@cubist-labs/cubesigner-sdk 0.4.236 → 0.4.239

package/src/schema.ts

@@ -1035,6 +1035,31 @@ export interface paths {
      */
     post: operations["invokePolicy"];
   };
+  "/v0/org/{org_id}/policy/buckets": {
+    /**
+     * List Buckets
+     * @description List Buckets
+     *
+     * List available meta information about all policy KV store buckets in the org.
+     */
+    get: operations["listPolicyBuckets"];
+  };
+  "/v0/org/{org_id}/policy/buckets/{bucket_name}": {
+    /**
+     * Get Bucket
+     * @description Get Bucket
+     *
+     * Returns the meta information of a policy KV store bucket.
+     */
+    get: operations["getPolicyBucket"];
+    /**
+     * Update Bucket
+     * @description Update Bucket
+     *
+     * Updates meta information for an existing policy KV store bucket.
+     */
+    patch: operations["updatePolicyBucket"];
+  };
   "/v0/org/{org_id}/policy/import_key": {
     /**
      * Create Policy Import Key
@@ -1050,7 +1075,7 @@ export interface paths {
      * Get the org-wide policy secrets.
      * @description Get the org-wide policy secrets.
      *
-     * Note that this only returns the keys for the secrets, omiting the values.
+     * Note that this only returns the keys for the secrets, omitting the values.
      * The values are secret and are not accessible outside Wasm policy execution.
      */
     get: operations["getPolicySecrets"];
@@ -1859,8 +1884,7 @@ export interface components {
      */
     Aud: string | string[];
     AuditLogEntry: {
-      /** @description The name of the event */
-      event: string;
+      event: components["schemas"]["OrgEventDiscriminants"];
       /** @description UUID of the event. Unique across all events. */
       event_id: string;
       org_id: components["schemas"]["Id"];
@@ -2997,6 +3021,9 @@ export interface components {
       | "SetPolicySecret"
       | "DeletePolicySecret"
       | "CreatePolicyImportKey"
+      | "GetPolicyBucket"
+      | "ListPolicyBuckets"
+      | "UpdatePolicyBucket"
       | "UserExportDelete"
       | "UserExportList"
       | "UserExportInit"
@@ -3328,6 +3355,57 @@ export interface components {
        */
       value: number;
     };
+    /**
+     * @description The access-controlled actions that can be performed on a bucket
+     * @enum {string}
+     */
+    BucketAction:
+      | "read:key:value"
+      | "read:key:exists"
+      | "update:key:value"
+      | "delete:key:value"
+      | "scan:keys"
+      | "update:bucket:owner"
+      | "update:bucket:acl"
+      | "update:bucket:metadata";
+    /** @description Information about a policy KV store bucket. */
+    BucketInfo: ({
+      created?: components["schemas"]["EpochDateTime"] | null;
+      last_modified?: components["schemas"]["EpochDateTime"] | null;
+      /**
+       * Format: int64
+       * @description Version of this object
+       */
+      version?: number;
+    } & {
+      /** @description The access-control entries for the bucket. */
+      acl?: unknown[] | null;
+      /** @description Arbitrary user-defined metadata. */
+      metadata?: unknown;
+      owner: components["schemas"]["Id"];
+    }) & {
+      /** @description The name of the bucket. */
+      name: string;
+    };
+    /**
+     * @description Sub-entity of org where per-bucket metadata (like ACL) is stored.
+     * The [Id] of a [BucketMeta] must be the bucket name.
+     */
+    BucketMeta: {
+      created?: components["schemas"]["EpochDateTime"] | null;
+      last_modified?: components["schemas"]["EpochDateTime"] | null;
+      /**
+       * Format: int64
+       * @description Version of this object
+       */
+      version?: number;
+    } & {
+      /** @description The access-control entries for the bucket. */
+      acl?: unknown[] | null;
+      /** @description Arbitrary user-defined metadata. */
+      metadata?: unknown;
+      owner: components["schemas"]["Id"];
+    };
     CancelInvitationRequest: {
       email: components["schemas"]["Email"];
     };
@@ -4749,6 +4827,13 @@ export interface components {
       | "manage:policy:secrets:update:values"
       | "manage:policy:secrets:update:acl"
       | "manage:policy:secrets:update:editPolicy"
+      | "manage:policy:buckets:*"
+      | "manage:policy:buckets:get"
+      | "manage:policy:buckets:list"
+      | "manage:policy:buckets:update:*"
+      | "manage:policy:buckets:update:owner"
+      | "manage:policy:buckets:update:acl"
+      | "manage:policy:buckets:update:metadata"
       | "manage:contact:*"
       | "manage:contact:readonly"
       | "manage:contact:create"
@@ -5007,6 +5092,7 @@ export interface components {
       | "AutoAddBlsKeyToProtectedRole"
       | "UserNotPolicyOwner"
       | "UserNotContactOwner"
+      | "UserNotBucketOwner"
       | "LegacySessionCannotHaveScopeCeiling"
       | "RoleInParentOrgNotAllowed"
       | "RemoveKeyFromRoleUserNotAllowed"
@@ -6060,6 +6146,7 @@ export interface components {
       | "OrgExportCiphertextNotFound"
       | "UploadObjectNotFound"
       | "PolicySecretNotFound"
+      | "BucketMetaNotFound"
       | "TimestreamDisabled"
       | "CustomChainNotFound"
       | "InvitationNotFound"
@@ -6740,6 +6827,21 @@ export interface components {
        */
       last_evaluated_key?: string | null;
     };
+    /**
+     * @description Response type that wraps another type and adds base64url-encoded encrypted `last_evaluated_key`
+     * value (which can the user pass back to use as a url query parameter to continue pagination).
+     */
+    PaginatedListBucketsResponse: {
+      /** @description The buckets in the organization. */
+      buckets: components["schemas"]["BucketInfo"][];
+    } & {
+      /**
+       * @description If set, the content of `response` does not contain the entire result set.
+       * To fetch the next page of the result set, call the same endpoint
+       * but specify this value as the 'page.start' query parameter.
+       */
+      last_evaluated_key?: string | null;
+    };
     /**
      * @description Response type that wraps another type and adds base64url-encoded encrypted `last_evaluated_key`
      * value (which can the user pass back to use as a url query parameter to continue pagination).
@@ -7060,16 +7162,16 @@ export interface components {
     }) &
       Record<string, never>;
     /**
-     * PolicyAction
      * @description The access-controlled actions that can be performed on a named policy.
-     * @example read:policy
      * @enum {string}
      */
     PolicyAction:
       | "read:*"
+      | "read"
       | "read:policy"
       | "read:logs"
       | "update:*"
+      | "update"
       | "update:name"
       | "update:rules"
       | "update:metadata"
@@ -8791,6 +8893,23 @@ export interface components {
       /** @description Optional policy evaluation tree. */
       policy_eval_tree?: unknown;
     } & Record<string, never>;
+    /** @description The information needed to update a bucket. */
+    UpdateBucketRequest: {
+      /** @description Access-control entries defining how the bucket can be accessed. */
+      acl?: unknown;
+      /**
+       * Format: int64
+       * @description If set, updating only succeeds if the current version matches this value.
+       */
+      expected_version?: number | null;
+      /** @description Optional metadata. */
+      metadata?: unknown;
+      /**
+       * @description Update the owner of the bucket
+       * @example User#00000000-0000-0000-0000-000000000000
+       */
+      owner?: string | null;
+    };
     /** @description The information needed to update a Contact. */
     UpdateContactRequest: {
       addresses?: components["schemas"]["AddressMap"] | null;
@@ -9621,6 +9740,29 @@ export interface components {
         };
       };
     };
+    /** @description Information about a policy KV store bucket. */
+    BucketInfo: {
+      content: {
+        "application/json": ({
+          created?: components["schemas"]["EpochDateTime"] | null;
+          last_modified?: components["schemas"]["EpochDateTime"] | null;
+          /**
+           * Format: int64
+           * @description Version of this object
+           */
+          version?: number;
+        } & {
+          /** @description The access-control entries for the bucket. */
+          acl?: unknown[] | null;
+          /** @description Arbitrary user-defined metadata. */
+          metadata?: unknown;
+          owner: components["schemas"]["Id"];
+        }) & {
+          /** @description The name of the bucket. */
+          name: string;
+        };
+      };
+    };
     /** @description The number of users and keys in an org, organized by user role and key type */
     ComputeCountsResponse: {
       content: {
@@ -10342,6 +10484,21 @@ export interface components {
         };
       };
     };
+    PaginatedListBucketsResponse: {
+      content: {
+        "application/json": {
+          /** @description The buckets in the organization. */
+          buckets: components["schemas"]["BucketInfo"][];
+        } & {
+          /**
+           * @description If set, the content of `response` does not contain the entire result set.
+           * To fetch the next page of the result set, call the same endpoint
+           * but specify this value as the 'page.start' query parameter.
+           */
+          last_evaluated_key?: string | null;
+        };
+      };
+    };
     PaginatedListContactsResponse: {
       content: {
         "application/json": {
@@ -14602,6 +14759,108 @@ export interface operations {
       };
     };
   };
+  /**
+   * List Buckets
+   * @description List Buckets
+   *
+   * List available meta information about all policy KV store buckets in the org.
+   */
+  listPolicyBuckets: {
+    parameters: {
+      query?: {
+        /**
+         * @description Max number of items to return per page.
+         *
+         * If the actual number of returned items may be less that this, even if there exist more
+         * data in the result set. To reliably determine if more data is left in the result set,
+         * inspect the [UnencryptedLastEvalKey] value in the response object.
+         */
+        "page.size"?: number;
+        /**
+         * @description The start of the page.  Omit to start from the beginning; otherwise, only specify a
+         * the exact value previously returned as 'last_evaluated_key' from the same endpoint.
+         */
+        "page.start"?: string | null;
+      };
+      path: {
+        /**
+         * @description Name or ID of the desired Org
+         * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+         */
+        org_id: string;
+      };
+    };
+    responses: {
+      200: components["responses"]["PaginatedListBucketsResponse"];
+      default: {
+        content: {
+          "application/json": components["schemas"]["ErrorResponse"];
+        };
+      };
+    };
+  };
+  /**
+   * Get Bucket
+   * @description Get Bucket
+   *
+   * Returns the meta information of a policy KV store bucket.
+   */
+  getPolicyBucket: {
+    parameters: {
+      path: {
+        /**
+         * @description Name or ID of the desired Org
+         * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+         */
+        org_id: string;
+        bucket_name: string;
+      };
+    };
+    responses: {
+      200: components["responses"]["BucketInfo"];
+      default: {
+        content: {
+          "application/json": components["schemas"]["ErrorResponse"];
+        };
+      };
+    };
+  };
+  /**
+   * Update Bucket
+   * @description Update Bucket
+   *
+   * Updates meta information for an existing policy KV store bucket.
+   */
+  updatePolicyBucket: {
+    parameters: {
+      path: {
+        /**
+         * @description Name or ID of the desired Org
+         * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+         */
+        org_id: string;
+        bucket_name: string;
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["UpdateBucketRequest"];
+      };
+    };
+    responses: {
+      200: components["responses"]["BucketInfo"];
+      202: {
+        content: {
+          "application/json": components["schemas"]["AcceptedResponse"];
+        };
+      };
+      default: {
+        content: {
+          "application/json": components["schemas"]["ErrorResponse"];
+        };
+      };
+    };
+  };
   /**
    * Create Policy Import Key
    * @description Create Policy Import Key
@@ -14632,7 +14891,7 @@ export interface operations {
    * Get the org-wide policy secrets.
    * @description Get the org-wide policy secrets.
    *
-   * Note that this only returns the keys for the secrets, omiting the values.
+   * Note that this only returns the keys for the secrets, omitting the values.
    * The values are secret and are not accessible outside Wasm policy execution.
    */
   getPolicySecrets: {

package/src/schema_types.ts

@@ -221,7 +221,7 @@ export type QueryMetricsRequest = schemas["QueryMetricsRequest"];
 export type QueryMetricsResponse = schemas["QueryMetricsResponse"];
 export type AuditLogRequest = schemas["AuditLogRequest"];
 export type AuditLogResponse = schemas["PaginatedAuditLogResponse"];
-export type AuditLogEntry = schemas["AuditLogEntry"];
+export type { AuditLogEntry } from "./audit_log";
 
 export type DiffieHellmanRequest = schemas["DiffieHellmanRequest"];
 export type DiffieHellmanResponse = schemas["DiffieHellmanResponse"];
@@ -291,10 +291,20 @@ export type ImportKeyRequestMaterial = schemas["ImportKeyRequestMaterial"];
 export type InvitationAcceptRequest = schemas["InvitationAcceptRequest"];
 
 export type KeyTypeAndDerivationPath = schemas["KeyTypeAndDerivationPath"];
-
 export type PolicyInfo = schemas["PolicyInfo"] & {
   acl?: JsonValue[];
 };
+
+/**
+ * Coerce the less accurate `PolicyInfo` type from the OpenAPI schema to a more accurate {@link PolicyInfo}.
+ *
+ * @param p The policy info received on the wire
+ * @returns The same value coerced to {@link PolicyInfo}
+ */
+export function coercePolicyInfo(p: schemas["PolicyInfo"]): PolicyInfo {
+  return p as PolicyInfo;
+}
+
 export type UpdatePolicyRequest = schemas["UpdatePolicyRequest"] & {
   rules?: JsonValue[];
   acl?: JsonValue[];
@@ -303,6 +313,10 @@ export type ListPoliciesResponse = schemas["PaginatedListPoliciesResponse"];
 export type PolicyType = schemas["PolicyType"];
 export type PolicyAttachedToId = schemas["PolicyAttachedToId"];
 
+export type ListBucketsResponse = schemas["PaginatedListBucketsResponse"];
+export type UpdateBucketRequest = schemas["UpdateBucketRequest"];
+export type BucketAction = schemas["BucketAction"];
+
 export type UploadWasmPolicyRequest = schemas["UploadWasmPolicyRequest"];
 export type UploadWasmPolicyResponse = schemas["UploadWasmPolicyResponse"];
 export type InvokePolicyRequest = schemas["InvokePolicyRequest"];

package/src/scopes.ts

@@ -115,6 +115,13 @@ export const AllScopes: Record<ExplicitScope, string> =
   "manage:policy:secrets:update:values"         : "Allows access only to the policy secrets 'update' endpoint, but restricting updates to the secrets keys and values",
   "manage:policy:secrets:update:acl"            : "Allows access only to the policy secrets 'update' endpoint, but restricting updates to the secrets acl",
   "manage:policy:secrets:update:editPolicy"     : "Allows access only to the policy secrets 'update' endpoint, but restricting updates to the `edit_policy` property",
+  "manage:policy:buckets:*"                     : "Allows access to all policy buckets endpoints",
+  "manage:policy:buckets:get"                   : "Allows access only to the policy buckets 'get' endpoint",
+  "manage:policy:buckets:list"                  : "Allows access only to the policy buckets 'list' endpoint",
+  "manage:policy:buckets:update:*"              : "Allows access only to the policy buckets 'update' endpoint",
+  "manage:policy:buckets:update:owner"          : "Allows access only to the policy buckets 'update' endpoint, but restricting updates to the `owner` property",
+  "manage:policy:buckets:update:acl"            : "Allows access only to the policy buckets 'update' endpoint, but restricting updates to the `acl` property",
+  "manage:policy:buckets:update:metadata"       : "Allows access only to the policy buckets 'update' endpoint, but restricting updates to the `metadata` property",
   "manage:contact:*"                            : "Allows access to all contact endpoints",
   "manage:contact:readonly"                     : "Allows access to all contact readonly endpoints",
   "manage:contact:create"                       : "Allows access to the contact 'create' endpoint",