@cedar-policy/cedar-wasm 4.5.1 → 4.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/esm/cedar_wasm.d.ts +191 -157
- package/esm/cedar_wasm_bg.js +160 -107
- package/esm/cedar_wasm_bg.wasm +0 -0
- package/esm/cedar_wasm_bg.wasm.d.ts +6 -3
- package/esm/package.json +1 -1
- package/nodejs/cedar_wasm.d.ts +191 -157
- package/nodejs/cedar_wasm.js +159 -115
- package/nodejs/cedar_wasm_bg.wasm +0 -0
- package/nodejs/cedar_wasm_bg.wasm.d.ts +6 -3
- package/nodejs/package.json +1 -1
- package/package.json +1 -1
- package/web/cedar_wasm.d.ts +197 -160
- package/web/cedar_wasm.js +164 -103
- package/web/cedar_wasm_bg.wasm +0 -0
- package/web/cedar_wasm_bg.wasm.d.ts +6 -3
- package/web/package.json +1 -1
package/esm/cedar_wasm.d.ts
CHANGED
|
@@ -1,23 +1,42 @@
|
|
|
1
1
|
/* tslint:disable */
|
|
2
2
|
/* eslint-disable */
|
|
3
|
-
export function getCedarVersion(): string;
|
|
4
3
|
export function getCedarSDKVersion(): string;
|
|
4
|
+
export function getCedarVersion(): string;
|
|
5
5
|
/**
|
|
6
6
|
* Get valid request environment
|
|
7
7
|
*/
|
|
8
|
-
export function
|
|
8
|
+
export function getValidRequestEnvsPolicy(t: Policy, s: Schema): GetValidRequestEnvsResult;
|
|
9
9
|
/**
|
|
10
10
|
* Get valid request environment
|
|
11
11
|
*/
|
|
12
|
-
export function
|
|
12
|
+
export function getValidRequestEnvsTemplate(t: Template, s: Schema): GetValidRequestEnvsResult;
|
|
13
13
|
/**
|
|
14
|
-
*
|
|
14
|
+
* Stateful authorization using preparsed schemas and policy sets.
|
|
15
|
+
*
|
|
16
|
+
* This function works like [`is_authorized`] but retrieves schemas and policy sets
|
|
17
|
+
* from thread-local cache instead of parsing them on each call.
|
|
15
18
|
*/
|
|
16
|
-
export function
|
|
19
|
+
export function statefulIsAuthorized(call: StatefulAuthorizationCall): AuthorizationAnswer;
|
|
17
20
|
/**
|
|
18
|
-
*
|
|
21
|
+
* Basic interface, using [`AuthorizationCall`] and [`AuthorizationAnswer`] types
|
|
19
22
|
*/
|
|
20
|
-
export function
|
|
23
|
+
export function isAuthorized(call: AuthorizationCall): AuthorizationAnswer;
|
|
24
|
+
/**
|
|
25
|
+
* Preparse and cache a policy set in thread-local storage
|
|
26
|
+
*
|
|
27
|
+
* # Errors
|
|
28
|
+
*
|
|
29
|
+
* Will return `Err` if the input cannot be parsed. Side-effect free on error.
|
|
30
|
+
*/
|
|
31
|
+
export function preparsePolicySet(pset_id: string, policies: PolicySet): CheckParseAnswer;
|
|
32
|
+
/**
|
|
33
|
+
* Preparse and cache a schema in thread-local storage
|
|
34
|
+
*
|
|
35
|
+
* # Errors
|
|
36
|
+
*
|
|
37
|
+
* Will return `Err` if the input cannot be parsed. Side-effect free on error.
|
|
38
|
+
*/
|
|
39
|
+
export function preparseSchema(schema_name: string, schema: Schema): CheckParseAnswer;
|
|
21
40
|
/**
|
|
22
41
|
* Check whether a policy set successfully parses.
|
|
23
42
|
*/
|
|
@@ -27,38 +46,50 @@ export function checkParsePolicySet(policies: PolicySet): CheckParseAnswer;
|
|
|
27
46
|
*/
|
|
28
47
|
export function checkParseContext(call: ContextParsingCall): CheckParseAnswer;
|
|
29
48
|
/**
|
|
30
|
-
*
|
|
31
|
-
*/
|
|
32
|
-
export function formatPolicies(call: FormattingCall): FormattingAnswer;
|
|
33
|
-
/**
|
|
34
|
-
* Return the Cedar (textual) representation of a template.
|
|
49
|
+
* Check whether a schema successfully parses.
|
|
35
50
|
*/
|
|
36
|
-
export function
|
|
51
|
+
export function checkParseSchema(schema: Schema): CheckParseAnswer;
|
|
37
52
|
/**
|
|
38
|
-
*
|
|
53
|
+
* Check whether a set of entities successfully parses.
|
|
39
54
|
*/
|
|
40
|
-
export function
|
|
55
|
+
export function checkParseEntities(call: EntitiesParsingCall): CheckParseAnswer;
|
|
41
56
|
/**
|
|
42
57
|
* Takes a `PolicySet` represented as string and return the policies
|
|
43
58
|
* and templates split into vecs and sorted by id.
|
|
44
59
|
*/
|
|
45
60
|
export function policySetTextToParts(policyset_str: string): PolicySetTextToPartsAnswer;
|
|
61
|
+
/**
|
|
62
|
+
* Return the JSON representation of a template.
|
|
63
|
+
*/
|
|
64
|
+
export function templateToJson(template: Template): PolicyToJsonAnswer;
|
|
65
|
+
/**
|
|
66
|
+
* Return the Cedar (textual) representation of a policy.
|
|
67
|
+
*/
|
|
68
|
+
export function policyToText(policy: Policy): PolicyToTextAnswer;
|
|
46
69
|
/**
|
|
47
70
|
* Return the JSON representation of a schema.
|
|
48
71
|
*/
|
|
49
72
|
export function schemaToJson(schema: Schema): SchemaToJsonAnswer;
|
|
73
|
+
/**
|
|
74
|
+
* Return the Cedar (textual) representation of a template.
|
|
75
|
+
*/
|
|
76
|
+
export function templateToText(template: Template): PolicyToTextAnswer;
|
|
77
|
+
/**
|
|
78
|
+
* Return the JSON representation of a policy.
|
|
79
|
+
*/
|
|
80
|
+
export function policyToJson(policy: Policy): PolicyToJsonAnswer;
|
|
50
81
|
/**
|
|
51
82
|
* Return the Cedar (textual) representation of a schema.
|
|
52
83
|
*/
|
|
53
84
|
export function schemaToText(schema: Schema): SchemaToTextAnswer;
|
|
54
85
|
/**
|
|
55
|
-
*
|
|
86
|
+
* Get language version of Cedar
|
|
56
87
|
*/
|
|
57
|
-
export function
|
|
88
|
+
export function getCedarLangVersion(): string;
|
|
58
89
|
/**
|
|
59
|
-
*
|
|
90
|
+
* Apply the Cedar policy formatter to a policy set in the Cedar policy format
|
|
60
91
|
*/
|
|
61
|
-
export function
|
|
92
|
+
export function formatPolicies(call: FormattingCall): FormattingAnswer;
|
|
62
93
|
/**
|
|
63
94
|
* Parse a policy set and optionally validate it against a provided schema
|
|
64
95
|
*
|
|
@@ -66,76 +97,40 @@ export function templateToJson(template: Template): PolicyToJsonAnswer;
|
|
|
66
97
|
* [`ValidationAnswer`] types
|
|
67
98
|
*/
|
|
68
99
|
export function validate(call: ValidationCall): ValidationAnswer;
|
|
69
|
-
/**
|
|
70
|
-
* Basic interface, using [`AuthorizationCall`] and [`AuthorizationAnswer`] types
|
|
71
|
-
*/
|
|
72
|
-
export function isAuthorized(call: AuthorizationCall): AuthorizationAnswer;
|
|
73
|
-
/**
|
|
74
|
-
* Get language version of Cedar
|
|
75
|
-
*/
|
|
76
|
-
export function getCedarLangVersion(): string;
|
|
77
100
|
export type GetValidRequestEnvsResult = { type: "success"; principals: string[]; actions: string[]; resources: string[] } | { type: "failure"; error: string };
|
|
78
101
|
|
|
79
|
-
export
|
|
80
|
-
entities: Entities;
|
|
81
|
-
schema?: Schema | null;
|
|
82
|
-
}
|
|
83
|
-
|
|
84
|
-
export type CheckParseAnswer = { type: "success" } | { type: "failure"; errors: DetailedError[] };
|
|
85
|
-
|
|
86
|
-
export interface ContextParsingCall {
|
|
87
|
-
context: Context;
|
|
88
|
-
schema?: Schema | null;
|
|
89
|
-
action?: EntityUid | null;
|
|
90
|
-
}
|
|
91
|
-
|
|
92
|
-
export type FormattingAnswer = { type: "failure"; errors: DetailedError[] } | { type: "success"; formatted_policy: string };
|
|
93
|
-
|
|
94
|
-
export interface FormattingCall {
|
|
95
|
-
policyText: string;
|
|
96
|
-
lineWidth?: number;
|
|
97
|
-
indentWidth?: number;
|
|
98
|
-
}
|
|
99
|
-
|
|
100
|
-
export type SchemaToTextAnswer = { type: "success"; text: string; warnings: DetailedError[] } | { type: "failure"; errors: DetailedError[] };
|
|
101
|
-
|
|
102
|
-
export type SchemaToJsonAnswer = { type: "success"; json: SchemaJson<string>; warnings: DetailedError[] } | { type: "failure"; errors: DetailedError[] };
|
|
103
|
-
|
|
104
|
-
export type PolicyToTextAnswer = { type: "success"; text: string } | { type: "failure"; errors: DetailedError[] };
|
|
102
|
+
export type PolicyId = string;
|
|
105
103
|
|
|
106
|
-
export type
|
|
104
|
+
export type SlotId = string;
|
|
107
105
|
|
|
108
|
-
export type
|
|
106
|
+
export type AuthorizationAnswer = { type: "failure"; errors: DetailedError[]; warnings: DetailedError[] } | { type: "success"; response: Response; warnings: DetailedError[] };
|
|
109
107
|
|
|
110
|
-
export interface
|
|
111
|
-
|
|
108
|
+
export interface Response {
|
|
109
|
+
decision: Decision;
|
|
110
|
+
diagnostics: Diagnostics;
|
|
112
111
|
}
|
|
113
112
|
|
|
114
|
-
export
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
113
|
+
export interface StatefulAuthorizationCall {
|
|
114
|
+
principal: EntityUid;
|
|
115
|
+
action: EntityUid;
|
|
116
|
+
resource: EntityUid;
|
|
117
|
+
context: Context;
|
|
118
|
+
preparsedSchemaName?: string;
|
|
119
|
+
validateRequest?: boolean;
|
|
120
|
+
preparsedPolicySetId: string;
|
|
121
|
+
entities: Entities;
|
|
120
122
|
}
|
|
121
123
|
|
|
122
|
-
export interface
|
|
123
|
-
|
|
124
|
-
|
|
124
|
+
export interface Diagnostics {
|
|
125
|
+
reason: PolicyId[];
|
|
126
|
+
errors: AuthorizationError[];
|
|
125
127
|
}
|
|
126
128
|
|
|
127
|
-
export type AuthorizationAnswer = { type: "failure"; errors: DetailedError[]; warnings: DetailedError[] } | { type: "success"; response: Response; warnings: DetailedError[] };
|
|
128
|
-
|
|
129
129
|
export interface AuthorizationError {
|
|
130
130
|
policyId: string;
|
|
131
131
|
error: DetailedError;
|
|
132
132
|
}
|
|
133
133
|
|
|
134
|
-
export interface Response {
|
|
135
|
-
decision: Decision;
|
|
136
|
-
diagnostics: Diagnostics;
|
|
137
|
-
}
|
|
138
|
-
|
|
139
134
|
export interface AuthorizationCall {
|
|
140
135
|
principal: EntityUid;
|
|
141
136
|
action: EntityUid;
|
|
@@ -147,20 +142,19 @@ export interface AuthorizationCall {
|
|
|
147
142
|
entities: Entities;
|
|
148
143
|
}
|
|
149
144
|
|
|
150
|
-
export
|
|
151
|
-
reason: PolicyId[];
|
|
152
|
-
errors: AuthorizationError[];
|
|
153
|
-
}
|
|
154
|
-
|
|
155
|
-
export type PolicyId = string;
|
|
145
|
+
export type Entities = Array<EntityJson>;
|
|
156
146
|
|
|
157
|
-
export type
|
|
147
|
+
export type Schema = string | SchemaJson<string>;
|
|
158
148
|
|
|
159
|
-
export type
|
|
149
|
+
export type EntityUid = EntityUidJson;
|
|
160
150
|
|
|
161
|
-
export type
|
|
151
|
+
export type Severity = "advice" | "warning" | "error";
|
|
162
152
|
|
|
163
|
-
export
|
|
153
|
+
export interface PolicySet {
|
|
154
|
+
staticPolicies?: StaticPolicySet;
|
|
155
|
+
templates?: Record<PolicyId, Template>;
|
|
156
|
+
templateLinks?: TemplateLink[];
|
|
157
|
+
}
|
|
164
158
|
|
|
165
159
|
export interface SourceLabel extends SourceLocation {
|
|
166
160
|
label: string | null;
|
|
@@ -174,14 +168,9 @@ export interface TemplateLink {
|
|
|
174
168
|
|
|
175
169
|
export type Policy = string | PolicyJson;
|
|
176
170
|
|
|
177
|
-
export type
|
|
178
|
-
|
|
179
|
-
export interface SourceLocation {
|
|
180
|
-
start: number;
|
|
181
|
-
end: number;
|
|
182
|
-
}
|
|
171
|
+
export type StaticPolicySet = string | Policy[] | Record<PolicyId, Policy>;
|
|
183
172
|
|
|
184
|
-
export type
|
|
173
|
+
export type Context = Record<string, CedarValueJson>;
|
|
185
174
|
|
|
186
175
|
export interface DetailedError {
|
|
187
176
|
message: string;
|
|
@@ -193,21 +182,62 @@ export interface DetailedError {
|
|
|
193
182
|
related?: DetailedError[];
|
|
194
183
|
}
|
|
195
184
|
|
|
196
|
-
export
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
185
|
+
export type Template = string | PolicyJson;
|
|
186
|
+
|
|
187
|
+
export interface SourceLocation {
|
|
188
|
+
start: number;
|
|
189
|
+
end: number;
|
|
200
190
|
}
|
|
201
191
|
|
|
202
|
-
export type
|
|
192
|
+
export type CheckParseAnswer = { type: "success" } | { type: "failure"; errors: DetailedError[] };
|
|
203
193
|
|
|
204
|
-
export
|
|
194
|
+
export interface EntitiesParsingCall {
|
|
195
|
+
entities: Entities;
|
|
196
|
+
schema?: Schema | null;
|
|
197
|
+
}
|
|
205
198
|
|
|
206
|
-
export
|
|
199
|
+
export interface ContextParsingCall {
|
|
200
|
+
context: Context;
|
|
201
|
+
schema?: Schema | null;
|
|
202
|
+
action?: EntityUid | null;
|
|
203
|
+
}
|
|
207
204
|
|
|
208
|
-
export type
|
|
205
|
+
export type PolicySetTextToPartsAnswer = { type: "success"; policies: string[]; policy_templates: string[] } | { type: "failure"; errors: DetailedError[] };
|
|
209
206
|
|
|
210
|
-
export type
|
|
207
|
+
export type SchemaToJsonAnswer = { type: "success"; json: SchemaJson<string>; warnings: DetailedError[] } | { type: "failure"; errors: DetailedError[] };
|
|
208
|
+
|
|
209
|
+
export type PolicyToJsonAnswer = { type: "success"; json: PolicyJson } | { type: "failure"; errors: DetailedError[] };
|
|
210
|
+
|
|
211
|
+
export type SchemaToTextAnswer = { type: "success"; text: string; warnings: DetailedError[] } | { type: "failure"; errors: DetailedError[] };
|
|
212
|
+
|
|
213
|
+
export type PolicyToTextAnswer = { type: "success"; text: string } | { type: "failure"; errors: DetailedError[] };
|
|
214
|
+
|
|
215
|
+
export type ValidationMode = "strict";
|
|
216
|
+
|
|
217
|
+
export interface FormattingCall {
|
|
218
|
+
policyText: string;
|
|
219
|
+
lineWidth?: number;
|
|
220
|
+
indentWidth?: number;
|
|
221
|
+
}
|
|
222
|
+
|
|
223
|
+
export type FormattingAnswer = { type: "failure"; errors: DetailedError[] } | { type: "success"; formatted_policy: string };
|
|
224
|
+
|
|
225
|
+
export interface ValidationError {
|
|
226
|
+
policyId: string;
|
|
227
|
+
error: DetailedError;
|
|
228
|
+
}
|
|
229
|
+
|
|
230
|
+
export interface ValidationCall {
|
|
231
|
+
validationSettings?: ValidationSettings;
|
|
232
|
+
schema: Schema;
|
|
233
|
+
policies: PolicySet;
|
|
234
|
+
}
|
|
235
|
+
|
|
236
|
+
export type ValidationAnswer = { type: "failure"; errors: DetailedError[]; warnings: DetailedError[] } | { type: "success"; validationErrors: ValidationError[]; validationWarnings: ValidationError[]; otherWarnings: DetailedError[] };
|
|
237
|
+
|
|
238
|
+
export interface ValidationSettings {
|
|
239
|
+
mode: ValidationMode;
|
|
240
|
+
}
|
|
211
241
|
|
|
212
242
|
export interface EntityJson {
|
|
213
243
|
uid: EntityUidJson;
|
|
@@ -216,28 +246,28 @@ export interface EntityJson {
|
|
|
216
246
|
tags?: Record<string, CedarValueJson>;
|
|
217
247
|
}
|
|
218
248
|
|
|
219
|
-
export type
|
|
249
|
+
export type AnyId = SmolStr;
|
|
220
250
|
|
|
221
|
-
export type
|
|
251
|
+
export type UnreservedId = string;
|
|
222
252
|
|
|
223
|
-
export type
|
|
253
|
+
export type Effect = "permit" | "forbid";
|
|
224
254
|
|
|
225
|
-
export type
|
|
255
|
+
export type PrincipalConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & PrincipalOrResourceInConstraint) | ({ op: "is" } & PrincipalOrResourceIsConstraint);
|
|
226
256
|
|
|
227
|
-
export type
|
|
257
|
+
export type ResourceConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & PrincipalOrResourceInConstraint) | ({ op: "is" } & PrincipalOrResourceIsConstraint);
|
|
228
258
|
|
|
229
|
-
export interface
|
|
230
|
-
|
|
231
|
-
|
|
259
|
+
export interface PrincipalOrResourceIsConstraint {
|
|
260
|
+
entity_type: string;
|
|
261
|
+
in?: PrincipalOrResourceInConstraint;
|
|
232
262
|
}
|
|
233
263
|
|
|
234
|
-
export
|
|
235
|
-
memberOfTypes?: N[];
|
|
236
|
-
shape?: AttributesOrContext<N>;
|
|
237
|
-
tags?: Type<N>;
|
|
238
|
-
}
|
|
264
|
+
export type EqConstraint = { entity: EntityUidJson } | { slot: string };
|
|
239
265
|
|
|
240
|
-
export type
|
|
266
|
+
export type ActionConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & ActionInConstraint);
|
|
267
|
+
|
|
268
|
+
export type ActionInConstraint = { entity: EntityUidJson } | { entities: EntityUidJson[] };
|
|
269
|
+
|
|
270
|
+
export type PrincipalOrResourceInConstraint = { entity: EntityUidJson } | { slot: string };
|
|
241
271
|
|
|
242
272
|
export interface ActionType<N> {
|
|
243
273
|
attributes?: Record<SmolStr, CedarValueJson>;
|
|
@@ -246,7 +276,24 @@ export interface ActionType<N> {
|
|
|
246
276
|
annotations?: Annotations;
|
|
247
277
|
}
|
|
248
278
|
|
|
249
|
-
export
|
|
279
|
+
export interface StandardEntityType<N> {
|
|
280
|
+
memberOfTypes?: N[];
|
|
281
|
+
shape?: AttributesOrContext<N>;
|
|
282
|
+
tags?: Type<N>;
|
|
283
|
+
}
|
|
284
|
+
|
|
285
|
+
export type AttributesOrContext<N> = Type<N>;
|
|
286
|
+
|
|
287
|
+
export interface RecordType<N> {
|
|
288
|
+
attributes: Record<SmolStr, TypeOfAttribute<N>>;
|
|
289
|
+
additionalAttributes?: boolean;
|
|
290
|
+
}
|
|
291
|
+
|
|
292
|
+
export type SchemaJson<N> = Record<string, NamespaceDefinition<N>>;
|
|
293
|
+
|
|
294
|
+
export type EntityTypeKind<N> = StandardEntityType<N> | { enum: NonEmpty<SmolStr> };
|
|
295
|
+
|
|
296
|
+
export type CommonTypeId = string;
|
|
250
297
|
|
|
251
298
|
export interface NamespaceDefinition<N> {
|
|
252
299
|
commonTypes?: Record<CommonTypeId, CommonType<N>>;
|
|
@@ -255,71 +302,58 @@ export interface NamespaceDefinition<N> {
|
|
|
255
302
|
annotations?: Annotations;
|
|
256
303
|
}
|
|
257
304
|
|
|
305
|
+
export interface ActionEntityUID<N> {
|
|
306
|
+
id: SmolStr;
|
|
307
|
+
type?: N;
|
|
308
|
+
}
|
|
309
|
+
|
|
310
|
+
export type Type<N> = ({} & TypeVariant<N>) | { type: N };
|
|
311
|
+
|
|
258
312
|
export interface ApplySpec<N> {
|
|
259
313
|
resourceTypes: N[];
|
|
260
314
|
principalTypes: N[];
|
|
261
315
|
context?: AttributesOrContext<N>;
|
|
262
316
|
}
|
|
263
317
|
|
|
264
|
-
export type
|
|
265
|
-
|
|
266
|
-
export type AttributesOrContext<N> = Type<N>;
|
|
318
|
+
export type TypeVariant<N> = { type: "String" } | { type: "Long" } | { type: "Boolean" } | { type: "Set"; element: Type<N> } | ({ type: "Record" } & RecordType<N>) | { type: "Entity"; name: N } | { type: "EntityOrCommon"; name: N } | { type: "Extension"; name: UnreservedId };
|
|
267
319
|
|
|
268
|
-
export type
|
|
320
|
+
export type Decision = "allow" | "deny";
|
|
269
321
|
|
|
270
|
-
export interface
|
|
271
|
-
|
|
272
|
-
|
|
322
|
+
export interface PolicyJson {
|
|
323
|
+
effect: Effect;
|
|
324
|
+
principal: PrincipalConstraint;
|
|
325
|
+
action: ActionConstraint;
|
|
326
|
+
resource: ResourceConstraint;
|
|
327
|
+
conditions: Clause[];
|
|
328
|
+
annotations?: Annotations;
|
|
273
329
|
}
|
|
274
330
|
|
|
275
|
-
export type
|
|
331
|
+
export type Clause = { kind: "when"; body: Expr } | { kind: "unless"; body: Expr };
|
|
276
332
|
|
|
277
|
-
export
|
|
278
|
-
type: string;
|
|
279
|
-
id: string;
|
|
280
|
-
}
|
|
333
|
+
export type Expr = ExprNoExt | ExtFuncCall;
|
|
281
334
|
|
|
282
|
-
export type
|
|
335
|
+
export type PatternElem = "Wildcard" | { Literal: SmolStr };
|
|
283
336
|
|
|
284
|
-
export type
|
|
337
|
+
export type ExtFuncCall = {} & Record<string, Array<Expr>>;
|
|
285
338
|
|
|
286
|
-
export type
|
|
339
|
+
export type ExprNoExt = { Value: CedarValueJson } | { Var: Var } | { Slot: string } | { "!": { arg: Expr } } | { neg: { arg: Expr } } | { "==": { left: Expr; right: Expr } } | { "!=": { left: Expr; right: Expr } } | { in: { left: Expr; right: Expr } } | { "<": { left: Expr; right: Expr } } | { "<=": { left: Expr; right: Expr } } | { ">": { left: Expr; right: Expr } } | { ">=": { left: Expr; right: Expr } } | { "&&": { left: Expr; right: Expr } } | { "||": { left: Expr; right: Expr } } | { "+": { left: Expr; right: Expr } } | { "-": { left: Expr; right: Expr } } | { "*": { left: Expr; right: Expr } } | { contains: { left: Expr; right: Expr } } | { containsAll: { left: Expr; right: Expr } } | { containsAny: { left: Expr; right: Expr } } | { isEmpty: { arg: Expr } } | { getTag: { left: Expr; right: Expr } } | { hasTag: { left: Expr; right: Expr } } | { ".": { left: Expr; attr: SmolStr } } | { has: { left: Expr; attr: SmolStr } } | { like: { left: Expr; pattern: PatternElem[] } } | { is: { left: Expr; entity_type: SmolStr; in?: Expr } } | { "if-then-else": { if: Expr; then: Expr; else: Expr } } | { Set: Expr[] } | { Record: Record<string, Expr> };
|
|
287
340
|
|
|
288
|
-
export type
|
|
341
|
+
export type Annotation = SmolStr;
|
|
289
342
|
|
|
290
|
-
export type
|
|
343
|
+
export type Annotations = Record<string, Annotation>;
|
|
291
344
|
|
|
292
|
-
export type
|
|
345
|
+
export type Var = "principal" | "action" | "resource" | "context";
|
|
293
346
|
|
|
294
|
-
export interface
|
|
295
|
-
|
|
296
|
-
|
|
347
|
+
export interface TypeAndId {
|
|
348
|
+
type: string;
|
|
349
|
+
id: string;
|
|
297
350
|
}
|
|
298
351
|
|
|
299
|
-
export type
|
|
300
|
-
|
|
301
|
-
export type ActionInConstraint = { entity: EntityUidJson } | { entities: EntityUidJson[] };
|
|
302
|
-
|
|
303
|
-
export type PrincipalConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & PrincipalOrResourceInConstraint) | ({ op: "is" } & PrincipalOrResourceIsConstraint);
|
|
304
|
-
|
|
305
|
-
export type PrincipalOrResourceInConstraint = { entity: EntityUidJson } | { slot: string };
|
|
306
|
-
|
|
307
|
-
export type EqConstraint = { entity: EntityUidJson } | { slot: string };
|
|
308
|
-
|
|
309
|
-
export type ResourceConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & PrincipalOrResourceInConstraint) | ({ op: "is" } & PrincipalOrResourceIsConstraint);
|
|
310
|
-
|
|
311
|
-
export type Clause = { kind: "when"; body: Expr } | { kind: "unless"; body: Expr };
|
|
352
|
+
export type CedarValueJson = { __entity: TypeAndId } | { __extn: FnAndArgs } | boolean | number | string | CedarValueJson[] | { [key: string]: CedarValueJson } | null;
|
|
312
353
|
|
|
313
|
-
export
|
|
314
|
-
effect: Effect;
|
|
315
|
-
principal: PrincipalConstraint;
|
|
316
|
-
action: ActionConstraint;
|
|
317
|
-
resource: ResourceConstraint;
|
|
318
|
-
conditions: Clause[];
|
|
319
|
-
annotations?: Annotations;
|
|
320
|
-
}
|
|
354
|
+
export type FnAndArgs = { fn: string; arg: CedarValueJson } | { fn: string; args: CedarValueJson[] };
|
|
321
355
|
|
|
322
|
-
export type
|
|
356
|
+
export type EntityUidJson = { __entity: TypeAndId } | TypeAndId;
|
|
323
357
|
|
|
324
358
|
type SmolStr = string;
|
|
325
359
|
export type TypeOfAttribute<N> = Type<N> & { required?: boolean };
|