@cerbos/core
Version:
Common types used by the Cerbos client libraries
472 lines • 14.5 kB
JavaScript
;
/* eslint-disable @typescript-eslint/no-deprecated */
Object.defineProperty(exports, "__esModule", { value: true });
exports.addOrUpdatePoliciesRequestToProtobuf = addOrUpdatePoliciesRequestToProtobuf;
exports.policyToProtobuf = policyToProtobuf;
exports.addOrUpdateSchemasRequestToProtobuf = addOrUpdateSchemasRequestToProtobuf;
exports.checkResourcesRequestToProtobuf = checkResourcesRequestToProtobuf;
exports.deleteSchemasRequestToProtobuf = deleteSchemasRequestToProtobuf;
exports.disablePoliciesRequestToProtobuf = disablePoliciesRequestToProtobuf;
exports.enablePoliciesRequestToProtobuf = enablePoliciesRequestToProtobuf;
exports.getPoliciesRequestToProtobuf = getPoliciesRequestToProtobuf;
exports.getSchemasRequestToProtobuf = getSchemasRequestToProtobuf;
exports.healthCheckRequestToProtobuf = healthCheckRequestToProtobuf;
exports.listAccessLogEntriesRequestToProtobuf = listAccessLogEntriesRequestToProtobuf;
exports.listDecisionLogEntriesRequestToProtobuf = listDecisionLogEntriesRequestToProtobuf;
exports.inspectPoliciesRequestToProtobuf = inspectPoliciesRequestToProtobuf;
exports.listPoliciesRequestToProtobuf = listPoliciesRequestToProtobuf;
exports.planResourcesRequestToProtobuf = planResourcesRequestToProtobuf;
const uuid_1 = require("uuid");
const effect_1 = require("../protobuf/cerbos/effect/v1/effect");
const policy_1 = require("../protobuf/cerbos/policy/v1/policy");
const request_1 = require("../protobuf/cerbos/request/v1/request");
const external_1 = require("../types/external");
const encoder = new TextEncoder();
function addOrUpdatePoliciesRequestToProtobuf({ policies, }) {
return {
policies: policies.map(policyToProtobuf),
};
}
/** @internal */
function policyToProtobuf(policy) {
const { apiVersion = "api.cerbos.dev/v1", description = "", disabled = false, variables = {}, } = policy;
return {
apiVersion,
description,
disabled,
jsonSchema: "",
metadata: undefined,
policyType: policyTypeToProtobuf(policy),
variables,
};
}
function policyTypeToProtobuf(policy) {
if ((0, external_1.policyIsDerivedRoles)(policy)) {
return {
$case: "derivedRoles",
derivedRoles: derivedRolesToProtobuf(policy),
};
}
if ((0, external_1.policyIsExportConstants)(policy)) {
return {
$case: "exportConstants",
exportConstants: exportConstantsToProtobuf(policy),
};
}
if ((0, external_1.policyIsExportVariables)(policy)) {
return {
$case: "exportVariables",
exportVariables: exportVariablesToProtobuf(policy),
};
}
if ((0, external_1.policyIsPrincipalPolicy)(policy)) {
return {
$case: "principalPolicy",
principalPolicy: principalPolicyToProtobuf(policy),
};
}
if ((0, external_1.policyIsResourcePolicy)(policy)) {
return {
$case: "resourcePolicy",
resourcePolicy: resourcePolicyToProtobuf(policy),
};
}
if ((0, external_1.policyIsRolePolicy)(policy)) {
return {
$case: "rolePolicy",
rolePolicy: rolePolicyToProtobuf(policy),
};
}
throw new Error(`Unknown policy type: ${JSON.stringify(policy, null, 2)}`);
}
function derivedRolesToProtobuf({ derivedRoles: { name, definitions, constants, variables }, }) {
return {
name,
definitions: definitions.map(derivedRoleDefinitionToProtobuf),
constants: constants && constantsToProtobuf(constants),
variables: variables && variablesToProtobuf(variables),
};
}
function derivedRoleDefinitionToProtobuf({ name, parentRoles, condition, }) {
return {
name,
parentRoles,
condition: condition && conditionToProtobuf(condition),
};
}
function conditionToProtobuf({ match }) {
return {
condition: {
$case: "match",
match: matchToProtobuf(match),
},
};
}
function matchToProtobuf(match) {
if ((0, external_1.matchIsMatchAll)(match)) {
return {
op: {
$case: "all",
all: matchesToProtobuf(match.all),
},
};
}
if ((0, external_1.matchIsMatchAny)(match)) {
return {
op: {
$case: "any",
any: matchesToProtobuf(match.any),
},
};
}
if ((0, external_1.matchIsMatchNone)(match)) {
return {
op: {
$case: "none",
none: matchesToProtobuf(match.none),
},
};
}
if ((0, external_1.matchIsMatchExpr)(match)) {
return {
op: {
$case: "expr",
expr: match.expr,
},
};
}
throw new Error(`Unknown match type: ${JSON.stringify(match, null, 2)}`);
}
function matchesToProtobuf({ of }) {
return {
of: of.map(matchToProtobuf),
};
}
function constantsToProtobuf({ import: imports = [], local = {}, }) {
return {
import: imports,
local,
};
}
function exportConstantsToProtobuf({ exportConstants: { name, definitions }, }) {
return {
name,
definitions,
};
}
function variablesToProtobuf({ import: imports = [], local = {}, }) {
return {
import: imports,
local,
};
}
function exportVariablesToProtobuf({ exportVariables: { name, definitions }, }) {
return {
name,
definitions,
};
}
function principalPolicyToProtobuf({ principalPolicy: { principal, version, rules, scope = "", scopePermissions, constants, variables, }, }) {
return {
principal,
version,
rules: rules.map(principalRuleToProtobuf),
scope,
scopePermissions: scopePermissionsToProtobuf(scopePermissions),
constants: constants && constantsToProtobuf(constants),
variables: variables && variablesToProtobuf(variables),
};
}
function principalRuleToProtobuf({ resource, actions, }) {
return {
resource,
actions: actions.map(principalRuleActionToProtobuf),
};
}
function principalRuleActionToProtobuf({ action, effect, condition, name = "", output, }) {
return {
action,
effect: effectToProtobuf(effect),
condition: condition && conditionToProtobuf(condition),
name,
output: output && outputToProtobuf(output),
};
}
function scopePermissionsToProtobuf(scopePermissions) {
switch (scopePermissions) {
case external_1.ScopePermissions.OVERRIDE_PARENT:
return policy_1.ScopePermissions.SCOPE_PERMISSIONS_OVERRIDE_PARENT;
case external_1.ScopePermissions.REQUIRE_PARENTAL_CONSENT_FOR_ALLOWS:
return policy_1.ScopePermissions.SCOPE_PERMISSIONS_REQUIRE_PARENTAL_CONSENT_FOR_ALLOWS;
default:
return policy_1.ScopePermissions.SCOPE_PERMISSIONS_UNSPECIFIED;
}
}
function effectToProtobuf(effect) {
return effect === external_1.Effect.ALLOW
? effect_1.Effect.EFFECT_ALLOW
: effect_1.Effect.EFFECT_DENY;
}
function outputToProtobuf({ expr = "", when }) {
return {
expr,
when: when && outputExpressionsToProtobuf(when),
};
}
function outputExpressionsToProtobuf({ ruleActivated = "", conditionNotMet = "", }) {
return {
ruleActivated,
conditionNotMet,
};
}
function resourcePolicyToProtobuf({ resourcePolicy: { resource, version, importDerivedRoles = [], rules, scope = "", scopePermissions, schemas, constants, variables, }, }) {
return {
resource,
version,
importDerivedRoles,
rules: rules.map(resourceRuleToProtobuf),
scope,
scopePermissions: scopePermissionsToProtobuf(scopePermissions),
schemas: schemas && policySchemasToProtobuf(schemas),
constants: constants && constantsToProtobuf(constants),
variables: variables && variablesToProtobuf(variables),
};
}
function resourceRuleToProtobuf({ actions, effect, derivedRoles = [], roles = [], condition, name = "", output, }) {
return {
actions,
effect: effectToProtobuf(effect),
derivedRoles,
roles,
condition: condition && conditionToProtobuf(condition),
name,
output: output && outputToProtobuf(output),
};
}
function rolePolicyToProtobuf({ rolePolicy: { role, parentRoles, scope, rules }, }) {
return {
policyType: { $case: "role", role },
parentRoles: parentRoles ?? [],
scope: scope ?? "",
scopePermissions: policy_1.ScopePermissions.SCOPE_PERMISSIONS_UNSPECIFIED,
rules: rules.map(roleRuleToProtobuf),
};
}
function roleRuleToProtobuf({ resource, allowActions, condition, }) {
return {
resource,
allowActions,
condition: condition && conditionToProtobuf(condition),
};
}
function policySchemasToProtobuf({ principalSchema, resourceSchema, }) {
return {
principalSchema: principalSchema && policySchemaToProtobuf(principalSchema),
resourceSchema: resourceSchema && policySchemaToProtobuf(resourceSchema),
};
}
function policySchemaToProtobuf({ ref, ignoreWhen, }) {
return {
ref,
ignoreWhen,
};
}
function addOrUpdateSchemasRequestToProtobuf({ schemas, }) {
return {
schemas: schemas.map(schemaToProtobuf),
};
}
function schemaToProtobuf({ id, definition }) {
return {
id,
definition: schemaDefinitionToProtobuf(definition),
};
}
function schemaDefinitionToProtobuf(definition) {
if (definition instanceof Uint8Array) {
return definition;
}
if (definition instanceof external_1.SchemaDefinition) {
return definition.bytes;
}
if (typeof definition === "string") {
return encoder.encode(definition);
}
return encoder.encode(JSON.stringify(definition));
}
function checkResourcesRequestToProtobuf({ principal, resources, auxData, includeMetadata = false, requestId = (0, uuid_1.v4)(), }) {
return {
principal: principalToProtobuf(principal),
resources: resources.map(resourceCheckToProtobuf),
auxData: auxData && auxDataToProtobuf(auxData),
includeMeta: includeMetadata,
requestId,
};
}
function principalToProtobuf({ id, roles, attr = {}, attributes = {}, policyVersion = "", scope = "", }) {
return {
id,
roles,
attr: {
...attributes,
...attr,
},
policyVersion,
scope,
};
}
function resourceCheckToProtobuf({ resource, actions, }) {
return {
resource: resourceToProtobuf(resource),
actions,
};
}
function resourceToProtobuf({ kind, id, attr = {}, attributes = {}, policyVersion = "", scope = "", }) {
return {
kind,
id,
attr: {
...attributes,
...attr,
},
policyVersion,
scope,
};
}
function auxDataToProtobuf({ jwt }) {
if (!jwt) {
return undefined;
}
return {
jwt: jwtToProtobuf(jwt),
};
}
function jwtToProtobuf({ token, keySetId = "" }) {
return {
token,
keySetId,
};
}
function deleteSchemasRequestToProtobuf({ ids, }) {
return {
id: ids,
};
}
function disablePoliciesRequestToProtobuf({ ids, }) {
return {
id: ids,
};
}
function enablePoliciesRequestToProtobuf({ ids, }) {
return {
id: ids,
};
}
function getPoliciesRequestToProtobuf({ ids, }) {
return {
id: ids,
};
}
function getSchemasRequestToProtobuf({ ids, }) {
return {
id: ids,
};
}
function healthCheckRequestToProtobuf({ service = external_1.Service.CERBOS, }) {
return {
service,
};
}
function listAccessLogEntriesRequestToProtobuf({ filter, }) {
return {
kind: request_1.ListAuditLogEntriesRequest_Kind.KIND_ACCESS,
filter: auditLogFilterToProtobuf(filter),
};
}
function listDecisionLogEntriesRequestToProtobuf({ filter, }) {
return {
kind: request_1.ListAuditLogEntriesRequest_Kind.KIND_DECISION,
filter: auditLogFilterToProtobuf(filter),
};
}
function auditLogFilterToProtobuf(filter) {
if ((0, external_1.auditLogFilterIsBetween)(filter)) {
return {
$case: "between",
between: { start: filter.start, end: filter.end },
};
}
if ((0, external_1.auditLogFilterIsSince)(filter)) {
return {
$case: "since",
since: durationToProtobuf(filter.since),
};
}
if ((0, external_1.auditLogFilterIsTail)(filter)) {
return {
$case: "tail",
tail: filter.tail,
};
}
return undefined;
}
function durationToProtobuf(duration) {
const [seconds, nanos] = duration.toFixed(9).split(".", 2);
return {
seconds,
nanos: parseInt(nanos, 10),
};
}
function inspectPoliciesRequestToProtobuf({ includeDisabled = false, ids = [], nameRegexp = "", scopeRegexp = "", versionRegexp = "", }) {
return {
policyId: ids,
includeDisabled,
nameRegexp,
scopeRegexp,
versionRegexp,
};
}
function listPoliciesRequestToProtobuf({ includeDisabled = false, ids = [], nameRegexp = "", scopeRegexp = "", versionRegexp = "", }) {
return {
policyId: ids,
includeDisabled,
nameRegexp,
scopeRegexp,
versionRegexp,
};
}
function planResourcesRequestToProtobuf(request) {
const { principal, resource, auxData, includeMetadata = false, requestId = (0, uuid_1.v4)(), } = request;
return {
principal: principalToProtobuf(principal),
resource: resourceQueryToProtobuf(resource),
...planResourcesActionsToProtobuf(request),
auxData: auxData && auxDataToProtobuf(auxData),
includeMeta: includeMetadata,
requestId,
};
}
function planResourcesActionsToProtobuf(request) {
if ("actions" in request) {
return {
action: "",
actions: request.actions,
};
}
return {
action: request.action,
actions: [],
};
}
function resourceQueryToProtobuf({ kind, attr = {}, attributes = {}, policyVersion = "", scope = "", }) {
return {
kind,
attr: {
...attributes,
...attr,
},
policyVersion,
scope,
};
}
//# sourceMappingURL=toProtobuf.js.map