diff --git a/docs/core.derivedroles.derivedroles.md b/docs/core.derivedroles.derivedroles.md index f8522460..6cf7c195 100644 --- a/docs/core.derivedroles.derivedroles.md +++ b/docs/core.derivedroles.derivedroles.md @@ -9,9 +9,5 @@ A set of derived roles. **Signature:** ```typescript -derivedRoles: { - name: string; - definitions: DerivedRoleDefinition[]; - variables?: Variables | undefined; - }; +derivedRoles: DerivedRolesBody; ``` diff --git a/docs/core.derivedroles.md b/docs/core.derivedroles.md index 098e9dd8..4fb63a7c 100644 --- a/docs/core.derivedroles.md +++ b/docs/core.derivedroles.md @@ -17,5 +17,5 @@ export interface DerivedRoles extends PolicyBase | Property | Modifiers | Type | Description | | --- | --- | --- | --- | -| [derivedRoles](./core.derivedroles.derivedroles.md) | | { name: string; definitions: [DerivedRoleDefinition](./core.derivedroledefinition.md)\[\]; variables?: [Variables](./core.variables.md) \| undefined; } | A set of derived roles. | +| [derivedRoles](./core.derivedroles.derivedroles.md) | | [DerivedRolesBody](./core.derivedrolesbody.md) | A set of derived roles. | diff --git a/docs/core.derivedrolesbody.definitions.md b/docs/core.derivedrolesbody.definitions.md new file mode 100644 index 00000000..c4cc223d --- /dev/null +++ b/docs/core.derivedrolesbody.definitions.md @@ -0,0 +1,13 @@ + + +[Home](./index.md) > [@cerbos/core](./core.md) > [DerivedRolesBody](./core.derivedrolesbody.md) > [definitions](./core.derivedrolesbody.definitions.md) + +## DerivedRolesBody.definitions property + +The definitions of the derived roles. + +**Signature:** + +```typescript +definitions: DerivedRoleDefinition[]; +``` diff --git a/docs/core.derivedrolesbody.md b/docs/core.derivedrolesbody.md new file mode 100644 index 00000000..806672e1 --- /dev/null +++ b/docs/core.derivedrolesbody.md @@ -0,0 +1,22 @@ + + +[Home](./index.md) > [@cerbos/core](./core.md) > [DerivedRolesBody](./core.derivedrolesbody.md) + +## DerivedRolesBody interface + +A set of [derived roles](https://docs.cerbos.dev/cerbos/latest/policies/derived_roles.html) to augment static RBAC roles with contextual data to provide more fine-grained control at runtime. + +**Signature:** + +```typescript +export interface DerivedRolesBody +``` + +## Properties + +| Property | Modifiers | Type | Description | +| --- | --- | --- | --- | +| [definitions](./core.derivedrolesbody.definitions.md) | | [DerivedRoleDefinition](./core.derivedroledefinition.md)\[\] | The definitions of the derived roles. | +| [name](./core.derivedrolesbody.name.md) | | string | The name to use when importing the set of derived roles. | +| [variables?](./core.derivedrolesbody.variables.md) | | [Variables](./core.variables.md) \| undefined | _(Optional)_ [Variables](https://docs.cerbos.dev/cerbos/prerelease/policies/variables.html) defined for use in conditions. | + diff --git a/docs/core.derivedrolesbody.name.md b/docs/core.derivedrolesbody.name.md new file mode 100644 index 00000000..d21b5bb5 --- /dev/null +++ b/docs/core.derivedrolesbody.name.md @@ -0,0 +1,13 @@ + + +[Home](./index.md) > [@cerbos/core](./core.md) > [DerivedRolesBody](./core.derivedrolesbody.md) > [name](./core.derivedrolesbody.name.md) + +## DerivedRolesBody.name property + +The name to use when importing the set of derived roles. + +**Signature:** + +```typescript +name: string; +``` diff --git a/docs/core.derivedrolesbody.variables.md b/docs/core.derivedrolesbody.variables.md new file mode 100644 index 00000000..ea612dcc --- /dev/null +++ b/docs/core.derivedrolesbody.variables.md @@ -0,0 +1,18 @@ + + +[Home](./index.md) > [@cerbos/core](./core.md) > [DerivedRolesBody](./core.derivedrolesbody.md) > [variables](./core.derivedrolesbody.variables.md) + +## DerivedRolesBody.variables property + +[Variables](https://docs.cerbos.dev/cerbos/prerelease/policies/variables.html) defined for use in conditions. + +**Signature:** + +```typescript +variables?: Variables | undefined; +``` + +## Remarks + +Requires the Cerbos policy decision point server to be at least v0.29. + diff --git a/docs/core.exportvariables.exportvariables.md b/docs/core.exportvariables.exportvariables.md index 9cc25c93..b6d82d10 100644 --- a/docs/core.exportvariables.exportvariables.md +++ b/docs/core.exportvariables.exportvariables.md @@ -9,8 +9,5 @@ A set of exported variables. **Signature:** ```typescript -exportVariables: { - name: string; - definitions: Record; - }; +exportVariables: ExportVariablesBody; ``` diff --git a/docs/core.exportvariables.md b/docs/core.exportvariables.md index 87dff679..4e633fd7 100644 --- a/docs/core.exportvariables.md +++ b/docs/core.exportvariables.md @@ -21,5 +21,5 @@ Requires the Cerbos policy decision point server to be at least v0.29. | Property | Modifiers | Type | Description | | --- | --- | --- | --- | -| [exportVariables](./core.exportvariables.exportvariables.md) | | { name: string; definitions: Record<string, string>; } | A set of exported variables. | +| [exportVariables](./core.exportvariables.exportvariables.md) | | [ExportVariablesBody](./core.exportvariablesbody.md) | A set of exported variables. | diff --git a/docs/core.exportvariablesbody.definitions.md b/docs/core.exportvariablesbody.definitions.md new file mode 100644 index 00000000..0ffa4680 --- /dev/null +++ b/docs/core.exportvariablesbody.definitions.md @@ -0,0 +1,13 @@ + + +[Home](./index.md) > [@cerbos/core](./core.md) > [ExportVariablesBody](./core.exportvariablesbody.md) > [definitions](./core.exportvariablesbody.definitions.md) + +## ExportVariablesBody.definitions property + +Variable expressions. + +**Signature:** + +```typescript +definitions: Record; +``` diff --git a/docs/core.exportvariablesbody.md b/docs/core.exportvariablesbody.md new file mode 100644 index 00000000..40d7bdfc --- /dev/null +++ b/docs/core.exportvariablesbody.md @@ -0,0 +1,25 @@ + + +[Home](./index.md) > [@cerbos/core](./core.md) > [ExportVariablesBody](./core.exportvariablesbody.md) + +## ExportVariablesBody interface + +A set of [exported variables](https://docs.cerbos.dev/cerbos/prerelease/policies/variables.html#export) to be reused in other policies. + +**Signature:** + +```typescript +export interface ExportVariablesBody +``` + +## Remarks + +Requires the Cerbos policy decision point server to be at least v0.29. + +## Properties + +| Property | Modifiers | Type | Description | +| --- | --- | --- | --- | +| [definitions](./core.exportvariablesbody.definitions.md) | | Record<string, string> | Variable expressions. | +| [name](./core.exportvariablesbody.name.md) | | string | The name to use when importing the set of variables. | + diff --git a/docs/core.exportvariablesbody.name.md b/docs/core.exportvariablesbody.name.md new file mode 100644 index 00000000..d039ec16 --- /dev/null +++ b/docs/core.exportvariablesbody.name.md @@ -0,0 +1,13 @@ + + +[Home](./index.md) > [@cerbos/core](./core.md) > [ExportVariablesBody](./core.exportvariablesbody.md) > [name](./core.exportvariablesbody.name.md) + +## ExportVariablesBody.name property + +The name to use when importing the set of variables. + +**Signature:** + +```typescript +name: string; +``` diff --git a/docs/core.md b/docs/core.md index 1bb5972b..d78df57b 100644 --- a/docs/core.md +++ b/docs/core.md @@ -51,11 +51,13 @@ Common types used by the [gRPC](./grpc.md) and [HTTP](./http.md) client librarie | [DeleteSchemasResponse](./core.deleteschemasresponse.md) | The outcome of deleting schemas. | | [DerivedRoleDefinition](./core.derivedroledefinition.md) | The definition of a [derived role](https://docs.cerbos.dev/cerbos/latest/policies/derived_roles.html). | | [DerivedRoles](./core.derivedroles.md) | A set of [derived roles](https://docs.cerbos.dev/cerbos/latest/policies/derived_roles.html) to augment static RBAC roles with contextual data to provide more fine-grained control at runtime. | +| [DerivedRolesBody](./core.derivedrolesbody.md) | A set of [derived roles](https://docs.cerbos.dev/cerbos/latest/policies/derived_roles.html) to augment static RBAC roles with contextual data to provide more fine-grained control at runtime. | | [DisablePoliciesRequest](./core.disablepoliciesrequest.md) | Input to [Client.disablePolicies()](./core.client.disablepolicies.md). | | [DisablePoliciesResponse](./core.disablepoliciesresponse.md) | The outcome of disabling policies. | | [EnablePoliciesRequest](./core.enablepoliciesrequest.md) | Input to [Client.enablePolicies()](./core.client.enablepolicies.md). | | [EnablePoliciesResponse](./core.enablepoliciesresponse.md) | The outcome of enabling policies. | | [ExportVariables](./core.exportvariables.md) | A set of [exported variables](https://docs.cerbos.dev/cerbos/prerelease/policies/variables.html#export) to be reused in other policies. | +| [ExportVariablesBody](./core.exportvariablesbody.md) | A set of [exported variables](https://docs.cerbos.dev/cerbos/prerelease/policies/variables.html#export) to be reused in other policies. | | [GetPoliciesRequest](./core.getpoliciesrequest.md) | Input to [Client.getPolicies()](./core.client.getpolicies.md). | | [GetPoliciesResponse](./core.getpoliciesresponse.md) | Fetched policies. | | [GetSchemasRequest](./core.getschemasrequest.md) | Input to [Client.getSchemas()](./core.client.getschemas.md). | @@ -81,12 +83,14 @@ Common types used by the [gRPC](./grpc.md) and [HTTP](./http.md) client librarie | [PolicyMetadata](./core.policymetadata.md) | Metadata describing a policy. | | [Principal](./core.principal.md) | A principal (often a user, but potentially another actor like a service account) to authorize. | | [PrincipalPolicy](./core.principalpolicy.md) | A [policy](https://docs.cerbos.dev/cerbos/latest/policies/principal_policies.html) defining overrides for a specific user. | +| [PrincipalPolicyBody](./core.principalpolicybody.md) | A [policy](https://docs.cerbos.dev/cerbos/latest/policies/principal_policies.html) defining overrides for a specific user. | | [PrincipalRule](./core.principalrule.md) | A rule defining an override for a specific user. | | [PrincipalRuleAction](./core.principalruleaction.md) | An override for a given action for a specific user. | | [ReloadStoreRequest](./core.reloadstorerequest.md) | Input to [Client.reloadStore()](./core.client.reloadstore.md). | | [Resource](./core.resource.md) | A resource on which to check a principal's permissions. | | [ResourceCheck](./core.resourcecheck.md) | A [Resource](./core.resource.md) and list of actions on which to check a principal's permissions. | | [ResourcePolicy](./core.resourcepolicy.md) | A [policy](https://docs.cerbos.dev/cerbos/latest/policies/resource_policies.html) defining rules for actions that can be performed on a given resource. | +| [ResourcePolicyBody](./core.resourcepolicybody.md) | A [policy](https://docs.cerbos.dev/cerbos/latest/policies/resource_policies.html) defining rules for actions that can be performed on a given resource. | | [ResourceRule](./core.resourcerule.md) | A rule for actions that can be performed on a given resource. | | [Schema](./core.schema.md) | A JSON schema used to validate principal or resource attributes. | | [SchemaInput](./core.schemainput.md) | A JSON schema to be used to validate principal or resource attributes. | diff --git a/docs/core.policybase.variables.md b/docs/core.policybase.variables.md index f8e8d136..e9f15ec2 100644 --- a/docs/core.policybase.variables.md +++ b/docs/core.policybase.variables.md @@ -6,7 +6,7 @@ > Warning: This API is now obsolete. > -> Define variables within the policy body instead (provided the Cerbos policy decision point server is at least v0.29). +> Define variables within the policy body instead, provided the Cerbos policy decision point server is at least v0.29 ([DerivedRolesBody.variables](./core.derivedrolesbody.variables.md), [PrincipalPolicyBody.variables](./core.principalpolicybody.variables.md), or [ResourcePolicyBody.variables](./core.resourcepolicybody.variables.md)). > Variable expressions defined for the policy. diff --git a/docs/core.principalpolicy.md b/docs/core.principalpolicy.md index 6804762c..f17cc61e 100644 --- a/docs/core.principalpolicy.md +++ b/docs/core.principalpolicy.md @@ -17,5 +17,5 @@ export interface PrincipalPolicy extends PolicyBase | Property | Modifiers | Type | Description | | --- | --- | --- | --- | -| [principalPolicy](./core.principalpolicy.principalpolicy.md) | | { principal: string; version: string; rules: [PrincipalRule](./core.principalrule.md)\[\]; scope?: string; variables?: [Variables](./core.variables.md) \| undefined; } | The policy body. | +| [principalPolicy](./core.principalpolicy.principalpolicy.md) | | [PrincipalPolicyBody](./core.principalpolicybody.md) | The policy body. | diff --git a/docs/core.principalpolicy.principalpolicy.md b/docs/core.principalpolicy.principalpolicy.md index 5dbc796b..023cfbb0 100644 --- a/docs/core.principalpolicy.principalpolicy.md +++ b/docs/core.principalpolicy.principalpolicy.md @@ -9,11 +9,5 @@ The policy body. **Signature:** ```typescript -principalPolicy: { - principal: string; - version: string; - rules: PrincipalRule[]; - scope?: string; - variables?: Variables | undefined; - }; +principalPolicy: PrincipalPolicyBody; ``` diff --git a/docs/core.principalpolicybody.md b/docs/core.principalpolicybody.md new file mode 100644 index 00000000..0de0b503 --- /dev/null +++ b/docs/core.principalpolicybody.md @@ -0,0 +1,24 @@ + + +[Home](./index.md) > [@cerbos/core](./core.md) > [PrincipalPolicyBody](./core.principalpolicybody.md) + +## PrincipalPolicyBody interface + +A [policy](https://docs.cerbos.dev/cerbos/latest/policies/principal_policies.html) defining overrides for a specific user. + +**Signature:** + +```typescript +export interface PrincipalPolicyBody +``` + +## Properties + +| Property | Modifiers | Type | Description | +| --- | --- | --- | --- | +| [principal](./core.principalpolicybody.principal.md) | | string | The ID of the principal to whom the policy applies. | +| [rules](./core.principalpolicybody.rules.md) | | [PrincipalRule](./core.principalrule.md)\[\] | Rules defining the overrides that apply to the principal. | +| [scope?](./core.principalpolicybody.scope.md) | | string | _(Optional)_ [Scope](https://docs.cerbos.dev/cerbos/latest/policies/scoped_policies.html) of the policy. | +| [variables?](./core.principalpolicybody.variables.md) | | [Variables](./core.variables.md) \| undefined | _(Optional)_ [Variables](https://docs.cerbos.dev/cerbos/prerelease/policies/variables.html) defined for use in conditions. | +| [version](./core.principalpolicybody.version.md) | | string | The version of the policy. | + diff --git a/docs/core.principalpolicybody.principal.md b/docs/core.principalpolicybody.principal.md new file mode 100644 index 00000000..a926d8be --- /dev/null +++ b/docs/core.principalpolicybody.principal.md @@ -0,0 +1,13 @@ + + +[Home](./index.md) > [@cerbos/core](./core.md) > [PrincipalPolicyBody](./core.principalpolicybody.md) > [principal](./core.principalpolicybody.principal.md) + +## PrincipalPolicyBody.principal property + +The ID of the principal to whom the policy applies. + +**Signature:** + +```typescript +principal: string; +``` diff --git a/docs/core.principalpolicybody.rules.md b/docs/core.principalpolicybody.rules.md new file mode 100644 index 00000000..a92d1e9d --- /dev/null +++ b/docs/core.principalpolicybody.rules.md @@ -0,0 +1,13 @@ + + +[Home](./index.md) > [@cerbos/core](./core.md) > [PrincipalPolicyBody](./core.principalpolicybody.md) > [rules](./core.principalpolicybody.rules.md) + +## PrincipalPolicyBody.rules property + +Rules defining the overrides that apply to the principal. + +**Signature:** + +```typescript +rules: PrincipalRule[]; +``` diff --git a/docs/core.principalpolicybody.scope.md b/docs/core.principalpolicybody.scope.md new file mode 100644 index 00000000..668723c0 --- /dev/null +++ b/docs/core.principalpolicybody.scope.md @@ -0,0 +1,13 @@ + + +[Home](./index.md) > [@cerbos/core](./core.md) > [PrincipalPolicyBody](./core.principalpolicybody.md) > [scope](./core.principalpolicybody.scope.md) + +## PrincipalPolicyBody.scope property + +[Scope](https://docs.cerbos.dev/cerbos/latest/policies/scoped_policies.html) of the policy. + +**Signature:** + +```typescript +scope?: string; +``` diff --git a/docs/core.principalpolicybody.variables.md b/docs/core.principalpolicybody.variables.md new file mode 100644 index 00000000..9af3ed9e --- /dev/null +++ b/docs/core.principalpolicybody.variables.md @@ -0,0 +1,18 @@ + + +[Home](./index.md) > [@cerbos/core](./core.md) > [PrincipalPolicyBody](./core.principalpolicybody.md) > [variables](./core.principalpolicybody.variables.md) + +## PrincipalPolicyBody.variables property + +[Variables](https://docs.cerbos.dev/cerbos/prerelease/policies/variables.html) defined for use in conditions. + +**Signature:** + +```typescript +variables?: Variables | undefined; +``` + +## Remarks + +Requires the Cerbos policy decision point server to be at least v0.29. + diff --git a/docs/core.principalpolicybody.version.md b/docs/core.principalpolicybody.version.md new file mode 100644 index 00000000..b64ae359 --- /dev/null +++ b/docs/core.principalpolicybody.version.md @@ -0,0 +1,18 @@ + + +[Home](./index.md) > [@cerbos/core](./core.md) > [PrincipalPolicyBody](./core.principalpolicybody.md) > [version](./core.principalpolicybody.version.md) + +## PrincipalPolicyBody.version property + +The version of the policy. + +**Signature:** + +```typescript +version: string; +``` + +## Remarks + +Policies are uniquely identified by the principal name and version pair. You can have multiple policy versions for the same principal (e.g. production vs. staging). The version value `default` is special as it is the default fallback when no version is specified in the request. + diff --git a/docs/core.resourcepolicy.md b/docs/core.resourcepolicy.md index a9ae4cf7..8211a7ef 100644 --- a/docs/core.resourcepolicy.md +++ b/docs/core.resourcepolicy.md @@ -17,5 +17,5 @@ export interface ResourcePolicy extends PolicyBase | Property | Modifiers | Type | Description | | --- | --- | --- | --- | -| [resourcePolicy](./core.resourcepolicy.resourcepolicy.md) | | { resource: string; version: string; importDerivedRoles?: string\[\]; rules: [ResourceRule](./core.resourcerule.md)\[\]; scope?: string; schemas?: [SchemaRefs](./core.schemarefs.md) \| undefined; variables?: [Variables](./core.variables.md) \| undefined; } | The policy body. | +| [resourcePolicy](./core.resourcepolicy.resourcepolicy.md) | | [ResourcePolicyBody](./core.resourcepolicybody.md) | The policy body. | diff --git a/docs/core.resourcepolicy.resourcepolicy.md b/docs/core.resourcepolicy.resourcepolicy.md index 2c1fc800..7a84921c 100644 --- a/docs/core.resourcepolicy.resourcepolicy.md +++ b/docs/core.resourcepolicy.resourcepolicy.md @@ -9,13 +9,5 @@ The policy body. **Signature:** ```typescript -resourcePolicy: { - resource: string; - version: string; - importDerivedRoles?: string[]; - rules: ResourceRule[]; - scope?: string; - schemas?: SchemaRefs | undefined; - variables?: Variables | undefined; - }; +resourcePolicy: ResourcePolicyBody; ``` diff --git a/docs/core.resourcepolicybody.importderivedroles.md b/docs/core.resourcepolicybody.importderivedroles.md new file mode 100644 index 00000000..69b931e0 --- /dev/null +++ b/docs/core.resourcepolicybody.importderivedroles.md @@ -0,0 +1,13 @@ + + +[Home](./index.md) > [@cerbos/core](./core.md) > [ResourcePolicyBody](./core.resourcepolicybody.md) > [importDerivedRoles](./core.resourcepolicybody.importderivedroles.md) + +## ResourcePolicyBody.importDerivedRoles property + +Name of a set of [derived roles](https://docs.cerbos.dev/cerbos/latest/policies/derived_roles.html) to import. + +**Signature:** + +```typescript +importDerivedRoles?: string[]; +``` diff --git a/docs/core.resourcepolicybody.md b/docs/core.resourcepolicybody.md new file mode 100644 index 00000000..1afe9447 --- /dev/null +++ b/docs/core.resourcepolicybody.md @@ -0,0 +1,26 @@ + + +[Home](./index.md) > [@cerbos/core](./core.md) > [ResourcePolicyBody](./core.resourcepolicybody.md) + +## ResourcePolicyBody interface + +A [policy](https://docs.cerbos.dev/cerbos/latest/policies/resource_policies.html) defining rules for actions that can be performed on a given resource. + +**Signature:** + +```typescript +export interface ResourcePolicyBody +``` + +## Properties + +| Property | Modifiers | Type | Description | +| --- | --- | --- | --- | +| [importDerivedRoles?](./core.resourcepolicybody.importderivedroles.md) | | string\[\] | _(Optional)_ Name of a set of [derived roles](https://docs.cerbos.dev/cerbos/latest/policies/derived_roles.html) to import. | +| [resource](./core.resourcepolicybody.resource.md) | | string | The name of the resource to which the policy applies. | +| [rules](./core.resourcepolicybody.rules.md) | | [ResourceRule](./core.resourcerule.md)\[\] | Rules defining the actions that can be performed on the resource. | +| [schemas?](./core.resourcepolicybody.schemas.md) | | [SchemaRefs](./core.schemarefs.md) \| undefined | _(Optional)_ [Schemas](https://docs.cerbos.dev/cerbos/latest/policies/schemas.html) for principal and resource attributes. | +| [scope?](./core.resourcepolicybody.scope.md) | | string | _(Optional)_ [Scope](https://docs.cerbos.dev/cerbos/latest/policies/scoped_policies.html) of the policy. | +| [variables?](./core.resourcepolicybody.variables.md) | | [Variables](./core.variables.md) \| undefined | _(Optional)_ [Variables](https://docs.cerbos.dev/cerbos/prerelease/policies/variables.html) defined for use in conditions. | +| [version](./core.resourcepolicybody.version.md) | | string | The version of the policy. | + diff --git a/docs/core.resourcepolicybody.resource.md b/docs/core.resourcepolicybody.resource.md new file mode 100644 index 00000000..2735b522 --- /dev/null +++ b/docs/core.resourcepolicybody.resource.md @@ -0,0 +1,13 @@ + + +[Home](./index.md) > [@cerbos/core](./core.md) > [ResourcePolicyBody](./core.resourcepolicybody.md) > [resource](./core.resourcepolicybody.resource.md) + +## ResourcePolicyBody.resource property + +The name of the resource to which the policy applies. + +**Signature:** + +```typescript +resource: string; +``` diff --git a/docs/core.resourcepolicybody.rules.md b/docs/core.resourcepolicybody.rules.md new file mode 100644 index 00000000..35ff72d8 --- /dev/null +++ b/docs/core.resourcepolicybody.rules.md @@ -0,0 +1,13 @@ + + +[Home](./index.md) > [@cerbos/core](./core.md) > [ResourcePolicyBody](./core.resourcepolicybody.md) > [rules](./core.resourcepolicybody.rules.md) + +## ResourcePolicyBody.rules property + +Rules defining the actions that can be performed on the resource. + +**Signature:** + +```typescript +rules: ResourceRule[]; +``` diff --git a/docs/core.resourcepolicybody.schemas.md b/docs/core.resourcepolicybody.schemas.md new file mode 100644 index 00000000..400ab7f9 --- /dev/null +++ b/docs/core.resourcepolicybody.schemas.md @@ -0,0 +1,13 @@ + + +[Home](./index.md) > [@cerbos/core](./core.md) > [ResourcePolicyBody](./core.resourcepolicybody.md) > [schemas](./core.resourcepolicybody.schemas.md) + +## ResourcePolicyBody.schemas property + +[Schemas](https://docs.cerbos.dev/cerbos/latest/policies/schemas.html) for principal and resource attributes. + +**Signature:** + +```typescript +schemas?: SchemaRefs | undefined; +``` diff --git a/docs/core.resourcepolicybody.scope.md b/docs/core.resourcepolicybody.scope.md new file mode 100644 index 00000000..d6da50e9 --- /dev/null +++ b/docs/core.resourcepolicybody.scope.md @@ -0,0 +1,13 @@ + + +[Home](./index.md) > [@cerbos/core](./core.md) > [ResourcePolicyBody](./core.resourcepolicybody.md) > [scope](./core.resourcepolicybody.scope.md) + +## ResourcePolicyBody.scope property + +[Scope](https://docs.cerbos.dev/cerbos/latest/policies/scoped_policies.html) of the policy. + +**Signature:** + +```typescript +scope?: string; +``` diff --git a/docs/core.resourcepolicybody.variables.md b/docs/core.resourcepolicybody.variables.md new file mode 100644 index 00000000..f964ecfb --- /dev/null +++ b/docs/core.resourcepolicybody.variables.md @@ -0,0 +1,18 @@ + + +[Home](./index.md) > [@cerbos/core](./core.md) > [ResourcePolicyBody](./core.resourcepolicybody.md) > [variables](./core.resourcepolicybody.variables.md) + +## ResourcePolicyBody.variables property + +[Variables](https://docs.cerbos.dev/cerbos/prerelease/policies/variables.html) defined for use in conditions. + +**Signature:** + +```typescript +variables?: Variables | undefined; +``` + +## Remarks + +Requires the Cerbos policy decision point server to be at least v0.29. + diff --git a/docs/core.resourcepolicybody.version.md b/docs/core.resourcepolicybody.version.md new file mode 100644 index 00000000..3c845a80 --- /dev/null +++ b/docs/core.resourcepolicybody.version.md @@ -0,0 +1,18 @@ + + +[Home](./index.md) > [@cerbos/core](./core.md) > [ResourcePolicyBody](./core.resourcepolicybody.md) > [version](./core.resourcepolicybody.version.md) + +## ResourcePolicyBody.version property + +The version of the policy. + +**Signature:** + +```typescript +version: string; +``` + +## Remarks + +Policies are uniquely identified by the principal name and version pair. You can have multiple policy versions for the same principal (e.g. production vs. staging). The version value `default` is special as it is the default fallback when no version is specified in the request. + diff --git a/packages/core/src/types/external/DerivedRoles.ts b/packages/core/src/types/external/DerivedRoles.ts index 22b01ee1..a100d967 100644 --- a/packages/core/src/types/external/DerivedRoles.ts +++ b/packages/core/src/types/external/DerivedRoles.ts @@ -1,6 +1,5 @@ -import type { DerivedRoleDefinition } from "./DerivedRoleDefinition"; +import type { DerivedRolesBody } from "./DerivedRolesBody"; import type { PolicyBase } from "./PolicyBase"; -import type { Variables } from "./Variables"; /** * A set of {@link https://docs.cerbos.dev/cerbos/latest/policies/derived_roles.html | derived roles} @@ -12,23 +11,5 @@ export interface DerivedRoles extends PolicyBase { /** * A set of derived roles. */ - derivedRoles: { - /** - * The name to use when importing the set of derived roles. - */ - name: string; - - /** - * The definitions of the derived roles. - */ - definitions: DerivedRoleDefinition[]; - - /** - * {@link https://docs.cerbos.dev/cerbos/prerelease/policies/variables.html | Variables} defined for use in conditions. - * - * @remarks - * Requires the Cerbos policy decision point server to be at least v0.29. - */ - variables?: Variables | undefined; - }; + derivedRoles: DerivedRolesBody; } diff --git a/packages/core/src/types/external/DerivedRolesBody.ts b/packages/core/src/types/external/DerivedRolesBody.ts new file mode 100644 index 00000000..b10223af --- /dev/null +++ b/packages/core/src/types/external/DerivedRolesBody.ts @@ -0,0 +1,28 @@ +import type { DerivedRoleDefinition } from "./DerivedRoleDefinition"; +import type { Variables } from "./Variables"; + +/** + * A set of {@link https://docs.cerbos.dev/cerbos/latest/policies/derived_roles.html | derived roles} + * to augment static RBAC roles with contextual data to provide more fine-grained control at runtime. + * + * @public + */ +export interface DerivedRolesBody { + /** + * The name to use when importing the set of derived roles. + */ + name: string; + + /** + * The definitions of the derived roles. + */ + definitions: DerivedRoleDefinition[]; + + /** + * {@link https://docs.cerbos.dev/cerbos/prerelease/policies/variables.html | Variables} defined for use in conditions. + * + * @remarks + * Requires the Cerbos policy decision point server to be at least v0.29. + */ + variables?: Variables | undefined; +} diff --git a/packages/core/src/types/external/ExportVariables.ts b/packages/core/src/types/external/ExportVariables.ts index 8f78041a..5a3f3be0 100644 --- a/packages/core/src/types/external/ExportVariables.ts +++ b/packages/core/src/types/external/ExportVariables.ts @@ -1,3 +1,4 @@ +import type { ExportVariablesBody } from "./ExportVariablesBody"; import type { PolicyBase } from "./PolicyBase"; /** @@ -13,15 +14,5 @@ export interface ExportVariables extends PolicyBase { /** * A set of exported variables. */ - exportVariables: { - /** - * The name to use when importing the set of variables. - */ - name: string; - - /** - * Variable expressions. - */ - definitions: Record; - }; + exportVariables: ExportVariablesBody; } diff --git a/packages/core/src/types/external/ExportVariablesBody.ts b/packages/core/src/types/external/ExportVariablesBody.ts new file mode 100644 index 00000000..4ec95dee --- /dev/null +++ b/packages/core/src/types/external/ExportVariablesBody.ts @@ -0,0 +1,20 @@ +/** + * A set of {@link https://docs.cerbos.dev/cerbos/prerelease/policies/variables.html#export | exported variables} + * to be reused in other policies. + * + * @remarks + * Requires the Cerbos policy decision point server to be at least v0.29. + * + * @public + */ +export interface ExportVariablesBody { + /** + * The name to use when importing the set of variables. + */ + name: string; + + /** + * Variable expressions. + */ + definitions: Record; +} diff --git a/packages/core/src/types/external/PolicyBase.ts b/packages/core/src/types/external/PolicyBase.ts index f3a1b86e..b811e699 100644 --- a/packages/core/src/types/external/PolicyBase.ts +++ b/packages/core/src/types/external/PolicyBase.ts @@ -33,7 +33,7 @@ export interface PolicyBase { * Each variable is evaluated before any rule condition. * A variable expression can contain anything that condition expression can have. * - * @deprecated Define variables within the policy body instead (provided the Cerbos policy decision point server is at least v0.29). + * @deprecated Define variables within the policy body instead, provided the Cerbos policy decision point server is at least v0.29 ({@link DerivedRolesBody.variables}, {@link PrincipalPolicyBody.variables}, or {@link ResourcePolicyBody.variables}). */ variables?: Record; } diff --git a/packages/core/src/types/external/PrincipalPolicy.ts b/packages/core/src/types/external/PrincipalPolicy.ts index f1cf0dd0..a48f14c0 100644 --- a/packages/core/src/types/external/PrincipalPolicy.ts +++ b/packages/core/src/types/external/PrincipalPolicy.ts @@ -1,6 +1,5 @@ import type { PolicyBase } from "./PolicyBase"; -import type { PrincipalRule } from "./PrincipalRule"; -import type { Variables } from "./Variables"; +import type { PrincipalPolicyBody } from "./PrincipalPolicyBody"; /** * A {@link https://docs.cerbos.dev/cerbos/latest/policies/principal_policies.html | policy} defining overrides for a specific user. @@ -11,38 +10,5 @@ export interface PrincipalPolicy extends PolicyBase { /** * The policy body. */ - principalPolicy: { - /** - * The ID of the principal to whom the policy applies. - */ - principal: string; - - /** - * The version of the policy. - * - * @remarks - * Policies are uniquely identified by the principal name and version pair. - * You can have multiple policy versions for the same principal (e.g. production vs. staging). - * The version value `default` is special as it is the default fallback when no version is specified in the request. - */ - version: string; - - /** - * Rules defining the overrides that apply to the principal. - */ - rules: PrincipalRule[]; - - /** - * {@link https://docs.cerbos.dev/cerbos/latest/policies/scoped_policies.html | Scope} of the policy. - */ - scope?: string; - - /** - * {@link https://docs.cerbos.dev/cerbos/prerelease/policies/variables.html | Variables} defined for use in conditions. - * - * @remarks - * Requires the Cerbos policy decision point server to be at least v0.29. - */ - variables?: Variables | undefined; - }; + principalPolicy: PrincipalPolicyBody; } diff --git a/packages/core/src/types/external/PrincipalPolicyBody.ts b/packages/core/src/types/external/PrincipalPolicyBody.ts new file mode 100644 index 00000000..1ade64b2 --- /dev/null +++ b/packages/core/src/types/external/PrincipalPolicyBody.ts @@ -0,0 +1,42 @@ +import type { PrincipalRule } from "./PrincipalRule"; +import type { Variables } from "./Variables"; + +/** + * A {@link https://docs.cerbos.dev/cerbos/latest/policies/principal_policies.html | policy} defining overrides for a specific user. + * + * @public + */ +export interface PrincipalPolicyBody { + /** + * The ID of the principal to whom the policy applies. + */ + principal: string; + + /** + * The version of the policy. + * + * @remarks + * Policies are uniquely identified by the principal name and version pair. + * You can have multiple policy versions for the same principal (e.g. production vs. staging). + * The version value `default` is special as it is the default fallback when no version is specified in the request. + */ + version: string; + + /** + * Rules defining the overrides that apply to the principal. + */ + rules: PrincipalRule[]; + + /** + * {@link https://docs.cerbos.dev/cerbos/latest/policies/scoped_policies.html | Scope} of the policy. + */ + scope?: string; + + /** + * {@link https://docs.cerbos.dev/cerbos/prerelease/policies/variables.html | Variables} defined for use in conditions. + * + * @remarks + * Requires the Cerbos policy decision point server to be at least v0.29. + */ + variables?: Variables | undefined; +} diff --git a/packages/core/src/types/external/ResourcePolicy.ts b/packages/core/src/types/external/ResourcePolicy.ts index 7ff39f00..658b1294 100644 --- a/packages/core/src/types/external/ResourcePolicy.ts +++ b/packages/core/src/types/external/ResourcePolicy.ts @@ -1,7 +1,5 @@ import type { PolicyBase } from "./PolicyBase"; -import type { ResourceRule } from "./ResourceRule"; -import type { SchemaRefs } from "./SchemaRefs"; -import type { Variables } from "./Variables"; +import type { ResourcePolicyBody } from "./ResourcePolicyBody"; /** * A {@link https://docs.cerbos.dev/cerbos/latest/policies/resource_policies.html | policy} defining rules for actions that can be performed on a given resource. @@ -12,48 +10,5 @@ export interface ResourcePolicy extends PolicyBase { /** * The policy body. */ - resourcePolicy: { - /** - * The name of the resource to which the policy applies. - */ - resource: string; - - /** - * The version of the policy. - * - * @remarks - * Policies are uniquely identified by the principal name and version pair. - * You can have multiple policy versions for the same principal (e.g. production vs. staging). - * The version value `default` is special as it is the default fallback when no version is specified in the request. - */ - version: string; - - /** - * Name of a set of {@link https://docs.cerbos.dev/cerbos/latest/policies/derived_roles.html | derived roles} to import. - */ - importDerivedRoles?: string[]; - - /** - * Rules defining the actions that can be performed on the resource. - */ - rules: ResourceRule[]; - - /** - * {@link https://docs.cerbos.dev/cerbos/latest/policies/scoped_policies.html | Scope} of the policy. - */ - scope?: string; - - /** - * {@link https://docs.cerbos.dev/cerbos/latest/policies/schemas.html | Schemas} for principal and resource attributes. - */ - schemas?: SchemaRefs | undefined; - - /** - * {@link https://docs.cerbos.dev/cerbos/prerelease/policies/variables.html | Variables} defined for use in conditions. - * - * @remarks - * Requires the Cerbos policy decision point server to be at least v0.29. - */ - variables?: Variables | undefined; - }; + resourcePolicy: ResourcePolicyBody; } diff --git a/packages/core/src/types/external/ResourcePolicyBody.ts b/packages/core/src/types/external/ResourcePolicyBody.ts new file mode 100644 index 00000000..45dfe25a --- /dev/null +++ b/packages/core/src/types/external/ResourcePolicyBody.ts @@ -0,0 +1,53 @@ +import type { ResourceRule } from "./ResourceRule"; +import type { SchemaRefs } from "./SchemaRefs"; +import type { Variables } from "./Variables"; + +/** + * A {@link https://docs.cerbos.dev/cerbos/latest/policies/resource_policies.html | policy} defining rules for actions that can be performed on a given resource. + * + * @public + */ +export interface ResourcePolicyBody { + /** + * The name of the resource to which the policy applies. + */ + resource: string; + + /** + * The version of the policy. + * + * @remarks + * Policies are uniquely identified by the principal name and version pair. + * You can have multiple policy versions for the same principal (e.g. production vs. staging). + * The version value `default` is special as it is the default fallback when no version is specified in the request. + */ + version: string; + + /** + * Name of a set of {@link https://docs.cerbos.dev/cerbos/latest/policies/derived_roles.html | derived roles} to import. + */ + importDerivedRoles?: string[]; + + /** + * Rules defining the actions that can be performed on the resource. + */ + rules: ResourceRule[]; + + /** + * {@link https://docs.cerbos.dev/cerbos/latest/policies/scoped_policies.html | Scope} of the policy. + */ + scope?: string; + + /** + * {@link https://docs.cerbos.dev/cerbos/latest/policies/schemas.html | Schemas} for principal and resource attributes. + */ + schemas?: SchemaRefs | undefined; + + /** + * {@link https://docs.cerbos.dev/cerbos/prerelease/policies/variables.html | Variables} defined for use in conditions. + * + * @remarks + * Requires the Cerbos policy decision point server to be at least v0.29. + */ + variables?: Variables | undefined; +} diff --git a/packages/core/src/types/external/index.ts b/packages/core/src/types/external/index.ts index 2a0514f4..59d3d0a9 100644 --- a/packages/core/src/types/external/index.ts +++ b/packages/core/src/types/external/index.ts @@ -13,12 +13,14 @@ export * from "./DeleteSchemasRequest"; export * from "./DeleteSchemasResponse"; export * from "./DerivedRoleDefinition"; export * from "./DerivedRoles"; +export * from "./DerivedRolesBody"; export * from "./DisablePoliciesRequest"; export * from "./DisablePoliciesResponse"; export * from "./Effect"; export * from "./EnablePoliciesRequest"; export * from "./EnablePoliciesResponse"; export * from "./ExportVariables"; +export * from "./ExportVariablesBody"; export * from "./GetPoliciesRequest"; export * from "./GetPoliciesResponse"; export * from "./GetSchemasRequest"; @@ -52,12 +54,14 @@ export * from "./PolicyBase"; export * from "./PolicyMetadata"; export * from "./Principal"; export * from "./PrincipalPolicy"; +export * from "./PrincipalPolicyBody"; export * from "./PrincipalRule"; export * from "./PrincipalRuleAction"; export * from "./ReloadStoreRequest"; export * from "./Resource"; export * from "./ResourceCheck"; export * from "./ResourcePolicy"; +export * from "./ResourcePolicyBody"; export * from "./ResourceQuery"; export * from "./ResourceRule"; export * from "./ResourceSearch";