@spotify/backstage-plugin-rbac-common 0.5.8 → 0.5.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +13 -0
  2. package/dist/index.cjs.js +1 -1
  3. package/dist/index.d.ts +1658 -217
  4. package/dist/index.esm.js +1 -1
  5. package/package.json +3 -3
package/dist/index.d.ts CHANGED
@@ -776,6 +776,48 @@ declare const RolesParser: z.ZodEffects<z.ZodDefault<z.ZodArray<z.ZodObject<{
776
776
  id?: string | undefined;
777
777
  }[] | undefined>;
778
778
  /** @public */
779
+ declare const RoleDecisionParser: z.ZodObject<{
780
+ decision: z.ZodUnion<[z.ZodUnion<[z.ZodLiteral<"allow">, z.ZodLiteral<"deny">]>, z.ZodObject<{
781
+ pluginId: z.ZodString;
782
+ resourceType: z.ZodString;
783
+ conditions: z.ZodType<PermissionCriteria<RBACPermissionCondition>, z.ZodTypeDef, PermissionCriteria<RBACPermissionCondition>>;
784
+ }, "strip", z.ZodTypeAny, {
785
+ pluginId: string;
786
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
787
+ resourceType: string;
788
+ }, {
789
+ pluginId: string;
790
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
791
+ resourceType: string;
792
+ }>]>;
793
+ roleId: z.ZodDefault<z.ZodString>;
794
+ rolePermissionId: z.ZodDefault<z.ZodString>;
795
+ }, "strip", z.ZodTypeAny, {
796
+ decision: ("allow" | {
797
+ pluginId: string;
798
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
799
+ resourceType: string;
800
+ } | "deny") & ("allow" | {
801
+ pluginId: string;
802
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
803
+ resourceType: string;
804
+ } | "deny" | undefined);
805
+ roleId: string;
806
+ rolePermissionId: string;
807
+ }, {
808
+ decision: ("allow" | {
809
+ pluginId: string;
810
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
811
+ resourceType: string;
812
+ } | "deny") & ("allow" | {
813
+ pluginId: string;
814
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
815
+ resourceType: string;
816
+ } | "deny" | undefined);
817
+ roleId?: string | undefined;
818
+ rolePermissionId?: string | undefined;
819
+ }>;
820
+ /** @public */
779
821
  declare const PolicyTitleParser: z.ZodDefault<z.ZodString>;
780
822
  /** @public */
781
823
  declare const PolicyRoleResolutionStrategyParser: z.ZodUnion<[z.ZodLiteral<"first-match">, z.ZodLiteral<"any-allow">]>;
@@ -1449,73 +1491,8 @@ declare function isAllOfPermissionCriteria(conditions: PermissionCriteria<RBACPe
1449
1491
  declare function isAnyOfPermissionCriteria(conditions: PermissionCriteria<RBACPermissionCondition>): conditions is AnyOfCriteria<RBACPermissionCondition>;
1450
1492
  /** @public */
1451
1493
  declare function isNotPermissionCriteria(conditions: PermissionCriteria<RBACPermissionCondition>): conditions is NotCriteria<RBACPermissionCondition>;
1452
- /** @public */
1453
- type ConditionalDecision = z.infer<typeof ConditionalDecisionParser>;
1454
- /** @public */
1455
- type LiteralDecision = z.infer<typeof LiteralDecisionParser>;
1456
- /** @public */
1457
- type PermissionDecision = z.infer<typeof PermissionDecisionParser>;
1458
- /** @public */
1459
- type PermissionMatch = z.infer<typeof PermissionMatchParser>;
1460
- /** @public */
1461
- type RolePermission = z.infer<typeof RolePermissionParser>;
1462
- /** @public */
1463
- type RolePermissions = z.infer<typeof RolePermissionsParser>;
1464
- /** @public */
1465
- type RawRole = z.input<typeof RoleParser>;
1466
- /** @public */
1467
- type Role = z.infer<typeof RoleParser>;
1468
- /** @public */
1469
- type RawPolicyConfig = z.input<typeof PolicyConfigParser>;
1470
- /** @public */
1471
- type PolicyConfig = z.infer<typeof PolicyConfigParser>;
1472
- /** @public */
1473
- type PolicyRoleResolutionStrategy = z.infer<typeof PolicyRoleResolutionStrategyParser>;
1474
- /** @public */
1475
- type PolicyConfigOptions = z.infer<typeof PolicyConfigOptionsParser>;
1476
-
1477
- /** @public */
1478
- type Policy = PolicyConfig & {
1479
- /**
1480
- * Internal ID for lookups/references.
1481
- */
1482
- id: string;
1483
- /**
1484
- * Date that the version was created in ISO-8601 format.
1485
- */
1486
- createdAt: string;
1487
- /**
1488
- * Entity ref of the user that created the version.
1489
- */
1490
- createdBy: string;
1491
- /**
1492
- * Latest date on which the version was updated in ISO-8601 format.
1493
- */
1494
- updatedAt: string;
1495
- /**
1496
- * Entity ref of the latest user that updated the version.
1497
- */
1498
- updatedBy: string;
1499
- /**
1500
- * Description of the changes introduced with the version.
1501
- */
1502
- description?: string;
1503
- /**
1504
- * Latest date on which the version was published in ISO-8601 format.
1505
- */
1506
- lastPublishedAt?: string;
1507
- /**
1508
- * Entity ref of the latest user that published the version.
1509
- */
1510
- lastPublishedBy?: string;
1511
- /**
1512
- * Current status of the policy.
1513
- */
1514
- status: 'draft' | 'active' | 'inactive';
1515
- };
1516
-
1517
- /** @public */
1518
- declare const CreateDraftRequestParser: z.ZodObject<{
1494
+ /** @public */
1495
+ declare const PolicyParser: z.ZodObject<{
1519
1496
  name: z.ZodDefault<z.ZodString>;
1520
1497
  options: z.ZodDefault<z.ZodObject<{
1521
1498
  resolutionStrategy: z.ZodUnion<[z.ZodLiteral<"first-match">, z.ZodLiteral<"any-allow">]>;
@@ -1546,14 +1523,14 @@ declare const CreateDraftRequestParser: z.ZodObject<{
1546
1523
  decision: z.ZodUnion<[z.ZodUnion<[z.ZodLiteral<"allow">, z.ZodLiteral<"deny">]>, z.ZodObject<{
1547
1524
  pluginId: z.ZodString;
1548
1525
  resourceType: z.ZodString;
1549
- conditions: z.ZodType<_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>, z.ZodTypeDef, _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>>;
1526
+ conditions: z.ZodType<PermissionCriteria<RBACPermissionCondition>, z.ZodTypeDef, PermissionCriteria<RBACPermissionCondition>>;
1550
1527
  }, "strip", z.ZodTypeAny, {
1551
1528
  pluginId: string;
1552
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1529
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1553
1530
  resourceType: string;
1554
1531
  }, {
1555
1532
  pluginId: string;
1556
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1533
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1557
1534
  resourceType: string;
1558
1535
  }>]>;
1559
1536
  }, "strip", z.ZodTypeAny, {
@@ -1569,11 +1546,11 @@ declare const CreateDraftRequestParser: z.ZodObject<{
1569
1546
  } | undefined);
1570
1547
  decision: ("allow" | {
1571
1548
  pluginId: string;
1572
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1549
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1573
1550
  resourceType: string;
1574
1551
  } | "deny") & ("allow" | {
1575
1552
  pluginId: string;
1576
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1553
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1577
1554
  resourceType: string;
1578
1555
  } | "deny" | undefined);
1579
1556
  }, {
@@ -1588,11 +1565,11 @@ declare const CreateDraftRequestParser: z.ZodObject<{
1588
1565
  } | undefined);
1589
1566
  decision: ("allow" | {
1590
1567
  pluginId: string;
1591
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1568
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1592
1569
  resourceType: string;
1593
1570
  } | "deny") & ("allow" | {
1594
1571
  pluginId: string;
1595
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1572
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1596
1573
  resourceType: string;
1597
1574
  } | "deny" | undefined);
1598
1575
  id?: string | undefined;
@@ -1609,11 +1586,11 @@ declare const CreateDraftRequestParser: z.ZodObject<{
1609
1586
  } | undefined);
1610
1587
  decision: ("allow" | {
1611
1588
  pluginId: string;
1612
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1589
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1613
1590
  resourceType: string;
1614
1591
  } | "deny") & ("allow" | {
1615
1592
  pluginId: string;
1616
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1593
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1617
1594
  resourceType: string;
1618
1595
  } | "deny" | undefined);
1619
1596
  }, {
@@ -1628,11 +1605,11 @@ declare const CreateDraftRequestParser: z.ZodObject<{
1628
1605
  } | undefined);
1629
1606
  decision: ("allow" | {
1630
1607
  pluginId: string;
1631
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1608
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1632
1609
  resourceType: string;
1633
1610
  } | "deny") & ("allow" | {
1634
1611
  pluginId: string;
1635
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1612
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1636
1613
  resourceType: string;
1637
1614
  } | "deny" | undefined);
1638
1615
  id?: string | undefined;
@@ -1649,11 +1626,11 @@ declare const CreateDraftRequestParser: z.ZodObject<{
1649
1626
  } | undefined);
1650
1627
  decision: ("allow" | {
1651
1628
  pluginId: string;
1652
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1629
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1653
1630
  resourceType: string;
1654
1631
  } | "deny") & ("allow" | {
1655
1632
  pluginId: string;
1656
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1633
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1657
1634
  resourceType: string;
1658
1635
  } | "deny" | undefined);
1659
1636
  }[], {
@@ -1668,11 +1645,11 @@ declare const CreateDraftRequestParser: z.ZodObject<{
1668
1645
  } | undefined);
1669
1646
  decision: ("allow" | {
1670
1647
  pluginId: string;
1671
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1648
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1672
1649
  resourceType: string;
1673
1650
  } | "deny") & ("allow" | {
1674
1651
  pluginId: string;
1675
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1652
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1676
1653
  resourceType: string;
1677
1654
  } | "deny" | undefined);
1678
1655
  id?: string | undefined;
@@ -1694,11 +1671,11 @@ declare const CreateDraftRequestParser: z.ZodObject<{
1694
1671
  } | undefined);
1695
1672
  decision: ("allow" | {
1696
1673
  pluginId: string;
1697
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1674
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1698
1675
  resourceType: string;
1699
1676
  } | "deny") & ("allow" | {
1700
1677
  pluginId: string;
1701
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1678
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1702
1679
  resourceType: string;
1703
1680
  } | "deny" | undefined);
1704
1681
  }[];
@@ -1717,11 +1694,11 @@ declare const CreateDraftRequestParser: z.ZodObject<{
1717
1694
  } | undefined);
1718
1695
  decision: ("allow" | {
1719
1696
  pluginId: string;
1720
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1697
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1721
1698
  resourceType: string;
1722
1699
  } | "deny") & ("allow" | {
1723
1700
  pluginId: string;
1724
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1701
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1725
1702
  resourceType: string;
1726
1703
  } | "deny" | undefined);
1727
1704
  id?: string | undefined;
@@ -1744,11 +1721,11 @@ declare const CreateDraftRequestParser: z.ZodObject<{
1744
1721
  } | undefined);
1745
1722
  decision: ("allow" | {
1746
1723
  pluginId: string;
1747
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1724
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1748
1725
  resourceType: string;
1749
1726
  } | "deny") & ("allow" | {
1750
1727
  pluginId: string;
1751
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1728
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1752
1729
  resourceType: string;
1753
1730
  } | "deny" | undefined);
1754
1731
  }[];
@@ -1767,19 +1744,32 @@ declare const CreateDraftRequestParser: z.ZodObject<{
1767
1744
  } | undefined);
1768
1745
  decision: ("allow" | {
1769
1746
  pluginId: string;
1770
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1747
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1771
1748
  resourceType: string;
1772
1749
  } | "deny") & ("allow" | {
1773
1750
  pluginId: string;
1774
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1751
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1775
1752
  resourceType: string;
1776
1753
  } | "deny" | undefined);
1777
1754
  id?: string | undefined;
1778
1755
  }[];
1779
1756
  id?: string | undefined;
1780
1757
  }[] | undefined>;
1758
+ id: z.ZodString;
1759
+ createdAt: z.ZodString;
1760
+ createdBy: z.ZodString;
1761
+ updatedAt: z.ZodString;
1762
+ updatedBy: z.ZodString;
1763
+ description: z.ZodNullable<z.ZodOptional<z.ZodString>>;
1764
+ lastPublishedAt: z.ZodNullable<z.ZodOptional<z.ZodString>>;
1765
+ lastPublishedBy: z.ZodNullable<z.ZodOptional<z.ZodString>>;
1766
+ status: z.ZodEnum<["draft", "active", "inactive"]>;
1781
1767
  }, "strip", z.ZodTypeAny, {
1768
+ id: string;
1782
1769
  name: string;
1770
+ status: "active" | "inactive" | "draft";
1771
+ createdBy: string;
1772
+ updatedBy: string;
1783
1773
  options: {
1784
1774
  resolutionStrategy: "first-match" | "any-allow";
1785
1775
  };
@@ -1800,16 +1790,27 @@ declare const CreateDraftRequestParser: z.ZodObject<{
1800
1790
  } | undefined);
1801
1791
  decision: ("allow" | {
1802
1792
  pluginId: string;
1803
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1793
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1804
1794
  resourceType: string;
1805
1795
  } | "deny") & ("allow" | {
1806
1796
  pluginId: string;
1807
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1797
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1808
1798
  resourceType: string;
1809
1799
  } | "deny" | undefined);
1810
1800
  }[];
1811
1801
  }[];
1802
+ createdAt: string;
1803
+ updatedAt: string;
1804
+ description?: string | null | undefined;
1805
+ lastPublishedAt?: string | null | undefined;
1806
+ lastPublishedBy?: string | null | undefined;
1812
1807
  }, {
1808
+ id: string;
1809
+ status: "active" | "inactive" | "draft";
1810
+ createdBy: string;
1811
+ updatedBy: string;
1812
+ createdAt: string;
1813
+ updatedAt: string;
1813
1814
  name?: string | undefined;
1814
1815
  options?: {
1815
1816
  resolutionStrategy: "first-match" | "any-allow";
@@ -1829,29 +1830,61 @@ declare const CreateDraftRequestParser: z.ZodObject<{
1829
1830
  } | undefined);
1830
1831
  decision: ("allow" | {
1831
1832
  pluginId: string;
1832
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1833
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1833
1834
  resourceType: string;
1834
1835
  } | "deny") & ("allow" | {
1835
1836
  pluginId: string;
1836
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
1837
+ conditions: PermissionCriteria<RBACPermissionCondition> & (PermissionCriteria<RBACPermissionCondition> | undefined);
1837
1838
  resourceType: string;
1838
1839
  } | "deny" | undefined);
1839
1840
  id?: string | undefined;
1840
1841
  }[];
1841
1842
  id?: string | undefined;
1842
1843
  }[] | undefined;
1844
+ description?: string | null | undefined;
1845
+ lastPublishedAt?: string | null | undefined;
1846
+ lastPublishedBy?: string | null | undefined;
1843
1847
  }>;
1844
1848
  /** @public */
1845
- declare const UpdateDraftRequestParser: z.ZodObject<{
1846
- name: z.ZodOptional<z.ZodDefault<z.ZodString>>;
1847
- options: z.ZodOptional<z.ZodDefault<z.ZodObject<{
1849
+ type Policy = z.infer<typeof PolicyParser>;
1850
+ /** @public */
1851
+ type ConditionalDecision = z.infer<typeof ConditionalDecisionParser>;
1852
+ /** @public */
1853
+ type LiteralDecision = z.infer<typeof LiteralDecisionParser>;
1854
+ /** @public */
1855
+ type PermissionDecision = z.infer<typeof PermissionDecisionParser>;
1856
+ /** @public */
1857
+ type PermissionMatch = z.infer<typeof PermissionMatchParser>;
1858
+ /** @public */
1859
+ type RolePermission = z.infer<typeof RolePermissionParser>;
1860
+ /** @public */
1861
+ type RolePermissions = z.infer<typeof RolePermissionsParser>;
1862
+ /** @public */
1863
+ type RawRole = z.input<typeof RoleParser>;
1864
+ /** @public */
1865
+ type Role = z.infer<typeof RoleParser>;
1866
+ /** @public */
1867
+ type RoleDecision = z.infer<typeof RoleDecisionParser>;
1868
+ /** @public */
1869
+ type RawPolicyConfig = z.input<typeof PolicyConfigParser>;
1870
+ /** @public */
1871
+ type PolicyConfig = z.infer<typeof PolicyConfigParser>;
1872
+ /** @public */
1873
+ type PolicyRoleResolutionStrategy = z.infer<typeof PolicyRoleResolutionStrategyParser>;
1874
+ /** @public */
1875
+ type PolicyConfigOptions = z.infer<typeof PolicyConfigOptionsParser>;
1876
+
1877
+ /** @public */
1878
+ declare const CreateDraftRequestParser: z.ZodObject<{
1879
+ name: z.ZodDefault<z.ZodString>;
1880
+ options: z.ZodDefault<z.ZodObject<{
1848
1881
  resolutionStrategy: z.ZodUnion<[z.ZodLiteral<"first-match">, z.ZodLiteral<"any-allow">]>;
1849
1882
  }, "strip", z.ZodTypeAny, {
1850
1883
  resolutionStrategy: "first-match" | "any-allow";
1851
1884
  }, {
1852
1885
  resolutionStrategy: "first-match" | "any-allow";
1853
- }>>>;
1854
- roles: z.ZodOptional<z.ZodEffects<z.ZodDefault<z.ZodArray<z.ZodObject<{
1886
+ }>>;
1887
+ roles: z.ZodEffects<z.ZodDefault<z.ZodArray<z.ZodObject<{
1855
1888
  name: z.ZodString;
1856
1889
  id: z.ZodDefault<z.ZodString>;
1857
1890
  members: z.ZodUnion<[z.ZodLiteral<"*">, z.ZodArray<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>, "many">]>;
@@ -2104,13 +2137,13 @@ declare const UpdateDraftRequestParser: z.ZodObject<{
2104
2137
  id?: string | undefined;
2105
2138
  }[];
2106
2139
  id?: string | undefined;
2107
- }[] | undefined>>;
2140
+ }[] | undefined>;
2108
2141
  }, "strip", z.ZodTypeAny, {
2109
- name?: string | undefined;
2110
- options?: {
2142
+ name: string;
2143
+ options: {
2111
2144
  resolutionStrategy: "first-match" | "any-allow";
2112
- } | undefined;
2113
- roles?: {
2145
+ };
2146
+ roles: {
2114
2147
  id: string;
2115
2148
  name: string;
2116
2149
  members: (string[] | "*") & (string[] | "*" | undefined);
@@ -2135,7 +2168,7 @@ declare const UpdateDraftRequestParser: z.ZodObject<{
2135
2168
  resourceType: string;
2136
2169
  } | "deny" | undefined);
2137
2170
  }[];
2138
- }[] | undefined;
2171
+ }[];
2139
2172
  }, {
2140
2173
  name?: string | undefined;
2141
2174
  options?: {
@@ -2169,63 +2202,1435 @@ declare const UpdateDraftRequestParser: z.ZodObject<{
2169
2202
  }[] | undefined;
2170
2203
  }>;
2171
2204
  /** @public */
2172
- declare const PublishVersionRequestParser: z.ZodObject<{
2173
- description: z.ZodOptional<z.ZodString>;
2174
- update: z.ZodOptional<z.ZodObject<{
2175
- name: z.ZodOptional<z.ZodDefault<z.ZodString>>;
2176
- options: z.ZodOptional<z.ZodDefault<z.ZodObject<{
2177
- resolutionStrategy: z.ZodUnion<[z.ZodLiteral<"first-match">, z.ZodLiteral<"any-allow">]>;
2178
- }, "strip", z.ZodTypeAny, {
2179
- resolutionStrategy: "first-match" | "any-allow";
2180
- }, {
2181
- resolutionStrategy: "first-match" | "any-allow";
2182
- }>>>;
2183
- roles: z.ZodOptional<z.ZodEffects<z.ZodDefault<z.ZodArray<z.ZodObject<{
2184
- name: z.ZodString;
2205
+ declare const UpdateDraftRequestParser: z.ZodObject<{
2206
+ name: z.ZodOptional<z.ZodDefault<z.ZodString>>;
2207
+ options: z.ZodOptional<z.ZodDefault<z.ZodObject<{
2208
+ resolutionStrategy: z.ZodUnion<[z.ZodLiteral<"first-match">, z.ZodLiteral<"any-allow">]>;
2209
+ }, "strip", z.ZodTypeAny, {
2210
+ resolutionStrategy: "first-match" | "any-allow";
2211
+ }, {
2212
+ resolutionStrategy: "first-match" | "any-allow";
2213
+ }>>>;
2214
+ roles: z.ZodOptional<z.ZodEffects<z.ZodDefault<z.ZodArray<z.ZodObject<{
2215
+ name: z.ZodString;
2216
+ id: z.ZodDefault<z.ZodString>;
2217
+ members: z.ZodUnion<[z.ZodLiteral<"*">, z.ZodArray<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>, "many">]>;
2218
+ permissions: z.ZodEffects<z.ZodArray<z.ZodEffects<z.ZodObject<{
2185
2219
  id: z.ZodDefault<z.ZodString>;
2186
- members: z.ZodUnion<[z.ZodLiteral<"*">, z.ZodArray<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>, "many">]>;
2187
- permissions: z.ZodEffects<z.ZodArray<z.ZodEffects<z.ZodObject<{
2188
- id: z.ZodDefault<z.ZodString>;
2189
- match: z.ZodUnion<[z.ZodLiteral<"*">, z.ZodObject<{
2190
- name: z.ZodOptional<z.ZodString>;
2191
- actions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2192
- resourceType: z.ZodOptional<z.ZodString>;
2193
- }, "strip", z.ZodTypeAny, {
2194
- name?: string | undefined;
2195
- actions?: string[] | undefined;
2196
- resourceType?: string | undefined;
2197
- }, {
2198
- name?: string | undefined;
2199
- actions?: string[] | undefined;
2200
- resourceType?: string | undefined;
2201
- }>]>;
2202
- decision: z.ZodUnion<[z.ZodUnion<[z.ZodLiteral<"allow">, z.ZodLiteral<"deny">]>, z.ZodObject<{
2203
- pluginId: z.ZodString;
2204
- resourceType: z.ZodString;
2205
- conditions: z.ZodType<_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>, z.ZodTypeDef, _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>>;
2206
- }, "strip", z.ZodTypeAny, {
2207
- pluginId: string;
2208
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2209
- resourceType: string;
2210
- }, {
2211
- pluginId: string;
2212
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2213
- resourceType: string;
2214
- }>]>;
2220
+ match: z.ZodUnion<[z.ZodLiteral<"*">, z.ZodObject<{
2221
+ name: z.ZodOptional<z.ZodString>;
2222
+ actions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2223
+ resourceType: z.ZodOptional<z.ZodString>;
2215
2224
  }, "strip", z.ZodTypeAny, {
2216
- id: string;
2217
- match: ("*" | {
2218
- name?: string | undefined;
2219
- actions?: string[] | undefined;
2220
- resourceType?: string | undefined;
2221
- }) & ("*" | {
2222
- name?: string | undefined;
2223
- actions?: string[] | undefined;
2224
- resourceType?: string | undefined;
2225
- } | undefined);
2226
- decision: ("allow" | {
2227
- pluginId: string;
2228
- conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2225
+ name?: string | undefined;
2226
+ actions?: string[] | undefined;
2227
+ resourceType?: string | undefined;
2228
+ }, {
2229
+ name?: string | undefined;
2230
+ actions?: string[] | undefined;
2231
+ resourceType?: string | undefined;
2232
+ }>]>;
2233
+ decision: z.ZodUnion<[z.ZodUnion<[z.ZodLiteral<"allow">, z.ZodLiteral<"deny">]>, z.ZodObject<{
2234
+ pluginId: z.ZodString;
2235
+ resourceType: z.ZodString;
2236
+ conditions: z.ZodType<_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>, z.ZodTypeDef, _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>>;
2237
+ }, "strip", z.ZodTypeAny, {
2238
+ pluginId: string;
2239
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2240
+ resourceType: string;
2241
+ }, {
2242
+ pluginId: string;
2243
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2244
+ resourceType: string;
2245
+ }>]>;
2246
+ }, "strip", z.ZodTypeAny, {
2247
+ id: string;
2248
+ match: ("*" | {
2249
+ name?: string | undefined;
2250
+ actions?: string[] | undefined;
2251
+ resourceType?: string | undefined;
2252
+ }) & ("*" | {
2253
+ name?: string | undefined;
2254
+ actions?: string[] | undefined;
2255
+ resourceType?: string | undefined;
2256
+ } | undefined);
2257
+ decision: ("allow" | {
2258
+ pluginId: string;
2259
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2260
+ resourceType: string;
2261
+ } | "deny") & ("allow" | {
2262
+ pluginId: string;
2263
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2264
+ resourceType: string;
2265
+ } | "deny" | undefined);
2266
+ }, {
2267
+ match: ("*" | {
2268
+ name?: string | undefined;
2269
+ actions?: string[] | undefined;
2270
+ resourceType?: string | undefined;
2271
+ }) & ("*" | {
2272
+ name?: string | undefined;
2273
+ actions?: string[] | undefined;
2274
+ resourceType?: string | undefined;
2275
+ } | undefined);
2276
+ decision: ("allow" | {
2277
+ pluginId: string;
2278
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2279
+ resourceType: string;
2280
+ } | "deny") & ("allow" | {
2281
+ pluginId: string;
2282
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2283
+ resourceType: string;
2284
+ } | "deny" | undefined);
2285
+ id?: string | undefined;
2286
+ }>, {
2287
+ id: string;
2288
+ match: ("*" | {
2289
+ name?: string | undefined;
2290
+ actions?: string[] | undefined;
2291
+ resourceType?: string | undefined;
2292
+ }) & ("*" | {
2293
+ name?: string | undefined;
2294
+ actions?: string[] | undefined;
2295
+ resourceType?: string | undefined;
2296
+ } | undefined);
2297
+ decision: ("allow" | {
2298
+ pluginId: string;
2299
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2300
+ resourceType: string;
2301
+ } | "deny") & ("allow" | {
2302
+ pluginId: string;
2303
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2304
+ resourceType: string;
2305
+ } | "deny" | undefined);
2306
+ }, {
2307
+ match: ("*" | {
2308
+ name?: string | undefined;
2309
+ actions?: string[] | undefined;
2310
+ resourceType?: string | undefined;
2311
+ }) & ("*" | {
2312
+ name?: string | undefined;
2313
+ actions?: string[] | undefined;
2314
+ resourceType?: string | undefined;
2315
+ } | undefined);
2316
+ decision: ("allow" | {
2317
+ pluginId: string;
2318
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2319
+ resourceType: string;
2320
+ } | "deny") & ("allow" | {
2321
+ pluginId: string;
2322
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2323
+ resourceType: string;
2324
+ } | "deny" | undefined);
2325
+ id?: string | undefined;
2326
+ }>, "many">, {
2327
+ id: string;
2328
+ match: ("*" | {
2329
+ name?: string | undefined;
2330
+ actions?: string[] | undefined;
2331
+ resourceType?: string | undefined;
2332
+ }) & ("*" | {
2333
+ name?: string | undefined;
2334
+ actions?: string[] | undefined;
2335
+ resourceType?: string | undefined;
2336
+ } | undefined);
2337
+ decision: ("allow" | {
2338
+ pluginId: string;
2339
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2340
+ resourceType: string;
2341
+ } | "deny") & ("allow" | {
2342
+ pluginId: string;
2343
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2344
+ resourceType: string;
2345
+ } | "deny" | undefined);
2346
+ }[], {
2347
+ match: ("*" | {
2348
+ name?: string | undefined;
2349
+ actions?: string[] | undefined;
2350
+ resourceType?: string | undefined;
2351
+ }) & ("*" | {
2352
+ name?: string | undefined;
2353
+ actions?: string[] | undefined;
2354
+ resourceType?: string | undefined;
2355
+ } | undefined);
2356
+ decision: ("allow" | {
2357
+ pluginId: string;
2358
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2359
+ resourceType: string;
2360
+ } | "deny") & ("allow" | {
2361
+ pluginId: string;
2362
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2363
+ resourceType: string;
2364
+ } | "deny" | undefined);
2365
+ id?: string | undefined;
2366
+ }[]>;
2367
+ }, "strip", z.ZodTypeAny, {
2368
+ id: string;
2369
+ name: string;
2370
+ members: (string[] | "*") & (string[] | "*" | undefined);
2371
+ permissions: {
2372
+ id: string;
2373
+ match: ("*" | {
2374
+ name?: string | undefined;
2375
+ actions?: string[] | undefined;
2376
+ resourceType?: string | undefined;
2377
+ }) & ("*" | {
2378
+ name?: string | undefined;
2379
+ actions?: string[] | undefined;
2380
+ resourceType?: string | undefined;
2381
+ } | undefined);
2382
+ decision: ("allow" | {
2383
+ pluginId: string;
2384
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2385
+ resourceType: string;
2386
+ } | "deny") & ("allow" | {
2387
+ pluginId: string;
2388
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2389
+ resourceType: string;
2390
+ } | "deny" | undefined);
2391
+ }[];
2392
+ }, {
2393
+ name: string;
2394
+ members: (string[] | "*") & (string[] | "*" | undefined);
2395
+ permissions: {
2396
+ match: ("*" | {
2397
+ name?: string | undefined;
2398
+ actions?: string[] | undefined;
2399
+ resourceType?: string | undefined;
2400
+ }) & ("*" | {
2401
+ name?: string | undefined;
2402
+ actions?: string[] | undefined;
2403
+ resourceType?: string | undefined;
2404
+ } | undefined);
2405
+ decision: ("allow" | {
2406
+ pluginId: string;
2407
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2408
+ resourceType: string;
2409
+ } | "deny") & ("allow" | {
2410
+ pluginId: string;
2411
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2412
+ resourceType: string;
2413
+ } | "deny" | undefined);
2414
+ id?: string | undefined;
2415
+ }[];
2416
+ id?: string | undefined;
2417
+ }>, "many">>, {
2418
+ id: string;
2419
+ name: string;
2420
+ members: (string[] | "*") & (string[] | "*" | undefined);
2421
+ permissions: {
2422
+ id: string;
2423
+ match: ("*" | {
2424
+ name?: string | undefined;
2425
+ actions?: string[] | undefined;
2426
+ resourceType?: string | undefined;
2427
+ }) & ("*" | {
2428
+ name?: string | undefined;
2429
+ actions?: string[] | undefined;
2430
+ resourceType?: string | undefined;
2431
+ } | undefined);
2432
+ decision: ("allow" | {
2433
+ pluginId: string;
2434
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2435
+ resourceType: string;
2436
+ } | "deny") & ("allow" | {
2437
+ pluginId: string;
2438
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2439
+ resourceType: string;
2440
+ } | "deny" | undefined);
2441
+ }[];
2442
+ }[], {
2443
+ name: string;
2444
+ members: (string[] | "*") & (string[] | "*" | undefined);
2445
+ permissions: {
2446
+ match: ("*" | {
2447
+ name?: string | undefined;
2448
+ actions?: string[] | undefined;
2449
+ resourceType?: string | undefined;
2450
+ }) & ("*" | {
2451
+ name?: string | undefined;
2452
+ actions?: string[] | undefined;
2453
+ resourceType?: string | undefined;
2454
+ } | undefined);
2455
+ decision: ("allow" | {
2456
+ pluginId: string;
2457
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2458
+ resourceType: string;
2459
+ } | "deny") & ("allow" | {
2460
+ pluginId: string;
2461
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2462
+ resourceType: string;
2463
+ } | "deny" | undefined);
2464
+ id?: string | undefined;
2465
+ }[];
2466
+ id?: string | undefined;
2467
+ }[] | undefined>>;
2468
+ }, "strip", z.ZodTypeAny, {
2469
+ name?: string | undefined;
2470
+ options?: {
2471
+ resolutionStrategy: "first-match" | "any-allow";
2472
+ } | undefined;
2473
+ roles?: {
2474
+ id: string;
2475
+ name: string;
2476
+ members: (string[] | "*") & (string[] | "*" | undefined);
2477
+ permissions: {
2478
+ id: string;
2479
+ match: ("*" | {
2480
+ name?: string | undefined;
2481
+ actions?: string[] | undefined;
2482
+ resourceType?: string | undefined;
2483
+ }) & ("*" | {
2484
+ name?: string | undefined;
2485
+ actions?: string[] | undefined;
2486
+ resourceType?: string | undefined;
2487
+ } | undefined);
2488
+ decision: ("allow" | {
2489
+ pluginId: string;
2490
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2491
+ resourceType: string;
2492
+ } | "deny") & ("allow" | {
2493
+ pluginId: string;
2494
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2495
+ resourceType: string;
2496
+ } | "deny" | undefined);
2497
+ }[];
2498
+ }[] | undefined;
2499
+ }, {
2500
+ name?: string | undefined;
2501
+ options?: {
2502
+ resolutionStrategy: "first-match" | "any-allow";
2503
+ } | undefined;
2504
+ roles?: {
2505
+ name: string;
2506
+ members: (string[] | "*") & (string[] | "*" | undefined);
2507
+ permissions: {
2508
+ match: ("*" | {
2509
+ name?: string | undefined;
2510
+ actions?: string[] | undefined;
2511
+ resourceType?: string | undefined;
2512
+ }) & ("*" | {
2513
+ name?: string | undefined;
2514
+ actions?: string[] | undefined;
2515
+ resourceType?: string | undefined;
2516
+ } | undefined);
2517
+ decision: ("allow" | {
2518
+ pluginId: string;
2519
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2520
+ resourceType: string;
2521
+ } | "deny") & ("allow" | {
2522
+ pluginId: string;
2523
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2524
+ resourceType: string;
2525
+ } | "deny" | undefined);
2526
+ id?: string | undefined;
2527
+ }[];
2528
+ id?: string | undefined;
2529
+ }[] | undefined;
2530
+ }>;
2531
+ /** @public */
2532
+ declare const PublishVersionRequestParser: z.ZodObject<{
2533
+ description: z.ZodOptional<z.ZodString>;
2534
+ update: z.ZodOptional<z.ZodObject<{
2535
+ name: z.ZodOptional<z.ZodDefault<z.ZodString>>;
2536
+ options: z.ZodOptional<z.ZodDefault<z.ZodObject<{
2537
+ resolutionStrategy: z.ZodUnion<[z.ZodLiteral<"first-match">, z.ZodLiteral<"any-allow">]>;
2538
+ }, "strip", z.ZodTypeAny, {
2539
+ resolutionStrategy: "first-match" | "any-allow";
2540
+ }, {
2541
+ resolutionStrategy: "first-match" | "any-allow";
2542
+ }>>>;
2543
+ roles: z.ZodOptional<z.ZodEffects<z.ZodDefault<z.ZodArray<z.ZodObject<{
2544
+ name: z.ZodString;
2545
+ id: z.ZodDefault<z.ZodString>;
2546
+ members: z.ZodUnion<[z.ZodLiteral<"*">, z.ZodArray<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>, "many">]>;
2547
+ permissions: z.ZodEffects<z.ZodArray<z.ZodEffects<z.ZodObject<{
2548
+ id: z.ZodDefault<z.ZodString>;
2549
+ match: z.ZodUnion<[z.ZodLiteral<"*">, z.ZodObject<{
2550
+ name: z.ZodOptional<z.ZodString>;
2551
+ actions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2552
+ resourceType: z.ZodOptional<z.ZodString>;
2553
+ }, "strip", z.ZodTypeAny, {
2554
+ name?: string | undefined;
2555
+ actions?: string[] | undefined;
2556
+ resourceType?: string | undefined;
2557
+ }, {
2558
+ name?: string | undefined;
2559
+ actions?: string[] | undefined;
2560
+ resourceType?: string | undefined;
2561
+ }>]>;
2562
+ decision: z.ZodUnion<[z.ZodUnion<[z.ZodLiteral<"allow">, z.ZodLiteral<"deny">]>, z.ZodObject<{
2563
+ pluginId: z.ZodString;
2564
+ resourceType: z.ZodString;
2565
+ conditions: z.ZodType<_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>, z.ZodTypeDef, _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>>;
2566
+ }, "strip", z.ZodTypeAny, {
2567
+ pluginId: string;
2568
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2569
+ resourceType: string;
2570
+ }, {
2571
+ pluginId: string;
2572
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2573
+ resourceType: string;
2574
+ }>]>;
2575
+ }, "strip", z.ZodTypeAny, {
2576
+ id: string;
2577
+ match: ("*" | {
2578
+ name?: string | undefined;
2579
+ actions?: string[] | undefined;
2580
+ resourceType?: string | undefined;
2581
+ }) & ("*" | {
2582
+ name?: string | undefined;
2583
+ actions?: string[] | undefined;
2584
+ resourceType?: string | undefined;
2585
+ } | undefined);
2586
+ decision: ("allow" | {
2587
+ pluginId: string;
2588
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2589
+ resourceType: string;
2590
+ } | "deny") & ("allow" | {
2591
+ pluginId: string;
2592
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2593
+ resourceType: string;
2594
+ } | "deny" | undefined);
2595
+ }, {
2596
+ match: ("*" | {
2597
+ name?: string | undefined;
2598
+ actions?: string[] | undefined;
2599
+ resourceType?: string | undefined;
2600
+ }) & ("*" | {
2601
+ name?: string | undefined;
2602
+ actions?: string[] | undefined;
2603
+ resourceType?: string | undefined;
2604
+ } | undefined);
2605
+ decision: ("allow" | {
2606
+ pluginId: string;
2607
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2608
+ resourceType: string;
2609
+ } | "deny") & ("allow" | {
2610
+ pluginId: string;
2611
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2612
+ resourceType: string;
2613
+ } | "deny" | undefined);
2614
+ id?: string | undefined;
2615
+ }>, {
2616
+ id: string;
2617
+ match: ("*" | {
2618
+ name?: string | undefined;
2619
+ actions?: string[] | undefined;
2620
+ resourceType?: string | undefined;
2621
+ }) & ("*" | {
2622
+ name?: string | undefined;
2623
+ actions?: string[] | undefined;
2624
+ resourceType?: string | undefined;
2625
+ } | undefined);
2626
+ decision: ("allow" | {
2627
+ pluginId: string;
2628
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2629
+ resourceType: string;
2630
+ } | "deny") & ("allow" | {
2631
+ pluginId: string;
2632
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2633
+ resourceType: string;
2634
+ } | "deny" | undefined);
2635
+ }, {
2636
+ match: ("*" | {
2637
+ name?: string | undefined;
2638
+ actions?: string[] | undefined;
2639
+ resourceType?: string | undefined;
2640
+ }) & ("*" | {
2641
+ name?: string | undefined;
2642
+ actions?: string[] | undefined;
2643
+ resourceType?: string | undefined;
2644
+ } | undefined);
2645
+ decision: ("allow" | {
2646
+ pluginId: string;
2647
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2648
+ resourceType: string;
2649
+ } | "deny") & ("allow" | {
2650
+ pluginId: string;
2651
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2652
+ resourceType: string;
2653
+ } | "deny" | undefined);
2654
+ id?: string | undefined;
2655
+ }>, "many">, {
2656
+ id: string;
2657
+ match: ("*" | {
2658
+ name?: string | undefined;
2659
+ actions?: string[] | undefined;
2660
+ resourceType?: string | undefined;
2661
+ }) & ("*" | {
2662
+ name?: string | undefined;
2663
+ actions?: string[] | undefined;
2664
+ resourceType?: string | undefined;
2665
+ } | undefined);
2666
+ decision: ("allow" | {
2667
+ pluginId: string;
2668
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2669
+ resourceType: string;
2670
+ } | "deny") & ("allow" | {
2671
+ pluginId: string;
2672
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2673
+ resourceType: string;
2674
+ } | "deny" | undefined);
2675
+ }[], {
2676
+ match: ("*" | {
2677
+ name?: string | undefined;
2678
+ actions?: string[] | undefined;
2679
+ resourceType?: string | undefined;
2680
+ }) & ("*" | {
2681
+ name?: string | undefined;
2682
+ actions?: string[] | undefined;
2683
+ resourceType?: string | undefined;
2684
+ } | undefined);
2685
+ decision: ("allow" | {
2686
+ pluginId: string;
2687
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2688
+ resourceType: string;
2689
+ } | "deny") & ("allow" | {
2690
+ pluginId: string;
2691
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2692
+ resourceType: string;
2693
+ } | "deny" | undefined);
2694
+ id?: string | undefined;
2695
+ }[]>;
2696
+ }, "strip", z.ZodTypeAny, {
2697
+ id: string;
2698
+ name: string;
2699
+ members: (string[] | "*") & (string[] | "*" | undefined);
2700
+ permissions: {
2701
+ id: string;
2702
+ match: ("*" | {
2703
+ name?: string | undefined;
2704
+ actions?: string[] | undefined;
2705
+ resourceType?: string | undefined;
2706
+ }) & ("*" | {
2707
+ name?: string | undefined;
2708
+ actions?: string[] | undefined;
2709
+ resourceType?: string | undefined;
2710
+ } | undefined);
2711
+ decision: ("allow" | {
2712
+ pluginId: string;
2713
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2714
+ resourceType: string;
2715
+ } | "deny") & ("allow" | {
2716
+ pluginId: string;
2717
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2718
+ resourceType: string;
2719
+ } | "deny" | undefined);
2720
+ }[];
2721
+ }, {
2722
+ name: string;
2723
+ members: (string[] | "*") & (string[] | "*" | undefined);
2724
+ permissions: {
2725
+ match: ("*" | {
2726
+ name?: string | undefined;
2727
+ actions?: string[] | undefined;
2728
+ resourceType?: string | undefined;
2729
+ }) & ("*" | {
2730
+ name?: string | undefined;
2731
+ actions?: string[] | undefined;
2732
+ resourceType?: string | undefined;
2733
+ } | undefined);
2734
+ decision: ("allow" | {
2735
+ pluginId: string;
2736
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2737
+ resourceType: string;
2738
+ } | "deny") & ("allow" | {
2739
+ pluginId: string;
2740
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2741
+ resourceType: string;
2742
+ } | "deny" | undefined);
2743
+ id?: string | undefined;
2744
+ }[];
2745
+ id?: string | undefined;
2746
+ }>, "many">>, {
2747
+ id: string;
2748
+ name: string;
2749
+ members: (string[] | "*") & (string[] | "*" | undefined);
2750
+ permissions: {
2751
+ id: string;
2752
+ match: ("*" | {
2753
+ name?: string | undefined;
2754
+ actions?: string[] | undefined;
2755
+ resourceType?: string | undefined;
2756
+ }) & ("*" | {
2757
+ name?: string | undefined;
2758
+ actions?: string[] | undefined;
2759
+ resourceType?: string | undefined;
2760
+ } | undefined);
2761
+ decision: ("allow" | {
2762
+ pluginId: string;
2763
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2764
+ resourceType: string;
2765
+ } | "deny") & ("allow" | {
2766
+ pluginId: string;
2767
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2768
+ resourceType: string;
2769
+ } | "deny" | undefined);
2770
+ }[];
2771
+ }[], {
2772
+ name: string;
2773
+ members: (string[] | "*") & (string[] | "*" | undefined);
2774
+ permissions: {
2775
+ match: ("*" | {
2776
+ name?: string | undefined;
2777
+ actions?: string[] | undefined;
2778
+ resourceType?: string | undefined;
2779
+ }) & ("*" | {
2780
+ name?: string | undefined;
2781
+ actions?: string[] | undefined;
2782
+ resourceType?: string | undefined;
2783
+ } | undefined);
2784
+ decision: ("allow" | {
2785
+ pluginId: string;
2786
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2787
+ resourceType: string;
2788
+ } | "deny") & ("allow" | {
2789
+ pluginId: string;
2790
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2791
+ resourceType: string;
2792
+ } | "deny" | undefined);
2793
+ id?: string | undefined;
2794
+ }[];
2795
+ id?: string | undefined;
2796
+ }[] | undefined>>;
2797
+ }, "strip", z.ZodTypeAny, {
2798
+ name?: string | undefined;
2799
+ options?: {
2800
+ resolutionStrategy: "first-match" | "any-allow";
2801
+ } | undefined;
2802
+ roles?: {
2803
+ id: string;
2804
+ name: string;
2805
+ members: (string[] | "*") & (string[] | "*" | undefined);
2806
+ permissions: {
2807
+ id: string;
2808
+ match: ("*" | {
2809
+ name?: string | undefined;
2810
+ actions?: string[] | undefined;
2811
+ resourceType?: string | undefined;
2812
+ }) & ("*" | {
2813
+ name?: string | undefined;
2814
+ actions?: string[] | undefined;
2815
+ resourceType?: string | undefined;
2816
+ } | undefined);
2817
+ decision: ("allow" | {
2818
+ pluginId: string;
2819
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2820
+ resourceType: string;
2821
+ } | "deny") & ("allow" | {
2822
+ pluginId: string;
2823
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2824
+ resourceType: string;
2825
+ } | "deny" | undefined);
2826
+ }[];
2827
+ }[] | undefined;
2828
+ }, {
2829
+ name?: string | undefined;
2830
+ options?: {
2831
+ resolutionStrategy: "first-match" | "any-allow";
2832
+ } | undefined;
2833
+ roles?: {
2834
+ name: string;
2835
+ members: (string[] | "*") & (string[] | "*" | undefined);
2836
+ permissions: {
2837
+ match: ("*" | {
2838
+ name?: string | undefined;
2839
+ actions?: string[] | undefined;
2840
+ resourceType?: string | undefined;
2841
+ }) & ("*" | {
2842
+ name?: string | undefined;
2843
+ actions?: string[] | undefined;
2844
+ resourceType?: string | undefined;
2845
+ } | undefined);
2846
+ decision: ("allow" | {
2847
+ pluginId: string;
2848
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2849
+ resourceType: string;
2850
+ } | "deny") & ("allow" | {
2851
+ pluginId: string;
2852
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2853
+ resourceType: string;
2854
+ } | "deny" | undefined);
2855
+ id?: string | undefined;
2856
+ }[];
2857
+ id?: string | undefined;
2858
+ }[] | undefined;
2859
+ }>>;
2860
+ }, "strip", z.ZodTypeAny, {
2861
+ description?: string | undefined;
2862
+ update?: {
2863
+ name?: string | undefined;
2864
+ options?: {
2865
+ resolutionStrategy: "first-match" | "any-allow";
2866
+ } | undefined;
2867
+ roles?: {
2868
+ id: string;
2869
+ name: string;
2870
+ members: (string[] | "*") & (string[] | "*" | undefined);
2871
+ permissions: {
2872
+ id: string;
2873
+ match: ("*" | {
2874
+ name?: string | undefined;
2875
+ actions?: string[] | undefined;
2876
+ resourceType?: string | undefined;
2877
+ }) & ("*" | {
2878
+ name?: string | undefined;
2879
+ actions?: string[] | undefined;
2880
+ resourceType?: string | undefined;
2881
+ } | undefined);
2882
+ decision: ("allow" | {
2883
+ pluginId: string;
2884
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2885
+ resourceType: string;
2886
+ } | "deny") & ("allow" | {
2887
+ pluginId: string;
2888
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2889
+ resourceType: string;
2890
+ } | "deny" | undefined);
2891
+ }[];
2892
+ }[] | undefined;
2893
+ } | undefined;
2894
+ }, {
2895
+ description?: string | undefined;
2896
+ update?: {
2897
+ name?: string | undefined;
2898
+ options?: {
2899
+ resolutionStrategy: "first-match" | "any-allow";
2900
+ } | undefined;
2901
+ roles?: {
2902
+ name: string;
2903
+ members: (string[] | "*") & (string[] | "*" | undefined);
2904
+ permissions: {
2905
+ match: ("*" | {
2906
+ name?: string | undefined;
2907
+ actions?: string[] | undefined;
2908
+ resourceType?: string | undefined;
2909
+ }) & ("*" | {
2910
+ name?: string | undefined;
2911
+ actions?: string[] | undefined;
2912
+ resourceType?: string | undefined;
2913
+ } | undefined);
2914
+ decision: ("allow" | {
2915
+ pluginId: string;
2916
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2917
+ resourceType: string;
2918
+ } | "deny") & ("allow" | {
2919
+ pluginId: string;
2920
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2921
+ resourceType: string;
2922
+ } | "deny" | undefined);
2923
+ id?: string | undefined;
2924
+ }[];
2925
+ id?: string | undefined;
2926
+ }[] | undefined;
2927
+ } | undefined;
2928
+ }>;
2929
+ /** @public */
2930
+ declare const TestPolicyDecisionResponseParser: z.ZodObject<{
2931
+ decision: z.ZodUnion<[z.ZodObject<{
2932
+ result: z.ZodUnion<[z.ZodLiteral<_backstage_plugin_permission_common.AuthorizeResult.ALLOW>, z.ZodLiteral<_backstage_plugin_permission_common.AuthorizeResult.DENY>]>;
2933
+ }, "strip", z.ZodTypeAny, {
2934
+ result: _backstage_plugin_permission_common.AuthorizeResult.DENY | _backstage_plugin_permission_common.AuthorizeResult.ALLOW;
2935
+ }, {
2936
+ result: _backstage_plugin_permission_common.AuthorizeResult.DENY | _backstage_plugin_permission_common.AuthorizeResult.ALLOW;
2937
+ }>, z.ZodObject<{
2938
+ pluginId: z.ZodString;
2939
+ resourceType: z.ZodString;
2940
+ result: z.ZodLiteral<_backstage_plugin_permission_common.AuthorizeResult.CONDITIONAL>;
2941
+ conditions: z.ZodType<_backstage_plugin_permission_common.PermissionCriteria<_backstage_plugin_permission_common.PermissionCondition>, z.ZodTypeDef, _backstage_plugin_permission_common.PermissionCriteria<_backstage_plugin_permission_common.PermissionCondition>>;
2942
+ }, "strip", z.ZodTypeAny, {
2943
+ pluginId: string;
2944
+ result: _backstage_plugin_permission_common.AuthorizeResult.CONDITIONAL;
2945
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<_backstage_plugin_permission_common.PermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<_backstage_plugin_permission_common.PermissionCondition> | undefined);
2946
+ resourceType: string;
2947
+ }, {
2948
+ pluginId: string;
2949
+ result: _backstage_plugin_permission_common.AuthorizeResult.CONDITIONAL;
2950
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<_backstage_plugin_permission_common.PermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<_backstage_plugin_permission_common.PermissionCondition> | undefined);
2951
+ resourceType: string;
2952
+ }>]>;
2953
+ decisionOrigin: z.ZodArray<z.ZodObject<{
2954
+ decision: z.ZodUnion<[z.ZodUnion<[z.ZodLiteral<"allow">, z.ZodLiteral<"deny">]>, z.ZodObject<{
2955
+ pluginId: z.ZodString;
2956
+ resourceType: z.ZodString;
2957
+ conditions: z.ZodType<_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>, z.ZodTypeDef, _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>>;
2958
+ }, "strip", z.ZodTypeAny, {
2959
+ pluginId: string;
2960
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2961
+ resourceType: string;
2962
+ }, {
2963
+ pluginId: string;
2964
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2965
+ resourceType: string;
2966
+ }>]>;
2967
+ roleId: z.ZodDefault<z.ZodString>;
2968
+ rolePermissionId: z.ZodDefault<z.ZodString>;
2969
+ }, "strip", z.ZodTypeAny, {
2970
+ decision: ("allow" | {
2971
+ pluginId: string;
2972
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2973
+ resourceType: string;
2974
+ } | "deny") & ("allow" | {
2975
+ pluginId: string;
2976
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2977
+ resourceType: string;
2978
+ } | "deny" | undefined);
2979
+ roleId: string;
2980
+ rolePermissionId: string;
2981
+ }, {
2982
+ decision: ("allow" | {
2983
+ pluginId: string;
2984
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2985
+ resourceType: string;
2986
+ } | "deny") & ("allow" | {
2987
+ pluginId: string;
2988
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2989
+ resourceType: string;
2990
+ } | "deny" | undefined);
2991
+ roleId?: string | undefined;
2992
+ rolePermissionId?: string | undefined;
2993
+ }>, "many">;
2994
+ }, "strip", z.ZodTypeAny, {
2995
+ decision: {
2996
+ result: _backstage_plugin_permission_common.AuthorizeResult.DENY | _backstage_plugin_permission_common.AuthorizeResult.ALLOW;
2997
+ } | {
2998
+ pluginId: string;
2999
+ result: _backstage_plugin_permission_common.AuthorizeResult.CONDITIONAL;
3000
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<_backstage_plugin_permission_common.PermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<_backstage_plugin_permission_common.PermissionCondition> | undefined);
3001
+ resourceType: string;
3002
+ };
3003
+ decisionOrigin: {
3004
+ decision: ("allow" | {
3005
+ pluginId: string;
3006
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3007
+ resourceType: string;
3008
+ } | "deny") & ("allow" | {
3009
+ pluginId: string;
3010
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3011
+ resourceType: string;
3012
+ } | "deny" | undefined);
3013
+ roleId: string;
3014
+ rolePermissionId: string;
3015
+ }[];
3016
+ }, {
3017
+ decision: {
3018
+ result: _backstage_plugin_permission_common.AuthorizeResult.DENY | _backstage_plugin_permission_common.AuthorizeResult.ALLOW;
3019
+ } | {
3020
+ pluginId: string;
3021
+ result: _backstage_plugin_permission_common.AuthorizeResult.CONDITIONAL;
3022
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<_backstage_plugin_permission_common.PermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<_backstage_plugin_permission_common.PermissionCondition> | undefined);
3023
+ resourceType: string;
3024
+ };
3025
+ decisionOrigin: {
3026
+ decision: ("allow" | {
3027
+ pluginId: string;
3028
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3029
+ resourceType: string;
3030
+ } | "deny") & ("allow" | {
3031
+ pluginId: string;
3032
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3033
+ resourceType: string;
3034
+ } | "deny" | undefined);
3035
+ roleId?: string | undefined;
3036
+ rolePermissionId?: string | undefined;
3037
+ }[];
3038
+ }>;
3039
+ /** @public */
3040
+ declare const TestPolicyDecisionRequestParser: z.ZodObject<{
3041
+ permission: z.ZodUnion<[z.ZodObject<{
3042
+ type: z.ZodLiteral<"basic">;
3043
+ name: z.ZodString;
3044
+ attributes: z.ZodType<_backstage_plugin_permission_common.PermissionAttributes, z.ZodTypeDef, _backstage_plugin_permission_common.PermissionAttributes>;
3045
+ }, "strip", z.ZodTypeAny, {
3046
+ attributes: _backstage_plugin_permission_common.PermissionAttributes;
3047
+ name: string;
3048
+ type: "basic";
3049
+ }, {
3050
+ attributes: _backstage_plugin_permission_common.PermissionAttributes;
3051
+ name: string;
3052
+ type: "basic";
3053
+ }>, z.ZodObject<{
3054
+ type: z.ZodLiteral<"resource">;
3055
+ name: z.ZodString;
3056
+ attributes: z.ZodType<_backstage_plugin_permission_common.PermissionAttributes, z.ZodTypeDef, _backstage_plugin_permission_common.PermissionAttributes>;
3057
+ resourceType: z.ZodString;
3058
+ }, "strip", z.ZodTypeAny, {
3059
+ attributes: _backstage_plugin_permission_common.PermissionAttributes;
3060
+ name: string;
3061
+ type: "resource";
3062
+ resourceType: string;
3063
+ }, {
3064
+ attributes: _backstage_plugin_permission_common.PermissionAttributes;
3065
+ name: string;
3066
+ type: "resource";
3067
+ resourceType: string;
3068
+ }>]>;
3069
+ policyConfig: z.ZodObject<{
3070
+ name: z.ZodDefault<z.ZodString>;
3071
+ options: z.ZodDefault<z.ZodObject<{
3072
+ resolutionStrategy: z.ZodUnion<[z.ZodLiteral<"first-match">, z.ZodLiteral<"any-allow">]>;
3073
+ }, "strip", z.ZodTypeAny, {
3074
+ resolutionStrategy: "first-match" | "any-allow";
3075
+ }, {
3076
+ resolutionStrategy: "first-match" | "any-allow";
3077
+ }>>;
3078
+ roles: z.ZodEffects<z.ZodDefault<z.ZodArray<z.ZodObject<{
3079
+ name: z.ZodString;
3080
+ id: z.ZodDefault<z.ZodString>;
3081
+ members: z.ZodUnion<[z.ZodLiteral<"*">, z.ZodArray<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>, "many">]>;
3082
+ permissions: z.ZodEffects<z.ZodArray<z.ZodEffects<z.ZodObject<{
3083
+ id: z.ZodDefault<z.ZodString>;
3084
+ match: z.ZodUnion<[z.ZodLiteral<"*">, z.ZodObject<{
3085
+ name: z.ZodOptional<z.ZodString>;
3086
+ actions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
3087
+ resourceType: z.ZodOptional<z.ZodString>;
3088
+ }, "strip", z.ZodTypeAny, {
3089
+ name?: string | undefined;
3090
+ actions?: string[] | undefined;
3091
+ resourceType?: string | undefined;
3092
+ }, {
3093
+ name?: string | undefined;
3094
+ actions?: string[] | undefined;
3095
+ resourceType?: string | undefined;
3096
+ }>]>;
3097
+ decision: z.ZodUnion<[z.ZodUnion<[z.ZodLiteral<"allow">, z.ZodLiteral<"deny">]>, z.ZodObject<{
3098
+ pluginId: z.ZodString;
3099
+ resourceType: z.ZodString;
3100
+ conditions: z.ZodType<_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>, z.ZodTypeDef, _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>>;
3101
+ }, "strip", z.ZodTypeAny, {
3102
+ pluginId: string;
3103
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3104
+ resourceType: string;
3105
+ }, {
3106
+ pluginId: string;
3107
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3108
+ resourceType: string;
3109
+ }>]>;
3110
+ }, "strip", z.ZodTypeAny, {
3111
+ id: string;
3112
+ match: ("*" | {
3113
+ name?: string | undefined;
3114
+ actions?: string[] | undefined;
3115
+ resourceType?: string | undefined;
3116
+ }) & ("*" | {
3117
+ name?: string | undefined;
3118
+ actions?: string[] | undefined;
3119
+ resourceType?: string | undefined;
3120
+ } | undefined);
3121
+ decision: ("allow" | {
3122
+ pluginId: string;
3123
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3124
+ resourceType: string;
3125
+ } | "deny") & ("allow" | {
3126
+ pluginId: string;
3127
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3128
+ resourceType: string;
3129
+ } | "deny" | undefined);
3130
+ }, {
3131
+ match: ("*" | {
3132
+ name?: string | undefined;
3133
+ actions?: string[] | undefined;
3134
+ resourceType?: string | undefined;
3135
+ }) & ("*" | {
3136
+ name?: string | undefined;
3137
+ actions?: string[] | undefined;
3138
+ resourceType?: string | undefined;
3139
+ } | undefined);
3140
+ decision: ("allow" | {
3141
+ pluginId: string;
3142
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3143
+ resourceType: string;
3144
+ } | "deny") & ("allow" | {
3145
+ pluginId: string;
3146
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3147
+ resourceType: string;
3148
+ } | "deny" | undefined);
3149
+ id?: string | undefined;
3150
+ }>, {
3151
+ id: string;
3152
+ match: ("*" | {
3153
+ name?: string | undefined;
3154
+ actions?: string[] | undefined;
3155
+ resourceType?: string | undefined;
3156
+ }) & ("*" | {
3157
+ name?: string | undefined;
3158
+ actions?: string[] | undefined;
3159
+ resourceType?: string | undefined;
3160
+ } | undefined);
3161
+ decision: ("allow" | {
3162
+ pluginId: string;
3163
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3164
+ resourceType: string;
3165
+ } | "deny") & ("allow" | {
3166
+ pluginId: string;
3167
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3168
+ resourceType: string;
3169
+ } | "deny" | undefined);
3170
+ }, {
3171
+ match: ("*" | {
3172
+ name?: string | undefined;
3173
+ actions?: string[] | undefined;
3174
+ resourceType?: string | undefined;
3175
+ }) & ("*" | {
3176
+ name?: string | undefined;
3177
+ actions?: string[] | undefined;
3178
+ resourceType?: string | undefined;
3179
+ } | undefined);
3180
+ decision: ("allow" | {
3181
+ pluginId: string;
3182
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3183
+ resourceType: string;
3184
+ } | "deny") & ("allow" | {
3185
+ pluginId: string;
3186
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3187
+ resourceType: string;
3188
+ } | "deny" | undefined);
3189
+ id?: string | undefined;
3190
+ }>, "many">, {
3191
+ id: string;
3192
+ match: ("*" | {
3193
+ name?: string | undefined;
3194
+ actions?: string[] | undefined;
3195
+ resourceType?: string | undefined;
3196
+ }) & ("*" | {
3197
+ name?: string | undefined;
3198
+ actions?: string[] | undefined;
3199
+ resourceType?: string | undefined;
3200
+ } | undefined);
3201
+ decision: ("allow" | {
3202
+ pluginId: string;
3203
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3204
+ resourceType: string;
3205
+ } | "deny") & ("allow" | {
3206
+ pluginId: string;
3207
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3208
+ resourceType: string;
3209
+ } | "deny" | undefined);
3210
+ }[], {
3211
+ match: ("*" | {
3212
+ name?: string | undefined;
3213
+ actions?: string[] | undefined;
3214
+ resourceType?: string | undefined;
3215
+ }) & ("*" | {
3216
+ name?: string | undefined;
3217
+ actions?: string[] | undefined;
3218
+ resourceType?: string | undefined;
3219
+ } | undefined);
3220
+ decision: ("allow" | {
3221
+ pluginId: string;
3222
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3223
+ resourceType: string;
3224
+ } | "deny") & ("allow" | {
3225
+ pluginId: string;
3226
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3227
+ resourceType: string;
3228
+ } | "deny" | undefined);
3229
+ id?: string | undefined;
3230
+ }[]>;
3231
+ }, "strip", z.ZodTypeAny, {
3232
+ id: string;
3233
+ name: string;
3234
+ members: (string[] | "*") & (string[] | "*" | undefined);
3235
+ permissions: {
3236
+ id: string;
3237
+ match: ("*" | {
3238
+ name?: string | undefined;
3239
+ actions?: string[] | undefined;
3240
+ resourceType?: string | undefined;
3241
+ }) & ("*" | {
3242
+ name?: string | undefined;
3243
+ actions?: string[] | undefined;
3244
+ resourceType?: string | undefined;
3245
+ } | undefined);
3246
+ decision: ("allow" | {
3247
+ pluginId: string;
3248
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3249
+ resourceType: string;
3250
+ } | "deny") & ("allow" | {
3251
+ pluginId: string;
3252
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3253
+ resourceType: string;
3254
+ } | "deny" | undefined);
3255
+ }[];
3256
+ }, {
3257
+ name: string;
3258
+ members: (string[] | "*") & (string[] | "*" | undefined);
3259
+ permissions: {
3260
+ match: ("*" | {
3261
+ name?: string | undefined;
3262
+ actions?: string[] | undefined;
3263
+ resourceType?: string | undefined;
3264
+ }) & ("*" | {
3265
+ name?: string | undefined;
3266
+ actions?: string[] | undefined;
3267
+ resourceType?: string | undefined;
3268
+ } | undefined);
3269
+ decision: ("allow" | {
3270
+ pluginId: string;
3271
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3272
+ resourceType: string;
3273
+ } | "deny") & ("allow" | {
3274
+ pluginId: string;
3275
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3276
+ resourceType: string;
3277
+ } | "deny" | undefined);
3278
+ id?: string | undefined;
3279
+ }[];
3280
+ id?: string | undefined;
3281
+ }>, "many">>, {
3282
+ id: string;
3283
+ name: string;
3284
+ members: (string[] | "*") & (string[] | "*" | undefined);
3285
+ permissions: {
3286
+ id: string;
3287
+ match: ("*" | {
3288
+ name?: string | undefined;
3289
+ actions?: string[] | undefined;
3290
+ resourceType?: string | undefined;
3291
+ }) & ("*" | {
3292
+ name?: string | undefined;
3293
+ actions?: string[] | undefined;
3294
+ resourceType?: string | undefined;
3295
+ } | undefined);
3296
+ decision: ("allow" | {
3297
+ pluginId: string;
3298
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3299
+ resourceType: string;
3300
+ } | "deny") & ("allow" | {
3301
+ pluginId: string;
3302
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3303
+ resourceType: string;
3304
+ } | "deny" | undefined);
3305
+ }[];
3306
+ }[], {
3307
+ name: string;
3308
+ members: (string[] | "*") & (string[] | "*" | undefined);
3309
+ permissions: {
3310
+ match: ("*" | {
3311
+ name?: string | undefined;
3312
+ actions?: string[] | undefined;
3313
+ resourceType?: string | undefined;
3314
+ }) & ("*" | {
3315
+ name?: string | undefined;
3316
+ actions?: string[] | undefined;
3317
+ resourceType?: string | undefined;
3318
+ } | undefined);
3319
+ decision: ("allow" | {
3320
+ pluginId: string;
3321
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3322
+ resourceType: string;
3323
+ } | "deny") & ("allow" | {
3324
+ pluginId: string;
3325
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3326
+ resourceType: string;
3327
+ } | "deny" | undefined);
3328
+ id?: string | undefined;
3329
+ }[];
3330
+ id?: string | undefined;
3331
+ }[] | undefined>;
3332
+ }, "strip", z.ZodTypeAny, {
3333
+ name: string;
3334
+ options: {
3335
+ resolutionStrategy: "first-match" | "any-allow";
3336
+ };
3337
+ roles: {
3338
+ id: string;
3339
+ name: string;
3340
+ members: (string[] | "*") & (string[] | "*" | undefined);
3341
+ permissions: {
3342
+ id: string;
3343
+ match: ("*" | {
3344
+ name?: string | undefined;
3345
+ actions?: string[] | undefined;
3346
+ resourceType?: string | undefined;
3347
+ }) & ("*" | {
3348
+ name?: string | undefined;
3349
+ actions?: string[] | undefined;
3350
+ resourceType?: string | undefined;
3351
+ } | undefined);
3352
+ decision: ("allow" | {
3353
+ pluginId: string;
3354
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3355
+ resourceType: string;
3356
+ } | "deny") & ("allow" | {
3357
+ pluginId: string;
3358
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3359
+ resourceType: string;
3360
+ } | "deny" | undefined);
3361
+ }[];
3362
+ }[];
3363
+ }, {
3364
+ name?: string | undefined;
3365
+ options?: {
3366
+ resolutionStrategy: "first-match" | "any-allow";
3367
+ } | undefined;
3368
+ roles?: {
3369
+ name: string;
3370
+ members: (string[] | "*") & (string[] | "*" | undefined);
3371
+ permissions: {
3372
+ match: ("*" | {
3373
+ name?: string | undefined;
3374
+ actions?: string[] | undefined;
3375
+ resourceType?: string | undefined;
3376
+ }) & ("*" | {
3377
+ name?: string | undefined;
3378
+ actions?: string[] | undefined;
3379
+ resourceType?: string | undefined;
3380
+ } | undefined);
3381
+ decision: ("allow" | {
3382
+ pluginId: string;
3383
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3384
+ resourceType: string;
3385
+ } | "deny") & ("allow" | {
3386
+ pluginId: string;
3387
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3388
+ resourceType: string;
3389
+ } | "deny" | undefined);
3390
+ id?: string | undefined;
3391
+ }[];
3392
+ id?: string | undefined;
3393
+ }[] | undefined;
3394
+ }>;
3395
+ roleIds: z.ZodArray<z.ZodString, "many">;
3396
+ }, "strip", z.ZodTypeAny, {
3397
+ permission: {
3398
+ attributes: _backstage_plugin_permission_common.PermissionAttributes;
3399
+ name: string;
3400
+ type: "basic";
3401
+ } | {
3402
+ attributes: _backstage_plugin_permission_common.PermissionAttributes;
3403
+ name: string;
3404
+ type: "resource";
3405
+ resourceType: string;
3406
+ };
3407
+ policyConfig: {
3408
+ name: string;
3409
+ options: {
3410
+ resolutionStrategy: "first-match" | "any-allow";
3411
+ };
3412
+ roles: {
3413
+ id: string;
3414
+ name: string;
3415
+ members: (string[] | "*") & (string[] | "*" | undefined);
3416
+ permissions: {
3417
+ id: string;
3418
+ match: ("*" | {
3419
+ name?: string | undefined;
3420
+ actions?: string[] | undefined;
3421
+ resourceType?: string | undefined;
3422
+ }) & ("*" | {
3423
+ name?: string | undefined;
3424
+ actions?: string[] | undefined;
3425
+ resourceType?: string | undefined;
3426
+ } | undefined);
3427
+ decision: ("allow" | {
3428
+ pluginId: string;
3429
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3430
+ resourceType: string;
3431
+ } | "deny") & ("allow" | {
3432
+ pluginId: string;
3433
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3434
+ resourceType: string;
3435
+ } | "deny" | undefined);
3436
+ }[];
3437
+ }[];
3438
+ };
3439
+ roleIds: string[];
3440
+ }, {
3441
+ permission: {
3442
+ attributes: _backstage_plugin_permission_common.PermissionAttributes;
3443
+ name: string;
3444
+ type: "basic";
3445
+ } | {
3446
+ attributes: _backstage_plugin_permission_common.PermissionAttributes;
3447
+ name: string;
3448
+ type: "resource";
3449
+ resourceType: string;
3450
+ };
3451
+ policyConfig: {
3452
+ name?: string | undefined;
3453
+ options?: {
3454
+ resolutionStrategy: "first-match" | "any-allow";
3455
+ } | undefined;
3456
+ roles?: {
3457
+ name: string;
3458
+ members: (string[] | "*") & (string[] | "*" | undefined);
3459
+ permissions: {
3460
+ match: ("*" | {
3461
+ name?: string | undefined;
3462
+ actions?: string[] | undefined;
3463
+ resourceType?: string | undefined;
3464
+ }) & ("*" | {
3465
+ name?: string | undefined;
3466
+ actions?: string[] | undefined;
3467
+ resourceType?: string | undefined;
3468
+ } | undefined);
3469
+ decision: ("allow" | {
3470
+ pluginId: string;
3471
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3472
+ resourceType: string;
3473
+ } | "deny") & ("allow" | {
3474
+ pluginId: string;
3475
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3476
+ resourceType: string;
3477
+ } | "deny" | undefined);
3478
+ id?: string | undefined;
3479
+ }[];
3480
+ id?: string | undefined;
3481
+ }[] | undefined;
3482
+ };
3483
+ roleIds: string[];
3484
+ }>;
3485
+ /** @public */
3486
+ type CreateDraftRequest = z.input<typeof CreateDraftRequestParser>;
3487
+ /** @public */
3488
+ declare const DraftResponseParser: z.ZodObject<{
3489
+ id: z.ZodString;
3490
+ }, "strip", z.ZodTypeAny, {
3491
+ id: string;
3492
+ }, {
3493
+ id: string;
3494
+ }>;
3495
+ /** @public */
3496
+ type DraftResponse = z.input<typeof DraftResponseParser>;
3497
+ /** @public */
3498
+ type UpdateDraftRequest = z.input<typeof UpdateDraftRequestParser>;
3499
+ /** @public */
3500
+ type PublishVersionRequest = z.infer<typeof PublishVersionRequestParser>;
3501
+ /** @public */
3502
+ type TestPolicyDecisionResponse = z.infer<typeof TestPolicyDecisionResponseParser>;
3503
+ /** @public */
3504
+ type SearchMembersRequest = {
3505
+ query: string;
3506
+ };
3507
+ /** @public */
3508
+ declare const AuthorizeResponseParser: z.ZodObject<{
3509
+ authorized: z.ZodBoolean;
3510
+ }, "strip", z.ZodTypeAny, {
3511
+ authorized: boolean;
3512
+ }, {
3513
+ authorized: boolean;
3514
+ }>;
3515
+ /** @public */
3516
+ type AuthorizeResponse = z.infer<typeof AuthorizeResponseParser>;
3517
+ /** @public */
3518
+ declare const MemberResponseParser: z.ZodObject<{
3519
+ name: z.ZodOptional<z.ZodString>;
3520
+ type: z.ZodEnum<["user", "group", "all", "unknown"]>;
3521
+ entityRef: z.ZodString;
3522
+ }, "strip", z.ZodTypeAny, {
3523
+ entityRef: string;
3524
+ type: "user" | "unknown" | "all" | "group";
3525
+ name?: string | undefined;
3526
+ }, {
3527
+ entityRef: string;
3528
+ type: "user" | "unknown" | "all" | "group";
3529
+ name?: string | undefined;
3530
+ }>;
3531
+ /** @public */
3532
+ type MemberResponse = z.infer<typeof MemberResponseParser>;
3533
+ /** @public */
3534
+ type PolicyMember = {
3535
+ policyId: string;
3536
+ members: MemberResponse[];
3537
+ };
3538
+ /** @public */
3539
+ declare const SearchMemberResponseParser: z.ZodObject<{
3540
+ members: z.ZodArray<z.ZodObject<{
3541
+ name: z.ZodOptional<z.ZodString>;
3542
+ type: z.ZodEnum<["user", "group", "all", "unknown"]>;
3543
+ entityRef: z.ZodString;
3544
+ }, "strip", z.ZodTypeAny, {
3545
+ entityRef: string;
3546
+ type: "user" | "unknown" | "all" | "group";
3547
+ name?: string | undefined;
3548
+ }, {
3549
+ entityRef: string;
3550
+ type: "user" | "unknown" | "all" | "group";
3551
+ name?: string | undefined;
3552
+ }>, "many">;
3553
+ }, "strip", z.ZodTypeAny, {
3554
+ members: {
3555
+ entityRef: string;
3556
+ type: "user" | "unknown" | "all" | "group";
3557
+ name?: string | undefined;
3558
+ }[];
3559
+ }, {
3560
+ members: {
3561
+ entityRef: string;
3562
+ type: "user" | "unknown" | "all" | "group";
3563
+ name?: string | undefined;
3564
+ }[];
3565
+ }>;
3566
+ /** @public */
3567
+ type SearchMembersResponse = z.infer<typeof SearchMemberResponseParser>;
3568
+ /** @public */
3569
+ type PaginatedResponse<T> = {
3570
+ items: T[];
3571
+ nextCursor?: string;
3572
+ prevCursor?: string;
3573
+ totalItems: number;
3574
+ };
3575
+ /** @public */
3576
+ type PoliciesResponse = PaginatedResponse<Policy>;
3577
+ /** @public */
3578
+ declare const PolicyResponseParser: z.ZodObject<{
3579
+ items: z.ZodArray<z.ZodObject<{
3580
+ name: z.ZodDefault<z.ZodString>;
3581
+ options: z.ZodDefault<z.ZodObject<{
3582
+ resolutionStrategy: z.ZodUnion<[z.ZodLiteral<"first-match">, z.ZodLiteral<"any-allow">]>;
3583
+ }, "strip", z.ZodTypeAny, {
3584
+ resolutionStrategy: "first-match" | "any-allow";
3585
+ }, {
3586
+ resolutionStrategy: "first-match" | "any-allow";
3587
+ }>>;
3588
+ roles: z.ZodEffects<z.ZodDefault<z.ZodArray<z.ZodObject<{
3589
+ name: z.ZodString;
3590
+ id: z.ZodDefault<z.ZodString>;
3591
+ members: z.ZodUnion<[z.ZodLiteral<"*">, z.ZodArray<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>, "many">]>;
3592
+ permissions: z.ZodEffects<z.ZodArray<z.ZodEffects<z.ZodObject<{
3593
+ id: z.ZodDefault<z.ZodString>;
3594
+ match: z.ZodUnion<[z.ZodLiteral<"*">, z.ZodObject<{
3595
+ name: z.ZodOptional<z.ZodString>;
3596
+ actions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
3597
+ resourceType: z.ZodOptional<z.ZodString>;
3598
+ }, "strip", z.ZodTypeAny, {
3599
+ name?: string | undefined;
3600
+ actions?: string[] | undefined;
3601
+ resourceType?: string | undefined;
3602
+ }, {
3603
+ name?: string | undefined;
3604
+ actions?: string[] | undefined;
3605
+ resourceType?: string | undefined;
3606
+ }>]>;
3607
+ decision: z.ZodUnion<[z.ZodUnion<[z.ZodLiteral<"allow">, z.ZodLiteral<"deny">]>, z.ZodObject<{
3608
+ pluginId: z.ZodString;
3609
+ resourceType: z.ZodString;
3610
+ conditions: z.ZodType<_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>, z.ZodTypeDef, _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition>>;
3611
+ }, "strip", z.ZodTypeAny, {
3612
+ pluginId: string;
3613
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3614
+ resourceType: string;
3615
+ }, {
3616
+ pluginId: string;
3617
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
3618
+ resourceType: string;
3619
+ }>]>;
3620
+ }, "strip", z.ZodTypeAny, {
3621
+ id: string;
3622
+ match: ("*" | {
3623
+ name?: string | undefined;
3624
+ actions?: string[] | undefined;
3625
+ resourceType?: string | undefined;
3626
+ }) & ("*" | {
3627
+ name?: string | undefined;
3628
+ actions?: string[] | undefined;
3629
+ resourceType?: string | undefined;
3630
+ } | undefined);
3631
+ decision: ("allow" | {
3632
+ pluginId: string;
3633
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
2229
3634
  resourceType: string;
2230
3635
  } | "deny") & ("allow" | {
2231
3636
  pluginId: string;
@@ -2433,13 +3838,26 @@ declare const PublishVersionRequestParser: z.ZodObject<{
2433
3838
  id?: string | undefined;
2434
3839
  }[];
2435
3840
  id?: string | undefined;
2436
- }[] | undefined>>;
3841
+ }[] | undefined>;
3842
+ id: z.ZodString;
3843
+ createdAt: z.ZodString;
3844
+ createdBy: z.ZodString;
3845
+ updatedAt: z.ZodString;
3846
+ updatedBy: z.ZodString;
3847
+ description: z.ZodNullable<z.ZodOptional<z.ZodString>>;
3848
+ lastPublishedAt: z.ZodNullable<z.ZodOptional<z.ZodString>>;
3849
+ lastPublishedBy: z.ZodNullable<z.ZodOptional<z.ZodString>>;
3850
+ status: z.ZodEnum<["draft", "active", "inactive"]>;
2437
3851
  }, "strip", z.ZodTypeAny, {
2438
- name?: string | undefined;
2439
- options?: {
3852
+ id: string;
3853
+ name: string;
3854
+ status: "active" | "inactive" | "draft";
3855
+ createdBy: string;
3856
+ updatedBy: string;
3857
+ options: {
2440
3858
  resolutionStrategy: "first-match" | "any-allow";
2441
- } | undefined;
2442
- roles?: {
3859
+ };
3860
+ roles: {
2443
3861
  id: string;
2444
3862
  name: string;
2445
3863
  members: (string[] | "*") & (string[] | "*" | undefined);
@@ -2464,8 +3882,19 @@ declare const PublishVersionRequestParser: z.ZodObject<{
2464
3882
  resourceType: string;
2465
3883
  } | "deny" | undefined);
2466
3884
  }[];
2467
- }[] | undefined;
3885
+ }[];
3886
+ createdAt: string;
3887
+ updatedAt: string;
3888
+ description?: string | null | undefined;
3889
+ lastPublishedAt?: string | null | undefined;
3890
+ lastPublishedBy?: string | null | undefined;
2468
3891
  }, {
3892
+ id: string;
3893
+ status: "active" | "inactive" | "draft";
3894
+ createdBy: string;
3895
+ updatedBy: string;
3896
+ createdAt: string;
3897
+ updatedAt: string;
2469
3898
  name?: string | undefined;
2470
3899
  options?: {
2471
3900
  resolutionStrategy: "first-match" | "any-allow";
@@ -2496,15 +3925,24 @@ declare const PublishVersionRequestParser: z.ZodObject<{
2496
3925
  }[];
2497
3926
  id?: string | undefined;
2498
3927
  }[] | undefined;
2499
- }>>;
3928
+ description?: string | null | undefined;
3929
+ lastPublishedAt?: string | null | undefined;
3930
+ lastPublishedBy?: string | null | undefined;
3931
+ }>, "many">;
3932
+ nextCursor: z.ZodOptional<z.ZodString>;
3933
+ prevCursor: z.ZodOptional<z.ZodString>;
3934
+ totalItems: z.ZodNumber;
2500
3935
  }, "strip", z.ZodTypeAny, {
2501
- description?: string | undefined;
2502
- update?: {
2503
- name?: string | undefined;
2504
- options?: {
3936
+ items: {
3937
+ id: string;
3938
+ name: string;
3939
+ status: "active" | "inactive" | "draft";
3940
+ createdBy: string;
3941
+ updatedBy: string;
3942
+ options: {
2505
3943
  resolutionStrategy: "first-match" | "any-allow";
2506
- } | undefined;
2507
- roles?: {
3944
+ };
3945
+ roles: {
2508
3946
  id: string;
2509
3947
  name: string;
2510
3948
  members: (string[] | "*") & (string[] | "*" | undefined);
@@ -2529,11 +3967,24 @@ declare const PublishVersionRequestParser: z.ZodObject<{
2529
3967
  resourceType: string;
2530
3968
  } | "deny" | undefined);
2531
3969
  }[];
2532
- }[] | undefined;
2533
- } | undefined;
3970
+ }[];
3971
+ createdAt: string;
3972
+ updatedAt: string;
3973
+ description?: string | null | undefined;
3974
+ lastPublishedAt?: string | null | undefined;
3975
+ lastPublishedBy?: string | null | undefined;
3976
+ }[];
3977
+ totalItems: number;
3978
+ nextCursor?: string | undefined;
3979
+ prevCursor?: string | undefined;
2534
3980
  }, {
2535
- description?: string | undefined;
2536
- update?: {
3981
+ items: {
3982
+ id: string;
3983
+ status: "active" | "inactive" | "draft";
3984
+ createdBy: string;
3985
+ updatedBy: string;
3986
+ createdAt: string;
3987
+ updatedAt: string;
2537
3988
  name?: string | undefined;
2538
3989
  options?: {
2539
3990
  resolutionStrategy: "first-match" | "any-allow";
@@ -2564,49 +4015,39 @@ declare const PublishVersionRequestParser: z.ZodObject<{
2564
4015
  }[];
2565
4016
  id?: string | undefined;
2566
4017
  }[] | undefined;
2567
- } | undefined;
2568
- }>;
2569
- /** @public */
2570
- type CreateDraftRequest = z.input<typeof CreateDraftRequestParser>;
2571
- /** @public */
2572
- type UpdateDraftRequest = z.input<typeof UpdateDraftRequestParser>;
2573
- /** @public */
2574
- type PublishVersionRequest = z.infer<typeof PublishVersionRequestParser>;
2575
- /** @public */
2576
- type SearchMembersRequest = {
2577
- query: string;
2578
- };
2579
- /** @public */
2580
- type AuthorizeResponse = {
2581
- authorized: boolean;
2582
- };
2583
- /** @public */
2584
- type MemberResponse = {
2585
- name?: string;
2586
- type: 'user' | 'group' | 'all' | 'unknown';
2587
- entityRef: string;
2588
- };
2589
- /** @public */
2590
- type PolicyMember = {
2591
- policyId: string;
2592
- members: MemberResponse[];
2593
- };
2594
- /** @public */
2595
- type SearchMembersResponse = {
2596
- members: MemberResponse[];
2597
- };
2598
- /** @public */
2599
- type PaginatedResponse<T> = {
2600
- items: T[];
2601
- nextCursor?: string;
2602
- prevCursor?: string;
4018
+ description?: string | null | undefined;
4019
+ lastPublishedAt?: string | null | undefined;
4020
+ lastPublishedBy?: string | null | undefined;
4021
+ }[];
2603
4022
  totalItems: number;
2604
- };
2605
- /** @public */
2606
- type PoliciesResponse = PaginatedResponse<Policy>;
4023
+ nextCursor?: string | undefined;
4024
+ prevCursor?: string | undefined;
4025
+ }>;
2607
4026
 
2608
4027
  /** @public */
2609
4028
  declare const isMatchingPermission: (permission: Permission, match: PermissionMatch) => boolean;
4029
+ /** @public */
4030
+ declare const getMatchingRolePermissions: (role: Role, permission: Permission) => {
4031
+ id: string;
4032
+ match: ("*" | {
4033
+ name?: string | undefined;
4034
+ actions?: string[] | undefined;
4035
+ resourceType?: string | undefined;
4036
+ }) & ("*" | {
4037
+ name?: string | undefined;
4038
+ actions?: string[] | undefined;
4039
+ resourceType?: string | undefined;
4040
+ } | undefined);
4041
+ decision: ("allow" | {
4042
+ pluginId: string;
4043
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
4044
+ resourceType: string;
4045
+ } | "deny") & ("allow" | {
4046
+ pluginId: string;
4047
+ conditions: _backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> & (_backstage_plugin_permission_common.PermissionCriteria<RBACPermissionCondition> | undefined);
4048
+ resourceType: string;
4049
+ } | "deny" | undefined);
4050
+ }[];
2610
4051
  /**
2611
4052
  * Compares a user entity ref to an entry from a list of
2612
4053
  * policy members. The two refs must either match exactly,
@@ -2622,4 +4063,4 @@ type MapParamsCallback = (param: PermissionRuleParam) => PermissionRuleParam;
2622
4063
  /** @public */
2623
4064
  declare function mapParams(params: PermissionRuleParams, cb: MapParamsCallback): PermissionRuleParams;
2624
4065
 
2625
- export { AuthorizeResponse, BackstageUserPlaceholder, ConditionalDecision, ConditionalDecisionParser, CreateDraftRequest, CreateDraftRequestParser, DefaultingPolicyConfigParser, LiteralDecision, LiteralDecisionParser, MapParamsCallback, MemberResponse, PaginatedResponse, PermissionConditionParser, PermissionDecision, PermissionDecisionParser, PermissionMatch, PermissionMatchParser, PoliciesResponse, Policy, PolicyConfig, PolicyConfigOptions, PolicyConfigOptionsParser, PolicyConfigParser, PolicyDefaultName, PolicyMember, PolicyRoleResolutionStrategy, PolicyRoleResolutionStrategyParser, PolicyTitleParser, PublishVersionRequest, PublishVersionRequestParser, RBACPermissionCondition, RawPolicyConfig, RawRole, Role, RoleParser, RolePermission, RolePermissionParser, RolePermissions, RolePermissionsParser, RolesParser, SearchMembersRequest, SearchMembersResponse, UpdateDraftRequest, UpdateDraftRequestParser, isAllOfPermissionCriteria, isAnyOfPermissionCriteria, isConditionalDecision, isMatchingPermission, isNotPermissionCriteria, mapParams, matchesEntityRef };
4066
+ export { AuthorizeResponse, AuthorizeResponseParser, BackstageUserPlaceholder, ConditionalDecision, ConditionalDecisionParser, CreateDraftRequest, CreateDraftRequestParser, DefaultingPolicyConfigParser, DraftResponse, DraftResponseParser, LiteralDecision, LiteralDecisionParser, MapParamsCallback, MemberResponse, MemberResponseParser, PaginatedResponse, PermissionConditionParser, PermissionDecision, PermissionDecisionParser, PermissionMatch, PermissionMatchParser, PoliciesResponse, Policy, PolicyConfig, PolicyConfigOptions, PolicyConfigOptionsParser, PolicyConfigParser, PolicyDefaultName, PolicyMember, PolicyParser, PolicyResponseParser, PolicyRoleResolutionStrategy, PolicyRoleResolutionStrategyParser, PolicyTitleParser, PublishVersionRequest, PublishVersionRequestParser, RBACPermissionCondition, RawPolicyConfig, RawRole, Role, RoleDecision, RoleDecisionParser, RoleParser, RolePermission, RolePermissionParser, RolePermissions, RolePermissionsParser, RolesParser, SearchMemberResponseParser, SearchMembersRequest, SearchMembersResponse, TestPolicyDecisionRequestParser, TestPolicyDecisionResponse, TestPolicyDecisionResponseParser, UpdateDraftRequest, UpdateDraftRequestParser, getMatchingRolePermissions, isAllOfPermissionCriteria, isAnyOfPermissionCriteria, isConditionalDecision, isMatchingPermission, isNotPermissionCriteria, mapParams, matchesEntityRef };