@aws-cdk/cloudformation-diff/lib/iam/iam-changes.d.ts

Utilities to diff CDK stacks against CloudFormation templates

import { PropertyScrutinyType, ResourceScrutinyType } from '@aws-cdk/service-spec-types';
import { SsoAssignment, SsoInstanceACAConfig, SsoPermissionSet } from './iam-identity-center';
import type { ManagedPolicyJson } from './managed-policy';
import { ManagedPolicyAttachment } from './managed-policy';
import type { Statement, StatementJson } from './statement';
import type { MaybeParsed } from '../diff/maybe-parsed';
import type { PropertyChange, ResourceChange } from '../diff/types';
import { DiffableCollection } from '../diffable';
export interface IamChangesProps {
    propertyChanges: PropertyChange[];
    resourceChanges: ResourceChange[];
}
/**
 * Changes to IAM statements and IAM identity center
 */
export declare class IamChanges {
    static IamPropertyScrutinies: PropertyScrutinyType[];
    static IamResourceScrutinies: ResourceScrutinyType[];
    readonly statements: DiffableCollection<Statement>;
    readonly managedPolicies: DiffableCollection<ManagedPolicyAttachment>;
    readonly ssoPermissionSets: DiffableCollection<SsoPermissionSet>;
    readonly ssoAssignments: DiffableCollection<SsoAssignment>;
    readonly ssoInstanceACAConfigs: DiffableCollection<SsoInstanceACAConfig>;
    constructor(props: IamChangesProps);
    get hasChanges(): boolean;
    /**
     * Return whether the changes include broadened permissions
     *
     * Permissions are broadened if positive statements are added or
     * negative statements are removed, or if managed policies are added.
     */
    get permissionsBroadened(): boolean;
    /**
     * Return a summary table of changes
     */
    summarizeStatements(): string[][];
    summarizeManagedPolicies(): string[][];
    summarizeSsoAssignments(): string[][];
    summarizeSsoInstanceACAConfigs(): string[][];
    summarizeSsoPermissionSets(): string[][];
    private readPropertyChange;
    private readResourceChange;
    /**
     * Parse a list of policies on an identity
     */
    private readIdentityPolicies;
    /**
     * Parse an IAM::Policy resource
     */
    private readIdentityPolicyResource;
    private readSsoInstanceACAConfigs;
    private readSsoAssignments;
    private readSsoPermissionSet;
    private readResourceStatements;
    /**
     * Parse an AWS::*::{Bucket,Topic,Queue}policy
     */
    private readResourcePolicyResource;
    private readManagedPolicies;
    private readLambdaStatements;
}
export interface IamChangesJson {
    statementAdditions?: Array<MaybeParsed<StatementJson>>;
    statementRemovals?: Array<MaybeParsed<StatementJson>>;
    managedPolicyAdditions?: Array<MaybeParsed<ManagedPolicyJson>>;
    managedPolicyRemovals?: Array<MaybeParsed<ManagedPolicyJson>>;
}