UNPKG

@cloud-copilot/iam-simulate

Version:

Simulate evaluation of AWS IAM policies

github.com/cloud-copilot/iam-simulate

cloud-copilot/iam-simulate

107 lines 4.25 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
import { ResourceType } from '@cloud-copilot/iam-data'; import { Resource } from '@cloud-copilot/iam-policy'; import { AwsRequest } from './request/request.js'; export interface StringReplaceOptions { replaceWildcards: boolean; convertToRegex: boolean; } /** * This will convert a string to a regex that can be used to match against a string. * This will replace any variables in the string with the value of the variable in the request context. * * @param value the string to convert to a regex * @param requestContext the request context to get the variable values from * @returns a regex that can be used to match against a string */ export declare function convertIamString(value: string, request: AwsRequest, replaceOptions: { replaceWildcards?: boolean; convertToRegex: false; }): string; export declare function convertIamString(value: string, request: AwsRequest, replaceOptions?: Partial<StringReplaceOptions>): { pattern: RegExp; errors?: string[]; }; export interface ArnParts { partition: string | undefined; service: string | undefined; region: string | undefined; accountId: string | undefined; resource: string | undefined; } /** * Split an ARN into its parts * * @param arn the arn to split * @returns the parts of the ARN */ export declare function splitArnParts(arn: string): ArnParts; /** * Get the product/id segments of the resource portion of an ARN. * The first segment is the product segment and the second segment is the resource id segment. * This could be split by a colon or a slash, so it checks for both. It also checks for S3 buckets/objects. * * @param resource The resource to get the resource segments. Must be an ARN resource. * @returns a tuple with the first segment being the product segment (including the separator) and the second segment being the resource id. */ export declare function getResourceSegments(resource: Resource): [string, string]; /** * Checks if a value is defined and not null and narrows the type to the defined type * * @param value the value to check if it is defined * @returns if the value is defined and not null */ export declare function isDefined<T>(value: T | undefined): value is T; /** * Checks if a value is not defined or null * * @param value the value to check if it is not defined * @returns if the value is not defined or null */ export declare function isNotDefined<T>(value: T | undefined): value is undefined; /** * Checks if an action is a wildcard only action * * @param service the service the action belongs to * @param action the action to check if it is a wildcard only action * @returns if the action is a wildcard only action * @throws an error if the service or action does not exist */ export declare function isWildcardOnlyAction(service: string, action: string): Promise<boolean>; /** * Get the the possible resource types for an action and resource * * @param service the service the action belongs to * @param action the action to get the resource type for * @param resource the resource type matching the action, if any * @throws an error if the service or action does not exist, or if the action is a wildcard only action */ export declare function getResourceTypesForAction(service: string, action: string, resource: string): Promise<ResourceType[]>; /** * Convert a resource pattern from iam-data to a regex pattern * * @param pattern the pattern to convert to a regex * @returns the regex pattern */ export declare function convertResourcePatternToRegex(pattern: string): string; /** * Lowercase all strings in an array * * @param strings the strings to lowercase * @returns the lowercased strings */ export declare function lowerCaseAll(strings: string[]): string[]; /** * Gets the IAM variables from a string * * @param value the string to get the variables from * @returns the variables in the string, if any */ export declare function getVariablesFromString(value: string): string[]; /** * Checks to see if an ARN is an S3 bucket or object ARN * * @param arn the ARN to check * @returns whether the ARN is an S3 bucket or object ARN */ export declare function isS3BucketOrObjectArn(arn: string): boolean; //# sourceMappingURL=util.d.ts.map