@cloud-copilot/iam-simulate 0.1.5 → 0.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/ConditionKeys.d.ts +19 -0
- package/dist/cjs/ConditionKeys.d.ts.map +1 -0
- package/dist/cjs/ConditionKeys.js +27 -0
- package/dist/cjs/ConditionKeys.js.map +1 -0
- package/dist/cjs/SCPAnalysis.d.ts +6 -0
- package/dist/cjs/SCPAnalysis.d.ts.map +1 -0
- package/dist/cjs/SCPAnalysis.js +3 -0
- package/dist/cjs/SCPAnalysis.js.map +1 -0
- package/dist/cjs/context_keys/findContextKeys.d.ts +19 -0
- package/dist/cjs/context_keys/findContextKeys.d.ts.map +1 -0
- package/dist/cjs/context_keys/findContextKeys.js +57 -0
- package/dist/cjs/context_keys/findContextKeys.js.map +1 -0
- package/dist/cjs/core_engine/coreSimulatorEngine.d.ts +39 -0
- package/dist/cjs/core_engine/coreSimulatorEngine.d.ts.map +1 -1
- package/dist/cjs/core_engine/coreSimulatorEngine.js +56 -0
- package/dist/cjs/core_engine/coreSimulatorEngine.js.map +1 -1
- package/dist/cjs/evaluate.d.ts +1 -0
- package/dist/cjs/evaluate.d.ts.map +1 -1
- package/dist/cjs/global_conditions/globalConditionKeys.d.ts +9 -1
- package/dist/cjs/global_conditions/globalConditionKeys.d.ts.map +1 -1
- package/dist/cjs/global_conditions/globalConditionKeys.js +78 -50
- package/dist/cjs/global_conditions/globalConditionKeys.js.map +1 -1
- package/dist/cjs/index.d.ts +4 -0
- package/dist/cjs/index.d.ts.map +1 -1
- package/dist/cjs/index.js +10 -1
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/principal/principal.d.ts +9 -1
- package/dist/cjs/principal/principal.d.ts.map +1 -1
- package/dist/cjs/principal/principal.js +17 -0
- package/dist/cjs/principal/principal.js.map +1 -1
- package/dist/cjs/request/requestPrincipal.d.ts.map +1 -1
- package/dist/cjs/request/requestPrincipal.js.map +1 -1
- package/dist/cjs/services/DefaultServiceAuthorizer.d.ts +30 -1
- package/dist/cjs/services/DefaultServiceAuthorizer.d.ts.map +1 -1
- package/dist/cjs/services/DefaultServiceAuthorizer.js +93 -7
- package/dist/cjs/services/DefaultServiceAuthorizer.js.map +1 -1
- package/dist/cjs/services/ServiceAuthorizer.d.ts +3 -0
- package/dist/cjs/services/ServiceAuthorizer.d.ts.map +1 -1
- package/dist/cjs/simulation_engine/contextKeys.d.ts +9 -1
- package/dist/cjs/simulation_engine/contextKeys.d.ts.map +1 -1
- package/dist/cjs/simulation_engine/contextKeys.js +27 -40
- package/dist/cjs/simulation_engine/contextKeys.js.map +1 -1
- package/dist/cjs/simulation_engine/simulation.d.ts +12 -1
- package/dist/cjs/simulation_engine/simulation.d.ts.map +1 -1
- package/dist/cjs/simulation_engine/simulationEngine.d.ts +15 -0
- package/dist/cjs/simulation_engine/simulationEngine.d.ts.map +1 -1
- package/dist/cjs/simulation_engine/simulationEngine.js +126 -15
- package/dist/cjs/simulation_engine/simulationEngine.js.map +1 -1
- package/dist/cjs/simulation_engine/unsafeSimulationEngine.d.ts +1 -1
- package/dist/cjs/simulation_engine/unsafeSimulationEngine.d.ts.map +1 -1
- package/dist/cjs/simulation_engine/unsafeSimulationEngine.js +13 -4
- package/dist/cjs/simulation_engine/unsafeSimulationEngine.js.map +1 -1
- package/dist/cjs/util.d.ts +69 -0
- package/dist/cjs/util.d.ts.map +1 -1
- package/dist/cjs/util.js +166 -0
- package/dist/cjs/util.js.map +1 -1
- package/dist/esm/ConditionKeys.d.ts +19 -0
- package/dist/esm/ConditionKeys.d.ts.map +1 -0
- package/dist/esm/ConditionKeys.js +23 -0
- package/dist/esm/ConditionKeys.js.map +1 -0
- package/dist/esm/SCPAnalysis.d.ts +6 -0
- package/dist/esm/SCPAnalysis.d.ts.map +1 -0
- package/dist/esm/SCPAnalysis.js +2 -0
- package/dist/esm/SCPAnalysis.js.map +1 -0
- package/dist/esm/context_keys/findContextKeys.d.ts +19 -0
- package/dist/esm/context_keys/findContextKeys.d.ts.map +1 -0
- package/dist/esm/context_keys/findContextKeys.js +53 -0
- package/dist/esm/context_keys/findContextKeys.js.map +1 -0
- package/dist/esm/core_engine/coreSimulatorEngine.d.ts +39 -0
- package/dist/esm/core_engine/coreSimulatorEngine.d.ts.map +1 -1
- package/dist/esm/core_engine/coreSimulatorEngine.js +54 -0
- package/dist/esm/core_engine/coreSimulatorEngine.js.map +1 -1
- package/dist/esm/evaluate.d.ts +1 -0
- package/dist/esm/evaluate.d.ts.map +1 -1
- package/dist/esm/global_conditions/globalConditionKeys.d.ts +9 -1
- package/dist/esm/global_conditions/globalConditionKeys.d.ts.map +1 -1
- package/dist/esm/global_conditions/globalConditionKeys.js +76 -50
- package/dist/esm/global_conditions/globalConditionKeys.js.map +1 -1
- package/dist/esm/index.d.ts +4 -0
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.js +4 -0
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/principal/principal.d.ts +9 -1
- package/dist/esm/principal/principal.d.ts.map +1 -1
- package/dist/esm/principal/principal.js +16 -0
- package/dist/esm/principal/principal.js.map +1 -1
- package/dist/esm/request/requestPrincipal.d.ts.map +1 -1
- package/dist/esm/request/requestPrincipal.js.map +1 -1
- package/dist/esm/services/DefaultServiceAuthorizer.d.ts +30 -1
- package/dist/esm/services/DefaultServiceAuthorizer.d.ts.map +1 -1
- package/dist/esm/services/DefaultServiceAuthorizer.js +93 -7
- package/dist/esm/services/DefaultServiceAuthorizer.js.map +1 -1
- package/dist/esm/services/ServiceAuthorizer.d.ts +3 -0
- package/dist/esm/services/ServiceAuthorizer.d.ts.map +1 -1
- package/dist/esm/simulation_engine/contextKeys.d.ts +9 -1
- package/dist/esm/simulation_engine/contextKeys.d.ts.map +1 -1
- package/dist/esm/simulation_engine/contextKeys.js +28 -40
- package/dist/esm/simulation_engine/contextKeys.js.map +1 -1
- package/dist/esm/simulation_engine/simulation.d.ts +12 -1
- package/dist/esm/simulation_engine/simulation.d.ts.map +1 -1
- package/dist/esm/simulation_engine/simulationEngine.d.ts +15 -0
- package/dist/esm/simulation_engine/simulationEngine.d.ts.map +1 -1
- package/dist/esm/simulation_engine/simulationEngine.js +126 -16
- package/dist/esm/simulation_engine/simulationEngine.js.map +1 -1
- package/dist/esm/simulation_engine/unsafeSimulationEngine.d.ts +1 -1
- package/dist/esm/simulation_engine/unsafeSimulationEngine.d.ts.map +1 -1
- package/dist/esm/simulation_engine/unsafeSimulationEngine.js +13 -4
- package/dist/esm/simulation_engine/unsafeSimulationEngine.js.map +1 -1
- package/dist/esm/util.d.ts +69 -0
- package/dist/esm/util.d.ts.map +1 -1
- package/dist/esm/util.js +158 -0
- package/dist/esm/util.js.map +1 -1
- package/package.json +1 -1
|
@@ -1,252 +1,269 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.getGlobalConditionKey = getGlobalConditionKey;
|
|
4
|
+
exports.globalConditionKeyExists = globalConditionKeyExists;
|
|
4
5
|
exports.getGlobalConditionKeysByCategory = getGlobalConditionKeysByCategory;
|
|
6
|
+
exports.allGlobalConditionKeys = allGlobalConditionKeys;
|
|
5
7
|
const globalConditionKeys = [
|
|
6
8
|
{
|
|
7
9
|
key: "aws:PrincipalArn",
|
|
8
10
|
category: "principal",
|
|
9
|
-
dataType: ""
|
|
11
|
+
dataType: "ARN"
|
|
10
12
|
},
|
|
11
13
|
{
|
|
12
14
|
key: "aws:PrincipalAccount",
|
|
13
15
|
category: "principal",
|
|
14
|
-
dataType: ""
|
|
16
|
+
dataType: "String"
|
|
15
17
|
},
|
|
16
18
|
{
|
|
17
19
|
key: "aws:PrincipalOrgPaths",
|
|
18
20
|
category: "principal",
|
|
19
|
-
dataType: ""
|
|
21
|
+
dataType: "ArrayOfString"
|
|
20
22
|
},
|
|
21
23
|
{
|
|
22
24
|
key: "aws:PrincipalOrgID",
|
|
23
25
|
category: "principal",
|
|
24
|
-
dataType: ""
|
|
26
|
+
dataType: "String"
|
|
25
27
|
},
|
|
26
28
|
{
|
|
27
29
|
key: "aws:PrincipalTag/tag-key",
|
|
28
30
|
category: "principal",
|
|
29
|
-
dataType: ""
|
|
31
|
+
dataType: "String"
|
|
30
32
|
},
|
|
31
33
|
{
|
|
32
34
|
key: "aws:PrincipalIsAWSService",
|
|
33
35
|
category: "principal",
|
|
34
|
-
dataType: ""
|
|
36
|
+
dataType: "Bool"
|
|
35
37
|
},
|
|
36
38
|
{
|
|
37
39
|
key: "aws:PrincipalServiceName",
|
|
38
40
|
category: "principal",
|
|
39
|
-
dataType: ""
|
|
41
|
+
dataType: "String"
|
|
40
42
|
},
|
|
41
43
|
{
|
|
42
44
|
key: "aws:PrincipalServiceNamesList",
|
|
43
45
|
category: "principal",
|
|
44
|
-
dataType: ""
|
|
46
|
+
dataType: "ArrayOfString"
|
|
45
47
|
},
|
|
46
48
|
{
|
|
47
49
|
key: "aws:PrincipalType",
|
|
48
50
|
category: "principal",
|
|
49
|
-
dataType: ""
|
|
51
|
+
dataType: "String"
|
|
50
52
|
},
|
|
51
53
|
{
|
|
52
54
|
key: "aws:userid",
|
|
53
55
|
category: "principal",
|
|
54
|
-
dataType: ""
|
|
56
|
+
dataType: "String"
|
|
55
57
|
},
|
|
56
58
|
{
|
|
57
59
|
key: "aws:username",
|
|
58
60
|
category: "principal",
|
|
59
|
-
dataType: ""
|
|
61
|
+
dataType: "String"
|
|
62
|
+
},
|
|
63
|
+
{
|
|
64
|
+
key: "aws:AssumedRoot",
|
|
65
|
+
category: "session",
|
|
66
|
+
dataType: "String",
|
|
60
67
|
},
|
|
61
68
|
{
|
|
62
69
|
key: "aws:FederatedProvider",
|
|
63
70
|
category: "session",
|
|
64
|
-
dataType: "",
|
|
71
|
+
dataType: "String",
|
|
65
72
|
},
|
|
66
73
|
{
|
|
67
74
|
key: "aws:TokenIssueTime",
|
|
68
75
|
category: "session",
|
|
69
|
-
dataType: "",
|
|
76
|
+
dataType: "Date",
|
|
70
77
|
},
|
|
71
78
|
{
|
|
72
79
|
key: "aws:MultiFactorAuthAge",
|
|
73
80
|
category: "session",
|
|
74
|
-
dataType: "",
|
|
81
|
+
dataType: "Numeric",
|
|
75
82
|
},
|
|
76
83
|
{
|
|
77
84
|
key: "aws:MultiFactorAuthPresent",
|
|
78
85
|
category: "session",
|
|
79
|
-
dataType: "",
|
|
86
|
+
dataType: "Bool",
|
|
87
|
+
},
|
|
88
|
+
{
|
|
89
|
+
key: "aws:ChatbotSourceArn",
|
|
90
|
+
category: "session",
|
|
91
|
+
dataType: "ARN",
|
|
80
92
|
},
|
|
81
93
|
{
|
|
82
94
|
key: "aws:Ec2InstanceSourceVpc",
|
|
83
95
|
category: "session",
|
|
84
|
-
dataType: "",
|
|
96
|
+
dataType: "String",
|
|
85
97
|
},
|
|
86
98
|
{
|
|
87
99
|
key: "aws:Ec2InstanceSourcePrivateIPv4",
|
|
88
100
|
category: "session",
|
|
89
|
-
dataType: "",
|
|
101
|
+
dataType: "IPAddress",
|
|
90
102
|
},
|
|
91
103
|
{
|
|
92
104
|
key: "aws:SourceIdentity",
|
|
93
105
|
category: "session",
|
|
94
|
-
dataType: "",
|
|
106
|
+
dataType: "String",
|
|
95
107
|
},
|
|
96
108
|
{
|
|
97
109
|
key: "ec2:RoleDelivery",
|
|
98
110
|
category: "session",
|
|
99
|
-
dataType: "",
|
|
111
|
+
dataType: "Numeric",
|
|
100
112
|
},
|
|
101
113
|
{
|
|
102
114
|
key: "ec2:SourceInstanceArn",
|
|
103
115
|
category: "session",
|
|
104
|
-
dataType: "",
|
|
116
|
+
dataType: "ARN",
|
|
105
117
|
},
|
|
106
118
|
{
|
|
107
119
|
key: "glue:RoleAssumedBy",
|
|
108
120
|
category: "session",
|
|
109
|
-
dataType: "",
|
|
121
|
+
dataType: "String",
|
|
110
122
|
},
|
|
111
123
|
{
|
|
112
124
|
key: "glue:CredentialIssuingService",
|
|
113
125
|
category: "session",
|
|
114
|
-
dataType: "",
|
|
126
|
+
dataType: "String",
|
|
115
127
|
},
|
|
116
128
|
{
|
|
117
129
|
key: "lambda:SourceFunctionArn",
|
|
118
130
|
category: "session",
|
|
119
|
-
dataType: "",
|
|
131
|
+
dataType: "ARN",
|
|
120
132
|
},
|
|
121
133
|
{
|
|
122
134
|
key: "ssm:SourceInstanceArn",
|
|
123
135
|
category: "session",
|
|
124
|
-
dataType: "",
|
|
136
|
+
dataType: "ARN",
|
|
125
137
|
},
|
|
126
138
|
{
|
|
127
139
|
key: "identitystore:UserId",
|
|
128
140
|
category: "session",
|
|
129
|
-
dataType: "",
|
|
141
|
+
dataType: "String",
|
|
130
142
|
},
|
|
131
143
|
{
|
|
132
144
|
key: "aws:SourceIp",
|
|
133
145
|
category: "network",
|
|
134
|
-
dataType: "",
|
|
146
|
+
dataType: "IPAddress",
|
|
135
147
|
},
|
|
136
148
|
{
|
|
137
149
|
key: "aws:SourceVpc",
|
|
138
150
|
category: "network",
|
|
139
|
-
dataType: "",
|
|
151
|
+
dataType: "String",
|
|
140
152
|
},
|
|
141
153
|
{
|
|
142
154
|
key: "aws:SourceVpce",
|
|
143
155
|
category: "network",
|
|
144
|
-
dataType: "",
|
|
156
|
+
dataType: "String",
|
|
145
157
|
},
|
|
146
158
|
{
|
|
147
159
|
key: "aws:VpcSourceIp ",
|
|
148
160
|
category: "network",
|
|
149
|
-
dataType: "",
|
|
161
|
+
dataType: "IPAddress",
|
|
150
162
|
},
|
|
151
163
|
{
|
|
152
164
|
key: "aws:ResourceAccount",
|
|
153
165
|
category: "resource",
|
|
154
|
-
dataType: "",
|
|
166
|
+
dataType: "String",
|
|
155
167
|
},
|
|
156
168
|
{
|
|
157
169
|
key: "aws:ResourceOrgID",
|
|
158
170
|
category: "resource",
|
|
159
|
-
dataType: "",
|
|
171
|
+
dataType: "String",
|
|
160
172
|
},
|
|
161
173
|
{
|
|
162
174
|
key: "aws:ResourceOrgPaths",
|
|
163
175
|
category: "resource",
|
|
164
|
-
dataType: "",
|
|
176
|
+
dataType: "ArrayOfString",
|
|
165
177
|
},
|
|
166
178
|
{
|
|
167
179
|
key: "aws:ResourceTag/tag-key",
|
|
168
180
|
category: "resource",
|
|
169
|
-
dataType: "",
|
|
181
|
+
dataType: "String",
|
|
170
182
|
},
|
|
171
183
|
{
|
|
172
184
|
key: "aws:CalledVia",
|
|
173
185
|
category: "request",
|
|
174
|
-
dataType: "",
|
|
186
|
+
dataType: "ArrayOfString",
|
|
175
187
|
},
|
|
176
188
|
{
|
|
177
189
|
key: "aws:CalledViaFirst",
|
|
178
190
|
category: "request",
|
|
179
|
-
dataType: "",
|
|
191
|
+
dataType: "String",
|
|
180
192
|
},
|
|
181
193
|
{
|
|
182
194
|
key: "aws:CalledViaLast",
|
|
183
195
|
category: "request",
|
|
184
|
-
dataType: "",
|
|
196
|
+
dataType: "String",
|
|
185
197
|
},
|
|
186
198
|
{
|
|
187
199
|
key: "aws:ViaAWSService",
|
|
188
200
|
category: "request",
|
|
189
|
-
dataType: "",
|
|
201
|
+
dataType: "Bool",
|
|
190
202
|
},
|
|
191
203
|
{
|
|
192
204
|
key: "aws:CurrentTime",
|
|
193
205
|
category: "request",
|
|
194
|
-
dataType: "",
|
|
206
|
+
dataType: "Date",
|
|
195
207
|
},
|
|
196
208
|
{
|
|
197
209
|
key: "aws:EpochTime",
|
|
198
210
|
category: "request",
|
|
199
|
-
dataType: "",
|
|
211
|
+
dataType: "Date", //Can Also be Numeric...
|
|
200
212
|
},
|
|
201
213
|
{
|
|
202
214
|
key: "aws:referer",
|
|
203
215
|
category: "request",
|
|
204
|
-
dataType: "",
|
|
216
|
+
dataType: "String",
|
|
205
217
|
},
|
|
206
218
|
{
|
|
207
219
|
key: "aws:RequestedRegion",
|
|
208
220
|
category: "request",
|
|
209
|
-
dataType: "",
|
|
221
|
+
dataType: "String",
|
|
210
222
|
},
|
|
211
223
|
{
|
|
212
224
|
key: "aws:RequestTag/tag-key",
|
|
213
225
|
category: "request",
|
|
214
|
-
dataType: "",
|
|
226
|
+
dataType: "String",
|
|
215
227
|
},
|
|
216
228
|
{
|
|
217
229
|
key: "aws:TagKeys",
|
|
218
230
|
category: "request",
|
|
219
|
-
dataType: "",
|
|
231
|
+
dataType: "ArrayOfString",
|
|
220
232
|
},
|
|
221
233
|
{
|
|
222
234
|
key: "aws:SecureTransport",
|
|
223
235
|
category: "request",
|
|
224
|
-
dataType: "",
|
|
236
|
+
dataType: "Bool",
|
|
225
237
|
},
|
|
226
238
|
{
|
|
227
239
|
key: "aws:SourceArn",
|
|
228
240
|
category: "request",
|
|
229
|
-
dataType: "",
|
|
241
|
+
dataType: "ARN",
|
|
230
242
|
},
|
|
231
243
|
{
|
|
232
244
|
key: "aws:SourceAccount",
|
|
233
245
|
category: "request",
|
|
234
|
-
dataType: "",
|
|
246
|
+
dataType: "String",
|
|
247
|
+
},
|
|
248
|
+
{
|
|
249
|
+
key: "aws:SourceOwner",
|
|
250
|
+
category: "request",
|
|
251
|
+
dataType: "String",
|
|
235
252
|
},
|
|
236
253
|
{
|
|
237
254
|
key: "aws:SourceOrgPaths",
|
|
238
255
|
category: "request",
|
|
239
|
-
dataType: "",
|
|
256
|
+
dataType: "ArrayOfString",
|
|
240
257
|
},
|
|
241
258
|
{
|
|
242
259
|
key: "aws:SourceOrgID",
|
|
243
260
|
category: "request",
|
|
244
|
-
dataType: "",
|
|
261
|
+
dataType: "String",
|
|
245
262
|
},
|
|
246
263
|
{
|
|
247
|
-
key: "aws:UserAgent
|
|
264
|
+
key: "aws:UserAgent",
|
|
248
265
|
category: "request",
|
|
249
|
-
dataType: "",
|
|
266
|
+
dataType: "String",
|
|
250
267
|
}
|
|
251
268
|
];
|
|
252
269
|
const keysByName = globalConditionKeys.reduce((acc, key) => {
|
|
@@ -262,7 +279,18 @@ const keysByCategory = globalConditionKeys.reduce((acc, key) => {
|
|
|
262
279
|
function getGlobalConditionKey(key) {
|
|
263
280
|
return keysByName[key.toLowerCase()];
|
|
264
281
|
}
|
|
282
|
+
function globalConditionKeyExists(key) {
|
|
283
|
+
return !!getGlobalConditionKey(key);
|
|
284
|
+
}
|
|
265
285
|
function getGlobalConditionKeysByCategory(category) {
|
|
266
286
|
return keysByCategory[category.toLowerCase()] || [];
|
|
267
287
|
}
|
|
288
|
+
/**
|
|
289
|
+
* Get all the global condition keys as lower case strings
|
|
290
|
+
*
|
|
291
|
+
* @returns a list of all the global condition keys
|
|
292
|
+
*/
|
|
293
|
+
function allGlobalConditionKeys() {
|
|
294
|
+
return Object.keys(keysByCategory);
|
|
295
|
+
}
|
|
268
296
|
//# sourceMappingURL=globalConditionKeys.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"globalConditionKeys.js","sourceRoot":"","sources":["../../../src/global_conditions/globalConditionKeys.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"globalConditionKeys.js","sourceRoot":"","sources":["../../../src/global_conditions/globalConditionKeys.ts"],"names":[],"mappings":";;AA+RA,sDAEC;AAED,4DAEC;AAED,4EAEC;AAOD,wDAEC;AA1SD,MAAM,mBAAmB,GAAyB;IAChD;QACE,GAAG,EAAE,kBAAkB;QACvB,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,KAAK;KAChB;IACD;QACE,GAAG,EAAE,sBAAsB;QAC3B,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,uBAAuB;QAC5B,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,eAAe;KAC1B;IACD;QACE,GAAG,EAAE,oBAAoB;QACzB,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,0BAA0B;QAC/B,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,2BAA2B;QAChC,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,GAAG,EAAE,0BAA0B;QAC/B,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,+BAA+B;QACpC,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,eAAe;KAC1B;IACD;QACE,GAAG,EAAE,mBAAmB;QACxB,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,YAAY;QACjB,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,cAAc;QACnB,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,QAAQ;KACnB;IAED;QACE,GAAG,EAAE,iBAAiB;QACtB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,uBAAuB;QAC5B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,oBAAoB;QACzB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,GAAG,EAAE,wBAAwB;QAC7B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,GAAG,EAAE,4BAA4B;QACjC,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,GAAG,EAAE,sBAAsB;QAC3B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,KAAK;KAChB;IACD;QACE,GAAG,EAAE,0BAA0B;QAC/B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,kCAAkC;QACvC,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,WAAW;KACtB;IACD;QACE,GAAG,EAAE,oBAAoB;QACzB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,kBAAkB;QACvB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,GAAG,EAAE,uBAAuB;QAC5B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,KAAK;KAChB;IACD;QACE,GAAG,EAAE,oBAAoB;QACzB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,+BAA+B;QACpC,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,0BAA0B;QAC/B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,KAAK;KAChB;IACD;QACE,GAAG,EAAE,uBAAuB;QAC5B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,KAAK;KAChB;IACD;QACE,GAAG,EAAE,sBAAsB;QAC3B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IAED;QACE,GAAG,EAAE,cAAc;QACnB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,WAAW;KACtB;IACD;QACE,GAAG,EAAE,eAAe;QACpB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,gBAAgB;QACrB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,mBAAmB;QACxB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,WAAW;KACtB;IAED;QACE,GAAG,EAAE,qBAAqB;QAC1B,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,mBAAmB;QACxB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,sBAAsB;QAC3B,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,eAAe;KAC1B;IACD;QACE,GAAG,EAAE,yBAAyB;QAC9B,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,QAAQ;KACnB;IAED;QACE,GAAG,EAAE,eAAe;QACpB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,eAAe;KAC1B;IACD;QACE,GAAG,EAAE,oBAAoB;QACzB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,mBAAmB;QACxB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,mBAAmB;QACxB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,GAAG,EAAE,iBAAiB;QACtB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,GAAG,EAAE,eAAe;QACpB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,MAAM,EAAE,wBAAwB;KAC3C;IACD;QACE,GAAG,EAAE,aAAa;QAClB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,qBAAqB;QAC1B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,wBAAwB;QAC7B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,aAAa;QAClB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,eAAe;KAC1B;IACD;QACE,GAAG,EAAE,qBAAqB;QAC1B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,GAAG,EAAE,eAAe;QACpB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,KAAK;KAChB;IACD;QACE,GAAG,EAAE,mBAAmB;QACxB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,iBAAiB;QACtB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,oBAAoB;QACzB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,eAAe;KAC1B;IACD;QACE,GAAG,EAAE,iBAAiB;QACtB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,eAAe;QACpB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;CACF,CAAA;AAED,MAAM,UAAU,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACzD,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,GAAG,GAAG,CAAC;IACjC,OAAO,GAAG,CAAC;AACb,CAAC,EAAE,EAAwC,CAAC,CAAC;AAE7C,MAAM,cAAc,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAC7D,MAAM,aAAa,GAAG,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IACjD,GAAG,CAAC,aAAa,CAAC,GAAG,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;IAC9C,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC7B,OAAO,GAAG,CAAC;AACb,CAAC,EAAE,EAA0C,CAAC,CAAC;AAE/C,SAAgB,qBAAqB,CAAC,GAAW;IAC/C,OAAO,UAAU,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;AACvC,CAAC;AAED,SAAgB,wBAAwB,CAAC,GAAW;IAClD,OAAO,CAAC,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;AACtC,CAAC;AAED,SAAgB,gCAAgC,CAAC,QAAgB;IAC/D,OAAO,cAAc,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;AACtD,CAAC;AAED;;;;GAIG;AACH,SAAgB,sBAAsB;IACpC,OAAO,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;AACrC,CAAC"}
|
package/dist/cjs/index.d.ts
CHANGED
|
@@ -1,6 +1,10 @@
|
|
|
1
|
+
export { BaseConditionKeyType, isConditionKeyArray, type ConditionKeyType } from './ConditionKeys.js';
|
|
2
|
+
export { findContextKeys } from './context_keys/findContextKeys.js';
|
|
1
3
|
export { type EvaluationResult } from './evaluate.js';
|
|
4
|
+
export { allowedContextKeysForRequest } from './simulation_engine/contextKeys.js';
|
|
2
5
|
export { type Simulation } from './simulation_engine/simulation.js';
|
|
3
6
|
export { runSimulation } from './simulation_engine/simulationEngine.js';
|
|
4
7
|
export { type SimulationOptions } from './simulation_engine/simulationOptions.js';
|
|
5
8
|
export { runUnsafeSimulation } from './simulation_engine/unsafeSimulationEngine.js';
|
|
9
|
+
export { isWildcardOnlyAction, typeForContextKey } from './util.js';
|
|
6
10
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/cjs/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,mCAAmC,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,yCAAyC,CAAC;AACxE,OAAO,EAAE,KAAK,iBAAiB,EAAE,MAAM,0CAA0C,CAAC;AAClF,OAAO,EAAE,mBAAmB,EAAE,MAAM,+CAA+C,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,KAAK,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtG,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC;AACpE,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,EAAE,4BAA4B,EAAE,MAAM,oCAAoC,CAAC;AAClF,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,mCAAmC,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,yCAAyC,CAAC;AACxE,OAAO,EAAE,KAAK,iBAAiB,EAAE,MAAM,0CAA0C,CAAC;AAClF,OAAO,EAAE,mBAAmB,EAAE,MAAM,+CAA+C,CAAC;AACpF,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC"}
|
package/dist/cjs/index.js
CHANGED
|
@@ -1,8 +1,17 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.runUnsafeSimulation = exports.runSimulation = void 0;
|
|
3
|
+
exports.typeForContextKey = exports.isWildcardOnlyAction = exports.runUnsafeSimulation = exports.runSimulation = exports.allowedContextKeysForRequest = exports.findContextKeys = exports.isConditionKeyArray = void 0;
|
|
4
|
+
var ConditionKeys_js_1 = require("./ConditionKeys.js");
|
|
5
|
+
Object.defineProperty(exports, "isConditionKeyArray", { enumerable: true, get: function () { return ConditionKeys_js_1.isConditionKeyArray; } });
|
|
6
|
+
var findContextKeys_js_1 = require("./context_keys/findContextKeys.js");
|
|
7
|
+
Object.defineProperty(exports, "findContextKeys", { enumerable: true, get: function () { return findContextKeys_js_1.findContextKeys; } });
|
|
8
|
+
var contextKeys_js_1 = require("./simulation_engine/contextKeys.js");
|
|
9
|
+
Object.defineProperty(exports, "allowedContextKeysForRequest", { enumerable: true, get: function () { return contextKeys_js_1.allowedContextKeysForRequest; } });
|
|
4
10
|
var simulationEngine_js_1 = require("./simulation_engine/simulationEngine.js");
|
|
5
11
|
Object.defineProperty(exports, "runSimulation", { enumerable: true, get: function () { return simulationEngine_js_1.runSimulation; } });
|
|
6
12
|
var unsafeSimulationEngine_js_1 = require("./simulation_engine/unsafeSimulationEngine.js");
|
|
7
13
|
Object.defineProperty(exports, "runUnsafeSimulation", { enumerable: true, get: function () { return unsafeSimulationEngine_js_1.runUnsafeSimulation; } });
|
|
14
|
+
var util_js_1 = require("./util.js");
|
|
15
|
+
Object.defineProperty(exports, "isWildcardOnlyAction", { enumerable: true, get: function () { return util_js_1.isWildcardOnlyAction; } });
|
|
16
|
+
Object.defineProperty(exports, "typeForContextKey", { enumerable: true, get: function () { return util_js_1.typeForContextKey; } });
|
|
8
17
|
//# sourceMappingURL=index.js.map
|
package/dist/cjs/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAAA,uDAAsG;AAAvE,uHAAA,mBAAmB,OAAA;AAClD,wEAAoE;AAA3D,qHAAA,eAAe,OAAA;AAExB,qEAAkF;AAAzE,8HAAA,4BAA4B,OAAA;AAErC,+EAAwE;AAA/D,oHAAA,aAAa,OAAA;AAEtB,2FAAoF;AAA3E,gIAAA,mBAAmB,OAAA;AAC5B,qCAAoE;AAA3D,+GAAA,oBAAoB,OAAA;AAAE,4GAAA,iBAAiB,OAAA"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { Principal } from "@cloud-copilot/iam-policy";
|
|
1
|
+
import { Principal, Statement } from "@cloud-copilot/iam-policy";
|
|
2
2
|
import { AwsRequest } from "../request/request.js";
|
|
3
3
|
export type PrincipalMatchResult = 'Match' | 'NoMatch' | 'AccountLevelMatch';
|
|
4
4
|
/**
|
|
@@ -27,4 +27,12 @@ export declare function requestMatchesNotPrincipal(request: AwsRequest, notPrinc
|
|
|
27
27
|
export declare function requestMatchesPrincipalStatement(request: AwsRequest, principalStatement: Principal): PrincipalMatchResult;
|
|
28
28
|
export declare function isAssumedRoleArn(principal: string): boolean;
|
|
29
29
|
export declare function roleArnFromAssumedRoleArn(assumedRoleArn: string): string;
|
|
30
|
+
/**
|
|
31
|
+
* Check if a request matches the Resource or NotResource elements of a statement.
|
|
32
|
+
*
|
|
33
|
+
* @param request the request to check
|
|
34
|
+
* @param statement the statement to check against
|
|
35
|
+
* @returns true if the request matches the resources in the statement, false otherwise
|
|
36
|
+
*/
|
|
37
|
+
export declare function requestMatchesStatementPrincipals(request: AwsRequest, statement: Statement): PrincipalMatchResult;
|
|
30
38
|
//# sourceMappingURL=principal.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"principal.d.ts","sourceRoot":"","sources":["../../../src/principal/principal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;
|
|
1
|
+
{"version":3,"file":"principal.d.ts","sourceRoot":"","sources":["../../../src/principal/principal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AA4CnD,MAAM,MAAM,oBAAoB,GAAG,OAAO,GAAG,SAAS,GAAG,mBAAmB,CAAA;AAE5E;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,oBAAoB,CAWzG;AAED;;;;;;GAMG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,oBAAoB,CAiB/G;AAED;;;;;;GAMG;AACH,wBAAgB,gCAAgC,CAAC,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,SAAS,GAAG,oBAAoB,CAgDzH;AAID,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAE3D;AAED,wBAAgB,yBAAyB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,CAKxE;AAED;;;;;;GAMG;AACH,wBAAgB,iCAAiC,CAAC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,GAAG,oBAAoB,CAOjH"}
|
|
@@ -5,6 +5,7 @@ exports.requestMatchesNotPrincipal = requestMatchesNotPrincipal;
|
|
|
5
5
|
exports.requestMatchesPrincipalStatement = requestMatchesPrincipalStatement;
|
|
6
6
|
exports.isAssumedRoleArn = isAssumedRoleArn;
|
|
7
7
|
exports.roleArnFromAssumedRoleArn = roleArnFromAssumedRoleArn;
|
|
8
|
+
exports.requestMatchesStatementPrincipals = requestMatchesStatementPrincipals;
|
|
8
9
|
/**
|
|
9
10
|
* Check to see if a request matches a Principal element in an IAM policy statement
|
|
10
11
|
*
|
|
@@ -104,4 +105,20 @@ function roleArnFromAssumedRoleArn(assumedRoleArn) {
|
|
|
104
105
|
const rolePathAndName = resourceParts.slice(1, -1).join('/');
|
|
105
106
|
return `arn:aws:iam::${stsParts[4]}:role/${rolePathAndName}`;
|
|
106
107
|
}
|
|
108
|
+
/**
|
|
109
|
+
* Check if a request matches the Resource or NotResource elements of a statement.
|
|
110
|
+
*
|
|
111
|
+
* @param request the request to check
|
|
112
|
+
* @param statement the statement to check against
|
|
113
|
+
* @returns true if the request matches the resources in the statement, false otherwise
|
|
114
|
+
*/
|
|
115
|
+
function requestMatchesStatementPrincipals(request, statement) {
|
|
116
|
+
if (statement.isPrincipalStatement()) {
|
|
117
|
+
return requestMatchesPrincipal(request, statement.principals());
|
|
118
|
+
}
|
|
119
|
+
else if (statement.isNotPrincipalStatement()) {
|
|
120
|
+
return requestMatchesNotPrincipal(request, statement.notPrincipals());
|
|
121
|
+
}
|
|
122
|
+
throw new Error('Statement should have Principal or NotPrincipal');
|
|
123
|
+
}
|
|
107
124
|
//# sourceMappingURL=principal.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"principal.js","sourceRoot":"","sources":["../../../src/principal/principal.ts"],"names":[],"mappings":";;AAsDA,0DAWC;AASD,gEAiBC;AASD,4EAgDC;AAID,4CAEC;AAED,8DAKC;
|
|
1
|
+
{"version":3,"file":"principal.js","sourceRoot":"","sources":["../../../src/principal/principal.ts"],"names":[],"mappings":";;AAsDA,0DAWC;AASD,gEAiBC;AASD,4EAgDC;AAID,4CAEC;AAED,8DAKC;AASD,8EAOC;AAlID;;;;;;GAMG;AACH,SAAgB,uBAAuB,CAAC,OAAmB,EAAE,SAAsB;IACjF,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,kBAAkB,CAAC,EAAE,CAAC,gCAAgC,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC,CAAA;IAClH,IAAG,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,IAAG,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;QACzC,OAAO,mBAAmB,CAAA;IAC5B,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,0BAA0B,CAAC,OAAmB,EAAE,YAAyB;IACvF,MAAM,OAAO,GAAG,YAAY,CAAC,GAAG,CAAC,kBAAkB,CAAC,EAAE,CAAC,gCAAgC,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC,CAAA;IACrH,IAAG,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,OAAO,SAAS,CAAA;IAClB,CAAC;IAED;;;;;OAKG;IACH,IAAG,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;QACzC,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,gCAAgC,CAAC,OAAmB,EAAE,kBAA6B;IACjG,IAAG,kBAAkB,CAAC,kBAAkB,EAAE,EAAE,CAAC;QAC3C,IAAG,kBAAkB,CAAC,OAAO,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC;YAC9D,OAAO,OAAO,CAAA;QAChB,CAAC;QACD,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,IAAG,kBAAkB,CAAC,wBAAwB,EAAE,EAAE,CAAC;QACjD,IAAG,kBAAkB,CAAC,aAAa,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC;YACpE,OAAO,OAAO,CAAA;QAChB,CAAC;QACD,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,IAAG,kBAAkB,CAAC,oBAAoB,EAAE,EAAE,CAAC;QAC7C,IAAG,kBAAkB,CAAC,SAAS,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC;YAChE,OAAO,OAAO,CAAA;QAChB,CAAC;QACD,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,IAAG,kBAAkB,CAAC,mBAAmB,EAAE,EAAE,CAAC;QAC5C,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,IAAG,kBAAkB,CAAC,kBAAkB,EAAE,EAAE,CAAC;QAC3C,IAAG,kBAAkB,CAAC,SAAS,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,CAAC;YACpE,OAAO,mBAAmB,CAAA;QAC5B,CAAC;QACD,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,IAAG,kBAAkB,CAAC,cAAc,EAAE,EAAE,CAAC;QACvC,IAAG,gBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC;YAC/C,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAA;YAC5C,MAAM,OAAO,GAAG,yBAAyB,CAAC,UAAU,CAAC,CAAA;YACrD,IAAG,kBAAkB,CAAC,GAAG,EAAE,KAAM,OAAO,IAAI,kBAAkB,CAAC,GAAG,EAAE,KAAK,UAAU,EAAE,CAAC;gBACpF,OAAO,OAAO,CAAA;YAChB,CAAC;QACH,CAAC;QAED,IAAG,kBAAkB,CAAC,GAAG,EAAE,KAAK,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC;YAC1D,OAAO,OAAO,CAAA;QAChB,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,MAAM,mBAAmB,GAAG,wCAAwC,CAAA;AAEpE,SAAgB,gBAAgB,CAAC,SAAiB;IAChD,OAAO,mBAAmB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;AAC5C,CAAC;AAED,SAAgB,yBAAyB,CAAC,cAAsB;IAC9D,MAAM,QAAQ,GAAG,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC1C,MAAM,aAAa,GAAG,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACjD,MAAM,eAAe,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAC5D,OAAO,gBAAgB,QAAQ,CAAC,CAAC,CAAC,SAAS,eAAe,EAAE,CAAA;AAC9D,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,iCAAiC,CAAC,OAAmB,EAAE,SAAoB;IACzF,IAAG,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;QACpC,OAAO,uBAAuB,CAAC,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC,CAAA;IACjE,CAAC;SAAM,IAAG,SAAS,CAAC,uBAAuB,EAAE,EAAE,CAAC;QAC9C,OAAO,0BAA0B,CAAC,OAAO,EAAE,SAAS,CAAC,aAAa,EAAE,CAAC,CAAC;IACxE,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAA;AACpE,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"requestPrincipal.d.ts","sourceRoot":"","sources":["../../../src/request/requestPrincipal.ts"],"names":[],"mappings":"AACA;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAE/B;;OAEG;IACH,KAAK,IAAI,MAAM,CAAC;IAEhB;;OAEG;IACH,SAAS,IAAI,MAAM,GAAG,SAAS,CAAC;CAEjC;AAED,qBAAa,oBAAqB,YAAW,gBAAgB;IAC/C,OAAO,CAAC,QAAQ,CAAC,QAAQ;gBAAR,QAAQ,EAAE,MAAM;IAE7C,SAAS,IAAI,MAAM,GAAG,SAAS;IAIxB,KAAK,IAAI,MAAM;
|
|
1
|
+
{"version":3,"file":"requestPrincipal.d.ts","sourceRoot":"","sources":["../../../src/request/requestPrincipal.ts"],"names":[],"mappings":"AACA;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAE/B;;OAEG;IACH,KAAK,IAAI,MAAM,CAAC;IAEhB;;OAEG;IACH,SAAS,IAAI,MAAM,GAAG,SAAS,CAAC;CAEjC;AAED,qBAAa,oBAAqB,YAAW,gBAAgB;IAC/C,OAAO,CAAC,QAAQ,CAAC,QAAQ;gBAAR,QAAQ,EAAE,MAAM;IAE7C,SAAS,IAAI,MAAM,GAAG,SAAS;IAIxB,KAAK,IAAI,MAAM;CAKvB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"requestPrincipal.js","sourceRoot":"","sources":["../../../src/request/requestPrincipal.ts"],"names":[],"mappings":";;;AAkBA,MAAa,oBAAoB;IACF;IAA7B,YAA6B,QAAgB;QAAhB,aAAQ,GAAR,QAAQ,CAAQ;IAAG,CAAC;IAEjD,SAAS;QACP,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC;IAEM,KAAK;QACV,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;
|
|
1
|
+
{"version":3,"file":"requestPrincipal.js","sourceRoot":"","sources":["../../../src/request/requestPrincipal.ts"],"names":[],"mappings":";;;AAkBA,MAAa,oBAAoB;IACF;IAA7B,YAA6B,QAAgB;QAAhB,aAAQ,GAAR,QAAQ,CAAQ;IAAG,CAAC;IAEjD,SAAS;QACP,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC;IAEM,KAAK;QACV,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;CAGF;AAZD,oDAYC"}
|
|
@@ -1,9 +1,38 @@
|
|
|
1
|
-
import { EvaluationResult } from "../evaluate.js";
|
|
1
|
+
import { EvaluationResult, ResourceEvaluationResult } from "../evaluate.js";
|
|
2
2
|
import { StatementAnalysis } from "../StatementAnalysis.js";
|
|
3
3
|
import { ServiceAuthorizationRequest, ServiceAuthorizer } from "./ServiceAuthorizer.js";
|
|
4
|
+
/**
|
|
5
|
+
* The default authorizer for services.
|
|
6
|
+
*/
|
|
4
7
|
export declare class DefaultServiceAuthorizer implements ServiceAuthorizer {
|
|
5
8
|
authorize(request: ServiceAuthorizationRequest): EvaluationResult;
|
|
9
|
+
/**
|
|
10
|
+
* Determine the result of the SCP analysis.
|
|
11
|
+
*
|
|
12
|
+
* @param request The request to authorize.
|
|
13
|
+
* @returns The result of the SCP analysis.
|
|
14
|
+
*/
|
|
15
|
+
serviceControlPolicyResult(request: ServiceAuthorizationRequest): EvaluationResult;
|
|
16
|
+
/**
|
|
17
|
+
* Evaluate the identity statements to determine the result.
|
|
18
|
+
*
|
|
19
|
+
* @param request The request to authorize.
|
|
20
|
+
* @returns The result of the identity statement analysis.
|
|
21
|
+
*/
|
|
6
22
|
identityStatementResult(request: ServiceAuthorizationRequest): EvaluationResult;
|
|
23
|
+
/**
|
|
24
|
+
* Evaluate the resource policy to determine the result.
|
|
25
|
+
*
|
|
26
|
+
* @param request the request to authorize
|
|
27
|
+
* @returns the result of the resource policy analysis
|
|
28
|
+
*/
|
|
29
|
+
resourcePolicyResult(request: ServiceAuthorizationRequest): ResourceEvaluationResult;
|
|
30
|
+
/**
|
|
31
|
+
* Checks if a statement is an identity statement that allows the request.
|
|
32
|
+
*
|
|
33
|
+
* @param statement The statement to check.
|
|
34
|
+
* @returns Whether the statement is an identity statement that allows the request.
|
|
35
|
+
*/
|
|
7
36
|
identityStatementAllows(statement: StatementAnalysis): boolean;
|
|
8
37
|
identityStatementUknownAllow(statement: StatementAnalysis): boolean;
|
|
9
38
|
identityStatementUknownDeny(statement: StatementAnalysis): boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DefaultServiceAuthorizer.d.ts","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"DefaultServiceAuthorizer.d.ts","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAC5E,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,2BAA2B,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAExF;;GAEG;AACH,qBAAa,wBAAyB,YAAW,iBAAiB;IACzD,SAAS,CAAC,OAAO,EAAE,2BAA2B,GAAG,gBAAgB;IAiDxE;;;;;OAKG;IACI,0BAA0B,CAAC,OAAO,EAAE,2BAA2B,GAAG,gBAAgB;IAwBzF;;;;;OAKG;IACI,uBAAuB,CAAC,OAAO,EAAE,2BAA2B,GAAG,gBAAgB;IAoBtF;;;;;OAKG;IACI,oBAAoB,CAAC,OAAO,EAAE,2BAA2B,GAAG,wBAAwB;IAyB3F;;;;;OAKG;IACI,uBAAuB,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO;IAU9D,4BAA4B,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO;IAUnE,2BAA2B,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO;IAUlE,6BAA6B,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO;CAS5E"}
|