@cedar-policy/cedar-wasm 3.2.0 → 3.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/web/README.md ADDED
@@ -0,0 +1,151 @@
1
+ # cedar-wasm
2
+
3
+ An implementation of various cedar functions to enable developers to write typescript and javascript applications using Cedar and wasm.
4
+
5
+ ## Installing
6
+
7
+ Installing is simple, just run `npm i @cedar-policy/cedar-wasm --save` or install with whatever your favorite package manager is.
8
+
9
+ ## Loading in webpack 5:
10
+
11
+ Minimal package.json for webpack including dev server:
12
+
13
+ ```
14
+ {
15
+ "name": "webpack-ts-tester",
16
+ "version": "1.0.0",
17
+ "description": "",
18
+ "private": true,
19
+ "scripts": {
20
+ "test": "echo \"Error: no test specified\" && exit 1",
21
+ "build": "webpack",
22
+ "dev": "webpack serve"
23
+ },
24
+ "keywords": [],
25
+ "author": "",
26
+ "license": "ISC",
27
+ "dependencies": {
28
+ "@cedar-policy/cedar-wasm": "3.2.0"
29
+ },
30
+ "devDependencies": {
31
+ "ts-loader": "^9.5.1",
32
+ "typescript": "^5.4.5",
33
+ "webpack": "^5.91.0",
34
+ "webpack-cli": "^5.1.4",
35
+ "webpack-dev-server": "^5.0.4"
36
+ }
37
+ }
38
+ ```
39
+
40
+ Minimal tsconfig:
41
+
42
+ ```
43
+ {
44
+ "compilerOptions": {
45
+ "outDir": "./dist/",
46
+ "noImplicitAny": true,
47
+ "module": "es2020",
48
+ "target": "es5",
49
+ "jsx": "react",
50
+ "allowJs": true,
51
+ "moduleResolution": "node"
52
+ }
53
+ }
54
+ ```
55
+
56
+ Configure webpack.config.js:
57
+
58
+ ```
59
+ const path = require('path');
60
+
61
+ module.exports = {
62
+ mode: 'development', // change this to suit you
63
+ entry: './src/index.ts',
64
+ module: {
65
+ rules: [
66
+ {
67
+ test: /\.tsx?$/,
68
+ use: 'ts-loader',
69
+ exclude: /node_modules/,
70
+ },
71
+ ],
72
+ },
73
+ resolve: {
74
+ extensions: ['.tsx', '.ts', '.js'],
75
+ },
76
+ output: {
77
+ filename: 'bundle.js',
78
+ path: path.resolve(__dirname, 'dist'),
79
+ },
80
+ experiments: {
81
+ asyncWebAssembly: true, // enables wasm support in webpack
82
+ },
83
+ devServer: {
84
+ static: {
85
+ directory: path.join(__dirname, 'dist'),
86
+ },
87
+ compress: true,
88
+ port: 8000,
89
+ }
90
+ };
91
+ ```
92
+
93
+ Finally, load the code from your `index.ts` file. We recommend dynamic imports:
94
+
95
+ ```
96
+ import('@cedar-policy/cedar-wasm').then(mod => {
97
+ // cache it globally here or invoke functions like mod.getCedarVersion();
98
+ });
99
+ ```
100
+
101
+
102
+
103
+ ## Loading in vite 5:
104
+
105
+ Starting from the vite typescript template, install these two dependencies to enable wasm:
106
+
107
+ ```
108
+ npm i --save-dev vite-plugin-top-level-await vite-plugin-wasm
109
+ ```
110
+
111
+ Then add those two plugins to your vite config in `vite.config.js`:
112
+
113
+ ```
114
+ import wasm from 'vite-plugin-wasm';
115
+ import topLevelAwait from 'vite-plugin-top-level-await';
116
+ import { defineConfig } from 'vite';
117
+
118
+ export default defineConfig({
119
+ plugins: [
120
+ wasm(),
121
+ topLevelAwait()
122
+ ]
123
+ });
124
+
125
+ ```
126
+
127
+ Finally, load the code. We recommend dynamic imports:
128
+
129
+ ```
130
+ import('@cedar-policy/cedar-wasm').then(mod => {
131
+ // cache it globally here or invoke functions like mod.getCedarVersion();
132
+ });
133
+ ```
134
+
135
+ ## Alternate loading strategies
136
+
137
+ If for some reason you cannot use es modules, we provide alternate sub-packages `web` and `nodejs` (defined as `exports` in the root package.json).
138
+
139
+ The `nodejs` subpackage uses `fs` and CommonJS modules. To use it, you can import it like so:
140
+
141
+ ```
142
+ const cedar = require('@cedar-policy/cedar-wasm/nodejs')
143
+ ```
144
+
145
+ The `web` subpackage exposes an `initSync` function that you can use to load Cedar in scenarios where you want to load the wasm binary async for whatever reason. Using the `web` subpackage may also be necessary with some `jest` setups. Here's how you use the `web` subpackage:
146
+
147
+ ```
148
+ const wasmBuffer = ... // `fetch` it or use `fs` to read it from `node_modules` in jest setupTests
149
+ import * as cedarJsBindings from '@cedar-policy/cedar-wasm/web';
150
+ cedarJsBindings.initSync(wasmBuffer);
151
+ ```
@@ -0,0 +1,313 @@
1
+ /* tslint:disable */
2
+ /* eslint-disable */
3
+ /**
4
+ * @param {string} json_str
5
+ * @returns {JsonToPolicyResult}
6
+ */
7
+ export function policyTextFromJson(json_str: string): JsonToPolicyResult;
8
+ /**
9
+ * @param {string} cedar_str
10
+ * @returns {PolicyToJsonResult}
11
+ */
12
+ export function policyTextToJson(cedar_str: string): PolicyToJsonResult;
13
+ /**
14
+ * @param {string} input_policies_str
15
+ * @returns {CheckParsePolicySetResult}
16
+ */
17
+ export function checkParsePolicySet(input_policies_str: string): CheckParsePolicySetResult;
18
+ /**
19
+ * @param {string} template_str
20
+ * @returns {CheckParseTemplateResult}
21
+ */
22
+ export function checkParseTemplate(template_str: string): CheckParseTemplateResult;
23
+ /**
24
+ * @param {string} input_schema
25
+ * @returns {CheckParseResult}
26
+ */
27
+ export function checkParseSchema(input_schema: string): CheckParseResult;
28
+ /**
29
+ * @param {string} entities_str
30
+ * @param {string} schema_str
31
+ * @returns {CheckParseResult}
32
+ */
33
+ export function checkParseEntities(entities_str: string, schema_str: string): CheckParseResult;
34
+ /**
35
+ * @param {string} context_str
36
+ * @param {string} action_str
37
+ * @param {string} schema_str
38
+ * @returns {CheckParseResult}
39
+ */
40
+ export function checkParseContext(context_str: string, action_str: string, schema_str: string): CheckParseResult;
41
+ /**
42
+ * @param {string} policies_str
43
+ * @param {number} line_width
44
+ * @param {number} indent_width
45
+ * @returns {FormattingResult}
46
+ */
47
+ export function formatPolicies(policies_str: string, line_width: number, indent_width: number): FormattingResult;
48
+ /**
49
+ * @returns {string}
50
+ */
51
+ export function getCedarVersion(): string;
52
+ /**
53
+ * @param {AuthorizationCall} call
54
+ * @returns {AuthorizationAnswer}
55
+ */
56
+ export function isAuthorized(call: AuthorizationCall): AuthorizationAnswer;
57
+ /**
58
+ * @param {ValidationCall} call
59
+ * @returns {ValidationAnswer}
60
+ */
61
+ export function validate(call: ValidationCall): ValidationAnswer;
62
+ export type JsonToPolicyResult = { type: "success"; policyText: string } | { type: "error"; errors: string[] };
63
+
64
+ export type PolicyToJsonResult = { type: "success"; policy: Policy } | { type: "error"; errors: string[] };
65
+
66
+ export type CheckParsePolicySetResult = { type: "success"; policies: number; templates: number } | { type: "error"; errors: string[] };
67
+
68
+ export type CheckParseTemplateResult = { type: "success"; slots: string[] } | { type: "error"; errors: string[] };
69
+
70
+ export type CheckParseResult = { type: "success" } | { type: "error"; errors: string[] };
71
+
72
+ export type FormattingResult = { type: "success"; formatted_policy: string } | { type: "error"; errors: string[] };
73
+
74
+ export type Schema = { human: string } | { json: SchemaJson };
75
+
76
+ export type PolicySet = string | Record<string, string>;
77
+
78
+ export interface SourceLocation {
79
+ start: number;
80
+ end: number;
81
+ }
82
+
83
+ export interface SourceLabel extends SourceLocation {
84
+ label: string | null;
85
+ }
86
+
87
+ export type Severity = "advice" | "warning" | "error";
88
+
89
+ export interface DetailedError {
90
+ message: string;
91
+ help: string | null;
92
+ code: string | null;
93
+ url: string | null;
94
+ severity: Severity | null;
95
+ sourceLocations?: SourceLabel[];
96
+ related?: DetailedError[];
97
+ }
98
+
99
+ export type ValidationAnswer = { type: "failure"; errors: DetailedError[]; warnings: DetailedError[] } | { type: "success"; validationErrors: ValidationError[]; validationWarnings: ValidationError[]; otherWarnings: DetailedError[] };
100
+
101
+ export interface ValidationError {
102
+ policyId: SmolStr;
103
+ error: DetailedError;
104
+ }
105
+
106
+ export type ValidationEnabled = "on" | "off";
107
+
108
+ export interface ValidationSettings {
109
+ enabled: ValidationEnabled;
110
+ }
111
+
112
+ export interface ValidationCall {
113
+ validationSettings?: ValidationSettings;
114
+ schema: Schema;
115
+ policySet: PolicySet;
116
+ }
117
+
118
+ export interface RecvdSlice {
119
+ policies: PolicySet;
120
+ entities: Array<EntityJson>;
121
+ templates?: Record<string, string> | null;
122
+ templateInstantiations: TemplateLink[] | null;
123
+ }
124
+
125
+ export type Links = Link[];
126
+
127
+ export interface TemplateLink {
128
+ templateId: string;
129
+ resultPolicyId: string;
130
+ instantiations: Links;
131
+ }
132
+
133
+ export interface Link {
134
+ slot: string;
135
+ value: EntityUIDStrings;
136
+ }
137
+
138
+ export interface EntityUIDStrings {
139
+ ty: string;
140
+ eid: string;
141
+ }
142
+
143
+ export interface AuthorizationCall {
144
+ principal: {type: string, id: string};
145
+ action: {type: string, id: string};
146
+ resource: {type: string, id: string};
147
+ context: Record<string, CedarValueJson>;
148
+ schema?: Schema;
149
+ enableRequestValidation?: boolean;
150
+ slice: RecvdSlice;
151
+ }
152
+
153
+ export type AuthorizationAnswer = { type: "failure"; errors: DetailedError[]; warnings: DetailedError[] } | { type: "success"; response: Response; warnings: DetailedError[] };
154
+
155
+ export interface AuthorizationError {
156
+ policyId: SmolStr;
157
+ error: DetailedError;
158
+ }
159
+
160
+ export interface Diagnostics {
161
+ reason: Set<String>;
162
+ errors: AuthorizationError[];
163
+ }
164
+
165
+ export interface Response {
166
+ decision: Decision;
167
+ diagnostics: Diagnostics;
168
+ }
169
+
170
+ export type SchemaTypeVariant = { type: "String" } | { type: "Long" } | { type: "Boolean" } | { type: "Set"; element: SchemaType } | { type: "Record"; attributes: Record<SmolStr, TypeOfAttribute>; additionalAttributes: boolean } | { type: "Entity"; name: Name } | { type: "Extension"; name: Id };
171
+
172
+ export type SchemaType = SchemaTypeVariant | { type: Name };
173
+
174
+ export interface ActionEntityUID {
175
+ id: SmolStr;
176
+ type?: Name;
177
+ }
178
+
179
+ export interface ApplySpec {
180
+ resourceTypes?: Name[];
181
+ principalTypes?: Name[];
182
+ context?: AttributesOrContext;
183
+ }
184
+
185
+ export interface ActionType {
186
+ attributes?: Record<SmolStr, CedarValueJson>;
187
+ appliesTo?: ApplySpec;
188
+ memberOf?: ActionEntityUID[];
189
+ }
190
+
191
+ export type AttributesOrContext = SchemaType;
192
+
193
+ export interface EntityType {
194
+ memberOfTypes?: Name[];
195
+ shape?: AttributesOrContext;
196
+ }
197
+
198
+ export interface NamespaceDefinition {
199
+ commonTypes?: Record<Id, SchemaType>;
200
+ entityTypes: Record<Id, EntityType>;
201
+ actions: Record<SmolStr, ActionType>;
202
+ }
203
+
204
+ export type SchemaJson = Record<string, NamespaceDefinition>;
205
+
206
+ export type EntityUidJson = { __expr: string } | { __entity: TypeAndId } | TypeAndId;
207
+
208
+ export interface FnAndArg {
209
+ fn: string;
210
+ arg: CedarValueJson;
211
+ }
212
+
213
+ export interface TypeAndId {
214
+ type: string;
215
+ id: string;
216
+ }
217
+
218
+ export type CedarValueJson = { __expr: string } | { __entity: TypeAndId } | { __extn: FnAndArg } | boolean | number | string | CedarValueJson[] | { [key: string]: CedarValueJson } | null;
219
+
220
+ export type Var = "principal" | "action" | "resource" | "context";
221
+
222
+ export type Effect = "permit" | "forbid";
223
+
224
+ export type Clause = { kind: "when"; body: Expr } | { kind: "unless"; body: Expr };
225
+
226
+ export interface Policy {
227
+ effect: Effect;
228
+ principal: PrincipalConstraint;
229
+ action: ActionConstraint;
230
+ resource: ResourceConstraint;
231
+ conditions: Clause[];
232
+ annotations?: Record<string, string>;
233
+ }
234
+
235
+ export interface EntityJson {
236
+ uid: EntityUidJson;
237
+ attrs: Record<string, CedarValueJson>;
238
+ parents: EntityUidJson[];
239
+ }
240
+
241
+ export type Decision = "Allow" | "Deny";
242
+
243
+ export type ActionInConstraint = { entity: EntityUidJson } | { entities: EntityUidJson[] };
244
+
245
+ export interface PrincipalOrResourceIsConstraint {
246
+ entity_type: string;
247
+ in?: PrincipalOrResourceInConstraint;
248
+ }
249
+
250
+ export type PrincipalOrResourceInConstraint = { entity: EntityUidJson } | { slot: string };
251
+
252
+ export type EqConstraint = { entity: EntityUidJson } | { slot: string };
253
+
254
+ export type ResourceConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & PrincipalOrResourceInConstraint) | ({ op: "is" } & PrincipalOrResourceIsConstraint);
255
+
256
+ export type ActionConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & ActionInConstraint);
257
+
258
+ export type PrincipalConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & PrincipalOrResourceInConstraint) | ({ op: "is" } & PrincipalOrResourceIsConstraint);
259
+
260
+ export type ExtFuncCall = {} & Record<string, Array<Expr>>;
261
+
262
+ export type ExprNoExt = { Value: CedarValueJson } | { Var: Var } | { Slot: string } | { Unknown: { name: string } } | { "!": { arg: Expr } } | { neg: { arg: Expr } } | { "==": { left: Expr; right: Expr } } | { "!=": { left: Expr; right: Expr } } | { in: { left: Expr; right: Expr } } | { "<": { left: Expr; right: Expr } } | { "<=": { left: Expr; right: Expr } } | { ">": { left: Expr; right: Expr } } | { ">=": { left: Expr; right: Expr } } | { "&&": { left: Expr; right: Expr } } | { "||": { left: Expr; right: Expr } } | { "+": { left: Expr; right: Expr } } | { "-": { left: Expr; right: Expr } } | { "*": { left: Expr; right: Expr } } | { contains: { left: Expr; right: Expr } } | { containsAll: { left: Expr; right: Expr } } | { containsAny: { left: Expr; right: Expr } } | { ".": { left: Expr; attr: SmolStr } } | { has: { left: Expr; attr: SmolStr } } | { like: { left: Expr; pattern: SmolStr } } | { is: { left: Expr; entity_type: SmolStr; in?: Expr } } | { "if-then-else": { if: Expr; then: Expr; else: Expr } } | { Set: Expr[] } | { Record: Record<string, Expr> };
263
+
264
+ export type Expr = ExprNoExt | ExtFuncCall;
265
+
266
+
267
+ export type InitInput = RequestInfo | URL | Response | BufferSource | WebAssembly.Module;
268
+
269
+ export interface InitOutput {
270
+ readonly memory: WebAssembly.Memory;
271
+ readonly policyTextFromJson: (a: number, b: number) => number;
272
+ readonly policyTextToJson: (a: number, b: number) => number;
273
+ readonly checkParsePolicySet: (a: number, b: number) => number;
274
+ readonly checkParseTemplate: (a: number, b: number) => number;
275
+ readonly checkParseSchema: (a: number, b: number) => number;
276
+ readonly checkParseEntities: (a: number, b: number, c: number, d: number) => number;
277
+ readonly checkParseContext: (a: number, b: number, c: number, d: number, e: number, f: number) => number;
278
+ readonly formatPolicies: (a: number, b: number, c: number, d: number) => number;
279
+ readonly getCedarVersion: (a: number) => void;
280
+ readonly isAuthorized: (a: number) => number;
281
+ readonly validate: (a: number) => number;
282
+ readonly __wbindgen_malloc: (a: number, b: number) => number;
283
+ readonly __wbindgen_realloc: (a: number, b: number, c: number, d: number) => number;
284
+ readonly __wbindgen_add_to_stack_pointer: (a: number) => number;
285
+ readonly __wbindgen_free: (a: number, b: number, c: number) => void;
286
+ readonly __wbindgen_exn_store: (a: number) => void;
287
+ }
288
+
289
+ export type SyncInitInput = BufferSource | WebAssembly.Module;
290
+ /**
291
+ * Instantiates the given `module`, which can either be bytes or
292
+ * a precompiled `WebAssembly.Module`.
293
+ *
294
+ * @param {SyncInitInput} module
295
+ *
296
+ * @returns {InitOutput}
297
+ */
298
+ export function initSync(module: SyncInitInput): InitOutput;
299
+
300
+ /**
301
+ * If `module_or_path` is {RequestInfo} or {URL}, makes a request and
302
+ * for everything else, calls `WebAssembly.instantiate` directly.
303
+ *
304
+ * @param {InitInput | Promise<InitInput>} module_or_path
305
+ *
306
+ * @returns {Promise<InitOutput>}
307
+ */
308
+ export default function __wbg_init (module_or_path?: InitInput | Promise<InitInput>): Promise<InitOutput>;
309
+ type SmolStr = string;
310
+ type Name = string;
311
+ type Id = string;
312
+ export type TypeOfAttribute = SchemaType & { required?: boolean };
313
+ export type Context = Record<string, CedarValueJson>;