@opentdf/sdk 0.4.1-rc.37 → 0.5.0-beta.42

package/src/platform/authorization/v2/authorization_pb.ts

@@ -0,0 +1,503 @@
+// @generated by protoc-gen-es v2.2.5 with parameter "target=ts,import_extension=.js"
+// @generated from file authorization/v2/authorization.proto (package authorization.v2, syntax proto3)
+/* eslint-disable */
+
+import type { GenEnum, GenFile, GenMessage, GenService } from "@bufbuild/protobuf/codegenv1";
+import { enumDesc, fileDesc, messageDesc, serviceDesc } from "@bufbuild/protobuf/codegenv1";
+import { file_buf_validate_validate } from "../../buf/validate/validate_pb.js";
+import type { EntityChain, Token } from "../../entity/entity_pb.js";
+import { file_entity_entity } from "../../entity/entity_pb.js";
+import type { BoolValue } from "@bufbuild/protobuf/wkt";
+import { file_google_protobuf_wrappers } from "@bufbuild/protobuf/wkt";
+import type { Action } from "../../policy/objects_pb.js";
+import { file_policy_objects } from "../../policy/objects_pb.js";
+import type { Message } from "@bufbuild/protobuf";
+
+/**
+ * Describes the file authorization/v2/authorization.proto.
+ */
+export const file_authorization_v2_authorization: GenFile = /*@__PURE__*/
+  fileDesc("CiRhdXRob3JpemF0aW9uL3YyL2F1dGhvcml6YXRpb24ucHJvdG8SEGF1dGhvcml6YXRpb24udjIixQQKEEVudGl0eUlkZW50aWZpZXIS1AEKDGVudGl0eV9jaGFpbhgBIAEoCzITLmVudGl0eS5FbnRpdHlDaGFpbkKmAbpIogG6AZ4BChVlbnRpdHlfY2hhaW5fcmVxdWlyZWQSN2VudGl0aWVzIG11c3QgYmUgcHJvdmlkZWQgYW5kIGJldHdlZW4gMSBhbmQgMTAgaW4gY291bnQaTGhhcyh0aGlzLmVudGl0aWVzKSAmJiB0aGlzLmVudGl0aWVzLnNpemUoKSA+IDAgJiYgdGhpcy5lbnRpdGllcy5zaXplKCkgPD0gMTBIABIzCh1yZWdpc3RlcmVkX3Jlc291cmNlX3ZhbHVlX2ZxbhgCIAEoCUIKukgHcgUQAYgBAUgAEnQKBXRva2VuGAMgASgLMg0uZW50aXR5LlRva2VuQlS6SFG6AU4KDnRva2VuX3JlcXVpcmVkEhZ0b2tlbiBtdXN0IGJlIHByb3ZpZGVkGiRoYXModGhpcy5qd3QpICYmIHRoaXMuand0LnNpemUoKSA+IDBIABKZAQoSd2l0aF9yZXF1ZXN0X3Rva2VuGAQgASgLMhouZ29vZ2xlLnByb3RvYnVmLkJvb2xWYWx1ZUJfukhcugFZCh93aXRoX3JlcXVlc3RfdG9rZW5fbXVzdF9iZV90cnVlEih3aXRoX3JlcXVlc3RfdG9rZW4gbXVzdCBiZSB0cnVlIHdoZW4gc2V0Ggx0aGlzID09IHRydWVIAEITCgppZGVudGlmaWVyEgW6SAIIASLAAgoSRW50aXR5RW50aXRsZW1lbnRzEhQKDGVwaGVtZXJhbF9pZBgBIAEoCRJuCh9hY3Rpb25zX3Blcl9hdHRyaWJ1dGVfdmFsdWVfZnFuGAIgAygLMkUuYXV0aG9yaXphdGlvbi52Mi5FbnRpdHlFbnRpdGxlbWVudHMuQWN0aW9uc1BlckF0dHJpYnV0ZVZhbHVlRnFuRW50cnkaLgoLQWN0aW9uc0xpc3QSHwoHYWN0aW9ucxgBIAMoCzIOLnBvbGljeS5BY3Rpb24adAogQWN0aW9uc1BlckF0dHJpYnV0ZVZhbHVlRnFuRW50cnkSCwoDa2V5GAEgASgJEj8KBXZhbHVlGAIgASgLMjAuYXV0aG9yaXphdGlvbi52Mi5FbnRpdHlFbnRpdGxlbWVudHMuQWN0aW9uc0xpc3Q6AjgBIqQDCghSZXNvdXJjZRIUCgxlcGhlbWVyYWxfaWQYASABKAkSnwIKEGF0dHJpYnV0ZV92YWx1ZXMYAiABKAsyKi5hdXRob3JpemF0aW9uLnYyLlJlc291cmNlLkF0dHJpYnV0ZVZhbHVlc0LWAbpI0gG6Ac4BChlhdHRyaWJ1dGVfdmFsdWVzX3JlcXVpcmVkElxpZiBwcm92aWRlZCwgcmVzb3VyY2UuYXR0cmlidXRlX3ZhbHVlcyBtdXN0IGJlIGJldHdlZW4gMSBhbmQgMjAgaW4gY291bnQgd2l0aCBhbGwgdmFsaWQgRlFOcxpTdGhpcy5mcW5zLnNpemUoKSA+IDAgJiYgdGhpcy5mcW5zLnNpemUoKSA8PSAyMCAmJiB0aGlzLmZxbnMuYWxsKGl0ZW0sIGl0ZW0uaXNVcmkoKSlIABIzCh1yZWdpc3RlcmVkX3Jlc291cmNlX3ZhbHVlX2ZxbhgDIAEoCUIKukgHcgUQAYgBAUgAGh8KD0F0dHJpYnV0ZVZhbHVlcxIMCgRmcW5zGAEgAygJQgoKCHJlc291cmNlIn0KEFJlc291cmNlRGVjaXNpb24SHQoVZXBoZW1lcmFsX3Jlc291cmNlX2lkGAEgASgJEiwKCGRlY2lzaW9uGAIgASgOMhouYXV0aG9yaXphdGlvbi52Mi5EZWNpc2lvbhIcChRyZXF1aXJlZF9vYmxpZ2F0aW9ucxgDIAMoCSKXBAoSR2V0RGVjaXNpb25SZXF1ZXN0EkUKEWVudGl0eV9pZGVudGlmaWVyGAEgASgLMiIuYXV0aG9yaXphdGlvbi52Mi5FbnRpdHlJZGVudGlmaWVyQga6SAPIAQESJgoGYWN0aW9uGAIgASgLMg4ucG9saWN5LkFjdGlvbkIGukgDyAEBEjQKCHJlc291cmNlGAMgASgLMhouYXV0aG9yaXphdGlvbi52Mi5SZXNvdXJjZUIGukgDyAEBEvQBChtmdWxmaWxsYWJsZV9vYmxpZ2F0aW9uX2ZxbnMYBCADKAlCzgG6SMoBugHGAQobb2JsaWdhdGlvbl92YWx1ZV9mcW5zX3ZhbGlkEl5pZiBwcm92aWRlZCwgZnVsZmlsbGFibGVfb2JsaWdhdGlvbl9mcW5zIG11c3QgYmUgYmV0d2VlbiAxIGFuZCA1MCBpbiBjb3VudCB3aXRoIGFsbCB2YWxpZCBGUU5zGkd0aGlzLnNpemUoKSA9PSAwIHx8ICh0aGlzLnNpemUoKSA8PSA1MCAmJiB0aGlzLmFsbChpdGVtLCBpdGVtLmlzVXJpKCkpKTplukhiGmAKKWdldF9kZWNpc2lvbl9yZXF1ZXN0LmFjdGlvbl9uYW1lX3JlcXVpcmVkEhxhY3Rpb24ubmFtZSBtdXN0IGJlIHByb3ZpZGVkGhVoYXModGhpcy5hY3Rpb24ubmFtZSkiSwoTR2V0RGVjaXNpb25SZXNwb25zZRI0CghkZWNpc2lvbhgBIAEoCzIiLmF1dGhvcml6YXRpb24udjIuUmVzb3VyY2VEZWNpc2lvbiKwBAofR2V0RGVjaXNpb25NdWx0aVJlc291cmNlUmVxdWVzdBJFChFlbnRpdHlfaWRlbnRpZmllchgBIAEoCzIiLmF1dGhvcml6YXRpb24udjIuRW50aXR5SWRlbnRpZmllckIGukgDyAEBEiYKBmFjdGlvbhgCIAEoCzIOLnBvbGljeS5BY3Rpb25CBrpIA8gBARI6CglyZXNvdXJjZXMYAyADKAsyGi5hdXRob3JpemF0aW9uLnYyLlJlc291cmNlQgu6SAiSAQUIARDoBxL0AQobZnVsZmlsbGFibGVfb2JsaWdhdGlvbl9mcW5zGAQgAygJQs4BukjKAboBxgEKG29ibGlnYXRpb25fdmFsdWVfZnFuc192YWxpZBJeaWYgcHJvdmlkZWQsIGZ1bGZpbGxhYmxlX29ibGlnYXRpb25fZnFucyBtdXN0IGJlIGJldHdlZW4gMSBhbmQgNTAgaW4gY291bnQgd2l0aCBhbGwgdmFsaWQgRlFOcxpHdGhpcy5zaXplKCkgPT0gMCB8fCAodGhpcy5zaXplKCkgPD0gNTAgJiYgdGhpcy5hbGwoaXRlbSwgaXRlbS5pc1VyaSgpKSk6a7pIaBpmCi9nZXRfZGVjaXNpb25fbXVsdGlfcmVxdWVzdC5hY3Rpb25fbmFtZV9yZXF1aXJlZBIcYWN0aW9uLm5hbWUgbXVzdCBiZSBwcm92aWRlZBoVaGFzKHRoaXMuYWN0aW9uLm5hbWUpIpUBCiBHZXREZWNpc2lvbk11bHRpUmVzb3VyY2VSZXNwb25zZRIxCg1hbGxfcGVybWl0dGVkGAEgASgLMhouZ29vZ2xlLnByb3RvYnVmLkJvb2xWYWx1ZRI+ChJyZXNvdXJjZV9kZWNpc2lvbnMYAiADKAsyIi5hdXRob3JpemF0aW9uLnYyLlJlc291cmNlRGVjaXNpb24icwoWR2V0RGVjaXNpb25CdWxrUmVxdWVzdBJZChFkZWNpc2lvbl9yZXF1ZXN0cxgBIAMoCzIxLmF1dGhvcml6YXRpb24udjIuR2V0RGVjaXNpb25NdWx0aVJlc291cmNlUmVxdWVzdEILukgIkgEFCAEQyAEiaQoXR2V0RGVjaXNpb25CdWxrUmVzcG9uc2USTgoSZGVjaXNpb25fcmVzcG9uc2VzGAEgAygLMjIuYXV0aG9yaXphdGlvbi52Mi5HZXREZWNpc2lvbk11bHRpUmVzb3VyY2VSZXNwb25zZSKrAQoWR2V0RW50aXRsZW1lbnRzUmVxdWVzdBJFChFlbnRpdHlfaWRlbnRpZmllchgBIAEoCzIiLmF1dGhvcml6YXRpb24udjIuRW50aXR5SWRlbnRpZmllckIGukgDyAEBEikKHHdpdGhfY29tcHJlaGVuc2l2ZV9oaWVyYXJjaHkYAiABKAhIAIgBAUIfCh1fd2l0aF9jb21wcmVoZW5zaXZlX2hpZXJhcmNoeSJVChdHZXRFbnRpdGxlbWVudHNSZXNwb25zZRI6CgxlbnRpdGxlbWVudHMYASADKAsyJC5hdXRob3JpemF0aW9uLnYyLkVudGl0eUVudGl0bGVtZW50cypMCghEZWNpc2lvbhIYChRERUNJU0lPTl9VTlNQRUNJRklFRBAAEhEKDURFQ0lTSU9OX0RFTlkQARITCg9ERUNJU0lPTl9QRVJNSVQQAjLOAwoUQXV0aG9yaXphdGlvblNlcnZpY2USXAoLR2V0RGVjaXNpb24SJC5hdXRob3JpemF0aW9uLnYyLkdldERlY2lzaW9uUmVxdWVzdBolLmF1dGhvcml6YXRpb24udjIuR2V0RGVjaXNpb25SZXNwb25zZSIAEoMBChhHZXREZWNpc2lvbk11bHRpUmVzb3VyY2USMS5hdXRob3JpemF0aW9uLnYyLkdldERlY2lzaW9uTXVsdGlSZXNvdXJjZVJlcXVlc3QaMi5hdXRob3JpemF0aW9uLnYyLkdldERlY2lzaW9uTXVsdGlSZXNvdXJjZVJlc3BvbnNlIgASaAoPR2V0RGVjaXNpb25CdWxrEiguYXV0aG9yaXphdGlvbi52Mi5HZXREZWNpc2lvbkJ1bGtSZXF1ZXN0GikuYXV0aG9yaXphdGlvbi52Mi5HZXREZWNpc2lvbkJ1bGtSZXNwb25zZSIAEmgKD0dldEVudGl0bGVtZW50cxIoLmF1dGhvcml6YXRpb24udjIuR2V0RW50aXRsZW1lbnRzUmVxdWVzdBopLmF1dGhvcml6YXRpb24udjIuR2V0RW50aXRsZW1lbnRzUmVzcG9uc2UiAGIGcHJvdG8z", [file_buf_validate_validate, file_entity_entity, file_google_protobuf_wrappers, file_policy_objects]);
+
+/**
+ * The EntityIdentifier specifies the actor in an entitlement or decision request - the PE, NPE, or PE+NPE being authorized.
+ * The abstraction houses the distinct entity types, PE and/or NPE combinations, or a registered resource value
+ * being treated as an entity in entitlement/authorization decisioning.
+ *
+ * @generated from message authorization.v2.EntityIdentifier
+ */
+export type EntityIdentifier = Message<"authorization.v2.EntityIdentifier"> & {
+  /**
+   * @generated from oneof authorization.v2.EntityIdentifier.identifier
+   */
+  identifier: {
+    /**
+     * chain of one or more entities and at most 10
+     *
+     * @generated from field: entity.EntityChain entity_chain = 1;
+     */
+    value: EntityChain;
+    case: "entityChain";
+  } | {
+    /**
+     * fully qualified name of the registered resource value stored in platform policy, where in
+     * this case the resource acts as and represents a single entity for authorization/entitlement decisioning
+     *
+     * @generated from field: string registered_resource_value_fqn = 2;
+     */
+    value: string;
+    case: "registeredResourceValueFqn";
+  } | {
+    /**
+     * access token (JWT), which is used to create an entity chain (comprising one or more entities)
+     *
+     * @generated from field: entity.Token token = 3;
+     */
+    value: Token;
+    case: "token";
+  } | {
+    /**
+     * derive the entity from the request's authorization access token JWT, rather than passing in the body
+     *
+     * @generated from field: google.protobuf.BoolValue with_request_token = 4;
+     */
+    value: BoolValue;
+    case: "withRequestToken";
+  } | { case: undefined; value?: undefined };
+};
+
+/**
+ * Describes the message authorization.v2.EntityIdentifier.
+ * Use `create(EntityIdentifierSchema)` to create a new message.
+ */
+export const EntityIdentifierSchema: GenMessage<EntityIdentifier> = /*@__PURE__*/
+  messageDesc(file_authorization_v2_authorization, 0);
+
+/**
+ * Entitlements for a given entity, mapping each attribute value FQN to any entitled actions[]
+ *
+ * @generated from message authorization.v2.EntityEntitlements
+ */
+export type EntityEntitlements = Message<"authorization.v2.EntityEntitlements"> & {
+  /**
+   * ephemeral id for tracking between request and response
+   *
+   * @generated from field: string ephemeral_id = 1;
+   */
+  ephemeralId: string;
+
+  /**
+   * @generated from field: map<string, authorization.v2.EntityEntitlements.ActionsList> actions_per_attribute_value_fqn = 2;
+   */
+  actionsPerAttributeValueFqn: { [key: string]: EntityEntitlements_ActionsList };
+};
+
+/**
+ * Describes the message authorization.v2.EntityEntitlements.
+ * Use `create(EntityEntitlementsSchema)` to create a new message.
+ */
+export const EntityEntitlementsSchema: GenMessage<EntityEntitlements> = /*@__PURE__*/
+  messageDesc(file_authorization_v2_authorization, 1);
+
+/**
+ * @generated from message authorization.v2.EntityEntitlements.ActionsList
+ */
+export type EntityEntitlements_ActionsList = Message<"authorization.v2.EntityEntitlements.ActionsList"> & {
+  /**
+   * @generated from field: repeated policy.Action actions = 1;
+   */
+  actions: Action[];
+};
+
+/**
+ * Describes the message authorization.v2.EntityEntitlements.ActionsList.
+ * Use `create(EntityEntitlements_ActionsListSchema)` to create a new message.
+ */
+export const EntityEntitlements_ActionsListSchema: GenMessage<EntityEntitlements_ActionsList> = /*@__PURE__*/
+  messageDesc(file_authorization_v2_authorization, 1, 0);
+
+/**
+ * Either a set of attribute values (such as those on a TDF) or a registered resource value
+ *
+ * @generated from message authorization.v2.Resource
+ */
+export type Resource = Message<"authorization.v2.Resource"> & {
+  /**
+   * ephemeral id for tracking between request and response
+   *
+   * @generated from field: string ephemeral_id = 1;
+   */
+  ephemeralId: string;
+
+  /**
+   * @generated from oneof authorization.v2.Resource.resource
+   */
+  resource: {
+    /**
+     * a set of attribute value FQNs, such as those on a TDF, between 1 and 20 in count
+     *
+     * @generated from field: authorization.v2.Resource.AttributeValues attribute_values = 2;
+     */
+    value: Resource_AttributeValues;
+    case: "attributeValues";
+  } | {
+    /**
+     * fully qualified name of the registered resource value stored in platform policy
+     *
+     * @generated from field: string registered_resource_value_fqn = 3;
+     */
+    value: string;
+    case: "registeredResourceValueFqn";
+  } | { case: undefined; value?: undefined };
+};
+
+/**
+ * Describes the message authorization.v2.Resource.
+ * Use `create(ResourceSchema)` to create a new message.
+ */
+export const ResourceSchema: GenMessage<Resource> = /*@__PURE__*/
+  messageDesc(file_authorization_v2_authorization, 2);
+
+/**
+ * @generated from message authorization.v2.Resource.AttributeValues
+ */
+export type Resource_AttributeValues = Message<"authorization.v2.Resource.AttributeValues"> & {
+  /**
+   * @generated from field: repeated string fqns = 1;
+   */
+  fqns: string[];
+};
+
+/**
+ * Describes the message authorization.v2.Resource.AttributeValues.
+ * Use `create(Resource_AttributeValuesSchema)` to create a new message.
+ */
+export const Resource_AttributeValuesSchema: GenMessage<Resource_AttributeValues> = /*@__PURE__*/
+  messageDesc(file_authorization_v2_authorization, 2, 0);
+
+/**
+ * @generated from message authorization.v2.ResourceDecision
+ */
+export type ResourceDecision = Message<"authorization.v2.ResourceDecision"> & {
+  /**
+   * ephemeral id for tracking between request and response
+   *
+   * @generated from field: string ephemeral_resource_id = 1;
+   */
+  ephemeralResourceId: string;
+
+  /**
+   * decision result
+   *
+   * @generated from field: authorization.v2.Decision decision = 2;
+   */
+  decision: Decision;
+
+  /**
+   * obligations (fully qualified values) the PEP is required to fulfill on the given resource
+   * i.e. https://<namespace>/obl/<definition name>/value/<value>
+   *
+   * @generated from field: repeated string required_obligations = 3;
+   */
+  requiredObligations: string[];
+};
+
+/**
+ * Describes the message authorization.v2.ResourceDecision.
+ * Use `create(ResourceDecisionSchema)` to create a new message.
+ */
+export const ResourceDecisionSchema: GenMessage<ResourceDecision> = /*@__PURE__*/
+  messageDesc(file_authorization_v2_authorization, 3);
+
+/**
+ * Can the identified entity/entities access?
+ * 1. one entity reference (actor)
+ * 2. one action
+ * 3. one resource
+ *
+ * If entitled, checks obligation policy: fulfillable obligations must satisfy all triggered.
+ *
+ * @generated from message authorization.v2.GetDecisionRequest
+ */
+export type GetDecisionRequest = Message<"authorization.v2.GetDecisionRequest"> & {
+  /**
+   * an entity must be identified for authorization decisioning
+   *
+   * @generated from field: authorization.v2.EntityIdentifier entity_identifier = 1;
+   */
+  entityIdentifier?: EntityIdentifier;
+
+  /**
+   * name on action is required
+   *
+   * @generated from field: policy.Action action = 2;
+   */
+  action?: Action;
+
+  /**
+   * @generated from field: authorization.v2.Resource resource = 3;
+   */
+  resource?: Resource;
+
+  /**
+   * obligations (fully qualified values) the requester is capable of fulfilling
+   * i.e. https://<namespace>/obl/<definition name>/value/<value>
+   *
+   * @generated from field: repeated string fulfillable_obligation_fqns = 4;
+   */
+  fulfillableObligationFqns: string[];
+};
+
+/**
+ * Describes the message authorization.v2.GetDecisionRequest.
+ * Use `create(GetDecisionRequestSchema)` to create a new message.
+ */
+export const GetDecisionRequestSchema: GenMessage<GetDecisionRequest> = /*@__PURE__*/
+  messageDesc(file_authorization_v2_authorization, 4);
+
+/**
+ * @generated from message authorization.v2.GetDecisionResponse
+ */
+export type GetDecisionResponse = Message<"authorization.v2.GetDecisionResponse"> & {
+  /**
+   * decision on the resource
+   *
+   * @generated from field: authorization.v2.ResourceDecision decision = 1;
+   */
+  decision?: ResourceDecision;
+};
+
+/**
+ * Describes the message authorization.v2.GetDecisionResponse.
+ * Use `create(GetDecisionResponseSchema)` to create a new message.
+ */
+export const GetDecisionResponseSchema: GenMessage<GetDecisionResponse> = /*@__PURE__*/
+  messageDesc(file_authorization_v2_authorization, 5);
+
+/**
+ * Can the identified entity/entities access?
+ * 1. one entity reference (actor)
+ * 2. one action
+ * 3. multiple resources
+ *
+ * If entitled, checks obligation policy: fulfillable obligations must satisfy all triggered.
+ *
+ * Note: this is a more performant bulk request for multiple resource decisions, up to 1000 per request
+ *
+ * @generated from message authorization.v2.GetDecisionMultiResourceRequest
+ */
+export type GetDecisionMultiResourceRequest = Message<"authorization.v2.GetDecisionMultiResourceRequest"> & {
+  /**
+   * an entity must be identified for authorization decisioning
+   *
+   * @generated from field: authorization.v2.EntityIdentifier entity_identifier = 1;
+   */
+  entityIdentifier?: EntityIdentifier;
+
+  /**
+   * name on action is required
+   *
+   * @generated from field: policy.Action action = 2;
+   */
+  action?: Action;
+
+  /**
+   * @generated from field: repeated authorization.v2.Resource resources = 3;
+   */
+  resources: Resource[];
+
+  /**
+   * obligations (fully qualified values) the requester is capable of fulfilling
+   * i.e. https://<namespace>/obl/<definition name>/value/<value>
+   *
+   * @generated from field: repeated string fulfillable_obligation_fqns = 4;
+   */
+  fulfillableObligationFqns: string[];
+};
+
+/**
+ * Describes the message authorization.v2.GetDecisionMultiResourceRequest.
+ * Use `create(GetDecisionMultiResourceRequestSchema)` to create a new message.
+ */
+export const GetDecisionMultiResourceRequestSchema: GenMessage<GetDecisionMultiResourceRequest> = /*@__PURE__*/
+  messageDesc(file_authorization_v2_authorization, 6);
+
+/**
+ * @generated from message authorization.v2.GetDecisionMultiResourceResponse
+ */
+export type GetDecisionMultiResourceResponse = Message<"authorization.v2.GetDecisionMultiResourceResponse"> & {
+  /**
+   * convenience flag indicating global resource decisions result (permit/deny)
+   *
+   * @generated from field: google.protobuf.BoolValue all_permitted = 1;
+   */
+  allPermitted?: boolean;
+
+  /**
+   * individual resource decisions
+   *
+   * @generated from field: repeated authorization.v2.ResourceDecision resource_decisions = 2;
+   */
+  resourceDecisions: ResourceDecision[];
+};
+
+/**
+ * Describes the message authorization.v2.GetDecisionMultiResourceResponse.
+ * Use `create(GetDecisionMultiResourceResponseSchema)` to create a new message.
+ */
+export const GetDecisionMultiResourceResponseSchema: GenMessage<GetDecisionMultiResourceResponse> = /*@__PURE__*/
+  messageDesc(file_authorization_v2_authorization, 7);
+
+/**
+ * Is access allowed?
+ * 1. Multiplexing of a Decision<EntityIdentifier, Action, repeated Resource> request
+ * This is a more performant bulk request for complex decisioning (i.e. multiple entity chains or actions on
+ * multiple resources)
+ *
+ * @generated from message authorization.v2.GetDecisionBulkRequest
+ */
+export type GetDecisionBulkRequest = Message<"authorization.v2.GetDecisionBulkRequest"> & {
+  /**
+   * @generated from field: repeated authorization.v2.GetDecisionMultiResourceRequest decision_requests = 1;
+   */
+  decisionRequests: GetDecisionMultiResourceRequest[];
+};
+
+/**
+ * Describes the message authorization.v2.GetDecisionBulkRequest.
+ * Use `create(GetDecisionBulkRequestSchema)` to create a new message.
+ */
+export const GetDecisionBulkRequestSchema: GenMessage<GetDecisionBulkRequest> = /*@__PURE__*/
+  messageDesc(file_authorization_v2_authorization, 8);
+
+/**
+ * @generated from message authorization.v2.GetDecisionBulkResponse
+ */
+export type GetDecisionBulkResponse = Message<"authorization.v2.GetDecisionBulkResponse"> & {
+  /**
+   * @generated from field: repeated authorization.v2.GetDecisionMultiResourceResponse decision_responses = 1;
+   */
+  decisionResponses: GetDecisionMultiResourceResponse[];
+};
+
+/**
+ * Describes the message authorization.v2.GetDecisionBulkResponse.
+ * Use `create(GetDecisionBulkResponseSchema)` to create a new message.
+ */
+export const GetDecisionBulkResponseSchema: GenMessage<GetDecisionBulkResponse> = /*@__PURE__*/
+  messageDesc(file_authorization_v2_authorization, 9);
+
+/**
+ * What is permitted to the identified entity/entities (actor), broken down as permitted actions on attribute value FQNs?
+ *
+ * Note: the v1 API parameter 'scope' has been dropped, and it is recommended to use
+ * GetDecision if the resource is known
+ *
+ * @generated from message authorization.v2.GetEntitlementsRequest
+ */
+export type GetEntitlementsRequest = Message<"authorization.v2.GetEntitlementsRequest"> & {
+  /**
+   * an entity must be identified for entitlement decisioning
+   *
+   * @generated from field: authorization.v2.EntityIdentifier entity_identifier = 1;
+   */
+  entityIdentifier?: EntityIdentifier;
+
+  /**
+   * optional parameter to return all entitled values for attribute definitions with hierarchy rules, propagating
+   * down the hierarchical values instead of returning solely the value that is directly entitled
+   *
+   * @generated from field: optional bool with_comprehensive_hierarchy = 2;
+   */
+  withComprehensiveHierarchy?: boolean;
+};
+
+/**
+ * Describes the message authorization.v2.GetEntitlementsRequest.
+ * Use `create(GetEntitlementsRequestSchema)` to create a new message.
+ */
+export const GetEntitlementsRequestSchema: GenMessage<GetEntitlementsRequest> = /*@__PURE__*/
+  messageDesc(file_authorization_v2_authorization, 10);
+
+/**
+ * @generated from message authorization.v2.GetEntitlementsResponse
+ */
+export type GetEntitlementsResponse = Message<"authorization.v2.GetEntitlementsResponse"> & {
+  /**
+   * @generated from field: repeated authorization.v2.EntityEntitlements entitlements = 1;
+   */
+  entitlements: EntityEntitlements[];
+};
+
+/**
+ * Describes the message authorization.v2.GetEntitlementsResponse.
+ * Use `create(GetEntitlementsResponseSchema)` to create a new message.
+ */
+export const GetEntitlementsResponseSchema: GenMessage<GetEntitlementsResponse> = /*@__PURE__*/
+  messageDesc(file_authorization_v2_authorization, 11);
+
+/**
+ * @generated from enum authorization.v2.Decision
+ */
+export enum Decision {
+  /**
+   * @generated from enum value: DECISION_UNSPECIFIED = 0;
+   */
+  UNSPECIFIED = 0,
+
+  /**
+   * @generated from enum value: DECISION_DENY = 1;
+   */
+  DENY = 1,
+
+  /**
+   * @generated from enum value: DECISION_PERMIT = 2;
+   */
+  PERMIT = 2,
+}
+
+/**
+ * Describes the enum authorization.v2.Decision.
+ */
+export const DecisionSchema: GenEnum<Decision> = /*@__PURE__*/
+  enumDesc(file_authorization_v2_authorization, 0);
+
+/**
+ * @generated from service authorization.v2.AuthorizationService
+ */
+export const AuthorizationService: GenService<{
+  /**
+   * @generated from rpc authorization.v2.AuthorizationService.GetDecision
+   */
+  getDecision: {
+    methodKind: "unary";
+    input: typeof GetDecisionRequestSchema;
+    output: typeof GetDecisionResponseSchema;
+  },
+  /**
+   * @generated from rpc authorization.v2.AuthorizationService.GetDecisionMultiResource
+   */
+  getDecisionMultiResource: {
+    methodKind: "unary";
+    input: typeof GetDecisionMultiResourceRequestSchema;
+    output: typeof GetDecisionMultiResourceResponseSchema;
+  },
+  /**
+   * @generated from rpc authorization.v2.AuthorizationService.GetDecisionBulk
+   */
+  getDecisionBulk: {
+    methodKind: "unary";
+    input: typeof GetDecisionBulkRequestSchema;
+    output: typeof GetDecisionBulkResponseSchema;
+  },
+  /**
+   * @generated from rpc authorization.v2.AuthorizationService.GetEntitlements
+   */
+  getEntitlements: {
+    methodKind: "unary";
+    input: typeof GetEntitlementsRequestSchema;
+    output: typeof GetEntitlementsResponseSchema;
+  },
+}> = /*@__PURE__*/
+  serviceDesc(file_authorization_v2_authorization, 0);
+