iam-policy-generator icon indicating copy to clipboard operation
iam-policy-generator copied to clipboard

Published 20 hours ago verified publisher icon aletheia

Generate Resource ARNs

Open aletheia opened this issue 4 years ago • 3 comments

Since fetched policy.json file contains a reference to ARNTemplate, this can be used to generate automatically a policy resource schema (thus offering an helper to generate a string for resource field in PolicyStatement).

How it should work

  • Generate a resource ARNs after receiving params
  • Provide an helper to specify ANY Arn component
  • Generate wildcard ARNs when ANY is filled
  • Generate resource strings into the array
  • Support custom resource string passing

How to implement

  • After downloading policy.json file, extract template and build that into a .ts enum
  • Make template hooks into strings be of the same kind (some of them are in the form ${} other in the form <>)
  • Replace ${partition} with aws, since it is always an AWS
  • Add a method to PolicyGenerator.ts to generate resources
  • Use a templating engine to fill the template when resource string needs to be provided

aletheia avatar May 03 '20 07:05 aletheia

As suggested by @alexcasalboni PolicyGenerator: change .addResource() method to accept an Arn class and define an enum to hold ANY value

aletheia avatar May 04 '20 09:05 aletheia

Partition is not always aws: https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/using-govcloud-arns.html:

In the AWS GovCloud (US) Regions, ARNs begin with:

arn:aws-us-gov

asyschikov avatar May 12 '20 14:05 asyschikov

Great suggestion, it is going to be addressed in the upcoming 2.0 release

aletheia avatar May 19 '20 17:05 aletheia