@toa.io/extensions.exposition 1.0.0-alpha.10 → 1.0.0-alpha.12

package/components/identity.roles/manifest.toa.yaml

@@ -4,10 +4,10 @@ name: roles
 entity:
   schema:
     identity*: string
-    role*: /^[a-zA-Z0-9]{1,16}(:[a-zA-Z0-9]{1,16}){0,8}$/
+    role*: /^[a-zA-Z0-9]{1,32}(:[a-zA-Z0-9]{1,32}){0,8}$/
     delegator: string
   unique:
-    unique: [identity, role]
+    role: [identity, role]
 
 operations:
   grant:
@@ -26,16 +26,17 @@ operations:
 
 receivers:
   identity.basic.principal: principal
+  identity.federation.principal: principal
 
 exposition:
   isolated: true
   /:identity:
     auth:role: system:identity:roles
-    auth:rule:
-      delegate: delegator
-      role: system:identity:roles:delegation
     POST:
       io:output: [id]
+      auth:rule:
+        delegate: delegator
+        role: system:identity:roles:delegation
       endpoint: grant
     GET:
       io:output: true # array of strings

package/documentation/protocol.md

@@ -72,6 +72,9 @@ The following request headers are allowed:
 - `accept`
 - `authorization`
 - `content-type`
+- `etag`
+- `if-match`
+- `if-none-match`
 - headers used by the [`vary:embed` directive](vary.md#embeddings)
 
 The following response headers are exposed:

package/features/identity.federation.feature

@@ -37,6 +37,7 @@ Feature: Identity Federation
     Then the following reply is sent:
       """
       200 OK
+
       id: ${{ User.id }}
       """
     # ensuring identity idempotency
@@ -49,6 +50,7 @@ Feature: Identity Federation
     Then the following reply is sent:
       """
       200 OK
+
       id: ${{ User.id }}
       """
 
@@ -151,3 +153,45 @@ Feature: Identity Federation
       """
       403 Forbidden
       """
+
+  Scenario: Granting a `system` role to a Principal
+    Given the `identity.federation` configuration:
+      """yaml
+      explicit_identity_creation: false
+      trust:
+        - issuer: http://localhost:44444
+      principal:
+        iss: http://localhost:44444
+        sub: root-mock-id
+      """
+    And the IDP token for root is issued
+    When the following request is received:
+      """
+      GET /identity/ HTTP/1.1
+      authorization: Bearer ${{ root.id_token }}
+      accept: application/yaml
+      content-type: application/yaml
+      """
+    # create an identity
+    Then the following reply is sent:
+      """
+      200 OK
+      authorization: Token ${{ root.token }}
+
+      id: ${{ root.id }}
+      """
+    # check the role
+    When the following request is received:
+      """
+      GET /identity/ HTTP/1.1
+      accept: application/yaml
+      authorization: Token ${{ root.token }}
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+
+      id: ${{ root.id }}
+      roles:
+        - system
+      """

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@toa.io/extensions.exposition",
-  "version": "1.0.0-alpha.10",
+  "version": "1.0.0-alpha.12",
   "description": "Toa Exposition",
   "author": "temich <tema.gurtovoy@gmail.com>",
   "homepage": "https://github.com/toa-io/toa#readme",
@@ -17,9 +17,9 @@
     "access": "public"
   },
   "dependencies": {
-    "@toa.io/core": "1.0.0-alpha.10",
-    "@toa.io/generic": "1.0.0-alpha.10",
-    "@toa.io/schemas": "1.0.0-alpha.10",
+    "@toa.io/core": "1.0.0-alpha.12",
+    "@toa.io/generic": "1.0.0-alpha.12",
+    "@toa.io/schemas": "1.0.0-alpha.12",
     "bcryptjs": "2.4.3",
     "error-value": "0.3.0",
     "js-yaml": "4.1.0",
@@ -43,11 +43,11 @@
     "features": "cucumber-js"
   },
   "devDependencies": {
-    "@toa.io/agent": "1.0.0-alpha.10",
-    "@toa.io/extensions.storages": "1.0.0-alpha.10",
+    "@toa.io/agent": "1.0.0-alpha.12",
+    "@toa.io/extensions.storages": "1.0.0-alpha.12",
     "@types/bcryptjs": "2.4.3",
     "@types/cors": "2.8.13",
     "@types/negotiator": "0.6.1"
   },
-  "gitHead": "472d582389fbfbfe6804cf01683276ce2cc45bf2"
+  "gitHead": "897206fbcf724fa88f427b6aee35bff571b2a3a1"
 }