@caracalai/admin 0.1.6-rc.2 → 0.2.0-rc.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/client.d.ts +70 -34
- package/dist/client.d.ts.map +1 -1
- package/dist/client.js +195 -65
- package/dist/client.js.map +1 -1
- package/dist/control.d.ts +36 -0
- package/dist/control.d.ts.map +1 -0
- package/dist/control.js +152 -0
- package/dist/control.js.map +1 -0
- package/dist/ensure.d.ts +74 -0
- package/dist/ensure.d.ts.map +1 -0
- package/dist/ensure.js +256 -0
- package/dist/ensure.js.map +1 -0
- package/dist/errors.d.ts +1 -1
- package/dist/errors.d.ts.map +1 -1
- package/dist/errors.js.map +1 -1
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +3 -1
- package/dist/index.js.map +1 -1
- package/dist/types.d.ts +152 -73
- package/dist/types.d.ts.map +1 -1
- package/package.json +4 -4
package/dist/client.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type {
|
|
1
|
+
import type { AuthorityRecord, AuthorityRecordQuery, Application, ApplicationInput, ApplicationPatchInput, AdminAuditEvent, AdminAuditQuery, AuditDetail, AuditEvent, AuditQuery, DCRInput, DecisionTrace, Delegation, DelegationImpact, DelegationTraversal, EffectiveAuthority, Grant, GrantInput, GrantQuery, SubjectIssuer, SubjectIssuerInput, SubjectIssuerPatch, Policy, PolicyInput, PolicySet, PolicySetActivationStatus, PolicySetSimulation, PolicySetVersion, PolicyTemplate, PolicyValidation, PolicyVersion, Provider, ProviderConnection, ProviderConnectionAuthorize, ProviderConnectionAuthorizeInput, ProviderConnectionInput, ProviderConnectionRevokeInput, ProviderInput, ProviderPatchInput, Resource, ResourceInput, Session, SessionQuery, SubjectRevokeInput, SubjectRevokeResult, StepUpChallenge, StepUpDecision, Workload, WorkloadUpdateInput, Zone, ZoneDcrStatus, ZoneInput, ZonePatchInput } from './types.js';
|
|
2
2
|
export interface AdminClientOptions {
|
|
3
3
|
apiUrl: string;
|
|
4
4
|
coordinatorUrl?: string;
|
|
@@ -8,6 +8,7 @@ export interface AdminClientOptions {
|
|
|
8
8
|
timeoutMs?: number;
|
|
9
9
|
retries?: number;
|
|
10
10
|
signal?: AbortSignal;
|
|
11
|
+
headers?: Record<string, string>;
|
|
11
12
|
}
|
|
12
13
|
export declare class AdminClient {
|
|
13
14
|
private readonly apiUrl;
|
|
@@ -18,8 +19,11 @@ export declare class AdminClient {
|
|
|
18
19
|
private readonly timeoutMs;
|
|
19
20
|
private readonly retries;
|
|
20
21
|
private readonly callerSignal;
|
|
22
|
+
private readonly defaultHeaders;
|
|
21
23
|
constructor(opts: AdminClientOptions);
|
|
24
|
+
withDefaultHeaders(headers: Record<string, string>): AdminClient;
|
|
22
25
|
private request;
|
|
26
|
+
private listAll;
|
|
23
27
|
zones: {
|
|
24
28
|
list: () => Promise<Zone[]>;
|
|
25
29
|
get: (id: string) => Promise<Zone>;
|
|
@@ -33,6 +37,10 @@ export declare class AdminClient {
|
|
|
33
37
|
get: (zoneId: string, id: string) => Promise<Application>;
|
|
34
38
|
create: (zoneId: string, input: ApplicationInput) => Promise<Application>;
|
|
35
39
|
patch: (zoneId: string, id: string, input: ApplicationPatchInput) => Promise<Application>;
|
|
40
|
+
rotateSecret: (zoneId: string, id: string) => Promise<Application>;
|
|
41
|
+
getClientSecret: (zoneId: string, id: string) => Promise<{
|
|
42
|
+
client_secret: string;
|
|
43
|
+
}>;
|
|
36
44
|
delete: (zoneId: string, id: string) => Promise<void>;
|
|
37
45
|
dcr: (zoneId: string, input: DCRInput) => Promise<Application>;
|
|
38
46
|
};
|
|
@@ -59,8 +67,8 @@ export declare class AdminClient {
|
|
|
59
67
|
version_id: string;
|
|
60
68
|
version: PolicyVersion;
|
|
61
69
|
}>;
|
|
62
|
-
validate: (content: string
|
|
63
|
-
addVersion: (zoneId: string, id: string, content: string
|
|
70
|
+
validate: (content: string) => Promise<PolicyValidation>;
|
|
71
|
+
addVersion: (zoneId: string, id: string, content: string) => Promise<PolicyVersion & {
|
|
64
72
|
version_id: string;
|
|
65
73
|
}>;
|
|
66
74
|
delete: (zoneId: string, id: string) => Promise<void>;
|
|
@@ -75,15 +83,18 @@ export declare class AdminClient {
|
|
|
75
83
|
create: (zoneId: string, name: string, description?: string) => Promise<PolicySet>;
|
|
76
84
|
addVersion: (zoneId: string, id: string, manifest: {
|
|
77
85
|
policy_version_id: string;
|
|
78
|
-
}[]
|
|
86
|
+
}[]) => Promise<PolicySetVersion & {
|
|
79
87
|
version_id: string;
|
|
80
88
|
}>;
|
|
89
|
+
listVersions: (zoneId: string, id: string) => Promise<PolicySetVersion[]>;
|
|
81
90
|
simulate: (zoneId: string, id: string, versionId: string, input?: Record<string, unknown>) => Promise<PolicySetSimulation>;
|
|
82
|
-
activate: (zoneId: string, id: string, versionId: string
|
|
91
|
+
activate: (zoneId: string, id: string, versionId: string) => Promise<{
|
|
83
92
|
activated: boolean;
|
|
84
93
|
version_id: string;
|
|
85
|
-
|
|
94
|
+
outbox_id: string;
|
|
95
|
+
status_url: string;
|
|
86
96
|
}>;
|
|
97
|
+
activationStatus: (zoneId: string, id: string, versionId?: string, outboxId?: string) => Promise<PolicySetActivationStatus>;
|
|
87
98
|
delete: (zoneId: string, id: string) => Promise<void>;
|
|
88
99
|
};
|
|
89
100
|
grants: {
|
|
@@ -92,16 +103,53 @@ export declare class AdminClient {
|
|
|
92
103
|
create: (zoneId: string, input: GrantInput) => Promise<Grant>;
|
|
93
104
|
revoke: (zoneId: string, id: string) => Promise<void>;
|
|
94
105
|
};
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
106
|
+
subjectIssuers: {
|
|
107
|
+
list: (zoneId: string) => Promise<SubjectIssuer[]>;
|
|
108
|
+
get: (zoneId: string, id: string) => Promise<SubjectIssuer>;
|
|
109
|
+
create: (zoneId: string, input: SubjectIssuerInput) => Promise<SubjectIssuer>;
|
|
110
|
+
patch: (zoneId: string, id: string, input: SubjectIssuerPatch) => Promise<SubjectIssuer>;
|
|
111
|
+
delete: (zoneId: string, id: string) => Promise<void>;
|
|
112
|
+
};
|
|
113
|
+
providerConnections: {
|
|
114
|
+
create: (zoneId: string, input: ProviderConnectionInput) => Promise<ProviderConnection>;
|
|
115
|
+
authorizeOAuth: (zoneId: string, input: ProviderConnectionAuthorizeInput) => Promise<ProviderConnectionAuthorize>;
|
|
116
|
+
revoke: (zoneId: string, input: ProviderConnectionRevokeInput) => Promise<ProviderConnection>;
|
|
117
|
+
};
|
|
118
|
+
workloads: {
|
|
119
|
+
list: (zoneId: string) => Promise<Workload[]>;
|
|
120
|
+
get: (zoneId: string, id: string) => Promise<Workload>;
|
|
121
|
+
create: (zoneId: string, input: {
|
|
122
|
+
name: string;
|
|
123
|
+
}) => Promise<Workload & {
|
|
124
|
+
secret: string;
|
|
125
|
+
}>;
|
|
126
|
+
update: (zoneId: string, id: string, input: WorkloadUpdateInput) => Promise<Workload>;
|
|
127
|
+
rotateSecret: (zoneId: string, id: string) => Promise<Workload & {
|
|
128
|
+
secret: string;
|
|
129
|
+
}>;
|
|
130
|
+
getSecret: (zoneId: string, id: string) => Promise<{
|
|
131
|
+
secret: string;
|
|
132
|
+
}>;
|
|
133
|
+
delete: (zoneId: string, id: string) => Promise<void>;
|
|
134
|
+
};
|
|
135
|
+
authorityRecords: {
|
|
136
|
+
list: (zoneId: string, query?: AuthorityRecordQuery) => Promise<AuthorityRecord[]>;
|
|
137
|
+
};
|
|
138
|
+
subjects: {
|
|
139
|
+
revoke: (zoneId: string, input: SubjectRevokeInput) => Promise<SubjectRevokeResult>;
|
|
99
140
|
};
|
|
100
141
|
sessions: {
|
|
101
142
|
list: (zoneId: string, query?: SessionQuery) => Promise<Session[]>;
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
143
|
+
get: (zoneId: string, sessionId: string) => Promise<Session>;
|
|
144
|
+
children: (zoneId: string, sessionId: string, query?: SessionQuery) => Promise<Session[]>;
|
|
145
|
+
suspend: (zoneId: string, sessionId: string) => Promise<{
|
|
146
|
+
suspended: true;
|
|
147
|
+
}>;
|
|
148
|
+
resume: (zoneId: string, sessionId: string) => Promise<{
|
|
149
|
+
resumed: true;
|
|
150
|
+
}>;
|
|
151
|
+
terminate: (zoneId: string, sessionId: string) => Promise<void>;
|
|
152
|
+
effectiveAuthority: (zoneId: string, sessionId: string) => Promise<EffectiveAuthority>;
|
|
105
153
|
};
|
|
106
154
|
audit: {
|
|
107
155
|
list: (zoneId: string, query?: AuditQuery) => Promise<AuditEvent[]>;
|
|
@@ -114,32 +162,20 @@ export declare class AdminClient {
|
|
|
114
162
|
stepUpChallenges: {
|
|
115
163
|
list: (zoneId: string) => Promise<StepUpChallenge[]>;
|
|
116
164
|
get: (zoneId: string, id: string) => Promise<StepUpChallenge>;
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
agents: {
|
|
120
|
-
list: (zoneId: string, query?: AgentListQuery) => Promise<AgentSession[]>;
|
|
121
|
-
get: (zoneId: string, id: string) => Promise<AgentSession>;
|
|
122
|
-
children: (zoneId: string, id: string) => Promise<AgentSession[]>;
|
|
123
|
-
suspend: (zoneId: string, id: string) => Promise<{
|
|
124
|
-
suspended: true;
|
|
125
|
-
}>;
|
|
126
|
-
resume: (zoneId: string, id: string) => Promise<{
|
|
127
|
-
resumed: true;
|
|
128
|
-
}>;
|
|
129
|
-
terminate: (zoneId: string, id: string) => Promise<void>;
|
|
130
|
-
effectiveAuthority: (zoneId: string, id: string) => Promise<EffectiveAuthority>;
|
|
165
|
+
approve: (zoneId: string, id: string, reason?: string) => Promise<StepUpDecision>;
|
|
166
|
+
reject: (zoneId: string, id: string, reason?: string) => Promise<StepUpDecision>;
|
|
131
167
|
};
|
|
132
168
|
delegations: {
|
|
133
169
|
active: (zoneId: string) => Promise<{
|
|
134
|
-
items:
|
|
170
|
+
items: Delegation[];
|
|
135
171
|
next_cursor: string | null;
|
|
136
172
|
}>;
|
|
137
|
-
inbound: (zoneId: string, sessionId: string) => Promise<
|
|
138
|
-
outbound: (zoneId: string, sessionId: string) => Promise<
|
|
139
|
-
traverse: (zoneId: string,
|
|
140
|
-
impact: (zoneId: string,
|
|
141
|
-
revoke: (zoneId: string,
|
|
142
|
-
|
|
173
|
+
inbound: (zoneId: string, sessionId: string) => Promise<Delegation[]>;
|
|
174
|
+
outbound: (zoneId: string, sessionId: string) => Promise<Delegation[]>;
|
|
175
|
+
traverse: (zoneId: string, delegationId: string) => Promise<DelegationTraversal[]>;
|
|
176
|
+
impact: (zoneId: string, delegationId: string) => Promise<DelegationImpact>;
|
|
177
|
+
revoke: (zoneId: string, delegationId: string) => Promise<{
|
|
178
|
+
revoked_delegations: number;
|
|
143
179
|
affected_sessions: number;
|
|
144
180
|
}>;
|
|
145
181
|
};
|
package/dist/client.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EACV,
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EACV,eAAe,EACf,oBAAoB,EACpB,WAAW,EACX,gBAAgB,EAChB,qBAAqB,EACrB,eAAe,EACf,eAAe,EACf,WAAW,EACX,UAAU,EACV,UAAU,EACV,QAAQ,EACR,aAAa,EACb,UAAU,EACV,gBAAgB,EAChB,mBAAmB,EACnB,kBAAkB,EAClB,KAAK,EACL,UAAU,EACV,UAAU,EACV,aAAa,EACb,kBAAkB,EAClB,kBAAkB,EAClB,MAAM,EACN,WAAW,EACX,SAAS,EACT,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EAChB,aAAa,EACb,QAAQ,EACR,kBAAkB,EAClB,2BAA2B,EAC3B,gCAAgC,EAChC,uBAAuB,EACvB,6BAA6B,EAC7B,aAAa,EACb,kBAAkB,EAClB,QAAQ,EACR,aAAa,EACb,OAAO,EACP,YAAY,EACZ,kBAAkB,EAClB,mBAAmB,EACnB,eAAe,EACf,cAAc,EACd,QAAQ,EACR,mBAAmB,EACnB,IAAI,EACJ,aAAa,EACb,SAAS,EACT,cAAc,EACf,MAAM,YAAY,CAAA;AAEnB,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAA;IACd,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,UAAU,EAAE,MAAM,CAAA;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,SAAS,CAAC,EAAE,OAAO,KAAK,CAAA;IACxB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,MAAM,CAAC,EAAE,WAAW,CAAA;IAGpB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACjC;AAkGD,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAQ;IAC/B,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAoB;IACnD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAQ;IACnC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAoB;IACrD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAc;IACtC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAQ;IAClC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAQ;IAChC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAyB;IACtD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAoC;gBAEvD,IAAI,EAAE,kBAAkB;IAepC,kBAAkB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,WAAW;YAclD,OAAO;YAyEP,OAAO;IAcrB,KAAK;;kBAEO,MAAM;wBACA,MAAM;wBACN,SAAS;oBACb,MAAM,SAAS,cAAc;qBAC5B,MAAM;MACpB;IAGD,YAAY;uBACK,MAAM;sBACP,MAAM,MAAM,MAAM;yBACf,MAAM,SAAS,gBAAgB;wBAEhC,MAAM,MAAM,MAAM,SAAS,qBAAqB;+BAIzC,MAAM,MAAM,MAAM;kCAIf,MAAM,MAAM,MAAM;2BACZ,MAAM;;yBACrB,MAAM,MAAM,MAAM;sBAOrB,MAAM,SAAS,QAAQ;MAEtC;IAGD,SAAS;uBACQ,MAAM;sBACP,MAAM,MAAM,MAAM;yBACf,MAAM,SAAS,aAAa;wBAK7B,MAAM,MAAM,MAAM,SAAS,OAAO,CAAC,aAAa,CAAC;yBAKhD,MAAM,MAAM,MAAM;MAEpC;IAGD,SAAS;uBACQ,MAAM;sBACP,MAAM,MAAM,MAAM;yBACf,MAAM,SAAS,aAAa;wBAE7B,MAAM,MAAM,MAAM,SAAS,kBAAkB;yBAE5C,MAAM,MAAM,MAAM;MAEpC;IAGD,QAAQ;uBACS,MAAM;sBACP,MAAM,MAAM,MAAM;sBAAuC,aAAa,EAAE;;yBACrE,MAAM,SAAS,WAAW;wBACL,MAAM;qBAAW,aAAa;;4BAIhD,MAAM;6BAKL,MAAM,MAAM,MAAM,WAAW,MAAM;wBACX,MAAM;;yBAIlC,MAAM,MAAM,MAAM;MAEpC;IAED,eAAe;;kBAEG,MAAM;MAMvB;IAGD,UAAU;uBACO,MAAM;sBACP,MAAM,MAAM,MAAM;yBACf,MAAM,QAAQ,MAAM,gBAAgB,MAAM;6BAKtC,MAAM,MAAM,MAAM,YAAY;YAAE,iBAAiB,EAAE,MAAM,CAAA;SAAE,EAAE;wBAClC,MAAM;;+BAI/B,MAAM,MAAM,MAAM;2BAEtB,MAAM,MAAM,MAAM,aAAa,MAAM,UAAU,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;2BAKtE,MAAM,MAAM,MAAM,aAAa,MAAM;uBAC5B,OAAO;wBAAc,MAAM;uBAAa,MAAM;wBAAc,MAAM;;mCAInE,MAAM,MAAM,MAAM,cAAc,MAAM,aAAa,MAAM;yBAOnE,MAAM,MAAM,MAAM;MAEpC;IAGD,MAAM;uBACW,MAAM,UAAU,UAAU;sBAC3B,MAAM,MAAM,MAAM;yBACf,MAAM,SAAS,UAAU;yBACzB,MAAM,MAAM,MAAM;MACpC;IAED,cAAc;uBACG,MAAM;sBACP,MAAM,MAAM,MAAM;yBACf,MAAM,SAAS,kBAAkB;wBAElC,MAAM,MAAM,MAAM,SAAS,kBAAkB;yBAE5C,MAAM,MAAM,MAAM;MAEpC;IAED,mBAAmB;yBACA,MAAM,SAAS,uBAAuB;iCAE9B,MAAM,SAAS,gCAAgC;yBAKvD,MAAM,SAAS,6BAA6B;MAE9D;IAGD,SAAS;uBACQ,MAAM;sBACP,MAAM,MAAM,MAAM;yBAGf,MAAM,SAAS;YAAE,IAAI,EAAE,MAAM,CAAA;SAAE;oBACZ,MAAM;;yBACzB,MAAM,MAAM,MAAM,SAAS,mBAAmB;+BAIxC,MAAM,MAAM,MAAM;oBACL,MAAM;;4BAGtB,MAAM,MAAM,MAAM;oBAA4B,MAAM;;yBACvD,MAAM,MAAM,MAAM;MAEpC;IAGD,gBAAgB;uBACO,MAAM,UAAU,oBAAoB;MAK1D;IAMD,QAAQ;yBACW,MAAM,SAAS,kBAAkB;MAEnD;IAGD,QAAQ;uBACe,MAAM,UAAU,YAAY;sBAK7B,MAAM,aAAa,MAAM;2BAEpB,MAAM,aAAa,MAAM,UAAU,YAAY;0BAQtD,MAAM,aAAa,MAAM;uBACf,IAAI;;yBACf,MAAM,aAAa,MAAM;qBAChB,IAAI;;4BACV,MAAM,aAAa,MAAM;qCAEV,MAAM,aAAa,MAAM;MAI7D;IAGD,KAAK;uBACkB,MAAM,UAAU,UAAU;4BAK3B,MAAM,aAAa,MAAM;0BAC3B,MAAM,aAAa,MAAM;MAE5C;IAED,UAAU;uBACa,MAAM,UAAU,eAAe;MAKrD;IAED,gBAAgB;uBACC,MAAM;sBACP,MAAM,MAAM,MAAM;0BACd,MAAM,MAAM,MAAM,WAAW,MAAM;yBAKpC,MAAM,MAAM,MAAM,WAAW,MAAM;MAKrD;IAGD,WAAW;yBACc,MAAM;;yBAnelB,MAAM,GAAG,IAAI;;0BAyeA,MAAM,aAAa,MAAM;2BAIxB,MAAM,aAAa,MAAM;2BAIzB,MAAM,gBAAgB,MAAM;yBAI9B,MAAM,gBAAgB,MAAM;yBAI5B,MAAM,gBAAgB,MAAM;;;;MAOpD;CACF"}
|
package/dist/client.js
CHANGED
|
@@ -1,11 +1,50 @@
|
|
|
1
1
|
// Copyright (C) 2026 Garudex Labs. All Rights Reserved.
|
|
2
2
|
// Caracal, a product of Garudex Labs
|
|
3
3
|
//
|
|
4
|
-
// AdminClient: typed wrapper over the Caracal
|
|
4
|
+
// AdminClient: typed wrapper over the Caracal Admin API and Coordinator.
|
|
5
5
|
import { AdminApiError } from './errors.js';
|
|
6
6
|
const DEFAULT_TIMEOUT_MS = 30_000;
|
|
7
7
|
const DEFAULT_RETRIES = 3;
|
|
8
8
|
const MAX_RETRY_AFTER_MS = 30_000;
|
|
9
|
+
const MAX_LIST_PAGES = 50;
|
|
10
|
+
function mapSession(row) {
|
|
11
|
+
const { agent_session_id, parent_id, subject_authority_record_id, ...rest } = row;
|
|
12
|
+
return {
|
|
13
|
+
...rest,
|
|
14
|
+
session_id: String(agent_session_id),
|
|
15
|
+
parent_session_id: parent_id === null ? null : String(parent_id),
|
|
16
|
+
authority_record_id: String(subject_authority_record_id),
|
|
17
|
+
};
|
|
18
|
+
}
|
|
19
|
+
function mapEffectiveAuthority(row) {
|
|
20
|
+
const { agent_session_id, inbound_edges, ...rest } = row;
|
|
21
|
+
return {
|
|
22
|
+
...rest,
|
|
23
|
+
session_id: String(agent_session_id),
|
|
24
|
+
inbound_delegations: Array.isArray(inbound_edges) ? inbound_edges : [],
|
|
25
|
+
};
|
|
26
|
+
}
|
|
27
|
+
function mapDelegationImpact(row) {
|
|
28
|
+
const { edge_id, affected_edges, affected_agents, ...rest } = row;
|
|
29
|
+
return {
|
|
30
|
+
...rest,
|
|
31
|
+
delegation_id: String(edge_id),
|
|
32
|
+
affected_delegations: Array.isArray(affected_edges) ? affected_edges.map(mapDelegationTraversal) : [],
|
|
33
|
+
affected_sessions: Array.isArray(affected_agents) ? affected_agents : [],
|
|
34
|
+
};
|
|
35
|
+
}
|
|
36
|
+
function mapDelegation(row) {
|
|
37
|
+
const { id, parent_edge_id, ...rest } = row;
|
|
38
|
+
return {
|
|
39
|
+
...rest,
|
|
40
|
+
delegation_id: String(id),
|
|
41
|
+
parent_delegation_id: parent_edge_id === null ? null : String(parent_edge_id),
|
|
42
|
+
};
|
|
43
|
+
}
|
|
44
|
+
function mapDelegationTraversal(row) {
|
|
45
|
+
const { id, ...rest } = row;
|
|
46
|
+
return { ...rest, delegation_id: String(id) };
|
|
47
|
+
}
|
|
9
48
|
function grantListQuery(query) {
|
|
10
49
|
if (!query)
|
|
11
50
|
return undefined;
|
|
@@ -47,6 +86,7 @@ export class AdminClient {
|
|
|
47
86
|
timeoutMs;
|
|
48
87
|
retries;
|
|
49
88
|
callerSignal;
|
|
89
|
+
defaultHeaders;
|
|
50
90
|
constructor(opts) {
|
|
51
91
|
this.apiUrl = opts.apiUrl.replace(/\/$/, '');
|
|
52
92
|
this.coordinatorUrl = opts.coordinatorUrl?.replace(/\/$/, '');
|
|
@@ -56,6 +96,23 @@ export class AdminClient {
|
|
|
56
96
|
this.timeoutMs = opts.timeoutMs ?? DEFAULT_TIMEOUT_MS;
|
|
57
97
|
this.retries = opts.retries ?? DEFAULT_RETRIES;
|
|
58
98
|
this.callerSignal = opts.signal;
|
|
99
|
+
this.defaultHeaders = opts.headers;
|
|
100
|
+
}
|
|
101
|
+
// Derives a client that shares this one's configuration but sends the given headers on every
|
|
102
|
+
// request, merged under any existing default headers. Used to attach request-scoped attribution
|
|
103
|
+
// to the control plane's in-process admin hop without mutating the shared client.
|
|
104
|
+
withDefaultHeaders(headers) {
|
|
105
|
+
return new AdminClient({
|
|
106
|
+
apiUrl: this.apiUrl,
|
|
107
|
+
coordinatorUrl: this.coordinatorUrl,
|
|
108
|
+
adminToken: this.adminToken,
|
|
109
|
+
coordinatorToken: this.coordinatorToken,
|
|
110
|
+
fetchImpl: this.doFetch,
|
|
111
|
+
timeoutMs: this.timeoutMs,
|
|
112
|
+
retries: this.retries,
|
|
113
|
+
signal: this.callerSignal,
|
|
114
|
+
headers: { ...this.defaultHeaders, ...headers },
|
|
115
|
+
});
|
|
59
116
|
}
|
|
60
117
|
async request(path, opts = {}) {
|
|
61
118
|
const base = opts.base === 'coordinator' ? this.coordinatorUrl : this.apiUrl;
|
|
@@ -71,7 +128,7 @@ export class AdminClient {
|
|
|
71
128
|
: [];
|
|
72
129
|
const qs = pairs.length ? '?' + pairs.join('&') : '';
|
|
73
130
|
const url = `${base}${path}${qs}`;
|
|
74
|
-
const headers = { Authorization: `Bearer ${token}`, ...opts.headers };
|
|
131
|
+
const headers = { Authorization: `Bearer ${token}`, ...this.defaultHeaders, ...opts.headers };
|
|
75
132
|
let body;
|
|
76
133
|
if (opts.body !== undefined) {
|
|
77
134
|
headers['Content-Type'] = 'application/json';
|
|
@@ -132,9 +189,26 @@ export class AdminClient {
|
|
|
132
189
|
}
|
|
133
190
|
throw lastErr ?? new Error('admin_request_exhausted');
|
|
134
191
|
}
|
|
192
|
+
// Drains a keyset-paginated collection by following next_cursor until exhausted, so a
|
|
193
|
+
// list is the complete collection rather than a silently truncated first page. The page
|
|
194
|
+
// cap bounds the walk against a server bug that never terminates the cursor chain.
|
|
195
|
+
async listAll(path, label, query) {
|
|
196
|
+
const items = [];
|
|
197
|
+
let cursor;
|
|
198
|
+
for (let page = 0; page < MAX_LIST_PAGES; page++) {
|
|
199
|
+
const response = await this.request(path, { query: { ...query, cursor } });
|
|
200
|
+
if (!Array.isArray(response.items))
|
|
201
|
+
throw new Error(`${label} response missing items`);
|
|
202
|
+
items.push(...response.items);
|
|
203
|
+
if (!response.next_cursor)
|
|
204
|
+
return items;
|
|
205
|
+
cursor = response.next_cursor;
|
|
206
|
+
}
|
|
207
|
+
throw new Error(`${label} pagination did not terminate`);
|
|
208
|
+
}
|
|
135
209
|
// Zones
|
|
136
210
|
zones = {
|
|
137
|
-
list: () => this.
|
|
211
|
+
list: () => this.listAll('/v1/zones', 'zones'),
|
|
138
212
|
get: (id) => this.request(`/v1/zones/${id}`),
|
|
139
213
|
dcrStatus: (id) => this.request(`/v1/zones/${id}/dcr-status`),
|
|
140
214
|
create: (input) => this.request('/v1/zones', { method: 'POST', body: input }),
|
|
@@ -143,10 +217,16 @@ export class AdminClient {
|
|
|
143
217
|
};
|
|
144
218
|
// Applications
|
|
145
219
|
applications = {
|
|
146
|
-
list: (zoneId) => this.
|
|
220
|
+
list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/applications`, 'applications'),
|
|
147
221
|
get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/applications/${id}`),
|
|
148
222
|
create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/applications`, { method: 'POST', body: input }),
|
|
149
223
|
patch: (zoneId, id, input) => this.request(`/v1/zones/${zoneId}/applications/${id}`, { method: 'PATCH', body: input }),
|
|
224
|
+
// Rotates the credential server-side; the response carries the plaintext secret and
|
|
225
|
+
// the sealed custody copy in the Secret Store is replaced with it.
|
|
226
|
+
rotateSecret: (zoneId, id) => this.request(`/v1/zones/${zoneId}/applications/${id}/rotate-secret`, { method: 'POST' }),
|
|
227
|
+
// Retrieves the client secret from Secret Store custody. Every call is recorded
|
|
228
|
+
// in the zone audit timeline as a credential reveal.
|
|
229
|
+
getClientSecret: (zoneId, id) => this.request(`/v1/zones/${zoneId}/applications/${id}/client-secret`),
|
|
150
230
|
delete: (zoneId, id) => this.request(`/v1/zones/${zoneId}/applications/${id}`, { method: 'DELETE', expectEmpty: true }),
|
|
151
231
|
// DCR (Dynamic Client Registration) is the sole programmatic path for minting
|
|
152
232
|
// short-lived self-registering client identities. Caracal does not create DCR
|
|
@@ -157,7 +237,7 @@ export class AdminClient {
|
|
|
157
237
|
};
|
|
158
238
|
// Resources
|
|
159
239
|
resources = {
|
|
160
|
-
list: (zoneId) => this.
|
|
240
|
+
list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/resources`, 'resources'),
|
|
161
241
|
get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/resources/${id}`),
|
|
162
242
|
create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/resources`, {
|
|
163
243
|
method: 'POST',
|
|
@@ -171,7 +251,7 @@ export class AdminClient {
|
|
|
171
251
|
};
|
|
172
252
|
// Providers
|
|
173
253
|
providers = {
|
|
174
|
-
list: (zoneId) => this.
|
|
254
|
+
list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/providers`, 'providers'),
|
|
175
255
|
get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/providers/${id}`),
|
|
176
256
|
create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/providers`, { method: 'POST', body: input }),
|
|
177
257
|
patch: (zoneId, id, input) => this.request(`/v1/zones/${zoneId}/providers/${id}`, { method: 'PATCH', body: input }),
|
|
@@ -179,19 +259,19 @@ export class AdminClient {
|
|
|
179
259
|
};
|
|
180
260
|
// Policies (immutable Rego versions)
|
|
181
261
|
policies = {
|
|
182
|
-
list: (zoneId) => this.
|
|
262
|
+
list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/policies`, 'policies'),
|
|
183
263
|
get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/policies/${id}`),
|
|
184
264
|
create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/policies`, {
|
|
185
265
|
method: 'POST',
|
|
186
266
|
body: input,
|
|
187
267
|
}),
|
|
188
|
-
validate: (content
|
|
268
|
+
validate: (content) => this.request('/v1/policies/validate', {
|
|
189
269
|
method: 'POST',
|
|
190
|
-
body: { content
|
|
270
|
+
body: { content },
|
|
191
271
|
}),
|
|
192
|
-
addVersion: (zoneId, id, content
|
|
272
|
+
addVersion: (zoneId, id, content) => this.request(`/v1/zones/${zoneId}/policies/${id}/versions`, {
|
|
193
273
|
method: 'POST',
|
|
194
|
-
body: { content
|
|
274
|
+
body: { content },
|
|
195
275
|
}),
|
|
196
276
|
delete: (zoneId, id) => this.request(`/v1/zones/${zoneId}/policies/${id}`, { method: 'DELETE', expectEmpty: true }),
|
|
197
277
|
};
|
|
@@ -207,61 +287,114 @@ export class AdminClient {
|
|
|
207
287
|
};
|
|
208
288
|
// Policy sets
|
|
209
289
|
policySets = {
|
|
210
|
-
list: (zoneId) => this.
|
|
290
|
+
list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/policy-sets`, 'policy sets'),
|
|
211
291
|
get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/policy-sets/${id}`),
|
|
212
292
|
create: (zoneId, name, description) => this.request(`/v1/zones/${zoneId}/policy-sets`, {
|
|
213
293
|
method: 'POST',
|
|
214
294
|
body: { name, description },
|
|
215
295
|
}),
|
|
216
|
-
addVersion: (zoneId, id, manifest
|
|
296
|
+
addVersion: (zoneId, id, manifest) => this.request(`/v1/zones/${zoneId}/policy-sets/${id}/versions`, {
|
|
217
297
|
method: 'POST',
|
|
218
|
-
body: { manifest
|
|
298
|
+
body: { manifest },
|
|
219
299
|
}),
|
|
300
|
+
listVersions: (zoneId, id) => this.listAll(`/v1/zones/${zoneId}/policy-sets/${id}/versions`, 'policy set versions'),
|
|
220
301
|
simulate: (zoneId, id, versionId, input) => this.request(`/v1/zones/${zoneId}/policy-sets/${id}/simulate`, {
|
|
221
302
|
method: 'POST',
|
|
222
303
|
body: { version_id: versionId, input },
|
|
223
304
|
}),
|
|
224
|
-
activate: (zoneId, id, versionId
|
|
305
|
+
activate: (zoneId, id, versionId) => this.request(`/v1/zones/${zoneId}/policy-sets/${id}/activate`, { method: 'POST', body: { version_id: versionId } }),
|
|
306
|
+
activationStatus: (zoneId, id, versionId, outboxId) => this.request(`/v1/zones/${zoneId}/policy-sets/${id}/activation-status`, {
|
|
307
|
+
query: {
|
|
308
|
+
...(versionId ? { version_id: versionId } : {}),
|
|
309
|
+
...(outboxId ? { outbox_id: outboxId } : {}),
|
|
310
|
+
},
|
|
311
|
+
}),
|
|
225
312
|
delete: (zoneId, id) => this.request(`/v1/zones/${zoneId}/policy-sets/${id}`, { method: 'DELETE', expectEmpty: true }),
|
|
226
313
|
};
|
|
227
314
|
// Grants
|
|
228
315
|
grants = {
|
|
229
|
-
list: (zoneId, query) => this.
|
|
316
|
+
list: (zoneId, query) => this.listAll(`/v1/zones/${zoneId}/grants`, 'grants', grantListQuery(query)),
|
|
230
317
|
get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/grants/${id}`),
|
|
231
318
|
create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/grants`, { method: 'POST', body: input }),
|
|
232
319
|
revoke: (zoneId, id) => this.request(`/v1/zones/${zoneId}/grants/${id}`, { method: 'DELETE', expectEmpty: true }),
|
|
233
320
|
};
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
|
|
321
|
+
subjectIssuers = {
|
|
322
|
+
list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/subject-issuers`, 'subject issuers'),
|
|
323
|
+
get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/subject-issuers/${id}`),
|
|
324
|
+
create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/subject-issuers`, { method: 'POST', body: input }),
|
|
325
|
+
patch: (zoneId, id, input) => this.request(`/v1/zones/${zoneId}/subject-issuers/${id}`, { method: 'PATCH', body: input }),
|
|
326
|
+
delete: (zoneId, id) => this.request(`/v1/zones/${zoneId}/subject-issuers/${id}`, { method: 'DELETE', expectEmpty: true }),
|
|
238
327
|
};
|
|
239
|
-
|
|
240
|
-
|
|
328
|
+
providerConnections = {
|
|
329
|
+
create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/provider-connections`, { method: 'POST', body: input }),
|
|
330
|
+
authorizeOAuth: (zoneId, input) => this.request(`/v1/zones/${zoneId}/provider-connections/oauth/authorize`, {
|
|
331
|
+
method: 'POST',
|
|
332
|
+
body: input,
|
|
333
|
+
}),
|
|
334
|
+
revoke: (zoneId, input) => this.request(`/v1/zones/${zoneId}/provider-connections/revoke`, { method: 'POST', body: input }),
|
|
335
|
+
};
|
|
336
|
+
// Workloads (launcher identities and their credential bindings for caracal run)
|
|
337
|
+
workloads = {
|
|
338
|
+
list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/workloads`, 'workloads'),
|
|
339
|
+
get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/workloads/${id}`),
|
|
340
|
+
// The response carries the plaintext workload secret; a sealed custody copy stays
|
|
341
|
+
// retrievable through getSecret.
|
|
342
|
+
create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/workloads`, { method: 'POST', body: input }),
|
|
343
|
+
update: (zoneId, id, input) => this.request(`/v1/zones/${zoneId}/workloads/${id}`, { method: 'PUT', body: input }),
|
|
344
|
+
// Rotates the credential server-side; the response carries the plaintext secret and
|
|
345
|
+
// the sealed custody copy in the Secret Store is replaced with it.
|
|
346
|
+
rotateSecret: (zoneId, id) => this.request(`/v1/zones/${zoneId}/workloads/${id}/rotate-secret`, { method: 'POST' }),
|
|
347
|
+
// Retrieves the workload secret from Secret Store custody. Every call is recorded
|
|
348
|
+
// in the zone audit timeline as a credential reveal.
|
|
349
|
+
getSecret: (zoneId, id) => this.request(`/v1/zones/${zoneId}/workloads/${id}/secret`),
|
|
350
|
+
delete: (zoneId, id) => this.request(`/v1/zones/${zoneId}/workloads/${id}`, { method: 'DELETE', expectEmpty: true }),
|
|
351
|
+
};
|
|
352
|
+
// Authority records issued by STS. Revocation is performed through the owning authority operation.
|
|
353
|
+
authorityRecords = {
|
|
241
354
|
list: async (zoneId, query) => {
|
|
242
|
-
const response = await this.request(`/v1/zones/${zoneId}/
|
|
243
|
-
if (!Array.isArray(response.
|
|
244
|
-
throw new Error('
|
|
245
|
-
return response.
|
|
355
|
+
const response = await this.request(`/v1/zones/${zoneId}/authority-records`, { query: { ...query } });
|
|
356
|
+
if (!Array.isArray(response.items))
|
|
357
|
+
throw new Error('authority-records response missing items');
|
|
358
|
+
return response.items;
|
|
246
359
|
},
|
|
247
360
|
};
|
|
248
|
-
//
|
|
249
|
-
//
|
|
250
|
-
|
|
361
|
+
// Subjects: the kill switch. One call cuts every authority path a subject
|
|
362
|
+
// holds - session records, governed sessions riding them, delegations, and
|
|
363
|
+
// provider connections - and feeds the revocation stream so in-flight
|
|
364
|
+
// mandates die before their exp. Idempotent.
|
|
365
|
+
subjects = {
|
|
366
|
+
revoke: (zoneId, input) => this.request(`/v1/zones/${zoneId}/subjects/revoke`, { method: 'POST', body: input }),
|
|
367
|
+
};
|
|
368
|
+
// Governed sessions. Reads use the Admin API; lifecycle operations map to Coordinator wire routes.
|
|
369
|
+
sessions = {
|
|
251
370
|
list: async (zoneId, query) => {
|
|
252
|
-
const response = await this.request(`/v1/zones/${zoneId}/
|
|
253
|
-
if (!Array.isArray(response.
|
|
254
|
-
throw new Error('
|
|
255
|
-
return response.
|
|
371
|
+
const response = await this.request(`/v1/zones/${zoneId}/sessions`, { query: { ...query } });
|
|
372
|
+
if (!Array.isArray(response.items))
|
|
373
|
+
throw new Error('sessions response missing items');
|
|
374
|
+
return response.items;
|
|
375
|
+
},
|
|
376
|
+
get: async (zoneId, sessionId) => mapSession(await this.request(`/zones/${zoneId}/agents/${sessionId}`, { base: 'coordinator' })),
|
|
377
|
+
children: async (zoneId, sessionId, query) => {
|
|
378
|
+
const response = await this.request(`/zones/${zoneId}/agents/${sessionId}/children`, {
|
|
379
|
+
base: 'coordinator',
|
|
380
|
+
query: { ...query },
|
|
381
|
+
});
|
|
382
|
+
if (!Array.isArray(response.items))
|
|
383
|
+
throw new Error('session children response missing items');
|
|
384
|
+
return response.items.map(mapSession);
|
|
256
385
|
},
|
|
386
|
+
suspend: (zoneId, sessionId) => this.request(`/zones/${zoneId}/agents/${sessionId}/suspend`, { method: 'PATCH', base: 'coordinator' }),
|
|
387
|
+
resume: (zoneId, sessionId) => this.request(`/zones/${zoneId}/agents/${sessionId}/resume`, { method: 'PATCH', base: 'coordinator' }),
|
|
388
|
+
terminate: (zoneId, sessionId) => this.request(`/zones/${zoneId}/agents/${sessionId}`, { method: 'DELETE', base: 'coordinator', expectEmpty: true }),
|
|
389
|
+
effectiveAuthority: async (zoneId, sessionId) => mapEffectiveAuthority(await this.request(`/zones/${zoneId}/agents/${sessionId}/effective-authority`, { base: 'coordinator' })),
|
|
257
390
|
};
|
|
258
391
|
// Audit
|
|
259
392
|
audit = {
|
|
260
393
|
list: async (zoneId, query) => {
|
|
261
394
|
const response = await this.request(`/v1/zones/${zoneId}/audit`, { query: { ...query } });
|
|
262
|
-
if (!Array.isArray(response.
|
|
263
|
-
throw new Error('audit response missing
|
|
264
|
-
return response.
|
|
395
|
+
if (!Array.isArray(response.items))
|
|
396
|
+
throw new Error('audit response missing items');
|
|
397
|
+
return response.items;
|
|
265
398
|
},
|
|
266
399
|
byRequest: (zoneId, requestId) => this.request(`/v1/zones/${zoneId}/audit/by-request/${requestId}`),
|
|
267
400
|
explain: (zoneId, requestId) => this.request(`/v1/zones/${zoneId}/audit/by-request/${requestId}/explain`),
|
|
@@ -269,42 +402,39 @@ export class AdminClient {
|
|
|
269
402
|
adminAudit = {
|
|
270
403
|
list: async (zoneId, query) => {
|
|
271
404
|
const response = await this.request(`/v1/zones/${zoneId}/admin-audit`, { query: { ...query } });
|
|
272
|
-
if (!Array.isArray(response.
|
|
273
|
-
throw new Error('admin audit response missing
|
|
274
|
-
return response.
|
|
405
|
+
if (!Array.isArray(response.items))
|
|
406
|
+
throw new Error('admin audit response missing items');
|
|
407
|
+
return response.items;
|
|
275
408
|
},
|
|
276
409
|
};
|
|
277
410
|
stepUpChallenges = {
|
|
278
|
-
list: (zoneId) => this.
|
|
411
|
+
list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/step-up-challenges`, 'step-up challenges'),
|
|
279
412
|
get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/step-up-challenges/${id}`),
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
return response.items;
|
|
289
|
-
},
|
|
290
|
-
get: (zoneId, id) => this.request(`/zones/${zoneId}/agents/${id}`, { base: 'coordinator' }),
|
|
291
|
-
children: (zoneId, id) => this.request(`/zones/${zoneId}/agents/${id}/children`, { base: 'coordinator' }),
|
|
292
|
-
suspend: (zoneId, id) => this.request(`/zones/${zoneId}/agents/${id}/suspend`, { method: 'PATCH', base: 'coordinator' }),
|
|
293
|
-
resume: (zoneId, id) => this.request(`/zones/${zoneId}/agents/${id}/resume`, { method: 'PATCH', base: 'coordinator' }),
|
|
294
|
-
terminate: (zoneId, id) => this.request(`/zones/${zoneId}/agents/${id}`, { method: 'DELETE', base: 'coordinator', expectEmpty: true }),
|
|
295
|
-
effectiveAuthority: (zoneId, id) => this.request(`/zones/${zoneId}/agents/${id}/effective-authority`, { base: 'coordinator' }),
|
|
413
|
+
approve: (zoneId, id, reason) => this.request(`/v1/zones/${zoneId}/step-up-challenges/${id}/approve`, {
|
|
414
|
+
method: 'POST',
|
|
415
|
+
body: reason ? { reason } : {},
|
|
416
|
+
}),
|
|
417
|
+
reject: (zoneId, id, reason) => this.request(`/v1/zones/${zoneId}/step-up-challenges/${id}/reject`, {
|
|
418
|
+
method: 'POST',
|
|
419
|
+
body: reason ? { reason } : {},
|
|
420
|
+
}),
|
|
296
421
|
};
|
|
297
422
|
// Delegations (coordinator)
|
|
298
423
|
delegations = {
|
|
299
|
-
active: (zoneId) =>
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
}),
|
|
424
|
+
active: async (zoneId) => {
|
|
425
|
+
const response = await this.request(`/zones/${zoneId}/delegations/active`, {
|
|
426
|
+
base: 'coordinator',
|
|
427
|
+
});
|
|
428
|
+
return { ...response, items: response.items.map(mapDelegation) };
|
|
429
|
+
},
|
|
430
|
+
inbound: async (zoneId, sessionId) => (await this.request(`/zones/${zoneId}/delegations/inbound/${sessionId}`, { base: 'coordinator' })).map(mapDelegation),
|
|
431
|
+
outbound: async (zoneId, sessionId) => (await this.request(`/zones/${zoneId}/delegations/outbound/${sessionId}`, { base: 'coordinator' })).map(mapDelegation),
|
|
432
|
+
traverse: async (zoneId, delegationId) => (await this.request(`/zones/${zoneId}/delegations/${delegationId}/traverse`, { base: 'coordinator' })).map(mapDelegationTraversal),
|
|
433
|
+
impact: async (zoneId, delegationId) => mapDelegationImpact(await this.request(`/zones/${zoneId}/delegations/${delegationId}/impact`, { base: 'coordinator' })),
|
|
434
|
+
revoke: async (zoneId, delegationId) => {
|
|
435
|
+
const response = await this.request(`/zones/${zoneId}/delegations/${delegationId}/revoke`, { method: 'PATCH', base: 'coordinator' });
|
|
436
|
+
return { revoked_delegations: response.revoked_edges, affected_sessions: response.affected_sessions };
|
|
437
|
+
},
|
|
308
438
|
};
|
|
309
439
|
}
|
|
310
440
|
//# sourceMappingURL=client.js.map
|