@qnsp/tenant-sdk 0.2.0 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.turbo/turbo-build.log +4 -0
- package/CHANGELOG.md +51 -0
- package/LICENSE +21 -7
- package/README.md +17 -51
- package/dist/index.d.ts +116 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +409 -16
- package/dist/index.js.map +1 -1
- package/package.json +58 -39
- package/src/index.test.ts +73 -1
- package/src/index.ts +565 -17
- package/tsconfig.tsbuildinfo +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,56 @@
|
|
|
1
1
|
# @qnsp/tenant-sdk
|
|
2
2
|
|
|
3
|
+
## 0.3.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- Enforce mandatory API key at SDK construction time (BREAKING)
|
|
8
|
+
|
|
9
|
+
- All SDK clients (except @qnsp/browser-sdk) now require `apiKey` at
|
|
10
|
+
construction time. Constructors throw a clear error with signup URL,
|
|
11
|
+
free tier details, and documentation link if apiKey is missing or empty.
|
|
12
|
+
- Removed runtime 401 no-apiKey checks — validation is now fail-fast at
|
|
13
|
+
construction, not at request time.
|
|
14
|
+
- Removed conditional `if (apiKey)` guards on Authorization headers —
|
|
15
|
+
headers are always set since apiKey is guaranteed non-empty.
|
|
16
|
+
- @qnsp/kms-client: `apiToken` parameter is now required in the string
|
|
17
|
+
overload of `HttpKmsServiceClient` constructor.
|
|
18
|
+
- @qnsp/browser-sdk: Added opt-in telemetry module (`configureTelemetry`,
|
|
19
|
+
`recordTelemetryEvent`, `flushTelemetry`) for usage analytics without
|
|
20
|
+
collecting PII or cryptographic material. No API key required (local-only
|
|
21
|
+
PQC crypto).
|
|
22
|
+
- Updated cloud portal SDK factory functions to always pass apiKey.
|
|
23
|
+
- Updated crypto-inventory-service internal callers to always pass apiKey.
|
|
24
|
+
- Updated all SDK documentation examples to include apiKey.
|
|
25
|
+
- Updated developer hub quickstart code examples.
|
|
26
|
+
|
|
27
|
+
### Patch Changes
|
|
28
|
+
|
|
29
|
+
- ad6d0d4: Automated changeset generated for staged code updates to keep release workflows fully synchronized.
|
|
30
|
+
- b7599c7: Automated changeset generated for staged code updates to keep release workflows fully synchronized.
|
|
31
|
+
- be1dd80: Automated changeset generated for staged code updates to keep release workflows fully synchronized.
|
|
32
|
+
- 0f7ee07: Automated changeset generated for staged code updates to keep release workflows fully synchronized.
|
|
33
|
+
- 2b5dff8: Automated changeset generated for staged code updates to keep release workflows fully synchronized.
|
|
34
|
+
- Enterprise-grade SDK hardening across all API-calling SDKs:
|
|
35
|
+
|
|
36
|
+
1. **Constructor validation**: Runtime guards for required API key/token with developer-friendly error messages
|
|
37
|
+
2. **HTTPS enforcement**: All SDKs reject non-HTTPS baseUrl in production (HTTP allowed only for localhost in development/test)
|
|
38
|
+
3. **Rate limiting with retry**: 429 handling with Retry-After header support, exponential backoff (2^attempt \* baseDelay, capped 30s), configurable maxRetries (default 3) and retryDelayMs (default 1000)
|
|
39
|
+
4. **Error message sanitization**: HTTP error responses no longer leak server error body text; errors report status code and status text only
|
|
40
|
+
5. **Input validation**: UUID validation via Zod for all tenant/resource ID parameters (storage-sdk, search-sdk, kms-client, ai-sdk)
|
|
41
|
+
6. **Telemetry hooks**: OpenTelemetry-based observability with configurable OTLP export, request counters, failure counters, and duration histograms (auth-sdk, crypto-inventory-sdk, kms-client, ai-sdk, search-sdk)
|
|
42
|
+
|
|
43
|
+
- 7256284: SDK onboarding error messages and edge gateway universal auth enforcement
|
|
44
|
+
|
|
45
|
+
- All 12 SDKs now return developer-friendly 401 error messages with signup URL
|
|
46
|
+
(https://cloud.qnsp.cuilabs.io/signup) and documentation links when API key
|
|
47
|
+
is missing and backend returns 401
|
|
48
|
+
- Edge gateway service proxy now enforces authentication on ALL non-health,
|
|
49
|
+
non-public proxy routes (previously only tenant-service and ai-orchestrator
|
|
50
|
+
intelligence routes required auth)
|
|
51
|
+
- Updated proxy enforcement E2E test to include auth header for entitlement
|
|
52
|
+
enforcement test (correctly expects 403 after auth, not 401 before auth)
|
|
53
|
+
|
|
3
54
|
## 0.2.0
|
|
4
55
|
|
|
5
56
|
### Minor Changes
|
package/LICENSE
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
Apache License
|
|
1
|
+
Apache License
|
|
2
2
|
Version 2.0, January 2004
|
|
3
3
|
http://www.apache.org/licenses/
|
|
4
4
|
|
|
@@ -48,11 +48,11 @@ Apache License
|
|
|
48
48
|
"Contribution" shall mean any work of authorship, including
|
|
49
49
|
the original version of the Work and any modifications or additions
|
|
50
50
|
to that Work or Derivative Works thereof, that is intentionally
|
|
51
|
-
submitted to Licensor for inclusion in the Work by the copyright owner
|
|
51
|
+
submitted to the Licensor for inclusion in the Work by the copyright owner
|
|
52
52
|
or by an individual or Legal Entity authorized to submit on behalf of
|
|
53
53
|
the copyright owner. For the purposes of this definition, "submitted"
|
|
54
|
-
means any form of electronic, verbal, or written communication sent
|
|
55
|
-
the Licensor or its representatives, including but not limited to
|
|
54
|
+
means any form of electronic, verbal, or written communication sent
|
|
55
|
+
to the Licensor or its representatives, including but not limited to
|
|
56
56
|
communication on electronic mailing lists, source code control systems,
|
|
57
57
|
and issue tracking systems that are managed by, or on behalf of, the
|
|
58
58
|
Licensor for the purpose of discussing and improving the Work, but
|
|
@@ -60,7 +60,7 @@ Apache License
|
|
|
60
60
|
designated in writing by the copyright owner as "Not a Contribution."
|
|
61
61
|
|
|
62
62
|
"Contributor" shall mean Licensor and any individual or Legal Entity
|
|
63
|
-
on behalf of whom a Contribution has been received by Licensor and
|
|
63
|
+
on behalf of whom a Contribution has been received by the Licensor and
|
|
64
64
|
subsequently incorporated within the Work.
|
|
65
65
|
|
|
66
66
|
2. Grant of Copyright License. Subject to the terms and conditions of
|
|
@@ -106,7 +106,7 @@ Apache License
|
|
|
106
106
|
(d) If the Work includes a "NOTICE" text file as part of its
|
|
107
107
|
distribution, then any Derivative Works that You distribute must
|
|
108
108
|
include a readable copy of the attribution notices contained
|
|
109
|
-
within such NOTICE file, excluding
|
|
109
|
+
within such NOTICE file, excluding any notices that do not
|
|
110
110
|
pertain to any part of the Derivative Works, in at least one
|
|
111
111
|
of the following places: within a NOTICE text file distributed
|
|
112
112
|
as part of the Derivative Works; within the Source form or
|
|
@@ -145,7 +145,7 @@ Apache License
|
|
|
145
145
|
Contributor provides its Contributions) on an "AS IS" BASIS,
|
|
146
146
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
147
147
|
implied, including, without limitation, any warranties or conditions
|
|
148
|
-
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, FITNESS FOR A
|
|
148
|
+
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
|
149
149
|
PARTICULAR PURPOSE. You are solely responsible for determining the
|
|
150
150
|
appropriateness of using or redistributing the Work and assume any
|
|
151
151
|
risks associated with Your exercise of permissions under this License.
|
|
@@ -174,3 +174,17 @@ Apache License
|
|
|
174
174
|
of your accepting any such warranty or additional liability.
|
|
175
175
|
|
|
176
176
|
END OF TERMS AND CONDITIONS
|
|
177
|
+
|
|
178
|
+
Copyright 2024-2026 CUI Labs Pte. Ltd.
|
|
179
|
+
|
|
180
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
|
181
|
+
you may not use this file except in compliance with the License.
|
|
182
|
+
You may obtain a copy of the License at
|
|
183
|
+
|
|
184
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
|
185
|
+
|
|
186
|
+
Unless required by applicable law or agreed to in writing, software
|
|
187
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
|
188
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
189
|
+
See the License for the specific language governing permissions and
|
|
190
|
+
limitations under the License.
|
package/README.md
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
# @qnsp/tenant-sdk
|
|
2
2
|
|
|
3
|
-
TypeScript client for the QNSP
|
|
4
|
-
|
|
3
|
+
TypeScript SDK client for the QNSP tenant-service API. Provides tenant lifecycle and subscription management.
|
|
4
|
+
|
|
5
|
+
Part of the [Quantum-Native Security Platform (QNSP)](https://qnsp.cuilabs.io).
|
|
5
6
|
|
|
6
7
|
## Installation
|
|
7
8
|
|
|
@@ -9,66 +10,31 @@ domains, compliance tags, metadata, and PQC security envelopes.
|
|
|
9
10
|
pnpm add @qnsp/tenant-sdk
|
|
10
11
|
```
|
|
11
12
|
|
|
12
|
-
##
|
|
13
|
-
|
|
14
|
-
Provide a tenant-scoped **service token** via `apiKey`. Requests require PQC security envelopes and
|
|
15
|
-
signatures generated by the control plane; the SDK forwards your payloads but does not sign them.
|
|
16
|
-
|
|
17
|
-
```ts
|
|
18
|
-
import { TenantClient } from "@qnsp/tenant-sdk";
|
|
19
|
-
|
|
20
|
-
const tenants = new TenantClient({
|
|
21
|
-
baseUrl: "https://tenant.qnsp.cuilabs.io",
|
|
22
|
-
apiKey: process.env.QNSP_SERVICE_TOKEN!,
|
|
23
|
-
});
|
|
24
|
-
```
|
|
25
|
-
|
|
26
|
-
## Tier requirements
|
|
27
|
-
|
|
28
|
-
Tenant management APIs are available on every tier. Higher tiers add more tenant seats or compliance
|
|
29
|
-
features, but there are no SDK-side restrictions.
|
|
30
|
-
|
|
31
|
-
## Usage example
|
|
13
|
+
## Quick Start
|
|
32
14
|
|
|
33
|
-
```
|
|
15
|
+
```typescript
|
|
34
16
|
import { TenantClient } from "@qnsp/tenant-sdk";
|
|
35
17
|
|
|
36
18
|
const tenants = new TenantClient({
|
|
37
|
-
baseUrl: "https://
|
|
38
|
-
apiKey:
|
|
19
|
+
baseUrl: "https://api.qnsp.cuilabs.io",
|
|
20
|
+
apiKey: "YOUR_API_KEY",
|
|
39
21
|
});
|
|
40
22
|
|
|
41
|
-
const
|
|
42
|
-
|
|
43
|
-
slug: "cui-labs",
|
|
44
|
-
plan: "dev-pro",
|
|
45
|
-
region: "global",
|
|
46
|
-
security: {
|
|
47
|
-
controlPlaneTokenSha256: "...",
|
|
48
|
-
pqcSignatures: [],
|
|
49
|
-
hardwareProvider: null,
|
|
50
|
-
attestationStatus: null,
|
|
51
|
-
attestationProof: null,
|
|
52
|
-
},
|
|
53
|
-
});
|
|
54
|
-
|
|
55
|
-
const list = await tenants.listTenants({ limit: 25 });
|
|
23
|
+
const tenant = await tenants.getTenant("your-tenant-id");
|
|
24
|
+
const list = await tenants.listTenants({ limit: 20 });
|
|
56
25
|
```
|
|
57
26
|
|
|
58
|
-
##
|
|
27
|
+
## Documentation
|
|
59
28
|
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
29
|
+
- [SDK Reference](https://docs.qnsp.cuilabs.io/sdk/tenant-sdk)
|
|
30
|
+
- [API Documentation](https://docs.qnsp.cuilabs.io/api)
|
|
31
|
+
- [Getting Started](https://docs.qnsp.cuilabs.io/quickstart)
|
|
63
32
|
|
|
64
|
-
##
|
|
33
|
+
## Requirements
|
|
65
34
|
|
|
66
|
-
-
|
|
67
|
-
- [
|
|
68
|
-
- [Tier limits](../shared-kernel/src/tier-limits.ts)
|
|
35
|
+
- Node.js >= 20.0.0
|
|
36
|
+
- A QNSP account and API key ([sign up free](https://cloud.qnsp.cuilabs.io/signup))
|
|
69
37
|
|
|
70
38
|
## License
|
|
71
39
|
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
© 2025 QNSP - CUI LABS, Singapore
|
|
40
|
+
[Apache-2.0](./LICENSE)
|
package/dist/index.d.ts
CHANGED
|
@@ -7,18 +7,79 @@ import type { TenantClientTelemetry, TenantClientTelemetryConfig } from "./obser
|
|
|
7
7
|
*/
|
|
8
8
|
export interface TenantClientConfig {
|
|
9
9
|
readonly baseUrl: string;
|
|
10
|
-
readonly apiKey
|
|
10
|
+
readonly apiKey: string;
|
|
11
11
|
readonly timeoutMs?: number;
|
|
12
12
|
readonly telemetry?: TenantClientTelemetry | TenantClientTelemetryConfig;
|
|
13
13
|
readonly maxRetries?: number;
|
|
14
14
|
readonly retryDelayMs?: number;
|
|
15
15
|
}
|
|
16
16
|
export type TenantStatus = "active" | "suspended" | "pending" | "deleted";
|
|
17
|
+
export type HsmMode = "none" | "supported" | "required";
|
|
17
18
|
/**
|
|
18
19
|
* Crypto policy tier determines which PQC algorithms are allowed.
|
|
19
20
|
* Maps to tenant_crypto_policies.policy_tier in tenant-service.
|
|
20
21
|
*/
|
|
21
22
|
export type CryptoPolicyTier = "default" | "strict" | "maximum" | "government";
|
|
23
|
+
/**
|
|
24
|
+
* Crypto policy v1 uses profiles + tiers (evidence-first model).
|
|
25
|
+
*/
|
|
26
|
+
export type QnspTier = "TIER0_LEGACY" | "TIER1_APPROVED" | "TIER2_HIGH_ASSURANCE" | "TIER3_DIVERSITY" | "TIER4_EXPERIMENTAL";
|
|
27
|
+
export type TenantType = "FREE_FOREVER" | "DEV_STARTER" | "DEV_PRO" | "DEV_ELITE" | "BUSINESS_TEAM" | "BUSINESS_ADVANCED" | "BUSINESS_ELITE" | "ENTERPRISE_STANDARD" | "ENTERPRISE_PRO" | "ENTERPRISE_ELITE" | "PUBLIC_SECTOR";
|
|
28
|
+
export type CryptoProfileId = "gov-high-assurance" | "defense-long-life-data" | "financial-hybrid-pqc" | "research-eval";
|
|
29
|
+
export type TenantCryptoPolicyV1Action = "CREATE" | "UPDATE" | "ROLLBACK";
|
|
30
|
+
export interface CryptoPolicyV1 {
|
|
31
|
+
readonly version: "v1";
|
|
32
|
+
readonly tenantType: TenantType;
|
|
33
|
+
readonly profile: CryptoProfileId;
|
|
34
|
+
readonly enabledTiers: readonly QnspTier[];
|
|
35
|
+
readonly tier0Expiry?: string;
|
|
36
|
+
readonly tier4Acknowledgement?: {
|
|
37
|
+
readonly nonCompliant: true;
|
|
38
|
+
readonly noProductionSecrets: true;
|
|
39
|
+
readonly approvedBy: string;
|
|
40
|
+
readonly approvedAt: string;
|
|
41
|
+
};
|
|
42
|
+
readonly overrides?: {
|
|
43
|
+
readonly allowFalcon?: boolean;
|
|
44
|
+
};
|
|
45
|
+
readonly requirements: {
|
|
46
|
+
readonly fipsAligned: boolean;
|
|
47
|
+
readonly evidenceRequired: boolean;
|
|
48
|
+
readonly cryptoAgilityMetadataRequired: boolean;
|
|
49
|
+
readonly statefulLifecycleGuards: boolean;
|
|
50
|
+
readonly downgradeDetection: boolean;
|
|
51
|
+
};
|
|
52
|
+
}
|
|
53
|
+
export interface TenantCryptoPolicyV1Record {
|
|
54
|
+
readonly id: string;
|
|
55
|
+
readonly tenantId: string;
|
|
56
|
+
readonly version: "v1";
|
|
57
|
+
readonly policy: CryptoPolicyV1;
|
|
58
|
+
readonly policyHash: string;
|
|
59
|
+
readonly etag: string;
|
|
60
|
+
readonly createdAt: string;
|
|
61
|
+
readonly createdByPrincipal: string;
|
|
62
|
+
readonly createdByIp: string | null;
|
|
63
|
+
readonly updatedAt: string;
|
|
64
|
+
readonly updatedByPrincipal: string;
|
|
65
|
+
readonly updatedByIp: string | null;
|
|
66
|
+
}
|
|
67
|
+
export interface TenantCryptoPolicyV1HistoryRecord {
|
|
68
|
+
readonly id: string;
|
|
69
|
+
readonly tenantId: string;
|
|
70
|
+
readonly version: "v1";
|
|
71
|
+
readonly policy: CryptoPolicyV1;
|
|
72
|
+
readonly policyHash: string;
|
|
73
|
+
readonly action: TenantCryptoPolicyV1Action;
|
|
74
|
+
readonly reason: string | null;
|
|
75
|
+
readonly changedAt: string;
|
|
76
|
+
readonly changedByPrincipal: string;
|
|
77
|
+
readonly changedByIp: string | null;
|
|
78
|
+
}
|
|
79
|
+
export interface TenantCryptoPolicyV1HistoryResponse {
|
|
80
|
+
readonly tenantId: string;
|
|
81
|
+
readonly items: readonly TenantCryptoPolicyV1HistoryRecord[];
|
|
82
|
+
}
|
|
22
83
|
/**
|
|
23
84
|
* Tenant crypto policy configuration.
|
|
24
85
|
*/
|
|
@@ -56,10 +117,19 @@ export interface TierAlgorithmConfig {
|
|
|
56
117
|
}
|
|
57
118
|
/**
|
|
58
119
|
* Default algorithms per crypto policy tier.
|
|
120
|
+
* These match the definitions in packages/security/src/crypto-policy.ts
|
|
121
|
+
* and determine which algorithms appear in the portal's Generate Key dropdown.
|
|
122
|
+
*
|
|
123
|
+
* default: All supported PQC algorithms (NIST-finalized + candidates via liboqs)
|
|
124
|
+
* strict: NIST-finalized/selected at higher security levels
|
|
125
|
+
* maximum: Highest-security NIST-finalized only
|
|
126
|
+
* government: FIPS-finalized only (no draft standards)
|
|
59
127
|
*/
|
|
60
128
|
export declare const CRYPTO_POLICY_ALGORITHMS: Record<CryptoPolicyTier, TierAlgorithmConfig>;
|
|
61
129
|
/**
|
|
62
|
-
* Mapping from internal algorithm names to NIST
|
|
130
|
+
* Mapping from internal algorithm names to NIST/standards display names.
|
|
131
|
+
* Covers all 90 PQC algorithms supported by QNSP.
|
|
132
|
+
* Canonical source: @qnsp/cryptography pqc-standards.ts ALGORITHM_NIST_NAMES
|
|
63
133
|
*/
|
|
64
134
|
export declare const ALGORITHM_TO_NIST: Record<string, string>;
|
|
65
135
|
/**
|
|
@@ -103,6 +173,7 @@ export interface Tenant {
|
|
|
103
173
|
readonly plan: string;
|
|
104
174
|
readonly region: string;
|
|
105
175
|
readonly complianceTags: readonly string[];
|
|
176
|
+
readonly hsmMode: HsmMode;
|
|
106
177
|
readonly metadata: Record<string, unknown>;
|
|
107
178
|
readonly security: TenantSecurityEnvelope;
|
|
108
179
|
readonly domains: readonly TenantDomain[];
|
|
@@ -115,6 +186,7 @@ export interface CreateTenantRequest {
|
|
|
115
186
|
readonly plan?: string;
|
|
116
187
|
readonly region?: string;
|
|
117
188
|
readonly complianceTags?: readonly string[];
|
|
189
|
+
readonly hsmMode?: HsmMode;
|
|
118
190
|
readonly metadata?: Record<string, unknown>;
|
|
119
191
|
readonly domains?: readonly {
|
|
120
192
|
readonly domain: string;
|
|
@@ -127,6 +199,7 @@ export interface UpdateTenantRequest {
|
|
|
127
199
|
readonly plan?: string;
|
|
128
200
|
readonly status?: TenantStatus;
|
|
129
201
|
readonly complianceTags?: readonly string[];
|
|
202
|
+
readonly hsmMode?: HsmMode;
|
|
130
203
|
readonly metadata?: Record<string, unknown>;
|
|
131
204
|
readonly security: TenantSecurityEnvelope;
|
|
132
205
|
readonly signature?: TenantSignature;
|
|
@@ -139,6 +212,9 @@ export declare class TenantClient {
|
|
|
139
212
|
private readonly config;
|
|
140
213
|
private readonly telemetry;
|
|
141
214
|
private readonly targetService;
|
|
215
|
+
private activationPromise;
|
|
216
|
+
private readonly activationConfig;
|
|
217
|
+
private ensureActivated;
|
|
142
218
|
constructor(config: TenantClientConfig);
|
|
143
219
|
private request;
|
|
144
220
|
private requestWithRetry;
|
|
@@ -172,11 +248,49 @@ export declare class TenantClient {
|
|
|
172
248
|
* If no policy exists, a default policy is created and returned.
|
|
173
249
|
*/
|
|
174
250
|
getTenantCryptoPolicy(tenantId: string): Promise<TenantCryptoPolicy>;
|
|
251
|
+
/**
|
|
252
|
+
* Get the v1 crypto policy for a tenant (profiles + tiers model).
|
|
253
|
+
* If no policy exists, a default policy is created and returned.
|
|
254
|
+
*/
|
|
255
|
+
getTenantCryptoPolicyV1(tenantId: string): Promise<TenantCryptoPolicyV1Record>;
|
|
256
|
+
/**
|
|
257
|
+
* List v1 crypto policy history entries.
|
|
258
|
+
*/
|
|
259
|
+
listTenantCryptoPolicyV1History(tenantId: string, options?: {
|
|
260
|
+
readonly limit?: number;
|
|
261
|
+
}): Promise<TenantCryptoPolicyV1HistoryResponse>;
|
|
175
262
|
/**
|
|
176
263
|
* Create or update the crypto policy for a tenant.
|
|
177
264
|
* Sets the policy tier and optional custom algorithm restrictions.
|
|
178
265
|
*/
|
|
179
266
|
upsertTenantCryptoPolicy(tenantId: string, policy: TenantCryptoPolicyInput): Promise<TenantCryptoPolicy>;
|
|
267
|
+
/**
|
|
268
|
+
* Update the v1 crypto policy for a tenant (requires If-Match with current ETag).
|
|
269
|
+
*/
|
|
270
|
+
updateTenantCryptoPolicyV1(tenantId: string, policy: CryptoPolicyV1, etag: string): Promise<TenantCryptoPolicyV1Record>;
|
|
271
|
+
/**
|
|
272
|
+
* Enable Tier0 legacy algorithms (time-bounded) for a tenant.
|
|
273
|
+
*/
|
|
274
|
+
enableTier0Legacy(tenantId: string, input: {
|
|
275
|
+
readonly expiry: string;
|
|
276
|
+
}, etag: string): Promise<TenantCryptoPolicyV1Record>;
|
|
277
|
+
/**
|
|
278
|
+
* Disable Tier0 legacy algorithms for a tenant.
|
|
279
|
+
*/
|
|
280
|
+
disableTier0Legacy(tenantId: string, etag: string): Promise<TenantCryptoPolicyV1Record>;
|
|
281
|
+
/**
|
|
282
|
+
* Enable Tier4 experimental algorithms with acknowledgement.
|
|
283
|
+
*/
|
|
284
|
+
enableTier4Experimental(tenantId: string, input: {
|
|
285
|
+
readonly approvedBy: string;
|
|
286
|
+
}, etag: string): Promise<TenantCryptoPolicyV1Record>;
|
|
287
|
+
/**
|
|
288
|
+
* Roll back the v1 crypto policy to a previous history record or policy hash.
|
|
289
|
+
*/
|
|
290
|
+
rollbackTenantCryptoPolicyV1(tenantId: string, input: {
|
|
291
|
+
readonly historyId?: string;
|
|
292
|
+
readonly policyHash?: string;
|
|
293
|
+
}, etag: string): Promise<TenantCryptoPolicyV1Record>;
|
|
180
294
|
/**
|
|
181
295
|
* Get the allowed KEM algorithms for a tenant based on their crypto policy.
|
|
182
296
|
* Convenience method that fetches the policy and returns the allowed algorithms.
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EACX,qBAAqB,EACrB,2BAA2B,EAE3B,MAAM,oBAAoB,CAAC;AAI5B;;;;;GAKG;AAEH,MAAM,WAAW,kBAAkB;IAClC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,CAAC,EAAE,qBAAqB,GAAG,2BAA2B,CAAC;IACzE,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;CAC/B;AAUD,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,WAAW,GAAG,SAAS,GAAG,SAAS,CAAC;AAE1E,MAAM,MAAM,OAAO,GAAG,MAAM,GAAG,WAAW,GAAG,UAAU,CAAC;AAExD;;;GAGG;AACH,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,QAAQ,GAAG,SAAS,GAAG,YAAY,CAAC;AAE/E;;GAEG;AACH,MAAM,MAAM,QAAQ,GACjB,cAAc,GACd,gBAAgB,GAChB,sBAAsB,GACtB,iBAAiB,GACjB,oBAAoB,CAAC;AAExB,MAAM,MAAM,UAAU,GACnB,cAAc,GACd,aAAa,GACb,SAAS,GACT,WAAW,GACX,eAAe,GACf,mBAAmB,GACnB,gBAAgB,GAChB,qBAAqB,GACrB,gBAAgB,GAChB,kBAAkB,GAClB,eAAe,CAAC;AAEnB,MAAM,MAAM,eAAe,GACxB,oBAAoB,GACpB,wBAAwB,GACxB,sBAAsB,GACtB,eAAe,CAAC;AAEnB,MAAM,MAAM,0BAA0B,GAAG,QAAQ,GAAG,QAAQ,GAAG,UAAU,CAAC;AAE1E,MAAM,WAAW,cAAc;IAC9B,QAAQ,CAAC,OAAO,EAAE,IAAI,CAAC;IACvB,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;IAChC,QAAQ,CAAC,OAAO,EAAE,eAAe,CAAC;IAClC,QAAQ,CAAC,YAAY,EAAE,SAAS,QAAQ,EAAE,CAAC;IAC3C,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,oBAAoB,CAAC,EAAE;QAC/B,QAAQ,CAAC,YAAY,EAAE,IAAI,CAAC;QAC5B,QAAQ,CAAC,mBAAmB,EAAE,IAAI,CAAC;QACnC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;QAC5B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;KAC5B,CAAC;IACF,QAAQ,CAAC,SAAS,CAAC,EAAE;QACpB,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC;KAC/B,CAAC;IACF,QAAQ,CAAC,YAAY,EAAE;QACtB,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;QAC9B,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAC;QACnC,QAAQ,CAAC,6BAA6B,EAAE,OAAO,CAAC;QAChD,QAAQ,CAAC,uBAAuB,EAAE,OAAO,CAAC;QAC1C,QAAQ,CAAC,kBAAkB,EAAE,OAAO,CAAC;KACrC,CAAC;CACF;AAED,MAAM,WAAW,0BAA0B;IAC1C,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,IAAI,CAAC;IACvB,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC;IAChC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CACpC;AAED,MAAM,WAAW,iCAAiC;IACjD,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,IAAI,CAAC;IACvB,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC;IAChC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,MAAM,EAAE,0BAA0B,CAAC;IAC5C,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CACpC;AAED,MAAM,WAAW,mCAAmC;IACnD,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,KAAK,EAAE,SAAS,iCAAiC,EAAE,CAAC;CAC7D;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAClC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,UAAU,EAAE,gBAAgB,CAAC;IACtC,QAAQ,CAAC,0BAA0B,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAC;IAC9D,QAAQ,CAAC,gCAAgC,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAC;IACpE,QAAQ,CAAC,gCAAgC,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAC;IACrE,QAAQ,CAAC,yBAAyB,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAC;IAC9D,QAAQ,CAAC,qBAAqB,EAAE,OAAO,CAAC;IACxC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,GAAG,SAAS,CAAC;IAC/C,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACvC,QAAQ,CAAC,UAAU,EAAE,gBAAgB,CAAC;IACtC,QAAQ,CAAC,0BAA0B,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAC;IAC/D,QAAQ,CAAC,gCAAgC,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAC;IACrE,QAAQ,CAAC,qBAAqB,CAAC,EAAE,OAAO,CAAC;IACzC,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IACnC,QAAQ,CAAC,aAAa,EAAE,SAAS,MAAM,EAAE,CAAC;IAC1C,QAAQ,CAAC,mBAAmB,EAAE,SAAS,MAAM,EAAE,CAAC;IAChD,QAAQ,CAAC,mBAAmB,EAAE,MAAM,CAAC;IACrC,QAAQ,CAAC,yBAAyB,EAAE,MAAM,CAAC;CAC3C;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,wBAAwB,EAAE,MAAM,CAAC,gBAAgB,EAAE,mBAAmB,CAiJlF,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CA0GpD,CAAC;AAEF;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAE5D;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,IAAI,EAAE,gBAAgB,GAAG,mBAAmB,CAErF;AAED,MAAM,WAAW,sBAAsB;IACtC,QAAQ,CAAC,uBAAuB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChD,QAAQ,CAAC,aAAa,EAAE,SAAS;QAChC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;QAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;KAC3B,EAAE,CAAC;IACJ,QAAQ,CAAC,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IACzC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1C,QAAQ,CAAC,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;CACzC;AAED,MAAM,WAAW,eAAe;IAC/B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,YAAY;IAC5B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,MAAM;IACtB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC;IAC9B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,cAAc,EAAE,SAAS,MAAM,EAAE,CAAC;IAC3C,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC3C,QAAQ,CAAC,QAAQ,EAAE,sBAAsB,CAAC;IAC1C,QAAQ,CAAC,OAAO,EAAE,SAAS,YAAY,EAAE,CAAC;IAC1C,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,mBAAmB;IACnC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5C,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5C,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS;QAC3B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC;KAC5B,EAAE,CAAC;IACJ,QAAQ,CAAC,QAAQ,EAAE,sBAAsB,CAAC;IAC1C,QAAQ,CAAC,SAAS,CAAC,EAAE,eAAe,CAAC;CACrC;AAED,MAAM,WAAW,mBAAmB;IACnC,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,MAAM,CAAC,EAAE,YAAY,CAAC;IAC/B,QAAQ,CAAC,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5C,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5C,QAAQ,CAAC,QAAQ,EAAE,sBAAsB,CAAC;IAC1C,QAAQ,CAAC,SAAS,CAAC,EAAE,eAAe,CAAC;CACrC;AAED,MAAM,WAAW,mBAAmB;IACnC,QAAQ,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,CAAC;IAClC,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CACnC;AAWD,qBAAa,YAAY;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA6B;IACpD,OAAO,CAAC,QAAQ,CAAC,SAAS,CAA+B;IACzD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,iBAAiB,CAA8B;IACvD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAsB;YAEzC,eAAe;gBAOjB,MAAM,EAAE,kBAAkB;YAkExB,OAAO;YAIP,gBAAgB;IA2G9B,OAAO,CAAC,oBAAoB;IAO5B;;;OAGG;IACG,YAAY,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,MAAM,CAAC;IAoBjE;;;OAGG;IACG,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,MAAM,CAAC;IAkB7E;;;OAGG;IACG,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAS5C;;;OAGG;IACG,WAAW,CAAC,OAAO,CAAC,EAAE;QAC3B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;KACzB,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAiBhC;;;;OAIG;IACG,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAS1E;;;OAGG;IACG,uBAAuB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,0BAA0B,CAAC;IAapF;;OAEG;IACG,+BAA+B,CACpC,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,GACnC,OAAO,CAAC,mCAAmC,CAAC;IAiB/C;;;OAGG;IACG,wBAAwB,CAC7B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,uBAAuB,GAC7B,OAAO,CAAC,kBAAkB,CAAC;IAsB9B;;OAEG;IACG,0BAA0B,CAC/B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,cAAc,EACtB,IAAI,EAAE,MAAM,GACV,OAAO,CAAC,0BAA0B,CAAC;IAoBtC;;OAEG;IACG,iBAAiB,CACtB,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE;QAAE,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;KAAE,EAClC,IAAI,EAAE,MAAM,GACV,OAAO,CAAC,0BAA0B,CAAC;IAoBtC;;OAEG;IACG,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,0BAA0B,CAAC;IAoB7F;;OAEG;IACG,uBAAuB,CAC5B,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE;QAAE,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAA;KAAE,EACtC,IAAI,EAAE,MAAM,GACV,OAAO,CAAC,0BAA0B,CAAC;IAoBtC;;OAEG;IACG,4BAA4B,CACjC,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE;QAAE,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,EACpE,IAAI,EAAE,MAAM,GACV,OAAO,CAAC,0BAA0B,CAAC;IA0BtC;;;OAGG;IACG,uBAAuB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,MAAM,EAAE,CAAC;IAU3E;;;OAGG;IACG,6BAA6B,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,MAAM,EAAE,CAAC;IAajF;;OAEG;IACG,sBAAsB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAO/D;;OAEG;IACG,4BAA4B,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAMrE;AAED,cAAc,oBAAoB,CAAC;AACnC,cAAc,iBAAiB,CAAC"}
|