RubyGems - authzed - Versions diffs - 0.2.1 → 0.4.0 - Mend

authzed 0.2.1 → 0.4.0

Files changed (22) hide show

checksums.yaml +4 -4
data/README.md +20 -11
data/lib/authzed/api/v0/acl_service_pb.rb +2 -0
data/lib/authzed/api/v0/core_pb.rb +2 -40
data/lib/authzed/api/v0/developer_pb.rb +1 -2
data/lib/authzed/api/v0/namespace_pb.rb +14 -1
data/lib/authzed/api/v0/namespace_service_pb.rb +2 -0
data/lib/authzed/api/v0/watch_service_pb.rb +2 -0
data/lib/authzed/api/v1/core_pb.rb +2 -0
data/lib/authzed/api/v1/debug_pb.rb +52 -0
data/lib/authzed/api/v1/openapi_pb.rb +18 -0
data/lib/authzed/api/v1/permission_service_pb.rb +17 -0
data/lib/authzed/api/v1/permission_service_services_pb.rb +19 -14
data/lib/authzed/api/v1/schema_service_pb.rb +33 -0
data/lib/authzed/api/v1/schema_service_services_pb.rb +34 -0
data/lib/authzed/api/v1/watch_service_pb.rb +4 -1
data/lib/authzed/api/v1alpha1/schema_pb.rb +5 -0
data/lib/authzed/api/v1alpha1/watchresources_service_pb.rb +46 -0
data/lib/authzed/api/v1alpha1/watchresources_service_services_pb.rb +30 -0
data/lib/authzed.rb +1 -12
data/lib/validate/validate_pb.rb +4 -0
metadata +52 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 745773cee685ac83d572bb8a772f0f25825147e9e55092aa66ee36a29a578341
-  data.tar.gz: a6a59d5a14bca9c4340717a261fa2bd59edf6f503bb4d1abba07cae496a0e0c2
+  metadata.gz: 0211dcb4e1b7cfc4f5aecca853548da0d6eef6d0198dd97e0f2ff44dae373429
+  data.tar.gz: 94e3b2c8cbd070654e88f0ce3ed02ecda045fe1156a14ceec210df5743b18a2e
 SHA512:
-  metadata.gz: e93362eddda43c3d16194640a7090dbbc324e44bc79f8632ab450a950b412eb0921ad17981e502864d1fec106622d7ad9d9f39c2e6ef78395ec0d6e42f81a1a5
-  data.tar.gz: 69e91b80c6c2d9c8e7934923629f063a63b41ebaed4416d89186fd3128c07d5b4d7f7249d540722cfdf1bd66d30e7a4d04cff6bddb3b615ad7f9bec8990ec325
+  metadata.gz: 2192c05e51d8abb91baddf0b29e27477cc1de6f0922a4fb6d1fed9b39fb14870e4ad7a32dd87964cea8724890d947bf6726b8bf358808478f50e32f9b380cd70
+  data.tar.gz: 3893665e9b69175317a990c6305166c3f25cb354bc04890ebf9b467dd0914d1c0a00943ac916cd183beddfae953b2653910d35060b121bfe32b69e19515205f9

data/README.md CHANGED Viewed

@@ -1,32 +1,41 @@
 # Authzed Ruby Client
 [![Ruby Gems](https://img.shields.io/gem/v/authzed?include_prereleases)](https://rubygems.org/gems/authzed)
+[![Docs](https://img.shields.io/badge/docs-authzed.com-%234B4B6C "Authzed Documentation")](https://docs.authzed.com)
 [![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0.html)
 [![Build Status](https://github.com/authzed/authzed-rb/workflows/build/badge.svg)](https://github.com/authzed/authzed-rb/actions)
-[![Mailing List](https://img.shields.io/badge/email-google%20groups-4285F4)](https://groups.google.com/g/authzed-oss)
 [![Discord Server](https://img.shields.io/discord/844600078504951838?color=7289da&logo=discord "Discord Server")](https://discord.gg/jTysUaxXzM)
 [![Twitter](https://img.shields.io/twitter/follow/authzed?color=%23179CF0&logo=twitter&style=flat-square)](https://twitter.com/authzed)
-This repository houses the Ruby client library for Authzed.
+This repository houses the official Ruby client library for Authzed and SpiceDB.
-[Authzed] is a database and service that stores, computes, and validates your application's permissions.
+[SpiceDB] is a database system for managing security-critical permissions checking.
-Developers create a schema that models their permissions requirements and use a client library, such as this one, to apply the schema to the database, insert data into the database, and query the data to efficiently check permissions in their applications.
+SpiceDB acts as a centralized service that stores authorization data.
+Once stored, data can be performantly queried to answer questions such as "Does this user have access to this resource?" and "What are all the resources this user has access to?".
+[Authzed] operates the globally available, serverless database platform for SpiceDB.
 Supported client API versions:
-- [v1](https://docs.authzed.com/reference/api#authzedapiv1)
-- [v1alpha1](https://docs.authzed.com/reference/api#authzedapiv1alpha1)
-- [v0](https://docs.authzed.com/reference/api#authzedapiv0)
+- [v1](https://buf.build/authzed/api/docs/main/authzed.api.v1)
+- [v1alpha1](https://buf.build/authzed/api/docs/main/authzed.api.v1alpha1)
-You can find more info on each API on the [Authzed API reference documentation].
-Additionally, Protobuf API documentation can be found on the [Buf Registry Authzed API repository].
+You can find more info about the API in the [Authzed Documentation API Reference] or the [Authzed API Buf Registry repository].
 See [CONTRIBUTING.md] for instructions on how to contribute and perform common tasks like building the project and running tests.
+[SpiceDB]: https://github.com/authzed/spicedb
 [Authzed]: https://authzed.com
-[Authzed API Reference documentation]: https://docs.authzed.com/reference/api
-[Buf Registry Authzed API repository]: https://buf.build/authzed/api/docs/main
+[Authzed Documentation API Reference]: https://docs.authzed.com/reference/api
+[Authzed API Buf Registry repository]: https://buf.build/authzed/api
 [CONTRIBUTING.md]: CONTRIBUTING.md
+[Discord]: https://authzed.com/discord
+[Urgent]: https://github.com/authzed/authzed-rb/labels/priority%2F0%20urgent
+[High]: https://github.com/authzed/authzed-rb/labels/priority%2F1%20high
+[Medium]: https://github.com/authzed/authzed-rb/labels/priority%2F2%20medium
+[Low]: https://github.com/authzed/authzed-rb/labels/priority%2F3%20low
+[Maybe]: https://github.com/authzed/authzed-rb/labels/priority%2F4%20maybe
+[good first issues]: https://github.com/authzed-rb/spicedb/labels/hint%2Fgood%20first%20issue
 ## Getting Started

data/lib/authzed/api/v0/acl_service_pb.rb CHANGED Viewed

@@ -3,7 +3,9 @@
 require 'google/protobuf'
+require 'validate/validate_pb'
 require 'authzed/api/v0/core_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v0/acl_service.proto", :syntax => :proto3) do
     add_message "authzed.api.v0.RelationTupleFilter" do

data/lib/authzed/api/v0/core_pb.rb CHANGED Viewed

@@ -3,6 +3,8 @@
 require 'google/protobuf'
+require 'validate/validate_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v0/core.proto", :syntax => :proto3) do
     add_message "authzed.api.v0.RelationTuple" do
@@ -23,39 +25,6 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
         optional :userset, :message, 2, "authzed.api.v0.ObjectAndRelation", json_name: "userset"
       end
     end
-    add_message "authzed.api.v0.Zookie" do
-      optional :token, :string, 1, json_name: "token"
-    end
-    add_message "authzed.api.v0.RelationTupleUpdate" do
-      optional :operation, :enum, 1, "authzed.api.v0.RelationTupleUpdate.Operation", json_name: "operation"
-      optional :tuple, :message, 2, "authzed.api.v0.RelationTuple", json_name: "tuple"
-    end
-    add_enum "authzed.api.v0.RelationTupleUpdate.Operation" do
-      value :UNKNOWN, 0
-      value :CREATE, 1
-      value :TOUCH, 2
-      value :DELETE, 3
-    end
-    add_message "authzed.api.v0.RelationTupleTreeNode" do
-      optional :expanded, :message, 3, "authzed.api.v0.ObjectAndRelation", json_name: "expanded"
-      oneof :node_type do
-        optional :intermediate_node, :message, 1, "authzed.api.v0.SetOperationUserset", json_name: "intermediateNode"
-        optional :leaf_node, :message, 2, "authzed.api.v0.DirectUserset", json_name: "leafNode"
-      end
-    end
-    add_message "authzed.api.v0.SetOperationUserset" do
-      optional :operation, :enum, 1, "authzed.api.v0.SetOperationUserset.Operation", json_name: "operation"
-      repeated :child_nodes, :message, 2, "authzed.api.v0.RelationTupleTreeNode", json_name: "childNodes"
-    end
-    add_enum "authzed.api.v0.SetOperationUserset.Operation" do
-      value :INVALID, 0
-      value :UNION, 1
-      value :INTERSECTION, 2
-      value :EXCLUSION, 3
-    end
-    add_message "authzed.api.v0.DirectUserset" do
-      repeated :users, :message, 1, "authzed.api.v0.User", json_name: "users"
-    end
   end
 end
@@ -66,13 +35,6 @@ module Authzed
       ObjectAndRelation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.ObjectAndRelation").msgclass
       RelationReference = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.RelationReference").msgclass
       User = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.User").msgclass
-      Zookie = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.Zookie").msgclass
-      RelationTupleUpdate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.RelationTupleUpdate").msgclass
-      RelationTupleUpdate::Operation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.RelationTupleUpdate.Operation").enummodule
-      RelationTupleTreeNode = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.RelationTupleTreeNode").msgclass
-      SetOperationUserset = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperationUserset").msgclass
-      SetOperationUserset::Operation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperationUserset.Operation").enummodule
-      DirectUserset = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.DirectUserset").msgclass
     end
   end
 end

data/lib/authzed/api/v0/developer_pb.rb CHANGED Viewed

@@ -4,7 +4,7 @@
 require 'google/protobuf'
 require 'authzed/api/v0/core_pb'
-require 'authzed/api/v0/namespace_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v0/developer.proto", :syntax => :proto3) do
     add_message "authzed.api.v0.FormatSchemaRequest" do
@@ -49,7 +49,6 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     add_message "authzed.api.v0.RequestContext" do
       optional :schema, :string, 1, json_name: "schema"
       repeated :relationships, :message, 2, "authzed.api.v0.RelationTuple", json_name: "relationships"
-      repeated :legacy_ns_configs, :message, 3, "authzed.api.v0.NamespaceDefinition", json_name: "legacyNsConfigs"
     end
     add_message "authzed.api.v0.EditCheckRequest" do
       optional :context, :message, 1, "authzed.api.v0.RequestContext", json_name: "context"

data/lib/authzed/api/v0/namespace_pb.rb CHANGED Viewed

@@ -4,7 +4,9 @@
 require 'google/protobuf'
 require 'google/protobuf/any_pb'
+require 'validate/validate_pb'
 require 'authzed/api/v0/core_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v0/namespace.proto", :syntax => :proto3) do
     add_message "authzed.api.v0.Metadata" do
@@ -22,7 +24,16 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :metadata, :message, 4, "authzed.api.v0.Metadata", json_name: "metadata"
     end
     add_message "authzed.api.v0.TypeInformation" do
-      repeated :allowed_direct_relations, :message, 1, "authzed.api.v0.RelationReference", json_name: "allowedDirectRelations"
+      repeated :allowed_direct_relations, :message, 1, "authzed.api.v0.AllowedRelation", json_name: "allowedDirectRelations"
+    end
+    add_message "authzed.api.v0.AllowedRelation" do
+      optional :namespace, :string, 1, json_name: "namespace"
+      oneof :relation_or_wildcard do
+        optional :relation, :string, 3, json_name: "relation"
+        optional :public_wildcard, :message, 4, "authzed.api.v0.AllowedRelation.PublicWildcard", json_name: "publicWildcard"
+      end
+    end
+    add_message "authzed.api.v0.AllowedRelation.PublicWildcard" do
     end
     add_message "authzed.api.v0.UsersetRewrite" do
       oneof :rewrite_operation do
@@ -69,6 +80,8 @@ module Authzed
       NamespaceDefinition = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.NamespaceDefinition").msgclass
       Relation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.Relation").msgclass
       TypeInformation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.TypeInformation").msgclass
+      AllowedRelation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.AllowedRelation").msgclass
+      AllowedRelation::PublicWildcard = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.AllowedRelation.PublicWildcard").msgclass
       UsersetRewrite = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.UsersetRewrite").msgclass
       SetOperation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperation").msgclass
       SetOperation::Child = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperation.Child").msgclass

data/lib/authzed/api/v0/namespace_service_pb.rb CHANGED Viewed

@@ -3,8 +3,10 @@
 require 'google/protobuf'
+require 'validate/validate_pb'
 require 'authzed/api/v0/core_pb'
 require 'authzed/api/v0/namespace_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v0/namespace_service.proto", :syntax => :proto3) do
     add_message "authzed.api.v0.ReadConfigRequest" do

data/lib/authzed/api/v0/watch_service_pb.rb CHANGED Viewed

@@ -3,7 +3,9 @@
 require 'google/protobuf'
+require 'validate/validate_pb'
 require 'authzed/api/v0/core_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v0/watch_service.proto", :syntax => :proto3) do
     add_message "authzed.api.v0.WatchRequest" do

data/lib/authzed/api/v1/core_pb.rb CHANGED Viewed

@@ -3,6 +3,8 @@
 require 'google/protobuf'
+require 'validate/validate_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v1/core.proto", :syntax => :proto3) do
     add_message "authzed.api.v1.Relationship" do

data/lib/authzed/api/v1/debug_pb.rb ADDED Viewed

@@ -0,0 +1,52 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: authzed/api/v1/debug.proto
+require 'google/protobuf'
+require 'authzed/api/v1/core_pb'
+require 'validate/validate_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("authzed/api/v1/debug.proto", :syntax => :proto3) do
+    add_message "authzed.api.v1.DebugInformation" do
+      optional :check, :message, 1, "authzed.api.v1.CheckDebugTrace", json_name: "check"
+      optional :schema_used, :string, 2, json_name: "schemaUsed"
+    end
+    add_message "authzed.api.v1.CheckDebugTrace" do
+      optional :resource, :message, 1, "authzed.api.v1.ObjectReference", json_name: "resource"
+      optional :permission, :string, 2, json_name: "permission"
+      optional :permission_type, :enum, 3, "authzed.api.v1.CheckDebugTrace.PermissionType", json_name: "permissionType"
+      optional :subject, :message, 4, "authzed.api.v1.SubjectReference", json_name: "subject"
+      optional :result, :enum, 5, "authzed.api.v1.CheckDebugTrace.Permissionship", json_name: "result"
+      oneof :resolution do
+        optional :was_cached_result, :bool, 6, json_name: "wasCachedResult"
+        optional :sub_problems, :message, 7, "authzed.api.v1.CheckDebugTrace.SubProblems", json_name: "subProblems"
+      end
+    end
+    add_message "authzed.api.v1.CheckDebugTrace.SubProblems" do
+      repeated :traces, :message, 1, "authzed.api.v1.CheckDebugTrace", json_name: "traces"
+    end
+    add_enum "authzed.api.v1.CheckDebugTrace.PermissionType" do
+      value :PERMISSION_TYPE_UNSPECIFIED, 0
+      value :PERMISSION_TYPE_RELATION, 1
+      value :PERMISSION_TYPE_PERMISSION, 2
+    end
+    add_enum "authzed.api.v1.CheckDebugTrace.Permissionship" do
+      value :PERMISSIONSHIP_UNSPECIFIED, 0
+      value :PERMISSIONSHIP_NO_PERMISSION, 1
+      value :PERMISSIONSHIP_HAS_PERMISSION, 2
+    end
+  end
+end
+module Authzed
+  module Api
+    module V1
+      DebugInformation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.DebugInformation").msgclass
+      CheckDebugTrace = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckDebugTrace").msgclass
+      CheckDebugTrace::SubProblems = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckDebugTrace.SubProblems").msgclass
+      CheckDebugTrace::PermissionType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckDebugTrace.PermissionType").enummodule
+      CheckDebugTrace::Permissionship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckDebugTrace.Permissionship").enummodule
+    end
+  end
+end

data/lib/authzed/api/v1/openapi_pb.rb ADDED Viewed

@@ -0,0 +1,18 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: authzed/api/v1/openapi.proto
+require 'google/protobuf'
+require 'protoc-gen-openapiv2/options/annotations_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("authzed/api/v1/openapi.proto", :syntax => :proto3) do
+  end
+end
+module Authzed
+  module Api
+    module V1
+    end
+  end
+end

data/lib/authzed/api/v1/permission_service_pb.rb CHANGED Viewed

@@ -3,7 +3,10 @@
 require 'google/protobuf'
+require 'google/api/annotations_pb'
+require 'validate/validate_pb'
 require 'authzed/api/v1/core_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v1/permission_service.proto", :syntax => :proto3) do
     add_message "authzed.api.v1.Consistency" do
@@ -93,6 +96,18 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :looked_up_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "lookedUpAt"
       optional :resource_object_id, :string, 2, json_name: "resourceObjectId"
     end
+    add_message "authzed.api.v1.LookupSubjectsRequest" do
+      optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
+      optional :resource, :message, 2, "authzed.api.v1.ObjectReference", json_name: "resource"
+      optional :permission, :string, 3, json_name: "permission"
+      optional :subject_object_type, :string, 4, json_name: "subjectObjectType"
+      optional :optional_subject_relation, :string, 5, json_name: "optionalSubjectRelation"
+    end
+    add_message "authzed.api.v1.LookupSubjectsResponse" do
+      optional :looked_up_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "lookedUpAt"
+      optional :subject_object_id, :string, 2, json_name: "subjectObjectId"
+      repeated :excluded_subject_ids, :string, 3, json_name: "excludedSubjectIds"
+    end
   end
 end
@@ -118,6 +133,8 @@ module Authzed
       ExpandPermissionTreeResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExpandPermissionTreeResponse").msgclass
       LookupResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupResourcesRequest").msgclass
       LookupResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupResourcesResponse").msgclass
+      LookupSubjectsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupSubjectsRequest").msgclass
+      LookupSubjectsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupSubjectsResponse").msgclass
     end
   end
 end

data/lib/authzed/api/v1/permission_service_services_pb.rb CHANGED Viewed

@@ -8,8 +8,8 @@ module Authzed
   module Api
     module V1
       module PermissionsService
-        # PermissionsService is used to perform permissions and relationship
-        # operations.
+        # PermissionsService implements a set of RPCs that perform operations on
+        # relationships and permissions.
         class Service
           include ::GRPC::GenericService
@@ -21,23 +21,28 @@ module Authzed
           # ReadRelationships reads a set of the relationships matching one or more
           # filters.
           rpc :ReadRelationships, ::Authzed::Api::V1::ReadRelationshipsRequest, stream(::Authzed::Api::V1::ReadRelationshipsResponse)
-          # WriteRelationships writes and/or deletes a set of specified relationships,
-          # with an optional set of precondition relationships that must exist before
-          # the operation can commit.
+          # WriteRelationships atomically writes and/or deletes a set of specified
+          # relationships. An optional set of preconditions can be provided that must
+          # be satisfied for the operation to commit.
           rpc :WriteRelationships, ::Authzed::Api::V1::WriteRelationshipsRequest, ::Authzed::Api::V1::WriteRelationshipsResponse
-          # DeleteRelationships deletes relationships matching one or more filters, in
-          # bulk.
+          # DeleteRelationships atomically bulk deletes all relationships matching the
+          # provided filter. If no relationships match, none will be deleted and the
+          # operation will succeed. An optional set of preconditions can be provided that must
+          # be satisfied for the operation to commit.
           rpc :DeleteRelationships, ::Authzed::Api::V1::DeleteRelationshipsRequest, ::Authzed::Api::V1::DeleteRelationshipsResponse
-          # CheckPermission checks whether a subject has a particular permission or is
-          # a member of a particular relation, on a given resource.
+          # CheckPermission determines for a given resource whether a subject computes
+          # to having a permission or is a direct member of a particular relation.
           rpc :CheckPermission, ::Authzed::Api::V1::CheckPermissionRequest, ::Authzed::Api::V1::CheckPermissionResponse
-          # ExpandPermissionTree expands the relationships reachable from a particular
-          # permission or relation of a given resource.
+          # ExpandPermissionTree reveals the graph structure for a resource's
+          # permission or relation. This RPC does not recurse infinitely deep and may
+          # require multiple calls to fully unnest a deeply nested graph.
           rpc :ExpandPermissionTree, ::Authzed::Api::V1::ExpandPermissionTreeRequest, ::Authzed::Api::V1::ExpandPermissionTreeResponse
-          # LookupResources returns the IDs of all resources on which the specified
-          # subject has permission or on which the specified subject is a member of the
-          # relation.
+          # LookupResources returns all the resources of a given type that a subject
+          # can access whether via a computed permission or relation membership.
           rpc :LookupResources, ::Authzed::Api::V1::LookupResourcesRequest, stream(::Authzed::Api::V1::LookupResourcesResponse)
+          # LookupSubjects returns all the subjects of a given type that
+          # have access whether via a computed permission or relation membership.
+          rpc :LookupSubjects, ::Authzed::Api::V1::LookupSubjectsRequest, stream(::Authzed::Api::V1::LookupSubjectsResponse)
         end
         Stub = Service.rpc_stub_class

data/lib/authzed/api/v1/schema_service_pb.rb ADDED Viewed

@@ -0,0 +1,33 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: authzed/api/v1/schema_service.proto
+require 'google/protobuf'
+require 'google/api/annotations_pb'
+require 'validate/validate_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("authzed/api/v1/schema_service.proto", :syntax => :proto3) do
+    add_message "authzed.api.v1.ReadSchemaRequest" do
+    end
+    add_message "authzed.api.v1.ReadSchemaResponse" do
+      optional :schema_text, :string, 1, json_name: "schemaText"
+    end
+    add_message "authzed.api.v1.WriteSchemaRequest" do
+      optional :schema, :string, 1, json_name: "schema"
+    end
+    add_message "authzed.api.v1.WriteSchemaResponse" do
+    end
+  end
+end
+module Authzed
+  module Api
+    module V1
+      ReadSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaRequest").msgclass
+      ReadSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaResponse").msgclass
+      WriteSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaRequest").msgclass
+      WriteSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaResponse").msgclass
+    end
+  end
+end

data/lib/authzed/api/v1/schema_service_services_pb.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: authzed/api/v1/schema_service.proto for package 'authzed.api.v1'
+require 'grpc'
+require 'authzed/api/v1/schema_service_pb'
+module Authzed
+  module Api
+    module V1
+      module SchemaService
+        # SchemaService implements operations on a Permissions System's Schema.
+        class Service
+          include ::GRPC::GenericService
+          self.marshal_class_method = :encode
+          self.unmarshal_class_method = :decode
+          self.service_name = 'authzed.api.v1.SchemaService'
+          # Read returns the current Object Definitions for a Permissions System.
+          #
+          # Errors include:
+          # - INVALID_ARGUMENT: a provided value has failed to semantically validate
+          # - NOT_FOUND: no schema has been defined
+          rpc :ReadSchema, ::Authzed::Api::V1::ReadSchemaRequest, ::Authzed::Api::V1::ReadSchemaResponse
+          # Write overwrites the current Object Definitions for a Permissions System.
+          rpc :WriteSchema, ::Authzed::Api::V1::WriteSchemaRequest, ::Authzed::Api::V1::WriteSchemaResponse
+        end
+        Stub = Service.rpc_stub_class
+      end
+    end
+  end
+end

data/lib/authzed/api/v1/watch_service_pb.rb CHANGED Viewed

@@ -3,11 +3,14 @@
 require 'google/protobuf'
+require 'google/api/annotations_pb'
+require 'validate/validate_pb'
 require 'authzed/api/v1/core_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v1/watch_service.proto", :syntax => :proto3) do
     add_message "authzed.api.v1.WatchRequest" do
-      repeated :object_types, :string, 1, json_name: "objectTypes"
+      repeated :optional_object_types, :string, 1, json_name: "optionalObjectTypes"
       optional :optional_start_cursor, :message, 2, "authzed.api.v1.ZedToken", json_name: "optionalStartCursor"
     end
     add_message "authzed.api.v1.WatchResponse" do

data/lib/authzed/api/v1alpha1/schema_pb.rb CHANGED Viewed

@@ -3,6 +3,8 @@
 require 'google/protobuf'
+require 'validate/validate_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v1alpha1/schema.proto", :syntax => :proto3) do
     add_message "authzed.api.v1alpha1.ReadSchemaRequest" do
@@ -10,12 +12,15 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     end
     add_message "authzed.api.v1alpha1.ReadSchemaResponse" do
       repeated :object_definitions, :string, 1, json_name: "objectDefinitions"
+      optional :computed_definitions_revision, :string, 2, json_name: "computedDefinitionsRevision"
     end
     add_message "authzed.api.v1alpha1.WriteSchemaRequest" do
       optional :schema, :string, 1, json_name: "schema"
+      optional :optional_definitions_revision_precondition, :string, 2, json_name: "optionalDefinitionsRevisionPrecondition"
     end
     add_message "authzed.api.v1alpha1.WriteSchemaResponse" do
       repeated :object_definitions_names, :string, 1, json_name: "objectDefinitionsNames"
+      optional :computed_definitions_revision, :string, 2, json_name: "computedDefinitionsRevision"
     end
   end
 end

data/lib/authzed/api/v1alpha1/watchresources_service_pb.rb ADDED Viewed

@@ -0,0 +1,46 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: authzed/api/v1alpha1/watchresources_service.proto
+require 'google/protobuf'
+require 'google/api/annotations_pb'
+require 'validate/validate_pb'
+require 'authzed/api/v1/core_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("authzed/api/v1alpha1/watchresources_service.proto", :syntax => :proto3) do
+    add_message "authzed.api.v1alpha1.WatchResourcesRequest" do
+      optional :resource_object_type, :string, 1, json_name: "resourceObjectType"
+      optional :permission, :string, 2, json_name: "permission"
+      optional :subject_object_type, :string, 3, json_name: "subjectObjectType"
+      optional :optional_subject_relation, :string, 4, json_name: "optionalSubjectRelation"
+      optional :optional_start_cursor, :message, 5, "authzed.api.v1.ZedToken", json_name: "optionalStartCursor"
+    end
+    add_message "authzed.api.v1alpha1.PermissionUpdate" do
+      optional :subject, :message, 1, "authzed.api.v1.SubjectReference", json_name: "subject"
+      optional :resource, :message, 2, "authzed.api.v1.ObjectReference", json_name: "resource"
+      optional :relation, :string, 3, json_name: "relation"
+      optional :updated_permission, :enum, 4, "authzed.api.v1alpha1.PermissionUpdate.Permissionship", json_name: "updatedPermission"
+    end
+    add_enum "authzed.api.v1alpha1.PermissionUpdate.Permissionship" do
+      value :PERMISSIONSHIP_UNSPECIFIED, 0
+      value :PERMISSIONSHIP_NO_PERMISSION, 1
+      value :PERMISSIONSHIP_HAS_PERMISSION, 2
+    end
+    add_message "authzed.api.v1alpha1.WatchResourcesResponse" do
+      repeated :updates, :message, 1, "authzed.api.v1alpha1.PermissionUpdate", json_name: "updates"
+      optional :changes_through, :message, 2, "authzed.api.v1.ZedToken", json_name: "changesThrough"
+    end
+  end
+end
+module Authzed
+  module Api
+    module V1alpha1
+      WatchResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.WatchResourcesRequest").msgclass
+      PermissionUpdate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.PermissionUpdate").msgclass
+      PermissionUpdate::Permissionship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.PermissionUpdate.Permissionship").enummodule
+      WatchResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.WatchResourcesResponse").msgclass
+    end
+  end
+end

data/lib/authzed/api/v1alpha1/watchresources_service_services_pb.rb ADDED Viewed

@@ -0,0 +1,30 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: authzed/api/v1alpha1/watchresources_service.proto for package 'authzed.api.v1alpha1'
+require 'grpc'
+require 'authzed/api/v1alpha1/watchresources_service_pb'
+module Authzed
+  module Api
+    module V1alpha1
+      module WatchResourcesService
+        # WatchResourcesService is used to receive a stream of updates for resources of a
+        # specific (resource type, permission, subject) combination.
+        class Service
+          include ::GRPC::GenericService
+          self.marshal_class_method = :encode
+          self.unmarshal_class_method = :decode
+          self.service_name = 'authzed.api.v1alpha1.WatchResourcesService'
+          # WatchResources initiates a watch for permission changes for the provided
+          # (resource type, permission, subject) pair.
+          rpc :WatchResources, ::Authzed::Api::V1alpha1::WatchResourcesRequest, stream(::Authzed::Api::V1alpha1::WatchResourcesResponse)
+        end
+        Stub = Service.rpc_stub_class
+      end
+    end
+  end
+end

data/lib/authzed.rb CHANGED Viewed

@@ -1,14 +1,3 @@
-require 'authzed/api/v0/acl_service_pb'
-require 'authzed/api/v0/acl_service_services_pb'
-require 'authzed/api/v0/core_pb'
-require 'authzed/api/v0/developer_pb'
-require 'authzed/api/v0/developer_services_pb'
-require 'authzed/api/v0/namespace_pb'
-require 'authzed/api/v0/namespace_service_pb'
-require 'authzed/api/v0/namespace_service_services_pb'
-require 'authzed/api/v0/watch_service_pb'
-require 'authzed/api/v0/watch_service_services_pb'
-require 'authzed/api/v0/client'
 require 'authzed/api/v1alpha1/schema_pb'
 require 'authzed/api/v1alpha1/schema_services_pb'
 require 'authzed/api/v1alpha1/client'
@@ -19,4 +8,4 @@ require 'authzed/api/v1/client'
 require 'grpcutil/bearer_token'
 module Authzed
-end
+end

data/lib/validate/validate_pb.rb ADDED Viewed

@@ -0,0 +1,4 @@
+module Validate
+  module ValidatePb
+  end
+end

metadata CHANGED Viewed

@@ -1,15 +1,57 @@
 --- !ruby/object:Gem::Specification
 name: authzed
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.4.0
 platform: ruby
 authors:
 - Authzed
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-10-26 00:00:00.000000000 Z
-dependencies: []
+date: 2022-09-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: grpc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.41'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.41'
+- !ruby/object:Gem::Dependency
+  name: grpc-tools
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.41'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.41'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 description: Authzed is the best way to build robust and scalable permissions systems.
   See https://authzed.com for more details.
 email: support@authzed.com
@@ -33,16 +75,23 @@ files:
 - lib/authzed/api/v0/watch_service_services_pb.rb
 - lib/authzed/api/v1/client.rb
 - lib/authzed/api/v1/core_pb.rb
+- lib/authzed/api/v1/debug_pb.rb
+- lib/authzed/api/v1/openapi_pb.rb
 - lib/authzed/api/v1/permission_service_pb.rb
 - lib/authzed/api/v1/permission_service_services_pb.rb
 - lib/authzed/api/v1/schema_pb.rb
+- lib/authzed/api/v1/schema_service_pb.rb
+- lib/authzed/api/v1/schema_service_services_pb.rb
 - lib/authzed/api/v1/schema_services_pb.rb
 - lib/authzed/api/v1/watch_service_pb.rb
 - lib/authzed/api/v1/watch_service_services_pb.rb
 - lib/authzed/api/v1alpha1/client.rb
 - lib/authzed/api/v1alpha1/schema_pb.rb
 - lib/authzed/api/v1alpha1/schema_services_pb.rb
+- lib/authzed/api/v1alpha1/watchresources_service_pb.rb
+- lib/authzed/api/v1alpha1/watchresources_service_services_pb.rb
 - lib/grpcutil/bearer_token.rb
+- lib/validate/validate_pb.rb
 homepage: https://authzed.com
 licenses:
 - Apache-2.0