UNPKG

@cloud-copilot/iam-simulate

Version:

Simulate evaluation of AWS IAM policies

github.com/cloud-copilot/iam-simulate

cloud-copilot/iam-simulate

93 lines 2.87 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
export type ExplainPrincipalMatch = 'Match' | 'NoMatch' | 'AccountLevelMatch' | 'SessionRoleMatch' | 'SessionUserMatch'; export interface ActionExplain { action: string; matches: boolean; } export interface ResourceExplain { resource: string; resolvedValue?: string; errors?: string[]; matches: boolean; } export interface PrincipalExplain { principal: string; matches: ExplainPrincipalMatch; roleForSessionArn?: string; userForSessionArn?: string; errors?: string[]; } export interface ConditionValueExplain { value: string; resolvedValue?: string; matches: boolean; matchingValues?: string[]; negativeMatchingValues?: string[]; errors?: string[]; } export interface ConditionExplain { /** * The operation that was used in the condition statement */ operator: string; /** * The value being matched in the condition statement */ conditionKeyValue: string; /** * The resolved value of the condition key */ resolvedConditionKeyValue?: string; values: ConditionValueExplain | ConditionValueExplain[]; /** * The values from the request context that were not matched by a condition with a set operation */ unmatchedValues?: string[]; /** * Whether the condition matches the request */ matches: boolean; /** * */ matchedBecauseMissing?: boolean; /** * Failed because the context key was missing from the request. */ failedBecauseMissing?: boolean; /** * Failed because the context key was required to be a string but was was * an instead an array. Caused by a set operation being used on a single value * context key. */ failedBecauseArray?: boolean; /** * Was the base operator in the condition statement not found */ missingOperator?: boolean; } export interface StatementExplain { actionMatch: boolean; resourceMatch: boolean; principalMatch: ExplainPrincipalMatch; conditionMatch: boolean; matches: boolean; identifier: string; effect: string; actions?: ActionExplain | ActionExplain[]; notActions?: ActionExplain | ActionExplain[]; resources?: ResourceExplain | ResourceExplain[]; notResources?: ResourceExplain | ResourceExplain[]; principals?: PrincipalExplain | PrincipalExplain[]; notPrincipals?: PrincipalExplain | PrincipalExplain[]; conditions?: ConditionExplain[]; /** * The statement was denied because the resource policy has a NotPrincipal in a Deny * statement and the principal has a Permission Boundary. * * This will always resolve to to Deny. * * https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html */ denyBecauseNpInRpAndPb?: boolean; } //# sourceMappingURL=statementExplain.d.ts.map