@cubist-labs/cubesigner-sdk 0.4.227 → 0.4.228

package/src/schema.ts

@@ -1129,6 +1129,15 @@ export interface paths {
      */
     put: operations["addUserToRole"];
   };
+  "/v0/org/{org_id}/roles/{role_id}/attest": {
+    /**
+     * Attest to Role Properties
+     * @description Attest to Role Properties
+     *
+     * The response is a JWT whose claims are the requested role properties.
+     */
+    get: operations["attestRole"];
+  };
   "/v0/org/{org_id}/roles/{role_id}/keys": {
     /**
      * List Role Keys
@@ -2923,6 +2932,7 @@ export interface components {
       | "ResetMemberMfa"
       | "CompleteResetMemberMfa"
       | "CreateRole"
+      | "AttestRole"
       | "GetRole"
       | "ListTokenKeys"
       | "ListRoles"
@@ -4614,6 +4624,7 @@ export interface components {
       | "manage:role:create"
       | "manage:role:delete"
       | "manage:role:get:*"
+      | "manage:role:attest"
       | "manage:role:get:keys"
       | "manage:role:get:keys:list"
       | "manage:role:get:keys:get"
@@ -5320,6 +5331,13 @@ export interface components {
       /** @description The keys included in this set */
       keys: Record<string, never>[];
     };
+    KeyAttestationClaims: {
+      exp: components["schemas"]["EpochDateTime"];
+      iat: components["schemas"]["EpochDateTime"];
+      key_info: components["schemas"]["KeyInfo"];
+      /** @description If requested, the roles the key is currently in. */
+      key_roles?: components["schemas"]["KeyInRoleInfo"][] | null;
+    };
     KeyCountDimensions: {
       /** @description The key type */
       key_type: string;
@@ -7552,13 +7570,32 @@ export interface components {
      * @enum {string}
      */
     RoleAction: "CreateToken" | "GetKey";
+    RoleAttestationClaims: {
+      exp: components["schemas"]["EpochDateTime"];
+      iat: components["schemas"]["EpochDateTime"];
+      query: components["schemas"]["RoleAttestationQuery"];
+      role_info: components["schemas"]["RoleInfo"];
+      /** @description The information about the keys currently in this role. */
+      role_keys?: components["schemas"]["KeyInRoleInfo"][] | null;
+      /** @description The IDs of the users who are currently in this role. */
+      role_users: string[];
+    };
+    RoleAttestationQuery: {
+      key_filter?: components["schemas"]["Id"] | null;
+      verbosity?: components["schemas"]["RoleAttestationVerbosity"];
+    };
+    /**
+     * @description Specifies which role properties to include in an attestation
+     * @enum {string}
+     */
+    RoleAttestationVerbosity: "Summary" | "WithKeys" | "Full";
     RoleInfo: components["schemas"]["CommonFields"] & {
       /**
        * @description Whether the role is enabled
        * @example true
        */
       enabled: boolean;
-      /** @description Deprecated The CubeSigner IDs of at most 100 keys associated with this role */
+      /** @description Deprecated. The CubeSigner IDs of at most 100 keys associated with this role. */
       keys?: components["schemas"]["KeyInRoleInfo"][] | null;
       /**
        * @description Whether the current user is a member of the role. This is always true,
@@ -7595,6 +7632,11 @@ export interface components {
       /** @description Deprecated. The list of at most 100 users with access to the role. */
       users?: string[] | null;
     };
+    /** @description Response returned when requesting a role attestation. */
+    RoleInfoJwt: {
+      /** @description A JSON Web Token whose claims contain the `RoleInfo` structure. */
+      jwt: string;
+    };
     /** @description All scopes for accessing CubeSigner APIs */
     Scope: components["schemas"]["ExplicitScope"] | string;
     /** @description A set of scopes. */
@@ -10326,7 +10368,7 @@ export interface components {
            * @example true
            */
           enabled: boolean;
-          /** @description Deprecated The CubeSigner IDs of at most 100 keys associated with this role */
+          /** @description Deprecated. The CubeSigner IDs of at most 100 keys associated with this role. */
           keys?: components["schemas"]["KeyInRoleInfo"][] | null;
           /**
            * @description Whether the current user is a member of the role. This is always true,
@@ -10365,6 +10407,15 @@ export interface components {
         };
       };
     };
+    /** @description Response returned when requesting a role attestation. */
+    RoleInfoJwt: {
+      content: {
+        "application/json": {
+          /** @description A JSON Web Token whose claims contain the `RoleInfo` structure. */
+          jwt: string;
+        };
+      };
+    };
     SessionInfo: {
       content: {
         "application/json": components["schemas"]["SessionMetadata"] & {
@@ -12780,6 +12831,9 @@ export interface operations {
    */
   attestKey: {
     parameters: {
+      query?: {
+        include_roles?: boolean | null;
+      };
       path: {
         /**
          * @description Name or ID of the desired Org
@@ -14234,6 +14288,9 @@ export interface operations {
    */
   getRole: {
     parameters: {
+      query?: {
+        summarize?: boolean | null;
+      };
       path: {
         /**
          * @description Name or ID of the desired Org
@@ -14440,6 +14497,48 @@ export interface operations {
       };
     };
   };
+  /**
+   * Attest to Role Properties
+   * @description Attest to Role Properties
+   *
+   * The response is a JWT whose claims are the requested role properties.
+   */
+  attestRole: {
+    parameters: {
+      query?: {
+        /**
+         * @description Role properties to include in an attestation. Defaults to basic role
+         * properties, including associated users, but excluding associated keys.
+         */
+        verbosity?: components["schemas"]["RoleAttestationVerbosity"];
+        /**
+         * @description Associated keys filter, i.e., when specified, out all other associated
+         * keys are filtered out. Defaults to including all associated keys.
+         */
+        key_filter?: components["schemas"]["Id"] | null;
+      };
+      path: {
+        /**
+         * @description Name or ID of the desired Org
+         * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+         */
+        org_id: string;
+        /**
+         * @description Name or ID of the desired Role
+         * @example Role#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+         */
+        role_id: string;
+      };
+    };
+    responses: {
+      200: components["responses"]["RoleInfoJwt"];
+      default: {
+        content: {
+          "application/json": components["schemas"]["ErrorResponse"];
+        };
+      };
+    };
+  };
   /**
    * List Role Keys
    * @description List Role Keys

package/src/schema_types.ts

@@ -1,4 +1,4 @@
-import type { components, operations } from "./schema";
+import type { components, operations, paths } from "./schema";
 import type { JsonMap, JsonValue } from "./util";
 
 export type schemas = components["schemas"];
@@ -81,6 +81,14 @@ export type KeyProperties = schemas["CreateAndUpdateKeyProperties"];
 export type CreateKeyRequest = schemas["CreateKeyRequest"];
 export type KeyInfo = schemas["KeyInfo"];
 export type KeyInfoJwt = schemas["KeyInfoJwt"];
+export type KeyAttestationClaims = schemas["KeyAttestationClaims"];
+export type KeyAttestationQuery =
+  paths["/v0/org/{org_id}/keys/{key_id}/attest"]["get"]["parameters"]["query"];
+export type RoleInfoJwt = schemas["RoleInfoJwt"];
+export type RoleAttestationClaims = schemas["RoleAttestationClaims"];
+export type RoleAttestationQuery =
+  paths["/v0/org/{org_id}/roles/{role_id}/attest"]["get"]["parameters"]["query"];
+export type RoleAttestationVerbosity = schemas["RoleAttestationVerbosity"];
 export type KeyInRoleInfo = schemas["KeyInRoleInfo"];
 export type GetUsersInOrgResponse = schemas["PaginatedGetUsersInOrgResponse"];
 export type GetUserByEmailResponse = schemas["GetUserByEmailResponse"];

package/src/scopes.ts

@@ -129,6 +129,7 @@ export const AllScopes: Record<ExplicitScope, string> =
   "manage:policy:createImportKey"               : "Allows access only to the policy key endpoint",
   "manage:role:*"                               : "Allows access to all role endpoints",
   "manage:role:readonly"                        : "Allows access to all role readonly endpoints",
+  "manage:role:attest"                          : "Allows access only to the role 'attest' endpoint",
   "manage:role:create"                          : "Allows access only to the role 'create' endpoint",
   "manage:role:delete"                          : "Allows access only to the role 'delete' endpoint",
   "manage:role:get:*"                           : "Allows access only to the role 'get' endpoint",