@opentdf/sdk 0.17.0 → 0.19.0-beta.167
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/src/platform/authorization/authorization_pb.js +2 -3
- package/dist/cjs/src/platform/authorization/v2/authorization_pb.js +2 -2
- package/dist/cjs/src/platform/buf/validate/validate_pb.js +17 -11
- package/dist/cjs/src/platform/entityresolution/entity_resolution_pb.js +2 -3
- package/dist/cjs/src/platform/entityresolution/v2/entity_resolution_pb.js +15 -9
- package/dist/cjs/src/platform/kas/kas_pb.js +2 -4
- package/dist/cjs/src/platform/policy/actions/actions_pb.js +2 -2
- package/dist/cjs/src/platform/policy/attributes/attributes_pb.js +79 -43
- package/dist/cjs/src/platform/policy/kasregistry/key_access_server_registry_pb.js +121 -56
- package/dist/cjs/src/platform/policy/namespaces/namespaces_pb.js +54 -44
- package/dist/cjs/src/platform/policy/objects_pb.js +58 -39
- package/dist/cjs/src/platform/policy/obligations/obligations_pb.js +85 -30
- package/dist/cjs/src/platform/policy/registeredresources/registered_resources_pb.js +53 -22
- package/dist/cjs/src/platform/policy/resourcemapping/resource_mapping_pb.js +2 -2
- package/dist/cjs/src/platform/policy/selectors_pb.js +38 -5
- package/dist/cjs/src/platform/policy/subjectmapping/subject_mapping_pb.js +78 -24
- package/dist/cjs/src/platform/policy/unsafe/unsafe_pb.js +3 -2
- package/dist/cjs/src/platform/wellknownconfiguration/wellknown_configuration_pb.js +2 -3
- package/dist/cjs/src/policy/api.js +1 -30
- package/dist/cjs/src/version.js +1 -1
- package/dist/types/src/platform/authorization/authorization_pb.d.ts.map +1 -1
- package/dist/types/src/platform/authorization/v2/authorization_pb.d.ts +3 -3
- package/dist/types/src/platform/authorization/v2/authorization_pb.d.ts.map +1 -1
- package/dist/types/src/platform/buf/validate/validate_pb.d.ts +392 -155
- package/dist/types/src/platform/buf/validate/validate_pb.d.ts.map +1 -1
- package/dist/types/src/platform/entityresolution/entity_resolution_pb.d.ts.map +1 -1
- package/dist/types/src/platform/entityresolution/v2/entity_resolution_pb.d.ts +33 -0
- package/dist/types/src/platform/entityresolution/v2/entity_resolution_pb.d.ts.map +1 -1
- package/dist/types/src/platform/kas/kas_pb.d.ts +173 -7
- package/dist/types/src/platform/kas/kas_pb.d.ts.map +1 -1
- package/dist/types/src/platform/policy/actions/actions_pb.d.ts +40 -0
- package/dist/types/src/platform/policy/actions/actions_pb.d.ts.map +1 -1
- package/dist/types/src/platform/policy/attributes/attributes_pb.d.ts +119 -4
- package/dist/types/src/platform/policy/attributes/attributes_pb.d.ts.map +1 -1
- package/dist/types/src/platform/policy/kasregistry/key_access_server_registry_pb.d.ts +124 -2
- package/dist/types/src/platform/policy/kasregistry/key_access_server_registry_pb.d.ts.map +1 -1
- package/dist/types/src/platform/policy/namespaces/namespaces_pb.d.ts +53 -114
- package/dist/types/src/platform/policy/namespaces/namespaces_pb.d.ts.map +1 -1
- package/dist/types/src/platform/policy/objects_pb.d.ts +85 -38
- package/dist/types/src/platform/policy/objects_pb.d.ts.map +1 -1
- package/dist/types/src/platform/policy/obligations/obligations_pb.d.ts +157 -4
- package/dist/types/src/platform/policy/obligations/obligations_pb.d.ts.map +1 -1
- package/dist/types/src/platform/policy/registeredresources/registered_resources_pb.d.ts +85 -2
- package/dist/types/src/platform/policy/registeredresources/registered_resources_pb.d.ts.map +1 -1
- package/dist/types/src/platform/policy/resourcemapping/resource_mapping_pb.d.ts +60 -2
- package/dist/types/src/platform/policy/resourcemapping/resource_mapping_pb.d.ts.map +1 -1
- package/dist/types/src/platform/policy/selectors_pb.d.ts +41 -1
- package/dist/types/src/platform/policy/selectors_pb.d.ts.map +1 -1
- package/dist/types/src/platform/policy/subjectmapping/subject_mapping_pb.d.ts +147 -2
- package/dist/types/src/platform/policy/subjectmapping/subject_mapping_pb.d.ts.map +1 -1
- package/dist/types/src/platform/policy/unsafe/unsafe_pb.d.ts +10 -0
- package/dist/types/src/platform/policy/unsafe/unsafe_pb.d.ts.map +1 -1
- package/dist/types/src/platform/wellknownconfiguration/wellknown_configuration_pb.d.ts.map +1 -1
- package/dist/types/src/policy/api.d.ts +0 -2
- package/dist/types/src/policy/api.d.ts.map +1 -1
- package/dist/types/src/version.d.ts +1 -1
- package/dist/web/src/platform/authorization/authorization_pb.js +2 -3
- package/dist/web/src/platform/authorization/v2/authorization_pb.js +2 -2
- package/dist/web/src/platform/buf/validate/validate_pb.js +17 -11
- package/dist/web/src/platform/entityresolution/entity_resolution_pb.js +2 -3
- package/dist/web/src/platform/entityresolution/v2/entity_resolution_pb.js +14 -8
- package/dist/web/src/platform/kas/kas_pb.js +2 -4
- package/dist/web/src/platform/policy/actions/actions_pb.js +2 -2
- package/dist/web/src/platform/policy/attributes/attributes_pb.js +79 -43
- package/dist/web/src/platform/policy/kasregistry/key_access_server_registry_pb.js +120 -55
- package/dist/web/src/platform/policy/namespaces/namespaces_pb.js +54 -44
- package/dist/web/src/platform/policy/objects_pb.js +56 -37
- package/dist/web/src/platform/policy/obligations/obligations_pb.js +85 -30
- package/dist/web/src/platform/policy/registeredresources/registered_resources_pb.js +53 -22
- package/dist/web/src/platform/policy/resourcemapping/resource_mapping_pb.js +2 -2
- package/dist/web/src/platform/policy/selectors_pb.js +38 -5
- package/dist/web/src/platform/policy/subjectmapping/subject_mapping_pb.js +78 -24
- package/dist/web/src/platform/policy/unsafe/unsafe_pb.js +3 -2
- package/dist/web/src/platform/wellknownconfiguration/wellknown_configuration_pb.js +2 -3
- package/dist/web/src/policy/api.js +1 -29
- package/dist/web/src/version.js +1 -1
- package/package.json +1 -1
- package/src/platform/authorization/authorization_pb.ts +1 -2
- package/src/platform/authorization/v2/authorization_pb.ts +4 -4
- package/src/platform/buf/validate/validate_pb.ts +437 -163
- package/src/platform/entityresolution/entity_resolution_pb.ts +1 -2
- package/src/platform/entityresolution/v2/entity_resolution_pb.ts +47 -7
- package/src/platform/kas/kas_pb.ts +174 -10
- package/src/platform/policy/actions/actions_pb.ts +47 -1
- package/src/platform/policy/attributes/attributes_pb.ts +181 -46
- package/src/platform/policy/kasregistry/key_access_server_registry_pb.ts +202 -56
- package/src/platform/policy/namespaces/namespaces_pb.ts +77 -144
- package/src/platform/policy/objects_pb.ts +129 -73
- package/src/platform/policy/obligations/obligations_pb.ts +214 -33
- package/src/platform/policy/registeredresources/registered_resources_pb.ts +125 -24
- package/src/platform/policy/resourcemapping/resource_mapping_pb.ts +70 -3
- package/src/platform/policy/selectors_pb.ts +54 -5
- package/src/platform/policy/subjectmapping/subject_mapping_pb.ts +200 -25
- package/src/platform/policy/unsafe/unsafe_pb.ts +13 -1
- package/src/platform/wellknownconfiguration/wellknown_configuration_pb.ts +1 -2
- package/src/policy/api.ts +0 -40
- package/src/version.ts +1 -1
- package/dist/cjs/src/platform/google/api/annotations_pb.js +0 -30
- package/dist/cjs/src/platform/google/api/http_pb.js +0 -37
- package/dist/cjs/src/platform/protoc-gen-openapiv2/options/annotations_pb.js +0 -68
- package/dist/cjs/src/platform/protoc-gen-openapiv2/options/openapiv2_pb.js +0 -307
- package/dist/types/src/platform/google/api/annotations_pb.d.ts +0 -14
- package/dist/types/src/platform/google/api/annotations_pb.d.ts.map +0 -1
- package/dist/types/src/platform/google/api/http_pb.d.ts +0 -441
- package/dist/types/src/platform/google/api/http_pb.d.ts.map +0 -1
- package/dist/types/src/platform/protoc-gen-openapiv2/options/annotations_pb.d.ts +0 -62
- package/dist/types/src/platform/protoc-gen-openapiv2/options/annotations_pb.d.ts.map +0 -1
- package/dist/types/src/platform/protoc-gen-openapiv2/options/openapiv2_pb.d.ts +0 -1441
- package/dist/types/src/platform/protoc-gen-openapiv2/options/openapiv2_pb.d.ts.map +0 -1
- package/dist/web/src/platform/google/api/annotations_pb.js +0 -27
- package/dist/web/src/platform/google/api/http_pb.js +0 -34
- package/dist/web/src/platform/protoc-gen-openapiv2/options/annotations_pb.js +0 -65
- package/dist/web/src/platform/protoc-gen-openapiv2/options/openapiv2_pb.js +0 -304
- package/src/platform/google/api/annotations_pb.ts +0 -39
- package/src/platform/google/api/http_pb.ts +0 -474
- package/src/platform/protoc-gen-openapiv2/options/annotations_pb.ts +0 -83
- package/src/platform/protoc-gen-openapiv2/options/openapiv2_pb.ts +0 -1615
|
@@ -8,14 +8,13 @@ import type { Entity, EntityChain, Token } from "../authorization/authorization_
|
|
|
8
8
|
import { file_authorization_authorization } from "../authorization/authorization_pb.js";
|
|
9
9
|
import type { Any } from "@bufbuild/protobuf/wkt";
|
|
10
10
|
import { file_google_protobuf_any, file_google_protobuf_struct } from "@bufbuild/protobuf/wkt";
|
|
11
|
-
import { file_google_api_annotations } from "../google/api/annotations_pb.js";
|
|
12
11
|
import type { JsonObject, Message } from "@bufbuild/protobuf";
|
|
13
12
|
|
|
14
13
|
/**
|
|
15
14
|
* Describes the file entityresolution/entity_resolution.proto.
|
|
16
15
|
*/
|
|
17
16
|
export const file_entityresolution_entity_resolution: GenFile = /*@__PURE__*/
|
|
18
|
-
fileDesc("
|
|
17
|
+
fileDesc("CihlbnRpdHlyZXNvbHV0aW9uL2VudGl0eV9yZXNvbHV0aW9uLnByb3RvEhBlbnRpdHlyZXNvbHV0aW9uIkEKFlJlc29sdmVFbnRpdGllc1JlcXVlc3QSJwoIZW50aXRpZXMYASADKAsyFS5hdXRob3JpemF0aW9uLkVudGl0eSJeChRFbnRpdHlSZXByZXNlbnRhdGlvbhIxChBhZGRpdGlvbmFsX3Byb3BzGAEgAygLMhcuZ29vZ2xlLnByb3RvYnVmLlN0cnVjdBITCgtvcmlnaW5hbF9pZBgCIAEoCSJhChdSZXNvbHZlRW50aXRpZXNSZXNwb25zZRJGChZlbnRpdHlfcmVwcmVzZW50YXRpb25zGAEgAygLMiYuZW50aXR5cmVzb2x1dGlvbi5FbnRpdHlSZXByZXNlbnRhdGlvbiJrChNFbnRpdHlOb3RGb3VuZEVycm9yEgwKBGNvZGUYASABKAUSDwoHbWVzc2FnZRgCIAEoCRIlCgdkZXRhaWxzGAMgAygLMhQuZ29vZ2xlLnByb3RvYnVmLkFueRIOCgZlbnRpdHkYBCABKAkiRwofQ3JlYXRlRW50aXR5Q2hhaW5Gcm9tSnd0UmVxdWVzdBIkCgZ0b2tlbnMYASADKAsyFC5hdXRob3JpemF0aW9uLlRva2VuIlUKIENyZWF0ZUVudGl0eUNoYWluRnJvbUp3dFJlc3BvbnNlEjEKDWVudGl0eV9jaGFpbnMYASADKAsyGi5hdXRob3JpemF0aW9uLkVudGl0eUNoYWluMokCChdFbnRpdHlSZXNvbHV0aW9uU2VydmljZRJoCg9SZXNvbHZlRW50aXRpZXMSKC5lbnRpdHlyZXNvbHV0aW9uLlJlc29sdmVFbnRpdGllc1JlcXVlc3QaKS5lbnRpdHlyZXNvbHV0aW9uLlJlc29sdmVFbnRpdGllc1Jlc3BvbnNlIgASgwEKGENyZWF0ZUVudGl0eUNoYWluRnJvbUp3dBIxLmVudGl0eXJlc29sdXRpb24uQ3JlYXRlRW50aXR5Q2hhaW5Gcm9tSnd0UmVxdWVzdBoyLmVudGl0eXJlc29sdXRpb24uQ3JlYXRlRW50aXR5Q2hhaW5Gcm9tSnd0UmVzcG9uc2UiAGIGcHJvdG8z", [file_authorization_authorization, file_google_protobuf_any, file_google_protobuf_struct]);
|
|
19
18
|
|
|
20
19
|
/**
|
|
21
20
|
*
|
|
@@ -9,13 +9,39 @@ import type { Entity, EntityChain, Token } from "../../entity/entity_pb.js";
|
|
|
9
9
|
import { file_entity_entity } from "../../entity/entity_pb.js";
|
|
10
10
|
import type { Any } from "@bufbuild/protobuf/wkt";
|
|
11
11
|
import { file_google_protobuf_any, file_google_protobuf_struct } from "@bufbuild/protobuf/wkt";
|
|
12
|
+
import type { Resource } from "../../authorization/v2/authorization_pb.js";
|
|
13
|
+
import { file_authorization_v2_authorization } from "../../authorization/v2/authorization_pb.js";
|
|
12
14
|
import type { JsonObject, Message } from "@bufbuild/protobuf";
|
|
13
15
|
|
|
14
16
|
/**
|
|
15
17
|
* Describes the file entityresolution/v2/entity_resolution.proto.
|
|
16
18
|
*/
|
|
17
19
|
export const file_entityresolution_v2_entity_resolution: GenFile = /*@__PURE__*/
|
|
18
|
-
fileDesc("
|
|
20
|
+
fileDesc("CitlbnRpdHlyZXNvbHV0aW9uL3YyL2VudGl0eV9yZXNvbHV0aW9uLnByb3RvEhNlbnRpdHlyZXNvbHV0aW9uLnYyIkEKEURpcmVjdEVudGl0bGVtZW50EhsKE2F0dHJpYnV0ZV92YWx1ZV9mcW4YASABKAkSDwoHYWN0aW9ucxgCIAMoCSKjAQoURW50aXR5UmVwcmVzZW50YXRpb24SEwoLb3JpZ2luYWxfaWQYASABKAkSMQoQYWRkaXRpb25hbF9wcm9wcxgCIAMoCzIXLmdvb2dsZS5wcm90b2J1Zi5TdHJ1Y3QSQwoTZGlyZWN0X2VudGl0bGVtZW50cxgDIAMoCzImLmVudGl0eXJlc29sdXRpb24udjIuRGlyZWN0RW50aXRsZW1lbnQiRwoWUmVzb2x2ZUVudGl0aWVzUmVxdWVzdBItCghlbnRpdGllcxgBIAMoCzIOLmVudGl0eS5FbnRpdHlCC7pICMgBAZIBAggBImQKF1Jlc29sdmVFbnRpdGllc1Jlc3BvbnNlEkkKFmVudGl0eV9yZXByZXNlbnRhdGlvbnMYASADKAsyKS5lbnRpdHlyZXNvbHV0aW9uLnYyLkVudGl0eVJlcHJlc2VudGF0aW9uImsKE0VudGl0eU5vdEZvdW5kRXJyb3ISDAoEY29kZRgBIAEoBRIPCgdtZXNzYWdlGAIgASgJEiUKB2RldGFpbHMYAyADKAsyFC5nb29nbGUucHJvdG9idWYuQW55Eg4KBmVudGl0eRgEIAEoCSJzCiNDcmVhdGVFbnRpdHlDaGFpbnNGcm9tVG9rZW5zUmVxdWVzdBIdCgZ0b2tlbnMYASADKAsyDS5lbnRpdHkuVG9rZW4SLQoJcmVzb3VyY2VzGAIgAygLMhouYXV0aG9yaXphdGlvbi52Mi5SZXNvdXJjZSJSCiRDcmVhdGVFbnRpdHlDaGFpbnNGcm9tVG9rZW5zUmVzcG9uc2USKgoNZW50aXR5X2NoYWlucxgBIAMoCzITLmVudGl0eS5FbnRpdHlDaGFpbjKhAgoXRW50aXR5UmVzb2x1dGlvblNlcnZpY2USbgoPUmVzb2x2ZUVudGl0aWVzEisuZW50aXR5cmVzb2x1dGlvbi52Mi5SZXNvbHZlRW50aXRpZXNSZXF1ZXN0GiwuZW50aXR5cmVzb2x1dGlvbi52Mi5SZXNvbHZlRW50aXRpZXNSZXNwb25zZSIAEpUBChxDcmVhdGVFbnRpdHlDaGFpbnNGcm9tVG9rZW5zEjguZW50aXR5cmVzb2x1dGlvbi52Mi5DcmVhdGVFbnRpdHlDaGFpbnNGcm9tVG9rZW5zUmVxdWVzdBo5LmVudGl0eXJlc29sdXRpb24udjIuQ3JlYXRlRW50aXR5Q2hhaW5zRnJvbVRva2Vuc1Jlc3BvbnNlIgBiBnByb3RvMw", [file_buf_validate_validate, file_entity_entity, file_google_protobuf_any, file_google_protobuf_struct, file_authorization_v2_authorization]);
|
|
21
|
+
|
|
22
|
+
/**
|
|
23
|
+
* Entity Entitlements that do not require subject mappings (experimental)
|
|
24
|
+
*
|
|
25
|
+
* @generated from message entityresolution.v2.DirectEntitlement
|
|
26
|
+
*/
|
|
27
|
+
export type DirectEntitlement = Message<"entityresolution.v2.DirectEntitlement"> & {
|
|
28
|
+
/**
|
|
29
|
+
* @generated from field: string attribute_value_fqn = 1;
|
|
30
|
+
*/
|
|
31
|
+
attributeValueFqn: string;
|
|
32
|
+
|
|
33
|
+
/**
|
|
34
|
+
* @generated from field: repeated string actions = 2;
|
|
35
|
+
*/
|
|
36
|
+
actions: string[];
|
|
37
|
+
};
|
|
38
|
+
|
|
39
|
+
/**
|
|
40
|
+
* Describes the message entityresolution.v2.DirectEntitlement.
|
|
41
|
+
* Use `create(DirectEntitlementSchema)` to create a new message.
|
|
42
|
+
*/
|
|
43
|
+
export const DirectEntitlementSchema: GenMessage<DirectEntitlement> = /*@__PURE__*/
|
|
44
|
+
messageDesc(file_entityresolution_v2_entity_resolution, 0);
|
|
19
45
|
|
|
20
46
|
/**
|
|
21
47
|
* @generated from message entityresolution.v2.EntityRepresentation
|
|
@@ -32,6 +58,13 @@ export type EntityRepresentation = Message<"entityresolution.v2.EntityRepresenta
|
|
|
32
58
|
* @generated from field: repeated google.protobuf.Struct additional_props = 2;
|
|
33
59
|
*/
|
|
34
60
|
additionalProps: JsonObject[];
|
|
61
|
+
|
|
62
|
+
/**
|
|
63
|
+
* direct entitlements applied to Entity (experimental)
|
|
64
|
+
*
|
|
65
|
+
* @generated from field: repeated entityresolution.v2.DirectEntitlement direct_entitlements = 3;
|
|
66
|
+
*/
|
|
67
|
+
directEntitlements: DirectEntitlement[];
|
|
35
68
|
};
|
|
36
69
|
|
|
37
70
|
/**
|
|
@@ -39,7 +72,7 @@ export type EntityRepresentation = Message<"entityresolution.v2.EntityRepresenta
|
|
|
39
72
|
* Use `create(EntityRepresentationSchema)` to create a new message.
|
|
40
73
|
*/
|
|
41
74
|
export const EntityRepresentationSchema: GenMessage<EntityRepresentation> = /*@__PURE__*/
|
|
42
|
-
messageDesc(file_entityresolution_v2_entity_resolution,
|
|
75
|
+
messageDesc(file_entityresolution_v2_entity_resolution, 1);
|
|
43
76
|
|
|
44
77
|
/**
|
|
45
78
|
* Resolve a set of entities to their representations.
|
|
@@ -58,7 +91,7 @@ export type ResolveEntitiesRequest = Message<"entityresolution.v2.ResolveEntitie
|
|
|
58
91
|
* Use `create(ResolveEntitiesRequestSchema)` to create a new message.
|
|
59
92
|
*/
|
|
60
93
|
export const ResolveEntitiesRequestSchema: GenMessage<ResolveEntitiesRequest> = /*@__PURE__*/
|
|
61
|
-
messageDesc(file_entityresolution_v2_entity_resolution,
|
|
94
|
+
messageDesc(file_entityresolution_v2_entity_resolution, 2);
|
|
62
95
|
|
|
63
96
|
/**
|
|
64
97
|
* @generated from message entityresolution.v2.ResolveEntitiesResponse
|
|
@@ -75,7 +108,7 @@ export type ResolveEntitiesResponse = Message<"entityresolution.v2.ResolveEntiti
|
|
|
75
108
|
* Use `create(ResolveEntitiesResponseSchema)` to create a new message.
|
|
76
109
|
*/
|
|
77
110
|
export const ResolveEntitiesResponseSchema: GenMessage<ResolveEntitiesResponse> = /*@__PURE__*/
|
|
78
|
-
messageDesc(file_entityresolution_v2_entity_resolution,
|
|
111
|
+
messageDesc(file_entityresolution_v2_entity_resolution, 3);
|
|
79
112
|
|
|
80
113
|
/**
|
|
81
114
|
* @generated from message entityresolution.v2.EntityNotFoundError
|
|
@@ -107,7 +140,7 @@ export type EntityNotFoundError = Message<"entityresolution.v2.EntityNotFoundErr
|
|
|
107
140
|
* Use `create(EntityNotFoundErrorSchema)` to create a new message.
|
|
108
141
|
*/
|
|
109
142
|
export const EntityNotFoundErrorSchema: GenMessage<EntityNotFoundError> = /*@__PURE__*/
|
|
110
|
-
messageDesc(file_entityresolution_v2_entity_resolution,
|
|
143
|
+
messageDesc(file_entityresolution_v2_entity_resolution, 4);
|
|
111
144
|
|
|
112
145
|
/**
|
|
113
146
|
* Create an entity chain for each token (JWT) in the request.
|
|
@@ -119,6 +152,13 @@ export type CreateEntityChainsFromTokensRequest = Message<"entityresolution.v2.C
|
|
|
119
152
|
* @generated from field: repeated entity.Token tokens = 1;
|
|
120
153
|
*/
|
|
121
154
|
tokens: Token[];
|
|
155
|
+
|
|
156
|
+
/**
|
|
157
|
+
* resources to consider for direct entitlements (experimental)
|
|
158
|
+
*
|
|
159
|
+
* @generated from field: repeated authorization.v2.Resource resources = 2;
|
|
160
|
+
*/
|
|
161
|
+
resources: Resource[];
|
|
122
162
|
};
|
|
123
163
|
|
|
124
164
|
/**
|
|
@@ -126,7 +166,7 @@ export type CreateEntityChainsFromTokensRequest = Message<"entityresolution.v2.C
|
|
|
126
166
|
* Use `create(CreateEntityChainsFromTokensRequestSchema)` to create a new message.
|
|
127
167
|
*/
|
|
128
168
|
export const CreateEntityChainsFromTokensRequestSchema: GenMessage<CreateEntityChainsFromTokensRequest> = /*@__PURE__*/
|
|
129
|
-
messageDesc(file_entityresolution_v2_entity_resolution,
|
|
169
|
+
messageDesc(file_entityresolution_v2_entity_resolution, 5);
|
|
130
170
|
|
|
131
171
|
/**
|
|
132
172
|
* @generated from message entityresolution.v2.CreateEntityChainsFromTokensResponse
|
|
@@ -143,7 +183,7 @@ export type CreateEntityChainsFromTokensResponse = Message<"entityresolution.v2.
|
|
|
143
183
|
* Use `create(CreateEntityChainsFromTokensResponseSchema)` to create a new message.
|
|
144
184
|
*/
|
|
145
185
|
export const CreateEntityChainsFromTokensResponseSchema: GenMessage<CreateEntityChainsFromTokensResponse> = /*@__PURE__*/
|
|
146
|
-
messageDesc(file_entityresolution_v2_entity_resolution,
|
|
186
|
+
messageDesc(file_entityresolution_v2_entity_resolution, 6);
|
|
147
187
|
|
|
148
188
|
/**
|
|
149
189
|
* @generated from service entityresolution.v2.EntityResolutionService
|
|
@@ -4,17 +4,15 @@
|
|
|
4
4
|
|
|
5
5
|
import type { GenFile, GenMessage, GenService } from "@bufbuild/protobuf/codegenv1";
|
|
6
6
|
import { fileDesc, messageDesc, serviceDesc } from "@bufbuild/protobuf/codegenv1";
|
|
7
|
-
import { file_google_api_annotations } from "../google/api/annotations_pb.js";
|
|
8
7
|
import type { StringValueSchema, Value } from "@bufbuild/protobuf/wkt";
|
|
9
8
|
import { file_google_protobuf_struct, file_google_protobuf_wrappers } from "@bufbuild/protobuf/wkt";
|
|
10
|
-
import { file_protoc_gen_openapiv2_options_annotations } from "../protoc-gen-openapiv2/options/annotations_pb.js";
|
|
11
9
|
import type { Message } from "@bufbuild/protobuf";
|
|
12
10
|
|
|
13
11
|
/**
|
|
14
12
|
* Describes the file kas/kas.proto.
|
|
15
13
|
*/
|
|
16
14
|
export const file_kas_kas: GenFile = /*@__PURE__*/
|
|
17
|
-
fileDesc("
|
|
15
|
+
fileDesc("Cg1rYXMva2FzLnByb3RvEgNrYXMiDQoLSW5mb1JlcXVlc3QiHwoMSW5mb1Jlc3BvbnNlEg8KB3ZlcnNpb24YASABKAkiKwoWTGVnYWN5UHVibGljS2V5UmVxdWVzdBIRCglhbGdvcml0aG0YASABKAkiNQoNUG9saWN5QmluZGluZxIWCglhbGdvcml0aG0YASABKAlSA2FsZxIMCgRoYXNoGAIgASgJIvoBCglLZXlBY2Nlc3MSGgoSZW5jcnlwdGVkX21ldGFkYXRhGAEgASgJEioKDnBvbGljeV9iaW5kaW5nGAIgASgLMhIua2FzLlBvbGljeUJpbmRpbmcSEAoIcHJvdG9jb2wYAyABKAkSFgoIa2V5X3R5cGUYBCABKAlSBHR5cGUSFAoHa2FzX3VybBgFIAEoCVIDdXJsEgsKA2tpZBgGIAEoCRIVCghzcGxpdF9pZBgHIAEoCVIDc2lkEhMKC3dyYXBwZWRfa2V5GAggASgMEg4KBmhlYWRlchgJIAEoDBIcChRlcGhlbWVyYWxfcHVibGljX2tleRgKIAEoCSL5AwoVVW5zaWduZWRSZXdyYXBSZXF1ZXN0EhkKEWNsaWVudF9wdWJsaWNfa2V5GAEgASgJEj4KCHJlcXVlc3RzGAIgAygLMiwua2FzLlVuc2lnbmVkUmV3cmFwUmVxdWVzdC5XaXRoUG9saWN5UmVxdWVzdBImCgprZXlfYWNjZXNzGAMgASgLMg4ua2FzLktleUFjY2Vzc0ICGAESEgoGcG9saWN5GAQgASgJQgIYARIVCglhbGdvcml0aG0YBSABKAlCAhgBGiYKCldpdGhQb2xpY3kSCgoCaWQYASABKAkSDAoEYm9keRgCIAEoCRpeChNXaXRoS2V5QWNjZXNzT2JqZWN0EhwKFGtleV9hY2Nlc3Nfb2JqZWN0X2lkGAEgASgJEikKEWtleV9hY2Nlc3Nfb2JqZWN0GAIgASgLMg4ua2FzLktleUFjY2VzcxqpAQoRV2l0aFBvbGljeVJlcXVlc3QSSgoSa2V5X2FjY2Vzc19vYmplY3RzGAEgAygLMi4ua2FzLlVuc2lnbmVkUmV3cmFwUmVxdWVzdC5XaXRoS2V5QWNjZXNzT2JqZWN0EjUKBnBvbGljeRgCIAEoCzIlLmthcy5VbnNpZ25lZFJld3JhcFJlcXVlc3QuV2l0aFBvbGljeRIRCglhbGdvcml0aG0YAyABKAkiPQoQUHVibGljS2V5UmVxdWVzdBIRCglhbGdvcml0aG0YASABKAkSCwoDZm10GAIgASgJEgkKAXYYAyABKAkiNAoRUHVibGljS2V5UmVzcG9uc2USEgoKcHVibGljX2tleRgBIAEoCRILCgNraWQYAiABKAkiOwoNUmV3cmFwUmVxdWVzdBIcChRzaWduZWRfcmVxdWVzdF90b2tlbhgBIAEoCUoECAIQA1IGYmVhcmVyIoACChVLZXlBY2Nlc3NSZXdyYXBSZXN1bHQSOgoIbWV0YWRhdGEYASADKAsyKC5rYXMuS2V5QWNjZXNzUmV3cmFwUmVzdWx0Lk1ldGFkYXRhRW50cnkSHAoUa2V5X2FjY2Vzc19vYmplY3RfaWQYAiABKAkSDgoGc3RhdHVzGAMgASgJEhkKD2thc193cmFwcGVkX2tleRgEIAEoDEgAEg8KBWVycm9yGAUgASgJSAAaRwoNTWV0YWRhdGFFbnRyeRILCgNrZXkYASABKAkSJQoFdmFsdWUYAiABKAsyFi5nb29nbGUucHJvdG9idWYuVmFsdWU6AjgBQggKBnJlc3VsdCJUChJQb2xpY3lSZXdyYXBSZXN1bHQSEQoJcG9saWN5X2lkGAEgASgJEisKB3Jlc3VsdHMYAiADKAsyGi5rYXMuS2V5QWNjZXNzUmV3cmFwUmVzdWx0IpYCCg5SZXdyYXBSZXNwb25zZRI3CghtZXRhZGF0YRgBIAMoCzIhLmthcy5SZXdyYXBSZXNwb25zZS5NZXRhZGF0YUVudHJ5QgIYARIeChJlbnRpdHlfd3JhcHBlZF9rZXkYAiABKAxCAhgBEhoKEnNlc3Npb25fcHVibGljX2tleRgDIAEoCRIaCg5zY2hlbWFfdmVyc2lvbhgEIAEoCUICGAESKgoJcmVzcG9uc2VzGAUgAygLMhcua2FzLlBvbGljeVJld3JhcFJlc3VsdBpHCg1NZXRhZGF0YUVudHJ5EgsKA2tleRgBIAEoCRIlCgV2YWx1ZRgCIAEoCzIWLmdvb2dsZS5wcm90b2J1Zi5WYWx1ZToCOAEy2wEKDUFjY2Vzc1NlcnZpY2USPwoJUHVibGljS2V5EhUua2FzLlB1YmxpY0tleVJlcXVlc3QaFi5rYXMuUHVibGljS2V5UmVzcG9uc2UiA5ACARJUCg9MZWdhY3lQdWJsaWNLZXkSGy5rYXMuTGVnYWN5UHVibGljS2V5UmVxdWVzdBocLmdvb2dsZS5wcm90b2J1Zi5TdHJpbmdWYWx1ZSIGiAIBkAIBEjMKBlJld3JhcBISLmthcy5SZXdyYXBSZXF1ZXN0GhMua2FzLlJld3JhcFJlc3BvbnNlIgBiBnByb3RvMw", [file_google_protobuf_struct, file_google_protobuf_wrappers]);
|
|
18
16
|
|
|
19
17
|
/**
|
|
20
18
|
* Intentionally empty. May include features later.
|
|
@@ -68,15 +66,29 @@ export const LegacyPublicKeyRequestSchema: GenMessage<LegacyPublicKeyRequest> =
|
|
|
68
66
|
messageDesc(file_kas_kas, 2);
|
|
69
67
|
|
|
70
68
|
/**
|
|
69
|
+
* Policy binding ensures cryptographic integrity between policy and wrapped key
|
|
70
|
+
* Prevents policy tampering by binding the policy hash to the encrypted key
|
|
71
|
+
*
|
|
71
72
|
* @generated from message kas.PolicyBinding
|
|
72
73
|
*/
|
|
73
74
|
export type PolicyBinding = Message<"kas.PolicyBinding"> & {
|
|
74
75
|
/**
|
|
76
|
+
* Cryptographic hashing algorithm used for policy binding
|
|
77
|
+
* Optional: ZTDF (when policy_binding is an object)
|
|
78
|
+
* Value: Always "HS256" (HMAC-SHA256) - other algorithms not supported
|
|
79
|
+
* Example: "HS256"
|
|
80
|
+
*
|
|
75
81
|
* @generated from field: string algorithm = 1 [json_name = "alg"];
|
|
76
82
|
*/
|
|
77
83
|
algorithm: string;
|
|
78
84
|
|
|
79
85
|
/**
|
|
86
|
+
* HMAC-SHA256 hash of the base64-encoded policy using the DEK as the secret key
|
|
87
|
+
* 4.2.2 TDFs are hex and base64 encoded before HMAC computation
|
|
88
|
+
* Required: ZTDF (when policy_binding is an object)
|
|
89
|
+
* Links the policy content to the wrapped DEK cryptographically via HMAC
|
|
90
|
+
* Computed as HMAC-SHA256(DEK, base64_policy) then hex-encoded and base64-encoded
|
|
91
|
+
*
|
|
80
92
|
* @generated from field: string hash = 2;
|
|
81
93
|
*/
|
|
82
94
|
hash: string;
|
|
@@ -90,59 +102,102 @@ export const PolicyBindingSchema: GenMessage<PolicyBinding> = /*@__PURE__*/
|
|
|
90
102
|
messageDesc(file_kas_kas, 3);
|
|
91
103
|
|
|
92
104
|
/**
|
|
105
|
+
* Key Access Object containing cryptographic material and metadata for TDF decryption
|
|
106
|
+
*
|
|
93
107
|
* @generated from message kas.KeyAccess
|
|
94
108
|
*/
|
|
95
109
|
export type KeyAccess = Message<"kas.KeyAccess"> & {
|
|
96
110
|
/**
|
|
111
|
+
* Base64-encoded encrypted metadata containing additional key information
|
|
112
|
+
* Optional: Not used during KAS rewrap operations (client-side only)
|
|
113
|
+
* KAS service passes this through without processing or validation
|
|
114
|
+
*
|
|
97
115
|
* @generated from field: string encrypted_metadata = 1;
|
|
98
116
|
*/
|
|
99
117
|
encryptedMetadata: string;
|
|
100
118
|
|
|
101
119
|
/**
|
|
120
|
+
* Policy binding ensuring cryptographic integrity between policy and wrapped key
|
|
121
|
+
* Required: ZTDF (contains hash and algorithm)
|
|
122
|
+
* Links the policy to the wrapped key cryptographically
|
|
123
|
+
*
|
|
102
124
|
* @generated from field: kas.PolicyBinding policy_binding = 2;
|
|
103
125
|
*/
|
|
104
126
|
policyBinding?: PolicyBinding;
|
|
105
127
|
|
|
106
128
|
/**
|
|
129
|
+
* Protocol identifier for the key access mechanism
|
|
130
|
+
* Optional: Defaults to 'kas'
|
|
131
|
+
* Typically: 'kas' for standard Key Access Service protocol
|
|
132
|
+
* Example: "kas"
|
|
133
|
+
*
|
|
107
134
|
* @generated from field: string protocol = 3;
|
|
108
135
|
*/
|
|
109
136
|
protocol: string;
|
|
110
137
|
|
|
111
138
|
/**
|
|
139
|
+
* Type of key wrapping used for the data encryption key
|
|
140
|
+
* Required: Always
|
|
141
|
+
* Values: 'wrapped' (RSA-wrapped for ZTDF), 'ec-wrapped' (experimental ECDH-wrapped), 'hybrid-wrapped' (experimental X-Wing-wrapped)
|
|
142
|
+
*
|
|
112
143
|
* @generated from field: string key_type = 4 [json_name = "type"];
|
|
113
144
|
*/
|
|
114
145
|
keyType: string;
|
|
115
146
|
|
|
116
147
|
/**
|
|
148
|
+
* URL of the Key Access Server that can unwrap this key
|
|
149
|
+
* Optional: May be omitted if KAS URL is known from context
|
|
150
|
+
* Used to route rewrap requests to the correct KAS instance
|
|
151
|
+
* Example: "https://kas.example.com"
|
|
152
|
+
*
|
|
117
153
|
* @generated from field: string kas_url = 5 [json_name = "url"];
|
|
118
154
|
*/
|
|
119
155
|
kasUrl: string;
|
|
120
156
|
|
|
121
157
|
/**
|
|
158
|
+
* Key identifier for the KAS public key used for wrapping
|
|
159
|
+
* Optional: ZTDF (may specify which KAS key to use, required if present in the TDF)
|
|
160
|
+
* References a specific public key in the KAS key storage (either local keyring or KAS Registry service)
|
|
161
|
+
* Example: "k1", "ec-key-2024"
|
|
162
|
+
*
|
|
122
163
|
* @generated from field: string kid = 6;
|
|
123
164
|
*/
|
|
124
165
|
kid: string;
|
|
125
166
|
|
|
126
167
|
/**
|
|
168
|
+
* Split identifier for key splitting scenarios
|
|
169
|
+
* Optional: ZTDF (used in advanced key splitting configurations)
|
|
170
|
+
* Used when keys are split across multiple parties for enhanced security
|
|
171
|
+
*
|
|
127
172
|
* @generated from field: string split_id = 7 [json_name = "sid"];
|
|
128
173
|
*/
|
|
129
174
|
splitId: string;
|
|
130
175
|
|
|
131
176
|
/**
|
|
177
|
+
* Client-generated data encryption key wrapped by KAS
|
|
178
|
+
* Required: Always
|
|
179
|
+
* Contains the actual DEK encrypted with KAS's public key
|
|
180
|
+
* This is the core cryptographic material needed for TDF decryption
|
|
181
|
+
*
|
|
132
182
|
* @generated from field: bytes wrapped_key = 8;
|
|
133
183
|
*/
|
|
134
184
|
wrappedKey: Uint8Array;
|
|
135
185
|
|
|
136
186
|
/**
|
|
137
|
-
* header
|
|
187
|
+
* Complete header containing all metadata and policy information (for formats that embed it)
|
|
188
|
+
* Optional: Not used by ZTDF (policy and metadata are separate)
|
|
189
|
+
* Contains magic bytes, version, algorithm, policy, and ephemeral key information
|
|
138
190
|
*
|
|
139
191
|
* @generated from field: bytes header = 9;
|
|
140
192
|
*/
|
|
141
193
|
header: Uint8Array;
|
|
142
194
|
|
|
143
195
|
/**
|
|
144
|
-
*
|
|
145
|
-
*
|
|
196
|
+
* Ephemeral public key for ECDH key derivation (ec-wrapped type only)
|
|
197
|
+
* Required: When key_type="ec-wrapped" (experimental ECDH-based ZTDF)
|
|
198
|
+
* Omitted: When key_type="wrapped" or key_type="hybrid-wrapped"
|
|
199
|
+
* Should be a PEM-encoded PKCS#8 (ASN.1) formatted public key
|
|
200
|
+
* Used to derive the symmetric key for unwrapping the DEK
|
|
146
201
|
*
|
|
147
202
|
* @generated from field: string ephemeral_public_key = 10;
|
|
148
203
|
*/
|
|
@@ -157,21 +212,35 @@ export const KeyAccessSchema: GenMessage<KeyAccess> = /*@__PURE__*/
|
|
|
157
212
|
messageDesc(file_kas_kas, 4);
|
|
158
213
|
|
|
159
214
|
/**
|
|
215
|
+
* Bulk-style Rewrap request structure that is serialized into JSON and signed
|
|
216
|
+
* within a Rewrap flow. This message represents the unsigned payload that gets
|
|
217
|
+
* embedded in a JWT as the 'requestBody' claim and signed with a DPoP key.
|
|
218
|
+
*
|
|
160
219
|
* @generated from message kas.UnsignedRewrapRequest
|
|
161
220
|
*/
|
|
162
221
|
export type UnsignedRewrapRequest = Message<"kas.UnsignedRewrapRequest"> & {
|
|
163
222
|
/**
|
|
223
|
+
* Client's public key in PEM format for establishing a session key
|
|
224
|
+
* Required: Always
|
|
225
|
+
* Used by KAS to generate an ephemeral session key for secure key exchange
|
|
226
|
+
*
|
|
164
227
|
* @generated from field: string client_public_key = 1;
|
|
165
228
|
*/
|
|
166
229
|
clientPublicKey: string;
|
|
167
230
|
|
|
168
231
|
/**
|
|
232
|
+
* List of policy requests to be processed
|
|
233
|
+
* Required: Always (at least one)
|
|
234
|
+
* Each request represents a policy with its associated key access objects
|
|
235
|
+
*
|
|
169
236
|
* @generated from field: repeated kas.UnsignedRewrapRequest.WithPolicyRequest requests = 2;
|
|
170
237
|
*/
|
|
171
238
|
requests: UnsignedRewrapRequest_WithPolicyRequest[];
|
|
172
239
|
|
|
173
240
|
/**
|
|
174
|
-
*
|
|
241
|
+
* Deprecated: Legacy single Key Access Object
|
|
242
|
+
* Used for legacy non-bulk requests (v1 API)
|
|
243
|
+
* Modern clients should use the 'requests' field instead
|
|
175
244
|
*
|
|
176
245
|
* @generated from field: kas.KeyAccess key_access = 3 [deprecated = true];
|
|
177
246
|
* @deprecated
|
|
@@ -179,7 +248,9 @@ export type UnsignedRewrapRequest = Message<"kas.UnsignedRewrapRequest"> & {
|
|
|
179
248
|
keyAccess?: KeyAccess;
|
|
180
249
|
|
|
181
250
|
/**
|
|
182
|
-
*
|
|
251
|
+
* Deprecated: Legacy single policy
|
|
252
|
+
* Used for legacy non-bulk requests (v1 API)
|
|
253
|
+
* Modern clients should use the 'requests' field instead
|
|
183
254
|
*
|
|
184
255
|
* @generated from field: string policy = 4 [deprecated = true];
|
|
185
256
|
* @deprecated
|
|
@@ -187,7 +258,9 @@ export type UnsignedRewrapRequest = Message<"kas.UnsignedRewrapRequest"> & {
|
|
|
187
258
|
policy: string;
|
|
188
259
|
|
|
189
260
|
/**
|
|
190
|
-
*
|
|
261
|
+
* Deprecated: Legacy algorithm specification
|
|
262
|
+
* Used for legacy non-bulk requests (v1 API)
|
|
263
|
+
* Modern clients should use the 'requests' field instead
|
|
191
264
|
*
|
|
192
265
|
* @generated from field: string algorithm = 5 [deprecated = true];
|
|
193
266
|
* @deprecated
|
|
@@ -203,15 +276,26 @@ export const UnsignedRewrapRequestSchema: GenMessage<UnsignedRewrapRequest> = /*
|
|
|
203
276
|
messageDesc(file_kas_kas, 5);
|
|
204
277
|
|
|
205
278
|
/**
|
|
279
|
+
* Policy metadata and content for a group of KeyAccessObjects
|
|
280
|
+
*
|
|
206
281
|
* @generated from message kas.UnsignedRewrapRequest.WithPolicy
|
|
207
282
|
*/
|
|
208
283
|
export type UnsignedRewrapRequest_WithPolicy = Message<"kas.UnsignedRewrapRequest.WithPolicy"> & {
|
|
209
284
|
/**
|
|
285
|
+
* An identifier unique within the scope of the rewrap request
|
|
286
|
+
* Used for mapping between request and response items.
|
|
287
|
+
* Required: Always
|
|
288
|
+
* Example: "policy", "policy-0", "policy-1"
|
|
289
|
+
*
|
|
210
290
|
* @generated from field: string id = 1;
|
|
211
291
|
*/
|
|
212
292
|
id: string;
|
|
213
293
|
|
|
214
294
|
/**
|
|
295
|
+
* Policy content - format varies by TDF type:
|
|
296
|
+
* ZTDF: Base64-encoded JSON policy object containing attributes and other policy data
|
|
297
|
+
* Required: ZTDF (base64-encoded policy JSON)
|
|
298
|
+
*
|
|
215
299
|
* @generated from field: string body = 2;
|
|
216
300
|
*/
|
|
217
301
|
body: string;
|
|
@@ -225,15 +309,24 @@ export const UnsignedRewrapRequest_WithPolicySchema: GenMessage<UnsignedRewrapRe
|
|
|
225
309
|
messageDesc(file_kas_kas, 5, 0);
|
|
226
310
|
|
|
227
311
|
/**
|
|
312
|
+
* Key Access Object wrapper with identifier
|
|
313
|
+
*
|
|
228
314
|
* @generated from message kas.UnsignedRewrapRequest.WithKeyAccessObject
|
|
229
315
|
*/
|
|
230
316
|
export type UnsignedRewrapRequest_WithKeyAccessObject = Message<"kas.UnsignedRewrapRequest.WithKeyAccessObject"> & {
|
|
231
317
|
/**
|
|
318
|
+
* Ephemeral, unique identifier for this KAO within the request
|
|
319
|
+
* Required: Always
|
|
320
|
+
* Example: "kao-0", "kao-1", "key-access-object-uuid"
|
|
321
|
+
*
|
|
232
322
|
* @generated from field: string key_access_object_id = 1;
|
|
233
323
|
*/
|
|
234
324
|
keyAccessObjectId: string;
|
|
235
325
|
|
|
236
326
|
/**
|
|
327
|
+
* The actual Key Access Object containing cryptographic material and metadata
|
|
328
|
+
* Required: Always
|
|
329
|
+
*
|
|
237
330
|
* @generated from field: kas.KeyAccess key_access_object = 2;
|
|
238
331
|
*/
|
|
239
332
|
keyAccessObject?: KeyAccess;
|
|
@@ -247,20 +340,34 @@ export const UnsignedRewrapRequest_WithKeyAccessObjectSchema: GenMessage<Unsigne
|
|
|
247
340
|
messageDesc(file_kas_kas, 5, 1);
|
|
248
341
|
|
|
249
342
|
/**
|
|
343
|
+
* Request grouping policy with associated key access objects
|
|
344
|
+
*
|
|
250
345
|
* @generated from message kas.UnsignedRewrapRequest.WithPolicyRequest
|
|
251
346
|
*/
|
|
252
347
|
export type UnsignedRewrapRequest_WithPolicyRequest = Message<"kas.UnsignedRewrapRequest.WithPolicyRequest"> & {
|
|
253
348
|
/**
|
|
349
|
+
* List of Key Access Objects associated with this policy
|
|
350
|
+
* Required: Always (at least one)
|
|
351
|
+
* Some formats require exactly one KAO per policy
|
|
352
|
+
*
|
|
254
353
|
* @generated from field: repeated kas.UnsignedRewrapRequest.WithKeyAccessObject key_access_objects = 1;
|
|
255
354
|
*/
|
|
256
355
|
keyAccessObjects: UnsignedRewrapRequest_WithKeyAccessObject[];
|
|
257
356
|
|
|
258
357
|
/**
|
|
358
|
+
* Policy information for this group of KAOs
|
|
359
|
+
* Required: Always
|
|
360
|
+
*
|
|
259
361
|
* @generated from field: kas.UnsignedRewrapRequest.WithPolicy policy = 2;
|
|
260
362
|
*/
|
|
261
363
|
policy?: UnsignedRewrapRequest_WithPolicy;
|
|
262
364
|
|
|
263
365
|
/**
|
|
366
|
+
* Cryptographic algorithm identifier for the TDF type
|
|
367
|
+
* Optional: Defaults to rsa:2048 if omitted
|
|
368
|
+
* Values: "ec:secp256r1" (EC-based), "rsa:2048" (RSA-based), "" (defaults to rsa:2048)
|
|
369
|
+
* Example: "ec:secp256r1"
|
|
370
|
+
*
|
|
264
371
|
* @generated from field: string algorithm = 3;
|
|
265
372
|
*/
|
|
266
373
|
algorithm: string;
|
|
@@ -323,10 +430,18 @@ export const PublicKeyResponseSchema: GenMessage<PublicKeyResponse> = /*@__PURE_
|
|
|
323
430
|
messageDesc(file_kas_kas, 7);
|
|
324
431
|
|
|
325
432
|
/**
|
|
433
|
+
* Request to rewrap (decrypt and re-encrypt) TDF keys for client access
|
|
434
|
+
*
|
|
326
435
|
* @generated from message kas.RewrapRequest
|
|
327
436
|
*/
|
|
328
437
|
export type RewrapRequest = Message<"kas.RewrapRequest"> & {
|
|
329
438
|
/**
|
|
439
|
+
* A JWT signed by the DPoP (Demonstration of Proof of Possession) private key
|
|
440
|
+
* Required: Always
|
|
441
|
+
* Version differences:
|
|
442
|
+
* - v1 (legacy): Uses existing TDF spec schema in requestBody
|
|
443
|
+
* - v2 (bulk): Uses UnsignedRewrapRequest proto serialized as JSON in requestBody
|
|
444
|
+
*
|
|
330
445
|
* @generated from field: string signed_request_token = 1;
|
|
331
446
|
*/
|
|
332
447
|
signedRequestToken: string;
|
|
@@ -340,35 +455,58 @@ export const RewrapRequestSchema: GenMessage<RewrapRequest> = /*@__PURE__*/
|
|
|
340
455
|
messageDesc(file_kas_kas, 8);
|
|
341
456
|
|
|
342
457
|
/**
|
|
458
|
+
* Result of a key access object rewrap operation
|
|
459
|
+
*
|
|
343
460
|
* @generated from message kas.KeyAccessRewrapResult
|
|
344
461
|
*/
|
|
345
462
|
export type KeyAccessRewrapResult = Message<"kas.KeyAccessRewrapResult"> & {
|
|
346
463
|
/**
|
|
464
|
+
* Metadata associated with this KAO result (e.g., required obligations)
|
|
465
|
+
* Optional: May contain obligation requirements or other policy metadata
|
|
466
|
+
* Common keys: "X-Required-Obligations" with array of obligation FQNs
|
|
467
|
+
*
|
|
347
468
|
* @generated from field: map<string, google.protobuf.Value> metadata = 1;
|
|
348
469
|
*/
|
|
349
470
|
metadata: { [key: string]: Value };
|
|
350
471
|
|
|
351
472
|
/**
|
|
473
|
+
* Identifier matching the key_access_object_id from the request
|
|
474
|
+
* Required: Always matches the ID from UnsignedRewrapRequest_WithKeyAccessObject
|
|
475
|
+
*
|
|
352
476
|
* @generated from field: string key_access_object_id = 2;
|
|
353
477
|
*/
|
|
354
478
|
keyAccessObjectId: string;
|
|
355
479
|
|
|
356
480
|
/**
|
|
481
|
+
* Status of the rewrap operation for this KAO
|
|
482
|
+
* Required: Always
|
|
483
|
+
* Values: "permit" (success), "fail" (failure)
|
|
484
|
+
*
|
|
357
485
|
* @generated from field: string status = 3;
|
|
358
486
|
*/
|
|
359
487
|
status: string;
|
|
360
488
|
|
|
361
489
|
/**
|
|
490
|
+
* Result of the rewrap operation - either success or error
|
|
491
|
+
*
|
|
362
492
|
* @generated from oneof kas.KeyAccessRewrapResult.result
|
|
363
493
|
*/
|
|
364
494
|
result: {
|
|
365
495
|
/**
|
|
496
|
+
* Successfully rewrapped key encrypted with the session key
|
|
497
|
+
* Present when status="permit"
|
|
498
|
+
* Contains the DEK encrypted with the ephemeral session key
|
|
499
|
+
*
|
|
366
500
|
* @generated from field: bytes kas_wrapped_key = 4;
|
|
367
501
|
*/
|
|
368
502
|
value: Uint8Array;
|
|
369
503
|
case: "kasWrappedKey";
|
|
370
504
|
} | {
|
|
371
505
|
/**
|
|
506
|
+
* Error message when rewrap failed
|
|
507
|
+
* Present when status="fail"
|
|
508
|
+
* Human-readable description of the failure reason
|
|
509
|
+
*
|
|
372
510
|
* @generated from field: string error = 5;
|
|
373
511
|
*/
|
|
374
512
|
value: string;
|
|
@@ -384,15 +522,23 @@ export const KeyAccessRewrapResultSchema: GenMessage<KeyAccessRewrapResult> = /*
|
|
|
384
522
|
messageDesc(file_kas_kas, 9);
|
|
385
523
|
|
|
386
524
|
/**
|
|
525
|
+
* Result for all KAOs associated with a single policy
|
|
526
|
+
*
|
|
387
527
|
* @generated from message kas.PolicyRewrapResult
|
|
388
528
|
*/
|
|
389
529
|
export type PolicyRewrapResult = Message<"kas.PolicyRewrapResult"> & {
|
|
390
530
|
/**
|
|
531
|
+
* Policy identifier matching the policy.id from the request
|
|
532
|
+
* Required: Always matches the ID from UnsignedRewrapRequest_WithPolicy
|
|
533
|
+
*
|
|
391
534
|
* @generated from field: string policy_id = 1;
|
|
392
535
|
*/
|
|
393
536
|
policyId: string;
|
|
394
537
|
|
|
395
538
|
/**
|
|
539
|
+
* Results for each KAO under this policy
|
|
540
|
+
* Required: One result per KAO in the original request
|
|
541
|
+
*
|
|
396
542
|
* @generated from field: repeated kas.KeyAccessRewrapResult results = 2;
|
|
397
543
|
*/
|
|
398
544
|
results: KeyAccessRewrapResult[];
|
|
@@ -406,34 +552,52 @@ export const PolicyRewrapResultSchema: GenMessage<PolicyRewrapResult> = /*@__PUR
|
|
|
406
552
|
messageDesc(file_kas_kas, 10);
|
|
407
553
|
|
|
408
554
|
/**
|
|
555
|
+
* Response containing rewrapped keys and session information
|
|
556
|
+
*
|
|
409
557
|
* @generated from message kas.RewrapResponse
|
|
410
558
|
*/
|
|
411
559
|
export type RewrapResponse = Message<"kas.RewrapResponse"> & {
|
|
412
560
|
/**
|
|
561
|
+
* Deprecated: Legacy metadata field
|
|
562
|
+
* Modern responses use metadata in individual KeyAccessRewrapResult
|
|
563
|
+
*
|
|
413
564
|
* @generated from field: map<string, google.protobuf.Value> metadata = 1 [deprecated = true];
|
|
414
565
|
* @deprecated
|
|
415
566
|
*/
|
|
416
567
|
metadata: { [key: string]: Value };
|
|
417
568
|
|
|
418
569
|
/**
|
|
570
|
+
* Deprecated: Legacy single entity wrapped key
|
|
571
|
+
* Modern responses use kas_wrapped_key in KeyAccessRewrapResult
|
|
572
|
+
*
|
|
419
573
|
* @generated from field: bytes entity_wrapped_key = 2 [deprecated = true];
|
|
420
574
|
* @deprecated
|
|
421
575
|
*/
|
|
422
576
|
entityWrappedKey: Uint8Array;
|
|
423
577
|
|
|
424
578
|
/**
|
|
579
|
+
* KAS's ephemeral session public key in PEM format
|
|
580
|
+
* Required: For EC-based operations (key_type="ec-wrapped")
|
|
581
|
+
* Optional: Empty for RSA-based or X-Wing-based ZTDF (key_type="wrapped" or key_type="hybrid-wrapped")
|
|
582
|
+
* Used by client to perform ECDH key agreement and decrypt the kas_wrapped_key values
|
|
583
|
+
*
|
|
425
584
|
* @generated from field: string session_public_key = 3;
|
|
426
585
|
*/
|
|
427
586
|
sessionPublicKey: string;
|
|
428
587
|
|
|
429
588
|
/**
|
|
589
|
+
* Deprecated: Legacy schema version identifier
|
|
590
|
+
* Modern responses use implicit versioning
|
|
591
|
+
*
|
|
430
592
|
* @generated from field: string schema_version = 4 [deprecated = true];
|
|
431
593
|
* @deprecated
|
|
432
594
|
*/
|
|
433
595
|
schemaVersion: string;
|
|
434
596
|
|
|
435
597
|
/**
|
|
436
|
-
*
|
|
598
|
+
* Policy-grouped rewrap results for the bulk API
|
|
599
|
+
* Required: Modern v2 API responses
|
|
600
|
+
* Each PolicyRewrapResult contains results for all KAOs under that policy
|
|
437
601
|
*
|
|
438
602
|
* @generated from field: repeated kas.PolicyRewrapResult responses = 5;
|
|
439
603
|
*/
|