@backstage-community/plugin-rbac-backend 5.2.3

package/dist/file-permissions/csv-file-watcher.cjs.js

@@ -0,0 +1,407 @@
+'use strict';
+
+var casbin = require('casbin');
+var sync = require('csv-parse/sync');
+var lodash = require('lodash');
+var auditLogger = require('../audit-log/audit-logger.cjs.js');
+var helper = require('../helper.cjs.js');
+var permissionModel = require('../service/permission-model.cjs.js');
+var policiesValidation = require('../validation/policies-validation.cjs.js');
+var fileWatcher = require('./file-watcher.cjs.js');
+
+const CSV_PERMISSION_POLICY_FILE_AUTHOR = "csv permission policy file";
+class CSVFileWatcher extends fileWatcher.AbstractFileWatcher {
+  constructor(filePath, allowReload, logger, enforcer, roleMetadataStorage, auditLogger) {
+    super(filePath, allowReload, logger);
+    this.enforcer = enforcer;
+    this.roleMetadataStorage = roleMetadataStorage;
+    this.auditLogger = auditLogger;
+    this.currentContent = [];
+    this.csvFilePolicies = {
+      addedPolicies: [],
+      addedGroupPolicies: [],
+      removedPolicies: [],
+      removedGroupPolicies: []
+    };
+  }
+  currentContent;
+  csvFilePolicies;
+  /**
+   * parse is used to parse the current contents of the CSV file.
+   * @returns The CSV file parsed into a string[][].
+   */
+  parse() {
+    const content = this.getCurrentContents();
+    const parser = sync.parse(content, {
+      skip_empty_lines: true,
+      relax_column_count: true,
+      trim: true
+    });
+    return parser;
+  }
+  /**
+   * initialize will initialize the CSV file by loading all of the permission policies and roles into
+   * the enforcer.
+   * First, we will remove all roles and permission policies if they do not exist in the temporary file enforcer.
+   * Next, we will add all roles and permission polices if they are new to the CSV file
+   * Finally, we will set the file to be watched if allow reload is set
+   * @param csvFileName The name of the csvFile
+   * @param allowReload Whether or not we will allow reloads of the CSV file
+   */
+  async initialize() {
+    if (!this.filePath) {
+      return;
+    }
+    let content = [];
+    content = this.parse();
+    const tempEnforcer = await casbin.newEnforcer(
+      casbin.newModelFromString(permissionModel.MODEL),
+      new casbin.FileAdapter(this.filePath)
+    );
+    const roleMetadatas = await this.roleMetadataStorage.filterRoleMetadata(
+      "csv-file"
+    );
+    const fileRoles = roleMetadatas.map((meta) => meta.roleEntityRef);
+    if (fileRoles.length > 0) {
+      const groupingPoliciesToRemove = await this.enforcer.getFilteredGroupingPolicy(1, ...fileRoles);
+      for (const gPolicy of groupingPoliciesToRemove) {
+        if (!await tempEnforcer.hasGroupingPolicy(...gPolicy)) {
+          this.csvFilePolicies.removedGroupPolicies.push(gPolicy);
+        }
+      }
+      const policiesToRemove = await this.enforcer.getFilteredPolicy(
+        0,
+        ...fileRoles
+      );
+      for (const policy of policiesToRemove) {
+        if (!await tempEnforcer.hasPolicy(...policy)) {
+          this.csvFilePolicies.removedPolicies.push(policy);
+        }
+      }
+    }
+    const policiesToAdd = await tempEnforcer.getPolicy();
+    const groupPoliciesToAdd = await tempEnforcer.getGroupingPolicy();
+    for (const policy of policiesToAdd) {
+      if (!await this.enforcer.hasPolicy(...policy)) {
+        this.csvFilePolicies.addedPolicies.push(policy);
+      }
+    }
+    for (const groupPolicy of groupPoliciesToAdd) {
+      if (!await this.enforcer.hasGroupingPolicy(...groupPolicy)) {
+        this.csvFilePolicies.addedGroupPolicies.push(groupPolicy);
+      }
+    }
+    await this.migrateLegacyMetadata(tempEnforcer);
+    await this.updatePolicies(content, tempEnforcer);
+    if (this.allowReload) {
+      this.watchFile();
+    }
+  }
+  // Check for policies that might need to be updated
+  // This will involve update "legacy" source in the role metadata if it exist in both the
+  // temp enforcer (csv file) and a role metadata storage.
+  // We will update role metadata with the new source "csv-file"
+  async migrateLegacyMetadata(tempEnforcer) {
+    let legacyRolesMetadata = await this.roleMetadataStorage.filterRoleMetadata(
+      "legacy"
+    );
+    const legacyRoles = legacyRolesMetadata.map((meta) => meta.roleEntityRef);
+    if (legacyRoles.length > 0) {
+      const legacyGroupPolicies = await tempEnforcer.getFilteredGroupingPolicy(
+        1,
+        ...legacyRoles
+      );
+      const legacyPolicies = await tempEnforcer.getFilteredPolicy(
+        0,
+        ...legacyRoles
+      );
+      const legacyRolesFromFile = /* @__PURE__ */ new Set([
+        ...legacyGroupPolicies.map((gp) => gp[1]),
+        ...legacyPolicies.map((p) => p[0])
+      ]);
+      legacyRolesMetadata = legacyRolesMetadata.filter(
+        (meta) => legacyRolesFromFile.has(meta.roleEntityRef)
+      );
+      for (const legacyRoleMeta of legacyRolesMetadata) {
+        const nonLegacyRole = helper.mergeRoleMetadata(legacyRoleMeta, {
+          modifiedBy: CSV_PERMISSION_POLICY_FILE_AUTHOR,
+          source: "csv-file",
+          roleEntityRef: legacyRoleMeta.roleEntityRef
+        });
+        await this.roleMetadataStorage.updateRoleMetadata(
+          nonLegacyRole,
+          legacyRoleMeta.roleEntityRef
+        );
+      }
+    }
+  }
+  /**
+   * onChange is called whenever there is a change to the CSV file.
+   * It will parse the current and new contents of the CSV file and process the roles and permission policies present.
+   * Afterwards, it will find the difference between the current and new contents of the CSV file
+   * and sort them into added / removed, permission policies / roles.
+   * It will finally call updatePolicies with the new content.
+   */
+  async onChange() {
+    const newContent = this.parse();
+    const tempEnforcer = await casbin.newEnforcer(
+      casbin.newModelFromString(permissionModel.MODEL),
+      new casbin.FileAdapter(this.filePath)
+    );
+    const currentFlatContent = this.currentContent.flatMap((data) => {
+      return helper.policyToString(data);
+    });
+    const newFlatContent = newContent.flatMap((data) => {
+      return helper.policyToString(data);
+    });
+    const diffRemoved = lodash.difference(currentFlatContent, newFlatContent);
+    const diffAdded = lodash.difference(newFlatContent, currentFlatContent);
+    await this.migrateLegacyMetadata(tempEnforcer);
+    if (diffRemoved.length === 0 && diffAdded.length === 0) {
+      return;
+    }
+    diffRemoved.forEach((policy) => {
+      const convertedPolicy = helper.metadataStringToPolicy(policy);
+      if (convertedPolicy[0] === "p") {
+        convertedPolicy.splice(0, 1);
+        this.csvFilePolicies.removedPolicies.push(convertedPolicy);
+      } else if (convertedPolicy[0] === "g") {
+        convertedPolicy.splice(0, 1);
+        this.csvFilePolicies.removedGroupPolicies.push(convertedPolicy);
+      }
+    });
+    diffAdded.forEach((policy) => {
+      const convertedPolicy = helper.metadataStringToPolicy(policy);
+      if (convertedPolicy[0] === "p") {
+        convertedPolicy.splice(0, 1);
+        this.csvFilePolicies.addedPolicies.push(convertedPolicy);
+      } else if (convertedPolicy[0] === "g") {
+        convertedPolicy.splice(0, 1);
+        this.csvFilePolicies.addedGroupPolicies.push(convertedPolicy);
+      }
+    });
+    await this.updatePolicies(newContent, tempEnforcer);
+  }
+  /**
+   * updatePolicies is used to update all of the permission policies and roles within a CSV file.
+   * It will check the number of added and removed permissions policies and roles and call the appropriate
+   * methods for these.
+   * It will also update the current contents of the CSV file to the most recent
+   * @param newContent The new content present in the CSV file
+   * @param tempEnforcer Temporary enforcer for checking for duplicates when adding policies
+   */
+  async updatePolicies(newContent, tempEnforcer) {
+    this.currentContent = newContent;
+    if (this.csvFilePolicies.addedPolicies.length > 0)
+      await this.addPermissionPolicies(tempEnforcer);
+    if (this.csvFilePolicies.removedPolicies.length > 0)
+      await this.removePermissionPolicies();
+    if (this.csvFilePolicies.addedGroupPolicies.length > 0)
+      await this.addRoles(tempEnforcer);
+    if (this.csvFilePolicies.removedGroupPolicies.length > 0)
+      await this.removeRoles();
+  }
+  /**
+   * addPermissionPolicies will add the new permission policies that are present in the CSV file.
+   * We will attempt to validate the permission policy and log any warnings that are encountered.
+   * If a warning is encountered, we will skip adding the permission policy to the enforcer.
+   * @param tempEnforcer Temporary enforcer for checking for duplicates when adding policies
+   */
+  async addPermissionPolicies(tempEnforcer) {
+    for (const policy of this.csvFilePolicies.addedPolicies) {
+      const transformedPolicy = helper.transformArrayToPolicy(policy);
+      const metadata = await this.roleMetadataStorage.findRoleMetadata(
+        policy[0]
+      );
+      let err = policiesValidation.validatePolicy(transformedPolicy);
+      if (err) {
+        this.logger.warn(
+          `Failed to validate policy from file ${this.filePath}. Cause: ${err.message}`
+        );
+        continue;
+      }
+      err = await policiesValidation.validateSource("csv-file", metadata);
+      if (err) {
+        this.logger.warn(
+          `Unable to add policy ${policy} from file ${this.filePath}. Cause: ${err.message}`
+        );
+        continue;
+      }
+      err = await policiesValidation.checkForDuplicatePolicies(
+        tempEnforcer,
+        policy,
+        this.filePath
+      );
+      if (err) {
+        this.logger.warn(err.message);
+        continue;
+      }
+      try {
+        await this.enforcer.addPolicy(policy);
+        await this.auditLogger.auditLog({
+          actorId: auditLogger.RBAC_BACKEND,
+          message: `Created policy`,
+          eventName: auditLogger.PermissionEvents.CREATE_POLICY,
+          metadata: { policies: [policy], source: "csv-file" },
+          stage: auditLogger.HANDLE_RBAC_DATA_STAGE,
+          status: "succeeded"
+        });
+      } catch (e) {
+        this.logger.warn(
+          `Failed to add or update policy ${policy} after modification ${this.filePath}. Cause: ${e}`
+        );
+      }
+    }
+    this.csvFilePolicies.addedPolicies = [];
+  }
+  /**
+   * removePermissionPolicies will remove the permission policies that are no longer present in the CSV file.
+   */
+  async removePermissionPolicies() {
+    try {
+      await this.enforcer.removePolicies(this.csvFilePolicies.removedPolicies);
+      await this.auditLogger.auditLog({
+        actorId: auditLogger.RBAC_BACKEND,
+        message: `Deleted policies`,
+        eventName: auditLogger.PermissionEvents.DELETE_POLICY,
+        metadata: {
+          policies: this.csvFilePolicies.removedPolicies,
+          source: "csv-file"
+        },
+        stage: auditLogger.HANDLE_RBAC_DATA_STAGE,
+        status: "succeeded"
+      });
+    } catch (e) {
+      this.logger.warn(
+        `Failed to remove policies ${JSON.stringify(
+          this.csvFilePolicies.removedPolicies
+        )} after modification ${this.filePath}. Cause: ${e}`
+      );
+    }
+    this.csvFilePolicies.removedPolicies = [];
+  }
+  /**
+   * addRoles will add the new roles that are present in the CSV file.
+   * We will attempt to validate the role and log any warnings that are encountered.
+   * If a warning is encountered, we will skip adding the role to the enforcer.
+   * @param tempEnforcer Temporary enforcer for checking for duplicates when adding policies
+   */
+  async addRoles(tempEnforcer) {
+    for (const groupPolicy of this.csvFilePolicies.addedGroupPolicies) {
+      let err = await policiesValidation.validateGroupingPolicy(
+        groupPolicy,
+        this.roleMetadataStorage,
+        "csv-file"
+      );
+      if (err) {
+        this.logger.warn(
+          `${err.message}, error originates from file ${this.filePath}`
+        );
+        continue;
+      }
+      err = await policiesValidation.checkForDuplicateGroupPolicies(
+        tempEnforcer,
+        groupPolicy,
+        this.filePath
+      );
+      if (err) {
+        this.logger.warn(err.message);
+        continue;
+      }
+      try {
+        const roleMetadata = {
+          source: "csv-file",
+          roleEntityRef: groupPolicy[1],
+          author: CSV_PERMISSION_POLICY_FILE_AUTHOR,
+          modifiedBy: CSV_PERMISSION_POLICY_FILE_AUTHOR
+        };
+        const currentMetadata = await this.roleMetadataStorage.findRoleMetadata(
+          roleMetadata.roleEntityRef
+        );
+        await this.enforcer.addGroupingPolicy(groupPolicy, roleMetadata);
+        const eventName = currentMetadata ? auditLogger.RoleEvents.UPDATE_ROLE : auditLogger.RoleEvents.CREATE_ROLE;
+        const message = currentMetadata ? "Updated role" : "Created role";
+        await this.auditLogger.auditLog({
+          actorId: auditLogger.RBAC_BACKEND,
+          message,
+          eventName,
+          metadata: { ...roleMetadata, members: [groupPolicy[0]] },
+          stage: auditLogger.HANDLE_RBAC_DATA_STAGE,
+          status: "succeeded"
+        });
+      } catch (e) {
+        this.logger.warn(
+          `Failed to add or update group policy ${groupPolicy} after modification ${this.filePath}. Cause: ${e}`
+        );
+      }
+    }
+    this.csvFilePolicies.addedGroupPolicies = [];
+  }
+  /**
+   * removeRoles will remove the roles that are no longer present in the CSV file.
+   * If the role exists with multiple groups and or users, we will update it role information.
+   * Otherwise, we will remove the role completely.
+   */
+  async removeRoles() {
+    for (const groupPolicy of this.csvFilePolicies.removedGroupPolicies) {
+      const roleEntityRef = groupPolicy[1];
+      const isUpdate = await this.enforcer.getFilteredGroupingPolicy(
+        1,
+        roleEntityRef
+      );
+      try {
+        const metadata = {
+          source: "csv-file",
+          roleEntityRef,
+          author: CSV_PERMISSION_POLICY_FILE_AUTHOR,
+          modifiedBy: CSV_PERMISSION_POLICY_FILE_AUTHOR
+        };
+        await this.enforcer.removeGroupingPolicy(
+          groupPolicy,
+          metadata,
+          isUpdate.length > 1
+        );
+        const isRolePresent = await this.roleMetadataStorage.findRoleMetadata(
+          roleEntityRef
+        );
+        const eventName = isRolePresent ? auditLogger.RoleEvents.UPDATE_ROLE : auditLogger.RoleEvents.DELETE_ROLE;
+        const message = isRolePresent ? "Updated role: deleted members" : "Deleted role";
+        await this.auditLogger.auditLog({
+          actorId: auditLogger.RBAC_BACKEND,
+          message,
+          eventName,
+          metadata: { ...metadata, members: [groupPolicy[0]] },
+          stage: auditLogger.HANDLE_RBAC_DATA_STAGE,
+          status: "succeeded"
+        });
+      } catch (e) {
+        this.logger.warn(
+          `Failed to remove group policy ${groupPolicy} after modification ${this.filePath}. Cause: ${e}`
+        );
+      }
+    }
+    this.csvFilePolicies.removedGroupPolicies = [];
+  }
+  async cleanUpRolesAndPolicies() {
+    const roleMetadatas = await this.roleMetadataStorage.filterRoleMetadata(
+      "csv-file"
+    );
+    const fileRoles = roleMetadatas.map((meta) => meta.roleEntityRef);
+    if (fileRoles.length > 0) {
+      for (const fileRole of fileRoles) {
+        this.csvFilePolicies.removedGroupPolicies.push(
+          ...await this.enforcer.getFilteredGroupingPolicy(1, fileRole)
+        );
+        this.csvFilePolicies.removedPolicies.push(
+          ...await this.enforcer.getFilteredPolicy(0, fileRole)
+        );
+      }
+    }
+    await this.removePermissionPolicies();
+    await this.removeRoles();
+  }
+}
+
+exports.CSVFileWatcher = CSVFileWatcher;
+exports.CSV_PERMISSION_POLICY_FILE_AUTHOR = CSV_PERMISSION_POLICY_FILE_AUTHOR;
+//# sourceMappingURL=csv-file-watcher.cjs.js.map

package/dist/file-permissions/csv-file-watcher.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"csv-file-watcher.cjs.js","sources":["../../src/file-permissions/csv-file-watcher.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport type { LoggerService } from '@backstage/backend-plugin-api';\n\nimport type { AuditLogger } from '@janus-idp/backstage-plugin-audit-log-node';\nimport { Enforcer, FileAdapter, newEnforcer, newModelFromString } from 'casbin';\nimport { parse } from 'csv-parse/sync';\nimport { difference } from 'lodash';\n\nimport {\n  HANDLE_RBAC_DATA_STAGE,\n  PermissionAuditInfo,\n  PermissionEvents,\n  RBAC_BACKEND,\n  RoleAuditInfo,\n  RoleEvents,\n} from '../audit-log/audit-logger';\nimport {\n  RoleMetadataDao,\n  RoleMetadataStorage,\n} from '../database/role-metadata';\nimport {\n  mergeRoleMetadata,\n  metadataStringToPolicy,\n  policyToString,\n  transformArrayToPolicy,\n} from '../helper';\nimport { EnforcerDelegate } from '../service/enforcer-delegate';\nimport { MODEL } from '../service/permission-model';\nimport {\n  checkForDuplicateGroupPolicies,\n  checkForDuplicatePolicies,\n  validateGroupingPolicy,\n  validatePolicy,\n  validateSource,\n} from '../validation/policies-validation';\nimport { AbstractFileWatcher } from './file-watcher';\n\nexport const CSV_PERMISSION_POLICY_FILE_AUTHOR = 'csv permission policy file';\n\ntype CSVFilePolicies = {\n  addedPolicies: string[][];\n  addedGroupPolicies: string[][];\n  removedPolicies: string[][];\n  removedGroupPolicies: string[][];\n};\n\nexport class CSVFileWatcher extends AbstractFileWatcher<string[][]> {\n  private currentContent: string[][];\n  private csvFilePolicies: CSVFilePolicies;\n\n  constructor(\n    filePath: string | undefined,\n    allowReload: boolean,\n    logger: LoggerService,\n    private readonly enforcer: EnforcerDelegate,\n    private readonly roleMetadataStorage: RoleMetadataStorage,\n    private readonly auditLogger: AuditLogger,\n  ) {\n    super(filePath, allowReload, logger);\n    this.currentContent = [];\n    this.csvFilePolicies = {\n      addedPolicies: [],\n      addedGroupPolicies: [],\n      removedPolicies: [],\n      removedGroupPolicies: [],\n    };\n  }\n\n  /**\n   * parse is used to parse the current contents of the CSV file.\n   * @returns The CSV file parsed into a string[][].\n   */\n  parse(): string[][] {\n    const content = this.getCurrentContents();\n    const parser = parse(content, {\n      skip_empty_lines: true,\n      relax_column_count: true,\n      trim: true,\n    });\n\n    return parser;\n  }\n\n  /**\n   * initialize will initialize the CSV file by loading all of the permission policies and roles into\n   * the enforcer.\n   * First, we will remove all roles and permission policies if they do not exist in the temporary file enforcer.\n   * Next, we will add all roles and permission polices if they are new to the CSV file\n   * Finally, we will set the file to be watched if allow reload is set\n   * @param csvFileName The name of the csvFile\n   * @param allowReload Whether or not we will allow reloads of the CSV file\n   */\n  async initialize(): Promise<void> {\n    if (!this.filePath) {\n      return;\n    }\n    let content: string[][] = [];\n    // If the file is set load the file contents\n    content = this.parse();\n\n    const tempEnforcer = await newEnforcer(\n      newModelFromString(MODEL),\n      new FileAdapter(this.filePath),\n    );\n\n    // Check for any old policies that will need to be removed by checking if\n    // the policy no longer exists in the temp enforcer (csv file)\n    const roleMetadatas = await this.roleMetadataStorage.filterRoleMetadata(\n      'csv-file',\n    );\n    const fileRoles = roleMetadatas.map(meta => meta.roleEntityRef);\n\n    if (fileRoles.length > 0) {\n      const groupingPoliciesToRemove =\n        await this.enforcer.getFilteredGroupingPolicy(1, ...fileRoles);\n      for (const gPolicy of groupingPoliciesToRemove) {\n        if (!(await tempEnforcer.hasGroupingPolicy(...gPolicy))) {\n          this.csvFilePolicies.removedGroupPolicies.push(gPolicy);\n        }\n      }\n      const policiesToRemove = await this.enforcer.getFilteredPolicy(\n        0,\n        ...fileRoles,\n      );\n      for (const policy of policiesToRemove) {\n        if (!(await tempEnforcer.hasPolicy(...policy))) {\n          this.csvFilePolicies.removedPolicies.push(policy);\n        }\n      }\n    }\n\n    // Check for any new policies that need to be added by checking if\n    // the policy does not currently exist in the enforcer\n    const policiesToAdd = await tempEnforcer.getPolicy();\n    const groupPoliciesToAdd = await tempEnforcer.getGroupingPolicy();\n\n    for (const policy of policiesToAdd) {\n      if (!(await this.enforcer.hasPolicy(...policy))) {\n        this.csvFilePolicies.addedPolicies.push(policy);\n      }\n    }\n\n    for (const groupPolicy of groupPoliciesToAdd) {\n      if (!(await this.enforcer.hasGroupingPolicy(...groupPolicy))) {\n        this.csvFilePolicies.addedGroupPolicies.push(groupPolicy);\n      }\n    }\n\n    await this.migrateLegacyMetadata(tempEnforcer);\n\n    // We pass current here because this is during initialization and it has not changed yet\n    await this.updatePolicies(content, tempEnforcer);\n\n    if (this.allowReload) {\n      this.watchFile();\n    }\n  }\n\n  // Check for policies that might need to be updated\n  // This will involve update \"legacy\" source in the role metadata if it exist in both the\n  // temp enforcer (csv file) and a role metadata storage.\n  // We will update role metadata with the new source \"csv-file\"\n  private async migrateLegacyMetadata(tempEnforcer: Enforcer) {\n    let legacyRolesMetadata = await this.roleMetadataStorage.filterRoleMetadata(\n      'legacy',\n    );\n    const legacyRoles = legacyRolesMetadata.map(meta => meta.roleEntityRef);\n    if (legacyRoles.length > 0) {\n      const legacyGroupPolicies = await tempEnforcer.getFilteredGroupingPolicy(\n        1,\n        ...legacyRoles,\n      );\n      const legacyPolicies = await tempEnforcer.getFilteredPolicy(\n        0,\n        ...legacyRoles,\n      );\n      const legacyRolesFromFile = new Set([\n        ...legacyGroupPolicies.map(gp => gp[1]),\n        ...legacyPolicies.map(p => p[0]),\n      ]);\n      legacyRolesMetadata = legacyRolesMetadata.filter(meta =>\n        legacyRolesFromFile.has(meta.roleEntityRef),\n      );\n      for (const legacyRoleMeta of legacyRolesMetadata) {\n        const nonLegacyRole = mergeRoleMetadata(legacyRoleMeta, {\n          modifiedBy: CSV_PERMISSION_POLICY_FILE_AUTHOR,\n          source: 'csv-file',\n          roleEntityRef: legacyRoleMeta.roleEntityRef,\n        });\n        await this.roleMetadataStorage.updateRoleMetadata(\n          nonLegacyRole,\n          legacyRoleMeta.roleEntityRef,\n        );\n      }\n    }\n  }\n\n  /**\n   * onChange is called whenever there is a change to the CSV file.\n   * It will parse the current and new contents of the CSV file and process the roles and permission policies present.\n   * Afterwards, it will find the difference between the current and new contents of the CSV file\n   * and sort them into added / removed, permission policies / roles.\n   * It will finally call updatePolicies with the new content.\n   */\n  async onChange(): Promise<void> {\n    const newContent = this.parse();\n\n    const tempEnforcer = await newEnforcer(\n      newModelFromString(MODEL),\n      new FileAdapter(this.filePath!),\n    );\n\n    const currentFlatContent = this.currentContent.flatMap(data => {\n      return policyToString(data);\n    });\n    const newFlatContent = newContent.flatMap(data => {\n      return policyToString(data);\n    });\n\n    const diffRemoved = difference(currentFlatContent, newFlatContent); // policy was removed\n    const diffAdded = difference(newFlatContent, currentFlatContent); // policy was added\n\n    await this.migrateLegacyMetadata(tempEnforcer);\n\n    if (diffRemoved.length === 0 && diffAdded.length === 0) {\n      return;\n    }\n\n    diffRemoved.forEach(policy => {\n      const convertedPolicy = metadataStringToPolicy(policy);\n      if (convertedPolicy[0] === 'p') {\n        convertedPolicy.splice(0, 1);\n        this.csvFilePolicies.removedPolicies.push(convertedPolicy);\n      } else if (convertedPolicy[0] === 'g') {\n        convertedPolicy.splice(0, 1);\n        this.csvFilePolicies.removedGroupPolicies.push(convertedPolicy);\n      }\n    });\n\n    diffAdded.forEach(policy => {\n      const convertedPolicy = metadataStringToPolicy(policy);\n      if (convertedPolicy[0] === 'p') {\n        convertedPolicy.splice(0, 1);\n        this.csvFilePolicies.addedPolicies.push(convertedPolicy);\n      } else if (convertedPolicy[0] === 'g') {\n        convertedPolicy.splice(0, 1);\n        this.csvFilePolicies.addedGroupPolicies.push(convertedPolicy);\n      }\n    });\n\n    await this.updatePolicies(newContent, tempEnforcer);\n  }\n\n  /**\n   * updatePolicies is used to update all of the permission policies and roles within a CSV file.\n   * It will check the number of added and removed permissions policies and roles and call the appropriate\n   * methods for these.\n   * It will also update the current contents of the CSV file to the most recent\n   * @param newContent The new content present in the CSV file\n   * @param tempEnforcer Temporary enforcer for checking for duplicates when adding policies\n   */\n  private async updatePolicies(\n    newContent: string[][],\n    tempEnforcer: Enforcer,\n  ): Promise<void> {\n    this.currentContent = newContent;\n\n    if (this.csvFilePolicies.addedPolicies.length > 0)\n      await this.addPermissionPolicies(tempEnforcer);\n    if (this.csvFilePolicies.removedPolicies.length > 0)\n      await this.removePermissionPolicies();\n    if (this.csvFilePolicies.addedGroupPolicies.length > 0)\n      await this.addRoles(tempEnforcer);\n    if (this.csvFilePolicies.removedGroupPolicies.length > 0)\n      await this.removeRoles();\n  }\n\n  /**\n   * addPermissionPolicies will add the new permission policies that are present in the CSV file.\n   * We will attempt to validate the permission policy and log any warnings that are encountered.\n   * If a warning is encountered, we will skip adding the permission policy to the enforcer.\n   * @param tempEnforcer Temporary enforcer for checking for duplicates when adding policies\n   */\n  private async addPermissionPolicies(tempEnforcer: Enforcer): Promise<void> {\n    for (const policy of this.csvFilePolicies.addedPolicies) {\n      const transformedPolicy = transformArrayToPolicy(policy);\n      const metadata = await this.roleMetadataStorage.findRoleMetadata(\n        policy[0],\n      );\n\n      let err = validatePolicy(transformedPolicy);\n      if (err) {\n        this.logger.warn(\n          `Failed to validate policy from file ${this.filePath}. Cause: ${err.message}`,\n        );\n        continue;\n      }\n\n      err = await validateSource('csv-file', metadata);\n      if (err) {\n        this.logger.warn(\n          `Unable to add policy ${policy} from file ${this.filePath}. Cause: ${err.message}`,\n        );\n        continue;\n      }\n\n      err = await checkForDuplicatePolicies(\n        tempEnforcer,\n        policy,\n        this.filePath!,\n      );\n      if (err) {\n        this.logger.warn(err.message);\n        continue;\n      }\n      try {\n        await this.enforcer.addPolicy(policy);\n\n        await this.auditLogger.auditLog<PermissionAuditInfo>({\n          actorId: RBAC_BACKEND,\n          message: `Created policy`,\n          eventName: PermissionEvents.CREATE_POLICY,\n          metadata: { policies: [policy], source: 'csv-file' },\n          stage: HANDLE_RBAC_DATA_STAGE,\n          status: 'succeeded',\n        });\n      } catch (e) {\n        this.logger.warn(\n          `Failed to add or update policy ${policy} after modification ${this.filePath}. Cause: ${e}`,\n        );\n      }\n    }\n\n    this.csvFilePolicies.addedPolicies = [];\n  }\n\n  /**\n   * removePermissionPolicies will remove the permission policies that are no longer present in the CSV file.\n   */\n  private async removePermissionPolicies(): Promise<void> {\n    try {\n      await this.enforcer.removePolicies(this.csvFilePolicies.removedPolicies);\n\n      await this.auditLogger.auditLog<PermissionAuditInfo>({\n        actorId: RBAC_BACKEND,\n        message: `Deleted policies`,\n        eventName: PermissionEvents.DELETE_POLICY,\n        metadata: {\n          policies: this.csvFilePolicies.removedPolicies,\n          source: 'csv-file',\n        },\n        stage: HANDLE_RBAC_DATA_STAGE,\n        status: 'succeeded',\n      });\n    } catch (e) {\n      this.logger.warn(\n        `Failed to remove policies ${JSON.stringify(\n          this.csvFilePolicies.removedPolicies,\n        )} after modification ${this.filePath}. Cause: ${e}`,\n      );\n    }\n    this.csvFilePolicies.removedPolicies = [];\n  }\n\n  /**\n   * addRoles will add the new roles that are present in the CSV file.\n   * We will attempt to validate the role and log any warnings that are encountered.\n   * If a warning is encountered, we will skip adding the role to the enforcer.\n   * @param tempEnforcer Temporary enforcer for checking for duplicates when adding policies\n   */\n  private async addRoles(tempEnforcer: Enforcer): Promise<void> {\n    for (const groupPolicy of this.csvFilePolicies.addedGroupPolicies) {\n      let err = await validateGroupingPolicy(\n        groupPolicy,\n        this.roleMetadataStorage,\n        'csv-file',\n      );\n      if (err) {\n        this.logger.warn(\n          `${err.message}, error originates from file ${this.filePath}`,\n        );\n        continue;\n      }\n\n      err = await checkForDuplicateGroupPolicies(\n        tempEnforcer,\n        groupPolicy,\n        this.filePath!,\n      );\n      if (err) {\n        this.logger.warn(err.message);\n        continue;\n      }\n\n      try {\n        const roleMetadata: RoleMetadataDao = {\n          source: 'csv-file',\n          roleEntityRef: groupPolicy[1],\n          author: CSV_PERMISSION_POLICY_FILE_AUTHOR,\n          modifiedBy: CSV_PERMISSION_POLICY_FILE_AUTHOR,\n        };\n\n        const currentMetadata = await this.roleMetadataStorage.findRoleMetadata(\n          roleMetadata.roleEntityRef,\n        );\n\n        await this.enforcer.addGroupingPolicy(groupPolicy, roleMetadata);\n\n        const eventName = currentMetadata\n          ? RoleEvents.UPDATE_ROLE\n          : RoleEvents.CREATE_ROLE;\n        const message = currentMetadata ? 'Updated role' : 'Created role';\n        await this.auditLogger.auditLog<RoleAuditInfo>({\n          actorId: RBAC_BACKEND,\n          message,\n          eventName,\n          metadata: { ...roleMetadata, members: [groupPolicy[0]] },\n          stage: HANDLE_RBAC_DATA_STAGE,\n          status: 'succeeded',\n        });\n      } catch (e) {\n        this.logger.warn(\n          `Failed to add or update group policy ${groupPolicy} after modification ${this.filePath}. Cause: ${e}`,\n        );\n      }\n    }\n    this.csvFilePolicies.addedGroupPolicies = [];\n  }\n\n  /**\n   * removeRoles will remove the roles that are no longer present in the CSV file.\n   * If the role exists with multiple groups and or users, we will update it role information.\n   * Otherwise, we will remove the role completely.\n   */\n  private async removeRoles(): Promise<void> {\n    for (const groupPolicy of this.csvFilePolicies.removedGroupPolicies) {\n      const roleEntityRef = groupPolicy[1];\n      // this requires knowledge of whether or not it is an update\n      const isUpdate = await this.enforcer.getFilteredGroupingPolicy(\n        1,\n        roleEntityRef,\n      );\n\n      // Need to update the time\n      try {\n        const metadata: RoleMetadataDao = {\n          source: 'csv-file',\n          roleEntityRef,\n          author: CSV_PERMISSION_POLICY_FILE_AUTHOR,\n          modifiedBy: CSV_PERMISSION_POLICY_FILE_AUTHOR,\n        };\n\n        await this.enforcer.removeGroupingPolicy(\n          groupPolicy,\n          metadata,\n          isUpdate.length > 1,\n        );\n\n        const isRolePresent = await this.roleMetadataStorage.findRoleMetadata(\n          roleEntityRef,\n        );\n        const eventName = isRolePresent\n          ? RoleEvents.UPDATE_ROLE\n          : RoleEvents.DELETE_ROLE;\n        const message = isRolePresent\n          ? 'Updated role: deleted members'\n          : 'Deleted role';\n        await this.auditLogger.auditLog<RoleAuditInfo>({\n          actorId: RBAC_BACKEND,\n          message,\n          eventName,\n          metadata: { ...metadata, members: [groupPolicy[0]] },\n          stage: HANDLE_RBAC_DATA_STAGE,\n          status: 'succeeded',\n        });\n      } catch (e) {\n        this.logger.warn(\n          `Failed to remove group policy ${groupPolicy} after modification ${this.filePath}. Cause: ${e}`,\n        );\n      }\n    }\n    this.csvFilePolicies.removedGroupPolicies = [];\n  }\n\n  async cleanUpRolesAndPolicies(): Promise<void> {\n    const roleMetadatas = await this.roleMetadataStorage.filterRoleMetadata(\n      'csv-file',\n    );\n    const fileRoles = roleMetadatas.map(meta => meta.roleEntityRef);\n\n    if (fileRoles.length > 0) {\n      for (const fileRole of fileRoles) {\n        this.csvFilePolicies.removedGroupPolicies.push(\n          ...(await this.enforcer.getFilteredGroupingPolicy(1, fileRole)),\n        );\n        this.csvFilePolicies.removedPolicies.push(\n          ...(await this.enforcer.getFilteredPolicy(0, fileRole)),\n        );\n      }\n    }\n    await this.removePermissionPolicies();\n    await this.removeRoles();\n  }\n}\n"],"names":["AbstractFileWatcher","parse","newEnforcer","newModelFromString","MODEL","FileAdapter","mergeRoleMetadata","policyToString","difference","metadataStringToPolicy","transformArrayToPolicy","validatePolicy","validateSource","checkForDuplicatePolicies","RBAC_BACKEND","PermissionEvents","HANDLE_RBAC_DATA_STAGE","validateGroupingPolicy","checkForDuplicateGroupPolicies","RoleEvents"],"mappings":";;;;;;;;;;;AAmDO,MAAM,iCAAoC,GAAA,6BAAA;AAS1C,MAAM,uBAAuBA,+BAAgC,CAAA;AAAA,EAIlE,YACE,QACA,EAAA,WAAA,EACA,MACiB,EAAA,QAAA,EACA,qBACA,WACjB,EAAA;AACA,IAAM,KAAA,CAAA,QAAA,EAAU,aAAa,MAAM,CAAA,CAAA;AAJlB,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA,CAAA;AACA,IAAA,IAAA,CAAA,mBAAA,GAAA,mBAAA,CAAA;AACA,IAAA,IAAA,CAAA,WAAA,GAAA,WAAA,CAAA;AAGjB,IAAA,IAAA,CAAK,iBAAiB,EAAC,CAAA;AACvB,IAAA,IAAA,CAAK,eAAkB,GAAA;AAAA,MACrB,eAAe,EAAC;AAAA,MAChB,oBAAoB,EAAC;AAAA,MACrB,iBAAiB,EAAC;AAAA,MAClB,sBAAsB,EAAC;AAAA,KACzB,CAAA;AAAA,GACF;AAAA,EAnBQ,cAAA,CAAA;AAAA,EACA,eAAA,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAwBR,KAAoB,GAAA;AAClB,IAAM,MAAA,OAAA,GAAU,KAAK,kBAAmB,EAAA,CAAA;AACxC,IAAM,MAAA,MAAA,GAASC,WAAM,OAAS,EAAA;AAAA,MAC5B,gBAAkB,EAAA,IAAA;AAAA,MAClB,kBAAoB,EAAA,IAAA;AAAA,MACpB,IAAM,EAAA,IAAA;AAAA,KACP,CAAA,CAAA;AAED,IAAO,OAAA,MAAA,CAAA;AAAA,GACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,UAA4B,GAAA;AAChC,IAAI,IAAA,CAAC,KAAK,QAAU,EAAA;AAClB,MAAA,OAAA;AAAA,KACF;AACA,IAAA,IAAI,UAAsB,EAAC,CAAA;AAE3B,IAAA,OAAA,GAAU,KAAK,KAAM,EAAA,CAAA;AAErB,IAAA,MAAM,eAAe,MAAMC,kBAAA;AAAA,MACzBC,0BAAmBC,qBAAK,CAAA;AAAA,MACxB,IAAIC,kBAAY,CAAA,IAAA,CAAK,QAAQ,CAAA;AAAA,KAC/B,CAAA;AAIA,IAAM,MAAA,aAAA,GAAgB,MAAM,IAAA,CAAK,mBAAoB,CAAA,kBAAA;AAAA,MACnD,UAAA;AAAA,KACF,CAAA;AACA,IAAA,MAAM,SAAY,GAAA,aAAA,CAAc,GAAI,CAAA,CAAA,IAAA,KAAQ,KAAK,aAAa,CAAA,CAAA;AAE9D,IAAI,IAAA,SAAA,CAAU,SAAS,CAAG,EAAA;AACxB,MAAA,MAAM,2BACJ,MAAM,IAAA,CAAK,SAAS,yBAA0B,CAAA,CAAA,EAAG,GAAG,SAAS,CAAA,CAAA;AAC/D,MAAA,KAAA,MAAW,WAAW,wBAA0B,EAAA;AAC9C,QAAA,IAAI,CAAE,MAAM,YAAA,CAAa,iBAAkB,CAAA,GAAG,OAAO,CAAI,EAAA;AACvD,UAAK,IAAA,CAAA,eAAA,CAAgB,oBAAqB,CAAA,IAAA,CAAK,OAAO,CAAA,CAAA;AAAA,SACxD;AAAA,OACF;AACA,MAAM,MAAA,gBAAA,GAAmB,MAAM,IAAA,CAAK,QAAS,CAAA,iBAAA;AAAA,QAC3C,CAAA;AAAA,QACA,GAAG,SAAA;AAAA,OACL,CAAA;AACA,MAAA,KAAA,MAAW,UAAU,gBAAkB,EAAA;AACrC,QAAA,IAAI,CAAE,MAAM,YAAA,CAAa,SAAU,CAAA,GAAG,MAAM,CAAI,EAAA;AAC9C,UAAK,IAAA,CAAA,eAAA,CAAgB,eAAgB,CAAA,IAAA,CAAK,MAAM,CAAA,CAAA;AAAA,SAClD;AAAA,OACF;AAAA,KACF;AAIA,IAAM,MAAA,aAAA,GAAgB,MAAM,YAAA,CAAa,SAAU,EAAA,CAAA;AACnD,IAAM,MAAA,kBAAA,GAAqB,MAAM,YAAA,CAAa,iBAAkB,EAAA,CAAA;AAEhE,IAAA,KAAA,MAAW,UAAU,aAAe,EAAA;AAClC,MAAA,IAAI,CAAE,MAAM,IAAA,CAAK,SAAS,SAAU,CAAA,GAAG,MAAM,CAAI,EAAA;AAC/C,QAAK,IAAA,CAAA,eAAA,CAAgB,aAAc,CAAA,IAAA,CAAK,MAAM,CAAA,CAAA;AAAA,OAChD;AAAA,KACF;AAEA,IAAA,KAAA,MAAW,eAAe,kBAAoB,EAAA;AAC5C,MAAA,IAAI,CAAE,MAAM,IAAA,CAAK,SAAS,iBAAkB,CAAA,GAAG,WAAW,CAAI,EAAA;AAC5D,QAAK,IAAA,CAAA,eAAA,CAAgB,kBAAmB,CAAA,IAAA,CAAK,WAAW,CAAA,CAAA;AAAA,OAC1D;AAAA,KACF;AAEA,IAAM,MAAA,IAAA,CAAK,sBAAsB,YAAY,CAAA,CAAA;AAG7C,IAAM,MAAA,IAAA,CAAK,cAAe,CAAA,OAAA,EAAS,YAAY,CAAA,CAAA;AAE/C,IAAA,IAAI,KAAK,WAAa,EAAA;AACpB,MAAA,IAAA,CAAK,SAAU,EAAA,CAAA;AAAA,KACjB;AAAA,GACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,sBAAsB,YAAwB,EAAA;AAC1D,IAAI,IAAA,mBAAA,GAAsB,MAAM,IAAA,CAAK,mBAAoB,CAAA,kBAAA;AAAA,MACvD,QAAA;AAAA,KACF,CAAA;AACA,IAAA,MAAM,WAAc,GAAA,mBAAA,CAAoB,GAAI,CAAA,CAAA,IAAA,KAAQ,KAAK,aAAa,CAAA,CAAA;AACtE,IAAI,IAAA,WAAA,CAAY,SAAS,CAAG,EAAA;AAC1B,MAAM,MAAA,mBAAA,GAAsB,MAAM,YAAa,CAAA,yBAAA;AAAA,QAC7C,CAAA;AAAA,QACA,GAAG,WAAA;AAAA,OACL,CAAA;AACA,MAAM,MAAA,cAAA,GAAiB,MAAM,YAAa,CAAA,iBAAA;AAAA,QACxC,CAAA;AAAA,QACA,GAAG,WAAA;AAAA,OACL,CAAA;AACA,MAAM,MAAA,mBAAA,uBAA0B,GAAI,CAAA;AAAA,QAClC,GAAG,mBAAoB,CAAA,GAAA,CAAI,CAAM,EAAA,KAAA,EAAA,CAAG,CAAC,CAAC,CAAA;AAAA,QACtC,GAAG,cAAe,CAAA,GAAA,CAAI,CAAK,CAAA,KAAA,CAAA,CAAE,CAAC,CAAC,CAAA;AAAA,OAChC,CAAA,CAAA;AACD,MAAA,mBAAA,GAAsB,mBAAoB,CAAA,MAAA;AAAA,QAAO,CAC/C,IAAA,KAAA,mBAAA,CAAoB,GAAI,CAAA,IAAA,CAAK,aAAa,CAAA;AAAA,OAC5C,CAAA;AACA,MAAA,KAAA,MAAW,kBAAkB,mBAAqB,EAAA;AAChD,QAAM,MAAA,aAAA,GAAgBC,yBAAkB,cAAgB,EAAA;AAAA,UACtD,UAAY,EAAA,iCAAA;AAAA,UACZ,MAAQ,EAAA,UAAA;AAAA,UACR,eAAe,cAAe,CAAA,aAAA;AAAA,SAC/B,CAAA,CAAA;AACD,QAAA,MAAM,KAAK,mBAAoB,CAAA,kBAAA;AAAA,UAC7B,aAAA;AAAA,UACA,cAAe,CAAA,aAAA;AAAA,SACjB,CAAA;AAAA,OACF;AAAA,KACF;AAAA,GACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,QAA0B,GAAA;AAC9B,IAAM,MAAA,UAAA,GAAa,KAAK,KAAM,EAAA,CAAA;AAE9B,IAAA,MAAM,eAAe,MAAMJ,kBAAA;AAAA,MACzBC,0BAAmBC,qBAAK,CAAA;AAAA,MACxB,IAAIC,kBAAY,CAAA,IAAA,CAAK,QAAS,CAAA;AAAA,KAChC,CAAA;AAEA,IAAA,MAAM,kBAAqB,GAAA,IAAA,CAAK,cAAe,CAAA,OAAA,CAAQ,CAAQ,IAAA,KAAA;AAC7D,MAAA,OAAOE,sBAAe,IAAI,CAAA,CAAA;AAAA,KAC3B,CAAA,CAAA;AACD,IAAM,MAAA,cAAA,GAAiB,UAAW,CAAA,OAAA,CAAQ,CAAQ,IAAA,KAAA;AAChD,MAAA,OAAOA,sBAAe,IAAI,CAAA,CAAA;AAAA,KAC3B,CAAA,CAAA;AAED,IAAM,MAAA,WAAA,GAAcC,iBAAW,CAAA,kBAAA,EAAoB,cAAc,CAAA,CAAA;AACjE,IAAM,MAAA,SAAA,GAAYA,iBAAW,CAAA,cAAA,EAAgB,kBAAkB,CAAA,CAAA;AAE/D,IAAM,MAAA,IAAA,CAAK,sBAAsB,YAAY,CAAA,CAAA;AAE7C,IAAA,IAAI,WAAY,CAAA,MAAA,KAAW,CAAK,IAAA,SAAA,CAAU,WAAW,CAAG,EAAA;AACtD,MAAA,OAAA;AAAA,KACF;AAEA,IAAA,WAAA,CAAY,QAAQ,CAAU,MAAA,KAAA;AAC5B,MAAM,MAAA,eAAA,GAAkBC,8BAAuB,MAAM,CAAA,CAAA;AACrD,MAAI,IAAA,eAAA,CAAgB,CAAC,CAAA,KAAM,GAAK,EAAA;AAC9B,QAAgB,eAAA,CAAA,MAAA,CAAO,GAAG,CAAC,CAAA,CAAA;AAC3B,QAAK,IAAA,CAAA,eAAA,CAAgB,eAAgB,CAAA,IAAA,CAAK,eAAe,CAAA,CAAA;AAAA,OAChD,MAAA,IAAA,eAAA,CAAgB,CAAC,CAAA,KAAM,GAAK,EAAA;AACrC,QAAgB,eAAA,CAAA,MAAA,CAAO,GAAG,CAAC,CAAA,CAAA;AAC3B,QAAK,IAAA,CAAA,eAAA,CAAgB,oBAAqB,CAAA,IAAA,CAAK,eAAe,CAAA,CAAA;AAAA,OAChE;AAAA,KACD,CAAA,CAAA;AAED,IAAA,SAAA,CAAU,QAAQ,CAAU,MAAA,KAAA;AAC1B,MAAM,MAAA,eAAA,GAAkBA,8BAAuB,MAAM,CAAA,CAAA;AACrD,MAAI,IAAA,eAAA,CAAgB,CAAC,CAAA,KAAM,GAAK,EAAA;AAC9B,QAAgB,eAAA,CAAA,MAAA,CAAO,GAAG,CAAC,CAAA,CAAA;AAC3B,QAAK,IAAA,CAAA,eAAA,CAAgB,aAAc,CAAA,IAAA,CAAK,eAAe,CAAA,CAAA;AAAA,OAC9C,MAAA,IAAA,eAAA,CAAgB,CAAC,CAAA,KAAM,GAAK,EAAA;AACrC,QAAgB,eAAA,CAAA,MAAA,CAAO,GAAG,CAAC,CAAA,CAAA;AAC3B,QAAK,IAAA,CAAA,eAAA,CAAgB,kBAAmB,CAAA,IAAA,CAAK,eAAe,CAAA,CAAA;AAAA,OAC9D;AAAA,KACD,CAAA,CAAA;AAED,IAAM,MAAA,IAAA,CAAK,cAAe,CAAA,UAAA,EAAY,YAAY,CAAA,CAAA;AAAA,GACpD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAc,cACZ,CAAA,UAAA,EACA,YACe,EAAA;AACf,IAAA,IAAA,CAAK,cAAiB,GAAA,UAAA,CAAA;AAEtB,IAAI,IAAA,IAAA,CAAK,eAAgB,CAAA,aAAA,CAAc,MAAS,GAAA,CAAA;AAC9C,MAAM,MAAA,IAAA,CAAK,sBAAsB,YAAY,CAAA,CAAA;AAC/C,IAAI,IAAA,IAAA,CAAK,eAAgB,CAAA,eAAA,CAAgB,MAAS,GAAA,CAAA;AAChD,MAAA,MAAM,KAAK,wBAAyB,EAAA,CAAA;AACtC,IAAI,IAAA,IAAA,CAAK,eAAgB,CAAA,kBAAA,CAAmB,MAAS,GAAA,CAAA;AACnD,MAAM,MAAA,IAAA,CAAK,SAAS,YAAY,CAAA,CAAA;AAClC,IAAI,IAAA,IAAA,CAAK,eAAgB,CAAA,oBAAA,CAAqB,MAAS,GAAA,CAAA;AACrD,MAAA,MAAM,KAAK,WAAY,EAAA,CAAA;AAAA,GAC3B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAc,sBAAsB,YAAuC,EAAA;AACzE,IAAW,KAAA,MAAA,MAAA,IAAU,IAAK,CAAA,eAAA,CAAgB,aAAe,EAAA;AACvD,MAAM,MAAA,iBAAA,GAAoBC,8BAAuB,MAAM,CAAA,CAAA;AACvD,MAAM,MAAA,QAAA,GAAW,MAAM,IAAA,CAAK,mBAAoB,CAAA,gBAAA;AAAA,QAC9C,OAAO,CAAC,CAAA;AAAA,OACV,CAAA;AAEA,MAAI,IAAA,GAAA,GAAMC,kCAAe,iBAAiB,CAAA,CAAA;AAC1C,MAAA,IAAI,GAAK,EAAA;AACP,QAAA,IAAA,CAAK,MAAO,CAAA,IAAA;AAAA,UACV,CAAuC,oCAAA,EAAA,IAAA,CAAK,QAAQ,CAAA,SAAA,EAAY,IAAI,OAAO,CAAA,CAAA;AAAA,SAC7E,CAAA;AACA,QAAA,SAAA;AAAA,OACF;AAEA,MAAM,GAAA,GAAA,MAAMC,iCAAe,CAAA,UAAA,EAAY,QAAQ,CAAA,CAAA;AAC/C,MAAA,IAAI,GAAK,EAAA;AACP,QAAA,IAAA,CAAK,MAAO,CAAA,IAAA;AAAA,UACV,wBAAwB,MAAM,CAAA,WAAA,EAAc,KAAK,QAAQ,CAAA,SAAA,EAAY,IAAI,OAAO,CAAA,CAAA;AAAA,SAClF,CAAA;AACA,QAAA,SAAA;AAAA,OACF;AAEA,MAAA,GAAA,GAAM,MAAMC,4CAAA;AAAA,QACV,YAAA;AAAA,QACA,MAAA;AAAA,QACA,IAAK,CAAA,QAAA;AAAA,OACP,CAAA;AACA,MAAA,IAAI,GAAK,EAAA;AACP,QAAK,IAAA,CAAA,MAAA,CAAO,IAAK,CAAA,GAAA,CAAI,OAAO,CAAA,CAAA;AAC5B,QAAA,SAAA;AAAA,OACF;AACA,MAAI,IAAA;AACF,QAAM,MAAA,IAAA,CAAK,QAAS,CAAA,SAAA,CAAU,MAAM,CAAA,CAAA;AAEpC,QAAM,MAAA,IAAA,CAAK,YAAY,QAA8B,CAAA;AAAA,UACnD,OAAS,EAAAC,wBAAA;AAAA,UACT,OAAS,EAAA,CAAA,cAAA,CAAA;AAAA,UACT,WAAWC,4BAAiB,CAAA,aAAA;AAAA,UAC5B,UAAU,EAAE,QAAA,EAAU,CAAC,MAAM,CAAA,EAAG,QAAQ,UAAW,EAAA;AAAA,UACnD,KAAO,EAAAC,kCAAA;AAAA,UACP,MAAQ,EAAA,WAAA;AAAA,SACT,CAAA,CAAA;AAAA,eACM,CAAG,EAAA;AACV,QAAA,IAAA,CAAK,MAAO,CAAA,IAAA;AAAA,UACV,kCAAkC,MAAM,CAAA,oBAAA,EAAuB,IAAK,CAAA,QAAQ,YAAY,CAAC,CAAA,CAAA;AAAA,SAC3F,CAAA;AAAA,OACF;AAAA,KACF;AAEA,IAAK,IAAA,CAAA,eAAA,CAAgB,gBAAgB,EAAC,CAAA;AAAA,GACxC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,wBAA0C,GAAA;AACtD,IAAI,IAAA;AACF,MAAA,MAAM,IAAK,CAAA,QAAA,CAAS,cAAe,CAAA,IAAA,CAAK,gBAAgB,eAAe,CAAA,CAAA;AAEvE,MAAM,MAAA,IAAA,CAAK,YAAY,QAA8B,CAAA;AAAA,QACnD,OAAS,EAAAF,wBAAA;AAAA,QACT,OAAS,EAAA,CAAA,gBAAA,CAAA;AAAA,QACT,WAAWC,4BAAiB,CAAA,aAAA;AAAA,QAC5B,QAAU,EAAA;AAAA,UACR,QAAA,EAAU,KAAK,eAAgB,CAAA,eAAA;AAAA,UAC/B,MAAQ,EAAA,UAAA;AAAA,SACV;AAAA,QACA,KAAO,EAAAC,kCAAA;AAAA,QACP,MAAQ,EAAA,WAAA;AAAA,OACT,CAAA,CAAA;AAAA,aACM,CAAG,EAAA;AACV,MAAA,IAAA,CAAK,MAAO,CAAA,IAAA;AAAA,QACV,6BAA6B,IAAK,CAAA,SAAA;AAAA,UAChC,KAAK,eAAgB,CAAA,eAAA;AAAA,SACtB,CAAA,oBAAA,EAAuB,IAAK,CAAA,QAAQ,YAAY,CAAC,CAAA,CAAA;AAAA,OACpD,CAAA;AAAA,KACF;AACA,IAAK,IAAA,CAAA,eAAA,CAAgB,kBAAkB,EAAC,CAAA;AAAA,GAC1C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAc,SAAS,YAAuC,EAAA;AAC5D,IAAW,KAAA,MAAA,WAAA,IAAe,IAAK,CAAA,eAAA,CAAgB,kBAAoB,EAAA;AACjE,MAAA,IAAI,MAAM,MAAMC,yCAAA;AAAA,QACd,WAAA;AAAA,QACA,IAAK,CAAA,mBAAA;AAAA,QACL,UAAA;AAAA,OACF,CAAA;AACA,MAAA,IAAI,GAAK,EAAA;AACP,QAAA,IAAA,CAAK,MAAO,CAAA,IAAA;AAAA,UACV,CAAG,EAAA,GAAA,CAAI,OAAO,CAAA,6BAAA,EAAgC,KAAK,QAAQ,CAAA,CAAA;AAAA,SAC7D,CAAA;AACA,QAAA,SAAA;AAAA,OACF;AAEA,MAAA,GAAA,GAAM,MAAMC,iDAAA;AAAA,QACV,YAAA;AAAA,QACA,WAAA;AAAA,QACA,IAAK,CAAA,QAAA;AAAA,OACP,CAAA;AACA,MAAA,IAAI,GAAK,EAAA;AACP,QAAK,IAAA,CAAA,MAAA,CAAO,IAAK,CAAA,GAAA,CAAI,OAAO,CAAA,CAAA;AAC5B,QAAA,SAAA;AAAA,OACF;AAEA,MAAI,IAAA;AACF,QAAA,MAAM,YAAgC,GAAA;AAAA,UACpC,MAAQ,EAAA,UAAA;AAAA,UACR,aAAA,EAAe,YAAY,CAAC,CAAA;AAAA,UAC5B,MAAQ,EAAA,iCAAA;AAAA,UACR,UAAY,EAAA,iCAAA;AAAA,SACd,CAAA;AAEA,QAAM,MAAA,eAAA,GAAkB,MAAM,IAAA,CAAK,mBAAoB,CAAA,gBAAA;AAAA,UACrD,YAAa,CAAA,aAAA;AAAA,SACf,CAAA;AAEA,QAAA,MAAM,IAAK,CAAA,QAAA,CAAS,iBAAkB,CAAA,WAAA,EAAa,YAAY,CAAA,CAAA;AAE/D,QAAA,MAAM,SAAY,GAAA,eAAA,GACdC,sBAAW,CAAA,WAAA,GACXA,sBAAW,CAAA,WAAA,CAAA;AACf,QAAM,MAAA,OAAA,GAAU,kBAAkB,cAAiB,GAAA,cAAA,CAAA;AACnD,QAAM,MAAA,IAAA,CAAK,YAAY,QAAwB,CAAA;AAAA,UAC7C,OAAS,EAAAL,wBAAA;AAAA,UACT,OAAA;AAAA,UACA,SAAA;AAAA,UACA,QAAA,EAAU,EAAE,GAAG,YAAA,EAAc,SAAS,CAAC,WAAA,CAAY,CAAC,CAAC,CAAE,EAAA;AAAA,UACvD,KAAO,EAAAE,kCAAA;AAAA,UACP,MAAQ,EAAA,WAAA;AAAA,SACT,CAAA,CAAA;AAAA,eACM,CAAG,EAAA;AACV,QAAA,IAAA,CAAK,MAAO,CAAA,IAAA;AAAA,UACV,wCAAwC,WAAW,CAAA,oBAAA,EAAuB,IAAK,CAAA,QAAQ,YAAY,CAAC,CAAA,CAAA;AAAA,SACtG,CAAA;AAAA,OACF;AAAA,KACF;AACA,IAAK,IAAA,CAAA,eAAA,CAAgB,qBAAqB,EAAC,CAAA;AAAA,GAC7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,WAA6B,GAAA;AACzC,IAAW,KAAA,MAAA,WAAA,IAAe,IAAK,CAAA,eAAA,CAAgB,oBAAsB,EAAA;AACnE,MAAM,MAAA,aAAA,GAAgB,YAAY,CAAC,CAAA,CAAA;AAEnC,MAAM,MAAA,QAAA,GAAW,MAAM,IAAA,CAAK,QAAS,CAAA,yBAAA;AAAA,QACnC,CAAA;AAAA,QACA,aAAA;AAAA,OACF,CAAA;AAGA,MAAI,IAAA;AACF,QAAA,MAAM,QAA4B,GAAA;AAAA,UAChC,MAAQ,EAAA,UAAA;AAAA,UACR,aAAA;AAAA,UACA,MAAQ,EAAA,iCAAA;AAAA,UACR,UAAY,EAAA,iCAAA;AAAA,SACd,CAAA;AAEA,QAAA,MAAM,KAAK,QAAS,CAAA,oBAAA;AAAA,UAClB,WAAA;AAAA,UACA,QAAA;AAAA,UACA,SAAS,MAAS,GAAA,CAAA;AAAA,SACpB,CAAA;AAEA,QAAM,MAAA,aAAA,GAAgB,MAAM,IAAA,CAAK,mBAAoB,CAAA,gBAAA;AAAA,UACnD,aAAA;AAAA,SACF,CAAA;AACA,QAAA,MAAM,SAAY,GAAA,aAAA,GACdG,sBAAW,CAAA,WAAA,GACXA,sBAAW,CAAA,WAAA,CAAA;AACf,QAAM,MAAA,OAAA,GAAU,gBACZ,+BACA,GAAA,cAAA,CAAA;AACJ,QAAM,MAAA,IAAA,CAAK,YAAY,QAAwB,CAAA;AAAA,UAC7C,OAAS,EAAAL,wBAAA;AAAA,UACT,OAAA;AAAA,UACA,SAAA;AAAA,UACA,QAAA,EAAU,EAAE,GAAG,QAAA,EAAU,SAAS,CAAC,WAAA,CAAY,CAAC,CAAC,CAAE,EAAA;AAAA,UACnD,KAAO,EAAAE,kCAAA;AAAA,UACP,MAAQ,EAAA,WAAA;AAAA,SACT,CAAA,CAAA;AAAA,eACM,CAAG,EAAA;AACV,QAAA,IAAA,CAAK,MAAO,CAAA,IAAA;AAAA,UACV,iCAAiC,WAAW,CAAA,oBAAA,EAAuB,IAAK,CAAA,QAAQ,YAAY,CAAC,CAAA,CAAA;AAAA,SAC/F,CAAA;AAAA,OACF;AAAA,KACF;AACA,IAAK,IAAA,CAAA,eAAA,CAAgB,uBAAuB,EAAC,CAAA;AAAA,GAC/C;AAAA,EAEA,MAAM,uBAAyC,GAAA;AAC7C,IAAM,MAAA,aAAA,GAAgB,MAAM,IAAA,CAAK,mBAAoB,CAAA,kBAAA;AAAA,MACnD,UAAA;AAAA,KACF,CAAA;AACA,IAAA,MAAM,SAAY,GAAA,aAAA,CAAc,GAAI,CAAA,CAAA,IAAA,KAAQ,KAAK,aAAa,CAAA,CAAA;AAE9D,IAAI,IAAA,SAAA,CAAU,SAAS,CAAG,EAAA;AACxB,MAAA,KAAA,MAAW,YAAY,SAAW,EAAA;AAChC,QAAA,IAAA,CAAK,gBAAgB,oBAAqB,CAAA,IAAA;AAAA,UACxC,GAAI,MAAM,IAAA,CAAK,QAAS,CAAA,yBAAA,CAA0B,GAAG,QAAQ,CAAA;AAAA,SAC/D,CAAA;AACA,QAAA,IAAA,CAAK,gBAAgB,eAAgB,CAAA,IAAA;AAAA,UACnC,GAAI,MAAM,IAAA,CAAK,QAAS,CAAA,iBAAA,CAAkB,GAAG,QAAQ,CAAA;AAAA,SACvD,CAAA;AAAA,OACF;AAAA,KACF;AACA,IAAA,MAAM,KAAK,wBAAyB,EAAA,CAAA;AACpC,IAAA,MAAM,KAAK,WAAY,EAAA,CAAA;AAAA,GACzB;AACF;;;;;"}

package/dist/file-permissions/file-watcher.cjs.js

@@ -0,0 +1,46 @@
+'use strict';
+
+var chokidar = require('chokidar');
+var fs = require('fs');
+
+function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
+
+var chokidar__default = /*#__PURE__*/_interopDefaultCompat(chokidar);
+var fs__default = /*#__PURE__*/_interopDefaultCompat(fs);
+
+class AbstractFileWatcher {
+  constructor(filePath, allowReload, logger) {
+    this.filePath = filePath;
+    this.allowReload = allowReload;
+    this.logger = logger;
+  }
+  /**
+   * watchFile initializes the file watcher and sets it to begin watching for changes.
+   */
+  watchFile() {
+    if (!this.filePath) {
+      throw new Error("File path is not specified");
+    }
+    const watcher = chokidar__default.default.watch(this.filePath);
+    watcher.on("change", async (path) => {
+      this.logger.info(`file ${path} has changed`);
+      await this.onChange();
+    });
+    watcher.on("error", (error) => {
+      this.logger.error(`error watching file ${this.filePath}: ${error}`);
+    });
+  }
+  /**
+   * getCurrentContents reads the current contents of the CSV file.
+   * @returns The current contents of the file.
+   */
+  getCurrentContents() {
+    if (!this.filePath) {
+      throw new Error("File path is not specified");
+    }
+    return fs__default.default.readFileSync(this.filePath, "utf-8");
+  }
+}
+
+exports.AbstractFileWatcher = AbstractFileWatcher;
+//# sourceMappingURL=file-watcher.cjs.js.map

package/dist/file-permissions/file-watcher.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"file-watcher.cjs.js","sources":["../../src/file-permissions/file-watcher.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport type { LoggerService } from '@backstage/backend-plugin-api';\n\nimport chokidar from 'chokidar';\n\nimport fs from 'fs';\n\n/**\n * Represents a file watcher that can be used to monitor changes in a file.\n */\nexport abstract class AbstractFileWatcher<T> {\n  constructor(\n    protected readonly filePath: string | undefined,\n    protected readonly allowReload: boolean,\n    protected readonly logger: LoggerService,\n  ) {}\n\n  /**\n   * Initializes the file watcher and starts watching the specified file.\n   */\n  abstract initialize(): Promise<void>;\n\n  /**\n   * watchFile initializes the file watcher and sets it to begin watching for changes.\n   */\n  watchFile(): void {\n    if (!this.filePath) {\n      throw new Error('File path is not specified');\n    }\n    const watcher = chokidar.watch(this.filePath);\n    watcher.on('change', async path => {\n      this.logger.info(`file ${path} has changed`);\n      await this.onChange();\n    });\n    watcher.on('error', error => {\n      this.logger.error(`error watching file ${this.filePath}: ${error}`);\n    });\n  }\n\n  /**\n   * Handles the change event when the watched file is modified.\n   * @returns A promise that resolves when the change event is handled.\n   */\n  abstract onChange(): Promise<void>;\n\n  /**\n   * getCurrentContents reads the current contents of the CSV file.\n   * @returns The current contents of the file.\n   */\n  getCurrentContents(): string {\n    if (!this.filePath) {\n      throw new Error('File path is not specified');\n    }\n    return fs.readFileSync(this.filePath, 'utf-8');\n  }\n\n  /**\n   * parse is used to parse the current contents of the file.\n   * @returns The file parsed into a type <T>.\n   */\n  abstract parse(): T;\n}\n"],"names":["chokidar","fs"],"mappings":";;;;;;;;;;AAwBO,MAAe,mBAAuB,CAAA;AAAA,EAC3C,WAAA,CACqB,QACA,EAAA,WAAA,EACA,MACnB,EAAA;AAHmB,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA,CAAA;AACA,IAAA,IAAA,CAAA,WAAA,GAAA,WAAA,CAAA;AACA,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA,CAAA;AAAA,GAClB;AAAA;AAAA;AAAA;AAAA,EAUH,SAAkB,GAAA;AAChB,IAAI,IAAA,CAAC,KAAK,QAAU,EAAA;AAClB,MAAM,MAAA,IAAI,MAAM,4BAA4B,CAAA,CAAA;AAAA,KAC9C;AACA,IAAA,MAAM,OAAU,GAAAA,yBAAA,CAAS,KAAM,CAAA,IAAA,CAAK,QAAQ,CAAA,CAAA;AAC5C,IAAQ,OAAA,CAAA,EAAA,CAAG,QAAU,EAAA,OAAM,IAAQ,KAAA;AACjC,MAAA,IAAA,CAAK,MAAO,CAAA,IAAA,CAAK,CAAQ,KAAA,EAAA,IAAI,CAAc,YAAA,CAAA,CAAA,CAAA;AAC3C,MAAA,MAAM,KAAK,QAAS,EAAA,CAAA;AAAA,KACrB,CAAA,CAAA;AACD,IAAQ,OAAA,CAAA,EAAA,CAAG,SAAS,CAAS,KAAA,KAAA;AAC3B,MAAA,IAAA,CAAK,OAAO,KAAM,CAAA,CAAA,oBAAA,EAAuB,KAAK,QAAQ,CAAA,EAAA,EAAK,KAAK,CAAE,CAAA,CAAA,CAAA;AAAA,KACnE,CAAA,CAAA;AAAA,GACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,kBAA6B,GAAA;AAC3B,IAAI,IAAA,CAAC,KAAK,QAAU,EAAA;AAClB,MAAM,MAAA,IAAI,MAAM,4BAA4B,CAAA,CAAA;AAAA,KAC9C;AACA,IAAA,OAAOC,mBAAG,CAAA,YAAA,CAAa,IAAK,CAAA,QAAA,EAAU,OAAO,CAAA,CAAA;AAAA,GAC/C;AAOF;;;;"}