cerbos 0.1.0

data/lib/cerbos/output/server_info.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Cerbos
+  module Output
+    # Information about the Cerbos policy decision point (PDP) server.
+    ServerInfo = Output.new_class(:built_at, :commit, :version) do
+      # @!attribute [r] built_at
+      #   The time at which the PDP server binary was built.
+      #
+      #   @return [Time]
+      #   @return [nil] if running a custom build of the PDP server that does not report its build time in ISO 8601 format.
+
+      # @!attribute [r] commit
+      #   The commit SHA from which the PDP server binary was built.
+      #
+      #   @return [String]
+
+      # @!attribute [r] version
+      #   The version of the PDP server.
+      #
+      #   @return [String]
+
+      def self.from_protobuf(server_info)
+        built_at = begin
+          Time.iso8601(server_info.build_date)
+        rescue ArgumentError
+          nil
+        end
+
+        new(
+          built_at: built_at,
+          commit: server_info.commit,
+          version: server_info.version
+        )
+      end
+    end
+  end
+end

data/lib/cerbos/output.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module Cerbos
+  # Namespace for objects returned by {Client} methods.
+  module Output
+    # @private
+    def self.new_class(*attributes, &block)
+      Class.new do
+        attributes.each do |attribute|
+          attr_reader attribute
+        end
+
+        class_eval <<~RUBY, __FILE__, __LINE__ + 1
+          def initialize(#{attributes.map { |attribute| "#{attribute}:" }.join(", ")})
+            #{attributes.map { |attribute| "@#{attribute} = #{attribute}" }.join("\n")}
+          end
+
+          def ==(other)
+            other.instance_of?(self.class) && #{attributes.map { |attribute| "#{attribute} == other.#{attribute}" }.join(" && ")}
+          end
+
+          def hash
+            [#{attributes.join(", ")}].hash
+          end
+        RUBY
+
+        alias_method :eql?, :==
+
+        class_exec(&block) if block
+      end
+    end
+  end
+end
+
+require_relative "output/check_resources"
+require_relative "output/plan_resources"
+require_relative "output/server_info"

data/lib/cerbos/protobuf/cerbos/audit/v1/audit_pb.rb

@@ -0,0 +1,48 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: cerbos/audit/v1/audit.proto
+
+require 'google/protobuf'
+
+require 'cerbos/protobuf/cerbos/engine/v1/engine_pb'
+require 'google/protobuf/timestamp_pb'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("cerbos/audit/v1/audit.proto", :syntax => :proto3) do
+    add_message "cerbos.audit.v1.AccessLogEntry" do
+      optional :call_id, :string, 1, json_name: "callId"
+      optional :timestamp, :message, 2, "google.protobuf.Timestamp", json_name: "timestamp"
+      optional :peer, :message, 3, "cerbos.audit.v1.Peer", json_name: "peer"
+      map :metadata, :string, :message, 4, "cerbos.audit.v1.MetaValues"
+      optional :method, :string, 5, json_name: "method"
+      optional :status_code, :uint32, 6, json_name: "statusCode"
+    end
+    add_message "cerbos.audit.v1.DecisionLogEntry" do
+      optional :call_id, :string, 1, json_name: "callId"
+      optional :timestamp, :message, 2, "google.protobuf.Timestamp", json_name: "timestamp"
+      optional :peer, :message, 3, "cerbos.audit.v1.Peer", json_name: "peer"
+      repeated :inputs, :message, 4, "cerbos.engine.v1.CheckInput", json_name: "inputs"
+      repeated :outputs, :message, 5, "cerbos.engine.v1.CheckOutput", json_name: "outputs"
+      optional :error, :string, 6, json_name: "error"
+    end
+    add_message "cerbos.audit.v1.MetaValues" do
+      repeated :values, :string, 1, json_name: "values"
+    end
+    add_message "cerbos.audit.v1.Peer" do
+      optional :address, :string, 1, json_name: "address"
+      optional :auth_info, :string, 2, json_name: "authInfo"
+      optional :user_agent, :string, 3, json_name: "userAgent"
+      optional :forwarded_for, :string, 4, json_name: "forwardedFor"
+    end
+  end
+end
+
+module Cerbos::Protobuf::Cerbos
+  module Audit
+    module V1
+      AccessLogEntry = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.audit.v1.AccessLogEntry").msgclass
+      DecisionLogEntry = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.audit.v1.DecisionLogEntry").msgclass
+      MetaValues = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.audit.v1.MetaValues").msgclass
+      Peer = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.audit.v1.Peer").msgclass
+    end
+  end
+end

data/lib/cerbos/protobuf/cerbos/effect/v1/effect_pb.rb

@@ -0,0 +1,23 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: cerbos/effect/v1/effect.proto
+
+require 'google/protobuf'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("cerbos/effect/v1/effect.proto", :syntax => :proto3) do
+    add_enum "cerbos.effect.v1.Effect" do
+      value :EFFECT_UNSPECIFIED, 0
+      value :EFFECT_ALLOW, 1
+      value :EFFECT_DENY, 2
+      value :EFFECT_NO_MATCH, 3
+    end
+  end
+end
+
+module Cerbos::Protobuf::Cerbos
+  module Effect
+    module V1
+      Effect = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.effect.v1.Effect").enummodule
+    end
+  end
+end

data/lib/cerbos/protobuf/cerbos/engine/v1/engine_pb.rb

@@ -0,0 +1,166 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: cerbos/engine/v1/engine.proto
+
+require 'google/protobuf'
+
+require 'cerbos/protobuf/cerbos/effect/v1/effect_pb'
+require 'cerbos/protobuf/cerbos/schema/v1/schema_pb'
+require 'cerbos/protobuf/google/api/expr/v1alpha1/checked_pb'
+require 'cerbos/protobuf/google/api/field_behavior_pb'
+require 'google/protobuf/struct_pb'
+require 'cerbos/protobuf/protoc-gen-openapiv2/options/annotations_pb'
+require 'cerbos/protobuf/validate/validate_pb'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("cerbos/engine/v1/engine.proto", :syntax => :proto3) do
+    add_message "cerbos.engine.v1.PlanResourcesRequest" do
+      optional :request_id, :string, 1, json_name: "requestId"
+      optional :action, :string, 2, json_name: "action"
+      optional :principal, :message, 3, "cerbos.engine.v1.Principal", json_name: "principal"
+      optional :resource, :message, 4, "cerbos.engine.v1.PlanResourcesRequest.Resource", json_name: "resource"
+      optional :aux_data, :message, 5, "cerbos.engine.v1.AuxData", json_name: "auxData"
+      optional :include_meta, :bool, 6, json_name: "includeMeta"
+    end
+    add_message "cerbos.engine.v1.PlanResourcesRequest.Resource" do
+      optional :kind, :string, 1, json_name: "kind"
+      map :attr, :string, :message, 2, "google.protobuf.Value"
+      optional :policy_version, :string, 3, json_name: "policyVersion"
+      optional :scope, :string, 4, json_name: "scope"
+    end
+    add_message "cerbos.engine.v1.CheckInput" do
+      optional :request_id, :string, 1, json_name: "requestId"
+      optional :resource, :message, 2, "cerbos.engine.v1.Resource", json_name: "resource"
+      optional :principal, :message, 3, "cerbos.engine.v1.Principal", json_name: "principal"
+      repeated :actions, :string, 4, json_name: "actions"
+      optional :aux_data, :message, 5, "cerbos.engine.v1.AuxData", json_name: "auxData"
+    end
+    add_message "cerbos.engine.v1.CheckOutput" do
+      optional :request_id, :string, 1, json_name: "requestId"
+      optional :resource_id, :string, 2, json_name: "resourceId"
+      map :actions, :string, :message, 3, "cerbos.engine.v1.CheckOutput.ActionEffect"
+      repeated :effective_derived_roles, :string, 4, json_name: "effectiveDerivedRoles"
+      repeated :validation_errors, :message, 5, "cerbos.schema.v1.ValidationError", json_name: "validationErrors"
+    end
+    add_message "cerbos.engine.v1.CheckOutput.ActionEffect" do
+      optional :effect, :enum, 1, "cerbos.effect.v1.Effect", json_name: "effect"
+      optional :policy, :string, 2, json_name: "policy"
+      optional :scope, :string, 3, json_name: "scope"
+    end
+    add_message "cerbos.engine.v1.PlanResourcesOutput" do
+      optional :request_id, :string, 1, json_name: "requestId"
+      optional :action, :string, 2, json_name: "action"
+      optional :kind, :string, 3, json_name: "kind"
+      optional :policy_version, :string, 4, json_name: "policyVersion"
+      optional :scope, :string, 5, json_name: "scope"
+      optional :filter, :message, 6, "cerbos.engine.v1.PlanResourcesOutput.Node", json_name: "filter"
+    end
+    add_message "cerbos.engine.v1.PlanResourcesOutput.Node" do
+      oneof :node do
+        optional :logical_operation, :message, 1, "cerbos.engine.v1.PlanResourcesOutput.LogicalOperation", json_name: "logicalOperation"
+        optional :expression, :message, 2, "google.api.expr.v1alpha1.CheckedExpr", json_name: "expression"
+      end
+    end
+    add_message "cerbos.engine.v1.PlanResourcesOutput.LogicalOperation" do
+      optional :operator, :enum, 1, "cerbos.engine.v1.PlanResourcesOutput.LogicalOperation.Operator", json_name: "operator"
+      repeated :nodes, :message, 2, "cerbos.engine.v1.PlanResourcesOutput.Node", json_name: "nodes"
+    end
+    add_enum "cerbos.engine.v1.PlanResourcesOutput.LogicalOperation.Operator" do
+      value :OPERATOR_UNSPECIFIED, 0
+      value :OPERATOR_AND, 1
+      value :OPERATOR_OR, 2
+      value :OPERATOR_NOT, 3
+    end
+    add_message "cerbos.engine.v1.Resource" do
+      optional :kind, :string, 1, json_name: "kind"
+      optional :policy_version, :string, 2, json_name: "policyVersion"
+      optional :id, :string, 3, json_name: "id"
+      map :attr, :string, :message, 4, "google.protobuf.Value"
+      optional :scope, :string, 5, json_name: "scope"
+    end
+    add_message "cerbos.engine.v1.Principal" do
+      optional :id, :string, 1, json_name: "id"
+      optional :policy_version, :string, 2, json_name: "policyVersion"
+      repeated :roles, :string, 3, json_name: "roles"
+      map :attr, :string, :message, 4, "google.protobuf.Value"
+      optional :scope, :string, 5, json_name: "scope"
+    end
+    add_message "cerbos.engine.v1.AuxData" do
+      map :jwt, :string, :message, 1, "google.protobuf.Value"
+    end
+    add_message "cerbos.engine.v1.Trace" do
+      repeated :components, :message, 1, "cerbos.engine.v1.Trace.Component", json_name: "components"
+      optional :event, :message, 2, "cerbos.engine.v1.Trace.Event", json_name: "event"
+    end
+    add_message "cerbos.engine.v1.Trace.Component" do
+      optional :kind, :enum, 1, "cerbos.engine.v1.Trace.Component.Kind", json_name: "kind"
+      oneof :details do
+        optional :action, :string, 2, json_name: "action"
+        optional :derived_role, :string, 3, json_name: "derivedRole"
+        optional :expr, :string, 4, json_name: "expr"
+        optional :index, :uint32, 5, json_name: "index"
+        optional :policy, :string, 6, json_name: "policy"
+        optional :resource, :string, 7, json_name: "resource"
+        optional :rule, :string, 8, json_name: "rule"
+        optional :scope, :string, 9, json_name: "scope"
+        optional :variable, :message, 10, "cerbos.engine.v1.Trace.Component.Variable", json_name: "variable"
+      end
+    end
+    add_message "cerbos.engine.v1.Trace.Component.Variable" do
+      optional :name, :string, 1, json_name: "name"
+      optional :expr, :string, 2, json_name: "expr"
+    end
+    add_enum "cerbos.engine.v1.Trace.Component.Kind" do
+      value :KIND_UNSPECIFIED, 0
+      value :KIND_ACTION, 1
+      value :KIND_CONDITION_ALL, 2
+      value :KIND_CONDITION_ANY, 3
+      value :KIND_CONDITION_NONE, 4
+      value :KIND_CONDITION, 5
+      value :KIND_DERIVED_ROLE, 6
+      value :KIND_EXPR, 7
+      value :KIND_POLICY, 8
+      value :KIND_RESOURCE, 9
+      value :KIND_RULE, 10
+      value :KIND_SCOPE, 11
+      value :KIND_VARIABLE, 12
+      value :KIND_VARIABLES, 13
+    end
+    add_message "cerbos.engine.v1.Trace.Event" do
+      optional :status, :enum, 1, "cerbos.engine.v1.Trace.Event.Status", json_name: "status"
+      optional :effect, :enum, 2, "cerbos.effect.v1.Effect", json_name: "effect"
+      optional :error, :string, 3, json_name: "error"
+      optional :message, :string, 4, json_name: "message"
+      optional :result, :message, 5, "google.protobuf.Value", json_name: "result"
+    end
+    add_enum "cerbos.engine.v1.Trace.Event.Status" do
+      value :STATUS_UNSPECIFIED, 0
+      value :STATUS_ACTIVATED, 1
+      value :STATUS_SKIPPED, 2
+    end
+  end
+end
+
+module Cerbos::Protobuf::Cerbos
+  module Engine
+    module V1
+      PlanResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesRequest").msgclass
+      PlanResourcesRequest::Resource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesRequest.Resource").msgclass
+      CheckInput = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.CheckInput").msgclass
+      CheckOutput = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.CheckOutput").msgclass
+      CheckOutput::ActionEffect = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.CheckOutput.ActionEffect").msgclass
+      PlanResourcesOutput = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesOutput").msgclass
+      PlanResourcesOutput::Node = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesOutput.Node").msgclass
+      PlanResourcesOutput::LogicalOperation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesOutput.LogicalOperation").msgclass
+      PlanResourcesOutput::LogicalOperation::Operator = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesOutput.LogicalOperation.Operator").enummodule
+      Resource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.Resource").msgclass
+      Principal = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.Principal").msgclass
+      AuxData = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.AuxData").msgclass
+      Trace = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.Trace").msgclass
+      Trace::Component = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.Trace.Component").msgclass
+      Trace::Component::Variable = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.Trace.Component.Variable").msgclass
+      Trace::Component::Kind = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.Trace.Component.Kind").enummodule
+      Trace::Event = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.Trace.Event").msgclass
+      Trace::Event::Status = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.Trace.Event.Status").enummodule
+    end
+  end
+end

data/lib/cerbos/protobuf/cerbos/policy/v1/policy_pb.rb

@@ -0,0 +1,247 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: cerbos/policy/v1/policy.proto
+
+require 'google/protobuf'
+
+require 'cerbos/protobuf/cerbos/effect/v1/effect_pb'
+require 'cerbos/protobuf/cerbos/engine/v1/engine_pb'
+require 'google/protobuf/wrappers_pb'
+require 'cerbos/protobuf/validate/validate_pb'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("cerbos/policy/v1/policy.proto", :syntax => :proto3) do
+    add_message "cerbos.policy.v1.Policy" do
+      optional :api_version, :string, 1, json_name: "apiVersion"
+      optional :disabled, :bool, 2, json_name: "disabled"
+      optional :description, :string, 3, json_name: "description"
+      optional :metadata, :message, 4, "cerbos.policy.v1.Metadata", json_name: "metadata"
+      map :variables, :string, :string, 8
+      oneof :policy_type do
+        optional :resource_policy, :message, 5, "cerbos.policy.v1.ResourcePolicy", json_name: "resourcePolicy"
+        optional :principal_policy, :message, 6, "cerbos.policy.v1.PrincipalPolicy", json_name: "principalPolicy"
+        optional :derived_roles, :message, 7, "cerbos.policy.v1.DerivedRoles", json_name: "derivedRoles"
+      end
+    end
+    add_message "cerbos.policy.v1.Metadata" do
+      optional :source_file, :string, 1, json_name: "sourceFile"
+      map :annotations, :string, :string, 2
+      optional :hash, :message, 3, "google.protobuf.UInt64Value", json_name: "hash"
+      optional :store_identifer, :string, 4, json_name: "storeIdentifer"
+    end
+    add_message "cerbos.policy.v1.ResourcePolicy" do
+      optional :resource, :string, 1, json_name: "resource"
+      optional :version, :string, 2, json_name: "version"
+      repeated :import_derived_roles, :string, 3, json_name: "importDerivedRoles"
+      repeated :rules, :message, 4, "cerbos.policy.v1.ResourceRule", json_name: "rules"
+      optional :scope, :string, 5, json_name: "scope"
+      optional :schemas, :message, 6, "cerbos.policy.v1.Schemas", json_name: "schemas"
+    end
+    add_message "cerbos.policy.v1.ResourceRule" do
+      repeated :actions, :string, 1, json_name: "actions"
+      repeated :derived_roles, :string, 2, json_name: "derivedRoles"
+      repeated :roles, :string, 3, json_name: "roles"
+      optional :condition, :message, 4, "cerbos.policy.v1.Condition", json_name: "condition"
+      optional :effect, :enum, 5, "cerbos.effect.v1.Effect", json_name: "effect"
+      optional :name, :string, 6, json_name: "name"
+    end
+    add_message "cerbos.policy.v1.PrincipalPolicy" do
+      optional :principal, :string, 1, json_name: "principal"
+      optional :version, :string, 2, json_name: "version"
+      repeated :rules, :message, 3, "cerbos.policy.v1.PrincipalRule", json_name: "rules"
+      optional :scope, :string, 4, json_name: "scope"
+    end
+    add_message "cerbos.policy.v1.PrincipalRule" do
+      optional :resource, :string, 1, json_name: "resource"
+      repeated :actions, :message, 2, "cerbos.policy.v1.PrincipalRule.Action", json_name: "actions"
+    end
+    add_message "cerbos.policy.v1.PrincipalRule.Action" do
+      optional :action, :string, 1, json_name: "action"
+      optional :condition, :message, 2, "cerbos.policy.v1.Condition", json_name: "condition"
+      optional :effect, :enum, 3, "cerbos.effect.v1.Effect", json_name: "effect"
+      optional :name, :string, 4, json_name: "name"
+    end
+    add_message "cerbos.policy.v1.DerivedRoles" do
+      optional :name, :string, 1, json_name: "name"
+      repeated :definitions, :message, 2, "cerbos.policy.v1.RoleDef", json_name: "definitions"
+    end
+    add_message "cerbos.policy.v1.RoleDef" do
+      optional :name, :string, 1, json_name: "name"
+      repeated :parent_roles, :string, 2, json_name: "parentRoles"
+      optional :condition, :message, 3, "cerbos.policy.v1.Condition", json_name: "condition"
+    end
+    add_message "cerbos.policy.v1.Condition" do
+      oneof :condition do
+        optional :match, :message, 1, "cerbos.policy.v1.Match", json_name: "match"
+        optional :script, :string, 2, json_name: "script"
+      end
+    end
+    add_message "cerbos.policy.v1.Match" do
+      oneof :op do
+        optional :all, :message, 1, "cerbos.policy.v1.Match.ExprList", json_name: "all"
+        optional :any, :message, 2, "cerbos.policy.v1.Match.ExprList", json_name: "any"
+        optional :none, :message, 3, "cerbos.policy.v1.Match.ExprList", json_name: "none"
+        optional :expr, :string, 4, json_name: "expr"
+      end
+    end
+    add_message "cerbos.policy.v1.Match.ExprList" do
+      repeated :of, :message, 1, "cerbos.policy.v1.Match", json_name: "of"
+    end
+    add_message "cerbos.policy.v1.Schemas" do
+      optional :principal_schema, :message, 1, "cerbos.policy.v1.Schemas.Schema", json_name: "principalSchema"
+      optional :resource_schema, :message, 2, "cerbos.policy.v1.Schemas.Schema", json_name: "resourceSchema"
+    end
+    add_message "cerbos.policy.v1.Schemas.IgnoreWhen" do
+      repeated :actions, :string, 1, json_name: "actions"
+    end
+    add_message "cerbos.policy.v1.Schemas.Schema" do
+      optional :ref, :string, 1, json_name: "ref"
+      optional :ignore_when, :message, 2, "cerbos.policy.v1.Schemas.IgnoreWhen", json_name: "ignoreWhen"
+    end
+    add_message "cerbos.policy.v1.TestFixture" do
+    end
+    add_message "cerbos.policy.v1.TestFixture.Principals" do
+      map :principals, :string, :message, 1, "cerbos.engine.v1.Principal"
+    end
+    add_message "cerbos.policy.v1.TestFixture.Resources" do
+      map :resources, :string, :message, 1, "cerbos.engine.v1.Resource"
+    end
+    add_message "cerbos.policy.v1.TestFixture.AuxData" do
+      map :aux_data, :string, :message, 1, "cerbos.engine.v1.AuxData"
+    end
+    add_message "cerbos.policy.v1.TestSuite" do
+      optional :name, :string, 1, json_name: "name"
+      optional :description, :string, 2, json_name: "description"
+      optional :skip, :bool, 3, json_name: "skip"
+      optional :skip_reason, :string, 4, json_name: "skipReason"
+      repeated :tests, :message, 5, "cerbos.policy.v1.TestTable", json_name: "tests"
+      map :principals, :string, :message, 6, "cerbos.engine.v1.Principal"
+      map :resources, :string, :message, 7, "cerbos.engine.v1.Resource"
+      map :aux_data, :string, :message, 8, "cerbos.engine.v1.AuxData"
+    end
+    add_message "cerbos.policy.v1.TestTable" do
+      optional :name, :string, 1, json_name: "name"
+      optional :description, :string, 2, json_name: "description"
+      optional :skip, :bool, 3, json_name: "skip"
+      optional :skip_reason, :string, 4, json_name: "skipReason"
+      optional :input, :message, 5, "cerbos.policy.v1.TestTable.Input", json_name: "input"
+      repeated :expected, :message, 6, "cerbos.policy.v1.TestTable.Expectation", json_name: "expected"
+    end
+    add_message "cerbos.policy.v1.TestTable.Input" do
+      repeated :principals, :string, 1, json_name: "principals"
+      repeated :resources, :string, 2, json_name: "resources"
+      repeated :actions, :string, 3, json_name: "actions"
+      optional :aux_data, :string, 4, json_name: "auxData"
+    end
+    add_message "cerbos.policy.v1.TestTable.Expectation" do
+      optional :principal, :string, 1, json_name: "principal"
+      optional :resource, :string, 2, json_name: "resource"
+      map :actions, :string, :enum, 3, "cerbos.effect.v1.Effect"
+    end
+    add_message "cerbos.policy.v1.Test" do
+      optional :name, :message, 1, "cerbos.policy.v1.Test.TestName", json_name: "name"
+      optional :description, :string, 2, json_name: "description"
+      optional :skip, :bool, 3, json_name: "skip"
+      optional :skip_reason, :string, 4, json_name: "skipReason"
+      optional :input, :message, 5, "cerbos.engine.v1.CheckInput", json_name: "input"
+      map :expected, :string, :enum, 6, "cerbos.effect.v1.Effect"
+    end
+    add_message "cerbos.policy.v1.Test.TestName" do
+      optional :test_table_name, :string, 1, json_name: "testTableName"
+      optional :principal_key, :string, 2, json_name: "principalKey"
+      optional :resource_key, :string, 3, json_name: "resourceKey"
+    end
+    add_message "cerbos.policy.v1.TestResults" do
+      repeated :suites, :message, 1, "cerbos.policy.v1.TestResults.Suite", json_name: "suites"
+      optional :summary, :message, 2, "cerbos.policy.v1.TestResults.Summary", json_name: "summary"
+    end
+    add_message "cerbos.policy.v1.TestResults.Tally" do
+      optional :result, :enum, 1, "cerbos.policy.v1.TestResults.Result", json_name: "result"
+      optional :count, :uint32, 2, json_name: "count"
+    end
+    add_message "cerbos.policy.v1.TestResults.Summary" do
+      optional :overall_result, :enum, 1, "cerbos.policy.v1.TestResults.Result", json_name: "overallResult"
+      optional :tests_count, :uint32, 2, json_name: "testsCount"
+      repeated :result_counts, :message, 3, "cerbos.policy.v1.TestResults.Tally", json_name: "resultCounts"
+    end
+    add_message "cerbos.policy.v1.TestResults.Suite" do
+      optional :file, :string, 1, json_name: "file"
+      optional :name, :string, 2, json_name: "name"
+      repeated :principals, :message, 3, "cerbos.policy.v1.TestResults.Principal", json_name: "principals"
+      optional :summary, :message, 4, "cerbos.policy.v1.TestResults.Summary", json_name: "summary"
+      optional :error, :string, 5, json_name: "error"
+    end
+    add_message "cerbos.policy.v1.TestResults.Principal" do
+      optional :name, :string, 1, json_name: "name"
+      repeated :resources, :message, 2, "cerbos.policy.v1.TestResults.Resource", json_name: "resources"
+    end
+    add_message "cerbos.policy.v1.TestResults.Resource" do
+      optional :name, :string, 1, json_name: "name"
+      repeated :actions, :message, 2, "cerbos.policy.v1.TestResults.Action", json_name: "actions"
+    end
+    add_message "cerbos.policy.v1.TestResults.Action" do
+      optional :name, :string, 1, json_name: "name"
+      optional :details, :message, 2, "cerbos.policy.v1.TestResults.Details", json_name: "details"
+    end
+    add_message "cerbos.policy.v1.TestResults.Details" do
+      optional :result, :enum, 1, "cerbos.policy.v1.TestResults.Result", json_name: "result"
+      repeated :engine_trace, :message, 4, "cerbos.engine.v1.Trace", json_name: "engineTrace"
+      oneof :outcome do
+        optional :failure, :message, 2, "cerbos.policy.v1.TestResults.Failure", json_name: "failure"
+        optional :error, :string, 3, json_name: "error"
+      end
+    end
+    add_message "cerbos.policy.v1.TestResults.Failure" do
+      optional :expected, :enum, 1, "cerbos.effect.v1.Effect", json_name: "expected"
+      optional :actual, :enum, 2, "cerbos.effect.v1.Effect", json_name: "actual"
+    end
+    add_enum "cerbos.policy.v1.TestResults.Result" do
+      value :RESULT_UNSPECIFIED, 0
+      value :RESULT_SKIPPED, 1
+      value :RESULT_PASSED, 2
+      value :RESULT_FAILED, 3
+      value :RESULT_ERRORED, 4
+    end
+  end
+end
+
+module Cerbos::Protobuf::Cerbos
+  module Policy
+    module V1
+      Policy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.Policy").msgclass
+      Metadata = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.Metadata").msgclass
+      ResourcePolicy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.ResourcePolicy").msgclass
+      ResourceRule = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.ResourceRule").msgclass
+      PrincipalPolicy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.PrincipalPolicy").msgclass
+      PrincipalRule = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.PrincipalRule").msgclass
+      PrincipalRule::Action = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.PrincipalRule.Action").msgclass
+      DerivedRoles = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.DerivedRoles").msgclass
+      RoleDef = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.RoleDef").msgclass
+      Condition = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.Condition").msgclass
+      Match = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.Match").msgclass
+      Match::ExprList = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.Match.ExprList").msgclass
+      Schemas = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.Schemas").msgclass
+      Schemas::IgnoreWhen = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.Schemas.IgnoreWhen").msgclass
+      Schemas::Schema = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.Schemas.Schema").msgclass
+      TestFixture = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.TestFixture").msgclass
+      TestFixture::Principals = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.TestFixture.Principals").msgclass
+      TestFixture::Resources = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.TestFixture.Resources").msgclass
+      TestFixture::AuxData = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.TestFixture.AuxData").msgclass
+      TestSuite = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.TestSuite").msgclass
+      TestTable = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.TestTable").msgclass
+      TestTable::Input = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.TestTable.Input").msgclass
+      TestTable::Expectation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.TestTable.Expectation").msgclass
+      Test = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.Test").msgclass
+      Test::TestName = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.Test.TestName").msgclass
+      TestResults = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.TestResults").msgclass
+      TestResults::Tally = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.TestResults.Tally").msgclass
+      TestResults::Summary = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.TestResults.Summary").msgclass
+      TestResults::Suite = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.TestResults.Suite").msgclass
+      TestResults::Principal = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.TestResults.Principal").msgclass
+      TestResults::Resource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.TestResults.Resource").msgclass
+      TestResults::Action = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.TestResults.Action").msgclass
+      TestResults::Details = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.TestResults.Details").msgclass
+      TestResults::Failure = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.TestResults.Failure").msgclass
+      TestResults::Result = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.policy.v1.TestResults.Result").enummodule
+    end
+  end
+end