authzed 0.0.1 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +29 -5
- data/lib/authzed/api/v0/acl_service_pb.rb +2 -0
- data/lib/authzed/api/v0/client.rb +61 -0
- data/lib/authzed/api/v0/core_pb.rb +2 -0
- data/lib/authzed/api/v0/developer_pb.rb +11 -0
- data/lib/authzed/api/v0/developer_services_pb.rb +1 -0
- data/lib/authzed/api/v0/namespace_pb.rb +14 -1
- data/lib/authzed/api/v0/namespace_service_pb.rb +10 -0
- data/lib/authzed/api/v0/namespace_service_services_pb.rb +1 -0
- data/lib/authzed/api/v0/watch_service_pb.rb +2 -0
- data/lib/authzed/api/v1/client.rb +37 -0
- data/lib/authzed/api/v1/core_pb.rb +75 -0
- data/lib/authzed/api/v1/openapi_pb.rb +18 -0
- data/lib/authzed/api/v1/permission_service_pb.rb +126 -0
- data/lib/authzed/api/v1/permission_service_services_pb.rb +48 -0
- data/lib/authzed/api/v1/schema_pb.rb +30 -0
- data/lib/authzed/api/v1/schema_service_pb.rb +33 -0
- data/lib/authzed/api/v1/schema_service_services_pb.rb +34 -0
- data/lib/authzed/api/v1/schema_services_pb.rb +34 -0
- data/lib/authzed/api/v1/watch_service_pb.rb +30 -0
- data/lib/authzed/api/v1/watch_service_services_pb.rb +26 -0
- data/lib/authzed/api/v1alpha1/client.rb +25 -0
- data/lib/authzed/api/v1alpha1/schema_pb.rb +5 -0
- data/lib/authzed/api/v1alpha1/watchresources_service_pb.rb +46 -0
- data/lib/authzed/api/v1alpha1/watchresources_service_services_pb.rb +30 -0
- data/lib/authzed.rb +8 -11
- data/lib/grpcutil/bearer_token.rb +75 -0
- data/lib/validate/validate_pb.rb +4 -0
- metadata +19 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c84eb0a5b270d92b397e72bb0d30858b0150dfcf6926f1eb5f9a9d504413029b
|
4
|
+
data.tar.gz: 5fcc1eafdebcc07a2dc29de9eb460a2b2ccbf5a25145bba612a5d89110ae6ca5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9cd40cbb79721e5f38bfc78439d81f9ebc19a292cac56e378adcee2ede4be5af7df5ab1b3777960c86f59cdecba2a519ac306cdc684e113c7f6695a31d9b68a3
|
7
|
+
data.tar.gz: 8341299464b007b8e6184fd95d55eb63cbe77625736f795677a99fbe6f1bc604409a002bae29a9805499b65c121d5df8ea3790dcec4bc6e7db642cc094de501c
|
data/README.md
CHANGED
@@ -14,8 +14,9 @@ This repository houses the Ruby client library for Authzed.
|
|
14
14
|
Developers create a schema that models their permissions requirements and use a client library, such as this one, to apply the schema to the database, insert data into the database, and query the data to efficiently check permissions in their applications.
|
15
15
|
|
16
16
|
Supported client API versions:
|
17
|
+
- [v1](https://docs.authzed.com/reference/api#authzedapiv1)
|
17
18
|
- [v1alpha1](https://docs.authzed.com/reference/api#authzedapiv1alpha1)
|
18
|
-
-
|
19
|
+
- "v0" - deprecated
|
19
20
|
|
20
21
|
You can find more info on each API on the [Authzed API reference documentation].
|
21
22
|
Additionally, Protobuf API documentation can be found on the [Buf Registry Authzed API repository].
|
@@ -31,10 +32,10 @@ See [CONTRIBUTING.md] for instructions on how to contribute and perform common t
|
|
31
32
|
|
32
33
|
We highly recommend following the **[Protecting Your First App]** guide to learn the latest best practice to integrate an application with Authzed.
|
33
34
|
|
34
|
-
If you're interested in
|
35
|
+
If you're interested in example uses of the API, see the spec files in the [spec directory].
|
35
36
|
|
36
37
|
[Protecting Your First App]: https://docs.authzed.com/guides/first-app
|
37
|
-
[
|
38
|
+
[spec directory]: /spec
|
38
39
|
|
39
40
|
## Basic Usage
|
40
41
|
|
@@ -58,11 +59,34 @@ In order to successfully connect, you will have to provide a [Bearer Token] with
|
|
58
59
|
[Authzed Dashboard]: https://app.authzed.com
|
59
60
|
|
60
61
|
```rb
|
61
|
-
|
62
|
+
require 'authzed'
|
63
|
+
|
64
|
+
|
65
|
+
client = Authzed::Api::V1::Client.new(
|
66
|
+
target: "localhost:50051",
|
67
|
+
credentials: :this_channel_is_insecure,
|
68
|
+
interceptors: [Authzed::GrpcUtil::BearerToken.new(token: "somerandomkeyhere")],
|
69
|
+
)
|
62
70
|
```
|
63
71
|
|
64
72
|
### Performing an API call
|
65
73
|
|
66
74
|
```rb
|
67
|
-
|
75
|
+
require 'authzed'
|
76
|
+
|
77
|
+
# Is Emilia in the set of users that can read post #1?
|
78
|
+
resp = client.permissions_service.check_permission(
|
79
|
+
Authzed::Api::V1::CheckPermissionRequest.new(
|
80
|
+
consistency: Authzed::Api::V1::Consistency.new(
|
81
|
+
at_least_as_fresh: Authzed::Api::V1::ZedToken.new(token: zed_token)
|
82
|
+
),
|
83
|
+
resource: Authzed::Api::V1::ObjectReference.new(object_type: 'blog/post', object_id: '1'),
|
84
|
+
permission: 'read',
|
85
|
+
subject: Authzed::Api::V1::SubjectReference.new(
|
86
|
+
object: Authzed::Api::V1::ObjectReference.new(object_type: 'blog/user', object_id: 'emilia')
|
87
|
+
)
|
88
|
+
)
|
89
|
+
)
|
90
|
+
can_read = Authzed::Api::V1::CheckPermissionResponse::Permissionship.resolve(resp.permissionship)) ==
|
91
|
+
Authzed::Api::V1::CheckPermissionResponse::Permissionship::PERMISSIONSHIP_HAS_PERMISSION
|
68
92
|
```
|
@@ -3,7 +3,9 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
+
require 'validate/validate_pb'
|
6
7
|
require 'authzed/api/v0/core_pb'
|
8
|
+
|
7
9
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
8
10
|
add_file("authzed/api/v0/acl_service.proto", :syntax => :proto3) do
|
9
11
|
add_message "authzed.api.v0.RelationTupleFilter" do
|
@@ -0,0 +1,61 @@
|
|
1
|
+
require 'grpc'
|
2
|
+
|
3
|
+
module Authzed
|
4
|
+
module Api
|
5
|
+
module V0
|
6
|
+
class Client
|
7
|
+
attr_reader :acl_service, :developer_service, :namespace_service, :watch_service
|
8
|
+
|
9
|
+
def initialize(target:, credentials: nil, interceptors: [], options: {}, timeout: nil)
|
10
|
+
creds = credentials || GRPC::Core::ChannelCredentials.new
|
11
|
+
|
12
|
+
@acl_service = ACLService::Stub.new(
|
13
|
+
target,
|
14
|
+
creds,
|
15
|
+
timeout: timeout,
|
16
|
+
interceptors: interceptors,
|
17
|
+
channel_args: options,
|
18
|
+
)
|
19
|
+
@developer_service = DeveloperService::Stub.new(
|
20
|
+
target,
|
21
|
+
creds,
|
22
|
+
timeout: timeout,
|
23
|
+
interceptors: interceptors,
|
24
|
+
channel_args: options,
|
25
|
+
)
|
26
|
+
@namespace_service = NamespaceService::Stub.new(
|
27
|
+
target,
|
28
|
+
creds,
|
29
|
+
timeout: timeout,
|
30
|
+
interceptors: interceptors,
|
31
|
+
channel_args: options,
|
32
|
+
)
|
33
|
+
@watch_service = WatchService::Stub.new(
|
34
|
+
target,
|
35
|
+
creds,
|
36
|
+
timeout: timeout,
|
37
|
+
interceptors: interceptors,
|
38
|
+
channel_args: options,
|
39
|
+
)
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
# Utility method for creating usersets
|
44
|
+
module UserPatch
|
45
|
+
def self.included(base)
|
46
|
+
def base.for(namespace:, object_id:)
|
47
|
+
Authzed::Api::V0::User.new(
|
48
|
+
userset: Authzed::Api::V0::ObjectAndRelation.new(
|
49
|
+
namespace: namespace,
|
50
|
+
object_id: object_id,
|
51
|
+
relation: '...',
|
52
|
+
)
|
53
|
+
)
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
User.include(UserPatch)
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
@@ -5,8 +5,16 @@ require 'google/protobuf'
|
|
5
5
|
|
6
6
|
require 'authzed/api/v0/core_pb'
|
7
7
|
require 'authzed/api/v0/namespace_pb'
|
8
|
+
|
8
9
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
10
|
add_file("authzed/api/v0/developer.proto", :syntax => :proto3) do
|
11
|
+
add_message "authzed.api.v0.FormatSchemaRequest" do
|
12
|
+
optional :schema, :string, 1, json_name: "schema"
|
13
|
+
end
|
14
|
+
add_message "authzed.api.v0.FormatSchemaResponse" do
|
15
|
+
optional :error, :message, 1, "authzed.api.v0.DeveloperError", json_name: "error"
|
16
|
+
optional :formatted_schema, :string, 2, json_name: "formattedSchema"
|
17
|
+
end
|
10
18
|
add_message "authzed.api.v0.UpgradeSchemaRequest" do
|
11
19
|
repeated :namespace_configs, :string, 1, json_name: "namespaceConfigs"
|
12
20
|
end
|
@@ -42,6 +50,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
42
50
|
add_message "authzed.api.v0.RequestContext" do
|
43
51
|
optional :schema, :string, 1, json_name: "schema"
|
44
52
|
repeated :relationships, :message, 2, "authzed.api.v0.RelationTuple", json_name: "relationships"
|
53
|
+
repeated :legacy_ns_configs, :message, 3, "authzed.api.v0.NamespaceDefinition", json_name: "legacyNsConfigs"
|
45
54
|
end
|
46
55
|
add_message "authzed.api.v0.EditCheckRequest" do
|
47
56
|
optional :context, :message, 1, "authzed.api.v0.RequestContext", json_name: "context"
|
@@ -102,6 +111,8 @@ end
|
|
102
111
|
module Authzed
|
103
112
|
module Api
|
104
113
|
module V0
|
114
|
+
FormatSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.FormatSchemaRequest").msgclass
|
115
|
+
FormatSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.FormatSchemaResponse").msgclass
|
105
116
|
UpgradeSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.UpgradeSchemaRequest").msgclass
|
106
117
|
UpgradeSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.UpgradeSchemaResponse").msgclass
|
107
118
|
ShareRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.ShareRequest").msgclass
|
@@ -21,6 +21,7 @@ module Authzed
|
|
21
21
|
rpc :Share, ::Authzed::Api::V0::ShareRequest, ::Authzed::Api::V0::ShareResponse
|
22
22
|
rpc :LookupShared, ::Authzed::Api::V0::LookupShareRequest, ::Authzed::Api::V0::LookupShareResponse
|
23
23
|
rpc :UpgradeSchema, ::Authzed::Api::V0::UpgradeSchemaRequest, ::Authzed::Api::V0::UpgradeSchemaResponse
|
24
|
+
rpc :FormatSchema, ::Authzed::Api::V0::FormatSchemaRequest, ::Authzed::Api::V0::FormatSchemaResponse
|
24
25
|
end
|
25
26
|
|
26
27
|
Stub = Service.rpc_stub_class
|
@@ -4,7 +4,9 @@
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
6
|
require 'google/protobuf/any_pb'
|
7
|
+
require 'validate/validate_pb'
|
7
8
|
require 'authzed/api/v0/core_pb'
|
9
|
+
|
8
10
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
11
|
add_file("authzed/api/v0/namespace.proto", :syntax => :proto3) do
|
10
12
|
add_message "authzed.api.v0.Metadata" do
|
@@ -22,7 +24,16 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
22
24
|
optional :metadata, :message, 4, "authzed.api.v0.Metadata", json_name: "metadata"
|
23
25
|
end
|
24
26
|
add_message "authzed.api.v0.TypeInformation" do
|
25
|
-
repeated :allowed_direct_relations, :message, 1, "authzed.api.v0.
|
27
|
+
repeated :allowed_direct_relations, :message, 1, "authzed.api.v0.AllowedRelation", json_name: "allowedDirectRelations"
|
28
|
+
end
|
29
|
+
add_message "authzed.api.v0.AllowedRelation" do
|
30
|
+
optional :namespace, :string, 1, json_name: "namespace"
|
31
|
+
oneof :relation_or_wildcard do
|
32
|
+
optional :relation, :string, 3, json_name: "relation"
|
33
|
+
optional :public_wildcard, :message, 4, "authzed.api.v0.AllowedRelation.PublicWildcard", json_name: "publicWildcard"
|
34
|
+
end
|
35
|
+
end
|
36
|
+
add_message "authzed.api.v0.AllowedRelation.PublicWildcard" do
|
26
37
|
end
|
27
38
|
add_message "authzed.api.v0.UsersetRewrite" do
|
28
39
|
oneof :rewrite_operation do
|
@@ -69,6 +80,8 @@ module Authzed
|
|
69
80
|
NamespaceDefinition = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.NamespaceDefinition").msgclass
|
70
81
|
Relation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.Relation").msgclass
|
71
82
|
TypeInformation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.TypeInformation").msgclass
|
83
|
+
AllowedRelation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.AllowedRelation").msgclass
|
84
|
+
AllowedRelation::PublicWildcard = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.AllowedRelation.PublicWildcard").msgclass
|
72
85
|
UsersetRewrite = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.UsersetRewrite").msgclass
|
73
86
|
SetOperation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperation").msgclass
|
74
87
|
SetOperation::Child = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperation.Child").msgclass
|
@@ -3,8 +3,10 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
+
require 'validate/validate_pb'
|
6
7
|
require 'authzed/api/v0/core_pb'
|
7
8
|
require 'authzed/api/v0/namespace_pb'
|
9
|
+
|
8
10
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
11
|
add_file("authzed/api/v0/namespace_service.proto", :syntax => :proto3) do
|
10
12
|
add_message "authzed.api.v0.ReadConfigRequest" do
|
@@ -22,6 +24,12 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
22
24
|
add_message "authzed.api.v0.WriteConfigResponse" do
|
23
25
|
optional :revision, :message, 1, "authzed.api.v0.Zookie", json_name: "revision"
|
24
26
|
end
|
27
|
+
add_message "authzed.api.v0.DeleteConfigsRequest" do
|
28
|
+
repeated :namespaces, :string, 1, json_name: "namespaces"
|
29
|
+
end
|
30
|
+
add_message "authzed.api.v0.DeleteConfigsResponse" do
|
31
|
+
optional :revision, :message, 1, "authzed.api.v0.Zookie", json_name: "revision"
|
32
|
+
end
|
25
33
|
end
|
26
34
|
end
|
27
35
|
|
@@ -32,6 +40,8 @@ module Authzed
|
|
32
40
|
ReadConfigResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.ReadConfigResponse").msgclass
|
33
41
|
WriteConfigRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.WriteConfigRequest").msgclass
|
34
42
|
WriteConfigResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.WriteConfigResponse").msgclass
|
43
|
+
DeleteConfigsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.DeleteConfigsRequest").msgclass
|
44
|
+
DeleteConfigsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.DeleteConfigsResponse").msgclass
|
35
45
|
end
|
36
46
|
end
|
37
47
|
end
|
@@ -18,6 +18,7 @@ module Authzed
|
|
18
18
|
|
19
19
|
rpc :ReadConfig, ::Authzed::Api::V0::ReadConfigRequest, ::Authzed::Api::V0::ReadConfigResponse
|
20
20
|
rpc :WriteConfig, ::Authzed::Api::V0::WriteConfigRequest, ::Authzed::Api::V0::WriteConfigResponse
|
21
|
+
rpc :DeleteConfigs, ::Authzed::Api::V0::DeleteConfigsRequest, ::Authzed::Api::V0::DeleteConfigsResponse
|
21
22
|
end
|
22
23
|
|
23
24
|
Stub = Service.rpc_stub_class
|
@@ -3,7 +3,9 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
+
require 'validate/validate_pb'
|
6
7
|
require 'authzed/api/v0/core_pb'
|
8
|
+
|
7
9
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
8
10
|
add_file("authzed/api/v0/watch_service.proto", :syntax => :proto3) do
|
9
11
|
add_message "authzed.api.v0.WatchRequest" do
|
@@ -0,0 +1,37 @@
|
|
1
|
+
require 'grpc'
|
2
|
+
|
3
|
+
module Authzed
|
4
|
+
module Api
|
5
|
+
module V1
|
6
|
+
class Client
|
7
|
+
attr_reader :permissions_service, :schema_service, :watch_service
|
8
|
+
|
9
|
+
def initialize(target:, credentials: nil, interceptors: [], options: {}, timeout: nil)
|
10
|
+
creds = credentials || GRPC::Core::ChannelCredentials.new
|
11
|
+
|
12
|
+
@permissions_service = Authzed::Api::V1::PermissionsService::Stub.new(
|
13
|
+
target,
|
14
|
+
creds,
|
15
|
+
timeout: timeout,
|
16
|
+
interceptors: interceptors,
|
17
|
+
channel_args: options,
|
18
|
+
)
|
19
|
+
@schema_service = Authzed::Api::V1::SchemaService::Stub.new(
|
20
|
+
target,
|
21
|
+
creds,
|
22
|
+
timeout: timeout,
|
23
|
+
interceptors: interceptors,
|
24
|
+
channel_args: options,
|
25
|
+
)
|
26
|
+
@watch_service = Authzed::Api::V1::WatchService::Stub.new(
|
27
|
+
target,
|
28
|
+
creds,
|
29
|
+
timeout: timeout,
|
30
|
+
interceptors: interceptors,
|
31
|
+
channel_args: options,
|
32
|
+
)
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
@@ -0,0 +1,75 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1/core.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'validate/validate_pb'
|
7
|
+
|
8
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
|
+
add_file("authzed/api/v1/core.proto", :syntax => :proto3) do
|
10
|
+
add_message "authzed.api.v1.Relationship" do
|
11
|
+
optional :resource, :message, 1, "authzed.api.v1.ObjectReference", json_name: "resource"
|
12
|
+
optional :relation, :string, 2, json_name: "relation"
|
13
|
+
optional :subject, :message, 3, "authzed.api.v1.SubjectReference", json_name: "subject"
|
14
|
+
end
|
15
|
+
add_message "authzed.api.v1.SubjectReference" do
|
16
|
+
optional :object, :message, 1, "authzed.api.v1.ObjectReference", json_name: "object"
|
17
|
+
optional :optional_relation, :string, 2, json_name: "optionalRelation"
|
18
|
+
end
|
19
|
+
add_message "authzed.api.v1.ObjectReference" do
|
20
|
+
optional :object_type, :string, 1, json_name: "objectType"
|
21
|
+
optional :object_id, :string, 2, json_name: "objectId"
|
22
|
+
end
|
23
|
+
add_message "authzed.api.v1.ZedToken" do
|
24
|
+
optional :token, :string, 1, json_name: "token"
|
25
|
+
end
|
26
|
+
add_message "authzed.api.v1.RelationshipUpdate" do
|
27
|
+
optional :operation, :enum, 1, "authzed.api.v1.RelationshipUpdate.Operation", json_name: "operation"
|
28
|
+
optional :relationship, :message, 2, "authzed.api.v1.Relationship", json_name: "relationship"
|
29
|
+
end
|
30
|
+
add_enum "authzed.api.v1.RelationshipUpdate.Operation" do
|
31
|
+
value :OPERATION_UNSPECIFIED, 0
|
32
|
+
value :OPERATION_CREATE, 1
|
33
|
+
value :OPERATION_TOUCH, 2
|
34
|
+
value :OPERATION_DELETE, 3
|
35
|
+
end
|
36
|
+
add_message "authzed.api.v1.PermissionRelationshipTree" do
|
37
|
+
optional :expanded_object, :message, 3, "authzed.api.v1.ObjectReference", json_name: "expandedObject"
|
38
|
+
optional :expanded_relation, :string, 4, json_name: "expandedRelation"
|
39
|
+
oneof :tree_type do
|
40
|
+
optional :intermediate, :message, 1, "authzed.api.v1.AlgebraicSubjectSet", json_name: "intermediate"
|
41
|
+
optional :leaf, :message, 2, "authzed.api.v1.DirectSubjectSet", json_name: "leaf"
|
42
|
+
end
|
43
|
+
end
|
44
|
+
add_message "authzed.api.v1.AlgebraicSubjectSet" do
|
45
|
+
optional :operation, :enum, 1, "authzed.api.v1.AlgebraicSubjectSet.Operation", json_name: "operation"
|
46
|
+
repeated :children, :message, 2, "authzed.api.v1.PermissionRelationshipTree", json_name: "children"
|
47
|
+
end
|
48
|
+
add_enum "authzed.api.v1.AlgebraicSubjectSet.Operation" do
|
49
|
+
value :OPERATION_UNSPECIFIED, 0
|
50
|
+
value :OPERATION_UNION, 1
|
51
|
+
value :OPERATION_INTERSECTION, 2
|
52
|
+
value :OPERATION_EXCLUSION, 3
|
53
|
+
end
|
54
|
+
add_message "authzed.api.v1.DirectSubjectSet" do
|
55
|
+
repeated :subjects, :message, 1, "authzed.api.v1.SubjectReference", json_name: "subjects"
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
module Authzed
|
61
|
+
module Api
|
62
|
+
module V1
|
63
|
+
Relationship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.Relationship").msgclass
|
64
|
+
SubjectReference = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.SubjectReference").msgclass
|
65
|
+
ObjectReference = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ObjectReference").msgclass
|
66
|
+
ZedToken = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ZedToken").msgclass
|
67
|
+
RelationshipUpdate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.RelationshipUpdate").msgclass
|
68
|
+
RelationshipUpdate::Operation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.RelationshipUpdate.Operation").enummodule
|
69
|
+
PermissionRelationshipTree = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.PermissionRelationshipTree").msgclass
|
70
|
+
AlgebraicSubjectSet = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.AlgebraicSubjectSet").msgclass
|
71
|
+
AlgebraicSubjectSet::Operation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.AlgebraicSubjectSet.Operation").enummodule
|
72
|
+
DirectSubjectSet = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.DirectSubjectSet").msgclass
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1/openapi.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'protoc-gen-openapiv2/options/annotations_pb'
|
7
|
+
|
8
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
|
+
add_file("authzed/api/v1/openapi.proto", :syntax => :proto3) do
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
module Authzed
|
14
|
+
module Api
|
15
|
+
module V1
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
@@ -0,0 +1,126 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1/permission_service.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'google/api/annotations_pb'
|
7
|
+
require 'validate/validate_pb'
|
8
|
+
require 'authzed/api/v1/core_pb'
|
9
|
+
|
10
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
11
|
+
add_file("authzed/api/v1/permission_service.proto", :syntax => :proto3) do
|
12
|
+
add_message "authzed.api.v1.Consistency" do
|
13
|
+
oneof :requirement do
|
14
|
+
optional :minimize_latency, :bool, 1, json_name: "minimizeLatency"
|
15
|
+
optional :at_least_as_fresh, :message, 2, "authzed.api.v1.ZedToken", json_name: "atLeastAsFresh"
|
16
|
+
optional :at_exact_snapshot, :message, 3, "authzed.api.v1.ZedToken", json_name: "atExactSnapshot"
|
17
|
+
optional :fully_consistent, :bool, 4, json_name: "fullyConsistent"
|
18
|
+
end
|
19
|
+
end
|
20
|
+
add_message "authzed.api.v1.RelationshipFilter" do
|
21
|
+
optional :resource_type, :string, 1, json_name: "resourceType"
|
22
|
+
optional :optional_resource_id, :string, 2, json_name: "optionalResourceId"
|
23
|
+
optional :optional_relation, :string, 3, json_name: "optionalRelation"
|
24
|
+
optional :optional_subject_filter, :message, 4, "authzed.api.v1.SubjectFilter", json_name: "optionalSubjectFilter"
|
25
|
+
end
|
26
|
+
add_message "authzed.api.v1.SubjectFilter" do
|
27
|
+
optional :subject_type, :string, 1, json_name: "subjectType"
|
28
|
+
optional :optional_subject_id, :string, 2, json_name: "optionalSubjectId"
|
29
|
+
optional :optional_relation, :message, 3, "authzed.api.v1.SubjectFilter.RelationFilter", json_name: "optionalRelation"
|
30
|
+
end
|
31
|
+
add_message "authzed.api.v1.SubjectFilter.RelationFilter" do
|
32
|
+
optional :relation, :string, 1, json_name: "relation"
|
33
|
+
end
|
34
|
+
add_message "authzed.api.v1.ReadRelationshipsRequest" do
|
35
|
+
optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
|
36
|
+
optional :relationship_filter, :message, 2, "authzed.api.v1.RelationshipFilter", json_name: "relationshipFilter"
|
37
|
+
end
|
38
|
+
add_message "authzed.api.v1.ReadRelationshipsResponse" do
|
39
|
+
optional :read_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "readAt"
|
40
|
+
optional :relationship, :message, 2, "authzed.api.v1.Relationship", json_name: "relationship"
|
41
|
+
end
|
42
|
+
add_message "authzed.api.v1.Precondition" do
|
43
|
+
optional :operation, :enum, 1, "authzed.api.v1.Precondition.Operation", json_name: "operation"
|
44
|
+
optional :filter, :message, 2, "authzed.api.v1.RelationshipFilter", json_name: "filter"
|
45
|
+
end
|
46
|
+
add_enum "authzed.api.v1.Precondition.Operation" do
|
47
|
+
value :OPERATION_UNSPECIFIED, 0
|
48
|
+
value :OPERATION_MUST_NOT_MATCH, 1
|
49
|
+
value :OPERATION_MUST_MATCH, 2
|
50
|
+
end
|
51
|
+
add_message "authzed.api.v1.WriteRelationshipsRequest" do
|
52
|
+
repeated :updates, :message, 1, "authzed.api.v1.RelationshipUpdate", json_name: "updates"
|
53
|
+
repeated :optional_preconditions, :message, 2, "authzed.api.v1.Precondition", json_name: "optionalPreconditions"
|
54
|
+
end
|
55
|
+
add_message "authzed.api.v1.WriteRelationshipsResponse" do
|
56
|
+
optional :written_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "writtenAt"
|
57
|
+
end
|
58
|
+
add_message "authzed.api.v1.DeleteRelationshipsRequest" do
|
59
|
+
optional :relationship_filter, :message, 1, "authzed.api.v1.RelationshipFilter", json_name: "relationshipFilter"
|
60
|
+
repeated :optional_preconditions, :message, 2, "authzed.api.v1.Precondition", json_name: "optionalPreconditions"
|
61
|
+
end
|
62
|
+
add_message "authzed.api.v1.DeleteRelationshipsResponse" do
|
63
|
+
optional :deleted_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "deletedAt"
|
64
|
+
end
|
65
|
+
add_message "authzed.api.v1.CheckPermissionRequest" do
|
66
|
+
optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
|
67
|
+
optional :resource, :message, 2, "authzed.api.v1.ObjectReference", json_name: "resource"
|
68
|
+
optional :permission, :string, 3, json_name: "permission"
|
69
|
+
optional :subject, :message, 4, "authzed.api.v1.SubjectReference", json_name: "subject"
|
70
|
+
end
|
71
|
+
add_message "authzed.api.v1.CheckPermissionResponse" do
|
72
|
+
optional :checked_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "checkedAt"
|
73
|
+
optional :permissionship, :enum, 2, "authzed.api.v1.CheckPermissionResponse.Permissionship", json_name: "permissionship"
|
74
|
+
end
|
75
|
+
add_enum "authzed.api.v1.CheckPermissionResponse.Permissionship" do
|
76
|
+
value :PERMISSIONSHIP_UNSPECIFIED, 0
|
77
|
+
value :PERMISSIONSHIP_NO_PERMISSION, 1
|
78
|
+
value :PERMISSIONSHIP_HAS_PERMISSION, 2
|
79
|
+
end
|
80
|
+
add_message "authzed.api.v1.ExpandPermissionTreeRequest" do
|
81
|
+
optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
|
82
|
+
optional :resource, :message, 2, "authzed.api.v1.ObjectReference", json_name: "resource"
|
83
|
+
optional :permission, :string, 3, json_name: "permission"
|
84
|
+
end
|
85
|
+
add_message "authzed.api.v1.ExpandPermissionTreeResponse" do
|
86
|
+
optional :expanded_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "expandedAt"
|
87
|
+
optional :tree_root, :message, 2, "authzed.api.v1.PermissionRelationshipTree", json_name: "treeRoot"
|
88
|
+
end
|
89
|
+
add_message "authzed.api.v1.LookupResourcesRequest" do
|
90
|
+
optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
|
91
|
+
optional :resource_object_type, :string, 2, json_name: "resourceObjectType"
|
92
|
+
optional :permission, :string, 3, json_name: "permission"
|
93
|
+
optional :subject, :message, 4, "authzed.api.v1.SubjectReference", json_name: "subject"
|
94
|
+
end
|
95
|
+
add_message "authzed.api.v1.LookupResourcesResponse" do
|
96
|
+
optional :looked_up_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "lookedUpAt"
|
97
|
+
optional :resource_object_id, :string, 2, json_name: "resourceObjectId"
|
98
|
+
end
|
99
|
+
end
|
100
|
+
end
|
101
|
+
|
102
|
+
module Authzed
|
103
|
+
module Api
|
104
|
+
module V1
|
105
|
+
Consistency = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.Consistency").msgclass
|
106
|
+
RelationshipFilter = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.RelationshipFilter").msgclass
|
107
|
+
SubjectFilter = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.SubjectFilter").msgclass
|
108
|
+
SubjectFilter::RelationFilter = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.SubjectFilter.RelationFilter").msgclass
|
109
|
+
ReadRelationshipsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadRelationshipsRequest").msgclass
|
110
|
+
ReadRelationshipsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadRelationshipsResponse").msgclass
|
111
|
+
Precondition = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.Precondition").msgclass
|
112
|
+
Precondition::Operation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.Precondition.Operation").enummodule
|
113
|
+
WriteRelationshipsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteRelationshipsRequest").msgclass
|
114
|
+
WriteRelationshipsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteRelationshipsResponse").msgclass
|
115
|
+
DeleteRelationshipsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.DeleteRelationshipsRequest").msgclass
|
116
|
+
DeleteRelationshipsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.DeleteRelationshipsResponse").msgclass
|
117
|
+
CheckPermissionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckPermissionRequest").msgclass
|
118
|
+
CheckPermissionResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckPermissionResponse").msgclass
|
119
|
+
CheckPermissionResponse::Permissionship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckPermissionResponse.Permissionship").enummodule
|
120
|
+
ExpandPermissionTreeRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExpandPermissionTreeRequest").msgclass
|
121
|
+
ExpandPermissionTreeResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExpandPermissionTreeResponse").msgclass
|
122
|
+
LookupResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupResourcesRequest").msgclass
|
123
|
+
LookupResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupResourcesResponse").msgclass
|
124
|
+
end
|
125
|
+
end
|
126
|
+
end
|
@@ -0,0 +1,48 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# Source: authzed/api/v1/permission_service.proto for package 'authzed.api.v1'
|
3
|
+
|
4
|
+
require 'grpc'
|
5
|
+
require 'authzed/api/v1/permission_service_pb'
|
6
|
+
|
7
|
+
module Authzed
|
8
|
+
module Api
|
9
|
+
module V1
|
10
|
+
module PermissionsService
|
11
|
+
# PermissionsService implements a set of RPCs that perform operations on
|
12
|
+
# relationships and permissions.
|
13
|
+
class Service
|
14
|
+
|
15
|
+
include ::GRPC::GenericService
|
16
|
+
|
17
|
+
self.marshal_class_method = :encode
|
18
|
+
self.unmarshal_class_method = :decode
|
19
|
+
self.service_name = 'authzed.api.v1.PermissionsService'
|
20
|
+
|
21
|
+
# ReadRelationships reads a set of the relationships matching one or more
|
22
|
+
# filters.
|
23
|
+
rpc :ReadRelationships, ::Authzed::Api::V1::ReadRelationshipsRequest, stream(::Authzed::Api::V1::ReadRelationshipsResponse)
|
24
|
+
# WriteRelationships atomically writes and/or deletes a set of specified
|
25
|
+
# relationships. An optional set of preconditions can be provided that must
|
26
|
+
# be satisfied for the operation to commit.
|
27
|
+
rpc :WriteRelationships, ::Authzed::Api::V1::WriteRelationshipsRequest, ::Authzed::Api::V1::WriteRelationshipsResponse
|
28
|
+
# DeleteRelationships atomically bulk deletes relationships matching one or
|
29
|
+
# more filters. An optional set of preconditions can be provided that must
|
30
|
+
# be satisfied for the operation to commit.
|
31
|
+
rpc :DeleteRelationships, ::Authzed::Api::V1::DeleteRelationshipsRequest, ::Authzed::Api::V1::DeleteRelationshipsResponse
|
32
|
+
# CheckPermission determines for a given resource whether a subject computes
|
33
|
+
# to having a permission or is a direct member of a particular relation.
|
34
|
+
rpc :CheckPermission, ::Authzed::Api::V1::CheckPermissionRequest, ::Authzed::Api::V1::CheckPermissionResponse
|
35
|
+
# ExpandPermissionTree reveals the graph structure for a resource's
|
36
|
+
# permission or relation. This RPC does not recurse infinitely deep and may
|
37
|
+
# require multiple calls to fully unnest a deeply nested graph.
|
38
|
+
rpc :ExpandPermissionTree, ::Authzed::Api::V1::ExpandPermissionTreeRequest, ::Authzed::Api::V1::ExpandPermissionTreeResponse
|
39
|
+
# LookupResources returns all the resources of a given type that a subject
|
40
|
+
# can access whether via a computed permission or relation membership.
|
41
|
+
rpc :LookupResources, ::Authzed::Api::V1::LookupResourcesRequest, stream(::Authzed::Api::V1::LookupResourcesResponse)
|
42
|
+
end
|
43
|
+
|
44
|
+
Stub = Service.rpc_stub_class
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1/schema.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
7
|
+
add_file("authzed/api/v1/schema.proto", :syntax => :proto3) do
|
8
|
+
add_message "authzed.api.v1.ReadSchemaRequest" do
|
9
|
+
end
|
10
|
+
add_message "authzed.api.v1.ReadSchemaResponse" do
|
11
|
+
optional :schema_text, :string, 1, json_name: "schemaText"
|
12
|
+
end
|
13
|
+
add_message "authzed.api.v1.WriteSchemaRequest" do
|
14
|
+
optional :schema, :string, 1, json_name: "schema"
|
15
|
+
end
|
16
|
+
add_message "authzed.api.v1.WriteSchemaResponse" do
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
module Authzed
|
22
|
+
module Api
|
23
|
+
module V1
|
24
|
+
ReadSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaRequest").msgclass
|
25
|
+
ReadSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaResponse").msgclass
|
26
|
+
WriteSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaRequest").msgclass
|
27
|
+
WriteSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaResponse").msgclass
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1/schema_service.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'google/api/annotations_pb'
|
7
|
+
require 'validate/validate_pb'
|
8
|
+
|
9
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
10
|
+
add_file("authzed/api/v1/schema_service.proto", :syntax => :proto3) do
|
11
|
+
add_message "authzed.api.v1.ReadSchemaRequest" do
|
12
|
+
end
|
13
|
+
add_message "authzed.api.v1.ReadSchemaResponse" do
|
14
|
+
optional :schema_text, :string, 1, json_name: "schemaText"
|
15
|
+
end
|
16
|
+
add_message "authzed.api.v1.WriteSchemaRequest" do
|
17
|
+
optional :schema, :string, 1, json_name: "schema"
|
18
|
+
end
|
19
|
+
add_message "authzed.api.v1.WriteSchemaResponse" do
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
module Authzed
|
25
|
+
module Api
|
26
|
+
module V1
|
27
|
+
ReadSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaRequest").msgclass
|
28
|
+
ReadSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaResponse").msgclass
|
29
|
+
WriteSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaRequest").msgclass
|
30
|
+
WriteSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaResponse").msgclass
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# Source: authzed/api/v1/schema_service.proto for package 'authzed.api.v1'
|
3
|
+
|
4
|
+
require 'grpc'
|
5
|
+
require 'authzed/api/v1/schema_service_pb'
|
6
|
+
|
7
|
+
module Authzed
|
8
|
+
module Api
|
9
|
+
module V1
|
10
|
+
module SchemaService
|
11
|
+
# SchemaService implements operations on a Permissions System's Schema.
|
12
|
+
class Service
|
13
|
+
|
14
|
+
include ::GRPC::GenericService
|
15
|
+
|
16
|
+
self.marshal_class_method = :encode
|
17
|
+
self.unmarshal_class_method = :decode
|
18
|
+
self.service_name = 'authzed.api.v1.SchemaService'
|
19
|
+
|
20
|
+
# Read returns the current Object Definitions for a Permissions System.
|
21
|
+
#
|
22
|
+
# Errors include:
|
23
|
+
# - INVALID_ARGUMENT: a provided value has failed to semantically validate
|
24
|
+
# - NOT_FOUND: no schema has been defined
|
25
|
+
rpc :ReadSchema, ::Authzed::Api::V1::ReadSchemaRequest, ::Authzed::Api::V1::ReadSchemaResponse
|
26
|
+
# Write overwrites the current Object Definitions for a Permissions System.
|
27
|
+
rpc :WriteSchema, ::Authzed::Api::V1::WriteSchemaRequest, ::Authzed::Api::V1::WriteSchemaResponse
|
28
|
+
end
|
29
|
+
|
30
|
+
Stub = Service.rpc_stub_class
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# Source: authzed/api/v1/schema.proto for package 'authzed.api.v1'
|
3
|
+
|
4
|
+
require 'grpc'
|
5
|
+
require 'authzed/api/v1/schema_pb'
|
6
|
+
|
7
|
+
module Authzed
|
8
|
+
module Api
|
9
|
+
module V1
|
10
|
+
module SchemaService
|
11
|
+
# SchemaService implements operations on a Permissions System's Schema.
|
12
|
+
class Service
|
13
|
+
|
14
|
+
include ::GRPC::GenericService
|
15
|
+
|
16
|
+
self.marshal_class_method = :encode
|
17
|
+
self.unmarshal_class_method = :decode
|
18
|
+
self.service_name = 'authzed.api.v1.SchemaService'
|
19
|
+
|
20
|
+
# Read returns the current Object Definitions for a Permissions System.
|
21
|
+
#
|
22
|
+
# Errors include:
|
23
|
+
# - INVALID_ARGUMENT: a provided value has failed to semantically validate
|
24
|
+
# - NOT_FOUND: no schema has been defined
|
25
|
+
rpc :ReadSchema, ::Authzed::Api::V1::ReadSchemaRequest, ::Authzed::Api::V1::ReadSchemaResponse
|
26
|
+
# Write overwrites the current Object Definitions for a Permissions System.
|
27
|
+
rpc :WriteSchema, ::Authzed::Api::V1::WriteSchemaRequest, ::Authzed::Api::V1::WriteSchemaResponse
|
28
|
+
end
|
29
|
+
|
30
|
+
Stub = Service.rpc_stub_class
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1/watch_service.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'google/api/annotations_pb'
|
7
|
+
require 'validate/validate_pb'
|
8
|
+
require 'authzed/api/v1/core_pb'
|
9
|
+
|
10
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
11
|
+
add_file("authzed/api/v1/watch_service.proto", :syntax => :proto3) do
|
12
|
+
add_message "authzed.api.v1.WatchRequest" do
|
13
|
+
repeated :optional_object_types, :string, 1, json_name: "optionalObjectTypes"
|
14
|
+
optional :optional_start_cursor, :message, 2, "authzed.api.v1.ZedToken", json_name: "optionalStartCursor"
|
15
|
+
end
|
16
|
+
add_message "authzed.api.v1.WatchResponse" do
|
17
|
+
repeated :updates, :message, 1, "authzed.api.v1.RelationshipUpdate", json_name: "updates"
|
18
|
+
optional :changes_through, :message, 2, "authzed.api.v1.ZedToken", json_name: "changesThrough"
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
module Authzed
|
24
|
+
module Api
|
25
|
+
module V1
|
26
|
+
WatchRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WatchRequest").msgclass
|
27
|
+
WatchResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WatchResponse").msgclass
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# Source: authzed/api/v1/watch_service.proto for package 'authzed.api.v1'
|
3
|
+
|
4
|
+
require 'grpc'
|
5
|
+
require 'authzed/api/v1/watch_service_pb'
|
6
|
+
|
7
|
+
module Authzed
|
8
|
+
module Api
|
9
|
+
module V1
|
10
|
+
module WatchService
|
11
|
+
class Service
|
12
|
+
|
13
|
+
include ::GRPC::GenericService
|
14
|
+
|
15
|
+
self.marshal_class_method = :encode
|
16
|
+
self.unmarshal_class_method = :decode
|
17
|
+
self.service_name = 'authzed.api.v1.WatchService'
|
18
|
+
|
19
|
+
rpc :Watch, ::Authzed::Api::V1::WatchRequest, stream(::Authzed::Api::V1::WatchResponse)
|
20
|
+
end
|
21
|
+
|
22
|
+
Stub = Service.rpc_stub_class
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'grpc'
|
2
|
+
|
3
|
+
module Authzed
|
4
|
+
module Api
|
5
|
+
module V1alpha1
|
6
|
+
class Client
|
7
|
+
|
8
|
+
attr_reader :schema_service
|
9
|
+
|
10
|
+
def initialize(target:, credentials: nil, interceptors: [], options: {}, timeout: nil)
|
11
|
+
creds = credentials || GRPC::Core::ChannelCredentials.new
|
12
|
+
|
13
|
+
@schema_service = Authzed::Api::V1alpha1::SchemaService::Stub.new(
|
14
|
+
target,
|
15
|
+
creds,
|
16
|
+
timeout: timeout,
|
17
|
+
interceptors: interceptors,
|
18
|
+
channel_args: options,
|
19
|
+
)
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
@@ -3,6 +3,8 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
+
require 'validate/validate_pb'
|
7
|
+
|
6
8
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
7
9
|
add_file("authzed/api/v1alpha1/schema.proto", :syntax => :proto3) do
|
8
10
|
add_message "authzed.api.v1alpha1.ReadSchemaRequest" do
|
@@ -10,12 +12,15 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
10
12
|
end
|
11
13
|
add_message "authzed.api.v1alpha1.ReadSchemaResponse" do
|
12
14
|
repeated :object_definitions, :string, 1, json_name: "objectDefinitions"
|
15
|
+
optional :computed_definitions_revision, :string, 2, json_name: "computedDefinitionsRevision"
|
13
16
|
end
|
14
17
|
add_message "authzed.api.v1alpha1.WriteSchemaRequest" do
|
15
18
|
optional :schema, :string, 1, json_name: "schema"
|
19
|
+
optional :optional_definitions_revision_precondition, :string, 2, json_name: "optionalDefinitionsRevisionPrecondition"
|
16
20
|
end
|
17
21
|
add_message "authzed.api.v1alpha1.WriteSchemaResponse" do
|
18
22
|
repeated :object_definitions_names, :string, 1, json_name: "objectDefinitionsNames"
|
23
|
+
optional :computed_definitions_revision, :string, 2, json_name: "computedDefinitionsRevision"
|
19
24
|
end
|
20
25
|
end
|
21
26
|
end
|
@@ -0,0 +1,46 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1alpha1/watchresources_service.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'google/api/annotations_pb'
|
7
|
+
require 'validate/validate_pb'
|
8
|
+
require 'authzed/api/v1/core_pb'
|
9
|
+
|
10
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
11
|
+
add_file("authzed/api/v1alpha1/watchresources_service.proto", :syntax => :proto3) do
|
12
|
+
add_message "authzed.api.v1alpha1.WatchResourcesRequest" do
|
13
|
+
optional :resource_object_type, :string, 1, json_name: "resourceObjectType"
|
14
|
+
optional :permission, :string, 2, json_name: "permission"
|
15
|
+
optional :subject_object_type, :string, 3, json_name: "subjectObjectType"
|
16
|
+
optional :optional_subject_relation, :string, 4, json_name: "optionalSubjectRelation"
|
17
|
+
optional :optional_start_cursor, :message, 5, "authzed.api.v1.ZedToken", json_name: "optionalStartCursor"
|
18
|
+
end
|
19
|
+
add_message "authzed.api.v1alpha1.PermissionUpdate" do
|
20
|
+
optional :subject, :message, 1, "authzed.api.v1.SubjectReference", json_name: "subject"
|
21
|
+
optional :resource, :message, 2, "authzed.api.v1.ObjectReference", json_name: "resource"
|
22
|
+
optional :relation, :string, 3, json_name: "relation"
|
23
|
+
optional :updated_permission, :enum, 4, "authzed.api.v1alpha1.PermissionUpdate.Permissionship", json_name: "updatedPermission"
|
24
|
+
end
|
25
|
+
add_enum "authzed.api.v1alpha1.PermissionUpdate.Permissionship" do
|
26
|
+
value :PERMISSIONSHIP_UNSPECIFIED, 0
|
27
|
+
value :PERMISSIONSHIP_NO_PERMISSION, 1
|
28
|
+
value :PERMISSIONSHIP_HAS_PERMISSION, 2
|
29
|
+
end
|
30
|
+
add_message "authzed.api.v1alpha1.WatchResourcesResponse" do
|
31
|
+
repeated :updates, :message, 1, "authzed.api.v1alpha1.PermissionUpdate", json_name: "updates"
|
32
|
+
optional :changes_through, :message, 2, "authzed.api.v1.ZedToken", json_name: "changesThrough"
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
module Authzed
|
38
|
+
module Api
|
39
|
+
module V1alpha1
|
40
|
+
WatchResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.WatchResourcesRequest").msgclass
|
41
|
+
PermissionUpdate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.PermissionUpdate").msgclass
|
42
|
+
PermissionUpdate::Permissionship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.PermissionUpdate.Permissionship").enummodule
|
43
|
+
WatchResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.WatchResourcesResponse").msgclass
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# Source: authzed/api/v1alpha1/watchresources_service.proto for package 'authzed.api.v1alpha1'
|
3
|
+
|
4
|
+
require 'grpc'
|
5
|
+
require 'authzed/api/v1alpha1/watchresources_service_pb'
|
6
|
+
|
7
|
+
module Authzed
|
8
|
+
module Api
|
9
|
+
module V1alpha1
|
10
|
+
module WatchResourcesService
|
11
|
+
# WatchResourcesService is used to receive a stream of updates for resources of a
|
12
|
+
# specific (resource type, permission, subject) combination.
|
13
|
+
class Service
|
14
|
+
|
15
|
+
include ::GRPC::GenericService
|
16
|
+
|
17
|
+
self.marshal_class_method = :encode
|
18
|
+
self.unmarshal_class_method = :decode
|
19
|
+
self.service_name = 'authzed.api.v1alpha1.WatchResourcesService'
|
20
|
+
|
21
|
+
# WatchResources initiates a watch for permission changes for the provided
|
22
|
+
# (resource type, permission, subject) pair.
|
23
|
+
rpc :WatchResources, ::Authzed::Api::V1alpha1::WatchResourcesRequest, stream(::Authzed::Api::V1alpha1::WatchResourcesResponse)
|
24
|
+
end
|
25
|
+
|
26
|
+
Stub = Service.rpc_stub_class
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
data/lib/authzed.rb
CHANGED
@@ -1,14 +1,11 @@
|
|
1
|
-
require 'authzed/api/v0/acl_service_pb'
|
2
|
-
require 'authzed/api/v0/acl_service_services_pb'
|
3
|
-
require 'authzed/api/v0/core_pb'
|
4
|
-
require 'authzed/api/v0/developer_pb'
|
5
|
-
require 'authzed/api/v0/developer_services_pb'
|
6
|
-
require 'authzed/api/v0/namespace_pb'
|
7
|
-
require 'authzed/api/v0/namespace_service_pb'
|
8
|
-
require 'authzed/api/v0/namespace_service_services_pb'
|
9
|
-
require 'authzed/api/v0/watch_service_pb'
|
10
|
-
require 'authzed/api/v0/watch_service_services_pb'
|
11
1
|
require 'authzed/api/v1alpha1/schema_pb'
|
2
|
+
require 'authzed/api/v1alpha1/schema_services_pb'
|
3
|
+
require 'authzed/api/v1alpha1/client'
|
4
|
+
require 'authzed/api/v1/schema_services_pb'
|
5
|
+
require 'authzed/api/v1/watch_service_services_pb'
|
6
|
+
require 'authzed/api/v1/permission_service_services_pb'
|
7
|
+
require 'authzed/api/v1/client'
|
8
|
+
require 'grpcutil/bearer_token'
|
12
9
|
|
13
10
|
module Authzed
|
14
|
-
end
|
11
|
+
end
|
@@ -0,0 +1,75 @@
|
|
1
|
+
require 'grpc'
|
2
|
+
|
3
|
+
module Authzed
|
4
|
+
module GrpcUtil
|
5
|
+
class BearerToken < GRPC::ClientInterceptor
|
6
|
+
|
7
|
+
AUTHORIZATION_HEADER = 'authorization'
|
8
|
+
SCHEMA = 'Bearer'
|
9
|
+
|
10
|
+
attr_reader :token
|
11
|
+
|
12
|
+
def initialize(token:)
|
13
|
+
@token = token
|
14
|
+
end
|
15
|
+
|
16
|
+
##
|
17
|
+
# Intercept a unary request response call
|
18
|
+
#
|
19
|
+
# @param [Object] request
|
20
|
+
# @param [GRPC::ActiveCall] call
|
21
|
+
# @param [String] method
|
22
|
+
# @param [Hash] metadata
|
23
|
+
#
|
24
|
+
def request_response(request: nil, call: nil, method: nil, metadata: nil)
|
25
|
+
metadata[AUTHORIZATION_HEADER] = bearer_token_header
|
26
|
+
yield
|
27
|
+
end
|
28
|
+
|
29
|
+
##
|
30
|
+
# Intercept a client streaming call
|
31
|
+
#
|
32
|
+
# @param [Enumerable] requests
|
33
|
+
# @param [GRPC::ActiveCall] call
|
34
|
+
# @param [String] method
|
35
|
+
# @param [Hash] metadata
|
36
|
+
#
|
37
|
+
def client_streamer(requests: nil, call: nil, method: nil, metadata: nil)
|
38
|
+
metadata[AUTHORIZATION_HEADER] = bearer_token_header
|
39
|
+
yield
|
40
|
+
end
|
41
|
+
|
42
|
+
##
|
43
|
+
# Intercept a server streaming call
|
44
|
+
#
|
45
|
+
# @param [Object] request
|
46
|
+
# @param [GRPC::ActiveCall] call
|
47
|
+
# @param [String] method
|
48
|
+
# @param [Hash] metadata
|
49
|
+
#
|
50
|
+
def server_streamer(request: nil, call: nil, method: nil, metadata: nil)
|
51
|
+
metadata[AUTHORIZATION_HEADER] = bearer_token_header
|
52
|
+
yield
|
53
|
+
end
|
54
|
+
|
55
|
+
##
|
56
|
+
# Intercept a BiDi streaming call
|
57
|
+
#
|
58
|
+
# @param [Enumerable] requests
|
59
|
+
# @param [GRPC::ActiveCall] call
|
60
|
+
# @param [String] method
|
61
|
+
# @param [Hash] metadata
|
62
|
+
#
|
63
|
+
def bidi_streamer(requests: nil, call: nil, method: nil, metadata: nil)
|
64
|
+
metadata[AUTHORIZATION_HEADER] = bearer_token_header
|
65
|
+
yield
|
66
|
+
end
|
67
|
+
|
68
|
+
private
|
69
|
+
|
70
|
+
def bearer_token_header
|
71
|
+
"#{SCHEMA} #{token}"
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authzed
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Authzed
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-05-26 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Authzed is the best way to build robust and scalable permissions systems.
|
14
14
|
See https://authzed.com for more details.
|
@@ -22,6 +22,7 @@ files:
|
|
22
22
|
- lib/authzed.rb
|
23
23
|
- lib/authzed/api/v0/acl_service_pb.rb
|
24
24
|
- lib/authzed/api/v0/acl_service_services_pb.rb
|
25
|
+
- lib/authzed/api/v0/client.rb
|
25
26
|
- lib/authzed/api/v0/core_pb.rb
|
26
27
|
- lib/authzed/api/v0/developer_pb.rb
|
27
28
|
- lib/authzed/api/v0/developer_services_pb.rb
|
@@ -30,8 +31,24 @@ files:
|
|
30
31
|
- lib/authzed/api/v0/namespace_service_services_pb.rb
|
31
32
|
- lib/authzed/api/v0/watch_service_pb.rb
|
32
33
|
- lib/authzed/api/v0/watch_service_services_pb.rb
|
34
|
+
- lib/authzed/api/v1/client.rb
|
35
|
+
- lib/authzed/api/v1/core_pb.rb
|
36
|
+
- lib/authzed/api/v1/openapi_pb.rb
|
37
|
+
- lib/authzed/api/v1/permission_service_pb.rb
|
38
|
+
- lib/authzed/api/v1/permission_service_services_pb.rb
|
39
|
+
- lib/authzed/api/v1/schema_pb.rb
|
40
|
+
- lib/authzed/api/v1/schema_service_pb.rb
|
41
|
+
- lib/authzed/api/v1/schema_service_services_pb.rb
|
42
|
+
- lib/authzed/api/v1/schema_services_pb.rb
|
43
|
+
- lib/authzed/api/v1/watch_service_pb.rb
|
44
|
+
- lib/authzed/api/v1/watch_service_services_pb.rb
|
45
|
+
- lib/authzed/api/v1alpha1/client.rb
|
33
46
|
- lib/authzed/api/v1alpha1/schema_pb.rb
|
34
47
|
- lib/authzed/api/v1alpha1/schema_services_pb.rb
|
48
|
+
- lib/authzed/api/v1alpha1/watchresources_service_pb.rb
|
49
|
+
- lib/authzed/api/v1alpha1/watchresources_service_services_pb.rb
|
50
|
+
- lib/grpcutil/bearer_token.rb
|
51
|
+
- lib/validate/validate_pb.rb
|
35
52
|
homepage: https://authzed.com
|
36
53
|
licenses:
|
37
54
|
- Apache-2.0
|