authzed 0.2.1 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 745773cee685ac83d572bb8a772f0f25825147e9e55092aa66ee36a29a578341
4
- data.tar.gz: a6a59d5a14bca9c4340717a261fa2bd59edf6f503bb4d1abba07cae496a0e0c2
3
+ metadata.gz: 0211dcb4e1b7cfc4f5aecca853548da0d6eef6d0198dd97e0f2ff44dae373429
4
+ data.tar.gz: 94e3b2c8cbd070654e88f0ce3ed02ecda045fe1156a14ceec210df5743b18a2e
5
5
  SHA512:
6
- metadata.gz: e93362eddda43c3d16194640a7090dbbc324e44bc79f8632ab450a950b412eb0921ad17981e502864d1fec106622d7ad9d9f39c2e6ef78395ec0d6e42f81a1a5
7
- data.tar.gz: 69e91b80c6c2d9c8e7934923629f063a63b41ebaed4416d89186fd3128c07d5b4d7f7249d540722cfdf1bd66d30e7a4d04cff6bddb3b615ad7f9bec8990ec325
6
+ metadata.gz: 2192c05e51d8abb91baddf0b29e27477cc1de6f0922a4fb6d1fed9b39fb14870e4ad7a32dd87964cea8724890d947bf6726b8bf358808478f50e32f9b380cd70
7
+ data.tar.gz: 3893665e9b69175317a990c6305166c3f25cb354bc04890ebf9b467dd0914d1c0a00943ac916cd183beddfae953b2653910d35060b121bfe32b69e19515205f9
data/README.md CHANGED
@@ -1,32 +1,41 @@
1
1
  # Authzed Ruby Client
2
2
 
3
3
  [![Ruby Gems](https://img.shields.io/gem/v/authzed?include_prereleases)](https://rubygems.org/gems/authzed)
4
+ [![Docs](https://img.shields.io/badge/docs-authzed.com-%234B4B6C "Authzed Documentation")](https://docs.authzed.com)
4
5
  [![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0.html)
5
6
  [![Build Status](https://github.com/authzed/authzed-rb/workflows/build/badge.svg)](https://github.com/authzed/authzed-rb/actions)
6
- [![Mailing List](https://img.shields.io/badge/email-google%20groups-4285F4)](https://groups.google.com/g/authzed-oss)
7
7
  [![Discord Server](https://img.shields.io/discord/844600078504951838?color=7289da&logo=discord "Discord Server")](https://discord.gg/jTysUaxXzM)
8
8
  [![Twitter](https://img.shields.io/twitter/follow/authzed?color=%23179CF0&logo=twitter&style=flat-square)](https://twitter.com/authzed)
9
9
 
10
- This repository houses the Ruby client library for Authzed.
10
+ This repository houses the official Ruby client library for Authzed and SpiceDB.
11
11
 
12
- [Authzed] is a database and service that stores, computes, and validates your application's permissions.
12
+ [SpiceDB] is a database system for managing security-critical permissions checking.
13
13
 
14
- Developers create a schema that models their permissions requirements and use a client library, such as this one, to apply the schema to the database, insert data into the database, and query the data to efficiently check permissions in their applications.
14
+ SpiceDB acts as a centralized service that stores authorization data.
15
+ Once stored, data can be performantly queried to answer questions such as "Does this user have access to this resource?" and "What are all the resources this user has access to?".
16
+
17
+ [Authzed] operates the globally available, serverless database platform for SpiceDB.
15
18
 
16
19
  Supported client API versions:
17
- - [v1](https://docs.authzed.com/reference/api#authzedapiv1)
18
- - [v1alpha1](https://docs.authzed.com/reference/api#authzedapiv1alpha1)
19
- - [v0](https://docs.authzed.com/reference/api#authzedapiv0)
20
+ - [v1](https://buf.build/authzed/api/docs/main/authzed.api.v1)
21
+ - [v1alpha1](https://buf.build/authzed/api/docs/main/authzed.api.v1alpha1)
20
22
 
21
- You can find more info on each API on the [Authzed API reference documentation].
22
- Additionally, Protobuf API documentation can be found on the [Buf Registry Authzed API repository].
23
+ You can find more info about the API in the [Authzed Documentation API Reference] or the [Authzed API Buf Registry repository].
23
24
 
24
25
  See [CONTRIBUTING.md] for instructions on how to contribute and perform common tasks like building the project and running tests.
25
26
 
27
+ [SpiceDB]: https://github.com/authzed/spicedb
26
28
  [Authzed]: https://authzed.com
27
- [Authzed API Reference documentation]: https://docs.authzed.com/reference/api
28
- [Buf Registry Authzed API repository]: https://buf.build/authzed/api/docs/main
29
+ [Authzed Documentation API Reference]: https://docs.authzed.com/reference/api
30
+ [Authzed API Buf Registry repository]: https://buf.build/authzed/api
29
31
  [CONTRIBUTING.md]: CONTRIBUTING.md
32
+ [Discord]: https://authzed.com/discord
33
+ [Urgent]: https://github.com/authzed/authzed-rb/labels/priority%2F0%20urgent
34
+ [High]: https://github.com/authzed/authzed-rb/labels/priority%2F1%20high
35
+ [Medium]: https://github.com/authzed/authzed-rb/labels/priority%2F2%20medium
36
+ [Low]: https://github.com/authzed/authzed-rb/labels/priority%2F3%20low
37
+ [Maybe]: https://github.com/authzed/authzed-rb/labels/priority%2F4%20maybe
38
+ [good first issues]: https://github.com/authzed-rb/spicedb/labels/hint%2Fgood%20first%20issue
30
39
 
31
40
  ## Getting Started
32
41
 
@@ -3,7 +3,9 @@
3
3
 
4
4
  require 'google/protobuf'
5
5
 
6
+ require 'validate/validate_pb'
6
7
  require 'authzed/api/v0/core_pb'
8
+
7
9
  Google::Protobuf::DescriptorPool.generated_pool.build do
8
10
  add_file("authzed/api/v0/acl_service.proto", :syntax => :proto3) do
9
11
  add_message "authzed.api.v0.RelationTupleFilter" do
@@ -3,6 +3,8 @@
3
3
 
4
4
  require 'google/protobuf'
5
5
 
6
+ require 'validate/validate_pb'
7
+
6
8
  Google::Protobuf::DescriptorPool.generated_pool.build do
7
9
  add_file("authzed/api/v0/core.proto", :syntax => :proto3) do
8
10
  add_message "authzed.api.v0.RelationTuple" do
@@ -23,39 +25,6 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
23
25
  optional :userset, :message, 2, "authzed.api.v0.ObjectAndRelation", json_name: "userset"
24
26
  end
25
27
  end
26
- add_message "authzed.api.v0.Zookie" do
27
- optional :token, :string, 1, json_name: "token"
28
- end
29
- add_message "authzed.api.v0.RelationTupleUpdate" do
30
- optional :operation, :enum, 1, "authzed.api.v0.RelationTupleUpdate.Operation", json_name: "operation"
31
- optional :tuple, :message, 2, "authzed.api.v0.RelationTuple", json_name: "tuple"
32
- end
33
- add_enum "authzed.api.v0.RelationTupleUpdate.Operation" do
34
- value :UNKNOWN, 0
35
- value :CREATE, 1
36
- value :TOUCH, 2
37
- value :DELETE, 3
38
- end
39
- add_message "authzed.api.v0.RelationTupleTreeNode" do
40
- optional :expanded, :message, 3, "authzed.api.v0.ObjectAndRelation", json_name: "expanded"
41
- oneof :node_type do
42
- optional :intermediate_node, :message, 1, "authzed.api.v0.SetOperationUserset", json_name: "intermediateNode"
43
- optional :leaf_node, :message, 2, "authzed.api.v0.DirectUserset", json_name: "leafNode"
44
- end
45
- end
46
- add_message "authzed.api.v0.SetOperationUserset" do
47
- optional :operation, :enum, 1, "authzed.api.v0.SetOperationUserset.Operation", json_name: "operation"
48
- repeated :child_nodes, :message, 2, "authzed.api.v0.RelationTupleTreeNode", json_name: "childNodes"
49
- end
50
- add_enum "authzed.api.v0.SetOperationUserset.Operation" do
51
- value :INVALID, 0
52
- value :UNION, 1
53
- value :INTERSECTION, 2
54
- value :EXCLUSION, 3
55
- end
56
- add_message "authzed.api.v0.DirectUserset" do
57
- repeated :users, :message, 1, "authzed.api.v0.User", json_name: "users"
58
- end
59
28
  end
60
29
  end
61
30
 
@@ -66,13 +35,6 @@ module Authzed
66
35
  ObjectAndRelation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.ObjectAndRelation").msgclass
67
36
  RelationReference = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.RelationReference").msgclass
68
37
  User = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.User").msgclass
69
- Zookie = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.Zookie").msgclass
70
- RelationTupleUpdate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.RelationTupleUpdate").msgclass
71
- RelationTupleUpdate::Operation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.RelationTupleUpdate.Operation").enummodule
72
- RelationTupleTreeNode = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.RelationTupleTreeNode").msgclass
73
- SetOperationUserset = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperationUserset").msgclass
74
- SetOperationUserset::Operation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperationUserset.Operation").enummodule
75
- DirectUserset = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.DirectUserset").msgclass
76
38
  end
77
39
  end
78
40
  end
@@ -4,7 +4,7 @@
4
4
  require 'google/protobuf'
5
5
 
6
6
  require 'authzed/api/v0/core_pb'
7
- require 'authzed/api/v0/namespace_pb'
7
+
8
8
  Google::Protobuf::DescriptorPool.generated_pool.build do
9
9
  add_file("authzed/api/v0/developer.proto", :syntax => :proto3) do
10
10
  add_message "authzed.api.v0.FormatSchemaRequest" do
@@ -49,7 +49,6 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
49
49
  add_message "authzed.api.v0.RequestContext" do
50
50
  optional :schema, :string, 1, json_name: "schema"
51
51
  repeated :relationships, :message, 2, "authzed.api.v0.RelationTuple", json_name: "relationships"
52
- repeated :legacy_ns_configs, :message, 3, "authzed.api.v0.NamespaceDefinition", json_name: "legacyNsConfigs"
53
52
  end
54
53
  add_message "authzed.api.v0.EditCheckRequest" do
55
54
  optional :context, :message, 1, "authzed.api.v0.RequestContext", json_name: "context"
@@ -4,7 +4,9 @@
4
4
  require 'google/protobuf'
5
5
 
6
6
  require 'google/protobuf/any_pb'
7
+ require 'validate/validate_pb'
7
8
  require 'authzed/api/v0/core_pb'
9
+
8
10
  Google::Protobuf::DescriptorPool.generated_pool.build do
9
11
  add_file("authzed/api/v0/namespace.proto", :syntax => :proto3) do
10
12
  add_message "authzed.api.v0.Metadata" do
@@ -22,7 +24,16 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
22
24
  optional :metadata, :message, 4, "authzed.api.v0.Metadata", json_name: "metadata"
23
25
  end
24
26
  add_message "authzed.api.v0.TypeInformation" do
25
- repeated :allowed_direct_relations, :message, 1, "authzed.api.v0.RelationReference", json_name: "allowedDirectRelations"
27
+ repeated :allowed_direct_relations, :message, 1, "authzed.api.v0.AllowedRelation", json_name: "allowedDirectRelations"
28
+ end
29
+ add_message "authzed.api.v0.AllowedRelation" do
30
+ optional :namespace, :string, 1, json_name: "namespace"
31
+ oneof :relation_or_wildcard do
32
+ optional :relation, :string, 3, json_name: "relation"
33
+ optional :public_wildcard, :message, 4, "authzed.api.v0.AllowedRelation.PublicWildcard", json_name: "publicWildcard"
34
+ end
35
+ end
36
+ add_message "authzed.api.v0.AllowedRelation.PublicWildcard" do
26
37
  end
27
38
  add_message "authzed.api.v0.UsersetRewrite" do
28
39
  oneof :rewrite_operation do
@@ -69,6 +80,8 @@ module Authzed
69
80
  NamespaceDefinition = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.NamespaceDefinition").msgclass
70
81
  Relation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.Relation").msgclass
71
82
  TypeInformation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.TypeInformation").msgclass
83
+ AllowedRelation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.AllowedRelation").msgclass
84
+ AllowedRelation::PublicWildcard = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.AllowedRelation.PublicWildcard").msgclass
72
85
  UsersetRewrite = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.UsersetRewrite").msgclass
73
86
  SetOperation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperation").msgclass
74
87
  SetOperation::Child = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperation.Child").msgclass
@@ -3,8 +3,10 @@
3
3
 
4
4
  require 'google/protobuf'
5
5
 
6
+ require 'validate/validate_pb'
6
7
  require 'authzed/api/v0/core_pb'
7
8
  require 'authzed/api/v0/namespace_pb'
9
+
8
10
  Google::Protobuf::DescriptorPool.generated_pool.build do
9
11
  add_file("authzed/api/v0/namespace_service.proto", :syntax => :proto3) do
10
12
  add_message "authzed.api.v0.ReadConfigRequest" do
@@ -3,7 +3,9 @@
3
3
 
4
4
  require 'google/protobuf'
5
5
 
6
+ require 'validate/validate_pb'
6
7
  require 'authzed/api/v0/core_pb'
8
+
7
9
  Google::Protobuf::DescriptorPool.generated_pool.build do
8
10
  add_file("authzed/api/v0/watch_service.proto", :syntax => :proto3) do
9
11
  add_message "authzed.api.v0.WatchRequest" do
@@ -3,6 +3,8 @@
3
3
 
4
4
  require 'google/protobuf'
5
5
 
6
+ require 'validate/validate_pb'
7
+
6
8
  Google::Protobuf::DescriptorPool.generated_pool.build do
7
9
  add_file("authzed/api/v1/core.proto", :syntax => :proto3) do
8
10
  add_message "authzed.api.v1.Relationship" do
@@ -0,0 +1,52 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # source: authzed/api/v1/debug.proto
3
+
4
+ require 'google/protobuf'
5
+
6
+ require 'authzed/api/v1/core_pb'
7
+ require 'validate/validate_pb'
8
+
9
+ Google::Protobuf::DescriptorPool.generated_pool.build do
10
+ add_file("authzed/api/v1/debug.proto", :syntax => :proto3) do
11
+ add_message "authzed.api.v1.DebugInformation" do
12
+ optional :check, :message, 1, "authzed.api.v1.CheckDebugTrace", json_name: "check"
13
+ optional :schema_used, :string, 2, json_name: "schemaUsed"
14
+ end
15
+ add_message "authzed.api.v1.CheckDebugTrace" do
16
+ optional :resource, :message, 1, "authzed.api.v1.ObjectReference", json_name: "resource"
17
+ optional :permission, :string, 2, json_name: "permission"
18
+ optional :permission_type, :enum, 3, "authzed.api.v1.CheckDebugTrace.PermissionType", json_name: "permissionType"
19
+ optional :subject, :message, 4, "authzed.api.v1.SubjectReference", json_name: "subject"
20
+ optional :result, :enum, 5, "authzed.api.v1.CheckDebugTrace.Permissionship", json_name: "result"
21
+ oneof :resolution do
22
+ optional :was_cached_result, :bool, 6, json_name: "wasCachedResult"
23
+ optional :sub_problems, :message, 7, "authzed.api.v1.CheckDebugTrace.SubProblems", json_name: "subProblems"
24
+ end
25
+ end
26
+ add_message "authzed.api.v1.CheckDebugTrace.SubProblems" do
27
+ repeated :traces, :message, 1, "authzed.api.v1.CheckDebugTrace", json_name: "traces"
28
+ end
29
+ add_enum "authzed.api.v1.CheckDebugTrace.PermissionType" do
30
+ value :PERMISSION_TYPE_UNSPECIFIED, 0
31
+ value :PERMISSION_TYPE_RELATION, 1
32
+ value :PERMISSION_TYPE_PERMISSION, 2
33
+ end
34
+ add_enum "authzed.api.v1.CheckDebugTrace.Permissionship" do
35
+ value :PERMISSIONSHIP_UNSPECIFIED, 0
36
+ value :PERMISSIONSHIP_NO_PERMISSION, 1
37
+ value :PERMISSIONSHIP_HAS_PERMISSION, 2
38
+ end
39
+ end
40
+ end
41
+
42
+ module Authzed
43
+ module Api
44
+ module V1
45
+ DebugInformation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.DebugInformation").msgclass
46
+ CheckDebugTrace = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckDebugTrace").msgclass
47
+ CheckDebugTrace::SubProblems = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckDebugTrace.SubProblems").msgclass
48
+ CheckDebugTrace::PermissionType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckDebugTrace.PermissionType").enummodule
49
+ CheckDebugTrace::Permissionship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckDebugTrace.Permissionship").enummodule
50
+ end
51
+ end
52
+ end
@@ -0,0 +1,18 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # source: authzed/api/v1/openapi.proto
3
+
4
+ require 'google/protobuf'
5
+
6
+ require 'protoc-gen-openapiv2/options/annotations_pb'
7
+
8
+ Google::Protobuf::DescriptorPool.generated_pool.build do
9
+ add_file("authzed/api/v1/openapi.proto", :syntax => :proto3) do
10
+ end
11
+ end
12
+
13
+ module Authzed
14
+ module Api
15
+ module V1
16
+ end
17
+ end
18
+ end
@@ -3,7 +3,10 @@
3
3
 
4
4
  require 'google/protobuf'
5
5
 
6
+ require 'google/api/annotations_pb'
7
+ require 'validate/validate_pb'
6
8
  require 'authzed/api/v1/core_pb'
9
+
7
10
  Google::Protobuf::DescriptorPool.generated_pool.build do
8
11
  add_file("authzed/api/v1/permission_service.proto", :syntax => :proto3) do
9
12
  add_message "authzed.api.v1.Consistency" do
@@ -93,6 +96,18 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
93
96
  optional :looked_up_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "lookedUpAt"
94
97
  optional :resource_object_id, :string, 2, json_name: "resourceObjectId"
95
98
  end
99
+ add_message "authzed.api.v1.LookupSubjectsRequest" do
100
+ optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
101
+ optional :resource, :message, 2, "authzed.api.v1.ObjectReference", json_name: "resource"
102
+ optional :permission, :string, 3, json_name: "permission"
103
+ optional :subject_object_type, :string, 4, json_name: "subjectObjectType"
104
+ optional :optional_subject_relation, :string, 5, json_name: "optionalSubjectRelation"
105
+ end
106
+ add_message "authzed.api.v1.LookupSubjectsResponse" do
107
+ optional :looked_up_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "lookedUpAt"
108
+ optional :subject_object_id, :string, 2, json_name: "subjectObjectId"
109
+ repeated :excluded_subject_ids, :string, 3, json_name: "excludedSubjectIds"
110
+ end
96
111
  end
97
112
  end
98
113
 
@@ -118,6 +133,8 @@ module Authzed
118
133
  ExpandPermissionTreeResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExpandPermissionTreeResponse").msgclass
119
134
  LookupResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupResourcesRequest").msgclass
120
135
  LookupResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupResourcesResponse").msgclass
136
+ LookupSubjectsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupSubjectsRequest").msgclass
137
+ LookupSubjectsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupSubjectsResponse").msgclass
121
138
  end
122
139
  end
123
140
  end
@@ -8,8 +8,8 @@ module Authzed
8
8
  module Api
9
9
  module V1
10
10
  module PermissionsService
11
- # PermissionsService is used to perform permissions and relationship
12
- # operations.
11
+ # PermissionsService implements a set of RPCs that perform operations on
12
+ # relationships and permissions.
13
13
  class Service
14
14
 
15
15
  include ::GRPC::GenericService
@@ -21,23 +21,28 @@ module Authzed
21
21
  # ReadRelationships reads a set of the relationships matching one or more
22
22
  # filters.
23
23
  rpc :ReadRelationships, ::Authzed::Api::V1::ReadRelationshipsRequest, stream(::Authzed::Api::V1::ReadRelationshipsResponse)
24
- # WriteRelationships writes and/or deletes a set of specified relationships,
25
- # with an optional set of precondition relationships that must exist before
26
- # the operation can commit.
24
+ # WriteRelationships atomically writes and/or deletes a set of specified
25
+ # relationships. An optional set of preconditions can be provided that must
26
+ # be satisfied for the operation to commit.
27
27
  rpc :WriteRelationships, ::Authzed::Api::V1::WriteRelationshipsRequest, ::Authzed::Api::V1::WriteRelationshipsResponse
28
- # DeleteRelationships deletes relationships matching one or more filters, in
29
- # bulk.
28
+ # DeleteRelationships atomically bulk deletes all relationships matching the
29
+ # provided filter. If no relationships match, none will be deleted and the
30
+ # operation will succeed. An optional set of preconditions can be provided that must
31
+ # be satisfied for the operation to commit.
30
32
  rpc :DeleteRelationships, ::Authzed::Api::V1::DeleteRelationshipsRequest, ::Authzed::Api::V1::DeleteRelationshipsResponse
31
- # CheckPermission checks whether a subject has a particular permission or is
32
- # a member of a particular relation, on a given resource.
33
+ # CheckPermission determines for a given resource whether a subject computes
34
+ # to having a permission or is a direct member of a particular relation.
33
35
  rpc :CheckPermission, ::Authzed::Api::V1::CheckPermissionRequest, ::Authzed::Api::V1::CheckPermissionResponse
34
- # ExpandPermissionTree expands the relationships reachable from a particular
35
- # permission or relation of a given resource.
36
+ # ExpandPermissionTree reveals the graph structure for a resource's
37
+ # permission or relation. This RPC does not recurse infinitely deep and may
38
+ # require multiple calls to fully unnest a deeply nested graph.
36
39
  rpc :ExpandPermissionTree, ::Authzed::Api::V1::ExpandPermissionTreeRequest, ::Authzed::Api::V1::ExpandPermissionTreeResponse
37
- # LookupResources returns the IDs of all resources on which the specified
38
- # subject has permission or on which the specified subject is a member of the
39
- # relation.
40
+ # LookupResources returns all the resources of a given type that a subject
41
+ # can access whether via a computed permission or relation membership.
40
42
  rpc :LookupResources, ::Authzed::Api::V1::LookupResourcesRequest, stream(::Authzed::Api::V1::LookupResourcesResponse)
43
+ # LookupSubjects returns all the subjects of a given type that
44
+ # have access whether via a computed permission or relation membership.
45
+ rpc :LookupSubjects, ::Authzed::Api::V1::LookupSubjectsRequest, stream(::Authzed::Api::V1::LookupSubjectsResponse)
41
46
  end
42
47
 
43
48
  Stub = Service.rpc_stub_class
@@ -0,0 +1,33 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # source: authzed/api/v1/schema_service.proto
3
+
4
+ require 'google/protobuf'
5
+
6
+ require 'google/api/annotations_pb'
7
+ require 'validate/validate_pb'
8
+
9
+ Google::Protobuf::DescriptorPool.generated_pool.build do
10
+ add_file("authzed/api/v1/schema_service.proto", :syntax => :proto3) do
11
+ add_message "authzed.api.v1.ReadSchemaRequest" do
12
+ end
13
+ add_message "authzed.api.v1.ReadSchemaResponse" do
14
+ optional :schema_text, :string, 1, json_name: "schemaText"
15
+ end
16
+ add_message "authzed.api.v1.WriteSchemaRequest" do
17
+ optional :schema, :string, 1, json_name: "schema"
18
+ end
19
+ add_message "authzed.api.v1.WriteSchemaResponse" do
20
+ end
21
+ end
22
+ end
23
+
24
+ module Authzed
25
+ module Api
26
+ module V1
27
+ ReadSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaRequest").msgclass
28
+ ReadSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaResponse").msgclass
29
+ WriteSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaRequest").msgclass
30
+ WriteSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaResponse").msgclass
31
+ end
32
+ end
33
+ end
@@ -0,0 +1,34 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # Source: authzed/api/v1/schema_service.proto for package 'authzed.api.v1'
3
+
4
+ require 'grpc'
5
+ require 'authzed/api/v1/schema_service_pb'
6
+
7
+ module Authzed
8
+ module Api
9
+ module V1
10
+ module SchemaService
11
+ # SchemaService implements operations on a Permissions System's Schema.
12
+ class Service
13
+
14
+ include ::GRPC::GenericService
15
+
16
+ self.marshal_class_method = :encode
17
+ self.unmarshal_class_method = :decode
18
+ self.service_name = 'authzed.api.v1.SchemaService'
19
+
20
+ # Read returns the current Object Definitions for a Permissions System.
21
+ #
22
+ # Errors include:
23
+ # - INVALID_ARGUMENT: a provided value has failed to semantically validate
24
+ # - NOT_FOUND: no schema has been defined
25
+ rpc :ReadSchema, ::Authzed::Api::V1::ReadSchemaRequest, ::Authzed::Api::V1::ReadSchemaResponse
26
+ # Write overwrites the current Object Definitions for a Permissions System.
27
+ rpc :WriteSchema, ::Authzed::Api::V1::WriteSchemaRequest, ::Authzed::Api::V1::WriteSchemaResponse
28
+ end
29
+
30
+ Stub = Service.rpc_stub_class
31
+ end
32
+ end
33
+ end
34
+ end
@@ -3,11 +3,14 @@
3
3
 
4
4
  require 'google/protobuf'
5
5
 
6
+ require 'google/api/annotations_pb'
7
+ require 'validate/validate_pb'
6
8
  require 'authzed/api/v1/core_pb'
9
+
7
10
  Google::Protobuf::DescriptorPool.generated_pool.build do
8
11
  add_file("authzed/api/v1/watch_service.proto", :syntax => :proto3) do
9
12
  add_message "authzed.api.v1.WatchRequest" do
10
- repeated :object_types, :string, 1, json_name: "objectTypes"
13
+ repeated :optional_object_types, :string, 1, json_name: "optionalObjectTypes"
11
14
  optional :optional_start_cursor, :message, 2, "authzed.api.v1.ZedToken", json_name: "optionalStartCursor"
12
15
  end
13
16
  add_message "authzed.api.v1.WatchResponse" do
@@ -3,6 +3,8 @@
3
3
 
4
4
  require 'google/protobuf'
5
5
 
6
+ require 'validate/validate_pb'
7
+
6
8
  Google::Protobuf::DescriptorPool.generated_pool.build do
7
9
  add_file("authzed/api/v1alpha1/schema.proto", :syntax => :proto3) do
8
10
  add_message "authzed.api.v1alpha1.ReadSchemaRequest" do
@@ -10,12 +12,15 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
10
12
  end
11
13
  add_message "authzed.api.v1alpha1.ReadSchemaResponse" do
12
14
  repeated :object_definitions, :string, 1, json_name: "objectDefinitions"
15
+ optional :computed_definitions_revision, :string, 2, json_name: "computedDefinitionsRevision"
13
16
  end
14
17
  add_message "authzed.api.v1alpha1.WriteSchemaRequest" do
15
18
  optional :schema, :string, 1, json_name: "schema"
19
+ optional :optional_definitions_revision_precondition, :string, 2, json_name: "optionalDefinitionsRevisionPrecondition"
16
20
  end
17
21
  add_message "authzed.api.v1alpha1.WriteSchemaResponse" do
18
22
  repeated :object_definitions_names, :string, 1, json_name: "objectDefinitionsNames"
23
+ optional :computed_definitions_revision, :string, 2, json_name: "computedDefinitionsRevision"
19
24
  end
20
25
  end
21
26
  end
@@ -0,0 +1,46 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # source: authzed/api/v1alpha1/watchresources_service.proto
3
+
4
+ require 'google/protobuf'
5
+
6
+ require 'google/api/annotations_pb'
7
+ require 'validate/validate_pb'
8
+ require 'authzed/api/v1/core_pb'
9
+
10
+ Google::Protobuf::DescriptorPool.generated_pool.build do
11
+ add_file("authzed/api/v1alpha1/watchresources_service.proto", :syntax => :proto3) do
12
+ add_message "authzed.api.v1alpha1.WatchResourcesRequest" do
13
+ optional :resource_object_type, :string, 1, json_name: "resourceObjectType"
14
+ optional :permission, :string, 2, json_name: "permission"
15
+ optional :subject_object_type, :string, 3, json_name: "subjectObjectType"
16
+ optional :optional_subject_relation, :string, 4, json_name: "optionalSubjectRelation"
17
+ optional :optional_start_cursor, :message, 5, "authzed.api.v1.ZedToken", json_name: "optionalStartCursor"
18
+ end
19
+ add_message "authzed.api.v1alpha1.PermissionUpdate" do
20
+ optional :subject, :message, 1, "authzed.api.v1.SubjectReference", json_name: "subject"
21
+ optional :resource, :message, 2, "authzed.api.v1.ObjectReference", json_name: "resource"
22
+ optional :relation, :string, 3, json_name: "relation"
23
+ optional :updated_permission, :enum, 4, "authzed.api.v1alpha1.PermissionUpdate.Permissionship", json_name: "updatedPermission"
24
+ end
25
+ add_enum "authzed.api.v1alpha1.PermissionUpdate.Permissionship" do
26
+ value :PERMISSIONSHIP_UNSPECIFIED, 0
27
+ value :PERMISSIONSHIP_NO_PERMISSION, 1
28
+ value :PERMISSIONSHIP_HAS_PERMISSION, 2
29
+ end
30
+ add_message "authzed.api.v1alpha1.WatchResourcesResponse" do
31
+ repeated :updates, :message, 1, "authzed.api.v1alpha1.PermissionUpdate", json_name: "updates"
32
+ optional :changes_through, :message, 2, "authzed.api.v1.ZedToken", json_name: "changesThrough"
33
+ end
34
+ end
35
+ end
36
+
37
+ module Authzed
38
+ module Api
39
+ module V1alpha1
40
+ WatchResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.WatchResourcesRequest").msgclass
41
+ PermissionUpdate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.PermissionUpdate").msgclass
42
+ PermissionUpdate::Permissionship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.PermissionUpdate.Permissionship").enummodule
43
+ WatchResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.WatchResourcesResponse").msgclass
44
+ end
45
+ end
46
+ end
@@ -0,0 +1,30 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # Source: authzed/api/v1alpha1/watchresources_service.proto for package 'authzed.api.v1alpha1'
3
+
4
+ require 'grpc'
5
+ require 'authzed/api/v1alpha1/watchresources_service_pb'
6
+
7
+ module Authzed
8
+ module Api
9
+ module V1alpha1
10
+ module WatchResourcesService
11
+ # WatchResourcesService is used to receive a stream of updates for resources of a
12
+ # specific (resource type, permission, subject) combination.
13
+ class Service
14
+
15
+ include ::GRPC::GenericService
16
+
17
+ self.marshal_class_method = :encode
18
+ self.unmarshal_class_method = :decode
19
+ self.service_name = 'authzed.api.v1alpha1.WatchResourcesService'
20
+
21
+ # WatchResources initiates a watch for permission changes for the provided
22
+ # (resource type, permission, subject) pair.
23
+ rpc :WatchResources, ::Authzed::Api::V1alpha1::WatchResourcesRequest, stream(::Authzed::Api::V1alpha1::WatchResourcesResponse)
24
+ end
25
+
26
+ Stub = Service.rpc_stub_class
27
+ end
28
+ end
29
+ end
30
+ end
data/lib/authzed.rb CHANGED
@@ -1,14 +1,3 @@
1
- require 'authzed/api/v0/acl_service_pb'
2
- require 'authzed/api/v0/acl_service_services_pb'
3
- require 'authzed/api/v0/core_pb'
4
- require 'authzed/api/v0/developer_pb'
5
- require 'authzed/api/v0/developer_services_pb'
6
- require 'authzed/api/v0/namespace_pb'
7
- require 'authzed/api/v0/namespace_service_pb'
8
- require 'authzed/api/v0/namespace_service_services_pb'
9
- require 'authzed/api/v0/watch_service_pb'
10
- require 'authzed/api/v0/watch_service_services_pb'
11
- require 'authzed/api/v0/client'
12
1
  require 'authzed/api/v1alpha1/schema_pb'
13
2
  require 'authzed/api/v1alpha1/schema_services_pb'
14
3
  require 'authzed/api/v1alpha1/client'
@@ -19,4 +8,4 @@ require 'authzed/api/v1/client'
19
8
  require 'grpcutil/bearer_token'
20
9
 
21
10
  module Authzed
22
- end
11
+ end
@@ -0,0 +1,4 @@
1
+ module Validate
2
+ module ValidatePb
3
+ end
4
+ end
metadata CHANGED
@@ -1,15 +1,57 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authzed
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.1
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Authzed
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-10-26 00:00:00.000000000 Z
12
- dependencies: []
11
+ date: 2022-09-09 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: grpc
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.41'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.41'
27
+ - !ruby/object:Gem::Dependency
28
+ name: grpc-tools
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.41'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.41'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rspec
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '3.0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '3.0'
13
55
  description: Authzed is the best way to build robust and scalable permissions systems.
14
56
  See https://authzed.com for more details.
15
57
  email: support@authzed.com
@@ -33,16 +75,23 @@ files:
33
75
  - lib/authzed/api/v0/watch_service_services_pb.rb
34
76
  - lib/authzed/api/v1/client.rb
35
77
  - lib/authzed/api/v1/core_pb.rb
78
+ - lib/authzed/api/v1/debug_pb.rb
79
+ - lib/authzed/api/v1/openapi_pb.rb
36
80
  - lib/authzed/api/v1/permission_service_pb.rb
37
81
  - lib/authzed/api/v1/permission_service_services_pb.rb
38
82
  - lib/authzed/api/v1/schema_pb.rb
83
+ - lib/authzed/api/v1/schema_service_pb.rb
84
+ - lib/authzed/api/v1/schema_service_services_pb.rb
39
85
  - lib/authzed/api/v1/schema_services_pb.rb
40
86
  - lib/authzed/api/v1/watch_service_pb.rb
41
87
  - lib/authzed/api/v1/watch_service_services_pb.rb
42
88
  - lib/authzed/api/v1alpha1/client.rb
43
89
  - lib/authzed/api/v1alpha1/schema_pb.rb
44
90
  - lib/authzed/api/v1alpha1/schema_services_pb.rb
91
+ - lib/authzed/api/v1alpha1/watchresources_service_pb.rb
92
+ - lib/authzed/api/v1alpha1/watchresources_service_services_pb.rb
45
93
  - lib/grpcutil/bearer_token.rb
94
+ - lib/validate/validate_pb.rb
46
95
  homepage: https://authzed.com
47
96
  licenses:
48
97
  - Apache-2.0