import { AwsIamStore } from '@cloud-copilot/iam-collect'; export interface SimulationOrgPolicies { orgIdentifier: string; policies: { name: string; policy: any; }[]; } interface IamUserMetadata { arn: string; path: string; permissionBoundary: string; id: string; name: string; created: string; } export interface OrgPolicy { arn: string; name: string; policy: any; } export interface ManagedPolicy { arn: string; name: string; policy: any; } export interface InlinePolicy { name: string; policy: any; } interface OrgAccount { ou: string; rcps: string[]; scps: string[]; } type OrgAccounts = Record; interface OrgUnitDetails { parent: string | undefined; scps: string[]; rcps: string[]; } type OrgUnits = Record; type OrgPolicyType = 'scps' | 'rcps'; interface OrganizationMetadata { id: string; arn: string; rootOu: string; rootAccountArn: string; rootAccountId: string; features: { AISERVICES_OPT_OUT_POLICY?: boolean; BACKUP_POLICY?: boolean; RESOURCE_CONTROL_POLICY?: boolean; SERVICE_CONTROL_POLICY?: boolean; TAG_POLICY?: boolean; }; } interface OrgStructureNode { children?: OrgStructure | undefined; accounts?: string[] | undefined; } interface OrgStructure { [key: string]: OrgStructureNode; } export interface VpcIndex { vpcs: Record; endpoints: Record; } export interface IamCollectClientOptions { enableCaching?: boolean; } export declare class IamCollectClient { private storageClient; private _cache; private _enableCaching; constructor(storageClient: AwsIamStore, clientOptions?: IamCollectClientOptions); private withCache; /** * Checks if an account exists in the store. * @param accountId The ID of the account to check. * @returns True if the account exists, false otherwise. */ accountExists(accountId: string): Promise; /** * Get all account IDs in the store. * * @returns all account IDs in the store */ allAccounts(): Promise; /** * Checks if a principal exists in the store. * @param principalArn The ARN of the principal to check. * @returns True if the principal exists, false otherwise. */ principalExists(principalArn: string): Promise; /** * Gets the SCP Hierarchy for an account. The first element is the root, the last element is the account itself. * @param accountId The ID of the account to get the SCP Hierarchy for. * @returns The SCP Hierarchy for the account. */ getScpHierarchyForAccount(accountId: string): Promise; /** * Gets the policy hierarchy for an account for a given policy type. * @param accountId The ID of the account. * @param policyType The type of policy ('scps' or 'rcps'). * @returns The policy hierarchy for the account. */ getOrgPolicyHierarchyForAccount(accountId: string, policyType: OrgPolicyType): Promise; /** * Gets the OUs for an account. The first element is the root, * the last element is the parent OU of the account. * @param accountId The ID of the account to get the OUs for. * @returns The OUs for the account. */ getOrgUnitHierarchyForAccount(accountId: string): Promise; /** * Gets the org unit ID for an account. * @param accountId The ID of the account. * @returns The org unit ID for the account, or undefined if not found. */ getOrgUnitIdForAccount(accountId: string): Promise; /** * Gets the parent org unit ID for a given org unit. * @param orgId The ID of the organization. * @param ouId The ID of the org unit. * @returns The parent org unit ID, or undefined if not found. */ getParentOrgUnitIdForOrgUnit(orgId: string, ouId: string): Promise; /** * Gets the SCPs for an account. * @param accountId The ID of the account. * @returns The SCPs for the account. */ getScpsForAccount(accountId: string): Promise; /** * Gets the org policies for an account for a given policy type. * @param accountId The ID of the account. * @param policyType The type of policy ('scps' or 'rcps'). * @returns The org policies for the account. */ getOrgPoliciesForAccount(accountId: string, policyType: OrgPolicyType): Promise; /** * Gets the account data for an organization. * @param orgId The ID of the organization. * @returns The account data for the organization. */ getAccountDataForOrg(orgId: string): Promise; /** * Gets the org units data for an organization. * @param orgId The ID of the organization. * @returns The org units data for the organization. */ getOrgUnitsDataForOrg(orgId: string): Promise; /** * Gets a specific org policy. * @param orgId The ID of the organization. * @param policyType The type of policy ('scps' or 'rcps'). * @param policyArn The ARN of the policy. * @returns The org policy. */ getOrgPolicy(orgId: string, policyType: OrgPolicyType, policyArn: string): Promise; /** * Gets the RCPs for an account. * @param accountId The ID of the account. * @returns The RCPs for the account. */ getRcpsForAccount(accountId: string): Promise; /** * Gets the RCP hierarchy for an account. * @param accountId The ID of the account. * @returns The RCP hierarchy for the account. */ getRcpHierarchyForAccount(accountId: string): Promise; /** * Gets the SCPs for an org unit. * @param orgId The ID of the organization. * @param orgUnitId The ID of the org unit. * @returns The SCPs for the org unit. */ getScpsForOrgUnit(orgId: string, orgUnitId: string): Promise; /** * Gets the org policies for an org unit for a given policy type. * @param orgId The ID of the organization. * @param orgUnitId The ID of the org unit. * @param policyType The type of policy ('scps' or 'rcps'). * @returns The org policies for the org unit. */ getOrgPoliciesForOrgUnit(orgId: string, orgUnitId: string, policyType: OrgPolicyType): Promise; /** * Gets the RCPs for an org unit. * @param orgId The ID of the organization. * @param orgUnitId The ID of the org unit. * @returns The RCPs for the org unit. */ getRcpsForOrgUnit(orgId: string, orgUnitId: string): Promise; /** * Gets the org ID for an account. * @param accountId The ID of the account. * @returns The org ID for the account, or undefined if not found. */ getOrgIdForAccount(accountId: string): Promise; /** * Gets the account ID for a given S3 bucket name. * @param bucketName The name of the bucket. * @returns The account ID for the bucket, or undefined if not found. */ getAccountIdForBucket(bucketName: string): Promise; /** * Gets the account ID for a given API Gateway ARN. * @param apiArn The ARN of the API Gateway. * @returns The account ID for the API Gateway, or undefined if not found. */ getAccountIdForRestApi(apiArn: string): Promise; /** * Gets the managed policies attached to a user. * @param userArn The ARN of the user. * @returns The managed policies for the user. */ getManagedPoliciesForUser(userArn: string): Promise; getManagedPolicy(accountId: string, policyArn: string): Promise; /** * Gets the inline policies attached to a user. * @param userArn The ARN of the user. * @returns The inline policies for the user. */ getInlinePoliciesForUser(userArn: string): Promise; getIamUserMetadata(userArn: string): Promise; /** * Gets the permissions boundary policy attached to a user, if any. * * @param userArn The ARN of the user. * @returns The permissions boundary policy as an OrgPolicy, or undefined if none is set. */ getPermissionsBoundaryForUser(userArn: string): Promise; /** * Gets the group ARNs that the user is a member of. * @param userArn The ARN of the user. * @returns An array of group ARNs the user belongs to. */ getGroupsForUser(userArn: string): Promise; /** * Gets the managed policies attached to a group. * * @param groupArn The ARN of the group. * @returns The managed policies for the group. */ getManagedPoliciesForGroup(groupArn: string): Promise; getInlinePoliciesForGroup(groupArn: string): Promise; getManagedPoliciesForRole(roleArn: string): Promise; getInlinePoliciesForRole(roleArn: string): Promise; getPermissionsBoundaryForRole(roleArn: string): Promise; /** * Get the metadata for an organization. * * @param organizationId the id of the organization * @returns the metadata for the organization */ getOrganizationMetadata(organizationId: string): Promise; /** * Gets the resource policy for a given resource ARN and account. * * @param resourceArn The ARN of the resource. * @param accountId The ID of the account. * @returns The resource policy, or undefined if not found. */ getResourcePolicyForArn(resourceArn: string, accountId: string): Promise; /** * Gets the RAM share policy for a given resource ARN and account. * * @param resourceArn The ARN of the resource. * @param accountId The ID of the account. * @returns The RAM share policy, or undefined if not found. */ getRamSharePolicyForArn(resourceArn: string, accountId: string): Promise; /** * Gets the tags for a given resource ARN and account. * * @param resourceArn The ARN of the resource. * @param accountId The ID of the account. * @returns The tags as a record, or undefined if not found. */ getTagsForResource(resourceArn: string, accountId: string): Promise>; /** * Gets a unique ID for an IAM resource based on its ARN and account ID. * Used specifically for IAM Users and Roles * * @param resourceArn the ARN of the IAM resource * @param accountId the ID of the account the resource belongs to * @returns a unique ID for the resource, or undefined if not found */ getUniqueIdForIamResource(resourceArn: string): Promise; /** * Get the account IDs for an organization. * * @param organizationId the ID of the organization * @returns a tuple containing a boolean indicating success and an array of account IDs */ getAccountsForOrganization(organizationId: string): Promise<[boolean, string[]]>; /** * Get the organization structure or an organization. * * @param orgId the ID of the organization * @returns returns the organization structure or undefined if not found */ getOrganizationStructure(orgId: string): Promise; getAccountsForOrgPath(orgId: string, ouIds: string[]): Promise<[boolean, string[]]>; getAllPrincipalsInAccount(accountId: string): Promise; /** * Get the VPC endpoint policy for a given VPC endpoint ARN. * * @param vpcEndpointArn the ARN of the VPC endpoint * @returns the VPC endpoint policy, or undefined if not found */ getVpcEndpointPolicyForArn(vpcEndpointArn: string): Promise; /** * Get the ARN of a VPC endpoint given its ID. * @param vpcEndpointId the ID of the VPC endpoint * @returns the ARN of the VPC endpoint, or undefined if not found */ getVpcEndpointArnForVpcEndpointId(vpcEndpointId: string): Promise; /** * Gets the VPC endpoint ID for a given VPC ID and service name. * * @param vpcId the ID of the VPC * @param service the service name of the VPC endpoint (e.g., s3, ec2, etc.) * @returns the VPC endpoint ID, or undefined if not found */ getVpcEndpointIdForVpcService(vpcId: string, service: string): Promise; /** * Lookup the VPC ID for a given VPC endpoint ID. * * @param vpcEndpointId the ID of the VPC endpoint * @returns the VPC ID, or undefined if not found */ getVpcIdForVpcEndpointId(vpcEndpointId: string): Promise; } export {}; //# sourceMappingURL=client.d.ts.map