@xen-orchestra/acl 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (86) hide show
  1. package/dist/actions/acl-privilege.d.mts +12 -0
  2. package/dist/actions/acl-privilege.mjs +11 -0
  3. package/dist/actions/acl-role.d.mts +12 -0
  4. package/dist/actions/acl-role.mjs +11 -0
  5. package/dist/actions/alarm.d.mts +4 -0
  6. package/dist/actions/alarm.mjs +3 -0
  7. package/dist/actions/backup-archive.d.mts +4 -0
  8. package/dist/actions/backup-archive.mjs +3 -0
  9. package/dist/actions/backup-job.d.mts +4 -0
  10. package/dist/actions/backup-job.mjs +3 -0
  11. package/dist/actions/backup-log.d.mts +4 -0
  12. package/dist/actions/backup-log.mjs +3 -0
  13. package/dist/actions/backup-repository.d.mts +4 -0
  14. package/dist/actions/backup-repository.mjs +3 -0
  15. package/dist/actions/gpuGroup.d.mts +4 -0
  16. package/dist/actions/gpuGroup.mjs +3 -0
  17. package/dist/actions/group.d.mts +10 -0
  18. package/dist/actions/group.mjs +9 -0
  19. package/dist/actions/host.d.mts +11 -0
  20. package/dist/actions/host.mjs +10 -0
  21. package/dist/actions/index.d.mts +225 -0
  22. package/dist/actions/index.mjs +79 -0
  23. package/dist/actions/message.d.mts +4 -0
  24. package/dist/actions/message.mjs +3 -0
  25. package/dist/actions/network.d.mts +9 -0
  26. package/dist/actions/network.mjs +8 -0
  27. package/dist/actions/pbd.d.mts +4 -0
  28. package/dist/actions/pbd.mjs +3 -0
  29. package/dist/actions/pci.d.mts +4 -0
  30. package/dist/actions/pci.mjs +3 -0
  31. package/dist/actions/pgpu.d.mts +4 -0
  32. package/dist/actions/pgpu.mjs +3 -0
  33. package/dist/actions/pif.d.mts +4 -0
  34. package/dist/actions/pif.mjs +3 -0
  35. package/dist/actions/pool.d.mts +14 -0
  36. package/dist/actions/pool.mjs +13 -0
  37. package/dist/actions/proxy.d.mts +4 -0
  38. package/dist/actions/proxy.mjs +3 -0
  39. package/dist/actions/restore-log.d.mts +4 -0
  40. package/dist/actions/restore-log.mjs +3 -0
  41. package/dist/actions/schedule.d.mts +5 -0
  42. package/dist/actions/schedule.mjs +4 -0
  43. package/dist/actions/server.d.mts +8 -0
  44. package/dist/actions/server.mjs +7 -0
  45. package/dist/actions/sm.d.mts +4 -0
  46. package/dist/actions/sm.mjs +3 -0
  47. package/dist/actions/sr.d.mts +11 -0
  48. package/dist/actions/sr.mjs +10 -0
  49. package/dist/actions/task.d.mts +6 -0
  50. package/dist/actions/task.mjs +5 -0
  51. package/dist/actions/user.d.mts +12 -0
  52. package/dist/actions/user.mjs +11 -0
  53. package/dist/actions/vbd.d.mts +4 -0
  54. package/dist/actions/vbd.mjs +3 -0
  55. package/dist/actions/vdi-snapshot.d.mts +4 -0
  56. package/dist/actions/vdi-snapshot.mjs +3 -0
  57. package/dist/actions/vdi-unmanaged.d.mts +4 -0
  58. package/dist/actions/vdi-unmanaged.mjs +3 -0
  59. package/dist/actions/vdi.d.mts +12 -0
  60. package/dist/actions/vdi.mjs +11 -0
  61. package/dist/actions/vgpu.d.mts +4 -0
  62. package/dist/actions/vgpu.mjs +3 -0
  63. package/dist/actions/vgpuType.d.mts +4 -0
  64. package/dist/actions/vgpuType.mjs +3 -0
  65. package/dist/actions/vif.d.mts +5 -0
  66. package/dist/actions/vif.mjs +4 -0
  67. package/dist/actions/vm-controller.d.mts +7 -0
  68. package/dist/actions/vm-controller.mjs +6 -0
  69. package/dist/actions/vm-snapshot.d.mts +9 -0
  70. package/dist/actions/vm-snapshot.mjs +8 -0
  71. package/dist/actions/vm-template.d.mts +10 -0
  72. package/dist/actions/vm-template.mjs +9 -0
  73. package/dist/actions/vm.d.mts +24 -0
  74. package/dist/actions/vm.mjs +23 -0
  75. package/dist/actions/vtpm.d.mts +4 -0
  76. package/dist/actions/vtpm.mjs +3 -0
  77. package/dist/class/privilege.d.mts +25 -0
  78. package/dist/class/privilege.mjs +76 -0
  79. package/dist/generated/privilege-types.d.mts +378 -0
  80. package/dist/generated/privilege-types.mjs +5 -0
  81. package/dist/index.d.mts +40 -0
  82. package/dist/index.mjs +97 -0
  83. package/dist/tests/acl.test.d.mts +1 -0
  84. package/package.json +47 -0
  85. package/scripts/generate-types.mjs +55 -0
  86. package/tsconfig.json +19 -0
@@ -0,0 +1,5 @@
1
+ export default {
2
+ abort: true,
3
+ delete: true,
4
+ read: true,
5
+ };
@@ -0,0 +1,12 @@
1
+ declare const _default: {
2
+ create: boolean;
3
+ delete: boolean;
4
+ read: boolean;
5
+ update: {
6
+ name: boolean;
7
+ password: boolean;
8
+ permission: boolean;
9
+ preferences: boolean;
10
+ };
11
+ };
12
+ export default _default;
@@ -0,0 +1,11 @@
1
+ export default {
2
+ create: true,
3
+ delete: true,
4
+ read: true,
5
+ update: {
6
+ name: true,
7
+ password: true,
8
+ permission: true,
9
+ preferences: true,
10
+ },
11
+ };
@@ -0,0 +1,4 @@
1
+ declare const _default: {
2
+ read: boolean;
3
+ };
4
+ export default _default;
@@ -0,0 +1,3 @@
1
+ export default {
2
+ read: true,
3
+ };
@@ -0,0 +1,4 @@
1
+ declare const _default: {
2
+ read: boolean;
3
+ };
4
+ export default _default;
@@ -0,0 +1,3 @@
1
+ export default {
2
+ read: true,
3
+ };
@@ -0,0 +1,4 @@
1
+ declare const _default: {
2
+ read: boolean;
3
+ };
4
+ export default _default;
@@ -0,0 +1,3 @@
1
+ export default {
2
+ read: true,
3
+ };
@@ -0,0 +1,12 @@
1
+ declare const _default: {
2
+ boot: boolean;
3
+ create: boolean;
4
+ delete: boolean;
5
+ 'export-content': boolean;
6
+ 'import-content': boolean;
7
+ read: boolean;
8
+ update: {
9
+ tags: boolean;
10
+ };
11
+ };
12
+ export default _default;
@@ -0,0 +1,11 @@
1
+ export default {
2
+ boot: true,
3
+ create: true,
4
+ delete: true,
5
+ 'export-content': true,
6
+ 'import-content': true,
7
+ read: true,
8
+ update: {
9
+ tags: true,
10
+ },
11
+ };
@@ -0,0 +1,4 @@
1
+ declare const _default: {
2
+ read: boolean;
3
+ };
4
+ export default _default;
@@ -0,0 +1,3 @@
1
+ export default {
2
+ read: true,
3
+ };
@@ -0,0 +1,4 @@
1
+ declare const _default: {
2
+ read: boolean;
3
+ };
4
+ export default _default;
@@ -0,0 +1,3 @@
1
+ export default {
2
+ read: true,
3
+ };
@@ -0,0 +1,5 @@
1
+ declare const _default: {
2
+ read: boolean;
3
+ create: boolean;
4
+ };
5
+ export default _default;
@@ -0,0 +1,4 @@
1
+ export default {
2
+ read: true,
3
+ create: true,
4
+ };
@@ -0,0 +1,7 @@
1
+ declare const _default: {
2
+ read: boolean;
3
+ update: {
4
+ tags: boolean;
5
+ };
6
+ };
7
+ export default _default;
@@ -0,0 +1,6 @@
1
+ export default {
2
+ read: true,
3
+ update: {
4
+ tags: true,
5
+ },
6
+ };
@@ -0,0 +1,9 @@
1
+ declare const _default: {
2
+ delete: boolean;
3
+ export: boolean;
4
+ read: boolean;
5
+ update: {
6
+ tags: boolean;
7
+ };
8
+ };
9
+ export default _default;
@@ -0,0 +1,8 @@
1
+ export default {
2
+ delete: true,
3
+ export: true,
4
+ read: true,
5
+ update: {
6
+ tags: true,
7
+ },
8
+ };
@@ -0,0 +1,10 @@
1
+ declare const _default: {
2
+ delete: boolean;
3
+ export: boolean;
4
+ instantiate: boolean;
5
+ read: boolean;
6
+ update: {
7
+ tags: boolean;
8
+ };
9
+ };
10
+ export default _default;
@@ -0,0 +1,9 @@
1
+ export default {
2
+ delete: true,
3
+ export: true,
4
+ instantiate: true,
5
+ read: true,
6
+ update: {
7
+ tags: true,
8
+ },
9
+ };
@@ -0,0 +1,24 @@
1
+ declare const _default: {
2
+ delete: boolean;
3
+ export: boolean;
4
+ pause: boolean;
5
+ read: boolean;
6
+ reboot: {
7
+ clean: boolean;
8
+ hard: boolean;
9
+ };
10
+ resume: boolean;
11
+ shutdown: {
12
+ clean: boolean;
13
+ hard: boolean;
14
+ };
15
+ snapshot: boolean;
16
+ start: boolean;
17
+ suspend: boolean;
18
+ unpause: boolean;
19
+ update: {
20
+ datasources: boolean;
21
+ tags: boolean;
22
+ };
23
+ };
24
+ export default _default;
@@ -0,0 +1,23 @@
1
+ export default {
2
+ delete: true,
3
+ export: true,
4
+ pause: true,
5
+ read: true,
6
+ reboot: {
7
+ clean: true,
8
+ hard: true,
9
+ },
10
+ resume: true,
11
+ shutdown: {
12
+ clean: true,
13
+ hard: true,
14
+ },
15
+ snapshot: true,
16
+ start: true,
17
+ suspend: true,
18
+ unpause: true,
19
+ update: {
20
+ datasources: true,
21
+ tags: true,
22
+ },
23
+ };
@@ -0,0 +1,4 @@
1
+ declare const _default: {
2
+ read: boolean;
3
+ };
4
+ export default _default;
@@ -0,0 +1,3 @@
1
+ export default {
2
+ read: true,
3
+ };
@@ -0,0 +1,25 @@
1
+ import type { XoAclPrivilege, XoAclSupportedActions, XoAclSupportedResource } from '@vates/types/lib/xen-orchestra/acl';
2
+ import { SUPPORTED_ACTIONS_BY_RESOURCE } from '../actions/index.mjs';
3
+ export type SupportedActionsByResource = typeof SUPPORTED_ACTIONS_BY_RESOURCE;
4
+ export type SupportedResource = XoAclSupportedResource<SupportedActionsByResource>;
5
+ export type SupportedActions<T extends SupportedResource> = XoAclSupportedActions<SupportedActionsByResource, T>;
6
+ export type TPrivilege<T extends SupportedResource> = XoAclPrivilege<SupportedActionsByResource, T>;
7
+ export declare class Privilege<T extends SupportedResource> {
8
+ #private;
9
+ constructor({ action, selector, resource, effect, }: {
10
+ action: TPrivilege<T>['action'];
11
+ selector?: TPrivilege<T>['selector'];
12
+ resource: TPrivilege<T>['resource'];
13
+ effect: TPrivilege<T>['effect'];
14
+ });
15
+ get effect(): "allow" | "deny";
16
+ match<Resource extends SupportedResource = T>(constraint: {
17
+ action: SupportedActions<Resource>;
18
+ resource: Resource;
19
+ object: object;
20
+ }): boolean;
21
+ /**
22
+ * Throw if action not supported
23
+ */
24
+ static checkActionIsValid<T extends SupportedResource>(resource: T, action: SupportedActions<T>): void;
25
+ }
@@ -0,0 +1,76 @@
1
+ import * as CM from 'complex-matcher';
2
+ import { SUPPORTED_ACTIONS_BY_RESOURCE } from '../actions/index.mjs';
3
+ export class Privilege {
4
+ #action;
5
+ #selector;
6
+ #resource;
7
+ #effect;
8
+ constructor({ action, selector, resource, effect, }) {
9
+ Privilege.checkActionIsValid(resource, action);
10
+ this.#action = action;
11
+ this.#selector = selector !== undefined ? CM.parse(selector).createPredicate() : undefined;
12
+ this.#resource = resource;
13
+ this.#effect = effect;
14
+ }
15
+ get effect() {
16
+ return this.#effect;
17
+ }
18
+ #matchAction(action) {
19
+ // read:name_label - read:name_label
20
+ if (this.#action === action) {
21
+ return true;
22
+ }
23
+ const [namespaceToMatch, actionToMatch] = action.split(':');
24
+ const [thisNamespace, thisAction] = this.#action.split(':');
25
+ if (thisNamespace === '*') {
26
+ return true;
27
+ }
28
+ // update:vm - read:name_label
29
+ if (thisNamespace !== namespaceToMatch) {
30
+ return false;
31
+ }
32
+ // read - read:name_label
33
+ if (thisAction === undefined) {
34
+ return true;
35
+ }
36
+ // read:name_decription - read:name_label
37
+ if (thisAction !== actionToMatch) {
38
+ return false;
39
+ }
40
+ throw new Error(`Unable to verify if ${this.#action} match ${action} `);
41
+ }
42
+ #matchSelector(object) {
43
+ if (this.#selector === undefined) {
44
+ return true;
45
+ }
46
+ return this.#selector(object);
47
+ }
48
+ #matchResource(resource) {
49
+ return resource === this.#resource;
50
+ }
51
+ match(constraint) {
52
+ return (this.#matchResource(constraint.resource) &&
53
+ this.#matchAction(constraint.action) &&
54
+ this.#matchSelector(constraint.object));
55
+ }
56
+ /**
57
+ * Throw if action not supported
58
+ */
59
+ static checkActionIsValid(resource, action) {
60
+ const supportedActions = SUPPORTED_ACTIONS_BY_RESOURCE[resource];
61
+ if (supportedActions === undefined) {
62
+ throw new Error(`${resource} resource not supported`);
63
+ }
64
+ if (action === '*') {
65
+ return;
66
+ }
67
+ const segments = action.split(':');
68
+ let _action = undefined;
69
+ segments.forEach(segment => {
70
+ _action = (_action ?? supportedActions)[segment];
71
+ if (_action === undefined) {
72
+ throw new Error(`${action} action not supported for the resource: ${resource}. See ${JSON.stringify(supportedActions)}`);
73
+ }
74
+ });
75
+ }
76
+ }