UNPKG

@cloud-copilot/iam-lens

Version:

Visibility in IAM in and across AWS accounts

github.com/cloud-copilot/iam-lens

cloud-copilot/iam-lens

141 lines 4.73 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
import BitSet from 'bitset'; /** * Encode a BitSet into a more compact representation * * @param bitset the BitSet to encode * @returns the encoded representation */ export function encodeBitSet(bitset) { const rawHex = bitset.toString(16); const compressedHex = compressHex(rawHex); const sparseString = ',' + bitset.toArray().join(','); if (sparseString.length < compressedHex.length && sparseString.length < rawHex.length) { return sparseString; } if (compressedHex.length < rawHex.length) { return compressedHex; } return rawHex; } /** * Decode a BitSet from a compact representation * * @param encoded the encoded representation * @returns the decoded BitSet */ export function decodeBitSet(encoded) { if (Array.isArray(encoded)) { const bitset = new BitSet(); bitset.setRange(encoded[0], encoded[1], 1); return bitset; } else if (typeof encoded === 'string') { // Check if it's a sparse array (comma-separated numbers) if (encoded.startsWith(',')) { // It's a sparse array - convert to BitSet const positions = encoded.slice(1).split(',').map(Number); const bitset = new BitSet(); positions.forEach((pos) => bitset.set(pos, 1)); return bitset; } else if (encoded.includes('z')) { // It's compressed hex - decompress first const decompressedHex = decompressHex(encoded); return BitSet.fromHexString(decompressedHex); } else if (encoded === '') { return new BitSet(); } else { // Assume it's raw hex return BitSet.fromHexString(encoded); } } // Handle other formats if needed return BitSet.fromHexString(encoded); } /** * Compress a hexadecimal string by replacing runs of zeros with a compact representation * * @param rawHex the original hexadecimal string * @returns the compressed hexadecimal string */ export function compressHex(rawHex) { const repeatedZeroPattern = /((0){4,})/g; return rawHex.replace(repeatedZeroPattern, (match) => { return `z${match.length} `; }); } /** * Decompress a hexadecimal string * * @param compressedHex the compressed hexadecimal string * @returns the decompressed hexadecimal string */ export function decompressHex(compressedHex) { // Handle the "z" compression pattern (z followed by number of zeros) const zeroPattern = /z(\d+)\s*/g; return compressedHex.replace(zeroPattern, (match, count) => { return '0'.repeat(parseInt(count, 10)); }); } /** * Compress a principal string for storage * * @param principalString the full principal string * @returns the compressed principal string */ export function compressPrincipalString(principalString) { const parts = principalString.split(':'); let accountId = parts[4]; let end = parts.slice(5).join(':'); if (end.startsWith('role/aws-reserved/')) { end = end.replace('role/aws-reserved/', 'ar/'); } else if (end.startsWith('role/aws-service-role/')) { end = end.replace('role/aws-service-role/', 'asr/'); } else if (end.startsWith('role/service-role/')) { end = end.replace('role/service-role/', 'sr/'); } else if (end.startsWith('role/')) { end = end.replace('role/', 'r/'); } else if (end.startsWith('user/')) { end = end.replace('user/', 'u/'); } return `${accountId}:${end}`; } /** * Decompress a principal string * * @param compressedString the compressed principal string * @param prefix the ARN prefix to use * @returns the decompressed principal string */ export function decompressPrincipalString(compressedString, prefix = 'arn:aws:iam::') { const parts = compressedString.split(':'); if (parts.length !== 2) { throw new Error(`Invalid compressed principal format: ${compressedString}`); } const accountId = parts[0]; let roleType = parts[1]; // Expand compressed role types back to full paths if (roleType.startsWith('ar/')) { roleType = roleType.replace('ar/', 'role/aws-reserved/'); } else if (roleType.startsWith('asr/')) { roleType = roleType.replace('asr/', 'role/aws-service-role/'); } else if (roleType.startsWith('sr/')) { roleType = roleType.replace('sr/', 'role/service-role/'); } else if (roleType.startsWith('r/')) { roleType = roleType.replace('r/', 'role/'); } else if (roleType.startsWith('u/')) { roleType = roleType.replace('u/', 'user/'); } return `${prefix}${accountId}:${roleType}`; } //# sourceMappingURL=bitset.js.map