UNPKG

@cloud-copilot/iam-simulate

Version:

Simulate evaluation of AWS IAM policies

github.com/cloud-copilot/iam-simulate

cloud-copilot/iam-simulate

51 lines 2.75 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
import { Condition } from '@cloud-copilot/iam-policy'; import { SimulationParameters } from '../core_engine/CoreSimulatorEngine.js'; import { ConditionExplain, StatementExplain } from '../explain/statementExplain.js'; import { AwsRequest } from '../request/request'; import { ContextKey } from '../requestContext.js'; import { BaseConditionOperator } from './BaseConditionOperator.js'; export type ConditionMatchResult = 'Match' | 'NoMatch'; /** * Evaluate a set of conditions against a request * * @param request the request to test * @param conditions the conditions to test * @returns Match if all conditions match, NoMatch if any do not. Also returns all the details of the evaluation */ export declare function requestMatchesConditions(request: AwsRequest, conditions: Condition[], statementType: 'Allow' | 'Deny', simulationParameters: SimulationParameters): { matches: ConditionMatchResult; details: Pick<StatementExplain, 'conditions'>; ignoredConditions?: Condition[]; }; /** * Checks to see if a single condition matches a request * * @param request the request to test * @param condition the condition to test * @returns the result of evaluating the condition */ export declare function singleConditionMatchesRequest(request: AwsRequest, condition: Condition, simulationParameters: SimulationParameters): ConditionExplain; export declare function singleValueMatch(request: AwsRequest, condition: Condition, baseOperation: BaseConditionOperator, keyValue: ContextKey | undefined): ConditionExplain; /** * Tests a condition with a ForAllValues set operator * * @param request the request to test * @param condition the condition with ForAllValues set operator * @param keyExists whether the key exists in the request * @param keyValue the value of the key in the request * @param baseOperation the base operation to test the key against * @returns the result of evaluating the ForAllValues set operator */ export declare function forAllValuesMatch(request: AwsRequest, condition: Condition, keyValue: ContextKey | undefined, baseOperation: BaseConditionOperator): ConditionExplain; /** * Test a condition with a ForAnyValue set operator * * @param request the request to test * @param condition the condition with ForAnyValue set operator * @param keyExists whether the key exists in the request * @param keyValue the value of the key in the request * @param baseOperation the base operation to test the key against * @returns the result of evaluating the ForAnyValue set operator */ export declare function forAnyValueMatch(request: AwsRequest, condition: Condition, keyValue: ContextKey | undefined, baseOperation: BaseConditionOperator): ConditionExplain; //# sourceMappingURL=condition.d.ts.map