@adobe/helix-config 4.3.3 → 4.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +14 -0
- package/package.json +1 -1
- package/src/config-view.js +28 -5
package/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,17 @@
|
|
|
1
|
+
# [4.5.0](https://github.com/adobe/helix-config/compare/v4.4.0...v4.5.0) (2024-09-05)
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
### Features
|
|
5
|
+
|
|
6
|
+
* include org apiKeyId to admin and raw scope ([#181](https://github.com/adobe/helix-config/issues/181)) ([223c5bf](https://github.com/adobe/helix-config/commit/223c5bf70b2c8c00c7171b009b294785be7a42c9))
|
|
7
|
+
|
|
8
|
+
# [4.4.0](https://github.com/adobe/helix-config/compare/v4.3.3...v4.4.0) (2024-09-05)
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
### Features
|
|
12
|
+
|
|
13
|
+
* provide transient site token ([#180](https://github.com/adobe/helix-config/issues/180)) ([ca8161b](https://github.com/adobe/helix-config/commit/ca8161be26f1476af5f2b7c3c3894ae80546dbf7))
|
|
14
|
+
|
|
1
15
|
## [4.3.3](https://github.com/adobe/helix-config/compare/v4.3.2...v4.3.3) (2024-09-03)
|
|
2
16
|
|
|
3
17
|
|
package/package.json
CHANGED
package/src/config-view.js
CHANGED
|
@@ -302,6 +302,12 @@ export async function loadOrgConfig(ctx, org) {
|
|
|
302
302
|
return res.body ? res.json() : null;
|
|
303
303
|
}
|
|
304
304
|
|
|
305
|
+
export async function loadTransientSiteToken(ctx, org, site) {
|
|
306
|
+
const key = `orgs/${org}/sites/${site}/transient-site-tokens.json`;
|
|
307
|
+
const res = await ctx.loader.getObject(HELIX_CONFIG_BUS, key);
|
|
308
|
+
return res.body ? res.json() : null;
|
|
309
|
+
}
|
|
310
|
+
|
|
305
311
|
/**
|
|
306
312
|
* Computes the access.admin.role arrays for the org users.
|
|
307
313
|
* @param adminConfig
|
|
@@ -337,11 +343,14 @@ function resolveGroup(groups, name) {
|
|
|
337
343
|
/**
|
|
338
344
|
* Compute the access.admin.role arrays for the admin config. Resolves site and org groups.
|
|
339
345
|
* @param admin
|
|
346
|
+
* @param orgConfig
|
|
340
347
|
* @param configGroups
|
|
341
|
-
* @param orgGroups
|
|
342
|
-
* @param orgUsers
|
|
343
348
|
*/
|
|
344
|
-
function computeSiteAdminRoles(admin,
|
|
349
|
+
function computeSiteAdminRoles(admin, orgConfig, configGroups = {}) {
|
|
350
|
+
const {
|
|
351
|
+
users: orgUsers = [],
|
|
352
|
+
groups: orgGroups = {},
|
|
353
|
+
} = orgConfig ?? {};
|
|
345
354
|
const roles = {};
|
|
346
355
|
for (const [roleName, role] of Object.entries(admin.role ?? {})) {
|
|
347
356
|
const users = new Set();
|
|
@@ -379,6 +388,11 @@ function computeSiteAdminRoles(admin, configGroups = {}, orgGroups = {}, orgUser
|
|
|
379
388
|
...admin,
|
|
380
389
|
role: roles,
|
|
381
390
|
};
|
|
391
|
+
|
|
392
|
+
const apiKeyId = new Set([...admin.apiKeyId ?? [], ...orgConfig?.access?.admin?.apiKeyId ?? []]);
|
|
393
|
+
if (apiKeyId.size) {
|
|
394
|
+
ret.apiKeyId = Array.from(apiKeyId);
|
|
395
|
+
}
|
|
382
396
|
// if there are only roles from the org, ensure that they don't enforce auth
|
|
383
397
|
if (hasOrgUsers && !hasRoles && (!admin.requireAuth || admin.requireAuth === 'auto')) {
|
|
384
398
|
ret.requireAuth = false;
|
|
@@ -430,7 +444,14 @@ export async function getConfigResponse(ctx, opts) {
|
|
|
430
444
|
};
|
|
431
445
|
if (opts.scope === SCOPE_ADMIN || opts.scope === SCOPE_RAW) {
|
|
432
446
|
// eslint-disable-next-line max-len
|
|
433
|
-
config.access.admin = computeSiteAdminRoles(admin, config.groups
|
|
447
|
+
config.access.admin = computeSiteAdminRoles(admin, orgConfig, config.groups);
|
|
448
|
+
} else {
|
|
449
|
+
// for pipeline and delivery, also load the site tokens
|
|
450
|
+
const tst = await loadTransientSiteToken(ctx, rso.org, rso.site);
|
|
451
|
+
if (tst) {
|
|
452
|
+
config.access.preview.transientSiteToken = tst.tokens.preview;
|
|
453
|
+
config.access.live.transientSiteToken = tst.tokens.live;
|
|
454
|
+
}
|
|
434
455
|
}
|
|
435
456
|
}
|
|
436
457
|
|
|
@@ -454,9 +475,11 @@ export async function getConfigResponse(ctx, opts) {
|
|
|
454
475
|
'x-hlx-owner': config.code.owner,
|
|
455
476
|
'x-hlx-repo': config.code.repo,
|
|
456
477
|
'x-hlx-auth-clientdn-preview': canonicalArrayString(config.access, 'preview', 'clientCertDN'),
|
|
457
|
-
'x-hlx-auth-hash-preview': canonicalArrayString(config.access, 'preview', 'tokenHash'),
|
|
458
478
|
'x-hlx-auth-clientdn-live': canonicalArrayString(config.access, 'live', 'clientCertDN'),
|
|
479
|
+
'x-hlx-auth-hash-preview': canonicalArrayString(config.access, 'preview', 'tokenHash'),
|
|
459
480
|
'x-hlx-auth-hash-live': canonicalArrayString(config.access, 'live', 'tokenHash'),
|
|
481
|
+
'x-hlx-auth-tst-preview': config.access?.preview?.transientSiteToken?.value || '',
|
|
482
|
+
'x-hlx-auth-tst-live': config.access?.live?.transientSiteToken?.value || '',
|
|
460
483
|
},
|
|
461
484
|
});
|
|
462
485
|
}
|