@uipath/authz-tool 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +43 -0
- package/dist/index.js +32652 -0
- package/dist/tool.js +30557 -0
- package/package.json +39 -0
package/README.md
ADDED
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
# Authz Tool
|
|
2
|
+
|
|
3
|
+
CLI plugin for the UiPath Authorization service.
|
|
4
|
+
|
|
5
|
+
Composed under `admin-tool`. The tool registers its commands under a single `authorization` subject group, so users invoke them as `uip admin authorization <subject> <verb>`.
|
|
6
|
+
|
|
7
|
+
## Command tree
|
|
8
|
+
|
|
9
|
+
```
|
|
10
|
+
uip admin authorization
|
|
11
|
+
├── roles
|
|
12
|
+
│ ├── list [--limit] [--offset] [--filter] [--service] [--scope-type] [--role-type] [--tenant-id <guid>]
|
|
13
|
+
│ ├── get <id>
|
|
14
|
+
│ ├── create --file <path>
|
|
15
|
+
│ ├── update <id> --file <path>
|
|
16
|
+
│ ├── delete <id>
|
|
17
|
+
│ └── assignments
|
|
18
|
+
│ ├── list [--limit] [--offset] [--service] [--identity-id]
|
|
19
|
+
│ ├── create --file <path> # JSON array of AddRoleAssignmentRequest
|
|
20
|
+
│ └── delete --file <path> # JSON array of assignment-id strings
|
|
21
|
+
├── permissions
|
|
22
|
+
│ └── list [--service] [--scope-type]
|
|
23
|
+
└── check-access [--file <path> | --identity-id <guid> --scope-type <Tenant|Folder> --scope-id <guid> [--parent-folder-id <guid>]]
|
|
24
|
+
```
|
|
25
|
+
|
|
26
|
+
## Subjects
|
|
27
|
+
|
|
28
|
+
- `roles` — custom role CRUD on the Policy Administration Point (PAP), with one nested group:
|
|
29
|
+
- `roles assignments` — `list` / `create` / `delete` who-has-what-role.
|
|
30
|
+
- `permissions list` — read-only catalog of permission definitions.
|
|
31
|
+
- `check-access` — compute the effective permissions a security principal has within a tenant or folder scope, via the Policy Decision Point (PDP).
|
|
32
|
+
|
|
33
|
+
## Policy CRUD
|
|
34
|
+
|
|
35
|
+
Policy management (`policies list/get/create/update/delete/evaluate`) lives under `uip gov access-policy …`, not here, even though both tools target the same authz-sdk swagger. This split keeps the existing `uip gov` namespace stable.
|
|
36
|
+
|
|
37
|
+
## Conventions
|
|
38
|
+
|
|
39
|
+
- Authenticated via `uip login`.
|
|
40
|
+
- Mutating commands (and most query commands) take `--file <path>` carrying the matching SDK request DTO as JSON.
|
|
41
|
+
- `assignments create` expects an array of `AddRoleAssignmentRequest` objects; the tool wraps it as `{roleAssignmentsToAdd: [...], roleAssignmentsToDelete: []}` and POSTs to the bulk-update endpoint.
|
|
42
|
+
- `assignments delete` expects an array of assignment-id strings; the tool wraps it as `{roleAssignmentsToAdd: [], roleAssignmentsToDelete: [...]}` and POSTs to the same endpoint.
|
|
43
|
+
- `check-access` bypasses the SDK method because the source swagger does not declare a `requestBody`; the tool POSTs directly via the SDK's resolved `Configuration.basePath` and bearer token.
|