authzed 0.1.0 → 0.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +21 -15
- data/lib/authzed/api/v0/acl_service_pb.rb +2 -0
- data/lib/authzed/api/v0/core_pb.rb +2 -0
- data/lib/authzed/api/v0/developer_pb.rb +11 -0
- data/lib/authzed/api/v0/developer_services_pb.rb +1 -0
- data/lib/authzed/api/v0/namespace_pb.rb +14 -1
- data/lib/authzed/api/v0/namespace_service_pb.rb +10 -0
- data/lib/authzed/api/v0/namespace_service_services_pb.rb +1 -0
- data/lib/authzed/api/v0/watch_service_pb.rb +2 -0
- data/lib/authzed/api/v1/client.rb +37 -0
- data/lib/authzed/api/v1/core_pb.rb +75 -0
- data/lib/authzed/api/v1/openapi_pb.rb +18 -0
- data/lib/authzed/api/v1/permission_service_pb.rb +126 -0
- data/lib/authzed/api/v1/permission_service_services_pb.rb +48 -0
- data/lib/authzed/api/v1/schema_pb.rb +30 -0
- data/lib/authzed/api/v1/schema_service_pb.rb +33 -0
- data/lib/authzed/api/v1/schema_service_services_pb.rb +34 -0
- data/lib/authzed/api/v1/schema_services_pb.rb +34 -0
- data/lib/authzed/api/v1/watch_service_pb.rb +30 -0
- data/lib/authzed/api/v1/watch_service_services_pb.rb +26 -0
- data/lib/authzed/api/v1alpha1/schema_pb.rb +5 -0
- data/lib/authzed/api/v1alpha1/watchresources_service_pb.rb +46 -0
- data/lib/authzed/api/v1alpha1/watchresources_service_services_pb.rb +30 -0
- data/lib/authzed.rb +5 -12
- data/lib/validate/validate_pb.rb +4 -0
- metadata +63 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e9d840b7d113a43fc53a03857a6b720788d1fc5be90eb48b010e8ceb8f479b09
|
4
|
+
data.tar.gz: 2832d57d9fdfc64e796deaddcd5b2fe86323b8ef873ec1aa5663bc52a80e4fef
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: adbbb7803d5649ed683e853402de43d631856889601d4429cb1a442b34b99cc462faa96a7ec3a5acfa102bf6734563b7a80c921da074f32c10ea1f63bb6ea5c1
|
7
|
+
data.tar.gz: f17f316735b3ab2ec3e77b3043b5fa5033b08c83bade7af4a859054a9e24bb49986c03a4837880ca0a77709ef451eca01e08370bd71efcd41fd19a51f59e7bea
|
data/README.md
CHANGED
@@ -14,8 +14,9 @@ This repository houses the Ruby client library for Authzed.
|
|
14
14
|
Developers create a schema that models their permissions requirements and use a client library, such as this one, to apply the schema to the database, insert data into the database, and query the data to efficiently check permissions in their applications.
|
15
15
|
|
16
16
|
Supported client API versions:
|
17
|
+
- [v1](https://docs.authzed.com/reference/api#authzedapiv1)
|
17
18
|
- [v1alpha1](https://docs.authzed.com/reference/api#authzedapiv1alpha1)
|
18
|
-
-
|
19
|
+
- "v0" - deprecated
|
19
20
|
|
20
21
|
You can find more info on each API on the [Authzed API reference documentation].
|
21
22
|
Additionally, Protobuf API documentation can be found on the [Buf Registry Authzed API repository].
|
@@ -31,10 +32,10 @@ See [CONTRIBUTING.md] for instructions on how to contribute and perform common t
|
|
31
32
|
|
32
33
|
We highly recommend following the **[Protecting Your First App]** guide to learn the latest best practice to integrate an application with Authzed.
|
33
34
|
|
34
|
-
If you're interested in
|
35
|
+
If you're interested in example uses of the API, see the spec files in the [spec directory].
|
35
36
|
|
36
37
|
[Protecting Your First App]: https://docs.authzed.com/guides/first-app
|
37
|
-
[
|
38
|
+
[spec directory]: /spec
|
38
39
|
|
39
40
|
## Basic Usage
|
40
41
|
|
@@ -61,9 +62,10 @@ In order to successfully connect, you will have to provide a [Bearer Token] with
|
|
61
62
|
require 'authzed'
|
62
63
|
|
63
64
|
|
64
|
-
client = Authzed::Api::
|
65
|
-
target:
|
66
|
-
|
65
|
+
client = Authzed::Api::V1::Client.new(
|
66
|
+
target: "localhost:50051",
|
67
|
+
credentials: :this_channel_is_insecure,
|
68
|
+
interceptors: [Authzed::GrpcUtil::BearerToken.new(token: "somerandomkeyhere")],
|
67
69
|
)
|
68
70
|
```
|
69
71
|
|
@@ -72,15 +74,19 @@ client = Authzed::Api::V0::Client.new(
|
|
72
74
|
```rb
|
73
75
|
require 'authzed'
|
74
76
|
|
75
|
-
emilia = Authzed::Api::V0::User.new(namespace: 'blog/user', object_id: 'emilia')
|
76
|
-
read_first_post = Authzed::Api::V0::ObjectAndRelation.new(
|
77
|
-
namespace: 'blog/post',
|
78
|
-
object_id: '1',
|
79
|
-
relation: 'read'
|
80
|
-
)
|
81
|
-
|
82
77
|
# Is Emilia in the set of users that can read post #1?
|
83
|
-
resp = client.
|
84
|
-
Authzed::Api::
|
78
|
+
resp = client.permissions_service.check_permission(
|
79
|
+
Authzed::Api::V1::CheckPermissionRequest.new(
|
80
|
+
consistency: Authzed::Api::V1::Consistency.new(
|
81
|
+
at_least_as_fresh: Authzed::Api::V1::ZedToken.new(token: zed_token)
|
82
|
+
),
|
83
|
+
resource: Authzed::Api::V1::ObjectReference.new(object_type: 'blog/post', object_id: '1'),
|
84
|
+
permission: 'read',
|
85
|
+
subject: Authzed::Api::V1::SubjectReference.new(
|
86
|
+
object: Authzed::Api::V1::ObjectReference.new(object_type: 'blog/user', object_id: 'emilia')
|
87
|
+
)
|
88
|
+
)
|
85
89
|
)
|
90
|
+
can_read = Authzed::Api::V1::CheckPermissionResponse::Permissionship.resolve(resp.permissionship)) ==
|
91
|
+
Authzed::Api::V1::CheckPermissionResponse::Permissionship::PERMISSIONSHIP_HAS_PERMISSION
|
86
92
|
```
|
@@ -3,7 +3,9 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
+
require 'validate/validate_pb'
|
6
7
|
require 'authzed/api/v0/core_pb'
|
8
|
+
|
7
9
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
8
10
|
add_file("authzed/api/v0/acl_service.proto", :syntax => :proto3) do
|
9
11
|
add_message "authzed.api.v0.RelationTupleFilter" do
|
@@ -5,8 +5,16 @@ require 'google/protobuf'
|
|
5
5
|
|
6
6
|
require 'authzed/api/v0/core_pb'
|
7
7
|
require 'authzed/api/v0/namespace_pb'
|
8
|
+
|
8
9
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
10
|
add_file("authzed/api/v0/developer.proto", :syntax => :proto3) do
|
11
|
+
add_message "authzed.api.v0.FormatSchemaRequest" do
|
12
|
+
optional :schema, :string, 1, json_name: "schema"
|
13
|
+
end
|
14
|
+
add_message "authzed.api.v0.FormatSchemaResponse" do
|
15
|
+
optional :error, :message, 1, "authzed.api.v0.DeveloperError", json_name: "error"
|
16
|
+
optional :formatted_schema, :string, 2, json_name: "formattedSchema"
|
17
|
+
end
|
10
18
|
add_message "authzed.api.v0.UpgradeSchemaRequest" do
|
11
19
|
repeated :namespace_configs, :string, 1, json_name: "namespaceConfigs"
|
12
20
|
end
|
@@ -42,6 +50,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
42
50
|
add_message "authzed.api.v0.RequestContext" do
|
43
51
|
optional :schema, :string, 1, json_name: "schema"
|
44
52
|
repeated :relationships, :message, 2, "authzed.api.v0.RelationTuple", json_name: "relationships"
|
53
|
+
repeated :legacy_ns_configs, :message, 3, "authzed.api.v0.NamespaceDefinition", json_name: "legacyNsConfigs"
|
45
54
|
end
|
46
55
|
add_message "authzed.api.v0.EditCheckRequest" do
|
47
56
|
optional :context, :message, 1, "authzed.api.v0.RequestContext", json_name: "context"
|
@@ -102,6 +111,8 @@ end
|
|
102
111
|
module Authzed
|
103
112
|
module Api
|
104
113
|
module V0
|
114
|
+
FormatSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.FormatSchemaRequest").msgclass
|
115
|
+
FormatSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.FormatSchemaResponse").msgclass
|
105
116
|
UpgradeSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.UpgradeSchemaRequest").msgclass
|
106
117
|
UpgradeSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.UpgradeSchemaResponse").msgclass
|
107
118
|
ShareRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.ShareRequest").msgclass
|
@@ -21,6 +21,7 @@ module Authzed
|
|
21
21
|
rpc :Share, ::Authzed::Api::V0::ShareRequest, ::Authzed::Api::V0::ShareResponse
|
22
22
|
rpc :LookupShared, ::Authzed::Api::V0::LookupShareRequest, ::Authzed::Api::V0::LookupShareResponse
|
23
23
|
rpc :UpgradeSchema, ::Authzed::Api::V0::UpgradeSchemaRequest, ::Authzed::Api::V0::UpgradeSchemaResponse
|
24
|
+
rpc :FormatSchema, ::Authzed::Api::V0::FormatSchemaRequest, ::Authzed::Api::V0::FormatSchemaResponse
|
24
25
|
end
|
25
26
|
|
26
27
|
Stub = Service.rpc_stub_class
|
@@ -4,7 +4,9 @@
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
6
|
require 'google/protobuf/any_pb'
|
7
|
+
require 'validate/validate_pb'
|
7
8
|
require 'authzed/api/v0/core_pb'
|
9
|
+
|
8
10
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
11
|
add_file("authzed/api/v0/namespace.proto", :syntax => :proto3) do
|
10
12
|
add_message "authzed.api.v0.Metadata" do
|
@@ -22,7 +24,16 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
22
24
|
optional :metadata, :message, 4, "authzed.api.v0.Metadata", json_name: "metadata"
|
23
25
|
end
|
24
26
|
add_message "authzed.api.v0.TypeInformation" do
|
25
|
-
repeated :allowed_direct_relations, :message, 1, "authzed.api.v0.
|
27
|
+
repeated :allowed_direct_relations, :message, 1, "authzed.api.v0.AllowedRelation", json_name: "allowedDirectRelations"
|
28
|
+
end
|
29
|
+
add_message "authzed.api.v0.AllowedRelation" do
|
30
|
+
optional :namespace, :string, 1, json_name: "namespace"
|
31
|
+
oneof :relation_or_wildcard do
|
32
|
+
optional :relation, :string, 3, json_name: "relation"
|
33
|
+
optional :public_wildcard, :message, 4, "authzed.api.v0.AllowedRelation.PublicWildcard", json_name: "publicWildcard"
|
34
|
+
end
|
35
|
+
end
|
36
|
+
add_message "authzed.api.v0.AllowedRelation.PublicWildcard" do
|
26
37
|
end
|
27
38
|
add_message "authzed.api.v0.UsersetRewrite" do
|
28
39
|
oneof :rewrite_operation do
|
@@ -69,6 +80,8 @@ module Authzed
|
|
69
80
|
NamespaceDefinition = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.NamespaceDefinition").msgclass
|
70
81
|
Relation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.Relation").msgclass
|
71
82
|
TypeInformation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.TypeInformation").msgclass
|
83
|
+
AllowedRelation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.AllowedRelation").msgclass
|
84
|
+
AllowedRelation::PublicWildcard = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.AllowedRelation.PublicWildcard").msgclass
|
72
85
|
UsersetRewrite = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.UsersetRewrite").msgclass
|
73
86
|
SetOperation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperation").msgclass
|
74
87
|
SetOperation::Child = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperation.Child").msgclass
|
@@ -3,8 +3,10 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
+
require 'validate/validate_pb'
|
6
7
|
require 'authzed/api/v0/core_pb'
|
7
8
|
require 'authzed/api/v0/namespace_pb'
|
9
|
+
|
8
10
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
11
|
add_file("authzed/api/v0/namespace_service.proto", :syntax => :proto3) do
|
10
12
|
add_message "authzed.api.v0.ReadConfigRequest" do
|
@@ -22,6 +24,12 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
22
24
|
add_message "authzed.api.v0.WriteConfigResponse" do
|
23
25
|
optional :revision, :message, 1, "authzed.api.v0.Zookie", json_name: "revision"
|
24
26
|
end
|
27
|
+
add_message "authzed.api.v0.DeleteConfigsRequest" do
|
28
|
+
repeated :namespaces, :string, 1, json_name: "namespaces"
|
29
|
+
end
|
30
|
+
add_message "authzed.api.v0.DeleteConfigsResponse" do
|
31
|
+
optional :revision, :message, 1, "authzed.api.v0.Zookie", json_name: "revision"
|
32
|
+
end
|
25
33
|
end
|
26
34
|
end
|
27
35
|
|
@@ -32,6 +40,8 @@ module Authzed
|
|
32
40
|
ReadConfigResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.ReadConfigResponse").msgclass
|
33
41
|
WriteConfigRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.WriteConfigRequest").msgclass
|
34
42
|
WriteConfigResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.WriteConfigResponse").msgclass
|
43
|
+
DeleteConfigsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.DeleteConfigsRequest").msgclass
|
44
|
+
DeleteConfigsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.DeleteConfigsResponse").msgclass
|
35
45
|
end
|
36
46
|
end
|
37
47
|
end
|
@@ -18,6 +18,7 @@ module Authzed
|
|
18
18
|
|
19
19
|
rpc :ReadConfig, ::Authzed::Api::V0::ReadConfigRequest, ::Authzed::Api::V0::ReadConfigResponse
|
20
20
|
rpc :WriteConfig, ::Authzed::Api::V0::WriteConfigRequest, ::Authzed::Api::V0::WriteConfigResponse
|
21
|
+
rpc :DeleteConfigs, ::Authzed::Api::V0::DeleteConfigsRequest, ::Authzed::Api::V0::DeleteConfigsResponse
|
21
22
|
end
|
22
23
|
|
23
24
|
Stub = Service.rpc_stub_class
|
@@ -3,7 +3,9 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
+
require 'validate/validate_pb'
|
6
7
|
require 'authzed/api/v0/core_pb'
|
8
|
+
|
7
9
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
8
10
|
add_file("authzed/api/v0/watch_service.proto", :syntax => :proto3) do
|
9
11
|
add_message "authzed.api.v0.WatchRequest" do
|
@@ -0,0 +1,37 @@
|
|
1
|
+
require 'grpc'
|
2
|
+
|
3
|
+
module Authzed
|
4
|
+
module Api
|
5
|
+
module V1
|
6
|
+
class Client
|
7
|
+
attr_reader :permissions_service, :schema_service, :watch_service
|
8
|
+
|
9
|
+
def initialize(target:, credentials: nil, interceptors: [], options: {}, timeout: nil)
|
10
|
+
creds = credentials || GRPC::Core::ChannelCredentials.new
|
11
|
+
|
12
|
+
@permissions_service = Authzed::Api::V1::PermissionsService::Stub.new(
|
13
|
+
target,
|
14
|
+
creds,
|
15
|
+
timeout: timeout,
|
16
|
+
interceptors: interceptors,
|
17
|
+
channel_args: options,
|
18
|
+
)
|
19
|
+
@schema_service = Authzed::Api::V1::SchemaService::Stub.new(
|
20
|
+
target,
|
21
|
+
creds,
|
22
|
+
timeout: timeout,
|
23
|
+
interceptors: interceptors,
|
24
|
+
channel_args: options,
|
25
|
+
)
|
26
|
+
@watch_service = Authzed::Api::V1::WatchService::Stub.new(
|
27
|
+
target,
|
28
|
+
creds,
|
29
|
+
timeout: timeout,
|
30
|
+
interceptors: interceptors,
|
31
|
+
channel_args: options,
|
32
|
+
)
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
@@ -0,0 +1,75 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1/core.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'validate/validate_pb'
|
7
|
+
|
8
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
|
+
add_file("authzed/api/v1/core.proto", :syntax => :proto3) do
|
10
|
+
add_message "authzed.api.v1.Relationship" do
|
11
|
+
optional :resource, :message, 1, "authzed.api.v1.ObjectReference", json_name: "resource"
|
12
|
+
optional :relation, :string, 2, json_name: "relation"
|
13
|
+
optional :subject, :message, 3, "authzed.api.v1.SubjectReference", json_name: "subject"
|
14
|
+
end
|
15
|
+
add_message "authzed.api.v1.SubjectReference" do
|
16
|
+
optional :object, :message, 1, "authzed.api.v1.ObjectReference", json_name: "object"
|
17
|
+
optional :optional_relation, :string, 2, json_name: "optionalRelation"
|
18
|
+
end
|
19
|
+
add_message "authzed.api.v1.ObjectReference" do
|
20
|
+
optional :object_type, :string, 1, json_name: "objectType"
|
21
|
+
optional :object_id, :string, 2, json_name: "objectId"
|
22
|
+
end
|
23
|
+
add_message "authzed.api.v1.ZedToken" do
|
24
|
+
optional :token, :string, 1, json_name: "token"
|
25
|
+
end
|
26
|
+
add_message "authzed.api.v1.RelationshipUpdate" do
|
27
|
+
optional :operation, :enum, 1, "authzed.api.v1.RelationshipUpdate.Operation", json_name: "operation"
|
28
|
+
optional :relationship, :message, 2, "authzed.api.v1.Relationship", json_name: "relationship"
|
29
|
+
end
|
30
|
+
add_enum "authzed.api.v1.RelationshipUpdate.Operation" do
|
31
|
+
value :OPERATION_UNSPECIFIED, 0
|
32
|
+
value :OPERATION_CREATE, 1
|
33
|
+
value :OPERATION_TOUCH, 2
|
34
|
+
value :OPERATION_DELETE, 3
|
35
|
+
end
|
36
|
+
add_message "authzed.api.v1.PermissionRelationshipTree" do
|
37
|
+
optional :expanded_object, :message, 3, "authzed.api.v1.ObjectReference", json_name: "expandedObject"
|
38
|
+
optional :expanded_relation, :string, 4, json_name: "expandedRelation"
|
39
|
+
oneof :tree_type do
|
40
|
+
optional :intermediate, :message, 1, "authzed.api.v1.AlgebraicSubjectSet", json_name: "intermediate"
|
41
|
+
optional :leaf, :message, 2, "authzed.api.v1.DirectSubjectSet", json_name: "leaf"
|
42
|
+
end
|
43
|
+
end
|
44
|
+
add_message "authzed.api.v1.AlgebraicSubjectSet" do
|
45
|
+
optional :operation, :enum, 1, "authzed.api.v1.AlgebraicSubjectSet.Operation", json_name: "operation"
|
46
|
+
repeated :children, :message, 2, "authzed.api.v1.PermissionRelationshipTree", json_name: "children"
|
47
|
+
end
|
48
|
+
add_enum "authzed.api.v1.AlgebraicSubjectSet.Operation" do
|
49
|
+
value :OPERATION_UNSPECIFIED, 0
|
50
|
+
value :OPERATION_UNION, 1
|
51
|
+
value :OPERATION_INTERSECTION, 2
|
52
|
+
value :OPERATION_EXCLUSION, 3
|
53
|
+
end
|
54
|
+
add_message "authzed.api.v1.DirectSubjectSet" do
|
55
|
+
repeated :subjects, :message, 1, "authzed.api.v1.SubjectReference", json_name: "subjects"
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
module Authzed
|
61
|
+
module Api
|
62
|
+
module V1
|
63
|
+
Relationship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.Relationship").msgclass
|
64
|
+
SubjectReference = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.SubjectReference").msgclass
|
65
|
+
ObjectReference = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ObjectReference").msgclass
|
66
|
+
ZedToken = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ZedToken").msgclass
|
67
|
+
RelationshipUpdate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.RelationshipUpdate").msgclass
|
68
|
+
RelationshipUpdate::Operation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.RelationshipUpdate.Operation").enummodule
|
69
|
+
PermissionRelationshipTree = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.PermissionRelationshipTree").msgclass
|
70
|
+
AlgebraicSubjectSet = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.AlgebraicSubjectSet").msgclass
|
71
|
+
AlgebraicSubjectSet::Operation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.AlgebraicSubjectSet.Operation").enummodule
|
72
|
+
DirectSubjectSet = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.DirectSubjectSet").msgclass
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1/openapi.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'protoc-gen-openapiv2/options/annotations_pb'
|
7
|
+
|
8
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
|
+
add_file("authzed/api/v1/openapi.proto", :syntax => :proto3) do
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
module Authzed
|
14
|
+
module Api
|
15
|
+
module V1
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
@@ -0,0 +1,126 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1/permission_service.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'google/api/annotations_pb'
|
7
|
+
require 'validate/validate_pb'
|
8
|
+
require 'authzed/api/v1/core_pb'
|
9
|
+
|
10
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
11
|
+
add_file("authzed/api/v1/permission_service.proto", :syntax => :proto3) do
|
12
|
+
add_message "authzed.api.v1.Consistency" do
|
13
|
+
oneof :requirement do
|
14
|
+
optional :minimize_latency, :bool, 1, json_name: "minimizeLatency"
|
15
|
+
optional :at_least_as_fresh, :message, 2, "authzed.api.v1.ZedToken", json_name: "atLeastAsFresh"
|
16
|
+
optional :at_exact_snapshot, :message, 3, "authzed.api.v1.ZedToken", json_name: "atExactSnapshot"
|
17
|
+
optional :fully_consistent, :bool, 4, json_name: "fullyConsistent"
|
18
|
+
end
|
19
|
+
end
|
20
|
+
add_message "authzed.api.v1.RelationshipFilter" do
|
21
|
+
optional :resource_type, :string, 1, json_name: "resourceType"
|
22
|
+
optional :optional_resource_id, :string, 2, json_name: "optionalResourceId"
|
23
|
+
optional :optional_relation, :string, 3, json_name: "optionalRelation"
|
24
|
+
optional :optional_subject_filter, :message, 4, "authzed.api.v1.SubjectFilter", json_name: "optionalSubjectFilter"
|
25
|
+
end
|
26
|
+
add_message "authzed.api.v1.SubjectFilter" do
|
27
|
+
optional :subject_type, :string, 1, json_name: "subjectType"
|
28
|
+
optional :optional_subject_id, :string, 2, json_name: "optionalSubjectId"
|
29
|
+
optional :optional_relation, :message, 3, "authzed.api.v1.SubjectFilter.RelationFilter", json_name: "optionalRelation"
|
30
|
+
end
|
31
|
+
add_message "authzed.api.v1.SubjectFilter.RelationFilter" do
|
32
|
+
optional :relation, :string, 1, json_name: "relation"
|
33
|
+
end
|
34
|
+
add_message "authzed.api.v1.ReadRelationshipsRequest" do
|
35
|
+
optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
|
36
|
+
optional :relationship_filter, :message, 2, "authzed.api.v1.RelationshipFilter", json_name: "relationshipFilter"
|
37
|
+
end
|
38
|
+
add_message "authzed.api.v1.ReadRelationshipsResponse" do
|
39
|
+
optional :read_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "readAt"
|
40
|
+
optional :relationship, :message, 2, "authzed.api.v1.Relationship", json_name: "relationship"
|
41
|
+
end
|
42
|
+
add_message "authzed.api.v1.Precondition" do
|
43
|
+
optional :operation, :enum, 1, "authzed.api.v1.Precondition.Operation", json_name: "operation"
|
44
|
+
optional :filter, :message, 2, "authzed.api.v1.RelationshipFilter", json_name: "filter"
|
45
|
+
end
|
46
|
+
add_enum "authzed.api.v1.Precondition.Operation" do
|
47
|
+
value :OPERATION_UNSPECIFIED, 0
|
48
|
+
value :OPERATION_MUST_NOT_MATCH, 1
|
49
|
+
value :OPERATION_MUST_MATCH, 2
|
50
|
+
end
|
51
|
+
add_message "authzed.api.v1.WriteRelationshipsRequest" do
|
52
|
+
repeated :updates, :message, 1, "authzed.api.v1.RelationshipUpdate", json_name: "updates"
|
53
|
+
repeated :optional_preconditions, :message, 2, "authzed.api.v1.Precondition", json_name: "optionalPreconditions"
|
54
|
+
end
|
55
|
+
add_message "authzed.api.v1.WriteRelationshipsResponse" do
|
56
|
+
optional :written_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "writtenAt"
|
57
|
+
end
|
58
|
+
add_message "authzed.api.v1.DeleteRelationshipsRequest" do
|
59
|
+
optional :relationship_filter, :message, 1, "authzed.api.v1.RelationshipFilter", json_name: "relationshipFilter"
|
60
|
+
repeated :optional_preconditions, :message, 2, "authzed.api.v1.Precondition", json_name: "optionalPreconditions"
|
61
|
+
end
|
62
|
+
add_message "authzed.api.v1.DeleteRelationshipsResponse" do
|
63
|
+
optional :deleted_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "deletedAt"
|
64
|
+
end
|
65
|
+
add_message "authzed.api.v1.CheckPermissionRequest" do
|
66
|
+
optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
|
67
|
+
optional :resource, :message, 2, "authzed.api.v1.ObjectReference", json_name: "resource"
|
68
|
+
optional :permission, :string, 3, json_name: "permission"
|
69
|
+
optional :subject, :message, 4, "authzed.api.v1.SubjectReference", json_name: "subject"
|
70
|
+
end
|
71
|
+
add_message "authzed.api.v1.CheckPermissionResponse" do
|
72
|
+
optional :checked_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "checkedAt"
|
73
|
+
optional :permissionship, :enum, 2, "authzed.api.v1.CheckPermissionResponse.Permissionship", json_name: "permissionship"
|
74
|
+
end
|
75
|
+
add_enum "authzed.api.v1.CheckPermissionResponse.Permissionship" do
|
76
|
+
value :PERMISSIONSHIP_UNSPECIFIED, 0
|
77
|
+
value :PERMISSIONSHIP_NO_PERMISSION, 1
|
78
|
+
value :PERMISSIONSHIP_HAS_PERMISSION, 2
|
79
|
+
end
|
80
|
+
add_message "authzed.api.v1.ExpandPermissionTreeRequest" do
|
81
|
+
optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
|
82
|
+
optional :resource, :message, 2, "authzed.api.v1.ObjectReference", json_name: "resource"
|
83
|
+
optional :permission, :string, 3, json_name: "permission"
|
84
|
+
end
|
85
|
+
add_message "authzed.api.v1.ExpandPermissionTreeResponse" do
|
86
|
+
optional :expanded_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "expandedAt"
|
87
|
+
optional :tree_root, :message, 2, "authzed.api.v1.PermissionRelationshipTree", json_name: "treeRoot"
|
88
|
+
end
|
89
|
+
add_message "authzed.api.v1.LookupResourcesRequest" do
|
90
|
+
optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
|
91
|
+
optional :resource_object_type, :string, 2, json_name: "resourceObjectType"
|
92
|
+
optional :permission, :string, 3, json_name: "permission"
|
93
|
+
optional :subject, :message, 4, "authzed.api.v1.SubjectReference", json_name: "subject"
|
94
|
+
end
|
95
|
+
add_message "authzed.api.v1.LookupResourcesResponse" do
|
96
|
+
optional :looked_up_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "lookedUpAt"
|
97
|
+
optional :resource_object_id, :string, 2, json_name: "resourceObjectId"
|
98
|
+
end
|
99
|
+
end
|
100
|
+
end
|
101
|
+
|
102
|
+
module Authzed
|
103
|
+
module Api
|
104
|
+
module V1
|
105
|
+
Consistency = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.Consistency").msgclass
|
106
|
+
RelationshipFilter = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.RelationshipFilter").msgclass
|
107
|
+
SubjectFilter = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.SubjectFilter").msgclass
|
108
|
+
SubjectFilter::RelationFilter = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.SubjectFilter.RelationFilter").msgclass
|
109
|
+
ReadRelationshipsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadRelationshipsRequest").msgclass
|
110
|
+
ReadRelationshipsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadRelationshipsResponse").msgclass
|
111
|
+
Precondition = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.Precondition").msgclass
|
112
|
+
Precondition::Operation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.Precondition.Operation").enummodule
|
113
|
+
WriteRelationshipsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteRelationshipsRequest").msgclass
|
114
|
+
WriteRelationshipsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteRelationshipsResponse").msgclass
|
115
|
+
DeleteRelationshipsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.DeleteRelationshipsRequest").msgclass
|
116
|
+
DeleteRelationshipsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.DeleteRelationshipsResponse").msgclass
|
117
|
+
CheckPermissionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckPermissionRequest").msgclass
|
118
|
+
CheckPermissionResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckPermissionResponse").msgclass
|
119
|
+
CheckPermissionResponse::Permissionship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckPermissionResponse.Permissionship").enummodule
|
120
|
+
ExpandPermissionTreeRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExpandPermissionTreeRequest").msgclass
|
121
|
+
ExpandPermissionTreeResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExpandPermissionTreeResponse").msgclass
|
122
|
+
LookupResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupResourcesRequest").msgclass
|
123
|
+
LookupResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupResourcesResponse").msgclass
|
124
|
+
end
|
125
|
+
end
|
126
|
+
end
|
@@ -0,0 +1,48 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# Source: authzed/api/v1/permission_service.proto for package 'authzed.api.v1'
|
3
|
+
|
4
|
+
require 'grpc'
|
5
|
+
require 'authzed/api/v1/permission_service_pb'
|
6
|
+
|
7
|
+
module Authzed
|
8
|
+
module Api
|
9
|
+
module V1
|
10
|
+
module PermissionsService
|
11
|
+
# PermissionsService implements a set of RPCs that perform operations on
|
12
|
+
# relationships and permissions.
|
13
|
+
class Service
|
14
|
+
|
15
|
+
include ::GRPC::GenericService
|
16
|
+
|
17
|
+
self.marshal_class_method = :encode
|
18
|
+
self.unmarshal_class_method = :decode
|
19
|
+
self.service_name = 'authzed.api.v1.PermissionsService'
|
20
|
+
|
21
|
+
# ReadRelationships reads a set of the relationships matching one or more
|
22
|
+
# filters.
|
23
|
+
rpc :ReadRelationships, ::Authzed::Api::V1::ReadRelationshipsRequest, stream(::Authzed::Api::V1::ReadRelationshipsResponse)
|
24
|
+
# WriteRelationships atomically writes and/or deletes a set of specified
|
25
|
+
# relationships. An optional set of preconditions can be provided that must
|
26
|
+
# be satisfied for the operation to commit.
|
27
|
+
rpc :WriteRelationships, ::Authzed::Api::V1::WriteRelationshipsRequest, ::Authzed::Api::V1::WriteRelationshipsResponse
|
28
|
+
# DeleteRelationships atomically bulk deletes relationships matching one or
|
29
|
+
# more filters. An optional set of preconditions can be provided that must
|
30
|
+
# be satisfied for the operation to commit.
|
31
|
+
rpc :DeleteRelationships, ::Authzed::Api::V1::DeleteRelationshipsRequest, ::Authzed::Api::V1::DeleteRelationshipsResponse
|
32
|
+
# CheckPermission determines for a given resource whether a subject computes
|
33
|
+
# to having a permission or is a direct member of a particular relation.
|
34
|
+
rpc :CheckPermission, ::Authzed::Api::V1::CheckPermissionRequest, ::Authzed::Api::V1::CheckPermissionResponse
|
35
|
+
# ExpandPermissionTree reveals the graph structure for a resource's
|
36
|
+
# permission or relation. This RPC does not recurse infinitely deep and may
|
37
|
+
# require multiple calls to fully unnest a deeply nested graph.
|
38
|
+
rpc :ExpandPermissionTree, ::Authzed::Api::V1::ExpandPermissionTreeRequest, ::Authzed::Api::V1::ExpandPermissionTreeResponse
|
39
|
+
# LookupResources returns all the resources of a given type that a subject
|
40
|
+
# can access whether via a computed permission or relation membership.
|
41
|
+
rpc :LookupResources, ::Authzed::Api::V1::LookupResourcesRequest, stream(::Authzed::Api::V1::LookupResourcesResponse)
|
42
|
+
end
|
43
|
+
|
44
|
+
Stub = Service.rpc_stub_class
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1/schema.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
7
|
+
add_file("authzed/api/v1/schema.proto", :syntax => :proto3) do
|
8
|
+
add_message "authzed.api.v1.ReadSchemaRequest" do
|
9
|
+
end
|
10
|
+
add_message "authzed.api.v1.ReadSchemaResponse" do
|
11
|
+
optional :schema_text, :string, 1, json_name: "schemaText"
|
12
|
+
end
|
13
|
+
add_message "authzed.api.v1.WriteSchemaRequest" do
|
14
|
+
optional :schema, :string, 1, json_name: "schema"
|
15
|
+
end
|
16
|
+
add_message "authzed.api.v1.WriteSchemaResponse" do
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
module Authzed
|
22
|
+
module Api
|
23
|
+
module V1
|
24
|
+
ReadSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaRequest").msgclass
|
25
|
+
ReadSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaResponse").msgclass
|
26
|
+
WriteSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaRequest").msgclass
|
27
|
+
WriteSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaResponse").msgclass
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1/schema_service.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'google/api/annotations_pb'
|
7
|
+
require 'validate/validate_pb'
|
8
|
+
|
9
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
10
|
+
add_file("authzed/api/v1/schema_service.proto", :syntax => :proto3) do
|
11
|
+
add_message "authzed.api.v1.ReadSchemaRequest" do
|
12
|
+
end
|
13
|
+
add_message "authzed.api.v1.ReadSchemaResponse" do
|
14
|
+
optional :schema_text, :string, 1, json_name: "schemaText"
|
15
|
+
end
|
16
|
+
add_message "authzed.api.v1.WriteSchemaRequest" do
|
17
|
+
optional :schema, :string, 1, json_name: "schema"
|
18
|
+
end
|
19
|
+
add_message "authzed.api.v1.WriteSchemaResponse" do
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
module Authzed
|
25
|
+
module Api
|
26
|
+
module V1
|
27
|
+
ReadSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaRequest").msgclass
|
28
|
+
ReadSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaResponse").msgclass
|
29
|
+
WriteSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaRequest").msgclass
|
30
|
+
WriteSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaResponse").msgclass
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# Source: authzed/api/v1/schema_service.proto for package 'authzed.api.v1'
|
3
|
+
|
4
|
+
require 'grpc'
|
5
|
+
require 'authzed/api/v1/schema_service_pb'
|
6
|
+
|
7
|
+
module Authzed
|
8
|
+
module Api
|
9
|
+
module V1
|
10
|
+
module SchemaService
|
11
|
+
# SchemaService implements operations on a Permissions System's Schema.
|
12
|
+
class Service
|
13
|
+
|
14
|
+
include ::GRPC::GenericService
|
15
|
+
|
16
|
+
self.marshal_class_method = :encode
|
17
|
+
self.unmarshal_class_method = :decode
|
18
|
+
self.service_name = 'authzed.api.v1.SchemaService'
|
19
|
+
|
20
|
+
# Read returns the current Object Definitions for a Permissions System.
|
21
|
+
#
|
22
|
+
# Errors include:
|
23
|
+
# - INVALID_ARGUMENT: a provided value has failed to semantically validate
|
24
|
+
# - NOT_FOUND: no schema has been defined
|
25
|
+
rpc :ReadSchema, ::Authzed::Api::V1::ReadSchemaRequest, ::Authzed::Api::V1::ReadSchemaResponse
|
26
|
+
# Write overwrites the current Object Definitions for a Permissions System.
|
27
|
+
rpc :WriteSchema, ::Authzed::Api::V1::WriteSchemaRequest, ::Authzed::Api::V1::WriteSchemaResponse
|
28
|
+
end
|
29
|
+
|
30
|
+
Stub = Service.rpc_stub_class
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# Source: authzed/api/v1/schema.proto for package 'authzed.api.v1'
|
3
|
+
|
4
|
+
require 'grpc'
|
5
|
+
require 'authzed/api/v1/schema_pb'
|
6
|
+
|
7
|
+
module Authzed
|
8
|
+
module Api
|
9
|
+
module V1
|
10
|
+
module SchemaService
|
11
|
+
# SchemaService implements operations on a Permissions System's Schema.
|
12
|
+
class Service
|
13
|
+
|
14
|
+
include ::GRPC::GenericService
|
15
|
+
|
16
|
+
self.marshal_class_method = :encode
|
17
|
+
self.unmarshal_class_method = :decode
|
18
|
+
self.service_name = 'authzed.api.v1.SchemaService'
|
19
|
+
|
20
|
+
# Read returns the current Object Definitions for a Permissions System.
|
21
|
+
#
|
22
|
+
# Errors include:
|
23
|
+
# - INVALID_ARGUMENT: a provided value has failed to semantically validate
|
24
|
+
# - NOT_FOUND: no schema has been defined
|
25
|
+
rpc :ReadSchema, ::Authzed::Api::V1::ReadSchemaRequest, ::Authzed::Api::V1::ReadSchemaResponse
|
26
|
+
# Write overwrites the current Object Definitions for a Permissions System.
|
27
|
+
rpc :WriteSchema, ::Authzed::Api::V1::WriteSchemaRequest, ::Authzed::Api::V1::WriteSchemaResponse
|
28
|
+
end
|
29
|
+
|
30
|
+
Stub = Service.rpc_stub_class
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1/watch_service.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'google/api/annotations_pb'
|
7
|
+
require 'validate/validate_pb'
|
8
|
+
require 'authzed/api/v1/core_pb'
|
9
|
+
|
10
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
11
|
+
add_file("authzed/api/v1/watch_service.proto", :syntax => :proto3) do
|
12
|
+
add_message "authzed.api.v1.WatchRequest" do
|
13
|
+
repeated :optional_object_types, :string, 1, json_name: "optionalObjectTypes"
|
14
|
+
optional :optional_start_cursor, :message, 2, "authzed.api.v1.ZedToken", json_name: "optionalStartCursor"
|
15
|
+
end
|
16
|
+
add_message "authzed.api.v1.WatchResponse" do
|
17
|
+
repeated :updates, :message, 1, "authzed.api.v1.RelationshipUpdate", json_name: "updates"
|
18
|
+
optional :changes_through, :message, 2, "authzed.api.v1.ZedToken", json_name: "changesThrough"
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
module Authzed
|
24
|
+
module Api
|
25
|
+
module V1
|
26
|
+
WatchRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WatchRequest").msgclass
|
27
|
+
WatchResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WatchResponse").msgclass
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# Source: authzed/api/v1/watch_service.proto for package 'authzed.api.v1'
|
3
|
+
|
4
|
+
require 'grpc'
|
5
|
+
require 'authzed/api/v1/watch_service_pb'
|
6
|
+
|
7
|
+
module Authzed
|
8
|
+
module Api
|
9
|
+
module V1
|
10
|
+
module WatchService
|
11
|
+
class Service
|
12
|
+
|
13
|
+
include ::GRPC::GenericService
|
14
|
+
|
15
|
+
self.marshal_class_method = :encode
|
16
|
+
self.unmarshal_class_method = :decode
|
17
|
+
self.service_name = 'authzed.api.v1.WatchService'
|
18
|
+
|
19
|
+
rpc :Watch, ::Authzed::Api::V1::WatchRequest, stream(::Authzed::Api::V1::WatchResponse)
|
20
|
+
end
|
21
|
+
|
22
|
+
Stub = Service.rpc_stub_class
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -3,6 +3,8 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
+
require 'validate/validate_pb'
|
7
|
+
|
6
8
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
7
9
|
add_file("authzed/api/v1alpha1/schema.proto", :syntax => :proto3) do
|
8
10
|
add_message "authzed.api.v1alpha1.ReadSchemaRequest" do
|
@@ -10,12 +12,15 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
10
12
|
end
|
11
13
|
add_message "authzed.api.v1alpha1.ReadSchemaResponse" do
|
12
14
|
repeated :object_definitions, :string, 1, json_name: "objectDefinitions"
|
15
|
+
optional :computed_definitions_revision, :string, 2, json_name: "computedDefinitionsRevision"
|
13
16
|
end
|
14
17
|
add_message "authzed.api.v1alpha1.WriteSchemaRequest" do
|
15
18
|
optional :schema, :string, 1, json_name: "schema"
|
19
|
+
optional :optional_definitions_revision_precondition, :string, 2, json_name: "optionalDefinitionsRevisionPrecondition"
|
16
20
|
end
|
17
21
|
add_message "authzed.api.v1alpha1.WriteSchemaResponse" do
|
18
22
|
repeated :object_definitions_names, :string, 1, json_name: "objectDefinitionsNames"
|
23
|
+
optional :computed_definitions_revision, :string, 2, json_name: "computedDefinitionsRevision"
|
19
24
|
end
|
20
25
|
end
|
21
26
|
end
|
@@ -0,0 +1,46 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1alpha1/watchresources_service.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'google/api/annotations_pb'
|
7
|
+
require 'validate/validate_pb'
|
8
|
+
require 'authzed/api/v1/core_pb'
|
9
|
+
|
10
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
11
|
+
add_file("authzed/api/v1alpha1/watchresources_service.proto", :syntax => :proto3) do
|
12
|
+
add_message "authzed.api.v1alpha1.WatchResourcesRequest" do
|
13
|
+
optional :resource_object_type, :string, 1, json_name: "resourceObjectType"
|
14
|
+
optional :permission, :string, 2, json_name: "permission"
|
15
|
+
optional :subject_object_type, :string, 3, json_name: "subjectObjectType"
|
16
|
+
optional :optional_subject_relation, :string, 4, json_name: "optionalSubjectRelation"
|
17
|
+
optional :optional_start_cursor, :message, 5, "authzed.api.v1.ZedToken", json_name: "optionalStartCursor"
|
18
|
+
end
|
19
|
+
add_message "authzed.api.v1alpha1.PermissionUpdate" do
|
20
|
+
optional :subject, :message, 1, "authzed.api.v1.SubjectReference", json_name: "subject"
|
21
|
+
optional :resource, :message, 2, "authzed.api.v1.ObjectReference", json_name: "resource"
|
22
|
+
optional :relation, :string, 3, json_name: "relation"
|
23
|
+
optional :updated_permission, :enum, 4, "authzed.api.v1alpha1.PermissionUpdate.Permissionship", json_name: "updatedPermission"
|
24
|
+
end
|
25
|
+
add_enum "authzed.api.v1alpha1.PermissionUpdate.Permissionship" do
|
26
|
+
value :PERMISSIONSHIP_UNSPECIFIED, 0
|
27
|
+
value :PERMISSIONSHIP_NO_PERMISSION, 1
|
28
|
+
value :PERMISSIONSHIP_HAS_PERMISSION, 2
|
29
|
+
end
|
30
|
+
add_message "authzed.api.v1alpha1.WatchResourcesResponse" do
|
31
|
+
repeated :updates, :message, 1, "authzed.api.v1alpha1.PermissionUpdate", json_name: "updates"
|
32
|
+
optional :changes_through, :message, 2, "authzed.api.v1.ZedToken", json_name: "changesThrough"
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
module Authzed
|
38
|
+
module Api
|
39
|
+
module V1alpha1
|
40
|
+
WatchResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.WatchResourcesRequest").msgclass
|
41
|
+
PermissionUpdate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.PermissionUpdate").msgclass
|
42
|
+
PermissionUpdate::Permissionship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.PermissionUpdate.Permissionship").enummodule
|
43
|
+
WatchResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.WatchResourcesResponse").msgclass
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# Source: authzed/api/v1alpha1/watchresources_service.proto for package 'authzed.api.v1alpha1'
|
3
|
+
|
4
|
+
require 'grpc'
|
5
|
+
require 'authzed/api/v1alpha1/watchresources_service_pb'
|
6
|
+
|
7
|
+
module Authzed
|
8
|
+
module Api
|
9
|
+
module V1alpha1
|
10
|
+
module WatchResourcesService
|
11
|
+
# WatchResourcesService is used to receive a stream of updates for resources of a
|
12
|
+
# specific (resource type, permission, subject) combination.
|
13
|
+
class Service
|
14
|
+
|
15
|
+
include ::GRPC::GenericService
|
16
|
+
|
17
|
+
self.marshal_class_method = :encode
|
18
|
+
self.unmarshal_class_method = :decode
|
19
|
+
self.service_name = 'authzed.api.v1alpha1.WatchResourcesService'
|
20
|
+
|
21
|
+
# WatchResources initiates a watch for permission changes for the provided
|
22
|
+
# (resource type, permission, subject) pair.
|
23
|
+
rpc :WatchResources, ::Authzed::Api::V1alpha1::WatchResourcesRequest, stream(::Authzed::Api::V1alpha1::WatchResourcesResponse)
|
24
|
+
end
|
25
|
+
|
26
|
+
Stub = Service.rpc_stub_class
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
data/lib/authzed.rb
CHANGED
@@ -1,18 +1,11 @@
|
|
1
|
-
require 'authzed/api/v0/acl_service_pb'
|
2
|
-
require 'authzed/api/v0/acl_service_services_pb'
|
3
|
-
require 'authzed/api/v0/core_pb'
|
4
|
-
require 'authzed/api/v0/developer_pb'
|
5
|
-
require 'authzed/api/v0/developer_services_pb'
|
6
|
-
require 'authzed/api/v0/namespace_pb'
|
7
|
-
require 'authzed/api/v0/namespace_service_pb'
|
8
|
-
require 'authzed/api/v0/namespace_service_services_pb'
|
9
|
-
require 'authzed/api/v0/watch_service_pb'
|
10
|
-
require 'authzed/api/v0/watch_service_services_pb'
|
11
|
-
require 'authzed/api/v0/client'
|
12
1
|
require 'authzed/api/v1alpha1/schema_pb'
|
13
2
|
require 'authzed/api/v1alpha1/schema_services_pb'
|
14
3
|
require 'authzed/api/v1alpha1/client'
|
4
|
+
require 'authzed/api/v1/schema_services_pb'
|
5
|
+
require 'authzed/api/v1/watch_service_services_pb'
|
6
|
+
require 'authzed/api/v1/permission_service_services_pb'
|
7
|
+
require 'authzed/api/v1/client'
|
15
8
|
require 'grpcutil/bearer_token'
|
16
9
|
|
17
10
|
module Authzed
|
18
|
-
end
|
11
|
+
end
|
metadata
CHANGED
@@ -1,15 +1,57 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authzed
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1
|
4
|
+
version: 0.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Authzed
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
12
|
-
dependencies:
|
11
|
+
date: 2022-07-18 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: grpc
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.41'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.41'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: grpc-tools
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '1.41'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '1.41'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rspec
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '3.0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '3.0'
|
13
55
|
description: Authzed is the best way to build robust and scalable permissions systems.
|
14
56
|
See https://authzed.com for more details.
|
15
57
|
email: support@authzed.com
|
@@ -31,10 +73,24 @@ files:
|
|
31
73
|
- lib/authzed/api/v0/namespace_service_services_pb.rb
|
32
74
|
- lib/authzed/api/v0/watch_service_pb.rb
|
33
75
|
- lib/authzed/api/v0/watch_service_services_pb.rb
|
76
|
+
- lib/authzed/api/v1/client.rb
|
77
|
+
- lib/authzed/api/v1/core_pb.rb
|
78
|
+
- lib/authzed/api/v1/openapi_pb.rb
|
79
|
+
- lib/authzed/api/v1/permission_service_pb.rb
|
80
|
+
- lib/authzed/api/v1/permission_service_services_pb.rb
|
81
|
+
- lib/authzed/api/v1/schema_pb.rb
|
82
|
+
- lib/authzed/api/v1/schema_service_pb.rb
|
83
|
+
- lib/authzed/api/v1/schema_service_services_pb.rb
|
84
|
+
- lib/authzed/api/v1/schema_services_pb.rb
|
85
|
+
- lib/authzed/api/v1/watch_service_pb.rb
|
86
|
+
- lib/authzed/api/v1/watch_service_services_pb.rb
|
34
87
|
- lib/authzed/api/v1alpha1/client.rb
|
35
88
|
- lib/authzed/api/v1alpha1/schema_pb.rb
|
36
89
|
- lib/authzed/api/v1alpha1/schema_services_pb.rb
|
90
|
+
- lib/authzed/api/v1alpha1/watchresources_service_pb.rb
|
91
|
+
- lib/authzed/api/v1alpha1/watchresources_service_services_pb.rb
|
37
92
|
- lib/grpcutil/bearer_token.rb
|
93
|
+
- lib/validate/validate_pb.rb
|
38
94
|
homepage: https://authzed.com
|
39
95
|
licenses:
|
40
96
|
- Apache-2.0
|
@@ -43,7 +99,7 @@ metadata:
|
|
43
99
|
github_repo: ssh://github.com/authzed/authzed-rb
|
44
100
|
homepage_uri: https://authzed.com
|
45
101
|
source_code_uri: https://github.com/authzed/authzed-rb
|
46
|
-
post_install_message:
|
102
|
+
post_install_message:
|
47
103
|
rdoc_options: []
|
48
104
|
require_paths:
|
49
105
|
- lib
|
@@ -58,8 +114,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
58
114
|
- !ruby/object:Gem::Version
|
59
115
|
version: '0'
|
60
116
|
requirements: []
|
61
|
-
rubygems_version: 3.
|
62
|
-
signing_key:
|
117
|
+
rubygems_version: 3.2.3
|
118
|
+
signing_key:
|
63
119
|
specification_version: 4
|
64
120
|
summary: Ruby bindings for Authzed API
|
65
121
|
test_files: []
|