@composurecdk/iam 0.3.6 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +2 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/managed-policy-builder.d.ts +1 -1
- package/dist/managed-policy-builder.d.ts.map +1 -1
- package/dist/managed-policy-builder.js +3 -3
- package/dist/managed-policy-builder.js.map +1 -1
- package/dist/role-builder.d.ts +2 -2
- package/dist/role-builder.d.ts.map +1 -1
- package/dist/role-builder.js +3 -3
- package/dist/role-builder.js.map +1 -1
- package/dist/statement-builder.d.ts +1 -10
- package/dist/statement-builder.d.ts.map +1 -1
- package/dist/statement-builder.js +35 -35
- package/dist/statement-builder.js.map +1 -1
- package/package.json +2 -2
package/dist/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
export { createRoleBuilder, type IRoleBuilder, type RoleBuilderResult } from "./role-builder.js";
|
|
1
|
+
export { createRoleBuilder, type IRoleBuilder, type RoleBuilderProps, type RoleBuilderResult, } from "./role-builder.js";
|
|
2
2
|
export { ROLE_DEFAULTS } from "./role-defaults.js";
|
|
3
|
-
export { createManagedPolicyBuilder, type IManagedPolicyBuilder, type ManagedPolicyBuilderResult, } from "./managed-policy-builder.js";
|
|
3
|
+
export { createManagedPolicyBuilder, type IManagedPolicyBuilder, type ManagedPolicyBuilderProps, type ManagedPolicyBuilderResult, } from "./managed-policy-builder.js";
|
|
4
4
|
export { createServiceRoleBuilder } from "./service-role-builder.js";
|
|
5
5
|
export { createStatementBuilder, StatementBuilder, WildcardResourceError, } from "./statement-builder.js";
|
|
6
6
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,iBAAiB,EACjB,KAAK,YAAY,EACjB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,GACvB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EACL,0BAA0B,EAC1B,KAAK,qBAAqB,EAC1B,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,GAChC,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,wBAAwB,EAAE,MAAM,2BAA2B,CAAC;AACrE,OAAO,EACL,sBAAsB,EACtB,gBAAgB,EAChB,qBAAqB,GACtB,MAAM,wBAAwB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { createRoleBuilder } from "./role-builder.js";
|
|
1
|
+
export { createRoleBuilder, } from "./role-builder.js";
|
|
2
2
|
export { ROLE_DEFAULTS } from "./role-defaults.js";
|
|
3
3
|
export { createManagedPolicyBuilder, } from "./managed-policy-builder.js";
|
|
4
4
|
export { createServiceRoleBuilder } from "./service-role-builder.js";
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,iBAAiB,GAIlB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EACL,0BAA0B,GAI3B,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,wBAAwB,EAAE,MAAM,2BAA2B,CAAC;AACrE,OAAO,EACL,sBAAsB,EACtB,gBAAgB,EAChB,qBAAqB,GACtB,MAAM,wBAAwB,CAAC"}
|
|
@@ -37,8 +37,8 @@ export interface ManagedPolicyBuilderResult {
|
|
|
37
37
|
*/
|
|
38
38
|
export type IManagedPolicyBuilder = IBuilder<ManagedPolicyBuilderProps, ManagedPolicyBuilder>;
|
|
39
39
|
declare class ManagedPolicyBuilder implements Lifecycle<ManagedPolicyBuilderResult> {
|
|
40
|
+
#private;
|
|
40
41
|
props: Partial<ManagedPolicyBuilderProps>;
|
|
41
|
-
private readonly _extraStatements;
|
|
42
42
|
/**
|
|
43
43
|
* Append policy statements to the managed policy.
|
|
44
44
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"managed-policy-builder.d.ts","sourceRoot":"","sources":["../src/managed-policy-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,KAAK,kBAAkB,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAC9F,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAW,KAAK,QAAQ,EAAE,KAAK,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC5E,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAE1D;;;;;;GAMG;AACH,MAAM,MAAM,yBAAyB,GAAG,kBAAkB,CAAC;AAE3D;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC,0DAA0D;IAC1D,MAAM,EAAE,aAAa,CAAC;CACvB;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,MAAM,qBAAqB,GAAG,QAAQ,CAAC,yBAAyB,EAAE,oBAAoB,CAAC,CAAC;AAE9F,cAAM,oBAAqB,YAAW,SAAS,CAAC,0BAA0B,CAAC
|
|
1
|
+
{"version":3,"file":"managed-policy-builder.d.ts","sourceRoot":"","sources":["../src/managed-policy-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,KAAK,kBAAkB,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAC9F,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAW,KAAK,QAAQ,EAAE,KAAK,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC5E,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAE1D;;;;;;GAMG;AACH,MAAM,MAAM,yBAAyB,GAAG,kBAAkB,CAAC;AAE3D;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC,0DAA0D;IAC1D,MAAM,EAAE,aAAa,CAAC;CACvB;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,MAAM,qBAAqB,GAAG,QAAQ,CAAC,yBAAyB,EAAE,oBAAoB,CAAC,CAAC;AAE9F,cAAM,oBAAqB,YAAW,SAAS,CAAC,0BAA0B,CAAC;;IACzE,KAAK,EAAE,OAAO,CAAC,yBAAyB,CAAC,CAAM;IAG/C;;;;;;OAMG;IACH,aAAa,CAAC,UAAU,EAAE,CAAC,eAAe,GAAG,gBAAgB,CAAC,EAAE,GAAG,IAAI;IAKvE,KAAK,CAAC,KAAK,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,GAAG,0BAA0B;CAajE;AAED;;;;;GAKG;AACH,wBAAgB,0BAA0B,IAAI,qBAAqB,CAElE"}
|
|
@@ -3,7 +3,7 @@ import { Builder } from "@composurecdk/core";
|
|
|
3
3
|
import { StatementBuilder } from "./statement-builder.js";
|
|
4
4
|
class ManagedPolicyBuilder {
|
|
5
5
|
props = {};
|
|
6
|
-
|
|
6
|
+
#extraStatements = [];
|
|
7
7
|
/**
|
|
8
8
|
* Append policy statements to the managed policy.
|
|
9
9
|
*
|
|
@@ -12,11 +12,11 @@ class ManagedPolicyBuilder {
|
|
|
12
12
|
* validation runs at the composition boundary.
|
|
13
13
|
*/
|
|
14
14
|
addStatements(statements) {
|
|
15
|
-
this.
|
|
15
|
+
this.#extraStatements.push(...statements);
|
|
16
16
|
return this;
|
|
17
17
|
}
|
|
18
18
|
build(scope, id) {
|
|
19
|
-
const resolvedExtras = this.
|
|
19
|
+
const resolvedExtras = this.#extraStatements.map((s) => s instanceof StatementBuilder ? s.build() : s);
|
|
20
20
|
const mergedProps = {
|
|
21
21
|
...this.props,
|
|
22
22
|
statements: [...(this.props.statements ?? []), ...resolvedExtras],
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"managed-policy-builder.js","sourceRoot":"","sources":["../src/managed-policy-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAA4C,MAAM,qBAAqB,CAAC;AAE9F,OAAO,EAAE,OAAO,EAAiC,MAAM,oBAAoB,CAAC;AAC5E,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAuC1D,MAAM,oBAAoB;IACxB,KAAK,GAAuC,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"managed-policy-builder.js","sourceRoot":"","sources":["../src/managed-policy-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAA4C,MAAM,qBAAqB,CAAC;AAE9F,OAAO,EAAE,OAAO,EAAiC,MAAM,oBAAoB,CAAC;AAC5E,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAuC1D,MAAM,oBAAoB;IACxB,KAAK,GAAuC,EAAE,CAAC;IACtC,gBAAgB,GAA2C,EAAE,CAAC;IAEvE;;;;;;OAMG;IACH,aAAa,CAAC,UAAkD;QAC9D,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC;QAC1C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,KAAiB,EAAE,EAAU;QACjC,MAAM,cAAc,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACrD,CAAC,YAAY,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAC9C,CAAC;QAEF,MAAM,WAAW,GAAuB;YACtC,GAAG,IAAI,CAAC,KAAK;YACb,UAAU,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC,EAAE,GAAG,cAAc,CAAC;SAClE,CAAC;QAEF,MAAM,MAAM,GAAG,IAAI,aAAa,CAAC,KAAK,EAAE,EAAE,EAAE,WAAW,CAAC,CAAC;QACzD,OAAO,EAAE,MAAM,EAAE,CAAC;IACpB,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,UAAU,0BAA0B;IACxC,OAAO,OAAO,CAAkD,oBAAoB,CAAC,CAAC;AACxF,CAAC"}
|
package/dist/role-builder.d.ts
CHANGED
|
@@ -10,7 +10,7 @@ import { StatementBuilder } from "./statement-builder.js";
|
|
|
10
10
|
* so boundary policies built by sibling components can be referenced at
|
|
11
11
|
* configuration time.
|
|
12
12
|
*/
|
|
13
|
-
interface RoleBuilderProps extends Omit<RoleProps, "permissionsBoundary"> {
|
|
13
|
+
export interface RoleBuilderProps extends Omit<RoleProps, "permissionsBoundary"> {
|
|
14
14
|
/**
|
|
15
15
|
* A permissions boundary that caps the maximum permissions this role
|
|
16
16
|
* can ever grant, regardless of inline or managed policies attached.
|
|
@@ -76,8 +76,8 @@ export interface RoleBuilderResult {
|
|
|
76
76
|
*/
|
|
77
77
|
export type IRoleBuilder = IBuilder<RoleBuilderProps, RoleBuilder>;
|
|
78
78
|
declare class RoleBuilder implements Lifecycle<RoleBuilderResult> {
|
|
79
|
+
#private;
|
|
79
80
|
props: Partial<RoleBuilderProps>;
|
|
80
|
-
private readonly _inlinePolicies;
|
|
81
81
|
/**
|
|
82
82
|
* Append an inline policy to the role, embedded in the underlying
|
|
83
83
|
* `AWS::IAM::Role` resource's `Policies` array. The policy name becomes
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"role-builder.d.ts","sourceRoot":"","sources":["../src/role-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,cAAc,EACnB,cAAc,EACd,eAAe,EACf,IAAI,EACJ,KAAK,SAAS,EACf,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAEL,KAAK,QAAQ,EACb,KAAK,SAAS,EAEd,KAAK,UAAU,EAChB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAE1D;;;;;;;GAOG;AACH,
|
|
1
|
+
{"version":3,"file":"role-builder.d.ts","sourceRoot":"","sources":["../src/role-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,cAAc,EACnB,cAAc,EACd,eAAe,EACf,IAAI,EACJ,KAAK,SAAS,EACf,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAEL,KAAK,QAAQ,EACb,KAAK,SAAS,EAEd,KAAK,UAAU,EAChB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAE1D;;;;;;;GAOG;AACH,MAAM,WAAW,gBAAiB,SAAQ,IAAI,CAAC,SAAS,EAAE,qBAAqB,CAAC;IAC9E;;;;;;;;OAQG;IACH,mBAAmB,CAAC,EAAE,UAAU,CAAC,cAAc,CAAC,CAAC;CAClD;AAED;;;;;GAKG;AACH,MAAM,WAAW,iBAAiB;IAChC,qDAAqD;IACrD,IAAI,EAAE,IAAI,CAAC;IAEX;;;;;;;;;;;OAWG;IACH,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CAChD;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,MAAM,YAAY,GAAG,QAAQ,CAAC,gBAAgB,EAAE,WAAW,CAAC,CAAC;AAOnE,cAAM,WAAY,YAAW,SAAS,CAAC,iBAAiB,CAAC;;IACvD,KAAK,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAM;IAGtC;;;;;;;;;;OAUG;IACH,yBAAyB,CACvB,IAAI,EAAE,MAAM,EACZ,UAAU,EAAE,CAAC,eAAe,GAAG,gBAAgB,CAAC,EAAE,GACjD,IAAI;IAKP,KAAK,CAAC,KAAK,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,EAAE,OAAO,GAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAM,GAAG,iBAAiB;CA8C9F;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,iBAAiB,IAAI,YAAY,CAEhD"}
|
package/dist/role-builder.js
CHANGED
|
@@ -4,7 +4,7 @@ import { ROLE_DEFAULTS } from "./role-defaults.js";
|
|
|
4
4
|
import { StatementBuilder } from "./statement-builder.js";
|
|
5
5
|
class RoleBuilder {
|
|
6
6
|
props = {};
|
|
7
|
-
|
|
7
|
+
#inlinePolicies = [];
|
|
8
8
|
/**
|
|
9
9
|
* Append an inline policy to the role, embedded in the underlying
|
|
10
10
|
* `AWS::IAM::Role` resource's `Policies` array. The policy name becomes
|
|
@@ -17,7 +17,7 @@ class RoleBuilder {
|
|
|
17
17
|
* rather than at configuration time).
|
|
18
18
|
*/
|
|
19
19
|
addInlinePolicyStatements(name, statements) {
|
|
20
|
-
this.
|
|
20
|
+
this.#inlinePolicies.push({ name, statements });
|
|
21
21
|
return this;
|
|
22
22
|
}
|
|
23
23
|
build(scope, id, context = {}) {
|
|
@@ -30,7 +30,7 @@ class RoleBuilder {
|
|
|
30
30
|
? resolve(permissionsBoundary, context)
|
|
31
31
|
: undefined;
|
|
32
32
|
const addedInlinePolicies = {};
|
|
33
|
-
for (const entry of this
|
|
33
|
+
for (const entry of this.#inlinePolicies) {
|
|
34
34
|
const resolvedStatements = entry.statements.map((s) => s instanceof StatementBuilder ? s.build() : s);
|
|
35
35
|
addedInlinePolicies[entry.name] = new PolicyDocument({ statements: resolvedStatements });
|
|
36
36
|
}
|
package/dist/role-builder.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"role-builder.js","sourceRoot":"","sources":["../src/role-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,cAAc,EAEd,IAAI,GAEL,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,OAAO,EAGP,OAAO,GAER,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAoF1D,MAAM,WAAW;IACf,KAAK,GAA8B,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"role-builder.js","sourceRoot":"","sources":["../src/role-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,cAAc,EAEd,IAAI,GAEL,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,OAAO,EAGP,OAAO,GAER,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAoF1D,MAAM,WAAW;IACf,KAAK,GAA8B,EAAE,CAAC;IAC7B,eAAe,GAAwB,EAAE,CAAC;IAEnD;;;;;;;;;;OAUG;IACH,yBAAyB,CACvB,IAAY,EACZ,UAAkD;QAElD,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;QAChD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,KAAiB,EAAE,EAAU,EAAE,UAAkC,EAAE;QACvE,MAAM,EACJ,mBAAmB,EACnB,SAAS,EACT,cAAc,EAAE,mBAAmB,EACnC,GAAG,IAAI,EACR,GAAG,IAAI,CAAC,KAAK,CAAC;QAEf,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACb,gBAAgB,EAAE,mDAAmD;gBACnE,gDAAgD,CACnD,CAAC;QACJ,CAAC;QAED,MAAM,gBAAgB,GAAG,mBAAmB;YAC1C,CAAC,CAAC,OAAO,CAAC,mBAAmB,EAAE,OAAO,CAAC;YACvC,CAAC,CAAC,SAAS,CAAC;QAEd,MAAM,mBAAmB,GAAmC,EAAE,CAAC;QAC/D,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzC,MAAM,kBAAkB,GAAG,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACpD,CAAC,YAAY,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAC9C,CAAC;YACF,mBAAmB,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,cAAc,CAAC,EAAE,UAAU,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3F,CAAC;QAED,MAAM,oBAAoB,GAAmC;YAC3D,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAC;YAC9B,GAAG,mBAAmB;SACvB,CAAC;QAEF,MAAM,WAAW,GAAc;YAC7B,GAAG,aAAa;YAChB,GAAG,IAAI;YACP,SAAS;YACT,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,MAAM,GAAG,CAAC;gBAC9C,CAAC,CAAC,EAAE,cAAc,EAAE,oBAAoB,EAAE;gBAC1C,CAAC,CAAC,EAAE,CAAC;YACP,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACvE,CAAC;QAEF,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,KAAK,EAAE,EAAE,EAAE,WAAW,CAAC,CAAC;QAE9C,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,mBAAmB,EAAE,CAAC;IACvD,CAAC;CACF;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,OAAO,CAAgC,WAAW,CAAC,CAAC;AAC7D,CAAC"}
|
|
@@ -40,16 +40,7 @@ export declare class WildcardResourceError extends Error {
|
|
|
40
40
|
* ```
|
|
41
41
|
*/
|
|
42
42
|
export declare class StatementBuilder {
|
|
43
|
-
private
|
|
44
|
-
private _effect;
|
|
45
|
-
private _actions;
|
|
46
|
-
private _notActions;
|
|
47
|
-
private _resources;
|
|
48
|
-
private _notResources;
|
|
49
|
-
private _principals;
|
|
50
|
-
private _notPrincipals;
|
|
51
|
-
private _conditions?;
|
|
52
|
-
private _allowWildcardResources;
|
|
43
|
+
#private;
|
|
53
44
|
sid(sid: string): this;
|
|
54
45
|
allow(): this;
|
|
55
46
|
deny(): this;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"statement-builder.d.ts","sourceRoot":"","sources":["../src/statement-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,MAAM,EACN,KAAK,UAAU,EACf,eAAe,EAEhB,MAAM,qBAAqB,CAAC;AAE7B;;;;;;;;;GASG;AACH,qBAAa,qBAAsB,SAAQ,KAAK;gBAClC,GAAG,CAAC,EAAE,MAAM;CAOzB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,qBAAa,gBAAgB
|
|
1
|
+
{"version":3,"file":"statement-builder.d.ts","sourceRoot":"","sources":["../src/statement-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,MAAM,EACN,KAAK,UAAU,EACf,eAAe,EAEhB,MAAM,qBAAqB,CAAC;AAE7B;;;;;;;;;GASG;AACH,qBAAa,qBAAsB,SAAQ,KAAK;gBAClC,GAAG,CAAC,EAAE,MAAM;CAOzB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,qBAAa,gBAAgB;;IAY3B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAKtB,KAAK,IAAI,IAAI;IAKb,IAAI,IAAI,IAAI;IAKZ,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAK5B,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI;IAKhC,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI;IAKnC,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,IAAI;IAKpC,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,IAAI;IAKvC,UAAU,CAAC,UAAU,EAAE,UAAU,EAAE,GAAG,IAAI;IAK1C,aAAa,CAAC,UAAU,EAAE,UAAU,EAAE,GAAG,IAAI;IAK7C,UAAU,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,GAAG,IAAI;IAKrE;;;;;;;;;;OAUG;IACH,sBAAsB,CAAC,KAAK,UAAO,GAAG,IAAI;IAK1C;;;;;OAKG;IACH,KAAK,IAAI,eAAe;CAuBzB;AAED;;;;;;GAMG;AACH,wBAAgB,sBAAsB,IAAI,gBAAgB,CAEzD"}
|
|
@@ -44,58 +44,58 @@ export class WildcardResourceError extends Error {
|
|
|
44
44
|
* ```
|
|
45
45
|
*/
|
|
46
46
|
export class StatementBuilder {
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
47
|
+
#sid;
|
|
48
|
+
#effect = Effect.ALLOW;
|
|
49
|
+
#actions = [];
|
|
50
|
+
#notActions = [];
|
|
51
|
+
#resources = [];
|
|
52
|
+
#notResources = [];
|
|
53
|
+
#principals = [];
|
|
54
|
+
#notPrincipals = [];
|
|
55
|
+
#conditions;
|
|
56
|
+
#allowWildcardResources = false;
|
|
57
57
|
sid(sid) {
|
|
58
|
-
this
|
|
58
|
+
this.#sid = sid;
|
|
59
59
|
return this;
|
|
60
60
|
}
|
|
61
61
|
allow() {
|
|
62
|
-
this
|
|
62
|
+
this.#effect = Effect.ALLOW;
|
|
63
63
|
return this;
|
|
64
64
|
}
|
|
65
65
|
deny() {
|
|
66
|
-
this
|
|
66
|
+
this.#effect = Effect.DENY;
|
|
67
67
|
return this;
|
|
68
68
|
}
|
|
69
69
|
effect(effect) {
|
|
70
|
-
this
|
|
70
|
+
this.#effect = effect;
|
|
71
71
|
return this;
|
|
72
72
|
}
|
|
73
73
|
actions(actions) {
|
|
74
|
-
this
|
|
74
|
+
this.#actions = [...actions];
|
|
75
75
|
return this;
|
|
76
76
|
}
|
|
77
77
|
notActions(actions) {
|
|
78
|
-
this
|
|
78
|
+
this.#notActions = [...actions];
|
|
79
79
|
return this;
|
|
80
80
|
}
|
|
81
81
|
resources(resources) {
|
|
82
|
-
this
|
|
82
|
+
this.#resources = [...resources];
|
|
83
83
|
return this;
|
|
84
84
|
}
|
|
85
85
|
notResources(resources) {
|
|
86
|
-
this
|
|
86
|
+
this.#notResources = [...resources];
|
|
87
87
|
return this;
|
|
88
88
|
}
|
|
89
89
|
principals(principals) {
|
|
90
|
-
this
|
|
90
|
+
this.#principals = [...principals];
|
|
91
91
|
return this;
|
|
92
92
|
}
|
|
93
93
|
notPrincipals(principals) {
|
|
94
|
-
this
|
|
94
|
+
this.#notPrincipals = [...principals];
|
|
95
95
|
return this;
|
|
96
96
|
}
|
|
97
97
|
conditions(conditions) {
|
|
98
|
-
this
|
|
98
|
+
this.#conditions = { ...conditions };
|
|
99
99
|
return this;
|
|
100
100
|
}
|
|
101
101
|
/**
|
|
@@ -110,7 +110,7 @@ export class StatementBuilder {
|
|
|
110
110
|
* @see https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
|
|
111
111
|
*/
|
|
112
112
|
allowWildcardResources(allow = true) {
|
|
113
|
-
this
|
|
113
|
+
this.#allowWildcardResources = allow;
|
|
114
114
|
return this;
|
|
115
115
|
}
|
|
116
116
|
/**
|
|
@@ -120,21 +120,21 @@ export class StatementBuilder {
|
|
|
120
120
|
* wildcard resource and wildcard resources have not been opted in to.
|
|
121
121
|
*/
|
|
122
122
|
build() {
|
|
123
|
-
if (this
|
|
124
|
-
!this
|
|
125
|
-
this.
|
|
126
|
-
throw new WildcardResourceError(this
|
|
123
|
+
if (this.#effect === Effect.ALLOW &&
|
|
124
|
+
!this.#allowWildcardResources &&
|
|
125
|
+
this.#resources.some((r) => r === "*")) {
|
|
126
|
+
throw new WildcardResourceError(this.#sid);
|
|
127
127
|
}
|
|
128
128
|
const props = {
|
|
129
|
-
sid: this
|
|
130
|
-
effect: this
|
|
131
|
-
actions: this.
|
|
132
|
-
notActions: this.
|
|
133
|
-
resources: this.
|
|
134
|
-
notResources: this.
|
|
135
|
-
principals: this.
|
|
136
|
-
notPrincipals: this.
|
|
137
|
-
conditions: this
|
|
129
|
+
sid: this.#sid,
|
|
130
|
+
effect: this.#effect,
|
|
131
|
+
actions: this.#actions.length > 0 ? this.#actions : undefined,
|
|
132
|
+
notActions: this.#notActions.length > 0 ? this.#notActions : undefined,
|
|
133
|
+
resources: this.#resources.length > 0 ? this.#resources : undefined,
|
|
134
|
+
notResources: this.#notResources.length > 0 ? this.#notResources : undefined,
|
|
135
|
+
principals: this.#principals.length > 0 ? this.#principals : undefined,
|
|
136
|
+
notPrincipals: this.#notPrincipals.length > 0 ? this.#notPrincipals : undefined,
|
|
137
|
+
conditions: this.#conditions,
|
|
138
138
|
};
|
|
139
139
|
return new PolicyStatement(props);
|
|
140
140
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"statement-builder.js","sourceRoot":"","sources":["../src/statement-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,MAAM,EAEN,eAAe,GAEhB,MAAM,qBAAqB,CAAC;AAE7B;;;;;;;;;GASG;AACH,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAC9C,YAAY,GAAY;QACtB,KAAK,CACH,kBAAkB,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,oDAAoD;YAC1F,gFAAgF,CACnF,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,MAAM,OAAO,gBAAgB;
|
|
1
|
+
{"version":3,"file":"statement-builder.js","sourceRoot":"","sources":["../src/statement-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,MAAM,EAEN,eAAe,GAEhB,MAAM,qBAAqB,CAAC;AAE7B;;;;;;;;;GASG;AACH,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAC9C,YAAY,GAAY;QACtB,KAAK,CACH,kBAAkB,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,oDAAoD;YAC1F,gFAAgF,CACnF,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,MAAM,OAAO,gBAAgB;IAC3B,IAAI,CAAU;IACd,OAAO,GAAW,MAAM,CAAC,KAAK,CAAC;IAC/B,QAAQ,GAAa,EAAE,CAAC;IACxB,WAAW,GAAa,EAAE,CAAC;IAC3B,UAAU,GAAa,EAAE,CAAC;IAC1B,aAAa,GAAa,EAAE,CAAC;IAC7B,WAAW,GAAiB,EAAE,CAAC;IAC/B,cAAc,GAAiB,EAAE,CAAC;IAClC,WAAW,CAA2C;IACtD,uBAAuB,GAAG,KAAK,CAAC;IAEhC,GAAG,CAAC,GAAW;QACb,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;QAChB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK;QACH,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC;QAC5B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI;QACF,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC;QAC3B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,MAAc;QACnB,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,OAAiB;QACvB,IAAI,CAAC,QAAQ,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC;QAC7B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,UAAU,CAAC,OAAiB;QAC1B,IAAI,CAAC,WAAW,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC;QAChC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,SAAS,CAAC,SAAmB;QAC3B,IAAI,CAAC,UAAU,GAAG,CAAC,GAAG,SAAS,CAAC,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,YAAY,CAAC,SAAmB;QAC9B,IAAI,CAAC,aAAa,GAAG,CAAC,GAAG,SAAS,CAAC,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,UAAU,CAAC,UAAwB;QACjC,IAAI,CAAC,WAAW,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,aAAa,CAAC,UAAwB;QACpC,IAAI,CAAC,cAAc,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC;QACtC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,UAAU,CAAC,UAAmD;QAC5D,IAAI,CAAC,WAAW,GAAG,EAAE,GAAG,UAAU,EAAE,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;;;;OAUG;IACH,sBAAsB,CAAC,KAAK,GAAG,IAAI;QACjC,IAAI,CAAC,uBAAuB,GAAG,KAAK,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;OAKG;IACH,KAAK;QACH,IACE,IAAI,CAAC,OAAO,KAAK,MAAM,CAAC,KAAK;YAC7B,CAAC,IAAI,CAAC,uBAAuB;YAC7B,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,GAAG,CAAC,EACtC,CAAC;YACD,MAAM,IAAI,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7C,CAAC;QAED,MAAM,KAAK,GAAyB;YAClC,GAAG,EAAE,IAAI,CAAC,IAAI;YACd,MAAM,EAAE,IAAI,CAAC,OAAO;YACpB,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;YAC7D,UAAU,EAAE,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;YACtE,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;YACnE,YAAY,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;YAC5E,UAAU,EAAE,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;YACtE,aAAa,EAAE,IAAI,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;YAC/E,UAAU,EAAE,IAAI,CAAC,WAAW;SAC7B,CAAC;QAEF,OAAO,IAAI,eAAe,CAAC,KAAK,CAAC,CAAC;IACpC,CAAC;CACF;AAED;;;;;;GAMG;AACH,MAAM,UAAU,sBAAsB;IACpC,OAAO,IAAI,gBAAgB,EAAE,CAAC;AAChC,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@composurecdk/iam",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.4.1",
|
|
4
4
|
"description": "Composable IAM role, policy, and statement builders with well-architected defaults",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -35,7 +35,7 @@
|
|
|
35
35
|
},
|
|
36
36
|
"type": "module",
|
|
37
37
|
"peerDependencies": {
|
|
38
|
-
"@composurecdk/core": "^0.
|
|
38
|
+
"@composurecdk/core": "^0.4.0",
|
|
39
39
|
"aws-cdk-lib": "^2.0.0",
|
|
40
40
|
"constructs": "^10.0.0"
|
|
41
41
|
},
|