@cloud-copilot/iam-data
Version:
89 lines • 4.22 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.findConditionKey = findConditionKey;
const conditionKeys_js_1 = require("./conditionKeys.js");
const data_js_1 = require("./data.js");
const globalConditionKeys_js_1 = require("./globalConditionKeys.js");
const services_js_1 = require("./services.js");
/**
* Get the service prefixes to search for a condition key
*
* @param servicePrefix the original service prefix from the condition key
* @returns an array of service prefixes to search
*/
async function getServicePrefixes(servicePrefix) {
// Check if the service exists
const serviceExists = await (0, services_js_1.iamServiceExists)(servicePrefix);
if (serviceExists) {
return [servicePrefix];
}
// Service doesn't exist, check unassociated conditions
const unassociatedConditions = await (0, data_js_1.readUnassociatedConditions)();
return unassociatedConditions[servicePrefix] || [];
}
/**
* Find the details for a condition key if it exists. This will check both global condition
* keys and service specific condition keys. If @param conditionKey matches a condition key that
* contains a variable it will return the matching condition key.
*
* If no match can be found, it will return undefined.
*
* @param conditionKey the condition key to find, is case insensitive
*/
async function findConditionKey(conditionKey) {
const normalizedConditionKey = conditionKey.toLowerCase();
// If it starts with 'aws', check global condition keys
if (normalizedConditionKey.startsWith('aws:')) {
// First check for exact match in global condition keys
const exactGlobalMatch = (0, globalConditionKeys_js_1.getGlobalConditionKeyByName)(normalizedConditionKey);
if (exactGlobalMatch) {
return exactGlobalMatch;
}
// Then check global condition keys with variables (like aws:PrincipalTag/tag-key)
const slashIndex = normalizedConditionKey.indexOf('/');
if (slashIndex !== -1) {
const prefix = normalizedConditionKey.substring(0, slashIndex);
const variableGlobalMatch = (0, globalConditionKeys_js_1.getGlobalConditionKeyByPrefix)(prefix);
if (variableGlobalMatch && conditionKey.length > prefix.length + 1) {
return variableGlobalMatch;
}
}
return undefined;
}
// If it doesn't start with 'aws', extract the service prefix
const colonIndex = normalizedConditionKey.indexOf(':');
if (colonIndex === -1) {
return undefined; // No service prefix found
}
const servicePrefix = normalizedConditionKey.substring(0, colonIndex);
// Get all service prefixes to search
const servicesToSearch = await getServicePrefixes(servicePrefix);
if (servicesToSearch.length === 0) {
return undefined; // No services found for this condition prefix
}
// Check each service for the condition key
for (const service of servicesToSearch) {
// Check for exact match in service condition keys
const hasConditionKey = await (0, conditionKeys_js_1.iamConditionKeyExists)(service, normalizedConditionKey);
if (hasConditionKey) {
return await (0, conditionKeys_js_1.iamConditionKeyDetails)(service, normalizedConditionKey);
}
}
// Last resort: check condition patterns
const conditionPatterns = await (0, data_js_1.readConditionPatterns)();
const servicePatterns = conditionPatterns[servicePrefix];
if (servicePatterns) {
for (const [patternStr, templateKey] of Object.entries(servicePatterns)) {
const regex = new RegExp(`^${patternStr}$`, 'i');
if (regex.test(normalizedConditionKey)) {
// Found a pattern match, try to get the template condition key
const hasTemplateKey = await (0, conditionKeys_js_1.iamConditionKeyExists)(servicePrefix, templateKey);
if (hasTemplateKey) {
return await (0, conditionKeys_js_1.iamConditionKeyDetails)(servicePrefix, templateKey);
}
}
}
}
return undefined;
}
//# sourceMappingURL=findConditionKey.js.map