UNPKG

@cloud-copilot/iam-lens

Version:

Visibility in IAM in and across AWS accounts

github.com/cloud-copilot/iam-lens

cloud-copilot/iam-lens

73 lines 3.71 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
import { type BlockedReason, type EvaluationResult, type RequestAnalysis } from '@cloud-copilot/iam-simulate'; import type { DeniedWhoCanExecutionResultWithDetails } from './WhoCanWorker.js'; import type { WhoCanDenyDetail } from './whoCan.js'; /** * A lightweight representation of RequestAnalysis containing only the result fields * of the various policy analyses (identity, resource, SCP, RCP, permission boundary). */ export interface LightResourceAnalysis { result: RequestAnalysis['result']; sameAccount?: boolean; identityAnalysis?: Pick<NonNullable<RequestAnalysis['identityAnalysis']>, 'result'>; resourceAnalysis?: Pick<NonNullable<RequestAnalysis['resourceAnalysis']>, 'result'>; scpAnalysis?: Pick<NonNullable<RequestAnalysis['scpAnalysis']>, 'result'>; rcpAnalysis?: Pick<NonNullable<RequestAnalysis['rcpAnalysis']>, 'result'>; permissionBoundaryAnalysis?: Pick<NonNullable<RequestAnalysis['permissionBoundaryAnalysis']>, 'result'>; blockedBy: Set<BlockedReason>; } /** * A LightResourceAnalysis extended with resource pattern and type information. * Used for wildcard resource analyses to provide details on each matched pattern. */ export interface LightResourceAnalysisWithPattern extends LightResourceAnalysis { /** * The specific resource pattern that was analyzed, most likely found in a policy statement's Resource field. This is used to provide more granular details in wildcard resource analyses, where multiple patterns may match the requested resource. */ pattern: string; /** * The resource type that was tested. */ resourceType: string; } /** * A light request analysis for a single resource. */ export interface SingleResourceLightRequestAnalysis extends LightResourceAnalysis { type: 'single'; overallResult: EvaluationResult; } /** * A light request analysis for a wildcard resource with multiple patterns. * Used for wildcard resource analyses to provide details on each matched pattern. */ export interface WildcardResourceLightRequestAnalysis { type: 'wildcard'; /** * The overall result of the wildcard resource analysis, which is typically a combination of the results of the individual pattern analyses. This provides a high-level summary of whether the requested action is allowed or denied across all matched patterns, while the individual pattern analyses provide more granular details. */ overallResult: EvaluationResult; /** * The details of the analyses for each matched resource pattern/resource type pair. */ patterns: LightResourceAnalysisWithPattern[]; } /** * A light version of RequestAnalysis containing only the result and sameAccount fields, * along with the result fields of the various analyses. */ export type LightRequestAnalysis = SingleResourceLightRequestAnalysis | WildcardResourceLightRequestAnalysis; /** * Convert a full RequestAnalysis to a LightRequestAnalysis. * * @param executionResult - The denied execution result containing the RequestAnalysis to convert * @returns A LightRequestAnalysis with only the essential fields */ export declare function toLightRequestAnalysis(executionResult: DeniedWhoCanExecutionResultWithDetails): LightRequestAnalysis; /** * Gets the denial reasons for a denied SimulationResult. * * @param executionResult - The denied execution result containing the RequestAnalysis with denial reasons * @returns A WhoCanDenyDetail object containing the denial reasons and other details to be returned to the user */ export declare function convertToDenialDetails(executionResult: DeniedWhoCanExecutionResultWithDetails): WhoCanDenyDetail; //# sourceMappingURL=requestAnalysis.d.ts.map