authzed 0.5.0 → 0.7.1

data/lib/authzed/api/v1/permission_service_pb.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: authzed/api/v1/permission_service.proto
 
@@ -8,132 +9,33 @@ require 'google/api/annotations_pb'
 require 'validate/validate_pb'
 require 'authzed/api/v1/core_pb'
 
-Google::Protobuf::DescriptorPool.generated_pool.build do
-  add_file("authzed/api/v1/permission_service.proto", :syntax => :proto3) do
-    add_message "authzed.api.v1.Consistency" do
-      oneof :requirement do
-        optional :minimize_latency, :bool, 1, json_name: "minimizeLatency"
-        optional :at_least_as_fresh, :message, 2, "authzed.api.v1.ZedToken", json_name: "atLeastAsFresh"
-        optional :at_exact_snapshot, :message, 3, "authzed.api.v1.ZedToken", json_name: "atExactSnapshot"
-        optional :fully_consistent, :bool, 4, json_name: "fullyConsistent"
-      end
-    end
-    add_message "authzed.api.v1.RelationshipFilter" do
-      optional :resource_type, :string, 1, json_name: "resourceType"
-      optional :optional_resource_id, :string, 2, json_name: "optionalResourceId"
-      optional :optional_relation, :string, 3, json_name: "optionalRelation"
-      optional :optional_subject_filter, :message, 4, "authzed.api.v1.SubjectFilter", json_name: "optionalSubjectFilter"
-    end
-    add_message "authzed.api.v1.SubjectFilter" do
-      optional :subject_type, :string, 1, json_name: "subjectType"
-      optional :optional_subject_id, :string, 2, json_name: "optionalSubjectId"
-      optional :optional_relation, :message, 3, "authzed.api.v1.SubjectFilter.RelationFilter", json_name: "optionalRelation"
-    end
-    add_message "authzed.api.v1.SubjectFilter.RelationFilter" do
-      optional :relation, :string, 1, json_name: "relation"
-    end
-    add_message "authzed.api.v1.ReadRelationshipsRequest" do
-      optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
-      optional :relationship_filter, :message, 2, "authzed.api.v1.RelationshipFilter", json_name: "relationshipFilter"
-    end
-    add_message "authzed.api.v1.ReadRelationshipsResponse" do
-      optional :read_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "readAt"
-      optional :relationship, :message, 2, "authzed.api.v1.Relationship", json_name: "relationship"
-    end
-    add_message "authzed.api.v1.Precondition" do
-      optional :operation, :enum, 1, "authzed.api.v1.Precondition.Operation", json_name: "operation"
-      optional :filter, :message, 2, "authzed.api.v1.RelationshipFilter", json_name: "filter"
-    end
-    add_enum "authzed.api.v1.Precondition.Operation" do
-      value :OPERATION_UNSPECIFIED, 0
-      value :OPERATION_MUST_NOT_MATCH, 1
-      value :OPERATION_MUST_MATCH, 2
-    end
-    add_message "authzed.api.v1.WriteRelationshipsRequest" do
-      repeated :updates, :message, 1, "authzed.api.v1.RelationshipUpdate", json_name: "updates"
-      repeated :optional_preconditions, :message, 2, "authzed.api.v1.Precondition", json_name: "optionalPreconditions"
-    end
-    add_message "authzed.api.v1.WriteRelationshipsResponse" do
-      optional :written_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "writtenAt"
-    end
-    add_message "authzed.api.v1.DeleteRelationshipsRequest" do
-      optional :relationship_filter, :message, 1, "authzed.api.v1.RelationshipFilter", json_name: "relationshipFilter"
-      repeated :optional_preconditions, :message, 2, "authzed.api.v1.Precondition", json_name: "optionalPreconditions"
-    end
-    add_message "authzed.api.v1.DeleteRelationshipsResponse" do
-      optional :deleted_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "deletedAt"
-    end
-    add_message "authzed.api.v1.CheckPermissionRequest" do
-      optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
-      optional :resource, :message, 2, "authzed.api.v1.ObjectReference", json_name: "resource"
-      optional :permission, :string, 3, json_name: "permission"
-      optional :subject, :message, 4, "authzed.api.v1.SubjectReference", json_name: "subject"
-      optional :context, :message, 5, "google.protobuf.Struct", json_name: "context"
-    end
-    add_message "authzed.api.v1.PartialCaveatInfo" do
-      repeated :missing_required_context, :string, 1, json_name: "missingRequiredContext"
-    end
-    add_message "authzed.api.v1.CheckPermissionResponse" do
-      optional :checked_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "checkedAt"
-      optional :permissionship, :enum, 2, "authzed.api.v1.CheckPermissionResponse.Permissionship", json_name: "permissionship"
-      optional :partial_caveat_info, :message, 3, "authzed.api.v1.PartialCaveatInfo", json_name: "partialCaveatInfo"
-    end
-    add_enum "authzed.api.v1.CheckPermissionResponse.Permissionship" do
-      value :PERMISSIONSHIP_UNSPECIFIED, 0
-      value :PERMISSIONSHIP_NO_PERMISSION, 1
-      value :PERMISSIONSHIP_HAS_PERMISSION, 2
-      value :PERMISSIONSHIP_CONDITIONAL_PERMISSION, 3
-    end
-    add_message "authzed.api.v1.ExpandPermissionTreeRequest" do
-      optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
-      optional :resource, :message, 2, "authzed.api.v1.ObjectReference", json_name: "resource"
-      optional :permission, :string, 3, json_name: "permission"
-    end
-    add_message "authzed.api.v1.ExpandPermissionTreeResponse" do
-      optional :expanded_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "expandedAt"
-      optional :tree_root, :message, 2, "authzed.api.v1.PermissionRelationshipTree", json_name: "treeRoot"
-    end
-    add_message "authzed.api.v1.LookupResourcesRequest" do
-      optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
-      optional :resource_object_type, :string, 2, json_name: "resourceObjectType"
-      optional :permission, :string, 3, json_name: "permission"
-      optional :subject, :message, 4, "authzed.api.v1.SubjectReference", json_name: "subject"
-      optional :context, :message, 5, "google.protobuf.Struct", json_name: "context"
-    end
-    add_message "authzed.api.v1.LookupResourcesResponse" do
-      optional :looked_up_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "lookedUpAt"
-      optional :resource_object_id, :string, 2, json_name: "resourceObjectId"
-      optional :permissionship, :enum, 3, "authzed.api.v1.LookupPermissionship", json_name: "permissionship"
-      optional :partial_caveat_info, :message, 4, "authzed.api.v1.PartialCaveatInfo", json_name: "partialCaveatInfo"
-    end
-    add_message "authzed.api.v1.LookupSubjectsRequest" do
-      optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
-      optional :resource, :message, 2, "authzed.api.v1.ObjectReference", json_name: "resource"
-      optional :permission, :string, 3, json_name: "permission"
-      optional :subject_object_type, :string, 4, json_name: "subjectObjectType"
-      optional :optional_subject_relation, :string, 5, json_name: "optionalSubjectRelation"
-      optional :context, :message, 6, "google.protobuf.Struct", json_name: "context"
-    end
-    add_message "authzed.api.v1.LookupSubjectsResponse" do
-      optional :looked_up_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "lookedUpAt"
-      optional :subject_object_id, :string, 2, json_name: "subjectObjectId"
-      repeated :excluded_subject_ids, :string, 3, json_name: "excludedSubjectIds"
-      optional :permissionship, :enum, 4, "authzed.api.v1.LookupPermissionship", json_name: "permissionship"
-      optional :partial_caveat_info, :message, 5, "authzed.api.v1.PartialCaveatInfo", json_name: "partialCaveatInfo"
-      optional :subject, :message, 6, "authzed.api.v1.ResolvedSubject", json_name: "subject"
-      repeated :excluded_subjects, :message, 7, "authzed.api.v1.ResolvedSubject", json_name: "excludedSubjects"
-    end
-    add_message "authzed.api.v1.ResolvedSubject" do
-      optional :subject_object_id, :string, 1, json_name: "subjectObjectId"
-      optional :permissionship, :enum, 2, "authzed.api.v1.LookupPermissionship", json_name: "permissionship"
-      optional :partial_caveat_info, :message, 3, "authzed.api.v1.PartialCaveatInfo", json_name: "partialCaveatInfo"
-    end
-    add_enum "authzed.api.v1.LookupPermissionship" do
-      value :LOOKUP_PERMISSIONSHIP_UNSPECIFIED, 0
-      value :LOOKUP_PERMISSIONSHIP_HAS_PERMISSION, 1
-      value :LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION, 2
+
+descriptor_data = "\n\'authzed/api/v1/permission_service.proto\x12\x0e\x61uthzed.api.v1\x1a\x1cgoogle/protobuf/struct.proto\x1a\x1cgoogle/api/annotations.proto\x1a\x17validate/validate.proto\x1a\x19\x61uthzed/api/v1/core.proto\"\x9c\x02\n\x0b\x43onsistency\x12\x34\n\x10minimize_latency\x18\x01 \x01(\x08\x42\x07\xfa\x42\x04j\x02\x08\x01H\x00R\x0fminimizeLatency\x12\x45\n\x11\x61t_least_as_fresh\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenH\x00R\x0e\x61tLeastAsFresh\x12\x46\n\x11\x61t_exact_snapshot\x18\x03 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenH\x00R\x0f\x61tExactSnapshot\x12\x34\n\x10\x66ully_consistent\x18\x04 \x01(\x08\x42\x07\xfa\x42\x04j\x02\x08\x01H\x00R\x0f\x66ullyConsistentB\x12\n\x0brequirement\x12\x03\xf8\x42\x01\"\x8c\x03\n\x12RelationshipFilter\x12m\n\rresource_type\x18\x01 \x01(\tBH\xfa\x42\x45rC(\x80\x01\x32>^([a-z][a-z0-9_]{1,61}[a-z0-9]/)*[a-z][a-z0-9_]{1,62}[a-z0-9]$R\x0cresourceType\x12W\n\x14optional_resource_id\x18\x02 \x01(\tB%\xfa\x42\"r (\x80\x08\x32\x1b^([a-zA-Z0-9/_|\\-=+]{1,})?$R\x12optionalResourceId\x12W\n\x11optional_relation\x18\x03 \x01(\tB*\xfa\x42\'r%(@2!^([a-z][a-z0-9_]{1,62}[a-z0-9])?$R\x10optionalRelation\x12U\n\x17optional_subject_filter\x18\x04 \x01(\x0b\x32\x1d.authzed.api.v1.SubjectFilterR\x15optionalSubjectFilter\"\x8d\x03\n\rSubjectFilter\x12k\n\x0csubject_type\x18\x01 \x01(\tBH\xfa\x42\x45rC(\x80\x01\x32>^([a-z][a-z0-9_]{1,61}[a-z0-9]/)*[a-z][a-z0-9_]{1,62}[a-z0-9]$R\x0bsubjectType\x12Z\n\x13optional_subject_id\x18\x02 \x01(\tB*\xfa\x42\'r%(\x80\x08\x32 ^(([a-zA-Z0-9/_|\\-=+]{1,})|\\*)?$R\x11optionalSubjectId\x12Y\n\x11optional_relation\x18\x03 \x01(\x0b\x32,.authzed.api.v1.SubjectFilter.RelationFilterR\x10optionalRelation\x1aX\n\x0eRelationFilter\x12\x46\n\x08relation\x18\x01 \x01(\tB*\xfa\x42\'r%(@2!^([a-z][a-z0-9_]{1,62}[a-z0-9])?$R\x08relation\"\xac\x02\n\x18ReadRelationshipsRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12]\n\x13relationship_filter\x18\x02 \x01(\x0b\x32\".authzed.api.v1.RelationshipFilterB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x12relationshipFilter\x12\x31\n\x0eoptional_limit\x18\x03 \x01(\rB\n\xfa\x42\x07*\x05\x18\xe8\x07(\x00R\roptionalLimit\x12?\n\x0foptional_cursor\x18\x04 \x01(\x0b\x32\x16.authzed.api.v1.CursorR\x0eoptionalCursor\"\xec\x01\n\x19ReadRelationshipsResponse\x12;\n\x07read_at\x18\x01 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x06readAt\x12J\n\x0crelationship\x18\x02 \x01(\x0b\x32\x1c.authzed.api.v1.RelationshipB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x0crelationship\x12\x46\n\x13\x61\x66ter_result_cursor\x18\x03 \x01(\x0b\x32\x16.authzed.api.v1.CursorR\x11\x61\x66terResultCursor\"\x86\x02\n\x0cPrecondition\x12P\n\toperation\x18\x01 \x01(\x0e\x32&.authzed.api.v1.Precondition.OperationB\n\xfa\x42\x07\x82\x01\x04\x10\x01 \x00R\toperation\x12\x44\n\x06\x66ilter\x18\x02 \x01(\x0b\x32\".authzed.api.v1.RelationshipFilterB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x06\x66ilter\"^\n\tOperation\x12\x19\n\x15OPERATION_UNSPECIFIED\x10\x00\x12\x1c\n\x18OPERATION_MUST_NOT_MATCH\x10\x01\x12\x18\n\x14OPERATION_MUST_MATCH\x10\x02\"\xcc\x01\n\x19WriteRelationshipsRequest\x12K\n\x07updates\x18\x01 \x03(\x0b\x32\".authzed.api.v1.RelationshipUpdateB\r\xfa\x42\n\x92\x01\x07\"\x05\x8a\x01\x02\x10\x01R\x07updates\x12\x62\n\x16optional_preconditions\x18\x02 \x03(\x0b\x32\x1c.authzed.api.v1.PreconditionB\r\xfa\x42\n\x92\x01\x07\"\x05\x8a\x01\x02\x10\x01R\x15optionalPreconditions\"U\n\x1aWriteRelationshipsResponse\x12\x37\n\nwritten_at\x18\x01 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\twrittenAt\"\xdb\x02\n\x1a\x44\x65leteRelationshipsRequest\x12]\n\x13relationship_filter\x18\x01 \x01(\x0b\x32\".authzed.api.v1.RelationshipFilterB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x12relationshipFilter\x12\x62\n\x16optional_preconditions\x18\x02 \x03(\x0b\x32\x1c.authzed.api.v1.PreconditionB\r\xfa\x42\n\x92\x01\x07\"\x05\x8a\x01\x02\x10\x01R\x15optionalPreconditions\x12\x31\n\x0eoptional_limit\x18\x03 \x01(\rB\n\xfa\x42\x07*\x05\x18\xe8\x07(\x00R\roptionalLimit\x12G\n optional_allow_partial_deletions\x18\x04 \x01(\x08R\x1doptionalAllowPartialDeletions\"\xb7\x02\n\x1b\x44\x65leteRelationshipsResponse\x12\x37\n\ndeleted_at\x18\x01 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\tdeletedAt\x12i\n\x11\x64\x65letion_progress\x18\x02 \x01(\x0e\x32<.authzed.api.v1.DeleteRelationshipsResponse.DeletionProgressR\x10\x64\x65letionProgress\"t\n\x10\x44\x65letionProgress\x12!\n\x1d\x44\x45LETION_PROGRESS_UNSPECIFIED\x10\x00\x12\x1e\n\x1a\x44\x45LETION_PROGRESS_COMPLETE\x10\x01\x12\x1d\n\x19\x44\x45LETION_PROGRESS_PARTIAL\x10\x02\"\xed\x02\n\x16\x43heckPermissionRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12\x45\n\x08resource\x18\x02 \x01(\x0b\x32\x1f.authzed.api.v1.ObjectReferenceB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x08resource\x12J\n\npermission\x18\x03 \x01(\tB*\xfa\x42\'r%(@2!^([a-z][a-z0-9_]{1,62}[a-z0-9])?$R\npermission\x12\x44\n\x07subject\x18\x04 \x01(\x0b\x32 .authzed.api.v1.SubjectReferenceB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x07subject\x12;\n\x07\x63ontext\x18\x05 \x01(\x0b\x32\x17.google.protobuf.StructB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\x07\x63ontext\"\xc8\x03\n\x17\x43heckPermissionResponse\x12\x41\n\nchecked_at\x18\x01 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\tcheckedAt\x12j\n\x0epermissionship\x18\x02 \x01(\x0e\x32\x36.authzed.api.v1.CheckPermissionResponse.PermissionshipB\n\xfa\x42\x07\x82\x01\x04\x10\x01 \x00R\x0epermissionship\x12[\n\x13partial_caveat_info\x18\x03 \x01(\x0b\x32!.authzed.api.v1.PartialCaveatInfoB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\x11partialCaveatInfo\"\xa0\x01\n\x0ePermissionship\x12\x1e\n\x1aPERMISSIONSHIP_UNSPECIFIED\x10\x00\x12 \n\x1cPERMISSIONSHIP_NO_PERMISSION\x10\x01\x12!\n\x1dPERMISSIONSHIP_HAS_PERMISSION\x10\x02\x12)\n%PERMISSIONSHIP_CONDITIONAL_PERMISSION\x10\x03\"\xef\x01\n\x1b\x45xpandPermissionTreeRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12\x45\n\x08resource\x18\x02 \x01(\x0b\x32\x1f.authzed.api.v1.ObjectReferenceB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x08resource\x12J\n\npermission\x18\x03 \x01(\tB*\xfa\x42\'r%(@2!^([a-z][a-z0-9_]{1,62}[a-z0-9])?$R\npermission\"\xa2\x01\n\x1c\x45xpandPermissionTreeResponse\x12\x39\n\x0b\x65xpanded_at\x18\x01 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\nexpandedAt\x12G\n\ttree_root\x18\x02 \x01(\x0b\x32*.authzed.api.v1.PermissionRelationshipTreeR\x08treeRoot\"\x93\x04\n\x16LookupResourcesRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12z\n\x14resource_object_type\x18\x02 \x01(\tBH\xfa\x42\x45rC(\x80\x01\x32>^([a-z][a-z0-9_]{1,61}[a-z0-9]/)*[a-z][a-z0-9_]{1,62}[a-z0-9]$R\x12resourceObjectType\x12G\n\npermission\x18\x03 \x01(\tB\'\xfa\x42$r\"(@2\x1e^[a-z][a-z0-9_]{1,62}[a-z0-9]$R\npermission\x12\x44\n\x07subject\x18\x04 \x01(\x0b\x32 .authzed.api.v1.SubjectReferenceB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x07subject\x12;\n\x07\x63ontext\x18\x05 \x01(\x0b\x32\x17.google.protobuf.StructB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\x07\x63ontext\x12\x31\n\x0eoptional_limit\x18\x06 \x01(\rB\n\xfa\x42\x07*\x05\x18\xe8\x07(\x00R\roptionalLimit\x12?\n\x0foptional_cursor\x18\x07 \x01(\x0b\x32\x16.authzed.api.v1.CursorR\x0eoptionalCursor\"\x82\x03\n\x17LookupResourcesResponse\x12:\n\x0clooked_up_at\x18\x01 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\nlookedUpAt\x12,\n\x12resource_object_id\x18\x02 \x01(\tR\x10resourceObjectId\x12X\n\x0epermissionship\x18\x03 \x01(\x0e\x32$.authzed.api.v1.LookupPermissionshipB\n\xfa\x42\x07\x82\x01\x04\x10\x01 \x00R\x0epermissionship\x12[\n\x13partial_caveat_info\x18\x04 \x01(\x0b\x32!.authzed.api.v1.PartialCaveatInfoB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\x11partialCaveatInfo\x12\x46\n\x13\x61\x66ter_result_cursor\x18\x05 \x01(\x0b\x32\x16.authzed.api.v1.CursorR\x11\x61\x66terResultCursor\"\xed\x06\n\x15LookupSubjectsRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12\x45\n\x08resource\x18\x02 \x01(\x0b\x32\x1f.authzed.api.v1.ObjectReferenceB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x08resource\x12J\n\npermission\x18\x03 \x01(\tB*\xfa\x42\'r%(@2!^([a-z][a-z0-9_]{1,62}[a-z0-9])?$R\npermission\x12x\n\x13subject_object_type\x18\x04 \x01(\tBH\xfa\x42\x45rC(\x80\x01\x32>^([a-z][a-z0-9_]{1,61}[a-z0-9]/)*[a-z][a-z0-9_]{1,62}[a-z0-9]$R\x11subjectObjectType\x12\x66\n\x19optional_subject_relation\x18\x05 \x01(\tB*\xfa\x42\'r%(@2!^([a-z][a-z0-9_]{1,62}[a-z0-9])?$R\x17optionalSubjectRelation\x12;\n\x07\x63ontext\x18\x06 \x01(\x0b\x32\x17.google.protobuf.StructB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\x07\x63ontext\x12\x42\n\x17optional_concrete_limit\x18\x07 \x01(\rB\n\xfa\x42\x07*\x05\x18\xe8\x07(\x00R\x15optionalConcreteLimit\x12?\n\x0foptional_cursor\x18\x08 \x01(\x0b\x32\x16.authzed.api.v1.CursorR\x0eoptionalCursor\x12]\n\x0fwildcard_option\x18\t \x01(\x0e\x32\x34.authzed.api.v1.LookupSubjectsRequest.WildcardOptionR\x0ewildcardOption\"\x7f\n\x0eWildcardOption\x12\x1f\n\x1bWILDCARD_OPTION_UNSPECIFIED\x10\x00\x12%\n!WILDCARD_OPTION_INCLUDE_WILDCARDS\x10\x01\x12%\n!WILDCARD_OPTION_EXCLUDE_WILDCARDS\x10\x02\"\xc6\x04\n\x16LookupSubjectsResponse\x12:\n\x0clooked_up_at\x18\x01 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\nlookedUpAt\x12.\n\x11subject_object_id\x18\x02 \x01(\tB\x02\x18\x01R\x0fsubjectObjectId\x12\x34\n\x14\x65xcluded_subject_ids\x18\x03 \x03(\tB\x02\x18\x01R\x12\x65xcludedSubjectIds\x12Z\n\x0epermissionship\x18\x04 \x01(\x0e\x32$.authzed.api.v1.LookupPermissionshipB\x0c\x18\x01\xfa\x42\x07\x82\x01\x04\x10\x01 \x00R\x0epermissionship\x12]\n\x13partial_caveat_info\x18\x05 \x01(\x0b\x32!.authzed.api.v1.PartialCaveatInfoB\n\x18\x01\xfa\x42\x05\x8a\x01\x02\x10\x00R\x11partialCaveatInfo\x12\x39\n\x07subject\x18\x06 \x01(\x0b\x32\x1f.authzed.api.v1.ResolvedSubjectR\x07subject\x12L\n\x11\x65xcluded_subjects\x18\x07 \x03(\x0b\x32\x1f.authzed.api.v1.ResolvedSubjectR\x10\x65xcludedSubjects\x12\x46\n\x13\x61\x66ter_result_cursor\x18\x08 \x01(\x0b\x32\x16.authzed.api.v1.CursorR\x11\x61\x66terResultCursor\"\xf4\x01\n\x0fResolvedSubject\x12*\n\x11subject_object_id\x18\x01 \x01(\tR\x0fsubjectObjectId\x12X\n\x0epermissionship\x18\x02 \x01(\x0e\x32$.authzed.api.v1.LookupPermissionshipB\n\xfa\x42\x07\x82\x01\x04\x10\x01 \x00R\x0epermissionship\x12[\n\x13partial_caveat_info\x18\x03 \x01(\x0b\x32!.authzed.api.v1.PartialCaveatInfoB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\x11partialCaveatInfo*\x99\x01\n\x14LookupPermissionship\x12%\n!LOOKUP_PERMISSIONSHIP_UNSPECIFIED\x10\x00\x12(\n$LOOKUP_PERMISSIONSHIP_HAS_PERMISSION\x10\x01\x12\x30\n,LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION\x10\x02\x32\x80\x08\n\x12PermissionsService\x12\x8d\x01\n\x11ReadRelationships\x12(.authzed.api.v1.ReadRelationshipsRequest\x1a).authzed.api.v1.ReadRelationshipsResponse\"!\x82\xd3\xe4\x93\x02\x1b\"\x16/v1/relationships/read:\x01*0\x01\x12\x8f\x01\n\x12WriteRelationships\x12).authzed.api.v1.WriteRelationshipsRequest\x1a*.authzed.api.v1.WriteRelationshipsResponse\"\"\x82\xd3\xe4\x93\x02\x1c\"\x17/v1/relationships/write:\x01*\x12\x93\x01\n\x13\x44\x65leteRelationships\x12*.authzed.api.v1.DeleteRelationshipsRequest\x1a+.authzed.api.v1.DeleteRelationshipsResponse\"#\x82\xd3\xe4\x93\x02\x1d\"\x18/v1/relationships/delete:\x01*\x12\x84\x01\n\x0f\x43heckPermission\x12&.authzed.api.v1.CheckPermissionRequest\x1a\'.authzed.api.v1.CheckPermissionResponse\" \x82\xd3\xe4\x93\x02\x1a\"\x15/v1/permissions/check:\x01*\x12\x94\x01\n\x14\x45xpandPermissionTree\x12+.authzed.api.v1.ExpandPermissionTreeRequest\x1a,.authzed.api.v1.ExpandPermissionTreeResponse\"!\x82\xd3\xe4\x93\x02\x1b\"\x16/v1/permissions/expand:\x01*\x12\x8a\x01\n\x0fLookupResources\x12&.authzed.api.v1.LookupResourcesRequest\x1a\'.authzed.api.v1.LookupResourcesResponse\"$\x82\xd3\xe4\x93\x02\x1e\"\x19/v1/permissions/resources:\x01*0\x01\x12\x86\x01\n\x0eLookupSubjects\x12%.authzed.api.v1.LookupSubjectsRequest\x1a&.authzed.api.v1.LookupSubjectsResponse\"#\x82\xd3\xe4\x93\x02\x1d\"\x18/v1/permissions/subjects:\x01*0\x01\x42H\n\x12\x63om.authzed.api.v1Z2github.com/authzed/authzed-go/proto/authzed/api/v1b\x06proto3"
+
+pool = Google::Protobuf::DescriptorPool.generated_pool
+
+begin
+  pool.add_serialized_file(descriptor_data)
+rescue TypeError
+  # Compatibility code: will be removed in the next major version.
+  require 'google/protobuf/descriptor_pb'
+  parsed = Google::Protobuf::FileDescriptorProto.decode(descriptor_data)
+  parsed.clear_dependency
+  serialized = parsed.class.encode(parsed)
+  file = pool.add_serialized_file(serialized)
+  warn "Warning: Protobuf detected an import path issue while loading generated file #{__FILE__}"
+  imports = [
+    ["authzed.api.v1.ZedToken", "authzed/api/v1/core.proto"],
+    ["google.protobuf.Struct", "google/protobuf/struct.proto"],
+  ]
+  imports.each do |type_name, expected_filename|
+    import_file = pool.lookup(type_name).file_descriptor
+    if import_file.name != expected_filename
+      warn "- #{file.name} imports #{expected_filename}, but that import was loaded as #{import_file.name}"
     end
   end
+  warn "Each proto file must use a consistent fully-qualified name."
+  warn "This will become an error in the next major version."
 end
 
 module Authzed
@@ -151,8 +53,8 @@ module Authzed
       WriteRelationshipsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteRelationshipsResponse").msgclass
       DeleteRelationshipsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.DeleteRelationshipsRequest").msgclass
       DeleteRelationshipsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.DeleteRelationshipsResponse").msgclass
+      DeleteRelationshipsResponse::DeletionProgress = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.DeleteRelationshipsResponse.DeletionProgress").enummodule
       CheckPermissionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckPermissionRequest").msgclass
-      PartialCaveatInfo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.PartialCaveatInfo").msgclass
       CheckPermissionResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckPermissionResponse").msgclass
       CheckPermissionResponse::Permissionship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckPermissionResponse.Permissionship").enummodule
       ExpandPermissionTreeRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExpandPermissionTreeRequest").msgclass
@@ -160,6 +62,7 @@ module Authzed
       LookupResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupResourcesRequest").msgclass
       LookupResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupResourcesResponse").msgclass
       LookupSubjectsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupSubjectsRequest").msgclass
+      LookupSubjectsRequest::WildcardOption = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupSubjectsRequest.WildcardOption").enummodule
       LookupSubjectsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupSubjectsResponse").msgclass
       ResolvedSubject = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ResolvedSubject").msgclass
       LookupPermissionship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupPermissionship").enummodule

data/lib/authzed/api/v1/schema_service_pb.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: authzed/api/v1/schema_service.proto
 
@@ -5,20 +6,34 @@ require 'google/protobuf'
 
 require 'google/api/annotations_pb'
 require 'validate/validate_pb'
+require 'authzed/api/v1/core_pb'
 
-Google::Protobuf::DescriptorPool.generated_pool.build do
-  add_file("authzed/api/v1/schema_service.proto", :syntax => :proto3) do
-    add_message "authzed.api.v1.ReadSchemaRequest" do
-    end
-    add_message "authzed.api.v1.ReadSchemaResponse" do
-      optional :schema_text, :string, 1, json_name: "schemaText"
-    end
-    add_message "authzed.api.v1.WriteSchemaRequest" do
-      optional :schema, :string, 1, json_name: "schema"
-    end
-    add_message "authzed.api.v1.WriteSchemaResponse" do
+
+descriptor_data = "\n#authzed/api/v1/schema_service.proto\x12\x0e\x61uthzed.api.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17validate/validate.proto\x1a\x19\x61uthzed/api/v1/core.proto\"\x13\n\x11ReadSchemaRequest\"r\n\x12ReadSchemaResponse\x12\x1f\n\x0bschema_text\x18\x01 \x01(\tR\nschemaText\x12;\n\x07read_at\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x06readAt\"7\n\x12WriteSchemaRequest\x12!\n\x06schema\x18\x01 \x01(\tB\t\xfa\x42\x06r\x04(\x80\x80\x10R\x06schema\"X\n\x13WriteSchemaResponse\x12\x41\n\nwritten_at\x18\x01 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\twrittenAt2\xf5\x01\n\rSchemaService\x12o\n\nReadSchema\x12!.authzed.api.v1.ReadSchemaRequest\x1a\".authzed.api.v1.ReadSchemaResponse\"\x1a\x82\xd3\xe4\x93\x02\x14\"\x0f/v1/schema/read:\x01*\x12s\n\x0bWriteSchema\x12\".authzed.api.v1.WriteSchemaRequest\x1a#.authzed.api.v1.WriteSchemaResponse\"\x1b\x82\xd3\xe4\x93\x02\x15\"\x10/v1/schema/write:\x01*BH\n\x12\x63om.authzed.api.v1Z2github.com/authzed/authzed-go/proto/authzed/api/v1b\x06proto3"
+
+pool = Google::Protobuf::DescriptorPool.generated_pool
+
+begin
+  pool.add_serialized_file(descriptor_data)
+rescue TypeError
+  # Compatibility code: will be removed in the next major version.
+  require 'google/protobuf/descriptor_pb'
+  parsed = Google::Protobuf::FileDescriptorProto.decode(descriptor_data)
+  parsed.clear_dependency
+  serialized = parsed.class.encode(parsed)
+  file = pool.add_serialized_file(serialized)
+  warn "Warning: Protobuf detected an import path issue while loading generated file #{__FILE__}"
+  imports = [
+    ["authzed.api.v1.ZedToken", "authzed/api/v1/core.proto"],
+  ]
+  imports.each do |type_name, expected_filename|
+    import_file = pool.lookup(type_name).file_descriptor
+    if import_file.name != expected_filename
+      warn "- #{file.name} imports #{expected_filename}, but that import was loaded as #{import_file.name}"
     end
   end
+  warn "Each proto file must use a consistent fully-qualified name."
+  warn "This will become an error in the next major version."
 end
 
 module Authzed

data/lib/authzed/api/v1/watch_service_pb.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: authzed/api/v1/watch_service.proto
 
@@ -7,17 +8,32 @@ require 'google/api/annotations_pb'
 require 'validate/validate_pb'
 require 'authzed/api/v1/core_pb'
 
-Google::Protobuf::DescriptorPool.generated_pool.build do
-  add_file("authzed/api/v1/watch_service.proto", :syntax => :proto3) do
-    add_message "authzed.api.v1.WatchRequest" do
-      repeated :optional_object_types, :string, 1, json_name: "optionalObjectTypes"
-      optional :optional_start_cursor, :message, 2, "authzed.api.v1.ZedToken", json_name: "optionalStartCursor"
-    end
-    add_message "authzed.api.v1.WatchResponse" do
-      repeated :updates, :message, 1, "authzed.api.v1.RelationshipUpdate", json_name: "updates"
-      optional :changes_through, :message, 2, "authzed.api.v1.ZedToken", json_name: "changesThrough"
+
+descriptor_data = "\n\"authzed/api/v1/watch_service.proto\x12\x0e\x61uthzed.api.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17validate/validate.proto\x1a\x19\x61uthzed/api/v1/core.proto\"\xe2\x01\n\x0cWatchRequest\x12\x83\x01\n\x15optional_object_types\x18\x01 \x03(\tBO\xfa\x42L\x92\x01I\x08\x00\"ErC(\x80\x01\x32>^([a-z][a-z0-9_]{1,62}[a-z0-9]/)*[a-z][a-z0-9_]{1,62}[a-z0-9]$R\x13optionalObjectTypes\x12L\n\x15optional_start_cursor\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x13optionalStartCursor\"\x90\x01\n\rWatchResponse\x12<\n\x07updates\x18\x01 \x03(\x0b\x32\".authzed.api.v1.RelationshipUpdateR\x07updates\x12\x41\n\x0f\x63hanges_through\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x0e\x63hangesThrough2l\n\x0cWatchService\x12\\\n\x05Watch\x12\x1c.authzed.api.v1.WatchRequest\x1a\x1d.authzed.api.v1.WatchResponse\"\x14\x82\xd3\xe4\x93\x02\x0e\"\t/v1/watch:\x01*0\x01\x42H\n\x12\x63om.authzed.api.v1Z2github.com/authzed/authzed-go/proto/authzed/api/v1b\x06proto3"
+
+pool = Google::Protobuf::DescriptorPool.generated_pool
+
+begin
+  pool.add_serialized_file(descriptor_data)
+rescue TypeError
+  # Compatibility code: will be removed in the next major version.
+  require 'google/protobuf/descriptor_pb'
+  parsed = Google::Protobuf::FileDescriptorProto.decode(descriptor_data)
+  parsed.clear_dependency
+  serialized = parsed.class.encode(parsed)
+  file = pool.add_serialized_file(serialized)
+  warn "Warning: Protobuf detected an import path issue while loading generated file #{__FILE__}"
+  imports = [
+    ["authzed.api.v1.ZedToken", "authzed/api/v1/core.proto"],
+  ]
+  imports.each do |type_name, expected_filename|
+    import_file = pool.lookup(type_name).file_descriptor
+    if import_file.name != expected_filename
+      warn "- #{file.name} imports #{expected_filename}, but that import was loaded as #{import_file.name}"
     end
   end
+  warn "Each proto file must use a consistent fully-qualified name."
+  warn "This will become an error in the next major version."
 end
 
 module Authzed

data/lib/authzed.rb

@@ -1,8 +1,9 @@
 require 'authzed/api/v1/schema_service_services_pb'
 require 'authzed/api/v1/watch_service_services_pb'
 require 'authzed/api/v1/permission_service_services_pb'
+require 'authzed/api/v1/experimental_service_services_pb'
 require 'authzed/api/v1/client'
 require 'grpcutil/bearer_token'
 
 module Authzed
-end
+end

data/lib/validate/README.md

@@ -0,0 +1,31 @@
+# Generated protoc-gen-validate descriptors
+
+Changes introduced after Ruby protoc changes described in https://protobuf.dev/news/2023-04-20/
+
+The blog post reads
+
+> add_serialized_file verifies that all dependencies listed in the descriptor were previously added with add_serialized_file. Generally that should be fine, because the generated code will contain Ruby require statements for all dependencies, and the descriptor will fail to load anyway if the types depended on were not previously defined in the DescriptorPool.
+
+`protoc-gen-validate` does not offer ruby templates for protoc, so for `authzed-rb` the workaround has been to
+generate an empty stub to satisfy the import.
+
+The new Ruby code expects all type descriptors to be loaded, so a warning emerges when a dependency hasn't been loaded:
+
+```
+#<Google::Protobuf::TypeError: Unable to build file to DescriptorPool: Depends on file 'validate/validate.proto', but it has not been loaded>
+
+Warning: Protobuf detected an import path issue while loading generated file /usr/local/rvm/gems/ruby-3.1.4/gems/authzed-0.7.0/lib/authzed/api/v1/core_pb.rb
+Each proto file must use a consistent fully-qualified name.
+This will become an error in the next major version.
+```
+
+This folder vendors the `validate.proto` file and generates Ruby code out of it using buf.
+
+## How to generate
+
+```bash
+# run from /lib folder
+./validate/buf.gen.yaml 
+```
+
+Note: It's important to run this from /lib, to make sure the generated descriptor name matches `validate/validate.proto`

data/lib/validate/buf.gen.yaml

@@ -0,0 +1,5 @@
+#!/usr/bin/env -S buf generate --template
+version: "v1"
+plugins:
+- name: "ruby"
+  out: "."

data/lib/validate/buf.lock

@@ -0,0 +1,2 @@
+# Generated by buf. DO NOT EDIT.
+version: v1

data/lib/validate/buf.yaml

@@ -0,0 +1,3 @@
+---
+version: "v1"
+name: "buf.build/envoyproxy/protoc-gen-validate"