authzed 0.2.1 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +20 -11
- data/lib/authzed/api/v0/acl_service_pb.rb +2 -0
- data/lib/authzed/api/v0/core_pb.rb +2 -40
- data/lib/authzed/api/v0/developer_pb.rb +1 -2
- data/lib/authzed/api/v0/namespace_pb.rb +14 -1
- data/lib/authzed/api/v0/namespace_service_pb.rb +2 -0
- data/lib/authzed/api/v0/watch_service_pb.rb +2 -0
- data/lib/authzed/api/v1/core_pb.rb +2 -0
- data/lib/authzed/api/v1/debug_pb.rb +52 -0
- data/lib/authzed/api/v1/openapi_pb.rb +18 -0
- data/lib/authzed/api/v1/permission_service_pb.rb +17 -0
- data/lib/authzed/api/v1/permission_service_services_pb.rb +19 -14
- data/lib/authzed/api/v1/schema_service_pb.rb +33 -0
- data/lib/authzed/api/v1/schema_service_services_pb.rb +34 -0
- data/lib/authzed/api/v1/watch_service_pb.rb +4 -1
- data/lib/authzed/api/v1alpha1/schema_pb.rb +5 -0
- data/lib/authzed/api/v1alpha1/watchresources_service_pb.rb +46 -0
- data/lib/authzed/api/v1alpha1/watchresources_service_services_pb.rb +30 -0
- data/lib/authzed.rb +1 -12
- data/lib/validate/validate_pb.rb +4 -0
- metadata +52 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0211dcb4e1b7cfc4f5aecca853548da0d6eef6d0198dd97e0f2ff44dae373429
|
4
|
+
data.tar.gz: 94e3b2c8cbd070654e88f0ce3ed02ecda045fe1156a14ceec210df5743b18a2e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2192c05e51d8abb91baddf0b29e27477cc1de6f0922a4fb6d1fed9b39fb14870e4ad7a32dd87964cea8724890d947bf6726b8bf358808478f50e32f9b380cd70
|
7
|
+
data.tar.gz: 3893665e9b69175317a990c6305166c3f25cb354bc04890ebf9b467dd0914d1c0a00943ac916cd183beddfae953b2653910d35060b121bfe32b69e19515205f9
|
data/README.md
CHANGED
@@ -1,32 +1,41 @@
|
|
1
1
|
# Authzed Ruby Client
|
2
2
|
|
3
3
|
[![Ruby Gems](https://img.shields.io/gem/v/authzed?include_prereleases)](https://rubygems.org/gems/authzed)
|
4
|
+
[![Docs](https://img.shields.io/badge/docs-authzed.com-%234B4B6C "Authzed Documentation")](https://docs.authzed.com)
|
4
5
|
[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0.html)
|
5
6
|
[![Build Status](https://github.com/authzed/authzed-rb/workflows/build/badge.svg)](https://github.com/authzed/authzed-rb/actions)
|
6
|
-
[![Mailing List](https://img.shields.io/badge/email-google%20groups-4285F4)](https://groups.google.com/g/authzed-oss)
|
7
7
|
[![Discord Server](https://img.shields.io/discord/844600078504951838?color=7289da&logo=discord "Discord Server")](https://discord.gg/jTysUaxXzM)
|
8
8
|
[![Twitter](https://img.shields.io/twitter/follow/authzed?color=%23179CF0&logo=twitter&style=flat-square)](https://twitter.com/authzed)
|
9
9
|
|
10
|
-
This repository houses the Ruby client library for Authzed.
|
10
|
+
This repository houses the official Ruby client library for Authzed and SpiceDB.
|
11
11
|
|
12
|
-
[
|
12
|
+
[SpiceDB] is a database system for managing security-critical permissions checking.
|
13
13
|
|
14
|
-
|
14
|
+
SpiceDB acts as a centralized service that stores authorization data.
|
15
|
+
Once stored, data can be performantly queried to answer questions such as "Does this user have access to this resource?" and "What are all the resources this user has access to?".
|
16
|
+
|
17
|
+
[Authzed] operates the globally available, serverless database platform for SpiceDB.
|
15
18
|
|
16
19
|
Supported client API versions:
|
17
|
-
- [v1](https://
|
18
|
-
- [v1alpha1](https://
|
19
|
-
- [v0](https://docs.authzed.com/reference/api#authzedapiv0)
|
20
|
+
- [v1](https://buf.build/authzed/api/docs/main/authzed.api.v1)
|
21
|
+
- [v1alpha1](https://buf.build/authzed/api/docs/main/authzed.api.v1alpha1)
|
20
22
|
|
21
|
-
You can find more info
|
22
|
-
Additionally, Protobuf API documentation can be found on the [Buf Registry Authzed API repository].
|
23
|
+
You can find more info about the API in the [Authzed Documentation API Reference] or the [Authzed API Buf Registry repository].
|
23
24
|
|
24
25
|
See [CONTRIBUTING.md] for instructions on how to contribute and perform common tasks like building the project and running tests.
|
25
26
|
|
27
|
+
[SpiceDB]: https://github.com/authzed/spicedb
|
26
28
|
[Authzed]: https://authzed.com
|
27
|
-
[Authzed API Reference
|
28
|
-
[Buf Registry
|
29
|
+
[Authzed Documentation API Reference]: https://docs.authzed.com/reference/api
|
30
|
+
[Authzed API Buf Registry repository]: https://buf.build/authzed/api
|
29
31
|
[CONTRIBUTING.md]: CONTRIBUTING.md
|
32
|
+
[Discord]: https://authzed.com/discord
|
33
|
+
[Urgent]: https://github.com/authzed/authzed-rb/labels/priority%2F0%20urgent
|
34
|
+
[High]: https://github.com/authzed/authzed-rb/labels/priority%2F1%20high
|
35
|
+
[Medium]: https://github.com/authzed/authzed-rb/labels/priority%2F2%20medium
|
36
|
+
[Low]: https://github.com/authzed/authzed-rb/labels/priority%2F3%20low
|
37
|
+
[Maybe]: https://github.com/authzed/authzed-rb/labels/priority%2F4%20maybe
|
38
|
+
[good first issues]: https://github.com/authzed-rb/spicedb/labels/hint%2Fgood%20first%20issue
|
30
39
|
|
31
40
|
## Getting Started
|
32
41
|
|
@@ -3,7 +3,9 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
+
require 'validate/validate_pb'
|
6
7
|
require 'authzed/api/v0/core_pb'
|
8
|
+
|
7
9
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
8
10
|
add_file("authzed/api/v0/acl_service.proto", :syntax => :proto3) do
|
9
11
|
add_message "authzed.api.v0.RelationTupleFilter" do
|
@@ -3,6 +3,8 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
+
require 'validate/validate_pb'
|
7
|
+
|
6
8
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
7
9
|
add_file("authzed/api/v0/core.proto", :syntax => :proto3) do
|
8
10
|
add_message "authzed.api.v0.RelationTuple" do
|
@@ -23,39 +25,6 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
23
25
|
optional :userset, :message, 2, "authzed.api.v0.ObjectAndRelation", json_name: "userset"
|
24
26
|
end
|
25
27
|
end
|
26
|
-
add_message "authzed.api.v0.Zookie" do
|
27
|
-
optional :token, :string, 1, json_name: "token"
|
28
|
-
end
|
29
|
-
add_message "authzed.api.v0.RelationTupleUpdate" do
|
30
|
-
optional :operation, :enum, 1, "authzed.api.v0.RelationTupleUpdate.Operation", json_name: "operation"
|
31
|
-
optional :tuple, :message, 2, "authzed.api.v0.RelationTuple", json_name: "tuple"
|
32
|
-
end
|
33
|
-
add_enum "authzed.api.v0.RelationTupleUpdate.Operation" do
|
34
|
-
value :UNKNOWN, 0
|
35
|
-
value :CREATE, 1
|
36
|
-
value :TOUCH, 2
|
37
|
-
value :DELETE, 3
|
38
|
-
end
|
39
|
-
add_message "authzed.api.v0.RelationTupleTreeNode" do
|
40
|
-
optional :expanded, :message, 3, "authzed.api.v0.ObjectAndRelation", json_name: "expanded"
|
41
|
-
oneof :node_type do
|
42
|
-
optional :intermediate_node, :message, 1, "authzed.api.v0.SetOperationUserset", json_name: "intermediateNode"
|
43
|
-
optional :leaf_node, :message, 2, "authzed.api.v0.DirectUserset", json_name: "leafNode"
|
44
|
-
end
|
45
|
-
end
|
46
|
-
add_message "authzed.api.v0.SetOperationUserset" do
|
47
|
-
optional :operation, :enum, 1, "authzed.api.v0.SetOperationUserset.Operation", json_name: "operation"
|
48
|
-
repeated :child_nodes, :message, 2, "authzed.api.v0.RelationTupleTreeNode", json_name: "childNodes"
|
49
|
-
end
|
50
|
-
add_enum "authzed.api.v0.SetOperationUserset.Operation" do
|
51
|
-
value :INVALID, 0
|
52
|
-
value :UNION, 1
|
53
|
-
value :INTERSECTION, 2
|
54
|
-
value :EXCLUSION, 3
|
55
|
-
end
|
56
|
-
add_message "authzed.api.v0.DirectUserset" do
|
57
|
-
repeated :users, :message, 1, "authzed.api.v0.User", json_name: "users"
|
58
|
-
end
|
59
28
|
end
|
60
29
|
end
|
61
30
|
|
@@ -66,13 +35,6 @@ module Authzed
|
|
66
35
|
ObjectAndRelation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.ObjectAndRelation").msgclass
|
67
36
|
RelationReference = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.RelationReference").msgclass
|
68
37
|
User = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.User").msgclass
|
69
|
-
Zookie = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.Zookie").msgclass
|
70
|
-
RelationTupleUpdate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.RelationTupleUpdate").msgclass
|
71
|
-
RelationTupleUpdate::Operation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.RelationTupleUpdate.Operation").enummodule
|
72
|
-
RelationTupleTreeNode = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.RelationTupleTreeNode").msgclass
|
73
|
-
SetOperationUserset = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperationUserset").msgclass
|
74
|
-
SetOperationUserset::Operation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperationUserset.Operation").enummodule
|
75
|
-
DirectUserset = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.DirectUserset").msgclass
|
76
38
|
end
|
77
39
|
end
|
78
40
|
end
|
@@ -4,7 +4,7 @@
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
6
|
require 'authzed/api/v0/core_pb'
|
7
|
-
|
7
|
+
|
8
8
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
9
|
add_file("authzed/api/v0/developer.proto", :syntax => :proto3) do
|
10
10
|
add_message "authzed.api.v0.FormatSchemaRequest" do
|
@@ -49,7 +49,6 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
49
49
|
add_message "authzed.api.v0.RequestContext" do
|
50
50
|
optional :schema, :string, 1, json_name: "schema"
|
51
51
|
repeated :relationships, :message, 2, "authzed.api.v0.RelationTuple", json_name: "relationships"
|
52
|
-
repeated :legacy_ns_configs, :message, 3, "authzed.api.v0.NamespaceDefinition", json_name: "legacyNsConfigs"
|
53
52
|
end
|
54
53
|
add_message "authzed.api.v0.EditCheckRequest" do
|
55
54
|
optional :context, :message, 1, "authzed.api.v0.RequestContext", json_name: "context"
|
@@ -4,7 +4,9 @@
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
6
|
require 'google/protobuf/any_pb'
|
7
|
+
require 'validate/validate_pb'
|
7
8
|
require 'authzed/api/v0/core_pb'
|
9
|
+
|
8
10
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
11
|
add_file("authzed/api/v0/namespace.proto", :syntax => :proto3) do
|
10
12
|
add_message "authzed.api.v0.Metadata" do
|
@@ -22,7 +24,16 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
22
24
|
optional :metadata, :message, 4, "authzed.api.v0.Metadata", json_name: "metadata"
|
23
25
|
end
|
24
26
|
add_message "authzed.api.v0.TypeInformation" do
|
25
|
-
repeated :allowed_direct_relations, :message, 1, "authzed.api.v0.
|
27
|
+
repeated :allowed_direct_relations, :message, 1, "authzed.api.v0.AllowedRelation", json_name: "allowedDirectRelations"
|
28
|
+
end
|
29
|
+
add_message "authzed.api.v0.AllowedRelation" do
|
30
|
+
optional :namespace, :string, 1, json_name: "namespace"
|
31
|
+
oneof :relation_or_wildcard do
|
32
|
+
optional :relation, :string, 3, json_name: "relation"
|
33
|
+
optional :public_wildcard, :message, 4, "authzed.api.v0.AllowedRelation.PublicWildcard", json_name: "publicWildcard"
|
34
|
+
end
|
35
|
+
end
|
36
|
+
add_message "authzed.api.v0.AllowedRelation.PublicWildcard" do
|
26
37
|
end
|
27
38
|
add_message "authzed.api.v0.UsersetRewrite" do
|
28
39
|
oneof :rewrite_operation do
|
@@ -69,6 +80,8 @@ module Authzed
|
|
69
80
|
NamespaceDefinition = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.NamespaceDefinition").msgclass
|
70
81
|
Relation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.Relation").msgclass
|
71
82
|
TypeInformation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.TypeInformation").msgclass
|
83
|
+
AllowedRelation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.AllowedRelation").msgclass
|
84
|
+
AllowedRelation::PublicWildcard = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.AllowedRelation.PublicWildcard").msgclass
|
72
85
|
UsersetRewrite = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.UsersetRewrite").msgclass
|
73
86
|
SetOperation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperation").msgclass
|
74
87
|
SetOperation::Child = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperation.Child").msgclass
|
@@ -3,8 +3,10 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
+
require 'validate/validate_pb'
|
6
7
|
require 'authzed/api/v0/core_pb'
|
7
8
|
require 'authzed/api/v0/namespace_pb'
|
9
|
+
|
8
10
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
11
|
add_file("authzed/api/v0/namespace_service.proto", :syntax => :proto3) do
|
10
12
|
add_message "authzed.api.v0.ReadConfigRequest" do
|
@@ -3,7 +3,9 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
+
require 'validate/validate_pb'
|
6
7
|
require 'authzed/api/v0/core_pb'
|
8
|
+
|
7
9
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
8
10
|
add_file("authzed/api/v0/watch_service.proto", :syntax => :proto3) do
|
9
11
|
add_message "authzed.api.v0.WatchRequest" do
|
@@ -0,0 +1,52 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1/debug.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'authzed/api/v1/core_pb'
|
7
|
+
require 'validate/validate_pb'
|
8
|
+
|
9
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
10
|
+
add_file("authzed/api/v1/debug.proto", :syntax => :proto3) do
|
11
|
+
add_message "authzed.api.v1.DebugInformation" do
|
12
|
+
optional :check, :message, 1, "authzed.api.v1.CheckDebugTrace", json_name: "check"
|
13
|
+
optional :schema_used, :string, 2, json_name: "schemaUsed"
|
14
|
+
end
|
15
|
+
add_message "authzed.api.v1.CheckDebugTrace" do
|
16
|
+
optional :resource, :message, 1, "authzed.api.v1.ObjectReference", json_name: "resource"
|
17
|
+
optional :permission, :string, 2, json_name: "permission"
|
18
|
+
optional :permission_type, :enum, 3, "authzed.api.v1.CheckDebugTrace.PermissionType", json_name: "permissionType"
|
19
|
+
optional :subject, :message, 4, "authzed.api.v1.SubjectReference", json_name: "subject"
|
20
|
+
optional :result, :enum, 5, "authzed.api.v1.CheckDebugTrace.Permissionship", json_name: "result"
|
21
|
+
oneof :resolution do
|
22
|
+
optional :was_cached_result, :bool, 6, json_name: "wasCachedResult"
|
23
|
+
optional :sub_problems, :message, 7, "authzed.api.v1.CheckDebugTrace.SubProblems", json_name: "subProblems"
|
24
|
+
end
|
25
|
+
end
|
26
|
+
add_message "authzed.api.v1.CheckDebugTrace.SubProblems" do
|
27
|
+
repeated :traces, :message, 1, "authzed.api.v1.CheckDebugTrace", json_name: "traces"
|
28
|
+
end
|
29
|
+
add_enum "authzed.api.v1.CheckDebugTrace.PermissionType" do
|
30
|
+
value :PERMISSION_TYPE_UNSPECIFIED, 0
|
31
|
+
value :PERMISSION_TYPE_RELATION, 1
|
32
|
+
value :PERMISSION_TYPE_PERMISSION, 2
|
33
|
+
end
|
34
|
+
add_enum "authzed.api.v1.CheckDebugTrace.Permissionship" do
|
35
|
+
value :PERMISSIONSHIP_UNSPECIFIED, 0
|
36
|
+
value :PERMISSIONSHIP_NO_PERMISSION, 1
|
37
|
+
value :PERMISSIONSHIP_HAS_PERMISSION, 2
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
module Authzed
|
43
|
+
module Api
|
44
|
+
module V1
|
45
|
+
DebugInformation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.DebugInformation").msgclass
|
46
|
+
CheckDebugTrace = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckDebugTrace").msgclass
|
47
|
+
CheckDebugTrace::SubProblems = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckDebugTrace.SubProblems").msgclass
|
48
|
+
CheckDebugTrace::PermissionType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckDebugTrace.PermissionType").enummodule
|
49
|
+
CheckDebugTrace::Permissionship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckDebugTrace.Permissionship").enummodule
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1/openapi.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'protoc-gen-openapiv2/options/annotations_pb'
|
7
|
+
|
8
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
|
+
add_file("authzed/api/v1/openapi.proto", :syntax => :proto3) do
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
module Authzed
|
14
|
+
module Api
|
15
|
+
module V1
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
@@ -3,7 +3,10 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
+
require 'google/api/annotations_pb'
|
7
|
+
require 'validate/validate_pb'
|
6
8
|
require 'authzed/api/v1/core_pb'
|
9
|
+
|
7
10
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
8
11
|
add_file("authzed/api/v1/permission_service.proto", :syntax => :proto3) do
|
9
12
|
add_message "authzed.api.v1.Consistency" do
|
@@ -93,6 +96,18 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
93
96
|
optional :looked_up_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "lookedUpAt"
|
94
97
|
optional :resource_object_id, :string, 2, json_name: "resourceObjectId"
|
95
98
|
end
|
99
|
+
add_message "authzed.api.v1.LookupSubjectsRequest" do
|
100
|
+
optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
|
101
|
+
optional :resource, :message, 2, "authzed.api.v1.ObjectReference", json_name: "resource"
|
102
|
+
optional :permission, :string, 3, json_name: "permission"
|
103
|
+
optional :subject_object_type, :string, 4, json_name: "subjectObjectType"
|
104
|
+
optional :optional_subject_relation, :string, 5, json_name: "optionalSubjectRelation"
|
105
|
+
end
|
106
|
+
add_message "authzed.api.v1.LookupSubjectsResponse" do
|
107
|
+
optional :looked_up_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "lookedUpAt"
|
108
|
+
optional :subject_object_id, :string, 2, json_name: "subjectObjectId"
|
109
|
+
repeated :excluded_subject_ids, :string, 3, json_name: "excludedSubjectIds"
|
110
|
+
end
|
96
111
|
end
|
97
112
|
end
|
98
113
|
|
@@ -118,6 +133,8 @@ module Authzed
|
|
118
133
|
ExpandPermissionTreeResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExpandPermissionTreeResponse").msgclass
|
119
134
|
LookupResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupResourcesRequest").msgclass
|
120
135
|
LookupResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupResourcesResponse").msgclass
|
136
|
+
LookupSubjectsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupSubjectsRequest").msgclass
|
137
|
+
LookupSubjectsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupSubjectsResponse").msgclass
|
121
138
|
end
|
122
139
|
end
|
123
140
|
end
|
@@ -8,8 +8,8 @@ module Authzed
|
|
8
8
|
module Api
|
9
9
|
module V1
|
10
10
|
module PermissionsService
|
11
|
-
# PermissionsService
|
12
|
-
#
|
11
|
+
# PermissionsService implements a set of RPCs that perform operations on
|
12
|
+
# relationships and permissions.
|
13
13
|
class Service
|
14
14
|
|
15
15
|
include ::GRPC::GenericService
|
@@ -21,23 +21,28 @@ module Authzed
|
|
21
21
|
# ReadRelationships reads a set of the relationships matching one or more
|
22
22
|
# filters.
|
23
23
|
rpc :ReadRelationships, ::Authzed::Api::V1::ReadRelationshipsRequest, stream(::Authzed::Api::V1::ReadRelationshipsResponse)
|
24
|
-
# WriteRelationships writes and/or deletes a set of specified
|
25
|
-
#
|
26
|
-
# the operation
|
24
|
+
# WriteRelationships atomically writes and/or deletes a set of specified
|
25
|
+
# relationships. An optional set of preconditions can be provided that must
|
26
|
+
# be satisfied for the operation to commit.
|
27
27
|
rpc :WriteRelationships, ::Authzed::Api::V1::WriteRelationshipsRequest, ::Authzed::Api::V1::WriteRelationshipsResponse
|
28
|
-
# DeleteRelationships deletes relationships matching
|
29
|
-
#
|
28
|
+
# DeleteRelationships atomically bulk deletes all relationships matching the
|
29
|
+
# provided filter. If no relationships match, none will be deleted and the
|
30
|
+
# operation will succeed. An optional set of preconditions can be provided that must
|
31
|
+
# be satisfied for the operation to commit.
|
30
32
|
rpc :DeleteRelationships, ::Authzed::Api::V1::DeleteRelationshipsRequest, ::Authzed::Api::V1::DeleteRelationshipsResponse
|
31
|
-
# CheckPermission
|
32
|
-
# a
|
33
|
+
# CheckPermission determines for a given resource whether a subject computes
|
34
|
+
# to having a permission or is a direct member of a particular relation.
|
33
35
|
rpc :CheckPermission, ::Authzed::Api::V1::CheckPermissionRequest, ::Authzed::Api::V1::CheckPermissionResponse
|
34
|
-
# ExpandPermissionTree
|
35
|
-
# permission or relation
|
36
|
+
# ExpandPermissionTree reveals the graph structure for a resource's
|
37
|
+
# permission or relation. This RPC does not recurse infinitely deep and may
|
38
|
+
# require multiple calls to fully unnest a deeply nested graph.
|
36
39
|
rpc :ExpandPermissionTree, ::Authzed::Api::V1::ExpandPermissionTreeRequest, ::Authzed::Api::V1::ExpandPermissionTreeResponse
|
37
|
-
# LookupResources returns the
|
38
|
-
#
|
39
|
-
# relation.
|
40
|
+
# LookupResources returns all the resources of a given type that a subject
|
41
|
+
# can access whether via a computed permission or relation membership.
|
40
42
|
rpc :LookupResources, ::Authzed::Api::V1::LookupResourcesRequest, stream(::Authzed::Api::V1::LookupResourcesResponse)
|
43
|
+
# LookupSubjects returns all the subjects of a given type that
|
44
|
+
# have access whether via a computed permission or relation membership.
|
45
|
+
rpc :LookupSubjects, ::Authzed::Api::V1::LookupSubjectsRequest, stream(::Authzed::Api::V1::LookupSubjectsResponse)
|
41
46
|
end
|
42
47
|
|
43
48
|
Stub = Service.rpc_stub_class
|
@@ -0,0 +1,33 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1/schema_service.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'google/api/annotations_pb'
|
7
|
+
require 'validate/validate_pb'
|
8
|
+
|
9
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
10
|
+
add_file("authzed/api/v1/schema_service.proto", :syntax => :proto3) do
|
11
|
+
add_message "authzed.api.v1.ReadSchemaRequest" do
|
12
|
+
end
|
13
|
+
add_message "authzed.api.v1.ReadSchemaResponse" do
|
14
|
+
optional :schema_text, :string, 1, json_name: "schemaText"
|
15
|
+
end
|
16
|
+
add_message "authzed.api.v1.WriteSchemaRequest" do
|
17
|
+
optional :schema, :string, 1, json_name: "schema"
|
18
|
+
end
|
19
|
+
add_message "authzed.api.v1.WriteSchemaResponse" do
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
module Authzed
|
25
|
+
module Api
|
26
|
+
module V1
|
27
|
+
ReadSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaRequest").msgclass
|
28
|
+
ReadSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaResponse").msgclass
|
29
|
+
WriteSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaRequest").msgclass
|
30
|
+
WriteSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaResponse").msgclass
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# Source: authzed/api/v1/schema_service.proto for package 'authzed.api.v1'
|
3
|
+
|
4
|
+
require 'grpc'
|
5
|
+
require 'authzed/api/v1/schema_service_pb'
|
6
|
+
|
7
|
+
module Authzed
|
8
|
+
module Api
|
9
|
+
module V1
|
10
|
+
module SchemaService
|
11
|
+
# SchemaService implements operations on a Permissions System's Schema.
|
12
|
+
class Service
|
13
|
+
|
14
|
+
include ::GRPC::GenericService
|
15
|
+
|
16
|
+
self.marshal_class_method = :encode
|
17
|
+
self.unmarshal_class_method = :decode
|
18
|
+
self.service_name = 'authzed.api.v1.SchemaService'
|
19
|
+
|
20
|
+
# Read returns the current Object Definitions for a Permissions System.
|
21
|
+
#
|
22
|
+
# Errors include:
|
23
|
+
# - INVALID_ARGUMENT: a provided value has failed to semantically validate
|
24
|
+
# - NOT_FOUND: no schema has been defined
|
25
|
+
rpc :ReadSchema, ::Authzed::Api::V1::ReadSchemaRequest, ::Authzed::Api::V1::ReadSchemaResponse
|
26
|
+
# Write overwrites the current Object Definitions for a Permissions System.
|
27
|
+
rpc :WriteSchema, ::Authzed::Api::V1::WriteSchemaRequest, ::Authzed::Api::V1::WriteSchemaResponse
|
28
|
+
end
|
29
|
+
|
30
|
+
Stub = Service.rpc_stub_class
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -3,11 +3,14 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
+
require 'google/api/annotations_pb'
|
7
|
+
require 'validate/validate_pb'
|
6
8
|
require 'authzed/api/v1/core_pb'
|
9
|
+
|
7
10
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
8
11
|
add_file("authzed/api/v1/watch_service.proto", :syntax => :proto3) do
|
9
12
|
add_message "authzed.api.v1.WatchRequest" do
|
10
|
-
repeated :
|
13
|
+
repeated :optional_object_types, :string, 1, json_name: "optionalObjectTypes"
|
11
14
|
optional :optional_start_cursor, :message, 2, "authzed.api.v1.ZedToken", json_name: "optionalStartCursor"
|
12
15
|
end
|
13
16
|
add_message "authzed.api.v1.WatchResponse" do
|
@@ -3,6 +3,8 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
+
require 'validate/validate_pb'
|
7
|
+
|
6
8
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
7
9
|
add_file("authzed/api/v1alpha1/schema.proto", :syntax => :proto3) do
|
8
10
|
add_message "authzed.api.v1alpha1.ReadSchemaRequest" do
|
@@ -10,12 +12,15 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
10
12
|
end
|
11
13
|
add_message "authzed.api.v1alpha1.ReadSchemaResponse" do
|
12
14
|
repeated :object_definitions, :string, 1, json_name: "objectDefinitions"
|
15
|
+
optional :computed_definitions_revision, :string, 2, json_name: "computedDefinitionsRevision"
|
13
16
|
end
|
14
17
|
add_message "authzed.api.v1alpha1.WriteSchemaRequest" do
|
15
18
|
optional :schema, :string, 1, json_name: "schema"
|
19
|
+
optional :optional_definitions_revision_precondition, :string, 2, json_name: "optionalDefinitionsRevisionPrecondition"
|
16
20
|
end
|
17
21
|
add_message "authzed.api.v1alpha1.WriteSchemaResponse" do
|
18
22
|
repeated :object_definitions_names, :string, 1, json_name: "objectDefinitionsNames"
|
23
|
+
optional :computed_definitions_revision, :string, 2, json_name: "computedDefinitionsRevision"
|
19
24
|
end
|
20
25
|
end
|
21
26
|
end
|
@@ -0,0 +1,46 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1alpha1/watchresources_service.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'google/api/annotations_pb'
|
7
|
+
require 'validate/validate_pb'
|
8
|
+
require 'authzed/api/v1/core_pb'
|
9
|
+
|
10
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
11
|
+
add_file("authzed/api/v1alpha1/watchresources_service.proto", :syntax => :proto3) do
|
12
|
+
add_message "authzed.api.v1alpha1.WatchResourcesRequest" do
|
13
|
+
optional :resource_object_type, :string, 1, json_name: "resourceObjectType"
|
14
|
+
optional :permission, :string, 2, json_name: "permission"
|
15
|
+
optional :subject_object_type, :string, 3, json_name: "subjectObjectType"
|
16
|
+
optional :optional_subject_relation, :string, 4, json_name: "optionalSubjectRelation"
|
17
|
+
optional :optional_start_cursor, :message, 5, "authzed.api.v1.ZedToken", json_name: "optionalStartCursor"
|
18
|
+
end
|
19
|
+
add_message "authzed.api.v1alpha1.PermissionUpdate" do
|
20
|
+
optional :subject, :message, 1, "authzed.api.v1.SubjectReference", json_name: "subject"
|
21
|
+
optional :resource, :message, 2, "authzed.api.v1.ObjectReference", json_name: "resource"
|
22
|
+
optional :relation, :string, 3, json_name: "relation"
|
23
|
+
optional :updated_permission, :enum, 4, "authzed.api.v1alpha1.PermissionUpdate.Permissionship", json_name: "updatedPermission"
|
24
|
+
end
|
25
|
+
add_enum "authzed.api.v1alpha1.PermissionUpdate.Permissionship" do
|
26
|
+
value :PERMISSIONSHIP_UNSPECIFIED, 0
|
27
|
+
value :PERMISSIONSHIP_NO_PERMISSION, 1
|
28
|
+
value :PERMISSIONSHIP_HAS_PERMISSION, 2
|
29
|
+
end
|
30
|
+
add_message "authzed.api.v1alpha1.WatchResourcesResponse" do
|
31
|
+
repeated :updates, :message, 1, "authzed.api.v1alpha1.PermissionUpdate", json_name: "updates"
|
32
|
+
optional :changes_through, :message, 2, "authzed.api.v1.ZedToken", json_name: "changesThrough"
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
module Authzed
|
38
|
+
module Api
|
39
|
+
module V1alpha1
|
40
|
+
WatchResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.WatchResourcesRequest").msgclass
|
41
|
+
PermissionUpdate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.PermissionUpdate").msgclass
|
42
|
+
PermissionUpdate::Permissionship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.PermissionUpdate.Permissionship").enummodule
|
43
|
+
WatchResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.WatchResourcesResponse").msgclass
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# Source: authzed/api/v1alpha1/watchresources_service.proto for package 'authzed.api.v1alpha1'
|
3
|
+
|
4
|
+
require 'grpc'
|
5
|
+
require 'authzed/api/v1alpha1/watchresources_service_pb'
|
6
|
+
|
7
|
+
module Authzed
|
8
|
+
module Api
|
9
|
+
module V1alpha1
|
10
|
+
module WatchResourcesService
|
11
|
+
# WatchResourcesService is used to receive a stream of updates for resources of a
|
12
|
+
# specific (resource type, permission, subject) combination.
|
13
|
+
class Service
|
14
|
+
|
15
|
+
include ::GRPC::GenericService
|
16
|
+
|
17
|
+
self.marshal_class_method = :encode
|
18
|
+
self.unmarshal_class_method = :decode
|
19
|
+
self.service_name = 'authzed.api.v1alpha1.WatchResourcesService'
|
20
|
+
|
21
|
+
# WatchResources initiates a watch for permission changes for the provided
|
22
|
+
# (resource type, permission, subject) pair.
|
23
|
+
rpc :WatchResources, ::Authzed::Api::V1alpha1::WatchResourcesRequest, stream(::Authzed::Api::V1alpha1::WatchResourcesResponse)
|
24
|
+
end
|
25
|
+
|
26
|
+
Stub = Service.rpc_stub_class
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
data/lib/authzed.rb
CHANGED
@@ -1,14 +1,3 @@
|
|
1
|
-
require 'authzed/api/v0/acl_service_pb'
|
2
|
-
require 'authzed/api/v0/acl_service_services_pb'
|
3
|
-
require 'authzed/api/v0/core_pb'
|
4
|
-
require 'authzed/api/v0/developer_pb'
|
5
|
-
require 'authzed/api/v0/developer_services_pb'
|
6
|
-
require 'authzed/api/v0/namespace_pb'
|
7
|
-
require 'authzed/api/v0/namespace_service_pb'
|
8
|
-
require 'authzed/api/v0/namespace_service_services_pb'
|
9
|
-
require 'authzed/api/v0/watch_service_pb'
|
10
|
-
require 'authzed/api/v0/watch_service_services_pb'
|
11
|
-
require 'authzed/api/v0/client'
|
12
1
|
require 'authzed/api/v1alpha1/schema_pb'
|
13
2
|
require 'authzed/api/v1alpha1/schema_services_pb'
|
14
3
|
require 'authzed/api/v1alpha1/client'
|
@@ -19,4 +8,4 @@ require 'authzed/api/v1/client'
|
|
19
8
|
require 'grpcutil/bearer_token'
|
20
9
|
|
21
10
|
module Authzed
|
22
|
-
end
|
11
|
+
end
|
metadata
CHANGED
@@ -1,15 +1,57 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authzed
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Authzed
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
12
|
-
dependencies:
|
11
|
+
date: 2022-09-09 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: grpc
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.41'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.41'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: grpc-tools
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '1.41'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '1.41'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rspec
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '3.0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '3.0'
|
13
55
|
description: Authzed is the best way to build robust and scalable permissions systems.
|
14
56
|
See https://authzed.com for more details.
|
15
57
|
email: support@authzed.com
|
@@ -33,16 +75,23 @@ files:
|
|
33
75
|
- lib/authzed/api/v0/watch_service_services_pb.rb
|
34
76
|
- lib/authzed/api/v1/client.rb
|
35
77
|
- lib/authzed/api/v1/core_pb.rb
|
78
|
+
- lib/authzed/api/v1/debug_pb.rb
|
79
|
+
- lib/authzed/api/v1/openapi_pb.rb
|
36
80
|
- lib/authzed/api/v1/permission_service_pb.rb
|
37
81
|
- lib/authzed/api/v1/permission_service_services_pb.rb
|
38
82
|
- lib/authzed/api/v1/schema_pb.rb
|
83
|
+
- lib/authzed/api/v1/schema_service_pb.rb
|
84
|
+
- lib/authzed/api/v1/schema_service_services_pb.rb
|
39
85
|
- lib/authzed/api/v1/schema_services_pb.rb
|
40
86
|
- lib/authzed/api/v1/watch_service_pb.rb
|
41
87
|
- lib/authzed/api/v1/watch_service_services_pb.rb
|
42
88
|
- lib/authzed/api/v1alpha1/client.rb
|
43
89
|
- lib/authzed/api/v1alpha1/schema_pb.rb
|
44
90
|
- lib/authzed/api/v1alpha1/schema_services_pb.rb
|
91
|
+
- lib/authzed/api/v1alpha1/watchresources_service_pb.rb
|
92
|
+
- lib/authzed/api/v1alpha1/watchresources_service_services_pb.rb
|
45
93
|
- lib/grpcutil/bearer_token.rb
|
94
|
+
- lib/validate/validate_pb.rb
|
46
95
|
homepage: https://authzed.com
|
47
96
|
licenses:
|
48
97
|
- Apache-2.0
|