@j-schreiber/sf-cli-security-audit 0.9.1 → 0.10.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -6
- package/lib/commands/org/audit/init.js +7 -6
- package/lib/commands/org/audit/init.js.map +1 -1
- package/lib/libs/conf-init/auditConfig.js +9 -6
- package/lib/libs/conf-init/auditConfig.js.map +1 -1
- package/lib/libs/conf-init/permissionsClassification.d.ts +23 -3
- package/lib/libs/conf-init/permissionsClassification.js +48 -2
- package/lib/libs/conf-init/permissionsClassification.js.map +1 -1
- package/lib/libs/conf-init/policyConfigs.d.ts +9 -25
- package/lib/libs/conf-init/policyConfigs.js +17 -75
- package/lib/libs/conf-init/policyConfigs.js.map +1 -1
- package/lib/libs/conf-init/presets/loose.d.ts +2 -2
- package/lib/libs/conf-init/presets/loose.js +2 -0
- package/lib/libs/conf-init/presets/loose.js.map +1 -1
- package/lib/libs/conf-init/presets/none.d.ts +6 -6
- package/lib/libs/conf-init/presets/none.js.map +1 -1
- package/lib/libs/conf-init/presets/strict.js +2 -0
- package/lib/libs/conf-init/presets/strict.js.map +1 -1
- package/lib/libs/core/classification-types.d.ts +2 -2
- package/lib/libs/core/classification-types.js.map +1 -1
- package/lib/libs/core/file-mgmt/schema.d.ts +58 -26
- package/lib/libs/core/file-mgmt/schema.js +20 -8
- package/lib/libs/core/file-mgmt/schema.js.map +1 -1
- package/lib/libs/core/policies/permissionSetPolicy.d.ts +5 -4
- package/lib/libs/core/policies/permissionSetPolicy.js +10 -8
- package/lib/libs/core/policies/permissionSetPolicy.js.map +1 -1
- package/lib/libs/core/policies/profilePolicy.d.ts +5 -4
- package/lib/libs/core/policies/profilePolicy.js +12 -11
- package/lib/libs/core/policies/profilePolicy.js.map +1 -1
- package/lib/libs/core/policies/userPolicy.d.ts +1 -0
- package/lib/libs/core/policies/userPolicy.js +7 -5
- package/lib/libs/core/policies/userPolicy.js.map +1 -1
- package/lib/libs/core/policy-types.d.ts +3 -3
- package/lib/libs/core/policy-types.js +12 -12
- package/lib/libs/core/policyRegistry.js +14 -5
- package/lib/libs/core/policyRegistry.js.map +1 -1
- package/lib/libs/core/registries/helpers/permissionsScanning.d.ts +2 -4
- package/lib/libs/core/registries/helpers/permissionsScanning.js +3 -3
- package/lib/libs/core/registries/helpers/permissionsScanning.js.map +1 -1
- package/lib/libs/core/registries/permissionSets.d.ts +1 -1
- package/lib/libs/core/registries/profiles.d.ts +1 -1
- package/lib/libs/core/registries/ruleRegistry.js +1 -1
- package/lib/libs/core/registries/ruleRegistry.js.map +1 -1
- package/lib/libs/core/registries/rules/enforcePermissionPresets.js +6 -6
- package/lib/libs/core/registries/rules/enforcePermissionPresets.js.map +1 -1
- package/lib/libs/core/registries/rules/enforcePermissionsOnUser.js +2 -2
- package/lib/libs/core/registries/rules/enforcePermissionsOnUser.js.map +1 -1
- package/lib/libs/core/registries/rules/noOtherApexApiLogins.js +1 -1
- package/lib/libs/core/registries/rules/noOtherApexApiLogins.js.map +1 -1
- package/lib/libs/core/registries/types.d.ts +5 -5
- package/lib/libs/core/registries/types.js +5 -5
- package/lib/libs/core/registries/users.d.ts +2 -2
- package/messages/org.audit.init.md +2 -2
- package/messages/org.audit.run.md +4 -0
- package/oclif.manifest.json +1 -1
- package/package.json +3 -3
|
@@ -1,17 +1,12 @@
|
|
|
1
1
|
import z from 'zod';
|
|
2
2
|
import { PermissionRiskLevel } from '../classification-types.js';
|
|
3
|
-
import {
|
|
3
|
+
import { UserPrivilegeLevel } from '../policy-types.js';
|
|
4
4
|
export declare function throwAsSfError(fileName: string, parseError: z.ZodError, rulePath?: PropertyKey[]): never;
|
|
5
5
|
declare const PermissionsClassificationSchema: z.ZodObject<{
|
|
6
6
|
label: z.ZodOptional<z.ZodString>;
|
|
7
7
|
reason: z.ZodOptional<z.ZodString>;
|
|
8
8
|
classification: z.ZodEnum<typeof PermissionRiskLevel>;
|
|
9
9
|
}, z.z.core.$strip>;
|
|
10
|
-
declare const PermsClassificationsMapSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
11
|
-
label: z.ZodOptional<z.ZodString>;
|
|
12
|
-
reason: z.ZodOptional<z.ZodString>;
|
|
13
|
-
classification: z.ZodEnum<typeof PermissionRiskLevel>;
|
|
14
|
-
}, z.z.core.$strip>>;
|
|
15
10
|
declare const NamedPermissionsClassificationSchema: z.ZodObject<{
|
|
16
11
|
label: z.ZodOptional<z.ZodString>;
|
|
17
12
|
reason: z.ZodOptional<z.ZodString>;
|
|
@@ -27,13 +22,19 @@ declare const RuleMapSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
|
27
22
|
options: z.ZodOptional<z.ZodUnknown>;
|
|
28
23
|
}, z.z.core.$strip>>;
|
|
29
24
|
declare const PermSetConfig: z.ZodObject<{
|
|
30
|
-
|
|
25
|
+
role: z.ZodEnum<typeof UserPrivilegeLevel>;
|
|
31
26
|
}, z.z.core.$strip>;
|
|
32
27
|
declare const PermSetMap: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
33
|
-
|
|
28
|
+
role: z.ZodEnum<typeof UserPrivilegeLevel>;
|
|
29
|
+
}, z.z.core.$strip>>;
|
|
30
|
+
declare const ProfilesMap: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
31
|
+
role: z.ZodEnum<typeof UserPrivilegeLevel>;
|
|
34
32
|
}, z.z.core.$strip>>;
|
|
33
|
+
declare const UserConfig: z.ZodObject<{
|
|
34
|
+
role: z.ZodEnum<typeof UserPrivilegeLevel>;
|
|
35
|
+
}, z.z.core.$strip>;
|
|
35
36
|
export declare const UsersPolicyConfig: z.ZodObject<{
|
|
36
|
-
defaultRoleForMissingUsers: z.ZodDefault<z.ZodEnum<typeof
|
|
37
|
+
defaultRoleForMissingUsers: z.ZodDefault<z.ZodEnum<typeof UserPrivilegeLevel>>;
|
|
37
38
|
analyseLastNDaysOfLoginHistory: z.ZodOptional<z.ZodNumber>;
|
|
38
39
|
}, z.z.core.$strict>;
|
|
39
40
|
export declare const NoInactiveUsersOptionsSchema: z.ZodObject<{
|
|
@@ -53,7 +54,7 @@ export declare const ProfilesPolicyFileSchema: z.ZodObject<{
|
|
|
53
54
|
options: z.ZodOptional<z.ZodUnknown>;
|
|
54
55
|
}, z.z.core.$strip>>>;
|
|
55
56
|
profiles: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
56
|
-
|
|
57
|
+
role: z.ZodEnum<typeof UserPrivilegeLevel>;
|
|
57
58
|
}, z.z.core.$strip>>;
|
|
58
59
|
}, z.z.core.$strip>;
|
|
59
60
|
export declare const PermSetsPolicyFileSchema: z.ZodObject<{
|
|
@@ -63,10 +64,10 @@ export declare const PermSetsPolicyFileSchema: z.ZodObject<{
|
|
|
63
64
|
options: z.ZodOptional<z.ZodUnknown>;
|
|
64
65
|
}, z.z.core.$strip>>>;
|
|
65
66
|
permissionSets: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
66
|
-
|
|
67
|
+
role: z.ZodEnum<typeof UserPrivilegeLevel>;
|
|
67
68
|
}, z.z.core.$strip>>;
|
|
68
69
|
}, z.z.core.$strip>;
|
|
69
|
-
export declare const
|
|
70
|
+
export declare const PermissionsClassificationFileSchema: z.ZodObject<{
|
|
70
71
|
permissions: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
71
72
|
label: z.ZodOptional<z.ZodString>;
|
|
72
73
|
reason: z.ZodOptional<z.ZodString>;
|
|
@@ -79,38 +80,69 @@ export declare const UsersPolicyFileSchema: z.ZodObject<{
|
|
|
79
80
|
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
80
81
|
options: z.ZodOptional<z.ZodUnknown>;
|
|
81
82
|
}, z.z.core.$strip>>>;
|
|
82
|
-
users: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
83
|
-
role: z.ZodEnum<typeof ProfilesRiskPreset>;
|
|
84
|
-
}, z.z.core.$strip>>;
|
|
85
83
|
options: z.ZodObject<{
|
|
86
|
-
defaultRoleForMissingUsers: z.ZodDefault<z.ZodEnum<typeof
|
|
84
|
+
defaultRoleForMissingUsers: z.ZodDefault<z.ZodEnum<typeof UserPrivilegeLevel>>;
|
|
87
85
|
analyseLastNDaysOfLoginHistory: z.ZodOptional<z.ZodNumber>;
|
|
88
86
|
}, z.z.core.$strict>;
|
|
89
87
|
}, z.z.core.$strip>;
|
|
90
|
-
export
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
88
|
+
export declare const ProfilesClassificationContentSchema: z.ZodObject<{
|
|
89
|
+
profiles: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
90
|
+
role: z.ZodEnum<typeof UserPrivilegeLevel>;
|
|
91
|
+
}, z.z.core.$strip>>;
|
|
92
|
+
}, z.z.core.$strip>;
|
|
93
|
+
export declare const PermissionSetsClassificationContentSchema: z.ZodObject<{
|
|
94
|
+
permissionSets: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
95
|
+
role: z.ZodEnum<typeof UserPrivilegeLevel>;
|
|
96
|
+
}, z.z.core.$strip>>;
|
|
97
|
+
}, z.z.core.$strip>;
|
|
98
|
+
export declare const UsersClassificationContentSchema: z.ZodObject<{
|
|
99
|
+
users: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
100
|
+
role: z.ZodEnum<typeof UserPrivilegeLevel>;
|
|
101
|
+
}, z.z.core.$strip>>;
|
|
102
|
+
}, z.z.core.$strip>;
|
|
103
|
+
export type PermissionClassification = z.infer<typeof PermissionsClassificationSchema>;
|
|
104
|
+
export type NamedPermissionClassification = z.infer<typeof NamedPermissionsClassificationSchema>;
|
|
94
105
|
export type NoInactiveUsersOptions = z.infer<typeof NoInactiveUsersOptionsSchema>;
|
|
95
106
|
export type PolicyRuleConfig = z.infer<typeof PolicyRuleConfigSchema>;
|
|
96
107
|
export type BasePolicyFileContent = z.infer<typeof PolicyFileSchema>;
|
|
97
108
|
export type ProfilesPolicyFileContent = z.infer<typeof ProfilesPolicyFileSchema>;
|
|
98
109
|
export type PermSetsPolicyFileContent = z.infer<typeof PermSetsPolicyFileSchema>;
|
|
99
110
|
export type UsersPolicyFileContent = z.infer<typeof UsersPolicyFileSchema>;
|
|
111
|
+
export type PermissionsClassificationContent = z.infer<typeof PermissionsClassificationFileSchema>;
|
|
112
|
+
export type ProfilesClassificationContent = z.infer<typeof ProfilesClassificationContentSchema>;
|
|
113
|
+
export type PermissionSetsClassificationContent = z.infer<typeof PermissionSetsClassificationContentSchema>;
|
|
114
|
+
export type UsersClassificationContent = z.infer<typeof UsersClassificationContentSchema>;
|
|
100
115
|
export type PermissionSetConfig = z.infer<typeof PermSetConfig>;
|
|
101
|
-
export type PermissionSetLikeMap = z.infer<typeof PermSetMap>;
|
|
102
116
|
export type RuleMap = z.infer<typeof RuleMapSchema>;
|
|
117
|
+
export type ProfilesMap = z.infer<typeof ProfilesMap>;
|
|
118
|
+
export type PermissionSetsMap = z.infer<typeof PermSetMap>;
|
|
119
|
+
export type UserConfig = z.infer<typeof UserConfig>;
|
|
103
120
|
export type ConfigFile<T> = {
|
|
104
121
|
filePath?: string;
|
|
105
122
|
content: T;
|
|
106
123
|
};
|
|
124
|
+
type ClassificationsFile = {
|
|
125
|
+
[key: string]: Record<string, unknown>;
|
|
126
|
+
};
|
|
107
127
|
export type AuditRunConfigClassifications = {
|
|
108
|
-
userPermissions?: ConfigFile<
|
|
109
|
-
customPermissions?: ConfigFile<
|
|
128
|
+
userPermissions?: ConfigFile<PermissionsClassificationContent>;
|
|
129
|
+
customPermissions?: ConfigFile<PermissionsClassificationContent>;
|
|
130
|
+
profiles?: ConfigFile<ProfilesClassificationContent>;
|
|
131
|
+
permissionSets?: ConfigFile<PermissionSetsClassificationContent>;
|
|
132
|
+
users?: ConfigFile<UsersClassificationContent>;
|
|
133
|
+
};
|
|
134
|
+
type ExtractRecordFromConfigFile<C> = C extends ConfigFile<infer T> ? T[keyof T] : never;
|
|
135
|
+
/**
|
|
136
|
+
* Utility type to extract the actual mapped entities from audit run classifications
|
|
137
|
+
*/
|
|
138
|
+
export type ExtractedClassifications = {
|
|
139
|
+
[K in keyof AuditRunConfigClassifications]: ExtractRecordFromConfigFile<AuditRunConfigClassifications[K]>;
|
|
110
140
|
};
|
|
141
|
+
export declare function extractEntities<C extends ConfigFile<ClassificationsFile>>(config: C): ExtractRecordFromConfigFile<C>;
|
|
142
|
+
export type Classifications = keyof AuditRunConfigClassifications;
|
|
111
143
|
export type AuditRunConfigPolicies = {
|
|
112
|
-
profiles?: ConfigFile<
|
|
113
|
-
permissionSets?: ConfigFile<
|
|
144
|
+
profiles?: ConfigFile<BasePolicyFileContent>;
|
|
145
|
+
permissionSets?: ConfigFile<BasePolicyFileContent>;
|
|
114
146
|
connectedApps?: ConfigFile<BasePolicyFileContent>;
|
|
115
147
|
settings?: ConfigFile<BasePolicyFileContent>;
|
|
116
148
|
users?: ConfigFile<UsersPolicyFileContent>;
|
|
@@ -119,6 +151,6 @@ export type AuditRunConfig = {
|
|
|
119
151
|
classifications: AuditRunConfigClassifications;
|
|
120
152
|
policies: AuditRunConfigPolicies;
|
|
121
153
|
};
|
|
122
|
-
export declare function
|
|
154
|
+
export declare function isPermissionsClassification(cls: unknown): cls is ConfigFile<PermissionsClassificationContent>;
|
|
123
155
|
export declare function isPolicyConfig(cls: unknown): cls is ConfigFile<BasePolicyFileContent>;
|
|
124
156
|
export {};
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import z from 'zod';
|
|
2
2
|
import { Messages } from '@salesforce/core';
|
|
3
3
|
import { PermissionRiskLevel } from '../classification-types.js';
|
|
4
|
-
import {
|
|
4
|
+
import { UserPrivilegeLevel } from '../policy-types.js';
|
|
5
5
|
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
6
6
|
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'org.audit.run');
|
|
7
7
|
export function throwAsSfError(fileName, parseError, rulePath) {
|
|
@@ -19,7 +19,6 @@ const PermissionsClassificationSchema = z.object({
|
|
|
19
19
|
/** Risk assessment of the permissions */
|
|
20
20
|
classification: z.enum(PermissionRiskLevel),
|
|
21
21
|
});
|
|
22
|
-
const PermsClassificationsMapSchema = z.record(z.string(), PermissionsClassificationSchema);
|
|
23
22
|
const NamedPermissionsClassificationSchema = PermissionsClassificationSchema.extend({
|
|
24
23
|
/** Developer name of the permission, used in metadata */
|
|
25
24
|
name: z.string(),
|
|
@@ -30,13 +29,14 @@ const PolicyRuleConfigSchema = z.object({
|
|
|
30
29
|
});
|
|
31
30
|
const RuleMapSchema = z.record(z.string(), PolicyRuleConfigSchema);
|
|
32
31
|
const PermSetConfig = z.object({
|
|
33
|
-
|
|
32
|
+
role: z.enum(UserPrivilegeLevel),
|
|
34
33
|
});
|
|
35
34
|
const PermSetMap = z.record(z.string(), PermSetConfig);
|
|
36
|
-
const
|
|
35
|
+
const ProfilesMap = z.record(z.string(), PermSetConfig);
|
|
36
|
+
const UserConfig = z.object({ role: z.enum(UserPrivilegeLevel) });
|
|
37
37
|
const UsersMap = z.record(z.string(), UserConfig);
|
|
38
38
|
export const UsersPolicyConfig = z.strictObject({
|
|
39
|
-
defaultRoleForMissingUsers: z.enum(
|
|
39
|
+
defaultRoleForMissingUsers: z.enum(UserPrivilegeLevel).default(UserPrivilegeLevel.STANDARD_USER),
|
|
40
40
|
analyseLastNDaysOfLoginHistory: z.number().optional(),
|
|
41
41
|
});
|
|
42
42
|
export const NoInactiveUsersOptionsSchema = z.strictObject({
|
|
@@ -53,14 +53,26 @@ export const ProfilesPolicyFileSchema = PolicyFileSchema.extend({
|
|
|
53
53
|
export const PermSetsPolicyFileSchema = PolicyFileSchema.extend({
|
|
54
54
|
permissionSets: PermSetMap,
|
|
55
55
|
});
|
|
56
|
-
export const
|
|
56
|
+
export const PermissionsClassificationFileSchema = z.object({
|
|
57
57
|
permissions: z.record(z.string(), PermissionsClassificationSchema),
|
|
58
58
|
});
|
|
59
59
|
export const UsersPolicyFileSchema = PolicyFileSchema.extend({
|
|
60
|
-
users: UsersMap,
|
|
61
60
|
options: UsersPolicyConfig,
|
|
62
61
|
});
|
|
63
|
-
export
|
|
62
|
+
export const ProfilesClassificationContentSchema = z.object({
|
|
63
|
+
profiles: ProfilesMap,
|
|
64
|
+
});
|
|
65
|
+
export const PermissionSetsClassificationContentSchema = z.object({
|
|
66
|
+
permissionSets: PermSetMap,
|
|
67
|
+
});
|
|
68
|
+
export const UsersClassificationContentSchema = z.object({
|
|
69
|
+
users: UsersMap,
|
|
70
|
+
});
|
|
71
|
+
export function extractEntities(config) {
|
|
72
|
+
const value = Object.values(config.content)[0];
|
|
73
|
+
return value;
|
|
74
|
+
}
|
|
75
|
+
export function isPermissionsClassification(cls) {
|
|
64
76
|
return cls.content?.permissions !== undefined;
|
|
65
77
|
}
|
|
66
78
|
export function isPolicyConfig(cls) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../src/libs/core/file-mgmt/schema.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F,MAAM,UAAU,cAAc,CAAC,QAAgB,EAAE,UAAsB,EAAE,QAAwB;IAC/F,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE;QAChD,MAAM,cAAc,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAClF,OAAO,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,OAAO,QAAQ,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;IAC/G,CAAC,CAAC,CAAC;IACH,MAAM,QAAQ,CAAC,WAAW,CAAC,+BAA+B,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC7F,CAAC;AAED,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,eAAe;IACf,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,4DAA4D;IAC5D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,yCAAyC;IACzC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC;CAC5C,CAAC,CAAC;AAEH,MAAM,
|
|
1
|
+
{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../src/libs/core/file-mgmt/schema.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F,MAAM,UAAU,cAAc,CAAC,QAAgB,EAAE,UAAsB,EAAE,QAAwB;IAC/F,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE;QAChD,MAAM,cAAc,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAClF,OAAO,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,OAAO,QAAQ,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;IAC/G,CAAC,CAAC,CAAC;IACH,MAAM,QAAQ,CAAC,WAAW,CAAC,+BAA+B,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC7F,CAAC;AAED,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,eAAe;IACf,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,4DAA4D;IAC5D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,yCAAyC;IACzC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC;CAC5C,CAAC,CAAC;AAEH,MAAM,oCAAoC,GAAG,+BAA+B,CAAC,MAAM,CAAC;IAClF,yDAAyD;IACzD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC;AAEnE,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;AAEvD,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;AAExD,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC;AAElE,MAAM,QAAQ,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,CAAC;AAElD,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,YAAY,CAAC;IAC9C,0BAA0B,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,aAAa,CAAC;IAChG,8BAA8B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACtD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,YAAY,CAAC;IACzD,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;CAChD,CAAC,CAAC;AAEH,wBAAwB;AAExB,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,KAAK,EAAE,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC9D,QAAQ,EAAE,UAAU;CACrB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC9D,cAAc,EAAE,UAAU;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mCAAmC,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1D,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,+BAA+B,CAAC;CACnE,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,qBAAqB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC3D,OAAO,EAAE,iBAAiB;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mCAAmC,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1D,QAAQ,EAAE,WAAW;CACtB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,yCAAyC,GAAG,CAAC,CAAC,MAAM,CAAC;IAChE,cAAc,EAAE,UAAU;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gCAAgC,GAAG,CAAC,CAAC,MAAM,CAAC;IACvD,KAAK,EAAE,QAAQ;CAChB,CAAC,CAAC;AAyDH,MAAM,UAAU,eAAe,CAA4C,MAAS;IAClF,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,OAAO,KAAuC,CAAC;AACjD,CAAC;AAiBD,MAAM,UAAU,2BAA2B,CAAC,GAAY;IACtD,OAAQ,GAAoD,CAAC,OAAO,EAAE,WAAW,KAAK,SAAS,CAAC;AAClG,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,GAAY;IACzC,OAAQ,GAAyC,CAAC,OAAO,EAAE,KAAK,KAAK,SAAS,CAAC;AACjF,CAAC"}
|
|
@@ -1,11 +1,12 @@
|
|
|
1
|
-
import { AuditRunConfig,
|
|
1
|
+
import { AuditRunConfig, BasePolicyFileContent } from '../file-mgmt/schema.js';
|
|
2
2
|
import { AuditContext } from '../registries/types.js';
|
|
3
3
|
import { ResolvedPermissionSet } from '../registries/permissionSets.js';
|
|
4
4
|
import Policy, { ResolveEntityResult } from './policy.js';
|
|
5
5
|
export default class PermissionSetPolicy extends Policy<ResolvedPermissionSet> {
|
|
6
|
-
config:
|
|
6
|
+
config: BasePolicyFileContent;
|
|
7
7
|
auditContext: AuditRunConfig;
|
|
8
|
-
private totalEntities;
|
|
9
|
-
|
|
8
|
+
private readonly totalEntities;
|
|
9
|
+
private readonly classifications;
|
|
10
|
+
constructor(config: BasePolicyFileContent, auditContext: AuditRunConfig, registry?: import("../registries/permissionSets.js").default);
|
|
10
11
|
protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<ResolvedPermissionSet>>;
|
|
11
12
|
}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { Messages } from '@salesforce/core';
|
|
2
2
|
import MDAPI from '../mdapi/mdapiRetriever.js';
|
|
3
|
-
import {
|
|
3
|
+
import { UserPrivilegeLevel } from '../policy-types.js';
|
|
4
4
|
import { PermissionSetsRegistry } from '../registries/permissionSets.js';
|
|
5
5
|
import Policy, { getTotal } from './policy.js';
|
|
6
6
|
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
@@ -9,11 +9,13 @@ export default class PermissionSetPolicy extends Policy {
|
|
|
9
9
|
config;
|
|
10
10
|
auditContext;
|
|
11
11
|
totalEntities;
|
|
12
|
+
classifications;
|
|
12
13
|
constructor(config, auditContext, registry = PermissionSetsRegistry) {
|
|
13
14
|
super(config, auditContext, registry);
|
|
14
15
|
this.config = config;
|
|
15
16
|
this.auditContext = auditContext;
|
|
16
|
-
this.
|
|
17
|
+
this.classifications = this.auditConfig.classifications.permissionSets?.content ?? { permissionSets: {} };
|
|
18
|
+
this.totalEntities = Object.keys(this.classifications.permissionSets).length;
|
|
17
19
|
}
|
|
18
20
|
async resolveEntities(context) {
|
|
19
21
|
this.emit('entityresolve', {
|
|
@@ -23,18 +25,18 @@ export default class PermissionSetPolicy extends Policy {
|
|
|
23
25
|
const successfullyResolved = {};
|
|
24
26
|
const unresolved = {};
|
|
25
27
|
const retriever = new MDAPI(context.targetOrgConnection);
|
|
26
|
-
const resolvedPermsets = await retriever.resolve('PermissionSet', filterCategorizedPermsets(this.
|
|
27
|
-
Object.entries(this.
|
|
28
|
+
const resolvedPermsets = await retriever.resolve('PermissionSet', filterCategorizedPermsets(this.classifications));
|
|
29
|
+
Object.entries(this.classifications.permissionSets).forEach(([key, val]) => {
|
|
28
30
|
const resolved = resolvedPermsets[key];
|
|
29
31
|
if (resolved) {
|
|
30
32
|
successfullyResolved[key] = {
|
|
31
33
|
metadata: resolved,
|
|
32
|
-
|
|
34
|
+
role: val.role,
|
|
33
35
|
name: key,
|
|
34
36
|
};
|
|
35
37
|
}
|
|
36
38
|
else if (successfullyResolved[key] === undefined) {
|
|
37
|
-
if (val.
|
|
39
|
+
if (val.role === UserPrivilegeLevel.UNKNOWN) {
|
|
38
40
|
unresolved[key] = { name: key, message: messages.getMessage('preset-unknown', ['Permission Set']) };
|
|
39
41
|
}
|
|
40
42
|
else {
|
|
@@ -52,8 +54,8 @@ export default class PermissionSetPolicy extends Policy {
|
|
|
52
54
|
}
|
|
53
55
|
function filterCategorizedPermsets(permSets) {
|
|
54
56
|
const filteredNames = [];
|
|
55
|
-
Object.entries(permSets).forEach(([key, val]) => {
|
|
56
|
-
if (val.
|
|
57
|
+
Object.entries(permSets.permissionSets).forEach(([key, val]) => {
|
|
58
|
+
if (val.role !== UserPrivilegeLevel.UNKNOWN) {
|
|
57
59
|
filteredNames.push(key);
|
|
58
60
|
}
|
|
59
61
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissionSetPolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/permissionSetPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,MAAM,4BAA4B,CAAC;AAG/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,OAAO,EAAE,sBAAsB,EAAyB,MAAM,iCAAiC,CAAC;AAChG,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,mBAAoB,SAAQ,MAA6B;
|
|
1
|
+
{"version":3,"file":"permissionSetPolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/permissionSetPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,MAAM,4BAA4B,CAAC;AAG/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,OAAO,EAAE,sBAAsB,EAAyB,MAAM,iCAAiC,CAAC;AAChG,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,mBAAoB,SAAQ,MAA6B;IAKnE;IACA;IALQ,aAAa,CAAS;IACtB,eAAe,CAAsC;IAEtE,YACS,MAA6B,EAC7B,YAA4B,EACnC,QAAQ,GAAG,sBAAsB;QAEjC,KAAK,CAAC,MAAM,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;QAJ/B,WAAM,GAAN,MAAM,CAAuB;QAC7B,iBAAY,GAAZ,YAAY,CAAgB;QAInC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,cAAc,EAAE,OAAO,IAAI,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC;QAC1G,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC;IAC/E,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,oBAAoB,GAA0C,EAAE,CAAC;QACvE,MAAM,UAAU,GAAuC,EAAE,CAAC;QAC1D,MAAM,SAAS,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACzD,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,eAAe,EAAE,yBAAyB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC;QACnH,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE;YACzE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;YACvC,IAAI,QAAQ,EAAE,CAAC;gBACb,oBAAoB,CAAC,GAAG,CAAC,GAAG;oBAC1B,QAAQ,EAAE,QAAQ;oBAClB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,IAAI,EAAE,GAAG;iBACV,CAAC;YACJ,CAAC;iBAAM,IAAI,oBAAoB,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;gBACnD,IAAI,GAAG,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;oBAC5C,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,gBAAgB,CAAC,CAAC,EAAE,CAAC;gBACtG,CAAC;qBAAM,CAAC;oBACN,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACpF,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;QACtG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,SAAS,yBAAyB,CAAC,QAA6C;IAC9E,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE;QAC7D,IAAI,GAAG,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;YAC5C,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,aAAa,CAAC;AACvB,CAAC"}
|
|
@@ -1,11 +1,12 @@
|
|
|
1
|
-
import { AuditRunConfig,
|
|
1
|
+
import { AuditRunConfig, BasePolicyFileContent } from '../file-mgmt/schema.js';
|
|
2
2
|
import { AuditContext } from '../registries/types.js';
|
|
3
3
|
import { ResolvedProfile } from '../registries/profiles.js';
|
|
4
4
|
import Policy, { ResolveEntityResult } from './policy.js';
|
|
5
5
|
export default class ProfilePolicy extends Policy<ResolvedProfile> {
|
|
6
|
-
config:
|
|
6
|
+
config: BasePolicyFileContent;
|
|
7
7
|
auditConfig: AuditRunConfig;
|
|
8
|
-
private totalEntities;
|
|
9
|
-
|
|
8
|
+
private readonly totalEntities;
|
|
9
|
+
private readonly classifications;
|
|
10
|
+
constructor(config: BasePolicyFileContent, auditConfig: AuditRunConfig, registry?: import("../registries/profiles.js").default);
|
|
10
11
|
protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<ResolvedProfile>>;
|
|
11
12
|
}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { Messages } from '@salesforce/core';
|
|
2
2
|
import MDAPI from '../mdapi/mdapiRetriever.js';
|
|
3
|
-
import {
|
|
3
|
+
import { UserPrivilegeLevel } from '../policy-types.js';
|
|
4
4
|
import { ProfilesRegistry } from '../registries/profiles.js';
|
|
5
5
|
import Policy, { getTotal } from './policy.js';
|
|
6
6
|
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
@@ -9,11 +9,13 @@ export default class ProfilePolicy extends Policy {
|
|
|
9
9
|
config;
|
|
10
10
|
auditConfig;
|
|
11
11
|
totalEntities;
|
|
12
|
+
classifications;
|
|
12
13
|
constructor(config, auditConfig, registry = ProfilesRegistry) {
|
|
13
14
|
super(config, auditConfig, registry);
|
|
14
15
|
this.config = config;
|
|
15
16
|
this.auditConfig = auditConfig;
|
|
16
|
-
this.
|
|
17
|
+
this.classifications = this.auditConfig.classifications.profiles?.content ?? { profiles: {} };
|
|
18
|
+
this.totalEntities = Object.keys(this.classifications.profiles).length;
|
|
17
19
|
}
|
|
18
20
|
async resolveEntities(context) {
|
|
19
21
|
this.emit('entityresolve', {
|
|
@@ -22,10 +24,9 @@ export default class ProfilePolicy extends Policy {
|
|
|
22
24
|
});
|
|
23
25
|
const successfullyResolved = {};
|
|
24
26
|
const ignoredEntities = {};
|
|
25
|
-
const definitiveProfiles = this.config.profiles ?? {};
|
|
26
27
|
const classifiedProfiles = [];
|
|
27
|
-
Object.entries(
|
|
28
|
-
if (profileDef.
|
|
28
|
+
Object.entries(this.classifications.profiles).forEach(([profileName, profileDef]) => {
|
|
29
|
+
if (profileDef.role === UserPrivilegeLevel.UNKNOWN) {
|
|
29
30
|
ignoredEntities[profileName] = {
|
|
30
31
|
name: profileName,
|
|
31
32
|
message: messages.getMessage('preset-unknown', ['Profile']),
|
|
@@ -39,17 +40,17 @@ export default class ProfilePolicy extends Policy {
|
|
|
39
40
|
const resolvedProfiles = await mdapi.resolve('Profile', classifiedProfiles);
|
|
40
41
|
classifiedProfiles.forEach((profileName) => {
|
|
41
42
|
const resolvedProfile = resolvedProfiles[profileName];
|
|
42
|
-
if (
|
|
43
|
-
|
|
43
|
+
if (resolvedProfile) {
|
|
44
|
+
successfullyResolved[profileName] = {
|
|
44
45
|
name: profileName,
|
|
45
|
-
|
|
46
|
+
role: this.classifications.profiles[profileName].role,
|
|
47
|
+
metadata: resolvedProfile,
|
|
46
48
|
};
|
|
47
49
|
}
|
|
48
50
|
else {
|
|
49
|
-
|
|
51
|
+
ignoredEntities[profileName] = {
|
|
50
52
|
name: profileName,
|
|
51
|
-
|
|
52
|
-
metadata: resolvedProfile,
|
|
53
|
+
message: messages.getMessage('entity-not-found'),
|
|
53
54
|
};
|
|
54
55
|
}
|
|
55
56
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"profilePolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/profilePolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,KAAK,MAAM,4BAA4B,CAAC;AAE/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAmB,MAAM,2BAA2B,CAAC;AAC9E,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,aAAc,SAAQ,MAAuB;
|
|
1
|
+
{"version":3,"file":"profilePolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/profilePolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,KAAK,MAAM,4BAA4B,CAAC;AAE/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAmB,MAAM,2BAA2B,CAAC;AAC9E,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,aAAc,SAAQ,MAAuB;IAKvD;IACA;IALQ,aAAa,CAAS;IACtB,eAAe,CAAgC;IAEhE,YACS,MAA6B,EAC7B,WAA2B,EAClC,QAAQ,GAAG,gBAAgB;QAE3B,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAJ9B,WAAM,GAAN,MAAM,CAAuB;QAC7B,gBAAW,GAAX,WAAW,CAAgB;QAIlC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QAC9F,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;IACzE,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,oBAAoB,GAAoC,EAAE,CAAC;QACjE,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,MAAM,kBAAkB,GAAa,EAAE,CAAC;QACxC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,EAAE,UAAU,CAAC,EAAE,EAAE;YAClF,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBACnD,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,SAAS,CAAC,CAAC;iBAC5D,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACvC,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACrD,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;QAC5E,kBAAkB,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;YACzC,MAAM,eAAe,GAAG,gBAAgB,CAAC,WAAW,CAAC,CAAC;YACtD,IAAI,eAAe,EAAE,CAAC;gBACpB,oBAAoB,CAAC,WAAW,CAAC,GAAG;oBAClC,IAAI,EAAE,WAAW;oBACjB,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,IAAI;oBACrD,QAAQ,EAAE,eAAe;iBAC1B,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC;iBACjD,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3G,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}
|
|
@@ -6,6 +6,7 @@ export default class UserPolicy extends Policy<ResolvedUser> {
|
|
|
6
6
|
config: UsersPolicyFileContent;
|
|
7
7
|
auditConfig: AuditRunConfig;
|
|
8
8
|
private totalEntities;
|
|
9
|
+
private readonly classifications;
|
|
9
10
|
constructor(config: UsersPolicyFileContent, auditConfig: AuditRunConfig, registry?: import("../registries/users.js").default);
|
|
10
11
|
protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<ResolvedUser>>;
|
|
11
12
|
}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { Messages } from '@salesforce/core';
|
|
2
2
|
import { UsersRegistry } from '../registries/users.js';
|
|
3
|
-
import {
|
|
3
|
+
import { UserPrivilegeLevel } from '../policy-types.js';
|
|
4
4
|
import UsersRepository from '../mdapi/usersRepository.js';
|
|
5
5
|
import Policy, { getTotal } from './policy.js';
|
|
6
6
|
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
@@ -9,11 +9,13 @@ export default class UserPolicy extends Policy {
|
|
|
9
9
|
config;
|
|
10
10
|
auditConfig;
|
|
11
11
|
totalEntities;
|
|
12
|
+
classifications;
|
|
12
13
|
constructor(config, auditConfig, registry = UsersRegistry) {
|
|
13
14
|
super(config, auditConfig, registry);
|
|
14
15
|
this.config = config;
|
|
15
16
|
this.auditConfig = auditConfig;
|
|
16
|
-
this.
|
|
17
|
+
this.classifications = this.auditConfig.classifications.users?.content ?? { users: {} };
|
|
18
|
+
this.totalEntities = Object.keys(this.classifications.users).length;
|
|
17
19
|
}
|
|
18
20
|
async resolveEntities(context) {
|
|
19
21
|
this.emit('entityresolve', {
|
|
@@ -23,8 +25,8 @@ export default class UserPolicy extends Policy {
|
|
|
23
25
|
const usersRepo = new UsersRepository(context.targetOrgConnection);
|
|
24
26
|
const resolvedEntities = {};
|
|
25
27
|
const ignoredEntities = {};
|
|
26
|
-
for (const [userName, userDef] of Object.entries(this.
|
|
27
|
-
if (userDef.role ===
|
|
28
|
+
for (const [userName, userDef] of Object.entries(this.classifications.users)) {
|
|
29
|
+
if (userDef.role === UserPrivilegeLevel.UNKNOWN) {
|
|
28
30
|
ignoredEntities[userName] = {
|
|
29
31
|
name: userName,
|
|
30
32
|
message: messages.getMessage('user-with-role-unknown'),
|
|
@@ -45,7 +47,7 @@ export default class UserPolicy extends Policy {
|
|
|
45
47
|
if (ignoredEntities[user.username] === undefined) {
|
|
46
48
|
resolvedEntities[user.username] = {
|
|
47
49
|
...user,
|
|
48
|
-
role: this.
|
|
50
|
+
role: this.classifications.users[user.username]?.role ?? this.config.options.defaultRoleForMissingUsers,
|
|
49
51
|
};
|
|
50
52
|
}
|
|
51
53
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"userPolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/userPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAI5C,OAAO,EAAgB,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,eAAe,MAAM,6BAA6B,CAAC;AAC1D,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,UAAW,SAAQ,MAAoB;
|
|
1
|
+
{"version":3,"file":"userPolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/userPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAI5C,OAAO,EAAgB,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,eAAe,MAAM,6BAA6B,CAAC;AAC1D,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,UAAW,SAAQ,MAAoB;IAKjD;IACA;IALD,aAAa,CAAS;IACb,eAAe,CAA6B;IAE7D,YACS,MAA8B,EAC9B,WAA2B,EAClC,QAAQ,GAAG,aAAa;QAExB,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAJ9B,WAAM,GAAN,MAAM,CAAwB;QAC9B,gBAAW,GAAX,WAAW,CAAgB;QAIlC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,KAAK,EAAE,OAAO,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QACxF,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;IACtE,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACnE,MAAM,gBAAgB,GAAiC,EAAE,CAAC;QAC1D,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;YAC7E,IAAI,OAAO,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBAChD,eAAe,CAAC,QAAQ,CAAC,GAAG;oBAC1B,IAAI,EAAE,QAAQ;oBACd,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,wBAAwB,CAAC;iBACvD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,2DAA2D;QAC3D,MAAM,aAAa,GAAG,MAAM,SAAS,CAAC,eAAe,CAAC;YACpD,gBAAgB,EAAE,IAAI;YACtB,yBAAyB,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,8BAA8B;SAC9E,CAAC,CAAC;QACH,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC,IAAI,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,KAAK,MAAM,IAAI,IAAI,aAAa,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1C,IAAI,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,SAAS,EAAE,CAAC;gBACjD,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG;oBAChC,GAAG,IAAI;oBACP,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,0BAA0B;iBACxG,CAAC;YACJ,CAAC;QACH,CAAC;QACD,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;QACrF,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
/**
|
|
2
|
-
*
|
|
3
|
-
*
|
|
2
|
+
* Privilege levels are assigned to users, profiles and permission sets.
|
|
3
|
+
* Each level determins the allowed permissions, based on their risk levels.
|
|
4
4
|
*/
|
|
5
|
-
export declare enum
|
|
5
|
+
export declare enum UserPrivilegeLevel {
|
|
6
6
|
/** Allows up to "Critical" permissions */
|
|
7
7
|
DEVELOPER = "Developer",
|
|
8
8
|
/** Allows up to "High" permissions */
|
|
@@ -1,28 +1,28 @@
|
|
|
1
1
|
import { PermissionRiskLevel, resolveRiskLevelOrdinalValue } from './classification-types.js';
|
|
2
2
|
/**
|
|
3
|
-
*
|
|
4
|
-
*
|
|
3
|
+
* Privilege levels are assigned to users, profiles and permission sets.
|
|
4
|
+
* Each level determins the allowed permissions, based on their risk levels.
|
|
5
5
|
*/
|
|
6
|
-
export var
|
|
7
|
-
(function (
|
|
6
|
+
export var UserPrivilegeLevel;
|
|
7
|
+
(function (UserPrivilegeLevel) {
|
|
8
8
|
/** Allows up to "Critical" permissions */
|
|
9
|
-
|
|
9
|
+
UserPrivilegeLevel["DEVELOPER"] = "Developer";
|
|
10
10
|
/** Allows up to "High" permissions */
|
|
11
|
-
|
|
11
|
+
UserPrivilegeLevel["ADMIN"] = "Admin";
|
|
12
12
|
/** Allows up to "Medium" permissions */
|
|
13
|
-
|
|
13
|
+
UserPrivilegeLevel["POWER_USER"] = "Power User";
|
|
14
14
|
/** Allows only "Low" permissions */
|
|
15
|
-
|
|
15
|
+
UserPrivilegeLevel["STANDARD_USER"] = "Standard User";
|
|
16
16
|
/** Disables the profile for audit */
|
|
17
|
-
|
|
18
|
-
})(
|
|
17
|
+
UserPrivilegeLevel["UNKNOWN"] = "Unknown";
|
|
18
|
+
})(UserPrivilegeLevel || (UserPrivilegeLevel = {}));
|
|
19
19
|
export function resolvePresetOrdinalValue(value) {
|
|
20
|
-
return Object.keys(
|
|
20
|
+
return Object.keys(UserPrivilegeLevel).indexOf(value.toUpperCase().replace(' ', '_'));
|
|
21
21
|
}
|
|
22
22
|
export function permissionAllowedInPreset(permClassification, preset) {
|
|
23
23
|
// this works, as long as we are mindful when adding new risk levels and presets
|
|
24
24
|
const invertedPermValue = Object.keys(PermissionRiskLevel).length - resolveRiskLevelOrdinalValue(permClassification);
|
|
25
|
-
const invertedPresetValue = Object.keys(
|
|
25
|
+
const invertedPresetValue = Object.keys(UserPrivilegeLevel).length - resolvePresetOrdinalValue(preset);
|
|
26
26
|
return invertedPresetValue >= invertedPermValue;
|
|
27
27
|
}
|
|
28
28
|
//# sourceMappingURL=policy-types.js.map
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { PermissionsClassificationFileSchema, PermissionSetsClassificationContentSchema, PolicyFileSchema, ProfilesClassificationContentSchema, UsersClassificationContentSchema, UsersPolicyFileSchema, } from './file-mgmt/schema.js';
|
|
2
2
|
import ConnectedAppPolicy from './policies/connectedAppPolicy.js';
|
|
3
3
|
import PermissionSetPolicy from './policies/permissionSetPolicy.js';
|
|
4
4
|
import ProfilePolicy from './policies/profilePolicy.js';
|
|
@@ -6,23 +6,32 @@ import UserPolicy from './policies/userPolicy.js';
|
|
|
6
6
|
import SettingsPolicy from './policies/settingsPolicy.js';
|
|
7
7
|
export const classificationDefs = {
|
|
8
8
|
userPermissions: {
|
|
9
|
-
schema:
|
|
9
|
+
schema: PermissionsClassificationFileSchema,
|
|
10
10
|
},
|
|
11
11
|
customPermissions: {
|
|
12
|
-
schema:
|
|
12
|
+
schema: PermissionsClassificationFileSchema,
|
|
13
|
+
},
|
|
14
|
+
profiles: {
|
|
15
|
+
schema: ProfilesClassificationContentSchema,
|
|
16
|
+
},
|
|
17
|
+
permissionSets: {
|
|
18
|
+
schema: PermissionSetsClassificationContentSchema,
|
|
19
|
+
},
|
|
20
|
+
users: {
|
|
21
|
+
schema: UsersClassificationContentSchema,
|
|
13
22
|
},
|
|
14
23
|
};
|
|
15
24
|
export const policyDefs = {
|
|
16
25
|
profiles: {
|
|
17
26
|
handler: ProfilePolicy,
|
|
18
|
-
schema:
|
|
27
|
+
schema: PolicyFileSchema,
|
|
19
28
|
dependencies: [
|
|
20
29
|
{ path: ['classifications', 'userPermissions'], errorName: 'UserPermClassificationRequiredForProfiles' },
|
|
21
30
|
],
|
|
22
31
|
},
|
|
23
32
|
permissionSets: {
|
|
24
33
|
handler: PermissionSetPolicy,
|
|
25
|
-
schema:
|
|
34
|
+
schema: PolicyFileSchema,
|
|
26
35
|
dependencies: [
|
|
27
36
|
{ path: ['classifications', 'userPermissions'], errorName: 'UserPermClassificationRequiredForPermSets' },
|
|
28
37
|
],
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policyRegistry.js","sourceRoot":"","sources":["../../../src/libs/core/policyRegistry.ts"],"names":[],"mappings":"AACA,OAAO,EAGL,
|
|
1
|
+
{"version":3,"file":"policyRegistry.js","sourceRoot":"","sources":["../../../src/libs/core/policyRegistry.ts"],"names":[],"mappings":"AACA,OAAO,EAGL,mCAAmC,EACnC,yCAAyC,EACzC,gBAAgB,EAChB,mCAAmC,EACnC,gCAAgC,EAChC,qBAAqB,GACtB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,kBAAkB,MAAM,kCAAkC,CAAC;AAClE,OAAO,mBAAmB,MAAM,mCAAmC,CAAC;AAEpE,OAAO,aAAa,MAAM,6BAA6B,CAAC;AACxD,OAAO,UAAU,MAAM,0BAA0B,CAAC;AAClD,OAAO,cAAc,MAAM,8BAA8B,CAAC;AAE1D,MAAM,CAAC,MAAM,kBAAkB,GAA2B;IACxD,eAAe,EAAE;QACf,MAAM,EAAE,mCAAmC;KAC5C;IACD,iBAAiB,EAAE;QACjB,MAAM,EAAE,mCAAmC;KAC5C;IACD,QAAQ,EAAE;QACR,MAAM,EAAE,mCAAmC;KAC5C;IACD,cAAc,EAAE;QACd,MAAM,EAAE,yCAAyC;KAClD;IACD,KAAK,EAAE;QACL,MAAM,EAAE,gCAAgC;KACzC;CACF,CAAC;AAOF,MAAM,CAAC,MAAM,UAAU,GAAmB;IACxC,QAAQ,EAAE;QACR,OAAO,EAAE,aAAa;QACtB,MAAM,EAAE,gBAAgB;QACxB,YAAY,EAAE;YACZ,EAAE,IAAI,EAAE,CAAC,iBAAiB,EAAE,iBAAiB,CAAC,EAAE,SAAS,EAAE,2CAA2C,EAAE;SACzG;KACF;IACD,cAAc,EAAE;QACd,OAAO,EAAE,mBAAmB;QAC5B,MAAM,EAAE,gBAAgB;QACxB,YAAY,EAAE;YACZ,EAAE,IAAI,EAAE,CAAC,iBAAiB,EAAE,iBAAiB,CAAC,EAAE,SAAS,EAAE,2CAA2C,EAAE;SACzG;KACF;IACD,aAAa,EAAE;QACb,OAAO,EAAE,kBAAkB;QAC3B,MAAM,EAAE,gBAAgB;KACzB;IACD,KAAK,EAAE;QACL,OAAO,EAAE,UAAU;QACnB,MAAM,EAAE,qBAAqB;KAC9B;IACD,QAAQ,EAAE;QACR,OAAO,EAAE,cAAc;QACvB,MAAM,EAAE,gBAAgB;KACzB;CACF,CAAC"}
|
|
@@ -1,10 +1,9 @@
|
|
|
1
1
|
import { Profile } from '@jsforce/jsforce-node/lib/api/metadata.js';
|
|
2
|
-
import { AuditRunConfig
|
|
3
|
-
import { ClassificationNames } from '../../policyRegistry.js';
|
|
2
|
+
import { AuditRunConfig } from '../../file-mgmt/schema.js';
|
|
4
3
|
import { PolicyRuleViolation, RuleComponentMessage } from '../../result-types.js';
|
|
5
4
|
export type ResolvedProfileLike = {
|
|
6
5
|
name: string;
|
|
7
|
-
|
|
6
|
+
role: string;
|
|
8
7
|
metadata: PartialProfileLike;
|
|
9
8
|
};
|
|
10
9
|
export type ScanResult = {
|
|
@@ -25,5 +24,4 @@ type PermissionsListKey = keyof PartialProfileLike;
|
|
|
25
24
|
*/
|
|
26
25
|
export declare function scanProfileLike(profileLike: ResolvedProfileLike, auditRun: AuditRunConfig, rootIdentifier?: string[]): ScanResult;
|
|
27
26
|
export declare function scanPermissions(profile: ResolvedProfileLike, permissionListName: PermissionsListKey, auditRun: AuditRunConfig, rootIdentifier?: string[]): ScanResult;
|
|
28
|
-
export declare function resolvePerm(permName: string, auditRun: AuditRunConfig, type: ClassificationNames): NamedPermissionsClassification | undefined;
|
|
29
27
|
export {};
|