authzed 0.3.1 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +20 -11
- data/lib/authzed/api/v0/core_pb.rb +0 -40
- data/lib/authzed/api/v0/developer_pb.rb +0 -2
- data/lib/authzed/api/v1/debug_pb.rb +52 -0
- data/lib/authzed/api/v1/permission_service_pb.rb +14 -0
- data/lib/authzed/api/v1/permission_service_services_pb.rb +6 -2
- metadata +7 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0211dcb4e1b7cfc4f5aecca853548da0d6eef6d0198dd97e0f2ff44dae373429
|
4
|
+
data.tar.gz: 94e3b2c8cbd070654e88f0ce3ed02ecda045fe1156a14ceec210df5743b18a2e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2192c05e51d8abb91baddf0b29e27477cc1de6f0922a4fb6d1fed9b39fb14870e4ad7a32dd87964cea8724890d947bf6726b8bf358808478f50e32f9b380cd70
|
7
|
+
data.tar.gz: 3893665e9b69175317a990c6305166c3f25cb354bc04890ebf9b467dd0914d1c0a00943ac916cd183beddfae953b2653910d35060b121bfe32b69e19515205f9
|
data/README.md
CHANGED
@@ -1,32 +1,41 @@
|
|
1
1
|
# Authzed Ruby Client
|
2
2
|
|
3
3
|
[![Ruby Gems](https://img.shields.io/gem/v/authzed?include_prereleases)](https://rubygems.org/gems/authzed)
|
4
|
+
[![Docs](https://img.shields.io/badge/docs-authzed.com-%234B4B6C "Authzed Documentation")](https://docs.authzed.com)
|
4
5
|
[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0.html)
|
5
6
|
[![Build Status](https://github.com/authzed/authzed-rb/workflows/build/badge.svg)](https://github.com/authzed/authzed-rb/actions)
|
6
|
-
[![Mailing List](https://img.shields.io/badge/email-google%20groups-4285F4)](https://groups.google.com/g/authzed-oss)
|
7
7
|
[![Discord Server](https://img.shields.io/discord/844600078504951838?color=7289da&logo=discord "Discord Server")](https://discord.gg/jTysUaxXzM)
|
8
8
|
[![Twitter](https://img.shields.io/twitter/follow/authzed?color=%23179CF0&logo=twitter&style=flat-square)](https://twitter.com/authzed)
|
9
9
|
|
10
|
-
This repository houses the Ruby client library for Authzed.
|
10
|
+
This repository houses the official Ruby client library for Authzed and SpiceDB.
|
11
11
|
|
12
|
-
[
|
12
|
+
[SpiceDB] is a database system for managing security-critical permissions checking.
|
13
13
|
|
14
|
-
|
14
|
+
SpiceDB acts as a centralized service that stores authorization data.
|
15
|
+
Once stored, data can be performantly queried to answer questions such as "Does this user have access to this resource?" and "What are all the resources this user has access to?".
|
16
|
+
|
17
|
+
[Authzed] operates the globally available, serverless database platform for SpiceDB.
|
15
18
|
|
16
19
|
Supported client API versions:
|
17
|
-
- [v1](https://
|
18
|
-
- [v1alpha1](https://
|
19
|
-
- "v0" - deprecated
|
20
|
+
- [v1](https://buf.build/authzed/api/docs/main/authzed.api.v1)
|
21
|
+
- [v1alpha1](https://buf.build/authzed/api/docs/main/authzed.api.v1alpha1)
|
20
22
|
|
21
|
-
You can find more info
|
22
|
-
Additionally, Protobuf API documentation can be found on the [Buf Registry Authzed API repository].
|
23
|
+
You can find more info about the API in the [Authzed Documentation API Reference] or the [Authzed API Buf Registry repository].
|
23
24
|
|
24
25
|
See [CONTRIBUTING.md] for instructions on how to contribute and perform common tasks like building the project and running tests.
|
25
26
|
|
27
|
+
[SpiceDB]: https://github.com/authzed/spicedb
|
26
28
|
[Authzed]: https://authzed.com
|
27
|
-
[Authzed API Reference
|
28
|
-
[Buf Registry
|
29
|
+
[Authzed Documentation API Reference]: https://docs.authzed.com/reference/api
|
30
|
+
[Authzed API Buf Registry repository]: https://buf.build/authzed/api
|
29
31
|
[CONTRIBUTING.md]: CONTRIBUTING.md
|
32
|
+
[Discord]: https://authzed.com/discord
|
33
|
+
[Urgent]: https://github.com/authzed/authzed-rb/labels/priority%2F0%20urgent
|
34
|
+
[High]: https://github.com/authzed/authzed-rb/labels/priority%2F1%20high
|
35
|
+
[Medium]: https://github.com/authzed/authzed-rb/labels/priority%2F2%20medium
|
36
|
+
[Low]: https://github.com/authzed/authzed-rb/labels/priority%2F3%20low
|
37
|
+
[Maybe]: https://github.com/authzed/authzed-rb/labels/priority%2F4%20maybe
|
38
|
+
[good first issues]: https://github.com/authzed-rb/spicedb/labels/hint%2Fgood%20first%20issue
|
30
39
|
|
31
40
|
## Getting Started
|
32
41
|
|
@@ -25,39 +25,6 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
25
25
|
optional :userset, :message, 2, "authzed.api.v0.ObjectAndRelation", json_name: "userset"
|
26
26
|
end
|
27
27
|
end
|
28
|
-
add_message "authzed.api.v0.Zookie" do
|
29
|
-
optional :token, :string, 1, json_name: "token"
|
30
|
-
end
|
31
|
-
add_message "authzed.api.v0.RelationTupleUpdate" do
|
32
|
-
optional :operation, :enum, 1, "authzed.api.v0.RelationTupleUpdate.Operation", json_name: "operation"
|
33
|
-
optional :tuple, :message, 2, "authzed.api.v0.RelationTuple", json_name: "tuple"
|
34
|
-
end
|
35
|
-
add_enum "authzed.api.v0.RelationTupleUpdate.Operation" do
|
36
|
-
value :UNKNOWN, 0
|
37
|
-
value :CREATE, 1
|
38
|
-
value :TOUCH, 2
|
39
|
-
value :DELETE, 3
|
40
|
-
end
|
41
|
-
add_message "authzed.api.v0.RelationTupleTreeNode" do
|
42
|
-
optional :expanded, :message, 3, "authzed.api.v0.ObjectAndRelation", json_name: "expanded"
|
43
|
-
oneof :node_type do
|
44
|
-
optional :intermediate_node, :message, 1, "authzed.api.v0.SetOperationUserset", json_name: "intermediateNode"
|
45
|
-
optional :leaf_node, :message, 2, "authzed.api.v0.DirectUserset", json_name: "leafNode"
|
46
|
-
end
|
47
|
-
end
|
48
|
-
add_message "authzed.api.v0.SetOperationUserset" do
|
49
|
-
optional :operation, :enum, 1, "authzed.api.v0.SetOperationUserset.Operation", json_name: "operation"
|
50
|
-
repeated :child_nodes, :message, 2, "authzed.api.v0.RelationTupleTreeNode", json_name: "childNodes"
|
51
|
-
end
|
52
|
-
add_enum "authzed.api.v0.SetOperationUserset.Operation" do
|
53
|
-
value :INVALID, 0
|
54
|
-
value :UNION, 1
|
55
|
-
value :INTERSECTION, 2
|
56
|
-
value :EXCLUSION, 3
|
57
|
-
end
|
58
|
-
add_message "authzed.api.v0.DirectUserset" do
|
59
|
-
repeated :users, :message, 1, "authzed.api.v0.User", json_name: "users"
|
60
|
-
end
|
61
28
|
end
|
62
29
|
end
|
63
30
|
|
@@ -68,13 +35,6 @@ module Authzed
|
|
68
35
|
ObjectAndRelation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.ObjectAndRelation").msgclass
|
69
36
|
RelationReference = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.RelationReference").msgclass
|
70
37
|
User = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.User").msgclass
|
71
|
-
Zookie = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.Zookie").msgclass
|
72
|
-
RelationTupleUpdate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.RelationTupleUpdate").msgclass
|
73
|
-
RelationTupleUpdate::Operation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.RelationTupleUpdate.Operation").enummodule
|
74
|
-
RelationTupleTreeNode = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.RelationTupleTreeNode").msgclass
|
75
|
-
SetOperationUserset = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperationUserset").msgclass
|
76
|
-
SetOperationUserset::Operation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperationUserset.Operation").enummodule
|
77
|
-
DirectUserset = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.DirectUserset").msgclass
|
78
38
|
end
|
79
39
|
end
|
80
40
|
end
|
@@ -4,7 +4,6 @@
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
6
|
require 'authzed/api/v0/core_pb'
|
7
|
-
require 'authzed/api/v0/namespace_pb'
|
8
7
|
|
9
8
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
10
9
|
add_file("authzed/api/v0/developer.proto", :syntax => :proto3) do
|
@@ -50,7 +49,6 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
50
49
|
add_message "authzed.api.v0.RequestContext" do
|
51
50
|
optional :schema, :string, 1, json_name: "schema"
|
52
51
|
repeated :relationships, :message, 2, "authzed.api.v0.RelationTuple", json_name: "relationships"
|
53
|
-
repeated :legacy_ns_configs, :message, 3, "authzed.api.v0.NamespaceDefinition", json_name: "legacyNsConfigs"
|
54
52
|
end
|
55
53
|
add_message "authzed.api.v0.EditCheckRequest" do
|
56
54
|
optional :context, :message, 1, "authzed.api.v0.RequestContext", json_name: "context"
|
@@ -0,0 +1,52 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: authzed/api/v1/debug.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'authzed/api/v1/core_pb'
|
7
|
+
require 'validate/validate_pb'
|
8
|
+
|
9
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
10
|
+
add_file("authzed/api/v1/debug.proto", :syntax => :proto3) do
|
11
|
+
add_message "authzed.api.v1.DebugInformation" do
|
12
|
+
optional :check, :message, 1, "authzed.api.v1.CheckDebugTrace", json_name: "check"
|
13
|
+
optional :schema_used, :string, 2, json_name: "schemaUsed"
|
14
|
+
end
|
15
|
+
add_message "authzed.api.v1.CheckDebugTrace" do
|
16
|
+
optional :resource, :message, 1, "authzed.api.v1.ObjectReference", json_name: "resource"
|
17
|
+
optional :permission, :string, 2, json_name: "permission"
|
18
|
+
optional :permission_type, :enum, 3, "authzed.api.v1.CheckDebugTrace.PermissionType", json_name: "permissionType"
|
19
|
+
optional :subject, :message, 4, "authzed.api.v1.SubjectReference", json_name: "subject"
|
20
|
+
optional :result, :enum, 5, "authzed.api.v1.CheckDebugTrace.Permissionship", json_name: "result"
|
21
|
+
oneof :resolution do
|
22
|
+
optional :was_cached_result, :bool, 6, json_name: "wasCachedResult"
|
23
|
+
optional :sub_problems, :message, 7, "authzed.api.v1.CheckDebugTrace.SubProblems", json_name: "subProblems"
|
24
|
+
end
|
25
|
+
end
|
26
|
+
add_message "authzed.api.v1.CheckDebugTrace.SubProblems" do
|
27
|
+
repeated :traces, :message, 1, "authzed.api.v1.CheckDebugTrace", json_name: "traces"
|
28
|
+
end
|
29
|
+
add_enum "authzed.api.v1.CheckDebugTrace.PermissionType" do
|
30
|
+
value :PERMISSION_TYPE_UNSPECIFIED, 0
|
31
|
+
value :PERMISSION_TYPE_RELATION, 1
|
32
|
+
value :PERMISSION_TYPE_PERMISSION, 2
|
33
|
+
end
|
34
|
+
add_enum "authzed.api.v1.CheckDebugTrace.Permissionship" do
|
35
|
+
value :PERMISSIONSHIP_UNSPECIFIED, 0
|
36
|
+
value :PERMISSIONSHIP_NO_PERMISSION, 1
|
37
|
+
value :PERMISSIONSHIP_HAS_PERMISSION, 2
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
module Authzed
|
43
|
+
module Api
|
44
|
+
module V1
|
45
|
+
DebugInformation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.DebugInformation").msgclass
|
46
|
+
CheckDebugTrace = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckDebugTrace").msgclass
|
47
|
+
CheckDebugTrace::SubProblems = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckDebugTrace.SubProblems").msgclass
|
48
|
+
CheckDebugTrace::PermissionType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckDebugTrace.PermissionType").enummodule
|
49
|
+
CheckDebugTrace::Permissionship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckDebugTrace.Permissionship").enummodule
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
@@ -96,6 +96,18 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
96
96
|
optional :looked_up_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "lookedUpAt"
|
97
97
|
optional :resource_object_id, :string, 2, json_name: "resourceObjectId"
|
98
98
|
end
|
99
|
+
add_message "authzed.api.v1.LookupSubjectsRequest" do
|
100
|
+
optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
|
101
|
+
optional :resource, :message, 2, "authzed.api.v1.ObjectReference", json_name: "resource"
|
102
|
+
optional :permission, :string, 3, json_name: "permission"
|
103
|
+
optional :subject_object_type, :string, 4, json_name: "subjectObjectType"
|
104
|
+
optional :optional_subject_relation, :string, 5, json_name: "optionalSubjectRelation"
|
105
|
+
end
|
106
|
+
add_message "authzed.api.v1.LookupSubjectsResponse" do
|
107
|
+
optional :looked_up_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "lookedUpAt"
|
108
|
+
optional :subject_object_id, :string, 2, json_name: "subjectObjectId"
|
109
|
+
repeated :excluded_subject_ids, :string, 3, json_name: "excludedSubjectIds"
|
110
|
+
end
|
99
111
|
end
|
100
112
|
end
|
101
113
|
|
@@ -121,6 +133,8 @@ module Authzed
|
|
121
133
|
ExpandPermissionTreeResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExpandPermissionTreeResponse").msgclass
|
122
134
|
LookupResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupResourcesRequest").msgclass
|
123
135
|
LookupResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupResourcesResponse").msgclass
|
136
|
+
LookupSubjectsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupSubjectsRequest").msgclass
|
137
|
+
LookupSubjectsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupSubjectsResponse").msgclass
|
124
138
|
end
|
125
139
|
end
|
126
140
|
end
|
@@ -25,8 +25,9 @@ module Authzed
|
|
25
25
|
# relationships. An optional set of preconditions can be provided that must
|
26
26
|
# be satisfied for the operation to commit.
|
27
27
|
rpc :WriteRelationships, ::Authzed::Api::V1::WriteRelationshipsRequest, ::Authzed::Api::V1::WriteRelationshipsResponse
|
28
|
-
# DeleteRelationships atomically bulk deletes relationships matching
|
29
|
-
#
|
28
|
+
# DeleteRelationships atomically bulk deletes all relationships matching the
|
29
|
+
# provided filter. If no relationships match, none will be deleted and the
|
30
|
+
# operation will succeed. An optional set of preconditions can be provided that must
|
30
31
|
# be satisfied for the operation to commit.
|
31
32
|
rpc :DeleteRelationships, ::Authzed::Api::V1::DeleteRelationshipsRequest, ::Authzed::Api::V1::DeleteRelationshipsResponse
|
32
33
|
# CheckPermission determines for a given resource whether a subject computes
|
@@ -39,6 +40,9 @@ module Authzed
|
|
39
40
|
# LookupResources returns all the resources of a given type that a subject
|
40
41
|
# can access whether via a computed permission or relation membership.
|
41
42
|
rpc :LookupResources, ::Authzed::Api::V1::LookupResourcesRequest, stream(::Authzed::Api::V1::LookupResourcesResponse)
|
43
|
+
# LookupSubjects returns all the subjects of a given type that
|
44
|
+
# have access whether via a computed permission or relation membership.
|
45
|
+
rpc :LookupSubjects, ::Authzed::Api::V1::LookupSubjectsRequest, stream(::Authzed::Api::V1::LookupSubjectsResponse)
|
42
46
|
end
|
43
47
|
|
44
48
|
Stub = Service.rpc_stub_class
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authzed
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Authzed
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-09-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: grpc
|
@@ -75,6 +75,7 @@ files:
|
|
75
75
|
- lib/authzed/api/v0/watch_service_services_pb.rb
|
76
76
|
- lib/authzed/api/v1/client.rb
|
77
77
|
- lib/authzed/api/v1/core_pb.rb
|
78
|
+
- lib/authzed/api/v1/debug_pb.rb
|
78
79
|
- lib/authzed/api/v1/openapi_pb.rb
|
79
80
|
- lib/authzed/api/v1/permission_service_pb.rb
|
80
81
|
- lib/authzed/api/v1/permission_service_services_pb.rb
|
@@ -99,7 +100,7 @@ metadata:
|
|
99
100
|
github_repo: ssh://github.com/authzed/authzed-rb
|
100
101
|
homepage_uri: https://authzed.com
|
101
102
|
source_code_uri: https://github.com/authzed/authzed-rb
|
102
|
-
post_install_message:
|
103
|
+
post_install_message:
|
103
104
|
rdoc_options: []
|
104
105
|
require_paths:
|
105
106
|
- lib
|
@@ -114,8 +115,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
114
115
|
- !ruby/object:Gem::Version
|
115
116
|
version: '0'
|
116
117
|
requirements: []
|
117
|
-
rubygems_version: 3.
|
118
|
-
signing_key:
|
118
|
+
rubygems_version: 3.0.1
|
119
|
+
signing_key:
|
119
120
|
specification_version: 4
|
120
121
|
summary: Ruby bindings for Authzed API
|
121
122
|
test_files: []
|