@spotify/backstage-plugin-rbac-common 0.3.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +17 -0
  2. package/dist/index.cjs.js +1 -1
  3. package/dist/index.d.ts +1147 -647
  4. package/dist/index.esm.js +1 -1
  5. package/package.json +6 -6
package/dist/index.d.ts CHANGED
@@ -1,6 +1,7 @@
1
1
  import * as _backstage_plugin_permission_common from '@backstage/plugin-permission-common';
2
2
  import { PermissionCondition, PermissionCriteria, AllOfCriteria, AnyOfCriteria, NotCriteria, Permission, PermissionRuleParam, PermissionRuleParams } from '@backstage/plugin-permission-common';
3
3
  import { z } from 'zod';
4
+ import { CompoundEntityRef } from '@backstage/catalog-model';
4
5
 
5
6
  /** @public */
6
7
  declare const PolicyDefaultName = "Untitled policy";
@@ -18,11 +19,11 @@ declare const ConditionalDecisionParser: z.ZodObject<{
18
19
  }, "strip", z.ZodTypeAny, {
19
20
  pluginId: string;
20
21
  resourceType: string;
21
- conditions: PermissionCriteria<RBACPermissionCondition>;
22
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
22
23
  }, {
23
24
  pluginId: string;
24
25
  resourceType: string;
25
- conditions: PermissionCriteria<RBACPermissionCondition>;
26
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
26
27
  }>;
27
28
  /** @public */
28
29
  declare const LiteralDecisionParser: z.ZodUnion<[z.ZodLiteral<"allow">, z.ZodLiteral<"deny">]>;
@@ -34,11 +35,11 @@ declare const PermissionDecisionParser: z.ZodUnion<[z.ZodUnion<[z.ZodLiteral<"al
34
35
  }, "strip", z.ZodTypeAny, {
35
36
  pluginId: string;
36
37
  resourceType: string;
37
- conditions: PermissionCriteria<RBACPermissionCondition>;
38
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
38
39
  }, {
39
40
  pluginId: string;
40
41
  resourceType: string;
41
- conditions: PermissionCriteria<RBACPermissionCondition>;
42
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
42
43
  }>]>;
43
44
  /** @public */
44
45
  declare const PermissionMatchParser: z.ZodUnion<[z.ZodLiteral<"*">, z.ZodObject<{
@@ -77,60 +78,92 @@ declare const RolePermissionParser: z.ZodEffects<z.ZodObject<{
77
78
  }, "strip", z.ZodTypeAny, {
78
79
  pluginId: string;
79
80
  resourceType: string;
80
- conditions: PermissionCriteria<RBACPermissionCondition>;
81
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
81
82
  }, {
82
83
  pluginId: string;
83
84
  resourceType: string;
84
- conditions: PermissionCriteria<RBACPermissionCondition>;
85
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
85
86
  }>]>;
86
87
  }, "strip", z.ZodTypeAny, {
87
88
  id: string;
88
- match: "*" | {
89
+ match: ("*" | {
89
90
  name?: string | undefined;
90
91
  actions?: string[] | undefined;
91
92
  resourceType?: string | undefined;
92
- };
93
- decision: "allow" | {
93
+ }) & ("*" | {
94
+ name?: string | undefined;
95
+ actions?: string[] | undefined;
96
+ resourceType?: string | undefined;
97
+ } | undefined);
98
+ decision: ("allow" | {
94
99
  pluginId: string;
95
100
  resourceType: string;
96
- conditions: PermissionCriteria<RBACPermissionCondition>;
97
- } | "deny";
101
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
102
+ } | "deny") & ("allow" | {
103
+ pluginId: string;
104
+ resourceType: string;
105
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
106
+ } | "deny" | undefined);
98
107
  }, {
99
- id?: string | undefined;
100
- match: "*" | {
108
+ match: ("*" | {
101
109
  name?: string | undefined;
102
110
  actions?: string[] | undefined;
103
111
  resourceType?: string | undefined;
104
- };
105
- decision: "allow" | {
112
+ }) & ("*" | {
113
+ name?: string | undefined;
114
+ actions?: string[] | undefined;
115
+ resourceType?: string | undefined;
116
+ } | undefined);
117
+ decision: ("allow" | {
118
+ pluginId: string;
119
+ resourceType: string;
120
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
121
+ } | "deny") & ("allow" | {
106
122
  pluginId: string;
107
123
  resourceType: string;
108
- conditions: PermissionCriteria<RBACPermissionCondition>;
109
- } | "deny";
124
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
125
+ } | "deny" | undefined);
126
+ id?: string | undefined;
110
127
  }>, {
111
128
  id: string;
112
- match: "*" | {
129
+ match: ("*" | {
113
130
  name?: string | undefined;
114
131
  actions?: string[] | undefined;
115
132
  resourceType?: string | undefined;
116
- };
117
- decision: "allow" | {
133
+ }) & ("*" | {
134
+ name?: string | undefined;
135
+ actions?: string[] | undefined;
136
+ resourceType?: string | undefined;
137
+ } | undefined);
138
+ decision: ("allow" | {
139
+ pluginId: string;
140
+ resourceType: string;
141
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
142
+ } | "deny") & ("allow" | {
118
143
  pluginId: string;
119
144
  resourceType: string;
120
- conditions: PermissionCriteria<RBACPermissionCondition>;
121
- } | "deny";
145
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
146
+ } | "deny" | undefined);
122
147
  }, {
123
- id?: string | undefined;
124
- match: "*" | {
148
+ match: ("*" | {
125
149
  name?: string | undefined;
126
150
  actions?: string[] | undefined;
127
151
  resourceType?: string | undefined;
128
- };
129
- decision: "allow" | {
152
+ }) & ("*" | {
153
+ name?: string | undefined;
154
+ actions?: string[] | undefined;
155
+ resourceType?: string | undefined;
156
+ } | undefined);
157
+ decision: ("allow" | {
158
+ pluginId: string;
159
+ resourceType: string;
160
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
161
+ } | "deny") & ("allow" | {
130
162
  pluginId: string;
131
163
  resourceType: string;
132
- conditions: PermissionCriteria<RBACPermissionCondition>;
133
- } | "deny";
164
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
165
+ } | "deny" | undefined);
166
+ id?: string | undefined;
134
167
  }>;
135
168
  /** @public */
136
169
  declare const RolePermissionsParser: z.ZodEffects<z.ZodArray<z.ZodEffects<z.ZodObject<{
@@ -155,84 +188,132 @@ declare const RolePermissionsParser: z.ZodEffects<z.ZodArray<z.ZodEffects<z.ZodO
155
188
  }, "strip", z.ZodTypeAny, {
156
189
  pluginId: string;
157
190
  resourceType: string;
158
- conditions: PermissionCriteria<RBACPermissionCondition>;
191
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
159
192
  }, {
160
193
  pluginId: string;
161
194
  resourceType: string;
162
- conditions: PermissionCriteria<RBACPermissionCondition>;
195
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
163
196
  }>]>;
164
197
  }, "strip", z.ZodTypeAny, {
165
198
  id: string;
166
- match: "*" | {
199
+ match: ("*" | {
167
200
  name?: string | undefined;
168
201
  actions?: string[] | undefined;
169
202
  resourceType?: string | undefined;
170
- };
171
- decision: "allow" | {
203
+ }) & ("*" | {
204
+ name?: string | undefined;
205
+ actions?: string[] | undefined;
206
+ resourceType?: string | undefined;
207
+ } | undefined);
208
+ decision: ("allow" | {
172
209
  pluginId: string;
173
210
  resourceType: string;
174
- conditions: PermissionCriteria<RBACPermissionCondition>;
175
- } | "deny";
211
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
212
+ } | "deny") & ("allow" | {
213
+ pluginId: string;
214
+ resourceType: string;
215
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
216
+ } | "deny" | undefined);
176
217
  }, {
177
- id?: string | undefined;
178
- match: "*" | {
218
+ match: ("*" | {
179
219
  name?: string | undefined;
180
220
  actions?: string[] | undefined;
181
221
  resourceType?: string | undefined;
182
- };
183
- decision: "allow" | {
222
+ }) & ("*" | {
223
+ name?: string | undefined;
224
+ actions?: string[] | undefined;
225
+ resourceType?: string | undefined;
226
+ } | undefined);
227
+ decision: ("allow" | {
228
+ pluginId: string;
229
+ resourceType: string;
230
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
231
+ } | "deny") & ("allow" | {
184
232
  pluginId: string;
185
233
  resourceType: string;
186
- conditions: PermissionCriteria<RBACPermissionCondition>;
187
- } | "deny";
234
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
235
+ } | "deny" | undefined);
236
+ id?: string | undefined;
188
237
  }>, {
189
238
  id: string;
190
- match: "*" | {
239
+ match: ("*" | {
191
240
  name?: string | undefined;
192
241
  actions?: string[] | undefined;
193
242
  resourceType?: string | undefined;
194
- };
195
- decision: "allow" | {
243
+ }) & ("*" | {
244
+ name?: string | undefined;
245
+ actions?: string[] | undefined;
246
+ resourceType?: string | undefined;
247
+ } | undefined);
248
+ decision: ("allow" | {
249
+ pluginId: string;
250
+ resourceType: string;
251
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
252
+ } | "deny") & ("allow" | {
196
253
  pluginId: string;
197
254
  resourceType: string;
198
- conditions: PermissionCriteria<RBACPermissionCondition>;
199
- } | "deny";
255
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
256
+ } | "deny" | undefined);
200
257
  }, {
201
- id?: string | undefined;
202
- match: "*" | {
258
+ match: ("*" | {
203
259
  name?: string | undefined;
204
260
  actions?: string[] | undefined;
205
261
  resourceType?: string | undefined;
206
- };
207
- decision: "allow" | {
262
+ }) & ("*" | {
263
+ name?: string | undefined;
264
+ actions?: string[] | undefined;
265
+ resourceType?: string | undefined;
266
+ } | undefined);
267
+ decision: ("allow" | {
268
+ pluginId: string;
269
+ resourceType: string;
270
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
271
+ } | "deny") & ("allow" | {
208
272
  pluginId: string;
209
273
  resourceType: string;
210
- conditions: PermissionCriteria<RBACPermissionCondition>;
211
- } | "deny";
274
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
275
+ } | "deny" | undefined);
276
+ id?: string | undefined;
212
277
  }>, "many">, {
213
278
  id: string;
214
- match: "*" | {
279
+ match: ("*" | {
215
280
  name?: string | undefined;
216
281
  actions?: string[] | undefined;
217
282
  resourceType?: string | undefined;
218
- };
219
- decision: "allow" | {
283
+ }) & ("*" | {
284
+ name?: string | undefined;
285
+ actions?: string[] | undefined;
286
+ resourceType?: string | undefined;
287
+ } | undefined);
288
+ decision: ("allow" | {
220
289
  pluginId: string;
221
290
  resourceType: string;
222
- conditions: PermissionCriteria<RBACPermissionCondition>;
223
- } | "deny";
291
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
292
+ } | "deny") & ("allow" | {
293
+ pluginId: string;
294
+ resourceType: string;
295
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
296
+ } | "deny" | undefined);
224
297
  }[], {
225
- id?: string | undefined;
226
- match: "*" | {
298
+ match: ("*" | {
227
299
  name?: string | undefined;
228
300
  actions?: string[] | undefined;
229
301
  resourceType?: string | undefined;
230
- };
231
- decision: "allow" | {
302
+ }) & ("*" | {
303
+ name?: string | undefined;
304
+ actions?: string[] | undefined;
305
+ resourceType?: string | undefined;
306
+ } | undefined);
307
+ decision: ("allow" | {
308
+ pluginId: string;
309
+ resourceType: string;
310
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
311
+ } | "deny") & ("allow" | {
232
312
  pluginId: string;
233
313
  resourceType: string;
234
- conditions: PermissionCriteria<RBACPermissionCondition>;
235
- } | "deny";
314
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
315
+ } | "deny" | undefined);
316
+ id?: string | undefined;
236
317
  }[]>;
237
318
  /** @public */
238
319
  declare const RoleParser: z.ZodObject<{
@@ -261,119 +342,183 @@ declare const RoleParser: z.ZodObject<{
261
342
  }, "strip", z.ZodTypeAny, {
262
343
  pluginId: string;
263
344
  resourceType: string;
264
- conditions: PermissionCriteria<RBACPermissionCondition>;
345
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
265
346
  }, {
266
347
  pluginId: string;
267
348
  resourceType: string;
268
- conditions: PermissionCriteria<RBACPermissionCondition>;
349
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
269
350
  }>]>;
270
351
  }, "strip", z.ZodTypeAny, {
271
352
  id: string;
272
- match: "*" | {
353
+ match: ("*" | {
354
+ name?: string | undefined;
355
+ actions?: string[] | undefined;
356
+ resourceType?: string | undefined;
357
+ }) & ("*" | {
273
358
  name?: string | undefined;
274
359
  actions?: string[] | undefined;
275
360
  resourceType?: string | undefined;
276
- };
277
- decision: "allow" | {
361
+ } | undefined);
362
+ decision: ("allow" | {
363
+ pluginId: string;
364
+ resourceType: string;
365
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
366
+ } | "deny") & ("allow" | {
278
367
  pluginId: string;
279
368
  resourceType: string;
280
- conditions: PermissionCriteria<RBACPermissionCondition>;
281
- } | "deny";
369
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
370
+ } | "deny" | undefined);
282
371
  }, {
283
- id?: string | undefined;
284
- match: "*" | {
372
+ match: ("*" | {
285
373
  name?: string | undefined;
286
374
  actions?: string[] | undefined;
287
375
  resourceType?: string | undefined;
288
- };
289
- decision: "allow" | {
376
+ }) & ("*" | {
377
+ name?: string | undefined;
378
+ actions?: string[] | undefined;
379
+ resourceType?: string | undefined;
380
+ } | undefined);
381
+ decision: ("allow" | {
382
+ pluginId: string;
383
+ resourceType: string;
384
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
385
+ } | "deny") & ("allow" | {
290
386
  pluginId: string;
291
387
  resourceType: string;
292
- conditions: PermissionCriteria<RBACPermissionCondition>;
293
- } | "deny";
388
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
389
+ } | "deny" | undefined);
390
+ id?: string | undefined;
294
391
  }>, {
295
392
  id: string;
296
- match: "*" | {
393
+ match: ("*" | {
394
+ name?: string | undefined;
395
+ actions?: string[] | undefined;
396
+ resourceType?: string | undefined;
397
+ }) & ("*" | {
297
398
  name?: string | undefined;
298
399
  actions?: string[] | undefined;
299
400
  resourceType?: string | undefined;
300
- };
301
- decision: "allow" | {
401
+ } | undefined);
402
+ decision: ("allow" | {
403
+ pluginId: string;
404
+ resourceType: string;
405
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
406
+ } | "deny") & ("allow" | {
302
407
  pluginId: string;
303
408
  resourceType: string;
304
- conditions: PermissionCriteria<RBACPermissionCondition>;
305
- } | "deny";
409
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
410
+ } | "deny" | undefined);
306
411
  }, {
307
- id?: string | undefined;
308
- match: "*" | {
412
+ match: ("*" | {
309
413
  name?: string | undefined;
310
414
  actions?: string[] | undefined;
311
415
  resourceType?: string | undefined;
312
- };
313
- decision: "allow" | {
416
+ }) & ("*" | {
417
+ name?: string | undefined;
418
+ actions?: string[] | undefined;
419
+ resourceType?: string | undefined;
420
+ } | undefined);
421
+ decision: ("allow" | {
422
+ pluginId: string;
423
+ resourceType: string;
424
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
425
+ } | "deny") & ("allow" | {
314
426
  pluginId: string;
315
427
  resourceType: string;
316
- conditions: PermissionCriteria<RBACPermissionCondition>;
317
- } | "deny";
428
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
429
+ } | "deny" | undefined);
430
+ id?: string | undefined;
318
431
  }>, "many">, {
319
432
  id: string;
320
- match: "*" | {
433
+ match: ("*" | {
434
+ name?: string | undefined;
435
+ actions?: string[] | undefined;
436
+ resourceType?: string | undefined;
437
+ }) & ("*" | {
321
438
  name?: string | undefined;
322
439
  actions?: string[] | undefined;
323
440
  resourceType?: string | undefined;
324
- };
325
- decision: "allow" | {
441
+ } | undefined);
442
+ decision: ("allow" | {
443
+ pluginId: string;
444
+ resourceType: string;
445
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
446
+ } | "deny") & ("allow" | {
326
447
  pluginId: string;
327
448
  resourceType: string;
328
- conditions: PermissionCriteria<RBACPermissionCondition>;
329
- } | "deny";
449
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
450
+ } | "deny" | undefined);
330
451
  }[], {
331
- id?: string | undefined;
332
- match: "*" | {
452
+ match: ("*" | {
333
453
  name?: string | undefined;
334
454
  actions?: string[] | undefined;
335
455
  resourceType?: string | undefined;
336
- };
337
- decision: "allow" | {
456
+ }) & ("*" | {
457
+ name?: string | undefined;
458
+ actions?: string[] | undefined;
459
+ resourceType?: string | undefined;
460
+ } | undefined);
461
+ decision: ("allow" | {
462
+ pluginId: string;
463
+ resourceType: string;
464
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
465
+ } | "deny") & ("allow" | {
338
466
  pluginId: string;
339
467
  resourceType: string;
340
- conditions: PermissionCriteria<RBACPermissionCondition>;
341
- } | "deny";
468
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
469
+ } | "deny" | undefined);
470
+ id?: string | undefined;
342
471
  }[]>;
343
472
  }, "strip", z.ZodTypeAny, {
344
473
  id: string;
345
- members: string[] | "*";
474
+ members: (string[] | "*") & (string[] | "*" | undefined);
346
475
  name: string;
347
476
  permissions: {
348
477
  id: string;
349
- match: "*" | {
478
+ match: ("*" | {
479
+ name?: string | undefined;
480
+ actions?: string[] | undefined;
481
+ resourceType?: string | undefined;
482
+ }) & ("*" | {
350
483
  name?: string | undefined;
351
484
  actions?: string[] | undefined;
352
485
  resourceType?: string | undefined;
353
- };
354
- decision: "allow" | {
486
+ } | undefined);
487
+ decision: ("allow" | {
488
+ pluginId: string;
489
+ resourceType: string;
490
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
491
+ } | "deny") & ("allow" | {
355
492
  pluginId: string;
356
493
  resourceType: string;
357
- conditions: PermissionCriteria<RBACPermissionCondition>;
358
- } | "deny";
494
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
495
+ } | "deny" | undefined);
359
496
  }[];
360
497
  }, {
361
- id?: string | undefined;
362
- members: string[] | "*";
498
+ members: (string[] | "*") & (string[] | "*" | undefined);
363
499
  name: string;
364
500
  permissions: {
365
- id?: string | undefined;
366
- match: "*" | {
501
+ match: ("*" | {
502
+ name?: string | undefined;
503
+ actions?: string[] | undefined;
504
+ resourceType?: string | undefined;
505
+ }) & ("*" | {
367
506
  name?: string | undefined;
368
507
  actions?: string[] | undefined;
369
508
  resourceType?: string | undefined;
370
- };
371
- decision: "allow" | {
509
+ } | undefined);
510
+ decision: ("allow" | {
372
511
  pluginId: string;
373
512
  resourceType: string;
374
- conditions: PermissionCriteria<RBACPermissionCondition>;
375
- } | "deny";
513
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
514
+ } | "deny") & ("allow" | {
515
+ pluginId: string;
516
+ resourceType: string;
517
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
518
+ } | "deny" | undefined);
519
+ id?: string | undefined;
376
520
  }[];
521
+ id?: string | undefined;
377
522
  }>;
378
523
  /** @public */
379
524
  declare const RolesParser: z.ZodEffects<z.ZodDefault<z.ZodArray<z.ZodObject<{
@@ -402,159 +547,256 @@ declare const RolesParser: z.ZodEffects<z.ZodDefault<z.ZodArray<z.ZodObject<{
402
547
  }, "strip", z.ZodTypeAny, {
403
548
  pluginId: string;
404
549
  resourceType: string;
405
- conditions: PermissionCriteria<RBACPermissionCondition>;
550
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
406
551
  }, {
407
552
  pluginId: string;
408
553
  resourceType: string;
409
- conditions: PermissionCriteria<RBACPermissionCondition>;
554
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
410
555
  }>]>;
411
556
  }, "strip", z.ZodTypeAny, {
412
557
  id: string;
413
- match: "*" | {
558
+ match: ("*" | {
414
559
  name?: string | undefined;
415
560
  actions?: string[] | undefined;
416
561
  resourceType?: string | undefined;
417
- };
418
- decision: "allow" | {
562
+ }) & ("*" | {
563
+ name?: string | undefined;
564
+ actions?: string[] | undefined;
565
+ resourceType?: string | undefined;
566
+ } | undefined);
567
+ decision: ("allow" | {
568
+ pluginId: string;
569
+ resourceType: string;
570
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
571
+ } | "deny") & ("allow" | {
419
572
  pluginId: string;
420
573
  resourceType: string;
421
- conditions: PermissionCriteria<RBACPermissionCondition>;
422
- } | "deny";
574
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
575
+ } | "deny" | undefined);
423
576
  }, {
424
- id?: string | undefined;
425
- match: "*" | {
577
+ match: ("*" | {
578
+ name?: string | undefined;
579
+ actions?: string[] | undefined;
580
+ resourceType?: string | undefined;
581
+ }) & ("*" | {
426
582
  name?: string | undefined;
427
583
  actions?: string[] | undefined;
428
584
  resourceType?: string | undefined;
429
- };
430
- decision: "allow" | {
585
+ } | undefined);
586
+ decision: ("allow" | {
587
+ pluginId: string;
588
+ resourceType: string;
589
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
590
+ } | "deny") & ("allow" | {
431
591
  pluginId: string;
432
592
  resourceType: string;
433
- conditions: PermissionCriteria<RBACPermissionCondition>;
434
- } | "deny";
593
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
594
+ } | "deny" | undefined);
595
+ id?: string | undefined;
435
596
  }>, {
436
597
  id: string;
437
- match: "*" | {
598
+ match: ("*" | {
438
599
  name?: string | undefined;
439
600
  actions?: string[] | undefined;
440
601
  resourceType?: string | undefined;
441
- };
442
- decision: "allow" | {
602
+ }) & ("*" | {
603
+ name?: string | undefined;
604
+ actions?: string[] | undefined;
605
+ resourceType?: string | undefined;
606
+ } | undefined);
607
+ decision: ("allow" | {
608
+ pluginId: string;
609
+ resourceType: string;
610
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
611
+ } | "deny") & ("allow" | {
443
612
  pluginId: string;
444
613
  resourceType: string;
445
- conditions: PermissionCriteria<RBACPermissionCondition>;
446
- } | "deny";
614
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
615
+ } | "deny" | undefined);
447
616
  }, {
448
- id?: string | undefined;
449
- match: "*" | {
617
+ match: ("*" | {
618
+ name?: string | undefined;
619
+ actions?: string[] | undefined;
620
+ resourceType?: string | undefined;
621
+ }) & ("*" | {
450
622
  name?: string | undefined;
451
623
  actions?: string[] | undefined;
452
624
  resourceType?: string | undefined;
453
- };
454
- decision: "allow" | {
625
+ } | undefined);
626
+ decision: ("allow" | {
627
+ pluginId: string;
628
+ resourceType: string;
629
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
630
+ } | "deny") & ("allow" | {
455
631
  pluginId: string;
456
632
  resourceType: string;
457
- conditions: PermissionCriteria<RBACPermissionCondition>;
458
- } | "deny";
633
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
634
+ } | "deny" | undefined);
635
+ id?: string | undefined;
459
636
  }>, "many">, {
460
637
  id: string;
461
- match: "*" | {
638
+ match: ("*" | {
462
639
  name?: string | undefined;
463
640
  actions?: string[] | undefined;
464
641
  resourceType?: string | undefined;
465
- };
466
- decision: "allow" | {
642
+ }) & ("*" | {
643
+ name?: string | undefined;
644
+ actions?: string[] | undefined;
645
+ resourceType?: string | undefined;
646
+ } | undefined);
647
+ decision: ("allow" | {
648
+ pluginId: string;
649
+ resourceType: string;
650
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
651
+ } | "deny") & ("allow" | {
467
652
  pluginId: string;
468
653
  resourceType: string;
469
- conditions: PermissionCriteria<RBACPermissionCondition>;
470
- } | "deny";
654
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
655
+ } | "deny" | undefined);
471
656
  }[], {
472
- id?: string | undefined;
473
- match: "*" | {
657
+ match: ("*" | {
658
+ name?: string | undefined;
659
+ actions?: string[] | undefined;
660
+ resourceType?: string | undefined;
661
+ }) & ("*" | {
474
662
  name?: string | undefined;
475
663
  actions?: string[] | undefined;
476
664
  resourceType?: string | undefined;
477
- };
478
- decision: "allow" | {
665
+ } | undefined);
666
+ decision: ("allow" | {
667
+ pluginId: string;
668
+ resourceType: string;
669
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
670
+ } | "deny") & ("allow" | {
479
671
  pluginId: string;
480
672
  resourceType: string;
481
- conditions: PermissionCriteria<RBACPermissionCondition>;
482
- } | "deny";
673
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
674
+ } | "deny" | undefined);
675
+ id?: string | undefined;
483
676
  }[]>;
484
677
  }, "strip", z.ZodTypeAny, {
485
678
  id: string;
486
- members: string[] | "*";
679
+ members: (string[] | "*") & (string[] | "*" | undefined);
487
680
  name: string;
488
681
  permissions: {
489
682
  id: string;
490
- match: "*" | {
683
+ match: ("*" | {
491
684
  name?: string | undefined;
492
685
  actions?: string[] | undefined;
493
686
  resourceType?: string | undefined;
494
- };
495
- decision: "allow" | {
687
+ }) & ("*" | {
688
+ name?: string | undefined;
689
+ actions?: string[] | undefined;
690
+ resourceType?: string | undefined;
691
+ } | undefined);
692
+ decision: ("allow" | {
693
+ pluginId: string;
694
+ resourceType: string;
695
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
696
+ } | "deny") & ("allow" | {
496
697
  pluginId: string;
497
698
  resourceType: string;
498
- conditions: PermissionCriteria<RBACPermissionCondition>;
499
- } | "deny";
699
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
700
+ } | "deny" | undefined);
500
701
  }[];
501
702
  }, {
502
- id?: string | undefined;
503
- members: string[] | "*";
703
+ members: (string[] | "*") & (string[] | "*" | undefined);
504
704
  name: string;
505
705
  permissions: {
506
- id?: string | undefined;
507
- match: "*" | {
706
+ match: ("*" | {
707
+ name?: string | undefined;
708
+ actions?: string[] | undefined;
709
+ resourceType?: string | undefined;
710
+ }) & ("*" | {
508
711
  name?: string | undefined;
509
712
  actions?: string[] | undefined;
510
713
  resourceType?: string | undefined;
511
- };
512
- decision: "allow" | {
714
+ } | undefined);
715
+ decision: ("allow" | {
716
+ pluginId: string;
717
+ resourceType: string;
718
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
719
+ } | "deny") & ("allow" | {
513
720
  pluginId: string;
514
721
  resourceType: string;
515
- conditions: PermissionCriteria<RBACPermissionCondition>;
516
- } | "deny";
722
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
723
+ } | "deny" | undefined);
724
+ id?: string | undefined;
517
725
  }[];
726
+ id?: string | undefined;
518
727
  }>, "many">>, {
519
728
  id: string;
520
- members: string[] | "*";
729
+ members: (string[] | "*") & (string[] | "*" | undefined);
521
730
  name: string;
522
731
  permissions: {
523
732
  id: string;
524
- match: "*" | {
733
+ match: ("*" | {
734
+ name?: string | undefined;
735
+ actions?: string[] | undefined;
736
+ resourceType?: string | undefined;
737
+ }) & ("*" | {
525
738
  name?: string | undefined;
526
739
  actions?: string[] | undefined;
527
740
  resourceType?: string | undefined;
528
- };
529
- decision: "allow" | {
741
+ } | undefined);
742
+ decision: ("allow" | {
743
+ pluginId: string;
744
+ resourceType: string;
745
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
746
+ } | "deny") & ("allow" | {
530
747
  pluginId: string;
531
748
  resourceType: string;
532
- conditions: PermissionCriteria<RBACPermissionCondition>;
533
- } | "deny";
749
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
750
+ } | "deny" | undefined);
534
751
  }[];
535
752
  }[], {
536
- id?: string | undefined;
537
- members: string[] | "*";
753
+ members: (string[] | "*") & (string[] | "*" | undefined);
538
754
  name: string;
539
755
  permissions: {
540
- id?: string | undefined;
541
- match: "*" | {
756
+ match: ("*" | {
757
+ name?: string | undefined;
758
+ actions?: string[] | undefined;
759
+ resourceType?: string | undefined;
760
+ }) & ("*" | {
542
761
  name?: string | undefined;
543
762
  actions?: string[] | undefined;
544
763
  resourceType?: string | undefined;
545
- };
546
- decision: "allow" | {
764
+ } | undefined);
765
+ decision: ("allow" | {
547
766
  pluginId: string;
548
767
  resourceType: string;
549
- conditions: PermissionCriteria<RBACPermissionCondition>;
550
- } | "deny";
768
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
769
+ } | "deny") & ("allow" | {
770
+ pluginId: string;
771
+ resourceType: string;
772
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
773
+ } | "deny" | undefined);
774
+ id?: string | undefined;
551
775
  }[];
776
+ id?: string | undefined;
552
777
  }[] | undefined>;
553
778
  /** @public */
554
779
  declare const PolicyTitleParser: z.ZodDefault<z.ZodString>;
555
780
  /** @public */
781
+ declare const PolicyRoleResolutionStrategyParser: z.ZodUnion<[z.ZodLiteral<"first-match">, z.ZodLiteral<"any-allow">]>;
782
+ /** @public */
783
+ declare const PolicyConfigOptionsParser: z.ZodDefault<z.ZodObject<{
784
+ resolutionStrategy: z.ZodUnion<[z.ZodLiteral<"first-match">, z.ZodLiteral<"any-allow">]>;
785
+ }, "strip", z.ZodTypeAny, {
786
+ resolutionStrategy: "first-match" | "any-allow";
787
+ }, {
788
+ resolutionStrategy: "first-match" | "any-allow";
789
+ }>>;
790
+ /** @public */
556
791
  declare const PolicyConfigParser: z.ZodObject<{
557
792
  name: z.ZodDefault<z.ZodString>;
793
+ options: z.ZodDefault<z.ZodObject<{
794
+ resolutionStrategy: z.ZodUnion<[z.ZodLiteral<"first-match">, z.ZodLiteral<"any-allow">]>;
795
+ }, "strip", z.ZodTypeAny, {
796
+ resolutionStrategy: "first-match" | "any-allow";
797
+ }, {
798
+ resolutionStrategy: "first-match" | "any-allow";
799
+ }>>;
558
800
  roles: z.ZodEffects<z.ZodDefault<z.ZodArray<z.ZodObject<{
559
801
  name: z.ZodString;
560
802
  id: z.ZodDefault<z.ZodString>;
@@ -581,198 +823,307 @@ declare const PolicyConfigParser: z.ZodObject<{
581
823
  }, "strip", z.ZodTypeAny, {
582
824
  pluginId: string;
583
825
  resourceType: string;
584
- conditions: PermissionCriteria<RBACPermissionCondition>;
826
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
585
827
  }, {
586
828
  pluginId: string;
587
829
  resourceType: string;
588
- conditions: PermissionCriteria<RBACPermissionCondition>;
830
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
589
831
  }>]>;
590
832
  }, "strip", z.ZodTypeAny, {
591
833
  id: string;
592
- match: "*" | {
834
+ match: ("*" | {
835
+ name?: string | undefined;
836
+ actions?: string[] | undefined;
837
+ resourceType?: string | undefined;
838
+ }) & ("*" | {
593
839
  name?: string | undefined;
594
840
  actions?: string[] | undefined;
595
841
  resourceType?: string | undefined;
596
- };
597
- decision: "allow" | {
842
+ } | undefined);
843
+ decision: ("allow" | {
844
+ pluginId: string;
845
+ resourceType: string;
846
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
847
+ } | "deny") & ("allow" | {
598
848
  pluginId: string;
599
849
  resourceType: string;
600
- conditions: PermissionCriteria<RBACPermissionCondition>;
601
- } | "deny";
850
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
851
+ } | "deny" | undefined);
602
852
  }, {
603
- id?: string | undefined;
604
- match: "*" | {
853
+ match: ("*" | {
854
+ name?: string | undefined;
855
+ actions?: string[] | undefined;
856
+ resourceType?: string | undefined;
857
+ }) & ("*" | {
605
858
  name?: string | undefined;
606
859
  actions?: string[] | undefined;
607
860
  resourceType?: string | undefined;
608
- };
609
- decision: "allow" | {
861
+ } | undefined);
862
+ decision: ("allow" | {
610
863
  pluginId: string;
611
864
  resourceType: string;
612
- conditions: PermissionCriteria<RBACPermissionCondition>;
613
- } | "deny";
865
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
866
+ } | "deny") & ("allow" | {
867
+ pluginId: string;
868
+ resourceType: string;
869
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
870
+ } | "deny" | undefined);
871
+ id?: string | undefined;
614
872
  }>, {
615
873
  id: string;
616
- match: "*" | {
874
+ match: ("*" | {
875
+ name?: string | undefined;
876
+ actions?: string[] | undefined;
877
+ resourceType?: string | undefined;
878
+ }) & ("*" | {
617
879
  name?: string | undefined;
618
880
  actions?: string[] | undefined;
619
881
  resourceType?: string | undefined;
620
- };
621
- decision: "allow" | {
882
+ } | undefined);
883
+ decision: ("allow" | {
884
+ pluginId: string;
885
+ resourceType: string;
886
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
887
+ } | "deny") & ("allow" | {
622
888
  pluginId: string;
623
889
  resourceType: string;
624
- conditions: PermissionCriteria<RBACPermissionCondition>;
625
- } | "deny";
890
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
891
+ } | "deny" | undefined);
626
892
  }, {
627
- id?: string | undefined;
628
- match: "*" | {
893
+ match: ("*" | {
894
+ name?: string | undefined;
895
+ actions?: string[] | undefined;
896
+ resourceType?: string | undefined;
897
+ }) & ("*" | {
629
898
  name?: string | undefined;
630
899
  actions?: string[] | undefined;
631
900
  resourceType?: string | undefined;
632
- };
633
- decision: "allow" | {
901
+ } | undefined);
902
+ decision: ("allow" | {
634
903
  pluginId: string;
635
904
  resourceType: string;
636
- conditions: PermissionCriteria<RBACPermissionCondition>;
637
- } | "deny";
905
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
906
+ } | "deny") & ("allow" | {
907
+ pluginId: string;
908
+ resourceType: string;
909
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
910
+ } | "deny" | undefined);
911
+ id?: string | undefined;
638
912
  }>, "many">, {
639
913
  id: string;
640
- match: "*" | {
914
+ match: ("*" | {
915
+ name?: string | undefined;
916
+ actions?: string[] | undefined;
917
+ resourceType?: string | undefined;
918
+ }) & ("*" | {
641
919
  name?: string | undefined;
642
920
  actions?: string[] | undefined;
643
921
  resourceType?: string | undefined;
644
- };
645
- decision: "allow" | {
922
+ } | undefined);
923
+ decision: ("allow" | {
924
+ pluginId: string;
925
+ resourceType: string;
926
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
927
+ } | "deny") & ("allow" | {
646
928
  pluginId: string;
647
929
  resourceType: string;
648
- conditions: PermissionCriteria<RBACPermissionCondition>;
649
- } | "deny";
930
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
931
+ } | "deny" | undefined);
650
932
  }[], {
651
- id?: string | undefined;
652
- match: "*" | {
933
+ match: ("*" | {
934
+ name?: string | undefined;
935
+ actions?: string[] | undefined;
936
+ resourceType?: string | undefined;
937
+ }) & ("*" | {
653
938
  name?: string | undefined;
654
939
  actions?: string[] | undefined;
655
940
  resourceType?: string | undefined;
656
- };
657
- decision: "allow" | {
941
+ } | undefined);
942
+ decision: ("allow" | {
658
943
  pluginId: string;
659
944
  resourceType: string;
660
- conditions: PermissionCriteria<RBACPermissionCondition>;
661
- } | "deny";
945
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
946
+ } | "deny") & ("allow" | {
947
+ pluginId: string;
948
+ resourceType: string;
949
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
950
+ } | "deny" | undefined);
951
+ id?: string | undefined;
662
952
  }[]>;
663
953
  }, "strip", z.ZodTypeAny, {
664
954
  id: string;
665
- members: string[] | "*";
955
+ members: (string[] | "*") & (string[] | "*" | undefined);
666
956
  name: string;
667
957
  permissions: {
668
958
  id: string;
669
- match: "*" | {
959
+ match: ("*" | {
960
+ name?: string | undefined;
961
+ actions?: string[] | undefined;
962
+ resourceType?: string | undefined;
963
+ }) & ("*" | {
670
964
  name?: string | undefined;
671
965
  actions?: string[] | undefined;
672
966
  resourceType?: string | undefined;
673
- };
674
- decision: "allow" | {
967
+ } | undefined);
968
+ decision: ("allow" | {
969
+ pluginId: string;
970
+ resourceType: string;
971
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
972
+ } | "deny") & ("allow" | {
675
973
  pluginId: string;
676
974
  resourceType: string;
677
- conditions: PermissionCriteria<RBACPermissionCondition>;
678
- } | "deny";
975
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
976
+ } | "deny" | undefined);
679
977
  }[];
680
978
  }, {
681
- id?: string | undefined;
682
- members: string[] | "*";
979
+ members: (string[] | "*") & (string[] | "*" | undefined);
683
980
  name: string;
684
981
  permissions: {
685
- id?: string | undefined;
686
- match: "*" | {
982
+ match: ("*" | {
983
+ name?: string | undefined;
984
+ actions?: string[] | undefined;
985
+ resourceType?: string | undefined;
986
+ }) & ("*" | {
687
987
  name?: string | undefined;
688
988
  actions?: string[] | undefined;
689
989
  resourceType?: string | undefined;
690
- };
691
- decision: "allow" | {
990
+ } | undefined);
991
+ decision: ("allow" | {
992
+ pluginId: string;
993
+ resourceType: string;
994
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
995
+ } | "deny") & ("allow" | {
692
996
  pluginId: string;
693
997
  resourceType: string;
694
- conditions: PermissionCriteria<RBACPermissionCondition>;
695
- } | "deny";
998
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
999
+ } | "deny" | undefined);
1000
+ id?: string | undefined;
696
1001
  }[];
1002
+ id?: string | undefined;
697
1003
  }>, "many">>, {
698
1004
  id: string;
699
- members: string[] | "*";
1005
+ members: (string[] | "*") & (string[] | "*" | undefined);
700
1006
  name: string;
701
1007
  permissions: {
702
1008
  id: string;
703
- match: "*" | {
1009
+ match: ("*" | {
1010
+ name?: string | undefined;
1011
+ actions?: string[] | undefined;
1012
+ resourceType?: string | undefined;
1013
+ }) & ("*" | {
704
1014
  name?: string | undefined;
705
1015
  actions?: string[] | undefined;
706
1016
  resourceType?: string | undefined;
707
- };
708
- decision: "allow" | {
1017
+ } | undefined);
1018
+ decision: ("allow" | {
709
1019
  pluginId: string;
710
1020
  resourceType: string;
711
- conditions: PermissionCriteria<RBACPermissionCondition>;
712
- } | "deny";
1021
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1022
+ } | "deny") & ("allow" | {
1023
+ pluginId: string;
1024
+ resourceType: string;
1025
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1026
+ } | "deny" | undefined);
713
1027
  }[];
714
1028
  }[], {
715
- id?: string | undefined;
716
- members: string[] | "*";
1029
+ members: (string[] | "*") & (string[] | "*" | undefined);
717
1030
  name: string;
718
1031
  permissions: {
719
- id?: string | undefined;
720
- match: "*" | {
1032
+ match: ("*" | {
721
1033
  name?: string | undefined;
722
1034
  actions?: string[] | undefined;
723
1035
  resourceType?: string | undefined;
724
- };
725
- decision: "allow" | {
1036
+ }) & ("*" | {
1037
+ name?: string | undefined;
1038
+ actions?: string[] | undefined;
1039
+ resourceType?: string | undefined;
1040
+ } | undefined);
1041
+ decision: ("allow" | {
1042
+ pluginId: string;
1043
+ resourceType: string;
1044
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1045
+ } | "deny") & ("allow" | {
726
1046
  pluginId: string;
727
1047
  resourceType: string;
728
- conditions: PermissionCriteria<RBACPermissionCondition>;
729
- } | "deny";
1048
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1049
+ } | "deny" | undefined);
1050
+ id?: string | undefined;
730
1051
  }[];
1052
+ id?: string | undefined;
731
1053
  }[] | undefined>;
732
1054
  }, "strip", z.ZodTypeAny, {
733
1055
  name: string;
1056
+ options: {
1057
+ resolutionStrategy: "first-match" | "any-allow";
1058
+ };
734
1059
  roles: {
735
1060
  id: string;
736
- members: string[] | "*";
1061
+ members: (string[] | "*") & (string[] | "*" | undefined);
737
1062
  name: string;
738
1063
  permissions: {
739
1064
  id: string;
740
- match: "*" | {
1065
+ match: ("*" | {
741
1066
  name?: string | undefined;
742
1067
  actions?: string[] | undefined;
743
1068
  resourceType?: string | undefined;
744
- };
745
- decision: "allow" | {
1069
+ }) & ("*" | {
1070
+ name?: string | undefined;
1071
+ actions?: string[] | undefined;
1072
+ resourceType?: string | undefined;
1073
+ } | undefined);
1074
+ decision: ("allow" | {
746
1075
  pluginId: string;
747
1076
  resourceType: string;
748
- conditions: PermissionCriteria<RBACPermissionCondition>;
749
- } | "deny";
1077
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1078
+ } | "deny") & ("allow" | {
1079
+ pluginId: string;
1080
+ resourceType: string;
1081
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1082
+ } | "deny" | undefined);
750
1083
  }[];
751
1084
  }[];
752
1085
  }, {
753
1086
  name?: string | undefined;
1087
+ options?: {
1088
+ resolutionStrategy: "first-match" | "any-allow";
1089
+ } | undefined;
754
1090
  roles?: {
755
- id?: string | undefined;
756
- members: string[] | "*";
1091
+ members: (string[] | "*") & (string[] | "*" | undefined);
757
1092
  name: string;
758
1093
  permissions: {
759
- id?: string | undefined;
760
- match: "*" | {
1094
+ match: ("*" | {
761
1095
  name?: string | undefined;
762
1096
  actions?: string[] | undefined;
763
1097
  resourceType?: string | undefined;
764
- };
765
- decision: "allow" | {
1098
+ }) & ("*" | {
1099
+ name?: string | undefined;
1100
+ actions?: string[] | undefined;
1101
+ resourceType?: string | undefined;
1102
+ } | undefined);
1103
+ decision: ("allow" | {
766
1104
  pluginId: string;
767
1105
  resourceType: string;
768
- conditions: PermissionCriteria<RBACPermissionCondition>;
769
- } | "deny";
1106
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1107
+ } | "deny") & ("allow" | {
1108
+ pluginId: string;
1109
+ resourceType: string;
1110
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1111
+ } | "deny" | undefined);
1112
+ id?: string | undefined;
770
1113
  }[];
1114
+ id?: string | undefined;
771
1115
  }[] | undefined;
772
1116
  }>;
773
1117
  /** @public */
774
1118
  declare const DefaultingPolicyConfigParser: z.ZodDefault<z.ZodObject<{
775
1119
  name: z.ZodDefault<z.ZodString>;
1120
+ options: z.ZodDefault<z.ZodObject<{
1121
+ resolutionStrategy: z.ZodUnion<[z.ZodLiteral<"first-match">, z.ZodLiteral<"any-allow">]>;
1122
+ }, "strip", z.ZodTypeAny, {
1123
+ resolutionStrategy: "first-match" | "any-allow";
1124
+ }, {
1125
+ resolutionStrategy: "first-match" | "any-allow";
1126
+ }>>;
776
1127
  roles: z.ZodEffects<z.ZodDefault<z.ZodArray<z.ZodObject<{
777
1128
  name: z.ZodString;
778
1129
  id: z.ZodDefault<z.ZodString>;
@@ -799,193 +1150,295 @@ declare const DefaultingPolicyConfigParser: z.ZodDefault<z.ZodObject<{
799
1150
  }, "strip", z.ZodTypeAny, {
800
1151
  pluginId: string;
801
1152
  resourceType: string;
802
- conditions: PermissionCriteria<RBACPermissionCondition>;
1153
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
803
1154
  }, {
804
1155
  pluginId: string;
805
1156
  resourceType: string;
806
- conditions: PermissionCriteria<RBACPermissionCondition>;
1157
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
807
1158
  }>]>;
808
1159
  }, "strip", z.ZodTypeAny, {
809
1160
  id: string;
810
- match: "*" | {
1161
+ match: ("*" | {
811
1162
  name?: string | undefined;
812
1163
  actions?: string[] | undefined;
813
1164
  resourceType?: string | undefined;
814
- };
815
- decision: "allow" | {
1165
+ }) & ("*" | {
1166
+ name?: string | undefined;
1167
+ actions?: string[] | undefined;
1168
+ resourceType?: string | undefined;
1169
+ } | undefined);
1170
+ decision: ("allow" | {
1171
+ pluginId: string;
1172
+ resourceType: string;
1173
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1174
+ } | "deny") & ("allow" | {
816
1175
  pluginId: string;
817
1176
  resourceType: string;
818
- conditions: PermissionCriteria<RBACPermissionCondition>;
819
- } | "deny";
1177
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1178
+ } | "deny" | undefined);
820
1179
  }, {
821
- id?: string | undefined;
822
- match: "*" | {
1180
+ match: ("*" | {
1181
+ name?: string | undefined;
1182
+ actions?: string[] | undefined;
1183
+ resourceType?: string | undefined;
1184
+ }) & ("*" | {
823
1185
  name?: string | undefined;
824
1186
  actions?: string[] | undefined;
825
1187
  resourceType?: string | undefined;
826
- };
827
- decision: "allow" | {
1188
+ } | undefined);
1189
+ decision: ("allow" | {
1190
+ pluginId: string;
1191
+ resourceType: string;
1192
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1193
+ } | "deny") & ("allow" | {
828
1194
  pluginId: string;
829
1195
  resourceType: string;
830
- conditions: PermissionCriteria<RBACPermissionCondition>;
831
- } | "deny";
1196
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1197
+ } | "deny" | undefined);
1198
+ id?: string | undefined;
832
1199
  }>, {
833
1200
  id: string;
834
- match: "*" | {
1201
+ match: ("*" | {
835
1202
  name?: string | undefined;
836
1203
  actions?: string[] | undefined;
837
1204
  resourceType?: string | undefined;
838
- };
839
- decision: "allow" | {
1205
+ }) & ("*" | {
1206
+ name?: string | undefined;
1207
+ actions?: string[] | undefined;
1208
+ resourceType?: string | undefined;
1209
+ } | undefined);
1210
+ decision: ("allow" | {
840
1211
  pluginId: string;
841
1212
  resourceType: string;
842
- conditions: PermissionCriteria<RBACPermissionCondition>;
843
- } | "deny";
1213
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1214
+ } | "deny") & ("allow" | {
1215
+ pluginId: string;
1216
+ resourceType: string;
1217
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1218
+ } | "deny" | undefined);
844
1219
  }, {
845
- id?: string | undefined;
846
- match: "*" | {
1220
+ match: ("*" | {
1221
+ name?: string | undefined;
1222
+ actions?: string[] | undefined;
1223
+ resourceType?: string | undefined;
1224
+ }) & ("*" | {
847
1225
  name?: string | undefined;
848
1226
  actions?: string[] | undefined;
849
1227
  resourceType?: string | undefined;
850
- };
851
- decision: "allow" | {
1228
+ } | undefined);
1229
+ decision: ("allow" | {
852
1230
  pluginId: string;
853
1231
  resourceType: string;
854
- conditions: PermissionCriteria<RBACPermissionCondition>;
855
- } | "deny";
1232
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1233
+ } | "deny") & ("allow" | {
1234
+ pluginId: string;
1235
+ resourceType: string;
1236
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1237
+ } | "deny" | undefined);
1238
+ id?: string | undefined;
856
1239
  }>, "many">, {
857
1240
  id: string;
858
- match: "*" | {
1241
+ match: ("*" | {
1242
+ name?: string | undefined;
1243
+ actions?: string[] | undefined;
1244
+ resourceType?: string | undefined;
1245
+ }) & ("*" | {
859
1246
  name?: string | undefined;
860
1247
  actions?: string[] | undefined;
861
1248
  resourceType?: string | undefined;
862
- };
863
- decision: "allow" | {
1249
+ } | undefined);
1250
+ decision: ("allow" | {
1251
+ pluginId: string;
1252
+ resourceType: string;
1253
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1254
+ } | "deny") & ("allow" | {
864
1255
  pluginId: string;
865
1256
  resourceType: string;
866
- conditions: PermissionCriteria<RBACPermissionCondition>;
867
- } | "deny";
1257
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1258
+ } | "deny" | undefined);
868
1259
  }[], {
869
- id?: string | undefined;
870
- match: "*" | {
1260
+ match: ("*" | {
871
1261
  name?: string | undefined;
872
1262
  actions?: string[] | undefined;
873
1263
  resourceType?: string | undefined;
874
- };
875
- decision: "allow" | {
1264
+ }) & ("*" | {
1265
+ name?: string | undefined;
1266
+ actions?: string[] | undefined;
1267
+ resourceType?: string | undefined;
1268
+ } | undefined);
1269
+ decision: ("allow" | {
1270
+ pluginId: string;
1271
+ resourceType: string;
1272
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1273
+ } | "deny") & ("allow" | {
876
1274
  pluginId: string;
877
1275
  resourceType: string;
878
- conditions: PermissionCriteria<RBACPermissionCondition>;
879
- } | "deny";
1276
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1277
+ } | "deny" | undefined);
1278
+ id?: string | undefined;
880
1279
  }[]>;
881
1280
  }, "strip", z.ZodTypeAny, {
882
1281
  id: string;
883
- members: string[] | "*";
1282
+ members: (string[] | "*") & (string[] | "*" | undefined);
884
1283
  name: string;
885
1284
  permissions: {
886
1285
  id: string;
887
- match: "*" | {
1286
+ match: ("*" | {
888
1287
  name?: string | undefined;
889
1288
  actions?: string[] | undefined;
890
1289
  resourceType?: string | undefined;
891
- };
892
- decision: "allow" | {
1290
+ }) & ("*" | {
1291
+ name?: string | undefined;
1292
+ actions?: string[] | undefined;
1293
+ resourceType?: string | undefined;
1294
+ } | undefined);
1295
+ decision: ("allow" | {
893
1296
  pluginId: string;
894
1297
  resourceType: string;
895
- conditions: PermissionCriteria<RBACPermissionCondition>;
896
- } | "deny";
1298
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1299
+ } | "deny") & ("allow" | {
1300
+ pluginId: string;
1301
+ resourceType: string;
1302
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1303
+ } | "deny" | undefined);
897
1304
  }[];
898
1305
  }, {
899
- id?: string | undefined;
900
- members: string[] | "*";
1306
+ members: (string[] | "*") & (string[] | "*" | undefined);
901
1307
  name: string;
902
1308
  permissions: {
903
- id?: string | undefined;
904
- match: "*" | {
1309
+ match: ("*" | {
905
1310
  name?: string | undefined;
906
1311
  actions?: string[] | undefined;
907
1312
  resourceType?: string | undefined;
908
- };
909
- decision: "allow" | {
1313
+ }) & ("*" | {
1314
+ name?: string | undefined;
1315
+ actions?: string[] | undefined;
1316
+ resourceType?: string | undefined;
1317
+ } | undefined);
1318
+ decision: ("allow" | {
1319
+ pluginId: string;
1320
+ resourceType: string;
1321
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1322
+ } | "deny") & ("allow" | {
910
1323
  pluginId: string;
911
1324
  resourceType: string;
912
- conditions: PermissionCriteria<RBACPermissionCondition>;
913
- } | "deny";
1325
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1326
+ } | "deny" | undefined);
1327
+ id?: string | undefined;
914
1328
  }[];
1329
+ id?: string | undefined;
915
1330
  }>, "many">>, {
916
1331
  id: string;
917
- members: string[] | "*";
1332
+ members: (string[] | "*") & (string[] | "*" | undefined);
918
1333
  name: string;
919
1334
  permissions: {
920
1335
  id: string;
921
- match: "*" | {
1336
+ match: ("*" | {
1337
+ name?: string | undefined;
1338
+ actions?: string[] | undefined;
1339
+ resourceType?: string | undefined;
1340
+ }) & ("*" | {
922
1341
  name?: string | undefined;
923
1342
  actions?: string[] | undefined;
924
1343
  resourceType?: string | undefined;
925
- };
926
- decision: "allow" | {
1344
+ } | undefined);
1345
+ decision: ("allow" | {
927
1346
  pluginId: string;
928
1347
  resourceType: string;
929
- conditions: PermissionCriteria<RBACPermissionCondition>;
930
- } | "deny";
1348
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1349
+ } | "deny") & ("allow" | {
1350
+ pluginId: string;
1351
+ resourceType: string;
1352
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1353
+ } | "deny" | undefined);
931
1354
  }[];
932
1355
  }[], {
933
- id?: string | undefined;
934
- members: string[] | "*";
1356
+ members: (string[] | "*") & (string[] | "*" | undefined);
935
1357
  name: string;
936
1358
  permissions: {
937
- id?: string | undefined;
938
- match: "*" | {
1359
+ match: ("*" | {
939
1360
  name?: string | undefined;
940
1361
  actions?: string[] | undefined;
941
1362
  resourceType?: string | undefined;
942
- };
943
- decision: "allow" | {
1363
+ }) & ("*" | {
1364
+ name?: string | undefined;
1365
+ actions?: string[] | undefined;
1366
+ resourceType?: string | undefined;
1367
+ } | undefined);
1368
+ decision: ("allow" | {
944
1369
  pluginId: string;
945
1370
  resourceType: string;
946
- conditions: PermissionCriteria<RBACPermissionCondition>;
947
- } | "deny";
1371
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1372
+ } | "deny") & ("allow" | {
1373
+ pluginId: string;
1374
+ resourceType: string;
1375
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1376
+ } | "deny" | undefined);
1377
+ id?: string | undefined;
948
1378
  }[];
1379
+ id?: string | undefined;
949
1380
  }[] | undefined>;
950
1381
  }, "strip", z.ZodTypeAny, {
951
1382
  name: string;
1383
+ options: {
1384
+ resolutionStrategy: "first-match" | "any-allow";
1385
+ };
952
1386
  roles: {
953
1387
  id: string;
954
- members: string[] | "*";
1388
+ members: (string[] | "*") & (string[] | "*" | undefined);
955
1389
  name: string;
956
1390
  permissions: {
957
1391
  id: string;
958
- match: "*" | {
1392
+ match: ("*" | {
1393
+ name?: string | undefined;
1394
+ actions?: string[] | undefined;
1395
+ resourceType?: string | undefined;
1396
+ }) & ("*" | {
959
1397
  name?: string | undefined;
960
1398
  actions?: string[] | undefined;
961
1399
  resourceType?: string | undefined;
962
- };
963
- decision: "allow" | {
1400
+ } | undefined);
1401
+ decision: ("allow" | {
964
1402
  pluginId: string;
965
1403
  resourceType: string;
966
- conditions: PermissionCriteria<RBACPermissionCondition>;
967
- } | "deny";
1404
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1405
+ } | "deny") & ("allow" | {
1406
+ pluginId: string;
1407
+ resourceType: string;
1408
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1409
+ } | "deny" | undefined);
968
1410
  }[];
969
1411
  }[];
970
1412
  }, {
971
1413
  name?: string | undefined;
1414
+ options?: {
1415
+ resolutionStrategy: "first-match" | "any-allow";
1416
+ } | undefined;
972
1417
  roles?: {
973
- id?: string | undefined;
974
- members: string[] | "*";
1418
+ members: (string[] | "*") & (string[] | "*" | undefined);
975
1419
  name: string;
976
1420
  permissions: {
977
- id?: string | undefined;
978
- match: "*" | {
1421
+ match: ("*" | {
979
1422
  name?: string | undefined;
980
1423
  actions?: string[] | undefined;
981
1424
  resourceType?: string | undefined;
982
- };
983
- decision: "allow" | {
1425
+ }) & ("*" | {
1426
+ name?: string | undefined;
1427
+ actions?: string[] | undefined;
1428
+ resourceType?: string | undefined;
1429
+ } | undefined);
1430
+ decision: ("allow" | {
1431
+ pluginId: string;
1432
+ resourceType: string;
1433
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1434
+ } | "deny") & ("allow" | {
984
1435
  pluginId: string;
985
1436
  resourceType: string;
986
- conditions: PermissionCriteria<RBACPermissionCondition>;
987
- } | "deny";
1437
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1438
+ } | "deny" | undefined);
1439
+ id?: string | undefined;
988
1440
  }[];
1441
+ id?: string | undefined;
989
1442
  }[] | undefined;
990
1443
  }>>;
991
1444
  /** @public */
@@ -1016,17 +1469,17 @@ declare type Role = z.infer<typeof RoleParser>;
1016
1469
  declare type RawPolicyConfig = z.input<typeof PolicyConfigParser>;
1017
1470
  /** @public */
1018
1471
  declare type PolicyConfig = z.infer<typeof PolicyConfigParser>;
1472
+ /** @public */
1473
+ declare type PolicyRoleResolutionStrategy = z.infer<typeof PolicyRoleResolutionStrategyParser>;
1474
+ /** @public */
1475
+ declare type PolicyConfigOptions = z.infer<typeof PolicyConfigOptionsParser>;
1019
1476
 
1020
1477
  /** @public */
1021
- declare type Policy = {
1478
+ declare type Policy = PolicyConfig & {
1022
1479
  /**
1023
1480
  * Internal ID for lookups/references.
1024
1481
  */
1025
1482
  id: string;
1026
- /**
1027
- * Display name for the version.
1028
- */
1029
- name: string;
1030
1483
  /**
1031
1484
  * Date that the version was created in ISO-8601 format.
1032
1485
  */
@@ -1055,10 +1508,6 @@ declare type Policy = {
1055
1508
  * Entity ref of the latest user that published the version.
1056
1509
  */
1057
1510
  lastPublishedBy?: string;
1058
- /**
1059
- * List of role configurations for policy evaluation.
1060
- */
1061
- roles: Role[];
1062
1511
  /**
1063
1512
  * Current status of the policy.
1064
1513
  */
@@ -1068,6 +1517,13 @@ declare type Policy = {
1068
1517
  /** @public */
1069
1518
  declare const CreateDraftRequestParser: z.ZodObject<{
1070
1519
  name: z.ZodDefault<z.ZodString>;
1520
+ options: z.ZodDefault<z.ZodObject<{
1521
+ resolutionStrategy: z.ZodUnion<[z.ZodLiteral<"first-match">, z.ZodLiteral<"any-allow">]>;
1522
+ }, "strip", z.ZodTypeAny, {
1523
+ resolutionStrategy: "first-match" | "any-allow";
1524
+ }, {
1525
+ resolutionStrategy: "first-match" | "any-allow";
1526
+ }>>;
1071
1527
  roles: z.ZodEffects<z.ZodDefault<z.ZodArray<z.ZodObject<{
1072
1528
  name: z.ZodString;
1073
1529
  id: z.ZodDefault<z.ZodString>;
@@ -1094,199 +1550,308 @@ declare const CreateDraftRequestParser: z.ZodObject<{
1094
1550
  }, "strip", z.ZodTypeAny, {
1095
1551
  pluginId: string;
1096
1552
  resourceType: string;
1097
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1553
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1098
1554
  }, {
1099
1555
  pluginId: string;
1100
1556
  resourceType: string;
1101
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1557
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1102
1558
  }>]>;
1103
1559
  }, "strip", z.ZodTypeAny, {
1104
1560
  id: string;
1105
- match: "*" | {
1561
+ match: ("*" | {
1562
+ name?: string | undefined;
1563
+ actions?: string[] | undefined;
1564
+ resourceType?: string | undefined;
1565
+ }) & ("*" | {
1106
1566
  name?: string | undefined;
1107
1567
  actions?: string[] | undefined;
1108
1568
  resourceType?: string | undefined;
1109
- };
1110
- decision: "allow" | {
1569
+ } | undefined);
1570
+ decision: ("allow" | {
1571
+ pluginId: string;
1572
+ resourceType: string;
1573
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1574
+ } | "deny") & ("allow" | {
1111
1575
  pluginId: string;
1112
1576
  resourceType: string;
1113
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1114
- } | "deny";
1577
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1578
+ } | "deny" | undefined);
1115
1579
  }, {
1116
- id?: string | undefined;
1117
- match: "*" | {
1580
+ match: ("*" | {
1118
1581
  name?: string | undefined;
1119
1582
  actions?: string[] | undefined;
1120
1583
  resourceType?: string | undefined;
1121
- };
1122
- decision: "allow" | {
1584
+ }) & ("*" | {
1585
+ name?: string | undefined;
1586
+ actions?: string[] | undefined;
1587
+ resourceType?: string | undefined;
1588
+ } | undefined);
1589
+ decision: ("allow" | {
1123
1590
  pluginId: string;
1124
1591
  resourceType: string;
1125
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1126
- } | "deny";
1592
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1593
+ } | "deny") & ("allow" | {
1594
+ pluginId: string;
1595
+ resourceType: string;
1596
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1597
+ } | "deny" | undefined);
1598
+ id?: string | undefined;
1127
1599
  }>, {
1128
1600
  id: string;
1129
- match: "*" | {
1601
+ match: ("*" | {
1130
1602
  name?: string | undefined;
1131
1603
  actions?: string[] | undefined;
1132
1604
  resourceType?: string | undefined;
1133
- };
1134
- decision: "allow" | {
1605
+ }) & ("*" | {
1606
+ name?: string | undefined;
1607
+ actions?: string[] | undefined;
1608
+ resourceType?: string | undefined;
1609
+ } | undefined);
1610
+ decision: ("allow" | {
1611
+ pluginId: string;
1612
+ resourceType: string;
1613
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1614
+ } | "deny") & ("allow" | {
1135
1615
  pluginId: string;
1136
1616
  resourceType: string;
1137
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1138
- } | "deny";
1617
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1618
+ } | "deny" | undefined);
1139
1619
  }, {
1140
- id?: string | undefined;
1141
- match: "*" | {
1620
+ match: ("*" | {
1142
1621
  name?: string | undefined;
1143
1622
  actions?: string[] | undefined;
1144
1623
  resourceType?: string | undefined;
1145
- };
1146
- decision: "allow" | {
1624
+ }) & ("*" | {
1625
+ name?: string | undefined;
1626
+ actions?: string[] | undefined;
1627
+ resourceType?: string | undefined;
1628
+ } | undefined);
1629
+ decision: ("allow" | {
1630
+ pluginId: string;
1631
+ resourceType: string;
1632
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1633
+ } | "deny") & ("allow" | {
1147
1634
  pluginId: string;
1148
1635
  resourceType: string;
1149
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1150
- } | "deny";
1636
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1637
+ } | "deny" | undefined);
1638
+ id?: string | undefined;
1151
1639
  }>, "many">, {
1152
1640
  id: string;
1153
- match: "*" | {
1641
+ match: ("*" | {
1642
+ name?: string | undefined;
1643
+ actions?: string[] | undefined;
1644
+ resourceType?: string | undefined;
1645
+ }) & ("*" | {
1154
1646
  name?: string | undefined;
1155
1647
  actions?: string[] | undefined;
1156
1648
  resourceType?: string | undefined;
1157
- };
1158
- decision: "allow" | {
1649
+ } | undefined);
1650
+ decision: ("allow" | {
1159
1651
  pluginId: string;
1160
1652
  resourceType: string;
1161
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1162
- } | "deny";
1653
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1654
+ } | "deny") & ("allow" | {
1655
+ pluginId: string;
1656
+ resourceType: string;
1657
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1658
+ } | "deny" | undefined);
1163
1659
  }[], {
1164
- id?: string | undefined;
1165
- match: "*" | {
1660
+ match: ("*" | {
1661
+ name?: string | undefined;
1662
+ actions?: string[] | undefined;
1663
+ resourceType?: string | undefined;
1664
+ }) & ("*" | {
1166
1665
  name?: string | undefined;
1167
1666
  actions?: string[] | undefined;
1168
1667
  resourceType?: string | undefined;
1169
- };
1170
- decision: "allow" | {
1668
+ } | undefined);
1669
+ decision: ("allow" | {
1171
1670
  pluginId: string;
1172
1671
  resourceType: string;
1173
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1174
- } | "deny";
1672
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1673
+ } | "deny") & ("allow" | {
1674
+ pluginId: string;
1675
+ resourceType: string;
1676
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1677
+ } | "deny" | undefined);
1678
+ id?: string | undefined;
1175
1679
  }[]>;
1176
1680
  }, "strip", z.ZodTypeAny, {
1177
1681
  id: string;
1178
- members: string[] | "*";
1682
+ members: (string[] | "*") & (string[] | "*" | undefined);
1179
1683
  name: string;
1180
1684
  permissions: {
1181
1685
  id: string;
1182
- match: "*" | {
1686
+ match: ("*" | {
1687
+ name?: string | undefined;
1688
+ actions?: string[] | undefined;
1689
+ resourceType?: string | undefined;
1690
+ }) & ("*" | {
1183
1691
  name?: string | undefined;
1184
1692
  actions?: string[] | undefined;
1185
1693
  resourceType?: string | undefined;
1186
- };
1187
- decision: "allow" | {
1694
+ } | undefined);
1695
+ decision: ("allow" | {
1696
+ pluginId: string;
1697
+ resourceType: string;
1698
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1699
+ } | "deny") & ("allow" | {
1188
1700
  pluginId: string;
1189
1701
  resourceType: string;
1190
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1191
- } | "deny";
1702
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1703
+ } | "deny" | undefined);
1192
1704
  }[];
1193
1705
  }, {
1194
- id?: string | undefined;
1195
- members: string[] | "*";
1706
+ members: (string[] | "*") & (string[] | "*" | undefined);
1196
1707
  name: string;
1197
1708
  permissions: {
1198
- id?: string | undefined;
1199
- match: "*" | {
1709
+ match: ("*" | {
1200
1710
  name?: string | undefined;
1201
1711
  actions?: string[] | undefined;
1202
1712
  resourceType?: string | undefined;
1203
- };
1204
- decision: "allow" | {
1713
+ }) & ("*" | {
1714
+ name?: string | undefined;
1715
+ actions?: string[] | undefined;
1716
+ resourceType?: string | undefined;
1717
+ } | undefined);
1718
+ decision: ("allow" | {
1205
1719
  pluginId: string;
1206
1720
  resourceType: string;
1207
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1208
- } | "deny";
1721
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1722
+ } | "deny") & ("allow" | {
1723
+ pluginId: string;
1724
+ resourceType: string;
1725
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1726
+ } | "deny" | undefined);
1727
+ id?: string | undefined;
1209
1728
  }[];
1729
+ id?: string | undefined;
1210
1730
  }>, "many">>, {
1211
1731
  id: string;
1212
- members: string[] | "*";
1732
+ members: (string[] | "*") & (string[] | "*" | undefined);
1213
1733
  name: string;
1214
1734
  permissions: {
1215
1735
  id: string;
1216
- match: "*" | {
1736
+ match: ("*" | {
1217
1737
  name?: string | undefined;
1218
1738
  actions?: string[] | undefined;
1219
1739
  resourceType?: string | undefined;
1220
- };
1221
- decision: "allow" | {
1740
+ }) & ("*" | {
1741
+ name?: string | undefined;
1742
+ actions?: string[] | undefined;
1743
+ resourceType?: string | undefined;
1744
+ } | undefined);
1745
+ decision: ("allow" | {
1222
1746
  pluginId: string;
1223
1747
  resourceType: string;
1224
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1225
- } | "deny";
1748
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1749
+ } | "deny") & ("allow" | {
1750
+ pluginId: string;
1751
+ resourceType: string;
1752
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1753
+ } | "deny" | undefined);
1226
1754
  }[];
1227
1755
  }[], {
1228
- id?: string | undefined;
1229
- members: string[] | "*";
1756
+ members: (string[] | "*") & (string[] | "*" | undefined);
1230
1757
  name: string;
1231
1758
  permissions: {
1232
- id?: string | undefined;
1233
- match: "*" | {
1759
+ match: ("*" | {
1760
+ name?: string | undefined;
1761
+ actions?: string[] | undefined;
1762
+ resourceType?: string | undefined;
1763
+ }) & ("*" | {
1234
1764
  name?: string | undefined;
1235
1765
  actions?: string[] | undefined;
1236
1766
  resourceType?: string | undefined;
1237
- };
1238
- decision: "allow" | {
1767
+ } | undefined);
1768
+ decision: ("allow" | {
1769
+ pluginId: string;
1770
+ resourceType: string;
1771
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1772
+ } | "deny") & ("allow" | {
1239
1773
  pluginId: string;
1240
1774
  resourceType: string;
1241
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1242
- } | "deny";
1775
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1776
+ } | "deny" | undefined);
1777
+ id?: string | undefined;
1243
1778
  }[];
1779
+ id?: string | undefined;
1244
1780
  }[] | undefined>;
1245
1781
  }, "strip", z.ZodTypeAny, {
1246
1782
  name: string;
1783
+ options: {
1784
+ resolutionStrategy: "first-match" | "any-allow";
1785
+ };
1247
1786
  roles: {
1248
1787
  id: string;
1249
- members: string[] | "*";
1788
+ members: (string[] | "*") & (string[] | "*" | undefined);
1250
1789
  name: string;
1251
1790
  permissions: {
1252
1791
  id: string;
1253
- match: "*" | {
1792
+ match: ("*" | {
1793
+ name?: string | undefined;
1794
+ actions?: string[] | undefined;
1795
+ resourceType?: string | undefined;
1796
+ }) & ("*" | {
1254
1797
  name?: string | undefined;
1255
1798
  actions?: string[] | undefined;
1256
1799
  resourceType?: string | undefined;
1257
- };
1258
- decision: "allow" | {
1800
+ } | undefined);
1801
+ decision: ("allow" | {
1802
+ pluginId: string;
1803
+ resourceType: string;
1804
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1805
+ } | "deny") & ("allow" | {
1259
1806
  pluginId: string;
1260
1807
  resourceType: string;
1261
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1262
- } | "deny";
1808
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1809
+ } | "deny" | undefined);
1263
1810
  }[];
1264
1811
  }[];
1265
1812
  }, {
1266
1813
  name?: string | undefined;
1814
+ options?: {
1815
+ resolutionStrategy: "first-match" | "any-allow";
1816
+ } | undefined;
1267
1817
  roles?: {
1268
- id?: string | undefined;
1269
- members: string[] | "*";
1818
+ members: (string[] | "*") & (string[] | "*" | undefined);
1270
1819
  name: string;
1271
1820
  permissions: {
1272
- id?: string | undefined;
1273
- match: "*" | {
1821
+ match: ("*" | {
1822
+ name?: string | undefined;
1823
+ actions?: string[] | undefined;
1824
+ resourceType?: string | undefined;
1825
+ }) & ("*" | {
1274
1826
  name?: string | undefined;
1275
1827
  actions?: string[] | undefined;
1276
1828
  resourceType?: string | undefined;
1277
- };
1278
- decision: "allow" | {
1829
+ } | undefined);
1830
+ decision: ("allow" | {
1279
1831
  pluginId: string;
1280
1832
  resourceType: string;
1281
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1282
- } | "deny";
1833
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1834
+ } | "deny") & ("allow" | {
1835
+ pluginId: string;
1836
+ resourceType: string;
1837
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1838
+ } | "deny" | undefined);
1839
+ id?: string | undefined;
1283
1840
  }[];
1841
+ id?: string | undefined;
1284
1842
  }[] | undefined;
1285
1843
  }>;
1286
1844
  /** @public */
1287
- declare const UpdateDraftRequestParser: z.ZodObject<z.extendShape<{
1288
- name: z.ZodDefault<z.ZodString>;
1289
- roles: z.ZodEffects<z.ZodDefault<z.ZodArray<z.ZodObject<{
1845
+ declare const UpdateDraftRequestParser: z.ZodObject<{
1846
+ name: z.ZodOptional<z.ZodDefault<z.ZodString>>;
1847
+ options: z.ZodOptional<z.ZodDefault<z.ZodObject<{
1848
+ resolutionStrategy: z.ZodUnion<[z.ZodLiteral<"first-match">, z.ZodLiteral<"any-allow">]>;
1849
+ }, "strip", z.ZodTypeAny, {
1850
+ resolutionStrategy: "first-match" | "any-allow";
1851
+ }, {
1852
+ resolutionStrategy: "first-match" | "any-allow";
1853
+ }>>>;
1854
+ roles: z.ZodOptional<z.ZodEffects<z.ZodDefault<z.ZodArray<z.ZodObject<{
1290
1855
  name: z.ZodString;
1291
1856
  id: z.ZodDefault<z.ZodString>;
1292
1857
  members: z.ZodUnion<[z.ZodLiteral<"*">, z.ZodArray<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>, "many">]>;
@@ -1312,369 +1877,295 @@ declare const UpdateDraftRequestParser: z.ZodObject<z.extendShape<{
1312
1877
  }, "strip", z.ZodTypeAny, {
1313
1878
  pluginId: string;
1314
1879
  resourceType: string;
1315
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1880
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1316
1881
  }, {
1317
1882
  pluginId: string;
1318
1883
  resourceType: string;
1319
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1884
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1320
1885
  }>]>;
1321
1886
  }, "strip", z.ZodTypeAny, {
1322
1887
  id: string;
1323
- match: "*" | {
1888
+ match: ("*" | {
1324
1889
  name?: string | undefined;
1325
1890
  actions?: string[] | undefined;
1326
1891
  resourceType?: string | undefined;
1327
- };
1328
- decision: "allow" | {
1329
- pluginId: string;
1330
- resourceType: string;
1331
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1332
- } | "deny";
1333
- }, {
1334
- id?: string | undefined;
1335
- match: "*" | {
1892
+ }) & ("*" | {
1336
1893
  name?: string | undefined;
1337
1894
  actions?: string[] | undefined;
1338
1895
  resourceType?: string | undefined;
1339
- };
1340
- decision: "allow" | {
1896
+ } | undefined);
1897
+ decision: ("allow" | {
1341
1898
  pluginId: string;
1342
1899
  resourceType: string;
1343
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1344
- } | "deny";
1345
- }>, {
1346
- id: string;
1347
- match: "*" | {
1348
- name?: string | undefined;
1349
- actions?: string[] | undefined;
1350
- resourceType?: string | undefined;
1351
- };
1352
- decision: "allow" | {
1900
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1901
+ } | "deny") & ("allow" | {
1353
1902
  pluginId: string;
1354
1903
  resourceType: string;
1355
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1356
- } | "deny";
1904
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1905
+ } | "deny" | undefined);
1357
1906
  }, {
1358
- id?: string | undefined;
1359
- match: "*" | {
1907
+ match: ("*" | {
1360
1908
  name?: string | undefined;
1361
1909
  actions?: string[] | undefined;
1362
1910
  resourceType?: string | undefined;
1363
- };
1364
- decision: "allow" | {
1365
- pluginId: string;
1366
- resourceType: string;
1367
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1368
- } | "deny";
1369
- }>, "many">, {
1370
- id: string;
1371
- match: "*" | {
1372
- name?: string | undefined;
1373
- actions?: string[] | undefined;
1374
- resourceType?: string | undefined;
1375
- };
1376
- decision: "allow" | {
1377
- pluginId: string;
1378
- resourceType: string;
1379
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1380
- } | "deny";
1381
- }[], {
1382
- id?: string | undefined;
1383
- match: "*" | {
1911
+ }) & ("*" | {
1384
1912
  name?: string | undefined;
1385
1913
  actions?: string[] | undefined;
1386
1914
  resourceType?: string | undefined;
1387
- };
1388
- decision: "allow" | {
1915
+ } | undefined);
1916
+ decision: ("allow" | {
1389
1917
  pluginId: string;
1390
1918
  resourceType: string;
1391
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1392
- } | "deny";
1393
- }[]>;
1394
- }, "strip", z.ZodTypeAny, {
1395
- id: string;
1396
- members: string[] | "*";
1397
- name: string;
1398
- permissions: {
1399
- id: string;
1400
- match: "*" | {
1401
- name?: string | undefined;
1402
- actions?: string[] | undefined;
1403
- resourceType?: string | undefined;
1404
- };
1405
- decision: "allow" | {
1919
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1920
+ } | "deny") & ("allow" | {
1406
1921
  pluginId: string;
1407
1922
  resourceType: string;
1408
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1409
- } | "deny";
1410
- }[];
1411
- }, {
1412
- id?: string | undefined;
1413
- members: string[] | "*";
1414
- name: string;
1415
- permissions: {
1923
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1924
+ } | "deny" | undefined);
1416
1925
  id?: string | undefined;
1417
- match: "*" | {
1926
+ }>, {
1927
+ id: string;
1928
+ match: ("*" | {
1418
1929
  name?: string | undefined;
1419
1930
  actions?: string[] | undefined;
1420
1931
  resourceType?: string | undefined;
1421
- };
1422
- decision: "allow" | {
1423
- pluginId: string;
1424
- resourceType: string;
1425
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1426
- } | "deny";
1427
- }[];
1428
- }>, "many">>, {
1429
- id: string;
1430
- members: string[] | "*";
1431
- name: string;
1432
- permissions: {
1433
- id: string;
1434
- match: "*" | {
1932
+ }) & ("*" | {
1435
1933
  name?: string | undefined;
1436
1934
  actions?: string[] | undefined;
1437
1935
  resourceType?: string | undefined;
1438
- };
1439
- decision: "allow" | {
1936
+ } | undefined);
1937
+ decision: ("allow" | {
1440
1938
  pluginId: string;
1441
1939
  resourceType: string;
1442
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1443
- } | "deny";
1444
- }[];
1445
- }[], {
1446
- id?: string | undefined;
1447
- members: string[] | "*";
1448
- name: string;
1449
- permissions: {
1450
- id?: string | undefined;
1451
- match: "*" | {
1452
- name?: string | undefined;
1453
- actions?: string[] | undefined;
1454
- resourceType?: string | undefined;
1455
- };
1456
- decision: "allow" | {
1940
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1941
+ } | "deny") & ("allow" | {
1457
1942
  pluginId: string;
1458
1943
  resourceType: string;
1459
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1460
- } | "deny";
1461
- }[];
1462
- }[] | undefined>;
1463
- }, {
1464
- name: z.ZodOptional<z.ZodDefault<z.ZodString>>;
1465
- roles: z.ZodOptional<z.ZodEffects<z.ZodDefault<z.ZodArray<z.ZodObject<{
1466
- name: z.ZodString;
1467
- id: z.ZodDefault<z.ZodString>;
1468
- members: z.ZodUnion<[z.ZodLiteral<"*">, z.ZodArray<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>, "many">]>;
1469
- permissions: z.ZodEffects<z.ZodArray<z.ZodEffects<z.ZodObject<{
1470
- id: z.ZodDefault<z.ZodString>;
1471
- match: z.ZodUnion<[z.ZodLiteral<"*">, z.ZodObject<{
1472
- name: z.ZodOptional<z.ZodString>;
1473
- actions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1474
- resourceType: z.ZodOptional<z.ZodString>;
1475
- }, "strip", z.ZodTypeAny, {
1944
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1945
+ } | "deny" | undefined);
1946
+ }, {
1947
+ match: ("*" | {
1476
1948
  name?: string | undefined;
1477
1949
  actions?: string[] | undefined;
1478
1950
  resourceType?: string | undefined;
1479
- }, {
1951
+ }) & ("*" | {
1480
1952
  name?: string | undefined;
1481
1953
  actions?: string[] | undefined;
1482
1954
  resourceType?: string | undefined;
1483
- }>]>;
1484
- decision: z.ZodUnion<[z.ZodUnion<[z.ZodLiteral<"allow">, z.ZodLiteral<"deny">]>, z.ZodObject<{
1485
- pluginId: z.ZodString;
1486
- resourceType: z.ZodString;
1487
- conditions: z.ZodType<_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>, z.ZodTypeDef, _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>>;
1488
- }, "strip", z.ZodTypeAny, {
1955
+ } | undefined);
1956
+ decision: ("allow" | {
1489
1957
  pluginId: string;
1490
1958
  resourceType: string;
1491
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1492
- }, {
1959
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1960
+ } | "deny") & ("allow" | {
1493
1961
  pluginId: string;
1494
1962
  resourceType: string;
1495
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1496
- }>]>;
1497
- }, "strip", z.ZodTypeAny, {
1963
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1964
+ } | "deny" | undefined);
1965
+ id?: string | undefined;
1966
+ }>, "many">, {
1498
1967
  id: string;
1499
- match: "*" | {
1968
+ match: ("*" | {
1500
1969
  name?: string | undefined;
1501
1970
  actions?: string[] | undefined;
1502
1971
  resourceType?: string | undefined;
1503
- };
1504
- decision: "allow" | {
1505
- pluginId: string;
1506
- resourceType: string;
1507
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1508
- } | "deny";
1509
- }, {
1510
- id?: string | undefined;
1511
- match: "*" | {
1972
+ }) & ("*" | {
1512
1973
  name?: string | undefined;
1513
1974
  actions?: string[] | undefined;
1514
1975
  resourceType?: string | undefined;
1515
- };
1516
- decision: "allow" | {
1976
+ } | undefined);
1977
+ decision: ("allow" | {
1517
1978
  pluginId: string;
1518
1979
  resourceType: string;
1519
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1520
- } | "deny";
1521
- }>, {
1522
- id: string;
1523
- match: "*" | {
1524
- name?: string | undefined;
1525
- actions?: string[] | undefined;
1526
- resourceType?: string | undefined;
1527
- };
1528
- decision: "allow" | {
1980
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1981
+ } | "deny") & ("allow" | {
1529
1982
  pluginId: string;
1530
1983
  resourceType: string;
1531
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1532
- } | "deny";
1533
- }, {
1534
- id?: string | undefined;
1535
- match: "*" | {
1984
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1985
+ } | "deny" | undefined);
1986
+ }[], {
1987
+ match: ("*" | {
1536
1988
  name?: string | undefined;
1537
1989
  actions?: string[] | undefined;
1538
1990
  resourceType?: string | undefined;
1539
- };
1540
- decision: "allow" | {
1541
- pluginId: string;
1542
- resourceType: string;
1543
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1544
- } | "deny";
1545
- }>, "many">, {
1546
- id: string;
1547
- match: "*" | {
1991
+ }) & ("*" | {
1548
1992
  name?: string | undefined;
1549
1993
  actions?: string[] | undefined;
1550
1994
  resourceType?: string | undefined;
1551
- };
1552
- decision: "allow" | {
1995
+ } | undefined);
1996
+ decision: ("allow" | {
1553
1997
  pluginId: string;
1554
1998
  resourceType: string;
1555
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1556
- } | "deny";
1557
- }[], {
1558
- id?: string | undefined;
1559
- match: "*" | {
1560
- name?: string | undefined;
1561
- actions?: string[] | undefined;
1562
- resourceType?: string | undefined;
1563
- };
1564
- decision: "allow" | {
1999
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2000
+ } | "deny") & ("allow" | {
1565
2001
  pluginId: string;
1566
2002
  resourceType: string;
1567
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1568
- } | "deny";
2003
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2004
+ } | "deny" | undefined);
2005
+ id?: string | undefined;
1569
2006
  }[]>;
1570
2007
  }, "strip", z.ZodTypeAny, {
1571
2008
  id: string;
1572
- members: string[] | "*";
2009
+ members: (string[] | "*") & (string[] | "*" | undefined);
1573
2010
  name: string;
1574
2011
  permissions: {
1575
2012
  id: string;
1576
- match: "*" | {
2013
+ match: ("*" | {
2014
+ name?: string | undefined;
2015
+ actions?: string[] | undefined;
2016
+ resourceType?: string | undefined;
2017
+ }) & ("*" | {
1577
2018
  name?: string | undefined;
1578
2019
  actions?: string[] | undefined;
1579
2020
  resourceType?: string | undefined;
1580
- };
1581
- decision: "allow" | {
2021
+ } | undefined);
2022
+ decision: ("allow" | {
2023
+ pluginId: string;
2024
+ resourceType: string;
2025
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2026
+ } | "deny") & ("allow" | {
1582
2027
  pluginId: string;
1583
2028
  resourceType: string;
1584
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1585
- } | "deny";
2029
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2030
+ } | "deny" | undefined);
1586
2031
  }[];
1587
2032
  }, {
1588
- id?: string | undefined;
1589
- members: string[] | "*";
2033
+ members: (string[] | "*") & (string[] | "*" | undefined);
1590
2034
  name: string;
1591
2035
  permissions: {
1592
- id?: string | undefined;
1593
- match: "*" | {
2036
+ match: ("*" | {
1594
2037
  name?: string | undefined;
1595
2038
  actions?: string[] | undefined;
1596
2039
  resourceType?: string | undefined;
1597
- };
1598
- decision: "allow" | {
2040
+ }) & ("*" | {
2041
+ name?: string | undefined;
2042
+ actions?: string[] | undefined;
2043
+ resourceType?: string | undefined;
2044
+ } | undefined);
2045
+ decision: ("allow" | {
2046
+ pluginId: string;
2047
+ resourceType: string;
2048
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2049
+ } | "deny") & ("allow" | {
1599
2050
  pluginId: string;
1600
2051
  resourceType: string;
1601
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1602
- } | "deny";
2052
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2053
+ } | "deny" | undefined);
2054
+ id?: string | undefined;
1603
2055
  }[];
2056
+ id?: string | undefined;
1604
2057
  }>, "many">>, {
1605
2058
  id: string;
1606
- members: string[] | "*";
2059
+ members: (string[] | "*") & (string[] | "*" | undefined);
1607
2060
  name: string;
1608
2061
  permissions: {
1609
2062
  id: string;
1610
- match: "*" | {
2063
+ match: ("*" | {
2064
+ name?: string | undefined;
2065
+ actions?: string[] | undefined;
2066
+ resourceType?: string | undefined;
2067
+ }) & ("*" | {
1611
2068
  name?: string | undefined;
1612
2069
  actions?: string[] | undefined;
1613
2070
  resourceType?: string | undefined;
1614
- };
1615
- decision: "allow" | {
2071
+ } | undefined);
2072
+ decision: ("allow" | {
1616
2073
  pluginId: string;
1617
2074
  resourceType: string;
1618
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1619
- } | "deny";
2075
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2076
+ } | "deny") & ("allow" | {
2077
+ pluginId: string;
2078
+ resourceType: string;
2079
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2080
+ } | "deny" | undefined);
1620
2081
  }[];
1621
2082
  }[], {
1622
- id?: string | undefined;
1623
- members: string[] | "*";
2083
+ members: (string[] | "*") & (string[] | "*" | undefined);
1624
2084
  name: string;
1625
2085
  permissions: {
1626
- id?: string | undefined;
1627
- match: "*" | {
2086
+ match: ("*" | {
2087
+ name?: string | undefined;
2088
+ actions?: string[] | undefined;
2089
+ resourceType?: string | undefined;
2090
+ }) & ("*" | {
1628
2091
  name?: string | undefined;
1629
2092
  actions?: string[] | undefined;
1630
2093
  resourceType?: string | undefined;
1631
- };
1632
- decision: "allow" | {
2094
+ } | undefined);
2095
+ decision: ("allow" | {
2096
+ pluginId: string;
2097
+ resourceType: string;
2098
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2099
+ } | "deny") & ("allow" | {
1633
2100
  pluginId: string;
1634
2101
  resourceType: string;
1635
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1636
- } | "deny";
2102
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2103
+ } | "deny" | undefined);
2104
+ id?: string | undefined;
1637
2105
  }[];
2106
+ id?: string | undefined;
1638
2107
  }[] | undefined>>;
1639
- }>, "strip", z.ZodTypeAny, {
2108
+ }, "strip", z.ZodTypeAny, {
1640
2109
  name?: string | undefined;
2110
+ options?: {
2111
+ resolutionStrategy: "first-match" | "any-allow";
2112
+ } | undefined;
1641
2113
  roles?: {
1642
2114
  id: string;
1643
- members: string[] | "*";
2115
+ members: (string[] | "*") & (string[] | "*" | undefined);
1644
2116
  name: string;
1645
2117
  permissions: {
1646
2118
  id: string;
1647
- match: "*" | {
2119
+ match: ("*" | {
1648
2120
  name?: string | undefined;
1649
2121
  actions?: string[] | undefined;
1650
2122
  resourceType?: string | undefined;
1651
- };
1652
- decision: "allow" | {
2123
+ }) & ("*" | {
2124
+ name?: string | undefined;
2125
+ actions?: string[] | undefined;
2126
+ resourceType?: string | undefined;
2127
+ } | undefined);
2128
+ decision: ("allow" | {
1653
2129
  pluginId: string;
1654
2130
  resourceType: string;
1655
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1656
- } | "deny";
2131
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2132
+ } | "deny") & ("allow" | {
2133
+ pluginId: string;
2134
+ resourceType: string;
2135
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2136
+ } | "deny" | undefined);
1657
2137
  }[];
1658
2138
  }[] | undefined;
1659
2139
  }, {
1660
2140
  name?: string | undefined;
2141
+ options?: {
2142
+ resolutionStrategy: "first-match" | "any-allow";
2143
+ } | undefined;
1661
2144
  roles?: {
1662
- id?: string | undefined;
1663
- members: string[] | "*";
2145
+ members: (string[] | "*") & (string[] | "*" | undefined);
1664
2146
  name: string;
1665
2147
  permissions: {
1666
- id?: string | undefined;
1667
- match: "*" | {
2148
+ match: ("*" | {
2149
+ name?: string | undefined;
2150
+ actions?: string[] | undefined;
2151
+ resourceType?: string | undefined;
2152
+ }) & ("*" | {
1668
2153
  name?: string | undefined;
1669
2154
  actions?: string[] | undefined;
1670
2155
  resourceType?: string | undefined;
1671
- };
1672
- decision: "allow" | {
2156
+ } | undefined);
2157
+ decision: ("allow" | {
2158
+ pluginId: string;
2159
+ resourceType: string;
2160
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2161
+ } | "deny") & ("allow" | {
1673
2162
  pluginId: string;
1674
2163
  resourceType: string;
1675
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>;
1676
- } | "deny";
2164
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2165
+ } | "deny" | undefined);
2166
+ id?: string | undefined;
1677
2167
  }[];
2168
+ id?: string | undefined;
1678
2169
  }[] | undefined;
1679
2170
  }>;
1680
2171
  /** @public */
@@ -1726,10 +2217,19 @@ declare type PoliciesResponse = PaginatedResponse<Policy>;
1726
2217
 
1727
2218
  /** @public */
1728
2219
  declare const isMatchingPermission: (permission: Permission, match: PermissionMatch) => boolean;
2220
+ /**
2221
+ * Compares a user entity ref to an entry from a list of
2222
+ * policy members. The two refs must either match exactly,
2223
+ * or the policy member must be a wildcard (i.e. the result
2224
+ * of parsing the string "*" as an entityRef).
2225
+ *
2226
+ * @public
2227
+ */
2228
+ declare const matchesEntityRef: (userClaim: CompoundEntityRef, policyMember: CompoundEntityRef) => boolean;
1729
2229
 
1730
2230
  /** @public */
1731
2231
  declare type MapParamsCallback = (param: PermissionRuleParam) => PermissionRuleParam;
1732
2232
  /** @public */
1733
2233
  declare function mapParams(params: PermissionRuleParams, cb: MapParamsCallback): PermissionRuleParams;
1734
2234
 
1735
- export { AuthorizeResponse, BackstageUserPlaceholder, ConditionalDecision, ConditionalDecisionParser, CreateDraftRequest, CreateDraftRequestParser, DefaultingPolicyConfigParser, LiteralDecision, LiteralDecisionParser, MapParamsCallback, MemberResponse, PaginatedResponse, PermissionConditionParser, PermissionDecision, PermissionDecisionParser, PermissionMatch, PermissionMatchParser, PoliciesResponse, Policy, PolicyConfig, PolicyConfigParser, PolicyDefaultName, PolicyMember, PolicyTitleParser, PublishVersionRequest, PublishVersionRequestParser, RBACPermissionCondition, RawPolicyConfig, RawRole, Role, RoleParser, RolePermission, RolePermissionParser, RolePermissions, RolePermissionsParser, RolesParser, SearchMembersRequest, SearchMembersResponse, UpdateDraftRequest, UpdateDraftRequestParser, isAllOfPermissionCriteria, isAnyOfPermissionCriteria, isConditionalDecision, isMatchingPermission, isNotPermissionCriteria, mapParams };
2235
+ export { AuthorizeResponse, BackstageUserPlaceholder, ConditionalDecision, ConditionalDecisionParser, CreateDraftRequest, CreateDraftRequestParser, DefaultingPolicyConfigParser, LiteralDecision, LiteralDecisionParser, MapParamsCallback, MemberResponse, PaginatedResponse, PermissionConditionParser, PermissionDecision, PermissionDecisionParser, PermissionMatch, PermissionMatchParser, PoliciesResponse, Policy, PolicyConfig, PolicyConfigOptions, PolicyConfigOptionsParser, PolicyConfigParser, PolicyDefaultName, PolicyMember, PolicyRoleResolutionStrategy, PolicyRoleResolutionStrategyParser, PolicyTitleParser, PublishVersionRequest, PublishVersionRequestParser, RBACPermissionCondition, RawPolicyConfig, RawRole, Role, RoleParser, RolePermission, RolePermissionParser, RolePermissions, RolePermissionsParser, RolesParser, SearchMembersRequest, SearchMembersResponse, UpdateDraftRequest, UpdateDraftRequestParser, isAllOfPermissionCriteria, isAnyOfPermissionCriteria, isConditionalDecision, isMatchingPermission, isNotPermissionCriteria, mapParams, matchesEntityRef };