@cedar-policy/cedar-wasm 4.6.1 → 4.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/esm/cedar_wasm.d.ts +111 -111
- package/esm/cedar_wasm_bg.js +65 -65
- package/esm/cedar_wasm_bg.wasm +0 -0
- package/esm/package.json +1 -1
- package/nodejs/cedar_wasm.d.ts +111 -111
- package/nodejs/cedar_wasm.js +65 -65
- package/nodejs/cedar_wasm_bg.wasm +0 -0
- package/nodejs/package.json +1 -1
- package/package.json +1 -1
- package/web/cedar_wasm.d.ts +111 -111
- package/web/cedar_wasm.js +65 -65
- package/web/cedar_wasm_bg.wasm +0 -0
- package/web/package.json +1 -1
package/esm/cedar_wasm.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
/* tslint:disable */
|
|
2
2
|
/* eslint-disable */
|
|
3
|
-
export function getCedarVersion(): string;
|
|
4
3
|
export function getCedarSDKVersion(): string;
|
|
4
|
+
export function getCedarVersion(): string;
|
|
5
5
|
/**
|
|
6
6
|
* Get valid request environment
|
|
7
7
|
*/
|
|
@@ -11,24 +11,24 @@ export function getValidRequestEnvsPolicy(t: Policy, s: Schema): GetValidRequest
|
|
|
11
11
|
*/
|
|
12
12
|
export function getValidRequestEnvsTemplate(t: Template, s: Schema): GetValidRequestEnvsResult;
|
|
13
13
|
/**
|
|
14
|
-
*
|
|
15
|
-
*
|
|
16
|
-
* # Errors
|
|
14
|
+
* Stateful authorization using preparsed schemas and policy sets.
|
|
17
15
|
*
|
|
18
|
-
*
|
|
16
|
+
* This function works like [`is_authorized`] but retrieves schemas and policy sets
|
|
17
|
+
* from thread-local cache instead of parsing them on each call.
|
|
19
18
|
*/
|
|
20
|
-
export function
|
|
19
|
+
export function statefulIsAuthorized(call: StatefulAuthorizationCall): AuthorizationAnswer;
|
|
21
20
|
/**
|
|
22
21
|
* Basic interface, using [`AuthorizationCall`] and [`AuthorizationAnswer`] types
|
|
23
22
|
*/
|
|
24
23
|
export function isAuthorized(call: AuthorizationCall): AuthorizationAnswer;
|
|
25
24
|
/**
|
|
26
|
-
*
|
|
25
|
+
* Preparse and cache a policy set in thread-local storage
|
|
27
26
|
*
|
|
28
|
-
*
|
|
29
|
-
*
|
|
27
|
+
* # Errors
|
|
28
|
+
*
|
|
29
|
+
* Will return `Err` if the input cannot be parsed. Side-effect free on error.
|
|
30
30
|
*/
|
|
31
|
-
export function
|
|
31
|
+
export function preparsePolicySet(pset_id: string, policies: PolicySet): CheckParseAnswer;
|
|
32
32
|
/**
|
|
33
33
|
* Preparse and cache a schema in thread-local storage
|
|
34
34
|
*
|
|
@@ -37,14 +37,6 @@ export function statefulIsAuthorized(call: StatefulAuthorizationCall): Authoriza
|
|
|
37
37
|
* Will return `Err` if the input cannot be parsed. Side-effect free on error.
|
|
38
38
|
*/
|
|
39
39
|
export function preparseSchema(schema_name: string, schema: Schema): CheckParseAnswer;
|
|
40
|
-
/**
|
|
41
|
-
* Check whether a set of entities successfully parses.
|
|
42
|
-
*/
|
|
43
|
-
export function checkParseEntities(call: EntitiesParsingCall): CheckParseAnswer;
|
|
44
|
-
/**
|
|
45
|
-
* Check whether a schema successfully parses.
|
|
46
|
-
*/
|
|
47
|
-
export function checkParseSchema(schema: Schema): CheckParseAnswer;
|
|
48
40
|
/**
|
|
49
41
|
* Check whether a policy set successfully parses.
|
|
50
42
|
*/
|
|
@@ -54,34 +46,42 @@ export function checkParsePolicySet(policies: PolicySet): CheckParseAnswer;
|
|
|
54
46
|
*/
|
|
55
47
|
export function checkParseContext(call: ContextParsingCall): CheckParseAnswer;
|
|
56
48
|
/**
|
|
57
|
-
*
|
|
49
|
+
* Check whether a schema successfully parses.
|
|
58
50
|
*/
|
|
59
|
-
export function
|
|
51
|
+
export function checkParseSchema(schema: Schema): CheckParseAnswer;
|
|
60
52
|
/**
|
|
61
|
-
*
|
|
53
|
+
* Check whether a set of entities successfully parses.
|
|
62
54
|
*/
|
|
63
|
-
export function
|
|
55
|
+
export function checkParseEntities(call: EntitiesParsingCall): CheckParseAnswer;
|
|
56
|
+
/**
|
|
57
|
+
* Takes a `PolicySet` represented as string and return the policies
|
|
58
|
+
* and templates split into vecs and sorted by id.
|
|
59
|
+
*/
|
|
60
|
+
export function policySetTextToParts(policyset_str: string): PolicySetTextToPartsAnswer;
|
|
64
61
|
/**
|
|
65
62
|
* Return the JSON representation of a template.
|
|
66
63
|
*/
|
|
67
64
|
export function templateToJson(template: Template): PolicyToJsonAnswer;
|
|
68
65
|
/**
|
|
69
|
-
*
|
|
70
|
-
* and templates split into vecs and sorted by id.
|
|
66
|
+
* Return the Cedar (textual) representation of a policy.
|
|
71
67
|
*/
|
|
72
|
-
export function
|
|
68
|
+
export function policyToText(policy: Policy): PolicyToTextAnswer;
|
|
73
69
|
/**
|
|
74
70
|
* Return the JSON representation of a schema.
|
|
75
71
|
*/
|
|
76
72
|
export function schemaToJson(schema: Schema): SchemaToJsonAnswer;
|
|
73
|
+
/**
|
|
74
|
+
* Return the Cedar (textual) representation of a template.
|
|
75
|
+
*/
|
|
76
|
+
export function templateToText(template: Template): PolicyToTextAnswer;
|
|
77
77
|
/**
|
|
78
78
|
* Return the JSON representation of a policy.
|
|
79
79
|
*/
|
|
80
80
|
export function policyToJson(policy: Policy): PolicyToJsonAnswer;
|
|
81
81
|
/**
|
|
82
|
-
* Return the Cedar (textual) representation of a
|
|
82
|
+
* Return the Cedar (textual) representation of a schema.
|
|
83
83
|
*/
|
|
84
|
-
export function
|
|
84
|
+
export function schemaToText(schema: Schema): SchemaToTextAnswer;
|
|
85
85
|
/**
|
|
86
86
|
* Get language version of Cedar
|
|
87
87
|
*/
|
|
@@ -99,22 +99,17 @@ export function formatPolicies(call: FormattingCall): FormattingAnswer;
|
|
|
99
99
|
export function validate(call: ValidationCall): ValidationAnswer;
|
|
100
100
|
export type GetValidRequestEnvsResult = { type: "success"; principals: string[]; actions: string[]; resources: string[] } | { type: "failure"; error: string };
|
|
101
101
|
|
|
102
|
+
export type PolicyId = string;
|
|
103
|
+
|
|
102
104
|
export type SlotId = string;
|
|
103
105
|
|
|
104
|
-
export type
|
|
106
|
+
export type AuthorizationAnswer = { type: "failure"; errors: DetailedError[]; warnings: DetailedError[] } | { type: "success"; response: Response; warnings: DetailedError[] };
|
|
105
107
|
|
|
106
108
|
export interface Response {
|
|
107
109
|
decision: Decision;
|
|
108
110
|
diagnostics: Diagnostics;
|
|
109
111
|
}
|
|
110
112
|
|
|
111
|
-
export interface AuthorizationError {
|
|
112
|
-
policyId: string;
|
|
113
|
-
error: DetailedError;
|
|
114
|
-
}
|
|
115
|
-
|
|
116
|
-
export type AuthorizationAnswer = { type: "failure"; errors: DetailedError[]; warnings: DetailedError[] } | { type: "success"; response: Response; warnings: DetailedError[] };
|
|
117
|
-
|
|
118
113
|
export interface StatefulAuthorizationCall {
|
|
119
114
|
principal: EntityUid;
|
|
120
115
|
action: EntityUid;
|
|
@@ -126,6 +121,16 @@ export interface StatefulAuthorizationCall {
|
|
|
126
121
|
entities: Entities;
|
|
127
122
|
}
|
|
128
123
|
|
|
124
|
+
export interface Diagnostics {
|
|
125
|
+
reason: PolicyId[];
|
|
126
|
+
errors: AuthorizationError[];
|
|
127
|
+
}
|
|
128
|
+
|
|
129
|
+
export interface AuthorizationError {
|
|
130
|
+
policyId: string;
|
|
131
|
+
error: DetailedError;
|
|
132
|
+
}
|
|
133
|
+
|
|
129
134
|
export interface AuthorizationCall {
|
|
130
135
|
principal: EntityUid;
|
|
131
136
|
action: EntityUid;
|
|
@@ -137,25 +142,35 @@ export interface AuthorizationCall {
|
|
|
137
142
|
entities: Entities;
|
|
138
143
|
}
|
|
139
144
|
|
|
140
|
-
export
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
145
|
+
export type Entities = Array<EntityJson>;
|
|
146
|
+
|
|
147
|
+
export type Schema = string | SchemaJson<string>;
|
|
148
|
+
|
|
149
|
+
export type EntityUid = EntityUidJson;
|
|
144
150
|
|
|
145
151
|
export type Severity = "advice" | "warning" | "error";
|
|
146
152
|
|
|
153
|
+
export interface PolicySet {
|
|
154
|
+
staticPolicies?: StaticPolicySet;
|
|
155
|
+
templates?: Record<PolicyId, Template>;
|
|
156
|
+
templateLinks?: TemplateLink[];
|
|
157
|
+
}
|
|
158
|
+
|
|
159
|
+
export interface SourceLabel extends SourceLocation {
|
|
160
|
+
label: string | null;
|
|
161
|
+
}
|
|
162
|
+
|
|
147
163
|
export interface TemplateLink {
|
|
148
164
|
templateId: PolicyId;
|
|
149
165
|
newId: PolicyId;
|
|
150
166
|
values: Record<SlotId, EntityUid>;
|
|
151
167
|
}
|
|
152
168
|
|
|
153
|
-
export type
|
|
169
|
+
export type Policy = string | PolicyJson;
|
|
154
170
|
|
|
155
|
-
export
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
}
|
|
171
|
+
export type StaticPolicySet = string | Policy[] | Record<PolicyId, Policy>;
|
|
172
|
+
|
|
173
|
+
export type Context = Record<string, CedarValueJson>;
|
|
159
174
|
|
|
160
175
|
export interface DetailedError {
|
|
161
176
|
message: string;
|
|
@@ -167,29 +182,14 @@ export interface DetailedError {
|
|
|
167
182
|
related?: DetailedError[];
|
|
168
183
|
}
|
|
169
184
|
|
|
170
|
-
export
|
|
171
|
-
staticPolicies?: StaticPolicySet;
|
|
172
|
-
templates?: Record<PolicyId, Template>;
|
|
173
|
-
templateLinks?: TemplateLink[];
|
|
174
|
-
}
|
|
175
|
-
|
|
176
|
-
export type EntityUid = EntityUidJson;
|
|
177
|
-
|
|
178
|
-
export type Policy = string | PolicyJson;
|
|
179
|
-
|
|
180
|
-
export type StaticPolicySet = string | Policy[] | Record<PolicyId, Policy>;
|
|
181
|
-
|
|
182
|
-
export type Context = Record<string, CedarValueJson>;
|
|
183
|
-
|
|
184
|
-
export type Entities = Array<EntityJson>;
|
|
185
|
+
export type Template = string | PolicyJson;
|
|
185
186
|
|
|
186
|
-
export interface
|
|
187
|
-
|
|
187
|
+
export interface SourceLocation {
|
|
188
|
+
start: number;
|
|
189
|
+
end: number;
|
|
188
190
|
}
|
|
189
191
|
|
|
190
|
-
export type
|
|
191
|
-
|
|
192
|
-
export type ValidationMode = "strict";
|
|
192
|
+
export type CheckParseAnswer = { type: "success" } | { type: "failure"; errors: DetailedError[] };
|
|
193
193
|
|
|
194
194
|
export interface EntitiesParsingCall {
|
|
195
195
|
entities: Entities;
|
|
@@ -202,19 +202,17 @@ export interface ContextParsingCall {
|
|
|
202
202
|
action?: EntityUid | null;
|
|
203
203
|
}
|
|
204
204
|
|
|
205
|
-
export type CheckParseAnswer = { type: "success" } | { type: "failure"; errors: DetailedError[] };
|
|
206
|
-
|
|
207
|
-
export type PolicyToJsonAnswer = { type: "success"; json: PolicyJson } | { type: "failure"; errors: DetailedError[] };
|
|
208
|
-
|
|
209
|
-
export type PolicyToTextAnswer = { type: "success"; text: string } | { type: "failure"; errors: DetailedError[] };
|
|
210
|
-
|
|
211
205
|
export type PolicySetTextToPartsAnswer = { type: "success"; policies: string[]; policy_templates: string[] } | { type: "failure"; errors: DetailedError[] };
|
|
212
206
|
|
|
213
207
|
export type SchemaToJsonAnswer = { type: "success"; json: SchemaJson<string>; warnings: DetailedError[] } | { type: "failure"; errors: DetailedError[] };
|
|
214
208
|
|
|
209
|
+
export type PolicyToJsonAnswer = { type: "success"; json: PolicyJson } | { type: "failure"; errors: DetailedError[] };
|
|
210
|
+
|
|
215
211
|
export type SchemaToTextAnswer = { type: "success"; text: string; warnings: DetailedError[] } | { type: "failure"; errors: DetailedError[] };
|
|
216
212
|
|
|
217
|
-
export type
|
|
213
|
+
export type PolicyToTextAnswer = { type: "success"; text: string } | { type: "failure"; errors: DetailedError[] };
|
|
214
|
+
|
|
215
|
+
export type ValidationMode = "strict";
|
|
218
216
|
|
|
219
217
|
export interface FormattingCall {
|
|
220
218
|
policyText: string;
|
|
@@ -222,9 +220,7 @@ export interface FormattingCall {
|
|
|
222
220
|
indentWidth?: number;
|
|
223
221
|
}
|
|
224
222
|
|
|
225
|
-
export
|
|
226
|
-
mode: ValidationMode;
|
|
227
|
-
}
|
|
223
|
+
export type FormattingAnswer = { type: "failure"; errors: DetailedError[] } | { type: "success"; formatted_policy: string };
|
|
228
224
|
|
|
229
225
|
export interface ValidationError {
|
|
230
226
|
policyId: string;
|
|
@@ -239,6 +235,10 @@ export interface ValidationCall {
|
|
|
239
235
|
|
|
240
236
|
export type ValidationAnswer = { type: "failure"; errors: DetailedError[]; warnings: DetailedError[] } | { type: "success"; validationErrors: ValidationError[]; validationWarnings: ValidationError[]; otherWarnings: DetailedError[] };
|
|
241
237
|
|
|
238
|
+
export interface ValidationSettings {
|
|
239
|
+
mode: ValidationMode;
|
|
240
|
+
}
|
|
241
|
+
|
|
242
242
|
export interface EntityJson {
|
|
243
243
|
uid: EntityUidJson;
|
|
244
244
|
attrs: Record<string, CedarValueJson>;
|
|
@@ -252,35 +252,22 @@ export type UnreservedId = string;
|
|
|
252
252
|
|
|
253
253
|
export type Effect = "permit" | "forbid";
|
|
254
254
|
|
|
255
|
-
export type EqConstraint = { entity: EntityUidJson } | { slot: string };
|
|
256
|
-
|
|
257
|
-
export type ResourceConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & PrincipalOrResourceInConstraint) | ({ op: "is" } & PrincipalOrResourceIsConstraint);
|
|
258
|
-
|
|
259
255
|
export type PrincipalConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & PrincipalOrResourceInConstraint) | ({ op: "is" } & PrincipalOrResourceIsConstraint);
|
|
260
256
|
|
|
261
|
-
export type
|
|
257
|
+
export type ResourceConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & PrincipalOrResourceInConstraint) | ({ op: "is" } & PrincipalOrResourceIsConstraint);
|
|
262
258
|
|
|
263
259
|
export interface PrincipalOrResourceIsConstraint {
|
|
264
260
|
entity_type: string;
|
|
265
261
|
in?: PrincipalOrResourceInConstraint;
|
|
266
262
|
}
|
|
267
263
|
|
|
268
|
-
export type
|
|
269
|
-
|
|
270
|
-
export type PrincipalOrResourceInConstraint = { entity: EntityUidJson } | { slot: string };
|
|
271
|
-
|
|
272
|
-
export type AttributesOrContext<N> = Type<N>;
|
|
273
|
-
|
|
274
|
-
export type TypeVariant<N> = { type: "String" } | { type: "Long" } | { type: "Boolean" } | { type: "Set"; element: Type<N> } | ({ type: "Record" } & RecordType<N>) | { type: "Entity"; name: N } | { type: "EntityOrCommon"; name: N } | { type: "Extension"; name: UnreservedId };
|
|
264
|
+
export type EqConstraint = { entity: EntityUidJson } | { slot: string };
|
|
275
265
|
|
|
276
|
-
export type
|
|
266
|
+
export type ActionConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & ActionInConstraint);
|
|
277
267
|
|
|
278
|
-
export type
|
|
268
|
+
export type ActionInConstraint = { entity: EntityUidJson } | { entities: EntityUidJson[] };
|
|
279
269
|
|
|
280
|
-
export
|
|
281
|
-
id: SmolStr;
|
|
282
|
-
type?: N;
|
|
283
|
-
}
|
|
270
|
+
export type PrincipalOrResourceInConstraint = { entity: EntityUidJson } | { slot: string };
|
|
284
271
|
|
|
285
272
|
export interface ActionType<N> {
|
|
286
273
|
attributes?: Record<SmolStr, CedarValueJson>;
|
|
@@ -289,14 +276,25 @@ export interface ActionType<N> {
|
|
|
289
276
|
annotations?: Annotations;
|
|
290
277
|
}
|
|
291
278
|
|
|
292
|
-
export interface
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
|
|
279
|
+
export interface StandardEntityType<N> {
|
|
280
|
+
memberOfTypes?: N[];
|
|
281
|
+
shape?: AttributesOrContext<N>;
|
|
282
|
+
tags?: Type<N>;
|
|
283
|
+
}
|
|
284
|
+
|
|
285
|
+
export type AttributesOrContext<N> = Type<N>;
|
|
286
|
+
|
|
287
|
+
export interface RecordType<N> {
|
|
288
|
+
attributes: Record<SmolStr, TypeOfAttribute<N>>;
|
|
289
|
+
additionalAttributes?: boolean;
|
|
296
290
|
}
|
|
297
291
|
|
|
298
292
|
export type SchemaJson<N> = Record<string, NamespaceDefinition<N>>;
|
|
299
293
|
|
|
294
|
+
export type EntityTypeKind<N> = StandardEntityType<N> | { enum: NonEmpty<SmolStr> };
|
|
295
|
+
|
|
296
|
+
export type CommonTypeId = string;
|
|
297
|
+
|
|
300
298
|
export interface NamespaceDefinition<N> {
|
|
301
299
|
commonTypes?: Record<CommonTypeId, CommonType<N>>;
|
|
302
300
|
entityTypes: Record<UnreservedId, EntityType<N>>;
|
|
@@ -304,23 +302,23 @@ export interface NamespaceDefinition<N> {
|
|
|
304
302
|
annotations?: Annotations;
|
|
305
303
|
}
|
|
306
304
|
|
|
307
|
-
export interface
|
|
308
|
-
|
|
309
|
-
|
|
305
|
+
export interface ActionEntityUID<N> {
|
|
306
|
+
id: SmolStr;
|
|
307
|
+
type?: N;
|
|
310
308
|
}
|
|
311
309
|
|
|
312
|
-
export
|
|
313
|
-
|
|
314
|
-
|
|
315
|
-
|
|
310
|
+
export type Type<N> = ({} & TypeVariant<N>) | { type: N };
|
|
311
|
+
|
|
312
|
+
export interface ApplySpec<N> {
|
|
313
|
+
resourceTypes: N[];
|
|
314
|
+
principalTypes: N[];
|
|
315
|
+
context?: AttributesOrContext<N>;
|
|
316
316
|
}
|
|
317
317
|
|
|
318
|
-
export type
|
|
318
|
+
export type TypeVariant<N> = { type: "String" } | { type: "Long" } | { type: "Boolean" } | { type: "Set"; element: Type<N> } | ({ type: "Record" } & RecordType<N>) | { type: "Entity"; name: N } | { type: "EntityOrCommon"; name: N } | { type: "Extension"; name: UnreservedId };
|
|
319
319
|
|
|
320
320
|
export type Decision = "allow" | "deny";
|
|
321
321
|
|
|
322
|
-
export type Clause = { kind: "when"; body: Expr } | { kind: "unless"; body: Expr };
|
|
323
|
-
|
|
324
322
|
export interface PolicyJson {
|
|
325
323
|
effect: Effect;
|
|
326
324
|
principal: PrincipalConstraint;
|
|
@@ -330,14 +328,16 @@ export interface PolicyJson {
|
|
|
330
328
|
annotations?: Annotations;
|
|
331
329
|
}
|
|
332
330
|
|
|
333
|
-
export type
|
|
331
|
+
export type Clause = { kind: "when"; body: Expr } | { kind: "unless"; body: Expr };
|
|
334
332
|
|
|
335
333
|
export type Expr = ExprNoExt | ExtFuncCall;
|
|
336
334
|
|
|
337
|
-
export type ExprNoExt = { Value: CedarValueJson } | { Var: Var } | { Slot: string } | { "!": { arg: Expr } } | { neg: { arg: Expr } } | { "==": { left: Expr; right: Expr } } | { "!=": { left: Expr; right: Expr } } | { in: { left: Expr; right: Expr } } | { "<": { left: Expr; right: Expr } } | { "<=": { left: Expr; right: Expr } } | { ">": { left: Expr; right: Expr } } | { ">=": { left: Expr; right: Expr } } | { "&&": { left: Expr; right: Expr } } | { "||": { left: Expr; right: Expr } } | { "+": { left: Expr; right: Expr } } | { "-": { left: Expr; right: Expr } } | { "*": { left: Expr; right: Expr } } | { contains: { left: Expr; right: Expr } } | { containsAll: { left: Expr; right: Expr } } | { containsAny: { left: Expr; right: Expr } } | { isEmpty: { arg: Expr } } | { getTag: { left: Expr; right: Expr } } | { hasTag: { left: Expr; right: Expr } } | { ".": { left: Expr; attr: SmolStr } } | { has: { left: Expr; attr: SmolStr } } | { like: { left: Expr; pattern: PatternElem[] } } | { is: { left: Expr; entity_type: SmolStr; in?: Expr } } | { "if-then-else": { if: Expr; then: Expr; else: Expr } } | { Set: Expr[] } | { Record: Record<string, Expr> };
|
|
338
|
-
|
|
339
335
|
export type PatternElem = "Wildcard" | { Literal: SmolStr };
|
|
340
336
|
|
|
337
|
+
export type ExtFuncCall = {} & Record<string, Array<Expr>>;
|
|
338
|
+
|
|
339
|
+
export type ExprNoExt = { Value: CedarValueJson } | { Var: Var } | { Slot: string } | { "!": { arg: Expr } } | { neg: { arg: Expr } } | { "==": { left: Expr; right: Expr } } | { "!=": { left: Expr; right: Expr } } | { in: { left: Expr; right: Expr } } | { "<": { left: Expr; right: Expr } } | { "<=": { left: Expr; right: Expr } } | { ">": { left: Expr; right: Expr } } | { ">=": { left: Expr; right: Expr } } | { "&&": { left: Expr; right: Expr } } | { "||": { left: Expr; right: Expr } } | { "+": { left: Expr; right: Expr } } | { "-": { left: Expr; right: Expr } } | { "*": { left: Expr; right: Expr } } | { contains: { left: Expr; right: Expr } } | { containsAll: { left: Expr; right: Expr } } | { containsAny: { left: Expr; right: Expr } } | { isEmpty: { arg: Expr } } | { getTag: { left: Expr; right: Expr } } | { hasTag: { left: Expr; right: Expr } } | { ".": { left: Expr; attr: SmolStr } } | { has: { left: Expr; attr: SmolStr } } | { like: { left: Expr; pattern: PatternElem[] } } | { is: { left: Expr; entity_type: SmolStr; in?: Expr } } | { "if-then-else": { if: Expr; then: Expr; else: Expr } } | { Set: Expr[] } | { Record: Record<string, Expr> };
|
|
340
|
+
|
|
341
341
|
export type Annotation = SmolStr;
|
|
342
342
|
|
|
343
343
|
export type Annotations = Record<string, Annotation>;
|
|
@@ -349,12 +349,12 @@ export interface TypeAndId {
|
|
|
349
349
|
id: string;
|
|
350
350
|
}
|
|
351
351
|
|
|
352
|
+
export type CedarValueJson = { __entity: TypeAndId } | { __extn: FnAndArgs } | boolean | number | string | CedarValueJson[] | { [key: string]: CedarValueJson } | null;
|
|
353
|
+
|
|
352
354
|
export type FnAndArgs = { fn: string; arg: CedarValueJson } | { fn: string; args: CedarValueJson[] };
|
|
353
355
|
|
|
354
356
|
export type EntityUidJson = { __entity: TypeAndId } | TypeAndId;
|
|
355
357
|
|
|
356
|
-
export type CedarValueJson = { __entity: TypeAndId } | { __extn: FnAndArgs } | boolean | number | string | CedarValueJson[] | { [key: string]: CedarValueJson } | null;
|
|
357
|
-
|
|
358
358
|
type SmolStr = string;
|
|
359
359
|
export type TypeOfAttribute<N> = Type<N> & { required?: boolean };
|
|
360
360
|
export type CommonType<N> = Type<N> & { annotations?: Annotations };
|
package/esm/cedar_wasm_bg.js
CHANGED
|
@@ -118,11 +118,11 @@ function getDataViewMemory0() {
|
|
|
118
118
|
/**
|
|
119
119
|
* @returns {string}
|
|
120
120
|
*/
|
|
121
|
-
export function
|
|
121
|
+
export function getCedarSDKVersion() {
|
|
122
122
|
let deferred1_0;
|
|
123
123
|
let deferred1_1;
|
|
124
124
|
try {
|
|
125
|
-
const ret = wasm.
|
|
125
|
+
const ret = wasm.getCedarSDKVersion();
|
|
126
126
|
deferred1_0 = ret[0];
|
|
127
127
|
deferred1_1 = ret[1];
|
|
128
128
|
return getStringFromWasm0(ret[0], ret[1]);
|
|
@@ -134,11 +134,11 @@ export function getCedarVersion() {
|
|
|
134
134
|
/**
|
|
135
135
|
* @returns {string}
|
|
136
136
|
*/
|
|
137
|
-
export function
|
|
137
|
+
export function getCedarVersion() {
|
|
138
138
|
let deferred1_0;
|
|
139
139
|
let deferred1_1;
|
|
140
140
|
try {
|
|
141
|
-
const ret = wasm.
|
|
141
|
+
const ret = wasm.getCedarVersion();
|
|
142
142
|
deferred1_0 = ret[0];
|
|
143
143
|
deferred1_1 = ret[1];
|
|
144
144
|
return getStringFromWasm0(ret[0], ret[1]);
|
|
@@ -170,19 +170,15 @@ export function getValidRequestEnvsTemplate(t, s) {
|
|
|
170
170
|
}
|
|
171
171
|
|
|
172
172
|
/**
|
|
173
|
-
*
|
|
174
|
-
*
|
|
175
|
-
* # Errors
|
|
173
|
+
* Stateful authorization using preparsed schemas and policy sets.
|
|
176
174
|
*
|
|
177
|
-
*
|
|
178
|
-
*
|
|
179
|
-
* @param {
|
|
180
|
-
* @returns {
|
|
175
|
+
* This function works like [`is_authorized`] but retrieves schemas and policy sets
|
|
176
|
+
* from thread-local cache instead of parsing them on each call.
|
|
177
|
+
* @param {StatefulAuthorizationCall} call
|
|
178
|
+
* @returns {AuthorizationAnswer}
|
|
181
179
|
*/
|
|
182
|
-
export function
|
|
183
|
-
const
|
|
184
|
-
const len0 = WASM_VECTOR_LEN;
|
|
185
|
-
const ret = wasm.preparsePolicySet(ptr0, len0, policies);
|
|
180
|
+
export function statefulIsAuthorized(call) {
|
|
181
|
+
const ret = wasm.statefulIsAuthorized(call);
|
|
186
182
|
return ret;
|
|
187
183
|
}
|
|
188
184
|
|
|
@@ -197,15 +193,19 @@ export function isAuthorized(call) {
|
|
|
197
193
|
}
|
|
198
194
|
|
|
199
195
|
/**
|
|
200
|
-
*
|
|
196
|
+
* Preparse and cache a policy set in thread-local storage
|
|
201
197
|
*
|
|
202
|
-
*
|
|
203
|
-
*
|
|
204
|
-
*
|
|
205
|
-
* @
|
|
198
|
+
* # Errors
|
|
199
|
+
*
|
|
200
|
+
* Will return `Err` if the input cannot be parsed. Side-effect free on error.
|
|
201
|
+
* @param {string} pset_id
|
|
202
|
+
* @param {PolicySet} policies
|
|
203
|
+
* @returns {CheckParseAnswer}
|
|
206
204
|
*/
|
|
207
|
-
export function
|
|
208
|
-
const
|
|
205
|
+
export function preparsePolicySet(pset_id, policies) {
|
|
206
|
+
const ptr0 = passStringToWasm0(pset_id, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
|
|
207
|
+
const len0 = WASM_VECTOR_LEN;
|
|
208
|
+
const ret = wasm.preparsePolicySet(ptr0, len0, policies);
|
|
209
209
|
return ret;
|
|
210
210
|
}
|
|
211
211
|
|
|
@@ -226,26 +226,6 @@ export function preparseSchema(schema_name, schema) {
|
|
|
226
226
|
return ret;
|
|
227
227
|
}
|
|
228
228
|
|
|
229
|
-
/**
|
|
230
|
-
* Check whether a set of entities successfully parses.
|
|
231
|
-
* @param {EntitiesParsingCall} call
|
|
232
|
-
* @returns {CheckParseAnswer}
|
|
233
|
-
*/
|
|
234
|
-
export function checkParseEntities(call) {
|
|
235
|
-
const ret = wasm.checkParseEntities(call);
|
|
236
|
-
return ret;
|
|
237
|
-
}
|
|
238
|
-
|
|
239
|
-
/**
|
|
240
|
-
* Check whether a schema successfully parses.
|
|
241
|
-
* @param {Schema} schema
|
|
242
|
-
* @returns {CheckParseAnswer}
|
|
243
|
-
*/
|
|
244
|
-
export function checkParseSchema(schema) {
|
|
245
|
-
const ret = wasm.checkParseSchema(schema);
|
|
246
|
-
return ret;
|
|
247
|
-
}
|
|
248
|
-
|
|
249
229
|
/**
|
|
250
230
|
* Check whether a policy set successfully parses.
|
|
251
231
|
* @param {PolicySet} policies
|
|
@@ -267,22 +247,35 @@ export function checkParseContext(call) {
|
|
|
267
247
|
}
|
|
268
248
|
|
|
269
249
|
/**
|
|
270
|
-
*
|
|
271
|
-
* @param {
|
|
272
|
-
* @returns {
|
|
250
|
+
* Check whether a schema successfully parses.
|
|
251
|
+
* @param {Schema} schema
|
|
252
|
+
* @returns {CheckParseAnswer}
|
|
273
253
|
*/
|
|
274
|
-
export function
|
|
275
|
-
const ret = wasm.
|
|
254
|
+
export function checkParseSchema(schema) {
|
|
255
|
+
const ret = wasm.checkParseSchema(schema);
|
|
276
256
|
return ret;
|
|
277
257
|
}
|
|
278
258
|
|
|
279
259
|
/**
|
|
280
|
-
*
|
|
281
|
-
* @param {
|
|
282
|
-
* @returns {
|
|
260
|
+
* Check whether a set of entities successfully parses.
|
|
261
|
+
* @param {EntitiesParsingCall} call
|
|
262
|
+
* @returns {CheckParseAnswer}
|
|
283
263
|
*/
|
|
284
|
-
export function
|
|
285
|
-
const ret = wasm.
|
|
264
|
+
export function checkParseEntities(call) {
|
|
265
|
+
const ret = wasm.checkParseEntities(call);
|
|
266
|
+
return ret;
|
|
267
|
+
}
|
|
268
|
+
|
|
269
|
+
/**
|
|
270
|
+
* Takes a `PolicySet` represented as string and return the policies
|
|
271
|
+
* and templates split into vecs and sorted by id.
|
|
272
|
+
* @param {string} policyset_str
|
|
273
|
+
* @returns {PolicySetTextToPartsAnswer}
|
|
274
|
+
*/
|
|
275
|
+
export function policySetTextToParts(policyset_str) {
|
|
276
|
+
const ptr0 = passStringToWasm0(policyset_str, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
|
|
277
|
+
const len0 = WASM_VECTOR_LEN;
|
|
278
|
+
const ret = wasm.policySetTextToParts(ptr0, len0);
|
|
286
279
|
return ret;
|
|
287
280
|
}
|
|
288
281
|
|
|
@@ -297,15 +290,12 @@ export function templateToJson(template) {
|
|
|
297
290
|
}
|
|
298
291
|
|
|
299
292
|
/**
|
|
300
|
-
*
|
|
301
|
-
*
|
|
302
|
-
* @
|
|
303
|
-
* @returns {PolicySetTextToPartsAnswer}
|
|
293
|
+
* Return the Cedar (textual) representation of a policy.
|
|
294
|
+
* @param {Policy} policy
|
|
295
|
+
* @returns {PolicyToTextAnswer}
|
|
304
296
|
*/
|
|
305
|
-
export function
|
|
306
|
-
const
|
|
307
|
-
const len0 = WASM_VECTOR_LEN;
|
|
308
|
-
const ret = wasm.policySetTextToParts(ptr0, len0);
|
|
297
|
+
export function policyToText(policy) {
|
|
298
|
+
const ret = wasm.policyToText(policy);
|
|
309
299
|
return ret;
|
|
310
300
|
}
|
|
311
301
|
|
|
@@ -319,6 +309,16 @@ export function schemaToJson(schema) {
|
|
|
319
309
|
return ret;
|
|
320
310
|
}
|
|
321
311
|
|
|
312
|
+
/**
|
|
313
|
+
* Return the Cedar (textual) representation of a template.
|
|
314
|
+
* @param {Template} template
|
|
315
|
+
* @returns {PolicyToTextAnswer}
|
|
316
|
+
*/
|
|
317
|
+
export function templateToText(template) {
|
|
318
|
+
const ret = wasm.templateToText(template);
|
|
319
|
+
return ret;
|
|
320
|
+
}
|
|
321
|
+
|
|
322
322
|
/**
|
|
323
323
|
* Return the JSON representation of a policy.
|
|
324
324
|
* @param {Policy} policy
|
|
@@ -330,12 +330,12 @@ export function policyToJson(policy) {
|
|
|
330
330
|
}
|
|
331
331
|
|
|
332
332
|
/**
|
|
333
|
-
* Return the Cedar (textual) representation of a
|
|
334
|
-
* @param {
|
|
335
|
-
* @returns {
|
|
333
|
+
* Return the Cedar (textual) representation of a schema.
|
|
334
|
+
* @param {Schema} schema
|
|
335
|
+
* @returns {SchemaToTextAnswer}
|
|
336
336
|
*/
|
|
337
|
-
export function
|
|
338
|
-
const ret = wasm.
|
|
337
|
+
export function schemaToText(schema) {
|
|
338
|
+
const ret = wasm.schemaToText(schema);
|
|
339
339
|
return ret;
|
|
340
340
|
}
|
|
341
341
|
|
package/esm/cedar_wasm_bg.wasm
CHANGED
|
Binary file
|