npm - @cap-js/ord - Versions diffs - 1.8.0 → 1.9.1 - Mend

@cap-js/ord 1.8.0 → 1.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

package/README.md +10 -5
package/lib/auth/authentication.js +30 -33
package/lib/auth/cf-mtls.js +5 -5
package/lib/build.js +1 -3
package/lib/common/placeholders.js +6 -0
package/lib/common/slice.js +72 -0
package/lib/common/utils.js +190 -0
package/lib/configuration.js +33 -88
package/lib/constants.js +2 -32
package/lib/defaults.js +27 -128
package/lib/extend-ord-with-custom.js +82 -51
package/lib/interop-csn.js +23 -11
package/lib/logger.js +1 -3
package/lib/meta-data.js +14 -26
package/lib/ord.js +59 -122
package/lib/protocol-resolver.js +26 -83
package/lib/services/ord-service.js +30 -6
package/lib/templates/api-resource.js +283 -0
package/lib/templates/entity-type.js +121 -0
package/lib/templates/event-resource.js +161 -0
package/lib/templates/group.js +50 -0
package/lib/templates/integration-dependency.js +98 -0
package/lib/templates/package.js +91 -0
package/lib/templates/product.js +57 -0
package/package.json +6 -4
package/data/well-known.json +0 -14
package/lib/access-strategies.js +0 -172
package/lib/date.js +0 -17
package/lib/integration-dependency.js +0 -126
package/lib/templates.js +0 -625

package/README.md CHANGED Viewed

@@ -114,7 +114,7 @@ This will output something like `admin:$2y$05$...` - use only the hash part (sta
 #### CF mTLS Authentication
-Configure Cloud Foundry mutual TLS authentication for SAP BTP Cloud Foundry environments.
+Configure Cloud Foundry mutual TLS authentication for SAP BTP Cloud Foundry environments. Possible values include 'sap:cmp-mtls:v1' and 'sap.businesshub:mtls:v1'.
 **Production Configuration with UCL (Recommended)**
@@ -131,9 +131,11 @@ For SAP UCL (Unified Customer Landscape) integration, enable mTLS in `.cdsrc.jso
 ```
 ```bash
+# Example configuration of the CF_MTLS_TRUSTED_CERTS environment variable
 export CF_MTLS_TRUSTED_CERTS='{
   "configEndpoints": ["https://your-ucl-endpoint/v1/info"],
-  "rootCaDn": ["CN=SAP Cloud Root CA,O=SAP SE,L=Walldorf,C=DE"]
+  "rootCaDn": ["CN=SAP Cloud Root CA,O=SAP SE,L=Walldorf,C=DE"],
+  "accessStrategies": ["sap:cmp-mtls:v1", "sap.businesshub:mtls:v1"]
 }'
 ```
@@ -142,9 +144,11 @@ export CF_MTLS_TRUSTED_CERTS='{
 For custom certificates without UCL:
 ```bash
+# Example configuration of the CF_MTLS_TRUSTED_CERTS environment variable
 export CF_MTLS_TRUSTED_CERTS='{
   "certs": [{"issuer": "CN=My CA,O=MyOrg", "subject": "CN=my-service,O=MyOrg"}],
-  "rootCaDn": ["CN=My Root CA,O=MyOrg"]
+  "rootCaDn": ["CN=My Root CA,O=MyOrg"],
+  "accessStrategies": ["sap:cmp-mtls:v1", "sap.businesshub:mtls:v1"]
 }'
 ```
@@ -157,13 +161,14 @@ For local development, configure the full mTLS settings directly in `.cdsrc.json
     "ord": {
         "authentication": {
             "cfMtls": {
+                "rootCaDn": ["CN=Test Root CA,O=MyOrg,C=DE"],
+                "accessStrategies": ["sap:cmp-mtls:v1","sap.businesshub:mtls:v1"],
                 "certs": [
                     {
                         "issuer": "CN=Test CA,O=MyOrg,C=DE",
                         "subject": "CN=test-client,O=MyOrg,C=DE"
                     }
-                ],
-                "rootCaDn": ["CN=Test Root CA,O=MyOrg,C=DE"]
+                ]
             }
         }
     }

package/lib/auth/authentication.js CHANGED Viewed

@@ -23,9 +23,8 @@
  */
 const cds = require("@sap/cds");
-const { AUTHENTICATION_TYPE, BASIC_AUTH_HEADER_KEY, AUTH_STRINGS, CF_MTLS_HEADERS } = require("../constants");
+const { ORD_ACCESS_STRATEGY, BASIC_AUTH_HEADER_KEY, AUTH_STRINGS, CF_MTLS_HEADERS } = require("../constants");
 const Logger = require("../logger");
-const { getAccessStrategiesFromAuthConfig } = require("../access-strategies");
 const bcrypt = require("bcryptjs");
 const { createCfMtlsConfig, handleCfMtlsAuthentication } = require("./cf-mtls");
@@ -102,10 +101,10 @@ async function ensureCfMtlsValidator(authConfig) {
  * 1. Environment variables (BASIC_AUTH, CF_MTLS_TRUSTED_CERTS) - for production deployments
  * 2. .cdsrc.json settings (cds.env.ord.authentication.basic, cds.env.ord.authentication.cfMtls) - for development and testing
  *
- * Authentication types are automatically detected based on the presence of configuration:
- * - If cds.env.ord.authentication.basic exists → Basic authentication enabled
+ * Access strategies are automatically detected based on the presence of configuration:
+ * - If cds.env.ord.authentication.basic exists → 'basic-auth' is enabled
  * - If cds.env.ord.authentication.cfMtls exists → CF mTLS authentication enabled
- * - Multiple authentication types can coexist and are tried in order
+ * - Multiple access strategies can coexist and are tried in order
  * - Open authentication is the default when no secure authentication is configured
  *
  * This approach follows the 12-Factor App principles where environment variables
@@ -118,12 +117,11 @@ async function ensureCfMtlsValidator(authConfig) {
  */
 function createAuthConfig() {
     const defaultAuthConfig = {
-        types: [AUTHENTICATION_TYPE.Open],
-        accessStrategies: [{ type: AUTHENTICATION_TYPE.Open }],
+        accessStrategies: [ORD_ACCESS_STRATEGY.Open],
     };
     try {
-        const authConfig = { types: [] };
+        const authConfig = { accessStrategies: [] };
         const ordAuth = cds.env.ord?.authentication || {};
         // Detect Basic authentication by checking for credentials
@@ -145,30 +143,30 @@ function createAuthConfig() {
                 }
             }
-            authConfig.types.push(AUTHENTICATION_TYPE.Basic);
+            authConfig.accessStrategies.push(ORD_ACCESS_STRATEGY.Basic);
             authConfig.credentials = credentials;
         }
         // Detect CF mTLS authentication by checking for cfMtls config
         if (process.env.CF_MTLS_TRUSTED_CERTS || ordAuth.cfMtls) {
-            authConfig.types.push(AUTHENTICATION_TYPE.CfMtls);
+            const { accessStrategies } = JSON.parse(
+                process.env.CF_MTLS_TRUSTED_CERTS ??
+                    JSON.stringify(typeof ordAuth.cfMtls === "object" ? ordAuth.cfMtls : {}),
+            );
             // Mark for lazy initialization - validator will be loaded on first use
             authConfig.cfMtlsValidator = null;
             authConfig._cfMtlsInitPromise = null;
+            authConfig.accessStrategies.push(...(accessStrategies ?? [ORD_ACCESS_STRATEGY.CmpMtls]));
         }
-        // If no authentication types detected, default to Open
-        if (authConfig.types.length === 0) {
+        // If no access strategies detected, default to Open
+        if (authConfig.accessStrategies.length === 0) {
             Logger.info("createAuthConfig:", 'No authentication configured. Defaulting to "Open" authentication');
             return defaultAuthConfig;
         }
-        // Build accessStrategies for ORD document using centralized mapping logic
-        // This ensures consistent mapping between auth types and ORD access strategies
-        // All mapping logic is centralized in lib/access-strategies.js
-        authConfig.accessStrategies = getAccessStrategiesFromAuthConfig(authConfig);
-        Logger.info("createAuthConfig:", `Configured authentication types: ${authConfig.types.join(", ")}`);
+        Logger.info("createAuthConfig:", `Configured access strategies: ${authConfig.accessStrategies.join(", ")}`);
         return authConfig;
     } catch (error) {
         Logger.error("createAuthConfig:", `Configuration error: ${error.message}`);
@@ -264,9 +262,10 @@ async function openAuthStrategy() {
  * Strategy registry mapping authentication types to their handlers
  */
 const AUTH_STRATEGIES = {
-    [AUTHENTICATION_TYPE.Basic]: basicAuthStrategy,
-    [AUTHENTICATION_TYPE.CfMtls]: cfMtlsAuthStrategy,
-    [AUTHENTICATION_TYPE.Open]: openAuthStrategy,
+    [ORD_ACCESS_STRATEGY.Open]: openAuthStrategy,
+    [ORD_ACCESS_STRATEGY.Basic]: basicAuthStrategy,
+    [ORD_ACCESS_STRATEGY.CmpMtls]: cfMtlsAuthStrategy,
+    [ORD_ACCESS_STRATEGY.BahMtls]: cfMtlsAuthStrategy,
 };
 /**
@@ -279,13 +278,13 @@ const AUTH_STRATEGIES = {
 function createAuthMiddleware(authConfig) {
     return async function authenticate(req, res, next) {
         // Handle invalid configuration
-        if (!authConfig || !authConfig.types || !Array.isArray(authConfig.types)) {
+        if (!authConfig || !authConfig.accessStrategies || !Array.isArray(authConfig.accessStrategies)) {
             Logger.error("Invalid auth configuration:", authConfig);
             return res.status(401).send("Not authorized");
         }
         // If open authentication, allow immediately
-        if (authConfig.types.includes(AUTHENTICATION_TYPE.Open)) {
+        if (authConfig.accessStrategies.includes(ORD_ACCESS_STRATEGY.Open)) {
             res.status(200);
             return next();
         }
@@ -293,17 +292,15 @@ function createAuthMiddleware(authConfig) {
         // Try each registered authentication strategy
         const results = [];
-        for (const authType of authConfig.types) {
-            const strategy = AUTH_STRATEGIES[authType];
-            if (!strategy) {
-                Logger.warn(`Unknown authentication type: ${authType}`);
+        for (const strategy of authConfig.accessStrategies) {
+            if (!Object.values(ORD_ACCESS_STRATEGY).includes(strategy)) {
+                Logger.warn(`Unknown access strategy: ${strategy}`);
                 continue;
             }
             try {
-                const result = await strategy(req, res, authConfig);
-                results.push({ type: authType, ...result });
+                const result = await AUTH_STRATEGIES[strategy](req, res, authConfig);
+                results.push({ type: strategy, ...result });
                 if (result.success) {
                     res.status(200);
@@ -315,8 +312,8 @@ function createAuthMiddleware(authConfig) {
                     return;
                 }
             } catch (error) {
-                Logger.error(`Error in ${authType} authentication:`, error.message);
-                results.push({ type: authType, success: false, handled: true, error: error.message });
+                Logger.error(`Error in ${strategy} authentication:`, error.message);
+                results.push({ type: strategy, success: false, handled: true, error: error.message });
             }
         }
@@ -328,7 +325,7 @@ function createAuthMiddleware(authConfig) {
             // No authentication method was attempted
             const wwwAuthHeaders = [];
-            if (authConfig.types.includes(AUTHENTICATION_TYPE.Basic)) {
+            if (authConfig.accessStrategies.includes(ORD_ACCESS_STRATEGY.Basic)) {
                 wwwAuthHeaders.push(AUTH_STRINGS.WWW_AUTHENTICATE_REALM);
             }

package/lib/auth/cf-mtls.js CHANGED Viewed

@@ -341,12 +341,12 @@ async function createCfMtlsConfig(cds, Logger) {
  * @param {Object} res - Express response object
  * @param {Object} authConfig - Authentication configuration
  * @param {Function} authConfig.cfMtlsValidator - CF mTLS validator function
- * @param {Array} authConfig.types - Array of enabled authentication types
+ * @param {Array<string>} authConfig.accessStrategies - Array of enabled access strategies
  * @param {Object} Logger - Logger instance for error messages
  * @returns {Object} Result object with success flag and optional next() call
  */
 function handleCfMtlsAuthentication(req, res, authConfig, Logger) {
-    const { AUTHENTICATION_TYPE, CF_MTLS_ERROR_REASON, AUTH_STRINGS } = require("../constants");
+    const { ORD_ACCESS_STRATEGY, CF_MTLS_ERROR_REASON, AUTH_STRINGS } = require("../constants");
     const result = authConfig.cfMtlsValidator(req);
     if (result.ok) {
@@ -361,7 +361,7 @@ function handleCfMtlsAuthentication(req, res, authConfig, Logger) {
     if (result.reason === CF_MTLS_ERROR_REASON.XFCC_VERIFICATION_FAILED) {
         Logger.error("CF mTLS authentication failed: Missing proxy verification");
         // If Basic auth is also configured, provide fallback
-        if (authConfig.types.includes(AUTHENTICATION_TYPE.Basic)) {
+        if (authConfig.accessStrategies.includes(ORD_ACCESS_STRATEGY.Basic)) {
             res.status(401)
                 .setHeader("WWW-Authenticate", AUTH_STRINGS.WWW_AUTHENTICATE_REALM)
                 .send("Authentication required.");
@@ -373,7 +373,7 @@ function handleCfMtlsAuthentication(req, res, authConfig, Logger) {
     if (result.reason === CF_MTLS_ERROR_REASON.NO_HEADERS) {
         // If Basic auth is also configured, provide a more informative message
-        if (authConfig.types.includes(AUTHENTICATION_TYPE.Basic)) {
+        if (authConfig.accessStrategies.includes(ORD_ACCESS_STRATEGY.Basic)) {
             res.status(401)
                 .setHeader("WWW-Authenticate", AUTH_STRINGS.WWW_AUTHENTICATE_REALM)
                 .send("Authentication required.");
@@ -386,7 +386,7 @@ function handleCfMtlsAuthentication(req, res, authConfig, Logger) {
     if (result.reason === CF_MTLS_ERROR_REASON.HEADER_MISSING) {
         Logger.error(`CF mTLS authentication failed: Missing header ${result.missing}`);
         // If Basic auth is also configured, provide fallback
-        if (authConfig.types.includes(AUTHENTICATION_TYPE.Basic)) {
+        if (authConfig.accessStrategies.includes(ORD_ACCESS_STRATEGY.Basic)) {
             res.status(401)
                 .setHeader("WWW-Authenticate", AUTH_STRINGS.WWW_AUTHENTICATE_REALM)
                 .send("Authentication required.");

package/lib/build.js CHANGED Viewed

@@ -58,9 +58,7 @@ module.exports = class OrdBuildPlugin extends cds.build.Plugin {
     }
     _createRelativePath(url) {
-        let relative = url.split("/ord/v1").pop();
-        if (relative.startsWith("/")) relative = relative.slice(1);
-        return path.join(...relative.replace(/:/g, "_").split("/"));
+        return url.replace(/^\/ord\/v1\//, "").replace(/:/g, "_");
     }
     _createWorkerPool(tasks, model) {

package/lib/common/placeholders.js ADDED Viewed

@@ -0,0 +1,6 @@
+module.exports = {
+    replace: (value, context) => {
+        return Object.entries(context) //
+            .reduce((result, [key, value]) => result?.replaceAll(`{${key}}`, value), value);
+    },
+};

package/lib/common/slice.js ADDED Viewed

@@ -0,0 +1,72 @@
+const ordMainPartKeys = Object.freeze([
+    "groups",
+    "$schema",
+    "packages",
+    "products",
+    "groupTypes",
+    "description",
+    "perspective",
+    "policyLevel",
+    "policyLevels",
+    "customPolicyLevel",
+    "consumptionBundles",
+    "describedSystemType",
+    "openResourceDiscovery",
+    "describedSystemVersion",
+    "describedSystemInstance",
+]);
+function getFileSizeInBytes(document) {
+    return Buffer.byteLength(JSON.stringify(document), "utf8");
+}
+function slice(document, limit, chunk = 100) {
+    if (getFileSizeInBytes(document) < limit) {
+        return [document];
+    }
+    const slices = [];
+    const ord = Object.fromEntries(
+        Object.entries(document) //
+            .filter(([key, value]) => ordMainPartKeys.includes(key) || !Array.isArray(value) || !value.length),
+    );
+    let slice = {};
+    let sliceSize = 2; // getFileSizeInBytes({});
+    const adjustedLimit = limit - getFileSizeInBytes(ord);
+    Object.entries(document)
+        .filter(([key]) => !(key in ord))
+        .forEach(([key, value]) => {
+            let start = 0;
+            for (let i = 0; i < value.length; i += chunk) {
+                const remaining = adjustedLimit - sliceSize;
+                const additional = getFileSizeInBytes({
+                    [key]: value.slice(start, i + chunk),
+                });
+                if (remaining < additional) {
+                    if (i > 0 || Object.keys(slice).length > 0) {
+                        slices.push(Object.assign(slice, i === 0 ? {} : { [key]: value.slice(start, i) }));
+                    }
+                    // prepare for the next slice
+                    start = i;
+                    slice = {};
+                    sliceSize = 2; // getFileSizeInBytes({});
+                }
+            }
+            slice = Object.assign(slice, { [key]: value.slice(start) });
+            sliceSize = getFileSizeInBytes(slice);
+        });
+    slices.push(slice);
+    return slices.map((slice) => Object.assign(slice, ord));
+}
+module.exports = {
+    slice,
+};

package/lib/common/utils.js ADDED Viewed

@@ -0,0 +1,190 @@
+const _ = require("lodash");
+const cds = require("@sap/cds");
+const Logger = require("../logger");
+const {
+    ENTITY_RELATIONSHIP_ANNOTATION,
+    DATA_PRODUCT_ANNOTATION,
+    DATA_PRODUCT_TYPE,
+    DATA_PRODUCT_SIMPLE_ANNOTATION,
+    ORD_EXTENSIONS_PREFIX,
+    RESOURCE_VISIBILITY,
+    ALLOWED_VISIBILITY,
+    SUPPORTED_IMPLEMENTATIONSTANDARD_VERSIONS,
+    EXTERNAL_SERVICE_ANNOTATION,
+    EXTERNAL_DP_ORD_ID_ANNOTATION,
+    CDS_ELEMENT_KIND,
+    ORD_ACCESS_STRATEGY,
+} = require("../constants");
+const DEFAULT_ACCESS_STRATEGIES = Object.freeze([ORD_ACCESS_STRATEGY.Open]);
+function prune(object) {
+    return Object.fromEntries(
+        Object.entries(object)
+            .filter(([, value]) => value !== null && value !== undefined) // remove empty fields
+            .filter(([, value]) => typeof value !== "object" || Object.keys(value).length > 0), // remove empty arrays/objects
+    );
+}
+function getRFC3339Date() {
+    const now = new Date();
+    const year = now.getUTCFullYear();
+    const month = String(now.getUTCMonth() + 1).padStart(2, "0");
+    const day = String(now.getUTCDate()).padStart(2, "0");
+    const hours = String(now.getUTCHours()).padStart(2, "0");
+    const minutes = String(now.getUTCMinutes()).padStart(2, "0");
+    const seconds = String(now.getUTCSeconds()).padStart(2, "0");
+    return `${year}-${month}-${day}T${hours}:${minutes}:${seconds}+01:00`;
+}
+function isPrimaryDataProductService(service) {
+    return service[DATA_PRODUCT_ANNOTATION] === DATA_PRODUCT_TYPE.primary || !!service[DATA_PRODUCT_SIMPLE_ANNOTATION];
+}
+function resolveVisibility(appConfig, service) {
+    const explicit = service["@ORD.Extensions.visibility"];
+    const standard = service["@ORD.Extensions.implementationStandard"];
+    let defaultVisibility = appConfig.env?.defaultVisibility ?? RESOURCE_VISIBILITY.public;
+    //check for supported custom visibility value in defaultVisibility variable
+    if (!ALLOWED_VISIBILITY.includes(defaultVisibility)) {
+        Logger.warn(
+            `Default visibility ${defaultVisibility} is not supported. Using ${RESOURCE_VISIBILITY.public} as fallback`,
+        );
+        defaultVisibility = RESOURCE_VISIBILITY.public;
+    }
+    // Determine visibility
+    if (isPrimaryDataProductService(service)) {
+        return RESOURCE_VISIBILITY.internal;
+    } else if (explicit) {
+        return service["@ORD.Extensions.visibility"];
+    } else if (SUPPORTED_IMPLEMENTATIONSTANDARD_VERSIONS.includes(standard)) {
+        // if the implementationStandard is for example sap:ord-document-api:v1, it should be public by default
+        return RESOURCE_VISIBILITY.public;
+    }
+    return defaultVisibility;
+}
+function resolveServiceName(appConfig, { name }) {
+    return (
+        [
+            appConfig.internalNamespace, //
+            appConfig.ordNamespace, //
+        ]
+            .filter(Boolean)
+            .filter((namespace) => name === namespace || name.startsWith(`${namespace}.`))
+            .map((namespace) => name.substring(namespace.length))
+            .shift()
+            ?.replace(/^\./, "") ?? name
+    );
+}
+function flattenEntityGraph(current, processed = []) {
+    return [
+        current, //
+        ...Object.values(current.associations ?? []) //
+            .filter(({ target }) => !processed.includes(target))
+            .flatMap(({ target, _target }) => {
+                processed.push(target);
+                return flattenEntityGraph(_target, processed);
+            }),
+    ];
+}
+function readORDExtensions(model, prefix = ORD_EXTENSIONS_PREFIX) {
+    return Object.entries(model) //
+        .filter(([key]) => key.startsWith(prefix))
+        .map(([key, value]) => [key.substring(prefix.length), value])
+        .reduce((result, [key, value]) => _.set(result, key, value), {});
+}
+function isExternalDataProduct(definition) {
+    return !!(
+        definition.kind === "service" &&
+        definition[EXTERNAL_SERVICE_ANNOTATION] &&
+        definition[DATA_PRODUCT_SIMPLE_ANNOTATION] &&
+        definition[EXTERNAL_DP_ORD_ID_ANNOTATION]
+    );
+}
+function isExposedEntityType(definition) {
+    return (
+        !definition.name.includes(".texts") &&
+        definition[ENTITY_RELATIONSHIP_ANNOTATION] &&
+        definition.kind === CDS_ELEMENT_KIND.entity &&
+        definition["_service"]?.["@protocol"] !== "none" &&
+        !isBlockedServiceName(definition["_service"]?.name)
+    );
+}
+function isBlockedServiceName(name) {
+    return ["cds.xt.MTXServices", "MtxOrdProviderService", "OpenResourceDiscoveryService"] //
+        .some((blocked) => name?.includes(blocked));
+}
+function isValidService(definition) {
+    const isExternalService =
+        Object.keys(cds).includes("requires") && Object.keys(cds.requires).includes(definition.name);
+    return (
+        !isExternalService &&
+        !definition["@cds.external"] &&
+        definition["@protocol"] !== "none" &&
+        !isBlockedServiceName(definition.name) &&
+        definition.kind === CDS_ELEMENT_KIND.service
+    );
+}
+function isEventsOnlyService(definition) {
+    return (
+        Object.keys(definition.events || {}).length > 0 &&
+        ["actions", "entities", "functions"].every((key) => Object.keys(definition[key] || {}).length === 0)
+    );
+}
+function resolveAccessStrategies(authConfig, options = {}) {
+    const isStrict = options?.strict ?? cds.env.ord?.strictAccessStrategies === true;
+    const strategies = _.uniq(authConfig.accessStrategies ?? [])
+        .flatMap((strategy) => {
+            if (!Object.values(ORD_ACCESS_STRATEGY).includes(strategy)) {
+                Logger.warn("resolveAccessStrategies:", `Unknown access strategy type '${strategy}', skipping`);
+                return null;
+            }
+            return strategy;
+        })
+        .filter(Boolean); // Remove null entries
+    if (isStrict && strategies.length === 0) {
+        throw new Error("[ORD] accessStrategies missing or empty for resource. Strict mode is enabled");
+    }
+    if (strategies.length > 1 && strategies.includes(ORD_ACCESS_STRATEGY.Open)) {
+        throw new Error(
+            "Invalid access strategies: 'open' cannot coexist with authenticated strategies (basic-auth, sap:cmp-mtls:v1, sap.businesshub:mtls:v1)",
+        );
+    }
+    return (strategies.length > 0 ? strategies : DEFAULT_ACCESS_STRATEGIES) //
+        .map((strategy) => ({ type: strategy }));
+}
+module.exports = {
+    prune,
+    isValidService,
+    getRFC3339Date,
+    readORDExtensions,
+    resolveVisibility,
+    flattenEntityGraph,
+    resolveServiceName,
+    isExposedEntityType,
+    isEventsOnlyService,
+    isBlockedServiceName,
+    isExternalDataProduct,
+    resolveAccessStrategies,
+    isPrimaryDataProductService,
+};