UNPKG

iam-floyd

Version:

AWS IAM policy statement generator with fluent interface

github.com/udondan/iam-floyd

udondan/iam-floyd

112 lines 11.8 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.PolicyStatementWithResources = void 0; const _3_actions_1 = require("./3-actions"); /** * Adds "resource" functionality to the Policy Statement */ class PolicyStatementWithResources extends _3_actions_1.PolicyStatementWithActions { constructor() { super(...arguments); this.useNotResource = false; this.floydResources = []; this.skipAutoResource = false; this.cdkResourcesApplied = false; } /** * Injects resources into the statement. * * Only relevant for the main package. In CDK mode this only calls super. */ toJSON() { // @ts-ignore only available after swapping 1-base if (typeof this.addResources == 'function') { this.cdkApplyResources(); return super.toJSON(); } const mode = this.useNotResource ? 'NotResource' : 'Resource'; const statement = super.toJSON(); const self = this; this.ensureResource(); if (this.floydResources.length) { const resources = this.floydResources.filter((elem, pos) => { return self.floydResources.indexOf(elem) == pos; }); statement[mode] = resources.length > 1 ? resources : resources[0]; } return statement; } toStatementJson() { this.ensureResource(); this.cdkApplyResources(); // @ts-ignore only available after swapping 1-base return super.toStatementJson(); } freeze() { // @ts-ignore only available after swapping 1-base if (!this.frozen) { this.ensureResource(); this.cdkApplyResources(); } return super.freeze(); } cdkApplyResources() { if (!this.cdkResourcesApplied) { const mode = this.useNotResource ? 'addNotResources' : 'addResources'; const self = this; const uniqueResources = this.floydResources.filter((elem, pos) => { return self.floydResources.indexOf(elem) == pos; }); // @ts-ignore only available after swapping 1-base this[mode](...uniqueResources); this.cdkResourcesApplied = true; } } /** * Switches the statement to use [`NotResource`](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html). */ notResource() { this.useNotResource = true; return this; } /** * Checks weather any resource was applied to the policy. */ hasResources() { return this.floydResources.length > 0; } /** * Limit statement to specified resources. * * To allow all resources, pass `*` */ on(...arns) { this.floydResources.push(...arns); return this; } /** * Add all resources (`*`) to the statement * * This is the default behavior, unless the statement has principals. */ onAllResources() { this.floydResources.push('*'); return this; } ensureResource() { if (this.hasResources()) return; // @ts-ignore only available after swapping 1-base if (this.hasResource) return; // @ts-ignore only available after swapping 1-base if (this.hasPrincipal) return; //assume policies may not have resources if (this.skipAutoResource) return; // a statement requires resources. if none was added, we assume the user wants all resources this.onAllResources(); } } exports.PolicyStatementWithResources = PolicyStatementWithResources; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiNC1yZXNvdXJjZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyI0LXJlc291cmNlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw0Q0FBeUQ7QUFXekQ7O0dBRUc7QUFDSCxNQUFhLDRCQUE2QixTQUFRLHVDQUEwQjtJQUE1RTs7UUFDVSxtQkFBYyxHQUFHLEtBQUssQ0FBQztRQUNyQixtQkFBYyxHQUFhLEVBQUUsQ0FBQztRQUM5QixxQkFBZ0IsR0FBRyxLQUFLLENBQUM7UUFDM0Isd0JBQW1CLEdBQUcsS0FBSyxDQUFDO0lBd0d0QyxDQUFDO0lBdEdDOzs7O09BSUc7SUFDSSxNQUFNO1FBQ1gsa0RBQWtEO1FBQ2xELElBQUksT0FBTyxJQUFJLENBQUMsWUFBWSxJQUFJLFVBQVUsRUFBRSxDQUFDO1lBQzNDLElBQUksQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO1lBQ3pCLE9BQU8sS0FBSyxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBQ3hCLENBQUM7UUFDRCxNQUFNLElBQUksR0FBRyxJQUFJLENBQUMsY0FBYyxDQUFDLENBQUMsQ0FBQyxhQUFhLENBQUMsQ0FBQyxDQUFDLFVBQVUsQ0FBQztRQUM5RCxNQUFNLFNBQVMsR0FBRyxLQUFLLENBQUMsTUFBTSxFQUFFLENBQUM7UUFDakMsTUFBTSxJQUFJLEdBQUcsSUFBSSxDQUFDO1FBRWxCLElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQztRQUV0QixJQUFJLElBQUksQ0FBQyxjQUFjLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDL0IsTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLGNBQWMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxJQUFJLEVBQUUsR0FBRyxFQUFFLEVBQUU7Z0JBQ3pELE9BQU8sSUFBSSxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLElBQUksR0FBRyxDQUFDO1lBQ2xELENBQUMsQ0FBQyxDQUFDO1lBQ0gsU0FBUyxDQUFDLElBQUksQ0FBQyxHQUFHLFNBQVMsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUNwRSxDQUFDO1FBRUQsT0FBTyxTQUFTLENBQUM7SUFDbkIsQ0FBQztJQUVNLGVBQWU7UUFDcEIsSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO1FBQ3RCLElBQUksQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO1FBQ3pCLGtEQUFrRDtRQUNsRCxPQUFPLEtBQUssQ0FBQyxlQUFlLEVBQUUsQ0FBQztJQUNqQyxDQUFDO0lBRU0sTUFBTTtRQUNYLGtEQUFrRDtRQUNsRCxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ2pCLElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQztZQUN0QixJQUFJLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztRQUMzQixDQUFDO1FBQ0QsT0FBTyxLQUFLLENBQUMsTUFBTSxFQUFFLENBQUM7SUFDeEIsQ0FBQztJQUVPLGlCQUFpQjtRQUN2QixJQUFJLENBQUMsSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDOUIsTUFBTSxJQUFJLEdBQUcsSUFBSSxDQUFDLGNBQWMsQ0FBQyxDQUFDLENBQUMsaUJBQWlCLENBQUMsQ0FBQyxDQUFDLGNBQWMsQ0FBQztZQUN0RSxNQUFNLElBQUksR0FBRyxJQUFJLENBQUM7WUFDbEIsTUFBTSxlQUFlLEdBQUcsSUFBSSxDQUFDLGNBQWMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxJQUFJLEVBQUUsR0FBRyxFQUFFLEVBQUU7Z0JBQy9ELE9BQU8sSUFBSSxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLElBQUksR0FBRyxDQUFDO1lBQ2xELENBQUMsQ0FBQyxDQUFDO1lBQ0gsa0RBQWtEO1lBQ2xELElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxHQUFHLGVBQWUsQ0FBQyxDQUFDO1lBQy9CLElBQUksQ0FBQyxtQkFBbUIsR0FBRyxJQUFJLENBQUM7UUFDbEMsQ0FBQztJQUNILENBQUM7SUFFRDs7T0FFRztJQUNJLFdBQVc7UUFDaEIsSUFBSSxDQUFDLGNBQWMsR0FBRyxJQUFJLENBQUM7UUFDM0IsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxZQUFZO1FBQ2pCLE9BQU8sSUFBSSxDQUFDLGNBQWMsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7OztPQUlHO0lBQ0ksRUFBRSxDQUFDLEdBQUcsSUFBYztRQUN6QixJQUFJLENBQUMsY0FBYyxDQUFDLElBQUksQ0FBQyxHQUFHLElBQUksQ0FBQyxDQUFDO1FBQ2xDLE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVEOzs7O09BSUc7SUFDSSxjQUFjO1FBQ25CLElBQUksQ0FBQyxjQUFjLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQzlCLE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVPLGNBQWM7UUFDcEIsSUFBSSxJQUFJLENBQUMsWUFBWSxFQUFFO1lBQUUsT0FBTztRQUNoQyxrREFBa0Q7UUFDbEQsSUFBSSxJQUFJLENBQUMsV0FBVztZQUFFLE9BQU87UUFDN0Isa0RBQWtEO1FBQ2xELElBQUksSUFBSSxDQUFDLFlBQVk7WUFBRSxPQUFPLENBQUMsd0NBQXdDO1FBQ3ZFLElBQUksSUFBSSxDQUFDLGdCQUFnQjtZQUFFLE9BQU87UUFFbEMsNEZBQTRGO1FBQzVGLElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQztJQUN4QixDQUFDO0NBQ0Y7QUE1R0Qsb0VBNEdDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgUG9saWN5U3RhdGVtZW50V2l0aEFjdGlvbnMgfSBmcm9tICcuLzMtYWN0aW9ucyc7XG5cbmV4cG9ydCB0eXBlIFJlc291cmNlVHlwZXMgPSBSZWNvcmQ8c3RyaW5nLCBSZXNvdXJjZVR5cGU+O1xuXG5leHBvcnQgaW50ZXJmYWNlIFJlc291cmNlVHlwZSB7XG4gIG5hbWU6IHN0cmluZztcbiAgdXJsOiBzdHJpbmc7XG4gIGFybjogc3RyaW5nO1xuICBjb25kaXRpb25LZXlzOiBzdHJpbmdbXTtcbn1cblxuLyoqXG4gKiBBZGRzIFwicmVzb3VyY2VcIiBmdW5jdGlvbmFsaXR5IHRvIHRoZSBQb2xpY3kgU3RhdGVtZW50XG4gKi9cbmV4cG9ydCBjbGFzcyBQb2xpY3lTdGF0ZW1lbnRXaXRoUmVzb3VyY2VzIGV4dGVuZHMgUG9saWN5U3RhdGVtZW50V2l0aEFjdGlvbnMge1xuICBwcml2YXRlIHVzZU5vdFJlc291cmNlID0gZmFsc2U7XG4gIHByb3RlY3RlZCBmbG95ZFJlc291cmNlczogc3RyaW5nW10gPSBbXTtcbiAgcHJvdGVjdGVkIHNraXBBdXRvUmVzb3VyY2UgPSBmYWxzZTtcbiAgcHJpdmF0ZSBjZGtSZXNvdXJjZXNBcHBsaWVkID0gZmFsc2U7XG5cbiAgLyoqXG4gICAqIEluamVjdHMgcmVzb3VyY2VzIGludG8gdGhlIHN0YXRlbWVudC5cbiAgICpcbiAgICogT25seSByZWxldmFudCBmb3IgdGhlIG1haW4gcGFja2FnZS4gSW4gQ0RLIG1vZGUgdGhpcyBvbmx5IGNhbGxzIHN1cGVyLlxuICAgKi9cbiAgcHVibGljIHRvSlNPTigpOiBhbnkge1xuICAgIC8vIEB0cy1pZ25vcmUgb25seSBhdmFpbGFibGUgYWZ0ZXIgc3dhcHBpbmcgMS1iYXNlXG4gICAgaWYgKHR5cGVvZiB0aGlzLmFkZFJlc291cmNlcyA9PSAnZnVuY3Rpb24nKSB7XG4gICAgICB0aGlzLmNka0FwcGx5UmVzb3VyY2VzKCk7XG4gICAgICByZXR1cm4gc3VwZXIudG9KU09OKCk7XG4gICAgfVxuICAgIGNvbnN0IG1vZGUgPSB0aGlzLnVzZU5vdFJlc291cmNlID8gJ05vdFJlc291cmNlJyA6ICdSZXNvdXJjZSc7XG4gICAgY29uc3Qgc3RhdGVtZW50ID0gc3VwZXIudG9KU09OKCk7XG4gICAgY29uc3Qgc2VsZiA9IHRoaXM7XG5cbiAgICB0aGlzLmVuc3VyZVJlc291cmNlKCk7XG5cbiAgICBpZiAodGhpcy5mbG95ZFJlc291cmNlcy5sZW5ndGgpIHtcbiAgICAgIGNvbnN0IHJlc291cmNlcyA9IHRoaXMuZmxveWRSZXNvdXJjZXMuZmlsdGVyKChlbGVtLCBwb3MpID0+IHtcbiAgICAgICAgcmV0dXJuIHNlbGYuZmxveWRSZXNvdXJjZXMuaW5kZXhPZihlbGVtKSA9PSBwb3M7XG4gICAgICB9KTtcbiAgICAgIHN0YXRlbWVudFttb2RlXSA9IHJlc291cmNlcy5sZW5ndGggPiAxID8gcmVzb3VyY2VzIDogcmVzb3VyY2VzWzBdO1xuICAgIH1cblxuICAgIHJldHVybiBzdGF0ZW1lbnQ7XG4gIH1cblxuICBwdWJsaWMgdG9TdGF0ZW1lbnRKc29uKCk6IGFueSB7XG4gICAgdGhpcy5lbnN1cmVSZXNvdXJjZSgpO1xuICAgIHRoaXMuY2RrQXBwbHlSZXNvdXJjZXMoKTtcbiAgICAvLyBAdHMtaWdub3JlIG9ubHkgYXZhaWxhYmxlIGFmdGVyIHN3YXBwaW5nIDEtYmFzZVxuICAgIHJldHVybiBzdXBlci50b1N0YXRlbWVudEpzb24oKTtcbiAgfVxuXG4gIHB1YmxpYyBmcmVlemUoKSB7XG4gICAgLy8gQHRzLWlnbm9yZSBvbmx5IGF2YWlsYWJsZSBhZnRlciBzd2FwcGluZyAxLWJhc2VcbiAgICBpZiAoIXRoaXMuZnJvemVuKSB7XG4gICAgICB0aGlzLmVuc3VyZVJlc291cmNlKCk7XG4gICAgICB0aGlzLmNka0FwcGx5UmVzb3VyY2VzKCk7XG4gICAgfVxuICAgIHJldHVybiBzdXBlci5mcmVlemUoKTtcbiAgfVxuXG4gIHByaXZhdGUgY2RrQXBwbHlSZXNvdXJjZXMoKSB7XG4gICAgaWYgKCF0aGlzLmNka1Jlc291cmNlc0FwcGxpZWQpIHtcbiAgICAgIGNvbnN0IG1vZGUgPSB0aGlzLnVzZU5vdFJlc291cmNlID8gJ2FkZE5vdFJlc291cmNlcycgOiAnYWRkUmVzb3VyY2VzJztcbiAgICAgIGNvbnN0IHNlbGYgPSB0aGlzO1xuICAgICAgY29uc3QgdW5pcXVlUmVzb3VyY2VzID0gdGhpcy5mbG95ZFJlc291cmNlcy5maWx0ZXIoKGVsZW0sIHBvcykgPT4ge1xuICAgICAgICByZXR1cm4gc2VsZi5mbG95ZFJlc291cmNlcy5pbmRleE9mKGVsZW0pID09IHBvcztcbiAgICAgIH0pO1xuICAgICAgLy8gQHRzLWlnbm9yZSBvbmx5IGF2YWlsYWJsZSBhZnRlciBzd2FwcGluZyAxLWJhc2VcbiAgICAgIHRoaXNbbW9kZV0oLi4udW5pcXVlUmVzb3VyY2VzKTtcbiAgICAgIHRoaXMuY2RrUmVzb3VyY2VzQXBwbGllZCA9IHRydWU7XG4gICAgfVxuICB9XG5cbiAgLyoqXG4gICAqIFN3aXRjaGVzIHRoZSBzdGF0ZW1lbnQgdG8gdXNlIFtgTm90UmVzb3VyY2VgXShodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vSUFNL2xhdGVzdC9Vc2VyR3VpZGUvcmVmZXJlbmNlX3BvbGljaWVzX2VsZW1lbnRzX25vdHJlc291cmNlLmh0bWwpLlxuICAgKi9cbiAgcHVibGljIG5vdFJlc291cmNlKCkge1xuICAgIHRoaXMudXNlTm90UmVzb3VyY2UgPSB0cnVlO1xuICAgIHJldHVybiB0aGlzO1xuICB9XG5cbiAgLyoqXG4gICAqIENoZWNrcyB3ZWF0aGVyIGFueSByZXNvdXJjZSB3YXMgYXBwbGllZCB0byB0aGUgcG9saWN5LlxuICAgKi9cbiAgcHVibGljIGhhc1Jlc291cmNlcygpOiBib29sZWFuIHtcbiAgICByZXR1cm4gdGhpcy5mbG95ZFJlc291cmNlcy5sZW5ndGggPiAwO1xuICB9XG5cbiAgLyoqXG4gICAqIExpbWl0IHN0YXRlbWVudCB0byBzcGVjaWZpZWQgcmVzb3VyY2VzLlxuICAgKlxuICAgKiBUbyBhbGxvdyBhbGwgcmVzb3VyY2VzLCBwYXNzIGAqYFxuICAgKi9cbiAgcHVibGljIG9uKC4uLmFybnM6IHN0cmluZ1tdKSB7XG4gICAgdGhpcy5mbG95ZFJlc291cmNlcy5wdXNoKC4uLmFybnMpO1xuICAgIHJldHVybiB0aGlzO1xuICB9XG5cbiAgLyoqXG4gICAqIEFkZCBhbGwgcmVzb3VyY2VzIChgKmApIHRvIHRoZSBzdGF0ZW1lbnRcbiAgICpcbiAgICogVGhpcyBpcyB0aGUgZGVmYXVsdCBiZWhhdmlvciwgdW5sZXNzIHRoZSBzdGF0ZW1lbnQgaGFzIHByaW5jaXBhbHMuXG4gICAqL1xuICBwdWJsaWMgb25BbGxSZXNvdXJjZXMoKSB7XG4gICAgdGhpcy5mbG95ZFJlc291cmNlcy5wdXNoKCcqJyk7XG4gICAgcmV0dXJuIHRoaXM7XG4gIH1cblxuICBwcml2YXRlIGVuc3VyZVJlc291cmNlKCkge1xuICAgIGlmICh0aGlzLmhhc1Jlc291cmNlcygpKSByZXR1cm47XG4gICAgLy8gQHRzLWlnbm9yZSBvbmx5IGF2YWlsYWJsZSBhZnRlciBzd2FwcGluZyAxLWJhc2VcbiAgICBpZiAodGhpcy5oYXNSZXNvdXJjZSkgcmV0dXJuO1xuICAgIC8vIEB0cy1pZ25vcmUgb25seSBhdmFpbGFibGUgYWZ0ZXIgc3dhcHBpbmcgMS1iYXNlXG4gICAgaWYgKHRoaXMuaGFzUHJpbmNpcGFsKSByZXR1cm47IC8vYXNzdW1lIHBvbGljaWVzIG1heSBub3QgaGF2ZSByZXNvdXJjZXNcbiAgICBpZiAodGhpcy5za2lwQXV0b1Jlc291cmNlKSByZXR1cm47XG5cbiAgICAvLyBhIHN0YXRlbWVudCByZXF1aXJlcyByZXNvdXJjZXMuIGlmIG5vbmUgd2FzIGFkZGVkLCB3ZSBhc3N1bWUgdGhlIHVzZXIgd2FudHMgYWxsIHJlc291cmNlc1xuICAgIHRoaXMub25BbGxSZXNvdXJjZXMoKTtcbiAgfVxufVxuIl19