@cedar-policy/cedar-wasm 3.3.0 → 4.0.1

package/esm/cedar_wasm.d.ts

@@ -1,79 +1,180 @@
 /* tslint:disable */
 /* eslint-disable */
 /**
-* @param {string} json_str
-* @returns {JsonToPolicyResult}
+* Get valid request environment
+* @param {Template} t
+* @param {Schema} s
+* @returns {GetValidRequestEnvsResult}
 */
-export function policyTextFromJson(json_str: string): JsonToPolicyResult;
+export function getValidRequestEnvsTemplate(t: Template, s: Schema): GetValidRequestEnvsResult;
 /**
-* @param {string} cedar_str
-* @returns {PolicyToJsonResult}
+* Get valid request environment
+* @param {Policy} t
+* @param {Schema} s
+* @returns {GetValidRequestEnvsResult}
 */
-export function policyTextToJson(cedar_str: string): PolicyToJsonResult;
+export function getValidRequestEnvsPolicy(t: Policy, s: Schema): GetValidRequestEnvsResult;
 /**
-* @param {string} input_policies_str
-* @returns {CheckParsePolicySetResult}
+* @returns {string}
 */
-export function checkParsePolicySet(input_policies_str: string): CheckParsePolicySetResult;
+export function getCedarVersion(): string;
 /**
-* @param {string} template_str
-* @returns {CheckParseTemplateResult}
+* Basic interface, using [`AuthorizationCall`] and [`AuthorizationAnswer`] types
+* @param {AuthorizationCall} call
+* @returns {AuthorizationAnswer}
 */
-export function checkParseTemplate(template_str: string): CheckParseTemplateResult;
+export function isAuthorized(call: AuthorizationCall): AuthorizationAnswer;
 /**
-* @param {string} policies_str
-* @param {number} line_width
-* @param {number} indent_width
-* @returns {FormattingResult}
+* Parse a policy set and optionally validate it against a provided schema
+*
+* This is the basic validator interface, using [`ValidationCall`] and
+* [`ValidationAnswer`] types
+* @param {ValidationCall} call
+* @returns {ValidationAnswer}
 */
-export function formatPolicies(policies_str: string, line_width: number, indent_width: number): FormattingResult;
+export function validate(call: ValidationCall): ValidationAnswer;
 /**
-* @param {string} input_schema
-* @returns {CheckParseResult}
+* Apply the Cedar policy formatter to a policy set in the Cedar policy format
+* @param {FormattingCall} call
+* @returns {FormattingAnswer}
 */
-export function checkParseSchema(input_schema: string): CheckParseResult;
+export function formatPolicies(call: FormattingCall): FormattingAnswer;
 /**
-* @param {string} entities_str
-* @param {string} schema_str
-* @returns {CheckParseResult}
+* Return the Cedar (textual) representation of a policy.
+* @param {Policy} policy
+* @returns {PolicyToTextAnswer}
 */
-export function checkParseEntities(entities_str: string, schema_str: string): CheckParseResult;
+export function policyToText(policy: Policy): PolicyToTextAnswer;
 /**
-* @param {string} context_str
-* @param {string} action_str
-* @param {string} schema_str
-* @returns {CheckParseResult}
+* Return the Cedar (textual) representation of a template.
+* @param {Template} template
+* @returns {PolicyToTextAnswer}
 */
-export function checkParseContext(context_str: string, action_str: string, schema_str: string): CheckParseResult;
+export function templateToText(template: Template): PolicyToTextAnswer;
 /**
-* @returns {string}
+* Return the JSON representation of a policy.
+* @param {Policy} policy
+* @returns {PolicyToJsonAnswer}
 */
-export function getCedarVersion(): string;
+export function policyToJson(policy: Policy): PolicyToJsonAnswer;
 /**
-* @param {AuthorizationCall} call
-* @returns {AuthorizationAnswer}
+* Return the JSON representation of a template.
+* @param {Template} template
+* @returns {PolicyToJsonAnswer}
 */
-export function isAuthorized(call: AuthorizationCall): AuthorizationAnswer;
+export function templateToJson(template: Template): PolicyToJsonAnswer;
 /**
-* @param {ValidationCall} call
-* @returns {ValidationAnswer}
+* Return the Cedar (textual) representation of a schema.
+* @param {Schema} schema
+* @returns {SchemaToTextAnswer}
 */
-export function validate(call: ValidationCall): ValidationAnswer;
-export type JsonToPolicyResult = { type: "success"; policyText: string } | { type: "error"; errors: string[] };
+export function schemaToText(schema: Schema): SchemaToTextAnswer;
+/**
+* Return the JSON representation of a schema.
+* @param {Schema} schema
+* @returns {SchemaToJsonAnswer}
+*/
+export function schemaToJson(schema: Schema): SchemaToJsonAnswer;
+/**
+* Check whether a policy set successfully parses.
+* @param {PolicySet} policies
+* @returns {CheckParseAnswer}
+*/
+export function checkParsePolicySet(policies: PolicySet): CheckParseAnswer;
+/**
+* Check whether a schema successfully parses.
+* @param {Schema} schema
+* @returns {CheckParseAnswer}
+*/
+export function checkParseSchema(schema: Schema): CheckParseAnswer;
+/**
+* Check whether a set of entities successfully parses.
+* @param {EntitiesParsingCall} call
+* @returns {CheckParseAnswer}
+*/
+export function checkParseEntities(call: EntitiesParsingCall): CheckParseAnswer;
+/**
+* Check whether a context successfully parses.
+* @param {ContextParsingCall} call
+* @returns {CheckParseAnswer}
+*/
+export function checkParseContext(call: ContextParsingCall): CheckParseAnswer;
+export type GetValidRequestEnvsResult = { type: "success"; principals: string[]; actions: string[]; resources: string[] } | { type: "failure"; error: string };
+
+export type SlotId = string;
+
+export type PolicyId = string;
+
+export interface Response {
+    decision: Decision;
+    diagnostics: Diagnostics;
+}
+
+export interface Diagnostics {
+    reason: PolicyId[];
+    errors: AuthorizationError[];
+}
 
-export type PolicyToJsonResult = { type: "success"; policy: Policy } | { type: "error"; errors: string[] };
+export interface AuthorizationError {
+    policyId: string;
+    error: DetailedError;
+}
 
-export type CheckParsePolicySetResult = { type: "success"; policies: number; templates: number } | { type: "error"; errors: string[] };
+export type AuthorizationAnswer = { type: "failure"; errors: DetailedError[]; warnings: DetailedError[] } | { type: "success"; response: Response; warnings: DetailedError[] };
 
-export type CheckParseTemplateResult = { type: "success"; slots: string[] } | { type: "error"; errors: string[] };
+export interface AuthorizationCall {
+    principal: EntityUid;
+    action: EntityUid;
+    resource: EntityUid;
+    context: Context;
+    schema?: Schema;
+    validateRequest?: boolean;
+    policies: PolicySet;
+    entities: Entities;
+}
 
-export type FormattingResult = { type: "success"; formatted_policy: string } | { type: "error"; errors: string[] };
+export interface ValidationCall {
+    validationSettings?: ValidationSettings;
+    schema: Schema;
+    policies: PolicySet;
+}
 
-export type CheckParseResult = { type: "success" } | { type: "error"; errors: string[] };
+export interface ValidationSettings {
+    mode: ValidationMode;
+}
 
-export type Schema = { human: string } | { json: SchemaJson };
+export interface ValidationError {
+    policyId: string;
+    error: DetailedError;
+}
+
+export type ValidationAnswer = { type: "failure"; errors: DetailedError[]; warnings: DetailedError[] } | { type: "success"; validationErrors: ValidationError[]; validationWarnings: ValidationError[]; otherWarnings: DetailedError[] };
+
+export type Schema = string | SchemaJson<string>;
 
-export type PolicySet = string | Record<string, string>;
+export interface PolicySet {
+    staticPolicies?: StaticPolicySet;
+    templates?: Record<PolicyId, Template>;
+    templateLinks?: TemplateLink[];
+}
+
+export interface TemplateLink {
+    templateId: PolicyId;
+    newId: PolicyId;
+    values: Record<SlotId, EntityUid>;
+}
+
+export type StaticPolicySet = string | Policy[] | Record<PolicyId, Policy>;
+
+export type Template = string | PolicyJson;
+
+export type Policy = string | PolicyJson;
+
+export type Entities = Array<EntityJson>;
+
+export type Context = Record<string, CedarValueJson>;
+
+export type EntityUid = EntityUidJson;
 
 export interface SourceLocation {
     start: number;
@@ -96,112 +197,114 @@ export interface DetailedError {
     related?: DetailedError[];
 }
 
-export type ValidationAnswer = { type: "failure"; errors: DetailedError[]; warnings: DetailedError[] } | { type: "success"; validationErrors: ValidationError[]; validationWarnings: ValidationError[]; otherWarnings: DetailedError[] };
+export type ValidationMode = "strict";
 
-export interface ValidationError {
-    policyId: SmolStr;
-    error: DetailedError;
+export interface FormattingCall {
+    policyText: string;
+    lineWidth?: number;
+    indentWidth?: number;
 }
 
-export type ValidationEnabled = "on" | "off";
+export type FormattingAnswer = { type: "failure"; errors: DetailedError[] } | { type: "success"; formatted_policy: string };
 
-export interface ValidationSettings {
-    enabled: ValidationEnabled;
-}
+export type PolicyToTextAnswer = { type: "success"; text: string } | { type: "failure"; errors: DetailedError[] };
 
-export interface ValidationCall {
-    validationSettings?: ValidationSettings;
-    schema: Schema;
-    policySet: PolicySet;
-}
+export type PolicyToJsonAnswer = { type: "success"; json: PolicyJson } | { type: "failure"; errors: DetailedError[] };
 
-export interface RecvdSlice {
-    policies: PolicySet;
-    entities: Array<EntityJson>;
-    templates?: Record<string, string> | null;
-    templateInstantiations: TemplateLink[] | null;
-}
+export type SchemaToTextAnswer = { type: "success"; text: string; warnings: DetailedError[] } | { type: "failure"; errors: DetailedError[] };
 
-export type Links = Link[];
+export type SchemaToJsonAnswer = { type: "success"; json: SchemaJson<string>; warnings: DetailedError[] } | { type: "failure"; errors: DetailedError[] };
 
-export interface TemplateLink {
-    templateId: string;
-    resultPolicyId: string;
-    instantiations: Links;
-}
+export type CheckParseAnswer = { type: "success" } | { type: "failure"; errors: DetailedError[] };
 
-export interface Link {
-    slot: string;
-    value: EntityUIDStrings;
+export interface EntitiesParsingCall {
+    entities: Entities;
+    schema?: Schema | null;
 }
 
-export interface EntityUIDStrings {
-    ty: string;
-    eid: string;
+export interface ContextParsingCall {
+    context: Context;
+    schema?: Schema | null;
+    action?: EntityUid | null;
 }
 
-export interface AuthorizationCall {
-    principal: {type: string, id: string};
-    action: {type: string, id: string};
-    resource: {type: string, id: string};
-    context: Record<string, CedarValueJson>;
-    schema?: Schema;
-    enableRequestValidation?: boolean;
-    slice: RecvdSlice;
+export type RecordAttributeType<N> = { required?: boolean } & Type<N>;
+
+export type EntityAttributeType<N> = { required?: boolean } & EntityAttributeTypeInternal<N>;
+
+export type EntityAttributeTypeInternal<N> = { Type: Type<N> } | { EAMap: { value_type: Type<N> } };
+
+export type TypeVariant<N> = { type: "String" } | { type: "Long" } | { type: "Boolean" } | { type: "Set"; element: Type<N> } | ({ type: "Record" } & RecordType<RecordAttributeType<N>>) | { type: "Entity"; name: N } | { type: "EntityOrCommon"; name: N } | { type: "Extension"; name: UnreservedId };
+
+export interface RecordType<V> {
+    attributes: Record<SmolStr, V>;
+    additionalAttributes?: boolean;
 }
 
-export type AuthorizationAnswer = { type: "failure"; errors: DetailedError[]; warnings: DetailedError[] } | { type: "success"; response: Response; warnings: DetailedError[] };
+export type Type<N> = TypeVariant<N> | { type: N };
 
-export interface AuthorizationError {
-    policyId: SmolStr;
-    error: DetailedError;
+export interface ActionEntityUID<N> {
+    id: SmolStr;
+    type?: N;
 }
 
-export interface Diagnostics {
-    reason: Set<String>;
-    errors: AuthorizationError[];
+export interface ApplySpec<N> {
+    resourceTypes: N[];
+    principalTypes: N[];
+    context?: RecordOrContextAttributes<N>;
 }
 
-export interface Response {
-    decision: Decision;
-    diagnostics: Diagnostics;
+export interface ActionType<N> {
+    attributes?: Record<SmolStr, CedarValueJson>;
+    appliesTo?: ApplySpec<N>;
+    memberOf?: ActionEntityUID<N>[];
 }
 
-export type SchemaTypeVariant = { type: "String" } | { type: "Long" } | { type: "Boolean" } | { type: "Set"; element: SchemaType } | { type: "Record"; attributes: Record<SmolStr, TypeOfAttribute>; additionalAttributes: boolean } | { type: "Entity"; name: Name } | { type: "Extension"; name: Id };
+export interface EntityAttributesInternal<N> extends RecordType<EntityAttributeType<N>> {
+    type: "Record";
+}
 
-export type SchemaType = SchemaTypeVariant | { type: Name };
+export type EntityAttributes<N> = RecordOrContextAttributes<N> | EntityAttributesInternal<N>;
 
-export interface ActionEntityUID {
-    id: SmolStr;
-    type?: Name;
-}
+export type RecordOrContextAttributes<N> = Type<N>;
 
-export interface ApplySpec {
-    resourceTypes?: Name[];
-    principalTypes?: Name[];
-    context?: AttributesOrContext;
+export interface EntityType<N> {
+    memberOfTypes?: N[];
+    shape?: EntityAttributes<N>;
 }
 
-export interface ActionType {
-    attributes?: Record<SmolStr, CedarValueJson>;
-    appliesTo?: ApplySpec;
-    memberOf?: ActionEntityUID[];
+export interface NamespaceDefinition<N> {
+    commonTypes?: Record<CommonTypeId, Type<N>>;
+    entityTypes: Record<UnreservedId, EntityType<N>>;
+    actions: Record<SmolStr, ActionType<N>>;
 }
 
-export type AttributesOrContext = SchemaType;
+export type CommonTypeId = string;
+
+export type SchemaJson<N> = Record<string, NamespaceDefinition<N>>;
+
+export type Clause = { kind: "when"; body: Expr } | { kind: "unless"; body: Expr };
 
-export interface EntityType {
-    memberOfTypes?: Name[];
-    shape?: AttributesOrContext;
+export interface PolicyJson {
+    effect: Effect;
+    principal: PrincipalConstraint;
+    action: ActionConstraint;
+    resource: ResourceConstraint;
+    conditions: Clause[];
+    annotations?: Record<string, string>;
 }
 
-export interface NamespaceDefinition {
-    commonTypes?: Record<Id, SchemaType>;
-    entityTypes: Record<Id, EntityType>;
-    actions: Record<SmolStr, ActionType>;
+export type Decision = "allow" | "deny";
+
+export interface EntityJson {
+    uid: EntityUidJson;
+    attrs: Record<string, CedarValueJson>;
+    parents: EntityUidJson[];
 }
 
-export type SchemaJson = Record<string, NamespaceDefinition>;
+export type UnreservedId = string;
+
+export type Var = "principal" | "action" | "resource" | "context";
 
 export type ActionInConstraint = { entity: EntityUidJson } | { entities: EntityUidJson[] };
 
@@ -220,7 +323,7 @@ export type ActionConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | (
 
 export type PrincipalConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & PrincipalOrResourceInConstraint) | ({ op: "is" } & PrincipalOrResourceIsConstraint);
 
-export type EntityUidJson = { __expr: string } | { __entity: TypeAndId } | TypeAndId;
+export type EntityUidJson = { __entity: TypeAndId } | TypeAndId;
 
 export interface FnAndArg {
     fn: string;
@@ -232,39 +335,16 @@ export interface TypeAndId {
     id: string;
 }
 
-export type CedarValueJson = { __expr: string } | { __entity: TypeAndId } | { __extn: FnAndArg } | boolean | number | string | CedarValueJson[] | { [key: string]: CedarValueJson } | null;
+export type CedarValueJson = { __entity: TypeAndId } | { __extn: FnAndArg } | boolean | number | string | CedarValueJson[] | { [key: string]: CedarValueJson } | null;
 
 export type ExtFuncCall = {} & Record<string, Array<Expr>>;
 
-export type ExprNoExt = { Value: CedarValueJson } | { Var: Var } | { Slot: string } | { Unknown: { name: string } } | { "!": { arg: Expr } } | { neg: { arg: Expr } } | { "==": { left: Expr; right: Expr } } | { "!=": { left: Expr; right: Expr } } | { in: { left: Expr; right: Expr } } | { "<": { left: Expr; right: Expr } } | { "<=": { left: Expr; right: Expr } } | { ">": { left: Expr; right: Expr } } | { ">=": { left: Expr; right: Expr } } | { "&&": { left: Expr; right: Expr } } | { "||": { left: Expr; right: Expr } } | { "+": { left: Expr; right: Expr } } | { "-": { left: Expr; right: Expr } } | { "*": { left: Expr; right: Expr } } | { contains: { left: Expr; right: Expr } } | { containsAll: { left: Expr; right: Expr } } | { containsAny: { left: Expr; right: Expr } } | { ".": { left: Expr; attr: SmolStr } } | { has: { left: Expr; attr: SmolStr } } | { like: { left: Expr; pattern: SmolStr } } | { is: { left: Expr; entity_type: SmolStr; in?: Expr } } | { "if-then-else": { if: Expr; then: Expr; else: Expr } } | { Set: Expr[] } | { Record: Record<string, Expr> };
+export type ExprNoExt = { Value: CedarValueJson } | { Var: Var } | { Slot: string } | { "!": { arg: Expr } } | { neg: { arg: Expr } } | { "==": { left: Expr; right: Expr } } | { "!=": { left: Expr; right: Expr } } | { in: { left: Expr; right: Expr } } | { "<": { left: Expr; right: Expr } } | { "<=": { left: Expr; right: Expr } } | { ">": { left: Expr; right: Expr } } | { ">=": { left: Expr; right: Expr } } | { "&&": { left: Expr; right: Expr } } | { "||": { left: Expr; right: Expr } } | { "+": { left: Expr; right: Expr } } | { "-": { left: Expr; right: Expr } } | { "*": { left: Expr; right: Expr } } | { contains: { left: Expr; right: Expr } } | { containsAll: { left: Expr; right: Expr } } | { containsAny: { left: Expr; right: Expr } } | { ".": { left: Expr; attr: SmolStr } } | { has: { left: Expr; attr: SmolStr } } | { like: { left: Expr; pattern: PatternElem[] } } | { is: { left: Expr; entity_type: SmolStr; in?: Expr } } | { "if-then-else": { if: Expr; then: Expr; else: Expr } } | { Set: Expr[] } | { Record: Record<string, Expr> };
 
-export type Expr = ExprNoExt | ExtFuncCall;
+export type PatternElem = "Wildcard" | { Literal: SmolStr };
 
-export type Decision = "Allow" | "Deny";
+export type Expr = ExprNoExt | ExtFuncCall;
 
 export type Effect = "permit" | "forbid";
 
-export interface EntityJson {
-    uid: EntityUidJson;
-    attrs: Record<string, CedarValueJson>;
-    parents: EntityUidJson[];
-}
-
-export type Clause = { kind: "when"; body: Expr } | { kind: "unless"; body: Expr };
-
-export interface Policy {
-    effect: Effect;
-    principal: PrincipalConstraint;
-    action: ActionConstraint;
-    resource: ResourceConstraint;
-    conditions: Clause[];
-    annotations?: Record<string, string>;
-}
-
-export type Var = "principal" | "action" | "resource" | "context";
-
 type SmolStr = string;
-type Name = string;
-type Id = string;
-export type TypeOfAttribute = SchemaType & { required?: boolean };
-export type Context = Record<string, CedarValueJson>;