Compile action list down to the smallest possible pattern

[udondan]

While it is great to automatically list all actions when working with access levels, it would be great to have an option to compile the list down to a pattern.

This should be implemented as an optional method call. It's a nice feature to reduce the policy size, but might have security related implications if new actions are added in the future.

Example:

new statement.S3()
  .allow()
  .allActions(statement.AccessLevel.READ)
  .condense();

Should result in actions ['s3:List*', 's3:Describe*', 's3:Get*']

[udondan]

This seems to be a quite complex problem. There are a couple of libraries finding the longest common subtrings see:

• https://github.com/hanwencheng/CommonSubstrings
• https://github.com/trekhleb/javascript-algorithms/tree/master/src/algorithms/string/longest-common-substring

Though what we need is to find:

• the smallest common substrings of list A (actions we selected)
• that do not match any items of list B (actions we did not select)
• logically split list A into multiple lists if no common patterns could be found in A, that don't match anything in B

Other interesting tools:

• https://github.com/micromatch/micromatch

Due to the complexity of this problem, I removed it form the v1.0.0 milestone.

[skorfmann]

This would be fantastic! Still plans to tackle that?

[udondan]

Yeah, but I haven't had a good idea so far. 😸