authzed 0.0.1 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +29 -5
- data/lib/authzed/api/v0/acl_service_pb.rb +2 -0
- data/lib/authzed/api/v0/client.rb +61 -0
- data/lib/authzed/api/v0/core_pb.rb +2 -0
- data/lib/authzed/api/v0/developer_pb.rb +11 -0
- data/lib/authzed/api/v0/developer_services_pb.rb +1 -0
- data/lib/authzed/api/v0/namespace_pb.rb +14 -1
- data/lib/authzed/api/v0/namespace_service_pb.rb +10 -0
- data/lib/authzed/api/v0/namespace_service_services_pb.rb +1 -0
- data/lib/authzed/api/v0/watch_service_pb.rb +2 -0
- data/lib/authzed/api/v1/client.rb +37 -0
- data/lib/authzed/api/v1/core_pb.rb +75 -0
- data/lib/authzed/api/v1/openapi_pb.rb +18 -0
- data/lib/authzed/api/v1/permission_service_pb.rb +126 -0
- data/lib/authzed/api/v1/permission_service_services_pb.rb +48 -0
- data/lib/authzed/api/v1/schema_pb.rb +30 -0
- data/lib/authzed/api/v1/schema_service_pb.rb +33 -0
- data/lib/authzed/api/v1/schema_service_services_pb.rb +34 -0
- data/lib/authzed/api/v1/schema_services_pb.rb +34 -0
- data/lib/authzed/api/v1/watch_service_pb.rb +30 -0
- data/lib/authzed/api/v1/watch_service_services_pb.rb +26 -0
- data/lib/authzed/api/v1alpha1/client.rb +25 -0
- data/lib/authzed/api/v1alpha1/schema_pb.rb +5 -0
- data/lib/authzed/api/v1alpha1/watchresources_service_pb.rb +46 -0
- data/lib/authzed/api/v1alpha1/watchresources_service_services_pb.rb +30 -0
- data/lib/authzed.rb +8 -11
- data/lib/grpcutil/bearer_token.rb +75 -0
- data/lib/validate/validate_pb.rb +4 -0
- metadata +19 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c84eb0a5b270d92b397e72bb0d30858b0150dfcf6926f1eb5f9a9d504413029b
|
4
|
+
data.tar.gz: 5fcc1eafdebcc07a2dc29de9eb460a2b2ccbf5a25145bba612a5d89110ae6ca5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9cd40cbb79721e5f38bfc78439d81f9ebc19a292cac56e378adcee2ede4be5af7df5ab1b3777960c86f59cdecba2a519ac306cdc684e113c7f6695a31d9b68a3
|
7
|
+
data.tar.gz: 8341299464b007b8e6184fd95d55eb63cbe77625736f795677a99fbe6f1bc604409a002bae29a9805499b65c121d5df8ea3790dcec4bc6e7db642cc094de501c
|
data/README.md
CHANGED
@@ -14,8 +14,9 @@ This repository houses the Ruby client library for Authzed.
|
|
14
14
|
Developers create a schema that models their permissions requirements and use a client library, such as this one, to apply the schema to the database, insert data into the database, and query the data to efficiently check permissions in their applications.
|
15
15
|
|
16
16
|
Supported client API versions:
|
17
|
+
- [v1](https://docs.authzed.com/reference/api#authzedapiv1)
|
17
18
|
- [v1alpha1](https://docs.authzed.com/reference/api#authzedapiv1alpha1)
|
18
|
-
-
|
19
|
+
- "v0" - deprecated
|
19
20
|
|
20
21
|
You can find more info on each API on the [Authzed API reference documentation].
|
21
22
|
Additionally, Protobuf API documentation can be found on the [Buf Registry Authzed API repository].
|
@@ -31,10 +32,10 @@ See [CONTRIBUTING.md] for instructions on how to contribute and perform common t
|
|
31
32
|
|
32
33
|
We highly recommend following the **[Protecting Your First App]** guide to learn the latest best practice to integrate an application with Authzed.
|
33
34
|
|
34
|
-
If you're interested in
|
35
|
+
If you're interested in example uses of the API, see the spec files in the [spec directory].
|
35
36
|
|
36
37
|
[Protecting Your First App]: https://docs.authzed.com/guides/first-app
|
37
|
-
[
|
38
|
+
[spec directory]: /spec
|
38
39
|
|
39
40
|
## Basic Usage
|
40
41
|
|
@@ -58,11 +59,34 @@ In order to successfully connect, you will have to provide a [Bearer Token] with
|
|
58
59
|
[Authzed Dashboard]: https://app.authzed.com
|
59
60
|
|
60
61
|
```rb
|
61
|
-
|
62
|
+
require 'authzed'
|
63
|
+
|
64
|
+
|
65
|
+
client = Authzed::Api::V1::Client.new(
|
66
|
+
target: "localhost:50051",
|
67
|
+
credentials: :this_channel_is_insecure,
|
68
|
+
interceptors: [Authzed::GrpcUtil::BearerToken.new(token: "somerandomkeyhere")],
|
69
|
+
)
|
62
70
|
```
|
63
71
|
|
64
72
|
### Performing an API call
|
65
73
|
|
66
74
|
```rb
|
67
|
-
|
75
|
+
require 'authzed'
|
76
|
+
|
77
|
+
# Is Emilia in the set of users that can read post #1?
|
78
|
+
resp = client.permissions_service.check_permission(
|
79
|
+
Authzed::Api::V1::CheckPermissionRequest.new(
|
80
|
+
consistency: Authzed::Api::V1::Consistency.new(
|
81
|
+
at_least_as_fresh: Authzed::Api::V1::ZedToken.new(token: zed_token)
|
82
|
+
),
|
83
|
+
resource: Authzed::Api::V1::ObjectReference.new(object_type: 'blog/post', object_id: '1'),
|
84
|
+
permission: 'read',
|
85
|
+
subject: Authzed::Api::V1::SubjectReference.new(
|
86
|
+
object: Authzed::Api::V1::ObjectReference.new(object_type: 'blog/user', object_id: 'emilia')
|
87
|
+
)
|
88
|
+
)
|
89
|
+
)
|
90
|
+
can_read = Authzed::Api::V1::CheckPermissionResponse::Permissionship.resolve(resp.permissionship)) ==
|
91
|
+
Authzed::Api::V1::CheckPermissionResponse::Permissionship::PERMISSIONSHIP_HAS_PERMISSION
|
68
92
|
```
|
@@ -3,7 +3,9 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
+
require 'validate/validate_pb'
|
6
7
|
require 'authzed/api/v0/core_pb'
|
8
|
+
|
7
9
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
8
10
|
add_file("authzed/api/v0/acl_service.proto", :syntax => :proto3) do
|
9
11
|
add_message "authzed.api.v0.RelationTupleFilter" do
|
@@ -0,0 +1,61 @@
|
|
1
|
+
require 'grpc'
|
2
|
+
|
3
|
+
module Authzed
|
4
|
+
module Api
|
5
|
+
module V0
|
6
|
+
class Client
|
7
|
+
attr_reader :acl_service, :developer_service, :namespace_service, :watch_service
|
8
|
+
|
9
|
+
def initialize(target:, credentials: nil, interceptors: [], options: {}, timeout: nil)
|
10
|
+
creds = credentials || GRPC::Core::ChannelCredentials.new
|
11
|
+
|
12
|
+
@acl_service = ACLService::Stub.new(
|
13
|
+
target,
|
14
|
+
creds,
|
15
|
+
timeout: timeout,
|
16
|
+
interceptors: interceptors,
|
17
|
+
channel_args: options,
|
18
|
+
)
|
19
|
+
@developer_service = DeveloperService::Stub.new(
|
20
|
+
target,
|
21
|
+
creds,
|
22
|
+
timeout: timeout,
|
23
|
+
interceptors: interceptors,
|
24
|
+
channel_args: options,
|
25
|
+
)
|
26
|
+
@namespace_service = NamespaceService::Stub.new(
|
27
|
+
target,
|
28
|
+
creds,
|
29
|
+
timeout: timeout,
|
30
|
+
interceptors: interceptors,
|
31
|
+
channel_args: options,
|
32
|
+
)
|
33
|
+
@watch_service = WatchService::Stub.new(
|
34
|
+
target,
|
35
|
+
creds,
|
36
|
+
timeout: timeout,
|
37
|
+
interceptors: interceptors,
|
38
|
+
channel_args: options,
|
39
|
+
)
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
# Utility method for creating usersets
|
44
|
+
module UserPatch
|
45
|
+
def self.included(base)
|
46
|
+
def base.for(namespace:, object_id:)
|
47
|
+
Authzed::Api::V0::User.new(
|
48
|
+
userset: Authzed::Api::V0::ObjectAndRelation.new(
|
49
|
+
namespace: namespace,
|
50
|
+
object_id: object_id,
|
51
|
+
relation: '...',
|
52
|
+
)
|
53
|
+
)
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
User.include(UserPatch)
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
@@ -5,8 +5,16 @@ require 'google/protobuf'
|
|
5
5
|
|
6
6
|
require 'authzed/api/v0/core_pb'
|
7
7
|
require 'authzed/api/v0/namespace_pb'
|
8
|
+
|
8
9
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
10
|
add_file("authzed/api/v0/developer.proto", :syntax => :proto3) do
|
11
|
+
add_message "authzed.api.v0.FormatSchemaRequest" do
|
12
|
+
optional :schema, :string, 1, json_name: "schema"
|
13
|
+
end
|
14
|
+
add_message "authzed.api.v0.FormatSchemaResponse" do
|
15
|
+
optional :error, :message, 1, "authzed.api.v0.DeveloperError", json_name: "error"
|
16
|
+
optional :formatted_schema, :string, 2, json_name: "formattedSchema"
|
17
|
+
end
|
10
18
|
add_message "authzed.api.v0.UpgradeSchemaRequest" do
|
11
19
|
repeated :namespace_configs, :string, 1, json_name: "namespaceConfigs"
|
12
20
|
end
|
@@ -42,6 +50,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
42
50
|
add_message "authzed.api.v0.RequestContext" do
|
43
51
|
optional :schema, :string, 1, json_name: "schema"
|
44
52
|
repeated :relationships, :message, 2, "authzed.api.v0.RelationTuple", json_name: "relationships"
|
53
|
+
repeated :legacy_ns_configs, :message, 3, "authzed.api.v0.NamespaceDefinition", json_name: "legacyNsConfigs"
|
45
54
|
end
|
46
55
|
add_message "authzed.api.v0.EditCheckRequest" do
|
47
56
|
optional :context, :message, 1, "authzed.api.v0.RequestContext", json_name: "context"
|
@@ -102,6 +111,8 @@ end
|
|
102
111
|
module Authzed
|
103
112
|
module Api
|
104
113
|
module V0
|
114
|
+
FormatSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.FormatSchemaRequest").msgclass
|
115
|
+
FormatSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.FormatSchemaResponse").msgclass
|
105
116
|
UpgradeSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.UpgradeSchemaRequest").msgclass
|
106
117
|
UpgradeSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.UpgradeSchemaResponse").msgclass
|
107
118
|
ShareRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.ShareRequest").msgclass
|
@@ -21,6 +21,7 @@ module Authzed
|
|
21
21
|
rpc :Share, ::Authzed::Api::V0::ShareRequest, ::Authzed::Api::V0::ShareResponse
|
22
22
|
rpc :LookupShared, ::Authzed::Api::V0::LookupShareRequest, ::Authzed::Api::V0::LookupShareResponse
|
23
23
|
rpc :UpgradeSchema, ::Authzed::Api::V0::UpgradeSchemaRequest, ::Authzed::Api::V0::UpgradeSchemaResponse
|
24
|
+
rpc :FormatSchema, ::Authzed::Api::V0::FormatSchemaRequest, ::Authzed::Api::V0::FormatSchemaResponse
|
24
25
|
end
|
25
26
|
|
26
27
|
Stub = Service.rpc_stub_class
|
@@ -4,7 +4,9 @@
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
6
|
require 'google/protobuf/any_pb'
|
7
|
+
require 'validate/validate_pb'
|
7
8
|
require 'authzed/api/v0/core_pb'
|
9
|
+
|
8
10
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
11
|
add_file("authzed/api/v0/namespace.proto", :syntax => :proto3) do
|
10
12
|
add_message "authzed.api.v0.Metadata" do
|
@@ -22,7 +24,16 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
22
24
|
optional :metadata, :message, 4, "authzed.api.v0.Metadata", json_name: "metadata"
|
23
25
|
end
|
24
26
|
add_message "authzed.api.v0.TypeInformation" do
|
25
|
-
repeated :allowed_direct_relations, :message, 1, "authzed.api.v0.
|
27
|
+
repeated :allowed_direct_relations, :message, 1, "authzed.api.v0.AllowedRelation", json_name: "allowedDirectRelations"
|
28
|
+
end
|
29
|
+
add_message "authzed.api.v0.AllowedRelation" do
|
30
|
+
optional :namespace, :string, 1, json_name: "namespace"
|
31
|
+
oneof :relation_or_wildcard do
|
32
|
+
optional :relation, :string, 3, json_name: "relation"
|
33
|
+
optional :public_wildcard, :message, 4, "authzed.api.v0.AllowedRelation.PublicWildcard", json_name: "publicWildcard"
|
34
|
+
end
|
35
|
+
end
|
36
|
+
add_message "authzed.api.v0.AllowedRelation.PublicWildcard" do
|
26
37
|
end
|
27
38
|
add_message "authzed.api.v0.UsersetRewrite" do
|
28
39
|
oneof :rewrite_operation do
|
@@ -69,6 +80,8 @@ module Authzed
|
|
69
80
|
NamespaceDefinition = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.NamespaceDefinition").msgclass
|
70
81
|
Relation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.Relation").msgclass
|
71
82
|
TypeInformation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.TypeInformation").msgclass
|
83
|
+
AllowedRelation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.AllowedRelation").msgclass
|
84
|
+
AllowedRelation::PublicWildcard = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.AllowedRelation.PublicWildcard").msgclass
|
72
85
|
UsersetRewrite = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.UsersetRewrite").msgclass
|
73
86
|
SetOperation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperation").msgclass
|
74
87
|
SetOperation::Child = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperation.Child").msgclass
|
@@ -3,8 +3,10 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
+
require 'validate/validate_pb'
|
6
7
|
require 'authzed/api/v0/core_pb'
|
7
8
|
require 'authzed/api/v0/namespace_pb'
|
9
|
+
|
8
10
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
11
|
add_file("authzed/api/v0/namespace_service.proto", :syntax => :proto3) do
|
10
12
|
add_message "authzed.api.v0.ReadConfigRequest" do
|
@@ -22,6 +24,12 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
22
24
|
add_message "authzed.api.v0.WriteConfigResponse" do
|
23
25
|
optional :revision, :message, 1, "authzed.api.v0.Zookie", json_name: "revision"
|
24
26
|
end
|
27
|
+
add_message "authzed.api.v0.DeleteConfigsRequest" do
|
28
|
+
repeated :namespaces, :string, 1, json_name: "namespaces"
|
29
|
+
end
|
30
|
+
add_message "authzed.api.v0.DeleteConfigsResponse" do
|
31
|
+
optional :revision, :message, 1, "authzed.api.v0.Zookie", json_name: "revision"
|
32
|
+
end
|
25
33
|
end
|
26
34
|
end
|
27
35
|
|
@@ -32,6 +40,8 @@ module Authzed
|
|
32
40
|
ReadConfigResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.ReadConfigResponse").msgclass
|
33
41
|
WriteConfigRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.WriteConfigRequest").msgclass
|
34
42
|
WriteConfigResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.WriteConfigResponse").msgclass
|
43
|
+
DeleteConfigsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.DeleteConfigsRequest").msgclass
|
44
|
+
DeleteConfigsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.DeleteConfigsResponse").msgclass
|
35
45
|
end
|
36
46
|
end
|
37
47
|
end
|
@@ -18,6 +18,7 @@ module Authzed
|
|
18
18
|
|
19
19
|
rpc :ReadConfig, ::Authzed::Api::V0::ReadConfigRequest, ::Authzed::Api::V0::ReadConfigResponse
|
20
20
|
rpc :WriteConfig, ::Authzed::Api::V0::WriteConfigRequest, ::Authzed::Api::V0::WriteConfigResponse
|
21
|
+
rpc :DeleteConfigs, ::Authzed::Api::V0::DeleteConfigsRequest, ::Authzed::Api::V0::DeleteConfigsResponse
|
21
22
|
end
|
22
23
|
|
23
24
|
Stub = Service.rpc_stub_class
|
@@ -3,7 +3,9 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
+
require 'validate/validate_pb'
|
6
7
|
require 'authzed/api/v0/core_pb'
|
8
|
+
|
7
9
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
8
10
|
add_file("authzed/api/v0/watch_service.proto", :syntax => :proto3) do
|
9
11
|
add_message "authzed.api.v0.WatchRequest" do
|
@@ -0,0 +1,37 @@
|
|
1
|
+
require 'grpc'
|
2
|
+
|
3
|
+
module Authzed
|
4
|
+
module Api
|
5
|
+
module V1
|
6
|
+
class Client
|
7
|
+
attr_reader :permissions_service, :schema_service, :watch_service
|
8
|
+
|
9
|
+
def initialize(target:, credentials: nil, interceptors: [], options: {}, timeout: nil)
|
10
|
+
creds = credentials || GRPC::Core::ChannelCredentials.new
|
11
|
+
|
12
|
+
@permissions_service = Authzed::Api::V1::PermissionsService::Stub.new(
|
13
|
+
target,
|
14
|
+
creds,
|
15
|
+
timeout: timeout,
|
16
|
+
interceptors: interceptors,
|
17
|
+
channel_args: options,
|
18
|
+
)
|
19
|
+
@schema_service = Authzed::Api::V1::SchemaService::Stub.new(
|
20
|
+
target,
|
21
|
+
creds,
|
22
|
+
timeout: timeout,
|
23
|
+
interceptors: interceptors,
|
24
|
+
channel_args: options,
|
25
|
+
)
|
26
|
+
@watch_service = Authzed::Api::V1::WatchService::Stub.new(
|
27
|
+
target,
|
28
|
+
creds,
|
29
|
+
timeout: timeout,
|
30
|
+
interceptors: interceptors,
|
31
|
+
channel_args: options,
|
32
|
+
)
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
@@ -0,0 +1,75 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1/core.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'validate/validate_pb'
|
7
|
+
|
8
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
|
+
add_file("authzed/api/v1/core.proto", :syntax => :proto3) do
|
10
|
+
add_message "authzed.api.v1.Relationship" do
|
11
|
+
optional :resource, :message, 1, "authzed.api.v1.ObjectReference", json_name: "resource"
|
12
|
+
optional :relation, :string, 2, json_name: "relation"
|
13
|
+
optional :subject, :message, 3, "authzed.api.v1.SubjectReference", json_name: "subject"
|
14
|
+
end
|
15
|
+
add_message "authzed.api.v1.SubjectReference" do
|
16
|
+
optional :object, :message, 1, "authzed.api.v1.ObjectReference", json_name: "object"
|
17
|
+
optional :optional_relation, :string, 2, json_name: "optionalRelation"
|
18
|
+
end
|
19
|
+
add_message "authzed.api.v1.ObjectReference" do
|
20
|
+
optional :object_type, :string, 1, json_name: "objectType"
|
21
|
+
optional :object_id, :string, 2, json_name: "objectId"
|
22
|
+
end
|
23
|
+
add_message "authzed.api.v1.ZedToken" do
|
24
|
+
optional :token, :string, 1, json_name: "token"
|
25
|
+
end
|
26
|
+
add_message "authzed.api.v1.RelationshipUpdate" do
|
27
|
+
optional :operation, :enum, 1, "authzed.api.v1.RelationshipUpdate.Operation", json_name: "operation"
|
28
|
+
optional :relationship, :message, 2, "authzed.api.v1.Relationship", json_name: "relationship"
|
29
|
+
end
|
30
|
+
add_enum "authzed.api.v1.RelationshipUpdate.Operation" do
|
31
|
+
value :OPERATION_UNSPECIFIED, 0
|
32
|
+
value :OPERATION_CREATE, 1
|
33
|
+
value :OPERATION_TOUCH, 2
|
34
|
+
value :OPERATION_DELETE, 3
|
35
|
+
end
|
36
|
+
add_message "authzed.api.v1.PermissionRelationshipTree" do
|
37
|
+
optional :expanded_object, :message, 3, "authzed.api.v1.ObjectReference", json_name: "expandedObject"
|
38
|
+
optional :expanded_relation, :string, 4, json_name: "expandedRelation"
|
39
|
+
oneof :tree_type do
|
40
|
+
optional :intermediate, :message, 1, "authzed.api.v1.AlgebraicSubjectSet", json_name: "intermediate"
|
41
|
+
optional :leaf, :message, 2, "authzed.api.v1.DirectSubjectSet", json_name: "leaf"
|
42
|
+
end
|
43
|
+
end
|
44
|
+
add_message "authzed.api.v1.AlgebraicSubjectSet" do
|
45
|
+
optional :operation, :enum, 1, "authzed.api.v1.AlgebraicSubjectSet.Operation", json_name: "operation"
|
46
|
+
repeated :children, :message, 2, "authzed.api.v1.PermissionRelationshipTree", json_name: "children"
|
47
|
+
end
|
48
|
+
add_enum "authzed.api.v1.AlgebraicSubjectSet.Operation" do
|
49
|
+
value :OPERATION_UNSPECIFIED, 0
|
50
|
+
value :OPERATION_UNION, 1
|
51
|
+
value :OPERATION_INTERSECTION, 2
|
52
|
+
value :OPERATION_EXCLUSION, 3
|
53
|
+
end
|
54
|
+
add_message "authzed.api.v1.DirectSubjectSet" do
|
55
|
+
repeated :subjects, :message, 1, "authzed.api.v1.SubjectReference", json_name: "subjects"
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
module Authzed
|
61
|
+
module Api
|
62
|
+
module V1
|
63
|
+
Relationship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.Relationship").msgclass
|
64
|
+
SubjectReference = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.SubjectReference").msgclass
|
65
|
+
ObjectReference = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ObjectReference").msgclass
|
66
|
+
ZedToken = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ZedToken").msgclass
|
67
|
+
RelationshipUpdate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.RelationshipUpdate").msgclass
|
68
|
+
RelationshipUpdate::Operation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.RelationshipUpdate.Operation").enummodule
|
69
|
+
PermissionRelationshipTree = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.PermissionRelationshipTree").msgclass
|
70
|
+
AlgebraicSubjectSet = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.AlgebraicSubjectSet").msgclass
|
71
|
+
AlgebraicSubjectSet::Operation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.AlgebraicSubjectSet.Operation").enummodule
|
72
|
+
DirectSubjectSet = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.DirectSubjectSet").msgclass
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1/openapi.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'protoc-gen-openapiv2/options/annotations_pb'
|
7
|
+
|
8
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
|
+
add_file("authzed/api/v1/openapi.proto", :syntax => :proto3) do
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
module Authzed
|
14
|
+
module Api
|
15
|
+
module V1
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
@@ -0,0 +1,126 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1/permission_service.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'google/api/annotations_pb'
|
7
|
+
require 'validate/validate_pb'
|
8
|
+
require 'authzed/api/v1/core_pb'
|
9
|
+
|
10
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
11
|
+
add_file("authzed/api/v1/permission_service.proto", :syntax => :proto3) do
|
12
|
+
add_message "authzed.api.v1.Consistency" do
|
13
|
+
oneof :requirement do
|
14
|
+
optional :minimize_latency, :bool, 1, json_name: "minimizeLatency"
|
15
|
+
optional :at_least_as_fresh, :message, 2, "authzed.api.v1.ZedToken", json_name: "atLeastAsFresh"
|
16
|
+
optional :at_exact_snapshot, :message, 3, "authzed.api.v1.ZedToken", json_name: "atExactSnapshot"
|
17
|
+
optional :fully_consistent, :bool, 4, json_name: "fullyConsistent"
|
18
|
+
end
|
19
|
+
end
|
20
|
+
add_message "authzed.api.v1.RelationshipFilter" do
|
21
|
+
optional :resource_type, :string, 1, json_name: "resourceType"
|
22
|
+
optional :optional_resource_id, :string, 2, json_name: "optionalResourceId"
|
23
|
+
optional :optional_relation, :string, 3, json_name: "optionalRelation"
|
24
|
+
optional :optional_subject_filter, :message, 4, "authzed.api.v1.SubjectFilter", json_name: "optionalSubjectFilter"
|
25
|
+
end
|
26
|
+
add_message "authzed.api.v1.SubjectFilter" do
|
27
|
+
optional :subject_type, :string, 1, json_name: "subjectType"
|
28
|
+
optional :optional_subject_id, :string, 2, json_name: "optionalSubjectId"
|
29
|
+
optional :optional_relation, :message, 3, "authzed.api.v1.SubjectFilter.RelationFilter", json_name: "optionalRelation"
|
30
|
+
end
|
31
|
+
add_message "authzed.api.v1.SubjectFilter.RelationFilter" do
|
32
|
+
optional :relation, :string, 1, json_name: "relation"
|
33
|
+
end
|
34
|
+
add_message "authzed.api.v1.ReadRelationshipsRequest" do
|
35
|
+
optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
|
36
|
+
optional :relationship_filter, :message, 2, "authzed.api.v1.RelationshipFilter", json_name: "relationshipFilter"
|
37
|
+
end
|
38
|
+
add_message "authzed.api.v1.ReadRelationshipsResponse" do
|
39
|
+
optional :read_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "readAt"
|
40
|
+
optional :relationship, :message, 2, "authzed.api.v1.Relationship", json_name: "relationship"
|
41
|
+
end
|
42
|
+
add_message "authzed.api.v1.Precondition" do
|
43
|
+
optional :operation, :enum, 1, "authzed.api.v1.Precondition.Operation", json_name: "operation"
|
44
|
+
optional :filter, :message, 2, "authzed.api.v1.RelationshipFilter", json_name: "filter"
|
45
|
+
end
|
46
|
+
add_enum "authzed.api.v1.Precondition.Operation" do
|
47
|
+
value :OPERATION_UNSPECIFIED, 0
|
48
|
+
value :OPERATION_MUST_NOT_MATCH, 1
|
49
|
+
value :OPERATION_MUST_MATCH, 2
|
50
|
+
end
|
51
|
+
add_message "authzed.api.v1.WriteRelationshipsRequest" do
|
52
|
+
repeated :updates, :message, 1, "authzed.api.v1.RelationshipUpdate", json_name: "updates"
|
53
|
+
repeated :optional_preconditions, :message, 2, "authzed.api.v1.Precondition", json_name: "optionalPreconditions"
|
54
|
+
end
|
55
|
+
add_message "authzed.api.v1.WriteRelationshipsResponse" do
|
56
|
+
optional :written_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "writtenAt"
|
57
|
+
end
|
58
|
+
add_message "authzed.api.v1.DeleteRelationshipsRequest" do
|
59
|
+
optional :relationship_filter, :message, 1, "authzed.api.v1.RelationshipFilter", json_name: "relationshipFilter"
|
60
|
+
repeated :optional_preconditions, :message, 2, "authzed.api.v1.Precondition", json_name: "optionalPreconditions"
|
61
|
+
end
|
62
|
+
add_message "authzed.api.v1.DeleteRelationshipsResponse" do
|
63
|
+
optional :deleted_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "deletedAt"
|
64
|
+
end
|
65
|
+
add_message "authzed.api.v1.CheckPermissionRequest" do
|
66
|
+
optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
|
67
|
+
optional :resource, :message, 2, "authzed.api.v1.ObjectReference", json_name: "resource"
|
68
|
+
optional :permission, :string, 3, json_name: "permission"
|
69
|
+
optional :subject, :message, 4, "authzed.api.v1.SubjectReference", json_name: "subject"
|
70
|
+
end
|
71
|
+
add_message "authzed.api.v1.CheckPermissionResponse" do
|
72
|
+
optional :checked_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "checkedAt"
|
73
|
+
optional :permissionship, :enum, 2, "authzed.api.v1.CheckPermissionResponse.Permissionship", json_name: "permissionship"
|
74
|
+
end
|
75
|
+
add_enum "authzed.api.v1.CheckPermissionResponse.Permissionship" do
|
76
|
+
value :PERMISSIONSHIP_UNSPECIFIED, 0
|
77
|
+
value :PERMISSIONSHIP_NO_PERMISSION, 1
|
78
|
+
value :PERMISSIONSHIP_HAS_PERMISSION, 2
|
79
|
+
end
|
80
|
+
add_message "authzed.api.v1.ExpandPermissionTreeRequest" do
|
81
|
+
optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
|
82
|
+
optional :resource, :message, 2, "authzed.api.v1.ObjectReference", json_name: "resource"
|
83
|
+
optional :permission, :string, 3, json_name: "permission"
|
84
|
+
end
|
85
|
+
add_message "authzed.api.v1.ExpandPermissionTreeResponse" do
|
86
|
+
optional :expanded_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "expandedAt"
|
87
|
+
optional :tree_root, :message, 2, "authzed.api.v1.PermissionRelationshipTree", json_name: "treeRoot"
|
88
|
+
end
|
89
|
+
add_message "authzed.api.v1.LookupResourcesRequest" do
|
90
|
+
optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
|
91
|
+
optional :resource_object_type, :string, 2, json_name: "resourceObjectType"
|
92
|
+
optional :permission, :string, 3, json_name: "permission"
|
93
|
+
optional :subject, :message, 4, "authzed.api.v1.SubjectReference", json_name: "subject"
|
94
|
+
end
|
95
|
+
add_message "authzed.api.v1.LookupResourcesResponse" do
|
96
|
+
optional :looked_up_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "lookedUpAt"
|
97
|
+
optional :resource_object_id, :string, 2, json_name: "resourceObjectId"
|
98
|
+
end
|
99
|
+
end
|
100
|
+
end
|
101
|
+
|
102
|
+
module Authzed
|
103
|
+
module Api
|
104
|
+
module V1
|
105
|
+
Consistency = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.Consistency").msgclass
|
106
|
+
RelationshipFilter = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.RelationshipFilter").msgclass
|
107
|
+
SubjectFilter = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.SubjectFilter").msgclass
|
108
|
+
SubjectFilter::RelationFilter = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.SubjectFilter.RelationFilter").msgclass
|
109
|
+
ReadRelationshipsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadRelationshipsRequest").msgclass
|
110
|
+
ReadRelationshipsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadRelationshipsResponse").msgclass
|
111
|
+
Precondition = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.Precondition").msgclass
|
112
|
+
Precondition::Operation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.Precondition.Operation").enummodule
|
113
|
+
WriteRelationshipsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteRelationshipsRequest").msgclass
|
114
|
+
WriteRelationshipsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteRelationshipsResponse").msgclass
|
115
|
+
DeleteRelationshipsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.DeleteRelationshipsRequest").msgclass
|
116
|
+
DeleteRelationshipsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.DeleteRelationshipsResponse").msgclass
|
117
|
+
CheckPermissionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckPermissionRequest").msgclass
|
118
|
+
CheckPermissionResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckPermissionResponse").msgclass
|
119
|
+
CheckPermissionResponse::Permissionship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckPermissionResponse.Permissionship").enummodule
|
120
|
+
ExpandPermissionTreeRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExpandPermissionTreeRequest").msgclass
|
121
|
+
ExpandPermissionTreeResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExpandPermissionTreeResponse").msgclass
|
122
|
+
LookupResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupResourcesRequest").msgclass
|
123
|
+
LookupResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupResourcesResponse").msgclass
|
124
|
+
end
|
125
|
+
end
|
126
|
+
end
|
@@ -0,0 +1,48 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# Source: authzed/api/v1/permission_service.proto for package 'authzed.api.v1'
|
3
|
+
|
4
|
+
require 'grpc'
|
5
|
+
require 'authzed/api/v1/permission_service_pb'
|
6
|
+
|
7
|
+
module Authzed
|
8
|
+
module Api
|
9
|
+
module V1
|
10
|
+
module PermissionsService
|
11
|
+
# PermissionsService implements a set of RPCs that perform operations on
|
12
|
+
# relationships and permissions.
|
13
|
+
class Service
|
14
|
+
|
15
|
+
include ::GRPC::GenericService
|
16
|
+
|
17
|
+
self.marshal_class_method = :encode
|
18
|
+
self.unmarshal_class_method = :decode
|
19
|
+
self.service_name = 'authzed.api.v1.PermissionsService'
|
20
|
+
|
21
|
+
# ReadRelationships reads a set of the relationships matching one or more
|
22
|
+
# filters.
|
23
|
+
rpc :ReadRelationships, ::Authzed::Api::V1::ReadRelationshipsRequest, stream(::Authzed::Api::V1::ReadRelationshipsResponse)
|
24
|
+
# WriteRelationships atomically writes and/or deletes a set of specified
|
25
|
+
# relationships. An optional set of preconditions can be provided that must
|
26
|
+
# be satisfied for the operation to commit.
|
27
|
+
rpc :WriteRelationships, ::Authzed::Api::V1::WriteRelationshipsRequest, ::Authzed::Api::V1::WriteRelationshipsResponse
|
28
|
+
# DeleteRelationships atomically bulk deletes relationships matching one or
|
29
|
+
# more filters. An optional set of preconditions can be provided that must
|
30
|
+
# be satisfied for the operation to commit.
|
31
|
+
rpc :DeleteRelationships, ::Authzed::Api::V1::DeleteRelationshipsRequest, ::Authzed::Api::V1::DeleteRelationshipsResponse
|
32
|
+
# CheckPermission determines for a given resource whether a subject computes
|
33
|
+
# to having a permission or is a direct member of a particular relation.
|
34
|
+
rpc :CheckPermission, ::Authzed::Api::V1::CheckPermissionRequest, ::Authzed::Api::V1::CheckPermissionResponse
|
35
|
+
# ExpandPermissionTree reveals the graph structure for a resource's
|
36
|
+
# permission or relation. This RPC does not recurse infinitely deep and may
|
37
|
+
# require multiple calls to fully unnest a deeply nested graph.
|
38
|
+
rpc :ExpandPermissionTree, ::Authzed::Api::V1::ExpandPermissionTreeRequest, ::Authzed::Api::V1::ExpandPermissionTreeResponse
|
39
|
+
# LookupResources returns all the resources of a given type that a subject
|
40
|
+
# can access whether via a computed permission or relation membership.
|
41
|
+
rpc :LookupResources, ::Authzed::Api::V1::LookupResourcesRequest, stream(::Authzed::Api::V1::LookupResourcesResponse)
|
42
|
+
end
|
43
|
+
|
44
|
+
Stub = Service.rpc_stub_class
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1/schema.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
7
|
+
add_file("authzed/api/v1/schema.proto", :syntax => :proto3) do
|
8
|
+
add_message "authzed.api.v1.ReadSchemaRequest" do
|
9
|
+
end
|
10
|
+
add_message "authzed.api.v1.ReadSchemaResponse" do
|
11
|
+
optional :schema_text, :string, 1, json_name: "schemaText"
|
12
|
+
end
|
13
|
+
add_message "authzed.api.v1.WriteSchemaRequest" do
|
14
|
+
optional :schema, :string, 1, json_name: "schema"
|
15
|
+
end
|
16
|
+
add_message "authzed.api.v1.WriteSchemaResponse" do
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
module Authzed
|
22
|
+
module Api
|
23
|
+
module V1
|
24
|
+
ReadSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaRequest").msgclass
|
25
|
+
ReadSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaResponse").msgclass
|
26
|
+
WriteSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaRequest").msgclass
|
27
|
+
WriteSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaResponse").msgclass
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1/schema_service.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'google/api/annotations_pb'
|
7
|
+
require 'validate/validate_pb'
|
8
|
+
|
9
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
10
|
+
add_file("authzed/api/v1/schema_service.proto", :syntax => :proto3) do
|
11
|
+
add_message "authzed.api.v1.ReadSchemaRequest" do
|
12
|
+
end
|
13
|
+
add_message "authzed.api.v1.ReadSchemaResponse" do
|
14
|
+
optional :schema_text, :string, 1, json_name: "schemaText"
|
15
|
+
end
|
16
|
+
add_message "authzed.api.v1.WriteSchemaRequest" do
|
17
|
+
optional :schema, :string, 1, json_name: "schema"
|
18
|
+
end
|
19
|
+
add_message "authzed.api.v1.WriteSchemaResponse" do
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
module Authzed
|
25
|
+
module Api
|
26
|
+
module V1
|
27
|
+
ReadSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaRequest").msgclass
|
28
|
+
ReadSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaResponse").msgclass
|
29
|
+
WriteSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaRequest").msgclass
|
30
|
+
WriteSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaResponse").msgclass
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# Source: authzed/api/v1/schema_service.proto for package 'authzed.api.v1'
|
3
|
+
|
4
|
+
require 'grpc'
|
5
|
+
require 'authzed/api/v1/schema_service_pb'
|
6
|
+
|
7
|
+
module Authzed
|
8
|
+
module Api
|
9
|
+
module V1
|
10
|
+
module SchemaService
|
11
|
+
# SchemaService implements operations on a Permissions System's Schema.
|
12
|
+
class Service
|
13
|
+
|
14
|
+
include ::GRPC::GenericService
|
15
|
+
|
16
|
+
self.marshal_class_method = :encode
|
17
|
+
self.unmarshal_class_method = :decode
|
18
|
+
self.service_name = 'authzed.api.v1.SchemaService'
|
19
|
+
|
20
|
+
# Read returns the current Object Definitions for a Permissions System.
|
21
|
+
#
|
22
|
+
# Errors include:
|
23
|
+
# - INVALID_ARGUMENT: a provided value has failed to semantically validate
|
24
|
+
# - NOT_FOUND: no schema has been defined
|
25
|
+
rpc :ReadSchema, ::Authzed::Api::V1::ReadSchemaRequest, ::Authzed::Api::V1::ReadSchemaResponse
|
26
|
+
# Write overwrites the current Object Definitions for a Permissions System.
|
27
|
+
rpc :WriteSchema, ::Authzed::Api::V1::WriteSchemaRequest, ::Authzed::Api::V1::WriteSchemaResponse
|
28
|
+
end
|
29
|
+
|
30
|
+
Stub = Service.rpc_stub_class
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# Source: authzed/api/v1/schema.proto for package 'authzed.api.v1'
|
3
|
+
|
4
|
+
require 'grpc'
|
5
|
+
require 'authzed/api/v1/schema_pb'
|
6
|
+
|
7
|
+
module Authzed
|
8
|
+
module Api
|
9
|
+
module V1
|
10
|
+
module SchemaService
|
11
|
+
# SchemaService implements operations on a Permissions System's Schema.
|
12
|
+
class Service
|
13
|
+
|
14
|
+
include ::GRPC::GenericService
|
15
|
+
|
16
|
+
self.marshal_class_method = :encode
|
17
|
+
self.unmarshal_class_method = :decode
|
18
|
+
self.service_name = 'authzed.api.v1.SchemaService'
|
19
|
+
|
20
|
+
# Read returns the current Object Definitions for a Permissions System.
|
21
|
+
#
|
22
|
+
# Errors include:
|
23
|
+
# - INVALID_ARGUMENT: a provided value has failed to semantically validate
|
24
|
+
# - NOT_FOUND: no schema has been defined
|
25
|
+
rpc :ReadSchema, ::Authzed::Api::V1::ReadSchemaRequest, ::Authzed::Api::V1::ReadSchemaResponse
|
26
|
+
# Write overwrites the current Object Definitions for a Permissions System.
|
27
|
+
rpc :WriteSchema, ::Authzed::Api::V1::WriteSchemaRequest, ::Authzed::Api::V1::WriteSchemaResponse
|
28
|
+
end
|
29
|
+
|
30
|
+
Stub = Service.rpc_stub_class
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1/watch_service.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'google/api/annotations_pb'
|
7
|
+
require 'validate/validate_pb'
|
8
|
+
require 'authzed/api/v1/core_pb'
|
9
|
+
|
10
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
11
|
+
add_file("authzed/api/v1/watch_service.proto", :syntax => :proto3) do
|
12
|
+
add_message "authzed.api.v1.WatchRequest" do
|
13
|
+
repeated :optional_object_types, :string, 1, json_name: "optionalObjectTypes"
|
14
|
+
optional :optional_start_cursor, :message, 2, "authzed.api.v1.ZedToken", json_name: "optionalStartCursor"
|
15
|
+
end
|
16
|
+
add_message "authzed.api.v1.WatchResponse" do
|
17
|
+
repeated :updates, :message, 1, "authzed.api.v1.RelationshipUpdate", json_name: "updates"
|
18
|
+
optional :changes_through, :message, 2, "authzed.api.v1.ZedToken", json_name: "changesThrough"
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
module Authzed
|
24
|
+
module Api
|
25
|
+
module V1
|
26
|
+
WatchRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WatchRequest").msgclass
|
27
|
+
WatchResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WatchResponse").msgclass
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# Source: authzed/api/v1/watch_service.proto for package 'authzed.api.v1'
|
3
|
+
|
4
|
+
require 'grpc'
|
5
|
+
require 'authzed/api/v1/watch_service_pb'
|
6
|
+
|
7
|
+
module Authzed
|
8
|
+
module Api
|
9
|
+
module V1
|
10
|
+
module WatchService
|
11
|
+
class Service
|
12
|
+
|
13
|
+
include ::GRPC::GenericService
|
14
|
+
|
15
|
+
self.marshal_class_method = :encode
|
16
|
+
self.unmarshal_class_method = :decode
|
17
|
+
self.service_name = 'authzed.api.v1.WatchService'
|
18
|
+
|
19
|
+
rpc :Watch, ::Authzed::Api::V1::WatchRequest, stream(::Authzed::Api::V1::WatchResponse)
|
20
|
+
end
|
21
|
+
|
22
|
+
Stub = Service.rpc_stub_class
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'grpc'
|
2
|
+
|
3
|
+
module Authzed
|
4
|
+
module Api
|
5
|
+
module V1alpha1
|
6
|
+
class Client
|
7
|
+
|
8
|
+
attr_reader :schema_service
|
9
|
+
|
10
|
+
def initialize(target:, credentials: nil, interceptors: [], options: {}, timeout: nil)
|
11
|
+
creds = credentials || GRPC::Core::ChannelCredentials.new
|
12
|
+
|
13
|
+
@schema_service = Authzed::Api::V1alpha1::SchemaService::Stub.new(
|
14
|
+
target,
|
15
|
+
creds,
|
16
|
+
timeout: timeout,
|
17
|
+
interceptors: interceptors,
|
18
|
+
channel_args: options,
|
19
|
+
)
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
@@ -3,6 +3,8 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
+
require 'validate/validate_pb'
|
7
|
+
|
6
8
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
7
9
|
add_file("authzed/api/v1alpha1/schema.proto", :syntax => :proto3) do
|
8
10
|
add_message "authzed.api.v1alpha1.ReadSchemaRequest" do
|
@@ -10,12 +12,15 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
10
12
|
end
|
11
13
|
add_message "authzed.api.v1alpha1.ReadSchemaResponse" do
|
12
14
|
repeated :object_definitions, :string, 1, json_name: "objectDefinitions"
|
15
|
+
optional :computed_definitions_revision, :string, 2, json_name: "computedDefinitionsRevision"
|
13
16
|
end
|
14
17
|
add_message "authzed.api.v1alpha1.WriteSchemaRequest" do
|
15
18
|
optional :schema, :string, 1, json_name: "schema"
|
19
|
+
optional :optional_definitions_revision_precondition, :string, 2, json_name: "optionalDefinitionsRevisionPrecondition"
|
16
20
|
end
|
17
21
|
add_message "authzed.api.v1alpha1.WriteSchemaResponse" do
|
18
22
|
repeated :object_definitions_names, :string, 1, json_name: "objectDefinitionsNames"
|
23
|
+
optional :computed_definitions_revision, :string, 2, json_name: "computedDefinitionsRevision"
|
19
24
|
end
|
20
25
|
end
|
21
26
|
end
|
@@ -0,0 +1,46 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1alpha1/watchresources_service.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'google/api/annotations_pb'
|
7
|
+
require 'validate/validate_pb'
|
8
|
+
require 'authzed/api/v1/core_pb'
|
9
|
+
|
10
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
11
|
+
add_file("authzed/api/v1alpha1/watchresources_service.proto", :syntax => :proto3) do
|
12
|
+
add_message "authzed.api.v1alpha1.WatchResourcesRequest" do
|
13
|
+
optional :resource_object_type, :string, 1, json_name: "resourceObjectType"
|
14
|
+
optional :permission, :string, 2, json_name: "permission"
|
15
|
+
optional :subject_object_type, :string, 3, json_name: "subjectObjectType"
|
16
|
+
optional :optional_subject_relation, :string, 4, json_name: "optionalSubjectRelation"
|
17
|
+
optional :optional_start_cursor, :message, 5, "authzed.api.v1.ZedToken", json_name: "optionalStartCursor"
|
18
|
+
end
|
19
|
+
add_message "authzed.api.v1alpha1.PermissionUpdate" do
|
20
|
+
optional :subject, :message, 1, "authzed.api.v1.SubjectReference", json_name: "subject"
|
21
|
+
optional :resource, :message, 2, "authzed.api.v1.ObjectReference", json_name: "resource"
|
22
|
+
optional :relation, :string, 3, json_name: "relation"
|
23
|
+
optional :updated_permission, :enum, 4, "authzed.api.v1alpha1.PermissionUpdate.Permissionship", json_name: "updatedPermission"
|
24
|
+
end
|
25
|
+
add_enum "authzed.api.v1alpha1.PermissionUpdate.Permissionship" do
|
26
|
+
value :PERMISSIONSHIP_UNSPECIFIED, 0
|
27
|
+
value :PERMISSIONSHIP_NO_PERMISSION, 1
|
28
|
+
value :PERMISSIONSHIP_HAS_PERMISSION, 2
|
29
|
+
end
|
30
|
+
add_message "authzed.api.v1alpha1.WatchResourcesResponse" do
|
31
|
+
repeated :updates, :message, 1, "authzed.api.v1alpha1.PermissionUpdate", json_name: "updates"
|
32
|
+
optional :changes_through, :message, 2, "authzed.api.v1.ZedToken", json_name: "changesThrough"
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
module Authzed
|
38
|
+
module Api
|
39
|
+
module V1alpha1
|
40
|
+
WatchResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.WatchResourcesRequest").msgclass
|
41
|
+
PermissionUpdate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.PermissionUpdate").msgclass
|
42
|
+
PermissionUpdate::Permissionship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.PermissionUpdate.Permissionship").enummodule
|
43
|
+
WatchResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.WatchResourcesResponse").msgclass
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# Source: authzed/api/v1alpha1/watchresources_service.proto for package 'authzed.api.v1alpha1'
|
3
|
+
|
4
|
+
require 'grpc'
|
5
|
+
require 'authzed/api/v1alpha1/watchresources_service_pb'
|
6
|
+
|
7
|
+
module Authzed
|
8
|
+
module Api
|
9
|
+
module V1alpha1
|
10
|
+
module WatchResourcesService
|
11
|
+
# WatchResourcesService is used to receive a stream of updates for resources of a
|
12
|
+
# specific (resource type, permission, subject) combination.
|
13
|
+
class Service
|
14
|
+
|
15
|
+
include ::GRPC::GenericService
|
16
|
+
|
17
|
+
self.marshal_class_method = :encode
|
18
|
+
self.unmarshal_class_method = :decode
|
19
|
+
self.service_name = 'authzed.api.v1alpha1.WatchResourcesService'
|
20
|
+
|
21
|
+
# WatchResources initiates a watch for permission changes for the provided
|
22
|
+
# (resource type, permission, subject) pair.
|
23
|
+
rpc :WatchResources, ::Authzed::Api::V1alpha1::WatchResourcesRequest, stream(::Authzed::Api::V1alpha1::WatchResourcesResponse)
|
24
|
+
end
|
25
|
+
|
26
|
+
Stub = Service.rpc_stub_class
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
data/lib/authzed.rb
CHANGED
@@ -1,14 +1,11 @@
|
|
1
|
-
require 'authzed/api/v0/acl_service_pb'
|
2
|
-
require 'authzed/api/v0/acl_service_services_pb'
|
3
|
-
require 'authzed/api/v0/core_pb'
|
4
|
-
require 'authzed/api/v0/developer_pb'
|
5
|
-
require 'authzed/api/v0/developer_services_pb'
|
6
|
-
require 'authzed/api/v0/namespace_pb'
|
7
|
-
require 'authzed/api/v0/namespace_service_pb'
|
8
|
-
require 'authzed/api/v0/namespace_service_services_pb'
|
9
|
-
require 'authzed/api/v0/watch_service_pb'
|
10
|
-
require 'authzed/api/v0/watch_service_services_pb'
|
11
1
|
require 'authzed/api/v1alpha1/schema_pb'
|
2
|
+
require 'authzed/api/v1alpha1/schema_services_pb'
|
3
|
+
require 'authzed/api/v1alpha1/client'
|
4
|
+
require 'authzed/api/v1/schema_services_pb'
|
5
|
+
require 'authzed/api/v1/watch_service_services_pb'
|
6
|
+
require 'authzed/api/v1/permission_service_services_pb'
|
7
|
+
require 'authzed/api/v1/client'
|
8
|
+
require 'grpcutil/bearer_token'
|
12
9
|
|
13
10
|
module Authzed
|
14
|
-
end
|
11
|
+
end
|
@@ -0,0 +1,75 @@
|
|
1
|
+
require 'grpc'
|
2
|
+
|
3
|
+
module Authzed
|
4
|
+
module GrpcUtil
|
5
|
+
class BearerToken < GRPC::ClientInterceptor
|
6
|
+
|
7
|
+
AUTHORIZATION_HEADER = 'authorization'
|
8
|
+
SCHEMA = 'Bearer'
|
9
|
+
|
10
|
+
attr_reader :token
|
11
|
+
|
12
|
+
def initialize(token:)
|
13
|
+
@token = token
|
14
|
+
end
|
15
|
+
|
16
|
+
##
|
17
|
+
# Intercept a unary request response call
|
18
|
+
#
|
19
|
+
# @param [Object] request
|
20
|
+
# @param [GRPC::ActiveCall] call
|
21
|
+
# @param [String] method
|
22
|
+
# @param [Hash] metadata
|
23
|
+
#
|
24
|
+
def request_response(request: nil, call: nil, method: nil, metadata: nil)
|
25
|
+
metadata[AUTHORIZATION_HEADER] = bearer_token_header
|
26
|
+
yield
|
27
|
+
end
|
28
|
+
|
29
|
+
##
|
30
|
+
# Intercept a client streaming call
|
31
|
+
#
|
32
|
+
# @param [Enumerable] requests
|
33
|
+
# @param [GRPC::ActiveCall] call
|
34
|
+
# @param [String] method
|
35
|
+
# @param [Hash] metadata
|
36
|
+
#
|
37
|
+
def client_streamer(requests: nil, call: nil, method: nil, metadata: nil)
|
38
|
+
metadata[AUTHORIZATION_HEADER] = bearer_token_header
|
39
|
+
yield
|
40
|
+
end
|
41
|
+
|
42
|
+
##
|
43
|
+
# Intercept a server streaming call
|
44
|
+
#
|
45
|
+
# @param [Object] request
|
46
|
+
# @param [GRPC::ActiveCall] call
|
47
|
+
# @param [String] method
|
48
|
+
# @param [Hash] metadata
|
49
|
+
#
|
50
|
+
def server_streamer(request: nil, call: nil, method: nil, metadata: nil)
|
51
|
+
metadata[AUTHORIZATION_HEADER] = bearer_token_header
|
52
|
+
yield
|
53
|
+
end
|
54
|
+
|
55
|
+
##
|
56
|
+
# Intercept a BiDi streaming call
|
57
|
+
#
|
58
|
+
# @param [Enumerable] requests
|
59
|
+
# @param [GRPC::ActiveCall] call
|
60
|
+
# @param [String] method
|
61
|
+
# @param [Hash] metadata
|
62
|
+
#
|
63
|
+
def bidi_streamer(requests: nil, call: nil, method: nil, metadata: nil)
|
64
|
+
metadata[AUTHORIZATION_HEADER] = bearer_token_header
|
65
|
+
yield
|
66
|
+
end
|
67
|
+
|
68
|
+
private
|
69
|
+
|
70
|
+
def bearer_token_header
|
71
|
+
"#{SCHEMA} #{token}"
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authzed
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Authzed
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-05-26 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Authzed is the best way to build robust and scalable permissions systems.
|
14
14
|
See https://authzed.com for more details.
|
@@ -22,6 +22,7 @@ files:
|
|
22
22
|
- lib/authzed.rb
|
23
23
|
- lib/authzed/api/v0/acl_service_pb.rb
|
24
24
|
- lib/authzed/api/v0/acl_service_services_pb.rb
|
25
|
+
- lib/authzed/api/v0/client.rb
|
25
26
|
- lib/authzed/api/v0/core_pb.rb
|
26
27
|
- lib/authzed/api/v0/developer_pb.rb
|
27
28
|
- lib/authzed/api/v0/developer_services_pb.rb
|
@@ -30,8 +31,24 @@ files:
|
|
30
31
|
- lib/authzed/api/v0/namespace_service_services_pb.rb
|
31
32
|
- lib/authzed/api/v0/watch_service_pb.rb
|
32
33
|
- lib/authzed/api/v0/watch_service_services_pb.rb
|
34
|
+
- lib/authzed/api/v1/client.rb
|
35
|
+
- lib/authzed/api/v1/core_pb.rb
|
36
|
+
- lib/authzed/api/v1/openapi_pb.rb
|
37
|
+
- lib/authzed/api/v1/permission_service_pb.rb
|
38
|
+
- lib/authzed/api/v1/permission_service_services_pb.rb
|
39
|
+
- lib/authzed/api/v1/schema_pb.rb
|
40
|
+
- lib/authzed/api/v1/schema_service_pb.rb
|
41
|
+
- lib/authzed/api/v1/schema_service_services_pb.rb
|
42
|
+
- lib/authzed/api/v1/schema_services_pb.rb
|
43
|
+
- lib/authzed/api/v1/watch_service_pb.rb
|
44
|
+
- lib/authzed/api/v1/watch_service_services_pb.rb
|
45
|
+
- lib/authzed/api/v1alpha1/client.rb
|
33
46
|
- lib/authzed/api/v1alpha1/schema_pb.rb
|
34
47
|
- lib/authzed/api/v1alpha1/schema_services_pb.rb
|
48
|
+
- lib/authzed/api/v1alpha1/watchresources_service_pb.rb
|
49
|
+
- lib/authzed/api/v1alpha1/watchresources_service_services_pb.rb
|
50
|
+
- lib/grpcutil/bearer_token.rb
|
51
|
+
- lib/validate/validate_pb.rb
|
35
52
|
homepage: https://authzed.com
|
36
53
|
licenses:
|
37
54
|
- Apache-2.0
|