UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

2 lines (1 loc) 4.1 kB
1
2
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.mergeStatements=mergeStatements;var comparable_principal_1=()=>{var tmp=require("./comparable-principal");return comparable_principal_1=()=>tmp,tmp},policy_statement_1=()=>{var tmp=require("../policy-statement");return policy_statement_1=()=>tmp,tmp},util_1=()=>{var tmp=require("../util");return util_1=()=>tmp,tmp};const MAX_MERGE_SIZE=2e3;function mergeStatements(statements,options){const sizeOptions=(0,policy_statement_1().deriveEstimateSizeOptions)(options.scope),compStatements=statements.map(makeComparable),mergeFn=options?.mergeIfCombinable??!0?mergeIfCombinable:mergeIfEqual;for(;onePass(););const mergedStatements=new Array,originsMap=new Map;for(const comp of compStatements){const statement=renderComparable(comp);mergedStatements.push(statement),originsMap.set(statement,comp.originals)}return{mergedStatements,originsMap};function onePass(){let ret=!1;for(let i=0;i<compStatements.length;i++){let j=i+1;for(;j<compStatements.length;){const merged=mergeFn(compStatements[i],compStatements[j],!!options.limitSize,sizeOptions);merged?(compStatements[i]=merged,compStatements.splice(j,1),ret=!0):j++}}return ret}}function mergeIfCombinable(a,b,limitSize,options){if(a.statement.effect!==b.statement.effect||a.statement.sid||b.statement.sid||a.conditionString!==b.conditionString||!setEqual(a.statement.notActions,b.statement.notActions)||!setEqual(a.statement.notResources,b.statement.notResources)||!setEqualPrincipals(a.statement.notPrincipals,b.statement.notPrincipals)||(setEqual(a.statement.actions,b.statement.actions)?1:0)+(setEqual(a.statement.resources,b.statement.resources)?1:0)+(setEqualPrincipals(a.statement.principals,b.statement.principals)?1:0)<2||unmergeablePrincipals(a,b))return;const combined=a.statement.copy({actions:setMerge(a.statement.actions,b.statement.actions),resources:setMerge(a.statement.resources,b.statement.resources),principals:setMergePrincipals(a.statement.principals,b.statement.principals)});if(!(limitSize&&combined._estimateSize(options)>MAX_MERGE_SIZE))return{originals:[...a.originals,...b.originals],statement:combined,conditionString:a.conditionString}}function mergeIfEqual(a,b){if(a.statement.effect===b.statement.effect&&a.statement.sid===b.statement.sid&&a.conditionString===b.conditionString&&!(!setEqual(a.statement.notActions,b.statement.notActions)||!setEqual(a.statement.notResources,b.statement.notResources)||!setEqualPrincipals(a.statement.notPrincipals,b.statement.notPrincipals))&&!(!setEqual(a.statement.actions,b.statement.actions)||!setEqual(a.statement.resources,b.statement.resources)||!setEqualPrincipals(a.statement.principals,b.statement.principals)))return{originals:[...a.originals,...b.originals],statement:a.statement,conditionString:a.conditionString}}function makeComparable(s){return{originals:[s],statement:s,conditionString:JSON.stringify(s.conditions)}}function unmergeablePrincipals(a,b){const aHasLiteral=a.statement.principals.some(v=>util_1().LITERAL_STRING_KEY in v.policyFragment.principalJson),bHasLiteral=b.statement.principals.some(v=>util_1().LITERAL_STRING_KEY in v.policyFragment.principalJson);return aHasLiteral!==bHasLiteral}function renderComparable(s){return s.statement}function setEqual(a,b){const bSet=new Set(b);return a.length===b.length&&a.every(k=>bSet.has(k))}function setMerge(x,y){return Array.from(new Set([...x,...y])).sort()}function setEqualPrincipals(xs,ys){const xPrincipals=(0,comparable_principal_1().partitionPrincipals)(xs),yPrincipals=(0,comparable_principal_1().partitionPrincipals)(ys),nonComp=setEqual(xPrincipals.nonComparable,yPrincipals.nonComparable),comp=setEqual(Object.keys(xPrincipals.comparable),Object.keys(yPrincipals.comparable));return nonComp&&comp}function setMergePrincipals(xs,ys){const xPrincipals=(0,comparable_principal_1().partitionPrincipals)(xs),yPrincipals=(0,comparable_principal_1().partitionPrincipals)(ys),comparable={...xPrincipals.comparable,...yPrincipals.comparable};return[...Object.values(comparable),...xPrincipals.nonComparable,...yPrincipals.nonComparable]}