@cloud-copilot/iam-simulate/dist/esm/services/KmsServiceAuthorizer.js

Simulate evaluation of AWS IAM policies

import { DefaultServiceAuthorizer } from './DefaultServiceAuthorizer.js';
/**
 * The default authorizer for services.
 */
export class KmsServiceAuthorizer extends DefaultServiceAuthorizer {
    /**
     * Determines if the service trusts the principal's Account's IAM policies
     *
     * @param sameAccount - If the principal and resource are in the same account
     * @param resourceAnalysis - The resource policy analysis
     * @returns true if the service trusts the principal's account IAM policies
     */
    serviceTrustsPrincipalAccount(sameAccount, resourceAnalysis, resource) {
        if (sameAccount && resource.value() == '*') {
            return true;
        }
        return resourceAnalysis.allowStatements.some((statement) => statement.principalMatch === 'AccountLevelMatch');
    }
}
//# sourceMappingURL=KmsServiceAuthorizer.js.map