@restorecommerce/acs-client 0.6.37 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +22 -0
- package/cfg/config.json +4 -70
- package/lib/acs/authz.d.ts +9 -7
- package/lib/acs/authz.js +60 -36
- package/lib/acs/authz.js.map +1 -1
- package/lib/acs/interfaces.d.ts +13 -75
- package/lib/acs/interfaces.js +1 -41
- package/lib/acs/interfaces.js.map +1 -1
- package/lib/acs/resolver.d.ts +9 -11
- package/lib/acs/resolver.js +52 -41
- package/lib/acs/resolver.js.map +1 -1
- package/lib/utils.d.ts +6 -4
- package/lib/utils.js +26 -24
- package/lib/utils.js.map +1 -1
- package/package.json +9 -7
- package/tsconfig.test.json +1 -2
package/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,28 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
|
5
5
|
|
|
6
|
+
# [1.0.0](https://github.com/restorecommerce/libs/compare/@restorecommerce/acs-client@0.6.37...@restorecommerce/acs-client@1.0.0) (2022-08-25)
|
|
7
|
+
|
|
8
|
+
|
|
9
|
+
### Features
|
|
10
|
+
|
|
11
|
+
* move to fully typed grpc client and server ([ec9be2d](https://github.com/restorecommerce/libs/commit/ec9be2daff0823e9ba440a2845b7b1a7f2d74b50))
|
|
12
|
+
* move to fully typed grpc client and server ([aeee2f2](https://github.com/restorecommerce/libs/commit/aeee2f2b7ca470223d7bc42fd7cafd4bb8387796))
|
|
13
|
+
|
|
14
|
+
|
|
15
|
+
### Reverts
|
|
16
|
+
|
|
17
|
+
* Revert "BREAKING CHANGE: move to fully typed grpc client and server" ([2d584a7](https://github.com/restorecommerce/libs/commit/2d584a709632ae608f595a2c836deabd34f671d9))
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
### BREAKING CHANGES
|
|
21
|
+
|
|
22
|
+
* move to fully typed grpc client and server
|
|
23
|
+
|
|
24
|
+
|
|
25
|
+
|
|
26
|
+
|
|
27
|
+
|
|
6
28
|
## [0.6.37](https://github.com/restorecommerce/libs/compare/@restorecommerce/acs-client@0.6.36...@restorecommerce/acs-client@0.6.37) (2022-08-10)
|
|
7
29
|
|
|
8
30
|
**Note:** Version bump only for package @restorecommerce/acs-client
|
package/cfg/config.json
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
"logger": {
|
|
3
3
|
"console": {
|
|
4
4
|
"handleExceptions": false,
|
|
5
|
-
"level": "
|
|
5
|
+
"level": "silly",
|
|
6
6
|
"colorize": true,
|
|
7
7
|
"prettyPrint": true
|
|
8
8
|
}
|
|
@@ -28,66 +28,30 @@
|
|
|
28
28
|
]
|
|
29
29
|
},
|
|
30
30
|
"policy_setCreated": {
|
|
31
|
-
"protos": [
|
|
32
|
-
"io/restorecommerce/policy_set.proto"
|
|
33
|
-
],
|
|
34
|
-
"protoRoot": "node_modules/@restorecommerce/protos/",
|
|
35
31
|
"messageObject": "io.restorecommerce.policy_set.PolicySet"
|
|
36
32
|
},
|
|
37
33
|
"policy_setModified": {
|
|
38
|
-
"protos": [
|
|
39
|
-
"io/restorecommerce/policy_set.proto"
|
|
40
|
-
],
|
|
41
|
-
"protoRoot": "node_modules/@restorecommerce/protos/",
|
|
42
34
|
"messageObject": "io.restorecommerce.policy_set.PolicySet"
|
|
43
35
|
},
|
|
44
36
|
"policy_setDeleted": {
|
|
45
|
-
"protos": [
|
|
46
|
-
"io/restorecommerce/policy_set.proto"
|
|
47
|
-
],
|
|
48
|
-
"protoRoot": "node_modules/@restorecommerce/protos/",
|
|
49
37
|
"messageObject": "io.restorecommerce.policy_set.PolicySet"
|
|
50
38
|
},
|
|
51
39
|
"policyCreated": {
|
|
52
|
-
"protos": [
|
|
53
|
-
"io/restorecommerce/policy.proto"
|
|
54
|
-
],
|
|
55
|
-
"protoRoot": "node_modules/@restorecommerce/protos/",
|
|
56
40
|
"messageObject": "io.restorecommerce.policy.Policy"
|
|
57
41
|
},
|
|
58
42
|
"policyModified": {
|
|
59
|
-
"protos": [
|
|
60
|
-
"io/restorecommerce/policy.proto"
|
|
61
|
-
],
|
|
62
|
-
"protoRoot": "node_modules/@restorecommerce/protos/",
|
|
63
43
|
"messageObject": "io.restorecommerce.policy.Policy"
|
|
64
44
|
},
|
|
65
45
|
"policyDeleted": {
|
|
66
|
-
"protos": [
|
|
67
|
-
"io/restorecommerce/policy.proto"
|
|
68
|
-
],
|
|
69
|
-
"protoRoot": "node_modules/@restorecommerce/protos/",
|
|
70
46
|
"messageObject": "io.restorecommerce.policy.Policy"
|
|
71
47
|
},
|
|
72
48
|
"ruleCreated": {
|
|
73
|
-
"protos": [
|
|
74
|
-
"io/restorecommerce/rule.proto"
|
|
75
|
-
],
|
|
76
|
-
"protoRoot": "node_modules/@restorecommerce/protos/",
|
|
77
49
|
"messageObject": "io.restorecommerce.rule.Rule"
|
|
78
50
|
},
|
|
79
51
|
"ruleModified": {
|
|
80
|
-
"protos": [
|
|
81
|
-
"io/restorecommerce/rule.proto"
|
|
82
|
-
],
|
|
83
|
-
"protoRoot": "node_modules/@restorecommerce/protos/",
|
|
84
52
|
"messageObject": "io.restorecommerce.rule.Rule"
|
|
85
53
|
},
|
|
86
54
|
"ruleDeleted": {
|
|
87
|
-
"protos": [
|
|
88
|
-
"io/restorecommerce/rule.proto"
|
|
89
|
-
],
|
|
90
|
-
"protoRoot": "node_modules/@restorecommerce/protos/",
|
|
91
55
|
"messageObject": "io.restorecommerce.rule.Rule"
|
|
92
56
|
},
|
|
93
57
|
"evictACSCache": {
|
|
@@ -120,43 +84,13 @@
|
|
|
120
84
|
},
|
|
121
85
|
"client": {
|
|
122
86
|
"acs-srv": {
|
|
123
|
-
"address": "localhost:50061"
|
|
124
|
-
"proto": {
|
|
125
|
-
"protoRoot": "node_modules/@restorecommerce/protos/",
|
|
126
|
-
"protoPath": "io/restorecommerce/access_control.proto",
|
|
127
|
-
"services": {
|
|
128
|
-
"acs-srv": {
|
|
129
|
-
"packageName": "io.restorecommerce.access_control",
|
|
130
|
-
"serviceName": "Service"
|
|
131
|
-
}
|
|
132
|
-
}
|
|
133
|
-
}
|
|
87
|
+
"address": "localhost:50061"
|
|
134
88
|
},
|
|
135
89
|
"user": {
|
|
136
|
-
"address": "localhost:50051"
|
|
137
|
-
"proto": {
|
|
138
|
-
"protoRoot": "node_modules/@restorecommerce/protos/",
|
|
139
|
-
"protoPath": "io/restorecommerce/user.proto",
|
|
140
|
-
"services": {
|
|
141
|
-
"user": {
|
|
142
|
-
"packageName": "io.restorecommerce.user",
|
|
143
|
-
"serviceName": "Service"
|
|
144
|
-
}
|
|
145
|
-
}
|
|
146
|
-
}
|
|
90
|
+
"address": "localhost:50051"
|
|
147
91
|
},
|
|
148
92
|
"graph-srv": {
|
|
149
|
-
"address": "localhost:50053"
|
|
150
|
-
"proto": {
|
|
151
|
-
"protoRoot": "node_modules/@restorecommerce/protos/",
|
|
152
|
-
"protoPath": "io/restorecommerce/graph.proto",
|
|
153
|
-
"services": {
|
|
154
|
-
"graph": {
|
|
155
|
-
"packageName": "io.restorecommerce.graph",
|
|
156
|
-
"serviceName": "Service"
|
|
157
|
-
}
|
|
158
|
-
}
|
|
159
|
-
}
|
|
93
|
+
"address": "localhost:50053"
|
|
160
94
|
}
|
|
161
95
|
},
|
|
162
96
|
"authorization": {
|
package/lib/acs/authz.d.ts
CHANGED
|
@@ -1,17 +1,20 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { ACSClientContext, AuthZAction, AuthZContext, AuthZTarget, AuthZWhatIsAllowedTarget, DecisionResponse, IAuthZ, NoAuthTarget, NoAuthWhatIsAllowedTarget, PolicySetRQResponse, Request, Resource } from './interfaces';
|
|
2
|
+
import { ServiceClient } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/access_control';
|
|
3
|
+
import { Attribute } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/attribute';
|
|
4
|
+
import { Subject, DeepPartial } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/auth';
|
|
2
5
|
export declare type Authorizer = ACSAuthZ;
|
|
3
6
|
export declare let authZ: Authorizer;
|
|
4
7
|
export declare const createActionTarget: (action: any) => Attribute[];
|
|
5
|
-
export declare const createSubjectTarget: (subject: Subject) => Attribute[];
|
|
8
|
+
export declare const createSubjectTarget: (subject: DeepPartial<Subject>) => Attribute[];
|
|
6
9
|
export declare const formatResourceType: (type: string, namespacePrefix?: string) => string;
|
|
7
10
|
export declare const createResourceTarget: (resource: Resource[], action: AuthZAction) => Attribute[];
|
|
8
11
|
export declare class UnAuthZ implements IAuthZ {
|
|
9
|
-
acs:
|
|
12
|
+
acs: ServiceClient;
|
|
10
13
|
/**
|
|
11
14
|
*
|
|
12
15
|
* @param acs Access Control Service definition (gRPC)
|
|
13
16
|
*/
|
|
14
|
-
constructor(acs:
|
|
17
|
+
constructor(acs: ServiceClient);
|
|
15
18
|
private encode;
|
|
16
19
|
isAllowed(request: Request<NoAuthTarget, AuthZContext>, ctx: ACSClientContext, useCache: boolean): Promise<DecisionResponse>;
|
|
17
20
|
whatIsAllowed(request: Request<NoAuthWhatIsAllowedTarget, AuthZContext>, ctx: ACSClientContext, useCache: boolean): Promise<PolicySetRQResponse>;
|
|
@@ -20,13 +23,12 @@ export declare class UnAuthZ implements IAuthZ {
|
|
|
20
23
|
* General authorizer. Marshalls data and requests access to the Access Control Service (ACS).
|
|
21
24
|
*/
|
|
22
25
|
export declare class ACSAuthZ implements IAuthZ {
|
|
23
|
-
acs:
|
|
24
|
-
ids: any;
|
|
26
|
+
acs: ServiceClient;
|
|
25
27
|
/**
|
|
26
28
|
*
|
|
27
29
|
* @param acs Access Control Service definition (gRPC)
|
|
28
30
|
*/
|
|
29
|
-
constructor(acs:
|
|
31
|
+
constructor(acs: ServiceClient, ids?: any);
|
|
30
32
|
/**
|
|
31
33
|
* Perform request to access-control-srv
|
|
32
34
|
* @param request - authZRequest containing subject, resources and action
|
package/lib/acs/authz.js
CHANGED
|
@@ -35,6 +35,12 @@ const logger_1 = __importDefault(require("../logger"));
|
|
|
35
35
|
const cache_1 = require("./cache");
|
|
36
36
|
const kafka_client_1 = require("@restorecommerce/kafka-client");
|
|
37
37
|
const utils_1 = require("../utils");
|
|
38
|
+
const access_control_1 = require("@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/access_control");
|
|
39
|
+
const access_control_2 = require("@restorecommerce/rc-grpc-clients/dist/generated/io/restorecommerce/access_control");
|
|
40
|
+
const rule_1 = require("@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/rule");
|
|
41
|
+
const policy_1 = require("@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/policy");
|
|
42
|
+
const policy_set_1 = require("@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/policy_set");
|
|
43
|
+
(0, kafka_client_1.registerProtoMeta)(rule_1.protoMetadata, policy_1.protoMetadata, policy_set_1.protoMetadata);
|
|
38
44
|
const urns = config_1.cfg.get('authorization:urns');
|
|
39
45
|
const createActionTarget = (action) => {
|
|
40
46
|
if (_.isArray(action)) {
|
|
@@ -51,7 +57,8 @@ const createActionTarget = (action) => {
|
|
|
51
57
|
else {
|
|
52
58
|
return [{
|
|
53
59
|
id: urns.actionID,
|
|
54
|
-
value: urns.action + `:${action.valueOf().toLowerCase()}
|
|
60
|
+
value: urns.action + `:${action.valueOf().toLowerCase()}`,
|
|
61
|
+
attribute: []
|
|
55
62
|
}];
|
|
56
63
|
}
|
|
57
64
|
};
|
|
@@ -60,27 +67,30 @@ const createSubjectTarget = (subject) => {
|
|
|
60
67
|
if (subject.unauthenticated) {
|
|
61
68
|
return [{
|
|
62
69
|
id: urns.unauthenticated_user,
|
|
63
|
-
value: 'true'
|
|
70
|
+
value: 'true',
|
|
71
|
+
attribute: []
|
|
64
72
|
}];
|
|
65
73
|
}
|
|
66
74
|
let flattened = [
|
|
67
75
|
{
|
|
68
76
|
id: urns.subjectID,
|
|
69
|
-
value: subject.id
|
|
77
|
+
value: subject.id,
|
|
78
|
+
attribute: []
|
|
70
79
|
}
|
|
71
80
|
];
|
|
72
81
|
if (subject.scope) {
|
|
73
|
-
|
|
82
|
+
flattened = flattened.concat([
|
|
74
83
|
{
|
|
75
84
|
id: urns.roleScopingEntity,
|
|
76
|
-
value: urns.orgScope
|
|
85
|
+
value: urns.orgScope,
|
|
86
|
+
attribute: []
|
|
77
87
|
},
|
|
78
88
|
{
|
|
79
89
|
id: urns.roleScopingInstance,
|
|
80
|
-
value: subject.scope
|
|
90
|
+
value: subject.scope,
|
|
91
|
+
attribute: []
|
|
81
92
|
}
|
|
82
|
-
];
|
|
83
|
-
flattened = flattened.concat(attributes);
|
|
93
|
+
]);
|
|
84
94
|
}
|
|
85
95
|
return flattened;
|
|
86
96
|
};
|
|
@@ -122,21 +132,24 @@ const createResourceTarget = (resource, action) => {
|
|
|
122
132
|
if (resourceType) {
|
|
123
133
|
flattened.push({
|
|
124
134
|
id: urns.entity,
|
|
125
|
-
value: urns.model + `:${resourceType}
|
|
135
|
+
value: urns.model + `:${resourceType}`,
|
|
136
|
+
attribute: []
|
|
126
137
|
});
|
|
127
138
|
}
|
|
128
139
|
// resource-id - urn:oasis:names:tc:xacml:1.0:resource:resource-id
|
|
129
140
|
if (resourceInstance && typeof resourceInstance === 'string') {
|
|
130
141
|
flattened.push({
|
|
131
142
|
id: urns.resourceID,
|
|
132
|
-
value: resourceInstance
|
|
143
|
+
value: resourceInstance,
|
|
144
|
+
attribute: []
|
|
133
145
|
});
|
|
134
146
|
}
|
|
135
147
|
else if (resourceInstance && _.isArray(resourceInstance) && resourceInstance.length > 0) {
|
|
136
148
|
resourceInstance.forEach((instance) => {
|
|
137
149
|
flattened.push({
|
|
138
150
|
id: urns.resourceID,
|
|
139
|
-
value: instance
|
|
151
|
+
value: instance,
|
|
152
|
+
attribute: []
|
|
140
153
|
});
|
|
141
154
|
});
|
|
142
155
|
}
|
|
@@ -145,7 +158,8 @@ const createResourceTarget = (resource, action) => {
|
|
|
145
158
|
resourceProperty.forEach((property) => {
|
|
146
159
|
flattened.push({
|
|
147
160
|
id: urns.property,
|
|
148
|
-
value: urns.model + `:${resourceType}#${property}
|
|
161
|
+
value: urns.model + `:${resourceType}#${property}`,
|
|
162
|
+
attribute: []
|
|
149
163
|
});
|
|
150
164
|
});
|
|
151
165
|
}
|
|
@@ -153,7 +167,8 @@ const createResourceTarget = (resource, action) => {
|
|
|
153
167
|
else {
|
|
154
168
|
flattened.push({
|
|
155
169
|
id: urns.operation,
|
|
156
|
-
value: resourceObj.resource
|
|
170
|
+
value: resourceObj.resource,
|
|
171
|
+
attribute: []
|
|
157
172
|
});
|
|
158
173
|
}
|
|
159
174
|
});
|
|
@@ -194,9 +209,14 @@ class UnAuthZ {
|
|
|
194
209
|
};
|
|
195
210
|
let response;
|
|
196
211
|
try {
|
|
197
|
-
|
|
212
|
+
const isAllowed = await (0, cache_1.getOrFill)(authZRequest, async (req) => {
|
|
198
213
|
return await this.acs.isAllowed(authZRequest);
|
|
199
214
|
}, useCache, 'UnAuthZ:isAllowed');
|
|
215
|
+
response = {
|
|
216
|
+
decision: isAllowed.decision,
|
|
217
|
+
obligation: (0, utils_1.mapResourceURNObligationProperties)(isAllowed.obligation),
|
|
218
|
+
operation_status: isAllowed.operation_status
|
|
219
|
+
};
|
|
200
220
|
}
|
|
201
221
|
catch (err) {
|
|
202
222
|
logger_1.default.error('Error invoking access-control-srv isAllowed operation', { code: err.code, message: err.message, stack: err.stack });
|
|
@@ -204,7 +224,7 @@ class UnAuthZ {
|
|
|
204
224
|
err.code = 500;
|
|
205
225
|
}
|
|
206
226
|
response = {
|
|
207
|
-
decision:
|
|
227
|
+
decision: access_control_2.Response_Decision.DENY,
|
|
208
228
|
operation_status: {
|
|
209
229
|
code: err.code,
|
|
210
230
|
message: err.message
|
|
@@ -214,9 +234,6 @@ class UnAuthZ {
|
|
|
214
234
|
if (_.isEmpty(response)) {
|
|
215
235
|
logger_1.default.error('Unexpected empty response from ACS');
|
|
216
236
|
}
|
|
217
|
-
if (response.obligation && response.obligation.length > 0) {
|
|
218
|
-
response.obligation = (0, utils_1.mapResourceURNObligationProperties)(response.obligation);
|
|
219
|
-
}
|
|
220
237
|
return response;
|
|
221
238
|
}
|
|
222
239
|
async whatIsAllowed(request, ctx, useCache) {
|
|
@@ -233,9 +250,13 @@ class UnAuthZ {
|
|
|
233
250
|
};
|
|
234
251
|
let response;
|
|
235
252
|
try {
|
|
236
|
-
|
|
253
|
+
const whatIsAllowed = await (0, cache_1.getOrFill)(authZRequest, async (req) => {
|
|
237
254
|
return await this.acs.whatIsAllowed(authZRequest);
|
|
238
255
|
}, useCache, 'UnAuthZ:whatIsAllowed');
|
|
256
|
+
response = {
|
|
257
|
+
...whatIsAllowed,
|
|
258
|
+
obligation: (0, utils_1.mapResourceURNObligationProperties)(whatIsAllowed.obligation)
|
|
259
|
+
}; // TODO Decision?
|
|
239
260
|
}
|
|
240
261
|
catch (err) {
|
|
241
262
|
logger_1.default.error('Error invoking access-control-srv whatIsAllowed operation', { code: err.code, message: err.message, stack: err.stack });
|
|
@@ -243,7 +264,7 @@ class UnAuthZ {
|
|
|
243
264
|
err.code = 500;
|
|
244
265
|
}
|
|
245
266
|
response = {
|
|
246
|
-
decision:
|
|
267
|
+
decision: access_control_2.Response_Decision.DENY,
|
|
247
268
|
operation_status: {
|
|
248
269
|
code: err.code,
|
|
249
270
|
message: err.message
|
|
@@ -253,9 +274,6 @@ class UnAuthZ {
|
|
|
253
274
|
if (_.isEmpty(response)) {
|
|
254
275
|
logger_1.default.error('Unexpected empty response from ACS');
|
|
255
276
|
}
|
|
256
|
-
if (response.obligation && response.obligation.length > 0) {
|
|
257
|
-
response.obligation = (0, utils_1.mapResourceURNObligationProperties)(response.obligation);
|
|
258
|
-
}
|
|
259
277
|
return response;
|
|
260
278
|
}
|
|
261
279
|
}
|
|
@@ -299,9 +317,14 @@ class ACSAuthZ {
|
|
|
299
317
|
};
|
|
300
318
|
let response;
|
|
301
319
|
try {
|
|
302
|
-
|
|
320
|
+
const isAllowed = await (0, cache_1.getOrFill)(cacheKey, async (req) => {
|
|
303
321
|
return await this.acs.isAllowed(authZRequest);
|
|
304
322
|
}, useCache, cachePrefix + ':isAllowed');
|
|
323
|
+
response = {
|
|
324
|
+
decision: isAllowed.decision,
|
|
325
|
+
obligation: (0, utils_1.mapResourceURNObligationProperties)(isAllowed.obligation),
|
|
326
|
+
operation_status: isAllowed.operation_status
|
|
327
|
+
};
|
|
305
328
|
}
|
|
306
329
|
catch (err) {
|
|
307
330
|
logger_1.default.error('Error invoking access-control-srv isAllowed operation', { code: err.code, message: err.message, stack: err.stack });
|
|
@@ -309,7 +332,7 @@ class ACSAuthZ {
|
|
|
309
332
|
err.code = 500;
|
|
310
333
|
}
|
|
311
334
|
response = {
|
|
312
|
-
decision:
|
|
335
|
+
decision: access_control_2.Response_Decision.DENY,
|
|
313
336
|
operation_status: {
|
|
314
337
|
code: err.code,
|
|
315
338
|
message: err.message
|
|
@@ -319,9 +342,6 @@ class ACSAuthZ {
|
|
|
319
342
|
if (_.isEmpty(response)) {
|
|
320
343
|
logger_1.default.error('Unexpected empty response from ACS');
|
|
321
344
|
}
|
|
322
|
-
if (response.obligation && response.obligation.length > 0) {
|
|
323
|
-
response.obligation = (0, utils_1.mapResourceURNObligationProperties)(response.obligation);
|
|
324
|
-
}
|
|
325
345
|
return response;
|
|
326
346
|
}
|
|
327
347
|
/**
|
|
@@ -346,9 +366,13 @@ class ACSAuthZ {
|
|
|
346
366
|
authZRequest.context.resources = this.encode(ctx.resources);
|
|
347
367
|
let response;
|
|
348
368
|
try {
|
|
349
|
-
|
|
369
|
+
const whatIsAllowed = await (0, cache_1.getOrFill)(authZRequest, async (req) => {
|
|
350
370
|
return await this.acs.whatIsAllowed(authZRequest);
|
|
351
371
|
}, useCache, cachePrefix + ':whatIsAllowed');
|
|
372
|
+
response = {
|
|
373
|
+
...whatIsAllowed,
|
|
374
|
+
obligation: (0, utils_1.mapResourceURNObligationProperties)(whatIsAllowed.obligation)
|
|
375
|
+
}; // TODO Decision?
|
|
352
376
|
}
|
|
353
377
|
catch (err) {
|
|
354
378
|
logger_1.default.error('Error invoking access-control-srv whatIsAllowed operation', { code: err.code, message: err.message, stack: err.stack });
|
|
@@ -356,7 +380,7 @@ class ACSAuthZ {
|
|
|
356
380
|
err.code = 500;
|
|
357
381
|
}
|
|
358
382
|
response = {
|
|
359
|
-
decision:
|
|
383
|
+
decision: access_control_2.Response_Decision.DENY,
|
|
360
384
|
operation_status: {
|
|
361
385
|
code: err.code,
|
|
362
386
|
message: err.message
|
|
@@ -366,9 +390,6 @@ class ACSAuthZ {
|
|
|
366
390
|
if (_.isEmpty(response)) {
|
|
367
391
|
logger_1.default.error('Unexpected empty response from ACS');
|
|
368
392
|
}
|
|
369
|
-
if (response.obligation && response.obligation.length > 0) {
|
|
370
|
-
response.obligation = (0, utils_1.mapResourceURNObligationProperties)(response.obligation);
|
|
371
|
-
}
|
|
372
393
|
return response;
|
|
373
394
|
}
|
|
374
395
|
encode(object) {
|
|
@@ -425,9 +446,12 @@ const initAuthZ = async (config) => {
|
|
|
425
446
|
if (authzCfg.enabled) {
|
|
426
447
|
const grpcClientConfig = config_1.cfg.get('client');
|
|
427
448
|
const grpcACSConfig = grpcClientConfig['acs-srv'];
|
|
428
|
-
const
|
|
429
|
-
const
|
|
430
|
-
|
|
449
|
+
const channel = (0, grpc_client_1.createChannel)(grpcACSConfig.address);
|
|
450
|
+
const acsClient = (0, grpc_client_1.createClient)({
|
|
451
|
+
...grpcACSConfig,
|
|
452
|
+
logger: logger_1.default
|
|
453
|
+
}, access_control_1.ServiceDefinition, channel);
|
|
454
|
+
exports.authZ = new ACSAuthZ(acsClient);
|
|
431
455
|
// listeners for rules / policies / policySets modified, so as to
|
|
432
456
|
// delete the Cache as it would be invalid if ACS resources are modified
|
|
433
457
|
if (kafkaCfg && kafkaCfg.evictACSCache) {
|
package/lib/acs/authz.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authz.js","sourceRoot":"","sources":["../../src/acs/authz.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0CAA4B;AAC5B,6CAIsB;AACtB,8DAA0D;AAC1D,sCAA8C;AAC9C,uDAA+B;AAC/B,mCAAgD;AAChD,gEAAuD;AACvD,oCAA8D;AAI9D,MAAM,IAAI,GAAG,YAAG,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;AAEpC,MAAM,kBAAkB,GAAG,CAAC,MAAW,EAAe,EAAE;IAC7D,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;QACrB,IAAI,UAAU,GAAG,EAAE,CAAC;QACpB,KAAK,IAAI,UAAU,IAAI,MAAM,EAAE;YAC7B,UAAU,GAAG,UAAU,CAAC,OAAO,EAAE,CAAC,WAAW,EAAE,CAAC;YAChD,UAAU,CAAC,IAAI,CAAC;gBACd,EAAE,EAAE,IAAI,CAAC,QAAQ;gBACjB,KAAK,EAAE,IAAI,CAAC,MAAM,GAAG,IAAI,UAAU,EAAE;aACtC,CAAC,CAAC;SACJ;QACD,OAAO,UAAU,CAAC;KACnB;SACI;QACH,OAAO,CAAC;gBACN,EAAE,EAAE,IAAI,CAAC,QAAQ;gBACjB,KAAK,EAAE,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,WAAW,EAAE,EAAE;aAC1D,CAAC,CAAC;KACJ;AACH,CAAC,CAAC;AAlBW,QAAA,kBAAkB,sBAkB7B;AAEK,MAAM,mBAAmB,GAAG,CAAC,OAAgB,EAAe,EAAE;IACnE,IAAI,OAAO,CAAC,eAAe,EAAE;QAC3B,OAAO,CAAC;gBACN,EAAE,EAAE,IAAI,CAAC,oBAAoB;gBAC7B,KAAK,EAAE,MAAM;aACd,CAAC,CAAC;KACJ;IACD,IAAI,SAAS,GAAG;QACd;YACE,EAAE,EAAE,IAAI,CAAC,SAAS;YAClB,KAAK,EAAE,OAAO,CAAC,EAAE;SAClB;KAAC,CAAC;IAEL,IAAI,OAAO,CAAC,KAAK,EAAE;QACjB,IAAI,UAAU,GAAG;YACf;gBACE,EAAE,EAAE,IAAI,CAAC,iBAAiB;gBAC1B,KAAK,EAAE,IAAI,CAAC,QAAQ;aACrB;YACD;gBACE,EAAE,EAAE,IAAI,CAAC,mBAAmB;gBAC5B,KAAK,EAAE,OAAO,CAAC,KAAK;aACrB;SACF,CAAC;QACF,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;KAC1C;IACD,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AA3BW,QAAA,mBAAmB,uBA2B9B;AAEK,MAAM,kBAAkB,GAAG,CAAC,IAAY,EAAE,eAAwB,EAAU,EAAE;IACnF,mDAAmD;IACnD,MAAM,MAAM,GAAG,IAAI,CAAC;IACpB,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;QAC/C,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IACH,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACpC,IAAI,eAAe,EAAE;QACnB,OAAO,GAAG,eAAe,IAAI,MAAM,IAAI,MAAM,EAAE,CAAC;KACjD;SAAM;QACL,OAAO,GAAG,MAAM,IAAI,MAAM,EAAE,CAAC;KAC9B;AACH,CAAC,CAAC;AAZW,QAAA,kBAAkB,sBAY7B;AAEK,MAAM,oBAAoB,GAAG,CAAC,QAAoB,EAAE,MAAmB,EAAE,EAAE;IAChF,MAAM,SAAS,GAAgB,EAAE,CAAC;IAClC,QAAQ,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;QAC/B,IAAI,MAAM,IAAI,wBAAW,CAAC,OAAO,EAAE;YACjC,IAAI,qBAAqB,GAAG,WAAW,CAAC,QAAQ,CAAC;YACjD,IAAI,gBAAgB,GAAG,WAAW,CAAC,EAAE,CAAC;YACtC,IAAI,gBAAgB,GAAG,WAAW,CAAC,QAAQ,CAAC;YAC5C,IAAI,iBAAiB,EAAE,YAAY,CAAC;YAEpC,IAAI,qBAAqB,IAAI,qBAAqB,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE;gBACpE,iBAAiB,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC,EAAE,qBAAqB,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;gBAC3F,sEAAsE;gBACtE,0CAA0C;gBAC1C,YAAY,GAAG,qBAAqB,CAAC,KAAK,CAAC,qBAAqB,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;aACxF;iBAAM;gBACL,YAAY,GAAG,qBAAqB,CAAC;aACtC;YAED,sDAAsD;YACtD,MAAM,YAAY,GAAG,IAAA,0BAAkB,EAAC,YAAY,EAAE,iBAAiB,CAAC,CAAC;YACzE,IAAI,YAAY,EAAE;gBAChB,SAAS,CAAC,IAAI,CAAC;oBACb,EAAE,EAAE,IAAI,CAAC,MAAM;oBACf,KAAK,EAAE,IAAI,CAAC,KAAK,GAAG,IAAI,YAAY,EAAE;iBACvC,CAAC,CAAC;aACJ;YAED,kEAAkE;YAClE,IAAI,gBAAgB,IAAI,OAAO,gBAAgB,KAAK,QAAQ,EAAE;gBAC5D,SAAS,CAAC,IAAI,CAAC;oBACb,EAAE,EAAE,IAAI,CAAC,UAAU;oBACnB,KAAK,EAAE,gBAAgB;iBACxB,CAAC,CAAC;aACJ;iBAAM,IAAI,gBAAgB,IAAI,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE;gBACzF,gBAAgB,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;oBACpC,SAAS,CAAC,IAAI,CAAC;wBACb,EAAE,EAAE,IAAI,CAAC,UAAU;wBACnB,KAAK,EAAE,QAAQ;qBAChB,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;aACJ;YAED,0DAA0D;YAC1D,IAAI,gBAAgB,IAAI,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE;gBAClF,gBAAgB,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;oBACpC,SAAS,CAAC,IAAI,CAAC;wBACb,EAAE,EAAE,IAAI,CAAC,QAAQ;wBACjB,KAAK,EAAE,IAAI,CAAC,KAAK,GAAG,IAAI,YAAY,IAAI,QAAQ,EAAE;qBACnD,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;aACJ;SACF;aAAM;YACL,SAAS,CAAC,IAAI,CAAC;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS;gBAClB,KAAK,EAAE,WAAW,CAAC,QAAQ;aAC5B,CAAC,CAAC;SACJ;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AA5DW,QAAA,oBAAoB,wBA4D/B;AAEF,MAAa,OAAO;IAElB;;;OAGG;IACH,YAAY,GAAQ;QAClB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAEO,MAAM,CAAC,MAAW;QACxB,IAAI,MAAM,EAAE;YACV,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;gBACrB,OAAO,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;aAC9C;iBAAM;gBACL,OAAO;oBACL,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;iBAC3C,CAAC;aACH;SACF;IACH,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,OAA4C,EAAE,GAAqB,EAAE,QAAiB;QACpG,MAAM,YAAY,GAAG;YACnB,MAAM,EAAE;gBACN,MAAM,EAAE,IAAA,0BAAkB,EAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;gBACjD,OAAO,EAAE,IAAA,2BAAmB,EAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;gBACpD,SAAS,EAAE,IAAA,4BAAoB,EAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;aAChF;YACD,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;gBAC5C,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC;aACtC;SACF,CAAC;QAEF,IAAI,QAA0B,CAAC;QAC/B,IAAI;YACF,QAAQ,GAAG,MAAM,IAAA,iBAAS,EAAC,YAAY,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;gBACrD,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;YAChD,CAAC,EAAE,QAAQ,EAAE,mBAAmB,CAAC,CAAC;SACnC;QAAC,OAAO,GAAG,EAAE;YACZ,gBAAM,CAAC,KAAK,CAAC,uDAAuD,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;YAClI,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;gBACb,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC;aAChB;YACD,QAAQ,GAAG;gBACT,QAAQ,EAAE,qBAAQ,CAAC,IAAI;gBACvB,gBAAgB,EAAE;oBAChB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB;aACF,CAAC;SACH;QAED,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;YACvB,gBAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;SACpD;QAED,IAAG,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,GAAE,CAAC,EAAE;YACvD,QAAQ,CAAC,UAAU,GAAG,IAAA,0CAAkC,EAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;SAC/E;QAED,OAAO,QAAQ,CAAC;IAElB,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,OAAyD,EAC3E,GAAqB,EAAE,QAAiB;QACxC,MAAM,YAAY,GAAG;YACnB,MAAM,EAAE;gBACN,MAAM,EAAE,IAAA,0BAAkB,EAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;gBACjD,OAAO,EAAE,IAAA,2BAAmB,EAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;gBACpD,SAAS,EAAE,IAAA,4BAAoB,EAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;aAChF;YACD,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;gBAC5C,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC;aACtC;SACF,CAAC;QACF,IAAI,QAA6B,CAAC;QAClC,IAAI;YACF,QAAQ,GAAG,MAAM,IAAA,iBAAS,EAAC,YAAY,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;gBACrD,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;YACpD,CAAC,EAAE,QAAQ,EAAE,uBAAuB,CAAC,CAAC;SACvC;QAAC,OAAO,GAAG,EAAE;YACZ,gBAAM,CAAC,KAAK,CAAC,2DAA2D,EAAG,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;YACvI,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;gBACb,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC;aAChB;YACD,QAAQ,GAAG;gBACT,QAAQ,EAAE,qBAAQ,CAAC,IAAI;gBACvB,gBAAgB,EAAE;oBAChB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB;aACF,CAAC;SACH;QAED,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;YACvB,gBAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;SACpD;QAED,IAAG,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,GAAE,CAAC,EAAE;YACvD,QAAQ,CAAC,UAAU,GAAG,IAAA,0CAAkC,EAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;SAC/E;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF;AA5GD,0BA4GC;AAED;;GAEG;AACH,MAAa,QAAQ;IAGnB;;;OAGG;IACH,YAAY,GAAQ,EAAE,GAAS;QAC7B,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,SAAS,CAAC,OAA2C,EAAE,GAAqB,EAAE,QAAQ;QAC1F,MAAM,YAAY,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,YAAY,CAAC,OAAO,GAAG;YACrB,OAAO,EAAE,EAAE;YACX,SAAS,EAAE,EAAE;YACb,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;SAChD,CAAC;QACF,MAAM,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACxD,IAAI,WAAW,GAAG,UAAU,CAAC;QAE7B,IAAI,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,KAAK,SAAS,EAAE;YAC3C,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,GAAG,GAAG,GAAG,WAAW,CAAC;SAC7D;QAED,YAAY,CAAC,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACpD,YAAY,CAAC,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAE5D,oFAAoF;QACpF,8EAA8E;QAC9E,4EAA4E;QAC5E,IAAI,QAAQ,GAAG;YACb,MAAM,EAAE,YAAY,CAAC,MAAM;SAC5B,CAAC;QACF,IAAI,QAA0B,CAAC;QAC/B,IAAI;YACF,QAAQ,GAAG,MAAM,IAAA,iBAAS,EAAC,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;gBACjD,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;YAChD,CAAC,EAAE,QAAQ,EAAE,WAAW,GAAG,YAAY,CAAC,CAAC;SAC1C;QAAC,OAAO,GAAG,EAAE;YACZ,gBAAM,CAAC,KAAK,CAAC,uDAAuD,EAAG,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;YACnI,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;gBACb,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC;aAChB;YACD,QAAQ,GAAG;gBACT,QAAQ,EAAE,qBAAQ,CAAC,IAAI;gBACvB,gBAAgB,EAAE;oBAChB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB;aACF,CAAC;SACH;QAED,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;YACvB,gBAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;SACpD;QAED,IAAG,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,GAAE,CAAC,EAAE;YACvD,QAAQ,CAAC,UAAU,GAAG,IAAA,0CAAkC,EAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;SAC/E;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;;;;MAKE;IACF,KAAK,CAAC,aAAa,CAAC,OAAwD,EAC1E,GAAqB,EAAE,QAAiB;QACxC,MAAM,YAAY,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,YAAY,CAAC,OAAO,GAAG;YACrB,OAAO,EAAE,EAAE;YACX,SAAS,EAAE,EAAE;YACb,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;SAChD,CAAC;QACF,MAAM,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QAExD,IAAI,WAAW,GAAG,UAAU,CAAC;QAE7B,IAAI,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,KAAK,SAAS,EAAE;YAC3C,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,GAAG,GAAG,GAAG,WAAW,CAAC;SAC7D;QAED,YAAY,CAAC,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACpD,YAAY,CAAC,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAE5D,IAAI,QAA6B,CAAC;QAClC,IAAI;YACF,QAAQ,GAAG,MAAM,IAAA,iBAAS,EAAC,YAAY,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;gBACrD,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;YACpD,CAAC,EAAE,QAAQ,EAAE,WAAW,GAAG,gBAAgB,CAAC,CAAC;SAC9C;QAAC,OAAO,GAAG,EAAE;YACZ,gBAAM,CAAC,KAAK,CAAC,2DAA2D,EAAG,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;YACvI,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;gBACb,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC;aAChB;YACD,QAAQ,GAAG;gBACT,QAAQ,EAAE,qBAAQ,CAAC,IAAI;gBACvB,gBAAgB,EAAE;oBAChB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB;aACF,CAAC;SACH;QAED,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;YACvB,gBAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;SACpD;QAED,IAAG,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,GAAE,CAAC,EAAE;YACvD,QAAQ,CAAC,UAAU,GAAG,IAAA,0CAAkC,EAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;SAC/E;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,MAAM,CAAC,MAAW;QACxB,IAAI,MAAM,EAAE;YACV,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;gBACrB,OAAO,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;aAC9C;iBAAM;gBACL,OAAO;oBACL,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;iBAC3C,CAAC;aACH;SACF;IACH,CAAC;IAED,cAAc,CAAC,OAAsE;QACnF,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;QACnD,MAAM,YAAY,GAAQ;YACxB,MAAM,EAAE;gBACN,MAAM,EAAE,IAAA,0BAAkB,EAAC,MAAM,CAAC;gBAClC,OAAO,EAAE,IAAA,2BAAmB,EAAC,OAAO,CAAC;aACtC;SACF,CAAC;QACF,YAAY,CAAC,MAAM,CAAC,SAAS,GAAG,IAAA,4BAAoB,EAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACvE,OAAO,YAAY,CAAC;IACtB,CAAC;CACF;AAnJD,4BAmJC;AAED,MAAM,SAAS,GAAG;IAChB,mBAAmB;IACnB,oBAAoB;IACpB,mBAAmB;IACnB,eAAe;IACf,gBAAgB;IAChB,eAAe;IACf,aAAa;IACb,cAAc;IACd,aAAa;CACd,CAAC;AAEF,MAAM,aAAa,GAAG,KAAK,EAAE,GAAQ,EACnC,OAAY,EAAE,MAAW,EAAE,SAAiB,EAAgB,EAAE;IAC9D,IAAI,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,EAAE;QACrC,2CAA2C;QAC3C,gBAAM,CAAC,IAAI,CAAC,kBAAkB,SAAS,+BAA+B,CAAC,CAAC;QACxE,MAAM,IAAA,kBAAU,GAAE,CAAC;KACpB;AACH,CAAC,CAAC;AAEK,MAAM,SAAS,GAAG,KAAK,EAAE,MAAY,EAA4B,EAAE;IACxE,IAAI,CAAC,aAAK,EAAE;QACV,IAAI,MAAM,EAAE;YACV,IAAA,qBAAY,EAAC,MAAM,CAAC,CAAC;SACtB;QACD,MAAM,QAAQ,GAAG,YAAG,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QAC1C,MAAM,QAAQ,GAAG,YAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACzC,wCAAwC;QACxC,IAAI,QAAQ,CAAC,OAAO,EAAE;YACpB,MAAM,gBAAgB,GAAG,YAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC3C,MAAM,aAAa,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;YAClD,MAAM,SAAS,GAAG,IAAI,wBAAU,CAAC,aAAa,EAAE,gBAAM,CAAC,CAAC;YACxD,MAAM,GAAG,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC;YACjC,aAAK,GAAG,IAAI,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC1B,iEAAiE;YACjE,wEAAwE;YACxE,IAAI,QAAQ,IAAI,QAAQ,CAAC,aAAa,EAAE;gBACtC,MAAM,MAAM,GAAG,IAAI,qBAAM,CAAC,QAAQ,EAAE,gBAAM,CAAC,CAAC;gBAC5C,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;gBACrB,KAAK,IAAI,UAAU,IAAI,QAAQ,CAAC,aAAa,EAAE;oBAC7C,IAAI,QAAQ,GAAG,QAAQ,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;oBAClD,IAAI,KAAK,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;oBAC/C,IAAI,QAAQ,CAAC,MAAM,EAAE;wBACnB,KAAK,IAAI,SAAS,IAAI,QAAQ,CAAC,MAAM,EAAE;4BACrC,MAAM,KAAK,CAAC,EAAE,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;yBAC1C;qBACF;iBACF;aACF;YACD,OAAO,aAAK,CAAC;SACd;KACF;IACD,OAAO,aAAK,CAAC;AACf,CAAC,CAAC;AAjCW,QAAA,SAAS,aAiCpB"}
|
|
1
|
+
{"version":3,"file":"authz.js","sourceRoot":"","sources":["../../src/acs/authz.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0CAA4B;AAC5B,6CAasB;AACtB,8DAA2E;AAC3E,sCAA8C;AAC9C,uDAA+B;AAC/B,mCAAgD;AAChD,gEAA0E;AAC1E,oCAA8D;AAC9D,6HAGkG;AAClG,sHAAsH;AAGtH,yGAA2H;AAC3H,6GAA+H;AAC/H,qHAAsI;AAEtI,IAAA,gCAAiB,EACf,oBAAQ,EACR,sBAAU,EACV,0BAAa,CACd,CAAC;AAIF,MAAM,IAAI,GAAG,YAAG,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;AAEpC,MAAM,kBAAkB,GAAG,CAAC,MAAW,EAAe,EAAE;IAC7D,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;QACrB,IAAI,UAAU,GAAG,EAAE,CAAC;QACpB,KAAK,IAAI,UAAU,IAAI,MAAM,EAAE;YAC7B,UAAU,GAAG,UAAU,CAAC,OAAO,EAAE,CAAC,WAAW,EAAE,CAAC;YAChD,UAAU,CAAC,IAAI,CAAC;gBACd,EAAE,EAAE,IAAI,CAAC,QAAQ;gBACjB,KAAK,EAAE,IAAI,CAAC,MAAM,GAAG,IAAI,UAAU,EAAE;aACtC,CAAC,CAAC;SACJ;QACD,OAAO,UAAU,CAAC;KACnB;SACI;QACH,OAAO,CAAC;gBACN,EAAE,EAAE,IAAI,CAAC,QAAQ;gBACjB,KAAK,EAAE,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,WAAW,EAAE,EAAE;gBACzD,SAAS,EAAE,EAAE;aACd,CAAC,CAAC;KACJ;AACH,CAAC,CAAC;AAnBW,QAAA,kBAAkB,sBAmB7B;AAEK,MAAM,mBAAmB,GAAG,CAAC,OAA6B,EAAe,EAAE;IAChF,IAAI,OAAO,CAAC,eAAe,EAAE;QAC3B,OAAO,CAAC;gBACN,EAAE,EAAE,IAAI,CAAC,oBAAoB;gBAC7B,KAAK,EAAE,MAAM;gBACb,SAAS,EAAE,EAAE;aACd,CAAC,CAAC;KACJ;IACD,IAAI,SAAS,GAAgB;QAC3B;YACE,EAAE,EAAE,IAAI,CAAC,SAAS;YAClB,KAAK,EAAE,OAAO,CAAC,EAAE;YACjB,SAAS,EAAE,EAAE;SACd;KACF,CAAC;IAEF,IAAI,OAAO,CAAC,KAAK,EAAE;QACjB,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC;YAC3B;gBACE,EAAE,EAAE,IAAI,CAAC,iBAAiB;gBAC1B,KAAK,EAAE,IAAI,CAAC,QAAQ;gBACpB,SAAS,EAAE,EAAE;aACd;YACD;gBACE,EAAE,EAAE,IAAI,CAAC,mBAAmB;gBAC5B,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,SAAS,EAAE,EAAE;aACd;SACF,CAAC,CAAC;KACJ;IACD,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AA/BW,QAAA,mBAAmB,uBA+B9B;AAEK,MAAM,kBAAkB,GAAG,CAAC,IAAY,EAAE,eAAwB,EAAU,EAAE;IACnF,mDAAmD;IACnD,MAAM,MAAM,GAAG,IAAI,CAAC;IACpB,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;QAC/C,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IACH,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACpC,IAAI,eAAe,EAAE;QACnB,OAAO,GAAG,eAAe,IAAI,MAAM,IAAI,MAAM,EAAE,CAAC;KACjD;SAAM;QACL,OAAO,GAAG,MAAM,IAAI,MAAM,EAAE,CAAC;KAC9B;AACH,CAAC,CAAC;AAZW,QAAA,kBAAkB,sBAY7B;AAEK,MAAM,oBAAoB,GAAG,CAAC,QAAoB,EAAE,MAAmB,EAAE,EAAE;IAChF,MAAM,SAAS,GAAgB,EAAE,CAAC;IAClC,QAAQ,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;QAC/B,IAAI,MAAM,IAAI,wBAAW,CAAC,OAAO,EAAE;YACjC,IAAI,qBAAqB,GAAG,WAAW,CAAC,QAAQ,CAAC;YACjD,IAAI,gBAAgB,GAAG,WAAW,CAAC,EAAE,CAAC;YACtC,IAAI,gBAAgB,GAAG,WAAW,CAAC,QAAQ,CAAC;YAC5C,IAAI,iBAAiB,EAAE,YAAY,CAAC;YAEpC,IAAI,qBAAqB,IAAI,qBAAqB,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE;gBACpE,iBAAiB,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC,EAAE,qBAAqB,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;gBAC3F,sEAAsE;gBACtE,0CAA0C;gBAC1C,YAAY,GAAG,qBAAqB,CAAC,KAAK,CAAC,qBAAqB,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;aACxF;iBAAM;gBACL,YAAY,GAAG,qBAAqB,CAAC;aACtC;YAED,sDAAsD;YACtD,MAAM,YAAY,GAAG,IAAA,0BAAkB,EAAC,YAAY,EAAE,iBAAiB,CAAC,CAAC;YACzE,IAAI,YAAY,EAAE;gBAChB,SAAS,CAAC,IAAI,CAAC;oBACb,EAAE,EAAE,IAAI,CAAC,MAAM;oBACf,KAAK,EAAE,IAAI,CAAC,KAAK,GAAG,IAAI,YAAY,EAAE;oBACtC,SAAS,EAAE,EAAE;iBACd,CAAC,CAAC;aACJ;YAED,kEAAkE;YAClE,IAAI,gBAAgB,IAAI,OAAO,gBAAgB,KAAK,QAAQ,EAAE;gBAC5D,SAAS,CAAC,IAAI,CAAC;oBACb,EAAE,EAAE,IAAI,CAAC,UAAU;oBACnB,KAAK,EAAE,gBAAgB;oBACvB,SAAS,EAAE,EAAE;iBACd,CAAC,CAAC;aACJ;iBAAM,IAAI,gBAAgB,IAAI,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE;gBACzF,gBAAgB,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;oBACpC,SAAS,CAAC,IAAI,CAAC;wBACb,EAAE,EAAE,IAAI,CAAC,UAAU;wBACnB,KAAK,EAAE,QAAQ;wBACf,SAAS,EAAE,EAAE;qBACd,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;aACJ;YAED,0DAA0D;YAC1D,IAAI,gBAAgB,IAAI,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE;gBAClF,gBAAgB,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;oBACpC,SAAS,CAAC,IAAI,CAAC;wBACb,EAAE,EAAE,IAAI,CAAC,QAAQ;wBACjB,KAAK,EAAE,IAAI,CAAC,KAAK,GAAG,IAAI,YAAY,IAAI,QAAQ,EAAE;wBAClD,SAAS,EAAE,EAAE;qBACd,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;aACJ;SACF;aAAM;YACL,SAAS,CAAC,IAAI,CAAC;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS;gBAClB,KAAK,EAAE,WAAW,CAAC,QAAQ;gBAC3B,SAAS,EAAE,EAAE;aACd,CAAC,CAAC;SACJ;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AAjEW,QAAA,oBAAoB,wBAiE/B;AAEF,MAAa,OAAO;IAElB;;;OAGG;IACH,YAAY,GAAkB;QAC5B,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAEO,MAAM,CAAC,MAAW;QACxB,IAAI,MAAM,EAAE;YACV,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;gBACrB,OAAO,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;aAC9C;iBAAM;gBACL,OAAO;oBACL,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;iBAC3C,CAAC;aACH;SACF;IACH,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,OAA4C,EAAE,GAAqB,EAAE,QAAiB;QACpG,MAAM,YAAY,GAAG;YACnB,MAAM,EAAE;gBACN,MAAM,EAAE,IAAA,0BAAkB,EAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;gBACjD,OAAO,EAAE,IAAA,2BAAmB,EAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;gBACpD,SAAS,EAAE,IAAA,4BAAoB,EAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;aAChF;YACD,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;gBAC5C,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC;aACtC;SACF,CAAC;QAEF,IAAI,QAA0B,CAAC;QAC/B,IAAI;YACF,MAAM,SAAS,GAAG,MAAM,IAAA,iBAAS,EAAC,YAAY,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;gBAC5D,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;YAChD,CAAC,EAAE,QAAQ,EAAE,mBAAmB,CAAC,CAAC;YAElC,QAAQ,GAAG;gBACT,QAAQ,EAAE,SAAS,CAAC,QAAQ;gBAC5B,UAAU,EAAE,IAAA,0CAAkC,EAAC,SAAS,CAAC,UAAU,CAAC;gBACpE,gBAAgB,EAAE,SAAS,CAAC,gBAAgB;aAC7C,CAAC;SACH;QAAC,OAAO,GAAG,EAAE;YACZ,gBAAM,CAAC,KAAK,CAAC,uDAAuD,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;YAClI,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;gBACb,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC;aAChB;YACD,QAAQ,GAAG;gBACT,QAAQ,EAAE,kCAAiB,CAAC,IAAI;gBAChC,gBAAgB,EAAE;oBAChB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB;aACF,CAAC;SACH;QAED,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;YACvB,gBAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;SACpD;QAED,OAAO,QAAQ,CAAC;IAElB,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,OAAyD,EAC3E,GAAqB,EAAE,QAAiB;QACxC,MAAM,YAAY,GAAG;YACnB,MAAM,EAAE;gBACN,MAAM,EAAE,IAAA,0BAAkB,EAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;gBACjD,OAAO,EAAE,IAAA,2BAAmB,EAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;gBACpD,SAAS,EAAE,IAAA,4BAAoB,EAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;aAChF;YACD,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;gBAC5C,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC;aACtC;SACF,CAAC;QACF,IAAI,QAA6B,CAAC;QAClC,IAAI;YACF,MAAM,aAAa,GAAG,MAAM,IAAA,iBAAS,EAAC,YAAY,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;gBAChE,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;YACpD,CAAC,EAAE,QAAQ,EAAE,uBAAuB,CAAC,CAAC;YAEtC,QAAQ,GAAG;gBACT,GAAG,aAAa;gBAChB,UAAU,EAAE,IAAA,0CAAkC,EAAC,aAAa,CAAC,UAAU,CAAC;aAClE,CAAC,CAAC,iBAAiB;SAC5B;QAAC,OAAO,GAAG,EAAE;YACZ,gBAAM,CAAC,KAAK,CAAC,2DAA2D,EAAG,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;YACvI,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;gBACb,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC;aAChB;YACD,QAAQ,GAAG;gBACT,QAAQ,EAAE,kCAAiB,CAAC,IAAI;gBAChC,gBAAgB,EAAE;oBAChB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB;aACF,CAAC;SACH;QAED,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;YACvB,gBAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;SACpD;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF;AA/GD,0BA+GC;AAED;;GAEG;AACH,MAAa,QAAQ;IAEnB;;;OAGG;IACH,YAAY,GAAkB,EAAE,GAAS;QACvC,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,SAAS,CAAC,OAA2C,EAAE,GAAqB,EAAE,QAAQ;QAC1F,MAAM,YAAY,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,YAAY,CAAC,OAAO,GAAG;YACrB,OAAO,EAAE,EAAE;YACX,SAAS,EAAE,EAAE;YACb,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;SAChD,CAAC;QACF,MAAM,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACxD,IAAI,WAAW,GAAG,UAAU,CAAC;QAE7B,IAAI,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,KAAK,SAAS,EAAE;YAC3C,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,GAAG,GAAG,GAAG,WAAW,CAAC;SAC7D;QAED,YAAY,CAAC,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACpD,YAAY,CAAC,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAE5D,oFAAoF;QACpF,8EAA8E;QAC9E,4EAA4E;QAC5E,IAAI,QAAQ,GAAG;YACb,MAAM,EAAE,YAAY,CAAC,MAAM;SAC5B,CAAC;QACF,IAAI,QAA0B,CAAC;QAC/B,IAAI;YACF,MAAM,SAAS,GAAG,MAAM,IAAA,iBAAS,EAAC,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;gBACxD,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;YAChD,CAAC,EAAE,QAAQ,EAAE,WAAW,GAAG,YAAY,CAAC,CAAC;YAEzC,QAAQ,GAAG;gBACT,QAAQ,EAAE,SAAS,CAAC,QAAQ;gBAC5B,UAAU,EAAE,IAAA,0CAAkC,EAAC,SAAS,CAAC,UAAU,CAAC;gBACpE,gBAAgB,EAAE,SAAS,CAAC,gBAAgB;aAC7C,CAAC;SACH;QAAC,OAAO,GAAG,EAAE;YACZ,gBAAM,CAAC,KAAK,CAAC,uDAAuD,EAAG,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;YACnI,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;gBACb,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC;aAChB;YACD,QAAQ,GAAG;gBACT,QAAQ,EAAE,kCAAiB,CAAC,IAAI;gBAChC,gBAAgB,EAAE;oBAChB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB;aACF,CAAC;SACH;QAED,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;YACvB,gBAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;SACpD;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;;;;MAKE;IACF,KAAK,CAAC,aAAa,CAAC,OAAwD,EAC1E,GAAqB,EAAE,QAAiB;QACxC,MAAM,YAAY,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,YAAY,CAAC,OAAO,GAAG;YACrB,OAAO,EAAE,EAAE;YACX,SAAS,EAAE,EAAE;YACb,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;SAChD,CAAC;QACF,MAAM,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QAExD,IAAI,WAAW,GAAG,UAAU,CAAC;QAE7B,IAAI,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,KAAK,SAAS,EAAE;YAC3C,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,GAAG,GAAG,GAAG,WAAW,CAAC;SAC7D;QAED,YAAY,CAAC,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACpD,YAAY,CAAC,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAE5D,IAAI,QAA6B,CAAC;QAClC,IAAI;YACF,MAAM,aAAa,GAAG,MAAM,IAAA,iBAAS,EAAC,YAAY,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;gBAChE,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;YACpD,CAAC,EAAE,QAAQ,EAAE,WAAW,GAAG,gBAAgB,CAAC,CAAC;YAE7C,QAAQ,GAAG;gBACT,GAAG,aAAa;gBAChB,UAAU,EAAE,IAAA,0CAAkC,EAAC,aAAa,CAAC,UAAU,CAAC;aAClE,CAAC,CAAC,iBAAiB;SAC5B;QAAC,OAAO,GAAG,EAAE;YACZ,gBAAM,CAAC,KAAK,CAAC,2DAA2D,EAAG,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;YACvI,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;gBACb,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC;aAChB;YACD,QAAQ,GAAG;gBACT,QAAQ,EAAE,kCAAiB,CAAC,IAAI;gBAChC,gBAAgB,EAAE;oBAChB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB;aACF,CAAC;SACH;QAED,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;YACvB,gBAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;SACpD;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,MAAM,CAAC,MAAW;QACxB,IAAI,MAAM,EAAE;YACV,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;gBACrB,OAAO,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;aAC9C;iBAAM;gBACL,OAAO;oBACL,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;iBAC3C,CAAC;aACH;SACF;IACH,CAAC;IAED,cAAc,CAAC,OAAsE;QACnF,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;QACnD,MAAM,YAAY,GAAQ;YACxB,MAAM,EAAE;gBACN,MAAM,EAAE,IAAA,0BAAkB,EAAC,MAAM,CAAC;gBAClC,OAAO,EAAE,IAAA,2BAAmB,EAAC,OAAO,CAAC;aACtC;SACF,CAAC;QACF,YAAY,CAAC,MAAM,CAAC,SAAS,GAAG,IAAA,4BAAoB,EAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACvE,OAAO,YAAY,CAAC;IACtB,CAAC;CACF;AArJD,4BAqJC;AAED,MAAM,SAAS,GAAG;IAChB,mBAAmB;IACnB,oBAAoB;IACpB,mBAAmB;IACnB,eAAe;IACf,gBAAgB;IAChB,eAAe;IACf,aAAa;IACb,cAAc;IACd,aAAa;CACd,CAAC;AAEF,MAAM,aAAa,GAAG,KAAK,EAAE,GAAQ,EACnC,OAAY,EAAE,MAAW,EAAE,SAAiB,EAAgB,EAAE;IAC9D,IAAI,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,EAAE;QACrC,2CAA2C;QAC3C,gBAAM,CAAC,IAAI,CAAC,kBAAkB,SAAS,+BAA+B,CAAC,CAAC;QACxE,MAAM,IAAA,kBAAU,GAAE,CAAC;KACpB;AACH,CAAC,CAAC;AAEK,MAAM,SAAS,GAAG,KAAK,EAAE,MAAY,EAA4B,EAAE;IACxE,IAAI,CAAC,aAAK,EAAE;QACV,IAAI,MAAM,EAAE;YACV,IAAA,qBAAY,EAAC,MAAM,CAAC,CAAC;SACtB;QACD,MAAM,QAAQ,GAAG,YAAG,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QAC1C,MAAM,QAAQ,GAAG,YAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACzC,wCAAwC;QACxC,IAAI,QAAQ,CAAC,OAAO,EAAE;YACpB,MAAM,gBAAgB,GAAG,YAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC3C,MAAM,aAAa,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;YAClD,MAAM,OAAO,GAAG,IAAA,2BAAa,EAAC,aAAa,CAAC,OAAO,CAAC,CAAC;YACrD,MAAM,SAAS,GAAkB,IAAA,0BAAY,EAAC;gBAC5C,GAAG,aAAa;gBAChB,MAAM,EAAN,gBAAM;aACP,EAAE,kCAAiB,EAAE,OAAO,CAAC,CAAC;YAC/B,aAAK,GAAG,IAAI,QAAQ,CAAC,SAAS,CAAC,CAAC;YAChC,iEAAiE;YACjE,wEAAwE;YACxE,IAAI,QAAQ,IAAI,QAAQ,CAAC,aAAa,EAAE;gBACtC,MAAM,MAAM,GAAG,IAAI,qBAAM,CAAC,QAAQ,EAAE,gBAAM,CAAC,CAAC;gBAC5C,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;gBACrB,KAAK,IAAI,UAAU,IAAI,QAAQ,CAAC,aAAa,EAAE;oBAC7C,IAAI,QAAQ,GAAG,QAAQ,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;oBAClD,IAAI,KAAK,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;oBAC/C,IAAI,QAAQ,CAAC,MAAM,EAAE;wBACnB,KAAK,IAAI,SAAS,IAAI,QAAQ,CAAC,MAAM,EAAE;4BACrC,MAAM,KAAK,CAAC,EAAE,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;yBAC1C;qBACF;iBACF;aACF;YACD,OAAO,aAAK,CAAC;SACd;KACF;IACD,OAAO,aAAK,CAAC;AACf,CAAC,CAAC;AApCW,QAAA,SAAS,aAoCpB"}
|
package/lib/acs/interfaces.d.ts
CHANGED
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
import { Attribute } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/attribute';
|
|
2
|
+
import { RoleAssociation, Subject, DeepPartial } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/auth';
|
|
3
|
+
import { Meta } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/meta';
|
|
4
|
+
import { FilterOp } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/resource_base';
|
|
5
|
+
import { Response_Decision } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/access_control';
|
|
6
|
+
import { Effect } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/rule';
|
|
1
7
|
export declare enum AuthZAction {
|
|
2
8
|
CREATE = "CREATE",
|
|
3
9
|
READ = "READ",
|
|
@@ -27,7 +33,7 @@ export interface CtxResource {
|
|
|
27
33
|
[key: string]: any;
|
|
28
34
|
}
|
|
29
35
|
export interface ACSClientContext {
|
|
30
|
-
subject?: Subject
|
|
36
|
+
subject?: DeepPartial<Subject>;
|
|
31
37
|
resources?: CtxResource[];
|
|
32
38
|
}
|
|
33
39
|
export interface Database {
|
|
@@ -50,23 +56,12 @@ export interface ResolvedSubject {
|
|
|
50
56
|
role_associations?: RoleAssociation[];
|
|
51
57
|
hierarchical_scopes?: HierarchicalScope[];
|
|
52
58
|
}
|
|
53
|
-
export interface Subject {
|
|
54
|
-
id?: string;
|
|
55
|
-
scope?: string;
|
|
56
|
-
unauthenticated?: boolean;
|
|
57
|
-
token?: string;
|
|
58
|
-
}
|
|
59
|
-
export declare enum Decision {
|
|
60
|
-
PERMIT = "PERMIT",
|
|
61
|
-
DENY = "DENY",
|
|
62
|
-
INDETERMINATE = "INDETERMINATE"
|
|
63
|
-
}
|
|
64
59
|
export interface Obligation {
|
|
65
60
|
resource: string;
|
|
66
61
|
property: string[];
|
|
67
62
|
}
|
|
68
63
|
export interface DecisionResponse {
|
|
69
|
-
decision:
|
|
64
|
+
decision: Response_Decision;
|
|
70
65
|
obligation?: Obligation[];
|
|
71
66
|
operation_status: {
|
|
72
67
|
code: number;
|
|
@@ -83,7 +78,7 @@ export interface Request<TTarget, TContext> {
|
|
|
83
78
|
context: TContext;
|
|
84
79
|
}
|
|
85
80
|
export interface Response {
|
|
86
|
-
decision:
|
|
81
|
+
decision: Response_Decision;
|
|
87
82
|
}
|
|
88
83
|
/**
|
|
89
84
|
* isAllowed Authorization interface
|
|
@@ -107,7 +102,7 @@ export interface AuthZContext {
|
|
|
107
102
|
}
|
|
108
103
|
export interface ResourceData {
|
|
109
104
|
id: string;
|
|
110
|
-
meta:
|
|
105
|
+
meta: Meta;
|
|
111
106
|
[key: string]: any;
|
|
112
107
|
}
|
|
113
108
|
export interface AuthZRequest extends Request<AuthZTarget, AuthZContext> {
|
|
@@ -115,7 +110,7 @@ export interface AuthZRequest extends Request<AuthZTarget, AuthZContext> {
|
|
|
115
110
|
context: AuthZContext;
|
|
116
111
|
}
|
|
117
112
|
export interface AuthZResponse extends Response {
|
|
118
|
-
decision:
|
|
113
|
+
decision: Response_Decision;
|
|
119
114
|
obligation: string;
|
|
120
115
|
}
|
|
121
116
|
export interface IAuthZ extends AuthZ<AuthZSubject | UnauthenticatedData, AuthZContext, Resource[], AuthZAction> {
|
|
@@ -138,21 +133,6 @@ export interface UnauthenticatedSession {
|
|
|
138
133
|
export interface UnauthenticatedData {
|
|
139
134
|
unauthenticated: true;
|
|
140
135
|
}
|
|
141
|
-
export interface Attribute {
|
|
142
|
-
id: string;
|
|
143
|
-
value: string;
|
|
144
|
-
attribute?: Attribute[];
|
|
145
|
-
}
|
|
146
|
-
export interface RoleAssociation {
|
|
147
|
-
role: string;
|
|
148
|
-
attributes?: Attribute[];
|
|
149
|
-
}
|
|
150
|
-
export interface MetaInfo {
|
|
151
|
-
created: number;
|
|
152
|
-
modified: number;
|
|
153
|
-
modified_by: string;
|
|
154
|
-
owner: Attribute[];
|
|
155
|
-
}
|
|
156
136
|
export interface UserScope {
|
|
157
137
|
role_associations: RoleAssociation[];
|
|
158
138
|
scopeOrganization: string;
|
|
@@ -169,27 +149,9 @@ export interface PolicySetRQ extends AccessControlObjectInterface {
|
|
|
169
149
|
combining_algorithm?: string;
|
|
170
150
|
policies?: PolicyRQ[];
|
|
171
151
|
}
|
|
172
|
-
export declare enum FilterValueType {
|
|
173
|
-
STRING = 0,
|
|
174
|
-
NUMBER = 1,
|
|
175
|
-
BOOLEAN = 2,
|
|
176
|
-
DATE = 3,
|
|
177
|
-
ARRAY = 4
|
|
178
|
-
}
|
|
179
|
-
export interface Filter {
|
|
180
|
-
field: string;
|
|
181
|
-
operation: FilterOperation;
|
|
182
|
-
value: string;
|
|
183
|
-
type?: FilterValueType;
|
|
184
|
-
filters?: Filters[];
|
|
185
|
-
}
|
|
186
|
-
export interface Filters {
|
|
187
|
-
filter?: Filter[];
|
|
188
|
-
operator?: OperatorType;
|
|
189
|
-
}
|
|
190
152
|
export interface ResourceFilterMap {
|
|
191
153
|
resource: string;
|
|
192
|
-
filters:
|
|
154
|
+
filters: FilterOp[];
|
|
193
155
|
}
|
|
194
156
|
export interface CustomQueryArgs {
|
|
195
157
|
resource: string;
|
|
@@ -201,7 +163,7 @@ export interface PolicySetRQResponse extends AccessControlObjectInterface {
|
|
|
201
163
|
filters?: ResourceFilterMap[];
|
|
202
164
|
custom_query_args?: CustomQueryArgs[];
|
|
203
165
|
obligation?: Obligation[];
|
|
204
|
-
decision:
|
|
166
|
+
decision: Response_Decision;
|
|
205
167
|
operation_status: {
|
|
206
168
|
code: number;
|
|
207
169
|
message: string;
|
|
@@ -219,15 +181,6 @@ export interface AttributeTarget {
|
|
|
219
181
|
resources: Attribute[];
|
|
220
182
|
action: Attribute[];
|
|
221
183
|
}
|
|
222
|
-
export declare enum Effect {
|
|
223
|
-
PERMIT = "PERMIT",
|
|
224
|
-
DENY = "DENY",
|
|
225
|
-
INDETERMINATE = "INDETERMINATE"
|
|
226
|
-
}
|
|
227
|
-
export interface ACSRequest {
|
|
228
|
-
target: TargetReq;
|
|
229
|
-
context: Context;
|
|
230
|
-
}
|
|
231
184
|
export interface TargetReq {
|
|
232
185
|
subject: Attribute[];
|
|
233
186
|
resources: Attribute[];
|
|
@@ -238,18 +191,3 @@ export interface Context {
|
|
|
238
191
|
resources: any[];
|
|
239
192
|
security: any;
|
|
240
193
|
}
|
|
241
|
-
export declare enum FilterOperation {
|
|
242
|
-
eq = 0,
|
|
243
|
-
lt = 1,
|
|
244
|
-
lte = 2,
|
|
245
|
-
gt = 3,
|
|
246
|
-
gte = 4,
|
|
247
|
-
isEmpty = 5,
|
|
248
|
-
iLike = 6,
|
|
249
|
-
in = 7,
|
|
250
|
-
neq = 8
|
|
251
|
-
}
|
|
252
|
-
export declare enum OperatorType {
|
|
253
|
-
and = 0,
|
|
254
|
-
or = 1
|
|
255
|
-
}
|