@axinom/mosaic-cli 0.27.0-rc.6 → 0.27.0-rc.7

package/dist/cli/index.js

@@ -12,6 +12,7 @@ const msg_codegen_1 = require("../commands/msg-codegen");
 const msg_diff_1 = require("../commands/msg-diff");
 const pg_dump_1 = require("../commands/pg-dump");
 const publish_schema_to_db_1 = require("../commands/publish-schema-to-db");
+const service_1 = require("../commands/service");
 const unpublish_pilet_1 = require("../commands/unpublish-pilet");
 const run = () => tslib_1.__awaiter(void 0, void 0, void 0, function* () {
     yargs
@@ -26,7 +27,8 @@ const run = () => tslib_1.__awaiter(void 0, void 0, void 0, function* () {
         .command(create_extension_config_1.createExtensionConfigCommand)
         .command(graphql_diff_1.graphqlDiff)
         .command(hosting_1.hosting)
-        .command(unpublish_pilet_1.unpublishPilet);
+        .command(unpublish_pilet_1.unpublishPilet)
+        .command(service_1.service);
     //adding cli extensions:
     yield Promise.all((0, create_extension_config_1.getExtensions)().map((library) => tslib_1.__awaiter(void 0, void 0, void 0, function* () {
         try {

package/dist/cli/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":";;;;AAAA,+BAA+B;AAC/B,iEAA6D;AAC7D,iFAG6C;AAC7C,mEAA8D;AAC9D,2DAAuD;AACvD,iDAA8C;AAC9C,yDAAqD;AACrD,mDAA+C;AAC/C,iDAA6C;AAC7C,2EAAqE;AACrE,iEAA6D;AAEtD,MAAM,GAAG,GAAG,GAAwB,EAAE;IAC3C,KAAK;SACF,UAAU,CAAC,QAAQ,CAAC;SACpB,GAAG,EAAE;SACL,OAAO,CAAC,gCAAc,CAAC;SACvB,OAAO,CAAC,iCAAc,CAAC;SACvB,OAAO,CAAC,wCAAiB,CAAC;SAC1B,OAAO,CAAC,gBAAM,CAAC;SACf,OAAO,CAAC,wBAAU,CAAC;SACnB,OAAO,CAAC,kBAAO,CAAC;SAChB,OAAO,CAAC,sDAA4B,CAAC;SACrC,OAAO,CAAC,0BAAW,CAAC;SACpB,OAAO,CAAC,iBAAO,CAAC;SAChB,OAAO,CAAC,gCAAc,CAAC,CAAC;IAE3B,wBAAwB;IACxB,MAAM,OAAO,CAAC,GAAG,CACf,IAAA,uCAAa,GAAE,CAAC,GAAG,CAAC,CAAO,OAAO,EAAE,EAAE;QACpC,IAAI;YACF,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC;YAC/C,IAAI,YAAY,EAAE;gBAChB,YAAY,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;oBACzB,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACrB,CAAC,CAAC,CAAC;aACJ;SACF;QAAC,OAAO,KAAK,EAAE;YACd,gEAAgE;SACjE;IACH,CAAC,CAAA,CAAC,CACH,CAAC;IAEF,KAAK;SACF,aAAa,EAAE;SACf,IAAI,EAAE;SACN,MAAM,CAAC,wDAAwD,CAAC,CAAC,IAAI,CAAC;AAC3E,CAAC,CAAA,CAAC;AAnCW,QAAA,GAAG,OAmCd"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":";;;;AAAA,+BAA+B;AAC/B,iEAA6D;AAC7D,iFAG6C;AAC7C,mEAA8D;AAC9D,2DAAuD;AACvD,iDAA8C;AAC9C,yDAAqD;AACrD,mDAA+C;AAC/C,iDAA6C;AAC7C,2EAAqE;AACrE,iDAA8C;AAC9C,iEAA6D;AAEtD,MAAM,GAAG,GAAG,GAAwB,EAAE;IAC3C,KAAK;SACF,UAAU,CAAC,QAAQ,CAAC;SACpB,GAAG,EAAE;SACL,OAAO,CAAC,gCAAc,CAAC;SACvB,OAAO,CAAC,iCAAc,CAAC;SACvB,OAAO,CAAC,wCAAiB,CAAC;SAC1B,OAAO,CAAC,gBAAM,CAAC;SACf,OAAO,CAAC,wBAAU,CAAC;SACnB,OAAO,CAAC,kBAAO,CAAC;SAChB,OAAO,CAAC,sDAA4B,CAAC;SACrC,OAAO,CAAC,0BAAW,CAAC;SACpB,OAAO,CAAC,iBAAO,CAAC;SAChB,OAAO,CAAC,gCAAc,CAAC;SACvB,OAAO,CAAC,iBAAO,CAAC,CAAC;IAEpB,wBAAwB;IACxB,MAAM,OAAO,CAAC,GAAG,CACf,IAAA,uCAAa,GAAE,CAAC,GAAG,CAAC,CAAO,OAAO,EAAE,EAAE;QACpC,IAAI;YACF,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC;YAC/C,IAAI,YAAY,EAAE;gBAChB,YAAY,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;oBACzB,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACrB,CAAC,CAAC,CAAC;aACJ;SACF;QAAC,OAAO,KAAK,EAAE;YACd,gEAAgE;SACjE;IACH,CAAC,CAAA,CAAC,CACH,CAAC;IAEF,KAAK;SACF,aAAa,EAAE;SACf,IAAI,EAAE;SACN,MAAM,CAAC,wDAAwD,CAAC,CAAC,IAAI,CAAC;AAC3E,CAAC,CAAA,CAAC;AApCW,QAAA,GAAG,OAoCd"}

package/dist/commands/service/index.d.ts

@@ -0,0 +1,2 @@
+import { CommandModule } from 'yargs';
+export declare const service: CommandModule<unknown, unknown>;

package/dist/commands/service/index.js

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.service = void 0;
+const tslib_1 = require("tslib");
+const chalk_1 = require("chalk");
+const sync_permissions_1 = require("./sync-permissions");
+exports.service = {
+    command: 'service',
+    describe: 'General commands related to Mosaic services.',
+    builder: (yargs) => yargs
+        .command('sync-permissions', 'Synchronize permissions for a given service with ID Service.', syncPermissions)
+        .demandCommand(),
+    handler: (_args) => {
+        console.log('Please pick a sub command related to Mosaic services.');
+    },
+};
+const syncPermissions = {
+    builder: (yargs) => {
+        return yargs
+            .option('serviceId', {
+            describe: 'Service ID the permissions should be synchronized to. If no value is explicity given, environment variable SERVICE_ID will be used.',
+            alias: 'i',
+            string: true,
+        })
+            .option('idServiceAuthBaseURL', {
+            describe: 'ID Service Authentication Endpoint Base URL. If no value is explicity given, environment variable ID_SERVICE_AUTH_BASE_URL will be used.',
+            alias: 'a',
+            string: true,
+        })
+            .option('permissionDefinitionJsonPath', {
+            describe: 'Path to permission-definition.json file. The default location is src/generated/security/permission-definition.json',
+            alias: 'p',
+            string: true,
+        })
+            .option('clientId', {
+            describe: 'Client ID of a Service Account which has Synchronize Permission permission assigned. If no value is explicity given, environment variable SERVICE_ACCOUNT_CLIENT_ID will be used.',
+            alias: 'c',
+            string: true,
+        })
+            .option('clientSecret', {
+            describe: 'Client Secret for the above Client ID. If no value is explicity given, environment variable SERVICE_ACCOUNT_CLIENT_SECRET will be used.',
+            alias: 's',
+            string: true,
+        });
+    },
+    handler: (args) => tslib_1.__awaiter(void 0, void 0, void 0, function* () {
+        const [validatedArgs, errorMessages] = (0, sync_permissions_1.validateArgs)(args);
+        if (errorMessages.length > 0) {
+            console.log((0, chalk_1.red)('Some required arguments are missing.'));
+            errorMessages.map((message) => {
+                console.log((0, chalk_1.yellow)(`${message}`));
+            });
+            console.log();
+        }
+        else {
+            yield (0, sync_permissions_1.synchronizePermissions)(validatedArgs);
+        }
+    }),
+};
+//# sourceMappingURL=index.js.map

package/dist/commands/service/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/commands/service/index.ts"],"names":[],"mappings":";;;;AAAA,iCAAoC;AAEpC,yDAA0E;AAG7D,QAAA,OAAO,GAAoC;IACtD,OAAO,EAAE,SAAS;IAClB,QAAQ,EAAE,8CAA8C;IACxD,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK;SACF,OAAO,CACN,kBAAkB,EAClB,8DAA8D,EAC9D,eAAe,CAChB;SACA,aAAa,EAAE;IACpB,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;QACjB,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;IACvE,CAAC;CACF,CAAC;AAEF,MAAM,eAAe,GAAsD;IACzE,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;QACjB,OAAO,KAAK;aACT,MAAM,CAAC,WAAW,EAAE;YACnB,QAAQ,EACN,qIAAqI;YACvI,KAAK,EAAE,GAAG;YACV,MAAM,EAAE,IAAI;SACb,CAAC;aACD,MAAM,CAAC,sBAAsB,EAAE;YAC9B,QAAQ,EACN,0IAA0I;YAC5I,KAAK,EAAE,GAAG;YACV,MAAM,EAAE,IAAI;SACb,CAAC;aACD,MAAM,CAAC,8BAA8B,EAAE;YACtC,QAAQ,EACN,oHAAoH;YACtH,KAAK,EAAE,GAAG;YACV,MAAM,EAAE,IAAI;SACb,CAAC;aACD,MAAM,CAAC,UAAU,EAAE;YAClB,QAAQ,EACN,mLAAmL;YACrL,KAAK,EAAE,GAAG;YACV,MAAM,EAAE,IAAI;SACb,CAAC;aACD,MAAM,CAAC,cAAc,EAAE;YACtB,QAAQ,EACN,yIAAyI;YAC3I,KAAK,EAAE,GAAG;YACV,MAAM,EAAE,IAAI;SACb,CAAC,CAAC;IACP,CAAC;IACD,OAAO,EAAE,CAAO,IAAI,EAAE,EAAE;QACtB,MAAM,CAAC,aAAa,EAAE,aAAa,CAAC,GAAG,IAAA,+BAAY,EAAC,IAAI,CAAC,CAAC;QAC1D,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE;YAC5B,OAAO,CAAC,GAAG,CAAC,IAAA,WAAG,EAAC,sCAAsC,CAAC,CAAC,CAAC;YACzD,aAAa,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;gBAC5B,OAAO,CAAC,GAAG,CAAC,IAAA,cAAM,EAAC,GAAG,OAAO,EAAE,CAAC,CAAC,CAAC;YACpC,CAAC,CAAC,CAAC;YAEH,OAAO,CAAC,GAAG,EAAE,CAAC;SACf;aAAM;YACL,MAAM,IAAA,yCAAsB,EAAC,aAAa,CAAC,CAAC;SAC7C;IACH,CAAC,CAAA;CACF,CAAC"}

package/dist/commands/service/sync-permissions-options.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Options to Synchronize Permissions
+ */
+export interface GetSyncPermissionsOptions {
+    serviceId?: string;
+    idServiceAuthBaseURL?: string;
+    permissionDefinitionJsonPath?: string;
+    clientId?: string;
+    clientSecret?: string;
+}

package/dist/commands/service/sync-permissions-options.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=sync-permissions-options.js.map

package/dist/commands/service/sync-permissions-options.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sync-permissions-options.js","sourceRoot":"","sources":["../../../src/commands/service/sync-permissions-options.ts"],"names":[],"mappings":""}

package/dist/commands/service/sync-permissions.d.ts

@@ -0,0 +1,3 @@
+import { GetSyncPermissionsOptions } from './sync-permissions-options';
+export declare const validateArgs: (args: GetSyncPermissionsOptions) => [Required<GetSyncPermissionsOptions>, string[]];
+export declare const synchronizePermissions: (args: Required<GetSyncPermissionsOptions>) => Promise<void>;

package/dist/commands/service/sync-permissions.js

@@ -0,0 +1,65 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.synchronizePermissions = exports.validateArgs = void 0;
+const tslib_1 = require("tslib");
+const mosaic_id_link_be_1 = require("@axinom/mosaic-id-link-be");
+const mosaic_service_common_1 = require("@axinom/mosaic-service-common");
+const chalk_1 = require("chalk");
+const fs = require("fs");
+const validateArgs = (args) => {
+    var _a, _b, _c, _d, _e, _f, _g, _h, _j;
+    const errorMessages = [];
+    const serviceId = (_b = (_a = args.serviceId) !== null && _a !== void 0 ? _a : process.env.SERVICE_ID) !== null && _b !== void 0 ? _b : '';
+    const idServiceAuthBaseURL = (_d = (_c = args.idServiceAuthBaseURL) !== null && _c !== void 0 ? _c : process.env.ID_SERVICE_AUTH_BASE_URL) !== null && _d !== void 0 ? _d : '';
+    const permissionDefinitionJsonPath = (_e = args.permissionDefinitionJsonPath) !== null && _e !== void 0 ? _e : `./src/generated/security/permission-definition.json`;
+    const clientId = (_g = (_f = args.clientId) !== null && _f !== void 0 ? _f : process.env.SERVICE_ACCOUNT_CLIENT_ID) !== null && _g !== void 0 ? _g : '';
+    const clientSecret = (_j = (_h = args.clientSecret) !== null && _h !== void 0 ? _h : process.env.SERVICE_ACCOUNT_CLIENT_SECRET) !== null && _j !== void 0 ? _j : '';
+    if ((0, mosaic_service_common_1.isNullOrWhitespace)(serviceId)) {
+        errorMessages.push('[serviceId] is required.');
+    }
+    else if (serviceId.startsWith('ax-')) {
+        errorMessages.push(`[serviceId] cannot start with ax-`);
+    }
+    if ((0, mosaic_service_common_1.isNullOrWhitespace)(idServiceAuthBaseURL)) {
+        errorMessages.push('[idServiceBaseURL] is required.');
+    }
+    if ((0, mosaic_service_common_1.isNullOrWhitespace)(clientId)) {
+        errorMessages.push('[clientId] is required.');
+    }
+    if ((0, mosaic_service_common_1.isNullOrWhitespace)(clientSecret)) {
+        errorMessages.push('[clientSecret] is required.');
+    }
+    return [
+        {
+            serviceId,
+            idServiceAuthBaseURL,
+            permissionDefinitionJsonPath,
+            clientId,
+            clientSecret,
+        },
+        errorMessages,
+    ];
+};
+exports.validateArgs = validateArgs;
+const synchronizePermissions = (args) => tslib_1.__awaiter(void 0, void 0, void 0, function* () {
+    try {
+        const serviceAccountToken = yield (0, mosaic_id_link_be_1.getServiceAccountToken)(args.idServiceAuthBaseURL, args.clientId, args.clientSecret);
+        console.log((0, chalk_1.yellow)(`Reading permissions from ${args.permissionDefinitionJsonPath}`));
+        const permissionDefinition = JSON.parse(fs.readFileSync(args.permissionDefinitionJsonPath, 'utf-8'));
+        if (permissionDefinition === undefined ||
+            permissionDefinition.permissions.length === 0) {
+            console.log((0, chalk_1.yellow)(`No Permission Definition found in ${args.permissionDefinitionJsonPath}. Cannot proceed with permission synchronization.`));
+            return;
+        }
+        const permissionSyncResults = yield (0, mosaic_id_link_be_1.synchronizePermissions)(args.idServiceAuthBaseURL, serviceAccountToken.accessToken, args.serviceId, permissionDefinition);
+        console.log((0, chalk_1.green)(`Permissions synchronized successfully for Service [${args.serviceId}].`));
+        console.log((0, chalk_1.green)(JSON.stringify(permissionSyncResults, null, 2)));
+    }
+    catch (error) {
+        (0, mosaic_service_common_1.assertError)(error);
+        console.log((0, chalk_1.red)(`Error while performing permission synchronization for Service ID [${args.serviceId}].`));
+        console.log((0, chalk_1.red)(JSON.stringify(error.message)));
+    }
+});
+exports.synchronizePermissions = synchronizePermissions;
+//# sourceMappingURL=sync-permissions.js.map

package/dist/commands/service/sync-permissions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sync-permissions.js","sourceRoot":"","sources":["../../../src/commands/service/sync-permissions.ts"],"names":[],"mappings":";;;;AAAA,iEAGmC;AAEnC,yEAAgF;AAChF,iCAA2C;AAC3C,yBAAyB;AAGlB,MAAM,YAAY,GAAG,CAC1B,IAA+B,EACkB,EAAE;;IACnD,MAAM,aAAa,GAAa,EAAE,CAAC;IAEnC,MAAM,SAAS,GAAG,MAAA,MAAA,IAAI,CAAC,SAAS,mCAAI,OAAO,CAAC,GAAG,CAAC,UAAU,mCAAI,EAAE,CAAC;IAEjE,MAAM,oBAAoB,GACxB,MAAA,MAAA,IAAI,CAAC,oBAAoB,mCAAI,OAAO,CAAC,GAAG,CAAC,wBAAwB,mCAAI,EAAE,CAAC;IAC1E,MAAM,4BAA4B,GAChC,MAAA,IAAI,CAAC,4BAA4B,mCACjC,qDAAqD,CAAC;IACxD,MAAM,QAAQ,GAAG,MAAA,MAAA,IAAI,CAAC,QAAQ,mCAAI,OAAO,CAAC,GAAG,CAAC,yBAAyB,mCAAI,EAAE,CAAC;IAC9E,MAAM,YAAY,GAChB,MAAA,MAAA,IAAI,CAAC,YAAY,mCAAI,OAAO,CAAC,GAAG,CAAC,6BAA6B,mCAAI,EAAE,CAAC;IAEvE,IAAI,IAAA,0CAAkB,EAAC,SAAS,CAAC,EAAE;QACjC,aAAa,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;KAChD;SAAM,IAAI,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE;QACtC,aAAa,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;KACzD;IACD,IAAI,IAAA,0CAAkB,EAAC,oBAAoB,CAAC,EAAE;QAC5C,aAAa,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;KACvD;IACD,IAAI,IAAA,0CAAkB,EAAC,QAAQ,CAAC,EAAE;QAChC,aAAa,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;KAC/C;IACD,IAAI,IAAA,0CAAkB,EAAC,YAAY,CAAC,EAAE;QACpC,aAAa,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;KACnD;IAED,OAAO;QACL;YACE,SAAS;YACT,oBAAoB;YACpB,4BAA4B;YAC5B,QAAQ;YACR,YAAY;SACb;QACD,aAAa;KACd,CAAC;AACJ,CAAC,CAAC;AAzCW,QAAA,YAAY,gBAyCvB;AAEK,MAAM,sBAAsB,GAAG,CACpC,IAAyC,EAC1B,EAAE;IACjB,IAAI;QACF,MAAM,mBAAmB,GAAG,MAAM,IAAA,0CAAsB,EACtD,IAAI,CAAC,oBAAoB,EACzB,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,YAAY,CAClB,CAAC;QAEF,OAAO,CAAC,GAAG,CACT,IAAA,cAAM,EAAC,4BAA4B,IAAI,CAAC,4BAA4B,EAAE,CAAC,CACxE,CAAC;QAEF,MAAM,oBAAoB,GAAyB,IAAI,CAAC,KAAK,CAC3D,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,4BAA4B,EAAE,OAAO,CAAC,CAC5D,CAAC;QAEF,IACE,oBAAoB,KAAK,SAAS;YAClC,oBAAoB,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAC7C;YACA,OAAO,CAAC,GAAG,CACT,IAAA,cAAM,EACJ,qCAAqC,IAAI,CAAC,4BAA4B,mDAAmD,CAC1H,CACF,CAAC;YACF,OAAO;SACR;QAED,MAAM,qBAAqB,GAAG,MAAM,IAAA,0CAAwB,EAC1D,IAAI,CAAC,oBAAoB,EACzB,mBAAmB,CAAC,WAAW,EAC/B,IAAI,CAAC,SAAS,EACd,oBAAoB,CACrB,CAAC;QAEF,OAAO,CAAC,GAAG,CACT,IAAA,aAAK,EACH,sDAAsD,IAAI,CAAC,SAAS,IAAI,CACzE,CACF,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,IAAA,aAAK,EAAC,IAAI,CAAC,SAAS,CAAC,qBAAqB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;KACpE;IAAC,OAAO,KAAK,EAAE;QACd,IAAA,mCAAW,EAAC,KAAK,CAAC,CAAC;QACnB,OAAO,CAAC,GAAG,CACT,IAAA,WAAG,EACD,qEAAqE,IAAI,CAAC,SAAS,IAAI,CACxF,CACF,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,IAAA,WAAG,EAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;KACjD;AACH,CAAC,CAAA,CAAC;AApDW,QAAA,sBAAsB,0BAoDjC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@axinom/mosaic-cli",
-  "version": "0.27.0-rc.6",
+  "version": "0.27.0-rc.7",
   "description": "The Axinom Mosaic CLI",
   "author": "Axinom",
   "license": "PROPRIETARY",
@@ -33,8 +33,8 @@
     "@asyncapi/diff": "^0.4.1",
     "@asyncapi/modelina": "^1.8.4",
     "@asyncapi/parser": "^2.0.2",
-    "@axinom/mosaic-id-link-be": "^0.15.0-rc.6",
-    "@axinom/mosaic-service-common": "^0.43.0-rc.6",
+    "@axinom/mosaic-id-link-be": "^0.15.0-rc.7",
+    "@axinom/mosaic-service-common": "^0.43.0-rc.7",
     "@graphql-inspector/core": "^3.1.2",
     "@stoplight/spectral-core": "^1.18.3",
     "@stoplight/spectral-parsers": "^1.0.3",
@@ -70,5 +70,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "ca05604aba530bf74ad298b542b6fd1596f839c2"
+  "gitHead": "24ecd6ea27bdbd59e67064ce7ecd778997bbb89c"
 }

package/src/cli/index.ts

@@ -11,6 +11,7 @@ import { msgCodegen } from '../commands/msg-codegen';
 import { msgDiff } from '../commands/msg-diff';
 import { pgDump } from '../commands/pg-dump';
 import { publishSchemaToDb } from '../commands/publish-schema-to-db';
+import { service } from '../commands/service';
 import { unpublishPilet } from '../commands/unpublish-pilet';
 
 export const run = async (): Promise<void> => {
@@ -26,7 +27,8 @@ export const run = async (): Promise<void> => {
     .command(createExtensionConfigCommand)
     .command(graphqlDiff)
     .command(hosting)
-    .command(unpublishPilet);
+    .command(unpublishPilet)
+    .command(service);
 
   //adding cli extensions:
   await Promise.all(

package/src/commands/service/index.ts

@@ -0,0 +1,69 @@
+import { red, yellow } from 'chalk';
+import { CommandModule } from 'yargs';
+import { synchronizePermissions, validateArgs } from './sync-permissions';
+import { GetSyncPermissionsOptions } from './sync-permissions-options';
+
+export const service: CommandModule<unknown, unknown> = {
+  command: 'service',
+  describe: 'General commands related to Mosaic services.',
+  builder: (yargs) =>
+    yargs
+      .command(
+        'sync-permissions',
+        'Synchronize permissions for a given service with ID Service.',
+        syncPermissions,
+      )
+      .demandCommand(),
+  handler: (_args) => {
+    console.log('Please pick a sub command related to Mosaic services.');
+  },
+};
+
+const syncPermissions: CommandModule<unknown, GetSyncPermissionsOptions> = {
+  builder: (yargs) => {
+    return yargs
+      .option('serviceId', {
+        describe:
+          'Service ID the permissions should be synchronized to. If no value is explicity given, environment variable SERVICE_ID will be used.',
+        alias: 'i',
+        string: true,
+      })
+      .option('idServiceAuthBaseURL', {
+        describe:
+          'ID Service Authentication Endpoint Base URL. If no value is explicity given, environment variable ID_SERVICE_AUTH_BASE_URL will be used.',
+        alias: 'a',
+        string: true,
+      })
+      .option('permissionDefinitionJsonPath', {
+        describe:
+          'Path to permission-definition.json file. The default location is src/generated/security/permission-definition.json',
+        alias: 'p',
+        string: true,
+      })
+      .option('clientId', {
+        describe:
+          'Client ID of a Service Account which has Synchronize Permission permission assigned. If no value is explicity given, environment variable SERVICE_ACCOUNT_CLIENT_ID will be used.',
+        alias: 'c',
+        string: true,
+      })
+      .option('clientSecret', {
+        describe:
+          'Client Secret for the above Client ID. If no value is explicity given, environment variable SERVICE_ACCOUNT_CLIENT_SECRET will be used.',
+        alias: 's',
+        string: true,
+      });
+  },
+  handler: async (args) => {
+    const [validatedArgs, errorMessages] = validateArgs(args);
+    if (errorMessages.length > 0) {
+      console.log(red('Some required arguments are missing.'));
+      errorMessages.map((message) => {
+        console.log(yellow(`${message}`));
+      });
+
+      console.log();
+    } else {
+      await synchronizePermissions(validatedArgs);
+    }
+  },
+};

package/src/commands/service/sync-permissions-options.ts

@@ -0,0 +1,10 @@
+/**
+ * Options to Synchronize Permissions
+ */
+export interface GetSyncPermissionsOptions {
+  serviceId?: string;
+  idServiceAuthBaseURL?: string;
+  permissionDefinitionJsonPath?: string;
+  clientId?: string;
+  clientSecret?: string;
+}

package/src/commands/service/sync-permissions.ts

@@ -0,0 +1,106 @@
+import {
+  getServiceAccountToken,
+  synchronizePermissions as synchronizePermissionsBe,
+} from '@axinom/mosaic-id-link-be';
+import { PermissionDefinition } from '@axinom/mosaic-id-utils';
+import { assertError, isNullOrWhitespace } from '@axinom/mosaic-service-common';
+import { green, red, yellow } from 'chalk';
+import * as fs from 'fs';
+import { GetSyncPermissionsOptions } from './sync-permissions-options';
+
+export const validateArgs = (
+  args: GetSyncPermissionsOptions,
+): [Required<GetSyncPermissionsOptions>, string[]] => {
+  const errorMessages: string[] = [];
+
+  const serviceId = args.serviceId ?? process.env.SERVICE_ID ?? '';
+
+  const idServiceAuthBaseURL =
+    args.idServiceAuthBaseURL ?? process.env.ID_SERVICE_AUTH_BASE_URL ?? '';
+  const permissionDefinitionJsonPath =
+    args.permissionDefinitionJsonPath ??
+    `./src/generated/security/permission-definition.json`;
+  const clientId = args.clientId ?? process.env.SERVICE_ACCOUNT_CLIENT_ID ?? '';
+  const clientSecret =
+    args.clientSecret ?? process.env.SERVICE_ACCOUNT_CLIENT_SECRET ?? '';
+
+  if (isNullOrWhitespace(serviceId)) {
+    errorMessages.push('[serviceId] is required.');
+  } else if (serviceId.startsWith('ax-')) {
+    errorMessages.push(`[serviceId] cannot start with ax-`);
+  }
+  if (isNullOrWhitespace(idServiceAuthBaseURL)) {
+    errorMessages.push('[idServiceBaseURL] is required.');
+  }
+  if (isNullOrWhitespace(clientId)) {
+    errorMessages.push('[clientId] is required.');
+  }
+  if (isNullOrWhitespace(clientSecret)) {
+    errorMessages.push('[clientSecret] is required.');
+  }
+
+  return [
+    {
+      serviceId,
+      idServiceAuthBaseURL,
+      permissionDefinitionJsonPath,
+      clientId,
+      clientSecret,
+    },
+    errorMessages,
+  ];
+};
+
+export const synchronizePermissions = async (
+  args: Required<GetSyncPermissionsOptions>,
+): Promise<void> => {
+  try {
+    const serviceAccountToken = await getServiceAccountToken(
+      args.idServiceAuthBaseURL,
+      args.clientId,
+      args.clientSecret,
+    );
+
+    console.log(
+      yellow(`Reading permissions from ${args.permissionDefinitionJsonPath}`),
+    );
+
+    const permissionDefinition: PermissionDefinition = JSON.parse(
+      fs.readFileSync(args.permissionDefinitionJsonPath, 'utf-8'),
+    );
+
+    if (
+      permissionDefinition === undefined ||
+      permissionDefinition.permissions.length === 0
+    ) {
+      console.log(
+        yellow(
+          `No Permission Definition found in ${args.permissionDefinitionJsonPath}. Cannot proceed with permission synchronization.`,
+        ),
+      );
+      return;
+    }
+
+    const permissionSyncResults = await synchronizePermissionsBe(
+      args.idServiceAuthBaseURL,
+      serviceAccountToken.accessToken,
+      args.serviceId,
+      permissionDefinition,
+    );
+
+    console.log(
+      green(
+        `Permissions synchronized successfully for Service [${args.serviceId}].`,
+      ),
+    );
+    console.log(green(JSON.stringify(permissionSyncResults, null, 2)));
+  } catch (error) {
+    assertError(error);
+    console.log(
+      red(
+        `Error while performing permission synchronization for Service ID [${args.serviceId}].`,
+      ),
+    );
+    console.log(red(JSON.stringify(error.message)));
+  }
+};