@cedar-policy/cedar-wasm 4.5.0 → 4.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,129 +1,113 @@
1
1
  /* tslint:disable */
2
2
  /* eslint-disable */
3
+ export function getCedarVersion(): string;
4
+ export function getCedarSDKVersion(): string;
3
5
  /**
4
6
  * Get valid request environment
5
7
  */
6
- export function getValidRequestEnvsTemplate(t: Template, s: Schema): GetValidRequestEnvsResult;
8
+ export function getValidRequestEnvsPolicy(t: Policy, s: Schema): GetValidRequestEnvsResult;
7
9
  /**
8
10
  * Get valid request environment
9
11
  */
10
- export function getValidRequestEnvsPolicy(t: Policy, s: Schema): GetValidRequestEnvsResult;
11
- export function getCedarVersion(): string;
12
- export function getCedarSDKVersion(): string;
12
+ export function getValidRequestEnvsTemplate(t: Template, s: Schema): GetValidRequestEnvsResult;
13
13
  /**
14
- * Parse a policy set and optionally validate it against a provided schema
14
+ * Preparse and cache a policy set in thread-local storage
15
15
  *
16
- * This is the basic validator interface, using [`ValidationCall`] and
17
- * [`ValidationAnswer`] types
16
+ * # Errors
17
+ *
18
+ * Will return `Err` if the input cannot be parsed. Side-effect free on error.
18
19
  */
19
- export function validate(call: ValidationCall): ValidationAnswer;
20
+ export function preparsePolicySet(pset_id: string, policies: PolicySet): CheckParseAnswer;
20
21
  /**
21
- * Check whether a policy set successfully parses.
22
+ * Basic interface, using [`AuthorizationCall`] and [`AuthorizationAnswer`] types
22
23
  */
23
- export function checkParsePolicySet(policies: PolicySet): CheckParseAnswer;
24
+ export function isAuthorized(call: AuthorizationCall): AuthorizationAnswer;
24
25
  /**
25
- * Check whether a schema successfully parses.
26
+ * Stateful authorization using preparsed schemas and policy sets.
27
+ *
28
+ * This function works like [`is_authorized`] but retrieves schemas and policy sets
29
+ * from thread-local cache instead of parsing them on each call.
26
30
  */
27
- export function checkParseSchema(schema: Schema): CheckParseAnswer;
31
+ export function statefulIsAuthorized(call: StatefulAuthorizationCall): AuthorizationAnswer;
28
32
  /**
29
- * Check whether a set of entities successfully parses.
33
+ * Preparse and cache a schema in thread-local storage
34
+ *
35
+ * # Errors
36
+ *
37
+ * Will return `Err` if the input cannot be parsed. Side-effect free on error.
30
38
  */
31
- export function checkParseEntities(call: EntitiesParsingCall): CheckParseAnswer;
39
+ export function preparseSchema(schema_name: string, schema: Schema): CheckParseAnswer;
32
40
  /**
33
- * Check whether a context successfully parses.
41
+ * Check whether a set of entities successfully parses.
34
42
  */
35
- export function checkParseContext(call: ContextParsingCall): CheckParseAnswer;
43
+ export function checkParseEntities(call: EntitiesParsingCall): CheckParseAnswer;
36
44
  /**
37
- * Apply the Cedar policy formatter to a policy set in the Cedar policy format
45
+ * Check whether a schema successfully parses.
38
46
  */
39
- export function formatPolicies(call: FormattingCall): FormattingAnswer;
47
+ export function checkParseSchema(schema: Schema): CheckParseAnswer;
40
48
  /**
41
- * Basic interface, using [`AuthorizationCall`] and [`AuthorizationAnswer`] types
49
+ * Check whether a policy set successfully parses.
42
50
  */
43
- export function isAuthorized(call: AuthorizationCall): AuthorizationAnswer;
51
+ export function checkParsePolicySet(policies: PolicySet): CheckParseAnswer;
44
52
  /**
45
- * Takes a PolicySet represented as string and return the policies
46
- * and templates split into vecs and sorted by id.
53
+ * Check whether a context successfully parses.
47
54
  */
48
- export function policySetTextToParts(policyset_str: string): PolicySetTextToPartsAnswer;
55
+ export function checkParseContext(call: ContextParsingCall): CheckParseAnswer;
49
56
  /**
50
57
  * Return the Cedar (textual) representation of a policy.
51
58
  */
52
59
  export function policyToText(policy: Policy): PolicyToTextAnswer;
53
60
  /**
54
- * Return the Cedar (textual) representation of a template.
55
- */
56
- export function templateToText(template: Template): PolicyToTextAnswer;
57
- /**
58
- * Return the JSON representation of a policy.
61
+ * Return the Cedar (textual) representation of a schema.
59
62
  */
60
- export function policyToJson(policy: Policy): PolicyToJsonAnswer;
63
+ export function schemaToText(schema: Schema): SchemaToTextAnswer;
61
64
  /**
62
65
  * Return the JSON representation of a template.
63
66
  */
64
67
  export function templateToJson(template: Template): PolicyToJsonAnswer;
65
68
  /**
66
- * Return the Cedar (textual) representation of a schema.
69
+ * Takes a `PolicySet` represented as string and return the policies
70
+ * and templates split into vecs and sorted by id.
67
71
  */
68
- export function schemaToText(schema: Schema): SchemaToTextAnswer;
72
+ export function policySetTextToParts(policyset_str: string): PolicySetTextToPartsAnswer;
69
73
  /**
70
74
  * Return the JSON representation of a schema.
71
75
  */
72
76
  export function schemaToJson(schema: Schema): SchemaToJsonAnswer;
77
+ /**
78
+ * Return the JSON representation of a policy.
79
+ */
80
+ export function policyToJson(policy: Policy): PolicyToJsonAnswer;
81
+ /**
82
+ * Return the Cedar (textual) representation of a template.
83
+ */
84
+ export function templateToText(template: Template): PolicyToTextAnswer;
73
85
  /**
74
86
  * Get language version of Cedar
75
87
  */
76
88
  export function getCedarLangVersion(): string;
89
+ /**
90
+ * Apply the Cedar policy formatter to a policy set in the Cedar policy format
91
+ */
92
+ export function formatPolicies(call: FormattingCall): FormattingAnswer;
93
+ /**
94
+ * Parse a policy set and optionally validate it against a provided schema
95
+ *
96
+ * This is the basic validator interface, using [`ValidationCall`] and
97
+ * [`ValidationAnswer`] types
98
+ */
99
+ export function validate(call: ValidationCall): ValidationAnswer;
77
100
  export type GetValidRequestEnvsResult = { type: "success"; principals: string[]; actions: string[]; resources: string[] } | { type: "failure"; error: string };
78
101
 
79
- export interface ValidationCall {
80
- validationSettings?: ValidationSettings;
81
- schema: Schema;
82
- policies: PolicySet;
83
- }
84
-
85
- export interface ValidationSettings {
86
- mode: ValidationMode;
87
- }
88
-
89
- export interface ValidationError {
90
- policyId: string;
91
- error: DetailedError;
92
- }
93
-
94
- export type ValidationAnswer = { type: "failure"; errors: DetailedError[]; warnings: DetailedError[] } | { type: "success"; validationErrors: ValidationError[]; validationWarnings: ValidationError[]; otherWarnings: DetailedError[] };
95
-
96
- export type CheckParseAnswer = { type: "success" } | { type: "failure"; errors: DetailedError[] };
97
-
98
- export interface EntitiesParsingCall {
99
- entities: Entities;
100
- schema?: Schema | null;
101
- }
102
-
103
- export interface ContextParsingCall {
104
- context: Context;
105
- schema?: Schema | null;
106
- action?: EntityUid | null;
107
- }
108
-
109
- export interface FormattingCall {
110
- policyText: string;
111
- lineWidth?: number;
112
- indentWidth?: number;
113
- }
102
+ export type SlotId = string;
114
103
 
115
- export type FormattingAnswer = { type: "failure"; errors: DetailedError[] } | { type: "success"; formatted_policy: string };
104
+ export type PolicyId = string;
116
105
 
117
106
  export interface Response {
118
107
  decision: Decision;
119
108
  diagnostics: Diagnostics;
120
109
  }
121
110
 
122
- export interface Diagnostics {
123
- reason: PolicyId[];
124
- errors: AuthorizationError[];
125
- }
126
-
127
111
  export interface AuthorizationError {
128
112
  policyId: string;
129
113
  error: DetailedError;
@@ -131,6 +115,17 @@ export interface AuthorizationError {
131
115
 
132
116
  export type AuthorizationAnswer = { type: "failure"; errors: DetailedError[]; warnings: DetailedError[] } | { type: "success"; response: Response; warnings: DetailedError[] };
133
117
 
118
+ export interface StatefulAuthorizationCall {
119
+ principal: EntityUid;
120
+ action: EntityUid;
121
+ resource: EntityUid;
122
+ context: Context;
123
+ preparsedSchemaName?: string;
124
+ validateRequest?: boolean;
125
+ preparsedPolicySetId: string;
126
+ entities: Entities;
127
+ }
128
+
134
129
  export interface AuthorizationCall {
135
130
  principal: EntityUid;
136
131
  action: EntityUid;
@@ -142,53 +137,26 @@ export interface AuthorizationCall {
142
137
  entities: Entities;
143
138
  }
144
139
 
145
- export type PolicyToTextAnswer = { type: "success"; text: string } | { type: "failure"; errors: DetailedError[] };
146
-
147
- export type PolicySetTextToPartsAnswer = { type: "success"; policies: string[]; policy_templates: string[] } | { type: "failure"; errors: DetailedError[] };
148
-
149
- export type PolicyToJsonAnswer = { type: "success"; json: PolicyJson } | { type: "failure"; errors: DetailedError[] };
150
-
151
- export type SchemaToTextAnswer = { type: "success"; text: string; warnings: DetailedError[] } | { type: "failure"; errors: DetailedError[] };
152
-
153
- export type SchemaToJsonAnswer = { type: "success"; json: SchemaJson<string>; warnings: DetailedError[] } | { type: "failure"; errors: DetailedError[] };
154
-
155
- export type Schema = string | SchemaJson<string>;
156
-
157
- export interface PolicySet {
158
- staticPolicies?: StaticPolicySet;
159
- templates?: Record<PolicyId, Template>;
160
- templateLinks?: TemplateLink[];
140
+ export interface Diagnostics {
141
+ reason: PolicyId[];
142
+ errors: AuthorizationError[];
161
143
  }
162
144
 
145
+ export type Severity = "advice" | "warning" | "error";
146
+
163
147
  export interface TemplateLink {
164
148
  templateId: PolicyId;
165
149
  newId: PolicyId;
166
150
  values: Record<SlotId, EntityUid>;
167
151
  }
168
152
 
169
- export type StaticPolicySet = string | Policy[] | Record<PolicyId, Policy>;
170
-
171
- export type Template = string | PolicyJson;
172
-
173
- export type Policy = string | PolicyJson;
174
-
175
- export type Entities = Array<EntityJson>;
176
-
177
- export type Context = Record<string, CedarValueJson>;
178
-
179
- export type EntityUid = EntityUidJson;
153
+ export type Schema = string | SchemaJson<string>;
180
154
 
181
155
  export interface SourceLocation {
182
156
  start: number;
183
157
  end: number;
184
158
  }
185
159
 
186
- export interface SourceLabel extends SourceLocation {
187
- label: string | null;
188
- }
189
-
190
- export type Severity = "advice" | "warning" | "error";
191
-
192
160
  export interface DetailedError {
193
161
  message: string;
194
162
  help: string | null;
@@ -199,30 +167,77 @@ export interface DetailedError {
199
167
  related?: DetailedError[];
200
168
  }
201
169
 
202
- export type SlotId = string;
170
+ export interface PolicySet {
171
+ staticPolicies?: StaticPolicySet;
172
+ templates?: Record<PolicyId, Template>;
173
+ templateLinks?: TemplateLink[];
174
+ }
203
175
 
204
- export type PolicyId = string;
176
+ export type EntityUid = EntityUidJson;
177
+
178
+ export type Policy = string | PolicyJson;
179
+
180
+ export type StaticPolicySet = string | Policy[] | Record<PolicyId, Policy>;
181
+
182
+ export type Context = Record<string, CedarValueJson>;
183
+
184
+ export type Entities = Array<EntityJson>;
185
+
186
+ export interface SourceLabel extends SourceLocation {
187
+ label: string | null;
188
+ }
189
+
190
+ export type Template = string | PolicyJson;
205
191
 
206
192
  export type ValidationMode = "strict";
207
193
 
208
- export type ActionInConstraint = { entity: EntityUidJson } | { entities: EntityUidJson[] };
194
+ export interface EntitiesParsingCall {
195
+ entities: Entities;
196
+ schema?: Schema | null;
197
+ }
209
198
 
210
- export interface PrincipalOrResourceIsConstraint {
211
- entity_type: string;
212
- in?: PrincipalOrResourceInConstraint;
199
+ export interface ContextParsingCall {
200
+ context: Context;
201
+ schema?: Schema | null;
202
+ action?: EntityUid | null;
213
203
  }
214
204
 
215
- export type PrincipalOrResourceInConstraint = { entity: EntityUidJson } | { slot: string };
205
+ export type CheckParseAnswer = { type: "success" } | { type: "failure"; errors: DetailedError[] };
216
206
 
217
- export type EqConstraint = { entity: EntityUidJson } | { slot: string };
207
+ export type PolicyToJsonAnswer = { type: "success"; json: PolicyJson } | { type: "failure"; errors: DetailedError[] };
218
208
 
219
- export type ResourceConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & PrincipalOrResourceInConstraint) | ({ op: "is" } & PrincipalOrResourceIsConstraint);
209
+ export type PolicyToTextAnswer = { type: "success"; text: string } | { type: "failure"; errors: DetailedError[] };
220
210
 
221
- export type ActionConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & ActionInConstraint);
211
+ export type PolicySetTextToPartsAnswer = { type: "success"; policies: string[]; policy_templates: string[] } | { type: "failure"; errors: DetailedError[] };
222
212
 
223
- export type PrincipalConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & PrincipalOrResourceInConstraint) | ({ op: "is" } & PrincipalOrResourceIsConstraint);
213
+ export type SchemaToJsonAnswer = { type: "success"; json: SchemaJson<string>; warnings: DetailedError[] } | { type: "failure"; errors: DetailedError[] };
224
214
 
225
- export type Effect = "permit" | "forbid";
215
+ export type SchemaToTextAnswer = { type: "success"; text: string; warnings: DetailedError[] } | { type: "failure"; errors: DetailedError[] };
216
+
217
+ export type FormattingAnswer = { type: "failure"; errors: DetailedError[] } | { type: "success"; formatted_policy: string };
218
+
219
+ export interface FormattingCall {
220
+ policyText: string;
221
+ lineWidth?: number;
222
+ indentWidth?: number;
223
+ }
224
+
225
+ export interface ValidationSettings {
226
+ mode: ValidationMode;
227
+ }
228
+
229
+ export interface ValidationError {
230
+ policyId: string;
231
+ error: DetailedError;
232
+ }
233
+
234
+ export interface ValidationCall {
235
+ validationSettings?: ValidationSettings;
236
+ schema: Schema;
237
+ policies: PolicySet;
238
+ }
239
+
240
+ export type ValidationAnswer = { type: "failure"; errors: DetailedError[]; warnings: DetailedError[] } | { type: "success"; validationErrors: ValidationError[]; validationWarnings: ValidationError[]; otherWarnings: DetailedError[] };
226
241
 
227
242
  export interface EntityJson {
228
243
  uid: EntityUidJson;
@@ -231,42 +246,68 @@ export interface EntityJson {
231
246
  tags?: Record<string, CedarValueJson>;
232
247
  }
233
248
 
234
- export type ExtFuncCall = {} & Record<string, Array<Expr>>;
249
+ export type AnyId = SmolStr;
235
250
 
236
- export type ExprNoExt = { Value: CedarValueJson } | { Var: Var } | { Slot: string } | { "!": { arg: Expr } } | { neg: { arg: Expr } } | { "==": { left: Expr; right: Expr } } | { "!=": { left: Expr; right: Expr } } | { in: { left: Expr; right: Expr } } | { "<": { left: Expr; right: Expr } } | { "<=": { left: Expr; right: Expr } } | { ">": { left: Expr; right: Expr } } | { ">=": { left: Expr; right: Expr } } | { "&&": { left: Expr; right: Expr } } | { "||": { left: Expr; right: Expr } } | { "+": { left: Expr; right: Expr } } | { "-": { left: Expr; right: Expr } } | { "*": { left: Expr; right: Expr } } | { contains: { left: Expr; right: Expr } } | { containsAll: { left: Expr; right: Expr } } | { containsAny: { left: Expr; right: Expr } } | { isEmpty: { arg: Expr } } | { getTag: { left: Expr; right: Expr } } | { hasTag: { left: Expr; right: Expr } } | { ".": { left: Expr; attr: SmolStr } } | { has: { left: Expr; attr: SmolStr } } | { like: { left: Expr; pattern: PatternElem[] } } | { is: { left: Expr; entity_type: SmolStr; in?: Expr } } | { "if-then-else": { if: Expr; then: Expr; else: Expr } } | { Set: Expr[] } | { Record: Record<string, Expr> };
251
+ export type UnreservedId = string;
237
252
 
238
- export type PatternElem = "Wildcard" | { Literal: SmolStr };
253
+ export type Effect = "permit" | "forbid";
239
254
 
240
- export type Expr = ExprNoExt | ExtFuncCall;
255
+ export type EqConstraint = { entity: EntityUidJson } | { slot: string };
241
256
 
242
- export type TypeVariant<N> = { type: "String" } | { type: "Long" } | { type: "Boolean" } | { type: "Set"; element: Type<N> } | ({ type: "Record" } & RecordType<N>) | { type: "Entity"; name: N } | { type: "EntityOrCommon"; name: N } | { type: "Extension"; name: UnreservedId };
257
+ export type ResourceConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & PrincipalOrResourceInConstraint) | ({ op: "is" } & PrincipalOrResourceIsConstraint);
243
258
 
244
- export interface RecordType<N> {
245
- attributes: Record<SmolStr, TypeOfAttribute<N>>;
246
- additionalAttributes?: boolean;
259
+ export type PrincipalConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & PrincipalOrResourceInConstraint) | ({ op: "is" } & PrincipalOrResourceIsConstraint);
260
+
261
+ export type ActionInConstraint = { entity: EntityUidJson } | { entities: EntityUidJson[] };
262
+
263
+ export interface PrincipalOrResourceIsConstraint {
264
+ entity_type: string;
265
+ in?: PrincipalOrResourceInConstraint;
247
266
  }
248
267
 
268
+ export type ActionConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & ActionInConstraint);
269
+
270
+ export type PrincipalOrResourceInConstraint = { entity: EntityUidJson } | { slot: string };
271
+
272
+ export type AttributesOrContext<N> = Type<N>;
273
+
274
+ export type TypeVariant<N> = { type: "String" } | { type: "Long" } | { type: "Boolean" } | { type: "Set"; element: Type<N> } | ({ type: "Record" } & RecordType<N>) | { type: "Entity"; name: N } | { type: "EntityOrCommon"; name: N } | { type: "Extension"; name: UnreservedId };
275
+
249
276
  export type Type<N> = ({} & TypeVariant<N>) | { type: N };
250
277
 
278
+ export type EntityTypeKind<N> = StandardEntityType<N> | { enum: NonEmpty<SmolStr> };
279
+
251
280
  export interface ActionEntityUID<N> {
252
281
  id: SmolStr;
253
282
  type?: N;
254
283
  }
255
284
 
285
+ export interface ActionType<N> {
286
+ attributes?: Record<SmolStr, CedarValueJson>;
287
+ appliesTo?: ApplySpec<N>;
288
+ memberOf?: ActionEntityUID<N>[];
289
+ annotations?: Annotations;
290
+ }
291
+
256
292
  export interface ApplySpec<N> {
257
293
  resourceTypes: N[];
258
294
  principalTypes: N[];
259
295
  context?: AttributesOrContext<N>;
260
296
  }
261
297
 
262
- export interface ActionType<N> {
263
- attributes?: Record<SmolStr, CedarValueJson>;
264
- appliesTo?: ApplySpec<N>;
265
- memberOf?: ActionEntityUID<N>[];
298
+ export type SchemaJson<N> = Record<string, NamespaceDefinition<N>>;
299
+
300
+ export interface NamespaceDefinition<N> {
301
+ commonTypes?: Record<CommonTypeId, CommonType<N>>;
302
+ entityTypes: Record<UnreservedId, EntityType<N>>;
303
+ actions: Record<SmolStr, ActionType<N>>;
266
304
  annotations?: Annotations;
267
305
  }
268
306
 
269
- export type AttributesOrContext<N> = Type<N>;
307
+ export interface RecordType<N> {
308
+ attributes: Record<SmolStr, TypeOfAttribute<N>>;
309
+ additionalAttributes?: boolean;
310
+ }
270
311
 
271
312
  export interface StandardEntityType<N> {
272
313
  memberOfTypes?: N[];
@@ -274,55 +315,45 @@ export interface StandardEntityType<N> {
274
315
  tags?: Type<N>;
275
316
  }
276
317
 
277
- export type EntityTypeKind<N> = StandardEntityType<N> | { enum: NonEmpty<SmolStr> };
318
+ export type CommonTypeId = string;
278
319
 
279
- export interface NamespaceDefinition<N> {
280
- commonTypes?: Record<CommonTypeId, CommonType<N>>;
281
- entityTypes: Record<UnreservedId, EntityType<N>>;
282
- actions: Record<SmolStr, ActionType<N>>;
320
+ export type Decision = "allow" | "deny";
321
+
322
+ export type Clause = { kind: "when"; body: Expr } | { kind: "unless"; body: Expr };
323
+
324
+ export interface PolicyJson {
325
+ effect: Effect;
326
+ principal: PrincipalConstraint;
327
+ action: ActionConstraint;
328
+ resource: ResourceConstraint;
329
+ conditions: Clause[];
283
330
  annotations?: Annotations;
284
331
  }
285
332
 
286
- export type CommonTypeId = string;
287
-
288
- export type SchemaJson<N> = Record<string, NamespaceDefinition<N>>;
333
+ export type ExtFuncCall = {} & Record<string, Array<Expr>>;
289
334
 
290
- export type AnyId = SmolStr;
335
+ export type Expr = ExprNoExt | ExtFuncCall;
291
336
 
292
- export type UnreservedId = string;
337
+ export type ExprNoExt = { Value: CedarValueJson } | { Var: Var } | { Slot: string } | { "!": { arg: Expr } } | { neg: { arg: Expr } } | { "==": { left: Expr; right: Expr } } | { "!=": { left: Expr; right: Expr } } | { in: { left: Expr; right: Expr } } | { "<": { left: Expr; right: Expr } } | { "<=": { left: Expr; right: Expr } } | { ">": { left: Expr; right: Expr } } | { ">=": { left: Expr; right: Expr } } | { "&&": { left: Expr; right: Expr } } | { "||": { left: Expr; right: Expr } } | { "+": { left: Expr; right: Expr } } | { "-": { left: Expr; right: Expr } } | { "*": { left: Expr; right: Expr } } | { contains: { left: Expr; right: Expr } } | { containsAll: { left: Expr; right: Expr } } | { containsAny: { left: Expr; right: Expr } } | { isEmpty: { arg: Expr } } | { getTag: { left: Expr; right: Expr } } | { hasTag: { left: Expr; right: Expr } } | { ".": { left: Expr; attr: SmolStr } } | { has: { left: Expr; attr: SmolStr } } | { like: { left: Expr; pattern: PatternElem[] } } | { is: { left: Expr; entity_type: SmolStr; in?: Expr } } | { "if-then-else": { if: Expr; then: Expr; else: Expr } } | { Set: Expr[] } | { Record: Record<string, Expr> };
293
338
 
294
- export type Annotations = Record<string, Annotation>;
339
+ export type PatternElem = "Wildcard" | { Literal: SmolStr };
295
340
 
296
341
  export type Annotation = SmolStr;
297
342
 
298
- export type EntityUidJson = { __entity: TypeAndId } | TypeAndId;
343
+ export type Annotations = Record<string, Annotation>;
299
344
 
300
- export interface FnAndArg {
301
- fn: string;
302
- arg: CedarValueJson;
303
- }
345
+ export type Var = "principal" | "action" | "resource" | "context";
304
346
 
305
347
  export interface TypeAndId {
306
348
  type: string;
307
349
  id: string;
308
350
  }
309
351
 
310
- export type CedarValueJson = { __entity: TypeAndId } | { __extn: FnAndArg } | boolean | number | string | CedarValueJson[] | { [key: string]: CedarValueJson } | null;
311
-
312
- export type Var = "principal" | "action" | "resource" | "context";
313
-
314
- export type Clause = { kind: "when"; body: Expr } | { kind: "unless"; body: Expr };
352
+ export type FnAndArgs = { fn: string; arg: CedarValueJson } | { fn: string; args: CedarValueJson[] };
315
353
 
316
- export interface PolicyJson {
317
- effect: Effect;
318
- principal: PrincipalConstraint;
319
- action: ActionConstraint;
320
- resource: ResourceConstraint;
321
- conditions: Clause[];
322
- annotations?: Annotations;
323
- }
354
+ export type EntityUidJson = { __entity: TypeAndId } | TypeAndId;
324
355
 
325
- export type Decision = "allow" | "deny";
356
+ export type CedarValueJson = { __entity: TypeAndId } | { __extn: FnAndArgs } | boolean | number | string | CedarValueJson[] | { [key: string]: CedarValueJson } | null;
326
357
 
327
358
  type SmolStr = string;
328
359
  export type TypeOfAttribute<N> = Type<N> & { required?: boolean };