@candidpartners/snitch-types
Advanced tools
Comparing version 2.9.4 to 2.9.6
@@ -7,2 +7,56 @@ # Changelog | ||
## [2.9.6] - 2021-05-21 | ||
### Added: | ||
- IIAMPolicy - isLimitedToKnownAccounts | ||
- IStatistics - conditionallyCompliantResourceCount | ||
- TSnitchConfigMetadata - silent property used to silence logging output | ||
## [2.9.5] - 2021-05-20 | ||
### Added: | ||
- providers/aws/index.ts - Implemented the following interfaces and types to support complex AWS IAM Policy Statement | ||
conditions and principals: | ||
- `ICondition` | ||
- The Condition element (or Condition block) lets you specify conditions for when a policy is in effect. | ||
- The Condition element is optional. In the Condition element, you build expressions in which you use | ||
- condition operators (equal, less than, etc.) to match the condition keys and values in the policy | ||
- against keys and values in the request context. | ||
- `IPrincipal` interface and `TPrincipal` type. | ||
* Use the Principal element in a policy to specify the principal that is allowed or denied access to a resource. | ||
* AWS - AWS account or user identifier policy principal. | ||
* CanonicalUser - An alpha-numeric identifier which is an obfuscated form of the AWS account ID. | ||
* Federated - Federated web identity or SAML users. | ||
* Service - IAM roles that can be assumed by an AWS service are called service roles. | ||
* Service roles must include a trust policy. | ||
* undefined - Resource-based policy wildcard (*) anonymous (public) principal specifying all users or public access. | ||
- rule-results.ts - Implemented the following interfaces to facilitate working with Matter Compliance CLI rule evaluation | ||
results (Livecheck and Static): | ||
- `ICliResponse` - Matter CLI command interface exit code and user message. | ||
- `ICheckContext` - Matter Compliance CLI Rule (aka check) method (staticCheck and liveCheck) configuration context. | ||
- `IMessages` - Array of messages with error status used with SnitchConfig reporter. | ||
- `IResult` - Generic result of a Matter Compliance rule or scan of multiple rules. | ||
- `IRuleResult` - Result of a single Matter Compliance rule evaluation. | ||
- `IScanResult` - Results of multiple Matter Compliance rule evaluation results. | ||
- `IStatistics` - Aggregate metrics for one or more Matter Compliance rule evaluation results. | ||
### Changed: | ||
- `IAMPolicyActionParams` - refactored principal to be optional string | IPrincipal union type to support principal type and | ||
one or more identifiers and align with [AWS IAM JSON policy Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html). | ||
- `IPolicyStatement` | ||
- `Condition` - refactored to be optional ICondition to support complex type safe conditions aligned with | ||
[AWS IAM JSON policy Condition](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html). | ||
- `Principal` - refactored to be optional string | IPrincipal union type to support principal type and one or more identifiers. | ||
- Principal is not set for: | ||
- policies attached to IAM users and groups. | ||
- permission policies for an IAM roles | ||
- In those cases, the principal is implicitly the user that the policy is | ||
- attached to for IAM users, or the user who assumes the role for role access policies. | ||
- When the policy is attached to an IAM group, the principal is the IAM group user making the request. | ||
- `Sid` - Changed to be optional to align with [AWS IAM JSON policy Sid](https://docs.aws.amazon. | ||
com/IAM/latest/UserGuide/reference_policies_elements_sid.html). | ||
- `ISnitchReporter` - expanded reportResults to enable optional reporting for rule statistics, scan results, | ||
scan statistics and messages. | ||
- Moved the following interfaces from snitch-core to snitch-types: | ||
- `LiveCheckContext` | ||
- `StaticCheckContext` | ||
## [2.9.4] - 2021-05-20 | ||
@@ -9,0 +63,0 @@ ### Added: |
@@ -5,4 +5,6 @@ "use strict"; | ||
require("./aws-config-event"); | ||
require("./messages"); | ||
require("./snitch-rule"); | ||
require("./snitch-rule-result"); | ||
require("./rule-result"); | ||
// noinspection JSUnusedGlobalSymbols | ||
@@ -9,0 +11,0 @@ /** |
import "./aws-config-event"; | ||
import "./messages"; | ||
import "./snitch-rule"; | ||
import "./snitch-rule-result"; | ||
import "./rule-result"; | ||
// noinspection JSUnusedGlobalSymbols | ||
@@ -5,0 +7,0 @@ /** |
export { IAWSResourceType } from "./resource-type"; | ||
export { ICliResponse } from "./cli-response"; | ||
export { IMessages } from "./messages"; | ||
export { IResult, IRuleResult, IScanResult, IStatistics } from "./rule-result"; | ||
export { CheckContext, LiveCheckContext, StaticCheckContext, } from "./check-context"; | ||
export { IControlTag } from "./control-tag"; | ||
@@ -3,0 +7,0 @@ export { ILiveCheckContext } from "./livecheck-context"; |
@@ -174,2 +174,40 @@ import { CloudFormation, CloudFront, CloudTrail, CloudWatchLogs, ConfigService, DynamoDB, EC2, ELBv2, IAM, KMS, Lambda, RDS, Route53, S3, SNS } from "aws-sdk"; | ||
/** | ||
* The Condition type lets you specify conditions for when a policy is in effect. | ||
* The IPolicyStatement.Condition element is optional. In the | ||
* Condition element, you build expressions in which you use condition operators | ||
* (equal, less than, etc.) to match the condition keys and values in the policy | ||
* against keys and values in the request context. | ||
*/ | ||
export interface IConditionBlock { | ||
[test: string]: { | ||
[variable: string]: any | any[]; | ||
}; | ||
} | ||
/** | ||
* The Condition type lets you specify conditions for when a policy is in effect. | ||
* The IPolicyStatement.Condition element is optional. In the | ||
* Condition element, you build expressions in which you use condition operators | ||
* (equal, less than, etc.) to match the condition keys and values in the policy | ||
* against keys and values in the request context. | ||
*/ | ||
export interface ICondition { | ||
test: string; | ||
variable: string; | ||
values: any[]; | ||
} | ||
/** | ||
* IAM Policy Statement Principal interface. | ||
* Use the Principal element in a policy to specify the principal that is allowed or denied access to a resource. | ||
* AWS - AWS account or user identifier policy principal. | ||
* CanonicalUser - An alpha-numeric identifier which is an obfuscated form of the AWS account ID. | ||
* Federated - Federated web identity or SAML users. | ||
* Service - IAM roles that can be assumed by an AWS service are called service roles. | ||
* Service roles must include a trust policy. | ||
* undefined - Resource-based policy wildcard (*) anonymous (public) principal specifying all users or public access. | ||
*/ | ||
export interface IPrincipal { | ||
principalType: "AWS" | "CanonicalUser" | "Federated" | "Service"; | ||
identifiers: string[]; | ||
} | ||
/** | ||
* Complex parameter object used to define match criteria. | ||
@@ -182,3 +220,3 @@ */ | ||
treatResourceAsGlob?: boolean; | ||
principal?: string; | ||
principal?: IPrincipal | string; | ||
treatPrincipalAsGlob?: boolean; | ||
@@ -199,7 +237,7 @@ }; | ||
Action: string[]; | ||
Condition: string[]; | ||
Condition?: ICondition[]; | ||
Effect: "Allow" | "Deny"; | ||
Principal: string; | ||
Principal?: IPrincipal | string; | ||
Resource: string[]; | ||
Sid: string; | ||
Sid?: string; | ||
} | ||
@@ -214,3 +252,4 @@ export interface IIAMPolicy { | ||
isLeastAccess(): boolean; | ||
isLimitedToKnownAccounts(knownAccountIds: string[], action?: string): boolean; | ||
} | ||
export {}; |
import { IAwsConfigEvent } from "./aws-config-event"; | ||
import { IMessages } from "./messages"; | ||
import { ISnitchRule } from "./snitch-rule"; | ||
import { ISnitchRuleResult } from "./snitch-rule-result"; | ||
import { IStatistics, IResult } from "./rule-result"; | ||
export declare type SnitchRuleSeverity = "off" | "info" | "warn" | "error"; | ||
@@ -44,5 +46,6 @@ export declare type SnitchRuleProtection = "read-only" | "amend" | "replace" | "remove"; | ||
account?: string; | ||
silent?: boolean; | ||
}; | ||
export interface ISnitchReporter { | ||
reportResults: (snitchResult: ISnitchRuleResult[], config: ISnitchConfig) => Promise<any>; | ||
reportResults: (snitchResult: ISnitchRuleResult[], config: ISnitchConfig, ruleStatistics?: IStatistics[], scanResult?: IResult, scanStatistics?: IStatistics, messages?: IMessages) => Promise<any>; | ||
} | ||
@@ -63,3 +66,3 @@ export interface ISnitchRetriever { | ||
addConfig(json: any, sourceName?: string): Promise<void>; | ||
validate(): ISnitchConfigError[]; | ||
validate(throwOnError?: boolean): ISnitchConfigError[]; | ||
report(snitchResult: ISnitchRuleResult[]): Promise<void>; | ||
@@ -66,0 +69,0 @@ } |
@@ -23,3 +23,3 @@ { | ||
"types": "./lib/types/index.d.ts", | ||
"version": "2.9.4", | ||
"version": "2.9.6", | ||
"scripts": { | ||
@@ -26,0 +26,0 @@ "prebuild": "rm -rf ./lib", |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
79860
123
1336