@cloud-copilot/iam-simulate 0.1.53 → 0.1.55
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/StatementAnalysis.d.ts +4 -0
- package/dist/cjs/StatementAnalysis.d.ts.map +1 -1
- package/dist/cjs/StatementAnalysis.js.map +1 -1
- package/dist/cjs/core_engine/CoreSimulatorEngine.d.ts +15 -7
- package/dist/cjs/core_engine/CoreSimulatorEngine.d.ts.map +1 -1
- package/dist/cjs/core_engine/CoreSimulatorEngine.js +15 -2
- package/dist/cjs/core_engine/CoreSimulatorEngine.js.map +1 -1
- package/dist/cjs/evaluate.d.ts +8 -0
- package/dist/cjs/evaluate.d.ts.map +1 -1
- package/dist/cjs/services/DefaultServiceAuthorizer.d.ts.map +1 -1
- package/dist/cjs/services/DefaultServiceAuthorizer.js +10 -1
- package/dist/cjs/services/DefaultServiceAuthorizer.js.map +1 -1
- package/dist/cjs/services/ServiceAuthorizer.d.ts +1 -0
- package/dist/cjs/services/ServiceAuthorizer.d.ts.map +1 -1
- package/dist/cjs/simulation_engine/simulation.d.ts +13 -0
- package/dist/cjs/simulation_engine/simulation.d.ts.map +1 -1
- package/dist/cjs/simulation_engine/simulationEngine.d.ts +1 -0
- package/dist/cjs/simulation_engine/simulationEngine.d.ts.map +1 -1
- package/dist/cjs/simulation_engine/simulationEngine.js +23 -6
- package/dist/cjs/simulation_engine/simulationEngine.js.map +1 -1
- package/dist/cjs/simulation_engine/unsafeSimulationEngine.d.ts.map +1 -1
- package/dist/cjs/simulation_engine/unsafeSimulationEngine.js +5 -4
- package/dist/cjs/simulation_engine/unsafeSimulationEngine.js.map +1 -1
- package/dist/esm/StatementAnalysis.d.ts +4 -0
- package/dist/esm/StatementAnalysis.d.ts.map +1 -1
- package/dist/esm/StatementAnalysis.js.map +1 -1
- package/dist/esm/core_engine/CoreSimulatorEngine.d.ts +15 -7
- package/dist/esm/core_engine/CoreSimulatorEngine.d.ts.map +1 -1
- package/dist/esm/core_engine/CoreSimulatorEngine.js +14 -2
- package/dist/esm/core_engine/CoreSimulatorEngine.js.map +1 -1
- package/dist/esm/evaluate.d.ts +8 -0
- package/dist/esm/evaluate.d.ts.map +1 -1
- package/dist/esm/services/DefaultServiceAuthorizer.d.ts.map +1 -1
- package/dist/esm/services/DefaultServiceAuthorizer.js +10 -1
- package/dist/esm/services/DefaultServiceAuthorizer.js.map +1 -1
- package/dist/esm/services/ServiceAuthorizer.d.ts +1 -0
- package/dist/esm/services/ServiceAuthorizer.d.ts.map +1 -1
- package/dist/esm/simulation_engine/simulation.d.ts +13 -0
- package/dist/esm/simulation_engine/simulation.d.ts.map +1 -1
- package/dist/esm/simulation_engine/simulationEngine.d.ts +1 -0
- package/dist/esm/simulation_engine/simulationEngine.d.ts.map +1 -1
- package/dist/esm/simulation_engine/simulationEngine.js +24 -7
- package/dist/esm/simulation_engine/simulationEngine.js.map +1 -1
- package/dist/esm/simulation_engine/unsafeSimulationEngine.d.ts.map +1 -1
- package/dist/esm/simulation_engine/unsafeSimulationEngine.js +5 -4
- package/dist/esm/simulation_engine/unsafeSimulationEngine.js.map +1 -1
- package/package.json +2 -2
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"StatementAnalysis.d.ts","sourceRoot":"","sources":["../../src/StatementAnalysis.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAChE,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAA;AAC/D,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAA;AAChE,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAA;AAE/D;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC;;OAEG;IACH,SAAS,EAAE,SAAS,CAAA;IAEpB;;OAEG;IACH,aAAa,EAAE,OAAO,CAAA;IAEtB;;OAEG;IACH,WAAW,EAAE,OAAO,CAAA;IAEpB;;OAEG;IACH,cAAc,EAAE,oBAAoB,CAAA;IAEpC;;OAEG;IACH,cAAc,EAAE,oBAAoB,CAAA;IAEpC;;OAEG;IACH,OAAO,EAAE,gBAAgB,CAAA;IAEzB;;OAEG;IACH,iBAAiB,CAAC,EAAE,SAAS,EAAE,CAAA;IAE/B;;OAEG;IACH,sBAAsB,CAAC,EAAE,OAAO,CAAA;CACjC;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO,CAU7E;AAsBD,wBAAgB,6BAA6B,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO,CAUnF;AAED,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,IAAI,CACZ,iBAAiB,EACjB,aAAa,GAAG,gBAAgB,GAAG,gBAAgB,GAAG,eAAe,CACtE,GACA,OAAO,CAST;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,IAAI,CAAC,iBAAiB,EAAE,aAAa,GAAG,gBAAgB,GAAG,eAAe,CAAC,GACpF,OAAO,CAQT"}
|
|
1
|
+
{"version":3,"file":"StatementAnalysis.d.ts","sourceRoot":"","sources":["../../src/StatementAnalysis.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAChE,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAA;AAC/D,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAA;AAChE,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAA;AAE/D;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAA;IAEhB;;OAEG;IACH,SAAS,EAAE,SAAS,CAAA;IAEpB;;OAEG;IACH,aAAa,EAAE,OAAO,CAAA;IAEtB;;OAEG;IACH,WAAW,EAAE,OAAO,CAAA;IAEpB;;OAEG;IACH,cAAc,EAAE,oBAAoB,CAAA;IAEpC;;OAEG;IACH,cAAc,EAAE,oBAAoB,CAAA;IAEpC;;OAEG;IACH,OAAO,EAAE,gBAAgB,CAAA;IAEzB;;OAEG;IACH,iBAAiB,CAAC,EAAE,SAAS,EAAE,CAAA;IAE/B;;OAEG;IACH,sBAAsB,CAAC,EAAE,OAAO,CAAA;CACjC;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO,CAU7E;AAsBD,wBAAgB,6BAA6B,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO,CAUnF;AAED,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,IAAI,CACZ,iBAAiB,EACjB,aAAa,GAAG,gBAAgB,GAAG,gBAAgB,GAAG,eAAe,CACtE,GACA,OAAO,CAST;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,IAAI,CAAC,iBAAiB,EAAE,aAAa,GAAG,gBAAgB,GAAG,eAAe,CAAC,GACpF,OAAO,CAQT"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"StatementAnalysis.js","sourceRoot":"","sources":["../../src/StatementAnalysis.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"StatementAnalysis.js","sourceRoot":"","sources":["../../src/StatementAnalysis.ts"],"names":[],"mappings":"AAwDA;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CAAC,SAA4B;IAClE,IACE,SAAS,CAAC,aAAa;QACvB,SAAS,CAAC,WAAW;QACrB,SAAS,CAAC,cAAc,KAAK,OAAO;QACpC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,OAAO,EACxC,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED,wFAAwF;AACxF,kCAAkC;AAClC,+BAA+B;AAC/B,gDAAgD;AAChD,kDAAkD;AAClD,qBAAqB;AACrB,MAAM;AACN,iBAAiB;AACjB,IAAI;AAEJ,uFAAuF;AACvF,kCAAkC;AAClC,+BAA+B;AAC/B,gDAAgD;AAChD,iDAAiD;AACjD,qBAAqB;AACrB,MAAM;AACN,iBAAiB;AACjB,IAAI;AAEJ,MAAM,UAAU,6BAA6B,CAAC,SAA4B;IACxE,IACE,SAAS,CAAC,aAAa;QACvB,SAAS,CAAC,WAAW;QACrB,SAAS,CAAC,cAAc,KAAK,OAAO;QACpC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,MAAM,EACvC,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,QAGC;IAED,OAAO,CACL,QAAQ,CAAC,aAAa;QACtB,QAAQ,CAAC,WAAW;QACpB,QAAQ,CAAC,cAAc,KAAK,OAAO;QACnC,CAAC,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAC7E,QAAQ,CAAC,cAAc,CACxB,CACF,CAAA;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CACrC,QAAqF;IAErF,OAAO,CACL,QAAQ,CAAC,aAAa;QACtB,QAAQ,CAAC,WAAW;QACpB,CAAC,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAC7E,QAAQ,CAAC,cAAc,CACxB,CACF,CAAA;AACH,CAAC"}
|
|
@@ -3,6 +3,9 @@ import { IdentityAnalysis, RcpAnalysis, RequestAnalysis, ResourceAnalysis, ScpAn
|
|
|
3
3
|
import { AwsRequest } from '../request/request.js';
|
|
4
4
|
import { ServiceAuthorizer } from '../services/ServiceAuthorizer.js';
|
|
5
5
|
export declare const validSimulationModes: readonly ["Strict", "Discovery"];
|
|
6
|
+
export type PolicyWithName = Policy<{
|
|
7
|
+
name: string;
|
|
8
|
+
}>;
|
|
6
9
|
/**
|
|
7
10
|
* The mode of simulation for the core engine.
|
|
8
11
|
* - Strict: Simulates the request as if it were being made in a real AWS environment.
|
|
@@ -34,7 +37,7 @@ export interface ControlPolicies {
|
|
|
34
37
|
/**
|
|
35
38
|
* The policies that apply to this organizational unit.
|
|
36
39
|
*/
|
|
37
|
-
policies:
|
|
40
|
+
policies: PolicyWithName[];
|
|
38
41
|
}
|
|
39
42
|
/**
|
|
40
43
|
* A request to authorize a service action.
|
|
@@ -47,7 +50,7 @@ export interface AuthorizationRequest {
|
|
|
47
50
|
/**
|
|
48
51
|
* The identity policies that are applicable to the principal making the request.
|
|
49
52
|
*/
|
|
50
|
-
identityPolicies:
|
|
53
|
+
identityPolicies: PolicyWithName[];
|
|
51
54
|
/**
|
|
52
55
|
* The service control policies that apply to the principal making the request. In
|
|
53
56
|
* order of the organization hierarchy. So the root ou SCPs should be first.
|
|
@@ -61,11 +64,15 @@ export interface AuthorizationRequest {
|
|
|
61
64
|
/**
|
|
62
65
|
* The resource policy that applies to the resource being accessed.
|
|
63
66
|
*/
|
|
64
|
-
resourcePolicy:
|
|
67
|
+
resourcePolicy: PolicyWithName | undefined;
|
|
65
68
|
/**
|
|
66
69
|
* The permission boundaries that apply to the principal making the request.
|
|
67
70
|
*/
|
|
68
|
-
permissionBoundaries:
|
|
71
|
+
permissionBoundaries: PolicyWithName[] | undefined;
|
|
72
|
+
/**
|
|
73
|
+
* The VPC endpoint policies that apply to the request, if any.
|
|
74
|
+
*/
|
|
75
|
+
vpcEndpointPolicies: PolicyWithName[] | undefined;
|
|
69
76
|
/**
|
|
70
77
|
* The simulation parameters for the request.
|
|
71
78
|
*/
|
|
@@ -95,7 +102,7 @@ export declare function getServiceAuthorizer(request: AuthorizationRequest): Ser
|
|
|
95
102
|
* @param request the request to analyze against
|
|
96
103
|
* @returns an array of statement analysis results
|
|
97
104
|
*/
|
|
98
|
-
export declare function analyzeIdentityPolicies(identityPolicies:
|
|
105
|
+
export declare function analyzeIdentityPolicies(identityPolicies: PolicyWithName[], request: AwsRequest, simulationParameters: SimulationParameters): IdentityAnalysis;
|
|
99
106
|
/**
|
|
100
107
|
* Analyzes a set of service or resource control policies and the statements within them.
|
|
101
108
|
*
|
|
@@ -111,6 +118,7 @@ export declare function analyzeControlPolicies(controlPolicies: ControlPolicies[
|
|
|
111
118
|
* @param request the request to analyze against
|
|
112
119
|
* @returns an array of statement analysis results
|
|
113
120
|
*/
|
|
114
|
-
export declare function analyzeResourcePolicy(resourcePolicy:
|
|
115
|
-
export declare function analyzePermissionBoundaryPolicies(permissionBoundaries:
|
|
121
|
+
export declare function analyzeResourcePolicy(resourcePolicy: PolicyWithName | undefined, request: AwsRequest, principalHasPermissionBoundary: boolean, simulationParameters: SimulationParameters): ResourceAnalysis;
|
|
122
|
+
export declare function analyzePermissionBoundaryPolicies(permissionBoundaries: PolicyWithName[] | undefined, request: AwsRequest, simulationParameters: SimulationParameters): IdentityAnalysis | undefined;
|
|
123
|
+
export declare function analyzeVpcEndpointPolicies(vpcEndPointPolicies: PolicyWithName[] | undefined, request: AwsRequest, simulationParameters: SimulationParameters): IdentityAnalysis | undefined;
|
|
116
124
|
//# sourceMappingURL=CoreSimulatorEngine.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CoreSimulatorEngine.d.ts","sourceRoot":"","sources":["../../../src/core_engine/CoreSimulatorEngine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAa,MAAM,2BAA2B,CAAA;AAG7D,OAAO,EAEL,gBAAgB,EAIhB,WAAW,EACX,eAAe,EACf,gBAAgB,EAChB,WAAW,EACZ,MAAM,gBAAgB,CAAA;AAGvB,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAKlD,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAA;AAUpE,eAAO,MAAM,oBAAoB,kCAAmC,CAAA;AAEpE;;;;GAIG;AACH,MAAM,MAAM,cAAc,GAAG,CAAC,OAAO,oBAAoB,CAAC,CAAC,MAAM,CAAC,CAAA;AAElE;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;OAEG;IACH,cAAc,EAAE,cAAc,CAAA;IAE9B;;;OAGG;IACH,mBAAmB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAA;CACjC;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,aAAa,EAAE,MAAM,CAAA;IAErB;;OAEG;IACH,QAAQ,EAAE,
|
|
1
|
+
{"version":3,"file":"CoreSimulatorEngine.d.ts","sourceRoot":"","sources":["../../../src/core_engine/CoreSimulatorEngine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAa,MAAM,2BAA2B,CAAA;AAG7D,OAAO,EAEL,gBAAgB,EAIhB,WAAW,EACX,eAAe,EACf,gBAAgB,EAChB,WAAW,EACZ,MAAM,gBAAgB,CAAA;AAGvB,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAKlD,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAA;AAUpE,eAAO,MAAM,oBAAoB,kCAAmC,CAAA;AAEpE,MAAM,MAAM,cAAc,GAAG,MAAM,CAAC;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC,CAAA;AAErD;;;;GAIG;AACH,MAAM,MAAM,cAAc,GAAG,CAAC,OAAO,oBAAoB,CAAC,CAAC,MAAM,CAAC,CAAA;AAElE;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;OAEG;IACH,cAAc,EAAE,cAAc,CAAA;IAE9B;;;OAGG;IACH,mBAAmB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAA;CACjC;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,aAAa,EAAE,MAAM,CAAA;IAErB;;OAEG;IACH,QAAQ,EAAE,cAAc,EAAE,CAAA;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;OAEG;IACH,OAAO,EAAE,UAAU,CAAA;IAEnB;;OAEG;IACH,gBAAgB,EAAE,cAAc,EAAE,CAAA;IAElC;;;OAGG;IACH,sBAAsB,EAAE,eAAe,EAAE,CAAA;IAEzC;;;OAGG;IACH,uBAAuB,EAAE,eAAe,EAAE,CAAA;IAE1C;;OAEG;IACH,cAAc,EAAE,cAAc,GAAG,SAAS,CAAA;IAE1C;;OAEG;IACH,oBAAoB,EAAE,cAAc,EAAE,GAAG,SAAS,CAAA;IAElD;;OAEG;IACH,mBAAmB,EAAE,cAAc,EAAE,GAAG,SAAS,CAAA;IAEjD;;OAEG;IACH,oBAAoB,EAAE,oBAAoB,CAAA;CAC3C;AAQD;;;;;;;GAOG;AACH,wBAAgB,SAAS,CAAC,OAAO,EAAE,oBAAoB,GAAG,eAAe,CAyExE;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,oBAAoB,GAAG,iBAAiB,CAMrF;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CACrC,gBAAgB,EAAE,cAAc,EAAE,EAClC,OAAO,EAAE,UAAU,EACnB,oBAAoB,EAAE,oBAAoB,GACzC,gBAAgB,CA+ElB;AAED;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CACpC,eAAe,EAAE,eAAe,EAAE,EAClC,OAAO,EAAE,UAAU,EACnB,oBAAoB,EAAE,oBAAoB,GACzC,WAAW,GAAG,WAAW,CA6F3B;AAED;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CACnC,cAAc,EAAE,cAAc,GAAG,SAAS,EAC1C,OAAO,EAAE,UAAU,EACnB,8BAA8B,EAAE,OAAO,EACvC,oBAAoB,EAAE,oBAAoB,GACzC,gBAAgB,CAiIlB;AAED,wBAAgB,iCAAiC,CAC/C,oBAAoB,EAAE,cAAc,EAAE,GAAG,SAAS,EAClD,OAAO,EAAE,UAAU,EACnB,oBAAoB,EAAE,oBAAoB,GACzC,gBAAgB,GAAG,SAAS,CAM9B;AAED,wBAAgB,0BAA0B,CACxC,mBAAmB,EAAE,cAAc,EAAE,GAAG,SAAS,EACjD,OAAO,EAAE,UAAU,EACnB,oBAAoB,EAAE,oBAAoB,GACzC,gBAAgB,GAAG,SAAS,CAK9B"}
|
|
@@ -29,6 +29,7 @@ export function authorize(request) {
|
|
|
29
29
|
const scpAnalysis = analyzeControlPolicies(request.serviceControlPolicies, request.request, simulationParameters);
|
|
30
30
|
const rcpAnalysis = analyzeControlPolicies(request.resourceControlPolicies, request.request, simulationParameters);
|
|
31
31
|
const resourceAnalysis = analyzeResourcePolicy(request.resourcePolicy, request.request, principalHasPermissionBoundary, simulationParameters);
|
|
32
|
+
const endpointPolicyAnalysis = analyzeVpcEndpointPolicies(request.vpcEndpointPolicies, request.request, simulationParameters);
|
|
32
33
|
const serviceAuthorizer = getServiceAuthorizer(request);
|
|
33
34
|
const result = serviceAuthorizer.authorize({
|
|
34
35
|
request: request.request,
|
|
@@ -37,10 +38,11 @@ export function authorize(request) {
|
|
|
37
38
|
rcpAnalysis,
|
|
38
39
|
resourceAnalysis,
|
|
39
40
|
permissionBoundaryAnalysis,
|
|
41
|
+
endpointPolicyAnalysis,
|
|
40
42
|
simulationParameters
|
|
41
43
|
});
|
|
42
44
|
if (simulationParameters.simulationMode === 'Discovery') {
|
|
43
|
-
result.ignoredConditions = ignoredConditionsAnalysis(scpAnalysis, rcpAnalysis, identityAnalysis, resourceAnalysis, permissionBoundaryAnalysis);
|
|
45
|
+
result.ignoredConditions = ignoredConditionsAnalysis(scpAnalysis, rcpAnalysis, identityAnalysis, resourceAnalysis, permissionBoundaryAnalysis, endpointPolicyAnalysis);
|
|
44
46
|
result.ignoredRoleSessionName = roleSessionNameIgnored(scpAnalysis, rcpAnalysis, identityAnalysis, resourceAnalysis, permissionBoundaryAnalysis);
|
|
45
47
|
}
|
|
46
48
|
return result;
|
|
@@ -91,6 +93,7 @@ export function analyzeIdentityPolicies(identityPolicies, request, simulationPar
|
|
|
91
93
|
resourceMatch
|
|
92
94
|
});
|
|
93
95
|
const statementAnalysis = {
|
|
96
|
+
policyId: policy.metadata().name,
|
|
94
97
|
statement,
|
|
95
98
|
resourceMatch,
|
|
96
99
|
actionMatch,
|
|
@@ -153,6 +156,7 @@ export function analyzeControlPolicies(controlPolicies, request, simulationParam
|
|
|
153
156
|
resourceMatch
|
|
154
157
|
});
|
|
155
158
|
const statementAnalysis = {
|
|
159
|
+
policyId: policy.metadata().name,
|
|
156
160
|
statement,
|
|
157
161
|
resourceMatch,
|
|
158
162
|
actionMatch,
|
|
@@ -253,6 +257,7 @@ export function analyzeResourcePolicy(resourcePolicy, request, principalHasPermi
|
|
|
253
257
|
resourceMatch
|
|
254
258
|
});
|
|
255
259
|
const analysis = {
|
|
260
|
+
policyId: resourcePolicy.metadata().name,
|
|
256
261
|
statement,
|
|
257
262
|
resourceMatch: resourceMatch,
|
|
258
263
|
actionMatch,
|
|
@@ -295,6 +300,12 @@ export function analyzePermissionBoundaryPolicies(permissionBoundaries, request,
|
|
|
295
300
|
}
|
|
296
301
|
return analyzeIdentityPolicies(permissionBoundaries, request, simulationParameters);
|
|
297
302
|
}
|
|
303
|
+
export function analyzeVpcEndpointPolicies(vpcEndPointPolicies, request, simulationParameters) {
|
|
304
|
+
if (!vpcEndPointPolicies || vpcEndPointPolicies.length === 0) {
|
|
305
|
+
return undefined;
|
|
306
|
+
}
|
|
307
|
+
return analyzeIdentityPolicies(vpcEndPointPolicies, request, simulationParameters);
|
|
308
|
+
}
|
|
298
309
|
function makeStatementExplain(statement, overallMatch, actionMatch, principalMatch, resourceMatch, conditionMatch, details) {
|
|
299
310
|
return {
|
|
300
311
|
effect: statement.effect(),
|
|
@@ -317,13 +328,14 @@ function makeStatementExplain(statement, overallMatch, actionMatch, principalMat
|
|
|
317
328
|
* @param permissionBoundaryAnalysis the permission boundary analysis (optional)
|
|
318
329
|
* @returns an object containing the ignored conditions for each analysis
|
|
319
330
|
*/
|
|
320
|
-
function ignoredConditionsAnalysis(scpAnalysis, rcpAnalysis, identityAnalysis, resourceAnalysis, permissionBoundaryAnalysis) {
|
|
331
|
+
function ignoredConditionsAnalysis(scpAnalysis, rcpAnalysis, identityAnalysis, resourceAnalysis, permissionBoundaryAnalysis, endpointPolicyAnalysis) {
|
|
321
332
|
const ignoredConditions = {};
|
|
322
333
|
addIgnoredConditionsToAnalysis(ignoredConditions, 'scp', scpAnalysis.ouAnalysis);
|
|
323
334
|
addIgnoredConditionsToAnalysis(ignoredConditions, 'rcp', rcpAnalysis.ouAnalysis);
|
|
324
335
|
addIgnoredConditionsToAnalysis(ignoredConditions, 'identity', [identityAnalysis]);
|
|
325
336
|
addIgnoredConditionsToAnalysis(ignoredConditions, 'resource', [resourceAnalysis]);
|
|
326
337
|
addIgnoredConditionsToAnalysis(ignoredConditions, 'permissionBoundary', permissionBoundaryAnalysis ? [permissionBoundaryAnalysis] : []);
|
|
338
|
+
addIgnoredConditionsToAnalysis(ignoredConditions, 'endpointPolicy', endpointPolicyAnalysis ? [endpointPolicyAnalysis] : []);
|
|
327
339
|
if (Object.keys(ignoredConditions).length > 0) {
|
|
328
340
|
return ignoredConditions;
|
|
329
341
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CoreSimulatorEngine.js","sourceRoot":"","sources":["../../../src/core_engine/CoreSimulatorEngine.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,8BAA8B,EAAE,MAAM,qBAAqB,CAAA;AACpE,OAAO,EAAwB,wBAAwB,EAAE,MAAM,2BAA2B,CAAA;AAa1F,OAAO,EAAwB,iCAAiC,EAAE,MAAM,2BAA2B,CAAA;AAEnG,OAAO,EAAE,gCAAgC,EAAE,MAAM,yBAAyB,CAAA;AAC1E,OAAO,EAAE,wBAAwB,EAAE,MAAM,yCAAyC,CAAA;AAClF,OAAO,EAAE,oBAAoB,EAAE,MAAM,qCAAqC,CAAA;AAC1E,OAAO,EAAE,oBAAoB,EAAE,MAAM,qCAAqC,CAAA;AAE1E,OAAO,EAAE,oBAAoB,EAAE,MAAM,qCAAqC,CAAA;AAC1E,OAAO,EACL,uBAAuB,EACvB,6BAA6B,EAC7B,uBAAuB,EAEvB,gBAAgB,EACjB,MAAM,yBAAyB,CAAA;AAEhC,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAU,CAAA;AAkFpE,MAAM,cAAc,GAAgD;IAClE,GAAG,EAAE,oBAAoB;IACzB,GAAG,EAAE,oBAAoB;IACzB,GAAG,EAAE,oBAAoB;CAC1B,CAAA;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,SAAS,CAAC,OAA6B;IACrD,MAAM,8BAA8B,GAClC,CAAC,CAAC,OAAO,CAAC,oBAAoB,IAAI,OAAO,CAAC,oBAAoB,CAAC,MAAM,GAAG,CAAC,CAAA;IAC3E,MAAM,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAA;IAEzD,MAAM,gBAAgB,GAAG,uBAAuB,CAC9C,OAAO,CAAC,gBAAgB,EACxB,OAAO,CAAC,OAAO,EACf,oBAAoB,CACrB,CAAA;IAED,MAAM,0BAA0B,GAAG,iCAAiC,CAClE,OAAO,CAAC,oBAAoB,EAC5B,OAAO,CAAC,OAAO,EACf,oBAAoB,CACrB,CAAA;IAED,MAAM,WAAW,GAAG,sBAAsB,CACxC,OAAO,CAAC,sBAAsB,EAC9B,OAAO,CAAC,OAAO,EACf,oBAAoB,CACN,CAAA;IAEhB,MAAM,WAAW,GAAG,sBAAsB,CACxC,OAAO,CAAC,uBAAuB,EAC/B,OAAO,CAAC,OAAO,EACf,oBAAoB,CACN,CAAA;IAEhB,MAAM,gBAAgB,GAAG,qBAAqB,CAC5C,OAAO,CAAC,cAAc,EACtB,OAAO,CAAC,OAAO,EACf,8BAA8B,EAC9B,oBAAoB,CACrB,CAAA;IAED,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAA;IACvD,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,CAAC;QACzC,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,gBAAgB;QAChB,WAAW;QACX,WAAW;QACX,gBAAgB;QAChB,0BAA0B;QAC1B,oBAAoB;KACrB,CAAC,CAAA;IAEF,IAAI,oBAAoB,CAAC,cAAc,KAAK,WAAW,EAAE,CAAC;QACxD,MAAM,CAAC,iBAAiB,GAAG,yBAAyB,CAClD,WAAW,EACX,WAAW,EACX,gBAAgB,EAChB,gBAAgB,EAChB,0BAA0B,CAC3B,CAAA;QACD,MAAM,CAAC,sBAAsB,GAAG,sBAAsB,CACpD,WAAW,EACX,WAAW,EACX,gBAAgB,EAChB,gBAAgB,EAChB,0BAA0B,CAC3B,CAAA;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,oBAAoB,CAAC,OAA6B;IAChE,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,WAAW,EAAE,CAAA;IAClE,IAAI,cAAc,CAAC,WAAW,CAAC,EAAE,CAAC;QAChC,OAAO,IAAI,cAAc,CAAC,WAAW,CAAC,EAAE,CAAA;IAC1C,CAAC;IACD,OAAO,IAAI,wBAAwB,EAAE,CAAA;AACvC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CACrC,gBAA0B,EAC1B,OAAmB,EACnB,oBAA0C;IAE1C,MAAM,gBAAgB,GAAqB;QACzC,MAAM,EAAE,kBAAkB;QAC1B,eAAe,EAAE,EAAE;QACnB,cAAc,EAAE,EAAE;QAClB,mBAAmB,EAAE,EAAE;KACxB,CAAA;IAED,KAAK,MAAM,MAAM,IAAI,gBAAgB,EAAE,CAAC;QACtC,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;YAC5C,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,eAAe,EAAE,GAAG,gCAAgC,CAC3F,OAAO,EACP,SAAS,CACV,CAAA;YACD,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa,EAAE,GAAG,8BAA8B,CACrF,OAAO,EACP,SAAS,CACV,CAAA;YACD,MAAM,EACJ,OAAO,EAAE,cAAc,EACvB,OAAO,EAAE,gBAAgB,EACzB,iBAAiB,EAClB,GAAG,wBAAwB,CAC1B,OAAO,EACP,SAAS,CAAC,UAAU,EAAE,EACtB,SAAS,CAAC,MAAM,EAAsB,EACtC,oBAAoB,CACrB,CAAA;YAED,MAAM,cAAc,GAAyB,OAAO,CAAA;YACpD,MAAM,YAAY,GAAG,gBAAgB,CAAC;gBACpC,WAAW;gBACX,cAAc;gBACd,cAAc;gBACd,aAAa;aACd,CAAC,CAAA;YAEF,MAAM,6BAA6B,GAAG,uBAAuB,CAAC;gBAC5D,WAAW;gBACX,cAAc;gBACd,aAAa;aACd,CAAC,CAAA;YAEF,MAAM,iBAAiB,GAAsB;gBAC3C,SAAS;gBACT,aAAa;gBACb,WAAW;gBACX,cAAc;gBACd,cAAc;gBACd,iBAAiB,EAAE,6BAA6B,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS;gBAChF,OAAO,EAAE,oBAAoB,CAC3B,SAAS,EACT,YAAY,EACZ,WAAW,EACX,cAAc,EACd,aAAa,EACb,cAAc,EACd,EAAE,GAAG,eAAe,EAAE,GAAG,aAAa,EAAE,GAAG,gBAAgB,EAAE,CAC9D;aACF,CAAA;YAED,IAAI,6BAA6B,CAAC,iBAAiB,CAAC,EAAE,CAAC;gBACrD,gBAAgB,CAAC,cAAc,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;YACzD,CAAC;iBAAM,IAAI,uBAAuB,CAAC,iBAAiB,CAAC,EAAE,CAAC;gBACtD,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;YAC1D,CAAC;iBAAM,CAAC;gBACN,gBAAgB,CAAC,mBAAmB,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;YAC9D,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,gBAAgB,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/C,gBAAgB,CAAC,MAAM,GAAG,kBAAkB,CAAA;IAC9C,CAAC;SAAM,IAAI,gBAAgB,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvD,gBAAgB,CAAC,MAAM,GAAG,SAAS,CAAA;IACrC,CAAC;IAED,OAAO,gBAAgB,CAAA;AACzB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,sBAAsB,CACpC,eAAkC,EAClC,OAAmB,EACnB,oBAA0C;IAE1C,MAAM,QAAQ,GAAoB,EAAE,CAAA;IACpC,KAAK,MAAM,aAAa,IAAI,eAAe,EAAE,CAAC;QAC5C,MAAM,UAAU,GAAkB;YAChC,aAAa,EAAE,aAAa,CAAC,aAAa;YAC1C,MAAM,EAAE,kBAAkB;YAC1B,eAAe,EAAE,EAAE;YACnB,cAAc,EAAE,EAAE;YAClB,mBAAmB,EAAE,EAAE;SACxB,CAAA;QACD,KAAK,MAAM,MAAM,IAAI,aAAa,CAAC,QAAQ,EAAE,CAAC;YAC5C,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;gBAC5C,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,eAAe,EAAE,GACxD,gCAAgC,CAAC,OAAO,EAAE,SAAS,CAAC,CAAA;gBACtD,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa,EAAE,GAAG,8BAA8B,CACrF,OAAO,EACP,SAAS,CACV,CAAA;gBACD,MAAM,EACJ,OAAO,EAAE,cAAc,EACvB,OAAO,EAAE,gBAAgB,EACzB,iBAAiB,EAClB,GAAG,wBAAwB,CAC1B,OAAO,EACP,SAAS,CAAC,UAAU,EAAE,EACtB,SAAS,CAAC,MAAM,EAAsB,EACtC,oBAAoB,CACrB,CAAA;gBAED,MAAM,cAAc,GAAyB,OAAO,CAAA;gBACpD,MAAM,YAAY,GAAG,gBAAgB,CAAC;oBACpC,WAAW;oBACX,cAAc;oBACd,cAAc;oBACd,aAAa;iBACd,CAAC,CAAA;gBAEF,MAAM,6BAA6B,GAAG,uBAAuB,CAAC;oBAC5D,WAAW;oBACX,cAAc;oBACd,aAAa;iBACd,CAAC,CAAA;gBAEF,MAAM,iBAAiB,GAAsB;oBAC3C,SAAS;oBACT,aAAa;oBACb,WAAW;oBACX,cAAc;oBACd,cAAc;oBACd,iBAAiB,EAAE,6BAA6B,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE;oBACzE,OAAO,EAAE,oBAAoB,CAC3B,SAAS,EACT,YAAY,EACZ,WAAW,EACX,cAAc,EACd,aAAa,EACb,cAAc,EACd,EAAE,GAAG,eAAe,EAAE,GAAG,aAAa,EAAE,GAAG,gBAAgB,EAAE,CAC9D;iBACF,CAAA;gBAED,IAAI,uBAAuB,CAAC,iBAAiB,CAAC,EAAE,CAAC;oBAC/C,UAAU,CAAC,eAAe,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;gBACpD,CAAC;qBAAM,IAAI,6BAA6B,CAAC,iBAAiB,CAAC,EAAE,CAAC;oBAC5D,UAAU,CAAC,cAAc,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;gBACnD,CAAC;qBAAM,CAAC;oBACN,UAAU,CAAC,mBAAmB,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;gBACxD,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzC,UAAU,CAAC,MAAM,GAAG,kBAAkB,CAAA;QACxC,CAAC;aAAM,IAAI,UAAU,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjD,UAAU,CAAC,MAAM,GAAG,SAAS,CAAA;QAC/B,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IAC3B,CAAC;IAED,IAAI,aAAa,GAAqB,kBAAkB,CAAA;IACxD,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,MAAM,KAAK,kBAAkB,CAAC,EAAE,CAAC;QAC5D,aAAa,GAAG,kBAAkB,CAAA;IACpC,CAAC;SAAM,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;QAClE,aAAa,GAAG,kBAAkB,CAAA;IACpC,CAAC;SAAM,IAAI,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,MAAM,KAAK,SAAS,CAAC,EAAE,CAAC;QAC3D,aAAa,GAAG,SAAS,CAAA;IAC3B,CAAC;IAED,OAAO;QACL,MAAM,EAAE,aAAa;QACrB,UAAU,EAAE,QAAQ;KACrB,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CACnC,cAAkC,EAClC,OAAmB,EACnB,8BAAuC,EACvC,oBAA0C;IAE1C,MAAM,gBAAgB,GAAqB;QACzC,MAAM,EAAE,eAAe;QACvB,eAAe,EAAE,EAAE;QACnB,cAAc,EAAE,EAAE;QAClB,mBAAmB,EAAE,EAAE;KACxB,CAAA;IAED,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO,gBAAgB,CAAA;IACzB,CAAC;IAED,MAAM,qBAAqB,GAA2B;QACpD,OAAO;QACP,kBAAkB;QAClB,kBAAkB;KACnB,CAAA;IAED,KAAK,MAAM,SAAS,IAAI,cAAc,CAAC,UAAU,EAAE,EAAE,CAAC;QACpD,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,eAAe,EAAE,GAAG,gCAAgC,CAC3F,OAAO,EACP,SAAS,CACV,CAAA;QACD,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa,EAAE,GAAG,8BAA8B,CACrF,OAAO,EACP,SAAS,CACV,CAAA;QACD,IAAI,EACF,OAAO,EAAE,cAAc,EACvB,OAAO,EAAE,gBAAgB,EACzB,sBAAsB,EACvB,GAAG,iCAAiC,CAAC,OAAO,EAAE,SAAS,EAAE,oBAAoB,CAAC,CAAA;QAE/E,MAAM,yBAAyB,GAAqD,EAAE,CAAA;QAEtF;;;;;;;;;;;WAWG;QACH,IACE,8BAA8B;YAC9B,SAAS,CAAC,uBAAuB,EAAE;YACnC,SAAS,CAAC,MAAM,EAAE,KAAK,MAAM,EAC7B,CAAC;YACD,cAAc,GAAG,OAAO,CAAA;YACxB,yBAAyB,CAAC,sBAAsB,GAAG,IAAI,CAAA;QACzD,CAAC;QAED,MAAM,EACJ,OAAO,EAAE,cAAc,EACvB,OAAO,EAAE,gBAAgB,EACzB,iBAAiB,EAClB,GAAG,wBAAwB,CAC1B,OAAO,EACP,SAAS,CAAC,UAAU,EAAE,EACtB,SAAS,CAAC,MAAM,EAAsB,EACtC,oBAAoB,CACrB,CAAA;QAED,MAAM,YAAY,GAAG,gBAAgB,CAAC;YACpC,WAAW;YACX,cAAc;YACd,cAAc;YACd,aAAa;SACd,CAAC,CAAA;QAEF,MAAM,6BAA6B,GAAG,uBAAuB,CAAC;YAC5D,WAAW;YACX,cAAc;YACd,aAAa;SACd,CAAC,CAAA;QAEF,MAAM,QAAQ,GAAsB;YAClC,SAAS;YACT,aAAa,EAAE,aAAa;YAC5B,WAAW;YACX,cAAc;YACd,cAAc;YACd,iBAAiB,EAAE,6BAA6B,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS;YAChF,sBAAsB;YACtB,OAAO,EAAE,oBAAoB,CAC3B,SAAS,EACT,YAAY,EACZ,WAAW,EACX,cAAc,EACd,aAAa,EACb,cAAc,EACd,EAAE,GAAG,eAAe,EAAE,GAAG,aAAa,EAAE,GAAG,gBAAgB,EAAE,GAAG,gBAAgB,EAAE,CACnF;SACF,CAAA;QACD,IAAI,6BAA6B,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;YACrF,gBAAgB,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAChD,CAAC;aAAM,IAAI,uBAAuB,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;YACtF,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACjD,CAAC;aAAM,CAAC;YACN,gBAAgB,CAAC,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACrD,CAAC;IACH,CAAC;IAED,IACE,gBAAgB,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,EAC7F,CAAC;QACD,gBAAgB,CAAC,MAAM,GAAG,kBAAkB,CAAA;IAC9C,CAAC;SAAM,IACL,gBAAgB,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,mBAAmB,CAAC,EACrF,CAAC;QACD,gBAAgB,CAAC,MAAM,GAAG,kBAAkB,CAAA;IAC9C,CAAC;SAAM,IACL,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,EAC9F,CAAC;QACD,gBAAgB,CAAC,MAAM,GAAG,SAAS,CAAA;IACrC,CAAC;SAAM,IACL,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,mBAAmB,CAAC,EACtF,CAAC;QACD,gBAAgB,CAAC,MAAM,GAAG,mBAAmB,CAAA;IAC/C,CAAC;SAAM,CAAC;QACN,gBAAgB,CAAC,MAAM,GAAG,kBAAkB,CAAA;IAC9C,CAAC;IAED,OAAO,gBAAgB,CAAA;AACzB,CAAC;AAED,MAAM,UAAU,iCAAiC,CAC/C,oBAA0C,EAC1C,OAAmB,EACnB,oBAA0C;IAE1C,IAAI,CAAC,oBAAoB,IAAI,oBAAoB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/D,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,OAAO,uBAAuB,CAAC,oBAAoB,EAAE,OAAO,EAAE,oBAAoB,CAAC,CAAA;AACrF,CAAC;AAED,SAAS,oBAAoB,CAC3B,SAAoB,EACpB,YAAqB,EACrB,WAAoB,EACpB,cAAqC,EACrC,aAAsB,EACtB,cAAoC,EACpC,OAAkC;IAElC,OAAO;QACL,MAAM,EAAE,SAAS,CAAC,MAAM,EAAE;QAC1B,UAAU,EAAE,SAAS,CAAC,GAAG,EAAE,IAAI,SAAS,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE;QAC3D,OAAO,EAAE,YAAY;QACrB,WAAW;QACX,cAAc;QACd,aAAa;QACb,cAAc,EAAE,cAAc,KAAK,OAAO;QAC1C,GAAG,OAAO;KACX,CAAA;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,yBAAyB,CAChC,WAAwB,EACxB,WAAwB,EACxB,gBAAkC,EAClC,gBAAkC,EAClC,0BAA6C;IAE7C,MAAM,iBAAiB,GAAsB,EAAE,CAAA;IAC/C,8BAA8B,CAAC,iBAAiB,EAAE,KAAK,EAAE,WAAW,CAAC,UAAU,CAAC,CAAA;IAChF,8BAA8B,CAAC,iBAAiB,EAAE,KAAK,EAAE,WAAW,CAAC,UAAU,CAAC,CAAA;IAChF,8BAA8B,CAAC,iBAAiB,EAAE,UAAU,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAA;IACjF,8BAA8B,CAAC,iBAAiB,EAAE,UAAU,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAA;IACjF,8BAA8B,CAC5B,iBAAiB,EACjB,oBAAoB,EACpB,0BAA0B,CAAC,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC,CAAC,CAAC,EAAE,CAC/D,CAAA;IAED,IAAI,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,OAAO,iBAAiB,CAAA;IAC1B,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;;GAKG;AACH,SAAS,8BAA8B,CACrC,iBAA6C,EAC7C,GAA4B,EAC5B,QAIG;IAEH,MAAM,KAAK,GAAuB,EAAE,CAAA;IACpC,MAAM,IAAI,GAAuB,EAAE,CAAA;IACnC,MAAM,aAAa,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC;QACnD,GAAG,QAAQ,CAAC,eAAe;QAC3B,GAAG,QAAQ,CAAC,cAAc;QAC1B,GAAG,QAAQ,CAAC,mBAAmB;KAChC,CAAC,CAAA;IAEF,KAAK,MAAM,SAAS,IAAI,aAAa,EAAE,CAAC;QACtC,IAAI,SAAS,CAAC,iBAAiB,IAAI,SAAS,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1E,IAAI,SAAS,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,CAAC;gBAClC,KAAK,CAAC,IAAI,CACR,GAAG,SAAS,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACzC,EAAE,EAAE,CAAC,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE;oBACzB,GAAG,EAAE,CAAC,CAAC,YAAY,EAAE;oBACrB,MAAM,EAAE,CAAC,CAAC,eAAe,EAAE;iBAC5B,CAAC,CAAC,CACJ,CAAA;YACH,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,IAAI,CACP,GAAG,SAAS,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACzC,EAAE,EAAE,CAAC,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE;oBACzB,GAAG,EAAE,CAAC,CAAC,YAAY,EAAE;oBACrB,MAAM,EAAE,CAAC,CAAC,eAAe,EAAE;iBAC5B,CAAC,CAAC,CACJ,CAAA;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,OAAM;IACR,CAAC;IACD,MAAM,QAAQ,GAA+C,EAAE,CAAA;IAC/D,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrB,QAAQ,CAAC,KAAK,GAAG,KAAK,CAAA;IACxB,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpB,QAAQ,CAAC,IAAI,GAAG,IAAI,CAAA;IACtB,CAAC;IACD,iBAAiB,CAAC,GAAG,CAAC,GAAG,QAAsD,CAAA;AACjF,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,sBAAsB,CAC7B,WAAwB,EACxB,WAAwB,EACxB,gBAAkC,EAClC,gBAAkC,EAClC,0BAA6C;IAE7C,OAAO,CACL,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC;QAC7F,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CACjC,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAC7D;QACD,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC;QAC7F,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CACjC,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAC7D;QACD,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB,CAAC;QACtE,gBAAgB,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB,CAAC;QAC1E,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB,CAAC;QACtE,gBAAgB,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB,CAAC;QAC1E,0BAA0B,EAAE,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB,CAAC;QACjF,0BAA0B,EAAE,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB,CAAC;QACrF,KAAK,CACN,CAAA;AACH,CAAC"}
|
|
1
|
+
{"version":3,"file":"CoreSimulatorEngine.js","sourceRoot":"","sources":["../../../src/core_engine/CoreSimulatorEngine.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,8BAA8B,EAAE,MAAM,qBAAqB,CAAA;AACpE,OAAO,EAAwB,wBAAwB,EAAE,MAAM,2BAA2B,CAAA;AAa1F,OAAO,EAAwB,iCAAiC,EAAE,MAAM,2BAA2B,CAAA;AAEnG,OAAO,EAAE,gCAAgC,EAAE,MAAM,yBAAyB,CAAA;AAC1E,OAAO,EAAE,wBAAwB,EAAE,MAAM,yCAAyC,CAAA;AAClF,OAAO,EAAE,oBAAoB,EAAE,MAAM,qCAAqC,CAAA;AAC1E,OAAO,EAAE,oBAAoB,EAAE,MAAM,qCAAqC,CAAA;AAE1E,OAAO,EAAE,oBAAoB,EAAE,MAAM,qCAAqC,CAAA;AAC1E,OAAO,EACL,uBAAuB,EACvB,6BAA6B,EAC7B,uBAAuB,EAEvB,gBAAgB,EACjB,MAAM,yBAAyB,CAAA;AAEhC,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAU,CAAA;AAyFpE,MAAM,cAAc,GAAgD;IAClE,GAAG,EAAE,oBAAoB;IACzB,GAAG,EAAE,oBAAoB;IACzB,GAAG,EAAE,oBAAoB;CAC1B,CAAA;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,SAAS,CAAC,OAA6B;IACrD,MAAM,8BAA8B,GAClC,CAAC,CAAC,OAAO,CAAC,oBAAoB,IAAI,OAAO,CAAC,oBAAoB,CAAC,MAAM,GAAG,CAAC,CAAA;IAC3E,MAAM,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAA;IAEzD,MAAM,gBAAgB,GAAG,uBAAuB,CAC9C,OAAO,CAAC,gBAAgB,EACxB,OAAO,CAAC,OAAO,EACf,oBAAoB,CACrB,CAAA;IAED,MAAM,0BAA0B,GAAG,iCAAiC,CAClE,OAAO,CAAC,oBAAoB,EAC5B,OAAO,CAAC,OAAO,EACf,oBAAoB,CACrB,CAAA;IAED,MAAM,WAAW,GAAG,sBAAsB,CACxC,OAAO,CAAC,sBAAsB,EAC9B,OAAO,CAAC,OAAO,EACf,oBAAoB,CACN,CAAA;IAEhB,MAAM,WAAW,GAAG,sBAAsB,CACxC,OAAO,CAAC,uBAAuB,EAC/B,OAAO,CAAC,OAAO,EACf,oBAAoB,CACN,CAAA;IAEhB,MAAM,gBAAgB,GAAG,qBAAqB,CAC5C,OAAO,CAAC,cAAc,EACtB,OAAO,CAAC,OAAO,EACf,8BAA8B,EAC9B,oBAAoB,CACrB,CAAA;IAED,MAAM,sBAAsB,GAAG,0BAA0B,CACvD,OAAO,CAAC,mBAAmB,EAC3B,OAAO,CAAC,OAAO,EACf,oBAAoB,CACrB,CAAA;IAED,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAA;IACvD,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,CAAC;QACzC,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,gBAAgB;QAChB,WAAW;QACX,WAAW;QACX,gBAAgB;QAChB,0BAA0B;QAC1B,sBAAsB;QACtB,oBAAoB;KACrB,CAAC,CAAA;IAEF,IAAI,oBAAoB,CAAC,cAAc,KAAK,WAAW,EAAE,CAAC;QACxD,MAAM,CAAC,iBAAiB,GAAG,yBAAyB,CAClD,WAAW,EACX,WAAW,EACX,gBAAgB,EAChB,gBAAgB,EAChB,0BAA0B,EAC1B,sBAAsB,CACvB,CAAA;QACD,MAAM,CAAC,sBAAsB,GAAG,sBAAsB,CACpD,WAAW,EACX,WAAW,EACX,gBAAgB,EAChB,gBAAgB,EAChB,0BAA0B,CAC3B,CAAA;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,oBAAoB,CAAC,OAA6B;IAChE,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,WAAW,EAAE,CAAA;IAClE,IAAI,cAAc,CAAC,WAAW,CAAC,EAAE,CAAC;QAChC,OAAO,IAAI,cAAc,CAAC,WAAW,CAAC,EAAE,CAAA;IAC1C,CAAC;IACD,OAAO,IAAI,wBAAwB,EAAE,CAAA;AACvC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CACrC,gBAAkC,EAClC,OAAmB,EACnB,oBAA0C;IAE1C,MAAM,gBAAgB,GAAqB;QACzC,MAAM,EAAE,kBAAkB;QAC1B,eAAe,EAAE,EAAE;QACnB,cAAc,EAAE,EAAE;QAClB,mBAAmB,EAAE,EAAE;KACxB,CAAA;IAED,KAAK,MAAM,MAAM,IAAI,gBAAgB,EAAE,CAAC;QACtC,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;YAC5C,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,eAAe,EAAE,GAAG,gCAAgC,CAC3F,OAAO,EACP,SAAS,CACV,CAAA;YACD,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa,EAAE,GAAG,8BAA8B,CACrF,OAAO,EACP,SAAS,CACV,CAAA;YACD,MAAM,EACJ,OAAO,EAAE,cAAc,EACvB,OAAO,EAAE,gBAAgB,EACzB,iBAAiB,EAClB,GAAG,wBAAwB,CAC1B,OAAO,EACP,SAAS,CAAC,UAAU,EAAE,EACtB,SAAS,CAAC,MAAM,EAAsB,EACtC,oBAAoB,CACrB,CAAA;YAED,MAAM,cAAc,GAAyB,OAAO,CAAA;YACpD,MAAM,YAAY,GAAG,gBAAgB,CAAC;gBACpC,WAAW;gBACX,cAAc;gBACd,cAAc;gBACd,aAAa;aACd,CAAC,CAAA;YAEF,MAAM,6BAA6B,GAAG,uBAAuB,CAAC;gBAC5D,WAAW;gBACX,cAAc;gBACd,aAAa;aACd,CAAC,CAAA;YAEF,MAAM,iBAAiB,GAAsB;gBAC3C,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,IAAI;gBAChC,SAAS;gBACT,aAAa;gBACb,WAAW;gBACX,cAAc;gBACd,cAAc;gBACd,iBAAiB,EAAE,6BAA6B,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS;gBAChF,OAAO,EAAE,oBAAoB,CAC3B,SAAS,EACT,YAAY,EACZ,WAAW,EACX,cAAc,EACd,aAAa,EACb,cAAc,EACd,EAAE,GAAG,eAAe,EAAE,GAAG,aAAa,EAAE,GAAG,gBAAgB,EAAE,CAC9D;aACF,CAAA;YAED,IAAI,6BAA6B,CAAC,iBAAiB,CAAC,EAAE,CAAC;gBACrD,gBAAgB,CAAC,cAAc,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;YACzD,CAAC;iBAAM,IAAI,uBAAuB,CAAC,iBAAiB,CAAC,EAAE,CAAC;gBACtD,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;YAC1D,CAAC;iBAAM,CAAC;gBACN,gBAAgB,CAAC,mBAAmB,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;YAC9D,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,gBAAgB,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/C,gBAAgB,CAAC,MAAM,GAAG,kBAAkB,CAAA;IAC9C,CAAC;SAAM,IAAI,gBAAgB,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvD,gBAAgB,CAAC,MAAM,GAAG,SAAS,CAAA;IACrC,CAAC;IAED,OAAO,gBAAgB,CAAA;AACzB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,sBAAsB,CACpC,eAAkC,EAClC,OAAmB,EACnB,oBAA0C;IAE1C,MAAM,QAAQ,GAAoB,EAAE,CAAA;IACpC,KAAK,MAAM,aAAa,IAAI,eAAe,EAAE,CAAC;QAC5C,MAAM,UAAU,GAAkB;YAChC,aAAa,EAAE,aAAa,CAAC,aAAa;YAC1C,MAAM,EAAE,kBAAkB;YAC1B,eAAe,EAAE,EAAE;YACnB,cAAc,EAAE,EAAE;YAClB,mBAAmB,EAAE,EAAE;SACxB,CAAA;QACD,KAAK,MAAM,MAAM,IAAI,aAAa,CAAC,QAAQ,EAAE,CAAC;YAC5C,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;gBAC5C,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,eAAe,EAAE,GACxD,gCAAgC,CAAC,OAAO,EAAE,SAAS,CAAC,CAAA;gBACtD,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa,EAAE,GAAG,8BAA8B,CACrF,OAAO,EACP,SAAS,CACV,CAAA;gBACD,MAAM,EACJ,OAAO,EAAE,cAAc,EACvB,OAAO,EAAE,gBAAgB,EACzB,iBAAiB,EAClB,GAAG,wBAAwB,CAC1B,OAAO,EACP,SAAS,CAAC,UAAU,EAAE,EACtB,SAAS,CAAC,MAAM,EAAsB,EACtC,oBAAoB,CACrB,CAAA;gBAED,MAAM,cAAc,GAAyB,OAAO,CAAA;gBACpD,MAAM,YAAY,GAAG,gBAAgB,CAAC;oBACpC,WAAW;oBACX,cAAc;oBACd,cAAc;oBACd,aAAa;iBACd,CAAC,CAAA;gBAEF,MAAM,6BAA6B,GAAG,uBAAuB,CAAC;oBAC5D,WAAW;oBACX,cAAc;oBACd,aAAa;iBACd,CAAC,CAAA;gBAEF,MAAM,iBAAiB,GAAsB;oBAC3C,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,IAAI;oBAChC,SAAS;oBACT,aAAa;oBACb,WAAW;oBACX,cAAc;oBACd,cAAc;oBACd,iBAAiB,EAAE,6BAA6B,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE;oBACzE,OAAO,EAAE,oBAAoB,CAC3B,SAAS,EACT,YAAY,EACZ,WAAW,EACX,cAAc,EACd,aAAa,EACb,cAAc,EACd,EAAE,GAAG,eAAe,EAAE,GAAG,aAAa,EAAE,GAAG,gBAAgB,EAAE,CAC9D;iBACF,CAAA;gBAED,IAAI,uBAAuB,CAAC,iBAAiB,CAAC,EAAE,CAAC;oBAC/C,UAAU,CAAC,eAAe,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;gBACpD,CAAC;qBAAM,IAAI,6BAA6B,CAAC,iBAAiB,CAAC,EAAE,CAAC;oBAC5D,UAAU,CAAC,cAAc,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;gBACnD,CAAC;qBAAM,CAAC;oBACN,UAAU,CAAC,mBAAmB,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;gBACxD,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzC,UAAU,CAAC,MAAM,GAAG,kBAAkB,CAAA;QACxC,CAAC;aAAM,IAAI,UAAU,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjD,UAAU,CAAC,MAAM,GAAG,SAAS,CAAA;QAC/B,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IAC3B,CAAC;IAED,IAAI,aAAa,GAAqB,kBAAkB,CAAA;IACxD,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,MAAM,KAAK,kBAAkB,CAAC,EAAE,CAAC;QAC5D,aAAa,GAAG,kBAAkB,CAAA;IACpC,CAAC;SAAM,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;QAClE,aAAa,GAAG,kBAAkB,CAAA;IACpC,CAAC;SAAM,IAAI,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,MAAM,KAAK,SAAS,CAAC,EAAE,CAAC;QAC3D,aAAa,GAAG,SAAS,CAAA;IAC3B,CAAC;IAED,OAAO;QACL,MAAM,EAAE,aAAa;QACrB,UAAU,EAAE,QAAQ;KACrB,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CACnC,cAA0C,EAC1C,OAAmB,EACnB,8BAAuC,EACvC,oBAA0C;IAE1C,MAAM,gBAAgB,GAAqB;QACzC,MAAM,EAAE,eAAe;QACvB,eAAe,EAAE,EAAE;QACnB,cAAc,EAAE,EAAE;QAClB,mBAAmB,EAAE,EAAE;KACxB,CAAA;IAED,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO,gBAAgB,CAAA;IACzB,CAAC;IAED,MAAM,qBAAqB,GAA2B;QACpD,OAAO;QACP,kBAAkB;QAClB,kBAAkB;KACnB,CAAA;IAED,KAAK,MAAM,SAAS,IAAI,cAAc,CAAC,UAAU,EAAE,EAAE,CAAC;QACpD,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,eAAe,EAAE,GAAG,gCAAgC,CAC3F,OAAO,EACP,SAAS,CACV,CAAA;QACD,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa,EAAE,GAAG,8BAA8B,CACrF,OAAO,EACP,SAAS,CACV,CAAA;QACD,IAAI,EACF,OAAO,EAAE,cAAc,EACvB,OAAO,EAAE,gBAAgB,EACzB,sBAAsB,EACvB,GAAG,iCAAiC,CAAC,OAAO,EAAE,SAAS,EAAE,oBAAoB,CAAC,CAAA;QAE/E,MAAM,yBAAyB,GAAqD,EAAE,CAAA;QAEtF;;;;;;;;;;;WAWG;QACH,IACE,8BAA8B;YAC9B,SAAS,CAAC,uBAAuB,EAAE;YACnC,SAAS,CAAC,MAAM,EAAE,KAAK,MAAM,EAC7B,CAAC;YACD,cAAc,GAAG,OAAO,CAAA;YACxB,yBAAyB,CAAC,sBAAsB,GAAG,IAAI,CAAA;QACzD,CAAC;QAED,MAAM,EACJ,OAAO,EAAE,cAAc,EACvB,OAAO,EAAE,gBAAgB,EACzB,iBAAiB,EAClB,GAAG,wBAAwB,CAC1B,OAAO,EACP,SAAS,CAAC,UAAU,EAAE,EACtB,SAAS,CAAC,MAAM,EAAsB,EACtC,oBAAoB,CACrB,CAAA;QAED,MAAM,YAAY,GAAG,gBAAgB,CAAC;YACpC,WAAW;YACX,cAAc;YACd,cAAc;YACd,aAAa;SACd,CAAC,CAAA;QAEF,MAAM,6BAA6B,GAAG,uBAAuB,CAAC;YAC5D,WAAW;YACX,cAAc;YACd,aAAa;SACd,CAAC,CAAA;QAEF,MAAM,QAAQ,GAAsB;YAClC,QAAQ,EAAE,cAAc,CAAC,QAAQ,EAAE,CAAC,IAAI;YACxC,SAAS;YACT,aAAa,EAAE,aAAa;YAC5B,WAAW;YACX,cAAc;YACd,cAAc;YACd,iBAAiB,EAAE,6BAA6B,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS;YAChF,sBAAsB;YACtB,OAAO,EAAE,oBAAoB,CAC3B,SAAS,EACT,YAAY,EACZ,WAAW,EACX,cAAc,EACd,aAAa,EACb,cAAc,EACd,EAAE,GAAG,eAAe,EAAE,GAAG,aAAa,EAAE,GAAG,gBAAgB,EAAE,GAAG,gBAAgB,EAAE,CACnF;SACF,CAAA;QACD,IAAI,6BAA6B,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;YACrF,gBAAgB,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAChD,CAAC;aAAM,IAAI,uBAAuB,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;YACtF,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACjD,CAAC;aAAM,CAAC;YACN,gBAAgB,CAAC,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACrD,CAAC;IACH,CAAC;IAED,IACE,gBAAgB,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,EAC7F,CAAC;QACD,gBAAgB,CAAC,MAAM,GAAG,kBAAkB,CAAA;IAC9C,CAAC;SAAM,IACL,gBAAgB,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,mBAAmB,CAAC,EACrF,CAAC;QACD,gBAAgB,CAAC,MAAM,GAAG,kBAAkB,CAAA;IAC9C,CAAC;SAAM,IACL,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,EAC9F,CAAC;QACD,gBAAgB,CAAC,MAAM,GAAG,SAAS,CAAA;IACrC,CAAC;SAAM,IACL,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,mBAAmB,CAAC,EACtF,CAAC;QACD,gBAAgB,CAAC,MAAM,GAAG,mBAAmB,CAAA;IAC/C,CAAC;SAAM,CAAC;QACN,gBAAgB,CAAC,MAAM,GAAG,kBAAkB,CAAA;IAC9C,CAAC;IAED,OAAO,gBAAgB,CAAA;AACzB,CAAC;AAED,MAAM,UAAU,iCAAiC,CAC/C,oBAAkD,EAClD,OAAmB,EACnB,oBAA0C;IAE1C,IAAI,CAAC,oBAAoB,IAAI,oBAAoB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/D,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,OAAO,uBAAuB,CAAC,oBAAoB,EAAE,OAAO,EAAE,oBAAoB,CAAC,CAAA;AACrF,CAAC;AAED,MAAM,UAAU,0BAA0B,CACxC,mBAAiD,EACjD,OAAmB,EACnB,oBAA0C;IAE1C,IAAI,CAAC,mBAAmB,IAAI,mBAAmB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7D,OAAO,SAAS,CAAA;IAClB,CAAC;IACD,OAAO,uBAAuB,CAAC,mBAAmB,EAAE,OAAO,EAAE,oBAAoB,CAAC,CAAA;AACpF,CAAC;AAED,SAAS,oBAAoB,CAC3B,SAAoB,EACpB,YAAqB,EACrB,WAAoB,EACpB,cAAqC,EACrC,aAAsB,EACtB,cAAoC,EACpC,OAAkC;IAElC,OAAO;QACL,MAAM,EAAE,SAAS,CAAC,MAAM,EAAE;QAC1B,UAAU,EAAE,SAAS,CAAC,GAAG,EAAE,IAAI,SAAS,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE;QAC3D,OAAO,EAAE,YAAY;QACrB,WAAW;QACX,cAAc;QACd,aAAa;QACb,cAAc,EAAE,cAAc,KAAK,OAAO;QAC1C,GAAG,OAAO;KACX,CAAA;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,yBAAyB,CAChC,WAAwB,EACxB,WAAwB,EACxB,gBAAkC,EAClC,gBAAkC,EAClC,0BAA6C,EAC7C,sBAAyC;IAEzC,MAAM,iBAAiB,GAAsB,EAAE,CAAA;IAC/C,8BAA8B,CAAC,iBAAiB,EAAE,KAAK,EAAE,WAAW,CAAC,UAAU,CAAC,CAAA;IAChF,8BAA8B,CAAC,iBAAiB,EAAE,KAAK,EAAE,WAAW,CAAC,UAAU,CAAC,CAAA;IAChF,8BAA8B,CAAC,iBAAiB,EAAE,UAAU,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAA;IACjF,8BAA8B,CAAC,iBAAiB,EAAE,UAAU,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAA;IACjF,8BAA8B,CAC5B,iBAAiB,EACjB,oBAAoB,EACpB,0BAA0B,CAAC,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC,CAAC,CAAC,EAAE,CAC/D,CAAA;IACD,8BAA8B,CAC5B,iBAAiB,EACjB,gBAAgB,EAChB,sBAAsB,CAAC,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC,EAAE,CACvD,CAAA;IAED,IAAI,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,OAAO,iBAAiB,CAAA;IAC1B,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;;GAKG;AACH,SAAS,8BAA8B,CACrC,iBAA6C,EAC7C,GAA4B,EAC5B,QAIG;IAEH,MAAM,KAAK,GAAuB,EAAE,CAAA;IACpC,MAAM,IAAI,GAAuB,EAAE,CAAA;IACnC,MAAM,aAAa,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC;QACnD,GAAG,QAAQ,CAAC,eAAe;QAC3B,GAAG,QAAQ,CAAC,cAAc;QAC1B,GAAG,QAAQ,CAAC,mBAAmB;KAChC,CAAC,CAAA;IAEF,KAAK,MAAM,SAAS,IAAI,aAAa,EAAE,CAAC;QACtC,IAAI,SAAS,CAAC,iBAAiB,IAAI,SAAS,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1E,IAAI,SAAS,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,CAAC;gBAClC,KAAK,CAAC,IAAI,CACR,GAAG,SAAS,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACzC,EAAE,EAAE,CAAC,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE;oBACzB,GAAG,EAAE,CAAC,CAAC,YAAY,EAAE;oBACrB,MAAM,EAAE,CAAC,CAAC,eAAe,EAAE;iBAC5B,CAAC,CAAC,CACJ,CAAA;YACH,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,IAAI,CACP,GAAG,SAAS,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACzC,EAAE,EAAE,CAAC,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE;oBACzB,GAAG,EAAE,CAAC,CAAC,YAAY,EAAE;oBACrB,MAAM,EAAE,CAAC,CAAC,eAAe,EAAE;iBAC5B,CAAC,CAAC,CACJ,CAAA;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,OAAM;IACR,CAAC;IACD,MAAM,QAAQ,GAA+C,EAAE,CAAA;IAC/D,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrB,QAAQ,CAAC,KAAK,GAAG,KAAK,CAAA;IACxB,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpB,QAAQ,CAAC,IAAI,GAAG,IAAI,CAAA;IACtB,CAAC;IACD,iBAAiB,CAAC,GAAG,CAAC,GAAG,QAAsD,CAAA;AACjF,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,sBAAsB,CAC7B,WAAwB,EACxB,WAAwB,EACxB,gBAAkC,EAClC,gBAAkC,EAClC,0BAA6C;IAE7C,OAAO,CACL,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC;QAC7F,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CACjC,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAC7D;QACD,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC;QAC7F,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CACjC,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAC7D;QACD,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB,CAAC;QACtE,gBAAgB,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB,CAAC;QAC1E,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB,CAAC;QACtE,gBAAgB,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB,CAAC;QAC1E,0BAA0B,EAAE,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB,CAAC;QACjF,0BAA0B,EAAE,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB,CAAC;QACrF,KAAK,CACN,CAAA;AACH,CAAC"}
|
package/dist/esm/evaluate.d.ts
CHANGED
|
@@ -70,6 +70,10 @@ export interface IgnoredConditions {
|
|
|
70
70
|
allow?: IgnoredCondition[];
|
|
71
71
|
deny?: IgnoredCondition[];
|
|
72
72
|
};
|
|
73
|
+
endpointPolicy?: {
|
|
74
|
+
allow?: IgnoredCondition[];
|
|
75
|
+
deny?: IgnoredCondition[];
|
|
76
|
+
};
|
|
73
77
|
}
|
|
74
78
|
/**
|
|
75
79
|
* The analysis of a request.
|
|
@@ -103,6 +107,10 @@ export interface RequestAnalysis {
|
|
|
103
107
|
* The result of the evaluation of the permission boundary.
|
|
104
108
|
*/
|
|
105
109
|
permissionBoundaryAnalysis?: IdentityAnalysis | undefined;
|
|
110
|
+
/**
|
|
111
|
+
* The result of the evaluation of the VPC endpoint policies, if any.
|
|
112
|
+
*/
|
|
113
|
+
endpointPolicyAnalysis?: IdentityAnalysis | undefined;
|
|
106
114
|
/**
|
|
107
115
|
* Any conditions that were ignored during discovery mode.
|
|
108
116
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"evaluate.d.ts","sourceRoot":"","sources":["../../src/evaluate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAE1D,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,kBAAkB,GAAG,kBAAkB,CAAA;AAClF,MAAM,MAAM,wBAAwB,GAChC,eAAe,GACf,SAAS,GACT,kBAAkB,GAClB,mBAAmB,GACnB,kBAAkB,GAClB,kBAAkB,CAAA;AAEtB,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,gBAAgB,CAAA;IACxB,cAAc,EAAE,iBAAiB,EAAE,CAAA;IACnC,eAAe,EAAE,iBAAiB,EAAE,CAAA;IACpC,mBAAmB,EAAE,iBAAiB,EAAE,CAAA;CACzC;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,wBAAwB,CAAA;IAChC,cAAc,EAAE,iBAAiB,EAAE,CAAA;IACnC,eAAe,EAAE,iBAAiB,EAAE,CAAA;IACpC,mBAAmB,EAAE,iBAAiB,EAAE,CAAA;CACzC;AAED,MAAM,WAAW,aAAa;IAC5B,aAAa,EAAE,MAAM,CAAA;IACrB,MAAM,EAAE,gBAAgB,CAAA;IACxB,cAAc,EAAE,iBAAiB,EAAE,CAAA;IACnC,eAAe,EAAE,iBAAiB,EAAE,CAAA;IACpC,mBAAmB,EAAE,iBAAiB,EAAE,CAAA;CACzC;AAED,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,MAAM,EAAE,gBAAgB,CAAA;IACxB,UAAU,EAAE,aAAa,EAAE,CAAA;CAC5B;AAED,MAAM,WAAW,aAAa;IAC5B,aAAa,EAAE,MAAM,CAAA;IACrB,MAAM,EAAE,gBAAgB,CAAA;IACxB,cAAc,EAAE,iBAAiB,EAAE,CAAA;IACnC,eAAe,EAAE,iBAAiB,EAAE,CAAA;IACpC,mBAAmB,EAAE,iBAAiB,EAAE,CAAA;CACzC;AAED,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,MAAM,EAAE,gBAAgB,CAAA;IACxB,UAAU,EAAE,aAAa,EAAE,CAAA;CAC5B;AAED,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAA;IACV,GAAG,EAAE,MAAM,CAAA;IACX,MAAM,EAAE,MAAM,EAAE,CAAA;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,GAAG,CAAC,EAAE;QACJ,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;IACD,GAAG,CAAC,EAAE;QACJ,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;IACD,QAAQ,CAAC,EAAE;QACT,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;IACD,QAAQ,CAAC,EAAE;QACT,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;IACD,kBAAkB,CAAC,EAAE;QACnB,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;CACF;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,MAAM,EAAE,gBAAgB,CAAA;IAExB;;OAEG;IACH,WAAW,EAAE,OAAO,CAAA;IAEpB;;OAEG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,CAAA;IAEnC;;OAEG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,CAAA;IAEnC;;OAEG;IACH,WAAW,CAAC,EAAE,WAAW,CAAA;IAEzB;;OAEG;IACH,WAAW,CAAC,EAAE,WAAW,CAAA;IAEzB;;OAEG;IACH,0BAA0B,CAAC,EAAE,gBAAgB,GAAG,SAAS,CAAA;IAEzD;;OAEG;IACH,iBAAiB,CAAC,EAAE,iBAAiB,CAAA;IAErC;;OAEG;IACH,sBAAsB,CAAC,EAAE,OAAO,CAAA;CACjC"}
|
|
1
|
+
{"version":3,"file":"evaluate.d.ts","sourceRoot":"","sources":["../../src/evaluate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAE1D,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,kBAAkB,GAAG,kBAAkB,CAAA;AAClF,MAAM,MAAM,wBAAwB,GAChC,eAAe,GACf,SAAS,GACT,kBAAkB,GAClB,mBAAmB,GACnB,kBAAkB,GAClB,kBAAkB,CAAA;AAEtB,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,gBAAgB,CAAA;IACxB,cAAc,EAAE,iBAAiB,EAAE,CAAA;IACnC,eAAe,EAAE,iBAAiB,EAAE,CAAA;IACpC,mBAAmB,EAAE,iBAAiB,EAAE,CAAA;CACzC;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,wBAAwB,CAAA;IAChC,cAAc,EAAE,iBAAiB,EAAE,CAAA;IACnC,eAAe,EAAE,iBAAiB,EAAE,CAAA;IACpC,mBAAmB,EAAE,iBAAiB,EAAE,CAAA;CACzC;AAED,MAAM,WAAW,aAAa;IAC5B,aAAa,EAAE,MAAM,CAAA;IACrB,MAAM,EAAE,gBAAgB,CAAA;IACxB,cAAc,EAAE,iBAAiB,EAAE,CAAA;IACnC,eAAe,EAAE,iBAAiB,EAAE,CAAA;IACpC,mBAAmB,EAAE,iBAAiB,EAAE,CAAA;CACzC;AAED,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,MAAM,EAAE,gBAAgB,CAAA;IACxB,UAAU,EAAE,aAAa,EAAE,CAAA;CAC5B;AAED,MAAM,WAAW,aAAa;IAC5B,aAAa,EAAE,MAAM,CAAA;IACrB,MAAM,EAAE,gBAAgB,CAAA;IACxB,cAAc,EAAE,iBAAiB,EAAE,CAAA;IACnC,eAAe,EAAE,iBAAiB,EAAE,CAAA;IACpC,mBAAmB,EAAE,iBAAiB,EAAE,CAAA;CACzC;AAED,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,MAAM,EAAE,gBAAgB,CAAA;IACxB,UAAU,EAAE,aAAa,EAAE,CAAA;CAC5B;AAED,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAA;IACV,GAAG,EAAE,MAAM,CAAA;IACX,MAAM,EAAE,MAAM,EAAE,CAAA;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,GAAG,CAAC,EAAE;QACJ,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;IACD,GAAG,CAAC,EAAE;QACJ,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;IACD,QAAQ,CAAC,EAAE;QACT,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;IACD,QAAQ,CAAC,EAAE;QACT,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;IACD,kBAAkB,CAAC,EAAE;QACnB,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;IACD,cAAc,CAAC,EAAE;QACf,KAAK,CAAC,EAAE,gBAAgB,EAAE,CAAA;QAC1B,IAAI,CAAC,EAAE,gBAAgB,EAAE,CAAA;KAC1B,CAAA;CACF;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,MAAM,EAAE,gBAAgB,CAAA;IAExB;;OAEG;IACH,WAAW,EAAE,OAAO,CAAA;IAEpB;;OAEG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,CAAA;IAEnC;;OAEG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,CAAA;IAEnC;;OAEG;IACH,WAAW,CAAC,EAAE,WAAW,CAAA;IAEzB;;OAEG;IACH,WAAW,CAAC,EAAE,WAAW,CAAA;IAEzB;;OAEG;IACH,0BAA0B,CAAC,EAAE,gBAAgB,GAAG,SAAS,CAAA;IAEzD;;OAEG;IACH,sBAAsB,CAAC,EAAE,gBAAgB,GAAG,SAAS,CAAA;IAErD;;OAEG;IACH,iBAAiB,CAAC,EAAE,iBAAiB,CAAA;IAErC;;OAEG;IACH,sBAAsB,CAAC,EAAE,OAAO,CAAA;CACjC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DefaultServiceAuthorizer.d.ts","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAA;AAC/D,OAAO,EAAE,2BAA2B,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAEvF;;GAEG;AACH,qBAAa,wBAAyB,YAAW,iBAAiB;IAChE;;;;;OAKG;IACI,SAAS,CAAC,OAAO,EAAE,2BAA2B,GAAG,eAAe;
|
|
1
|
+
{"version":3,"file":"DefaultServiceAuthorizer.d.ts","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAA;AAC/D,OAAO,EAAE,2BAA2B,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAEvF;;GAEG;AACH,qBAAa,wBAAyB,YAAW,iBAAiB;IAChE;;;;;OAKG;IACI,SAAS,CAAC,OAAO,EAAE,2BAA2B,GAAG,eAAe;IAqNvE;;;;;;OAMG;IACH,6BAA6B,CAC3B,WAAW,EAAE,OAAO,EACpB,gBAAgB,EAAE,gBAAgB,EAClC,QAAQ,EAAE,eAAe,GACxB,OAAO;CASX"}
|
|
@@ -15,6 +15,7 @@ export class DefaultServiceAuthorizer {
|
|
|
15
15
|
const identityStatementResult = request.identityAnalysis.result;
|
|
16
16
|
const resourcePolicyResult = request.resourceAnalysis?.result;
|
|
17
17
|
const permissionBoundaryResult = request.permissionBoundaryAnalysis?.result;
|
|
18
|
+
const endpointPolicyResult = request.endpointPolicyAnalysis?.result;
|
|
18
19
|
const principalAccount = request.request.principal.accountId();
|
|
19
20
|
const resourceAccount = request.request.resource?.accountId();
|
|
20
21
|
const sameAccount = principalAccount === resourceAccount;
|
|
@@ -24,7 +25,8 @@ export class DefaultServiceAuthorizer {
|
|
|
24
25
|
scpAnalysis: request.scpAnalysis,
|
|
25
26
|
rcpAnalysis: request.rcpAnalysis,
|
|
26
27
|
resourceAnalysis: request.resourceAnalysis,
|
|
27
|
-
permissionBoundaryAnalysis: request.permissionBoundaryAnalysis
|
|
28
|
+
permissionBoundaryAnalysis: request.permissionBoundaryAnalysis,
|
|
29
|
+
endpointPolicyAnalysis: request.endpointPolicyAnalysis
|
|
28
30
|
};
|
|
29
31
|
if (scpResult !== 'Allowed') {
|
|
30
32
|
return {
|
|
@@ -38,6 +40,13 @@ export class DefaultServiceAuthorizer {
|
|
|
38
40
|
...baseResult
|
|
39
41
|
};
|
|
40
42
|
}
|
|
43
|
+
if (endpointPolicyResult === 'ExplicitlyDenied' ||
|
|
44
|
+
endpointPolicyResult === 'ImplicitlyDenied') {
|
|
45
|
+
return {
|
|
46
|
+
result: endpointPolicyResult,
|
|
47
|
+
...baseResult
|
|
48
|
+
};
|
|
49
|
+
}
|
|
41
50
|
if (resourcePolicyResult === 'ExplicitlyDenied' ||
|
|
42
51
|
resourcePolicyResult === 'DeniedForAccount') {
|
|
43
52
|
return {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DefaultServiceAuthorizer.js","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,EACZ,YAAY,EACZ,kBAAkB,EACnB,MAAM,0BAA0B,CAAA;AAKjC;;GAEG;AACH,MAAM,OAAO,wBAAwB;IACnC;;;;;OAKG;IACI,SAAS,CAAC,OAAoC;QACnD,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,MAAM,CAAA;QAC5C,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,MAAM,CAAA;QAC5C,MAAM,uBAAuB,GAAG,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAA;QAC/D,MAAM,oBAAoB,GAAG,OAAO,CAAC,gBAAgB,EAAE,MAAM,CAAA;QAC7D,MAAM,wBAAwB,GAAG,OAAO,CAAC,0BAA0B,EAAE,MAAM,CAAA;
|
|
1
|
+
{"version":3,"file":"DefaultServiceAuthorizer.js","sourceRoot":"","sources":["../../../src/services/DefaultServiceAuthorizer.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,EACZ,YAAY,EACZ,kBAAkB,EACnB,MAAM,0BAA0B,CAAA;AAKjC;;GAEG;AACH,MAAM,OAAO,wBAAwB;IACnC;;;;;OAKG;IACI,SAAS,CAAC,OAAoC;QACnD,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,MAAM,CAAA;QAC5C,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,MAAM,CAAA;QAC5C,MAAM,uBAAuB,GAAG,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAA;QAC/D,MAAM,oBAAoB,GAAG,OAAO,CAAC,gBAAgB,EAAE,MAAM,CAAA;QAC7D,MAAM,wBAAwB,GAAG,OAAO,CAAC,0BAA0B,EAAE,MAAM,CAAA;QAC3E,MAAM,oBAAoB,GAAG,OAAO,CAAC,sBAAsB,EAAE,MAAM,CAAA;QAEnE,MAAM,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,CAAA;QAC9D,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,SAAS,EAAE,CAAA;QAC7D,MAAM,WAAW,GAAG,gBAAgB,KAAK,eAAe,CAAA;QAExD,MAAM,UAAU,GASZ;YACF,WAAW;YACX,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,0BAA0B,EAAE,OAAO,CAAC,0BAA0B;YAC9D,sBAAsB,EAAE,OAAO,CAAC,sBAAsB;SACvD,CAAA;QAED,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,MAAM,EAAE,SAAS;gBACjB,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,MAAM,EAAE,SAAS;gBACjB,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IACE,oBAAoB,KAAK,kBAAkB;YAC3C,oBAAoB,KAAK,kBAAkB,EAC3C,CAAC;YACD,OAAO;gBACL,MAAM,EAAE,oBAAoB;gBAC5B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IACE,oBAAoB,KAAK,kBAAkB;YAC3C,oBAAoB,KAAK,kBAAkB,EAC3C,CAAC;YACD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IAAI,uBAAuB,KAAK,kBAAkB,EAAE,CAAC;YACnD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IAAI,wBAAwB,KAAK,kBAAkB,EAAE,CAAC;YACpD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,qBAAqB;QACrB,IAAI,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC;YAC1D,oEAAoE;YACpE,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;gBACvC,OAAO;oBACL,MAAM,EAAE,SAAS;oBACjB,GAAG,UAAU;iBACd,CAAA;YACH,CAAC;YACD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,cAAc;QACd,IAAI,gBAAgB,KAAK,eAAe,EAAE,CAAC;YACzC,IAAI,wBAAwB,KAAK,kBAAkB,EAAE,CAAC;gBACpD;;;;;;;mBAOG;gBACH,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;oBACvC,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAA;oBACnD,IACE,YAAY,CAAC,SAAS,CAAC;wBACvB,OAAO,CAAC,oBAAoB,CAAC,cAAc,KAAK,WAAW,EAC3D,CAAC;wBACD,IACE,OAAO,CAAC,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAC3C,CAAC,SAAS,EAAE,EAAE,CACZ,SAAS,CAAC,cAAc,KAAK,OAAO,IAAI,SAAS,CAAC,sBAAsB,CAC3E,EACD,CAAC;4BACD,OAAO;gCACL,MAAM,EAAE,SAAS;gCACjB,GAAG,UAAU;6BACd,CAAA;wBACH,CAAC;oBACH,CAAC;oBAED,IACE,gBAAgB,CAAC,SAAS,CAAC;wBAC3B,YAAY,CAAC,SAAS,CAAC;wBACvB,kBAAkB,CAAC,SAAS,CAAC,EAC7B,CAAC;wBACD,IACE,OAAO,CAAC,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAC3C,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,cAAc,KAAK,OAAO,CACpD,EACD,CAAC;4BACD,OAAO;gCACL,MAAM,EAAE,SAAS;gCACjB,GAAG,UAAU;6BACd,CAAA;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,OAAO;oBACL,MAAM,EAAE,kBAAkB;oBAC1B,GAAG,UAAU;iBACd,CAAA;YACH,CAAC;YAED;;;;;;;;cAQE;YAEF,MAAM,cAAc,GAAG,IAAI,CAAC,6BAA6B,CACvD,WAAW,EACX,OAAO,CAAC,gBAAgB,EACxB,OAAO,CAAC,OAAO,CAAC,QAAQ,CACzB,CAAA;YACD,IACE,oBAAoB,KAAK,SAAS;gBAClC,CAAC,cAAc,IAAI,uBAAuB,KAAK,SAAS,CAAC,EACzD,CAAC;gBACD,OAAO;oBACL,MAAM,EAAE,SAAS;oBACjB,GAAG,UAAU;iBACd,CAAA;YACH,CAAC;YACD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,eAAe;QACf,IAAI,wBAAwB,KAAK,kBAAkB,EAAE,CAAC;YACpD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,IAAI,oBAAoB,KAAK,SAAS,IAAI,oBAAoB,KAAK,mBAAmB,EAAE,CAAC;YACvF,IAAI,uBAAuB,KAAK,SAAS,EAAE,CAAC;gBAC1C,OAAO;oBACL,MAAM,EAAE,SAAS;oBACjB,GAAG,UAAU;iBACd,CAAA;YACH,CAAC;YACD,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,UAAU;aACd,CAAA;QACH,CAAC;QAED,OAAO;YACL,MAAM,EAAE,kBAAkB;YAC1B,GAAG,UAAU;SACd,CAAA;QAED;;;;;;;WAOG;IACL,CAAC;IAED;;;;;;OAMG;IACH,6BAA6B,CAC3B,WAAoB,EACpB,gBAAkC,EAClC,QAAyB;QAEzB,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,IAAI,CAAA;QACb,CAAC;QAED,OAAO,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAC1C,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,cAAc,KAAK,mBAAmB,CAChE,CAAA;IACH,CAAC;CACF"}
|
|
@@ -8,6 +8,7 @@ export interface ServiceAuthorizationRequest {
|
|
|
8
8
|
resourceAnalysis: ResourceAnalysis;
|
|
9
9
|
rcpAnalysis: RcpAnalysis;
|
|
10
10
|
permissionBoundaryAnalysis: IdentityAnalysis | undefined;
|
|
11
|
+
endpointPolicyAnalysis: IdentityAnalysis | undefined;
|
|
11
12
|
simulationParameters: SimulationParameters;
|
|
12
13
|
}
|
|
13
14
|
export interface ServiceAuthorizer {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ServiceAuthorizer.d.ts","sourceRoot":"","sources":["../../../src/services/ServiceAuthorizer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,uCAAuC,CAAA;AAC5E,OAAO,EACL,gBAAgB,EAChB,WAAW,EACX,eAAe,EACf,gBAAgB,EAChB,WAAW,EACZ,MAAM,gBAAgB,CAAA;AACvB,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAElD,MAAM,WAAW,2BAA2B;IAC1C,OAAO,EAAE,UAAU,CAAA;IACnB,gBAAgB,EAAE,gBAAgB,CAAA;IAClC,WAAW,EAAE,WAAW,CAAA;IACxB,gBAAgB,EAAE,gBAAgB,CAAA;IAClC,WAAW,EAAE,WAAW,CAAA;IACxB,0BAA0B,EAAE,gBAAgB,GAAG,SAAS,CAAA;IACxD,oBAAoB,EAAE,oBAAoB,CAAA;CAC3C;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,CAAC,OAAO,EAAE,2BAA2B,GAAG,eAAe,CAAA;CACjE"}
|
|
1
|
+
{"version":3,"file":"ServiceAuthorizer.d.ts","sourceRoot":"","sources":["../../../src/services/ServiceAuthorizer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,uCAAuC,CAAA;AAC5E,OAAO,EACL,gBAAgB,EAChB,WAAW,EACX,eAAe,EACf,gBAAgB,EAChB,WAAW,EACZ,MAAM,gBAAgB,CAAA;AACvB,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAElD,MAAM,WAAW,2BAA2B;IAC1C,OAAO,EAAE,UAAU,CAAA;IACnB,gBAAgB,EAAE,gBAAgB,CAAA;IAClC,WAAW,EAAE,WAAW,CAAA;IACxB,gBAAgB,EAAE,gBAAgB,CAAA;IAClC,WAAW,EAAE,WAAW,CAAA;IACxB,0BAA0B,EAAE,gBAAgB,GAAG,SAAS,CAAA;IACxD,sBAAsB,EAAE,gBAAgB,GAAG,SAAS,CAAA;IACpD,oBAAoB,EAAE,oBAAoB,CAAA;CAC3C;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,CAAC,OAAO,EAAE,2BAA2B,GAAG,eAAe,CAAA;CACjE"}
|
|
@@ -38,10 +38,23 @@ export interface Simulation {
|
|
|
38
38
|
* The default Resource Control Policy, RCPFullAWSAccess, is automatically added to the simulation.
|
|
39
39
|
*/
|
|
40
40
|
resourceControlPolicies: SimulationOrgPolicies[];
|
|
41
|
+
/**
|
|
42
|
+
* The resource policy, if any
|
|
43
|
+
*/
|
|
41
44
|
resourcePolicy?: any;
|
|
45
|
+
/**
|
|
46
|
+
* The permission boundary policies, if any.
|
|
47
|
+
*/
|
|
42
48
|
permissionBoundaryPolicies?: {
|
|
43
49
|
name: string;
|
|
44
50
|
policy: any;
|
|
45
51
|
}[];
|
|
52
|
+
/**
|
|
53
|
+
* The VPC endpoint policies, if any.
|
|
54
|
+
*/
|
|
55
|
+
vpcEndpointPolicies?: {
|
|
56
|
+
name: string;
|
|
57
|
+
policy: any;
|
|
58
|
+
}[];
|
|
46
59
|
}
|
|
47
60
|
//# sourceMappingURL=simulation.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"simulation.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/simulation.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,aAAa,EAAE,MAAM,CAAA;IACrB,QAAQ,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,GAAG,CAAA;KAAE,EAAE,CAAA;CAC1C;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,GAAG,CAAA;CACZ;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAA;QACjB,MAAM,EAAE,MAAM,CAAA;QACd,QAAQ,EAAE;YACR,QAAQ,EAAE,MAAM,CAAA;YAChB,SAAS,EAAE,MAAM,CAAA;SAClB,CAAA;QACD,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAA;KACpD,CAAA;IAED,gBAAgB,EAAE,wBAAwB,EAAE,CAAA;IAE5C;;;;OAIG;IACH,sBAAsB,EAAE,qBAAqB,EAAE,CAAA;IAE/C;;;;OAIG;IACH,uBAAuB,EAAE,qBAAqB,EAAE,CAAA;IAEhD,cAAc,CAAC,EAAE,GAAG,CAAA;
|
|
1
|
+
{"version":3,"file":"simulation.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/simulation.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,aAAa,EAAE,MAAM,CAAA;IACrB,QAAQ,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,GAAG,CAAA;KAAE,EAAE,CAAA;CAC1C;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,GAAG,CAAA;CACZ;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAA;QACjB,MAAM,EAAE,MAAM,CAAA;QACd,QAAQ,EAAE;YACR,QAAQ,EAAE,MAAM,CAAA;YAChB,SAAS,EAAE,MAAM,CAAA;SAClB,CAAA;QACD,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAA;KACpD,CAAA;IAED,gBAAgB,EAAE,wBAAwB,EAAE,CAAA;IAE5C;;;;OAIG;IACH,sBAAsB,EAAE,qBAAqB,EAAE,CAAA;IAE/C;;;;OAIG;IACH,uBAAuB,EAAE,qBAAqB,EAAE,CAAA;IAEhD;;OAEG;IACH,cAAc,CAAC,EAAE,GAAG,CAAA;IAEpB;;OAEG;IACH,0BAA0B,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,GAAG,CAAA;KAAE,EAAE,CAAA;IAE5D;;OAEG;IACH,mBAAmB,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,GAAG,CAAA;KAAE,EAAE,CAAA;CACtD"}
|
|
@@ -8,6 +8,7 @@ export interface SimulationErrors {
|
|
|
8
8
|
resourceControlPolicyErrors?: Record<string, ValidationError[]>;
|
|
9
9
|
permissionBoundaryErrors?: Record<string, ValidationError[]>;
|
|
10
10
|
resourcePolicyErrors?: ValidationError[];
|
|
11
|
+
vpcEndpointErrors?: Record<string, ValidationError[]>;
|
|
11
12
|
message: string;
|
|
12
13
|
}
|
|
13
14
|
export interface SimulationResult {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"simulationEngine.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":"AACA,OAAO,EAOL,eAAe,EAChB,MAAM,2BAA2B,CAAA;
|
|
1
|
+
{"version":3,"file":"simulationEngine.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":"AACA,OAAO,EAOL,eAAe,EAChB,MAAM,2BAA2B,CAAA;AAUlC,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAKhD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAiB1D,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAA;IACxD,0BAA0B,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAA;IAC9D,2BAA2B,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAA;IAC/D,wBAAwB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAA;IAC5D,oBAAoB,CAAC,EAAE,eAAe,EAAE,CAAA;IACxC,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAAA;IACrD,OAAO,EAAE,MAAM,CAAA;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,CAAC,EAAE,gBAAgB,CAAA;IACzB,QAAQ,CAAC,EAAE,eAAe,CAAA;IAE1B;;;;;OAKG;IACH,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB;;;;;;;;OAQG;IACH,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAA;CAC9B;AAED;;;;;;GAMG;AACH,wBAAsB,aAAa,CACjC,UAAU,EAAE,UAAU,EACtB,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAC5C,OAAO,CAAC,gBAAgB,CAAC,CAmN3B;AAED,wBAAsB,6BAA6B,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC;IACnF,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAA;IACrD,kBAAkB,EAAE,MAAM,EAAE,CAAA;CAC7B,CAAC,CAoCD"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { iamActionExists, iamServiceExists } from '@cloud-copilot/iam-data';
|
|
2
|
-
import { loadPolicy, validateIdentityPolicy, validateResourceControlPolicy, validateResourcePolicy, validateServiceControlPolicy } from '@cloud-copilot/iam-policy';
|
|
2
|
+
import { loadPolicy, validateEndpointPolicy, validateIdentityPolicy, validateResourceControlPolicy, validateResourcePolicy, validateServiceControlPolicy } from '@cloud-copilot/iam-policy';
|
|
3
3
|
import { isConditionKeyArray } from '../context_keys/contextKeyTypes.js';
|
|
4
4
|
import { normalizeContextKeyCase, typeForContextKey } from '../context_keys/contextKeys.js';
|
|
5
5
|
import { authorize, validSimulationModes } from '../core_engine/CoreSimulatorEngine.js';
|
|
@@ -35,7 +35,7 @@ export async function runSimulation(simulation, simulationOptions) {
|
|
|
35
35
|
const { name, policy } = value;
|
|
36
36
|
const validationErrors = validateIdentityPolicy(policy);
|
|
37
37
|
if (validationErrors.length == 0) {
|
|
38
|
-
identityPolicies.push(loadPolicy(policy));
|
|
38
|
+
identityPolicies.push(loadPolicy(policy, { name }));
|
|
39
39
|
}
|
|
40
40
|
else {
|
|
41
41
|
identityPolicyErrors[name] = validationErrors;
|
|
@@ -52,7 +52,7 @@ export async function runSimulation(simulation, simulationOptions) {
|
|
|
52
52
|
serviceControlPolicyErrors[name] = validationErrors;
|
|
53
53
|
}
|
|
54
54
|
else {
|
|
55
|
-
validPolicies.push(loadPolicy(policy));
|
|
55
|
+
validPolicies.push(loadPolicy(policy, { name }));
|
|
56
56
|
}
|
|
57
57
|
});
|
|
58
58
|
return {
|
|
@@ -64,7 +64,7 @@ export async function runSimulation(simulation, simulationOptions) {
|
|
|
64
64
|
const resourceControlPolicies = simulation.resourceControlPolicies.map((rcp) => {
|
|
65
65
|
const ouId = rcp.orgIdentifier;
|
|
66
66
|
const validPolicies = [];
|
|
67
|
-
validPolicies.push(loadPolicy(DEFAULT_RCP.policy));
|
|
67
|
+
validPolicies.push(loadPolicy(DEFAULT_RCP.policy, { name: DEFAULT_RCP.name }));
|
|
68
68
|
rcp.policies.forEach((value) => {
|
|
69
69
|
const { name, policy } = value;
|
|
70
70
|
const validationErrors = validateResourceControlPolicy(policy);
|
|
@@ -72,7 +72,7 @@ export async function runSimulation(simulation, simulationOptions) {
|
|
|
72
72
|
resourceControlPolicyErrors[name] = validationErrors;
|
|
73
73
|
}
|
|
74
74
|
else {
|
|
75
|
-
validPolicies.push(loadPolicy(policy));
|
|
75
|
+
validPolicies.push(loadPolicy(policy, { name }));
|
|
76
76
|
}
|
|
77
77
|
});
|
|
78
78
|
return {
|
|
@@ -91,16 +91,31 @@ export async function runSimulation(simulation, simulationOptions) {
|
|
|
91
91
|
const { name, policy } = pb;
|
|
92
92
|
const validationErrors = validateIdentityPolicy(policy);
|
|
93
93
|
if (validationErrors.length == 0) {
|
|
94
|
-
permissionBoundaries.push(loadPolicy(policy));
|
|
94
|
+
permissionBoundaries.push(loadPolicy(policy, { name }));
|
|
95
95
|
}
|
|
96
96
|
else {
|
|
97
97
|
permissionBoundaryErrors[name] = validationErrors;
|
|
98
98
|
}
|
|
99
99
|
});
|
|
100
|
+
const vpcEndpointPolicies = simulation.vpcEndpointPolicies
|
|
101
|
+
? []
|
|
102
|
+
: undefined;
|
|
103
|
+
const vpcEndpointErrors = {};
|
|
104
|
+
simulation.vpcEndpointPolicies?.map((endpointPolicy) => {
|
|
105
|
+
const { name, policy } = endpointPolicy;
|
|
106
|
+
const validationErrors = validateEndpointPolicy(policy);
|
|
107
|
+
if (validationErrors.length == 0) {
|
|
108
|
+
vpcEndpointPolicies.push(loadPolicy(policy, { name }));
|
|
109
|
+
}
|
|
110
|
+
else {
|
|
111
|
+
vpcEndpointErrors[name] = validationErrors;
|
|
112
|
+
}
|
|
113
|
+
});
|
|
100
114
|
if (Object.keys(identityPolicyErrors).length > 0 ||
|
|
101
115
|
Object.keys(serviceControlPolicyErrors).length > 0 ||
|
|
102
116
|
Object.keys(resourceControlPolicyErrors).length > 0 ||
|
|
103
117
|
Object.keys(permissionBoundaryErrors).length > 0 ||
|
|
118
|
+
Object.keys(vpcEndpointErrors).length > 0 ||
|
|
104
119
|
resourcePolicyErrors.length > 0) {
|
|
105
120
|
return {
|
|
106
121
|
errors: {
|
|
@@ -109,12 +124,13 @@ export async function runSimulation(simulation, simulationOptions) {
|
|
|
109
124
|
resourceControlPolicyErrors,
|
|
110
125
|
resourcePolicyErrors,
|
|
111
126
|
permissionBoundaryErrors,
|
|
127
|
+
vpcEndpointErrors,
|
|
112
128
|
message: 'policy.errors'
|
|
113
129
|
}
|
|
114
130
|
};
|
|
115
131
|
}
|
|
116
132
|
const resourcePolicy = simulation.resourcePolicy
|
|
117
|
-
? loadPolicy(simulation.resourcePolicy)
|
|
133
|
+
? loadPolicy(simulation.resourcePolicy, { name: simulation.resourcePolicy.name })
|
|
118
134
|
: undefined;
|
|
119
135
|
if (simulation.request.action.split(':').length != 2) {
|
|
120
136
|
return {
|
|
@@ -189,6 +205,7 @@ export async function runSimulation(simulation, simulationOptions) {
|
|
|
189
205
|
resourceControlPolicies,
|
|
190
206
|
resourcePolicy,
|
|
191
207
|
permissionBoundaries,
|
|
208
|
+
vpcEndpointPolicies,
|
|
192
209
|
simulationParameters: {
|
|
193
210
|
simulationMode: simulationMode,
|
|
194
211
|
strictConditionKeys: strictConditionKeys
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"simulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC3E,OAAO,EACL,UAAU,
|
|
1
|
+
{"version":3,"file":"simulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/simulationEngine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC3E,OAAO,EACL,UAAU,EACV,sBAAsB,EACtB,sBAAsB,EACtB,6BAA6B,EAC7B,sBAAsB,EACtB,4BAA4B,EAE7B,MAAM,2BAA2B,CAAA;AAClC,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAA;AACxE,OAAO,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAA;AAC3F,OAAO,EACL,SAAS,EAIT,oBAAoB,EACrB,MAAM,uCAAuC,CAAA;AAE9C,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAA;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAA;AACzD,OAAO,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAA;AAC5E,OAAO,EAAE,4BAA4B,EAAE,MAAM,kBAAkB,CAAA;AAI/D,MAAM,WAAW,GAAG;IAClB,IAAI,EAAE,kBAAkB;IACxB,MAAM,EAAE;QACN,OAAO,EAAE,YAAY;QACrB,SAAS,EAAE;YACT;gBACE,MAAM,EAAE,OAAO;gBACf,SAAS,EAAE,GAAG;gBACd,MAAM,EAAE,GAAG;gBACX,QAAQ,EAAE,GAAG;aACd;SACF;KACF;CACF,CAAA;AAmCD;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,UAAsB,EACtB,iBAA6C;IAE7C,MAAM,oBAAoB,GAAsC,EAAE,CAAA;IAClE,MAAM,gBAAgB,GAAqB,EAAE,CAAA;IAC7C,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QAC5C,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,KAAK,CAAA;QAC9B,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAA;QACvD,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACjC,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;QACrD,CAAC;aAAM,CAAC;YACN,oBAAoB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAA;QAC/C,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,0BAA0B,GAAsC,EAAE,CAAA;IACxE,MAAM,sBAAsB,GAAsB,UAAU,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QAC9F,MAAM,IAAI,GAAG,GAAG,CAAC,aAAa,CAAA;QAC9B,MAAM,aAAa,GAAqB,EAAE,CAAA;QAE1C,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;YAC7B,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,KAAK,CAAA;YAC9B,MAAM,gBAAgB,GAAG,4BAA4B,CAAC,MAAM,CAAC,CAAA;YAC7D,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAChC,0BAA0B,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAA;YACrD,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;YAClD,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,QAAQ,EAAE,aAAa;SACxB,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,2BAA2B,GAAsC,EAAE,CAAA;IACzE,MAAM,uBAAuB,GAAsB,UAAU,CAAC,uBAAuB,CAAC,GAAG,CACvF,CAAC,GAAG,EAAE,EAAE;QACN,MAAM,IAAI,GAAG,GAAG,CAAC,aAAa,CAAA;QAC9B,MAAM,aAAa,GAAqB,EAAE,CAAA;QAC1C,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,CAAA;QAE9E,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;YAC7B,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,KAAK,CAAA;YAC9B,MAAM,gBAAgB,GAAG,6BAA6B,CAAC,MAAM,CAAC,CAAA;YAC9D,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAChC,2BAA2B,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAA;YACtD,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;YAClD,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,QAAQ,EAAE,aAAa;SACxB,CAAA;IACH,CAAC,CACF,CAAA;IAED,MAAM,oBAAoB,GAAG,UAAU,CAAC,cAAc;QACpD,CAAC,CAAC,sBAAsB,CAAC,UAAU,CAAC,cAAc,CAAC;QACnD,CAAC,CAAC,EAAE,CAAA;IAEN,MAAM,oBAAoB,GAAiC,UAAU,CAAC,0BAA0B;QAC9F,CAAC,CAAC,EAAE;QACJ,CAAC,CAAC,SAAS,CAAA;IACb,MAAM,wBAAwB,GAAsC,EAAE,CAAA;IACtE,UAAU,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE;QAChD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,CAAA;QAC3B,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAA;QACvD,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACjC,oBAAqB,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;QAC1D,CAAC;aAAM,CAAC;YACN,wBAAwB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAA;QACnD,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,mBAAmB,GAAiC,UAAU,CAAC,mBAAmB;QACtF,CAAC,CAAC,EAAE;QACJ,CAAC,CAAC,SAAS,CAAA;IACb,MAAM,iBAAiB,GAAsC,EAAE,CAAA;IAC/D,UAAU,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC,cAAc,EAAE,EAAE;QACrD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,cAAc,CAAA;QACvC,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAA;QACvD,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACjC,mBAAoB,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;QACzD,CAAC;aAAM,CAAC;YACN,iBAAiB,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAA;QAC5C,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,IACE,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,MAAM,GAAG,CAAC;QAC5C,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC,MAAM,GAAG,CAAC;QAClD,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,MAAM,GAAG,CAAC;QACnD,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,MAAM,GAAG,CAAC;QAChD,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,GAAG,CAAC;QACzC,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAC/B,CAAC;QACD,OAAO;YACL,MAAM,EAAE;gBACN,oBAAoB;gBACpB,0BAA0B,EAAE,0BAA0B;gBACtD,2BAA2B;gBAC3B,oBAAoB;gBACpB,wBAAwB;gBACxB,iBAAiB;gBACjB,OAAO,EAAE,eAAe;aACzB;SACF,CAAA;IACH,CAAC;IAED,MAAM,cAAc,GAAG,UAAU,CAAC,cAAc;QAC9C,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,cAAc,EAAE,EAAE,IAAI,EAAE,UAAU,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;QACjF,CAAC,CAAC,SAAS,CAAA;IAEb,IAAI,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACrD,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,gBAAgB;aAC1B;SACF,CAAA;IACH,CAAC;IAED,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC9D,MAAM,YAAY,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAA;IACpD,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,iBAAiB;aAC3B;SACF,CAAA;IACH,CAAC;IACD,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IAC1D,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO;YACL,MAAM,EAAE;gBACN,OAAO,EAAE,gBAAgB;aAC1B;SACF,CAAA;IACH,CAAC;IAED,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAA;IACxD,MAAM,oBAAoB,GAAG,MAAM,oBAAoB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IACxE,IAAI,YAAY,GAAuB,SAAS,CAAA;IAChD,IAAI,oBAAoB,EAAE,CAAC;QACzB,IAAI,WAAW,KAAK,GAAG,EAAE,CAAC;YACxB,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,mBAAmB;iBAC7B;aACF,CAAA;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,aAAa,GAAG,MAAM,yBAAyB,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAA;QACnF,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,mBAAmB;iBAC7B;aACF,CAAA;QACH,CAAC;aAAM,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,MAAM,EAAE;oBACN,OAAO,EAAE,yBAAyB;iBACnC;aACF,CAAA;QACH,CAAC;aAAM,CAAC;YACN,YAAY,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,GAAG,CAAA;QACrC,CAAC;IACH,CAAC;IAED,MAAM,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,GAAG,MAAM,6BAA6B,CAAC,UAAU,CAAC,CAAA;IAElG,MAAM,cAAc,GAAG,oBAAoB,CAAC,QAAQ,CAClD,iBAAiB,CAAC,cAAgC,CACnD;QACC,CAAC,CAAE,iBAAiB,CAAC,cAAiC;QACtD,CAAC,CAAC,QAAQ,CAAA;IAEZ,MAAM,mBAAmB,GACvB,cAAc,KAAK,WAAW;QAC5B,CAAC,CAAC,IAAI,GAAG,CAAC,iBAAiB,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;QACnF,CAAC,CAAC,IAAI,GAAG,EAAU,CAAA;IAEvB,MAAM,gBAAgB,GAAG,SAAS,CAAC;QACjC,OAAO,EAAE,IAAI,cAAc,CACzB,UAAU,CAAC,OAAO,CAAC,SAAS,EAC5B;YACE,QAAQ,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ;YAC9C,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS;SACjD,EACD,UAAU,CAAC,OAAO,CAAC,MAAM,EACzB,IAAI,kBAAkB,CAAC,kBAAkB,CAAC,CAC3C;QACD,gBAAgB;QAChB,sBAAsB;QACtB,uBAAuB;QACvB,cAAc;QACd,oBAAoB;QACpB,mBAAmB;QACnB,oBAAoB,EAAE;YACpB,cAAc,EAAE,cAAc;YAC9B,mBAAmB,EAAE,mBAAmB;SACzC;KACF,CAAC,CAAA;IAEF,OAAO;QACL,QAAQ,EAAE,gBAAgB;QAC1B,kBAAkB;QAClB,YAAY;KACb,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,6BAA6B,CAAC,UAAsB;IAIxE,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC9D,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAA;IACxD,MAAM,yBAAyB,GAAG,IAAI,GAAG,CACvC,MAAM,4BAA4B,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CACjE,CAAA;IAED,4FAA4F;IAC5F,MAAM,kBAAkB,GAAsC,EAAE,CAAA;IAChE,MAAM,kBAAkB,GAAa,EAAE,CAAA;IACvC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACnE,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAA;QACtD,MAAM,YAAY,GAAG,GAAG,CAAC,WAAW,EAAE,CAAA;QACtC,IACE,yBAAyB,CAAC,GAAG,CAAC,YAAY,CAAC;YAC3C,uBAAuB,CAAC,YAAY,EAAE,yBAAyB,CAAC,EAChE,CAAC;YACD,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,YAAY,CAAC,CAAA;YAC3D,MAAM,aAAa,GAAG,MAAM,uBAAuB,CAAC,GAAG,CAAC,CAAA;YAExD,IAAI,mBAAmB,CAAC,aAAa,CAAC,EAAE,CAAC;gBACvC,kBAAkB,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAA;YACpD,CAAC;iBAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChC,kBAAkB,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;YAC9C,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,aAAa,CAAC,GAAG,KAAK,CAAA;YAC3C,CAAC;QACH,CAAC;aAAM,CAAC;YACN,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC9B,CAAC;IACH,CAAC;IAED,OAAO;QACL,kBAAkB;QAClB,kBAAkB;KACnB,CAAA;AACH,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,uBAAuB,CAAC,YAAoB,EAAE,gBAA6B;IAClF,MAAM,eAAe,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACjD,IAAI,eAAe,KAAK,CAAC,CAAC,EAAE,CAAC;QAC3B,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,GAAG,CAAC,CAAC,CAAA;IACzD,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;QACxC,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAChC,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"unsafeSimulationEngine.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/unsafeSimulationEngine.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AAGtD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAE1D;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CACjC,UAAU,EAAE,UAAU,EACtB,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAC5C,gBAAgB,
|
|
1
|
+
{"version":3,"file":"unsafeSimulationEngine.d.ts","sourceRoot":"","sources":["../../../src/simulation_engine/unsafeSimulationEngine.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AAGtD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAE1D;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CACjC,UAAU,EAAE,UAAU,EACtB,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAC5C,gBAAgB,CAyDlB"}
|
|
@@ -11,10 +11,10 @@ import { RequestContextImpl } from '../requestContext.js';
|
|
|
11
11
|
* @returns The result of the simulation.
|
|
12
12
|
*/
|
|
13
13
|
export function runUnsafeSimulation(simulation, simulationOptions) {
|
|
14
|
-
const identityPolicies = Object.values(simulation.identityPolicies).map((p) => loadPolicy(p.policy));
|
|
14
|
+
const identityPolicies = Object.values(simulation.identityPolicies).map((p) => loadPolicy(p.policy, { name: p.name }));
|
|
15
15
|
const serviceControlPolicies = simulation.serviceControlPolicies.map((scp) => {
|
|
16
16
|
const ouId = scp.orgIdentifier;
|
|
17
|
-
const policies = scp.policies.map((val) => loadPolicy(val.policy));
|
|
17
|
+
const policies = scp.policies.map((val) => loadPolicy(val.policy, { name: val.name }));
|
|
18
18
|
return {
|
|
19
19
|
orgIdentifier: ouId,
|
|
20
20
|
policies: policies
|
|
@@ -22,13 +22,13 @@ export function runUnsafeSimulation(simulation, simulationOptions) {
|
|
|
22
22
|
});
|
|
23
23
|
const resourceControlPolicies = simulation.resourceControlPolicies.map((rcp) => {
|
|
24
24
|
const ouId = rcp.orgIdentifier;
|
|
25
|
-
const policies = rcp.policies.map((val) => loadPolicy(val.policy));
|
|
25
|
+
const policies = rcp.policies.map((val) => loadPolicy(val.policy, { name: val.name }));
|
|
26
26
|
return {
|
|
27
27
|
orgIdentifier: ouId,
|
|
28
28
|
policies: policies
|
|
29
29
|
};
|
|
30
30
|
});
|
|
31
|
-
const permissionBoundaries = simulation.permissionBoundaryPolicies?.map((val) => loadPolicy(val.policy)) ?? undefined;
|
|
31
|
+
const permissionBoundaries = simulation.permissionBoundaryPolicies?.map((val) => loadPolicy(val.policy, { name: val.name })) ?? undefined;
|
|
32
32
|
const requestContext = new RequestContextImpl(simulation.request.contextVariables);
|
|
33
33
|
const request = new AwsRequestImpl(simulation.request.principal, {
|
|
34
34
|
resource: simulation.request.resource.resource,
|
|
@@ -41,6 +41,7 @@ export function runUnsafeSimulation(simulation, simulationOptions) {
|
|
|
41
41
|
resourceControlPolicies,
|
|
42
42
|
resourcePolicy: simulation.resourcePolicy ? loadPolicy(simulation.resourcePolicy) : undefined,
|
|
43
43
|
permissionBoundaries,
|
|
44
|
+
vpcEndpointPolicies: undefined,
|
|
44
45
|
simulationParameters: {
|
|
45
46
|
simulationMode: 'Strict',
|
|
46
47
|
strictConditionKeys: new Set()
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"unsafeSimulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/unsafeSimulationEngine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAA;AACtD,OAAO,EAAE,SAAS,EAAmB,MAAM,uCAAuC,CAAA;AAElF,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAA;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAA;AAIzD;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CACjC,UAAsB,EACtB,iBAA6C;IAE7C,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAC5E,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,
|
|
1
|
+
{"version":3,"file":"unsafeSimulationEngine.js","sourceRoot":"","sources":["../../../src/simulation_engine/unsafeSimulationEngine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAA;AACtD,OAAO,EAAE,SAAS,EAAmB,MAAM,uCAAuC,CAAA;AAElF,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAA;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAA;AAIzD;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CACjC,UAAsB,EACtB,iBAA6C;IAE7C,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAC5E,UAAU,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CACvC,CAAA;IACD,MAAM,sBAAsB,GAAsB,UAAU,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QAC9F,MAAM,IAAI,GAAG,GAAG,CAAC,aAAa,CAAA;QAC9B,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAA;QAEtF,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,QAAQ,EAAE,QAAQ;SACnB,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,uBAAuB,GAAsB,UAAU,CAAC,uBAAuB,CAAC,GAAG,CACvF,CAAC,GAAG,EAAE,EAAE;QACN,MAAM,IAAI,GAAG,GAAG,CAAC,aAAa,CAAA;QAC9B,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAA;QAEtF,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,QAAQ,EAAE,QAAQ;SACnB,CAAA;IACH,CAAC,CACF,CAAA;IAED,MAAM,oBAAoB,GACxB,UAAU,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CACjD,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAC3C,IAAI,SAAS,CAAA;IAEhB,MAAM,cAAc,GAAG,IAAI,kBAAkB,CAAC,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;IAClF,MAAM,OAAO,GAAG,IAAI,cAAc,CAChC,UAAU,CAAC,OAAO,CAAC,SAAS,EAC5B;QACE,QAAQ,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ;QAC9C,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS;KACjD,EACD,UAAU,CAAC,OAAO,CAAC,MAAM,EACzB,cAAc,CACf,CAAA;IAED,MAAM,QAAQ,GAAG,SAAS,CAAC;QACzB,OAAO;QACP,gBAAgB;QAChB,sBAAsB;QACtB,uBAAuB;QACvB,cAAc,EAAE,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS;QAC7F,oBAAoB;QACpB,mBAAmB,EAAE,SAAS;QAC9B,oBAAoB,EAAE;YACpB,cAAc,EAAE,QAAQ;YACxB,mBAAmB,EAAE,IAAI,GAAG,EAAE;SAC/B;KACF,CAAC,CAAA;IAEF,OAAO,QAAQ,CAAC,MAAM,CAAA;AACxB,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cloud-copilot/iam-simulate",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.55",
|
|
4
4
|
"description": "Simulate evaluation of AWS IAM policies",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -50,7 +50,7 @@
|
|
|
50
50
|
},
|
|
51
51
|
"dependencies": {
|
|
52
52
|
"@cloud-copilot/iam-data": ">=0.8.0 <1.0.0",
|
|
53
|
-
"@cloud-copilot/iam-policy": "^0.1.
|
|
53
|
+
"@cloud-copilot/iam-policy": "^0.1.35",
|
|
54
54
|
"@cloud-copilot/iam-utils": "^0.1.7"
|
|
55
55
|
},
|
|
56
56
|
"prettier": "@cloud-copilot/prettier-config",
|