@adobe/helix-config 2.11.0 → 2.11.1

package/CHANGELOG.md

@@ -1,3 +1,10 @@
+## [2.11.1](https://github.com/adobe/helix-config/compare/v2.11.0...v2.11.1) (2024-04-30)
+
+
+### Bug Fixes
+
+* cleanup admin.access ([#66](https://github.com/adobe/helix-config/issues/66)) ([28b1c28](https://github.com/adobe/helix-config/commit/28b1c28a71894b98e7748f3c671e4a79879ae81b))
+
 # [2.11.0](https://github.com/adobe/helix-config/compare/v2.10.4...v2.11.0) (2024-04-29)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/helix-config",
-  "version": "2.11.0",
+  "version": "2.11.1",
   "description": "Helix Config",
   "main": "src/index.js",
   "types": "src/index.d.ts",

package/src/config-legacy.js

@@ -15,6 +15,13 @@ const HELIX_CODE_BUS = 'helix-code-bus';
 
 const HELIX_CONTENT_BUS = 'helix-content-bus';
 
+export function toArray(v) {
+  if (!v) {
+    return [];
+  }
+  return Array.isArray(v) ? v : [v];
+}
+
 /**
  * Retrieves the helix-config.json which is an aggregate from fstab.yaml and head.html.
  *
@@ -79,6 +86,23 @@ export async function fetchRobotsTxt(ctx, owner, repo) {
   return res.body;
 }
 
+async function resolveAdminAccess(ctx, admin) {
+  const ret = {
+    ...admin,
+  };
+  if (ret.apiKeyId) {
+    ret.apiKeyId = toArray(ret.apiKeyId);
+  }
+  if (ret.defaultRole) {
+    ret.defaultRole = toArray(ret.defaultRole);
+  }
+  for (const [role, users] of Object.entries(ret.role ?? [])) {
+    // todo: load users.json
+    ret.role[role] = toArray(users);
+  }
+  return ret;
+}
+
 /**
  * Loads the content from a helix 4 project.
  * @param {ConfigContext} ctx
@@ -101,6 +125,8 @@ export async function resolveLegacyConfig(ctx, rso, scope) {
         : 'onedrive',
       url: source,
     };
+  } else {
+    delete source.contentBusId;
   }
   const config = {
     version: 1,
@@ -122,10 +148,16 @@ export async function resolveLegacyConfig(ctx, rso, scope) {
   };
   const configAllPreview = await fetchConfigAll(ctx, config.content.contentBusId, 'preview');
   const configAllLive = await fetchConfigAll(ctx, config.content.contentBusId, 'live');
-  const { access } = configAllPreview?.config?.data || {};
+  const { access, admin } = configAllPreview?.config?.data || {};
   if (access) {
     config.access = access;
   }
+  if (admin) {
+    if (!config.access) {
+      config.access = { };
+    }
+    config.access.admin = await resolveAdminAccess(ctx, admin);
+  }
   if (configAllPreview) {
     config.cdn = configAllPreview.config?.data.cdn ?? {};
     if (!config.cdn.prod?.host && configAllPreview.config?.data.host) {

package/src/config-view.js

@@ -18,7 +18,7 @@ import {
   SCOPE_DELIVERY,
   SCOPE_RAW,
 } from './ConfigContext.js';
-import { resolveLegacyConfig, fetchRobotsTxt } from './config-legacy.js';
+import { resolveLegacyConfig, fetchRobotsTxt, toArray } from './config-legacy.js';
 
 /**
  * @typedef Config
@@ -45,13 +45,6 @@ const HELIX_CONFIG_BUS = 'helix-config-bus';
 
 const HELIX_CONTENT_BUS = 'helix-content-bus';
 
-export function toArray(v) {
-  if (!v) {
-    return [];
-  }
-  return Array.isArray(v) ? v : [v];
-}
-
 /**
  * Creates a string representation of the given array that is suitable for substring matching by
  * delimiting each entry with `,` eg: ,foo@adobe.com,bar@adobe.com,
@@ -75,8 +68,8 @@ export function canonicalArrayString(root, partition, prop) {
 export function getAccessConfig(config, partition) {
   const { access, tokens = {} } = config;
   const apiKeyId = toArray(access[partition]?.apiKeyId ?? access.apiKeyId);
+  const allow = toArray(access[partition]?.allow ?? access.allow);
   const cfg = {
-    allow: toArray(access[partition]?.allow ?? access.allow),
     apiKeyId,
     tokenHash: apiKeyId
       // token ids are always stored in base64url format, but legacy apiKeyIds are not
@@ -87,7 +80,7 @@ export function getAccessConfig(config, partition) {
   };
   // if an allow is defined but no apiKeyId, create a fake one so that auth is still
   // enforced. later we can remove the allow and the apiKeyId in favor of the tokenHash
-  if (cfg.allow.length && !cfg.apiKeyId.length) {
+  if (allow.length && !cfg.apiKeyId.length) {
     cfg.apiKeyId.push('fake');
   }
   // if an apiKeyId is defined but no tokenHash, create a fake one so that auth is still
@@ -95,6 +88,10 @@ export function getAccessConfig(config, partition) {
   if (cfg.apiKeyId.length && !cfg.tokenHash.length) {
     cfg.tokenHash.push('n/a');
   }
+  // todo: remove after auth rewrite
+  if (allow) {
+    cfg.allow = allow;
+  }
   return cfg;
 }
 
@@ -277,8 +274,6 @@ export async function getConfigResponse(ctx, opts) {
     const adminConfig = {
       ...rso,
       ...config,
-      // todo: delete after admin uses new structure
-      contentBusId: config.content.contentBusId,
       content: {
         ...config.content,
         ...config.content.source,

package/src/schemas/access-admin.schema.json

@@ -25,7 +25,6 @@
           "items": {"type": "string"}
         }
       },
-      "required": ["role"],
       "additionalProperties": false
     },
     "requireAuth": {