@cloud-copilot/iam-simulate
Version:
Simulate evaluation of AWS IAM policies
58 lines • 2.04 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.findContextKeys = findContextKeys;
exports.getContextKeysFromPolicy = getContextKeysFromPolicy;
const util_js_1 = require("../util.js");
const contextKeys_js_1 = require("./contextKeys.js");
/**
* Find all the context keys in a list of policies
*
* @param policies - The list of policies to search
* @returns The list of valid and invalid context keys found in the policies
*/
async function findContextKeys(policies) {
const rawKeys = new Set();
for (const policy of policies) {
getContextKeysFromPolicy(policy).forEach((v) => rawKeys.add(v));
}
const validKeys = new Set();
const invalidKeys = new Set();
for (const key of rawKeys) {
const valid = await (0, contextKeys_js_1.isActualContextKey)(key);
if (valid) {
const normalizedKey = await (0, contextKeys_js_1.normalizeContextKeyCase)(key);
validKeys.add(normalizedKey);
}
else {
invalidKeys.add(key);
}
}
return {
validKeys: Array.from(validKeys),
invalidKeys: Array.from(invalidKeys)
};
}
/**
* Get the context variables used in a policy
*
* @param policy - The policy to extract variables from
* @returns The list of variables used in the policy
*/
function getContextKeysFromPolicy(policy) {
const variables = [];
for (const statement of policy.statements()) {
if (statement.isResourceStatement()) {
statement.resources().forEach((r) => {
variables.push(...(0, util_js_1.getVariablesFromString)(r.value()));
});
for (const condition of statement.conditions()) {
variables.push(condition.conditionKey());
condition.conditionValues().forEach((v) => {
variables.push(...(0, util_js_1.getVariablesFromString)(v));
});
}
}
}
return variables;
}
//# sourceMappingURL=findContextKeys.js.map