authzed 0.9.0 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/authzed/api/materialize/v0/watchpermissions_pb.rb +27 -0
- data/lib/authzed/api/materialize/v0/watchpermissions_services_pb.rb +43 -0
- data/lib/authzed/api/materialize/v0/watchpermissionsets_pb.rb +32 -0
- data/lib/authzed/api/materialize/v0/watchpermissionsets_services_pb.rb +72 -0
- data/lib/authzed/api/v1/error_reason_pb.rb +1 -1
- data/lib/authzed/api/v1/experimental_service_pb.rb +8 -1
- data/lib/authzed/api/v1/experimental_service_services_pb.rb +7 -0
- metadata +7 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2c1ba614c020004756bfbe738e309b6074b5cd3a25043e0f4ab667e751d1547f
|
|
4
|
+
data.tar.gz: bc038d69c47e755693368828658b18b4f2e01c65c364872849397b87a599a0ea
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 63c8259be27b344dff675cb9d8215877d0954f1b657df010460d46d96b7cd9a1217e994be637a45421195025d3f81f66cbb226e2e0611e76c5d762678c34d76c
|
|
7
|
+
data.tar.gz: 24cffc179fa2dd2a7d96fd8f65ae3731ecdb4fb64c2ba78b5e5955f050e56dcf294d6f15b29ec4a5953ff764a9e1adfe6c646fb47186cc40f45bb5dc4cc54ac3
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
|
3
|
+
# source: authzed/api/materialize/v0/watchpermissions.proto
|
|
4
|
+
|
|
5
|
+
require 'google/protobuf'
|
|
6
|
+
|
|
7
|
+
require 'authzed/api/v1/core_pb'
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
descriptor_data = "\n1authzed/api/materialize/v0/watchpermissions.proto\x12\x1a\x61uthzed.api.materialize.v0\x1a\x19\x61uthzed/api/v1/core.proto\"\xbc\x01\n\x17WatchPermissionsRequest\x12O\n\x0bpermissions\x18\x01 \x03(\x0b\x32-.authzed.api.materialize.v0.WatchedPermissionR\x0bpermissions\x12P\n\x17optional_starting_after\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x15optionalStartingAfter\"\xb7\x01\n\x11WatchedPermission\x12#\n\rresource_type\x18\x01 \x01(\tR\x0cresourceType\x12\x1e\n\npermission\x18\x02 \x01(\tR\npermission\x12!\n\x0csubject_type\x18\x03 \x01(\tR\x0bsubjectType\x12:\n\x19optional_subject_relation\x18\x04 \x01(\tR\x17optionalSubjectRelation\"\xb9\x01\n\x18WatchPermissionsResponse\x12\x46\n\x06\x63hange\x18\x01 \x01(\x0b\x32,.authzed.api.materialize.v0.PermissionChangeH\x00R\x06\x63hange\x12I\n\x12\x63ompleted_revision\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenH\x00R\x11\x63ompletedRevisionB\n\n\x08response\"\xe9\x03\n\x10PermissionChange\x12\x34\n\x08revision\x18\x01 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x08revision\x12;\n\x08resource\x18\x02 \x01(\x0b\x32\x1f.authzed.api.v1.ObjectReferenceR\x08resource\x12\x1e\n\npermission\x18\x03 \x01(\tR\npermission\x12:\n\x07subject\x18\x04 \x01(\x0b\x32 .authzed.api.v1.SubjectReferenceR\x07subject\x12\x63\n\x0epermissionship\x18\x05 \x01(\x0e\x32;.authzed.api.materialize.v0.PermissionChange.PermissionshipR\x0epermissionship\"\xa0\x01\n\x0ePermissionship\x12\x1e\n\x1aPERMISSIONSHIP_UNSPECIFIED\x10\x00\x12 \n\x1cPERMISSIONSHIP_NO_PERMISSION\x10\x01\x12!\n\x1dPERMISSIONSHIP_HAS_PERMISSION\x10\x02\x12)\n%PERMISSIONSHIP_CONDITIONAL_PERMISSION\x10\x03\x32\x9d\x01\n\x17WatchPermissionsService\x12\x81\x01\n\x10WatchPermissions\x12\x33.authzed.api.materialize.v0.WatchPermissionsRequest\x1a\x34.authzed.api.materialize.v0.WatchPermissionsResponse\"\x00\x30\x01\x42\x62\n\x1e\x63om.authzed.api.materialize.v0P\x01Z>github.com/authzed/authzed-go/proto/authzed/api/materialize/v0b\x06proto3"
|
|
11
|
+
|
|
12
|
+
pool = Google::Protobuf::DescriptorPool.generated_pool
|
|
13
|
+
pool.add_serialized_file(descriptor_data)
|
|
14
|
+
|
|
15
|
+
module Authzed
|
|
16
|
+
module Api
|
|
17
|
+
module Materialize
|
|
18
|
+
module V0
|
|
19
|
+
WatchPermissionsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.WatchPermissionsRequest").msgclass
|
|
20
|
+
WatchedPermission = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.WatchedPermission").msgclass
|
|
21
|
+
WatchPermissionsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.WatchPermissionsResponse").msgclass
|
|
22
|
+
PermissionChange = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.PermissionChange").msgclass
|
|
23
|
+
PermissionChange::Permissionship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.PermissionChange.Permissionship").enummodule
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
|
2
|
+
# Source: authzed/api/materialize/v0/watchpermissions.proto for package 'authzed.api.materialize.v0'
|
|
3
|
+
|
|
4
|
+
require 'grpc'
|
|
5
|
+
require 'authzed/api/materialize/v0/watchpermissions_pb'
|
|
6
|
+
|
|
7
|
+
module Authzed
|
|
8
|
+
module Api
|
|
9
|
+
module Materialize
|
|
10
|
+
module V0
|
|
11
|
+
module WatchPermissionsService
|
|
12
|
+
class Service
|
|
13
|
+
|
|
14
|
+
include ::GRPC::GenericService
|
|
15
|
+
|
|
16
|
+
self.marshal_class_method = :encode
|
|
17
|
+
self.unmarshal_class_method = :decode
|
|
18
|
+
self.service_name = 'authzed.api.materialize.v0.WatchPermissionsService'
|
|
19
|
+
|
|
20
|
+
# WatchPermissions returns a stream of PermissionChange events for the given permissions.
|
|
21
|
+
#
|
|
22
|
+
# WatchPermissions is a long-running RPC, and will stream events until the client
|
|
23
|
+
# closes the connection or the server terminates the stream. The consumer is responsible of
|
|
24
|
+
# keeping track of the last seen revision and resuming the stream from that point in the event
|
|
25
|
+
# of disconnection or client-side restarts.
|
|
26
|
+
#
|
|
27
|
+
# The API does not offer a sharding mechanism and thus there should only be one consumer per target system.
|
|
28
|
+
# Implementing an active-active HA consumer setup over the same target system will require coordinating which
|
|
29
|
+
# revisions have been consumed in order to prevent transitioning to an inconsistent state.
|
|
30
|
+
#
|
|
31
|
+
# Usage of WatchPermissions requires to be explicitly enabled on the service, including the permissions to be
|
|
32
|
+
# watched. It requires more resources and is less performant than WatchPermissionsSets. It's usage
|
|
33
|
+
# is only recommended when performing the set intersections of WatchPermissionSets in the client side is not viable
|
|
34
|
+
# or there is a strict application requirement to use consume the computed permissions.
|
|
35
|
+
rpc :WatchPermissions, ::Authzed::Api::Materialize::V0::WatchPermissionsRequest, stream(::Authzed::Api::Materialize::V0::WatchPermissionsResponse)
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
Stub = Service.rpc_stub_class
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
|
3
|
+
# source: authzed/api/materialize/v0/watchpermissionsets.proto
|
|
4
|
+
|
|
5
|
+
require 'google/protobuf'
|
|
6
|
+
|
|
7
|
+
require 'authzed/api/v1/core_pb'
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
descriptor_data = "\n4authzed/api/materialize/v0/watchpermissionsets.proto\x12\x1a\x61uthzed.api.materialize.v0\x1a\x19\x61uthzed/api/v1/core.proto\"n\n\x1aWatchPermissionSetsRequest\x12P\n\x17optional_starting_after\x18\x01 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x15optionalStartingAfter\"\xc3\x02\n\x1bWatchPermissionSetsResponse\x12I\n\x06\x63hange\x18\x01 \x01(\x0b\x32/.authzed.api.materialize.v0.PermissionSetChangeH\x00R\x06\x63hange\x12I\n\x12\x63ompleted_revision\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenH\x00R\x11\x63ompletedRevision\x12\x81\x01\n\x1flookup_permission_sets_required\x18\x03 \x01(\x0b\x32\x38.authzed.api.materialize.v0.LookupPermissionSetsRequiredH\x00R\x1clookupPermissionSetsRequiredB\n\n\x08response\"\xa2\x01\n\x06\x43ursor\x12\x14\n\x05limit\x18\x01 \x01(\rR\x05limit\x12.\n\x05token\x18\x04 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x05token\x12%\n\x0estarting_index\x18\x05 \x01(\rR\rstartingIndex\x12+\n\x11\x63ompleted_members\x18\x06 \x01(\x08R\x10\x63ompletedMembers\"\x9c\x01\n\x1bLookupPermissionSetsRequest\x12\x14\n\x05limit\x18\x01 \x01(\rR\x05limit\x12g\n\x1eoptional_starting_after_cursor\x18\x04 \x01(\x0b\x32\".authzed.api.materialize.v0.CursorR\x1boptionalStartingAfterCursor\"\xa3\x01\n\x1cLookupPermissionSetsResponse\x12G\n\x06\x63hange\x18\x01 \x01(\x0b\x32/.authzed.api.materialize.v0.PermissionSetChangeR\x06\x63hange\x12:\n\x06\x63ursor\x18\x02 \x01(\x0b\x32\".authzed.api.materialize.v0.CursorR\x06\x63ursor\"\xfc\x03\n\x13PermissionSetChange\x12\x39\n\x0b\x61t_revision\x18\x01 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\natRevision\x12Z\n\toperation\x18\x02 \x01(\x0e\x32<.authzed.api.materialize.v0.PermissionSetChange.SetOperationR\toperation\x12G\n\nparent_set\x18\x03 \x01(\x0b\x32(.authzed.api.materialize.v0.SetReferenceR\tparentSet\x12G\n\tchild_set\x18\x04 \x01(\x0b\x32(.authzed.api.materialize.v0.SetReferenceH\x00R\x08\x63hildSet\x12P\n\x0c\x63hild_member\x18\x05 \x01(\x0b\x32+.authzed.api.materialize.v0.MemberReferenceH\x00R\x0b\x63hildMember\"a\n\x0cSetOperation\x12\x1d\n\x19SET_OPERATION_UNSPECIFIED\x10\x00\x12\x17\n\x13SET_OPERATION_ADDED\x10\x01\x12\x19\n\x15SET_OPERATION_REMOVED\x10\x02\x42\x07\n\x05\x63hild\"\x82\x01\n\x0cSetReference\x12\x1f\n\x0bobject_type\x18\x01 \x01(\tR\nobjectType\x12\x1b\n\tobject_id\x18\x02 \x01(\tR\x08objectId\x12\x34\n\x16permission_or_relation\x18\x03 \x01(\tR\x14permissionOrRelation\"\x96\x01\n\x0fMemberReference\x12\x1f\n\x0bobject_type\x18\x01 \x01(\tR\nobjectType\x12\x1b\n\tobject_id\x18\x02 \x01(\tR\x08objectId\x12\x45\n\x1foptional_permission_or_relation\x18\x03 \x01(\tR\x1coptionalPermissionOrRelation\"f\n\x1cLookupPermissionSetsRequired\x12\x46\n\x12required_lookup_at\x18\x01 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x10requiredLookupAt2\xb9\x02\n\x1aWatchPermissionSetsService\x12\x8a\x01\n\x13WatchPermissionSets\x12\x36.authzed.api.materialize.v0.WatchPermissionSetsRequest\x1a\x37.authzed.api.materialize.v0.WatchPermissionSetsResponse\"\x00\x30\x01\x12\x8d\x01\n\x14LookupPermissionSets\x12\x37.authzed.api.materialize.v0.LookupPermissionSetsRequest\x1a\x38.authzed.api.materialize.v0.LookupPermissionSetsResponse\"\x00\x30\x01\x42\x62\n\x1e\x63om.authzed.api.materialize.v0P\x01Z>github.com/authzed/authzed-go/proto/authzed/api/materialize/v0b\x06proto3"
|
|
11
|
+
|
|
12
|
+
pool = Google::Protobuf::DescriptorPool.generated_pool
|
|
13
|
+
pool.add_serialized_file(descriptor_data)
|
|
14
|
+
|
|
15
|
+
module Authzed
|
|
16
|
+
module Api
|
|
17
|
+
module Materialize
|
|
18
|
+
module V0
|
|
19
|
+
WatchPermissionSetsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.WatchPermissionSetsRequest").msgclass
|
|
20
|
+
WatchPermissionSetsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.WatchPermissionSetsResponse").msgclass
|
|
21
|
+
Cursor = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.Cursor").msgclass
|
|
22
|
+
LookupPermissionSetsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.LookupPermissionSetsRequest").msgclass
|
|
23
|
+
LookupPermissionSetsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.LookupPermissionSetsResponse").msgclass
|
|
24
|
+
PermissionSetChange = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.PermissionSetChange").msgclass
|
|
25
|
+
PermissionSetChange::SetOperation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.PermissionSetChange.SetOperation").enummodule
|
|
26
|
+
SetReference = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.SetReference").msgclass
|
|
27
|
+
MemberReference = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.MemberReference").msgclass
|
|
28
|
+
LookupPermissionSetsRequired = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.LookupPermissionSetsRequired").msgclass
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
|
2
|
+
# Source: authzed/api/materialize/v0/watchpermissionsets.proto for package 'authzed.api.materialize.v0'
|
|
3
|
+
|
|
4
|
+
require 'grpc'
|
|
5
|
+
require 'authzed/api/materialize/v0/watchpermissionsets_pb'
|
|
6
|
+
|
|
7
|
+
module Authzed
|
|
8
|
+
module Api
|
|
9
|
+
module Materialize
|
|
10
|
+
module V0
|
|
11
|
+
module WatchPermissionSetsService
|
|
12
|
+
class Service
|
|
13
|
+
|
|
14
|
+
include ::GRPC::GenericService
|
|
15
|
+
|
|
16
|
+
self.marshal_class_method = :encode
|
|
17
|
+
self.unmarshal_class_method = :decode
|
|
18
|
+
self.service_name = 'authzed.api.materialize.v0.WatchPermissionSetsService'
|
|
19
|
+
|
|
20
|
+
# WatchPermissionSets returns a stream of changes to the sets which can be used to compute the watched permissions.
|
|
21
|
+
#
|
|
22
|
+
# WatchPermissionSets lets consumers achieve the same thing as WatchPermissions, but trades off a simpler usage model with
|
|
23
|
+
# significantly lower computational requirements. Unlike WatchPermissions, this method returns changes to the sets of permissions,
|
|
24
|
+
# rather than the individual permissions. Permission sets are a normalized form of the computed permissions, which
|
|
25
|
+
# means that the consumer must perform an extra computation over this representation to obtain the final computed
|
|
26
|
+
# permissions, typically by intersecting the provided sets.
|
|
27
|
+
#
|
|
28
|
+
# For example, this would look like a JOIN between the
|
|
29
|
+
# materialize permission sets table in a target relation database, the table with the resources to authorize access
|
|
30
|
+
# to, and the table with the subject (e.g. a user).
|
|
31
|
+
#
|
|
32
|
+
# In exchange, the number of changes issued by WatchPermissionSets will be several orders of magnitude less than those
|
|
33
|
+
# emitted by WatchPermissions, which has several implications:
|
|
34
|
+
# - significantly less resources to compute the sets
|
|
35
|
+
# - significantly less messages to stream over the network
|
|
36
|
+
# - significantly less events to ingest on the consumer side
|
|
37
|
+
# - less ingestion lag from the origin SpiceDB mutation
|
|
38
|
+
#
|
|
39
|
+
# The type of scenarios WatchPermissionSets is particularly well suited is when a single change
|
|
40
|
+
# in the origin SpiceDB can yield millions of changes. For example, in the GitHub authorization model, assigning a role
|
|
41
|
+
# to a top-level team of an organization with hundreds of thousands of employees can lead to an explosion of
|
|
42
|
+
# permission change events that would require a lot of computational resources to process, both on Materialize and
|
|
43
|
+
# the consumer side.
|
|
44
|
+
#
|
|
45
|
+
# WatchPermissionSets is thus recommended for any larger scale use case where the fan-out in permission changes that
|
|
46
|
+
# emerges from a specific schema and data shape is too large to handle effectively.
|
|
47
|
+
#
|
|
48
|
+
# The API does not offer a sharding mechanism and thus there should only be one consumer per target system.
|
|
49
|
+
# Implementing an active-active HA consumer setup over the same target system will require coordinating which
|
|
50
|
+
# revisions have been consumed in order to prevent transitioning to an inconsistent state.
|
|
51
|
+
rpc :WatchPermissionSets, ::Authzed::Api::Materialize::V0::WatchPermissionSetsRequest, stream(::Authzed::Api::Materialize::V0::WatchPermissionSetsResponse)
|
|
52
|
+
# LookupPermissionSets returns the current state of the permission sets which can be used to derive the computed permissions.
|
|
53
|
+
# It's typically used to backfill the state of the permission sets in the consumer side.
|
|
54
|
+
#
|
|
55
|
+
# It's a cursored API and the consumer is responsible to keep track of the cursor and use it on each subsequent call.
|
|
56
|
+
# Each stream will return <N> permission sets defined by the specified request limit. The server will keep streaming until
|
|
57
|
+
# the sets per stream is hit, or the current state of the sets is reached,
|
|
58
|
+
# whatever happens first, and then close the stream. The server will indicate there are no more changes to stream
|
|
59
|
+
# through the `completed_members` in the cursor.
|
|
60
|
+
#
|
|
61
|
+
# There may be many elements to stream, and so the consumer should be prepared to resume the stream from the last
|
|
62
|
+
# cursor received. Once completed, the consumer may start streaming permission set changes using WatchPermissionSets
|
|
63
|
+
# and the revision token from the last LookupPermissionSets response.
|
|
64
|
+
rpc :LookupPermissionSets, ::Authzed::Api::Materialize::V0::LookupPermissionSetsRequest, stream(::Authzed::Api::Materialize::V0::LookupPermissionSetsResponse)
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
Stub = Service.rpc_stub_class
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
end
|
|
71
|
+
end
|
|
72
|
+
end
|
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
require 'google/protobuf'
|
|
6
6
|
|
|
7
7
|
|
|
8
|
-
descriptor_data = "\n!authzed/api/v1/error_reason.proto\x12\x0e\x61uthzed.api.v1*\
|
|
8
|
+
descriptor_data = "\n!authzed/api/v1/error_reason.proto\x12\x0e\x61uthzed.api.v1*\xf1\t\n\x0b\x45rrorReason\x12\x1c\n\x18\x45RROR_REASON_UNSPECIFIED\x10\x00\x12#\n\x1f\x45RROR_REASON_SCHEMA_PARSE_ERROR\x10\x01\x12\"\n\x1e\x45RROR_REASON_SCHEMA_TYPE_ERROR\x10\x02\x12#\n\x1f\x45RROR_REASON_UNKNOWN_DEFINITION\x10\x03\x12/\n+ERROR_REASON_UNKNOWN_RELATION_OR_PERMISSION\x10\x04\x12,\n(ERROR_REASON_TOO_MANY_UPDATES_IN_REQUEST\x10\x05\x12\x32\n.ERROR_REASON_TOO_MANY_PRECONDITIONS_IN_REQUEST\x10\x06\x12\x35\n1ERROR_REASON_WRITE_OR_DELETE_PRECONDITION_FAILURE\x10\x07\x12\"\n\x1e\x45RROR_REASON_SERVICE_READ_ONLY\x10\x08\x12\x1f\n\x1b\x45RROR_REASON_UNKNOWN_CAVEAT\x10\t\x12%\n!ERROR_REASON_INVALID_SUBJECT_TYPE\x10\n\x12,\n(ERROR_REASON_CAVEAT_PARAMETER_TYPE_ERROR\x10\x0b\x12-\n)ERROR_REASON_UPDATES_ON_SAME_RELATIONSHIP\x10\x0c\x12)\n%ERROR_REASON_CANNOT_UPDATE_PERMISSION\x10\r\x12(\n$ERROR_REASON_CAVEAT_EVALUATION_ERROR\x10\x0e\x12\x1f\n\x1b\x45RROR_REASON_INVALID_CURSOR\x10\x0f\x12@\n<ERROR_REASON_TOO_MANY_RELATIONSHIPS_FOR_TRANSACTIONAL_DELETE\x10\x10\x12.\n*ERROR_REASON_MAX_RELATIONSHIP_CONTEXT_SIZE\x10\x11\x12\x31\n-ERROR_REASON_ATTEMPT_TO_RECREATE_RELATIONSHIP\x10\x12\x12\'\n#ERROR_REASON_MAXIMUM_DEPTH_EXCEEDED\x10\x13\x12&\n\"ERROR_REASON_SERIALIZATION_FAILURE\x10\x14\x12+\n\'ERROR_REASON_TOO_MANY_CHECKS_IN_REQUEST\x10\x15\x12\x30\n,ERROR_REASON_EXCEEDS_MAXIMUM_ALLOWABLE_LIMIT\x10\x16\x12\x1f\n\x1b\x45RROR_REASON_INVALID_FILTER\x10\x17\x12\x35\n1ERROR_REASON_INMEMORY_TOO_MANY_CONCURRENT_UPDATES\x10\x18\x12#\n\x1f\x45RROR_REASON_EMPTY_PRECONDITION\x10\x19\x12+\n\'ERROR_REASON_COUNTER_ALREADY_REGISTERED\x10\x1a\x12\'\n#ERROR_REASON_COUNTER_NOT_REGISTERED\x10\x1b\x12%\n!ERROR_REASON_WILDCARD_NOT_ALLOWED\x10\x1c\x42J\n\x12\x63om.authzed.api.v1P\x01Z2github.com/authzed/authzed-go/proto/authzed/api/v1b\x06proto3"
|
|
9
9
|
|
|
10
10
|
pool = Google::Protobuf::DescriptorPool.generated_pool
|
|
11
11
|
pool.add_serialized_file(descriptor_data)
|
|
@@ -12,7 +12,7 @@ require 'authzed/api/v1/core_pb'
|
|
|
12
12
|
require 'authzed/api/v1/permission_service_pb'
|
|
13
13
|
|
|
14
14
|
|
|
15
|
-
descriptor_data = "\n)authzed/api/v1/experimental_service.proto\x12\x0e\x61uthzed.api.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17validate/validate.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x17google/rpc/status.proto\x1a\x19\x61uthzed/api/v1/core.proto\x1a\'authzed/api/v1/permission_service.proto\"\xb2\x01\n\x1a\x42ulkCheckPermissionRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12U\n\x05items\x18\x02 \x03(\x0b\x32..authzed.api.v1.BulkCheckPermissionRequestItemB\x0f\x18\x01\xfa\x42\n\x92\x01\x07\"\x05\x8a\x01\x02\x10\x01R\x05items\"\xb6\x02\n\x1e\x42ulkCheckPermissionRequestItem\x12\x45\n\x08resource\x18\x01 \x01(\x0b\x32\x1f.authzed.api.v1.ObjectReferenceB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x08resource\x12J\n\npermission\x18\x02 \x01(\tB*\xfa\x42\'r%(@2!^([a-z][a-z0-9_]{1,62}[a-z0-9])?$R\npermission\x12\x44\n\x07subject\x18\x03 \x01(\x0b\x32 .authzed.api.v1.SubjectReferenceB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x07subject\x12;\n\x07\x63ontext\x18\x04 \x01(\x0b\x32\x17.google.protobuf.StructB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\x07\x63ontext\"\xae\x01\n\x1b\x42ulkCheckPermissionResponse\x12\x41\n\nchecked_at\x18\x01 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\tcheckedAt\x12L\n\x05pairs\x18\x02 \x03(\x0b\x32\'.authzed.api.v1.BulkCheckPermissionPairB\r\xfa\x42\n\x92\x01\x07\"\x05\x8a\x01\x02\x10\x01R\x05pairs\"\xe2\x01\n\x17\x42ulkCheckPermissionPair\x12H\n\x07request\x18\x01 \x01(\x0b\x32..authzed.api.v1.BulkCheckPermissionRequestItemR\x07request\x12\x45\n\x04item\x18\x02 \x01(\x0b\x32/.authzed.api.v1.BulkCheckPermissionResponseItemH\x00R\x04item\x12*\n\x05\x65rror\x18\x03 \x01(\x0b\x32\x12.google.rpc.StatusH\x00R\x05\x65rrorB\n\n\x08response\"\xea\x01\n\x1f\x42ulkCheckPermissionResponseItem\x12j\n\x0epermissionship\x18\x01 \x01(\x0e\x32\x36.authzed.api.v1.CheckPermissionResponse.PermissionshipB\n\xfa\x42\x07\x82\x01\x04\x10\x01 \x00R\x0epermissionship\x12[\n\x13partial_caveat_info\x18\x02 \x01(\x0b\x32!.authzed.api.v1.PartialCaveatInfoB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\x11partialCaveatInfo\"s\n\x1e\x42ulkImportRelationshipsRequest\x12Q\n\rrelationships\x18\x01 \x03(\x0b\x32\x1c.authzed.api.v1.RelationshipB\r\xfa\x42\n\x92\x01\x07\"\x05\x8a\x01\x02\x10\x01R\rrelationships\"@\n\x1f\x42ulkImportRelationshipsResponse\x12\x1d\n\nnum_loaded\x18\x01 \x01(\x04R\tnumLoaded\"\xb6\x02\n\x1e\x42ulkExportRelationshipsRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12.\n\x0eoptional_limit\x18\x02 \x01(\rB\x07\xfa\x42\x04*\x02(\x00R\roptionalLimit\x12?\n\x0foptional_cursor\x18\x03 \x01(\x0b\x32\x16.authzed.api.v1.CursorR\x0eoptionalCursor\x12\x64\n\x1coptional_relationship_filter\x18\x04 \x01(\x0b\x32\".authzed.api.v1.RelationshipFilterR\x1aoptionalRelationshipFilter\"\xad\x01\n\x1f\x42ulkExportRelationshipsResponse\x12\x46\n\x13\x61\x66ter_result_cursor\x18\x01 \x01(\x0b\x32\x16.authzed.api.v1.CursorR\x11\x61\x66terResultCursor\x12\x42\n\rrelationships\x18\x02 \x03(\x0b\x32\x1c.authzed.api.v1.RelationshipR\rrelationships\"\xad\x01\n ExperimentalReflectSchemaRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12J\n\x10optional_filters\x18\x02 \x03(\x0b\x32\x1f.authzed.api.v1.ExpSchemaFilterR\x0foptionalFilters\"\xcc\x01\n!ExperimentalReflectSchemaResponse\x12?\n\x0b\x64\x65\x66initions\x18\x01 \x03(\x0b\x32\x1d.authzed.api.v1.ExpDefinitionR\x0b\x64\x65\x66initions\x12\x33\n\x07\x63\x61veats\x18\x02 \x03(\x0b\x32\x19.authzed.api.v1.ExpCaveatR\x07\x63\x61veats\x12\x31\n\x07read_at\x18\x03 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x06readAt\"\xa1\x02\n\x0f\x45xpSchemaFilter\x12\x45\n\x1foptional_definition_name_filter\x18\x01 \x01(\tR\x1coptionalDefinitionNameFilter\x12=\n\x1boptional_caveat_name_filter\x18\x02 \x01(\tR\x18optionalCaveatNameFilter\x12\x41\n\x1doptional_relation_name_filter\x18\x03 \x01(\tR\x1aoptionalRelationNameFilter\x12\x45\n\x1foptional_permission_name_filter\x18\x04 \x01(\tR\x1coptionalPermissionNameFilter\"\xb9\x01\n\rExpDefinition\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12\x18\n\x07\x63omment\x18\x02 \x01(\tR\x07\x63omment\x12\x39\n\trelations\x18\x03 \x03(\x0b\x32\x1b.authzed.api.v1.ExpRelationR\trelations\x12?\n\x0bpermissions\x18\x04 \x03(\x0b\x32\x1d.authzed.api.v1.ExpPermissionR\x0bpermissions\"\x9d\x01\n\tExpCaveat\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12\x18\n\x07\x63omment\x18\x02 \x01(\tR\x07\x63omment\x12\x42\n\nparameters\x18\x03 \x03(\x0b\x32\".authzed.api.v1.ExpCaveatParameterR\nparameters\x12\x1e\n\nexpression\x18\x04 \x01(\tR\nexpression\"j\n\x12\x45xpCaveatParameter\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12\x12\n\x04type\x18\x02 \x01(\tR\x04type\x12,\n\x12parent_caveat_name\x18\x03 \x01(\tR\x10parentCaveatName\"\xb8\x01\n\x0b\x45xpRelation\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12\x18\n\x07\x63omment\x18\x02 \x01(\tR\x07\x63omment\x12\x34\n\x16parent_definition_name\x18\x03 \x01(\tR\x14parentDefinitionName\x12\x45\n\rsubject_types\x18\x04 \x03(\x0b\x32 .authzed.api.v1.ExpTypeReferenceR\x0csubjectTypes\"\xa1\x02\n\x10\x45xpTypeReference\x12\x36\n\x17subject_definition_name\x18\x01 \x01(\tR\x15subjectDefinitionName\x12\x30\n\x14optional_caveat_name\x18\x02 \x01(\tR\x12optionalCaveatName\x12\x30\n\x13is_terminal_subject\x18\x03 \x01(\x08H\x00R\x11isTerminalSubject\x12\x36\n\x16optional_relation_name\x18\x04 \x01(\tH\x00R\x14optionalRelationName\x12.\n\x12is_public_wildcard\x18\x05 \x01(\x08H\x00R\x10isPublicWildcardB\t\n\x07typeref\"s\n\rExpPermission\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12\x18\n\x07\x63omment\x18\x02 \x01(\tR\x07\x63omment\x12\x34\n\x16parent_definition_name\x18\x03 \x01(\tR\x14parentDefinitionName\"\xfe\x01\n(ExperimentalComputablePermissionsRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12\'\n\x0f\x64\x65\x66inition_name\x18\x02 \x01(\tR\x0e\x64\x65\x66initionName\x12#\n\rrelation_name\x18\x03 \x01(\tR\x0crelationName\x12\x45\n\x1foptional_definition_name_filter\x18\x04 \x01(\tR\x1coptionalDefinitionNameFilter\"\x89\x01\n\x14\x45xpRelationReference\x12\'\n\x0f\x64\x65\x66inition_name\x18\x01 \x01(\tR\x0e\x64\x65\x66initionName\x12#\n\rrelation_name\x18\x02 \x01(\tR\x0crelationName\x12#\n\ris_permission\x18\x03 \x01(\x08R\x0cisPermission\"\xa6\x01\n)ExperimentalComputablePermissionsResponse\x12\x46\n\x0bpermissions\x18\x01 \x03(\x0b\x32$.authzed.api.v1.ExpRelationReferenceR\x0bpermissions\x12\x31\n\x07read_at\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x06readAt\"\xb8\x01\n%ExperimentalDependentRelationsRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12\'\n\x0f\x64\x65\x66inition_name\x18\x02 \x01(\tR\x0e\x64\x65\x66initionName\x12\'\n\x0fpermission_name\x18\x03 \x01(\tR\x0epermissionName\"\x9f\x01\n&ExperimentalDependentRelationsResponse\x12\x42\n\trelations\x18\x01 \x03(\x0b\x32$.authzed.api.v1.ExpRelationReferenceR\trelations\x12\x31\n\x07read_at\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x06readAt\"\x8b\x01\n\x1d\x45xperimentalDiffSchemaRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12+\n\x11\x63omparison_schema\x18\x02 \x01(\tR\x10\x63omparisonSchema\"\x88\x01\n\x1e\x45xperimentalDiffSchemaResponse\x12\x33\n\x05\x64iffs\x18\x01 \x03(\x0b\x32\x1d.authzed.api.v1.ExpSchemaDiffR\x05\x64iffs\x12\x31\n\x07read_at\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x06readAt\"\xab\x01\n\x1c\x45xpRelationSubjectTypeChange\x12\x37\n\x08relation\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ExpRelationR\x08relation\x12R\n\x14\x63hanged_subject_type\x18\x02 \x01(\x0b\x32 .authzed.api.v1.ExpTypeReferenceR\x12\x63hangedSubjectType\"\x85\x01\n\x1c\x45xpCaveatParameterTypeChange\x12@\n\tparameter\x18\x01 \x01(\x0b\x32\".authzed.api.v1.ExpCaveatParameterR\tparameter\x12#\n\rprevious_type\x18\x02 \x01(\tR\x0cpreviousType\"\xa0\r\n\rExpSchemaDiff\x12J\n\x10\x64\x65\x66inition_added\x18\x01 \x01(\x0b\x32\x1d.authzed.api.v1.ExpDefinitionH\x00R\x0f\x64\x65\x66initionAdded\x12N\n\x12\x64\x65\x66inition_removed\x18\x02 \x01(\x0b\x32\x1d.authzed.api.v1.ExpDefinitionH\x00R\x11\x64\x65\x66initionRemoved\x12\x64\n\x1e\x64\x65\x66inition_doc_comment_changed\x18\x03 \x01(\x0b\x32\x1d.authzed.api.v1.ExpDefinitionH\x00R\x1b\x64\x65\x66initionDocCommentChanged\x12\x44\n\x0erelation_added\x18\x04 \x01(\x0b\x32\x1b.authzed.api.v1.ExpRelationH\x00R\rrelationAdded\x12H\n\x10relation_removed\x18\x05 \x01(\x0b\x32\x1b.authzed.api.v1.ExpRelationH\x00R\x0frelationRemoved\x12^\n\x1crelation_doc_comment_changed\x18\x06 \x01(\x0b\x32\x1b.authzed.api.v1.ExpRelationH\x00R\x19relationDocCommentChanged\x12m\n\x1brelation_subject_type_added\x18\x07 \x01(\x0b\x32,.authzed.api.v1.ExpRelationSubjectTypeChangeH\x00R\x18relationSubjectTypeAdded\x12q\n\x1drelation_subject_type_removed\x18\x08 \x01(\x0b\x32,.authzed.api.v1.ExpRelationSubjectTypeChangeH\x00R\x1arelationSubjectTypeRemoved\x12J\n\x10permission_added\x18\t \x01(\x0b\x32\x1d.authzed.api.v1.ExpPermissionH\x00R\x0fpermissionAdded\x12N\n\x12permission_removed\x18\n \x01(\x0b\x32\x1d.authzed.api.v1.ExpPermissionH\x00R\x11permissionRemoved\x12\x64\n\x1epermission_doc_comment_changed\x18\x0b \x01(\x0b\x32\x1d.authzed.api.v1.ExpPermissionH\x00R\x1bpermissionDocCommentChanged\x12W\n\x17permission_expr_changed\x18\x0c \x01(\x0b\x32\x1d.authzed.api.v1.ExpPermissionH\x00R\x15permissionExprChanged\x12>\n\x0c\x63\x61veat_added\x18\r \x01(\x0b\x32\x19.authzed.api.v1.ExpCaveatH\x00R\x0b\x63\x61veatAdded\x12\x42\n\x0e\x63\x61veat_removed\x18\x0e \x01(\x0b\x32\x19.authzed.api.v1.ExpCaveatH\x00R\rcaveatRemoved\x12X\n\x1a\x63\x61veat_doc_comment_changed\x18\x0f \x01(\x0b\x32\x19.authzed.api.v1.ExpCaveatH\x00R\x17\x63\x61veatDocCommentChanged\x12K\n\x13\x63\x61veat_expr_changed\x18\x10 \x01(\x0b\x32\x19.authzed.api.v1.ExpCaveatH\x00R\x11\x63\x61veatExprChanged\x12Z\n\x16\x63\x61veat_parameter_added\x18\x11 \x01(\x0b\x32\".authzed.api.v1.ExpCaveatParameterH\x00R\x14\x63\x61veatParameterAdded\x12^\n\x18\x63\x61veat_parameter_removed\x18\x12 \x01(\x0b\x32\".authzed.api.v1.ExpCaveatParameterH\x00R\x16\x63\x61veatParameterRemoved\x12q\n\x1d\x63\x61veat_parameter_type_changed\x18\x13 \x01(\x0b\x32,.authzed.api.v1.ExpCaveatParameterTypeChangeH\x00R\x1a\x63\x61veatParameterTypeChangedB\x06\n\x04\x64iff2\x94\n\n\x13\x45xperimentalService\x12\xb2\x01\n\x17\x42ulkImportRelationships\x12..authzed.api.v1.BulkImportRelationshipsRequest\x1a/.authzed.api.v1.BulkImportRelationshipsResponse\"4\x82\xd3\xe4\x93\x02.\")/v1/experimental/relationships/bulkimport:\x01*(\x01\x12\xb2\x01\n\x17\x42ulkExportRelationships\x12..authzed.api.v1.BulkExportRelationshipsRequest\x1a/.authzed.api.v1.BulkExportRelationshipsResponse\"4\x82\xd3\xe4\x93\x02.\")/v1/experimental/relationships/bulkexport:\x01*0\x01\x12\xae\x01\n\x13\x42ulkCheckPermission\x12*.authzed.api.v1.BulkCheckPermissionRequest\x1a+.authzed.api.v1.BulkCheckPermissionResponse\">\x88\x02\x01\x82\xd3\xe4\x93\x02\x35\"0/v1/experimental/permissions/bulkcheckpermission:\x01*\x12\xab\x01\n\x19\x45xperimentalReflectSchema\x12\x30.authzed.api.v1.ExperimentalReflectSchemaRequest\x1a\x31.authzed.api.v1.ExperimentalReflectSchemaResponse\")\x82\xd3\xe4\x93\x02#\"\x1e/v1/experimental/reflectschema:\x01*\x12\xcc\x01\n!ExperimentalComputablePermissions\x12\x38.authzed.api.v1.ExperimentalComputablePermissionsRequest\x1a\x39.authzed.api.v1.ExperimentalComputablePermissionsResponse\"2\x82\xd3\xe4\x93\x02,\"\'/v1/experimental/permissions/computable:\x01*\x12\xc2\x01\n\x1e\x45xperimentalDependentRelations\x12\x35.authzed.api.v1.ExperimentalDependentRelationsRequest\x1a\x36.authzed.api.v1.ExperimentalDependentRelationsResponse\"1\x82\xd3\xe4\x93\x02+\"&/v1/experimental/permissions/dependent:\x01*\x12\x9f\x01\n\x16\x45xperimentalDiffSchema\x12-.authzed.api.v1.ExperimentalDiffSchemaRequest\x1a..authzed.api.v1.ExperimentalDiffSchemaResponse\"&\x82\xd3\xe4\x93\x02 \"\x1b/v1/experimental/diffschema:\x01*BJ\n\x12\x63om.authzed.api.v1P\x01Z2github.com/authzed/authzed-go/proto/authzed/api/v1b\x06proto3"
|
|
15
|
+
descriptor_data = "\n)authzed/api/v1/experimental_service.proto\x12\x0e\x61uthzed.api.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17validate/validate.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x17google/rpc/status.proto\x1a\x19\x61uthzed/api/v1/core.proto\x1a\'authzed/api/v1/permission_service.proto\"\xcf\x01\n.ExperimentalRegisterRelationshipCounterRequest\x12>\n\x04name\x18\x01 \x01(\tB*\xfa\x42\'r%(@2!^([a-z][a-z0-9_]{1,62}[a-z0-9])?$R\x04name\x12]\n\x13relationship_filter\x18\x02 \x01(\x0b\x32\".authzed.api.v1.RelationshipFilterB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x12relationshipFilter\"1\n/ExperimentalRegisterRelationshipCounterResponse\"g\n%ExperimentalCountRelationshipsRequest\x12>\n\x04name\x18\x01 \x01(\tB*\xfa\x42\'r%(@2!^([a-z][a-z0-9_]{1,62}[a-z0-9])?$R\x04name\"\xca\x01\n&ExperimentalCountRelationshipsResponse\x12<\n\x19\x63ounter_still_calculating\x18\x01 \x01(\x08H\x00R\x17\x63ounterStillCalculating\x12P\n\x12read_counter_value\x18\x02 \x01(\x0b\x32 .authzed.api.v1.ReadCounterValueH\x00R\x10readCounterValueB\x10\n\x0e\x63ounter_result\"~\n\x10ReadCounterValue\x12-\n\x12relationship_count\x18\x01 \x01(\x04R\x11relationshipCount\x12;\n\x07read_at\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x06readAt\"r\n0ExperimentalUnregisterRelationshipCounterRequest\x12>\n\x04name\x18\x01 \x01(\tB*\xfa\x42\'r%(@2!^([a-z][a-z0-9_]{1,62}[a-z0-9])?$R\x04name\"3\n1ExperimentalUnregisterRelationshipCounterResponse\"\xb2\x01\n\x1a\x42ulkCheckPermissionRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12U\n\x05items\x18\x02 \x03(\x0b\x32..authzed.api.v1.BulkCheckPermissionRequestItemB\x0f\x18\x01\xfa\x42\n\x92\x01\x07\"\x05\x8a\x01\x02\x10\x01R\x05items\"\xb6\x02\n\x1e\x42ulkCheckPermissionRequestItem\x12\x45\n\x08resource\x18\x01 \x01(\x0b\x32\x1f.authzed.api.v1.ObjectReferenceB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x08resource\x12J\n\npermission\x18\x02 \x01(\tB*\xfa\x42\'r%(@2!^([a-z][a-z0-9_]{1,62}[a-z0-9])?$R\npermission\x12\x44\n\x07subject\x18\x03 \x01(\x0b\x32 .authzed.api.v1.SubjectReferenceB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x07subject\x12;\n\x07\x63ontext\x18\x04 \x01(\x0b\x32\x17.google.protobuf.StructB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\x07\x63ontext\"\xae\x01\n\x1b\x42ulkCheckPermissionResponse\x12\x41\n\nchecked_at\x18\x01 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\tcheckedAt\x12L\n\x05pairs\x18\x02 \x03(\x0b\x32\'.authzed.api.v1.BulkCheckPermissionPairB\r\xfa\x42\n\x92\x01\x07\"\x05\x8a\x01\x02\x10\x01R\x05pairs\"\xe2\x01\n\x17\x42ulkCheckPermissionPair\x12H\n\x07request\x18\x01 \x01(\x0b\x32..authzed.api.v1.BulkCheckPermissionRequestItemR\x07request\x12\x45\n\x04item\x18\x02 \x01(\x0b\x32/.authzed.api.v1.BulkCheckPermissionResponseItemH\x00R\x04item\x12*\n\x05\x65rror\x18\x03 \x01(\x0b\x32\x12.google.rpc.StatusH\x00R\x05\x65rrorB\n\n\x08response\"\xea\x01\n\x1f\x42ulkCheckPermissionResponseItem\x12j\n\x0epermissionship\x18\x01 \x01(\x0e\x32\x36.authzed.api.v1.CheckPermissionResponse.PermissionshipB\n\xfa\x42\x07\x82\x01\x04\x10\x01 \x00R\x0epermissionship\x12[\n\x13partial_caveat_info\x18\x02 \x01(\x0b\x32!.authzed.api.v1.PartialCaveatInfoB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\x11partialCaveatInfo\"s\n\x1e\x42ulkImportRelationshipsRequest\x12Q\n\rrelationships\x18\x01 \x03(\x0b\x32\x1c.authzed.api.v1.RelationshipB\r\xfa\x42\n\x92\x01\x07\"\x05\x8a\x01\x02\x10\x01R\rrelationships\"@\n\x1f\x42ulkImportRelationshipsResponse\x12\x1d\n\nnum_loaded\x18\x01 \x01(\x04R\tnumLoaded\"\xb6\x02\n\x1e\x42ulkExportRelationshipsRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12.\n\x0eoptional_limit\x18\x02 \x01(\rB\x07\xfa\x42\x04*\x02(\x00R\roptionalLimit\x12?\n\x0foptional_cursor\x18\x03 \x01(\x0b\x32\x16.authzed.api.v1.CursorR\x0eoptionalCursor\x12\x64\n\x1coptional_relationship_filter\x18\x04 \x01(\x0b\x32\".authzed.api.v1.RelationshipFilterR\x1aoptionalRelationshipFilter\"\xad\x01\n\x1f\x42ulkExportRelationshipsResponse\x12\x46\n\x13\x61\x66ter_result_cursor\x18\x01 \x01(\x0b\x32\x16.authzed.api.v1.CursorR\x11\x61\x66terResultCursor\x12\x42\n\rrelationships\x18\x02 \x03(\x0b\x32\x1c.authzed.api.v1.RelationshipR\rrelationships\"\xad\x01\n ExperimentalReflectSchemaRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12J\n\x10optional_filters\x18\x02 \x03(\x0b\x32\x1f.authzed.api.v1.ExpSchemaFilterR\x0foptionalFilters\"\xcc\x01\n!ExperimentalReflectSchemaResponse\x12?\n\x0b\x64\x65\x66initions\x18\x01 \x03(\x0b\x32\x1d.authzed.api.v1.ExpDefinitionR\x0b\x64\x65\x66initions\x12\x33\n\x07\x63\x61veats\x18\x02 \x03(\x0b\x32\x19.authzed.api.v1.ExpCaveatR\x07\x63\x61veats\x12\x31\n\x07read_at\x18\x03 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x06readAt\"\xa1\x02\n\x0f\x45xpSchemaFilter\x12\x45\n\x1foptional_definition_name_filter\x18\x01 \x01(\tR\x1coptionalDefinitionNameFilter\x12=\n\x1boptional_caveat_name_filter\x18\x02 \x01(\tR\x18optionalCaveatNameFilter\x12\x41\n\x1doptional_relation_name_filter\x18\x03 \x01(\tR\x1aoptionalRelationNameFilter\x12\x45\n\x1foptional_permission_name_filter\x18\x04 \x01(\tR\x1coptionalPermissionNameFilter\"\xb9\x01\n\rExpDefinition\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12\x18\n\x07\x63omment\x18\x02 \x01(\tR\x07\x63omment\x12\x39\n\trelations\x18\x03 \x03(\x0b\x32\x1b.authzed.api.v1.ExpRelationR\trelations\x12?\n\x0bpermissions\x18\x04 \x03(\x0b\x32\x1d.authzed.api.v1.ExpPermissionR\x0bpermissions\"\x9d\x01\n\tExpCaveat\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12\x18\n\x07\x63omment\x18\x02 \x01(\tR\x07\x63omment\x12\x42\n\nparameters\x18\x03 \x03(\x0b\x32\".authzed.api.v1.ExpCaveatParameterR\nparameters\x12\x1e\n\nexpression\x18\x04 \x01(\tR\nexpression\"j\n\x12\x45xpCaveatParameter\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12\x12\n\x04type\x18\x02 \x01(\tR\x04type\x12,\n\x12parent_caveat_name\x18\x03 \x01(\tR\x10parentCaveatName\"\xb8\x01\n\x0b\x45xpRelation\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12\x18\n\x07\x63omment\x18\x02 \x01(\tR\x07\x63omment\x12\x34\n\x16parent_definition_name\x18\x03 \x01(\tR\x14parentDefinitionName\x12\x45\n\rsubject_types\x18\x04 \x03(\x0b\x32 .authzed.api.v1.ExpTypeReferenceR\x0csubjectTypes\"\xa1\x02\n\x10\x45xpTypeReference\x12\x36\n\x17subject_definition_name\x18\x01 \x01(\tR\x15subjectDefinitionName\x12\x30\n\x14optional_caveat_name\x18\x02 \x01(\tR\x12optionalCaveatName\x12\x30\n\x13is_terminal_subject\x18\x03 \x01(\x08H\x00R\x11isTerminalSubject\x12\x36\n\x16optional_relation_name\x18\x04 \x01(\tH\x00R\x14optionalRelationName\x12.\n\x12is_public_wildcard\x18\x05 \x01(\x08H\x00R\x10isPublicWildcardB\t\n\x07typeref\"s\n\rExpPermission\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12\x18\n\x07\x63omment\x18\x02 \x01(\tR\x07\x63omment\x12\x34\n\x16parent_definition_name\x18\x03 \x01(\tR\x14parentDefinitionName\"\xfe\x01\n(ExperimentalComputablePermissionsRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12\'\n\x0f\x64\x65\x66inition_name\x18\x02 \x01(\tR\x0e\x64\x65\x66initionName\x12#\n\rrelation_name\x18\x03 \x01(\tR\x0crelationName\x12\x45\n\x1foptional_definition_name_filter\x18\x04 \x01(\tR\x1coptionalDefinitionNameFilter\"\x89\x01\n\x14\x45xpRelationReference\x12\'\n\x0f\x64\x65\x66inition_name\x18\x01 \x01(\tR\x0e\x64\x65\x66initionName\x12#\n\rrelation_name\x18\x02 \x01(\tR\x0crelationName\x12#\n\ris_permission\x18\x03 \x01(\x08R\x0cisPermission\"\xa6\x01\n)ExperimentalComputablePermissionsResponse\x12\x46\n\x0bpermissions\x18\x01 \x03(\x0b\x32$.authzed.api.v1.ExpRelationReferenceR\x0bpermissions\x12\x31\n\x07read_at\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x06readAt\"\xb8\x01\n%ExperimentalDependentRelationsRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12\'\n\x0f\x64\x65\x66inition_name\x18\x02 \x01(\tR\x0e\x64\x65\x66initionName\x12\'\n\x0fpermission_name\x18\x03 \x01(\tR\x0epermissionName\"\x9f\x01\n&ExperimentalDependentRelationsResponse\x12\x42\n\trelations\x18\x01 \x03(\x0b\x32$.authzed.api.v1.ExpRelationReferenceR\trelations\x12\x31\n\x07read_at\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x06readAt\"\x8b\x01\n\x1d\x45xperimentalDiffSchemaRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12+\n\x11\x63omparison_schema\x18\x02 \x01(\tR\x10\x63omparisonSchema\"\x88\x01\n\x1e\x45xperimentalDiffSchemaResponse\x12\x33\n\x05\x64iffs\x18\x01 \x03(\x0b\x32\x1d.authzed.api.v1.ExpSchemaDiffR\x05\x64iffs\x12\x31\n\x07read_at\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x06readAt\"\xab\x01\n\x1c\x45xpRelationSubjectTypeChange\x12\x37\n\x08relation\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ExpRelationR\x08relation\x12R\n\x14\x63hanged_subject_type\x18\x02 \x01(\x0b\x32 .authzed.api.v1.ExpTypeReferenceR\x12\x63hangedSubjectType\"\x85\x01\n\x1c\x45xpCaveatParameterTypeChange\x12@\n\tparameter\x18\x01 \x01(\x0b\x32\".authzed.api.v1.ExpCaveatParameterR\tparameter\x12#\n\rprevious_type\x18\x02 \x01(\tR\x0cpreviousType\"\xa0\r\n\rExpSchemaDiff\x12J\n\x10\x64\x65\x66inition_added\x18\x01 \x01(\x0b\x32\x1d.authzed.api.v1.ExpDefinitionH\x00R\x0f\x64\x65\x66initionAdded\x12N\n\x12\x64\x65\x66inition_removed\x18\x02 \x01(\x0b\x32\x1d.authzed.api.v1.ExpDefinitionH\x00R\x11\x64\x65\x66initionRemoved\x12\x64\n\x1e\x64\x65\x66inition_doc_comment_changed\x18\x03 \x01(\x0b\x32\x1d.authzed.api.v1.ExpDefinitionH\x00R\x1b\x64\x65\x66initionDocCommentChanged\x12\x44\n\x0erelation_added\x18\x04 \x01(\x0b\x32\x1b.authzed.api.v1.ExpRelationH\x00R\rrelationAdded\x12H\n\x10relation_removed\x18\x05 \x01(\x0b\x32\x1b.authzed.api.v1.ExpRelationH\x00R\x0frelationRemoved\x12^\n\x1crelation_doc_comment_changed\x18\x06 \x01(\x0b\x32\x1b.authzed.api.v1.ExpRelationH\x00R\x19relationDocCommentChanged\x12m\n\x1brelation_subject_type_added\x18\x07 \x01(\x0b\x32,.authzed.api.v1.ExpRelationSubjectTypeChangeH\x00R\x18relationSubjectTypeAdded\x12q\n\x1drelation_subject_type_removed\x18\x08 \x01(\x0b\x32,.authzed.api.v1.ExpRelationSubjectTypeChangeH\x00R\x1arelationSubjectTypeRemoved\x12J\n\x10permission_added\x18\t \x01(\x0b\x32\x1d.authzed.api.v1.ExpPermissionH\x00R\x0fpermissionAdded\x12N\n\x12permission_removed\x18\n \x01(\x0b\x32\x1d.authzed.api.v1.ExpPermissionH\x00R\x11permissionRemoved\x12\x64\n\x1epermission_doc_comment_changed\x18\x0b \x01(\x0b\x32\x1d.authzed.api.v1.ExpPermissionH\x00R\x1bpermissionDocCommentChanged\x12W\n\x17permission_expr_changed\x18\x0c \x01(\x0b\x32\x1d.authzed.api.v1.ExpPermissionH\x00R\x15permissionExprChanged\x12>\n\x0c\x63\x61veat_added\x18\r \x01(\x0b\x32\x19.authzed.api.v1.ExpCaveatH\x00R\x0b\x63\x61veatAdded\x12\x42\n\x0e\x63\x61veat_removed\x18\x0e \x01(\x0b\x32\x19.authzed.api.v1.ExpCaveatH\x00R\rcaveatRemoved\x12X\n\x1a\x63\x61veat_doc_comment_changed\x18\x0f \x01(\x0b\x32\x19.authzed.api.v1.ExpCaveatH\x00R\x17\x63\x61veatDocCommentChanged\x12K\n\x13\x63\x61veat_expr_changed\x18\x10 \x01(\x0b\x32\x19.authzed.api.v1.ExpCaveatH\x00R\x11\x63\x61veatExprChanged\x12Z\n\x16\x63\x61veat_parameter_added\x18\x11 \x01(\x0b\x32\".authzed.api.v1.ExpCaveatParameterH\x00R\x14\x63\x61veatParameterAdded\x12^\n\x18\x63\x61veat_parameter_removed\x18\x12 \x01(\x0b\x32\".authzed.api.v1.ExpCaveatParameterH\x00R\x16\x63\x61veatParameterRemoved\x12q\n\x1d\x63\x61veat_parameter_type_changed\x18\x13 \x01(\x0b\x32,.authzed.api.v1.ExpCaveatParameterTypeChangeH\x00R\x1a\x63\x61veatParameterTypeChangedB\x06\n\x04\x64iff2\xaa\x0f\n\x13\x45xperimentalService\x12\xb2\x01\n\x17\x42ulkImportRelationships\x12..authzed.api.v1.BulkImportRelationshipsRequest\x1a/.authzed.api.v1.BulkImportRelationshipsResponse\"4\x82\xd3\xe4\x93\x02.\")/v1/experimental/relationships/bulkimport:\x01*(\x01\x12\xb2\x01\n\x17\x42ulkExportRelationships\x12..authzed.api.v1.BulkExportRelationshipsRequest\x1a/.authzed.api.v1.BulkExportRelationshipsResponse\"4\x82\xd3\xe4\x93\x02.\")/v1/experimental/relationships/bulkexport:\x01*0\x01\x12\xae\x01\n\x13\x42ulkCheckPermission\x12*.authzed.api.v1.BulkCheckPermissionRequest\x1a+.authzed.api.v1.BulkCheckPermissionResponse\">\x88\x02\x01\x82\xd3\xe4\x93\x02\x35\"0/v1/experimental/permissions/bulkcheckpermission:\x01*\x12\xab\x01\n\x19\x45xperimentalReflectSchema\x12\x30.authzed.api.v1.ExperimentalReflectSchemaRequest\x1a\x31.authzed.api.v1.ExperimentalReflectSchemaResponse\")\x82\xd3\xe4\x93\x02#\"\x1e/v1/experimental/reflectschema:\x01*\x12\xcc\x01\n!ExperimentalComputablePermissions\x12\x38.authzed.api.v1.ExperimentalComputablePermissionsRequest\x1a\x39.authzed.api.v1.ExperimentalComputablePermissionsResponse\"2\x82\xd3\xe4\x93\x02,\"\'/v1/experimental/permissions/computable:\x01*\x12\xc2\x01\n\x1e\x45xperimentalDependentRelations\x12\x35.authzed.api.v1.ExperimentalDependentRelationsRequest\x1a\x36.authzed.api.v1.ExperimentalDependentRelationsResponse\"1\x82\xd3\xe4\x93\x02+\"&/v1/experimental/permissions/dependent:\x01*\x12\x9f\x01\n\x16\x45xperimentalDiffSchema\x12-.authzed.api.v1.ExperimentalDiffSchemaRequest\x1a..authzed.api.v1.ExperimentalDiffSchemaResponse\"&\x82\xd3\xe4\x93\x02 \"\x1b/v1/experimental/diffschema:\x01*\x12\xe3\x01\n\'ExperimentalRegisterRelationshipCounter\x12>.authzed.api.v1.ExperimentalRegisterRelationshipCounterRequest\x1a?.authzed.api.v1.ExperimentalRegisterRelationshipCounterResponse\"7\x82\xd3\xe4\x93\x02\x31\",/v1/experimental/registerrelationshipcounter:\x01*\x12\xbf\x01\n\x1e\x45xperimentalCountRelationships\x12\x35.authzed.api.v1.ExperimentalCountRelationshipsRequest\x1a\x36.authzed.api.v1.ExperimentalCountRelationshipsResponse\".\x82\xd3\xe4\x93\x02(\"#/v1/experimental/countrelationships:\x01*\x12\xeb\x01\n)ExperimentalUnregisterRelationshipCounter\x12@.authzed.api.v1.ExperimentalUnregisterRelationshipCounterRequest\x1a\x41.authzed.api.v1.ExperimentalUnregisterRelationshipCounterResponse\"9\x82\xd3\xe4\x93\x02\x33\"./v1/experimental/unregisterrelationshipcounter:\x01*BJ\n\x12\x63om.authzed.api.v1P\x01Z2github.com/authzed/authzed-go/proto/authzed/api/v1b\x06proto3"
|
|
16
16
|
|
|
17
17
|
pool = Google::Protobuf::DescriptorPool.generated_pool
|
|
18
18
|
pool.add_serialized_file(descriptor_data)
|
|
@@ -20,6 +20,13 @@ pool.add_serialized_file(descriptor_data)
|
|
|
20
20
|
module Authzed
|
|
21
21
|
module Api
|
|
22
22
|
module V1
|
|
23
|
+
ExperimentalRegisterRelationshipCounterRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExperimentalRegisterRelationshipCounterRequest").msgclass
|
|
24
|
+
ExperimentalRegisterRelationshipCounterResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExperimentalRegisterRelationshipCounterResponse").msgclass
|
|
25
|
+
ExperimentalCountRelationshipsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExperimentalCountRelationshipsRequest").msgclass
|
|
26
|
+
ExperimentalCountRelationshipsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExperimentalCountRelationshipsResponse").msgclass
|
|
27
|
+
ReadCounterValue = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadCounterValue").msgclass
|
|
28
|
+
ExperimentalUnregisterRelationshipCounterRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExperimentalUnregisterRelationshipCounterRequest").msgclass
|
|
29
|
+
ExperimentalUnregisterRelationshipCounterResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExperimentalUnregisterRelationshipCounterResponse").msgclass
|
|
23
30
|
BulkCheckPermissionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.BulkCheckPermissionRequest").msgclass
|
|
24
31
|
BulkCheckPermissionRequestItem = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.BulkCheckPermissionRequestItem").msgclass
|
|
25
32
|
BulkCheckPermissionResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.BulkCheckPermissionResponse").msgclass
|
|
@@ -51,6 +51,13 @@ module Authzed
|
|
|
51
51
|
# specified schema and the schema stored in SpiceDB. This is useful for clients that need to
|
|
52
52
|
# introspect the schema of a SpiceDB instance.
|
|
53
53
|
rpc :ExperimentalDiffSchema, ::Authzed::Api::V1::ExperimentalDiffSchemaRequest, ::Authzed::Api::V1::ExperimentalDiffSchemaResponse
|
|
54
|
+
# EXPERIMENTAL: RegisterRelationshipCounter registers a new filter for counting relationships. A filter must be registered before
|
|
55
|
+
# a count can be requested.
|
|
56
|
+
rpc :ExperimentalRegisterRelationshipCounter, ::Authzed::Api::V1::ExperimentalRegisterRelationshipCounterRequest, ::Authzed::Api::V1::ExperimentalRegisterRelationshipCounterResponse
|
|
57
|
+
# EXPERIMENTAL: CountRelationships returns the count of relationships for *pre-registered* filter.
|
|
58
|
+
rpc :ExperimentalCountRelationships, ::Authzed::Api::V1::ExperimentalCountRelationshipsRequest, ::Authzed::Api::V1::ExperimentalCountRelationshipsResponse
|
|
59
|
+
# EXPERIMENTAL: UnregisterRelationshipCounter unregisters an existing filter for counting relationships.
|
|
60
|
+
rpc :ExperimentalUnregisterRelationshipCounter, ::Authzed::Api::V1::ExperimentalUnregisterRelationshipCounterRequest, ::Authzed::Api::V1::ExperimentalUnregisterRelationshipCounterResponse
|
|
54
61
|
end
|
|
55
62
|
|
|
56
63
|
Stub = Service.rpc_stub_class
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authzed
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.10.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Authzed
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-07-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: grpc
|
|
@@ -62,6 +62,10 @@ files:
|
|
|
62
62
|
- LICENSE
|
|
63
63
|
- README.md
|
|
64
64
|
- lib/authzed.rb
|
|
65
|
+
- lib/authzed/api/materialize/v0/watchpermissions_pb.rb
|
|
66
|
+
- lib/authzed/api/materialize/v0/watchpermissions_services_pb.rb
|
|
67
|
+
- lib/authzed/api/materialize/v0/watchpermissionsets_pb.rb
|
|
68
|
+
- lib/authzed/api/materialize/v0/watchpermissionsets_services_pb.rb
|
|
65
69
|
- lib/authzed/api/v1/client.rb
|
|
66
70
|
- lib/authzed/api/v1/core_pb.rb
|
|
67
71
|
- lib/authzed/api/v1/debug_pb.rb
|
|
@@ -105,7 +109,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
105
109
|
- !ruby/object:Gem::Version
|
|
106
110
|
version: '0'
|
|
107
111
|
requirements: []
|
|
108
|
-
rubygems_version: 3.5.
|
|
112
|
+
rubygems_version: 3.5.11
|
|
109
113
|
signing_key:
|
|
110
114
|
specification_version: 4
|
|
111
115
|
summary: Ruby bindings for Authzed API
|