBAAkB;KACnB,CAAA;AACH,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,uBAAuB,CAAC,YAAoB,EAAE,gBAA6B;IAClF,MAAM,eAAe,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACjD,IAAI,eAAe,KAAK,CAAC,CAAC,EAAE,CAAC;QAC3B,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,GAAG,CAAC,CAAC,CAAA;IACzD,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;QACxC,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAChC,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cloud-copilot/iam-simulate",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.38",
|
|
4
4
|
"description": "Simulate evaluation of AWS IAM policies",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -50,7 +50,8 @@
|
|
|
50
50
|
},
|
|
51
51
|
"dependencies": {
|
|
52
52
|
"@cloud-copilot/iam-data": ">=0.8.0 <1.0.0",
|
|
53
|
-
"@cloud-copilot/iam-policy": "^0.1.7"
|
|
53
|
+
"@cloud-copilot/iam-policy": "^0.1.7",
|
|
54
|
+
"@cloud-copilot/iam-utils": "^0.1.3"
|
|
54
55
|
},
|
|
55
56
|
"prettier": "@cloud-copilot/prettier-config",
|
|
56
57
|
"release": {
|