import { PermissionDefinition } from '@axinom/mosaic-id-utils'; import { MosaicError } from '@axinom/mosaic-service-common'; import { getGqlClient } from '../common/gql-client'; import { IdLinkBeErrors } from '../common/id-link-be-errors'; import { Maybe, PurgePermissionsDocument, PurgePermissionsMutation, PurgePermissionsMutationVariables, SyncPermissionsDocument, SyncPermissionsMutation, SyncPermissionsMutationVariables, } from '../generated/graphql.types'; import { getWellKnownEndpoints } from '../well-known-endpoints'; export interface SynchronizePermissionsResult { permissionsStored: Maybe[] | null; permissionsRemoved: Maybe[] | null; } export interface PurgePermissionsResult { permissionsPurged: Maybe[] | null; } /** * This function synchronizes permissions of a service with id-service. * @param authEndpoint URL for id-service authEndpoint. * @param serviceAccountToken A valid service account token with permission SYNCHRONIZE_PERMISSIONS granted. * @param serviceId Service ID of the service that needs to synchronize permissions with id-service. * @param permissionDefinition The list of permissions to be synchronized with id-service. * @returns {SynchronizePermissionsResult} Results of permission synchronization. */ export const synchronizePermissions = async ( authEndpoint: string, serviceAccountToken: string, serviceId: string, permissionDefinition: PermissionDefinition, ): Promise => { const permissions = [...permissionDefinition.permissions]; const client = getGqlClient( (await getWellKnownEndpoints(authEndpoint)).accessManagementGraphQlEndpoint, serviceAccountToken, ); const permissionSyncResults = await client.mutate< SyncPermissionsMutation, SyncPermissionsMutationVariables >({ mutation: SyncPermissionsDocument, variables: { input: { serviceId: serviceId, permissions, }, }, errorPolicy: 'all', fetchPolicy: 'no-cache', }); if (permissionSyncResults.errors) { throw new MosaicError({ ...IdLinkBeErrors.PermissionSyncError, details: { originalErrors: permissionSyncResults.errors.map( (error) => error.message, ), }, }); } else { return { permissionsStored: permissionSyncResults.data?.synchronizePermissions?.added ?? [], permissionsRemoved: permissionSyncResults.data?.synchronizePermissions?.removed ?? [], }; } }; export const purgePermissions = async ( authEndpoint: string, serviceAccountToken: string, serviceId: string, ): Promise => { const client = getGqlClient( (await getWellKnownEndpoints(authEndpoint)).accessManagementGraphQlEndpoint, serviceAccountToken, ); const purgePermissionsResults = await client.mutate< PurgePermissionsMutation, PurgePermissionsMutationVariables >({ mutation: PurgePermissionsDocument, variables: { input: { serviceId: serviceId, }, }, errorPolicy: 'all', fetchPolicy: 'no-cache', }); if (purgePermissionsResults.errors) { throw new Error( purgePermissionsResults.errors.map((error) => error.message).join('.'), ); } else { return { permissionsPurged: purgePermissionsResults.data?.purgePermissions?.purged ?? [], }; } };