@ampsec/platform-client 12.0.0 → 12.2.0

package/build/src/dto/enums/agent.role.d.ts

@@ -0,0 +1,16 @@
+export declare enum AgentRole {
+    /** Agent can only read data. */
+    VIEWER = "VIEWER",
+    /** Agent can read and write data. */
+    AGENT = "AGENT",
+    /** Agent can read and write data and manage other agents. */
+    ADMIN = "ADMIN",
+    /** Agent owns organization. */
+    OWNER = "OWNER",
+    /** Token belongs to a service account. */
+    SERVICE_ACCOUNT = "SERVICE_ACCOUNT",
+    /** Unknown role. Used for validation */
+    UNKNOWN = "UNKNOWN"
+}
+export declare function lookupAgentRole(role: string): AgentRole;
+export declare function lookupAgentRoleOrdinal(role: string): number;

package/build/src/dto/enums/agent.role.js

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.lookupAgentRoleOrdinal = exports.lookupAgentRole = exports.AgentRole = void 0;
+/* eslint-disable no-unused-vars */
+var AgentRole;
+(function (AgentRole) {
+    /** Agent can only read data. */
+    AgentRole["VIEWER"] = "VIEWER";
+    /** Agent can read and write data. */
+    AgentRole["AGENT"] = "AGENT";
+    /** Agent can read and write data and manage other agents. */
+    AgentRole["ADMIN"] = "ADMIN";
+    /** Agent owns organization. */
+    AgentRole["OWNER"] = "OWNER";
+    /** Token belongs to a service account. */
+    AgentRole["SERVICE_ACCOUNT"] = "SERVICE_ACCOUNT";
+    /** Unknown role. Used for validation */
+    AgentRole["UNKNOWN"] = "UNKNOWN";
+})(AgentRole = exports.AgentRole || (exports.AgentRole = {}));
+const agentRoleLookupMap = {
+    VIEWER: AgentRole.VIEWER,
+    AGENT: AgentRole.AGENT,
+    ADMIN: AgentRole.ADMIN,
+    OWNER: AgentRole.OWNER,
+    SERVICE_ACCOUNT: AgentRole.SERVICE_ACCOUNT,
+};
+function lookupAgentRole(role) {
+    return agentRoleLookupMap[role] || AgentRole.UNKNOWN;
+}
+exports.lookupAgentRole = lookupAgentRole;
+const UNKNOWN_ORDINAL = -99;
+const agentRoleOrdinalMap = new Map([
+    [AgentRole.VIEWER, 0],
+    [AgentRole.AGENT, 1],
+    [AgentRole.ADMIN, 2],
+    [AgentRole.OWNER, 3],
+    [AgentRole.SERVICE_ACCOUNT, -1],
+    [AgentRole.UNKNOWN, UNKNOWN_ORDINAL],
+]);
+function lookupAgentRoleOrdinal(role) {
+    return agentRoleOrdinalMap.get(lookupAgentRole(role)) || UNKNOWN_ORDINAL;
+}
+exports.lookupAgentRoleOrdinal = lookupAgentRoleOrdinal;
+//# sourceMappingURL=agent.role.js.map

package/build/src/dto/enums/agent.role.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent.role.js","sourceRoot":"","sources":["../../../../src/dto/enums/agent.role.ts"],"names":[],"mappings":";;;AAAA,mCAAmC;AACnC,IAAY,SAaX;AAbD,WAAY,SAAS;IACnB,gCAAgC;IAChC,8BAAiB,CAAA;IACjB,qCAAqC;IACrC,4BAAe,CAAA;IACf,6DAA6D;IAC7D,4BAAe,CAAA;IACf,+BAA+B;IAC/B,4BAAe,CAAA;IACf,0CAA0C;IAC1C,gDAAmC,CAAA;IACnC,wCAAwC;IACxC,gCAAmB,CAAA;AACrB,CAAC,EAbW,SAAS,GAAT,iBAAS,KAAT,iBAAS,QAapB;AAED,MAAM,kBAAkB,GAA+B;IACrD,MAAM,EAAE,SAAS,CAAC,MAAM;IACxB,KAAK,EAAE,SAAS,CAAC,KAAK;IACtB,KAAK,EAAE,SAAS,CAAC,KAAK;IACtB,KAAK,EAAE,SAAS,CAAC,KAAK;IACtB,eAAe,EAAE,SAAS,CAAC,eAAe;CAC3C,CAAC;AAEF,SAAgB,eAAe,CAAC,IAAY;IAC1C,OAAO,kBAAkB,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC,OAAO,CAAC;AACvD,CAAC;AAFD,0CAEC;AAED,MAAM,eAAe,GAAG,CAAC,EAAE,CAAC;AAC5B,MAAM,mBAAmB,GAA2B,IAAI,GAAG,CAAC;IAC1D,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IACrB,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC;IACpB,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC;IACpB,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC;IACpB,CAAC,SAAS,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC;IAC/B,CAAC,SAAS,CAAC,OAAO,EAAE,eAAe,CAAC;CACrC,CAAC,CAAC;AAEH,SAAgB,sBAAsB,CAAC,IAAY;IACjD,OAAO,mBAAmB,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,IAAI,eAAe,CAAC;AAC3E,CAAC;AAFD,wDAEC"}

package/build/src/dto/enums/index.d.ts

@@ -1,3 +1,4 @@
+export * from './agent.role';
 export * from './agent.status';
 export * from './connector.status';
 export * from './finding.severity';

package/build/src/dto/enums/index.js

@@ -14,6 +14,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./agent.role"), exports);
 __exportStar(require("./agent.status"), exports);
 __exportStar(require("./connector.status"), exports);
 __exportStar(require("./finding.severity"), exports);

package/build/src/dto/enums/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/dto/enums/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,iDAA+B;AAC/B,qDAAmC;AACnC,qDAAmC;AACnC,mDAAiC;AACjC,wDAAsC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/dto/enums/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B;AAC7B,iDAA+B;AAC/B,qDAAmC;AACnC,qDAAmC;AACnC,mDAAiC;AACjC,wDAAsC"}

package/build/src/dto/index.d.ts

@@ -6,6 +6,7 @@ export * from './enum.dto';
 export * from './enums';
 export * from './extKeyMap.dto';
 export * from './findings.dto';
+export * from './jwt';
 export * from './message.dto';
 export * from './page.dto';
 export * from './platform';

package/build/src/dto/index.js

@@ -22,6 +22,7 @@ __exportStar(require("./enum.dto"), exports);
 __exportStar(require("./enums"), exports);
 __exportStar(require("./extKeyMap.dto"), exports);
 __exportStar(require("./findings.dto"), exports);
+__exportStar(require("./jwt"), exports);
 __exportStar(require("./message.dto"), exports);
 __exportStar(require("./page.dto"), exports);
 __exportStar(require("./platform"), exports);

package/build/src/dto/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/dto/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B;AAC7B,+CAA6B;AAC7B,6CAA2B;AAC3B,mDAAiC;AACjC,6CAA2B;AAC3B,0CAAwB;AACxB,kDAAgC;AAChC,iDAA+B;AAC/B,gDAA8B;AAC9B,6CAA2B;AAC3B,6CAA2B;AAC3B,kDAAgC;AAChC,sDAAoC;AACpC,yDAAuC;AACvC,mDAAiC;AACjC,uDAAqC;AACrC,kDAAgC;AAChC,gDAA8B;AAC9B,8CAA4B"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/dto/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B;AAC7B,+CAA6B;AAC7B,6CAA2B;AAC3B,mDAAiC;AACjC,6CAA2B;AAC3B,0CAAwB;AACxB,kDAAgC;AAChC,iDAA+B;AAC/B,wCAAsB;AACtB,gDAA8B;AAC9B,6CAA2B;AAC3B,6CAA2B;AAC3B,kDAAgC;AAChC,sDAAoC;AACpC,yDAAuC;AACvC,mDAAiC;AACjC,uDAAqC;AACrC,kDAAgC;AAChC,gDAA8B;AAC9B,8CAA4B"}

package/build/src/dto/jwt.d.ts

@@ -0,0 +1,20 @@
+export type AmpJwtToken = {
+    /** Constant for now but might change in the future. */
+    iss: 'amp-platform-api';
+    /** UNIX timestamp, i.e. seconds	since January 1, 1970 */
+    exp: number;
+    /** Single tenant ID for scoping requests */
+    tid: string;
+    /** DB PK for authenticated Agent/End User */
+    sub: string;
+    /** Display value for subject. Falls back to email.  */
+    name: string;
+    /** Single role defining Amplifier User Personas */
+    role: string;
+    /** Enables fine grain access controls to actions/data. Defined by ORG admin or SCIM. */
+    group: string[];
+    /** Feature flags and other permissions. Defined by Amplifier Platform. */
+    entitlement: string[];
+    /** OAuth scopes to limit ability of token, e.g. READ_ONLY service accounts. Might overlap too much with `group` field. */
+    scope: string[];
+};

package/build/src/dto/jwt.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=jwt.js.map

package/build/src/dto/jwt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../../src/dto/jwt.ts"],"names":[],"mappings":""}

package/build/src/dto/reportResults.dto.d.ts

@@ -127,6 +127,8 @@ export type ReportResultUpsertDto = BaseUpsertDto & {
     uid?: string;
     /** Department */
     department?: string | null;
+    /** Organization */
+    organization?: string | null;
     /** Timestamp the report result was generated in ISO8601 format */
     ts: string;
     /** The results generated for the given report */

package/example/package-lock.json

@@ -9,14 +9,14 @@
       "version": "1.0.0",
       "license": "ISC",
       "dependencies": {
-        "@ampsec/platform-client": "^10.0.0",
+        "@ampsec/platform-client": "^10.4.0",
         "axios": "^1.4.0"
       }
     },
     "node_modules/@ampsec/platform-client": {
-      "version": "10.0.0",
-      "resolved": "https://registry.npmjs.org/@ampsec/platform-client/-/platform-client-10.0.0.tgz",
-      "integrity": "sha512-RT6yDe83+smIGWrBmTdFj0j5kUOzGmBGyZyPGBjdcqBjfjGpyc41pAoo8kjSsjPKANIX2BxWjNvs5/1NwUeYZA==",
+      "version": "10.4.0",
+      "resolved": "https://registry.npmjs.org/@ampsec/platform-client/-/platform-client-10.4.0.tgz",
+      "integrity": "sha512-KNmFLtDCvsQEQZFdjAlNclII0bcAVPS3VI4sS5ZyDvcimngucgGvlm6jUsndkDXGdv2CRR+wC/3P+riemNWTsQ==",
       "dependencies": {
         "axios": "^1.4.0",
         "blueimp-md5": "^2.19.0",
@@ -132,9 +132,9 @@
   },
   "dependencies": {
     "@ampsec/platform-client": {
-      "version": "10.0.0",
-      "resolved": "https://registry.npmjs.org/@ampsec/platform-client/-/platform-client-10.0.0.tgz",
-      "integrity": "sha512-RT6yDe83+smIGWrBmTdFj0j5kUOzGmBGyZyPGBjdcqBjfjGpyc41pAoo8kjSsjPKANIX2BxWjNvs5/1NwUeYZA==",
+      "version": "10.4.0",
+      "resolved": "https://registry.npmjs.org/@ampsec/platform-client/-/platform-client-10.4.0.tgz",
+      "integrity": "sha512-KNmFLtDCvsQEQZFdjAlNclII0bcAVPS3VI4sS5ZyDvcimngucgGvlm6jUsndkDXGdv2CRR+wC/3P+riemNWTsQ==",
       "requires": {
         "axios": "^1.4.0",
         "blueimp-md5": "^2.19.0",

package/example/package.json

@@ -10,7 +10,7 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "@ampsec/platform-client": "^10.3.0",
+    "@ampsec/platform-client": "^12.2.0",
     "axios": "^1.4.0"
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ampsec/platform-client",
-  "version": "12.0.0",
+  "version": "12.2.0",
   "description": "",
   "main": "build/src/index.js",
   "runkitExampleFilename": "example/main.js",

package/src/dto/agents.dto.ts

@@ -1,5 +1,6 @@
 import {AgentStatus} from './enums/agent.status';
 import {BaseDto, BaseUpsertDto} from './base.dto';
+// import {AgentRole} from './enums';
 
 export type AgentUpsertDto = BaseUpsertDto & {
   /** Agent first name */
@@ -10,6 +11,8 @@ export type AgentUpsertDto = BaseUpsertDto & {
   status: AgentStatus;
   /** External Id */
   email: string;
+  /** Agent role */
+  // TODO: role: AgentRole; // for now all agents are `OWNER`. Need to map role to tenant
 };
 
 export type AgentDto = BaseDto & AgentUpsertDto;

package/src/dto/enums/agent.role.ts

@@ -0,0 +1,41 @@
+/* eslint-disable no-unused-vars */
+export enum AgentRole {
+  /** Agent can only read data. */
+  VIEWER = 'VIEWER',
+  /** Agent can read and write data. */
+  AGENT = 'AGENT',
+  /** Agent can read and write data and manage other agents. */
+  ADMIN = 'ADMIN',
+  /** Agent owns organization. */
+  OWNER = 'OWNER',
+  /** Token belongs to a service account. */
+  SERVICE_ACCOUNT = 'SERVICE_ACCOUNT',
+  /** Unknown role. Used for validation */
+  UNKNOWN = 'UNKNOWN',
+}
+
+const agentRoleLookupMap: {[key: string]: AgentRole} = {
+  VIEWER: AgentRole.VIEWER,
+  AGENT: AgentRole.AGENT,
+  ADMIN: AgentRole.ADMIN,
+  OWNER: AgentRole.OWNER,
+  SERVICE_ACCOUNT: AgentRole.SERVICE_ACCOUNT,
+};
+
+export function lookupAgentRole(role: string): AgentRole {
+  return agentRoleLookupMap[role] || AgentRole.UNKNOWN;
+}
+
+const UNKNOWN_ORDINAL = -99;
+const agentRoleOrdinalMap: Map<AgentRole, number> = new Map([
+  [AgentRole.VIEWER, 0],
+  [AgentRole.AGENT, 1],
+  [AgentRole.ADMIN, 2],
+  [AgentRole.OWNER, 3],
+  [AgentRole.SERVICE_ACCOUNT, -1],
+  [AgentRole.UNKNOWN, UNKNOWN_ORDINAL],
+]);
+
+export function lookupAgentRoleOrdinal(role: string): number {
+  return agentRoleOrdinalMap.get(lookupAgentRole(role)) || UNKNOWN_ORDINAL;
+}

package/src/dto/enums/index.ts

@@ -1,3 +1,4 @@
+export * from './agent.role';
 export * from './agent.status';
 export * from './connector.status';
 export * from './finding.severity';

package/src/dto/index.ts

@@ -6,6 +6,7 @@ export * from './enum.dto';
 export * from './enums';
 export * from './extKeyMap.dto';
 export * from './findings.dto';
+export * from './jwt';
 export * from './message.dto';
 export * from './page.dto';
 export * from './platform';

package/src/dto/jwt.ts

@@ -0,0 +1,20 @@
+export type AmpJwtToken = {
+  /** Constant for now but might change in the future. */
+  iss: 'amp-platform-api';
+  /** UNIX timestamp, i.e. seconds	since January 1, 1970 */
+  exp: number;
+  /** Single tenant ID for scoping requests */
+  tid: string;
+  /** DB PK for authenticated Agent/End User */
+  sub: string;
+  /** Display value for subject. Falls back to email.  */
+  name: string;
+  /** Single role defining Amplifier User Personas */
+  role: string;
+  /** Enables fine grain access controls to actions/data. Defined by ORG admin or SCIM. */
+  group: string[];
+  /** Feature flags and other permissions. Defined by Amplifier Platform. */
+  entitlement: string[];
+  /** OAuth scopes to limit ability of token, e.g. READ_ONLY service accounts. Might overlap too much with `group` field. */
+  scope: string[];
+};

package/src/dto/reportResults.dto.ts

@@ -133,6 +133,8 @@ export type ReportResultUpsertDto = BaseUpsertDto & {
   uid?: string;
   /** Department */
   department?: string | null;
+  /** Organization */
+  organization?: string | null;
   /** Timestamp the report result was generated in ISO8601 format */
   ts: string;
   /** The results generated for the given report */