cerbos 0.3.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 41c6a1f790cc09bff5f0c542d5338161730c4c649e66074afb381af8581637d3
-  data.tar.gz: f7fbd30bc55b357b1a0a77d1da2e48d06cf9af1fe4cfc44947c879e661a81768
+  metadata.gz: e21f0359fb0e125e0e3a6d4ecf9ac0c12e254ab464b4ad67e8d6213fd2974ed5
+  data.tar.gz: a959dfdc08af3b960b58cd78c953925fba3b88b5db915bb30f94d3f32b810cb9
 SHA512:
-  metadata.gz: e0bbda1a092e1ec55fe9565765609fd0ed3dd77a4fa12f627cddbb1b7b48177d423114a9e8d21a454e2fcfd9257e6ce82da303f4f3df82d2d24d766519734100
-  data.tar.gz: 525b97f8aee44d35fe4039ab75ecad4315f79fedd0f2ad94a2b308fa99700579e8800009a38735ebdfc3a9f462aae230f71ef637ab682fc461c2d40cb6a897cb
+  metadata.gz: 7e89b9ec5168b7215d9b9c1ad86ed8a34404f3cd3db2b6bf44889b319fc3ab5520d2ea5eb74f22e99d955e544cfb43ca925dc597763c8ae782a645ee5b086c4b
+  data.tar.gz: e7ddf0d6071cd1ac4f607617b95e0987d11d72d34feeda6742d034f2ff212ca01dd0ef57abb94e2d54e578cd5bd5929e0ff2dab3844835cad557b9b9b062b10e

data/CHANGELOG.md

@@ -1,6 +1,27 @@
 ## [Unreleased]
 No notable changes.
 
+## [0.6.0] - 2022-07-01
+### Added
+- Support for schema validation in `Cerbos::Client#plan_resources` ([#32](https://github.com/cerbos/cerbos-sdk-ruby/pull/32))
+
+  Requires Cerbos 0.19+.
+  `Cerbos::Output::PlanResources#validation_errors` will always return an empty array if the client is connected to an earlier version of Cerbos.
+
+  As a result, `Cerbos::Output::CheckResources::Result::ValidationError` has moved to `Cerbos::Output::ValidationError`.
+  Attempting to access the class via the old namespace will print a deprecation warning and return the new class.
+
+## [0.5.0] - 2022-06-09
+### Added
+- Allow symbol keys in nested attributes hashes ([#28](https://github.com/cerbos/cerbos-sdk-ruby/pull/28))
+
+## [0.4.0] - 2022-06-03
+### Added
+- `on_validation_error` option to `Cerbos::Client#initialize` ([#22](https://github.com/cerbos/cerbos-sdk-ruby/pull/22))
+
+### Changed
+- Minor documentation fixes ([#21](https://github.com/cerbos/cerbos-sdk-ruby/pull/21))
+
 ## [0.3.0] - 2022-05-13
 ### Added
 - More helper methods ([#11](https://github.com/cerbos/cerbos-sdk-ruby/pull/11))
@@ -15,7 +36,10 @@ No notable changes.
 ### Added
 - Initial implementation of `Cerbos::Client` ([#2](https://github.com/cerbos/cerbos-sdk-ruby/pull/2))
 
-[Unreleased]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.3.0...HEAD
+[Unreleased]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.6.0...HEAD
+[0.6.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.5.0...v0.6.0
+[0.5.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.4.0...v0.5.0
+[0.4.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.3.0...v0.4.0
 [0.3.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.2.0...v0.3.0
 [0.2.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.1.0...v0.2.0
 [0.1.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/4481009e9dec2e1e6a2df8ea2f828690ceabbefc...v0.1.0

data/README.md

@@ -53,3 +53,13 @@ decision.allow?("edit") # => false
 ```
 
 For more details, [see the `Client` documentation](https://www.rubydoc.info/gems/cerbos/Cerbos/Client).
+
+## Further reading
+
+- [API reference](https://www.rubydoc.info/gems/cerbos/Cerbos)
+- [Cerbos documentation](https://docs.cerbos.dev)
+
+## Get help
+
+- [Join the Cerbos community on Slack](http://go.cerbos.io/slack)
+- [Email us at help@cerbos.dev](mailto:help@cerbos.dev)

data/lib/cerbos/client.rb

@@ -9,9 +9,10 @@ module Cerbos
   class Client
     # Create a client for interacting with the Cerbos PDP server over gRPC.
     #
-    # @param target [String] Cerbos PDP server address (`"host", "host:port"`, or `"unix:/path/to/socket"`).
+    # @param target [String] Cerbos PDP server address (`"host"`, `"host:port"`, or `"unix:/path/to/socket"`).
     # @param tls [TLS, MutualTLS, false] gRPC connection encryption settings (`false` for plaintext).
     # @param grpc_channel_args [Hash{String, Symbol => String, Integer}] low-level settings for the gRPC channel (see [available keys in the gRPC documentation](https://grpc.github.io/grpc/core/group__grpc__arg__keys.html)).
+    # @param on_validation_error [:return, :raise, #call] action to take when input fails schema validation (`:return` to return the validation errors in the response, `:raise` to raise {Error::ValidationFailed}, or a callback to invoke).
     # @param playground_instance [String, nil] identifier of the playground instance to use when prototyping against the hosted demo PDP.
     # @param timeout [Numeric, nil] timeout for gRPC calls, in seconds (`nil` to never time out).
     #
@@ -23,7 +24,15 @@ module Cerbos
     #
     # @example Connect to the hosted demo PDP to experiment [in the playground](https://play.cerbos.dev)
     #   client = Cerbos::Client.new("demo-pdp.cerbos.cloud", tls: Cerbos::TLS.new, playground_instance: "gE623b0180QlsG5a4QIN6UOZ6f3iSFW2")
-    def initialize(target, tls:, grpc_channel_args: {}, playground_instance: nil, timeout: nil)
+    #
+    # @example Raise an error when input fails schema validation
+    #   client = Cerbos::Client.new("localhost:3593", tls: false, on_validation_error: :raise)
+    #
+    # @example Invoke a callback when input fails schema validation
+    #   client = Cerbos::Client.new("localhost:3593", tls: false, on_validation_error: ->(validation_errors) { do_something_with validation_errors })
+    def initialize(target, tls:, grpc_channel_args: {}, on_validation_error: :return, playground_instance: nil, timeout: nil)
+      @on_validation_error = on_validation_error
+
       handle_errors do
         credentials = tls ? tls.to_channel_credentials : :this_channel_is_insecure
 
@@ -53,6 +62,13 @@ module Cerbos
     # @param request_id [String] identifier for tracing the request.
     #
     # @return [Boolean]
+    #
+    # @example
+    #   client.allow?(
+    #     principal: {id: "user@example.com", roles: ["USER"]},
+    #     resource: {kind: "document", id: "1"},
+    #     action: "view"
+    #   ) # => true
     def allow?(principal:, resource:, action:, aux_data: nil, request_id: SecureRandom.uuid)
       check_resource(
         principal: principal,
@@ -119,7 +135,7 @@ module Cerbos
     #     ]
     #   )
     #
-    #   result.allow?(resource: {kind: "document", id: "1"}, action: "view") # => true
+    #   decision.allow?(resource: {kind: "document", id: "1"}, action: "view") # => true
     def check_resources(principal:, resources:, aux_data: nil, include_metadata: false, request_id: SecureRandom.uuid)
       handle_errors do
         request = Protobuf::Cerbos::Request::V1::CheckResourcesRequest.new(
@@ -132,7 +148,9 @@ module Cerbos
 
         response = perform_request(@cerbos_service, :check_resources, request)
 
-        Output::CheckResources.from_protobuf(response)
+        Output::CheckResources.from_protobuf(response).tap do |output|
+          handle_validation_errors output
+        end
       end
     end
 
@@ -169,7 +187,9 @@ module Cerbos
 
         response = perform_request(@cerbos_service, :plan_resources, request)
 
-        Output::PlanResources.from_protobuf(response)
+        Output::PlanResources.from_protobuf(response).tap do |output|
+          handle_validation_errors output
+        end
       end
     end
 
@@ -200,6 +220,17 @@ module Cerbos
       raise Error, error.message
     end
 
+    def handle_validation_errors(output)
+      return if @on_validation_error == :return
+
+      validation_errors = output.validation_errors
+      return if validation_errors.empty?
+
+      raise Error::ValidationFailed.new(validation_errors) if @on_validation_error == :raise
+
+      @on_validation_error.call validation_errors
+    end
+
     def perform_request(service, rpc, request)
       service.public_send(rpc, request)
     end

data/lib/cerbos/error.rb

@@ -3,6 +3,21 @@
 module Cerbos
   # Base type for errors thrown by the `cerbos` gem.
   class Error < StandardError
+    # Input failed schema validation.
+    class ValidationFailed < Error
+      # The validation errors that occurred.
+      #
+      # @return [Array<Output::CheckResources::Result::ValidationError>]
+      attr_reader :validation_errors
+
+      # @private
+      def initialize(validation_errors)
+        super "Input failed schema validation"
+
+        @validation_errors = validation_errors
+      end
+    end
+
     # An error indicating an unsuccessful gRPC operation.
     class NotOK < Error
       # The gRPC status code.
@@ -33,7 +48,7 @@ module Cerbos
 
       # @private
       def initialize(code:, details:, metadata: {})
-        super("gRPC error #{code}: #{details}")
+        super "gRPC error #{code}: #{details}"
 
         @code = code
         @details = details

data/lib/cerbos/input/attributes.rb

@@ -22,7 +22,20 @@ module Cerbos
 
       # @private
       def to_protobuf
-        @attributes.transform_values { |value| Google::Protobuf::Value.from_ruby(value) }
+        @attributes.transform_values { |value| Google::Protobuf::Value.from_ruby(deep_stringify_keys(value)) }
+      end
+
+      private
+
+      def deep_stringify_keys(object)
+        case object
+        when Hash
+          object.each_with_object({}) { |(key, value), result| result[key.to_s] = deep_stringify_keys(value) }
+        when Array
+          object.map { |value| deep_stringify_keys(value) }
+        else
+          object
+        end
       end
     end
   end

data/lib/cerbos/input/resource_query.rb

@@ -43,7 +43,7 @@ module Cerbos
 
       # @private
       def to_protobuf
-        Protobuf::Cerbos::Engine::V1::PlanResourcesRequest::Resource.new(
+        Protobuf::Cerbos::Engine::V1::PlanResourcesInput::Resource.new(
           kind: kind,
           attr: attributes.to_protobuf,
           policy_version: policy_version,

data/lib/cerbos/output/check_resources.rb

@@ -55,6 +55,13 @@ module Cerbos
         results.find { |result| matching_resource?(search, result.resource) }
       end
 
+      # List unique schema validation errors for the principal or resource attributes.
+      #
+      # @return [Array<ValidationError>]
+      def validation_errors
+        results.flat_map(&:validation_errors).uniq
+      end
+
       private
 
       def matching_resource?(search, candidate)
@@ -88,11 +95,21 @@ module Cerbos
       #   @return [Metadata]
       #   @return [nil] if `include_metadata` was `false`.
 
+      # @private
+      def self.const_missing(const)
+        if const == :ValidationError
+          warn "#{name}::ValidationError is deprecated; use #{ValidationError.name} instead (called from #{caller(1..1).first})"
+          return ValidationError
+        end
+
+        super
+      end
+
       def self.from_protobuf(entry)
         new(
           resource: CheckResources::Result::Resource.from_protobuf(entry.resource),
           actions: entry.actions.to_h,
-          validation_errors: (entry.validation_errors || []).map { |validation_error| CheckResources::Result::ValidationError.from_protobuf(validation_error) },
+          validation_errors: (entry.validation_errors || []).map { |validation_error| ValidationError.from_protobuf(validation_error) },
           metadata: CheckResources::Result::Metadata.from_protobuf(entry.meta)
         )
       end
@@ -154,46 +171,6 @@ module Cerbos
       end
     end
 
-    # An error that occurred while validating the principal or resource attributes against a schema.
-    CheckResources::Result::ValidationError = Output.new_class(:path, :message, :source) do
-      # @!attribute [r] path
-      #   The path to the attribute that failed validation.
-      #
-      #   @return [String]
-
-      # @!attribute [r] message
-      #   The error message.
-      #
-      #   @return [String]
-
-      # @!attribute [r] source
-      #   The source of the invalid attributes.
-      #
-      #   @return [:SOURCE_PRINCIPAL, :SOURCE_RESOURCE]
-
-      def self.from_protobuf(validation_error)
-        new(
-          path: validation_error.path,
-          message: validation_error.message,
-          source: validation_error.source
-        )
-      end
-
-      # Check if the principal's attributes failed schema validation.
-      #
-      # @return [Boolean]
-      def from_principal?
-        source == :SOURCE_PRINCIPAL
-      end
-
-      # Check if the resource's attributes failed schema validation.
-      #
-      # @return [Boolean]
-      def from_resource?
-        source == :SOURCE_RESOURCE
-      end
-    end
-
     # Additional information about how policy decisions were reached.
     CheckResources::Result::Metadata = Output.new_class(:actions, :effective_derived_roles) do
       # @!attribute [r] actions

data/lib/cerbos/output/plan_resources.rb

@@ -5,7 +5,7 @@ module Cerbos
     # A query plan that can be used to obtain a list of resources on which a principal is allowed to perform a particular action.
     #
     # @see Client#plan_resources
-    PlanResources = Output.new_class(:request_id, :kind, :condition, :metadata) do
+    PlanResources = Output.new_class(:request_id, :kind, :condition, :validation_errors, :metadata) do
       # @!attribute [r] request_id
       #   The identifier for tracing the request.
       #
@@ -26,6 +26,11 @@ module Cerbos
       #   @see #always_denied?
       #   @see #conditional?
 
+      # @!attribute [r] validation_errors
+      #   Any schema validation errors for the principal or resource attributes.
+      #
+      #   @return [Array<ValidationError>]
+
       # @!attribute [r] metadata
       #   Additional information about the query plan.
       #
@@ -37,6 +42,7 @@ module Cerbos
           request_id: plan_resources.request_id,
           kind: plan_resources.filter.kind,
           condition: PlanResources::Expression::Operand.from_protobuf(plan_resources.filter.condition),
+          validation_errors: (plan_resources.validation_errors || []).map { |validation_error| ValidationError.from_protobuf(validation_error) },
           metadata: PlanResources::Metadata.from_protobuf(plan_resources.meta)
         )
       end

data/lib/cerbos/output/validation_error.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module Cerbos
+  module Output
+    # An error that occurred while validating the principal or resource attributes against a schema.
+    ValidationError = Output.new_class(:path, :message, :source) do
+      # @!attribute [r] path
+      #   The path to the attribute that failed validation.
+      #
+      #   @return [String]
+
+      # @!attribute [r] message
+      #   The error message.
+      #
+      #   @return [String]
+
+      # @!attribute [r] source
+      #   The source of the invalid attributes.
+      #
+      #   @return [:SOURCE_PRINCIPAL, :SOURCE_RESOURCE]
+
+      def self.from_protobuf(validation_error)
+        new(
+          path: validation_error.path,
+          message: validation_error.message,
+          source: validation_error.source
+        )
+      end
+
+      # Check if the principal's attributes failed schema validation.
+      #
+      # @return [Boolean]
+      def from_principal?
+        source == :SOURCE_PRINCIPAL
+      end
+
+      # Check if the resource's attributes failed schema validation.
+      #
+      # @return [Boolean]
+      def from_resource?
+        source == :SOURCE_RESOURCE
+      end
+    end
+  end
+end

data/lib/cerbos/output.rb

@@ -32,6 +32,7 @@ module Cerbos
   end
 end
 
+require_relative "output/validation_error"
 require_relative "output/check_resources"
 require_relative "output/plan_resources"
 require_relative "output/server_info"

data/lib/cerbos/protobuf/cerbos/audit/v1/audit_pb.rb

@@ -23,6 +23,20 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       repeated :inputs, :message, 4, "cerbos.engine.v1.CheckInput", json_name: "inputs"
       repeated :outputs, :message, 5, "cerbos.engine.v1.CheckOutput", json_name: "outputs"
       optional :error, :string, 6, json_name: "error"
+      oneof :method do
+        optional :check_resources, :message, 7, "cerbos.audit.v1.DecisionLogEntry.CheckResources", json_name: "checkResources"
+        optional :plan_resources, :message, 8, "cerbos.audit.v1.DecisionLogEntry.PlanResources", json_name: "planResources"
+      end
+    end
+    add_message "cerbos.audit.v1.DecisionLogEntry.CheckResources" do
+      repeated :inputs, :message, 1, "cerbos.engine.v1.CheckInput", json_name: "inputs"
+      repeated :outputs, :message, 2, "cerbos.engine.v1.CheckOutput", json_name: "outputs"
+      optional :error, :string, 3, json_name: "error"
+    end
+    add_message "cerbos.audit.v1.DecisionLogEntry.PlanResources" do
+      optional :input, :message, 1, "cerbos.engine.v1.PlanResourcesInput", json_name: "input"
+      optional :output, :message, 2, "cerbos.engine.v1.PlanResourcesOutput", json_name: "output"
+      optional :error, :string, 3, json_name: "error"
     end
     add_message "cerbos.audit.v1.MetaValues" do
       repeated :values, :string, 1, json_name: "values"
@@ -41,6 +55,8 @@ module Cerbos::Protobuf::Cerbos
     module V1
       AccessLogEntry = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.audit.v1.AccessLogEntry").msgclass
       DecisionLogEntry = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.audit.v1.DecisionLogEntry").msgclass
+      DecisionLogEntry::CheckResources = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.audit.v1.DecisionLogEntry.CheckResources").msgclass
+      DecisionLogEntry::PlanResources = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.audit.v1.DecisionLogEntry.PlanResources").msgclass
       MetaValues = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.audit.v1.MetaValues").msgclass
       Peer = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.audit.v1.Peer").msgclass
     end

data/lib/cerbos/protobuf/cerbos/engine/v1/engine_pb.rb

@@ -13,20 +13,70 @@ require 'cerbos/protobuf/validate/validate_pb'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("cerbos/engine/v1/engine.proto", :syntax => :proto3) do
-    add_message "cerbos.engine.v1.PlanResourcesRequest" do
+    add_message "cerbos.engine.v1.PlanResourcesInput" do
       optional :request_id, :string, 1, json_name: "requestId"
       optional :action, :string, 2, json_name: "action"
       optional :principal, :message, 3, "cerbos.engine.v1.Principal", json_name: "principal"
-      optional :resource, :message, 4, "cerbos.engine.v1.PlanResourcesRequest.Resource", json_name: "resource"
+      optional :resource, :message, 4, "cerbos.engine.v1.PlanResourcesInput.Resource", json_name: "resource"
       optional :aux_data, :message, 5, "cerbos.engine.v1.AuxData", json_name: "auxData"
       optional :include_meta, :bool, 6, json_name: "includeMeta"
     end
-    add_message "cerbos.engine.v1.PlanResourcesRequest.Resource" do
+    add_message "cerbos.engine.v1.PlanResourcesInput.Resource" do
       optional :kind, :string, 1, json_name: "kind"
       map :attr, :string, :message, 2, "google.protobuf.Value"
       optional :policy_version, :string, 3, json_name: "policyVersion"
       optional :scope, :string, 4, json_name: "scope"
     end
+    add_message "cerbos.engine.v1.PlanResourcesAst" do
+      optional :filter_ast, :message, 1, "cerbos.engine.v1.PlanResourcesAst.Node", json_name: "filterAst"
+    end
+    add_message "cerbos.engine.v1.PlanResourcesAst.Node" do
+      oneof :node do
+        optional :logical_operation, :message, 1, "cerbos.engine.v1.PlanResourcesAst.LogicalOperation", json_name: "logicalOperation"
+        optional :expression, :message, 2, "google.api.expr.v1alpha1.CheckedExpr", json_name: "expression"
+      end
+    end
+    add_message "cerbos.engine.v1.PlanResourcesAst.LogicalOperation" do
+      optional :operator, :enum, 1, "cerbos.engine.v1.PlanResourcesAst.LogicalOperation.Operator", json_name: "operator"
+      repeated :nodes, :message, 2, "cerbos.engine.v1.PlanResourcesAst.Node", json_name: "nodes"
+    end
+    add_enum "cerbos.engine.v1.PlanResourcesAst.LogicalOperation.Operator" do
+      value :OPERATOR_UNSPECIFIED, 0
+      value :OPERATOR_AND, 1
+      value :OPERATOR_OR, 2
+      value :OPERATOR_NOT, 3
+    end
+    add_message "cerbos.engine.v1.PlanResourcesFilter" do
+      optional :kind, :enum, 1, "cerbos.engine.v1.PlanResourcesFilter.Kind", json_name: "kind"
+      optional :condition, :message, 2, "cerbos.engine.v1.PlanResourcesFilter.Expression.Operand", json_name: "condition"
+    end
+    add_message "cerbos.engine.v1.PlanResourcesFilter.Expression" do
+      optional :operator, :string, 1, json_name: "operator"
+      repeated :operands, :message, 2, "cerbos.engine.v1.PlanResourcesFilter.Expression.Operand", json_name: "operands"
+    end
+    add_message "cerbos.engine.v1.PlanResourcesFilter.Expression.Operand" do
+      oneof :node do
+        optional :value, :message, 1, "google.protobuf.Value", json_name: "value"
+        optional :expression, :message, 2, "cerbos.engine.v1.PlanResourcesFilter.Expression", json_name: "expression"
+        optional :variable, :string, 3, json_name: "variable"
+      end
+    end
+    add_enum "cerbos.engine.v1.PlanResourcesFilter.Kind" do
+      value :KIND_UNSPECIFIED, 0
+      value :KIND_ALWAYS_ALLOWED, 1
+      value :KIND_ALWAYS_DENIED, 2
+      value :KIND_CONDITIONAL, 3
+    end
+    add_message "cerbos.engine.v1.PlanResourcesOutput" do
+      optional :request_id, :string, 1, json_name: "requestId"
+      optional :action, :string, 2, json_name: "action"
+      optional :kind, :string, 3, json_name: "kind"
+      optional :policy_version, :string, 4, json_name: "policyVersion"
+      optional :scope, :string, 5, json_name: "scope"
+      optional :filter, :message, 6, "cerbos.engine.v1.PlanResourcesFilter", json_name: "filter"
+      optional :filter_debug, :string, 7, json_name: "filterDebug"
+      repeated :validation_errors, :message, 8, "cerbos.schema.v1.ValidationError", json_name: "validationErrors"
+    end
     add_message "cerbos.engine.v1.CheckInput" do
       optional :request_id, :string, 1, json_name: "requestId"
       optional :resource, :message, 2, "cerbos.engine.v1.Resource", json_name: "resource"
@@ -46,30 +96,6 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :policy, :string, 2, json_name: "policy"
       optional :scope, :string, 3, json_name: "scope"
     end
-    add_message "cerbos.engine.v1.PlanResourcesOutput" do
-      optional :request_id, :string, 1, json_name: "requestId"
-      optional :action, :string, 2, json_name: "action"
-      optional :kind, :string, 3, json_name: "kind"
-      optional :policy_version, :string, 4, json_name: "policyVersion"
-      optional :scope, :string, 5, json_name: "scope"
-      optional :filter, :message, 6, "cerbos.engine.v1.PlanResourcesOutput.Node", json_name: "filter"
-    end
-    add_message "cerbos.engine.v1.PlanResourcesOutput.Node" do
-      oneof :node do
-        optional :logical_operation, :message, 1, "cerbos.engine.v1.PlanResourcesOutput.LogicalOperation", json_name: "logicalOperation"
-        optional :expression, :message, 2, "google.api.expr.v1alpha1.CheckedExpr", json_name: "expression"
-      end
-    end
-    add_message "cerbos.engine.v1.PlanResourcesOutput.LogicalOperation" do
-      optional :operator, :enum, 1, "cerbos.engine.v1.PlanResourcesOutput.LogicalOperation.Operator", json_name: "operator"
-      repeated :nodes, :message, 2, "cerbos.engine.v1.PlanResourcesOutput.Node", json_name: "nodes"
-    end
-    add_enum "cerbos.engine.v1.PlanResourcesOutput.LogicalOperation.Operator" do
-      value :OPERATOR_UNSPECIFIED, 0
-      value :OPERATOR_AND, 1
-      value :OPERATOR_OR, 2
-      value :OPERATOR_NOT, 3
-    end
     add_message "cerbos.engine.v1.Resource" do
       optional :kind, :string, 1, json_name: "kind"
       optional :policy_version, :string, 2, json_name: "policyVersion"
@@ -143,15 +169,20 @@ end
 module Cerbos::Protobuf::Cerbos
   module Engine
     module V1
-      PlanResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesRequest").msgclass
-      PlanResourcesRequest::Resource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesRequest.Resource").msgclass
+      PlanResourcesInput = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesInput").msgclass
+      PlanResourcesInput::Resource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesInput.Resource").msgclass
+      PlanResourcesAst = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesAst").msgclass
+      PlanResourcesAst::Node = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesAst.Node").msgclass
+      PlanResourcesAst::LogicalOperation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesAst.LogicalOperation").msgclass
+      PlanResourcesAst::LogicalOperation::Operator = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesAst.LogicalOperation.Operator").enummodule
+      PlanResourcesFilter = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesFilter").msgclass
+      PlanResourcesFilter::Expression = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesFilter.Expression").msgclass
+      PlanResourcesFilter::Expression::Operand = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesFilter.Expression.Operand").msgclass
+      PlanResourcesFilter::Kind = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesFilter.Kind").enummodule
+      PlanResourcesOutput = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesOutput").msgclass
       CheckInput = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.CheckInput").msgclass
       CheckOutput = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.CheckOutput").msgclass
       CheckOutput::ActionEffect = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.CheckOutput.ActionEffect").msgclass
-      PlanResourcesOutput = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesOutput").msgclass
-      PlanResourcesOutput::Node = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesOutput.Node").msgclass
-      PlanResourcesOutput::LogicalOperation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesOutput.LogicalOperation").msgclass
-      PlanResourcesOutput::LogicalOperation::Operator = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesOutput.LogicalOperation.Operator").enummodule
       Resource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.Resource").msgclass
       Principal = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.Principal").msgclass
       AuxData = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.AuxData").msgclass

data/lib/cerbos/protobuf/cerbos/request/v1/request_pb.rb

@@ -19,7 +19,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :request_id, :string, 1, json_name: "requestId"
       optional :action, :string, 2, json_name: "action"
       optional :principal, :message, 3, "cerbos.engine.v1.Principal", json_name: "principal"
-      optional :resource, :message, 4, "cerbos.engine.v1.PlanResourcesRequest.Resource", json_name: "resource"
+      optional :resource, :message, 4, "cerbos.engine.v1.PlanResourcesInput.Resource", json_name: "resource"
       optional :aux_data, :message, 5, "cerbos.request.v1.AuxData", json_name: "auxData"
       optional :include_meta, :bool, 6, json_name: "includeMeta"
     end

data/lib/cerbos/protobuf/cerbos/response/v1/response_pb.rb

@@ -5,10 +5,10 @@ require 'google/protobuf'
 
 require 'cerbos/protobuf/cerbos/audit/v1/audit_pb'
 require 'cerbos/protobuf/cerbos/effect/v1/effect_pb'
+require 'cerbos/protobuf/cerbos/engine/v1/engine_pb'
 require 'cerbos/protobuf/cerbos/policy/v1/policy_pb'
 require 'cerbos/protobuf/cerbos/schema/v1/schema_pb'
 require 'google/protobuf/empty_pb'
-require 'google/protobuf/struct_pb'
 require 'cerbos/protobuf/protoc-gen-openapiv2/options/annotations_pb'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
@@ -18,29 +18,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :action, :string, 2, json_name: "action"
       optional :resource_kind, :string, 3, json_name: "resourceKind"
       optional :policy_version, :string, 4, json_name: "policyVersion"
-      optional :filter, :message, 5, "cerbos.response.v1.PlanResourcesResponse.Filter", json_name: "filter"
+      optional :filter, :message, 5, "cerbos.engine.v1.PlanResourcesFilter", json_name: "filter"
       optional :meta, :message, 6, "cerbos.response.v1.PlanResourcesResponse.Meta", json_name: "meta"
-    end
-    add_message "cerbos.response.v1.PlanResourcesResponse.Expression" do
-      optional :operator, :string, 1, json_name: "operator"
-      repeated :operands, :message, 2, "cerbos.response.v1.PlanResourcesResponse.Expression.Operand", json_name: "operands"
-    end
-    add_message "cerbos.response.v1.PlanResourcesResponse.Expression.Operand" do
-      oneof :node do
-        optional :value, :message, 1, "google.protobuf.Value", json_name: "value"
-        optional :expression, :message, 2, "cerbos.response.v1.PlanResourcesResponse.Expression", json_name: "expression"
-        optional :variable, :string, 3, json_name: "variable"
-      end
-    end
-    add_message "cerbos.response.v1.PlanResourcesResponse.Filter" do
-      optional :kind, :enum, 1, "cerbos.response.v1.PlanResourcesResponse.Filter.Kind", json_name: "kind"
-      optional :condition, :message, 2, "cerbos.response.v1.PlanResourcesResponse.Expression.Operand", json_name: "condition"
-    end
-    add_enum "cerbos.response.v1.PlanResourcesResponse.Filter.Kind" do
-      value :KIND_UNSPECIFIED, 0
-      value :KIND_ALWAYS_ALLOWED, 1
-      value :KIND_ALWAYS_DENIED, 2
-      value :KIND_CONDITIONAL, 3
+      repeated :validation_errors, :message, 7, "cerbos.schema.v1.ValidationError", json_name: "validationErrors"
     end
     add_message "cerbos.response.v1.PlanResourcesResponse.Meta" do
       optional :filter_debug, :string, 1, json_name: "filterDebug"
@@ -189,10 +169,6 @@ module Cerbos::Protobuf::Cerbos
   module Response
     module V1
       PlanResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.response.v1.PlanResourcesResponse").msgclass
-      PlanResourcesResponse::Expression = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.response.v1.PlanResourcesResponse.Expression").msgclass
-      PlanResourcesResponse::Expression::Operand = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.response.v1.PlanResourcesResponse.Expression.Operand").msgclass
-      PlanResourcesResponse::Filter = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.response.v1.PlanResourcesResponse.Filter").msgclass
-      PlanResourcesResponse::Filter::Kind = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.response.v1.PlanResourcesResponse.Filter.Kind").enummodule
       PlanResourcesResponse::Meta = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.response.v1.PlanResourcesResponse.Meta").msgclass
       CheckResourceSetResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.response.v1.CheckResourceSetResponse").msgclass
       CheckResourceSetResponse::ActionEffectMap = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.response.v1.CheckResourceSetResponse.ActionEffectMap").msgclass

data/lib/cerbos/protobuf/cerbos/telemetry/v1/telemetry_pb.rb

@@ -7,93 +7,117 @@ require 'google/protobuf/duration_pb'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("cerbos/telemetry/v1/telemetry.proto", :syntax => :proto3) do
-    add_message "cerbos.telemetry.v1.Ping" do
+    add_message "cerbos.telemetry.v1.ServerLaunch" do
       optional :version, :string, 1, json_name: "version"
-      optional :source, :message, 2, "cerbos.telemetry.v1.Ping.Source", json_name: "source"
-      optional :features, :message, 3, "cerbos.telemetry.v1.Ping.Features", json_name: "features"
-      optional :stats, :message, 4, "cerbos.telemetry.v1.Ping.Stats", json_name: "stats"
+      optional :source, :message, 2, "cerbos.telemetry.v1.ServerLaunch.Source", json_name: "source"
+      optional :features, :message, 3, "cerbos.telemetry.v1.ServerLaunch.Features", json_name: "features"
+      optional :stats, :message, 4, "cerbos.telemetry.v1.ServerLaunch.Stats", json_name: "stats"
     end
-    add_message "cerbos.telemetry.v1.Ping.Cerbos" do
+    add_message "cerbos.telemetry.v1.ServerLaunch.Cerbos" do
       optional :version, :string, 1, json_name: "version"
       optional :commit, :string, 2, json_name: "commit"
       optional :build_date, :string, 3, json_name: "buildDate"
       optional :module_version, :string, 4, json_name: "moduleVersion"
       optional :module_checksum, :string, 5, json_name: "moduleChecksum"
     end
-    add_message "cerbos.telemetry.v1.Ping.Source" do
-      optional :cerbos, :message, 1, "cerbos.telemetry.v1.Ping.Cerbos", json_name: "cerbos"
+    add_message "cerbos.telemetry.v1.ServerLaunch.Source" do
+      optional :cerbos, :message, 1, "cerbos.telemetry.v1.ServerLaunch.Cerbos", json_name: "cerbos"
       optional :os, :string, 2, json_name: "os"
       optional :arch, :string, 3, json_name: "arch"
       optional :num_cpus, :uint32, 4, json_name: "numCpus"
     end
-    add_message "cerbos.telemetry.v1.Ping.Features" do
-      optional :audit, :message, 1, "cerbos.telemetry.v1.Ping.Features.Audit", json_name: "audit"
-      optional :schema, :message, 2, "cerbos.telemetry.v1.Ping.Features.Schema", json_name: "schema"
-      optional :admin_api, :message, 3, "cerbos.telemetry.v1.Ping.Features.AdminApi", json_name: "adminApi"
-      optional :storage, :message, 4, "cerbos.telemetry.v1.Ping.Features.Storage", json_name: "storage"
+    add_message "cerbos.telemetry.v1.ServerLaunch.Features" do
+      optional :audit, :message, 1, "cerbos.telemetry.v1.ServerLaunch.Features.Audit", json_name: "audit"
+      optional :schema, :message, 2, "cerbos.telemetry.v1.ServerLaunch.Features.Schema", json_name: "schema"
+      optional :admin_api, :message, 3, "cerbos.telemetry.v1.ServerLaunch.Features.AdminApi", json_name: "adminApi"
+      optional :storage, :message, 4, "cerbos.telemetry.v1.ServerLaunch.Features.Storage", json_name: "storage"
     end
-    add_message "cerbos.telemetry.v1.Ping.Features.Audit" do
+    add_message "cerbos.telemetry.v1.ServerLaunch.Features.Audit" do
       optional :enabled, :bool, 1, json_name: "enabled"
       optional :backend, :string, 2, json_name: "backend"
     end
-    add_message "cerbos.telemetry.v1.Ping.Features.Schema" do
+    add_message "cerbos.telemetry.v1.ServerLaunch.Features.Schema" do
       optional :enforcement, :string, 1, json_name: "enforcement"
     end
-    add_message "cerbos.telemetry.v1.Ping.Features.AdminApi" do
+    add_message "cerbos.telemetry.v1.ServerLaunch.Features.AdminApi" do
       optional :enabled, :bool, 1, json_name: "enabled"
     end
-    add_message "cerbos.telemetry.v1.Ping.Features.Storage" do
+    add_message "cerbos.telemetry.v1.ServerLaunch.Features.Storage" do
       optional :driver, :string, 1, json_name: "driver"
       oneof :store do
-        optional :disk, :message, 2, "cerbos.telemetry.v1.Ping.Features.Storage.Disk", json_name: "disk"
-        optional :git, :message, 3, "cerbos.telemetry.v1.Ping.Features.Storage.Git", json_name: "git"
-        optional :blob, :message, 4, "cerbos.telemetry.v1.Ping.Features.Storage.Blob", json_name: "blob"
+        optional :disk, :message, 2, "cerbos.telemetry.v1.ServerLaunch.Features.Storage.Disk", json_name: "disk"
+        optional :git, :message, 3, "cerbos.telemetry.v1.ServerLaunch.Features.Storage.Git", json_name: "git"
+        optional :blob, :message, 4, "cerbos.telemetry.v1.ServerLaunch.Features.Storage.Blob", json_name: "blob"
       end
     end
-    add_message "cerbos.telemetry.v1.Ping.Features.Storage.Disk" do
+    add_message "cerbos.telemetry.v1.ServerLaunch.Features.Storage.Disk" do
       optional :watch, :bool, 1, json_name: "watch"
     end
-    add_message "cerbos.telemetry.v1.Ping.Features.Storage.Git" do
+    add_message "cerbos.telemetry.v1.ServerLaunch.Features.Storage.Git" do
       optional :protocol, :string, 1, json_name: "protocol"
       optional :auth, :bool, 2, json_name: "auth"
       optional :poll_interval, :message, 3, "google.protobuf.Duration", json_name: "pollInterval"
     end
-    add_message "cerbos.telemetry.v1.Ping.Features.Storage.Blob" do
+    add_message "cerbos.telemetry.v1.ServerLaunch.Features.Storage.Blob" do
       optional :provider, :string, 1, json_name: "provider"
       optional :poll_interval, :message, 2, "google.protobuf.Duration", json_name: "pollInterval"
     end
-    add_message "cerbos.telemetry.v1.Ping.Stats" do
-      optional :policy, :message, 1, "cerbos.telemetry.v1.Ping.Stats.Policy", json_name: "policy"
-      optional :schema, :message, 2, "cerbos.telemetry.v1.Ping.Stats.Schema", json_name: "schema"
+    add_message "cerbos.telemetry.v1.ServerLaunch.Stats" do
+      optional :policy, :message, 1, "cerbos.telemetry.v1.ServerLaunch.Stats.Policy", json_name: "policy"
+      optional :schema, :message, 2, "cerbos.telemetry.v1.ServerLaunch.Stats.Schema", json_name: "schema"
     end
-    add_message "cerbos.telemetry.v1.Ping.Stats.Policy" do
+    add_message "cerbos.telemetry.v1.ServerLaunch.Stats.Policy" do
       map :count, :string, :uint32, 1
       map :avg_rule_count, :string, :double, 2
       map :avg_condition_count, :string, :double, 3
     end
-    add_message "cerbos.telemetry.v1.Ping.Stats.Schema" do
+    add_message "cerbos.telemetry.v1.ServerLaunch.Stats.Schema" do
       optional :count, :uint32, 1, json_name: "count"
     end
+    add_message "cerbos.telemetry.v1.ServerStop" do
+      optional :version, :string, 1, json_name: "version"
+      optional :uptime, :message, 2, "google.protobuf.Duration", json_name: "uptime"
+      optional :requests_total, :uint64, 3, json_name: "requestsTotal"
+    end
+    add_message "cerbos.telemetry.v1.Event" do
+      oneof :data do
+        optional :api_activity, :message, 1, "cerbos.telemetry.v1.Event.ApiActivity", json_name: "apiActivity"
+      end
+    end
+    add_message "cerbos.telemetry.v1.Event.CountStat" do
+      optional :key, :string, 1, json_name: "key"
+      optional :count, :uint64, 2, json_name: "count"
+    end
+    add_message "cerbos.telemetry.v1.Event.ApiActivity" do
+      optional :version, :string, 1, json_name: "version"
+      optional :uptime, :message, 2, "google.protobuf.Duration", json_name: "uptime"
+      repeated :method_calls, :message, 3, "cerbos.telemetry.v1.Event.CountStat", json_name: "methodCalls"
+      repeated :user_agents, :message, 4, "cerbos.telemetry.v1.Event.CountStat", json_name: "userAgents"
+    end
   end
 end
 
 module Cerbos::Protobuf::Cerbos
   module Telemetry
     module V1
-      Ping = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.Ping").msgclass
-      Ping::Cerbos = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.Ping.Cerbos").msgclass
-      Ping::Source = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.Ping.Source").msgclass
-      Ping::Features = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.Ping.Features").msgclass
-      Ping::Features::Audit = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.Ping.Features.Audit").msgclass
-      Ping::Features::Schema = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.Ping.Features.Schema").msgclass
-      Ping::Features::AdminApi = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.Ping.Features.AdminApi").msgclass
-      Ping::Features::Storage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.Ping.Features.Storage").msgclass
-      Ping::Features::Storage::Disk = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.Ping.Features.Storage.Disk").msgclass
-      Ping::Features::Storage::Git = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.Ping.Features.Storage.Git").msgclass
-      Ping::Features::Storage::Blob = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.Ping.Features.Storage.Blob").msgclass
-      Ping::Stats = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.Ping.Stats").msgclass
-      Ping::Stats::Policy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.Ping.Stats.Policy").msgclass
-      Ping::Stats::Schema = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.Ping.Stats.Schema").msgclass
+      ServerLaunch = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch").msgclass
+      ServerLaunch::Cerbos = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Cerbos").msgclass
+      ServerLaunch::Source = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Source").msgclass
+      ServerLaunch::Features = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Features").msgclass
+      ServerLaunch::Features::Audit = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Features.Audit").msgclass
+      ServerLaunch::Features::Schema = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Features.Schema").msgclass
+      ServerLaunch::Features::AdminApi = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Features.AdminApi").msgclass
+      ServerLaunch::Features::Storage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Features.Storage").msgclass
+      ServerLaunch::Features::Storage::Disk = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Features.Storage.Disk").msgclass
+      ServerLaunch::Features::Storage::Git = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Features.Storage.Git").msgclass
+      ServerLaunch::Features::Storage::Blob = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Features.Storage.Blob").msgclass
+      ServerLaunch::Stats = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Stats").msgclass
+      ServerLaunch::Stats::Policy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Stats.Policy").msgclass
+      ServerLaunch::Stats::Schema = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Stats.Schema").msgclass
+      ServerStop = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerStop").msgclass
+      Event = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.Event").msgclass
+      Event::CountStat = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.Event.CountStat").msgclass
+      Event::ApiActivity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.Event.ApiActivity").msgclass
     end
   end
 end

data/lib/cerbos/version.rb

@@ -2,5 +2,5 @@
 
 module Cerbos
   # Current version of the `cerbos` gem.
-  VERSION = "0.3.0"
+  VERSION = "0.6.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cerbos
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Cerbos
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-05-13 00:00:00.000000000 Z
+date: 2022-07-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: grpc
@@ -53,6 +53,7 @@ files:
 - lib/cerbos/output/check_resources.rb
 - lib/cerbos/output/plan_resources.rb
 - lib/cerbos/output/server_info.rb
+- lib/cerbos/output/validation_error.rb
 - lib/cerbos/protobuf.rb
 - lib/cerbos/protobuf/cerbos/audit/v1/audit_pb.rb
 - lib/cerbos/protobuf/cerbos/effect/v1/effect_pb.rb
@@ -81,7 +82,7 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/cerbos/cerbos-sdk-ruby/issues
   changelog_uri: https://github.com/cerbos/cerbos-sdk-ruby/blob/main/CHANGELOG.md
-  documentation_uri: https://www.rubydoc.info/gems/cerbos/0.3.0
+  documentation_uri: https://www.rubydoc.info/gems/cerbos/0.6.0
   homepage_uri: https://github.com/cerbos/cerbos-sdk-ruby
   source_code_uri: https://github.com/cerbos/cerbos-sdk-ruby
   rubygems_mfa_required: 'true'
@@ -100,7 +101,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.13
+rubygems_version: 3.3.17
 signing_key:
 specification_version: 4
 summary: Client library for authorization via Cerbos