UNPKG

@cloud-copilot/iam-simulate

Version:

Simulate evaluation of AWS IAM policies

github.com/cloud-copilot/iam-simulate

cloud-copilot/iam-simulate

24 lines 1.06 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.KmsServiceAuthorizer = void 0; const DefaultServiceAuthorizer_js_1 = require("./DefaultServiceAuthorizer.js"); /** * The default authorizer for services. */ class KmsServiceAuthorizer extends DefaultServiceAuthorizer_js_1.DefaultServiceAuthorizer { /** * Determines if the service trusts the principal's Account's IAM policies * * @param sameAccount - If the principal and resource are in the same account * @param resourceAnalysis - The resource policy analysis * @returns true if the service trusts the principal's account IAM policies */ serviceTrustsPrincipalAccount(sameAccount, resourceAnalysis, resource) { if (sameAccount && resource.value() == '*') { return true; } return resourceAnalysis.allowStatements.some((statement) => statement.principalMatch === 'AccountLevelMatch'); } } exports.KmsServiceAuthorizer = KmsServiceAuthorizer; //# sourceMappingURL=KmsServiceAuthorizer.js.map