cerbos 0.7.0 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '09d04980a1c08690efeeac6d04608e47e18def9b0f2ab6a5c256b4b22576464d'
-  data.tar.gz: 61968be4473d1a480979d9e2d2af05f0911f1d8b4a8c90947d8dce72910565f7
+  metadata.gz: d1ba4a17419c03f18f05118b26ae2e829d3d2fbeb7548fea051604e3e5e99e42
+  data.tar.gz: 73cf8dbb7882ff2cc5fdf658670e3cf6783a480cb71d3eeb634c8f5b499dc789
 SHA512:
-  metadata.gz: 788ca1b6ff6c4e3a1ea71c791fef64f5802a89423d21dba5da7f91f7fc697ff91f1aa7ebcedab4d4bde807c531b3b13b4ac5e95a53b93d76c79077e214ecd54b
-  data.tar.gz: 2115919d8cb958b0c347c09710d780d7748fec5933f65f4e91d2af7c937ec0e151ad7cfa808526213a788839ea8360fcfa153b94b9574d9ce6facabdca56fab1
+  metadata.gz: 96a39b78eb78562136a31c343e37e6c4b570d04b9db4ba1817915b61f32047c24b32a34d3e24d770a15175d85254979c7baa7ec5fff012c59dd77b4fe2f872da
+  data.tar.gz: b68d5d6670f99314af88087b9a1b225e8fc35c9d0f788d8c17edaf4fc06fcf312cfa651a977210a33bc8e320d0493a1e998597f2fec58bdecee527e92fc379f8

data/CHANGELOG.md

@@ -2,6 +2,27 @@
 
 No notable changes.
 
+## [0.9.0] - 2024-06-10
+
+### Changed
+
+- Use `attr` for principal and resource attributes ([#157](https://github.com/cerbos/cerbos-sdk-ruby/pull/157))
+
+  This makes the API consistent with policy expressions.
+  `attributes` is still supported for backwards compatibility, but is now deprecated.
+
+- Increased [`google-protobuf`] version requirement to 3.21.12+ to avoid [failure to load `protovalidate` extension field descriptors](https://github.com/protocolbuffers/upb/pull/1034) ([#159](https://github.com/cerbos/cerbos-sdk-ruby/pull/159))
+
+### Removed
+
+- Support for Ruby 3.0 ([#158](https://github.com/cerbos/cerbos-sdk-ruby/pull/158))
+
+## [0.8.0] - 2024-01-12
+
+### Added
+
+- `grpc_metadata` option to `Cerbos::Client` constructor and request methods to add gRPC metadata (a.k.a. HTTP headers) to requests to the policy decision point ([#132](https://github.com/cerbos/cerbos-sdk-ruby/pull/132))
+
 ## [0.7.0] - 2023-06-07
 
 ### Added
@@ -60,7 +81,7 @@ No notable changes.
 
 ### Changed
 
-- Increased `grpc` version requirement to 1.46+ to avoid [installing a native gem compiled for `x86_64-darwin` on `arm64-darwin`](https://github.com/grpc/grpc/issues/29100) ([#8](https://github.com/cerbos/cerbos-sdk-ruby/pull/8))
+- Increased [`grpc`] version requirement to 1.46+ to avoid [installing a native gem compiled for `x86_64-darwin` on `arm64-darwin`](https://github.com/grpc/grpc/issues/29100) ([#8](https://github.com/cerbos/cerbos-sdk-ruby/pull/8))
 
 ## [0.1.0] - 2022-05-12
 
@@ -68,7 +89,9 @@ No notable changes.
 
 - Initial implementation of `Cerbos::Client` ([#2](https://github.com/cerbos/cerbos-sdk-ruby/pull/2))
 
-[Unreleased]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.7.0...HEAD
+[Unreleased]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.9.0...HEAD
+[0.9.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.8.0...v0.9.0
+[0.8.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.7.0...v0.8.0
 [0.7.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.6.1...v0.7.0
 [0.6.1]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.6.0...v0.6.1
 [0.6.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.5.0...v0.6.0
@@ -77,3 +100,5 @@ No notable changes.
 [0.3.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.2.0...v0.3.0
 [0.2.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.1.0...v0.2.0
 [0.1.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/4481009e9dec2e1e6a2df8ea2f828690ceabbefc...v0.1.0
+[`google-protobuf`]: https://rubygems.org/gems/google-protobuf
+[`grpc`]: https://rubygems.org/gems/grpc

data/README.md

@@ -12,7 +12,7 @@ The Cerbos Ruby SDK makes it easy to interact with the Cerbos PDP from your Ruby
 ## Prerequisites
 
 - Cerbos 0.16+
-- Ruby 3.0+
+- Ruby 3.1+
 
 ## Installation
 
@@ -41,7 +41,7 @@ decision = client.check_resource(
   resource: {
     kind: "document",
     id: "1",
-    attributes: {
+    attr: {
       owner: "author@example.com"
     }
   },

data/cerbos.gemspec

@@ -31,6 +31,7 @@ Gem::Specification.new do |spec|
     "yard_extensions.rb"
   ]
 
-  spec.required_ruby_version = ">= 3.0.0"
+  spec.required_ruby_version = ">= 3.1.0"
   spec.add_dependency "grpc", "~> 1.46"
+  spec.add_dependency "google-protobuf", [">= 3.21.12", "< 4.0"]
 end

data/lib/cerbos/client.rb

@@ -4,14 +4,22 @@ module Cerbos
   # A client for interacting with the Cerbos policy decision point (PDP) server over gRPC.
   #
   # An instance of the client may be shared between threads.
-  # However, due to [an issue in the underlying `grpc` gem](https://github.com/grpc/grpc/issues/8798), it's not possible to use the client before and after process forks.
-  # If your application runs on a forking webserver (for example, Puma in clustered mode), then you'll need to ensure that you only create client instances in the child (worker) processes.
+  #
+  # Due to [a limitation in the underlying `grpc` gem](https://github.com/grpc/grpc/issues/8798), creating a client instance before a process fork is [only (experimentally) supported on Linux](https://github.com/grpc/grpc/pull/33430) and requires you to
+  # - have at least v1.57.0 of the `grpc` gem installed,
+  # - set the `GRPC_ENABLE_FORK_SUPPORT` environment variable to `1`,
+  # - call `GRPC.prefork` before forking,
+  # - call `GRPC.postfork_parent` in the parent process after forking, and
+  # - call `GRPC.postfork_child` in the child processes after forking.
+  #
+  # Otherwise, if your application runs on a forking webserver (for example, Puma in clustered mode), then you'll need to ensure that you only create client instances in the child (worker) processes.
   class Client
     # Create a client for interacting with the Cerbos PDP server over gRPC.
     #
     # @param target [String] Cerbos PDP server address (`"host"`, `"host:port"`, or `"unix:/path/to/socket"`).
     # @param tls [TLS, MutualTLS, false] gRPC connection encryption settings (`false` for plaintext).
     # @param grpc_channel_args [Hash{String, Symbol => String, Integer}] low-level settings for the gRPC channel (see [available keys in the gRPC documentation](https://grpc.github.io/grpc/core/group__grpc__arg__keys.html)).
+    # @param grpc_metadata [Hash{String, Symbol => String, Array<String>}] gRPC metadata (a.k.a. HTTP headers) to add to every request to the PDP.
     # @param on_validation_error [:return, :raise, #call] action to take when input fails schema validation (`:return` to return the validation errors in the response, `:raise` to raise {Error::ValidationFailed}, or a callback to invoke).
     # @param playground_instance [String, nil] identifier of the playground instance to use when prototyping against the hosted demo PDP.
     # @param timeout [Numeric, nil] timeout for gRPC calls, in seconds (`nil` to never time out).
@@ -30,7 +38,8 @@ module Cerbos
     #
     # @example Invoke a callback when input fails schema validation
     #   client = Cerbos::Client.new("localhost:3593", tls: false, on_validation_error: ->(validation_errors) { do_something_with validation_errors })
-    def initialize(target, tls:, grpc_channel_args: {}, on_validation_error: :return, playground_instance: nil, timeout: nil)
+    def initialize(target, tls:, grpc_channel_args: {}, grpc_metadata: {}, on_validation_error: :return, playground_instance: nil, timeout: nil)
+      @grpc_metadata = grpc_metadata.transform_keys(&:to_sym)
       @on_validation_error = on_validation_error
 
       handle_errors do
@@ -60,6 +69,7 @@ module Cerbos
     # @param action [String] the action to check.
     # @param aux_data [Input::AuxData, Hash, nil] auxiliary data.
     # @param request_id [String] identifier for tracing the request.
+    # @param grpc_metadata [Hash{String, Symbol => String, Array<String>}] gRPC metadata (a.k.a. HTTP headers) to add to the request.
     #
     # @return [Boolean]
     #
@@ -69,13 +79,14 @@ module Cerbos
     #     resource: {kind: "document", id: "1"},
     #     action: "view"
     #   ) # => true
-    def allow?(principal:, resource:, action:, aux_data: nil, request_id: SecureRandom.uuid)
+    def allow?(principal:, resource:, action:, aux_data: nil, request_id: SecureRandom.uuid, grpc_metadata: {})
       check_resource(
         principal: principal,
         resource: resource,
         actions: [action],
         aux_data: aux_data,
-        request_id: request_id
+        request_id: request_id,
+        grpc_metadata: grpc_metadata
       ).allow?(action)
     end
 
@@ -87,6 +98,7 @@ module Cerbos
     # @param aux_data [Input::AuxData, Hash, nil] auxiliary data.
     # @param include_metadata [Boolean] `true` to include additional metadata ({Output::CheckResources::Result::Metadata}) in the results.
     # @param request_id [String] identifier for tracing the request.
+    # @param grpc_metadata [Hash{String, Symbol => String, Array<String>}] gRPC metadata (a.k.a. HTTP headers) to add to the request.
     #
     # @return [Output::CheckResources::Result]
     #
@@ -98,14 +110,15 @@ module Cerbos
     #   )
     #
     #   decision.allow?("view") # => true
-    def check_resource(principal:, resource:, actions:, aux_data: nil, include_metadata: false, request_id: SecureRandom.uuid)
+    def check_resource(principal:, resource:, actions:, aux_data: nil, include_metadata: false, request_id: SecureRandom.uuid, grpc_metadata: {})
       handle_errors do
         check_resources(
           principal: principal,
           resources: [Input::ResourceCheck.new(resource: resource, actions: actions)],
           aux_data: aux_data,
           include_metadata: include_metadata,
-          request_id: request_id
+          request_id: request_id,
+          grpc_metadata: grpc_metadata
         ).find_result(resource)
       end
     end
@@ -117,6 +130,7 @@ module Cerbos
     # @param aux_data [Input::AuxData, Hash, nil] auxiliary data.
     # @param include_metadata [Boolean] `true` to include additional metadata ({Output::CheckResources::Result::Metadata}) in the results.
     # @param request_id [String] identifier for tracing the request.
+    # @param grpc_metadata [Hash{String, Symbol => String, Array<String>}] gRPC metadata (a.k.a. HTTP headers) to add to the request.
     #
     # @return [Output::CheckResources]
     #
@@ -136,7 +150,7 @@ module Cerbos
     #   )
     #
     #   decision.allow?(resource: {kind: "document", id: "1"}, action: "view") # => true
-    def check_resources(principal:, resources:, aux_data: nil, include_metadata: false, request_id: SecureRandom.uuid)
+    def check_resources(principal:, resources:, aux_data: nil, include_metadata: false, request_id: SecureRandom.uuid, grpc_metadata: {})
       handle_errors do
         request = Protobuf::Cerbos::Request::V1::CheckResourcesRequest.new(
           principal: Input.coerce_required(principal, Input::Principal).to_protobuf,
@@ -146,7 +160,7 @@ module Cerbos
           request_id: request_id
         )
 
-        response = perform_request(@cerbos_service, :check_resources, request)
+        response = perform_request(@cerbos_service, :check_resources, request, grpc_metadata)
 
         Output::CheckResources.from_protobuf(response).tap do |output|
           handle_validation_errors output
@@ -162,6 +176,7 @@ module Cerbos
     # @param aux_data [Input::AuxData, Hash, nil] auxiliary data.
     # @param include_metadata [Boolean] `true` to include additional metadata ({Output::CheckResources::Result::Metadata}) in the results.
     # @param request_id [String] identifier for tracing the request.
+    # @param grpc_metadata [Hash{String, Symbol => String, Array<String>}] gRPC metadata (a.k.a. HTTP headers) to add to the request.
     #
     # @return [Output::PlanResources]
     #
@@ -174,7 +189,7 @@ module Cerbos
     #
     #   plan.conditional? # => true
     #   plan.condition # => #<Cerbos::Output::PlanResources::Expression ...>
-    def plan_resources(principal:, resource:, action:, aux_data: nil, include_metadata: false, request_id: SecureRandom.uuid)
+    def plan_resources(principal:, resource:, action:, aux_data: nil, include_metadata: false, request_id: SecureRandom.uuid, grpc_metadata: {})
       handle_errors do
         request = Protobuf::Cerbos::Request::V1::PlanResourcesRequest.new(
           principal: Input.coerce_required(principal, Input::Principal).to_protobuf,
@@ -185,7 +200,7 @@ module Cerbos
           request_id: request_id
         )
 
-        response = perform_request(@cerbos_service, :plan_resources, request)
+        response = perform_request(@cerbos_service, :plan_resources, request, grpc_metadata)
 
         Output::PlanResources.from_protobuf(response).tap do |output|
           handle_validation_errors output
@@ -195,12 +210,14 @@ module Cerbos
 
     # Retrieve information about the Cerbos PDP server.
     #
+    # @param grpc_metadata [Hash{String, Symbol => String, Array<String>}] gRPC metadata (a.k.a. HTTP headers) to add to the request.
+    #
     # @return [Output::ServerInfo]
-    def server_info
+    def server_info(grpc_metadata: {})
       handle_errors do
         request = Protobuf::Cerbos::Request::V1::ServerInfoRequest.new
 
-        response = perform_request(@cerbos_service, :server_info, request)
+        response = perform_request(@cerbos_service, :server_info, request, grpc_metadata)
 
         Output::ServerInfo.from_protobuf(response)
       end
@@ -231,8 +248,8 @@ module Cerbos
       @on_validation_error.call validation_errors
     end
 
-    def perform_request(service, rpc, request)
-      service.public_send(rpc, request)
+    def perform_request(service, rpc, request, metadata)
+      service.public_send(rpc, request, metadata: @grpc_metadata.merge(metadata.transform_keys(&:to_sym)))
     end
   end
 end

data/lib/cerbos/error.rb

@@ -12,7 +12,7 @@ module Cerbos
 
       # @private
       def initialize(validation_errors)
-        super "Input failed schema validation"
+        super("Input failed schema validation")
 
         @validation_errors = validation_errors
       end
@@ -48,7 +48,7 @@ module Cerbos
 
       # @private
       def initialize(code:, details:, metadata: {})
-        super "gRPC error #{code}: #{details}"
+        super("gRPC error #{code}: #{details}")
 
         @code = code
         @details = details

data/lib/cerbos/input/principal.rb

@@ -17,7 +17,7 @@ module Cerbos
       # Application-specific attributes describing the principal.
       #
       # @return [Attributes]
-      attr_reader :attributes
+      attr_reader :attr
 
       # The policy version to use when authorizing the principal.
       #
@@ -37,23 +37,38 @@ module Cerbos
       #
       # @param id [String] a unique identifier for the principal.
       # @param roles [Array<String>] the roles held by the principal.
-      # @param attributes [Attributes, Hash] application-specific attributes describing the principal.
+      # @param attr [Attributes, Hash] application-specific attributes describing the principal.
+      # @param attributes [Attributes, Hash] deprecated (use `attr` instead).
       # @param policy_version [String, nil] the policy version to use when authorizing the principal (`nil` to use the Cerbos policy decision point server's configured default version).
       # @param scope [String, nil] the policy scope to use when authorizing the principal.
-      def initialize(id:, roles:, attributes: {}, policy_version: nil, scope: nil)
+      def initialize(id:, roles:, attr: {}, attributes: nil, policy_version: nil, scope: nil)
+        unless attributes.nil?
+          Cerbos.deprecation_warning "The `attributes` keyword argument is deprecated. Use `attr` instead."
+          attr = attributes
+        end
+
         @id = id
         @roles = roles
-        @attributes = Input.coerce_required(attributes, Attributes)
+        @attr = Input.coerce_required(attr, Attributes)
         @policy_version = policy_version
         @scope = scope
       end
 
+      # Application-specific attributes describing the principal.
+      #
+      # @deprecated Use {#attr} instead.
+      # @return [Attributes]
+      def attributes
+        Cerbos.deprecation_warning "The `attributes` method is deprecated. Use `attr` instead."
+        attr
+      end
+
       # @private
       def to_protobuf
         Protobuf::Cerbos::Engine::V1::Principal.new(
           id: id,
           roles: roles,
-          attr: attributes.to_protobuf,
+          attr: attr.to_protobuf,
           policy_version: policy_version,
           scope: scope
         )

data/lib/cerbos/input/resource.rb

@@ -17,7 +17,7 @@ module Cerbos
       # Application-specific attributes describing the resource.
       #
       # @return [Attributes]
-      attr_reader :attributes
+      attr_reader :attr
 
       # The policy version to use when checking the principal's permissions on the resource.
       #
@@ -37,23 +37,38 @@ module Cerbos
       #
       # @param kind [String] the type of resource.
       # @param id [String] a unique identifier for the resource.
-      # @param attributes [Attributes, Hash] application-specific attributes describing the resource.
+      # @param attr [Attributes, Hash] application-specific attributes describing the resource.
+      # @param attributes [Attributes, Hash] deprecated (use `attr` instead).
       # @param policy_version [String, nil] the policy version to use when checking the principal's permissions on the resource (`nil` to use the Cerbos policy decision point server's configured default version).
       # @param scope [String, nil] the policy scope to use when checking the principal's permissions on the resource.
-      def initialize(kind:, id:, attributes: {}, policy_version: nil, scope: nil)
+      def initialize(kind:, id:, attr: {}, attributes: nil, policy_version: nil, scope: nil)
+        unless attributes.nil?
+          Cerbos.deprecation_warning "The `attributes` keyword argument is deprecated. Use `attr` instead."
+          attr = attributes
+        end
+
         @kind = kind
         @id = id
-        @attributes = Input.coerce_required(attributes, Attributes)
+        @attr = Input.coerce_required(attr, Attributes)
         @policy_version = policy_version
         @scope = scope
       end
 
+      # Application-specific attributes describing the resource.
+      #
+      # @deprecated Use {#attr} instead.
+      # @return [Attributes]
+      def attributes
+        Cerbos.deprecation_warning "The `attributes` method is deprecated. Use `attr` instead."
+        attr
+      end
+
       # @private
       def to_protobuf
         Protobuf::Cerbos::Engine::V1::Resource.new(
           kind: kind,
           id: id,
-          attr: attributes.to_protobuf,
+          attr: attr.to_protobuf,
           policy_version: policy_version,
           scope: scope
         )

data/lib/cerbos/input/resource_query.rb

@@ -12,7 +12,7 @@ module Cerbos
       # Any application-specific attributes describing the resources to be queried that are known in advance.
       #
       # @return [Attributes]
-      attr_reader :attributes
+      attr_reader :attr
 
       # The policy version to use when planning the query.
       #
@@ -31,21 +31,36 @@ module Cerbos
       # Specify partial details of resources to be queried.
       #
       # @param kind [String] the type of resources to be queried.
-      # @param attributes [Attributes, Hash] any application-specific attributes describing the resources to be queried that are known in advance.
+      # @param attr [Attributes, Hash] any application-specific attributes describing the resources to be queried that are known in advance.
+      # @param attributes [Attributes, Hash] deprecated (use `attr` instead).
       # @param policy_version [String, nil] the policy version to use when planning the query (`nil` to use the Cerbos policy decision point server's configured default version).
       # @param scope [String, nil] the policy scope to use when planning the query.
-      def initialize(kind:, attributes: {}, policy_version: nil, scope: nil)
+      def initialize(kind:, attr: {}, attributes: nil, policy_version: nil, scope: nil)
+        unless attributes.nil?
+          Cerbos.deprecation_warning "The `attributes` keyword argument is deprecated. Use `attr` instead."
+          attr = attributes
+        end
+
         @kind = kind
-        @attributes = Input.coerce_required(attributes, Attributes)
+        @attr = Input.coerce_required(attr, Attributes)
         @policy_version = policy_version
         @scope = scope
       end
 
+      # Any application-specific attributes describing the resources to be queried that are known in advance.
+      #
+      # @deprecated Use {#attr} instead.
+      # @return [Attributes]
+      def attributes
+        Cerbos.deprecation_warning "The `attributes` method is deprecated. Use `attr` instead."
+        attr
+      end
+
       # @private
       def to_protobuf
         Protobuf::Cerbos::Engine::V1::PlanResourcesInput::Resource.new(
           kind: kind,
-          attr: attributes.to_protobuf,
+          attr: attr.to_protobuf,
           policy_version: policy_version,
           scope: scope
         )

data/lib/cerbos/protobuf/buf/validate/expression_pb.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: buf/validate/expression.proto
+
+require 'google/protobuf'
+
+
+descriptor_data = "\n\x1d\x62uf/validate/expression.proto\x12\x0c\x62uf.validate\"V\n\nConstraint\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x18\n\x07message\x18\x02 \x01(\tR\x07message\x12\x1e\n\nexpression\x18\x03 \x01(\tR\nexpressionBp\n\x12\x62uild.buf.validateB\x0f\x45xpressionProtoP\x01ZGbuf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validateb\x06proto3"
+
+pool = Google::Protobuf::DescriptorPool.generated_pool
+pool.add_serialized_file(descriptor_data)
+
+module Cerbos::Protobuf::Buf
+  module Validate
+    Constraint = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("buf.validate.Constraint").msgclass
+  end
+end

data/lib/cerbos/protobuf/buf/validate/priv/private_pb.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: buf/validate/priv/private.proto
+
+require 'google/protobuf'
+
+require 'google/protobuf/descriptor_pb'
+
+
+descriptor_data = "\n\x1f\x62uf/validate/priv/private.proto\x12\x11\x62uf.validate.priv\x1a google/protobuf/descriptor.proto\"C\n\x10\x46ieldConstraints\x12/\n\x03\x63\x65l\x18\x01 \x03(\x0b\x32\x1d.buf.validate.priv.ConstraintR\x03\x63\x65l\"V\n\nConstraint\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x18\n\x07message\x18\x02 \x01(\tR\x07message\x12\x1e\n\nexpression\x18\x03 \x01(\tR\nexpression:\\\n\x05\x66ield\x12\x1d.google.protobuf.FieldOptions\x18\x88\t \x01(\x0b\x32#.buf.validate.priv.FieldConstraintsR\x05\x66ield\x88\x01\x01\x42w\n\x17\x62uild.buf.validate.privB\x0cPrivateProtoP\x01ZLbuf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate/privb\x06proto3"
+
+pool = Google::Protobuf::DescriptorPool.generated_pool
+pool.add_serialized_file(descriptor_data)
+
+module Cerbos::Protobuf::Buf
+  module Validate
+    module Priv
+      FieldConstraints = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("buf.validate.priv.FieldConstraints").msgclass
+      Constraint = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("buf.validate.priv.Constraint").msgclass
+    end
+  end
+end