npm - @cloud-copilot/iam-utils - Versions diffs - 0.0.1 → 0.0.3 - Mend

@cloud-copilot/iam-utils 0.0.1 → 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

package/README.md +3 -0
package/dist/cjs/arn.d.ts +26 -0
package/dist/cjs/arn.d.ts.map +1 -0
package/dist/cjs/arn.js +67 -0
package/dist/cjs/arn.js.map +1 -0
package/dist/cjs/index.d.ts +3 -0
package/dist/cjs/index.d.ts.map +1 -0
package/dist/cjs/index.js +12 -0
package/dist/cjs/index.js.map +1 -0
package/dist/cjs/package.json +3 -0
package/dist/cjs/principals.d.ts +37 -0
package/dist/cjs/principals.d.ts.map +1 -0
package/dist/cjs/principals.js +62 -0
package/dist/cjs/principals.js.map +1 -0
package/dist/esm/arn.d.ts +26 -0
package/dist/esm/arn.d.ts.map +1 -0
package/dist/esm/arn.js +63 -0
package/dist/esm/arn.js.map +1 -0
package/dist/esm/index.d.ts +3 -0
package/dist/esm/index.d.ts.map +1 -0
package/dist/esm/index.js +3 -0
package/dist/esm/index.js.map +1 -0
package/dist/esm/package.json +3 -0
package/dist/esm/principals.d.ts +37 -0
package/dist/esm/principals.d.ts.map +1 -0
package/{src/principals.ts → dist/esm/principals.js} +19 -26
package/dist/esm/principals.js.map +1 -0
package/package.json +12 -2
package/.github/workflows/guarddog.yml +0 -31
package/.github/workflows/pr-checks.yml +0 -86
package/.github/workflows/release.yml +0 -33
package/.github/workflows/update-dependencies.yml +0 -16
package/postbuild.sh +0 -11
package/src/arn.test.ts +0 -126
package/src/arn.ts +0 -81
package/src/index.ts +0 -7
package/src/principals.test.ts +0 -183
package/tsconfig.cjs.json +0 -11
package/tsconfig.esm.json +0 -14
package/tsconfig.json +0 -26

package/README.md ADDED Viewed

@@ -0,0 +1,3 @@
+# iam-utils
+[![NPM Version](https://img.shields.io/npm/v/@cloud-copilot/iam-utils.svg?logo=nodedotjs)](https://www.npmjs.com/package/@cloud-copilot/iam-utils) [![License: AGPL v3](https://img.shields.io/github/license/cloud-copilot/iam-utils)](LICENSE.txt) [![GuardDog](https://github.com/cloud-copilot/iam-utils/actions/workflows/guarddog.yml/badge.svg)](https://github.com/cloud-copilot/iam-utils/actions/workflows/guarddog.yml) [![Known Vulnerabilities](https://snyk.io/test/github/cloud-copilot/iam-utils/badge.svg?targetFile=package.json&style=flat-square)](https://snyk.io/test/github/cloud-copilot/iam-utils?targetFile=package.json)

package/dist/cjs/arn.d.ts ADDED Viewed

@@ -0,0 +1,26 @@
+export interface ArnParts {
+    partition: string | undefined;
+    service: string | undefined;
+    region: string | undefined;
+    accountId: string | undefined;
+    resource: string | undefined;
+    resourceType: string | undefined;
+    resourcePath: string | undefined;
+}
+/**
+ * Split an ARN into its parts
+ *
+ * @param arn the arn to split
+ * @returns the parts of the ARN
+ */
+export declare function splitArnParts(arn: string): ArnParts;
+/**
+ * Get the product/id segments of the resource portion of an ARN.
+ * The first segment is the product segment and the second segment is the resource id segment.
+ * This could be split by a colon or a slash, so it checks for both. It also checks for S3 buckets/objects.
+ *
+ * @param resource The resource to get the resource segments. Must be an ARN resource.
+ * @returns a tuple with the first segment being the product segment (without the separator) and the second segment being the resource id.
+ */
+export declare function getResourceSegments(service: string, accountId: string, region: string, resourceString: string): [string, string];
+//# sourceMappingURL=arn.d.ts.map

package/dist/cjs/arn.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"arn.d.ts","sourceRoot":"","sources":["../../src/arn.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,QAAQ;IACvB,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,OAAO,EAAE,MAAM,GAAG,SAAS,CAAA;IAC3B,MAAM,EAAE,MAAM,GAAG,SAAS,CAAA;IAC1B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;IAC5B,YAAY,EAAE,MAAM,GAAG,SAAS,CAAA;IAChC,YAAY,EAAE,MAAM,GAAG,SAAS,CAAA;CACjC;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,QAAQ,CAkBnD;AAED;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,MAAM,GACrB,CAAC,MAAM,EAAE,MAAM,CAAC,CA+BlB"}

package/dist/cjs/arn.js ADDED Viewed

@@ -0,0 +1,67 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.splitArnParts = splitArnParts;
+exports.getResourceSegments = getResourceSegments;
+/**
+ * Split an ARN into its parts
+ *
+ * @param arn the arn to split
+ * @returns the parts of the ARN
+ */
+function splitArnParts(arn) {
+    const parts = arn.split(':');
+    const partition = parts.at(1);
+    const service = parts.at(2);
+    const region = parts.at(3);
+    const accountId = parts.at(4);
+    const resource = parts.slice(5).join(':');
+    const [resourceType, resourcePath] = getResourceSegments(service, accountId, region, resource);
+    return {
+        partition,
+        service,
+        region,
+        accountId,
+        resource,
+        resourceType,
+        resourcePath
+    };
+}
+/**
+ * Get the product/id segments of the resource portion of an ARN.
+ * The first segment is the product segment and the second segment is the resource id segment.
+ * This could be split by a colon or a slash, so it checks for both. It also checks for S3 buckets/objects.
+ *
+ * @param resource The resource to get the resource segments. Must be an ARN resource.
+ * @returns a tuple with the first segment being the product segment (without the separator) and the second segment being the resource id.
+ */
+function getResourceSegments(service, accountId, region, resourceString) {
+    // This is terrible, and I hate it
+    if ((service === 's3' && accountId === '' && region === '') ||
+        service === 'sns' ||
+        service === 'sqs') {
+        return ['', resourceString];
+    }
+    if (resourceString.startsWith('/')) {
+        resourceString = resourceString.slice(1);
+    }
+    const slashIndex = resourceString.indexOf('/');
+    const colonIndex = resourceString.indexOf(':');
+    let splitIndex = slashIndex;
+    if (slashIndex != -1 && colonIndex != -1) {
+        splitIndex = Math.min(slashIndex, colonIndex) + 1;
+    }
+    else if (slashIndex == -1 && colonIndex == -1) {
+        splitIndex = resourceString.length + 1;
+    }
+    else if (colonIndex == -1) {
+        splitIndex = slashIndex + 1;
+    }
+    else if (slashIndex == -1) {
+        splitIndex = colonIndex + 1;
+    }
+    else {
+        throw new Error(`Unable to split resource ${resourceString}`);
+    }
+    return [resourceString.slice(0, splitIndex - 1), resourceString.slice(splitIndex)];
+}
+//# sourceMappingURL=arn.js.map

package/dist/cjs/arn.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"arn.js","sourceRoot":"","sources":["../../src/arn.ts"],"names":[],"mappings":";;AAgBA,sCAkBC;AAUD,kDAoCC;AAtED;;;;;GAKG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC5B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC7B,MAAM,OAAO,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IAC5B,MAAM,MAAM,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IAC3B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IAC9B,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,GAAG,mBAAmB,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAA;IAE9F,OAAO;QACL,SAAS;QACT,OAAO;QACP,MAAM;QACN,SAAS;QACT,QAAQ;QACR,YAAY;QACZ,YAAY;KACb,CAAA;AACH,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,mBAAmB,CACjC,OAAe,EACf,SAAiB,EACjB,MAAc,EACd,cAAsB;IAEtB,kCAAkC;IAClC,IACE,CAAC,OAAO,KAAK,IAAI,IAAI,SAAS,KAAK,EAAE,IAAI,MAAM,KAAK,EAAE,CAAC;QACvD,OAAO,KAAK,KAAK;QACjB,OAAO,KAAK,KAAK,EACjB,CAAC;QACD,OAAO,CAAC,EAAE,EAAE,cAAc,CAAC,CAAA;IAC7B,CAAC;IAED,IAAI,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,cAAc,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAC1C,CAAC;IAED,MAAM,UAAU,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAC9C,MAAM,UAAU,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAE9C,IAAI,UAAU,GAAG,UAAU,CAAA;IAC3B,IAAI,UAAU,IAAI,CAAC,CAAC,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QACzC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,CAAA;IACnD,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAChD,UAAU,GAAG,cAAc,CAAC,MAAM,GAAG,CAAC,CAAA;IACxC,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,4BAA4B,cAAc,EAAE,CAAC,CAAA;IAC/D,CAAC;IAED,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,GAAG,CAAC,CAAC,EAAE,cAAc,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAA;AACpF,CAAC"}

package/dist/cjs/index.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export { getResourceSegments, splitArnParts, type ArnParts } from './arn';
+export { convertAssumedRoleArnToRoleArn, convertRoleArnToAssumedRoleArn, isAssumedRoleArn, isIamUserArn } from './principals';
+//# sourceMappingURL=index.d.ts.map

package/dist/cjs/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,aAAa,EAAE,KAAK,QAAQ,EAAE,MAAM,OAAO,CAAA;AACzE,OAAO,EACL,8BAA8B,EAC9B,8BAA8B,EAC9B,gBAAgB,EAChB,YAAY,EACb,MAAM,cAAc,CAAA"}

package/dist/cjs/index.js ADDED Viewed

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isIamUserArn = exports.isAssumedRoleArn = exports.convertRoleArnToAssumedRoleArn = exports.convertAssumedRoleArnToRoleArn = exports.splitArnParts = exports.getResourceSegments = void 0;
+var arn_1 = require("./arn");
+Object.defineProperty(exports, "getResourceSegments", { enumerable: true, get: function () { return arn_1.getResourceSegments; } });
+Object.defineProperty(exports, "splitArnParts", { enumerable: true, get: function () { return arn_1.splitArnParts; } });
+var principals_1 = require("./principals");
+Object.defineProperty(exports, "convertAssumedRoleArnToRoleArn", { enumerable: true, get: function () { return principals_1.convertAssumedRoleArnToRoleArn; } });
+Object.defineProperty(exports, "convertRoleArnToAssumedRoleArn", { enumerable: true, get: function () { return principals_1.convertRoleArnToAssumedRoleArn; } });
+Object.defineProperty(exports, "isAssumedRoleArn", { enumerable: true, get: function () { return principals_1.isAssumedRoleArn; } });
+Object.defineProperty(exports, "isIamUserArn", { enumerable: true, get: function () { return principals_1.isIamUserArn; } });
+//# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAAA,6BAAyE;AAAhE,0GAAA,mBAAmB,OAAA;AAAE,oGAAA,aAAa,OAAA;AAC3C,2CAKqB;AAJnB,4HAAA,8BAA8B,OAAA;AAC9B,4HAAA,8BAA8B,OAAA;AAC9B,8GAAA,gBAAgB,OAAA;AAChB,0GAAA,YAAY,OAAA"}

package/dist/cjs/package.json ADDED Viewed

@@ -0,0 +1,3 @@
+{
+    "type": "commonjs"
+}

package/dist/cjs/principals.d.ts ADDED Viewed

@@ -0,0 +1,37 @@
+/**
+ * Transform an assumed role session ARN into a role ARN
+ *
+ * @param assumedRoleArn the assumed role session ARN
+ * @returns the role ARN for the assumed role session
+ */
+export declare function convertAssumedRoleArnToRoleArn(assumedRoleArn: string): string;
+/**
+ * Create an assumed role ARN from a role ARN and a session name
+ *
+ * @param roleArn the role ARN to create an assumed role ARN from
+ * @param sessionName the session name to use
+ * @returns the assumed role ARN
+ */
+export declare function convertRoleArnToAssumedRoleArn(roleArn: string, sessionName: string): string;
+/**
+ * Tests if a principal string is an assumed role ARN
+ *
+ * @param principal the principal string to test
+ * @returns true if the principal is an assumed role ARN, false otherwise
+ */
+export declare function isAssumedRoleArn(principal: string): boolean;
+/**
+ * Test if a principal string is an IAM user ARN
+ *
+ * @param principal the principal string to test
+ * @returns true if the principal is an IAM user ARN, false otherwise
+ */
+export declare function isIamUserArn(principal: string): boolean;
+/**
+ * Test if a principal string is a federated user ARN
+ *
+ * @param principal the principal string to test
+ * @returns true if the principal is a federated user ARN, false otherwise
+ */
+export declare function isFederatedUserArn(principal: string): boolean;
+//# sourceMappingURL=principals.d.ts.map

package/dist/cjs/principals.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"principals.d.ts","sourceRoot":"","sources":["../../src/principals.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,wBAAgB,8BAA8B,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,CAI7E;AAED;;;;;;GAMG;AACH,wBAAgB,8BAA8B,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,MAAM,CAI3F;AAID;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAE3D;AAID;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAEvD;AAID;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAE7D"}

package/dist/cjs/principals.js ADDED Viewed

@@ -0,0 +1,62 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.convertAssumedRoleArnToRoleArn = convertAssumedRoleArnToRoleArn;
+exports.convertRoleArnToAssumedRoleArn = convertRoleArnToAssumedRoleArn;
+exports.isAssumedRoleArn = isAssumedRoleArn;
+exports.isIamUserArn = isIamUserArn;
+exports.isFederatedUserArn = isFederatedUserArn;
+const arn_js_1 = require("./arn.js");
+/**
+ * Transform an assumed role session ARN into a role ARN
+ *
+ * @param assumedRoleArn the assumed role session ARN
+ * @returns the role ARN for the assumed role session
+ */
+function convertAssumedRoleArnToRoleArn(assumedRoleArn) {
+    const arnParts = (0, arn_js_1.splitArnParts)(assumedRoleArn);
+    const rolePathAndName = arnParts.resourcePath?.split('/').slice(0, -1).join('/');
+    return `arn:${arnParts.partition}:iam::${arnParts.accountId}:role/${rolePathAndName}`;
+}
+/**
+ * Create an assumed role ARN from a role ARN and a session name
+ *
+ * @param roleArn the role ARN to create an assumed role ARN from
+ * @param sessionName the session name to use
+ * @returns the assumed role ARN
+ */
+function convertRoleArnToAssumedRoleArn(roleArn, sessionName) {
+    const arnParts = (0, arn_js_1.splitArnParts)(roleArn);
+    const rolePathAndName = arnParts.resourcePath;
+    return `arn:${arnParts.partition}:sts::${arnParts.accountId}:assumed-role/${rolePathAndName}/${sessionName}`;
+}
+const assumedRoleArnRegex = /^arn:[a-zA-Z\-]+:sts::\d{12}:assumed-role\/.*$/;
+/**
+ * Tests if a principal string is an assumed role ARN
+ *
+ * @param principal the principal string to test
+ * @returns true if the principal is an assumed role ARN, false otherwise
+ */
+function isAssumedRoleArn(principal) {
+    return assumedRoleArnRegex.test(principal);
+}
+const userArnRegex = /^arn:[a-zA-Z\-]+:iam::\d{12}:user\/.*$/;
+/**
+ * Test if a principal string is an IAM user ARN
+ *
+ * @param principal the principal string to test
+ * @returns true if the principal is an IAM user ARN, false otherwise
+ */
+function isIamUserArn(principal) {
+    return userArnRegex.test(principal);
+}
+const federatedUserArnRegex = /^arn:[a-zA-Z\-]+:sts::\d{12}:federated-user\/.*$/;
+/**
+ * Test if a principal string is a federated user ARN
+ *
+ * @param principal the principal string to test
+ * @returns true if the principal is a federated user ARN, false otherwise
+ */
+function isFederatedUserArn(principal) {
+    return federatedUserArnRegex.test(principal);
+}
+//# sourceMappingURL=principals.js.map

package/dist/cjs/principals.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"principals.js","sourceRoot":"","sources":["../../src/principals.ts"],"names":[],"mappings":";;AAQA,wEAIC;AASD,wEAIC;AAUD,4CAEC;AAUD,oCAEC;AAUD,gDAEC;AA7DD,qCAAwC;AAExC;;;;;GAKG;AACH,SAAgB,8BAA8B,CAAC,cAAsB;IACnE,MAAM,QAAQ,GAAG,IAAA,sBAAa,EAAC,cAAc,CAAC,CAAA;IAC9C,MAAM,eAAe,GAAG,QAAQ,CAAC,YAAY,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAChF,OAAO,OAAO,QAAQ,CAAC,SAAS,SAAS,QAAQ,CAAC,SAAS,SAAS,eAAe,EAAE,CAAA;AACvF,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,8BAA8B,CAAC,OAAe,EAAE,WAAmB;IACjF,MAAM,QAAQ,GAAG,IAAA,sBAAa,EAAC,OAAO,CAAC,CAAA;IACvC,MAAM,eAAe,GAAG,QAAQ,CAAC,YAAY,CAAA;IAC7C,OAAO,OAAO,QAAQ,CAAC,SAAS,SAAS,QAAQ,CAAC,SAAS,iBAAiB,eAAe,IAAI,WAAW,EAAE,CAAA;AAC9G,CAAC;AAED,MAAM,mBAAmB,GAAG,gDAAgD,CAAA;AAE5E;;;;;GAKG;AACH,SAAgB,gBAAgB,CAAC,SAAiB;IAChD,OAAO,mBAAmB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;AAC5C,CAAC;AAED,MAAM,YAAY,GAAG,wCAAwC,CAAA;AAE7D;;;;;GAKG;AACH,SAAgB,YAAY,CAAC,SAAiB;IAC5C,OAAO,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;AACrC,CAAC;AAED,MAAM,qBAAqB,GAAG,kDAAkD,CAAA;AAEhF;;;;;GAKG;AACH,SAAgB,kBAAkB,CAAC,SAAiB;IAClD,OAAO,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;AAC9C,CAAC"}

package/dist/esm/arn.d.ts ADDED Viewed

@@ -0,0 +1,26 @@
+export interface ArnParts {
+    partition: string | undefined;
+    service: string | undefined;
+    region: string | undefined;
+    accountId: string | undefined;
+    resource: string | undefined;
+    resourceType: string | undefined;
+    resourcePath: string | undefined;
+}
+/**
+ * Split an ARN into its parts
+ *
+ * @param arn the arn to split
+ * @returns the parts of the ARN
+ */
+export declare function splitArnParts(arn: string): ArnParts;
+/**
+ * Get the product/id segments of the resource portion of an ARN.
+ * The first segment is the product segment and the second segment is the resource id segment.
+ * This could be split by a colon or a slash, so it checks for both. It also checks for S3 buckets/objects.
+ *
+ * @param resource The resource to get the resource segments. Must be an ARN resource.
+ * @returns a tuple with the first segment being the product segment (without the separator) and the second segment being the resource id.
+ */
+export declare function getResourceSegments(service: string, accountId: string, region: string, resourceString: string): [string, string];
+//# sourceMappingURL=arn.d.ts.map

package/dist/esm/arn.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

package/dist/esm/arn.js ADDED Viewed

@@ -0,0 +1,63 @@
+/**
+ * Split an ARN into its parts
+ *
+ * @param arn the arn to split
+ * @returns the parts of the ARN
+ */
+export function splitArnParts(arn) {
+    const parts = arn.split(':');
+    const partition = parts.at(1);
+    const service = parts.at(2);
+    const region = parts.at(3);
+    const accountId = parts.at(4);
+    const resource = parts.slice(5).join(':');
+    const [resourceType, resourcePath] = getResourceSegments(service, accountId, region, resource);
+    return {
+        partition,
+        service,
+        region,
+        accountId,
+        resource,
+        resourceType,
+        resourcePath
+    };
+}
+/**
+ * Get the product/id segments of the resource portion of an ARN.
+ * The first segment is the product segment and the second segment is the resource id segment.
+ * This could be split by a colon or a slash, so it checks for both. It also checks for S3 buckets/objects.
+ *
+ * @param resource The resource to get the resource segments. Must be an ARN resource.
+ * @returns a tuple with the first segment being the product segment (without the separator) and the second segment being the resource id.
+ */
+export function getResourceSegments(service, accountId, region, resourceString) {
+    // This is terrible, and I hate it
+    if ((service === 's3' && accountId === '' && region === '') ||
+        service === 'sns' ||
+        service === 'sqs') {
+        return ['', resourceString];
+    }
+    if (resourceString.startsWith('/')) {
+        resourceString = resourceString.slice(1);
+    }
+    const slashIndex = resourceString.indexOf('/');
+    const colonIndex = resourceString.indexOf(':');
+    let splitIndex = slashIndex;
+    if (slashIndex != -1 && colonIndex != -1) {
+        splitIndex = Math.min(slashIndex, colonIndex) + 1;
+    }
+    else if (slashIndex == -1 && colonIndex == -1) {
+        splitIndex = resourceString.length + 1;
+    }
+    else if (colonIndex == -1) {
+        splitIndex = slashIndex + 1;
+    }
+    else if (slashIndex == -1) {
+        splitIndex = colonIndex + 1;
+    }
+    else {
+        throw new Error(`Unable to split resource ${resourceString}`);
+    }
+    return [resourceString.slice(0, splitIndex - 1), resourceString.slice(splitIndex)];
+}
+//# sourceMappingURL=arn.js.map

package/dist/esm/arn.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"arn.js","sourceRoot":"","sources":["../../src/arn.ts"],"names":[],"mappings":"AAUA;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC5B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAC7B,MAAM,OAAO,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IAC5B,MAAM,MAAM,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IAC3B,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAE,CAAA;IAC9B,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,GAAG,mBAAmB,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAA;IAE9F,OAAO;QACL,SAAS;QACT,OAAO;QACP,MAAM;QACN,SAAS;QACT,QAAQ;QACR,YAAY;QACZ,YAAY;KACb,CAAA;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CACjC,OAAe,EACf,SAAiB,EACjB,MAAc,EACd,cAAsB;IAEtB,kCAAkC;IAClC,IACE,CAAC,OAAO,KAAK,IAAI,IAAI,SAAS,KAAK,EAAE,IAAI,MAAM,KAAK,EAAE,CAAC;QACvD,OAAO,KAAK,KAAK;QACjB,OAAO,KAAK,KAAK,EACjB,CAAC;QACD,OAAO,CAAC,EAAE,EAAE,cAAc,CAAC,CAAA;IAC7B,CAAC;IAED,IAAI,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,cAAc,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAC1C,CAAC;IAED,MAAM,UAAU,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAC9C,MAAM,UAAU,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAE9C,IAAI,UAAU,GAAG,UAAU,CAAA;IAC3B,IAAI,UAAU,IAAI,CAAC,CAAC,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QACzC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,CAAA;IACnD,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAChD,UAAU,GAAG,cAAc,CAAC,MAAM,GAAG,CAAC,CAAA;IACxC,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,IAAI,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC;QAC5B,UAAU,GAAG,UAAU,GAAG,CAAC,CAAA;IAC7B,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,4BAA4B,cAAc,EAAE,CAAC,CAAA;IAC/D,CAAC;IAED,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,GAAG,CAAC,CAAC,EAAE,cAAc,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAA;AACpF,CAAC"}

package/dist/esm/index.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export { getResourceSegments, splitArnParts, type ArnParts } from './arn';
+export { convertAssumedRoleArnToRoleArn, convertRoleArnToAssumedRoleArn, isAssumedRoleArn, isIamUserArn } from './principals';
+//# sourceMappingURL=index.d.ts.map

package/dist/esm/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,aAAa,EAAE,KAAK,QAAQ,EAAE,MAAM,OAAO,CAAA;AACzE,OAAO,EACL,8BAA8B,EAC9B,8BAA8B,EAC9B,gBAAgB,EAChB,YAAY,EACb,MAAM,cAAc,CAAA"}

package/dist/esm/index.js ADDED Viewed

@@ -0,0 +1,3 @@
+export { getResourceSegments, splitArnParts } from './arn';
+export { convertAssumedRoleArnToRoleArn, convertRoleArnToAssumedRoleArn, isAssumedRoleArn, isIamUserArn } from './principals';
+//# sourceMappingURL=index.js.map

package/dist/esm/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,aAAa,EAAiB,MAAM,OAAO,CAAA;AACzE,OAAO,EACL,8BAA8B,EAC9B,8BAA8B,EAC9B,gBAAgB,EAChB,YAAY,EACb,MAAM,cAAc,CAAA"}

package/dist/esm/package.json ADDED Viewed

@@ -0,0 +1,3 @@
+{
+    "type": "module"
+}

package/dist/esm/principals.d.ts ADDED Viewed

@@ -0,0 +1,37 @@
+/**
+ * Transform an assumed role session ARN into a role ARN
+ *
+ * @param assumedRoleArn the assumed role session ARN
+ * @returns the role ARN for the assumed role session
+ */
+export declare function convertAssumedRoleArnToRoleArn(assumedRoleArn: string): string;
+/**
+ * Create an assumed role ARN from a role ARN and a session name
+ *
+ * @param roleArn the role ARN to create an assumed role ARN from
+ * @param sessionName the session name to use
+ * @returns the assumed role ARN
+ */
+export declare function convertRoleArnToAssumedRoleArn(roleArn: string, sessionName: string): string;
+/**
+ * Tests if a principal string is an assumed role ARN
+ *
+ * @param principal the principal string to test
+ * @returns true if the principal is an assumed role ARN, false otherwise
+ */
+export declare function isAssumedRoleArn(principal: string): boolean;
+/**
+ * Test if a principal string is an IAM user ARN
+ *
+ * @param principal the principal string to test
+ * @returns true if the principal is an IAM user ARN, false otherwise
+ */
+export declare function isIamUserArn(principal: string): boolean;
+/**
+ * Test if a principal string is a federated user ARN
+ *
+ * @param principal the principal string to test
+ * @returns true if the principal is a federated user ARN, false otherwise
+ */
+export declare function isFederatedUserArn(principal: string): boolean;
+//# sourceMappingURL=principals.d.ts.map

package/dist/esm/principals.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

package/{src/principals.ts → dist/esm/principals.js} RENAMED Viewed

@@ -1,17 +1,15 @@
-import { splitArnParts } from './arn.js'
+import { splitArnParts } from './arn.js';
 /**
  * Transform an assumed role session ARN into a role ARN
  *
  * @param assumedRoleArn the assumed role session ARN
  * @returns the role ARN for the assumed role session
  */
-export function convertAssumedRoleArnToRoleArn(assumedRoleArn: string): string {
-  const arnParts = splitArnParts(assumedRoleArn)
-  const rolePathAndName = arnParts.resourcePath?.split('/').slice(0, -1).join('/')
-  return `arn:${arnParts.partition}:iam::${arnParts.accountId}:role/${rolePathAndName}`
+export function convertAssumedRoleArnToRoleArn(assumedRoleArn) {
+    const arnParts = splitArnParts(assumedRoleArn);
+    const rolePathAndName = arnParts.resourcePath?.split('/').slice(0, -1).join('/');
+    return `arn:${arnParts.partition}:iam::${arnParts.accountId}:role/${rolePathAndName}`;
 }
 /**
  * Create an assumed role ARN from a role ARN and a session name
  *
@@ -19,44 +17,39 @@ export function convertAssumedRoleArnToRoleArn(assumedRoleArn: string): string {
  * @param sessionName the session name to use
  * @returns the assumed role ARN
  */
-export function convertRoleArnToAssumedRoleArn(roleArn: string, sessionName: string): string {
-  const arnParts = splitArnParts(roleArn)
-  const rolePathAndName = arnParts.resourcePath
-  return `arn:${arnParts.partition}:sts::${arnParts.accountId}:assumed-role/${rolePathAndName}/${sessionName}`
+export function convertRoleArnToAssumedRoleArn(roleArn, sessionName) {
+    const arnParts = splitArnParts(roleArn);
+    const rolePathAndName = arnParts.resourcePath;
+    return `arn:${arnParts.partition}:sts::${arnParts.accountId}:assumed-role/${rolePathAndName}/${sessionName}`;
 }
-const assumedRoleArnRegex = /^arn:[a-zA-Z\-]+:sts::\d{12}:assumed-role\/.*$/
+const assumedRoleArnRegex = /^arn:[a-zA-Z\-]+:sts::\d{12}:assumed-role\/.*$/;
 /**
  * Tests if a principal string is an assumed role ARN
  *
  * @param principal the principal string to test
  * @returns true if the principal is an assumed role ARN, false otherwise
  */
-export function isAssumedRoleArn(principal: string): boolean {
-  return assumedRoleArnRegex.test(principal)
+export function isAssumedRoleArn(principal) {
+    return assumedRoleArnRegex.test(principal);
 }
-const userArnRegex = /^arn:[a-zA-Z\-]+:iam::\d{12}:user\/.*$/
+const userArnRegex = /^arn:[a-zA-Z\-]+:iam::\d{12}:user\/.*$/;
 /**
  * Test if a principal string is an IAM user ARN
  *
  * @param principal the principal string to test
  * @returns true if the principal is an IAM user ARN, false otherwise
  */
-export function isIamUserArn(principal: string): boolean {
-  return userArnRegex.test(principal)
+export function isIamUserArn(principal) {
+    return userArnRegex.test(principal);
 }
-const federatedUserArnRegex = /^arn:[a-zA-Z\-]+:sts::\d{12}:federated-user\/.*$/
+const federatedUserArnRegex = /^arn:[a-zA-Z\-]+:sts::\d{12}:federated-user\/.*$/;
 /**
  * Test if a principal string is a federated user ARN
  *
  * @param principal the principal string to test
  * @returns true if the principal is a federated user ARN, false otherwise
  */
-export function isFederatedUserArn(principal: string): boolean {
-  return federatedUserArnRegex.test(principal)
+export function isFederatedUserArn(principal) {
+    return federatedUserArnRegex.test(principal);
 }
+//# sourceMappingURL=principals.js.map

package/dist/esm/principals.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"principals.js","sourceRoot":"","sources":["../../src/principals.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAExC;;;;;GAKG;AACH,MAAM,UAAU,8BAA8B,CAAC,cAAsB;IACnE,MAAM,QAAQ,GAAG,aAAa,CAAC,cAAc,CAAC,CAAA;IAC9C,MAAM,eAAe,GAAG,QAAQ,CAAC,YAAY,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAChF,OAAO,OAAO,QAAQ,CAAC,SAAS,SAAS,QAAQ,CAAC,SAAS,SAAS,eAAe,EAAE,CAAA;AACvF,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,8BAA8B,CAAC,OAAe,EAAE,WAAmB;IACjF,MAAM,QAAQ,GAAG,aAAa,CAAC,OAAO,CAAC,CAAA;IACvC,MAAM,eAAe,GAAG,QAAQ,CAAC,YAAY,CAAA;IAC7C,OAAO,OAAO,QAAQ,CAAC,SAAS,SAAS,QAAQ,CAAC,SAAS,iBAAiB,eAAe,IAAI,WAAW,EAAE,CAAA;AAC9G,CAAC;AAED,MAAM,mBAAmB,GAAG,gDAAgD,CAAA;AAE5E;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,SAAiB;IAChD,OAAO,mBAAmB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;AAC5C,CAAC;AAED,MAAM,YAAY,GAAG,wCAAwC,CAAA;AAE7D;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,SAAiB;IAC5C,OAAO,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;AACrC,CAAC;AAED,MAAM,qBAAqB,GAAG,kDAAkD,CAAA;AAEhF;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAAC,SAAiB;IAClD,OAAO,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;AAC9C,CAAC"}

package/package.json CHANGED Viewed

@@ -1,7 +1,17 @@
 {
   "name": "@cloud-copilot/iam-utils",
-  "version": "0.0.1",
-  "description": "",
+  "version": "0.0.3",
+  "description": "Various utilities for working with AWS IAM information",
+  "exports": {
+    ".": {
+      "import": "./dist/esm/index.js",
+      "require": "./dist/cjs/index.js"
+    }
+  },
+  "files": [
+    "dist/**/*"
+  ],
+  "types": "dist/cjs/index.d.ts",
   "keywords": [
     "aws",
     "iam",

package/.github/workflows/guarddog.yml DELETED Viewed

@@ -1,31 +0,0 @@
-name: GuardDog
-on:
-  push:
-    branches:
-      - main
-  workflow_dispatch:
-permissions:
-  contents: read
-jobs:
-  guarddog:
-    permissions:
-      contents: read
-    name: Scan Dependencies and Source Code
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.10'
-      - name: Install GuardDog
-        run: pip install guarddog
-      - run: guarddog npm scan src/ --exit-non-zero-on-finding
-      - run: guarddog npm verify package.json --exclude-rules empty_information --exit-non-zero-on-finding

package/.github/workflows/pr-checks.yml DELETED Viewed

@@ -1,86 +0,0 @@
-name: 'Lint PR'
-on:
-  pull_request_target:
-    types:
-      - opened
-      - edited
-      - synchronize
-      - reopened
-permissions:
-  contents: read
-jobs:
-  main:
-    name: Validate PR title
-    runs-on: ubuntu-latest
-    steps:
-      - uses: amannn/action-semantic-pull-request@v5
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  lint:
-    name: Code Formatting Check
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out the repository
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-      - name: Set up Node
-        uses: actions/setup-node@v4
-        with:
-          node-version: '22'
-      - name: Install dependencies
-        run: npm ci
-      - name: Check Code Formatting
-        run: npm run format-check
-  test:
-    name: Build and Test
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out the repository
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-      - name: Set up Node
-        uses: actions/setup-node@v4
-        with:
-          node-version: '22'
-      - name: Install dependencies
-        run: npm ci
-      - name: Build
-        run: npm run build
-      - name: Check Tests
-        run: npm test
-  guarddog:
-    permissions:
-      contents: read
-    name: GuardDog Check
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out the repository
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.10'
-      - name: Install GuardDog
-        run: pip install guarddog
-      - run: guarddog npm scan src/ --exit-non-zero-on-finding

package/.github/workflows/release.yml DELETED Viewed

@@ -1,33 +0,0 @@
-name: Release
-on:
-  push:
-    branches:
-      - main
-  workflow_dispatch:
-jobs:
-  release:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      issues: write
-    steps:
-      - name: Check out
-        uses: actions/checkout@v4
-      - name: Set up Node
-        uses: actions/setup-node@v4
-        with:
-          node-version: '22'
-      - name: Run semantic-release
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-        run: |
-          npm ci
-          npm run format-check
-          npm run build
-          npm run test
-          npx semantic-release

package/.github/workflows/update-dependencies.yml DELETED Viewed

@@ -1,16 +0,0 @@
-name: Update Dependencies
-on:
-  schedule:
-    - cron: '0 12 * * 6' # Every Saturday at 12:00 PM UTC
-  workflow_dispatch:
-jobs:
-  update-dependencies:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write # Push branches
-      pull-requests: write # Create PRs
-    steps:
-      - name: Run dependency update
-        uses: cloud-copilot/update-dependencies@main

package/postbuild.sh DELETED Viewed

@@ -1,11 +0,0 @@
-cat >dist/cjs/package.json <<!EOF
-{
-    "type": "commonjs"
-}
-!EOF
-cat >dist/esm/package.json <<!EOF
-{
-    "type": "module"
-}
-!EOF

package/src/arn.test.ts DELETED Viewed

@@ -1,126 +0,0 @@
-import { describe, expect, it } from 'vitest'
-import { ArnParts, splitArnParts } from './arn.js'
-const splitArnPartsTests: {
-  name: string
-  arn: string
-  expected: ArnParts
-  only?: boolean
-}[] = [
-  {
-    name: 'should split a full ARN',
-    arn: 'arn:aws:iam::123456789012:user/Development/user1',
-    expected: {
-      partition: 'aws',
-      service: 'iam',
-      region: '',
-      accountId: '123456789012',
-      resource: 'user/Development/user1',
-      resourceType: 'user',
-      resourcePath: 'Development/user1'
-    }
-  },
-  {
-    name: 'should split an S3 bucket ARN',
-    arn: 'arn:aws:s3:::my_corporate_bucket',
-    expected: {
-      partition: 'aws',
-      service: 's3',
-      region: '',
-      accountId: '',
-      resource: 'my_corporate_bucket',
-      resourceType: '',
-      resourcePath: 'my_corporate_bucket'
-    }
-  },
-  {
-    name: 'should split an S3 object ARN',
-    arn: 'arn:aws:s3:::my_corporate_bucket/my_corporate_object.txt',
-    expected: {
-      partition: 'aws',
-      service: 's3',
-      region: '',
-      accountId: '',
-      resource: 'my_corporate_bucket/my_corporate_object.txt',
-      resourceType: '',
-      resourcePath: 'my_corporate_bucket/my_corporate_object.txt'
-    }
-  },
-  {
-    name: 'should split an SNS topic ARN',
-    arn: 'arn:aws:sns:us-east-1:123456789012:MyTopic',
-    expected: {
-      partition: 'aws',
-      service: 'sns',
-      region: 'us-east-1',
-      accountId: '123456789012',
-      resource: 'MyTopic',
-      resourceType: '',
-      resourcePath: 'MyTopic'
-    }
-  },
-  {
-    name: 'should split an SQS queue ARN',
-    arn: 'arn:aws:sqs:us-east-1:123456789012:MyQueue',
-    expected: {
-      partition: 'aws',
-      service: 'sqs',
-      region: 'us-east-1',
-      accountId: '123456789012',
-      resource: 'MyQueue',
-      resourceType: '',
-      resourcePath: 'MyQueue'
-    }
-  },
-  {
-    name: 'should split a Lambda function ARN',
-    arn: 'arn:aws:lambda:us-west-2:123456789012:function:my-function',
-    expected: {
-      partition: 'aws',
-      service: 'lambda',
-      region: 'us-west-2',
-      accountId: '123456789012',
-      resource: 'function:my-function',
-      resourceType: 'function',
-      resourcePath: 'my-function'
-    }
-  },
-  {
-    name: 'rest api ARN',
-    arn: 'arn:aws:apigateway:us-east-1::/restapis/1234567890',
-    expected: {
-      partition: 'aws',
-      service: 'apigateway',
-      region: 'us-east-1',
-      accountId: '',
-      resource: '/restapis/1234567890',
-      resourceType: 'restapis',
-      resourcePath: '1234567890'
-    }
-  },
-  {
-    name: 'should split a glue root catalog ARN',
-    arn: 'arn:aws:glue:us-east-1:111111111111:catalog',
-    expected: {
-      partition: 'aws',
-      service: 'glue',
-      region: 'us-east-1',
-      accountId: '111111111111',
-      resource: 'catalog',
-      resourceType: 'catalog',
-      resourcePath: ''
-    }
-  }
-]
-describe('splitArnParts', () => {
-  for (const test of splitArnPartsTests) {
-    const { name, arn, expected, only } = test
-    const testFn = only ? it.only : it
-    testFn(name, () => {
-      const result = splitArnParts(arn)
-      expect(result).toEqual(expected)
-    })
-  }
-})

package/src/arn.ts DELETED Viewed

@@ -1,81 +0,0 @@
-export interface ArnParts {
-  partition: string | undefined
-  service: string | undefined
-  region: string | undefined
-  accountId: string | undefined
-  resource: string | undefined
-  resourceType: string | undefined
-  resourcePath: string | undefined
-}
-/**
- * Split an ARN into its parts
- *
- * @param arn the arn to split
- * @returns the parts of the ARN
- */
-export function splitArnParts(arn: string): ArnParts {
-  const parts = arn.split(':')
-  const partition = parts.at(1)
-  const service = parts.at(2)!
-  const region = parts.at(3)!
-  const accountId = parts.at(4)!
-  const resource = parts.slice(5).join(':')
-  const [resourceType, resourcePath] = getResourceSegments(service, accountId, region, resource)
-  return {
-    partition,
-    service,
-    region,
-    accountId,
-    resource,
-    resourceType,
-    resourcePath
-  }
-}
-/**
- * Get the product/id segments of the resource portion of an ARN.
- * The first segment is the product segment and the second segment is the resource id segment.
- * This could be split by a colon or a slash, so it checks for both. It also checks for S3 buckets/objects.
- *
- * @param resource The resource to get the resource segments. Must be an ARN resource.
- * @returns a tuple with the first segment being the product segment (without the separator) and the second segment being the resource id.
- */
-export function getResourceSegments(
-  service: string,
-  accountId: string,
-  region: string,
-  resourceString: string
-): [string, string] {
-  // This is terrible, and I hate it
-  if (
-    (service === 's3' && accountId === '' && region === '') ||
-    service === 'sns' ||
-    service === 'sqs'
-  ) {
-    return ['', resourceString]
-  }
-  if (resourceString.startsWith('/')) {
-    resourceString = resourceString.slice(1)
-  }
-  const slashIndex = resourceString.indexOf('/')
-  const colonIndex = resourceString.indexOf(':')
-  let splitIndex = slashIndex
-  if (slashIndex != -1 && colonIndex != -1) {
-    splitIndex = Math.min(slashIndex, colonIndex) + 1
-  } else if (slashIndex == -1 && colonIndex == -1) {
-    splitIndex = resourceString.length + 1
-  } else if (colonIndex == -1) {
-    splitIndex = slashIndex + 1
-  } else if (slashIndex == -1) {
-    splitIndex = colonIndex + 1
-  } else {
-    throw new Error(`Unable to split resource ${resourceString}`)
-  }
-  return [resourceString.slice(0, splitIndex - 1), resourceString.slice(splitIndex)]
-}

package/src/index.ts DELETED Viewed

@@ -1,7 +0,0 @@
-export { getResourceSegments, splitArnParts, type ArnParts } from './arn'
-export {
-  convertAssumedRoleArnToRoleArn,
-  convertRoleArnToAssumedRoleArn,
-  isAssumedRoleArn,
-  isIamUserArn
-} from './principals'

package/src/principals.test.ts DELETED Viewed

@@ -1,183 +0,0 @@
-import { describe, expect, it } from 'vitest'
-import {
-  convertAssumedRoleArnToRoleArn,
-  convertRoleArnToAssumedRoleArn,
-  isAssumedRoleArn,
-  isFederatedUserArn,
-  isIamUserArn
-} from './principals.js'
-describe('convertAssumedRoleArnToRoleArn', () => {
-  it('should return the role ARN from an assumed role ARN', () => {
-    //Given an assumed role ARN
-    const assumedRoleArn = 'arn:aws:sts::123456789012:assumed-role/role-name/session-name'
-    //When we get the role ARN from the assumed role ARN
-    const result = convertAssumedRoleArnToRoleArn(assumedRoleArn)
-    //Then it should return the role ARN
-    expect(result).toBe('arn:aws:iam::123456789012:role/role-name')
-  })
-  it('should return the role ARN from an assumed role ARN with a path', () => {
-    //Given an assumed role ARN
-    const assumedRoleArn = 'arn:aws:sts::123456789012:assumed-role/admin/global-admin/session-name'
-    //When we get the role ARN from the assumed role ARN
-    const result = convertAssumedRoleArnToRoleArn(assumedRoleArn)
-    //Then it should return the role ARN
-    expect(result).toBe('arn:aws:iam::123456789012:role/admin/global-admin')
-  })
-  it('should work in a different partition', () => {
-    //Given an assumed role ARN with a different partition
-    const assumedRoleArn = 'arn:aws-cn:sts::123456789012:assumed-role/role-name/session-name'
-    //When we get the role ARN from the assumed role ARN
-    const result = convertAssumedRoleArnToRoleArn(assumedRoleArn)
-    //Then it should return the role ARN
-    expect(result).toBe('arn:aws-cn:iam::123456789012:role/role-name')
-  })
-})
-describe('convertRoleArnToAssumedRoleArn', () => {
-  it('should return the assumed role ARN from a role ARN', () => {
-    //Given a role ARN
-    const roleArn = 'arn:aws:iam::123456789012:role/role-name'
-    //When we get the assumed role ARN from the role ARN
-    const result = convertRoleArnToAssumedRoleArn(roleArn, 'session-name')
-    //Then it should return the assumed role ARN
-    expect(result).toBe('arn:aws:sts::123456789012:assumed-role/role-name/session-name')
-  })
-  it('should return the assumed role ARN from a role ARN with a path', () => {
-    //Given a role ARN
-    const roleArn = 'arn:aws:iam::123456789012:role/admin/global-admin'
-    //When we get the assumed role ARN from the role ARN
-    const result = convertRoleArnToAssumedRoleArn(roleArn, 'session-name')
-    //Then it should return the assumed role ARN
-    expect(result).toBe('arn:aws:sts::123456789012:assumed-role/admin/global-admin/session-name')
-  })
-  it('should work with a different partition', () => {
-    //Given a role ARN with a different partition
-    const roleArn = 'arn:aws-cn:iam::123456789012:role/role-name'
-    //When we get the assumed role ARN from the role ARN
-    const result = convertRoleArnToAssumedRoleArn(roleArn, 'session-name')
-    //Then it should return the assumed role ARN
-    expect(result).toBe('arn:aws-cn:sts::123456789012:assumed-role/role-name/session-name')
-  })
-})
-describe('isAssumedRoleArn', () => {
-  it('should return true for assumed role ARN', () => {
-    //Given an assumed role ARN
-    const assumedRoleArn = 'arn:aws:sts::123456789012:assumed-role/role-name/session-name'
-    //When we check if it is an assumed role ARN
-    const result = isAssumedRoleArn(assumedRoleArn)
-    //Then it should return true
-    expect(result).toBe(true)
-  })
-  it('should return false for non-assumed role ARN', () => {
-    //Given a non-assumed role ARN
-    const userArn = 'arn:aws:iam::123456789012:user/user-name'
-    //When we check if it is an assumed role ARN
-    const result = isAssumedRoleArn(userArn)
-    //Then it should return false
-    expect(result).toBe(false)
-  })
-  it('should work for a different partition', () => {
-    //Given an assumed role ARN with a different partition
-    const assumedRoleArn = 'arn:aws-cn:sts::123456789012:assumed-role/role-name/session-name'
-    //When we check if it is an assumed role ARN
-    const result = isAssumedRoleArn(assumedRoleArn)
-    //Then it should return true
-    expect(result).toBe(true)
-  })
-})
-describe('isIamUserArn', () => {
-  it('should return true for IAM user ARN', () => {
-    //Given an IAM user ARN
-    const userArn = 'arn:aws:iam::123456789012:user/user-name'
-    //When we check if it is an IAM user ARN
-    const result = isIamUserArn(userArn)
-    //Then it should return true
-    expect(result).toBe(true)
-  })
-  it('should return false for non-IAM user ARN', () => {
-    //Given a non-IAM user ARN
-    const roleArn = 'arn:aws:sts::123456789012:assumed-role/role-name/session-name'
-    //When we check if it is an IAM user ARN
-    const result = isIamUserArn(roleArn)
-    //Then it should return false
-    expect(result).toBe(false)
-  })
-  it('should work for a different partition', () => {
-    //Given an IAM user ARN with a different partition
-    const userArn = 'arn:aws-cn:iam::123456789012:user/user-name'
-    //When we check if it is an IAM user ARN
-    const result = isIamUserArn(userArn)
-    //Then it should return true
-    expect(result).toBe(true)
-  })
-})
-describe('isFederatedUserArn', () => {
-  it('should return true for federated user ARN', () => {
-    //Given a federated user ARN
-    const federatedUserArn = 'arn:aws:sts::123456789012:federated-user/user-name'
-    //When we check if it is a federated user ARN
-    const result = isFederatedUserArn(federatedUserArn)
-    //Then it should return true
-    expect(result).toBe(true)
-  })
-  it('should return false for non-federated user ARN', () => {
-    //Given a non-federated user ARN
-    const roleArn = 'arn:aws:sts::123456789012:assumed-role/role-name/session-name'
-    //When we check if it is a federated user ARN
-    const result = isFederatedUserArn(roleArn)
-    //Then it should return false
-    expect(result).toBe(false)
-  })
-  it('should work for a different partition', () => {
-    //Given a federated user ARN with a different partition
-    const federatedUserArn = 'arn:aws-cn:sts::123456789012:federated-user/user-name'
-    //When we check if it is a federated user ARN
-    const result = isFederatedUserArn(federatedUserArn)
-    //Then it should return true
-    expect(result).toBe(true)
-  })
-})

package/tsconfig.cjs.json DELETED Viewed

@@ -1,11 +0,0 @@
-{
-  "extends": "./tsconfig.json",
-  "include": ["src/**/*"],
-  "exclude": ["**/*.test.ts"],
-  "compilerOptions": {
-    "rootDir": "src",
-    "outDir": "dist/cjs",
-  }
-}

package/tsconfig.esm.json DELETED Viewed

@@ -1,14 +0,0 @@
-{
-  "extends": "./tsconfig.json",
-  "include": ["src/**/*"],
-  "exclude": ["**/*.test.ts"],
-  "compilerOptions": {
-    "target": "ES2020",
-    "module": "ES2020",
-    "moduleResolution": "node",
-    "rootDir": "src",
-    "outDir": "dist/esm"
-  }
-}

package/tsconfig.json DELETED Viewed

@@ -1,26 +0,0 @@
-{
-  "compilerOptions": {
-    "module": "commonjs",
-    "target": "es2022",
-    "outDir": "dist",
-    "rootDir": "src",
-    "sourceMap": true,
-    "strict": true,
-    "declaration": true,
-    "declarationMap": true,
-    "lib": ["es2023", "DOM"],
-    "noUnusedLocals": false,
-    "noUnusedParameters": false,
-    "noImplicitReturns": true,
-    "noFallthroughCasesInSwitch": false,
-    "experimentalDecorators": true,
-    "emitDecoratorMetadata": true,
-    "esModuleInterop": false,
-    "forceConsistentCasingInFileNames": true,
-    "paths": {
-      // workaround for: https://github.com/vitest-dev/vitest/issues/4567
-      "rollup/parseAst": ["./node_modules/rollup/dist/parseAst"]
-    }
-  },
-  "exclude": ["tests", "test", "dist", "bin", "**/bin", "**/dist", "node_modules", "cdk.out"],
-}