npm - @opentdf/sdk - Versions diffs - 0.3.0 → 0.3.2-beta.1 - Mend

@opentdf/sdk 0.3.0 → 0.3.2-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (227) hide show

package/src/platform/authorization/authorization_pb.ts ADDED Viewed

@@ -0,0 +1,689 @@
+// @generated by protoc-gen-es v2.2.5 with parameter "target=ts,import_extension=.js"
+// @generated from file authorization/authorization.proto (package authorization, syntax proto3)
+/* eslint-disable */
+import type { GenEnum, GenFile, GenMessage, GenService } from "@bufbuild/protobuf/codegenv1";
+import { enumDesc, fileDesc, messageDesc, serviceDesc } from "@bufbuild/protobuf/codegenv1";
+import { file_google_api_annotations } from "../google/api/annotations_pb.js";
+import type { Any } from "@bufbuild/protobuf/wkt";
+import { file_google_protobuf_any } from "@bufbuild/protobuf/wkt";
+import type { Action } from "../policy/objects_pb.js";
+import { file_policy_objects } from "../policy/objects_pb.js";
+import type { Message } from "@bufbuild/protobuf";
+/**
+ * Describes the file authorization/authorization.proto.
+ */
+export const file_authorization_authorization: GenFile = /*@__PURE__*/
+  fileDesc("CiFhdXRob3JpemF0aW9uL2F1dGhvcml6YXRpb24ucHJvdG8SDWF1dGhvcml6YXRpb24iIAoFVG9rZW4SCgoCaWQYASABKAkSCwoDand0GAIgASgJIvICCgZFbnRpdHkSCgoCaWQYASABKAkSFwoNZW1haWxfYWRkcmVzcxgCIAEoCUgAEhMKCXVzZXJfbmFtZRgDIAEoCUgAEhsKEXJlbW90ZV9jbGFpbXNfdXJsGAQgASgJSAASDgoEdXVpZBgFIAEoCUgAEiYKBmNsYWltcxgGIAEoCzIULmdvb2dsZS5wcm90b2J1Zi5BbnlIABItCgZjdXN0b20YByABKAsyGy5hdXRob3JpemF0aW9uLkVudGl0eUN1c3RvbUgAEhMKCWNsaWVudF9pZBgIIAEoCUgAEjAKCGNhdGVnb3J5GAkgASgOMh4uYXV0aG9yaXphdGlvbi5FbnRpdHkuQ2F0ZWdvcnkiVAoIQ2F0ZWdvcnkSGAoUQ0FURUdPUllfVU5TUEVDSUZJRUQQABIUChBDQVRFR09SWV9TVUJKRUNUEAESGAoUQ0FURUdPUllfRU5WSVJPTk1FTlQQAkINCgtlbnRpdHlfdHlwZSI3CgxFbnRpdHlDdXN0b20SJwoJZXh0ZW5zaW9uGAEgASgLMhQuZ29vZ2xlLnByb3RvYnVmLkFueSJCCgtFbnRpdHlDaGFpbhIKCgJpZBgBIAEoCRInCghlbnRpdGllcxgCIAMoCzIVLmF1dGhvcml6YXRpb24uRW50aXR5IqQBCg9EZWNpc2lvblJlcXVlc3QSHwoHYWN0aW9ucxgBIAMoCzIOLnBvbGljeS5BY3Rpb24SMQoNZW50aXR5X2NoYWlucxgCIAMoCzIaLmF1dGhvcml6YXRpb24uRW50aXR5Q2hhaW4SPQoTcmVzb3VyY2VfYXR0cmlidXRlcxgDIAMoCzIgLmF1dGhvcml6YXRpb24uUmVzb3VyY2VBdHRyaWJ1dGUiigIKEERlY2lzaW9uUmVzcG9uc2USFwoPZW50aXR5X2NoYWluX2lkGAEgASgJEh4KFnJlc291cmNlX2F0dHJpYnV0ZXNfaWQYAiABKAkSHgoGYWN0aW9uGAMgASgLMg4ucG9saWN5LkFjdGlvbhI6CghkZWNpc2lvbhgEIAEoDjIoLmF1dGhvcml6YXRpb24uRGVjaXNpb25SZXNwb25zZS5EZWNpc2lvbhITCgtvYmxpZ2F0aW9ucxgFIAMoCSJMCghEZWNpc2lvbhIYChRERUNJU0lPTl9VTlNQRUNJRklFRBAAEhEKDURFQ0lTSU9OX0RFTlkQARITCg9ERUNJU0lPTl9QRVJNSVQQAiJQChNHZXREZWNpc2lvbnNSZXF1ZXN0EjkKEWRlY2lzaW9uX3JlcXVlc3RzGAEgAygLMh4uYXV0aG9yaXphdGlvbi5EZWNpc2lvblJlcXVlc3QiUwoUR2V0RGVjaXNpb25zUmVzcG9uc2USOwoSZGVjaXNpb25fcmVzcG9uc2VzGAEgAygLMh8uYXV0aG9yaXphdGlvbi5EZWNpc2lvblJlc3BvbnNlIs0BChZHZXRFbnRpdGxlbWVudHNSZXF1ZXN0EicKCGVudGl0aWVzGAEgAygLMhUuYXV0aG9yaXphdGlvbi5FbnRpdHkSNAoFc2NvcGUYAiABKAsyIC5hdXRob3JpemF0aW9uLlJlc291cmNlQXR0cmlidXRlSACIAQESKQocd2l0aF9jb21wcmVoZW5zaXZlX2hpZXJhcmNoeRgDIAEoCEgBiAEBQggKBl9zY29wZUIfCh1fd2l0aF9jb21wcmVoZW5zaXZlX2hpZXJhcmNoeSJFChJFbnRpdHlFbnRpdGxlbWVudHMSEQoJZW50aXR5X2lkGAEgASgJEhwKFGF0dHJpYnV0ZV92YWx1ZV9mcW5zGAIgAygJIlEKEVJlc291cmNlQXR0cmlidXRlEh4KFnJlc291cmNlX2F0dHJpYnV0ZXNfaWQYASABKAkSHAoUYXR0cmlidXRlX3ZhbHVlX2ZxbnMYAiADKAkiUgoXR2V0RW50aXRsZW1lbnRzUmVzcG9uc2USNwoMZW50aXRsZW1lbnRzGAEgAygLMiEuYXV0aG9yaXphdGlvbi5FbnRpdHlFbnRpdGxlbWVudHMinAEKFFRva2VuRGVjaXNpb25SZXF1ZXN0Eh8KB2FjdGlvbnMYASADKAsyDi5wb2xpY3kuQWN0aW9uEiQKBnRva2VucxgCIAMoCzIULmF1dGhvcml6YXRpb24uVG9rZW4SPQoTcmVzb3VyY2VfYXR0cmlidXRlcxgDIAMoCzIgLmF1dGhvcml6YXRpb24uUmVzb3VyY2VBdHRyaWJ1dGUiXAoaR2V0RGVjaXNpb25zQnlUb2tlblJlcXVlc3QSPgoRZGVjaXNpb25fcmVxdWVzdHMYASADKAsyIy5hdXRob3JpemF0aW9uLlRva2VuRGVjaXNpb25SZXF1ZXN0IloKG0dldERlY2lzaW9uc0J5VG9rZW5SZXNwb25zZRI7ChJkZWNpc2lvbl9yZXNwb25zZXMYASADKAsyHy5hdXRob3JpemF0aW9uLkRlY2lzaW9uUmVzcG9uc2UynAMKFEF1dGhvcml6YXRpb25TZXJ2aWNlEnUKDEdldERlY2lzaW9ucxIiLmF1dGhvcml6YXRpb24uR2V0RGVjaXNpb25zUmVxdWVzdBojLmF1dGhvcml6YXRpb24uR2V0RGVjaXNpb25zUmVzcG9uc2UiHILT5JMCFjoBKiIRL3YxL2F1dGhvcml6YXRpb24SjQEKE0dldERlY2lzaW9uc0J5VG9rZW4SKS5hdXRob3JpemF0aW9uLkdldERlY2lzaW9uc0J5VG9rZW5SZXF1ZXN0GiouYXV0aG9yaXphdGlvbi5HZXREZWNpc2lvbnNCeVRva2VuUmVzcG9uc2UiH4LT5JMCGSIXL3YxL3Rva2VuL2F1dGhvcml6YXRpb24SfQoPR2V0RW50aXRsZW1lbnRzEiUuYXV0aG9yaXphdGlvbi5HZXRFbnRpdGxlbWVudHNSZXF1ZXN0GiYuYXV0aG9yaXphdGlvbi5HZXRFbnRpdGxlbWVudHNSZXNwb25zZSIbgtPkkwIVOgEqIhAvdjEvZW50aXRsZW1lbnRzYgZwcm90bzM", [file_google_api_annotations, file_google_protobuf_any, file_policy_objects]);
+/**
+ * @generated from message authorization.Token
+ */
+export type Token = Message<"authorization.Token"> & {
+  /**
+   * ephemeral id for tracking between request and response
+   *
+   * @generated from field: string id = 1;
+   */
+  id: string;
+  /**
+   * the token
+   *
+   * @generated from field: string jwt = 2;
+   */
+  jwt: string;
+};
+/**
+ * Describes the message authorization.Token.
+ * Use `create(TokenSchema)` to create a new message.
+ */
+export const TokenSchema: GenMessage<Token> = /*@__PURE__*/
+  messageDesc(file_authorization_authorization, 0);
+/**
+ * PE (Person Entity) or NPE (Non-Person Entity)
+ *
+ * @generated from message authorization.Entity
+ */
+export type Entity = Message<"authorization.Entity"> & {
+  /**
+   * ephemeral id for tracking between request and response
+   *
+   * @generated from field: string id = 1;
+   */
+  id: string;
+  /**
+   * Standard entity types supported by the platform
+   *
+   * @generated from oneof authorization.Entity.entity_type
+   */
+  entityType: {
+    /**
+     * one of the entity options must be set
+     *
+     * @generated from field: string email_address = 2;
+     */
+    value: string;
+    case: "emailAddress";
+  } | {
+    /**
+     * @generated from field: string user_name = 3;
+     */
+    value: string;
+    case: "userName";
+  } | {
+    /**
+     * @generated from field: string remote_claims_url = 4;
+     */
+    value: string;
+    case: "remoteClaimsUrl";
+  } | {
+    /**
+     * @generated from field: string uuid = 5;
+     */
+    value: string;
+    case: "uuid";
+  } | {
+    /**
+     * @generated from field: google.protobuf.Any claims = 6;
+     */
+    value: Any;
+    case: "claims";
+  } | {
+    /**
+     * @generated from field: authorization.EntityCustom custom = 7;
+     */
+    value: EntityCustom;
+    case: "custom";
+  } | {
+    /**
+     * @generated from field: string client_id = 8;
+     */
+    value: string;
+    case: "clientId";
+  } | { case: undefined; value?: undefined };
+  /**
+   * @generated from field: authorization.Entity.Category category = 9;
+   */
+  category: Entity_Category;
+};
+/**
+ * Describes the message authorization.Entity.
+ * Use `create(EntitySchema)` to create a new message.
+ */
+export const EntitySchema: GenMessage<Entity> = /*@__PURE__*/
+  messageDesc(file_authorization_authorization, 1);
+/**
+ * @generated from enum authorization.Entity.Category
+ */
+export enum Entity_Category {
+  /**
+   * @generated from enum value: CATEGORY_UNSPECIFIED = 0;
+   */
+  UNSPECIFIED = 0,
+  /**
+   * @generated from enum value: CATEGORY_SUBJECT = 1;
+   */
+  SUBJECT = 1,
+  /**
+   * @generated from enum value: CATEGORY_ENVIRONMENT = 2;
+   */
+  ENVIRONMENT = 2,
+}
+/**
+ * Describes the enum authorization.Entity.Category.
+ */
+export const Entity_CategorySchema: GenEnum<Entity_Category> = /*@__PURE__*/
+  enumDesc(file_authorization_authorization, 1, 0);
+/**
+ * Entity type for custom entities beyond the standard types
+ *
+ * @generated from message authorization.EntityCustom
+ */
+export type EntityCustom = Message<"authorization.EntityCustom"> & {
+  /**
+   * @generated from field: google.protobuf.Any extension = 1;
+   */
+  extension?: Any;
+};
+/**
+ * Describes the message authorization.EntityCustom.
+ * Use `create(EntityCustomSchema)` to create a new message.
+ */
+export const EntityCustomSchema: GenMessage<EntityCustom> = /*@__PURE__*/
+  messageDesc(file_authorization_authorization, 2);
+/**
+ * A set of related PE and NPE
+ *
+ * @generated from message authorization.EntityChain
+ */
+export type EntityChain = Message<"authorization.EntityChain"> & {
+  /**
+   * ephemeral id for tracking between request and response
+   *
+   * @generated from field: string id = 1;
+   */
+  id: string;
+  /**
+   * @generated from field: repeated authorization.Entity entities = 2;
+   */
+  entities: Entity[];
+};
+/**
+ * Describes the message authorization.EntityChain.
+ * Use `create(EntityChainSchema)` to create a new message.
+ */
+export const EntityChainSchema: GenMessage<EntityChain> = /*@__PURE__*/
+  messageDesc(file_authorization_authorization, 3);
+/**
+ *
+ * Example Request Get Decisions to answer the question -  Do Bob (represented by entity chain ec1)
+ * and Alice (represented by entity chain ec2) have TRANSMIT authorization for
+ * 2 resources; resource1 (attr-set-1) defined by attributes foo:bar  resource2 (attr-set-2) defined by attribute foo:bar, color:red ?
+ *
+ * {
+ * "actions": [
+ * {
+ * "standard": "STANDARD_ACTION_TRANSMIT"
+ * }
+ * ],
+ * "entityChains": [
+ * {
+ * "id": "ec1",
+ * "entities": [
+ * {
+ * "emailAddress": "bob@example.org"
+ * }
+ * ]
+ * },
+ * {
+ * "id": "ec2",
+ * "entities": [
+ * {
+ * "userName": "alice@example.org"
+ * }
+ * ]
+ * }
+ * ],
+ * "resourceAttributes": [
+ * {
+ * "resourceAttributeId":  "attr-set-1",
+ * "attributeFqns": [
+ * "https://www.example.org/attr/foo/value/value1"
+ * ]
+ * },
+ * {
+ * "resourceAttributeId":  "attr-set-2",
+ * "attributeFqns": [
+ * "https://example.net/attr/attr1/value/value1",
+ * "https://example.net/attr/attr1/value/value2"
+ * ]
+ * }
+ * ]
+ * }
+ *
+ *
+ * @generated from message authorization.DecisionRequest
+ */
+export type DecisionRequest = Message<"authorization.DecisionRequest"> & {
+  /**
+   * @generated from field: repeated policy.Action actions = 1;
+   */
+  actions: Action[];
+  /**
+   * @generated from field: repeated authorization.EntityChain entity_chains = 2;
+   */
+  entityChains: EntityChain[];
+  /**
+   * @generated from field: repeated authorization.ResourceAttribute resource_attributes = 3;
+   */
+  resourceAttributes: ResourceAttribute[];
+};
+/**
+ * Describes the message authorization.DecisionRequest.
+ * Use `create(DecisionRequestSchema)` to create a new message.
+ */
+export const DecisionRequestSchema: GenMessage<DecisionRequest> = /*@__PURE__*/
+  messageDesc(file_authorization_authorization, 4);
+/**
+ *
+ *
+ * Example response for a Decision Request -  Do Bob (represented by entity chain ec1)
+ * and Alice (represented by entity chain ec2) have TRANSMIT authorization for
+ * 2 resources; resource1 (attr-set-1) defined by attributes foo:bar  resource2 (attr-set-2) defined by attribute foo:bar, color:red ?
+ *
+ * Results:
+ * - bob has permitted authorization to transmit for a resource defined by attr-set-1 attributes and has a watermark obligation
+ * - bob has denied authorization to transmit a for a resource defined by attr-set-2 attributes
+ * - alice has permitted authorization to transmit for a resource defined by attr-set-1 attributes
+ * - alice has denied authorization to transmit a for a resource defined by attr-set-2 attributes
+ *
+ * {
+ * "entityChainId":  "ec1",
+ * "resourceAttributesId":  "attr-set-1",
+ * "decision":  "DECISION_PERMIT",
+ * "obligations":  [
+ * "http://www.example.org/obligation/watermark"
+ * ]
+ * },
+ * {
+ * "entityChainId":  "ec1",
+ * "resourceAttributesId":  "attr-set-2",
+ * "decision":  "DECISION_PERMIT"
+ * },
+ * {
+ * "entityChainId":  "ec2",
+ * "resourceAttributesId":  "attr-set-1",
+ * "decision":  "DECISION_PERMIT"
+ * },
+ * {
+ * "entityChainId":  "ec2",
+ * "resourceAttributesId":  "attr-set-2",
+ * "decision":  "DECISION_DENY"
+ * }
+ *
+ *
+ *
+ * @generated from message authorization.DecisionResponse
+ */
+export type DecisionResponse = Message<"authorization.DecisionResponse"> & {
+  /**
+   * ephemeral entity chain id from the request
+   *
+   * @generated from field: string entity_chain_id = 1;
+   */
+  entityChainId: string;
+  /**
+   * ephemeral resource attributes id from the request
+   *
+   * @generated from field: string resource_attributes_id = 2;
+   */
+  resourceAttributesId: string;
+  /**
+   * Action of the decision response
+   *
+   * @generated from field: policy.Action action = 3;
+   */
+  action?: Action;
+  /**
+   * The decision response
+   *
+   * @generated from field: authorization.DecisionResponse.Decision decision = 4;
+   */
+  decision: DecisionResponse_Decision;
+  /**
+   * optional list of obligations represented in URI format
+   *
+   * @generated from field: repeated string obligations = 5;
+   */
+  obligations: string[];
+};
+/**
+ * Describes the message authorization.DecisionResponse.
+ * Use `create(DecisionResponseSchema)` to create a new message.
+ */
+export const DecisionResponseSchema: GenMessage<DecisionResponse> = /*@__PURE__*/
+  messageDesc(file_authorization_authorization, 5);
+/**
+ * @generated from enum authorization.DecisionResponse.Decision
+ */
+export enum DecisionResponse_Decision {
+  /**
+   * @generated from enum value: DECISION_UNSPECIFIED = 0;
+   */
+  UNSPECIFIED = 0,
+  /**
+   * @generated from enum value: DECISION_DENY = 1;
+   */
+  DENY = 1,
+  /**
+   * @generated from enum value: DECISION_PERMIT = 2;
+   */
+  PERMIT = 2,
+}
+/**
+ * Describes the enum authorization.DecisionResponse.Decision.
+ */
+export const DecisionResponse_DecisionSchema: GenEnum<DecisionResponse_Decision> = /*@__PURE__*/
+  enumDesc(file_authorization_authorization, 5, 0);
+/**
+ * @generated from message authorization.GetDecisionsRequest
+ */
+export type GetDecisionsRequest = Message<"authorization.GetDecisionsRequest"> & {
+  /**
+   * @generated from field: repeated authorization.DecisionRequest decision_requests = 1;
+   */
+  decisionRequests: DecisionRequest[];
+};
+/**
+ * Describes the message authorization.GetDecisionsRequest.
+ * Use `create(GetDecisionsRequestSchema)` to create a new message.
+ */
+export const GetDecisionsRequestSchema: GenMessage<GetDecisionsRequest> = /*@__PURE__*/
+  messageDesc(file_authorization_authorization, 6);
+/**
+ * @generated from message authorization.GetDecisionsResponse
+ */
+export type GetDecisionsResponse = Message<"authorization.GetDecisionsResponse"> & {
+  /**
+   * @generated from field: repeated authorization.DecisionResponse decision_responses = 1;
+   */
+  decisionResponses: DecisionResponse[];
+};
+/**
+ * Describes the message authorization.GetDecisionsResponse.
+ * Use `create(GetDecisionsResponseSchema)` to create a new message.
+ */
+export const GetDecisionsResponseSchema: GenMessage<GetDecisionsResponse> = /*@__PURE__*/
+  messageDesc(file_authorization_authorization, 7);
+/**
+ *
+ * Request to get entitlements for one or more entities for an optional attribute scope
+ *
+ * Example: Get entitlements for bob and alice (both represented using an email address
+ *
+ * {
+ * "entities": [
+ * {
+ * "id": "e1",
+ * "emailAddress": "bob@example.org"
+ * },
+ * {
+ * "id": "e2",
+ * "emailAddress": "alice@example.org"
+ * }
+ * ],
+ * "scope": {
+ * "attributeFqns": [
+ * "https://example.net/attr/attr1/value/value1",
+ * "https://example.net/attr/attr1/value/value2"
+ * ]
+ * }
+ * }
+ *
+ *
+ * @generated from message authorization.GetEntitlementsRequest
+ */
+export type GetEntitlementsRequest = Message<"authorization.GetEntitlementsRequest"> & {
+  /**
+   * list of requested entities
+   *
+   * @generated from field: repeated authorization.Entity entities = 1;
+   */
+  entities: Entity[];
+  /**
+   * optional attribute fqn as a scope
+   *
+   * @generated from field: optional authorization.ResourceAttribute scope = 2;
+   */
+  scope?: ResourceAttribute;
+  /**
+   * optional parameter to return a full list of entitlements - returns lower hierarchy attributes
+   *
+   * @generated from field: optional bool with_comprehensive_hierarchy = 3;
+   */
+  withComprehensiveHierarchy?: boolean;
+};
+/**
+ * Describes the message authorization.GetEntitlementsRequest.
+ * Use `create(GetEntitlementsRequestSchema)` to create a new message.
+ */
+export const GetEntitlementsRequestSchema: GenMessage<GetEntitlementsRequest> = /*@__PURE__*/
+  messageDesc(file_authorization_authorization, 8);
+/**
+ * @generated from message authorization.EntityEntitlements
+ */
+export type EntityEntitlements = Message<"authorization.EntityEntitlements"> & {
+  /**
+   * @generated from field: string entity_id = 1;
+   */
+  entityId: string;
+  /**
+   * @generated from field: repeated string attribute_value_fqns = 2;
+   */
+  attributeValueFqns: string[];
+};
+/**
+ * Describes the message authorization.EntityEntitlements.
+ * Use `create(EntityEntitlementsSchema)` to create a new message.
+ */
+export const EntityEntitlementsSchema: GenMessage<EntityEntitlements> = /*@__PURE__*/
+  messageDesc(file_authorization_authorization, 9);
+/**
+ * A logical bucket of attributes belonging to a "Resource"
+ *
+ * @generated from message authorization.ResourceAttribute
+ */
+export type ResourceAttribute = Message<"authorization.ResourceAttribute"> & {
+  /**
+   * @generated from field: string resource_attributes_id = 1;
+   */
+  resourceAttributesId: string;
+  /**
+   * @generated from field: repeated string attribute_value_fqns = 2;
+   */
+  attributeValueFqns: string[];
+};
+/**
+ * Describes the message authorization.ResourceAttribute.
+ * Use `create(ResourceAttributeSchema)` to create a new message.
+ */
+export const ResourceAttributeSchema: GenMessage<ResourceAttribute> = /*@__PURE__*/
+  messageDesc(file_authorization_authorization, 10);
+/**
+ *
+ *
+ * Example Response for a request of : Get entitlements for bob and alice (both represented using an email address
+ *
+ * {
+ * "entitlements":  [
+ * {
+ * "entityId":  "e1",
+ * "attributeValueReferences":  [
+ * {
+ * "attributeFqn":  "http://www.example.org/attr/foo/value/bar"
+ * }
+ * ]
+ * },
+ * {
+ * "entityId":  "e2",
+ * "attributeValueReferences":  [
+ * {
+ * "attributeFqn":  "http://www.example.org/attr/color/value/red"
+ * }
+ * ]
+ * }
+ * ]
+ * }
+ *
+ *
+ *
+ * @generated from message authorization.GetEntitlementsResponse
+ */
+export type GetEntitlementsResponse = Message<"authorization.GetEntitlementsResponse"> & {
+  /**
+   * @generated from field: repeated authorization.EntityEntitlements entitlements = 1;
+   */
+  entitlements: EntityEntitlements[];
+};
+/**
+ * Describes the message authorization.GetEntitlementsResponse.
+ * Use `create(GetEntitlementsResponseSchema)` to create a new message.
+ */
+export const GetEntitlementsResponseSchema: GenMessage<GetEntitlementsResponse> = /*@__PURE__*/
+  messageDesc(file_authorization_authorization, 11);
+/**
+ *
+ * Example Request Get Decisions by Token to answer the question -  Do Bob and client1 (represented by token tok1)
+ * and Alice and client2 (represented by token tok2) have TRANSMIT authorization for
+ * 2 resources; resource1 (attr-set-1) defined by attributes foo:bar  resource2 (attr-set-2) defined by attribute foo:bar, color:red ?
+ *
+ * {
+ * "actions": [
+ * {
+ * "standard": "STANDARD_ACTION_TRANSMIT"
+ * }
+ * ],
+ * "tokens": [
+ * {
+ * "id": "tok1",
+ * "jwt": ....
+ * },
+ * {
+ * "id": "tok2",
+ * "jwt": .....
+ * }
+ * ],
+ * "resourceAttributes": [
+ * {
+ * "attributeFqns": [
+ * "https://www.example.org/attr/foo/value/value1"
+ * ]
+ * },
+ * {
+ * "attributeFqns": [
+ * "https://example.net/attr/attr1/value/value1",
+ * "https://example.net/attr/attr1/value/value2"
+ * ]
+ * }
+ * ]
+ * }
+ *
+ *
+ * @generated from message authorization.TokenDecisionRequest
+ */
+export type TokenDecisionRequest = Message<"authorization.TokenDecisionRequest"> & {
+  /**
+   * @generated from field: repeated policy.Action actions = 1;
+   */
+  actions: Action[];
+  /**
+   * @generated from field: repeated authorization.Token tokens = 2;
+   */
+  tokens: Token[];
+  /**
+   * @generated from field: repeated authorization.ResourceAttribute resource_attributes = 3;
+   */
+  resourceAttributes: ResourceAttribute[];
+};
+/**
+ * Describes the message authorization.TokenDecisionRequest.
+ * Use `create(TokenDecisionRequestSchema)` to create a new message.
+ */
+export const TokenDecisionRequestSchema: GenMessage<TokenDecisionRequest> = /*@__PURE__*/
+  messageDesc(file_authorization_authorization, 12);
+/**
+ * @generated from message authorization.GetDecisionsByTokenRequest
+ */
+export type GetDecisionsByTokenRequest = Message<"authorization.GetDecisionsByTokenRequest"> & {
+  /**
+   * @generated from field: repeated authorization.TokenDecisionRequest decision_requests = 1;
+   */
+  decisionRequests: TokenDecisionRequest[];
+};
+/**
+ * Describes the message authorization.GetDecisionsByTokenRequest.
+ * Use `create(GetDecisionsByTokenRequestSchema)` to create a new message.
+ */
+export const GetDecisionsByTokenRequestSchema: GenMessage<GetDecisionsByTokenRequest> = /*@__PURE__*/
+  messageDesc(file_authorization_authorization, 13);
+/**
+ * @generated from message authorization.GetDecisionsByTokenResponse
+ */
+export type GetDecisionsByTokenResponse = Message<"authorization.GetDecisionsByTokenResponse"> & {
+  /**
+   * @generated from field: repeated authorization.DecisionResponse decision_responses = 1;
+   */
+  decisionResponses: DecisionResponse[];
+};
+/**
+ * Describes the message authorization.GetDecisionsByTokenResponse.
+ * Use `create(GetDecisionsByTokenResponseSchema)` to create a new message.
+ */
+export const GetDecisionsByTokenResponseSchema: GenMessage<GetDecisionsByTokenResponse> = /*@__PURE__*/
+  messageDesc(file_authorization_authorization, 14);
+/**
+ * @generated from service authorization.AuthorizationService
+ */
+export const AuthorizationService: GenService<{
+  /**
+   * @generated from rpc authorization.AuthorizationService.GetDecisions
+   */
+  getDecisions: {
+    methodKind: "unary";
+    input: typeof GetDecisionsRequestSchema;
+    output: typeof GetDecisionsResponseSchema;
+  },
+  /**
+   * @generated from rpc authorization.AuthorizationService.GetDecisionsByToken
+   */
+  getDecisionsByToken: {
+    methodKind: "unary";
+    input: typeof GetDecisionsByTokenRequestSchema;
+    output: typeof GetDecisionsByTokenResponseSchema;
+  },
+  /**
+   * @generated from rpc authorization.AuthorizationService.GetEntitlements
+   */
+  getEntitlements: {
+    methodKind: "unary";
+    input: typeof GetEntitlementsRequestSchema;
+    output: typeof GetEntitlementsResponseSchema;
+  },
+}> = /*@__PURE__*/
+  serviceDesc(file_authorization_authorization, 0);