@flowcore/cli-plugin-iam 1.0.0 → 1.2.1

package/CHANGELOG.md

@@ -1,5 +1,38 @@
 # Changelog
 
+## [1.2.1](https://github.com/flowcore-io/cli-plugin-iam/compare/v1.2.0...v1.2.1) (2024-10-22)
+
+
+### Bug Fixes
+
+* **configuration:** :bug: changed from prompt to enquirer import ([172ae77](https://github.com/flowcore-io/cli-plugin-iam/commit/172ae77e0a96f61786f334da1de8d2f388c10463))
+
+## [1.2.0](https://github.com/flowcore-io/cli-plugin-iam/compare/v1.1.0...v1.2.0) (2024-10-22)
+
+
+### Features
+
+* :sparkles: added delete and updated get for policies and roles ([22fe717](https://github.com/flowcore-io/cli-plugin-iam/commit/22fe71767c39f4a234583ae637d5204c7732900c))
+
+
+### Bug Fixes
+
+* **configuration:** :bug: switched from jsr to npm for obj-diff ([141d75e](https://github.com/flowcore-io/cli-plugin-iam/commit/141d75e1b9efb1c5c851dfbfc466e03c58c8fcfa))
+
+## [1.1.0](https://github.com/flowcore-io/cli-plugin-iam/compare/v1.0.0...v1.1.0) (2024-10-21)
+
+
+### Features
+
+* :sparkles: added functionality to create and delete iam policies ([0916612](https://github.com/flowcore-io/cli-plugin-iam/commit/09166128f3d1180d019b301eab5ead0af3055dbd))
+* :sparkles: added policy and role bindings to the iam api ([a1815a0](https://github.com/flowcore-io/cli-plugin-iam/commit/a1815a093ad6743b26dd3cf7a4cfd0c32a8b4326))
+
+
+### Bug Fixes
+
+* :fire: removed console log on create policy ([6289f72](https://github.com/flowcore-io/cli-plugin-iam/commit/6289f72ec7eff9b00fc6a15e928e448ca6403294))
+* :rotating_light: fixed linting errors ([b388ac6](https://github.com/flowcore-io/cli-plugin-iam/commit/b388ac6532d7d5c5c6c7fc1d401218bfbaa75b33))
+
 ## 1.0.0 (2024-09-29)
 
 

package/README.md

@@ -18,7 +18,7 @@ $ npm install -g @flowcore/cli-plugin-iam
 $ iam COMMAND
 running command...
 $ iam (--version)
-@flowcore/cli-plugin-iam/1.0.0 linux-x64 node-v20.17.0
+@flowcore/cli-plugin-iam/1.2.1 linux-x64 node-v20.18.0
 $ iam --help [COMMAND]
 USAGE
   $ iam COMMAND
@@ -27,9 +27,57 @@ USAGE
 <!-- usagestop -->
 # Commands
 <!-- commands -->
+* [`iam delete policy NAME`](#iam-delete-policy-name)
+* [`iam delete role NAME`](#iam-delete-role-name)
 * [`iam get policy [NAME]`](#iam-get-policy-name)
 * [`iam get role [NAME]`](#iam-get-role-name)
 
+## `iam delete policy NAME`
+
+Delete a policy
+
+```
+USAGE
+  $ iam delete policy NAME -t <value> [--profile <value>] [-j] [-y]
+
+ARGUMENTS
+  NAME  name
+
+FLAGS
+  -j, --json             json output
+  -t, --tenant=<value>   (required) tenant
+  -y, --yes              yes to all
+      --profile=<value>  Specify the configuration profile to use
+
+DESCRIPTION
+  Delete a policy
+```
+
+_See code: [src/commands/delete/policy.ts](https://github.com/flowcore-io/cli-plugin-iam/blob/v1.2.1/src/commands/delete/policy.ts)_
+
+## `iam delete role NAME`
+
+Delete a role
+
+```
+USAGE
+  $ iam delete role NAME -t <value> [--profile <value>] [-j] [-y]
+
+ARGUMENTS
+  NAME  name
+
+FLAGS
+  -j, --json             json output
+  -t, --tenant=<value>   (required) tenant
+  -y, --yes              yes to all
+      --profile=<value>  Specify the configuration profile to use
+
+DESCRIPTION
+  Delete a role
+```
+
+_See code: [src/commands/delete/role.ts](https://github.com/flowcore-io/cli-plugin-iam/blob/v1.2.1/src/commands/delete/role.ts)_
+
 ## `iam get policy [NAME]`
 
 Get a policy
@@ -51,7 +99,7 @@ DESCRIPTION
   Get a policy
 ```
 
-_See code: [src/commands/get/policy.ts](https://github.com/flowcore-io/cli-plugin-iam/blob/v1.0.0/src/commands/get/policy.ts)_
+_See code: [src/commands/get/policy.ts](https://github.com/flowcore-io/cli-plugin-iam/blob/v1.2.1/src/commands/get/policy.ts)_
 
 ## `iam get role [NAME]`
 
@@ -74,5 +122,5 @@ DESCRIPTION
   Get a role
 ```
 
-_See code: [src/commands/get/role.ts](https://github.com/flowcore-io/cli-plugin-iam/blob/v1.0.0/src/commands/get/role.ts)_
+_See code: [src/commands/get/role.ts](https://github.com/flowcore-io/cli-plugin-iam/blob/v1.2.1/src/commands/get/role.ts)_
 <!-- commandsstop -->

package/dist/commands/delete/policy.d.ts

@@ -0,0 +1,17 @@
+import { BaseCommand } from "@flowcore/cli-plugin-config";
+export declare const DELETE_POLICY_ARGS: {
+    NAME: import("@oclif/core/interfaces").Arg<string, Record<string, unknown>>;
+};
+export default class DeletePolicy extends BaseCommand<typeof DeletePolicy> {
+    static args: {
+        NAME: import("@oclif/core/interfaces").Arg<string, Record<string, unknown>>;
+    };
+    static description: string;
+    static examples: never[];
+    static flags: {
+        json: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        tenant: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        yes: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+    };
+    run(): Promise<void>;
+}

package/dist/commands/delete/policy.js

@@ -0,0 +1,84 @@
+import { BaseCommand, ValidateLogin } from "@flowcore/cli-plugin-config";
+import { ClientFactory } from "@flowcore/cli-plugin-core";
+import { Args, Flags, ux } from "@oclif/core";
+import enquirer from "enquirer";
+import { tryit } from "radash";
+import { OrganizationService } from "../../services/organization.service.js";
+import { Api as IamApi } from "../../utils/clients/iam/Api.js";
+export const DELETE_POLICY_ARGS = {
+    NAME: Args.string({ description: "name", required: true }),
+};
+export default class DeletePolicy extends BaseCommand {
+    static args = DELETE_POLICY_ARGS;
+    static description = "Delete a policy";
+    static examples = [];
+    static flags = {
+        json: Flags.boolean({
+            char: "j",
+            description: "json output",
+            required: false,
+        }),
+        tenant: Flags.string({
+            char: "t",
+            description: "tenant",
+            required: true,
+        }),
+        yes: Flags.boolean({
+            char: "y",
+            description: "yes to all",
+            required: false,
+        }),
+    };
+    async run() {
+        const { args, flags } = await this.parse(DeletePolicy);
+        const graphqlClient = await ClientFactory.create(this.cliConfiguration, this.logger, flags.json);
+        const organizationService = new OrganizationService(graphqlClient);
+        const organizations = await organizationService.getMyOrganizations();
+        const iamClient = new IamApi();
+        const config = this.cliConfiguration.getConfig();
+        const login = new ValidateLogin(config.login.url);
+        await login.validate(config, this.cliConfiguration, !flags.json);
+        const { auth } = config;
+        if (!auth?.accessToken) {
+            this.logger.fatal("Not logged in, run 'flowcore login'");
+        }
+        const organization = organizations.me.organizations.find((org) => org.organization.org === flags.tenant);
+        if (!organization) {
+            this.logger.fatal(`Organization ${flags.tenant} not found, or you are not a member`);
+        }
+        const [policiesErr, policies] = await tryit(iamClient.getApiV1PolicyAssociationsOrganizationByOrganizationId)(organization.organization.id, {
+            headers: {
+                Authorization: `Bearer ${auth?.accessToken}`,
+            },
+        });
+        if (policiesErr) {
+            this.logger.fatal(`Failed to get policies: ${policiesErr.message}`);
+        }
+        const policy = policies.data.find((policy) => policy.name === args.NAME);
+        if (!policy) {
+            this.logger.fatal(`Policy ${args.NAME} not found in tenant: ${flags.tenant}`);
+        }
+        if (!flags.yes) {
+            const { confirm } = await enquirer.prompt([
+                {
+                    message: `Are you sure you want to delete policy ${ux.colorize("cyan", policy.name)} in tenant: ${ux.colorize("cyan", flags.tenant)}?`,
+                    name: "confirm",
+                    type: "confirm",
+                },
+            ]);
+            if (!confirm) {
+                this.logger.info("Aborted");
+                return;
+            }
+        }
+        const [err] = await tryit(iamClient.deleteApiV1PoliciesById)(policy.id, {
+            headers: {
+                Authorization: `Bearer ${auth?.accessToken}`,
+            },
+        });
+        if (err) {
+            this.logger.fatal(`Failed to delete policy: ${err.message}`);
+        }
+        this.logger.info(`Policy ${policy.name} deleted`);
+    }
+}

package/dist/commands/delete/role.d.ts

@@ -0,0 +1,17 @@
+import { BaseCommand } from "@flowcore/cli-plugin-config";
+export declare const DELETE_ROLE_ARGS: {
+    NAME: import("@oclif/core/interfaces").Arg<string, Record<string, unknown>>;
+};
+export default class DeleteRole extends BaseCommand<typeof DeleteRole> {
+    static args: {
+        NAME: import("@oclif/core/interfaces").Arg<string, Record<string, unknown>>;
+    };
+    static description: string;
+    static examples: never[];
+    static flags: {
+        json: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        tenant: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        yes: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+    };
+    run(): Promise<void>;
+}

package/dist/commands/delete/role.js

@@ -0,0 +1,84 @@
+import { BaseCommand, ValidateLogin } from "@flowcore/cli-plugin-config";
+import { ClientFactory } from "@flowcore/cli-plugin-core";
+import { Args, Flags, ux } from "@oclif/core";
+import enquirer from "enquirer";
+import { tryit } from "radash";
+import { OrganizationService } from "../../services/organization.service.js";
+import { Api as IamApi } from "../../utils/clients/iam/Api.js";
+export const DELETE_ROLE_ARGS = {
+    NAME: Args.string({ description: "name", required: true }),
+};
+export default class DeleteRole extends BaseCommand {
+    static args = DELETE_ROLE_ARGS;
+    static description = "Delete a role";
+    static examples = [];
+    static flags = {
+        json: Flags.boolean({
+            char: "j",
+            description: "json output",
+            required: false,
+        }),
+        tenant: Flags.string({
+            char: "t",
+            description: "tenant",
+            required: true,
+        }),
+        yes: Flags.boolean({
+            char: "y",
+            description: "yes to all",
+            required: false,
+        }),
+    };
+    async run() {
+        const { args, flags } = await this.parse(DeleteRole);
+        const graphqlClient = await ClientFactory.create(this.cliConfiguration, this.logger, flags.json);
+        const organizationService = new OrganizationService(graphqlClient);
+        const organizations = await organizationService.getMyOrganizations();
+        const iamClient = new IamApi();
+        const config = this.cliConfiguration.getConfig();
+        const login = new ValidateLogin(config.login.url);
+        await login.validate(config, this.cliConfiguration, !flags.json);
+        const { auth } = config;
+        if (!auth?.accessToken) {
+            this.logger.fatal("Not logged in, run 'flowcore login'");
+        }
+        const organization = organizations.me.organizations.find((org) => org.organization.org === flags.tenant);
+        if (!organization) {
+            this.logger.fatal(`Organization ${flags.tenant} not found, or you are not a member`);
+        }
+        const [rolesErr, roles] = await tryit(iamClient.getApiV1RoleAssociationsOrganizationByOrganizationId)(organization.organization.id, {
+            headers: {
+                Authorization: `Bearer ${auth?.accessToken}`,
+            },
+        });
+        if (rolesErr) {
+            this.logger.fatal(`Failed to get roles: ${rolesErr.message}`);
+        }
+        const role = roles.data.find((role) => role.name === args.NAME);
+        if (!role) {
+            this.logger.fatal(`Role ${args.NAME} not found in tenant: ${flags.tenant}`);
+        }
+        if (!flags.yes) {
+            const { confirm } = await enquirer.prompt([
+                {
+                    message: `Are you sure you want to delete role ${ux.colorize("cyan", role.name)} in tenant: ${ux.colorize("cyan", flags.tenant)}?`,
+                    name: "confirm",
+                    type: "confirm",
+                },
+            ]);
+            if (!confirm) {
+                this.logger.info("Aborted");
+                return;
+            }
+        }
+        const [err] = await tryit(iamClient.deleteApiV1RolesById)(role.id, {
+            headers: {
+                Authorization: `Bearer ${auth?.accessToken}`,
+            },
+        });
+        if (err) {
+            this.logger.fatal(`Failed to delete role: ${err.message}`);
+        }
+        this.logger.info(`Role ${role.name} deleted`);
+    }
+}

package/dist/commands/get/policy.js

@@ -37,9 +37,7 @@ export default class GetPolicy extends BaseCommand {
         const graphqlClient = await ClientFactory.create(this.cliConfiguration, this.logger, flags.json);
         const organizationService = new OrganizationService(graphqlClient);
         const organizations = await organizationService.getMyOrganizations();
-        const iamClient = new IamApi({
-            baseUrl: "https://iam.api.flowcore.io",
-        });
+        const iamClient = new IamApi();
         const config = this.cliConfiguration.getConfig();
         const login = new ValidateLogin(config.login.url);
         await login.validate(config, this.cliConfiguration, !flags.json);
@@ -83,6 +81,7 @@ export default class GetPolicy extends BaseCommand {
             return {
                 description: policy.description,
                 documents: policy.policyDocuments,
+                flowcoreManaged: policy.flowcoreManaged,
                 id: policy.id,
                 name: policy.name,
                 organization: organizationLink,
@@ -127,6 +126,47 @@ export default class GetPolicy extends BaseCommand {
                     documentTable = documentTable.row(row);
                 }
                 documentTable.render();
+                this.logger.info("");
+                const [associationsErr, associations] = await tryit(iamClient.getApiV1PolicyAssociationsByPolicyId)(policy.id, {
+                    headers: {
+                        Authorization: `Bearer ${auth?.accessToken}`,
+                    },
+                });
+                if (associationsErr) {
+                    this.logger.fatal(`Failed to get associations: ${associationsErr.message}`);
+                }
+                const userAssociationHeaders = ["User ID"];
+                const keyAssociationHeaders = ["Key ID"];
+                const roleAssociationHeaders = ["Role ID"];
+                const userAssociationTable = this.ui
+                    .table()
+                    .head(userAssociationHeaders);
+                const keyAssociationTable = this.ui.table().head(keyAssociationHeaders);
+                const roleAssociationTable = this.ui.table().head(roleAssociationHeaders);
+                for (const association of associations.data.keys) {
+                    keyAssociationTable.row([association.keyId]);
+                }
+                for (const association of associations.data.users) {
+                    userAssociationTable.row([association.userId]);
+                }
+                for (const association of associations.data.roles) {
+                    roleAssociationTable.row([association.roleId]);
+                }
+                this.logger.info("");
+                this.logger.info("Key Associations:");
+                associations.data.keys.length > 0 && !flags.json
+                    ? keyAssociationTable.render()
+                    : this.logger.info("No key associations");
+                this.logger.info("");
+                this.logger.info("User Associations:");
+                associations.data.users.length > 0 && !flags.json
+                    ? userAssociationTable.render()
+                    : this.logger.info("No user associations");
+                this.logger.info("");
+                this.logger.info("Role Associations:");
+                associations.data.roles.length > 0 && !flags.json
+                    ? roleAssociationTable.render()
+                    : this.logger.info("No role associations");
             }
         }
         else if (flags.json) {

package/dist/commands/get/role.js

@@ -1,7 +1,6 @@
 import { BaseCommand, ValidateLogin } from "@flowcore/cli-plugin-config";
 import { ClientFactory } from "@flowcore/cli-plugin-core";
 import { Args, Flags } from "@oclif/core";
-import _ from "lodash";
 import { tryit } from "radash";
 import { OrganizationService } from "../../services/organization.service.js";
 import { Api as IamApi } from "../../utils/clients/iam/Api.js";
@@ -47,55 +46,39 @@ export default class GetRole extends BaseCommand {
         if (!auth?.accessToken) {
             this.logger.fatal("Not logged in, run 'flowcore login'");
         }
-        const [err, rolesResponse] = await tryit(iamClient.getApiV1Roles)({
-            headers: {
-                Authorization: `Bearer ${auth?.accessToken}`,
-            },
-        });
-        if (err) {
-            this.logger.fatal(`Failed to get roles: ${err.message}`);
-        }
-        const roles = rolesResponse.data
-            .map((role) => {
-            const organizationLink = organizations.me.organizations.find((organization) => organization.organization.id === role.organizationId);
-            if (!organizationLink) {
-                return;
-            }
-            return {
-                description: role.description,
-                id: role.id,
-                name: role.name,
-                organization: organizationLink,
-                organizationId: role.organizationId,
-            };
-        })
-            .filter((role) => role !== undefined)
-            .filter((role) => {
-            if (flags.tenant) {
-                return role.organization.organization.org === flags.tenant;
-            }
-            return true;
-        });
-        if (args.NAME) {
-            const role = roles.find((role) => role.name === args.NAME);
-            if (!role) {
-                this.logger.fatal(`Role ${args.NAME} not found`);
+        if (flags.tenant) {
+            const organization = organizations.me.organizations.find((organization) => flags.tenant ? organization.organization.org === flags.tenant : true);
+            if (!organization) {
+                this.logger.fatal(`Organization ${flags.tenant} not found, or not accessible`);
             }
-            if (flags.json) {
-                console.log(JSON.stringify(_.omit(role, "organization"), null, 2));
+            this.logger.info(`Roles for ${flags.tenant}:`);
+            const [err, roles] = await tryit(iamClient.getApiV1RoleAssociationsOrganizationByOrganizationId)(organization.organization.id, {
+                headers: {
+                    Authorization: `Bearer ${auth?.accessToken}`,
+                },
+            });
+            if (err) {
+                this.logger.fatal(`Failed to get roles: ${err.message}`);
             }
-            else {
-                this.ui
-                    .sticker()
-                    .add(`Role ${this.ui.colors.green(role.name)}`)
-                    .add("")
-                    .add(`ID: ${this.ui.colors.green(role.id)}`)
-                    .add(`Description: ${this.ui.colors.green(role.description ?? "")}`)
-                    .add(`Organization: ${this.ui.colors.green(role.organization.organization.displayName === "" ? role.organization.organization.org : role.organization.organization.displayName)}`)
-                    .render();
+            if (args.NAME && flags.tenant) {
+                const role = roles.data.find((role) => role.name === args.NAME);
+                if (!role) {
+                    this.logger.fatal(`Role ${args.NAME} not found`);
+                }
+                !flags.json &&
+                    this.ui
+                        .sticker()
+                        .add(`Role ${this.ui.colors.green(role.name)}`)
+                        .add("")
+                        .add(`ID: ${this.ui.colors.green(role.id)}`)
+                        .add(`Description: ${this.ui.colors.green(role.description ?? "")}`)
+                        .add(`Organization: ${this.ui.colors.green(organization.organization.displayName === ""
+                        ? organization.organization.org
+                        : organization.organization.displayName)}`)
+                        .render();
                 this.logger.info("");
                 this.logger.info("Policies:");
-                const [err, policies] = await tryit(iamClient.getApiV1PolicyAssociationsOrganizationByOrganizationId)(role.organization.organization.id, {
+                const [err, policies] = await tryit(iamClient.getApiV1PolicyAssociationsRoleByRoleId)(role.id, {
                     headers: {
                         Authorization: `Bearer ${auth?.accessToken}`,
                     },
@@ -123,35 +106,97 @@ export default class GetRole extends BaseCommand {
                     ];
                     policyTable = policyTable.row(row);
                 }
-                policyTable.render();
+                !flags.json && policyTable.render();
                 this.logger.info("");
+                const [associationsErr, associations] = await tryit(iamClient.getApiV1RoleAssociationsByRoleId)(role.id, {
+                    headers: {
+                        Authorization: `Bearer ${auth?.accessToken}`,
+                    },
+                });
+                if (associationsErr) {
+                    this.logger.fatal(`Failed to get associations: ${associationsErr.message}`);
+                }
+                const userAssociationHeaders = ["User ID"];
+                const keyAssociationHeaders = ["Key ID"];
+                const userAssociationTable = this.ui
+                    .table()
+                    .head(userAssociationHeaders);
+                const keyAssociationTable = this.ui.table().head(keyAssociationHeaders);
+                for (const association of associations.data.keys) {
+                    keyAssociationTable.row([association.keyId]);
+                }
+                for (const association of associations.data.users) {
+                    userAssociationTable.row([association.userId]);
+                }
+                this.logger.info("");
+                this.logger.info("Key Associations:");
+                associations.data.keys.length > 0 && !flags.json
+                    ? keyAssociationTable.render()
+                    : this.logger.info("No key associations");
+                this.logger.info("");
+                this.logger.info("User Associations:");
+                associations.data.users.length > 0 && !flags.json
+                    ? userAssociationTable.render()
+                    : this.logger.info("No user associations");
+                if (flags.json) {
+                    console.log(JSON.stringify({
+                        associations: associations.data,
+                        policies: policies.data,
+                        role: roles.data,
+                    }, null, 2));
+                }
             }
+            else if (!args.NAME && flags.tenant) {
+                const roleHeaders = ["Role ID", "Name", "Description"];
+                let roleTable = this.ui.table().head(roleHeaders);
+                for (const role of roles.data) {
+                    const row = [role.id, role.name, role.description ?? ""];
+                    roleTable = roleTable.row(row);
+                }
+                !flags.json && roleTable.render();
+                this.logger.info("");
+                if (flags.json) {
+                    console.log(JSON.stringify({ role: roles.data }, null, 2));
+                }
+            }
+            return;
         }
-        else if (flags.json) {
-            console.log(JSON.stringify(roles.map((role) => _.omit(role, "organization")), null, 2));
+        const [err, userRoles] = await tryit(iamClient.getApiV1Roles)({
+            headers: {
+                Authorization: `Bearer ${auth?.accessToken}`,
+            },
+        });
+        if (err) {
+            this.logger.fatal(`Failed to get roles: ${err.message}`);
         }
-        else {
-            const headers = [
-                "Role ID",
-                "Name",
-                "Description",
-                "Organization Name",
-                ...(flags.wide ? ["Organization ID"] : []),
-            ];
-            let listTable = this.ui.table().head(headers);
-            for (const role of roles) {
-                const row = [
-                    role.id,
-                    role.name,
-                    role.description ?? "",
-                    role.organization.organization.displayName === ""
-                        ? role.organization.organization.org
-                        : role.organization.organization.displayName,
-                    ...(flags.wide ? [role.organization.organization.id] : []),
-                ];
-                listTable = listTable.row(row);
+        console.log(userRoles.data);
+        const headers = [
+            "Role ID",
+            "Name",
+            "Description",
+            "Organization Name",
+            ...(flags.wide ? ["Organization ID"] : []),
+        ];
+        const listTable = this.ui.table().head(headers);
+        for (const role of userRoles.data) {
+            const organization = organizations.me.organizations.find((organization) => organization.organization.id === role.organizationId);
+            if (!organization) {
+                continue;
             }
-            listTable.render();
+            const row = [
+                role.id,
+                role.name,
+                role.description ?? "",
+                organization.organization.displayName === ""
+                    ? organization.organization.org
+                    : organization.organization.displayName,
+                ...(flags.wide ? [organization.organization.id] : []),
+            ];
+            listTable.row(row);
+        }
+        !flags.json && listTable.render();
+        if (flags.json) {
+            console.log(JSON.stringify({ role: userRoles.data }, null, 2));
         }
     }
 }

package/dist/hooks/register-apply.d.ts

@@ -0,0 +1,10 @@
+import type { CliConfiguration, Logger } from "@flowcore/cli-plugin-config";
+import type { Config } from "@oclif/core";
+import { type ApiRegistryService } from "@flowcore/cli-plugin-core";
+declare const hook: (options: {
+    apiRegistry: ApiRegistryService;
+    cliConfiguration: CliConfiguration;
+    config: Config;
+    logger: Logger;
+}) => Promise<void>;
+export default hook;

package/dist/hooks/register-apply.js

@@ -0,0 +1,9 @@
+import { ClientFactory, } from "@flowcore/cli-plugin-core";
+import { IAMApply } from "../resource-types/iam-api-version.js";
+import { OrganizationService } from "../services/organization.service.js";
+const hook = async (options) => {
+    const graphqlClient = await ClientFactory.create(options.cliConfiguration, options.logger, false);
+    const organizationService = new OrganizationService(graphqlClient);
+    options.apiRegistry.register(new IAMApply(organizationService, options.cliConfiguration, options.logger));
+};
+export default hook;

package/dist/resource-types/iam-api-version.d.ts

@@ -0,0 +1,24 @@
+import type { ApiRegistryEntry, BaseResource } from "@flowcore/cli-plugin-core";
+import { type CliConfiguration, type Logger } from "@flowcore/cli-plugin-config";
+import type { OrganizationService } from "../services/organization.service.js";
+export declare class IAMApply implements ApiRegistryEntry {
+    private readonly organizationService;
+    private readonly cliConfiguration;
+    private readonly logger;
+    name: string;
+    private iamClient;
+    private organizations;
+    private policyBindingService;
+    private policyService;
+    private roleBindingService;
+    private roleService;
+    constructor(organizationService: OrganizationService, cliConfiguration: CliConfiguration, logger: Logger);
+    apply(resource: BaseResource, skipConfirmation: boolean): Promise<boolean>;
+    calculateApplyOrder(resources: BaseResource[]): BaseResource[];
+    delete(resource: BaseResource): Promise<boolean>;
+    fetchOrganizationId(tenant: string): Promise<{
+        id: string;
+        tenant: string;
+    } | undefined>;
+    getToken(): Promise<string>;
+}