authzed 0.2.1 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 745773cee685ac83d572bb8a772f0f25825147e9e55092aa66ee36a29a578341
-  data.tar.gz: a6a59d5a14bca9c4340717a261fa2bd59edf6f503bb4d1abba07cae496a0e0c2
+  metadata.gz: c84eb0a5b270d92b397e72bb0d30858b0150dfcf6926f1eb5f9a9d504413029b
+  data.tar.gz: 5fcc1eafdebcc07a2dc29de9eb460a2b2ccbf5a25145bba612a5d89110ae6ca5
 SHA512:
-  metadata.gz: e93362eddda43c3d16194640a7090dbbc324e44bc79f8632ab450a950b412eb0921ad17981e502864d1fec106622d7ad9d9f39c2e6ef78395ec0d6e42f81a1a5
-  data.tar.gz: 69e91b80c6c2d9c8e7934923629f063a63b41ebaed4416d89186fd3128c07d5b4d7f7249d540722cfdf1bd66d30e7a4d04cff6bddb3b615ad7f9bec8990ec325
+  metadata.gz: 9cd40cbb79721e5f38bfc78439d81f9ebc19a292cac56e378adcee2ede4be5af7df5ab1b3777960c86f59cdecba2a519ac306cdc684e113c7f6695a31d9b68a3
+  data.tar.gz: 8341299464b007b8e6184fd95d55eb63cbe77625736f795677a99fbe6f1bc604409a002bae29a9805499b65c121d5df8ea3790dcec4bc6e7db642cc094de501c

data/README.md

@@ -16,7 +16,7 @@ Developers create a schema that models their permissions requirements and use a
 Supported client API versions:
 - [v1](https://docs.authzed.com/reference/api#authzedapiv1)
 - [v1alpha1](https://docs.authzed.com/reference/api#authzedapiv1alpha1)
-- [v0](https://docs.authzed.com/reference/api#authzedapiv0)
+- "v0" - deprecated
 
 You can find more info on each API on the [Authzed API reference documentation].
 Additionally, Protobuf API documentation can be found on the [Buf Registry Authzed API repository].

data/lib/authzed/api/v0/acl_service_pb.rb

@@ -3,7 +3,9 @@
 
 require 'google/protobuf'
 
+require 'validate/validate_pb'
 require 'authzed/api/v0/core_pb'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v0/acl_service.proto", :syntax => :proto3) do
     add_message "authzed.api.v0.RelationTupleFilter" do

data/lib/authzed/api/v0/core_pb.rb

@@ -3,6 +3,8 @@
 
 require 'google/protobuf'
 
+require 'validate/validate_pb'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v0/core.proto", :syntax => :proto3) do
     add_message "authzed.api.v0.RelationTuple" do

data/lib/authzed/api/v0/developer_pb.rb

@@ -5,6 +5,7 @@ require 'google/protobuf'
 
 require 'authzed/api/v0/core_pb'
 require 'authzed/api/v0/namespace_pb'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v0/developer.proto", :syntax => :proto3) do
     add_message "authzed.api.v0.FormatSchemaRequest" do

data/lib/authzed/api/v0/namespace_pb.rb

@@ -4,7 +4,9 @@
 require 'google/protobuf'
 
 require 'google/protobuf/any_pb'
+require 'validate/validate_pb'
 require 'authzed/api/v0/core_pb'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v0/namespace.proto", :syntax => :proto3) do
     add_message "authzed.api.v0.Metadata" do
@@ -22,7 +24,16 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :metadata, :message, 4, "authzed.api.v0.Metadata", json_name: "metadata"
     end
     add_message "authzed.api.v0.TypeInformation" do
-      repeated :allowed_direct_relations, :message, 1, "authzed.api.v0.RelationReference", json_name: "allowedDirectRelations"
+      repeated :allowed_direct_relations, :message, 1, "authzed.api.v0.AllowedRelation", json_name: "allowedDirectRelations"
+    end
+    add_message "authzed.api.v0.AllowedRelation" do
+      optional :namespace, :string, 1, json_name: "namespace"
+      oneof :relation_or_wildcard do
+        optional :relation, :string, 3, json_name: "relation"
+        optional :public_wildcard, :message, 4, "authzed.api.v0.AllowedRelation.PublicWildcard", json_name: "publicWildcard"
+      end
+    end
+    add_message "authzed.api.v0.AllowedRelation.PublicWildcard" do
     end
     add_message "authzed.api.v0.UsersetRewrite" do
       oneof :rewrite_operation do
@@ -69,6 +80,8 @@ module Authzed
       NamespaceDefinition = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.NamespaceDefinition").msgclass
       Relation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.Relation").msgclass
       TypeInformation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.TypeInformation").msgclass
+      AllowedRelation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.AllowedRelation").msgclass
+      AllowedRelation::PublicWildcard = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.AllowedRelation.PublicWildcard").msgclass
       UsersetRewrite = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.UsersetRewrite").msgclass
       SetOperation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperation").msgclass
       SetOperation::Child = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperation.Child").msgclass

data/lib/authzed/api/v0/namespace_service_pb.rb

@@ -3,8 +3,10 @@
 
 require 'google/protobuf'
 
+require 'validate/validate_pb'
 require 'authzed/api/v0/core_pb'
 require 'authzed/api/v0/namespace_pb'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v0/namespace_service.proto", :syntax => :proto3) do
     add_message "authzed.api.v0.ReadConfigRequest" do

data/lib/authzed/api/v0/watch_service_pb.rb

@@ -3,7 +3,9 @@
 
 require 'google/protobuf'
 
+require 'validate/validate_pb'
 require 'authzed/api/v0/core_pb'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v0/watch_service.proto", :syntax => :proto3) do
     add_message "authzed.api.v0.WatchRequest" do

data/lib/authzed/api/v1/core_pb.rb

@@ -3,6 +3,8 @@
 
 require 'google/protobuf'
 
+require 'validate/validate_pb'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v1/core.proto", :syntax => :proto3) do
     add_message "authzed.api.v1.Relationship" do

data/lib/authzed/api/v1/openapi_pb.rb

@@ -0,0 +1,18 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: authzed/api/v1/openapi.proto
+
+require 'google/protobuf'
+
+require 'protoc-gen-openapiv2/options/annotations_pb'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("authzed/api/v1/openapi.proto", :syntax => :proto3) do
+  end
+end
+
+module Authzed
+  module Api
+    module V1
+    end
+  end
+end

data/lib/authzed/api/v1/permission_service_pb.rb

@@ -3,7 +3,10 @@
 
 require 'google/protobuf'
 
+require 'google/api/annotations_pb'
+require 'validate/validate_pb'
 require 'authzed/api/v1/core_pb'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v1/permission_service.proto", :syntax => :proto3) do
     add_message "authzed.api.v1.Consistency" do

data/lib/authzed/api/v1/permission_service_services_pb.rb

@@ -8,8 +8,8 @@ module Authzed
   module Api
     module V1
       module PermissionsService
-        # PermissionsService is used to perform permissions and relationship
-        # operations.
+        # PermissionsService implements a set of RPCs that perform operations on
+        # relationships and permissions.
         class Service
 
           include ::GRPC::GenericService
@@ -21,22 +21,23 @@ module Authzed
           # ReadRelationships reads a set of the relationships matching one or more
           # filters.
           rpc :ReadRelationships, ::Authzed::Api::V1::ReadRelationshipsRequest, stream(::Authzed::Api::V1::ReadRelationshipsResponse)
-          # WriteRelationships writes and/or deletes a set of specified relationships,
-          # with an optional set of precondition relationships that must exist before
-          # the operation can commit.
+          # WriteRelationships atomically writes and/or deletes a set of specified
+          # relationships. An optional set of preconditions can be provided that must
+          # be satisfied for the operation to commit.
           rpc :WriteRelationships, ::Authzed::Api::V1::WriteRelationshipsRequest, ::Authzed::Api::V1::WriteRelationshipsResponse
-          # DeleteRelationships deletes relationships matching one or more filters, in
-          # bulk.
+          # DeleteRelationships atomically bulk deletes relationships matching one or
+          # more filters. An optional set of preconditions can be provided that must
+          # be satisfied for the operation to commit.
           rpc :DeleteRelationships, ::Authzed::Api::V1::DeleteRelationshipsRequest, ::Authzed::Api::V1::DeleteRelationshipsResponse
-          # CheckPermission checks whether a subject has a particular permission or is
-          # a member of a particular relation, on a given resource.
+          # CheckPermission determines for a given resource whether a subject computes
+          # to having a permission or is a direct member of a particular relation.
           rpc :CheckPermission, ::Authzed::Api::V1::CheckPermissionRequest, ::Authzed::Api::V1::CheckPermissionResponse
-          # ExpandPermissionTree expands the relationships reachable from a particular
-          # permission or relation of a given resource.
+          # ExpandPermissionTree reveals the graph structure for a resource's
+          # permission or relation. This RPC does not recurse infinitely deep and may
+          # require multiple calls to fully unnest a deeply nested graph.
           rpc :ExpandPermissionTree, ::Authzed::Api::V1::ExpandPermissionTreeRequest, ::Authzed::Api::V1::ExpandPermissionTreeResponse
-          # LookupResources returns the IDs of all resources on which the specified
-          # subject has permission or on which the specified subject is a member of the
-          # relation.
+          # LookupResources returns all the resources of a given type that a subject
+          # can access whether via a computed permission or relation membership.
           rpc :LookupResources, ::Authzed::Api::V1::LookupResourcesRequest, stream(::Authzed::Api::V1::LookupResourcesResponse)
         end
 

data/lib/authzed/api/v1/schema_service_pb.rb

@@ -0,0 +1,33 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: authzed/api/v1/schema_service.proto
+
+require 'google/protobuf'
+
+require 'google/api/annotations_pb'
+require 'validate/validate_pb'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("authzed/api/v1/schema_service.proto", :syntax => :proto3) do
+    add_message "authzed.api.v1.ReadSchemaRequest" do
+    end
+    add_message "authzed.api.v1.ReadSchemaResponse" do
+      optional :schema_text, :string, 1, json_name: "schemaText"
+    end
+    add_message "authzed.api.v1.WriteSchemaRequest" do
+      optional :schema, :string, 1, json_name: "schema"
+    end
+    add_message "authzed.api.v1.WriteSchemaResponse" do
+    end
+  end
+end
+
+module Authzed
+  module Api
+    module V1
+      ReadSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaRequest").msgclass
+      ReadSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaResponse").msgclass
+      WriteSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaRequest").msgclass
+      WriteSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaResponse").msgclass
+    end
+  end
+end

data/lib/authzed/api/v1/schema_service_services_pb.rb

@@ -0,0 +1,34 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: authzed/api/v1/schema_service.proto for package 'authzed.api.v1'
+
+require 'grpc'
+require 'authzed/api/v1/schema_service_pb'
+
+module Authzed
+  module Api
+    module V1
+      module SchemaService
+        # SchemaService implements operations on a Permissions System's Schema.
+        class Service
+
+          include ::GRPC::GenericService
+
+          self.marshal_class_method = :encode
+          self.unmarshal_class_method = :decode
+          self.service_name = 'authzed.api.v1.SchemaService'
+
+          # Read returns the current Object Definitions for a Permissions System.
+          #
+          # Errors include:
+          # - INVALID_ARGUMENT: a provided value has failed to semantically validate
+          # - NOT_FOUND: no schema has been defined
+          rpc :ReadSchema, ::Authzed::Api::V1::ReadSchemaRequest, ::Authzed::Api::V1::ReadSchemaResponse
+          # Write overwrites the current Object Definitions for a Permissions System.
+          rpc :WriteSchema, ::Authzed::Api::V1::WriteSchemaRequest, ::Authzed::Api::V1::WriteSchemaResponse
+        end
+
+        Stub = Service.rpc_stub_class
+      end
+    end
+  end
+end

data/lib/authzed/api/v1/watch_service_pb.rb

@@ -3,11 +3,14 @@
 
 require 'google/protobuf'
 
+require 'google/api/annotations_pb'
+require 'validate/validate_pb'
 require 'authzed/api/v1/core_pb'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v1/watch_service.proto", :syntax => :proto3) do
     add_message "authzed.api.v1.WatchRequest" do
-      repeated :object_types, :string, 1, json_name: "objectTypes"
+      repeated :optional_object_types, :string, 1, json_name: "optionalObjectTypes"
       optional :optional_start_cursor, :message, 2, "authzed.api.v1.ZedToken", json_name: "optionalStartCursor"
     end
     add_message "authzed.api.v1.WatchResponse" do

data/lib/authzed/api/v1alpha1/schema_pb.rb

@@ -3,6 +3,8 @@
 
 require 'google/protobuf'
 
+require 'validate/validate_pb'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v1alpha1/schema.proto", :syntax => :proto3) do
     add_message "authzed.api.v1alpha1.ReadSchemaRequest" do
@@ -10,12 +12,15 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     end
     add_message "authzed.api.v1alpha1.ReadSchemaResponse" do
       repeated :object_definitions, :string, 1, json_name: "objectDefinitions"
+      optional :computed_definitions_revision, :string, 2, json_name: "computedDefinitionsRevision"
     end
     add_message "authzed.api.v1alpha1.WriteSchemaRequest" do
       optional :schema, :string, 1, json_name: "schema"
+      optional :optional_definitions_revision_precondition, :string, 2, json_name: "optionalDefinitionsRevisionPrecondition"
     end
     add_message "authzed.api.v1alpha1.WriteSchemaResponse" do
       repeated :object_definitions_names, :string, 1, json_name: "objectDefinitionsNames"
+      optional :computed_definitions_revision, :string, 2, json_name: "computedDefinitionsRevision"
     end
   end
 end

data/lib/authzed/api/v1alpha1/watchresources_service_pb.rb

@@ -0,0 +1,46 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: authzed/api/v1alpha1/watchresources_service.proto
+
+require 'google/protobuf'
+
+require 'google/api/annotations_pb'
+require 'validate/validate_pb'
+require 'authzed/api/v1/core_pb'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("authzed/api/v1alpha1/watchresources_service.proto", :syntax => :proto3) do
+    add_message "authzed.api.v1alpha1.WatchResourcesRequest" do
+      optional :resource_object_type, :string, 1, json_name: "resourceObjectType"
+      optional :permission, :string, 2, json_name: "permission"
+      optional :subject_object_type, :string, 3, json_name: "subjectObjectType"
+      optional :optional_subject_relation, :string, 4, json_name: "optionalSubjectRelation"
+      optional :optional_start_cursor, :message, 5, "authzed.api.v1.ZedToken", json_name: "optionalStartCursor"
+    end
+    add_message "authzed.api.v1alpha1.PermissionUpdate" do
+      optional :subject, :message, 1, "authzed.api.v1.SubjectReference", json_name: "subject"
+      optional :resource, :message, 2, "authzed.api.v1.ObjectReference", json_name: "resource"
+      optional :relation, :string, 3, json_name: "relation"
+      optional :updated_permission, :enum, 4, "authzed.api.v1alpha1.PermissionUpdate.Permissionship", json_name: "updatedPermission"
+    end
+    add_enum "authzed.api.v1alpha1.PermissionUpdate.Permissionship" do
+      value :PERMISSIONSHIP_UNSPECIFIED, 0
+      value :PERMISSIONSHIP_NO_PERMISSION, 1
+      value :PERMISSIONSHIP_HAS_PERMISSION, 2
+    end
+    add_message "authzed.api.v1alpha1.WatchResourcesResponse" do
+      repeated :updates, :message, 1, "authzed.api.v1alpha1.PermissionUpdate", json_name: "updates"
+      optional :changes_through, :message, 2, "authzed.api.v1.ZedToken", json_name: "changesThrough"
+    end
+  end
+end
+
+module Authzed
+  module Api
+    module V1alpha1
+      WatchResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.WatchResourcesRequest").msgclass
+      PermissionUpdate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.PermissionUpdate").msgclass
+      PermissionUpdate::Permissionship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.PermissionUpdate.Permissionship").enummodule
+      WatchResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.WatchResourcesResponse").msgclass
+    end
+  end
+end

data/lib/authzed/api/v1alpha1/watchresources_service_services_pb.rb

@@ -0,0 +1,30 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: authzed/api/v1alpha1/watchresources_service.proto for package 'authzed.api.v1alpha1'
+
+require 'grpc'
+require 'authzed/api/v1alpha1/watchresources_service_pb'
+
+module Authzed
+  module Api
+    module V1alpha1
+      module WatchResourcesService
+        # WatchResourcesService is used to receive a stream of updates for resources of a
+        # specific (resource type, permission, subject) combination.
+        class Service
+
+          include ::GRPC::GenericService
+
+          self.marshal_class_method = :encode
+          self.unmarshal_class_method = :decode
+          self.service_name = 'authzed.api.v1alpha1.WatchResourcesService'
+
+          # WatchResources initiates a watch for permission changes for the provided
+          # (resource type, permission, subject) pair.
+          rpc :WatchResources, ::Authzed::Api::V1alpha1::WatchResourcesRequest, stream(::Authzed::Api::V1alpha1::WatchResourcesResponse)
+        end
+
+        Stub = Service.rpc_stub_class
+      end
+    end
+  end
+end

data/lib/authzed.rb

@@ -1,14 +1,3 @@
-require 'authzed/api/v0/acl_service_pb'
-require 'authzed/api/v0/acl_service_services_pb'
-require 'authzed/api/v0/core_pb'
-require 'authzed/api/v0/developer_pb'
-require 'authzed/api/v0/developer_services_pb'
-require 'authzed/api/v0/namespace_pb'
-require 'authzed/api/v0/namespace_service_pb'
-require 'authzed/api/v0/namespace_service_services_pb'
-require 'authzed/api/v0/watch_service_pb'
-require 'authzed/api/v0/watch_service_services_pb'
-require 'authzed/api/v0/client'
 require 'authzed/api/v1alpha1/schema_pb'
 require 'authzed/api/v1alpha1/schema_services_pb'
 require 'authzed/api/v1alpha1/client'
@@ -19,4 +8,4 @@ require 'authzed/api/v1/client'
 require 'grpcutil/bearer_token'
 
 module Authzed
-end
+end

data/lib/validate/validate_pb.rb

@@ -0,0 +1,4 @@
+module Validate
+  module ValidatePb
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authzed
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.3.0
 platform: ruby
 authors:
 - Authzed
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-10-26 00:00:00.000000000 Z
+date: 2022-05-26 00:00:00.000000000 Z
 dependencies: []
 description: Authzed is the best way to build robust and scalable permissions systems.
   See https://authzed.com for more details.
@@ -33,16 +33,22 @@ files:
 - lib/authzed/api/v0/watch_service_services_pb.rb
 - lib/authzed/api/v1/client.rb
 - lib/authzed/api/v1/core_pb.rb
+- lib/authzed/api/v1/openapi_pb.rb
 - lib/authzed/api/v1/permission_service_pb.rb
 - lib/authzed/api/v1/permission_service_services_pb.rb
 - lib/authzed/api/v1/schema_pb.rb
+- lib/authzed/api/v1/schema_service_pb.rb
+- lib/authzed/api/v1/schema_service_services_pb.rb
 - lib/authzed/api/v1/schema_services_pb.rb
 - lib/authzed/api/v1/watch_service_pb.rb
 - lib/authzed/api/v1/watch_service_services_pb.rb
 - lib/authzed/api/v1alpha1/client.rb
 - lib/authzed/api/v1alpha1/schema_pb.rb
 - lib/authzed/api/v1alpha1/schema_services_pb.rb
+- lib/authzed/api/v1alpha1/watchresources_service_pb.rb
+- lib/authzed/api/v1alpha1/watchresources_service_services_pb.rb
 - lib/grpcutil/bearer_token.rb
+- lib/validate/validate_pb.rb
 homepage: https://authzed.com
 licenses:
 - Apache-2.0