@clef-sh/core 0.1.27-beta.189 → 0.1.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +2 -2
- package/dist/index.d.ts +2 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +120 -9
- package/dist/index.js.map +3 -3
- package/dist/index.mjs +119 -9
- package/dist/index.mjs.map +3 -3
- package/dist/kms/aws-arn.d.ts +29 -0
- package/dist/kms/aws-arn.d.ts.map +1 -0
- package/dist/kms/index.d.ts +2 -0
- package/dist/kms/index.d.ts.map +1 -1
- package/dist/manifest/io.d.ts +6 -0
- package/dist/manifest/io.d.ts.map +1 -1
- package/dist/manifest/parser.d.ts.map +1 -1
- package/dist/migration/backend.d.ts.map +1 -1
- package/package.json +1 -1
package/dist/index.d.mts
CHANGED
|
@@ -58,8 +58,8 @@ export { PackBackendRegistry } from "./pack/registry";
|
|
|
58
58
|
export type { PackBackend, PackBackendFactory, PackRequest, PackServices, BackendPackResult, } from "./pack/types";
|
|
59
59
|
export { JsonEnvelopeBackend } from "./pack/backends/json-envelope";
|
|
60
60
|
export type { JsonEnvelopeOptions } from "./pack/backends/json-envelope";
|
|
61
|
-
export type { KmsProvider, KmsWrapResult, KmsProviderType } from "./kms";
|
|
62
|
-
export { VALID_KMS_PROVIDERS } from "./kms";
|
|
61
|
+
export type { KmsProvider, KmsWrapResult, KmsProviderType, AwsKmsArnValidation } from "./kms";
|
|
62
|
+
export { VALID_KMS_PROVIDERS, validateAwsKmsArn } from "./kms";
|
|
63
63
|
export { BackendMigrator } from "./migration/backend";
|
|
64
64
|
export type { MigrationTarget, MigrationOptions, MigrationResult, MigrationProgressEvent, } from "./migration/backend";
|
|
65
65
|
export { ResetManager, describeScope, validateResetScope } from "./reset/manager";
|
package/dist/index.d.ts
CHANGED
|
@@ -58,8 +58,8 @@ export { PackBackendRegistry } from "./pack/registry";
|
|
|
58
58
|
export type { PackBackend, PackBackendFactory, PackRequest, PackServices, BackendPackResult, } from "./pack/types";
|
|
59
59
|
export { JsonEnvelopeBackend } from "./pack/backends/json-envelope";
|
|
60
60
|
export type { JsonEnvelopeOptions } from "./pack/backends/json-envelope";
|
|
61
|
-
export type { KmsProvider, KmsWrapResult, KmsProviderType } from "./kms";
|
|
62
|
-
export { VALID_KMS_PROVIDERS } from "./kms";
|
|
61
|
+
export type { KmsProvider, KmsWrapResult, KmsProviderType, AwsKmsArnValidation } from "./kms";
|
|
62
|
+
export { VALID_KMS_PROVIDERS, validateAwsKmsArn } from "./kms";
|
|
63
63
|
export { BackendMigrator } from "./migration/backend";
|
|
64
64
|
export type { MigrationTarget, MigrationOptions, MigrationResult, MigrationProgressEvent, } from "./migration/backend";
|
|
65
65
|
export { ResetManager, describeScope, validateResetScope } from "./reset/manager";
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC;AACxB,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAC3E,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAC1F,OAAO,EACL,UAAU,EACV,cAAc,EACd,aAAa,EACb,aAAa,EACb,WAAW,EACX,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,WAAW,CAAC;AACnB,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AACrF,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EACL,eAAe,EACf,WAAW,EACX,cAAc,EACd,aAAa,EACb,eAAe,GAChB,MAAM,iBAAiB,CAAC;AACzB,YAAY,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AACrC,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,yBAAyB,EACzB,wBAAwB,GACzB,MAAM,MAAM,CAAC;AACd,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAC;AAChG,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACvE,YAAY,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAClE,OAAO,EACL,qBAAqB,EACrB,yBAAyB,EACzB,eAAe,EACf,oBAAoB,GACrB,MAAM,OAAO,CAAC;AACf,YAAY,EACV,gBAAgB,EAChB,oBAAoB,EACpB,gBAAgB,EAChB,sBAAsB,GACvB,MAAM,OAAO,CAAC;AACf,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAC7F,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACzF,YAAY,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,oBAAoB,EACpB,YAAY,EACZ,cAAc,EACd,SAAS,EACT,cAAc,EACd,cAAc,EACd,YAAY,EACZ,mBAAmB,GACpB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EAAE,UAAU,EAAE,cAAc,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACpG,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxF,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAC1F,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,YAAY,EAAE,SAAS,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChE,OAAO,EAAE,oBAAoB,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAC1E,YAAY,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC/D,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,aAAa,IAAI,mBAAmB,EACpC,WAAW,GACZ,MAAM,uBAAuB,CAAC;AAC/B,YAAY,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EACL,eAAe,EACf,eAAe,EACf,iBAAiB,EACjB,WAAW,EACX,gBAAgB,GACjB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAC5E,OAAO,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AACpF,OAAO,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AACpE,YAAY,EAAE,4BAA4B,EAAE,MAAM,4BAA4B,CAAC;AAC/E,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,YAAY,EACV,oBAAoB,EACpB,sBAAsB,EACtB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAC5D,YAAY,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,EACL,gBAAgB,EAChB,sBAAsB,EACtB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAC1D,YAAY,EACV,cAAc,EACd,UAAU,EACV,UAAU,EACV,UAAU,EACV,WAAW,EACX,kBAAkB,GACnB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,WAAW,EACX,OAAO,EACP,eAAe,EACf,eAAe,GAChB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AACxD,YAAY,EACV,eAAe,EACf,aAAa,EACb,UAAU,EACV,eAAe,EACf,YAAY,EACZ,gBAAgB,EAChB,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,aAAa,EACb,oBAAoB,GACrB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,EAClB,cAAc,EACd,mBAAmB,EACnB,cAAc,GACf,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,YAAY,EACV,WAAW,EACX,kBAAkB,EAClB,WAAW,EACX,YAAY,EACZ,iBAAiB,GAClB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACpE,YAAY,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACzE,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC;AACxB,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAC3E,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAC1F,OAAO,EACL,UAAU,EACV,cAAc,EACd,aAAa,EACb,aAAa,EACb,WAAW,EACX,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,WAAW,CAAC;AACnB,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AACrF,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EACL,eAAe,EACf,WAAW,EACX,cAAc,EACd,aAAa,EACb,eAAe,GAChB,MAAM,iBAAiB,CAAC;AACzB,YAAY,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AACrC,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,yBAAyB,EACzB,wBAAwB,GACzB,MAAM,MAAM,CAAC;AACd,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAC;AAChG,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACvE,YAAY,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAClE,OAAO,EACL,qBAAqB,EACrB,yBAAyB,EACzB,eAAe,EACf,oBAAoB,GACrB,MAAM,OAAO,CAAC;AACf,YAAY,EACV,gBAAgB,EAChB,oBAAoB,EACpB,gBAAgB,EAChB,sBAAsB,GACvB,MAAM,OAAO,CAAC;AACf,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAC7F,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACzF,YAAY,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,oBAAoB,EACpB,YAAY,EACZ,cAAc,EACd,SAAS,EACT,cAAc,EACd,cAAc,EACd,YAAY,EACZ,mBAAmB,GACpB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EAAE,UAAU,EAAE,cAAc,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACpG,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxF,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAC1F,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,YAAY,EAAE,SAAS,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChE,OAAO,EAAE,oBAAoB,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAC1E,YAAY,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC/D,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,aAAa,IAAI,mBAAmB,EACpC,WAAW,GACZ,MAAM,uBAAuB,CAAC;AAC/B,YAAY,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EACL,eAAe,EACf,eAAe,EACf,iBAAiB,EACjB,WAAW,EACX,gBAAgB,GACjB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAC5E,OAAO,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AACpF,OAAO,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AACpE,YAAY,EAAE,4BAA4B,EAAE,MAAM,4BAA4B,CAAC;AAC/E,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,YAAY,EACV,oBAAoB,EACpB,sBAAsB,EACtB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAC5D,YAAY,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,EACL,gBAAgB,EAChB,sBAAsB,EACtB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAC1D,YAAY,EACV,cAAc,EACd,UAAU,EACV,UAAU,EACV,UAAU,EACV,WAAW,EACX,kBAAkB,GACnB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,WAAW,EACX,OAAO,EACP,eAAe,EACf,eAAe,GAChB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AACxD,YAAY,EACV,eAAe,EACf,aAAa,EACb,UAAU,EACV,eAAe,EACf,YAAY,EACZ,gBAAgB,EAChB,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,aAAa,EACb,oBAAoB,GACrB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,EAClB,cAAc,EACd,mBAAmB,EACnB,cAAc,GACf,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,YAAY,EACV,WAAW,EACX,kBAAkB,EAClB,WAAW,EACX,YAAY,EACZ,iBAAiB,GAClB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACpE,YAAY,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACzE,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,OAAO,CAAC;AAC9F,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,OAAO,CAAC;AAC/D,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,YAAY,EACV,eAAe,EACf,gBAAgB,EAChB,eAAe,EACf,sBAAsB,GACvB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAClF,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC7E,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACrC,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC9E,OAAO,EAAE,YAAY,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,YAAY,EACV,cAAc,EACd,oBAAoB,EACpB,yBAAyB,EACzB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACjG,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,YAAY,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -11551,6 +11551,7 @@ __export(index_exports, {
|
|
|
11551
11551
|
tryBundledKeyservice: () => tryBundledKeyservice,
|
|
11552
11552
|
upsertRequest: () => upsertRequest,
|
|
11553
11553
|
validateAgePublicKey: () => validateAgePublicKey,
|
|
11554
|
+
validateAwsKmsArn: () => validateAwsKmsArn,
|
|
11554
11555
|
validatePackedArtifact: () => validatePackedArtifact,
|
|
11555
11556
|
validateResetScope: () => validateResetScope,
|
|
11556
11557
|
verifySignature: () => verifySignature,
|
|
@@ -11728,11 +11729,98 @@ function keyPreview(key) {
|
|
|
11728
11729
|
return `age1\u2026${last8}`;
|
|
11729
11730
|
}
|
|
11730
11731
|
|
|
11732
|
+
// src/kms/aws-arn.ts
|
|
11733
|
+
var PARTITION_PATTERN = /^aws(?:-[a-z]+)*$/;
|
|
11734
|
+
var REGION_PATTERN = /^[a-z]{2,}(?:-[a-z]+)+-\d+$/;
|
|
11735
|
+
var ACCOUNT_PATTERN = /^\d{12}$/;
|
|
11736
|
+
function validateAwsKmsArn(input) {
|
|
11737
|
+
if (typeof input !== "string") {
|
|
11738
|
+
return { ok: false, reason: "value must be a string" };
|
|
11739
|
+
}
|
|
11740
|
+
if (input.length === 0) {
|
|
11741
|
+
return { ok: false, reason: "value is empty" };
|
|
11742
|
+
}
|
|
11743
|
+
if (!input.startsWith("arn:")) {
|
|
11744
|
+
return {
|
|
11745
|
+
ok: false,
|
|
11746
|
+
reason: "expected an ARN starting with 'arn:' (got a bare key id, alias name, or other format). Use a full ARN like 'arn:aws:kms:us-east-1:123456789012:alias/<name>'."
|
|
11747
|
+
};
|
|
11748
|
+
}
|
|
11749
|
+
const segments = input.split(":");
|
|
11750
|
+
if (segments.length < 6) {
|
|
11751
|
+
return {
|
|
11752
|
+
ok: false,
|
|
11753
|
+
reason: `expected 6 colon-delimited segments (arn:aws:kms:<region>:<account>:<resource>), got ${segments.length}. Check that the region and account aren't missing.`
|
|
11754
|
+
};
|
|
11755
|
+
}
|
|
11756
|
+
if (segments.length > 6) {
|
|
11757
|
+
return {
|
|
11758
|
+
ok: false,
|
|
11759
|
+
reason: `expected exactly 6 colon-delimited segments, got ${segments.length}. Check for stray ':' characters.`
|
|
11760
|
+
};
|
|
11761
|
+
}
|
|
11762
|
+
const [, partition, service, region, account, resource] = segments;
|
|
11763
|
+
if (!PARTITION_PATTERN.test(partition)) {
|
|
11764
|
+
return {
|
|
11765
|
+
ok: false,
|
|
11766
|
+
reason: `partition segment '${partition}' is not recognized. Expected 'aws', 'aws-us-gov', 'aws-cn', etc.`
|
|
11767
|
+
};
|
|
11768
|
+
}
|
|
11769
|
+
if (service !== "kms") {
|
|
11770
|
+
return {
|
|
11771
|
+
ok: false,
|
|
11772
|
+
reason: `service segment must be 'kms', got '${service}'.`
|
|
11773
|
+
};
|
|
11774
|
+
}
|
|
11775
|
+
if (region.length === 0) {
|
|
11776
|
+
return {
|
|
11777
|
+
ok: false,
|
|
11778
|
+
reason: "region segment is empty (look for '::' between 'kms' and the account id). Set a region like 'us-east-1' before reconstructing the ARN \u2014 common cause: a $REGION shell variable was unset when the ARN was built."
|
|
11779
|
+
};
|
|
11780
|
+
}
|
|
11781
|
+
if (!REGION_PATTERN.test(region)) {
|
|
11782
|
+
return {
|
|
11783
|
+
ok: false,
|
|
11784
|
+
reason: `region segment '${region}' doesn't look like an AWS region (expected e.g. 'us-east-1', 'eu-west-2').`
|
|
11785
|
+
};
|
|
11786
|
+
}
|
|
11787
|
+
if (account.length === 0) {
|
|
11788
|
+
return {
|
|
11789
|
+
ok: false,
|
|
11790
|
+
reason: "account segment is empty. Provide the 12-digit AWS account id."
|
|
11791
|
+
};
|
|
11792
|
+
}
|
|
11793
|
+
if (!ACCOUNT_PATTERN.test(account)) {
|
|
11794
|
+
return {
|
|
11795
|
+
ok: false,
|
|
11796
|
+
reason: `account segment '${account}' must be exactly 12 digits.`
|
|
11797
|
+
};
|
|
11798
|
+
}
|
|
11799
|
+
if (!resource || resource.length === 0) {
|
|
11800
|
+
return {
|
|
11801
|
+
ok: false,
|
|
11802
|
+
reason: "resource segment is empty. Expected 'key/<id>' or 'alias/<name>' after the account."
|
|
11803
|
+
};
|
|
11804
|
+
}
|
|
11805
|
+
if (!resource.startsWith("key/") && !resource.startsWith("alias/")) {
|
|
11806
|
+
return {
|
|
11807
|
+
ok: false,
|
|
11808
|
+
reason: `resource '${resource}' must start with 'key/' or 'alias/'.`
|
|
11809
|
+
};
|
|
11810
|
+
}
|
|
11811
|
+
if (resource === "key/" || resource === "alias/") {
|
|
11812
|
+
return {
|
|
11813
|
+
ok: false,
|
|
11814
|
+
reason: "resource id is empty after 'key/' or 'alias/'."
|
|
11815
|
+
};
|
|
11816
|
+
}
|
|
11817
|
+
return { ok: true };
|
|
11818
|
+
}
|
|
11819
|
+
|
|
11731
11820
|
// src/manifest/parser.ts
|
|
11732
11821
|
var CLEF_MANIFEST_FILENAME = "clef.yaml";
|
|
11733
11822
|
var VALID_BACKENDS = ["age", "awskms", "gcpkms", "azurekv", "pgp", "hsm"];
|
|
11734
11823
|
var PKCS11_URI_PATTERN = /^pkcs11:[a-zA-Z][a-zA-Z0-9_-]*=[^;]+/;
|
|
11735
|
-
var AWS_KMS_ARN_PATTERN = /^arn:aws(?:-[a-z]+)*:kms:[a-z0-9-]+:\d+:(key|alias)\/.+$/;
|
|
11736
11824
|
var VALID_TOP_LEVEL_KEYS = [
|
|
11737
11825
|
"version",
|
|
11738
11826
|
"environments",
|
|
@@ -12255,11 +12343,14 @@ var ManifestParser = class {
|
|
|
12255
12343
|
"service_identities"
|
|
12256
12344
|
);
|
|
12257
12345
|
}
|
|
12258
|
-
if (kmsObj.provider === "aws"
|
|
12259
|
-
|
|
12260
|
-
|
|
12261
|
-
|
|
12262
|
-
|
|
12346
|
+
if (kmsObj.provider === "aws") {
|
|
12347
|
+
const arnValidation = validateAwsKmsArn(kmsObj.keyId);
|
|
12348
|
+
if (!arnValidation.ok) {
|
|
12349
|
+
throw new ManifestValidationError(
|
|
12350
|
+
`Service identity '${siName}' environment '${envName}': kms.keyId is not a valid AWS KMS ARN \u2014 ${arnValidation.reason} (got '${kmsObj.keyId}'). Expected shape: arn:aws:kms:<region>:<account>:key/<id> or arn:aws:kms:<region>:<account>:alias/<name>.`,
|
|
12351
|
+
"service_identities"
|
|
12352
|
+
);
|
|
12353
|
+
}
|
|
12263
12354
|
}
|
|
12264
12355
|
if (Object.prototype.hasOwnProperty.call(kmsObj, "region")) {
|
|
12265
12356
|
throw new ManifestValidationError(
|
|
@@ -12334,6 +12425,18 @@ function readManifestYaml(repoRoot) {
|
|
|
12334
12425
|
return YAML2.parse(raw);
|
|
12335
12426
|
}
|
|
12336
12427
|
function writeManifestYaml(repoRoot, doc) {
|
|
12428
|
+
const parser = new ManifestParser();
|
|
12429
|
+
try {
|
|
12430
|
+
parser.validate(doc);
|
|
12431
|
+
} catch (err) {
|
|
12432
|
+
if (err instanceof ManifestValidationError) {
|
|
12433
|
+
throw new ManifestValidationError(
|
|
12434
|
+
`Refusing to write invalid manifest: ${err.message}`,
|
|
12435
|
+
err.field
|
|
12436
|
+
);
|
|
12437
|
+
}
|
|
12438
|
+
throw err;
|
|
12439
|
+
}
|
|
12337
12440
|
const manifestPath = path.join(repoRoot, CLEF_MANIFEST_FILENAME);
|
|
12338
12441
|
import_write_file_atomic.default.sync(manifestPath, YAML2.stringify(doc));
|
|
12339
12442
|
}
|
|
@@ -18392,6 +18495,8 @@ var BackendMigrator = class {
|
|
|
18392
18495
|
warnings: ["All files already use the target backend and key. Nothing to migrate."]
|
|
18393
18496
|
};
|
|
18394
18497
|
}
|
|
18498
|
+
const preMigrationWarnings = [];
|
|
18499
|
+
this.checkAgeRecipientsWarning(manifest, target, environment, preMigrationWarnings);
|
|
18395
18500
|
if (dryRun) {
|
|
18396
18501
|
const warnings2 = [];
|
|
18397
18502
|
for (const cell of toMigrate) {
|
|
@@ -18408,7 +18513,7 @@ var BackendMigrator = class {
|
|
|
18408
18513
|
} else {
|
|
18409
18514
|
warnings2.push(`Would update global default_backend \u2192 ${target.backend}`);
|
|
18410
18515
|
}
|
|
18411
|
-
|
|
18516
|
+
warnings2.push(...preMigrationWarnings);
|
|
18412
18517
|
return {
|
|
18413
18518
|
migratedFiles: [],
|
|
18414
18519
|
skippedFiles,
|
|
@@ -18464,7 +18569,12 @@ var BackendMigrator = class {
|
|
|
18464
18569
|
rolledBack: true,
|
|
18465
18570
|
error: migrationError.message,
|
|
18466
18571
|
verifiedFiles: [],
|
|
18467
|
-
warnings
|
|
18572
|
+
// Surface pre-migration warnings even on rollback. The new manifest
|
|
18573
|
+
// validator can reject the write (e.g. per-env recipients vs.
|
|
18574
|
+
// non-age backend), and without these warnings the user only sees
|
|
18575
|
+
// an opaque "rolled back" message — not the actionable hint about
|
|
18576
|
+
// what to clean up first.
|
|
18577
|
+
warnings: ["All changes have been rolled back.", ...preMigrationWarnings]
|
|
18468
18578
|
};
|
|
18469
18579
|
}
|
|
18470
18580
|
const verifiedFiles = [];
|
|
@@ -18487,7 +18597,7 @@ var BackendMigrator = class {
|
|
|
18487
18597
|
}
|
|
18488
18598
|
}
|
|
18489
18599
|
}
|
|
18490
|
-
|
|
18600
|
+
warnings.push(...preMigrationWarnings);
|
|
18491
18601
|
return { migratedFiles, skippedFiles, rolledBack: false, verifiedFiles, warnings };
|
|
18492
18602
|
}
|
|
18493
18603
|
// ── Private helpers ──────────────────────────────────────────────────
|
|
@@ -19322,6 +19432,7 @@ async function detectRepo(runner, repoRoot) {
|
|
|
19322
19432
|
tryBundledKeyservice,
|
|
19323
19433
|
upsertRequest,
|
|
19324
19434
|
validateAgePublicKey,
|
|
19435
|
+
validateAwsKmsArn,
|
|
19325
19436
|
validatePackedArtifact,
|
|
19326
19437
|
validateResetScope,
|
|
19327
19438
|
verifySignature,
|