otdf-python 0.1.10__py3-none-any.whl → 0.3.1__py3-none-any.whl

otdf_python_proto/policy/objects_pb2.py

@@ -0,0 +1,150 @@
+# -*- coding: utf-8 -*-
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# NO CHECKED-IN PROTOBUF GENCODE
+# source: policy/objects.proto
+# Protobuf Python Version: 6.31.1
+"""Generated protocol buffer code."""
+from google.protobuf import descriptor as _descriptor
+from google.protobuf import descriptor_pool as _descriptor_pool
+from google.protobuf import runtime_version as _runtime_version
+from google.protobuf import symbol_database as _symbol_database
+from google.protobuf.internal import builder as _builder
+_runtime_version.ValidateProtobufRuntimeVersion(
+    _runtime_version.Domain.PUBLIC,
+    6,
+    31,
+    1,
+    '',
+    'policy/objects.proto'
+)
+# @@protoc_insertion_point(imports)
+
+_sym_db = _symbol_database.Default()
+
+
+from buf.validate import validate_pb2 as buf_dot_validate_dot_validate__pb2
+from common import common_pb2 as common_dot_common__pb2
+from google.protobuf import wrappers_pb2 as google_dot_protobuf_dot_wrappers__pb2
+
+
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x14policy/objects.proto\x12\x06policy\x1a\x1b\x62uf/validate/validate.proto\x1a\x13\x63ommon/common.proto\x1a\x1egoogle/protobuf/wrappers.proto\"i\n\x12SimpleKasPublicKey\x12/\n\talgorithm\x18\x01 \x01(\x0e\x32\x11.policy.AlgorithmR\talgorithm\x12\x10\n\x03kid\x18\x02 \x01(\tR\x03kid\x12\x10\n\x03pem\x18\x03 \x01(\tR\x03pem\"y\n\x0cSimpleKasKey\x12\x17\n\x07kas_uri\x18\x01 \x01(\tR\x06kasUri\x12\x39\n\npublic_key\x18\x02 \x01(\x0b\x32\x1a.policy.SimpleKasPublicKeyR\tpublicKey\x12\x15\n\x06kas_id\x18\x03 \x01(\tR\x05kasId\"\x86\x01\n\x11KeyProviderConfig\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n\x04name\x18\x02 \x01(\tR\x04name\x12\x1f\n\x0b\x63onfig_json\x18\x03 \x01(\x0cR\nconfigJson\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\x85\x02\n\tNamespace\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n\x04name\x18\x02 \x01(\tR\x04name\x12\x10\n\x03\x66qn\x18\x03 \x01(\tR\x03\x66qn\x12\x32\n\x06\x61\x63tive\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.BoolValueR\x06\x61\x63tive\x12,\n\x08metadata\x18\x05 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\x12/\n\x06grants\x18\x06 \x03(\x0b\x32\x17.policy.KeyAccessServerR\x06grants\x12/\n\x08kas_keys\x18\x07 \x03(\x0b\x32\x14.policy.SimpleKasKeyR\x07kasKeys\"\x9d\x03\n\tAttribute\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12/\n\tnamespace\x18\x02 \x01(\x0b\x32\x11.policy.NamespaceR\tnamespace\x12\x12\n\x04name\x18\x03 \x01(\tR\x04name\x12>\n\x04rule\x18\x04 \x01(\x0e\x32\x1d.policy.AttributeRuleTypeEnumB\x0b\xbaH\x08\x82\x01\x02\x10\x01\xc8\x01\x01R\x04rule\x12%\n\x06values\x18\x05 \x03(\x0b\x32\r.policy.ValueR\x06values\x12/\n\x06grants\x18\x06 \x03(\x0b\x32\x17.policy.KeyAccessServerR\x06grants\x12\x10\n\x03\x66qn\x18\x07 \x01(\tR\x03\x66qn\x12\x32\n\x06\x61\x63tive\x18\x08 \x01(\x0b\x32\x1a.google.protobuf.BoolValueR\x06\x61\x63tive\x12/\n\x08kas_keys\x18\t \x03(\x0b\x32\x14.policy.SimpleKasKeyR\x07kasKeys\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\xcc\x03\n\x05Value\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12/\n\tattribute\x18\x02 \x01(\x0b\x32\x11.policy.AttributeR\tattribute\x12\x14\n\x05value\x18\x03 \x01(\tR\x05value\x12/\n\x06grants\x18\x05 \x03(\x0b\x32\x17.policy.KeyAccessServerR\x06grants\x12\x10\n\x03\x66qn\x18\x06 \x01(\tR\x03\x66qn\x12\x32\n\x06\x61\x63tive\x18\x07 \x01(\x0b\x32\x1a.google.protobuf.BoolValueR\x06\x61\x63tive\x12\x41\n\x10subject_mappings\x18\x08 \x03(\x0b\x32\x16.policy.SubjectMappingR\x0fsubjectMappings\x12/\n\x08kas_keys\x18\t \x03(\x0b\x32\x14.policy.SimpleKasKeyR\x07kasKeys\x12\x44\n\x11resource_mappings\x18\n \x03(\x0b\x32\x17.policy.ResourceMappingR\x10resourceMappings\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadataJ\x04\x08\x04\x10\x05R\x07members\"\xa8\x02\n\x06\x41\x63tion\x12\x0e\n\x02id\x18\x03 \x01(\tR\x02id\x12;\n\x08standard\x18\x01 \x01(\x0e\x32\x1d.policy.Action.StandardActionH\x00R\x08standard\x12\x18\n\x06\x63ustom\x18\x02 \x01(\tH\x00R\x06\x63ustom\x12\x12\n\x04name\x18\x04 \x01(\tR\x04name\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"l\n\x0eStandardAction\x12\x1f\n\x1bSTANDARD_ACTION_UNSPECIFIED\x10\x00\x12\x1b\n\x17STANDARD_ACTION_DECRYPT\x10\x01\x12\x1c\n\x18STANDARD_ACTION_TRANSMIT\x10\x02\x42\x07\n\x05value\"\x81\x02\n\x0eSubjectMapping\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x36\n\x0f\x61ttribute_value\x18\x02 \x01(\x0b\x32\r.policy.ValueR\x0e\x61ttributeValue\x12O\n\x15subject_condition_set\x18\x03 \x01(\x0b\x32\x1b.policy.SubjectConditionSetR\x13subjectConditionSet\x12(\n\x07\x61\x63tions\x18\x04 \x03(\x0b\x32\x0e.policy.ActionR\x07\x61\x63tions\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\xe9\x01\n\tCondition\x12M\n\x1fsubject_external_selector_value\x18\x01 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x1csubjectExternalSelectorValue\x12K\n\x08operator\x18\x02 \x01(\x0e\x32\".policy.SubjectMappingOperatorEnumB\x0b\xbaH\x08\x82\x01\x02\x10\x01\xc8\x01\x01R\x08operator\x12@\n\x17subject_external_values\x18\x03 \x03(\tB\x08\xbaH\x05\x92\x01\x02\x08\x01R\x15subjectExternalValues\"\xa7\x01\n\x0e\x43onditionGroup\x12;\n\nconditions\x18\x01 \x03(\x0b\x32\x11.policy.ConditionB\x08\xbaH\x05\x92\x01\x02\x08\x01R\nconditions\x12X\n\x10\x62oolean_operator\x18\x02 \x01(\x0e\x32 .policy.ConditionBooleanTypeEnumB\x0b\xbaH\x08\x82\x01\x02\x10\x01\xc8\x01\x01R\x0f\x62ooleanOperator\"Y\n\nSubjectSet\x12K\n\x10\x63ondition_groups\x18\x01 \x03(\x0b\x32\x16.policy.ConditionGroupB\x08\xbaH\x05\x92\x01\x02\x08\x01R\x0f\x63onditionGroups\"\x94\x01\n\x13SubjectConditionSet\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12?\n\x0csubject_sets\x18\x03 \x03(\x0b\x32\x12.policy.SubjectSetB\x08\xbaH\x05\x92\x01\x02\x08\x01R\x0bsubjectSets\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"|\n\x0fSubjectProperty\x12\x42\n\x17\x65xternal_selector_value\x18\x01 \x01(\tB\n\xbaH\x07r\x02\x10\x01\xc8\x01\x01R\x15\x65xternalSelectorValue\x12%\n\x0e\x65xternal_value\x18\x02 \x01(\tR\rexternalValue\"\x9b\x01\n\x14ResourceMappingGroup\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12)\n\x0cnamespace_id\x18\x02 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x0bnamespaceId\x12\x1a\n\x04name\x18\x03 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x04name\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\xd9\x01\n\x0fResourceMapping\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12,\n\x08metadata\x18\x02 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\x12>\n\x0f\x61ttribute_value\x18\x03 \x01(\x0b\x32\r.policy.ValueB\x06\xbaH\x03\xc8\x01\x01R\x0e\x61ttributeValue\x12\x14\n\x05terms\x18\x04 \x03(\tR\x05terms\x12\x32\n\x05group\x18\x05 \x01(\x0b\x32\x1c.policy.ResourceMappingGroupR\x05group\"\x85\x05\n\x0fKeyAccessServer\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x87\x03\n\x03uri\x18\x02 \x01(\tB\xf4\x02\xbaH\xf0\x02\xba\x01\xec\x02\n\nuri_format\x12\xcf\x01URI must be a valid URL (e.g., \'https://demo.com/\') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.\x1a\x8b\x01this.matches(\'^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$\')R\x03uri\x12\x30\n\npublic_key\x18\x03 \x01(\x0b\x32\x11.policy.PublicKeyR\tpublicKey\x12\x33\n\x0bsource_type\x18\x04 \x01(\x0e\x32\x12.policy.SourceTypeR\nsourceType\x12/\n\x08kas_keys\x18\x05 \x03(\x0b\x32\x14.policy.SimpleKasKeyR\x07kasKeys\x12\x12\n\x04name\x18\x14 \x01(\tR\x04name\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\x97\x02\n\x03Key\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x37\n\tis_active\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValueR\x08isActive\x12\x39\n\nwas_mapped\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.BoolValueR\twasMapped\x12\x33\n\npublic_key\x18\x04 \x01(\x0b\x32\x14.policy.KasPublicKeyR\tpublicKey\x12)\n\x03kas\x18\x05 \x01(\x0b\x32\x17.policy.KeyAccessServerR\x03kas\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\x84\x01\n\x0cKasPublicKey\x12\x1c\n\x03pem\x18\x01 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x18\x80@R\x03pem\x12\x1b\n\x03kid\x18\x02 \x01(\tB\t\xbaH\x06r\x04\x10\x01\x18 R\x03kid\x12\x39\n\x03\x61lg\x18\x03 \x01(\x0e\x32\x1b.policy.KasPublicKeyAlgEnumB\n\xbaH\x07\x82\x01\x04\x10\x01 \x00R\x03\x61lg\";\n\x0fKasPublicKeySet\x12(\n\x04keys\x18\x01 \x03(\x0b\x32\x14.policy.KasPublicKeyR\x04keys\"\xe0\x03\n\tPublicKey\x12\x84\x03\n\x06remote\x18\x01 \x01(\tB\xe9\x02\xbaH\xe5\x02\xba\x01\xe1\x02\n\nuri_format\x12\xcf\x01URI must be a valid URL (e.g., \'https://demo.com/\') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.\x1a\x80\x01this.matches(\'^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$\')H\x00R\x06remote\x12\x31\n\x06\x63\x61\x63hed\x18\x03 \x01(\x0b\x32\x17.policy.KasPublicKeySetH\x00R\x06\x63\x61\x63hedB\x0c\n\npublic_keyJ\x04\x08\x02\x10\x03R\x05local\"\x9f\x01\n\x12RegisteredResource\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n\x04name\x18\x02 \x01(\tR\x04name\x12\x37\n\x06values\x18\x03 \x03(\x0b\x32\x1f.policy.RegisteredResourceValueR\x06values\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\xca\x03\n\x17RegisteredResourceValue\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x14\n\x05value\x18\x02 \x01(\tR\x05value\x12\x36\n\x08resource\x18\x03 \x01(\x0b\x32\x1a.policy.RegisteredResourceR\x08resource\x12l\n\x17\x61\x63tion_attribute_values\x18\x04 \x03(\x0b\x32\x34.policy.RegisteredResourceValue.ActionAttributeValueR\x15\x61\x63tionAttributeValues\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\x1a\xb4\x01\n\x14\x41\x63tionAttributeValue\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12&\n\x06\x61\x63tion\x18\x02 \x01(\x0b\x32\x0e.policy.ActionR\x06\x61\x63tion\x12\x36\n\x0f\x61ttribute_value\x18\x03 \x01(\x0b\x32\r.policy.ValueR\x0e\x61ttributeValue\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"a\n\x06KasKey\x12\x15\n\x06kas_id\x18\x01 \x01(\tR\x05kasId\x12\'\n\x03key\x18\x02 \x01(\x0b\x32\x15.policy.AsymmetricKeyR\x03key\x12\x17\n\x07kas_uri\x18\x03 \x01(\tR\x06kasUri\")\n\x0cPublicKeyCtx\x12\x19\n\x03pem\x18\x01 \x01(\tB\x07\xbaH\x04r\x02\x10\x01R\x03pem\"P\n\rPrivateKeyCtx\x12\x1e\n\x06key_id\x18\x01 \x01(\tB\x07\xbaH\x04r\x02\x10\x01R\x05keyId\x12\x1f\n\x0bwrapped_key\x18\x02 \x01(\tR\nwrappedKey\"\xb9\x03\n\rAsymmetricKey\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x15\n\x06key_id\x18\x02 \x01(\tR\x05keyId\x12\x36\n\rkey_algorithm\x18\x03 \x01(\x0e\x32\x11.policy.AlgorithmR\x0ckeyAlgorithm\x12\x30\n\nkey_status\x18\x04 \x01(\x0e\x32\x11.policy.KeyStatusR\tkeyStatus\x12*\n\x08key_mode\x18\x05 \x01(\x0e\x32\x0f.policy.KeyModeR\x07keyMode\x12:\n\x0epublic_key_ctx\x18\x06 \x01(\x0b\x32\x14.policy.PublicKeyCtxR\x0cpublicKeyCtx\x12=\n\x0fprivate_key_ctx\x18\x07 \x01(\x0b\x32\x15.policy.PrivateKeyCtxR\rprivateKeyCtx\x12\x42\n\x0fprovider_config\x18\x08 \x01(\x0b\x32\x19.policy.KeyProviderConfigR\x0eproviderConfig\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\x9e\x02\n\x0cSymmetricKey\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x15\n\x06key_id\x18\x02 \x01(\tR\x05keyId\x12\x30\n\nkey_status\x18\x03 \x01(\x0e\x32\x11.policy.KeyStatusR\tkeyStatus\x12*\n\x08key_mode\x18\x04 \x01(\x0e\x32\x0f.policy.KeyModeR\x07keyMode\x12\x17\n\x07key_ctx\x18\x05 \x01(\x0cR\x06keyCtx\x12\x42\n\x0fprovider_config\x18\x06 \x01(\x0b\x32\x19.policy.KeyProviderConfigR\x0eproviderConfig\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata*\xb3\x01\n\x15\x41ttributeRuleTypeEnum\x12(\n$ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED\x10\x00\x12#\n\x1f\x41TTRIBUTE_RULE_TYPE_ENUM_ALL_OF\x10\x01\x12#\n\x1f\x41TTRIBUTE_RULE_TYPE_ENUM_ANY_OF\x10\x02\x12&\n\"ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY\x10\x03*\xca\x01\n\x1aSubjectMappingOperatorEnum\x12-\n)SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED\x10\x00\x12$\n SUBJECT_MAPPING_OPERATOR_ENUM_IN\x10\x01\x12(\n$SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN\x10\x02\x12-\n)SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS\x10\x03*\x90\x01\n\x18\x43onditionBooleanTypeEnum\x12+\n\'CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED\x10\x00\x12#\n\x1f\x43ONDITION_BOOLEAN_TYPE_ENUM_AND\x10\x01\x12\"\n\x1e\x43ONDITION_BOOLEAN_TYPE_ENUM_OR\x10\x02*]\n\nSourceType\x12\x1b\n\x17SOURCE_TYPE_UNSPECIFIED\x10\x00\x12\x18\n\x14SOURCE_TYPE_INTERNAL\x10\x01\x12\x18\n\x14SOURCE_TYPE_EXTERNAL\x10\x02*\x88\x02\n\x13KasPublicKeyAlgEnum\x12\'\n#KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED\x10\x00\x12$\n KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048\x10\x01\x12$\n KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096\x10\x02\x12(\n$KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1\x10\x05\x12(\n$KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1\x10\x06\x12(\n$KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1\x10\x07*\x9b\x01\n\tAlgorithm\x12\x19\n\x15\x41LGORITHM_UNSPECIFIED\x10\x00\x12\x16\n\x12\x41LGORITHM_RSA_2048\x10\x01\x12\x16\n\x12\x41LGORITHM_RSA_4096\x10\x02\x12\x15\n\x11\x41LGORITHM_EC_P256\x10\x03\x12\x15\n\x11\x41LGORITHM_EC_P384\x10\x04\x12\x15\n\x11\x41LGORITHM_EC_P521\x10\x05*V\n\tKeyStatus\x12\x1a\n\x16KEY_STATUS_UNSPECIFIED\x10\x00\x12\x15\n\x11KEY_STATUS_ACTIVE\x10\x01\x12\x16\n\x12KEY_STATUS_ROTATED\x10\x02*\x94\x01\n\x07KeyMode\x12\x18\n\x14KEY_MODE_UNSPECIFIED\x10\x00\x12\x1c\n\x18KEY_MODE_CONFIG_ROOT_KEY\x10\x01\x12\x1e\n\x1aKEY_MODE_PROVIDER_ROOT_KEY\x10\x02\x12\x13\n\x0fKEY_MODE_REMOTE\x10\x03\x12\x1c\n\x18KEY_MODE_PUBLIC_KEY_ONLY\x10\x04\x42R\n\ncom.policyB\x0cObjectsProtoP\x01\xa2\x02\x03PXX\xaa\x02\x06Policy\xca\x02\x06Policy\xe2\x02\x12Policy\\GPBMetadata\xea\x02\x06Policyb\x06proto3')
+
+_globals = globals()
+_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals)
+_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'policy.objects_pb2', _globals)
+if not _descriptor._USE_C_DESCRIPTORS:
+  _globals['DESCRIPTOR']._loaded_options = None
+  _globals['DESCRIPTOR']._serialized_options = b'\n\ncom.policyB\014ObjectsProtoP\001\242\002\003PXX\252\002\006Policy\312\002\006Policy\342\002\022Policy\\GPBMetadata\352\002\006Policy'
+  _globals['_ATTRIBUTE'].fields_by_name['rule']._loaded_options = None
+  _globals['_ATTRIBUTE'].fields_by_name['rule']._serialized_options = b'\272H\010\202\001\002\020\001\310\001\001'
+  _globals['_CONDITION'].fields_by_name['subject_external_selector_value']._loaded_options = None
+  _globals['_CONDITION'].fields_by_name['subject_external_selector_value']._serialized_options = b'\272H\003\310\001\001'
+  _globals['_CONDITION'].fields_by_name['operator']._loaded_options = None
+  _globals['_CONDITION'].fields_by_name['operator']._serialized_options = b'\272H\010\202\001\002\020\001\310\001\001'
+  _globals['_CONDITION'].fields_by_name['subject_external_values']._loaded_options = None
+  _globals['_CONDITION'].fields_by_name['subject_external_values']._serialized_options = b'\272H\005\222\001\002\010\001'
+  _globals['_CONDITIONGROUP'].fields_by_name['conditions']._loaded_options = None
+  _globals['_CONDITIONGROUP'].fields_by_name['conditions']._serialized_options = b'\272H\005\222\001\002\010\001'
+  _globals['_CONDITIONGROUP'].fields_by_name['boolean_operator']._loaded_options = None
+  _globals['_CONDITIONGROUP'].fields_by_name['boolean_operator']._serialized_options = b'\272H\010\202\001\002\020\001\310\001\001'
+  _globals['_SUBJECTSET'].fields_by_name['condition_groups']._loaded_options = None
+  _globals['_SUBJECTSET'].fields_by_name['condition_groups']._serialized_options = b'\272H\005\222\001\002\010\001'
+  _globals['_SUBJECTCONDITIONSET'].fields_by_name['subject_sets']._loaded_options = None
+  _globals['_SUBJECTCONDITIONSET'].fields_by_name['subject_sets']._serialized_options = b'\272H\005\222\001\002\010\001'
+  _globals['_SUBJECTPROPERTY'].fields_by_name['external_selector_value']._loaded_options = None
+  _globals['_SUBJECTPROPERTY'].fields_by_name['external_selector_value']._serialized_options = b'\272H\007r\002\020\001\310\001\001'
+  _globals['_RESOURCEMAPPINGGROUP'].fields_by_name['namespace_id']._loaded_options = None
+  _globals['_RESOURCEMAPPINGGROUP'].fields_by_name['namespace_id']._serialized_options = b'\272H\003\310\001\001'
+  _globals['_RESOURCEMAPPINGGROUP'].fields_by_name['name']._loaded_options = None
+  _globals['_RESOURCEMAPPINGGROUP'].fields_by_name['name']._serialized_options = b'\272H\003\310\001\001'
+  _globals['_RESOURCEMAPPING'].fields_by_name['attribute_value']._loaded_options = None
+  _globals['_RESOURCEMAPPING'].fields_by_name['attribute_value']._serialized_options = b'\272H\003\310\001\001'
+  _globals['_KEYACCESSSERVER'].fields_by_name['uri']._loaded_options = None
+  _globals['_KEYACCESSSERVER'].fields_by_name['uri']._serialized_options = b'\272H\360\002\272\001\354\002\n\nuri_format\022\317\001URI must be a valid URL (e.g., \'https://demo.com/\') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.\032\213\001this.matches(\'^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$\')'
+  _globals['_KASPUBLICKEY'].fields_by_name['pem']._loaded_options = None
+  _globals['_KASPUBLICKEY'].fields_by_name['pem']._serialized_options = b'\272H\007r\005\020\001\030\200@'
+  _globals['_KASPUBLICKEY'].fields_by_name['kid']._loaded_options = None
+  _globals['_KASPUBLICKEY'].fields_by_name['kid']._serialized_options = b'\272H\006r\004\020\001\030 '
+  _globals['_KASPUBLICKEY'].fields_by_name['alg']._loaded_options = None
+  _globals['_KASPUBLICKEY'].fields_by_name['alg']._serialized_options = b'\272H\007\202\001\004\020\001 \000'
+  _globals['_PUBLICKEY'].fields_by_name['remote']._loaded_options = None
+  _globals['_PUBLICKEY'].fields_by_name['remote']._serialized_options = b'\272H\345\002\272\001\341\002\n\nuri_format\022\317\001URI must be a valid URL (e.g., \'https://demo.com/\') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.\032\200\001this.matches(\'^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$\')'
+  _globals['_PUBLICKEYCTX'].fields_by_name['pem']._loaded_options = None
+  _globals['_PUBLICKEYCTX'].fields_by_name['pem']._serialized_options = b'\272H\004r\002\020\001'
+  _globals['_PRIVATEKEYCTX'].fields_by_name['key_id']._loaded_options = None
+  _globals['_PRIVATEKEYCTX'].fields_by_name['key_id']._serialized_options = b'\272H\004r\002\020\001'
+  _globals['_ATTRIBUTERULETYPEENUM']._serialized_start=6525
+  _globals['_ATTRIBUTERULETYPEENUM']._serialized_end=6704
+  _globals['_SUBJECTMAPPINGOPERATORENUM']._serialized_start=6707
+  _globals['_SUBJECTMAPPINGOPERATORENUM']._serialized_end=6909
+  _globals['_CONDITIONBOOLEANTYPEENUM']._serialized_start=6912
+  _globals['_CONDITIONBOOLEANTYPEENUM']._serialized_end=7056
+  _globals['_SOURCETYPE']._serialized_start=7058
+  _globals['_SOURCETYPE']._serialized_end=7151
+  _globals['_KASPUBLICKEYALGENUM']._serialized_start=7154
+  _globals['_KASPUBLICKEYALGENUM']._serialized_end=7418
+  _globals['_ALGORITHM']._serialized_start=7421
+  _globals['_ALGORITHM']._serialized_end=7576
+  _globals['_KEYSTATUS']._serialized_start=7578
+  _globals['_KEYSTATUS']._serialized_end=7664
+  _globals['_KEYMODE']._serialized_start=7667
+  _globals['_KEYMODE']._serialized_end=7815
+  _globals['_SIMPLEKASPUBLICKEY']._serialized_start=114
+  _globals['_SIMPLEKASPUBLICKEY']._serialized_end=219
+  _globals['_SIMPLEKASKEY']._serialized_start=221
+  _globals['_SIMPLEKASKEY']._serialized_end=342
+  _globals['_KEYPROVIDERCONFIG']._serialized_start=345
+  _globals['_KEYPROVIDERCONFIG']._serialized_end=479
+  _globals['_NAMESPACE']._serialized_start=482
+  _globals['_NAMESPACE']._serialized_end=743
+  _globals['_ATTRIBUTE']._serialized_start=746
+  _globals['_ATTRIBUTE']._serialized_end=1159
+  _globals['_VALUE']._serialized_start=1162
+  _globals['_VALUE']._serialized_end=1622
+  _globals['_ACTION']._serialized_start=1625
+  _globals['_ACTION']._serialized_end=1921
+  _globals['_ACTION_STANDARDACTION']._serialized_start=1804
+  _globals['_ACTION_STANDARDACTION']._serialized_end=1912
+  _globals['_SUBJECTMAPPING']._serialized_start=1924
+  _globals['_SUBJECTMAPPING']._serialized_end=2181
+  _globals['_CONDITION']._serialized_start=2184
+  _globals['_CONDITION']._serialized_end=2417
+  _globals['_CONDITIONGROUP']._serialized_start=2420
+  _globals['_CONDITIONGROUP']._serialized_end=2587
+  _globals['_SUBJECTSET']._serialized_start=2589
+  _globals['_SUBJECTSET']._serialized_end=2678
+  _globals['_SUBJECTCONDITIONSET']._serialized_start=2681
+  _globals['_SUBJECTCONDITIONSET']._serialized_end=2829
+  _globals['_SUBJECTPROPERTY']._serialized_start=2831
+  _globals['_SUBJECTPROPERTY']._serialized_end=2955
+  _globals['_RESOURCEMAPPINGGROUP']._serialized_start=2958
+  _globals['_RESOURCEMAPPINGGROUP']._serialized_end=3113
+  _globals['_RESOURCEMAPPING']._serialized_start=3116
+  _globals['_RESOURCEMAPPING']._serialized_end=3333
+  _globals['_KEYACCESSSERVER']._serialized_start=3336
+  _globals['_KEYACCESSSERVER']._serialized_end=3981
+  _globals['_KEY']._serialized_start=3984
+  _globals['_KEY']._serialized_end=4263
+  _globals['_KASPUBLICKEY']._serialized_start=4266
+  _globals['_KASPUBLICKEY']._serialized_end=4398
+  _globals['_KASPUBLICKEYSET']._serialized_start=4400
+  _globals['_KASPUBLICKEYSET']._serialized_end=4459
+  _globals['_PUBLICKEY']._serialized_start=4462
+  _globals['_PUBLICKEY']._serialized_end=4942
+  _globals['_REGISTEREDRESOURCE']._serialized_start=4945
+  _globals['_REGISTEREDRESOURCE']._serialized_end=5104
+  _globals['_REGISTEREDRESOURCEVALUE']._serialized_start=5107
+  _globals['_REGISTEREDRESOURCEVALUE']._serialized_end=5565
+  _globals['_REGISTEREDRESOURCEVALUE_ACTIONATTRIBUTEVALUE']._serialized_start=5385
+  _globals['_REGISTEREDRESOURCEVALUE_ACTIONATTRIBUTEVALUE']._serialized_end=5565
+  _globals['_KASKEY']._serialized_start=5567
+  _globals['_KASKEY']._serialized_end=5664
+  _globals['_PUBLICKEYCTX']._serialized_start=5666
+  _globals['_PUBLICKEYCTX']._serialized_end=5707
+  _globals['_PRIVATEKEYCTX']._serialized_start=5709
+  _globals['_PRIVATEKEYCTX']._serialized_end=5789
+  _globals['_ASYMMETRICKEY']._serialized_start=5792
+  _globals['_ASYMMETRICKEY']._serialized_end=6233
+  _globals['_SYMMETRICKEY']._serialized_start=6236
+  _globals['_SYMMETRICKEY']._serialized_end=6522
+# @@protoc_insertion_point(module_scope)

otdf_python_proto/policy/objects_pb2.pyi

@@ -0,0 +1,464 @@
+from buf.validate import validate_pb2 as _validate_pb2
+from common import common_pb2 as _common_pb2
+from google.protobuf import wrappers_pb2 as _wrappers_pb2
+from google.protobuf.internal import containers as _containers
+from google.protobuf.internal import enum_type_wrapper as _enum_type_wrapper
+from google.protobuf import descriptor as _descriptor
+from google.protobuf import message as _message
+from collections.abc import Iterable as _Iterable, Mapping as _Mapping
+from typing import ClassVar as _ClassVar, Optional as _Optional, Union as _Union
+
+DESCRIPTOR: _descriptor.FileDescriptor
+
+class AttributeRuleTypeEnum(int, metaclass=_enum_type_wrapper.EnumTypeWrapper):
+    __slots__ = ()
+    ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED: _ClassVar[AttributeRuleTypeEnum]
+    ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF: _ClassVar[AttributeRuleTypeEnum]
+    ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF: _ClassVar[AttributeRuleTypeEnum]
+    ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY: _ClassVar[AttributeRuleTypeEnum]
+
+class SubjectMappingOperatorEnum(int, metaclass=_enum_type_wrapper.EnumTypeWrapper):
+    __slots__ = ()
+    SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED: _ClassVar[SubjectMappingOperatorEnum]
+    SUBJECT_MAPPING_OPERATOR_ENUM_IN: _ClassVar[SubjectMappingOperatorEnum]
+    SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN: _ClassVar[SubjectMappingOperatorEnum]
+    SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS: _ClassVar[SubjectMappingOperatorEnum]
+
+class ConditionBooleanTypeEnum(int, metaclass=_enum_type_wrapper.EnumTypeWrapper):
+    __slots__ = ()
+    CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED: _ClassVar[ConditionBooleanTypeEnum]
+    CONDITION_BOOLEAN_TYPE_ENUM_AND: _ClassVar[ConditionBooleanTypeEnum]
+    CONDITION_BOOLEAN_TYPE_ENUM_OR: _ClassVar[ConditionBooleanTypeEnum]
+
+class SourceType(int, metaclass=_enum_type_wrapper.EnumTypeWrapper):
+    __slots__ = ()
+    SOURCE_TYPE_UNSPECIFIED: _ClassVar[SourceType]
+    SOURCE_TYPE_INTERNAL: _ClassVar[SourceType]
+    SOURCE_TYPE_EXTERNAL: _ClassVar[SourceType]
+
+class KasPublicKeyAlgEnum(int, metaclass=_enum_type_wrapper.EnumTypeWrapper):
+    __slots__ = ()
+    KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED: _ClassVar[KasPublicKeyAlgEnum]
+    KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048: _ClassVar[KasPublicKeyAlgEnum]
+    KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096: _ClassVar[KasPublicKeyAlgEnum]
+    KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1: _ClassVar[KasPublicKeyAlgEnum]
+    KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1: _ClassVar[KasPublicKeyAlgEnum]
+    KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1: _ClassVar[KasPublicKeyAlgEnum]
+
+class Algorithm(int, metaclass=_enum_type_wrapper.EnumTypeWrapper):
+    __slots__ = ()
+    ALGORITHM_UNSPECIFIED: _ClassVar[Algorithm]
+    ALGORITHM_RSA_2048: _ClassVar[Algorithm]
+    ALGORITHM_RSA_4096: _ClassVar[Algorithm]
+    ALGORITHM_EC_P256: _ClassVar[Algorithm]
+    ALGORITHM_EC_P384: _ClassVar[Algorithm]
+    ALGORITHM_EC_P521: _ClassVar[Algorithm]
+
+class KeyStatus(int, metaclass=_enum_type_wrapper.EnumTypeWrapper):
+    __slots__ = ()
+    KEY_STATUS_UNSPECIFIED: _ClassVar[KeyStatus]
+    KEY_STATUS_ACTIVE: _ClassVar[KeyStatus]
+    KEY_STATUS_ROTATED: _ClassVar[KeyStatus]
+
+class KeyMode(int, metaclass=_enum_type_wrapper.EnumTypeWrapper):
+    __slots__ = ()
+    KEY_MODE_UNSPECIFIED: _ClassVar[KeyMode]
+    KEY_MODE_CONFIG_ROOT_KEY: _ClassVar[KeyMode]
+    KEY_MODE_PROVIDER_ROOT_KEY: _ClassVar[KeyMode]
+    KEY_MODE_REMOTE: _ClassVar[KeyMode]
+    KEY_MODE_PUBLIC_KEY_ONLY: _ClassVar[KeyMode]
+ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED: AttributeRuleTypeEnum
+ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF: AttributeRuleTypeEnum
+ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF: AttributeRuleTypeEnum
+ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY: AttributeRuleTypeEnum
+SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED: SubjectMappingOperatorEnum
+SUBJECT_MAPPING_OPERATOR_ENUM_IN: SubjectMappingOperatorEnum
+SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN: SubjectMappingOperatorEnum
+SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS: SubjectMappingOperatorEnum
+CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED: ConditionBooleanTypeEnum
+CONDITION_BOOLEAN_TYPE_ENUM_AND: ConditionBooleanTypeEnum
+CONDITION_BOOLEAN_TYPE_ENUM_OR: ConditionBooleanTypeEnum
+SOURCE_TYPE_UNSPECIFIED: SourceType
+SOURCE_TYPE_INTERNAL: SourceType
+SOURCE_TYPE_EXTERNAL: SourceType
+KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED: KasPublicKeyAlgEnum
+KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048: KasPublicKeyAlgEnum
+KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096: KasPublicKeyAlgEnum
+KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1: KasPublicKeyAlgEnum
+KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1: KasPublicKeyAlgEnum
+KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1: KasPublicKeyAlgEnum
+ALGORITHM_UNSPECIFIED: Algorithm
+ALGORITHM_RSA_2048: Algorithm
+ALGORITHM_RSA_4096: Algorithm
+ALGORITHM_EC_P256: Algorithm
+ALGORITHM_EC_P384: Algorithm
+ALGORITHM_EC_P521: Algorithm
+KEY_STATUS_UNSPECIFIED: KeyStatus
+KEY_STATUS_ACTIVE: KeyStatus
+KEY_STATUS_ROTATED: KeyStatus
+KEY_MODE_UNSPECIFIED: KeyMode
+KEY_MODE_CONFIG_ROOT_KEY: KeyMode
+KEY_MODE_PROVIDER_ROOT_KEY: KeyMode
+KEY_MODE_REMOTE: KeyMode
+KEY_MODE_PUBLIC_KEY_ONLY: KeyMode
+
+class SimpleKasPublicKey(_message.Message):
+    __slots__ = ("algorithm", "kid", "pem")
+    ALGORITHM_FIELD_NUMBER: _ClassVar[int]
+    KID_FIELD_NUMBER: _ClassVar[int]
+    PEM_FIELD_NUMBER: _ClassVar[int]
+    algorithm: Algorithm
+    kid: str
+    pem: str
+    def __init__(self, algorithm: _Optional[_Union[Algorithm, str]] = ..., kid: _Optional[str] = ..., pem: _Optional[str] = ...) -> None: ...
+
+class SimpleKasKey(_message.Message):
+    __slots__ = ("kas_uri", "public_key", "kas_id")
+    KAS_URI_FIELD_NUMBER: _ClassVar[int]
+    PUBLIC_KEY_FIELD_NUMBER: _ClassVar[int]
+    KAS_ID_FIELD_NUMBER: _ClassVar[int]
+    kas_uri: str
+    public_key: SimpleKasPublicKey
+    kas_id: str
+    def __init__(self, kas_uri: _Optional[str] = ..., public_key: _Optional[_Union[SimpleKasPublicKey, _Mapping]] = ..., kas_id: _Optional[str] = ...) -> None: ...
+
+class KeyProviderConfig(_message.Message):
+    __slots__ = ("id", "name", "config_json", "metadata")
+    ID_FIELD_NUMBER: _ClassVar[int]
+    NAME_FIELD_NUMBER: _ClassVar[int]
+    CONFIG_JSON_FIELD_NUMBER: _ClassVar[int]
+    METADATA_FIELD_NUMBER: _ClassVar[int]
+    id: str
+    name: str
+    config_json: bytes
+    metadata: _common_pb2.Metadata
+    def __init__(self, id: _Optional[str] = ..., name: _Optional[str] = ..., config_json: _Optional[bytes] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ...
+
+class Namespace(_message.Message):
+    __slots__ = ("id", "name", "fqn", "active", "metadata", "grants", "kas_keys")
+    ID_FIELD_NUMBER: _ClassVar[int]
+    NAME_FIELD_NUMBER: _ClassVar[int]
+    FQN_FIELD_NUMBER: _ClassVar[int]
+    ACTIVE_FIELD_NUMBER: _ClassVar[int]
+    METADATA_FIELD_NUMBER: _ClassVar[int]
+    GRANTS_FIELD_NUMBER: _ClassVar[int]
+    KAS_KEYS_FIELD_NUMBER: _ClassVar[int]
+    id: str
+    name: str
+    fqn: str
+    active: _wrappers_pb2.BoolValue
+    metadata: _common_pb2.Metadata
+    grants: _containers.RepeatedCompositeFieldContainer[KeyAccessServer]
+    kas_keys: _containers.RepeatedCompositeFieldContainer[SimpleKasKey]
+    def __init__(self, id: _Optional[str] = ..., name: _Optional[str] = ..., fqn: _Optional[str] = ..., active: _Optional[_Union[_wrappers_pb2.BoolValue, _Mapping]] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ..., grants: _Optional[_Iterable[_Union[KeyAccessServer, _Mapping]]] = ..., kas_keys: _Optional[_Iterable[_Union[SimpleKasKey, _Mapping]]] = ...) -> None: ...
+
+class Attribute(_message.Message):
+    __slots__ = ("id", "namespace", "name", "rule", "values", "grants", "fqn", "active", "kas_keys", "metadata")
+    ID_FIELD_NUMBER: _ClassVar[int]
+    NAMESPACE_FIELD_NUMBER: _ClassVar[int]
+    NAME_FIELD_NUMBER: _ClassVar[int]
+    RULE_FIELD_NUMBER: _ClassVar[int]
+    VALUES_FIELD_NUMBER: _ClassVar[int]
+    GRANTS_FIELD_NUMBER: _ClassVar[int]
+    FQN_FIELD_NUMBER: _ClassVar[int]
+    ACTIVE_FIELD_NUMBER: _ClassVar[int]
+    KAS_KEYS_FIELD_NUMBER: _ClassVar[int]
+    METADATA_FIELD_NUMBER: _ClassVar[int]
+    id: str
+    namespace: Namespace
+    name: str
+    rule: AttributeRuleTypeEnum
+    values: _containers.RepeatedCompositeFieldContainer[Value]
+    grants: _containers.RepeatedCompositeFieldContainer[KeyAccessServer]
+    fqn: str
+    active: _wrappers_pb2.BoolValue
+    kas_keys: _containers.RepeatedCompositeFieldContainer[SimpleKasKey]
+    metadata: _common_pb2.Metadata
+    def __init__(self, id: _Optional[str] = ..., namespace: _Optional[_Union[Namespace, _Mapping]] = ..., name: _Optional[str] = ..., rule: _Optional[_Union[AttributeRuleTypeEnum, str]] = ..., values: _Optional[_Iterable[_Union[Value, _Mapping]]] = ..., grants: _Optional[_Iterable[_Union[KeyAccessServer, _Mapping]]] = ..., fqn: _Optional[str] = ..., active: _Optional[_Union[_wrappers_pb2.BoolValue, _Mapping]] = ..., kas_keys: _Optional[_Iterable[_Union[SimpleKasKey, _Mapping]]] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ...
+
+class Value(_message.Message):
+    __slots__ = ("id", "attribute", "value", "grants", "fqn", "active", "subject_mappings", "kas_keys", "resource_mappings", "metadata")
+    ID_FIELD_NUMBER: _ClassVar[int]
+    ATTRIBUTE_FIELD_NUMBER: _ClassVar[int]
+    VALUE_FIELD_NUMBER: _ClassVar[int]
+    GRANTS_FIELD_NUMBER: _ClassVar[int]
+    FQN_FIELD_NUMBER: _ClassVar[int]
+    ACTIVE_FIELD_NUMBER: _ClassVar[int]
+    SUBJECT_MAPPINGS_FIELD_NUMBER: _ClassVar[int]
+    KAS_KEYS_FIELD_NUMBER: _ClassVar[int]
+    RESOURCE_MAPPINGS_FIELD_NUMBER: _ClassVar[int]
+    METADATA_FIELD_NUMBER: _ClassVar[int]
+    id: str
+    attribute: Attribute
+    value: str
+    grants: _containers.RepeatedCompositeFieldContainer[KeyAccessServer]
+    fqn: str
+    active: _wrappers_pb2.BoolValue
+    subject_mappings: _containers.RepeatedCompositeFieldContainer[SubjectMapping]
+    kas_keys: _containers.RepeatedCompositeFieldContainer[SimpleKasKey]
+    resource_mappings: _containers.RepeatedCompositeFieldContainer[ResourceMapping]
+    metadata: _common_pb2.Metadata
+    def __init__(self, id: _Optional[str] = ..., attribute: _Optional[_Union[Attribute, _Mapping]] = ..., value: _Optional[str] = ..., grants: _Optional[_Iterable[_Union[KeyAccessServer, _Mapping]]] = ..., fqn: _Optional[str] = ..., active: _Optional[_Union[_wrappers_pb2.BoolValue, _Mapping]] = ..., subject_mappings: _Optional[_Iterable[_Union[SubjectMapping, _Mapping]]] = ..., kas_keys: _Optional[_Iterable[_Union[SimpleKasKey, _Mapping]]] = ..., resource_mappings: _Optional[_Iterable[_Union[ResourceMapping, _Mapping]]] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ...
+
+class Action(_message.Message):
+    __slots__ = ("id", "standard", "custom", "name", "metadata")
+    class StandardAction(int, metaclass=_enum_type_wrapper.EnumTypeWrapper):
+        __slots__ = ()
+        STANDARD_ACTION_UNSPECIFIED: _ClassVar[Action.StandardAction]
+        STANDARD_ACTION_DECRYPT: _ClassVar[Action.StandardAction]
+        STANDARD_ACTION_TRANSMIT: _ClassVar[Action.StandardAction]
+    STANDARD_ACTION_UNSPECIFIED: Action.StandardAction
+    STANDARD_ACTION_DECRYPT: Action.StandardAction
+    STANDARD_ACTION_TRANSMIT: Action.StandardAction
+    ID_FIELD_NUMBER: _ClassVar[int]
+    STANDARD_FIELD_NUMBER: _ClassVar[int]
+    CUSTOM_FIELD_NUMBER: _ClassVar[int]
+    NAME_FIELD_NUMBER: _ClassVar[int]
+    METADATA_FIELD_NUMBER: _ClassVar[int]
+    id: str
+    standard: Action.StandardAction
+    custom: str
+    name: str
+    metadata: _common_pb2.Metadata
+    def __init__(self, id: _Optional[str] = ..., standard: _Optional[_Union[Action.StandardAction, str]] = ..., custom: _Optional[str] = ..., name: _Optional[str] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ...
+
+class SubjectMapping(_message.Message):
+    __slots__ = ("id", "attribute_value", "subject_condition_set", "actions", "metadata")
+    ID_FIELD_NUMBER: _ClassVar[int]
+    ATTRIBUTE_VALUE_FIELD_NUMBER: _ClassVar[int]
+    SUBJECT_CONDITION_SET_FIELD_NUMBER: _ClassVar[int]
+    ACTIONS_FIELD_NUMBER: _ClassVar[int]
+    METADATA_FIELD_NUMBER: _ClassVar[int]
+    id: str
+    attribute_value: Value
+    subject_condition_set: SubjectConditionSet
+    actions: _containers.RepeatedCompositeFieldContainer[Action]
+    metadata: _common_pb2.Metadata
+    def __init__(self, id: _Optional[str] = ..., attribute_value: _Optional[_Union[Value, _Mapping]] = ..., subject_condition_set: _Optional[_Union[SubjectConditionSet, _Mapping]] = ..., actions: _Optional[_Iterable[_Union[Action, _Mapping]]] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ...
+
+class Condition(_message.Message):
+    __slots__ = ("subject_external_selector_value", "operator", "subject_external_values")
+    SUBJECT_EXTERNAL_SELECTOR_VALUE_FIELD_NUMBER: _ClassVar[int]
+    OPERATOR_FIELD_NUMBER: _ClassVar[int]
+    SUBJECT_EXTERNAL_VALUES_FIELD_NUMBER: _ClassVar[int]
+    subject_external_selector_value: str
+    operator: SubjectMappingOperatorEnum
+    subject_external_values: _containers.RepeatedScalarFieldContainer[str]
+    def __init__(self, subject_external_selector_value: _Optional[str] = ..., operator: _Optional[_Union[SubjectMappingOperatorEnum, str]] = ..., subject_external_values: _Optional[_Iterable[str]] = ...) -> None: ...
+
+class ConditionGroup(_message.Message):
+    __slots__ = ("conditions", "boolean_operator")
+    CONDITIONS_FIELD_NUMBER: _ClassVar[int]
+    BOOLEAN_OPERATOR_FIELD_NUMBER: _ClassVar[int]
+    conditions: _containers.RepeatedCompositeFieldContainer[Condition]
+    boolean_operator: ConditionBooleanTypeEnum
+    def __init__(self, conditions: _Optional[_Iterable[_Union[Condition, _Mapping]]] = ..., boolean_operator: _Optional[_Union[ConditionBooleanTypeEnum, str]] = ...) -> None: ...
+
+class SubjectSet(_message.Message):
+    __slots__ = ("condition_groups",)
+    CONDITION_GROUPS_FIELD_NUMBER: _ClassVar[int]
+    condition_groups: _containers.RepeatedCompositeFieldContainer[ConditionGroup]
+    def __init__(self, condition_groups: _Optional[_Iterable[_Union[ConditionGroup, _Mapping]]] = ...) -> None: ...
+
+class SubjectConditionSet(_message.Message):
+    __slots__ = ("id", "subject_sets", "metadata")
+    ID_FIELD_NUMBER: _ClassVar[int]
+    SUBJECT_SETS_FIELD_NUMBER: _ClassVar[int]
+    METADATA_FIELD_NUMBER: _ClassVar[int]
+    id: str
+    subject_sets: _containers.RepeatedCompositeFieldContainer[SubjectSet]
+    metadata: _common_pb2.Metadata
+    def __init__(self, id: _Optional[str] = ..., subject_sets: _Optional[_Iterable[_Union[SubjectSet, _Mapping]]] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ...
+
+class SubjectProperty(_message.Message):
+    __slots__ = ("external_selector_value", "external_value")
+    EXTERNAL_SELECTOR_VALUE_FIELD_NUMBER: _ClassVar[int]
+    EXTERNAL_VALUE_FIELD_NUMBER: _ClassVar[int]
+    external_selector_value: str
+    external_value: str
+    def __init__(self, external_selector_value: _Optional[str] = ..., external_value: _Optional[str] = ...) -> None: ...
+
+class ResourceMappingGroup(_message.Message):
+    __slots__ = ("id", "namespace_id", "name", "metadata")
+    ID_FIELD_NUMBER: _ClassVar[int]
+    NAMESPACE_ID_FIELD_NUMBER: _ClassVar[int]
+    NAME_FIELD_NUMBER: _ClassVar[int]
+    METADATA_FIELD_NUMBER: _ClassVar[int]
+    id: str
+    namespace_id: str
+    name: str
+    metadata: _common_pb2.Metadata
+    def __init__(self, id: _Optional[str] = ..., namespace_id: _Optional[str] = ..., name: _Optional[str] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ...
+
+class ResourceMapping(_message.Message):
+    __slots__ = ("id", "metadata", "attribute_value", "terms", "group")
+    ID_FIELD_NUMBER: _ClassVar[int]
+    METADATA_FIELD_NUMBER: _ClassVar[int]
+    ATTRIBUTE_VALUE_FIELD_NUMBER: _ClassVar[int]
+    TERMS_FIELD_NUMBER: _ClassVar[int]
+    GROUP_FIELD_NUMBER: _ClassVar[int]
+    id: str
+    metadata: _common_pb2.Metadata
+    attribute_value: Value
+    terms: _containers.RepeatedScalarFieldContainer[str]
+    group: ResourceMappingGroup
+    def __init__(self, id: _Optional[str] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ..., attribute_value: _Optional[_Union[Value, _Mapping]] = ..., terms: _Optional[_Iterable[str]] = ..., group: _Optional[_Union[ResourceMappingGroup, _Mapping]] = ...) -> None: ...
+
+class KeyAccessServer(_message.Message):
+    __slots__ = ("id", "uri", "public_key", "source_type", "kas_keys", "name", "metadata")
+    ID_FIELD_NUMBER: _ClassVar[int]
+    URI_FIELD_NUMBER: _ClassVar[int]
+    PUBLIC_KEY_FIELD_NUMBER: _ClassVar[int]
+    SOURCE_TYPE_FIELD_NUMBER: _ClassVar[int]
+    KAS_KEYS_FIELD_NUMBER: _ClassVar[int]
+    NAME_FIELD_NUMBER: _ClassVar[int]
+    METADATA_FIELD_NUMBER: _ClassVar[int]
+    id: str
+    uri: str
+    public_key: PublicKey
+    source_type: SourceType
+    kas_keys: _containers.RepeatedCompositeFieldContainer[SimpleKasKey]
+    name: str
+    metadata: _common_pb2.Metadata
+    def __init__(self, id: _Optional[str] = ..., uri: _Optional[str] = ..., public_key: _Optional[_Union[PublicKey, _Mapping]] = ..., source_type: _Optional[_Union[SourceType, str]] = ..., kas_keys: _Optional[_Iterable[_Union[SimpleKasKey, _Mapping]]] = ..., name: _Optional[str] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ...
+
+class Key(_message.Message):
+    __slots__ = ("id", "is_active", "was_mapped", "public_key", "kas", "metadata")
+    ID_FIELD_NUMBER: _ClassVar[int]
+    IS_ACTIVE_FIELD_NUMBER: _ClassVar[int]
+    WAS_MAPPED_FIELD_NUMBER: _ClassVar[int]
+    PUBLIC_KEY_FIELD_NUMBER: _ClassVar[int]
+    KAS_FIELD_NUMBER: _ClassVar[int]
+    METADATA_FIELD_NUMBER: _ClassVar[int]
+    id: str
+    is_active: _wrappers_pb2.BoolValue
+    was_mapped: _wrappers_pb2.BoolValue
+    public_key: KasPublicKey
+    kas: KeyAccessServer
+    metadata: _common_pb2.Metadata
+    def __init__(self, id: _Optional[str] = ..., is_active: _Optional[_Union[_wrappers_pb2.BoolValue, _Mapping]] = ..., was_mapped: _Optional[_Union[_wrappers_pb2.BoolValue, _Mapping]] = ..., public_key: _Optional[_Union[KasPublicKey, _Mapping]] = ..., kas: _Optional[_Union[KeyAccessServer, _Mapping]] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ...
+
+class KasPublicKey(_message.Message):
+    __slots__ = ("pem", "kid", "alg")
+    PEM_FIELD_NUMBER: _ClassVar[int]
+    KID_FIELD_NUMBER: _ClassVar[int]
+    ALG_FIELD_NUMBER: _ClassVar[int]
+    pem: str
+    kid: str
+    alg: KasPublicKeyAlgEnum
+    def __init__(self, pem: _Optional[str] = ..., kid: _Optional[str] = ..., alg: _Optional[_Union[KasPublicKeyAlgEnum, str]] = ...) -> None: ...
+
+class KasPublicKeySet(_message.Message):
+    __slots__ = ("keys",)
+    KEYS_FIELD_NUMBER: _ClassVar[int]
+    keys: _containers.RepeatedCompositeFieldContainer[KasPublicKey]
+    def __init__(self, keys: _Optional[_Iterable[_Union[KasPublicKey, _Mapping]]] = ...) -> None: ...
+
+class PublicKey(_message.Message):
+    __slots__ = ("remote", "cached")
+    REMOTE_FIELD_NUMBER: _ClassVar[int]
+    CACHED_FIELD_NUMBER: _ClassVar[int]
+    remote: str
+    cached: KasPublicKeySet
+    def __init__(self, remote: _Optional[str] = ..., cached: _Optional[_Union[KasPublicKeySet, _Mapping]] = ...) -> None: ...
+
+class RegisteredResource(_message.Message):
+    __slots__ = ("id", "name", "values", "metadata")
+    ID_FIELD_NUMBER: _ClassVar[int]
+    NAME_FIELD_NUMBER: _ClassVar[int]
+    VALUES_FIELD_NUMBER: _ClassVar[int]
+    METADATA_FIELD_NUMBER: _ClassVar[int]
+    id: str
+    name: str
+    values: _containers.RepeatedCompositeFieldContainer[RegisteredResourceValue]
+    metadata: _common_pb2.Metadata
+    def __init__(self, id: _Optional[str] = ..., name: _Optional[str] = ..., values: _Optional[_Iterable[_Union[RegisteredResourceValue, _Mapping]]] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ...
+
+class RegisteredResourceValue(_message.Message):
+    __slots__ = ("id", "value", "resource", "action_attribute_values", "metadata")
+    class ActionAttributeValue(_message.Message):
+        __slots__ = ("id", "action", "attribute_value", "metadata")
+        ID_FIELD_NUMBER: _ClassVar[int]
+        ACTION_FIELD_NUMBER: _ClassVar[int]
+        ATTRIBUTE_VALUE_FIELD_NUMBER: _ClassVar[int]
+        METADATA_FIELD_NUMBER: _ClassVar[int]
+        id: str
+        action: Action
+        attribute_value: Value
+        metadata: _common_pb2.Metadata
+        def __init__(self, id: _Optional[str] = ..., action: _Optional[_Union[Action, _Mapping]] = ..., attribute_value: _Optional[_Union[Value, _Mapping]] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ...
+    ID_FIELD_NUMBER: _ClassVar[int]
+    VALUE_FIELD_NUMBER: _ClassVar[int]
+    RESOURCE_FIELD_NUMBER: _ClassVar[int]
+    ACTION_ATTRIBUTE_VALUES_FIELD_NUMBER: _ClassVar[int]
+    METADATA_FIELD_NUMBER: _ClassVar[int]
+    id: str
+    value: str
+    resource: RegisteredResource
+    action_attribute_values: _containers.RepeatedCompositeFieldContainer[RegisteredResourceValue.ActionAttributeValue]
+    metadata: _common_pb2.Metadata
+    def __init__(self, id: _Optional[str] = ..., value: _Optional[str] = ..., resource: _Optional[_Union[RegisteredResource, _Mapping]] = ..., action_attribute_values: _Optional[_Iterable[_Union[RegisteredResourceValue.ActionAttributeValue, _Mapping]]] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ...
+
+class KasKey(_message.Message):
+    __slots__ = ("kas_id", "key", "kas_uri")
+    KAS_ID_FIELD_NUMBER: _ClassVar[int]
+    KEY_FIELD_NUMBER: _ClassVar[int]
+    KAS_URI_FIELD_NUMBER: _ClassVar[int]
+    kas_id: str
+    key: AsymmetricKey
+    kas_uri: str
+    def __init__(self, kas_id: _Optional[str] = ..., key: _Optional[_Union[AsymmetricKey, _Mapping]] = ..., kas_uri: _Optional[str] = ...) -> None: ...
+
+class PublicKeyCtx(_message.Message):
+    __slots__ = ("pem",)
+    PEM_FIELD_NUMBER: _ClassVar[int]
+    pem: str
+    def __init__(self, pem: _Optional[str] = ...) -> None: ...
+
+class PrivateKeyCtx(_message.Message):
+    __slots__ = ("key_id", "wrapped_key")
+    KEY_ID_FIELD_NUMBER: _ClassVar[int]
+    WRAPPED_KEY_FIELD_NUMBER: _ClassVar[int]
+    key_id: str
+    wrapped_key: str
+    def __init__(self, key_id: _Optional[str] = ..., wrapped_key: _Optional[str] = ...) -> None: ...
+
+class AsymmetricKey(_message.Message):
+    __slots__ = ("id", "key_id", "key_algorithm", "key_status", "key_mode", "public_key_ctx", "private_key_ctx", "provider_config", "metadata")
+    ID_FIELD_NUMBER: _ClassVar[int]
+    KEY_ID_FIELD_NUMBER: _ClassVar[int]
+    KEY_ALGORITHM_FIELD_NUMBER: _ClassVar[int]
+    KEY_STATUS_FIELD_NUMBER: _ClassVar[int]
+    KEY_MODE_FIELD_NUMBER: _ClassVar[int]
+    PUBLIC_KEY_CTX_FIELD_NUMBER: _ClassVar[int]
+    PRIVATE_KEY_CTX_FIELD_NUMBER: _ClassVar[int]
+    PROVIDER_CONFIG_FIELD_NUMBER: _ClassVar[int]
+    METADATA_FIELD_NUMBER: _ClassVar[int]
+    id: str
+    key_id: str
+    key_algorithm: Algorithm
+    key_status: KeyStatus
+    key_mode: KeyMode
+    public_key_ctx: PublicKeyCtx
+    private_key_ctx: PrivateKeyCtx
+    provider_config: KeyProviderConfig
+    metadata: _common_pb2.Metadata
+    def __init__(self, id: _Optional[str] = ..., key_id: _Optional[str] = ..., key_algorithm: _Optional[_Union[Algorithm, str]] = ..., key_status: _Optional[_Union[KeyStatus, str]] = ..., key_mode: _Optional[_Union[KeyMode, str]] = ..., public_key_ctx: _Optional[_Union[PublicKeyCtx, _Mapping]] = ..., private_key_ctx: _Optional[_Union[PrivateKeyCtx, _Mapping]] = ..., provider_config: _Optional[_Union[KeyProviderConfig, _Mapping]] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ...
+
+class SymmetricKey(_message.Message):
+    __slots__ = ("id", "key_id", "key_status", "key_mode", "key_ctx", "provider_config", "metadata")
+    ID_FIELD_NUMBER: _ClassVar[int]
+    KEY_ID_FIELD_NUMBER: _ClassVar[int]
+    KEY_STATUS_FIELD_NUMBER: _ClassVar[int]
+    KEY_MODE_FIELD_NUMBER: _ClassVar[int]
+    KEY_CTX_FIELD_NUMBER: _ClassVar[int]
+    PROVIDER_CONFIG_FIELD_NUMBER: _ClassVar[int]
+    METADATA_FIELD_NUMBER: _ClassVar[int]
+    id: str
+    key_id: str
+    key_status: KeyStatus
+    key_mode: KeyMode
+    key_ctx: bytes
+    provider_config: KeyProviderConfig
+    metadata: _common_pb2.Metadata
+    def __init__(self, id: _Optional[str] = ..., key_id: _Optional[str] = ..., key_status: _Optional[_Union[KeyStatus, str]] = ..., key_mode: _Optional[_Union[KeyMode, str]] = ..., key_ctx: _Optional[bytes] = ..., provider_config: _Optional[_Union[KeyProviderConfig, _Mapping]] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ...