@cloud-copilot/iam-simulate 0.1.5 → 0.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/ConditionKeys.d.ts +19 -0
- package/dist/cjs/ConditionKeys.d.ts.map +1 -0
- package/dist/cjs/ConditionKeys.js +27 -0
- package/dist/cjs/ConditionKeys.js.map +1 -0
- package/dist/cjs/SCPAnalysis.d.ts +6 -0
- package/dist/cjs/SCPAnalysis.d.ts.map +1 -0
- package/dist/cjs/SCPAnalysis.js +3 -0
- package/dist/cjs/SCPAnalysis.js.map +1 -0
- package/dist/cjs/context_keys/findContextKeys.d.ts +19 -0
- package/dist/cjs/context_keys/findContextKeys.d.ts.map +1 -0
- package/dist/cjs/context_keys/findContextKeys.js +57 -0
- package/dist/cjs/context_keys/findContextKeys.js.map +1 -0
- package/dist/cjs/core_engine/coreSimulatorEngine.d.ts +39 -0
- package/dist/cjs/core_engine/coreSimulatorEngine.d.ts.map +1 -1
- package/dist/cjs/core_engine/coreSimulatorEngine.js +56 -0
- package/dist/cjs/core_engine/coreSimulatorEngine.js.map +1 -1
- package/dist/cjs/evaluate.d.ts +1 -0
- package/dist/cjs/evaluate.d.ts.map +1 -1
- package/dist/cjs/global_conditions/globalConditionKeys.d.ts +9 -1
- package/dist/cjs/global_conditions/globalConditionKeys.d.ts.map +1 -1
- package/dist/cjs/global_conditions/globalConditionKeys.js +78 -50
- package/dist/cjs/global_conditions/globalConditionKeys.js.map +1 -1
- package/dist/cjs/index.d.ts +4 -0
- package/dist/cjs/index.d.ts.map +1 -1
- package/dist/cjs/index.js +10 -1
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/principal/principal.d.ts +9 -1
- package/dist/cjs/principal/principal.d.ts.map +1 -1
- package/dist/cjs/principal/principal.js +17 -0
- package/dist/cjs/principal/principal.js.map +1 -1
- package/dist/cjs/request/requestPrincipal.d.ts.map +1 -1
- package/dist/cjs/request/requestPrincipal.js.map +1 -1
- package/dist/cjs/services/DefaultServiceAuthorizer.d.ts +30 -1
- package/dist/cjs/services/DefaultServiceAuthorizer.d.ts.map +1 -1
- package/dist/cjs/services/DefaultServiceAuthorizer.js +93 -7
- package/dist/cjs/services/DefaultServiceAuthorizer.js.map +1 -1
- package/dist/cjs/services/ServiceAuthorizer.d.ts +3 -0
- package/dist/cjs/services/ServiceAuthorizer.d.ts.map +1 -1
- package/dist/cjs/simulation_engine/contextKeys.d.ts +9 -1
- package/dist/cjs/simulation_engine/contextKeys.d.ts.map +1 -1
- package/dist/cjs/simulation_engine/contextKeys.js +27 -40
- package/dist/cjs/simulation_engine/contextKeys.js.map +1 -1
- package/dist/cjs/simulation_engine/simulation.d.ts +12 -1
- package/dist/cjs/simulation_engine/simulation.d.ts.map +1 -1
- package/dist/cjs/simulation_engine/simulationEngine.d.ts +15 -0
- package/dist/cjs/simulation_engine/simulationEngine.d.ts.map +1 -1
- package/dist/cjs/simulation_engine/simulationEngine.js +126 -15
- package/dist/cjs/simulation_engine/simulationEngine.js.map +1 -1
- package/dist/cjs/simulation_engine/unsafeSimulationEngine.d.ts +1 -1
- package/dist/cjs/simulation_engine/unsafeSimulationEngine.d.ts.map +1 -1
- package/dist/cjs/simulation_engine/unsafeSimulationEngine.js +13 -4
- package/dist/cjs/simulation_engine/unsafeSimulationEngine.js.map +1 -1
- package/dist/cjs/util.d.ts +69 -0
- package/dist/cjs/util.d.ts.map +1 -1
- package/dist/cjs/util.js +166 -0
- package/dist/cjs/util.js.map +1 -1
- package/dist/esm/ConditionKeys.d.ts +19 -0
- package/dist/esm/ConditionKeys.d.ts.map +1 -0
- package/dist/esm/ConditionKeys.js +23 -0
- package/dist/esm/ConditionKeys.js.map +1 -0
- package/dist/esm/SCPAnalysis.d.ts +6 -0
- package/dist/esm/SCPAnalysis.d.ts.map +1 -0
- package/dist/esm/SCPAnalysis.js +2 -0
- package/dist/esm/SCPAnalysis.js.map +1 -0
- package/dist/esm/context_keys/findContextKeys.d.ts +19 -0
- package/dist/esm/context_keys/findContextKeys.d.ts.map +1 -0
- package/dist/esm/context_keys/findContextKeys.js +53 -0
- package/dist/esm/context_keys/findContextKeys.js.map +1 -0
- package/dist/esm/core_engine/coreSimulatorEngine.d.ts +39 -0
- package/dist/esm/core_engine/coreSimulatorEngine.d.ts.map +1 -1
- package/dist/esm/core_engine/coreSimulatorEngine.js +54 -0
- package/dist/esm/core_engine/coreSimulatorEngine.js.map +1 -1
- package/dist/esm/evaluate.d.ts +1 -0
- package/dist/esm/evaluate.d.ts.map +1 -1
- package/dist/esm/global_conditions/globalConditionKeys.d.ts +9 -1
- package/dist/esm/global_conditions/globalConditionKeys.d.ts.map +1 -1
- package/dist/esm/global_conditions/globalConditionKeys.js +76 -50
- package/dist/esm/global_conditions/globalConditionKeys.js.map +1 -1
- package/dist/esm/index.d.ts +4 -0
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.js +4 -0
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/principal/principal.d.ts +9 -1
- package/dist/esm/principal/principal.d.ts.map +1 -1
- package/dist/esm/principal/principal.js +16 -0
- package/dist/esm/principal/principal.js.map +1 -1
- package/dist/esm/request/requestPrincipal.d.ts.map +1 -1
- package/dist/esm/request/requestPrincipal.js.map +1 -1
- package/dist/esm/services/DefaultServiceAuthorizer.d.ts +30 -1
- package/dist/esm/services/DefaultServiceAuthorizer.d.ts.map +1 -1
- package/dist/esm/services/DefaultServiceAuthorizer.js +93 -7
- package/dist/esm/services/DefaultServiceAuthorizer.js.map +1 -1
- package/dist/esm/services/ServiceAuthorizer.d.ts +3 -0
- package/dist/esm/services/ServiceAuthorizer.d.ts.map +1 -1
- package/dist/esm/simulation_engine/contextKeys.d.ts +9 -1
- package/dist/esm/simulation_engine/contextKeys.d.ts.map +1 -1
- package/dist/esm/simulation_engine/contextKeys.js +28 -40
- package/dist/esm/simulation_engine/contextKeys.js.map +1 -1
- package/dist/esm/simulation_engine/simulation.d.ts +12 -1
- package/dist/esm/simulation_engine/simulation.d.ts.map +1 -1
- package/dist/esm/simulation_engine/simulationEngine.d.ts +15 -0
- package/dist/esm/simulation_engine/simulationEngine.d.ts.map +1 -1
- package/dist/esm/simulation_engine/simulationEngine.js +126 -16
- package/dist/esm/simulation_engine/simulationEngine.js.map +1 -1
- package/dist/esm/simulation_engine/unsafeSimulationEngine.d.ts +1 -1
- package/dist/esm/simulation_engine/unsafeSimulationEngine.d.ts.map +1 -1
- package/dist/esm/simulation_engine/unsafeSimulationEngine.js +13 -4
- package/dist/esm/simulation_engine/unsafeSimulationEngine.js.map +1 -1
- package/dist/esm/util.d.ts +69 -0
- package/dist/esm/util.d.ts.map +1 -1
- package/dist/esm/util.js +158 -0
- package/dist/esm/util.js.map +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DefaultServiceAuthorizer.js","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":"AAIA,MAAM,OAAO,wBAAwB;IAC5B,SAAS,CAAC,OAAoC;QACnD,MAAM,uBAAuB,GAAG,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;QACtE,MAAM,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,CAAA;QAC9D,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,SAAS,EAAE,CAAA;
|
|
1
|
+
{"version":3,"file":"DefaultServiceAuthorizer.js","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":"AAIA;;GAEG;AACH,MAAM,OAAO,wBAAwB;IAC5B,SAAS,CAAC,OAAoC;QACnD,MAAM,SAAS,GAAG,IAAI,CAAC,0BAA0B,CAAC,OAAO,CAAC,CAAC;QAC3D,MAAM,uBAAuB,GAAG,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;QACtE,MAAM,oBAAoB,GAAG,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;QAEhE,MAAM,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,CAAA;QAC9D,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,SAAS,EAAE,CAAA;QAE7D,IAAG,SAAS,KAAK,SAAS,EAAE,CAAC;YAC3B,OAAO,SAAS,CAAA;QAClB,CAAC;QAED,IAAG,oBAAoB,KAAK,kBAAkB,IAAI,oBAAoB,KAAK,kBAAkB,EAAE,CAAC;YAC9F,OAAO,kBAAkB,CAAA;QAC3B,CAAC;QAED,IAAG,uBAAuB,KAAK,kBAAkB,EAAE,CAAC;YAClD,OAAO,kBAAkB,CAAA;QAC3B,CAAC;QAED,cAAc;QACd,IAAG,gBAAgB,KAAK,eAAe,EAAE,CAAC;YACxC,IAAG,oBAAoB,KAAK,SAAS,IAAI,oBAAoB,KAAK,mBAAmB,IAAI,uBAAuB,KAAK,SAAS,EAAE,CAAC;gBAC/H,OAAO,SAAS,CAAA;YAClB,CAAC;YACD,OAAO,kBAAkB,CAAA;QAC3B,CAAC;QAED,eAAe;QACf,IAAG,oBAAoB,KAAK,SAAS,IAAI,oBAAoB,KAAK,mBAAmB,EAAE,CAAC;YACtF,IAAG,uBAAuB,KAAK,SAAS,EAAE,CAAC;gBACzC,OAAO,SAAS,CAAA;YAClB,CAAC;YACD,OAAO,kBAAkB,CAAA;QAC3B,CAAC;QAED,OAAO,kBAAkB,CAAA;QAEzB;;;;;;;;WAQG;IACL,CAAC;IAED;;;;;OAKG;IACI,0BAA0B,CAAC,OAAoC;QACpE,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE;YACxD,OAAO,WAAW,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;gBACtD,OAAO,IAAI,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAA;YAChD,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QAEF,IAAG,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,kBAAkB,CAAA;QAC3B,CAAC;QAED,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE;YAC1D,OAAO,WAAW,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;gBACtD,OAAO,IAAI,CAAC,6BAA6B,CAAC,SAAS,CAAC,CAAA;YACtD,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QAEF,IAAG,UAAU,EAAE,CAAC;YACd,OAAO,kBAAkB,CAAA;QAC3B,CAAC;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAED;;;;;OAKG;IACI,uBAAuB,CAAC,OAAoC;QACjE,MAAM,YAAY,GAAG,OAAO,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,CAAC,CAAC,CAAC;QACjG,IAAG,YAAY,EAAE,CAAC;YAChB,OAAO,kBAAkB,CAAC;QAC5B,CAAC;QAED,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5F,MAAM,YAAY,GAAG,OAAO,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/F,IAAG,aAAa,EAAE,CAAC;YACjB,OAAO,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;QAC9C,CAAC;QAED,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC,CAAC,CAAC,CAAC;QACjG,IAAG,aAAa,EAAE,CAAC;YACjB,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,OAAO,kBAAkB,CAAA;IAC3B,CAAC;IAED;;;;;OAKG;IACI,oBAAoB,CAAC,OAAoC;QAC9D,IAAG,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;YAC7B,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,MAAM,cAAc,GAAG,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,CAAC,CAAC,CAAC;QACnG,IAAG,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,OAAO,CAAC,EAAE,CAAC;YAC1D,OAAO,kBAAkB,CAAA;QAC3B,CAAC;QACD,IAAG,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,mBAAmB,CAAC,EAAE,CAAC;YACtE,OAAO,kBAAkB,CAAA;QAC3B,CAAC;QAED,MAAM,eAAe,GAAG,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9F,IAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,OAAO,CAAC,EAAE,CAAC;YAC3D,OAAO,SAAS,CAAA;QAClB,CAAC;QACD,IAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,mBAAmB,CAAC,EAAE,CAAC;YACvE,OAAO,mBAAmB,CAAA;QAC5B,CAAC;QAED,OAAO,iBAAiB,CAAA;IAE1B,CAAC;IAED;;;;;OAKG;IACI,uBAAuB,CAAC,SAA4B;QACzD,IAAG,SAAS,CAAC,aAAa;YACxB,SAAS,CAAC,WAAW;YACrB,SAAS,CAAC,cAAc,KAAK,OAAO;YACpC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,OAAO,EAAE,CAAC;YACzC,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAEM,4BAA4B,CAAC,SAA4B;QAC9D,IAAG,SAAS,CAAC,aAAa;YACxB,SAAS,CAAC,WAAW;YACrB,SAAS,CAAC,cAAc,KAAK,SAAS;YACtC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,OAAO,EAAE,CAAC;YACzC,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,KAAK,CAAA;IACd,CAAC;IAEM,2BAA2B,CAAC,SAA4B;QAC7D,IAAG,SAAS,CAAC,aAAa;YACxB,SAAS,CAAC,WAAW;YACrB,SAAS,CAAC,cAAc,KAAK,SAAS;YACtC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,MAAM,EAAE,CAAC;YACxC,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,KAAK,CAAA;IACd,CAAC;IAEM,6BAA6B,CAAC,SAA4B;QAC/D,IAAG,SAAS,CAAC,aAAa;YACxB,SAAS,CAAC,WAAW;YACrB,SAAS,CAAC,cAAc,KAAK,OAAO;YACpC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,MAAM,EAAE,CAAC;YACxC,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;CACF"}
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
import { EvaluationResult } from "../evaluate.js";
|
|
2
2
|
import { AwsRequest } from "../request/request.js";
|
|
3
|
+
import { SCPAnalysis } from "../SCPAnalysis.js";
|
|
3
4
|
import { StatementAnalysis } from "../StatementAnalysis.js";
|
|
4
5
|
export interface ServiceAuthorizationRequest {
|
|
5
6
|
request: AwsRequest;
|
|
6
7
|
identityStatements: StatementAnalysis[];
|
|
8
|
+
scpAnalysis: SCPAnalysis[];
|
|
9
|
+
resourceAnalysis: StatementAnalysis[];
|
|
7
10
|
}
|
|
8
11
|
export interface ServiceAuthorizer {
|
|
9
12
|
authorize(request: ServiceAuthorizationRequest): EvaluationResult;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ServiceAuthorizer.d.ts","sourceRoot":"","sources":["../../../src/services/ServiceAuthorizer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D,MAAM,WAAW,2BAA2B;IAC1C,OAAO,EAAE,UAAU,CAAC;IACpB,kBAAkB,EAAE,iBAAiB,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"ServiceAuthorizer.d.ts","sourceRoot":"","sources":["../../../src/services/ServiceAuthorizer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D,MAAM,WAAW,2BAA2B;IAC1C,OAAO,EAAE,UAAU,CAAC;IACpB,kBAAkB,EAAE,iBAAiB,EAAE,CAAC;IACxC,WAAW,EAAE,WAAW,EAAE,CAAC;IAC3B,gBAAgB,EAAE,iBAAiB,EAAE,CAAC;CACvC;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,CAAC,OAAO,EAAE,2BAA2B,GAAG,gBAAgB,CAAA;CAClE"}
|
|
@@ -1,3 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Get the allowed context keys for a request.
|
|
3
|
+
*
|
|
4
|
+
* @param service The service the action belongs to
|
|
5
|
+
* @param action The action to get the allowed context keys for
|
|
6
|
+
* @param resource The resource the action is being performed on
|
|
7
|
+
* @returns The allowed context keys for the request as lower case strings
|
|
8
|
+
* @throws error if the service or action does not exist
|
|
9
|
+
*/
|
|
1
10
|
export declare function allowedContextKeysForRequest(service: string, action: string, resource: string): Promise<string[]>;
|
|
2
|
-
export declare function convertPatternToRegex(pattern: string): string;
|
|
3
11
|
//# sourceMappingURL=contextKeys.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contextKeys.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/contextKeys.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"contextKeys.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/contextKeys.ts"],"names":[],"mappings":"AAIA;;;;;;;;GAQG;AACH,wBAAsB,4BAA4B,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAyBvH"}
|
|
@@ -1,49 +1,37 @@
|
|
|
1
|
-
import { iamActionDetails
|
|
1
|
+
import { iamActionDetails } from "@cloud-copilot/iam-data";
|
|
2
|
+
import { allGlobalConditionKeys } from "../global_conditions/globalConditionKeys.js";
|
|
3
|
+
import { getResourceTypesForAction, isWildcardOnlyAction, lowerCaseAll } from "../util.js";
|
|
4
|
+
/**
|
|
5
|
+
* Get the allowed context keys for a request.
|
|
6
|
+
*
|
|
7
|
+
* @param service The service the action belongs to
|
|
8
|
+
* @param action The action to get the allowed context keys for
|
|
9
|
+
* @param resource The resource the action is being performed on
|
|
10
|
+
* @returns The allowed context keys for the request as lower case strings
|
|
11
|
+
* @throws error if the service or action does not exist
|
|
12
|
+
*/
|
|
2
13
|
export async function allowedContextKeysForRequest(service, action, resource) {
|
|
3
14
|
const actionDetails = await iamActionDetails(service, action);
|
|
4
|
-
const actionConditionKeys = actionDetails.conditionKeys;
|
|
5
|
-
|
|
6
|
-
|
|
15
|
+
const actionConditionKeys = lowerCaseAll(actionDetails.conditionKeys);
|
|
16
|
+
const isWildCardOnly = await isWildcardOnlyAction(service, action);
|
|
17
|
+
if (isWildCardOnly) {
|
|
18
|
+
return [
|
|
19
|
+
...actionConditionKeys,
|
|
20
|
+
...allGlobalConditionKeys()
|
|
21
|
+
];
|
|
7
22
|
}
|
|
8
|
-
const
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
const pattern = convertPatternToRegex(resourceType.arn);
|
|
12
|
-
const match = resource.match(new RegExp(pattern));
|
|
13
|
-
if (match) {
|
|
14
|
-
matchingResourceTypes.push(resourceType);
|
|
15
|
-
}
|
|
23
|
+
const resourceTypes = await getResourceTypesForAction(service, action, resource);
|
|
24
|
+
if (resourceTypes.length === 0) {
|
|
25
|
+
throw new Error(`No resource types found for action ${action} on service ${service}`);
|
|
16
26
|
}
|
|
17
|
-
if (
|
|
18
|
-
|
|
19
|
-
throw new Error(`found ${matchingResourceTypes.length} matching resource types for ${resource}: ${matchNames}`);
|
|
27
|
+
else if (resourceTypes.length > 1) {
|
|
28
|
+
throw new Error(`Multiple resource types found for action ${action} on service ${service}`);
|
|
20
29
|
}
|
|
21
|
-
|
|
30
|
+
const resourceTypeConditions = actionDetails.resourceTypes.find(rt => rt.name === resourceTypes[0].key).conditionKeys;
|
|
22
31
|
return [
|
|
23
|
-
...
|
|
24
|
-
...actionConditionKeys
|
|
32
|
+
...lowerCaseAll(resourceTypeConditions),
|
|
33
|
+
...actionConditionKeys,
|
|
34
|
+
...allGlobalConditionKeys()
|
|
25
35
|
];
|
|
26
36
|
}
|
|
27
|
-
export function convertPatternToRegex(pattern) {
|
|
28
|
-
const regex = pattern.replace(/\$\{.*?\}/g, (match) => {
|
|
29
|
-
const name = match.substring(2, match.length - 1);
|
|
30
|
-
const camelName = name.at(0)?.toLowerCase() + name.substring(1);
|
|
31
|
-
return `(?<${camelName}>(.*?))`;
|
|
32
|
-
});
|
|
33
|
-
return `^${regex}$`;
|
|
34
|
-
// const parts = pattern.split('/')
|
|
35
|
-
// const lastPart = parts[parts.length - 1]
|
|
36
|
-
// const modifiedParts = parts.map((part) => {
|
|
37
|
-
// if (part.startsWith('${') && part.endsWith('}')) {
|
|
38
|
-
// const name = part.substring(2, part.length - 1)
|
|
39
|
-
// const camelName = name.at(0)?.toLowerCase() + name.substring(1)
|
|
40
|
-
// if (part === lastPart) {
|
|
41
|
-
// return `(?<${camelName}>(.*))`
|
|
42
|
-
// }
|
|
43
|
-
// return `(?<${camelName}>([^\/]+))`
|
|
44
|
-
// }
|
|
45
|
-
// return part
|
|
46
|
-
// })
|
|
47
|
-
// return modifiedParts.join('\/')
|
|
48
|
-
}
|
|
49
37
|
//# sourceMappingURL=contextKeys.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contextKeys.js","sourceRoot":"","sources":["../../../src/simulation_engine/contextKeys.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,
|
|
1
|
+
{"version":3,"file":"contextKeys.js","sourceRoot":"","sources":["../../../src/simulation_engine/contextKeys.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,sBAAsB,EAAE,MAAM,6CAA6C,CAAC;AACrF,OAAO,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE3F;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAAC,OAAe,EAAE,MAAc,EAAE,QAAgB;IAClG,MAAM,aAAa,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9D,MAAM,mBAAmB,GAAG,YAAY,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;IAEtE,MAAM,cAAc,GAAG,MAAM,oBAAoB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACnE,IAAG,cAAc,EAAE,CAAC;QAClB,OAAO;YACL,GAAG,mBAAmB;YACtB,GAAG,sBAAsB,EAAE;SAC5B,CAAA;IACH,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,yBAAyB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IACjF,IAAG,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,sCAAsC,MAAM,eAAe,OAAO,EAAE,CAAC,CAAA;IACvF,CAAC;SAAM,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,4CAA4C,MAAM,eAAe,OAAO,EAAE,CAAC,CAAA;IAC7F,CAAC;IACD,MAAM,sBAAsB,GAAG,aAAa,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,KAAK,aAAa,CAAC,CAAC,CAAC,CAAC,GAAG,CAAE,CAAC,aAAa,CAAA;IAEtH,OAAO;QACL,GAAG,YAAY,CAAC,sBAAsB,CAAC;QACvC,GAAG,mBAAmB;QACtB,GAAG,sBAAsB,EAAE;KAC5B,CAAA;AACH,CAAC"}
|
|
@@ -8,6 +8,17 @@ export interface Simulation {
|
|
|
8
8
|
};
|
|
9
9
|
contextVariables: Record<string, string | string[]>;
|
|
10
10
|
};
|
|
11
|
-
identityPolicies:
|
|
11
|
+
identityPolicies: {
|
|
12
|
+
name: string;
|
|
13
|
+
policy: any;
|
|
14
|
+
}[];
|
|
15
|
+
serviceControlPolicies: {
|
|
16
|
+
orgIdentifier: string;
|
|
17
|
+
policies: {
|
|
18
|
+
name: string;
|
|
19
|
+
policy: any;
|
|
20
|
+
}[];
|
|
21
|
+
}[];
|
|
22
|
+
resourcePolicy?: any;
|
|
12
23
|
}
|
|
13
24
|
//# sourceMappingURL=simulation.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"simulation.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/simulation.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,EAAE;YACR,QAAQ,EAAE,MAAM,CAAC;YACjB,SAAS,EAAE,MAAM,CAAA;SAClB,CAAA;QACD,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;KACrD,CAAA;IAED,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"simulation.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/simulation.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,EAAE;YACR,QAAQ,EAAE,MAAM,CAAC;YACjB,SAAS,EAAE,MAAM,CAAA;SAClB,CAAA;QACD,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;KACrD,CAAA;IAED,gBAAgB,EAAE;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,GAAG,CAAA;KAAC,EAAE,CAAC;IAChD,sBAAsB,EAAE;QACtB,aAAa,EAAE,MAAM,CAAC;QACtB,QAAQ,EAAE;YAAC,IAAI,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,GAAG,CAAA;SAAC,EAAE,CAAA;KACxC,EAAE,CAAC;IACJ,cAAc,CAAC,EAAE,GAAG,CAAC;CACtB"}
|
|
@@ -1,11 +1,26 @@
|
|
|
1
1
|
import { ValidationError } from "@cloud-copilot/iam-policy";
|
|
2
|
+
import { EvaluationResult } from "../evaluate.js";
|
|
2
3
|
import { Simulation } from "./simulation.js";
|
|
3
4
|
import { SimulationOptions } from "./simulationOptions.js";
|
|
4
5
|
export interface SimulationErrors {
|
|
5
6
|
identityPolicyErrors?: Record<string, ValidationError[]>;
|
|
7
|
+
seviceControlPolicyErrors?: Record<string, ValidationError[]>;
|
|
8
|
+
resourcePolicyErrors?: ValidationError[];
|
|
6
9
|
message: string;
|
|
7
10
|
}
|
|
8
11
|
export interface SimulationResult {
|
|
12
|
+
errors?: SimulationErrors;
|
|
13
|
+
result?: {
|
|
14
|
+
evaluationResult: EvaluationResult;
|
|
15
|
+
};
|
|
9
16
|
}
|
|
17
|
+
/**
|
|
18
|
+
* Run a simulation with validation
|
|
19
|
+
*
|
|
20
|
+
* @param simulation The simulation to run
|
|
21
|
+
* @param simulationOptions Options for the simulation
|
|
22
|
+
* @returns
|
|
23
|
+
*/
|
|
10
24
|
export declare function runSimulation(simulation: Simulation, simulationOptions: Partial<SimulationOptions>): Promise<SimulationResult>;
|
|
25
|
+
export declare function normalizeSimulationParameters(simulation: Simulation): Promise<Record<string, string | string[]>>;
|
|
11
26
|
//# sourceMappingURL=simulationEngine.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"simulationEngine.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":"AACA,OAAO,
|
|
1
|
+
{"version":3,"file":"simulationEngine.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":"AACA,OAAO,EAAoG,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAG9J,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAKlD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;IACzD,yBAAyB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;IAC9D,oBAAoB,CAAC,EAAE,eAAe,EAAE,CAAC;IACzC,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,CAAC,EAAE,gBAAgB,CAAC;IAC1B,MAAM,CAAC,EAAE;QACP,gBAAgB,EAAE,gBAAgB,CAAA;KACnC,CAAA;CACF;AAED;;;;;;GAMG;AACH,wBAAsB,aAAa,CAAC,UAAU,EAAE,UAAU,EAAE,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC,CA+HpI;AAED,wBAAsB,6BAA6B,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC,CA0BtH"}
|
|
@@ -1,45 +1,155 @@
|
|
|
1
1
|
import { iamActionExists, iamServiceExists } from "@cloud-copilot/iam-data";
|
|
2
|
-
import {
|
|
2
|
+
import { loadPolicy, validateIdentityPolicy, validateResourcePolicy, validateServiceControlPolicy } from "@cloud-copilot/iam-policy";
|
|
3
|
+
import { isConditionKeyArray } from "../ConditionKeys.js";
|
|
4
|
+
import { authorize } from "../core_engine/coreSimulatorEngine.js";
|
|
5
|
+
import { AwsRequestImpl } from "../request/request.js";
|
|
6
|
+
import { RequestContextImpl } from "../requestContext.js";
|
|
7
|
+
import { getResourceTypesForAction, isWildcardOnlyAction, normalizeContextKeyCase, typeForContextKey } from "../util.js";
|
|
3
8
|
import { allowedContextKeysForRequest } from "./contextKeys.js";
|
|
9
|
+
/**
|
|
10
|
+
* Run a simulation with validation
|
|
11
|
+
*
|
|
12
|
+
* @param simulation The simulation to run
|
|
13
|
+
* @param simulationOptions Options for the simulation
|
|
14
|
+
* @returns
|
|
15
|
+
*/
|
|
4
16
|
export async function runSimulation(simulation, simulationOptions) {
|
|
5
|
-
const identityPolicyErrors =
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
17
|
+
const identityPolicyErrors = {};
|
|
18
|
+
const identityPolicies = [];
|
|
19
|
+
simulation.identityPolicies.forEach((value) => {
|
|
20
|
+
const { name, policy } = value;
|
|
21
|
+
const validationErrors = validateIdentityPolicy(policy);
|
|
22
|
+
if (validationErrors.length == 0) {
|
|
23
|
+
identityPolicies.push(loadPolicy(policy));
|
|
24
|
+
}
|
|
25
|
+
else {
|
|
26
|
+
identityPolicyErrors[name] = validationErrors;
|
|
27
|
+
}
|
|
28
|
+
});
|
|
29
|
+
const seviceControlPolicyErrors = {};
|
|
30
|
+
const serviceControlPolicies = simulation.serviceControlPolicies.map((scp) => {
|
|
31
|
+
const ouId = scp.orgIdentifier;
|
|
32
|
+
const validPolicies = [];
|
|
33
|
+
scp.policies.forEach((value) => {
|
|
34
|
+
const { name, policy } = value;
|
|
35
|
+
const validationErrors = validateServiceControlPolicy(policy);
|
|
36
|
+
if (validationErrors.length > 0) {
|
|
37
|
+
seviceControlPolicyErrors[name] = validationErrors;
|
|
38
|
+
}
|
|
39
|
+
else {
|
|
40
|
+
validPolicies.push(loadPolicy(policy));
|
|
41
|
+
}
|
|
42
|
+
});
|
|
43
|
+
return {
|
|
44
|
+
orgIdentifier: ouId,
|
|
45
|
+
policies: validPolicies
|
|
46
|
+
};
|
|
47
|
+
});
|
|
48
|
+
const resourcePolicyErrors = simulation.resourcePolicy ? validateResourcePolicy(simulation.resourcePolicy) : [];
|
|
49
|
+
if (Object.keys(identityPolicyErrors).length > 0 ||
|
|
50
|
+
Object.keys(seviceControlPolicyErrors).length > 0 ||
|
|
51
|
+
resourcePolicyErrors.length > 0) {
|
|
11
52
|
return {
|
|
12
|
-
|
|
53
|
+
errors: {
|
|
54
|
+
identityPolicyErrors,
|
|
55
|
+
seviceControlPolicyErrors,
|
|
56
|
+
resourcePolicyErrors,
|
|
57
|
+
message: 'policy.errors'
|
|
58
|
+
}
|
|
13
59
|
};
|
|
14
60
|
}
|
|
61
|
+
const resourcePolicy = simulation.resourcePolicy ? loadPolicy(simulation.resourcePolicy) : undefined;
|
|
15
62
|
if (simulation.request.action.split(":").length != 2) {
|
|
16
63
|
return {
|
|
17
|
-
|
|
64
|
+
errors: {
|
|
65
|
+
message: 'invalid.action'
|
|
66
|
+
}
|
|
18
67
|
};
|
|
19
68
|
}
|
|
20
69
|
const [service, action] = simulation.request.action.split(":");
|
|
21
70
|
const validService = await iamServiceExists(service);
|
|
22
71
|
if (!validService) {
|
|
23
72
|
return {
|
|
24
|
-
|
|
73
|
+
errors: {
|
|
74
|
+
message: 'invalid.service'
|
|
75
|
+
}
|
|
25
76
|
};
|
|
26
77
|
}
|
|
27
78
|
const validAction = await iamActionExists(service, action);
|
|
28
79
|
if (!validAction) {
|
|
29
80
|
return {
|
|
30
|
-
|
|
81
|
+
errors: {
|
|
82
|
+
message: 'invalid.action'
|
|
83
|
+
}
|
|
31
84
|
};
|
|
32
85
|
}
|
|
33
86
|
const resourceArn = simulation.request.resource.resource;
|
|
87
|
+
const isWildCardOnlyAction = await isWildcardOnlyAction(service, action);
|
|
88
|
+
if (isWildCardOnlyAction) {
|
|
89
|
+
if (resourceArn !== "*") {
|
|
90
|
+
return {
|
|
91
|
+
errors: {
|
|
92
|
+
message: 'must.use.wildcard'
|
|
93
|
+
}
|
|
94
|
+
};
|
|
95
|
+
}
|
|
96
|
+
}
|
|
97
|
+
else {
|
|
98
|
+
const resourceTypes = await getResourceTypesForAction(service, action, resourceArn);
|
|
99
|
+
if (resourceTypes.length === 0) {
|
|
100
|
+
return {
|
|
101
|
+
errors: {
|
|
102
|
+
message: 'no.resource.types'
|
|
103
|
+
}
|
|
104
|
+
};
|
|
105
|
+
}
|
|
106
|
+
else if (resourceTypes.length > 1) {
|
|
107
|
+
return {
|
|
108
|
+
errors: {
|
|
109
|
+
message: 'multiple.resource.types'
|
|
110
|
+
}
|
|
111
|
+
};
|
|
112
|
+
}
|
|
113
|
+
}
|
|
114
|
+
const contextValues = await normalizeSimulationParameters(simulation);
|
|
115
|
+
const simulationResult = authorize({
|
|
116
|
+
request: new AwsRequestImpl(simulation.request.principal, {
|
|
117
|
+
resource: simulation.request.resource.resource,
|
|
118
|
+
accountId: simulation.request.resource.accountId
|
|
119
|
+
}, simulation.request.action, new RequestContextImpl(contextValues)),
|
|
120
|
+
identityPolicies,
|
|
121
|
+
serviceControlPolicies,
|
|
122
|
+
resourcePolicy
|
|
123
|
+
});
|
|
124
|
+
return {
|
|
125
|
+
result: {
|
|
126
|
+
evaluationResult: simulationResult
|
|
127
|
+
}
|
|
128
|
+
};
|
|
129
|
+
}
|
|
130
|
+
export async function normalizeSimulationParameters(simulation) {
|
|
131
|
+
const [service, action] = simulation.request.action.split(":");
|
|
132
|
+
const resourceArn = simulation.request.resource.resource;
|
|
34
133
|
const contextVariablesForAction = new Set(await allowedContextKeysForRequest(service, action, resourceArn));
|
|
35
|
-
//
|
|
134
|
+
//Get the types of the context variables and set a string or array of strings based on that.
|
|
36
135
|
const allowedContextKeys = {};
|
|
37
136
|
for (const key of Object.keys(simulation.request.contextVariables)) {
|
|
38
|
-
|
|
39
|
-
|
|
137
|
+
const value = simulation.request.contextVariables[key];
|
|
138
|
+
const lowerCaseKey = key.toLowerCase();
|
|
139
|
+
if (contextVariablesForAction.has(lowerCaseKey)) {
|
|
140
|
+
const conditionType = await typeForContextKey(lowerCaseKey);
|
|
141
|
+
const normalizedKey = await normalizeContextKeyCase(lowerCaseKey);
|
|
142
|
+
if (isConditionKeyArray(conditionType)) {
|
|
143
|
+
allowedContextKeys[normalizedKey] = [value].flat();
|
|
144
|
+
}
|
|
145
|
+
else if (Array.isArray(value)) {
|
|
146
|
+
allowedContextKeys[normalizedKey] = value[0];
|
|
147
|
+
}
|
|
148
|
+
else {
|
|
149
|
+
allowedContextKeys[normalizedKey] = value;
|
|
150
|
+
}
|
|
40
151
|
}
|
|
41
152
|
}
|
|
42
|
-
|
|
43
|
-
return {};
|
|
153
|
+
return allowedContextKeys;
|
|
44
154
|
}
|
|
45
155
|
//# sourceMappingURL=simulationEngine.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"simulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC5E,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"simulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC5E,OAAO,EAAE,UAAU,EAAU,sBAAsB,EAAE,sBAAsB,EAAE,4BAA4B,EAAmB,MAAM,2BAA2B,CAAC;AAC9J,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,SAAS,EAA0B,MAAM,uCAAuC,CAAC;AAE1F,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AACzH,OAAO,EAAE,4BAA4B,EAAE,MAAM,kBAAkB,CAAC;AAkBhE;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,UAAsB,EAAE,iBAA6C;IACvG,MAAM,oBAAoB,GAAsC,EAAE,CAAC;IACnE,MAAM,gBAAgB,GAAa,EAAE,CAAC;IACtC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QAC5C,MAAM,EAAC,IAAI,EAAE,MAAM,EAAC,GAAG,KAAK,CAAC;QAC7B,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAC;QACxD,IAAG,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YAChC,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,oBAAoB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC;QAChD,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,yBAAyB,GAAsC,EAAE,CAAC;IACxE,MAAM,sBAAsB,GAA6B,UAAU,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACrG,MAAM,IAAI,GAAG,GAAG,CAAC,aAAa,CAAC;QAC/B,MAAM,aAAa,GAAa,EAAE,CAAC;QAEnC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;YAC7B,MAAM,EAAC,IAAI,EAAE,MAAM,EAAC,GAAG,KAAK,CAAC;YAC7B,MAAM,gBAAgB,GAAG,4BAA4B,CAAC,MAAM,CAAC,CAAC;YAC9D,IAAG,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC/B,yBAAyB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC;YACrD,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;YACzC,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,QAAQ,EAAE,aAAa;SACxB,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,oBAAoB,GAAG,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,sBAAsB,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAEhH,IAAG,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,MAAM,GAAG,CAAC;QAC5C,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,MAAM,GAAG,CAAC;QACjD,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,OAAO;YACL,MAAM,EAAE;gBACN,oBAAoB;gBACpB,yBAAyB;gBACzB,oBAAoB;gBACpB,OAAO,EAAE,eAAe;aACzB;SACF,CAAA;IACH,CAAC;IAED,MAAM,cAAc,GAAG,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAErG,IAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACpD,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,gBAAgB;aAC1B;SACF,CAAA;IACH,CAAC;IAED,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/D,MAAM,YAAY,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACrD,IAAG,CAAC,YAAY,EAAE,CAAC;QACjB,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,iBAAiB;aAC3B;SACF,CAAA;IACH,CAAC;IACD,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC3D,IAAG,CAAC,WAAW,EAAE,CAAC;QAChB,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,gBAAgB;aAC1B;SACF,CAAA;IACH,CAAC;IAED,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;IACzD,MAAM,oBAAoB,GAAG,MAAM,oBAAoB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACzE,IAAG,oBAAoB,EAAE,CAAC;QACxB,IAAG,WAAW,KAAK,GAAG,EAAE,CAAC;YACvB,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,mBAAmB;iBAC7B;aACF,CAAA;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,aAAa,GAAG,MAAM,yBAAyB,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;QACpF,IAAG,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,mBAAmB;iBAC7B;aAEF,CAAA;QACH,CAAC;aAAM,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,yBAAyB;iBACnC;aACF,CAAA;QACH,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,6BAA6B,CAAC,UAAU,CAAC,CAAC;IAEtE,MAAM,gBAAgB,GAAG,SAAS,CAAC;QACjC,OAAO,EAAE,IAAI,cAAc,CACzB,UAAU,CAAC,OAAO,CAAC,SAAS,EAC5B;YACE,QAAQ,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ;YAC9C,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS;SACjD,EACD,UAAU,CAAC,OAAO,CAAC,MAAM,EACzB,IAAI,kBAAkB,CAAC,aAAa,CAAC,CACtC;QACD,gBAAgB;QAChB,sBAAsB;QACtB,cAAc;KACf,CAAC,CAAA;IAEF,OAAO;QACL,MAAM,EAAE;YACN,gBAAgB,EAAE,gBAAgB;SACnC;KACF,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,6BAA6B,CAAC,UAAsB;IACxE,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;IACzD,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC,MAAM,4BAA4B,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,CAAA;IAE3G,4FAA4F;IAC5F,MAAM,kBAAkB,GAAsC,EAAE,CAAC;IACjE,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACnE,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACvD,MAAM,YAAY,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QACvC,IAAI,yBAAyB,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;YAEhD,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,YAAY,CAAC,CAAC;YAC5D,MAAM,aAAa,GAAG,MAAM,uBAAuB,CAAC,YAAY,CAAC,CAAC;YAElE,IAAG,mBAAmB,CAAC,aAAa,CAAC,EAAE,CAAC;gBACtC,kBAAkB,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;YACrD,CAAC;iBAAM,IAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC/B,kBAAkB,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC/C,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC;YAC5C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,kBAAkB,CAAA;AAC3B,CAAC"}
|
|
@@ -2,7 +2,7 @@ import { type EvaluationResult } from "../evaluate.js";
|
|
|
2
2
|
import { Simulation } from "./simulation.js";
|
|
3
3
|
import { SimulationOptions } from "./simulationOptions.js";
|
|
4
4
|
/**
|
|
5
|
-
* Runs a simulation without input validation or context
|
|
5
|
+
* Runs a simulation without input validation or context variable verification.
|
|
6
6
|
* Use this if you know what you're doing.
|
|
7
7
|
*
|
|
8
8
|
* @param simulation The simulation to run.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"unsafeSimulationEngine.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/unsafeSimulationEngine.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAGvD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,UAAU,EAAE,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAAG,gBAAgB,
|
|
1
|
+
{"version":3,"file":"unsafeSimulationEngine.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/unsafeSimulationEngine.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAGvD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,UAAU,EAAE,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAAG,gBAAgB,CAuB3H"}
|
|
@@ -3,7 +3,7 @@ import { authorize } from "../core_engine/coreSimulatorEngine.js";
|
|
|
3
3
|
import { AwsRequestImpl } from "../request/request.js";
|
|
4
4
|
import { RequestContextImpl } from "../requestContext.js";
|
|
5
5
|
/**
|
|
6
|
-
* Runs a simulation without input validation or context
|
|
6
|
+
* Runs a simulation without input validation or context variable verification.
|
|
7
7
|
* Use this if you know what you're doing.
|
|
8
8
|
*
|
|
9
9
|
* @param simulation The simulation to run.
|
|
@@ -11,8 +11,15 @@ import { RequestContextImpl } from "../requestContext.js";
|
|
|
11
11
|
* @returns The result of the simulation.
|
|
12
12
|
*/
|
|
13
13
|
export function runUnsafeSimulation(simulation, simulationOptions) {
|
|
14
|
-
|
|
15
|
-
const
|
|
14
|
+
const identityPolicies = Object.values(simulation.identityPolicies).map(p => loadPolicy(p.policy));
|
|
15
|
+
const serviceControlPolicies = simulation.serviceControlPolicies.map((scp) => {
|
|
16
|
+
const ouId = scp.orgIdentifier;
|
|
17
|
+
const policies = scp.policies.map(val => loadPolicy(val.policy));
|
|
18
|
+
return {
|
|
19
|
+
orgIdentifier: ouId,
|
|
20
|
+
policies: policies
|
|
21
|
+
};
|
|
22
|
+
});
|
|
16
23
|
const requestContext = new RequestContextImpl(simulation.request.contextVariables);
|
|
17
24
|
const request = new AwsRequestImpl(simulation.request.principal, {
|
|
18
25
|
resource: simulation.request.resource.resource,
|
|
@@ -20,7 +27,9 @@ export function runUnsafeSimulation(simulation, simulationOptions) {
|
|
|
20
27
|
}, simulation.request.action, requestContext);
|
|
21
28
|
return authorize({
|
|
22
29
|
request,
|
|
23
|
-
identityPolicies
|
|
30
|
+
identityPolicies,
|
|
31
|
+
serviceControlPolicies,
|
|
32
|
+
resourcePolicy: simulation.resourcePolicy ? loadPolicy(simulation.resourcePolicy) : undefined
|
|
24
33
|
});
|
|
25
34
|
}
|
|
26
35
|
//# sourceMappingURL=unsafeSimulationEngine.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"unsafeSimulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/unsafeSimulationEngine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,SAAS,
|
|
1
|
+
{"version":3,"file":"unsafeSimulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/unsafeSimulationEngine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,SAAS,EAA0B,MAAM,uCAAuC,CAAC;AAE1F,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAI1D;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CAAC,UAAsB,EAAE,iBAA6C;IACvG,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;IACnG,MAAM,sBAAsB,GAA6B,UAAU,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACrG,MAAM,IAAI,GAAG,GAAG,CAAC,aAAa,CAAC;QAC/B,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;QAEjE,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,QAAQ,EAAE,QAAQ;SACnB,CAAA;IACH,CAAC,CAAC,CAAA;IACF,MAAM,cAAc,GAAG,IAAI,kBAAkB,CAAC,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;IAClF,MAAM,OAAO,GAAG,IAAI,cAAc,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,EAAE;QAC/D,QAAQ,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ;QAC9C,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS;KACjD,EAAE,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAE9C,OAAO,SAAS,CAAC;QACf,OAAO;QACP,gBAAgB;QAChB,sBAAsB;QACtB,cAAc,EAAE,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS;KAC9F,CAAC,CAAC;AACL,CAAC"}
|
package/dist/esm/util.d.ts
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
import { ResourceType } from '@cloud-copilot/iam-data';
|
|
2
|
+
import { ConditionKeyType } from './ConditionKeys.js';
|
|
1
3
|
import { AwsRequest } from './request/request.js';
|
|
2
4
|
interface StringReplaceOptions {
|
|
3
5
|
replaceWildcards: boolean;
|
|
@@ -20,6 +22,12 @@ export interface ArnParts {
|
|
|
20
22
|
resourceType: string | undefined;
|
|
21
23
|
resourcePath: string | undefined;
|
|
22
24
|
}
|
|
25
|
+
/**
|
|
26
|
+
* Split an ARN into its parts
|
|
27
|
+
*
|
|
28
|
+
* @param arn the arn to split
|
|
29
|
+
* @returns the parts of the ARN
|
|
30
|
+
*/
|
|
23
31
|
export declare function splitArnParts(arn: string): ArnParts;
|
|
24
32
|
/**
|
|
25
33
|
* Splits a resource into two segments. The first segment is the product segment and the second segment is the resource id segment.
|
|
@@ -43,5 +51,66 @@ export declare function isDefined<T>(value: T | undefined): value is T;
|
|
|
43
51
|
* @returns if the value is not defined or null
|
|
44
52
|
*/
|
|
45
53
|
export declare function isNotDefined<T>(value: T | undefined): value is undefined;
|
|
54
|
+
/**
|
|
55
|
+
* Checks if an action is a wildcard only action
|
|
56
|
+
*
|
|
57
|
+
* @param service the service the action belongs to
|
|
58
|
+
* @param action the action to check if it is a wildcard only action
|
|
59
|
+
* @returns if the action is a wildcard only action
|
|
60
|
+
* @throws an error if the service or action does not exist
|
|
61
|
+
*/
|
|
62
|
+
export declare function isWildcardOnlyAction(service: string, action: string): Promise<boolean>;
|
|
63
|
+
/**
|
|
64
|
+
* Get the the possible reource types for an action and resource
|
|
65
|
+
*
|
|
66
|
+
* @param service the service the action belongs to
|
|
67
|
+
* @param action the action to get the resource type for
|
|
68
|
+
* @param resource the resource type matching the action, if any
|
|
69
|
+
* @throws an error if the service or action does not exist, or if the action is a wildcard only action
|
|
70
|
+
*/
|
|
71
|
+
export declare function getResourceTypesForAction(service: string, action: string, resource: string): Promise<ResourceType[]>;
|
|
72
|
+
/**
|
|
73
|
+
* Convert a resource pattern from iam-data to a regex pattern
|
|
74
|
+
*
|
|
75
|
+
* @param pattern the pattern to convert to a regex
|
|
76
|
+
* @returns the regex pattern
|
|
77
|
+
*/
|
|
78
|
+
export declare function convertResourcePatternToRegex(pattern: string): string;
|
|
79
|
+
/**
|
|
80
|
+
* Lowercase all strings in an array
|
|
81
|
+
*
|
|
82
|
+
* @param strings the strings to lowercase
|
|
83
|
+
* @returns the lowercased strings
|
|
84
|
+
*/
|
|
85
|
+
export declare function lowerCaseAll(strings: string[]): string[];
|
|
86
|
+
/**
|
|
87
|
+
* Check the capitalization of a context key and return the correct capitalization
|
|
88
|
+
*
|
|
89
|
+
* @param contextKey the condition key to check
|
|
90
|
+
* @returns if the condition key is an array type
|
|
91
|
+
*/
|
|
92
|
+
export declare function normalizeContextKeyCase(contextKey: string): Promise<string>;
|
|
93
|
+
/**
|
|
94
|
+
* Get the type of a context key
|
|
95
|
+
*
|
|
96
|
+
* @param contextKey - The string condition key to get the type for
|
|
97
|
+
* @returns The type of the condition key
|
|
98
|
+
* @throws an error if the condition key is not found
|
|
99
|
+
*/
|
|
100
|
+
export declare function typeForContextKey(contextKey: string): Promise<ConditionKeyType>;
|
|
101
|
+
/**
|
|
102
|
+
* Gets the IAM variables from a string
|
|
103
|
+
*
|
|
104
|
+
* @param value the string to get the variables from
|
|
105
|
+
* @returns the variables in the string, if any
|
|
106
|
+
*/
|
|
107
|
+
export declare function getVariablesFromString(value: string): string[];
|
|
108
|
+
/**
|
|
109
|
+
* Check if a context key actually exists
|
|
110
|
+
*
|
|
111
|
+
* @param key The context key to check
|
|
112
|
+
* @returns true if the context key is valid, false otherwise
|
|
113
|
+
*/
|
|
114
|
+
export declare function isActualContextKey(key: string): Promise<boolean>;
|
|
46
115
|
export {};
|
|
47
116
|
//# sourceMappingURL=util.d.ts.map
|
package/dist/esm/util.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../src/util.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AAIjD,UAAU,oBAAoB;IAC5B,gBAAgB,EAAE,OAAO,CAAA;CAC1B;AAMD;;;;;;;GAOG;AACH,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,oBAAoB,CAAC,GAAG,MAAM,CA4DlI;
|
|
1
|
+
{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../src/util.ts"],"names":[],"mappings":"AAAA,OAAO,EAA6G,YAAY,EAAE,MAAM,yBAAyB,CAAA;AACjK,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AAErD,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AAIjD,UAAU,oBAAoB;IAC5B,gBAAgB,EAAE,OAAO,CAAA;CAC1B;AAMD;;;;;;;GAOG;AACH,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,oBAAoB,CAAC,GAAG,MAAM,CA4DlI;AA8CD,MAAM,WAAW,QAAQ;IACvB,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,OAAO,EAAE,MAAM,GAAG,SAAS,CAAA;IAC3B,MAAM,EAAE,MAAM,GAAG,SAAS,CAAA;IAC1B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;IAC5B,YAAY,EAAE,MAAM,GAAG,SAAS,CAAA;IAChC,YAAY,EAAE,MAAM,GAAG,SAAS,CAAA;CACjC;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,QAAQ,CAyBnD;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAgBtE;AAED;;;;;GAKG;AACH,wBAAgB,SAAS,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,SAAS,GAAG,KAAK,IAAI,CAAC,CAE7D;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,SAAS,GAAG,KAAK,IAAI,SAAS,CAExE;AAED;;;;;;;GAOG;AACH,wBAAsB,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAG5F;AAED;;;;;;;GAOG;AACH,wBAAsB,yBAAyB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAiB1H;AAED;;;;;GAKG;AACH,wBAAgB,6BAA6B,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAOrE;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAExD;AAED;;;;;GAKG;AACH,wBAAsB,uBAAuB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAgBjF;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAarF;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAY9D;AAED;;;;;GAKG;AACH,wBAAsB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAiBtE"}
|