-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathpolicy.dhall
115 lines (102 loc) · 2.63 KB
/
policy.dhall
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
let L =
https://raw.githubusercontent.com/dhall-lang/dhall-lang/8cf71d94bd63710faae018aac0920b937b977b11/Prelude/List/package.dhall
let Service
: Type
= < Lambda
| Iam
| Sqs
| CloudWatch
| ApiGateway
| CloudWatchEvents
| Sns
| S3
| CloudFront
| CodeBuild
| Ssm
| Kms
| QuickSight
| ResourceGroups
>
let Action
: Type
= { service : Service, permission : Text }
let Arn
: Type
= { service : Service, resource : Text }
let Effect
: Type
= < Allow | Deny >
let Resource
: Type
= < ByArn : Arn | All >
let Statement
: Type
= { sid : Text
, effect : Effect
, actions : List Action
, resources : List Resource
}
let Policy
: Type
= List Statement
let policy
: List Statement → Policy
= λ(statements : List Statement) → statements
let serviceAllowResources
: Service → List Text → List Resource → Statement
= λ(service : Service)
→ λ(permissions : List Text)
→ λ(resources : List Resource)
→ { sid = ""
, effect = Effect.Allow
, actions =
L.map
Text
Action
( λ(permission : Text)
→ { permission = permission, service = service }
)
permissions
, resources = resources
}
let serviceAllow
: Service → List Text → List Text → Statement
= λ(service : Service)
→ λ(permissions : List Text)
→ λ(resources : List Text)
→ serviceAllowResources
service
permissions
( L.map
Text
Resource
( λ(resource : Text)
→ Resource.ByArn { service = service, resource = resource }
)
resources
)
let serviceAllowAll
: Service → List Text → Statement
= λ(service : Service)
→ λ(permissions : List Text)
→ serviceAllowResources service permissions [ Resource.All ]
let serviceAllAllowResource
: Service → Text → Statement
= λ(service : Service)
→ λ(resource : Text)
→ serviceAllowResources
service
[ "*" ]
[ Resource.ByArn { service = service, resource = resource } ]
in { Service = Service
, Action = Action
, Arn = Arn
, Effect = Effect
, Resource = Resource
, Statement = Statement
, Policy = Policy
, policy = policy
, serviceAllow = serviceAllow
, serviceAllowAll = serviceAllowAll
, serviceAllAllowResource = serviceAllAllowResource
}