@nuvlore/extension-access-bitbucket 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +4 -19
- package/vendor/extension-sso/LICENSE +0 -202
- package/vendor/extension-sso/README.md +0 -35
- package/vendor/extension-sso/commands/okta-login.md +0 -10
- package/vendor/extension-sso/package.json +0 -51
- package/vendor/extension-sso/skills/workday-okta-auth/SKILL.md +0 -20
- package/vendor/extension-sso/src/autoAuth.mjs +0 -25
- package/vendor/extension-sso/src/browserLogin.mjs +0 -1
- package/vendor/extension-sso/src/chromeCookies.mjs +0 -1
- package/vendor/extension-sso/src/cookieJar.mjs +0 -1
- package/vendor/extension-sso/src/extensionAccess.mjs +0 -173
- package/vendor/extension-sso/src/htmlSessionExtract.mjs +0 -1
- package/vendor/extension-sso/src/oktaAppAccess.mjs +0 -133
- package/vendor/extension-sso/src/oktaAppCatalog.mjs +0 -118
- package/vendor/extension-sso/src/oktaAppRead.mjs +0 -119
- package/vendor/extension-sso/src/oktaConfig.mjs +0 -12
- package/vendor/extension-sso/src/oktaSession.mjs +0 -32
- package/vendor/extension-sso/src/serviceOperations.mjs +0 -407
- package/vendor/extension-sso/src/serviceReadSearch.mjs +0 -395
- package/vendor/extension-sso/src/serviceReads.mjs +0 -109
- package/vendor/extension-sso/src/serviceRegistry.mjs +0 -497
- package/vendor/extension-sso/src/sessionAuth.mjs +0 -339
- package/vendor/extension-sso/src/sessionManager.mjs +0 -212
- package/vendor/extension-sso/src/sessionValidate.mjs +0 -74
- package/vendor/extension-sso/src/ssoConfig.mjs +0 -31
- package/vendor/extension-sso/src/ssoHttpRead.mjs +0 -292
- package/vendor/extension-sso/tools/extension-access-tools.shared.mjs +0 -16
- package/vendor/extension-sso/tools/okta-app-tools.shared.mjs +0 -5
- package/vendor/extension-sso/tools/okta-tools.shared.mjs +0 -18
- package/vendor/extension-sso/tools/workday_extension_read.mjs +0 -51
- package/vendor/extension-sso/tools/workday_extension_read_access.mjs +0 -65
- package/vendor/extension-sso/tools/workday_list_extension_access.mjs +0 -39
- package/vendor/extension-sso/tools/workday_list_okta_apps.mjs +0 -18
- package/vendor/extension-sso/tools/workday_list_service_operations.mjs +0 -41
- package/vendor/extension-sso/tools/workday_list_service_read_search_capabilities.mjs +0 -34
- package/vendor/extension-sso/tools/workday_list_services.mjs +0 -31
- package/vendor/extension-sso/tools/workday_okta_app_probe_all.mjs +0 -24
- package/vendor/extension-sso/tools/workday_okta_app_read.mjs +0 -30
- package/vendor/extension-sso/tools/workday_okta_app_read_access.mjs +0 -25
- package/vendor/extension-sso/tools/workday_okta_auth_header.mjs +0 -58
- package/vendor/extension-sso/tools/workday_okta_login.mjs +0 -65
- package/vendor/extension-sso/tools/workday_okta_open_app.mjs +0 -63
- package/vendor/extension-sso/tools/workday_okta_open_service.mjs +0 -63
- package/vendor/extension-sso/tools/workday_okta_status.mjs +0 -35
- package/vendor/extension-sso/tools/workday_service_auth.mjs +0 -65
- package/vendor/extension-sso/tools/workday_service_operation_read.mjs +0 -51
- package/vendor/extension-sso/tools/workday_service_read.mjs +0 -56
- package/vendor/extension-sso/tools/workday_service_search.mjs +0 -62
- package/vendor/extension-sso/tools/workday_sso_cookie_header.mjs +0 -59
- package/vendor/extension-sso/vendor/extension-browser-sso/LICENSE +0 -202
- package/vendor/extension-sso/vendor/extension-browser-sso/README.md +0 -16
- package/vendor/extension-sso/vendor/extension-browser-sso/package.json +0 -47
- package/vendor/extension-sso/vendor/extension-browser-sso/src/autoAuth.mjs +0 -47
- package/vendor/extension-sso/vendor/extension-browser-sso/src/browserHttpRead.mjs +0 -76
- package/vendor/extension-sso/vendor/extension-browser-sso/src/browserLogin.mjs +0 -24
- package/vendor/extension-sso/vendor/extension-browser-sso/src/chromeCookies.mjs +0 -192
- package/vendor/extension-sso/vendor/extension-browser-sso/src/cookieJar.mjs +0 -132
- package/vendor/extension-sso/vendor/extension-browser-sso/src/extensions/toolkit/devops-data-paths.mjs +0 -222
- package/vendor/extension-sso/vendor/extension-browser-sso/src/extensions/toolkit/devops-diagnostics.mjs +0 -440
- package/vendor/extension-sso/vendor/extension-browser-sso/src/extensions/toolkit/enterprise-api-read.mjs +0 -180
- package/vendor/extension-sso/vendor/extension-browser-sso/src/extensions/toolkit/read-only-command-pack.mjs +0 -1
- package/vendor/extension-sso/vendor/extension-browser-sso/src/extensions/toolkit/read-only-plan.mjs +0 -45
- package/vendor/extension-sso/vendor/extension-browser-sso/src/extensions/toolkit/read-only-shell-policy.d.mts +0 -26
- package/vendor/extension-sso/vendor/extension-browser-sso/src/extensions/toolkit/read-only-shell-policy.mjs +0 -170
- package/vendor/extension-sso/vendor/extension-browser-sso/src/htmlSessionExtract.mjs +0 -64
- package/vendor/extension-sso/vendor/extension-read-only-toolkit/LICENSE +0 -202
- package/vendor/extension-sso/vendor/extension-read-only-toolkit/README.md +0 -29
- package/vendor/extension-sso/vendor/extension-read-only-toolkit/package.json +0 -43
- package/vendor/extension-sso/vendor/extension-read-only-toolkit/src/devops-data-paths.mjs +0 -222
- package/vendor/extension-sso/vendor/extension-read-only-toolkit/src/devops-diagnostics.mjs +0 -440
- package/vendor/extension-sso/vendor/extension-read-only-toolkit/src/enterprise-api-read.mjs +0 -180
- package/vendor/extension-sso/vendor/extension-read-only-toolkit/src/read-only-command-pack.mjs +0 -1
- package/vendor/extension-sso/vendor/extension-read-only-toolkit/src/read-only-plan.mjs +0 -45
- package/vendor/extension-sso/vendor/extension-read-only-toolkit/src/read-only-shell-policy.d.mts +0 -26
- package/vendor/extension-sso/vendor/extension-read-only-toolkit/src/read-only-shell-policy.mjs +0 -170
|
@@ -1,292 +0,0 @@
|
|
|
1
|
-
import { buildRequestUrl, normalizeBaseUrl, parseResponseBody } from "@nuvlore/extension-read-only-toolkit/enterprise-api-read";
|
|
2
|
-
import { assertNonHtmlApiResponse } from "@nuvlore/extension-read-only-toolkit/devops-diagnostics";
|
|
3
|
-
import { assertReadOnlyHttpRequest } from "./extensionAccess.mjs";
|
|
4
|
-
import {
|
|
5
|
-
mergeCookies,
|
|
6
|
-
resolveBestCookieHost,
|
|
7
|
-
saveCookieJar
|
|
8
|
-
} from "./cookieJar.mjs";
|
|
9
|
-
import { importCookiesFromChrome } from "./sessionManager.mjs";
|
|
10
|
-
import { resolveAutoAuthOptions, shouldRetryAuthAfterFailure } from "./autoAuth.mjs";
|
|
11
|
-
import { ensureServiceSession } from "./sessionAuth.mjs";
|
|
12
|
-
import { getSsoConfig } from "./ssoConfig.mjs";
|
|
13
|
-
import { getServiceDomains, getWorkdayService } from "./serviceRegistry.mjs";
|
|
14
|
-
import { extractHtmlSession } from "./htmlSessionExtract.mjs";
|
|
15
|
-
|
|
16
|
-
/** Per-service HTTP hints for real browser-session API access (GET only). */
|
|
17
|
-
export const SSO_HTTP_PROFILES = {
|
|
18
|
-
jira: {
|
|
19
|
-
apiPrefix: "/rest/api/latest",
|
|
20
|
-
extraHeaders: { "X-Atlassian-Token": "no-check" },
|
|
21
|
-
verifyPath: "/rest/api/latest/myself",
|
|
22
|
-
refererPath: "/secure/Dashboard.jspa"
|
|
23
|
-
},
|
|
24
|
-
bitbucket: {
|
|
25
|
-
apiPrefix: "/rest/api/1.0",
|
|
26
|
-
extraHeaders: { "X-Atlassian-Token": "no-check" },
|
|
27
|
-
verifyPath: "/rest/api/latest/projects",
|
|
28
|
-
verifyFollowRedirects: true
|
|
29
|
-
},
|
|
30
|
-
confluence: {
|
|
31
|
-
apiPrefix: "/rest/api",
|
|
32
|
-
extraHeaders: { "X-Atlassian-Token": "no-check" },
|
|
33
|
-
verifyPath: "/rest/api/user/current"
|
|
34
|
-
},
|
|
35
|
-
bamboo: {
|
|
36
|
-
apiPrefix: "/rest/api/latest",
|
|
37
|
-
extraHeaders: {},
|
|
38
|
-
verifyPath: "/rest/api/latest/info"
|
|
39
|
-
},
|
|
40
|
-
github: {
|
|
41
|
-
apiPrefix: "/api/v3",
|
|
42
|
-
extraHeaders: { Accept: "application/vnd.github+json" },
|
|
43
|
-
verifyPath: "/settings/profile",
|
|
44
|
-
verifyMode: "html",
|
|
45
|
-
verifyExtract: "github-profile"
|
|
46
|
-
},
|
|
47
|
-
teamcity: {
|
|
48
|
-
apiPrefix: "/app/rest",
|
|
49
|
-
extraHeaders: { Accept: "application/json" },
|
|
50
|
-
verifyPath: "/login.html",
|
|
51
|
-
verifyMode: "html",
|
|
52
|
-
verifyExtract: "generic"
|
|
53
|
-
},
|
|
54
|
-
pharos: {
|
|
55
|
-
apiPrefix: "/api",
|
|
56
|
-
extraHeaders: { Accept: "application/json" },
|
|
57
|
-
verifyPath: "/api/health"
|
|
58
|
-
},
|
|
59
|
-
dashboard: {
|
|
60
|
-
apiPrefix: "/s/readonly",
|
|
61
|
-
extraHeaders: {},
|
|
62
|
-
verifyPath: "/s/readonly/app/discover"
|
|
63
|
-
},
|
|
64
|
-
pagerduty: {
|
|
65
|
-
apiPrefix: "/api/v2",
|
|
66
|
-
extraHeaders: { Accept: "application/vnd.pagerduty+json;version=2" },
|
|
67
|
-
verifyPath: "/",
|
|
68
|
-
verifyMode: "html",
|
|
69
|
-
verifyExtract: "generic"
|
|
70
|
-
},
|
|
71
|
-
repository: {
|
|
72
|
-
apiPrefix: "/artifactory/api",
|
|
73
|
-
extraHeaders: {},
|
|
74
|
-
verifyPath: "/artifactory/api/system/ping"
|
|
75
|
-
},
|
|
76
|
-
slack: {
|
|
77
|
-
apiPrefix: "/",
|
|
78
|
-
extraHeaders: {},
|
|
79
|
-
verifyPath: "/",
|
|
80
|
-
verifyMode: "html",
|
|
81
|
-
verifyExtract: "generic",
|
|
82
|
-
verifyFollowRedirects: true
|
|
83
|
-
},
|
|
84
|
-
sana: {
|
|
85
|
-
apiPrefix: "/",
|
|
86
|
-
extraHeaders: {},
|
|
87
|
-
verifyPath: "/",
|
|
88
|
-
verifyMode: "html",
|
|
89
|
-
verifyExtract: "generic",
|
|
90
|
-
verifyFollowRedirects: true
|
|
91
|
-
},
|
|
92
|
-
"google-drive": {
|
|
93
|
-
apiPrefix: "/drive",
|
|
94
|
-
extraHeaders: { Accept: "application/json" },
|
|
95
|
-
verifyPath: "/drive/v3/about",
|
|
96
|
-
verifyBaseUrl: "https://www.googleapis.com",
|
|
97
|
-
verifyQuery: { fields: "user" }
|
|
98
|
-
},
|
|
99
|
-
"service-hub": {
|
|
100
|
-
apiPrefix: "/api/now",
|
|
101
|
-
extraHeaders: { Accept: "application/json" },
|
|
102
|
-
verifyPath: "/api/now/ui/user/current_user"
|
|
103
|
-
},
|
|
104
|
-
snyk: {
|
|
105
|
-
apiPrefix: "/",
|
|
106
|
-
extraHeaders: { Accept: "application/json" },
|
|
107
|
-
verifyPath: "/api/me"
|
|
108
|
-
},
|
|
109
|
-
collibra: {
|
|
110
|
-
apiPrefix: "/rest/2.0",
|
|
111
|
-
extraHeaders: { Accept: "application/json" },
|
|
112
|
-
verifyPath: "/rest/2.0/communities",
|
|
113
|
-
verifyQuery: { limit: 1 }
|
|
114
|
-
},
|
|
115
|
-
mixpanel: {
|
|
116
|
-
apiPrefix: "/",
|
|
117
|
-
extraHeaders: { Accept: "application/json" },
|
|
118
|
-
verifyPath: "/api/app/workspaces"
|
|
119
|
-
}
|
|
120
|
-
};
|
|
121
|
-
|
|
122
|
-
async function refreshServiceCookies(config, serviceId, options = {}) {
|
|
123
|
-
const domains = getServiceDomains(serviceId);
|
|
124
|
-
const imported = await importCookiesFromChrome(config, [config.domain, ...domains]);
|
|
125
|
-
if (!imported?.cookies?.length) return null;
|
|
126
|
-
const { jar } = await ensureServiceSession(serviceId, {
|
|
127
|
-
config,
|
|
128
|
-
openBrowserOnMissing: options.openBrowserOnMissing,
|
|
129
|
-
autoAuth: options.autoAuth,
|
|
130
|
-
onStatus: options.onStatus
|
|
131
|
-
});
|
|
132
|
-
const merged = {
|
|
133
|
-
...(jar ?? {}),
|
|
134
|
-
cookies: mergeCookies(jar?.cookies ?? [], imported.cookies),
|
|
135
|
-
source: "chrome-sync"
|
|
136
|
-
};
|
|
137
|
-
await saveCookieJar(config.cookieJarPath, merged);
|
|
138
|
-
return merged;
|
|
139
|
-
}
|
|
140
|
-
|
|
141
|
-
async function ssoReadGetOnce(serviceId, input = {}, options = {}) {
|
|
142
|
-
const service = getWorkdayService(serviceId);
|
|
143
|
-
const profile = SSO_HTTP_PROFILES[serviceId] ?? {};
|
|
144
|
-
const authOptions = resolveAutoAuthOptions(options);
|
|
145
|
-
const config = authOptions.config ?? getSsoConfig();
|
|
146
|
-
const session = await ensureServiceSession(serviceId, { ...authOptions, config });
|
|
147
|
-
let jar = session.jar;
|
|
148
|
-
jar = (await refreshServiceCookies(config, serviceId, authOptions)) ?? jar;
|
|
149
|
-
|
|
150
|
-
const domains = getServiceDomains(serviceId);
|
|
151
|
-
const { host, cookie, hasCookies } = resolveBestCookieHost(jar, domains);
|
|
152
|
-
if (!hasCookies || !cookie) {
|
|
153
|
-
throw new Error(
|
|
154
|
-
`No SSO cookies for ${service.label}. Open ${session.authUrl} in Chrome via Okta, then retry.`
|
|
155
|
-
);
|
|
156
|
-
}
|
|
157
|
-
|
|
158
|
-
const readAccess = service.readAccess ?? {};
|
|
159
|
-
const baseUrl = normalizeBaseUrl(input.baseUrl || readAccess.defaultBaseUrl || `https://${host}`);
|
|
160
|
-
const restPath = String(input.restPath || input.path || "").trim();
|
|
161
|
-
if (!restPath) throw new Error("restPath is required.");
|
|
162
|
-
const url = buildRequestUrl(baseUrl, restPath, input.query);
|
|
163
|
-
const fetchImpl = authOptions.fetchImpl ?? globalThis.fetch;
|
|
164
|
-
|
|
165
|
-
const response = await fetchImpl(url, {
|
|
166
|
-
method: "GET",
|
|
167
|
-
headers: {
|
|
168
|
-
accept: "application/json,text/html",
|
|
169
|
-
cookie,
|
|
170
|
-
"user-agent": `Mozilla/5.0 nuvlore/0.1 ${serviceId}-sso-read`,
|
|
171
|
-
...(profile.refererPath ? { referer: `${baseUrl}${profile.refererPath}` } : {}),
|
|
172
|
-
...(profile.extraHeaders ?? {}),
|
|
173
|
-
...(input.headers ?? {})
|
|
174
|
-
},
|
|
175
|
-
redirect: input.followRedirects ? "follow" : "manual"
|
|
176
|
-
});
|
|
177
|
-
|
|
178
|
-
const text = await response.text();
|
|
179
|
-
if (!authOptions.allowHtml) {
|
|
180
|
-
assertNonHtmlApiResponse(service.label, text);
|
|
181
|
-
}
|
|
182
|
-
const data = parseResponseBody(text);
|
|
183
|
-
if (!response.ok && !authOptions.allowHtml) {
|
|
184
|
-
const error = new Error(`${service.label} SSO read failed (${response.status}) at ${restPath}`);
|
|
185
|
-
error.status = response.status;
|
|
186
|
-
throw error;
|
|
187
|
-
}
|
|
188
|
-
|
|
189
|
-
return {
|
|
190
|
-
readOnly: true,
|
|
191
|
-
method: "GET",
|
|
192
|
-
service: serviceId,
|
|
193
|
-
extension: service.extension,
|
|
194
|
-
baseUrl,
|
|
195
|
-
host,
|
|
196
|
-
restPath,
|
|
197
|
-
url: url.toString(),
|
|
198
|
-
status: response.status,
|
|
199
|
-
contentType: response.headers.get("content-type"),
|
|
200
|
-
data
|
|
201
|
-
};
|
|
202
|
-
}
|
|
203
|
-
|
|
204
|
-
export async function ssoReadGet(serviceId, input = {}, options = {}) {
|
|
205
|
-
assertReadOnlyHttpRequest({ method: "GET", path: input.restPath || input.path });
|
|
206
|
-
const authOptions = resolveAutoAuthOptions(options);
|
|
207
|
-
try {
|
|
208
|
-
return await ssoReadGetOnce(serviceId, input, authOptions);
|
|
209
|
-
} catch (error) {
|
|
210
|
-
if (!shouldRetryAuthAfterFailure(error, authOptions)) throw error;
|
|
211
|
-
await ensureServiceSession(serviceId, {
|
|
212
|
-
...authOptions,
|
|
213
|
-
forceBrowser: true,
|
|
214
|
-
openBrowserOnMissing: true
|
|
215
|
-
});
|
|
216
|
-
return ssoReadGetOnce(serviceId, input, { ...authOptions, _retriedAuth: true });
|
|
217
|
-
}
|
|
218
|
-
}
|
|
219
|
-
|
|
220
|
-
export async function ssoReadHtml(
|
|
221
|
-
serviceId,
|
|
222
|
-
htmlPath,
|
|
223
|
-
{ extract = "generic", followRedirects = false } = {},
|
|
224
|
-
options = {}
|
|
225
|
-
) {
|
|
226
|
-
const result = await ssoReadGet(
|
|
227
|
-
serviceId,
|
|
228
|
-
{ restPath: htmlPath, followRedirects },
|
|
229
|
-
{ ...options, allowHtml: true }
|
|
230
|
-
);
|
|
231
|
-
const html = typeof result.data === "string" ? result.data : String(result.data ?? "");
|
|
232
|
-
const extracted = extractHtmlSession(extract, html, { url: result.url });
|
|
233
|
-
return {
|
|
234
|
-
...result,
|
|
235
|
-
mode: "html-session",
|
|
236
|
-
extracted,
|
|
237
|
-
htmlLength: html.length
|
|
238
|
-
};
|
|
239
|
-
}
|
|
240
|
-
|
|
241
|
-
export async function verifySsoAccess(serviceId, options = {}) {
|
|
242
|
-
const profile = SSO_HTTP_PROFILES[serviceId];
|
|
243
|
-
const service = getWorkdayService(serviceId);
|
|
244
|
-
const verifyPath = options.restPath || profile?.verifyPath || service.readAccess?.restPathPrefix || "/";
|
|
245
|
-
const verifyBaseUrl = profile?.verifyBaseUrl;
|
|
246
|
-
try {
|
|
247
|
-
const result =
|
|
248
|
-
profile?.verifyMode === "html"
|
|
249
|
-
? await ssoReadHtml(
|
|
250
|
-
serviceId,
|
|
251
|
-
verifyPath,
|
|
252
|
-
{
|
|
253
|
-
extract: profile.verifyExtract ?? "generic",
|
|
254
|
-
followRedirects: profile.verifyFollowRedirects ?? false
|
|
255
|
-
},
|
|
256
|
-
options
|
|
257
|
-
)
|
|
258
|
-
: await ssoReadGet(
|
|
259
|
-
serviceId,
|
|
260
|
-
{ restPath: verifyPath, query: profile?.verifyQuery, ...(verifyBaseUrl ? { baseUrl: verifyBaseUrl } : {}) },
|
|
261
|
-
options
|
|
262
|
-
);
|
|
263
|
-
const preview =
|
|
264
|
-
result.extracted ??
|
|
265
|
-
(typeof result.data === "object" ? result.data : String(result.data ?? "").slice(0, 200));
|
|
266
|
-
const accessible =
|
|
267
|
-
profile?.verifyMode === "html" ? Boolean(result.extracted?.authenticated) : true;
|
|
268
|
-
return {
|
|
269
|
-
accessible,
|
|
270
|
-
readOnly: true,
|
|
271
|
-
service: serviceId,
|
|
272
|
-
extension: service.extension,
|
|
273
|
-
verifyPath,
|
|
274
|
-
mode: result.mode ?? "api",
|
|
275
|
-
status: result.status,
|
|
276
|
-
preview
|
|
277
|
-
};
|
|
278
|
-
} catch (error) {
|
|
279
|
-
return {
|
|
280
|
-
accessible: false,
|
|
281
|
-
readOnly: true,
|
|
282
|
-
service: serviceId,
|
|
283
|
-
extension: service.extension,
|
|
284
|
-
verifyPath,
|
|
285
|
-
error: error instanceof Error ? error.message : String(error)
|
|
286
|
-
};
|
|
287
|
-
}
|
|
288
|
-
}
|
|
289
|
-
|
|
290
|
-
export function listSsoHttpServices() {
|
|
291
|
-
return Object.keys(SSO_HTTP_PROFILES);
|
|
292
|
-
}
|
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
import {
|
|
2
|
-
extensionReadGet,
|
|
3
|
-
getExtensionReadAccess,
|
|
4
|
-
listExtensionReadAccess
|
|
5
|
-
} from "../src/extensionAccess.mjs";
|
|
6
|
-
import { getServiceByExtension } from "../src/serviceRegistry.mjs";
|
|
7
|
-
import { listServiceOperations, readServiceOperation } from "../src/serviceOperations.mjs";
|
|
8
|
-
import {
|
|
9
|
-
listServiceReadSearchCapabilities,
|
|
10
|
-
readAnyService,
|
|
11
|
-
searchAnyService
|
|
12
|
-
} from "../src/serviceReadSearch.mjs";
|
|
13
|
-
|
|
14
|
-
function textResult(text) {
|
|
15
|
-
return { content: [{ type: "text", text }] };
|
|
16
|
-
}
|
|
@@ -1,18 +0,0 @@
|
|
|
1
|
-
import { getSsoConfig } from "../src/ssoConfig.mjs";
|
|
2
|
-
import {
|
|
3
|
-
ensureSsoSession,
|
|
4
|
-
getOktaCookieHeader,
|
|
5
|
-
jarSummary,
|
|
6
|
-
loadCookieJar
|
|
7
|
-
} from "../src/sessionManager.mjs";
|
|
8
|
-
import {
|
|
9
|
-
getServiceCookieHeader,
|
|
10
|
-
openOktaAppForAuth,
|
|
11
|
-
openServiceForAuth
|
|
12
|
-
} from "../src/sessionAuth.mjs";
|
|
13
|
-
import { getOktaApp } from "../src/oktaAppCatalog.mjs";
|
|
14
|
-
import { getWorkdayService, listWorkdayServices } from "../src/serviceRegistry.mjs";
|
|
15
|
-
|
|
16
|
-
function textResult(text) {
|
|
17
|
-
return { content: [{ type: "text", text }] };
|
|
18
|
-
}
|
|
@@ -1,51 +0,0 @@
|
|
|
1
|
-
export const description = "Perform a read-only HTTP GET against a Workday extension API using SSO browser cookies. GET only — no POST/PUT/PATCH/DELETE.";
|
|
2
|
-
import {
|
|
3
|
-
extensionReadGet,
|
|
4
|
-
getExtensionReadAccess,
|
|
5
|
-
listExtensionReadAccess
|
|
6
|
-
} from "../src/extensionAccess.mjs";
|
|
7
|
-
import { getServiceByExtension } from "../src/serviceRegistry.mjs";
|
|
8
|
-
import { listServiceOperations, readServiceOperation } from "../src/serviceOperations.mjs";
|
|
9
|
-
import {
|
|
10
|
-
listServiceReadSearchCapabilities,
|
|
11
|
-
readAnyService,
|
|
12
|
-
searchAnyService
|
|
13
|
-
} from "../src/serviceReadSearch.mjs";
|
|
14
|
-
|
|
15
|
-
function textResult(text) {
|
|
16
|
-
return { content: [{ type: "text", text }] };
|
|
17
|
-
}
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
export default {
|
|
22
|
-
name: "workday_extension_read",
|
|
23
|
-
description:
|
|
24
|
-
"Perform a read-only HTTP GET against a Workday extension API using SSO browser cookies. GET only — no POST/PUT/PATCH/DELETE.",
|
|
25
|
-
inputSchema: {
|
|
26
|
-
type: "object",
|
|
27
|
-
properties: {
|
|
28
|
-
service: { type: "string", description: "Service id, e.g. jira, bitbucket" },
|
|
29
|
-
restPath: { type: "string", description: "Relative REST path, e.g. /rest/api/latest/myself" },
|
|
30
|
-
baseUrl: { type: "string", description: "Optional override of the Workday default base URL" },
|
|
31
|
-
query: {
|
|
32
|
-
type: "object",
|
|
33
|
-
description: "Optional query string parameters",
|
|
34
|
-
additionalProperties: true
|
|
35
|
-
}
|
|
36
|
-
},
|
|
37
|
-
required: ["service", "restPath"]
|
|
38
|
-
},
|
|
39
|
-
meta: {
|
|
40
|
-
permissions: { rule: "ask" },
|
|
41
|
-
secret_provider: "keychain"
|
|
42
|
-
},
|
|
43
|
-
async handler(args) {
|
|
44
|
-
const result = await extensionReadGet(String(args.service).toLowerCase(), {
|
|
45
|
-
restPath: args.restPath,
|
|
46
|
-
baseUrl: args.baseUrl,
|
|
47
|
-
query: args.query
|
|
48
|
-
});
|
|
49
|
-
return textResult(JSON.stringify(result, null, 2));
|
|
50
|
-
}
|
|
51
|
-
};
|
|
@@ -1,65 +0,0 @@
|
|
|
1
|
-
export const description = "Read-only SSO access profile for an Nuvlore extension service (Cookie headers + base URL). Never returns write credentials.";
|
|
2
|
-
import {
|
|
3
|
-
extensionReadGet,
|
|
4
|
-
getExtensionReadAccess,
|
|
5
|
-
listExtensionReadAccess
|
|
6
|
-
} from "../src/extensionAccess.mjs";
|
|
7
|
-
import { getServiceByExtension } from "../src/serviceRegistry.mjs";
|
|
8
|
-
import { listServiceOperations, readServiceOperation } from "../src/serviceOperations.mjs";
|
|
9
|
-
import {
|
|
10
|
-
listServiceReadSearchCapabilities,
|
|
11
|
-
readAnyService,
|
|
12
|
-
searchAnyService
|
|
13
|
-
} from "../src/serviceReadSearch.mjs";
|
|
14
|
-
|
|
15
|
-
function textResult(text) {
|
|
16
|
-
return { content: [{ type: "text", text }] };
|
|
17
|
-
}
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
export default {
|
|
22
|
-
name: "workday_extension_read_access",
|
|
23
|
-
description:
|
|
24
|
-
"Read-only SSO access profile for an Nuvlore extension service (Cookie headers + base URL). Never returns write credentials.",
|
|
25
|
-
inputSchema: {
|
|
26
|
-
type: "object",
|
|
27
|
-
properties: {
|
|
28
|
-
service: {
|
|
29
|
-
type: "string",
|
|
30
|
-
description: "Extension service id, e.g. jira, bitbucket, bamboo, bds"
|
|
31
|
-
},
|
|
32
|
-
extension: {
|
|
33
|
-
type: "string",
|
|
34
|
-
description: "Alternatively, npm package name e.g. @nuvlore/extension-jira"
|
|
35
|
-
}
|
|
36
|
-
}
|
|
37
|
-
},
|
|
38
|
-
meta: {
|
|
39
|
-
permissions: { rule: "allow" },
|
|
40
|
-
secret_provider: "keychain"
|
|
41
|
-
},
|
|
42
|
-
async handler(args = {}) {
|
|
43
|
-
const serviceId = args.service
|
|
44
|
-
? String(args.service).toLowerCase()
|
|
45
|
-
: args.extension
|
|
46
|
-
? getServiceByExtension(String(args.extension)).id
|
|
47
|
-
: "";
|
|
48
|
-
if (!serviceId) {
|
|
49
|
-
return textResult(
|
|
50
|
-
JSON.stringify(
|
|
51
|
-
{
|
|
52
|
-
ok: false,
|
|
53
|
-
readOnly: true,
|
|
54
|
-
message: "Provide service or extension.",
|
|
55
|
-
services: listExtensionReadAccess()
|
|
56
|
-
},
|
|
57
|
-
null,
|
|
58
|
-
2
|
|
59
|
-
)
|
|
60
|
-
);
|
|
61
|
-
}
|
|
62
|
-
const access = await getExtensionReadAccess(serviceId);
|
|
63
|
-
return textResult(JSON.stringify({ ok: access.ready !== false, ...access }, null, 2));
|
|
64
|
-
}
|
|
65
|
-
};
|
|
@@ -1,39 +0,0 @@
|
|
|
1
|
-
export const description = "List read-only SSO access modes for every registered Nuvlore extension.";
|
|
2
|
-
import {
|
|
3
|
-
extensionReadGet,
|
|
4
|
-
getExtensionReadAccess,
|
|
5
|
-
listExtensionReadAccess
|
|
6
|
-
} from "../src/extensionAccess.mjs";
|
|
7
|
-
import { getServiceByExtension } from "../src/serviceRegistry.mjs";
|
|
8
|
-
import { listServiceOperations, readServiceOperation } from "../src/serviceOperations.mjs";
|
|
9
|
-
import {
|
|
10
|
-
listServiceReadSearchCapabilities,
|
|
11
|
-
readAnyService,
|
|
12
|
-
searchAnyService
|
|
13
|
-
} from "../src/serviceReadSearch.mjs";
|
|
14
|
-
|
|
15
|
-
function textResult(text) {
|
|
16
|
-
return { content: [{ type: "text", text }] };
|
|
17
|
-
}
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
export default {
|
|
22
|
-
name: "workday_list_extension_access",
|
|
23
|
-
description: "List read-only SSO access modes for every registered Nuvlore extension.",
|
|
24
|
-
inputSchema: { type: "object", properties: {} },
|
|
25
|
-
meta: { permissions: { rule: "allow" } },
|
|
26
|
-
async handler() {
|
|
27
|
-
return textResult(
|
|
28
|
-
JSON.stringify(
|
|
29
|
-
{
|
|
30
|
-
readOnly: true,
|
|
31
|
-
methods: ["GET"],
|
|
32
|
-
services: listExtensionReadAccess()
|
|
33
|
-
},
|
|
34
|
-
null,
|
|
35
|
-
2
|
|
36
|
-
)
|
|
37
|
-
);
|
|
38
|
-
}
|
|
39
|
-
};
|
|
@@ -1,18 +0,0 @@
|
|
|
1
|
-
export const description = "List all Okta UserHome apps from workday.okta.com with read-only access metadata.";
|
|
2
|
-
import { getOktaAppReadAccess, listOktaApps, oktaAppReadGet, probeAllOktaApps } from "../src/oktaAppAccess.mjs";
|
|
3
|
-
|
|
4
|
-
function textResult(text) {
|
|
5
|
-
return { content: [{ type: "text", text }] };
|
|
6
|
-
}
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
export default {
|
|
11
|
-
name: "workday_list_okta_apps",
|
|
12
|
-
description: "List all Okta UserHome apps from workday.okta.com with read-only access metadata.",
|
|
13
|
-
inputSchema: { type: "object", properties: {} },
|
|
14
|
-
meta: { permissions: { rule: "allow" } },
|
|
15
|
-
async handler() {
|
|
16
|
-
return textResult(JSON.stringify({ readOnly: true, apps: listOktaApps() }, null, 2));
|
|
17
|
-
}
|
|
18
|
-
};
|
|
@@ -1,41 +0,0 @@
|
|
|
1
|
-
export const description = "List concrete read-only service operations for Jira, Bitbucket, Confluence, Bamboo, GitHub, TeamCity, PagerDuty, Repository, Pharos, and Dashboard.";
|
|
2
|
-
import {
|
|
3
|
-
extensionReadGet,
|
|
4
|
-
getExtensionReadAccess,
|
|
5
|
-
listExtensionReadAccess
|
|
6
|
-
} from "../src/extensionAccess.mjs";
|
|
7
|
-
import { getServiceByExtension } from "../src/serviceRegistry.mjs";
|
|
8
|
-
import { listServiceOperations, readServiceOperation } from "../src/serviceOperations.mjs";
|
|
9
|
-
import {
|
|
10
|
-
listServiceReadSearchCapabilities,
|
|
11
|
-
readAnyService,
|
|
12
|
-
searchAnyService
|
|
13
|
-
} from "../src/serviceReadSearch.mjs";
|
|
14
|
-
|
|
15
|
-
function textResult(text) {
|
|
16
|
-
return { content: [{ type: "text", text }] };
|
|
17
|
-
}
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
export default {
|
|
22
|
-
name: "workday_list_service_operations",
|
|
23
|
-
description:
|
|
24
|
-
"List concrete read-only service operations for Jira, Bitbucket, Confluence, Bamboo, GitHub, TeamCity, PagerDuty, Repository, Pharos, and Dashboard.",
|
|
25
|
-
inputSchema: { type: "object", properties: {} },
|
|
26
|
-
meta: { permissions: { rule: "allow" } },
|
|
27
|
-
annotations: { readOnlyHint: true, destructiveHint: false },
|
|
28
|
-
async handler() {
|
|
29
|
-
return textResult(
|
|
30
|
-
JSON.stringify(
|
|
31
|
-
{
|
|
32
|
-
readOnly: true,
|
|
33
|
-
methods: ["GET"],
|
|
34
|
-
services: listServiceOperations()
|
|
35
|
-
},
|
|
36
|
-
null,
|
|
37
|
-
2
|
|
38
|
-
)
|
|
39
|
-
);
|
|
40
|
-
}
|
|
41
|
-
};
|
|
@@ -1,34 +0,0 @@
|
|
|
1
|
-
export const description = "List read/default-read/search routes for every registered Workday service, including generated Okta app services.";
|
|
2
|
-
import {
|
|
3
|
-
extensionReadGet,
|
|
4
|
-
getExtensionReadAccess,
|
|
5
|
-
listExtensionReadAccess
|
|
6
|
-
} from "../src/extensionAccess.mjs";
|
|
7
|
-
import { getServiceByExtension } from "../src/serviceRegistry.mjs";
|
|
8
|
-
import { listServiceOperations, readServiceOperation } from "../src/serviceOperations.mjs";
|
|
9
|
-
import {
|
|
10
|
-
listServiceReadSearchCapabilities,
|
|
11
|
-
readAnyService,
|
|
12
|
-
searchAnyService
|
|
13
|
-
} from "../src/serviceReadSearch.mjs";
|
|
14
|
-
|
|
15
|
-
function textResult(text) {
|
|
16
|
-
return { content: [{ type: "text", text }] };
|
|
17
|
-
}
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
export default {
|
|
22
|
-
name: "workday_list_service_read_search_capabilities",
|
|
23
|
-
description:
|
|
24
|
-
"List read/default-read/search routes for every registered Workday service, including generated Okta app services.",
|
|
25
|
-
inputSchema: { type: "object", properties: {} },
|
|
26
|
-
meta: { permissions: { rule: "allow" } },
|
|
27
|
-
annotations: { readOnlyHint: true, destructiveHint: false },
|
|
28
|
-
async handler() {
|
|
29
|
-
return textResult(JSON.stringify({
|
|
30
|
-
readOnly: true,
|
|
31
|
-
services: listServiceReadSearchCapabilities()
|
|
32
|
-
}, null, 2));
|
|
33
|
-
}
|
|
34
|
-
};
|
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
export const description = "List Workday services that share Okta SSO authentication.";
|
|
2
|
-
import { getSsoConfig } from "../src/ssoConfig.mjs";
|
|
3
|
-
import {
|
|
4
|
-
ensureSsoSession,
|
|
5
|
-
getOktaCookieHeader,
|
|
6
|
-
jarSummary,
|
|
7
|
-
loadCookieJar
|
|
8
|
-
} from "../src/sessionManager.mjs";
|
|
9
|
-
import {
|
|
10
|
-
getServiceCookieHeader,
|
|
11
|
-
openOktaAppForAuth,
|
|
12
|
-
openServiceForAuth
|
|
13
|
-
} from "../src/sessionAuth.mjs";
|
|
14
|
-
import { getOktaApp } from "../src/oktaAppCatalog.mjs";
|
|
15
|
-
import { getWorkdayService, listWorkdayServices } from "../src/serviceRegistry.mjs";
|
|
16
|
-
|
|
17
|
-
function textResult(text) {
|
|
18
|
-
return { content: [{ type: "text", text }] };
|
|
19
|
-
}
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
export default {
|
|
24
|
-
name: "workday_list_services",
|
|
25
|
-
description: "List Workday services that share Okta SSO authentication.",
|
|
26
|
-
inputSchema: { type: "object", properties: {} },
|
|
27
|
-
meta: { permissions: { rule: "allow" } },
|
|
28
|
-
async handler() {
|
|
29
|
-
return textResult(JSON.stringify({ services: listWorkdayServices() }, null, 2));
|
|
30
|
-
}
|
|
31
|
-
};
|
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
export const description = "Probe read-only readiness for every Okta UserHome app (GET only).";
|
|
2
|
-
import { getOktaAppReadAccess, listOktaApps, oktaAppReadGet, probeAllOktaApps } from "../src/oktaAppAccess.mjs";
|
|
3
|
-
|
|
4
|
-
function textResult(text) {
|
|
5
|
-
return { content: [{ type: "text", text }] };
|
|
6
|
-
}
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
export default {
|
|
11
|
-
name: "workday_okta_app_probe_all",
|
|
12
|
-
description: "Probe read-only readiness for every Okta UserHome app (GET only).",
|
|
13
|
-
inputSchema: { type: "object", properties: {} },
|
|
14
|
-
meta: { permissions: { rule: "allow" } },
|
|
15
|
-
async handler() {
|
|
16
|
-
const results = await probeAllOktaApps();
|
|
17
|
-
const summary = {
|
|
18
|
-
total: results.length,
|
|
19
|
-
ready: results.filter((r) => r.ready).length,
|
|
20
|
-
notReady: results.filter((r) => !r.ready).length
|
|
21
|
-
};
|
|
22
|
-
return textResult(JSON.stringify({ readOnly: true, summary, results }, null, 2));
|
|
23
|
-
}
|
|
24
|
-
};
|
|
@@ -1,30 +0,0 @@
|
|
|
1
|
-
export const description = "Read-only GET for an Okta UserHome app using browser cookies. GET only.";
|
|
2
|
-
import { getOktaAppReadAccess, listOktaApps, oktaAppReadGet, probeAllOktaApps } from "../src/oktaAppAccess.mjs";
|
|
3
|
-
|
|
4
|
-
function textResult(text) {
|
|
5
|
-
return { content: [{ type: "text", text }] };
|
|
6
|
-
}
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
export default {
|
|
11
|
-
name: "workday_okta_app_read",
|
|
12
|
-
description: "Read-only GET for an Okta UserHome app using browser cookies. GET only.",
|
|
13
|
-
inputSchema: {
|
|
14
|
-
type: "object",
|
|
15
|
-
properties: {
|
|
16
|
-
app: { type: "string" },
|
|
17
|
-
restPath: { type: "string" },
|
|
18
|
-
allowCookieFallback: { type: "boolean", default: true }
|
|
19
|
-
},
|
|
20
|
-
required: ["app"]
|
|
21
|
-
},
|
|
22
|
-
meta: { permissions: { rule: "ask" } },
|
|
23
|
-
async handler(args) {
|
|
24
|
-
const result = await oktaAppReadGet(String(args.app), {
|
|
25
|
-
restPath: args.restPath,
|
|
26
|
-
allowCookieFallback: args.allowCookieFallback !== false
|
|
27
|
-
});
|
|
28
|
-
return textResult(JSON.stringify(result, null, 2));
|
|
29
|
-
}
|
|
30
|
-
};
|