@cloud-copilot/iam-simulate/dist/esm/simulation_engine/unsafeSimulationEngine.js

Simulate evaluation of AWS IAM policies

import { loadPolicy } from '@cloud-copilot/iam-policy';
import { authorize } from '../core_engine/CoreSimulatorEngine.js';
import { AwsRequestImpl } from '../request/request.js';
import { RequestContextImpl } from '../requestContext.js';
/**
 * Runs a simulation without input validation or context variable verification.
 * Use this if you know what you're doing.
 *
 * @param simulation The simulation to run.
 * @param simulationOptions Options for the simulation.
 * @returns The result of the simulation.
 */
export function runUnsafeSimulation(simulation, simulationOptions) {
    const identityPolicies = Object.values(simulation.identityPolicies).map((p) => loadPolicy(p.policy, { name: p.name }));
    const serviceControlPolicies = simulation.serviceControlPolicies.map((scp) => {
        const ouId = scp.orgIdentifier;
        const policies = scp.policies.map((val) => loadPolicy(val.policy, { name: val.name }));
        return {
            orgIdentifier: ouId,
            policies: policies
        };
    });
    const resourceControlPolicies = simulation.resourceControlPolicies.map((rcp) => {
        const ouId = rcp.orgIdentifier;
        const policies = rcp.policies.map((val) => loadPolicy(val.policy, { name: val.name }));
        return {
            orgIdentifier: ouId,
            policies: policies
        };
    });
    const permissionBoundaries = simulation.permissionBoundaryPolicies?.map((val) => loadPolicy(val.policy, { name: val.name })) ?? undefined;
    const requestContext = new RequestContextImpl(simulation.request.contextVariables);
    const request = new AwsRequestImpl(simulation.request.principal, {
        resource: simulation.request.resource.resource,
        accountId: simulation.request.resource.accountId
    }, simulation.request.action, requestContext);
    const analysis = authorize({
        request,
        identityPolicies,
        serviceControlPolicies,
        resourceControlPolicies,
        resourcePolicy: simulation.resourcePolicy ? loadPolicy(simulation.resourcePolicy) : undefined,
        permissionBoundaries,
        vpcEndpointPolicies: undefined,
        simulationParameters: {
            simulationMode: 'Strict',
            strictConditionKeys: new Set()
        }
    });
    return analysis.result;
}
//# sourceMappingURL=unsafeSimulationEngine.js.map