@cedar-policy/cedar-wasm 4.0.1 → 4.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/esm/cedar_wasm.d.ts +67 -76
- package/esm/cedar_wasm.js +1 -0
- package/esm/cedar_wasm_bg.js +60 -60
- package/esm/cedar_wasm_bg.wasm +0 -0
- package/esm/cedar_wasm_bg.wasm.d.ts +4 -4
- package/esm/package.json +1 -1
- package/nodejs/cedar_wasm.d.ts +67 -76
- package/nodejs/cedar_wasm.js +61 -60
- package/nodejs/cedar_wasm_bg.wasm +0 -0
- package/nodejs/cedar_wasm_bg.wasm.d.ts +4 -4
- package/nodejs/package.json +1 -1
- package/package.json +1 -1
- package/web/cedar_wasm.d.ts +75 -84
- package/web/cedar_wasm.js +83 -70
- package/web/cedar_wasm_bg.wasm +0 -0
- package/web/cedar_wasm_bg.wasm.d.ts +4 -4
- package/web/package.json +1 -1
package/esm/cedar_wasm.d.ts
CHANGED
|
@@ -34,6 +34,30 @@ export function isAuthorized(call: AuthorizationCall): AuthorizationAnswer;
|
|
|
34
34
|
*/
|
|
35
35
|
export function validate(call: ValidationCall): ValidationAnswer;
|
|
36
36
|
/**
|
|
37
|
+
* Check whether a policy set successfully parses.
|
|
38
|
+
* @param {PolicySet} policies
|
|
39
|
+
* @returns {CheckParseAnswer}
|
|
40
|
+
*/
|
|
41
|
+
export function checkParsePolicySet(policies: PolicySet): CheckParseAnswer;
|
|
42
|
+
/**
|
|
43
|
+
* Check whether a schema successfully parses.
|
|
44
|
+
* @param {Schema} schema
|
|
45
|
+
* @returns {CheckParseAnswer}
|
|
46
|
+
*/
|
|
47
|
+
export function checkParseSchema(schema: Schema): CheckParseAnswer;
|
|
48
|
+
/**
|
|
49
|
+
* Check whether a set of entities successfully parses.
|
|
50
|
+
* @param {EntitiesParsingCall} call
|
|
51
|
+
* @returns {CheckParseAnswer}
|
|
52
|
+
*/
|
|
53
|
+
export function checkParseEntities(call: EntitiesParsingCall): CheckParseAnswer;
|
|
54
|
+
/**
|
|
55
|
+
* Check whether a context successfully parses.
|
|
56
|
+
* @param {ContextParsingCall} call
|
|
57
|
+
* @returns {CheckParseAnswer}
|
|
58
|
+
*/
|
|
59
|
+
export function checkParseContext(call: ContextParsingCall): CheckParseAnswer;
|
|
60
|
+
/**
|
|
37
61
|
* Apply the Cedar policy formatter to a policy set in the Cedar policy format
|
|
38
62
|
* @param {FormattingCall} call
|
|
39
63
|
* @returns {FormattingAnswer}
|
|
@@ -75,36 +99,8 @@ export function schemaToText(schema: Schema): SchemaToTextAnswer;
|
|
|
75
99
|
* @returns {SchemaToJsonAnswer}
|
|
76
100
|
*/
|
|
77
101
|
export function schemaToJson(schema: Schema): SchemaToJsonAnswer;
|
|
78
|
-
/**
|
|
79
|
-
* Check whether a policy set successfully parses.
|
|
80
|
-
* @param {PolicySet} policies
|
|
81
|
-
* @returns {CheckParseAnswer}
|
|
82
|
-
*/
|
|
83
|
-
export function checkParsePolicySet(policies: PolicySet): CheckParseAnswer;
|
|
84
|
-
/**
|
|
85
|
-
* Check whether a schema successfully parses.
|
|
86
|
-
* @param {Schema} schema
|
|
87
|
-
* @returns {CheckParseAnswer}
|
|
88
|
-
*/
|
|
89
|
-
export function checkParseSchema(schema: Schema): CheckParseAnswer;
|
|
90
|
-
/**
|
|
91
|
-
* Check whether a set of entities successfully parses.
|
|
92
|
-
* @param {EntitiesParsingCall} call
|
|
93
|
-
* @returns {CheckParseAnswer}
|
|
94
|
-
*/
|
|
95
|
-
export function checkParseEntities(call: EntitiesParsingCall): CheckParseAnswer;
|
|
96
|
-
/**
|
|
97
|
-
* Check whether a context successfully parses.
|
|
98
|
-
* @param {ContextParsingCall} call
|
|
99
|
-
* @returns {CheckParseAnswer}
|
|
100
|
-
*/
|
|
101
|
-
export function checkParseContext(call: ContextParsingCall): CheckParseAnswer;
|
|
102
102
|
export type GetValidRequestEnvsResult = { type: "success"; principals: string[]; actions: string[]; resources: string[] } | { type: "failure"; error: string };
|
|
103
103
|
|
|
104
|
-
export type SlotId = string;
|
|
105
|
-
|
|
106
|
-
export type PolicyId = string;
|
|
107
|
-
|
|
108
104
|
export interface Response {
|
|
109
105
|
decision: Decision;
|
|
110
106
|
diagnostics: Diagnostics;
|
|
@@ -150,6 +146,35 @@ export interface ValidationError {
|
|
|
150
146
|
|
|
151
147
|
export type ValidationAnswer = { type: "failure"; errors: DetailedError[]; warnings: DetailedError[] } | { type: "success"; validationErrors: ValidationError[]; validationWarnings: ValidationError[]; otherWarnings: DetailedError[] };
|
|
152
148
|
|
|
149
|
+
export type CheckParseAnswer = { type: "success" } | { type: "failure"; errors: DetailedError[] };
|
|
150
|
+
|
|
151
|
+
export interface EntitiesParsingCall {
|
|
152
|
+
entities: Entities;
|
|
153
|
+
schema?: Schema | null;
|
|
154
|
+
}
|
|
155
|
+
|
|
156
|
+
export interface ContextParsingCall {
|
|
157
|
+
context: Context;
|
|
158
|
+
schema?: Schema | null;
|
|
159
|
+
action?: EntityUid | null;
|
|
160
|
+
}
|
|
161
|
+
|
|
162
|
+
export interface FormattingCall {
|
|
163
|
+
policyText: string;
|
|
164
|
+
lineWidth?: number;
|
|
165
|
+
indentWidth?: number;
|
|
166
|
+
}
|
|
167
|
+
|
|
168
|
+
export type FormattingAnswer = { type: "failure"; errors: DetailedError[] } | { type: "success"; formatted_policy: string };
|
|
169
|
+
|
|
170
|
+
export type PolicyToTextAnswer = { type: "success"; text: string } | { type: "failure"; errors: DetailedError[] };
|
|
171
|
+
|
|
172
|
+
export type PolicyToJsonAnswer = { type: "success"; json: PolicyJson } | { type: "failure"; errors: DetailedError[] };
|
|
173
|
+
|
|
174
|
+
export type SchemaToTextAnswer = { type: "success"; text: string; warnings: DetailedError[] } | { type: "failure"; errors: DetailedError[] };
|
|
175
|
+
|
|
176
|
+
export type SchemaToJsonAnswer = { type: "success"; json: SchemaJson<string>; warnings: DetailedError[] } | { type: "failure"; errors: DetailedError[] };
|
|
177
|
+
|
|
153
178
|
export type Schema = string | SchemaJson<string>;
|
|
154
179
|
|
|
155
180
|
export interface PolicySet {
|
|
@@ -199,45 +224,14 @@ export interface DetailedError {
|
|
|
199
224
|
|
|
200
225
|
export type ValidationMode = "strict";
|
|
201
226
|
|
|
202
|
-
export
|
|
203
|
-
policyText: string;
|
|
204
|
-
lineWidth?: number;
|
|
205
|
-
indentWidth?: number;
|
|
206
|
-
}
|
|
207
|
-
|
|
208
|
-
export type FormattingAnswer = { type: "failure"; errors: DetailedError[] } | { type: "success"; formatted_policy: string };
|
|
209
|
-
|
|
210
|
-
export type PolicyToTextAnswer = { type: "success"; text: string } | { type: "failure"; errors: DetailedError[] };
|
|
211
|
-
|
|
212
|
-
export type PolicyToJsonAnswer = { type: "success"; json: PolicyJson } | { type: "failure"; errors: DetailedError[] };
|
|
213
|
-
|
|
214
|
-
export type SchemaToTextAnswer = { type: "success"; text: string; warnings: DetailedError[] } | { type: "failure"; errors: DetailedError[] };
|
|
215
|
-
|
|
216
|
-
export type SchemaToJsonAnswer = { type: "success"; json: SchemaJson<string>; warnings: DetailedError[] } | { type: "failure"; errors: DetailedError[] };
|
|
217
|
-
|
|
218
|
-
export type CheckParseAnswer = { type: "success" } | { type: "failure"; errors: DetailedError[] };
|
|
219
|
-
|
|
220
|
-
export interface EntitiesParsingCall {
|
|
221
|
-
entities: Entities;
|
|
222
|
-
schema?: Schema | null;
|
|
223
|
-
}
|
|
224
|
-
|
|
225
|
-
export interface ContextParsingCall {
|
|
226
|
-
context: Context;
|
|
227
|
-
schema?: Schema | null;
|
|
228
|
-
action?: EntityUid | null;
|
|
229
|
-
}
|
|
230
|
-
|
|
231
|
-
export type RecordAttributeType<N> = { required?: boolean } & Type<N>;
|
|
232
|
-
|
|
233
|
-
export type EntityAttributeType<N> = { required?: boolean } & EntityAttributeTypeInternal<N>;
|
|
227
|
+
export type SlotId = string;
|
|
234
228
|
|
|
235
|
-
export type
|
|
229
|
+
export type PolicyId = string;
|
|
236
230
|
|
|
237
|
-
export type TypeVariant<N> = { type: "String" } | { type: "Long" } | { type: "Boolean" } | { type: "Set"; element: Type<N> } | ({ type: "Record" } & RecordType<
|
|
231
|
+
export type TypeVariant<N> = { type: "String" } | { type: "Long" } | { type: "Boolean" } | { type: "Set"; element: Type<N> } | ({ type: "Record" } & RecordType<N>) | { type: "Entity"; name: N } | { type: "EntityOrCommon"; name: N } | { type: "Extension"; name: UnreservedId };
|
|
238
232
|
|
|
239
|
-
export interface RecordType<
|
|
240
|
-
attributes: Record<SmolStr,
|
|
233
|
+
export interface RecordType<N> {
|
|
234
|
+
attributes: Record<SmolStr, TypeOfAttribute<N>>;
|
|
241
235
|
additionalAttributes?: boolean;
|
|
242
236
|
}
|
|
243
237
|
|
|
@@ -251,7 +245,7 @@ export interface ActionEntityUID<N> {
|
|
|
251
245
|
export interface ApplySpec<N> {
|
|
252
246
|
resourceTypes: N[];
|
|
253
247
|
principalTypes: N[];
|
|
254
|
-
context?:
|
|
248
|
+
context?: AttributesOrContext<N>;
|
|
255
249
|
}
|
|
256
250
|
|
|
257
251
|
export interface ActionType<N> {
|
|
@@ -260,17 +254,12 @@ export interface ActionType<N> {
|
|
|
260
254
|
memberOf?: ActionEntityUID<N>[];
|
|
261
255
|
}
|
|
262
256
|
|
|
263
|
-
export
|
|
264
|
-
type: "Record";
|
|
265
|
-
}
|
|
266
|
-
|
|
267
|
-
export type EntityAttributes<N> = RecordOrContextAttributes<N> | EntityAttributesInternal<N>;
|
|
268
|
-
|
|
269
|
-
export type RecordOrContextAttributes<N> = Type<N>;
|
|
257
|
+
export type AttributesOrContext<N> = Type<N>;
|
|
270
258
|
|
|
271
259
|
export interface EntityType<N> {
|
|
272
260
|
memberOfTypes?: N[];
|
|
273
|
-
shape?:
|
|
261
|
+
shape?: AttributesOrContext<N>;
|
|
262
|
+
tags?: Type<N>;
|
|
274
263
|
}
|
|
275
264
|
|
|
276
265
|
export interface NamespaceDefinition<N> {
|
|
@@ -294,12 +283,11 @@ export interface PolicyJson {
|
|
|
294
283
|
annotations?: Record<string, string>;
|
|
295
284
|
}
|
|
296
285
|
|
|
297
|
-
export type Decision = "allow" | "deny";
|
|
298
|
-
|
|
299
286
|
export interface EntityJson {
|
|
300
287
|
uid: EntityUidJson;
|
|
301
288
|
attrs: Record<string, CedarValueJson>;
|
|
302
289
|
parents: EntityUidJson[];
|
|
290
|
+
tags?: Record<string, CedarValueJson>;
|
|
303
291
|
}
|
|
304
292
|
|
|
305
293
|
export type UnreservedId = string;
|
|
@@ -323,6 +311,8 @@ export type ActionConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | (
|
|
|
323
311
|
|
|
324
312
|
export type PrincipalConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & PrincipalOrResourceInConstraint) | ({ op: "is" } & PrincipalOrResourceIsConstraint);
|
|
325
313
|
|
|
314
|
+
export type Decision = "allow" | "deny";
|
|
315
|
+
|
|
326
316
|
export type EntityUidJson = { __entity: TypeAndId } | TypeAndId;
|
|
327
317
|
|
|
328
318
|
export interface FnAndArg {
|
|
@@ -339,7 +329,7 @@ export type CedarValueJson = { __entity: TypeAndId } | { __extn: FnAndArg } | bo
|
|
|
339
329
|
|
|
340
330
|
export type ExtFuncCall = {} & Record<string, Array<Expr>>;
|
|
341
331
|
|
|
342
|
-
export type ExprNoExt = { Value: CedarValueJson } | { Var: Var } | { Slot: string } | { "!": { arg: Expr } } | { neg: { arg: Expr } } | { "==": { left: Expr; right: Expr } } | { "!=": { left: Expr; right: Expr } } | { in: { left: Expr; right: Expr } } | { "<": { left: Expr; right: Expr } } | { "<=": { left: Expr; right: Expr } } | { ">": { left: Expr; right: Expr } } | { ">=": { left: Expr; right: Expr } } | { "&&": { left: Expr; right: Expr } } | { "||": { left: Expr; right: Expr } } | { "+": { left: Expr; right: Expr } } | { "-": { left: Expr; right: Expr } } | { "*": { left: Expr; right: Expr } } | { contains: { left: Expr; right: Expr } } | { containsAll: { left: Expr; right: Expr } } | { containsAny: { left: Expr; right: Expr } } | { ".": { left: Expr; attr: SmolStr } } | { has: { left: Expr; attr: SmolStr } } | { like: { left: Expr; pattern: PatternElem[] } } | { is: { left: Expr; entity_type: SmolStr; in?: Expr } } | { "if-then-else": { if: Expr; then: Expr; else: Expr } } | { Set: Expr[] } | { Record: Record<string, Expr> };
|
|
332
|
+
export type ExprNoExt = { Value: CedarValueJson } | { Var: Var } | { Slot: string } | { "!": { arg: Expr } } | { neg: { arg: Expr } } | { "==": { left: Expr; right: Expr } } | { "!=": { left: Expr; right: Expr } } | { in: { left: Expr; right: Expr } } | { "<": { left: Expr; right: Expr } } | { "<=": { left: Expr; right: Expr } } | { ">": { left: Expr; right: Expr } } | { ">=": { left: Expr; right: Expr } } | { "&&": { left: Expr; right: Expr } } | { "||": { left: Expr; right: Expr } } | { "+": { left: Expr; right: Expr } } | { "-": { left: Expr; right: Expr } } | { "*": { left: Expr; right: Expr } } | { contains: { left: Expr; right: Expr } } | { containsAll: { left: Expr; right: Expr } } | { containsAny: { left: Expr; right: Expr } } | { getTag: { left: Expr; right: Expr } } | { hasTag: { left: Expr; right: Expr } } | { ".": { left: Expr; attr: SmolStr } } | { has: { left: Expr; attr: SmolStr } } | { like: { left: Expr; pattern: PatternElem[] } } | { is: { left: Expr; entity_type: SmolStr; in?: Expr } } | { "if-then-else": { if: Expr; then: Expr; else: Expr } } | { Set: Expr[] } | { Record: Record<string, Expr> };
|
|
343
333
|
|
|
344
334
|
export type PatternElem = "Wildcard" | { Literal: SmolStr };
|
|
345
335
|
|
|
@@ -348,3 +338,4 @@ export type Expr = ExprNoExt | ExtFuncCall;
|
|
|
348
338
|
export type Effect = "permit" | "forbid";
|
|
349
339
|
|
|
350
340
|
type SmolStr = string;
|
|
341
|
+
export type TypeOfAttribute<N> = Type<N> & { required?: boolean };
|
package/esm/cedar_wasm.js
CHANGED
package/esm/cedar_wasm_bg.js
CHANGED
|
@@ -35,13 +35,13 @@ function takeObject(idx) {
|
|
|
35
35
|
|
|
36
36
|
let WASM_VECTOR_LEN = 0;
|
|
37
37
|
|
|
38
|
-
let
|
|
38
|
+
let cachedUint8ArrayMemory0 = null;
|
|
39
39
|
|
|
40
|
-
function
|
|
41
|
-
if (
|
|
42
|
-
|
|
40
|
+
function getUint8ArrayMemory0() {
|
|
41
|
+
if (cachedUint8ArrayMemory0 === null || cachedUint8ArrayMemory0.byteLength === 0) {
|
|
42
|
+
cachedUint8ArrayMemory0 = new Uint8Array(wasm.memory.buffer);
|
|
43
43
|
}
|
|
44
|
-
return
|
|
44
|
+
return cachedUint8ArrayMemory0;
|
|
45
45
|
}
|
|
46
46
|
|
|
47
47
|
const lTextEncoder = typeof TextEncoder === 'undefined' ? (0, module.require)('util').TextEncoder : TextEncoder;
|
|
@@ -66,7 +66,7 @@ function passStringToWasm0(arg, malloc, realloc) {
|
|
|
66
66
|
if (realloc === undefined) {
|
|
67
67
|
const buf = cachedTextEncoder.encode(arg);
|
|
68
68
|
const ptr = malloc(buf.length, 1) >>> 0;
|
|
69
|
-
|
|
69
|
+
getUint8ArrayMemory0().subarray(ptr, ptr + buf.length).set(buf);
|
|
70
70
|
WASM_VECTOR_LEN = buf.length;
|
|
71
71
|
return ptr;
|
|
72
72
|
}
|
|
@@ -74,7 +74,7 @@ function passStringToWasm0(arg, malloc, realloc) {
|
|
|
74
74
|
let len = arg.length;
|
|
75
75
|
let ptr = malloc(len, 1) >>> 0;
|
|
76
76
|
|
|
77
|
-
const mem =
|
|
77
|
+
const mem = getUint8ArrayMemory0();
|
|
78
78
|
|
|
79
79
|
let offset = 0;
|
|
80
80
|
|
|
@@ -89,7 +89,7 @@ function passStringToWasm0(arg, malloc, realloc) {
|
|
|
89
89
|
arg = arg.slice(offset);
|
|
90
90
|
}
|
|
91
91
|
ptr = realloc(ptr, len, len = offset + arg.length * 3, 1) >>> 0;
|
|
92
|
-
const view =
|
|
92
|
+
const view = getUint8ArrayMemory0().subarray(ptr + offset, ptr + len);
|
|
93
93
|
const ret = encodeString(arg, view);
|
|
94
94
|
|
|
95
95
|
offset += ret.written;
|
|
@@ -104,13 +104,13 @@ function isLikeNone(x) {
|
|
|
104
104
|
return x === undefined || x === null;
|
|
105
105
|
}
|
|
106
106
|
|
|
107
|
-
let
|
|
107
|
+
let cachedDataViewMemory0 = null;
|
|
108
108
|
|
|
109
|
-
function
|
|
110
|
-
if (
|
|
111
|
-
|
|
109
|
+
function getDataViewMemory0() {
|
|
110
|
+
if (cachedDataViewMemory0 === null || cachedDataViewMemory0.buffer.detached === true || (cachedDataViewMemory0.buffer.detached === undefined && cachedDataViewMemory0.buffer !== wasm.memory.buffer)) {
|
|
111
|
+
cachedDataViewMemory0 = new DataView(wasm.memory.buffer);
|
|
112
112
|
}
|
|
113
|
-
return
|
|
113
|
+
return cachedDataViewMemory0;
|
|
114
114
|
}
|
|
115
115
|
|
|
116
116
|
const lTextDecoder = typeof TextDecoder === 'undefined' ? (0, module.require)('util').TextDecoder : TextDecoder;
|
|
@@ -121,7 +121,7 @@ cachedTextDecoder.decode();
|
|
|
121
121
|
|
|
122
122
|
function getStringFromWasm0(ptr, len) {
|
|
123
123
|
ptr = ptr >>> 0;
|
|
124
|
-
return cachedTextDecoder.decode(
|
|
124
|
+
return cachedTextDecoder.decode(getUint8ArrayMemory0().subarray(ptr, ptr + len));
|
|
125
125
|
}
|
|
126
126
|
/**
|
|
127
127
|
* Get valid request environment
|
|
@@ -154,8 +154,8 @@ export function getCedarVersion() {
|
|
|
154
154
|
try {
|
|
155
155
|
const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
|
|
156
156
|
wasm.getCedarVersion(retptr);
|
|
157
|
-
var r0 =
|
|
158
|
-
var r1 =
|
|
157
|
+
var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
|
|
158
|
+
var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
|
|
159
159
|
deferred1_0 = r0;
|
|
160
160
|
deferred1_1 = r1;
|
|
161
161
|
return getStringFromWasm0(r0, r1);
|
|
@@ -188,6 +188,46 @@ export function validate(call) {
|
|
|
188
188
|
return takeObject(ret);
|
|
189
189
|
}
|
|
190
190
|
|
|
191
|
+
/**
|
|
192
|
+
* Check whether a policy set successfully parses.
|
|
193
|
+
* @param {PolicySet} policies
|
|
194
|
+
* @returns {CheckParseAnswer}
|
|
195
|
+
*/
|
|
196
|
+
export function checkParsePolicySet(policies) {
|
|
197
|
+
const ret = wasm.checkParsePolicySet(addHeapObject(policies));
|
|
198
|
+
return takeObject(ret);
|
|
199
|
+
}
|
|
200
|
+
|
|
201
|
+
/**
|
|
202
|
+
* Check whether a schema successfully parses.
|
|
203
|
+
* @param {Schema} schema
|
|
204
|
+
* @returns {CheckParseAnswer}
|
|
205
|
+
*/
|
|
206
|
+
export function checkParseSchema(schema) {
|
|
207
|
+
const ret = wasm.checkParseSchema(addHeapObject(schema));
|
|
208
|
+
return takeObject(ret);
|
|
209
|
+
}
|
|
210
|
+
|
|
211
|
+
/**
|
|
212
|
+
* Check whether a set of entities successfully parses.
|
|
213
|
+
* @param {EntitiesParsingCall} call
|
|
214
|
+
* @returns {CheckParseAnswer}
|
|
215
|
+
*/
|
|
216
|
+
export function checkParseEntities(call) {
|
|
217
|
+
const ret = wasm.checkParseEntities(addHeapObject(call));
|
|
218
|
+
return takeObject(ret);
|
|
219
|
+
}
|
|
220
|
+
|
|
221
|
+
/**
|
|
222
|
+
* Check whether a context successfully parses.
|
|
223
|
+
* @param {ContextParsingCall} call
|
|
224
|
+
* @returns {CheckParseAnswer}
|
|
225
|
+
*/
|
|
226
|
+
export function checkParseContext(call) {
|
|
227
|
+
const ret = wasm.checkParseContext(addHeapObject(call));
|
|
228
|
+
return takeObject(ret);
|
|
229
|
+
}
|
|
230
|
+
|
|
191
231
|
/**
|
|
192
232
|
* Apply the Cedar policy formatter to a policy set in the Cedar policy format
|
|
193
233
|
* @param {FormattingCall} call
|
|
@@ -258,46 +298,6 @@ export function schemaToJson(schema) {
|
|
|
258
298
|
return takeObject(ret);
|
|
259
299
|
}
|
|
260
300
|
|
|
261
|
-
/**
|
|
262
|
-
* Check whether a policy set successfully parses.
|
|
263
|
-
* @param {PolicySet} policies
|
|
264
|
-
* @returns {CheckParseAnswer}
|
|
265
|
-
*/
|
|
266
|
-
export function checkParsePolicySet(policies) {
|
|
267
|
-
const ret = wasm.checkParsePolicySet(addHeapObject(policies));
|
|
268
|
-
return takeObject(ret);
|
|
269
|
-
}
|
|
270
|
-
|
|
271
|
-
/**
|
|
272
|
-
* Check whether a schema successfully parses.
|
|
273
|
-
* @param {Schema} schema
|
|
274
|
-
* @returns {CheckParseAnswer}
|
|
275
|
-
*/
|
|
276
|
-
export function checkParseSchema(schema) {
|
|
277
|
-
const ret = wasm.checkParseSchema(addHeapObject(schema));
|
|
278
|
-
return takeObject(ret);
|
|
279
|
-
}
|
|
280
|
-
|
|
281
|
-
/**
|
|
282
|
-
* Check whether a set of entities successfully parses.
|
|
283
|
-
* @param {EntitiesParsingCall} call
|
|
284
|
-
* @returns {CheckParseAnswer}
|
|
285
|
-
*/
|
|
286
|
-
export function checkParseEntities(call) {
|
|
287
|
-
const ret = wasm.checkParseEntities(addHeapObject(call));
|
|
288
|
-
return takeObject(ret);
|
|
289
|
-
}
|
|
290
|
-
|
|
291
|
-
/**
|
|
292
|
-
* Check whether a context successfully parses.
|
|
293
|
-
* @param {ContextParsingCall} call
|
|
294
|
-
* @returns {CheckParseAnswer}
|
|
295
|
-
*/
|
|
296
|
-
export function checkParseContext(call) {
|
|
297
|
-
const ret = wasm.checkParseContext(addHeapObject(call));
|
|
298
|
-
return takeObject(ret);
|
|
299
|
-
}
|
|
300
|
-
|
|
301
301
|
function handleError(f, args) {
|
|
302
302
|
try {
|
|
303
303
|
return f.apply(this, args);
|
|
@@ -325,16 +325,16 @@ export function __wbindgen_string_get(arg0, arg1) {
|
|
|
325
325
|
const ret = typeof(obj) === 'string' ? obj : undefined;
|
|
326
326
|
var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
|
|
327
327
|
var len1 = WASM_VECTOR_LEN;
|
|
328
|
-
|
|
329
|
-
|
|
328
|
+
getDataViewMemory0().setInt32(arg0 + 4 * 1, len1, true);
|
|
329
|
+
getDataViewMemory0().setInt32(arg0 + 4 * 0, ptr1, true);
|
|
330
330
|
};
|
|
331
331
|
|
|
332
|
-
export function
|
|
332
|
+
export function __wbg_parse_52202f117ec9ecfa() { return handleError(function (arg0, arg1) {
|
|
333
333
|
const ret = JSON.parse(getStringFromWasm0(arg0, arg1));
|
|
334
334
|
return addHeapObject(ret);
|
|
335
335
|
}, arguments) };
|
|
336
336
|
|
|
337
|
-
export function
|
|
337
|
+
export function __wbg_stringify_bbf45426c92a6bf5() { return handleError(function (arg0) {
|
|
338
338
|
const ret = JSON.stringify(getObject(arg0));
|
|
339
339
|
return addHeapObject(ret);
|
|
340
340
|
}, arguments) };
|
package/esm/cedar_wasm_bg.wasm
CHANGED
|
Binary file
|
|
@@ -6,6 +6,10 @@ export function getValidRequestEnvsPolicy(a: number, b: number): number;
|
|
|
6
6
|
export function getCedarVersion(a: number): void;
|
|
7
7
|
export function isAuthorized(a: number): number;
|
|
8
8
|
export function validate(a: number): number;
|
|
9
|
+
export function checkParsePolicySet(a: number): number;
|
|
10
|
+
export function checkParseSchema(a: number): number;
|
|
11
|
+
export function checkParseEntities(a: number): number;
|
|
12
|
+
export function checkParseContext(a: number): number;
|
|
9
13
|
export function formatPolicies(a: number): number;
|
|
10
14
|
export function policyToText(a: number): number;
|
|
11
15
|
export function templateToText(a: number): number;
|
|
@@ -13,10 +17,6 @@ export function policyToJson(a: number): number;
|
|
|
13
17
|
export function templateToJson(a: number): number;
|
|
14
18
|
export function schemaToText(a: number): number;
|
|
15
19
|
export function schemaToJson(a: number): number;
|
|
16
|
-
export function checkParsePolicySet(a: number): number;
|
|
17
|
-
export function checkParseSchema(a: number): number;
|
|
18
|
-
export function checkParseEntities(a: number): number;
|
|
19
|
-
export function checkParseContext(a: number): number;
|
|
20
20
|
export function __wbindgen_malloc(a: number, b: number): number;
|
|
21
21
|
export function __wbindgen_realloc(a: number, b: number, c: number, d: number): number;
|
|
22
22
|
export function __wbindgen_add_to_stack_pointer(a: number): number;
|
package/esm/package.json
CHANGED
package/nodejs/cedar_wasm.d.ts
CHANGED
|
@@ -34,6 +34,30 @@ export function isAuthorized(call: AuthorizationCall): AuthorizationAnswer;
|
|
|
34
34
|
*/
|
|
35
35
|
export function validate(call: ValidationCall): ValidationAnswer;
|
|
36
36
|
/**
|
|
37
|
+
* Check whether a policy set successfully parses.
|
|
38
|
+
* @param {PolicySet} policies
|
|
39
|
+
* @returns {CheckParseAnswer}
|
|
40
|
+
*/
|
|
41
|
+
export function checkParsePolicySet(policies: PolicySet): CheckParseAnswer;
|
|
42
|
+
/**
|
|
43
|
+
* Check whether a schema successfully parses.
|
|
44
|
+
* @param {Schema} schema
|
|
45
|
+
* @returns {CheckParseAnswer}
|
|
46
|
+
*/
|
|
47
|
+
export function checkParseSchema(schema: Schema): CheckParseAnswer;
|
|
48
|
+
/**
|
|
49
|
+
* Check whether a set of entities successfully parses.
|
|
50
|
+
* @param {EntitiesParsingCall} call
|
|
51
|
+
* @returns {CheckParseAnswer}
|
|
52
|
+
*/
|
|
53
|
+
export function checkParseEntities(call: EntitiesParsingCall): CheckParseAnswer;
|
|
54
|
+
/**
|
|
55
|
+
* Check whether a context successfully parses.
|
|
56
|
+
* @param {ContextParsingCall} call
|
|
57
|
+
* @returns {CheckParseAnswer}
|
|
58
|
+
*/
|
|
59
|
+
export function checkParseContext(call: ContextParsingCall): CheckParseAnswer;
|
|
60
|
+
/**
|
|
37
61
|
* Apply the Cedar policy formatter to a policy set in the Cedar policy format
|
|
38
62
|
* @param {FormattingCall} call
|
|
39
63
|
* @returns {FormattingAnswer}
|
|
@@ -75,36 +99,8 @@ export function schemaToText(schema: Schema): SchemaToTextAnswer;
|
|
|
75
99
|
* @returns {SchemaToJsonAnswer}
|
|
76
100
|
*/
|
|
77
101
|
export function schemaToJson(schema: Schema): SchemaToJsonAnswer;
|
|
78
|
-
/**
|
|
79
|
-
* Check whether a policy set successfully parses.
|
|
80
|
-
* @param {PolicySet} policies
|
|
81
|
-
* @returns {CheckParseAnswer}
|
|
82
|
-
*/
|
|
83
|
-
export function checkParsePolicySet(policies: PolicySet): CheckParseAnswer;
|
|
84
|
-
/**
|
|
85
|
-
* Check whether a schema successfully parses.
|
|
86
|
-
* @param {Schema} schema
|
|
87
|
-
* @returns {CheckParseAnswer}
|
|
88
|
-
*/
|
|
89
|
-
export function checkParseSchema(schema: Schema): CheckParseAnswer;
|
|
90
|
-
/**
|
|
91
|
-
* Check whether a set of entities successfully parses.
|
|
92
|
-
* @param {EntitiesParsingCall} call
|
|
93
|
-
* @returns {CheckParseAnswer}
|
|
94
|
-
*/
|
|
95
|
-
export function checkParseEntities(call: EntitiesParsingCall): CheckParseAnswer;
|
|
96
|
-
/**
|
|
97
|
-
* Check whether a context successfully parses.
|
|
98
|
-
* @param {ContextParsingCall} call
|
|
99
|
-
* @returns {CheckParseAnswer}
|
|
100
|
-
*/
|
|
101
|
-
export function checkParseContext(call: ContextParsingCall): CheckParseAnswer;
|
|
102
102
|
export type GetValidRequestEnvsResult = { type: "success"; principals: string[]; actions: string[]; resources: string[] } | { type: "failure"; error: string };
|
|
103
103
|
|
|
104
|
-
export type SlotId = string;
|
|
105
|
-
|
|
106
|
-
export type PolicyId = string;
|
|
107
|
-
|
|
108
104
|
export interface Response {
|
|
109
105
|
decision: Decision;
|
|
110
106
|
diagnostics: Diagnostics;
|
|
@@ -150,6 +146,35 @@ export interface ValidationError {
|
|
|
150
146
|
|
|
151
147
|
export type ValidationAnswer = { type: "failure"; errors: DetailedError[]; warnings: DetailedError[] } | { type: "success"; validationErrors: ValidationError[]; validationWarnings: ValidationError[]; otherWarnings: DetailedError[] };
|
|
152
148
|
|
|
149
|
+
export type CheckParseAnswer = { type: "success" } | { type: "failure"; errors: DetailedError[] };
|
|
150
|
+
|
|
151
|
+
export interface EntitiesParsingCall {
|
|
152
|
+
entities: Entities;
|
|
153
|
+
schema?: Schema | null;
|
|
154
|
+
}
|
|
155
|
+
|
|
156
|
+
export interface ContextParsingCall {
|
|
157
|
+
context: Context;
|
|
158
|
+
schema?: Schema | null;
|
|
159
|
+
action?: EntityUid | null;
|
|
160
|
+
}
|
|
161
|
+
|
|
162
|
+
export interface FormattingCall {
|
|
163
|
+
policyText: string;
|
|
164
|
+
lineWidth?: number;
|
|
165
|
+
indentWidth?: number;
|
|
166
|
+
}
|
|
167
|
+
|
|
168
|
+
export type FormattingAnswer = { type: "failure"; errors: DetailedError[] } | { type: "success"; formatted_policy: string };
|
|
169
|
+
|
|
170
|
+
export type PolicyToTextAnswer = { type: "success"; text: string } | { type: "failure"; errors: DetailedError[] };
|
|
171
|
+
|
|
172
|
+
export type PolicyToJsonAnswer = { type: "success"; json: PolicyJson } | { type: "failure"; errors: DetailedError[] };
|
|
173
|
+
|
|
174
|
+
export type SchemaToTextAnswer = { type: "success"; text: string; warnings: DetailedError[] } | { type: "failure"; errors: DetailedError[] };
|
|
175
|
+
|
|
176
|
+
export type SchemaToJsonAnswer = { type: "success"; json: SchemaJson<string>; warnings: DetailedError[] } | { type: "failure"; errors: DetailedError[] };
|
|
177
|
+
|
|
153
178
|
export type Schema = string | SchemaJson<string>;
|
|
154
179
|
|
|
155
180
|
export interface PolicySet {
|
|
@@ -199,45 +224,14 @@ export interface DetailedError {
|
|
|
199
224
|
|
|
200
225
|
export type ValidationMode = "strict";
|
|
201
226
|
|
|
202
|
-
export
|
|
203
|
-
policyText: string;
|
|
204
|
-
lineWidth?: number;
|
|
205
|
-
indentWidth?: number;
|
|
206
|
-
}
|
|
207
|
-
|
|
208
|
-
export type FormattingAnswer = { type: "failure"; errors: DetailedError[] } | { type: "success"; formatted_policy: string };
|
|
209
|
-
|
|
210
|
-
export type PolicyToTextAnswer = { type: "success"; text: string } | { type: "failure"; errors: DetailedError[] };
|
|
211
|
-
|
|
212
|
-
export type PolicyToJsonAnswer = { type: "success"; json: PolicyJson } | { type: "failure"; errors: DetailedError[] };
|
|
213
|
-
|
|
214
|
-
export type SchemaToTextAnswer = { type: "success"; text: string; warnings: DetailedError[] } | { type: "failure"; errors: DetailedError[] };
|
|
215
|
-
|
|
216
|
-
export type SchemaToJsonAnswer = { type: "success"; json: SchemaJson<string>; warnings: DetailedError[] } | { type: "failure"; errors: DetailedError[] };
|
|
217
|
-
|
|
218
|
-
export type CheckParseAnswer = { type: "success" } | { type: "failure"; errors: DetailedError[] };
|
|
219
|
-
|
|
220
|
-
export interface EntitiesParsingCall {
|
|
221
|
-
entities: Entities;
|
|
222
|
-
schema?: Schema | null;
|
|
223
|
-
}
|
|
224
|
-
|
|
225
|
-
export interface ContextParsingCall {
|
|
226
|
-
context: Context;
|
|
227
|
-
schema?: Schema | null;
|
|
228
|
-
action?: EntityUid | null;
|
|
229
|
-
}
|
|
230
|
-
|
|
231
|
-
export type RecordAttributeType<N> = { required?: boolean } & Type<N>;
|
|
232
|
-
|
|
233
|
-
export type EntityAttributeType<N> = { required?: boolean } & EntityAttributeTypeInternal<N>;
|
|
227
|
+
export type SlotId = string;
|
|
234
228
|
|
|
235
|
-
export type
|
|
229
|
+
export type PolicyId = string;
|
|
236
230
|
|
|
237
|
-
export type TypeVariant<N> = { type: "String" } | { type: "Long" } | { type: "Boolean" } | { type: "Set"; element: Type<N> } | ({ type: "Record" } & RecordType<
|
|
231
|
+
export type TypeVariant<N> = { type: "String" } | { type: "Long" } | { type: "Boolean" } | { type: "Set"; element: Type<N> } | ({ type: "Record" } & RecordType<N>) | { type: "Entity"; name: N } | { type: "EntityOrCommon"; name: N } | { type: "Extension"; name: UnreservedId };
|
|
238
232
|
|
|
239
|
-
export interface RecordType<
|
|
240
|
-
attributes: Record<SmolStr,
|
|
233
|
+
export interface RecordType<N> {
|
|
234
|
+
attributes: Record<SmolStr, TypeOfAttribute<N>>;
|
|
241
235
|
additionalAttributes?: boolean;
|
|
242
236
|
}
|
|
243
237
|
|
|
@@ -251,7 +245,7 @@ export interface ActionEntityUID<N> {
|
|
|
251
245
|
export interface ApplySpec<N> {
|
|
252
246
|
resourceTypes: N[];
|
|
253
247
|
principalTypes: N[];
|
|
254
|
-
context?:
|
|
248
|
+
context?: AttributesOrContext<N>;
|
|
255
249
|
}
|
|
256
250
|
|
|
257
251
|
export interface ActionType<N> {
|
|
@@ -260,17 +254,12 @@ export interface ActionType<N> {
|
|
|
260
254
|
memberOf?: ActionEntityUID<N>[];
|
|
261
255
|
}
|
|
262
256
|
|
|
263
|
-
export
|
|
264
|
-
type: "Record";
|
|
265
|
-
}
|
|
266
|
-
|
|
267
|
-
export type EntityAttributes<N> = RecordOrContextAttributes<N> | EntityAttributesInternal<N>;
|
|
268
|
-
|
|
269
|
-
export type RecordOrContextAttributes<N> = Type<N>;
|
|
257
|
+
export type AttributesOrContext<N> = Type<N>;
|
|
270
258
|
|
|
271
259
|
export interface EntityType<N> {
|
|
272
260
|
memberOfTypes?: N[];
|
|
273
|
-
shape?:
|
|
261
|
+
shape?: AttributesOrContext<N>;
|
|
262
|
+
tags?: Type<N>;
|
|
274
263
|
}
|
|
275
264
|
|
|
276
265
|
export interface NamespaceDefinition<N> {
|
|
@@ -294,12 +283,11 @@ export interface PolicyJson {
|
|
|
294
283
|
annotations?: Record<string, string>;
|
|
295
284
|
}
|
|
296
285
|
|
|
297
|
-
export type Decision = "allow" | "deny";
|
|
298
|
-
|
|
299
286
|
export interface EntityJson {
|
|
300
287
|
uid: EntityUidJson;
|
|
301
288
|
attrs: Record<string, CedarValueJson>;
|
|
302
289
|
parents: EntityUidJson[];
|
|
290
|
+
tags?: Record<string, CedarValueJson>;
|
|
303
291
|
}
|
|
304
292
|
|
|
305
293
|
export type UnreservedId = string;
|
|
@@ -323,6 +311,8 @@ export type ActionConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | (
|
|
|
323
311
|
|
|
324
312
|
export type PrincipalConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & PrincipalOrResourceInConstraint) | ({ op: "is" } & PrincipalOrResourceIsConstraint);
|
|
325
313
|
|
|
314
|
+
export type Decision = "allow" | "deny";
|
|
315
|
+
|
|
326
316
|
export type EntityUidJson = { __entity: TypeAndId } | TypeAndId;
|
|
327
317
|
|
|
328
318
|
export interface FnAndArg {
|
|
@@ -339,7 +329,7 @@ export type CedarValueJson = { __entity: TypeAndId } | { __extn: FnAndArg } | bo
|
|
|
339
329
|
|
|
340
330
|
export type ExtFuncCall = {} & Record<string, Array<Expr>>;
|
|
341
331
|
|
|
342
|
-
export type ExprNoExt = { Value: CedarValueJson } | { Var: Var } | { Slot: string } | { "!": { arg: Expr } } | { neg: { arg: Expr } } | { "==": { left: Expr; right: Expr } } | { "!=": { left: Expr; right: Expr } } | { in: { left: Expr; right: Expr } } | { "<": { left: Expr; right: Expr } } | { "<=": { left: Expr; right: Expr } } | { ">": { left: Expr; right: Expr } } | { ">=": { left: Expr; right: Expr } } | { "&&": { left: Expr; right: Expr } } | { "||": { left: Expr; right: Expr } } | { "+": { left: Expr; right: Expr } } | { "-": { left: Expr; right: Expr } } | { "*": { left: Expr; right: Expr } } | { contains: { left: Expr; right: Expr } } | { containsAll: { left: Expr; right: Expr } } | { containsAny: { left: Expr; right: Expr } } | { ".": { left: Expr; attr: SmolStr } } | { has: { left: Expr; attr: SmolStr } } | { like: { left: Expr; pattern: PatternElem[] } } | { is: { left: Expr; entity_type: SmolStr; in?: Expr } } | { "if-then-else": { if: Expr; then: Expr; else: Expr } } | { Set: Expr[] } | { Record: Record<string, Expr> };
|
|
332
|
+
export type ExprNoExt = { Value: CedarValueJson } | { Var: Var } | { Slot: string } | { "!": { arg: Expr } } | { neg: { arg: Expr } } | { "==": { left: Expr; right: Expr } } | { "!=": { left: Expr; right: Expr } } | { in: { left: Expr; right: Expr } } | { "<": { left: Expr; right: Expr } } | { "<=": { left: Expr; right: Expr } } | { ">": { left: Expr; right: Expr } } | { ">=": { left: Expr; right: Expr } } | { "&&": { left: Expr; right: Expr } } | { "||": { left: Expr; right: Expr } } | { "+": { left: Expr; right: Expr } } | { "-": { left: Expr; right: Expr } } | { "*": { left: Expr; right: Expr } } | { contains: { left: Expr; right: Expr } } | { containsAll: { left: Expr; right: Expr } } | { containsAny: { left: Expr; right: Expr } } | { getTag: { left: Expr; right: Expr } } | { hasTag: { left: Expr; right: Expr } } | { ".": { left: Expr; attr: SmolStr } } | { has: { left: Expr; attr: SmolStr } } | { like: { left: Expr; pattern: PatternElem[] } } | { is: { left: Expr; entity_type: SmolStr; in?: Expr } } | { "if-then-else": { if: Expr; then: Expr; else: Expr } } | { Set: Expr[] } | { Record: Record<string, Expr> };
|
|
343
333
|
|
|
344
334
|
export type PatternElem = "Wildcard" | { Literal: SmolStr };
|
|
345
335
|
|
|
@@ -348,3 +338,4 @@ export type Expr = ExprNoExt | ExtFuncCall;
|
|
|
348
338
|
export type Effect = "permit" | "forbid";
|
|
349
339
|
|
|
350
340
|
type SmolStr = string;
|
|
341
|
+
export type TypeOfAttribute<N> = Type<N> & { required?: boolean };
|