@cedar-policy/cedar-wasm 4.7.0 → 4.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/esm/cedar_wasm.d.ts +179 -179
- package/esm/cedar_wasm_bg.js +158 -158
- package/esm/cedar_wasm_bg.wasm +0 -0
- package/esm/cedar_wasm_bg.wasm.d.ts +6 -6
- package/esm/package.json +1 -1
- package/nodejs/cedar_wasm.d.ts +179 -179
- package/nodejs/cedar_wasm.js +150 -150
- package/nodejs/cedar_wasm_bg.wasm +0 -0
- package/nodejs/cedar_wasm_bg.wasm.d.ts +6 -6
- package/nodejs/package.json +1 -1
- package/package.json +1 -1
- package/web/cedar_wasm.d.ts +185 -185
- package/web/cedar_wasm.js +156 -164
- package/web/cedar_wasm_bg.wasm +0 -0
- package/web/cedar_wasm_bg.wasm.d.ts +6 -6
- package/web/package.json +1 -1
package/esm/cedar_wasm.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
/* tslint:disable */
|
|
2
2
|
/* eslint-disable */
|
|
3
|
-
export function getCedarSDKVersion(): string;
|
|
4
3
|
export function getCedarVersion(): string;
|
|
4
|
+
export function getCedarSDKVersion(): string;
|
|
5
5
|
/**
|
|
6
6
|
* Get valid request environment
|
|
7
7
|
*/
|
|
@@ -11,16 +11,13 @@ export function getValidRequestEnvsPolicy(t: Policy, s: Schema): GetValidRequest
|
|
|
11
11
|
*/
|
|
12
12
|
export function getValidRequestEnvsTemplate(t: Template, s: Schema): GetValidRequestEnvsResult;
|
|
13
13
|
/**
|
|
14
|
-
*
|
|
14
|
+
* Preparse and cache a schema in thread-local storage
|
|
15
15
|
*
|
|
16
|
-
*
|
|
17
|
-
*
|
|
18
|
-
|
|
19
|
-
export function statefulIsAuthorized(call: StatefulAuthorizationCall): AuthorizationAnswer;
|
|
20
|
-
/**
|
|
21
|
-
* Basic interface, using [`AuthorizationCall`] and [`AuthorizationAnswer`] types
|
|
16
|
+
* # Errors
|
|
17
|
+
*
|
|
18
|
+
* Will return `Err` if the input cannot be parsed. Side-effect free on error.
|
|
22
19
|
*/
|
|
23
|
-
export function
|
|
20
|
+
export function preparseSchema(schema_name: string, schema: Schema): CheckParseAnswer;
|
|
24
21
|
/**
|
|
25
22
|
* Preparse and cache a policy set in thread-local storage
|
|
26
23
|
*
|
|
@@ -30,17 +27,31 @@ export function isAuthorized(call: AuthorizationCall): AuthorizationAnswer;
|
|
|
30
27
|
*/
|
|
31
28
|
export function preparsePolicySet(pset_id: string, policies: PolicySet): CheckParseAnswer;
|
|
32
29
|
/**
|
|
33
|
-
*
|
|
34
|
-
|
|
35
|
-
|
|
30
|
+
* Basic interface, using [`AuthorizationCall`] and [`AuthorizationAnswer`] types
|
|
31
|
+
*/
|
|
32
|
+
export function isAuthorized(call: AuthorizationCall): AuthorizationAnswer;
|
|
33
|
+
/**
|
|
34
|
+
* Stateful authorization using preparsed schemas and policy sets.
|
|
36
35
|
*
|
|
37
|
-
*
|
|
36
|
+
* This function works like [`is_authorized`] but retrieves schemas and policy sets
|
|
37
|
+
* from thread-local cache instead of parsing them on each call.
|
|
38
38
|
*/
|
|
39
|
-
export function
|
|
39
|
+
export function statefulIsAuthorized(call: StatefulAuthorizationCall): AuthorizationAnswer;
|
|
40
40
|
/**
|
|
41
|
-
*
|
|
41
|
+
* Get language version of Cedar
|
|
42
42
|
*/
|
|
43
|
-
export function
|
|
43
|
+
export function getCedarLangVersion(): string;
|
|
44
|
+
/**
|
|
45
|
+
* Apply the Cedar policy formatter to a policy set in the Cedar policy format
|
|
46
|
+
*/
|
|
47
|
+
export function formatPolicies(call: FormattingCall): FormattingAnswer;
|
|
48
|
+
/**
|
|
49
|
+
* Parse a policy set and optionally validate it against a provided schema
|
|
50
|
+
*
|
|
51
|
+
* This is the basic validator interface, using [`ValidationCall`] and
|
|
52
|
+
* [`ValidationAnswer`] types
|
|
53
|
+
*/
|
|
54
|
+
export function validate(call: ValidationCall): ValidationAnswer;
|
|
44
55
|
/**
|
|
45
56
|
* Check whether a context successfully parses.
|
|
46
57
|
*/
|
|
@@ -49,67 +60,96 @@ export function checkParseContext(call: ContextParsingCall): CheckParseAnswer;
|
|
|
49
60
|
* Check whether a schema successfully parses.
|
|
50
61
|
*/
|
|
51
62
|
export function checkParseSchema(schema: Schema): CheckParseAnswer;
|
|
63
|
+
/**
|
|
64
|
+
* Check whether a policy set successfully parses.
|
|
65
|
+
*/
|
|
66
|
+
export function checkParsePolicySet(policies: PolicySet): CheckParseAnswer;
|
|
52
67
|
/**
|
|
53
68
|
* Check whether a set of entities successfully parses.
|
|
54
69
|
*/
|
|
55
70
|
export function checkParseEntities(call: EntitiesParsingCall): CheckParseAnswer;
|
|
71
|
+
/**
|
|
72
|
+
* Return the JSON representation of a schema.
|
|
73
|
+
*/
|
|
74
|
+
export function schemaToJson(schema: Schema): SchemaToJsonAnswer;
|
|
75
|
+
/**
|
|
76
|
+
* Return the Cedar (textual) representation of a schema.
|
|
77
|
+
*/
|
|
78
|
+
export function schemaToText(schema: Schema): SchemaToTextAnswer;
|
|
56
79
|
/**
|
|
57
80
|
* Takes a `PolicySet` represented as string and return the policies
|
|
58
81
|
* and templates split into vecs and sorted by id.
|
|
59
82
|
*/
|
|
60
83
|
export function policySetTextToParts(policyset_str: string): PolicySetTextToPartsAnswer;
|
|
61
|
-
/**
|
|
62
|
-
* Return the JSON representation of a template.
|
|
63
|
-
*/
|
|
64
|
-
export function templateToJson(template: Template): PolicyToJsonAnswer;
|
|
65
84
|
/**
|
|
66
85
|
* Return the Cedar (textual) representation of a policy.
|
|
67
86
|
*/
|
|
68
87
|
export function policyToText(policy: Policy): PolicyToTextAnswer;
|
|
69
|
-
/**
|
|
70
|
-
* Return the JSON representation of a schema.
|
|
71
|
-
*/
|
|
72
|
-
export function schemaToJson(schema: Schema): SchemaToJsonAnswer;
|
|
73
|
-
/**
|
|
74
|
-
* Return the Cedar (textual) representation of a template.
|
|
75
|
-
*/
|
|
76
|
-
export function templateToText(template: Template): PolicyToTextAnswer;
|
|
77
88
|
/**
|
|
78
89
|
* Return the JSON representation of a policy.
|
|
79
90
|
*/
|
|
80
91
|
export function policyToJson(policy: Policy): PolicyToJsonAnswer;
|
|
81
92
|
/**
|
|
82
|
-
* Return the Cedar (textual) representation of a
|
|
83
|
-
*/
|
|
84
|
-
export function schemaToText(schema: Schema): SchemaToTextAnswer;
|
|
85
|
-
/**
|
|
86
|
-
* Get language version of Cedar
|
|
87
|
-
*/
|
|
88
|
-
export function getCedarLangVersion(): string;
|
|
89
|
-
/**
|
|
90
|
-
* Apply the Cedar policy formatter to a policy set in the Cedar policy format
|
|
93
|
+
* Return the Cedar (textual) representation of a template.
|
|
91
94
|
*/
|
|
92
|
-
export function
|
|
95
|
+
export function templateToText(template: Template): PolicyToTextAnswer;
|
|
93
96
|
/**
|
|
94
|
-
*
|
|
95
|
-
*
|
|
96
|
-
* This is the basic validator interface, using [`ValidationCall`] and
|
|
97
|
-
* [`ValidationAnswer`] types
|
|
97
|
+
* Return the JSON representation of a template.
|
|
98
98
|
*/
|
|
99
|
-
export function
|
|
99
|
+
export function templateToJson(template: Template): PolicyToJsonAnswer;
|
|
100
100
|
export type GetValidRequestEnvsResult = { type: "success"; principals: string[]; actions: string[]; resources: string[] } | { type: "failure"; error: string };
|
|
101
101
|
|
|
102
|
+
export type SlotId = string;
|
|
103
|
+
|
|
102
104
|
export type PolicyId = string;
|
|
103
105
|
|
|
104
|
-
export type
|
|
106
|
+
export type EntityUid = EntityUidJson;
|
|
105
107
|
|
|
106
|
-
export type
|
|
108
|
+
export type Schema = string | SchemaJson<string>;
|
|
107
109
|
|
|
108
|
-
export interface
|
|
109
|
-
|
|
110
|
-
diagnostics: Diagnostics;
|
|
110
|
+
export interface SourceLabel extends SourceLocation {
|
|
111
|
+
label: string | null;
|
|
111
112
|
}
|
|
112
113
|
|
|
114
|
+
export type Context = Record<string, CedarValueJson>;
|
|
115
|
+
|
|
116
|
+
export interface PolicySet {
|
|
117
|
+
staticPolicies?: StaticPolicySet;
|
|
118
|
+
templates?: Record<PolicyId, Template>;
|
|
119
|
+
templateLinks?: TemplateLink[];
|
|
120
|
+
}
|
|
121
|
+
|
|
122
|
+
export type Policy = string | PolicyJson;
|
|
123
|
+
|
|
124
|
+
export interface DetailedError {
|
|
125
|
+
message: string;
|
|
126
|
+
help: string | null;
|
|
127
|
+
code: string | null;
|
|
128
|
+
url: string | null;
|
|
129
|
+
severity: Severity | null;
|
|
130
|
+
sourceLocations?: SourceLabel[];
|
|
131
|
+
related?: DetailedError[];
|
|
132
|
+
}
|
|
133
|
+
|
|
134
|
+
export type Severity = "advice" | "warning" | "error";
|
|
135
|
+
|
|
136
|
+
export type Entities = Array<EntityJson>;
|
|
137
|
+
|
|
138
|
+
export interface SourceLocation {
|
|
139
|
+
start: number;
|
|
140
|
+
end: number;
|
|
141
|
+
}
|
|
142
|
+
|
|
143
|
+
export interface TemplateLink {
|
|
144
|
+
templateId: PolicyId;
|
|
145
|
+
newId: PolicyId;
|
|
146
|
+
values: Record<SlotId, EntityUid>;
|
|
147
|
+
}
|
|
148
|
+
|
|
149
|
+
export type Template = string | PolicyJson;
|
|
150
|
+
|
|
151
|
+
export type StaticPolicySet = string | Policy[] | Record<PolicyId, Policy>;
|
|
152
|
+
|
|
113
153
|
export interface StatefulAuthorizationCall {
|
|
114
154
|
principal: EntityUid;
|
|
115
155
|
action: EntityUid;
|
|
@@ -121,14 +161,19 @@ export interface StatefulAuthorizationCall {
|
|
|
121
161
|
entities: Entities;
|
|
122
162
|
}
|
|
123
163
|
|
|
164
|
+
export interface AuthorizationError {
|
|
165
|
+
policyId: string;
|
|
166
|
+
error: DetailedError;
|
|
167
|
+
}
|
|
168
|
+
|
|
124
169
|
export interface Diagnostics {
|
|
125
170
|
reason: PolicyId[];
|
|
126
171
|
errors: AuthorizationError[];
|
|
127
172
|
}
|
|
128
173
|
|
|
129
|
-
export interface
|
|
130
|
-
|
|
131
|
-
|
|
174
|
+
export interface Response {
|
|
175
|
+
decision: Decision;
|
|
176
|
+
diagnostics: Diagnostics;
|
|
132
177
|
}
|
|
133
178
|
|
|
134
179
|
export interface AuthorizationCall {
|
|
@@ -142,58 +187,33 @@ export interface AuthorizationCall {
|
|
|
142
187
|
entities: Entities;
|
|
143
188
|
}
|
|
144
189
|
|
|
145
|
-
export type
|
|
146
|
-
|
|
147
|
-
export type Schema = string | SchemaJson<string>;
|
|
148
|
-
|
|
149
|
-
export type EntityUid = EntityUidJson;
|
|
150
|
-
|
|
151
|
-
export type Severity = "advice" | "warning" | "error";
|
|
190
|
+
export type AuthorizationAnswer = { type: "failure"; errors: DetailedError[]; warnings: DetailedError[] } | { type: "success"; response: Response; warnings: DetailedError[] };
|
|
152
191
|
|
|
153
|
-
export
|
|
154
|
-
staticPolicies?: StaticPolicySet;
|
|
155
|
-
templates?: Record<PolicyId, Template>;
|
|
156
|
-
templateLinks?: TemplateLink[];
|
|
157
|
-
}
|
|
192
|
+
export type ValidationMode = "strict";
|
|
158
193
|
|
|
159
|
-
export
|
|
160
|
-
label: string | null;
|
|
161
|
-
}
|
|
194
|
+
export type FormattingAnswer = { type: "failure"; errors: DetailedError[] } | { type: "success"; formatted_policy: string };
|
|
162
195
|
|
|
163
|
-
export interface
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
196
|
+
export interface FormattingCall {
|
|
197
|
+
policyText: string;
|
|
198
|
+
lineWidth?: number;
|
|
199
|
+
indentWidth?: number;
|
|
167
200
|
}
|
|
168
201
|
|
|
169
|
-
export
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
export type Context = Record<string, CedarValueJson>;
|
|
174
|
-
|
|
175
|
-
export interface DetailedError {
|
|
176
|
-
message: string;
|
|
177
|
-
help: string | null;
|
|
178
|
-
code: string | null;
|
|
179
|
-
url: string | null;
|
|
180
|
-
severity: Severity | null;
|
|
181
|
-
sourceLocations?: SourceLabel[];
|
|
182
|
-
related?: DetailedError[];
|
|
202
|
+
export interface ValidationCall {
|
|
203
|
+
validationSettings?: ValidationSettings;
|
|
204
|
+
schema: Schema;
|
|
205
|
+
policies: PolicySet;
|
|
183
206
|
}
|
|
184
207
|
|
|
185
|
-
export type
|
|
208
|
+
export type ValidationAnswer = { type: "failure"; errors: DetailedError[]; warnings: DetailedError[] } | { type: "success"; validationErrors: ValidationError[]; validationWarnings: ValidationError[]; otherWarnings: DetailedError[] };
|
|
186
209
|
|
|
187
|
-
export interface
|
|
188
|
-
|
|
189
|
-
|
|
210
|
+
export interface ValidationError {
|
|
211
|
+
policyId: string;
|
|
212
|
+
error: DetailedError;
|
|
190
213
|
}
|
|
191
214
|
|
|
192
|
-
export
|
|
193
|
-
|
|
194
|
-
export interface EntitiesParsingCall {
|
|
195
|
-
entities: Entities;
|
|
196
|
-
schema?: Schema | null;
|
|
215
|
+
export interface ValidationSettings {
|
|
216
|
+
mode: ValidationMode;
|
|
197
217
|
}
|
|
198
218
|
|
|
199
219
|
export interface ContextParsingCall {
|
|
@@ -202,41 +222,55 @@ export interface ContextParsingCall {
|
|
|
202
222
|
action?: EntityUid | null;
|
|
203
223
|
}
|
|
204
224
|
|
|
205
|
-
export
|
|
225
|
+
export interface EntitiesParsingCall {
|
|
226
|
+
entities: Entities;
|
|
227
|
+
schema?: Schema | null;
|
|
228
|
+
}
|
|
206
229
|
|
|
207
|
-
export type
|
|
230
|
+
export type CheckParseAnswer = { type: "success" } | { type: "failure"; errors: DetailedError[] };
|
|
208
231
|
|
|
209
232
|
export type PolicyToJsonAnswer = { type: "success"; json: PolicyJson } | { type: "failure"; errors: DetailedError[] };
|
|
210
233
|
|
|
211
234
|
export type SchemaToTextAnswer = { type: "success"; text: string; warnings: DetailedError[] } | { type: "failure"; errors: DetailedError[] };
|
|
212
235
|
|
|
236
|
+
export type SchemaToJsonAnswer = { type: "success"; json: SchemaJson<string>; warnings: DetailedError[] } | { type: "failure"; errors: DetailedError[] };
|
|
237
|
+
|
|
213
238
|
export type PolicyToTextAnswer = { type: "success"; text: string } | { type: "failure"; errors: DetailedError[] };
|
|
214
239
|
|
|
215
|
-
export type
|
|
240
|
+
export type PolicySetTextToPartsAnswer = { type: "success"; policies: string[]; policy_templates: string[] } | { type: "failure"; errors: DetailedError[] };
|
|
216
241
|
|
|
217
|
-
export
|
|
218
|
-
policyText: string;
|
|
219
|
-
lineWidth?: number;
|
|
220
|
-
indentWidth?: number;
|
|
221
|
-
}
|
|
242
|
+
export type Annotations = Record<string, Annotation>;
|
|
222
243
|
|
|
223
|
-
export type
|
|
244
|
+
export type Decision = "allow" | "deny";
|
|
224
245
|
|
|
225
|
-
export
|
|
226
|
-
policyId: string;
|
|
227
|
-
error: DetailedError;
|
|
228
|
-
}
|
|
246
|
+
export type Effect = "permit" | "forbid";
|
|
229
247
|
|
|
230
|
-
export
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
248
|
+
export type ActionInConstraint = { entity: EntityUidJson } | { entities: EntityUidJson[] };
|
|
249
|
+
|
|
250
|
+
export type ActionConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & ActionInConstraint);
|
|
251
|
+
|
|
252
|
+
export type EqConstraint = { entity: EntityUidJson } | { slot: string };
|
|
253
|
+
|
|
254
|
+
export type ResourceConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & PrincipalOrResourceInConstraint) | ({ op: "is" } & PrincipalOrResourceIsConstraint);
|
|
255
|
+
|
|
256
|
+
export type PrincipalConstraint = { op: "All" } | ({ op: "==" } & EqConstraint) | ({ op: "in" } & PrincipalOrResourceInConstraint) | ({ op: "is" } & PrincipalOrResourceIsConstraint);
|
|
257
|
+
|
|
258
|
+
export interface PrincipalOrResourceIsConstraint {
|
|
259
|
+
entity_type: string;
|
|
260
|
+
in?: PrincipalOrResourceInConstraint;
|
|
234
261
|
}
|
|
235
262
|
|
|
236
|
-
export type
|
|
263
|
+
export type PrincipalOrResourceInConstraint = { entity: EntityUidJson } | { slot: string };
|
|
237
264
|
|
|
238
|
-
export
|
|
239
|
-
|
|
265
|
+
export type Clause = { kind: "when"; body: Expr } | { kind: "unless"; body: Expr };
|
|
266
|
+
|
|
267
|
+
export interface PolicyJson {
|
|
268
|
+
effect: Effect;
|
|
269
|
+
principal: PrincipalConstraint;
|
|
270
|
+
action: ActionConstraint;
|
|
271
|
+
resource: ResourceConstraint;
|
|
272
|
+
conditions: Clause[];
|
|
273
|
+
annotations?: Annotations;
|
|
240
274
|
}
|
|
241
275
|
|
|
242
276
|
export interface EntityJson {
|
|
@@ -246,28 +280,35 @@ export interface EntityJson {
|
|
|
246
280
|
tags?: Record<string, CedarValueJson>;
|
|
247
281
|
}
|
|
248
282
|
|
|
249
|
-
export type
|
|
283
|
+
export type ExprNoExt = { Value: CedarValueJson } | { Var: Var } | { Slot: string } | { "!": { arg: Expr } } | { neg: { arg: Expr } } | { "==": { left: Expr; right: Expr } } | { "!=": { left: Expr; right: Expr } } | { in: { left: Expr; right: Expr } } | { "<": { left: Expr; right: Expr } } | { "<=": { left: Expr; right: Expr } } | { ">": { left: Expr; right: Expr } } | { ">=": { left: Expr; right: Expr } } | { "&&": { left: Expr; right: Expr } } | { "||": { left: Expr; right: Expr } } | { "+": { left: Expr; right: Expr } } | { "-": { left: Expr; right: Expr } } | { "*": { left: Expr; right: Expr } } | { contains: { left: Expr; right: Expr } } | { containsAll: { left: Expr; right: Expr } } | { containsAny: { left: Expr; right: Expr } } | { isEmpty: { arg: Expr } } | { getTag: { left: Expr; right: Expr } } | { hasTag: { left: Expr; right: Expr } } | { ".": { left: Expr; attr: SmolStr } } | { has: { left: Expr; attr: SmolStr } } | { like: { left: Expr; pattern: PatternElem[] } } | { is: { left: Expr; entity_type: SmolStr; in?: Expr } } | { "if-then-else": { if: Expr; then: Expr; else: Expr } } | { Set: Expr[] } | { Record: Record<string, Expr> };
|
|
250
284
|
|
|
251
|
-
export type
|
|
285
|
+
export type PatternElem = "Wildcard" | { Literal: SmolStr };
|
|
252
286
|
|
|
253
|
-
export type
|
|
287
|
+
export type Expr = ExprNoExt | ExtFuncCall;
|
|
254
288
|
|
|
255
|
-
export type
|
|
289
|
+
export type ExtFuncCall = {} & Record<string, Array<Expr>>;
|
|
256
290
|
|
|
257
|
-
export type
|
|
291
|
+
export type Var = "principal" | "action" | "resource" | "context";
|
|
258
292
|
|
|
259
|
-
export
|
|
260
|
-
|
|
261
|
-
|
|
293
|
+
export type EntityUidJson = { __entity: TypeAndId } | TypeAndId;
|
|
294
|
+
|
|
295
|
+
export interface TypeAndId {
|
|
296
|
+
type: string;
|
|
297
|
+
id: string;
|
|
262
298
|
}
|
|
263
299
|
|
|
264
|
-
export type
|
|
300
|
+
export type FnAndArgs = { fn: string; arg: CedarValueJson } | { fn: string; args: CedarValueJson[] };
|
|
265
301
|
|
|
266
|
-
export type
|
|
302
|
+
export type CedarValueJson = { __entity: TypeAndId } | { __extn: FnAndArgs } | boolean | number | string | CedarValueJson[] | { [key: string]: CedarValueJson } | null;
|
|
267
303
|
|
|
268
|
-
export type
|
|
304
|
+
export type AnyId = SmolStr;
|
|
269
305
|
|
|
270
|
-
export type
|
|
306
|
+
export type UnreservedId = string;
|
|
307
|
+
|
|
308
|
+
export interface ActionEntityUID<N> {
|
|
309
|
+
id: SmolStr;
|
|
310
|
+
type?: N;
|
|
311
|
+
}
|
|
271
312
|
|
|
272
313
|
export interface ActionType<N> {
|
|
273
314
|
attributes?: Record<SmolStr, CedarValueJson>;
|
|
@@ -276,24 +317,7 @@ export interface ActionType<N> {
|
|
|
276
317
|
annotations?: Annotations;
|
|
277
318
|
}
|
|
278
319
|
|
|
279
|
-
export
|
|
280
|
-
memberOfTypes?: N[];
|
|
281
|
-
shape?: AttributesOrContext<N>;
|
|
282
|
-
tags?: Type<N>;
|
|
283
|
-
}
|
|
284
|
-
|
|
285
|
-
export type AttributesOrContext<N> = Type<N>;
|
|
286
|
-
|
|
287
|
-
export interface RecordType<N> {
|
|
288
|
-
attributes: Record<SmolStr, TypeOfAttribute<N>>;
|
|
289
|
-
additionalAttributes?: boolean;
|
|
290
|
-
}
|
|
291
|
-
|
|
292
|
-
export type SchemaJson<N> = Record<string, NamespaceDefinition<N>>;
|
|
293
|
-
|
|
294
|
-
export type EntityTypeKind<N> = StandardEntityType<N> | { enum: NonEmpty<SmolStr> };
|
|
295
|
-
|
|
296
|
-
export type CommonTypeId = string;
|
|
320
|
+
export type Type<N> = ({} & TypeVariant<N>) | { type: N };
|
|
297
321
|
|
|
298
322
|
export interface NamespaceDefinition<N> {
|
|
299
323
|
commonTypes?: Record<CommonTypeId, CommonType<N>>;
|
|
@@ -302,12 +326,7 @@ export interface NamespaceDefinition<N> {
|
|
|
302
326
|
annotations?: Annotations;
|
|
303
327
|
}
|
|
304
328
|
|
|
305
|
-
export
|
|
306
|
-
id: SmolStr;
|
|
307
|
-
type?: N;
|
|
308
|
-
}
|
|
309
|
-
|
|
310
|
-
export type Type<N> = ({} & TypeVariant<N>) | { type: N };
|
|
329
|
+
export type AttributesOrContext<N> = Type<N>;
|
|
311
330
|
|
|
312
331
|
export interface ApplySpec<N> {
|
|
313
332
|
resourceTypes: N[];
|
|
@@ -317,43 +336,24 @@ export interface ApplySpec<N> {
|
|
|
317
336
|
|
|
318
337
|
export type TypeVariant<N> = { type: "String" } | { type: "Long" } | { type: "Boolean" } | { type: "Set"; element: Type<N> } | ({ type: "Record" } & RecordType<N>) | { type: "Entity"; name: N } | { type: "EntityOrCommon"; name: N } | { type: "Extension"; name: UnreservedId };
|
|
319
338
|
|
|
320
|
-
export type
|
|
339
|
+
export type SchemaJson<N> = Record<string, NamespaceDefinition<N>>;
|
|
321
340
|
|
|
322
|
-
export interface
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
action: ActionConstraint;
|
|
326
|
-
resource: ResourceConstraint;
|
|
327
|
-
conditions: Clause[];
|
|
328
|
-
annotations?: Annotations;
|
|
341
|
+
export interface RecordType<N> {
|
|
342
|
+
attributes: Record<SmolStr, TypeOfAttribute<N>>;
|
|
343
|
+
additionalAttributes?: boolean;
|
|
329
344
|
}
|
|
330
345
|
|
|
331
|
-
export type
|
|
332
|
-
|
|
333
|
-
export type Expr = ExprNoExt | ExtFuncCall;
|
|
334
|
-
|
|
335
|
-
export type PatternElem = "Wildcard" | { Literal: SmolStr };
|
|
336
|
-
|
|
337
|
-
export type ExtFuncCall = {} & Record<string, Array<Expr>>;
|
|
338
|
-
|
|
339
|
-
export type ExprNoExt = { Value: CedarValueJson } | { Var: Var } | { Slot: string } | { "!": { arg: Expr } } | { neg: { arg: Expr } } | { "==": { left: Expr; right: Expr } } | { "!=": { left: Expr; right: Expr } } | { in: { left: Expr; right: Expr } } | { "<": { left: Expr; right: Expr } } | { "<=": { left: Expr; right: Expr } } | { ">": { left: Expr; right: Expr } } | { ">=": { left: Expr; right: Expr } } | { "&&": { left: Expr; right: Expr } } | { "||": { left: Expr; right: Expr } } | { "+": { left: Expr; right: Expr } } | { "-": { left: Expr; right: Expr } } | { "*": { left: Expr; right: Expr } } | { contains: { left: Expr; right: Expr } } | { containsAll: { left: Expr; right: Expr } } | { containsAny: { left: Expr; right: Expr } } | { isEmpty: { arg: Expr } } | { getTag: { left: Expr; right: Expr } } | { hasTag: { left: Expr; right: Expr } } | { ".": { left: Expr; attr: SmolStr } } | { has: { left: Expr; attr: SmolStr } } | { like: { left: Expr; pattern: PatternElem[] } } | { is: { left: Expr; entity_type: SmolStr; in?: Expr } } | { "if-then-else": { if: Expr; then: Expr; else: Expr } } | { Set: Expr[] } | { Record: Record<string, Expr> };
|
|
340
|
-
|
|
341
|
-
export type Annotation = SmolStr;
|
|
342
|
-
|
|
343
|
-
export type Annotations = Record<string, Annotation>;
|
|
346
|
+
export type CommonTypeId = string;
|
|
344
347
|
|
|
345
|
-
export type
|
|
348
|
+
export type EntityTypeKind<N> = StandardEntityType<N> | { enum: NonEmpty<SmolStr> };
|
|
346
349
|
|
|
347
|
-
export interface
|
|
348
|
-
|
|
349
|
-
|
|
350
|
+
export interface StandardEntityType<N> {
|
|
351
|
+
memberOfTypes?: N[];
|
|
352
|
+
shape?: AttributesOrContext<N>;
|
|
353
|
+
tags?: Type<N>;
|
|
350
354
|
}
|
|
351
355
|
|
|
352
|
-
export type
|
|
353
|
-
|
|
354
|
-
export type FnAndArgs = { fn: string; arg: CedarValueJson } | { fn: string; args: CedarValueJson[] };
|
|
355
|
-
|
|
356
|
-
export type EntityUidJson = { __entity: TypeAndId } | TypeAndId;
|
|
356
|
+
export type Annotation = SmolStr;
|
|
357
357
|
|
|
358
358
|
type SmolStr = string;
|
|
359
359
|
export type TypeOfAttribute<N> = Type<N> & { required?: boolean };
|