@flowcore/cli-plugin-iam 1.6.1 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. package/README.md +396 -7
  2. package/bin/dev.js +2 -2
  3. package/bin/run.js +2 -2
  4. package/dist/commands/assign/policy.d.ts +16 -0
  5. package/dist/commands/assign/policy.js +124 -0
  6. package/dist/commands/assign/role.d.ts +15 -0
  7. package/dist/commands/assign/role.js +98 -0
  8. package/dist/commands/create/policy.d.ts +16 -0
  9. package/dist/commands/create/policy.js +110 -0
  10. package/dist/commands/create/role.d.ts +14 -0
  11. package/dist/commands/create/role.js +78 -0
  12. package/dist/commands/edit/policy.js +3 -3
  13. package/dist/commands/edit/role.js +3 -3
  14. package/dist/commands/get/key-policies.d.ts +13 -0
  15. package/dist/commands/get/key-policies.js +79 -0
  16. package/dist/commands/get/key-roles.d.ts +13 -0
  17. package/dist/commands/get/key-roles.js +75 -0
  18. package/dist/commands/get/user-policies.d.ts +14 -0
  19. package/dist/commands/get/user-policies.js +94 -0
  20. package/dist/commands/get/user-roles.d.ts +14 -0
  21. package/dist/commands/get/user-roles.js +90 -0
  22. package/dist/commands/unassign/policy.d.ts +17 -0
  23. package/dist/commands/unassign/policy.js +143 -0
  24. package/dist/commands/unassign/role.d.ts +16 -0
  25. package/dist/commands/unassign/role.js +117 -0
  26. package/dist/commands/validate/key.d.ts +15 -0
  27. package/dist/commands/validate/key.js +106 -0
  28. package/dist/commands/validate/user.d.ts +15 -0
  29. package/dist/commands/validate/user.js +106 -0
  30. package/dist/index.d.ts +1 -1
  31. package/dist/index.js +1 -1
  32. package/dist/resource-types/iam-api-version.js +2 -2
  33. package/dist/resource-types/policy.resource.d.ts +8 -7
  34. package/dist/resource-types/policy.resource.js +7 -4
  35. package/dist/resource-types/role-binding.resource.d.ts +4 -4
  36. package/dist/resource-types/role.resource.d.ts +3 -3
  37. package/dist/resource-types/role.resource.js +2 -2
  38. package/dist/utils/combine-merge.util.d.ts +1 -1
  39. package/dist/utils/combine-merge.util.js +1 -1
  40. package/dist/utils/error-message.util.d.ts +1 -0
  41. package/dist/utils/error-message.util.js +4 -0
  42. package/dist/utils/fetch-manifest.util.js +2 -2
  43. package/dist/utils/read-pipe.util.js +5 -5
  44. package/oclif.manifest.json +964 -69
  45. package/package.json +18 -11
  46. package/.npmrc +0 -1
  47. package/CHANGELOG.md +0 -124
package/dist/resource-types/policy.resource.d.ts CHANGED
@@ -6,6 +6,7 @@ export declare enum PolicyDocumentAction {
6
6
  FETCH = "fetch",
7
7
  INGEST = "ingest",
8
8
  READ = "read",
9
+ SENSITIVE_DATA_FETCH = "sensitive-data-fetch",
9
10
  WRITE = "write"
10
11
  }
11
12
  export declare const policyDto: z.ZodObject<z.objectUtil.extendShape<{
@@ -26,15 +27,15 @@ export declare const policyDto: z.ZodObject<z.objectUtil.extendShape<{
26
27
  description: z.ZodOptional<z.ZodString>;
27
28
  flowcoreManaged: z.ZodOptional<z.ZodBoolean>;
28
29
  policyDocuments: z.ZodArray<z.ZodObject<{
29
- action: z.ZodUnion<[z.ZodArray<z.ZodNativeEnum<typeof PolicyDocumentAction>, "many">, z.ZodNativeEnum<typeof PolicyDocumentAction>]>;
30
+ action: z.ZodUnion<[z.ZodArray<z.ZodUnion<[z.ZodNativeEnum<typeof PolicyDocumentAction>, z.ZodString]>, "many">, z.ZodUnion<[z.ZodNativeEnum<typeof PolicyDocumentAction>, z.ZodString]>]>;
30
31
  resource: z.ZodString;
31
32
  statementId: z.ZodOptional<z.ZodString>;
32
33
  }, "strip", z.ZodTypeAny, {
33
- action: PolicyDocumentAction | PolicyDocumentAction[];
34
+ action: string | string[];
34
35
  resource: string;
35
36
  statementId?: string | undefined;
36
37
  }, {
37
- action: PolicyDocumentAction | PolicyDocumentAction[];
38
+ action: string | string[];
38
39
  resource: string;
39
40
  statementId?: string | undefined;
40
41
  }>, "many">;
@@ -43,7 +44,7 @@ export declare const policyDto: z.ZodObject<z.objectUtil.extendShape<{
43
44
  }, "strip", z.ZodTypeAny, {
44
45
  version: string;
45
46
  policyDocuments: {
46
- action: PolicyDocumentAction | PolicyDocumentAction[];
47
+ action: string | string[];
47
48
  resource: string;
48
49
  statementId?: string | undefined;
49
50
  }[];
@@ -53,7 +54,7 @@ export declare const policyDto: z.ZodObject<z.objectUtil.extendShape<{
53
54
  }, {
54
55
  version: string;
55
56
  policyDocuments: {
56
- action: PolicyDocumentAction | PolicyDocumentAction[];
57
+ action: string | string[];
57
58
  resource: string;
58
59
  statementId?: string | undefined;
59
60
  }[];
@@ -71,7 +72,7 @@ export declare const policyDto: z.ZodObject<z.objectUtil.extendShape<{
71
72
  spec: {
72
73
  version: string;
73
74
  policyDocuments: {
74
- action: PolicyDocumentAction | PolicyDocumentAction[];
75
+ action: string | string[];
75
76
  resource: string;
76
77
  statementId?: string | undefined;
77
78
  }[];
@@ -89,7 +90,7 @@ export declare const policyDto: z.ZodObject<z.objectUtil.extendShape<{
89
90
  spec: {
90
91
  version: string;
91
92
  policyDocuments: {
92
- action: PolicyDocumentAction | PolicyDocumentAction[];
93
+ action: string | string[];
93
94
  resource: string;
94
95
  statementId?: string | undefined;
95
96
  }[];
package/dist/resource-types/policy.resource.js CHANGED
@@ -1,3 +1,4 @@
1
+ import { inspect } from "node:util";
1
2
  import { baseResourceDto } from "@flowcore/cli-plugin-core";
2
3
  import { diff } from "@opentf/obj-diff";
3
4
  import enquirer from "enquirer";
@@ -10,6 +11,7 @@ export var PolicyDocumentAction;
10
11
  PolicyDocumentAction["FETCH"] = "fetch";
11
12
  PolicyDocumentAction["INGEST"] = "ingest";
12
13
  PolicyDocumentAction["READ"] = "read";
14
+ PolicyDocumentAction["SENSITIVE_DATA_FETCH"] = "sensitive-data-fetch";
13
15
  PolicyDocumentAction["WRITE"] = "write";
14
16
  })(PolicyDocumentAction || (PolicyDocumentAction = {}));
15
17
  export const policyDto = baseResourceDto.extend({
@@ -18,8 +20,8 @@ export const policyDto = baseResourceDto.extend({
18
20
  flowcoreManaged: z.boolean().optional(),
19
21
  policyDocuments: z.array(z.object({
20
22
  action: z
21
- .array(z.nativeEnum(PolicyDocumentAction))
22
- .or(z.nativeEnum(PolicyDocumentAction)),
23
+ .array(z.union([z.nativeEnum(PolicyDocumentAction), z.string()]))
24
+ .or(z.union([z.nativeEnum(PolicyDocumentAction), z.string()])),
23
25
  resource: z.string(),
24
26
  statementId: z.string().optional(),
25
27
  })),
@@ -83,7 +85,7 @@ export class PolicyService {
83
85
  flowcoreManaged: parsedPolicy.spec.flowcoreManaged ?? false,
84
86
  };
85
87
  if (diff({
86
- ...omit(existingPolicy, ["id"]),
88
+ ...omit(existingPolicy, ["id", "frn"]),
87
89
  policyDocuments: existingPolicy.policyDocuments.map((doc) => useStatementIds ? doc : omit(doc, ["statementId"])),
88
90
  }, newPolicy).length === 0) {
89
91
  return false;
@@ -91,7 +93,7 @@ export class PolicyService {
91
93
  if (!skipConfirmation) {
92
94
  this.logger.info("Policy has changed, do you want to apply these changes?");
93
95
  this.logger.info(diffString({
94
- ...omit(existingPolicy, ["id"]),
96
+ ...omit(existingPolicy, ["id", "frn"]),
95
97
  policyDocuments: existingPolicy.policyDocuments.map((doc) => useStatementIds ? doc : omit(doc, ["statementId"])),
96
98
  }, newPolicy, { color: true, full: true }));
97
99
  const { confirm } = await enquirer.prompt({
@@ -119,6 +121,7 @@ export class PolicyService {
119
121
  this.logger.fatal(`Failed to create policy with error(${err.error.status} - ${err.error.code}): ${err.error.message}`);
120
122
  }
121
123
  else {
124
+ console.log(`Error: ${error}`, inspect(error, { depth: null }));
122
125
  this.logger.fatal(`Failed to create policy with unknown error: ${error}`);
123
126
  }
124
127
  }
package/dist/resource-types/role-binding.resource.d.ts CHANGED
@@ -28,17 +28,17 @@ export declare const roleBindingDto: z.ZodObject<z.objectUtil.extendShape<{
28
28
  type: "key" | "user";
29
29
  }>, "many">;
30
30
  }, "strip", z.ZodTypeAny, {
31
+ role: string;
31
32
  subjects: {
32
33
  id: string;
33
34
  type: "key" | "user";
34
35
  }[];
35
- role: string;
36
36
  }, {
37
+ role: string;
37
38
  subjects: {
38
39
  id: string;
39
40
  type: "key" | "user";
40
41
  }[];
41
- role: string;
42
42
  }>;
43
43
  }>, "strip", z.ZodTypeAny, {
44
44
  kind: string;
@@ -48,11 +48,11 @@ export declare const roleBindingDto: z.ZodObject<z.objectUtil.extendShape<{
48
48
  tenant: string;
49
49
  };
50
50
  spec: {
51
+ role: string;
51
52
  subjects: {
52
53
  id: string;
53
54
  type: "key" | "user";
54
55
  }[];
55
- role: string;
56
56
  };
57
57
  }, {
58
58
  kind: string;
@@ -62,11 +62,11 @@ export declare const roleBindingDto: z.ZodObject<z.objectUtil.extendShape<{
62
62
  tenant: string;
63
63
  };
64
64
  spec: {
65
+ role: string;
65
66
  subjects: {
66
67
  id: string;
67
68
  type: "key" | "user";
68
69
  }[];
69
- role: string;
70
70
  };
71
71
  }>;
72
72
  export type RoleBinding = z.infer<typeof roleBindingDto>;
package/dist/resource-types/role.resource.d.ts CHANGED
@@ -18,14 +18,14 @@ export declare const roleDto: z.ZodObject<z.objectUtil.extendShape<{
18
18
  spec: z.ZodObject<{
19
19
  description: z.ZodOptional<z.ZodString>;
20
20
  flowcoreManaged: z.ZodOptional<z.ZodBoolean>;
21
- policies: z.ZodArray<z.ZodString, "many">;
21
+ policies: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
22
22
  }, "strip", z.ZodTypeAny, {
23
23
  policies: string[];
24
24
  description?: string | undefined;
25
25
  flowcoreManaged?: boolean | undefined;
26
26
  }, {
27
- policies: string[];
28
27
  description?: string | undefined;
28
+ policies?: string[] | undefined;
29
29
  flowcoreManaged?: boolean | undefined;
30
30
  }>;
31
31
  }>, "strip", z.ZodTypeAny, {
@@ -48,8 +48,8 @@ export declare const roleDto: z.ZodObject<z.objectUtil.extendShape<{
48
48
  tenant: string;
49
49
  };
50
50
  spec: {
51
- policies: string[];
52
51
  description?: string | undefined;
52
+ policies?: string[] | undefined;
53
53
  flowcoreManaged?: boolean | undefined;
54
54
  };
55
55
  }>;
package/dist/resource-types/role.resource.js CHANGED
@@ -1,14 +1,14 @@
1
+ import { inspect } from "node:util";
1
2
  import { baseResourceDto } from "@flowcore/cli-plugin-core";
2
3
  import { diff } from "@opentf/obj-diff";
3
4
  import enquirer from "enquirer";
4
5
  import { diffString } from "json-diff";
5
- import { inspect } from "node:util";
6
6
  import { z } from "zod";
7
7
  export const roleDto = baseResourceDto.extend({
8
8
  spec: z.object({
9
9
  description: z.string().optional(),
10
10
  flowcoreManaged: z.boolean().optional(),
11
- policies: z.array(z.string()),
11
+ policies: z.array(z.string()).default([]),
12
12
  }),
13
13
  });
14
14
  export class RoleService {
package/dist/utils/combine-merge.util.d.ts CHANGED
@@ -1,2 +1,2 @@
1
- import merge from 'deepmerge';
1
+ import merge from "deepmerge";
2
2
  export declare const combineMerge: (target: unknown[], source: unknown[], options: merge.ArrayMergeOptions) => unknown[];
package/dist/utils/combine-merge.util.js CHANGED
@@ -1,4 +1,4 @@
1
- import merge from 'deepmerge';
1
+ import merge from "deepmerge";
2
2
  export const combineMerge = (target, source, options) => {
3
3
  const destination = [...target];
4
4
  for (const [index, item] of source.entries()) {
package/dist/utils/error-message.util.d.ts ADDED
@@ -0,0 +1 @@
1
+ export declare function getErrorMessage(err: Error): string;
package/dist/utils/error-message.util.js ADDED
@@ -0,0 +1,4 @@
1
+ export function getErrorMessage(err) {
2
+ const httpErr = err;
3
+ return err.message ?? httpErr.error?.message ?? String(err);
4
+ }
package/dist/utils/fetch-manifest.util.js CHANGED
@@ -1,7 +1,7 @@
1
+ import fs from "node:fs";
1
2
  import { ux } from "@oclif/core";
2
3
  import merge from "deepmerge";
3
4
  import { load } from "js-yaml";
4
- import fs from "node:fs";
5
5
  import { combineMerge } from "./combine-merge.util.js";
6
6
  import { readPipe } from "./read-pipe.util.js";
7
7
  export const FetchManifestUtil = {
@@ -9,7 +9,7 @@ export const FetchManifestUtil = {
9
9
  const contents = [];
10
10
  for (const file of files) {
11
11
  if (file === "-") {
12
- contents.push(await readPipe() || "");
12
+ contents.push((await readPipe()) || "");
13
13
  }
14
14
  else if (fs.existsSync(file)) {
15
15
  contents.push(fs.readFileSync(file, "utf8"));
package/dist/utils/read-pipe.util.js CHANGED
@@ -1,14 +1,14 @@
1
- export const readPipe = () => new Promise(resolve => {
1
+ export const readPipe = () => new Promise((resolve) => {
2
2
  const stdin = process.openStdin();
3
3
  stdin.setEncoding("utf8");
4
- let data = '';
5
- stdin.on('data', chunk => {
4
+ let data = "";
5
+ stdin.on("data", (chunk) => {
6
6
  data += chunk;
7
7
  });
8
- stdin.on('end', () => {
8
+ stdin.on("end", () => {
9
9
  resolve(data);
10
10
  });
11
11
  if (stdin.isTTY) {
12
- resolve('');
12
+ resolve("");
13
13
  }
14
14
  });