chore: import upstream snapshot with attribution
Publish CLI Package / publish-npm (push) Waiting to run
Publish Python SDK / publish-pypi (push) Waiting to run
Publish TypeScript SDK / publish-npm (push) Waiting to run
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
Publish CLI Package / publish-npm (push) Waiting to run
Publish Python SDK / publish-pypi (push) Waiting to run
Publish TypeScript SDK / publish-npm (push) Waiting to run
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
This commit is contained in:
@@ -0,0 +1,74 @@
|
||||
import type { IAMAddUserToGroupParams, IAMGroupMembershipResponse } from '@/tools/iam/types'
|
||||
import type { ToolConfig } from '@/tools/types'
|
||||
|
||||
export const addUserToGroupTool: ToolConfig<IAMAddUserToGroupParams, IAMGroupMembershipResponse> = {
|
||||
id: 'iam_add_user_to_group',
|
||||
name: 'IAM Add User to Group',
|
||||
description: 'Add an IAM user to a group',
|
||||
version: '1.0.0',
|
||||
|
||||
params: {
|
||||
region: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS region (e.g., us-east-1)',
|
||||
},
|
||||
accessKeyId: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS access key ID',
|
||||
},
|
||||
secretAccessKey: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS secret access key',
|
||||
},
|
||||
userName: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'The name of the IAM user',
|
||||
},
|
||||
groupName: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'The name of the IAM group',
|
||||
},
|
||||
},
|
||||
|
||||
request: {
|
||||
url: '/api/tools/iam/add-user-to-group',
|
||||
method: 'POST',
|
||||
headers: () => ({ 'Content-Type': 'application/json' }),
|
||||
body: (params) => ({
|
||||
region: params.region,
|
||||
accessKeyId: params.accessKeyId,
|
||||
secretAccessKey: params.secretAccessKey,
|
||||
userName: params.userName,
|
||||
groupName: params.groupName,
|
||||
}),
|
||||
},
|
||||
|
||||
transformResponse: async (response: Response) => {
|
||||
const data = await response.json()
|
||||
|
||||
if (!response.ok) {
|
||||
throw new Error(data.error || 'Failed to add user to group')
|
||||
}
|
||||
|
||||
return {
|
||||
success: true,
|
||||
output: {
|
||||
message: data.message ?? '',
|
||||
},
|
||||
}
|
||||
},
|
||||
|
||||
outputs: {
|
||||
message: { type: 'string', description: 'Operation status message' },
|
||||
},
|
||||
}
|
||||
@@ -0,0 +1,75 @@
|
||||
import type { IAMAttachPolicyResponse, IAMAttachRolePolicyParams } from '@/tools/iam/types'
|
||||
import type { ToolConfig } from '@/tools/types'
|
||||
|
||||
export const attachRolePolicyTool: ToolConfig<IAMAttachRolePolicyParams, IAMAttachPolicyResponse> =
|
||||
{
|
||||
id: 'iam_attach_role_policy',
|
||||
name: 'IAM Attach Role Policy',
|
||||
description: 'Attach a managed policy to an IAM role',
|
||||
version: '1.0.0',
|
||||
|
||||
params: {
|
||||
region: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS region (e.g., us-east-1)',
|
||||
},
|
||||
accessKeyId: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS access key ID',
|
||||
},
|
||||
secretAccessKey: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS secret access key',
|
||||
},
|
||||
roleName: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'The name of the IAM role',
|
||||
},
|
||||
policyArn: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'The ARN of the managed policy to attach',
|
||||
},
|
||||
},
|
||||
|
||||
request: {
|
||||
url: '/api/tools/iam/attach-role-policy',
|
||||
method: 'POST',
|
||||
headers: () => ({ 'Content-Type': 'application/json' }),
|
||||
body: (params) => ({
|
||||
region: params.region,
|
||||
accessKeyId: params.accessKeyId,
|
||||
secretAccessKey: params.secretAccessKey,
|
||||
roleName: params.roleName,
|
||||
policyArn: params.policyArn,
|
||||
}),
|
||||
},
|
||||
|
||||
transformResponse: async (response: Response) => {
|
||||
const data = await response.json()
|
||||
|
||||
if (!response.ok) {
|
||||
throw new Error(data.error || 'Failed to attach policy to role')
|
||||
}
|
||||
|
||||
return {
|
||||
success: true,
|
||||
output: {
|
||||
message: data.message ?? '',
|
||||
},
|
||||
}
|
||||
},
|
||||
|
||||
outputs: {
|
||||
message: { type: 'string', description: 'Operation status message' },
|
||||
},
|
||||
}
|
||||
@@ -0,0 +1,75 @@
|
||||
import type { IAMAttachPolicyResponse, IAMAttachUserPolicyParams } from '@/tools/iam/types'
|
||||
import type { ToolConfig } from '@/tools/types'
|
||||
|
||||
export const attachUserPolicyTool: ToolConfig<IAMAttachUserPolicyParams, IAMAttachPolicyResponse> =
|
||||
{
|
||||
id: 'iam_attach_user_policy',
|
||||
name: 'IAM Attach User Policy',
|
||||
description: 'Attach a managed policy to an IAM user',
|
||||
version: '1.0.0',
|
||||
|
||||
params: {
|
||||
region: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS region (e.g., us-east-1)',
|
||||
},
|
||||
accessKeyId: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS access key ID',
|
||||
},
|
||||
secretAccessKey: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS secret access key',
|
||||
},
|
||||
userName: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'The name of the IAM user',
|
||||
},
|
||||
policyArn: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'The ARN of the managed policy to attach',
|
||||
},
|
||||
},
|
||||
|
||||
request: {
|
||||
url: '/api/tools/iam/attach-user-policy',
|
||||
method: 'POST',
|
||||
headers: () => ({ 'Content-Type': 'application/json' }),
|
||||
body: (params) => ({
|
||||
region: params.region,
|
||||
accessKeyId: params.accessKeyId,
|
||||
secretAccessKey: params.secretAccessKey,
|
||||
userName: params.userName,
|
||||
policyArn: params.policyArn,
|
||||
}),
|
||||
},
|
||||
|
||||
transformResponse: async (response: Response) => {
|
||||
const data = await response.json()
|
||||
|
||||
if (!response.ok) {
|
||||
throw new Error(data.error || 'Failed to attach policy to user')
|
||||
}
|
||||
|
||||
return {
|
||||
success: true,
|
||||
output: {
|
||||
message: data.message ?? '',
|
||||
},
|
||||
}
|
||||
},
|
||||
|
||||
outputs: {
|
||||
message: { type: 'string', description: 'Operation status message' },
|
||||
},
|
||||
}
|
||||
@@ -0,0 +1,81 @@
|
||||
import type { IAMCreateAccessKeyParams, IAMCreateAccessKeyResponse } from '@/tools/iam/types'
|
||||
import type { ToolConfig } from '@/tools/types'
|
||||
|
||||
export const createAccessKeyTool: ToolConfig<IAMCreateAccessKeyParams, IAMCreateAccessKeyResponse> =
|
||||
{
|
||||
id: 'iam_create_access_key',
|
||||
name: 'IAM Create Access Key',
|
||||
description: 'Create a new access key pair for an IAM user',
|
||||
version: '1.0.0',
|
||||
|
||||
params: {
|
||||
region: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS region (e.g., us-east-1)',
|
||||
},
|
||||
accessKeyId: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS access key ID',
|
||||
},
|
||||
secretAccessKey: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS secret access key',
|
||||
},
|
||||
userName: {
|
||||
type: 'string',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'The IAM user to create the key for (defaults to current user)',
|
||||
},
|
||||
},
|
||||
|
||||
request: {
|
||||
url: '/api/tools/iam/create-access-key',
|
||||
method: 'POST',
|
||||
headers: () => ({ 'Content-Type': 'application/json' }),
|
||||
body: (params) => ({
|
||||
region: params.region,
|
||||
accessKeyId: params.accessKeyId,
|
||||
secretAccessKey: params.secretAccessKey,
|
||||
userName: params.userName,
|
||||
}),
|
||||
},
|
||||
|
||||
transformResponse: async (response: Response) => {
|
||||
const data = await response.json()
|
||||
|
||||
if (!response.ok) {
|
||||
throw new Error(data.error || 'Failed to create access key')
|
||||
}
|
||||
|
||||
return {
|
||||
success: true,
|
||||
output: {
|
||||
message: data.message ?? '',
|
||||
accessKeyId: data.accessKeyId ?? '',
|
||||
secretAccessKey: data.secretAccessKey ?? '',
|
||||
userName: data.userName ?? '',
|
||||
status: data.status ?? '',
|
||||
createDate: data.createDate ?? null,
|
||||
},
|
||||
}
|
||||
},
|
||||
|
||||
outputs: {
|
||||
message: { type: 'string', description: 'Operation status message' },
|
||||
accessKeyId: { type: 'string', description: 'The new access key ID' },
|
||||
secretAccessKey: {
|
||||
type: 'string',
|
||||
description: 'The new secret access key (only shown once)',
|
||||
},
|
||||
userName: { type: 'string', description: 'The user the key was created for' },
|
||||
status: { type: 'string', description: 'Status of the access key (Active)' },
|
||||
createDate: { type: 'string', description: 'Date the key was created', optional: true },
|
||||
},
|
||||
}
|
||||
@@ -0,0 +1,105 @@
|
||||
import type { IAMCreateRoleParams, IAMCreateRoleResponse } from '@/tools/iam/types'
|
||||
import type { ToolConfig } from '@/tools/types'
|
||||
|
||||
export const createRoleTool: ToolConfig<IAMCreateRoleParams, IAMCreateRoleResponse> = {
|
||||
id: 'iam_create_role',
|
||||
name: 'IAM Create Role',
|
||||
description: 'Create a new IAM role with a trust policy',
|
||||
version: '1.0.0',
|
||||
|
||||
params: {
|
||||
region: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS region (e.g., us-east-1)',
|
||||
},
|
||||
accessKeyId: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS access key ID',
|
||||
},
|
||||
secretAccessKey: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS secret access key',
|
||||
},
|
||||
roleName: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Name for the new IAM role (1-64 characters)',
|
||||
},
|
||||
assumeRolePolicyDocument: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Trust policy JSON specifying who can assume this role',
|
||||
},
|
||||
description: {
|
||||
type: 'string',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Description of the role',
|
||||
},
|
||||
path: {
|
||||
type: 'string',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Path for the role (e.g., /application/), defaults to /',
|
||||
},
|
||||
maxSessionDuration: {
|
||||
type: 'number',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Maximum session duration in seconds (3600-43200, default 3600)',
|
||||
},
|
||||
},
|
||||
|
||||
request: {
|
||||
url: '/api/tools/iam/create-role',
|
||||
method: 'POST',
|
||||
headers: () => ({ 'Content-Type': 'application/json' }),
|
||||
body: (params) => ({
|
||||
region: params.region,
|
||||
accessKeyId: params.accessKeyId,
|
||||
secretAccessKey: params.secretAccessKey,
|
||||
roleName: params.roleName,
|
||||
assumeRolePolicyDocument: params.assumeRolePolicyDocument,
|
||||
description: params.description,
|
||||
path: params.path,
|
||||
maxSessionDuration: params.maxSessionDuration,
|
||||
}),
|
||||
},
|
||||
|
||||
transformResponse: async (response: Response) => {
|
||||
const data = await response.json()
|
||||
|
||||
if (!response.ok) {
|
||||
throw new Error(data.error || 'Failed to create IAM role')
|
||||
}
|
||||
|
||||
return {
|
||||
success: true,
|
||||
output: {
|
||||
message: data.message ?? '',
|
||||
roleName: data.roleName ?? '',
|
||||
roleId: data.roleId ?? '',
|
||||
arn: data.arn ?? '',
|
||||
path: data.path ?? '',
|
||||
createDate: data.createDate ?? null,
|
||||
},
|
||||
}
|
||||
},
|
||||
|
||||
outputs: {
|
||||
message: { type: 'string', description: 'Operation status message' },
|
||||
roleName: { type: 'string', description: 'The name of the created role' },
|
||||
roleId: { type: 'string', description: 'The unique ID of the created role' },
|
||||
arn: { type: 'string', description: 'The ARN of the created role' },
|
||||
path: { type: 'string', description: 'The path of the created role' },
|
||||
createDate: { type: 'string', description: 'Date the role was created', optional: true },
|
||||
},
|
||||
}
|
||||
@@ -0,0 +1,84 @@
|
||||
import type { IAMCreateUserParams, IAMCreateUserResponse } from '@/tools/iam/types'
|
||||
import type { ToolConfig } from '@/tools/types'
|
||||
|
||||
export const createUserTool: ToolConfig<IAMCreateUserParams, IAMCreateUserResponse> = {
|
||||
id: 'iam_create_user',
|
||||
name: 'IAM Create User',
|
||||
description: 'Create a new IAM user',
|
||||
version: '1.0.0',
|
||||
|
||||
params: {
|
||||
region: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS region (e.g., us-east-1)',
|
||||
},
|
||||
accessKeyId: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS access key ID',
|
||||
},
|
||||
secretAccessKey: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS secret access key',
|
||||
},
|
||||
userName: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Name for the new IAM user (1-64 characters)',
|
||||
},
|
||||
path: {
|
||||
type: 'string',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Path for the user (e.g., /division_abc/), defaults to /',
|
||||
},
|
||||
},
|
||||
|
||||
request: {
|
||||
url: '/api/tools/iam/create-user',
|
||||
method: 'POST',
|
||||
headers: () => ({ 'Content-Type': 'application/json' }),
|
||||
body: (params) => ({
|
||||
region: params.region,
|
||||
accessKeyId: params.accessKeyId,
|
||||
secretAccessKey: params.secretAccessKey,
|
||||
userName: params.userName,
|
||||
path: params.path,
|
||||
}),
|
||||
},
|
||||
|
||||
transformResponse: async (response: Response) => {
|
||||
const data = await response.json()
|
||||
|
||||
if (!response.ok) {
|
||||
throw new Error(data.error || 'Failed to create IAM user')
|
||||
}
|
||||
|
||||
return {
|
||||
success: true,
|
||||
output: {
|
||||
message: data.message ?? '',
|
||||
userName: data.userName ?? '',
|
||||
userId: data.userId ?? '',
|
||||
arn: data.arn ?? '',
|
||||
path: data.path ?? '',
|
||||
createDate: data.createDate ?? null,
|
||||
},
|
||||
}
|
||||
},
|
||||
|
||||
outputs: {
|
||||
message: { type: 'string', description: 'Operation status message' },
|
||||
userName: { type: 'string', description: 'The name of the created user' },
|
||||
userId: { type: 'string', description: 'The unique ID of the created user' },
|
||||
arn: { type: 'string', description: 'The ARN of the created user' },
|
||||
path: { type: 'string', description: 'The path of the created user' },
|
||||
createDate: { type: 'string', description: 'Date the user was created', optional: true },
|
||||
},
|
||||
}
|
||||
@@ -0,0 +1,75 @@
|
||||
import type { IAMDeleteAccessKeyParams, IAMDeleteAccessKeyResponse } from '@/tools/iam/types'
|
||||
import type { ToolConfig } from '@/tools/types'
|
||||
|
||||
export const deleteAccessKeyTool: ToolConfig<IAMDeleteAccessKeyParams, IAMDeleteAccessKeyResponse> =
|
||||
{
|
||||
id: 'iam_delete_access_key',
|
||||
name: 'IAM Delete Access Key',
|
||||
description: 'Delete an access key pair for an IAM user',
|
||||
version: '1.0.0',
|
||||
|
||||
params: {
|
||||
region: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS region (e.g., us-east-1)',
|
||||
},
|
||||
accessKeyId: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS access key ID',
|
||||
},
|
||||
secretAccessKey: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS secret access key',
|
||||
},
|
||||
accessKeyIdToDelete: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'The access key ID to delete',
|
||||
},
|
||||
userName: {
|
||||
type: 'string',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'The IAM user whose key to delete (defaults to current user)',
|
||||
},
|
||||
},
|
||||
|
||||
request: {
|
||||
url: '/api/tools/iam/delete-access-key',
|
||||
method: 'POST',
|
||||
headers: () => ({ 'Content-Type': 'application/json' }),
|
||||
body: (params) => ({
|
||||
region: params.region,
|
||||
accessKeyId: params.accessKeyId,
|
||||
secretAccessKey: params.secretAccessKey,
|
||||
accessKeyIdToDelete: params.accessKeyIdToDelete,
|
||||
userName: params.userName,
|
||||
}),
|
||||
},
|
||||
|
||||
transformResponse: async (response: Response) => {
|
||||
const data = await response.json()
|
||||
|
||||
if (!response.ok) {
|
||||
throw new Error(data.error || 'Failed to delete access key')
|
||||
}
|
||||
|
||||
return {
|
||||
success: true,
|
||||
output: {
|
||||
message: data.message ?? '',
|
||||
},
|
||||
}
|
||||
},
|
||||
|
||||
outputs: {
|
||||
message: { type: 'string', description: 'Operation status message' },
|
||||
},
|
||||
}
|
||||
@@ -0,0 +1,67 @@
|
||||
import type { IAMDeleteRoleParams, IAMDeleteRoleResponse } from '@/tools/iam/types'
|
||||
import type { ToolConfig } from '@/tools/types'
|
||||
|
||||
export const deleteRoleTool: ToolConfig<IAMDeleteRoleParams, IAMDeleteRoleResponse> = {
|
||||
id: 'iam_delete_role',
|
||||
name: 'IAM Delete Role',
|
||||
description: 'Delete an IAM role',
|
||||
version: '1.0.0',
|
||||
|
||||
params: {
|
||||
region: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS region (e.g., us-east-1)',
|
||||
},
|
||||
accessKeyId: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS access key ID',
|
||||
},
|
||||
secretAccessKey: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS secret access key',
|
||||
},
|
||||
roleName: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'The name of the IAM role to delete',
|
||||
},
|
||||
},
|
||||
|
||||
request: {
|
||||
url: '/api/tools/iam/delete-role',
|
||||
method: 'POST',
|
||||
headers: () => ({ 'Content-Type': 'application/json' }),
|
||||
body: (params) => ({
|
||||
region: params.region,
|
||||
accessKeyId: params.accessKeyId,
|
||||
secretAccessKey: params.secretAccessKey,
|
||||
roleName: params.roleName,
|
||||
}),
|
||||
},
|
||||
|
||||
transformResponse: async (response: Response) => {
|
||||
const data = await response.json()
|
||||
|
||||
if (!response.ok) {
|
||||
throw new Error(data.error || 'Failed to delete IAM role')
|
||||
}
|
||||
|
||||
return {
|
||||
success: true,
|
||||
output: {
|
||||
message: data.message ?? '',
|
||||
},
|
||||
}
|
||||
},
|
||||
|
||||
outputs: {
|
||||
message: { type: 'string', description: 'Operation status message' },
|
||||
},
|
||||
}
|
||||
@@ -0,0 +1,67 @@
|
||||
import type { IAMDeleteUserParams, IAMDeleteUserResponse } from '@/tools/iam/types'
|
||||
import type { ToolConfig } from '@/tools/types'
|
||||
|
||||
export const deleteUserTool: ToolConfig<IAMDeleteUserParams, IAMDeleteUserResponse> = {
|
||||
id: 'iam_delete_user',
|
||||
name: 'IAM Delete User',
|
||||
description: 'Delete an IAM user',
|
||||
version: '1.0.0',
|
||||
|
||||
params: {
|
||||
region: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS region (e.g., us-east-1)',
|
||||
},
|
||||
accessKeyId: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS access key ID',
|
||||
},
|
||||
secretAccessKey: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS secret access key',
|
||||
},
|
||||
userName: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'The name of the IAM user to delete',
|
||||
},
|
||||
},
|
||||
|
||||
request: {
|
||||
url: '/api/tools/iam/delete-user',
|
||||
method: 'POST',
|
||||
headers: () => ({ 'Content-Type': 'application/json' }),
|
||||
body: (params) => ({
|
||||
region: params.region,
|
||||
accessKeyId: params.accessKeyId,
|
||||
secretAccessKey: params.secretAccessKey,
|
||||
userName: params.userName,
|
||||
}),
|
||||
},
|
||||
|
||||
transformResponse: async (response: Response) => {
|
||||
const data = await response.json()
|
||||
|
||||
if (!response.ok) {
|
||||
throw new Error(data.error || 'Failed to delete IAM user')
|
||||
}
|
||||
|
||||
return {
|
||||
success: true,
|
||||
output: {
|
||||
message: data.message ?? '',
|
||||
},
|
||||
}
|
||||
},
|
||||
|
||||
outputs: {
|
||||
message: { type: 'string', description: 'Operation status message' },
|
||||
},
|
||||
}
|
||||
@@ -0,0 +1,75 @@
|
||||
import type { IAMDetachPolicyResponse, IAMDetachRolePolicyParams } from '@/tools/iam/types'
|
||||
import type { ToolConfig } from '@/tools/types'
|
||||
|
||||
export const detachRolePolicyTool: ToolConfig<IAMDetachRolePolicyParams, IAMDetachPolicyResponse> =
|
||||
{
|
||||
id: 'iam_detach_role_policy',
|
||||
name: 'IAM Detach Role Policy',
|
||||
description: 'Remove a managed policy from an IAM role',
|
||||
version: '1.0.0',
|
||||
|
||||
params: {
|
||||
region: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS region (e.g., us-east-1)',
|
||||
},
|
||||
accessKeyId: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS access key ID',
|
||||
},
|
||||
secretAccessKey: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS secret access key',
|
||||
},
|
||||
roleName: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'The name of the IAM role',
|
||||
},
|
||||
policyArn: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'The ARN of the managed policy to detach',
|
||||
},
|
||||
},
|
||||
|
||||
request: {
|
||||
url: '/api/tools/iam/detach-role-policy',
|
||||
method: 'POST',
|
||||
headers: () => ({ 'Content-Type': 'application/json' }),
|
||||
body: (params) => ({
|
||||
region: params.region,
|
||||
accessKeyId: params.accessKeyId,
|
||||
secretAccessKey: params.secretAccessKey,
|
||||
roleName: params.roleName,
|
||||
policyArn: params.policyArn,
|
||||
}),
|
||||
},
|
||||
|
||||
transformResponse: async (response: Response) => {
|
||||
const data = await response.json()
|
||||
|
||||
if (!response.ok) {
|
||||
throw new Error(data.error || 'Failed to detach policy from role')
|
||||
}
|
||||
|
||||
return {
|
||||
success: true,
|
||||
output: {
|
||||
message: data.message ?? '',
|
||||
},
|
||||
}
|
||||
},
|
||||
|
||||
outputs: {
|
||||
message: { type: 'string', description: 'Operation status message' },
|
||||
},
|
||||
}
|
||||
@@ -0,0 +1,75 @@
|
||||
import type { IAMDetachPolicyResponse, IAMDetachUserPolicyParams } from '@/tools/iam/types'
|
||||
import type { ToolConfig } from '@/tools/types'
|
||||
|
||||
export const detachUserPolicyTool: ToolConfig<IAMDetachUserPolicyParams, IAMDetachPolicyResponse> =
|
||||
{
|
||||
id: 'iam_detach_user_policy',
|
||||
name: 'IAM Detach User Policy',
|
||||
description: 'Remove a managed policy from an IAM user',
|
||||
version: '1.0.0',
|
||||
|
||||
params: {
|
||||
region: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS region (e.g., us-east-1)',
|
||||
},
|
||||
accessKeyId: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS access key ID',
|
||||
},
|
||||
secretAccessKey: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS secret access key',
|
||||
},
|
||||
userName: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'The name of the IAM user',
|
||||
},
|
||||
policyArn: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'The ARN of the managed policy to detach',
|
||||
},
|
||||
},
|
||||
|
||||
request: {
|
||||
url: '/api/tools/iam/detach-user-policy',
|
||||
method: 'POST',
|
||||
headers: () => ({ 'Content-Type': 'application/json' }),
|
||||
body: (params) => ({
|
||||
region: params.region,
|
||||
accessKeyId: params.accessKeyId,
|
||||
secretAccessKey: params.secretAccessKey,
|
||||
userName: params.userName,
|
||||
policyArn: params.policyArn,
|
||||
}),
|
||||
},
|
||||
|
||||
transformResponse: async (response: Response) => {
|
||||
const data = await response.json()
|
||||
|
||||
if (!response.ok) {
|
||||
throw new Error(data.error || 'Failed to detach policy from user')
|
||||
}
|
||||
|
||||
return {
|
||||
success: true,
|
||||
output: {
|
||||
message: data.message ?? '',
|
||||
},
|
||||
}
|
||||
},
|
||||
|
||||
outputs: {
|
||||
message: { type: 'string', description: 'Operation status message' },
|
||||
},
|
||||
}
|
||||
@@ -0,0 +1,101 @@
|
||||
import type { IAMGetRoleParams, IAMGetRoleResponse } from '@/tools/iam/types'
|
||||
import type { ToolConfig } from '@/tools/types'
|
||||
|
||||
export const getRoleTool: ToolConfig<IAMGetRoleParams, IAMGetRoleResponse> = {
|
||||
id: 'iam_get_role',
|
||||
name: 'IAM Get Role',
|
||||
description: 'Get detailed information about an IAM role',
|
||||
version: '1.0.0',
|
||||
|
||||
params: {
|
||||
region: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS region (e.g., us-east-1)',
|
||||
},
|
||||
accessKeyId: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS access key ID',
|
||||
},
|
||||
secretAccessKey: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS secret access key',
|
||||
},
|
||||
roleName: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'The name of the IAM role to retrieve',
|
||||
},
|
||||
},
|
||||
|
||||
request: {
|
||||
url: '/api/tools/iam/get-role',
|
||||
method: 'POST',
|
||||
headers: () => ({ 'Content-Type': 'application/json' }),
|
||||
body: (params) => ({
|
||||
region: params.region,
|
||||
accessKeyId: params.accessKeyId,
|
||||
secretAccessKey: params.secretAccessKey,
|
||||
roleName: params.roleName,
|
||||
}),
|
||||
},
|
||||
|
||||
transformResponse: async (response: Response) => {
|
||||
const data = await response.json()
|
||||
|
||||
if (!response.ok) {
|
||||
throw new Error(data.error || 'Failed to get IAM role')
|
||||
}
|
||||
|
||||
return {
|
||||
success: true,
|
||||
output: {
|
||||
roleName: data.roleName ?? '',
|
||||
roleId: data.roleId ?? '',
|
||||
arn: data.arn ?? '',
|
||||
path: data.path ?? '',
|
||||
createDate: data.createDate ?? null,
|
||||
description: data.description ?? null,
|
||||
maxSessionDuration: data.maxSessionDuration ?? null,
|
||||
assumeRolePolicyDocument: data.assumeRolePolicyDocument ?? null,
|
||||
roleLastUsedDate: data.roleLastUsedDate ?? null,
|
||||
roleLastUsedRegion: data.roleLastUsedRegion ?? null,
|
||||
},
|
||||
}
|
||||
},
|
||||
|
||||
outputs: {
|
||||
roleName: { type: 'string', description: 'The name of the role' },
|
||||
roleId: { type: 'string', description: 'The unique ID of the role' },
|
||||
arn: { type: 'string', description: 'The ARN of the role' },
|
||||
path: { type: 'string', description: 'The path to the role' },
|
||||
createDate: { type: 'string', description: 'Date the role was created', optional: true },
|
||||
description: { type: 'string', description: 'Description of the role', optional: true },
|
||||
maxSessionDuration: {
|
||||
type: 'number',
|
||||
description: 'Maximum session duration in seconds',
|
||||
optional: true,
|
||||
},
|
||||
assumeRolePolicyDocument: {
|
||||
type: 'string',
|
||||
description: 'The trust policy document (JSON)',
|
||||
optional: true,
|
||||
},
|
||||
roleLastUsedDate: {
|
||||
type: 'string',
|
||||
description: 'Date the role was last used',
|
||||
optional: true,
|
||||
},
|
||||
roleLastUsedRegion: {
|
||||
type: 'string',
|
||||
description: 'AWS region where the role was last used',
|
||||
optional: true,
|
||||
},
|
||||
},
|
||||
}
|
||||
@@ -0,0 +1,93 @@
|
||||
import type { IAMGetUserParams, IAMGetUserResponse } from '@/tools/iam/types'
|
||||
import type { ToolConfig } from '@/tools/types'
|
||||
|
||||
export const getUserTool: ToolConfig<IAMGetUserParams, IAMGetUserResponse> = {
|
||||
id: 'iam_get_user',
|
||||
name: 'IAM Get User',
|
||||
description: 'Get detailed information about an IAM user',
|
||||
version: '1.0.0',
|
||||
|
||||
params: {
|
||||
region: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS region (e.g., us-east-1)',
|
||||
},
|
||||
accessKeyId: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS access key ID',
|
||||
},
|
||||
secretAccessKey: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS secret access key',
|
||||
},
|
||||
userName: {
|
||||
type: 'string',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'The name of the IAM user to retrieve (defaults to the caller if omitted)',
|
||||
},
|
||||
},
|
||||
|
||||
request: {
|
||||
url: '/api/tools/iam/get-user',
|
||||
method: 'POST',
|
||||
headers: () => ({ 'Content-Type': 'application/json' }),
|
||||
body: (params) => ({
|
||||
region: params.region,
|
||||
accessKeyId: params.accessKeyId,
|
||||
secretAccessKey: params.secretAccessKey,
|
||||
...(params.userName ? { userName: params.userName } : {}),
|
||||
}),
|
||||
},
|
||||
|
||||
transformResponse: async (response: Response) => {
|
||||
const data = await response.json()
|
||||
|
||||
if (!response.ok) {
|
||||
throw new Error(data.error || 'Failed to get IAM user')
|
||||
}
|
||||
|
||||
return {
|
||||
success: true,
|
||||
output: {
|
||||
userName: data.userName ?? '',
|
||||
userId: data.userId ?? '',
|
||||
arn: data.arn ?? '',
|
||||
path: data.path ?? '',
|
||||
createDate: data.createDate ?? null,
|
||||
passwordLastUsed: data.passwordLastUsed ?? null,
|
||||
permissionsBoundaryArn: data.permissionsBoundaryArn ?? null,
|
||||
tags: data.tags ?? [],
|
||||
},
|
||||
}
|
||||
},
|
||||
|
||||
outputs: {
|
||||
userName: { type: 'string', description: 'The name of the user' },
|
||||
userId: { type: 'string', description: 'The unique ID of the user' },
|
||||
arn: { type: 'string', description: 'The ARN of the user' },
|
||||
path: { type: 'string', description: 'The path to the user' },
|
||||
createDate: { type: 'string', description: 'Date the user was created', optional: true },
|
||||
passwordLastUsed: {
|
||||
type: 'string',
|
||||
description: 'Date the password was last used',
|
||||
optional: true,
|
||||
},
|
||||
permissionsBoundaryArn: {
|
||||
type: 'string',
|
||||
description: 'ARN of the permissions boundary policy',
|
||||
optional: true,
|
||||
},
|
||||
tags: {
|
||||
type: 'json',
|
||||
description: 'Tags attached to the user (key, value pairs)',
|
||||
optional: true,
|
||||
},
|
||||
},
|
||||
}
|
||||
@@ -0,0 +1,45 @@
|
||||
export * from './types'
|
||||
|
||||
import { addUserToGroupTool } from './add_user_to_group'
|
||||
import { attachRolePolicyTool } from './attach_role_policy'
|
||||
import { attachUserPolicyTool } from './attach_user_policy'
|
||||
import { createAccessKeyTool } from './create_access_key'
|
||||
import { createRoleTool } from './create_role'
|
||||
import { createUserTool } from './create_user'
|
||||
import { deleteAccessKeyTool } from './delete_access_key'
|
||||
import { deleteRoleTool } from './delete_role'
|
||||
import { deleteUserTool } from './delete_user'
|
||||
import { detachRolePolicyTool } from './detach_role_policy'
|
||||
import { detachUserPolicyTool } from './detach_user_policy'
|
||||
import { getRoleTool } from './get_role'
|
||||
import { getUserTool } from './get_user'
|
||||
import { listAttachedRolePoliciesTool } from './list_attached_role_policies'
|
||||
import { listAttachedUserPoliciesTool } from './list_attached_user_policies'
|
||||
import { listGroupsTool } from './list_groups'
|
||||
import { listPoliciesTool } from './list_policies'
|
||||
import { listRolesTool } from './list_roles'
|
||||
import { listUsersTool } from './list_users'
|
||||
import { removeUserFromGroupTool } from './remove_user_from_group'
|
||||
import { simulatePrincipalPolicyTool } from './simulate_principal_policy'
|
||||
|
||||
export const iamListUsersTool = listUsersTool
|
||||
export const iamGetUserTool = getUserTool
|
||||
export const iamCreateUserTool = createUserTool
|
||||
export const iamDeleteUserTool = deleteUserTool
|
||||
export const iamListRolesTool = listRolesTool
|
||||
export const iamGetRoleTool = getRoleTool
|
||||
export const iamCreateRoleTool = createRoleTool
|
||||
export const iamDeleteRoleTool = deleteRoleTool
|
||||
export const iamAttachUserPolicyTool = attachUserPolicyTool
|
||||
export const iamDetachUserPolicyTool = detachUserPolicyTool
|
||||
export const iamAttachRolePolicyTool = attachRolePolicyTool
|
||||
export const iamDetachRolePolicyTool = detachRolePolicyTool
|
||||
export const iamListPoliciesTool = listPoliciesTool
|
||||
export const iamCreateAccessKeyTool = createAccessKeyTool
|
||||
export const iamDeleteAccessKeyTool = deleteAccessKeyTool
|
||||
export const iamListGroupsTool = listGroupsTool
|
||||
export const iamAddUserToGroupTool = addUserToGroupTool
|
||||
export const iamRemoveUserFromGroupTool = removeUserFromGroupTool
|
||||
export const iamListAttachedRolePoliciesTool = listAttachedRolePoliciesTool
|
||||
export const iamListAttachedUserPoliciesTool = listAttachedUserPoliciesTool
|
||||
export const iamSimulatePrincipalPolicyTool = simulatePrincipalPolicyTool
|
||||
@@ -0,0 +1,108 @@
|
||||
import type {
|
||||
IAMListAttachedPoliciesResponse,
|
||||
IAMListAttachedRolePoliciesParams,
|
||||
} from '@/tools/iam/types'
|
||||
import type { ToolConfig } from '@/tools/types'
|
||||
|
||||
export const listAttachedRolePoliciesTool: ToolConfig<
|
||||
IAMListAttachedRolePoliciesParams,
|
||||
IAMListAttachedPoliciesResponse
|
||||
> = {
|
||||
id: 'iam_list_attached_role_policies',
|
||||
name: 'IAM List Attached Role Policies',
|
||||
description: 'List all managed policies attached to an IAM role',
|
||||
version: '1.0.0',
|
||||
|
||||
params: {
|
||||
region: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS region (e.g., us-east-1)',
|
||||
},
|
||||
accessKeyId: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS access key ID',
|
||||
},
|
||||
secretAccessKey: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS secret access key',
|
||||
},
|
||||
roleName: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Name of the IAM role',
|
||||
},
|
||||
pathPrefix: {
|
||||
type: 'string',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Path prefix to filter policies (e.g., /application/)',
|
||||
},
|
||||
maxItems: {
|
||||
type: 'number',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Maximum number of policies to return (1-1000)',
|
||||
},
|
||||
marker: {
|
||||
type: 'string',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Pagination marker from a previous request',
|
||||
},
|
||||
},
|
||||
|
||||
request: {
|
||||
url: '/api/tools/iam/list-attached-role-policies',
|
||||
method: 'POST',
|
||||
headers: () => ({ 'Content-Type': 'application/json' }),
|
||||
body: (params) => ({
|
||||
region: params.region,
|
||||
accessKeyId: params.accessKeyId,
|
||||
secretAccessKey: params.secretAccessKey,
|
||||
roleName: params.roleName,
|
||||
pathPrefix: params.pathPrefix,
|
||||
maxItems: params.maxItems,
|
||||
marker: params.marker,
|
||||
}),
|
||||
},
|
||||
|
||||
transformResponse: async (response: Response) => {
|
||||
const data = await response.json()
|
||||
if (!response.ok) {
|
||||
throw new Error(data.error || 'Failed to list attached role policies')
|
||||
}
|
||||
return {
|
||||
success: true,
|
||||
output: {
|
||||
attachedPolicies: data.attachedPolicies ?? [],
|
||||
isTruncated: data.isTruncated ?? false,
|
||||
marker: data.marker ?? null,
|
||||
count: data.count ?? 0,
|
||||
},
|
||||
}
|
||||
},
|
||||
|
||||
outputs: {
|
||||
attachedPolicies: {
|
||||
type: 'json',
|
||||
description: 'List of attached policies with policyName and policyArn',
|
||||
},
|
||||
isTruncated: {
|
||||
type: 'boolean',
|
||||
description: 'Whether there are more results available',
|
||||
},
|
||||
marker: {
|
||||
type: 'string',
|
||||
description: 'Pagination marker for the next page of results',
|
||||
optional: true,
|
||||
},
|
||||
count: { type: 'number', description: 'Number of attached policies returned' },
|
||||
},
|
||||
}
|
||||
@@ -0,0 +1,108 @@
|
||||
import type {
|
||||
IAMListAttachedPoliciesResponse,
|
||||
IAMListAttachedUserPoliciesParams,
|
||||
} from '@/tools/iam/types'
|
||||
import type { ToolConfig } from '@/tools/types'
|
||||
|
||||
export const listAttachedUserPoliciesTool: ToolConfig<
|
||||
IAMListAttachedUserPoliciesParams,
|
||||
IAMListAttachedPoliciesResponse
|
||||
> = {
|
||||
id: 'iam_list_attached_user_policies',
|
||||
name: 'IAM List Attached User Policies',
|
||||
description: 'List all managed policies attached to an IAM user',
|
||||
version: '1.0.0',
|
||||
|
||||
params: {
|
||||
region: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS region (e.g., us-east-1)',
|
||||
},
|
||||
accessKeyId: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS access key ID',
|
||||
},
|
||||
secretAccessKey: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS secret access key',
|
||||
},
|
||||
userName: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Name of the IAM user',
|
||||
},
|
||||
pathPrefix: {
|
||||
type: 'string',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Path prefix to filter policies (e.g., /application/)',
|
||||
},
|
||||
maxItems: {
|
||||
type: 'number',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Maximum number of policies to return (1-1000)',
|
||||
},
|
||||
marker: {
|
||||
type: 'string',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Pagination marker from a previous request',
|
||||
},
|
||||
},
|
||||
|
||||
request: {
|
||||
url: '/api/tools/iam/list-attached-user-policies',
|
||||
method: 'POST',
|
||||
headers: () => ({ 'Content-Type': 'application/json' }),
|
||||
body: (params) => ({
|
||||
region: params.region,
|
||||
accessKeyId: params.accessKeyId,
|
||||
secretAccessKey: params.secretAccessKey,
|
||||
userName: params.userName,
|
||||
pathPrefix: params.pathPrefix,
|
||||
maxItems: params.maxItems,
|
||||
marker: params.marker,
|
||||
}),
|
||||
},
|
||||
|
||||
transformResponse: async (response: Response) => {
|
||||
const data = await response.json()
|
||||
if (!response.ok) {
|
||||
throw new Error(data.error || 'Failed to list attached user policies')
|
||||
}
|
||||
return {
|
||||
success: true,
|
||||
output: {
|
||||
attachedPolicies: data.attachedPolicies ?? [],
|
||||
isTruncated: data.isTruncated ?? false,
|
||||
marker: data.marker ?? null,
|
||||
count: data.count ?? 0,
|
||||
},
|
||||
}
|
||||
},
|
||||
|
||||
outputs: {
|
||||
attachedPolicies: {
|
||||
type: 'json',
|
||||
description: 'List of attached policies with policyName and policyArn',
|
||||
},
|
||||
isTruncated: {
|
||||
type: 'boolean',
|
||||
description: 'Whether there are more results available',
|
||||
},
|
||||
marker: {
|
||||
type: 'string',
|
||||
description: 'Pagination marker for the next page of results',
|
||||
optional: true,
|
||||
},
|
||||
count: { type: 'number', description: 'Number of attached policies returned' },
|
||||
},
|
||||
}
|
||||
@@ -0,0 +1,97 @@
|
||||
import type { IAMListGroupsParams, IAMListGroupsResponse } from '@/tools/iam/types'
|
||||
import type { ToolConfig } from '@/tools/types'
|
||||
|
||||
export const listGroupsTool: ToolConfig<IAMListGroupsParams, IAMListGroupsResponse> = {
|
||||
id: 'iam_list_groups',
|
||||
name: 'IAM List Groups',
|
||||
description: 'List IAM groups in your AWS account',
|
||||
version: '1.0.0',
|
||||
|
||||
params: {
|
||||
region: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS region (e.g., us-east-1)',
|
||||
},
|
||||
accessKeyId: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS access key ID',
|
||||
},
|
||||
secretAccessKey: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS secret access key',
|
||||
},
|
||||
pathPrefix: {
|
||||
type: 'string',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Path prefix to filter groups',
|
||||
},
|
||||
maxItems: {
|
||||
type: 'number',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Maximum number of groups to return (1-1000, default 100)',
|
||||
},
|
||||
marker: {
|
||||
type: 'string',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Pagination marker from a previous request',
|
||||
},
|
||||
},
|
||||
|
||||
request: {
|
||||
url: '/api/tools/iam/list-groups',
|
||||
method: 'POST',
|
||||
headers: () => ({ 'Content-Type': 'application/json' }),
|
||||
body: (params) => ({
|
||||
region: params.region,
|
||||
accessKeyId: params.accessKeyId,
|
||||
secretAccessKey: params.secretAccessKey,
|
||||
pathPrefix: params.pathPrefix,
|
||||
maxItems: params.maxItems,
|
||||
marker: params.marker,
|
||||
}),
|
||||
},
|
||||
|
||||
transformResponse: async (response: Response) => {
|
||||
const data = await response.json()
|
||||
|
||||
if (!response.ok) {
|
||||
throw new Error(data.error || 'Failed to list IAM groups')
|
||||
}
|
||||
|
||||
return {
|
||||
success: true,
|
||||
output: {
|
||||
groups: data.groups ?? [],
|
||||
isTruncated: data.isTruncated ?? false,
|
||||
marker: data.marker ?? null,
|
||||
count: data.count ?? 0,
|
||||
},
|
||||
}
|
||||
},
|
||||
|
||||
outputs: {
|
||||
groups: {
|
||||
type: 'json',
|
||||
description: 'List of IAM groups with groupName, groupId, arn, and path',
|
||||
},
|
||||
isTruncated: {
|
||||
type: 'boolean',
|
||||
description: 'Whether there are more results available',
|
||||
},
|
||||
marker: {
|
||||
type: 'string',
|
||||
description: 'Pagination marker for the next page of results',
|
||||
optional: true,
|
||||
},
|
||||
count: { type: 'number', description: 'Number of groups returned' },
|
||||
},
|
||||
}
|
||||
@@ -0,0 +1,111 @@
|
||||
import type { IAMListPoliciesParams, IAMListPoliciesResponse } from '@/tools/iam/types'
|
||||
import type { ToolConfig } from '@/tools/types'
|
||||
|
||||
export const listPoliciesTool: ToolConfig<IAMListPoliciesParams, IAMListPoliciesResponse> = {
|
||||
id: 'iam_list_policies',
|
||||
name: 'IAM List Policies',
|
||||
description: 'List managed IAM policies',
|
||||
version: '1.0.0',
|
||||
|
||||
params: {
|
||||
region: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS region (e.g., us-east-1)',
|
||||
},
|
||||
accessKeyId: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS access key ID',
|
||||
},
|
||||
secretAccessKey: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS secret access key',
|
||||
},
|
||||
scope: {
|
||||
type: 'string',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Filter by scope: All, AWS (AWS-managed), or Local (customer-managed)',
|
||||
},
|
||||
onlyAttached: {
|
||||
type: 'boolean',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'If true, only return policies attached to an entity',
|
||||
},
|
||||
pathPrefix: {
|
||||
type: 'string',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Path prefix to filter policies',
|
||||
},
|
||||
maxItems: {
|
||||
type: 'number',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Maximum number of policies to return (1-1000, default 100)',
|
||||
},
|
||||
marker: {
|
||||
type: 'string',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Pagination marker from a previous request',
|
||||
},
|
||||
},
|
||||
|
||||
request: {
|
||||
url: '/api/tools/iam/list-policies',
|
||||
method: 'POST',
|
||||
headers: () => ({ 'Content-Type': 'application/json' }),
|
||||
body: (params) => ({
|
||||
region: params.region,
|
||||
accessKeyId: params.accessKeyId,
|
||||
secretAccessKey: params.secretAccessKey,
|
||||
scope: params.scope,
|
||||
onlyAttached: params.onlyAttached,
|
||||
pathPrefix: params.pathPrefix,
|
||||
maxItems: params.maxItems,
|
||||
marker: params.marker,
|
||||
}),
|
||||
},
|
||||
|
||||
transformResponse: async (response: Response) => {
|
||||
const data = await response.json()
|
||||
|
||||
if (!response.ok) {
|
||||
throw new Error(data.error || 'Failed to list IAM policies')
|
||||
}
|
||||
|
||||
return {
|
||||
success: true,
|
||||
output: {
|
||||
policies: data.policies ?? [],
|
||||
isTruncated: data.isTruncated ?? false,
|
||||
marker: data.marker ?? null,
|
||||
count: data.count ?? 0,
|
||||
},
|
||||
}
|
||||
},
|
||||
|
||||
outputs: {
|
||||
policies: {
|
||||
type: 'json',
|
||||
description: 'List of policies with policyName, arn, attachmentCount, and dates',
|
||||
},
|
||||
isTruncated: {
|
||||
type: 'boolean',
|
||||
description: 'Whether there are more results available',
|
||||
},
|
||||
marker: {
|
||||
type: 'string',
|
||||
description: 'Pagination marker for the next page of results',
|
||||
optional: true,
|
||||
},
|
||||
count: { type: 'number', description: 'Number of policies returned' },
|
||||
},
|
||||
}
|
||||
@@ -0,0 +1,97 @@
|
||||
import type { IAMListRolesParams, IAMListRolesResponse } from '@/tools/iam/types'
|
||||
import type { ToolConfig } from '@/tools/types'
|
||||
|
||||
export const listRolesTool: ToolConfig<IAMListRolesParams, IAMListRolesResponse> = {
|
||||
id: 'iam_list_roles',
|
||||
name: 'IAM List Roles',
|
||||
description: 'List IAM roles in your AWS account',
|
||||
version: '1.0.0',
|
||||
|
||||
params: {
|
||||
region: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS region (e.g., us-east-1)',
|
||||
},
|
||||
accessKeyId: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS access key ID',
|
||||
},
|
||||
secretAccessKey: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS secret access key',
|
||||
},
|
||||
pathPrefix: {
|
||||
type: 'string',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Path prefix to filter roles (e.g., /application/)',
|
||||
},
|
||||
maxItems: {
|
||||
type: 'number',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Maximum number of roles to return (1-1000, default 100)',
|
||||
},
|
||||
marker: {
|
||||
type: 'string',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Pagination marker from a previous request',
|
||||
},
|
||||
},
|
||||
|
||||
request: {
|
||||
url: '/api/tools/iam/list-roles',
|
||||
method: 'POST',
|
||||
headers: () => ({ 'Content-Type': 'application/json' }),
|
||||
body: (params) => ({
|
||||
region: params.region,
|
||||
accessKeyId: params.accessKeyId,
|
||||
secretAccessKey: params.secretAccessKey,
|
||||
pathPrefix: params.pathPrefix,
|
||||
maxItems: params.maxItems,
|
||||
marker: params.marker,
|
||||
}),
|
||||
},
|
||||
|
||||
transformResponse: async (response: Response) => {
|
||||
const data = await response.json()
|
||||
|
||||
if (!response.ok) {
|
||||
throw new Error(data.error || 'Failed to list IAM roles')
|
||||
}
|
||||
|
||||
return {
|
||||
success: true,
|
||||
output: {
|
||||
roles: data.roles ?? [],
|
||||
isTruncated: data.isTruncated ?? false,
|
||||
marker: data.marker ?? null,
|
||||
count: data.count ?? 0,
|
||||
},
|
||||
}
|
||||
},
|
||||
|
||||
outputs: {
|
||||
roles: {
|
||||
type: 'json',
|
||||
description: 'List of IAM roles with roleName, roleId, arn, path, and dates',
|
||||
},
|
||||
isTruncated: {
|
||||
type: 'boolean',
|
||||
description: 'Whether there are more results available',
|
||||
},
|
||||
marker: {
|
||||
type: 'string',
|
||||
description: 'Pagination marker for the next page of results',
|
||||
optional: true,
|
||||
},
|
||||
count: { type: 'number', description: 'Number of roles returned' },
|
||||
},
|
||||
}
|
||||
@@ -0,0 +1,97 @@
|
||||
import type { IAMListUsersParams, IAMListUsersResponse } from '@/tools/iam/types'
|
||||
import type { ToolConfig } from '@/tools/types'
|
||||
|
||||
export const listUsersTool: ToolConfig<IAMListUsersParams, IAMListUsersResponse> = {
|
||||
id: 'iam_list_users',
|
||||
name: 'IAM List Users',
|
||||
description: 'List IAM users in your AWS account',
|
||||
version: '1.0.0',
|
||||
|
||||
params: {
|
||||
region: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS region (e.g., us-east-1)',
|
||||
},
|
||||
accessKeyId: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS access key ID',
|
||||
},
|
||||
secretAccessKey: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS secret access key',
|
||||
},
|
||||
pathPrefix: {
|
||||
type: 'string',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Path prefix to filter users (e.g., /division_abc/)',
|
||||
},
|
||||
maxItems: {
|
||||
type: 'number',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Maximum number of users to return (1-1000, default 100)',
|
||||
},
|
||||
marker: {
|
||||
type: 'string',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Pagination marker from a previous request',
|
||||
},
|
||||
},
|
||||
|
||||
request: {
|
||||
url: '/api/tools/iam/list-users',
|
||||
method: 'POST',
|
||||
headers: () => ({ 'Content-Type': 'application/json' }),
|
||||
body: (params) => ({
|
||||
region: params.region,
|
||||
accessKeyId: params.accessKeyId,
|
||||
secretAccessKey: params.secretAccessKey,
|
||||
pathPrefix: params.pathPrefix,
|
||||
maxItems: params.maxItems,
|
||||
marker: params.marker,
|
||||
}),
|
||||
},
|
||||
|
||||
transformResponse: async (response: Response) => {
|
||||
const data = await response.json()
|
||||
|
||||
if (!response.ok) {
|
||||
throw new Error(data.error || 'Failed to list IAM users')
|
||||
}
|
||||
|
||||
return {
|
||||
success: true,
|
||||
output: {
|
||||
users: data.users ?? [],
|
||||
isTruncated: data.isTruncated ?? false,
|
||||
marker: data.marker ?? null,
|
||||
count: data.count ?? 0,
|
||||
},
|
||||
}
|
||||
},
|
||||
|
||||
outputs: {
|
||||
users: {
|
||||
type: 'json',
|
||||
description: 'List of IAM users with userName, userId, arn, path, and dates',
|
||||
},
|
||||
isTruncated: {
|
||||
type: 'boolean',
|
||||
description: 'Whether there are more results available',
|
||||
},
|
||||
marker: {
|
||||
type: 'string',
|
||||
description: 'Pagination marker for the next page of results',
|
||||
optional: true,
|
||||
},
|
||||
count: { type: 'number', description: 'Number of users returned' },
|
||||
},
|
||||
}
|
||||
@@ -0,0 +1,77 @@
|
||||
import type { IAMGroupMembershipResponse, IAMRemoveUserFromGroupParams } from '@/tools/iam/types'
|
||||
import type { ToolConfig } from '@/tools/types'
|
||||
|
||||
export const removeUserFromGroupTool: ToolConfig<
|
||||
IAMRemoveUserFromGroupParams,
|
||||
IAMGroupMembershipResponse
|
||||
> = {
|
||||
id: 'iam_remove_user_from_group',
|
||||
name: 'IAM Remove User from Group',
|
||||
description: 'Remove an IAM user from a group',
|
||||
version: '1.0.0',
|
||||
|
||||
params: {
|
||||
region: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS region (e.g., us-east-1)',
|
||||
},
|
||||
accessKeyId: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS access key ID',
|
||||
},
|
||||
secretAccessKey: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS secret access key',
|
||||
},
|
||||
userName: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'The name of the IAM user',
|
||||
},
|
||||
groupName: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'The name of the IAM group',
|
||||
},
|
||||
},
|
||||
|
||||
request: {
|
||||
url: '/api/tools/iam/remove-user-from-group',
|
||||
method: 'POST',
|
||||
headers: () => ({ 'Content-Type': 'application/json' }),
|
||||
body: (params) => ({
|
||||
region: params.region,
|
||||
accessKeyId: params.accessKeyId,
|
||||
secretAccessKey: params.secretAccessKey,
|
||||
userName: params.userName,
|
||||
groupName: params.groupName,
|
||||
}),
|
||||
},
|
||||
|
||||
transformResponse: async (response: Response) => {
|
||||
const data = await response.json()
|
||||
|
||||
if (!response.ok) {
|
||||
throw new Error(data.error || 'Failed to remove user from group')
|
||||
}
|
||||
|
||||
return {
|
||||
success: true,
|
||||
output: {
|
||||
message: data.message ?? '',
|
||||
},
|
||||
}
|
||||
},
|
||||
|
||||
outputs: {
|
||||
message: { type: 'string', description: 'Operation status message' },
|
||||
},
|
||||
}
|
||||
@@ -0,0 +1,120 @@
|
||||
import type {
|
||||
IAMSimulatePrincipalPolicyParams,
|
||||
IAMSimulatePrincipalPolicyResponse,
|
||||
} from '@/tools/iam/types'
|
||||
import type { ToolConfig } from '@/tools/types'
|
||||
|
||||
export const simulatePrincipalPolicyTool: ToolConfig<
|
||||
IAMSimulatePrincipalPolicyParams,
|
||||
IAMSimulatePrincipalPolicyResponse
|
||||
> = {
|
||||
id: 'iam_simulate_principal_policy',
|
||||
name: 'IAM Simulate Principal Policy',
|
||||
description:
|
||||
'Simulate whether a user, role, or group is allowed to perform specific AWS actions — useful for pre-flight access checks',
|
||||
version: '1.0.0',
|
||||
|
||||
params: {
|
||||
region: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS region (e.g., us-east-1)',
|
||||
},
|
||||
accessKeyId: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS access key ID',
|
||||
},
|
||||
secretAccessKey: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-only',
|
||||
description: 'AWS secret access key',
|
||||
},
|
||||
policySourceArn: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-or-llm',
|
||||
description:
|
||||
'ARN of the user, group, or role to simulate (e.g., arn:aws:iam::123456789012:user/alice)',
|
||||
},
|
||||
actionNames: {
|
||||
type: 'string',
|
||||
required: true,
|
||||
visibility: 'user-or-llm',
|
||||
description:
|
||||
'Comma-separated list of AWS actions to simulate (e.g., s3:GetObject,ec2:DescribeInstances)',
|
||||
},
|
||||
resourceArns: {
|
||||
type: 'string',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description:
|
||||
'Comma-separated list of resource ARNs to simulate against (defaults to * if not provided)',
|
||||
},
|
||||
maxResults: {
|
||||
type: 'number',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Maximum number of simulation results to return (1-1000)',
|
||||
},
|
||||
marker: {
|
||||
type: 'string',
|
||||
required: false,
|
||||
visibility: 'user-or-llm',
|
||||
description: 'Pagination marker from a previous request',
|
||||
},
|
||||
},
|
||||
|
||||
request: {
|
||||
url: '/api/tools/iam/simulate-principal-policy',
|
||||
method: 'POST',
|
||||
headers: () => ({ 'Content-Type': 'application/json' }),
|
||||
body: (params) => ({
|
||||
region: params.region,
|
||||
accessKeyId: params.accessKeyId,
|
||||
secretAccessKey: params.secretAccessKey,
|
||||
policySourceArn: params.policySourceArn,
|
||||
actionNames: params.actionNames,
|
||||
resourceArns: params.resourceArns,
|
||||
maxResults: params.maxResults,
|
||||
marker: params.marker,
|
||||
}),
|
||||
},
|
||||
|
||||
transformResponse: async (response: Response) => {
|
||||
const data = await response.json()
|
||||
if (!response.ok) {
|
||||
throw new Error(data.error || 'Failed to simulate principal policy')
|
||||
}
|
||||
return {
|
||||
success: true,
|
||||
output: {
|
||||
evaluationResults: data.evaluationResults ?? [],
|
||||
isTruncated: data.isTruncated ?? false,
|
||||
marker: data.marker ?? null,
|
||||
count: data.count ?? 0,
|
||||
},
|
||||
}
|
||||
},
|
||||
|
||||
outputs: {
|
||||
evaluationResults: {
|
||||
type: 'json',
|
||||
description:
|
||||
'Simulation results per action: evalActionName, evalResourceName, evalDecision (allowed/explicitDeny/implicitDeny), matchedStatements (sourcePolicyId, sourcePolicyType), missingContextValues',
|
||||
},
|
||||
isTruncated: {
|
||||
type: 'boolean',
|
||||
description: 'Whether there are more results available',
|
||||
},
|
||||
marker: {
|
||||
type: 'string',
|
||||
description: 'Pagination marker for the next page of results',
|
||||
optional: true,
|
||||
},
|
||||
count: { type: 'number', description: 'Number of evaluation results returned' },
|
||||
},
|
||||
}
|
||||
@@ -0,0 +1,326 @@
|
||||
import type { ToolResponse } from '@/tools/types'
|
||||
|
||||
export interface IAMConnectionConfig {
|
||||
region: string
|
||||
accessKeyId: string
|
||||
secretAccessKey: string
|
||||
}
|
||||
|
||||
export interface IAMListUsersParams extends IAMConnectionConfig {
|
||||
pathPrefix?: string | null
|
||||
maxItems?: number | null
|
||||
marker?: string | null
|
||||
}
|
||||
|
||||
export interface IAMGetUserParams extends IAMConnectionConfig {
|
||||
userName?: string | null
|
||||
}
|
||||
|
||||
export interface IAMCreateUserParams extends IAMConnectionConfig {
|
||||
userName: string
|
||||
path?: string | null
|
||||
}
|
||||
|
||||
export interface IAMDeleteUserParams extends IAMConnectionConfig {
|
||||
userName: string
|
||||
}
|
||||
|
||||
export interface IAMListRolesParams extends IAMConnectionConfig {
|
||||
pathPrefix?: string | null
|
||||
maxItems?: number | null
|
||||
marker?: string | null
|
||||
}
|
||||
|
||||
export interface IAMGetRoleParams extends IAMConnectionConfig {
|
||||
roleName: string
|
||||
}
|
||||
|
||||
export interface IAMCreateRoleParams extends IAMConnectionConfig {
|
||||
roleName: string
|
||||
assumeRolePolicyDocument: string
|
||||
description?: string | null
|
||||
path?: string | null
|
||||
maxSessionDuration?: number | null
|
||||
}
|
||||
|
||||
export interface IAMDeleteRoleParams extends IAMConnectionConfig {
|
||||
roleName: string
|
||||
}
|
||||
|
||||
export interface IAMAttachUserPolicyParams extends IAMConnectionConfig {
|
||||
userName: string
|
||||
policyArn: string
|
||||
}
|
||||
|
||||
export interface IAMDetachUserPolicyParams extends IAMConnectionConfig {
|
||||
userName: string
|
||||
policyArn: string
|
||||
}
|
||||
|
||||
export interface IAMAttachRolePolicyParams extends IAMConnectionConfig {
|
||||
roleName: string
|
||||
policyArn: string
|
||||
}
|
||||
|
||||
export interface IAMDetachRolePolicyParams extends IAMConnectionConfig {
|
||||
roleName: string
|
||||
policyArn: string
|
||||
}
|
||||
|
||||
export interface IAMListPoliciesParams extends IAMConnectionConfig {
|
||||
scope?: string | null
|
||||
onlyAttached?: boolean | null
|
||||
pathPrefix?: string | null
|
||||
maxItems?: number | null
|
||||
marker?: string | null
|
||||
}
|
||||
|
||||
export interface IAMCreateAccessKeyParams extends IAMConnectionConfig {
|
||||
userName?: string | null
|
||||
}
|
||||
|
||||
export interface IAMDeleteAccessKeyParams extends IAMConnectionConfig {
|
||||
accessKeyIdToDelete: string
|
||||
userName?: string | null
|
||||
}
|
||||
|
||||
export interface IAMListGroupsParams extends IAMConnectionConfig {
|
||||
pathPrefix?: string | null
|
||||
maxItems?: number | null
|
||||
marker?: string | null
|
||||
}
|
||||
|
||||
export interface IAMAddUserToGroupParams extends IAMConnectionConfig {
|
||||
userName: string
|
||||
groupName: string
|
||||
}
|
||||
|
||||
export interface IAMRemoveUserFromGroupParams extends IAMConnectionConfig {
|
||||
userName: string
|
||||
groupName: string
|
||||
}
|
||||
|
||||
export interface IAMBaseResponse extends ToolResponse {
|
||||
output: { message: string }
|
||||
error?: string
|
||||
}
|
||||
|
||||
export interface IAMListUsersResponse extends ToolResponse {
|
||||
output: {
|
||||
users: Array<{
|
||||
userName: string
|
||||
userId: string
|
||||
arn: string
|
||||
path: string
|
||||
createDate: string | null
|
||||
passwordLastUsed: string | null
|
||||
}>
|
||||
isTruncated: boolean
|
||||
marker: string | null
|
||||
count: number
|
||||
}
|
||||
error?: string
|
||||
}
|
||||
|
||||
export interface IAMGetUserResponse extends ToolResponse {
|
||||
output: {
|
||||
userName: string
|
||||
userId: string
|
||||
arn: string
|
||||
path: string
|
||||
createDate: string | null
|
||||
passwordLastUsed: string | null
|
||||
permissionsBoundaryArn: string | null
|
||||
tags: Array<{ key: string; value: string }>
|
||||
}
|
||||
error?: string
|
||||
}
|
||||
|
||||
export interface IAMCreateUserResponse extends ToolResponse {
|
||||
output: {
|
||||
message: string
|
||||
userName: string
|
||||
userId: string
|
||||
arn: string
|
||||
path: string
|
||||
createDate: string | null
|
||||
}
|
||||
error?: string
|
||||
}
|
||||
|
||||
export interface IAMDeleteUserResponse extends ToolResponse {
|
||||
output: { message: string }
|
||||
error?: string
|
||||
}
|
||||
|
||||
export interface IAMListRolesResponse extends ToolResponse {
|
||||
output: {
|
||||
roles: Array<{
|
||||
roleName: string
|
||||
roleId: string
|
||||
arn: string
|
||||
path: string
|
||||
createDate: string | null
|
||||
description: string | null
|
||||
maxSessionDuration: number | null
|
||||
}>
|
||||
isTruncated: boolean
|
||||
marker: string | null
|
||||
count: number
|
||||
}
|
||||
error?: string
|
||||
}
|
||||
|
||||
export interface IAMGetRoleResponse extends ToolResponse {
|
||||
output: {
|
||||
roleName: string
|
||||
roleId: string
|
||||
arn: string
|
||||
path: string
|
||||
createDate: string | null
|
||||
description: string | null
|
||||
maxSessionDuration: number | null
|
||||
assumeRolePolicyDocument: string | null
|
||||
roleLastUsedDate: string | null
|
||||
roleLastUsedRegion: string | null
|
||||
}
|
||||
error?: string
|
||||
}
|
||||
|
||||
export interface IAMCreateRoleResponse extends ToolResponse {
|
||||
output: {
|
||||
message: string
|
||||
roleName: string
|
||||
roleId: string
|
||||
arn: string
|
||||
path: string
|
||||
createDate: string | null
|
||||
}
|
||||
error?: string
|
||||
}
|
||||
|
||||
export interface IAMDeleteRoleResponse extends ToolResponse {
|
||||
output: { message: string }
|
||||
error?: string
|
||||
}
|
||||
|
||||
export interface IAMAttachPolicyResponse extends ToolResponse {
|
||||
output: { message: string }
|
||||
error?: string
|
||||
}
|
||||
|
||||
export interface IAMDetachPolicyResponse extends ToolResponse {
|
||||
output: { message: string }
|
||||
error?: string
|
||||
}
|
||||
|
||||
export interface IAMListPoliciesResponse extends ToolResponse {
|
||||
output: {
|
||||
policies: Array<{
|
||||
policyName: string
|
||||
policyId: string
|
||||
arn: string
|
||||
path: string
|
||||
attachmentCount: number
|
||||
isAttachable: boolean
|
||||
createDate: string | null
|
||||
updateDate: string | null
|
||||
description: string | null
|
||||
defaultVersionId: string | null
|
||||
permissionsBoundaryUsageCount: number
|
||||
}>
|
||||
isTruncated: boolean
|
||||
marker: string | null
|
||||
count: number
|
||||
}
|
||||
error?: string
|
||||
}
|
||||
|
||||
export interface IAMCreateAccessKeyResponse extends ToolResponse {
|
||||
output: {
|
||||
message: string
|
||||
accessKeyId: string
|
||||
secretAccessKey: string
|
||||
userName: string
|
||||
status: string
|
||||
createDate: string | null
|
||||
}
|
||||
error?: string
|
||||
}
|
||||
|
||||
export interface IAMDeleteAccessKeyResponse extends ToolResponse {
|
||||
output: { message: string }
|
||||
error?: string
|
||||
}
|
||||
|
||||
export interface IAMListGroupsResponse extends ToolResponse {
|
||||
output: {
|
||||
groups: Array<{
|
||||
groupName: string
|
||||
groupId: string
|
||||
arn: string
|
||||
path: string
|
||||
createDate: string | null
|
||||
}>
|
||||
isTruncated: boolean
|
||||
marker: string | null
|
||||
count: number
|
||||
}
|
||||
error?: string
|
||||
}
|
||||
|
||||
export interface IAMGroupMembershipResponse extends ToolResponse {
|
||||
output: { message: string }
|
||||
error?: string
|
||||
}
|
||||
|
||||
export interface IAMListAttachedRolePoliciesParams extends IAMConnectionConfig {
|
||||
roleName: string
|
||||
pathPrefix?: string | null
|
||||
maxItems?: number | null
|
||||
marker?: string | null
|
||||
}
|
||||
|
||||
export interface IAMListAttachedUserPoliciesParams extends IAMConnectionConfig {
|
||||
userName: string
|
||||
pathPrefix?: string | null
|
||||
maxItems?: number | null
|
||||
marker?: string | null
|
||||
}
|
||||
|
||||
export interface IAMSimulatePrincipalPolicyParams extends IAMConnectionConfig {
|
||||
policySourceArn: string
|
||||
actionNames: string
|
||||
resourceArns?: string | null
|
||||
maxResults?: number | null
|
||||
marker?: string | null
|
||||
}
|
||||
|
||||
export interface IAMListAttachedPoliciesResponse extends ToolResponse {
|
||||
output: {
|
||||
attachedPolicies: Array<{
|
||||
policyName: string
|
||||
policyArn: string
|
||||
}>
|
||||
isTruncated: boolean
|
||||
marker: string | null
|
||||
count: number
|
||||
}
|
||||
error?: string
|
||||
}
|
||||
|
||||
export interface IAMSimulatePrincipalPolicyResponse extends ToolResponse {
|
||||
output: {
|
||||
evaluationResults: Array<{
|
||||
evalActionName: string
|
||||
evalResourceName: string
|
||||
evalDecision: string
|
||||
matchedStatements: Array<{ sourcePolicyId: string; sourcePolicyType: string }>
|
||||
missingContextValues: string[]
|
||||
}>
|
||||
isTruncated: boolean
|
||||
marker: string | null
|
||||
count: number
|
||||
}
|
||||
error?: string
|
||||
}
|
||||
Reference in New Issue
Block a user