`@synanetics/iam-scope-parser`

Parses and applies scopes against a list of targets.

Usage

``typescript import { parseScope } from '@synanetics/iam-scope-parser';

const result = parseScope('read:YHCR. read:LLRCR. !read:YHCR.DEF !read:LLRCR.ABC', 'read', [ 'YHCR.ABC', 'YHCR.DEF', 'YHCR.GHI', 'LLRCR.ABC', 'LLRCR.DEF', 'LLRCR.GHI', 'DDCR.ABC', ]);

console.log(result); /** { allow: [ 'YHCR.ABC', 'YHCR.GHI', 'LLRCR.DEF', 'LLRCR.GHI', ], deny: [ 'YHCR.DEF', 'LLRCR.ABC', 'DDCR.ABC', ] } */`

`Detailed description`

This package has been created to support the Interweave NRL project which requires providers to opt-in to data sharing with out-of-region consumers. Scopes will be applied by the IAM service to generated JWT tokens and can be evaluated against a set of target providers using this package.

This package employs a deny-by-default approach where anything not matching a scope is automatically denied and deny rules take precedence.

`Examples`

- read:YHCR.* !read:YHCR.ABC - This would allow reads from all consumers in the YHCR region, excluding the consumer with prefix ABC. -read:YHCR.ABC - This would only allow reads from the consumer with prefix ABC in the YHCRregion. -read:YHCR. read:LLRCR. - This would allow reads from all consumers in the YHCR and LLRCRregions. -read:YHCR. !read:LLRCR. - While this is a valid scope, the !read:LLRCR.*is redundant as it would be denied by default if not present. -read:YHCR.* read:DDCR.ABC - This would allow reads from all consumers in the YHCR region and the single ABC provider in the DDCRregion. -!read:YHCR. read:YHCR.ABC - This would deny from all as the !read:YHCR. is a deny which takes precedence.

`Dependencies`

This package has no dependencies outside of vitest for testing.

`Testing`

`npm run test``

Usage

typescript
import { parseScope } from '@synanetics/iam-scope-parser';

const result = parseScope('read:YHCR. read:LLRCR. !read:YHCR.DEF !read:LLRCR.ABC', 'read', [
    'YHCR.ABC',
    'YHCR.DEF',
    'YHCR.GHI',
    'LLRCR.ABC',
    'LLRCR.DEF',
    'LLRCR.GHI',
    'DDCR.ABC',
]);

console.log(result);
/**
{
    allow: [
        'YHCR.ABC',
        'YHCR.GHI',
        'LLRCR.DEF',
        'LLRCR.GHI',
    ],
    deny: [
        'YHCR.DEF',
        'LLRCR.ABC',
        'DDCR.ABC',
    ]
}
*/

Detailed description

This package has been created to support the Interweave NRL project which requires providers to opt-in to data sharing with out-of-region consumers.
Scopes will be applied by the IAM service to generated JWT tokens and can be evaluated against a set of target providers using this package.

This package employs a deny-by-default approach where anything not matching a scope is automatically denied and deny rules take precedence.

Examples

- read:YHCR.* !read:YHCR.ABC - This would allow reads from all consumers in the YHCR region, excluding the consumer with prefix ABC

.
-

read:YHCR.ABC - This would only allow reads from the consumer with prefix ABC in the YHCR

 region.
-

read:YHCR. read:LLRCR. - This would allow reads from all consumers in the YHCR and LLRCR

 regions.
-

read:YHCR. !read:LLRCR. - While this is a valid scope, the !read:LLRCR.*

 is redundant as it would be denied by default if not present.
-

read:YHCR.* read:DDCR.ABC - This would allow reads from all consumers in the YHCR region and the single ABC provider in the DDCR

 region.
-

!read:YHCR. read:YHCR.ABC - This would deny from all as the !read:YHCR. is a deny which takes precedence.