@cerbos/core - npm Package Compare versions

Comparing version 0.11.0 to 0.12.0

lib/convert/fromProtobuf.d.ts

@@ -0,3 +1,4 @@
+import type { Policy as PolicyProtobuf } from "../protobuf/cerbos/policy/v1/policy";
 import type { CheckResourcesResponse as CheckResourcesResponseProtobuf, DeleteSchemaResponse, DisablePolicyResponse, EnablePolicyResponse, GetPolicyResponse, GetSchemaResponse, ListPoliciesResponse as ListPoliciesResponseProtobuf, ListSchemasResponse as ListSchemasResponseProtobuf, PlanResourcesResponse as PlanResourcesResponseProtobuf } from "../protobuf/cerbos/response/v1/response";
-import type { DisablePoliciesResponse, EnablePoliciesResponse, GetPoliciesResponse, ListPoliciesResponse, ListSchemasResponse, PlanResourcesResponse } from "../types/external";
+import type { DisablePoliciesResponse, EnablePoliciesResponse, GetPoliciesResponse, ListPoliciesResponse, ListSchemasResponse, PlanResourcesResponse, Policy } from "../types/external";
 import { CheckResourcesResponse } from "../types/external";
@@ -11,2 +12,4 @@ import type { DeleteSchemasResponse } from "../types/external/DeleteSchemasResponse";
 export declare const getPoliciesResponseFromProtobuf: ({ policies, }: GetPolicyResponse) => GetPoliciesResponse;
+/** @internal */
+export declare const _policyFromProtobuf: ({ apiVersion, description, disabled, metadata, variables, policyType, }: PolicyProtobuf) => Policy;
 export declare const getSchemasResponseFromProtobuf: ({ schemas, }: GetSchemaResponse) => GetSchemasResponse;
@@ -13,0 +16,0 @@ export declare const listPoliciesResponseFromProtobuf: ({ policyIds, }: ListPoliciesResponseProtobuf) => ListPoliciesResponse;

lib/convert/fromProtobuf.js

 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.planResourcesResponseFromProtobuf = exports.listSchemasResponseFromProtobuf = exports.listPoliciesResponseFromProtobuf = exports.getSchemasResponseFromProtobuf = exports.getPoliciesResponseFromProtobuf = exports.enablePoliciesResponseFromProtobuf = exports.disablePoliciesResponseFromProtobuf = exports.deleteSchemasResponseFromProtobuf = exports.checkResourcesResponseFromProtobuf = void 0;
+exports.planResourcesResponseFromProtobuf = exports.listSchemasResponseFromProtobuf = exports.listPoliciesResponseFromProtobuf = exports.getSchemasResponseFromProtobuf = exports._policyFromProtobuf = exports.getPoliciesResponseFromProtobuf = exports.enablePoliciesResponseFromProtobuf = exports.disablePoliciesResponseFromProtobuf = exports.deleteSchemasResponseFromProtobuf = exports.checkResourcesResponseFromProtobuf = void 0;
 const effect_1 = require("../protobuf/cerbos/effect/v1/effect");
@@ -62,6 +62,7 @@ const engine_1 = require("../protobuf/cerbos/engine/v1/engine");
 const getPoliciesResponseFromProtobuf = ({ policies, }) => ({
-    policies: policies.map(policyFromProtobuf),
+    policies: policies.map(exports._policyFromProtobuf),
 });
 exports.getPoliciesResponseFromProtobuf = getPoliciesResponseFromProtobuf;
-const policyFromProtobuf = ({ apiVersion, description, disabled, metadata, variables, policyType, }) => ({
+/** @internal */
+const _policyFromProtobuf = ({ apiVersion, description, disabled, metadata, variables, policyType, }) => ({
     apiVersion,
@@ -74,2 +75,3 @@ description,
 });
+exports._policyFromProtobuf = _policyFromProtobuf;
 const policyMetadataFromProtobuf = ({ annotations, hash, sourceFile, storeIdentifer, storeIdentifier, }) => ({
@@ -89,2 +91,4 @@ annotations,
             return derivedRolesFromProtobuf(policyType.derivedRoles);
+        case "exportVariables":
+            return exportVariablesFromProtobuf(policyType.exportVariables);
         case "principalPolicy":
@@ -98,6 +102,7 @@ return principalPolicyFromProtobuf(policyType.principalPolicy);
 };
-const derivedRolesFromProtobuf = ({ name, definitions, }) => ({
+const derivedRolesFromProtobuf = ({ name, definitions, variables, }) => ({
     derivedRoles: {
         name,
         definitions: definitions.map(derivedRoleDefinitionFromProtobuf),
+        variables: variables && variablesFromProtobuf(variables),
     },
@@ -145,3 +150,13 @@ });
 });
-const principalPolicyFromProtobuf = ({ principal, version, rules, scope, }) => ({
+const variablesFromProtobuf = ({ import: imports, local, }) => ({
+    import: imports,
+    local,
+});
+const exportVariablesFromProtobuf = ({ name, definitions, }) => ({
+    exportVariables: {
+        name,
+        definitions,
+    },
+});
+const principalPolicyFromProtobuf = ({ principal, version, rules, scope, variables, }) => ({
     principalPolicy: {
@@ -152,2 +167,3 @@ principal,
         scope,
+        variables: variables && variablesFromProtobuf(variables),
     },
@@ -167,3 +183,3 @@ });
 const outputFromProtobuf = ({ expr }) => ({ expr });
-const resourcePolicyFromProtobuf = ({ resource, version, importDerivedRoles, rules, schemas, scope, }) => ({
+const resourcePolicyFromProtobuf = ({ resource, version, importDerivedRoles, rules, schemas, scope, variables, }) => ({
     resourcePolicy: {
@@ -176,2 +192,3 @@ resource,
         scope,
+        variables: variables && variablesFromProtobuf(variables),
     },
@@ -178,0 +195,0 @@ });

lib/convert/toProtobuf.d.ts

@@ -13,4 +13,4 @@ import type { AddOrUpdatePolicyRequest, AddOrUpdateSchemaRequest, CheckResourcesRequest as CheckResourcesRequestProtobuf, DeleteSchemaRequest, DisablePolicyRequest, EnablePolicyRequest, GetPolicyRequest, GetSchemaRequest, ListPoliciesRequest as ListPoliciesRequestProtobuf, PlanResourcesRequest as PlanResourcesRequestProtobuf } from "../protobuf/cerbos/request/v1/request";
 export declare const getSchemasRequestToProtobuf: ({ ids, }: GetSchemasRequest) => GetSchemaRequest;
-export declare const listPoliciesRequestToProtobuf: ({ includeDisabled, }: ListPoliciesRequest) => ListPoliciesRequestProtobuf;
+export declare const listPoliciesRequestToProtobuf: ({ includeDisabled, nameRegexp, scopeRegexp, versionRegexp, }: ListPoliciesRequest) => ListPoliciesRequestProtobuf;
 export declare const planResourcesRequestToProtobuf: ({ principal, resource, action, auxData, includeMetadata, requestId, }: PlanResourcesRequest) => PlanResourcesRequestProtobuf;
 //# sourceMappingURL=toProtobuf.d.ts.map

lib/convert/toProtobuf.js

@@ -18,2 +18,3 @@ "use strict";
         disabled,
+        jsonSchema: "",
         metadata: undefined,
@@ -31,2 +32,8 @@ policyType: policyTypeToProtobuf(policy),
     }
+    if ((0, external_1.policyIsExportVariables)(policy)) {
+        return {
+            $case: "exportVariables",
+            exportVariables: exportVariablesToProtobuf(policy),
+        };
+    }
     if ((0, external_1.policyIsPrincipalPolicy)(policy)) {
@@ -46,5 +53,6 @@ return {
 };
-const derivedRolesToProtobuf = ({ derivedRoles: { name, definitions }, }) => ({
+const derivedRolesToProtobuf = ({ derivedRoles: { name, definitions, variables }, }) => ({
     name,
     definitions: definitions.map(derivedRoleDefinitionToProtobuf),
+    variables: variables && variablesToProtobuf(variables),
 });
@@ -100,3 +108,11 @@ const derivedRoleDefinitionToProtobuf = ({ name, parentRoles, condition, }) => ({
 });
-const principalPolicyToProtobuf = ({ principalPolicy: { principal, version, rules, scope = "" }, }) => ({
+const variablesToProtobuf = ({ import: imports = [], local = {}, }) => ({
+    import: imports,
+    local,
+});
+const exportVariablesToProtobuf = ({ exportVariables: { name, definitions }, }) => ({
+    name,
+    definitions,
+});
+const principalPolicyToProtobuf = ({ principalPolicy: { principal, version, rules, scope = "", variables }, }) => ({
     principal,
@@ -106,2 +122,3 @@ version,
     scope,
+    variables: variables && variablesToProtobuf(variables),
 });
@@ -123,3 +140,3 @@ const principalRuleToProtobuf = ({ resource, actions, }) => ({
 const outputToProtobuf = ({ expr }) => ({ expr });
-const resourcePolicyToProtobuf = ({ resourcePolicy: { resource, version, importDerivedRoles = [], rules, scope = "", schemas, }, }) => ({
+const resourcePolicyToProtobuf = ({ resourcePolicy: { resource, version, importDerivedRoles = [], rules, scope = "", schemas, variables, }, }) => ({
     resource,
@@ -131,2 +148,3 @@ version,
     schemas: schemas && policySchemasToProtobuf(schemas),
+    variables: variables && variablesToProtobuf(variables),
 });
@@ -223,4 +241,7 @@ const resourceRuleToProtobuf = ({ actions, effect, derivedRoles = [], roles = [], condition, name = "", output, }) => ({
 exports.getSchemasRequestToProtobuf = getSchemasRequestToProtobuf;
-const listPoliciesRequestToProtobuf = ({ includeDisabled = false, }) => ({
+const listPoliciesRequestToProtobuf = ({ includeDisabled = false, nameRegexp = "", scopeRegexp = "", versionRegexp = "", }) => ({
     includeDisabled,
+    nameRegexp,
+    scopeRegexp,
+    versionRegexp,
 });
@@ -227,0 +248,0 @@ exports.listPoliciesRequestToProtobuf = listPoliciesRequestToProtobuf;

lib/index.d.ts

@@ -7,2 +7,3 @@ /**
 export * from "./client";
+export { _policyFromProtobuf } from "./convert/fromProtobuf";
 export * from "./errors";
@@ -9,0 +10,0 @@ export * from "./rpcs";

lib/index.js

@@ -22,3 +22,6 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports._policyFromProtobuf = void 0;
 __exportStar(require("./client"), exports);
+var fromProtobuf_1 = require("./convert/fromProtobuf");
+Object.defineProperty(exports, "_policyFromProtobuf", { enumerable: true, get: function () { return fromProtobuf_1._policyFromProtobuf; } });
 __exportStar(require("./errors"), exports);
@@ -25,0 +28,0 @@ __exportStar(require("./rpcs"), exports);

lib/protobuf/cerbos/audit/v1/audit.d.ts

@@ -30,3 +30,3 @@ import type { CheckInput, CheckOutput, PlanResourcesInput, PlanResourcesOutput } from "../../engine/v1/engine";
         planResources: DecisionLogEntry_PlanResources;
-    };
+    } | undefined;
     metadata: {
@@ -33,0 +33,0 @@ [key: string]: MetaValues;

lib/protobuf/cerbos/engine/v1/engine.d.ts

@@ -48,3 +48,3 @@ import type { Effect } from "../../effect/v1/effect";
         variable: string;
-    };
+    } | undefined;
 }
@@ -51,0 +51,0 @@ export interface PlanResourcesOutput {

lib/protobuf/cerbos/policy/v1/policy.d.ts

@@ -17,6 +17,10 @@ import type { Effect } from "../../effect/v1/effect";
         derivedRoles: DerivedRoles;
-    };
+    } | {
+        $case: "exportVariables";
+        exportVariables: ExportVariables;
+    } | undefined;
     variables: {
         [key: string]: string;
     };
+    jsonSchema: string;
 }
@@ -33,3 +37,2 @@ export interface Policy_VariablesEntry {
     hash: string | undefined;
-    /** @deprecated */
     storeIdentifer: string;
@@ -49,2 +52,3 @@ storeIdentifier: string;
     schemas: Schemas | undefined;
+    variables: Variables | undefined;
 }
@@ -65,2 +69,3 @@ export interface ResourceRule {
     scope: string;
+    variables: Variables | undefined;
 }
@@ -81,2 +86,3 @@ export interface PrincipalRule {
     definitions: RoleDef[];
+    variables: Variables | undefined;
 }
@@ -88,2 +94,22 @@ export interface RoleDef {
 }
+export interface ExportVariables {
+    name: string;
+    definitions: {
+        [key: string]: string;
+    };
+}
+export interface ExportVariables_DefinitionsEntry {
+    key: string;
+    value: string;
+}
+export interface Variables {
+    import: string[];
+    local: {
+        [key: string]: string;
+    };
+}
+export interface Variables_LocalEntry {
+    key: string;
+    value: string;
+}
 export interface Condition {
@@ -96,3 +122,3 @@ condition?: {
         script: string;
-    };
+    } | undefined;
 }
@@ -112,3 +138,3 @@ export interface Match {
         expr: string;
-    };
+    } | undefined;
 }
@@ -115,0 +141,0 @@ export interface Match_ExprList {

lib/protobuf/cerbos/request/v1/request.d.ts

@@ -88,3 +88,3 @@ import type { Duration } from "../../../google/protobuf/duration";
         lookup: string;
-    };
+    } | undefined;
 }
@@ -104,2 +104,5 @@ export declare enum ListAuditLogEntriesRequest_Kind {
     includeDisabled: boolean;
+    nameRegexp: string;
+    scopeRegexp: string;
+    versionRegexp: string;
 }
@@ -106,0 +109,0 @@ export interface GetPolicyRequest {

lib/protobuf/cerbos/response/v1/response.d.ts

@@ -127,3 +127,3 @@ import type { Empty } from "../../../google/protobuf/empty";
         decisionLogEntry: DecisionLogEntry;
-    };
+    } | undefined;
 }
@@ -130,0 +130,0 @@ export interface ServerInfoResponse {

lib/protobuf/google/api/http.d.ts

@@ -22,3 +22,3 @@ export declare const protobufPackage = "google.api";
         custom: CustomHttpPattern;
-    };
+    } | undefined;
     body: string;
@@ -25,0 +25,0 @@ responseBody: string;

lib/protobuf/google/protobuf/descriptor.d.ts

@@ -6,3 +6,2 @@ export declare const protobufPackage = "google.protobuf";
     javaMultipleFiles: boolean;
-    /** @deprecated */
     javaGenerateEqualsAndHash: boolean;
@@ -37,3 +36,2 @@ javaStringCheckUtf8: boolean;
     mapEntry: boolean;
-    /** @deprecated */
     deprecatedLegacyJsonFieldConflicts: boolean;
@@ -40,0 +38,0 @@ uninterpretedOption: UninterpretedOption[];

lib/protobuf/google/protobuf/struct.d.ts

@@ -35,3 +35,3 @@ export declare const protobufPackage = "google.protobuf";
         listValue: Array<any> | undefined;
-    };
+    } | undefined;
 }
@@ -38,0 +38,0 @@ export interface ListValue {

lib/protobuf/validate/validate.d.ts

@@ -73,3 +73,3 @@ import type { Duration } from "../google/protobuf/duration";
         timestamp: TimestampRules;
-    };
+    } | undefined;
 }
@@ -244,3 +244,3 @@ export interface FloatRules {
         wellKnownRegex: KnownRegex;
-    };
+    } | undefined;
     strict: boolean;
@@ -269,3 +269,3 @@ ignoreEmpty: boolean;
         ipv6: boolean;
-    };
+    } | undefined;
     ignoreEmpty: boolean;
@@ -272,0 +272,0 @@ }

lib/types/external/DerivedRoles.d.ts

@@ -1,2 +0,2 @@
-import type { DerivedRoleDefinition } from "./DerivedRoleDefinition";
+import type { DerivedRolesBody } from "./DerivedRolesBody";
 import type { PolicyBase } from "./PolicyBase";
@@ -13,13 +13,4 @@ /**
      */
-    derivedRoles: {
-        /**
-         * The name to use when importing the set of derived roles.
-         */
-        name: string;
-        /**
-         * The definitions of the derived roles.
-         */
-        definitions: DerivedRoleDefinition[];
-    };
+    derivedRoles: DerivedRolesBody;
 }
 //# sourceMappingURL=DerivedRoles.d.ts.map

lib/types/external/index.d.ts

@@ -16,2 +16,3 @@ export * from "./AddOrUpdatePoliciesRequest";
 export * from "./DerivedRoles";
+export * from "./DerivedRolesBody";
 export * from "./DisablePoliciesRequest";
@@ -22,2 +23,4 @@ export * from "./DisablePoliciesResponse";
 export * from "./EnablePoliciesResponse";
+export * from "./ExportVariables";
+export * from "./ExportVariablesBody";
 export * from "./GetPoliciesRequest";
@@ -56,2 +59,3 @@ export * from "./GetPoliciesResponse";
 export * from "./PrincipalPolicy";
+export * from "./PrincipalPolicyBody";
 export * from "./PrincipalRule";
@@ -63,2 +67,3 @@ export * from "./PrincipalRuleAction";
 export * from "./ResourcePolicy";
+export * from "./ResourcePolicyBody";
 export * from "./ResourceQuery";
@@ -78,2 +83,3 @@ export * from "./ResourceRule";
 export * from "./Value";
+export * from "./Variables";
 //# sourceMappingURL=index.d.ts.map

lib/types/external/index.js

@@ -32,2 +32,3 @@ "use strict";
 __exportStar(require("./DerivedRoles"), exports);
+__exportStar(require("./DerivedRolesBody"), exports);
 __exportStar(require("./DisablePoliciesRequest"), exports);
@@ -38,2 +39,4 @@ __exportStar(require("./DisablePoliciesResponse"), exports);
 __exportStar(require("./EnablePoliciesResponse"), exports);
+__exportStar(require("./ExportVariables"), exports);
+__exportStar(require("./ExportVariablesBody"), exports);
 __exportStar(require("./GetPoliciesRequest"), exports);
@@ -72,2 +75,3 @@ __exportStar(require("./GetPoliciesResponse"), exports);
 __exportStar(require("./PrincipalPolicy"), exports);
+__exportStar(require("./PrincipalPolicyBody"), exports);
 __exportStar(require("./PrincipalRule"), exports);
@@ -79,2 +83,3 @@ __exportStar(require("./PrincipalRuleAction"), exports);
 __exportStar(require("./ResourcePolicy"), exports);
+__exportStar(require("./ResourcePolicyBody"), exports);
 __exportStar(require("./ResourceQuery"), exports);
@@ -94,2 +99,3 @@ __exportStar(require("./ResourceRule"), exports);
 __exportStar(require("./Value"), exports);
+__exportStar(require("./Variables"), exports);
 //# sourceMappingURL=index.js.map

lib/types/external/ListPoliciesRequest.d.ts

@@ -16,3 +16,33 @@ /**
     includeDisabled?: boolean;
+    /**
+     * Only include policies with a name matching the given regular expression.
+     *
+     * @remarks
+     * Regular expressions must use the {@link https://golang.org/s/re2syntax | RE2 syntax}.
+     * Note that backreferences are not supported.
+     *
+     * Requires the Cerbos policy decision point server to be at least v0.29.
+     */
+    nameRegexp?: string;
+    /**
+     * Only include policies with a scope matching the given regular expression.
+     *
+     * @remarks
+     * Regular expressions must use the {@link https://golang.org/s/re2syntax | RE2 syntax}.
+     * Note that backreferences are not supported.
+     *
+     * Requires the Cerbos policy decision point server to be at least v0.29.
+     */
+    scopeRegexp?: string;
+    /**
+     * Only include policies with a version matching the given regular expression.
+     *
+     * @remarks
+     * Regular expressions must use the {@link https://golang.org/s/re2syntax | RE2 syntax}.
+     * Note that backreferences are not supported.
+     *
+     * Requires the Cerbos policy decision point server to be at least v0.29.
+     */
+    versionRegexp?: string;
 }
 //# sourceMappingURL=ListPoliciesRequest.d.ts.map

lib/types/external/Policy.d.ts

 import type { DerivedRoles } from "./DerivedRoles";
+import type { ExportVariables } from "./ExportVariables";
 import type { PrincipalPolicy } from "./PrincipalPolicy";
@@ -9,3 +10,3 @@ import type { ResourcePolicy } from "./ResourcePolicy";
  */
-export type Policy = DerivedRoles | PrincipalPolicy | ResourcePolicy;
+export type Policy = DerivedRoles | ExportVariables | PrincipalPolicy | ResourcePolicy;
 /**
@@ -18,2 +19,8 @@ * Type guard to check if a {@link Policy} is a set of {@link DerivedRoles}.
 /**
+ * Type guard to check if a {@link Policy} is a set of {@link ExportVariables}.
+ *
+ * @public
+ */
+export declare const policyIsExportVariables: (policy: Policy) => policy is ExportVariables;
+/**
  * Type guard to check if a {@link Policy} is a {@link PrincipalPolicy}.
@@ -20,0 +27,0 @@ *

lib/types/external/Policy.js

 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.policyIsResourcePolicy = exports.policyIsPrincipalPolicy = exports.policyIsDerivedRoles = void 0;
+exports.policyIsResourcePolicy = exports.policyIsPrincipalPolicy = exports.policyIsExportVariables = exports.policyIsDerivedRoles = void 0;
 /**
@@ -12,2 +12,9 @@ * Type guard to check if a {@link Policy} is a set of {@link DerivedRoles}.
 /**
+ * Type guard to check if a {@link Policy} is a set of {@link ExportVariables}.
+ *
+ * @public
+ */
+const policyIsExportVariables = (policy) => "exportVariables" in policy;
+exports.policyIsExportVariables = policyIsExportVariables;
+/**
  * Type guard to check if a {@link Policy} is a {@link PrincipalPolicy}.
@@ -14,0 +21,0 @@ *

lib/types/external/PolicyBase.d.ts

@@ -30,2 +30,4 @@ import type { PolicyMetadata } from "./PolicyMetadata";
      * A variable expression can contain anything that condition expression can have.
+     *
+     * @deprecated Define variables within the policy body instead, provided the Cerbos policy decision point server is at least v0.29 ({@link DerivedRolesBody.variables}, {@link PrincipalPolicyBody.variables}, or {@link ResourcePolicyBody.variables}).
      */
@@ -32,0 +34,0 @@ variables?: Record<string, string>;

lib/types/external/PrincipalPolicy.d.ts

 import type { PolicyBase } from "./PolicyBase";
-import type { PrincipalRule } from "./PrincipalRule";
+import type { PrincipalPolicyBody } from "./PrincipalPolicyBody";
 /**
@@ -12,26 +12,4 @@ * A {@link https://docs.cerbos.dev/cerbos/latest/policies/principal_policies.html | policy} defining overrides for a specific user.
      */
-    principalPolicy: {
-        /**
-         * The ID of the principal to whom the policy applies.
-         */
-        principal: string;
-        /**
-         * The version of the policy.
-         *
-         * @remarks
-         * Policies are uniquely identified by the principal name and version pair.
-         * You can have multiple policy versions for the same principal (e.g. production vs. staging).
-         * The version value `default` is special as it is the default fallback when no version is specified in the request.
-         */
-        version: string;
-        /**
-         * Rules defining the overrides that apply to the principal.
-         */
-        rules: PrincipalRule[];
-        /**
-         * {@link https://docs.cerbos.dev/cerbos/latest/policies/scoped_policies.html | Scope} of the policy.
-         */
-        scope?: string;
-    };
+    principalPolicy: PrincipalPolicyBody;
 }
 //# sourceMappingURL=PrincipalPolicy.d.ts.map

lib/types/external/ResourcePolicy.d.ts

 import type { PolicyBase } from "./PolicyBase";
-import type { ResourceRule } from "./ResourceRule";
-import type { SchemaRefs } from "./SchemaRefs";
+import type { ResourcePolicyBody } from "./ResourcePolicyBody";
 /**
@@ -13,34 +12,4 @@ * A {@link https://docs.cerbos.dev/cerbos/latest/policies/resource_policies.html | policy} defining rules for actions that can be performed on a given resource.
      */
-    resourcePolicy: {
-        /**
-         * The name of the resource to which the policy applies.
-         */
-        resource: string;
-        /**
-         * The version of the policy.
-         *
-         * @remarks
-         * Policies are uniquely identified by the principal name and version pair.
-         * You can have multiple policy versions for the same principal (e.g. production vs. staging).
-         * The version value `default` is special as it is the default fallback when no version is specified in the request.
-         */
-        version: string;
-        /**
-         * Name of a set of {@link https://docs.cerbos.dev/cerbos/latest/policies/derived_roles.html | derived roles} to import.
-         */
-        importDerivedRoles?: string[];
-        /**
-         * Rules defining the actions that can be performed on the resource.
-         */
-        rules: ResourceRule[];
-        /**
-         * {@link https://docs.cerbos.dev/cerbos/latest/policies/scoped_policies.html | Scope} of the policy.
-         */
-        scope?: string;
-        /**
-         * {@link https://docs.cerbos.dev/cerbos/latest/policies/schemas.html | Schemas} for principal and resource attributes.
-         */
-        schemas?: SchemaRefs | undefined;
-    };
+    resourcePolicy: ResourcePolicyBody;
 }
 //# sourceMappingURL=ResourcePolicy.d.ts.map

package.json

 {
   "name": "@cerbos/core",
-  "version": "0.11.0",
+  "version": "0.12.0",
   "description": "Common types used by the @cerbos/grpc and @cerbos/http client libraries",
@@ -32,4 +32,4 @@ "repository": {
   "devDependencies": {
-    "@types/uuid": "9.0.1"
+    "@types/uuid": "9.0.2"
   }
 }

src/client.ts

@@ -62,3 +62,3 @@ import {
   request: _Request<Service, RPC>,
-  adminCredentials?: AdminCredentials
+  adminCredentials?: AdminCredentials,
 ) => Promise<_Response<Service, RPC>>;
@@ -146,3 +146,3 @@
     transport: _Transport,
-    private readonly options: Options
+    private readonly options: Options,
   ) {
@@ -185,7 +185,7 @@ this.transport = transport;
   public async addOrUpdatePolicies(
-    request: AddOrUpdatePoliciesRequest
+    request: AddOrUpdatePoliciesRequest,
   ): Promise<void> {
     await this.admin(
       "addOrUpdatePolicy",
-      addOrUpdatePoliciesRequestToProtobuf(request)
+      addOrUpdatePoliciesRequestToProtobuf(request),
     );
@@ -220,7 +220,7 @@ }
   public async addOrUpdateSchemas(
-    request: AddOrUpdateSchemasRequest
+    request: AddOrUpdateSchemasRequest,
   ): Promise<void> {
     await this.admin(
       "addOrUpdateSchema",
-      addOrUpdateSchemasRequestToProtobuf(request)
+      addOrUpdateSchemasRequestToProtobuf(request),
     );
@@ -252,3 +252,3 @@ }
   public async checkResource(
-    request: CheckResourceRequest
+    request: CheckResourceRequest,
   ): Promise<CheckResourcesResult> {
@@ -308,3 +308,3 @@ const { resource, actions, ...rest } = request;
   public async checkResources(
-    request: CheckResourcesRequest
+    request: CheckResourcesRequest,
   ): Promise<CheckResourcesResponse> {
@@ -314,4 +314,4 @@ const response = checkResourcesResponseFromProtobuf(
         "checkResources",
-        checkResourcesRequestToProtobuf(request)
-      )
+        checkResourcesRequestToProtobuf(request),
+      ),
     );
@@ -374,6 +374,6 @@
   public async deleteSchemas(
-    request: DeleteSchemasRequest
+    request: DeleteSchemasRequest,
   ): Promise<DeleteSchemasResponse> {
     return deleteSchemasResponseFromProtobuf(
-      await this.admin("deleteSchema", deleteSchemasRequestToProtobuf(request))
+      await this.admin("deleteSchema", deleteSchemasRequestToProtobuf(request)),
     );
@@ -402,3 +402,3 @@ }
   public async disablePolicies(
-    request: DisablePoliciesRequest
+    request: DisablePoliciesRequest,
   ): Promise<DisablePoliciesResponse> {
@@ -408,4 +408,4 @@ return disablePoliciesResponseFromProtobuf(
         "disablePolicy",
-        disablePoliciesRequestToProtobuf(request)
-      )
+        disablePoliciesRequestToProtobuf(request),
+      ),
     );
@@ -456,6 +456,9 @@ }
   public async enablePolicies(
-    request: EnablePoliciesRequest
+    request: EnablePoliciesRequest,
   ): Promise<EnablePoliciesResponse> {
     return enablePoliciesResponseFromProtobuf(
-      await this.admin("enablePolicy", enablePoliciesRequestToProtobuf(request))
+      await this.admin(
+        "enablePolicy",
+        enablePoliciesRequestToProtobuf(request),
+      ),
     );
@@ -504,6 +507,6 @@ }
   public async getPolicies(
-    request: GetPoliciesRequest
+    request: GetPoliciesRequest,
   ): Promise<GetPoliciesResponse> {
     return getPoliciesResponseFromProtobuf(
-      await this.admin("getPolicy", getPoliciesRequestToProtobuf(request))
+      await this.admin("getPolicy", getPoliciesRequestToProtobuf(request)),
     );
@@ -576,6 +579,6 @@ }
   public async getSchemas(
-    request: GetSchemasRequest
+    request: GetSchemasRequest,
   ): Promise<GetSchemasResponse> {
     return getSchemasResponseFromProtobuf(
-      await this.admin("getSchema", getSchemasRequestToProtobuf(request))
+      await this.admin("getSchema", getSchemasRequestToProtobuf(request)),
     );
@@ -632,6 +635,6 @@ }
   public async listPolicies(
-    request: ListPoliciesRequest = {}
+    request: ListPoliciesRequest = {},
   ): Promise<ListPoliciesResponse> {
     return listPoliciesResponseFromProtobuf(
-      await this.admin("listPolicies", listPoliciesRequestToProtobuf(request))
+      await this.admin("listPolicies", listPoliciesRequestToProtobuf(request)),
     );
@@ -676,3 +679,3 @@ }
   public async planResources(
-    request: PlanResourcesRequest
+    request: PlanResourcesRequest,
   ): Promise<PlanResourcesResponse> {
@@ -682,4 +685,4 @@ const response = planResourcesResponseFromProtobuf(
         "planResources",
-        planResourcesRequestToProtobuf(request)
-      )
+        planResourcesRequestToProtobuf(request),
+      ),
     );
@@ -722,3 +725,3 @@
     rpc: RPC,
-    request: _Request<"admin", RPC>
+    request: _Request<"admin", RPC>,
   ): Promise<_Response<"admin", RPC>> {
@@ -729,3 +732,3 @@ return await this.transport(
       request,
-      this.options.adminCredentials
+      this.options.adminCredentials,
     );
@@ -736,3 +739,3 @@ }
     rpc: RPC,
-    request: _Request<"cerbos", RPC>
+    request: _Request<"cerbos", RPC>,
   ): Promise<_Response<"cerbos", RPC>> {
@@ -739,0 +742,0 @@ return await this.transport("cerbos", rpc, request);

src/convert/fromProtobuf.ts

@@ -10,2 +10,3 @@ import { Effect as EffectProtobuf } from "../protobuf/cerbos/effect/v1/effect";
   DerivedRoles as DerivedRolesProtobuf,
+  ExportVariables as ExportVariablesProtobuf,
   Match as MatchProtobuf,
@@ -24,2 +25,3 @@ Match_ExprList,
   Schemas_Schema,
+  Variables as VariablesProtobuf,
 } from "../protobuf/cerbos/policy/v1/policy";
@@ -50,2 +52,3 @@ import type {
   EnablePoliciesResponse,
+  ExportVariables,
   GetPoliciesResponse,
@@ -74,2 +77,3 @@ ListPoliciesResponse,
   Value,
+  Variables,
 } from "../types/external";
@@ -121,3 +125,3 @@ import {
 const actionsFromProtobuf = (
-  actions: Record<string, EffectProtobuf>
+  actions: Record<string, EffectProtobuf>,
 ): Record<string, Effect | undefined> =>
@@ -128,3 +132,3 @@ Object.fromEntries(
       effectFromProtobuf(effect),
-    ])
+    ]),
   );
@@ -146,3 +150,3 @@
 const validationErrorSourceFromProtobuf = (
-  source: ValidationError_Source
+  source: ValidationError_Source,
 ): ValidationErrorSource => {
@@ -160,3 +164,3 @@ switch (source) {
           ValidationError_Source[source as number] ?? "unrecognized"
-        })`
+        })`,
       );
@@ -192,6 +196,7 @@ }
 }: GetPolicyResponse): GetPoliciesResponse => ({
-  policies: policies.map(policyFromProtobuf),
+  policies: policies.map(_policyFromProtobuf),
 });
 
-const policyFromProtobuf = ({
+/** @internal */
+export const _policyFromProtobuf = ({
   apiVersion,
@@ -229,3 +234,3 @@ description,
 const policyTypeFromProtobuf = (
-  policyType: PolicyProtobuf["policyType"]
+  policyType: PolicyProtobuf["policyType"],
 ): OmitPolicyBase<Policy> => {
@@ -240,2 +245,5 @@ if (!policyType) {
 
+    case "exportVariables":
+      return exportVariablesFromProtobuf(policyType.exportVariables);
+
     case "principalPolicy":
@@ -249,3 +257,3 @@ return principalPolicyFromProtobuf(policyType.principalPolicy);
       throw new Error(
-        `Unknown policy type: ${JSON.stringify(policyType, null, 2)}`
+        `Unknown policy type: ${JSON.stringify(policyType, null, 2)}`,
       );
@@ -258,2 +266,3 @@ }
   definitions,
+  variables,
 }: DerivedRolesProtobuf): OmitPolicyBase<DerivedRoles> => ({
@@ -263,2 +272,3 @@ derivedRoles: {
     definitions: definitions.map(derivedRoleDefinitionFromProtobuf),
+    variables: variables && variablesFromProtobuf(variables),
   },
@@ -286,3 +296,3 @@ });
       throw new Error(
-        `Unknown condition type: ${JSON.stringify(condition, null, 2)}`
+        `Unknown condition type: ${JSON.stringify(condition, null, 2)}`,
       );
@@ -323,2 +333,20 @@ }
 
+const variablesFromProtobuf = ({
+  import: imports,
+  local,
+}: VariablesProtobuf): Variables => ({
+  import: imports,
+  local,
+});
+
+const exportVariablesFromProtobuf = ({
+  name,
+  definitions,
+}: ExportVariablesProtobuf): OmitPolicyBase<ExportVariables> => ({
+  exportVariables: {
+    name,
+    definitions,
+  },
+});
+
 const principalPolicyFromProtobuf = ({
@@ -329,2 +357,3 @@ principal,
   scope,
+  variables,
 }: PrincipalPolicyProtobuf): OmitPolicyBase<PrincipalPolicy> => ({
@@ -336,2 +365,3 @@ principalPolicy: {
     scope,
+    variables: variables && variablesFromProtobuf(variables),
   },
@@ -371,2 +401,3 @@ });
   scope,
+  variables,
 }: ResourcePolicyProtobuf): OmitPolicyBase<ResourcePolicy> => ({
@@ -380,2 +411,3 @@ resourcePolicy: {
     scope,
+    variables: variables && variablesFromProtobuf(variables),
   },
@@ -493,3 +525,3 @@ });
           PlanResourcesFilter_Kind[kind as number] ?? "unrecognized"
-        })`
+        })`,
       );
@@ -510,3 +542,3 @@ }
         node.expression.operator,
-        node.expression.operands.map(planOperandFromProtobuf)
+        node.expression.operands.map(planOperandFromProtobuf),
       );
@@ -513,0 +545,0 @@

src/convert/toProtobuf.ts

@@ -12,2 +12,3 @@ import { v4 as uuidv4 } from "uuid";
   DerivedRoles as DerivedRolesProtobuf,
+  ExportVariables as ExportVariablesProtobuf,
   Match as MatchProtobuf,
@@ -25,2 +26,3 @@ Match_ExprList,
   Schemas_Schema,
+  Variables as VariablesProtobuf,
 } from "../protobuf/cerbos/policy/v1/policy";
@@ -53,2 +55,3 @@ import type {
   EnablePoliciesRequest,
+  ExportVariables,
   GetPoliciesRequest,
@@ -75,2 +78,3 @@ JWT,
   SchemaRefs,
+  Variables,
 } from "../types/external";
@@ -85,2 +89,3 @@ import {
   policyIsDerivedRoles,
+  policyIsExportVariables,
   policyIsPrincipalPolicy,
@@ -112,2 +117,3 @@ policyIsResourcePolicy,
     disabled,
+    jsonSchema: "",
     metadata: undefined,
@@ -120,3 +126,3 @@ policyType: policyTypeToProtobuf(policy),
 const policyTypeToProtobuf = (
-  policy: Policy
+  policy: Policy,
 ): Exclude<PolicyProtobuf["policyType"], undefined> => {
@@ -130,2 +136,9 @@ if (policyIsDerivedRoles(policy)) {
 
+  if (policyIsExportVariables(policy)) {
+    return {
+      $case: "exportVariables",
+      exportVariables: exportVariablesToProtobuf(policy),
+    };
+  }
+
   if (policyIsPrincipalPolicy(policy)) {
@@ -149,6 +162,7 @@ return {
 const derivedRolesToProtobuf = ({
-  derivedRoles: { name, definitions },
+  derivedRoles: { name, definitions, variables },
 }: DerivedRoles): DerivedRolesProtobuf => ({
   name,
   definitions: definitions.map(derivedRoleDefinitionToProtobuf),
+  variables: variables && variablesToProtobuf(variables),
 });
@@ -217,4 +231,19 @@
 
+const variablesToProtobuf = ({
+  import: imports = [],
+  local = {},
+}: Variables): VariablesProtobuf => ({
+  import: imports,
+  local,
+});
+
+const exportVariablesToProtobuf = ({
+  exportVariables: { name, definitions },
+}: ExportVariables): ExportVariablesProtobuf => ({
+  name,
+  definitions,
+});
+
 const principalPolicyToProtobuf = ({
-  principalPolicy: { principal, version, rules, scope = "" },
+  principalPolicy: { principal, version, rules, scope = "", variables },
 }: PrincipalPolicy): PrincipalPolicyProtobuf => ({
@@ -225,2 +254,3 @@ principal,
   scope,
+  variables: variables && variablesToProtobuf(variables),
 });
@@ -265,2 +295,3 @@
     schemas,
+    variables,
   },
@@ -274,2 +305,3 @@ }: ResourcePolicy): ResourcePolicyProtobuf => ({
   schemas: schemas && policySchemasToProtobuf(schemas),
+  variables: variables && variablesToProtobuf(variables),
 });
@@ -323,3 +355,3 @@
 const schemaDefinitionToProtobuf = (
-  definition: SchemaDefinitionInput
+  definition: SchemaDefinitionInput,
 ): Uint8Array => {
@@ -432,4 +464,10 @@ if (definition instanceof Uint8Array) {
   includeDisabled = false,
+  nameRegexp = "",
+  scopeRegexp = "",
+  versionRegexp = "",
 }: ListPoliciesRequest): ListPoliciesRequestProtobuf => ({
   includeDisabled,
+  nameRegexp,
+  scopeRegexp,
+  versionRegexp,
 });
@@ -436,0 +474,0 @@

src/errors.ts

@@ -82,3 +82,3 @@ import type { ValidationError } from "./types/external";
      */
-    public readonly details: string
+    public readonly details: string,
   ) {
@@ -113,3 +113,3 @@ super(`gRPC error ${code} (${Status[code]}): ${details}`);
   object: unknown,
-  property: K
+  property: K,
 ): object is Record<K, unknown> =>
@@ -128,3 +128,3 @@ !!object && Object.prototype.hasOwnProperty.call(object, property);
      */
-    public readonly validationErrors: ValidationError[]
+    public readonly validationErrors: ValidationError[],
   ) {
@@ -131,0 +131,0 @@ super("Input failed schema validation");

src/index.ts

@@ -8,4 +8,5 @@ /**
 export * from "./client";
+export { _policyFromProtobuf } from "./convert/fromProtobuf";
 export * from "./errors";
 export * from "./rpcs";
 export * from "./types/external";

src/protobuf/cerbos/audit/v1/audit.ts

 /* eslint-disable */
-import type { CheckInput, CheckOutput, PlanResourcesInput, PlanResourcesOutput } from "../../engine/v1/engine";
+import type {
+  CheckInput,
+  CheckOutput,
+  PlanResourcesInput,
+  PlanResourcesOutput,
+} from "../../engine/v1/engine";
 
@@ -27,6 +32,12 @@ export const protobufPackage = "cerbos.audit.v1";
   error: string;
-  method?: { $case: "checkResources"; checkResources: DecisionLogEntry_CheckResources } | {
-    $case: "planResources";
-    planResources: DecisionLogEntry_PlanResources;
-  };
+  method?:
+    | {
+        $case: "checkResources";
+        checkResources: DecisionLogEntry_CheckResources;
+      }
+    | {
+        $case: "planResources";
+        planResources: DecisionLogEntry_PlanResources;
+      }
+    | undefined;
   metadata: { [key: string]: MetaValues };
@@ -33,0 +44,0 @@ }

src/protobuf/cerbos/engine/v1/engine.ts

@@ -46,6 +46,7 @@ /* eslint-disable */
 export interface PlanResourcesFilter_Expression_Operand {
-  node?: { $case: "value"; value: any | undefined } | {
-    $case: "expression";
-    expression: PlanResourcesFilter_Expression;
-  } | { $case: "variable"; variable: string };
+  node?:
+    | { $case: "value"; value: any | undefined }
+    | { $case: "expression"; expression: PlanResourcesFilter_Expression }
+    | { $case: "variable"; variable: string }
+    | undefined;
 }
@@ -52,0 +53,0 @@

src/protobuf/cerbos/policy/v1/policy.ts

@@ -11,7 +11,10 @@ /* eslint-disable */
   metadata: Metadata | undefined;
-  policyType?: { $case: "resourcePolicy"; resourcePolicy: ResourcePolicy } | {
-    $case: "principalPolicy";
-    principalPolicy: PrincipalPolicy;
-  } | { $case: "derivedRoles"; derivedRoles: DerivedRoles };
+  policyType?:
+    | { $case: "resourcePolicy"; resourcePolicy: ResourcePolicy }
+    | { $case: "principalPolicy"; principalPolicy: PrincipalPolicy }
+    | { $case: "derivedRoles"; derivedRoles: DerivedRoles }
+    | { $case: "exportVariables"; exportVariables: ExportVariables }
+    | undefined;
   variables: { [key: string]: string };
+  jsonSchema: string;
 }
@@ -27,6 +30,3 @@
   annotations: { [key: string]: string };
-  hash:
-    | string
-    | undefined;
-  /** @deprecated */
+  hash: string | undefined;
   storeIdentifer: string;
@@ -48,2 +48,3 @@ storeIdentifier: string;
   schemas: Schemas | undefined;
+  variables: Variables | undefined;
 }
@@ -66,2 +67,3 @@
   scope: string;
+  variables: Variables | undefined;
 }
@@ -85,2 +87,3 @@
   definitions: RoleDef[];
+  variables: Variables | undefined;
 }
@@ -94,11 +97,36 @@
 
+export interface ExportVariables {
+  name: string;
+  definitions: { [key: string]: string };
+}
+
+export interface ExportVariables_DefinitionsEntry {
+  key: string;
+  value: string;
+}
+
+export interface Variables {
+  import: string[];
+  local: { [key: string]: string };
+}
+
+export interface Variables_LocalEntry {
+  key: string;
+  value: string;
+}
+
 export interface Condition {
-  condition?: { $case: "match"; match: Match } | { $case: "script"; script: string };
+  condition?:
+    | { $case: "match"; match: Match }
+    | { $case: "script"; script: string }
+    | undefined;
 }
 
 export interface Match {
-  op?: { $case: "all"; all: Match_ExprList } | { $case: "any"; any: Match_ExprList } | {
-    $case: "none";
-    none: Match_ExprList;
-  } | { $case: "expr"; expr: string };
+  op?:
+    | { $case: "all"; all: Match_ExprList }
+    | { $case: "any"; any: Match_ExprList }
+    | { $case: "none"; none: Match_ExprList }
+    | { $case: "expr"; expr: string }
+    | undefined;
 }
@@ -105,0 +133,0 @@

src/protobuf/cerbos/request/v1/request.ts

 /* eslint-disable */
 import type { Duration } from "../../../google/protobuf/duration";
-import type { PlanResourcesInput_Resource, Principal, Resource } from "../../engine/v1/engine";
+import type {
+  PlanResourcesInput_Resource,
+  Principal,
+  Resource,
+} from "../../engine/v1/engine";
 import type { Policy } from "../../policy/v1/policy";
@@ -88,6 +92,8 @@ import type { Schema } from "../../schema/v1/schema";
   kind: ListAuditLogEntriesRequest_Kind;
-  filter?: { $case: "tail"; tail: number } | { $case: "between"; between: ListAuditLogEntriesRequest_TimeRange } | {
-    $case: "since";
-    since: Duration;
-  } | { $case: "lookup"; lookup: string };
+  filter?:
+    | { $case: "tail"; tail: number }
+    | { $case: "between"; between: ListAuditLogEntriesRequest_TimeRange }
+    | { $case: "since"; since: Duration }
+    | { $case: "lookup"; lookup: string }
+    | undefined;
 }
@@ -106,7 +112,9 @@
 
-export interface ServerInfoRequest {
-}
+export interface ServerInfoRequest {}
 
 export interface ListPoliciesRequest {
   includeDisabled: boolean;
+  nameRegexp: string;
+  scopeRegexp: string;
+  versionRegexp: string;
 }
@@ -130,4 +138,3 @@
 
-export interface ListSchemasRequest {
-}
+export interface ListSchemasRequest {}
 
@@ -134,0 +141,0 @@ export interface GetSchemaRequest {

src/protobuf/cerbos/response/v1/response.ts

@@ -28,3 +28,5 @@ /* eslint-disable */
   requestId: string;
-  resourceInstances: { [key: string]: CheckResourceSetResponse_ActionEffectMap };
+  resourceInstances: {
+    [key: string]: CheckResourceSetResponse_ActionEffectMap;
+  };
   meta: CheckResourceSetResponse_Meta | undefined;
@@ -44,3 +46,5 @@ }
 export interface CheckResourceSetResponse_Meta {
-  resourceInstances: { [key: string]: CheckResourceSetResponse_Meta_ActionMeta };
+  resourceInstances: {
+    [key: string]: CheckResourceSetResponse_Meta_ActionMeta;
+  };
 }
@@ -110,3 +114,5 @@
 export interface CheckResourcesResponse_ResultEntry_Meta {
-  actions: { [key: string]: CheckResourcesResponse_ResultEntry_Meta_EffectMeta };
+  actions: {
+    [key: string]: CheckResourcesResponse_ResultEntry_Meta_EffectMeta;
+  };
   effectiveDerivedRoles: string[];
@@ -135,6 +141,9 @@ }
 export interface ListAuditLogEntriesResponse {
-  entry?: { $case: "accessLogEntry"; accessLogEntry: AccessLogEntry } | {
-    $case: "decisionLogEntry";
-    decisionLogEntry: DecisionLogEntry;
-  };
+  entry?:
+    | { $case: "accessLogEntry"; accessLogEntry: AccessLogEntry }
+    | {
+        $case: "decisionLogEntry";
+        decisionLogEntry: DecisionLogEntry;
+      }
+    | undefined;
 }
@@ -164,4 +173,3 @@
 
-export interface AddOrUpdateSchemaResponse {
-}
+export interface AddOrUpdateSchemaResponse {}
 
@@ -180,3 +188,2 @@ export interface ListSchemasResponse {
 
-export interface ReloadStoreResponse {
-}
+export interface ReloadStoreResponse {}

src/protobuf/google/api/http.ts

@@ -13,3 +13,4 @@ /* eslint-disable */
     | { $case: "patch"; patch: string }
-    | { $case: "custom"; custom: CustomHttpPattern };
+    | { $case: "custom"; custom: CustomHttpPattern }
+    | undefined;
   body: string;
@@ -16,0 +17,0 @@ responseBody: string;

src/protobuf/google/protobuf/descriptor.ts

@@ -9,3 +9,2 @@ /* eslint-disable */
   javaMultipleFiles: boolean;
-  /** @deprecated */
   javaGenerateEqualsAndHash: boolean;
@@ -42,3 +41,2 @@ javaStringCheckUtf8: boolean;
   mapEntry: boolean;
-  /** @deprecated */
   deprecatedLegacyJsonFieldConflicts: boolean;
@@ -45,0 +43,0 @@ uninterpretedOption: UninterpretedOption[];

src/protobuf/google/protobuf/empty.ts

@@ -5,3 +5,2 @@ /* eslint-disable */
 
-export interface Empty {
-}
+export interface Empty {}

src/protobuf/google/protobuf/struct.ts

@@ -25,3 +25,4 @@ /* eslint-disable */
     | { $case: "structValue"; structValue: { [key: string]: any } | undefined }
-    | { $case: "listValue"; listValue: Array<any> | undefined };
+    | { $case: "listValue"; listValue: Array<any> | undefined }
+    | undefined;
 }
@@ -28,0 +29,0 @@

src/protobuf/protoc-gen-openapiv2/options/openapiv2.ts

@@ -264,3 +264,5 @@ /* eslint-disable */
 export interface SecurityRequirement {
-  securityRequirement: { [key: string]: SecurityRequirement_SecurityRequirementValue };
+  securityRequirement: {
+    [key: string]: SecurityRequirement_SecurityRequirementValue;
+  };
 }
@@ -267,0 +269,0 @@

src/protobuf/validate/validate.ts

@@ -35,3 +35,4 @@ /* eslint-disable */
     | { $case: "duration"; duration: DurationRules }
-    | { $case: "timestamp"; timestamp: TimestampRules };
+    | { $case: "timestamp"; timestamp: TimestampRules }
+    | undefined;
 }
@@ -200,3 +201,4 @@
     | { $case: "uuid"; uuid: boolean }
-    | { $case: "wellKnownRegex"; wellKnownRegex: KnownRegex };
+    | { $case: "wellKnownRegex"; wellKnownRegex: KnownRegex }
+    | undefined;
   strict: boolean;
@@ -217,3 +219,7 @@ ignoreEmpty: boolean;
   notIn: Uint8Array[];
-  wellKnown?: { $case: "ip"; ip: boolean } | { $case: "ipv4"; ipv4: boolean } | { $case: "ipv6"; ipv6: boolean };
+  wellKnown?:
+    | { $case: "ip"; ip: boolean }
+    | { $case: "ipv4"; ipv4: boolean }
+    | { $case: "ipv6"; ipv6: boolean }
+    | undefined;
   ignoreEmpty: boolean;
@@ -220,0 +226,0 @@ }

src/rpcs.ts

@@ -64,3 +64,3 @@ import type {
   Service extends _Service,
-  RPC extends _RPC<Service>
+  RPC extends _RPC<Service>,
 > = _Services[Service][RPC] extends unknown[]
@@ -73,5 +73,5 @@ ? _Services[Service][RPC][0]
   Service extends _Service,
-  RPC extends _RPC<Service>
+  RPC extends _RPC<Service>,
 > = _Services[Service][RPC] extends unknown[]
   ? _Services[Service][RPC][1]
   : never;

src/types/external/CheckResourcesResponse.ts

@@ -69,3 +69,3 @@ import type { CheckResourcesResult } from "./CheckResourcesResult";
   public findResult(
-    resource: ResourceSearch
+    resource: ResourceSearch,
   ): CheckResourcesResult | undefined {
@@ -80,3 +80,3 @@ const { kind, id, policyVersion, scope } = resource;
           resource.policyVersion === policyVersion) &&
-        (scope === undefined || resource.scope === scope)
+        (scope === undefined || resource.scope === scope),
     );
@@ -83,0 +83,0 @@ }

src/types/external/CheckResourcesResult.ts

@@ -67,3 +67,3 @@ import type { CheckResourcesResultMetadata } from "./CheckResourcesResultMetadata";
     return Object.values(this.actions).every(
-      (effect) => effect === Effect.ALLOW
+      (effect) => effect === Effect.ALLOW,
     );
@@ -77,3 +77,3 @@ }
     return Object.keys(this.actions).filter(
-      (action) => this.actions[action] === Effect.ALLOW
+      (action) => this.actions[action] === Effect.ALLOW,
     );
@@ -80,0 +80,0 @@ }

src/types/external/DerivedRoles.ts

@@ -1,2 +0,2 @@
-import type { DerivedRoleDefinition } from "./DerivedRoleDefinition";
+import type { DerivedRolesBody } from "./DerivedRolesBody";
 import type { PolicyBase } from "./PolicyBase";
@@ -14,13 +14,3 @@
    */
-  derivedRoles: {
-    /**
-     * The name to use when importing the set of derived roles.
-     */
-    name: string;
-
-    /**
-     * The definitions of the derived roles.
-     */
-    definitions: DerivedRoleDefinition[];
-  };
+  derivedRoles: DerivedRolesBody;
 }

src/types/external/index.ts

@@ -16,2 +16,3 @@ export * from "./AddOrUpdatePoliciesRequest";
 export * from "./DerivedRoles";
+export * from "./DerivedRolesBody";
 export * from "./DisablePoliciesRequest";
@@ -22,2 +23,4 @@ export * from "./DisablePoliciesResponse";
 export * from "./EnablePoliciesResponse";
+export * from "./ExportVariables";
+export * from "./ExportVariablesBody";
 export * from "./GetPoliciesRequest";
@@ -56,2 +59,3 @@ export * from "./GetPoliciesResponse";
 export * from "./PrincipalPolicy";
+export * from "./PrincipalPolicyBody";
 export * from "./PrincipalRule";
@@ -63,2 +67,3 @@ export * from "./PrincipalRuleAction";
 export * from "./ResourcePolicy";
+export * from "./ResourcePolicyBody";
 export * from "./ResourceQuery";
@@ -78,1 +83,2 @@ export * from "./ResourceRule";
 export * from "./Value";
+export * from "./Variables";

src/types/external/ListPoliciesRequest.ts

@@ -16,2 +16,35 @@ /**
   includeDisabled?: boolean;
+
+  /**
+   * Only include policies with a name matching the given regular expression.
+   *
+   * @remarks
+   * Regular expressions must use the {@link https://golang.org/s/re2syntax | RE2 syntax}.
+   * Note that backreferences are not supported.
+   *
+   * Requires the Cerbos policy decision point server to be at least v0.29.
+   */
+  nameRegexp?: string;
+
+  /**
+   * Only include policies with a scope matching the given regular expression.
+   *
+   * @remarks
+   * Regular expressions must use the {@link https://golang.org/s/re2syntax | RE2 syntax}.
+   * Note that backreferences are not supported.
+   *
+   * Requires the Cerbos policy decision point server to be at least v0.29.
+   */
+  scopeRegexp?: string;
+
+  /**
+   * Only include policies with a version matching the given regular expression.
+   *
+   * @remarks
+   * Regular expressions must use the {@link https://golang.org/s/re2syntax | RE2 syntax}.
+   * Note that backreferences are not supported.
+   *
+   * Requires the Cerbos policy decision point server to be at least v0.29.
+   */
+  versionRegexp?: string;
 }

src/types/external/PlanExpression.ts

@@ -18,4 +18,4 @@ import type { PlanExpressionOperand } from "./PlanExpressionOperand";
      */
-    public operands: PlanExpressionOperand[]
+    public operands: PlanExpressionOperand[],
   ) {}
 }

src/types/external/PlanExpressionValue.ts

@@ -13,4 +13,4 @@ import type { Value } from "./Value";
      */
-    public value: Value
+    public value: Value,
   ) {}
 }

src/types/external/PlanExpressionVariable.ts

@@ -11,4 +11,4 @@ /**
      */
-    public name: string
+    public name: string,
   ) {}
 }

src/types/external/Policy.ts

 import type { DerivedRoles } from "./DerivedRoles";
+import type { ExportVariables } from "./ExportVariables";
 import type { PrincipalPolicy } from "./PrincipalPolicy";
@@ -10,3 +11,7 @@ import type { ResourcePolicy } from "./ResourcePolicy";
  */
-export type Policy = DerivedRoles | PrincipalPolicy | ResourcePolicy;
+export type Policy =
+  | DerivedRoles
+  | ExportVariables
+  | PrincipalPolicy
+  | ResourcePolicy;
 
@@ -22,2 +27,11 @@ /**
 /**
+ * Type guard to check if a {@link Policy} is a set of {@link ExportVariables}.
+ *
+ * @public
+ */
+export const policyIsExportVariables = (
+  policy: Policy,
+): policy is ExportVariables => "exportVariables" in policy;
+
+/**
  * Type guard to check if a {@link Policy} is a {@link PrincipalPolicy}.
@@ -28,3 +42,3 @@ *
 export const policyIsPrincipalPolicy = (
-  policy: Policy
+  policy: Policy,
 ): policy is PrincipalPolicy => "principalPolicy" in policy;
@@ -38,3 +52,3 @@
 export const policyIsResourcePolicy = (
-  policy: Policy
+  policy: Policy,
 ): policy is ResourcePolicy => "resourcePolicy" in policy;

src/types/external/PolicyBase.ts

@@ -35,4 +35,6 @@ import type { PolicyMetadata } from "./PolicyMetadata";
    * A variable expression can contain anything that condition expression can have.
+   *
+   * @deprecated Define variables within the policy body instead, provided the Cerbos policy decision point server is at least v0.29 ({@link DerivedRolesBody.variables}, {@link PrincipalPolicyBody.variables}, or {@link ResourcePolicyBody.variables}).
    */
   variables?: Record<string, string>;
 }

src/types/external/PrincipalPolicy.ts

 import type { PolicyBase } from "./PolicyBase";
-import type { PrincipalRule } from "./PrincipalRule";
+import type { PrincipalPolicyBody } from "./PrincipalPolicyBody";
 
@@ -13,28 +13,3 @@ /**
    */
-  principalPolicy: {
-    /**
-     * The ID of the principal to whom the policy applies.
-     */
-    principal: string;
-
-    /**
-     * The version of the policy.
-     *
-     * @remarks
-     * Policies are uniquely identified by the principal name and version pair.
-     * You can have multiple policy versions for the same principal (e.g. production vs. staging).
-     * The version value `default` is special as it is the default fallback when no version is specified in the request.
-     */
-    version: string;
-
-    /**
-     * Rules defining the overrides that apply to the principal.
-     */
-    rules: PrincipalRule[];
-
-    /**
-     * {@link https://docs.cerbos.dev/cerbos/latest/policies/scoped_policies.html | Scope} of the policy.
-     */
-    scope?: string;
-  };
+  principalPolicy: PrincipalPolicyBody;
 }

src/types/external/ResourcePolicy.ts

 import type { PolicyBase } from "./PolicyBase";
-import type { ResourceRule } from "./ResourceRule";
-import type { SchemaRefs } from "./SchemaRefs";
+import type { ResourcePolicyBody } from "./ResourcePolicyBody";
 
@@ -14,38 +13,3 @@ /**
    */
-  resourcePolicy: {
-    /**
-     * The name of the resource to which the policy applies.
-     */
-    resource: string;
-
-    /**
-     * The version of the policy.
-     *
-     * @remarks
-     * Policies are uniquely identified by the principal name and version pair.
-     * You can have multiple policy versions for the same principal (e.g. production vs. staging).
-     * The version value `default` is special as it is the default fallback when no version is specified in the request.
-     */
-    version: string;
-
-    /**
-     * Name of a set of {@link https://docs.cerbos.dev/cerbos/latest/policies/derived_roles.html | derived roles} to import.
-     */
-    importDerivedRoles?: string[];
-
-    /**
-     * Rules defining the actions that can be performed on the resource.
-     */
-    rules: ResourceRule[];
-
-    /**
-     * {@link https://docs.cerbos.dev/cerbos/latest/policies/scoped_policies.html | Scope} of the policy.
-     */
-    scope?: string;
-
-    /**
-     * {@link https://docs.cerbos.dev/cerbos/latest/policies/schemas.html | Schemas} for principal and resource attributes.
-     */
-    schemas?: SchemaRefs | undefined;
-  };
+  resourcePolicy: ResourcePolicyBody;
 }

src/types/external/SchemaDefinition.ts

@@ -15,3 +15,3 @@ import { isObject } from "../internal";
      */
-    public readonly bytes: Uint8Array
+    public readonly bytes: Uint8Array,
   ) {}
@@ -18,0 +18,0 @@

src/types/external/ValidationFailedCallback.ts

@@ -9,3 +9,3 @@ import type { ValidationError } from "./ValidationError";
 export type ValidationFailedCallback = (
-  validationErrors: ValidationError[]
+  validationErrors: ValidationError[],
 ) => void;

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

455023

increased by5.2%

Number of package files

539

increased by5.89%

Lines of code

10466

increased by5.14%

No dependency changes