authzed 0.9.0 → 0.10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/authzed/api/materialize/v0/watchpermissions_pb.rb +27 -0
- data/lib/authzed/api/materialize/v0/watchpermissions_services_pb.rb +43 -0
- data/lib/authzed/api/materialize/v0/watchpermissionsets_pb.rb +32 -0
- data/lib/authzed/api/materialize/v0/watchpermissionsets_services_pb.rb +72 -0
- data/lib/authzed/api/v1/error_reason_pb.rb +1 -1
- data/lib/authzed/api/v1/experimental_service_pb.rb +8 -1
- data/lib/authzed/api/v1/experimental_service_services_pb.rb +7 -0
- metadata +7 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2c1ba614c020004756bfbe738e309b6074b5cd3a25043e0f4ab667e751d1547f
|
|
4
|
+
data.tar.gz: bc038d69c47e755693368828658b18b4f2e01c65c364872849397b87a599a0ea
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 63c8259be27b344dff675cb9d8215877d0954f1b657df010460d46d96b7cd9a1217e994be637a45421195025d3f81f66cbb226e2e0611e76c5d762678c34d76c
|
|
7
|
+
data.tar.gz: 24cffc179fa2dd2a7d96fd8f65ae3731ecdb4fb64c2ba78b5e5955f050e56dcf294d6f15b29ec4a5953ff764a9e1adfe6c646fb47186cc40f45bb5dc4cc54ac3
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
|
3
|
+
# source: authzed/api/materialize/v0/watchpermissions.proto
|
|
4
|
+
|
|
5
|
+
require 'google/protobuf'
|
|
6
|
+
|
|
7
|
+
require 'authzed/api/v1/core_pb'
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
descriptor_data = "\n1authzed/api/materialize/v0/watchpermissions.proto\x12\x1a\x61uthzed.api.materialize.v0\x1a\x19\x61uthzed/api/v1/core.proto\"\xbc\x01\n\x17WatchPermissionsRequest\x12O\n\x0bpermissions\x18\x01 \x03(\x0b\x32-.authzed.api.materialize.v0.WatchedPermissionR\x0bpermissions\x12P\n\x17optional_starting_after\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x15optionalStartingAfter\"\xb7\x01\n\x11WatchedPermission\x12#\n\rresource_type\x18\x01 \x01(\tR\x0cresourceType\x12\x1e\n\npermission\x18\x02 \x01(\tR\npermission\x12!\n\x0csubject_type\x18\x03 \x01(\tR\x0bsubjectType\x12:\n\x19optional_subject_relation\x18\x04 \x01(\tR\x17optionalSubjectRelation\"\xb9\x01\n\x18WatchPermissionsResponse\x12\x46\n\x06\x63hange\x18\x01 \x01(\x0b\x32,.authzed.api.materialize.v0.PermissionChangeH\x00R\x06\x63hange\x12I\n\x12\x63ompleted_revision\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenH\x00R\x11\x63ompletedRevisionB\n\n\x08response\"\xe9\x03\n\x10PermissionChange\x12\x34\n\x08revision\x18\x01 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x08revision\x12;\n\x08resource\x18\x02 \x01(\x0b\x32\x1f.authzed.api.v1.ObjectReferenceR\x08resource\x12\x1e\n\npermission\x18\x03 \x01(\tR\npermission\x12:\n\x07subject\x18\x04 \x01(\x0b\x32 .authzed.api.v1.SubjectReferenceR\x07subject\x12\x63\n\x0epermissionship\x18\x05 \x01(\x0e\x32;.authzed.api.materialize.v0.PermissionChange.PermissionshipR\x0epermissionship\"\xa0\x01\n\x0ePermissionship\x12\x1e\n\x1aPERMISSIONSHIP_UNSPECIFIED\x10\x00\x12 \n\x1cPERMISSIONSHIP_NO_PERMISSION\x10\x01\x12!\n\x1dPERMISSIONSHIP_HAS_PERMISSION\x10\x02\x12)\n%PERMISSIONSHIP_CONDITIONAL_PERMISSION\x10\x03\x32\x9d\x01\n\x17WatchPermissionsService\x12\x81\x01\n\x10WatchPermissions\x12\x33.authzed.api.materialize.v0.WatchPermissionsRequest\x1a\x34.authzed.api.materialize.v0.WatchPermissionsResponse\"\x00\x30\x01\x42\x62\n\x1e\x63om.authzed.api.materialize.v0P\x01Z>github.com/authzed/authzed-go/proto/authzed/api/materialize/v0b\x06proto3"
|
|
11
|
+
|
|
12
|
+
pool = Google::Protobuf::DescriptorPool.generated_pool
|
|
13
|
+
pool.add_serialized_file(descriptor_data)
|
|
14
|
+
|
|
15
|
+
module Authzed
|
|
16
|
+
module Api
|
|
17
|
+
module Materialize
|
|
18
|
+
module V0
|
|
19
|
+
WatchPermissionsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.WatchPermissionsRequest").msgclass
|
|
20
|
+
WatchedPermission = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.WatchedPermission").msgclass
|
|
21
|
+
WatchPermissionsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.WatchPermissionsResponse").msgclass
|
|
22
|
+
PermissionChange = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.PermissionChange").msgclass
|
|
23
|
+
PermissionChange::Permissionship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.PermissionChange.Permissionship").enummodule
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
|
2
|
+
# Source: authzed/api/materialize/v0/watchpermissions.proto for package 'authzed.api.materialize.v0'
|
|
3
|
+
|
|
4
|
+
require 'grpc'
|
|
5
|
+
require 'authzed/api/materialize/v0/watchpermissions_pb'
|
|
6
|
+
|
|
7
|
+
module Authzed
|
|
8
|
+
module Api
|
|
9
|
+
module Materialize
|
|
10
|
+
module V0
|
|
11
|
+
module WatchPermissionsService
|
|
12
|
+
class Service
|
|
13
|
+
|
|
14
|
+
include ::GRPC::GenericService
|
|
15
|
+
|
|
16
|
+
self.marshal_class_method = :encode
|
|
17
|
+
self.unmarshal_class_method = :decode
|
|
18
|
+
self.service_name = 'authzed.api.materialize.v0.WatchPermissionsService'
|
|
19
|
+
|
|
20
|
+
# WatchPermissions returns a stream of PermissionChange events for the given permissions.
|
|
21
|
+
#
|
|
22
|
+
# WatchPermissions is a long-running RPC, and will stream events until the client
|
|
23
|
+
# closes the connection or the server terminates the stream. The consumer is responsible of
|
|
24
|
+
# keeping track of the last seen revision and resuming the stream from that point in the event
|
|
25
|
+
# of disconnection or client-side restarts.
|
|
26
|
+
#
|
|
27
|
+
# The API does not offer a sharding mechanism and thus there should only be one consumer per target system.
|
|
28
|
+
# Implementing an active-active HA consumer setup over the same target system will require coordinating which
|
|
29
|
+
# revisions have been consumed in order to prevent transitioning to an inconsistent state.
|
|
30
|
+
#
|
|
31
|
+
# Usage of WatchPermissions requires to be explicitly enabled on the service, including the permissions to be
|
|
32
|
+
# watched. It requires more resources and is less performant than WatchPermissionsSets. It's usage
|
|
33
|
+
# is only recommended when performing the set intersections of WatchPermissionSets in the client side is not viable
|
|
34
|
+
# or there is a strict application requirement to use consume the computed permissions.
|
|
35
|
+
rpc :WatchPermissions, ::Authzed::Api::Materialize::V0::WatchPermissionsRequest, stream(::Authzed::Api::Materialize::V0::WatchPermissionsResponse)
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
Stub = Service.rpc_stub_class
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
|
3
|
+
# source: authzed/api/materialize/v0/watchpermissionsets.proto
|
|
4
|
+
|
|
5
|
+
require 'google/protobuf'
|
|
6
|
+
|
|
7
|
+
require 'authzed/api/v1/core_pb'
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
descriptor_data = "\n4authzed/api/materialize/v0/watchpermissionsets.proto\x12\x1a\x61uthzed.api.materialize.v0\x1a\x19\x61uthzed/api/v1/core.proto\"n\n\x1aWatchPermissionSetsRequest\x12P\n\x17optional_starting_after\x18\x01 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x15optionalStartingAfter\"\xc3\x02\n\x1bWatchPermissionSetsResponse\x12I\n\x06\x63hange\x18\x01 \x01(\x0b\x32/.authzed.api.materialize.v0.PermissionSetChangeH\x00R\x06\x63hange\x12I\n\x12\x63ompleted_revision\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenH\x00R\x11\x63ompletedRevision\x12\x81\x01\n\x1flookup_permission_sets_required\x18\x03 \x01(\x0b\x32\x38.authzed.api.materialize.v0.LookupPermissionSetsRequiredH\x00R\x1clookupPermissionSetsRequiredB\n\n\x08response\"\xa2\x01\n\x06\x43ursor\x12\x14\n\x05limit\x18\x01 \x01(\rR\x05limit\x12.\n\x05token\x18\x04 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x05token\x12%\n\x0estarting_index\x18\x05 \x01(\rR\rstartingIndex\x12+\n\x11\x63ompleted_members\x18\x06 \x01(\x08R\x10\x63ompletedMembers\"\x9c\x01\n\x1bLookupPermissionSetsRequest\x12\x14\n\x05limit\x18\x01 \x01(\rR\x05limit\x12g\n\x1eoptional_starting_after_cursor\x18\x04 \x01(\x0b\x32\".authzed.api.materialize.v0.CursorR\x1boptionalStartingAfterCursor\"\xa3\x01\n\x1cLookupPermissionSetsResponse\x12G\n\x06\x63hange\x18\x01 \x01(\x0b\x32/.authzed.api.materialize.v0.PermissionSetChangeR\x06\x63hange\x12:\n\x06\x63ursor\x18\x02 \x01(\x0b\x32\".authzed.api.materialize.v0.CursorR\x06\x63ursor\"\xfc\x03\n\x13PermissionSetChange\x12\x39\n\x0b\x61t_revision\x18\x01 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\natRevision\x12Z\n\toperation\x18\x02 \x01(\x0e\x32<.authzed.api.materialize.v0.PermissionSetChange.SetOperationR\toperation\x12G\n\nparent_set\x18\x03 \x01(\x0b\x32(.authzed.api.materialize.v0.SetReferenceR\tparentSet\x12G\n\tchild_set\x18\x04 \x01(\x0b\x32(.authzed.api.materialize.v0.SetReferenceH\x00R\x08\x63hildSet\x12P\n\x0c\x63hild_member\x18\x05 \x01(\x0b\x32+.authzed.api.materialize.v0.MemberReferenceH\x00R\x0b\x63hildMember\"a\n\x0cSetOperation\x12\x1d\n\x19SET_OPERATION_UNSPECIFIED\x10\x00\x12\x17\n\x13SET_OPERATION_ADDED\x10\x01\x12\x19\n\x15SET_OPERATION_REMOVED\x10\x02\x42\x07\n\x05\x63hild\"\x82\x01\n\x0cSetReference\x12\x1f\n\x0bobject_type\x18\x01 \x01(\tR\nobjectType\x12\x1b\n\tobject_id\x18\x02 \x01(\tR\x08objectId\x12\x34\n\x16permission_or_relation\x18\x03 \x01(\tR\x14permissionOrRelation\"\x96\x01\n\x0fMemberReference\x12\x1f\n\x0bobject_type\x18\x01 \x01(\tR\nobjectType\x12\x1b\n\tobject_id\x18\x02 \x01(\tR\x08objectId\x12\x45\n\x1foptional_permission_or_relation\x18\x03 \x01(\tR\x1coptionalPermissionOrRelation\"f\n\x1cLookupPermissionSetsRequired\x12\x46\n\x12required_lookup_at\x18\x01 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x10requiredLookupAt2\xb9\x02\n\x1aWatchPermissionSetsService\x12\x8a\x01\n\x13WatchPermissionSets\x12\x36.authzed.api.materialize.v0.WatchPermissionSetsRequest\x1a\x37.authzed.api.materialize.v0.WatchPermissionSetsResponse\"\x00\x30\x01\x12\x8d\x01\n\x14LookupPermissionSets\x12\x37.authzed.api.materialize.v0.LookupPermissionSetsRequest\x1a\x38.authzed.api.materialize.v0.LookupPermissionSetsResponse\"\x00\x30\x01\x42\x62\n\x1e\x63om.authzed.api.materialize.v0P\x01Z>github.com/authzed/authzed-go/proto/authzed/api/materialize/v0b\x06proto3"
|
|
11
|
+
|
|
12
|
+
pool = Google::Protobuf::DescriptorPool.generated_pool
|
|
13
|
+
pool.add_serialized_file(descriptor_data)
|
|
14
|
+
|
|
15
|
+
module Authzed
|
|
16
|
+
module Api
|
|
17
|
+
module Materialize
|
|
18
|
+
module V0
|
|
19
|
+
WatchPermissionSetsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.WatchPermissionSetsRequest").msgclass
|
|
20
|
+
WatchPermissionSetsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.WatchPermissionSetsResponse").msgclass
|
|
21
|
+
Cursor = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.Cursor").msgclass
|
|
22
|
+
LookupPermissionSetsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.LookupPermissionSetsRequest").msgclass
|
|
23
|
+
LookupPermissionSetsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.LookupPermissionSetsResponse").msgclass
|
|
24
|
+
PermissionSetChange = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.PermissionSetChange").msgclass
|
|
25
|
+
PermissionSetChange::SetOperation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.PermissionSetChange.SetOperation").enummodule
|
|
26
|
+
SetReference = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.SetReference").msgclass
|
|
27
|
+
MemberReference = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.MemberReference").msgclass
|
|
28
|
+
LookupPermissionSetsRequired = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.materialize.v0.LookupPermissionSetsRequired").msgclass
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
|
2
|
+
# Source: authzed/api/materialize/v0/watchpermissionsets.proto for package 'authzed.api.materialize.v0'
|
|
3
|
+
|
|
4
|
+
require 'grpc'
|
|
5
|
+
require 'authzed/api/materialize/v0/watchpermissionsets_pb'
|
|
6
|
+
|
|
7
|
+
module Authzed
|
|
8
|
+
module Api
|
|
9
|
+
module Materialize
|
|
10
|
+
module V0
|
|
11
|
+
module WatchPermissionSetsService
|
|
12
|
+
class Service
|
|
13
|
+
|
|
14
|
+
include ::GRPC::GenericService
|
|
15
|
+
|
|
16
|
+
self.marshal_class_method = :encode
|
|
17
|
+
self.unmarshal_class_method = :decode
|
|
18
|
+
self.service_name = 'authzed.api.materialize.v0.WatchPermissionSetsService'
|
|
19
|
+
|
|
20
|
+
# WatchPermissionSets returns a stream of changes to the sets which can be used to compute the watched permissions.
|
|
21
|
+
#
|
|
22
|
+
# WatchPermissionSets lets consumers achieve the same thing as WatchPermissions, but trades off a simpler usage model with
|
|
23
|
+
# significantly lower computational requirements. Unlike WatchPermissions, this method returns changes to the sets of permissions,
|
|
24
|
+
# rather than the individual permissions. Permission sets are a normalized form of the computed permissions, which
|
|
25
|
+
# means that the consumer must perform an extra computation over this representation to obtain the final computed
|
|
26
|
+
# permissions, typically by intersecting the provided sets.
|
|
27
|
+
#
|
|
28
|
+
# For example, this would look like a JOIN between the
|
|
29
|
+
# materialize permission sets table in a target relation database, the table with the resources to authorize access
|
|
30
|
+
# to, and the table with the subject (e.g. a user).
|
|
31
|
+
#
|
|
32
|
+
# In exchange, the number of changes issued by WatchPermissionSets will be several orders of magnitude less than those
|
|
33
|
+
# emitted by WatchPermissions, which has several implications:
|
|
34
|
+
# - significantly less resources to compute the sets
|
|
35
|
+
# - significantly less messages to stream over the network
|
|
36
|
+
# - significantly less events to ingest on the consumer side
|
|
37
|
+
# - less ingestion lag from the origin SpiceDB mutation
|
|
38
|
+
#
|
|
39
|
+
# The type of scenarios WatchPermissionSets is particularly well suited is when a single change
|
|
40
|
+
# in the origin SpiceDB can yield millions of changes. For example, in the GitHub authorization model, assigning a role
|
|
41
|
+
# to a top-level team of an organization with hundreds of thousands of employees can lead to an explosion of
|
|
42
|
+
# permission change events that would require a lot of computational resources to process, both on Materialize and
|
|
43
|
+
# the consumer side.
|
|
44
|
+
#
|
|
45
|
+
# WatchPermissionSets is thus recommended for any larger scale use case where the fan-out in permission changes that
|
|
46
|
+
# emerges from a specific schema and data shape is too large to handle effectively.
|
|
47
|
+
#
|
|
48
|
+
# The API does not offer a sharding mechanism and thus there should only be one consumer per target system.
|
|
49
|
+
# Implementing an active-active HA consumer setup over the same target system will require coordinating which
|
|
50
|
+
# revisions have been consumed in order to prevent transitioning to an inconsistent state.
|
|
51
|
+
rpc :WatchPermissionSets, ::Authzed::Api::Materialize::V0::WatchPermissionSetsRequest, stream(::Authzed::Api::Materialize::V0::WatchPermissionSetsResponse)
|
|
52
|
+
# LookupPermissionSets returns the current state of the permission sets which can be used to derive the computed permissions.
|
|
53
|
+
# It's typically used to backfill the state of the permission sets in the consumer side.
|
|
54
|
+
#
|
|
55
|
+
# It's a cursored API and the consumer is responsible to keep track of the cursor and use it on each subsequent call.
|
|
56
|
+
# Each stream will return <N> permission sets defined by the specified request limit. The server will keep streaming until
|
|
57
|
+
# the sets per stream is hit, or the current state of the sets is reached,
|
|
58
|
+
# whatever happens first, and then close the stream. The server will indicate there are no more changes to stream
|
|
59
|
+
# through the `completed_members` in the cursor.
|
|
60
|
+
#
|
|
61
|
+
# There may be many elements to stream, and so the consumer should be prepared to resume the stream from the last
|
|
62
|
+
# cursor received. Once completed, the consumer may start streaming permission set changes using WatchPermissionSets
|
|
63
|
+
# and the revision token from the last LookupPermissionSets response.
|
|
64
|
+
rpc :LookupPermissionSets, ::Authzed::Api::Materialize::V0::LookupPermissionSetsRequest, stream(::Authzed::Api::Materialize::V0::LookupPermissionSetsResponse)
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
Stub = Service.rpc_stub_class
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
end
|
|
71
|
+
end
|
|
72
|
+
end
|
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
require 'google/protobuf'
|
|
6
6
|
|
|
7
7
|
|
|
8
|
-
descriptor_data = "\n!authzed/api/v1/error_reason.proto\x12\x0e\x61uthzed.api.v1*\
|
|
8
|
+
descriptor_data = "\n!authzed/api/v1/error_reason.proto\x12\x0e\x61uthzed.api.v1*\xf1\t\n\x0b\x45rrorReason\x12\x1c\n\x18\x45RROR_REASON_UNSPECIFIED\x10\x00\x12#\n\x1f\x45RROR_REASON_SCHEMA_PARSE_ERROR\x10\x01\x12\"\n\x1e\x45RROR_REASON_SCHEMA_TYPE_ERROR\x10\x02\x12#\n\x1f\x45RROR_REASON_UNKNOWN_DEFINITION\x10\x03\x12/\n+ERROR_REASON_UNKNOWN_RELATION_OR_PERMISSION\x10\x04\x12,\n(ERROR_REASON_TOO_MANY_UPDATES_IN_REQUEST\x10\x05\x12\x32\n.ERROR_REASON_TOO_MANY_PRECONDITIONS_IN_REQUEST\x10\x06\x12\x35\n1ERROR_REASON_WRITE_OR_DELETE_PRECONDITION_FAILURE\x10\x07\x12\"\n\x1e\x45RROR_REASON_SERVICE_READ_ONLY\x10\x08\x12\x1f\n\x1b\x45RROR_REASON_UNKNOWN_CAVEAT\x10\t\x12%\n!ERROR_REASON_INVALID_SUBJECT_TYPE\x10\n\x12,\n(ERROR_REASON_CAVEAT_PARAMETER_TYPE_ERROR\x10\x0b\x12-\n)ERROR_REASON_UPDATES_ON_SAME_RELATIONSHIP\x10\x0c\x12)\n%ERROR_REASON_CANNOT_UPDATE_PERMISSION\x10\r\x12(\n$ERROR_REASON_CAVEAT_EVALUATION_ERROR\x10\x0e\x12\x1f\n\x1b\x45RROR_REASON_INVALID_CURSOR\x10\x0f\x12@\n<ERROR_REASON_TOO_MANY_RELATIONSHIPS_FOR_TRANSACTIONAL_DELETE\x10\x10\x12.\n*ERROR_REASON_MAX_RELATIONSHIP_CONTEXT_SIZE\x10\x11\x12\x31\n-ERROR_REASON_ATTEMPT_TO_RECREATE_RELATIONSHIP\x10\x12\x12\'\n#ERROR_REASON_MAXIMUM_DEPTH_EXCEEDED\x10\x13\x12&\n\"ERROR_REASON_SERIALIZATION_FAILURE\x10\x14\x12+\n\'ERROR_REASON_TOO_MANY_CHECKS_IN_REQUEST\x10\x15\x12\x30\n,ERROR_REASON_EXCEEDS_MAXIMUM_ALLOWABLE_LIMIT\x10\x16\x12\x1f\n\x1b\x45RROR_REASON_INVALID_FILTER\x10\x17\x12\x35\n1ERROR_REASON_INMEMORY_TOO_MANY_CONCURRENT_UPDATES\x10\x18\x12#\n\x1f\x45RROR_REASON_EMPTY_PRECONDITION\x10\x19\x12+\n\'ERROR_REASON_COUNTER_ALREADY_REGISTERED\x10\x1a\x12\'\n#ERROR_REASON_COUNTER_NOT_REGISTERED\x10\x1b\x12%\n!ERROR_REASON_WILDCARD_NOT_ALLOWED\x10\x1c\x42J\n\x12\x63om.authzed.api.v1P\x01Z2github.com/authzed/authzed-go/proto/authzed/api/v1b\x06proto3"
|
|
9
9
|
|
|
10
10
|
pool = Google::Protobuf::DescriptorPool.generated_pool
|
|
11
11
|
pool.add_serialized_file(descriptor_data)
|
|
@@ -12,7 +12,7 @@ require 'authzed/api/v1/core_pb'
|
|
|
12
12
|
require 'authzed/api/v1/permission_service_pb'
|
|
13
13
|
|
|
14
14
|
|
|
15
|
-
descriptor_data = "\n)authzed/api/v1/experimental_service.proto\x12\x0e\x61uthzed.api.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17validate/validate.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x17google/rpc/status.proto\x1a\x19\x61uthzed/api/v1/core.proto\x1a\'authzed/api/v1/permission_service.proto\"\xb2\x01\n\x1a\x42ulkCheckPermissionRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12U\n\x05items\x18\x02 \x03(\x0b\x32..authzed.api.v1.BulkCheckPermissionRequestItemB\x0f\x18\x01\xfa\x42\n\x92\x01\x07\"\x05\x8a\x01\x02\x10\x01R\x05items\"\xb6\x02\n\x1e\x42ulkCheckPermissionRequestItem\x12\x45\n\x08resource\x18\x01 \x01(\x0b\x32\x1f.authzed.api.v1.ObjectReferenceB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x08resource\x12J\n\npermission\x18\x02 \x01(\tB*\xfa\x42\'r%(@2!^([a-z][a-z0-9_]{1,62}[a-z0-9])?$R\npermission\x12\x44\n\x07subject\x18\x03 \x01(\x0b\x32 .authzed.api.v1.SubjectReferenceB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x07subject\x12;\n\x07\x63ontext\x18\x04 \x01(\x0b\x32\x17.google.protobuf.StructB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\x07\x63ontext\"\xae\x01\n\x1b\x42ulkCheckPermissionResponse\x12\x41\n\nchecked_at\x18\x01 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\tcheckedAt\x12L\n\x05pairs\x18\x02 \x03(\x0b\x32\'.authzed.api.v1.BulkCheckPermissionPairB\r\xfa\x42\n\x92\x01\x07\"\x05\x8a\x01\x02\x10\x01R\x05pairs\"\xe2\x01\n\x17\x42ulkCheckPermissionPair\x12H\n\x07request\x18\x01 \x01(\x0b\x32..authzed.api.v1.BulkCheckPermissionRequestItemR\x07request\x12\x45\n\x04item\x18\x02 \x01(\x0b\x32/.authzed.api.v1.BulkCheckPermissionResponseItemH\x00R\x04item\x12*\n\x05\x65rror\x18\x03 \x01(\x0b\x32\x12.google.rpc.StatusH\x00R\x05\x65rrorB\n\n\x08response\"\xea\x01\n\x1f\x42ulkCheckPermissionResponseItem\x12j\n\x0epermissionship\x18\x01 \x01(\x0e\x32\x36.authzed.api.v1.CheckPermissionResponse.PermissionshipB\n\xfa\x42\x07\x82\x01\x04\x10\x01 \x00R\x0epermissionship\x12[\n\x13partial_caveat_info\x18\x02 \x01(\x0b\x32!.authzed.api.v1.PartialCaveatInfoB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\x11partialCaveatInfo\"s\n\x1e\x42ulkImportRelationshipsRequest\x12Q\n\rrelationships\x18\x01 \x03(\x0b\x32\x1c.authzed.api.v1.RelationshipB\r\xfa\x42\n\x92\x01\x07\"\x05\x8a\x01\x02\x10\x01R\rrelationships\"@\n\x1f\x42ulkImportRelationshipsResponse\x12\x1d\n\nnum_loaded\x18\x01 \x01(\x04R\tnumLoaded\"\xb6\x02\n\x1e\x42ulkExportRelationshipsRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12.\n\x0eoptional_limit\x18\x02 \x01(\rB\x07\xfa\x42\x04*\x02(\x00R\roptionalLimit\x12?\n\x0foptional_cursor\x18\x03 \x01(\x0b\x32\x16.authzed.api.v1.CursorR\x0eoptionalCursor\x12\x64\n\x1coptional_relationship_filter\x18\x04 \x01(\x0b\x32\".authzed.api.v1.RelationshipFilterR\x1aoptionalRelationshipFilter\"\xad\x01\n\x1f\x42ulkExportRelationshipsResponse\x12\x46\n\x13\x61\x66ter_result_cursor\x18\x01 \x01(\x0b\x32\x16.authzed.api.v1.CursorR\x11\x61\x66terResultCursor\x12\x42\n\rrelationships\x18\x02 \x03(\x0b\x32\x1c.authzed.api.v1.RelationshipR\rrelationships\"\xad\x01\n ExperimentalReflectSchemaRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12J\n\x10optional_filters\x18\x02 \x03(\x0b\x32\x1f.authzed.api.v1.ExpSchemaFilterR\x0foptionalFilters\"\xcc\x01\n!ExperimentalReflectSchemaResponse\x12?\n\x0b\x64\x65\x66initions\x18\x01 \x03(\x0b\x32\x1d.authzed.api.v1.ExpDefinitionR\x0b\x64\x65\x66initions\x12\x33\n\x07\x63\x61veats\x18\x02 \x03(\x0b\x32\x19.authzed.api.v1.ExpCaveatR\x07\x63\x61veats\x12\x31\n\x07read_at\x18\x03 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x06readAt\"\xa1\x02\n\x0f\x45xpSchemaFilter\x12\x45\n\x1foptional_definition_name_filter\x18\x01 \x01(\tR\x1coptionalDefinitionNameFilter\x12=\n\x1boptional_caveat_name_filter\x18\x02 \x01(\tR\x18optionalCaveatNameFilter\x12\x41\n\x1doptional_relation_name_filter\x18\x03 \x01(\tR\x1aoptionalRelationNameFilter\x12\x45\n\x1foptional_permission_name_filter\x18\x04 \x01(\tR\x1coptionalPermissionNameFilter\"\xb9\x01\n\rExpDefinition\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12\x18\n\x07\x63omment\x18\x02 \x01(\tR\x07\x63omment\x12\x39\n\trelations\x18\x03 \x03(\x0b\x32\x1b.authzed.api.v1.ExpRelationR\trelations\x12?\n\x0bpermissions\x18\x04 \x03(\x0b\x32\x1d.authzed.api.v1.ExpPermissionR\x0bpermissions\"\x9d\x01\n\tExpCaveat\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12\x18\n\x07\x63omment\x18\x02 \x01(\tR\x07\x63omment\x12\x42\n\nparameters\x18\x03 \x03(\x0b\x32\".authzed.api.v1.ExpCaveatParameterR\nparameters\x12\x1e\n\nexpression\x18\x04 \x01(\tR\nexpression\"j\n\x12\x45xpCaveatParameter\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12\x12\n\x04type\x18\x02 \x01(\tR\x04type\x12,\n\x12parent_caveat_name\x18\x03 \x01(\tR\x10parentCaveatName\"\xb8\x01\n\x0b\x45xpRelation\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12\x18\n\x07\x63omment\x18\x02 \x01(\tR\x07\x63omment\x12\x34\n\x16parent_definition_name\x18\x03 \x01(\tR\x14parentDefinitionName\x12\x45\n\rsubject_types\x18\x04 \x03(\x0b\x32 .authzed.api.v1.ExpTypeReferenceR\x0csubjectTypes\"\xa1\x02\n\x10\x45xpTypeReference\x12\x36\n\x17subject_definition_name\x18\x01 \x01(\tR\x15subjectDefinitionName\x12\x30\n\x14optional_caveat_name\x18\x02 \x01(\tR\x12optionalCaveatName\x12\x30\n\x13is_terminal_subject\x18\x03 \x01(\x08H\x00R\x11isTerminalSubject\x12\x36\n\x16optional_relation_name\x18\x04 \x01(\tH\x00R\x14optionalRelationName\x12.\n\x12is_public_wildcard\x18\x05 \x01(\x08H\x00R\x10isPublicWildcardB\t\n\x07typeref\"s\n\rExpPermission\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12\x18\n\x07\x63omment\x18\x02 \x01(\tR\x07\x63omment\x12\x34\n\x16parent_definition_name\x18\x03 \x01(\tR\x14parentDefinitionName\"\xfe\x01\n(ExperimentalComputablePermissionsRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12\'\n\x0f\x64\x65\x66inition_name\x18\x02 \x01(\tR\x0e\x64\x65\x66initionName\x12#\n\rrelation_name\x18\x03 \x01(\tR\x0crelationName\x12\x45\n\x1foptional_definition_name_filter\x18\x04 \x01(\tR\x1coptionalDefinitionNameFilter\"\x89\x01\n\x14\x45xpRelationReference\x12\'\n\x0f\x64\x65\x66inition_name\x18\x01 \x01(\tR\x0e\x64\x65\x66initionName\x12#\n\rrelation_name\x18\x02 \x01(\tR\x0crelationName\x12#\n\ris_permission\x18\x03 \x01(\x08R\x0cisPermission\"\xa6\x01\n)ExperimentalComputablePermissionsResponse\x12\x46\n\x0bpermissions\x18\x01 \x03(\x0b\x32$.authzed.api.v1.ExpRelationReferenceR\x0bpermissions\x12\x31\n\x07read_at\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x06readAt\"\xb8\x01\n%ExperimentalDependentRelationsRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12\'\n\x0f\x64\x65\x66inition_name\x18\x02 \x01(\tR\x0e\x64\x65\x66initionName\x12\'\n\x0fpermission_name\x18\x03 \x01(\tR\x0epermissionName\"\x9f\x01\n&ExperimentalDependentRelationsResponse\x12\x42\n\trelations\x18\x01 \x03(\x0b\x32$.authzed.api.v1.ExpRelationReferenceR\trelations\x12\x31\n\x07read_at\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x06readAt\"\x8b\x01\n\x1d\x45xperimentalDiffSchemaRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12+\n\x11\x63omparison_schema\x18\x02 \x01(\tR\x10\x63omparisonSchema\"\x88\x01\n\x1e\x45xperimentalDiffSchemaResponse\x12\x33\n\x05\x64iffs\x18\x01 \x03(\x0b\x32\x1d.authzed.api.v1.ExpSchemaDiffR\x05\x64iffs\x12\x31\n\x07read_at\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x06readAt\"\xab\x01\n\x1c\x45xpRelationSubjectTypeChange\x12\x37\n\x08relation\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ExpRelationR\x08relation\x12R\n\x14\x63hanged_subject_type\x18\x02 \x01(\x0b\x32 .authzed.api.v1.ExpTypeReferenceR\x12\x63hangedSubjectType\"\x85\x01\n\x1c\x45xpCaveatParameterTypeChange\x12@\n\tparameter\x18\x01 \x01(\x0b\x32\".authzed.api.v1.ExpCaveatParameterR\tparameter\x12#\n\rprevious_type\x18\x02 \x01(\tR\x0cpreviousType\"\xa0\r\n\rExpSchemaDiff\x12J\n\x10\x64\x65\x66inition_added\x18\x01 \x01(\x0b\x32\x1d.authzed.api.v1.ExpDefinitionH\x00R\x0f\x64\x65\x66initionAdded\x12N\n\x12\x64\x65\x66inition_removed\x18\x02 \x01(\x0b\x32\x1d.authzed.api.v1.ExpDefinitionH\x00R\x11\x64\x65\x66initionRemoved\x12\x64\n\x1e\x64\x65\x66inition_doc_comment_changed\x18\x03 \x01(\x0b\x32\x1d.authzed.api.v1.ExpDefinitionH\x00R\x1b\x64\x65\x66initionDocCommentChanged\x12\x44\n\x0erelation_added\x18\x04 \x01(\x0b\x32\x1b.authzed.api.v1.ExpRelationH\x00R\rrelationAdded\x12H\n\x10relation_removed\x18\x05 \x01(\x0b\x32\x1b.authzed.api.v1.ExpRelationH\x00R\x0frelationRemoved\x12^\n\x1crelation_doc_comment_changed\x18\x06 \x01(\x0b\x32\x1b.authzed.api.v1.ExpRelationH\x00R\x19relationDocCommentChanged\x12m\n\x1brelation_subject_type_added\x18\x07 \x01(\x0b\x32,.authzed.api.v1.ExpRelationSubjectTypeChangeH\x00R\x18relationSubjectTypeAdded\x12q\n\x1drelation_subject_type_removed\x18\x08 \x01(\x0b\x32,.authzed.api.v1.ExpRelationSubjectTypeChangeH\x00R\x1arelationSubjectTypeRemoved\x12J\n\x10permission_added\x18\t \x01(\x0b\x32\x1d.authzed.api.v1.ExpPermissionH\x00R\x0fpermissionAdded\x12N\n\x12permission_removed\x18\n \x01(\x0b\x32\x1d.authzed.api.v1.ExpPermissionH\x00R\x11permissionRemoved\x12\x64\n\x1epermission_doc_comment_changed\x18\x0b \x01(\x0b\x32\x1d.authzed.api.v1.ExpPermissionH\x00R\x1bpermissionDocCommentChanged\x12W\n\x17permission_expr_changed\x18\x0c \x01(\x0b\x32\x1d.authzed.api.v1.ExpPermissionH\x00R\x15permissionExprChanged\x12>\n\x0c\x63\x61veat_added\x18\r \x01(\x0b\x32\x19.authzed.api.v1.ExpCaveatH\x00R\x0b\x63\x61veatAdded\x12\x42\n\x0e\x63\x61veat_removed\x18\x0e \x01(\x0b\x32\x19.authzed.api.v1.ExpCaveatH\x00R\rcaveatRemoved\x12X\n\x1a\x63\x61veat_doc_comment_changed\x18\x0f \x01(\x0b\x32\x19.authzed.api.v1.ExpCaveatH\x00R\x17\x63\x61veatDocCommentChanged\x12K\n\x13\x63\x61veat_expr_changed\x18\x10 \x01(\x0b\x32\x19.authzed.api.v1.ExpCaveatH\x00R\x11\x63\x61veatExprChanged\x12Z\n\x16\x63\x61veat_parameter_added\x18\x11 \x01(\x0b\x32\".authzed.api.v1.ExpCaveatParameterH\x00R\x14\x63\x61veatParameterAdded\x12^\n\x18\x63\x61veat_parameter_removed\x18\x12 \x01(\x0b\x32\".authzed.api.v1.ExpCaveatParameterH\x00R\x16\x63\x61veatParameterRemoved\x12q\n\x1d\x63\x61veat_parameter_type_changed\x18\x13 \x01(\x0b\x32,.authzed.api.v1.ExpCaveatParameterTypeChangeH\x00R\x1a\x63\x61veatParameterTypeChangedB\x06\n\x04\x64iff2\x94\n\n\x13\x45xperimentalService\x12\xb2\x01\n\x17\x42ulkImportRelationships\x12..authzed.api.v1.BulkImportRelationshipsRequest\x1a/.authzed.api.v1.BulkImportRelationshipsResponse\"4\x82\xd3\xe4\x93\x02.\")/v1/experimental/relationships/bulkimport:\x01*(\x01\x12\xb2\x01\n\x17\x42ulkExportRelationships\x12..authzed.api.v1.BulkExportRelationshipsRequest\x1a/.authzed.api.v1.BulkExportRelationshipsResponse\"4\x82\xd3\xe4\x93\x02.\")/v1/experimental/relationships/bulkexport:\x01*0\x01\x12\xae\x01\n\x13\x42ulkCheckPermission\x12*.authzed.api.v1.BulkCheckPermissionRequest\x1a+.authzed.api.v1.BulkCheckPermissionResponse\">\x88\x02\x01\x82\xd3\xe4\x93\x02\x35\"0/v1/experimental/permissions/bulkcheckpermission:\x01*\x12\xab\x01\n\x19\x45xperimentalReflectSchema\x12\x30.authzed.api.v1.ExperimentalReflectSchemaRequest\x1a\x31.authzed.api.v1.ExperimentalReflectSchemaResponse\")\x82\xd3\xe4\x93\x02#\"\x1e/v1/experimental/reflectschema:\x01*\x12\xcc\x01\n!ExperimentalComputablePermissions\x12\x38.authzed.api.v1.ExperimentalComputablePermissionsRequest\x1a\x39.authzed.api.v1.ExperimentalComputablePermissionsResponse\"2\x82\xd3\xe4\x93\x02,\"\'/v1/experimental/permissions/computable:\x01*\x12\xc2\x01\n\x1e\x45xperimentalDependentRelations\x12\x35.authzed.api.v1.ExperimentalDependentRelationsRequest\x1a\x36.authzed.api.v1.ExperimentalDependentRelationsResponse\"1\x82\xd3\xe4\x93\x02+\"&/v1/experimental/permissions/dependent:\x01*\x12\x9f\x01\n\x16\x45xperimentalDiffSchema\x12-.authzed.api.v1.ExperimentalDiffSchemaRequest\x1a..authzed.api.v1.ExperimentalDiffSchemaResponse\"&\x82\xd3\xe4\x93\x02 \"\x1b/v1/experimental/diffschema:\x01*BJ\n\x12\x63om.authzed.api.v1P\x01Z2github.com/authzed/authzed-go/proto/authzed/api/v1b\x06proto3"
|
|
15
|
+
descriptor_data = "\n)authzed/api/v1/experimental_service.proto\x12\x0e\x61uthzed.api.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17validate/validate.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x17google/rpc/status.proto\x1a\x19\x61uthzed/api/v1/core.proto\x1a\'authzed/api/v1/permission_service.proto\"\xcf\x01\n.ExperimentalRegisterRelationshipCounterRequest\x12>\n\x04name\x18\x01 \x01(\tB*\xfa\x42\'r%(@2!^([a-z][a-z0-9_]{1,62}[a-z0-9])?$R\x04name\x12]\n\x13relationship_filter\x18\x02 \x01(\x0b\x32\".authzed.api.v1.RelationshipFilterB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x12relationshipFilter\"1\n/ExperimentalRegisterRelationshipCounterResponse\"g\n%ExperimentalCountRelationshipsRequest\x12>\n\x04name\x18\x01 \x01(\tB*\xfa\x42\'r%(@2!^([a-z][a-z0-9_]{1,62}[a-z0-9])?$R\x04name\"\xca\x01\n&ExperimentalCountRelationshipsResponse\x12<\n\x19\x63ounter_still_calculating\x18\x01 \x01(\x08H\x00R\x17\x63ounterStillCalculating\x12P\n\x12read_counter_value\x18\x02 \x01(\x0b\x32 .authzed.api.v1.ReadCounterValueH\x00R\x10readCounterValueB\x10\n\x0e\x63ounter_result\"~\n\x10ReadCounterValue\x12-\n\x12relationship_count\x18\x01 \x01(\x04R\x11relationshipCount\x12;\n\x07read_at\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x06readAt\"r\n0ExperimentalUnregisterRelationshipCounterRequest\x12>\n\x04name\x18\x01 \x01(\tB*\xfa\x42\'r%(@2!^([a-z][a-z0-9_]{1,62}[a-z0-9])?$R\x04name\"3\n1ExperimentalUnregisterRelationshipCounterResponse\"\xb2\x01\n\x1a\x42ulkCheckPermissionRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12U\n\x05items\x18\x02 \x03(\x0b\x32..authzed.api.v1.BulkCheckPermissionRequestItemB\x0f\x18\x01\xfa\x42\n\x92\x01\x07\"\x05\x8a\x01\x02\x10\x01R\x05items\"\xb6\x02\n\x1e\x42ulkCheckPermissionRequestItem\x12\x45\n\x08resource\x18\x01 \x01(\x0b\x32\x1f.authzed.api.v1.ObjectReferenceB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x08resource\x12J\n\npermission\x18\x02 \x01(\tB*\xfa\x42\'r%(@2!^([a-z][a-z0-9_]{1,62}[a-z0-9])?$R\npermission\x12\x44\n\x07subject\x18\x03 \x01(\x0b\x32 .authzed.api.v1.SubjectReferenceB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x07subject\x12;\n\x07\x63ontext\x18\x04 \x01(\x0b\x32\x17.google.protobuf.StructB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\x07\x63ontext\"\xae\x01\n\x1b\x42ulkCheckPermissionResponse\x12\x41\n\nchecked_at\x18\x01 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\tcheckedAt\x12L\n\x05pairs\x18\x02 \x03(\x0b\x32\'.authzed.api.v1.BulkCheckPermissionPairB\r\xfa\x42\n\x92\x01\x07\"\x05\x8a\x01\x02\x10\x01R\x05pairs\"\xe2\x01\n\x17\x42ulkCheckPermissionPair\x12H\n\x07request\x18\x01 \x01(\x0b\x32..authzed.api.v1.BulkCheckPermissionRequestItemR\x07request\x12\x45\n\x04item\x18\x02 \x01(\x0b\x32/.authzed.api.v1.BulkCheckPermissionResponseItemH\x00R\x04item\x12*\n\x05\x65rror\x18\x03 \x01(\x0b\x32\x12.google.rpc.StatusH\x00R\x05\x65rrorB\n\n\x08response\"\xea\x01\n\x1f\x42ulkCheckPermissionResponseItem\x12j\n\x0epermissionship\x18\x01 \x01(\x0e\x32\x36.authzed.api.v1.CheckPermissionResponse.PermissionshipB\n\xfa\x42\x07\x82\x01\x04\x10\x01 \x00R\x0epermissionship\x12[\n\x13partial_caveat_info\x18\x02 \x01(\x0b\x32!.authzed.api.v1.PartialCaveatInfoB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\x11partialCaveatInfo\"s\n\x1e\x42ulkImportRelationshipsRequest\x12Q\n\rrelationships\x18\x01 \x03(\x0b\x32\x1c.authzed.api.v1.RelationshipB\r\xfa\x42\n\x92\x01\x07\"\x05\x8a\x01\x02\x10\x01R\rrelationships\"@\n\x1f\x42ulkImportRelationshipsResponse\x12\x1d\n\nnum_loaded\x18\x01 \x01(\x04R\tnumLoaded\"\xb6\x02\n\x1e\x42ulkExportRelationshipsRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12.\n\x0eoptional_limit\x18\x02 \x01(\rB\x07\xfa\x42\x04*\x02(\x00R\roptionalLimit\x12?\n\x0foptional_cursor\x18\x03 \x01(\x0b\x32\x16.authzed.api.v1.CursorR\x0eoptionalCursor\x12\x64\n\x1coptional_relationship_filter\x18\x04 \x01(\x0b\x32\".authzed.api.v1.RelationshipFilterR\x1aoptionalRelationshipFilter\"\xad\x01\n\x1f\x42ulkExportRelationshipsResponse\x12\x46\n\x13\x61\x66ter_result_cursor\x18\x01 \x01(\x0b\x32\x16.authzed.api.v1.CursorR\x11\x61\x66terResultCursor\x12\x42\n\rrelationships\x18\x02 \x03(\x0b\x32\x1c.authzed.api.v1.RelationshipR\rrelationships\"\xad\x01\n ExperimentalReflectSchemaRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12J\n\x10optional_filters\x18\x02 \x03(\x0b\x32\x1f.authzed.api.v1.ExpSchemaFilterR\x0foptionalFilters\"\xcc\x01\n!ExperimentalReflectSchemaResponse\x12?\n\x0b\x64\x65\x66initions\x18\x01 \x03(\x0b\x32\x1d.authzed.api.v1.ExpDefinitionR\x0b\x64\x65\x66initions\x12\x33\n\x07\x63\x61veats\x18\x02 \x03(\x0b\x32\x19.authzed.api.v1.ExpCaveatR\x07\x63\x61veats\x12\x31\n\x07read_at\x18\x03 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x06readAt\"\xa1\x02\n\x0f\x45xpSchemaFilter\x12\x45\n\x1foptional_definition_name_filter\x18\x01 \x01(\tR\x1coptionalDefinitionNameFilter\x12=\n\x1boptional_caveat_name_filter\x18\x02 \x01(\tR\x18optionalCaveatNameFilter\x12\x41\n\x1doptional_relation_name_filter\x18\x03 \x01(\tR\x1aoptionalRelationNameFilter\x12\x45\n\x1foptional_permission_name_filter\x18\x04 \x01(\tR\x1coptionalPermissionNameFilter\"\xb9\x01\n\rExpDefinition\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12\x18\n\x07\x63omment\x18\x02 \x01(\tR\x07\x63omment\x12\x39\n\trelations\x18\x03 \x03(\x0b\x32\x1b.authzed.api.v1.ExpRelationR\trelations\x12?\n\x0bpermissions\x18\x04 \x03(\x0b\x32\x1d.authzed.api.v1.ExpPermissionR\x0bpermissions\"\x9d\x01\n\tExpCaveat\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12\x18\n\x07\x63omment\x18\x02 \x01(\tR\x07\x63omment\x12\x42\n\nparameters\x18\x03 \x03(\x0b\x32\".authzed.api.v1.ExpCaveatParameterR\nparameters\x12\x1e\n\nexpression\x18\x04 \x01(\tR\nexpression\"j\n\x12\x45xpCaveatParameter\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12\x12\n\x04type\x18\x02 \x01(\tR\x04type\x12,\n\x12parent_caveat_name\x18\x03 \x01(\tR\x10parentCaveatName\"\xb8\x01\n\x0b\x45xpRelation\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12\x18\n\x07\x63omment\x18\x02 \x01(\tR\x07\x63omment\x12\x34\n\x16parent_definition_name\x18\x03 \x01(\tR\x14parentDefinitionName\x12\x45\n\rsubject_types\x18\x04 \x03(\x0b\x32 .authzed.api.v1.ExpTypeReferenceR\x0csubjectTypes\"\xa1\x02\n\x10\x45xpTypeReference\x12\x36\n\x17subject_definition_name\x18\x01 \x01(\tR\x15subjectDefinitionName\x12\x30\n\x14optional_caveat_name\x18\x02 \x01(\tR\x12optionalCaveatName\x12\x30\n\x13is_terminal_subject\x18\x03 \x01(\x08H\x00R\x11isTerminalSubject\x12\x36\n\x16optional_relation_name\x18\x04 \x01(\tH\x00R\x14optionalRelationName\x12.\n\x12is_public_wildcard\x18\x05 \x01(\x08H\x00R\x10isPublicWildcardB\t\n\x07typeref\"s\n\rExpPermission\x12\x12\n\x04name\x18\x01 \x01(\tR\x04name\x12\x18\n\x07\x63omment\x18\x02 \x01(\tR\x07\x63omment\x12\x34\n\x16parent_definition_name\x18\x03 \x01(\tR\x14parentDefinitionName\"\xfe\x01\n(ExperimentalComputablePermissionsRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12\'\n\x0f\x64\x65\x66inition_name\x18\x02 \x01(\tR\x0e\x64\x65\x66initionName\x12#\n\rrelation_name\x18\x03 \x01(\tR\x0crelationName\x12\x45\n\x1foptional_definition_name_filter\x18\x04 \x01(\tR\x1coptionalDefinitionNameFilter\"\x89\x01\n\x14\x45xpRelationReference\x12\'\n\x0f\x64\x65\x66inition_name\x18\x01 \x01(\tR\x0e\x64\x65\x66initionName\x12#\n\rrelation_name\x18\x02 \x01(\tR\x0crelationName\x12#\n\ris_permission\x18\x03 \x01(\x08R\x0cisPermission\"\xa6\x01\n)ExperimentalComputablePermissionsResponse\x12\x46\n\x0bpermissions\x18\x01 \x03(\x0b\x32$.authzed.api.v1.ExpRelationReferenceR\x0bpermissions\x12\x31\n\x07read_at\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x06readAt\"\xb8\x01\n%ExperimentalDependentRelationsRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12\'\n\x0f\x64\x65\x66inition_name\x18\x02 \x01(\tR\x0e\x64\x65\x66initionName\x12\'\n\x0fpermission_name\x18\x03 \x01(\tR\x0epermissionName\"\x9f\x01\n&ExperimentalDependentRelationsResponse\x12\x42\n\trelations\x18\x01 \x03(\x0b\x32$.authzed.api.v1.ExpRelationReferenceR\trelations\x12\x31\n\x07read_at\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x06readAt\"\x8b\x01\n\x1d\x45xperimentalDiffSchemaRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12+\n\x11\x63omparison_schema\x18\x02 \x01(\tR\x10\x63omparisonSchema\"\x88\x01\n\x1e\x45xperimentalDiffSchemaResponse\x12\x33\n\x05\x64iffs\x18\x01 \x03(\x0b\x32\x1d.authzed.api.v1.ExpSchemaDiffR\x05\x64iffs\x12\x31\n\x07read_at\x18\x02 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenR\x06readAt\"\xab\x01\n\x1c\x45xpRelationSubjectTypeChange\x12\x37\n\x08relation\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ExpRelationR\x08relation\x12R\n\x14\x63hanged_subject_type\x18\x02 \x01(\x0b\x32 .authzed.api.v1.ExpTypeReferenceR\x12\x63hangedSubjectType\"\x85\x01\n\x1c\x45xpCaveatParameterTypeChange\x12@\n\tparameter\x18\x01 \x01(\x0b\x32\".authzed.api.v1.ExpCaveatParameterR\tparameter\x12#\n\rprevious_type\x18\x02 \x01(\tR\x0cpreviousType\"\xa0\r\n\rExpSchemaDiff\x12J\n\x10\x64\x65\x66inition_added\x18\x01 \x01(\x0b\x32\x1d.authzed.api.v1.ExpDefinitionH\x00R\x0f\x64\x65\x66initionAdded\x12N\n\x12\x64\x65\x66inition_removed\x18\x02 \x01(\x0b\x32\x1d.authzed.api.v1.ExpDefinitionH\x00R\x11\x64\x65\x66initionRemoved\x12\x64\n\x1e\x64\x65\x66inition_doc_comment_changed\x18\x03 \x01(\x0b\x32\x1d.authzed.api.v1.ExpDefinitionH\x00R\x1b\x64\x65\x66initionDocCommentChanged\x12\x44\n\x0erelation_added\x18\x04 \x01(\x0b\x32\x1b.authzed.api.v1.ExpRelationH\x00R\rrelationAdded\x12H\n\x10relation_removed\x18\x05 \x01(\x0b\x32\x1b.authzed.api.v1.ExpRelationH\x00R\x0frelationRemoved\x12^\n\x1crelation_doc_comment_changed\x18\x06 \x01(\x0b\x32\x1b.authzed.api.v1.ExpRelationH\x00R\x19relationDocCommentChanged\x12m\n\x1brelation_subject_type_added\x18\x07 \x01(\x0b\x32,.authzed.api.v1.ExpRelationSubjectTypeChangeH\x00R\x18relationSubjectTypeAdded\x12q\n\x1drelation_subject_type_removed\x18\x08 \x01(\x0b\x32,.authzed.api.v1.ExpRelationSubjectTypeChangeH\x00R\x1arelationSubjectTypeRemoved\x12J\n\x10permission_added\x18\t \x01(\x0b\x32\x1d.authzed.api.v1.ExpPermissionH\x00R\x0fpermissionAdded\x12N\n\x12permission_removed\x18\n \x01(\x0b\x32\x1d.authzed.api.v1.ExpPermissionH\x00R\x11permissionRemoved\x12\x64\n\x1epermission_doc_comment_changed\x18\x0b \x01(\x0b\x32\x1d.authzed.api.v1.ExpPermissionH\x00R\x1bpermissionDocCommentChanged\x12W\n\x17permission_expr_changed\x18\x0c \x01(\x0b\x32\x1d.authzed.api.v1.ExpPermissionH\x00R\x15permissionExprChanged\x12>\n\x0c\x63\x61veat_added\x18\r \x01(\x0b\x32\x19.authzed.api.v1.ExpCaveatH\x00R\x0b\x63\x61veatAdded\x12\x42\n\x0e\x63\x61veat_removed\x18\x0e \x01(\x0b\x32\x19.authzed.api.v1.ExpCaveatH\x00R\rcaveatRemoved\x12X\n\x1a\x63\x61veat_doc_comment_changed\x18\x0f \x01(\x0b\x32\x19.authzed.api.v1.ExpCaveatH\x00R\x17\x63\x61veatDocCommentChanged\x12K\n\x13\x63\x61veat_expr_changed\x18\x10 \x01(\x0b\x32\x19.authzed.api.v1.ExpCaveatH\x00R\x11\x63\x61veatExprChanged\x12Z\n\x16\x63\x61veat_parameter_added\x18\x11 \x01(\x0b\x32\".authzed.api.v1.ExpCaveatParameterH\x00R\x14\x63\x61veatParameterAdded\x12^\n\x18\x63\x61veat_parameter_removed\x18\x12 \x01(\x0b\x32\".authzed.api.v1.ExpCaveatParameterH\x00R\x16\x63\x61veatParameterRemoved\x12q\n\x1d\x63\x61veat_parameter_type_changed\x18\x13 \x01(\x0b\x32,.authzed.api.v1.ExpCaveatParameterTypeChangeH\x00R\x1a\x63\x61veatParameterTypeChangedB\x06\n\x04\x64iff2\xaa\x0f\n\x13\x45xperimentalService\x12\xb2\x01\n\x17\x42ulkImportRelationships\x12..authzed.api.v1.BulkImportRelationshipsRequest\x1a/.authzed.api.v1.BulkImportRelationshipsResponse\"4\x82\xd3\xe4\x93\x02.\")/v1/experimental/relationships/bulkimport:\x01*(\x01\x12\xb2\x01\n\x17\x42ulkExportRelationships\x12..authzed.api.v1.BulkExportRelationshipsRequest\x1a/.authzed.api.v1.BulkExportRelationshipsResponse\"4\x82\xd3\xe4\x93\x02.\")/v1/experimental/relationships/bulkexport:\x01*0\x01\x12\xae\x01\n\x13\x42ulkCheckPermission\x12*.authzed.api.v1.BulkCheckPermissionRequest\x1a+.authzed.api.v1.BulkCheckPermissionResponse\">\x88\x02\x01\x82\xd3\xe4\x93\x02\x35\"0/v1/experimental/permissions/bulkcheckpermission:\x01*\x12\xab\x01\n\x19\x45xperimentalReflectSchema\x12\x30.authzed.api.v1.ExperimentalReflectSchemaRequest\x1a\x31.authzed.api.v1.ExperimentalReflectSchemaResponse\")\x82\xd3\xe4\x93\x02#\"\x1e/v1/experimental/reflectschema:\x01*\x12\xcc\x01\n!ExperimentalComputablePermissions\x12\x38.authzed.api.v1.ExperimentalComputablePermissionsRequest\x1a\x39.authzed.api.v1.ExperimentalComputablePermissionsResponse\"2\x82\xd3\xe4\x93\x02,\"\'/v1/experimental/permissions/computable:\x01*\x12\xc2\x01\n\x1e\x45xperimentalDependentRelations\x12\x35.authzed.api.v1.ExperimentalDependentRelationsRequest\x1a\x36.authzed.api.v1.ExperimentalDependentRelationsResponse\"1\x82\xd3\xe4\x93\x02+\"&/v1/experimental/permissions/dependent:\x01*\x12\x9f\x01\n\x16\x45xperimentalDiffSchema\x12-.authzed.api.v1.ExperimentalDiffSchemaRequest\x1a..authzed.api.v1.ExperimentalDiffSchemaResponse\"&\x82\xd3\xe4\x93\x02 \"\x1b/v1/experimental/diffschema:\x01*\x12\xe3\x01\n\'ExperimentalRegisterRelationshipCounter\x12>.authzed.api.v1.ExperimentalRegisterRelationshipCounterRequest\x1a?.authzed.api.v1.ExperimentalRegisterRelationshipCounterResponse\"7\x82\xd3\xe4\x93\x02\x31\",/v1/experimental/registerrelationshipcounter:\x01*\x12\xbf\x01\n\x1e\x45xperimentalCountRelationships\x12\x35.authzed.api.v1.ExperimentalCountRelationshipsRequest\x1a\x36.authzed.api.v1.ExperimentalCountRelationshipsResponse\".\x82\xd3\xe4\x93\x02(\"#/v1/experimental/countrelationships:\x01*\x12\xeb\x01\n)ExperimentalUnregisterRelationshipCounter\x12@.authzed.api.v1.ExperimentalUnregisterRelationshipCounterRequest\x1a\x41.authzed.api.v1.ExperimentalUnregisterRelationshipCounterResponse\"9\x82\xd3\xe4\x93\x02\x33\"./v1/experimental/unregisterrelationshipcounter:\x01*BJ\n\x12\x63om.authzed.api.v1P\x01Z2github.com/authzed/authzed-go/proto/authzed/api/v1b\x06proto3"
|
|
16
16
|
|
|
17
17
|
pool = Google::Protobuf::DescriptorPool.generated_pool
|
|
18
18
|
pool.add_serialized_file(descriptor_data)
|
|
@@ -20,6 +20,13 @@ pool.add_serialized_file(descriptor_data)
|
|
|
20
20
|
module Authzed
|
|
21
21
|
module Api
|
|
22
22
|
module V1
|
|
23
|
+
ExperimentalRegisterRelationshipCounterRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExperimentalRegisterRelationshipCounterRequest").msgclass
|
|
24
|
+
ExperimentalRegisterRelationshipCounterResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExperimentalRegisterRelationshipCounterResponse").msgclass
|
|
25
|
+
ExperimentalCountRelationshipsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExperimentalCountRelationshipsRequest").msgclass
|
|
26
|
+
ExperimentalCountRelationshipsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExperimentalCountRelationshipsResponse").msgclass
|
|
27
|
+
ReadCounterValue = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadCounterValue").msgclass
|
|
28
|
+
ExperimentalUnregisterRelationshipCounterRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExperimentalUnregisterRelationshipCounterRequest").msgclass
|
|
29
|
+
ExperimentalUnregisterRelationshipCounterResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExperimentalUnregisterRelationshipCounterResponse").msgclass
|
|
23
30
|
BulkCheckPermissionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.BulkCheckPermissionRequest").msgclass
|
|
24
31
|
BulkCheckPermissionRequestItem = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.BulkCheckPermissionRequestItem").msgclass
|
|
25
32
|
BulkCheckPermissionResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.BulkCheckPermissionResponse").msgclass
|
|
@@ -51,6 +51,13 @@ module Authzed
|
|
|
51
51
|
# specified schema and the schema stored in SpiceDB. This is useful for clients that need to
|
|
52
52
|
# introspect the schema of a SpiceDB instance.
|
|
53
53
|
rpc :ExperimentalDiffSchema, ::Authzed::Api::V1::ExperimentalDiffSchemaRequest, ::Authzed::Api::V1::ExperimentalDiffSchemaResponse
|
|
54
|
+
# EXPERIMENTAL: RegisterRelationshipCounter registers a new filter for counting relationships. A filter must be registered before
|
|
55
|
+
# a count can be requested.
|
|
56
|
+
rpc :ExperimentalRegisterRelationshipCounter, ::Authzed::Api::V1::ExperimentalRegisterRelationshipCounterRequest, ::Authzed::Api::V1::ExperimentalRegisterRelationshipCounterResponse
|
|
57
|
+
# EXPERIMENTAL: CountRelationships returns the count of relationships for *pre-registered* filter.
|
|
58
|
+
rpc :ExperimentalCountRelationships, ::Authzed::Api::V1::ExperimentalCountRelationshipsRequest, ::Authzed::Api::V1::ExperimentalCountRelationshipsResponse
|
|
59
|
+
# EXPERIMENTAL: UnregisterRelationshipCounter unregisters an existing filter for counting relationships.
|
|
60
|
+
rpc :ExperimentalUnregisterRelationshipCounter, ::Authzed::Api::V1::ExperimentalUnregisterRelationshipCounterRequest, ::Authzed::Api::V1::ExperimentalUnregisterRelationshipCounterResponse
|
|
54
61
|
end
|
|
55
62
|
|
|
56
63
|
Stub = Service.rpc_stub_class
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authzed
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.10.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Authzed
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-07-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: grpc
|
|
@@ -62,6 +62,10 @@ files:
|
|
|
62
62
|
- LICENSE
|
|
63
63
|
- README.md
|
|
64
64
|
- lib/authzed.rb
|
|
65
|
+
- lib/authzed/api/materialize/v0/watchpermissions_pb.rb
|
|
66
|
+
- lib/authzed/api/materialize/v0/watchpermissions_services_pb.rb
|
|
67
|
+
- lib/authzed/api/materialize/v0/watchpermissionsets_pb.rb
|
|
68
|
+
- lib/authzed/api/materialize/v0/watchpermissionsets_services_pb.rb
|
|
65
69
|
- lib/authzed/api/v1/client.rb
|
|
66
70
|
- lib/authzed/api/v1/core_pb.rb
|
|
67
71
|
- lib/authzed/api/v1/debug_pb.rb
|
|
@@ -105,7 +109,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
105
109
|
- !ruby/object:Gem::Version
|
|
106
110
|
version: '0'
|
|
107
111
|
requirements: []
|
|
108
|
-
rubygems_version: 3.5.
|
|
112
|
+
rubygems_version: 3.5.11
|
|
109
113
|
signing_key:
|
|
110
114
|
specification_version: 4
|
|
111
115
|
summary: Ruby bindings for Authzed API
|