Skip to content

Latest commit

 

History

History
1747 lines (796 loc) · 25.9 KB

core.md

File metadata and controls

1747 lines (796 loc) · 25.9 KB
Raw

Home > @cerbos/core

core package

Common types used by the gRPC, HTTP, and embedded client libraries.

Classes

Class

Description

CheckResourcesResponse

The outcome of checking a principal's permissions on a set of resources.

CheckResourcesResult

The outcome of checking a principal's permissions on single resource.

ClientWithPrincipal

A client instance with a pre-specified principal.

NotOK

Error thrown when the Cerbos policy decision point server returns an unsuccessful response.

PlanExpression

An abstract syntax tree node representing an expression to evaluate.

PlanExpressionValue

An abstract syntax tree node representing a constant value.

PlanExpressionVariable

An abstract syntax tree node representing a variable whose value was unknown when producing the query plan.

SchemaDefinition

Definition of a JSON schema used to validate principal or resource attributes.

ValidationFailed

Error thrown when input fails schema validation, if the Client is configured with onValidationError set to "throw".

Abstract Classes

Abstract Class

Description

Client

Base implementation of a client for interacting with the Cerbos policy decision point server.

Enumerations

Enumeration

Description

Effect

Outcomes of policy decisions.

InspectedAttributeKind

Kind of an attribute referenced by a policy.

InspectedConstantKind

Kind of a constant referenced by a policy.

InspectedDerivedRoleKind

Kind of a derived role referenced by a policy.

InspectedVariableKind

Kind of a variable referenced by a policy.

PlanKind

Types of query plans.

ScopePermissions

(ALPHA)

Status

Status codes returned by the Cerbos policy decision point server.

ValidationErrorSource

Sources of invalid attributes.

Functions

Function

Description

auditLogFilterIsBetween(filter)

Type guard to check if an AuditLogFilter is an AuditLogFilterBetween.

auditLogFilterIsSince(filter)

Type guard to check if an AuditLogFilter is an AuditLogFilterSince.

auditLogFilterIsTail(filter)

Type guard to check if an AuditLogFilter is an AuditLogFilterTail.

decisionLogEntryMethodIsCheckResources(method)

Type guard to check if a DecisionLogEntryMethod is a DecisionLogEntryCheckResources.

decisionLogEntryMethodIsPlanResources(method)

Type guard to check if a DecisionLogEntryMethod is a DecisionLogEntryPlanResources.

matchIsMatchAll(match)

Type guard to check if a Match is a MatchAll.

matchIsMatchAny(match)

Type guard to check if a Match is a MatchAny.

matchIsMatchExpr(match)

Type guard to check if a Match is a MatchExpr.

matchIsMatchNone(match)

Type guard to check if a Match is a MatchNone.

planResourcesOutputIsConditional(output)

Type guard to check if a PlanResourcesOutput is a PlanResourcesConditionalOutput.

planResourcesOutputIsUnconditional(output)

Type guard to check if a PlanResourcesOutput is a PlanResourcesUnconditionalOutput.

planResourcesResponseIsConditional(output)

Type guard to check if a PlanResourcesResponse is a PlanResourcesConditionalResponse.

planResourcesResponseIsUnconditional(output)

Type guard to check if a PlanResourcesResponse is a PlanResourcesUnconditionalResponse.

policyIsDerivedRoles(policy)

Type guard to check if a Policy is a set of DerivedRoles.

policyIsExportConstants(policy)

Type guard to check if a Policy is a set of ExportConstants.

policyIsExportVariables(policy)

Type guard to check if a Policy is a set of ExportVariables.

policyIsPrincipalPolicy(policy)

Type guard to check if a Policy is a PrincipalPolicy.

policyIsResourcePolicy(policy)

Type guard to check if a Policy is a ResourcePolicy.

policyIsRolePolicy(policy)

(ALPHA)

Interfaces

Interface

Description

AccessLogEntry

An access log entry in the policy decision point's audit log.

AddOrUpdatePoliciesRequest

Input to Client.addOrUpdatePolicies().

AddOrUpdateSchemasRequest

Input to Client.addOrUpdateSchemas().

AdminCredentials

Credentials for the admin API.

AuditLogFilterBetween

Match audit log entries captured between two timestamps.

AuditLogFilterSince

Match the audit log entries captured since N seconds ago.

AuditLogFilterTail

Match the last N audit log entries.

AuditTrail

Details about how a policy decision was reached.

AuxData

Auxiliary data sources that can be referenced in policy conditions.

CheckInput

Input to a CheckResources decision.

CheckOutput

Output from a CheckResources decision.

CheckOutputActionEffect

The CheckResources decision made for an action.

CheckResourcesRequest

Input to Client.checkResources().

CheckResourcesResultMetadata

Additional information about how policy decisions were reached.

CheckResourcesResultMetadataEffect

Additional information about how a policy decision was reached.

CheckResourcesResultResource

A resource that was checked.

Condition

A set of expressions that must evaluate to true for a rule to take effect.

Constants

Constants defined for use in policy conditions.

DecisionLogEntry

A decision log entry in the policy decision point's audit log.

DecisionLogEntryCheckResources

The outcome of a CheckResources decision made by the policy decision point server.

DecisionLogEntryPlanResources

The outcome of a PlanResources decision made by the policy decision point server.

DecodedAuxData

Auxiliary data after decoding the JSON Web Token.

DeleteSchemasRequest

Input to Client.deleteSchemas().

DeleteSchemasResponse

The outcome of deleting schemas.

DerivedRoleDefinition

The definition of a derived role.

DerivedRoles

A set of derived roles to augment static RBAC roles with contextual data to provide more fine-grained control at runtime.

DerivedRolesBody

A set of derived roles to augment static RBAC roles with contextual data to provide more fine-grained control at runtime.

DisablePoliciesRequest

Input to Client.disablePolicies().

DisablePoliciesResponse

The outcome of disabling policies.

EnablePoliciesRequest

Input to Client.enablePolicies().

EnablePoliciesResponse

The outcome of enabling policies.

ErrorOptions

Options for creating an error.

ExportConstants

A set of exported constants to be reused in other policies.

ExportConstantsBody

A set of exported constants to be reused in other policies.

ExportVariables

A set of exported variables to be reused in other policies.

ExportVariablesBody

A set of exported variables to be reused in other policies.

GetPoliciesRequest

Input to Client.getPolicies().

GetPoliciesResponse

Fetched policies.

GetSchemasRequest

Input to Client.getSchemas().

GetSchemasResponse

Fetched schemas.

InspectedAttribute

Details of an attribute referenced by a policy.

InspectedConstant

Details of a constant referenced by a policy.

InspectedDerivedRole

Details of a derived role referenced by a policy.

InspectedPolicy

Details of a policy in the store.

InspectedVariable

Details of a variable referenced by a policy.

InspectPoliciesRequest

Input to Client.inspectPolicies().

InspectPoliciesResponse

Details of policies in the store.

JWT

A JSON Web Token to use as an auxiliary data source, which will be verified against the Cerbos policy decision point (PDP) server's configured JSON Web Key Sets (JWKS) unless verification is disabled on the server.

ListAccessLogEntriesRequest

Input to Client.listAccessLogEntries().

ListDecisionLogEntriesRequest

Input to Client.listDecisionLogEntries().

ListPoliciesRequest

Input to Client.listPolicies().

ListPoliciesResponse

A list of available policy IDs.

ListSchemasResponse

A list of available schema IDs.

MatchAll

A set of expressions to evaluate in a condition that must all be true.

MatchAny

A set of expressions to evaluate in a condition, at least one of which must be true.

Matches

A set of expressions to evaluate in a boolean match.

MatchExpr

A single expression to evaluate in a condition.

MatchNone

A set of expressions to evaluate in a condition that must all be false.

Options

Options for creating a new Client.

Output

User-defined output to be produced when evaluating a policy rule.

OutputExpressions

Common Expression Language expressions to evaluate to produce user-defined output from a policy rule.

OutputResult

User-defined output from a policy rule evaluation.

Peer

Details of the client who made a request to the policy decision point server.

PlanResourcesConditionalOutput

A query plan for when the specified action is conditionally allowed for the principal on resources matching the input.

PlanResourcesConditionalResponse

A query plan for when the specified action is conditionally allowed for the principal on resources matching the input.

PlanResourcesInput

Input to a PlanResources invocation.

PlanResourcesMetadata

Additional information about the query plan.

PlanResourcesOutputBase

Common fields between different PlanResourcesOutput types.

PlanResourcesRequest

Input to Client.planResources().

PlanResourcesResponseBase

Common fields between different PlanResourcesResponse types.

PlanResourcesUnconditionalOutput

A query plan for when the specified action is always allowed or denied for the principal on resources matching the input.

PlanResourcesUnconditionalResponse

A query plan for when the specified action is always allowed or denied for the principal on resources matching the input.

PolicyBase

Common fields between different Policy types.

PolicyMetadata

Metadata describing a policy.

Principal

A principal (often a user, but potentially another actor like a service account) to authorize.

PrincipalPolicy

A policy defining overrides for a specific user.

PrincipalPolicyBody

A policy defining overrides for a specific user.

PrincipalRule

A rule defining an override for a specific user.

PrincipalRuleAction

An override for a given action for a specific user.

ReloadStoreRequest

Input to Client.reloadStore().

RequestOptions

Options for sending a request to the policy decision point.

Resource

A resource on which to check a principal's permissions.

ResourceCheck

A Resource and list of actions on which to check a principal's permissions.

ResourcePolicy

A policy defining rules for actions that can be performed on a given resource.

ResourcePolicyBody

A policy defining rules for actions that can be performed on a given resource.

ResourceRule

A rule for actions that can be performed on a given resource.

RolePolicy

(ALPHA)

RolePolicyBody

(ALPHA)

RoleRule

(ALPHA)

Schema

A JSON schema used to validate principal or resource attributes.

SchemaInput

A JSON schema to be used to validate principal or resource attributes.

SchemaRef

Reference to a schema to be used to validate principal or resource attributes.

SchemaRefs

References to schemas to be used to validate principal and resource attributes.

ServerInfo

Information about the Cerbos policy decision point (PDP) server.

ValidationError

An error that occurred while validating the principal or resource attributes against a schema.

Variables

Variables defined for use in policy conditions.

Type Aliases

Type Alias

Description

AuditLogFilter

Criteria to match audit log entries.

CheckResourceRequest

Input to Client.checkResource().

DecisionLogEntryMethod

The outcome of a decision made by the policy decision point server.

HeadersInit

HTTP headers from which to construct a Headers object.

IsAllowedRequest

Input to Client.isAllowed().

Match

Expressions to evaluate in a condition.

PlanExpressionOperand

An abstract syntax tree node representing an operand to an expression.

PlanResourcesOutput

Output from a PlanResources invocation.

PlanResourcesResponse

A query plan that can be used to obtain a list of resources on which a principal is allowed to perform a particular action.

Policy

A policy definition.

ResourceQuery

Partial details of resources to be queried.

ResourceSearch

Search criteria to match a resource in results.

SchemaDefinitionInput

Definition of a JSON schema used to validate principal or resource attributes.

SourceAttributes

Metadata about the source of a policy.

ValidationFailedCallback

A callback function to be invoked when input fails schema validation.

Value

Any JSON-serializable value.