From ee9bcf2719178e5a8dccca083a90313947a8a63b Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Fri, 7 Dec 2018 16:31:51 +0100 Subject: [PATCH] Switch to rego as policy decision engine (#48) Signed-off-by: aeneasr --- .circleci/config.yml | 53 +- .gitignore | 4 +- Dockerfile | 20 +- Dockerfile-alpine | 21 +- Gopkg.lock | 551 ------- Gopkg.toml | 138 -- Makefile | 42 + README.md | 34 +- UPGRADE.md | 100 ++ authentication/authenticator.go | 65 - authentication/oauth2_client_credentials.go | 92 -- .../oauth2_client_credentials_test.go | 1 - authentication/oauth2_introspection.go | 197 --- authentication/oauth2_introspection_test.go | 197 --- authentication/plaintext.go | 50 - authentication/plaintext_test.go | 50 - cmd/0_init_test.go | 18 + cmd/client/handler_helper.go | 76 - cmd/client/handler_policy.go | 306 ---- cmd/client/handler_role.go | 145 -- cmd/client/handler_warden.go | 81 - cmd/client/helper.go | 84 + cmd/{policies_import.go => engines.go} | 15 +- cmd/{policies_get.go => engines_acp.go} | 13 +- ...warden_authorize.go => engines_acp_ory.go} | 19 +- cmd/engines_acp_ory_allowed.go | 52 + ..._delete.go => engines_acp_ory_policies.go} | 13 +- cmd/engines_acp_ory_policies_delete.go | 47 + cmd/engines_acp_ory_policies_get.go | 49 + cmd/engines_acp_ory_policies_import.go | 64 + cmd/engines_acp_ory_policies_list.go | 50 + .../handler.go => engines_acp_ory_roles.go} | 24 +- cmd/engines_acp_ory_roles_delete.go | 47 + ...warden.go => engines_acp_ory_roles_get.go} | 38 +- cmd/engines_acp_ory_roles_import.go | 63 + cmd/engines_acp_ory_roles_list.go | 50 + cmd/helper_messages.go | 115 -- cmd/migrate.go | 5 - cmd/migrate_hydra.go | 40 - cmd/migrate_sql.go | 21 +- cmd/policies.go | 37 - cmd/policies_actions.go | 36 - cmd/policies_actions_add.go | 34 - cmd/policies_actions_remove.go | 34 - cmd/policies_create.go | 43 - cmd/policies_list.go | 45 - cmd/policies_resources.go | 36 - cmd/policies_resources_add.go | 34 - cmd/policies_resources_remove.go | 34 - cmd/policies_subjects.go | 36 - cmd/policies_subjects_add.go | 34 - cmd/policies_subjects_remove.go | 34 - cmd/roles.go | 37 - cmd/roles_create.go | 42 - cmd/roles_delete.go | 43 - cmd/roles_find.go | 42 - cmd/roles_get.go | 46 - cmd/roles_list.go | 53 - cmd/roles_members.go | 35 - cmd/roles_members_add.go | 41 - cmd/roles_members_remove.go | 41 - cmd/root.go | 42 +- cmd/root_test.go | 52 +- cmd/serve.go | 75 +- cmd/server/helper_server.go | 64 - cmd/server/helper_server_test.go | 248 --- cmd/server/migrate.go | 108 -- cmd/server/serve.go | 159 +- cmd/server/sql.go | 131 -- cmd/version.go | 19 +- cmd/warden_oauth2.go | 44 - cmd/warden_subject.go | 43 - doc.go | 2 +- docs/api.swagger.json | 1416 ++++++----------- engine/compiler.go | 58 + engine/doc.go | 11 + engine/engine.go | 83 + engine/ladon/doc.go | 199 +++ engine/ladon/handler.go | 495 ++++++ engine/ladon/handler_helper.go | 18 + engine/ladon/handler_helper_test.go | 189 +++ engine/ladon/handler_test.go | 212 +++ engine/ladon/policy.go | 50 + engine/ladon/rego/condition/boolean.rego | 19 + engine/ladon/rego/condition/cidr.rego | 15 + engine/ladon/rego/condition/condition.rego | 16 + engine/ladon/rego/condition/helpers.rego | 8 + .../rego/condition/resource_contains.rego | 36 + engine/ladon/rego/condition/string_equal.rego | 24 + engine/ladon/rego/condition/string_match.rego | 13 + .../rego/condition/string_pairs_equal.rego | 32 + .../rego/condition/string_subject_equal.rego | 11 + engine/ladon/rego/core/effect.rego | 10 + engine/ladon/rego/core/role.rego | 7 + engine/ladon/rego/exact/main.rego | 33 + engine/ladon/rego/exact/main_test.rego | 107 ++ engine/ladon/rego/regex/main.rego | 40 + engine/ladon/rego/regex/main_test.rego | 114 ++ engine/ladon/role.go | 18 + engine/ladon/types.go | 23 + go.mod | 46 + go.sum | 299 ++++ health/doc.go | 38 - health/handler.go | 129 -- health/handler_test.go | 74 - legacy/hydra.go | 69 - main.go | 11 +- package.json | 5 +- policy/doc.go | 116 -- policy/handler.go | 219 --- policy/sdk_test.go | 129 -- role/doc.go | 71 - role/handler.go | 338 ---- role/manager.go | 46 - role/manager_memory.go | 146 -- role/manager_sql.go | 234 --- role/manager_test.go | 87 - role/manager_test_helper.go | 90 -- role/sdk_test.go | 121 -- scripts/run-format.sh | 10 - scripts/run-gensdk.sh | 29 - scripts/run-genswag.sh | 7 - scripts/test-e2e.sh | 39 +- scripts/test-format.sh | 11 - sdk/go/keto/sdk.go | 46 - sdk/go/keto/sdk_policy.go | 11 - sdk/go/keto/sdk_role.go | 12 - sdk/go/keto/sdk_warden.go | 9 - sdk/go/keto/swagger/README.md | 88 +- ..._ory_access_control_policy_role_members.go | 19 + ...ccess_control_policy_role_members_body.go} | 6 +- sdk/go/keto/swagger/api_client.go | 4 +- sdk/go/keto/swagger/api_response.go | 2 +- .../swagger/authentication_default_session.go | 18 - ...tion_o_auth2_client_credentials_request.go | 20 - ...tion_o_auth2_client_credentials_session.go | 18 - ...ntication_o_auth2_introspection_request.go | 18 - .../swagger/authentication_o_auth2_session.go | 46 - sdk/go/keto/swagger/authorization_result.go | 15 + sdk/go/keto/swagger/configuration.go | 4 +- .../keto/swagger/{manager.go => context.go} | 4 +- .../delete_ory_access_control_policy.go | 18 + .../delete_ory_access_control_policy_role.go | 18 + .../do_ory_access_control_policies_allow.go | 16 + .../AddOryAccessControlPolicyRoleMembers.md | 12 + ...ddOryAccessControlPolicyRoleMembersBody.md | 10 + .../docs/AuthenticationDefaultSession.md | 11 - ...nticationOAuth2ClientCredentialsRequest.md | 12 - ...nticationOAuth2ClientCredentialsSession.md | 11 - .../docs/AuthenticationOAuth2Session.md | 20 - .../keto/swagger/docs/AuthorizationResult.md | 10 + .../swagger/docs/{Writer.md => Context.md} | 2 +- .../docs/DeleteOryAccessControlPolicy.md | 11 + .../docs/DeleteOryAccessControlPolicyRole.md | 11 + .../docs/DoOryAccessControlPoliciesAllow.md | 11 + sdk/go/keto/swagger/docs/EnginesApi.md | 353 ++++ .../swagger/docs/GetOryAccessControlPolicy.md | 11 + .../docs/GetOryAccessControlPolicyRole.md | 11 + sdk/go/keto/swagger/docs/HealthApi.md | 12 +- .../swagger/docs/IntrospectionResponse.md | 21 - ...ers.md => ListOryAccessControlPolicies.md} | 7 +- .../docs/ListOryAccessControlPolicyRoles.md | 12 + .../docs/OAuth2IntrospectionAuthentication.md | 9 - .../swagger/docs/OryAccessControlPolicies.md | 10 + .../swagger/docs/OryAccessControlPolicy.md | 16 + ... => OryAccessControlPolicyAllowedInput.md} | 4 +- ...{Role.md => OryAccessControlPolicyRole.md} | 2 +- ...ator.md => OryAccessControlPolicyRoles.md} | 2 +- .../swagger/docs/{Firewall.md => Policies.md} | 2 +- sdk/go/keto/swagger/docs/Policy.md | 16 - sdk/go/keto/swagger/docs/PolicyApi.md | 160 -- sdk/go/keto/swagger/docs/PolicyConditions.md | 11 - ...RemoveOryAccessControlPolicyRoleMembers.md | 12 + ...veOryAccessControlPolicyRoleMembersBody.md | 10 + sdk/go/keto/swagger/docs/RoleApi.md | 219 --- sdk/go/keto/swagger/docs/RoleMembers.md | 10 - sdk/go/keto/swagger/docs/Session.md | 10 - .../docs/SwaggerCreatePolicyParameters.md | 10 - ...rDoesWardenAllowAccessRequestParameters.md | 10 - ...rDoesWardenAllowClientRequestParameters.md | 10 - ...WardenAllowTokenAccessRequestParameters.md | 10 - .../docs/SwaggerGetPolicyParameters.md | 10 - .../swagger/docs/SwaggerListPolicyResponse.md | 10 - .../docs/SwaggerUpdatePolicyParameters.md | 11 - .../swagger/docs/SwaggerWardenBaseRequest.md | 12 - .../docs/UpsertOryAccessControlPolicy.md | 11 + .../docs/UpsertOryAccessControlPolicyRole.md | 11 + sdk/go/keto/swagger/docs/Version.md | 2 +- sdk/go/keto/swagger/docs/VersionApi.md | 6 +- sdk/go/keto/swagger/docs/WardenApi.md | 98 -- ...enOAuth2AccessTokenAuthorizationRequest.md | 14 - ...nOAuth2AccessTokenAuthorizationResponse.md | 20 - .../WardenOAuth2ClientAuthorizationRequest.md | 15 - ...WardenOAuth2ClientAuthorizationResponse.md | 11 - .../WardenSubjectAuthorizationResponse.md | 11 - sdk/go/keto/swagger/engines_api.go | 736 +++++++++ .../swagger/get_ory_access_control_policy.go | 18 + .../get_ory_access_control_policy_role.go | 18 + sdk/go/keto/swagger/health_api.go | 10 +- .../keto/swagger/health_not_ready_status.go | 2 +- sdk/go/keto/swagger/health_status.go | 2 +- sdk/go/keto/swagger/inline_response_500.go | 2 +- sdk/go/keto/swagger/introspection_response.go | 37 - .../list_ory_access_control_policies.go | 21 + .../list_ory_access_control_policy_roles.go | 21 + ...auth2_client_credentials_authentication.go | 12 - .../o_auth2_introspection_authentication.go | 12 - ...dler.go => ory_access_control_policies.go} | 8 +- .../keto/swagger/ory_access_control_policy.go | 33 + ...ry_access_control_policy_allowed_input.go} | 6 +- ...e.go => ory_access_control_policy_role.go} | 4 +- ....go => ory_access_control_policy_roles.go} | 4 +- .../keto/swagger/{firewall.go => policies.go} | 4 +- sdk/go/keto/swagger/policy.go | 33 - sdk/go/keto/swagger/policy_api.go | 345 ---- ..._ory_access_control_policy_role_members.go | 19 + ...ccess_control_policy_role_members_body.go} | 8 +- sdk/go/keto/swagger/role_api.go | 464 ------ sdk/go/keto/swagger/session.go | 13 - .../swagger_create_policy_parameters.go | 13 - ..._warden_allow_access_request_parameters.go | 13 - ..._warden_allow_client_request_parameters.go | 13 - ...n_allow_token_access_request_parameters.go | 13 - .../swagger/swagger_get_policy_parameters.go | 15 - .../swagger/swagger_list_policy_parameters.go | 18 - .../swagger/swagger_list_policy_response.go | 16 - .../swagger_update_policy_parameters.go | 16 - .../swagger/swagger_warden_base_request.go | 22 - .../upsert_ory_access_control_policy.go | 16 + .../upsert_ory_access_control_policy_role.go | 16 + sdk/go/keto/swagger/version.go | 4 +- sdk/go/keto/swagger/version_api.go | 6 +- sdk/go/keto/swagger/warden_api.go | 221 --- ...uth2_access_token_authorization_request.go | 27 - ...th2_access_token_authorization_response.go | 46 - ...en_o_auth2_client_authorization_request.go | 29 - ...n_o_auth2_client_authorization_response.go | 18 - .../warden_subject_authorization_response.go | 18 - sdk/go/keto/swagger/writer.go | 13 - sdk/js/swagger/README.md | 98 +- .../AddOryAccessControlPolicyRoleMembers.md | 10 + ...ddOryAccessControlPolicyRoleMembersBody.md | 8 + .../docs/AuthenticationDefaultSession.md | 9 - ...nticationOAuth2ClientCredentialsRequest.md | 10 - ...nticationOAuth2ClientCredentialsSession.md | 9 - ...uthenticationOAuth2IntrospectionRequest.md | 9 - .../docs/AuthenticationOAuth2Session.md | 18 - sdk/js/swagger/docs/Authenticator.md | 7 - sdk/js/swagger/docs/AuthorizationResult.md | 8 + sdk/js/swagger/docs/{Writer.md => Context.md} | 2 +- .../docs/DeleteOryAccessControlPolicy.md | 9 + .../docs/DeleteOryAccessControlPolicyRole.md | 9 + .../docs/DoOryAccessControlPoliciesAllow.md | 9 + sdk/js/swagger/docs/EnginesApi.md | 575 +++++++ .../swagger/docs/GetOryAccessControlPolicy.md | 9 + .../docs/GetOryAccessControlPolicyRole.md | 9 + sdk/js/swagger/docs/Handler.md | 9 - sdk/js/swagger/docs/HealthApi.md | 12 +- sdk/js/swagger/docs/IntrospectionResponse.md | 19 - ...ers.md => ListOryAccessControlPolicies.md} | 7 +- .../docs/ListOryAccessControlPolicyRoles.md | 10 + .../OAuth2ClientCredentialsAuthentication.md | 7 - .../docs/OAuth2IntrospectionAuthentication.md | 7 - .../swagger/docs/OryAccessControlPolicies.md | 8 + sdk/js/swagger/docs/OryAccessControlPolicy.md | 14 + ... => OryAccessControlPolicyAllowedInput.md} | 4 +- ...{Role.md => OryAccessControlPolicyRole.md} | 2 +- ...wall.md => OryAccessControlPolicyRoles.md} | 2 +- .../swagger/docs/{Manager.md => Policies.md} | 2 +- sdk/js/swagger/docs/Policy.md | 14 - sdk/js/swagger/docs/PolicyApi.md | 251 --- sdk/js/swagger/docs/PolicyConditions.md | 9 - ...RemoveOryAccessControlPolicyRoleMembers.md | 10 + ...veOryAccessControlPolicyRoleMembersBody.md | 8 + sdk/js/swagger/docs/RoleApi.md | 345 ---- sdk/js/swagger/docs/RoleMembers.md | 8 - sdk/js/swagger/docs/Session.md | 8 - .../docs/SwaggerCreatePolicyParameters.md | 8 - ...rDoesWardenAllowAccessRequestParameters.md | 8 - ...rDoesWardenAllowClientRequestParameters.md | 8 - ...WardenAllowTokenAccessRequestParameters.md | 8 - .../docs/SwaggerGetPolicyParameters.md | 8 - .../swagger/docs/SwaggerListPolicyResponse.md | 8 - .../docs/SwaggerUpdatePolicyParameters.md | 9 - .../swagger/docs/SwaggerWardenBaseRequest.md | 10 - .../docs/UpsertOryAccessControlPolicy.md | 9 + .../docs/UpsertOryAccessControlPolicyRole.md | 9 + sdk/js/swagger/docs/Version.md | 2 +- sdk/js/swagger/docs/VersionApi.md | 6 +- sdk/js/swagger/docs/WardenApi.md | 152 -- ...enOAuth2AccessTokenAuthorizationRequest.md | 12 - ...nOAuth2AccessTokenAuthorizationResponse.md | 18 - .../WardenOAuth2ClientAuthorizationRequest.md | 13 - ...WardenOAuth2ClientAuthorizationResponse.md | 9 - .../WardenSubjectAuthorizationResponse.md | 9 - sdk/js/swagger/src/ApiClient.js | 331 ++-- sdk/js/swagger/src/api/EnginesApi.js | 621 ++++++++ sdk/js/swagger/src/api/HealthApi.js | 137 +- sdk/js/swagger/src/api/PolicyApi.js | 312 ---- sdk/js/swagger/src/api/RoleApi.js | 422 ----- sdk/js/swagger/src/api/VersionApi.js | 79 +- sdk/js/swagger/src/api/WardenApi.js | 226 --- sdk/js/swagger/src/index.js | 360 +---- .../AddOryAccessControlPolicyRoleMembers.js | 102 ++ ...ddOryAccessControlPolicyRoleMembersBody.js | 83 + .../src/model/AuthenticationDefaultSession.js | 84 - ...nticationOAuth2ClientCredentialsRequest.js | 94 -- ...nticationOAuth2ClientCredentialsSession.js | 84 - ...uthenticationOAuth2IntrospectionRequest.js | 84 - .../src/model/AuthenticationOAuth2Session.js | 155 -- sdk/js/swagger/src/model/Authenticator.js | 64 - .../swagger/src/model/AuthorizationResult.js | 83 + .../src/model/{Manager.js => Context.js} | 57 +- .../src/model/DeleteOryAccessControlPolicy.js | 94 ++ .../model/DeleteOryAccessControlPolicyRole.js | 94 ++ .../model/DoOryAccessControlPoliciesAllow.js | 92 ++ sdk/js/swagger/src/model/Firewall.js | 64 - .../src/model/GetOryAccessControlPolicy.js | 94 ++ .../model/GetOryAccessControlPolicyRole.js | 94 ++ sdk/js/swagger/src/model/Handler.js | 88 - .../swagger/src/model/HealthNotReadyStatus.js | 47 +- sdk/js/swagger/src/model/HealthStatus.js | 43 +- sdk/js/swagger/src/model/InlineResponse500.js | 72 +- .../src/model/IntrospectionResponse.js | 157 -- .../src/model/ListOryAccessControlPolicies.js | 102 ++ .../model/ListOryAccessControlPolicyRoles.js | 102 ++ .../OAuth2ClientCredentialsAuthentication.js | 66 - .../OAuth2IntrospectionAuthentication.js | 66 - .../src/model/OryAccessControlPolicies.js | 83 + .../src/model/OryAccessControlPolicy.js | 137 ++ ... => OryAccessControlPolicyAllowedInput.js} | 78 +- ...{Role.js => OryAccessControlPolicyRole.js} | 62 +- .../src/model/OryAccessControlPolicyRoles.js | 79 + sdk/js/swagger/src/model/Policies.js | 79 + sdk/js/swagger/src/model/Policy.js | 135 -- sdk/js/swagger/src/model/PolicyConditions.js | 84 - ...RemoveOryAccessControlPolicyRoleMembers.js | 102 ++ ...veOryAccessControlPolicyRoleMembersBody.js | 83 + sdk/js/swagger/src/model/RoleMembers.js | 73 - sdk/js/swagger/src/model/Session.js | 76 - .../model/SwaggerCreatePolicyParameters.js | 76 - ...rDoesWardenAllowAccessRequestParameters.js | 81 - ...rDoesWardenAllowClientRequestParameters.js | 86 - ...WardenAllowTokenAccessRequestParameters.js | 86 - .../src/model/SwaggerGetPolicyParameters.js | 76 - .../src/model/SwaggerListPolicyParameters.js | 84 - .../src/model/SwaggerListPolicyResponse.js | 78 - .../model/SwaggerUpdatePolicyParameters.js | 84 - .../src/model/SwaggerWardenBaseRequest.js | 95 -- .../src/model/UpsertOryAccessControlPolicy.js | 92 ++ .../model/UpsertOryAccessControlPolicyRole.js | 92 ++ sdk/js/swagger/src/model/Version.js | 44 +- ...enOAuth2AccessTokenAuthorizationRequest.js | 110 -- ...nOAuth2AccessTokenAuthorizationResponse.js | 155 -- .../WardenOAuth2ClientAuthorizationRequest.js | 120 -- ...WardenOAuth2ClientAuthorizationResponse.js | 84 - .../WardenSubjectAuthorizationResponse.js | 84 - sdk/js/swagger/src/model/Writer.js | 65 - sdk/php/swagger/README.md | 97 +- sdk/php/swagger/autoload.php | 8 +- sdk/php/swagger/docs/Api/EnginesApi.md | 542 +++++++ sdk/php/swagger/docs/Api/HealthApi.md | 26 +- sdk/php/swagger/docs/Api/PolicyApi.md | 242 --- sdk/php/swagger/docs/Api/RoleApi.md | 331 ---- sdk/php/swagger/docs/Api/VersionApi.md | 14 +- sdk/php/swagger/docs/Api/WardenApi.md | 147 -- .../AddOryAccessControlPolicyRoleMembers.md | 12 + ...dOryAccessControlPolicyRoleMembersBody.md} | 4 +- .../Model/AuthenticationDefaultSession.md | 11 - ...nticationOAuth2ClientCredentialsRequest.md | 12 - ...nticationOAuth2ClientCredentialsSession.md | 11 - ...uthenticationOAuth2IntrospectionRequest.md | 11 - .../docs/Model/AuthenticationOAuth2Session.md | 20 - sdk/php/swagger/docs/Model/Authenticator.md | 9 - .../swagger/docs/Model/AuthorizationResult.md | 10 + .../docs/Model/{Manager.md => Context.md} | 2 +- .../Model/DeleteOryAccessControlPolicy.md} | 6 +- .../Model/DeleteOryAccessControlPolicyRole.md | 11 + .../Model/DoOryAccessControlPoliciesAllow.md | 11 + ...andler.md => GetOryAccessControlPolicy.md} | 6 +- .../Model/GetOryAccessControlPolicyRole.md | 11 + .../docs/Model/IntrospectionResponse.md | 21 - .../Model/ListOryAccessControlPolicies.md | 12 + .../Model/ListOryAccessControlPolicyRoles.md | 12 + .../OAuth2ClientCredentialsAuthentication.md | 9 - .../OAuth2IntrospectionAuthentication.md | 9 - .../docs/Model/OryAccessControlPolicies.md | 10 + .../docs/Model/OryAccessControlPolicy.md | 16 + ... => OryAccessControlPolicyAllowedInput.md} | 4 +- ...{Role.md => OryAccessControlPolicyRole.md} | 2 +- .../Model/OryAccessControlPolicyRoles.md} | 2 +- .../docs/Model/{Firewall.md => Policies.md} | 2 +- sdk/php/swagger/docs/Model/Policy.md | 16 - .../swagger/docs/Model/PolicyConditions.md | 11 - ...RemoveOryAccessControlPolicyRoleMembers.md | 12 + ...eOryAccessControlPolicyRoleMembersBody.md} | 3 +- sdk/php/swagger/docs/Model/RoleMembers.md | 10 - sdk/php/swagger/docs/Model/Session.md | 10 - ...rDoesWardenAllowAccessRequestParameters.md | 10 - ...rDoesWardenAllowClientRequestParameters.md | 10 - ...WardenAllowTokenAccessRequestParameters.md | 10 - .../docs/Model/SwaggerGetPolicyParameters.md | 10 - .../docs/Model/SwaggerListPolicyParameters.md | 11 - .../docs/Model/SwaggerListPolicyResponse.md | 10 - .../Model/SwaggerUpdatePolicyParameters.md | 11 - .../docs/Model/SwaggerWardenBaseRequest.md | 12 - .../Model/UpsertOryAccessControlPolicy.md | 11 + .../UpsertOryAccessControlPolicyRole.md} | 6 +- sdk/php/swagger/docs/Model/Version.md | 2 +- ...enOAuth2AccessTokenAuthorizationRequest.md | 14 - ...nOAuth2AccessTokenAuthorizationResponse.md | 20 - .../WardenOAuth2ClientAuthorizationRequest.md | 15 - ...WardenOAuth2ClientAuthorizationResponse.md | 11 - .../WardenSubjectAuthorizationResponse.md | 11 - sdk/php/swagger/docs/Model/Writer.md | 9 - sdk/php/swagger/lib/Api/EnginesApi.php | 1200 ++++++++++++++ sdk/php/swagger/lib/Api/HealthApi.php | 68 +- sdk/php/swagger/lib/Api/PolicyApi.php | 551 ------- sdk/php/swagger/lib/Api/RoleApi.php | 754 --------- sdk/php/swagger/lib/Api/VersionApi.php | 46 +- sdk/php/swagger/lib/Api/WardenApi.php | 360 ----- sdk/php/swagger/lib/ApiClient.php | 14 +- sdk/php/swagger/lib/ApiException.php | 8 +- sdk/php/swagger/lib/Configuration.php | 10 +- .../AddOryAccessControlPolicyRoleMembers.php | 306 ++++ ...OryAccessControlPolicyRoleMembersBody.php} | 22 +- .../Model/AuthenticationDefaultSession.php | 267 ---- ...ticationOAuth2ClientCredentialsSession.php | 267 ---- .../lib/Model/AuthenticationOAuth2Session.php | 510 ------ sdk/php/swagger/lib/Model/Authenticator.php | 218 --- .../{Session.php => AuthorizationResult.php} | 48 +- .../lib/Model/{Writer.php => Context.php} | 26 +- ...t.php => DeleteOryAccessControlPolicy.php} | 86 +- .../DeleteOryAccessControlPolicyRole.php | 279 ++++ ...hp => DoOryAccessControlPoliciesAllow.php} | 67 +- sdk/php/swagger/lib/Model/Firewall.php | 218 --- ...ters.php => GetOryAccessControlPolicy.php} | 61 +- .../Model/GetOryAccessControlPolicyRole.php | 279 ++++ sdk/php/swagger/lib/Model/Handler.php | 267 ---- .../lib/Model/HealthNotReadyStatus.php | 12 +- sdk/php/swagger/lib/Model/HealthStatus.php | 12 +- .../swagger/lib/Model/InlineResponse500.php | 12 +- .../lib/Model/IntrospectionResponse.php | 537 ------- ...s.php => ListOryAccessControlPolicies.php} | 57 +- ...hp => ListOryAccessControlPolicyRoles.php} | 108 +- .../OAuth2IntrospectionAuthentication.php | 218 --- ...eters.php => OryAccessControlPolicies.php} | 26 +- ...{Policy.php => OryAccessControlPolicy.php} | 38 +- ...=> OryAccessControlPolicyAllowedInput.php} | 22 +- ...ole.php => OryAccessControlPolicyRole.php} | 20 +- ...on.php => OryAccessControlPolicyRoles.php} | 25 +- .../lib/Model/{Manager.php => Policies.php} | 25 +- .../swagger/lib/Model/PolicyConditions.php | 267 ---- ...emoveOryAccessControlPolicyRoleMembers.php | 306 ++++ ...eOryAccessControlPolicyRoleMembersBody.php | 240 +++ ...ardenAllowTokenAccessRequestParameters.php | 240 --- .../lib/Model/SwaggerListPolicyResponse.php | 241 --- .../lib/Model/SwaggerWardenBaseRequest.php | 295 ---- ...s.php => UpsertOryAccessControlPolicy.php} | 58 +- ...p => UpsertOryAccessControlPolicyRole.php} | 67 +- sdk/php/swagger/lib/Model/Version.php | 14 +- ...nOAuth2AccessTokenAuthorizationRequest.php | 348 ---- ...OAuth2AccessTokenAuthorizationResponse.php | 510 ------ ...WardenOAuth2ClientAuthorizationRequest.php | 375 ----- ...ardenOAuth2ClientAuthorizationResponse.php | 267 ---- .../WardenSubjectAuthorizationResponse.php | 267 ---- sdk/php/swagger/lib/ObjectSerializer.php | 10 +- storage/handler.go | 118 ++ storage/handler_test.go | 130 ++ storage/manager.go | 84 + storage/manager_memory.go | 128 ++ storage/manager_sql.go | 167 ++ storage/manager_test.go | 145 ++ tests/stubs/policies.json | 34 + tests/stubs/roles.json | 4 + warden/audit_logger_logrus.go | 86 - warden/doc.go | 158 -- warden/handler.go | 111 -- warden/helper_test.go | 137 -- warden/sdk_test.go | 154 -- warden/warden.go | 59 - warden/warden_local.go | 111 -- warden/warden_test.go | 46 - x/response.go | 28 + 484 files changed, 13658 insertions(+), 24250 deletions(-) delete mode 100644 Gopkg.lock delete mode 100644 Gopkg.toml create mode 100644 Makefile delete mode 100644 authentication/authenticator.go delete mode 100644 authentication/oauth2_client_credentials.go delete mode 100644 authentication/oauth2_client_credentials_test.go delete mode 100644 authentication/oauth2_introspection.go delete mode 100644 authentication/oauth2_introspection_test.go delete mode 100644 authentication/plaintext.go delete mode 100644 authentication/plaintext_test.go create mode 100644 cmd/0_init_test.go delete mode 100644 cmd/client/handler_helper.go delete mode 100644 cmd/client/handler_policy.go delete mode 100644 cmd/client/handler_role.go delete mode 100644 cmd/client/handler_warden.go create mode 100644 cmd/client/helper.go rename cmd/{policies_import.go => engines.go} (64%) rename cmd/{policies_get.go => engines_acp.go} (69%) rename cmd/{warden_authorize.go => engines_acp_ory.go} (71%) create mode 100644 cmd/engines_acp_ory_allowed.go rename cmd/{policies_delete.go => engines_acp_ory_policies.go} (68%) create mode 100644 cmd/engines_acp_ory_policies_delete.go create mode 100644 cmd/engines_acp_ory_policies_get.go create mode 100644 cmd/engines_acp_ory_policies_import.go create mode 100644 cmd/engines_acp_ory_policies_list.go rename cmd/{client/handler.go => engines_acp_ory_roles.go} (63%) create mode 100644 cmd/engines_acp_ory_roles_delete.go rename cmd/{warden.go => engines_acp_ory_roles_get.go} (53%) create mode 100644 cmd/engines_acp_ory_roles_import.go create mode 100644 cmd/engines_acp_ory_roles_list.go delete mode 100644 cmd/helper_messages.go delete mode 100644 cmd/migrate_hydra.go delete mode 100644 cmd/policies.go delete mode 100644 cmd/policies_actions.go delete mode 100644 cmd/policies_actions_add.go delete mode 100644 cmd/policies_actions_remove.go delete mode 100644 cmd/policies_create.go delete mode 100644 cmd/policies_list.go delete mode 100644 cmd/policies_resources.go delete mode 100644 cmd/policies_resources_add.go delete mode 100644 cmd/policies_resources_remove.go delete mode 100644 cmd/policies_subjects.go delete mode 100644 cmd/policies_subjects_add.go delete mode 100644 cmd/policies_subjects_remove.go delete mode 100644 cmd/roles.go delete mode 100644 cmd/roles_create.go delete mode 100644 cmd/roles_delete.go delete mode 100644 cmd/roles_find.go delete mode 100644 cmd/roles_get.go delete mode 100644 cmd/roles_list.go delete mode 100644 cmd/roles_members.go delete mode 100644 cmd/roles_members_add.go delete mode 100644 cmd/roles_members_remove.go delete mode 100644 cmd/server/helper_server.go delete mode 100644 cmd/server/helper_server_test.go delete mode 100644 cmd/server/migrate.go delete mode 100644 cmd/server/sql.go delete mode 100644 cmd/warden_oauth2.go delete mode 100644 cmd/warden_subject.go create mode 100644 engine/compiler.go create mode 100644 engine/doc.go create mode 100644 engine/engine.go create mode 100644 engine/ladon/doc.go create mode 100644 engine/ladon/handler.go create mode 100644 engine/ladon/handler_helper.go create mode 100644 engine/ladon/handler_helper_test.go create mode 100644 engine/ladon/handler_test.go create mode 100644 engine/ladon/policy.go create mode 100644 engine/ladon/rego/condition/boolean.rego create mode 100644 engine/ladon/rego/condition/cidr.rego create mode 100644 engine/ladon/rego/condition/condition.rego create mode 100644 engine/ladon/rego/condition/helpers.rego create mode 100644 engine/ladon/rego/condition/resource_contains.rego create mode 100644 engine/ladon/rego/condition/string_equal.rego create mode 100644 engine/ladon/rego/condition/string_match.rego create mode 100644 engine/ladon/rego/condition/string_pairs_equal.rego create mode 100644 engine/ladon/rego/condition/string_subject_equal.rego create mode 100644 engine/ladon/rego/core/effect.rego create mode 100644 engine/ladon/rego/core/role.rego create mode 100644 engine/ladon/rego/exact/main.rego create mode 100644 engine/ladon/rego/exact/main_test.rego create mode 100644 engine/ladon/rego/regex/main.rego create mode 100644 engine/ladon/rego/regex/main_test.rego create mode 100644 engine/ladon/role.go create mode 100644 engine/ladon/types.go create mode 100644 go.mod create mode 100644 go.sum delete mode 100644 health/doc.go delete mode 100644 health/handler.go delete mode 100644 health/handler_test.go delete mode 100644 legacy/hydra.go delete mode 100644 policy/doc.go delete mode 100644 policy/handler.go delete mode 100644 policy/sdk_test.go delete mode 100644 role/doc.go delete mode 100644 role/handler.go delete mode 100644 role/manager.go delete mode 100644 role/manager_memory.go delete mode 100644 role/manager_sql.go delete mode 100644 role/manager_test.go delete mode 100644 role/manager_test_helper.go delete mode 100644 role/sdk_test.go delete mode 100755 scripts/run-format.sh delete mode 100755 scripts/run-gensdk.sh delete mode 100755 scripts/run-genswag.sh delete mode 100755 scripts/test-format.sh delete mode 100644 sdk/go/keto/sdk.go delete mode 100644 sdk/go/keto/sdk_policy.go delete mode 100644 sdk/go/keto/sdk_role.go delete mode 100644 sdk/go/keto/sdk_warden.go create mode 100644 sdk/go/keto/swagger/add_ory_access_control_policy_role_members.go rename sdk/go/keto/swagger/{role_members.go => add_ory_access_control_policy_role_members_body.go} (65%) delete mode 100644 sdk/go/keto/swagger/authentication_default_session.go delete mode 100644 sdk/go/keto/swagger/authentication_o_auth2_client_credentials_request.go delete mode 100644 sdk/go/keto/swagger/authentication_o_auth2_client_credentials_session.go delete mode 100644 sdk/go/keto/swagger/authentication_o_auth2_introspection_request.go delete mode 100644 sdk/go/keto/swagger/authentication_o_auth2_session.go create mode 100644 sdk/go/keto/swagger/authorization_result.go rename sdk/go/keto/swagger/{manager.go => context.go} (77%) create mode 100644 sdk/go/keto/swagger/delete_ory_access_control_policy.go create mode 100644 sdk/go/keto/swagger/delete_ory_access_control_policy_role.go create mode 100644 sdk/go/keto/swagger/do_ory_access_control_policies_allow.go create mode 100644 sdk/go/keto/swagger/docs/AddOryAccessControlPolicyRoleMembers.md create mode 100644 sdk/go/keto/swagger/docs/AddOryAccessControlPolicyRoleMembersBody.md delete mode 100644 sdk/go/keto/swagger/docs/AuthenticationDefaultSession.md delete mode 100644 sdk/go/keto/swagger/docs/AuthenticationOAuth2ClientCredentialsRequest.md delete mode 100644 sdk/go/keto/swagger/docs/AuthenticationOAuth2ClientCredentialsSession.md delete mode 100644 sdk/go/keto/swagger/docs/AuthenticationOAuth2Session.md create mode 100644 sdk/go/keto/swagger/docs/AuthorizationResult.md rename sdk/go/keto/swagger/docs/{Writer.md => Context.md} (96%) create mode 100644 sdk/go/keto/swagger/docs/DeleteOryAccessControlPolicy.md create mode 100644 sdk/go/keto/swagger/docs/DeleteOryAccessControlPolicyRole.md create mode 100644 sdk/go/keto/swagger/docs/DoOryAccessControlPoliciesAllow.md create mode 100644 sdk/go/keto/swagger/docs/EnginesApi.md create mode 100644 sdk/go/keto/swagger/docs/GetOryAccessControlPolicy.md create mode 100644 sdk/go/keto/swagger/docs/GetOryAccessControlPolicyRole.md delete mode 100644 sdk/go/keto/swagger/docs/IntrospectionResponse.md rename sdk/go/keto/swagger/docs/{SwaggerListPolicyParameters.md => ListOryAccessControlPolicies.md} (60%) create mode 100644 sdk/go/keto/swagger/docs/ListOryAccessControlPolicyRoles.md delete mode 100644 sdk/go/keto/swagger/docs/OAuth2IntrospectionAuthentication.md create mode 100644 sdk/go/keto/swagger/docs/OryAccessControlPolicies.md create mode 100644 sdk/go/keto/swagger/docs/OryAccessControlPolicy.md rename sdk/go/keto/swagger/docs/{WardenSubjectAuthorizationRequest.md => OryAccessControlPolicyAllowedInput.md} (87%) rename sdk/go/keto/swagger/docs/{Role.md => OryAccessControlPolicyRole.md} (94%) rename sdk/go/keto/swagger/docs/{Authenticator.md => OryAccessControlPolicyRoles.md} (90%) rename sdk/go/keto/swagger/docs/{Firewall.md => Policies.md} (96%) delete mode 100644 sdk/go/keto/swagger/docs/Policy.md delete mode 100644 sdk/go/keto/swagger/docs/PolicyApi.md delete mode 100644 sdk/go/keto/swagger/docs/PolicyConditions.md create mode 100644 sdk/go/keto/swagger/docs/RemoveOryAccessControlPolicyRoleMembers.md create mode 100644 sdk/go/keto/swagger/docs/RemoveOryAccessControlPolicyRoleMembersBody.md delete mode 100644 sdk/go/keto/swagger/docs/RoleApi.md delete mode 100644 sdk/go/keto/swagger/docs/RoleMembers.md delete mode 100644 sdk/go/keto/swagger/docs/Session.md delete mode 100644 sdk/go/keto/swagger/docs/SwaggerCreatePolicyParameters.md delete mode 100644 sdk/go/keto/swagger/docs/SwaggerDoesWardenAllowAccessRequestParameters.md delete mode 100644 sdk/go/keto/swagger/docs/SwaggerDoesWardenAllowClientRequestParameters.md delete mode 100644 sdk/go/keto/swagger/docs/SwaggerDoesWardenAllowTokenAccessRequestParameters.md delete mode 100644 sdk/go/keto/swagger/docs/SwaggerGetPolicyParameters.md delete mode 100644 sdk/go/keto/swagger/docs/SwaggerListPolicyResponse.md delete mode 100644 sdk/go/keto/swagger/docs/SwaggerUpdatePolicyParameters.md delete mode 100644 sdk/go/keto/swagger/docs/SwaggerWardenBaseRequest.md create mode 100644 sdk/go/keto/swagger/docs/UpsertOryAccessControlPolicy.md create mode 100644 sdk/go/keto/swagger/docs/UpsertOryAccessControlPolicyRole.md delete mode 100644 sdk/go/keto/swagger/docs/WardenApi.md delete mode 100644 sdk/go/keto/swagger/docs/WardenOAuth2AccessTokenAuthorizationRequest.md delete mode 100644 sdk/go/keto/swagger/docs/WardenOAuth2AccessTokenAuthorizationResponse.md delete mode 100644 sdk/go/keto/swagger/docs/WardenOAuth2ClientAuthorizationRequest.md delete mode 100644 sdk/go/keto/swagger/docs/WardenOAuth2ClientAuthorizationResponse.md delete mode 100644 sdk/go/keto/swagger/docs/WardenSubjectAuthorizationResponse.md create mode 100644 sdk/go/keto/swagger/engines_api.go create mode 100644 sdk/go/keto/swagger/get_ory_access_control_policy.go create mode 100644 sdk/go/keto/swagger/get_ory_access_control_policy_role.go delete mode 100644 sdk/go/keto/swagger/introspection_response.go create mode 100644 sdk/go/keto/swagger/list_ory_access_control_policies.go create mode 100644 sdk/go/keto/swagger/list_ory_access_control_policy_roles.go delete mode 100644 sdk/go/keto/swagger/o_auth2_client_credentials_authentication.go delete mode 100644 sdk/go/keto/swagger/o_auth2_introspection_authentication.go rename sdk/go/keto/swagger/{handler.go => ory_access_control_policies.go} (54%) create mode 100644 sdk/go/keto/swagger/ory_access_control_policy.go rename sdk/go/keto/swagger/{warden_subject_authorization_request.go => ory_access_control_policy_allowed_input.go} (80%) rename sdk/go/keto/swagger/{role.go => ory_access_control_policy_role.go} (87%) rename sdk/go/keto/swagger/{authenticator.go => ory_access_control_policy_roles.go} (70%) rename sdk/go/keto/swagger/{firewall.go => policies.go} (77%) delete mode 100644 sdk/go/keto/swagger/policy.go delete mode 100644 sdk/go/keto/swagger/policy_api.go create mode 100644 sdk/go/keto/swagger/remove_ory_access_control_policy_role_members.go rename sdk/go/keto/swagger/{policy_conditions.go => remove_ory_access_control_policy_role_members_body.go} (50%) delete mode 100644 sdk/go/keto/swagger/role_api.go delete mode 100644 sdk/go/keto/swagger/session.go delete mode 100644 sdk/go/keto/swagger/swagger_create_policy_parameters.go delete mode 100644 sdk/go/keto/swagger/swagger_does_warden_allow_access_request_parameters.go delete mode 100644 sdk/go/keto/swagger/swagger_does_warden_allow_client_request_parameters.go delete mode 100644 sdk/go/keto/swagger/swagger_does_warden_allow_token_access_request_parameters.go delete mode 100644 sdk/go/keto/swagger/swagger_get_policy_parameters.go delete mode 100644 sdk/go/keto/swagger/swagger_list_policy_parameters.go delete mode 100644 sdk/go/keto/swagger/swagger_list_policy_response.go delete mode 100644 sdk/go/keto/swagger/swagger_update_policy_parameters.go delete mode 100644 sdk/go/keto/swagger/swagger_warden_base_request.go create mode 100644 sdk/go/keto/swagger/upsert_ory_access_control_policy.go create mode 100644 sdk/go/keto/swagger/upsert_ory_access_control_policy_role.go delete mode 100644 sdk/go/keto/swagger/warden_api.go delete mode 100644 sdk/go/keto/swagger/warden_o_auth2_access_token_authorization_request.go delete mode 100644 sdk/go/keto/swagger/warden_o_auth2_access_token_authorization_response.go delete mode 100644 sdk/go/keto/swagger/warden_o_auth2_client_authorization_request.go delete mode 100644 sdk/go/keto/swagger/warden_o_auth2_client_authorization_response.go delete mode 100644 sdk/go/keto/swagger/warden_subject_authorization_response.go delete mode 100644 sdk/go/keto/swagger/writer.go create mode 100644 sdk/js/swagger/docs/AddOryAccessControlPolicyRoleMembers.md create mode 100644 sdk/js/swagger/docs/AddOryAccessControlPolicyRoleMembersBody.md delete mode 100644 sdk/js/swagger/docs/AuthenticationDefaultSession.md delete mode 100644 sdk/js/swagger/docs/AuthenticationOAuth2ClientCredentialsRequest.md delete mode 100644 sdk/js/swagger/docs/AuthenticationOAuth2ClientCredentialsSession.md delete mode 100644 sdk/js/swagger/docs/AuthenticationOAuth2IntrospectionRequest.md delete mode 100644 sdk/js/swagger/docs/AuthenticationOAuth2Session.md delete mode 100644 sdk/js/swagger/docs/Authenticator.md create mode 100644 sdk/js/swagger/docs/AuthorizationResult.md rename sdk/js/swagger/docs/{Writer.md => Context.md} (81%) create mode 100644 sdk/js/swagger/docs/DeleteOryAccessControlPolicy.md create mode 100644 sdk/js/swagger/docs/DeleteOryAccessControlPolicyRole.md create mode 100644 sdk/js/swagger/docs/DoOryAccessControlPoliciesAllow.md create mode 100644 sdk/js/swagger/docs/EnginesApi.md create mode 100644 sdk/js/swagger/docs/GetOryAccessControlPolicy.md create mode 100644 sdk/js/swagger/docs/GetOryAccessControlPolicyRole.md delete mode 100644 sdk/js/swagger/docs/Handler.md delete mode 100644 sdk/js/swagger/docs/IntrospectionResponse.md rename sdk/js/swagger/docs/{SwaggerListPolicyParameters.md => ListOryAccessControlPolicies.md} (51%) create mode 100644 sdk/js/swagger/docs/ListOryAccessControlPolicyRoles.md delete mode 100644 sdk/js/swagger/docs/OAuth2ClientCredentialsAuthentication.md delete mode 100644 sdk/js/swagger/docs/OAuth2IntrospectionAuthentication.md create mode 100644 sdk/js/swagger/docs/OryAccessControlPolicies.md create mode 100644 sdk/js/swagger/docs/OryAccessControlPolicy.md rename sdk/js/swagger/docs/{WardenSubjectAuthorizationRequest.md => OryAccessControlPolicyAllowedInput.md} (78%) rename sdk/js/swagger/docs/{Role.md => OryAccessControlPolicyRole.md} (85%) rename sdk/js/swagger/docs/{Firewall.md => OryAccessControlPolicyRoles.md} (70%) rename sdk/js/swagger/docs/{Manager.md => Policies.md} (80%) delete mode 100644 sdk/js/swagger/docs/Policy.md delete mode 100644 sdk/js/swagger/docs/PolicyApi.md delete mode 100644 sdk/js/swagger/docs/PolicyConditions.md create mode 100644 sdk/js/swagger/docs/RemoveOryAccessControlPolicyRoleMembers.md create mode 100644 sdk/js/swagger/docs/RemoveOryAccessControlPolicyRoleMembersBody.md delete mode 100644 sdk/js/swagger/docs/RoleApi.md delete mode 100644 sdk/js/swagger/docs/RoleMembers.md delete mode 100644 sdk/js/swagger/docs/Session.md delete mode 100644 sdk/js/swagger/docs/SwaggerCreatePolicyParameters.md delete mode 100644 sdk/js/swagger/docs/SwaggerDoesWardenAllowAccessRequestParameters.md delete mode 100644 sdk/js/swagger/docs/SwaggerDoesWardenAllowClientRequestParameters.md delete mode 100644 sdk/js/swagger/docs/SwaggerDoesWardenAllowTokenAccessRequestParameters.md delete mode 100644 sdk/js/swagger/docs/SwaggerGetPolicyParameters.md delete mode 100644 sdk/js/swagger/docs/SwaggerListPolicyResponse.md delete mode 100644 sdk/js/swagger/docs/SwaggerUpdatePolicyParameters.md delete mode 100644 sdk/js/swagger/docs/SwaggerWardenBaseRequest.md create mode 100644 sdk/js/swagger/docs/UpsertOryAccessControlPolicy.md create mode 100644 sdk/js/swagger/docs/UpsertOryAccessControlPolicyRole.md delete mode 100644 sdk/js/swagger/docs/WardenApi.md delete mode 100644 sdk/js/swagger/docs/WardenOAuth2AccessTokenAuthorizationRequest.md delete mode 100644 sdk/js/swagger/docs/WardenOAuth2AccessTokenAuthorizationResponse.md delete mode 100644 sdk/js/swagger/docs/WardenOAuth2ClientAuthorizationRequest.md delete mode 100644 sdk/js/swagger/docs/WardenOAuth2ClientAuthorizationResponse.md delete mode 100644 sdk/js/swagger/docs/WardenSubjectAuthorizationResponse.md create mode 100644 sdk/js/swagger/src/api/EnginesApi.js delete mode 100644 sdk/js/swagger/src/api/PolicyApi.js delete mode 100644 sdk/js/swagger/src/api/RoleApi.js delete mode 100644 sdk/js/swagger/src/api/WardenApi.js create mode 100644 sdk/js/swagger/src/model/AddOryAccessControlPolicyRoleMembers.js create mode 100644 sdk/js/swagger/src/model/AddOryAccessControlPolicyRoleMembersBody.js delete mode 100644 sdk/js/swagger/src/model/AuthenticationDefaultSession.js delete mode 100644 sdk/js/swagger/src/model/AuthenticationOAuth2ClientCredentialsRequest.js delete mode 100644 sdk/js/swagger/src/model/AuthenticationOAuth2ClientCredentialsSession.js delete mode 100644 sdk/js/swagger/src/model/AuthenticationOAuth2IntrospectionRequest.js delete mode 100644 sdk/js/swagger/src/model/AuthenticationOAuth2Session.js delete mode 100644 sdk/js/swagger/src/model/Authenticator.js create mode 100644 sdk/js/swagger/src/model/AuthorizationResult.js rename sdk/js/swagger/src/model/{Manager.js => Context.js} (55%) create mode 100644 sdk/js/swagger/src/model/DeleteOryAccessControlPolicy.js create mode 100644 sdk/js/swagger/src/model/DeleteOryAccessControlPolicyRole.js create mode 100644 sdk/js/swagger/src/model/DoOryAccessControlPoliciesAllow.js delete mode 100644 sdk/js/swagger/src/model/Firewall.js create mode 100644 sdk/js/swagger/src/model/GetOryAccessControlPolicy.js create mode 100644 sdk/js/swagger/src/model/GetOryAccessControlPolicyRole.js delete mode 100644 sdk/js/swagger/src/model/Handler.js delete mode 100644 sdk/js/swagger/src/model/IntrospectionResponse.js create mode 100644 sdk/js/swagger/src/model/ListOryAccessControlPolicies.js create mode 100644 sdk/js/swagger/src/model/ListOryAccessControlPolicyRoles.js delete mode 100644 sdk/js/swagger/src/model/OAuth2ClientCredentialsAuthentication.js delete mode 100644 sdk/js/swagger/src/model/OAuth2IntrospectionAuthentication.js create mode 100644 sdk/js/swagger/src/model/OryAccessControlPolicies.js create mode 100644 sdk/js/swagger/src/model/OryAccessControlPolicy.js rename sdk/js/swagger/src/model/{WardenSubjectAuthorizationRequest.js => OryAccessControlPolicyAllowedInput.js} (57%) rename sdk/js/swagger/src/model/{Role.js => OryAccessControlPolicyRole.js} (58%) create mode 100644 sdk/js/swagger/src/model/OryAccessControlPolicyRoles.js create mode 100644 sdk/js/swagger/src/model/Policies.js delete mode 100644 sdk/js/swagger/src/model/Policy.js delete mode 100644 sdk/js/swagger/src/model/PolicyConditions.js create mode 100644 sdk/js/swagger/src/model/RemoveOryAccessControlPolicyRoleMembers.js create mode 100644 sdk/js/swagger/src/model/RemoveOryAccessControlPolicyRoleMembersBody.js delete mode 100644 sdk/js/swagger/src/model/RoleMembers.js delete mode 100644 sdk/js/swagger/src/model/Session.js delete mode 100644 sdk/js/swagger/src/model/SwaggerCreatePolicyParameters.js delete mode 100644 sdk/js/swagger/src/model/SwaggerDoesWardenAllowAccessRequestParameters.js delete mode 100644 sdk/js/swagger/src/model/SwaggerDoesWardenAllowClientRequestParameters.js delete mode 100644 sdk/js/swagger/src/model/SwaggerDoesWardenAllowTokenAccessRequestParameters.js delete mode 100644 sdk/js/swagger/src/model/SwaggerGetPolicyParameters.js delete mode 100644 sdk/js/swagger/src/model/SwaggerListPolicyParameters.js delete mode 100644 sdk/js/swagger/src/model/SwaggerListPolicyResponse.js delete mode 100644 sdk/js/swagger/src/model/SwaggerUpdatePolicyParameters.js delete mode 100644 sdk/js/swagger/src/model/SwaggerWardenBaseRequest.js create mode 100644 sdk/js/swagger/src/model/UpsertOryAccessControlPolicy.js create mode 100644 sdk/js/swagger/src/model/UpsertOryAccessControlPolicyRole.js delete mode 100644 sdk/js/swagger/src/model/WardenOAuth2AccessTokenAuthorizationRequest.js delete mode 100644 sdk/js/swagger/src/model/WardenOAuth2AccessTokenAuthorizationResponse.js delete mode 100644 sdk/js/swagger/src/model/WardenOAuth2ClientAuthorizationRequest.js delete mode 100644 sdk/js/swagger/src/model/WardenOAuth2ClientAuthorizationResponse.js delete mode 100644 sdk/js/swagger/src/model/WardenSubjectAuthorizationResponse.js delete mode 100644 sdk/js/swagger/src/model/Writer.js create mode 100644 sdk/php/swagger/docs/Api/EnginesApi.md delete mode 100644 sdk/php/swagger/docs/Api/PolicyApi.md delete mode 100644 sdk/php/swagger/docs/Api/RoleApi.md delete mode 100644 sdk/php/swagger/docs/Api/WardenApi.md create mode 100644 sdk/php/swagger/docs/Model/AddOryAccessControlPolicyRoleMembers.md rename sdk/php/swagger/docs/Model/{SwaggerCreatePolicyParameters.md => AddOryAccessControlPolicyRoleMembersBody.md} (72%) delete mode 100644 sdk/php/swagger/docs/Model/AuthenticationDefaultSession.md delete mode 100644 sdk/php/swagger/docs/Model/AuthenticationOAuth2ClientCredentialsRequest.md delete mode 100644 sdk/php/swagger/docs/Model/AuthenticationOAuth2ClientCredentialsSession.md delete mode 100644 sdk/php/swagger/docs/Model/AuthenticationOAuth2IntrospectionRequest.md delete mode 100644 sdk/php/swagger/docs/Model/AuthenticationOAuth2Session.md delete mode 100644 sdk/php/swagger/docs/Model/Authenticator.md create mode 100644 sdk/php/swagger/docs/Model/AuthorizationResult.md rename sdk/php/swagger/docs/Model/{Manager.md => Context.md} (96%) rename sdk/{go/keto/swagger/docs/AuthenticationOAuth2IntrospectionRequest.md => php/swagger/docs/Model/DeleteOryAccessControlPolicy.md} (53%) create mode 100644 sdk/php/swagger/docs/Model/DeleteOryAccessControlPolicyRole.md create mode 100644 sdk/php/swagger/docs/Model/DoOryAccessControlPoliciesAllow.md rename sdk/php/swagger/docs/Model/{Handler.md => GetOryAccessControlPolicy.md} (53%) create mode 100644 sdk/php/swagger/docs/Model/GetOryAccessControlPolicyRole.md delete mode 100644 sdk/php/swagger/docs/Model/IntrospectionResponse.md create mode 100644 sdk/php/swagger/docs/Model/ListOryAccessControlPolicies.md create mode 100644 sdk/php/swagger/docs/Model/ListOryAccessControlPolicyRoles.md delete mode 100644 sdk/php/swagger/docs/Model/OAuth2ClientCredentialsAuthentication.md delete mode 100644 sdk/php/swagger/docs/Model/OAuth2IntrospectionAuthentication.md create mode 100644 sdk/php/swagger/docs/Model/OryAccessControlPolicies.md create mode 100644 sdk/php/swagger/docs/Model/OryAccessControlPolicy.md rename sdk/php/swagger/docs/Model/{WardenSubjectAuthorizationRequest.md => OryAccessControlPolicyAllowedInput.md} (85%) rename sdk/php/swagger/docs/Model/{Role.md => OryAccessControlPolicyRole.md} (93%) rename sdk/{go/keto/swagger/docs/Manager.md => php/swagger/docs/Model/OryAccessControlPolicyRoles.md} (90%) rename sdk/php/swagger/docs/Model/{Firewall.md => Policies.md} (96%) delete mode 100644 sdk/php/swagger/docs/Model/Policy.md delete mode 100644 sdk/php/swagger/docs/Model/PolicyConditions.md create mode 100644 sdk/php/swagger/docs/Model/RemoveOryAccessControlPolicyRoleMembers.md rename sdk/{go/keto/swagger/docs/OAuth2ClientCredentialsAuthentication.md => php/swagger/docs/Model/RemoveOryAccessControlPolicyRoleMembersBody.md} (70%) delete mode 100644 sdk/php/swagger/docs/Model/RoleMembers.md delete mode 100644 sdk/php/swagger/docs/Model/Session.md delete mode 100644 sdk/php/swagger/docs/Model/SwaggerDoesWardenAllowAccessRequestParameters.md delete mode 100644 sdk/php/swagger/docs/Model/SwaggerDoesWardenAllowClientRequestParameters.md delete mode 100644 sdk/php/swagger/docs/Model/SwaggerDoesWardenAllowTokenAccessRequestParameters.md delete mode 100644 sdk/php/swagger/docs/Model/SwaggerGetPolicyParameters.md delete mode 100644 sdk/php/swagger/docs/Model/SwaggerListPolicyParameters.md delete mode 100644 sdk/php/swagger/docs/Model/SwaggerListPolicyResponse.md delete mode 100644 sdk/php/swagger/docs/Model/SwaggerUpdatePolicyParameters.md delete mode 100644 sdk/php/swagger/docs/Model/SwaggerWardenBaseRequest.md create mode 100644 sdk/php/swagger/docs/Model/UpsertOryAccessControlPolicy.md rename sdk/{go/keto/swagger/docs/Handler.md => php/swagger/docs/Model/UpsertOryAccessControlPolicyRole.md} (50%) delete mode 100644 sdk/php/swagger/docs/Model/WardenOAuth2AccessTokenAuthorizationRequest.md delete mode 100644 sdk/php/swagger/docs/Model/WardenOAuth2AccessTokenAuthorizationResponse.md delete mode 100644 sdk/php/swagger/docs/Model/WardenOAuth2ClientAuthorizationRequest.md delete mode 100644 sdk/php/swagger/docs/Model/WardenOAuth2ClientAuthorizationResponse.md delete mode 100644 sdk/php/swagger/docs/Model/WardenSubjectAuthorizationResponse.md delete mode 100644 sdk/php/swagger/docs/Model/Writer.md create mode 100644 sdk/php/swagger/lib/Api/EnginesApi.php delete mode 100644 sdk/php/swagger/lib/Api/PolicyApi.php delete mode 100644 sdk/php/swagger/lib/Api/RoleApi.php delete mode 100644 sdk/php/swagger/lib/Api/WardenApi.php create mode 100644 sdk/php/swagger/lib/Model/AddOryAccessControlPolicyRoleMembers.php rename sdk/php/swagger/lib/Model/{RoleMembers.php => AddOryAccessControlPolicyRoleMembersBody.php} (88%) delete mode 100644 sdk/php/swagger/lib/Model/AuthenticationDefaultSession.php delete mode 100644 sdk/php/swagger/lib/Model/AuthenticationOAuth2ClientCredentialsSession.php delete mode 100644 sdk/php/swagger/lib/Model/AuthenticationOAuth2Session.php delete mode 100644 sdk/php/swagger/lib/Model/Authenticator.php rename sdk/php/swagger/lib/Model/{Session.php => AuthorizationResult.php} (79%) rename sdk/php/swagger/lib/Model/{Writer.php => Context.php} (87%) rename sdk/php/swagger/lib/Model/{AuthenticationOAuth2IntrospectionRequest.php => DeleteOryAccessControlPolicy.php} (68%) create mode 100644 sdk/php/swagger/lib/Model/DeleteOryAccessControlPolicyRole.php rename sdk/php/swagger/lib/Model/{SwaggerDoesWardenAllowClientRequestParameters.php => DoOryAccessControlPoliciesAllow.php} (72%) delete mode 100644 sdk/php/swagger/lib/Model/Firewall.php rename sdk/php/swagger/lib/Model/{SwaggerGetPolicyParameters.php => GetOryAccessControlPolicy.php} (73%) create mode 100644 sdk/php/swagger/lib/Model/GetOryAccessControlPolicyRole.php delete mode 100644 sdk/php/swagger/lib/Model/Handler.php delete mode 100644 sdk/php/swagger/lib/Model/IntrospectionResponse.php rename sdk/php/swagger/lib/Model/{SwaggerListPolicyParameters.php => ListOryAccessControlPolicies.php} (78%) rename sdk/php/swagger/lib/Model/{AuthenticationOAuth2ClientCredentialsRequest.php => ListOryAccessControlPolicyRoles.php} (65%) delete mode 100644 sdk/php/swagger/lib/Model/OAuth2IntrospectionAuthentication.php rename sdk/php/swagger/lib/Model/{SwaggerCreatePolicyParameters.php => OryAccessControlPolicies.php} (86%) rename sdk/php/swagger/lib/Model/{Policy.php => OryAccessControlPolicy.php} (85%) rename sdk/php/swagger/lib/Model/{WardenSubjectAuthorizationRequest.php => OryAccessControlPolicyAllowedInput.php} (91%) rename sdk/php/swagger/lib/Model/{Role.php => OryAccessControlPolicyRole.php} (91%) rename sdk/php/swagger/lib/Model/{OAuth2ClientCredentialsAuthentication.php => OryAccessControlPolicyRoles.php} (86%) rename sdk/php/swagger/lib/Model/{Manager.php => Policies.php} (87%) delete mode 100644 sdk/php/swagger/lib/Model/PolicyConditions.php create mode 100644 sdk/php/swagger/lib/Model/RemoveOryAccessControlPolicyRoleMembers.php create mode 100644 sdk/php/swagger/lib/Model/RemoveOryAccessControlPolicyRoleMembersBody.php delete mode 100644 sdk/php/swagger/lib/Model/SwaggerDoesWardenAllowTokenAccessRequestParameters.php delete mode 100644 sdk/php/swagger/lib/Model/SwaggerListPolicyResponse.php delete mode 100644 sdk/php/swagger/lib/Model/SwaggerWardenBaseRequest.php rename sdk/php/swagger/lib/Model/{SwaggerUpdatePolicyParameters.php => UpsertOryAccessControlPolicy.php} (76%) rename sdk/php/swagger/lib/Model/{SwaggerDoesWardenAllowAccessRequestParameters.php => UpsertOryAccessControlPolicyRole.php} (72%) delete mode 100644 sdk/php/swagger/lib/Model/WardenOAuth2AccessTokenAuthorizationRequest.php delete mode 100644 sdk/php/swagger/lib/Model/WardenOAuth2AccessTokenAuthorizationResponse.php delete mode 100644 sdk/php/swagger/lib/Model/WardenOAuth2ClientAuthorizationRequest.php delete mode 100644 sdk/php/swagger/lib/Model/WardenOAuth2ClientAuthorizationResponse.php delete mode 100644 sdk/php/swagger/lib/Model/WardenSubjectAuthorizationResponse.php create mode 100644 storage/handler.go create mode 100644 storage/handler_test.go create mode 100644 storage/manager.go create mode 100644 storage/manager_memory.go create mode 100644 storage/manager_sql.go create mode 100644 storage/manager_test.go create mode 100644 tests/stubs/policies.json create mode 100644 tests/stubs/roles.json delete mode 100644 warden/audit_logger_logrus.go delete mode 100644 warden/doc.go delete mode 100644 warden/handler.go delete mode 100644 warden/helper_test.go delete mode 100644 warden/sdk_test.go delete mode 100644 warden/warden.go delete mode 100644 warden/warden_local.go delete mode 100644 warden/warden_test.go create mode 100644 x/response.go diff --git a/.circleci/config.yml b/.circleci/config.yml index 5c1894c4c..00a549458 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -5,40 +5,46 @@ version: 2 jobs: format: docker: - - image: circleci/golang:1.10 + - image: circleci/golang:1.11 working_directory: /go/src/github.com/ory/keto steps: - checkout - - run: curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh - - run: go get -u golang.org/x/tools/cmd/goimports - - run: dep ensure -vendor-only - - run: ./scripts/test-format.sh + - run: + name: Enable go1.11 modules + command: | + echo 'export GO111MODULE=on' >> $BASH_ENV + source $BASH_ENV + - run: curl -L https://git.io/vp6lP | sh + - run: mv ./bin/* $GOPATH/bin + - run: go mod download + - run: gometalinter --disable-all --enable=gofmt --enable=vet --enable=gosec --vendor ./... swagger: docker: - - image: circleci/golang:1.10 + - image: circleci/golang:1.11 working_directory: /go/src/github.com/ory/keto steps: - checkout - - run: curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh - - run: go get -u github.com/go-swagger/go-swagger/cmd/swagger golang.org/x/tools/cmd/goimports - - run: dep ensure -vendor-only - - run: ./scripts/run-genswag.sh + - run: make init + - run: make sdk + - run: git add -A && git diff --exit-code release-npm: docker: - image: circleci/node:8.9.3 - working_directory: ~/keto + working_directory: ~/hydra steps: - checkout - run: echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc - run: | npm version -f --no-git-tag-version $CIRCLE_TAG - - run: npm publish --access public + - run: npm view ory-hydra-sdk + - run: npm whoami + - run: npm publish test: docker: - - image: circleci/golang:1.10 + - image: circleci/golang:1.11 environment: - TEST_DATABASE_POSTGRESQL=postgres://test:test@localhost:5432/keto?sslmode=disable - TEST_DATABASE_MYSQL=root:test@(localhost:3306)/mysql?parseTime=true @@ -52,18 +58,22 @@ jobs: - MYSQL_ROOT_PASSWORD=test working_directory: /go/src/github.com/ory/keto steps: + - run: + name: Enable go1.11 modules + command: | + echo 'export GO111MODULE=on' >> $BASH_ENV + source $BASH_ENV - checkout - run: go get -u github.com/go-swagger/go-swagger/cmd/swagger github.com/bradfitz/goimports github.com/mattn/goveralls golang.org/x/tools/cmd/cover github.com/ory/go-acc - - run: curl -L -s https://github.com/golang/dep/releases/download/v0.4.1/dep-linux-amd64 -o /go/bin/dep && chmod +x /go/bin/dep # Installation - - run: curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash - - - run: dep ensure -vendor-only + - run: go mod verify - run: go install github.com/ory/keto # Tests - run: go test -race -short -v $(go list ./... | grep -v cmd) - - run: go-acc -o coverage.txt ./... -- -v -failfast + - run: go-acc -v -o coverage.txt ./... + - run: ./scripts/test-e2e.sh # Submit coverage details - run: test -z "$CIRCLE_PR_NUMBER" && goveralls -service=circle-ci -coverprofile=coverage.txt -repotoken=$COVERALLS_REPO_TOKEN || echo "forks are not allowed to push to coveralls" @@ -126,13 +136,16 @@ jobs: release-binaries: docker: - - image: circleci/golang:1.10 + - image: circleci/golang:1.11 working_directory: /go/src/github.com/ory/keto steps: + - run: + name: Update PATH and Define Environment Variable at Runtime + command: | + echo 'export GO111MODULE=on' >> $BASH_ENV + source $BASH_ENV - checkout - - run: curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh - run: go get -u github.com/mitchellh/gox github.com/tcnksm/ghr - - run: dep ensure -vendor-only - run: | gox -parallel=2 -ldflags "-X github.com/ory/keto/cmd.Version=`git describe --tags` -X github.com/ory/keto/cmd.BuildTime=`TZ=UTC date -u '+%Y-%m-%dT%H:%M:%SZ'` -X github.com/ory/keto/cmd.GitHash=`git rev-parse HEAD`" -output "dist/{{.Dir}}-{{.OS}}-{{.Arch}}"; - run: ghr -t $GITHUB_TOKEN -u $CIRCLE_PROJECT_USERNAME -r $CIRCLE_PROJECT_REPONAME --replace `git describe --tags` dist/ diff --git a/.gitignore b/.gitignore index 18ce2feee..859fd0dd3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ node_modules/ -vendor/ .idea/ -coverage.txt \ No newline at end of file +coverage.txt +vendor/ diff --git a/Dockerfile b/Dockerfile index 068a83540..680f1d814 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,20 +1,26 @@ -FROM golang:1.10-alpine +FROM golang:1.11-alpine ARG git_tag ARG git_commit -RUN apk add --no-cache git build-base curl -RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh +RUN apk add --no-cache git build-base WORKDIR /go/src/github.com/ory/keto -ADD ./Gopkg.lock ./Gopkg.lock -ADD ./Gopkg.toml ./Gopkg.toml -RUN dep ensure -vendor-only +RUN go get -u github.com/gobuffalo/packr/packr + +ENV GO111MODULE=on + +ADD go.mod go.mod +ADD go.sum go.sum + +RUN go mod download ADD . . -RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-s -X github.com/ory/keto/cmd.Version=$git_tag -X github.com/ory/keto/cmd.BuildTime=`TZ=UTC date -u '+%Y-%m-%dT%H:%M:%SZ'` -X github.com/ory/keto/cmd.GitHash=$git_commit" -a -installsuffix cgo -o keto +RUN go mod verify +RUN packr +RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-s -X github.com/ory/keto/cmd.Version=$git_tag -X github.com/ory/keto/cmd.BuildTime=`TZ=UTC date -u '+%Y-%m-%dT%H:%M:%SZ'` -X github.com/ory/keto/cmd.GitHash=$git_commit" -a -installsuffix cgo -o keto github.com/ory/keto FROM scratch diff --git a/Dockerfile-alpine b/Dockerfile-alpine index f13681c2a..0169b345a 100644 --- a/Dockerfile-alpine +++ b/Dockerfile-alpine @@ -1,20 +1,27 @@ -FROM golang:1.10-alpine +FROM golang:1.11-alpine ARG git_tag ARG git_commit -RUN apk add --no-cache git build-base curl -RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh +RUN apk add --no-cache git build-base WORKDIR /go/src/github.com/ory/keto -ADD ./Gopkg.lock ./Gopkg.lock -ADD ./Gopkg.toml ./Gopkg.toml -RUN dep ensure -vendor-only +RUN go get -u github.com/gobuffalo/packr/packr + +RUN export GO111MODULE=on + + +ADD go.mod go.mod +ADD go.sum go.sum + +RUN go mod download ADD . . -RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-s -X github.com/ory/keto/cmd.Version=$git_tag -X github.com/ory/keto/cmd.BuildTime=`TZ=UTC date -u '+%Y-%m-%dT%H:%M:%SZ'` -X github.com/ory/keto/cmd.GitHash=$git_commit" -a -installsuffix cgo -o keto +RUN go mod verify +RUN packr +RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-s -X github.com/ory/keto/cmd.Version=$git_tag -X github.com/ory/keto/cmd.BuildTime=`TZ=UTC date -u '+%Y-%m-%dT%H:%M:%SZ'` -X github.com/ory/keto/cmd.GitHash=$git_commit" -a -installsuffix cgo -o keto github.com/ory/keto FROM alpine:3.7 diff --git a/Gopkg.lock b/Gopkg.lock deleted file mode 100644 index 15650ffa9..000000000 --- a/Gopkg.lock +++ /dev/null @@ -1,551 +0,0 @@ -# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. - - -[[projects]] - branch = "master" - name = "github.com/Azure/go-ansiterm" - packages = [ - ".", - "winterm" - ] - revision = "d6e3b3328b783f23731bc4d058875b0371ff8109" - -[[projects]] - name = "github.com/Microsoft/go-winio" - packages = ["."] - revision = "67921128fb397dd80339870d2193d6b1e6856fd4" - version = "v0.4.8" - -[[projects]] - branch = "master" - name = "github.com/Nvveen/Gotty" - packages = ["."] - revision = "cd527374f1e5bff4938207604a14f2e38a9cf512" - -[[projects]] - name = "github.com/akutz/goof" - packages = ["."] - revision = "2321ba37c3513692d6f799d91fa66f28d11c7d7a" - version = "v0.1.2" - -[[projects]] - name = "github.com/akutz/gotil" - packages = ["."] - revision = "6fa2e80bd3ac40f15788cfc3d12ebba49a0add92" - version = "v0.1.0" - -[[projects]] - name = "github.com/asaskevich/govalidator" - packages = ["."] - revision = "73945b6115bfbbcc57d89b7316e28109364124e1" - version = "v7" - -[[projects]] - name = "github.com/cenkalti/backoff" - packages = ["."] - revision = "2ea60e5f094469f9e65adb9cd103795b73ae743e" - version = "v2.0.0" - -[[projects]] - branch = "master" - name = "github.com/containerd/continuity" - packages = ["pathdriver"] - revision = "0377f7d767206f3a9e8881d0f02267b0d89c7a62" - -[[projects]] - name = "github.com/davecgh/go-spew" - packages = ["spew"] - revision = "346938d642f2ec3594ed81d874461961cd0faa76" - version = "v1.1.0" - -[[projects]] - name = "github.com/dgrijalva/jwt-go" - packages = ["."] - revision = "06ea1031745cb8b3dab3f6a236daf2b0aa468b7e" - version = "v3.2.0" - -[[projects]] - name = "github.com/docker/go-connections" - packages = ["nat"] - revision = "3ede32e2033de7505e6500d6c868c2b9ed9f169d" - version = "v0.3.0" - -[[projects]] - name = "github.com/docker/go-units" - packages = ["."] - revision = "47565b4f722fb6ceae66b95f853feed578a4a51c" - version = "v0.3.3" - -[[projects]] - name = "github.com/fsnotify/fsnotify" - packages = ["."] - revision = "c2828203cd70a50dcccfb2761f8b1f8ceef9a8e9" - version = "v1.4.7" - -[[projects]] - name = "github.com/go-resty/resty" - packages = ["."] - revision = "fccc498aed22c31ff3768bcac00795f94149a21d" - version = "v1.7.0" - -[[projects]] - name = "github.com/go-sql-driver/mysql" - packages = ["."] - revision = "d523deb1b23d913de5bdada721a6071e71283618" - version = "v1.4.0" - -[[projects]] - branch = "master" - name = "github.com/golang/gddo" - packages = [ - "httputil", - "httputil/header" - ] - revision = "daffe1f90ec57f8ed69464f9094753fc6452e983" - -[[projects]] - name = "github.com/golang/protobuf" - packages = ["proto"] - revision = "b4deda0973fb4c70b50d226b1af49f3da59f5265" - version = "v1.1.0" - -[[projects]] - branch = "master" - name = "github.com/hashicorp/golang-lru" - packages = [ - ".", - "simplelru" - ] - revision = "0fb14efe8c47ae851c0034ed7a448854d3d34cf3" - -[[projects]] - branch = "master" - name = "github.com/hashicorp/hcl" - packages = [ - ".", - "hcl/ast", - "hcl/parser", - "hcl/printer", - "hcl/scanner", - "hcl/strconv", - "hcl/token", - "json/parser", - "json/scanner", - "json/token" - ] - revision = "ef8a98b0bbce4a65b5aa4c368430a80ddc533168" - -[[projects]] - name = "github.com/inconshreveable/mousetrap" - packages = ["."] - revision = "76626ae9c91c4f2a10f34cad8ce83ea42c93bb75" - version = "v1.0" - -[[projects]] - branch = "master" - name = "github.com/jmoiron/sqlx" - packages = [ - ".", - "reflectx" - ] - revision = "0dae4fefe7c0e190f7b5a78dac28a1c82cc8d849" - -[[projects]] - name = "github.com/julienschmidt/httprouter" - packages = ["."] - revision = "8c199fb6259ffc1af525cc3ad52ee60ba8359669" - version = "v1.1" - -[[projects]] - branch = "master" - name = "github.com/kardianos/osext" - packages = ["."] - revision = "ae77be60afb1dcacde03767a8c37337fad28ac14" - -[[projects]] - branch = "master" - name = "github.com/lib/pq" - packages = [ - ".", - "oid" - ] - revision = "90697d60dd844d5ef6ff15135d0203f65d2f53b8" - -[[projects]] - name = "github.com/magiconair/properties" - packages = [ - ".", - "assert" - ] - revision = "c2353362d570a7bfa228149c62842019201cfb71" - version = "v1.8.0" - -[[projects]] - branch = "master" - name = "github.com/meatballhat/negroni-logrus" - packages = ["."] - revision = "31067281800f66f57548a7a32d9c6c5f963fef83" - -[[projects]] - branch = "master" - name = "github.com/mitchellh/mapstructure" - packages = ["."] - revision = "f15292f7a699fcc1a38a80977f80a046874ba8ac" - -[[projects]] - branch = "master" - name = "github.com/mohae/deepcopy" - packages = ["."] - revision = "c48cc78d482608239f6c4c92a4abd87eb8761c90" - -[[projects]] - name = "github.com/opencontainers/go-digest" - packages = ["."] - revision = "279bed98673dd5bef374d3b6e4b09e2af76183bf" - version = "v1.0.0-rc1" - -[[projects]] - name = "github.com/opencontainers/image-spec" - packages = [ - "specs-go", - "specs-go/v1" - ] - revision = "d60099175f88c47cd379c4738d158884749ed235" - version = "v1.0.1" - -[[projects]] - name = "github.com/opencontainers/runc" - packages = [ - "libcontainer/system", - "libcontainer/user" - ] - revision = "baf6536d6259209c3edfa2b22237af82942d3dfa" - version = "v0.1.1" - -[[projects]] - name = "github.com/ory/dockertest" - packages = [ - ".", - "docker", - "docker/opts", - "docker/pkg/archive", - "docker/pkg/fileutils", - "docker/pkg/homedir", - "docker/pkg/idtools", - "docker/pkg/ioutils", - "docker/pkg/jsonmessage", - "docker/pkg/longpath", - "docker/pkg/mount", - "docker/pkg/pools", - "docker/pkg/stdcopy", - "docker/pkg/system", - "docker/pkg/term", - "docker/pkg/term/windows", - "docker/types", - "docker/types/blkiodev", - "docker/types/container", - "docker/types/filters", - "docker/types/mount", - "docker/types/network", - "docker/types/registry", - "docker/types/strslice", - "docker/types/versions" - ] - revision = "9bca068bf5e4af2484b9c2e8cfeb3d098d5327d7" - version = "v3.3.1" - -[[projects]] - name = "github.com/ory/fosite" - packages = ["."] - revision = "0fcbfea741d0f0bb2a96d5fa08a2797a109a4a33" - version = "v0.21.2" - -[[projects]] - name = "github.com/ory/go-convenience" - packages = [ - "corsx", - "stringslice", - "stringsx" - ] - revision = "857ebcb1de6fdd166e791d976a46c3209d8355a8" - version = "v0.0.4" - -[[projects]] - name = "github.com/ory/graceful" - packages = ["."] - revision = "3d30c83329259f53a904d428b38d8cb8fba7bd77" - version = "v0.1.0" - -[[projects]] - name = "github.com/ory/herodot" - packages = ["."] - revision = "30b4db38fcaf4bf35a545d95c655622b05d8ac35" - version = "v0.3.0" - -[[projects]] - name = "github.com/ory/ladon" - packages = [ - ".", - "compiler", - "manager/memory", - "manager/sql" - ] - revision = "76e069e27b002d186005c14b1f1b86472cc209f2" - version = "v0.8.10" - -[[projects]] - branch = "master" - name = "github.com/ory/metrics-middleware" - packages = ["."] - revision = "db3300574e48a229d5ddb1e30ea4adfd139d493a" - -[[projects]] - name = "github.com/ory/pagination" - packages = ["."] - revision = "abd7ec33a01fdec119267449c8f3bad187f881f6" - version = "v0.0.1" - -[[projects]] - name = "github.com/ory/sqlcon" - packages = [ - ".", - "dockertest" - ] - revision = "7cb5a0f3099d9596e71128202e4bd54405927dfa" - version = "v0.0.3" - -[[projects]] - name = "github.com/pborman/uuid" - packages = ["."] - revision = "e790cca94e6cc75c7064b1332e63811d4aae1a53" - version = "v1.1" - -[[projects]] - name = "github.com/pelletier/go-toml" - packages = ["."] - revision = "c01d1270ff3e442a8a57cddc1c92dc1138598194" - version = "v1.2.0" - -[[projects]] - name = "github.com/pkg/errors" - packages = ["."] - revision = "645ef00459ed84a119197bfb8d8205042c6df63d" - version = "v0.8.0" - -[[projects]] - name = "github.com/pkg/profile" - packages = ["."] - revision = "5b67d428864e92711fcbd2f8629456121a56d91f" - version = "v1.2.1" - -[[projects]] - name = "github.com/pmezard/go-difflib" - packages = ["difflib"] - revision = "792786c7400a136282c1664665ae0a8db921c6c2" - version = "v1.0.0" - -[[projects]] - name = "github.com/rs/cors" - packages = ["."] - revision = "ca016a06a5753f8ba03029c0aa5e54afb1bf713f" - version = "v1.4.0" - -[[projects]] - branch = "master" - name = "github.com/rubenv/sql-migrate" - packages = [ - ".", - "sqlparse" - ] - revision = "3f452fc0ebebbb784fdab91f7bc79a31dcacab5c" - -[[projects]] - name = "github.com/segmentio/analytics-go" - packages = ["."] - revision = "1178b964a36694a8f9c161b19e6fe28cb37e8482" - version = "3.0.0" - -[[projects]] - branch = "master" - name = "github.com/segmentio/backo-go" - packages = ["."] - revision = "204274ad699c0983a70203a566887f17a717fef4" - -[[projects]] - name = "github.com/sirupsen/logrus" - packages = ["."] - revision = "c155da19408a8799da419ed3eeb0cb5db0ad5dbc" - version = "v1.0.5" - -[[projects]] - name = "github.com/spf13/afero" - packages = [ - ".", - "mem" - ] - revision = "787d034dfe70e44075ccc060d346146ef53270ad" - version = "v1.1.1" - -[[projects]] - name = "github.com/spf13/cast" - packages = ["."] - revision = "8965335b8c7107321228e3e3702cab9832751bac" - version = "v1.2.0" - -[[projects]] - name = "github.com/spf13/cobra" - packages = ["."] - revision = "ef82de70bb3f60c65fb8eebacbb2d122ef517385" - version = "v0.0.3" - -[[projects]] - branch = "master" - name = "github.com/spf13/jwalterweatherman" - packages = ["."] - revision = "7c0cea34c8ece3fbeb2b27ab9b59511d360fb394" - -[[projects]] - name = "github.com/spf13/pflag" - packages = ["."] - revision = "583c0c0531f06d5278b7d917446061adc344b5cd" - version = "v1.0.1" - -[[projects]] - name = "github.com/spf13/viper" - packages = ["."] - revision = "b5e8006cbee93ec955a89ab31e0e3ce3204f3736" - version = "v1.0.2" - -[[projects]] - name = "github.com/square/go-jose" - packages = ["json"] - revision = "76dd09796242edb5b897103a75df2645c028c960" - version = "v2.1.6" - -[[projects]] - name = "github.com/stretchr/testify" - packages = [ - "assert", - "require" - ] - revision = "f35b8ab0b5a2cef36673838d662e249dd9c94686" - version = "v1.2.2" - -[[projects]] - name = "github.com/urfave/negroni" - packages = ["."] - revision = "5dbbc83f748fc3ad38585842b0aedab546d0ea1e" - version = "v0.3.0" - -[[projects]] - branch = "master" - name = "github.com/xtgo/uuid" - packages = ["."] - revision = "a0b114877d4caeffbd7f87e3757c17fce570fea7" - -[[projects]] - branch = "master" - name = "golang.org/x/crypto" - packages = [ - "bcrypt", - "blowfish", - "ed25519", - "ed25519/internal/edwards25519", - "ssh/terminal" - ] - revision = "a49355c7e3f8fe157a85be2f77e6e269a0f89602" - -[[projects]] - branch = "master" - name = "golang.org/x/net" - packages = [ - "context", - "context/ctxhttp", - "idna", - "publicsuffix" - ] - revision = "d0887baf81f4598189d4e12a37c6da86f0bba4d0" - -[[projects]] - branch = "master" - name = "golang.org/x/oauth2" - packages = [ - ".", - "clientcredentials", - "internal" - ] - revision = "ef147856a6ddbb60760db74283d2424e98c87bff" - -[[projects]] - branch = "master" - name = "golang.org/x/sys" - packages = [ - "unix", - "windows" - ] - revision = "ac767d655b305d4e9612f5f6e33120b9176c4ad4" - -[[projects]] - name = "golang.org/x/text" - packages = [ - "collate", - "collate/build", - "internal/colltab", - "internal/gen", - "internal/tag", - "internal/triegen", - "internal/ucd", - "language", - "secure/bidirule", - "transform", - "unicode/bidi", - "unicode/cldr", - "unicode/norm", - "unicode/rangetable" - ] - revision = "f21a4dfb5e38f5895301dc265a8def02365cc3d0" - version = "v0.3.0" - -[[projects]] - name = "google.golang.org/appengine" - packages = [ - "cloudsql", - "internal", - "internal/base", - "internal/datastore", - "internal/log", - "internal/remote_api", - "internal/urlfetch", - "urlfetch" - ] - revision = "b1f26356af11148e710935ed1ac8a7f5702c7612" - version = "v1.1.0" - -[[projects]] - name = "gopkg.in/gorp.v1" - packages = ["."] - revision = "c87af80f3cc5036b55b83d77171e156791085e2e" - version = "v1.7.1" - -[[projects]] - name = "gopkg.in/square/go-jose.v2" - packages = [ - ".", - "cipher", - "json" - ] - revision = "76dd09796242edb5b897103a75df2645c028c960" - version = "v2.1.6" - -[[projects]] - name = "gopkg.in/yaml.v2" - packages = ["."] - revision = "5420a8b6744d3b0345ab293f6fcba19c978f1183" - version = "v2.2.1" - -[solve-meta] - analyzer-name = "dep" - analyzer-version = 1 - inputs-digest = "6fc06577dee7dc1d03d53f01bc53c8c20a851b4adcdef42ca45a7235828f51a5" - solver-name = "gps-cdcl" - solver-version = 1 diff --git a/Gopkg.toml b/Gopkg.toml deleted file mode 100644 index 23e599a9a..000000000 --- a/Gopkg.toml +++ /dev/null @@ -1,138 +0,0 @@ -# Gopkg.toml example -# -# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md -# for detailed Gopkg.toml documentation. -# -# required = ["github.com/user/thing/cmd/thing"] -# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"] -# -# [[constraint]] -# name = "github.com/user/project" -# version = "1.0.0" -# -# [[constraint]] -# name = "github.com/user/project2" -# branch = "dev" -# source = "github.com/myfork/project2" -# -# [[override]] -# name = "github.com/x/y" -# version = "2.4.0" -# -# [prune] -# non-go = false -# go-tests = true -# unused-packages = true - - -[[constraint]] - name = "github.com/akutz/gotil" - version = "0.1.0" - -[[constraint]] - name = "github.com/go-resty/resty" - version = "1.4.0" - -[[constraint]] - name = "github.com/go-sql-driver/mysql" - version = "1.3.0" - -[[constraint]] - branch = "master" - name = "github.com/jmoiron/sqlx" - -[[constraint]] - name = "github.com/julienschmidt/httprouter" - version = "1.1.0" - -[[constraint]] - branch = "master" - name = "github.com/lib/pq" - -[[constraint]] - name = "github.com/magiconair/properties" - version = "1.7.6" - -[[constraint]] - branch = "master" - name = "github.com/meatballhat/negroni-logrus" - -[[constraint]] - name = "github.com/ory/fosite" - version = "0.21.0" - -[[constraint]] - name = "github.com/ory/graceful" - version = "0.1.0" - -[[constraint]] - name = "github.com/ory/herodot" - version = "0.3.0" - -[[constraint]] - name = "github.com/ory/ladon" - version = "0.8.9" - -[[constraint]] - name = "github.com/ory/pagination" - version = "0.0.1" - -[[constraint]] - version = "0.0.2" - name = "github.com/ory/sqlcon" - -[[constraint]] - name = "github.com/pborman/uuid" - version = "1.1.0" - -[[constraint]] - name = "github.com/pkg/errors" - version = "0.8.0" - -[[constraint]] - name = "github.com/pkg/profile" - version = "1.2.1" - -[[constraint]] - name = "github.com/ory/go-convenience" - version = "0.0.2" - -[[constraint]] - name = "github.com/rs/cors" - version = "1.3.0" - -[[constraint]] - branch = "master" - name = "github.com/rubenv/sql-migrate" - -[[constraint]] - name = "github.com/sirupsen/logrus" - version = "1.0.5" - -[[constraint]] - name = "github.com/spf13/cobra" - version = "0.0.2" - -[[constraint]] - name = "github.com/spf13/viper" - version = "1.0.2" - -[[constraint]] - name = "github.com/square/go-jose" - version = "2.1.6" - -[[constraint]] - name = "github.com/stretchr/testify" - version = "1.2.1" - -[[constraint]] - name = "github.com/urfave/negroni" - version = "0.3.0" - -[[constraint]] - branch = "master" - name = "golang.org/x/oauth2" - -[prune] - go-tests = true - unused-packages = true diff --git a/Makefile b/Makefile new file mode 100644 index 000000000..df388c0b6 --- /dev/null +++ b/Makefile @@ -0,0 +1,42 @@ +init: + go get -u \ + github.com/ory/x/tools/listx \ + github.com/sqs/goreturns \ + github.com/go-swagger/go-swagger/cmd/swagger + +format: + goreturns -w -local github.com/ory $$(listx .) + # goimports -w -v -local github.com/ory $$(listx .) + +swagger: + swagger generate spec -m -o ./docs/api.swagger.json + +build-sdk: + rm -rf ./sdk/go/keto/swagger + rm -rf ./sdk/js/swagger + rm -rf ./sdk/php/swagger + + java -jar scripts/swagger-codegen-cli-2.2.3.jar generate -i ./docs/api.swagger.json -l go -o ./sdk/go/keto/swagger + java -jar scripts/swagger-codegen-cli-2.2.3.jar generate -i ./docs/api.swagger.json -l javascript -o ./sdk/js/swagger + java -jar scripts/swagger-codegen-cli-2.2.3.jar generate -i ./docs/api.swagger.json -l php -o ./sdk/php/ \ + --invoker-package keto\\SDK --git-repo-id swagger --git-user-id ory --additional-properties "packagePath=swagger,description=Client for keto" + + git checkout HEAD -- sdk/go/keto/swagger/api_client.go + + # goreturns -w -i -local github.com/ory $$(listx ./sdk/go) + + rm -f ./sdk/js/swagger/package.json + rm -rf ./sdk/js/swagger/test + rm -f ./sdk/php/swagger/composer.json ./sdk/php/swagger/phpunit.xml.dist + rm -rf ./sdk/php/swagger/test + +install-stable: + KETO_LATEST=$$(git describe --abbrev=0 --tags) + git checkout $$KETO_LATEST + GO111MODULE=on go install \ + -ldflags "-X github.com/ory/keto/cmd.Version=$$KETO_LATEST -X github.com/ory/keto/cmd.BuildTime=`TZ=UTC date -u '+%Y-%m-%dT%H:%M:%SZ'` -X github.com/ory/keto/cmd.GitHash=`git rev-parse HEAD`" \ + . + git checkout master + +install: + GO111MODULE=on go install . \ No newline at end of file diff --git a/README.md b/README.md index 8f9bdec20..ace9dfda3 100644 --- a/README.md +++ b/README.md @@ -51,19 +51,22 @@ a subject, for example user, application, service, car, etc., is authorized to p ## Introduction -ORY Keto models Access Control Lists, Role Based Access Control, and fine-grained permission sets. -This server implementation uses [ORY Ladon](https://github.com/ory/ladon) as the decision engine. +ORY Keto is an permission server that implements best practice access control mechanisms: -ORY Keto resolves credentials using various authentication mechanisms: +* Available today: + * ORY-flavored Access Control Policies with exact, glob, and regexp matching strategies +* Available soon: + * [Access Control Lists](https://en.wikipedia.org/wiki/Access_control_list) + * [Role Based Access Control](https://de.wikipedia.org/wiki/Role_Based_Access_Control) + * Role Based Access Control with Context (Google/Kubernetes-flavored) + * Amazon Web Services Identity & Access Management Policies (AWS IAM Policies) -* OAuth 2.0 Access Tokens using the OAuth 2.0 Introspection standard. -* Plaintext when you already know the user ID. -* JSON Web Tokens (coming soon). -* SAML (coming soon). +Each mechanism is powered by a decision engine implemented on top of the +[Open Policy Agent](https://www.openpolicyagent.org/) and provides well-defined management and authorization endpoints. ### Installation -There are various ways of installing ORY keto on your system. +There are various ways of installing ORY Keto on your system. #### 1. Download binaries @@ -88,23 +91,16 @@ ec91228cb105db315553499c81918258f52cee9636ea2a4821bdb8226872f54b #### Building from source -If you wish to compile ORY keto, install and set up [Go 1.10+](https://golang.org/) and add `$GOPATH/bin` -to your `$PATH` as well as [golang/dep](http://github.com/golang/dep). +If you wish to compile ORY Keto, install and set up [Go 1.11+](https://golang.org/). The following commands check out the latest ORY keto's release tag, compile it and set up flags so that `keto version` works as expected. Please note that this will only work with a linux shell like bash or sh. ``` -go get -d -u github.com/ory/keto +go get -u github.com/ory/keto cd $(go env GOPATH)/src/github.com/ory/keto -keto_LATEST=$(git describe --abbrev=0 --tags) -git checkout $keto_LATEST -dep ensure -vendor-only -go install \ - -ldflags "-X github.com/ory/keto/cmd.Version=$keto_LATEST -X github.com/ory/keto/cmd.BuildTime=`TZ=UTC date -u '+%Y-%m-%dT%H:%M:%SZ'` -X github.com/ory/keto/cmd.GitHash=`git rev-parse HEAD`" \ - github.com/ory/keto -git checkout master -keto help +make install-stable +$(go env GOPATH)/bin/keto help ``` ## Ecosystem diff --git a/UPGRADE.md b/UPGRADE.md index e2df36443..b812fd522 100644 --- a/UPGRADE.md +++ b/UPGRADE.md @@ -6,6 +6,106 @@ before finalizing the upgrade process. ## 0.1.0-sandbox +ORY Keto has been completely reworked. The major goals of this refactoring is: + +1. To allow easy extension of existing access control mechanisms. +2. Improve stability and responsiveness. +3. Support more than one access control mechanism. Future mechanisms include: RBAC, ACL, AWS IAM Policies, ... + +We know that these changes seem massive. They are, but they will benefit the long-term use of this particular piece +of software, and they will allow you to build better systems. + +If you relied on ORY Keto before this release and you are looking for a migration path, don't hesitate to +[contact us](mailto:hi@ory.sh). Feel free to do the same if you want the access control policy feature implemented +in ORY Hydra before version `1.0.0`. + +### Conceptual changes + +#### Deprecated + +The following things have been completely deprecated: + +1. Authorizers + +#### Changes + +The following things have changed: + +1. ORY Keto no longer uses ORY Ladon as the engine but instead relies on the [Open Policy Agent](http://openpolicyagent.org/). +The concept of ORY Ladon Access Policies are working exactly like before, the internal logic however was rewritten in Rego. +2. The "Warden" concept has been deprecated and replaced. +3. The CLI commands have changed - apart from `serve`, `version`, `migrate sql` - entirely. +4. The API has changed (read the next section for information on this). +5. Environment variables changed or have been removed. + +#### Additions + +The following things have been added: + +1. ORY (Ladon) Access Control Policies with `exact` string `matching-strategy`. +2. ORY (Ladon) Access Control Policies with `glob` string `matching-strategy`. + +#### Untouched + +The following things remain conceptually untouched: + +1. ORY (Ladon) Access Control Policies with `regex` string `matching-strategy`. This is the logic that ORY Ladon and previous +versions of ORY Keto implement. + +### API Changes + +#### Renamed Endpoints + +* `GET,PUT,POST,DELETE /policies[/]` moved to `/engines/acp/ory//policies[/]`. + * `POST /policies` has been deprecated and merged with `PUT /policies/` which is now available at `PUT /engines/acp/ory//policies` + and will upsert (insert or update) the policy identified by the `id` field in the JSON payload. + * The request & response payloads **did not change** nor did any of the concepts. +* `GET,PUT,POST,DELETE /roles[/]` moved to `/engines/acp/ory//roles[/]`. + * `POST /roles` has been deprecated and merged with `PUT /roles/` which is now available at `PUT /engines/acp/ory//policies` + and will upsert (insert or update) the role identified by the `id` field in the JSON payload. + * The request & response payloads **did not change** nor did any of the concepts. +* `POST,GET /roles//members` move to `/engines/acp/ory//roles//members`. + * `POST /roles` has been moved to `PUT /engines/acp/ory//policies//members` + and will upsert (insert or update) the role identified by the `id` field in the URL path. + * The request & response payloads **did not change** nor did any of the concepts. + +#### Reworked Endpoints + +The Warden concept has been deprecated. Previously, it was possible to send credentials alongside requests for +prior authentication. This concept interfered with the clear boundary ORY Keto is focusing on, which is permissioning +concepts. + +The Warden API featured endpoints such as: + +* `/warden/oauth2/access-tokens/authorize`: Permformed OAuth 2.0 Token Introspection on the `token` field, took the `sub` value +of the introspection and used that as input to ORY (Ladon) Access Control Policies. +* `/warden/oauth2/clients/authorize`: Validated the HTTP Basic Authorization Header using the OAuth 2.0 Client Credentials +grant and took the `username` value of the HTTP Basic Authorization Header and used that as input to ORY (Ladon) Access Control Policies. + +These endpoints have been deprecated without replacement. Another endpoint was `/warden/subjects/authorize` which +used the format `{ "subject": "peter", "action": "delete", "resource": "something:valuable" }` as syntax. This endpoint +is available in the exact same format at `/engines/acp/ory//allowed`. + +#### New Endpoints + +* `GET /version`: Returns the running software version. +* `GET /health/ready`: Returns `{"status": "ok"}` with a 200 HTTP response if the service is ready to accept connections and handle data. +* `GET /health/alive`: Returns `{"status": "ok"}` with a 200 HTTP response if the service is ready to accept connections. + +### Migration + +If you relied on ORY Keto before this release and you are looking for a migration path, +don't hesitate to [contact us](mailto:hi@ory.sh). We will help you migrate and improve this guide as we see more migration +use cases. + +#### SQL + +The SQL schema changed completely and it is not possible to migrate from the previous version to this version +with just using `keto migrate sql`. Please [contact us](mailto:hi@ory.sh) if you would like to migrate policies +of a store to the new ORY Keto. + +## 0.0.1 + ### CORS is disabled by default A new environment variable `CORS_ENABLED` was introduced. It sets whether CORS is enabled ("true") or not ("false")". diff --git a/authentication/authenticator.go b/authentication/authenticator.go deleted file mode 100644 index 379308084..000000000 --- a/authentication/authenticator.go +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package authentication - -import ( - "net/http" - - "github.com/ory/herodot" -) - -var ErrUnauthorized = &herodot.DefaultError{ - CodeField: http.StatusUnauthorized, - ErrorField: "The provided credentials are invalid, expired, or are not authorized to use the requested scope", -} - -type Session interface { - GrantAccess() - DenyAccess() - GetSubject() string -} - -// swagger:model authenticationDefaultSession -type DefaultSession struct { - // Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. - // This is usually a uuid but you can choose a urn or some other id too. - Subject string `json:"sub"` - - // Allowed is true if the request is allowed and false otherwise. - Allowed bool `json:"allowed"` -} - -func (s *DefaultSession) GrantAccess() { - s.Allowed = true -} - -func (s *DefaultSession) DenyAccess() { - s.Allowed = false -} - -func (s *DefaultSession) GetSubject() string { - return s.Subject -} - -type Authenticator interface { - Authenticate(r *http.Request) (Session, error) -} diff --git a/authentication/oauth2_client_credentials.go b/authentication/oauth2_client_credentials.go deleted file mode 100644 index 29b5f6bc7..000000000 --- a/authentication/oauth2_client_credentials.go +++ /dev/null @@ -1,92 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package authentication - -import ( - "context" - "encoding/json" - "net/http" - - "github.com/pkg/errors" - "golang.org/x/oauth2/clientcredentials" -) - -// swagger:model authenticationOAuth2ClientCredentialsSession -type OAuth2ClientCredentialsSession struct { - // Here, it's subject - *DefaultSession -} - -type OAuth2ClientCredentialsAuthentication struct { - tokenURL string -} - -// swagger:model AuthenticationOAuth2ClientCredentialsRequest -type AuthenticationOAuth2ClientCredentialsRequest struct { - // Token is the token to introspect. - ClientID string `json:"client_id"` - - ClientSecret string `json:"client_secret"` - - // Scope is an array of scopes that are required. - Scopes []string `json:"scope"` -} - -func NewOAuth2ClientCredentialsSession() *OAuth2ClientCredentialsSession { - return &OAuth2ClientCredentialsSession{ - DefaultSession: new(DefaultSession), - } -} - -func NewOAuth2ClientCredentialsAuthentication(tokenURL string) *OAuth2ClientCredentialsAuthentication { - return &OAuth2ClientCredentialsAuthentication{ - tokenURL: tokenURL, - } -} - -func (a *OAuth2ClientCredentialsAuthentication) Authenticate(r *http.Request) (Session, error) { - var auth AuthenticationOAuth2ClientCredentialsRequest - - if err := json.NewDecoder(r.Body).Decode(&auth); err != nil { - return nil, errors.WithStack(err) - } - - c := &clientcredentials.Config{ - TokenURL: a.tokenURL, - ClientID: auth.ClientID, - ClientSecret: auth.ClientSecret, - Scopes: auth.Scopes, - } - - token, err := c.Token(context.Background()) - if err != nil { - return nil, errors.WithStack(ErrUnauthorized) - } else if token.AccessToken == "" { - return nil, errors.WithStack(ErrUnauthorized) - } - - return &OAuth2ClientCredentialsSession{ - DefaultSession: &DefaultSession{ - Subject: auth.ClientID, - }, - }, nil -} diff --git a/authentication/oauth2_client_credentials_test.go b/authentication/oauth2_client_credentials_test.go deleted file mode 100644 index 706c4de92..000000000 --- a/authentication/oauth2_client_credentials_test.go +++ /dev/null @@ -1 +0,0 @@ -package authentication diff --git a/authentication/oauth2_introspection.go b/authentication/oauth2_introspection.go deleted file mode 100644 index 1bcc3a718..000000000 --- a/authentication/oauth2_introspection.go +++ /dev/null @@ -1,197 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package authentication - -import ( - "context" - "encoding/json" - "net/http" - - "strings" - "time" - - "net/url" - - "fmt" - - "github.com/ory/fosite" - "github.com/pkg/errors" - "golang.org/x/oauth2/clientcredentials" -) - -// swagger:model authenticationOAuth2Session -type OAuth2Session struct { - // Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. - // This is usually a uuid but you can choose a urn or some other id too. - Subject string `json:"sub"` - - // Allowed is true if the request is allowed and false otherwise. - Allowed bool `json:"allowed"` - - // GrantedScopes is a list of scopes that the subject authorized when asked for consent. - GrantedScopes string `json:"scope"` - - // Issuer is the id of the issuer, typically an hydra instance. - Issuer string `json:"iss"` - - // ClientID is the id of the OAuth2 client that requested the token. - ClientID string `json:"client_id"` - - // IssuedAt is the token creation time stamp. - IssuedAt time.Time `json:"iat"` - - // ExpiresAt is the expiry timestamp. - ExpiresAt time.Time `json:"exp"` - - NotBefore time.Time `json:"nbf,omitempty"` - Username string `json:"username,omitempty"` - Audience []string `json:"aud,omitempty"` - - // Session represents arbitrary session data. - Extra map[string]interface{} `json:"session,omitempty"` -} - -func (s *OAuth2Session) GrantAccess() { - s.Allowed = true -} - -func (s *OAuth2Session) DenyAccess() { - s.Allowed = false -} - -func (s *OAuth2Session) GetSubject() string { - return s.Subject -} - -type IntrospectionResponse struct { - Active bool `json:"active"` - Scope string `json:"scope,omitempty"` - ClientID string `json:"client_id,omitempty"` - // Here, it's sub - Subject string `json:"sub,omitempty"` - ExpiresAt int64 `json:"exp,omitempty"` - IssuedAt int64 `json:"iat,omitempty"` - NotBefore int64 `json:"nbf,omitempty"` - Username string `json:"username,omitempty"` - Audience []string `json:"aud,omitempty"` - Issuer string `json:"iss,omitempty"` - TokenType string `json:"token_type,omitempty"` - - // Session represents arbitrary session data. - Extra map[string]interface{} `json:"ext"` -} - -type OAuth2IntrospectionAuthentication struct { - client *http.Client - introspectionURL string - scopeStrategy fosite.ScopeStrategy -} - -// swagger:model AuthenticationOAuth2IntrospectionRequest -type AuthenticationOAuth2IntrospectionRequest struct { - // Token is the token to introspect. - Token string `json:"token"` - - // Scope is an array of scopes that are required. - Scope []string `json:"scope"` -} - -func NewOAuth2IntrospectionAuthentication(clientID, clientSecret, tokenURL, introspectionURL string, scopes []string, strategy fosite.ScopeStrategy) *OAuth2IntrospectionAuthentication { - c := http.DefaultClient - - if len(clientID)+len(clientSecret)+len(tokenURL)+len(scopes) > 0 { - c = (&clientcredentials.Config{ - ClientID: clientID, - ClientSecret: clientSecret, - TokenURL: tokenURL, - Scopes: scopes, - }).Client(context.Background()) - } - - return &OAuth2IntrospectionAuthentication{ - client: c, - introspectionURL: introspectionURL, - scopeStrategy: strategy, - } -} - -func (a *OAuth2IntrospectionAuthentication) Authenticate(r *http.Request) (Session, error) { - var token AuthenticationOAuth2IntrospectionRequest - - if err := json.NewDecoder(r.Body).Decode(&token); err != nil { - return nil, errors.WithStack(err) - } - - ir, err := a.Introspect(token.Token, token.Scope, a.scopeStrategy) - if err != nil { - return nil, err - } - - return &OAuth2Session{ - Subject: ir.Subject, - GrantedScopes: ir.Scope, - ClientID: ir.ClientID, - ExpiresAt: time.Unix(ir.ExpiresAt, 0).UTC(), - IssuedAt: time.Unix(ir.IssuedAt, 0).UTC(), - NotBefore: time.Unix(ir.NotBefore, 0).UTC(), - Username: ir.Username, - Audience: ir.Audience, - Issuer: ir.Issuer, - Extra: ir.Extra, - }, nil -} - -func (a *OAuth2IntrospectionAuthentication) Introspect(token string, scopes []string, strategy fosite.ScopeStrategy) (*IntrospectionResponse, error) { - body := url.Values{"token": {token}, "scope": {strings.Join(scopes, " ")}} - resp, err := a.client.Post(a.introspectionURL, "application/x-www-form-urlencoded", strings.NewReader(body.Encode())) - if err != nil { - return nil, errors.WithStack(err) - } - defer resp.Body.Close() - - if resp.StatusCode != http.StatusOK { - return nil, errors.Errorf("Introspection returned status code %d but expected %d", resp.StatusCode, http.StatusOK) - } - - var ir IntrospectionResponse - if err := json.NewDecoder(resp.Body).Decode(&ir); err != nil { - return nil, errors.WithStack(err) - } - - if len(ir.TokenType) > 0 && ir.TokenType != "access_token" { - return nil, errors.WithStack(ErrUnauthorized.WithReason(fmt.Sprintf("Introspected token is not an access token but \"%s\"", ir.TokenType))) - } - - if !ir.Active { - return nil, errors.WithStack(ErrUnauthorized.WithReason("Access token introspection says token is not active")) - } - - if strategy != nil { - for _, scope := range scopes { - if !a.scopeStrategy(strings.Split(ir.Scope, " "), scope) { - return nil, errors.WithStack(ErrUnauthorized.WithReason(fmt.Sprintf("Scope %s was not granted", scope))) - } - } - } - - return &ir, nil -} diff --git a/authentication/oauth2_introspection_test.go b/authentication/oauth2_introspection_test.go deleted file mode 100644 index 07c086b10..000000000 --- a/authentication/oauth2_introspection_test.go +++ /dev/null @@ -1,197 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package authentication - -import ( - "bytes" - "encoding/json" - "fmt" - "io/ioutil" - "net/http" - "net/http/httptest" - "testing" - "time" - - "context" - "strings" - - "github.com/julienschmidt/httprouter" - "github.com/ory/fosite" - "github.com/ory/herodot" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - "golang.org/x/oauth2/clientcredentials" -) - -func TestOAuth2Introspection(t *testing.T) { - h := httprouter.New() - var cb func(w http.ResponseWriter, r *http.Request, req AuthenticationOAuth2IntrospectionRequest) *IntrospectionResponse - - h.POST("/oauth2/introspect", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { - require.EqualValues(t, "Bearer foo-token", r.Header.Get("Authorization")) - - require.NoError(t, r.ParseForm()) - - var req AuthenticationOAuth2IntrospectionRequest - req.Token = r.PostForm.Get("token") - req.Scope = strings.Split(r.PostForm.Get("scope"), " ") - - ir := cb(w, r, req) - herodot.NewJSONWriter(logrus.New()).Write(w, r, ir) - }) - h.POST("/oauth2/token", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { - u, p, ok := r.BasicAuth() - require.True(t, ok) - require.EqualValues(t, "client", u) - require.EqualValues(t, "secret", p) - herodot.NewJSONWriter(logrus.New()).Write(w, r, map[string]interface{}{"access_token": "foo-token"}) - }) - ts := httptest.NewServer(h) - - c := &clientcredentials.Config{ - ClientID: "client", - ClientSecret: "secret", - TokenURL: ts.URL + "/oauth2/token", - Scopes: []string{"foo-scope"}, - } - authenticator := &OAuth2IntrospectionAuthentication{ - client: c.Client(context.Background()), - introspectionURL: ts.URL + "/oauth2/introspect", - scopeStrategy: fosite.WildcardScopeStrategy, - } - - now := time.Now().UTC().Round(time.Minute) - - for k, tc := range []struct { - d string - cb func(w http.ResponseWriter, r *http.Request, req AuthenticationOAuth2IntrospectionRequest) *IntrospectionResponse - req *AuthenticationOAuth2IntrospectionRequest - expectedErr error - expectedSession *OAuth2Session - }{ - { - cb: func(w http.ResponseWriter, r *http.Request, req AuthenticationOAuth2IntrospectionRequest) *IntrospectionResponse { - assert.Equal(t, "foo-token", req.Token) - assert.EqualValues(t, []string{"foo-scope", "foo-scope-a"}, req.Scope) - return &IntrospectionResponse{Active: false} - }, - req: &AuthenticationOAuth2IntrospectionRequest{Token: "foo-token", Scope: []string{"foo-scope", "foo-scope-a"}}, - expectedErr: ErrUnauthorized, - }, - { - cb: func(w http.ResponseWriter, r *http.Request, req AuthenticationOAuth2IntrospectionRequest) *IntrospectionResponse { - return &IntrospectionResponse{ - Active: true, - Scope: "foo-scope", - ClientID: "scope-ip", - Subject: "subject", - ExpiresAt: now.Unix(), - IssuedAt: now.Unix(), - NotBefore: now.Unix(), - Username: "username", - Audience: []string{"audience"}, - Issuer: "issuer", - TokenType: "refresh_token", - } - }, - req: &AuthenticationOAuth2IntrospectionRequest{Token: "foo-token", Scope: []string{"foo-scope", "foo-scope-a"}}, - expectedErr: ErrUnauthorized, - }, - { - cb: func(w http.ResponseWriter, r *http.Request, req AuthenticationOAuth2IntrospectionRequest) *IntrospectionResponse { - return &IntrospectionResponse{ - Active: true, - Scope: "foo-scope", - ClientID: "scope-ip", - Subject: "subject", - ExpiresAt: now.Unix(), - IssuedAt: now.Unix(), - NotBefore: now.Unix(), - Username: "username", - Audience: []string{"audience"}, - Issuer: "issuer", - } - }, - req: &AuthenticationOAuth2IntrospectionRequest{Token: "foo-token", Scope: []string{"foo-scope"}}, - expectedSession: &OAuth2Session{ - Subject: "subject", - Allowed: false, - GrantedScopes: "foo-scope", - ClientID: "scope-ip", - ExpiresAt: now, - IssuedAt: now, - NotBefore: now, - Username: "username", - Audience: []string{"audience"}, - Issuer: "issuer", - }, - }, - { - cb: func(w http.ResponseWriter, r *http.Request, req AuthenticationOAuth2IntrospectionRequest) *IntrospectionResponse { - return &IntrospectionResponse{ - Active: true, - Scope: "foo-scope", - ClientID: "scope-ip", - Subject: "subject", - ExpiresAt: now.Unix(), - IssuedAt: now.Unix(), - NotBefore: now.Unix(), - Username: "username", - Audience: []string{"audience"}, - Issuer: "issuer", - TokenType: "access_token", - } - }, - req: &AuthenticationOAuth2IntrospectionRequest{Token: "foo-token", Scope: []string{"foo-scope"}}, - }, - } { - t.Run(fmt.Sprintf("case=%d/description=%s", k, tc.d), func(t *testing.T) { - cb = tc.cb - - out, err := json.Marshal(tc.req) - require.NoError(t, err) - - r := &http.Request{Body: ioutil.NopCloser(bytes.NewReader(out))} - - session, err := authenticator.Authenticate(r) - if tc.expectedErr == nil { - if err != nil { - require.NoError(t, err, "%+v", err.(stackTracer).StackTrace()) - } - if tc.expectedSession != nil { - assert.EqualValues(t, tc.expectedSession, session) - } - } else { - if err == nil { - require.Error(t, err) - } - assert.EqualError(t, err, tc.expectedErr.Error(), "%+v", err.(stackTracer).StackTrace()) - } - }) - } -} - -type stackTracer interface { - StackTrace() errors.StackTrace -} diff --git a/authentication/plaintext.go b/authentication/plaintext.go deleted file mode 100644 index cc877491a..000000000 --- a/authentication/plaintext.go +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package authentication - -import ( - "encoding/json" - "net/http" - - "github.com/pkg/errors" -) - -func NewPlaintextAuthentication() *PlaintextAuthentication { - return &PlaintextAuthentication{} -} - -type PlaintextAuthentication struct { - client *http.Client - introspectionURL string -} - -func (a *PlaintextAuthentication) Authenticate(r *http.Request) (Session, error) { - var session struct { - Subject string `json:"subject"` - } - - if err := json.NewDecoder(r.Body).Decode(&session); err != nil { - return nil, errors.WithStack(err) - } - - return &DefaultSession{Subject: session.Subject}, nil -} diff --git a/authentication/plaintext_test.go b/authentication/plaintext_test.go deleted file mode 100644 index 73976187f..000000000 --- a/authentication/plaintext_test.go +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package authentication - -import ( - "bytes" - "encoding/json" - "io/ioutil" - "net/http" - "testing" - - "github.com/magiconair/properties/assert" - "github.com/stretchr/testify/require" -) - -func TestPlaintext(t *testing.T) { - out, err := json.Marshal(&struct { - Subject string `json:"subject"` - }{Subject: "foo"}) - require.NoError(t, err) - - r := &http.Request{ - Body: ioutil.NopCloser(bytes.NewReader(out)), - } - - a := NewPlaintextAuthentication() - session, err := a.Authenticate(r) - require.NoError(t, err) - - assert.Equal(t, "foo", session.GetSubject()) -} diff --git a/cmd/0_init_test.go b/cmd/0_init_test.go new file mode 100644 index 000000000..50556909b --- /dev/null +++ b/cmd/0_init_test.go @@ -0,0 +1,18 @@ +package cmd + +import ( + "fmt" + "github.com/akutz/gotil" + "os" +) + +var port int + +func init() { + var osArgs = make([]string, len(os.Args)) + port = gotil.RandomTCPPort() + os.Setenv("DATABASE_URL", "memory") + os.Setenv("PORT", fmt.Sprintf("%d", port)) + os.Setenv("KETO_URL", fmt.Sprintf("http://127.0.0.1:%d", port)) + copy(osArgs, os.Args) +} diff --git a/cmd/client/handler_helper.go b/cmd/client/handler_helper.go deleted file mode 100644 index e167f2a5e..000000000 --- a/cmd/client/handler_helper.go +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package client - -import ( - "encoding/json" - "fmt" - "os" - - "strings" - - keto "github.com/ory/keto/sdk/go/keto/swagger" - "github.com/spf13/cobra" -) - -func getBasePath(cmd *cobra.Command) string { - location, err := cmd.Flags().GetString("endpoint") - if err != nil || location == "" { - fmt.Println(cmd.UsageString()) - fatalf("Please set the location of ORY Keto by using the --endpoint flag or the KETO_URL environment variable.") - } - return strings.TrimRight(location, "/") -} - -func must(err error, message string, args ...interface{}) { - if err == nil { - return - } - - fmt.Fprintf(os.Stderr, message+"\n", args...) - os.Exit(1) -} - -func checkResponse(response *keto.APIResponse, err error, expectedStatusCode int) { - must(err, "Command failed because error \"%s\" occurred.\n", err) - - if response.StatusCode != expectedStatusCode { - fmt.Fprintf(os.Stderr, "Command failed because status code %d was expeceted but code %d was received.\n", expectedStatusCode, response.StatusCode) - os.Exit(1) - return - } -} - -func formatResponse(response interface{}) string { - out, err := json.MarshalIndent(response, "", "\t") - must(err, `Command failed because an error ("%s") occurred while prettifying output.`, err) - return string(out) -} - -func fatalf(message string, args ...interface{}) { - if len(args) > 0 { - fmt.Printf(message+"\n", args) - } else { - fmt.Println(message) - } - os.Exit(1) -} diff --git a/cmd/client/handler_policy.go b/cmd/client/handler_policy.go deleted file mode 100644 index 6b572173b..000000000 --- a/cmd/client/handler_policy.go +++ /dev/null @@ -1,306 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package client - -import ( - "fmt" - "os" - - "net/http" - - keto "github.com/ory/keto/sdk/go/keto/swagger" - "github.com/ory/ladon" - "github.com/spf13/cobra" - "github.com/square/go-jose/json" -) - -type PolicyHandler struct{} - -func (h *PolicyHandler) newPolicyManager(cmd *cobra.Command) *keto.PolicyApi { - c := keto.NewPolicyApiWithBasePath(getBasePath(cmd)) - - if token, err := cmd.Flags().GetString("bearer-token"); err == nil && token != "" { - c.Configuration.DefaultHeader["Authorization"] = "Bearer " + token - } - - if term, _ := cmd.Flags().GetBool("fake-tls-termination"); term { - c.Configuration.DefaultHeader["X-Forwarded-Proto"] = "https" - } - return c -} - -func newPolicyHandler() *PolicyHandler { - return &PolicyHandler{} -} - -func (h *PolicyHandler) ImportPolicy(cmd *cobra.Command, args []string) { - if len(args) == 0 { - fmt.Println(cmd.UsageString()) - return - } - - m := h.newPolicyManager(cmd) - - for _, path := range args { - reader, err := os.Open(path) - must(err, "Could not open file %s: %s", path, err) - - var p keto.Policy - err = json.NewDecoder(reader).Decode(&p) - must(err, "Could not parse JSON: %s", err) - - _, response, err := m.CreatePolicy(p) - checkResponse(response, err, http.StatusCreated) - fmt.Printf("Imported policy %s from %s.\n", p.Id, path) - } - - return -} - -func (h *PolicyHandler) CreatePolicy(cmd *cobra.Command, args []string) { - m := h.newPolicyManager(cmd) - - if files, _ := cmd.Flags().GetStringSlice("files"); len(files) > 0 { - fmt.Println("Importing policies using the -f flag is deprecated and will be removed in the future.") - fmt.Println(`Please use "keto policies import" instead.`) - h.ImportPolicy(cmd, files) - return - } - - id, _ := cmd.Flags().GetString("id") - description, _ := cmd.Flags().GetString("description") - subjects, _ := cmd.Flags().GetStringSlice("subjects") - resources, _ := cmd.Flags().GetStringSlice("resources") - actions, _ := cmd.Flags().GetStringSlice("actions") - isAllow, _ := cmd.Flags().GetBool("allow") - - if len(subjects) == 0 || len(resources) == 0 || len(actions) == 0 { - fmt.Println(cmd.UsageString()) - fmt.Println("") - fmt.Println("Got empty subject, resource or action list") - return - } - - effect := ladon.DenyAccess - if isAllow { - effect = ladon.AllowAccess - } - - result, response, err := m.CreatePolicy(keto.Policy{ - Id: id, - Description: description, - Subjects: subjects, - Resources: resources, - Actions: actions, - Effect: effect, - }) - checkResponse(response, err, http.StatusCreated) - fmt.Printf("Created policy %s.\n", result.Id) -} - -func (h *PolicyHandler) AddResourceToPolicy(cmd *cobra.Command, args []string) { - m := h.newPolicyManager(cmd) - if len(args) < 2 { - fmt.Print(cmd.UsageString()) - return - } - - p, response, err := m.GetPolicy(args[0]) - checkResponse(response, err, http.StatusOK) - - p.Resources = append(p.Resources, args[1:]...) - - _, response, err = m.UpdatePolicy(p.Id, *p) - checkResponse(response, err, http.StatusOK) - fmt.Printf("Added resources to policy %s", p.Id) -} - -func (h *PolicyHandler) RemoveResourceFromPolicy(cmd *cobra.Command, args []string) { - m := h.newPolicyManager(cmd) - if len(args) < 2 { - fmt.Print(cmd.UsageString()) - return - } - - p, response, err := m.GetPolicy(args[0]) - checkResponse(response, err, http.StatusOK) - - resources := []string{} - for _, r := range p.Resources { - var filter bool - for _, a := range args[1:] { - if r == a { - filter = true - } - } - if !filter { - resources = append(resources, r) - } - } - p.Resources = resources - - _, response, err = m.UpdatePolicy(p.Id, *p) - checkResponse(response, err, http.StatusOK) - fmt.Printf("Removed resources from policy %s", p.Id) -} - -func (h *PolicyHandler) AddSubjectToPolicy(cmd *cobra.Command, args []string) { - m := h.newPolicyManager(cmd) - if len(args) < 2 { - fmt.Print(cmd.UsageString()) - return - } - - p, response, err := m.GetPolicy(args[0]) - checkResponse(response, err, http.StatusOK) - - p.Subjects = append(p.Subjects, args[1:]...) - - _, response, err = m.UpdatePolicy(p.Id, *p) - checkResponse(response, err, http.StatusOK) - fmt.Printf("Added subjects to policy %s", p.Id) -} - -func (h *PolicyHandler) RemoveSubjectFromPolicy(cmd *cobra.Command, args []string) { - m := h.newPolicyManager(cmd) - if len(args) < 2 { - fmt.Print(cmd.UsageString()) - return - } - - p, response, err := m.GetPolicy(args[0]) - checkResponse(response, err, http.StatusOK) - - subjects := []string{} - for _, r := range p.Subjects { - var filter bool - for _, a := range args[1:] { - if r == a { - filter = true - } - } - if !filter { - subjects = append(subjects, r) - } - } - p.Subjects = subjects - - _, response, err = m.UpdatePolicy(p.Id, *p) - checkResponse(response, err, http.StatusOK) - fmt.Printf("Removed subjects from policy %s.\n", p.Id) -} - -func (h *PolicyHandler) AddActionToPolicy(cmd *cobra.Command, args []string) { - m := h.newPolicyManager(cmd) - if len(args) < 2 { - fmt.Print(cmd.UsageString()) - return - } - - p, response, err := m.GetPolicy(args[0]) - checkResponse(response, err, http.StatusOK) - - p.Actions = append(p.Actions, args[1:]...) - - _, response, err = m.UpdatePolicy(p.Id, *p) - checkResponse(response, err, http.StatusOK) - fmt.Printf("Added actions to policy %s.\n", p.Id) -} - -func (h *PolicyHandler) RemoveActionFromPolicy(cmd *cobra.Command, args []string) { - m := h.newPolicyManager(cmd) - if len(args) < 2 { - fmt.Print(cmd.UsageString()) - return - } - - p, response, err := m.GetPolicy(args[0]) - checkResponse(response, err, http.StatusOK) - - actions := []string{} - for _, r := range p.Actions { - var filter bool - for _, a := range args[1:] { - if r == a { - filter = true - } - } - if !filter { - actions = append(actions, r) - } - } - p.Actions = actions - - _, response, err = m.UpdatePolicy(p.Id, *p) - checkResponse(response, err, http.StatusOK) - fmt.Printf("Removed actions from policy %s.\n", p.Id) -} - -func (h *PolicyHandler) GetPolicy(cmd *cobra.Command, args []string) { - m := h.newPolicyManager(cmd) - if len(args) == 0 { - fmt.Print(cmd.UsageString()) - return - } - - p, response, err := m.GetPolicy(args[0]) - checkResponse(response, err, http.StatusOK) - - fmt.Printf("%s\n", formatResponse(p)) -} - -func (h *PolicyHandler) ListPolicy(cmd *cobra.Command, args []string) { - m := h.newPolicyManager(cmd) - if len(args) == 0 { - fmt.Print(cmd.UsageString()) - return - } - - var offset int64 - var all []keto.Policy - const limit = 100 - for { - policies, response, err := m.ListPolicies(limit, offset) - checkResponse(response, err, http.StatusOK) - if len(policies) == 0 { - break - } - offset = offset + int64(len(policies)) - all = append(all, policies...) - } - - fmt.Printf("%s\n", formatResponse(all)) -} - -func (h *PolicyHandler) DeletePolicy(cmd *cobra.Command, args []string) { - m := h.newPolicyManager(cmd) - if len(args) == 0 { - fmt.Print(cmd.UsageString()) - return - } - - for _, arg := range args { - response, err := m.DeletePolicy(arg) - checkResponse(response, err, http.StatusNoContent) - fmt.Printf("Policy %s deleted.\n", arg) - } -} diff --git a/cmd/client/handler_role.go b/cmd/client/handler_role.go deleted file mode 100644 index 78640c019..000000000 --- a/cmd/client/handler_role.go +++ /dev/null @@ -1,145 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package client - -import ( - "fmt" - "net/http" - - keto "github.com/ory/keto/sdk/go/keto/swagger" - "github.com/spf13/cobra" -) - -type RoleHandler struct { -} - -func (h *RoleHandler) newPolicyManager(cmd *cobra.Command) *keto.RoleApi { - c := keto.NewRoleApiWithBasePath(getBasePath(cmd)) - - if token, err := cmd.Flags().GetString("bearer-token"); err == nil && token != "" { - c.Configuration.DefaultHeader["Authorization"] = "Bearer " + token - } - - if term, _ := cmd.Flags().GetBool("fake-tls-termination"); term { - c.Configuration.DefaultHeader["X-Forwarded-Proto"] = "https" - } - return c -} - -func newRoleHandler() *RoleHandler { - return &RoleHandler{} -} - -func (h *RoleHandler) CreateRole(cmd *cobra.Command, args []string) { - if len(args) != 1 { - fmt.Print(cmd.UsageString()) - return - } - m := h.newPolicyManager(cmd) - - _, response, err := m.CreateRole(keto.Role{Id: args[0]}) - checkResponse(response, err, http.StatusCreated) - fmt.Printf("Group %s created.\n", args[0]) -} - -func (h *RoleHandler) DeleteRole(cmd *cobra.Command, args []string) { - if len(args) != 1 { - fmt.Print(cmd.UsageString()) - return - } - - m := h.newPolicyManager(cmd) - response, err := m.DeleteRole(args[0]) - checkResponse(response, err, http.StatusNoContent) - fmt.Printf("Group %s deleted.\n", args[0]) -} - -func (h *RoleHandler) RoleAddMembers(cmd *cobra.Command, args []string) { - if len(args) < 2 { - fmt.Print(cmd.UsageString()) - return - } - - m := h.newPolicyManager(cmd) - response, err := m.AddMembersToRole(args[0], keto.RoleMembers{Members: args[1:]}) - checkResponse(response, err, http.StatusNoContent) - fmt.Printf("Members %v added to group %s.\n", args[1:], args[0]) -} - -func (h *RoleHandler) RoleRemoveMembers(cmd *cobra.Command, args []string) { - if len(args) < 2 { - fmt.Print(cmd.UsageString()) - return - } - - m := h.newPolicyManager(cmd) - response, err := m.RemoveMembersFromRole(args[0], keto.RoleMembers{Members: args[1:]}) - checkResponse(response, err, http.StatusNoContent) - fmt.Printf("Members %v removed from group %s.\n", args[1:], args[0]) -} - -func (h *RoleHandler) FindRoles(cmd *cobra.Command, args []string) { - if len(args) != 1 { - fmt.Print(cmd.UsageString()) - return - } - - m := h.newPolicyManager(cmd) - groups, response, err := m.ListRoles(args[0], 500, 0) - checkResponse(response, err, http.StatusOK) - formatResponse(groups) -} - -func (h *RoleHandler) ListRoles(cmd *cobra.Command, args []string) { - if len(args) != 0 { - fmt.Print(cmd.UsageString()) - return - } - - m := h.newPolicyManager(cmd) - var offset int64 - var all []keto.Role - const limit = 100 - for { - groups, response, err := m.ListRoles("", limit, offset) - checkResponse(response, err, http.StatusOK) - if len(groups) == 0 { - break - } - offset = offset + int64(len(groups)) - all = append(all, groups...) - } - - formatResponse(all) -} - -func (h *RoleHandler) GetRole(cmd *cobra.Command, args []string) { - if len(args) != 1 { - fmt.Print(cmd.UsageString()) - return - } - - m := h.newPolicyManager(cmd) - groups, response, err := m.GetRole(args[0]) - checkResponse(response, err, http.StatusOK) - formatResponse(groups) -} diff --git a/cmd/client/handler_warden.go b/cmd/client/handler_warden.go deleted file mode 100644 index d80aade92..000000000 --- a/cmd/client/handler_warden.go +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package client - -import ( - "fmt" - "net/http" - - keto "github.com/ory/keto/sdk/go/keto/swagger" - "github.com/spf13/cobra" -) - -type WardenHandler struct{} - -func (h *WardenHandler) newWardenManager(cmd *cobra.Command) *keto.WardenApi { - c := keto.NewWardenApiWithBasePath(getBasePath(cmd)) - - if token, err := cmd.Flags().GetString("bearer-token"); err == nil && token != "" { - c.Configuration.DefaultHeader["Authorization"] = "Bearer " + token - } - - if term, _ := cmd.Flags().GetBool("fake-tls-termination"); term { - c.Configuration.DefaultHeader["X-Forwarded-Proto"] = "https" - } - return c -} - -func newWardenHandler() *WardenHandler { - return &WardenHandler{} -} - -func (h *WardenHandler) IsOAuth2AccessTokenAuthorized(cmd *cobra.Command, args []string) { - token, _ := cmd.Flags().GetString("token") - scope, _ := cmd.Flags().GetStringArray("scope") - action, _ := cmd.Flags().GetString("action") - resource, _ := cmd.Flags().GetString("resource") - - m := h.newWardenManager(cmd) - _, response, err := m.IsOAuth2AccessTokenAuthorized(keto.WardenOAuth2AccessTokenAuthorizationRequest{ - Token: token, - Scope: scope, - Action: action, - Resource: resource, - }) - checkResponse(response, err, http.StatusOK) - fmt.Printf("%s\n", response.Payload) -} - -func (h *WardenHandler) IsSubjectAuthorized(cmd *cobra.Command, args []string) { - subject, _ := cmd.Flags().GetString("subject") - action, _ := cmd.Flags().GetString("action") - resource, _ := cmd.Flags().GetString("resource") - - m := h.newWardenManager(cmd) - _, response, err := m.IsSubjectAuthorized(keto.WardenSubjectAuthorizationRequest{ - Action: action, - Subject: subject, - Resource: resource, - }) - checkResponse(response, err, http.StatusOK) - fmt.Printf("%s\n", response.Payload) -} diff --git a/cmd/client/helper.go b/cmd/client/helper.go new file mode 100644 index 000000000..a58845036 --- /dev/null +++ b/cmd/client/helper.go @@ -0,0 +1,84 @@ +// Copyright © 2018 Aeneas Rekkas +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package client + +import ( + "encoding/json" + "fmt" + "github.com/spf13/cobra" + "github.com/spf13/viper" + "io/ioutil" + "net/http" + "path/filepath" + "strings" + + "github.com/ory/go-convenience/stringslice" + "github.com/ory/keto/engine/ladon" + "github.com/ory/x/cmdx" + "github.com/ory/x/flagx" +) + +var client = http.DefaultClient + +func ImportFile(file string, proto interface{}, f func()) { + b, err := ioutil.ReadFile(filepath.Clean(file)) + cmdx.Must(err, "Unable to read file %s: %s", file, err) + + err = json.Unmarshal(b, proto) + cmdx.Must(err, "Unable to decode file %s to json: %s", file, err) + f() +} + +func Get(location string, proto interface{}) { + res, err := client.Get(location) + cmdx.CheckResponse(err, http.StatusOK, res) + defer res.Body.Close() + + d := json.NewDecoder(res.Body) + d.DisallowUnknownFields() + + err = d.Decode(proto) + cmdx.Must(err, "Unable to decode data to json: %s", err) + fmt.Println(cmdx.FormatResponse(proto)) +} + +func Delete(location string) { + req, err := http.NewRequest("DELETE", location, nil) + cmdx.Must(err, "Unable to initialize HTTP request: %s", err) + + res, err := client.Do(req) + cmdx.CheckResponse(err, http.StatusNoContent, res) + err = res.Body.Close() + cmdx.Must(err, "Unable to close body: %s", err) + fmt.Printf("Resource at location %s was deleted successfully!", location) +} + +func CheckLadonFlavor(flavor string) { + if !stringslice.Has(ladon.EnabledFlavors, flavor) { + cmdx.Fatalf("ORY Access Control Policy flavor %s is currently not supported, please choose one of: %v", flavor, ladon.EnabledFlavors) + } +} + +func EndpointURL(cmd *cobra.Command) string { + e := flagx.MustGetString(cmd, "endpoint") + if e == "" { + e = viper.GetString("KETO_URL") + } + if e == "" { + fmt.Println(cmd.UsageString()) + cmdx.Fatalf("Please set the location of the ORY Keto server by using the --endpoint flag or the KETO_URL environment variable.") + } + return strings.TrimRight(e, "/") +} diff --git a/cmd/policies_import.go b/cmd/engines.go similarity index 64% rename from cmd/policies_import.go rename to cmd/engines.go index 0f4b881e4..05f1fe7f1 100644 --- a/cmd/policies_import.go +++ b/cmd/engines.go @@ -1,4 +1,4 @@ -// Copyright © 2017 Aeneas Rekkas +// Copyright © 2018 NAME HERE // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -18,14 +18,13 @@ import ( "github.com/spf13/cobra" ) -// policiesImportCmd represents the import command -var policiesImportCmd = &cobra.Command{ - Use: "import [...]", - Short: "Import policies from JSON files", - Run: cmdHandler.Policies.ImportPolicy, +// enginesCmd represents the engines command +var enginesCmd = &cobra.Command{ + Use: "engines", + Short: "Manage access control engines", } func init() { - policiesCmd.AddCommand(policiesImportCmd) - + RootCmd.AddCommand(enginesCmd) + enginesCmd.PersistentFlags().String("endpoint", "", "URL of the ORY Keto server - defaults to environment variable KETO_URL") } diff --git a/cmd/policies_get.go b/cmd/engines_acp.go similarity index 69% rename from cmd/policies_get.go rename to cmd/engines_acp.go index 5184bf6c1..5a9405043 100644 --- a/cmd/policies_get.go +++ b/cmd/engines_acp.go @@ -1,4 +1,4 @@ -// Copyright © 2017 Aeneas Rekkas +// Copyright © 2018 NAME HERE // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -18,13 +18,12 @@ import ( "github.com/spf13/cobra" ) -// policiesGetCmd represents the delete command -var policiesGetCmd = &cobra.Command{ - Use: "get ", - Short: "View a policy", - Run: cmdHandler.Policies.GetPolicy, +// enginesAcpCmd represents the acp command +var enginesAcpCmd = &cobra.Command{ + Use: "acp", + Short: "Manage access control policy flavored engines", } func init() { - policiesCmd.AddCommand(policiesGetCmd) + enginesCmd.AddCommand(enginesAcpCmd) } diff --git a/cmd/warden_authorize.go b/cmd/engines_acp_ory.go similarity index 71% rename from cmd/warden_authorize.go rename to cmd/engines_acp_ory.go index c80f73b75..1f54af461 100644 --- a/cmd/warden_authorize.go +++ b/cmd/engines_acp_ory.go @@ -15,30 +15,25 @@ package cmd import ( - "fmt" - "github.com/spf13/cobra" ) -// authorizeCmd represents the authorize command -var authorizeCmd = &cobra.Command{ - Use: "authorize", - Run: func(cmd *cobra.Command, args []string) { - fmt.Print(cmd.UsageString()) - }, +// enginesAcpOryCmd represents the ory command +var enginesAcpOryCmd = &cobra.Command{ + Use: "ory", + Short: "Manage the ORY access control policy engine", } func init() { - wardenCmd.AddCommand(authorizeCmd) + enginesAcpCmd.AddCommand(enginesAcpOryCmd) // Here you will define your flags and configuration settings. // Cobra supports Persistent Flags which will work for this command // and all subcommands, e.g.: - // authorizeCmd.PersistentFlags().String("foo", "", "A help for foo") + // enginesAcpOryCmd.PersistentFlags().String("foo", "", "A help for foo") // Cobra supports local flags which will only run when this command // is called directly, e.g.: - // authorizeCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle") - + // enginesAcpOryCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle") } diff --git a/cmd/engines_acp_ory_allowed.go b/cmd/engines_acp_ory_allowed.go new file mode 100644 index 000000000..44e2f8896 --- /dev/null +++ b/cmd/engines_acp_ory_allowed.go @@ -0,0 +1,52 @@ +// Copyright © 2018 NAME HERE +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cmd + +import ( + "fmt" + "net/http" + + "github.com/spf13/cobra" + + "github.com/ory/keto/cmd/client" + "github.com/ory/keto/sdk/go/keto/swagger" + "github.com/ory/keto/x" + "github.com/ory/x/cmdx" +) + +// enginesAcpOryAllowedCmd represents the roles command +var enginesAcpOryAllowedCmd = &cobra.Command{ + Use: "allowed ", + Short: "Check if a request should be allowed or not", + Run: func(cmd *cobra.Command, args []string) { + cmdx.MinArgs(cmd, args, 4) + client.CheckLadonFlavor(args[0]) + + c := swagger.NewEnginesApiWithBasePath(client.EndpointURL(cmd)) + a, res, err := c.DoOryAccessControlPoliciesAllow(args[0], swagger.OryAccessControlPolicyAllowedInput{ + Subject: args[1], + Resource: args[2], + Action: args[3], + }) + x.CheckResponse(err, http.StatusOK, res) + + cmdx.Must(err, "Unable to decode data to json: %s", err) + fmt.Println(cmdx.FormatResponse(&a)) + }, +} + +func init() { + enginesAcpOryCmd.AddCommand(enginesAcpOryAllowedCmd) +} diff --git a/cmd/policies_delete.go b/cmd/engines_acp_ory_policies.go similarity index 68% rename from cmd/policies_delete.go rename to cmd/engines_acp_ory_policies.go index 3821c42f4..3615a1f3d 100644 --- a/cmd/policies_delete.go +++ b/cmd/engines_acp_ory_policies.go @@ -1,4 +1,4 @@ -// Copyright © 2017 Aeneas Rekkas +// Copyright © 2018 NAME HERE // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -18,13 +18,12 @@ import ( "github.com/spf13/cobra" ) -// policiesDeleteCmd represents the delete command -var policiesDeleteCmd = &cobra.Command{ - Use: "delete ", - Short: "Delete a policy", - Run: cmdHandler.Policies.DeletePolicy, +// enginesAcpOryPoliciesCmd represents the policies command +var enginesAcpOryPoliciesCmd = &cobra.Command{ + Use: "policies", + Short: "Manage ORY Access Control Policies", } func init() { - policiesCmd.AddCommand(policiesDeleteCmd) + enginesAcpOryCmd.AddCommand(enginesAcpOryPoliciesCmd) } diff --git a/cmd/engines_acp_ory_policies_delete.go b/cmd/engines_acp_ory_policies_delete.go new file mode 100644 index 000000000..a87268f5b --- /dev/null +++ b/cmd/engines_acp_ory_policies_delete.go @@ -0,0 +1,47 @@ +// Copyright © 2018 NAME HERE +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cmd + +import ( + "net/http" + + "github.com/spf13/cobra" + + "github.com/ory/keto/sdk/go/keto/swagger" + "github.com/ory/keto/x" + + "github.com/ory/keto/cmd/client" + "github.com/ory/x/cmdx" +) + +// enginesAcpOryPoliciesDeleteCmd represents the delete command +var enginesAcpOryPoliciesDeleteCmd = &cobra.Command{ + Use: "delete [, [<...>]]", + Short: "Delete an ORY Access Control Policy", + Run: func(cmd *cobra.Command, args []string) { + cmdx.MinArgs(cmd, args, 2) + client.CheckLadonFlavor(args[0]) + + c := swagger.NewEnginesApiWithBasePath(client.EndpointURL(cmd)) + for _, id := range args[1:] { + res, err := c.DeleteOryAccessControlPolicy(args[0], id) + x.CheckResponse(err, http.StatusNoContent, res) + } + }, +} + +func init() { + enginesAcpOryPoliciesCmd.AddCommand(enginesAcpOryPoliciesDeleteCmd) +} diff --git a/cmd/engines_acp_ory_policies_get.go b/cmd/engines_acp_ory_policies_get.go new file mode 100644 index 000000000..d1f375599 --- /dev/null +++ b/cmd/engines_acp_ory_policies_get.go @@ -0,0 +1,49 @@ +// Copyright © 2018 NAME HERE +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cmd + +import ( + "fmt" + "net/http" + + "github.com/spf13/cobra" + + "github.com/ory/keto/sdk/go/keto/swagger" + "github.com/ory/keto/x" + + "github.com/ory/keto/cmd/client" + "github.com/ory/x/cmdx" +) + +// enginesAcpOryPoliciesGetCmd represents the get command +var enginesAcpOryPoliciesGetCmd = &cobra.Command{ + Use: "get [, [<...>]]", + Short: "Get an ORY Access Control Policy", + Run: func(cmd *cobra.Command, args []string) { + cmdx.MinArgs(cmd, args, 2) + client.CheckLadonFlavor(args[0]) + + c := swagger.NewEnginesApiWithBasePath(client.EndpointURL(cmd)) + for _, id := range args[1:] { + r, res, err := c.GetOryAccessControlPolicy(args[0], id) + x.CheckResponse(err, http.StatusOK, res) + fmt.Println(cmdx.FormatResponse(r)) + } + }, +} + +func init() { + enginesAcpOryPoliciesCmd.AddCommand(enginesAcpOryPoliciesGetCmd) +} diff --git a/cmd/engines_acp_ory_policies_import.go b/cmd/engines_acp_ory_policies_import.go new file mode 100644 index 000000000..35c165bff --- /dev/null +++ b/cmd/engines_acp_ory_policies_import.go @@ -0,0 +1,64 @@ +// Copyright © 2018 NAME HERE +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cmd + +import ( + "net/http" + + "github.com/spf13/cobra" + + "github.com/ory/keto/sdk/go/keto/swagger" + "github.com/ory/keto/x" + + "github.com/ory/keto/cmd/client" + "github.com/ory/x/cmdx" +) + +// enginesAcpOryPoliciesImportCmd represents the import command +var enginesAcpOryPoliciesImportCmd = &cobra.Command{ + Use: "import [, [, [...]]", + Short: "Import an ORY Access Control Policy", + Long: `This command imports one or more json files into the ORY Access Control Policy store. + +The json file(s) have to be formatted as arrays: + +[ + {"id": "1", "subjects": [...], ...}, + {"id": "2", "subjects": [...], ...}, +]`, + Run: func(cmd *cobra.Command, args []string) { + cmdx.MinArgs(cmd, args, 2) + client.CheckLadonFlavor(args[0]) + + c := swagger.NewEnginesApiWithBasePath(client.EndpointURL(cmd)) + for _, file := range args[1:] { + var p []swagger.OryAccessControlPolicy + client.ImportFile( + file, + &p, + func() { + for _, pp := range p { + _, res, err := c.UpsertOryAccessControlPolicy(args[0], pp) + x.CheckResponse(err, http.StatusOK, res) + } + }, + ) + } + }, +} + +func init() { + enginesAcpOryPoliciesCmd.AddCommand(enginesAcpOryPoliciesImportCmd) +} diff --git a/cmd/engines_acp_ory_policies_list.go b/cmd/engines_acp_ory_policies_list.go new file mode 100644 index 000000000..788dddb04 --- /dev/null +++ b/cmd/engines_acp_ory_policies_list.go @@ -0,0 +1,50 @@ +// Copyright © 2018 NAME HERE +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cmd + +import ( + "fmt" + "net/http" + + "github.com/spf13/cobra" + + "github.com/ory/keto/sdk/go/keto/swagger" + "github.com/ory/keto/x" + "github.com/ory/x/flagx" + + "github.com/ory/keto/cmd/client" + "github.com/ory/x/cmdx" +) + +// enginesAcpOryPoliciesListCmd represents the list command +var enginesAcpOryPoliciesListCmd = &cobra.Command{ + Use: "list ", + Short: "List ORY Access Control Policies", + Run: func(cmd *cobra.Command, args []string) { + cmdx.MinArgs(cmd, args, 1) + client.CheckLadonFlavor(args[0]) + + c := swagger.NewEnginesApiWithBasePath(client.EndpointURL(cmd)) + r, res, err := c.ListOryAccessControlPolicies(args[0], int64(flagx.MustGetInt(cmd, "limit")), int64(flagx.MustGetInt(cmd, "offset"))) + x.CheckResponse(err, http.StatusOK, res) + fmt.Println(cmdx.FormatResponse(r)) + }, +} + +func init() { + enginesAcpOryPoliciesCmd.AddCommand(enginesAcpOryPoliciesListCmd) + enginesAcpOryPoliciesListCmd.Flags().Int("limit", 100, "Limit the items being fetched") + enginesAcpOryPoliciesListCmd.Flags().Int("offset", 0, "Set the offset for fetching items") +} diff --git a/cmd/client/handler.go b/cmd/engines_acp_ory_roles.go similarity index 63% rename from cmd/client/handler.go rename to cmd/engines_acp_ory_roles.go index 687e165a1..7635e2423 100644 --- a/cmd/client/handler.go +++ b/cmd/engines_acp_ory_roles.go @@ -1,4 +1,4 @@ -// Copyright © 2017 Aeneas Rekkas +// Copyright © 2018 NAME HERE // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -12,18 +12,18 @@ // See the License for the specific language governing permissions and // limitations under the License. -package client +package cmd -type Handler struct { - Policies *PolicyHandler - Roles *RoleHandler - Warden *WardenHandler +import ( + "github.com/spf13/cobra" +) + +// enginesAcpOryRolesCmd represents the roles command +var enginesAcpOryRolesCmd = &cobra.Command{ + Use: "roles", + Short: "Manage ORY Access Control Roles", } -func NewHandler() *Handler { - return &Handler{ - Policies: newPolicyHandler(), - Roles: newRoleHandler(), - Warden: newWardenHandler(), - } +func init() { + enginesAcpOryCmd.AddCommand(enginesAcpOryRolesCmd) } diff --git a/cmd/engines_acp_ory_roles_delete.go b/cmd/engines_acp_ory_roles_delete.go new file mode 100644 index 000000000..4ab643a29 --- /dev/null +++ b/cmd/engines_acp_ory_roles_delete.go @@ -0,0 +1,47 @@ +// Copyright © 2018 NAME HERE +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cmd + +import ( + "net/http" + + "github.com/spf13/cobra" + + "github.com/ory/keto/sdk/go/keto/swagger" + "github.com/ory/keto/x" + + "github.com/ory/keto/cmd/client" + "github.com/ory/x/cmdx" +) + +// deleteCmd represents the delete command +var deleteCmd = &cobra.Command{ + Use: "delete [, [<...>]]", + Short: "Delete an ORY Access Control Policy Role", + Run: func(cmd *cobra.Command, args []string) { + cmdx.MinArgs(cmd, args, 2) + client.CheckLadonFlavor(args[0]) + + c := swagger.NewEnginesApiWithBasePath(client.EndpointURL(cmd)) + for _, id := range args[1:] { + res, err := c.DeleteOryAccessControlPolicyRole(args[0], id) + x.CheckResponse(err, http.StatusNoContent, res) + } + }, +} + +func init() { + enginesAcpOryRolesCmd.AddCommand(deleteCmd) +} diff --git a/cmd/warden.go b/cmd/engines_acp_ory_roles_get.go similarity index 53% rename from cmd/warden.go rename to cmd/engines_acp_ory_roles_get.go index cea4a50c9..0c554b918 100644 --- a/cmd/warden.go +++ b/cmd/engines_acp_ory_roles_get.go @@ -16,30 +16,34 @@ package cmd import ( "fmt" + "net/http" "github.com/spf13/cobra" + + "github.com/ory/keto/sdk/go/keto/swagger" + "github.com/ory/keto/x" + + "github.com/ory/keto/cmd/client" + "github.com/ory/x/cmdx" ) -// wardenCmd represents the warden command -var wardenCmd = &cobra.Command{ - Use: "warden", +// getCmd represents the get command +var getCmd = &cobra.Command{ + Use: "get [, [<...>]]", + Short: "Get an ORY Access Control Policy", Run: func(cmd *cobra.Command, args []string) { - fmt.Print(cmd.UsageString()) + cmdx.MinArgs(cmd, args, 2) + client.CheckLadonFlavor(args[0]) + + c := swagger.NewEnginesApiWithBasePath(client.EndpointURL(cmd)) + for _, id := range args[1:] { + r, res, err := c.GetOryAccessControlPolicyRole(args[0], id) + x.CheckResponse(err, http.StatusOK, res) + fmt.Println(cmdx.FormatResponse(r)) + } }, } func init() { - RootCmd.AddCommand(wardenCmd) - clientDefaultFlags(wardenCmd) - - // Here you will define your flags and configuration settings. - - // Cobra supports Persistent Flags which will work for this command - // and all subcommands, e.g.: - // wardenCmd.PersistentFlags().String("foo", "", "A help for foo") - - // Cobra supports local flags which will only run when this command - // is called directly, e.g.: - // wardenCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle") - + enginesAcpOryRolesCmd.AddCommand(getCmd) } diff --git a/cmd/engines_acp_ory_roles_import.go b/cmd/engines_acp_ory_roles_import.go new file mode 100644 index 000000000..8325f9b26 --- /dev/null +++ b/cmd/engines_acp_ory_roles_import.go @@ -0,0 +1,63 @@ +// Copyright © 2018 NAME HERE +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cmd + +import ( + "net/http" + + "github.com/spf13/cobra" + + "github.com/ory/keto/cmd/client" + "github.com/ory/keto/sdk/go/keto/swagger" + "github.com/ory/keto/x" + "github.com/ory/x/cmdx" +) + +// importCmd represents the import command +var importCmd = &cobra.Command{ + Use: "import [, [, [...]]", + Short: "Import an ORY Access Control Policy", + Long: `This command imports one or more json files into the ORY Access Control Policy Role store. + +The json file(s) have to be formatted as arrays: + +[ + {"id": "1", "members": [...], ...}, + {"id": "2", "members": [...], ...}, +]`, + Run: func(cmd *cobra.Command, args []string) { + cmdx.MinArgs(cmd, args, 2) + client.CheckLadonFlavor(args[0]) + + c := swagger.NewEnginesApiWithBasePath(client.EndpointURL(cmd)) + for _, file := range args[1:] { + var p []swagger.OryAccessControlPolicyRole + client.ImportFile( + file, + &p, + func() { + for _, pp := range p { + _, res, err := c.UpsertOryAccessControlPolicyRole(args[0], pp) + x.CheckResponse(err, http.StatusOK, res) + } + }, + ) + } + }, +} + +func init() { + enginesAcpOryRolesCmd.AddCommand(importCmd) +} diff --git a/cmd/engines_acp_ory_roles_list.go b/cmd/engines_acp_ory_roles_list.go new file mode 100644 index 000000000..ebcd49102 --- /dev/null +++ b/cmd/engines_acp_ory_roles_list.go @@ -0,0 +1,50 @@ +// Copyright © 2018 NAME HERE +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cmd + +import ( + "fmt" + "net/http" + + "github.com/spf13/cobra" + + "github.com/ory/keto/sdk/go/keto/swagger" + "github.com/ory/keto/x" + "github.com/ory/x/flagx" + + "github.com/ory/keto/cmd/client" + "github.com/ory/x/cmdx" +) + +// enginesAcpOryRolesListCmd represents the list command +var enginesAcpOryRolesListCmd = &cobra.Command{ + Use: "list ", + Short: "List ORY Access Control Policy Roles", + Run: func(cmd *cobra.Command, args []string) { + cmdx.MinArgs(cmd, args, 1) + client.CheckLadonFlavor(args[0]) + + c := swagger.NewEnginesApiWithBasePath(client.EndpointURL(cmd)) + r, res, err := c.ListOryAccessControlPolicyRoles(args[0], int64(flagx.MustGetInt(cmd, "limit")), int64(flagx.MustGetInt(cmd, "offset"))) + x.CheckResponse(err, http.StatusOK, res) + fmt.Println(cmdx.FormatResponse(r)) + }, +} + +func init() { + enginesAcpOryRolesCmd.AddCommand(enginesAcpOryRolesListCmd) + enginesAcpOryRolesListCmd.Flags().Int("limit", 100, "Limit the items being fetched") + enginesAcpOryRolesListCmd.Flags().Int("offset", 0, "Set the offset for fetching items") +} diff --git a/cmd/helper_messages.go b/cmd/helper_messages.go deleted file mode 100644 index 28d3169f7..000000000 --- a/cmd/helper_messages.go +++ /dev/null @@ -1,115 +0,0 @@ -/* - * Copyright © 2017-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @copyright 2017-2018 Aeneas Rekkas - * @license Apache-2.0 - */ - -package cmd - -import ( - "fmt" - "os" -) - -var corsMessage = `CORS CONTROLS -============== -- CORS_ENABLED: Switch CORS support on (true) or off (false). Default is off (false). - Example: CORS_ENABLED=true - -- CORS_ALLOWED_ORIGINS: A list of origins (comma separated values) a cross-domain request can be executed from. - If the special * value is present in the list, all origins will be allowed. An origin may contain a wildcard (*) - to replace 0 or more characters (i.e.: http://*.domain.com). Usage of wildcards implies a small performance penality. - Only one wildcard can be used per origin. The default value is *. - -------------------------------------------------------------- - Example: CORS_ALLOWED_ORIGINS=http://*.domain.com,http://*.domain2.com - -------------------------------------------------------------- - -- CORS_ALLOWED_METHODS: A list of methods (comma separated values) the client is allowed to use with cross-domain - requests. Default value is simple methods (GET and POST). - -------------------------------------------------------------- - Example: CORS_ALLOWED_METHODS=POST,GET,PUT - -------------------------------------------------------------- - -- CORS_ALLOWED_CREDENTIALS: Indicates whether the request can include user credentials like cookies, HTTP authentication - or client side SSL certificates. - -------------------------------------------------------------- - Default: CORS_ALLOWED_CREDENTIALS=false - Example: CORS_ALLOWED_CREDENTIALS=true - -------------------------------------------------------------- - -- CORS_DEBUG: Debugging flag adds additional output to debug server side CORS issues. - -------------------------------------------------------------- - Default: CORS_DEBUG=false - Example: CORS_DEBUG=true - -------------------------------------------------------------- - -- CORS_MAX_AGE: Indicates how long (in seconds) the results of a preflight request can be cached. The default is 0 - which stands for no max age. - -------------------------------------------------------------- - Default: CORS_MAX_AGE=0 - Example: CORS_MAX_AGE=10 - -------------------------------------------------------------- - -- CORS_ALLOWED_HEADERS: A list of non simple headers (comma separated values) the client is allowed to use with - cross-domain requests. - -- CORS_EXPOSED_HEADERS: Indicates which headers (comma separated values) are safe to expose to the API of a - CORS API specification.` - -var databaseUrl = `- DATABASE_URL: A URL to a persistent backend. ORY Oathkeeper supports various backends: - - Memory: If DATABASE_URL is "memory", data will be written to memory and is lost when you restart this instance. - -------------------------------------------------------------- - Example: DATABASE_URL=memory - -------------------------------------------------------------- - - - Postgres: If DATABASE_URL is a DSN starting with postgres:// PostgreSQL will be used as storage backend. - -------------------------------------------------------------- - Example: DATABASE_URL=postgres://user:password@host:123/database - -------------------------------------------------------------- - - If PostgreSQL is not serving TLS, append ?sslmode=disable to the url: - -------------------------------------------------------------- - DATABASE_URL=postgres://user:password@host:123/database?sslmode=disable - -------------------------------------------------------------- - - - MySQL: If DATABASE_URL is a DSN starting with mysql:// MySQL will be used as storage backend. - -------------------------------------------------------------- - Example: DATABASE_URL=mysql://user:password@tcp(host:123)/database?parseTime=true - -------------------------------------------------------------- - - Be aware that the ?parseTime=true parameter is mandatory, or timestamps will not work.` - -var tlsMessage = ` -NOTE: configure TLS params consistently both as PATH or as string. If no TLS pair is set, HTTPS will be disabled and instead HTTP will be served. - -- HTTPS_TLS_CERT_PATH: The path to the TLS certificate (pem encoded). - Example: HTTPS_TLS_CERT_PATH=~/cert.pem - -- HTTPS_TLS_KEY_PATH: The path to the TLS private key (pem encoded). - Example: HTTPS_TLS_KEY_PATH=~/key.pem - -- HTTP_TLS_CERT: Base64 encoded (without padding) string of the TLS certificate (PEM encoded) to be used for HTTP over TLS (HTTPS). - Example: HTTPS_TLS_CERT="-----BEGIN CERTIFICATE-----\nMIIDZTCCAk2gAwIBAgIEV5xOtDANBgkqhkiG9w0BAQ0FADA0MTIwMAYDVQQDDClP..." - -- HTTP_TLS_KEY: Base64 encoded (without padding) string of the private key (PEM encoded) to be used for HTTP over TLS (HTTPS). - Example: HTTPS_TLS_KEY="-----BEGIN ENCRYPTED PRIVATE KEY-----\nMIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDg..." -` - -func fatalf(msg string, args ...interface{}) { - fmt.Printf(msg+"\n", args...) - os.Exit(1) -} diff --git a/cmd/migrate.go b/cmd/migrate.go index 9c06aa4f4..166320db7 100644 --- a/cmd/migrate.go +++ b/cmd/migrate.go @@ -15,17 +15,12 @@ package cmd import ( - "fmt" - "github.com/spf13/cobra" ) // migrateCmd represents the migrate command var migrateCmd = &cobra.Command{ Use: "migrate", - Run: func(cmd *cobra.Command, args []string) { - fmt.Print(cmd.UsageString()) - }, } func init() { diff --git a/cmd/migrate_hydra.go b/cmd/migrate_hydra.go deleted file mode 100644 index cd9777555..000000000 --- a/cmd/migrate_hydra.go +++ /dev/null @@ -1,40 +0,0 @@ -// Copyright © 2018 NAME HERE -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package cmd - -import ( - "github.com/ory/keto/cmd/server" - "github.com/spf13/cobra" -) - -// migrateHydraCmd represents the hydra command -var migrateHydraCmd = &cobra.Command{ - Use: "hydra ", - Short: "Applies SQL migration plans that migrate groups and policies from ORY Hydra < v1.0.0", - Long: `It is recommended to run this command close to the SQL instance (e.g. same subnet) instead of over the public internet. -This decreases risk of failure and decreases time required. - -### WARNING ### - -Before running this command on an existing database, create a back up! -`, - Run: server.RunMigrateHydra(logger), -} - -func init() { - migrateCmd.AddCommand(migrateHydraCmd) - - migrateHydraCmd.Flags().Bool("read-from-env", false, "Instead of reading the database URL from the command line arguments, the value of environment variable DATABASE_URL will be used.") -} diff --git a/cmd/migrate_sql.go b/cmd/migrate_sql.go index a8aaf6861..0e644385c 100644 --- a/cmd/migrate_sql.go +++ b/cmd/migrate_sql.go @@ -15,26 +15,15 @@ package cmd import ( - "github.com/ory/keto/cmd/server" - "github.com/spf13/cobra" + "github.com/ory/keto/storage" + "github.com/ory/x/sqlcon" ) // migrateSqlCmd represents the sql command -var migrateSqlCmd = &cobra.Command{ - Use: "sql ", - Short: "Applies SQL migration plans and creates the database schemas", - Long: `It is recommended to run this command close to the SQL instance (e.g. same subnet) instead of over the public internet. -This decreases risk of failure and decreases time required. - -### WARNING ### - -Before running this command on an existing database, create a back up! -`, - Run: server.RunMigrateSQL(logger), -} +var migrateSqlCmd = sqlcon.MigratorSQLCmd("migrate", "sql", logger, map[string]sqlcon.SchemaCreator{ + "storage": storage.NewSQLManager(nil), +}) func init() { migrateCmd.AddCommand(migrateSqlCmd) - - migrateSqlCmd.Flags().Bool("read-from-env", false, "Instead of reading the database URL from the command line arguments, the value of environment variable DATABASE_URL will be used.") } diff --git a/cmd/policies.go b/cmd/policies.go deleted file mode 100644 index ccc15295f..000000000 --- a/cmd/policies.go +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package cmd - -import ( - "github.com/spf13/cobra" -) - -// policiesCmd represents the policies command -var policiesCmd = &cobra.Command{ - Use: "policies", - Short: "Manage access control policies", -} - -func init() { - RootCmd.AddCommand(policiesCmd) - clientDefaultFlags(policiesCmd) -} diff --git a/cmd/policies_actions.go b/cmd/policies_actions.go deleted file mode 100644 index c71c20402..000000000 --- a/cmd/policies_actions.go +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package cmd - -import ( - "github.com/spf13/cobra" -) - -// policyActionsCmd represents the actions command -var policyActionsCmd = &cobra.Command{ - Use: "actions", - Short: "Manage which actions a policy applies to", -} - -func init() { - policiesCmd.AddCommand(policyActionsCmd) -} diff --git a/cmd/policies_actions_add.go b/cmd/policies_actions_add.go deleted file mode 100644 index f4eaeda48..000000000 --- a/cmd/policies_actions_add.go +++ /dev/null @@ -1,34 +0,0 @@ -// Copyright © 2017 Aeneas Rekkas -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package cmd - -import ( - "github.com/spf13/cobra" -) - -// policyActionsAddCmd represents the add command -var policyActionsAddCmd = &cobra.Command{ - Use: "add [...]", - Short: "Add actions to the regex matching list", - Long: `You can use regular expressions in your matches. Encapsulate them in < >. - -Example: - keto policies actions add my-policy create delete <[get|update]>`, - Run: cmdHandler.Policies.AddActionToPolicy, -} - -func init() { - policyActionsCmd.AddCommand(policyActionsAddCmd) -} diff --git a/cmd/policies_actions_remove.go b/cmd/policies_actions_remove.go deleted file mode 100644 index 8af112571..000000000 --- a/cmd/policies_actions_remove.go +++ /dev/null @@ -1,34 +0,0 @@ -// Copyright © 2017 Aeneas Rekkas -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package cmd - -import ( - "github.com/spf13/cobra" -) - -// policiesActionsRemoveCmd represents the remove command -var policiesActionsRemoveCmd = &cobra.Command{ - Use: "remove [...]", - Short: "Remove actions from the regex matching list", - Long: `You can use regular expressions in your matches. Encapsulate them in < >. - -Example: - keto policies actions remove my-policy create delete <[get|update]>`, - Run: cmdHandler.Policies.RemoveActionFromPolicy, -} - -func init() { - policyActionsCmd.AddCommand(policiesActionsRemoveCmd) -} diff --git a/cmd/policies_create.go b/cmd/policies_create.go deleted file mode 100644 index 495d515b6..000000000 --- a/cmd/policies_create.go +++ /dev/null @@ -1,43 +0,0 @@ -// Copyright © 2017 Aeneas Rekkas -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package cmd - -import ( - "github.com/spf13/cobra" -) - -// policiesCreateCmd represents the create command -var policiesCreateCmd = &cobra.Command{ - Use: "create", - Short: "Create a new policy", - Long: `To create a policy, either specify the files flag or pass arguments to create it directly from the CLI. - -Example - keto policies create -f policy-a.json,policy-b.json - keto policies create -s peter,max -r blog,users -a post,ban --allow`, - Run: cmdHandler.Policies.CreatePolicy, -} - -func init() { - policiesCmd.AddCommand(policiesCreateCmd) - - policiesCreateCmd.Flags().StringSliceP("files", "f", []string{}, "A list of paths to JSON encoded policy files") - policiesCreateCmd.Flags().StringP("id", "i", "", "The policy's id") - policiesCreateCmd.Flags().StringP("description", "d", "", "The policy's description") - policiesCreateCmd.Flags().StringSliceP("resources", "r", []string{}, "A list of resource regex strings this policy will match to (required)") - policiesCreateCmd.Flags().StringSliceP("subjects", "s", []string{}, "A list of subject regex strings this policy will match to (required)") - policiesCreateCmd.Flags().StringSliceP("actions", "a", []string{}, "A list of action regex strings this policy will match to (required)") - policiesCreateCmd.Flags().Bool("allow", false, "A list of action regex strings this policy will match to") -} diff --git a/cmd/policies_list.go b/cmd/policies_list.go deleted file mode 100644 index b88e55d0f..000000000 --- a/cmd/policies_list.go +++ /dev/null @@ -1,45 +0,0 @@ -// Copyright © 2018 NAME HERE -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package cmd - -import ( - "github.com/spf13/cobra" -) - -// policiesListCmd represents the export command -var policiesListCmd = &cobra.Command{ - Use: "list", - Short: "List all policies", - Long: `This command lists all policies. - -Example: - keto policies list -`, - Run: cmdHandler.Policies.ListPolicy, -} - -func init() { - policiesGetCmd.AddCommand(policiesListCmd) - - // Here you will define your flags and configuration settings. - - // Cobra supports Persistent Flags which will work for this command - // and all subcommands, e.g.: - // policiesListCmd.PersistentFlags().String("foo", "", "A help for foo") - - // Cobra supports local flags which will only run when this command - // is called directly, e.g.: - // policiesListCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle") -} diff --git a/cmd/policies_resources.go b/cmd/policies_resources.go deleted file mode 100644 index 9c67995bb..000000000 --- a/cmd/policies_resources.go +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package cmd - -import ( - "github.com/spf13/cobra" -) - -// policiesResourcesCmd represents the resources command -var policiesResourcesCmd = &cobra.Command{ - Use: "resources", - Short: "Manage which resources a policy applies to", -} - -func init() { - policiesCmd.AddCommand(policiesResourcesCmd) -} diff --git a/cmd/policies_resources_add.go b/cmd/policies_resources_add.go deleted file mode 100644 index 3183e5024..000000000 --- a/cmd/policies_resources_add.go +++ /dev/null @@ -1,34 +0,0 @@ -// Copyright © 2017 Aeneas Rekkas -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package cmd - -import ( - "github.com/spf13/cobra" -) - -// policyResourcesAddCmd represents the add command -var policyResourcesAddCmd = &cobra.Command{ - Use: "add [...]", - Short: "Add subjects to the regex matching list", - Long: `You can use regular expressions in your matches. Encapsulate them in < >. - -Example: - keto policies resources add my-policy some-item-123 some-item-<[234|345]>`, - Run: cmdHandler.Policies.AddResourceToPolicy, -} - -func init() { - policiesResourcesCmd.AddCommand(policyResourcesAddCmd) -} diff --git a/cmd/policies_resources_remove.go b/cmd/policies_resources_remove.go deleted file mode 100644 index 5f7c67d9e..000000000 --- a/cmd/policies_resources_remove.go +++ /dev/null @@ -1,34 +0,0 @@ -// Copyright © 2017 Aeneas Rekkas -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package cmd - -import ( - "github.com/spf13/cobra" -) - -// policyResourcesRemoveCmd represents the remove command -var policyResourcesRemoveCmd = &cobra.Command{ - Use: "remove [...]", - Short: "Remove resources from the regex matching list", - Long: `You can use regular expressions in your matches. Encapsulate them in < >. - -Example: - keto policies resources remove my-policy some-item-123 some-item-<[234|345]>`, - Run: cmdHandler.Policies.RemoveResourceFromPolicy, -} - -func init() { - policiesResourcesCmd.AddCommand(policyResourcesRemoveCmd) -} diff --git a/cmd/policies_subjects.go b/cmd/policies_subjects.go deleted file mode 100644 index 2d3148e36..000000000 --- a/cmd/policies_subjects.go +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package cmd - -import ( - "github.com/spf13/cobra" -) - -// policiesSubjectsCmd represents the subjects command -var policiesSubjectsCmd = &cobra.Command{ - Use: "subjects", - Short: "Manage which subjects a policy applies to", -} - -func init() { - policiesCmd.AddCommand(policiesSubjectsCmd) -} diff --git a/cmd/policies_subjects_add.go b/cmd/policies_subjects_add.go deleted file mode 100644 index 07bbbfa9f..000000000 --- a/cmd/policies_subjects_add.go +++ /dev/null @@ -1,34 +0,0 @@ -// Copyright © 2017 Aeneas Rekkas -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package cmd - -import ( - "github.com/spf13/cobra" -) - -// policiesSubjectsAddCmd represents the add command -var policiesSubjectsAddCmd = &cobra.Command{ - Use: "add [...]", - Short: "Add subjects to the regex matching list", - Long: `You can use regular expressions in your matches. Encapsulate them in < >. - -Example: - keto policies subjects add my-policy john@org.com <[peter|max]>@org.com`, - Run: cmdHandler.Policies.AddSubjectToPolicy, -} - -func init() { - policiesSubjectsCmd.AddCommand(policiesSubjectsAddCmd) -} diff --git a/cmd/policies_subjects_remove.go b/cmd/policies_subjects_remove.go deleted file mode 100644 index fabd7d8fe..000000000 --- a/cmd/policies_subjects_remove.go +++ /dev/null @@ -1,34 +0,0 @@ -// Copyright © 2017 Aeneas Rekkas -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package cmd - -import ( - "github.com/spf13/cobra" -) - -// policiesSubjectsRemoveCmd represents the remove command -var policiesSubjectsRemoveCmd = &cobra.Command{ - Use: "remove [...]", - Short: "Remove subjects from the regex matching list", - Long: `You can use regular expressions in your matches. Encapsulate them in < >. - -Example: - keto policies subjects remove my-policy john@org.com <[peter|max]>@org.com`, - Run: cmdHandler.Policies.RemoveSubjectFromPolicy, -} - -func init() { - policiesSubjectsCmd.AddCommand(policiesSubjectsRemoveCmd) -} diff --git a/cmd/roles.go b/cmd/roles.go deleted file mode 100644 index 36168d815..000000000 --- a/cmd/roles.go +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package cmd - -import ( - "github.com/spf13/cobra" -) - -// rolesCmd represents the groups command -var rolesCmd = &cobra.Command{ - Use: "roles", - Short: "Manage roles", -} - -func init() { - RootCmd.AddCommand(rolesCmd) - clientDefaultFlags(rolesCmd) -} diff --git a/cmd/roles_create.go b/cmd/roles_create.go deleted file mode 100644 index 5ffe31378..000000000 --- a/cmd/roles_create.go +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package cmd - -import ( - "github.com/spf13/cobra" -) - -// rolesCreateCmd represents the create command -var rolesCreateCmd = &cobra.Command{ - Use: "create ", - Short: "Create a role", - Long: `This command creates a role. - -Example: - keto roles create my-role -`, - Run: cmdHandler.Roles.CreateRole, -} - -func init() { - rolesCmd.AddCommand(rolesCreateCmd) -} diff --git a/cmd/roles_delete.go b/cmd/roles_delete.go deleted file mode 100644 index fb70a3557..000000000 --- a/cmd/roles_delete.go +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package cmd - -import ( - "github.com/spf13/cobra" -) - -// rolesDeleteCmd represents the delete command -var rolesDeleteCmd = &cobra.Command{ - Use: "delete ", - Short: "Delete a role", - Long: `This command deletes a role. - -Example: - keto roles delete my-group -`, - Run: cmdHandler.Roles.DeleteRole, -} - -func init() { - rolesCmd.AddCommand(rolesDeleteCmd) - -} diff --git a/cmd/roles_find.go b/cmd/roles_find.go deleted file mode 100644 index 19ce76bfa..000000000 --- a/cmd/roles_find.go +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package cmd - -import ( - "github.com/spf13/cobra" -) - -// rolesFindCmd represents the find command -var rolesFindCmd = &cobra.Command{ - Use: "find ", - Short: "Find all roles a subject belongs to", - Long: `This command finds all roles a subject belongs to. - -Example: - keto roles find peter -`, - Run: cmdHandler.Roles.FindRoles, -} - -func init() { - rolesCmd.AddCommand(rolesFindCmd) -} diff --git a/cmd/roles_get.go b/cmd/roles_get.go deleted file mode 100644 index a822bed60..000000000 --- a/cmd/roles_get.go +++ /dev/null @@ -1,46 +0,0 @@ -// Copyright © 2018 NAME HERE -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package cmd - -import ( - "github.com/spf13/cobra" -) - -// rolesGetCmd represents the get command -var rolesGetCmd = &cobra.Command{ - Use: "get", - Short: "Get a roles", - Long: `This command retrieves a role. - -Example: - keto roles get my-role -`, - Run: cmdHandler.Roles.GetRole, -} - -func init() { - rolesCmd.AddCommand(rolesGetCmd) - - // Here you will define your flags and configuration settings. - - // Cobra supports Persistent Flags which will work for this command - // and all subcommands, e.g.: - // rolesGetCmd.PersistentFlags().String("foo", "", "A help for foo") - - // Cobra supports local flags which will only run when this command - // is called directly, e.g.: - // rolesGetCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle") - -} diff --git a/cmd/roles_list.go b/cmd/roles_list.go deleted file mode 100644 index 1a8ff5365..000000000 --- a/cmd/roles_list.go +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package cmd - -import ( - "github.com/spf13/cobra" -) - -// rolesListCmd represents the list command -var rolesListCmd = &cobra.Command{ - Use: "list", - Short: "List all roles", - Long: `This command lists all roles. - -Example: - keto roles list -`, - Run: cmdHandler.Roles.ListRoles, -} - -func init() { - rolesCmd.AddCommand(rolesListCmd) - - // Here you will define your flags and configuration settings. - - // Cobra supports Persistent Flags which will work for this command - // and all subcommands, e.g.: - // rolesListCmd.PersistentFlags().String("foo", "", "A help for foo") - - // Cobra supports local flags which will only run when this command - // is called directly, e.g.: - // rolesListCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle") - -} diff --git a/cmd/roles_members.go b/cmd/roles_members.go deleted file mode 100644 index be178bb5d..000000000 --- a/cmd/roles_members.go +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package cmd - -import ( - "github.com/spf13/cobra" -) - -var rolesMembersCmd = &cobra.Command{ - Use: "members", - Short: "Manage role members", -} - -func init() { - rolesCmd.AddCommand(rolesMembersCmd) -} diff --git a/cmd/roles_members_add.go b/cmd/roles_members_add.go deleted file mode 100644 index 7de82339b..000000000 --- a/cmd/roles_members_add.go +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package cmd - -import ( - "github.com/spf13/cobra" -) - -var rolesMembersAdd = &cobra.Command{ - Use: "add [...]", - Short: "Add members to a role", - Long: `This command adds members to a role. - -Example: - keto roles members add my-group peter julia -`, - Run: cmdHandler.Roles.RoleAddMembers, -} - -func init() { - rolesMembersCmd.AddCommand(rolesMembersAdd) -} diff --git a/cmd/roles_members_remove.go b/cmd/roles_members_remove.go deleted file mode 100644 index f233633c3..000000000 --- a/cmd/roles_members_remove.go +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package cmd - -import ( - "github.com/spf13/cobra" -) - -var rolesMembersRemoveCmd = &cobra.Command{ - Use: "remove [...]", - Short: "Remove members from a role", - Long: `This command removes members from a role. - -Example: - keto roles members remove my-group peter julia -`, - Run: cmdHandler.Roles.RoleRemoveMembers, -} - -func init() { - rolesMembersCmd.AddCommand(rolesMembersRemoveCmd) -} diff --git a/cmd/root.go b/cmd/root.go index 843a97a45..665305980 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -18,18 +18,17 @@ import ( "fmt" "os" - "github.com/ory/keto/cmd/client" "github.com/sirupsen/logrus" "github.com/spf13/cobra" "github.com/spf13/viper" -) -var cfgFile string + "github.com/ory/x/logrusx" +) var ( - Version = "dev-master" - BuildTime = "undefined" - GitHash = "undefined" + Version = "" + BuildTime = "" + GitHash = "" ) // RootCmd represents the base command when called without any subcommands @@ -37,9 +36,9 @@ var RootCmd = &cobra.Command{ Use: "keto", } -var logger = logrus.New() +var logger *logrus.Logger = new(logrus.Logger) -var cmdHandler = client.NewHandler() +//var cmdHandler = client.NewHandler() // Execute adds all child commands to the root command sets flags appropriately. // This is called by main.main(). It only needs to happen once to the rootCmd. @@ -51,19 +50,12 @@ func Execute() { } func init() { - logLevel, err := logrus.ParseLevel(os.Getenv("LOG_LEVEL")) - if err != nil { - logLevel = logrus.InfoLevel - } - - logger.Level = logLevel cobra.OnInitialize(initConfig) // Here you will define your flags and configuration settings. // Cobra supports Persistent Flags, which, if defined here, // will be global for your application. - RootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.keto.yaml)") // Cobra also supports local flags, which will only run // when this action is called directly. RootCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle") @@ -71,25 +63,9 @@ func init() { // initConfig reads in config file and ENV variables if set. func initConfig() { - if cfgFile != "" { // enable ability to specify config file via flag - viper.SetConfigFile(cfgFile) - } + viper.AutomaticEnv() // read in environment variables that match - viper.SetConfigName(".keto") // name of config file (without extension) - viper.AddConfigPath("$HOME") // adding home directory as first search path - viper.AutomaticEnv() // read in environment variables that match - - viper.SetDefault("LOG_LEVEL", "info") viper.SetDefault("PORT", "4466") - // If a config file is found, read it in. - if err := viper.ReadInConfig(); err == nil { - fmt.Println("Using config file:", viper.ConfigFileUsed()) - } -} - -func clientDefaultFlags(c *cobra.Command) { - c.PersistentFlags().String("bearer-token", os.Getenv("KETO_BEARER_TOKEN"), "Provide a token to be used if the server is protected by HTTP Bearer Authorization, defaults to environment variable KETO_BEARER_TOKEN.") - c.PersistentFlags().Bool("fake-tls-termination", false, `fake tls termination by adding "X-Forwarded-Proto: https"" to http headers`) - c.PersistentFlags().String("endpoint", os.Getenv("KETO_URL"), "The URL of the ORY Keto server, defaults to environment variable KETO_URL.") + *logger = *logrusx.New() } diff --git a/cmd/root_test.go b/cmd/root_test.go index 0bfc14b07..42ddd4a36 100644 --- a/cmd/root_test.go +++ b/cmd/root_test.go @@ -23,30 +23,15 @@ package cmd import ( "fmt" - "os" - "path/filepath" + "net/http" "testing" "time" - "net/http" - - "github.com/akutz/gotil" - "github.com/pborman/uuid" "github.com/stretchr/testify/assert" ) -var port int - -func init() { - var osArgs = make([]string, len(os.Args)) - port = gotil.RandomTCPPort() - os.Setenv("DATABASE_URL", "memory") - os.Setenv("PORT", fmt.Sprintf("%d", port)) - copy(osArgs, os.Args) -} - func TestExecute(t *testing.T) { - var path = filepath.Join(os.TempDir(), fmt.Sprintf("keto-%s.yml", uuid.New())) + ep := fmt.Sprintf("http://127.0.0.1:%d", port) for _, c := range []struct { args []string @@ -61,30 +46,21 @@ func TestExecute(t *testing.T) { return err != nil }, }, - {args: []string{"roles", "list", "--endpoint", fmt.Sprintf("http://127.0.0.1:%d", port)}}, - {args: []string{"roles", "create", "role-a", "--endpoint", fmt.Sprintf("http://127.0.0.1:%d", port)}}, - {args: []string{"roles", "get", "role-a", "--endpoint", fmt.Sprintf("http://127.0.0.1:%d", port)}}, - {args: []string{"roles", "members", "add", "role-a", "member-a", "member-b", "--endpoint", fmt.Sprintf("http://127.0.0.1:%d", port)}}, - {args: []string{"roles", "members", "remove", "role-a", "member-a", "--endpoint", fmt.Sprintf("http://127.0.0.1:%d", port)}}, - {args: []string{"roles", "find", "member-a", "--endpoint", fmt.Sprintf("http://127.0.0.1:%d", port)}}, - {args: []string{"roles", "delete", "role-a", "--endpoint", fmt.Sprintf("http://127.0.0.1:%d", port)}}, - {args: []string{"policies", "create", "-i", "foobar", "-s", "peter,max", "-r", "blog,users", "-a", "post,ban", "--allow", "--endpoint", fmt.Sprintf("http://127.0.0.1:%d", port)}}, - {args: []string{"policies", "actions", "add", "foobar", "update|create", "--endpoint", fmt.Sprintf("http://127.0.0.1:%d", port)}}, - {args: []string{"policies", "actions", "remove", "foobar", "update|create", "--endpoint", fmt.Sprintf("http://127.0.0.1:%d", port)}}, - {args: []string{"policies", "resources", "add", "foobar", "printer", "--endpoint", fmt.Sprintf("http://127.0.0.1:%d", port)}}, - {args: []string{"policies", "resources", "remove", "foobar", "printer", "--endpoint", fmt.Sprintf("http://127.0.0.1:%d", port)}}, - {args: []string{"policies", "subjects", "add", "foobar", "ken", "tracy", "--endpoint", fmt.Sprintf("http://127.0.0.1:%d", port)}}, - {args: []string{"policies", "subjects", "remove", "foobar", "ken", "tracy", "--endpoint", fmt.Sprintf("http://127.0.0.1:%d", port)}}, - {args: []string{"policies", "get", "foobar", "--endpoint", fmt.Sprintf("http://127.0.0.1:%d", port)}}, - {args: []string{"policies", "delete", "foobar", "--endpoint", fmt.Sprintf("http://127.0.0.1:%d", port)}}, - {args: []string{"policies", "list", "--endpoint", fmt.Sprintf("http://127.0.0.1:%d", port)}}, - {args: []string{"policies", "list", "--endpoint", fmt.Sprintf("http://127.0.0.1:%d", port)}}, - {args: []string{"warden", "authorize", "subject", "--subject", "foo", "--action", "bar", "--resource", "baz", "--endpoint", fmt.Sprintf("http://127.0.0.1:%d", port)}}, + {args: []string{"engines", "acp", "ory", "roles", "list", "exact"}}, + {args: []string{"engines", "acp", "ory", "roles", "import", "--endpoint", ep, "exact", "../tests/stubs/roles.json"}}, + {args: []string{"engines", "acp", "ory", "roles", "get", "--endpoint", ep, "exact", "role-1"}}, + {args: []string{"engines", "acp", "ory", "roles", "delete", "--endpoint", ep, "exact", "role-1"}}, + + {args: []string{"engines", "acp", "ory", "policies", "list", "--endpoint", ep, "exact"}}, + {args: []string{"engines", "acp", "ory", "policies", "import", "--endpoint", ep, "exact", "../tests/stubs/policies.json"}}, + {args: []string{"engines", "acp", "ory", "policies", "get", "--endpoint", ep, "exact", "policy-1"}}, + {args: []string{"engines", "acp", "ory", "policies", "delete", "--endpoint", ep, "exact", "policy-1"}}, + + {args: []string{"engines", "acp", "ory", "allowed", "--endpoint", ep, "exact", "peter-1", "resources-11", "actions-11"}}, + {args: []string{"help", "migrate", "sql"}}, - {args: []string{"help", "migrate", "hydra"}}, {args: []string{"version"}}, } { - c.args = append(c.args, []string{"--config", path}...) RootCmd.SetArgs(c.args) t.Run(fmt.Sprintf("command=%v", c.args), func(t *testing.T) { diff --git a/cmd/serve.go b/cmd/serve.go index 39e407b67..ac1ca3ea1 100644 --- a/cmd/serve.go +++ b/cmd/serve.go @@ -18,83 +18,54 @@ import ( "os" "strconv" - "github.com/ory/keto/cmd/server" "github.com/spf13/cobra" + + "github.com/ory/keto/cmd/server" + "github.com/ory/x/cmdx" + "github.com/ory/x/corsx" + "github.com/ory/x/logrusx" + "github.com/ory/x/profilex" + "github.com/ory/x/sqlcon" + "github.com/ory/x/tlsx" ) // serveCmd represents the serve command var serveCmd = &cobra.Command{ Use: "serve", Short: "Starts the server and serves the HTTP REST API", - Long: ` -This command exposes a variety of controls via environment variables. You can -set environments using "export KEY=VALUE" (Linux/macOS) or "set KEY=VALUE" (Windows). On Linux, -you can also set environments by pre-pending key value pairs: "KEY=VALUE KEY2=VALUE2 hydra" - -All possible controls are listed below. The host process additionally exposes a few flags, which are listed below -the controls section. + Long: cmdx.EnvVarExamplesHelpMessage("keto") + ` +All possible controls are listed below. CORE CONTROLS ============= -` + databaseUrl + ` - -- LOG_LEVEL: Set the log level, supports "panic", "fatal", "error", "warn", "info" and "debug". Defaults to "info". - Example: LOG_LEVEL=panic +` + sqlcon.HelpMessage() + ` -- LOG_FORMAT: Leave empty for text based log format, or set to "json" for JSON formatting. - Example: LOG_FORMAT="json" +` + logrusx.HelpMessage() + ` HTTP(S) CONTROLS ============== -` + tlsMessage + ` - -- HOST: The host to listen on. - -------------------------------------------------------------- - Default: HOST="" (all interfaces) - -------------------------------------------------------------- - -- PORT: The port to listen on. - -------------------------------------------------------------- - Default: PORT="4466" - -------------------------------------------------------------- - - -AUTHENTICATORS -============== - -- The OAuth 2.0 Token Introspection Authenticator is capable of resolving OAuth2 access tokens to a subject and a set - of granted scopes using the OAuth 2.0 Introspection standard. +- HOST: The host to listen on. Defaults to listening on all interfaces. - - AUTHENTICATOR_OAUTH2_INTROSPECTION_CLIENT_ID: The client ID to be used when performing the OAuth 2.0 Introspection request. - Example: AUTHENTICATOR_OAUTH2_INTROSPECTION_CLIENT_ID=my_client + Example: + $ export HOST=127.0.0.1 - - AUTHENTICATOR_OAUTH2_INTROSPECTION_CLIENT_SECRET: The client secret to be used when performing the OAuth 2.0 Introspection request. - Example: AUTHENTICATOR_OAUTH2_INTROSPECTION_CLIENT_SECRET=my_secret +- PORT: The port to listen on. Defaults to port 4466. - - AUTHENTICATOR_OAUTH2_INTROSPECTION_SCOPE: The scope(s) (comma separated) required to perform the introspection request. If no scopes are - required, leave this value empty. - Example: AUTHENTICATOR_OAUTH2_INTROSPECTION_SCOPE=scopeA,scopeB + Example: + $ export PORT=4466 - - AUTHENTICATOR_OAUTH2_INTROSPECTION_TOKEN_URL: The OAuth2 Token Endpoint URL of the server - Example: AUTHENTICATOR_OAUTH2_INTROSPECTION_TOKEN_URL=https://my-server/oauth2/token +` + tlsx.HTTPSCertificateHelpMessage() + ` - - AUTHENTICATOR_OAUTH2_INTROSPECTION_URL: The OAuth2 Introspection Endpoint URL of the server - Example: AUTHENTICATOR_OAUTH2_INTROSPECTION_URL=https://my-server/oauth2/introspect +` + corsx.HelpMessage() + ` -- The OAuth 2.0 Client Credentials Authenticator is capable of authentication OAuth 2.0 clients using the client credentials - grant. - - AUTHENTICATOR_OAUTH2_CLIENT_CREDENTIALS_TOKEN_URL: The OAuth2 Token Endpoint URL of the server - Example: AUTHENTICATOR_OAUTH2_CLIENT_CREDENTIALS_TOKEN_URL=https://my-server/oauth2/token -` + corsMessage + ` DEBUG CONTROLS ============== -- PROFILING: Set "PROFILING=cpu" to enable cpu profiling and "PROFILING=memory" to enable memory profiling. - It is not possible to do both at the same time. - Example: PROFILING=cpu +` + profilex.HelpMessage() + ` + `, Run: server.RunServe(logger, Version, GitHash, BuildTime), } @@ -102,6 +73,6 @@ DEBUG CONTROLS func init() { RootCmd.AddCommand(serveCmd) - disableTelemetryEnv, _ := strconv.ParseBool(os.Getenv("DISABLE_TELEMETRY")) + disableTelemetryEnv, _ := strconv.ParseBool(os.Getenv("DISABLE_TELEMETRY")) // #nosec serveCmd.Flags().Bool("disable-telemetry", disableTelemetryEnv, "Disable anonymized telemetry reports - for more information please visit https://www.ory.sh/docs/guides/telemetry") } diff --git a/cmd/server/helper_server.go b/cmd/server/helper_server.go deleted file mode 100644 index 955a7f612..000000000 --- a/cmd/server/helper_server.go +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright © 2017-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @copyright 2017-2018 Aeneas Rekkas - * @license Apache-2.0 - */ - -package server - -import ( - "crypto/tls" - "encoding/base64" - "fmt" - - "github.com/spf13/viper" -) - -func getTLSCertAndKey() (*tls.Certificate, error) { - certString, keyString := viper.GetString("HTTP_TLS_CERT"), viper.GetString("HTTP_TLS_KEY") - certPath, keyPath := viper.GetString("HTTP_TLS_CERT_PATH"), viper.GetString("HTTP_TLS_KEY_PATH") - - if certString == "" && keyString == "" && certPath == "" && keyPath == "" { - // serve http - return nil, nil - } else if certString != "" && keyString != "" { - tlsCertBytes, err := base64.StdEncoding.DecodeString(certString) - if err != nil { - return nil, fmt.Errorf("unable to base64 decode the TLS certificate: %v", err) - } - tlsKeyBytes, err := base64.StdEncoding.DecodeString(keyString) - if err != nil { - return nil, fmt.Errorf("unable to base64 decode the TLS private key: %v", err) - } - - cert, err := tls.X509KeyPair(tlsCertBytes, tlsKeyBytes) - if err != nil { - return nil, fmt.Errorf("unable to load X509 key pair: %v", err) - } - return &cert, nil - } - if certPath != "" && keyPath != "" { - cert, err := tls.LoadX509KeyPair(certPath, keyPath) - if err != nil { - return nil, fmt.Errorf("unable to load X509 key pair from files: %v", err) - } - return &cert, nil - } - // serve http - //logger.Warnln("TLS requires both cert and key to be specified. Fall back to serving HTTP") - return nil, nil -} diff --git a/cmd/server/helper_server_test.go b/cmd/server/helper_server_test.go deleted file mode 100644 index 9016975f6..000000000 --- a/cmd/server/helper_server_test.go +++ /dev/null @@ -1,248 +0,0 @@ -/* - * Copyright © 2017-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @copyright 2017-2018 Aeneas Rekkas - * @license Apache-2.0 - */ - -package server - -import ( - "io/ioutil" - "os" - "testing" - - "github.com/spf13/viper" - "github.com/stretchr/testify/assert" -) - -func TestHelperGetTLSCertAndKey(t *testing.T) { - certFixture := `LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVFRENDQXZpZ0F3SUJBZ0lKQU5mK0lUMU1HaHhCTUEwR0NTcUdTSWI` + - `zRFFFQkN3VUFNSUdaTVFzd0NRWUQKVlFRR0V3SlZVekVMTUFrR0ExVUVDQXdDUTBFeEVqQVFCZ05WQkFjTUNWQmhiRzhnUVd4MGJ6RWlNQ0FHQ` + - `TFVRQpDZ3daVDI1bFEyOXVZMlZ5YmlCYmRHVnpkQ0J3ZFhKd2IzTmxYVEVjTUJvR0ExVUVBd3dUYjI1bFkyOXVZMlZ5CmJpMTBaWE4wTG1OdmJ` + - `URW5NQ1VHQ1NxR1NJYjNEUUVKQVJZWVpuSmxaR1Z5YVdOQVkyOXVaV052Ym1ObGNtNHUKWTI5dE1CNFhEVEU0TURnd016RTJNakUwT0ZvWERUR` + - `TVNVEl4TmpFMk1qRTBPRm93Z1lReEN6QUpCZ05WQkFZVApBbFZUTVFzd0NRWURWUVFJREFKRFFURVNNQkFHQTFVRUJ3d0pVR0ZzYnlCQmJIUnZ` + - `NU0l3SUFZRFZRUUxEQmxQCmJtVkRiMjVqWlhKdUlGdDBaWE4wSUhCMWNuQnZjMlZkTVRBd0xnWURWUVFERENkaGNHa3RjMlZ5ZG1salpTMXcKY` + - `205NGFXVmtMbTl1WldOdmJtTmxjbTR0ZEdWemRDNWpiMjB3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQgpEd0F3Z2dFS0FvSUJBUURXVzF` + - `KQnZweC9vZkYwei80QnkrYmdBcCtoYnlxblVsQ2FnYmlneE9QTHY3aUg4TSt1CjNENkRlSVkzQzdkV0thTjRnYXZHd1MvN3I0UWxXSWdvK09NR` + - `HQ1M25OZDVvakwvNWY5R1E0ZGRObW53b25EeEYKVThrd1lMWURMTkJIQzJqMzFBNVNueHo0S1NkVE03Rmc0OFBJeTNBaWFGMkhEcURZVlJpWkV` + - `ackl4U3JTSmFKZgp1WGVCSUVBcFBpUG1IOURObGw2VVo3ODZvZitJWWVLV2VuY0MvbGpPaGlJSnJWL3NEZTc2QVFjdXY5T29XaUdiCklGVFMyW` + - `ExSRGF0YzByQXhWdlFiTnMzeWlFYjh3UzBaR0F4cTBuZk9pMGZkYVBIODdFc25MdkpqWk5PcXIvTVMKSW5BYmN2ZmlwckxxaEdLQTVIN2hKVGZ` + - `EcFJ6WWxBcm5maTJMQWdNQkFBR2piakJzTUFrR0ExVWRFd1FDTUFBdwpDd1lEVlIwUEJBUURBZ1hnTUZJR0ExVWRFUVJMTUVtQ0htOWhkR2hyW` + - `ldWd1pYSXViMjVsWTI5dVkyVnliaTEwClpYTjBMbU52YllJbllYQnBMWE5sY25acFkyVXRjSEp2ZUdsbFpDNXZibVZqYjI1alpYSnVMWFJsYzN` + - `RdVkyOXQKTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFCMVBibCtSbW50RW9jbHlqWXpzeWtLb2lYczNwYTgzQ2dEWjZwQwpncnY0TFF4U29FZ` + - `kowNGY4YkQ0SUlZRkdDWmZWTkcwVnBFWHJObGs2VWJzVmRUQUJ0cUNndUpUV3dER1VBaDZYCjNiRmhyWm5QZXhzLy9Rd2dEQWRxSWYwRWd3Y0R` + - `VRzc2R0lkZms3MGUxWnV4Y2h4ZDhVQkNwQUlkZVUwOHZWa3kKNFBXdjJLNGFENEZqQ2hLeENONWtoTjUwRk1QY2FJK3hWZ2Q0N3RQaFZOOWxRa` + - `W9HRENoc1Q1dkFSazdiYS9jZQowUTlOV2RpTWZMRWdMZGNCb2JaS0Z0RnJsS3R5ek9nRGpMdlh2TFFzL3MybWVyU0k5Zmt3b09CRVArN2o3Wm5` + - `zCkFqeTlNZmh3cWJUcFc3S3BDU0ZhMFZULzJ1OTVaUmNQdnJYbGRLUnlnQjRXdUFScgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==` - keyFixture := `LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMWx0U1FiNmNmNkh4ZE0vK0Fjdm00QUtm` + - `b1c4cXAxSlFtb0c0b01Uank3KzRoL0RQCnJ0dytnM2lHTnd1M1ZpbWplSUdyeHNFdis2K0VKVmlJS1BqakE3ZWQ1elhlYUl5LytYL1JrT0hYVF` + - `pwOEtKdzgKUlZQSk1HQzJBeXpRUnd0bzk5UU9VcDhjK0NrblV6T3hZT1BEeU10d0ltaGRodzZnMkZVWW1SR2F5TVVxMGlXaQpYN2wzZ1NCQUtU` + - `NGo1aC9RelpaZWxHZS9PcUgvaUdIaWxucDNBdjVZem9ZaUNhMWY3QTN1K2dFSExyL1RxRm9oCm15QlUwdGx5MFEyclhOS3dNVmIwR3piTjhvaE` + - `cvTUV0R1JnTWF0SjN6b3RIM1dqeC9PeExKeTd5WTJUVHFxL3oKRWlKd0czTDM0cWF5Nm9SaWdPUis0U1UzdzZVYzJKUUs1MzR0aXdJREFRQUJB` + - `b0lCQVFET2xyRE9RQ0NnT2JsMQo5VWMrLy84QkFrWksxZExyODc5UFNacGhCNkRycTFqeld6a3RzNEprUHZKTGR2VTVDMlJMTGQ0WjdmS0t4UH` + - `U4CjZuZy8xSzhsMC85UTZHL3puME1kK1B4R2dBSjYvbHFPNFJTTlZGVGdWVFRXRm9pZEQvZ1ljYjFrRDRsaCtuZTIKRG1uemtWQU40MU90Tlp4` + - `K0g3RVJEZUpwRTdoenFSOEhodnhxZU82Z25CMXJkZ3JRSE9MV1lSdmM1cGd2QS9BTwpYcTBRVXIrQWlUcTR0UW5oYjhDbDhJK2lLRmF5ZzZvY0` + - `FnQXVCZkZBMnVBd29CL25LajZXTHlJVHV0NWE1VDBQCmxpbVJaYllGUTFyeHBJaVpUMmFja0NxUjN1Yk9qdVBGOCtJZHVWSmNXN05WcTFRSlls` + - `RkFrSnVhTnpaRDlNMGkKUCs3WTgvTGhBb0dCQVBEYTg2cU9pazZpamNaajJtKzFub3dycnJINjdCRzhqRzdIYzJCZzU1M2VXWHZnQ3Z6RQppMk` + - `xYU3J6VVV6SGN2aHFQRVZqV2RPbk1rVHkxK2VoZDRnV3FTZW9iUlFqcHAxYU40clA5dVcvOStZaHVoTlZWCnJ2QUh3ZHBTaTRlelovNEVERmxl` + - `YUd5dXNWSkcvU1lJM096bnVQU051NW1lcysxN05Hb2pBZWtaQW9HQkFPUFYKMG5oRy9rNitQLzdlRXlqL2tjU3lPeUE5MzYvV05yVUU3bDF4b2` + - `YyK3laSVVhUitOcE1manpmcVJqaitRWmZIZwpJS0kvYmJGWGtlWm9nWG5seHk0T1YvSmtKZy9oTHo2alJUQjhYTW9kbEhwVnFOaEZYcWJhV1Bj` + - `a0h3WkhaVFU0CkNsQWg0QWZrZ2hpVWVrS2lhcTFNMWNyOE5CTWlyeTR2WWhKVXVReERBb0dCQUpyTG5aOFlUVHVNcmFHN3V6L2cKY2kyVVJZcU` + - `53ZnNFT3gxWGdvZUd3RlZ0K2dUclVTUnpEVUpSSysrQVpwZTlUMUN5Y211dUtTVzZHLzN3MXRUSQp3ZUx5TnQ4Rzk2OXF1K21jOXY3SEtzOFhZ` + - `N0NUbHp1ay9mRzJpcGhPUk83S0Z5UGlaaTFweDZOU0F4VG1HdnkrCjVYNDh6MW9kWFZ5MTZ0M09PVG1kbGpUQkFvR0FTYk5SY2pjRTdOUCtQNl` + - `AyN3J3OW16Tk1qUkYyMnBxZzk4MncKamVuRVRTRDZjNWJHcXI1WEg1SkJmMXkyZHpsdXdOK1BydXgxdjNoa2FmUkViZm8yaEY5L2M1bVI5bkVS` + - `cDJHSgpjRFhLamxjalFLK1UvdUR4eldlMGY3M2ZpMWh0Rk5vYisrLzVXSlJDd1ZER2UrZXVPb0V3WjRsT0R5S1pLSWVMCllnS21HYUVDZ1lBMF` + - `prd3k5ejFXczRBTmpHK1lsYVV4cEtMY0pGZHlDSEtkRnI2NVdZc21HcU5rSmZHU0dlQjYKUkhNWk5Nb0RUUmhtaFFoajhNN04rRk10WkFVT01k` + - `ZFovMWN2UkV0Rlc3KzY2dytYWnZqOUNRL3VlY3RwL3FiKwo2ZG5PYnJkbUxpWitVL056R0xLbUZnSlRjOVg3ZndtMTFQU2xpWkswV3JkblhLbn` + - `praDlPaFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=` - - certFileContent := `-----BEGIN CERTIFICATE----- -MIIEEDCCAvigAwIBAgIJANf+IT1MGhxBMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD -VQQGEwJVUzELMAkGA1UECAwCQ0ExEjAQBgNVBAcMCVBhbG8gQWx0bzEiMCAGA1UE -CgwZT25lQ29uY2VybiBbdGVzdCBwdXJwb3NlXTEcMBoGA1UEAwwTb25lY29uY2Vy -bi10ZXN0LmNvbTEnMCUGCSqGSIb3DQEJARYYZnJlZGVyaWNAY29uZWNvbmNlcm4u -Y29tMB4XDTE4MDgwMzE2MjE0OFoXDTE5MTIxNjE2MjE0OFowgYQxCzAJBgNVBAYT -AlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJUGFsbyBBbHRvMSIwIAYDVQQLDBlP -bmVDb25jZXJuIFt0ZXN0IHB1cnBvc2VdMTAwLgYDVQQDDCdhcGktc2VydmljZS1w -cm94aWVkLm9uZWNvbmNlcm4tdGVzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB -DwAwggEKAoIBAQDWW1JBvpx/ofF0z/4By+bgAp+hbyqnUlCagbigxOPLv7iH8M+u -3D6DeIY3C7dWKaN4gavGwS/7r4QlWIgo+OMDt53nNd5ojL/5f9GQ4ddNmnwonDxF -U8kwYLYDLNBHC2j31A5Snxz4KSdTM7Fg48PIy3AiaF2HDqDYVRiZEZrIxSrSJaJf -uXeBIEApPiPmH9DNll6UZ786of+IYeKWencC/ljOhiIJrV/sDe76AQcuv9OoWiGb -IFTS2XLRDatc0rAxVvQbNs3yiEb8wS0ZGAxq0nfOi0fdaPH87EsnLvJjZNOqr/MS -InAbcvfiprLqhGKA5H7hJTfDpRzYlArnfi2LAgMBAAGjbjBsMAkGA1UdEwQCMAAw -CwYDVR0PBAQDAgXgMFIGA1UdEQRLMEmCHm9hdGhrZWVwZXIub25lY29uY2Vybi10 -ZXN0LmNvbYInYXBpLXNlcnZpY2UtcHJveGllZC5vbmVjb25jZXJuLXRlc3QuY29t -MA0GCSqGSIb3DQEBCwUAA4IBAQB1Pbl+RmntEoclyjYzsykKoiXs3pa83CgDZ6pC -grv4LQxSoEfJ04f8bD4IIYFGCZfVNG0VpEXrNlk6UbsVdTABtqCguJTWwDGUAh6X -3bFhrZnPexs//QwgDAdqIf0EgwcDUG76GIdfk70e1Zuxchxd8UBCpAIdeU08vVky -4PWv2K4aD4FjChKxCN5khN50FMPcaI+xVgd47tPhVN9lQioGDChsT5vARk7ba/ce -0Q9NWdiMfLEgLdcBobZKFtFrlKtyzOgDjLvXvLQs/s2merSI9fkwoOBEP+7j7Zns -Ajy9MfhwqbTpW7KpCSFa0VT/2u95ZRcPvrXldKRygB4WuARr ------END CERTIFICATE-----` - keyFileContent := `-----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA1ltSQb6cf6HxdM/+Acvm4AKfoW8qp1JQmoG4oMTjy7+4h/DP -rtw+g3iGNwu3VimjeIGrxsEv+6+EJViIKPjjA7ed5zXeaIy/+X/RkOHXTZp8KJw8 -RVPJMGC2AyzQRwto99QOUp8c+CknUzOxYOPDyMtwImhdhw6g2FUYmRGayMUq0iWi -X7l3gSBAKT4j5h/QzZZelGe/OqH/iGHilnp3Av5YzoYiCa1f7A3u+gEHLr/TqFoh -myBU0tly0Q2rXNKwMVb0GzbN8ohG/MEtGRgMatJ3zotH3Wjx/OxLJy7yY2TTqq/z -EiJwG3L34qay6oRigOR+4SU3w6Uc2JQK534tiwIDAQABAoIBAQDOlrDOQCCgObl1 -9Uc+//8BAkZK1dLr879PSZphB6Drq1jzWzkts4JkPvJLdvU5C2RLLd4Z7fKKxPu8 -6ng/1K8l0/9Q6G/zn0Md+PxGgAJ6/lqO4RSNVFTgVTTWFoidD/gYcb1kD4lh+ne2 -DmnzkVAN41OtNZx+H7ERDeJpE7hzqR8HhvxqeO6gnB1rdgrQHOLWYRvc5pgvA/AO -Xq0QUr+AiTq4tQnhb8Cl8I+iKFayg6ocAgAuBfFA2uAwoB/nKj6WLyITut5a5T0P -limRZbYFQ1rxpIiZT2ackCqR3ubOjuPF8+IduVJcW7NVq1QJYlFAkJuaNzZD9M0i -P+7Y8/LhAoGBAPDa86qOik6ijcZj2m+1nowrrrH67BG8jG7Hc2Bg553eWXvgCvzE -i2LXSrzUUzHcvhqPEVjWdOnMkTy1+ehd4gWqSeobRQjpp1aN4rP9uW/9+YhuhNVV -rvAHwdpSi4ezZ/4EDFleaGyusVJG/SYI3OznuPSNu5mes+17NGojAekZAoGBAOPV -0nhG/k6+P/7eEyj/kcSyOyA936/WNrUE7l1xof2+yZIUaR+NpMfjzfqRjj+QZfHg -IKI/bbFXkeZogXnlxy4OV/JkJg/hLz6jRTB8XModlHpVqNhFXqbaWPckHwZHZTU4 -ClAh4AfkghiUekKiaq1M1cr8NBMiry4vYhJUuQxDAoGBAJrLnZ8YTTuMraG7uz/g -ci2URYqNwfsEOx1XgoeGwFVt+gTrUSRzDUJRK++AZpe9T1CycmuuKSW6G/3w1tTI -weLyNt8G969qu+mc9v7HKs8XY7CTlzuk/fG2iphORO7KFyPiZi1px6NSAxTmGvy+ -5X48z1odXVy16t3OOTmdljTBAoGASbNRcjcE7NP+P6P27rw9mzNMjRF22pqg982w -jenETSD6c5bGqr5XH5JBf1y2dzluwN+Prux1v3hkafREbfo2hF9/c5mR9nERp2GJ -cDXKjlcjQK+U/uDxzWe0f73fi1htFNob++/5WJRCwVDGe+euOoEwZ4lODyKZKIeL -YgKmGaECgYA0Zkwy9z1Ws4ANjG+YlaUxpKLcJFdyCHKdFr65WYsmGqNkJfGSGeB6 -RHMZNMoDTRhmhQhj8M7N+FMtZAUOMddZ/1cvREtFW7+66w+XZvj9CQ/uectp/qb+ -6dnObrdmLiZ+U/NzGLKmFgJTc9X7fwm11PSliZK0WrdnXKnzkh9OhQ== ------END RSA PRIVATE KEY-----` - tmpCertFile, _ := ioutil.TempFile("", "test-cert") - tmpCert := tmpCertFile.Name() - tmpKeyFile, _ := ioutil.TempFile("", "test-key") - tmpKey := tmpKeyFile.Name() - defer func() { - _ = os.Remove(tmpCert) - _ = os.Remove(tmpKey) - os.Setenv("HTTP_TLS_KEY_PATH", "") - os.Setenv("HTTP_TLS_CERT_PATH", "") - os.Setenv("HTTP_TLS_KEY", "") - os.Setenv("HTTP_TLS_CERT", "") - }() - _ = ioutil.WriteFile(tmpCert, []byte(certFileContent), 0600) - _ = ioutil.WriteFile(tmpKey, []byte(keyFileContent), 0600) - viper.AutomaticEnv() // read in environment variables that match - - // 1. no TLS - os.Setenv("HTTP_TLS_KEY_PATH", "") - os.Setenv("HTTP_TLS_CERT_PATH", "") - os.Setenv("HTTP_TLS_KEY", "") - os.Setenv("HTTP_TLS_CERT", "") - cert, err := getTLSCertAndKey() - assert.Nil(t, cert) - assert.NoError(t, err) - - // 2. inconsistent TLS (i): warning only - os.Setenv("HTTP_TLS_KEY_PATH", "x") - os.Setenv("HTTP_TLS_CERT_PATH", "") - os.Setenv("HTTP_TLS_KEY", "") - os.Setenv("HTTP_TLS_CERT", "") - cert, err = getTLSCertAndKey() - assert.Nil(t, cert) - assert.NoError(t, err) - - // 2. inconsistent TLS (ii): warning only - os.Setenv("HTTP_TLS_KEY_PATH", "") - os.Setenv("HTTP_TLS_CERT_PATH", "") - os.Setenv("HTTP_TLS_KEY", "") - os.Setenv("HTTP_TLS_CERT", "x") - cert, err = getTLSCertAndKey() - assert.Nil(t, cert) - assert.NoError(t, err) - - // 3. invalid TLS file - os.Setenv("HTTP_TLS_KEY_PATH", "x") - os.Setenv("HTTP_TLS_CERT_PATH", tmpCert) - os.Setenv("HTTP_TLS_KEY", "") - os.Setenv("HTTP_TLS_CERT", "") - cert, err = getTLSCertAndKey() - assert.Nil(t, cert) - assert.Error(t, err) - - // 4. invalid TLS string (i) - os.Setenv("HTTP_TLS_KEY_PATH", "") - os.Setenv("HTTP_TLS_CERT_PATH", "") - os.Setenv("HTTP_TLS_KEY", "{}") - os.Setenv("HTTP_TLS_CERT", certFixture) - cert, err = getTLSCertAndKey() - assert.Nil(t, cert) - assert.Error(t, err) - - // 4. invalid TLS string (ii) - os.Setenv("HTTP_TLS_KEY_PATH", "") - os.Setenv("HTTP_TLS_CERT_PATH", "") - os.Setenv("HTTP_TLS_KEY", keyFixture) - os.Setenv("HTTP_TLS_CERT", "{}") - cert, err = getTLSCertAndKey() - assert.Nil(t, cert) - assert.Error(t, err) - - // 5. valid TLS files - os.Setenv("HTTP_TLS_KEY_PATH", tmpKey) - os.Setenv("HTTP_TLS_CERT_PATH", tmpCert) - os.Setenv("HTTP_TLS_KEY", "") - os.Setenv("HTTP_TLS_CERT", "") - cert, err = getTLSCertAndKey() - assert.NotNil(t, cert) - assert.NoError(t, err) - - // 6. valid TLS strings - os.Setenv("HTTP_TLS_KEY_PATH", "") - os.Setenv("HTTP_TLS_CERT_PATH", "") - os.Setenv("HTTP_TLS_KEY", keyFixture) - os.Setenv("HTTP_TLS_CERT", certFixture) - cert, err = getTLSCertAndKey() - assert.NotNil(t, cert) - assert.NoError(t, err) - - // 7. invalid TLS file content - os.Setenv("HTTP_TLS_KEY_PATH", keyFixture) - os.Setenv("HTTP_TLS_CERT_PATH", certFixture) - os.Setenv("HTTP_TLS_KEY", "") - os.Setenv("HTTP_TLS_CERT", "") - cert, err = getTLSCertAndKey() - assert.Nil(t, cert) - assert.Error(t, err) - - // 8. invalid TLS string content - os.Setenv("HTTP_TLS_KEY_PATH", "") - os.Setenv("HTTP_TLS_CERT_PATH", "") - os.Setenv("HTTP_TLS_KEY", keyFileContent) - os.Setenv("HTTP_TLS_CERT", certFileContent) - cert, err = getTLSCertAndKey() - assert.Nil(t, cert) - assert.Error(t, err) - - // 9. mismatched TLS file content - os.Setenv("HTTP_TLS_KEY_PATH", certFileContent) - os.Setenv("HTTP_TLS_CERT_PATH", keyFileContent) - os.Setenv("HTTP_TLS_KEY", "") - os.Setenv("HTTP_TLS_CERT", "") - cert, err = getTLSCertAndKey() - assert.Nil(t, cert) - assert.Error(t, err) - - // 10. mismatched TLS string content - os.Setenv("HTTP_TLS_KEY_PATH", "") - os.Setenv("HTTP_TLS_CERT_PATH", "") - os.Setenv("HTTP_TLS_KEY", certFixture) - os.Setenv("HTTP_TLS_CERT", keyFixture) - cert, err = getTLSCertAndKey() - assert.Nil(t, cert) - assert.Error(t, err) - -} diff --git a/cmd/server/migrate.go b/cmd/server/migrate.go deleted file mode 100644 index 6ee16a51f..000000000 --- a/cmd/server/migrate.go +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package server - -import ( - "net/url" - - "github.com/ory/keto/role" - "github.com/ory/ladon/manager/sql" - "github.com/sirupsen/logrus" - "github.com/spf13/cobra" - "github.com/spf13/viper" - - "fmt" - - _ "github.com/go-sql-driver/mysql" - _ "github.com/lib/pq" - "github.com/ory/keto/legacy" - "github.com/rubenv/sql-migrate" -) - -func getMigrationSql(cmd *cobra.Command, args []string, logger *logrus.Logger) (string, *url.URL) { - var db string - - if a, b := cmd.Flags().GetBool("read-from-env"); a && b == nil { - db = viper.GetString("DATABASE_URL") - } else { - if len(args) == 0 { - fmt.Print(cmd.UsageString()) - logger.Fatalf("Argument 1 is missing") - } - db = args[0] - } - - u, err := url.Parse(db) - if err != nil { - logger.WithError(err).WithField("database_url", db).Fatal("Unable to parse DATABASE_URL, make sure it has the right format") - } - - return db, u -} - -func RunMigrateSQL(logger *logrus.Logger) func(cmd *cobra.Command, args []string) { - return func(cmd *cobra.Command, args []string) { - db, dbu := getMigrationSql(cmd, args, logger) - if dbu.Scheme != "postgres" && dbu.Scheme != "mysql" { - logger.WithField("database_url", dbu.Scheme+"://*:*@"+dbu.Host+dbu.Path+"?"+dbu.RawQuery).Fatal("Migrations can only be run against PostgreSQL or MySQL databases") - } - - managers, err := newManagers(db, logger) - if err != nil { - logger.WithError(err).WithField("database_url", dbu.Scheme+"://*:*@"+dbu.Host+dbu.Path+"?"+dbu.RawQuery).Fatal("Unable to parse DATABASE_URL, make sure it has the right format") - } - - logger.Info("Applying SQL migrations...") - if n, err := managers.roleManager.(*role.SQLManager).CreateSchemas(); err != nil { - logger.WithError(err).WithField("migrations", n).WithField("table", "policies").Fatal("An error occurred while trying to apply SQL migrations") - } else { - logger.WithField("migrations", n).WithField("table", "role").Print("Successfully applied SQL migrations") - } - - if n, err := managers.policyManager.(*sql.SQLManager).CreateSchemas("", "keto_policy_migration"); err != nil { - logger.WithError(err).WithField("migrations", n).WithField("table", "policies").Fatal("An error occurred while trying to apply SQL migrations") - } else { - logger.WithField("migrations", n).WithField("table", "policies").Print("Successfully applied SQL migrations") - } - - logger.Info("Done applying SQL migrations") - } -} - -func RunMigrateHydra(logger *logrus.Logger) func(cmd *cobra.Command, args []string) { - return func(cmd *cobra.Command, args []string) { - dbUrl, u := getMigrationSql(cmd, args, logger) - - db, err := connectToSQL(dbUrl, logger) - if err != nil { - logger.WithError(err).WithField("database_url", u.Scheme+"://*:*@"+u.Host+u.Path+"?"+u.RawQuery).Fatal("Unable to parse DATABASE_URL, make sure it has the right format") - } - - migrate.SetTable("keto_legacy_hydra_migration") - n, err := migrate.Exec(db.GetDatabase().DB, db.GetDatabase().DriverName(), legacy.HydraLegacyMigrations[db.GetDatabase().DriverName()], migrate.Up) - if err != nil { - logger.WithError(err).WithField("migrations", n).Fatal("An error occurred while trying to apply SQL migrations") - } - logger.WithField("migrations", n).Print("Successfully applied SQL migrations") - logger.Info("Done applying SQL migrations") - } -} diff --git a/cmd/server/serve.go b/cmd/server/serve.go index 5d0a3e6f5..218c8976f 100644 --- a/cmd/server/serve.go +++ b/cmd/server/serve.go @@ -26,26 +26,29 @@ import ( "fmt" "net/http" + "github.com/gobuffalo/packr" + "github.com/jmoiron/sqlx" "github.com/julienschmidt/httprouter" - "github.com/ory/fosite" - "github.com/ory/go-convenience/corsx" - "github.com/ory/go-convenience/stringsx" - "github.com/ory/graceful" - "github.com/ory/herodot" - "github.com/ory/keto/authentication" - "github.com/ory/keto/health" - "github.com/ory/keto/policy" - "github.com/ory/keto/role" - "github.com/ory/keto/warden" - "github.com/ory/ladon" - "github.com/rs/cors" + "github.com/meatballhat/negroni-logrus" + "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/cobra" "github.com/spf13/viper" "github.com/urfave/negroni" - negronilogrus "github.com/meatballhat/negroni-logrus" - metrics "github.com/ory/metrics-middleware" + "github.com/ory/go-convenience/stringslice" + "github.com/ory/graceful" + "github.com/ory/herodot" + "github.com/ory/keto/engine" + "github.com/ory/keto/engine/ladon" + "github.com/ory/keto/storage" + "github.com/ory/x/cmdx" + "github.com/ory/x/corsx" + "github.com/ory/x/dbal" + "github.com/ory/x/flagx" + "github.com/ory/x/healthx" + "github.com/ory/x/metricsx" + "github.com/ory/x/tlsx" ) // RunServe runs the Keto API HTTP server @@ -54,88 +57,55 @@ func RunServe( buildVersion, buildHash string, buildTime string, ) func(cmd *cobra.Command, args []string) { return func(cmd *cobra.Command, args []string) { - router := httprouter.New() + box := packr.NewBox("../../engine/ladon/rego") - m, err := newManagers(viper.GetString("DATABASE_URL"), logger) - if err != nil { - logger. - WithError(err). - Fatal("Unable to initialise backends") - } + compiler, err := engine.NewCompiler(box, logger) + cmdx.Must(err, "Unable to initialize compiler: %s", err) - var strategy fosite.ScopeStrategy - switch viper.GetString("AUTHENTICATOR_OAUTH2_INTROSPECTION_SCOPE_STRATEGY") { - case "hierarchic": - strategy = fosite.HierarchicScopeStrategy - break - case "exact": - strategy = fosite.ExactScopeStrategy - break - case "wildcard": - fallthrough - default: - strategy = fosite.WildcardScopeStrategy - } + writer := herodot.NewJSONWriter(logger) + //writer.ErrorEnhancer = nil - authenticators := map[string]authentication.Authenticator{ - "subjects": authentication.NewPlaintextAuthentication(), - "oauth2/access-tokens": authentication.NewOAuth2IntrospectionAuthentication( - viper.GetString("AUTHENTICATOR_OAUTH2_INTROSPECTION_CLIENT_ID"), - viper.GetString("AUTHENTICATOR_OAUTH2_INTROSPECTION_CLIENT_SECRET"), - viper.GetString("AUTHENTICATOR_OAUTH2_INTROSPECTION_TOKEN_URL"), - viper.GetString("AUTHENTICATOR_OAUTH2_INTROSPECTION_URL"), - stringsx.Splitx(viper.GetString("AUTHENTICATOR_OAUTH2_INTROSPECTION_SCOPE"), ","), - strategy, - ), - "oauth2/clients": authentication.NewOAuth2ClientCredentialsAuthentication( - viper.GetString("AUTHENTICATOR_OAUTH2_CLIENT_CREDENTIALS_TOKEN_URL"), - ), - } + var s storage.Manager + checks := map[string]healthx.ReadyChecker{} - decider := &ladon.Ladon{ - Manager: m.policyManager, - AuditLogger: &warden.AuditLoggerLogrus{Logger: logger}, - Matcher: ladon.DefaultMatcher, - } - firewall := warden.NewWarden(decider, m.roleManager, logger) - writer := herodot.NewJSONWriter(logger) - roleHandler := role.NewHandler(m.roleManager, writer) - policyHandler := policy.NewHandler(m.policyManager, writer) - wardenHandler := warden.NewHandler(writer, firewall, authenticators) - healthHandler := health.NewHandler(writer, buildVersion, m.readyCheckers) + dbal.Connect(viper.GetString("DATABASE_URL"), logger, + func() error { + s = storage.NewMemoryManager() + checks["storage"] = healthx.NoopReadyChecker + return nil + }, + func(db *sqlx.DB) error { + ss := storage.NewSQLManager(db) + checks["storage"] = db.Ping + s = ss + return nil + }, + ) + + sh := storage.NewHandler(s, writer) + e := engine.NewEngine(compiler, writer) - roleHandler.SetRoutes(router) - policyHandler.SetRoutes(router) - wardenHandler.SetRoutes(router) - healthHandler.SetRoutes(router) + router := httprouter.New() + ladon.NewEngine(s, sh, e, writer).Register(router) n := negroni.New() n.Use(negronilogrus.NewMiddlewareFromLogger(logger, "keto")) - var c http.Handler = n - if viper.GetString("CORS_ENABLED") == "true" { - logger.Info("Enabled CORS") - c = cors.New(corsx.ParseOptions()).Handler(n) - } - - if ok, _ := cmd.Flags().GetBool("disable-telemetry"); !ok && viper.GetString("DATABASE_URL") != "memory" { + if flagx.MustGetBool(cmd, "disable-telemetry") { logger.Println("Transmission of telemetry data is enabled, to learn more go to: https://www.ory.sh/docs/guides/latest/telemetry/") - m := metrics.NewMetricsManager( - metrics.Hash("DATABASE_URL"), + m := metricsx.NewMetricsManager( + metricsx.Hash("DATABASE_URL"), viper.GetString("DATABASE_URL") != "memory", "jk32cFATnj9GKbQdFL7fBB9qtKZdX9j7", - []string{ - "/policies", - "/roles", - "/warden/subjects/authorize", - "/warden/oauth2/access-tokens/authorize", - "/warden/oauth2/clients/authorize", - }, + stringslice.Merge( + healthx.RoutesToObserve(), + ladon.RoutesToObserve(), + ), logger, "ory-keto", - //100, - //"", + 100, + "", ) go m.RegisterSegment(buildVersion, buildHash, buildTime) go m.CommitMemoryStatistics() @@ -143,35 +113,30 @@ func RunServe( } n.UseHandler(router) - - cert, err := getTLSCertAndKey() - if err != nil { - logger.Fatalf("%v", err) - } - - certs := []tls.Certificate{} - if cert != nil { - certs = append(certs, *cert) - } + c := corsx.Initialize(n, logger) addr := fmt.Sprintf("%s:%s", viper.GetString("HOST"), viper.GetString("PORT")) server := graceful.WithDefaults(&http.Server{ Addr: addr, Handler: c, - TLSConfig: &tls.Config{ - Certificates: certs, - }, }) + cert, err := tlsx.HTTPSCertificate() + if errors.Cause(err) == tlsx.ErrNoCertificatesConfigured { + server.TLSConfig = &tls.Config{Certificates: cert} + } else if err != nil { + cmdx.Must(err, "Unable to load HTTP TLS certificate(s): %s", err) + } + if err := graceful.Graceful(func() error { if cert != nil { - logger.Printf("Listening on https://%s.\n", addr) + logger.Printf("Listening on https://%s", addr) return server.ListenAndServeTLS("", "") } - logger.Printf("Listening on http://%s.\n", addr) + logger.Printf("Listening on http://%s", addr) return server.ListenAndServe() }, server.Shutdown); err != nil { - logger.Fatalf("Unable to gracefully shutdown HTTP(s) server because %v.\n", err) + logger.Fatalf("Unable to gracefully shutdown HTTP(s) server because %v", err) return } } diff --git a/cmd/server/sql.go b/cmd/server/sql.go deleted file mode 100644 index 0eb4f2039..000000000 --- a/cmd/server/sql.go +++ /dev/null @@ -1,131 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package server - -import ( - "net/url" - "time" - - _ "github.com/go-sql-driver/mysql" - _ "github.com/lib/pq" - "github.com/ory/keto/health" - "github.com/ory/keto/role" - "github.com/ory/ladon" - "github.com/ory/ladon/manager/memory" - "github.com/ory/ladon/manager/sql" - "github.com/ory/sqlcon" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" -) - -type managers struct { - roleManager role.Manager - policyManager ladon.Manager - readyCheckers map[string]health.ReadyChecker -} - -func newManagers(db string, logger logrus.FieldLogger) (*managers, error) { - if db == "memory" { - return &managers{ - readyCheckers: map[string]health.ReadyChecker{ - "database": func() error { - return nil - }, - }, - roleManager: role.NewMemoryManager(), - policyManager: memory.NewMemoryManager(), - }, nil - } else if db == "" { - return nil, errors.New("No database URL provided") - } - - u, err := url.Parse(db) - if err != nil { - return nil, errors.WithStack(err) - } - - switch u.Scheme { - case "postgres": - fallthrough - case "mysql": - sdb, err := connectToSQL(db, logger) - if err != nil { - return nil, errors.WithStack(err) - } - - return &managers{ - readyCheckers: map[string]health.ReadyChecker{ - "database": func() error { - return sdb.GetDatabase().Ping() - }, - }, - roleManager: role.NewSQLManager(sdb.GetDatabase()), - policyManager: sql.NewSQLManager(sdb.GetDatabase(), nil), - }, nil - } - - return nil, errors.Errorf("The provided database URL %s can not be handled", db) -} - -func retry(logger logrus.FieldLogger, maxWait time.Duration, failAfter time.Duration, f func() error) (err error) { - var lastStart time.Time - err = errors.New("Did not connect.") - loopWait := time.Millisecond * 100 - retryStart := time.Now().UTC() - for retryStart.Add(failAfter).After(time.Now().UTC()) { - lastStart = time.Now().UTC() - if err = f(); err == nil { - return nil - } - - if lastStart.Add(maxWait * 2).Before(time.Now().UTC()) { - retryStart = time.Now().UTC() - } - - logger.WithError(err).Infof("Retrying in %f seconds...", loopWait.Seconds()) - time.Sleep(loopWait) - loopWait = loopWait * time.Duration(int64(2)) - if loopWait > maxWait { - loopWait = maxWait - } - } - return err -} - -func connectToSQL(db string, logger logrus.FieldLogger) (sdb *sqlcon.SQLConnection, err error) { - if err := retry(logger, time.Minute, time.Minute*15, func() error { - var err error - sdb, err = sqlcon.NewSQLConnection(db, logger) - if err != nil { - return errors.WithStack(err) - } - - if err := sdb.GetDatabase().Ping(); err != nil { - return errors.WithStack(err) - } - return nil - }); err != nil { - return nil, errors.WithStack(err) - } - - return sdb, nil -} diff --git a/cmd/version.go b/cmd/version.go index 271198a8e..ba6a0c84e 100644 --- a/cmd/version.go +++ b/cmd/version.go @@ -21,23 +21,8 @@ package cmd -import ( - "fmt" - - "github.com/spf13/cobra" -) - -// versionCmd represents the version command -var versionCmd = &cobra.Command{ - Use: "version", - Short: "Display this build's version, build time, and git hash", - Run: func(cmd *cobra.Command, args []string) { - fmt.Printf("Version: %s\n", Version) - fmt.Printf("Git Hash: %s\n", GitHash) - fmt.Printf("Build Time: %s\n", BuildTime) - }, -} +import "github.com/ory/x/cmdx" func init() { - RootCmd.AddCommand(versionCmd) + RootCmd.AddCommand(cmdx.Version(&Version, &GitHash, &BuildTime)) } diff --git a/cmd/warden_oauth2.go b/cmd/warden_oauth2.go deleted file mode 100644 index ce351ae77..000000000 --- a/cmd/warden_oauth2.go +++ /dev/null @@ -1,44 +0,0 @@ -// Copyright © 2018 NAME HERE -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package cmd - -import ( - "github.com/spf13/cobra" -) - -// oauth2Cmd represents the oauth2 command -var oauth2Cmd = &cobra.Command{ - Use: "oauth2", - Short: "Checks if an OAuth 2.0 Access Token is authorized to perform a certain request", - Run: cmdHandler.Warden.IsOAuth2AccessTokenAuthorized, -} - -func init() { - authorizeCmd.AddCommand(oauth2Cmd) - - // Here you will define your flags and configuration settings. - - // Cobra supports Persistent Flags which will work for this command - // and all subcommands, e.g.: - // oauth2Cmd.PersistentFlags().String("foo", "", "A help for foo") - - // Cobra supports local flags which will only run when this command - // is called directly, e.g.: - // oauth2Cmd.Flags().BoolP("toggle", "t", false, "Help message for toggle") - oauth2Cmd.Flags().String("token", "", "The request's bearer token") - oauth2Cmd.Flags().StringArray("scope", []string{}, "The request's required scope") - oauth2Cmd.Flags().String("action", "", "The request's action") - oauth2Cmd.Flags().String("resource", "", "The request's resource") -} diff --git a/cmd/warden_subject.go b/cmd/warden_subject.go deleted file mode 100644 index 7aef72fba..000000000 --- a/cmd/warden_subject.go +++ /dev/null @@ -1,43 +0,0 @@ -// Copyright © 2018 NAME HERE -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package cmd - -import ( - "github.com/spf13/cobra" -) - -// subjectCmd represents the subject command -var subjectCmd = &cobra.Command{ - Use: "subject", - Short: "Checks if a subject is authorized to perform a certain request", - Run: cmdHandler.Warden.IsSubjectAuthorized, -} - -func init() { - authorizeCmd.AddCommand(subjectCmd) - - // Here you will define your flags and configuration settings. - - // Cobra supports Persistent Flags which will work for this command - // and all subcommands, e.g.: - // subjectCmd.PersistentFlags().String("foo", "", "A help for foo") - - // Cobra supports local flags which will only run when this command - // is called directly, e.g.: - - subjectCmd.Flags().StringP("subject", "s", "", "The request's subject") - subjectCmd.Flags().StringP("action", "a", "", "The request's action") - subjectCmd.Flags().StringP("resource", "r", "", "The request's resource") -} diff --git a/doc.go b/doc.go index 11dbb8c68..b19e38a58 100644 --- a/doc.go +++ b/doc.go @@ -5,7 +5,7 @@ // BasePath: / // Version: Latest // License: Apache 2.0 https://github.com/ory/keto/blob/master/LICENSE -// Contact: ORY https://www.ory.sh +// Contact: ORY https://www.ory.sh // // Consumes: // - application/json diff --git a/docs/api.swagger.json b/docs/api.swagger.json index 5721529f3..13cbb3a8f 100644 --- a/docs/api.swagger.json +++ b/docs/api.swagger.json @@ -15,7 +15,7 @@ "contact": { "name": "ORY", "url": "https://www.ory.sh", - "email": "hi@ory.am" + "email": "hi@ory.sh" }, "license": { "name": "Apache 2.0", @@ -25,57 +25,57 @@ }, "basePath": "/", "paths": { - "/health/alive": { - "get": { - "description": "This endpoint returns a 200 status code when the HTTP server is up running.\nThis status does currently not include checks whether the database connection is working.\nThis endpoint does not require the `X-Forwarded-Proto` header when TLS termination is set.\n\nBe aware that if you are running multiple nodes of ORY Keto, the health status will never refer to the cluster state, only to a single instance.", + "/engines/acp/ory/{flavor}/allowed": { + "post": { + "description": "Use this endpoint to check if a request is allowed or not.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "schemes": [ + "http", + "https" + ], "tags": [ - "health" + "engines" ], - "summary": "Check the Alive Status", - "operationId": "isInstanceAlive", - "responses": { - "200": { - "description": "healthStatus", + "summary": "Check if a request is allowed", + "operationId": "doOryAccessControlPoliciesAllow", + "parameters": [ + { + "type": "string", + "x-go-name": "Flavor", + "description": "The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\".", + "name": "flavor", + "in": "path", + "required": true + }, + { + "name": "Body", + "in": "body", "schema": { - "$ref": "#/definitions/healthStatus" + "$ref": "#/definitions/oryAccessControlPolicyAllowedInput" } - }, - "500": { - "$ref": "#/responses/genericError" } - } - } - }, - "/health/ready": { - "get": { - "description": "This endpoint returns a 200 status code when the HTTP server is up running and the environment dependencies (e.g.\nthe database) are responsive as well.\n\nThis status does currently not include checks whether the database connection is working.\nThis endpoint does not require the `X-Forwarded-Proto` header when TLS termination is set.\n\nBe aware that if you are running multiple nodes of ORY Keto, the health status will never refer to the cluster state, only to a single instance.", - "tags": [ - "health" ], - "summary": "Check the Readiness Status", - "operationId": "isInstanceReady", "responses": { "200": { - "description": "healthStatus", + "description": "authorizationResult", "schema": { - "$ref": "#/definitions/healthStatus" + "$ref": "#/definitions/authorizationResult" } }, - "503": { - "description": "healthNotReadyStatus", - "schema": { - "$ref": "#/definitions/healthNotReadyStatus" - } + "500": { + "$ref": "#/responses/genericError" } } } }, - "/policies": { + "/engines/acp/ory/{flavor}/policies": { "get": { - "description": "List Access Control Policies", - "consumes": [ - "application/json" - ], + "description": "List ORY Access Control Policies", "produces": [ "application/json" ], @@ -84,17 +84,17 @@ "https" ], "tags": [ - "policy" + "engines" ], - "operationId": "listPolicies", + "operationId": "listOryAccessControlPolicies", "parameters": [ { - "type": "integer", - "format": "int64", - "x-go-name": "Offset", - "description": "The offset from where to start looking.", - "name": "offset", - "in": "query" + "type": "string", + "x-go-name": "Flavor", + "description": "The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\"", + "name": "flavor", + "in": "path", + "required": true }, { "type": "integer", @@ -103,25 +103,27 @@ "description": "The maximum amount of policies returned.", "name": "limit", "in": "query" + }, + { + "type": "integer", + "format": "int64", + "x-go-name": "Offset", + "description": "The offset from where to start looking.", + "name": "offset", + "in": "query" } ], "responses": { "200": { - "$ref": "#/responses/policyList" - }, - "401": { - "$ref": "#/responses/genericError" - }, - "403": { - "$ref": "#/responses/genericError" + "$ref": "#/responses/oryAccessControlPolicies" }, "500": { "$ref": "#/responses/genericError" } } }, - "post": { - "description": "Create an Access Control Policy", + "put": { + "description": "Upsert an ORY Access Control Policy", "consumes": [ "application/json" ], @@ -133,43 +135,42 @@ "https" ], "tags": [ - "policy" + "engines" ], - "operationId": "createPolicy", + "operationId": "upsertOryAccessControlPolicy", "parameters": [ + { + "type": "string", + "x-go-name": "Flavor", + "description": "The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\".", + "name": "flavor", + "in": "path", + "required": true + }, { "name": "Body", "in": "body", "schema": { - "$ref": "#/definitions/policy" + "$ref": "#/definitions/oryAccessControlPolicy" } } ], "responses": { - "201": { - "description": "policy", + "200": { + "description": "oryAccessControlPolicy", "schema": { - "$ref": "#/definitions/policy" + "$ref": "#/definitions/oryAccessControlPolicy" } }, - "401": { - "$ref": "#/responses/genericError" - }, - "403": { - "$ref": "#/responses/genericError" - }, "500": { "$ref": "#/responses/genericError" } } } }, - "/policies/{id}": { + "/engines/acp/ory/{flavor}/policies/{id}": { "get": { - "description": "Get an Access Control Policy", - "consumes": [ - "application/json" - ], + "description": "Get an ORY Access Control Policy", "produces": [ "application/json" ], @@ -178,81 +179,35 @@ "https" ], "tags": [ - "policy" + "engines" ], - "operationId": "getPolicy", + "operationId": "getOryAccessControlPolicy", "parameters": [ { "type": "string", - "x-go-name": "ID", - "description": "The id of the policy.", - "name": "id", + "x-go-name": "Flavor", + "description": "The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\".", + "name": "flavor", "in": "path", "required": true - } - ], - "responses": { - "200": { - "description": "policy", - "schema": { - "$ref": "#/definitions/policy" - } }, - "401": { - "$ref": "#/responses/genericError" - }, - "403": { - "$ref": "#/responses/genericError" - }, - "500": { - "$ref": "#/responses/genericError" - } - } - }, - "put": { - "description": "Update an Access Control Policy", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "schemes": [ - "http", - "https" - ], - "tags": [ - "policy" - ], - "operationId": "updatePolicy", - "parameters": [ { "type": "string", "x-go-name": "ID", - "description": "The id of the policy.", + "description": "The ID of the ORY Access Control Policy Role.", "name": "id", "in": "path", "required": true - }, - { - "name": "Body", - "in": "body", - "schema": { - "$ref": "#/definitions/policy" - } } ], "responses": { "200": { - "description": "policy", + "description": "oryAccessControlPolicy", "schema": { - "$ref": "#/definitions/policy" + "$ref": "#/definitions/oryAccessControlPolicy" } }, - "401": { - "$ref": "#/responses/genericError" - }, - "403": { + "404": { "$ref": "#/responses/genericError" }, "500": { @@ -261,10 +216,7 @@ } }, "delete": { - "description": "Delete an Access Control Policy", - "consumes": [ - "application/json" - ], + "description": "Delete an ORY Access Control Policy", "produces": [ "application/json" ], @@ -273,41 +225,40 @@ "https" ], "tags": [ - "policy" + "engines" ], - "operationId": "deletePolicy", + "operationId": "deleteOryAccessControlPolicy", "parameters": [ + { + "type": "string", + "x-go-name": "Flavor", + "description": "The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\".", + "name": "flavor", + "in": "path", + "required": true + }, { "type": "string", "x-go-name": "ID", - "description": "The id of the policy.", + "description": "The ID of the ORY Access Control Policy Role.", "name": "id", "in": "path", "required": true } ], "responses": { - "204": { + "201": { "$ref": "#/responses/emptyResponse" }, - "401": { - "$ref": "#/responses/genericError" - }, - "403": { - "$ref": "#/responses/genericError" - }, "500": { "$ref": "#/responses/genericError" } } } }, - "/roles": { + "/engines/acp/ory/{flavor}/roles": { "get": { - "description": "A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular\nuser or some other sort of role.\n\nThis endpoint allows you to retrieve all roles that are stored in the system.", - "consumes": [ - "application/json" - ], + "description": "Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID\nas subject in the OACP.", "produces": [ "application/json" ], @@ -316,17 +267,18 @@ "https" ], "tags": [ - "role" + "engines" ], - "summary": "List all roles", - "operationId": "listRoles", + "summary": "List ORY Access Control Policy Roles", + "operationId": "listOryAccessControlPolicyRoles", "parameters": [ { "type": "string", - "x-go-name": "Member", - "description": "The id of the member to look up.", - "name": "member", - "in": "query" + "x-go-name": "Flavor", + "description": "The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\"", + "name": "flavor", + "in": "path", + "required": true }, { "type": "integer", @@ -347,21 +299,15 @@ ], "responses": { "200": { - "$ref": "#/responses/listRolesResponse" - }, - "401": { - "$ref": "#/responses/genericError" - }, - "403": { - "$ref": "#/responses/genericError" + "$ref": "#/responses/oryAccessControlPolicyRoles" }, "500": { "$ref": "#/responses/genericError" } } }, - "post": { - "description": "A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular\nuser or some other sort of role.\n\nThis endpoint allows you to create a new role. You may define members as well but you don't have to.", + "put": { + "description": "Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID\nas subject in the OACP.", "consumes": [ "application/json" ], @@ -373,44 +319,43 @@ "https" ], "tags": [ - "role" + "engines" ], - "summary": "Create a role", - "operationId": "createRole", + "summary": "Upsert an ORY Access Control Policy Role", + "operationId": "upsertOryAccessControlPolicyRole", "parameters": [ + { + "type": "string", + "x-go-name": "Flavor", + "description": "The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\".", + "name": "flavor", + "in": "path", + "required": true + }, { "name": "Body", "in": "body", "schema": { - "$ref": "#/definitions/role" + "$ref": "#/definitions/oryAccessControlPolicyRole" } } ], "responses": { - "201": { - "description": "role", + "200": { + "description": "oryAccessControlPolicyRole", "schema": { - "$ref": "#/definitions/role" + "$ref": "#/definitions/oryAccessControlPolicyRole" } }, - "401": { - "$ref": "#/responses/genericError" - }, - "403": { - "$ref": "#/responses/genericError" - }, "500": { "$ref": "#/responses/genericError" } } } }, - "/roles/{id}": { + "/engines/acp/ory/{flavor}/roles/{id}": { "get": { - "description": "A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular\nuser or some other sort of role.\n\nThis endpoint allows you to retrieve an existing role. You have to know the role's ID.", - "consumes": [ - "application/json" - ], + "description": "Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID\nas subject in the OACP.", "produces": [ "application/json" ], @@ -419,63 +364,36 @@ "https" ], "tags": [ - "role" + "engines" ], - "summary": "Get a role by its ID", - "operationId": "getRole", + "summary": "Get an ORY Access Control Policy Role", + "operationId": "getOryAccessControlPolicyRole", "parameters": [ + { + "type": "string", + "x-go-name": "Flavor", + "description": "The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\".", + "name": "flavor", + "in": "path", + "required": true + }, { "type": "string", "x-go-name": "ID", - "description": "The id of the role to look up.", + "description": "The ID of the ORY Access Control Policy Role.", "name": "id", "in": "path", "required": true } ], "responses": { - "201": { - "description": "role", + "200": { + "description": "oryAccessControlPolicyRole", "schema": { - "$ref": "#/definitions/role" + "$ref": "#/definitions/oryAccessControlPolicyRole" } }, - "401": { - "$ref": "#/responses/genericError" - }, - "403": { - "$ref": "#/responses/genericError" - }, - "500": { - "$ref": "#/responses/genericError" - } - } - }, - "put": { - "description": "This endpoint allows you to overwrite a role. You have to know the role's ID.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "schemes": [ - "http", - "https" - ], - "tags": [ - "role" - ], - "summary": "A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular\nuser or some other sort of role.", - "operationId": "setRole", - "responses": { - "204": { - "$ref": "#/responses/emptyResponse" - }, - "401": { - "$ref": "#/responses/genericError" - }, - "403": { + "404": { "$ref": "#/responses/genericError" }, "500": { @@ -484,10 +402,7 @@ } }, "delete": { - "description": "A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular\nuser or some other sort of role.\n\nThis endpoint allows you to delete an existing role. You have to know the role's ID.", - "consumes": [ - "application/json" - ], + "description": "Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID\nas subject in the OACP.", "produces": [ "application/json" ], @@ -496,39 +411,41 @@ "https" ], "tags": [ - "role" + "engines" ], - "summary": "Get a role by its ID", - "operationId": "deleteRole", + "summary": "Delete an ORY Access Control Policy Role", + "operationId": "deleteOryAccessControlPolicyRole", "parameters": [ + { + "type": "string", + "x-go-name": "Flavor", + "description": "The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\".", + "name": "flavor", + "in": "path", + "required": true + }, { "type": "string", "x-go-name": "ID", - "description": "The id of the role to look up.", + "description": "The ID of the ORY Access Control Policy Role.", "name": "id", "in": "path", "required": true } ], "responses": { - "204": { + "201": { "$ref": "#/responses/emptyResponse" }, - "401": { - "$ref": "#/responses/genericError" - }, - "403": { - "$ref": "#/responses/genericError" - }, "500": { "$ref": "#/responses/genericError" } } } }, - "/roles/{id}/members": { - "post": { - "description": "A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular\nuser or some other sort of role.\n\nThis endpoint allows you to add members (users, applications, ...) to a specific role. You have to know the role's ID.", + "/engines/acp/ory/{flavor}/roles/{id}/members": { + "put": { + "description": "Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID\nas subject in the OACP.", "consumes": [ "application/json" ], @@ -540,15 +457,23 @@ "https" ], "tags": [ - "role" + "engines" ], - "summary": "Add members to a role", - "operationId": "addMembersToRole", + "summary": "Add a member to an ORY Access Control Policy Role", + "operationId": "addOryAccessControlPolicyRoleMembers", "parameters": [ + { + "type": "string", + "x-go-name": "Flavor", + "description": "The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\".", + "name": "flavor", + "in": "path", + "required": true + }, { "type": "string", "x-go-name": "ID", - "description": "The id of the role to modify.", + "description": "The ID of the ORY Access Control Policy Role.", "name": "id", "in": "path", "required": true @@ -557,19 +482,16 @@ "name": "Body", "in": "body", "schema": { - "$ref": "#/definitions/roleMembers" + "$ref": "#/definitions/addOryAccessControlPolicyRoleMembersBody" } } ], "responses": { - "204": { - "$ref": "#/responses/emptyResponse" - }, - "401": { - "$ref": "#/responses/genericError" - }, - "403": { - "$ref": "#/responses/genericError" + "200": { + "description": "oryAccessControlPolicyRole", + "schema": { + "$ref": "#/definitions/oryAccessControlPolicyRole" + } }, "500": { "$ref": "#/responses/genericError" @@ -577,7 +499,7 @@ } }, "delete": { - "description": "A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular\nuser or some other sort of role.\n\nThis endpoint allows you to remove members (users, applications, ...) from a specific role. You have to know the role's ID.", + "description": "Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID\nas subject in the OACP.", "consumes": [ "application/json" ], @@ -589,15 +511,23 @@ "https" ], "tags": [ - "role" + "engines" ], - "summary": "Remove members from a role", - "operationId": "removeMembersFromRole", + "summary": "Remove a member from an ORY Access Control Policy Role", + "operationId": "removeOryAccessControlPolicyRoleMembers", "parameters": [ + { + "type": "string", + "x-go-name": "Flavor", + "description": "The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\".", + "name": "flavor", + "in": "path", + "required": true + }, { "type": "string", "x-go-name": "ID", - "description": "The id of the role to modify.", + "description": "The ID of the ORY Access Control Policy Role.", "name": "id", "in": "path", "required": true @@ -606,470 +536,255 @@ "name": "Body", "in": "body", "schema": { - "$ref": "#/definitions/roleMembers" + "$ref": "#/definitions/removeOryAccessControlPolicyRoleMembersBody" } } ], "responses": { - "204": { + "201": { "$ref": "#/responses/emptyResponse" }, - "401": { - "$ref": "#/responses/genericError" - }, - "403": { - "$ref": "#/responses/genericError" - }, "500": { "$ref": "#/responses/genericError" } } } }, - "/version": { + "/health/alive": { "get": { - "description": "This endpoint returns the version as `{ \"version\": \"VERSION\" }`. The version is only correct with the prebuilt binary and not custom builds.", + "description": "This endpoint returns a 200 status code when the HTTP server is up running.\nThis status does currently not include checks whether the database connection is working.\n\nIf the service supports TLS Edge Termination, this endpoint does not require the\n`X-Forwarded-Proto` header to be set.\n\nBe aware that if you are running multiple nodes of this service, the health status will never\nrefer to the cluster state, only to a single instance.", + "produces": [ + "application/json" + ], "tags": [ - "version" + "health" ], - "summary": "Get the version of Keto", - "operationId": "getVersion", + "summary": "Check alive status", + "operationId": "isInstanceAlive", "responses": { "200": { - "description": "version", + "description": "healthStatus", "schema": { - "$ref": "#/definitions/version" + "$ref": "#/definitions/healthStatus" } + }, + "500": { + "$ref": "#/responses/genericError" } } } }, - "/warden/oauth2/access-tokens/authorize": { - "post": { - "description": "Checks if a token is valid and if the token subject is allowed to perform an action on a resource.\nThis endpoint requires a token, a scope, a resource name, an action name and a context.\n\n\nIf a token is expired/invalid, has not been granted the requested scope or the subject is not allowed to\nperform the action on the resource, this endpoint returns a 200 response with `{ \"allowed\": false }`.\n\n\nThis endpoint passes all data from the upstream OAuth 2.0 token introspection endpoint. If you use ORY Hydra as an\nupstream OAuth 2.0 provider, data set through the `accessTokenExtra` field in the consent flow will be included in this\nresponse as well.", - "consumes": [ - "application/json" - ], + "/health/ready": { + "get": { + "description": "This endpoint returns a 200 status code when the HTTP server is up running and the environment dependencies (e.g.\nthe database) are responsive as well.\n\nIf the service supports TLS Edge Termination, this endpoint does not require the\n`X-Forwarded-Proto` header to be set.\n\nBe aware that if you are running multiple nodes of this service, the health status will never\nrefer to the cluster state, only to a single instance.", "produces": [ "application/json" ], - "schemes": [ - "http", - "https" - ], "tags": [ - "warden" - ], - "summary": "Check if an OAuth 2.0 access token is authorized to access a resource", - "operationId": "isOAuth2AccessTokenAuthorized", - "parameters": [ - { - "name": "Body", - "in": "body", - "schema": { - "$ref": "#/definitions/wardenOAuth2AccessTokenAuthorizationRequest" - } - } + "health" ], + "summary": "Check readiness status", + "operationId": "isInstanceReady", "responses": { "200": { - "description": "wardenOAuth2AccessTokenAuthorizationResponse", + "description": "healthStatus", "schema": { - "$ref": "#/definitions/wardenOAuth2AccessTokenAuthorizationResponse" + "$ref": "#/definitions/healthStatus" } }, - "401": { - "$ref": "#/responses/genericError" - }, - "403": { - "$ref": "#/responses/genericError" - }, - "500": { - "$ref": "#/responses/genericError" - } - } - } - }, - "/warden/oauth2/clients/authorize": { - "post": { - "description": "Checks if an OAuth 2.0 Client provided the correct access credentials and and if the client is allowed to perform\nan action on a resource. This endpoint requires a client id, a client secret, a scope, a resource name, an action name and a context.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "schemes": [ - "http", - "https" - ], - "tags": [ - "warden" - ], - "summary": "Check if an OAuth 2.0 Client is authorized to access a resource", - "operationId": "isOAuth2ClientAuthorized", - "parameters": [ - { - "name": "Body", - "in": "body", + "503": { + "description": "healthNotReadyStatus", "schema": { - "$ref": "#/definitions/wardenOAuth2ClientAuthorizationRequest" + "$ref": "#/definitions/healthNotReadyStatus" } } - ], - "responses": { - "200": { - "description": "wardenOAuth2ClientAuthorizationResponse", - "schema": { - "$ref": "#/definitions/wardenOAuth2ClientAuthorizationResponse" - } - }, - "401": { - "$ref": "#/responses/genericError" - }, - "403": { - "$ref": "#/responses/genericError" - }, - "500": { - "$ref": "#/responses/genericError" - } } } }, - "/warden/subjects/authorize": { - "post": { - "description": "Checks if a subject (e.g. user ID, API key, ...) is allowed to perform a certain action on a resource.", - "consumes": [ - "application/json" - ], + "/version": { + "get": { + "description": "This endpoint returns the service version typically notated using semantic versioning.\n\nIf the service supports TLS Edge Termination, this endpoint does not require the\n`X-Forwarded-Proto` header to be set.\n\nBe aware that if you are running multiple nodes of this service, the health status will never\nrefer to the cluster state, only to a single instance.", "produces": [ "application/json" ], - "schemes": [ - "http", - "https" - ], "tags": [ - "warden" - ], - "summary": "Check if a subject is authorized to access a resource", - "operationId": "isSubjectAuthorized", - "parameters": [ - { - "name": "Body", - "in": "body", - "schema": { - "$ref": "#/definitions/WardenSubjectAuthorizationRequest" - } - } + "version" ], + "summary": "Get service version", + "operationId": "getVersion", "responses": { "200": { - "description": "wardenSubjectAuthorizationResponse", + "description": "version", "schema": { - "$ref": "#/definitions/wardenSubjectAuthorizationResponse" + "$ref": "#/definitions/version" } - }, - "401": { - "$ref": "#/responses/genericError" - }, - "403": { - "$ref": "#/responses/genericError" - }, - "500": { - "$ref": "#/responses/genericError" } } } } }, "definitions": { - "AuthenticationOAuth2ClientCredentialsRequest": { + "Context": { + "type": "object", + "additionalProperties": { + "type": "object" + }, + "x-go-package": "github.com/ory/keto/engine/ladon" + }, + "Policies": { + "type": "array", + "title": "Policies is an array of policies.", + "items": { + "$ref": "#/definitions/oryAccessControlPolicy" + }, + "x-go-package": "github.com/ory/keto/engine/ladon" + }, + "addOryAccessControlPolicyRoleMembers": { "type": "object", + "required": [ + "flavor", + "id" + ], "properties": { - "client_id": { - "description": "Token is the token to introspect.", - "type": "string", - "x-go-name": "ClientID" + "Body": { + "$ref": "#/definitions/addOryAccessControlPolicyRoleMembersBody" }, - "client_secret": { + "flavor": { + "description": "The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\".\n\nin: path", "type": "string", - "x-go-name": "ClientSecret" + "x-go-name": "Flavor" }, - "scope": { - "description": "Scope is an array of scopes that are required.", - "type": "array", - "items": { - "type": "string" - }, - "x-go-name": "Scopes" + "id": { + "description": "The ID of the ORY Access Control Policy Role.\n\nin: path", + "type": "string", + "x-go-name": "ID" } }, - "x-go-package": "github.com/ory/keto/authentication" + "x-go-package": "github.com/ory/keto/engine/ladon" }, - "AuthenticationOAuth2IntrospectionRequest": { + "addOryAccessControlPolicyRoleMembersBody": { "type": "object", "properties": { - "scope": { - "description": "Scope is an array of scopes that are required.", + "members": { + "description": "The members to be added.", "type": "array", "items": { "type": "string" }, - "x-go-name": "Scope" - }, - "token": { - "description": "Token is the token to introspect.", - "type": "string", - "x-go-name": "Token" + "x-go-name": "Members" } }, - "x-go-package": "github.com/ory/keto/authentication" - }, - "Authenticator": { - "type": "object", - "x-go-package": "github.com/ory/keto/authentication" - }, - "Firewall": { - "type": "object", - "title": "Firewall offers various validation strategies for access tokens.", - "x-go-package": "github.com/ory/keto/warden" + "x-go-package": "github.com/ory/keto/engine/ladon" }, - "Handler": { + "authorizationResult": { "type": "object", + "title": "AuthorizationResult is the result of an access control decision. It contains the decision outcome.", "properties": { - "H": { - "$ref": "#/definitions/Writer" - }, - "Manager": { - "$ref": "#/definitions/Manager" + "allowed": { + "description": "Allowed is true if the request should be allowed and false otherwise.", + "type": "boolean", + "x-go-name": "Allowed" } }, - "x-go-package": "github.com/ory/keto/role" + "x-go-name": "AuthorizationResult", + "x-go-package": "github.com/ory/keto/engine" }, - "IntrospectionResponse": { + "deleteOryAccessControlPolicy": { "type": "object", + "required": [ + "flavor", + "id" + ], "properties": { - "active": { - "type": "boolean", - "x-go-name": "Active" - }, - "aud": { - "type": "array", - "items": { - "type": "string" - }, - "x-go-name": "Audience" - }, - "client_id": { + "flavor": { + "description": "The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\".\n\nin: path", "type": "string", - "x-go-name": "ClientID" - }, - "exp": { - "type": "integer", - "format": "int64", - "x-go-name": "ExpiresAt" - }, - "ext": { - "description": "Session represents arbitrary session data.", - "type": "object", - "additionalProperties": { - "type": "object" - }, - "x-go-name": "Extra" + "x-go-name": "Flavor" }, - "iat": { - "type": "integer", - "format": "int64", - "x-go-name": "IssuedAt" - }, - "iss": { - "type": "string", - "x-go-name": "Issuer" - }, - "nbf": { - "type": "integer", - "format": "int64", - "x-go-name": "NotBefore" - }, - "scope": { - "type": "string", - "x-go-name": "Scope" - }, - "sub": { - "description": "Here, it's sub", - "type": "string", - "x-go-name": "Subject" - }, - "token_type": { - "type": "string", - "x-go-name": "TokenType" - }, - "username": { + "id": { + "description": "The ID of the ORY Access Control Policy Role.\n\nin: path", "type": "string", - "x-go-name": "Username" - } - }, - "x-go-package": "github.com/ory/keto/authentication" - }, - "Manager": { - "type": "object", - "x-go-package": "github.com/ory/keto/role" - }, - "OAuth2ClientCredentialsAuthentication": { - "type": "object", - "x-go-package": "github.com/ory/keto/authentication" - }, - "OAuth2IntrospectionAuthentication": { - "type": "object", - "x-go-package": "github.com/ory/keto/authentication" - }, - "Session": { - "type": "object", - "properties": { - "GetSubject": { - "type": "string" + "x-go-name": "ID" } }, - "x-go-package": "github.com/ory/keto/authentication" + "x-go-package": "github.com/ory/keto/engine/ladon" }, - "WardenSubjectAuthorizationRequest": { + "deleteOryAccessControlPolicyRole": { "type": "object", - "title": "AccessRequest is the warden's request object.", + "required": [ + "flavor", + "id" + ], "properties": { - "action": { - "description": "Action is the action that is requested on the resource.", - "type": "string", - "x-go-name": "Action" - }, - "context": { - "description": "Context is the request's environmental context.", - "type": "object", - "additionalProperties": { - "type": "object" - }, - "x-go-name": "Context" - }, - "resource": { - "description": "Resource is the resource that access is requested to.", + "flavor": { + "description": "The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\".\n\nin: path", "type": "string", - "x-go-name": "Resource" + "x-go-name": "Flavor" }, - "subject": { - "description": "Subejct is the subject that is requesting access.", + "id": { + "description": "The ID of the ORY Access Control Policy Role.\nin: path", "type": "string", - "x-go-name": "Subject" + "x-go-name": "ID" } }, - "x-go-name": "AccessRequest", - "x-go-package": "github.com/ory/keto/warden" + "x-go-package": "github.com/ory/keto/engine/ladon" }, - "Writer": { - "description": "Writer is a helper to write arbitrary data to a ResponseWriter", - "type": "object", - "x-go-package": "github.com/ory/keto/vendor/github.com/ory/herodot" - }, - "authenticationDefaultSession": { + "doOryAccessControlPoliciesAllow": { "type": "object", + "required": [ + "flavor" + ], "properties": { - "allowed": { - "description": "Allowed is true if the request is allowed and false otherwise.", - "type": "boolean", - "x-go-name": "Allowed" + "Body": { + "$ref": "#/definitions/oryAccessControlPolicyAllowedInput" }, - "sub": { - "description": "Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app.\nThis is usually a uuid but you can choose a urn or some other id too.", + "flavor": { + "description": "The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\".\n\nin: path", "type": "string", - "x-go-name": "Subject" + "x-go-name": "Flavor" } }, - "x-go-name": "DefaultSession", - "x-go-package": "github.com/ory/keto/authentication" + "x-go-package": "github.com/ory/keto/engine/ladon" }, - "authenticationOAuth2ClientCredentialsSession": { + "getOryAccessControlPolicy": { "type": "object", + "required": [ + "flavor", + "id" + ], "properties": { - "allowed": { - "description": "Allowed is true if the request is allowed and false otherwise.", - "type": "boolean", - "x-go-name": "Allowed" + "flavor": { + "description": "The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\".\n\nin: path", + "type": "string", + "x-go-name": "Flavor" }, - "sub": { - "description": "Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app.\nThis is usually a uuid but you can choose a urn or some other id too.", + "id": { + "description": "The ID of the ORY Access Control Policy Role.\n\nin: path", "type": "string", - "x-go-name": "Subject" + "x-go-name": "ID" } }, - "x-go-name": "OAuth2ClientCredentialsSession", - "x-go-package": "github.com/ory/keto/authentication" + "x-go-package": "github.com/ory/keto/engine/ladon" }, - "authenticationOAuth2Session": { + "getOryAccessControlPolicyRole": { "type": "object", + "required": [ + "flavor", + "id" + ], "properties": { - "allowed": { - "description": "Allowed is true if the request is allowed and false otherwise.", - "type": "boolean", - "x-go-name": "Allowed" - }, - "aud": { - "type": "array", - "items": { - "type": "string" - }, - "x-go-name": "Audience" - }, - "client_id": { - "description": "ClientID is the id of the OAuth2 client that requested the token.", - "type": "string", - "x-go-name": "ClientID" - }, - "exp": { - "description": "ExpiresAt is the expiry timestamp.", - "type": "string", - "format": "date-time", - "x-go-name": "ExpiresAt" - }, - "iat": { - "description": "IssuedAt is the token creation time stamp.", - "type": "string", - "format": "date-time", - "x-go-name": "IssuedAt" - }, - "iss": { - "description": "Issuer is the id of the issuer, typically an hydra instance.", - "type": "string", - "x-go-name": "Issuer" - }, - "nbf": { + "flavor": { + "description": "The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\".\n\nin: path", "type": "string", - "format": "date-time", - "x-go-name": "NotBefore" + "x-go-name": "Flavor" }, - "scope": { - "description": "GrantedScopes is a list of scopes that the subject authorized when asked for consent.", - "type": "string", - "x-go-name": "GrantedScopes" - }, - "session": { - "description": "Session represents arbitrary session data.", - "type": "object", - "additionalProperties": { - "type": "object" - }, - "x-go-name": "Extra" - }, - "sub": { - "description": "Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app.\nThis is usually a uuid but you can choose a urn or some other id too.", - "type": "string", - "x-go-name": "Subject" - }, - "username": { + "id": { + "description": "The ID of the ORY Access Control Policy Role.\n\nin: path", "type": "string", - "x-go-name": "Username" + "x-go-name": "ID" } }, - "x-go-name": "OAuth2Session", - "x-go-package": "github.com/ory/keto/authentication" + "x-go-package": "github.com/ory/keto/engine/ladon" }, "healthNotReadyStatus": { "type": "object", @@ -1084,7 +799,7 @@ } }, "x-go-name": "swaggerNotReadyStatus", - "x-go-package": "github.com/ory/keto/health" + "x-go-package": "github.com/ory/x/healthx" }, "healthStatus": { "type": "object", @@ -1096,13 +811,80 @@ } }, "x-go-name": "swaggerHealthStatus", - "x-go-package": "github.com/ory/keto/health" + "x-go-package": "github.com/ory/x/healthx" + }, + "listOryAccessControlPolicies": { + "type": "object", + "required": [ + "flavor" + ], + "properties": { + "flavor": { + "description": "The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\"\n\nin: path", + "type": "string", + "x-go-name": "Flavor" + }, + "limit": { + "description": "The maximum amount of policies returned.\n\nin: query", + "type": "integer", + "format": "int64", + "x-go-name": "Limit" + }, + "offset": { + "description": "The offset from where to start looking.\n\nin: query", + "type": "integer", + "format": "int64", + "x-go-name": "Offset" + } + }, + "x-go-package": "github.com/ory/keto/engine/ladon" }, - "policy": { + "listOryAccessControlPolicyRoles": { "type": "object", + "required": [ + "flavor" + ], + "properties": { + "flavor": { + "description": "The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\"\n\nin: path", + "type": "string", + "x-go-name": "Flavor" + }, + "limit": { + "description": "The maximum amount of policies returned.\n\nin: query", + "type": "integer", + "format": "int64", + "x-go-name": "Limit" + }, + "offset": { + "description": "The offset from where to start looking.\n\nin: query", + "type": "integer", + "format": "int64", + "x-go-name": "Offset" + } + }, + "x-go-package": "github.com/ory/keto/engine/ladon" + }, + "oryAccessControlPolicies": { + "type": "object", + "title": "Policies is an array of policies.", + "properties": { + "Body": { + "description": "in: body", + "type": "array", + "items": { + "$ref": "#/definitions/oryAccessControlPolicy" + } + } + }, + "x-go-package": "github.com/ory/keto/engine/ladon" + }, + "oryAccessControlPolicy": { + "type": "object", + "title": "Policy specifies an ORY Access Policy document.", "properties": { "actions": { - "description": "Actions impacted by the policy.", + "description": "Actions is an array representing all the actions this ORY Access Policy applies to.", "type": "array", "items": { "type": "string" @@ -1110,43 +892,33 @@ "x-go-name": "Actions" }, "conditions": { - "description": "Conditions under which the policy is active.", - "type": "object", - "additionalProperties": { + "description": "Conditions represents an array of conditions under which this ORY Access Policy is active.", + "type": "array", + "items": { "type": "object", - "properties": { - "options": { - "type": "object", - "additionalProperties": { - "type": "object" - }, - "x-go-name": "Options" - }, - "type": { - "type": "string", - "x-go-name": "Type" - } + "additionalProperties": { + "type": "object" } }, "x-go-name": "Conditions" }, "description": { - "description": "Description of the policy.", + "description": "Description is an optional, human-readable description.", "type": "string", "x-go-name": "Description" }, "effect": { - "description": "Effect of the policy", + "description": "Effect is the effect of this ORY Access Policy. It can be \"allow\" or \"deny\".", "type": "string", "x-go-name": "Effect" }, "id": { - "description": "ID of the policy.", + "description": "ID is the unique identifier of the ORY Access Policy. It is used to query, update, and remove the ORY Access Policy.", "type": "string", "x-go-name": "ID" }, "resources": { - "description": "Resources impacted by the policy.", + "description": "Resources is an array representing all the resources this ORY Access Policy applies to.", "type": "array", "items": { "type": "string" @@ -1154,7 +926,7 @@ "x-go-name": "Resources" }, "subjects": { - "description": "Subjects impacted by the policy.", + "description": "Subjects is an array representing all the subjects this ORY Access Policy applies to.", "type": "array", "items": { "type": "string" @@ -1162,139 +934,10 @@ "x-go-name": "Subjects" } }, - "x-go-name": "swaggerPolicy", - "x-go-package": "github.com/ory/keto/policy" + "x-go-name": "Policy", + "x-go-package": "github.com/ory/keto/engine/ladon" }, - "role": { - "description": "Role represents a group of users that share the same role. A role could be an administrator, a moderator, a regular\nuser or some other sort of role.", - "type": "object", - "properties": { - "id": { - "description": "ID is the role's unique id.", - "type": "string", - "x-go-name": "ID" - }, - "members": { - "description": "Members is who belongs to the role.", - "type": "array", - "items": { - "type": "string" - }, - "x-go-name": "Members" - } - }, - "x-go-name": "Role", - "x-go-package": "github.com/ory/keto/role" - }, - "roleMembers": { - "type": "object", - "properties": { - "members": { - "type": "array", - "items": { - "type": "string" - }, - "x-go-name": "Members" - } - }, - "x-go-name": "membersRequest", - "x-go-package": "github.com/ory/keto/role" - }, - "swaggerCreatePolicyParameters": { - "type": "object", - "properties": { - "Body": { - "$ref": "#/definitions/policy" - } - }, - "x-go-package": "github.com/ory/keto/policy" - }, - "swaggerDoesWardenAllowAccessRequestParameters": { - "type": "object", - "properties": { - "Body": { - "$ref": "#/definitions/WardenSubjectAuthorizationRequest" - } - }, - "x-go-package": "github.com/ory/keto/warden" - }, - "swaggerDoesWardenAllowClientRequestParameters": { - "type": "object", - "properties": { - "Body": { - "$ref": "#/definitions/wardenOAuth2ClientAuthorizationRequest" - } - }, - "x-go-package": "github.com/ory/keto/warden" - }, - "swaggerDoesWardenAllowTokenAccessRequestParameters": { - "type": "object", - "properties": { - "Body": { - "$ref": "#/definitions/wardenOAuth2AccessTokenAuthorizationRequest" - } - }, - "x-go-package": "github.com/ory/keto/warden" - }, - "swaggerGetPolicyParameters": { - "type": "object", - "properties": { - "id": { - "description": "The id of the policy.\nin: path", - "type": "string", - "x-go-name": "ID" - } - }, - "x-go-package": "github.com/ory/keto/policy" - }, - "swaggerListPolicyParameters": { - "type": "object", - "properties": { - "limit": { - "description": "The maximum amount of policies returned.\nin: query", - "type": "integer", - "format": "int64", - "x-go-name": "Limit" - }, - "offset": { - "description": "The offset from where to start looking.\nin: query", - "type": "integer", - "format": "int64", - "x-go-name": "Offset" - } - }, - "x-go-package": "github.com/ory/keto/policy" - }, - "swaggerListPolicyResponse": { - "description": "A policy", - "type": "object", - "properties": { - "Body": { - "description": "in: body\ntype: array", - "type": "array", - "items": { - "$ref": "#/definitions/policy" - } - } - }, - "x-go-package": "github.com/ory/keto/policy" - }, - "swaggerUpdatePolicyParameters": { - "type": "object", - "properties": { - "Body": { - "$ref": "#/definitions/policy" - }, - "id": { - "description": "The id of the policy.\nin: path", - "type": "string", - "x-go-name": "ID" - } - }, - "x-go-package": "github.com/ory/keto/policy" - }, - "swaggerWardenBaseRequest": { - "description": "swager:model authorizedBaseRequest", + "oryAccessControlPolicyAllowedInput": { "type": "object", "properties": { "action": { @@ -1314,202 +957,137 @@ "description": "Resource is the resource that access is requested to.", "type": "string", "x-go-name": "Resource" - } - }, - "x-go-package": "github.com/ory/keto/warden" - }, - "version": { - "type": "object", - "properties": { - "version": { + }, + "subject": { + "description": "Subject is the subject that is requesting access.", "type": "string", - "x-go-name": "Version" + "x-go-name": "Subject" } }, - "x-go-name": "swaggerVersion", - "x-go-package": "github.com/ory/keto/health" + "x-go-name": "Input", + "x-go-package": "github.com/ory/keto/engine/ladon" }, - "wardenOAuth2AccessTokenAuthorizationRequest": { + "oryAccessControlPolicyRole": { + "description": "Role represents a group of users that share the same role. A role could be an administrator, a moderator, a regular\nuser or some other sort of role.", "type": "object", "properties": { - "action": { - "description": "Action is the action that is requested on the resource.", - "type": "string", - "x-go-name": "Action" - }, - "context": { - "description": "Context is the request's environmental context.", - "type": "object", - "additionalProperties": { - "type": "object" - }, - "x-go-name": "Context" - }, - "resource": { - "description": "Resource is the resource that access is requested to.", + "id": { + "description": "ID is the role's unique id.", "type": "string", - "x-go-name": "Resource" + "x-go-name": "ID" }, - "scope": { - "description": "Scope is an array of scopes that are required.", + "members": { + "description": "Members is who belongs to the role.", "type": "array", "items": { "type": "string" }, - "x-go-name": "Scope" - }, - "token": { - "description": "Token is the token to introspect.", - "type": "string", - "x-go-name": "Token" + "x-go-name": "Members" } }, - "x-go-name": "swaggerWardenTokenAccessRequest", - "x-go-package": "github.com/ory/keto/warden" + "x-go-name": "Role", + "x-go-package": "github.com/ory/keto/engine/ladon" }, - "wardenOAuth2AccessTokenAuthorizationResponse": { - "type": "object", + "oryAccessControlPolicyRoles": { + "type": "array", + "title": "A list of roles.", + "items": { + "$ref": "#/definitions/oryAccessControlPolicyRole" + }, "properties": { - "allowed": { - "description": "Allowed is true if the request is allowed and false otherwise.", - "type": "boolean", - "x-go-name": "Allowed" - }, - "aud": { + "Body": { + "description": "in: body", "type": "array", "items": { - "type": "string" - }, - "x-go-name": "Audience" - }, - "client_id": { - "description": "ClientID is the id of the OAuth2 client that requested the token.", - "type": "string", - "x-go-name": "ClientID" - }, - "exp": { - "description": "ExpiresAt is the expiry timestamp.", - "type": "string", - "format": "date-time", - "x-go-name": "ExpiresAt" - }, - "iat": { - "description": "IssuedAt is the token creation time stamp.", - "type": "string", - "format": "date-time", - "x-go-name": "IssuedAt" - }, - "iss": { - "description": "Issuer is the id of the issuer, typically an hydra instance.", - "type": "string", - "x-go-name": "Issuer" - }, - "nbf": { - "type": "string", - "format": "date-time", - "x-go-name": "NotBefore" - }, - "scope": { - "description": "GrantedScopes is a list of scopes that the subject authorized when asked for consent.", - "type": "string", - "x-go-name": "GrantedScopes" - }, - "session": { - "description": "Session represents arbitrary session data.", - "type": "object", - "additionalProperties": { - "type": "object" - }, - "x-go-name": "Extra" - }, - "sub": { - "description": "Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app.\nThis is usually a uuid but you can choose a urn or some other id too.", - "type": "string", - "x-go-name": "Subject" - }, - "username": { - "type": "string", - "x-go-name": "Username" + "$ref": "#/definitions/oryAccessControlPolicyRole" + } } }, - "x-go-name": "oauth2Authorization", - "x-go-package": "github.com/ory/keto/warden" + "x-go-name": "Roles", + "x-go-package": "github.com/ory/keto/engine/ladon" }, - "wardenOAuth2ClientAuthorizationRequest": { + "removeOryAccessControlPolicyRoleMembers": { "type": "object", + "required": [ + "flavor", + "id" + ], "properties": { - "action": { - "description": "Action is the action that is requested on the resource.", - "type": "string", - "x-go-name": "Action" - }, - "client_id": { - "description": "Token is the token to introspect.", - "type": "string", - "x-go-name": "ClientID" + "Body": { + "$ref": "#/definitions/removeOryAccessControlPolicyRoleMembersBody" }, - "client_secret": { + "flavor": { + "description": "The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\".\n\nin: path", "type": "string", - "x-go-name": "ClientSecret" + "x-go-name": "Flavor" }, - "context": { - "description": "Context is the request's environmental context.", - "type": "object", - "additionalProperties": { - "type": "object" - }, - "x-go-name": "Context" - }, - "resource": { - "description": "Resource is the resource that access is requested to.", + "id": { + "description": "The ID of the ORY Access Control Policy Role.\n\nin: path", "type": "string", - "x-go-name": "Resource" - }, - "scope": { - "description": "Scope is an array of scopes that are required.", + "x-go-name": "ID" + } + }, + "x-go-package": "github.com/ory/keto/engine/ladon" + }, + "removeOryAccessControlPolicyRoleMembersBody": { + "type": "object", + "properties": { + "members": { + "description": "The members to be removed.", "type": "array", "items": { "type": "string" }, - "x-go-name": "Scopes" + "x-go-name": "Members" } }, - "x-go-name": "swaggerWardenClientAccessRequest", - "x-go-package": "github.com/ory/keto/warden" + "x-go-package": "github.com/ory/keto/engine/ladon" }, - "wardenOAuth2ClientAuthorizationResponse": { + "upsertOryAccessControlPolicy": { "type": "object", + "required": [ + "flavor" + ], "properties": { - "allowed": { - "description": "Allowed is true if the request is allowed and false otherwise.", - "type": "boolean", - "x-go-name": "Allowed" + "Body": { + "$ref": "#/definitions/oryAccessControlPolicy" }, - "sub": { - "description": "Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app.\nThis is usually a uuid but you can choose a urn or some other id too.", + "flavor": { + "description": "The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\".\n\nin: path", "type": "string", - "x-go-name": "Subject" + "x-go-name": "Flavor" } }, - "x-go-name": "oauth2ClientAuthorization", - "x-go-package": "github.com/ory/keto/warden" + "x-go-package": "github.com/ory/keto/engine/ladon" }, - "wardenSubjectAuthorizationResponse": { + "upsertOryAccessControlPolicyRole": { "type": "object", + "required": [ + "flavor" + ], "properties": { - "allowed": { - "description": "Allowed is true if the request is allowed and false otherwise.", - "type": "boolean", - "x-go-name": "Allowed" + "Body": { + "$ref": "#/definitions/oryAccessControlPolicyRole" }, - "sub": { - "description": "Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app.\nThis is usually a uuid but you can choose a urn or some other id too.", + "flavor": { + "description": "The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\".\n\nin: path", "type": "string", - "x-go-name": "Subject" + "x-go-name": "Flavor" } }, - "x-go-name": "subjectAuthorization", - "x-go-package": "github.com/ory/keto/warden" + "x-go-package": "github.com/ory/keto/engine/ladon" + }, + "version": { + "type": "object", + "properties": { + "version": { + "description": "Version is the service's version.", + "type": "string", + "x-go-name": "Version" + } + }, + "x-go-name": "swaggerVersion", + "x-go-package": "github.com/ory/x/healthx" } }, "responses": { @@ -1555,21 +1133,21 @@ } } }, - "listRolesResponse": { - "description": "A list of roles the member is belonging to", + "oryAccessControlPolicies": { + "description": "Policies is an array of policies.", "schema": { "type": "array", "items": { - "$ref": "#/definitions/role" + "$ref": "#/definitions/oryAccessControlPolicy" } } }, - "policyList": { - "description": "A policy", + "oryAccessControlPolicyRoles": { + "description": "Roles is an array of roles.", "schema": { "type": "array", "items": { - "$ref": "#/definitions/policy" + "$ref": "#/definitions/oryAccessControlPolicyRole" } } } diff --git a/engine/compiler.go b/engine/compiler.go new file mode 100644 index 000000000..efb16e03b --- /dev/null +++ b/engine/compiler.go @@ -0,0 +1,58 @@ +package engine + +import ( + "path/filepath" + "strings" + + "github.com/gobuffalo/packr" + "github.com/open-policy-agent/opa/ast" + "github.com/pkg/errors" + "github.com/sirupsen/logrus" +) + +func walk(directory packr.Box, logger logrus.FieldLogger) (map[string]string, error) { + m := map[string]string{} + if err := directory.Walk(func(path string, file packr.File) error { + if filepath.Ext(path) != ".rego" { + return nil + } + + if strings.Contains(path, "_test.rego") { + return nil + } + + m[path] = directory.String(path) + logger.WithField("file", path).Debugf("Successfully loaded rego file") + + return nil + }); err != nil { + return nil, err + } + + return m, nil +} + +func NewCompiler(directory packr.Box, logger logrus.FieldLogger) (*ast.Compiler, error) { + files, err := walk(directory, logger) + if err != nil { + return nil, err + } + + modules := map[string]*ast.Module{} + for file, content := range files { + parsed, err := ast.ParseModule(file, content) + if err != nil { + return nil, errors.WithStack(err) + } + modules[file] = parsed + } + + compiler := ast.NewCompiler() + compiler.Compile(modules) + + if compiler.Failed() { + return nil, errors.Errorf("unable to compile module with payload: %s", compiler.Errors) + } + + return compiler, nil +} diff --git a/engine/doc.go b/engine/doc.go new file mode 100644 index 000000000..a720e4760 --- /dev/null +++ b/engine/doc.go @@ -0,0 +1,11 @@ +// Package engine +package engine + +// AuthorizationResult is the result of an access control decision. It contains the decision outcome. +// swagger:model authorizationResult +type AuthorizationResult struct { + // Allowed is true if the request should be allowed and false otherwise. + // + // required: true + Allowed bool `json:"allowed"` +} diff --git a/engine/engine.go b/engine/engine.go new file mode 100644 index 000000000..0ce071559 --- /dev/null +++ b/engine/engine.go @@ -0,0 +1,83 @@ +package engine + +import ( + "context" + "encoding/json" + "net/http" + + "github.com/julienschmidt/httprouter" + "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/rego" + "github.com/pkg/errors" + + "github.com/ory/herodot" +) + +// swagger:ignore +type Engine struct { + compiler *ast.Compiler + h herodot.Writer +} + +func NewEngine( + compiler *ast.Compiler, + h herodot.Writer, +) *Engine { + return &Engine{ + compiler: compiler, + h: h, + } +} + +// swagger:ignore +type evaluator func(ctx context.Context, r *http.Request, ps httprouter.Params) ([]func(*rego.Rego), error) + +func (h *Engine) Evaluate(e evaluator) httprouter.Handle { + return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { + ctx := r.Context() + + rs, err := e(ctx, r, ps) + if err != nil { + h.h.WriteError(w, r, err) + return + } + + allowed, err := h.eval(ctx, rs) + if err != nil { + h.h.WriteError(w, r, err) + return + } + + if err := json.NewEncoder(w).Encode(&AuthorizationResult{Allowed: allowed}); err != nil { + h.h.WriteError(w, r, errors.WithStack(err)) + return + } + } +} + +func (h *Engine) eval(ctx context.Context, options []func(*rego.Rego)) (bool, error) { + //tracer := topdown.NewBufferTracer() + r := rego.New( + append( + options, + rego.Compiler(h.compiler), + //rego.Tracer(tracer), + )..., + ) + + rs, err := r.Eval(ctx) + if err != nil { + return false, errors.WithStack(err) + } + + if len(rs) != 1 || len(rs[0].Expressions) != 1 { + return false, errors.Errorf("expected one evaluation result but got %d results instead", len(rs)) + } + + result, ok := rs[0].Expressions[0].Value.(bool) + if !ok { + return false, errors.Errorf("expected evaluation result to be of type bool but got %T instead", rs[0].Expressions[0].Value) + } + + return result, nil +} diff --git a/engine/ladon/doc.go b/engine/ladon/doc.go new file mode 100644 index 000000000..3d1a56024 --- /dev/null +++ b/engine/ladon/doc.go @@ -0,0 +1,199 @@ +// Package ladon +package ladon + +// swagger:parameters doOryAccessControlPoliciesAllow +type doOryAccessControlPoliciesAllow struct { + // The ORY Access Control Policy flavor. Can be "regex" and "exact". + // + // in: path + // required: true + Flavor string `json:"flavor"` + + // in: body + Body Input +} + +// swagger:parameters upsertOryAccessControlPolicy +type upsertOryAccessControlPolicy struct { + // The ORY Access Control Policy flavor. Can be "regex" and "exact". + // + // in: path + // required: true + Flavor string `json:"flavor"` + + // in: body + Body Policy +} + +// swagger:parameters listOryAccessControlPolicies +type listOryAccessControlPolicies struct { + // The ORY Access Control Policy flavor. Can be "regex" and "exact" + // + // in: path + // required: true + Flavor string `json:"flavor"` + + // The maximum amount of policies returned. + // + // in: query + Limit int `json:"limit"` + + // The offset from where to start looking. + // + // in: query + Offset int `json:"offset"` +} + +// swagger:parameters getOryAccessControlPolicy +type getOryAccessControlPolicy struct { + // The ORY Access Control Policy flavor. Can be "regex" and "exact". + // + // in: path + // required: true + Flavor string `json:"flavor"` + + // The ID of the ORY Access Control Policy Role. + // + // in: path + // required: true + ID string `json:"id"` +} + +// swagger:parameters deleteOryAccessControlPolicy +type deleteOryAccessControlPolicy struct { + // The ORY Access Control Policy flavor. Can be "regex" and "exact". + // + // in: path + // required: true + Flavor string `json:"flavor"` + + // The ID of the ORY Access Control Policy Role. + // + // in: path + // required: true + ID string `json:"id"` +} + +// swagger:parameters getOryAccessControlPolicyRole +type getOryAccessControlPolicyRole struct { + // The ORY Access Control Policy flavor. Can be "regex" and "exact". + // + // in: path + // required: true + Flavor string `json:"flavor"` + + // The ID of the ORY Access Control Policy Role. + // + // in: path + // required: true + ID string `json:"id"` +} + +// swagger:parameters deleteOryAccessControlPolicyRole +type deleteOryAccessControlPolicyRole struct { + // The ORY Access Control Policy flavor. Can be "regex" and "exact". + // + // in: path + // required: true + Flavor string `json:"flavor"` + + // The ID of the ORY Access Control Policy Role. + // in: path + // required: true + ID string `json:"id"` +} + +// swagger:parameters upsertOryAccessControlPolicyRole +type upsertOryAccessControlPolicyRole struct { + // The ORY Access Control Policy flavor. Can be "regex" and "exact". + // + // in: path + // required: true + Flavor string `json:"flavor"` + + // in: body + Body Role +} + +// swagger:model addOryAccessControlPolicyRoleMembersBody +type addOryAccessControlPolicyRoleMembersBody struct { + // The members to be added. + Members []string `json:"members"` +} + +// swagger:parameters addOryAccessControlPolicyRoleMembers +type addOryAccessControlPolicyRoleMembers struct { + // The ORY Access Control Policy flavor. Can be "regex" and "exact". + // + // in: path + // required: true + Flavor string `json:"flavor"` + + // The ID of the ORY Access Control Policy Role. + // + // in: path + // required: true + ID string `json:"id"` + + // in: body + Body addOryAccessControlPolicyRoleMembersBody +} + +// swagger:model removeOryAccessControlPolicyRoleMembersBody +type removeOryAccessControlPolicyRoleMembersBody struct { + // The members to be removed. + Members []string `json:"members"` +} + +// swagger:parameters removeOryAccessControlPolicyRoleMembers +type removeOryAccessControlPolicyRoleMembers struct { + // The ORY Access Control Policy flavor. Can be "regex" and "exact". + // + // in: path + // required: true + Flavor string `json:"flavor"` + + // The ID of the ORY Access Control Policy Role. + // + // in: path + // required: true + ID string `json:"id"` + + // in: body + Body removeOryAccessControlPolicyRoleMembersBody +} + +// Policies is an array of policies. +// +// swagger:response oryAccessControlPolicies +type oryAccessControlPolicies struct { + // in: body + Body []Policy +} + +// Roles is an array of roles. +// +// swagger:response oryAccessControlPolicyRoles +type oryAccessControlPolicyRoles struct { + // in: body + Body []Role +} + +// swagger:parameters listOryAccessControlPolicyRoles +type listOryAccessControlPolicyRoles struct { + // The ORY Access Control Policy flavor. Can be "regex" and "exact" + // + // in: path + // required: true + Flavor string `json:"flavor"` + + // The maximum amount of policies returned. + // + // in: query + Limit int `json:"limit"` + + // The offset from where to start looking. + // + // in: query + Offset int `json:"offset"` +} diff --git a/engine/ladon/handler.go b/engine/ladon/handler.go new file mode 100644 index 000000000..b3afab574 --- /dev/null +++ b/engine/ladon/handler.go @@ -0,0 +1,495 @@ +package ladon + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + "strings" + + "github.com/julienschmidt/httprouter" + "github.com/open-policy-agent/opa/rego" + "github.com/pborman/uuid" + "github.com/pkg/errors" + + "github.com/ory/go-convenience/stringslice" + "github.com/ory/herodot" + "github.com/ory/keto/engine" + kstorage "github.com/ory/keto/storage" +) + +// swagger:ignore +type Engine struct { + sh *kstorage.Handler + engine *engine.Engine + s kstorage.Manager + h herodot.Writer +} + +var EnabledFlavors = []string{"exact", "regex"} + +const ( + BasePath = "/engines/acp/ory/:flavor" + schema = `{ + "store": { + "ory": { + "regex": { + "policies": [], + "roles": [] + }, + "exact": { + "policies": [], + "roles": [] + } + } + } +}` +) + +func RoutesToObserve() []string { + var r []string + + for _, f := range []string{"exact", "regex"} { + for _, p := range []string{"policies", "roles", "allowed"} { + r = append(r, + fmt.Sprintf(strings.Replace(BasePath, ":flavor", "%s", 1)+"/%s", f, p), + ) + } + } + + return r +} + +func policyCollection(f string) string { + return fmt.Sprintf("/store/ory/%s/policies", f) +} + +func roleCollection(f string) string { + return fmt.Sprintf("/store/ory/%s/roles", f) +} + +func NewEngine(store kstorage.Manager, sh *kstorage.Handler, e *engine.Engine, h herodot.Writer) *Engine { + return &Engine{ + s: store, + h: h, + sh: sh, + engine: e, + } +} + +func (e *Engine) Register(r *httprouter.Router) { + // swagger:route POST /engines/acp/ory/{flavor}/allowed engines doOryAccessControlPoliciesAllow + // + // Check if a request is allowed + // + // Use this endpoint to check if a request is allowed or not. + // + // + // Consumes: + // - application/json + // + // Produces: + // - application/json + // + // Schemes: http, https + // + // Responses: + // 200: authorizationResult + // 500: genericError + r.POST(BasePath+"/allowed", e.engine.Evaluate(e.eval)) + + // swagger:route PUT /engines/acp/ory/{flavor}/policies engines upsertOryAccessControlPolicy + // + // Upsert an ORY Access Control Policy + // + // + // Consumes: + // - application/json + // + // Produces: + // - application/json + // + // Schemes: http, https + // + // Responses: + // 200: oryAccessControlPolicy + // 500: genericError + r.PUT(BasePath+"/policies", e.sh.Upsert(e.policiesCreate)) + + // swagger:route GET /engines/acp/ory/{flavor}/policies engines listOryAccessControlPolicies + // + // List ORY Access Control Policies + // + // + // Produces: + // - application/json + // + // Schemes: http, https + // + // Responses: + // 200: oryAccessControlPolicies + // 500: genericError + r.GET(BasePath+"/policies", e.sh.List(e.policiesList)) + + // swagger:route GET /engines/acp/ory/{flavor}/policies/{id} engines getOryAccessControlPolicy + // + // Get an ORY Access Control Policy + // + // + // Produces: + // - application/json + // + // Schemes: http, https + // + // Responses: + // 200: oryAccessControlPolicy + // 404: genericError + // 500: genericError + r.GET(BasePath+"/policies/:id", e.sh.Get(e.policiesGet)) + + // swagger:route DELETE /engines/acp/ory/{flavor}/policies/{id} engines deleteOryAccessControlPolicy + // + // Delete an ORY Access Control Policy + // + // + // Produces: + // - application/json + // + // Schemes: http, https + // + // Responses: + // 201: emptyResponse + // 500: genericError + r.DELETE(BasePath+"/policies/:id", e.sh.Delete(e.policiesDelete)) + + // swagger:route GET /engines/acp/ory/{flavor}/roles engines listOryAccessControlPolicyRoles + // + // List ORY Access Control Policy Roles + // + // Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID + // as subject in the OACP. + // + // + // Produces: + // - application/json + // + // Schemes: http, https + // + // Responses: + // 200: oryAccessControlPolicyRoles + // 500: genericError + r.GET(BasePath+"/roles", e.sh.List(e.rolesList)) + + // swagger:route GET /engines/acp/ory/{flavor}/roles/{id} engines getOryAccessControlPolicyRole + // + // Get an ORY Access Control Policy Role + // + // Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID + // as subject in the OACP. + // + // + // Produces: + // - application/json + // + // Schemes: http, https + // + // Responses: + // 200: oryAccessControlPolicyRole + // 404: genericError + // 500: genericError + r.GET(BasePath+"/roles/:id", e.sh.Get(e.rolesGet)) + + // swagger:route PUT /engines/acp/ory/{flavor}/roles engines upsertOryAccessControlPolicyRole + // + // Upsert an ORY Access Control Policy Role + // + // Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID + // as subject in the OACP. + // + // + // Consumes: + // - application/json + // + // Produces: + // - application/json + // + // Schemes: http, https + // + // Responses: + // 200: oryAccessControlPolicyRole + // 500: genericError + r.PUT(BasePath+"/roles", e.sh.Upsert(e.rolesUpsert)) + + // swagger:route DELETE /engines/acp/ory/{flavor}/roles/{id} engines deleteOryAccessControlPolicyRole + // + // Delete an ORY Access Control Policy Role + // + // Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID + // as subject in the OACP. + // + // + // Produces: + // - application/json + // + // Schemes: http, https + // + // Responses: + // 201: emptyResponse + // 500: genericError + r.DELETE(BasePath+"/roles/:id", e.sh.Delete(e.rolesDelete)) + + // swagger:route PUT /engines/acp/ory/{flavor}/roles/{id}/members engines addOryAccessControlPolicyRoleMembers + // + // Add a member to an ORY Access Control Policy Role + // + // Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID + // as subject in the OACP. + // + // + // Consumes: + // - application/json + // + // Produces: + // - application/json + // + // Schemes: http, https + // + // Responses: + // 200: oryAccessControlPolicyRole + // 500: genericError + r.PUT(BasePath+"/roles/:id/members", e.sh.Upsert(e.rolesMembersAdd)) + + // swagger:route DELETE /engines/acp/ory/{flavor}/roles/{id}/members engines removeOryAccessControlPolicyRoleMembers + // + // Remove a member from an ORY Access Control Policy Role + // + // Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID + // as subject in the OACP. + // + // + // Consumes: + // - application/json + // + // Produces: + // - application/json + // + // Schemes: http, https + // + // Responses: + // 201: emptyResponse + // 500: genericError + r.DELETE(BasePath+"/roles/:id/members/:member", e.sh.Upsert(e.rolesMembersRemove)) +} + +func (e *Engine) rolesList(ctx context.Context, r *http.Request, ps httprouter.Params) (*kstorage.ListRequest, error) { + var p Roles + + f, err := flavor(ps) + if err != nil { + return nil, err + } + + return &kstorage.ListRequest{ + Collection: roleCollection(f), + Value: &p, + }, nil +} + +func (e *Engine) rolesGet(ctx context.Context, r *http.Request, ps httprouter.Params) (*kstorage.GetRequest, error) { + var p Role + + f, err := flavor(ps) + if err != nil { + return nil, err + } + + return &kstorage.GetRequest{ + Collection: roleCollection(f), + Key: ps.ByName("id"), + Value: &p, + }, nil +} + +func (e *Engine) rolesUpsert(ctx context.Context, r *http.Request, ps httprouter.Params) (*kstorage.UpsertRequest, error) { + var p Role + if err := json.NewDecoder(r.Body).Decode(&p); err != nil { + return nil, errors.WithStack(err) + } + + if p.ID == "" { + p.ID = uuid.New() + } + + f, err := flavor(ps) + if err != nil { + return nil, err + } + + return &kstorage.UpsertRequest{ + Collection: roleCollection(f), + Key: p.ID, + Value: &p, + }, nil +} + +func (e *Engine) rolesDelete(ctx context.Context, r *http.Request, ps httprouter.Params) (*kstorage.DeleteRequest, error) { + f, err := flavor(ps) + if err != nil { + return nil, err + } + + return &kstorage.DeleteRequest{ + Collection: roleCollection(f), + Key: ps.ByName("id"), + }, nil +} + +func (e *Engine) rolesMembersAdd(ctx context.Context, r *http.Request, ps httprouter.Params) (*kstorage.UpsertRequest, error) { + f, err := flavor(ps) + if err != nil { + return nil, err + } + + var i Role + if err := json.NewDecoder(r.Body).Decode(&i); err != nil { + return nil, errors.WithStack(err) + } + + var ro Role + if err := e.s.Get(ctx, roleCollection(f), ps.ByName("id"), &ro); errors.Cause(err) == &herodot.ErrNotFound { + i.ID = ps.ByName("id") + ro = i + } else if err != nil { + return nil, err + } else { + ro.Members = stringslice.Unique(append(ro.Members, i.Members...)) + } + + return &kstorage.UpsertRequest{ + Collection: roleCollection(f), + Key: ro.ID, + Value: &ro, + }, nil + +} + +func (e *Engine) rolesMembersRemove(ctx context.Context, r *http.Request, ps httprouter.Params) (*kstorage.UpsertRequest, error) { + f, err := flavor(ps) + if err != nil { + return nil, err + } + + var ro Role + if err := e.s.Get(ctx, roleCollection(f), ps.ByName("id"), &ro); err != nil { + return nil, err + } + + ro.Members = stringslice.Filter(ro.Members, func(s string) bool { + return s == ps.ByName("member") + }) + + return &kstorage.UpsertRequest{ + Collection: roleCollection(f), + Key: ro.ID, + Value: &ro, + }, nil +} + +func (e *Engine) policiesCreate(ctx context.Context, r *http.Request, ps httprouter.Params) (*kstorage.UpsertRequest, error) { + var p Policy + if err := json.NewDecoder(r.Body).Decode(&p); err != nil { + return nil, errors.WithStack(err) + } + + p, err := validatePolicy(p) + if err != nil { + return nil, err + } + + f, err := flavor(ps) + if err != nil { + return nil, err + } + + return &kstorage.UpsertRequest{ + Collection: policyCollection(f), + Key: p.ID, + Value: &p, + }, nil +} + +func (e *Engine) policiesList(ctx context.Context, r *http.Request, ps httprouter.Params) (*kstorage.ListRequest, error) { + var p Policies + + f, err := flavor(ps) + if err != nil { + return nil, err + } + + return &kstorage.ListRequest{ + Collection: policyCollection(f), + Value: &p, + }, nil +} + +func (e *Engine) policiesDelete(ctx context.Context, r *http.Request, ps httprouter.Params) (*kstorage.DeleteRequest, error) { + f, err := flavor(ps) + if err != nil { + return nil, err + } + + return &kstorage.DeleteRequest{ + Collection: policyCollection(f), + Key: ps.ByName("id"), + }, nil +} + +func (e *Engine) policiesGet(ctx context.Context, r *http.Request, ps httprouter.Params) (*kstorage.GetRequest, error) { + var p Policy + + f, err := flavor(ps) + if err != nil { + return nil, err + } + + return &kstorage.GetRequest{ + Collection: policyCollection(f), + Key: ps.ByName("id"), + Value: &p, + }, nil +} + +func flavor(ps httprouter.Params) (string, error) { + t := ps.ByName("flavor") + if !stringslice.Has(EnabledFlavors, t) { + return "", errors.WithStack(&herodot.ErrNotFound) + } + + return t, nil +} + +func (e *Engine) eval(ctx context.Context, r *http.Request, ps httprouter.Params) ([]func(*rego.Rego), error) { + f, err := flavor(ps) + if err != nil { + return nil, err + } + + query := fmt.Sprintf("data.ory.%s.allow", f) + store, err := e.s.Storage(ctx, schema, []string{policyCollection(f), roleCollection(f)}) + if err != nil { + return nil, err + } + + var i Input + dec := json.NewDecoder(r.Body) + dec.DisallowUnknownFields() + if err := dec.Decode(&i); err != nil { + return nil, errors.WithStack(err) + } + + return []func(*rego.Rego){ + rego.Query(query), + rego.Store(store), + rego.Input(&i), + }, nil +} diff --git a/engine/ladon/handler_helper.go b/engine/ladon/handler_helper.go new file mode 100644 index 000000000..bfe7a48fa --- /dev/null +++ b/engine/ladon/handler_helper.go @@ -0,0 +1,18 @@ +package ladon + +import ( + "github.com/go-errors/errors" + "github.com/pborman/uuid" +) + +func validatePolicy(p Policy) (Policy, error) { + if len(p.ID) == 0 { + p.ID = uuid.New() + } + + if p.Effect != "allow" && p.Effect != "deny" { + return Policy{}, errors.Errorf("invalid policy effect %s, only allow and deny are supported", p.Effect) + } + + return p, nil +} diff --git a/engine/ladon/handler_helper_test.go b/engine/ladon/handler_helper_test.go new file mode 100644 index 000000000..1587b59f2 --- /dev/null +++ b/engine/ladon/handler_helper_test.go @@ -0,0 +1,189 @@ +package ladon + +import "github.com/ory/keto/sdk/go/keto/swagger" + +var ( + roles = map[string]Roles{ + "regex": {{ + ID: "group1", + Members: []string{"ken"}, + }, { + ID: "group2", + Members: []string{"ken"}, + }, { + ID: "group3", + Members: []string{"ken"}, + }}, + "exact": {{ + ID: "group1", + Members: []string{"ken"}, + }, { + ID: "group2", + Members: []string{"ken"}, + }, { + ID: "group3", + Members: []string{"ken"}, + }}, + } + requests = map[string][]struct { + req swagger.OryAccessControlPolicyAllowedInput + allowed bool + }{ + "regex": { + { + req: swagger.OryAccessControlPolicyAllowedInput{ + Subject: "alice", + Resource: "other-thing", + Action: "create", + Context: map[string]interface{}{}, + }, + allowed: false, + }, + { + req: swagger.OryAccessControlPolicyAllowedInput{ + Subject: "alice", + Resource: "matrix", + Action: "delete", + Context: map[string]interface{}{}, + }, + allowed: false, + }, + { + req: swagger.OryAccessControlPolicyAllowedInput{ + Subject: "alice", + Resource: "matrix", + Action: "create", + Context: map[string]interface{}{}, + }, + allowed: true, + }, + { + req: swagger.OryAccessControlPolicyAllowedInput{ + Subject: "ken", + Resource: "forbidden_matrix", + Action: "create", + Context: map[string]interface{}{}, + }, + allowed: false, + }, + { + req: swagger.OryAccessControlPolicyAllowedInput{ + Subject: "ken", + Resource: "allowed_matrix", + Action: "create", + Context: map[string]interface{}{}, + }, + allowed: true, + }, + }, + "exact": { + { + req: swagger.OryAccessControlPolicyAllowedInput{ + Subject: "alice", + Resource: "other-thing", + Action: "create", + Context: map[string]interface{}{}, + }, + allowed: false, + }, + { + req: swagger.OryAccessControlPolicyAllowedInput{ + Subject: "alice", + Resource: "matrix", + Action: "delete", + Context: map[string]interface{}{}, + }, + allowed: false, + }, + { + req: swagger.OryAccessControlPolicyAllowedInput{ + Subject: "alice", + Resource: "matrix", + Action: "create", + Context: map[string]interface{}{}, + }, + allowed: true, + }, + { + req: swagger.OryAccessControlPolicyAllowedInput{ + Subject: "ken", + Resource: "forbidden_matrix", + Action: "create", + Context: map[string]interface{}{}, + }, + allowed: false, + }, + { + req: swagger.OryAccessControlPolicyAllowedInput{ + Subject: "ken", + Resource: "allowed_matrix", + Action: "create", + Context: map[string]interface{}{}, + }, + allowed: true, + }, + }, + } + policies = map[string]Policies{ + "regex": { + Policy{ + ID: "1", + Subjects: []string{"alice", "group1", "client"}, + Resources: []string{"matrix", "forbidden_matrix", "rn:hydra:token<.*>"}, + Actions: []string{"create", "decide"}, + Effect: Allow, + }, + Policy{ + ID: "2", + Subjects: []string{"siri"}, + Resources: []string{"<.*>"}, + Actions: []string{"decide"}, + Effect: Allow, + }, + Policy{ + ID: "3", + Subjects: []string{"group1"}, + Resources: []string{"forbidden_matrix", "rn:hydra:token<.*>"}, + Actions: []string{"create", "decide"}, + Effect: Deny, + }, + Policy{ + ID: "4", + Subjects: []string{"group1"}, + Resources: []string{"allowed_matrix", "rn:hydra:token<.*>"}, + Actions: []string{"create", "decide"}, + Effect: Allow, + }, + }, + "exact": { + Policy{ + ID: "1", + Subjects: []string{"alice", "group1", "client"}, + Resources: []string{"matrix", "forbidden_matrix", "rn:hydra:token"}, + Actions: []string{"create", "decide"}, + Effect: Allow, + }, + Policy{ + ID: "2", + Subjects: []string{"siri"}, + Resources: []string{""}, + Actions: []string{"decide"}, + Effect: Allow, + }, + Policy{ + ID: "3", + Subjects: []string{"group1"}, + Resources: []string{"forbidden_matrix", "rn:hydra:token"}, + Actions: []string{"create", "decide"}, + Effect: Deny, + }, + Policy{ + ID: "4", + Subjects: []string{"group1"}, + Resources: []string{"allowed_matrix", "rn:hydra:token"}, + Actions: []string{"create", "decide"}, + Effect: Allow, + }, + }, + } +) diff --git a/engine/ladon/handler_test.go b/engine/ladon/handler_test.go new file mode 100644 index 000000000..56a14d1ea --- /dev/null +++ b/engine/ladon/handler_test.go @@ -0,0 +1,212 @@ +package ladon + +import ( + "fmt" + "net/http" + "net/http/httptest" + "testing" + + "github.com/ory/keto/sdk/go/keto/swagger" + "github.com/ory/keto/x" + + "github.com/gobuffalo/packr" + "github.com/julienschmidt/httprouter" + "github.com/sirupsen/logrus" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/urfave/negroni" + + "github.com/ory/herodot" + "github.com/ory/keto/engine" + "github.com/ory/keto/storage" +) + +func TestAllowed(t *testing.T) { + box := packr.NewBox("./rego") + compiler, err := engine.NewCompiler(box, logrus.New()) + require.NoError(t, err) + + s := storage.NewMemoryManager() + sh := storage.NewHandler(s, herodot.NewJSONWriter(nil)) + e := engine.NewEngine(compiler, herodot.NewJSONWriter(nil)) + le := NewEngine(s, sh, e, herodot.NewJSONWriter(nil)) + + n := negroni.Classic() + r := httprouter.New() + le.Register(r) + n.UseHandler(r) + + ts := httptest.NewServer(n) + defer ts.Close() + + cl := swagger.NewEnginesApiWithBasePath(ts.URL) + + for _, f := range []string{"regex", "exact"} { + t.Run(fmt.Sprintf("flavor=%s", f), func(t *testing.T) { + t.Run(fmt.Sprint("action=create"), func(t *testing.T) { + for _, p := range policies[f] { + t.Run(fmt.Sprintf("policy=%s", p.ID), func(t *testing.T) { + _, res, err := cl.UpsertOryAccessControlPolicy(f, toSwaggerPolicy(p)) + x.CheckResponseTest(t, err, http.StatusOK, res) + }) + } + for _, r := range roles[f] { + t.Run(fmt.Sprintf("role=%s", r.ID), func(t *testing.T) { + _, res, err := cl.UpsertOryAccessControlPolicyRole(f, toSwaggerRole(r)) + x.CheckResponseTest(t, err, http.StatusOK, res) + }) + } + }) + + t.Run("action=authorize", func(t *testing.T) { + for k, c := range requests[f] { + t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) { + d, res, err := cl.DoOryAccessControlPoliciesAllow(f, c.req) + x.CheckResponseTest(t, err, http.StatusOK, res) + assert.Equal(t, c.allowed, d.Allowed) + }) + } + }) + }) + } +} + +func TestValidatePolicy(t *testing.T) { + _, err := validatePolicy(Policy{}) + require.Error(t, err) + + _, err = validatePolicy(Policy{Effect: "bar"}) + require.Error(t, err) + + p, err := validatePolicy(Policy{Effect: "allow"}) + require.NoError(t, err) + assert.NotEmpty(t, p.ID) + + p, err = validatePolicy(Policy{Effect: "deny", ID: "foo"}) + require.NoError(t, err) + assert.Equal(t, "foo", p.ID) +} + +func crudts() *httptest.Server { + s := storage.NewMemoryManager() + sh := storage.NewHandler(s, herodot.NewJSONWriter(nil)) + e := NewEngine(s, sh, nil, herodot.NewJSONWriter(nil)) + r := httprouter.New() + e.Register(r) + return httptest.NewServer(r) +} + +func toSwaggerPolicy(p Policy) swagger.OryAccessControlPolicy { + return swagger.OryAccessControlPolicy{ + Actions: p.Actions, + Id: p.ID, + Resources: p.Resources, + Subjects: p.Subjects, + Effect: p.Effect, + Conditions: p.Conditions, + Description: p.Description, + } +} + +func fromSwaggerPolicy(p swagger.OryAccessControlPolicy) Policy { + return Policy{ + Actions: p.Actions, + ID: p.Id, + Resources: p.Resources, + Subjects: p.Subjects, + Effect: p.Effect, + Conditions: p.Conditions, + Description: p.Description, + } +} + +func toSwaggerRole(r Role) swagger.OryAccessControlPolicyRole { + return swagger.OryAccessControlPolicyRole{ + Members: r.Members, + Id: r.ID, + } +} + +func fromSwaggerRole(r swagger.OryAccessControlPolicyRole) Role { + return Role{ + Members: r.Members, + ID: r.Id, + } +} + +func TestPolicyCRUD(t *testing.T) { + ts := crudts() + defer ts.Close() + + c := swagger.NewEnginesApiWithBasePath(ts.URL) + for _, f := range []string{"exact", "regex"} { + for l, p := range policies[f] { + _, resp, err := c.GetOryAccessControlPolicy(f, p.ID) + x.CheckResponseTest(t, err, http.StatusNotFound, resp) + + _, resp, err = c.UpsertOryAccessControlPolicy(f, toSwaggerPolicy(p)) + x.CheckResponseTest(t, err, http.StatusOK, resp) + + o, resp, err := c.GetOryAccessControlPolicy(f, p.ID) + x.CheckResponseTest(t, err, http.StatusOK, resp) + assert.Equal(t, p, fromSwaggerPolicy(*o)) + + os, resp, err := c.ListOryAccessControlPolicies(f, 100, 0) + x.CheckResponseTest(t, err, http.StatusOK, resp) + + var ps Policies + for _, v := range os { + ps = append(ps, fromSwaggerPolicy(v)) + } + + assert.Equal(t, ps, policies[f][:l+1]) + } + + for _, p := range policies[f] { + resp, err := c.DeleteOryAccessControlPolicy(f, p.ID) + x.CheckResponseTest(t, err, http.StatusNoContent, resp) + + _, resp, err = c.GetOryAccessControlPolicy(f, p.ID) + x.CheckResponseTest(t, err, http.StatusNotFound, resp) + } + } +} + +func TestRoleCRUD(t *testing.T) { + ts := crudts() + defer ts.Close() + + c := swagger.NewEnginesApiWithBasePath(ts.URL) + for _, f := range []string{"exact", "regex"} { + for l, r := range roles[f] { + _, resp, err := c.GetOryAccessControlPolicyRole(f, r.ID) + x.CheckResponseTest(t, err, http.StatusNotFound, resp) + + o, resp, err := c.UpsertOryAccessControlPolicyRole(f, toSwaggerRole(r)) + x.CheckResponseTest(t, err, http.StatusOK, resp) + require.EqualValues(t, r, fromSwaggerRole(*o)) + + o, resp, err = c.GetOryAccessControlPolicyRole(f, r.ID) + x.CheckResponseTest(t, err, http.StatusOK, resp) + require.EqualValues(t, r, fromSwaggerRole(*o)) + + os, resp, err := c.ListOryAccessControlPolicyRoles(f, 100, 0) + x.CheckResponseTest(t, err, http.StatusOK, resp) + + var ps Roles + for _, v := range os { + ps = append(ps, fromSwaggerRole(v)) + } + + assert.Equal(t, ps, roles[f][:l+1]) + } + + for _, r := range roles[f] { + resp, err := c.DeleteOryAccessControlPolicyRole(f, r.ID) + x.CheckResponseTest(t, err, http.StatusNoContent, resp) + + _, resp, err = c.GetOryAccessControlPolicyRole(f, r.ID) + x.CheckResponseTest(t, err, http.StatusNotFound, resp) + } + } +} diff --git a/engine/ladon/policy.go b/engine/ladon/policy.go new file mode 100644 index 000000000..634ee22b7 --- /dev/null +++ b/engine/ladon/policy.go @@ -0,0 +1,50 @@ +/* + * Copyright © 2016-2018 Aeneas Rekkas + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * @author Aeneas Rekkas + * @copyright 2015-2018 Aeneas Rekkas + * @license Apache-2.0 + */ + +package ladon + +// Policies is an array of policies. +type Policies []Policy + +// Policy specifies an ORY Access Policy document. +// +// swagger:model oryAccessControlPolicy +type Policy struct { + // ID is the unique identifier of the ORY Access Policy. It is used to query, update, and remove the ORY Access Policy. + ID string `json:"id"` + + // Description is an optional, human-readable description. + Description string `json:"description"` + + // Subjects is an array representing all the subjects this ORY Access Policy applies to. + Subjects []string `json:"subjects"` + + // Resources is an array representing all the resources this ORY Access Policy applies to. + Resources []string `json:"resources"` + + // Actions is an array representing all the actions this ORY Access Policy applies to. + Actions []string `json:"actions"` + + // Effect is the effect of this ORY Access Policy. It can be "allow" or "deny". + Effect string `json:"effect"` + + // Conditions represents an array of conditions under which this ORY Access Policy is active. + Conditions []map[string]interface{} `json:"conditions"` +} diff --git a/engine/ladon/rego/condition/boolean.rego b/engine/ladon/rego/condition/boolean.rego new file mode 100644 index 000000000..eda8419c0 --- /dev/null +++ b/engine/ladon/rego/condition/boolean.rego @@ -0,0 +1,19 @@ +package ory.condition + +eval_condition("BooleanCondition", request, options, key) { + is_boolean(request.context[key], output) + output == true + + request.context[key] == options.value +} + +test_condition_boolean { + eval_condition("BooleanCondition", { "context": {"foobar": false } }, { "value": false }, "foobar") + eval_condition("BooleanCondition", { "context": {"foobar": true } }, { "value": true }, "foobar") + + not eval_condition("BooleanCondition", { "context": {"foobar": false } }, { "value": true }, "foobar") + not eval_condition("BooleanCondition", { "context": {"foobar": true } }, { "value": false }, "foobar") + not eval_condition("BooleanCondition", { "context": {"not-foobar": true } }, { "value": false }, "foobar") + not eval_condition("BooleanCondition", { "context": {"foobar": true } }, { "not-value": false }, "foobar") + not eval_condition("BooleanCondition", { "context": {"not-foobar": true } }, { "not-value": false }, "foobar") +} diff --git a/engine/ladon/rego/condition/cidr.rego b/engine/ladon/rego/condition/cidr.rego new file mode 100644 index 000000000..ffce0d92c --- /dev/null +++ b/engine/ladon/rego/condition/cidr.rego @@ -0,0 +1,15 @@ +package ory.condition + +eval_condition("CIDRCondition", request, options, key) { + net.cidr_overlap(options.cidr, request.context[key], output) + output == true +} + +test_condition_boolean { + eval_condition("CIDRCondition", { "context": {"foobar": "192.168.178.0" } }, { "cidr": "192.168.178.0/16" }, "foobar") + eval_condition("CIDRCondition", { "context": {"foobar": "192.168.178.1" } }, { "cidr": "192.168.178.0/16" }, "foobar") + + not eval_condition("CIDRCondition", { "context": {"foobar": "92.168.178.1" } }, { "cidr": "192.168.178.0/16" }, "foobar") + not eval_condition("CIDRCondition", { "context": {"foobar": "192.168.178.1" } }, { "cidr": "192.168.178.0/16" }, "foobar2") + not eval_condition("CIDRCondition", { "context": {"foobar2": "192.168.178.1" } }, { "cidr": "192.168.178.0/16" }, "foobar") +} diff --git a/engine/ladon/rego/condition/condition.rego b/engine/ladon/rego/condition/condition.rego new file mode 100644 index 000000000..92d52c51b --- /dev/null +++ b/engine/ladon/rego/condition/condition.rego @@ -0,0 +1,16 @@ +package ory.condition + +all_conditions_true(policy) { + not any_condition_false(policy) +} + +any_condition_false(policy) { + c := policy.conditions[condition_key] + not condition_true(policy, c, condition_key) +} + +condition_true(policy, c, condition_key) { + eval_condition(c.type, input, c.options, condition_key) +} { + false +} diff --git a/engine/ladon/rego/condition/helpers.rego b/engine/ladon/rego/condition/helpers.rego new file mode 100644 index 000000000..38e64e2ea --- /dev/null +++ b/engine/ladon/rego/condition/helpers.rego @@ -0,0 +1,8 @@ +package ory.condition + +cast_string_empty(r, key) = value { + not r[key] + value := "" +}{ + cast_string(r[key], value) +} diff --git a/engine/ladon/rego/condition/resource_contains.rego b/engine/ladon/rego/condition/resource_contains.rego new file mode 100644 index 000000000..104264489 --- /dev/null +++ b/engine/ladon/rego/condition/resource_contains.rego @@ -0,0 +1,36 @@ +package ory.condition + +eval_condition("ResourceContainsCondition", request, options, key) { + value := cast_string_empty(options, "value") + delimiter := cast_string_empty(options, "delimiter") + + needle := concat("", [delimiter, value, delimiter]) + haystack := concat("", [delimiter, request.resource, delimiter]) + + contains(haystack, needle) == true +} + +test_condition_resource_contains { + not eval_condition("ResourceContainsCondition", { "resource": "foo:bar" }, { "delimiter": ":", "value": "foo:ba" }, "") + + eval_condition("ResourceContainsCondition", { "resource": "foo:bar" }, { "delimiter": ":", "value": "foo:bar" }, "") + eval_condition("ResourceContainsCondition", { "resource": "foo:bar:baz" }, { "delimiter": ":", "value": "foo:bar" }, "") + not eval_condition("ResourceContainsCondition", { "resource": "foo:bar:baz" }, { "delimiter": ":", "value": "foo:baz" }, "") + + eval_condition("ResourceContainsCondition", { "resource": "foo:bar:baz" }, { "delimiter": ":", "value": "bar:baz" }, "") + not eval_condition("ResourceContainsCondition", { "resource": "foo:bar:baz" }, { "delimiter": ":", "value": "foo:baz" }, "") + eval_condition("ResourceContainsCondition", { "resource": "foo:bar:baz" }, { "delimiter": ":", "value": "bar" }, "") + not eval_condition("ResourceContainsCondition", { "resource": "baz:foo:baz" }, { "delimiter": ":", "value": "bar" }, "") + + eval_condition("ResourceContainsCondition", { "resource": "foo:bar" }, { "value": "foo:ba" }, "") + eval_condition("ResourceContainsCondition", { "resource": "foo:bar" }, { "value": "foo:bar" }, "") + eval_condition("ResourceContainsCondition", { "resource": "foo:bar:baz" }, { "value": "foo:bar" }, "") + not eval_condition("ResourceContainsCondition", { "resource": "foo:baz" }, { "value": "foo:bar" }, "") + + eval_condition("ResourceContainsCondition", { "resource": "foo:bar:baz" }, { "value": "bar:baz" }, "") + not eval_condition("ResourceContainsCondition", { "resource": "foo:bar:baz" }, { "value": "foo:baz" }, "") + eval_condition("ResourceContainsCondition", { "resource": "foo:bar:baz" }, { "value": "bar" }, "") + not eval_condition("ResourceContainsCondition", { "resource": "baz:foo:baz" }, { "value": "bar" }, "") + + not eval_condition("ResourceContainsCondition", { "resource": "abc" }, { "value": "", "delimiter": ":" }, "") +} diff --git a/engine/ladon/rego/condition/string_equal.rego b/engine/ladon/rego/condition/string_equal.rego new file mode 100644 index 000000000..1f9dc5865 --- /dev/null +++ b/engine/ladon/rego/condition/string_equal.rego @@ -0,0 +1,24 @@ +package ory.condition + +eval_condition("StringEqualCondition", request, options, key) { + is_string(request.context[key], aok) + aok == true + + is_string(options.equals, bok) + bok == true + + cast_string(request.context[key], a) + cast_string(options.equals, b) + a == b +} + +test_condition_string_equal { + eval_condition("StringEqualCondition", { "context": {"foobar": "the-value-should-be-this" } }, { "equals": "the-value-should-be-this" }, "foobar") + + not eval_condition("StringEqualCondition", { "context": {"not-foobar": "the-value-should-be-this" } }, { "equals": "the-value-should-be-this" }, "foobar") + not eval_condition("StringEqualCondition", { "context": {"foobar": "the-value-should-be-this" } }, { "not-equals": "the-value-should-be-this" }, "foobar") + not eval_condition("StringEqualCondition", { "context": {"not-foobar": "the-value-should-be-this" } }, { "not-equals": "the-value-should-be-this" }, "foobar") + not eval_condition("StringEqualCondition", { "context": {"foobar": "the-value-should-be-this" } }, { "equals": "not-the-value-should-be-this" }, "foobar") + not eval_condition("StringEqualCondition", { "context": {"foobar": 1234 } }, { "equals": "not-the-value-should-be-this" }, "foobar") + not eval_condition("StringEqualCondition", { "context": {"foobar": "the-value-should-be-this" } }, { "equals": 1234 }, "foobar") +} diff --git a/engine/ladon/rego/condition/string_match.rego b/engine/ladon/rego/condition/string_match.rego new file mode 100644 index 000000000..78d901a4f --- /dev/null +++ b/engine/ladon/rego/condition/string_match.rego @@ -0,0 +1,13 @@ +package ory.condition + +eval_condition("StringMatchCondition", request, options, key) { + re_match(options.matches, request.context[key]) == true +} + +test_condition_string_match { + eval_condition("StringMatchCondition", { "context": {"foobar": "abc"} }, { "matches": ".*" }, "foobar") + eval_condition("StringMatchCondition", { "context": {"foobar": "abc"} }, { "matches": "abc.*" }, "foobar") + + not eval_condition("StringMatchCondition", { "context": {"not-foobar": "abc" } }, { "matches": ".+" }, "foobar") + not eval_condition("StringMatchCondition", { "context": {"foobar": "abc" } }, { "matches": "abc.+" }, "foobar") +} diff --git a/engine/ladon/rego/condition/string_pairs_equal.rego b/engine/ladon/rego/condition/string_pairs_equal.rego new file mode 100644 index 000000000..555a0c570 --- /dev/null +++ b/engine/ladon/rego/condition/string_pairs_equal.rego @@ -0,0 +1,32 @@ +package ory.condition + +eval_condition("StringPairsEqualCondition", request, options, key) { + cast_array(request.context[key], context) + count(context, c) + c > 0 + + not any_not_string_pair(context) +} + +any_not_string_pair(v) { + cast_array(v[_], vv) + not is_string_pair(vv) +} + +is_string_pair(v) { + count(v, c) + c == 2 + v[0] == v[1] +} + +test_condition_string_pairs_eqal { + not eval_condition("StringPairsEqualCondition", { "context": { } }, {}, "foobar") + not eval_condition("StringPairsEqualCondition", { "context": { "foobar": [] } }, {}, "foobar") + not eval_condition("StringPairsEqualCondition", { "context": { "foobar": [[]] } }, {}, "foobar") + not eval_condition("StringPairsEqualCondition", { "context": { "foobar": [["1"]] } }, {}, "foobar") + not eval_condition("StringPairsEqualCondition", { "context": { "foobar": [["1", "2"]] } }, {}, "foobar") + not eval_condition("StringPairsEqualCondition", { "context": { "foobar": [["1", "1", "2"]] } }, {}, "foobar") + not eval_condition("StringPairsEqualCondition", { "context": { "foobar": [["1", "1"], ["2", "3"]] } }, {}, "foobar") + eval_condition("StringPairsEqualCondition", { "context": { "foobar": [["1", "1"], ["2", "2"]] } }, {}, "foobar") + eval_condition("StringPairsEqualCondition", { "context": { "foobar": [["1", "1"]] } }, {}, "foobar") +} diff --git a/engine/ladon/rego/condition/string_subject_equal.rego b/engine/ladon/rego/condition/string_subject_equal.rego new file mode 100644 index 000000000..f0a51d0bd --- /dev/null +++ b/engine/ladon/rego/condition/string_subject_equal.rego @@ -0,0 +1,11 @@ +package ory.condition + +eval_condition("EqualsSubjectCondition", request, options, key) { + request.context[key] == request.subject +} + +test_condition_equals_subject { + eval_condition("EqualsSubjectCondition", { "subject": "some-subject", "context": { "foobar": "some-subject" } }, {}, "foobar") + not eval_condition("EqualsSubjectCondition", { "subject": "some-subject", "context": { "foobar": "not-some-subject" } }, {}, "foobar") + not eval_condition("EqualsSubjectCondition", { "subject": "some-subject", "context": { "not-foobar": "some-subject" } }, {}, "foobar") +} diff --git a/engine/ladon/rego/core/effect.rego b/engine/ladon/rego/core/effect.rego new file mode 100644 index 000000000..8462c3926 --- /dev/null +++ b/engine/ladon/rego/core/effect.rego @@ -0,0 +1,10 @@ +package ory.core + +effect_allow(effects) { + effects[_] == "allow" + not any_effect_deny(effects) +} + +any_effect_deny(effects) { + effects[_] == "deny" +} diff --git a/engine/ladon/rego/core/role.rego b/engine/ladon/rego/core/role.rego new file mode 100644 index 000000000..49d7dd4e8 --- /dev/null +++ b/engine/ladon/rego/core/role.rego @@ -0,0 +1,7 @@ +package ory.core + +role_ids(roles, subject) = r { + r := [role | role := roles[i].id + roles[i].members[_] == subject + ] +} diff --git a/engine/ladon/rego/exact/main.rego b/engine/ladon/rego/exact/main.rego new file mode 100644 index 000000000..f39b593a2 --- /dev/null +++ b/engine/ladon/rego/exact/main.rego @@ -0,0 +1,33 @@ +package ory.exact + +import data.store.ory.exact as store +import data.ory.core as core +import data.ory.condition as condition +import input as request + +default allow = false + +allow { + decide_allow(store.policies, store.roles) +} + +decide_allow(policies, roles) { + effects := [effect | effect := policies[i].effect + policies[i].resources[_] == request.resource + match_subjects(policies[i].subjects, roles, request.subject) + policies[i].actions[_] == request.action + condition.all_conditions_true(policies[i]) + ] + + count(effects, c) + c > 0 + + core.effect_allow(effects) +} + +match_subjects(matches, roles, subject) { + matches[_] == subject +} { + r := core.role_ids(roles, subject) + matches[_] == r[_] +} diff --git a/engine/ladon/rego/exact/main_test.rego b/engine/ladon/rego/exact/main_test.rego new file mode 100644 index 000000000..e9b37c6f0 --- /dev/null +++ b/engine/ladon/rego/exact/main_test.rego @@ -0,0 +1,107 @@ +package ory.exact + +policies = [ + { + "id": "1", + "resources": [`articles:1`], + "subjects": [`subjects:1`], + "actions": [`actions:1`], + "effect": "allow", + "conditions": { + "foobar": { + "type": "StringEqualCondition", + "options": { + "equals": "the-value-should-be-this" + } + } + } + }, + { + "id": "2", + "resources": [`articles:2`], + "subjects": [`subjects:2`], + "actions": [`actions:2`], + "effect": "deny", + }, + { + "id": "3-1", + "resources": [`articles:3`], + "subjects": [`subjects:3`], + "actions": [`actions:3`], + "effect": "allow", + }, + { + "id": "3-2", + "resources": [`articles:3`], + "subjects": [`subjects:3`], + "actions": [`actions:3`], + "effect": "deny", + }, + { + "id": "3-3", + "resources": [`articles:3`], + "subjects": [`subjects:3`], + "actions": [`actions:3`], + "effect": "allow", + }, + { + "id": "4", + "resources": [`articles:4`], + "subjects": [`subjects:4`], + "actions": [`actions:4`], + "effect": "allow", + }, + { + "id": "5", + "resources": [`articles:5`], + "subjects": [`subjects:5`], + "actions": [`actions:5`], + "effect": "allow", + "conditions": { + "foobar": { + "type": "InvalidCondition" + } + } + }, + { + "id": "6", + "resources": [`articles:6`], + "subjects": [`subjects:6`, `roles:6`], + "actions": [`actions:6`], + "effect": "allow", + }, +] + +test_allow_policy { + decide_allow(policies, []) with input as {"resource": "articles:4", "subject": "subjects:4", "action": "actions:4"} +} + +test_allow_policy_role { + decide_allow(policies, []) with input as {"resource": "articles:6", "subject": "subjects:6", "action": "actions:6"} + decide_allow(policies, [{"id": "roles:6", "members": ["other-role", "role-subject"]}]) with input as {"resource": "articles:6", "subject": "role-subject", "action": "actions:6"} +} + +test_deny_policy { + not decide_allow(policies, []) with input as {"resource": "articles:2", "subject": "subjects:2", "action": "actions:2"} +} + +test_deny_overrides { + not decide_allow(policies, []) with input as {"resource": "articles:3", "subject": "subjects:3", "action": "actions:3"} +} + +test_deny_without_match { + not decide_allow(policies, []) with input as {"resource": "unknown", "subject": "unknown", "action": "unknown", "context": {"unknown": "unknown"}} +} + +test_with_condition { + decide_allow(policies, []) with input as {"resource": "articles:1", "subject": "subjects:1", "action": "actions:1", "context": {"foobar": "the-value-should-be-this"}} + not decide_allow(policies, []) with input as {"resource": "articles:1", "subject": "subjects:1", "action": "actions:1", "context": {"foobar": "not-the-value-should-be-this"}} + not decide_allow(policies, []) with input as {"resource": "articles:1", "subject": "subjects:1", "action": "actions:1", "context": {"not-foobar": "the-value-should-be-this"}} + not decide_allow(policies, []) with input as {"resource": "articles:1", "subject": "subjects:1", "action": "actions:1", "context": {"foobar": 1234}} + not decide_allow(policies, []) with input as {"resource": "articles:1", "subject": "subjects:1", "action": "actions:1", "context": {}} + not decide_allow(policies, []) with input as {"resource": "articles:1", "subject": "subjects:1", "action": "actions:1"} +} + +test_with_unknown_condition { + not decide_allow(policies, []) with input as {"resource": "articles:5", "subject": "subjects:5", "action": "actions:5", "context": {"foobar": {}}} +} diff --git a/engine/ladon/rego/regex/main.rego b/engine/ladon/rego/regex/main.rego new file mode 100644 index 000000000..3d2a03ffe --- /dev/null +++ b/engine/ladon/rego/regex/main.rego @@ -0,0 +1,40 @@ +package ory.regex + +import data.store.ory.regex as store +import data.ory.core as core +import data.ory.condition as condition +import input as request + +default allow = false + +allow { + decide_allow(store.policies, store.roles) +} + +decide_allow(policies, roles) { + effects := [effect | effect := policies[i].effect + matcher(policies[i].resources, request.resource) + match_subjects(policies[i].subjects, roles, request.subject) + matcher(policies[i].actions, request.action) + condition.all_conditions_true(policies[i]) + ] + + count(effects, c) + c > 0 + + core.effect_allow(effects) +} + +matcher(patterns, compare) { + pattern := patterns[_] + regex.template_match(pattern, compare, "<", ">", output) + output == true +} + +match_subjects(matches, roles, subject) { + matcher(matches, subject) +} { + r := core.role_ids(roles, subject) + rr := r[_] + matcher(matches, rr) +} diff --git a/engine/ladon/rego/regex/main_test.rego b/engine/ladon/rego/regex/main_test.rego new file mode 100644 index 000000000..e0245a505 --- /dev/null +++ b/engine/ladon/rego/regex/main_test.rego @@ -0,0 +1,114 @@ +package ory.regex + +policies = [ + { + "id": "1", + "resources": [`articles:1`], + "subjects": [`subjects:1`], + "actions": [`actions:1`], + "effect": "allow", + "conditions": { + "foobar": { + "type": "StringEqualCondition", + "options": { + "equals": "the-value-should-be-this" + } + } + } + }, + { + "id": "2", + "resources": [`articles:2`], + "subjects": [`subjects:2`], + "actions": [`actions:2`], + "effect": "deny", + }, + { + "id": "3-1", + "resources": [`articles:3`], + "subjects": [`subjects:3`], + "actions": [`actions:3`], + "effect": "allow", + }, + { + "id": "3-2", + "resources": [`articles:3`], + "subjects": [`subjects:3`], + "actions": [`actions:3`], + "effect": "deny", + }, + { + "id": "3-3", + "resources": [`articles:3`], + "subjects": [`subjects:3`], + "actions": [`actions:3`], + "effect": "allow", + }, + { + "id": "4", + "resources": [`articles:<4|44>`], + "subjects": [`subjects:<4|44>`], + "actions": [`actions:<4|44>`], + "effect": "allow", + }, + { + "id": "5", + "resources": [`articles:5`], + "subjects": [`subjects:5`], + "actions": [`actions:5`], + "effect": "allow", + "conditions": { + "foobar": { + "type": "InvalidCondition" + } + } + }, + { + "id": "6", + "resources": [`articles:6`], + "subjects": [`:6`], + "actions": [`actions:6`], + "effect": "allow" + }, +] + +test_allow_policy { + decide_allow(policies, []) with input as {"resource": "articles:4", "subject": "subjects:4", "action": "actions:4"} + decide_allow(policies, []) with input as {"resource": "articles:44", "subject": "subjects:44", "action": "actions:44"} + not decide_allow(policies, []) with input as {"resource": "articles:454", "subject": "subjects:454", "action": "actions:454"} +} + +test_allow_group_policy { + decide_allow(policies, []) with input as {"resource": "articles:6", "subject": "subjects:6", "action": "actions:6"} + decide_allow(policies, []) with input as {"resource": "articles:6", "subject": "groups:6", "action": "actions:6"} + + decide_allow(policies, [{"id": "groups:6", "members": ["group-subject"]}]) with input as {"resource": "articles:6", "subject": "group-subject", "action": "actions:6"} + + not decide_allow(policies, [{"id": "groups:6", "members": ["group-subject"]}]) with input as {"resource": "articles:6", "subject": "not-group-subject", "action": "actions:6"} + not decide_allow(policies, [{"id": "not-groups", "members": ["group-subject"]}]) with input as {"resource": "articles:6", "subject": "group-subject", "action": "actions:6"} +} + +test_deny_policy { + not decide_allow(policies, []) with input as {"resource": "articles:2", "subject": "subjects:2", "action": "actions:2"} +} + +test_deny_overrides { + not decide_allow(policies, []) with input as {"resource": "articles:3", "subject": "subjects:3", "action": "actions:3"} +} + +test_deny_without_match { + not decide_allow(policies, []) with input as {"resource": "unknown", "subject": "unknown", "action": "unknown", "context": {"unknown": "unknown"}} +} + +test_with_condition { + decide_allow(policies, []) with input as {"resource": "articles:1", "subject": "subjects:1", "action": "actions:1", "context": {"foobar": "the-value-should-be-this"}} + not decide_allow(policies, []) with input as {"resource": "articles:1", "subject": "subjects:1", "action": "actions:1", "context": {"foobar": "not-the-value-should-be-this"}} + not decide_allow(policies, []) with input as {"resource": "articles:1", "subject": "subjects:1", "action": "actions:1", "context": {"not-foobar": "the-value-should-be-this"}} + not decide_allow(policies, []) with input as {"resource": "articles:1", "subject": "subjects:1", "action": "actions:1", "context": {"foobar": 1234}} + not decide_allow(policies, []) with input as {"resource": "articles:1", "subject": "subjects:1", "action": "actions:1", "context": {}} + not decide_allow(policies, []) with input as {"resource": "articles:1", "subject": "subjects:1", "action": "actions:1"} +} + +test_with_unknown_condition { + not decide_allow(policies, []) with input as {"resource": "articles:5", "subject": "subjects:5", "action": "actions:5", "context": {"foobar": {}}} +} diff --git a/engine/ladon/role.go b/engine/ladon/role.go new file mode 100644 index 000000000..15926d67a --- /dev/null +++ b/engine/ladon/role.go @@ -0,0 +1,18 @@ +package ladon + +// A list of roles. +// +// swagger:model oryAccessControlPolicyRoles +type Roles []Role + +// Role represents a group of users that share the same role. A role could be an administrator, a moderator, a regular +// user or some other sort of role. +// +// swagger:model oryAccessControlPolicyRole +type Role struct { + // ID is the role's unique id. + ID string `json:"id"` + + // Members is who belongs to the role. + Members []string `json:"members"` +} diff --git a/engine/ladon/types.go b/engine/ladon/types.go new file mode 100644 index 000000000..b765c5a1a --- /dev/null +++ b/engine/ladon/types.go @@ -0,0 +1,23 @@ +package ladon + +type Context map[string]interface{} + +const ( + Allow = "allow" + Deny = "deny" +) + +// swagger:model oryAccessControlPolicyAllowedInput +type Input struct { + // Resource is the resource that access is requested to. + Resource string `json:"resource"` + + // Action is the action that is requested on the resource. + Action string `json:"action"` + + // Subject is the subject that is requesting access. + Subject string `json:"subject"` + + // Context is the request's environmental context. + Context map[string]interface{} `json:"context"` +} diff --git a/go.mod b/go.mod new file mode 100644 index 000000000..355163d3c --- /dev/null +++ b/go.mod @@ -0,0 +1,46 @@ +module github.com/ory/keto + +require ( + github.com/OneOfOne/xxhash v1.2.2 // indirect + github.com/akutz/goof v0.1.2 // indirect + github.com/akutz/gotil v0.1.0 + github.com/containerd/continuity v0.0.0-20181023183536-c220ac4f01b8 // indirect + github.com/dchest/siphash v1.2.0 // indirect + github.com/go-errors/errors v1.0.1 + github.com/go-sql-driver/mysql v1.4.0 + github.com/gobuffalo/packr v1.16.0 + github.com/gobwas/glob v0.2.3 // indirect + github.com/golang/gddo v0.0.0-20181009135830-6c035858b4d7 // indirect + github.com/jmoiron/sqlx v1.2.0 + github.com/julienschmidt/httprouter v1.2.0 + github.com/kardianos/osext v0.0.0-20170510131534-ae77be60afb1 // indirect + github.com/konsorten/go-windows-terminal-sequences v1.0.1 // indirect + github.com/lib/pq v1.0.0 + github.com/meatballhat/negroni-logrus v0.0.0-20170801195057-31067281800f + github.com/mitchellh/mapstructure v1.1.2 // indirect + github.com/open-policy-agent/opa v0.10.1 + github.com/opencontainers/runc v1.0.0-rc5 // indirect + github.com/ory/go-convenience v0.1.0 + github.com/ory/graceful v0.1.0 + github.com/ory/herodot v0.5.0 + github.com/ory/x v0.0.33 + github.com/pborman/uuid v1.2.0 + github.com/pkg/errors v0.8.0 + github.com/rcrowley/go-metrics v0.0.0-20180503174638-e2704e165165 // indirect + github.com/rubenv/sql-migrate v0.0.0-20180704111356-3f452fc0ebeb + github.com/sirupsen/logrus v1.1.1 + github.com/spf13/cobra v0.0.3 + github.com/spf13/viper v1.2.1 + github.com/stretchr/testify v1.2.2 + github.com/urfave/negroni v1.0.0 + github.com/yashtewari/glob-intersection v0.0.0-20180916065949-5c77d914dd0b // indirect + github.com/ziutek/mymysql v1.5.4 // indirect + golang.org/x/crypto v0.0.0-20181025113841-85e1b3f9139a // indirect + golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4 // indirect + golang.org/x/sys v0.0.0-20181025063200-d989b31c8746 // indirect + google.golang.org/api v0.0.0-20181025000501-39567f0042a0 // indirect + google.golang.org/genproto v0.0.0-20181016170114-94acd270e44e // indirect + google.golang.org/grpc v1.16.0 // indirect + gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect + gopkg.in/resty.v1 v1.9.1 +) diff --git a/go.sum b/go.sum new file mode 100644 index 000000000..64fb47f58 --- /dev/null +++ b/go.sum @@ -0,0 +1,299 @@ +cloud.google.com/go v0.23.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.31.0 h1:o9K5MWWt2wk+d9jkGn2DAZ7Q9nUdnFLOpK9eIkDwONQ= +cloud.google.com/go v0.31.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +contrib.go.opencensus.io/exporter/stackdriver v0.7.0 h1:pmo1ol3uPcrLmvOET8bEbu5sialRZDDSHqJso0vo28o= +contrib.go.opencensus.io/exporter/stackdriver v0.7.0/go.mod h1:hNe5qQofPbg6bLQY5wHCvQ7o+2E5P8PkegEuQ+MyRw0= +git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= +github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8= +github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= +github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/Microsoft/go-winio v0.4.11 h1:zoIOcVf0xPN1tnMVbTtEdI+P8OofVk3NObnwOQ6nK2Q= +github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= +github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw= +github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk= +github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE= +github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= +github.com/akutz/goof v0.1.2 h1:ZgsmzbhfcFTh1KhkWrWNAvlDobBUBEKAkSpowCuqOn4= +github.com/akutz/goof v0.1.2/go.mod h1:w8jsAAm0/n4Tst8M4xYwGPMzn54u4pCA3wh4e2rNLlk= +github.com/akutz/gotil v0.1.0 h1:CIYFCaONzf0OWdK0hv0bgpQINZ6flgbBl3yhJNmF9cg= +github.com/akutz/gotil v0.1.0/go.mod h1:dQodnbCqWtMZSTC+JdTOerHMrsp0/EQx3qYG0c6PlxA= +github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf h1:eg0MeVzsP1G42dRafH3vf+al2vQIJU0YHX+1Tw87oco= +github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= +github.com/aws/aws-sdk-go v1.15.31/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4YnC6+E63dPcxHo2sUxDIu8g3QgEJdRY= +github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= +github.com/cenkalti/backoff v2.0.0+incompatible h1:5IIPUHhlnUZbcHQsQou5k1Tn58nJkeJL9U+ig5CHJbY= +github.com/cenkalti/backoff v2.0.0+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= +github.com/containerd/continuity v0.0.0-20181003075958-be9bd761db19 h1:HSgjWPBWohO3kHDPwCPUGSLqJjXCjA7ad5057beR2ZU= +github.com/containerd/continuity v0.0.0-20181003075958-be9bd761db19/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= +github.com/containerd/continuity v0.0.0-20181023183536-c220ac4f01b8 h1:lJeDcldQnYskl7krc3lTppg8NKomoQkmQg1AzOXtQbA= +github.com/containerd/continuity v0.0.0-20181023183536-c220ac4f01b8/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dchest/siphash v1.2.0 h1:YWOShuhvg0GqbQpMa60QlCGtEyf7O7HC1Jf0VjdQ60M= +github.com/dchest/siphash v1.2.0/go.mod h1:q+IRvb2gOSrUnYoPqHiyHXS0FOBBOdl6tONBlVnOnt4= +github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= +github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= +github.com/docker/go-units v0.3.3 h1:Xk8S3Xj5sLGlG5g67hJmYMmUgXv5N4PhkjJHHqrwnTk= +github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= +github.com/elazarl/goproxy v0.0.0-20181003060214-f58a169a71a5/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= +github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= +github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= +github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= +github.com/go-sql-driver/mysql v1.4.0 h1:7LxgVwFb2hIQtMm87NdgAVfXjnt4OePseqT1tKx+opk= +github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= +github.com/gobuffalo/envy v1.6.7 h1:XMZGuFqTupAXhZTriQ+qO38QvNOSU/0rl3hEPCFci/4= +github.com/gobuffalo/envy v1.6.7/go.mod h1:N+GkhhZ/93bGZc6ZKhJLP6+m+tCNPKwgSpH9kaifseQ= +github.com/gobuffalo/packd v0.0.0-20181028162033-6d52e0eabf41 h1:Y3YNlzzY4xoVlEWqOS9lBT49x9qF8S1rqHfhMFYjfgg= +github.com/gobuffalo/packd v0.0.0-20181028162033-6d52e0eabf41/go.mod h1:Yf2toFaISlyQrr5TfO3h6DB9pl9mZRmyvBGQb/aQ/pI= +github.com/gobuffalo/packr v1.13.7 h1:2uZgLd6b/W4yRBZV/ScaORxZLNGMHO0VCvqQNkKukNA= +github.com/gobuffalo/packr v1.13.7/go.mod h1:KkinLIn/n6+3tVXMwg6KkNvWwVsrRAz4ph+jgpk3Z24= +github.com/gobuffalo/packr v1.16.0 h1:s0cqMbFDbio+Z3YxLeDOKRjLW2JKh9QVud0O7+j1fiQ= +github.com/gobuffalo/packr v1.16.0/go.mod h1:Yx/lcR/7mDLXhuJSzsz2MauD/HUwSc+EK6oigMRGGsM= +github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= +github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= +github.com/golang/gddo v0.0.0-20180828051604-96d2a289f41e/go.mod h1:xEhNfoBDX1hzLm2Nf80qUvZ2sVwoMZ8d6IE2SrsQfh4= +github.com/golang/gddo v0.0.0-20181009135830-6c035858b4d7 h1:/3HWkMEOoIwIBP8hcnupurzoJJfdUPVy2qkpYzmPFmY= +github.com/golang/gddo v0.0.0-20181009135830-6c035858b4d7/go.mod h1:xEhNfoBDX1hzLm2Nf80qUvZ2sVwoMZ8d6IE2SrsQfh4= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/google/go-cmp v0.2.0 h1:+dTQ8DZQJz0Mb/HjFlkptS1FeQ4cWSnN941F8aEG4SQ= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no= +github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= +github.com/google/uuid v1.0.0 h1:b4Gk+7WdP/d3HZH8EJsZpvV7EtDOgaZLtnaNGIu1adA= +github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/gax-go v2.0.0+incompatible h1:j0GKcs05QVmm7yesiZq2+9cxHkNK9YM6zKx4D2qucQU= +github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= +github.com/gopherjs/gopherjs v0.0.0-20181004151105-1babbf986f6f/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= +github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8= +github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= +github.com/gorilla/mux v1.6.2 h1:Pgr17XVTNXAk3q/r4CpKzC5xBM/qW1uVLV+IhRZpIIk= +github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= +github.com/gotestyourself/gotestyourself v2.1.0+incompatible h1:JdX/5sh/7yF7jRW5Xpvh1wlkAlgZS+X3HVCMlYqlxmw= +github.com/gotestyourself/gotestyourself v2.1.0+incompatible/go.mod h1:zZKM6oeNM8k+FRljX1mnzVYeS8wiGgQyvST1/GafPbY= +github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= +github.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69/go.mod h1:YLEMZOtU+AZ7dhN9T/IpGhXVGly2bvkJQ+zxj3WeVQo= +github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= +github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= +github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= +github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= +github.com/jmoiron/sqlx v0.0.0-20180614180643-0dae4fefe7c0 h1:5B0uxl2lzNRVkJVg+uGHxWtRt4C0Wjc6kJKo5XYx8xE= +github.com/jmoiron/sqlx v0.0.0-20180614180643-0dae4fefe7c0/go.mod h1:IiEW3SEiiErVyFdH8NTuWjSifiEQKUoyK3LNqr2kCHU= +github.com/jmoiron/sqlx v1.2.0 h1:41Ip0zITnmWNR/vHV+S4m+VoUivnWY5E4OJfLZjCJMA= +github.com/jmoiron/sqlx v1.2.0/go.mod h1:1FEQNm3xlJgrMD+FBdI9+xvCksHtbpVBBw5dYhBSsks= +github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc= +github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= +github.com/jtolds/gls v4.2.1+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= +github.com/julienschmidt/httprouter v0.0.0-20180715161854-348b672cd90d h1:of6+TpypLAaiv4JxgH5aplBZnt0b65B4v4c8q5oy+Sk= +github.com/julienschmidt/httprouter v0.0.0-20180715161854-348b672cd90d/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/julienschmidt/httprouter v1.2.0 h1:TDTW5Yz1mjftljbcKqRcrYhd4XeOoI98t+9HbQbYf7g= +github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/kardianos/osext v0.0.0-20170510131534-ae77be60afb1 h1:PJPDf8OUfOK1bb/NeTKd4f1QXZItOX389VN3B6qC8ro= +github.com/kardianos/osext v0.0.0-20170510131534-ae77be60afb1/go.mod h1:1NbS8ALrpOvjt0rHPNLyCIeMtbizbir8U//inJ+zuB8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/konsorten/go-windows-terminal-sequences v0.0.0-20180402223658-b729f2633dfe/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/lib/pq v1.0.0 h1:X5PMW56eZitiTeO7tKzZxFCSpbFZJtkMMooicw2us9A= +github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= +github.com/luna-duclos/instrumentedsql v0.0.0-20181016211422-eae529699c8a h1:c+XmkcFn/TPzhQb54T5SIXaF3PlGbnjdcArRfTK9L04= +github.com/luna-duclos/instrumentedsql v0.0.0-20181016211422-eae529699c8a/go.mod h1:PWUIzhtavmOR965zfawVsHXbEuU1G29BPZ/CB3C7jXk= +github.com/luna-duclos/instrumentedsql v0.0.0-20181127104832-b7d587d28109 h1:SSbnT1UH/TdSedRIy8XVB1dsVUOFP8iHaa/+QE0/q2k= +github.com/luna-duclos/instrumentedsql v0.0.0-20181127104832-b7d587d28109/go.mod h1:PWUIzhtavmOR965zfawVsHXbEuU1G29BPZ/CB3C7jXk= +github.com/magiconair/properties v1.8.0 h1:LLgXmsheXeRoUOBOjtwPQCWIYqM/LU1ayDtDePerRcY= +github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= +github.com/markbates/oncer v0.0.0-20181014194634-05fccaae8fc4 h1:Mlji5gkcpzkqTROyE4ZxZ8hN7osunMb2RuGVrbvMvCc= +github.com/markbates/oncer v0.0.0-20181014194634-05fccaae8fc4/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE= +github.com/mattn/go-sqlite3 v1.9.0 h1:pDRiWfl+++eC2FEFRy6jXmQlvp4Yh3z1MJKg4UeYM/4= +github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= +github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/meatballhat/negroni-logrus v0.0.0-20170801195057-31067281800f h1:V6GHkMOIsnpGDasS1iYiNxEYTY8TmyjQXEF8PqYkKQ8= +github.com/meatballhat/negroni-logrus v0.0.0-20170801195057-31067281800f/go.mod h1:Ylx55XGW4gjY7McWT0pgqU0aQquIOChDnYkOVbSuF/c= +github.com/mitchellh/mapstructure v1.0.0/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE= +github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8= +github.com/moul/http2curl v0.0.0-20170919181001-9ac6cf4d929b/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ= +github.com/oleiade/reflections v1.0.0/go.mod h1:RbATFBbKYkVdqmSFtx13Bb/tVhR0lgOBXunWTZKeL4w= +github.com/open-policy-agent/opa v0.9.2 h1:Am+s/t82Y5hnlJ8WPLfDXZFSO8iAjTNttKnxio8jDqw= +github.com/open-policy-agent/opa v0.9.2/go.mod h1:rlfeSeHuZmMEpmrcGla42AjkOUjP4rGIpS96H12un3o= +github.com/open-policy-agent/opa v0.10.1 h1:1886j/U6WujuEJgkgzxsIg/U8wJYf/lN64Mvrzy6g6k= +github.com/open-policy-agent/opa v0.10.1/go.mod h1:rlfeSeHuZmMEpmrcGla42AjkOUjP4rGIpS96H12un3o= +github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ= +github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= +github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI= +github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= +github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= +github.com/opencontainers/runc v1.0.0-rc5 h1:rYjdzMDXVly2Av0RLs3nf/iVkaWh2UrDhuTdTT2KggQ= +github.com/opencontainers/runc v1.0.0-rc5/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= +github.com/opentracing/opentracing-go v1.0.2 h1:3jA2P6O1F9UOrWVpwrIo17pu01KWvNWg4X946/Y5Zwg= +github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= +github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= +github.com/ory/dockertest v3.3.2+incompatible h1:uO+NcwH6GuFof/Uz8yzjNi1g0sGT5SLAJbdBvD8bUYc= +github.com/ory/dockertest v3.3.2+incompatible/go.mod h1:1vX4m9wsvi00u5bseYwXaSnhNrne+V0E6LAcBILJdPs= +github.com/ory/fosite v0.25.0/go.mod h1:uttCRNB0lM7+BJFX7CC8Bqo9gAPrcpmA9Ezc80Trwuw= +github.com/ory/go-convenience v0.1.0 h1:zouLKfF2GoSGnJwGq+PE/nJAE6dj2Zj5QlTgmMTsTS8= +github.com/ory/go-convenience v0.1.0/go.mod h1:uEY/a60PL5c12nYz4V5cHY03IBmwIAEm8TWB0yn9KNs= +github.com/ory/graceful v0.1.0 h1:zilpYtcR5vp4GubV4bN2GFJewHaSkMFnnRiJxyH8FAc= +github.com/ory/graceful v0.1.0/go.mod h1:zqu70l95WrKHF4AZ6tXHvAqAvpY6M7g6ttaAVcMm7KU= +github.com/ory/herodot v0.4.1 h1:XXzBJX6wt3xJ+rrlyiK7lot6CoO+a3hjx9rOvrptiyk= +github.com/ory/herodot v0.4.1/go.mod h1:3BOneqcyBsVybCPAJoi92KN2BpJHcmDqAMcAAaJiJow= +github.com/ory/herodot v0.5.0 h1:7HcKZnAVDXzDdCKPGLy5aTgb+n1mtPafVB4W0XetV2M= +github.com/ory/herodot v0.5.0/go.mod h1:3BOneqcyBsVybCPAJoi92KN2BpJHcmDqAMcAAaJiJow= +github.com/ory/sqlcon v0.0.7 h1:PQl4ihs11Xzw9wyFk0YQmQEnPL0icdJjiStQNaoRTmM= +github.com/ory/sqlcon v0.0.7/go.mod h1:oOyCmOJWAs8F0bnGmmIvGA9/4K1JqVL0D9JgvAaVc3U= +github.com/ory/x v0.0.23 h1:CQjFLGozD+s6eDPz0MHUJbef0ByQRmWcvvpZcYIyIpo= +github.com/ory/x v0.0.23/go.mod h1:RK8UVvTumpXbrr72gxlc5sh+4ivoQfVV6G8rv6LPuro= +github.com/ory/x v0.0.33 h1:Hfy1Xe+oKvOG8BN+B3ArM0eVfoCH7FElOmMzO0J/c0Q= +github.com/ory/x v0.0.33/go.mod h1:U7SUjn+NSVmHbWlS0LBSxbBk1hdPDmc2AJk9gZZZedA= +github.com/parnurzeal/gorequest v0.2.15/go.mod h1:3Kh2QUMJoqw3icWAecsyzkpY7UzRfDhbRdTjtNwNiUE= +github.com/pborman/uuid v1.2.0 h1:J7Q5mO4ysT1dv8hyrUGHb9+ooztCXu1D8MY8DZYsu3g= +github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= +github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc= +github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= +github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/profile v1.2.1 h1:F++O52m40owAmADcojzM+9gyjmMOY/T4oYJkgFDH8RE= +github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= +github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/rcrowley/go-metrics v0.0.0-20180503174638-e2704e165165 h1:nkcn14uNmFEuGCb2mBZbBb24RdNRL08b/wb+xBOYpuk= +github.com/rcrowley/go-metrics v0.0.0-20180503174638-e2704e165165/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= +github.com/rs/cors v1.6.0 h1:G9tHG9lebljV9mfp9SNPDL36nCDxmo3zTlAf1YgvzmI= +github.com/rs/cors v1.6.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= +github.com/rubenv/sql-migrate v0.0.0-20180704111356-3f452fc0ebeb h1:lAOy8O8yKU3unXE92z9pfE7ylDwXr3202BLskpOaUcA= +github.com/rubenv/sql-migrate v0.0.0-20180704111356-3f452fc0ebeb/go.mod h1:WS0rl9eEliYI8DPnr3TOwz4439pay+qNgzJoVya/DmY= +github.com/segmentio/analytics-go v3.0.1+incompatible h1:W7T3ieNQjPFMb+SE8SAVYo6mPkKK/Y37wYdiNf5lCVg= +github.com/segmentio/analytics-go v3.0.1+incompatible/go.mod h1:C7CYBtQWk4vRk2RyLu0qOcbHJ18E3F1HV2C/8JvKN48= +github.com/segmentio/backo-go v0.0.0-20160424052352-204274ad699c h1:rsRTAcCR5CeNLkvgBVSjQoDGRRt6kggsE6XYBqCv2KQ= +github.com/segmentio/backo-go v0.0.0-20160424052352-204274ad699c/go.mod h1:kJ9mm9YmoWSkk+oQ+5Cj8DEoRCX2JT6As4kEtIIOp1M= +github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= +github.com/sirupsen/logrus v1.1.1 h1:VzGj7lhU7KEB9e9gMpAV/v5XT2NVSvLJhJLCWbnkgXg= +github.com/sirupsen/logrus v1.1.1/go.mod h1:zrgwTnHtNr00buQ1vSptGe8m1f/BbgsPukg8qsT7A+A= +github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= +github.com/smartystreets/goconvey v0.0.0-20180222194500-ef6db91d284a/go.mod h1:XDJAKZRPZ1CvBcN2aX5YOUTYGHki24fSF0Iv48Ibg0s= +github.com/spf13/afero v1.1.2 h1:m8/z1t7/fwjysjQRYbP0RD+bUIF/8tJwPdEZsI83ACI= +github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= +github.com/spf13/cast v1.2.0 h1:HHl1DSRbEQN2i8tJmtS6ViPyHx35+p51amrdsiTCrkg= +github.com/spf13/cast v1.2.0/go.mod h1:r2rcYCSwa1IExKTDiTfzaxqT2FNHs8hODu4LnUfgKEg= +github.com/spf13/cobra v0.0.3 h1:ZlrZ4XsMRm04Fr5pSFxBgfND2EBVa1nLpiy1stUsX/8= +github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= +github.com/spf13/jwalterweatherman v1.0.0 h1:XHEdyB+EcvlqZamSM4ZOMGlc93t6AcsBEu9Gc1vn7yk= +github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= +github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg= +github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/viper v1.2.1 h1:bIcUwXqLseLF3BDAZduuNfekWG87ibtFxi59Bq+oI9M= +github.com/spf13/viper v1.2.1/go.mod h1:P4AexN0a+C9tGAnUFNwDMYYZv3pjFuvmeiMyKRaNVlI= +github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/uber/jaeger-client-go v2.15.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= +github.com/uber/jaeger-lib v1.5.0/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= +github.com/urfave/negroni v1.0.0 h1:kIimOitoypq34K7TG7DUaJ9kq/N4Ofuwi1sjz0KipXc= +github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4= +github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c h1:3lbZUMbMiGUW/LMkfsEABsc5zNT9+b1CvsJx47JzJ8g= +github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c/go.mod h1:UrdRz5enIKZ63MEE3IF9l2/ebyx59GyGgPi+tICQdmM= +github.com/yashtewari/glob-intersection v0.0.0-20180916065949-5c77d914dd0b h1:vVRagRXf67ESqAb72hG2C/ZwI8NtJF2u2V76EsuOHGY= +github.com/yashtewari/glob-intersection v0.0.0-20180916065949-5c77d914dd0b/go.mod h1:HptNXiXVDcJjXe9SqMd0v2FsL9f8dz4GnXgltU6q/co= +github.com/ziutek/mymysql v1.5.4 h1:GB0qdRGsTwQSBVYuVShFBKaXSnSnYYC2d9knnE1LHFs= +github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0= +go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0= +go.opencensus.io v0.18.0 h1:Mk5rgZcggtbvtAun5aJzAtjKKN/t0R3jJPlWILlv938= +go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= +golang.org/x/crypto v0.0.0-20180830192347-182538f80094/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4 h1:Vk3wNqEZwyGyei9yq5ekj7frek2u7HUfffJ1/opblzc= +golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20181025113841-85e1b3f9139a h1:Pg1/+l4/QV6z7N506eGnLiJ/Rl4IJf1FwYQKvP51OjA= +golang.org/x/crypto v0.0.0-20181025113841-85e1b3f9139a/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180611182652-db08ff08e862/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180921000356-2f5d2388922f/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181005035420-146acd28ed58 h1:otZG8yDCO4LVps5+9bxOeNiCvgmOyt96J3roHTYs7oE= +golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519 h1:x6rhz8Y9CjbgQkccRGmELH6K+LJj7tOoh3XWeC1yaQM= +golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/oauth2 v0.0.0-20180603041954-1e0a3fa8ba9a/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20181003184128-c57b0facaced h1:4oqSq7eft7MdPKBGQK11X9WYUxmj6ZLgGTqYIbY1kyw= +golang.org/x/oauth2 v0.0.0-20181003184128-c57b0facaced/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4 h1:99CA0JJbUX4ozCnLon680Jc9e0T1i8HCaLVJMwtI8Hc= +golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180831094639-fa5fdf94c789/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180906133057-8cf3aee42992/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181025063200-d989b31c8746 h1:zTiiIq2XH/ldZGPA59ILL7NbDlz/btn3iJvO7H57mY8= +golang.org/x/sys v0.0.0-20181025063200-d989b31c8746/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2 h1:+DCIGbF/swA92ohVg0//6X2IVY3KZs6p9mix0ziNYJM= +golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +google.golang.org/api v0.0.0-20180603000442-8e296ef26005/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= +google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf h1:rjxqQmxjyqerRKEj+tZW+MCm4LgpFXu18bsEoCMgDsk= +google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= +google.golang.org/api v0.0.0-20181025000501-39567f0042a0 h1:6a8YRrm+EJS4Y9FGTkLfE2iKneLzRQG5CfJCfJ9AfS0= +google.golang.org/api v0.0.0-20181025000501-39567f0042a0/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= +google.golang.org/appengine v1.0.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.2.0 h1:S0iUepdCWODXRvtE+gcRDd15L+k+k1AiHlMiMjefH24= +google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/genproto v0.0.0-20180601223552-81158efcc9f2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20180831171423-11092d34479b h1:lohp5blsw53GBXtLyLNaTXPXS9pJ1tiTw61ZHUoE9Qw= +google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20181016170114-94acd270e44e h1:I5s8aUkxqPjgAssfOv+dVr+4/7BC40WV6JhcVoORltI= +google.golang.org/genproto v0.0.0-20181016170114-94acd270e44e/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/grpc v1.12.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= +google.golang.org/grpc v1.14.0 h1:ArxJuB1NWfPY6r9Gp9gqwplT0Ge7nqv9msgu03lHLmo= +google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= +google.golang.org/grpc v1.16.0 h1:dz5IJGuC2BB7qXR5AyHNwAUBhZscK2xVez7mznh72sY= +google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/gorp.v1 v1.7.1 h1:GBB9KrWRATQZh95HJyVGUZrWwOPswitEYEyqlK8JbAA= +gopkg.in/gorp.v1 v1.7.1/go.mod h1:Wo3h+DBQZIxATwftsglhdD/62zRFPhGhTiu5jUJmCaw= +gopkg.in/resty.v1 v1.9.1 h1:Lq4EIBZ5e2J4ZWp22W2hVOYc0X1qwDDki/nNVchRbdw= +gopkg.in/resty.v1 v1.9.1/go.mod h1:vo52Hzryw9PnPHcJfPsBiFW62XhNx5OczbV9y+IMpgc= +gopkg.in/square/go-jose.v2 v2.1.9/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= +gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gotest.tools v2.1.0+incompatible h1:5USw7CrJBYKqjg9R7QlA6jzqZKEAtvW82aNmsxxGPxw= +gotest.tools v2.1.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= +honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/health/doc.go b/health/doc.go deleted file mode 100644 index 8afc89a16..000000000 --- a/health/doc.go +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - */ - -package health - -// swagger:model healthStatus -type swaggerHealthStatus struct { - // Status always contains "ok". - Status string `json:"status"` -} - -// swagger:model healthNotReadyStatus -type swaggerNotReadyStatus struct { - // Errors contains a list of errors that caused the not ready status. - Errors map[string]string `json:"errors"` -} - -// swagger:model version -type swaggerVersion struct { - Version string `json:"version"` -} diff --git a/health/handler.go b/health/handler.go deleted file mode 100644 index d034141ec..000000000 --- a/health/handler.go +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - */ - -package health - -import ( - "net/http" - - "github.com/julienschmidt/httprouter" - "github.com/ory/herodot" -) - -const ( - AliveCheckPath = "/health/alive" - ReadyCheckPath = "/health/ready" - VersionPath = "/version" -) - -type ReadyChecker func() error - -type Handler struct { - H *herodot.JSONWriter - VersionString string - ReadyChecks map[string]ReadyChecker -} - -func NewHandler( - h *herodot.JSONWriter, - version string, - readyChecks map[string]ReadyChecker, -) *Handler { - return &Handler{ - H: h, - VersionString: version, - ReadyChecks: readyChecks, - } -} - -func (h *Handler) SetRoutes(r *httprouter.Router) { - r.GET(AliveCheckPath, h.Alive) - r.GET(ReadyCheckPath, h.Ready) - r.GET(VersionPath, h.Version) -} - -// swagger:route GET /health/alive health isInstanceAlive -// -// Check the Alive Status -// -// This endpoint returns a 200 status code when the HTTP server is up running. -// This status does currently not include checks whether the database connection is working. -// This endpoint does not require the `X-Forwarded-Proto` header when TLS termination is set. -// -// Be aware that if you are running multiple nodes of ORY Keto, the health status will never refer to the cluster state, only to a single instance. -// -// Responses: -// 200: healthStatus -// 500: genericError -func (h *Handler) Alive(rw http.ResponseWriter, r *http.Request, _ httprouter.Params) { - h.H.Write(rw, r, &swaggerHealthStatus{ - Status: "ok", - }) -} - -// swagger:route GET /health/ready health isInstanceReady -// -// Check the Readiness Status -// -// This endpoint returns a 200 status code when the HTTP server is up running and the environment dependencies (e.g. -// the database) are responsive as well. -// -// This status does currently not include checks whether the database connection is working. -// This endpoint does not require the `X-Forwarded-Proto` header when TLS termination is set. -// -// Be aware that if you are running multiple nodes of ORY Keto, the health status will never refer to the cluster state, only to a single instance. -// -// Responses: -// 200: healthStatus -// 503: healthNotReadyStatus -func (h *Handler) Ready(rw http.ResponseWriter, r *http.Request, _ httprouter.Params) { - var notReady = swaggerNotReadyStatus{ - Errors: map[string]string{}, - } - - for n, c := range h.ReadyChecks { - if err := c(); err != nil { - notReady.Errors[n] = err.Error() - } - } - - if len(notReady.Errors) > 0 { - h.H.WriteCode(rw, r, http.StatusServiceUnavailable, notReady) - return - } - - h.H.Write(rw, r, &swaggerHealthStatus{ - Status: "ok", - }) -} - -// swagger:route GET /version version getVersion -// -// Get the version of Keto -// -// This endpoint returns the version as `{ "version": "VERSION" }`. The version is only correct with the prebuilt binary and not custom builds. -// -// Responses: -// 200: version -func (h *Handler) Version(rw http.ResponseWriter, r *http.Request, _ httprouter.Params) { - h.H.Write(rw, r, &swaggerVersion{ - Version: h.VersionString, - }) -} diff --git a/health/handler_test.go b/health/handler_test.go deleted file mode 100644 index 26f8b239a..000000000 --- a/health/handler_test.go +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2017-2018 Aeneas Rekkas - * @license Apache-2.0 - */ - -package health - -import ( - "errors" - "net/http" - "net/http/httptest" - "testing" - - "github.com/julienschmidt/httprouter" - "github.com/ory/herodot" - "github.com/ory/keto/sdk/go/keto/swagger" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -func TestHealth(t *testing.T) { - alive := errors.New("not alive") - handler := &Handler{ - H: herodot.NewJSONWriter(nil), - VersionString: "test version", - ReadyChecks: map[string]ReadyChecker{ - "test": func() error { - return alive - }, - }, - } - router := httprouter.New() - handler.SetRoutes(router) - ts := httptest.NewServer(router) - - healthClient := swagger.NewHealthApiWithBasePath(ts.URL) - - body, response, err := healthClient.IsInstanceAlive() - require.NoError(t, err) - require.EqualValues(t, http.StatusOK, response.StatusCode) - assert.EqualValues(t, "ok", body.Status) - - versionClient := swagger.NewVersionApiWithBasePath(ts.URL) - version, response, err := versionClient.GetVersion() - require.NoError(t, err) - require.EqualValues(t, http.StatusOK, response.StatusCode) - require.EqualValues(t, version.Version, handler.VersionString) - - _, response, err = healthClient.IsInstanceReady() - require.NoError(t, err) - require.EqualValues(t, http.StatusServiceUnavailable, response.StatusCode) - assert.Equal(t, `{"errors":{"test":"not alive"}}`, string(response.Payload)) - - alive = nil - body, response, err = healthClient.IsInstanceReady() - require.NoError(t, err) - require.EqualValues(t, http.StatusOK, response.StatusCode) - assert.EqualValues(t, "ok", body.Status) -} diff --git a/legacy/hydra.go b/legacy/hydra.go deleted file mode 100644 index aa33f5a23..000000000 --- a/legacy/hydra.go +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package legacy - -import "github.com/rubenv/sql-migrate" - -var HydraLegacyMigrations = map[string]*migrate.MemoryMigrationSource{ - "postgres": { - Migrations: []*migrate.Migration{ - { - Id: "1", - Up: []string{ - `ALTER TABLE hydra_warden_group RENAME TO keto_role`, - `ALTER TABLE hydra_warden_group_member RENAME COLUMN group_id TO role_id`, - `ALTER TABLE hydra_warden_group_member RENAME TO keto_role_member`, - `ALTER TABLE hydra_policy_migration RENAME TO keto_policy_migration`, - `ALTER TABLE hydra_groups_migration RENAME TO keto_role_migration`, - }, - Down: []string{ - `ALTER TABLE keto_role RENAME TO hydra_warden_group`, - `ALTER TABLE hydra_warden_group_member RENAME COLUMN role_id TO group_id`, - `ALTER TABLE keto_role_member RENAME TO hydra_warden_group_member`, - `ALTER TABLE keto_policy_migration RENAME TO hydra_policy_migration`, - `ALTER TABLE keto_role_migration RENAME TO hydra_groups_migration`, - }, - }, - }, - }, - "mysql": { - Migrations: []*migrate.Migration{ - { - Id: "1", - Up: []string{ - `RENAME TABLE hydra_warden_group RENAME TO keto_role`, - `ALTER TABLE hydra_warden_group_member CHANGE group_id role_id varchar(255)`, - `RENAME TABLE hydra_warden_group_member RENAME TO keto_role_member`, - `RENAME TABLE hydra_policy_migration RENAME TO keto_policy_migration`, - `RENAME TABLE hydra_groups_migration RENAME TO keto_role_migration`, - }, - Down: []string{ - `RENAME TABLE keto_role TO hydra_warden_group`, - `ALTER TABLE hydra_warden_group_member CHANGE role_id group_id varchar(255)`, - `RENAME TABLE keto_role_member TO hydra_warden_group_member`, - `RENAME TABLE keto_policy_migration TO hydra_policy_migration`, - `RENAME TABLE keto_role_migration TO hydra_groups_migration`, - }, - }, - }, - }, -} diff --git a/main.go b/main.go index 5d653c1ad..6f2a67159 100644 --- a/main.go +++ b/main.go @@ -16,18 +16,11 @@ package main import ( - "os" - "github.com/ory/keto/cmd" - "github.com/pkg/profile" + "github.com/ory/x/profilex" ) func main() { - if os.Getenv("PROFILING") == "cpu" { - defer profile.Start(profile.CPUProfile).Stop() - } else if os.Getenv("PROFILING") == "memory" { - defer profile.Start(profile.MemProfile).Stop() - } - + defer profilex.Profile().Stop() cmd.Execute() } diff --git a/package.json b/package.json index ca33a4934..049330187 100644 --- a/package.json +++ b/package.json @@ -12,11 +12,10 @@ "fs": false }, "dependencies": { - "superagent": "~3.7.0", - "opencollective": "^1.0.3" + "superagent": "~3.7.0" }, "devDependencies": { - "prettier": "^1.7.4" + "opencollective": "^1.0.3" }, "collective": { "type": "opencollective", diff --git a/policy/doc.go b/policy/doc.go deleted file mode 100644 index c1e00e355..000000000 --- a/policy/doc.go +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - */ - -// Package policy offers management capabilities for access control policies. -// -// Access Control Policies (ACP) are a concept similar to Role Based Access Control and Access Control Lists. ACPs -// however are more flexible and capable of handling complex and abstract access control scenarios. A ACP answers "**Who** -// is **able** to do **what** on **something** given a **context**." -// -// -// ACPs have five attributes: -// -// - Subject *(who)*: An arbitrary unique subject name, for example "ken" or "printer-service.mydomain.com". -// - Effect *(able)*: The effect which can be either "allow" or "deny". -// - Action *(what)*: An arbitrary action name, for example "delete", "create" or "scoped:action:something". -// - Resource *(something)*: An arbitrary unique resource name, for example "something", "resources.articles.1234" or some uniform resource name like "urn:isbn:3827370191". -// - Condition *(context)*: An optional condition that evaluates the context (e.g. IP Address, request datetime, resource owner name, department, ...). Different strategies are available to evaluate conditions: -// - https://github.com/ory/ladon#cidr-condition -// - https://github.com/ory/ladon#string-equal-condition -// - https://github.com/ory/ladon#string-match-condition -// - https://github.com/ory/ladon#subject-condition -// - https://github.com/ory/ladon#string-pairs-equal-condition -// -// -// You can find more information on ACPs here: -// -// - https://github.com/ory/ladon#usage for more information on policy usage. -// -// - https://github.com/ory/ladon#concepts - -package policy - -// swagger:parameters listPolicies -type swaggerListPolicyParameters struct { - // The offset from where to start looking. - // in: query - Offset int `json:"offset"` - - // The maximum amount of policies returned. - // in: query - Limit int `json:"limit"` -} - -// swagger:parameters getPolicy deletePolicy -type swaggerGetPolicyParameters struct { - // The id of the policy. - // in: path - ID string `json:"id"` -} - -// swagger:parameters updatePolicy -type swaggerUpdatePolicyParameters struct { - // The id of the policy. - // in: path - ID string `json:"id"` - - // in: body - Body swaggerPolicy -} - -// swagger:parameters createPolicy -type swaggerCreatePolicyParameters struct { - // in: body - Body swaggerPolicy -} - -// A policy -// swagger:response policyList -type swaggerListPolicyResponse struct { - // in: body - // type: array - Body []swaggerPolicy -} - -// swagger:model policy -type swaggerPolicy struct { - // ID of the policy. - ID string `json:"id"` - - // Description of the policy. - Description string `json:"description"` - - // Subjects impacted by the policy. - Subjects []string `json:"subjects"` - // Effect of the policy - Effect string `json:"effect"` - - // Resources impacted by the policy. - Resources []string `json:"resources"` - - // Actions impacted by the policy. - Actions []string `json:"actions"` - - // Conditions under which the policy is active. - Conditions map[string]struct { - Type string `json:"type"` - Options map[string]interface{} `json:"options"` - } `json:"conditions"` -} diff --git a/policy/handler.go b/policy/handler.go deleted file mode 100644 index 8c78c68dd..000000000 --- a/policy/handler.go +++ /dev/null @@ -1,219 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - */ - -package policy - -import ( - "encoding/json" - "net/http" - - "github.com/julienschmidt/httprouter" - "github.com/ory/herodot" - "github.com/ory/ladon" - "github.com/ory/pagination" - "github.com/pborman/uuid" - "github.com/pkg/errors" -) - -const ( - handlerBasePath = "/policies" -) - -type Handler struct { - Manager ladon.Manager - H herodot.Writer -} - -func NewHandler(manager ladon.Manager, writer herodot.Writer) *Handler { - return &Handler{ - H: writer, - Manager: manager, - } -} - -func (h *Handler) SetRoutes(r *httprouter.Router) { - r.POST(handlerBasePath, h.Create) - r.GET(handlerBasePath, h.List) - r.GET(handlerBasePath+"/:id", h.Get) - r.PUT(handlerBasePath+"/:id", h.Update) - r.DELETE(handlerBasePath+"/:id", h.Delete) -} - -// swagger:route GET /policies policy listPolicies -// -// List Access Control Policies -// -// Consumes: -// - application/json -// -// Produces: -// - application/json -// -// Schemes: http, https -// -// Responses: -// 200: policyList -// 401: genericError -// 403: genericError -// 500: genericError -func (h *Handler) List(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { - limit, offset := pagination.Parse(r, 500, 0, 1000) - policies, err := h.Manager.GetAll(int64(limit), int64(offset)) - if err != nil { - h.H.WriteError(w, r, errors.WithStack(err)) - return - } - h.H.Write(w, r, policies) -} - -// swagger:route POST /policies policy createPolicy -// -// Create an Access Control Policy -// -// Consumes: -// - application/json -// -// Produces: -// - application/json -// -// Schemes: http, https -// -// Responses: -// 201: policy -// 401: genericError -// 403: genericError -// 500: genericError -func (h *Handler) Create(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { - var p = ladon.DefaultPolicy{ - Conditions: ladon.Conditions{}, - } - - if err := json.NewDecoder(r.Body).Decode(&p); err != nil { - h.H.WriteError(w, r, errors.WithStack(err)) - return - } - - if p.ID == "" { - p.ID = uuid.New() - } - - if err := h.Manager.Create(&p); err != nil { - h.H.WriteError(w, r, errors.WithStack(err)) - return - } - h.H.WriteCreated(w, r, "/policies/"+p.ID, &p) -} - -// swagger:route GET /policies/{id} policy getPolicy -// -// Get an Access Control Policy -// -// Consumes: -// - application/json -// -// Produces: -// - application/json -// -// Schemes: http, https -// -// Responses: -// 200: policy -// 401: genericError -// 403: genericError -// 500: genericError -func (h *Handler) Get(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - policy, err := h.Manager.Get(ps.ByName("id")) - if err != nil { - if err.Error() == "Not found" { - h.H.WriteError(w, r, errors.WithStack(&herodot.ErrorNotFound)) - return - } - h.H.WriteError(w, r, errors.WithStack(err)) - return - } - h.H.Write(w, r, policy) -} - -// swagger:route DELETE /policies/{id} policy deletePolicy -// -// Delete an Access Control Policy -// -// Consumes: -// - application/json -// -// Produces: -// - application/json -// -// Schemes: http, https -// -// Responses: -// 204: emptyResponse -// 401: genericError -// 403: genericError -// 500: genericError -func (h *Handler) Delete(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - id := ps.ByName("id") - - if err := h.Manager.Delete(id); err != nil { - h.H.WriteError(w, r, errors.WithStack(err)) - return - } - - w.WriteHeader(http.StatusNoContent) -} - -// swagger:route PUT /policies/{id} policy updatePolicy -// -// Update an Access Control Policy -// -// Consumes: -// - application/json -// -// Produces: -// - application/json -// -// Schemes: http, https -// -// Responses: -// 200: policy -// 401: genericError -// 403: genericError -// 500: genericError -func (h *Handler) Update(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - var id = ps.ByName("id") - var p = ladon.DefaultPolicy{Conditions: ladon.Conditions{}} - - if err := json.NewDecoder(r.Body).Decode(&p); err != nil { - h.H.WriteError(w, r, errors.WithStack(err)) - return - } - - if p.ID != id { - h.H.WriteErrorCode(w, r, http.StatusBadRequest, errors.New("Payload ID does not match ID from URL")) - return - } - - if err := h.Manager.Update(&p); err != nil { - h.H.WriteError(w, r, errors.WithStack(err)) - return - } - - h.H.Write(w, r, p) -} diff --git a/policy/sdk_test.go b/policy/sdk_test.go deleted file mode 100644 index 44ce77bb4..000000000 --- a/policy/sdk_test.go +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - */ - -package policy_test - -import ( - "encoding/json" - "net/http" - "net/http/httptest" - "testing" - - "github.com/julienschmidt/httprouter" - "github.com/ory/herodot" - . "github.com/ory/keto/policy" - keto "github.com/ory/keto/sdk/go/keto/swagger" - "github.com/ory/ladon" - "github.com/ory/ladon/manager/memory" - "github.com/pborman/uuid" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -func mockPolicy(t *testing.T) keto.Policy { - originalPolicy := &ladon.DefaultPolicy{ - ID: uuid.New(), - Description: "description", - Subjects: []string{""}, - Effect: ladon.AllowAccess, - Resources: []string{""}, - Actions: []string{"view"}, - Conditions: ladon.Conditions{ - "ip": &ladon.CIDRCondition{ - CIDR: "1234", - }, - "owner": &ladon.EqualsSubjectCondition{}, - }, - } - out, err := json.Marshal(originalPolicy) - require.NoError(t, err) - - var apiPolicy keto.Policy - require.NoError(t, json.Unmarshal(out, &apiPolicy)) - out, err = json.Marshal(&apiPolicy) - require.NoError(t, err) - - var checkPolicy ladon.DefaultPolicy - require.NoError(t, json.Unmarshal(out, &checkPolicy)) - require.EqualValues(t, checkPolicy.Conditions["ip"], originalPolicy.Conditions["ip"]) - require.EqualValues(t, checkPolicy.Conditions["owner"], originalPolicy.Conditions["owner"]) - - return apiPolicy -} - -func TestPolicySDK(t *testing.T) { - handler := &Handler{ - Manager: &memory.MemoryManager{Policies: map[string]ladon.Policy{}}, - H: herodot.NewJSONWriter(nil), - } - - router := httprouter.New() - handler.SetRoutes(router) - server := httptest.NewServer(router) - - client := keto.NewPolicyApiWithBasePath(server.URL) - - p := mockPolicy(t) - - t.Run("TestPolicyManagement", func(t *testing.T) { - _, response, err := client.GetPolicy(p.Id) - require.NoError(t, err) - assert.Equal(t, http.StatusNotFound, response.StatusCode) - - result, response, err := client.CreatePolicy(p) - require.NoError(t, err) - assert.Equal(t, http.StatusCreated, response.StatusCode) - assert.EqualValues(t, p, *result) - - result, response, err = client.GetPolicy(p.Id) - require.NoError(t, err) - assert.Equal(t, http.StatusOK, response.StatusCode) - assert.EqualValues(t, p, *result) - - p.Subjects = []string{"stan"} - result, response, err = client.UpdatePolicy(p.Id, p) - require.NoError(t, err) - assert.Equal(t, http.StatusOK, response.StatusCode) - assert.EqualValues(t, p, *result) - - results, response, err := client.ListPolicies(0, 10) - require.NoError(t, err) - assert.Equal(t, http.StatusOK, response.StatusCode) - assert.Len(t, results, 1) - - results, response, err = client.ListPolicies(10, 1) - require.NoError(t, err) - assert.Equal(t, http.StatusOK, response.StatusCode) - assert.Len(t, results, 0) - - result, response, err = client.GetPolicy(p.Id) - require.NoError(t, err) - assert.Equal(t, http.StatusOK, response.StatusCode) - assert.EqualValues(t, p, *result) - - response, err = client.DeletePolicy(p.Id) - require.NoError(t, err) - assert.Equal(t, http.StatusNoContent, response.StatusCode) - - _, response, err = client.GetPolicy(p.Id) - require.NoError(t, err) - assert.Equal(t, http.StatusNotFound, response.StatusCode) - }) -} diff --git a/role/doc.go b/role/doc.go deleted file mode 100644 index 8fe353896..000000000 --- a/role/doc.go +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - */ - -// Package role capabilities for grouping subjects together, making policy management easier. -// -// This endpoint is **experimental**, use it at your own risk. - -package role - -// A list of roles the member is belonging to -// swagger:response listRolesResponse -type swaggerlistRolesResponse struct { - // in: body - // type: array - Body []Role -} - -// swagger:parameters listRoles -type swaggerListGroupsParameters struct { - // The id of the member to look up. - // in: query - Member string `json:"member"` - - // The maximum amount of policies returned. - // in: query - Limit int `json:"limit"` - - // The offset from where to start looking. - // in: query - Offset int `json:"offset"` -} - -// swagger:parameters createRole -type swaggerCreateGroupParameters struct { - // in: body - Body Role -} - -// swagger:parameters getRole deleteRole -type swaggerGetGroupParameters struct { - // The id of the role to look up. - // in: path - ID string `json:"id"` -} - -// swagger:parameters removeMembersFromRole addMembersToRole -type swaggerModifyMembersParameters struct { - // The id of the role to modify. - // in: path - ID string `json:"id"` - - // in: body - Body membersRequest -} diff --git a/role/handler.go b/role/handler.go deleted file mode 100644 index 51b914fae..000000000 --- a/role/handler.go +++ /dev/null @@ -1,338 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - */ - -package role - -import ( - "encoding/json" - "net/http" - - "github.com/julienschmidt/httprouter" - "github.com/ory/herodot" - "github.com/ory/pagination" - "github.com/pkg/errors" -) - -// swagger:model roleMembers -type membersRequest struct { - Members []string `json:"members"` -} - -func NewHandler(manager Manager, writer herodot.Writer) *Handler { - return &Handler{ - H: writer, - Manager: manager, - } -} - -type Handler struct { - Manager Manager - H herodot.Writer -} - -const ( - handlerBasePath = "/roles" -) - -func (h *Handler) SetRoutes(r *httprouter.Router) { - r.POST(handlerBasePath, h.CreateRole) - r.GET(handlerBasePath, h.ListRoles) - r.GET(handlerBasePath+"/:id", h.GetRole) - r.DELETE(handlerBasePath+"/:id", h.DeleteRole) - r.POST(handlerBasePath+"/:id/members", h.AddRoleMembers) - r.DELETE(handlerBasePath+"/:id/members", h.DeleteRoleMembers) - r.PUT(handlerBasePath+"/:id", h.UpdateRole) -} - -// swagger:route GET /roles role listRoles -// -// List all roles -// -// A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular -// user or some other sort of role. -// -// This endpoint allows you to retrieve all roles that are stored in the system. -// -// Consumes: -// - application/json -// -// Produces: -// - application/json -// -// Schemes: http, https -// -// Responses: -// 200: listRolesResponse -// 401: genericError -// 403: genericError -// 500: genericError -func (h *Handler) ListRoles(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { - limit, offset := pagination.Parse(r, 100, 0, 500) - if member := r.URL.Query().Get("member"); member != "" { - h.FindGroupNames(w, r, member, limit, offset) - return - } else { - h.listAllRoles(w, r, limit, offset) - return - } -} - -func (h *Handler) listAllRoles(w http.ResponseWriter, r *http.Request, limit, offset int) { - groups, err := h.Manager.ListRoles(limit, offset) - if err != nil { - h.H.WriteError(w, r, err) - return - } - - h.H.Write(w, r, groups) -} - -func (h *Handler) FindGroupNames(w http.ResponseWriter, r *http.Request, member string, limit, offset int) { - groups, err := h.Manager.FindRolesByMember(member, limit, offset) - if err != nil { - h.H.WriteError(w, r, err) - return - } - - h.H.Write(w, r, groups) -} - -// swagger:route POST /roles role createRole -// -// Create a role -// -// A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular -// user or some other sort of role. -// -// This endpoint allows you to create a new role. You may define members as well but you don't have to. -// -// Consumes: -// - application/json -// -// Produces: -// - application/json -// -// Schemes: http, https -// -// Responses: -// 201: role -// 401: genericError -// 403: genericError -// 500: genericError -func (h *Handler) CreateRole(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { - var g Role - - if err := json.NewDecoder(r.Body).Decode(&g); err != nil { - h.H.WriteError(w, r, errors.WithStack(err)) - return - } - - if err := h.Manager.CreateRole(&g); err != nil { - h.H.WriteError(w, r, err) - return - } - - h.H.WriteCreated(w, r, handlerBasePath+"/"+g.ID, &g) -} - -// swagger:route GET /roles/{id} role getRole -// -// Get a role by its ID -// -// A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular -// user or some other sort of role. -// -// This endpoint allows you to retrieve an existing role. You have to know the role's ID. -// -// Consumes: -// - application/json -// -// Produces: -// - application/json -// -// Schemes: http, https -// -// Responses: -// 201: role -// 401: genericError -// 403: genericError -// 500: genericError -func (h *Handler) GetRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - var id = ps.ByName("id") - - g, err := h.Manager.GetRole(id) - if err != nil { - h.H.WriteError(w, r, err) - return - } - - h.H.Write(w, r, g) -} - -// swagger:route DELETE /roles/{id} role deleteRole -// -// Get a role by its ID -// -// A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular -// user or some other sort of role. -// -// This endpoint allows you to delete an existing role. You have to know the role's ID. -// -// Consumes: -// - application/json -// -// Produces: -// - application/json -// -// Schemes: http, https -// -// Responses: -// 204: emptyResponse -// 401: genericError -// 403: genericError -// 500: genericError -func (h *Handler) DeleteRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - var id = ps.ByName("id") - - if err := h.Manager.DeleteRole(id); err != nil { - h.H.WriteError(w, r, err) - return - } - - w.WriteHeader(http.StatusNoContent) -} - -// swagger:route POST /roles/{id}/members role addMembersToRole -// -// Add members to a role -// -// A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular -// user or some other sort of role. -// -// This endpoint allows you to add members (users, applications, ...) to a specific role. You have to know the role's ID. -// -// Consumes: -// - application/json -// -// Produces: -// - application/json -// -// Schemes: http, https -// -// Responses: -// 204: emptyResponse -// 401: genericError -// 403: genericError -// 500: genericError -func (h *Handler) AddRoleMembers(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - var id = ps.ByName("id") - - var m membersRequest - if err := json.NewDecoder(r.Body).Decode(&m); err != nil { - h.H.WriteError(w, r, errors.WithStack(err)) - return - } - - if err := h.Manager.AddRoleMembers(id, m.Members); err != nil { - h.H.WriteError(w, r, err) - return - } - - w.WriteHeader(http.StatusNoContent) -} - -// swagger:route DELETE /roles/{id}/members role removeMembersFromRole -// -// Remove members from a role -// -// A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular -// user or some other sort of role. -// -// This endpoint allows you to remove members (users, applications, ...) from a specific role. You have to know the role's ID. -// -// Consumes: -// - application/json -// -// Produces: -// - application/json -// -// Schemes: http, https -// -// Responses: -// 204: emptyResponse -// 401: genericError -// 403: genericError -// 500: genericError -func (h *Handler) DeleteRoleMembers(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - var id = ps.ByName("id") - - var m membersRequest - if err := json.NewDecoder(r.Body).Decode(&m); err != nil { - h.H.WriteError(w, r, errors.WithStack(err)) - return - } - - if err := h.Manager.RemoveRoleMembers(id, m.Members); err != nil { - h.H.WriteError(w, r, err) - return - } - - w.WriteHeader(http.StatusNoContent) -} - -// swagger:route PUT /roles/{id} role setRole -// -// A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular -// user or some other sort of role. -// -// This endpoint allows you to overwrite a role. You have to know the role's ID. -// -// Consumes: -// - application/json -// -// Produces: -// - application/json -// -// Schemes: http, https -// -// Responses: -// 204: emptyResponse -// 401: genericError -// 403: genericError -// 500: genericError -func (h *Handler) UpdateRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - var id = ps.ByName("id") - - var m membersRequest - if err := json.NewDecoder(r.Body).Decode(&m); err != nil { - h.H.WriteError(w, r, errors.WithStack(err)) - return - } - - if err := h.Manager.UpdateRole(Role{ - ID: id, - Members: m.Members, - }); err != nil { - h.H.WriteError(w, r, err) - return - } - - w.WriteHeader(http.StatusNoContent) -} diff --git a/role/manager.go b/role/manager.go deleted file mode 100644 index be27037bd..000000000 --- a/role/manager.go +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - */ - -package role - -// Role represents a group of users that share the same role. A role could be an administrator, a moderator, a regular -// user or some other sort of role. -// -// swagger:model role -type Role struct { - // ID is the role's unique id. - ID string `json:"id"` - - // Members is who belongs to the role. - Members []string `json:"members"` -} - -type Manager interface { - CreateRole(*Role) error - GetRole(id string) (*Role, error) - DeleteRole(id string) error - - AddRoleMembers(role string, members []string) error - RemoveRoleMembers(role string, members []string) error - - FindRolesByMember(member string, limit, offset int) ([]Role, error) - ListRoles(limit, offset int) ([]Role, error) - UpdateRole(role Role) error -} diff --git a/role/manager_memory.go b/role/manager_memory.go deleted file mode 100644 index 6d0901f72..000000000 --- a/role/manager_memory.go +++ /dev/null @@ -1,146 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - */ - -package role - -import ( - "sync" - - "github.com/ory/herodot" - "github.com/ory/pagination" - "github.com/pborman/uuid" - "github.com/pkg/errors" -) - -func NewMemoryManager() *MemoryManager { - return &MemoryManager{ - Roles: map[string]Role{}, - } -} - -type MemoryManager struct { - Roles map[string]Role - sync.RWMutex -} - -func (m *MemoryManager) CreateRole(r *Role) error { - if r.ID == "" { - r.ID = uuid.New() - } - if m.Roles == nil { - m.Roles = map[string]Role{} - } - - m.Roles[r.ID] = *r - return nil -} - -func (m *MemoryManager) GetRole(id string) (*Role, error) { - if r, ok := m.Roles[id]; !ok { - return nil, errors.WithStack(&herodot.ErrorNotFound) - } else { - return &r, nil - } -} - -func (m *MemoryManager) DeleteRole(id string) error { - delete(m.Roles, id) - return nil -} - -func (m *MemoryManager) AddRoleMembers(role string, subjects []string) error { - r, err := m.GetRole(role) - if err != nil { - return err - } - r.Members = append(r.Members, subjects...) - return m.CreateRole(r) -} - -func (m *MemoryManager) RemoveRoleMembers(role string, subjects []string) error { - r, err := m.GetRole(role) - if err != nil { - return err - } - - var subs []string - for _, s := range r.Members { - var remove bool - for _, f := range subjects { - if f == s { - remove = true - break - } - } - if !remove { - subs = append(subs, s) - } - } - - r.Members = subs - return m.CreateRole(r) -} - -func (m *MemoryManager) FindRolesByMember(member string, limit, offset int) ([]Role, error) { - if m.Roles == nil { - m.Roles = map[string]Role{} - } - - res := make([]Role, 0) - for _, r := range m.Roles { - for _, s := range r.Members { - if s == member { - res = append(res, r) - break - } - } - } - - start, end := pagination.Index(limit, offset, len(res)) - return res[start:end], nil -} - -func (m *MemoryManager) ListRoles(limit, offset int) ([]Role, error) { - if m.Roles == nil { - m.Roles = map[string]Role{} - } - - i := 0 - res := make([]Role, len(m.Roles)) - for _, r := range m.Roles { - res[i] = r - i++ - } - - start, end := pagination.Index(limit, offset, len(res)) - return res[start:end], nil -} - -func (m *MemoryManager) UpdateRole(role Role) error { - if err := m.DeleteRole(role.ID); err != nil { - return err - } - - if err := m.CreateRole(&role); err != nil { - return err - } - - return nil -} diff --git a/role/manager_sql.go b/role/manager_sql.go deleted file mode 100644 index 0051c25e5..000000000 --- a/role/manager_sql.go +++ /dev/null @@ -1,234 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - */ - -package role - -import ( - "database/sql" - - "fmt" - - "github.com/jmoiron/sqlx" - "github.com/ory/herodot" - "github.com/pborman/uuid" - "github.com/pkg/errors" - "github.com/rubenv/sql-migrate" -) - -var migrations = &migrate.MemoryMigrationSource{ - Migrations: []*migrate.Migration{ - { - Id: "1", - Up: []string{`CREATE TABLE IF NOT EXISTS keto_role ( - id varchar(255) NOT NULL PRIMARY KEY -)`, `CREATE TABLE IF NOT EXISTS keto_role_member ( - member varchar(255) NOT NULL, - role_id varchar(255) NOT NULL, - FOREIGN KEY (role_id) REFERENCES keto_role(id) ON DELETE CASCADE, - PRIMARY KEY (member, role_id) -)`}, - Down: []string{ - "DROP TABLE keto_role", - "DROP TABLE keto_role_member", - }, - }, - }, -} - -type SQLManager struct { - DB *sqlx.DB - - TableRole string - TableMember string - TableMigration string -} - -func NewSQLManager(db *sqlx.DB) *SQLManager { - return &SQLManager{ - DB: db, - TableRole: "keto_role", - TableMember: "keto_role_member", - TableMigration: "keto_role_migration", - } -} - -func (m *SQLManager) CreateSchemas() (int, error) { - migrate.SetTable(m.TableMigration) - n, err := migrate.Exec(m.DB.DB, m.DB.DriverName(), migrations, migrate.Up) - if err != nil { - return 0, errors.Wrapf(err, "Could not migrate sql schema, applied %d migrations", n) - } - return n, nil -} - -func (m *SQLManager) createRole(role string) func(tx *sqlx.Tx) error { - return func(tx *sqlx.Tx) error { - _, err := tx.Exec(m.DB.Rebind(fmt.Sprintf("INSERT INTO %s (id) VALUES (?)", m.TableRole)), role) - - return errors.WithStack(err) - } -} - -func (m *SQLManager) CreateRole(r *Role) error { - if r.ID == "" { - r.ID = uuid.New() - } - - return m.applyInTransaction(m.createRole(r.ID), m.addRoleMembers(r.ID, r.Members)) -} - -func (m *SQLManager) GetRole(id string) (*Role, error) { - var found string - if err := m.DB.Get(&found, m.DB.Rebind(fmt.Sprintf("SELECT id from %s WHERE id = ?", m.TableRole)), id); err != nil { - return nil, errors.WithStack(err) - } - - var q []string - if err := m.DB.Select(&q, m.DB.Rebind(fmt.Sprintf("SELECT member from %s WHERE role_id = ?", m.TableMember)), found); err == sql.ErrNoRows { - return nil, errors.WithStack(&herodot.ErrorNotFound) - } else if err != nil { - return nil, errors.WithStack(err) - } - - return &Role{ - ID: found, - Members: q, - }, nil -} - -func (m *SQLManager) deleteRole(id string) func(tx *sqlx.Tx) error { - return func(tx *sqlx.Tx) error { - _, err := tx.Exec(m.DB.Rebind(fmt.Sprintf("DELETE FROM %s WHERE id=?", m.TableRole)), id) - - return errors.WithStack(err) - } -} - -func (m *SQLManager) DeleteRole(id string) error { - return m.applyInTransaction(m.deleteRole(id)) -} - -func (m *SQLManager) addRoleMembers(role string, subjects []string) func(tx *sqlx.Tx) error { - return func(tx *sqlx.Tx) error { - query := fmt.Sprintf("INSERT INTO %s (role_id, member) VALUES (?, ?)", m.TableMember) - - for _, subject := range subjects { - if _, err := tx.Exec(m.DB.Rebind(query), role, subject); err != nil { - return errors.WithStack(err) - } - } - - return nil - } -} - -func (m *SQLManager) AddRoleMembers(role string, subjects []string) error { - return m.applyInTransaction(m.addRoleMembers(role, subjects)) -} - -func (m *SQLManager) removeGroupMembers(role string, subjects []string) func(tx *sqlx.Tx) error { - return func(tx *sqlx.Tx) error { - query := fmt.Sprintf("DELETE FROM %s WHERE member=? AND role_id=?", m.TableMember) - - for _, subject := range subjects { - if _, err := tx.Exec(m.DB.Rebind(query), subject, role); err != nil { - return errors.WithStack(err) - } - } - - return nil - } -} - -func (m *SQLManager) RemoveRoleMembers(role string, subjects []string) error { - return m.applyInTransaction(m.removeGroupMembers(role, subjects)) -} - -func (m *SQLManager) FindRolesByMember(member string, limit, offset int) ([]Role, error) { - var ids []string - if err := m.DB.Select(&ids, m.DB.Rebind(fmt.Sprintf("SELECT role_id from %s WHERE member = ? GROUP BY role_id ORDER BY role_id LIMIT ? OFFSET ?", m.TableMember)), member, limit, offset); err == sql.ErrNoRows { - return nil, errors.WithStack(&herodot.ErrorNotFound) - } else if err != nil { - return nil, errors.WithStack(err) - } - - var roles = make([]Role, len(ids)) - for k, id := range ids { - role, err := m.GetRole(id) - if err != nil { - return nil, errors.WithStack(err) - } - - roles[k] = *role - } - - return roles, nil -} - -func (m *SQLManager) ListRoles(limit, offset int) ([]Role, error) { - var ids []string - if err := m.DB.Select(&ids, m.DB.Rebind(fmt.Sprintf("SELECT id from %s LIMIT ? OFFSET ?", m.TableRole)), limit, offset); err == sql.ErrNoRows { - return nil, errors.WithStack(&herodot.ErrorNotFound) - } else if err != nil { - return nil, errors.WithStack(err) - } - - var roles = make([]Role, len(ids)) - for k, id := range ids { - role, err := m.GetRole(id) - if err != nil { - return nil, errors.WithStack(err) - } - - roles[k] = *role - } - - return roles, nil -} - -func (m *SQLManager) UpdateRole(role Role) error { - return m.applyInTransaction(m.deleteRole(role.ID), m.createRole(role.ID), m.addRoleMembers(role.ID, role.Members)) -} - -func (m *SQLManager) applyInTransaction(executors ...func(tx *sqlx.Tx) error) error { - tx, err := m.DB.Beginx() - if err != nil { - return errors.Wrap(err, "Could not begin transaction") - } - - for _, exec := range executors { - if err := exec(tx); err != nil { - if err := tx.Rollback(); err != nil { - return errors.WithStack(err) - } - - return err - } - } - - if err := tx.Commit(); err != nil { - if err := tx.Rollback(); err != nil { - return errors.WithStack(err) - } - return errors.Wrap(err, "Could not commit transaction") - } - - return nil -} diff --git a/role/manager_test.go b/role/manager_test.go deleted file mode 100644 index 11b98df87..000000000 --- a/role/manager_test.go +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - */ - -package role_test - -import ( - "flag" - "fmt" - "log" - "testing" - - _ "github.com/go-sql-driver/mysql" - _ "github.com/lib/pq" - . "github.com/ory/keto/role" - "github.com/ory/sqlcon/dockertest" -) - -var clientManagers = map[string]Manager{ - "memory": &MemoryManager{ - Roles: map[string]Role{}, - }, -} - -func TestMain(m *testing.M) { - runner := dockertest.Register() - - flag.Parse() - if !testing.Short() { - dockertest.Parallel([]func(){ - connectToPostgres, - connectToMySQL, - }) - } - - runner.Exit(m.Run()) -} - -func connectToMySQL() { - db, err := dockertest.ConnectToTestMySQL() - if err != nil { - panic(err) - } - - s := NewSQLManager(db) - if _, err := s.CreateSchemas(); err != nil { - log.Fatalf("Could not create mysql schema: %v", err) - } - - clientManagers["mysql"] = s -} - -func connectToPostgres() { - db, err := dockertest.ConnectToTestPostgreSQL() - if err != nil { - panic(err) - } - - s := NewSQLManager(db) - if _, err := s.CreateSchemas(); err != nil { - log.Fatalf("Could not create postgres schema: %v", err) - } - - clientManagers["postgres"] = s -} - -func TestManagers(t *testing.T) { - for k, m := range clientManagers { - t.Run(fmt.Sprintf("case=%s", k), TestHelperManagers(m)) - } -} diff --git a/role/manager_test_helper.go b/role/manager_test_helper.go deleted file mode 100644 index f4b505d40..000000000 --- a/role/manager_test_helper.go +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - */ - -package role - -import ( - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -func TestHelperManagers(m Manager) func(t *testing.T) { - return func(t *testing.T) { - t.Parallel() - - _, err := m.GetRole("4321") - assert.NotNil(t, err) - - c := &Role{ - ID: "1", - Members: []string{"bar", "foo"}, - } - assert.NoError(t, m.CreateRole(c)) - assert.NoError(t, m.CreateRole(&Role{ - ID: "2", - Members: []string{"foo"}, - })) - - d, err := m.GetRole("1") - require.NoError(t, err) - assert.EqualValues(t, c.Members, d.Members) - assert.EqualValues(t, c.ID, d.ID) - - ds, err := m.FindRolesByMember("foo", 100, 0) - require.NoError(t, err) - assert.Len(t, ds, 2) - - ds, err = m.FindRolesByMember("foo", 1, 0) - require.NoError(t, err) - assert.Len(t, ds, 1) - - ds, err = m.ListRoles(100, 0) - require.NoError(t, err) - assert.Len(t, ds, 2) - - ds, err = m.ListRoles(1, 0) - require.NoError(t, err) - assert.Len(t, ds, 1) - - assert.NoError(t, m.AddRoleMembers("1", []string{"baz"})) - - ds, err = m.FindRolesByMember("baz", 100, 0) - require.NoError(t, err) - assert.Len(t, ds, 1) - - assert.NoError(t, m.RemoveRoleMembers("1", []string{"baz"})) - ds, err = m.FindRolesByMember("baz", 100, 0) - require.NoError(t, err) - assert.Len(t, ds, 0) - - assert.NoError(t, m.DeleteRole("1")) - _, err = m.GetRole("1") - require.NotNil(t, err) - - assert.NoError(t, m.CreateRole(&Role{ - ID: "3", - })) - ds, err = m.ListRoles(100, 0) - require.NoError(t, err) - assert.Len(t, ds, 2) - } -} diff --git a/role/sdk_test.go b/role/sdk_test.go deleted file mode 100644 index 41e2c19c3..000000000 --- a/role/sdk_test.go +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - */ - -package role_test - -import ( - "net/http" - "net/http/httptest" - "testing" - - "github.com/julienschmidt/httprouter" - _ "github.com/lib/pq" - "github.com/ory/herodot" - . "github.com/ory/keto/role" - keto "github.com/ory/keto/sdk/go/keto/swagger" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -func TestGroupSDK(t *testing.T) { - clientManagers["memory"] = &MemoryManager{ - Roles: map[string]Role{}, - } - - handler := &Handler{ - Manager: &MemoryManager{ - Roles: map[string]Role{}, - }, - H: herodot.NewJSONWriter(nil), - } - - router := httprouter.New() - handler.SetRoutes(router) - server := httptest.NewServer(router) - - client := keto.NewRoleApiWithBasePath(server.URL) - - t.Run("flows", func(*testing.T) { - _, response, err := client.GetRole("4321") - require.NoError(t, err) - assert.Equal(t, http.StatusNotFound, response.StatusCode) - - firstGroup := keto.Role{Id: "1", Members: []string{"bar", "foo"}} - result, response, err := client.CreateRole(firstGroup) - require.NoError(t, err) - assert.Equal(t, http.StatusCreated, response.StatusCode) - assert.EqualValues(t, firstGroup, *result) - - secondGroup := keto.Role{Id: "2", Members: []string{"foo"}} - result, response, err = client.CreateRole(secondGroup) - require.NoError(t, err) - assert.Equal(t, http.StatusCreated, response.StatusCode) - assert.EqualValues(t, secondGroup, *result) - - result, response, err = client.GetRole("1") - require.NoError(t, err) - assert.Equal(t, http.StatusOK, response.StatusCode) - assert.EqualValues(t, firstGroup, *result) - - results, response, err := client.ListRoles("foo", 100, 0) - require.NoError(t, err) - assert.Equal(t, http.StatusOK, response.StatusCode) - assert.Len(t, results, 2) - - results, response, err = client.ListRoles("", 100, 0) - require.NoError(t, err) - assert.Equal(t, http.StatusOK, response.StatusCode) - assert.Len(t, results, 2) - - results, response, err = client.ListRoles("", 1, 0) - require.NoError(t, err) - assert.Equal(t, http.StatusOK, response.StatusCode) - assert.Len(t, results, 1) - - results, response, err = client.ListRoles("foo", 1, 0) - require.NoError(t, err) - assert.Equal(t, http.StatusOK, response.StatusCode) - assert.Len(t, results, 1) - - client.AddMembersToRole("1", keto.RoleMembers{Members: []string{"baz"}}) - - results, response, err = client.ListRoles("baz", 100, 0) - require.NoError(t, err) - assert.Equal(t, http.StatusOK, response.StatusCode) - assert.Len(t, results, 1) - - response, err = client.RemoveMembersFromRole("1", keto.RoleMembers{Members: []string{"baz"}}) - require.NoError(t, err) - assert.Equal(t, http.StatusNoContent, response.StatusCode) - - results, response, err = client.ListRoles("baz", 100, 0) - require.NoError(t, err) - assert.Equal(t, http.StatusOK, response.StatusCode) - assert.Len(t, results, 0) - - response, err = client.DeleteRole("1") - require.NoError(t, err) - assert.Equal(t, http.StatusNoContent, response.StatusCode) - - _, response, err = client.GetRole("4321") - require.NoError(t, err) - assert.Equal(t, http.StatusNotFound, response.StatusCode) - }) -} diff --git a/scripts/run-format.sh b/scripts/run-format.sh deleted file mode 100755 index fe530bc00..000000000 --- a/scripts/run-format.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -cd "$( dirname "${BASH_SOURCE[0]}" )/.." - -goimports -w $(go list -f {{.Dir}} ./... | grep -v vendor | grep -v "ory.keto$") -goimports -w *.go - -git add -A diff --git a/scripts/run-gensdk.sh b/scripts/run-gensdk.sh deleted file mode 100755 index ac0ffcc05..000000000 --- a/scripts/run-gensdk.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -cd "$( dirname "${BASH_SOURCE[0]}" )/.." - -scripts/run-genswag.sh - -rm -rf ./sdk/go/keto/swagger -rm -rf ./sdk/js/swagger -rm -rf ./sdk/php/swagger - -# curl -O scripts/swagger-codegen-cli-2.2.3.jar http://central.maven.org/maven2/io/swagger/swagger-codegen-cli/2.2.3/swagger-codegen-cli-2.2.3.jar - -java -jar scripts/swagger-codegen-cli-2.2.3.jar generate -i ./docs/api.swagger.json -l go -o ./sdk/go/keto/swagger -java -jar scripts/swagger-codegen-cli-2.2.3.jar generate -i ./docs/api.swagger.json -l javascript -o ./sdk/js/swagger -java -jar scripts/swagger-codegen-cli-2.2.3.jar generate -i ./docs/api.swagger.json -l php -o sdk/php/ \ - --invoker-package keto\\SDK --git-repo-id swagger --git-user-id ory --additional-properties "packagePath=swagger,description=Client for keto" - -scripts/run-format.sh - -git checkout HEAD -- sdk/go/keto/swagger/configuration.go -git checkout HEAD -- sdk/go/keto/swagger/api_client.go -rm -f ./sdk/js/swagger/package.json -rm -rf ./sdk/js/swagger/test -rm -f ./sdk/php/swagger/composer.json ./sdk/php/swagger/phpunit.xml.dist -rm -rf ./sdk/php/swagger/test - -npm run prettier diff --git a/scripts/run-genswag.sh b/scripts/run-genswag.sh deleted file mode 100755 index d47f7cfcb..000000000 --- a/scripts/run-genswag.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -cd "$( dirname "${BASH_SOURCE[0]}" )/.." - -swagger generate spec -m -o ./docs/api.swagger.json diff --git a/scripts/test-e2e.sh b/scripts/test-e2e.sh index 408091196..53699b6dd 100755 --- a/scripts/test-e2e.sh +++ b/scripts/test-e2e.sh @@ -4,10 +4,37 @@ set -euo pipefail cd "$( dirname "${BASH_SOURCE[0]}" )/.." -DATABASE_URL=memory keto serve --dangerous-auto-logon --dangerous-force-http --disable-telemetry & -while ! echo exit | nc 127.0.0.1 4444; do sleep 1; done +killall keto || true -keto clients create --id foobar -keto clients delete foobar -curl --header "Authorization: bearer $(keto token client)" http://localhost:4444/clients -keto token validate $(keto token client) +DATABASE_URL=memory keto serve --disable-telemetry & +while ! echo exit | nc 127.0.0.1 4466; do sleep 1; done + +# Explicitly run without endpoint to see if that's working properly. +export KETO_URL=http://127.0.0.1:4466/ +keto engines acp ory policies import regex ./tests/stubs/policies.json + +# And check if it's working without trailing slash +export KETO_URL=http://127.0.0.1:4466 +keto engines acp ory policies import exact ./tests/stubs/policies.json + +# Now explicitly check if that works with the --endpoint flag +keto engines --endpoint http://localhost:4466 acp ory roles import regex ./tests/stubs/roles.json +# And with slash +keto engines --endpoint http://localhost:4466/ acp ory roles import exact ./tests/stubs/roles.json + +# Importing data is done, let's perform some checks + +exit $(keto engines --endpoint http://localhost:4466 acp ory allowed regex peter-1 resources-11 actions-11 | grep -c '"allowed": false') +exit $(keto engines --endpoint http://localhost:4466 acp ory allowed regex maria-1 resources-11 actions-11 | grep -c '"allowed": false') +exit $(keto engines --endpoint http://localhost:4466 acp ory allowed regex group-1 resources-11 actions-11 | grep -c '"allowed": false') + +exit $(keto engines --endpoint http://localhost:4466 acp ory allowed regex not-exist resources-11 actions-11 | grep -c '"allowed": true') + +exit $(keto engines --endpoint http://localhost:4466 acp ory allowed exact peter-1 resources-11 actions-11 | grep -c '"allowed": false') +exit $(keto engines --endpoint http://localhost:4466 acp ory allowed exact maria-1 resources-11 actions-11 | grep -c '"allowed": false') +exit $(keto engines --endpoint http://localhost:4466 acp ory allowed exact group-1 resources-11 actions-11 | grep -c '"allowed": false') + +exit $(keto engines --endpoint http://localhost:4466 acp ory allowed exact not-exist resources-11 actions-11 | grep -c '"allowed": true') + +kill %1 +exit 0 diff --git a/scripts/test-format.sh b/scripts/test-format.sh deleted file mode 100755 index 9f142b9b7..000000000 --- a/scripts/test-format.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -cd "$( dirname "${BASH_SOURCE[0]}" )/.." - -toformat=$(goimports -l $(go list -f {{.Dir}} ./... | grep -v vendor | grep -v 'ory.keto$')) -[ -z "$toformat" ] && echo "All files are formatted correctly" -[ -n "$toformat" ] && echo "Please use \`goimports\` to format the following files:" && echo $toformat && exit 1 - -exit 0 \ No newline at end of file diff --git a/sdk/go/keto/sdk.go b/sdk/go/keto/sdk.go deleted file mode 100644 index a903840ca..000000000 --- a/sdk/go/keto/sdk.go +++ /dev/null @@ -1,46 +0,0 @@ -package keto - -import ( - "strings" - - "github.com/ory/keto/sdk/go/keto/swagger" - "github.com/pkg/errors" -) - -type SDK interface { - RoleSDK - WardenSDK - PolicySDK -} - -var testSDK SDK = new(CodeGenSDK) - -type CodeGenSDK struct { - *swagger.RoleApi - *swagger.WardenApi - *swagger.PolicyApi - - Configuration *Configuration -} - -// Configuration configures the CodeGenSDK. -type Configuration struct { - // EndpointURL should point to the url of ORY Keto, for example: http://localhost:4466 - EndpointURL string -} - -// CodeGenSDK instantiates a new CodeGenSDK instance or returns an error. -func NewCodeGenSDK(c *Configuration) (*CodeGenSDK, error) { - if c.EndpointURL == "" { - return nil, errors.New("Please specify the ORY Keto endpoint URL") - } - - c.EndpointURL = strings.TrimRight(c.EndpointURL, "/") - sdk := &CodeGenSDK{ - RoleApi: swagger.NewRoleApiWithBasePath(c.EndpointURL), - WardenApi: swagger.NewWardenApiWithBasePath(c.EndpointURL), - PolicyApi: swagger.NewPolicyApiWithBasePath(c.EndpointURL), - } - - return sdk, nil -} diff --git a/sdk/go/keto/sdk_policy.go b/sdk/go/keto/sdk_policy.go deleted file mode 100644 index d7518fc4d..000000000 --- a/sdk/go/keto/sdk_policy.go +++ /dev/null @@ -1,11 +0,0 @@ -package keto - -import "github.com/ory/keto/sdk/go/keto/swagger" - -type PolicySDK interface { - CreatePolicy(body swagger.Policy) (*swagger.Policy, *swagger.APIResponse, error) - DeletePolicy(id string) (*swagger.APIResponse, error) - GetPolicy(id string) (*swagger.Policy, *swagger.APIResponse, error) - ListPolicies(offset int64, limit int64) ([]swagger.Policy, *swagger.APIResponse, error) - UpdatePolicy(id string, body swagger.Policy) (*swagger.Policy, *swagger.APIResponse, error) -} diff --git a/sdk/go/keto/sdk_role.go b/sdk/go/keto/sdk_role.go deleted file mode 100644 index 97a709816..000000000 --- a/sdk/go/keto/sdk_role.go +++ /dev/null @@ -1,12 +0,0 @@ -package keto - -import "github.com/ory/keto/sdk/go/keto/swagger" - -type RoleSDK interface { - AddMembersToRole(id string, body swagger.RoleMembers) (*swagger.APIResponse, error) - DeleteRole(id string) (*swagger.APIResponse, error) - CreateRole(body swagger.Role) (*swagger.Role, *swagger.APIResponse, error) - GetRole(id string) (*swagger.Role, *swagger.APIResponse, error) - ListRoles(member string, limit int64, offset int64) ([]swagger.Role, *swagger.APIResponse, error) - RemoveMembersFromRole(id string, body swagger.RoleMembers) (*swagger.APIResponse, error) -} diff --git a/sdk/go/keto/sdk_warden.go b/sdk/go/keto/sdk_warden.go deleted file mode 100644 index 41d86b2c7..000000000 --- a/sdk/go/keto/sdk_warden.go +++ /dev/null @@ -1,9 +0,0 @@ -package keto - -import "github.com/ory/keto/sdk/go/keto/swagger" - -type WardenSDK interface { - IsSubjectAuthorized(body swagger.WardenSubjectAuthorizationRequest) (*swagger.WardenSubjectAuthorizationResponse, *swagger.APIResponse, error) - IsOAuth2AccessTokenAuthorized(body swagger.WardenOAuth2AccessTokenAuthorizationRequest) (*swagger.WardenOAuth2AccessTokenAuthorizationResponse, *swagger.APIResponse, error) - IsOAuth2ClientAuthorized(body swagger.WardenOAuth2ClientAuthorizationRequest) (*swagger.WardenOAuth2ClientAuthorizationResponse, *swagger.APIResponse, error) -} diff --git a/sdk/go/keto/swagger/README.md b/sdk/go/keto/swagger/README.md index 3824e67c2..db4be95b4 100644 --- a/sdk/go/keto/swagger/README.md +++ b/sdk/go/keto/swagger/README.md @@ -22,65 +22,49 @@ All URIs are relative to *http://localhost* Class | Method | HTTP request | Description ------------ | ------------- | ------------- | ------------- -*HealthApi* | [**IsInstanceAlive**](docs/HealthApi.md#isinstancealive) | **Get** /health/alive | Check the Alive Status -*HealthApi* | [**IsInstanceReady**](docs/HealthApi.md#isinstanceready) | **Get** /health/ready | Check the Readiness Status -*PolicyApi* | [**CreatePolicy**](docs/PolicyApi.md#createpolicy) | **Post** /policies | -*PolicyApi* | [**DeletePolicy**](docs/PolicyApi.md#deletepolicy) | **Delete** /policies/{id} | -*PolicyApi* | [**GetPolicy**](docs/PolicyApi.md#getpolicy) | **Get** /policies/{id} | -*PolicyApi* | [**ListPolicies**](docs/PolicyApi.md#listpolicies) | **Get** /policies | -*PolicyApi* | [**UpdatePolicy**](docs/PolicyApi.md#updatepolicy) | **Put** /policies/{id} | -*RoleApi* | [**AddMembersToRole**](docs/RoleApi.md#addmemberstorole) | **Post** /roles/{id}/members | Add members to a role -*RoleApi* | [**CreateRole**](docs/RoleApi.md#createrole) | **Post** /roles | Create a role -*RoleApi* | [**DeleteRole**](docs/RoleApi.md#deleterole) | **Delete** /roles/{id} | Get a role by its ID -*RoleApi* | [**GetRole**](docs/RoleApi.md#getrole) | **Get** /roles/{id} | Get a role by its ID -*RoleApi* | [**ListRoles**](docs/RoleApi.md#listroles) | **Get** /roles | List all roles -*RoleApi* | [**RemoveMembersFromRole**](docs/RoleApi.md#removemembersfromrole) | **Delete** /roles/{id}/members | Remove members from a role -*RoleApi* | [**SetRole**](docs/RoleApi.md#setrole) | **Put** /roles/{id} | A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. -*VersionApi* | [**GetVersion**](docs/VersionApi.md#getversion) | **Get** /version | Get the version of Keto -*WardenApi* | [**IsOAuth2AccessTokenAuthorized**](docs/WardenApi.md#isoauth2accesstokenauthorized) | **Post** /warden/oauth2/access-tokens/authorize | Check if an OAuth 2.0 access token is authorized to access a resource -*WardenApi* | [**IsOAuth2ClientAuthorized**](docs/WardenApi.md#isoauth2clientauthorized) | **Post** /warden/oauth2/clients/authorize | Check if an OAuth 2.0 Client is authorized to access a resource -*WardenApi* | [**IsSubjectAuthorized**](docs/WardenApi.md#issubjectauthorized) | **Post** /warden/subjects/authorize | Check if a subject is authorized to access a resource +*EnginesApi* | [**AddOryAccessControlPolicyRoleMembers**](docs/EnginesApi.md#addoryaccesscontrolpolicyrolemembers) | **Put** /engines/acp/ory/{flavor}/roles/{id}/members | Add a member to an ORY Access Control Policy Role +*EnginesApi* | [**DeleteOryAccessControlPolicy**](docs/EnginesApi.md#deleteoryaccesscontrolpolicy) | **Delete** /engines/acp/ory/{flavor}/policies/{id} | +*EnginesApi* | [**DeleteOryAccessControlPolicyRole**](docs/EnginesApi.md#deleteoryaccesscontrolpolicyrole) | **Delete** /engines/acp/ory/{flavor}/roles/{id} | Delete an ORY Access Control Policy Role +*EnginesApi* | [**DoOryAccessControlPoliciesAllow**](docs/EnginesApi.md#dooryaccesscontrolpoliciesallow) | **Post** /engines/acp/ory/{flavor}/allowed | Check if a request is allowed +*EnginesApi* | [**GetOryAccessControlPolicy**](docs/EnginesApi.md#getoryaccesscontrolpolicy) | **Get** /engines/acp/ory/{flavor}/policies/{id} | +*EnginesApi* | [**GetOryAccessControlPolicyRole**](docs/EnginesApi.md#getoryaccesscontrolpolicyrole) | **Get** /engines/acp/ory/{flavor}/roles/{id} | Get an ORY Access Control Policy Role +*EnginesApi* | [**ListOryAccessControlPolicies**](docs/EnginesApi.md#listoryaccesscontrolpolicies) | **Get** /engines/acp/ory/{flavor}/policies | +*EnginesApi* | [**ListOryAccessControlPolicyRoles**](docs/EnginesApi.md#listoryaccesscontrolpolicyroles) | **Get** /engines/acp/ory/{flavor}/roles | List ORY Access Control Policy Roles +*EnginesApi* | [**RemoveOryAccessControlPolicyRoleMembers**](docs/EnginesApi.md#removeoryaccesscontrolpolicyrolemembers) | **Delete** /engines/acp/ory/{flavor}/roles/{id}/members | Remove a member from an ORY Access Control Policy Role +*EnginesApi* | [**UpsertOryAccessControlPolicy**](docs/EnginesApi.md#upsertoryaccesscontrolpolicy) | **Put** /engines/acp/ory/{flavor}/policies | +*EnginesApi* | [**UpsertOryAccessControlPolicyRole**](docs/EnginesApi.md#upsertoryaccesscontrolpolicyrole) | **Put** /engines/acp/ory/{flavor}/roles | Upsert an ORY Access Control Policy Role +*HealthApi* | [**IsInstanceAlive**](docs/HealthApi.md#isinstancealive) | **Get** /health/alive | Check alive status +*HealthApi* | [**IsInstanceReady**](docs/HealthApi.md#isinstanceready) | **Get** /health/ready | Check readiness status +*VersionApi* | [**GetVersion**](docs/VersionApi.md#getversion) | **Get** /version | Get service version ## Documentation For Models - - [AuthenticationDefaultSession](docs/AuthenticationDefaultSession.md) - - [AuthenticationOAuth2ClientCredentialsRequest](docs/AuthenticationOAuth2ClientCredentialsRequest.md) - - [AuthenticationOAuth2ClientCredentialsSession](docs/AuthenticationOAuth2ClientCredentialsSession.md) - - [AuthenticationOAuth2IntrospectionRequest](docs/AuthenticationOAuth2IntrospectionRequest.md) - - [AuthenticationOAuth2Session](docs/AuthenticationOAuth2Session.md) - - [Authenticator](docs/Authenticator.md) - - [Firewall](docs/Firewall.md) - - [Handler](docs/Handler.md) + - [AddOryAccessControlPolicyRoleMembers](docs/AddOryAccessControlPolicyRoleMembers.md) + - [AddOryAccessControlPolicyRoleMembersBody](docs/AddOryAccessControlPolicyRoleMembersBody.md) + - [AuthorizationResult](docs/AuthorizationResult.md) + - [Context](docs/Context.md) + - [DeleteOryAccessControlPolicy](docs/DeleteOryAccessControlPolicy.md) + - [DeleteOryAccessControlPolicyRole](docs/DeleteOryAccessControlPolicyRole.md) + - [DoOryAccessControlPoliciesAllow](docs/DoOryAccessControlPoliciesAllow.md) + - [GetOryAccessControlPolicy](docs/GetOryAccessControlPolicy.md) + - [GetOryAccessControlPolicyRole](docs/GetOryAccessControlPolicyRole.md) - [HealthNotReadyStatus](docs/HealthNotReadyStatus.md) - [HealthStatus](docs/HealthStatus.md) - [InlineResponse500](docs/InlineResponse500.md) - - [IntrospectionResponse](docs/IntrospectionResponse.md) - - [Manager](docs/Manager.md) - - [OAuth2ClientCredentialsAuthentication](docs/OAuth2ClientCredentialsAuthentication.md) - - [OAuth2IntrospectionAuthentication](docs/OAuth2IntrospectionAuthentication.md) - - [Policy](docs/Policy.md) - - [PolicyConditions](docs/PolicyConditions.md) - - [Role](docs/Role.md) - - [RoleMembers](docs/RoleMembers.md) - - [Session](docs/Session.md) - - [SwaggerCreatePolicyParameters](docs/SwaggerCreatePolicyParameters.md) - - [SwaggerDoesWardenAllowAccessRequestParameters](docs/SwaggerDoesWardenAllowAccessRequestParameters.md) - - [SwaggerDoesWardenAllowClientRequestParameters](docs/SwaggerDoesWardenAllowClientRequestParameters.md) - - [SwaggerDoesWardenAllowTokenAccessRequestParameters](docs/SwaggerDoesWardenAllowTokenAccessRequestParameters.md) - - [SwaggerGetPolicyParameters](docs/SwaggerGetPolicyParameters.md) - - [SwaggerListPolicyParameters](docs/SwaggerListPolicyParameters.md) - - [SwaggerListPolicyResponse](docs/SwaggerListPolicyResponse.md) - - [SwaggerUpdatePolicyParameters](docs/SwaggerUpdatePolicyParameters.md) - - [SwaggerWardenBaseRequest](docs/SwaggerWardenBaseRequest.md) + - [ListOryAccessControlPolicies](docs/ListOryAccessControlPolicies.md) + - [ListOryAccessControlPolicyRoles](docs/ListOryAccessControlPolicyRoles.md) + - [OryAccessControlPolicies](docs/OryAccessControlPolicies.md) + - [OryAccessControlPolicy](docs/OryAccessControlPolicy.md) + - [OryAccessControlPolicyAllowedInput](docs/OryAccessControlPolicyAllowedInput.md) + - [OryAccessControlPolicyRole](docs/OryAccessControlPolicyRole.md) + - [OryAccessControlPolicyRoles](docs/OryAccessControlPolicyRoles.md) + - [Policies](docs/Policies.md) + - [RemoveOryAccessControlPolicyRoleMembers](docs/RemoveOryAccessControlPolicyRoleMembers.md) + - [RemoveOryAccessControlPolicyRoleMembersBody](docs/RemoveOryAccessControlPolicyRoleMembersBody.md) + - [UpsertOryAccessControlPolicy](docs/UpsertOryAccessControlPolicy.md) + - [UpsertOryAccessControlPolicyRole](docs/UpsertOryAccessControlPolicyRole.md) - [Version](docs/Version.md) - - [WardenOAuth2AccessTokenAuthorizationRequest](docs/WardenOAuth2AccessTokenAuthorizationRequest.md) - - [WardenOAuth2AccessTokenAuthorizationResponse](docs/WardenOAuth2AccessTokenAuthorizationResponse.md) - - [WardenOAuth2ClientAuthorizationRequest](docs/WardenOAuth2ClientAuthorizationRequest.md) - - [WardenOAuth2ClientAuthorizationResponse](docs/WardenOAuth2ClientAuthorizationResponse.md) - - [WardenSubjectAuthorizationRequest](docs/WardenSubjectAuthorizationRequest.md) - - [WardenSubjectAuthorizationResponse](docs/WardenSubjectAuthorizationResponse.md) - - [Writer](docs/Writer.md) ## Documentation For Authorization @@ -90,5 +74,5 @@ Class | Method | HTTP request | Description ## Author -hi@ory.am +hi@ory.sh diff --git a/sdk/go/keto/swagger/add_ory_access_control_policy_role_members.go b/sdk/go/keto/swagger/add_ory_access_control_policy_role_members.go new file mode 100644 index 000000000..2759f10bb --- /dev/null +++ b/sdk/go/keto/swagger/add_ory_access_control_policy_role_members.go @@ -0,0 +1,19 @@ +/* + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * Generated by: https://github.com/swagger-api/swagger-codegen.git + */ + +package swagger + +type AddOryAccessControlPolicyRoleMembers struct { + Body AddOryAccessControlPolicyRoleMembersBody `json:"Body,omitempty"` + + // The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + Flavor string `json:"flavor"` + + // The ID of the ORY Access Control Policy Role. in: path + Id string `json:"id"` +} diff --git a/sdk/go/keto/swagger/role_members.go b/sdk/go/keto/swagger/add_ory_access_control_policy_role_members_body.go similarity index 65% rename from sdk/go/keto/swagger/role_members.go rename to sdk/go/keto/swagger/add_ory_access_control_policy_role_members_body.go index 166f6c7cc..fb07e9a6b 100644 --- a/sdk/go/keto/swagger/role_members.go +++ b/sdk/go/keto/swagger/add_ory_access_control_policy_role_members_body.go @@ -2,12 +2,14 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git */ package swagger -type RoleMembers struct { +type AddOryAccessControlPolicyRoleMembersBody struct { + + // The members to be added. Members []string `json:"members,omitempty"` } diff --git a/sdk/go/keto/swagger/api_client.go b/sdk/go/keto/swagger/api_client.go index 52873b0c0..be9f5d8b7 100644 --- a/sdk/go/keto/swagger/api_client.go +++ b/sdk/go/keto/swagger/api_client.go @@ -2,7 +2,7 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git */ @@ -17,7 +17,7 @@ import ( "reflect" "strings" - "github.com/go-resty/resty" + "gopkg.in/resty.v1" ) type APIClient struct { diff --git a/sdk/go/keto/swagger/api_response.go b/sdk/go/keto/swagger/api_response.go index 081af8f2e..c12618391 100644 --- a/sdk/go/keto/swagger/api_response.go +++ b/sdk/go/keto/swagger/api_response.go @@ -2,7 +2,7 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git */ diff --git a/sdk/go/keto/swagger/authentication_default_session.go b/sdk/go/keto/swagger/authentication_default_session.go deleted file mode 100644 index af35a37e6..000000000 --- a/sdk/go/keto/swagger/authentication_default_session.go +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -type AuthenticationDefaultSession struct { - - // Allowed is true if the request is allowed and false otherwise. - Allowed bool `json:"allowed,omitempty"` - - // Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. - Sub string `json:"sub,omitempty"` -} diff --git a/sdk/go/keto/swagger/authentication_o_auth2_client_credentials_request.go b/sdk/go/keto/swagger/authentication_o_auth2_client_credentials_request.go deleted file mode 100644 index 977209dff..000000000 --- a/sdk/go/keto/swagger/authentication_o_auth2_client_credentials_request.go +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -type AuthenticationOAuth2ClientCredentialsRequest struct { - - // Token is the token to introspect. - ClientId string `json:"client_id,omitempty"` - - ClientSecret string `json:"client_secret,omitempty"` - - // Scope is an array of scopes that are required. - Scope []string `json:"scope,omitempty"` -} diff --git a/sdk/go/keto/swagger/authentication_o_auth2_client_credentials_session.go b/sdk/go/keto/swagger/authentication_o_auth2_client_credentials_session.go deleted file mode 100644 index 43b8a250f..000000000 --- a/sdk/go/keto/swagger/authentication_o_auth2_client_credentials_session.go +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -type AuthenticationOAuth2ClientCredentialsSession struct { - - // Allowed is true if the request is allowed and false otherwise. - Allowed bool `json:"allowed,omitempty"` - - // Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. - Sub string `json:"sub,omitempty"` -} diff --git a/sdk/go/keto/swagger/authentication_o_auth2_introspection_request.go b/sdk/go/keto/swagger/authentication_o_auth2_introspection_request.go deleted file mode 100644 index d53295935..000000000 --- a/sdk/go/keto/swagger/authentication_o_auth2_introspection_request.go +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -type AuthenticationOAuth2IntrospectionRequest struct { - - // Scope is an array of scopes that are required. - Scope []string `json:"scope,omitempty"` - - // Token is the token to introspect. - Token string `json:"token,omitempty"` -} diff --git a/sdk/go/keto/swagger/authentication_o_auth2_session.go b/sdk/go/keto/swagger/authentication_o_auth2_session.go deleted file mode 100644 index a92dc908e..000000000 --- a/sdk/go/keto/swagger/authentication_o_auth2_session.go +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -import ( - "time" -) - -type AuthenticationOAuth2Session struct { - - // Allowed is true if the request is allowed and false otherwise. - Allowed bool `json:"allowed,omitempty"` - - Aud []string `json:"aud,omitempty"` - - // ClientID is the id of the OAuth2 client that requested the token. - ClientId string `json:"client_id,omitempty"` - - // ExpiresAt is the expiry timestamp. - Exp time.Time `json:"exp,omitempty"` - - // IssuedAt is the token creation time stamp. - Iat time.Time `json:"iat,omitempty"` - - // Issuer is the id of the issuer, typically an hydra instance. - Iss string `json:"iss,omitempty"` - - Nbf time.Time `json:"nbf,omitempty"` - - // GrantedScopes is a list of scopes that the subject authorized when asked for consent. - Scope string `json:"scope,omitempty"` - - // Session represents arbitrary session data. - Session map[string]interface{} `json:"session,omitempty"` - - // Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. - Sub string `json:"sub,omitempty"` - - Username string `json:"username,omitempty"` -} diff --git a/sdk/go/keto/swagger/authorization_result.go b/sdk/go/keto/swagger/authorization_result.go new file mode 100644 index 000000000..9077790c9 --- /dev/null +++ b/sdk/go/keto/swagger/authorization_result.go @@ -0,0 +1,15 @@ +/* + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * Generated by: https://github.com/swagger-api/swagger-codegen.git + */ + +package swagger + +type AuthorizationResult struct { + + // Allowed is true if the request should be allowed and false otherwise. + Allowed bool `json:"allowed,omitempty"` +} diff --git a/sdk/go/keto/swagger/configuration.go b/sdk/go/keto/swagger/configuration.go index e0b701e93..bfe715b53 100644 --- a/sdk/go/keto/swagger/configuration.go +++ b/sdk/go/keto/swagger/configuration.go @@ -2,7 +2,7 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git */ @@ -29,7 +29,7 @@ type Configuration struct { DefaultHeader map[string]string `json:"defaultHeader,omitempty"` UserAgent string `json:"userAgent,omitempty"` APIClient *APIClient - Transport http.RoundTripper + Transport *http.Transport Timeout *time.Duration `json:"timeout,omitempty"` } diff --git a/sdk/go/keto/swagger/manager.go b/sdk/go/keto/swagger/context.go similarity index 77% rename from sdk/go/keto/swagger/manager.go rename to sdk/go/keto/swagger/context.go index aaf6f051d..d99123c24 100644 --- a/sdk/go/keto/swagger/manager.go +++ b/sdk/go/keto/swagger/context.go @@ -2,11 +2,11 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git */ package swagger -type Manager struct { +type Context struct { } diff --git a/sdk/go/keto/swagger/delete_ory_access_control_policy.go b/sdk/go/keto/swagger/delete_ory_access_control_policy.go new file mode 100644 index 000000000..7f27b9654 --- /dev/null +++ b/sdk/go/keto/swagger/delete_ory_access_control_policy.go @@ -0,0 +1,18 @@ +/* + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * Generated by: https://github.com/swagger-api/swagger-codegen.git + */ + +package swagger + +type DeleteOryAccessControlPolicy struct { + + // The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + Flavor string `json:"flavor"` + + // The ID of the ORY Access Control Policy Role. in: path + Id string `json:"id"` +} diff --git a/sdk/go/keto/swagger/delete_ory_access_control_policy_role.go b/sdk/go/keto/swagger/delete_ory_access_control_policy_role.go new file mode 100644 index 000000000..cad0b735a --- /dev/null +++ b/sdk/go/keto/swagger/delete_ory_access_control_policy_role.go @@ -0,0 +1,18 @@ +/* + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * Generated by: https://github.com/swagger-api/swagger-codegen.git + */ + +package swagger + +type DeleteOryAccessControlPolicyRole struct { + + // The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + Flavor string `json:"flavor"` + + // The ID of the ORY Access Control Policy Role. in: path + Id string `json:"id"` +} diff --git a/sdk/go/keto/swagger/do_ory_access_control_policies_allow.go b/sdk/go/keto/swagger/do_ory_access_control_policies_allow.go new file mode 100644 index 000000000..084b4679e --- /dev/null +++ b/sdk/go/keto/swagger/do_ory_access_control_policies_allow.go @@ -0,0 +1,16 @@ +/* + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * Generated by: https://github.com/swagger-api/swagger-codegen.git + */ + +package swagger + +type DoOryAccessControlPoliciesAllow struct { + Body OryAccessControlPolicyAllowedInput `json:"Body,omitempty"` + + // The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + Flavor string `json:"flavor"` +} diff --git a/sdk/go/keto/swagger/docs/AddOryAccessControlPolicyRoleMembers.md b/sdk/go/keto/swagger/docs/AddOryAccessControlPolicyRoleMembers.md new file mode 100644 index 000000000..4edda6379 --- /dev/null +++ b/sdk/go/keto/swagger/docs/AddOryAccessControlPolicyRoleMembers.md @@ -0,0 +1,12 @@ +# AddOryAccessControlPolicyRoleMembers + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**Body** | [**AddOryAccessControlPolicyRoleMembersBody**](addOryAccessControlPolicyRoleMembersBody.md) | | [optional] [default to null] +**Flavor** | **string** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | [default to null] +**Id** | **string** | The ID of the ORY Access Control Policy Role. in: path | [default to null] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/go/keto/swagger/docs/AddOryAccessControlPolicyRoleMembersBody.md b/sdk/go/keto/swagger/docs/AddOryAccessControlPolicyRoleMembersBody.md new file mode 100644 index 000000000..8bb4e675f --- /dev/null +++ b/sdk/go/keto/swagger/docs/AddOryAccessControlPolicyRoleMembersBody.md @@ -0,0 +1,10 @@ +# AddOryAccessControlPolicyRoleMembersBody + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**Members** | **[]string** | The members to be added. | [optional] [default to null] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/go/keto/swagger/docs/AuthenticationDefaultSession.md b/sdk/go/keto/swagger/docs/AuthenticationDefaultSession.md deleted file mode 100644 index 5c274c868..000000000 --- a/sdk/go/keto/swagger/docs/AuthenticationDefaultSession.md +++ /dev/null @@ -1,11 +0,0 @@ -# AuthenticationDefaultSession - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Allowed** | **bool** | Allowed is true if the request is allowed and false otherwise. | [optional] [default to null] -**Sub** | **string** | Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. | [optional] [default to null] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/go/keto/swagger/docs/AuthenticationOAuth2ClientCredentialsRequest.md b/sdk/go/keto/swagger/docs/AuthenticationOAuth2ClientCredentialsRequest.md deleted file mode 100644 index 2878c9416..000000000 --- a/sdk/go/keto/swagger/docs/AuthenticationOAuth2ClientCredentialsRequest.md +++ /dev/null @@ -1,12 +0,0 @@ -# AuthenticationOAuth2ClientCredentialsRequest - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**ClientId** | **string** | Token is the token to introspect. | [optional] [default to null] -**ClientSecret** | **string** | | [optional] [default to null] -**Scope** | **[]string** | Scope is an array of scopes that are required. | [optional] [default to null] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/go/keto/swagger/docs/AuthenticationOAuth2ClientCredentialsSession.md b/sdk/go/keto/swagger/docs/AuthenticationOAuth2ClientCredentialsSession.md deleted file mode 100644 index 87710e672..000000000 --- a/sdk/go/keto/swagger/docs/AuthenticationOAuth2ClientCredentialsSession.md +++ /dev/null @@ -1,11 +0,0 @@ -# AuthenticationOAuth2ClientCredentialsSession - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Allowed** | **bool** | Allowed is true if the request is allowed and false otherwise. | [optional] [default to null] -**Sub** | **string** | Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. | [optional] [default to null] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/go/keto/swagger/docs/AuthenticationOAuth2Session.md b/sdk/go/keto/swagger/docs/AuthenticationOAuth2Session.md deleted file mode 100644 index 94b9fd491..000000000 --- a/sdk/go/keto/swagger/docs/AuthenticationOAuth2Session.md +++ /dev/null @@ -1,20 +0,0 @@ -# AuthenticationOAuth2Session - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Allowed** | **bool** | Allowed is true if the request is allowed and false otherwise. | [optional] [default to null] -**Aud** | **[]string** | | [optional] [default to null] -**ClientId** | **string** | ClientID is the id of the OAuth2 client that requested the token. | [optional] [default to null] -**Exp** | [**time.Time**](time.Time.md) | ExpiresAt is the expiry timestamp. | [optional] [default to null] -**Iat** | [**time.Time**](time.Time.md) | IssuedAt is the token creation time stamp. | [optional] [default to null] -**Iss** | **string** | Issuer is the id of the issuer, typically an hydra instance. | [optional] [default to null] -**Nbf** | [**time.Time**](time.Time.md) | | [optional] [default to null] -**Scope** | **string** | GrantedScopes is a list of scopes that the subject authorized when asked for consent. | [optional] [default to null] -**Session** | [**map[string]interface{}**](interface{}.md) | Session represents arbitrary session data. | [optional] [default to null] -**Sub** | **string** | Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. | [optional] [default to null] -**Username** | **string** | | [optional] [default to null] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/go/keto/swagger/docs/AuthorizationResult.md b/sdk/go/keto/swagger/docs/AuthorizationResult.md new file mode 100644 index 000000000..c842d8a5b --- /dev/null +++ b/sdk/go/keto/swagger/docs/AuthorizationResult.md @@ -0,0 +1,10 @@ +# AuthorizationResult + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**Allowed** | **bool** | Allowed is true if the request should be allowed and false otherwise. | [optional] [default to null] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/go/keto/swagger/docs/Writer.md b/sdk/go/keto/swagger/docs/Context.md similarity index 96% rename from sdk/go/keto/swagger/docs/Writer.md rename to sdk/go/keto/swagger/docs/Context.md index 530fd0f80..f79b191f4 100644 --- a/sdk/go/keto/swagger/docs/Writer.md +++ b/sdk/go/keto/swagger/docs/Context.md @@ -1,4 +1,4 @@ -# Writer +# Context ## Properties Name | Type | Description | Notes diff --git a/sdk/go/keto/swagger/docs/DeleteOryAccessControlPolicy.md b/sdk/go/keto/swagger/docs/DeleteOryAccessControlPolicy.md new file mode 100644 index 000000000..583ad19c4 --- /dev/null +++ b/sdk/go/keto/swagger/docs/DeleteOryAccessControlPolicy.md @@ -0,0 +1,11 @@ +# DeleteOryAccessControlPolicy + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**Flavor** | **string** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | [default to null] +**Id** | **string** | The ID of the ORY Access Control Policy Role. in: path | [default to null] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/go/keto/swagger/docs/DeleteOryAccessControlPolicyRole.md b/sdk/go/keto/swagger/docs/DeleteOryAccessControlPolicyRole.md new file mode 100644 index 000000000..a4971cebf --- /dev/null +++ b/sdk/go/keto/swagger/docs/DeleteOryAccessControlPolicyRole.md @@ -0,0 +1,11 @@ +# DeleteOryAccessControlPolicyRole + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**Flavor** | **string** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | [default to null] +**Id** | **string** | The ID of the ORY Access Control Policy Role. in: path | [default to null] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/go/keto/swagger/docs/DoOryAccessControlPoliciesAllow.md b/sdk/go/keto/swagger/docs/DoOryAccessControlPoliciesAllow.md new file mode 100644 index 000000000..9a5e3c1bc --- /dev/null +++ b/sdk/go/keto/swagger/docs/DoOryAccessControlPoliciesAllow.md @@ -0,0 +1,11 @@ +# DoOryAccessControlPoliciesAllow + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**Body** | [**OryAccessControlPolicyAllowedInput**](oryAccessControlPolicyAllowedInput.md) | | [optional] [default to null] +**Flavor** | **string** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | [default to null] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/go/keto/swagger/docs/EnginesApi.md b/sdk/go/keto/swagger/docs/EnginesApi.md new file mode 100644 index 000000000..c92153790 --- /dev/null +++ b/sdk/go/keto/swagger/docs/EnginesApi.md @@ -0,0 +1,353 @@ +# \EnginesApi + +All URIs are relative to *http://localhost* + +Method | HTTP request | Description +------------- | ------------- | ------------- +[**AddOryAccessControlPolicyRoleMembers**](EnginesApi.md#AddOryAccessControlPolicyRoleMembers) | **Put** /engines/acp/ory/{flavor}/roles/{id}/members | Add a member to an ORY Access Control Policy Role +[**DeleteOryAccessControlPolicy**](EnginesApi.md#DeleteOryAccessControlPolicy) | **Delete** /engines/acp/ory/{flavor}/policies/{id} | +[**DeleteOryAccessControlPolicyRole**](EnginesApi.md#DeleteOryAccessControlPolicyRole) | **Delete** /engines/acp/ory/{flavor}/roles/{id} | Delete an ORY Access Control Policy Role +[**DoOryAccessControlPoliciesAllow**](EnginesApi.md#DoOryAccessControlPoliciesAllow) | **Post** /engines/acp/ory/{flavor}/allowed | Check if a request is allowed +[**GetOryAccessControlPolicy**](EnginesApi.md#GetOryAccessControlPolicy) | **Get** /engines/acp/ory/{flavor}/policies/{id} | +[**GetOryAccessControlPolicyRole**](EnginesApi.md#GetOryAccessControlPolicyRole) | **Get** /engines/acp/ory/{flavor}/roles/{id} | Get an ORY Access Control Policy Role +[**ListOryAccessControlPolicies**](EnginesApi.md#ListOryAccessControlPolicies) | **Get** /engines/acp/ory/{flavor}/policies | +[**ListOryAccessControlPolicyRoles**](EnginesApi.md#ListOryAccessControlPolicyRoles) | **Get** /engines/acp/ory/{flavor}/roles | List ORY Access Control Policy Roles +[**RemoveOryAccessControlPolicyRoleMembers**](EnginesApi.md#RemoveOryAccessControlPolicyRoleMembers) | **Delete** /engines/acp/ory/{flavor}/roles/{id}/members | Remove a member from an ORY Access Control Policy Role +[**UpsertOryAccessControlPolicy**](EnginesApi.md#UpsertOryAccessControlPolicy) | **Put** /engines/acp/ory/{flavor}/policies | +[**UpsertOryAccessControlPolicyRole**](EnginesApi.md#UpsertOryAccessControlPolicyRole) | **Put** /engines/acp/ory/{flavor}/roles | Upsert an ORY Access Control Policy Role + + +# **AddOryAccessControlPolicyRoleMembers** +> OryAccessControlPolicyRole AddOryAccessControlPolicyRoleMembers($flavor, $id, $body) + +Add a member to an ORY Access Control Policy Role + +Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **string**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **id** | **string**| The ID of the ORY Access Control Policy Role. | + **body** | [**AddOryAccessControlPolicyRoleMembersBody**](AddOryAccessControlPolicyRoleMembersBody.md)| | [optional] + +### Return type + +[**OryAccessControlPolicyRole**](oryAccessControlPolicyRole.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **DeleteOryAccessControlPolicy** +> DeleteOryAccessControlPolicy($flavor, $id) + + + +Delete an ORY Access Control Policy + + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **string**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **id** | **string**| The ID of the ORY Access Control Policy Role. | + +### Return type + +void (empty response body) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **DeleteOryAccessControlPolicyRole** +> DeleteOryAccessControlPolicyRole($flavor, $id) + +Delete an ORY Access Control Policy Role + +Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **string**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **id** | **string**| The ID of the ORY Access Control Policy Role. | + +### Return type + +void (empty response body) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **DoOryAccessControlPoliciesAllow** +> AuthorizationResult DoOryAccessControlPoliciesAllow($flavor, $body) + +Check if a request is allowed + +Use this endpoint to check if a request is allowed or not. + + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **string**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **body** | [**OryAccessControlPolicyAllowedInput**](OryAccessControlPolicyAllowedInput.md)| | [optional] + +### Return type + +[**AuthorizationResult**](authorizationResult.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **GetOryAccessControlPolicy** +> OryAccessControlPolicy GetOryAccessControlPolicy($flavor, $id) + + + +Get an ORY Access Control Policy + + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **string**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **id** | **string**| The ID of the ORY Access Control Policy Role. | + +### Return type + +[**OryAccessControlPolicy**](oryAccessControlPolicy.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **GetOryAccessControlPolicyRole** +> OryAccessControlPolicyRole GetOryAccessControlPolicyRole($flavor, $id) + +Get an ORY Access Control Policy Role + +Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **string**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **id** | **string**| The ID of the ORY Access Control Policy Role. | + +### Return type + +[**OryAccessControlPolicyRole**](oryAccessControlPolicyRole.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **ListOryAccessControlPolicies** +> []OryAccessControlPolicy ListOryAccessControlPolicies($flavor, $limit, $offset) + + + +List ORY Access Control Policies + + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **string**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" | + **limit** | **int64**| The maximum amount of policies returned. | [optional] + **offset** | **int64**| The offset from where to start looking. | [optional] + +### Return type + +[**[]OryAccessControlPolicy**](oryAccessControlPolicy.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **ListOryAccessControlPolicyRoles** +> []OryAccessControlPolicyRole ListOryAccessControlPolicyRoles($flavor, $limit, $offset) + +List ORY Access Control Policy Roles + +Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **string**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" | + **limit** | **int64**| The maximum amount of policies returned. | [optional] + **offset** | **int64**| The offset from where to start looking. | [optional] + +### Return type + +[**[]OryAccessControlPolicyRole**](oryAccessControlPolicyRole.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **RemoveOryAccessControlPolicyRoleMembers** +> RemoveOryAccessControlPolicyRoleMembers($flavor, $id, $body) + +Remove a member from an ORY Access Control Policy Role + +Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **string**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **id** | **string**| The ID of the ORY Access Control Policy Role. | + **body** | [**RemoveOryAccessControlPolicyRoleMembersBody**](RemoveOryAccessControlPolicyRoleMembersBody.md)| | [optional] + +### Return type + +void (empty response body) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **UpsertOryAccessControlPolicy** +> OryAccessControlPolicy UpsertOryAccessControlPolicy($flavor, $body) + + + +Upsert an ORY Access Control Policy + + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **string**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **body** | [**OryAccessControlPolicy**](OryAccessControlPolicy.md)| | [optional] + +### Return type + +[**OryAccessControlPolicy**](oryAccessControlPolicy.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **UpsertOryAccessControlPolicyRole** +> OryAccessControlPolicyRole UpsertOryAccessControlPolicyRole($flavor, $body) + +Upsert an ORY Access Control Policy Role + +Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **string**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **body** | [**OryAccessControlPolicyRole**](OryAccessControlPolicyRole.md)| | [optional] + +### Return type + +[**OryAccessControlPolicyRole**](oryAccessControlPolicyRole.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + diff --git a/sdk/go/keto/swagger/docs/GetOryAccessControlPolicy.md b/sdk/go/keto/swagger/docs/GetOryAccessControlPolicy.md new file mode 100644 index 000000000..4060d2f27 --- /dev/null +++ b/sdk/go/keto/swagger/docs/GetOryAccessControlPolicy.md @@ -0,0 +1,11 @@ +# GetOryAccessControlPolicy + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**Flavor** | **string** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | [default to null] +**Id** | **string** | The ID of the ORY Access Control Policy Role. in: path | [default to null] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/go/keto/swagger/docs/GetOryAccessControlPolicyRole.md b/sdk/go/keto/swagger/docs/GetOryAccessControlPolicyRole.md new file mode 100644 index 000000000..b2f756784 --- /dev/null +++ b/sdk/go/keto/swagger/docs/GetOryAccessControlPolicyRole.md @@ -0,0 +1,11 @@ +# GetOryAccessControlPolicyRole + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**Flavor** | **string** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | [default to null] +**Id** | **string** | The ID of the ORY Access Control Policy Role. in: path | [default to null] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/go/keto/swagger/docs/HealthApi.md b/sdk/go/keto/swagger/docs/HealthApi.md index eaa3ebe94..06c294a5a 100644 --- a/sdk/go/keto/swagger/docs/HealthApi.md +++ b/sdk/go/keto/swagger/docs/HealthApi.md @@ -4,16 +4,16 @@ All URIs are relative to *http://localhost* Method | HTTP request | Description ------------- | ------------- | ------------- -[**IsInstanceAlive**](HealthApi.md#IsInstanceAlive) | **Get** /health/alive | Check the Alive Status -[**IsInstanceReady**](HealthApi.md#IsInstanceReady) | **Get** /health/ready | Check the Readiness Status +[**IsInstanceAlive**](HealthApi.md#IsInstanceAlive) | **Get** /health/alive | Check alive status +[**IsInstanceReady**](HealthApi.md#IsInstanceReady) | **Get** /health/ready | Check readiness status # **IsInstanceAlive** > HealthStatus IsInstanceAlive() -Check the Alive Status +Check alive status -This endpoint returns a 200 status code when the HTTP server is up running. This status does currently not include checks whether the database connection is working. This endpoint does not require the `X-Forwarded-Proto` header when TLS termination is set. Be aware that if you are running multiple nodes of ORY Keto, the health status will never refer to the cluster state, only to a single instance. +This endpoint returns a 200 status code when the HTTP server is up running. This status does currently not include checks whether the database connection is working. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. ### Parameters @@ -37,9 +37,9 @@ No authorization required # **IsInstanceReady** > HealthStatus IsInstanceReady() -Check the Readiness Status +Check readiness status -This endpoint returns a 200 status code when the HTTP server is up running and the environment dependencies (e.g. the database) are responsive as well. This status does currently not include checks whether the database connection is working. This endpoint does not require the `X-Forwarded-Proto` header when TLS termination is set. Be aware that if you are running multiple nodes of ORY Keto, the health status will never refer to the cluster state, only to a single instance. +This endpoint returns a 200 status code when the HTTP server is up running and the environment dependencies (e.g. the database) are responsive as well. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. ### Parameters diff --git a/sdk/go/keto/swagger/docs/IntrospectionResponse.md b/sdk/go/keto/swagger/docs/IntrospectionResponse.md deleted file mode 100644 index f78586f44..000000000 --- a/sdk/go/keto/swagger/docs/IntrospectionResponse.md +++ /dev/null @@ -1,21 +0,0 @@ -# IntrospectionResponse - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Active** | **bool** | | [optional] [default to null] -**Aud** | **[]string** | | [optional] [default to null] -**ClientId** | **string** | | [optional] [default to null] -**Exp** | **int64** | | [optional] [default to null] -**Ext** | [**map[string]interface{}**](interface{}.md) | Session represents arbitrary session data. | [optional] [default to null] -**Iat** | **int64** | | [optional] [default to null] -**Iss** | **string** | | [optional] [default to null] -**Nbf** | **int64** | | [optional] [default to null] -**Scope** | **string** | | [optional] [default to null] -**Sub** | **string** | Here, it's sub | [optional] [default to null] -**TokenType** | **string** | | [optional] [default to null] -**Username** | **string** | | [optional] [default to null] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/go/keto/swagger/docs/SwaggerListPolicyParameters.md b/sdk/go/keto/swagger/docs/ListOryAccessControlPolicies.md similarity index 60% rename from sdk/go/keto/swagger/docs/SwaggerListPolicyParameters.md rename to sdk/go/keto/swagger/docs/ListOryAccessControlPolicies.md index 8fc0c8862..92c9d6fb5 100644 --- a/sdk/go/keto/swagger/docs/SwaggerListPolicyParameters.md +++ b/sdk/go/keto/swagger/docs/ListOryAccessControlPolicies.md @@ -1,10 +1,11 @@ -# SwaggerListPolicyParameters +# ListOryAccessControlPolicies ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**Limit** | **int64** | The maximum amount of policies returned. in: query | [optional] [default to null] -**Offset** | **int64** | The offset from where to start looking. in: query | [optional] [default to null] +**Flavor** | **string** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" in: path | [default to null] +**Limit** | **int64** | The maximum amount of policies returned. in: query | [optional] [default to null] +**Offset** | **int64** | The offset from where to start looking. in: query | [optional] [default to null] [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/sdk/go/keto/swagger/docs/ListOryAccessControlPolicyRoles.md b/sdk/go/keto/swagger/docs/ListOryAccessControlPolicyRoles.md new file mode 100644 index 000000000..f1bb64597 --- /dev/null +++ b/sdk/go/keto/swagger/docs/ListOryAccessControlPolicyRoles.md @@ -0,0 +1,12 @@ +# ListOryAccessControlPolicyRoles + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**Flavor** | **string** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" in: path | [default to null] +**Limit** | **int64** | The maximum amount of policies returned. in: query | [optional] [default to null] +**Offset** | **int64** | The offset from where to start looking. in: query | [optional] [default to null] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/go/keto/swagger/docs/OAuth2IntrospectionAuthentication.md b/sdk/go/keto/swagger/docs/OAuth2IntrospectionAuthentication.md deleted file mode 100644 index aeccd97ff..000000000 --- a/sdk/go/keto/swagger/docs/OAuth2IntrospectionAuthentication.md +++ /dev/null @@ -1,9 +0,0 @@ -# OAuth2IntrospectionAuthentication - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/go/keto/swagger/docs/OryAccessControlPolicies.md b/sdk/go/keto/swagger/docs/OryAccessControlPolicies.md new file mode 100644 index 000000000..4b94acf44 --- /dev/null +++ b/sdk/go/keto/swagger/docs/OryAccessControlPolicies.md @@ -0,0 +1,10 @@ +# OryAccessControlPolicies + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**Body** | [**[]OryAccessControlPolicy**](oryAccessControlPolicy.md) | in: body | [optional] [default to null] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/go/keto/swagger/docs/OryAccessControlPolicy.md b/sdk/go/keto/swagger/docs/OryAccessControlPolicy.md new file mode 100644 index 000000000..073f15ec3 --- /dev/null +++ b/sdk/go/keto/swagger/docs/OryAccessControlPolicy.md @@ -0,0 +1,16 @@ +# OryAccessControlPolicy + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**Actions** | **[]string** | Actions is an array representing all the actions this ORY Access Policy applies to. | [optional] [default to null] +**Conditions** | [**[]map[string]interface{}**](map.md) | Conditions represents an array of conditions under which this ORY Access Policy is active. | [optional] [default to null] +**Description** | **string** | Description is an optional, human-readable description. | [optional] [default to null] +**Effect** | **string** | Effect is the effect of this ORY Access Policy. It can be \"allow\" or \"deny\". | [optional] [default to null] +**Id** | **string** | ID is the unique identifier of the ORY Access Policy. It is used to query, update, and remove the ORY Access Policy. | [optional] [default to null] +**Resources** | **[]string** | Resources is an array representing all the resources this ORY Access Policy applies to. | [optional] [default to null] +**Subjects** | **[]string** | Subjects is an array representing all the subjects this ORY Access Policy applies to. | [optional] [default to null] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/go/keto/swagger/docs/WardenSubjectAuthorizationRequest.md b/sdk/go/keto/swagger/docs/OryAccessControlPolicyAllowedInput.md similarity index 87% rename from sdk/go/keto/swagger/docs/WardenSubjectAuthorizationRequest.md rename to sdk/go/keto/swagger/docs/OryAccessControlPolicyAllowedInput.md index 189063ace..36014ef1b 100644 --- a/sdk/go/keto/swagger/docs/WardenSubjectAuthorizationRequest.md +++ b/sdk/go/keto/swagger/docs/OryAccessControlPolicyAllowedInput.md @@ -1,4 +1,4 @@ -# WardenSubjectAuthorizationRequest +# OryAccessControlPolicyAllowedInput ## Properties Name | Type | Description | Notes @@ -6,7 +6,7 @@ Name | Type | Description | Notes **Action** | **string** | Action is the action that is requested on the resource. | [optional] [default to null] **Context** | [**map[string]interface{}**](interface{}.md) | Context is the request's environmental context. | [optional] [default to null] **Resource** | **string** | Resource is the resource that access is requested to. | [optional] [default to null] -**Subject** | **string** | Subejct is the subject that is requesting access. | [optional] [default to null] +**Subject** | **string** | Subject is the subject that is requesting access. | [optional] [default to null] [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/sdk/go/keto/swagger/docs/Role.md b/sdk/go/keto/swagger/docs/OryAccessControlPolicyRole.md similarity index 94% rename from sdk/go/keto/swagger/docs/Role.md rename to sdk/go/keto/swagger/docs/OryAccessControlPolicyRole.md index b8be2d4b4..2e240750c 100644 --- a/sdk/go/keto/swagger/docs/Role.md +++ b/sdk/go/keto/swagger/docs/OryAccessControlPolicyRole.md @@ -1,4 +1,4 @@ -# Role +# OryAccessControlPolicyRole ## Properties Name | Type | Description | Notes diff --git a/sdk/go/keto/swagger/docs/Authenticator.md b/sdk/go/keto/swagger/docs/OryAccessControlPolicyRoles.md similarity index 90% rename from sdk/go/keto/swagger/docs/Authenticator.md rename to sdk/go/keto/swagger/docs/OryAccessControlPolicyRoles.md index 841ffbb14..6d4ab9894 100644 --- a/sdk/go/keto/swagger/docs/Authenticator.md +++ b/sdk/go/keto/swagger/docs/OryAccessControlPolicyRoles.md @@ -1,4 +1,4 @@ -# Authenticator +# OryAccessControlPolicyRoles ## Properties Name | Type | Description | Notes diff --git a/sdk/go/keto/swagger/docs/Firewall.md b/sdk/go/keto/swagger/docs/Policies.md similarity index 96% rename from sdk/go/keto/swagger/docs/Firewall.md rename to sdk/go/keto/swagger/docs/Policies.md index 134131c8c..3b4e2a077 100644 --- a/sdk/go/keto/swagger/docs/Firewall.md +++ b/sdk/go/keto/swagger/docs/Policies.md @@ -1,4 +1,4 @@ -# Firewall +# Policies ## Properties Name | Type | Description | Notes diff --git a/sdk/go/keto/swagger/docs/Policy.md b/sdk/go/keto/swagger/docs/Policy.md deleted file mode 100644 index 56930955e..000000000 --- a/sdk/go/keto/swagger/docs/Policy.md +++ /dev/null @@ -1,16 +0,0 @@ -# Policy - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Actions** | **[]string** | Actions impacted by the policy. | [optional] [default to null] -**Conditions** | [**map[string]PolicyConditions**](policy_conditions.md) | Conditions under which the policy is active. | [optional] [default to null] -**Description** | **string** | Description of the policy. | [optional] [default to null] -**Effect** | **string** | Effect of the policy | [optional] [default to null] -**Id** | **string** | ID of the policy. | [optional] [default to null] -**Resources** | **[]string** | Resources impacted by the policy. | [optional] [default to null] -**Subjects** | **[]string** | Subjects impacted by the policy. | [optional] [default to null] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/go/keto/swagger/docs/PolicyApi.md b/sdk/go/keto/swagger/docs/PolicyApi.md deleted file mode 100644 index 35aa7df8f..000000000 --- a/sdk/go/keto/swagger/docs/PolicyApi.md +++ /dev/null @@ -1,160 +0,0 @@ -# \PolicyApi - -All URIs are relative to *http://localhost* - -Method | HTTP request | Description -------------- | ------------- | ------------- -[**CreatePolicy**](PolicyApi.md#CreatePolicy) | **Post** /policies | -[**DeletePolicy**](PolicyApi.md#DeletePolicy) | **Delete** /policies/{id} | -[**GetPolicy**](PolicyApi.md#GetPolicy) | **Get** /policies/{id} | -[**ListPolicies**](PolicyApi.md#ListPolicies) | **Get** /policies | -[**UpdatePolicy**](PolicyApi.md#UpdatePolicy) | **Put** /policies/{id} | - - -# **CreatePolicy** -> Policy CreatePolicy($body) - - - -Create an Access Control Policy - - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **body** | [**Policy**](Policy.md)| | [optional] - -### Return type - -[**Policy**](policy.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) - -# **DeletePolicy** -> DeletePolicy($id) - - - -Delete an Access Control Policy - - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **id** | **string**| The id of the policy. | - -### Return type - -void (empty response body) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) - -# **GetPolicy** -> Policy GetPolicy($id) - - - -Get an Access Control Policy - - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **id** | **string**| The id of the policy. | - -### Return type - -[**Policy**](policy.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) - -# **ListPolicies** -> []Policy ListPolicies($offset, $limit) - - - -List Access Control Policies - - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **offset** | **int64**| The offset from where to start looking. | [optional] - **limit** | **int64**| The maximum amount of policies returned. | [optional] - -### Return type - -[**[]Policy**](policy.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) - -# **UpdatePolicy** -> Policy UpdatePolicy($id, $body) - - - -Update an Access Control Policy - - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **id** | **string**| The id of the policy. | - **body** | [**Policy**](Policy.md)| | [optional] - -### Return type - -[**Policy**](policy.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) - diff --git a/sdk/go/keto/swagger/docs/PolicyConditions.md b/sdk/go/keto/swagger/docs/PolicyConditions.md deleted file mode 100644 index e38c6e6a1..000000000 --- a/sdk/go/keto/swagger/docs/PolicyConditions.md +++ /dev/null @@ -1,11 +0,0 @@ -# PolicyConditions - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Options** | [**map[string]interface{}**](interface{}.md) | | [optional] [default to null] -**Type_** | **string** | | [optional] [default to null] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/go/keto/swagger/docs/RemoveOryAccessControlPolicyRoleMembers.md b/sdk/go/keto/swagger/docs/RemoveOryAccessControlPolicyRoleMembers.md new file mode 100644 index 000000000..3fda1c7a5 --- /dev/null +++ b/sdk/go/keto/swagger/docs/RemoveOryAccessControlPolicyRoleMembers.md @@ -0,0 +1,12 @@ +# RemoveOryAccessControlPolicyRoleMembers + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**Body** | [**RemoveOryAccessControlPolicyRoleMembersBody**](removeOryAccessControlPolicyRoleMembersBody.md) | | [optional] [default to null] +**Flavor** | **string** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | [default to null] +**Id** | **string** | The ID of the ORY Access Control Policy Role. in: path | [default to null] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/go/keto/swagger/docs/RemoveOryAccessControlPolicyRoleMembersBody.md b/sdk/go/keto/swagger/docs/RemoveOryAccessControlPolicyRoleMembersBody.md new file mode 100644 index 000000000..78a84ad2b --- /dev/null +++ b/sdk/go/keto/swagger/docs/RemoveOryAccessControlPolicyRoleMembersBody.md @@ -0,0 +1,10 @@ +# RemoveOryAccessControlPolicyRoleMembersBody + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**Members** | **[]string** | The members to be removed. | [optional] [default to null] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/go/keto/swagger/docs/RoleApi.md b/sdk/go/keto/swagger/docs/RoleApi.md deleted file mode 100644 index 76565b3a2..000000000 --- a/sdk/go/keto/swagger/docs/RoleApi.md +++ /dev/null @@ -1,219 +0,0 @@ -# \RoleApi - -All URIs are relative to *http://localhost* - -Method | HTTP request | Description -------------- | ------------- | ------------- -[**AddMembersToRole**](RoleApi.md#AddMembersToRole) | **Post** /roles/{id}/members | Add members to a role -[**CreateRole**](RoleApi.md#CreateRole) | **Post** /roles | Create a role -[**DeleteRole**](RoleApi.md#DeleteRole) | **Delete** /roles/{id} | Get a role by its ID -[**GetRole**](RoleApi.md#GetRole) | **Get** /roles/{id} | Get a role by its ID -[**ListRoles**](RoleApi.md#ListRoles) | **Get** /roles | List all roles -[**RemoveMembersFromRole**](RoleApi.md#RemoveMembersFromRole) | **Delete** /roles/{id}/members | Remove members from a role -[**SetRole**](RoleApi.md#SetRole) | **Put** /roles/{id} | A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. - - -# **AddMembersToRole** -> AddMembersToRole($id, $body) - -Add members to a role - -A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to add members (users, applications, ...) to a specific role. You have to know the role's ID. - - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **id** | **string**| The id of the role to modify. | - **body** | [**RoleMembers**](RoleMembers.md)| | [optional] - -### Return type - -void (empty response body) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) - -# **CreateRole** -> Role CreateRole($body) - -Create a role - -A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to create a new role. You may define members as well but you don't have to. - - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **body** | [**Role**](Role.md)| | [optional] - -### Return type - -[**Role**](role.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) - -# **DeleteRole** -> DeleteRole($id) - -Get a role by its ID - -A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to delete an existing role. You have to know the role's ID. - - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **id** | **string**| The id of the role to look up. | - -### Return type - -void (empty response body) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) - -# **GetRole** -> Role GetRole($id) - -Get a role by its ID - -A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to retrieve an existing role. You have to know the role's ID. - - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **id** | **string**| The id of the role to look up. | - -### Return type - -[**Role**](role.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) - -# **ListRoles** -> []Role ListRoles($member, $limit, $offset) - -List all roles - -A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to retrieve all roles that are stored in the system. - - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **member** | **string**| The id of the member to look up. | [optional] - **limit** | **int64**| The maximum amount of policies returned. | [optional] - **offset** | **int64**| The offset from where to start looking. | [optional] - -### Return type - -[**[]Role**](role.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) - -# **RemoveMembersFromRole** -> RemoveMembersFromRole($id, $body) - -Remove members from a role - -A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to remove members (users, applications, ...) from a specific role. You have to know the role's ID. - - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **id** | **string**| The id of the role to modify. | - **body** | [**RoleMembers**](RoleMembers.md)| | [optional] - -### Return type - -void (empty response body) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) - -# **SetRole** -> SetRole() - -A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. - -This endpoint allows you to overwrite a role. You have to know the role's ID. - - -### Parameters -This endpoint does not need any parameter. - -### Return type - -void (empty response body) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) - diff --git a/sdk/go/keto/swagger/docs/RoleMembers.md b/sdk/go/keto/swagger/docs/RoleMembers.md deleted file mode 100644 index 7d96546fb..000000000 --- a/sdk/go/keto/swagger/docs/RoleMembers.md +++ /dev/null @@ -1,10 +0,0 @@ -# RoleMembers - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Members** | **[]string** | | [optional] [default to null] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/go/keto/swagger/docs/Session.md b/sdk/go/keto/swagger/docs/Session.md deleted file mode 100644 index 9a47b3b1c..000000000 --- a/sdk/go/keto/swagger/docs/Session.md +++ /dev/null @@ -1,10 +0,0 @@ -# Session - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**GetSubject** | **string** | | [optional] [default to null] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/go/keto/swagger/docs/SwaggerCreatePolicyParameters.md b/sdk/go/keto/swagger/docs/SwaggerCreatePolicyParameters.md deleted file mode 100644 index c8304b894..000000000 --- a/sdk/go/keto/swagger/docs/SwaggerCreatePolicyParameters.md +++ /dev/null @@ -1,10 +0,0 @@ -# SwaggerCreatePolicyParameters - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Body** | [**Policy**](policy.md) | | [optional] [default to null] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/go/keto/swagger/docs/SwaggerDoesWardenAllowAccessRequestParameters.md b/sdk/go/keto/swagger/docs/SwaggerDoesWardenAllowAccessRequestParameters.md deleted file mode 100644 index 9f959938b..000000000 --- a/sdk/go/keto/swagger/docs/SwaggerDoesWardenAllowAccessRequestParameters.md +++ /dev/null @@ -1,10 +0,0 @@ -# SwaggerDoesWardenAllowAccessRequestParameters - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Body** | [**WardenSubjectAuthorizationRequest**](WardenSubjectAuthorizationRequest.md) | | [optional] [default to null] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/go/keto/swagger/docs/SwaggerDoesWardenAllowClientRequestParameters.md b/sdk/go/keto/swagger/docs/SwaggerDoesWardenAllowClientRequestParameters.md deleted file mode 100644 index e9cc60c25..000000000 --- a/sdk/go/keto/swagger/docs/SwaggerDoesWardenAllowClientRequestParameters.md +++ /dev/null @@ -1,10 +0,0 @@ -# SwaggerDoesWardenAllowClientRequestParameters - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Body** | [**WardenOAuth2ClientAuthorizationRequest**](wardenOAuth2ClientAuthorizationRequest.md) | | [optional] [default to null] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/go/keto/swagger/docs/SwaggerDoesWardenAllowTokenAccessRequestParameters.md b/sdk/go/keto/swagger/docs/SwaggerDoesWardenAllowTokenAccessRequestParameters.md deleted file mode 100644 index 3cd96148e..000000000 --- a/sdk/go/keto/swagger/docs/SwaggerDoesWardenAllowTokenAccessRequestParameters.md +++ /dev/null @@ -1,10 +0,0 @@ -# SwaggerDoesWardenAllowTokenAccessRequestParameters - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Body** | [**WardenOAuth2AccessTokenAuthorizationRequest**](wardenOAuth2AccessTokenAuthorizationRequest.md) | | [optional] [default to null] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/go/keto/swagger/docs/SwaggerGetPolicyParameters.md b/sdk/go/keto/swagger/docs/SwaggerGetPolicyParameters.md deleted file mode 100644 index 875e78471..000000000 --- a/sdk/go/keto/swagger/docs/SwaggerGetPolicyParameters.md +++ /dev/null @@ -1,10 +0,0 @@ -# SwaggerGetPolicyParameters - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Id** | **string** | The id of the policy. in: path | [optional] [default to null] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/go/keto/swagger/docs/SwaggerListPolicyResponse.md b/sdk/go/keto/swagger/docs/SwaggerListPolicyResponse.md deleted file mode 100644 index 73c549f54..000000000 --- a/sdk/go/keto/swagger/docs/SwaggerListPolicyResponse.md +++ /dev/null @@ -1,10 +0,0 @@ -# SwaggerListPolicyResponse - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Body** | [**[]Policy**](policy.md) | in: body type: array | [optional] [default to null] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/go/keto/swagger/docs/SwaggerUpdatePolicyParameters.md b/sdk/go/keto/swagger/docs/SwaggerUpdatePolicyParameters.md deleted file mode 100644 index c78915af3..000000000 --- a/sdk/go/keto/swagger/docs/SwaggerUpdatePolicyParameters.md +++ /dev/null @@ -1,11 +0,0 @@ -# SwaggerUpdatePolicyParameters - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Body** | [**Policy**](policy.md) | | [optional] [default to null] -**Id** | **string** | The id of the policy. in: path | [optional] [default to null] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/go/keto/swagger/docs/SwaggerWardenBaseRequest.md b/sdk/go/keto/swagger/docs/SwaggerWardenBaseRequest.md deleted file mode 100644 index 2a43ea249..000000000 --- a/sdk/go/keto/swagger/docs/SwaggerWardenBaseRequest.md +++ /dev/null @@ -1,12 +0,0 @@ -# SwaggerWardenBaseRequest - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Action** | **string** | Action is the action that is requested on the resource. | [optional] [default to null] -**Context** | [**map[string]interface{}**](interface{}.md) | Context is the request's environmental context. | [optional] [default to null] -**Resource** | **string** | Resource is the resource that access is requested to. | [optional] [default to null] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/go/keto/swagger/docs/UpsertOryAccessControlPolicy.md b/sdk/go/keto/swagger/docs/UpsertOryAccessControlPolicy.md new file mode 100644 index 000000000..f06692ea5 --- /dev/null +++ b/sdk/go/keto/swagger/docs/UpsertOryAccessControlPolicy.md @@ -0,0 +1,11 @@ +# UpsertOryAccessControlPolicy + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**Body** | [**OryAccessControlPolicy**](oryAccessControlPolicy.md) | | [optional] [default to null] +**Flavor** | **string** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | [default to null] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/go/keto/swagger/docs/UpsertOryAccessControlPolicyRole.md b/sdk/go/keto/swagger/docs/UpsertOryAccessControlPolicyRole.md new file mode 100644 index 000000000..1883713e9 --- /dev/null +++ b/sdk/go/keto/swagger/docs/UpsertOryAccessControlPolicyRole.md @@ -0,0 +1,11 @@ +# UpsertOryAccessControlPolicyRole + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**Body** | [**OryAccessControlPolicyRole**](oryAccessControlPolicyRole.md) | | [optional] [default to null] +**Flavor** | **string** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | [default to null] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/go/keto/swagger/docs/Version.md b/sdk/go/keto/swagger/docs/Version.md index fb09e432a..39168b5ca 100644 --- a/sdk/go/keto/swagger/docs/Version.md +++ b/sdk/go/keto/swagger/docs/Version.md @@ -3,7 +3,7 @@ ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**Version** | **string** | | [optional] [default to null] +**Version** | **string** | Version is the service's version. | [optional] [default to null] [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/sdk/go/keto/swagger/docs/VersionApi.md b/sdk/go/keto/swagger/docs/VersionApi.md index 688ebf590..ca47b504f 100644 --- a/sdk/go/keto/swagger/docs/VersionApi.md +++ b/sdk/go/keto/swagger/docs/VersionApi.md @@ -4,15 +4,15 @@ All URIs are relative to *http://localhost* Method | HTTP request | Description ------------- | ------------- | ------------- -[**GetVersion**](VersionApi.md#GetVersion) | **Get** /version | Get the version of Keto +[**GetVersion**](VersionApi.md#GetVersion) | **Get** /version | Get service version # **GetVersion** > Version GetVersion() -Get the version of Keto +Get service version -This endpoint returns the version as `{ \"version\": \"VERSION\" }`. The version is only correct with the prebuilt binary and not custom builds. +This endpoint returns the service version typically notated using semantic versioning. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. ### Parameters diff --git a/sdk/go/keto/swagger/docs/WardenApi.md b/sdk/go/keto/swagger/docs/WardenApi.md deleted file mode 100644 index 4cb384e78..000000000 --- a/sdk/go/keto/swagger/docs/WardenApi.md +++ /dev/null @@ -1,98 +0,0 @@ -# \WardenApi - -All URIs are relative to *http://localhost* - -Method | HTTP request | Description -------------- | ------------- | ------------- -[**IsOAuth2AccessTokenAuthorized**](WardenApi.md#IsOAuth2AccessTokenAuthorized) | **Post** /warden/oauth2/access-tokens/authorize | Check if an OAuth 2.0 access token is authorized to access a resource -[**IsOAuth2ClientAuthorized**](WardenApi.md#IsOAuth2ClientAuthorized) | **Post** /warden/oauth2/clients/authorize | Check if an OAuth 2.0 Client is authorized to access a resource -[**IsSubjectAuthorized**](WardenApi.md#IsSubjectAuthorized) | **Post** /warden/subjects/authorize | Check if a subject is authorized to access a resource - - -# **IsOAuth2AccessTokenAuthorized** -> WardenOAuth2AccessTokenAuthorizationResponse IsOAuth2AccessTokenAuthorized($body) - -Check if an OAuth 2.0 access token is authorized to access a resource - -Checks if a token is valid and if the token subject is allowed to perform an action on a resource. This endpoint requires a token, a scope, a resource name, an action name and a context. If a token is expired/invalid, has not been granted the requested scope or the subject is not allowed to perform the action on the resource, this endpoint returns a 200 response with `{ \"allowed\": false }`. This endpoint passes all data from the upstream OAuth 2.0 token introspection endpoint. If you use ORY Hydra as an upstream OAuth 2.0 provider, data set through the `accessTokenExtra` field in the consent flow will be included in this response as well. - - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **body** | [**WardenOAuth2AccessTokenAuthorizationRequest**](WardenOAuth2AccessTokenAuthorizationRequest.md)| | [optional] - -### Return type - -[**WardenOAuth2AccessTokenAuthorizationResponse**](wardenOAuth2AccessTokenAuthorizationResponse.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) - -# **IsOAuth2ClientAuthorized** -> WardenOAuth2ClientAuthorizationResponse IsOAuth2ClientAuthorized($body) - -Check if an OAuth 2.0 Client is authorized to access a resource - -Checks if an OAuth 2.0 Client provided the correct access credentials and and if the client is allowed to perform an action on a resource. This endpoint requires a client id, a client secret, a scope, a resource name, an action name and a context. - - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **body** | [**WardenOAuth2ClientAuthorizationRequest**](WardenOAuth2ClientAuthorizationRequest.md)| | [optional] - -### Return type - -[**WardenOAuth2ClientAuthorizationResponse**](wardenOAuth2ClientAuthorizationResponse.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) - -# **IsSubjectAuthorized** -> WardenSubjectAuthorizationResponse IsSubjectAuthorized($body) - -Check if a subject is authorized to access a resource - -Checks if a subject (e.g. user ID, API key, ...) is allowed to perform a certain action on a resource. - - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **body** | [**WardenSubjectAuthorizationRequest**](WardenSubjectAuthorizationRequest.md)| | [optional] - -### Return type - -[**WardenSubjectAuthorizationResponse**](wardenSubjectAuthorizationResponse.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) - diff --git a/sdk/go/keto/swagger/docs/WardenOAuth2AccessTokenAuthorizationRequest.md b/sdk/go/keto/swagger/docs/WardenOAuth2AccessTokenAuthorizationRequest.md deleted file mode 100644 index fceec4fe2..000000000 --- a/sdk/go/keto/swagger/docs/WardenOAuth2AccessTokenAuthorizationRequest.md +++ /dev/null @@ -1,14 +0,0 @@ -# WardenOAuth2AccessTokenAuthorizationRequest - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Action** | **string** | Action is the action that is requested on the resource. | [optional] [default to null] -**Context** | [**map[string]interface{}**](interface{}.md) | Context is the request's environmental context. | [optional] [default to null] -**Resource** | **string** | Resource is the resource that access is requested to. | [optional] [default to null] -**Scope** | **[]string** | Scope is an array of scopes that are required. | [optional] [default to null] -**Token** | **string** | Token is the token to introspect. | [optional] [default to null] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/go/keto/swagger/docs/WardenOAuth2AccessTokenAuthorizationResponse.md b/sdk/go/keto/swagger/docs/WardenOAuth2AccessTokenAuthorizationResponse.md deleted file mode 100644 index e400c5cc4..000000000 --- a/sdk/go/keto/swagger/docs/WardenOAuth2AccessTokenAuthorizationResponse.md +++ /dev/null @@ -1,20 +0,0 @@ -# WardenOAuth2AccessTokenAuthorizationResponse - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Allowed** | **bool** | Allowed is true if the request is allowed and false otherwise. | [optional] [default to null] -**Aud** | **[]string** | | [optional] [default to null] -**ClientId** | **string** | ClientID is the id of the OAuth2 client that requested the token. | [optional] [default to null] -**Exp** | [**time.Time**](time.Time.md) | ExpiresAt is the expiry timestamp. | [optional] [default to null] -**Iat** | [**time.Time**](time.Time.md) | IssuedAt is the token creation time stamp. | [optional] [default to null] -**Iss** | **string** | Issuer is the id of the issuer, typically an hydra instance. | [optional] [default to null] -**Nbf** | [**time.Time**](time.Time.md) | | [optional] [default to null] -**Scope** | **string** | GrantedScopes is a list of scopes that the subject authorized when asked for consent. | [optional] [default to null] -**Session** | [**map[string]interface{}**](interface{}.md) | Session represents arbitrary session data. | [optional] [default to null] -**Sub** | **string** | Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. | [optional] [default to null] -**Username** | **string** | | [optional] [default to null] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/go/keto/swagger/docs/WardenOAuth2ClientAuthorizationRequest.md b/sdk/go/keto/swagger/docs/WardenOAuth2ClientAuthorizationRequest.md deleted file mode 100644 index 9b1a221c9..000000000 --- a/sdk/go/keto/swagger/docs/WardenOAuth2ClientAuthorizationRequest.md +++ /dev/null @@ -1,15 +0,0 @@ -# WardenOAuth2ClientAuthorizationRequest - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Action** | **string** | Action is the action that is requested on the resource. | [optional] [default to null] -**ClientId** | **string** | Token is the token to introspect. | [optional] [default to null] -**ClientSecret** | **string** | | [optional] [default to null] -**Context** | [**map[string]interface{}**](interface{}.md) | Context is the request's environmental context. | [optional] [default to null] -**Resource** | **string** | Resource is the resource that access is requested to. | [optional] [default to null] -**Scope** | **[]string** | Scope is an array of scopes that are required. | [optional] [default to null] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/go/keto/swagger/docs/WardenOAuth2ClientAuthorizationResponse.md b/sdk/go/keto/swagger/docs/WardenOAuth2ClientAuthorizationResponse.md deleted file mode 100644 index 8e9cfac24..000000000 --- a/sdk/go/keto/swagger/docs/WardenOAuth2ClientAuthorizationResponse.md +++ /dev/null @@ -1,11 +0,0 @@ -# WardenOAuth2ClientAuthorizationResponse - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Allowed** | **bool** | Allowed is true if the request is allowed and false otherwise. | [optional] [default to null] -**Sub** | **string** | Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. | [optional] [default to null] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/go/keto/swagger/docs/WardenSubjectAuthorizationResponse.md b/sdk/go/keto/swagger/docs/WardenSubjectAuthorizationResponse.md deleted file mode 100644 index 6bc2845e5..000000000 --- a/sdk/go/keto/swagger/docs/WardenSubjectAuthorizationResponse.md +++ /dev/null @@ -1,11 +0,0 @@ -# WardenSubjectAuthorizationResponse - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Allowed** | **bool** | Allowed is true if the request is allowed and false otherwise. | [optional] [default to null] -**Sub** | **string** | Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. | [optional] [default to null] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/go/keto/swagger/engines_api.go b/sdk/go/keto/swagger/engines_api.go new file mode 100644 index 000000000..395d733bb --- /dev/null +++ b/sdk/go/keto/swagger/engines_api.go @@ -0,0 +1,736 @@ +/* + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * Generated by: https://github.com/swagger-api/swagger-codegen.git + */ + +package swagger + +import ( + "encoding/json" + "fmt" + "net/url" + "strings" +) + +type EnginesApi struct { + Configuration *Configuration +} + +func NewEnginesApi() *EnginesApi { + configuration := NewConfiguration() + return &EnginesApi{ + Configuration: configuration, + } +} + +func NewEnginesApiWithBasePath(basePath string) *EnginesApi { + configuration := NewConfiguration() + configuration.BasePath = basePath + + return &EnginesApi{ + Configuration: configuration, + } +} + +/** + * Add a member to an ORY Access Control Policy Role + * Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + * + * @param flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + * @param id The ID of the ORY Access Control Policy Role. + * @param body + * @return *OryAccessControlPolicyRole + */ +func (a EnginesApi) AddOryAccessControlPolicyRoleMembers(flavor string, id string, body AddOryAccessControlPolicyRoleMembersBody) (*OryAccessControlPolicyRole, *APIResponse, error) { + + var localVarHttpMethod = strings.ToUpper("Put") + // create path and map variables + localVarPath := a.Configuration.BasePath + "/engines/acp/ory/{flavor}/roles/{id}/members" + localVarPath = strings.Replace(localVarPath, "{"+"flavor"+"}", fmt.Sprintf("%v", flavor), -1) + localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", fmt.Sprintf("%v", id), -1) + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := make(map[string]string) + var localVarPostBody interface{} + var localVarFileName string + var localVarFileBytes []byte + // add default headers if any + for key := range a.Configuration.DefaultHeader { + localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] + } + + // to determine the Content-Type header + localVarHttpContentTypes := []string{"application/json"} + + // set Content-Type header + localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) + if localVarHttpContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHttpContentType + } + // to determine the Accept header + localVarHttpHeaderAccepts := []string{ + "application/json", + } + + // set Accept header + localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) + if localVarHttpHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHttpHeaderAccept + } + // body params + localVarPostBody = &body + var successPayload = new(OryAccessControlPolicyRole) + localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) + + var localVarURL, _ = url.Parse(localVarPath) + localVarURL.RawQuery = localVarQueryParams.Encode() + var localVarAPIResponse = &APIResponse{Operation: "AddOryAccessControlPolicyRoleMembers", Method: localVarHttpMethod, RequestURL: localVarURL.String()} + if localVarHttpResponse != nil { + localVarAPIResponse.Response = localVarHttpResponse.RawResponse + localVarAPIResponse.Payload = localVarHttpResponse.Body() + } + + if err != nil { + return successPayload, localVarAPIResponse, err + } + err = json.Unmarshal(localVarHttpResponse.Body(), &successPayload) + return successPayload, localVarAPIResponse, err +} + +/** + * + * Delete an ORY Access Control Policy + * + * @param flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + * @param id The ID of the ORY Access Control Policy Role. + * @return void + */ +func (a EnginesApi) DeleteOryAccessControlPolicy(flavor string, id string) (*APIResponse, error) { + + var localVarHttpMethod = strings.ToUpper("Delete") + // create path and map variables + localVarPath := a.Configuration.BasePath + "/engines/acp/ory/{flavor}/policies/{id}" + localVarPath = strings.Replace(localVarPath, "{"+"flavor"+"}", fmt.Sprintf("%v", flavor), -1) + localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", fmt.Sprintf("%v", id), -1) + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := make(map[string]string) + var localVarPostBody interface{} + var localVarFileName string + var localVarFileBytes []byte + // add default headers if any + for key := range a.Configuration.DefaultHeader { + localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] + } + + // to determine the Content-Type header + localVarHttpContentTypes := []string{"application/json"} + + // set Content-Type header + localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) + if localVarHttpContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHttpContentType + } + // to determine the Accept header + localVarHttpHeaderAccepts := []string{ + "application/json", + } + + // set Accept header + localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) + if localVarHttpHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHttpHeaderAccept + } + localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) + + var localVarURL, _ = url.Parse(localVarPath) + localVarURL.RawQuery = localVarQueryParams.Encode() + var localVarAPIResponse = &APIResponse{Operation: "DeleteOryAccessControlPolicy", Method: localVarHttpMethod, RequestURL: localVarURL.String()} + if localVarHttpResponse != nil { + localVarAPIResponse.Response = localVarHttpResponse.RawResponse + localVarAPIResponse.Payload = localVarHttpResponse.Body() + } + + if err != nil { + return localVarAPIResponse, err + } + return localVarAPIResponse, err +} + +/** + * Delete an ORY Access Control Policy Role + * Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + * + * @param flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + * @param id The ID of the ORY Access Control Policy Role. + * @return void + */ +func (a EnginesApi) DeleteOryAccessControlPolicyRole(flavor string, id string) (*APIResponse, error) { + + var localVarHttpMethod = strings.ToUpper("Delete") + // create path and map variables + localVarPath := a.Configuration.BasePath + "/engines/acp/ory/{flavor}/roles/{id}" + localVarPath = strings.Replace(localVarPath, "{"+"flavor"+"}", fmt.Sprintf("%v", flavor), -1) + localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", fmt.Sprintf("%v", id), -1) + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := make(map[string]string) + var localVarPostBody interface{} + var localVarFileName string + var localVarFileBytes []byte + // add default headers if any + for key := range a.Configuration.DefaultHeader { + localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] + } + + // to determine the Content-Type header + localVarHttpContentTypes := []string{"application/json"} + + // set Content-Type header + localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) + if localVarHttpContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHttpContentType + } + // to determine the Accept header + localVarHttpHeaderAccepts := []string{ + "application/json", + } + + // set Accept header + localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) + if localVarHttpHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHttpHeaderAccept + } + localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) + + var localVarURL, _ = url.Parse(localVarPath) + localVarURL.RawQuery = localVarQueryParams.Encode() + var localVarAPIResponse = &APIResponse{Operation: "DeleteOryAccessControlPolicyRole", Method: localVarHttpMethod, RequestURL: localVarURL.String()} + if localVarHttpResponse != nil { + localVarAPIResponse.Response = localVarHttpResponse.RawResponse + localVarAPIResponse.Payload = localVarHttpResponse.Body() + } + + if err != nil { + return localVarAPIResponse, err + } + return localVarAPIResponse, err +} + +/** + * Check if a request is allowed + * Use this endpoint to check if a request is allowed or not. + * + * @param flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + * @param body + * @return *AuthorizationResult + */ +func (a EnginesApi) DoOryAccessControlPoliciesAllow(flavor string, body OryAccessControlPolicyAllowedInput) (*AuthorizationResult, *APIResponse, error) { + + var localVarHttpMethod = strings.ToUpper("Post") + // create path and map variables + localVarPath := a.Configuration.BasePath + "/engines/acp/ory/{flavor}/allowed" + localVarPath = strings.Replace(localVarPath, "{"+"flavor"+"}", fmt.Sprintf("%v", flavor), -1) + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := make(map[string]string) + var localVarPostBody interface{} + var localVarFileName string + var localVarFileBytes []byte + // add default headers if any + for key := range a.Configuration.DefaultHeader { + localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] + } + + // to determine the Content-Type header + localVarHttpContentTypes := []string{"application/json"} + + // set Content-Type header + localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) + if localVarHttpContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHttpContentType + } + // to determine the Accept header + localVarHttpHeaderAccepts := []string{ + "application/json", + } + + // set Accept header + localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) + if localVarHttpHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHttpHeaderAccept + } + // body params + localVarPostBody = &body + var successPayload = new(AuthorizationResult) + localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) + + var localVarURL, _ = url.Parse(localVarPath) + localVarURL.RawQuery = localVarQueryParams.Encode() + var localVarAPIResponse = &APIResponse{Operation: "DoOryAccessControlPoliciesAllow", Method: localVarHttpMethod, RequestURL: localVarURL.String()} + if localVarHttpResponse != nil { + localVarAPIResponse.Response = localVarHttpResponse.RawResponse + localVarAPIResponse.Payload = localVarHttpResponse.Body() + } + + if err != nil { + return successPayload, localVarAPIResponse, err + } + err = json.Unmarshal(localVarHttpResponse.Body(), &successPayload) + return successPayload, localVarAPIResponse, err +} + +/** + * + * Get an ORY Access Control Policy + * + * @param flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + * @param id The ID of the ORY Access Control Policy Role. + * @return *OryAccessControlPolicy + */ +func (a EnginesApi) GetOryAccessControlPolicy(flavor string, id string) (*OryAccessControlPolicy, *APIResponse, error) { + + var localVarHttpMethod = strings.ToUpper("Get") + // create path and map variables + localVarPath := a.Configuration.BasePath + "/engines/acp/ory/{flavor}/policies/{id}" + localVarPath = strings.Replace(localVarPath, "{"+"flavor"+"}", fmt.Sprintf("%v", flavor), -1) + localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", fmt.Sprintf("%v", id), -1) + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := make(map[string]string) + var localVarPostBody interface{} + var localVarFileName string + var localVarFileBytes []byte + // add default headers if any + for key := range a.Configuration.DefaultHeader { + localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] + } + + // to determine the Content-Type header + localVarHttpContentTypes := []string{"application/json"} + + // set Content-Type header + localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) + if localVarHttpContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHttpContentType + } + // to determine the Accept header + localVarHttpHeaderAccepts := []string{ + "application/json", + } + + // set Accept header + localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) + if localVarHttpHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHttpHeaderAccept + } + var successPayload = new(OryAccessControlPolicy) + localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) + + var localVarURL, _ = url.Parse(localVarPath) + localVarURL.RawQuery = localVarQueryParams.Encode() + var localVarAPIResponse = &APIResponse{Operation: "GetOryAccessControlPolicy", Method: localVarHttpMethod, RequestURL: localVarURL.String()} + if localVarHttpResponse != nil { + localVarAPIResponse.Response = localVarHttpResponse.RawResponse + localVarAPIResponse.Payload = localVarHttpResponse.Body() + } + + if err != nil { + return successPayload, localVarAPIResponse, err + } + err = json.Unmarshal(localVarHttpResponse.Body(), &successPayload) + return successPayload, localVarAPIResponse, err +} + +/** + * Get an ORY Access Control Policy Role + * Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + * + * @param flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + * @param id The ID of the ORY Access Control Policy Role. + * @return *OryAccessControlPolicyRole + */ +func (a EnginesApi) GetOryAccessControlPolicyRole(flavor string, id string) (*OryAccessControlPolicyRole, *APIResponse, error) { + + var localVarHttpMethod = strings.ToUpper("Get") + // create path and map variables + localVarPath := a.Configuration.BasePath + "/engines/acp/ory/{flavor}/roles/{id}" + localVarPath = strings.Replace(localVarPath, "{"+"flavor"+"}", fmt.Sprintf("%v", flavor), -1) + localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", fmt.Sprintf("%v", id), -1) + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := make(map[string]string) + var localVarPostBody interface{} + var localVarFileName string + var localVarFileBytes []byte + // add default headers if any + for key := range a.Configuration.DefaultHeader { + localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] + } + + // to determine the Content-Type header + localVarHttpContentTypes := []string{"application/json"} + + // set Content-Type header + localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) + if localVarHttpContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHttpContentType + } + // to determine the Accept header + localVarHttpHeaderAccepts := []string{ + "application/json", + } + + // set Accept header + localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) + if localVarHttpHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHttpHeaderAccept + } + var successPayload = new(OryAccessControlPolicyRole) + localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) + + var localVarURL, _ = url.Parse(localVarPath) + localVarURL.RawQuery = localVarQueryParams.Encode() + var localVarAPIResponse = &APIResponse{Operation: "GetOryAccessControlPolicyRole", Method: localVarHttpMethod, RequestURL: localVarURL.String()} + if localVarHttpResponse != nil { + localVarAPIResponse.Response = localVarHttpResponse.RawResponse + localVarAPIResponse.Payload = localVarHttpResponse.Body() + } + + if err != nil { + return successPayload, localVarAPIResponse, err + } + err = json.Unmarshal(localVarHttpResponse.Body(), &successPayload) + return successPayload, localVarAPIResponse, err +} + +/** + * + * List ORY Access Control Policies + * + * @param flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" + * @param limit The maximum amount of policies returned. + * @param offset The offset from where to start looking. + * @return []OryAccessControlPolicy + */ +func (a EnginesApi) ListOryAccessControlPolicies(flavor string, limit int64, offset int64) ([]OryAccessControlPolicy, *APIResponse, error) { + + var localVarHttpMethod = strings.ToUpper("Get") + // create path and map variables + localVarPath := a.Configuration.BasePath + "/engines/acp/ory/{flavor}/policies" + localVarPath = strings.Replace(localVarPath, "{"+"flavor"+"}", fmt.Sprintf("%v", flavor), -1) + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := make(map[string]string) + var localVarPostBody interface{} + var localVarFileName string + var localVarFileBytes []byte + // add default headers if any + for key := range a.Configuration.DefaultHeader { + localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] + } + localVarQueryParams.Add("limit", a.Configuration.APIClient.ParameterToString(limit, "")) + localVarQueryParams.Add("offset", a.Configuration.APIClient.ParameterToString(offset, "")) + + // to determine the Content-Type header + localVarHttpContentTypes := []string{"application/json"} + + // set Content-Type header + localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) + if localVarHttpContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHttpContentType + } + // to determine the Accept header + localVarHttpHeaderAccepts := []string{ + "application/json", + } + + // set Accept header + localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) + if localVarHttpHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHttpHeaderAccept + } + var successPayload = new([]OryAccessControlPolicy) + localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) + + var localVarURL, _ = url.Parse(localVarPath) + localVarURL.RawQuery = localVarQueryParams.Encode() + var localVarAPIResponse = &APIResponse{Operation: "ListOryAccessControlPolicies", Method: localVarHttpMethod, RequestURL: localVarURL.String()} + if localVarHttpResponse != nil { + localVarAPIResponse.Response = localVarHttpResponse.RawResponse + localVarAPIResponse.Payload = localVarHttpResponse.Body() + } + + if err != nil { + return *successPayload, localVarAPIResponse, err + } + err = json.Unmarshal(localVarHttpResponse.Body(), &successPayload) + return *successPayload, localVarAPIResponse, err +} + +/** + * List ORY Access Control Policy Roles + * Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + * + * @param flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" + * @param limit The maximum amount of policies returned. + * @param offset The offset from where to start looking. + * @return []OryAccessControlPolicyRole + */ +func (a EnginesApi) ListOryAccessControlPolicyRoles(flavor string, limit int64, offset int64) ([]OryAccessControlPolicyRole, *APIResponse, error) { + + var localVarHttpMethod = strings.ToUpper("Get") + // create path and map variables + localVarPath := a.Configuration.BasePath + "/engines/acp/ory/{flavor}/roles" + localVarPath = strings.Replace(localVarPath, "{"+"flavor"+"}", fmt.Sprintf("%v", flavor), -1) + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := make(map[string]string) + var localVarPostBody interface{} + var localVarFileName string + var localVarFileBytes []byte + // add default headers if any + for key := range a.Configuration.DefaultHeader { + localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] + } + localVarQueryParams.Add("limit", a.Configuration.APIClient.ParameterToString(limit, "")) + localVarQueryParams.Add("offset", a.Configuration.APIClient.ParameterToString(offset, "")) + + // to determine the Content-Type header + localVarHttpContentTypes := []string{"application/json"} + + // set Content-Type header + localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) + if localVarHttpContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHttpContentType + } + // to determine the Accept header + localVarHttpHeaderAccepts := []string{ + "application/json", + } + + // set Accept header + localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) + if localVarHttpHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHttpHeaderAccept + } + var successPayload = new([]OryAccessControlPolicyRole) + localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) + + var localVarURL, _ = url.Parse(localVarPath) + localVarURL.RawQuery = localVarQueryParams.Encode() + var localVarAPIResponse = &APIResponse{Operation: "ListOryAccessControlPolicyRoles", Method: localVarHttpMethod, RequestURL: localVarURL.String()} + if localVarHttpResponse != nil { + localVarAPIResponse.Response = localVarHttpResponse.RawResponse + localVarAPIResponse.Payload = localVarHttpResponse.Body() + } + + if err != nil { + return *successPayload, localVarAPIResponse, err + } + err = json.Unmarshal(localVarHttpResponse.Body(), &successPayload) + return *successPayload, localVarAPIResponse, err +} + +/** + * Remove a member from an ORY Access Control Policy Role + * Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + * + * @param flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + * @param id The ID of the ORY Access Control Policy Role. + * @param body + * @return void + */ +func (a EnginesApi) RemoveOryAccessControlPolicyRoleMembers(flavor string, id string, body RemoveOryAccessControlPolicyRoleMembersBody) (*APIResponse, error) { + + var localVarHttpMethod = strings.ToUpper("Delete") + // create path and map variables + localVarPath := a.Configuration.BasePath + "/engines/acp/ory/{flavor}/roles/{id}/members" + localVarPath = strings.Replace(localVarPath, "{"+"flavor"+"}", fmt.Sprintf("%v", flavor), -1) + localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", fmt.Sprintf("%v", id), -1) + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := make(map[string]string) + var localVarPostBody interface{} + var localVarFileName string + var localVarFileBytes []byte + // add default headers if any + for key := range a.Configuration.DefaultHeader { + localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] + } + + // to determine the Content-Type header + localVarHttpContentTypes := []string{"application/json"} + + // set Content-Type header + localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) + if localVarHttpContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHttpContentType + } + // to determine the Accept header + localVarHttpHeaderAccepts := []string{ + "application/json", + } + + // set Accept header + localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) + if localVarHttpHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHttpHeaderAccept + } + // body params + localVarPostBody = &body + localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) + + var localVarURL, _ = url.Parse(localVarPath) + localVarURL.RawQuery = localVarQueryParams.Encode() + var localVarAPIResponse = &APIResponse{Operation: "RemoveOryAccessControlPolicyRoleMembers", Method: localVarHttpMethod, RequestURL: localVarURL.String()} + if localVarHttpResponse != nil { + localVarAPIResponse.Response = localVarHttpResponse.RawResponse + localVarAPIResponse.Payload = localVarHttpResponse.Body() + } + + if err != nil { + return localVarAPIResponse, err + } + return localVarAPIResponse, err +} + +/** + * + * Upsert an ORY Access Control Policy + * + * @param flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + * @param body + * @return *OryAccessControlPolicy + */ +func (a EnginesApi) UpsertOryAccessControlPolicy(flavor string, body OryAccessControlPolicy) (*OryAccessControlPolicy, *APIResponse, error) { + + var localVarHttpMethod = strings.ToUpper("Put") + // create path and map variables + localVarPath := a.Configuration.BasePath + "/engines/acp/ory/{flavor}/policies" + localVarPath = strings.Replace(localVarPath, "{"+"flavor"+"}", fmt.Sprintf("%v", flavor), -1) + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := make(map[string]string) + var localVarPostBody interface{} + var localVarFileName string + var localVarFileBytes []byte + // add default headers if any + for key := range a.Configuration.DefaultHeader { + localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] + } + + // to determine the Content-Type header + localVarHttpContentTypes := []string{"application/json"} + + // set Content-Type header + localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) + if localVarHttpContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHttpContentType + } + // to determine the Accept header + localVarHttpHeaderAccepts := []string{ + "application/json", + } + + // set Accept header + localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) + if localVarHttpHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHttpHeaderAccept + } + // body params + localVarPostBody = &body + var successPayload = new(OryAccessControlPolicy) + localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) + + var localVarURL, _ = url.Parse(localVarPath) + localVarURL.RawQuery = localVarQueryParams.Encode() + var localVarAPIResponse = &APIResponse{Operation: "UpsertOryAccessControlPolicy", Method: localVarHttpMethod, RequestURL: localVarURL.String()} + if localVarHttpResponse != nil { + localVarAPIResponse.Response = localVarHttpResponse.RawResponse + localVarAPIResponse.Payload = localVarHttpResponse.Body() + } + + if err != nil { + return successPayload, localVarAPIResponse, err + } + err = json.Unmarshal(localVarHttpResponse.Body(), &successPayload) + return successPayload, localVarAPIResponse, err +} + +/** + * Upsert an ORY Access Control Policy Role + * Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + * + * @param flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + * @param body + * @return *OryAccessControlPolicyRole + */ +func (a EnginesApi) UpsertOryAccessControlPolicyRole(flavor string, body OryAccessControlPolicyRole) (*OryAccessControlPolicyRole, *APIResponse, error) { + + var localVarHttpMethod = strings.ToUpper("Put") + // create path and map variables + localVarPath := a.Configuration.BasePath + "/engines/acp/ory/{flavor}/roles" + localVarPath = strings.Replace(localVarPath, "{"+"flavor"+"}", fmt.Sprintf("%v", flavor), -1) + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := make(map[string]string) + var localVarPostBody interface{} + var localVarFileName string + var localVarFileBytes []byte + // add default headers if any + for key := range a.Configuration.DefaultHeader { + localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] + } + + // to determine the Content-Type header + localVarHttpContentTypes := []string{"application/json"} + + // set Content-Type header + localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) + if localVarHttpContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHttpContentType + } + // to determine the Accept header + localVarHttpHeaderAccepts := []string{ + "application/json", + } + + // set Accept header + localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) + if localVarHttpHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHttpHeaderAccept + } + // body params + localVarPostBody = &body + var successPayload = new(OryAccessControlPolicyRole) + localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) + + var localVarURL, _ = url.Parse(localVarPath) + localVarURL.RawQuery = localVarQueryParams.Encode() + var localVarAPIResponse = &APIResponse{Operation: "UpsertOryAccessControlPolicyRole", Method: localVarHttpMethod, RequestURL: localVarURL.String()} + if localVarHttpResponse != nil { + localVarAPIResponse.Response = localVarHttpResponse.RawResponse + localVarAPIResponse.Payload = localVarHttpResponse.Body() + } + + if err != nil { + return successPayload, localVarAPIResponse, err + } + err = json.Unmarshal(localVarHttpResponse.Body(), &successPayload) + return successPayload, localVarAPIResponse, err +} diff --git a/sdk/go/keto/swagger/get_ory_access_control_policy.go b/sdk/go/keto/swagger/get_ory_access_control_policy.go new file mode 100644 index 000000000..19113c2d9 --- /dev/null +++ b/sdk/go/keto/swagger/get_ory_access_control_policy.go @@ -0,0 +1,18 @@ +/* + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * Generated by: https://github.com/swagger-api/swagger-codegen.git + */ + +package swagger + +type GetOryAccessControlPolicy struct { + + // The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + Flavor string `json:"flavor"` + + // The ID of the ORY Access Control Policy Role. in: path + Id string `json:"id"` +} diff --git a/sdk/go/keto/swagger/get_ory_access_control_policy_role.go b/sdk/go/keto/swagger/get_ory_access_control_policy_role.go new file mode 100644 index 000000000..c45d4abd0 --- /dev/null +++ b/sdk/go/keto/swagger/get_ory_access_control_policy_role.go @@ -0,0 +1,18 @@ +/* + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * Generated by: https://github.com/swagger-api/swagger-codegen.git + */ + +package swagger + +type GetOryAccessControlPolicyRole struct { + + // The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + Flavor string `json:"flavor"` + + // The ID of the ORY Access Control Policy Role. in: path + Id string `json:"id"` +} diff --git a/sdk/go/keto/swagger/health_api.go b/sdk/go/keto/swagger/health_api.go index 86fdd3e6e..fddd92645 100644 --- a/sdk/go/keto/swagger/health_api.go +++ b/sdk/go/keto/swagger/health_api.go @@ -2,7 +2,7 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git */ @@ -35,8 +35,8 @@ func NewHealthApiWithBasePath(basePath string) *HealthApi { } /** - * Check the Alive Status - * This endpoint returns a 200 status code when the HTTP server is up running. This status does currently not include checks whether the database connection is working. This endpoint does not require the `X-Forwarded-Proto` header when TLS termination is set. Be aware that if you are running multiple nodes of ORY Keto, the health status will never refer to the cluster state, only to a single instance. + * Check alive status + * This endpoint returns a 200 status code when the HTTP server is up running. This status does currently not include checks whether the database connection is working. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. * * @return *HealthStatus */ @@ -94,8 +94,8 @@ func (a HealthApi) IsInstanceAlive() (*HealthStatus, *APIResponse, error) { } /** - * Check the Readiness Status - * This endpoint returns a 200 status code when the HTTP server is up running and the environment dependencies (e.g. the database) are responsive as well. This status does currently not include checks whether the database connection is working. This endpoint does not require the `X-Forwarded-Proto` header when TLS termination is set. Be aware that if you are running multiple nodes of ORY Keto, the health status will never refer to the cluster state, only to a single instance. + * Check readiness status + * This endpoint returns a 200 status code when the HTTP server is up running and the environment dependencies (e.g. the database) are responsive as well. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. * * @return *HealthStatus */ diff --git a/sdk/go/keto/swagger/health_not_ready_status.go b/sdk/go/keto/swagger/health_not_ready_status.go index 72d26ac95..61a2fe2ca 100644 --- a/sdk/go/keto/swagger/health_not_ready_status.go +++ b/sdk/go/keto/swagger/health_not_ready_status.go @@ -2,7 +2,7 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git */ diff --git a/sdk/go/keto/swagger/health_status.go b/sdk/go/keto/swagger/health_status.go index acbec5107..7bbe24864 100644 --- a/sdk/go/keto/swagger/health_status.go +++ b/sdk/go/keto/swagger/health_status.go @@ -2,7 +2,7 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git */ diff --git a/sdk/go/keto/swagger/inline_response_500.go b/sdk/go/keto/swagger/inline_response_500.go index 8356ece18..2a43c1cb3 100644 --- a/sdk/go/keto/swagger/inline_response_500.go +++ b/sdk/go/keto/swagger/inline_response_500.go @@ -2,7 +2,7 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git */ diff --git a/sdk/go/keto/swagger/introspection_response.go b/sdk/go/keto/swagger/introspection_response.go deleted file mode 100644 index 310f196f5..000000000 --- a/sdk/go/keto/swagger/introspection_response.go +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -type IntrospectionResponse struct { - Active bool `json:"active,omitempty"` - - Aud []string `json:"aud,omitempty"` - - ClientId string `json:"client_id,omitempty"` - - Exp int64 `json:"exp,omitempty"` - - // Session represents arbitrary session data. - Ext map[string]interface{} `json:"ext,omitempty"` - - Iat int64 `json:"iat,omitempty"` - - Iss string `json:"iss,omitempty"` - - Nbf int64 `json:"nbf,omitempty"` - - Scope string `json:"scope,omitempty"` - - // Here, it's sub - Sub string `json:"sub,omitempty"` - - TokenType string `json:"token_type,omitempty"` - - Username string `json:"username,omitempty"` -} diff --git a/sdk/go/keto/swagger/list_ory_access_control_policies.go b/sdk/go/keto/swagger/list_ory_access_control_policies.go new file mode 100644 index 000000000..25baa8911 --- /dev/null +++ b/sdk/go/keto/swagger/list_ory_access_control_policies.go @@ -0,0 +1,21 @@ +/* + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * Generated by: https://github.com/swagger-api/swagger-codegen.git + */ + +package swagger + +type ListOryAccessControlPolicies struct { + + // The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" in: path + Flavor string `json:"flavor"` + + // The maximum amount of policies returned. in: query + Limit int64 `json:"limit,omitempty"` + + // The offset from where to start looking. in: query + Offset int64 `json:"offset,omitempty"` +} diff --git a/sdk/go/keto/swagger/list_ory_access_control_policy_roles.go b/sdk/go/keto/swagger/list_ory_access_control_policy_roles.go new file mode 100644 index 000000000..86f284893 --- /dev/null +++ b/sdk/go/keto/swagger/list_ory_access_control_policy_roles.go @@ -0,0 +1,21 @@ +/* + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * Generated by: https://github.com/swagger-api/swagger-codegen.git + */ + +package swagger + +type ListOryAccessControlPolicyRoles struct { + + // The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" in: path + Flavor string `json:"flavor"` + + // The maximum amount of policies returned. in: query + Limit int64 `json:"limit,omitempty"` + + // The offset from where to start looking. in: query + Offset int64 `json:"offset,omitempty"` +} diff --git a/sdk/go/keto/swagger/o_auth2_client_credentials_authentication.go b/sdk/go/keto/swagger/o_auth2_client_credentials_authentication.go deleted file mode 100644 index 9021d985a..000000000 --- a/sdk/go/keto/swagger/o_auth2_client_credentials_authentication.go +++ /dev/null @@ -1,12 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -type OAuth2ClientCredentialsAuthentication struct { -} diff --git a/sdk/go/keto/swagger/o_auth2_introspection_authentication.go b/sdk/go/keto/swagger/o_auth2_introspection_authentication.go deleted file mode 100644 index 055705f0d..000000000 --- a/sdk/go/keto/swagger/o_auth2_introspection_authentication.go +++ /dev/null @@ -1,12 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -type OAuth2IntrospectionAuthentication struct { -} diff --git a/sdk/go/keto/swagger/handler.go b/sdk/go/keto/swagger/ory_access_control_policies.go similarity index 54% rename from sdk/go/keto/swagger/handler.go rename to sdk/go/keto/swagger/ory_access_control_policies.go index 705d004b4..c9172b890 100644 --- a/sdk/go/keto/swagger/handler.go +++ b/sdk/go/keto/swagger/ory_access_control_policies.go @@ -2,14 +2,14 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git */ package swagger -type Handler struct { - H Writer `json:"H,omitempty"` +type OryAccessControlPolicies struct { - Manager Manager `json:"Manager,omitempty"` + // in: body + Body []OryAccessControlPolicy `json:"Body,omitempty"` } diff --git a/sdk/go/keto/swagger/ory_access_control_policy.go b/sdk/go/keto/swagger/ory_access_control_policy.go new file mode 100644 index 000000000..99a88f414 --- /dev/null +++ b/sdk/go/keto/swagger/ory_access_control_policy.go @@ -0,0 +1,33 @@ +/* + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * Generated by: https://github.com/swagger-api/swagger-codegen.git + */ + +package swagger + +type OryAccessControlPolicy struct { + + // Actions is an array representing all the actions this ORY Access Policy applies to. + Actions []string `json:"actions,omitempty"` + + // Conditions represents an array of conditions under which this ORY Access Policy is active. + Conditions []map[string]interface{} `json:"conditions,omitempty"` + + // Description is an optional, human-readable description. + Description string `json:"description,omitempty"` + + // Effect is the effect of this ORY Access Policy. It can be \"allow\" or \"deny\". + Effect string `json:"effect,omitempty"` + + // ID is the unique identifier of the ORY Access Policy. It is used to query, update, and remove the ORY Access Policy. + Id string `json:"id,omitempty"` + + // Resources is an array representing all the resources this ORY Access Policy applies to. + Resources []string `json:"resources,omitempty"` + + // Subjects is an array representing all the subjects this ORY Access Policy applies to. + Subjects []string `json:"subjects,omitempty"` +} diff --git a/sdk/go/keto/swagger/warden_subject_authorization_request.go b/sdk/go/keto/swagger/ory_access_control_policy_allowed_input.go similarity index 80% rename from sdk/go/keto/swagger/warden_subject_authorization_request.go rename to sdk/go/keto/swagger/ory_access_control_policy_allowed_input.go index 5fa024caf..697b13953 100644 --- a/sdk/go/keto/swagger/warden_subject_authorization_request.go +++ b/sdk/go/keto/swagger/ory_access_control_policy_allowed_input.go @@ -2,13 +2,13 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git */ package swagger -type WardenSubjectAuthorizationRequest struct { +type OryAccessControlPolicyAllowedInput struct { // Action is the action that is requested on the resource. Action string `json:"action,omitempty"` @@ -19,6 +19,6 @@ type WardenSubjectAuthorizationRequest struct { // Resource is the resource that access is requested to. Resource string `json:"resource,omitempty"` - // Subejct is the subject that is requesting access. + // Subject is the subject that is requesting access. Subject string `json:"subject,omitempty"` } diff --git a/sdk/go/keto/swagger/role.go b/sdk/go/keto/swagger/ory_access_control_policy_role.go similarity index 87% rename from sdk/go/keto/swagger/role.go rename to sdk/go/keto/swagger/ory_access_control_policy_role.go index d6499e555..799281a63 100644 --- a/sdk/go/keto/swagger/role.go +++ b/sdk/go/keto/swagger/ory_access_control_policy_role.go @@ -2,14 +2,14 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git */ package swagger // Role represents a group of users that share the same role. A role could be an administrator, a moderator, a regular user or some other sort of role. -type Role struct { +type OryAccessControlPolicyRole struct { // ID is the role's unique id. Id string `json:"id,omitempty"` diff --git a/sdk/go/keto/swagger/authenticator.go b/sdk/go/keto/swagger/ory_access_control_policy_roles.go similarity index 70% rename from sdk/go/keto/swagger/authenticator.go rename to sdk/go/keto/swagger/ory_access_control_policy_roles.go index 238a0a6f1..328e061d2 100644 --- a/sdk/go/keto/swagger/authenticator.go +++ b/sdk/go/keto/swagger/ory_access_control_policy_roles.go @@ -2,11 +2,11 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git */ package swagger -type Authenticator struct { +type OryAccessControlPolicyRoles struct { } diff --git a/sdk/go/keto/swagger/firewall.go b/sdk/go/keto/swagger/policies.go similarity index 77% rename from sdk/go/keto/swagger/firewall.go rename to sdk/go/keto/swagger/policies.go index bb3c6ff2f..b575db327 100644 --- a/sdk/go/keto/swagger/firewall.go +++ b/sdk/go/keto/swagger/policies.go @@ -2,11 +2,11 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git */ package swagger -type Firewall struct { +type Policies struct { } diff --git a/sdk/go/keto/swagger/policy.go b/sdk/go/keto/swagger/policy.go deleted file mode 100644 index c5821aa3b..000000000 --- a/sdk/go/keto/swagger/policy.go +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -type Policy struct { - - // Actions impacted by the policy. - Actions []string `json:"actions,omitempty"` - - // Conditions under which the policy is active. - Conditions map[string]PolicyConditions `json:"conditions,omitempty"` - - // Description of the policy. - Description string `json:"description,omitempty"` - - // Effect of the policy - Effect string `json:"effect,omitempty"` - - // ID of the policy. - Id string `json:"id,omitempty"` - - // Resources impacted by the policy. - Resources []string `json:"resources,omitempty"` - - // Subjects impacted by the policy. - Subjects []string `json:"subjects,omitempty"` -} diff --git a/sdk/go/keto/swagger/policy_api.go b/sdk/go/keto/swagger/policy_api.go deleted file mode 100644 index 9587a9d2e..000000000 --- a/sdk/go/keto/swagger/policy_api.go +++ /dev/null @@ -1,345 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -import ( - "encoding/json" - "fmt" - "net/url" - "strings" -) - -type PolicyApi struct { - Configuration *Configuration -} - -func NewPolicyApi() *PolicyApi { - configuration := NewConfiguration() - return &PolicyApi{ - Configuration: configuration, - } -} - -func NewPolicyApiWithBasePath(basePath string) *PolicyApi { - configuration := NewConfiguration() - configuration.BasePath = basePath - - return &PolicyApi{ - Configuration: configuration, - } -} - -/** - * - * Create an Access Control Policy - * - * @param body - * @return *Policy - */ -func (a PolicyApi) CreatePolicy(body Policy) (*Policy, *APIResponse, error) { - - var localVarHttpMethod = strings.ToUpper("Post") - // create path and map variables - localVarPath := a.Configuration.BasePath + "/policies" - - localVarHeaderParams := make(map[string]string) - localVarQueryParams := url.Values{} - localVarFormParams := make(map[string]string) - var localVarPostBody interface{} - var localVarFileName string - var localVarFileBytes []byte - // add default headers if any - for key := range a.Configuration.DefaultHeader { - localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] - } - - // to determine the Content-Type header - localVarHttpContentTypes := []string{"application/json"} - - // set Content-Type header - localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) - if localVarHttpContentType != "" { - localVarHeaderParams["Content-Type"] = localVarHttpContentType - } - // to determine the Accept header - localVarHttpHeaderAccepts := []string{ - "application/json", - } - - // set Accept header - localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) - if localVarHttpHeaderAccept != "" { - localVarHeaderParams["Accept"] = localVarHttpHeaderAccept - } - // body params - localVarPostBody = &body - var successPayload = new(Policy) - localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) - - var localVarURL, _ = url.Parse(localVarPath) - localVarURL.RawQuery = localVarQueryParams.Encode() - var localVarAPIResponse = &APIResponse{Operation: "CreatePolicy", Method: localVarHttpMethod, RequestURL: localVarURL.String()} - if localVarHttpResponse != nil { - localVarAPIResponse.Response = localVarHttpResponse.RawResponse - localVarAPIResponse.Payload = localVarHttpResponse.Body() - } - - if err != nil { - return successPayload, localVarAPIResponse, err - } - err = json.Unmarshal(localVarHttpResponse.Body(), &successPayload) - return successPayload, localVarAPIResponse, err -} - -/** - * - * Delete an Access Control Policy - * - * @param id The id of the policy. - * @return void - */ -func (a PolicyApi) DeletePolicy(id string) (*APIResponse, error) { - - var localVarHttpMethod = strings.ToUpper("Delete") - // create path and map variables - localVarPath := a.Configuration.BasePath + "/policies/{id}" - localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", fmt.Sprintf("%v", id), -1) - - localVarHeaderParams := make(map[string]string) - localVarQueryParams := url.Values{} - localVarFormParams := make(map[string]string) - var localVarPostBody interface{} - var localVarFileName string - var localVarFileBytes []byte - // add default headers if any - for key := range a.Configuration.DefaultHeader { - localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] - } - - // to determine the Content-Type header - localVarHttpContentTypes := []string{"application/json"} - - // set Content-Type header - localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) - if localVarHttpContentType != "" { - localVarHeaderParams["Content-Type"] = localVarHttpContentType - } - // to determine the Accept header - localVarHttpHeaderAccepts := []string{ - "application/json", - } - - // set Accept header - localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) - if localVarHttpHeaderAccept != "" { - localVarHeaderParams["Accept"] = localVarHttpHeaderAccept - } - localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) - - var localVarURL, _ = url.Parse(localVarPath) - localVarURL.RawQuery = localVarQueryParams.Encode() - var localVarAPIResponse = &APIResponse{Operation: "DeletePolicy", Method: localVarHttpMethod, RequestURL: localVarURL.String()} - if localVarHttpResponse != nil { - localVarAPIResponse.Response = localVarHttpResponse.RawResponse - localVarAPIResponse.Payload = localVarHttpResponse.Body() - } - - if err != nil { - return localVarAPIResponse, err - } - return localVarAPIResponse, err -} - -/** - * - * Get an Access Control Policy - * - * @param id The id of the policy. - * @return *Policy - */ -func (a PolicyApi) GetPolicy(id string) (*Policy, *APIResponse, error) { - - var localVarHttpMethod = strings.ToUpper("Get") - // create path and map variables - localVarPath := a.Configuration.BasePath + "/policies/{id}" - localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", fmt.Sprintf("%v", id), -1) - - localVarHeaderParams := make(map[string]string) - localVarQueryParams := url.Values{} - localVarFormParams := make(map[string]string) - var localVarPostBody interface{} - var localVarFileName string - var localVarFileBytes []byte - // add default headers if any - for key := range a.Configuration.DefaultHeader { - localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] - } - - // to determine the Content-Type header - localVarHttpContentTypes := []string{"application/json"} - - // set Content-Type header - localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) - if localVarHttpContentType != "" { - localVarHeaderParams["Content-Type"] = localVarHttpContentType - } - // to determine the Accept header - localVarHttpHeaderAccepts := []string{ - "application/json", - } - - // set Accept header - localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) - if localVarHttpHeaderAccept != "" { - localVarHeaderParams["Accept"] = localVarHttpHeaderAccept - } - var successPayload = new(Policy) - localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) - - var localVarURL, _ = url.Parse(localVarPath) - localVarURL.RawQuery = localVarQueryParams.Encode() - var localVarAPIResponse = &APIResponse{Operation: "GetPolicy", Method: localVarHttpMethod, RequestURL: localVarURL.String()} - if localVarHttpResponse != nil { - localVarAPIResponse.Response = localVarHttpResponse.RawResponse - localVarAPIResponse.Payload = localVarHttpResponse.Body() - } - - if err != nil { - return successPayload, localVarAPIResponse, err - } - err = json.Unmarshal(localVarHttpResponse.Body(), &successPayload) - return successPayload, localVarAPIResponse, err -} - -/** - * - * List Access Control Policies - * - * @param offset The offset from where to start looking. - * @param limit The maximum amount of policies returned. - * @return []Policy - */ -func (a PolicyApi) ListPolicies(offset int64, limit int64) ([]Policy, *APIResponse, error) { - - var localVarHttpMethod = strings.ToUpper("Get") - // create path and map variables - localVarPath := a.Configuration.BasePath + "/policies" - - localVarHeaderParams := make(map[string]string) - localVarQueryParams := url.Values{} - localVarFormParams := make(map[string]string) - var localVarPostBody interface{} - var localVarFileName string - var localVarFileBytes []byte - // add default headers if any - for key := range a.Configuration.DefaultHeader { - localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] - } - localVarQueryParams.Add("offset", a.Configuration.APIClient.ParameterToString(offset, "")) - localVarQueryParams.Add("limit", a.Configuration.APIClient.ParameterToString(limit, "")) - - // to determine the Content-Type header - localVarHttpContentTypes := []string{"application/json"} - - // set Content-Type header - localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) - if localVarHttpContentType != "" { - localVarHeaderParams["Content-Type"] = localVarHttpContentType - } - // to determine the Accept header - localVarHttpHeaderAccepts := []string{ - "application/json", - } - - // set Accept header - localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) - if localVarHttpHeaderAccept != "" { - localVarHeaderParams["Accept"] = localVarHttpHeaderAccept - } - var successPayload = new([]Policy) - localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) - - var localVarURL, _ = url.Parse(localVarPath) - localVarURL.RawQuery = localVarQueryParams.Encode() - var localVarAPIResponse = &APIResponse{Operation: "ListPolicies", Method: localVarHttpMethod, RequestURL: localVarURL.String()} - if localVarHttpResponse != nil { - localVarAPIResponse.Response = localVarHttpResponse.RawResponse - localVarAPIResponse.Payload = localVarHttpResponse.Body() - } - - if err != nil { - return *successPayload, localVarAPIResponse, err - } - err = json.Unmarshal(localVarHttpResponse.Body(), &successPayload) - return *successPayload, localVarAPIResponse, err -} - -/** - * - * Update an Access Control Policy - * - * @param id The id of the policy. - * @param body - * @return *Policy - */ -func (a PolicyApi) UpdatePolicy(id string, body Policy) (*Policy, *APIResponse, error) { - - var localVarHttpMethod = strings.ToUpper("Put") - // create path and map variables - localVarPath := a.Configuration.BasePath + "/policies/{id}" - localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", fmt.Sprintf("%v", id), -1) - - localVarHeaderParams := make(map[string]string) - localVarQueryParams := url.Values{} - localVarFormParams := make(map[string]string) - var localVarPostBody interface{} - var localVarFileName string - var localVarFileBytes []byte - // add default headers if any - for key := range a.Configuration.DefaultHeader { - localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] - } - - // to determine the Content-Type header - localVarHttpContentTypes := []string{"application/json"} - - // set Content-Type header - localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) - if localVarHttpContentType != "" { - localVarHeaderParams["Content-Type"] = localVarHttpContentType - } - // to determine the Accept header - localVarHttpHeaderAccepts := []string{ - "application/json", - } - - // set Accept header - localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) - if localVarHttpHeaderAccept != "" { - localVarHeaderParams["Accept"] = localVarHttpHeaderAccept - } - // body params - localVarPostBody = &body - var successPayload = new(Policy) - localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) - - var localVarURL, _ = url.Parse(localVarPath) - localVarURL.RawQuery = localVarQueryParams.Encode() - var localVarAPIResponse = &APIResponse{Operation: "UpdatePolicy", Method: localVarHttpMethod, RequestURL: localVarURL.String()} - if localVarHttpResponse != nil { - localVarAPIResponse.Response = localVarHttpResponse.RawResponse - localVarAPIResponse.Payload = localVarHttpResponse.Body() - } - - if err != nil { - return successPayload, localVarAPIResponse, err - } - err = json.Unmarshal(localVarHttpResponse.Body(), &successPayload) - return successPayload, localVarAPIResponse, err -} diff --git a/sdk/go/keto/swagger/remove_ory_access_control_policy_role_members.go b/sdk/go/keto/swagger/remove_ory_access_control_policy_role_members.go new file mode 100644 index 000000000..fe70d9cda --- /dev/null +++ b/sdk/go/keto/swagger/remove_ory_access_control_policy_role_members.go @@ -0,0 +1,19 @@ +/* + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * Generated by: https://github.com/swagger-api/swagger-codegen.git + */ + +package swagger + +type RemoveOryAccessControlPolicyRoleMembers struct { + Body RemoveOryAccessControlPolicyRoleMembersBody `json:"Body,omitempty"` + + // The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + Flavor string `json:"flavor"` + + // The ID of the ORY Access Control Policy Role. in: path + Id string `json:"id"` +} diff --git a/sdk/go/keto/swagger/policy_conditions.go b/sdk/go/keto/swagger/remove_ory_access_control_policy_role_members_body.go similarity index 50% rename from sdk/go/keto/swagger/policy_conditions.go rename to sdk/go/keto/swagger/remove_ory_access_control_policy_role_members_body.go index 95b22c0c4..a2448e170 100644 --- a/sdk/go/keto/swagger/policy_conditions.go +++ b/sdk/go/keto/swagger/remove_ory_access_control_policy_role_members_body.go @@ -2,14 +2,14 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git */ package swagger -type PolicyConditions struct { - Options map[string]interface{} `json:"options,omitempty"` +type RemoveOryAccessControlPolicyRoleMembersBody struct { - Type_ string `json:"type,omitempty"` + // The members to be removed. + Members []string `json:"members,omitempty"` } diff --git a/sdk/go/keto/swagger/role_api.go b/sdk/go/keto/swagger/role_api.go deleted file mode 100644 index 36fafb754..000000000 --- a/sdk/go/keto/swagger/role_api.go +++ /dev/null @@ -1,464 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -import ( - "encoding/json" - "fmt" - "net/url" - "strings" -) - -type RoleApi struct { - Configuration *Configuration -} - -func NewRoleApi() *RoleApi { - configuration := NewConfiguration() - return &RoleApi{ - Configuration: configuration, - } -} - -func NewRoleApiWithBasePath(basePath string) *RoleApi { - configuration := NewConfiguration() - configuration.BasePath = basePath - - return &RoleApi{ - Configuration: configuration, - } -} - -/** - * Add members to a role - * A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to add members (users, applications, ...) to a specific role. You have to know the role's ID. - * - * @param id The id of the role to modify. - * @param body - * @return void - */ -func (a RoleApi) AddMembersToRole(id string, body RoleMembers) (*APIResponse, error) { - - var localVarHttpMethod = strings.ToUpper("Post") - // create path and map variables - localVarPath := a.Configuration.BasePath + "/roles/{id}/members" - localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", fmt.Sprintf("%v", id), -1) - - localVarHeaderParams := make(map[string]string) - localVarQueryParams := url.Values{} - localVarFormParams := make(map[string]string) - var localVarPostBody interface{} - var localVarFileName string - var localVarFileBytes []byte - // add default headers if any - for key := range a.Configuration.DefaultHeader { - localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] - } - - // to determine the Content-Type header - localVarHttpContentTypes := []string{"application/json"} - - // set Content-Type header - localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) - if localVarHttpContentType != "" { - localVarHeaderParams["Content-Type"] = localVarHttpContentType - } - // to determine the Accept header - localVarHttpHeaderAccepts := []string{ - "application/json", - } - - // set Accept header - localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) - if localVarHttpHeaderAccept != "" { - localVarHeaderParams["Accept"] = localVarHttpHeaderAccept - } - // body params - localVarPostBody = &body - localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) - - var localVarURL, _ = url.Parse(localVarPath) - localVarURL.RawQuery = localVarQueryParams.Encode() - var localVarAPIResponse = &APIResponse{Operation: "AddMembersToRole", Method: localVarHttpMethod, RequestURL: localVarURL.String()} - if localVarHttpResponse != nil { - localVarAPIResponse.Response = localVarHttpResponse.RawResponse - localVarAPIResponse.Payload = localVarHttpResponse.Body() - } - - if err != nil { - return localVarAPIResponse, err - } - return localVarAPIResponse, err -} - -/** - * Create a role - * A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to create a new role. You may define members as well but you don't have to. - * - * @param body - * @return *Role - */ -func (a RoleApi) CreateRole(body Role) (*Role, *APIResponse, error) { - - var localVarHttpMethod = strings.ToUpper("Post") - // create path and map variables - localVarPath := a.Configuration.BasePath + "/roles" - - localVarHeaderParams := make(map[string]string) - localVarQueryParams := url.Values{} - localVarFormParams := make(map[string]string) - var localVarPostBody interface{} - var localVarFileName string - var localVarFileBytes []byte - // add default headers if any - for key := range a.Configuration.DefaultHeader { - localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] - } - - // to determine the Content-Type header - localVarHttpContentTypes := []string{"application/json"} - - // set Content-Type header - localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) - if localVarHttpContentType != "" { - localVarHeaderParams["Content-Type"] = localVarHttpContentType - } - // to determine the Accept header - localVarHttpHeaderAccepts := []string{ - "application/json", - } - - // set Accept header - localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) - if localVarHttpHeaderAccept != "" { - localVarHeaderParams["Accept"] = localVarHttpHeaderAccept - } - // body params - localVarPostBody = &body - var successPayload = new(Role) - localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) - - var localVarURL, _ = url.Parse(localVarPath) - localVarURL.RawQuery = localVarQueryParams.Encode() - var localVarAPIResponse = &APIResponse{Operation: "CreateRole", Method: localVarHttpMethod, RequestURL: localVarURL.String()} - if localVarHttpResponse != nil { - localVarAPIResponse.Response = localVarHttpResponse.RawResponse - localVarAPIResponse.Payload = localVarHttpResponse.Body() - } - - if err != nil { - return successPayload, localVarAPIResponse, err - } - err = json.Unmarshal(localVarHttpResponse.Body(), &successPayload) - return successPayload, localVarAPIResponse, err -} - -/** - * Get a role by its ID - * A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to delete an existing role. You have to know the role's ID. - * - * @param id The id of the role to look up. - * @return void - */ -func (a RoleApi) DeleteRole(id string) (*APIResponse, error) { - - var localVarHttpMethod = strings.ToUpper("Delete") - // create path and map variables - localVarPath := a.Configuration.BasePath + "/roles/{id}" - localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", fmt.Sprintf("%v", id), -1) - - localVarHeaderParams := make(map[string]string) - localVarQueryParams := url.Values{} - localVarFormParams := make(map[string]string) - var localVarPostBody interface{} - var localVarFileName string - var localVarFileBytes []byte - // add default headers if any - for key := range a.Configuration.DefaultHeader { - localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] - } - - // to determine the Content-Type header - localVarHttpContentTypes := []string{"application/json"} - - // set Content-Type header - localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) - if localVarHttpContentType != "" { - localVarHeaderParams["Content-Type"] = localVarHttpContentType - } - // to determine the Accept header - localVarHttpHeaderAccepts := []string{ - "application/json", - } - - // set Accept header - localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) - if localVarHttpHeaderAccept != "" { - localVarHeaderParams["Accept"] = localVarHttpHeaderAccept - } - localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) - - var localVarURL, _ = url.Parse(localVarPath) - localVarURL.RawQuery = localVarQueryParams.Encode() - var localVarAPIResponse = &APIResponse{Operation: "DeleteRole", Method: localVarHttpMethod, RequestURL: localVarURL.String()} - if localVarHttpResponse != nil { - localVarAPIResponse.Response = localVarHttpResponse.RawResponse - localVarAPIResponse.Payload = localVarHttpResponse.Body() - } - - if err != nil { - return localVarAPIResponse, err - } - return localVarAPIResponse, err -} - -/** - * Get a role by its ID - * A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to retrieve an existing role. You have to know the role's ID. - * - * @param id The id of the role to look up. - * @return *Role - */ -func (a RoleApi) GetRole(id string) (*Role, *APIResponse, error) { - - var localVarHttpMethod = strings.ToUpper("Get") - // create path and map variables - localVarPath := a.Configuration.BasePath + "/roles/{id}" - localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", fmt.Sprintf("%v", id), -1) - - localVarHeaderParams := make(map[string]string) - localVarQueryParams := url.Values{} - localVarFormParams := make(map[string]string) - var localVarPostBody interface{} - var localVarFileName string - var localVarFileBytes []byte - // add default headers if any - for key := range a.Configuration.DefaultHeader { - localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] - } - - // to determine the Content-Type header - localVarHttpContentTypes := []string{"application/json"} - - // set Content-Type header - localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) - if localVarHttpContentType != "" { - localVarHeaderParams["Content-Type"] = localVarHttpContentType - } - // to determine the Accept header - localVarHttpHeaderAccepts := []string{ - "application/json", - } - - // set Accept header - localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) - if localVarHttpHeaderAccept != "" { - localVarHeaderParams["Accept"] = localVarHttpHeaderAccept - } - var successPayload = new(Role) - localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) - - var localVarURL, _ = url.Parse(localVarPath) - localVarURL.RawQuery = localVarQueryParams.Encode() - var localVarAPIResponse = &APIResponse{Operation: "GetRole", Method: localVarHttpMethod, RequestURL: localVarURL.String()} - if localVarHttpResponse != nil { - localVarAPIResponse.Response = localVarHttpResponse.RawResponse - localVarAPIResponse.Payload = localVarHttpResponse.Body() - } - - if err != nil { - return successPayload, localVarAPIResponse, err - } - err = json.Unmarshal(localVarHttpResponse.Body(), &successPayload) - return successPayload, localVarAPIResponse, err -} - -/** - * List all roles - * A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to retrieve all roles that are stored in the system. - * - * @param member The id of the member to look up. - * @param limit The maximum amount of policies returned. - * @param offset The offset from where to start looking. - * @return []Role - */ -func (a RoleApi) ListRoles(member string, limit int64, offset int64) ([]Role, *APIResponse, error) { - - var localVarHttpMethod = strings.ToUpper("Get") - // create path and map variables - localVarPath := a.Configuration.BasePath + "/roles" - - localVarHeaderParams := make(map[string]string) - localVarQueryParams := url.Values{} - localVarFormParams := make(map[string]string) - var localVarPostBody interface{} - var localVarFileName string - var localVarFileBytes []byte - // add default headers if any - for key := range a.Configuration.DefaultHeader { - localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] - } - localVarQueryParams.Add("member", a.Configuration.APIClient.ParameterToString(member, "")) - localVarQueryParams.Add("limit", a.Configuration.APIClient.ParameterToString(limit, "")) - localVarQueryParams.Add("offset", a.Configuration.APIClient.ParameterToString(offset, "")) - - // to determine the Content-Type header - localVarHttpContentTypes := []string{"application/json"} - - // set Content-Type header - localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) - if localVarHttpContentType != "" { - localVarHeaderParams["Content-Type"] = localVarHttpContentType - } - // to determine the Accept header - localVarHttpHeaderAccepts := []string{ - "application/json", - } - - // set Accept header - localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) - if localVarHttpHeaderAccept != "" { - localVarHeaderParams["Accept"] = localVarHttpHeaderAccept - } - var successPayload = new([]Role) - localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) - - var localVarURL, _ = url.Parse(localVarPath) - localVarURL.RawQuery = localVarQueryParams.Encode() - var localVarAPIResponse = &APIResponse{Operation: "ListRoles", Method: localVarHttpMethod, RequestURL: localVarURL.String()} - if localVarHttpResponse != nil { - localVarAPIResponse.Response = localVarHttpResponse.RawResponse - localVarAPIResponse.Payload = localVarHttpResponse.Body() - } - - if err != nil { - return *successPayload, localVarAPIResponse, err - } - err = json.Unmarshal(localVarHttpResponse.Body(), &successPayload) - return *successPayload, localVarAPIResponse, err -} - -/** - * Remove members from a role - * A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to remove members (users, applications, ...) from a specific role. You have to know the role's ID. - * - * @param id The id of the role to modify. - * @param body - * @return void - */ -func (a RoleApi) RemoveMembersFromRole(id string, body RoleMembers) (*APIResponse, error) { - - var localVarHttpMethod = strings.ToUpper("Delete") - // create path and map variables - localVarPath := a.Configuration.BasePath + "/roles/{id}/members" - localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", fmt.Sprintf("%v", id), -1) - - localVarHeaderParams := make(map[string]string) - localVarQueryParams := url.Values{} - localVarFormParams := make(map[string]string) - var localVarPostBody interface{} - var localVarFileName string - var localVarFileBytes []byte - // add default headers if any - for key := range a.Configuration.DefaultHeader { - localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] - } - - // to determine the Content-Type header - localVarHttpContentTypes := []string{"application/json"} - - // set Content-Type header - localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) - if localVarHttpContentType != "" { - localVarHeaderParams["Content-Type"] = localVarHttpContentType - } - // to determine the Accept header - localVarHttpHeaderAccepts := []string{ - "application/json", - } - - // set Accept header - localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) - if localVarHttpHeaderAccept != "" { - localVarHeaderParams["Accept"] = localVarHttpHeaderAccept - } - // body params - localVarPostBody = &body - localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) - - var localVarURL, _ = url.Parse(localVarPath) - localVarURL.RawQuery = localVarQueryParams.Encode() - var localVarAPIResponse = &APIResponse{Operation: "RemoveMembersFromRole", Method: localVarHttpMethod, RequestURL: localVarURL.String()} - if localVarHttpResponse != nil { - localVarAPIResponse.Response = localVarHttpResponse.RawResponse - localVarAPIResponse.Payload = localVarHttpResponse.Body() - } - - if err != nil { - return localVarAPIResponse, err - } - return localVarAPIResponse, err -} - -/** - * A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. - * This endpoint allows you to overwrite a role. You have to know the role's ID. - * - * @return void - */ -func (a RoleApi) SetRole() (*APIResponse, error) { - - var localVarHttpMethod = strings.ToUpper("Put") - // create path and map variables - localVarPath := a.Configuration.BasePath + "/roles/{id}" - - localVarHeaderParams := make(map[string]string) - localVarQueryParams := url.Values{} - localVarFormParams := make(map[string]string) - var localVarPostBody interface{} - var localVarFileName string - var localVarFileBytes []byte - // add default headers if any - for key := range a.Configuration.DefaultHeader { - localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] - } - - // to determine the Content-Type header - localVarHttpContentTypes := []string{"application/json"} - - // set Content-Type header - localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) - if localVarHttpContentType != "" { - localVarHeaderParams["Content-Type"] = localVarHttpContentType - } - // to determine the Accept header - localVarHttpHeaderAccepts := []string{ - "application/json", - } - - // set Accept header - localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) - if localVarHttpHeaderAccept != "" { - localVarHeaderParams["Accept"] = localVarHttpHeaderAccept - } - localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) - - var localVarURL, _ = url.Parse(localVarPath) - localVarURL.RawQuery = localVarQueryParams.Encode() - var localVarAPIResponse = &APIResponse{Operation: "SetRole", Method: localVarHttpMethod, RequestURL: localVarURL.String()} - if localVarHttpResponse != nil { - localVarAPIResponse.Response = localVarHttpResponse.RawResponse - localVarAPIResponse.Payload = localVarHttpResponse.Body() - } - - if err != nil { - return localVarAPIResponse, err - } - return localVarAPIResponse, err -} diff --git a/sdk/go/keto/swagger/session.go b/sdk/go/keto/swagger/session.go deleted file mode 100644 index 555a5897e..000000000 --- a/sdk/go/keto/swagger/session.go +++ /dev/null @@ -1,13 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -type Session struct { - GetSubject string `json:"GetSubject,omitempty"` -} diff --git a/sdk/go/keto/swagger/swagger_create_policy_parameters.go b/sdk/go/keto/swagger/swagger_create_policy_parameters.go deleted file mode 100644 index 2e041d642..000000000 --- a/sdk/go/keto/swagger/swagger_create_policy_parameters.go +++ /dev/null @@ -1,13 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -type SwaggerCreatePolicyParameters struct { - Body Policy `json:"Body,omitempty"` -} diff --git a/sdk/go/keto/swagger/swagger_does_warden_allow_access_request_parameters.go b/sdk/go/keto/swagger/swagger_does_warden_allow_access_request_parameters.go deleted file mode 100644 index 8486b2872..000000000 --- a/sdk/go/keto/swagger/swagger_does_warden_allow_access_request_parameters.go +++ /dev/null @@ -1,13 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -type SwaggerDoesWardenAllowAccessRequestParameters struct { - Body WardenSubjectAuthorizationRequest `json:"Body,omitempty"` -} diff --git a/sdk/go/keto/swagger/swagger_does_warden_allow_client_request_parameters.go b/sdk/go/keto/swagger/swagger_does_warden_allow_client_request_parameters.go deleted file mode 100644 index a28cd12fe..000000000 --- a/sdk/go/keto/swagger/swagger_does_warden_allow_client_request_parameters.go +++ /dev/null @@ -1,13 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -type SwaggerDoesWardenAllowClientRequestParameters struct { - Body WardenOAuth2ClientAuthorizationRequest `json:"Body,omitempty"` -} diff --git a/sdk/go/keto/swagger/swagger_does_warden_allow_token_access_request_parameters.go b/sdk/go/keto/swagger/swagger_does_warden_allow_token_access_request_parameters.go deleted file mode 100644 index 152958e2f..000000000 --- a/sdk/go/keto/swagger/swagger_does_warden_allow_token_access_request_parameters.go +++ /dev/null @@ -1,13 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -type SwaggerDoesWardenAllowTokenAccessRequestParameters struct { - Body WardenOAuth2AccessTokenAuthorizationRequest `json:"Body,omitempty"` -} diff --git a/sdk/go/keto/swagger/swagger_get_policy_parameters.go b/sdk/go/keto/swagger/swagger_get_policy_parameters.go deleted file mode 100644 index f4dbc2e6e..000000000 --- a/sdk/go/keto/swagger/swagger_get_policy_parameters.go +++ /dev/null @@ -1,15 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -type SwaggerGetPolicyParameters struct { - - // The id of the policy. in: path - Id string `json:"id,omitempty"` -} diff --git a/sdk/go/keto/swagger/swagger_list_policy_parameters.go b/sdk/go/keto/swagger/swagger_list_policy_parameters.go deleted file mode 100644 index 2f5c98b77..000000000 --- a/sdk/go/keto/swagger/swagger_list_policy_parameters.go +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -type SwaggerListPolicyParameters struct { - - // The maximum amount of policies returned. in: query - Limit int64 `json:"limit,omitempty"` - - // The offset from where to start looking. in: query - Offset int64 `json:"offset,omitempty"` -} diff --git a/sdk/go/keto/swagger/swagger_list_policy_response.go b/sdk/go/keto/swagger/swagger_list_policy_response.go deleted file mode 100644 index 883cb42f7..000000000 --- a/sdk/go/keto/swagger/swagger_list_policy_response.go +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -// A policy -type SwaggerListPolicyResponse struct { - - // in: body type: array - Body []Policy `json:"Body,omitempty"` -} diff --git a/sdk/go/keto/swagger/swagger_update_policy_parameters.go b/sdk/go/keto/swagger/swagger_update_policy_parameters.go deleted file mode 100644 index dce4ea6ec..000000000 --- a/sdk/go/keto/swagger/swagger_update_policy_parameters.go +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -type SwaggerUpdatePolicyParameters struct { - Body Policy `json:"Body,omitempty"` - - // The id of the policy. in: path - Id string `json:"id,omitempty"` -} diff --git a/sdk/go/keto/swagger/swagger_warden_base_request.go b/sdk/go/keto/swagger/swagger_warden_base_request.go deleted file mode 100644 index 2ba953473..000000000 --- a/sdk/go/keto/swagger/swagger_warden_base_request.go +++ /dev/null @@ -1,22 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -// swager:model authorizedBaseRequest -type SwaggerWardenBaseRequest struct { - - // Action is the action that is requested on the resource. - Action string `json:"action,omitempty"` - - // Context is the request's environmental context. - Context map[string]interface{} `json:"context,omitempty"` - - // Resource is the resource that access is requested to. - Resource string `json:"resource,omitempty"` -} diff --git a/sdk/go/keto/swagger/upsert_ory_access_control_policy.go b/sdk/go/keto/swagger/upsert_ory_access_control_policy.go new file mode 100644 index 000000000..86f5a62e1 --- /dev/null +++ b/sdk/go/keto/swagger/upsert_ory_access_control_policy.go @@ -0,0 +1,16 @@ +/* + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * Generated by: https://github.com/swagger-api/swagger-codegen.git + */ + +package swagger + +type UpsertOryAccessControlPolicy struct { + Body OryAccessControlPolicy `json:"Body,omitempty"` + + // The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + Flavor string `json:"flavor"` +} diff --git a/sdk/go/keto/swagger/upsert_ory_access_control_policy_role.go b/sdk/go/keto/swagger/upsert_ory_access_control_policy_role.go new file mode 100644 index 000000000..0432cb450 --- /dev/null +++ b/sdk/go/keto/swagger/upsert_ory_access_control_policy_role.go @@ -0,0 +1,16 @@ +/* + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * Generated by: https://github.com/swagger-api/swagger-codegen.git + */ + +package swagger + +type UpsertOryAccessControlPolicyRole struct { + Body OryAccessControlPolicyRole `json:"Body,omitempty"` + + // The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + Flavor string `json:"flavor"` +} diff --git a/sdk/go/keto/swagger/version.go b/sdk/go/keto/swagger/version.go index c232b3e2a..ab1a82fc2 100644 --- a/sdk/go/keto/swagger/version.go +++ b/sdk/go/keto/swagger/version.go @@ -2,12 +2,14 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git */ package swagger type Version struct { + + // Version is the service's version. Version string `json:"version,omitempty"` } diff --git a/sdk/go/keto/swagger/version_api.go b/sdk/go/keto/swagger/version_api.go index 95dbd9beb..f7f6643e1 100644 --- a/sdk/go/keto/swagger/version_api.go +++ b/sdk/go/keto/swagger/version_api.go @@ -2,7 +2,7 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git */ @@ -35,8 +35,8 @@ func NewVersionApiWithBasePath(basePath string) *VersionApi { } /** - * Get the version of Keto - * This endpoint returns the version as `{ \"version\": \"VERSION\" }`. The version is only correct with the prebuilt binary and not custom builds. + * Get service version + * This endpoint returns the service version typically notated using semantic versioning. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. * * @return *Version */ diff --git a/sdk/go/keto/swagger/warden_api.go b/sdk/go/keto/swagger/warden_api.go deleted file mode 100644 index 33ccb2d55..000000000 --- a/sdk/go/keto/swagger/warden_api.go +++ /dev/null @@ -1,221 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -import ( - "encoding/json" - "net/url" - "strings" -) - -type WardenApi struct { - Configuration *Configuration -} - -func NewWardenApi() *WardenApi { - configuration := NewConfiguration() - return &WardenApi{ - Configuration: configuration, - } -} - -func NewWardenApiWithBasePath(basePath string) *WardenApi { - configuration := NewConfiguration() - configuration.BasePath = basePath - - return &WardenApi{ - Configuration: configuration, - } -} - -/** - * Check if an OAuth 2.0 access token is authorized to access a resource - * Checks if a token is valid and if the token subject is allowed to perform an action on a resource. This endpoint requires a token, a scope, a resource name, an action name and a context. If a token is expired/invalid, has not been granted the requested scope or the subject is not allowed to perform the action on the resource, this endpoint returns a 200 response with `{ \"allowed\": false }`. This endpoint passes all data from the upstream OAuth 2.0 token introspection endpoint. If you use ORY Hydra as an upstream OAuth 2.0 provider, data set through the `accessTokenExtra` field in the consent flow will be included in this response as well. - * - * @param body - * @return *WardenOAuth2AccessTokenAuthorizationResponse - */ -func (a WardenApi) IsOAuth2AccessTokenAuthorized(body WardenOAuth2AccessTokenAuthorizationRequest) (*WardenOAuth2AccessTokenAuthorizationResponse, *APIResponse, error) { - - var localVarHttpMethod = strings.ToUpper("Post") - // create path and map variables - localVarPath := a.Configuration.BasePath + "/warden/oauth2/access-tokens/authorize" - - localVarHeaderParams := make(map[string]string) - localVarQueryParams := url.Values{} - localVarFormParams := make(map[string]string) - var localVarPostBody interface{} - var localVarFileName string - var localVarFileBytes []byte - // add default headers if any - for key := range a.Configuration.DefaultHeader { - localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] - } - - // to determine the Content-Type header - localVarHttpContentTypes := []string{"application/json"} - - // set Content-Type header - localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) - if localVarHttpContentType != "" { - localVarHeaderParams["Content-Type"] = localVarHttpContentType - } - // to determine the Accept header - localVarHttpHeaderAccepts := []string{ - "application/json", - } - - // set Accept header - localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) - if localVarHttpHeaderAccept != "" { - localVarHeaderParams["Accept"] = localVarHttpHeaderAccept - } - // body params - localVarPostBody = &body - var successPayload = new(WardenOAuth2AccessTokenAuthorizationResponse) - localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) - - var localVarURL, _ = url.Parse(localVarPath) - localVarURL.RawQuery = localVarQueryParams.Encode() - var localVarAPIResponse = &APIResponse{Operation: "IsOAuth2AccessTokenAuthorized", Method: localVarHttpMethod, RequestURL: localVarURL.String()} - if localVarHttpResponse != nil { - localVarAPIResponse.Response = localVarHttpResponse.RawResponse - localVarAPIResponse.Payload = localVarHttpResponse.Body() - } - - if err != nil { - return successPayload, localVarAPIResponse, err - } - err = json.Unmarshal(localVarHttpResponse.Body(), &successPayload) - return successPayload, localVarAPIResponse, err -} - -/** - * Check if an OAuth 2.0 Client is authorized to access a resource - * Checks if an OAuth 2.0 Client provided the correct access credentials and and if the client is allowed to perform an action on a resource. This endpoint requires a client id, a client secret, a scope, a resource name, an action name and a context. - * - * @param body - * @return *WardenOAuth2ClientAuthorizationResponse - */ -func (a WardenApi) IsOAuth2ClientAuthorized(body WardenOAuth2ClientAuthorizationRequest) (*WardenOAuth2ClientAuthorizationResponse, *APIResponse, error) { - - var localVarHttpMethod = strings.ToUpper("Post") - // create path and map variables - localVarPath := a.Configuration.BasePath + "/warden/oauth2/clients/authorize" - - localVarHeaderParams := make(map[string]string) - localVarQueryParams := url.Values{} - localVarFormParams := make(map[string]string) - var localVarPostBody interface{} - var localVarFileName string - var localVarFileBytes []byte - // add default headers if any - for key := range a.Configuration.DefaultHeader { - localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] - } - - // to determine the Content-Type header - localVarHttpContentTypes := []string{"application/json"} - - // set Content-Type header - localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) - if localVarHttpContentType != "" { - localVarHeaderParams["Content-Type"] = localVarHttpContentType - } - // to determine the Accept header - localVarHttpHeaderAccepts := []string{ - "application/json", - } - - // set Accept header - localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) - if localVarHttpHeaderAccept != "" { - localVarHeaderParams["Accept"] = localVarHttpHeaderAccept - } - // body params - localVarPostBody = &body - var successPayload = new(WardenOAuth2ClientAuthorizationResponse) - localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) - - var localVarURL, _ = url.Parse(localVarPath) - localVarURL.RawQuery = localVarQueryParams.Encode() - var localVarAPIResponse = &APIResponse{Operation: "IsOAuth2ClientAuthorized", Method: localVarHttpMethod, RequestURL: localVarURL.String()} - if localVarHttpResponse != nil { - localVarAPIResponse.Response = localVarHttpResponse.RawResponse - localVarAPIResponse.Payload = localVarHttpResponse.Body() - } - - if err != nil { - return successPayload, localVarAPIResponse, err - } - err = json.Unmarshal(localVarHttpResponse.Body(), &successPayload) - return successPayload, localVarAPIResponse, err -} - -/** - * Check if a subject is authorized to access a resource - * Checks if a subject (e.g. user ID, API key, ...) is allowed to perform a certain action on a resource. - * - * @param body - * @return *WardenSubjectAuthorizationResponse - */ -func (a WardenApi) IsSubjectAuthorized(body WardenSubjectAuthorizationRequest) (*WardenSubjectAuthorizationResponse, *APIResponse, error) { - - var localVarHttpMethod = strings.ToUpper("Post") - // create path and map variables - localVarPath := a.Configuration.BasePath + "/warden/subjects/authorize" - - localVarHeaderParams := make(map[string]string) - localVarQueryParams := url.Values{} - localVarFormParams := make(map[string]string) - var localVarPostBody interface{} - var localVarFileName string - var localVarFileBytes []byte - // add default headers if any - for key := range a.Configuration.DefaultHeader { - localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] - } - - // to determine the Content-Type header - localVarHttpContentTypes := []string{"application/json"} - - // set Content-Type header - localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) - if localVarHttpContentType != "" { - localVarHeaderParams["Content-Type"] = localVarHttpContentType - } - // to determine the Accept header - localVarHttpHeaderAccepts := []string{ - "application/json", - } - - // set Accept header - localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) - if localVarHttpHeaderAccept != "" { - localVarHeaderParams["Accept"] = localVarHttpHeaderAccept - } - // body params - localVarPostBody = &body - var successPayload = new(WardenSubjectAuthorizationResponse) - localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) - - var localVarURL, _ = url.Parse(localVarPath) - localVarURL.RawQuery = localVarQueryParams.Encode() - var localVarAPIResponse = &APIResponse{Operation: "IsSubjectAuthorized", Method: localVarHttpMethod, RequestURL: localVarURL.String()} - if localVarHttpResponse != nil { - localVarAPIResponse.Response = localVarHttpResponse.RawResponse - localVarAPIResponse.Payload = localVarHttpResponse.Body() - } - - if err != nil { - return successPayload, localVarAPIResponse, err - } - err = json.Unmarshal(localVarHttpResponse.Body(), &successPayload) - return successPayload, localVarAPIResponse, err -} diff --git a/sdk/go/keto/swagger/warden_o_auth2_access_token_authorization_request.go b/sdk/go/keto/swagger/warden_o_auth2_access_token_authorization_request.go deleted file mode 100644 index c9142f45c..000000000 --- a/sdk/go/keto/swagger/warden_o_auth2_access_token_authorization_request.go +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -type WardenOAuth2AccessTokenAuthorizationRequest struct { - - // Action is the action that is requested on the resource. - Action string `json:"action,omitempty"` - - // Context is the request's environmental context. - Context map[string]interface{} `json:"context,omitempty"` - - // Resource is the resource that access is requested to. - Resource string `json:"resource,omitempty"` - - // Scope is an array of scopes that are required. - Scope []string `json:"scope,omitempty"` - - // Token is the token to introspect. - Token string `json:"token,omitempty"` -} diff --git a/sdk/go/keto/swagger/warden_o_auth2_access_token_authorization_response.go b/sdk/go/keto/swagger/warden_o_auth2_access_token_authorization_response.go deleted file mode 100644 index 0598e4fee..000000000 --- a/sdk/go/keto/swagger/warden_o_auth2_access_token_authorization_response.go +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -import ( - "time" -) - -type WardenOAuth2AccessTokenAuthorizationResponse struct { - - // Allowed is true if the request is allowed and false otherwise. - Allowed bool `json:"allowed,omitempty"` - - Aud []string `json:"aud,omitempty"` - - // ClientID is the id of the OAuth2 client that requested the token. - ClientId string `json:"client_id,omitempty"` - - // ExpiresAt is the expiry timestamp. - Exp time.Time `json:"exp,omitempty"` - - // IssuedAt is the token creation time stamp. - Iat time.Time `json:"iat,omitempty"` - - // Issuer is the id of the issuer, typically an hydra instance. - Iss string `json:"iss,omitempty"` - - Nbf time.Time `json:"nbf,omitempty"` - - // GrantedScopes is a list of scopes that the subject authorized when asked for consent. - Scope string `json:"scope,omitempty"` - - // Session represents arbitrary session data. - Session map[string]interface{} `json:"session,omitempty"` - - // Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. - Sub string `json:"sub,omitempty"` - - Username string `json:"username,omitempty"` -} diff --git a/sdk/go/keto/swagger/warden_o_auth2_client_authorization_request.go b/sdk/go/keto/swagger/warden_o_auth2_client_authorization_request.go deleted file mode 100644 index 7d2201b9a..000000000 --- a/sdk/go/keto/swagger/warden_o_auth2_client_authorization_request.go +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -type WardenOAuth2ClientAuthorizationRequest struct { - - // Action is the action that is requested on the resource. - Action string `json:"action,omitempty"` - - // Token is the token to introspect. - ClientId string `json:"client_id,omitempty"` - - ClientSecret string `json:"client_secret,omitempty"` - - // Context is the request's environmental context. - Context map[string]interface{} `json:"context,omitempty"` - - // Resource is the resource that access is requested to. - Resource string `json:"resource,omitempty"` - - // Scope is an array of scopes that are required. - Scope []string `json:"scope,omitempty"` -} diff --git a/sdk/go/keto/swagger/warden_o_auth2_client_authorization_response.go b/sdk/go/keto/swagger/warden_o_auth2_client_authorization_response.go deleted file mode 100644 index 531e57ca0..000000000 --- a/sdk/go/keto/swagger/warden_o_auth2_client_authorization_response.go +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -type WardenOAuth2ClientAuthorizationResponse struct { - - // Allowed is true if the request is allowed and false otherwise. - Allowed bool `json:"allowed,omitempty"` - - // Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. - Sub string `json:"sub,omitempty"` -} diff --git a/sdk/go/keto/swagger/warden_subject_authorization_response.go b/sdk/go/keto/swagger/warden_subject_authorization_response.go deleted file mode 100644 index 1a13ac1f7..000000000 --- a/sdk/go/keto/swagger/warden_subject_authorization_response.go +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -type WardenSubjectAuthorizationResponse struct { - - // Allowed is true if the request is allowed and false otherwise. - Allowed bool `json:"allowed,omitempty"` - - // Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. - Sub string `json:"sub,omitempty"` -} diff --git a/sdk/go/keto/swagger/writer.go b/sdk/go/keto/swagger/writer.go deleted file mode 100644 index 53a7e4b33..000000000 --- a/sdk/go/keto/swagger/writer.go +++ /dev/null @@ -1,13 +0,0 @@ -/* - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * Generated by: https://github.com/swagger-api/swagger-codegen.git - */ - -package swagger - -// Writer is a helper to write arbitrary data to a ResponseWriter -type Writer struct { -} diff --git a/sdk/js/swagger/README.md b/sdk/js/swagger/README.md index e78334e66..acfdeb743 100644 --- a/sdk/js/swagger/README.md +++ b/sdk/js/swagger/README.md @@ -96,7 +96,15 @@ Please follow the [installation](#installation) instruction and execute the foll ```javascript var SwaggerJsClient = require('swagger-js-client'); -var api = new SwaggerJsClient.HealthApi() +var api = new SwaggerJsClient.EnginesApi() + +var flavor = "flavor_example"; // {String} The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + +var id = "id_example"; // {String} The ID of the ORY Access Control Policy Role. + +var opts = { + 'body': new SwaggerJsClient.AddOryAccessControlPolicyRoleMembersBody() // {AddOryAccessControlPolicyRoleMembersBody} +}; var callback = function(error, data, response) { if (error) { @@ -105,7 +113,7 @@ var callback = function(error, data, response) { console.log('API called successfully. Returned data: ' + data); } }; -api.isInstanceAlive(callback); +api.addOryAccessControlPolicyRoleMembers(flavor, id, opts, callback); ``` @@ -115,65 +123,49 @@ All URIs are relative to *http://localhost* Class | Method | HTTP request | Description ------------ | ------------- | ------------- | ------------- -*SwaggerJsClient.HealthApi* | [**isInstanceAlive**](docs/HealthApi.md#isInstanceAlive) | **GET** /health/alive | Check the Alive Status -*SwaggerJsClient.HealthApi* | [**isInstanceReady**](docs/HealthApi.md#isInstanceReady) | **GET** /health/ready | Check the Readiness Status -*SwaggerJsClient.PolicyApi* | [**createPolicy**](docs/PolicyApi.md#createPolicy) | **POST** /policies | -*SwaggerJsClient.PolicyApi* | [**deletePolicy**](docs/PolicyApi.md#deletePolicy) | **DELETE** /policies/{id} | -*SwaggerJsClient.PolicyApi* | [**getPolicy**](docs/PolicyApi.md#getPolicy) | **GET** /policies/{id} | -*SwaggerJsClient.PolicyApi* | [**listPolicies**](docs/PolicyApi.md#listPolicies) | **GET** /policies | -*SwaggerJsClient.PolicyApi* | [**updatePolicy**](docs/PolicyApi.md#updatePolicy) | **PUT** /policies/{id} | -*SwaggerJsClient.RoleApi* | [**addMembersToRole**](docs/RoleApi.md#addMembersToRole) | **POST** /roles/{id}/members | Add members to a role -*SwaggerJsClient.RoleApi* | [**createRole**](docs/RoleApi.md#createRole) | **POST** /roles | Create a role -*SwaggerJsClient.RoleApi* | [**deleteRole**](docs/RoleApi.md#deleteRole) | **DELETE** /roles/{id} | Get a role by its ID -*SwaggerJsClient.RoleApi* | [**getRole**](docs/RoleApi.md#getRole) | **GET** /roles/{id} | Get a role by its ID -*SwaggerJsClient.RoleApi* | [**listRoles**](docs/RoleApi.md#listRoles) | **GET** /roles | List all roles -*SwaggerJsClient.RoleApi* | [**removeMembersFromRole**](docs/RoleApi.md#removeMembersFromRole) | **DELETE** /roles/{id}/members | Remove members from a role -*SwaggerJsClient.RoleApi* | [**setRole**](docs/RoleApi.md#setRole) | **PUT** /roles/{id} | A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. -*SwaggerJsClient.VersionApi* | [**getVersion**](docs/VersionApi.md#getVersion) | **GET** /version | Get the version of Keto -*SwaggerJsClient.WardenApi* | [**isOAuth2AccessTokenAuthorized**](docs/WardenApi.md#isOAuth2AccessTokenAuthorized) | **POST** /warden/oauth2/access-tokens/authorize | Check if an OAuth 2.0 access token is authorized to access a resource -*SwaggerJsClient.WardenApi* | [**isOAuth2ClientAuthorized**](docs/WardenApi.md#isOAuth2ClientAuthorized) | **POST** /warden/oauth2/clients/authorize | Check if an OAuth 2.0 Client is authorized to access a resource -*SwaggerJsClient.WardenApi* | [**isSubjectAuthorized**](docs/WardenApi.md#isSubjectAuthorized) | **POST** /warden/subjects/authorize | Check if a subject is authorized to access a resource +*SwaggerJsClient.EnginesApi* | [**addOryAccessControlPolicyRoleMembers**](docs/EnginesApi.md#addOryAccessControlPolicyRoleMembers) | **PUT** /engines/acp/ory/{flavor}/roles/{id}/members | Add a member to an ORY Access Control Policy Role +*SwaggerJsClient.EnginesApi* | [**deleteOryAccessControlPolicy**](docs/EnginesApi.md#deleteOryAccessControlPolicy) | **DELETE** /engines/acp/ory/{flavor}/policies/{id} | +*SwaggerJsClient.EnginesApi* | [**deleteOryAccessControlPolicyRole**](docs/EnginesApi.md#deleteOryAccessControlPolicyRole) | **DELETE** /engines/acp/ory/{flavor}/roles/{id} | Delete an ORY Access Control Policy Role +*SwaggerJsClient.EnginesApi* | [**doOryAccessControlPoliciesAllow**](docs/EnginesApi.md#doOryAccessControlPoliciesAllow) | **POST** /engines/acp/ory/{flavor}/allowed | Check if a request is allowed +*SwaggerJsClient.EnginesApi* | [**getOryAccessControlPolicy**](docs/EnginesApi.md#getOryAccessControlPolicy) | **GET** /engines/acp/ory/{flavor}/policies/{id} | +*SwaggerJsClient.EnginesApi* | [**getOryAccessControlPolicyRole**](docs/EnginesApi.md#getOryAccessControlPolicyRole) | **GET** /engines/acp/ory/{flavor}/roles/{id} | Get an ORY Access Control Policy Role +*SwaggerJsClient.EnginesApi* | [**listOryAccessControlPolicies**](docs/EnginesApi.md#listOryAccessControlPolicies) | **GET** /engines/acp/ory/{flavor}/policies | +*SwaggerJsClient.EnginesApi* | [**listOryAccessControlPolicyRoles**](docs/EnginesApi.md#listOryAccessControlPolicyRoles) | **GET** /engines/acp/ory/{flavor}/roles | List ORY Access Control Policy Roles +*SwaggerJsClient.EnginesApi* | [**removeOryAccessControlPolicyRoleMembers**](docs/EnginesApi.md#removeOryAccessControlPolicyRoleMembers) | **DELETE** /engines/acp/ory/{flavor}/roles/{id}/members | Remove a member from an ORY Access Control Policy Role +*SwaggerJsClient.EnginesApi* | [**upsertOryAccessControlPolicy**](docs/EnginesApi.md#upsertOryAccessControlPolicy) | **PUT** /engines/acp/ory/{flavor}/policies | +*SwaggerJsClient.EnginesApi* | [**upsertOryAccessControlPolicyRole**](docs/EnginesApi.md#upsertOryAccessControlPolicyRole) | **PUT** /engines/acp/ory/{flavor}/roles | Upsert an ORY Access Control Policy Role +*SwaggerJsClient.HealthApi* | [**isInstanceAlive**](docs/HealthApi.md#isInstanceAlive) | **GET** /health/alive | Check alive status +*SwaggerJsClient.HealthApi* | [**isInstanceReady**](docs/HealthApi.md#isInstanceReady) | **GET** /health/ready | Check readiness status +*SwaggerJsClient.VersionApi* | [**getVersion**](docs/VersionApi.md#getVersion) | **GET** /version | Get service version ## Documentation for Models - - [SwaggerJsClient.AuthenticationDefaultSession](docs/AuthenticationDefaultSession.md) - - [SwaggerJsClient.AuthenticationOAuth2ClientCredentialsRequest](docs/AuthenticationOAuth2ClientCredentialsRequest.md) - - [SwaggerJsClient.AuthenticationOAuth2ClientCredentialsSession](docs/AuthenticationOAuth2ClientCredentialsSession.md) - - [SwaggerJsClient.AuthenticationOAuth2IntrospectionRequest](docs/AuthenticationOAuth2IntrospectionRequest.md) - - [SwaggerJsClient.AuthenticationOAuth2Session](docs/AuthenticationOAuth2Session.md) - - [SwaggerJsClient.Authenticator](docs/Authenticator.md) - - [SwaggerJsClient.Firewall](docs/Firewall.md) - - [SwaggerJsClient.Handler](docs/Handler.md) + - [SwaggerJsClient.AddOryAccessControlPolicyRoleMembers](docs/AddOryAccessControlPolicyRoleMembers.md) + - [SwaggerJsClient.AddOryAccessControlPolicyRoleMembersBody](docs/AddOryAccessControlPolicyRoleMembersBody.md) + - [SwaggerJsClient.AuthorizationResult](docs/AuthorizationResult.md) + - [SwaggerJsClient.Context](docs/Context.md) + - [SwaggerJsClient.DeleteOryAccessControlPolicy](docs/DeleteOryAccessControlPolicy.md) + - [SwaggerJsClient.DeleteOryAccessControlPolicyRole](docs/DeleteOryAccessControlPolicyRole.md) + - [SwaggerJsClient.DoOryAccessControlPoliciesAllow](docs/DoOryAccessControlPoliciesAllow.md) + - [SwaggerJsClient.GetOryAccessControlPolicy](docs/GetOryAccessControlPolicy.md) + - [SwaggerJsClient.GetOryAccessControlPolicyRole](docs/GetOryAccessControlPolicyRole.md) - [SwaggerJsClient.HealthNotReadyStatus](docs/HealthNotReadyStatus.md) - [SwaggerJsClient.HealthStatus](docs/HealthStatus.md) - [SwaggerJsClient.InlineResponse500](docs/InlineResponse500.md) - - [SwaggerJsClient.IntrospectionResponse](docs/IntrospectionResponse.md) - - [SwaggerJsClient.Manager](docs/Manager.md) - - [SwaggerJsClient.OAuth2ClientCredentialsAuthentication](docs/OAuth2ClientCredentialsAuthentication.md) - - [SwaggerJsClient.OAuth2IntrospectionAuthentication](docs/OAuth2IntrospectionAuthentication.md) - - [SwaggerJsClient.Policy](docs/Policy.md) - - [SwaggerJsClient.PolicyConditions](docs/PolicyConditions.md) - - [SwaggerJsClient.Role](docs/Role.md) - - [SwaggerJsClient.RoleMembers](docs/RoleMembers.md) - - [SwaggerJsClient.Session](docs/Session.md) - - [SwaggerJsClient.SwaggerCreatePolicyParameters](docs/SwaggerCreatePolicyParameters.md) - - [SwaggerJsClient.SwaggerDoesWardenAllowAccessRequestParameters](docs/SwaggerDoesWardenAllowAccessRequestParameters.md) - - [SwaggerJsClient.SwaggerDoesWardenAllowClientRequestParameters](docs/SwaggerDoesWardenAllowClientRequestParameters.md) - - [SwaggerJsClient.SwaggerDoesWardenAllowTokenAccessRequestParameters](docs/SwaggerDoesWardenAllowTokenAccessRequestParameters.md) - - [SwaggerJsClient.SwaggerGetPolicyParameters](docs/SwaggerGetPolicyParameters.md) - - [SwaggerJsClient.SwaggerListPolicyParameters](docs/SwaggerListPolicyParameters.md) - - [SwaggerJsClient.SwaggerListPolicyResponse](docs/SwaggerListPolicyResponse.md) - - [SwaggerJsClient.SwaggerUpdatePolicyParameters](docs/SwaggerUpdatePolicyParameters.md) - - [SwaggerJsClient.SwaggerWardenBaseRequest](docs/SwaggerWardenBaseRequest.md) + - [SwaggerJsClient.ListOryAccessControlPolicies](docs/ListOryAccessControlPolicies.md) + - [SwaggerJsClient.ListOryAccessControlPolicyRoles](docs/ListOryAccessControlPolicyRoles.md) + - [SwaggerJsClient.OryAccessControlPolicies](docs/OryAccessControlPolicies.md) + - [SwaggerJsClient.OryAccessControlPolicy](docs/OryAccessControlPolicy.md) + - [SwaggerJsClient.OryAccessControlPolicyAllowedInput](docs/OryAccessControlPolicyAllowedInput.md) + - [SwaggerJsClient.OryAccessControlPolicyRole](docs/OryAccessControlPolicyRole.md) + - [SwaggerJsClient.OryAccessControlPolicyRoles](docs/OryAccessControlPolicyRoles.md) + - [SwaggerJsClient.Policies](docs/Policies.md) + - [SwaggerJsClient.RemoveOryAccessControlPolicyRoleMembers](docs/RemoveOryAccessControlPolicyRoleMembers.md) + - [SwaggerJsClient.RemoveOryAccessControlPolicyRoleMembersBody](docs/RemoveOryAccessControlPolicyRoleMembersBody.md) + - [SwaggerJsClient.UpsertOryAccessControlPolicy](docs/UpsertOryAccessControlPolicy.md) + - [SwaggerJsClient.UpsertOryAccessControlPolicyRole](docs/UpsertOryAccessControlPolicyRole.md) - [SwaggerJsClient.Version](docs/Version.md) - - [SwaggerJsClient.WardenOAuth2AccessTokenAuthorizationRequest](docs/WardenOAuth2AccessTokenAuthorizationRequest.md) - - [SwaggerJsClient.WardenOAuth2AccessTokenAuthorizationResponse](docs/WardenOAuth2AccessTokenAuthorizationResponse.md) - - [SwaggerJsClient.WardenOAuth2ClientAuthorizationRequest](docs/WardenOAuth2ClientAuthorizationRequest.md) - - [SwaggerJsClient.WardenOAuth2ClientAuthorizationResponse](docs/WardenOAuth2ClientAuthorizationResponse.md) - - [SwaggerJsClient.WardenSubjectAuthorizationRequest](docs/WardenSubjectAuthorizationRequest.md) - - [SwaggerJsClient.WardenSubjectAuthorizationResponse](docs/WardenSubjectAuthorizationResponse.md) - - [SwaggerJsClient.Writer](docs/Writer.md) ## Documentation for Authorization diff --git a/sdk/js/swagger/docs/AddOryAccessControlPolicyRoleMembers.md b/sdk/js/swagger/docs/AddOryAccessControlPolicyRoleMembers.md new file mode 100644 index 000000000..4f031c4af --- /dev/null +++ b/sdk/js/swagger/docs/AddOryAccessControlPolicyRoleMembers.md @@ -0,0 +1,10 @@ +# SwaggerJsClient.AddOryAccessControlPolicyRoleMembers + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**body** | [**AddOryAccessControlPolicyRoleMembersBody**](AddOryAccessControlPolicyRoleMembersBody.md) | | [optional] +**flavor** | **String** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | +**id** | **String** | The ID of the ORY Access Control Policy Role. in: path | + + diff --git a/sdk/js/swagger/docs/AddOryAccessControlPolicyRoleMembersBody.md b/sdk/js/swagger/docs/AddOryAccessControlPolicyRoleMembersBody.md new file mode 100644 index 000000000..1890d393b --- /dev/null +++ b/sdk/js/swagger/docs/AddOryAccessControlPolicyRoleMembersBody.md @@ -0,0 +1,8 @@ +# SwaggerJsClient.AddOryAccessControlPolicyRoleMembersBody + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**members** | **[String]** | The members to be added. | [optional] + + diff --git a/sdk/js/swagger/docs/AuthenticationDefaultSession.md b/sdk/js/swagger/docs/AuthenticationDefaultSession.md deleted file mode 100644 index e92cb553f..000000000 --- a/sdk/js/swagger/docs/AuthenticationDefaultSession.md +++ /dev/null @@ -1,9 +0,0 @@ -# SwaggerJsClient.AuthenticationDefaultSession - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**allowed** | **Boolean** | Allowed is true if the request is allowed and false otherwise. | [optional] -**sub** | **String** | Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. | [optional] - - diff --git a/sdk/js/swagger/docs/AuthenticationOAuth2ClientCredentialsRequest.md b/sdk/js/swagger/docs/AuthenticationOAuth2ClientCredentialsRequest.md deleted file mode 100644 index 65a8f78f9..000000000 --- a/sdk/js/swagger/docs/AuthenticationOAuth2ClientCredentialsRequest.md +++ /dev/null @@ -1,10 +0,0 @@ -# SwaggerJsClient.AuthenticationOAuth2ClientCredentialsRequest - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**clientId** | **String** | Token is the token to introspect. | [optional] -**clientSecret** | **String** | | [optional] -**scope** | **[String]** | Scope is an array of scopes that are required. | [optional] - - diff --git a/sdk/js/swagger/docs/AuthenticationOAuth2ClientCredentialsSession.md b/sdk/js/swagger/docs/AuthenticationOAuth2ClientCredentialsSession.md deleted file mode 100644 index ad6980309..000000000 --- a/sdk/js/swagger/docs/AuthenticationOAuth2ClientCredentialsSession.md +++ /dev/null @@ -1,9 +0,0 @@ -# SwaggerJsClient.AuthenticationOAuth2ClientCredentialsSession - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**allowed** | **Boolean** | Allowed is true if the request is allowed and false otherwise. | [optional] -**sub** | **String** | Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. | [optional] - - diff --git a/sdk/js/swagger/docs/AuthenticationOAuth2IntrospectionRequest.md b/sdk/js/swagger/docs/AuthenticationOAuth2IntrospectionRequest.md deleted file mode 100644 index dfa691a6a..000000000 --- a/sdk/js/swagger/docs/AuthenticationOAuth2IntrospectionRequest.md +++ /dev/null @@ -1,9 +0,0 @@ -# SwaggerJsClient.AuthenticationOAuth2IntrospectionRequest - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**scope** | **[String]** | Scope is an array of scopes that are required. | [optional] -**token** | **String** | Token is the token to introspect. | [optional] - - diff --git a/sdk/js/swagger/docs/AuthenticationOAuth2Session.md b/sdk/js/swagger/docs/AuthenticationOAuth2Session.md deleted file mode 100644 index dadfef50c..000000000 --- a/sdk/js/swagger/docs/AuthenticationOAuth2Session.md +++ /dev/null @@ -1,18 +0,0 @@ -# SwaggerJsClient.AuthenticationOAuth2Session - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**allowed** | **Boolean** | Allowed is true if the request is allowed and false otherwise. | [optional] -**aud** | **[String]** | | [optional] -**clientId** | **String** | ClientID is the id of the OAuth2 client that requested the token. | [optional] -**exp** | **Date** | ExpiresAt is the expiry timestamp. | [optional] -**iat** | **Date** | IssuedAt is the token creation time stamp. | [optional] -**iss** | **String** | Issuer is the id of the issuer, typically an hydra instance. | [optional] -**nbf** | **Date** | | [optional] -**scope** | **String** | GrantedScopes is a list of scopes that the subject authorized when asked for consent. | [optional] -**session** | **{String: Object}** | Session represents arbitrary session data. | [optional] -**sub** | **String** | Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. | [optional] -**username** | **String** | | [optional] - - diff --git a/sdk/js/swagger/docs/Authenticator.md b/sdk/js/swagger/docs/Authenticator.md deleted file mode 100644 index 8a65169ed..000000000 --- a/sdk/js/swagger/docs/Authenticator.md +++ /dev/null @@ -1,7 +0,0 @@ -# SwaggerJsClient.Authenticator - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- - - diff --git a/sdk/js/swagger/docs/AuthorizationResult.md b/sdk/js/swagger/docs/AuthorizationResult.md new file mode 100644 index 000000000..90f22baf9 --- /dev/null +++ b/sdk/js/swagger/docs/AuthorizationResult.md @@ -0,0 +1,8 @@ +# SwaggerJsClient.AuthorizationResult + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**allowed** | **Boolean** | Allowed is true if the request should be allowed and false otherwise. | [optional] + + diff --git a/sdk/js/swagger/docs/Writer.md b/sdk/js/swagger/docs/Context.md similarity index 81% rename from sdk/js/swagger/docs/Writer.md rename to sdk/js/swagger/docs/Context.md index deda4e557..ebab57cc5 100644 --- a/sdk/js/swagger/docs/Writer.md +++ b/sdk/js/swagger/docs/Context.md @@ -1,4 +1,4 @@ -# SwaggerJsClient.Writer +# SwaggerJsClient.Context ## Properties Name | Type | Description | Notes diff --git a/sdk/js/swagger/docs/DeleteOryAccessControlPolicy.md b/sdk/js/swagger/docs/DeleteOryAccessControlPolicy.md new file mode 100644 index 000000000..961df8601 --- /dev/null +++ b/sdk/js/swagger/docs/DeleteOryAccessControlPolicy.md @@ -0,0 +1,9 @@ +# SwaggerJsClient.DeleteOryAccessControlPolicy + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**flavor** | **String** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | +**id** | **String** | The ID of the ORY Access Control Policy Role. in: path | + + diff --git a/sdk/js/swagger/docs/DeleteOryAccessControlPolicyRole.md b/sdk/js/swagger/docs/DeleteOryAccessControlPolicyRole.md new file mode 100644 index 000000000..7ab2a35d2 --- /dev/null +++ b/sdk/js/swagger/docs/DeleteOryAccessControlPolicyRole.md @@ -0,0 +1,9 @@ +# SwaggerJsClient.DeleteOryAccessControlPolicyRole + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**flavor** | **String** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | +**id** | **String** | The ID of the ORY Access Control Policy Role. in: path | + + diff --git a/sdk/js/swagger/docs/DoOryAccessControlPoliciesAllow.md b/sdk/js/swagger/docs/DoOryAccessControlPoliciesAllow.md new file mode 100644 index 000000000..1b43143ef --- /dev/null +++ b/sdk/js/swagger/docs/DoOryAccessControlPoliciesAllow.md @@ -0,0 +1,9 @@ +# SwaggerJsClient.DoOryAccessControlPoliciesAllow + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**body** | [**OryAccessControlPolicyAllowedInput**](OryAccessControlPolicyAllowedInput.md) | | [optional] +**flavor** | **String** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | + + diff --git a/sdk/js/swagger/docs/EnginesApi.md b/sdk/js/swagger/docs/EnginesApi.md new file mode 100644 index 000000000..e77925186 --- /dev/null +++ b/sdk/js/swagger/docs/EnginesApi.md @@ -0,0 +1,575 @@ +# SwaggerJsClient.EnginesApi + +All URIs are relative to *http://localhost* + +Method | HTTP request | Description +------------- | ------------- | ------------- +[**addOryAccessControlPolicyRoleMembers**](EnginesApi.md#addOryAccessControlPolicyRoleMembers) | **PUT** /engines/acp/ory/{flavor}/roles/{id}/members | Add a member to an ORY Access Control Policy Role +[**deleteOryAccessControlPolicy**](EnginesApi.md#deleteOryAccessControlPolicy) | **DELETE** /engines/acp/ory/{flavor}/policies/{id} | +[**deleteOryAccessControlPolicyRole**](EnginesApi.md#deleteOryAccessControlPolicyRole) | **DELETE** /engines/acp/ory/{flavor}/roles/{id} | Delete an ORY Access Control Policy Role +[**doOryAccessControlPoliciesAllow**](EnginesApi.md#doOryAccessControlPoliciesAllow) | **POST** /engines/acp/ory/{flavor}/allowed | Check if a request is allowed +[**getOryAccessControlPolicy**](EnginesApi.md#getOryAccessControlPolicy) | **GET** /engines/acp/ory/{flavor}/policies/{id} | +[**getOryAccessControlPolicyRole**](EnginesApi.md#getOryAccessControlPolicyRole) | **GET** /engines/acp/ory/{flavor}/roles/{id} | Get an ORY Access Control Policy Role +[**listOryAccessControlPolicies**](EnginesApi.md#listOryAccessControlPolicies) | **GET** /engines/acp/ory/{flavor}/policies | +[**listOryAccessControlPolicyRoles**](EnginesApi.md#listOryAccessControlPolicyRoles) | **GET** /engines/acp/ory/{flavor}/roles | List ORY Access Control Policy Roles +[**removeOryAccessControlPolicyRoleMembers**](EnginesApi.md#removeOryAccessControlPolicyRoleMembers) | **DELETE** /engines/acp/ory/{flavor}/roles/{id}/members | Remove a member from an ORY Access Control Policy Role +[**upsertOryAccessControlPolicy**](EnginesApi.md#upsertOryAccessControlPolicy) | **PUT** /engines/acp/ory/{flavor}/policies | +[**upsertOryAccessControlPolicyRole**](EnginesApi.md#upsertOryAccessControlPolicyRole) | **PUT** /engines/acp/ory/{flavor}/roles | Upsert an ORY Access Control Policy Role + + + +# **addOryAccessControlPolicyRoleMembers** +> OryAccessControlPolicyRole addOryAccessControlPolicyRoleMembers(flavor, id, opts) + +Add a member to an ORY Access Control Policy Role + +Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + +### Example +```javascript +var SwaggerJsClient = require('swagger-js-client'); + +var apiInstance = new SwaggerJsClient.EnginesApi(); + +var flavor = "flavor_example"; // String | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + +var id = "id_example"; // String | The ID of the ORY Access Control Policy Role. + +var opts = { + 'body': new SwaggerJsClient.AddOryAccessControlPolicyRoleMembersBody() // AddOryAccessControlPolicyRoleMembersBody | +}; + +var callback = function(error, data, response) { + if (error) { + console.error(error); + } else { + console.log('API called successfully. Returned data: ' + data); + } +}; +apiInstance.addOryAccessControlPolicyRoleMembers(flavor, id, opts, callback); +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **String**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **id** | **String**| The ID of the ORY Access Control Policy Role. | + **body** | [**AddOryAccessControlPolicyRoleMembersBody**](AddOryAccessControlPolicyRoleMembersBody.md)| | [optional] + +### Return type + +[**OryAccessControlPolicyRole**](OryAccessControlPolicyRole.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + + +# **deleteOryAccessControlPolicy** +> deleteOryAccessControlPolicy(flavor, id) + + + +Delete an ORY Access Control Policy + +### Example +```javascript +var SwaggerJsClient = require('swagger-js-client'); + +var apiInstance = new SwaggerJsClient.EnginesApi(); + +var flavor = "flavor_example"; // String | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + +var id = "id_example"; // String | The ID of the ORY Access Control Policy Role. + + +var callback = function(error, data, response) { + if (error) { + console.error(error); + } else { + console.log('API called successfully.'); + } +}; +apiInstance.deleteOryAccessControlPolicy(flavor, id, callback); +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **String**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **id** | **String**| The ID of the ORY Access Control Policy Role. | + +### Return type + +null (empty response body) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + + +# **deleteOryAccessControlPolicyRole** +> deleteOryAccessControlPolicyRole(flavor, id) + +Delete an ORY Access Control Policy Role + +Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + +### Example +```javascript +var SwaggerJsClient = require('swagger-js-client'); + +var apiInstance = new SwaggerJsClient.EnginesApi(); + +var flavor = "flavor_example"; // String | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + +var id = "id_example"; // String | The ID of the ORY Access Control Policy Role. + + +var callback = function(error, data, response) { + if (error) { + console.error(error); + } else { + console.log('API called successfully.'); + } +}; +apiInstance.deleteOryAccessControlPolicyRole(flavor, id, callback); +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **String**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **id** | **String**| The ID of the ORY Access Control Policy Role. | + +### Return type + +null (empty response body) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + + +# **doOryAccessControlPoliciesAllow** +> AuthorizationResult doOryAccessControlPoliciesAllow(flavor, opts) + +Check if a request is allowed + +Use this endpoint to check if a request is allowed or not. + +### Example +```javascript +var SwaggerJsClient = require('swagger-js-client'); + +var apiInstance = new SwaggerJsClient.EnginesApi(); + +var flavor = "flavor_example"; // String | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + +var opts = { + 'body': new SwaggerJsClient.OryAccessControlPolicyAllowedInput() // OryAccessControlPolicyAllowedInput | +}; + +var callback = function(error, data, response) { + if (error) { + console.error(error); + } else { + console.log('API called successfully. Returned data: ' + data); + } +}; +apiInstance.doOryAccessControlPoliciesAllow(flavor, opts, callback); +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **String**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **body** | [**OryAccessControlPolicyAllowedInput**](OryAccessControlPolicyAllowedInput.md)| | [optional] + +### Return type + +[**AuthorizationResult**](AuthorizationResult.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + + +# **getOryAccessControlPolicy** +> OryAccessControlPolicy getOryAccessControlPolicy(flavor, id) + + + +Get an ORY Access Control Policy + +### Example +```javascript +var SwaggerJsClient = require('swagger-js-client'); + +var apiInstance = new SwaggerJsClient.EnginesApi(); + +var flavor = "flavor_example"; // String | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + +var id = "id_example"; // String | The ID of the ORY Access Control Policy Role. + + +var callback = function(error, data, response) { + if (error) { + console.error(error); + } else { + console.log('API called successfully. Returned data: ' + data); + } +}; +apiInstance.getOryAccessControlPolicy(flavor, id, callback); +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **String**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **id** | **String**| The ID of the ORY Access Control Policy Role. | + +### Return type + +[**OryAccessControlPolicy**](OryAccessControlPolicy.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + + +# **getOryAccessControlPolicyRole** +> OryAccessControlPolicyRole getOryAccessControlPolicyRole(flavor, id) + +Get an ORY Access Control Policy Role + +Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + +### Example +```javascript +var SwaggerJsClient = require('swagger-js-client'); + +var apiInstance = new SwaggerJsClient.EnginesApi(); + +var flavor = "flavor_example"; // String | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + +var id = "id_example"; // String | The ID of the ORY Access Control Policy Role. + + +var callback = function(error, data, response) { + if (error) { + console.error(error); + } else { + console.log('API called successfully. Returned data: ' + data); + } +}; +apiInstance.getOryAccessControlPolicyRole(flavor, id, callback); +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **String**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **id** | **String**| The ID of the ORY Access Control Policy Role. | + +### Return type + +[**OryAccessControlPolicyRole**](OryAccessControlPolicyRole.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + + +# **listOryAccessControlPolicies** +> [OryAccessControlPolicy] listOryAccessControlPolicies(flavor, opts) + + + +List ORY Access Control Policies + +### Example +```javascript +var SwaggerJsClient = require('swagger-js-client'); + +var apiInstance = new SwaggerJsClient.EnginesApi(); + +var flavor = "flavor_example"; // String | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" + +var opts = { + 'limit': 789, // Number | The maximum amount of policies returned. + 'offset': 789 // Number | The offset from where to start looking. +}; + +var callback = function(error, data, response) { + if (error) { + console.error(error); + } else { + console.log('API called successfully. Returned data: ' + data); + } +}; +apiInstance.listOryAccessControlPolicies(flavor, opts, callback); +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **String**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" | + **limit** | **Number**| The maximum amount of policies returned. | [optional] + **offset** | **Number**| The offset from where to start looking. | [optional] + +### Return type + +[**[OryAccessControlPolicy]**](OryAccessControlPolicy.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + + +# **listOryAccessControlPolicyRoles** +> [OryAccessControlPolicyRole] listOryAccessControlPolicyRoles(flavor, opts) + +List ORY Access Control Policy Roles + +Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + +### Example +```javascript +var SwaggerJsClient = require('swagger-js-client'); + +var apiInstance = new SwaggerJsClient.EnginesApi(); + +var flavor = "flavor_example"; // String | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" + +var opts = { + 'limit': 789, // Number | The maximum amount of policies returned. + 'offset': 789 // Number | The offset from where to start looking. +}; + +var callback = function(error, data, response) { + if (error) { + console.error(error); + } else { + console.log('API called successfully. Returned data: ' + data); + } +}; +apiInstance.listOryAccessControlPolicyRoles(flavor, opts, callback); +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **String**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" | + **limit** | **Number**| The maximum amount of policies returned. | [optional] + **offset** | **Number**| The offset from where to start looking. | [optional] + +### Return type + +[**[OryAccessControlPolicyRole]**](OryAccessControlPolicyRole.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + + +# **removeOryAccessControlPolicyRoleMembers** +> removeOryAccessControlPolicyRoleMembers(flavor, id, opts) + +Remove a member from an ORY Access Control Policy Role + +Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + +### Example +```javascript +var SwaggerJsClient = require('swagger-js-client'); + +var apiInstance = new SwaggerJsClient.EnginesApi(); + +var flavor = "flavor_example"; // String | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + +var id = "id_example"; // String | The ID of the ORY Access Control Policy Role. + +var opts = { + 'body': new SwaggerJsClient.RemoveOryAccessControlPolicyRoleMembersBody() // RemoveOryAccessControlPolicyRoleMembersBody | +}; + +var callback = function(error, data, response) { + if (error) { + console.error(error); + } else { + console.log('API called successfully.'); + } +}; +apiInstance.removeOryAccessControlPolicyRoleMembers(flavor, id, opts, callback); +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **String**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **id** | **String**| The ID of the ORY Access Control Policy Role. | + **body** | [**RemoveOryAccessControlPolicyRoleMembersBody**](RemoveOryAccessControlPolicyRoleMembersBody.md)| | [optional] + +### Return type + +null (empty response body) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + + +# **upsertOryAccessControlPolicy** +> OryAccessControlPolicy upsertOryAccessControlPolicy(flavor, opts) + + + +Upsert an ORY Access Control Policy + +### Example +```javascript +var SwaggerJsClient = require('swagger-js-client'); + +var apiInstance = new SwaggerJsClient.EnginesApi(); + +var flavor = "flavor_example"; // String | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + +var opts = { + 'body': new SwaggerJsClient.OryAccessControlPolicy() // OryAccessControlPolicy | +}; + +var callback = function(error, data, response) { + if (error) { + console.error(error); + } else { + console.log('API called successfully. Returned data: ' + data); + } +}; +apiInstance.upsertOryAccessControlPolicy(flavor, opts, callback); +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **String**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **body** | [**OryAccessControlPolicy**](OryAccessControlPolicy.md)| | [optional] + +### Return type + +[**OryAccessControlPolicy**](OryAccessControlPolicy.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + + +# **upsertOryAccessControlPolicyRole** +> OryAccessControlPolicyRole upsertOryAccessControlPolicyRole(flavor, opts) + +Upsert an ORY Access Control Policy Role + +Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + +### Example +```javascript +var SwaggerJsClient = require('swagger-js-client'); + +var apiInstance = new SwaggerJsClient.EnginesApi(); + +var flavor = "flavor_example"; // String | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + +var opts = { + 'body': new SwaggerJsClient.OryAccessControlPolicyRole() // OryAccessControlPolicyRole | +}; + +var callback = function(error, data, response) { + if (error) { + console.error(error); + } else { + console.log('API called successfully. Returned data: ' + data); + } +}; +apiInstance.upsertOryAccessControlPolicyRole(flavor, opts, callback); +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **String**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **body** | [**OryAccessControlPolicyRole**](OryAccessControlPolicyRole.md)| | [optional] + +### Return type + +[**OryAccessControlPolicyRole**](OryAccessControlPolicyRole.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + diff --git a/sdk/js/swagger/docs/GetOryAccessControlPolicy.md b/sdk/js/swagger/docs/GetOryAccessControlPolicy.md new file mode 100644 index 000000000..f8b2b9808 --- /dev/null +++ b/sdk/js/swagger/docs/GetOryAccessControlPolicy.md @@ -0,0 +1,9 @@ +# SwaggerJsClient.GetOryAccessControlPolicy + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**flavor** | **String** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | +**id** | **String** | The ID of the ORY Access Control Policy Role. in: path | + + diff --git a/sdk/js/swagger/docs/GetOryAccessControlPolicyRole.md b/sdk/js/swagger/docs/GetOryAccessControlPolicyRole.md new file mode 100644 index 000000000..9c269607c --- /dev/null +++ b/sdk/js/swagger/docs/GetOryAccessControlPolicyRole.md @@ -0,0 +1,9 @@ +# SwaggerJsClient.GetOryAccessControlPolicyRole + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**flavor** | **String** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | +**id** | **String** | The ID of the ORY Access Control Policy Role. in: path | + + diff --git a/sdk/js/swagger/docs/Handler.md b/sdk/js/swagger/docs/Handler.md deleted file mode 100644 index 6eb3d40be..000000000 --- a/sdk/js/swagger/docs/Handler.md +++ /dev/null @@ -1,9 +0,0 @@ -# SwaggerJsClient.Handler - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**H** | [**Writer**](Writer.md) | | [optional] -**manager** | [**Manager**](Manager.md) | | [optional] - - diff --git a/sdk/js/swagger/docs/HealthApi.md b/sdk/js/swagger/docs/HealthApi.md index 076e8179c..14aa6f5e2 100644 --- a/sdk/js/swagger/docs/HealthApi.md +++ b/sdk/js/swagger/docs/HealthApi.md @@ -4,17 +4,17 @@ All URIs are relative to *http://localhost* Method | HTTP request | Description ------------- | ------------- | ------------- -[**isInstanceAlive**](HealthApi.md#isInstanceAlive) | **GET** /health/alive | Check the Alive Status -[**isInstanceReady**](HealthApi.md#isInstanceReady) | **GET** /health/ready | Check the Readiness Status +[**isInstanceAlive**](HealthApi.md#isInstanceAlive) | **GET** /health/alive | Check alive status +[**isInstanceReady**](HealthApi.md#isInstanceReady) | **GET** /health/ready | Check readiness status # **isInstanceAlive** > HealthStatus isInstanceAlive() -Check the Alive Status +Check alive status -This endpoint returns a 200 status code when the HTTP server is up running. This status does currently not include checks whether the database connection is working. This endpoint does not require the `X-Forwarded-Proto` header when TLS termination is set. Be aware that if you are running multiple nodes of ORY Keto, the health status will never refer to the cluster state, only to a single instance. +This endpoint returns a 200 status code when the HTTP server is up running. This status does currently not include checks whether the database connection is working. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. ### Example ```javascript @@ -52,9 +52,9 @@ No authorization required # **isInstanceReady** > HealthStatus isInstanceReady() -Check the Readiness Status +Check readiness status -This endpoint returns a 200 status code when the HTTP server is up running and the environment dependencies (e.g. the database) are responsive as well. This status does currently not include checks whether the database connection is working. This endpoint does not require the `X-Forwarded-Proto` header when TLS termination is set. Be aware that if you are running multiple nodes of ORY Keto, the health status will never refer to the cluster state, only to a single instance. +This endpoint returns a 200 status code when the HTTP server is up running and the environment dependencies (e.g. the database) are responsive as well. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. ### Example ```javascript diff --git a/sdk/js/swagger/docs/IntrospectionResponse.md b/sdk/js/swagger/docs/IntrospectionResponse.md deleted file mode 100644 index 076cb6c6f..000000000 --- a/sdk/js/swagger/docs/IntrospectionResponse.md +++ /dev/null @@ -1,19 +0,0 @@ -# SwaggerJsClient.IntrospectionResponse - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**active** | **Boolean** | | [optional] -**aud** | **[String]** | | [optional] -**clientId** | **String** | | [optional] -**exp** | **Number** | | [optional] -**ext** | **{String: Object}** | Session represents arbitrary session data. | [optional] -**iat** | **Number** | | [optional] -**iss** | **String** | | [optional] -**nbf** | **Number** | | [optional] -**scope** | **String** | | [optional] -**sub** | **String** | Here, it's sub | [optional] -**tokenType** | **String** | | [optional] -**username** | **String** | | [optional] - - diff --git a/sdk/js/swagger/docs/SwaggerListPolicyParameters.md b/sdk/js/swagger/docs/ListOryAccessControlPolicies.md similarity index 51% rename from sdk/js/swagger/docs/SwaggerListPolicyParameters.md rename to sdk/js/swagger/docs/ListOryAccessControlPolicies.md index d0274f435..ac47c008d 100644 --- a/sdk/js/swagger/docs/SwaggerListPolicyParameters.md +++ b/sdk/js/swagger/docs/ListOryAccessControlPolicies.md @@ -1,9 +1,10 @@ -# SwaggerJsClient.SwaggerListPolicyParameters +# SwaggerJsClient.ListOryAccessControlPolicies ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**limit** | **Number** | The maximum amount of policies returned. in: query | [optional] -**offset** | **Number** | The offset from where to start looking. in: query | [optional] +**flavor** | **String** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" in: path | +**limit** | **Number** | The maximum amount of policies returned. in: query | [optional] +**offset** | **Number** | The offset from where to start looking. in: query | [optional] diff --git a/sdk/js/swagger/docs/ListOryAccessControlPolicyRoles.md b/sdk/js/swagger/docs/ListOryAccessControlPolicyRoles.md new file mode 100644 index 000000000..41c1ee2fe --- /dev/null +++ b/sdk/js/swagger/docs/ListOryAccessControlPolicyRoles.md @@ -0,0 +1,10 @@ +# SwaggerJsClient.ListOryAccessControlPolicyRoles + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**flavor** | **String** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" in: path | +**limit** | **Number** | The maximum amount of policies returned. in: query | [optional] +**offset** | **Number** | The offset from where to start looking. in: query | [optional] + + diff --git a/sdk/js/swagger/docs/OAuth2ClientCredentialsAuthentication.md b/sdk/js/swagger/docs/OAuth2ClientCredentialsAuthentication.md deleted file mode 100644 index 522d73f04..000000000 --- a/sdk/js/swagger/docs/OAuth2ClientCredentialsAuthentication.md +++ /dev/null @@ -1,7 +0,0 @@ -# SwaggerJsClient.OAuth2ClientCredentialsAuthentication - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- - - diff --git a/sdk/js/swagger/docs/OAuth2IntrospectionAuthentication.md b/sdk/js/swagger/docs/OAuth2IntrospectionAuthentication.md deleted file mode 100644 index d5d492bbc..000000000 --- a/sdk/js/swagger/docs/OAuth2IntrospectionAuthentication.md +++ /dev/null @@ -1,7 +0,0 @@ -# SwaggerJsClient.OAuth2IntrospectionAuthentication - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- - - diff --git a/sdk/js/swagger/docs/OryAccessControlPolicies.md b/sdk/js/swagger/docs/OryAccessControlPolicies.md new file mode 100644 index 000000000..079275c49 --- /dev/null +++ b/sdk/js/swagger/docs/OryAccessControlPolicies.md @@ -0,0 +1,8 @@ +# SwaggerJsClient.OryAccessControlPolicies + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**body** | [**[OryAccessControlPolicy]**](OryAccessControlPolicy.md) | in: body | [optional] + + diff --git a/sdk/js/swagger/docs/OryAccessControlPolicy.md b/sdk/js/swagger/docs/OryAccessControlPolicy.md new file mode 100644 index 000000000..7f4db6792 --- /dev/null +++ b/sdk/js/swagger/docs/OryAccessControlPolicy.md @@ -0,0 +1,14 @@ +# SwaggerJsClient.OryAccessControlPolicy + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**actions** | **[String]** | Actions is an array representing all the actions this ORY Access Policy applies to. | [optional] +**conditions** | **[{String: Object}]** | Conditions represents an array of conditions under which this ORY Access Policy is active. | [optional] +**description** | **String** | Description is an optional, human-readable description. | [optional] +**effect** | **String** | Effect is the effect of this ORY Access Policy. It can be \"allow\" or \"deny\". | [optional] +**id** | **String** | ID is the unique identifier of the ORY Access Policy. It is used to query, update, and remove the ORY Access Policy. | [optional] +**resources** | **[String]** | Resources is an array representing all the resources this ORY Access Policy applies to. | [optional] +**subjects** | **[String]** | Subjects is an array representing all the subjects this ORY Access Policy applies to. | [optional] + + diff --git a/sdk/js/swagger/docs/WardenSubjectAuthorizationRequest.md b/sdk/js/swagger/docs/OryAccessControlPolicyAllowedInput.md similarity index 78% rename from sdk/js/swagger/docs/WardenSubjectAuthorizationRequest.md rename to sdk/js/swagger/docs/OryAccessControlPolicyAllowedInput.md index 33e316ed0..3563931c0 100644 --- a/sdk/js/swagger/docs/WardenSubjectAuthorizationRequest.md +++ b/sdk/js/swagger/docs/OryAccessControlPolicyAllowedInput.md @@ -1,4 +1,4 @@ -# SwaggerJsClient.WardenSubjectAuthorizationRequest +# SwaggerJsClient.OryAccessControlPolicyAllowedInput ## Properties Name | Type | Description | Notes @@ -6,6 +6,6 @@ Name | Type | Description | Notes **action** | **String** | Action is the action that is requested on the resource. | [optional] **context** | **{String: Object}** | Context is the request's environmental context. | [optional] **resource** | **String** | Resource is the resource that access is requested to. | [optional] -**subject** | **String** | Subejct is the subject that is requesting access. | [optional] +**subject** | **String** | Subject is the subject that is requesting access. | [optional] diff --git a/sdk/js/swagger/docs/Role.md b/sdk/js/swagger/docs/OryAccessControlPolicyRole.md similarity index 85% rename from sdk/js/swagger/docs/Role.md rename to sdk/js/swagger/docs/OryAccessControlPolicyRole.md index ed2add88c..c95bc49a9 100644 --- a/sdk/js/swagger/docs/Role.md +++ b/sdk/js/swagger/docs/OryAccessControlPolicyRole.md @@ -1,4 +1,4 @@ -# SwaggerJsClient.Role +# SwaggerJsClient.OryAccessControlPolicyRole ## Properties Name | Type | Description | Notes diff --git a/sdk/js/swagger/docs/Firewall.md b/sdk/js/swagger/docs/OryAccessControlPolicyRoles.md similarity index 70% rename from sdk/js/swagger/docs/Firewall.md rename to sdk/js/swagger/docs/OryAccessControlPolicyRoles.md index 3f32c61ac..6f82bc553 100644 --- a/sdk/js/swagger/docs/Firewall.md +++ b/sdk/js/swagger/docs/OryAccessControlPolicyRoles.md @@ -1,4 +1,4 @@ -# SwaggerJsClient.Firewall +# SwaggerJsClient.OryAccessControlPolicyRoles ## Properties Name | Type | Description | Notes diff --git a/sdk/js/swagger/docs/Manager.md b/sdk/js/swagger/docs/Policies.md similarity index 80% rename from sdk/js/swagger/docs/Manager.md rename to sdk/js/swagger/docs/Policies.md index 8a7d574ab..8ae0999d6 100644 --- a/sdk/js/swagger/docs/Manager.md +++ b/sdk/js/swagger/docs/Policies.md @@ -1,4 +1,4 @@ -# SwaggerJsClient.Manager +# SwaggerJsClient.Policies ## Properties Name | Type | Description | Notes diff --git a/sdk/js/swagger/docs/Policy.md b/sdk/js/swagger/docs/Policy.md deleted file mode 100644 index 9253ce82d..000000000 --- a/sdk/js/swagger/docs/Policy.md +++ /dev/null @@ -1,14 +0,0 @@ -# SwaggerJsClient.Policy - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**actions** | **[String]** | Actions impacted by the policy. | [optional] -**conditions** | [**{String: PolicyConditions}**](PolicyConditions.md) | Conditions under which the policy is active. | [optional] -**description** | **String** | Description of the policy. | [optional] -**effect** | **String** | Effect of the policy | [optional] -**id** | **String** | ID of the policy. | [optional] -**resources** | **[String]** | Resources impacted by the policy. | [optional] -**subjects** | **[String]** | Subjects impacted by the policy. | [optional] - - diff --git a/sdk/js/swagger/docs/PolicyApi.md b/sdk/js/swagger/docs/PolicyApi.md deleted file mode 100644 index d83a26d5b..000000000 --- a/sdk/js/swagger/docs/PolicyApi.md +++ /dev/null @@ -1,251 +0,0 @@ -# SwaggerJsClient.PolicyApi - -All URIs are relative to *http://localhost* - -Method | HTTP request | Description -------------- | ------------- | ------------- -[**createPolicy**](PolicyApi.md#createPolicy) | **POST** /policies | -[**deletePolicy**](PolicyApi.md#deletePolicy) | **DELETE** /policies/{id} | -[**getPolicy**](PolicyApi.md#getPolicy) | **GET** /policies/{id} | -[**listPolicies**](PolicyApi.md#listPolicies) | **GET** /policies | -[**updatePolicy**](PolicyApi.md#updatePolicy) | **PUT** /policies/{id} | - - - -# **createPolicy** -> Policy createPolicy(opts) - - - -Create an Access Control Policy - -### Example -```javascript -var SwaggerJsClient = require('swagger-js-client'); - -var apiInstance = new SwaggerJsClient.PolicyApi(); - -var opts = { - 'body': new SwaggerJsClient.Policy() // Policy | -}; - -var callback = function(error, data, response) { - if (error) { - console.error(error); - } else { - console.log('API called successfully. Returned data: ' + data); - } -}; -apiInstance.createPolicy(opts, callback); -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **body** | [**Policy**](Policy.md)| | [optional] - -### Return type - -[**Policy**](Policy.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - - -# **deletePolicy** -> deletePolicy(id) - - - -Delete an Access Control Policy - -### Example -```javascript -var SwaggerJsClient = require('swagger-js-client'); - -var apiInstance = new SwaggerJsClient.PolicyApi(); - -var id = "id_example"; // String | The id of the policy. - - -var callback = function(error, data, response) { - if (error) { - console.error(error); - } else { - console.log('API called successfully.'); - } -}; -apiInstance.deletePolicy(id, callback); -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **id** | **String**| The id of the policy. | - -### Return type - -null (empty response body) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - - -# **getPolicy** -> Policy getPolicy(id) - - - -Get an Access Control Policy - -### Example -```javascript -var SwaggerJsClient = require('swagger-js-client'); - -var apiInstance = new SwaggerJsClient.PolicyApi(); - -var id = "id_example"; // String | The id of the policy. - - -var callback = function(error, data, response) { - if (error) { - console.error(error); - } else { - console.log('API called successfully. Returned data: ' + data); - } -}; -apiInstance.getPolicy(id, callback); -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **id** | **String**| The id of the policy. | - -### Return type - -[**Policy**](Policy.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - - -# **listPolicies** -> [Policy] listPolicies(opts) - - - -List Access Control Policies - -### Example -```javascript -var SwaggerJsClient = require('swagger-js-client'); - -var apiInstance = new SwaggerJsClient.PolicyApi(); - -var opts = { - 'offset': 789, // Number | The offset from where to start looking. - 'limit': 789 // Number | The maximum amount of policies returned. -}; - -var callback = function(error, data, response) { - if (error) { - console.error(error); - } else { - console.log('API called successfully. Returned data: ' + data); - } -}; -apiInstance.listPolicies(opts, callback); -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **offset** | **Number**| The offset from where to start looking. | [optional] - **limit** | **Number**| The maximum amount of policies returned. | [optional] - -### Return type - -[**[Policy]**](Policy.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - - -# **updatePolicy** -> Policy updatePolicy(id, opts) - - - -Update an Access Control Policy - -### Example -```javascript -var SwaggerJsClient = require('swagger-js-client'); - -var apiInstance = new SwaggerJsClient.PolicyApi(); - -var id = "id_example"; // String | The id of the policy. - -var opts = { - 'body': new SwaggerJsClient.Policy() // Policy | -}; - -var callback = function(error, data, response) { - if (error) { - console.error(error); - } else { - console.log('API called successfully. Returned data: ' + data); - } -}; -apiInstance.updatePolicy(id, opts, callback); -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **id** | **String**| The id of the policy. | - **body** | [**Policy**](Policy.md)| | [optional] - -### Return type - -[**Policy**](Policy.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - diff --git a/sdk/js/swagger/docs/PolicyConditions.md b/sdk/js/swagger/docs/PolicyConditions.md deleted file mode 100644 index 780683cda..000000000 --- a/sdk/js/swagger/docs/PolicyConditions.md +++ /dev/null @@ -1,9 +0,0 @@ -# SwaggerJsClient.PolicyConditions - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**options** | **{String: Object}** | | [optional] -**type** | **String** | | [optional] - - diff --git a/sdk/js/swagger/docs/RemoveOryAccessControlPolicyRoleMembers.md b/sdk/js/swagger/docs/RemoveOryAccessControlPolicyRoleMembers.md new file mode 100644 index 000000000..75b2241ad --- /dev/null +++ b/sdk/js/swagger/docs/RemoveOryAccessControlPolicyRoleMembers.md @@ -0,0 +1,10 @@ +# SwaggerJsClient.RemoveOryAccessControlPolicyRoleMembers + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**body** | [**RemoveOryAccessControlPolicyRoleMembersBody**](RemoveOryAccessControlPolicyRoleMembersBody.md) | | [optional] +**flavor** | **String** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | +**id** | **String** | The ID of the ORY Access Control Policy Role. in: path | + + diff --git a/sdk/js/swagger/docs/RemoveOryAccessControlPolicyRoleMembersBody.md b/sdk/js/swagger/docs/RemoveOryAccessControlPolicyRoleMembersBody.md new file mode 100644 index 000000000..0acf2accf --- /dev/null +++ b/sdk/js/swagger/docs/RemoveOryAccessControlPolicyRoleMembersBody.md @@ -0,0 +1,8 @@ +# SwaggerJsClient.RemoveOryAccessControlPolicyRoleMembersBody + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**members** | **[String]** | The members to be removed. | [optional] + + diff --git a/sdk/js/swagger/docs/RoleApi.md b/sdk/js/swagger/docs/RoleApi.md deleted file mode 100644 index 28cfa1a37..000000000 --- a/sdk/js/swagger/docs/RoleApi.md +++ /dev/null @@ -1,345 +0,0 @@ -# SwaggerJsClient.RoleApi - -All URIs are relative to *http://localhost* - -Method | HTTP request | Description -------------- | ------------- | ------------- -[**addMembersToRole**](RoleApi.md#addMembersToRole) | **POST** /roles/{id}/members | Add members to a role -[**createRole**](RoleApi.md#createRole) | **POST** /roles | Create a role -[**deleteRole**](RoleApi.md#deleteRole) | **DELETE** /roles/{id} | Get a role by its ID -[**getRole**](RoleApi.md#getRole) | **GET** /roles/{id} | Get a role by its ID -[**listRoles**](RoleApi.md#listRoles) | **GET** /roles | List all roles -[**removeMembersFromRole**](RoleApi.md#removeMembersFromRole) | **DELETE** /roles/{id}/members | Remove members from a role -[**setRole**](RoleApi.md#setRole) | **PUT** /roles/{id} | A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. - - - -# **addMembersToRole** -> addMembersToRole(id, opts) - -Add members to a role - -A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to add members (users, applications, ...) to a specific role. You have to know the role's ID. - -### Example -```javascript -var SwaggerJsClient = require('swagger-js-client'); - -var apiInstance = new SwaggerJsClient.RoleApi(); - -var id = "id_example"; // String | The id of the role to modify. - -var opts = { - 'body': new SwaggerJsClient.RoleMembers() // RoleMembers | -}; - -var callback = function(error, data, response) { - if (error) { - console.error(error); - } else { - console.log('API called successfully.'); - } -}; -apiInstance.addMembersToRole(id, opts, callback); -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **id** | **String**| The id of the role to modify. | - **body** | [**RoleMembers**](RoleMembers.md)| | [optional] - -### Return type - -null (empty response body) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - - -# **createRole** -> Role createRole(opts) - -Create a role - -A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to create a new role. You may define members as well but you don't have to. - -### Example -```javascript -var SwaggerJsClient = require('swagger-js-client'); - -var apiInstance = new SwaggerJsClient.RoleApi(); - -var opts = { - 'body': new SwaggerJsClient.Role() // Role | -}; - -var callback = function(error, data, response) { - if (error) { - console.error(error); - } else { - console.log('API called successfully. Returned data: ' + data); - } -}; -apiInstance.createRole(opts, callback); -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **body** | [**Role**](Role.md)| | [optional] - -### Return type - -[**Role**](Role.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - - -# **deleteRole** -> deleteRole(id) - -Get a role by its ID - -A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to delete an existing role. You have to know the role's ID. - -### Example -```javascript -var SwaggerJsClient = require('swagger-js-client'); - -var apiInstance = new SwaggerJsClient.RoleApi(); - -var id = "id_example"; // String | The id of the role to look up. - - -var callback = function(error, data, response) { - if (error) { - console.error(error); - } else { - console.log('API called successfully.'); - } -}; -apiInstance.deleteRole(id, callback); -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **id** | **String**| The id of the role to look up. | - -### Return type - -null (empty response body) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - - -# **getRole** -> Role getRole(id) - -Get a role by its ID - -A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to retrieve an existing role. You have to know the role's ID. - -### Example -```javascript -var SwaggerJsClient = require('swagger-js-client'); - -var apiInstance = new SwaggerJsClient.RoleApi(); - -var id = "id_example"; // String | The id of the role to look up. - - -var callback = function(error, data, response) { - if (error) { - console.error(error); - } else { - console.log('API called successfully. Returned data: ' + data); - } -}; -apiInstance.getRole(id, callback); -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **id** | **String**| The id of the role to look up. | - -### Return type - -[**Role**](Role.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - - -# **listRoles** -> [Role] listRoles(opts) - -List all roles - -A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to retrieve all roles that are stored in the system. - -### Example -```javascript -var SwaggerJsClient = require('swagger-js-client'); - -var apiInstance = new SwaggerJsClient.RoleApi(); - -var opts = { - 'member': "member_example", // String | The id of the member to look up. - 'limit': 789, // Number | The maximum amount of policies returned. - 'offset': 789 // Number | The offset from where to start looking. -}; - -var callback = function(error, data, response) { - if (error) { - console.error(error); - } else { - console.log('API called successfully. Returned data: ' + data); - } -}; -apiInstance.listRoles(opts, callback); -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **member** | **String**| The id of the member to look up. | [optional] - **limit** | **Number**| The maximum amount of policies returned. | [optional] - **offset** | **Number**| The offset from where to start looking. | [optional] - -### Return type - -[**[Role]**](Role.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - - -# **removeMembersFromRole** -> removeMembersFromRole(id, opts) - -Remove members from a role - -A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to remove members (users, applications, ...) from a specific role. You have to know the role's ID. - -### Example -```javascript -var SwaggerJsClient = require('swagger-js-client'); - -var apiInstance = new SwaggerJsClient.RoleApi(); - -var id = "id_example"; // String | The id of the role to modify. - -var opts = { - 'body': new SwaggerJsClient.RoleMembers() // RoleMembers | -}; - -var callback = function(error, data, response) { - if (error) { - console.error(error); - } else { - console.log('API called successfully.'); - } -}; -apiInstance.removeMembersFromRole(id, opts, callback); -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **id** | **String**| The id of the role to modify. | - **body** | [**RoleMembers**](RoleMembers.md)| | [optional] - -### Return type - -null (empty response body) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - - -# **setRole** -> setRole() - -A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. - -This endpoint allows you to overwrite a role. You have to know the role's ID. - -### Example -```javascript -var SwaggerJsClient = require('swagger-js-client'); - -var apiInstance = new SwaggerJsClient.RoleApi(); - -var callback = function(error, data, response) { - if (error) { - console.error(error); - } else { - console.log('API called successfully.'); - } -}; -apiInstance.setRole(callback); -``` - -### Parameters -This endpoint does not need any parameter. - -### Return type - -null (empty response body) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - diff --git a/sdk/js/swagger/docs/RoleMembers.md b/sdk/js/swagger/docs/RoleMembers.md deleted file mode 100644 index 61dd66888..000000000 --- a/sdk/js/swagger/docs/RoleMembers.md +++ /dev/null @@ -1,8 +0,0 @@ -# SwaggerJsClient.RoleMembers - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**members** | **[String]** | | [optional] - - diff --git a/sdk/js/swagger/docs/Session.md b/sdk/js/swagger/docs/Session.md deleted file mode 100644 index 8d19b3fb9..000000000 --- a/sdk/js/swagger/docs/Session.md +++ /dev/null @@ -1,8 +0,0 @@ -# SwaggerJsClient.Session - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**getSubject** | **String** | | [optional] - - diff --git a/sdk/js/swagger/docs/SwaggerCreatePolicyParameters.md b/sdk/js/swagger/docs/SwaggerCreatePolicyParameters.md deleted file mode 100644 index f92acefb6..000000000 --- a/sdk/js/swagger/docs/SwaggerCreatePolicyParameters.md +++ /dev/null @@ -1,8 +0,0 @@ -# SwaggerJsClient.SwaggerCreatePolicyParameters - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**body** | [**Policy**](Policy.md) | | [optional] - - diff --git a/sdk/js/swagger/docs/SwaggerDoesWardenAllowAccessRequestParameters.md b/sdk/js/swagger/docs/SwaggerDoesWardenAllowAccessRequestParameters.md deleted file mode 100644 index f97362c13..000000000 --- a/sdk/js/swagger/docs/SwaggerDoesWardenAllowAccessRequestParameters.md +++ /dev/null @@ -1,8 +0,0 @@ -# SwaggerJsClient.SwaggerDoesWardenAllowAccessRequestParameters - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**body** | [**WardenSubjectAuthorizationRequest**](WardenSubjectAuthorizationRequest.md) | | [optional] - - diff --git a/sdk/js/swagger/docs/SwaggerDoesWardenAllowClientRequestParameters.md b/sdk/js/swagger/docs/SwaggerDoesWardenAllowClientRequestParameters.md deleted file mode 100644 index 4089cdda2..000000000 --- a/sdk/js/swagger/docs/SwaggerDoesWardenAllowClientRequestParameters.md +++ /dev/null @@ -1,8 +0,0 @@ -# SwaggerJsClient.SwaggerDoesWardenAllowClientRequestParameters - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**body** | [**WardenOAuth2ClientAuthorizationRequest**](WardenOAuth2ClientAuthorizationRequest.md) | | [optional] - - diff --git a/sdk/js/swagger/docs/SwaggerDoesWardenAllowTokenAccessRequestParameters.md b/sdk/js/swagger/docs/SwaggerDoesWardenAllowTokenAccessRequestParameters.md deleted file mode 100644 index db3172d1b..000000000 --- a/sdk/js/swagger/docs/SwaggerDoesWardenAllowTokenAccessRequestParameters.md +++ /dev/null @@ -1,8 +0,0 @@ -# SwaggerJsClient.SwaggerDoesWardenAllowTokenAccessRequestParameters - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**body** | [**WardenOAuth2AccessTokenAuthorizationRequest**](WardenOAuth2AccessTokenAuthorizationRequest.md) | | [optional] - - diff --git a/sdk/js/swagger/docs/SwaggerGetPolicyParameters.md b/sdk/js/swagger/docs/SwaggerGetPolicyParameters.md deleted file mode 100644 index 70b170938..000000000 --- a/sdk/js/swagger/docs/SwaggerGetPolicyParameters.md +++ /dev/null @@ -1,8 +0,0 @@ -# SwaggerJsClient.SwaggerGetPolicyParameters - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**id** | **String** | The id of the policy. in: path | [optional] - - diff --git a/sdk/js/swagger/docs/SwaggerListPolicyResponse.md b/sdk/js/swagger/docs/SwaggerListPolicyResponse.md deleted file mode 100644 index 09c30856c..000000000 --- a/sdk/js/swagger/docs/SwaggerListPolicyResponse.md +++ /dev/null @@ -1,8 +0,0 @@ -# SwaggerJsClient.SwaggerListPolicyResponse - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**body** | [**[Policy]**](Policy.md) | in: body type: array | [optional] - - diff --git a/sdk/js/swagger/docs/SwaggerUpdatePolicyParameters.md b/sdk/js/swagger/docs/SwaggerUpdatePolicyParameters.md deleted file mode 100644 index 6b6319c96..000000000 --- a/sdk/js/swagger/docs/SwaggerUpdatePolicyParameters.md +++ /dev/null @@ -1,9 +0,0 @@ -# SwaggerJsClient.SwaggerUpdatePolicyParameters - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**body** | [**Policy**](Policy.md) | | [optional] -**id** | **String** | The id of the policy. in: path | [optional] - - diff --git a/sdk/js/swagger/docs/SwaggerWardenBaseRequest.md b/sdk/js/swagger/docs/SwaggerWardenBaseRequest.md deleted file mode 100644 index dbe949d71..000000000 --- a/sdk/js/swagger/docs/SwaggerWardenBaseRequest.md +++ /dev/null @@ -1,10 +0,0 @@ -# SwaggerJsClient.SwaggerWardenBaseRequest - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**action** | **String** | Action is the action that is requested on the resource. | [optional] -**context** | **{String: Object}** | Context is the request's environmental context. | [optional] -**resource** | **String** | Resource is the resource that access is requested to. | [optional] - - diff --git a/sdk/js/swagger/docs/UpsertOryAccessControlPolicy.md b/sdk/js/swagger/docs/UpsertOryAccessControlPolicy.md new file mode 100644 index 000000000..7d5d31f63 --- /dev/null +++ b/sdk/js/swagger/docs/UpsertOryAccessControlPolicy.md @@ -0,0 +1,9 @@ +# SwaggerJsClient.UpsertOryAccessControlPolicy + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**body** | [**OryAccessControlPolicy**](OryAccessControlPolicy.md) | | [optional] +**flavor** | **String** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | + + diff --git a/sdk/js/swagger/docs/UpsertOryAccessControlPolicyRole.md b/sdk/js/swagger/docs/UpsertOryAccessControlPolicyRole.md new file mode 100644 index 000000000..e78685b82 --- /dev/null +++ b/sdk/js/swagger/docs/UpsertOryAccessControlPolicyRole.md @@ -0,0 +1,9 @@ +# SwaggerJsClient.UpsertOryAccessControlPolicyRole + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**body** | [**OryAccessControlPolicyRole**](OryAccessControlPolicyRole.md) | | [optional] +**flavor** | **String** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | + + diff --git a/sdk/js/swagger/docs/Version.md b/sdk/js/swagger/docs/Version.md index e1c6b4ed1..0fa650ab4 100644 --- a/sdk/js/swagger/docs/Version.md +++ b/sdk/js/swagger/docs/Version.md @@ -3,6 +3,6 @@ ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**version** | **String** | | [optional] +**version** | **String** | Version is the service's version. | [optional] diff --git a/sdk/js/swagger/docs/VersionApi.md b/sdk/js/swagger/docs/VersionApi.md index 6bbe9901a..82b74580f 100644 --- a/sdk/js/swagger/docs/VersionApi.md +++ b/sdk/js/swagger/docs/VersionApi.md @@ -4,16 +4,16 @@ All URIs are relative to *http://localhost* Method | HTTP request | Description ------------- | ------------- | ------------- -[**getVersion**](VersionApi.md#getVersion) | **GET** /version | Get the version of Keto +[**getVersion**](VersionApi.md#getVersion) | **GET** /version | Get service version # **getVersion** > Version getVersion() -Get the version of Keto +Get service version -This endpoint returns the version as `{ \"version\": \"VERSION\" }`. The version is only correct with the prebuilt binary and not custom builds. +This endpoint returns the service version typically notated using semantic versioning. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. ### Example ```javascript diff --git a/sdk/js/swagger/docs/WardenApi.md b/sdk/js/swagger/docs/WardenApi.md deleted file mode 100644 index 534965787..000000000 --- a/sdk/js/swagger/docs/WardenApi.md +++ /dev/null @@ -1,152 +0,0 @@ -# SwaggerJsClient.WardenApi - -All URIs are relative to *http://localhost* - -Method | HTTP request | Description -------------- | ------------- | ------------- -[**isOAuth2AccessTokenAuthorized**](WardenApi.md#isOAuth2AccessTokenAuthorized) | **POST** /warden/oauth2/access-tokens/authorize | Check if an OAuth 2.0 access token is authorized to access a resource -[**isOAuth2ClientAuthorized**](WardenApi.md#isOAuth2ClientAuthorized) | **POST** /warden/oauth2/clients/authorize | Check if an OAuth 2.0 Client is authorized to access a resource -[**isSubjectAuthorized**](WardenApi.md#isSubjectAuthorized) | **POST** /warden/subjects/authorize | Check if a subject is authorized to access a resource - - - -# **isOAuth2AccessTokenAuthorized** -> WardenOAuth2AccessTokenAuthorizationResponse isOAuth2AccessTokenAuthorized(opts) - -Check if an OAuth 2.0 access token is authorized to access a resource - -Checks if a token is valid and if the token subject is allowed to perform an action on a resource. This endpoint requires a token, a scope, a resource name, an action name and a context. If a token is expired/invalid, has not been granted the requested scope or the subject is not allowed to perform the action on the resource, this endpoint returns a 200 response with `{ \"allowed\": false }`. This endpoint passes all data from the upstream OAuth 2.0 token introspection endpoint. If you use ORY Hydra as an upstream OAuth 2.0 provider, data set through the `accessTokenExtra` field in the consent flow will be included in this response as well. - -### Example -```javascript -var SwaggerJsClient = require('swagger-js-client'); - -var apiInstance = new SwaggerJsClient.WardenApi(); - -var opts = { - 'body': new SwaggerJsClient.WardenOAuth2AccessTokenAuthorizationRequest() // WardenOAuth2AccessTokenAuthorizationRequest | -}; - -var callback = function(error, data, response) { - if (error) { - console.error(error); - } else { - console.log('API called successfully. Returned data: ' + data); - } -}; -apiInstance.isOAuth2AccessTokenAuthorized(opts, callback); -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **body** | [**WardenOAuth2AccessTokenAuthorizationRequest**](WardenOAuth2AccessTokenAuthorizationRequest.md)| | [optional] - -### Return type - -[**WardenOAuth2AccessTokenAuthorizationResponse**](WardenOAuth2AccessTokenAuthorizationResponse.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - - -# **isOAuth2ClientAuthorized** -> WardenOAuth2ClientAuthorizationResponse isOAuth2ClientAuthorized(opts) - -Check if an OAuth 2.0 Client is authorized to access a resource - -Checks if an OAuth 2.0 Client provided the correct access credentials and and if the client is allowed to perform an action on a resource. This endpoint requires a client id, a client secret, a scope, a resource name, an action name and a context. - -### Example -```javascript -var SwaggerJsClient = require('swagger-js-client'); - -var apiInstance = new SwaggerJsClient.WardenApi(); - -var opts = { - 'body': new SwaggerJsClient.WardenOAuth2ClientAuthorizationRequest() // WardenOAuth2ClientAuthorizationRequest | -}; - -var callback = function(error, data, response) { - if (error) { - console.error(error); - } else { - console.log('API called successfully. Returned data: ' + data); - } -}; -apiInstance.isOAuth2ClientAuthorized(opts, callback); -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **body** | [**WardenOAuth2ClientAuthorizationRequest**](WardenOAuth2ClientAuthorizationRequest.md)| | [optional] - -### Return type - -[**WardenOAuth2ClientAuthorizationResponse**](WardenOAuth2ClientAuthorizationResponse.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - - -# **isSubjectAuthorized** -> WardenSubjectAuthorizationResponse isSubjectAuthorized(opts) - -Check if a subject is authorized to access a resource - -Checks if a subject (e.g. user ID, API key, ...) is allowed to perform a certain action on a resource. - -### Example -```javascript -var SwaggerJsClient = require('swagger-js-client'); - -var apiInstance = new SwaggerJsClient.WardenApi(); - -var opts = { - 'body': new SwaggerJsClient.WardenSubjectAuthorizationRequest() // WardenSubjectAuthorizationRequest | -}; - -var callback = function(error, data, response) { - if (error) { - console.error(error); - } else { - console.log('API called successfully. Returned data: ' + data); - } -}; -apiInstance.isSubjectAuthorized(opts, callback); -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **body** | [**WardenSubjectAuthorizationRequest**](WardenSubjectAuthorizationRequest.md)| | [optional] - -### Return type - -[**WardenSubjectAuthorizationResponse**](WardenSubjectAuthorizationResponse.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - diff --git a/sdk/js/swagger/docs/WardenOAuth2AccessTokenAuthorizationRequest.md b/sdk/js/swagger/docs/WardenOAuth2AccessTokenAuthorizationRequest.md deleted file mode 100644 index b9d1ed839..000000000 --- a/sdk/js/swagger/docs/WardenOAuth2AccessTokenAuthorizationRequest.md +++ /dev/null @@ -1,12 +0,0 @@ -# SwaggerJsClient.WardenOAuth2AccessTokenAuthorizationRequest - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**action** | **String** | Action is the action that is requested on the resource. | [optional] -**context** | **{String: Object}** | Context is the request's environmental context. | [optional] -**resource** | **String** | Resource is the resource that access is requested to. | [optional] -**scope** | **[String]** | Scope is an array of scopes that are required. | [optional] -**token** | **String** | Token is the token to introspect. | [optional] - - diff --git a/sdk/js/swagger/docs/WardenOAuth2AccessTokenAuthorizationResponse.md b/sdk/js/swagger/docs/WardenOAuth2AccessTokenAuthorizationResponse.md deleted file mode 100644 index fd3dfb674..000000000 --- a/sdk/js/swagger/docs/WardenOAuth2AccessTokenAuthorizationResponse.md +++ /dev/null @@ -1,18 +0,0 @@ -# SwaggerJsClient.WardenOAuth2AccessTokenAuthorizationResponse - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**allowed** | **Boolean** | Allowed is true if the request is allowed and false otherwise. | [optional] -**aud** | **[String]** | | [optional] -**clientId** | **String** | ClientID is the id of the OAuth2 client that requested the token. | [optional] -**exp** | **Date** | ExpiresAt is the expiry timestamp. | [optional] -**iat** | **Date** | IssuedAt is the token creation time stamp. | [optional] -**iss** | **String** | Issuer is the id of the issuer, typically an hydra instance. | [optional] -**nbf** | **Date** | | [optional] -**scope** | **String** | GrantedScopes is a list of scopes that the subject authorized when asked for consent. | [optional] -**session** | **{String: Object}** | Session represents arbitrary session data. | [optional] -**sub** | **String** | Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. | [optional] -**username** | **String** | | [optional] - - diff --git a/sdk/js/swagger/docs/WardenOAuth2ClientAuthorizationRequest.md b/sdk/js/swagger/docs/WardenOAuth2ClientAuthorizationRequest.md deleted file mode 100644 index 4b23b4a13..000000000 --- a/sdk/js/swagger/docs/WardenOAuth2ClientAuthorizationRequest.md +++ /dev/null @@ -1,13 +0,0 @@ -# SwaggerJsClient.WardenOAuth2ClientAuthorizationRequest - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**action** | **String** | Action is the action that is requested on the resource. | [optional] -**clientId** | **String** | Token is the token to introspect. | [optional] -**clientSecret** | **String** | | [optional] -**context** | **{String: Object}** | Context is the request's environmental context. | [optional] -**resource** | **String** | Resource is the resource that access is requested to. | [optional] -**scope** | **[String]** | Scope is an array of scopes that are required. | [optional] - - diff --git a/sdk/js/swagger/docs/WardenOAuth2ClientAuthorizationResponse.md b/sdk/js/swagger/docs/WardenOAuth2ClientAuthorizationResponse.md deleted file mode 100644 index c60c028cc..000000000 --- a/sdk/js/swagger/docs/WardenOAuth2ClientAuthorizationResponse.md +++ /dev/null @@ -1,9 +0,0 @@ -# SwaggerJsClient.WardenOAuth2ClientAuthorizationResponse - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**allowed** | **Boolean** | Allowed is true if the request is allowed and false otherwise. | [optional] -**sub** | **String** | Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. | [optional] - - diff --git a/sdk/js/swagger/docs/WardenSubjectAuthorizationResponse.md b/sdk/js/swagger/docs/WardenSubjectAuthorizationResponse.md deleted file mode 100644 index 0a5c2c200..000000000 --- a/sdk/js/swagger/docs/WardenSubjectAuthorizationResponse.md +++ /dev/null @@ -1,9 +0,0 @@ -# SwaggerJsClient.WardenSubjectAuthorizationResponse - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**allowed** | **Boolean** | Allowed is true if the request is allowed and false otherwise. | [optional] -**sub** | **String** | Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. | [optional] - - diff --git a/sdk/js/swagger/src/ApiClient.js b/sdk/js/swagger/src/ApiClient.js index f463d4eb2..39c659f82 100644 --- a/sdk/js/swagger/src/ApiClient.js +++ b/sdk/js/swagger/src/ApiClient.js @@ -1,9 +1,9 @@ /** - * + * * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * * NOTE: This class is auto generated by the swagger code generator program. * https://github.com/swagger-api/swagger-codegen.git @@ -14,22 +14,22 @@ * */ -;(function(root, factory) { +(function(root, factory) { if (typeof define === 'function' && define.amd) { // AMD. Register as an anonymous module. - define(['superagent', 'querystring'], factory) + define(['superagent', 'querystring'], factory); } else if (typeof module === 'object' && module.exports) { // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('superagent'), require('querystring')) + module.exports = factory(require('superagent'), require('querystring')); } else { // Browser globals (root is window) if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} + root.SwaggerJsClient = {}; } - root.SwaggerJsClient.ApiClient = factory(root.superagent, root.querystring) + root.SwaggerJsClient.ApiClient = factory(root.superagent, root.querystring); } -})(this, function(superagent, querystring) { - 'use strict' +}(this, function(superagent, querystring) { + 'use strict'; /** * @module ApiClient @@ -49,26 +49,27 @@ * @type {String} * @default http://localhost */ - this.basePath = 'http://localhost'.replace(/\/+$/, '') + this.basePath = 'http://localhost'.replace(/\/+$/, ''); /** * The authentication methods to be included for all API calls. * @type {Array.} */ - this.authentications = {} + this.authentications = { + }; /** * The default HTTP headers to be included for all API calls. * @type {Array.} * @default {} */ - this.defaultHeaders = {} + this.defaultHeaders = {}; /** * The default HTTP timeout for all API calls. * @type {Number} * @default 60000 */ - this.timeout = 60000 + this.timeout = 60000; /** * If set to false an additional timestamp parameter is added to all API GET calls to @@ -76,23 +77,24 @@ * @type {Boolean} * @default true */ - this.cache = true + this.cache = true; /** * If set to true, the client will save the cookies from each server * response, and return them in the next request. * @default false */ - this.enableCookies = false + this.enableCookies = false; /* * Used to save and return cookies in a node.js (non-browser) setting, * if this.enableCookies is set to true. */ if (typeof window === 'undefined') { - this.agent = new superagent.agent() + this.agent = new superagent.agent(); } - } + + }; /** * Returns a string representation for an actual parameter. @@ -101,13 +103,13 @@ */ exports.prototype.paramToString = function(param) { if (param == undefined || param == null) { - return '' + return ''; } if (param instanceof Date) { - return param.toJSON() + return param.toJSON(); } - return param.toString() - } + return param.toString(); + }; /** * Builds full URL by appending the given path to the base URL and replacing path parameter place-holders with parameter values. @@ -118,21 +120,21 @@ */ exports.prototype.buildUrl = function(path, pathParams) { if (!path.match(/^\//)) { - path = '/' + path + path = '/' + path; } - var url = this.basePath + path - var _this = this + var url = this.basePath + path; + var _this = this; url = url.replace(/\{([\w-]+)\}/g, function(fullMatch, key) { - var value + var value; if (pathParams.hasOwnProperty(key)) { - value = _this.paramToString(pathParams[key]) + value = _this.paramToString(pathParams[key]); } else { - value = fullMatch + value = fullMatch; } - return encodeURIComponent(value) - }) - return url - } + return encodeURIComponent(value); + }); + return url; + }; /** * Checks whether the given content type represents JSON.
@@ -146,10 +148,8 @@ * @returns {Boolean} true if contentType represents JSON, otherwise false. */ exports.prototype.isJsonMime = function(contentType) { - return Boolean( - contentType != null && contentType.match(/^application\/json(;.*)?$/i) - ) - } + return Boolean(contentType != null && contentType.match(/^application\/json(;.*)?$/i)); + }; /** * Chooses a content type from the given array, with JSON preferred; i.e. return JSON if included, otherwise return the first. @@ -159,11 +159,11 @@ exports.prototype.jsonPreferredMime = function(contentTypes) { for (var i = 0; i < contentTypes.length; i++) { if (this.isJsonMime(contentTypes[i])) { - return contentTypes[i] + return contentTypes[i]; } } - return contentTypes[0] - } + return contentTypes[0]; + }; /** * Checks whether the given parameter value represents file-like content. @@ -173,28 +173,28 @@ exports.prototype.isFileParam = function(param) { // fs.ReadStream in Node.js and Electron (but not in runtime like browserify) if (typeof require === 'function') { - var fs + var fs; try { - fs = require('fs') + fs = require('fs'); } catch (err) {} if (fs && fs.ReadStream && param instanceof fs.ReadStream) { - return true + return true; } } // Buffer in Node.js if (typeof Buffer === 'function' && param instanceof Buffer) { - return true + return true; } // Blob in browser if (typeof Blob === 'function' && param instanceof Blob) { - return true + return true; } // File in browser (it seems File object is also instance of Blob, but keep this for safe) if (typeof File === 'function' && param instanceof File) { - return true + return true; } - return false - } + return false; + }; /** * Normalizes parameter values: @@ -207,23 +207,19 @@ * @returns {Object.} normalized parameters. */ exports.prototype.normalizeParams = function(params) { - var newParams = {} + var newParams = {}; for (var key in params) { - if ( - params.hasOwnProperty(key) && - params[key] != undefined && - params[key] != null - ) { - var value = params[key] + if (params.hasOwnProperty(key) && params[key] != undefined && params[key] != null) { + var value = params[key]; if (this.isFileParam(value) || Array.isArray(value)) { - newParams[key] = value + newParams[key] = value; } else { - newParams[key] = this.paramToString(value) + newParams[key] = this.paramToString(value); } } } - return newParams - } + return newParams; + }; /** * Enumeration of collection format separator strategies. @@ -256,7 +252,7 @@ * @const */ MULTI: 'multi' - } + }; /** * Builds a string representation of an array-type actual parameter, according to the given collection format. @@ -265,29 +261,26 @@ * @returns {String|Array} A string representation of the supplied collection, using the specified delimiter. Returns * param as is if collectionFormat is multi. */ - exports.prototype.buildCollectionParam = function buildCollectionParam( - param, - collectionFormat - ) { + exports.prototype.buildCollectionParam = function buildCollectionParam(param, collectionFormat) { if (param == null) { - return null + return null; } switch (collectionFormat) { case 'csv': - return param.map(this.paramToString).join(',') + return param.map(this.paramToString).join(','); case 'ssv': - return param.map(this.paramToString).join(' ') + return param.map(this.paramToString).join(' '); case 'tsv': - return param.map(this.paramToString).join('\t') + return param.map(this.paramToString).join('\t'); case 'pipes': - return param.map(this.paramToString).join('|') + return param.map(this.paramToString).join('|'); case 'multi': // return the array directly as SuperAgent will handle it as expected - return param.map(this.paramToString) + return param.map(this.paramToString); default: - throw new Error('Unknown collection format: ' + collectionFormat) + throw new Error('Unknown collection format: ' + collectionFormat); } - } + }; /** * Applies authentication headers to the request. @@ -295,40 +288,40 @@ * @param {Array.} authNames An array of authentication method names. */ exports.prototype.applyAuthToRequest = function(request, authNames) { - var _this = this + var _this = this; authNames.forEach(function(authName) { - var auth = _this.authentications[authName] + var auth = _this.authentications[authName]; switch (auth.type) { case 'basic': if (auth.username || auth.password) { - request.auth(auth.username || '', auth.password || '') + request.auth(auth.username || '', auth.password || ''); } - break + break; case 'apiKey': if (auth.apiKey) { - var data = {} + var data = {}; if (auth.apiKeyPrefix) { - data[auth.name] = auth.apiKeyPrefix + ' ' + auth.apiKey + data[auth.name] = auth.apiKeyPrefix + ' ' + auth.apiKey; } else { - data[auth.name] = auth.apiKey + data[auth.name] = auth.apiKey; } if (auth['in'] === 'header') { - request.set(data) + request.set(data); } else { - request.query(data) + request.query(data); } } - break + break; case 'oauth2': if (auth.accessToken) { - request.set({ Authorization: 'Bearer ' + auth.accessToken }) + request.set({'Authorization': 'Bearer ' + auth.accessToken}); } - break + break; default: - throw new Error('Unknown authentication type: ' + auth.type) + throw new Error('Unknown authentication type: ' + auth.type); } - }) - } + }); + }; /** * Deserializes an HTTP response body into a value of the specified type. @@ -341,22 +334,17 @@ */ exports.prototype.deserialize = function deserialize(response, returnType) { if (response == null || returnType == null || response.status == 204) { - return null + return null; } // Rely on SuperAgent for parsing response body. // See http://visionmedia.github.io/superagent/#parsing-response-bodies - var data = response.body - if ( - data == null || - (typeof data === 'object' && - typeof data.length === 'undefined' && - !Object.keys(data).length) - ) { + var data = response.body; + if (data == null || (typeof data === 'object' && typeof data.length === 'undefined' && !Object.keys(data).length)) { // SuperAgent does not always produce a body; use the unparsed response as a fallback - data = response.text + data = response.text; } - return exports.convertToType(data, returnType) - } + return exports.convertToType(data, returnType); + }; /** * Callback function to receive the result of the operation. @@ -383,106 +371,98 @@ * @param {module:ApiClient~callApiCallback} callback The callback function. * @returns {Object} The SuperAgent request object. */ - exports.prototype.callApi = function callApi( - path, - httpMethod, - pathParams, - queryParams, - headerParams, - formParams, - bodyParam, - authNames, - contentTypes, - accepts, - returnType, - callback - ) { - var _this = this - var url = this.buildUrl(path, pathParams) - var request = superagent(httpMethod, url) + exports.prototype.callApi = function callApi(path, httpMethod, pathParams, + queryParams, headerParams, formParams, bodyParam, authNames, contentTypes, accepts, + returnType, callback) { + + var _this = this; + var url = this.buildUrl(path, pathParams); + var request = superagent(httpMethod, url); // apply authentications - this.applyAuthToRequest(request, authNames) + this.applyAuthToRequest(request, authNames); // set query parameters if (httpMethod.toUpperCase() === 'GET' && this.cache === false) { - queryParams['_'] = new Date().getTime() + queryParams['_'] = new Date().getTime(); } - request.query(this.normalizeParams(queryParams)) + request.query(this.normalizeParams(queryParams)); // set header parameters - request.set(this.defaultHeaders).set(this.normalizeParams(headerParams)) + request.set(this.defaultHeaders).set(this.normalizeParams(headerParams)); // set request timeout - request.timeout(this.timeout) + request.timeout(this.timeout); - var contentType = this.jsonPreferredMime(contentTypes) + var contentType = this.jsonPreferredMime(contentTypes); if (contentType) { // Issue with superagent and multipart/form-data (https://github.com/visionmedia/superagent/issues/746) - if (contentType != 'multipart/form-data') { - request.type(contentType) + if(contentType != 'multipart/form-data') { + request.type(contentType); } } else if (!request.header['Content-Type']) { - request.type('application/json') + request.type('application/json'); } if (contentType === 'application/x-www-form-urlencoded') { - request.send(querystring.stringify(this.normalizeParams(formParams))) + request.send(querystring.stringify(this.normalizeParams(formParams))); } else if (contentType == 'multipart/form-data') { - var _formParams = this.normalizeParams(formParams) + var _formParams = this.normalizeParams(formParams); for (var key in _formParams) { if (_formParams.hasOwnProperty(key)) { if (this.isFileParam(_formParams[key])) { // file field - request.attach(key, _formParams[key]) + request.attach(key, _formParams[key]); } else { - request.field(key, _formParams[key]) + request.field(key, _formParams[key]); } } } } else if (bodyParam) { - request.send(bodyParam) + request.send(bodyParam); } - var accept = this.jsonPreferredMime(accepts) + var accept = this.jsonPreferredMime(accepts); if (accept) { - request.accept(accept) + request.accept(accept); } if (returnType === 'Blob') { - request.responseType('blob') + request.responseType('blob'); } else if (returnType === 'String') { - request.responseType('string') + request.responseType('string'); } // Attach previously saved cookies, if enabled - if (this.enableCookies) { + if (this.enableCookies){ if (typeof window === 'undefined') { - this.agent.attachCookies(request) - } else { - request.withCredentials() + this.agent.attachCookies(request); + } + else { + request.withCredentials(); } } + request.end(function(error, response) { if (callback) { - var data = null + var data = null; if (!error) { try { - data = _this.deserialize(response, returnType) - if (_this.enableCookies && typeof window === 'undefined') { - _this.agent.saveCookies(response) + data = _this.deserialize(response, returnType); + if (_this.enableCookies && typeof window === 'undefined'){ + _this.agent.saveCookies(response); } } catch (err) { - error = err + error = err; } } - callback(error, data, response) + callback(error, data, response); } - }) + }); - return request - } + return request; + }; /** * Parses an ISO-8601 string representation of a date value. @@ -490,8 +470,8 @@ * @returns {Date} The parsed date object. */ exports.parseDate = function(str) { - return new Date(str.replace(/T/i, ' ')) - } + return new Date(str.replace(/T/i, ' ')); + }; /** * Converts a value to the specified type. @@ -503,59 +483,60 @@ * @returns An instance of the specified type or null or undefined if data is null or undefined. */ exports.convertToType = function(data, type) { - if (data === null || data === undefined) return data + if (data === null || data === undefined) + return data switch (type) { case 'Boolean': - return Boolean(data) + return Boolean(data); case 'Integer': - return parseInt(data, 10) + return parseInt(data, 10); case 'Number': - return parseFloat(data) + return parseFloat(data); case 'String': - return String(data) + return String(data); case 'Date': - return this.parseDate(String(data)) + return this.parseDate(String(data)); case 'Blob': - return data + return data; default: if (type === Object) { // generic object, return directly - return data + return data; } else if (typeof type === 'function') { // for model type like: User - return type.constructFromObject(data) + return type.constructFromObject(data); } else if (Array.isArray(type)) { // for array type like: ['String'] - var itemType = type[0] + var itemType = type[0]; return data.map(function(item) { - return exports.convertToType(item, itemType) - }) + return exports.convertToType(item, itemType); + }); } else if (typeof type === 'object') { // for plain object type like: {'String': 'Integer'} - var keyType, valueType + var keyType, valueType; for (var k in type) { if (type.hasOwnProperty(k)) { - keyType = k - valueType = type[k] - break + keyType = k; + valueType = type[k]; + break; } } - var result = {} + var result = {}; for (var k in data) { if (data.hasOwnProperty(k)) { - var key = exports.convertToType(k, keyType) - var value = exports.convertToType(data[k], valueType) - result[key] = value + var key = exports.convertToType(k, keyType); + var value = exports.convertToType(data[k], valueType); + result[key] = value; } } - return result + return result; } else { // for unknown type, return the data directly - return data + return data; } } - } + }; /** * Constructs a new map or array model from REST data. @@ -566,21 +547,21 @@ if (Array.isArray(data)) { for (var i = 0; i < data.length; i++) { if (data.hasOwnProperty(i)) - obj[i] = exports.convertToType(data[i], itemType) + obj[i] = exports.convertToType(data[i], itemType); } } else { for (var k in data) { if (data.hasOwnProperty(k)) - obj[k] = exports.convertToType(data[k], itemType) + obj[k] = exports.convertToType(data[k], itemType); } } - } + }; /** * The default API client implementation. * @type {module:ApiClient} */ - exports.instance = new exports() + exports.instance = new exports(); - return exports -}) + return exports; +})); diff --git a/sdk/js/swagger/src/api/EnginesApi.js b/sdk/js/swagger/src/api/EnginesApi.js new file mode 100644 index 000000000..050b25dd9 --- /dev/null +++ b/sdk/js/swagger/src/api/EnginesApi.js @@ -0,0 +1,621 @@ +/** + * + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * + * NOTE: This class is auto generated by the swagger code generator program. + * https://github.com/swagger-api/swagger-codegen.git + * + * Swagger Codegen version: 2.2.3 + * + * Do not edit the class manually. + * + */ + +(function(root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module. + define(['ApiClient', 'model/AddOryAccessControlPolicyRoleMembersBody', 'model/AuthorizationResult', 'model/InlineResponse500', 'model/OryAccessControlPolicy', 'model/OryAccessControlPolicyAllowedInput', 'model/OryAccessControlPolicyRole', 'model/RemoveOryAccessControlPolicyRoleMembersBody'], factory); + } else if (typeof module === 'object' && module.exports) { + // CommonJS-like environments that support module.exports, like Node. + module.exports = factory(require('../ApiClient'), require('../model/AddOryAccessControlPolicyRoleMembersBody'), require('../model/AuthorizationResult'), require('../model/InlineResponse500'), require('../model/OryAccessControlPolicy'), require('../model/OryAccessControlPolicyAllowedInput'), require('../model/OryAccessControlPolicyRole'), require('../model/RemoveOryAccessControlPolicyRoleMembersBody')); + } else { + // Browser globals (root is window) + if (!root.SwaggerJsClient) { + root.SwaggerJsClient = {}; + } + root.SwaggerJsClient.EnginesApi = factory(root.SwaggerJsClient.ApiClient, root.SwaggerJsClient.AddOryAccessControlPolicyRoleMembersBody, root.SwaggerJsClient.AuthorizationResult, root.SwaggerJsClient.InlineResponse500, root.SwaggerJsClient.OryAccessControlPolicy, root.SwaggerJsClient.OryAccessControlPolicyAllowedInput, root.SwaggerJsClient.OryAccessControlPolicyRole, root.SwaggerJsClient.RemoveOryAccessControlPolicyRoleMembersBody); + } +}(this, function(ApiClient, AddOryAccessControlPolicyRoleMembersBody, AuthorizationResult, InlineResponse500, OryAccessControlPolicy, OryAccessControlPolicyAllowedInput, OryAccessControlPolicyRole, RemoveOryAccessControlPolicyRoleMembersBody) { + 'use strict'; + + /** + * Engines service. + * @module api/EnginesApi + * @version Latest + */ + + /** + * Constructs a new EnginesApi. + * @alias module:api/EnginesApi + * @class + * @param {module:ApiClient} apiClient Optional API client implementation to use, + * default to {@link module:ApiClient#instance} if unspecified. + */ + var exports = function(apiClient) { + this.apiClient = apiClient || ApiClient.instance; + + + /** + * Callback function to receive the result of the addOryAccessControlPolicyRoleMembers operation. + * @callback module:api/EnginesApi~addOryAccessControlPolicyRoleMembersCallback + * @param {String} error Error message, if any. + * @param {module:model/OryAccessControlPolicyRole} data The data returned by the service call. + * @param {String} response The complete HTTP response. + */ + + /** + * Add a member to an ORY Access Control Policy Role + * Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + * @param {String} flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + * @param {String} id The ID of the ORY Access Control Policy Role. + * @param {Object} opts Optional parameters + * @param {module:model/AddOryAccessControlPolicyRoleMembersBody} opts.body + * @param {module:api/EnginesApi~addOryAccessControlPolicyRoleMembersCallback} callback The callback function, accepting three arguments: error, data, response + * data is of type: {@link module:model/OryAccessControlPolicyRole} + */ + this.addOryAccessControlPolicyRoleMembers = function(flavor, id, opts, callback) { + opts = opts || {}; + var postBody = opts['body']; + + // verify the required parameter 'flavor' is set + if (flavor === undefined || flavor === null) { + throw new Error("Missing the required parameter 'flavor' when calling addOryAccessControlPolicyRoleMembers"); + } + + // verify the required parameter 'id' is set + if (id === undefined || id === null) { + throw new Error("Missing the required parameter 'id' when calling addOryAccessControlPolicyRoleMembers"); + } + + + var pathParams = { + 'flavor': flavor, + 'id': id + }; + var queryParams = { + }; + var headerParams = { + }; + var formParams = { + }; + + var authNames = []; + var contentTypes = ['application/json']; + var accepts = ['application/json']; + var returnType = OryAccessControlPolicyRole; + + return this.apiClient.callApi( + '/engines/acp/ory/{flavor}/roles/{id}/members', 'PUT', + pathParams, queryParams, headerParams, formParams, postBody, + authNames, contentTypes, accepts, returnType, callback + ); + } + + /** + * Callback function to receive the result of the deleteOryAccessControlPolicy operation. + * @callback module:api/EnginesApi~deleteOryAccessControlPolicyCallback + * @param {String} error Error message, if any. + * @param data This operation does not return a value. + * @param {String} response The complete HTTP response. + */ + + /** + * Delete an ORY Access Control Policy + * @param {String} flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + * @param {String} id The ID of the ORY Access Control Policy Role. + * @param {module:api/EnginesApi~deleteOryAccessControlPolicyCallback} callback The callback function, accepting three arguments: error, data, response + */ + this.deleteOryAccessControlPolicy = function(flavor, id, callback) { + var postBody = null; + + // verify the required parameter 'flavor' is set + if (flavor === undefined || flavor === null) { + throw new Error("Missing the required parameter 'flavor' when calling deleteOryAccessControlPolicy"); + } + + // verify the required parameter 'id' is set + if (id === undefined || id === null) { + throw new Error("Missing the required parameter 'id' when calling deleteOryAccessControlPolicy"); + } + + + var pathParams = { + 'flavor': flavor, + 'id': id + }; + var queryParams = { + }; + var headerParams = { + }; + var formParams = { + }; + + var authNames = []; + var contentTypes = ['application/json']; + var accepts = ['application/json']; + var returnType = null; + + return this.apiClient.callApi( + '/engines/acp/ory/{flavor}/policies/{id}', 'DELETE', + pathParams, queryParams, headerParams, formParams, postBody, + authNames, contentTypes, accepts, returnType, callback + ); + } + + /** + * Callback function to receive the result of the deleteOryAccessControlPolicyRole operation. + * @callback module:api/EnginesApi~deleteOryAccessControlPolicyRoleCallback + * @param {String} error Error message, if any. + * @param data This operation does not return a value. + * @param {String} response The complete HTTP response. + */ + + /** + * Delete an ORY Access Control Policy Role + * Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + * @param {String} flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + * @param {String} id The ID of the ORY Access Control Policy Role. + * @param {module:api/EnginesApi~deleteOryAccessControlPolicyRoleCallback} callback The callback function, accepting three arguments: error, data, response + */ + this.deleteOryAccessControlPolicyRole = function(flavor, id, callback) { + var postBody = null; + + // verify the required parameter 'flavor' is set + if (flavor === undefined || flavor === null) { + throw new Error("Missing the required parameter 'flavor' when calling deleteOryAccessControlPolicyRole"); + } + + // verify the required parameter 'id' is set + if (id === undefined || id === null) { + throw new Error("Missing the required parameter 'id' when calling deleteOryAccessControlPolicyRole"); + } + + + var pathParams = { + 'flavor': flavor, + 'id': id + }; + var queryParams = { + }; + var headerParams = { + }; + var formParams = { + }; + + var authNames = []; + var contentTypes = ['application/json']; + var accepts = ['application/json']; + var returnType = null; + + return this.apiClient.callApi( + '/engines/acp/ory/{flavor}/roles/{id}', 'DELETE', + pathParams, queryParams, headerParams, formParams, postBody, + authNames, contentTypes, accepts, returnType, callback + ); + } + + /** + * Callback function to receive the result of the doOryAccessControlPoliciesAllow operation. + * @callback module:api/EnginesApi~doOryAccessControlPoliciesAllowCallback + * @param {String} error Error message, if any. + * @param {module:model/AuthorizationResult} data The data returned by the service call. + * @param {String} response The complete HTTP response. + */ + + /** + * Check if a request is allowed + * Use this endpoint to check if a request is allowed or not. + * @param {String} flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + * @param {Object} opts Optional parameters + * @param {module:model/OryAccessControlPolicyAllowedInput} opts.body + * @param {module:api/EnginesApi~doOryAccessControlPoliciesAllowCallback} callback The callback function, accepting three arguments: error, data, response + * data is of type: {@link module:model/AuthorizationResult} + */ + this.doOryAccessControlPoliciesAllow = function(flavor, opts, callback) { + opts = opts || {}; + var postBody = opts['body']; + + // verify the required parameter 'flavor' is set + if (flavor === undefined || flavor === null) { + throw new Error("Missing the required parameter 'flavor' when calling doOryAccessControlPoliciesAllow"); + } + + + var pathParams = { + 'flavor': flavor + }; + var queryParams = { + }; + var headerParams = { + }; + var formParams = { + }; + + var authNames = []; + var contentTypes = ['application/json']; + var accepts = ['application/json']; + var returnType = AuthorizationResult; + + return this.apiClient.callApi( + '/engines/acp/ory/{flavor}/allowed', 'POST', + pathParams, queryParams, headerParams, formParams, postBody, + authNames, contentTypes, accepts, returnType, callback + ); + } + + /** + * Callback function to receive the result of the getOryAccessControlPolicy operation. + * @callback module:api/EnginesApi~getOryAccessControlPolicyCallback + * @param {String} error Error message, if any. + * @param {module:model/OryAccessControlPolicy} data The data returned by the service call. + * @param {String} response The complete HTTP response. + */ + + /** + * Get an ORY Access Control Policy + * @param {String} flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + * @param {String} id The ID of the ORY Access Control Policy Role. + * @param {module:api/EnginesApi~getOryAccessControlPolicyCallback} callback The callback function, accepting three arguments: error, data, response + * data is of type: {@link module:model/OryAccessControlPolicy} + */ + this.getOryAccessControlPolicy = function(flavor, id, callback) { + var postBody = null; + + // verify the required parameter 'flavor' is set + if (flavor === undefined || flavor === null) { + throw new Error("Missing the required parameter 'flavor' when calling getOryAccessControlPolicy"); + } + + // verify the required parameter 'id' is set + if (id === undefined || id === null) { + throw new Error("Missing the required parameter 'id' when calling getOryAccessControlPolicy"); + } + + + var pathParams = { + 'flavor': flavor, + 'id': id + }; + var queryParams = { + }; + var headerParams = { + }; + var formParams = { + }; + + var authNames = []; + var contentTypes = ['application/json']; + var accepts = ['application/json']; + var returnType = OryAccessControlPolicy; + + return this.apiClient.callApi( + '/engines/acp/ory/{flavor}/policies/{id}', 'GET', + pathParams, queryParams, headerParams, formParams, postBody, + authNames, contentTypes, accepts, returnType, callback + ); + } + + /** + * Callback function to receive the result of the getOryAccessControlPolicyRole operation. + * @callback module:api/EnginesApi~getOryAccessControlPolicyRoleCallback + * @param {String} error Error message, if any. + * @param {module:model/OryAccessControlPolicyRole} data The data returned by the service call. + * @param {String} response The complete HTTP response. + */ + + /** + * Get an ORY Access Control Policy Role + * Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + * @param {String} flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + * @param {String} id The ID of the ORY Access Control Policy Role. + * @param {module:api/EnginesApi~getOryAccessControlPolicyRoleCallback} callback The callback function, accepting three arguments: error, data, response + * data is of type: {@link module:model/OryAccessControlPolicyRole} + */ + this.getOryAccessControlPolicyRole = function(flavor, id, callback) { + var postBody = null; + + // verify the required parameter 'flavor' is set + if (flavor === undefined || flavor === null) { + throw new Error("Missing the required parameter 'flavor' when calling getOryAccessControlPolicyRole"); + } + + // verify the required parameter 'id' is set + if (id === undefined || id === null) { + throw new Error("Missing the required parameter 'id' when calling getOryAccessControlPolicyRole"); + } + + + var pathParams = { + 'flavor': flavor, + 'id': id + }; + var queryParams = { + }; + var headerParams = { + }; + var formParams = { + }; + + var authNames = []; + var contentTypes = ['application/json']; + var accepts = ['application/json']; + var returnType = OryAccessControlPolicyRole; + + return this.apiClient.callApi( + '/engines/acp/ory/{flavor}/roles/{id}', 'GET', + pathParams, queryParams, headerParams, formParams, postBody, + authNames, contentTypes, accepts, returnType, callback + ); + } + + /** + * Callback function to receive the result of the listOryAccessControlPolicies operation. + * @callback module:api/EnginesApi~listOryAccessControlPoliciesCallback + * @param {String} error Error message, if any. + * @param {Array.} data The data returned by the service call. + * @param {String} response The complete HTTP response. + */ + + /** + * List ORY Access Control Policies + * @param {String} flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" + * @param {Object} opts Optional parameters + * @param {Number} opts.limit The maximum amount of policies returned. + * @param {Number} opts.offset The offset from where to start looking. + * @param {module:api/EnginesApi~listOryAccessControlPoliciesCallback} callback The callback function, accepting three arguments: error, data, response + * data is of type: {@link Array.} + */ + this.listOryAccessControlPolicies = function(flavor, opts, callback) { + opts = opts || {}; + var postBody = null; + + // verify the required parameter 'flavor' is set + if (flavor === undefined || flavor === null) { + throw new Error("Missing the required parameter 'flavor' when calling listOryAccessControlPolicies"); + } + + + var pathParams = { + 'flavor': flavor + }; + var queryParams = { + 'limit': opts['limit'], + 'offset': opts['offset'] + }; + var headerParams = { + }; + var formParams = { + }; + + var authNames = []; + var contentTypes = ['application/json']; + var accepts = ['application/json']; + var returnType = [OryAccessControlPolicy]; + + return this.apiClient.callApi( + '/engines/acp/ory/{flavor}/policies', 'GET', + pathParams, queryParams, headerParams, formParams, postBody, + authNames, contentTypes, accepts, returnType, callback + ); + } + + /** + * Callback function to receive the result of the listOryAccessControlPolicyRoles operation. + * @callback module:api/EnginesApi~listOryAccessControlPolicyRolesCallback + * @param {String} error Error message, if any. + * @param {Array.} data The data returned by the service call. + * @param {String} response The complete HTTP response. + */ + + /** + * List ORY Access Control Policy Roles + * Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + * @param {String} flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" + * @param {Object} opts Optional parameters + * @param {Number} opts.limit The maximum amount of policies returned. + * @param {Number} opts.offset The offset from where to start looking. + * @param {module:api/EnginesApi~listOryAccessControlPolicyRolesCallback} callback The callback function, accepting three arguments: error, data, response + * data is of type: {@link Array.} + */ + this.listOryAccessControlPolicyRoles = function(flavor, opts, callback) { + opts = opts || {}; + var postBody = null; + + // verify the required parameter 'flavor' is set + if (flavor === undefined || flavor === null) { + throw new Error("Missing the required parameter 'flavor' when calling listOryAccessControlPolicyRoles"); + } + + + var pathParams = { + 'flavor': flavor + }; + var queryParams = { + 'limit': opts['limit'], + 'offset': opts['offset'] + }; + var headerParams = { + }; + var formParams = { + }; + + var authNames = []; + var contentTypes = ['application/json']; + var accepts = ['application/json']; + var returnType = [OryAccessControlPolicyRole]; + + return this.apiClient.callApi( + '/engines/acp/ory/{flavor}/roles', 'GET', + pathParams, queryParams, headerParams, formParams, postBody, + authNames, contentTypes, accepts, returnType, callback + ); + } + + /** + * Callback function to receive the result of the removeOryAccessControlPolicyRoleMembers operation. + * @callback module:api/EnginesApi~removeOryAccessControlPolicyRoleMembersCallback + * @param {String} error Error message, if any. + * @param data This operation does not return a value. + * @param {String} response The complete HTTP response. + */ + + /** + * Remove a member from an ORY Access Control Policy Role + * Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + * @param {String} flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + * @param {String} id The ID of the ORY Access Control Policy Role. + * @param {Object} opts Optional parameters + * @param {module:model/RemoveOryAccessControlPolicyRoleMembersBody} opts.body + * @param {module:api/EnginesApi~removeOryAccessControlPolicyRoleMembersCallback} callback The callback function, accepting three arguments: error, data, response + */ + this.removeOryAccessControlPolicyRoleMembers = function(flavor, id, opts, callback) { + opts = opts || {}; + var postBody = opts['body']; + + // verify the required parameter 'flavor' is set + if (flavor === undefined || flavor === null) { + throw new Error("Missing the required parameter 'flavor' when calling removeOryAccessControlPolicyRoleMembers"); + } + + // verify the required parameter 'id' is set + if (id === undefined || id === null) { + throw new Error("Missing the required parameter 'id' when calling removeOryAccessControlPolicyRoleMembers"); + } + + + var pathParams = { + 'flavor': flavor, + 'id': id + }; + var queryParams = { + }; + var headerParams = { + }; + var formParams = { + }; + + var authNames = []; + var contentTypes = ['application/json']; + var accepts = ['application/json']; + var returnType = null; + + return this.apiClient.callApi( + '/engines/acp/ory/{flavor}/roles/{id}/members', 'DELETE', + pathParams, queryParams, headerParams, formParams, postBody, + authNames, contentTypes, accepts, returnType, callback + ); + } + + /** + * Callback function to receive the result of the upsertOryAccessControlPolicy operation. + * @callback module:api/EnginesApi~upsertOryAccessControlPolicyCallback + * @param {String} error Error message, if any. + * @param {module:model/OryAccessControlPolicy} data The data returned by the service call. + * @param {String} response The complete HTTP response. + */ + + /** + * Upsert an ORY Access Control Policy + * @param {String} flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + * @param {Object} opts Optional parameters + * @param {module:model/OryAccessControlPolicy} opts.body + * @param {module:api/EnginesApi~upsertOryAccessControlPolicyCallback} callback The callback function, accepting three arguments: error, data, response + * data is of type: {@link module:model/OryAccessControlPolicy} + */ + this.upsertOryAccessControlPolicy = function(flavor, opts, callback) { + opts = opts || {}; + var postBody = opts['body']; + + // verify the required parameter 'flavor' is set + if (flavor === undefined || flavor === null) { + throw new Error("Missing the required parameter 'flavor' when calling upsertOryAccessControlPolicy"); + } + + + var pathParams = { + 'flavor': flavor + }; + var queryParams = { + }; + var headerParams = { + }; + var formParams = { + }; + + var authNames = []; + var contentTypes = ['application/json']; + var accepts = ['application/json']; + var returnType = OryAccessControlPolicy; + + return this.apiClient.callApi( + '/engines/acp/ory/{flavor}/policies', 'PUT', + pathParams, queryParams, headerParams, formParams, postBody, + authNames, contentTypes, accepts, returnType, callback + ); + } + + /** + * Callback function to receive the result of the upsertOryAccessControlPolicyRole operation. + * @callback module:api/EnginesApi~upsertOryAccessControlPolicyRoleCallback + * @param {String} error Error message, if any. + * @param {module:model/OryAccessControlPolicyRole} data The data returned by the service call. + * @param {String} response The complete HTTP response. + */ + + /** + * Upsert an ORY Access Control Policy Role + * Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + * @param {String} flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". + * @param {Object} opts Optional parameters + * @param {module:model/OryAccessControlPolicyRole} opts.body + * @param {module:api/EnginesApi~upsertOryAccessControlPolicyRoleCallback} callback The callback function, accepting three arguments: error, data, response + * data is of type: {@link module:model/OryAccessControlPolicyRole} + */ + this.upsertOryAccessControlPolicyRole = function(flavor, opts, callback) { + opts = opts || {}; + var postBody = opts['body']; + + // verify the required parameter 'flavor' is set + if (flavor === undefined || flavor === null) { + throw new Error("Missing the required parameter 'flavor' when calling upsertOryAccessControlPolicyRole"); + } + + + var pathParams = { + 'flavor': flavor + }; + var queryParams = { + }; + var headerParams = { + }; + var formParams = { + }; + + var authNames = []; + var contentTypes = ['application/json']; + var accepts = ['application/json']; + var returnType = OryAccessControlPolicyRole; + + return this.apiClient.callApi( + '/engines/acp/ory/{flavor}/roles', 'PUT', + pathParams, queryParams, headerParams, formParams, postBody, + authNames, contentTypes, accepts, returnType, callback + ); + } + }; + + return exports; +})); diff --git a/sdk/js/swagger/src/api/HealthApi.js b/sdk/js/swagger/src/api/HealthApi.js index cd06ae24c..ec76981a9 100644 --- a/sdk/js/swagger/src/api/HealthApi.js +++ b/sdk/js/swagger/src/api/HealthApi.js @@ -1,9 +1,9 @@ /** - * + * * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * * NOTE: This class is auto generated by the swagger code generator program. * https://github.com/swagger-api/swagger-codegen.git @@ -14,42 +14,22 @@ * */ -;(function(root, factory) { +(function(root, factory) { if (typeof define === 'function' && define.amd) { // AMD. Register as an anonymous module. - define([ - 'ApiClient', - 'model/HealthNotReadyStatus', - 'model/HealthStatus', - 'model/InlineResponse500' - ], factory) + define(['ApiClient', 'model/HealthNotReadyStatus', 'model/HealthStatus', 'model/InlineResponse500'], factory); } else if (typeof module === 'object' && module.exports) { // CommonJS-like environments that support module.exports, like Node. - module.exports = factory( - require('../ApiClient'), - require('../model/HealthNotReadyStatus'), - require('../model/HealthStatus'), - require('../model/InlineResponse500') - ) + module.exports = factory(require('../ApiClient'), require('../model/HealthNotReadyStatus'), require('../model/HealthStatus'), require('../model/InlineResponse500')); } else { // Browser globals (root is window) if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} + root.SwaggerJsClient = {}; } - root.SwaggerJsClient.HealthApi = factory( - root.SwaggerJsClient.ApiClient, - root.SwaggerJsClient.HealthNotReadyStatus, - root.SwaggerJsClient.HealthStatus, - root.SwaggerJsClient.InlineResponse500 - ) + root.SwaggerJsClient.HealthApi = factory(root.SwaggerJsClient.ApiClient, root.SwaggerJsClient.HealthNotReadyStatus, root.SwaggerJsClient.HealthStatus, root.SwaggerJsClient.InlineResponse500); } -})(this, function( - ApiClient, - HealthNotReadyStatus, - HealthStatus, - InlineResponse500 -) { - 'use strict' +}(this, function(ApiClient, HealthNotReadyStatus, HealthStatus, InlineResponse500) { + 'use strict'; /** * Health service. @@ -58,14 +38,15 @@ */ /** - * Constructs a new HealthApi. + * Constructs a new HealthApi. * @alias module:api/HealthApi * @class * @param {module:ApiClient} apiClient Optional API client implementation to use, * default to {@link module:ApiClient#instance} if unspecified. */ var exports = function(apiClient) { - this.apiClient = apiClient || ApiClient.instance + this.apiClient = apiClient || ApiClient.instance; + /** * Callback function to receive the result of the isInstanceAlive operation. @@ -76,38 +57,34 @@ */ /** - * Check the Alive Status - * This endpoint returns a 200 status code when the HTTP server is up running. This status does currently not include checks whether the database connection is working. This endpoint does not require the `X-Forwarded-Proto` header when TLS termination is set. Be aware that if you are running multiple nodes of ORY Keto, the health status will never refer to the cluster state, only to a single instance. + * Check alive status + * This endpoint returns a 200 status code when the HTTP server is up running. This status does currently not include checks whether the database connection is working. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. * @param {module:api/HealthApi~isInstanceAliveCallback} callback The callback function, accepting three arguments: error, data, response * data is of type: {@link module:model/HealthStatus} */ this.isInstanceAlive = function(callback) { - var postBody = null + var postBody = null; + - var pathParams = {} - var queryParams = {} - var headerParams = {} - var formParams = {} + var pathParams = { + }; + var queryParams = { + }; + var headerParams = { + }; + var formParams = { + }; - var authNames = [] - var contentTypes = ['application/json'] - var accepts = ['application/json'] - var returnType = HealthStatus + var authNames = []; + var contentTypes = ['application/json']; + var accepts = ['application/json']; + var returnType = HealthStatus; return this.apiClient.callApi( - '/health/alive', - 'GET', - pathParams, - queryParams, - headerParams, - formParams, - postBody, - authNames, - contentTypes, - accepts, - returnType, - callback - ) + '/health/alive', 'GET', + pathParams, queryParams, headerParams, formParams, postBody, + authNames, contentTypes, accepts, returnType, callback + ); } /** @@ -119,40 +96,36 @@ */ /** - * Check the Readiness Status - * This endpoint returns a 200 status code when the HTTP server is up running and the environment dependencies (e.g. the database) are responsive as well. This status does currently not include checks whether the database connection is working. This endpoint does not require the `X-Forwarded-Proto` header when TLS termination is set. Be aware that if you are running multiple nodes of ORY Keto, the health status will never refer to the cluster state, only to a single instance. + * Check readiness status + * This endpoint returns a 200 status code when the HTTP server is up running and the environment dependencies (e.g. the database) are responsive as well. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. * @param {module:api/HealthApi~isInstanceReadyCallback} callback The callback function, accepting three arguments: error, data, response * data is of type: {@link module:model/HealthStatus} */ this.isInstanceReady = function(callback) { - var postBody = null + var postBody = null; - var pathParams = {} - var queryParams = {} - var headerParams = {} - var formParams = {} - var authNames = [] - var contentTypes = ['application/json'] - var accepts = ['application/json'] - var returnType = HealthStatus + var pathParams = { + }; + var queryParams = { + }; + var headerParams = { + }; + var formParams = { + }; + + var authNames = []; + var contentTypes = ['application/json']; + var accepts = ['application/json']; + var returnType = HealthStatus; return this.apiClient.callApi( - '/health/ready', - 'GET', - pathParams, - queryParams, - headerParams, - formParams, - postBody, - authNames, - contentTypes, - accepts, - returnType, - callback - ) + '/health/ready', 'GET', + pathParams, queryParams, headerParams, formParams, postBody, + authNames, contentTypes, accepts, returnType, callback + ); } - } + }; - return exports -}) + return exports; +})); diff --git a/sdk/js/swagger/src/api/PolicyApi.js b/sdk/js/swagger/src/api/PolicyApi.js deleted file mode 100644 index ec637ed41..000000000 --- a/sdk/js/swagger/src/api/PolicyApi.js +++ /dev/null @@ -1,312 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient', 'model/InlineResponse500', 'model/Policy'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory( - require('../ApiClient'), - require('../model/InlineResponse500'), - require('../model/Policy') - ) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.PolicyApi = factory( - root.SwaggerJsClient.ApiClient, - root.SwaggerJsClient.InlineResponse500, - root.SwaggerJsClient.Policy - ) - } -})(this, function(ApiClient, InlineResponse500, Policy) { - 'use strict' - - /** - * Policy service. - * @module api/PolicyApi - * @version Latest - */ - - /** - * Constructs a new PolicyApi. - * @alias module:api/PolicyApi - * @class - * @param {module:ApiClient} apiClient Optional API client implementation to use, - * default to {@link module:ApiClient#instance} if unspecified. - */ - var exports = function(apiClient) { - this.apiClient = apiClient || ApiClient.instance - - /** - * Callback function to receive the result of the createPolicy operation. - * @callback module:api/PolicyApi~createPolicyCallback - * @param {String} error Error message, if any. - * @param {module:model/Policy} data The data returned by the service call. - * @param {String} response The complete HTTP response. - */ - - /** - * Create an Access Control Policy - * @param {Object} opts Optional parameters - * @param {module:model/Policy} opts.body - * @param {module:api/PolicyApi~createPolicyCallback} callback The callback function, accepting three arguments: error, data, response - * data is of type: {@link module:model/Policy} - */ - this.createPolicy = function(opts, callback) { - opts = opts || {} - var postBody = opts['body'] - - var pathParams = {} - var queryParams = {} - var headerParams = {} - var formParams = {} - - var authNames = [] - var contentTypes = ['application/json'] - var accepts = ['application/json'] - var returnType = Policy - - return this.apiClient.callApi( - '/policies', - 'POST', - pathParams, - queryParams, - headerParams, - formParams, - postBody, - authNames, - contentTypes, - accepts, - returnType, - callback - ) - } - - /** - * Callback function to receive the result of the deletePolicy operation. - * @callback module:api/PolicyApi~deletePolicyCallback - * @param {String} error Error message, if any. - * @param data This operation does not return a value. - * @param {String} response The complete HTTP response. - */ - - /** - * Delete an Access Control Policy - * @param {String} id The id of the policy. - * @param {module:api/PolicyApi~deletePolicyCallback} callback The callback function, accepting three arguments: error, data, response - */ - this.deletePolicy = function(id, callback) { - var postBody = null - - // verify the required parameter 'id' is set - if (id === undefined || id === null) { - throw new Error( - "Missing the required parameter 'id' when calling deletePolicy" - ) - } - - var pathParams = { - id: id - } - var queryParams = {} - var headerParams = {} - var formParams = {} - - var authNames = [] - var contentTypes = ['application/json'] - var accepts = ['application/json'] - var returnType = null - - return this.apiClient.callApi( - '/policies/{id}', - 'DELETE', - pathParams, - queryParams, - headerParams, - formParams, - postBody, - authNames, - contentTypes, - accepts, - returnType, - callback - ) - } - - /** - * Callback function to receive the result of the getPolicy operation. - * @callback module:api/PolicyApi~getPolicyCallback - * @param {String} error Error message, if any. - * @param {module:model/Policy} data The data returned by the service call. - * @param {String} response The complete HTTP response. - */ - - /** - * Get an Access Control Policy - * @param {String} id The id of the policy. - * @param {module:api/PolicyApi~getPolicyCallback} callback The callback function, accepting three arguments: error, data, response - * data is of type: {@link module:model/Policy} - */ - this.getPolicy = function(id, callback) { - var postBody = null - - // verify the required parameter 'id' is set - if (id === undefined || id === null) { - throw new Error( - "Missing the required parameter 'id' when calling getPolicy" - ) - } - - var pathParams = { - id: id - } - var queryParams = {} - var headerParams = {} - var formParams = {} - - var authNames = [] - var contentTypes = ['application/json'] - var accepts = ['application/json'] - var returnType = Policy - - return this.apiClient.callApi( - '/policies/{id}', - 'GET', - pathParams, - queryParams, - headerParams, - formParams, - postBody, - authNames, - contentTypes, - accepts, - returnType, - callback - ) - } - - /** - * Callback function to receive the result of the listPolicies operation. - * @callback module:api/PolicyApi~listPoliciesCallback - * @param {String} error Error message, if any. - * @param {Array.} data The data returned by the service call. - * @param {String} response The complete HTTP response. - */ - - /** - * List Access Control Policies - * @param {Object} opts Optional parameters - * @param {Number} opts.offset The offset from where to start looking. - * @param {Number} opts.limit The maximum amount of policies returned. - * @param {module:api/PolicyApi~listPoliciesCallback} callback The callback function, accepting three arguments: error, data, response - * data is of type: {@link Array.} - */ - this.listPolicies = function(opts, callback) { - opts = opts || {} - var postBody = null - - var pathParams = {} - var queryParams = { - offset: opts['offset'], - limit: opts['limit'] - } - var headerParams = {} - var formParams = {} - - var authNames = [] - var contentTypes = ['application/json'] - var accepts = ['application/json'] - var returnType = [Policy] - - return this.apiClient.callApi( - '/policies', - 'GET', - pathParams, - queryParams, - headerParams, - formParams, - postBody, - authNames, - contentTypes, - accepts, - returnType, - callback - ) - } - - /** - * Callback function to receive the result of the updatePolicy operation. - * @callback module:api/PolicyApi~updatePolicyCallback - * @param {String} error Error message, if any. - * @param {module:model/Policy} data The data returned by the service call. - * @param {String} response The complete HTTP response. - */ - - /** - * Update an Access Control Policy - * @param {String} id The id of the policy. - * @param {Object} opts Optional parameters - * @param {module:model/Policy} opts.body - * @param {module:api/PolicyApi~updatePolicyCallback} callback The callback function, accepting three arguments: error, data, response - * data is of type: {@link module:model/Policy} - */ - this.updatePolicy = function(id, opts, callback) { - opts = opts || {} - var postBody = opts['body'] - - // verify the required parameter 'id' is set - if (id === undefined || id === null) { - throw new Error( - "Missing the required parameter 'id' when calling updatePolicy" - ) - } - - var pathParams = { - id: id - } - var queryParams = {} - var headerParams = {} - var formParams = {} - - var authNames = [] - var contentTypes = ['application/json'] - var accepts = ['application/json'] - var returnType = Policy - - return this.apiClient.callApi( - '/policies/{id}', - 'PUT', - pathParams, - queryParams, - headerParams, - formParams, - postBody, - authNames, - contentTypes, - accepts, - returnType, - callback - ) - } - } - - return exports -}) diff --git a/sdk/js/swagger/src/api/RoleApi.js b/sdk/js/swagger/src/api/RoleApi.js deleted file mode 100644 index 2f6d1252e..000000000 --- a/sdk/js/swagger/src/api/RoleApi.js +++ /dev/null @@ -1,422 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define([ - 'ApiClient', - 'model/InlineResponse500', - 'model/Role', - 'model/RoleMembers' - ], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory( - require('../ApiClient'), - require('../model/InlineResponse500'), - require('../model/Role'), - require('../model/RoleMembers') - ) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.RoleApi = factory( - root.SwaggerJsClient.ApiClient, - root.SwaggerJsClient.InlineResponse500, - root.SwaggerJsClient.Role, - root.SwaggerJsClient.RoleMembers - ) - } -})(this, function(ApiClient, InlineResponse500, Role, RoleMembers) { - 'use strict' - - /** - * Role service. - * @module api/RoleApi - * @version Latest - */ - - /** - * Constructs a new RoleApi. - * @alias module:api/RoleApi - * @class - * @param {module:ApiClient} apiClient Optional API client implementation to use, - * default to {@link module:ApiClient#instance} if unspecified. - */ - var exports = function(apiClient) { - this.apiClient = apiClient || ApiClient.instance - - /** - * Callback function to receive the result of the addMembersToRole operation. - * @callback module:api/RoleApi~addMembersToRoleCallback - * @param {String} error Error message, if any. - * @param data This operation does not return a value. - * @param {String} response The complete HTTP response. - */ - - /** - * Add members to a role - * A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to add members (users, applications, ...) to a specific role. You have to know the role's ID. - * @param {String} id The id of the role to modify. - * @param {Object} opts Optional parameters - * @param {module:model/RoleMembers} opts.body - * @param {module:api/RoleApi~addMembersToRoleCallback} callback The callback function, accepting three arguments: error, data, response - */ - this.addMembersToRole = function(id, opts, callback) { - opts = opts || {} - var postBody = opts['body'] - - // verify the required parameter 'id' is set - if (id === undefined || id === null) { - throw new Error( - "Missing the required parameter 'id' when calling addMembersToRole" - ) - } - - var pathParams = { - id: id - } - var queryParams = {} - var headerParams = {} - var formParams = {} - - var authNames = [] - var contentTypes = ['application/json'] - var accepts = ['application/json'] - var returnType = null - - return this.apiClient.callApi( - '/roles/{id}/members', - 'POST', - pathParams, - queryParams, - headerParams, - formParams, - postBody, - authNames, - contentTypes, - accepts, - returnType, - callback - ) - } - - /** - * Callback function to receive the result of the createRole operation. - * @callback module:api/RoleApi~createRoleCallback - * @param {String} error Error message, if any. - * @param {module:model/Role} data The data returned by the service call. - * @param {String} response The complete HTTP response. - */ - - /** - * Create a role - * A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to create a new role. You may define members as well but you don't have to. - * @param {Object} opts Optional parameters - * @param {module:model/Role} opts.body - * @param {module:api/RoleApi~createRoleCallback} callback The callback function, accepting three arguments: error, data, response - * data is of type: {@link module:model/Role} - */ - this.createRole = function(opts, callback) { - opts = opts || {} - var postBody = opts['body'] - - var pathParams = {} - var queryParams = {} - var headerParams = {} - var formParams = {} - - var authNames = [] - var contentTypes = ['application/json'] - var accepts = ['application/json'] - var returnType = Role - - return this.apiClient.callApi( - '/roles', - 'POST', - pathParams, - queryParams, - headerParams, - formParams, - postBody, - authNames, - contentTypes, - accepts, - returnType, - callback - ) - } - - /** - * Callback function to receive the result of the deleteRole operation. - * @callback module:api/RoleApi~deleteRoleCallback - * @param {String} error Error message, if any. - * @param data This operation does not return a value. - * @param {String} response The complete HTTP response. - */ - - /** - * Get a role by its ID - * A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to delete an existing role. You have to know the role's ID. - * @param {String} id The id of the role to look up. - * @param {module:api/RoleApi~deleteRoleCallback} callback The callback function, accepting three arguments: error, data, response - */ - this.deleteRole = function(id, callback) { - var postBody = null - - // verify the required parameter 'id' is set - if (id === undefined || id === null) { - throw new Error( - "Missing the required parameter 'id' when calling deleteRole" - ) - } - - var pathParams = { - id: id - } - var queryParams = {} - var headerParams = {} - var formParams = {} - - var authNames = [] - var contentTypes = ['application/json'] - var accepts = ['application/json'] - var returnType = null - - return this.apiClient.callApi( - '/roles/{id}', - 'DELETE', - pathParams, - queryParams, - headerParams, - formParams, - postBody, - authNames, - contentTypes, - accepts, - returnType, - callback - ) - } - - /** - * Callback function to receive the result of the getRole operation. - * @callback module:api/RoleApi~getRoleCallback - * @param {String} error Error message, if any. - * @param {module:model/Role} data The data returned by the service call. - * @param {String} response The complete HTTP response. - */ - - /** - * Get a role by its ID - * A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to retrieve an existing role. You have to know the role's ID. - * @param {String} id The id of the role to look up. - * @param {module:api/RoleApi~getRoleCallback} callback The callback function, accepting three arguments: error, data, response - * data is of type: {@link module:model/Role} - */ - this.getRole = function(id, callback) { - var postBody = null - - // verify the required parameter 'id' is set - if (id === undefined || id === null) { - throw new Error( - "Missing the required parameter 'id' when calling getRole" - ) - } - - var pathParams = { - id: id - } - var queryParams = {} - var headerParams = {} - var formParams = {} - - var authNames = [] - var contentTypes = ['application/json'] - var accepts = ['application/json'] - var returnType = Role - - return this.apiClient.callApi( - '/roles/{id}', - 'GET', - pathParams, - queryParams, - headerParams, - formParams, - postBody, - authNames, - contentTypes, - accepts, - returnType, - callback - ) - } - - /** - * Callback function to receive the result of the listRoles operation. - * @callback module:api/RoleApi~listRolesCallback - * @param {String} error Error message, if any. - * @param {Array.} data The data returned by the service call. - * @param {String} response The complete HTTP response. - */ - - /** - * List all roles - * A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to retrieve all roles that are stored in the system. - * @param {Object} opts Optional parameters - * @param {String} opts.member The id of the member to look up. - * @param {Number} opts.limit The maximum amount of policies returned. - * @param {Number} opts.offset The offset from where to start looking. - * @param {module:api/RoleApi~listRolesCallback} callback The callback function, accepting three arguments: error, data, response - * data is of type: {@link Array.} - */ - this.listRoles = function(opts, callback) { - opts = opts || {} - var postBody = null - - var pathParams = {} - var queryParams = { - member: opts['member'], - limit: opts['limit'], - offset: opts['offset'] - } - var headerParams = {} - var formParams = {} - - var authNames = [] - var contentTypes = ['application/json'] - var accepts = ['application/json'] - var returnType = [Role] - - return this.apiClient.callApi( - '/roles', - 'GET', - pathParams, - queryParams, - headerParams, - formParams, - postBody, - authNames, - contentTypes, - accepts, - returnType, - callback - ) - } - - /** - * Callback function to receive the result of the removeMembersFromRole operation. - * @callback module:api/RoleApi~removeMembersFromRoleCallback - * @param {String} error Error message, if any. - * @param data This operation does not return a value. - * @param {String} response The complete HTTP response. - */ - - /** - * Remove members from a role - * A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to remove members (users, applications, ...) from a specific role. You have to know the role's ID. - * @param {String} id The id of the role to modify. - * @param {Object} opts Optional parameters - * @param {module:model/RoleMembers} opts.body - * @param {module:api/RoleApi~removeMembersFromRoleCallback} callback The callback function, accepting three arguments: error, data, response - */ - this.removeMembersFromRole = function(id, opts, callback) { - opts = opts || {} - var postBody = opts['body'] - - // verify the required parameter 'id' is set - if (id === undefined || id === null) { - throw new Error( - "Missing the required parameter 'id' when calling removeMembersFromRole" - ) - } - - var pathParams = { - id: id - } - var queryParams = {} - var headerParams = {} - var formParams = {} - - var authNames = [] - var contentTypes = ['application/json'] - var accepts = ['application/json'] - var returnType = null - - return this.apiClient.callApi( - '/roles/{id}/members', - 'DELETE', - pathParams, - queryParams, - headerParams, - formParams, - postBody, - authNames, - contentTypes, - accepts, - returnType, - callback - ) - } - - /** - * Callback function to receive the result of the setRole operation. - * @callback module:api/RoleApi~setRoleCallback - * @param {String} error Error message, if any. - * @param data This operation does not return a value. - * @param {String} response The complete HTTP response. - */ - - /** - * A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. - * This endpoint allows you to overwrite a role. You have to know the role's ID. - * @param {module:api/RoleApi~setRoleCallback} callback The callback function, accepting three arguments: error, data, response - */ - this.setRole = function(callback) { - var postBody = null - - var pathParams = {} - var queryParams = {} - var headerParams = {} - var formParams = {} - - var authNames = [] - var contentTypes = ['application/json'] - var accepts = ['application/json'] - var returnType = null - - return this.apiClient.callApi( - '/roles/{id}', - 'PUT', - pathParams, - queryParams, - headerParams, - formParams, - postBody, - authNames, - contentTypes, - accepts, - returnType, - callback - ) - } - } - - return exports -}) diff --git a/sdk/js/swagger/src/api/VersionApi.js b/sdk/js/swagger/src/api/VersionApi.js index 5933816e4..5ab4dc044 100644 --- a/sdk/js/swagger/src/api/VersionApi.js +++ b/sdk/js/swagger/src/api/VersionApi.js @@ -1,9 +1,9 @@ /** - * + * * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * * NOTE: This class is auto generated by the swagger code generator program. * https://github.com/swagger-api/swagger-codegen.git @@ -14,28 +14,22 @@ * */ -;(function(root, factory) { +(function(root, factory) { if (typeof define === 'function' && define.amd) { // AMD. Register as an anonymous module. - define(['ApiClient', 'model/Version'], factory) + define(['ApiClient', 'model/Version'], factory); } else if (typeof module === 'object' && module.exports) { // CommonJS-like environments that support module.exports, like Node. - module.exports = factory( - require('../ApiClient'), - require('../model/Version') - ) + module.exports = factory(require('../ApiClient'), require('../model/Version')); } else { // Browser globals (root is window) if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} + root.SwaggerJsClient = {}; } - root.SwaggerJsClient.VersionApi = factory( - root.SwaggerJsClient.ApiClient, - root.SwaggerJsClient.Version - ) + root.SwaggerJsClient.VersionApi = factory(root.SwaggerJsClient.ApiClient, root.SwaggerJsClient.Version); } -})(this, function(ApiClient, Version) { - 'use strict' +}(this, function(ApiClient, Version) { + 'use strict'; /** * Version service. @@ -44,14 +38,15 @@ */ /** - * Constructs a new VersionApi. + * Constructs a new VersionApi. * @alias module:api/VersionApi * @class * @param {module:ApiClient} apiClient Optional API client implementation to use, * default to {@link module:ApiClient#instance} if unspecified. */ var exports = function(apiClient) { - this.apiClient = apiClient || ApiClient.instance + this.apiClient = apiClient || ApiClient.instance; + /** * Callback function to receive the result of the getVersion operation. @@ -62,40 +57,36 @@ */ /** - * Get the version of Keto - * This endpoint returns the version as `{ \"version\": \"VERSION\" }`. The version is only correct with the prebuilt binary and not custom builds. + * Get service version + * This endpoint returns the service version typically notated using semantic versioning. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. * @param {module:api/VersionApi~getVersionCallback} callback The callback function, accepting three arguments: error, data, response * data is of type: {@link module:model/Version} */ this.getVersion = function(callback) { - var postBody = null + var postBody = null; - var pathParams = {} - var queryParams = {} - var headerParams = {} - var formParams = {} - var authNames = [] - var contentTypes = ['application/json'] - var accepts = ['application/json'] - var returnType = Version + var pathParams = { + }; + var queryParams = { + }; + var headerParams = { + }; + var formParams = { + }; + + var authNames = []; + var contentTypes = ['application/json']; + var accepts = ['application/json']; + var returnType = Version; return this.apiClient.callApi( - '/version', - 'GET', - pathParams, - queryParams, - headerParams, - formParams, - postBody, - authNames, - contentTypes, - accepts, - returnType, - callback - ) + '/version', 'GET', + pathParams, queryParams, headerParams, formParams, postBody, + authNames, contentTypes, accepts, returnType, callback + ); } - } + }; - return exports -}) + return exports; +})); diff --git a/sdk/js/swagger/src/api/WardenApi.js b/sdk/js/swagger/src/api/WardenApi.js deleted file mode 100644 index b12d4b84b..000000000 --- a/sdk/js/swagger/src/api/WardenApi.js +++ /dev/null @@ -1,226 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define([ - 'ApiClient', - 'model/InlineResponse500', - 'model/WardenOAuth2AccessTokenAuthorizationRequest', - 'model/WardenOAuth2AccessTokenAuthorizationResponse', - 'model/WardenOAuth2ClientAuthorizationRequest', - 'model/WardenOAuth2ClientAuthorizationResponse', - 'model/WardenSubjectAuthorizationRequest', - 'model/WardenSubjectAuthorizationResponse' - ], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory( - require('../ApiClient'), - require('../model/InlineResponse500'), - require('../model/WardenOAuth2AccessTokenAuthorizationRequest'), - require('../model/WardenOAuth2AccessTokenAuthorizationResponse'), - require('../model/WardenOAuth2ClientAuthorizationRequest'), - require('../model/WardenOAuth2ClientAuthorizationResponse'), - require('../model/WardenSubjectAuthorizationRequest'), - require('../model/WardenSubjectAuthorizationResponse') - ) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.WardenApi = factory( - root.SwaggerJsClient.ApiClient, - root.SwaggerJsClient.InlineResponse500, - root.SwaggerJsClient.WardenOAuth2AccessTokenAuthorizationRequest, - root.SwaggerJsClient.WardenOAuth2AccessTokenAuthorizationResponse, - root.SwaggerJsClient.WardenOAuth2ClientAuthorizationRequest, - root.SwaggerJsClient.WardenOAuth2ClientAuthorizationResponse, - root.SwaggerJsClient.WardenSubjectAuthorizationRequest, - root.SwaggerJsClient.WardenSubjectAuthorizationResponse - ) - } -})(this, function( - ApiClient, - InlineResponse500, - WardenOAuth2AccessTokenAuthorizationRequest, - WardenOAuth2AccessTokenAuthorizationResponse, - WardenOAuth2ClientAuthorizationRequest, - WardenOAuth2ClientAuthorizationResponse, - WardenSubjectAuthorizationRequest, - WardenSubjectAuthorizationResponse -) { - 'use strict' - - /** - * Warden service. - * @module api/WardenApi - * @version Latest - */ - - /** - * Constructs a new WardenApi. - * @alias module:api/WardenApi - * @class - * @param {module:ApiClient} apiClient Optional API client implementation to use, - * default to {@link module:ApiClient#instance} if unspecified. - */ - var exports = function(apiClient) { - this.apiClient = apiClient || ApiClient.instance - - /** - * Callback function to receive the result of the isOAuth2AccessTokenAuthorized operation. - * @callback module:api/WardenApi~isOAuth2AccessTokenAuthorizedCallback - * @param {String} error Error message, if any. - * @param {module:model/WardenOAuth2AccessTokenAuthorizationResponse} data The data returned by the service call. - * @param {String} response The complete HTTP response. - */ - - /** - * Check if an OAuth 2.0 access token is authorized to access a resource - * Checks if a token is valid and if the token subject is allowed to perform an action on a resource. This endpoint requires a token, a scope, a resource name, an action name and a context. If a token is expired/invalid, has not been granted the requested scope or the subject is not allowed to perform the action on the resource, this endpoint returns a 200 response with `{ \"allowed\": false }`. This endpoint passes all data from the upstream OAuth 2.0 token introspection endpoint. If you use ORY Hydra as an upstream OAuth 2.0 provider, data set through the `accessTokenExtra` field in the consent flow will be included in this response as well. - * @param {Object} opts Optional parameters - * @param {module:model/WardenOAuth2AccessTokenAuthorizationRequest} opts.body - * @param {module:api/WardenApi~isOAuth2AccessTokenAuthorizedCallback} callback The callback function, accepting three arguments: error, data, response - * data is of type: {@link module:model/WardenOAuth2AccessTokenAuthorizationResponse} - */ - this.isOAuth2AccessTokenAuthorized = function(opts, callback) { - opts = opts || {} - var postBody = opts['body'] - - var pathParams = {} - var queryParams = {} - var headerParams = {} - var formParams = {} - - var authNames = [] - var contentTypes = ['application/json'] - var accepts = ['application/json'] - var returnType = WardenOAuth2AccessTokenAuthorizationResponse - - return this.apiClient.callApi( - '/warden/oauth2/access-tokens/authorize', - 'POST', - pathParams, - queryParams, - headerParams, - formParams, - postBody, - authNames, - contentTypes, - accepts, - returnType, - callback - ) - } - - /** - * Callback function to receive the result of the isOAuth2ClientAuthorized operation. - * @callback module:api/WardenApi~isOAuth2ClientAuthorizedCallback - * @param {String} error Error message, if any. - * @param {module:model/WardenOAuth2ClientAuthorizationResponse} data The data returned by the service call. - * @param {String} response The complete HTTP response. - */ - - /** - * Check if an OAuth 2.0 Client is authorized to access a resource - * Checks if an OAuth 2.0 Client provided the correct access credentials and and if the client is allowed to perform an action on a resource. This endpoint requires a client id, a client secret, a scope, a resource name, an action name and a context. - * @param {Object} opts Optional parameters - * @param {module:model/WardenOAuth2ClientAuthorizationRequest} opts.body - * @param {module:api/WardenApi~isOAuth2ClientAuthorizedCallback} callback The callback function, accepting three arguments: error, data, response - * data is of type: {@link module:model/WardenOAuth2ClientAuthorizationResponse} - */ - this.isOAuth2ClientAuthorized = function(opts, callback) { - opts = opts || {} - var postBody = opts['body'] - - var pathParams = {} - var queryParams = {} - var headerParams = {} - var formParams = {} - - var authNames = [] - var contentTypes = ['application/json'] - var accepts = ['application/json'] - var returnType = WardenOAuth2ClientAuthorizationResponse - - return this.apiClient.callApi( - '/warden/oauth2/clients/authorize', - 'POST', - pathParams, - queryParams, - headerParams, - formParams, - postBody, - authNames, - contentTypes, - accepts, - returnType, - callback - ) - } - - /** - * Callback function to receive the result of the isSubjectAuthorized operation. - * @callback module:api/WardenApi~isSubjectAuthorizedCallback - * @param {String} error Error message, if any. - * @param {module:model/WardenSubjectAuthorizationResponse} data The data returned by the service call. - * @param {String} response The complete HTTP response. - */ - - /** - * Check if a subject is authorized to access a resource - * Checks if a subject (e.g. user ID, API key, ...) is allowed to perform a certain action on a resource. - * @param {Object} opts Optional parameters - * @param {module:model/WardenSubjectAuthorizationRequest} opts.body - * @param {module:api/WardenApi~isSubjectAuthorizedCallback} callback The callback function, accepting three arguments: error, data, response - * data is of type: {@link module:model/WardenSubjectAuthorizationResponse} - */ - this.isSubjectAuthorized = function(opts, callback) { - opts = opts || {} - var postBody = opts['body'] - - var pathParams = {} - var queryParams = {} - var headerParams = {} - var formParams = {} - - var authNames = [] - var contentTypes = ['application/json'] - var accepts = ['application/json'] - var returnType = WardenSubjectAuthorizationResponse - - return this.apiClient.callApi( - '/warden/subjects/authorize', - 'POST', - pathParams, - queryParams, - headerParams, - formParams, - postBody, - authNames, - contentTypes, - accepts, - returnType, - callback - ) - } - } - - return exports -}) diff --git a/sdk/js/swagger/src/index.js b/sdk/js/swagger/src/index.js index 181e32b07..ff547f256 100644 --- a/sdk/js/swagger/src/index.js +++ b/sdk/js/swagger/src/index.js @@ -1,9 +1,9 @@ /** - * + * * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * * NOTE: This class is auto generated by the swagger code generator program. * https://github.com/swagger-api/swagger-codegen.git @@ -14,148 +14,16 @@ * */ -;(function(factory) { +(function(factory) { if (typeof define === 'function' && define.amd) { // AMD. Register as an anonymous module. - define([ - 'ApiClient', - 'model/AuthenticationDefaultSession', - 'model/AuthenticationOAuth2ClientCredentialsRequest', - 'model/AuthenticationOAuth2ClientCredentialsSession', - 'model/AuthenticationOAuth2IntrospectionRequest', - 'model/AuthenticationOAuth2Session', - 'model/Authenticator', - 'model/Firewall', - 'model/Handler', - 'model/HealthNotReadyStatus', - 'model/HealthStatus', - 'model/InlineResponse500', - 'model/IntrospectionResponse', - 'model/Manager', - 'model/OAuth2ClientCredentialsAuthentication', - 'model/OAuth2IntrospectionAuthentication', - 'model/Policy', - 'model/PolicyConditions', - 'model/Role', - 'model/RoleMembers', - 'model/Session', - 'model/SwaggerCreatePolicyParameters', - 'model/SwaggerDoesWardenAllowAccessRequestParameters', - 'model/SwaggerDoesWardenAllowClientRequestParameters', - 'model/SwaggerDoesWardenAllowTokenAccessRequestParameters', - 'model/SwaggerGetPolicyParameters', - 'model/SwaggerListPolicyParameters', - 'model/SwaggerListPolicyResponse', - 'model/SwaggerUpdatePolicyParameters', - 'model/SwaggerWardenBaseRequest', - 'model/Version', - 'model/WardenOAuth2AccessTokenAuthorizationRequest', - 'model/WardenOAuth2AccessTokenAuthorizationResponse', - 'model/WardenOAuth2ClientAuthorizationRequest', - 'model/WardenOAuth2ClientAuthorizationResponse', - 'model/WardenSubjectAuthorizationRequest', - 'model/WardenSubjectAuthorizationResponse', - 'model/Writer', - 'api/HealthApi', - 'api/PolicyApi', - 'api/RoleApi', - 'api/VersionApi', - 'api/WardenApi' - ], factory) + define(['ApiClient', 'model/AddOryAccessControlPolicyRoleMembers', 'model/AddOryAccessControlPolicyRoleMembersBody', 'model/AuthorizationResult', 'model/Context', 'model/DeleteOryAccessControlPolicy', 'model/DeleteOryAccessControlPolicyRole', 'model/DoOryAccessControlPoliciesAllow', 'model/GetOryAccessControlPolicy', 'model/GetOryAccessControlPolicyRole', 'model/HealthNotReadyStatus', 'model/HealthStatus', 'model/InlineResponse500', 'model/ListOryAccessControlPolicies', 'model/ListOryAccessControlPolicyRoles', 'model/OryAccessControlPolicies', 'model/OryAccessControlPolicy', 'model/OryAccessControlPolicyAllowedInput', 'model/OryAccessControlPolicyRole', 'model/OryAccessControlPolicyRoles', 'model/Policies', 'model/RemoveOryAccessControlPolicyRoleMembers', 'model/RemoveOryAccessControlPolicyRoleMembersBody', 'model/UpsertOryAccessControlPolicy', 'model/UpsertOryAccessControlPolicyRole', 'model/Version', 'api/EnginesApi', 'api/HealthApi', 'api/VersionApi'], factory); } else if (typeof module === 'object' && module.exports) { // CommonJS-like environments that support module.exports, like Node. - module.exports = factory( - require('./ApiClient'), - require('./model/AuthenticationDefaultSession'), - require('./model/AuthenticationOAuth2ClientCredentialsRequest'), - require('./model/AuthenticationOAuth2ClientCredentialsSession'), - require('./model/AuthenticationOAuth2IntrospectionRequest'), - require('./model/AuthenticationOAuth2Session'), - require('./model/Authenticator'), - require('./model/Firewall'), - require('./model/Handler'), - require('./model/HealthNotReadyStatus'), - require('./model/HealthStatus'), - require('./model/InlineResponse500'), - require('./model/IntrospectionResponse'), - require('./model/Manager'), - require('./model/OAuth2ClientCredentialsAuthentication'), - require('./model/OAuth2IntrospectionAuthentication'), - require('./model/Policy'), - require('./model/PolicyConditions'), - require('./model/Role'), - require('./model/RoleMembers'), - require('./model/Session'), - require('./model/SwaggerCreatePolicyParameters'), - require('./model/SwaggerDoesWardenAllowAccessRequestParameters'), - require('./model/SwaggerDoesWardenAllowClientRequestParameters'), - require('./model/SwaggerDoesWardenAllowTokenAccessRequestParameters'), - require('./model/SwaggerGetPolicyParameters'), - require('./model/SwaggerListPolicyParameters'), - require('./model/SwaggerListPolicyResponse'), - require('./model/SwaggerUpdatePolicyParameters'), - require('./model/SwaggerWardenBaseRequest'), - require('./model/Version'), - require('./model/WardenOAuth2AccessTokenAuthorizationRequest'), - require('./model/WardenOAuth2AccessTokenAuthorizationResponse'), - require('./model/WardenOAuth2ClientAuthorizationRequest'), - require('./model/WardenOAuth2ClientAuthorizationResponse'), - require('./model/WardenSubjectAuthorizationRequest'), - require('./model/WardenSubjectAuthorizationResponse'), - require('./model/Writer'), - require('./api/HealthApi'), - require('./api/PolicyApi'), - require('./api/RoleApi'), - require('./api/VersionApi'), - require('./api/WardenApi') - ) + module.exports = factory(require('./ApiClient'), require('./model/AddOryAccessControlPolicyRoleMembers'), require('./model/AddOryAccessControlPolicyRoleMembersBody'), require('./model/AuthorizationResult'), require('./model/Context'), require('./model/DeleteOryAccessControlPolicy'), require('./model/DeleteOryAccessControlPolicyRole'), require('./model/DoOryAccessControlPoliciesAllow'), require('./model/GetOryAccessControlPolicy'), require('./model/GetOryAccessControlPolicyRole'), require('./model/HealthNotReadyStatus'), require('./model/HealthStatus'), require('./model/InlineResponse500'), require('./model/ListOryAccessControlPolicies'), require('./model/ListOryAccessControlPolicyRoles'), require('./model/OryAccessControlPolicies'), require('./model/OryAccessControlPolicy'), require('./model/OryAccessControlPolicyAllowedInput'), require('./model/OryAccessControlPolicyRole'), require('./model/OryAccessControlPolicyRoles'), require('./model/Policies'), require('./model/RemoveOryAccessControlPolicyRoleMembers'), require('./model/RemoveOryAccessControlPolicyRoleMembersBody'), require('./model/UpsertOryAccessControlPolicy'), require('./model/UpsertOryAccessControlPolicyRole'), require('./model/Version'), require('./api/EnginesApi'), require('./api/HealthApi'), require('./api/VersionApi')); } -})(function( - ApiClient, - AuthenticationDefaultSession, - AuthenticationOAuth2ClientCredentialsRequest, - AuthenticationOAuth2ClientCredentialsSession, - AuthenticationOAuth2IntrospectionRequest, - AuthenticationOAuth2Session, - Authenticator, - Firewall, - Handler, - HealthNotReadyStatus, - HealthStatus, - InlineResponse500, - IntrospectionResponse, - Manager, - OAuth2ClientCredentialsAuthentication, - OAuth2IntrospectionAuthentication, - Policy, - PolicyConditions, - Role, - RoleMembers, - Session, - SwaggerCreatePolicyParameters, - SwaggerDoesWardenAllowAccessRequestParameters, - SwaggerDoesWardenAllowClientRequestParameters, - SwaggerDoesWardenAllowTokenAccessRequestParameters, - SwaggerGetPolicyParameters, - SwaggerListPolicyParameters, - SwaggerListPolicyResponse, - SwaggerUpdatePolicyParameters, - SwaggerWardenBaseRequest, - Version, - WardenOAuth2AccessTokenAuthorizationRequest, - WardenOAuth2AccessTokenAuthorizationResponse, - WardenOAuth2ClientAuthorizationRequest, - WardenOAuth2ClientAuthorizationResponse, - WardenSubjectAuthorizationRequest, - WardenSubjectAuthorizationResponse, - Writer, - HealthApi, - PolicyApi, - RoleApi, - VersionApi, - WardenApi -) { - 'use strict' +}(function(ApiClient, AddOryAccessControlPolicyRoleMembers, AddOryAccessControlPolicyRoleMembersBody, AuthorizationResult, Context, DeleteOryAccessControlPolicy, DeleteOryAccessControlPolicyRole, DoOryAccessControlPoliciesAllow, GetOryAccessControlPolicy, GetOryAccessControlPolicyRole, HealthNotReadyStatus, HealthStatus, InlineResponse500, ListOryAccessControlPolicies, ListOryAccessControlPolicyRoles, OryAccessControlPolicies, OryAccessControlPolicy, OryAccessControlPolicyAllowedInput, OryAccessControlPolicyRole, OryAccessControlPolicyRoles, Policies, RemoveOryAccessControlPolicyRoleMembers, RemoveOryAccessControlPolicyRoleMembersBody, UpsertOryAccessControlPolicy, UpsertOryAccessControlPolicyRole, Version, EnginesApi, HealthApi, VersionApi) { + 'use strict'; /** * Package_main_ORY_Keto.
@@ -195,45 +63,50 @@ */ ApiClient: ApiClient, /** - * The AuthenticationDefaultSession model constructor. - * @property {module:model/AuthenticationDefaultSession} + * The AddOryAccessControlPolicyRoleMembers model constructor. + * @property {module:model/AddOryAccessControlPolicyRoleMembers} + */ + AddOryAccessControlPolicyRoleMembers: AddOryAccessControlPolicyRoleMembers, + /** + * The AddOryAccessControlPolicyRoleMembersBody model constructor. + * @property {module:model/AddOryAccessControlPolicyRoleMembersBody} */ - AuthenticationDefaultSession: AuthenticationDefaultSession, + AddOryAccessControlPolicyRoleMembersBody: AddOryAccessControlPolicyRoleMembersBody, /** - * The AuthenticationOAuth2ClientCredentialsRequest model constructor. - * @property {module:model/AuthenticationOAuth2ClientCredentialsRequest} + * The AuthorizationResult model constructor. + * @property {module:model/AuthorizationResult} */ - AuthenticationOAuth2ClientCredentialsRequest: AuthenticationOAuth2ClientCredentialsRequest, + AuthorizationResult: AuthorizationResult, /** - * The AuthenticationOAuth2ClientCredentialsSession model constructor. - * @property {module:model/AuthenticationOAuth2ClientCredentialsSession} + * The Context model constructor. + * @property {module:model/Context} */ - AuthenticationOAuth2ClientCredentialsSession: AuthenticationOAuth2ClientCredentialsSession, + Context: Context, /** - * The AuthenticationOAuth2IntrospectionRequest model constructor. - * @property {module:model/AuthenticationOAuth2IntrospectionRequest} + * The DeleteOryAccessControlPolicy model constructor. + * @property {module:model/DeleteOryAccessControlPolicy} */ - AuthenticationOAuth2IntrospectionRequest: AuthenticationOAuth2IntrospectionRequest, + DeleteOryAccessControlPolicy: DeleteOryAccessControlPolicy, /** - * The AuthenticationOAuth2Session model constructor. - * @property {module:model/AuthenticationOAuth2Session} + * The DeleteOryAccessControlPolicyRole model constructor. + * @property {module:model/DeleteOryAccessControlPolicyRole} */ - AuthenticationOAuth2Session: AuthenticationOAuth2Session, + DeleteOryAccessControlPolicyRole: DeleteOryAccessControlPolicyRole, /** - * The Authenticator model constructor. - * @property {module:model/Authenticator} + * The DoOryAccessControlPoliciesAllow model constructor. + * @property {module:model/DoOryAccessControlPoliciesAllow} */ - Authenticator: Authenticator, + DoOryAccessControlPoliciesAllow: DoOryAccessControlPoliciesAllow, /** - * The Firewall model constructor. - * @property {module:model/Firewall} + * The GetOryAccessControlPolicy model constructor. + * @property {module:model/GetOryAccessControlPolicy} */ - Firewall: Firewall, + GetOryAccessControlPolicy: GetOryAccessControlPolicy, /** - * The Handler model constructor. - * @property {module:model/Handler} + * The GetOryAccessControlPolicyRole model constructor. + * @property {module:model/GetOryAccessControlPolicyRole} */ - Handler: Handler, + GetOryAccessControlPolicyRole: GetOryAccessControlPolicyRole, /** * The HealthNotReadyStatus model constructor. * @property {module:model/HealthNotReadyStatus} @@ -250,161 +123,86 @@ */ InlineResponse500: InlineResponse500, /** - * The IntrospectionResponse model constructor. - * @property {module:model/IntrospectionResponse} - */ - IntrospectionResponse: IntrospectionResponse, - /** - * The Manager model constructor. - * @property {module:model/Manager} - */ - Manager: Manager, - /** - * The OAuth2ClientCredentialsAuthentication model constructor. - * @property {module:model/OAuth2ClientCredentialsAuthentication} - */ - OAuth2ClientCredentialsAuthentication: OAuth2ClientCredentialsAuthentication, - /** - * The OAuth2IntrospectionAuthentication model constructor. - * @property {module:model/OAuth2IntrospectionAuthentication} + * The ListOryAccessControlPolicies model constructor. + * @property {module:model/ListOryAccessControlPolicies} */ - OAuth2IntrospectionAuthentication: OAuth2IntrospectionAuthentication, + ListOryAccessControlPolicies: ListOryAccessControlPolicies, /** - * The Policy model constructor. - * @property {module:model/Policy} + * The ListOryAccessControlPolicyRoles model constructor. + * @property {module:model/ListOryAccessControlPolicyRoles} */ - Policy: Policy, + ListOryAccessControlPolicyRoles: ListOryAccessControlPolicyRoles, /** - * The PolicyConditions model constructor. - * @property {module:model/PolicyConditions} + * The OryAccessControlPolicies model constructor. + * @property {module:model/OryAccessControlPolicies} */ - PolicyConditions: PolicyConditions, + OryAccessControlPolicies: OryAccessControlPolicies, /** - * The Role model constructor. - * @property {module:model/Role} + * The OryAccessControlPolicy model constructor. + * @property {module:model/OryAccessControlPolicy} */ - Role: Role, + OryAccessControlPolicy: OryAccessControlPolicy, /** - * The RoleMembers model constructor. - * @property {module:model/RoleMembers} + * The OryAccessControlPolicyAllowedInput model constructor. + * @property {module:model/OryAccessControlPolicyAllowedInput} */ - RoleMembers: RoleMembers, + OryAccessControlPolicyAllowedInput: OryAccessControlPolicyAllowedInput, /** - * The Session model constructor. - * @property {module:model/Session} + * The OryAccessControlPolicyRole model constructor. + * @property {module:model/OryAccessControlPolicyRole} */ - Session: Session, + OryAccessControlPolicyRole: OryAccessControlPolicyRole, /** - * The SwaggerCreatePolicyParameters model constructor. - * @property {module:model/SwaggerCreatePolicyParameters} + * The OryAccessControlPolicyRoles model constructor. + * @property {module:model/OryAccessControlPolicyRoles} */ - SwaggerCreatePolicyParameters: SwaggerCreatePolicyParameters, + OryAccessControlPolicyRoles: OryAccessControlPolicyRoles, /** - * The SwaggerDoesWardenAllowAccessRequestParameters model constructor. - * @property {module:model/SwaggerDoesWardenAllowAccessRequestParameters} + * The Policies model constructor. + * @property {module:model/Policies} */ - SwaggerDoesWardenAllowAccessRequestParameters: SwaggerDoesWardenAllowAccessRequestParameters, + Policies: Policies, /** - * The SwaggerDoesWardenAllowClientRequestParameters model constructor. - * @property {module:model/SwaggerDoesWardenAllowClientRequestParameters} + * The RemoveOryAccessControlPolicyRoleMembers model constructor. + * @property {module:model/RemoveOryAccessControlPolicyRoleMembers} */ - SwaggerDoesWardenAllowClientRequestParameters: SwaggerDoesWardenAllowClientRequestParameters, + RemoveOryAccessControlPolicyRoleMembers: RemoveOryAccessControlPolicyRoleMembers, /** - * The SwaggerDoesWardenAllowTokenAccessRequestParameters model constructor. - * @property {module:model/SwaggerDoesWardenAllowTokenAccessRequestParameters} + * The RemoveOryAccessControlPolicyRoleMembersBody model constructor. + * @property {module:model/RemoveOryAccessControlPolicyRoleMembersBody} */ - SwaggerDoesWardenAllowTokenAccessRequestParameters: SwaggerDoesWardenAllowTokenAccessRequestParameters, + RemoveOryAccessControlPolicyRoleMembersBody: RemoveOryAccessControlPolicyRoleMembersBody, /** - * The SwaggerGetPolicyParameters model constructor. - * @property {module:model/SwaggerGetPolicyParameters} + * The UpsertOryAccessControlPolicy model constructor. + * @property {module:model/UpsertOryAccessControlPolicy} */ - SwaggerGetPolicyParameters: SwaggerGetPolicyParameters, + UpsertOryAccessControlPolicy: UpsertOryAccessControlPolicy, /** - * The SwaggerListPolicyParameters model constructor. - * @property {module:model/SwaggerListPolicyParameters} + * The UpsertOryAccessControlPolicyRole model constructor. + * @property {module:model/UpsertOryAccessControlPolicyRole} */ - SwaggerListPolicyParameters: SwaggerListPolicyParameters, - /** - * The SwaggerListPolicyResponse model constructor. - * @property {module:model/SwaggerListPolicyResponse} - */ - SwaggerListPolicyResponse: SwaggerListPolicyResponse, - /** - * The SwaggerUpdatePolicyParameters model constructor. - * @property {module:model/SwaggerUpdatePolicyParameters} - */ - SwaggerUpdatePolicyParameters: SwaggerUpdatePolicyParameters, - /** - * The SwaggerWardenBaseRequest model constructor. - * @property {module:model/SwaggerWardenBaseRequest} - */ - SwaggerWardenBaseRequest: SwaggerWardenBaseRequest, + UpsertOryAccessControlPolicyRole: UpsertOryAccessControlPolicyRole, /** * The Version model constructor. * @property {module:model/Version} */ Version: Version, /** - * The WardenOAuth2AccessTokenAuthorizationRequest model constructor. - * @property {module:model/WardenOAuth2AccessTokenAuthorizationRequest} - */ - WardenOAuth2AccessTokenAuthorizationRequest: WardenOAuth2AccessTokenAuthorizationRequest, - /** - * The WardenOAuth2AccessTokenAuthorizationResponse model constructor. - * @property {module:model/WardenOAuth2AccessTokenAuthorizationResponse} + * The EnginesApi service constructor. + * @property {module:api/EnginesApi} */ - WardenOAuth2AccessTokenAuthorizationResponse: WardenOAuth2AccessTokenAuthorizationResponse, - /** - * The WardenOAuth2ClientAuthorizationRequest model constructor. - * @property {module:model/WardenOAuth2ClientAuthorizationRequest} - */ - WardenOAuth2ClientAuthorizationRequest: WardenOAuth2ClientAuthorizationRequest, - /** - * The WardenOAuth2ClientAuthorizationResponse model constructor. - * @property {module:model/WardenOAuth2ClientAuthorizationResponse} - */ - WardenOAuth2ClientAuthorizationResponse: WardenOAuth2ClientAuthorizationResponse, - /** - * The WardenSubjectAuthorizationRequest model constructor. - * @property {module:model/WardenSubjectAuthorizationRequest} - */ - WardenSubjectAuthorizationRequest: WardenSubjectAuthorizationRequest, - /** - * The WardenSubjectAuthorizationResponse model constructor. - * @property {module:model/WardenSubjectAuthorizationResponse} - */ - WardenSubjectAuthorizationResponse: WardenSubjectAuthorizationResponse, - /** - * The Writer model constructor. - * @property {module:model/Writer} - */ - Writer: Writer, + EnginesApi: EnginesApi, /** * The HealthApi service constructor. * @property {module:api/HealthApi} */ HealthApi: HealthApi, - /** - * The PolicyApi service constructor. - * @property {module:api/PolicyApi} - */ - PolicyApi: PolicyApi, - /** - * The RoleApi service constructor. - * @property {module:api/RoleApi} - */ - RoleApi: RoleApi, /** * The VersionApi service constructor. * @property {module:api/VersionApi} */ - VersionApi: VersionApi, - /** - * The WardenApi service constructor. - * @property {module:api/WardenApi} - */ - WardenApi: WardenApi - } + VersionApi: VersionApi + }; - return exports -}) + return exports; +})); diff --git a/sdk/js/swagger/src/model/AddOryAccessControlPolicyRoleMembers.js b/sdk/js/swagger/src/model/AddOryAccessControlPolicyRoleMembers.js new file mode 100644 index 000000000..605804e2e --- /dev/null +++ b/sdk/js/swagger/src/model/AddOryAccessControlPolicyRoleMembers.js @@ -0,0 +1,102 @@ +/** + * + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * + * NOTE: This class is auto generated by the swagger code generator program. + * https://github.com/swagger-api/swagger-codegen.git + * + * Swagger Codegen version: 2.2.3 + * + * Do not edit the class manually. + * + */ + +(function(root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module. + define(['ApiClient', 'model/AddOryAccessControlPolicyRoleMembersBody'], factory); + } else if (typeof module === 'object' && module.exports) { + // CommonJS-like environments that support module.exports, like Node. + module.exports = factory(require('../ApiClient'), require('./AddOryAccessControlPolicyRoleMembersBody')); + } else { + // Browser globals (root is window) + if (!root.SwaggerJsClient) { + root.SwaggerJsClient = {}; + } + root.SwaggerJsClient.AddOryAccessControlPolicyRoleMembers = factory(root.SwaggerJsClient.ApiClient, root.SwaggerJsClient.AddOryAccessControlPolicyRoleMembersBody); + } +}(this, function(ApiClient, AddOryAccessControlPolicyRoleMembersBody) { + 'use strict'; + + + + + /** + * The AddOryAccessControlPolicyRoleMembers model module. + * @module model/AddOryAccessControlPolicyRoleMembers + * @version Latest + */ + + /** + * Constructs a new AddOryAccessControlPolicyRoleMembers. + * @alias module:model/AddOryAccessControlPolicyRoleMembers + * @class + * @param flavor {String} The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + * @param id {String} The ID of the ORY Access Control Policy Role. in: path + */ + var exports = function(flavor, id) { + var _this = this; + + + _this['flavor'] = flavor; + _this['id'] = id; + }; + + /** + * Constructs a AddOryAccessControlPolicyRoleMembers from a plain JavaScript object, optionally creating a new instance. + * Copies all relevant properties from data to obj if supplied or a new instance if not. + * @param {Object} data The plain JavaScript object bearing properties of interest. + * @param {module:model/AddOryAccessControlPolicyRoleMembers} obj Optional instance to populate. + * @return {module:model/AddOryAccessControlPolicyRoleMembers} The populated AddOryAccessControlPolicyRoleMembers instance. + */ + exports.constructFromObject = function(data, obj) { + if (data) { + obj = obj || new exports(); + + if (data.hasOwnProperty('Body')) { + obj['Body'] = AddOryAccessControlPolicyRoleMembersBody.constructFromObject(data['Body']); + } + if (data.hasOwnProperty('flavor')) { + obj['flavor'] = ApiClient.convertToType(data['flavor'], 'String'); + } + if (data.hasOwnProperty('id')) { + obj['id'] = ApiClient.convertToType(data['id'], 'String'); + } + } + return obj; + } + + /** + * @member {module:model/AddOryAccessControlPolicyRoleMembersBody} Body + */ + exports.prototype['Body'] = undefined; + /** + * The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + * @member {String} flavor + */ + exports.prototype['flavor'] = undefined; + /** + * The ID of the ORY Access Control Policy Role. in: path + * @member {String} id + */ + exports.prototype['id'] = undefined; + + + + return exports; +})); + + diff --git a/sdk/js/swagger/src/model/AddOryAccessControlPolicyRoleMembersBody.js b/sdk/js/swagger/src/model/AddOryAccessControlPolicyRoleMembersBody.js new file mode 100644 index 000000000..900873c2d --- /dev/null +++ b/sdk/js/swagger/src/model/AddOryAccessControlPolicyRoleMembersBody.js @@ -0,0 +1,83 @@ +/** + * + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * + * NOTE: This class is auto generated by the swagger code generator program. + * https://github.com/swagger-api/swagger-codegen.git + * + * Swagger Codegen version: 2.2.3 + * + * Do not edit the class manually. + * + */ + +(function(root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module. + define(['ApiClient'], factory); + } else if (typeof module === 'object' && module.exports) { + // CommonJS-like environments that support module.exports, like Node. + module.exports = factory(require('../ApiClient')); + } else { + // Browser globals (root is window) + if (!root.SwaggerJsClient) { + root.SwaggerJsClient = {}; + } + root.SwaggerJsClient.AddOryAccessControlPolicyRoleMembersBody = factory(root.SwaggerJsClient.ApiClient); + } +}(this, function(ApiClient) { + 'use strict'; + + + + + /** + * The AddOryAccessControlPolicyRoleMembersBody model module. + * @module model/AddOryAccessControlPolicyRoleMembersBody + * @version Latest + */ + + /** + * Constructs a new AddOryAccessControlPolicyRoleMembersBody. + * @alias module:model/AddOryAccessControlPolicyRoleMembersBody + * @class + */ + var exports = function() { + var _this = this; + + + }; + + /** + * Constructs a AddOryAccessControlPolicyRoleMembersBody from a plain JavaScript object, optionally creating a new instance. + * Copies all relevant properties from data to obj if supplied or a new instance if not. + * @param {Object} data The plain JavaScript object bearing properties of interest. + * @param {module:model/AddOryAccessControlPolicyRoleMembersBody} obj Optional instance to populate. + * @return {module:model/AddOryAccessControlPolicyRoleMembersBody} The populated AddOryAccessControlPolicyRoleMembersBody instance. + */ + exports.constructFromObject = function(data, obj) { + if (data) { + obj = obj || new exports(); + + if (data.hasOwnProperty('members')) { + obj['members'] = ApiClient.convertToType(data['members'], ['String']); + } + } + return obj; + } + + /** + * The members to be added. + * @member {Array.} members + */ + exports.prototype['members'] = undefined; + + + + return exports; +})); + + diff --git a/sdk/js/swagger/src/model/AuthenticationDefaultSession.js b/sdk/js/swagger/src/model/AuthenticationDefaultSession.js deleted file mode 100644 index a53b07e8a..000000000 --- a/sdk/js/swagger/src/model/AuthenticationDefaultSession.js +++ /dev/null @@ -1,84 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.AuthenticationDefaultSession = factory( - root.SwaggerJsClient.ApiClient - ) - } -})(this, function(ApiClient) { - 'use strict' - - /** - * The AuthenticationDefaultSession model module. - * @module model/AuthenticationDefaultSession - * @version Latest - */ - - /** - * Constructs a new AuthenticationDefaultSession. - * @alias module:model/AuthenticationDefaultSession - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a AuthenticationDefaultSession from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/AuthenticationDefaultSession} obj Optional instance to populate. - * @return {module:model/AuthenticationDefaultSession} The populated AuthenticationDefaultSession instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('allowed')) { - obj['allowed'] = ApiClient.convertToType(data['allowed'], 'Boolean') - } - if (data.hasOwnProperty('sub')) { - obj['sub'] = ApiClient.convertToType(data['sub'], 'String') - } - } - return obj - } - - /** - * Allowed is true if the request is allowed and false otherwise. - * @member {Boolean} allowed - */ - exports.prototype['allowed'] = undefined - /** - * Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. - * @member {String} sub - */ - exports.prototype['sub'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/AuthenticationOAuth2ClientCredentialsRequest.js b/sdk/js/swagger/src/model/AuthenticationOAuth2ClientCredentialsRequest.js deleted file mode 100644 index 8b52084c1..000000000 --- a/sdk/js/swagger/src/model/AuthenticationOAuth2ClientCredentialsRequest.js +++ /dev/null @@ -1,94 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.AuthenticationOAuth2ClientCredentialsRequest = factory( - root.SwaggerJsClient.ApiClient - ) - } -})(this, function(ApiClient) { - 'use strict' - - /** - * The AuthenticationOAuth2ClientCredentialsRequest model module. - * @module model/AuthenticationOAuth2ClientCredentialsRequest - * @version Latest - */ - - /** - * Constructs a new AuthenticationOAuth2ClientCredentialsRequest. - * @alias module:model/AuthenticationOAuth2ClientCredentialsRequest - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a AuthenticationOAuth2ClientCredentialsRequest from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/AuthenticationOAuth2ClientCredentialsRequest} obj Optional instance to populate. - * @return {module:model/AuthenticationOAuth2ClientCredentialsRequest} The populated AuthenticationOAuth2ClientCredentialsRequest instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('client_id')) { - obj['client_id'] = ApiClient.convertToType(data['client_id'], 'String') - } - if (data.hasOwnProperty('client_secret')) { - obj['client_secret'] = ApiClient.convertToType( - data['client_secret'], - 'String' - ) - } - if (data.hasOwnProperty('scope')) { - obj['scope'] = ApiClient.convertToType(data['scope'], ['String']) - } - } - return obj - } - - /** - * Token is the token to introspect. - * @member {String} client_id - */ - exports.prototype['client_id'] = undefined - /** - * @member {String} client_secret - */ - exports.prototype['client_secret'] = undefined - /** - * Scope is an array of scopes that are required. - * @member {Array.} scope - */ - exports.prototype['scope'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/AuthenticationOAuth2ClientCredentialsSession.js b/sdk/js/swagger/src/model/AuthenticationOAuth2ClientCredentialsSession.js deleted file mode 100644 index f16e16a33..000000000 --- a/sdk/js/swagger/src/model/AuthenticationOAuth2ClientCredentialsSession.js +++ /dev/null @@ -1,84 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.AuthenticationOAuth2ClientCredentialsSession = factory( - root.SwaggerJsClient.ApiClient - ) - } -})(this, function(ApiClient) { - 'use strict' - - /** - * The AuthenticationOAuth2ClientCredentialsSession model module. - * @module model/AuthenticationOAuth2ClientCredentialsSession - * @version Latest - */ - - /** - * Constructs a new AuthenticationOAuth2ClientCredentialsSession. - * @alias module:model/AuthenticationOAuth2ClientCredentialsSession - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a AuthenticationOAuth2ClientCredentialsSession from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/AuthenticationOAuth2ClientCredentialsSession} obj Optional instance to populate. - * @return {module:model/AuthenticationOAuth2ClientCredentialsSession} The populated AuthenticationOAuth2ClientCredentialsSession instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('allowed')) { - obj['allowed'] = ApiClient.convertToType(data['allowed'], 'Boolean') - } - if (data.hasOwnProperty('sub')) { - obj['sub'] = ApiClient.convertToType(data['sub'], 'String') - } - } - return obj - } - - /** - * Allowed is true if the request is allowed and false otherwise. - * @member {Boolean} allowed - */ - exports.prototype['allowed'] = undefined - /** - * Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. - * @member {String} sub - */ - exports.prototype['sub'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/AuthenticationOAuth2IntrospectionRequest.js b/sdk/js/swagger/src/model/AuthenticationOAuth2IntrospectionRequest.js deleted file mode 100644 index 5a4ecda59..000000000 --- a/sdk/js/swagger/src/model/AuthenticationOAuth2IntrospectionRequest.js +++ /dev/null @@ -1,84 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.AuthenticationOAuth2IntrospectionRequest = factory( - root.SwaggerJsClient.ApiClient - ) - } -})(this, function(ApiClient) { - 'use strict' - - /** - * The AuthenticationOAuth2IntrospectionRequest model module. - * @module model/AuthenticationOAuth2IntrospectionRequest - * @version Latest - */ - - /** - * Constructs a new AuthenticationOAuth2IntrospectionRequest. - * @alias module:model/AuthenticationOAuth2IntrospectionRequest - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a AuthenticationOAuth2IntrospectionRequest from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/AuthenticationOAuth2IntrospectionRequest} obj Optional instance to populate. - * @return {module:model/AuthenticationOAuth2IntrospectionRequest} The populated AuthenticationOAuth2IntrospectionRequest instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('scope')) { - obj['scope'] = ApiClient.convertToType(data['scope'], ['String']) - } - if (data.hasOwnProperty('token')) { - obj['token'] = ApiClient.convertToType(data['token'], 'String') - } - } - return obj - } - - /** - * Scope is an array of scopes that are required. - * @member {Array.} scope - */ - exports.prototype['scope'] = undefined - /** - * Token is the token to introspect. - * @member {String} token - */ - exports.prototype['token'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/AuthenticationOAuth2Session.js b/sdk/js/swagger/src/model/AuthenticationOAuth2Session.js deleted file mode 100644 index 85b7d5418..000000000 --- a/sdk/js/swagger/src/model/AuthenticationOAuth2Session.js +++ /dev/null @@ -1,155 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.AuthenticationOAuth2Session = factory( - root.SwaggerJsClient.ApiClient - ) - } -})(this, function(ApiClient) { - 'use strict' - - /** - * The AuthenticationOAuth2Session model module. - * @module model/AuthenticationOAuth2Session - * @version Latest - */ - - /** - * Constructs a new AuthenticationOAuth2Session. - * @alias module:model/AuthenticationOAuth2Session - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a AuthenticationOAuth2Session from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/AuthenticationOAuth2Session} obj Optional instance to populate. - * @return {module:model/AuthenticationOAuth2Session} The populated AuthenticationOAuth2Session instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('allowed')) { - obj['allowed'] = ApiClient.convertToType(data['allowed'], 'Boolean') - } - if (data.hasOwnProperty('aud')) { - obj['aud'] = ApiClient.convertToType(data['aud'], ['String']) - } - if (data.hasOwnProperty('client_id')) { - obj['client_id'] = ApiClient.convertToType(data['client_id'], 'String') - } - if (data.hasOwnProperty('exp')) { - obj['exp'] = ApiClient.convertToType(data['exp'], 'Date') - } - if (data.hasOwnProperty('iat')) { - obj['iat'] = ApiClient.convertToType(data['iat'], 'Date') - } - if (data.hasOwnProperty('iss')) { - obj['iss'] = ApiClient.convertToType(data['iss'], 'String') - } - if (data.hasOwnProperty('nbf')) { - obj['nbf'] = ApiClient.convertToType(data['nbf'], 'Date') - } - if (data.hasOwnProperty('scope')) { - obj['scope'] = ApiClient.convertToType(data['scope'], 'String') - } - if (data.hasOwnProperty('session')) { - obj['session'] = ApiClient.convertToType(data['session'], { - String: Object - }) - } - if (data.hasOwnProperty('sub')) { - obj['sub'] = ApiClient.convertToType(data['sub'], 'String') - } - if (data.hasOwnProperty('username')) { - obj['username'] = ApiClient.convertToType(data['username'], 'String') - } - } - return obj - } - - /** - * Allowed is true if the request is allowed and false otherwise. - * @member {Boolean} allowed - */ - exports.prototype['allowed'] = undefined - /** - * @member {Array.} aud - */ - exports.prototype['aud'] = undefined - /** - * ClientID is the id of the OAuth2 client that requested the token. - * @member {String} client_id - */ - exports.prototype['client_id'] = undefined - /** - * ExpiresAt is the expiry timestamp. - * @member {Date} exp - */ - exports.prototype['exp'] = undefined - /** - * IssuedAt is the token creation time stamp. - * @member {Date} iat - */ - exports.prototype['iat'] = undefined - /** - * Issuer is the id of the issuer, typically an hydra instance. - * @member {String} iss - */ - exports.prototype['iss'] = undefined - /** - * @member {Date} nbf - */ - exports.prototype['nbf'] = undefined - /** - * GrantedScopes is a list of scopes that the subject authorized when asked for consent. - * @member {String} scope - */ - exports.prototype['scope'] = undefined - /** - * Session represents arbitrary session data. - * @member {Object.} session - */ - exports.prototype['session'] = undefined - /** - * Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. - * @member {String} sub - */ - exports.prototype['sub'] = undefined - /** - * @member {String} username - */ - exports.prototype['username'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/Authenticator.js b/sdk/js/swagger/src/model/Authenticator.js deleted file mode 100644 index a575d6178..000000000 --- a/sdk/js/swagger/src/model/Authenticator.js +++ /dev/null @@ -1,64 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.Authenticator = factory(root.SwaggerJsClient.ApiClient) - } -})(this, function(ApiClient) { - 'use strict' - - /** - * The Authenticator model module. - * @module model/Authenticator - * @version Latest - */ - - /** - * Constructs a new Authenticator. - * @alias module:model/Authenticator - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a Authenticator from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/Authenticator} obj Optional instance to populate. - * @return {module:model/Authenticator} The populated Authenticator instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - } - return obj - } - - return exports -}) diff --git a/sdk/js/swagger/src/model/AuthorizationResult.js b/sdk/js/swagger/src/model/AuthorizationResult.js new file mode 100644 index 000000000..b9b728f9c --- /dev/null +++ b/sdk/js/swagger/src/model/AuthorizationResult.js @@ -0,0 +1,83 @@ +/** + * + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * + * NOTE: This class is auto generated by the swagger code generator program. + * https://github.com/swagger-api/swagger-codegen.git + * + * Swagger Codegen version: 2.2.3 + * + * Do not edit the class manually. + * + */ + +(function(root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module. + define(['ApiClient'], factory); + } else if (typeof module === 'object' && module.exports) { + // CommonJS-like environments that support module.exports, like Node. + module.exports = factory(require('../ApiClient')); + } else { + // Browser globals (root is window) + if (!root.SwaggerJsClient) { + root.SwaggerJsClient = {}; + } + root.SwaggerJsClient.AuthorizationResult = factory(root.SwaggerJsClient.ApiClient); + } +}(this, function(ApiClient) { + 'use strict'; + + + + + /** + * The AuthorizationResult model module. + * @module model/AuthorizationResult + * @version Latest + */ + + /** + * Constructs a new AuthorizationResult. + * @alias module:model/AuthorizationResult + * @class + */ + var exports = function() { + var _this = this; + + + }; + + /** + * Constructs a AuthorizationResult from a plain JavaScript object, optionally creating a new instance. + * Copies all relevant properties from data to obj if supplied or a new instance if not. + * @param {Object} data The plain JavaScript object bearing properties of interest. + * @param {module:model/AuthorizationResult} obj Optional instance to populate. + * @return {module:model/AuthorizationResult} The populated AuthorizationResult instance. + */ + exports.constructFromObject = function(data, obj) { + if (data) { + obj = obj || new exports(); + + if (data.hasOwnProperty('allowed')) { + obj['allowed'] = ApiClient.convertToType(data['allowed'], 'Boolean'); + } + } + return obj; + } + + /** + * Allowed is true if the request should be allowed and false otherwise. + * @member {Boolean} allowed + */ + exports.prototype['allowed'] = undefined; + + + + return exports; +})); + + diff --git a/sdk/js/swagger/src/model/Manager.js b/sdk/js/swagger/src/model/Context.js similarity index 55% rename from sdk/js/swagger/src/model/Manager.js rename to sdk/js/swagger/src/model/Context.js index 8f3a0f78c..2ea12d9c8 100644 --- a/sdk/js/swagger/src/model/Manager.js +++ b/sdk/js/swagger/src/model/Context.js @@ -1,9 +1,9 @@ /** - * + * * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * * NOTE: This class is auto generated by the swagger code generator program. * https://github.com/swagger-api/swagger-codegen.git @@ -14,51 +14,64 @@ * */ -;(function(root, factory) { +(function(root, factory) { if (typeof define === 'function' && define.amd) { // AMD. Register as an anonymous module. - define(['ApiClient'], factory) + define(['ApiClient'], factory); } else if (typeof module === 'object' && module.exports) { // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) + module.exports = factory(require('../ApiClient')); } else { // Browser globals (root is window) if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} + root.SwaggerJsClient = {}; } - root.SwaggerJsClient.Manager = factory(root.SwaggerJsClient.ApiClient) + root.SwaggerJsClient.Context = factory(root.SwaggerJsClient.ApiClient); } -})(this, function(ApiClient) { - 'use strict' +}(this, function(ApiClient) { + 'use strict'; + + + /** - * The Manager model module. - * @module model/Manager + * The Context model module. + * @module model/Context * @version Latest */ /** - * Constructs a new Manager. - * @alias module:model/Manager + * Constructs a new Context. + * @alias module:model/Context * @class + * @extends Object */ var exports = function() { - var _this = this - } + var _this = this; + + return _this; + }; /** - * Constructs a Manager from a plain JavaScript object, optionally creating a new instance. + * Constructs a Context from a plain JavaScript object, optionally creating a new instance. * Copies all relevant properties from data to obj if supplied or a new instance if not. * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/Manager} obj Optional instance to populate. - * @return {module:model/Manager} The populated Manager instance. + * @param {module:model/Context} obj Optional instance to populate. + * @return {module:model/Context} The populated Context instance. */ exports.constructFromObject = function(data, obj) { if (data) { - obj = obj || new exports() + obj = obj || new exports(); + ApiClient.constructFromObject(data, obj, 'Object'); + } - return obj + return obj; } - return exports -}) + + + + return exports; +})); + + diff --git a/sdk/js/swagger/src/model/DeleteOryAccessControlPolicy.js b/sdk/js/swagger/src/model/DeleteOryAccessControlPolicy.js new file mode 100644 index 000000000..fdb6bc141 --- /dev/null +++ b/sdk/js/swagger/src/model/DeleteOryAccessControlPolicy.js @@ -0,0 +1,94 @@ +/** + * + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * + * NOTE: This class is auto generated by the swagger code generator program. + * https://github.com/swagger-api/swagger-codegen.git + * + * Swagger Codegen version: 2.2.3 + * + * Do not edit the class manually. + * + */ + +(function(root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module. + define(['ApiClient'], factory); + } else if (typeof module === 'object' && module.exports) { + // CommonJS-like environments that support module.exports, like Node. + module.exports = factory(require('../ApiClient')); + } else { + // Browser globals (root is window) + if (!root.SwaggerJsClient) { + root.SwaggerJsClient = {}; + } + root.SwaggerJsClient.DeleteOryAccessControlPolicy = factory(root.SwaggerJsClient.ApiClient); + } +}(this, function(ApiClient) { + 'use strict'; + + + + + /** + * The DeleteOryAccessControlPolicy model module. + * @module model/DeleteOryAccessControlPolicy + * @version Latest + */ + + /** + * Constructs a new DeleteOryAccessControlPolicy. + * @alias module:model/DeleteOryAccessControlPolicy + * @class + * @param flavor {String} The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + * @param id {String} The ID of the ORY Access Control Policy Role. in: path + */ + var exports = function(flavor, id) { + var _this = this; + + _this['flavor'] = flavor; + _this['id'] = id; + }; + + /** + * Constructs a DeleteOryAccessControlPolicy from a plain JavaScript object, optionally creating a new instance. + * Copies all relevant properties from data to obj if supplied or a new instance if not. + * @param {Object} data The plain JavaScript object bearing properties of interest. + * @param {module:model/DeleteOryAccessControlPolicy} obj Optional instance to populate. + * @return {module:model/DeleteOryAccessControlPolicy} The populated DeleteOryAccessControlPolicy instance. + */ + exports.constructFromObject = function(data, obj) { + if (data) { + obj = obj || new exports(); + + if (data.hasOwnProperty('flavor')) { + obj['flavor'] = ApiClient.convertToType(data['flavor'], 'String'); + } + if (data.hasOwnProperty('id')) { + obj['id'] = ApiClient.convertToType(data['id'], 'String'); + } + } + return obj; + } + + /** + * The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + * @member {String} flavor + */ + exports.prototype['flavor'] = undefined; + /** + * The ID of the ORY Access Control Policy Role. in: path + * @member {String} id + */ + exports.prototype['id'] = undefined; + + + + return exports; +})); + + diff --git a/sdk/js/swagger/src/model/DeleteOryAccessControlPolicyRole.js b/sdk/js/swagger/src/model/DeleteOryAccessControlPolicyRole.js new file mode 100644 index 000000000..1d40c1697 --- /dev/null +++ b/sdk/js/swagger/src/model/DeleteOryAccessControlPolicyRole.js @@ -0,0 +1,94 @@ +/** + * + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * + * NOTE: This class is auto generated by the swagger code generator program. + * https://github.com/swagger-api/swagger-codegen.git + * + * Swagger Codegen version: 2.2.3 + * + * Do not edit the class manually. + * + */ + +(function(root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module. + define(['ApiClient'], factory); + } else if (typeof module === 'object' && module.exports) { + // CommonJS-like environments that support module.exports, like Node. + module.exports = factory(require('../ApiClient')); + } else { + // Browser globals (root is window) + if (!root.SwaggerJsClient) { + root.SwaggerJsClient = {}; + } + root.SwaggerJsClient.DeleteOryAccessControlPolicyRole = factory(root.SwaggerJsClient.ApiClient); + } +}(this, function(ApiClient) { + 'use strict'; + + + + + /** + * The DeleteOryAccessControlPolicyRole model module. + * @module model/DeleteOryAccessControlPolicyRole + * @version Latest + */ + + /** + * Constructs a new DeleteOryAccessControlPolicyRole. + * @alias module:model/DeleteOryAccessControlPolicyRole + * @class + * @param flavor {String} The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + * @param id {String} The ID of the ORY Access Control Policy Role. in: path + */ + var exports = function(flavor, id) { + var _this = this; + + _this['flavor'] = flavor; + _this['id'] = id; + }; + + /** + * Constructs a DeleteOryAccessControlPolicyRole from a plain JavaScript object, optionally creating a new instance. + * Copies all relevant properties from data to obj if supplied or a new instance if not. + * @param {Object} data The plain JavaScript object bearing properties of interest. + * @param {module:model/DeleteOryAccessControlPolicyRole} obj Optional instance to populate. + * @return {module:model/DeleteOryAccessControlPolicyRole} The populated DeleteOryAccessControlPolicyRole instance. + */ + exports.constructFromObject = function(data, obj) { + if (data) { + obj = obj || new exports(); + + if (data.hasOwnProperty('flavor')) { + obj['flavor'] = ApiClient.convertToType(data['flavor'], 'String'); + } + if (data.hasOwnProperty('id')) { + obj['id'] = ApiClient.convertToType(data['id'], 'String'); + } + } + return obj; + } + + /** + * The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + * @member {String} flavor + */ + exports.prototype['flavor'] = undefined; + /** + * The ID of the ORY Access Control Policy Role. in: path + * @member {String} id + */ + exports.prototype['id'] = undefined; + + + + return exports; +})); + + diff --git a/sdk/js/swagger/src/model/DoOryAccessControlPoliciesAllow.js b/sdk/js/swagger/src/model/DoOryAccessControlPoliciesAllow.js new file mode 100644 index 000000000..7a94d31f7 --- /dev/null +++ b/sdk/js/swagger/src/model/DoOryAccessControlPoliciesAllow.js @@ -0,0 +1,92 @@ +/** + * + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * + * NOTE: This class is auto generated by the swagger code generator program. + * https://github.com/swagger-api/swagger-codegen.git + * + * Swagger Codegen version: 2.2.3 + * + * Do not edit the class manually. + * + */ + +(function(root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module. + define(['ApiClient', 'model/OryAccessControlPolicyAllowedInput'], factory); + } else if (typeof module === 'object' && module.exports) { + // CommonJS-like environments that support module.exports, like Node. + module.exports = factory(require('../ApiClient'), require('./OryAccessControlPolicyAllowedInput')); + } else { + // Browser globals (root is window) + if (!root.SwaggerJsClient) { + root.SwaggerJsClient = {}; + } + root.SwaggerJsClient.DoOryAccessControlPoliciesAllow = factory(root.SwaggerJsClient.ApiClient, root.SwaggerJsClient.OryAccessControlPolicyAllowedInput); + } +}(this, function(ApiClient, OryAccessControlPolicyAllowedInput) { + 'use strict'; + + + + + /** + * The DoOryAccessControlPoliciesAllow model module. + * @module model/DoOryAccessControlPoliciesAllow + * @version Latest + */ + + /** + * Constructs a new DoOryAccessControlPoliciesAllow. + * @alias module:model/DoOryAccessControlPoliciesAllow + * @class + * @param flavor {String} The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + */ + var exports = function(flavor) { + var _this = this; + + + _this['flavor'] = flavor; + }; + + /** + * Constructs a DoOryAccessControlPoliciesAllow from a plain JavaScript object, optionally creating a new instance. + * Copies all relevant properties from data to obj if supplied or a new instance if not. + * @param {Object} data The plain JavaScript object bearing properties of interest. + * @param {module:model/DoOryAccessControlPoliciesAllow} obj Optional instance to populate. + * @return {module:model/DoOryAccessControlPoliciesAllow} The populated DoOryAccessControlPoliciesAllow instance. + */ + exports.constructFromObject = function(data, obj) { + if (data) { + obj = obj || new exports(); + + if (data.hasOwnProperty('Body')) { + obj['Body'] = OryAccessControlPolicyAllowedInput.constructFromObject(data['Body']); + } + if (data.hasOwnProperty('flavor')) { + obj['flavor'] = ApiClient.convertToType(data['flavor'], 'String'); + } + } + return obj; + } + + /** + * @member {module:model/OryAccessControlPolicyAllowedInput} Body + */ + exports.prototype['Body'] = undefined; + /** + * The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + * @member {String} flavor + */ + exports.prototype['flavor'] = undefined; + + + + return exports; +})); + + diff --git a/sdk/js/swagger/src/model/Firewall.js b/sdk/js/swagger/src/model/Firewall.js deleted file mode 100644 index 4a39475bb..000000000 --- a/sdk/js/swagger/src/model/Firewall.js +++ /dev/null @@ -1,64 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.Firewall = factory(root.SwaggerJsClient.ApiClient) - } -})(this, function(ApiClient) { - 'use strict' - - /** - * The Firewall model module. - * @module model/Firewall - * @version Latest - */ - - /** - * Constructs a new Firewall. - * @alias module:model/Firewall - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a Firewall from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/Firewall} obj Optional instance to populate. - * @return {module:model/Firewall} The populated Firewall instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - } - return obj - } - - return exports -}) diff --git a/sdk/js/swagger/src/model/GetOryAccessControlPolicy.js b/sdk/js/swagger/src/model/GetOryAccessControlPolicy.js new file mode 100644 index 000000000..0050cee46 --- /dev/null +++ b/sdk/js/swagger/src/model/GetOryAccessControlPolicy.js @@ -0,0 +1,94 @@ +/** + * + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * + * NOTE: This class is auto generated by the swagger code generator program. + * https://github.com/swagger-api/swagger-codegen.git + * + * Swagger Codegen version: 2.2.3 + * + * Do not edit the class manually. + * + */ + +(function(root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module. + define(['ApiClient'], factory); + } else if (typeof module === 'object' && module.exports) { + // CommonJS-like environments that support module.exports, like Node. + module.exports = factory(require('../ApiClient')); + } else { + // Browser globals (root is window) + if (!root.SwaggerJsClient) { + root.SwaggerJsClient = {}; + } + root.SwaggerJsClient.GetOryAccessControlPolicy = factory(root.SwaggerJsClient.ApiClient); + } +}(this, function(ApiClient) { + 'use strict'; + + + + + /** + * The GetOryAccessControlPolicy model module. + * @module model/GetOryAccessControlPolicy + * @version Latest + */ + + /** + * Constructs a new GetOryAccessControlPolicy. + * @alias module:model/GetOryAccessControlPolicy + * @class + * @param flavor {String} The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + * @param id {String} The ID of the ORY Access Control Policy Role. in: path + */ + var exports = function(flavor, id) { + var _this = this; + + _this['flavor'] = flavor; + _this['id'] = id; + }; + + /** + * Constructs a GetOryAccessControlPolicy from a plain JavaScript object, optionally creating a new instance. + * Copies all relevant properties from data to obj if supplied or a new instance if not. + * @param {Object} data The plain JavaScript object bearing properties of interest. + * @param {module:model/GetOryAccessControlPolicy} obj Optional instance to populate. + * @return {module:model/GetOryAccessControlPolicy} The populated GetOryAccessControlPolicy instance. + */ + exports.constructFromObject = function(data, obj) { + if (data) { + obj = obj || new exports(); + + if (data.hasOwnProperty('flavor')) { + obj['flavor'] = ApiClient.convertToType(data['flavor'], 'String'); + } + if (data.hasOwnProperty('id')) { + obj['id'] = ApiClient.convertToType(data['id'], 'String'); + } + } + return obj; + } + + /** + * The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + * @member {String} flavor + */ + exports.prototype['flavor'] = undefined; + /** + * The ID of the ORY Access Control Policy Role. in: path + * @member {String} id + */ + exports.prototype['id'] = undefined; + + + + return exports; +})); + + diff --git a/sdk/js/swagger/src/model/GetOryAccessControlPolicyRole.js b/sdk/js/swagger/src/model/GetOryAccessControlPolicyRole.js new file mode 100644 index 000000000..75aa81e77 --- /dev/null +++ b/sdk/js/swagger/src/model/GetOryAccessControlPolicyRole.js @@ -0,0 +1,94 @@ +/** + * + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * + * NOTE: This class is auto generated by the swagger code generator program. + * https://github.com/swagger-api/swagger-codegen.git + * + * Swagger Codegen version: 2.2.3 + * + * Do not edit the class manually. + * + */ + +(function(root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module. + define(['ApiClient'], factory); + } else if (typeof module === 'object' && module.exports) { + // CommonJS-like environments that support module.exports, like Node. + module.exports = factory(require('../ApiClient')); + } else { + // Browser globals (root is window) + if (!root.SwaggerJsClient) { + root.SwaggerJsClient = {}; + } + root.SwaggerJsClient.GetOryAccessControlPolicyRole = factory(root.SwaggerJsClient.ApiClient); + } +}(this, function(ApiClient) { + 'use strict'; + + + + + /** + * The GetOryAccessControlPolicyRole model module. + * @module model/GetOryAccessControlPolicyRole + * @version Latest + */ + + /** + * Constructs a new GetOryAccessControlPolicyRole. + * @alias module:model/GetOryAccessControlPolicyRole + * @class + * @param flavor {String} The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + * @param id {String} The ID of the ORY Access Control Policy Role. in: path + */ + var exports = function(flavor, id) { + var _this = this; + + _this['flavor'] = flavor; + _this['id'] = id; + }; + + /** + * Constructs a GetOryAccessControlPolicyRole from a plain JavaScript object, optionally creating a new instance. + * Copies all relevant properties from data to obj if supplied or a new instance if not. + * @param {Object} data The plain JavaScript object bearing properties of interest. + * @param {module:model/GetOryAccessControlPolicyRole} obj Optional instance to populate. + * @return {module:model/GetOryAccessControlPolicyRole} The populated GetOryAccessControlPolicyRole instance. + */ + exports.constructFromObject = function(data, obj) { + if (data) { + obj = obj || new exports(); + + if (data.hasOwnProperty('flavor')) { + obj['flavor'] = ApiClient.convertToType(data['flavor'], 'String'); + } + if (data.hasOwnProperty('id')) { + obj['id'] = ApiClient.convertToType(data['id'], 'String'); + } + } + return obj; + } + + /** + * The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + * @member {String} flavor + */ + exports.prototype['flavor'] = undefined; + /** + * The ID of the ORY Access Control Policy Role. in: path + * @member {String} id + */ + exports.prototype['id'] = undefined; + + + + return exports; +})); + + diff --git a/sdk/js/swagger/src/model/Handler.js b/sdk/js/swagger/src/model/Handler.js deleted file mode 100644 index 0ca74467d..000000000 --- a/sdk/js/swagger/src/model/Handler.js +++ /dev/null @@ -1,88 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient', 'model/Manager', 'model/Writer'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory( - require('../ApiClient'), - require('./Manager'), - require('./Writer') - ) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.Handler = factory( - root.SwaggerJsClient.ApiClient, - root.SwaggerJsClient.Manager, - root.SwaggerJsClient.Writer - ) - } -})(this, function(ApiClient, Manager, Writer) { - 'use strict' - - /** - * The Handler model module. - * @module model/Handler - * @version Latest - */ - - /** - * Constructs a new Handler. - * @alias module:model/Handler - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a Handler from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/Handler} obj Optional instance to populate. - * @return {module:model/Handler} The populated Handler instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('H')) { - obj['H'] = Writer.constructFromObject(data['H']) - } - if (data.hasOwnProperty('Manager')) { - obj['Manager'] = Manager.constructFromObject(data['Manager']) - } - } - return obj - } - - /** - * @member {module:model/Writer} H - */ - exports.prototype['H'] = undefined - /** - * @member {module:model/Manager} Manager - */ - exports.prototype['Manager'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/HealthNotReadyStatus.js b/sdk/js/swagger/src/model/HealthNotReadyStatus.js index 66468de2f..3ccf90ee0 100644 --- a/sdk/js/swagger/src/model/HealthNotReadyStatus.js +++ b/sdk/js/swagger/src/model/HealthNotReadyStatus.js @@ -1,9 +1,9 @@ /** - * + * * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * * NOTE: This class is auto generated by the swagger code generator program. * https://github.com/swagger-api/swagger-codegen.git @@ -14,24 +14,25 @@ * */ -;(function(root, factory) { +(function(root, factory) { if (typeof define === 'function' && define.amd) { // AMD. Register as an anonymous module. - define(['ApiClient'], factory) + define(['ApiClient'], factory); } else if (typeof module === 'object' && module.exports) { // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) + module.exports = factory(require('../ApiClient')); } else { // Browser globals (root is window) if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} + root.SwaggerJsClient = {}; } - root.SwaggerJsClient.HealthNotReadyStatus = factory( - root.SwaggerJsClient.ApiClient - ) + root.SwaggerJsClient.HealthNotReadyStatus = factory(root.SwaggerJsClient.ApiClient); } -})(this, function(ApiClient) { - 'use strict' +}(this, function(ApiClient) { + 'use strict'; + + + /** * The HealthNotReadyStatus model module. @@ -45,8 +46,10 @@ * @class */ var exports = function() { - var _this = this - } + var _this = this; + + + }; /** * Constructs a HealthNotReadyStatus from a plain JavaScript object, optionally creating a new instance. @@ -57,22 +60,24 @@ */ exports.constructFromObject = function(data, obj) { if (data) { - obj = obj || new exports() + obj = obj || new exports(); if (data.hasOwnProperty('errors')) { - obj['errors'] = ApiClient.convertToType(data['errors'], { - String: 'String' - }) + obj['errors'] = ApiClient.convertToType(data['errors'], {'String': 'String'}); } } - return obj + return obj; } /** * Errors contains a list of errors that caused the not ready status. * @member {Object.} errors */ - exports.prototype['errors'] = undefined + exports.prototype['errors'] = undefined; + + + + return exports; +})); + - return exports -}) diff --git a/sdk/js/swagger/src/model/HealthStatus.js b/sdk/js/swagger/src/model/HealthStatus.js index 43c7243c7..7d00de4ca 100644 --- a/sdk/js/swagger/src/model/HealthStatus.js +++ b/sdk/js/swagger/src/model/HealthStatus.js @@ -1,9 +1,9 @@ /** - * + * * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * * NOTE: This class is auto generated by the swagger code generator program. * https://github.com/swagger-api/swagger-codegen.git @@ -14,22 +14,25 @@ * */ -;(function(root, factory) { +(function(root, factory) { if (typeof define === 'function' && define.amd) { // AMD. Register as an anonymous module. - define(['ApiClient'], factory) + define(['ApiClient'], factory); } else if (typeof module === 'object' && module.exports) { // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) + module.exports = factory(require('../ApiClient')); } else { // Browser globals (root is window) if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} + root.SwaggerJsClient = {}; } - root.SwaggerJsClient.HealthStatus = factory(root.SwaggerJsClient.ApiClient) + root.SwaggerJsClient.HealthStatus = factory(root.SwaggerJsClient.ApiClient); } -})(this, function(ApiClient) { - 'use strict' +}(this, function(ApiClient) { + 'use strict'; + + + /** * The HealthStatus model module. @@ -43,8 +46,10 @@ * @class */ var exports = function() { - var _this = this - } + var _this = this; + + + }; /** * Constructs a HealthStatus from a plain JavaScript object, optionally creating a new instance. @@ -55,20 +60,24 @@ */ exports.constructFromObject = function(data, obj) { if (data) { - obj = obj || new exports() + obj = obj || new exports(); if (data.hasOwnProperty('status')) { - obj['status'] = ApiClient.convertToType(data['status'], 'String') + obj['status'] = ApiClient.convertToType(data['status'], 'String'); } } - return obj + return obj; } /** * Status always contains \"ok\". * @member {String} status */ - exports.prototype['status'] = undefined + exports.prototype['status'] = undefined; + + + + return exports; +})); + - return exports -}) diff --git a/sdk/js/swagger/src/model/InlineResponse500.js b/sdk/js/swagger/src/model/InlineResponse500.js index 82248da1c..8489a6294 100644 --- a/sdk/js/swagger/src/model/InlineResponse500.js +++ b/sdk/js/swagger/src/model/InlineResponse500.js @@ -1,9 +1,9 @@ /** - * + * * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * * NOTE: This class is auto generated by the swagger code generator program. * https://github.com/swagger-api/swagger-codegen.git @@ -14,24 +14,25 @@ * */ -;(function(root, factory) { +(function(root, factory) { if (typeof define === 'function' && define.amd) { // AMD. Register as an anonymous module. - define(['ApiClient'], factory) + define(['ApiClient'], factory); } else if (typeof module === 'object' && module.exports) { // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) + module.exports = factory(require('../ApiClient')); } else { // Browser globals (root is window) if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} + root.SwaggerJsClient = {}; } - root.SwaggerJsClient.InlineResponse500 = factory( - root.SwaggerJsClient.ApiClient - ) + root.SwaggerJsClient.InlineResponse500 = factory(root.SwaggerJsClient.ApiClient); } -})(this, function(ApiClient) { - 'use strict' +}(this, function(ApiClient) { + 'use strict'; + + + /** * The InlineResponse500 model module. @@ -45,8 +46,15 @@ * @class */ var exports = function() { - var _this = this - } + var _this = this; + + + + + + + + }; /** * Constructs a InlineResponse500 from a plain JavaScript object, optionally creating a new instance. @@ -57,56 +65,58 @@ */ exports.constructFromObject = function(data, obj) { if (data) { - obj = obj || new exports() + obj = obj || new exports(); if (data.hasOwnProperty('code')) { - obj['code'] = ApiClient.convertToType(data['code'], 'Number') + obj['code'] = ApiClient.convertToType(data['code'], 'Number'); } if (data.hasOwnProperty('details')) { - obj['details'] = ApiClient.convertToType(data['details'], [ - { String: Object } - ]) + obj['details'] = ApiClient.convertToType(data['details'], [{'String': Object}]); } if (data.hasOwnProperty('message')) { - obj['message'] = ApiClient.convertToType(data['message'], 'String') + obj['message'] = ApiClient.convertToType(data['message'], 'String'); } if (data.hasOwnProperty('reason')) { - obj['reason'] = ApiClient.convertToType(data['reason'], 'String') + obj['reason'] = ApiClient.convertToType(data['reason'], 'String'); } if (data.hasOwnProperty('request')) { - obj['request'] = ApiClient.convertToType(data['request'], 'String') + obj['request'] = ApiClient.convertToType(data['request'], 'String'); } if (data.hasOwnProperty('status')) { - obj['status'] = ApiClient.convertToType(data['status'], 'String') + obj['status'] = ApiClient.convertToType(data['status'], 'String'); } } - return obj + return obj; } /** * @member {Number} code */ - exports.prototype['code'] = undefined + exports.prototype['code'] = undefined; /** * @member {Array.>} details */ - exports.prototype['details'] = undefined + exports.prototype['details'] = undefined; /** * @member {String} message */ - exports.prototype['message'] = undefined + exports.prototype['message'] = undefined; /** * @member {String} reason */ - exports.prototype['reason'] = undefined + exports.prototype['reason'] = undefined; /** * @member {String} request */ - exports.prototype['request'] = undefined + exports.prototype['request'] = undefined; /** * @member {String} status */ - exports.prototype['status'] = undefined + exports.prototype['status'] = undefined; + + + + return exports; +})); + - return exports -}) diff --git a/sdk/js/swagger/src/model/IntrospectionResponse.js b/sdk/js/swagger/src/model/IntrospectionResponse.js deleted file mode 100644 index e873fb660..000000000 --- a/sdk/js/swagger/src/model/IntrospectionResponse.js +++ /dev/null @@ -1,157 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.IntrospectionResponse = factory( - root.SwaggerJsClient.ApiClient - ) - } -})(this, function(ApiClient) { - 'use strict' - - /** - * The IntrospectionResponse model module. - * @module model/IntrospectionResponse - * @version Latest - */ - - /** - * Constructs a new IntrospectionResponse. - * @alias module:model/IntrospectionResponse - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a IntrospectionResponse from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/IntrospectionResponse} obj Optional instance to populate. - * @return {module:model/IntrospectionResponse} The populated IntrospectionResponse instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('active')) { - obj['active'] = ApiClient.convertToType(data['active'], 'Boolean') - } - if (data.hasOwnProperty('aud')) { - obj['aud'] = ApiClient.convertToType(data['aud'], ['String']) - } - if (data.hasOwnProperty('client_id')) { - obj['client_id'] = ApiClient.convertToType(data['client_id'], 'String') - } - if (data.hasOwnProperty('exp')) { - obj['exp'] = ApiClient.convertToType(data['exp'], 'Number') - } - if (data.hasOwnProperty('ext')) { - obj['ext'] = ApiClient.convertToType(data['ext'], { String: Object }) - } - if (data.hasOwnProperty('iat')) { - obj['iat'] = ApiClient.convertToType(data['iat'], 'Number') - } - if (data.hasOwnProperty('iss')) { - obj['iss'] = ApiClient.convertToType(data['iss'], 'String') - } - if (data.hasOwnProperty('nbf')) { - obj['nbf'] = ApiClient.convertToType(data['nbf'], 'Number') - } - if (data.hasOwnProperty('scope')) { - obj['scope'] = ApiClient.convertToType(data['scope'], 'String') - } - if (data.hasOwnProperty('sub')) { - obj['sub'] = ApiClient.convertToType(data['sub'], 'String') - } - if (data.hasOwnProperty('token_type')) { - obj['token_type'] = ApiClient.convertToType( - data['token_type'], - 'String' - ) - } - if (data.hasOwnProperty('username')) { - obj['username'] = ApiClient.convertToType(data['username'], 'String') - } - } - return obj - } - - /** - * @member {Boolean} active - */ - exports.prototype['active'] = undefined - /** - * @member {Array.} aud - */ - exports.prototype['aud'] = undefined - /** - * @member {String} client_id - */ - exports.prototype['client_id'] = undefined - /** - * @member {Number} exp - */ - exports.prototype['exp'] = undefined - /** - * Session represents arbitrary session data. - * @member {Object.} ext - */ - exports.prototype['ext'] = undefined - /** - * @member {Number} iat - */ - exports.prototype['iat'] = undefined - /** - * @member {String} iss - */ - exports.prototype['iss'] = undefined - /** - * @member {Number} nbf - */ - exports.prototype['nbf'] = undefined - /** - * @member {String} scope - */ - exports.prototype['scope'] = undefined - /** - * Here, it's sub - * @member {String} sub - */ - exports.prototype['sub'] = undefined - /** - * @member {String} token_type - */ - exports.prototype['token_type'] = undefined - /** - * @member {String} username - */ - exports.prototype['username'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/ListOryAccessControlPolicies.js b/sdk/js/swagger/src/model/ListOryAccessControlPolicies.js new file mode 100644 index 000000000..e6ab48d38 --- /dev/null +++ b/sdk/js/swagger/src/model/ListOryAccessControlPolicies.js @@ -0,0 +1,102 @@ +/** + * + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * + * NOTE: This class is auto generated by the swagger code generator program. + * https://github.com/swagger-api/swagger-codegen.git + * + * Swagger Codegen version: 2.2.3 + * + * Do not edit the class manually. + * + */ + +(function(root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module. + define(['ApiClient'], factory); + } else if (typeof module === 'object' && module.exports) { + // CommonJS-like environments that support module.exports, like Node. + module.exports = factory(require('../ApiClient')); + } else { + // Browser globals (root is window) + if (!root.SwaggerJsClient) { + root.SwaggerJsClient = {}; + } + root.SwaggerJsClient.ListOryAccessControlPolicies = factory(root.SwaggerJsClient.ApiClient); + } +}(this, function(ApiClient) { + 'use strict'; + + + + + /** + * The ListOryAccessControlPolicies model module. + * @module model/ListOryAccessControlPolicies + * @version Latest + */ + + /** + * Constructs a new ListOryAccessControlPolicies. + * @alias module:model/ListOryAccessControlPolicies + * @class + * @param flavor {String} The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" in: path + */ + var exports = function(flavor) { + var _this = this; + + _this['flavor'] = flavor; + + + }; + + /** + * Constructs a ListOryAccessControlPolicies from a plain JavaScript object, optionally creating a new instance. + * Copies all relevant properties from data to obj if supplied or a new instance if not. + * @param {Object} data The plain JavaScript object bearing properties of interest. + * @param {module:model/ListOryAccessControlPolicies} obj Optional instance to populate. + * @return {module:model/ListOryAccessControlPolicies} The populated ListOryAccessControlPolicies instance. + */ + exports.constructFromObject = function(data, obj) { + if (data) { + obj = obj || new exports(); + + if (data.hasOwnProperty('flavor')) { + obj['flavor'] = ApiClient.convertToType(data['flavor'], 'String'); + } + if (data.hasOwnProperty('limit')) { + obj['limit'] = ApiClient.convertToType(data['limit'], 'Number'); + } + if (data.hasOwnProperty('offset')) { + obj['offset'] = ApiClient.convertToType(data['offset'], 'Number'); + } + } + return obj; + } + + /** + * The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" in: path + * @member {String} flavor + */ + exports.prototype['flavor'] = undefined; + /** + * The maximum amount of policies returned. in: query + * @member {Number} limit + */ + exports.prototype['limit'] = undefined; + /** + * The offset from where to start looking. in: query + * @member {Number} offset + */ + exports.prototype['offset'] = undefined; + + + + return exports; +})); + + diff --git a/sdk/js/swagger/src/model/ListOryAccessControlPolicyRoles.js b/sdk/js/swagger/src/model/ListOryAccessControlPolicyRoles.js new file mode 100644 index 000000000..0788b608f --- /dev/null +++ b/sdk/js/swagger/src/model/ListOryAccessControlPolicyRoles.js @@ -0,0 +1,102 @@ +/** + * + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * + * NOTE: This class is auto generated by the swagger code generator program. + * https://github.com/swagger-api/swagger-codegen.git + * + * Swagger Codegen version: 2.2.3 + * + * Do not edit the class manually. + * + */ + +(function(root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module. + define(['ApiClient'], factory); + } else if (typeof module === 'object' && module.exports) { + // CommonJS-like environments that support module.exports, like Node. + module.exports = factory(require('../ApiClient')); + } else { + // Browser globals (root is window) + if (!root.SwaggerJsClient) { + root.SwaggerJsClient = {}; + } + root.SwaggerJsClient.ListOryAccessControlPolicyRoles = factory(root.SwaggerJsClient.ApiClient); + } +}(this, function(ApiClient) { + 'use strict'; + + + + + /** + * The ListOryAccessControlPolicyRoles model module. + * @module model/ListOryAccessControlPolicyRoles + * @version Latest + */ + + /** + * Constructs a new ListOryAccessControlPolicyRoles. + * @alias module:model/ListOryAccessControlPolicyRoles + * @class + * @param flavor {String} The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" in: path + */ + var exports = function(flavor) { + var _this = this; + + _this['flavor'] = flavor; + + + }; + + /** + * Constructs a ListOryAccessControlPolicyRoles from a plain JavaScript object, optionally creating a new instance. + * Copies all relevant properties from data to obj if supplied or a new instance if not. + * @param {Object} data The plain JavaScript object bearing properties of interest. + * @param {module:model/ListOryAccessControlPolicyRoles} obj Optional instance to populate. + * @return {module:model/ListOryAccessControlPolicyRoles} The populated ListOryAccessControlPolicyRoles instance. + */ + exports.constructFromObject = function(data, obj) { + if (data) { + obj = obj || new exports(); + + if (data.hasOwnProperty('flavor')) { + obj['flavor'] = ApiClient.convertToType(data['flavor'], 'String'); + } + if (data.hasOwnProperty('limit')) { + obj['limit'] = ApiClient.convertToType(data['limit'], 'Number'); + } + if (data.hasOwnProperty('offset')) { + obj['offset'] = ApiClient.convertToType(data['offset'], 'Number'); + } + } + return obj; + } + + /** + * The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" in: path + * @member {String} flavor + */ + exports.prototype['flavor'] = undefined; + /** + * The maximum amount of policies returned. in: query + * @member {Number} limit + */ + exports.prototype['limit'] = undefined; + /** + * The offset from where to start looking. in: query + * @member {Number} offset + */ + exports.prototype['offset'] = undefined; + + + + return exports; +})); + + diff --git a/sdk/js/swagger/src/model/OAuth2ClientCredentialsAuthentication.js b/sdk/js/swagger/src/model/OAuth2ClientCredentialsAuthentication.js deleted file mode 100644 index ee1f550ab..000000000 --- a/sdk/js/swagger/src/model/OAuth2ClientCredentialsAuthentication.js +++ /dev/null @@ -1,66 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.OAuth2ClientCredentialsAuthentication = factory( - root.SwaggerJsClient.ApiClient - ) - } -})(this, function(ApiClient) { - 'use strict' - - /** - * The OAuth2ClientCredentialsAuthentication model module. - * @module model/OAuth2ClientCredentialsAuthentication - * @version Latest - */ - - /** - * Constructs a new OAuth2ClientCredentialsAuthentication. - * @alias module:model/OAuth2ClientCredentialsAuthentication - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a OAuth2ClientCredentialsAuthentication from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/OAuth2ClientCredentialsAuthentication} obj Optional instance to populate. - * @return {module:model/OAuth2ClientCredentialsAuthentication} The populated OAuth2ClientCredentialsAuthentication instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - } - return obj - } - - return exports -}) diff --git a/sdk/js/swagger/src/model/OAuth2IntrospectionAuthentication.js b/sdk/js/swagger/src/model/OAuth2IntrospectionAuthentication.js deleted file mode 100644 index 0edd69f8a..000000000 --- a/sdk/js/swagger/src/model/OAuth2IntrospectionAuthentication.js +++ /dev/null @@ -1,66 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.OAuth2IntrospectionAuthentication = factory( - root.SwaggerJsClient.ApiClient - ) - } -})(this, function(ApiClient) { - 'use strict' - - /** - * The OAuth2IntrospectionAuthentication model module. - * @module model/OAuth2IntrospectionAuthentication - * @version Latest - */ - - /** - * Constructs a new OAuth2IntrospectionAuthentication. - * @alias module:model/OAuth2IntrospectionAuthentication - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a OAuth2IntrospectionAuthentication from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/OAuth2IntrospectionAuthentication} obj Optional instance to populate. - * @return {module:model/OAuth2IntrospectionAuthentication} The populated OAuth2IntrospectionAuthentication instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - } - return obj - } - - return exports -}) diff --git a/sdk/js/swagger/src/model/OryAccessControlPolicies.js b/sdk/js/swagger/src/model/OryAccessControlPolicies.js new file mode 100644 index 000000000..44e28ed7b --- /dev/null +++ b/sdk/js/swagger/src/model/OryAccessControlPolicies.js @@ -0,0 +1,83 @@ +/** + * + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * + * NOTE: This class is auto generated by the swagger code generator program. + * https://github.com/swagger-api/swagger-codegen.git + * + * Swagger Codegen version: 2.2.3 + * + * Do not edit the class manually. + * + */ + +(function(root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module. + define(['ApiClient', 'model/OryAccessControlPolicy'], factory); + } else if (typeof module === 'object' && module.exports) { + // CommonJS-like environments that support module.exports, like Node. + module.exports = factory(require('../ApiClient'), require('./OryAccessControlPolicy')); + } else { + // Browser globals (root is window) + if (!root.SwaggerJsClient) { + root.SwaggerJsClient = {}; + } + root.SwaggerJsClient.OryAccessControlPolicies = factory(root.SwaggerJsClient.ApiClient, root.SwaggerJsClient.OryAccessControlPolicy); + } +}(this, function(ApiClient, OryAccessControlPolicy) { + 'use strict'; + + + + + /** + * The OryAccessControlPolicies model module. + * @module model/OryAccessControlPolicies + * @version Latest + */ + + /** + * Constructs a new OryAccessControlPolicies. + * @alias module:model/OryAccessControlPolicies + * @class + */ + var exports = function() { + var _this = this; + + + }; + + /** + * Constructs a OryAccessControlPolicies from a plain JavaScript object, optionally creating a new instance. + * Copies all relevant properties from data to obj if supplied or a new instance if not. + * @param {Object} data The plain JavaScript object bearing properties of interest. + * @param {module:model/OryAccessControlPolicies} obj Optional instance to populate. + * @return {module:model/OryAccessControlPolicies} The populated OryAccessControlPolicies instance. + */ + exports.constructFromObject = function(data, obj) { + if (data) { + obj = obj || new exports(); + + if (data.hasOwnProperty('Body')) { + obj['Body'] = ApiClient.convertToType(data['Body'], [OryAccessControlPolicy]); + } + } + return obj; + } + + /** + * in: body + * @member {Array.} Body + */ + exports.prototype['Body'] = undefined; + + + + return exports; +})); + + diff --git a/sdk/js/swagger/src/model/OryAccessControlPolicy.js b/sdk/js/swagger/src/model/OryAccessControlPolicy.js new file mode 100644 index 000000000..77bd07955 --- /dev/null +++ b/sdk/js/swagger/src/model/OryAccessControlPolicy.js @@ -0,0 +1,137 @@ +/** + * + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * + * NOTE: This class is auto generated by the swagger code generator program. + * https://github.com/swagger-api/swagger-codegen.git + * + * Swagger Codegen version: 2.2.3 + * + * Do not edit the class manually. + * + */ + +(function(root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module. + define(['ApiClient'], factory); + } else if (typeof module === 'object' && module.exports) { + // CommonJS-like environments that support module.exports, like Node. + module.exports = factory(require('../ApiClient')); + } else { + // Browser globals (root is window) + if (!root.SwaggerJsClient) { + root.SwaggerJsClient = {}; + } + root.SwaggerJsClient.OryAccessControlPolicy = factory(root.SwaggerJsClient.ApiClient); + } +}(this, function(ApiClient) { + 'use strict'; + + + + + /** + * The OryAccessControlPolicy model module. + * @module model/OryAccessControlPolicy + * @version Latest + */ + + /** + * Constructs a new OryAccessControlPolicy. + * @alias module:model/OryAccessControlPolicy + * @class + */ + var exports = function() { + var _this = this; + + + + + + + + + }; + + /** + * Constructs a OryAccessControlPolicy from a plain JavaScript object, optionally creating a new instance. + * Copies all relevant properties from data to obj if supplied or a new instance if not. + * @param {Object} data The plain JavaScript object bearing properties of interest. + * @param {module:model/OryAccessControlPolicy} obj Optional instance to populate. + * @return {module:model/OryAccessControlPolicy} The populated OryAccessControlPolicy instance. + */ + exports.constructFromObject = function(data, obj) { + if (data) { + obj = obj || new exports(); + + if (data.hasOwnProperty('actions')) { + obj['actions'] = ApiClient.convertToType(data['actions'], ['String']); + } + if (data.hasOwnProperty('conditions')) { + obj['conditions'] = ApiClient.convertToType(data['conditions'], [{'String': Object}]); + } + if (data.hasOwnProperty('description')) { + obj['description'] = ApiClient.convertToType(data['description'], 'String'); + } + if (data.hasOwnProperty('effect')) { + obj['effect'] = ApiClient.convertToType(data['effect'], 'String'); + } + if (data.hasOwnProperty('id')) { + obj['id'] = ApiClient.convertToType(data['id'], 'String'); + } + if (data.hasOwnProperty('resources')) { + obj['resources'] = ApiClient.convertToType(data['resources'], ['String']); + } + if (data.hasOwnProperty('subjects')) { + obj['subjects'] = ApiClient.convertToType(data['subjects'], ['String']); + } + } + return obj; + } + + /** + * Actions is an array representing all the actions this ORY Access Policy applies to. + * @member {Array.} actions + */ + exports.prototype['actions'] = undefined; + /** + * Conditions represents an array of conditions under which this ORY Access Policy is active. + * @member {Array.>} conditions + */ + exports.prototype['conditions'] = undefined; + /** + * Description is an optional, human-readable description. + * @member {String} description + */ + exports.prototype['description'] = undefined; + /** + * Effect is the effect of this ORY Access Policy. It can be \"allow\" or \"deny\". + * @member {String} effect + */ + exports.prototype['effect'] = undefined; + /** + * ID is the unique identifier of the ORY Access Policy. It is used to query, update, and remove the ORY Access Policy. + * @member {String} id + */ + exports.prototype['id'] = undefined; + /** + * Resources is an array representing all the resources this ORY Access Policy applies to. + * @member {Array.} resources + */ + exports.prototype['resources'] = undefined; + /** + * Subjects is an array representing all the subjects this ORY Access Policy applies to. + * @member {Array.} subjects + */ + exports.prototype['subjects'] = undefined; + + + + return exports; +})); + + diff --git a/sdk/js/swagger/src/model/WardenSubjectAuthorizationRequest.js b/sdk/js/swagger/src/model/OryAccessControlPolicyAllowedInput.js similarity index 57% rename from sdk/js/swagger/src/model/WardenSubjectAuthorizationRequest.js rename to sdk/js/swagger/src/model/OryAccessControlPolicyAllowedInput.js index c43ae959c..cdb6c1319 100644 --- a/sdk/js/swagger/src/model/WardenSubjectAuthorizationRequest.js +++ b/sdk/js/swagger/src/model/OryAccessControlPolicyAllowedInput.js @@ -1,9 +1,9 @@ /** - * + * * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * * NOTE: This class is auto generated by the swagger code generator program. * https://github.com/swagger-api/swagger-codegen.git @@ -14,89 +14,97 @@ * */ -;(function(root, factory) { +(function(root, factory) { if (typeof define === 'function' && define.amd) { // AMD. Register as an anonymous module. - define(['ApiClient'], factory) + define(['ApiClient'], factory); } else if (typeof module === 'object' && module.exports) { // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) + module.exports = factory(require('../ApiClient')); } else { // Browser globals (root is window) if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} + root.SwaggerJsClient = {}; } - root.SwaggerJsClient.WardenSubjectAuthorizationRequest = factory( - root.SwaggerJsClient.ApiClient - ) + root.SwaggerJsClient.OryAccessControlPolicyAllowedInput = factory(root.SwaggerJsClient.ApiClient); } -})(this, function(ApiClient) { - 'use strict' +}(this, function(ApiClient) { + 'use strict'; + + + /** - * The WardenSubjectAuthorizationRequest model module. - * @module model/WardenSubjectAuthorizationRequest + * The OryAccessControlPolicyAllowedInput model module. + * @module model/OryAccessControlPolicyAllowedInput * @version Latest */ /** - * Constructs a new WardenSubjectAuthorizationRequest. - * @alias module:model/WardenSubjectAuthorizationRequest + * Constructs a new OryAccessControlPolicyAllowedInput. + * @alias module:model/OryAccessControlPolicyAllowedInput * @class */ var exports = function() { - var _this = this - } + var _this = this; + + + + + + }; /** - * Constructs a WardenSubjectAuthorizationRequest from a plain JavaScript object, optionally creating a new instance. + * Constructs a OryAccessControlPolicyAllowedInput from a plain JavaScript object, optionally creating a new instance. * Copies all relevant properties from data to obj if supplied or a new instance if not. * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/WardenSubjectAuthorizationRequest} obj Optional instance to populate. - * @return {module:model/WardenSubjectAuthorizationRequest} The populated WardenSubjectAuthorizationRequest instance. + * @param {module:model/OryAccessControlPolicyAllowedInput} obj Optional instance to populate. + * @return {module:model/OryAccessControlPolicyAllowedInput} The populated OryAccessControlPolicyAllowedInput instance. */ exports.constructFromObject = function(data, obj) { if (data) { - obj = obj || new exports() + obj = obj || new exports(); if (data.hasOwnProperty('action')) { - obj['action'] = ApiClient.convertToType(data['action'], 'String') + obj['action'] = ApiClient.convertToType(data['action'], 'String'); } if (data.hasOwnProperty('context')) { - obj['context'] = ApiClient.convertToType(data['context'], { - String: Object - }) + obj['context'] = ApiClient.convertToType(data['context'], {'String': Object}); } if (data.hasOwnProperty('resource')) { - obj['resource'] = ApiClient.convertToType(data['resource'], 'String') + obj['resource'] = ApiClient.convertToType(data['resource'], 'String'); } if (data.hasOwnProperty('subject')) { - obj['subject'] = ApiClient.convertToType(data['subject'], 'String') + obj['subject'] = ApiClient.convertToType(data['subject'], 'String'); } } - return obj + return obj; } /** * Action is the action that is requested on the resource. * @member {String} action */ - exports.prototype['action'] = undefined + exports.prototype['action'] = undefined; /** * Context is the request's environmental context. * @member {Object.} context */ - exports.prototype['context'] = undefined + exports.prototype['context'] = undefined; /** * Resource is the resource that access is requested to. * @member {String} resource */ - exports.prototype['resource'] = undefined + exports.prototype['resource'] = undefined; /** - * Subejct is the subject that is requesting access. + * Subject is the subject that is requesting access. * @member {String} subject */ - exports.prototype['subject'] = undefined + exports.prototype['subject'] = undefined; + + + + return exports; +})); + - return exports -}) diff --git a/sdk/js/swagger/src/model/Role.js b/sdk/js/swagger/src/model/OryAccessControlPolicyRole.js similarity index 58% rename from sdk/js/swagger/src/model/Role.js rename to sdk/js/swagger/src/model/OryAccessControlPolicyRole.js index 738e5c857..2b66d6984 100644 --- a/sdk/js/swagger/src/model/Role.js +++ b/sdk/js/swagger/src/model/OryAccessControlPolicyRole.js @@ -1,9 +1,9 @@ /** - * + * * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * * NOTE: This class is auto generated by the swagger code generator program. * https://github.com/swagger-api/swagger-codegen.git @@ -14,70 +14,80 @@ * */ -;(function(root, factory) { +(function(root, factory) { if (typeof define === 'function' && define.amd) { // AMD. Register as an anonymous module. - define(['ApiClient'], factory) + define(['ApiClient'], factory); } else if (typeof module === 'object' && module.exports) { // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) + module.exports = factory(require('../ApiClient')); } else { // Browser globals (root is window) if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} + root.SwaggerJsClient = {}; } - root.SwaggerJsClient.Role = factory(root.SwaggerJsClient.ApiClient) + root.SwaggerJsClient.OryAccessControlPolicyRole = factory(root.SwaggerJsClient.ApiClient); } -})(this, function(ApiClient) { - 'use strict' +}(this, function(ApiClient) { + 'use strict'; + + + /** - * The Role model module. - * @module model/Role + * The OryAccessControlPolicyRole model module. + * @module model/OryAccessControlPolicyRole * @version Latest */ /** - * Constructs a new Role. + * Constructs a new OryAccessControlPolicyRole. * Role represents a group of users that share the same role. A role could be an administrator, a moderator, a regular user or some other sort of role. - * @alias module:model/Role + * @alias module:model/OryAccessControlPolicyRole * @class */ var exports = function() { - var _this = this - } + var _this = this; + + + + }; /** - * Constructs a Role from a plain JavaScript object, optionally creating a new instance. + * Constructs a OryAccessControlPolicyRole from a plain JavaScript object, optionally creating a new instance. * Copies all relevant properties from data to obj if supplied or a new instance if not. * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/Role} obj Optional instance to populate. - * @return {module:model/Role} The populated Role instance. + * @param {module:model/OryAccessControlPolicyRole} obj Optional instance to populate. + * @return {module:model/OryAccessControlPolicyRole} The populated OryAccessControlPolicyRole instance. */ exports.constructFromObject = function(data, obj) { if (data) { - obj = obj || new exports() + obj = obj || new exports(); if (data.hasOwnProperty('id')) { - obj['id'] = ApiClient.convertToType(data['id'], 'String') + obj['id'] = ApiClient.convertToType(data['id'], 'String'); } if (data.hasOwnProperty('members')) { - obj['members'] = ApiClient.convertToType(data['members'], ['String']) + obj['members'] = ApiClient.convertToType(data['members'], ['String']); } } - return obj + return obj; } /** * ID is the role's unique id. * @member {String} id */ - exports.prototype['id'] = undefined + exports.prototype['id'] = undefined; /** * Members is who belongs to the role. * @member {Array.} members */ - exports.prototype['members'] = undefined + exports.prototype['members'] = undefined; + + + + return exports; +})); + - return exports -}) diff --git a/sdk/js/swagger/src/model/OryAccessControlPolicyRoles.js b/sdk/js/swagger/src/model/OryAccessControlPolicyRoles.js new file mode 100644 index 000000000..34e23685c --- /dev/null +++ b/sdk/js/swagger/src/model/OryAccessControlPolicyRoles.js @@ -0,0 +1,79 @@ +/** + * + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * + * NOTE: This class is auto generated by the swagger code generator program. + * https://github.com/swagger-api/swagger-codegen.git + * + * Swagger Codegen version: 2.2.3 + * + * Do not edit the class manually. + * + */ + +(function(root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module. + define(['ApiClient', 'model/OryAccessControlPolicyRole'], factory); + } else if (typeof module === 'object' && module.exports) { + // CommonJS-like environments that support module.exports, like Node. + module.exports = factory(require('../ApiClient'), require('./OryAccessControlPolicyRole')); + } else { + // Browser globals (root is window) + if (!root.SwaggerJsClient) { + root.SwaggerJsClient = {}; + } + root.SwaggerJsClient.OryAccessControlPolicyRoles = factory(root.SwaggerJsClient.ApiClient, root.SwaggerJsClient.OryAccessControlPolicyRole); + } +}(this, function(ApiClient, OryAccessControlPolicyRole) { + 'use strict'; + + + + + /** + * The OryAccessControlPolicyRoles model module. + * @module model/OryAccessControlPolicyRoles + * @version Latest + */ + + /** + * Constructs a new OryAccessControlPolicyRoles. + * @alias module:model/OryAccessControlPolicyRoles + * @class + * @extends Array + */ + var exports = function() { + var _this = this; + _this = new Array(); + Object.setPrototypeOf(_this, exports); + + return _this; + }; + + /** + * Constructs a OryAccessControlPolicyRoles from a plain JavaScript object, optionally creating a new instance. + * Copies all relevant properties from data to obj if supplied or a new instance if not. + * @param {Object} data The plain JavaScript object bearing properties of interest. + * @param {module:model/OryAccessControlPolicyRoles} obj Optional instance to populate. + * @return {module:model/OryAccessControlPolicyRoles} The populated OryAccessControlPolicyRoles instance. + */ + exports.constructFromObject = function(data, obj) { + if (data) { + obj = obj || new exports(); + ApiClient.constructFromObject(data, obj, 'OryAccessControlPolicyRole'); + + } + return obj; + } + + + + + return exports; +})); + + diff --git a/sdk/js/swagger/src/model/Policies.js b/sdk/js/swagger/src/model/Policies.js new file mode 100644 index 000000000..8f5822d41 --- /dev/null +++ b/sdk/js/swagger/src/model/Policies.js @@ -0,0 +1,79 @@ +/** + * + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * + * NOTE: This class is auto generated by the swagger code generator program. + * https://github.com/swagger-api/swagger-codegen.git + * + * Swagger Codegen version: 2.2.3 + * + * Do not edit the class manually. + * + */ + +(function(root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module. + define(['ApiClient', 'model/OryAccessControlPolicy'], factory); + } else if (typeof module === 'object' && module.exports) { + // CommonJS-like environments that support module.exports, like Node. + module.exports = factory(require('../ApiClient'), require('./OryAccessControlPolicy')); + } else { + // Browser globals (root is window) + if (!root.SwaggerJsClient) { + root.SwaggerJsClient = {}; + } + root.SwaggerJsClient.Policies = factory(root.SwaggerJsClient.ApiClient, root.SwaggerJsClient.OryAccessControlPolicy); + } +}(this, function(ApiClient, OryAccessControlPolicy) { + 'use strict'; + + + + + /** + * The Policies model module. + * @module model/Policies + * @version Latest + */ + + /** + * Constructs a new Policies. + * @alias module:model/Policies + * @class + * @extends Array + */ + var exports = function() { + var _this = this; + _this = new Array(); + Object.setPrototypeOf(_this, exports); + + return _this; + }; + + /** + * Constructs a Policies from a plain JavaScript object, optionally creating a new instance. + * Copies all relevant properties from data to obj if supplied or a new instance if not. + * @param {Object} data The plain JavaScript object bearing properties of interest. + * @param {module:model/Policies} obj Optional instance to populate. + * @return {module:model/Policies} The populated Policies instance. + */ + exports.constructFromObject = function(data, obj) { + if (data) { + obj = obj || new exports(); + ApiClient.constructFromObject(data, obj, 'OryAccessControlPolicy'); + + } + return obj; + } + + + + + return exports; +})); + + diff --git a/sdk/js/swagger/src/model/Policy.js b/sdk/js/swagger/src/model/Policy.js deleted file mode 100644 index f22ba2f74..000000000 --- a/sdk/js/swagger/src/model/Policy.js +++ /dev/null @@ -1,135 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient', 'model/PolicyConditions'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory( - require('../ApiClient'), - require('./PolicyConditions') - ) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.Policy = factory( - root.SwaggerJsClient.ApiClient, - root.SwaggerJsClient.PolicyConditions - ) - } -})(this, function(ApiClient, PolicyConditions) { - 'use strict' - - /** - * The Policy model module. - * @module model/Policy - * @version Latest - */ - - /** - * Constructs a new Policy. - * @alias module:model/Policy - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a Policy from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/Policy} obj Optional instance to populate. - * @return {module:model/Policy} The populated Policy instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('actions')) { - obj['actions'] = ApiClient.convertToType(data['actions'], ['String']) - } - if (data.hasOwnProperty('conditions')) { - obj['conditions'] = ApiClient.convertToType(data['conditions'], { - String: PolicyConditions - }) - } - if (data.hasOwnProperty('description')) { - obj['description'] = ApiClient.convertToType( - data['description'], - 'String' - ) - } - if (data.hasOwnProperty('effect')) { - obj['effect'] = ApiClient.convertToType(data['effect'], 'String') - } - if (data.hasOwnProperty('id')) { - obj['id'] = ApiClient.convertToType(data['id'], 'String') - } - if (data.hasOwnProperty('resources')) { - obj['resources'] = ApiClient.convertToType(data['resources'], [ - 'String' - ]) - } - if (data.hasOwnProperty('subjects')) { - obj['subjects'] = ApiClient.convertToType(data['subjects'], ['String']) - } - } - return obj - } - - /** - * Actions impacted by the policy. - * @member {Array.} actions - */ - exports.prototype['actions'] = undefined - /** - * Conditions under which the policy is active. - * @member {Object.} conditions - */ - exports.prototype['conditions'] = undefined - /** - * Description of the policy. - * @member {String} description - */ - exports.prototype['description'] = undefined - /** - * Effect of the policy - * @member {String} effect - */ - exports.prototype['effect'] = undefined - /** - * ID of the policy. - * @member {String} id - */ - exports.prototype['id'] = undefined - /** - * Resources impacted by the policy. - * @member {Array.} resources - */ - exports.prototype['resources'] = undefined - /** - * Subjects impacted by the policy. - * @member {Array.} subjects - */ - exports.prototype['subjects'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/PolicyConditions.js b/sdk/js/swagger/src/model/PolicyConditions.js deleted file mode 100644 index 21cf08bb4..000000000 --- a/sdk/js/swagger/src/model/PolicyConditions.js +++ /dev/null @@ -1,84 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.PolicyConditions = factory( - root.SwaggerJsClient.ApiClient - ) - } -})(this, function(ApiClient) { - 'use strict' - - /** - * The PolicyConditions model module. - * @module model/PolicyConditions - * @version Latest - */ - - /** - * Constructs a new PolicyConditions. - * @alias module:model/PolicyConditions - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a PolicyConditions from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/PolicyConditions} obj Optional instance to populate. - * @return {module:model/PolicyConditions} The populated PolicyConditions instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('options')) { - obj['options'] = ApiClient.convertToType(data['options'], { - String: Object - }) - } - if (data.hasOwnProperty('type')) { - obj['type'] = ApiClient.convertToType(data['type'], 'String') - } - } - return obj - } - - /** - * @member {Object.} options - */ - exports.prototype['options'] = undefined - /** - * @member {String} type - */ - exports.prototype['type'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/RemoveOryAccessControlPolicyRoleMembers.js b/sdk/js/swagger/src/model/RemoveOryAccessControlPolicyRoleMembers.js new file mode 100644 index 000000000..9cbca1607 --- /dev/null +++ b/sdk/js/swagger/src/model/RemoveOryAccessControlPolicyRoleMembers.js @@ -0,0 +1,102 @@ +/** + * + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * + * NOTE: This class is auto generated by the swagger code generator program. + * https://github.com/swagger-api/swagger-codegen.git + * + * Swagger Codegen version: 2.2.3 + * + * Do not edit the class manually. + * + */ + +(function(root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module. + define(['ApiClient', 'model/RemoveOryAccessControlPolicyRoleMembersBody'], factory); + } else if (typeof module === 'object' && module.exports) { + // CommonJS-like environments that support module.exports, like Node. + module.exports = factory(require('../ApiClient'), require('./RemoveOryAccessControlPolicyRoleMembersBody')); + } else { + // Browser globals (root is window) + if (!root.SwaggerJsClient) { + root.SwaggerJsClient = {}; + } + root.SwaggerJsClient.RemoveOryAccessControlPolicyRoleMembers = factory(root.SwaggerJsClient.ApiClient, root.SwaggerJsClient.RemoveOryAccessControlPolicyRoleMembersBody); + } +}(this, function(ApiClient, RemoveOryAccessControlPolicyRoleMembersBody) { + 'use strict'; + + + + + /** + * The RemoveOryAccessControlPolicyRoleMembers model module. + * @module model/RemoveOryAccessControlPolicyRoleMembers + * @version Latest + */ + + /** + * Constructs a new RemoveOryAccessControlPolicyRoleMembers. + * @alias module:model/RemoveOryAccessControlPolicyRoleMembers + * @class + * @param flavor {String} The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + * @param id {String} The ID of the ORY Access Control Policy Role. in: path + */ + var exports = function(flavor, id) { + var _this = this; + + + _this['flavor'] = flavor; + _this['id'] = id; + }; + + /** + * Constructs a RemoveOryAccessControlPolicyRoleMembers from a plain JavaScript object, optionally creating a new instance. + * Copies all relevant properties from data to obj if supplied or a new instance if not. + * @param {Object} data The plain JavaScript object bearing properties of interest. + * @param {module:model/RemoveOryAccessControlPolicyRoleMembers} obj Optional instance to populate. + * @return {module:model/RemoveOryAccessControlPolicyRoleMembers} The populated RemoveOryAccessControlPolicyRoleMembers instance. + */ + exports.constructFromObject = function(data, obj) { + if (data) { + obj = obj || new exports(); + + if (data.hasOwnProperty('Body')) { + obj['Body'] = RemoveOryAccessControlPolicyRoleMembersBody.constructFromObject(data['Body']); + } + if (data.hasOwnProperty('flavor')) { + obj['flavor'] = ApiClient.convertToType(data['flavor'], 'String'); + } + if (data.hasOwnProperty('id')) { + obj['id'] = ApiClient.convertToType(data['id'], 'String'); + } + } + return obj; + } + + /** + * @member {module:model/RemoveOryAccessControlPolicyRoleMembersBody} Body + */ + exports.prototype['Body'] = undefined; + /** + * The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + * @member {String} flavor + */ + exports.prototype['flavor'] = undefined; + /** + * The ID of the ORY Access Control Policy Role. in: path + * @member {String} id + */ + exports.prototype['id'] = undefined; + + + + return exports; +})); + + diff --git a/sdk/js/swagger/src/model/RemoveOryAccessControlPolicyRoleMembersBody.js b/sdk/js/swagger/src/model/RemoveOryAccessControlPolicyRoleMembersBody.js new file mode 100644 index 000000000..12b664349 --- /dev/null +++ b/sdk/js/swagger/src/model/RemoveOryAccessControlPolicyRoleMembersBody.js @@ -0,0 +1,83 @@ +/** + * + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * + * NOTE: This class is auto generated by the swagger code generator program. + * https://github.com/swagger-api/swagger-codegen.git + * + * Swagger Codegen version: 2.2.3 + * + * Do not edit the class manually. + * + */ + +(function(root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module. + define(['ApiClient'], factory); + } else if (typeof module === 'object' && module.exports) { + // CommonJS-like environments that support module.exports, like Node. + module.exports = factory(require('../ApiClient')); + } else { + // Browser globals (root is window) + if (!root.SwaggerJsClient) { + root.SwaggerJsClient = {}; + } + root.SwaggerJsClient.RemoveOryAccessControlPolicyRoleMembersBody = factory(root.SwaggerJsClient.ApiClient); + } +}(this, function(ApiClient) { + 'use strict'; + + + + + /** + * The RemoveOryAccessControlPolicyRoleMembersBody model module. + * @module model/RemoveOryAccessControlPolicyRoleMembersBody + * @version Latest + */ + + /** + * Constructs a new RemoveOryAccessControlPolicyRoleMembersBody. + * @alias module:model/RemoveOryAccessControlPolicyRoleMembersBody + * @class + */ + var exports = function() { + var _this = this; + + + }; + + /** + * Constructs a RemoveOryAccessControlPolicyRoleMembersBody from a plain JavaScript object, optionally creating a new instance. + * Copies all relevant properties from data to obj if supplied or a new instance if not. + * @param {Object} data The plain JavaScript object bearing properties of interest. + * @param {module:model/RemoveOryAccessControlPolicyRoleMembersBody} obj Optional instance to populate. + * @return {module:model/RemoveOryAccessControlPolicyRoleMembersBody} The populated RemoveOryAccessControlPolicyRoleMembersBody instance. + */ + exports.constructFromObject = function(data, obj) { + if (data) { + obj = obj || new exports(); + + if (data.hasOwnProperty('members')) { + obj['members'] = ApiClient.convertToType(data['members'], ['String']); + } + } + return obj; + } + + /** + * The members to be removed. + * @member {Array.} members + */ + exports.prototype['members'] = undefined; + + + + return exports; +})); + + diff --git a/sdk/js/swagger/src/model/RoleMembers.js b/sdk/js/swagger/src/model/RoleMembers.js deleted file mode 100644 index 0468c6e65..000000000 --- a/sdk/js/swagger/src/model/RoleMembers.js +++ /dev/null @@ -1,73 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.RoleMembers = factory(root.SwaggerJsClient.ApiClient) - } -})(this, function(ApiClient) { - 'use strict' - - /** - * The RoleMembers model module. - * @module model/RoleMembers - * @version Latest - */ - - /** - * Constructs a new RoleMembers. - * @alias module:model/RoleMembers - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a RoleMembers from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/RoleMembers} obj Optional instance to populate. - * @return {module:model/RoleMembers} The populated RoleMembers instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('members')) { - obj['members'] = ApiClient.convertToType(data['members'], ['String']) - } - } - return obj - } - - /** - * @member {Array.} members - */ - exports.prototype['members'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/Session.js b/sdk/js/swagger/src/model/Session.js deleted file mode 100644 index 9d7631fe4..000000000 --- a/sdk/js/swagger/src/model/Session.js +++ /dev/null @@ -1,76 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.Session = factory(root.SwaggerJsClient.ApiClient) - } -})(this, function(ApiClient) { - 'use strict' - - /** - * The Session model module. - * @module model/Session - * @version Latest - */ - - /** - * Constructs a new Session. - * @alias module:model/Session - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a Session from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/Session} obj Optional instance to populate. - * @return {module:model/Session} The populated Session instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('GetSubject')) { - obj['GetSubject'] = ApiClient.convertToType( - data['GetSubject'], - 'String' - ) - } - } - return obj - } - - /** - * @member {String} GetSubject - */ - exports.prototype['GetSubject'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/SwaggerCreatePolicyParameters.js b/sdk/js/swagger/src/model/SwaggerCreatePolicyParameters.js deleted file mode 100644 index d8b9284cd..000000000 --- a/sdk/js/swagger/src/model/SwaggerCreatePolicyParameters.js +++ /dev/null @@ -1,76 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient', 'model/Policy'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient'), require('./Policy')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.SwaggerCreatePolicyParameters = factory( - root.SwaggerJsClient.ApiClient, - root.SwaggerJsClient.Policy - ) - } -})(this, function(ApiClient, Policy) { - 'use strict' - - /** - * The SwaggerCreatePolicyParameters model module. - * @module model/SwaggerCreatePolicyParameters - * @version Latest - */ - - /** - * Constructs a new SwaggerCreatePolicyParameters. - * @alias module:model/SwaggerCreatePolicyParameters - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a SwaggerCreatePolicyParameters from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/SwaggerCreatePolicyParameters} obj Optional instance to populate. - * @return {module:model/SwaggerCreatePolicyParameters} The populated SwaggerCreatePolicyParameters instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('Body')) { - obj['Body'] = Policy.constructFromObject(data['Body']) - } - } - return obj - } - - /** - * @member {module:model/Policy} Body - */ - exports.prototype['Body'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/SwaggerDoesWardenAllowAccessRequestParameters.js b/sdk/js/swagger/src/model/SwaggerDoesWardenAllowAccessRequestParameters.js deleted file mode 100644 index c41bfb066..000000000 --- a/sdk/js/swagger/src/model/SwaggerDoesWardenAllowAccessRequestParameters.js +++ /dev/null @@ -1,81 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient', 'model/WardenSubjectAuthorizationRequest'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory( - require('../ApiClient'), - require('./WardenSubjectAuthorizationRequest') - ) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.SwaggerDoesWardenAllowAccessRequestParameters = factory( - root.SwaggerJsClient.ApiClient, - root.SwaggerJsClient.WardenSubjectAuthorizationRequest - ) - } -})(this, function(ApiClient, WardenSubjectAuthorizationRequest) { - 'use strict' - - /** - * The SwaggerDoesWardenAllowAccessRequestParameters model module. - * @module model/SwaggerDoesWardenAllowAccessRequestParameters - * @version Latest - */ - - /** - * Constructs a new SwaggerDoesWardenAllowAccessRequestParameters. - * @alias module:model/SwaggerDoesWardenAllowAccessRequestParameters - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a SwaggerDoesWardenAllowAccessRequestParameters from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/SwaggerDoesWardenAllowAccessRequestParameters} obj Optional instance to populate. - * @return {module:model/SwaggerDoesWardenAllowAccessRequestParameters} The populated SwaggerDoesWardenAllowAccessRequestParameters instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('Body')) { - obj['Body'] = WardenSubjectAuthorizationRequest.constructFromObject( - data['Body'] - ) - } - } - return obj - } - - /** - * @member {module:model/WardenSubjectAuthorizationRequest} Body - */ - exports.prototype['Body'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/SwaggerDoesWardenAllowClientRequestParameters.js b/sdk/js/swagger/src/model/SwaggerDoesWardenAllowClientRequestParameters.js deleted file mode 100644 index 0201d7c60..000000000 --- a/sdk/js/swagger/src/model/SwaggerDoesWardenAllowClientRequestParameters.js +++ /dev/null @@ -1,86 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define([ - 'ApiClient', - 'model/WardenOAuth2ClientAuthorizationRequest' - ], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory( - require('../ApiClient'), - require('./WardenOAuth2ClientAuthorizationRequest') - ) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.SwaggerDoesWardenAllowClientRequestParameters = factory( - root.SwaggerJsClient.ApiClient, - root.SwaggerJsClient.WardenOAuth2ClientAuthorizationRequest - ) - } -})(this, function(ApiClient, WardenOAuth2ClientAuthorizationRequest) { - 'use strict' - - /** - * The SwaggerDoesWardenAllowClientRequestParameters model module. - * @module model/SwaggerDoesWardenAllowClientRequestParameters - * @version Latest - */ - - /** - * Constructs a new SwaggerDoesWardenAllowClientRequestParameters. - * @alias module:model/SwaggerDoesWardenAllowClientRequestParameters - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a SwaggerDoesWardenAllowClientRequestParameters from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/SwaggerDoesWardenAllowClientRequestParameters} obj Optional instance to populate. - * @return {module:model/SwaggerDoesWardenAllowClientRequestParameters} The populated SwaggerDoesWardenAllowClientRequestParameters instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('Body')) { - obj[ - 'Body' - ] = WardenOAuth2ClientAuthorizationRequest.constructFromObject( - data['Body'] - ) - } - } - return obj - } - - /** - * @member {module:model/WardenOAuth2ClientAuthorizationRequest} Body - */ - exports.prototype['Body'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/SwaggerDoesWardenAllowTokenAccessRequestParameters.js b/sdk/js/swagger/src/model/SwaggerDoesWardenAllowTokenAccessRequestParameters.js deleted file mode 100644 index b2ba4b3f4..000000000 --- a/sdk/js/swagger/src/model/SwaggerDoesWardenAllowTokenAccessRequestParameters.js +++ /dev/null @@ -1,86 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define([ - 'ApiClient', - 'model/WardenOAuth2AccessTokenAuthorizationRequest' - ], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory( - require('../ApiClient'), - require('./WardenOAuth2AccessTokenAuthorizationRequest') - ) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.SwaggerDoesWardenAllowTokenAccessRequestParameters = factory( - root.SwaggerJsClient.ApiClient, - root.SwaggerJsClient.WardenOAuth2AccessTokenAuthorizationRequest - ) - } -})(this, function(ApiClient, WardenOAuth2AccessTokenAuthorizationRequest) { - 'use strict' - - /** - * The SwaggerDoesWardenAllowTokenAccessRequestParameters model module. - * @module model/SwaggerDoesWardenAllowTokenAccessRequestParameters - * @version Latest - */ - - /** - * Constructs a new SwaggerDoesWardenAllowTokenAccessRequestParameters. - * @alias module:model/SwaggerDoesWardenAllowTokenAccessRequestParameters - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a SwaggerDoesWardenAllowTokenAccessRequestParameters from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/SwaggerDoesWardenAllowTokenAccessRequestParameters} obj Optional instance to populate. - * @return {module:model/SwaggerDoesWardenAllowTokenAccessRequestParameters} The populated SwaggerDoesWardenAllowTokenAccessRequestParameters instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('Body')) { - obj[ - 'Body' - ] = WardenOAuth2AccessTokenAuthorizationRequest.constructFromObject( - data['Body'] - ) - } - } - return obj - } - - /** - * @member {module:model/WardenOAuth2AccessTokenAuthorizationRequest} Body - */ - exports.prototype['Body'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/SwaggerGetPolicyParameters.js b/sdk/js/swagger/src/model/SwaggerGetPolicyParameters.js deleted file mode 100644 index 545405dda..000000000 --- a/sdk/js/swagger/src/model/SwaggerGetPolicyParameters.js +++ /dev/null @@ -1,76 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.SwaggerGetPolicyParameters = factory( - root.SwaggerJsClient.ApiClient - ) - } -})(this, function(ApiClient) { - 'use strict' - - /** - * The SwaggerGetPolicyParameters model module. - * @module model/SwaggerGetPolicyParameters - * @version Latest - */ - - /** - * Constructs a new SwaggerGetPolicyParameters. - * @alias module:model/SwaggerGetPolicyParameters - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a SwaggerGetPolicyParameters from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/SwaggerGetPolicyParameters} obj Optional instance to populate. - * @return {module:model/SwaggerGetPolicyParameters} The populated SwaggerGetPolicyParameters instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('id')) { - obj['id'] = ApiClient.convertToType(data['id'], 'String') - } - } - return obj - } - - /** - * The id of the policy. in: path - * @member {String} id - */ - exports.prototype['id'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/SwaggerListPolicyParameters.js b/sdk/js/swagger/src/model/SwaggerListPolicyParameters.js deleted file mode 100644 index d35c227b9..000000000 --- a/sdk/js/swagger/src/model/SwaggerListPolicyParameters.js +++ /dev/null @@ -1,84 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.SwaggerListPolicyParameters = factory( - root.SwaggerJsClient.ApiClient - ) - } -})(this, function(ApiClient) { - 'use strict' - - /** - * The SwaggerListPolicyParameters model module. - * @module model/SwaggerListPolicyParameters - * @version Latest - */ - - /** - * Constructs a new SwaggerListPolicyParameters. - * @alias module:model/SwaggerListPolicyParameters - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a SwaggerListPolicyParameters from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/SwaggerListPolicyParameters} obj Optional instance to populate. - * @return {module:model/SwaggerListPolicyParameters} The populated SwaggerListPolicyParameters instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('limit')) { - obj['limit'] = ApiClient.convertToType(data['limit'], 'Number') - } - if (data.hasOwnProperty('offset')) { - obj['offset'] = ApiClient.convertToType(data['offset'], 'Number') - } - } - return obj - } - - /** - * The maximum amount of policies returned. in: query - * @member {Number} limit - */ - exports.prototype['limit'] = undefined - /** - * The offset from where to start looking. in: query - * @member {Number} offset - */ - exports.prototype['offset'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/SwaggerListPolicyResponse.js b/sdk/js/swagger/src/model/SwaggerListPolicyResponse.js deleted file mode 100644 index 94aabe1b2..000000000 --- a/sdk/js/swagger/src/model/SwaggerListPolicyResponse.js +++ /dev/null @@ -1,78 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient', 'model/Policy'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient'), require('./Policy')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.SwaggerListPolicyResponse = factory( - root.SwaggerJsClient.ApiClient, - root.SwaggerJsClient.Policy - ) - } -})(this, function(ApiClient, Policy) { - 'use strict' - - /** - * The SwaggerListPolicyResponse model module. - * @module model/SwaggerListPolicyResponse - * @version Latest - */ - - /** - * Constructs a new SwaggerListPolicyResponse. - * A policy - * @alias module:model/SwaggerListPolicyResponse - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a SwaggerListPolicyResponse from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/SwaggerListPolicyResponse} obj Optional instance to populate. - * @return {module:model/SwaggerListPolicyResponse} The populated SwaggerListPolicyResponse instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('Body')) { - obj['Body'] = ApiClient.convertToType(data['Body'], [Policy]) - } - } - return obj - } - - /** - * in: body type: array - * @member {Array.} Body - */ - exports.prototype['Body'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/SwaggerUpdatePolicyParameters.js b/sdk/js/swagger/src/model/SwaggerUpdatePolicyParameters.js deleted file mode 100644 index a0cdea359..000000000 --- a/sdk/js/swagger/src/model/SwaggerUpdatePolicyParameters.js +++ /dev/null @@ -1,84 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient', 'model/Policy'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient'), require('./Policy')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.SwaggerUpdatePolicyParameters = factory( - root.SwaggerJsClient.ApiClient, - root.SwaggerJsClient.Policy - ) - } -})(this, function(ApiClient, Policy) { - 'use strict' - - /** - * The SwaggerUpdatePolicyParameters model module. - * @module model/SwaggerUpdatePolicyParameters - * @version Latest - */ - - /** - * Constructs a new SwaggerUpdatePolicyParameters. - * @alias module:model/SwaggerUpdatePolicyParameters - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a SwaggerUpdatePolicyParameters from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/SwaggerUpdatePolicyParameters} obj Optional instance to populate. - * @return {module:model/SwaggerUpdatePolicyParameters} The populated SwaggerUpdatePolicyParameters instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('Body')) { - obj['Body'] = Policy.constructFromObject(data['Body']) - } - if (data.hasOwnProperty('id')) { - obj['id'] = ApiClient.convertToType(data['id'], 'String') - } - } - return obj - } - - /** - * @member {module:model/Policy} Body - */ - exports.prototype['Body'] = undefined - /** - * The id of the policy. in: path - * @member {String} id - */ - exports.prototype['id'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/SwaggerWardenBaseRequest.js b/sdk/js/swagger/src/model/SwaggerWardenBaseRequest.js deleted file mode 100644 index 59cd38ffe..000000000 --- a/sdk/js/swagger/src/model/SwaggerWardenBaseRequest.js +++ /dev/null @@ -1,95 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.SwaggerWardenBaseRequest = factory( - root.SwaggerJsClient.ApiClient - ) - } -})(this, function(ApiClient) { - 'use strict' - - /** - * The SwaggerWardenBaseRequest model module. - * @module model/SwaggerWardenBaseRequest - * @version Latest - */ - - /** - * Constructs a new SwaggerWardenBaseRequest. - * swager:model authorizedBaseRequest - * @alias module:model/SwaggerWardenBaseRequest - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a SwaggerWardenBaseRequest from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/SwaggerWardenBaseRequest} obj Optional instance to populate. - * @return {module:model/SwaggerWardenBaseRequest} The populated SwaggerWardenBaseRequest instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('action')) { - obj['action'] = ApiClient.convertToType(data['action'], 'String') - } - if (data.hasOwnProperty('context')) { - obj['context'] = ApiClient.convertToType(data['context'], { - String: Object - }) - } - if (data.hasOwnProperty('resource')) { - obj['resource'] = ApiClient.convertToType(data['resource'], 'String') - } - } - return obj - } - - /** - * Action is the action that is requested on the resource. - * @member {String} action - */ - exports.prototype['action'] = undefined - /** - * Context is the request's environmental context. - * @member {Object.} context - */ - exports.prototype['context'] = undefined - /** - * Resource is the resource that access is requested to. - * @member {String} resource - */ - exports.prototype['resource'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/UpsertOryAccessControlPolicy.js b/sdk/js/swagger/src/model/UpsertOryAccessControlPolicy.js new file mode 100644 index 000000000..1c828f4cd --- /dev/null +++ b/sdk/js/swagger/src/model/UpsertOryAccessControlPolicy.js @@ -0,0 +1,92 @@ +/** + * + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * + * NOTE: This class is auto generated by the swagger code generator program. + * https://github.com/swagger-api/swagger-codegen.git + * + * Swagger Codegen version: 2.2.3 + * + * Do not edit the class manually. + * + */ + +(function(root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module. + define(['ApiClient', 'model/OryAccessControlPolicy'], factory); + } else if (typeof module === 'object' && module.exports) { + // CommonJS-like environments that support module.exports, like Node. + module.exports = factory(require('../ApiClient'), require('./OryAccessControlPolicy')); + } else { + // Browser globals (root is window) + if (!root.SwaggerJsClient) { + root.SwaggerJsClient = {}; + } + root.SwaggerJsClient.UpsertOryAccessControlPolicy = factory(root.SwaggerJsClient.ApiClient, root.SwaggerJsClient.OryAccessControlPolicy); + } +}(this, function(ApiClient, OryAccessControlPolicy) { + 'use strict'; + + + + + /** + * The UpsertOryAccessControlPolicy model module. + * @module model/UpsertOryAccessControlPolicy + * @version Latest + */ + + /** + * Constructs a new UpsertOryAccessControlPolicy. + * @alias module:model/UpsertOryAccessControlPolicy + * @class + * @param flavor {String} The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + */ + var exports = function(flavor) { + var _this = this; + + + _this['flavor'] = flavor; + }; + + /** + * Constructs a UpsertOryAccessControlPolicy from a plain JavaScript object, optionally creating a new instance. + * Copies all relevant properties from data to obj if supplied or a new instance if not. + * @param {Object} data The plain JavaScript object bearing properties of interest. + * @param {module:model/UpsertOryAccessControlPolicy} obj Optional instance to populate. + * @return {module:model/UpsertOryAccessControlPolicy} The populated UpsertOryAccessControlPolicy instance. + */ + exports.constructFromObject = function(data, obj) { + if (data) { + obj = obj || new exports(); + + if (data.hasOwnProperty('Body')) { + obj['Body'] = OryAccessControlPolicy.constructFromObject(data['Body']); + } + if (data.hasOwnProperty('flavor')) { + obj['flavor'] = ApiClient.convertToType(data['flavor'], 'String'); + } + } + return obj; + } + + /** + * @member {module:model/OryAccessControlPolicy} Body + */ + exports.prototype['Body'] = undefined; + /** + * The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + * @member {String} flavor + */ + exports.prototype['flavor'] = undefined; + + + + return exports; +})); + + diff --git a/sdk/js/swagger/src/model/UpsertOryAccessControlPolicyRole.js b/sdk/js/swagger/src/model/UpsertOryAccessControlPolicyRole.js new file mode 100644 index 000000000..d09bc55a8 --- /dev/null +++ b/sdk/js/swagger/src/model/UpsertOryAccessControlPolicyRole.js @@ -0,0 +1,92 @@ +/** + * + * Package main ORY Keto + * + * OpenAPI spec version: Latest + * Contact: hi@ory.sh + * + * NOTE: This class is auto generated by the swagger code generator program. + * https://github.com/swagger-api/swagger-codegen.git + * + * Swagger Codegen version: 2.2.3 + * + * Do not edit the class manually. + * + */ + +(function(root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module. + define(['ApiClient', 'model/OryAccessControlPolicyRole'], factory); + } else if (typeof module === 'object' && module.exports) { + // CommonJS-like environments that support module.exports, like Node. + module.exports = factory(require('../ApiClient'), require('./OryAccessControlPolicyRole')); + } else { + // Browser globals (root is window) + if (!root.SwaggerJsClient) { + root.SwaggerJsClient = {}; + } + root.SwaggerJsClient.UpsertOryAccessControlPolicyRole = factory(root.SwaggerJsClient.ApiClient, root.SwaggerJsClient.OryAccessControlPolicyRole); + } +}(this, function(ApiClient, OryAccessControlPolicyRole) { + 'use strict'; + + + + + /** + * The UpsertOryAccessControlPolicyRole model module. + * @module model/UpsertOryAccessControlPolicyRole + * @version Latest + */ + + /** + * Constructs a new UpsertOryAccessControlPolicyRole. + * @alias module:model/UpsertOryAccessControlPolicyRole + * @class + * @param flavor {String} The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + */ + var exports = function(flavor) { + var _this = this; + + + _this['flavor'] = flavor; + }; + + /** + * Constructs a UpsertOryAccessControlPolicyRole from a plain JavaScript object, optionally creating a new instance. + * Copies all relevant properties from data to obj if supplied or a new instance if not. + * @param {Object} data The plain JavaScript object bearing properties of interest. + * @param {module:model/UpsertOryAccessControlPolicyRole} obj Optional instance to populate. + * @return {module:model/UpsertOryAccessControlPolicyRole} The populated UpsertOryAccessControlPolicyRole instance. + */ + exports.constructFromObject = function(data, obj) { + if (data) { + obj = obj || new exports(); + + if (data.hasOwnProperty('Body')) { + obj['Body'] = OryAccessControlPolicyRole.constructFromObject(data['Body']); + } + if (data.hasOwnProperty('flavor')) { + obj['flavor'] = ApiClient.convertToType(data['flavor'], 'String'); + } + } + return obj; + } + + /** + * @member {module:model/OryAccessControlPolicyRole} Body + */ + exports.prototype['Body'] = undefined; + /** + * The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + * @member {String} flavor + */ + exports.prototype['flavor'] = undefined; + + + + return exports; +})); + + diff --git a/sdk/js/swagger/src/model/Version.js b/sdk/js/swagger/src/model/Version.js index cd76ca48c..65e4d7f52 100644 --- a/sdk/js/swagger/src/model/Version.js +++ b/sdk/js/swagger/src/model/Version.js @@ -1,9 +1,9 @@ /** - * + * * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * * NOTE: This class is auto generated by the swagger code generator program. * https://github.com/swagger-api/swagger-codegen.git @@ -14,22 +14,25 @@ * */ -;(function(root, factory) { +(function(root, factory) { if (typeof define === 'function' && define.amd) { // AMD. Register as an anonymous module. - define(['ApiClient'], factory) + define(['ApiClient'], factory); } else if (typeof module === 'object' && module.exports) { // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) + module.exports = factory(require('../ApiClient')); } else { // Browser globals (root is window) if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} + root.SwaggerJsClient = {}; } - root.SwaggerJsClient.Version = factory(root.SwaggerJsClient.ApiClient) + root.SwaggerJsClient.Version = factory(root.SwaggerJsClient.ApiClient); } -})(this, function(ApiClient) { - 'use strict' +}(this, function(ApiClient) { + 'use strict'; + + + /** * The Version model module. @@ -43,8 +46,10 @@ * @class */ var exports = function() { - var _this = this - } + var _this = this; + + + }; /** * Constructs a Version from a plain JavaScript object, optionally creating a new instance. @@ -55,19 +60,24 @@ */ exports.constructFromObject = function(data, obj) { if (data) { - obj = obj || new exports() + obj = obj || new exports(); if (data.hasOwnProperty('version')) { - obj['version'] = ApiClient.convertToType(data['version'], 'String') + obj['version'] = ApiClient.convertToType(data['version'], 'String'); } } - return obj + return obj; } /** + * Version is the service's version. * @member {String} version */ - exports.prototype['version'] = undefined + exports.prototype['version'] = undefined; + + + + return exports; +})); + - return exports -}) diff --git a/sdk/js/swagger/src/model/WardenOAuth2AccessTokenAuthorizationRequest.js b/sdk/js/swagger/src/model/WardenOAuth2AccessTokenAuthorizationRequest.js deleted file mode 100644 index 9d72d0244..000000000 --- a/sdk/js/swagger/src/model/WardenOAuth2AccessTokenAuthorizationRequest.js +++ /dev/null @@ -1,110 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.WardenOAuth2AccessTokenAuthorizationRequest = factory( - root.SwaggerJsClient.ApiClient - ) - } -})(this, function(ApiClient) { - 'use strict' - - /** - * The WardenOAuth2AccessTokenAuthorizationRequest model module. - * @module model/WardenOAuth2AccessTokenAuthorizationRequest - * @version Latest - */ - - /** - * Constructs a new WardenOAuth2AccessTokenAuthorizationRequest. - * @alias module:model/WardenOAuth2AccessTokenAuthorizationRequest - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a WardenOAuth2AccessTokenAuthorizationRequest from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/WardenOAuth2AccessTokenAuthorizationRequest} obj Optional instance to populate. - * @return {module:model/WardenOAuth2AccessTokenAuthorizationRequest} The populated WardenOAuth2AccessTokenAuthorizationRequest instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('action')) { - obj['action'] = ApiClient.convertToType(data['action'], 'String') - } - if (data.hasOwnProperty('context')) { - obj['context'] = ApiClient.convertToType(data['context'], { - String: Object - }) - } - if (data.hasOwnProperty('resource')) { - obj['resource'] = ApiClient.convertToType(data['resource'], 'String') - } - if (data.hasOwnProperty('scope')) { - obj['scope'] = ApiClient.convertToType(data['scope'], ['String']) - } - if (data.hasOwnProperty('token')) { - obj['token'] = ApiClient.convertToType(data['token'], 'String') - } - } - return obj - } - - /** - * Action is the action that is requested on the resource. - * @member {String} action - */ - exports.prototype['action'] = undefined - /** - * Context is the request's environmental context. - * @member {Object.} context - */ - exports.prototype['context'] = undefined - /** - * Resource is the resource that access is requested to. - * @member {String} resource - */ - exports.prototype['resource'] = undefined - /** - * Scope is an array of scopes that are required. - * @member {Array.} scope - */ - exports.prototype['scope'] = undefined - /** - * Token is the token to introspect. - * @member {String} token - */ - exports.prototype['token'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/WardenOAuth2AccessTokenAuthorizationResponse.js b/sdk/js/swagger/src/model/WardenOAuth2AccessTokenAuthorizationResponse.js deleted file mode 100644 index 0b292b844..000000000 --- a/sdk/js/swagger/src/model/WardenOAuth2AccessTokenAuthorizationResponse.js +++ /dev/null @@ -1,155 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.WardenOAuth2AccessTokenAuthorizationResponse = factory( - root.SwaggerJsClient.ApiClient - ) - } -})(this, function(ApiClient) { - 'use strict' - - /** - * The WardenOAuth2AccessTokenAuthorizationResponse model module. - * @module model/WardenOAuth2AccessTokenAuthorizationResponse - * @version Latest - */ - - /** - * Constructs a new WardenOAuth2AccessTokenAuthorizationResponse. - * @alias module:model/WardenOAuth2AccessTokenAuthorizationResponse - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a WardenOAuth2AccessTokenAuthorizationResponse from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/WardenOAuth2AccessTokenAuthorizationResponse} obj Optional instance to populate. - * @return {module:model/WardenOAuth2AccessTokenAuthorizationResponse} The populated WardenOAuth2AccessTokenAuthorizationResponse instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('allowed')) { - obj['allowed'] = ApiClient.convertToType(data['allowed'], 'Boolean') - } - if (data.hasOwnProperty('aud')) { - obj['aud'] = ApiClient.convertToType(data['aud'], ['String']) - } - if (data.hasOwnProperty('client_id')) { - obj['client_id'] = ApiClient.convertToType(data['client_id'], 'String') - } - if (data.hasOwnProperty('exp')) { - obj['exp'] = ApiClient.convertToType(data['exp'], 'Date') - } - if (data.hasOwnProperty('iat')) { - obj['iat'] = ApiClient.convertToType(data['iat'], 'Date') - } - if (data.hasOwnProperty('iss')) { - obj['iss'] = ApiClient.convertToType(data['iss'], 'String') - } - if (data.hasOwnProperty('nbf')) { - obj['nbf'] = ApiClient.convertToType(data['nbf'], 'Date') - } - if (data.hasOwnProperty('scope')) { - obj['scope'] = ApiClient.convertToType(data['scope'], 'String') - } - if (data.hasOwnProperty('session')) { - obj['session'] = ApiClient.convertToType(data['session'], { - String: Object - }) - } - if (data.hasOwnProperty('sub')) { - obj['sub'] = ApiClient.convertToType(data['sub'], 'String') - } - if (data.hasOwnProperty('username')) { - obj['username'] = ApiClient.convertToType(data['username'], 'String') - } - } - return obj - } - - /** - * Allowed is true if the request is allowed and false otherwise. - * @member {Boolean} allowed - */ - exports.prototype['allowed'] = undefined - /** - * @member {Array.} aud - */ - exports.prototype['aud'] = undefined - /** - * ClientID is the id of the OAuth2 client that requested the token. - * @member {String} client_id - */ - exports.prototype['client_id'] = undefined - /** - * ExpiresAt is the expiry timestamp. - * @member {Date} exp - */ - exports.prototype['exp'] = undefined - /** - * IssuedAt is the token creation time stamp. - * @member {Date} iat - */ - exports.prototype['iat'] = undefined - /** - * Issuer is the id of the issuer, typically an hydra instance. - * @member {String} iss - */ - exports.prototype['iss'] = undefined - /** - * @member {Date} nbf - */ - exports.prototype['nbf'] = undefined - /** - * GrantedScopes is a list of scopes that the subject authorized when asked for consent. - * @member {String} scope - */ - exports.prototype['scope'] = undefined - /** - * Session represents arbitrary session data. - * @member {Object.} session - */ - exports.prototype['session'] = undefined - /** - * Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. - * @member {String} sub - */ - exports.prototype['sub'] = undefined - /** - * @member {String} username - */ - exports.prototype['username'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/WardenOAuth2ClientAuthorizationRequest.js b/sdk/js/swagger/src/model/WardenOAuth2ClientAuthorizationRequest.js deleted file mode 100644 index 6e677a151..000000000 --- a/sdk/js/swagger/src/model/WardenOAuth2ClientAuthorizationRequest.js +++ /dev/null @@ -1,120 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.WardenOAuth2ClientAuthorizationRequest = factory( - root.SwaggerJsClient.ApiClient - ) - } -})(this, function(ApiClient) { - 'use strict' - - /** - * The WardenOAuth2ClientAuthorizationRequest model module. - * @module model/WardenOAuth2ClientAuthorizationRequest - * @version Latest - */ - - /** - * Constructs a new WardenOAuth2ClientAuthorizationRequest. - * @alias module:model/WardenOAuth2ClientAuthorizationRequest - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a WardenOAuth2ClientAuthorizationRequest from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/WardenOAuth2ClientAuthorizationRequest} obj Optional instance to populate. - * @return {module:model/WardenOAuth2ClientAuthorizationRequest} The populated WardenOAuth2ClientAuthorizationRequest instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('action')) { - obj['action'] = ApiClient.convertToType(data['action'], 'String') - } - if (data.hasOwnProperty('client_id')) { - obj['client_id'] = ApiClient.convertToType(data['client_id'], 'String') - } - if (data.hasOwnProperty('client_secret')) { - obj['client_secret'] = ApiClient.convertToType( - data['client_secret'], - 'String' - ) - } - if (data.hasOwnProperty('context')) { - obj['context'] = ApiClient.convertToType(data['context'], { - String: Object - }) - } - if (data.hasOwnProperty('resource')) { - obj['resource'] = ApiClient.convertToType(data['resource'], 'String') - } - if (data.hasOwnProperty('scope')) { - obj['scope'] = ApiClient.convertToType(data['scope'], ['String']) - } - } - return obj - } - - /** - * Action is the action that is requested on the resource. - * @member {String} action - */ - exports.prototype['action'] = undefined - /** - * Token is the token to introspect. - * @member {String} client_id - */ - exports.prototype['client_id'] = undefined - /** - * @member {String} client_secret - */ - exports.prototype['client_secret'] = undefined - /** - * Context is the request's environmental context. - * @member {Object.} context - */ - exports.prototype['context'] = undefined - /** - * Resource is the resource that access is requested to. - * @member {String} resource - */ - exports.prototype['resource'] = undefined - /** - * Scope is an array of scopes that are required. - * @member {Array.} scope - */ - exports.prototype['scope'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/WardenOAuth2ClientAuthorizationResponse.js b/sdk/js/swagger/src/model/WardenOAuth2ClientAuthorizationResponse.js deleted file mode 100644 index baea52ee5..000000000 --- a/sdk/js/swagger/src/model/WardenOAuth2ClientAuthorizationResponse.js +++ /dev/null @@ -1,84 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.WardenOAuth2ClientAuthorizationResponse = factory( - root.SwaggerJsClient.ApiClient - ) - } -})(this, function(ApiClient) { - 'use strict' - - /** - * The WardenOAuth2ClientAuthorizationResponse model module. - * @module model/WardenOAuth2ClientAuthorizationResponse - * @version Latest - */ - - /** - * Constructs a new WardenOAuth2ClientAuthorizationResponse. - * @alias module:model/WardenOAuth2ClientAuthorizationResponse - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a WardenOAuth2ClientAuthorizationResponse from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/WardenOAuth2ClientAuthorizationResponse} obj Optional instance to populate. - * @return {module:model/WardenOAuth2ClientAuthorizationResponse} The populated WardenOAuth2ClientAuthorizationResponse instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('allowed')) { - obj['allowed'] = ApiClient.convertToType(data['allowed'], 'Boolean') - } - if (data.hasOwnProperty('sub')) { - obj['sub'] = ApiClient.convertToType(data['sub'], 'String') - } - } - return obj - } - - /** - * Allowed is true if the request is allowed and false otherwise. - * @member {Boolean} allowed - */ - exports.prototype['allowed'] = undefined - /** - * Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. - * @member {String} sub - */ - exports.prototype['sub'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/WardenSubjectAuthorizationResponse.js b/sdk/js/swagger/src/model/WardenSubjectAuthorizationResponse.js deleted file mode 100644 index 4b2bc315f..000000000 --- a/sdk/js/swagger/src/model/WardenSubjectAuthorizationResponse.js +++ /dev/null @@ -1,84 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.WardenSubjectAuthorizationResponse = factory( - root.SwaggerJsClient.ApiClient - ) - } -})(this, function(ApiClient) { - 'use strict' - - /** - * The WardenSubjectAuthorizationResponse model module. - * @module model/WardenSubjectAuthorizationResponse - * @version Latest - */ - - /** - * Constructs a new WardenSubjectAuthorizationResponse. - * @alias module:model/WardenSubjectAuthorizationResponse - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a WardenSubjectAuthorizationResponse from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/WardenSubjectAuthorizationResponse} obj Optional instance to populate. - * @return {module:model/WardenSubjectAuthorizationResponse} The populated WardenSubjectAuthorizationResponse instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - - if (data.hasOwnProperty('allowed')) { - obj['allowed'] = ApiClient.convertToType(data['allowed'], 'Boolean') - } - if (data.hasOwnProperty('sub')) { - obj['sub'] = ApiClient.convertToType(data['sub'], 'String') - } - } - return obj - } - - /** - * Allowed is true if the request is allowed and false otherwise. - * @member {Boolean} allowed - */ - exports.prototype['allowed'] = undefined - /** - * Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. - * @member {String} sub - */ - exports.prototype['sub'] = undefined - - return exports -}) diff --git a/sdk/js/swagger/src/model/Writer.js b/sdk/js/swagger/src/model/Writer.js deleted file mode 100644 index e81281602..000000000 --- a/sdk/js/swagger/src/model/Writer.js +++ /dev/null @@ -1,65 +0,0 @@ -/** - * - * Package main ORY Keto - * - * OpenAPI spec version: Latest - * Contact: hi@ory.am - * - * NOTE: This class is auto generated by the swagger code generator program. - * https://github.com/swagger-api/swagger-codegen.git - * - * Swagger Codegen version: 2.2.3 - * - * Do not edit the class manually. - * - */ - -;(function(root, factory) { - if (typeof define === 'function' && define.amd) { - // AMD. Register as an anonymous module. - define(['ApiClient'], factory) - } else if (typeof module === 'object' && module.exports) { - // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient')) - } else { - // Browser globals (root is window) - if (!root.SwaggerJsClient) { - root.SwaggerJsClient = {} - } - root.SwaggerJsClient.Writer = factory(root.SwaggerJsClient.ApiClient) - } -})(this, function(ApiClient) { - 'use strict' - - /** - * The Writer model module. - * @module model/Writer - * @version Latest - */ - - /** - * Constructs a new Writer. - * Writer is a helper to write arbitrary data to a ResponseWriter - * @alias module:model/Writer - * @class - */ - var exports = function() { - var _this = this - } - - /** - * Constructs a Writer from a plain JavaScript object, optionally creating a new instance. - * Copies all relevant properties from data to obj if supplied or a new instance if not. - * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/Writer} obj Optional instance to populate. - * @return {module:model/Writer} The populated Writer instance. - */ - exports.constructFromObject = function(data, obj) { - if (data) { - obj = obj || new exports() - } - return obj - } - - return exports -}) diff --git a/sdk/php/swagger/README.md b/sdk/php/swagger/README.md index 648c8b1a0..5eff4739f 100644 --- a/sdk/php/swagger/README.md +++ b/sdk/php/swagger/README.md @@ -57,13 +57,16 @@ Please follow the [installation procedure](#installation--usage) and then run th isInstanceAlive(); + $result = $api_instance->addOryAccessControlPolicyRoleMembers($flavor, $id, $body); print_r($result); } catch (Exception $e) { - echo 'Exception when calling HealthApi->isInstanceAlive: ', $e->getMessage(), PHP_EOL; + echo 'Exception when calling EnginesApi->addOryAccessControlPolicyRoleMembers: ', $e->getMessage(), PHP_EOL; } ?> @@ -75,65 +78,49 @@ All URIs are relative to *http://localhost* Class | Method | HTTP request | Description ------------ | ------------- | ------------- | ------------- -*HealthApi* | [**isInstanceAlive**](docs/Api/HealthApi.md#isinstancealive) | **GET** /health/alive | Check the Alive Status -*HealthApi* | [**isInstanceReady**](docs/Api/HealthApi.md#isinstanceready) | **GET** /health/ready | Check the Readiness Status -*PolicyApi* | [**createPolicy**](docs/Api/PolicyApi.md#createpolicy) | **POST** /policies | -*PolicyApi* | [**deletePolicy**](docs/Api/PolicyApi.md#deletepolicy) | **DELETE** /policies/{id} | -*PolicyApi* | [**getPolicy**](docs/Api/PolicyApi.md#getpolicy) | **GET** /policies/{id} | -*PolicyApi* | [**listPolicies**](docs/Api/PolicyApi.md#listpolicies) | **GET** /policies | -*PolicyApi* | [**updatePolicy**](docs/Api/PolicyApi.md#updatepolicy) | **PUT** /policies/{id} | -*RoleApi* | [**addMembersToRole**](docs/Api/RoleApi.md#addmemberstorole) | **POST** /roles/{id}/members | Add members to a role -*RoleApi* | [**createRole**](docs/Api/RoleApi.md#createrole) | **POST** /roles | Create a role -*RoleApi* | [**deleteRole**](docs/Api/RoleApi.md#deleterole) | **DELETE** /roles/{id} | Get a role by its ID -*RoleApi* | [**getRole**](docs/Api/RoleApi.md#getrole) | **GET** /roles/{id} | Get a role by its ID -*RoleApi* | [**listRoles**](docs/Api/RoleApi.md#listroles) | **GET** /roles | List all roles -*RoleApi* | [**removeMembersFromRole**](docs/Api/RoleApi.md#removemembersfromrole) | **DELETE** /roles/{id}/members | Remove members from a role -*RoleApi* | [**setRole**](docs/Api/RoleApi.md#setrole) | **PUT** /roles/{id} | A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. -*VersionApi* | [**getVersion**](docs/Api/VersionApi.md#getversion) | **GET** /version | Get the version of Keto -*WardenApi* | [**isOAuth2AccessTokenAuthorized**](docs/Api/WardenApi.md#isoauth2accesstokenauthorized) | **POST** /warden/oauth2/access-tokens/authorize | Check if an OAuth 2.0 access token is authorized to access a resource -*WardenApi* | [**isOAuth2ClientAuthorized**](docs/Api/WardenApi.md#isoauth2clientauthorized) | **POST** /warden/oauth2/clients/authorize | Check if an OAuth 2.0 Client is authorized to access a resource -*WardenApi* | [**isSubjectAuthorized**](docs/Api/WardenApi.md#issubjectauthorized) | **POST** /warden/subjects/authorize | Check if a subject is authorized to access a resource +*EnginesApi* | [**addOryAccessControlPolicyRoleMembers**](docs/Api/EnginesApi.md#addoryaccesscontrolpolicyrolemembers) | **PUT** /engines/acp/ory/{flavor}/roles/{id}/members | Add a member to an ORY Access Control Policy Role +*EnginesApi* | [**deleteOryAccessControlPolicy**](docs/Api/EnginesApi.md#deleteoryaccesscontrolpolicy) | **DELETE** /engines/acp/ory/{flavor}/policies/{id} | +*EnginesApi* | [**deleteOryAccessControlPolicyRole**](docs/Api/EnginesApi.md#deleteoryaccesscontrolpolicyrole) | **DELETE** /engines/acp/ory/{flavor}/roles/{id} | Delete an ORY Access Control Policy Role +*EnginesApi* | [**doOryAccessControlPoliciesAllow**](docs/Api/EnginesApi.md#dooryaccesscontrolpoliciesallow) | **POST** /engines/acp/ory/{flavor}/allowed | Check if a request is allowed +*EnginesApi* | [**getOryAccessControlPolicy**](docs/Api/EnginesApi.md#getoryaccesscontrolpolicy) | **GET** /engines/acp/ory/{flavor}/policies/{id} | +*EnginesApi* | [**getOryAccessControlPolicyRole**](docs/Api/EnginesApi.md#getoryaccesscontrolpolicyrole) | **GET** /engines/acp/ory/{flavor}/roles/{id} | Get an ORY Access Control Policy Role +*EnginesApi* | [**listOryAccessControlPolicies**](docs/Api/EnginesApi.md#listoryaccesscontrolpolicies) | **GET** /engines/acp/ory/{flavor}/policies | +*EnginesApi* | [**listOryAccessControlPolicyRoles**](docs/Api/EnginesApi.md#listoryaccesscontrolpolicyroles) | **GET** /engines/acp/ory/{flavor}/roles | List ORY Access Control Policy Roles +*EnginesApi* | [**removeOryAccessControlPolicyRoleMembers**](docs/Api/EnginesApi.md#removeoryaccesscontrolpolicyrolemembers) | **DELETE** /engines/acp/ory/{flavor}/roles/{id}/members | Remove a member from an ORY Access Control Policy Role +*EnginesApi* | [**upsertOryAccessControlPolicy**](docs/Api/EnginesApi.md#upsertoryaccesscontrolpolicy) | **PUT** /engines/acp/ory/{flavor}/policies | +*EnginesApi* | [**upsertOryAccessControlPolicyRole**](docs/Api/EnginesApi.md#upsertoryaccesscontrolpolicyrole) | **PUT** /engines/acp/ory/{flavor}/roles | Upsert an ORY Access Control Policy Role +*HealthApi* | [**isInstanceAlive**](docs/Api/HealthApi.md#isinstancealive) | **GET** /health/alive | Check alive status +*HealthApi* | [**isInstanceReady**](docs/Api/HealthApi.md#isinstanceready) | **GET** /health/ready | Check readiness status +*VersionApi* | [**getVersion**](docs/Api/VersionApi.md#getversion) | **GET** /version | Get service version ## Documentation For Models - - [AuthenticationDefaultSession](docs/Model/AuthenticationDefaultSession.md) - - [AuthenticationOAuth2ClientCredentialsRequest](docs/Model/AuthenticationOAuth2ClientCredentialsRequest.md) - - [AuthenticationOAuth2ClientCredentialsSession](docs/Model/AuthenticationOAuth2ClientCredentialsSession.md) - - [AuthenticationOAuth2IntrospectionRequest](docs/Model/AuthenticationOAuth2IntrospectionRequest.md) - - [AuthenticationOAuth2Session](docs/Model/AuthenticationOAuth2Session.md) - - [Authenticator](docs/Model/Authenticator.md) - - [Firewall](docs/Model/Firewall.md) - - [Handler](docs/Model/Handler.md) + - [AddOryAccessControlPolicyRoleMembers](docs/Model/AddOryAccessControlPolicyRoleMembers.md) + - [AddOryAccessControlPolicyRoleMembersBody](docs/Model/AddOryAccessControlPolicyRoleMembersBody.md) + - [AuthorizationResult](docs/Model/AuthorizationResult.md) + - [Context](docs/Model/Context.md) + - [DeleteOryAccessControlPolicy](docs/Model/DeleteOryAccessControlPolicy.md) + - [DeleteOryAccessControlPolicyRole](docs/Model/DeleteOryAccessControlPolicyRole.md) + - [DoOryAccessControlPoliciesAllow](docs/Model/DoOryAccessControlPoliciesAllow.md) + - [GetOryAccessControlPolicy](docs/Model/GetOryAccessControlPolicy.md) + - [GetOryAccessControlPolicyRole](docs/Model/GetOryAccessControlPolicyRole.md) - [HealthNotReadyStatus](docs/Model/HealthNotReadyStatus.md) - [HealthStatus](docs/Model/HealthStatus.md) - [InlineResponse500](docs/Model/InlineResponse500.md) - - [IntrospectionResponse](docs/Model/IntrospectionResponse.md) - - [Manager](docs/Model/Manager.md) - - [OAuth2ClientCredentialsAuthentication](docs/Model/OAuth2ClientCredentialsAuthentication.md) - - [OAuth2IntrospectionAuthentication](docs/Model/OAuth2IntrospectionAuthentication.md) - - [Policy](docs/Model/Policy.md) - - [PolicyConditions](docs/Model/PolicyConditions.md) - - [Role](docs/Model/Role.md) - - [RoleMembers](docs/Model/RoleMembers.md) - - [Session](docs/Model/Session.md) - - [SwaggerCreatePolicyParameters](docs/Model/SwaggerCreatePolicyParameters.md) - - [SwaggerDoesWardenAllowAccessRequestParameters](docs/Model/SwaggerDoesWardenAllowAccessRequestParameters.md) - - [SwaggerDoesWardenAllowClientRequestParameters](docs/Model/SwaggerDoesWardenAllowClientRequestParameters.md) - - [SwaggerDoesWardenAllowTokenAccessRequestParameters](docs/Model/SwaggerDoesWardenAllowTokenAccessRequestParameters.md) - - [SwaggerGetPolicyParameters](docs/Model/SwaggerGetPolicyParameters.md) - - [SwaggerListPolicyParameters](docs/Model/SwaggerListPolicyParameters.md) - - [SwaggerListPolicyResponse](docs/Model/SwaggerListPolicyResponse.md) - - [SwaggerUpdatePolicyParameters](docs/Model/SwaggerUpdatePolicyParameters.md) - - [SwaggerWardenBaseRequest](docs/Model/SwaggerWardenBaseRequest.md) + - [ListOryAccessControlPolicies](docs/Model/ListOryAccessControlPolicies.md) + - [ListOryAccessControlPolicyRoles](docs/Model/ListOryAccessControlPolicyRoles.md) + - [OryAccessControlPolicies](docs/Model/OryAccessControlPolicies.md) + - [OryAccessControlPolicy](docs/Model/OryAccessControlPolicy.md) + - [OryAccessControlPolicyAllowedInput](docs/Model/OryAccessControlPolicyAllowedInput.md) + - [OryAccessControlPolicyRole](docs/Model/OryAccessControlPolicyRole.md) + - [OryAccessControlPolicyRoles](docs/Model/OryAccessControlPolicyRoles.md) + - [Policies](docs/Model/Policies.md) + - [RemoveOryAccessControlPolicyRoleMembers](docs/Model/RemoveOryAccessControlPolicyRoleMembers.md) + - [RemoveOryAccessControlPolicyRoleMembersBody](docs/Model/RemoveOryAccessControlPolicyRoleMembersBody.md) + - [UpsertOryAccessControlPolicy](docs/Model/UpsertOryAccessControlPolicy.md) + - [UpsertOryAccessControlPolicyRole](docs/Model/UpsertOryAccessControlPolicyRole.md) - [Version](docs/Model/Version.md) - - [WardenOAuth2AccessTokenAuthorizationRequest](docs/Model/WardenOAuth2AccessTokenAuthorizationRequest.md) - - [WardenOAuth2AccessTokenAuthorizationResponse](docs/Model/WardenOAuth2AccessTokenAuthorizationResponse.md) - - [WardenOAuth2ClientAuthorizationRequest](docs/Model/WardenOAuth2ClientAuthorizationRequest.md) - - [WardenOAuth2ClientAuthorizationResponse](docs/Model/WardenOAuth2ClientAuthorizationResponse.md) - - [WardenSubjectAuthorizationRequest](docs/Model/WardenSubjectAuthorizationRequest.md) - - [WardenSubjectAuthorizationResponse](docs/Model/WardenSubjectAuthorizationResponse.md) - - [Writer](docs/Model/Writer.md) ## Documentation For Authorization @@ -143,6 +130,6 @@ Class | Method | HTTP request | Description ## Author -hi@ory.am +hi@ory.sh diff --git a/sdk/php/swagger/autoload.php b/sdk/php/swagger/autoload.php index 134e096b6..ada7cdbf5 100644 --- a/sdk/php/swagger/autoload.php +++ b/sdk/php/swagger/autoload.php @@ -4,7 +4,7 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git * */ @@ -13,10 +13,10 @@ * An example of a project-specific implementation. * * After registering this autoload function with SPL, the following line - * would cause the function to attempt to load the \keto\SDK\Baz\Qux class + * would cause the function to attempt to load the \ketoSDK\Baz\Qux class * from /path/to/project/lib/Baz/Qux.php: * - * new \keto\SDK\Baz\Qux; + * new \ketoSDK\Baz\Qux; * * @param string $class The fully-qualified class name. * @@ -25,7 +25,7 @@ spl_autoload_register(function ($class) { // project-specific namespace prefix - $prefix = 'keto\\SDK\\'; + $prefix = 'ketoSDK\\'; // base directory for the namespace prefix $base_dir = __DIR__ . '/lib/'; diff --git a/sdk/php/swagger/docs/Api/EnginesApi.md b/sdk/php/swagger/docs/Api/EnginesApi.md new file mode 100644 index 000000000..ad4c9a8d1 --- /dev/null +++ b/sdk/php/swagger/docs/Api/EnginesApi.md @@ -0,0 +1,542 @@ +# ketoSDK\EnginesApi +Client for keto + +All URIs are relative to *http://localhost* + +Method | HTTP request | Description +------------- | ------------- | ------------- +[**addOryAccessControlPolicyRoleMembers**](EnginesApi.md#addOryAccessControlPolicyRoleMembers) | **PUT** /engines/acp/ory/{flavor}/roles/{id}/members | Add a member to an ORY Access Control Policy Role +[**deleteOryAccessControlPolicy**](EnginesApi.md#deleteOryAccessControlPolicy) | **DELETE** /engines/acp/ory/{flavor}/policies/{id} | +[**deleteOryAccessControlPolicyRole**](EnginesApi.md#deleteOryAccessControlPolicyRole) | **DELETE** /engines/acp/ory/{flavor}/roles/{id} | Delete an ORY Access Control Policy Role +[**doOryAccessControlPoliciesAllow**](EnginesApi.md#doOryAccessControlPoliciesAllow) | **POST** /engines/acp/ory/{flavor}/allowed | Check if a request is allowed +[**getOryAccessControlPolicy**](EnginesApi.md#getOryAccessControlPolicy) | **GET** /engines/acp/ory/{flavor}/policies/{id} | +[**getOryAccessControlPolicyRole**](EnginesApi.md#getOryAccessControlPolicyRole) | **GET** /engines/acp/ory/{flavor}/roles/{id} | Get an ORY Access Control Policy Role +[**listOryAccessControlPolicies**](EnginesApi.md#listOryAccessControlPolicies) | **GET** /engines/acp/ory/{flavor}/policies | +[**listOryAccessControlPolicyRoles**](EnginesApi.md#listOryAccessControlPolicyRoles) | **GET** /engines/acp/ory/{flavor}/roles | List ORY Access Control Policy Roles +[**removeOryAccessControlPolicyRoleMembers**](EnginesApi.md#removeOryAccessControlPolicyRoleMembers) | **DELETE** /engines/acp/ory/{flavor}/roles/{id}/members | Remove a member from an ORY Access Control Policy Role +[**upsertOryAccessControlPolicy**](EnginesApi.md#upsertOryAccessControlPolicy) | **PUT** /engines/acp/ory/{flavor}/policies | +[**upsertOryAccessControlPolicyRole**](EnginesApi.md#upsertOryAccessControlPolicyRole) | **PUT** /engines/acp/ory/{flavor}/roles | Upsert an ORY Access Control Policy Role + + +# **addOryAccessControlPolicyRoleMembers** +> \ketoSDK\Model\OryAccessControlPolicyRole addOryAccessControlPolicyRoleMembers($flavor, $id, $body) + +Add a member to an ORY Access Control Policy Role + +Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + +### Example +```php +addOryAccessControlPolicyRoleMembers($flavor, $id, $body); + print_r($result); +} catch (Exception $e) { + echo 'Exception when calling EnginesApi->addOryAccessControlPolicyRoleMembers: ', $e->getMessage(), PHP_EOL; +} +?> +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **string**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **id** | **string**| The ID of the ORY Access Control Policy Role. | + **body** | [**\ketoSDK\Model\AddOryAccessControlPolicyRoleMembersBody**](../Model/AddOryAccessControlPolicyRoleMembersBody.md)| | [optional] + +### Return type + +[**\ketoSDK\Model\OryAccessControlPolicyRole**](../Model/OryAccessControlPolicyRole.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) + +# **deleteOryAccessControlPolicy** +> deleteOryAccessControlPolicy($flavor, $id) + + + +Delete an ORY Access Control Policy + +### Example +```php +deleteOryAccessControlPolicy($flavor, $id); +} catch (Exception $e) { + echo 'Exception when calling EnginesApi->deleteOryAccessControlPolicy: ', $e->getMessage(), PHP_EOL; +} +?> +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **string**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **id** | **string**| The ID of the ORY Access Control Policy Role. | + +### Return type + +void (empty response body) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) + +# **deleteOryAccessControlPolicyRole** +> deleteOryAccessControlPolicyRole($flavor, $id) + +Delete an ORY Access Control Policy Role + +Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + +### Example +```php +deleteOryAccessControlPolicyRole($flavor, $id); +} catch (Exception $e) { + echo 'Exception when calling EnginesApi->deleteOryAccessControlPolicyRole: ', $e->getMessage(), PHP_EOL; +} +?> +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **string**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **id** | **string**| The ID of the ORY Access Control Policy Role. | + +### Return type + +void (empty response body) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) + +# **doOryAccessControlPoliciesAllow** +> \ketoSDK\Model\AuthorizationResult doOryAccessControlPoliciesAllow($flavor, $body) + +Check if a request is allowed + +Use this endpoint to check if a request is allowed or not. + +### Example +```php +doOryAccessControlPoliciesAllow($flavor, $body); + print_r($result); +} catch (Exception $e) { + echo 'Exception when calling EnginesApi->doOryAccessControlPoliciesAllow: ', $e->getMessage(), PHP_EOL; +} +?> +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **string**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **body** | [**\ketoSDK\Model\OryAccessControlPolicyAllowedInput**](../Model/OryAccessControlPolicyAllowedInput.md)| | [optional] + +### Return type + +[**\ketoSDK\Model\AuthorizationResult**](../Model/AuthorizationResult.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) + +# **getOryAccessControlPolicy** +> \ketoSDK\Model\OryAccessControlPolicy getOryAccessControlPolicy($flavor, $id) + + + +Get an ORY Access Control Policy + +### Example +```php +getOryAccessControlPolicy($flavor, $id); + print_r($result); +} catch (Exception $e) { + echo 'Exception when calling EnginesApi->getOryAccessControlPolicy: ', $e->getMessage(), PHP_EOL; +} +?> +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **string**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **id** | **string**| The ID of the ORY Access Control Policy Role. | + +### Return type + +[**\ketoSDK\Model\OryAccessControlPolicy**](../Model/OryAccessControlPolicy.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) + +# **getOryAccessControlPolicyRole** +> \ketoSDK\Model\OryAccessControlPolicyRole getOryAccessControlPolicyRole($flavor, $id) + +Get an ORY Access Control Policy Role + +Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + +### Example +```php +getOryAccessControlPolicyRole($flavor, $id); + print_r($result); +} catch (Exception $e) { + echo 'Exception when calling EnginesApi->getOryAccessControlPolicyRole: ', $e->getMessage(), PHP_EOL; +} +?> +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **string**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **id** | **string**| The ID of the ORY Access Control Policy Role. | + +### Return type + +[**\ketoSDK\Model\OryAccessControlPolicyRole**](../Model/OryAccessControlPolicyRole.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) + +# **listOryAccessControlPolicies** +> \ketoSDK\Model\OryAccessControlPolicy[] listOryAccessControlPolicies($flavor, $limit, $offset) + + + +List ORY Access Control Policies + +### Example +```php +listOryAccessControlPolicies($flavor, $limit, $offset); + print_r($result); +} catch (Exception $e) { + echo 'Exception when calling EnginesApi->listOryAccessControlPolicies: ', $e->getMessage(), PHP_EOL; +} +?> +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **string**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" | + **limit** | **int**| The maximum amount of policies returned. | [optional] + **offset** | **int**| The offset from where to start looking. | [optional] + +### Return type + +[**\ketoSDK\Model\OryAccessControlPolicy[]**](../Model/OryAccessControlPolicy.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) + +# **listOryAccessControlPolicyRoles** +> \ketoSDK\Model\OryAccessControlPolicyRole[] listOryAccessControlPolicyRoles($flavor, $limit, $offset) + +List ORY Access Control Policy Roles + +Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + +### Example +```php +listOryAccessControlPolicyRoles($flavor, $limit, $offset); + print_r($result); +} catch (Exception $e) { + echo 'Exception when calling EnginesApi->listOryAccessControlPolicyRoles: ', $e->getMessage(), PHP_EOL; +} +?> +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **string**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" | + **limit** | **int**| The maximum amount of policies returned. | [optional] + **offset** | **int**| The offset from where to start looking. | [optional] + +### Return type + +[**\ketoSDK\Model\OryAccessControlPolicyRole[]**](../Model/OryAccessControlPolicyRole.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) + +# **removeOryAccessControlPolicyRoleMembers** +> removeOryAccessControlPolicyRoleMembers($flavor, $id, $body) + +Remove a member from an ORY Access Control Policy Role + +Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + +### Example +```php +removeOryAccessControlPolicyRoleMembers($flavor, $id, $body); +} catch (Exception $e) { + echo 'Exception when calling EnginesApi->removeOryAccessControlPolicyRoleMembers: ', $e->getMessage(), PHP_EOL; +} +?> +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **string**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **id** | **string**| The ID of the ORY Access Control Policy Role. | + **body** | [**\ketoSDK\Model\RemoveOryAccessControlPolicyRoleMembersBody**](../Model/RemoveOryAccessControlPolicyRoleMembersBody.md)| | [optional] + +### Return type + +void (empty response body) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) + +# **upsertOryAccessControlPolicy** +> \ketoSDK\Model\OryAccessControlPolicy upsertOryAccessControlPolicy($flavor, $body) + + + +Upsert an ORY Access Control Policy + +### Example +```php +upsertOryAccessControlPolicy($flavor, $body); + print_r($result); +} catch (Exception $e) { + echo 'Exception when calling EnginesApi->upsertOryAccessControlPolicy: ', $e->getMessage(), PHP_EOL; +} +?> +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **string**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **body** | [**\ketoSDK\Model\OryAccessControlPolicy**](../Model/OryAccessControlPolicy.md)| | [optional] + +### Return type + +[**\ketoSDK\Model\OryAccessControlPolicy**](../Model/OryAccessControlPolicy.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) + +# **upsertOryAccessControlPolicyRole** +> \ketoSDK\Model\OryAccessControlPolicyRole upsertOryAccessControlPolicyRole($flavor, $body) + +Upsert an ORY Access Control Policy Role + +Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID as subject in the OACP. + +### Example +```php +upsertOryAccessControlPolicyRole($flavor, $body); + print_r($result); +} catch (Exception $e) { + echo 'Exception when calling EnginesApi->upsertOryAccessControlPolicyRole: ', $e->getMessage(), PHP_EOL; +} +?> +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **flavor** | **string**| The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". | + **body** | [**\ketoSDK\Model\OryAccessControlPolicyRole**](../Model/OryAccessControlPolicyRole.md)| | [optional] + +### Return type + +[**\ketoSDK\Model\OryAccessControlPolicyRole**](../Model/OryAccessControlPolicyRole.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) + diff --git a/sdk/php/swagger/docs/Api/HealthApi.md b/sdk/php/swagger/docs/Api/HealthApi.md index 669ac73c5..6ebf3044f 100644 --- a/sdk/php/swagger/docs/Api/HealthApi.md +++ b/sdk/php/swagger/docs/Api/HealthApi.md @@ -1,27 +1,27 @@ -# keto\SDK\HealthApi +# ketoSDK\HealthApi Client for keto All URIs are relative to *http://localhost* Method | HTTP request | Description ------------- | ------------- | ------------- -[**isInstanceAlive**](HealthApi.md#isInstanceAlive) | **GET** /health/alive | Check the Alive Status -[**isInstanceReady**](HealthApi.md#isInstanceReady) | **GET** /health/ready | Check the Readiness Status +[**isInstanceAlive**](HealthApi.md#isInstanceAlive) | **GET** /health/alive | Check alive status +[**isInstanceReady**](HealthApi.md#isInstanceReady) | **GET** /health/ready | Check readiness status # **isInstanceAlive** -> \keto\SDK\Model\HealthStatus isInstanceAlive() +> \ketoSDK\Model\HealthStatus isInstanceAlive() -Check the Alive Status +Check alive status -This endpoint returns a 200 status code when the HTTP server is up running. This status does currently not include checks whether the database connection is working. This endpoint does not require the `X-Forwarded-Proto` header when TLS termination is set. Be aware that if you are running multiple nodes of ORY Keto, the health status will never refer to the cluster state, only to a single instance. +This endpoint returns a 200 status code when the HTTP server is up running. This status does currently not include checks whether the database connection is working. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. ### Example ```php isInstanceAlive(); @@ -37,7 +37,7 @@ This endpoint does not need any parameter. ### Return type -[**\keto\SDK\Model\HealthStatus**](../Model/HealthStatus.md) +[**\ketoSDK\Model\HealthStatus**](../Model/HealthStatus.md) ### Authorization @@ -51,18 +51,18 @@ No authorization required [[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) # **isInstanceReady** -> \keto\SDK\Model\HealthStatus isInstanceReady() +> \ketoSDK\Model\HealthStatus isInstanceReady() -Check the Readiness Status +Check readiness status -This endpoint returns a 200 status code when the HTTP server is up running and the environment dependencies (e.g. the database) are responsive as well. This status does currently not include checks whether the database connection is working. This endpoint does not require the `X-Forwarded-Proto` header when TLS termination is set. Be aware that if you are running multiple nodes of ORY Keto, the health status will never refer to the cluster state, only to a single instance. +This endpoint returns a 200 status code when the HTTP server is up running and the environment dependencies (e.g. the database) are responsive as well. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. ### Example ```php isInstanceReady(); @@ -78,7 +78,7 @@ This endpoint does not need any parameter. ### Return type -[**\keto\SDK\Model\HealthStatus**](../Model/HealthStatus.md) +[**\ketoSDK\Model\HealthStatus**](../Model/HealthStatus.md) ### Authorization diff --git a/sdk/php/swagger/docs/Api/PolicyApi.md b/sdk/php/swagger/docs/Api/PolicyApi.md deleted file mode 100644 index c9595777f..000000000 --- a/sdk/php/swagger/docs/Api/PolicyApi.md +++ /dev/null @@ -1,242 +0,0 @@ -# keto\SDK\PolicyApi -Client for keto - -All URIs are relative to *http://localhost* - -Method | HTTP request | Description -------------- | ------------- | ------------- -[**createPolicy**](PolicyApi.md#createPolicy) | **POST** /policies | -[**deletePolicy**](PolicyApi.md#deletePolicy) | **DELETE** /policies/{id} | -[**getPolicy**](PolicyApi.md#getPolicy) | **GET** /policies/{id} | -[**listPolicies**](PolicyApi.md#listPolicies) | **GET** /policies | -[**updatePolicy**](PolicyApi.md#updatePolicy) | **PUT** /policies/{id} | - - -# **createPolicy** -> \keto\SDK\Model\Policy createPolicy($body) - - - -Create an Access Control Policy - -### Example -```php -createPolicy($body); - print_r($result); -} catch (Exception $e) { - echo 'Exception when calling PolicyApi->createPolicy: ', $e->getMessage(), PHP_EOL; -} -?> -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **body** | [**\keto\SDK\Model\Policy**](../Model/Policy.md)| | [optional] - -### Return type - -[**\keto\SDK\Model\Policy**](../Model/Policy.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) - -# **deletePolicy** -> deletePolicy($id) - - - -Delete an Access Control Policy - -### Example -```php -deletePolicy($id); -} catch (Exception $e) { - echo 'Exception when calling PolicyApi->deletePolicy: ', $e->getMessage(), PHP_EOL; -} -?> -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **id** | **string**| The id of the policy. | - -### Return type - -void (empty response body) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) - -# **getPolicy** -> \keto\SDK\Model\Policy getPolicy($id) - - - -Get an Access Control Policy - -### Example -```php -getPolicy($id); - print_r($result); -} catch (Exception $e) { - echo 'Exception when calling PolicyApi->getPolicy: ', $e->getMessage(), PHP_EOL; -} -?> -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **id** | **string**| The id of the policy. | - -### Return type - -[**\keto\SDK\Model\Policy**](../Model/Policy.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) - -# **listPolicies** -> \keto\SDK\Model\Policy[] listPolicies($offset, $limit) - - - -List Access Control Policies - -### Example -```php -listPolicies($offset, $limit); - print_r($result); -} catch (Exception $e) { - echo 'Exception when calling PolicyApi->listPolicies: ', $e->getMessage(), PHP_EOL; -} -?> -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **offset** | **int**| The offset from where to start looking. | [optional] - **limit** | **int**| The maximum amount of policies returned. | [optional] - -### Return type - -[**\keto\SDK\Model\Policy[]**](../Model/Policy.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) - -# **updatePolicy** -> \keto\SDK\Model\Policy updatePolicy($id, $body) - - - -Update an Access Control Policy - -### Example -```php -updatePolicy($id, $body); - print_r($result); -} catch (Exception $e) { - echo 'Exception when calling PolicyApi->updatePolicy: ', $e->getMessage(), PHP_EOL; -} -?> -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **id** | **string**| The id of the policy. | - **body** | [**\keto\SDK\Model\Policy**](../Model/Policy.md)| | [optional] - -### Return type - -[**\keto\SDK\Model\Policy**](../Model/Policy.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) - diff --git a/sdk/php/swagger/docs/Api/RoleApi.md b/sdk/php/swagger/docs/Api/RoleApi.md deleted file mode 100644 index 1dca04498..000000000 --- a/sdk/php/swagger/docs/Api/RoleApi.md +++ /dev/null @@ -1,331 +0,0 @@ -# keto\SDK\RoleApi -Client for keto - -All URIs are relative to *http://localhost* - -Method | HTTP request | Description -------------- | ------------- | ------------- -[**addMembersToRole**](RoleApi.md#addMembersToRole) | **POST** /roles/{id}/members | Add members to a role -[**createRole**](RoleApi.md#createRole) | **POST** /roles | Create a role -[**deleteRole**](RoleApi.md#deleteRole) | **DELETE** /roles/{id} | Get a role by its ID -[**getRole**](RoleApi.md#getRole) | **GET** /roles/{id} | Get a role by its ID -[**listRoles**](RoleApi.md#listRoles) | **GET** /roles | List all roles -[**removeMembersFromRole**](RoleApi.md#removeMembersFromRole) | **DELETE** /roles/{id}/members | Remove members from a role -[**setRole**](RoleApi.md#setRole) | **PUT** /roles/{id} | A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. - - -# **addMembersToRole** -> addMembersToRole($id, $body) - -Add members to a role - -A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to add members (users, applications, ...) to a specific role. You have to know the role's ID. - -### Example -```php -addMembersToRole($id, $body); -} catch (Exception $e) { - echo 'Exception when calling RoleApi->addMembersToRole: ', $e->getMessage(), PHP_EOL; -} -?> -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **id** | **string**| The id of the role to modify. | - **body** | [**\keto\SDK\Model\RoleMembers**](../Model/RoleMembers.md)| | [optional] - -### Return type - -void (empty response body) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) - -# **createRole** -> \keto\SDK\Model\Role createRole($body) - -Create a role - -A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to create a new role. You may define members as well but you don't have to. - -### Example -```php -createRole($body); - print_r($result); -} catch (Exception $e) { - echo 'Exception when calling RoleApi->createRole: ', $e->getMessage(), PHP_EOL; -} -?> -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **body** | [**\keto\SDK\Model\Role**](../Model/Role.md)| | [optional] - -### Return type - -[**\keto\SDK\Model\Role**](../Model/Role.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) - -# **deleteRole** -> deleteRole($id) - -Get a role by its ID - -A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to delete an existing role. You have to know the role's ID. - -### Example -```php -deleteRole($id); -} catch (Exception $e) { - echo 'Exception when calling RoleApi->deleteRole: ', $e->getMessage(), PHP_EOL; -} -?> -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **id** | **string**| The id of the role to look up. | - -### Return type - -void (empty response body) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) - -# **getRole** -> \keto\SDK\Model\Role getRole($id) - -Get a role by its ID - -A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to retrieve an existing role. You have to know the role's ID. - -### Example -```php -getRole($id); - print_r($result); -} catch (Exception $e) { - echo 'Exception when calling RoleApi->getRole: ', $e->getMessage(), PHP_EOL; -} -?> -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **id** | **string**| The id of the role to look up. | - -### Return type - -[**\keto\SDK\Model\Role**](../Model/Role.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) - -# **listRoles** -> \keto\SDK\Model\Role[] listRoles($member, $limit, $offset) - -List all roles - -A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to retrieve all roles that are stored in the system. - -### Example -```php -listRoles($member, $limit, $offset); - print_r($result); -} catch (Exception $e) { - echo 'Exception when calling RoleApi->listRoles: ', $e->getMessage(), PHP_EOL; -} -?> -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **member** | **string**| The id of the member to look up. | [optional] - **limit** | **int**| The maximum amount of policies returned. | [optional] - **offset** | **int**| The offset from where to start looking. | [optional] - -### Return type - -[**\keto\SDK\Model\Role[]**](../Model/Role.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) - -# **removeMembersFromRole** -> removeMembersFromRole($id, $body) - -Remove members from a role - -A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. This endpoint allows you to remove members (users, applications, ...) from a specific role. You have to know the role's ID. - -### Example -```php -removeMembersFromRole($id, $body); -} catch (Exception $e) { - echo 'Exception when calling RoleApi->removeMembersFromRole: ', $e->getMessage(), PHP_EOL; -} -?> -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **id** | **string**| The id of the role to modify. | - **body** | [**\keto\SDK\Model\RoleMembers**](../Model/RoleMembers.md)| | [optional] - -### Return type - -void (empty response body) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) - -# **setRole** -> setRole() - -A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. - -This endpoint allows you to overwrite a role. You have to know the role's ID. - -### Example -```php -setRole(); -} catch (Exception $e) { - echo 'Exception when calling RoleApi->setRole: ', $e->getMessage(), PHP_EOL; -} -?> -``` - -### Parameters -This endpoint does not need any parameter. - -### Return type - -void (empty response body) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) - diff --git a/sdk/php/swagger/docs/Api/VersionApi.md b/sdk/php/swagger/docs/Api/VersionApi.md index 082a3efd6..55f3cbed1 100644 --- a/sdk/php/swagger/docs/Api/VersionApi.md +++ b/sdk/php/swagger/docs/Api/VersionApi.md @@ -1,26 +1,26 @@ -# keto\SDK\VersionApi +# ketoSDK\VersionApi Client for keto All URIs are relative to *http://localhost* Method | HTTP request | Description ------------- | ------------- | ------------- -[**getVersion**](VersionApi.md#getVersion) | **GET** /version | Get the version of Keto +[**getVersion**](VersionApi.md#getVersion) | **GET** /version | Get service version # **getVersion** -> \keto\SDK\Model\Version getVersion() +> \ketoSDK\Model\Version getVersion() -Get the version of Keto +Get service version -This endpoint returns the version as `{ \"version\": \"VERSION\" }`. The version is only correct with the prebuilt binary and not custom builds. +This endpoint returns the service version typically notated using semantic versioning. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. ### Example ```php getVersion(); @@ -36,7 +36,7 @@ This endpoint does not need any parameter. ### Return type -[**\keto\SDK\Model\Version**](../Model/Version.md) +[**\ketoSDK\Model\Version**](../Model/Version.md) ### Authorization diff --git a/sdk/php/swagger/docs/Api/WardenApi.md b/sdk/php/swagger/docs/Api/WardenApi.md deleted file mode 100644 index 5f41aa0bf..000000000 --- a/sdk/php/swagger/docs/Api/WardenApi.md +++ /dev/null @@ -1,147 +0,0 @@ -# keto\SDK\WardenApi -Client for keto - -All URIs are relative to *http://localhost* - -Method | HTTP request | Description -------------- | ------------- | ------------- -[**isOAuth2AccessTokenAuthorized**](WardenApi.md#isOAuth2AccessTokenAuthorized) | **POST** /warden/oauth2/access-tokens/authorize | Check if an OAuth 2.0 access token is authorized to access a resource -[**isOAuth2ClientAuthorized**](WardenApi.md#isOAuth2ClientAuthorized) | **POST** /warden/oauth2/clients/authorize | Check if an OAuth 2.0 Client is authorized to access a resource -[**isSubjectAuthorized**](WardenApi.md#isSubjectAuthorized) | **POST** /warden/subjects/authorize | Check if a subject is authorized to access a resource - - -# **isOAuth2AccessTokenAuthorized** -> \keto\SDK\Model\WardenOAuth2AccessTokenAuthorizationResponse isOAuth2AccessTokenAuthorized($body) - -Check if an OAuth 2.0 access token is authorized to access a resource - -Checks if a token is valid and if the token subject is allowed to perform an action on a resource. This endpoint requires a token, a scope, a resource name, an action name and a context. If a token is expired/invalid, has not been granted the requested scope or the subject is not allowed to perform the action on the resource, this endpoint returns a 200 response with `{ \"allowed\": false }`. This endpoint passes all data from the upstream OAuth 2.0 token introspection endpoint. If you use ORY Hydra as an upstream OAuth 2.0 provider, data set through the `accessTokenExtra` field in the consent flow will be included in this response as well. - -### Example -```php -isOAuth2AccessTokenAuthorized($body); - print_r($result); -} catch (Exception $e) { - echo 'Exception when calling WardenApi->isOAuth2AccessTokenAuthorized: ', $e->getMessage(), PHP_EOL; -} -?> -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **body** | [**\keto\SDK\Model\WardenOAuth2AccessTokenAuthorizationRequest**](../Model/WardenOAuth2AccessTokenAuthorizationRequest.md)| | [optional] - -### Return type - -[**\keto\SDK\Model\WardenOAuth2AccessTokenAuthorizationResponse**](../Model/WardenOAuth2AccessTokenAuthorizationResponse.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) - -# **isOAuth2ClientAuthorized** -> \keto\SDK\Model\WardenOAuth2ClientAuthorizationResponse isOAuth2ClientAuthorized($body) - -Check if an OAuth 2.0 Client is authorized to access a resource - -Checks if an OAuth 2.0 Client provided the correct access credentials and and if the client is allowed to perform an action on a resource. This endpoint requires a client id, a client secret, a scope, a resource name, an action name and a context. - -### Example -```php -isOAuth2ClientAuthorized($body); - print_r($result); -} catch (Exception $e) { - echo 'Exception when calling WardenApi->isOAuth2ClientAuthorized: ', $e->getMessage(), PHP_EOL; -} -?> -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **body** | [**\keto\SDK\Model\WardenOAuth2ClientAuthorizationRequest**](../Model/WardenOAuth2ClientAuthorizationRequest.md)| | [optional] - -### Return type - -[**\keto\SDK\Model\WardenOAuth2ClientAuthorizationResponse**](../Model/WardenOAuth2ClientAuthorizationResponse.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) - -# **isSubjectAuthorized** -> \keto\SDK\Model\WardenSubjectAuthorizationResponse isSubjectAuthorized($body) - -Check if a subject is authorized to access a resource - -Checks if a subject (e.g. user ID, API key, ...) is allowed to perform a certain action on a resource. - -### Example -```php -isSubjectAuthorized($body); - print_r($result); -} catch (Exception $e) { - echo 'Exception when calling WardenApi->isSubjectAuthorized: ', $e->getMessage(), PHP_EOL; -} -?> -``` - -### Parameters - -Name | Type | Description | Notes -------------- | ------------- | ------------- | ------------- - **body** | [**\keto\SDK\Model\WardenSubjectAuthorizationRequest**](../Model/WardenSubjectAuthorizationRequest.md)| | [optional] - -### Return type - -[**\keto\SDK\Model\WardenSubjectAuthorizationResponse**](../Model/WardenSubjectAuthorizationResponse.md) - -### Authorization - -No authorization required - -### HTTP request headers - - - **Content-Type**: application/json - - **Accept**: application/json - -[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) - diff --git a/sdk/php/swagger/docs/Model/AddOryAccessControlPolicyRoleMembers.md b/sdk/php/swagger/docs/Model/AddOryAccessControlPolicyRoleMembers.md new file mode 100644 index 000000000..7ba62b695 --- /dev/null +++ b/sdk/php/swagger/docs/Model/AddOryAccessControlPolicyRoleMembers.md @@ -0,0 +1,12 @@ +# AddOryAccessControlPolicyRoleMembers + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**body** | [**\ketoSDK\Model\AddOryAccessControlPolicyRoleMembersBody**](AddOryAccessControlPolicyRoleMembersBody.md) | | [optional] +**flavor** | **string** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | +**id** | **string** | The ID of the ORY Access Control Policy Role. in: path | + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/php/swagger/docs/Model/SwaggerCreatePolicyParameters.md b/sdk/php/swagger/docs/Model/AddOryAccessControlPolicyRoleMembersBody.md similarity index 72% rename from sdk/php/swagger/docs/Model/SwaggerCreatePolicyParameters.md rename to sdk/php/swagger/docs/Model/AddOryAccessControlPolicyRoleMembersBody.md index fad22b7eb..01fbaba18 100644 --- a/sdk/php/swagger/docs/Model/SwaggerCreatePolicyParameters.md +++ b/sdk/php/swagger/docs/Model/AddOryAccessControlPolicyRoleMembersBody.md @@ -1,9 +1,9 @@ -# SwaggerCreatePolicyParameters +# AddOryAccessControlPolicyRoleMembersBody ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**body** | [**\keto\SDK\Model\Policy**](Policy.md) | | [optional] +**members** | **string[]** | The members to be added. | [optional] [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/sdk/php/swagger/docs/Model/AuthenticationDefaultSession.md b/sdk/php/swagger/docs/Model/AuthenticationDefaultSession.md deleted file mode 100644 index 246dfd538..000000000 --- a/sdk/php/swagger/docs/Model/AuthenticationDefaultSession.md +++ /dev/null @@ -1,11 +0,0 @@ -# AuthenticationDefaultSession - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**allowed** | **bool** | Allowed is true if the request is allowed and false otherwise. | [optional] -**sub** | **string** | Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. | [optional] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/AuthenticationOAuth2ClientCredentialsRequest.md b/sdk/php/swagger/docs/Model/AuthenticationOAuth2ClientCredentialsRequest.md deleted file mode 100644 index 809b7583b..000000000 --- a/sdk/php/swagger/docs/Model/AuthenticationOAuth2ClientCredentialsRequest.md +++ /dev/null @@ -1,12 +0,0 @@ -# AuthenticationOAuth2ClientCredentialsRequest - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**client_id** | **string** | Token is the token to introspect. | [optional] -**client_secret** | **string** | | [optional] -**scope** | **string[]** | Scope is an array of scopes that are required. | [optional] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/AuthenticationOAuth2ClientCredentialsSession.md b/sdk/php/swagger/docs/Model/AuthenticationOAuth2ClientCredentialsSession.md deleted file mode 100644 index c9ad9cd1a..000000000 --- a/sdk/php/swagger/docs/Model/AuthenticationOAuth2ClientCredentialsSession.md +++ /dev/null @@ -1,11 +0,0 @@ -# AuthenticationOAuth2ClientCredentialsSession - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**allowed** | **bool** | Allowed is true if the request is allowed and false otherwise. | [optional] -**sub** | **string** | Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. | [optional] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/AuthenticationOAuth2IntrospectionRequest.md b/sdk/php/swagger/docs/Model/AuthenticationOAuth2IntrospectionRequest.md deleted file mode 100644 index 909e21526..000000000 --- a/sdk/php/swagger/docs/Model/AuthenticationOAuth2IntrospectionRequest.md +++ /dev/null @@ -1,11 +0,0 @@ -# AuthenticationOAuth2IntrospectionRequest - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**scope** | **string[]** | Scope is an array of scopes that are required. | [optional] -**token** | **string** | Token is the token to introspect. | [optional] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/AuthenticationOAuth2Session.md b/sdk/php/swagger/docs/Model/AuthenticationOAuth2Session.md deleted file mode 100644 index e950dced0..000000000 --- a/sdk/php/swagger/docs/Model/AuthenticationOAuth2Session.md +++ /dev/null @@ -1,20 +0,0 @@ -# AuthenticationOAuth2Session - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**allowed** | **bool** | Allowed is true if the request is allowed and false otherwise. | [optional] -**aud** | **string[]** | | [optional] -**client_id** | **string** | ClientID is the id of the OAuth2 client that requested the token. | [optional] -**exp** | [**\DateTime**](\DateTime.md) | ExpiresAt is the expiry timestamp. | [optional] -**iat** | [**\DateTime**](\DateTime.md) | IssuedAt is the token creation time stamp. | [optional] -**iss** | **string** | Issuer is the id of the issuer, typically an hydra instance. | [optional] -**nbf** | [**\DateTime**](\DateTime.md) | | [optional] -**scope** | **string** | GrantedScopes is a list of scopes that the subject authorized when asked for consent. | [optional] -**session** | **map[string,object]** | Session represents arbitrary session data. | [optional] -**sub** | **string** | Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. | [optional] -**username** | **string** | | [optional] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/Authenticator.md b/sdk/php/swagger/docs/Model/Authenticator.md deleted file mode 100644 index 841ffbb14..000000000 --- a/sdk/php/swagger/docs/Model/Authenticator.md +++ /dev/null @@ -1,9 +0,0 @@ -# Authenticator - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/AuthorizationResult.md b/sdk/php/swagger/docs/Model/AuthorizationResult.md new file mode 100644 index 000000000..3055a30bc --- /dev/null +++ b/sdk/php/swagger/docs/Model/AuthorizationResult.md @@ -0,0 +1,10 @@ +# AuthorizationResult + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**allowed** | **bool** | Allowed is true if the request should be allowed and false otherwise. | [optional] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/php/swagger/docs/Model/Manager.md b/sdk/php/swagger/docs/Model/Context.md similarity index 96% rename from sdk/php/swagger/docs/Model/Manager.md rename to sdk/php/swagger/docs/Model/Context.md index 485b36683..f79b191f4 100644 --- a/sdk/php/swagger/docs/Model/Manager.md +++ b/sdk/php/swagger/docs/Model/Context.md @@ -1,4 +1,4 @@ -# Manager +# Context ## Properties Name | Type | Description | Notes diff --git a/sdk/go/keto/swagger/docs/AuthenticationOAuth2IntrospectionRequest.md b/sdk/php/swagger/docs/Model/DeleteOryAccessControlPolicy.md similarity index 53% rename from sdk/go/keto/swagger/docs/AuthenticationOAuth2IntrospectionRequest.md rename to sdk/php/swagger/docs/Model/DeleteOryAccessControlPolicy.md index a76d4d7bb..7e1f19d19 100644 --- a/sdk/go/keto/swagger/docs/AuthenticationOAuth2IntrospectionRequest.md +++ b/sdk/php/swagger/docs/Model/DeleteOryAccessControlPolicy.md @@ -1,10 +1,10 @@ -# AuthenticationOAuth2IntrospectionRequest +# DeleteOryAccessControlPolicy ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**Scope** | **[]string** | Scope is an array of scopes that are required. | [optional] [default to null] -**Token** | **string** | Token is the token to introspect. | [optional] [default to null] +**flavor** | **string** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | +**id** | **string** | The ID of the ORY Access Control Policy Role. in: path | [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/sdk/php/swagger/docs/Model/DeleteOryAccessControlPolicyRole.md b/sdk/php/swagger/docs/Model/DeleteOryAccessControlPolicyRole.md new file mode 100644 index 000000000..e2325a2f3 --- /dev/null +++ b/sdk/php/swagger/docs/Model/DeleteOryAccessControlPolicyRole.md @@ -0,0 +1,11 @@ +# DeleteOryAccessControlPolicyRole + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**flavor** | **string** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | +**id** | **string** | The ID of the ORY Access Control Policy Role. in: path | + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/php/swagger/docs/Model/DoOryAccessControlPoliciesAllow.md b/sdk/php/swagger/docs/Model/DoOryAccessControlPoliciesAllow.md new file mode 100644 index 000000000..b6c15719f --- /dev/null +++ b/sdk/php/swagger/docs/Model/DoOryAccessControlPoliciesAllow.md @@ -0,0 +1,11 @@ +# DoOryAccessControlPoliciesAllow + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**body** | [**\ketoSDK\Model\OryAccessControlPolicyAllowedInput**](OryAccessControlPolicyAllowedInput.md) | | [optional] +**flavor** | **string** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/php/swagger/docs/Model/Handler.md b/sdk/php/swagger/docs/Model/GetOryAccessControlPolicy.md similarity index 53% rename from sdk/php/swagger/docs/Model/Handler.md rename to sdk/php/swagger/docs/Model/GetOryAccessControlPolicy.md index f5e7fef85..3c2a880c4 100644 --- a/sdk/php/swagger/docs/Model/Handler.md +++ b/sdk/php/swagger/docs/Model/GetOryAccessControlPolicy.md @@ -1,10 +1,10 @@ -# Handler +# GetOryAccessControlPolicy ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**h** | [**\keto\SDK\Model\Writer**](Writer.md) | | [optional] -**manager** | [**\keto\SDK\Model\Manager**](Manager.md) | | [optional] +**flavor** | **string** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | +**id** | **string** | The ID of the ORY Access Control Policy Role. in: path | [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/sdk/php/swagger/docs/Model/GetOryAccessControlPolicyRole.md b/sdk/php/swagger/docs/Model/GetOryAccessControlPolicyRole.md new file mode 100644 index 000000000..01129b8da --- /dev/null +++ b/sdk/php/swagger/docs/Model/GetOryAccessControlPolicyRole.md @@ -0,0 +1,11 @@ +# GetOryAccessControlPolicyRole + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**flavor** | **string** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | +**id** | **string** | The ID of the ORY Access Control Policy Role. in: path | + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/php/swagger/docs/Model/IntrospectionResponse.md b/sdk/php/swagger/docs/Model/IntrospectionResponse.md deleted file mode 100644 index 940ab68fc..000000000 --- a/sdk/php/swagger/docs/Model/IntrospectionResponse.md +++ /dev/null @@ -1,21 +0,0 @@ -# IntrospectionResponse - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**active** | **bool** | | [optional] -**aud** | **string[]** | | [optional] -**client_id** | **string** | | [optional] -**exp** | **int** | | [optional] -**ext** | **map[string,object]** | Session represents arbitrary session data. | [optional] -**iat** | **int** | | [optional] -**iss** | **string** | | [optional] -**nbf** | **int** | | [optional] -**scope** | **string** | | [optional] -**sub** | **string** | Here, it's sub | [optional] -**token_type** | **string** | | [optional] -**username** | **string** | | [optional] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/ListOryAccessControlPolicies.md b/sdk/php/swagger/docs/Model/ListOryAccessControlPolicies.md new file mode 100644 index 000000000..e17770d7a --- /dev/null +++ b/sdk/php/swagger/docs/Model/ListOryAccessControlPolicies.md @@ -0,0 +1,12 @@ +# ListOryAccessControlPolicies + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**flavor** | **string** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" in: path | +**limit** | **int** | The maximum amount of policies returned. in: query | [optional] +**offset** | **int** | The offset from where to start looking. in: query | [optional] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/php/swagger/docs/Model/ListOryAccessControlPolicyRoles.md b/sdk/php/swagger/docs/Model/ListOryAccessControlPolicyRoles.md new file mode 100644 index 000000000..1cb55a874 --- /dev/null +++ b/sdk/php/swagger/docs/Model/ListOryAccessControlPolicyRoles.md @@ -0,0 +1,12 @@ +# ListOryAccessControlPolicyRoles + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**flavor** | **string** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" in: path | +**limit** | **int** | The maximum amount of policies returned. in: query | [optional] +**offset** | **int** | The offset from where to start looking. in: query | [optional] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/php/swagger/docs/Model/OAuth2ClientCredentialsAuthentication.md b/sdk/php/swagger/docs/Model/OAuth2ClientCredentialsAuthentication.md deleted file mode 100644 index f77ef723c..000000000 --- a/sdk/php/swagger/docs/Model/OAuth2ClientCredentialsAuthentication.md +++ /dev/null @@ -1,9 +0,0 @@ -# OAuth2ClientCredentialsAuthentication - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/OAuth2IntrospectionAuthentication.md b/sdk/php/swagger/docs/Model/OAuth2IntrospectionAuthentication.md deleted file mode 100644 index aeccd97ff..000000000 --- a/sdk/php/swagger/docs/Model/OAuth2IntrospectionAuthentication.md +++ /dev/null @@ -1,9 +0,0 @@ -# OAuth2IntrospectionAuthentication - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/OryAccessControlPolicies.md b/sdk/php/swagger/docs/Model/OryAccessControlPolicies.md new file mode 100644 index 000000000..709115409 --- /dev/null +++ b/sdk/php/swagger/docs/Model/OryAccessControlPolicies.md @@ -0,0 +1,10 @@ +# OryAccessControlPolicies + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**body** | [**\ketoSDK\Model\OryAccessControlPolicy[]**](OryAccessControlPolicy.md) | in: body | [optional] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/php/swagger/docs/Model/OryAccessControlPolicy.md b/sdk/php/swagger/docs/Model/OryAccessControlPolicy.md new file mode 100644 index 000000000..595ccaf45 --- /dev/null +++ b/sdk/php/swagger/docs/Model/OryAccessControlPolicy.md @@ -0,0 +1,16 @@ +# OryAccessControlPolicy + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**actions** | **string[]** | Actions is an array representing all the actions this ORY Access Policy applies to. | [optional] +**conditions** | [**map[string,object][]**](map.md) | Conditions represents an array of conditions under which this ORY Access Policy is active. | [optional] +**description** | **string** | Description is an optional, human-readable description. | [optional] +**effect** | **string** | Effect is the effect of this ORY Access Policy. It can be \"allow\" or \"deny\". | [optional] +**id** | **string** | ID is the unique identifier of the ORY Access Policy. It is used to query, update, and remove the ORY Access Policy. | [optional] +**resources** | **string[]** | Resources is an array representing all the resources this ORY Access Policy applies to. | [optional] +**subjects** | **string[]** | Subjects is an array representing all the subjects this ORY Access Policy applies to. | [optional] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/php/swagger/docs/Model/WardenSubjectAuthorizationRequest.md b/sdk/php/swagger/docs/Model/OryAccessControlPolicyAllowedInput.md similarity index 85% rename from sdk/php/swagger/docs/Model/WardenSubjectAuthorizationRequest.md rename to sdk/php/swagger/docs/Model/OryAccessControlPolicyAllowedInput.md index a65b76786..44545537e 100644 --- a/sdk/php/swagger/docs/Model/WardenSubjectAuthorizationRequest.md +++ b/sdk/php/swagger/docs/Model/OryAccessControlPolicyAllowedInput.md @@ -1,4 +1,4 @@ -# WardenSubjectAuthorizationRequest +# OryAccessControlPolicyAllowedInput ## Properties Name | Type | Description | Notes @@ -6,7 +6,7 @@ Name | Type | Description | Notes **action** | **string** | Action is the action that is requested on the resource. | [optional] **context** | **map[string,object]** | Context is the request's environmental context. | [optional] **resource** | **string** | Resource is the resource that access is requested to. | [optional] -**subject** | **string** | Subejct is the subject that is requesting access. | [optional] +**subject** | **string** | Subject is the subject that is requesting access. | [optional] [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/sdk/php/swagger/docs/Model/Role.md b/sdk/php/swagger/docs/Model/OryAccessControlPolicyRole.md similarity index 93% rename from sdk/php/swagger/docs/Model/Role.md rename to sdk/php/swagger/docs/Model/OryAccessControlPolicyRole.md index 8ee4747fe..4c963a85e 100644 --- a/sdk/php/swagger/docs/Model/Role.md +++ b/sdk/php/swagger/docs/Model/OryAccessControlPolicyRole.md @@ -1,4 +1,4 @@ -# Role +# OryAccessControlPolicyRole ## Properties Name | Type | Description | Notes diff --git a/sdk/go/keto/swagger/docs/Manager.md b/sdk/php/swagger/docs/Model/OryAccessControlPolicyRoles.md similarity index 90% rename from sdk/go/keto/swagger/docs/Manager.md rename to sdk/php/swagger/docs/Model/OryAccessControlPolicyRoles.md index 485b36683..6d4ab9894 100644 --- a/sdk/go/keto/swagger/docs/Manager.md +++ b/sdk/php/swagger/docs/Model/OryAccessControlPolicyRoles.md @@ -1,4 +1,4 @@ -# Manager +# OryAccessControlPolicyRoles ## Properties Name | Type | Description | Notes diff --git a/sdk/php/swagger/docs/Model/Firewall.md b/sdk/php/swagger/docs/Model/Policies.md similarity index 96% rename from sdk/php/swagger/docs/Model/Firewall.md rename to sdk/php/swagger/docs/Model/Policies.md index 134131c8c..3b4e2a077 100644 --- a/sdk/php/swagger/docs/Model/Firewall.md +++ b/sdk/php/swagger/docs/Model/Policies.md @@ -1,4 +1,4 @@ -# Firewall +# Policies ## Properties Name | Type | Description | Notes diff --git a/sdk/php/swagger/docs/Model/Policy.md b/sdk/php/swagger/docs/Model/Policy.md deleted file mode 100644 index c849e174f..000000000 --- a/sdk/php/swagger/docs/Model/Policy.md +++ /dev/null @@ -1,16 +0,0 @@ -# Policy - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**actions** | **string[]** | Actions impacted by the policy. | [optional] -**conditions** | [**map[string,\keto\SDK\Model\PolicyConditions]**](PolicyConditions.md) | Conditions under which the policy is active. | [optional] -**description** | **string** | Description of the policy. | [optional] -**effect** | **string** | Effect of the policy | [optional] -**id** | **string** | ID of the policy. | [optional] -**resources** | **string[]** | Resources impacted by the policy. | [optional] -**subjects** | **string[]** | Subjects impacted by the policy. | [optional] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/PolicyConditions.md b/sdk/php/swagger/docs/Model/PolicyConditions.md deleted file mode 100644 index 58de79f38..000000000 --- a/sdk/php/swagger/docs/Model/PolicyConditions.md +++ /dev/null @@ -1,11 +0,0 @@ -# PolicyConditions - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**options** | **map[string,object]** | | [optional] -**type** | **string** | | [optional] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/RemoveOryAccessControlPolicyRoleMembers.md b/sdk/php/swagger/docs/Model/RemoveOryAccessControlPolicyRoleMembers.md new file mode 100644 index 000000000..329c49aae --- /dev/null +++ b/sdk/php/swagger/docs/Model/RemoveOryAccessControlPolicyRoleMembers.md @@ -0,0 +1,12 @@ +# RemoveOryAccessControlPolicyRoleMembers + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**body** | [**\ketoSDK\Model\RemoveOryAccessControlPolicyRoleMembersBody**](RemoveOryAccessControlPolicyRoleMembersBody.md) | | [optional] +**flavor** | **string** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | +**id** | **string** | The ID of the ORY Access Control Policy Role. in: path | + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/go/keto/swagger/docs/OAuth2ClientCredentialsAuthentication.md b/sdk/php/swagger/docs/Model/RemoveOryAccessControlPolicyRoleMembersBody.md similarity index 70% rename from sdk/go/keto/swagger/docs/OAuth2ClientCredentialsAuthentication.md rename to sdk/php/swagger/docs/Model/RemoveOryAccessControlPolicyRoleMembersBody.md index f77ef723c..727b22127 100644 --- a/sdk/go/keto/swagger/docs/OAuth2ClientCredentialsAuthentication.md +++ b/sdk/php/swagger/docs/Model/RemoveOryAccessControlPolicyRoleMembersBody.md @@ -1,8 +1,9 @@ -# OAuth2ClientCredentialsAuthentication +# RemoveOryAccessControlPolicyRoleMembersBody ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- +**members** | **string[]** | The members to be removed. | [optional] [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/sdk/php/swagger/docs/Model/RoleMembers.md b/sdk/php/swagger/docs/Model/RoleMembers.md deleted file mode 100644 index 6a45e8902..000000000 --- a/sdk/php/swagger/docs/Model/RoleMembers.md +++ /dev/null @@ -1,10 +0,0 @@ -# RoleMembers - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**members** | **string[]** | | [optional] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/Session.md b/sdk/php/swagger/docs/Model/Session.md deleted file mode 100644 index ab927982d..000000000 --- a/sdk/php/swagger/docs/Model/Session.md +++ /dev/null @@ -1,10 +0,0 @@ -# Session - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**get_subject** | **string** | | [optional] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/SwaggerDoesWardenAllowAccessRequestParameters.md b/sdk/php/swagger/docs/Model/SwaggerDoesWardenAllowAccessRequestParameters.md deleted file mode 100644 index b396eb529..000000000 --- a/sdk/php/swagger/docs/Model/SwaggerDoesWardenAllowAccessRequestParameters.md +++ /dev/null @@ -1,10 +0,0 @@ -# SwaggerDoesWardenAllowAccessRequestParameters - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**body** | [**\keto\SDK\Model\WardenSubjectAuthorizationRequest**](WardenSubjectAuthorizationRequest.md) | | [optional] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/SwaggerDoesWardenAllowClientRequestParameters.md b/sdk/php/swagger/docs/Model/SwaggerDoesWardenAllowClientRequestParameters.md deleted file mode 100644 index 3145cf33c..000000000 --- a/sdk/php/swagger/docs/Model/SwaggerDoesWardenAllowClientRequestParameters.md +++ /dev/null @@ -1,10 +0,0 @@ -# SwaggerDoesWardenAllowClientRequestParameters - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**body** | [**\keto\SDK\Model\WardenOAuth2ClientAuthorizationRequest**](WardenOAuth2ClientAuthorizationRequest.md) | | [optional] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/SwaggerDoesWardenAllowTokenAccessRequestParameters.md b/sdk/php/swagger/docs/Model/SwaggerDoesWardenAllowTokenAccessRequestParameters.md deleted file mode 100644 index 5a77ddcd9..000000000 --- a/sdk/php/swagger/docs/Model/SwaggerDoesWardenAllowTokenAccessRequestParameters.md +++ /dev/null @@ -1,10 +0,0 @@ -# SwaggerDoesWardenAllowTokenAccessRequestParameters - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**body** | [**\keto\SDK\Model\WardenOAuth2AccessTokenAuthorizationRequest**](WardenOAuth2AccessTokenAuthorizationRequest.md) | | [optional] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/SwaggerGetPolicyParameters.md b/sdk/php/swagger/docs/Model/SwaggerGetPolicyParameters.md deleted file mode 100644 index 768327cb7..000000000 --- a/sdk/php/swagger/docs/Model/SwaggerGetPolicyParameters.md +++ /dev/null @@ -1,10 +0,0 @@ -# SwaggerGetPolicyParameters - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**id** | **string** | The id of the policy. in: path | [optional] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/SwaggerListPolicyParameters.md b/sdk/php/swagger/docs/Model/SwaggerListPolicyParameters.md deleted file mode 100644 index b81cd9de8..000000000 --- a/sdk/php/swagger/docs/Model/SwaggerListPolicyParameters.md +++ /dev/null @@ -1,11 +0,0 @@ -# SwaggerListPolicyParameters - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**limit** | **int** | The maximum amount of policies returned. in: query | [optional] -**offset** | **int** | The offset from where to start looking. in: query | [optional] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/SwaggerListPolicyResponse.md b/sdk/php/swagger/docs/Model/SwaggerListPolicyResponse.md deleted file mode 100644 index d307b8c93..000000000 --- a/sdk/php/swagger/docs/Model/SwaggerListPolicyResponse.md +++ /dev/null @@ -1,10 +0,0 @@ -# SwaggerListPolicyResponse - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**body** | [**\keto\SDK\Model\Policy[]**](Policy.md) | in: body type: array | [optional] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/SwaggerUpdatePolicyParameters.md b/sdk/php/swagger/docs/Model/SwaggerUpdatePolicyParameters.md deleted file mode 100644 index 08cddaf32..000000000 --- a/sdk/php/swagger/docs/Model/SwaggerUpdatePolicyParameters.md +++ /dev/null @@ -1,11 +0,0 @@ -# SwaggerUpdatePolicyParameters - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**body** | [**\keto\SDK\Model\Policy**](Policy.md) | | [optional] -**id** | **string** | The id of the policy. in: path | [optional] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/SwaggerWardenBaseRequest.md b/sdk/php/swagger/docs/Model/SwaggerWardenBaseRequest.md deleted file mode 100644 index 380c56572..000000000 --- a/sdk/php/swagger/docs/Model/SwaggerWardenBaseRequest.md +++ /dev/null @@ -1,12 +0,0 @@ -# SwaggerWardenBaseRequest - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**action** | **string** | Action is the action that is requested on the resource. | [optional] -**context** | **map[string,object]** | Context is the request's environmental context. | [optional] -**resource** | **string** | Resource is the resource that access is requested to. | [optional] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/UpsertOryAccessControlPolicy.md b/sdk/php/swagger/docs/Model/UpsertOryAccessControlPolicy.md new file mode 100644 index 000000000..62a7b7341 --- /dev/null +++ b/sdk/php/swagger/docs/Model/UpsertOryAccessControlPolicy.md @@ -0,0 +1,11 @@ +# UpsertOryAccessControlPolicy + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**body** | [**\ketoSDK\Model\OryAccessControlPolicy**](OryAccessControlPolicy.md) | | [optional] +**flavor** | **string** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/sdk/go/keto/swagger/docs/Handler.md b/sdk/php/swagger/docs/Model/UpsertOryAccessControlPolicyRole.md similarity index 50% rename from sdk/go/keto/swagger/docs/Handler.md rename to sdk/php/swagger/docs/Model/UpsertOryAccessControlPolicyRole.md index dd845173e..1a3701325 100644 --- a/sdk/go/keto/swagger/docs/Handler.md +++ b/sdk/php/swagger/docs/Model/UpsertOryAccessControlPolicyRole.md @@ -1,10 +1,10 @@ -# Handler +# UpsertOryAccessControlPolicyRole ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**H** | [**Writer**](Writer.md) | | [optional] [default to null] -**Manager** | [**Manager**](Manager.md) | | [optional] [default to null] +**body** | [**\ketoSDK\Model\OryAccessControlPolicyRole**](OryAccessControlPolicyRole.md) | | [optional] +**flavor** | **string** | The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path | [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/sdk/php/swagger/docs/Model/Version.md b/sdk/php/swagger/docs/Model/Version.md index ac06487cc..0ea6a25ec 100644 --- a/sdk/php/swagger/docs/Model/Version.md +++ b/sdk/php/swagger/docs/Model/Version.md @@ -3,7 +3,7 @@ ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**version** | **string** | | [optional] +**version** | **string** | Version is the service's version. | [optional] [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/sdk/php/swagger/docs/Model/WardenOAuth2AccessTokenAuthorizationRequest.md b/sdk/php/swagger/docs/Model/WardenOAuth2AccessTokenAuthorizationRequest.md deleted file mode 100644 index 691229deb..000000000 --- a/sdk/php/swagger/docs/Model/WardenOAuth2AccessTokenAuthorizationRequest.md +++ /dev/null @@ -1,14 +0,0 @@ -# WardenOAuth2AccessTokenAuthorizationRequest - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**action** | **string** | Action is the action that is requested on the resource. | [optional] -**context** | **map[string,object]** | Context is the request's environmental context. | [optional] -**resource** | **string** | Resource is the resource that access is requested to. | [optional] -**scope** | **string[]** | Scope is an array of scopes that are required. | [optional] -**token** | **string** | Token is the token to introspect. | [optional] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/WardenOAuth2AccessTokenAuthorizationResponse.md b/sdk/php/swagger/docs/Model/WardenOAuth2AccessTokenAuthorizationResponse.md deleted file mode 100644 index 55f882cd7..000000000 --- a/sdk/php/swagger/docs/Model/WardenOAuth2AccessTokenAuthorizationResponse.md +++ /dev/null @@ -1,20 +0,0 @@ -# WardenOAuth2AccessTokenAuthorizationResponse - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**allowed** | **bool** | Allowed is true if the request is allowed and false otherwise. | [optional] -**aud** | **string[]** | | [optional] -**client_id** | **string** | ClientID is the id of the OAuth2 client that requested the token. | [optional] -**exp** | [**\DateTime**](\DateTime.md) | ExpiresAt is the expiry timestamp. | [optional] -**iat** | [**\DateTime**](\DateTime.md) | IssuedAt is the token creation time stamp. | [optional] -**iss** | **string** | Issuer is the id of the issuer, typically an hydra instance. | [optional] -**nbf** | [**\DateTime**](\DateTime.md) | | [optional] -**scope** | **string** | GrantedScopes is a list of scopes that the subject authorized when asked for consent. | [optional] -**session** | **map[string,object]** | Session represents arbitrary session data. | [optional] -**sub** | **string** | Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. | [optional] -**username** | **string** | | [optional] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/WardenOAuth2ClientAuthorizationRequest.md b/sdk/php/swagger/docs/Model/WardenOAuth2ClientAuthorizationRequest.md deleted file mode 100644 index 03f6bd09d..000000000 --- a/sdk/php/swagger/docs/Model/WardenOAuth2ClientAuthorizationRequest.md +++ /dev/null @@ -1,15 +0,0 @@ -# WardenOAuth2ClientAuthorizationRequest - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**action** | **string** | Action is the action that is requested on the resource. | [optional] -**client_id** | **string** | Token is the token to introspect. | [optional] -**client_secret** | **string** | | [optional] -**context** | **map[string,object]** | Context is the request's environmental context. | [optional] -**resource** | **string** | Resource is the resource that access is requested to. | [optional] -**scope** | **string[]** | Scope is an array of scopes that are required. | [optional] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/WardenOAuth2ClientAuthorizationResponse.md b/sdk/php/swagger/docs/Model/WardenOAuth2ClientAuthorizationResponse.md deleted file mode 100644 index 6d5628adb..000000000 --- a/sdk/php/swagger/docs/Model/WardenOAuth2ClientAuthorizationResponse.md +++ /dev/null @@ -1,11 +0,0 @@ -# WardenOAuth2ClientAuthorizationResponse - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**allowed** | **bool** | Allowed is true if the request is allowed and false otherwise. | [optional] -**sub** | **string** | Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. | [optional] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/WardenSubjectAuthorizationResponse.md b/sdk/php/swagger/docs/Model/WardenSubjectAuthorizationResponse.md deleted file mode 100644 index 5d22fcfe2..000000000 --- a/sdk/php/swagger/docs/Model/WardenSubjectAuthorizationResponse.md +++ /dev/null @@ -1,11 +0,0 @@ -# WardenSubjectAuthorizationResponse - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**allowed** | **bool** | Allowed is true if the request is allowed and false otherwise. | [optional] -**sub** | **string** | Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. | [optional] - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/docs/Model/Writer.md b/sdk/php/swagger/docs/Model/Writer.md deleted file mode 100644 index 530fd0f80..000000000 --- a/sdk/php/swagger/docs/Model/Writer.md +++ /dev/null @@ -1,9 +0,0 @@ -# Writer - -## Properties -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/sdk/php/swagger/lib/Api/EnginesApi.php b/sdk/php/swagger/lib/Api/EnginesApi.php new file mode 100644 index 000000000..3a5e7f880 --- /dev/null +++ b/sdk/php/swagger/lib/Api/EnginesApi.php @@ -0,0 +1,1200 @@ +apiClient = $apiClient; + } + + /** + * Get API client + * + * @return \ketoSDK\ApiClient get the API client + */ + public function getApiClient() + { + return $this->apiClient; + } + + /** + * Set the API client + * + * @param \ketoSDK\ApiClient $apiClient set the API client + * + * @return EnginesApi + */ + public function setApiClient(\ketoSDK\ApiClient $apiClient) + { + $this->apiClient = $apiClient; + return $this; + } + + /** + * Operation addOryAccessControlPolicyRoleMembers + * + * Add a member to an ORY Access Control Policy Role + * + * Client for keto + * + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". (required) + * @param string $id The ID of the ORY Access Control Policy Role. (required) + * @param \ketoSDK\Model\AddOryAccessControlPolicyRoleMembersBody $body (optional) + * @throws \ketoSDK\ApiException on non-2xx response + * @return \ketoSDK\Model\OryAccessControlPolicyRole + */ + public function addOryAccessControlPolicyRoleMembers($flavor, $id, $body = null) + { + list($response) = $this->addOryAccessControlPolicyRoleMembersWithHttpInfo($flavor, $id, $body); + return $response; + } + + /** + * Operation addOryAccessControlPolicyRoleMembersWithHttpInfo + * + * Add a member to an ORY Access Control Policy Role + * + * Client for keto + * + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". (required) + * @param string $id The ID of the ORY Access Control Policy Role. (required) + * @param \ketoSDK\Model\AddOryAccessControlPolicyRoleMembersBody $body (optional) + * @throws \ketoSDK\ApiException on non-2xx response + * @return array of \ketoSDK\Model\OryAccessControlPolicyRole, HTTP status code, HTTP response headers (array of strings) + */ + public function addOryAccessControlPolicyRoleMembersWithHttpInfo($flavor, $id, $body = null) + { + // verify the required parameter 'flavor' is set + if ($flavor === null) { + throw new \InvalidArgumentException('Missing the required parameter $flavor when calling addOryAccessControlPolicyRoleMembers'); + } + // verify the required parameter 'id' is set + if ($id === null) { + throw new \InvalidArgumentException('Missing the required parameter $id when calling addOryAccessControlPolicyRoleMembers'); + } + // parse inputs + $resourcePath = "/engines/acp/ory/{flavor}/roles/{id}/members"; + $httpBody = ''; + $queryParams = []; + $headerParams = []; + $formParams = []; + $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); + if (!is_null($_header_accept)) { + $headerParams['Accept'] = $_header_accept; + } + $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); + + // path params + if ($flavor !== null) { + $resourcePath = str_replace( + "{" . "flavor" . "}", + $this->apiClient->getSerializer()->toPathValue($flavor), + $resourcePath + ); + } + // path params + if ($id !== null) { + $resourcePath = str_replace( + "{" . "id" . "}", + $this->apiClient->getSerializer()->toPathValue($id), + $resourcePath + ); + } + // body params + $_tempBody = null; + if (isset($body)) { + $_tempBody = $body; + } + + // for model (json/xml) + if (isset($_tempBody)) { + $httpBody = $_tempBody; // $_tempBody is the method argument, if present + } elseif (count($formParams) > 0) { + $httpBody = $formParams; // for HTTP post (form) + } + // make the API Call + try { + list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( + $resourcePath, + 'PUT', + $queryParams, + $httpBody, + $headerParams, + '\ketoSDK\Model\OryAccessControlPolicyRole', + '/engines/acp/ory/{flavor}/roles/{id}/members' + ); + + return [$this->apiClient->getSerializer()->deserialize($response, '\ketoSDK\Model\OryAccessControlPolicyRole', $httpHeader), $statusCode, $httpHeader]; + } catch (ApiException $e) { + switch ($e->getCode()) { + case 200: + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\OryAccessControlPolicyRole', $e->getResponseHeaders()); + $e->setResponseObject($data); + break; + case 500: + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\InlineResponse500', $e->getResponseHeaders()); + $e->setResponseObject($data); + break; + } + + throw $e; + } + } + + /** + * Operation deleteOryAccessControlPolicy + * + * Client for keto + * + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". (required) + * @param string $id The ID of the ORY Access Control Policy Role. (required) + * @throws \ketoSDK\ApiException on non-2xx response + * @return void + */ + public function deleteOryAccessControlPolicy($flavor, $id) + { + list($response) = $this->deleteOryAccessControlPolicyWithHttpInfo($flavor, $id); + return $response; + } + + /** + * Operation deleteOryAccessControlPolicyWithHttpInfo + * + * Client for keto + * + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". (required) + * @param string $id The ID of the ORY Access Control Policy Role. (required) + * @throws \ketoSDK\ApiException on non-2xx response + * @return array of null, HTTP status code, HTTP response headers (array of strings) + */ + public function deleteOryAccessControlPolicyWithHttpInfo($flavor, $id) + { + // verify the required parameter 'flavor' is set + if ($flavor === null) { + throw new \InvalidArgumentException('Missing the required parameter $flavor when calling deleteOryAccessControlPolicy'); + } + // verify the required parameter 'id' is set + if ($id === null) { + throw new \InvalidArgumentException('Missing the required parameter $id when calling deleteOryAccessControlPolicy'); + } + // parse inputs + $resourcePath = "/engines/acp/ory/{flavor}/policies/{id}"; + $httpBody = ''; + $queryParams = []; + $headerParams = []; + $formParams = []; + $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); + if (!is_null($_header_accept)) { + $headerParams['Accept'] = $_header_accept; + } + $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); + + // path params + if ($flavor !== null) { + $resourcePath = str_replace( + "{" . "flavor" . "}", + $this->apiClient->getSerializer()->toPathValue($flavor), + $resourcePath + ); + } + // path params + if ($id !== null) { + $resourcePath = str_replace( + "{" . "id" . "}", + $this->apiClient->getSerializer()->toPathValue($id), + $resourcePath + ); + } + + // for model (json/xml) + if (isset($_tempBody)) { + $httpBody = $_tempBody; // $_tempBody is the method argument, if present + } elseif (count($formParams) > 0) { + $httpBody = $formParams; // for HTTP post (form) + } + // make the API Call + try { + list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( + $resourcePath, + 'DELETE', + $queryParams, + $httpBody, + $headerParams, + null, + '/engines/acp/ory/{flavor}/policies/{id}' + ); + + return [null, $statusCode, $httpHeader]; + } catch (ApiException $e) { + switch ($e->getCode()) { + case 500: + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\InlineResponse500', $e->getResponseHeaders()); + $e->setResponseObject($data); + break; + } + + throw $e; + } + } + + /** + * Operation deleteOryAccessControlPolicyRole + * + * Delete an ORY Access Control Policy Role + * + * Client for keto + * + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". (required) + * @param string $id The ID of the ORY Access Control Policy Role. (required) + * @throws \ketoSDK\ApiException on non-2xx response + * @return void + */ + public function deleteOryAccessControlPolicyRole($flavor, $id) + { + list($response) = $this->deleteOryAccessControlPolicyRoleWithHttpInfo($flavor, $id); + return $response; + } + + /** + * Operation deleteOryAccessControlPolicyRoleWithHttpInfo + * + * Delete an ORY Access Control Policy Role + * + * Client for keto + * + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". (required) + * @param string $id The ID of the ORY Access Control Policy Role. (required) + * @throws \ketoSDK\ApiException on non-2xx response + * @return array of null, HTTP status code, HTTP response headers (array of strings) + */ + public function deleteOryAccessControlPolicyRoleWithHttpInfo($flavor, $id) + { + // verify the required parameter 'flavor' is set + if ($flavor === null) { + throw new \InvalidArgumentException('Missing the required parameter $flavor when calling deleteOryAccessControlPolicyRole'); + } + // verify the required parameter 'id' is set + if ($id === null) { + throw new \InvalidArgumentException('Missing the required parameter $id when calling deleteOryAccessControlPolicyRole'); + } + // parse inputs + $resourcePath = "/engines/acp/ory/{flavor}/roles/{id}"; + $httpBody = ''; + $queryParams = []; + $headerParams = []; + $formParams = []; + $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); + if (!is_null($_header_accept)) { + $headerParams['Accept'] = $_header_accept; + } + $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); + + // path params + if ($flavor !== null) { + $resourcePath = str_replace( + "{" . "flavor" . "}", + $this->apiClient->getSerializer()->toPathValue($flavor), + $resourcePath + ); + } + // path params + if ($id !== null) { + $resourcePath = str_replace( + "{" . "id" . "}", + $this->apiClient->getSerializer()->toPathValue($id), + $resourcePath + ); + } + + // for model (json/xml) + if (isset($_tempBody)) { + $httpBody = $_tempBody; // $_tempBody is the method argument, if present + } elseif (count($formParams) > 0) { + $httpBody = $formParams; // for HTTP post (form) + } + // make the API Call + try { + list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( + $resourcePath, + 'DELETE', + $queryParams, + $httpBody, + $headerParams, + null, + '/engines/acp/ory/{flavor}/roles/{id}' + ); + + return [null, $statusCode, $httpHeader]; + } catch (ApiException $e) { + switch ($e->getCode()) { + case 500: + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\InlineResponse500', $e->getResponseHeaders()); + $e->setResponseObject($data); + break; + } + + throw $e; + } + } + + /** + * Operation doOryAccessControlPoliciesAllow + * + * Check if a request is allowed + * + * Client for keto + * + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". (required) + * @param \ketoSDK\Model\OryAccessControlPolicyAllowedInput $body (optional) + * @throws \ketoSDK\ApiException on non-2xx response + * @return \ketoSDK\Model\AuthorizationResult + */ + public function doOryAccessControlPoliciesAllow($flavor, $body = null) + { + list($response) = $this->doOryAccessControlPoliciesAllowWithHttpInfo($flavor, $body); + return $response; + } + + /** + * Operation doOryAccessControlPoliciesAllowWithHttpInfo + * + * Check if a request is allowed + * + * Client for keto + * + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". (required) + * @param \ketoSDK\Model\OryAccessControlPolicyAllowedInput $body (optional) + * @throws \ketoSDK\ApiException on non-2xx response + * @return array of \ketoSDK\Model\AuthorizationResult, HTTP status code, HTTP response headers (array of strings) + */ + public function doOryAccessControlPoliciesAllowWithHttpInfo($flavor, $body = null) + { + // verify the required parameter 'flavor' is set + if ($flavor === null) { + throw new \InvalidArgumentException('Missing the required parameter $flavor when calling doOryAccessControlPoliciesAllow'); + } + // parse inputs + $resourcePath = "/engines/acp/ory/{flavor}/allowed"; + $httpBody = ''; + $queryParams = []; + $headerParams = []; + $formParams = []; + $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); + if (!is_null($_header_accept)) { + $headerParams['Accept'] = $_header_accept; + } + $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); + + // path params + if ($flavor !== null) { + $resourcePath = str_replace( + "{" . "flavor" . "}", + $this->apiClient->getSerializer()->toPathValue($flavor), + $resourcePath + ); + } + // body params + $_tempBody = null; + if (isset($body)) { + $_tempBody = $body; + } + + // for model (json/xml) + if (isset($_tempBody)) { + $httpBody = $_tempBody; // $_tempBody is the method argument, if present + } elseif (count($formParams) > 0) { + $httpBody = $formParams; // for HTTP post (form) + } + // make the API Call + try { + list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( + $resourcePath, + 'POST', + $queryParams, + $httpBody, + $headerParams, + '\ketoSDK\Model\AuthorizationResult', + '/engines/acp/ory/{flavor}/allowed' + ); + + return [$this->apiClient->getSerializer()->deserialize($response, '\ketoSDK\Model\AuthorizationResult', $httpHeader), $statusCode, $httpHeader]; + } catch (ApiException $e) { + switch ($e->getCode()) { + case 200: + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\AuthorizationResult', $e->getResponseHeaders()); + $e->setResponseObject($data); + break; + case 500: + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\InlineResponse500', $e->getResponseHeaders()); + $e->setResponseObject($data); + break; + } + + throw $e; + } + } + + /** + * Operation getOryAccessControlPolicy + * + * Client for keto + * + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". (required) + * @param string $id The ID of the ORY Access Control Policy Role. (required) + * @throws \ketoSDK\ApiException on non-2xx response + * @return \ketoSDK\Model\OryAccessControlPolicy + */ + public function getOryAccessControlPolicy($flavor, $id) + { + list($response) = $this->getOryAccessControlPolicyWithHttpInfo($flavor, $id); + return $response; + } + + /** + * Operation getOryAccessControlPolicyWithHttpInfo + * + * Client for keto + * + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". (required) + * @param string $id The ID of the ORY Access Control Policy Role. (required) + * @throws \ketoSDK\ApiException on non-2xx response + * @return array of \ketoSDK\Model\OryAccessControlPolicy, HTTP status code, HTTP response headers (array of strings) + */ + public function getOryAccessControlPolicyWithHttpInfo($flavor, $id) + { + // verify the required parameter 'flavor' is set + if ($flavor === null) { + throw new \InvalidArgumentException('Missing the required parameter $flavor when calling getOryAccessControlPolicy'); + } + // verify the required parameter 'id' is set + if ($id === null) { + throw new \InvalidArgumentException('Missing the required parameter $id when calling getOryAccessControlPolicy'); + } + // parse inputs + $resourcePath = "/engines/acp/ory/{flavor}/policies/{id}"; + $httpBody = ''; + $queryParams = []; + $headerParams = []; + $formParams = []; + $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); + if (!is_null($_header_accept)) { + $headerParams['Accept'] = $_header_accept; + } + $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); + + // path params + if ($flavor !== null) { + $resourcePath = str_replace( + "{" . "flavor" . "}", + $this->apiClient->getSerializer()->toPathValue($flavor), + $resourcePath + ); + } + // path params + if ($id !== null) { + $resourcePath = str_replace( + "{" . "id" . "}", + $this->apiClient->getSerializer()->toPathValue($id), + $resourcePath + ); + } + + // for model (json/xml) + if (isset($_tempBody)) { + $httpBody = $_tempBody; // $_tempBody is the method argument, if present + } elseif (count($formParams) > 0) { + $httpBody = $formParams; // for HTTP post (form) + } + // make the API Call + try { + list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( + $resourcePath, + 'GET', + $queryParams, + $httpBody, + $headerParams, + '\ketoSDK\Model\OryAccessControlPolicy', + '/engines/acp/ory/{flavor}/policies/{id}' + ); + + return [$this->apiClient->getSerializer()->deserialize($response, '\ketoSDK\Model\OryAccessControlPolicy', $httpHeader), $statusCode, $httpHeader]; + } catch (ApiException $e) { + switch ($e->getCode()) { + case 200: + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\OryAccessControlPolicy', $e->getResponseHeaders()); + $e->setResponseObject($data); + break; + case 404: + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\InlineResponse500', $e->getResponseHeaders()); + $e->setResponseObject($data); + break; + case 500: + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\InlineResponse500', $e->getResponseHeaders()); + $e->setResponseObject($data); + break; + } + + throw $e; + } + } + + /** + * Operation getOryAccessControlPolicyRole + * + * Get an ORY Access Control Policy Role + * + * Client for keto + * + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". (required) + * @param string $id The ID of the ORY Access Control Policy Role. (required) + * @throws \ketoSDK\ApiException on non-2xx response + * @return \ketoSDK\Model\OryAccessControlPolicyRole + */ + public function getOryAccessControlPolicyRole($flavor, $id) + { + list($response) = $this->getOryAccessControlPolicyRoleWithHttpInfo($flavor, $id); + return $response; + } + + /** + * Operation getOryAccessControlPolicyRoleWithHttpInfo + * + * Get an ORY Access Control Policy Role + * + * Client for keto + * + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". (required) + * @param string $id The ID of the ORY Access Control Policy Role. (required) + * @throws \ketoSDK\ApiException on non-2xx response + * @return array of \ketoSDK\Model\OryAccessControlPolicyRole, HTTP status code, HTTP response headers (array of strings) + */ + public function getOryAccessControlPolicyRoleWithHttpInfo($flavor, $id) + { + // verify the required parameter 'flavor' is set + if ($flavor === null) { + throw new \InvalidArgumentException('Missing the required parameter $flavor when calling getOryAccessControlPolicyRole'); + } + // verify the required parameter 'id' is set + if ($id === null) { + throw new \InvalidArgumentException('Missing the required parameter $id when calling getOryAccessControlPolicyRole'); + } + // parse inputs + $resourcePath = "/engines/acp/ory/{flavor}/roles/{id}"; + $httpBody = ''; + $queryParams = []; + $headerParams = []; + $formParams = []; + $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); + if (!is_null($_header_accept)) { + $headerParams['Accept'] = $_header_accept; + } + $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); + + // path params + if ($flavor !== null) { + $resourcePath = str_replace( + "{" . "flavor" . "}", + $this->apiClient->getSerializer()->toPathValue($flavor), + $resourcePath + ); + } + // path params + if ($id !== null) { + $resourcePath = str_replace( + "{" . "id" . "}", + $this->apiClient->getSerializer()->toPathValue($id), + $resourcePath + ); + } + + // for model (json/xml) + if (isset($_tempBody)) { + $httpBody = $_tempBody; // $_tempBody is the method argument, if present + } elseif (count($formParams) > 0) { + $httpBody = $formParams; // for HTTP post (form) + } + // make the API Call + try { + list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( + $resourcePath, + 'GET', + $queryParams, + $httpBody, + $headerParams, + '\ketoSDK\Model\OryAccessControlPolicyRole', + '/engines/acp/ory/{flavor}/roles/{id}' + ); + + return [$this->apiClient->getSerializer()->deserialize($response, '\ketoSDK\Model\OryAccessControlPolicyRole', $httpHeader), $statusCode, $httpHeader]; + } catch (ApiException $e) { + switch ($e->getCode()) { + case 200: + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\OryAccessControlPolicyRole', $e->getResponseHeaders()); + $e->setResponseObject($data); + break; + case 404: + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\InlineResponse500', $e->getResponseHeaders()); + $e->setResponseObject($data); + break; + case 500: + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\InlineResponse500', $e->getResponseHeaders()); + $e->setResponseObject($data); + break; + } + + throw $e; + } + } + + /** + * Operation listOryAccessControlPolicies + * + * Client for keto + * + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" (required) + * @param int $limit The maximum amount of policies returned. (optional) + * @param int $offset The offset from where to start looking. (optional) + * @throws \ketoSDK\ApiException on non-2xx response + * @return \ketoSDK\Model\OryAccessControlPolicy[] + */ + public function listOryAccessControlPolicies($flavor, $limit = null, $offset = null) + { + list($response) = $this->listOryAccessControlPoliciesWithHttpInfo($flavor, $limit, $offset); + return $response; + } + + /** + * Operation listOryAccessControlPoliciesWithHttpInfo + * + * Client for keto + * + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" (required) + * @param int $limit The maximum amount of policies returned. (optional) + * @param int $offset The offset from where to start looking. (optional) + * @throws \ketoSDK\ApiException on non-2xx response + * @return array of \ketoSDK\Model\OryAccessControlPolicy[], HTTP status code, HTTP response headers (array of strings) + */ + public function listOryAccessControlPoliciesWithHttpInfo($flavor, $limit = null, $offset = null) + { + // verify the required parameter 'flavor' is set + if ($flavor === null) { + throw new \InvalidArgumentException('Missing the required parameter $flavor when calling listOryAccessControlPolicies'); + } + // parse inputs + $resourcePath = "/engines/acp/ory/{flavor}/policies"; + $httpBody = ''; + $queryParams = []; + $headerParams = []; + $formParams = []; + $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); + if (!is_null($_header_accept)) { + $headerParams['Accept'] = $_header_accept; + } + $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); + + // query params + if ($limit !== null) { + $queryParams['limit'] = $this->apiClient->getSerializer()->toQueryValue($limit); + } + // query params + if ($offset !== null) { + $queryParams['offset'] = $this->apiClient->getSerializer()->toQueryValue($offset); + } + // path params + if ($flavor !== null) { + $resourcePath = str_replace( + "{" . "flavor" . "}", + $this->apiClient->getSerializer()->toPathValue($flavor), + $resourcePath + ); + } + + // for model (json/xml) + if (isset($_tempBody)) { + $httpBody = $_tempBody; // $_tempBody is the method argument, if present + } elseif (count($formParams) > 0) { + $httpBody = $formParams; // for HTTP post (form) + } + // make the API Call + try { + list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( + $resourcePath, + 'GET', + $queryParams, + $httpBody, + $headerParams, + '\ketoSDK\Model\OryAccessControlPolicy[]', + '/engines/acp/ory/{flavor}/policies' + ); + + return [$this->apiClient->getSerializer()->deserialize($response, '\ketoSDK\Model\OryAccessControlPolicy[]', $httpHeader), $statusCode, $httpHeader]; + } catch (ApiException $e) { + switch ($e->getCode()) { + case 200: + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\OryAccessControlPolicy[]', $e->getResponseHeaders()); + $e->setResponseObject($data); + break; + case 500: + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\InlineResponse500', $e->getResponseHeaders()); + $e->setResponseObject($data); + break; + } + + throw $e; + } + } + + /** + * Operation listOryAccessControlPolicyRoles + * + * List ORY Access Control Policy Roles + * + * Client for keto + * + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" (required) + * @param int $limit The maximum amount of policies returned. (optional) + * @param int $offset The offset from where to start looking. (optional) + * @throws \ketoSDK\ApiException on non-2xx response + * @return \ketoSDK\Model\OryAccessControlPolicyRole[] + */ + public function listOryAccessControlPolicyRoles($flavor, $limit = null, $offset = null) + { + list($response) = $this->listOryAccessControlPolicyRolesWithHttpInfo($flavor, $limit, $offset); + return $response; + } + + /** + * Operation listOryAccessControlPolicyRolesWithHttpInfo + * + * List ORY Access Control Policy Roles + * + * Client for keto + * + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" (required) + * @param int $limit The maximum amount of policies returned. (optional) + * @param int $offset The offset from where to start looking. (optional) + * @throws \ketoSDK\ApiException on non-2xx response + * @return array of \ketoSDK\Model\OryAccessControlPolicyRole[], HTTP status code, HTTP response headers (array of strings) + */ + public function listOryAccessControlPolicyRolesWithHttpInfo($flavor, $limit = null, $offset = null) + { + // verify the required parameter 'flavor' is set + if ($flavor === null) { + throw new \InvalidArgumentException('Missing the required parameter $flavor when calling listOryAccessControlPolicyRoles'); + } + // parse inputs + $resourcePath = "/engines/acp/ory/{flavor}/roles"; + $httpBody = ''; + $queryParams = []; + $headerParams = []; + $formParams = []; + $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); + if (!is_null($_header_accept)) { + $headerParams['Accept'] = $_header_accept; + } + $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); + + // query params + if ($limit !== null) { + $queryParams['limit'] = $this->apiClient->getSerializer()->toQueryValue($limit); + } + // query params + if ($offset !== null) { + $queryParams['offset'] = $this->apiClient->getSerializer()->toQueryValue($offset); + } + // path params + if ($flavor !== null) { + $resourcePath = str_replace( + "{" . "flavor" . "}", + $this->apiClient->getSerializer()->toPathValue($flavor), + $resourcePath + ); + } + + // for model (json/xml) + if (isset($_tempBody)) { + $httpBody = $_tempBody; // $_tempBody is the method argument, if present + } elseif (count($formParams) > 0) { + $httpBody = $formParams; // for HTTP post (form) + } + // make the API Call + try { + list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( + $resourcePath, + 'GET', + $queryParams, + $httpBody, + $headerParams, + '\ketoSDK\Model\OryAccessControlPolicyRole[]', + '/engines/acp/ory/{flavor}/roles' + ); + + return [$this->apiClient->getSerializer()->deserialize($response, '\ketoSDK\Model\OryAccessControlPolicyRole[]', $httpHeader), $statusCode, $httpHeader]; + } catch (ApiException $e) { + switch ($e->getCode()) { + case 200: + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\OryAccessControlPolicyRole[]', $e->getResponseHeaders()); + $e->setResponseObject($data); + break; + case 500: + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\InlineResponse500', $e->getResponseHeaders()); + $e->setResponseObject($data); + break; + } + + throw $e; + } + } + + /** + * Operation removeOryAccessControlPolicyRoleMembers + * + * Remove a member from an ORY Access Control Policy Role + * + * Client for keto + * + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". (required) + * @param string $id The ID of the ORY Access Control Policy Role. (required) + * @param \ketoSDK\Model\RemoveOryAccessControlPolicyRoleMembersBody $body (optional) + * @throws \ketoSDK\ApiException on non-2xx response + * @return void + */ + public function removeOryAccessControlPolicyRoleMembers($flavor, $id, $body = null) + { + list($response) = $this->removeOryAccessControlPolicyRoleMembersWithHttpInfo($flavor, $id, $body); + return $response; + } + + /** + * Operation removeOryAccessControlPolicyRoleMembersWithHttpInfo + * + * Remove a member from an ORY Access Control Policy Role + * + * Client for keto + * + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". (required) + * @param string $id The ID of the ORY Access Control Policy Role. (required) + * @param \ketoSDK\Model\RemoveOryAccessControlPolicyRoleMembersBody $body (optional) + * @throws \ketoSDK\ApiException on non-2xx response + * @return array of null, HTTP status code, HTTP response headers (array of strings) + */ + public function removeOryAccessControlPolicyRoleMembersWithHttpInfo($flavor, $id, $body = null) + { + // verify the required parameter 'flavor' is set + if ($flavor === null) { + throw new \InvalidArgumentException('Missing the required parameter $flavor when calling removeOryAccessControlPolicyRoleMembers'); + } + // verify the required parameter 'id' is set + if ($id === null) { + throw new \InvalidArgumentException('Missing the required parameter $id when calling removeOryAccessControlPolicyRoleMembers'); + } + // parse inputs + $resourcePath = "/engines/acp/ory/{flavor}/roles/{id}/members"; + $httpBody = ''; + $queryParams = []; + $headerParams = []; + $formParams = []; + $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); + if (!is_null($_header_accept)) { + $headerParams['Accept'] = $_header_accept; + } + $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); + + // path params + if ($flavor !== null) { + $resourcePath = str_replace( + "{" . "flavor" . "}", + $this->apiClient->getSerializer()->toPathValue($flavor), + $resourcePath + ); + } + // path params + if ($id !== null) { + $resourcePath = str_replace( + "{" . "id" . "}", + $this->apiClient->getSerializer()->toPathValue($id), + $resourcePath + ); + } + // body params + $_tempBody = null; + if (isset($body)) { + $_tempBody = $body; + } + + // for model (json/xml) + if (isset($_tempBody)) { + $httpBody = $_tempBody; // $_tempBody is the method argument, if present + } elseif (count($formParams) > 0) { + $httpBody = $formParams; // for HTTP post (form) + } + // make the API Call + try { + list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( + $resourcePath, + 'DELETE', + $queryParams, + $httpBody, + $headerParams, + null, + '/engines/acp/ory/{flavor}/roles/{id}/members' + ); + + return [null, $statusCode, $httpHeader]; + } catch (ApiException $e) { + switch ($e->getCode()) { + case 500: + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\InlineResponse500', $e->getResponseHeaders()); + $e->setResponseObject($data); + break; + } + + throw $e; + } + } + + /** + * Operation upsertOryAccessControlPolicy + * + * Client for keto + * + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". (required) + * @param \ketoSDK\Model\OryAccessControlPolicy $body (optional) + * @throws \ketoSDK\ApiException on non-2xx response + * @return \ketoSDK\Model\OryAccessControlPolicy + */ + public function upsertOryAccessControlPolicy($flavor, $body = null) + { + list($response) = $this->upsertOryAccessControlPolicyWithHttpInfo($flavor, $body); + return $response; + } + + /** + * Operation upsertOryAccessControlPolicyWithHttpInfo + * + * Client for keto + * + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". (required) + * @param \ketoSDK\Model\OryAccessControlPolicy $body (optional) + * @throws \ketoSDK\ApiException on non-2xx response + * @return array of \ketoSDK\Model\OryAccessControlPolicy, HTTP status code, HTTP response headers (array of strings) + */ + public function upsertOryAccessControlPolicyWithHttpInfo($flavor, $body = null) + { + // verify the required parameter 'flavor' is set + if ($flavor === null) { + throw new \InvalidArgumentException('Missing the required parameter $flavor when calling upsertOryAccessControlPolicy'); + } + // parse inputs + $resourcePath = "/engines/acp/ory/{flavor}/policies"; + $httpBody = ''; + $queryParams = []; + $headerParams = []; + $formParams = []; + $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); + if (!is_null($_header_accept)) { + $headerParams['Accept'] = $_header_accept; + } + $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); + + // path params + if ($flavor !== null) { + $resourcePath = str_replace( + "{" . "flavor" . "}", + $this->apiClient->getSerializer()->toPathValue($flavor), + $resourcePath + ); + } + // body params + $_tempBody = null; + if (isset($body)) { + $_tempBody = $body; + } + + // for model (json/xml) + if (isset($_tempBody)) { + $httpBody = $_tempBody; // $_tempBody is the method argument, if present + } elseif (count($formParams) > 0) { + $httpBody = $formParams; // for HTTP post (form) + } + // make the API Call + try { + list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( + $resourcePath, + 'PUT', + $queryParams, + $httpBody, + $headerParams, + '\ketoSDK\Model\OryAccessControlPolicy', + '/engines/acp/ory/{flavor}/policies' + ); + + return [$this->apiClient->getSerializer()->deserialize($response, '\ketoSDK\Model\OryAccessControlPolicy', $httpHeader), $statusCode, $httpHeader]; + } catch (ApiException $e) { + switch ($e->getCode()) { + case 200: + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\OryAccessControlPolicy', $e->getResponseHeaders()); + $e->setResponseObject($data); + break; + case 500: + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\InlineResponse500', $e->getResponseHeaders()); + $e->setResponseObject($data); + break; + } + + throw $e; + } + } + + /** + * Operation upsertOryAccessControlPolicyRole + * + * Upsert an ORY Access Control Policy Role + * + * Client for keto + * + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". (required) + * @param \ketoSDK\Model\OryAccessControlPolicyRole $body (optional) + * @throws \ketoSDK\ApiException on non-2xx response + * @return \ketoSDK\Model\OryAccessControlPolicyRole + */ + public function upsertOryAccessControlPolicyRole($flavor, $body = null) + { + list($response) = $this->upsertOryAccessControlPolicyRoleWithHttpInfo($flavor, $body); + return $response; + } + + /** + * Operation upsertOryAccessControlPolicyRoleWithHttpInfo + * + * Upsert an ORY Access Control Policy Role + * + * Client for keto + * + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". (required) + * @param \ketoSDK\Model\OryAccessControlPolicyRole $body (optional) + * @throws \ketoSDK\ApiException on non-2xx response + * @return array of \ketoSDK\Model\OryAccessControlPolicyRole, HTTP status code, HTTP response headers (array of strings) + */ + public function upsertOryAccessControlPolicyRoleWithHttpInfo($flavor, $body = null) + { + // verify the required parameter 'flavor' is set + if ($flavor === null) { + throw new \InvalidArgumentException('Missing the required parameter $flavor when calling upsertOryAccessControlPolicyRole'); + } + // parse inputs + $resourcePath = "/engines/acp/ory/{flavor}/roles"; + $httpBody = ''; + $queryParams = []; + $headerParams = []; + $formParams = []; + $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); + if (!is_null($_header_accept)) { + $headerParams['Accept'] = $_header_accept; + } + $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); + + // path params + if ($flavor !== null) { + $resourcePath = str_replace( + "{" . "flavor" . "}", + $this->apiClient->getSerializer()->toPathValue($flavor), + $resourcePath + ); + } + // body params + $_tempBody = null; + if (isset($body)) { + $_tempBody = $body; + } + + // for model (json/xml) + if (isset($_tempBody)) { + $httpBody = $_tempBody; // $_tempBody is the method argument, if present + } elseif (count($formParams) > 0) { + $httpBody = $formParams; // for HTTP post (form) + } + // make the API Call + try { + list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( + $resourcePath, + 'PUT', + $queryParams, + $httpBody, + $headerParams, + '\ketoSDK\Model\OryAccessControlPolicyRole', + '/engines/acp/ory/{flavor}/roles' + ); + + return [$this->apiClient->getSerializer()->deserialize($response, '\ketoSDK\Model\OryAccessControlPolicyRole', $httpHeader), $statusCode, $httpHeader]; + } catch (ApiException $e) { + switch ($e->getCode()) { + case 200: + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\OryAccessControlPolicyRole', $e->getResponseHeaders()); + $e->setResponseObject($data); + break; + case 500: + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\InlineResponse500', $e->getResponseHeaders()); + $e->setResponseObject($data); + break; + } + + throw $e; + } + } +} diff --git a/sdk/php/swagger/lib/Api/HealthApi.php b/sdk/php/swagger/lib/Api/HealthApi.php index 84285ab1e..e8f578628 100644 --- a/sdk/php/swagger/lib/Api/HealthApi.php +++ b/sdk/php/swagger/lib/Api/HealthApi.php @@ -4,7 +4,7 @@ * PHP version 5 * * @category Class - * @package keto\SDK + * @package ketoSDK * @author Swagger Codegen team * @link https://github.com/swagger-api/swagger-codegen */ @@ -13,7 +13,7 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git * */ @@ -24,18 +24,18 @@ * Do not edit the class manually. */ -namespace keto\SDK\Api; +namespace ketoSDK\Api; -use \keto\SDK\ApiClient; -use \keto\SDK\ApiException; -use \keto\SDK\Configuration; -use \keto\SDK\ObjectSerializer; +use \ketoSDK\ApiClient; +use \ketoSDK\ApiException; +use \ketoSDK\Configuration; +use \ketoSDK\ObjectSerializer; /** * HealthApi Class Doc Comment * * @category Class - * @package keto\SDK + * @package ketoSDK * @author Swagger Codegen team * @link https://github.com/swagger-api/swagger-codegen */ @@ -44,16 +44,16 @@ class HealthApi /** * API Client * - * @var \keto\SDK\ApiClient instance of the ApiClient + * @var \ketoSDK\ApiClient instance of the ApiClient */ protected $apiClient; /** * Constructor * - * @param \keto\SDK\ApiClient|null $apiClient The api client to use + * @param \ketoSDK\ApiClient|null $apiClient The api client to use */ - public function __construct(\keto\SDK\ApiClient $apiClient = null) + public function __construct(\ketoSDK\ApiClient $apiClient = null) { if ($apiClient === null) { $apiClient = new ApiClient(); @@ -65,7 +65,7 @@ public function __construct(\keto\SDK\ApiClient $apiClient = null) /** * Get API client * - * @return \keto\SDK\ApiClient get the API client + * @return \ketoSDK\ApiClient get the API client */ public function getApiClient() { @@ -75,11 +75,11 @@ public function getApiClient() /** * Set the API client * - * @param \keto\SDK\ApiClient $apiClient set the API client + * @param \ketoSDK\ApiClient $apiClient set the API client * * @return HealthApi */ - public function setApiClient(\keto\SDK\ApiClient $apiClient) + public function setApiClient(\ketoSDK\ApiClient $apiClient) { $this->apiClient = $apiClient; return $this; @@ -88,12 +88,12 @@ public function setApiClient(\keto\SDK\ApiClient $apiClient) /** * Operation isInstanceAlive * - * Check the Alive Status + * Check alive status * * Client for keto * - * @throws \keto\SDK\ApiException on non-2xx response - * @return \keto\SDK\Model\HealthStatus + * @throws \ketoSDK\ApiException on non-2xx response + * @return \ketoSDK\Model\HealthStatus */ public function isInstanceAlive() { @@ -104,12 +104,12 @@ public function isInstanceAlive() /** * Operation isInstanceAliveWithHttpInfo * - * Check the Alive Status + * Check alive status * * Client for keto * - * @throws \keto\SDK\ApiException on non-2xx response - * @return array of \keto\SDK\Model\HealthStatus, HTTP status code, HTTP response headers (array of strings) + * @throws \ketoSDK\ApiException on non-2xx response + * @return array of \ketoSDK\Model\HealthStatus, HTTP status code, HTTP response headers (array of strings) */ public function isInstanceAliveWithHttpInfo() { @@ -140,19 +140,19 @@ public function isInstanceAliveWithHttpInfo() $queryParams, $httpBody, $headerParams, - '\keto\SDK\Model\HealthStatus', + '\ketoSDK\Model\HealthStatus', '/health/alive' ); - return [$this->apiClient->getSerializer()->deserialize($response, '\keto\SDK\Model\HealthStatus', $httpHeader), $statusCode, $httpHeader]; + return [$this->apiClient->getSerializer()->deserialize($response, '\ketoSDK\Model\HealthStatus', $httpHeader), $statusCode, $httpHeader]; } catch (ApiException $e) { switch ($e->getCode()) { case 200: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\HealthStatus', $e->getResponseHeaders()); + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\HealthStatus', $e->getResponseHeaders()); $e->setResponseObject($data); break; case 500: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\InlineResponse500', $e->getResponseHeaders()); $e->setResponseObject($data); break; } @@ -164,12 +164,12 @@ public function isInstanceAliveWithHttpInfo() /** * Operation isInstanceReady * - * Check the Readiness Status + * Check readiness status * * Client for keto * - * @throws \keto\SDK\ApiException on non-2xx response - * @return \keto\SDK\Model\HealthStatus + * @throws \ketoSDK\ApiException on non-2xx response + * @return \ketoSDK\Model\HealthStatus */ public function isInstanceReady() { @@ -180,12 +180,12 @@ public function isInstanceReady() /** * Operation isInstanceReadyWithHttpInfo * - * Check the Readiness Status + * Check readiness status * * Client for keto * - * @throws \keto\SDK\ApiException on non-2xx response - * @return array of \keto\SDK\Model\HealthStatus, HTTP status code, HTTP response headers (array of strings) + * @throws \ketoSDK\ApiException on non-2xx response + * @return array of \ketoSDK\Model\HealthStatus, HTTP status code, HTTP response headers (array of strings) */ public function isInstanceReadyWithHttpInfo() { @@ -216,19 +216,19 @@ public function isInstanceReadyWithHttpInfo() $queryParams, $httpBody, $headerParams, - '\keto\SDK\Model\HealthStatus', + '\ketoSDK\Model\HealthStatus', '/health/ready' ); - return [$this->apiClient->getSerializer()->deserialize($response, '\keto\SDK\Model\HealthStatus', $httpHeader), $statusCode, $httpHeader]; + return [$this->apiClient->getSerializer()->deserialize($response, '\ketoSDK\Model\HealthStatus', $httpHeader), $statusCode, $httpHeader]; } catch (ApiException $e) { switch ($e->getCode()) { case 200: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\HealthStatus', $e->getResponseHeaders()); + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\HealthStatus', $e->getResponseHeaders()); $e->setResponseObject($data); break; case 503: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\HealthNotReadyStatus', $e->getResponseHeaders()); + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\HealthNotReadyStatus', $e->getResponseHeaders()); $e->setResponseObject($data); break; } diff --git a/sdk/php/swagger/lib/Api/PolicyApi.php b/sdk/php/swagger/lib/Api/PolicyApi.php deleted file mode 100644 index feeede07a..000000000 --- a/sdk/php/swagger/lib/Api/PolicyApi.php +++ /dev/null @@ -1,551 +0,0 @@ -apiClient = $apiClient; - } - - /** - * Get API client - * - * @return \keto\SDK\ApiClient get the API client - */ - public function getApiClient() - { - return $this->apiClient; - } - - /** - * Set the API client - * - * @param \keto\SDK\ApiClient $apiClient set the API client - * - * @return PolicyApi - */ - public function setApiClient(\keto\SDK\ApiClient $apiClient) - { - $this->apiClient = $apiClient; - return $this; - } - - /** - * Operation createPolicy - * - * Client for keto - * - * @param \keto\SDK\Model\Policy $body (optional) - * @throws \keto\SDK\ApiException on non-2xx response - * @return \keto\SDK\Model\Policy - */ - public function createPolicy($body = null) - { - list($response) = $this->createPolicyWithHttpInfo($body); - return $response; - } - - /** - * Operation createPolicyWithHttpInfo - * - * Client for keto - * - * @param \keto\SDK\Model\Policy $body (optional) - * @throws \keto\SDK\ApiException on non-2xx response - * @return array of \keto\SDK\Model\Policy, HTTP status code, HTTP response headers (array of strings) - */ - public function createPolicyWithHttpInfo($body = null) - { - // parse inputs - $resourcePath = "/policies"; - $httpBody = ''; - $queryParams = []; - $headerParams = []; - $formParams = []; - $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); - if (!is_null($_header_accept)) { - $headerParams['Accept'] = $_header_accept; - } - $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); - - // body params - $_tempBody = null; - if (isset($body)) { - $_tempBody = $body; - } - - // for model (json/xml) - if (isset($_tempBody)) { - $httpBody = $_tempBody; // $_tempBody is the method argument, if present - } elseif (count($formParams) > 0) { - $httpBody = $formParams; // for HTTP post (form) - } - // make the API Call - try { - list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( - $resourcePath, - 'POST', - $queryParams, - $httpBody, - $headerParams, - '\keto\SDK\Model\Policy', - '/policies' - ); - - return [$this->apiClient->getSerializer()->deserialize($response, '\keto\SDK\Model\Policy', $httpHeader), $statusCode, $httpHeader]; - } catch (ApiException $e) { - switch ($e->getCode()) { - case 201: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\Policy', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 401: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 403: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 500: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - } - - throw $e; - } - } - - /** - * Operation deletePolicy - * - * Client for keto - * - * @param string $id The id of the policy. (required) - * @throws \keto\SDK\ApiException on non-2xx response - * @return void - */ - public function deletePolicy($id) - { - list($response) = $this->deletePolicyWithHttpInfo($id); - return $response; - } - - /** - * Operation deletePolicyWithHttpInfo - * - * Client for keto - * - * @param string $id The id of the policy. (required) - * @throws \keto\SDK\ApiException on non-2xx response - * @return array of null, HTTP status code, HTTP response headers (array of strings) - */ - public function deletePolicyWithHttpInfo($id) - { - // verify the required parameter 'id' is set - if ($id === null) { - throw new \InvalidArgumentException('Missing the required parameter $id when calling deletePolicy'); - } - // parse inputs - $resourcePath = "/policies/{id}"; - $httpBody = ''; - $queryParams = []; - $headerParams = []; - $formParams = []; - $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); - if (!is_null($_header_accept)) { - $headerParams['Accept'] = $_header_accept; - } - $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); - - // path params - if ($id !== null) { - $resourcePath = str_replace( - "{" . "id" . "}", - $this->apiClient->getSerializer()->toPathValue($id), - $resourcePath - ); - } - - // for model (json/xml) - if (isset($_tempBody)) { - $httpBody = $_tempBody; // $_tempBody is the method argument, if present - } elseif (count($formParams) > 0) { - $httpBody = $formParams; // for HTTP post (form) - } - // make the API Call - try { - list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( - $resourcePath, - 'DELETE', - $queryParams, - $httpBody, - $headerParams, - null, - '/policies/{id}' - ); - - return [null, $statusCode, $httpHeader]; - } catch (ApiException $e) { - switch ($e->getCode()) { - case 401: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 403: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 500: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - } - - throw $e; - } - } - - /** - * Operation getPolicy - * - * Client for keto - * - * @param string $id The id of the policy. (required) - * @throws \keto\SDK\ApiException on non-2xx response - * @return \keto\SDK\Model\Policy - */ - public function getPolicy($id) - { - list($response) = $this->getPolicyWithHttpInfo($id); - return $response; - } - - /** - * Operation getPolicyWithHttpInfo - * - * Client for keto - * - * @param string $id The id of the policy. (required) - * @throws \keto\SDK\ApiException on non-2xx response - * @return array of \keto\SDK\Model\Policy, HTTP status code, HTTP response headers (array of strings) - */ - public function getPolicyWithHttpInfo($id) - { - // verify the required parameter 'id' is set - if ($id === null) { - throw new \InvalidArgumentException('Missing the required parameter $id when calling getPolicy'); - } - // parse inputs - $resourcePath = "/policies/{id}"; - $httpBody = ''; - $queryParams = []; - $headerParams = []; - $formParams = []; - $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); - if (!is_null($_header_accept)) { - $headerParams['Accept'] = $_header_accept; - } - $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); - - // path params - if ($id !== null) { - $resourcePath = str_replace( - "{" . "id" . "}", - $this->apiClient->getSerializer()->toPathValue($id), - $resourcePath - ); - } - - // for model (json/xml) - if (isset($_tempBody)) { - $httpBody = $_tempBody; // $_tempBody is the method argument, if present - } elseif (count($formParams) > 0) { - $httpBody = $formParams; // for HTTP post (form) - } - // make the API Call - try { - list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( - $resourcePath, - 'GET', - $queryParams, - $httpBody, - $headerParams, - '\keto\SDK\Model\Policy', - '/policies/{id}' - ); - - return [$this->apiClient->getSerializer()->deserialize($response, '\keto\SDK\Model\Policy', $httpHeader), $statusCode, $httpHeader]; - } catch (ApiException $e) { - switch ($e->getCode()) { - case 200: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\Policy', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 401: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 403: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 500: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - } - - throw $e; - } - } - - /** - * Operation listPolicies - * - * Client for keto - * - * @param int $offset The offset from where to start looking. (optional) - * @param int $limit The maximum amount of policies returned. (optional) - * @throws \keto\SDK\ApiException on non-2xx response - * @return \keto\SDK\Model\Policy[] - */ - public function listPolicies($offset = null, $limit = null) - { - list($response) = $this->listPoliciesWithHttpInfo($offset, $limit); - return $response; - } - - /** - * Operation listPoliciesWithHttpInfo - * - * Client for keto - * - * @param int $offset The offset from where to start looking. (optional) - * @param int $limit The maximum amount of policies returned. (optional) - * @throws \keto\SDK\ApiException on non-2xx response - * @return array of \keto\SDK\Model\Policy[], HTTP status code, HTTP response headers (array of strings) - */ - public function listPoliciesWithHttpInfo($offset = null, $limit = null) - { - // parse inputs - $resourcePath = "/policies"; - $httpBody = ''; - $queryParams = []; - $headerParams = []; - $formParams = []; - $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); - if (!is_null($_header_accept)) { - $headerParams['Accept'] = $_header_accept; - } - $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); - - // query params - if ($offset !== null) { - $queryParams['offset'] = $this->apiClient->getSerializer()->toQueryValue($offset); - } - // query params - if ($limit !== null) { - $queryParams['limit'] = $this->apiClient->getSerializer()->toQueryValue($limit); - } - - // for model (json/xml) - if (isset($_tempBody)) { - $httpBody = $_tempBody; // $_tempBody is the method argument, if present - } elseif (count($formParams) > 0) { - $httpBody = $formParams; // for HTTP post (form) - } - // make the API Call - try { - list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( - $resourcePath, - 'GET', - $queryParams, - $httpBody, - $headerParams, - '\keto\SDK\Model\Policy[]', - '/policies' - ); - - return [$this->apiClient->getSerializer()->deserialize($response, '\keto\SDK\Model\Policy[]', $httpHeader), $statusCode, $httpHeader]; - } catch (ApiException $e) { - switch ($e->getCode()) { - case 200: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\Policy[]', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 401: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 403: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 500: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - } - - throw $e; - } - } - - /** - * Operation updatePolicy - * - * Client for keto - * - * @param string $id The id of the policy. (required) - * @param \keto\SDK\Model\Policy $body (optional) - * @throws \keto\SDK\ApiException on non-2xx response - * @return \keto\SDK\Model\Policy - */ - public function updatePolicy($id, $body = null) - { - list($response) = $this->updatePolicyWithHttpInfo($id, $body); - return $response; - } - - /** - * Operation updatePolicyWithHttpInfo - * - * Client for keto - * - * @param string $id The id of the policy. (required) - * @param \keto\SDK\Model\Policy $body (optional) - * @throws \keto\SDK\ApiException on non-2xx response - * @return array of \keto\SDK\Model\Policy, HTTP status code, HTTP response headers (array of strings) - */ - public function updatePolicyWithHttpInfo($id, $body = null) - { - // verify the required parameter 'id' is set - if ($id === null) { - throw new \InvalidArgumentException('Missing the required parameter $id when calling updatePolicy'); - } - // parse inputs - $resourcePath = "/policies/{id}"; - $httpBody = ''; - $queryParams = []; - $headerParams = []; - $formParams = []; - $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); - if (!is_null($_header_accept)) { - $headerParams['Accept'] = $_header_accept; - } - $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); - - // path params - if ($id !== null) { - $resourcePath = str_replace( - "{" . "id" . "}", - $this->apiClient->getSerializer()->toPathValue($id), - $resourcePath - ); - } - // body params - $_tempBody = null; - if (isset($body)) { - $_tempBody = $body; - } - - // for model (json/xml) - if (isset($_tempBody)) { - $httpBody = $_tempBody; // $_tempBody is the method argument, if present - } elseif (count($formParams) > 0) { - $httpBody = $formParams; // for HTTP post (form) - } - // make the API Call - try { - list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( - $resourcePath, - 'PUT', - $queryParams, - $httpBody, - $headerParams, - '\keto\SDK\Model\Policy', - '/policies/{id}' - ); - - return [$this->apiClient->getSerializer()->deserialize($response, '\keto\SDK\Model\Policy', $httpHeader), $statusCode, $httpHeader]; - } catch (ApiException $e) { - switch ($e->getCode()) { - case 200: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\Policy', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 401: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 403: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 500: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - } - - throw $e; - } - } -} diff --git a/sdk/php/swagger/lib/Api/RoleApi.php b/sdk/php/swagger/lib/Api/RoleApi.php deleted file mode 100644 index e157cb7cb..000000000 --- a/sdk/php/swagger/lib/Api/RoleApi.php +++ /dev/null @@ -1,754 +0,0 @@ -apiClient = $apiClient; - } - - /** - * Get API client - * - * @return \keto\SDK\ApiClient get the API client - */ - public function getApiClient() - { - return $this->apiClient; - } - - /** - * Set the API client - * - * @param \keto\SDK\ApiClient $apiClient set the API client - * - * @return RoleApi - */ - public function setApiClient(\keto\SDK\ApiClient $apiClient) - { - $this->apiClient = $apiClient; - return $this; - } - - /** - * Operation addMembersToRole - * - * Add members to a role - * - * Client for keto - * - * @param string $id The id of the role to modify. (required) - * @param \keto\SDK\Model\RoleMembers $body (optional) - * @throws \keto\SDK\ApiException on non-2xx response - * @return void - */ - public function addMembersToRole($id, $body = null) - { - list($response) = $this->addMembersToRoleWithHttpInfo($id, $body); - return $response; - } - - /** - * Operation addMembersToRoleWithHttpInfo - * - * Add members to a role - * - * Client for keto - * - * @param string $id The id of the role to modify. (required) - * @param \keto\SDK\Model\RoleMembers $body (optional) - * @throws \keto\SDK\ApiException on non-2xx response - * @return array of null, HTTP status code, HTTP response headers (array of strings) - */ - public function addMembersToRoleWithHttpInfo($id, $body = null) - { - // verify the required parameter 'id' is set - if ($id === null) { - throw new \InvalidArgumentException('Missing the required parameter $id when calling addMembersToRole'); - } - // parse inputs - $resourcePath = "/roles/{id}/members"; - $httpBody = ''; - $queryParams = []; - $headerParams = []; - $formParams = []; - $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); - if (!is_null($_header_accept)) { - $headerParams['Accept'] = $_header_accept; - } - $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); - - // path params - if ($id !== null) { - $resourcePath = str_replace( - "{" . "id" . "}", - $this->apiClient->getSerializer()->toPathValue($id), - $resourcePath - ); - } - // body params - $_tempBody = null; - if (isset($body)) { - $_tempBody = $body; - } - - // for model (json/xml) - if (isset($_tempBody)) { - $httpBody = $_tempBody; // $_tempBody is the method argument, if present - } elseif (count($formParams) > 0) { - $httpBody = $formParams; // for HTTP post (form) - } - // make the API Call - try { - list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( - $resourcePath, - 'POST', - $queryParams, - $httpBody, - $headerParams, - null, - '/roles/{id}/members' - ); - - return [null, $statusCode, $httpHeader]; - } catch (ApiException $e) { - switch ($e->getCode()) { - case 401: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 403: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 500: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - } - - throw $e; - } - } - - /** - * Operation createRole - * - * Create a role - * - * Client for keto - * - * @param \keto\SDK\Model\Role $body (optional) - * @throws \keto\SDK\ApiException on non-2xx response - * @return \keto\SDK\Model\Role - */ - public function createRole($body = null) - { - list($response) = $this->createRoleWithHttpInfo($body); - return $response; - } - - /** - * Operation createRoleWithHttpInfo - * - * Create a role - * - * Client for keto - * - * @param \keto\SDK\Model\Role $body (optional) - * @throws \keto\SDK\ApiException on non-2xx response - * @return array of \keto\SDK\Model\Role, HTTP status code, HTTP response headers (array of strings) - */ - public function createRoleWithHttpInfo($body = null) - { - // parse inputs - $resourcePath = "/roles"; - $httpBody = ''; - $queryParams = []; - $headerParams = []; - $formParams = []; - $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); - if (!is_null($_header_accept)) { - $headerParams['Accept'] = $_header_accept; - } - $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); - - // body params - $_tempBody = null; - if (isset($body)) { - $_tempBody = $body; - } - - // for model (json/xml) - if (isset($_tempBody)) { - $httpBody = $_tempBody; // $_tempBody is the method argument, if present - } elseif (count($formParams) > 0) { - $httpBody = $formParams; // for HTTP post (form) - } - // make the API Call - try { - list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( - $resourcePath, - 'POST', - $queryParams, - $httpBody, - $headerParams, - '\keto\SDK\Model\Role', - '/roles' - ); - - return [$this->apiClient->getSerializer()->deserialize($response, '\keto\SDK\Model\Role', $httpHeader), $statusCode, $httpHeader]; - } catch (ApiException $e) { - switch ($e->getCode()) { - case 201: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\Role', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 401: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 403: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 500: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - } - - throw $e; - } - } - - /** - * Operation deleteRole - * - * Get a role by its ID - * - * Client for keto - * - * @param string $id The id of the role to look up. (required) - * @throws \keto\SDK\ApiException on non-2xx response - * @return void - */ - public function deleteRole($id) - { - list($response) = $this->deleteRoleWithHttpInfo($id); - return $response; - } - - /** - * Operation deleteRoleWithHttpInfo - * - * Get a role by its ID - * - * Client for keto - * - * @param string $id The id of the role to look up. (required) - * @throws \keto\SDK\ApiException on non-2xx response - * @return array of null, HTTP status code, HTTP response headers (array of strings) - */ - public function deleteRoleWithHttpInfo($id) - { - // verify the required parameter 'id' is set - if ($id === null) { - throw new \InvalidArgumentException('Missing the required parameter $id when calling deleteRole'); - } - // parse inputs - $resourcePath = "/roles/{id}"; - $httpBody = ''; - $queryParams = []; - $headerParams = []; - $formParams = []; - $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); - if (!is_null($_header_accept)) { - $headerParams['Accept'] = $_header_accept; - } - $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); - - // path params - if ($id !== null) { - $resourcePath = str_replace( - "{" . "id" . "}", - $this->apiClient->getSerializer()->toPathValue($id), - $resourcePath - ); - } - - // for model (json/xml) - if (isset($_tempBody)) { - $httpBody = $_tempBody; // $_tempBody is the method argument, if present - } elseif (count($formParams) > 0) { - $httpBody = $formParams; // for HTTP post (form) - } - // make the API Call - try { - list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( - $resourcePath, - 'DELETE', - $queryParams, - $httpBody, - $headerParams, - null, - '/roles/{id}' - ); - - return [null, $statusCode, $httpHeader]; - } catch (ApiException $e) { - switch ($e->getCode()) { - case 401: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 403: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 500: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - } - - throw $e; - } - } - - /** - * Operation getRole - * - * Get a role by its ID - * - * Client for keto - * - * @param string $id The id of the role to look up. (required) - * @throws \keto\SDK\ApiException on non-2xx response - * @return \keto\SDK\Model\Role - */ - public function getRole($id) - { - list($response) = $this->getRoleWithHttpInfo($id); - return $response; - } - - /** - * Operation getRoleWithHttpInfo - * - * Get a role by its ID - * - * Client for keto - * - * @param string $id The id of the role to look up. (required) - * @throws \keto\SDK\ApiException on non-2xx response - * @return array of \keto\SDK\Model\Role, HTTP status code, HTTP response headers (array of strings) - */ - public function getRoleWithHttpInfo($id) - { - // verify the required parameter 'id' is set - if ($id === null) { - throw new \InvalidArgumentException('Missing the required parameter $id when calling getRole'); - } - // parse inputs - $resourcePath = "/roles/{id}"; - $httpBody = ''; - $queryParams = []; - $headerParams = []; - $formParams = []; - $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); - if (!is_null($_header_accept)) { - $headerParams['Accept'] = $_header_accept; - } - $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); - - // path params - if ($id !== null) { - $resourcePath = str_replace( - "{" . "id" . "}", - $this->apiClient->getSerializer()->toPathValue($id), - $resourcePath - ); - } - - // for model (json/xml) - if (isset($_tempBody)) { - $httpBody = $_tempBody; // $_tempBody is the method argument, if present - } elseif (count($formParams) > 0) { - $httpBody = $formParams; // for HTTP post (form) - } - // make the API Call - try { - list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( - $resourcePath, - 'GET', - $queryParams, - $httpBody, - $headerParams, - '\keto\SDK\Model\Role', - '/roles/{id}' - ); - - return [$this->apiClient->getSerializer()->deserialize($response, '\keto\SDK\Model\Role', $httpHeader), $statusCode, $httpHeader]; - } catch (ApiException $e) { - switch ($e->getCode()) { - case 201: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\Role', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 401: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 403: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 500: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - } - - throw $e; - } - } - - /** - * Operation listRoles - * - * List all roles - * - * Client for keto - * - * @param string $member The id of the member to look up. (optional) - * @param int $limit The maximum amount of policies returned. (optional) - * @param int $offset The offset from where to start looking. (optional) - * @throws \keto\SDK\ApiException on non-2xx response - * @return \keto\SDK\Model\Role[] - */ - public function listRoles($member = null, $limit = null, $offset = null) - { - list($response) = $this->listRolesWithHttpInfo($member, $limit, $offset); - return $response; - } - - /** - * Operation listRolesWithHttpInfo - * - * List all roles - * - * Client for keto - * - * @param string $member The id of the member to look up. (optional) - * @param int $limit The maximum amount of policies returned. (optional) - * @param int $offset The offset from where to start looking. (optional) - * @throws \keto\SDK\ApiException on non-2xx response - * @return array of \keto\SDK\Model\Role[], HTTP status code, HTTP response headers (array of strings) - */ - public function listRolesWithHttpInfo($member = null, $limit = null, $offset = null) - { - // parse inputs - $resourcePath = "/roles"; - $httpBody = ''; - $queryParams = []; - $headerParams = []; - $formParams = []; - $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); - if (!is_null($_header_accept)) { - $headerParams['Accept'] = $_header_accept; - } - $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); - - // query params - if ($member !== null) { - $queryParams['member'] = $this->apiClient->getSerializer()->toQueryValue($member); - } - // query params - if ($limit !== null) { - $queryParams['limit'] = $this->apiClient->getSerializer()->toQueryValue($limit); - } - // query params - if ($offset !== null) { - $queryParams['offset'] = $this->apiClient->getSerializer()->toQueryValue($offset); - } - - // for model (json/xml) - if (isset($_tempBody)) { - $httpBody = $_tempBody; // $_tempBody is the method argument, if present - } elseif (count($formParams) > 0) { - $httpBody = $formParams; // for HTTP post (form) - } - // make the API Call - try { - list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( - $resourcePath, - 'GET', - $queryParams, - $httpBody, - $headerParams, - '\keto\SDK\Model\Role[]', - '/roles' - ); - - return [$this->apiClient->getSerializer()->deserialize($response, '\keto\SDK\Model\Role[]', $httpHeader), $statusCode, $httpHeader]; - } catch (ApiException $e) { - switch ($e->getCode()) { - case 200: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\Role[]', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 401: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 403: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 500: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - } - - throw $e; - } - } - - /** - * Operation removeMembersFromRole - * - * Remove members from a role - * - * Client for keto - * - * @param string $id The id of the role to modify. (required) - * @param \keto\SDK\Model\RoleMembers $body (optional) - * @throws \keto\SDK\ApiException on non-2xx response - * @return void - */ - public function removeMembersFromRole($id, $body = null) - { - list($response) = $this->removeMembersFromRoleWithHttpInfo($id, $body); - return $response; - } - - /** - * Operation removeMembersFromRoleWithHttpInfo - * - * Remove members from a role - * - * Client for keto - * - * @param string $id The id of the role to modify. (required) - * @param \keto\SDK\Model\RoleMembers $body (optional) - * @throws \keto\SDK\ApiException on non-2xx response - * @return array of null, HTTP status code, HTTP response headers (array of strings) - */ - public function removeMembersFromRoleWithHttpInfo($id, $body = null) - { - // verify the required parameter 'id' is set - if ($id === null) { - throw new \InvalidArgumentException('Missing the required parameter $id when calling removeMembersFromRole'); - } - // parse inputs - $resourcePath = "/roles/{id}/members"; - $httpBody = ''; - $queryParams = []; - $headerParams = []; - $formParams = []; - $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); - if (!is_null($_header_accept)) { - $headerParams['Accept'] = $_header_accept; - } - $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); - - // path params - if ($id !== null) { - $resourcePath = str_replace( - "{" . "id" . "}", - $this->apiClient->getSerializer()->toPathValue($id), - $resourcePath - ); - } - // body params - $_tempBody = null; - if (isset($body)) { - $_tempBody = $body; - } - - // for model (json/xml) - if (isset($_tempBody)) { - $httpBody = $_tempBody; // $_tempBody is the method argument, if present - } elseif (count($formParams) > 0) { - $httpBody = $formParams; // for HTTP post (form) - } - // make the API Call - try { - list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( - $resourcePath, - 'DELETE', - $queryParams, - $httpBody, - $headerParams, - null, - '/roles/{id}/members' - ); - - return [null, $statusCode, $httpHeader]; - } catch (ApiException $e) { - switch ($e->getCode()) { - case 401: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 403: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 500: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - } - - throw $e; - } - } - - /** - * Operation setRole - * - * A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. - * - * Client for keto - * - * @throws \keto\SDK\ApiException on non-2xx response - * @return void - */ - public function setRole() - { - list($response) = $this->setRoleWithHttpInfo(); - return $response; - } - - /** - * Operation setRoleWithHttpInfo - * - * A Role represents a group of users that share the same role and thus permissions. A role could be an administrator, a moderator, a regular user or some other sort of role. - * - * Client for keto - * - * @throws \keto\SDK\ApiException on non-2xx response - * @return array of null, HTTP status code, HTTP response headers (array of strings) - */ - public function setRoleWithHttpInfo() - { - // parse inputs - $resourcePath = "/roles/{id}"; - $httpBody = ''; - $queryParams = []; - $headerParams = []; - $formParams = []; - $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); - if (!is_null($_header_accept)) { - $headerParams['Accept'] = $_header_accept; - } - $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); - - - // for model (json/xml) - if (isset($_tempBody)) { - $httpBody = $_tempBody; // $_tempBody is the method argument, if present - } elseif (count($formParams) > 0) { - $httpBody = $formParams; // for HTTP post (form) - } - // make the API Call - try { - list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( - $resourcePath, - 'PUT', - $queryParams, - $httpBody, - $headerParams, - null, - '/roles/{id}' - ); - - return [null, $statusCode, $httpHeader]; - } catch (ApiException $e) { - switch ($e->getCode()) { - case 401: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 403: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 500: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - } - - throw $e; - } - } -} diff --git a/sdk/php/swagger/lib/Api/VersionApi.php b/sdk/php/swagger/lib/Api/VersionApi.php index 56b40b5ea..632fc8599 100644 --- a/sdk/php/swagger/lib/Api/VersionApi.php +++ b/sdk/php/swagger/lib/Api/VersionApi.php @@ -4,7 +4,7 @@ * PHP version 5 * * @category Class - * @package keto\SDK + * @package ketoSDK * @author Swagger Codegen team * @link https://github.com/swagger-api/swagger-codegen */ @@ -13,7 +13,7 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git * */ @@ -24,18 +24,18 @@ * Do not edit the class manually. */ -namespace keto\SDK\Api; +namespace ketoSDK\Api; -use \keto\SDK\ApiClient; -use \keto\SDK\ApiException; -use \keto\SDK\Configuration; -use \keto\SDK\ObjectSerializer; +use \ketoSDK\ApiClient; +use \ketoSDK\ApiException; +use \ketoSDK\Configuration; +use \ketoSDK\ObjectSerializer; /** * VersionApi Class Doc Comment * * @category Class - * @package keto\SDK + * @package ketoSDK * @author Swagger Codegen team * @link https://github.com/swagger-api/swagger-codegen */ @@ -44,16 +44,16 @@ class VersionApi /** * API Client * - * @var \keto\SDK\ApiClient instance of the ApiClient + * @var \ketoSDK\ApiClient instance of the ApiClient */ protected $apiClient; /** * Constructor * - * @param \keto\SDK\ApiClient|null $apiClient The api client to use + * @param \ketoSDK\ApiClient|null $apiClient The api client to use */ - public function __construct(\keto\SDK\ApiClient $apiClient = null) + public function __construct(\ketoSDK\ApiClient $apiClient = null) { if ($apiClient === null) { $apiClient = new ApiClient(); @@ -65,7 +65,7 @@ public function __construct(\keto\SDK\ApiClient $apiClient = null) /** * Get API client * - * @return \keto\SDK\ApiClient get the API client + * @return \ketoSDK\ApiClient get the API client */ public function getApiClient() { @@ -75,11 +75,11 @@ public function getApiClient() /** * Set the API client * - * @param \keto\SDK\ApiClient $apiClient set the API client + * @param \ketoSDK\ApiClient $apiClient set the API client * * @return VersionApi */ - public function setApiClient(\keto\SDK\ApiClient $apiClient) + public function setApiClient(\ketoSDK\ApiClient $apiClient) { $this->apiClient = $apiClient; return $this; @@ -88,12 +88,12 @@ public function setApiClient(\keto\SDK\ApiClient $apiClient) /** * Operation getVersion * - * Get the version of Keto + * Get service version * * Client for keto * - * @throws \keto\SDK\ApiException on non-2xx response - * @return \keto\SDK\Model\Version + * @throws \ketoSDK\ApiException on non-2xx response + * @return \ketoSDK\Model\Version */ public function getVersion() { @@ -104,12 +104,12 @@ public function getVersion() /** * Operation getVersionWithHttpInfo * - * Get the version of Keto + * Get service version * * Client for keto * - * @throws \keto\SDK\ApiException on non-2xx response - * @return array of \keto\SDK\Model\Version, HTTP status code, HTTP response headers (array of strings) + * @throws \ketoSDK\ApiException on non-2xx response + * @return array of \ketoSDK\Model\Version, HTTP status code, HTTP response headers (array of strings) */ public function getVersionWithHttpInfo() { @@ -140,15 +140,15 @@ public function getVersionWithHttpInfo() $queryParams, $httpBody, $headerParams, - '\keto\SDK\Model\Version', + '\ketoSDK\Model\Version', '/version' ); - return [$this->apiClient->getSerializer()->deserialize($response, '\keto\SDK\Model\Version', $httpHeader), $statusCode, $httpHeader]; + return [$this->apiClient->getSerializer()->deserialize($response, '\ketoSDK\Model\Version', $httpHeader), $statusCode, $httpHeader]; } catch (ApiException $e) { switch ($e->getCode()) { case 200: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\Version', $e->getResponseHeaders()); + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\ketoSDK\Model\Version', $e->getResponseHeaders()); $e->setResponseObject($data); break; } diff --git a/sdk/php/swagger/lib/Api/WardenApi.php b/sdk/php/swagger/lib/Api/WardenApi.php deleted file mode 100644 index 956cf749e..000000000 --- a/sdk/php/swagger/lib/Api/WardenApi.php +++ /dev/null @@ -1,360 +0,0 @@ -apiClient = $apiClient; - } - - /** - * Get API client - * - * @return \keto\SDK\ApiClient get the API client - */ - public function getApiClient() - { - return $this->apiClient; - } - - /** - * Set the API client - * - * @param \keto\SDK\ApiClient $apiClient set the API client - * - * @return WardenApi - */ - public function setApiClient(\keto\SDK\ApiClient $apiClient) - { - $this->apiClient = $apiClient; - return $this; - } - - /** - * Operation isOAuth2AccessTokenAuthorized - * - * Check if an OAuth 2.0 access token is authorized to access a resource - * - * Client for keto - * - * @param \keto\SDK\Model\WardenOAuth2AccessTokenAuthorizationRequest $body (optional) - * @throws \keto\SDK\ApiException on non-2xx response - * @return \keto\SDK\Model\WardenOAuth2AccessTokenAuthorizationResponse - */ - public function isOAuth2AccessTokenAuthorized($body = null) - { - list($response) = $this->isOAuth2AccessTokenAuthorizedWithHttpInfo($body); - return $response; - } - - /** - * Operation isOAuth2AccessTokenAuthorizedWithHttpInfo - * - * Check if an OAuth 2.0 access token is authorized to access a resource - * - * Client for keto - * - * @param \keto\SDK\Model\WardenOAuth2AccessTokenAuthorizationRequest $body (optional) - * @throws \keto\SDK\ApiException on non-2xx response - * @return array of \keto\SDK\Model\WardenOAuth2AccessTokenAuthorizationResponse, HTTP status code, HTTP response headers (array of strings) - */ - public function isOAuth2AccessTokenAuthorizedWithHttpInfo($body = null) - { - // parse inputs - $resourcePath = "/warden/oauth2/access-tokens/authorize"; - $httpBody = ''; - $queryParams = []; - $headerParams = []; - $formParams = []; - $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); - if (!is_null($_header_accept)) { - $headerParams['Accept'] = $_header_accept; - } - $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); - - // body params - $_tempBody = null; - if (isset($body)) { - $_tempBody = $body; - } - - // for model (json/xml) - if (isset($_tempBody)) { - $httpBody = $_tempBody; // $_tempBody is the method argument, if present - } elseif (count($formParams) > 0) { - $httpBody = $formParams; // for HTTP post (form) - } - // make the API Call - try { - list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( - $resourcePath, - 'POST', - $queryParams, - $httpBody, - $headerParams, - '\keto\SDK\Model\WardenOAuth2AccessTokenAuthorizationResponse', - '/warden/oauth2/access-tokens/authorize' - ); - - return [$this->apiClient->getSerializer()->deserialize($response, '\keto\SDK\Model\WardenOAuth2AccessTokenAuthorizationResponse', $httpHeader), $statusCode, $httpHeader]; - } catch (ApiException $e) { - switch ($e->getCode()) { - case 200: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\WardenOAuth2AccessTokenAuthorizationResponse', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 401: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 403: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 500: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - } - - throw $e; - } - } - - /** - * Operation isOAuth2ClientAuthorized - * - * Check if an OAuth 2.0 Client is authorized to access a resource - * - * Client for keto - * - * @param \keto\SDK\Model\WardenOAuth2ClientAuthorizationRequest $body (optional) - * @throws \keto\SDK\ApiException on non-2xx response - * @return \keto\SDK\Model\WardenOAuth2ClientAuthorizationResponse - */ - public function isOAuth2ClientAuthorized($body = null) - { - list($response) = $this->isOAuth2ClientAuthorizedWithHttpInfo($body); - return $response; - } - - /** - * Operation isOAuth2ClientAuthorizedWithHttpInfo - * - * Check if an OAuth 2.0 Client is authorized to access a resource - * - * Client for keto - * - * @param \keto\SDK\Model\WardenOAuth2ClientAuthorizationRequest $body (optional) - * @throws \keto\SDK\ApiException on non-2xx response - * @return array of \keto\SDK\Model\WardenOAuth2ClientAuthorizationResponse, HTTP status code, HTTP response headers (array of strings) - */ - public function isOAuth2ClientAuthorizedWithHttpInfo($body = null) - { - // parse inputs - $resourcePath = "/warden/oauth2/clients/authorize"; - $httpBody = ''; - $queryParams = []; - $headerParams = []; - $formParams = []; - $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); - if (!is_null($_header_accept)) { - $headerParams['Accept'] = $_header_accept; - } - $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); - - // body params - $_tempBody = null; - if (isset($body)) { - $_tempBody = $body; - } - - // for model (json/xml) - if (isset($_tempBody)) { - $httpBody = $_tempBody; // $_tempBody is the method argument, if present - } elseif (count($formParams) > 0) { - $httpBody = $formParams; // for HTTP post (form) - } - // make the API Call - try { - list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( - $resourcePath, - 'POST', - $queryParams, - $httpBody, - $headerParams, - '\keto\SDK\Model\WardenOAuth2ClientAuthorizationResponse', - '/warden/oauth2/clients/authorize' - ); - - return [$this->apiClient->getSerializer()->deserialize($response, '\keto\SDK\Model\WardenOAuth2ClientAuthorizationResponse', $httpHeader), $statusCode, $httpHeader]; - } catch (ApiException $e) { - switch ($e->getCode()) { - case 200: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\WardenOAuth2ClientAuthorizationResponse', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 401: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 403: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 500: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - } - - throw $e; - } - } - - /** - * Operation isSubjectAuthorized - * - * Check if a subject is authorized to access a resource - * - * Client for keto - * - * @param \keto\SDK\Model\WardenSubjectAuthorizationRequest $body (optional) - * @throws \keto\SDK\ApiException on non-2xx response - * @return \keto\SDK\Model\WardenSubjectAuthorizationResponse - */ - public function isSubjectAuthorized($body = null) - { - list($response) = $this->isSubjectAuthorizedWithHttpInfo($body); - return $response; - } - - /** - * Operation isSubjectAuthorizedWithHttpInfo - * - * Check if a subject is authorized to access a resource - * - * Client for keto - * - * @param \keto\SDK\Model\WardenSubjectAuthorizationRequest $body (optional) - * @throws \keto\SDK\ApiException on non-2xx response - * @return array of \keto\SDK\Model\WardenSubjectAuthorizationResponse, HTTP status code, HTTP response headers (array of strings) - */ - public function isSubjectAuthorizedWithHttpInfo($body = null) - { - // parse inputs - $resourcePath = "/warden/subjects/authorize"; - $httpBody = ''; - $queryParams = []; - $headerParams = []; - $formParams = []; - $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); - if (!is_null($_header_accept)) { - $headerParams['Accept'] = $_header_accept; - } - $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json']); - - // body params - $_tempBody = null; - if (isset($body)) { - $_tempBody = $body; - } - - // for model (json/xml) - if (isset($_tempBody)) { - $httpBody = $_tempBody; // $_tempBody is the method argument, if present - } elseif (count($formParams) > 0) { - $httpBody = $formParams; // for HTTP post (form) - } - // make the API Call - try { - list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( - $resourcePath, - 'POST', - $queryParams, - $httpBody, - $headerParams, - '\keto\SDK\Model\WardenSubjectAuthorizationResponse', - '/warden/subjects/authorize' - ); - - return [$this->apiClient->getSerializer()->deserialize($response, '\keto\SDK\Model\WardenSubjectAuthorizationResponse', $httpHeader), $statusCode, $httpHeader]; - } catch (ApiException $e) { - switch ($e->getCode()) { - case 200: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\WardenSubjectAuthorizationResponse', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 401: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 403: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - case 500: - $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\keto\SDK\Model\InlineResponse500', $e->getResponseHeaders()); - $e->setResponseObject($data); - break; - } - - throw $e; - } - } -} diff --git a/sdk/php/swagger/lib/ApiClient.php b/sdk/php/swagger/lib/ApiClient.php index 64a6f18af..177175e33 100644 --- a/sdk/php/swagger/lib/ApiClient.php +++ b/sdk/php/swagger/lib/ApiClient.php @@ -5,7 +5,7 @@ * PHP version 5 * * @category Class - * @package keto\SDK + * @package ketoSDK * @author Swagger Codegen team * @link https://github.com/swagger-api/swagger-codegen */ @@ -14,7 +14,7 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git * */ @@ -25,13 +25,13 @@ * Do not edit the class manually. */ -namespace keto\SDK; +namespace ketoSDK; /** * ApiClient Class Doc Comment * * @category Class - * @package keto\SDK + * @package ketoSDK * @author Swagger Codegen team * @link https://github.com/swagger-api/swagger-codegen */ @@ -64,7 +64,7 @@ class ApiClient * * @param Configuration $config config for this ApiClient */ - public function __construct(\keto\SDK\Configuration $config = null) + public function __construct(\ketoSDK\Configuration $config = null) { if ($config === null) { $config = Configuration::getDefaultConfiguration(); @@ -130,7 +130,7 @@ public function getApiKeyWithPrefix($apiKeyIdentifier) * @param string $responseType expected response type of the endpoint * @param string $endpointPath path to method endpoint before expanding parameters * - * @throws \keto\SDK\ApiException on a non 2xx response + * @throws \ketoSDK\ApiException on a non 2xx response * @return mixed */ public function callApi($resourcePath, $method, $queryParams, $postData, $headerParams, $responseType = null, $endpointPath = null) @@ -151,7 +151,7 @@ public function callApi($resourcePath, $method, $queryParams, $postData, $header if ($postData and in_array('Content-Type: application/x-www-form-urlencoded', $headers, true)) { $postData = http_build_query($postData); } elseif ((is_object($postData) or is_array($postData)) and !in_array('Content-Type: multipart/form-data', $headers, true)) { // json model - $postData = json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($postData)); + $postData = json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($postData)); } $url = $this->config->getHost() . $resourcePath; diff --git a/sdk/php/swagger/lib/ApiException.php b/sdk/php/swagger/lib/ApiException.php index bb02c6bb8..e17adf1e1 100644 --- a/sdk/php/swagger/lib/ApiException.php +++ b/sdk/php/swagger/lib/ApiException.php @@ -4,7 +4,7 @@ * PHP version 5 * * @category Class - * @package keto\SDK + * @package ketoSDK * @author Swagger Codegen team * @link https://github.com/swagger-api/swagger-codegen */ @@ -13,7 +13,7 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git * */ @@ -24,7 +24,7 @@ * Do not edit the class manually. */ -namespace keto\SDK; +namespace ketoSDK; use \Exception; @@ -32,7 +32,7 @@ * ApiException Class Doc Comment * * @category Class - * @package keto\SDK + * @package ketoSDK * @author Swagger Codegen team * @link https://github.com/swagger-api/swagger-codegen */ diff --git a/sdk/php/swagger/lib/Configuration.php b/sdk/php/swagger/lib/Configuration.php index c8b0a4cb8..3cc95e741 100644 --- a/sdk/php/swagger/lib/Configuration.php +++ b/sdk/php/swagger/lib/Configuration.php @@ -4,7 +4,7 @@ * PHP version 5 * * @category Class - * @package keto\SDK + * @package ketoSDK * @author Swagger Codegen team * @link https://github.com/swagger-api/swagger-codegen */ @@ -13,7 +13,7 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git * */ @@ -24,14 +24,14 @@ * Do not edit the class manually. */ -namespace keto\SDK; +namespace ketoSDK; /** * Configuration Class Doc Comment * PHP version 5 * * @category Class - * @package keto\SDK + * @package ketoSDK * @author Swagger Codegen team * @link https://github.com/swagger-api/swagger-codegen */ @@ -722,7 +722,7 @@ public static function setDefaultConfiguration(Configuration $config) */ public static function toDebugReport() { - $report = 'PHP SDK (keto\SDK) Debug Report:' . PHP_EOL; + $report = 'PHP SDK (ketoSDK) Debug Report:' . PHP_EOL; $report .= ' OS: ' . php_uname() . PHP_EOL; $report .= ' PHP Version: ' . PHP_VERSION . PHP_EOL; $report .= ' OpenAPI Spec Version: Latest' . PHP_EOL; diff --git a/sdk/php/swagger/lib/Model/AddOryAccessControlPolicyRoleMembers.php b/sdk/php/swagger/lib/Model/AddOryAccessControlPolicyRoleMembers.php new file mode 100644 index 000000000..ee2a68fa8 --- /dev/null +++ b/sdk/php/swagger/lib/Model/AddOryAccessControlPolicyRoleMembers.php @@ -0,0 +1,306 @@ + '\ketoSDK\Model\AddOryAccessControlPolicyRoleMembersBody', + 'flavor' => 'string', + 'id' => 'string' + ]; + + /** + * Array of property to format mappings. Used for (de)serialization + * @var string[] + */ + protected static $swaggerFormats = [ + 'body' => null, + 'flavor' => null, + 'id' => null + ]; + + public static function swaggerTypes() + { + return self::$swaggerTypes; + } + + public static function swaggerFormats() + { + return self::$swaggerFormats; + } + + /** + * Array of attributes where the key is the local name, and the value is the original name + * @var string[] + */ + protected static $attributeMap = [ + 'body' => 'Body', + 'flavor' => 'flavor', + 'id' => 'id' + ]; + + + /** + * Array of attributes to setter functions (for deserialization of responses) + * @var string[] + */ + protected static $setters = [ + 'body' => 'setBody', + 'flavor' => 'setFlavor', + 'id' => 'setId' + ]; + + + /** + * Array of attributes to getter functions (for serialization of requests) + * @var string[] + */ + protected static $getters = [ + 'body' => 'getBody', + 'flavor' => 'getFlavor', + 'id' => 'getId' + ]; + + public static function attributeMap() + { + return self::$attributeMap; + } + + public static function setters() + { + return self::$setters; + } + + public static function getters() + { + return self::$getters; + } + + + + + + /** + * Associative array for storing property values + * @var mixed[] + */ + protected $container = []; + + /** + * Constructor + * @param mixed[] $data Associated array of property values initializing the model + */ + public function __construct(array $data = null) + { + $this->container['body'] = isset($data['body']) ? $data['body'] : null; + $this->container['flavor'] = isset($data['flavor']) ? $data['flavor'] : null; + $this->container['id'] = isset($data['id']) ? $data['id'] : null; + } + + /** + * show all the invalid properties with reasons. + * + * @return array invalid properties with reasons + */ + public function listInvalidProperties() + { + $invalid_properties = []; + + if ($this->container['flavor'] === null) { + $invalid_properties[] = "'flavor' can't be null"; + } + if ($this->container['id'] === null) { + $invalid_properties[] = "'id' can't be null"; + } + return $invalid_properties; + } + + /** + * validate all the properties in the model + * return true if all passed + * + * @return bool True if all properties are valid + */ + public function valid() + { + + if ($this->container['flavor'] === null) { + return false; + } + if ($this->container['id'] === null) { + return false; + } + return true; + } + + + /** + * Gets body + * @return \ketoSDK\Model\AddOryAccessControlPolicyRoleMembersBody + */ + public function getBody() + { + return $this->container['body']; + } + + /** + * Sets body + * @param \ketoSDK\Model\AddOryAccessControlPolicyRoleMembersBody $body + * @return $this + */ + public function setBody($body) + { + $this->container['body'] = $body; + + return $this; + } + + /** + * Gets flavor + * @return string + */ + public function getFlavor() + { + return $this->container['flavor']; + } + + /** + * Sets flavor + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + * @return $this + */ + public function setFlavor($flavor) + { + $this->container['flavor'] = $flavor; + + return $this; + } + + /** + * Gets id + * @return string + */ + public function getId() + { + return $this->container['id']; + } + + /** + * Sets id + * @param string $id The ID of the ORY Access Control Policy Role. in: path + * @return $this + */ + public function setId($id) + { + $this->container['id'] = $id; + + return $this; + } + /** + * Returns true if offset exists. False otherwise. + * @param integer $offset Offset + * @return boolean + */ + public function offsetExists($offset) + { + return isset($this->container[$offset]); + } + + /** + * Gets offset. + * @param integer $offset Offset + * @return mixed + */ + public function offsetGet($offset) + { + return isset($this->container[$offset]) ? $this->container[$offset] : null; + } + + /** + * Sets value based on offset. + * @param integer $offset Offset + * @param mixed $value Value to be set + * @return void + */ + public function offsetSet($offset, $value) + { + if (is_null($offset)) { + $this->container[] = $value; + } else { + $this->container[$offset] = $value; + } + } + + /** + * Unsets offset. + * @param integer $offset Offset + * @return void + */ + public function offsetUnset($offset) + { + unset($this->container[$offset]); + } + + /** + * Gets the string presentation of the object + * @return string + */ + public function __toString() + { + if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); + } + + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this)); + } +} + + diff --git a/sdk/php/swagger/lib/Model/RoleMembers.php b/sdk/php/swagger/lib/Model/AddOryAccessControlPolicyRoleMembersBody.php similarity index 88% rename from sdk/php/swagger/lib/Model/RoleMembers.php rename to sdk/php/swagger/lib/Model/AddOryAccessControlPolicyRoleMembersBody.php index e89fc2eef..582b7274b 100644 --- a/sdk/php/swagger/lib/Model/RoleMembers.php +++ b/sdk/php/swagger/lib/Model/AddOryAccessControlPolicyRoleMembersBody.php @@ -1,11 +1,11 @@ 'bool', - 'sub' => 'string' - ]; - - /** - * Array of property to format mappings. Used for (de)serialization - * @var string[] - */ - protected static $swaggerFormats = [ - 'allowed' => null, - 'sub' => null - ]; - - public static function swaggerTypes() - { - return self::$swaggerTypes; - } - - public static function swaggerFormats() - { - return self::$swaggerFormats; - } - - /** - * Array of attributes where the key is the local name, and the value is the original name - * @var string[] - */ - protected static $attributeMap = [ - 'allowed' => 'allowed', - 'sub' => 'sub' - ]; - - - /** - * Array of attributes to setter functions (for deserialization of responses) - * @var string[] - */ - protected static $setters = [ - 'allowed' => 'setAllowed', - 'sub' => 'setSub' - ]; - - - /** - * Array of attributes to getter functions (for serialization of requests) - * @var string[] - */ - protected static $getters = [ - 'allowed' => 'getAllowed', - 'sub' => 'getSub' - ]; - - public static function attributeMap() - { - return self::$attributeMap; - } - - public static function setters() - { - return self::$setters; - } - - public static function getters() - { - return self::$getters; - } - - - - - - /** - * Associative array for storing property values - * @var mixed[] - */ - protected $container = []; - - /** - * Constructor - * @param mixed[] $data Associated array of property values initializing the model - */ - public function __construct(array $data = null) - { - $this->container['allowed'] = isset($data['allowed']) ? $data['allowed'] : null; - $this->container['sub'] = isset($data['sub']) ? $data['sub'] : null; - } - - /** - * show all the invalid properties with reasons. - * - * @return array invalid properties with reasons - */ - public function listInvalidProperties() - { - $invalid_properties = []; - - return $invalid_properties; - } - - /** - * validate all the properties in the model - * return true if all passed - * - * @return bool True if all properties are valid - */ - public function valid() - { - - return true; - } - - - /** - * Gets allowed - * @return bool - */ - public function getAllowed() - { - return $this->container['allowed']; - } - - /** - * Sets allowed - * @param bool $allowed Allowed is true if the request is allowed and false otherwise. - * @return $this - */ - public function setAllowed($allowed) - { - $this->container['allowed'] = $allowed; - - return $this; - } - - /** - * Gets sub - * @return string - */ - public function getSub() - { - return $this->container['sub']; - } - - /** - * Sets sub - * @param string $sub Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. - * @return $this - */ - public function setSub($sub) - { - $this->container['sub'] = $sub; - - return $this; - } - /** - * Returns true if offset exists. False otherwise. - * @param integer $offset Offset - * @return boolean - */ - public function offsetExists($offset) - { - return isset($this->container[$offset]); - } - - /** - * Gets offset. - * @param integer $offset Offset - * @return mixed - */ - public function offsetGet($offset) - { - return isset($this->container[$offset]) ? $this->container[$offset] : null; - } - - /** - * Sets value based on offset. - * @param integer $offset Offset - * @param mixed $value Value to be set - * @return void - */ - public function offsetSet($offset, $value) - { - if (is_null($offset)) { - $this->container[] = $value; - } else { - $this->container[$offset] = $value; - } - } - - /** - * Unsets offset. - * @param integer $offset Offset - * @return void - */ - public function offsetUnset($offset) - { - unset($this->container[$offset]); - } - - /** - * Gets the string presentation of the object - * @return string - */ - public function __toString() - { - if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); - } - - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); - } -} - - diff --git a/sdk/php/swagger/lib/Model/AuthenticationOAuth2ClientCredentialsSession.php b/sdk/php/swagger/lib/Model/AuthenticationOAuth2ClientCredentialsSession.php deleted file mode 100644 index 827d2974c..000000000 --- a/sdk/php/swagger/lib/Model/AuthenticationOAuth2ClientCredentialsSession.php +++ /dev/null @@ -1,267 +0,0 @@ - 'bool', - 'sub' => 'string' - ]; - - /** - * Array of property to format mappings. Used for (de)serialization - * @var string[] - */ - protected static $swaggerFormats = [ - 'allowed' => null, - 'sub' => null - ]; - - public static function swaggerTypes() - { - return self::$swaggerTypes; - } - - public static function swaggerFormats() - { - return self::$swaggerFormats; - } - - /** - * Array of attributes where the key is the local name, and the value is the original name - * @var string[] - */ - protected static $attributeMap = [ - 'allowed' => 'allowed', - 'sub' => 'sub' - ]; - - - /** - * Array of attributes to setter functions (for deserialization of responses) - * @var string[] - */ - protected static $setters = [ - 'allowed' => 'setAllowed', - 'sub' => 'setSub' - ]; - - - /** - * Array of attributes to getter functions (for serialization of requests) - * @var string[] - */ - protected static $getters = [ - 'allowed' => 'getAllowed', - 'sub' => 'getSub' - ]; - - public static function attributeMap() - { - return self::$attributeMap; - } - - public static function setters() - { - return self::$setters; - } - - public static function getters() - { - return self::$getters; - } - - - - - - /** - * Associative array for storing property values - * @var mixed[] - */ - protected $container = []; - - /** - * Constructor - * @param mixed[] $data Associated array of property values initializing the model - */ - public function __construct(array $data = null) - { - $this->container['allowed'] = isset($data['allowed']) ? $data['allowed'] : null; - $this->container['sub'] = isset($data['sub']) ? $data['sub'] : null; - } - - /** - * show all the invalid properties with reasons. - * - * @return array invalid properties with reasons - */ - public function listInvalidProperties() - { - $invalid_properties = []; - - return $invalid_properties; - } - - /** - * validate all the properties in the model - * return true if all passed - * - * @return bool True if all properties are valid - */ - public function valid() - { - - return true; - } - - - /** - * Gets allowed - * @return bool - */ - public function getAllowed() - { - return $this->container['allowed']; - } - - /** - * Sets allowed - * @param bool $allowed Allowed is true if the request is allowed and false otherwise. - * @return $this - */ - public function setAllowed($allowed) - { - $this->container['allowed'] = $allowed; - - return $this; - } - - /** - * Gets sub - * @return string - */ - public function getSub() - { - return $this->container['sub']; - } - - /** - * Sets sub - * @param string $sub Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. - * @return $this - */ - public function setSub($sub) - { - $this->container['sub'] = $sub; - - return $this; - } - /** - * Returns true if offset exists. False otherwise. - * @param integer $offset Offset - * @return boolean - */ - public function offsetExists($offset) - { - return isset($this->container[$offset]); - } - - /** - * Gets offset. - * @param integer $offset Offset - * @return mixed - */ - public function offsetGet($offset) - { - return isset($this->container[$offset]) ? $this->container[$offset] : null; - } - - /** - * Sets value based on offset. - * @param integer $offset Offset - * @param mixed $value Value to be set - * @return void - */ - public function offsetSet($offset, $value) - { - if (is_null($offset)) { - $this->container[] = $value; - } else { - $this->container[$offset] = $value; - } - } - - /** - * Unsets offset. - * @param integer $offset Offset - * @return void - */ - public function offsetUnset($offset) - { - unset($this->container[$offset]); - } - - /** - * Gets the string presentation of the object - * @return string - */ - public function __toString() - { - if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); - } - - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); - } -} - - diff --git a/sdk/php/swagger/lib/Model/AuthenticationOAuth2Session.php b/sdk/php/swagger/lib/Model/AuthenticationOAuth2Session.php deleted file mode 100644 index e90b4b364..000000000 --- a/sdk/php/swagger/lib/Model/AuthenticationOAuth2Session.php +++ /dev/null @@ -1,510 +0,0 @@ - 'bool', - 'aud' => 'string[]', - 'client_id' => 'string', - 'exp' => '\DateTime', - 'iat' => '\DateTime', - 'iss' => 'string', - 'nbf' => '\DateTime', - 'scope' => 'string', - 'session' => 'map[string,object]', - 'sub' => 'string', - 'username' => 'string' - ]; - - /** - * Array of property to format mappings. Used for (de)serialization - * @var string[] - */ - protected static $swaggerFormats = [ - 'allowed' => null, - 'aud' => null, - 'client_id' => null, - 'exp' => 'date-time', - 'iat' => 'date-time', - 'iss' => null, - 'nbf' => 'date-time', - 'scope' => null, - 'session' => null, - 'sub' => null, - 'username' => null - ]; - - public static function swaggerTypes() - { - return self::$swaggerTypes; - } - - public static function swaggerFormats() - { - return self::$swaggerFormats; - } - - /** - * Array of attributes where the key is the local name, and the value is the original name - * @var string[] - */ - protected static $attributeMap = [ - 'allowed' => 'allowed', - 'aud' => 'aud', - 'client_id' => 'client_id', - 'exp' => 'exp', - 'iat' => 'iat', - 'iss' => 'iss', - 'nbf' => 'nbf', - 'scope' => 'scope', - 'session' => 'session', - 'sub' => 'sub', - 'username' => 'username' - ]; - - - /** - * Array of attributes to setter functions (for deserialization of responses) - * @var string[] - */ - protected static $setters = [ - 'allowed' => 'setAllowed', - 'aud' => 'setAud', - 'client_id' => 'setClientId', - 'exp' => 'setExp', - 'iat' => 'setIat', - 'iss' => 'setIss', - 'nbf' => 'setNbf', - 'scope' => 'setScope', - 'session' => 'setSession', - 'sub' => 'setSub', - 'username' => 'setUsername' - ]; - - - /** - * Array of attributes to getter functions (for serialization of requests) - * @var string[] - */ - protected static $getters = [ - 'allowed' => 'getAllowed', - 'aud' => 'getAud', - 'client_id' => 'getClientId', - 'exp' => 'getExp', - 'iat' => 'getIat', - 'iss' => 'getIss', - 'nbf' => 'getNbf', - 'scope' => 'getScope', - 'session' => 'getSession', - 'sub' => 'getSub', - 'username' => 'getUsername' - ]; - - public static function attributeMap() - { - return self::$attributeMap; - } - - public static function setters() - { - return self::$setters; - } - - public static function getters() - { - return self::$getters; - } - - - - - - /** - * Associative array for storing property values - * @var mixed[] - */ - protected $container = []; - - /** - * Constructor - * @param mixed[] $data Associated array of property values initializing the model - */ - public function __construct(array $data = null) - { - $this->container['allowed'] = isset($data['allowed']) ? $data['allowed'] : null; - $this->container['aud'] = isset($data['aud']) ? $data['aud'] : null; - $this->container['client_id'] = isset($data['client_id']) ? $data['client_id'] : null; - $this->container['exp'] = isset($data['exp']) ? $data['exp'] : null; - $this->container['iat'] = isset($data['iat']) ? $data['iat'] : null; - $this->container['iss'] = isset($data['iss']) ? $data['iss'] : null; - $this->container['nbf'] = isset($data['nbf']) ? $data['nbf'] : null; - $this->container['scope'] = isset($data['scope']) ? $data['scope'] : null; - $this->container['session'] = isset($data['session']) ? $data['session'] : null; - $this->container['sub'] = isset($data['sub']) ? $data['sub'] : null; - $this->container['username'] = isset($data['username']) ? $data['username'] : null; - } - - /** - * show all the invalid properties with reasons. - * - * @return array invalid properties with reasons - */ - public function listInvalidProperties() - { - $invalid_properties = []; - - return $invalid_properties; - } - - /** - * validate all the properties in the model - * return true if all passed - * - * @return bool True if all properties are valid - */ - public function valid() - { - - return true; - } - - - /** - * Gets allowed - * @return bool - */ - public function getAllowed() - { - return $this->container['allowed']; - } - - /** - * Sets allowed - * @param bool $allowed Allowed is true if the request is allowed and false otherwise. - * @return $this - */ - public function setAllowed($allowed) - { - $this->container['allowed'] = $allowed; - - return $this; - } - - /** - * Gets aud - * @return string[] - */ - public function getAud() - { - return $this->container['aud']; - } - - /** - * Sets aud - * @param string[] $aud - * @return $this - */ - public function setAud($aud) - { - $this->container['aud'] = $aud; - - return $this; - } - - /** - * Gets client_id - * @return string - */ - public function getClientId() - { - return $this->container['client_id']; - } - - /** - * Sets client_id - * @param string $client_id ClientID is the id of the OAuth2 client that requested the token. - * @return $this - */ - public function setClientId($client_id) - { - $this->container['client_id'] = $client_id; - - return $this; - } - - /** - * Gets exp - * @return \DateTime - */ - public function getExp() - { - return $this->container['exp']; - } - - /** - * Sets exp - * @param \DateTime $exp ExpiresAt is the expiry timestamp. - * @return $this - */ - public function setExp($exp) - { - $this->container['exp'] = $exp; - - return $this; - } - - /** - * Gets iat - * @return \DateTime - */ - public function getIat() - { - return $this->container['iat']; - } - - /** - * Sets iat - * @param \DateTime $iat IssuedAt is the token creation time stamp. - * @return $this - */ - public function setIat($iat) - { - $this->container['iat'] = $iat; - - return $this; - } - - /** - * Gets iss - * @return string - */ - public function getIss() - { - return $this->container['iss']; - } - - /** - * Sets iss - * @param string $iss Issuer is the id of the issuer, typically an hydra instance. - * @return $this - */ - public function setIss($iss) - { - $this->container['iss'] = $iss; - - return $this; - } - - /** - * Gets nbf - * @return \DateTime - */ - public function getNbf() - { - return $this->container['nbf']; - } - - /** - * Sets nbf - * @param \DateTime $nbf - * @return $this - */ - public function setNbf($nbf) - { - $this->container['nbf'] = $nbf; - - return $this; - } - - /** - * Gets scope - * @return string - */ - public function getScope() - { - return $this->container['scope']; - } - - /** - * Sets scope - * @param string $scope GrantedScopes is a list of scopes that the subject authorized when asked for consent. - * @return $this - */ - public function setScope($scope) - { - $this->container['scope'] = $scope; - - return $this; - } - - /** - * Gets session - * @return map[string,object] - */ - public function getSession() - { - return $this->container['session']; - } - - /** - * Sets session - * @param map[string,object] $session Session represents arbitrary session data. - * @return $this - */ - public function setSession($session) - { - $this->container['session'] = $session; - - return $this; - } - - /** - * Gets sub - * @return string - */ - public function getSub() - { - return $this->container['sub']; - } - - /** - * Sets sub - * @param string $sub Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. - * @return $this - */ - public function setSub($sub) - { - $this->container['sub'] = $sub; - - return $this; - } - - /** - * Gets username - * @return string - */ - public function getUsername() - { - return $this->container['username']; - } - - /** - * Sets username - * @param string $username - * @return $this - */ - public function setUsername($username) - { - $this->container['username'] = $username; - - return $this; - } - /** - * Returns true if offset exists. False otherwise. - * @param integer $offset Offset - * @return boolean - */ - public function offsetExists($offset) - { - return isset($this->container[$offset]); - } - - /** - * Gets offset. - * @param integer $offset Offset - * @return mixed - */ - public function offsetGet($offset) - { - return isset($this->container[$offset]) ? $this->container[$offset] : null; - } - - /** - * Sets value based on offset. - * @param integer $offset Offset - * @param mixed $value Value to be set - * @return void - */ - public function offsetSet($offset, $value) - { - if (is_null($offset)) { - $this->container[] = $value; - } else { - $this->container[$offset] = $value; - } - } - - /** - * Unsets offset. - * @param integer $offset Offset - * @return void - */ - public function offsetUnset($offset) - { - unset($this->container[$offset]); - } - - /** - * Gets the string presentation of the object - * @return string - */ - public function __toString() - { - if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); - } - - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); - } -} - - diff --git a/sdk/php/swagger/lib/Model/Authenticator.php b/sdk/php/swagger/lib/Model/Authenticator.php deleted file mode 100644 index d92e2f4ae..000000000 --- a/sdk/php/swagger/lib/Model/Authenticator.php +++ /dev/null @@ -1,218 +0,0 @@ -container[$offset]); - } - - /** - * Gets offset. - * @param integer $offset Offset - * @return mixed - */ - public function offsetGet($offset) - { - return isset($this->container[$offset]) ? $this->container[$offset] : null; - } - - /** - * Sets value based on offset. - * @param integer $offset Offset - * @param mixed $value Value to be set - * @return void - */ - public function offsetSet($offset, $value) - { - if (is_null($offset)) { - $this->container[] = $value; - } else { - $this->container[$offset] = $value; - } - } - - /** - * Unsets offset. - * @param integer $offset Offset - * @return void - */ - public function offsetUnset($offset) - { - unset($this->container[$offset]); - } - - /** - * Gets the string presentation of the object - * @return string - */ - public function __toString() - { - if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); - } - - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); - } -} - - diff --git a/sdk/php/swagger/lib/Model/Session.php b/sdk/php/swagger/lib/Model/AuthorizationResult.php similarity index 79% rename from sdk/php/swagger/lib/Model/Session.php rename to sdk/php/swagger/lib/Model/AuthorizationResult.php index b5f4594d6..c2192a667 100644 --- a/sdk/php/swagger/lib/Model/Session.php +++ b/sdk/php/swagger/lib/Model/AuthorizationResult.php @@ -1,11 +1,11 @@ 'string' + 'allowed' => 'bool' ]; /** @@ -60,7 +60,7 @@ class Session implements ArrayAccess * @var string[] */ protected static $swaggerFormats = [ - 'get_subject' => null + 'allowed' => null ]; public static function swaggerTypes() @@ -78,7 +78,7 @@ public static function swaggerFormats() * @var string[] */ protected static $attributeMap = [ - 'get_subject' => 'GetSubject' + 'allowed' => 'allowed' ]; @@ -87,7 +87,7 @@ public static function swaggerFormats() * @var string[] */ protected static $setters = [ - 'get_subject' => 'setGetSubject' + 'allowed' => 'setAllowed' ]; @@ -96,7 +96,7 @@ public static function swaggerFormats() * @var string[] */ protected static $getters = [ - 'get_subject' => 'getGetSubject' + 'allowed' => 'getAllowed' ]; public static function attributeMap() @@ -130,7 +130,7 @@ public static function getters() */ public function __construct(array $data = null) { - $this->container['get_subject'] = isset($data['get_subject']) ? $data['get_subject'] : null; + $this->container['allowed'] = isset($data['allowed']) ? $data['allowed'] : null; } /** @@ -159,22 +159,22 @@ public function valid() /** - * Gets get_subject - * @return string + * Gets allowed + * @return bool */ - public function getGetSubject() + public function getAllowed() { - return $this->container['get_subject']; + return $this->container['allowed']; } /** - * Sets get_subject - * @param string $get_subject + * Sets allowed + * @param bool $allowed Allowed is true if the request should be allowed and false otherwise. * @return $this */ - public function setGetSubject($get_subject) + public function setAllowed($allowed) { - $this->container['get_subject'] = $get_subject; + $this->container['allowed'] = $allowed; return $this; } @@ -230,10 +230,10 @@ public function offsetUnset($offset) public function __toString() { if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); } - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this)); } } diff --git a/sdk/php/swagger/lib/Model/Writer.php b/sdk/php/swagger/lib/Model/Context.php similarity index 87% rename from sdk/php/swagger/lib/Model/Writer.php rename to sdk/php/swagger/lib/Model/Context.php index 30db9dd23..60f3411ba 100644 --- a/sdk/php/swagger/lib/Model/Writer.php +++ b/sdk/php/swagger/lib/Model/Context.php @@ -1,11 +1,11 @@ 'string[]', - 'token' => 'string' + 'flavor' => 'string', + 'id' => 'string' ]; /** @@ -61,8 +61,8 @@ class AuthenticationOAuth2IntrospectionRequest implements ArrayAccess * @var string[] */ protected static $swaggerFormats = [ - 'scope' => null, - 'token' => null + 'flavor' => null, + 'id' => null ]; public static function swaggerTypes() @@ -80,8 +80,8 @@ public static function swaggerFormats() * @var string[] */ protected static $attributeMap = [ - 'scope' => 'scope', - 'token' => 'token' + 'flavor' => 'flavor', + 'id' => 'id' ]; @@ -90,8 +90,8 @@ public static function swaggerFormats() * @var string[] */ protected static $setters = [ - 'scope' => 'setScope', - 'token' => 'setToken' + 'flavor' => 'setFlavor', + 'id' => 'setId' ]; @@ -100,8 +100,8 @@ public static function swaggerFormats() * @var string[] */ protected static $getters = [ - 'scope' => 'getScope', - 'token' => 'getToken' + 'flavor' => 'getFlavor', + 'id' => 'getId' ]; public static function attributeMap() @@ -135,8 +135,8 @@ public static function getters() */ public function __construct(array $data = null) { - $this->container['scope'] = isset($data['scope']) ? $data['scope'] : null; - $this->container['token'] = isset($data['token']) ? $data['token'] : null; + $this->container['flavor'] = isset($data['flavor']) ? $data['flavor'] : null; + $this->container['id'] = isset($data['id']) ? $data['id'] : null; } /** @@ -148,6 +148,12 @@ public function listInvalidProperties() { $invalid_properties = []; + if ($this->container['flavor'] === null) { + $invalid_properties[] = "'flavor' can't be null"; + } + if ($this->container['id'] === null) { + $invalid_properties[] = "'id' can't be null"; + } return $invalid_properties; } @@ -160,48 +166,54 @@ public function listInvalidProperties() public function valid() { + if ($this->container['flavor'] === null) { + return false; + } + if ($this->container['id'] === null) { + return false; + } return true; } /** - * Gets scope - * @return string[] + * Gets flavor + * @return string */ - public function getScope() + public function getFlavor() { - return $this->container['scope']; + return $this->container['flavor']; } /** - * Sets scope - * @param string[] $scope Scope is an array of scopes that are required. + * Sets flavor + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path * @return $this */ - public function setScope($scope) + public function setFlavor($flavor) { - $this->container['scope'] = $scope; + $this->container['flavor'] = $flavor; return $this; } /** - * Gets token + * Gets id * @return string */ - public function getToken() + public function getId() { - return $this->container['token']; + return $this->container['id']; } /** - * Sets token - * @param string $token Token is the token to introspect. + * Sets id + * @param string $id The ID of the ORY Access Control Policy Role. in: path * @return $this */ - public function setToken($token) + public function setId($id) { - $this->container['token'] = $token; + $this->container['id'] = $id; return $this; } @@ -257,10 +269,10 @@ public function offsetUnset($offset) public function __toString() { if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); } - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this)); } } diff --git a/sdk/php/swagger/lib/Model/DeleteOryAccessControlPolicyRole.php b/sdk/php/swagger/lib/Model/DeleteOryAccessControlPolicyRole.php new file mode 100644 index 000000000..57b6b119d --- /dev/null +++ b/sdk/php/swagger/lib/Model/DeleteOryAccessControlPolicyRole.php @@ -0,0 +1,279 @@ + 'string', + 'id' => 'string' + ]; + + /** + * Array of property to format mappings. Used for (de)serialization + * @var string[] + */ + protected static $swaggerFormats = [ + 'flavor' => null, + 'id' => null + ]; + + public static function swaggerTypes() + { + return self::$swaggerTypes; + } + + public static function swaggerFormats() + { + return self::$swaggerFormats; + } + + /** + * Array of attributes where the key is the local name, and the value is the original name + * @var string[] + */ + protected static $attributeMap = [ + 'flavor' => 'flavor', + 'id' => 'id' + ]; + + + /** + * Array of attributes to setter functions (for deserialization of responses) + * @var string[] + */ + protected static $setters = [ + 'flavor' => 'setFlavor', + 'id' => 'setId' + ]; + + + /** + * Array of attributes to getter functions (for serialization of requests) + * @var string[] + */ + protected static $getters = [ + 'flavor' => 'getFlavor', + 'id' => 'getId' + ]; + + public static function attributeMap() + { + return self::$attributeMap; + } + + public static function setters() + { + return self::$setters; + } + + public static function getters() + { + return self::$getters; + } + + + + + + /** + * Associative array for storing property values + * @var mixed[] + */ + protected $container = []; + + /** + * Constructor + * @param mixed[] $data Associated array of property values initializing the model + */ + public function __construct(array $data = null) + { + $this->container['flavor'] = isset($data['flavor']) ? $data['flavor'] : null; + $this->container['id'] = isset($data['id']) ? $data['id'] : null; + } + + /** + * show all the invalid properties with reasons. + * + * @return array invalid properties with reasons + */ + public function listInvalidProperties() + { + $invalid_properties = []; + + if ($this->container['flavor'] === null) { + $invalid_properties[] = "'flavor' can't be null"; + } + if ($this->container['id'] === null) { + $invalid_properties[] = "'id' can't be null"; + } + return $invalid_properties; + } + + /** + * validate all the properties in the model + * return true if all passed + * + * @return bool True if all properties are valid + */ + public function valid() + { + + if ($this->container['flavor'] === null) { + return false; + } + if ($this->container['id'] === null) { + return false; + } + return true; + } + + + /** + * Gets flavor + * @return string + */ + public function getFlavor() + { + return $this->container['flavor']; + } + + /** + * Sets flavor + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + * @return $this + */ + public function setFlavor($flavor) + { + $this->container['flavor'] = $flavor; + + return $this; + } + + /** + * Gets id + * @return string + */ + public function getId() + { + return $this->container['id']; + } + + /** + * Sets id + * @param string $id The ID of the ORY Access Control Policy Role. in: path + * @return $this + */ + public function setId($id) + { + $this->container['id'] = $id; + + return $this; + } + /** + * Returns true if offset exists. False otherwise. + * @param integer $offset Offset + * @return boolean + */ + public function offsetExists($offset) + { + return isset($this->container[$offset]); + } + + /** + * Gets offset. + * @param integer $offset Offset + * @return mixed + */ + public function offsetGet($offset) + { + return isset($this->container[$offset]) ? $this->container[$offset] : null; + } + + /** + * Sets value based on offset. + * @param integer $offset Offset + * @param mixed $value Value to be set + * @return void + */ + public function offsetSet($offset, $value) + { + if (is_null($offset)) { + $this->container[] = $value; + } else { + $this->container[$offset] = $value; + } + } + + /** + * Unsets offset. + * @param integer $offset Offset + * @return void + */ + public function offsetUnset($offset) + { + unset($this->container[$offset]); + } + + /** + * Gets the string presentation of the object + * @return string + */ + public function __toString() + { + if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); + } + + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this)); + } +} + + diff --git a/sdk/php/swagger/lib/Model/SwaggerDoesWardenAllowClientRequestParameters.php b/sdk/php/swagger/lib/Model/DoOryAccessControlPoliciesAllow.php similarity index 72% rename from sdk/php/swagger/lib/Model/SwaggerDoesWardenAllowClientRequestParameters.php rename to sdk/php/swagger/lib/Model/DoOryAccessControlPoliciesAllow.php index 35eb7a5f5..cd6787185 100644 --- a/sdk/php/swagger/lib/Model/SwaggerDoesWardenAllowClientRequestParameters.php +++ b/sdk/php/swagger/lib/Model/DoOryAccessControlPoliciesAllow.php @@ -1,11 +1,11 @@ '\keto\SDK\Model\WardenOAuth2ClientAuthorizationRequest' + 'body' => '\ketoSDK\Model\OryAccessControlPolicyAllowedInput', + 'flavor' => 'string' ]; /** @@ -60,7 +61,8 @@ class SwaggerDoesWardenAllowClientRequestParameters implements ArrayAccess * @var string[] */ protected static $swaggerFormats = [ - 'body' => null + 'body' => null, + 'flavor' => null ]; public static function swaggerTypes() @@ -78,7 +80,8 @@ public static function swaggerFormats() * @var string[] */ protected static $attributeMap = [ - 'body' => 'Body' + 'body' => 'Body', + 'flavor' => 'flavor' ]; @@ -87,7 +90,8 @@ public static function swaggerFormats() * @var string[] */ protected static $setters = [ - 'body' => 'setBody' + 'body' => 'setBody', + 'flavor' => 'setFlavor' ]; @@ -96,7 +100,8 @@ public static function swaggerFormats() * @var string[] */ protected static $getters = [ - 'body' => 'getBody' + 'body' => 'getBody', + 'flavor' => 'getFlavor' ]; public static function attributeMap() @@ -131,6 +136,7 @@ public static function getters() public function __construct(array $data = null) { $this->container['body'] = isset($data['body']) ? $data['body'] : null; + $this->container['flavor'] = isset($data['flavor']) ? $data['flavor'] : null; } /** @@ -142,6 +148,9 @@ public function listInvalidProperties() { $invalid_properties = []; + if ($this->container['flavor'] === null) { + $invalid_properties[] = "'flavor' can't be null"; + } return $invalid_properties; } @@ -154,13 +163,16 @@ public function listInvalidProperties() public function valid() { + if ($this->container['flavor'] === null) { + return false; + } return true; } /** * Gets body - * @return \keto\SDK\Model\WardenOAuth2ClientAuthorizationRequest + * @return \ketoSDK\Model\OryAccessControlPolicyAllowedInput */ public function getBody() { @@ -169,7 +181,7 @@ public function getBody() /** * Sets body - * @param \keto\SDK\Model\WardenOAuth2ClientAuthorizationRequest $body + * @param \ketoSDK\Model\OryAccessControlPolicyAllowedInput $body * @return $this */ public function setBody($body) @@ -178,6 +190,27 @@ public function setBody($body) return $this; } + + /** + * Gets flavor + * @return string + */ + public function getFlavor() + { + return $this->container['flavor']; + } + + /** + * Sets flavor + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + * @return $this + */ + public function setFlavor($flavor) + { + $this->container['flavor'] = $flavor; + + return $this; + } /** * Returns true if offset exists. False otherwise. * @param integer $offset Offset @@ -230,10 +263,10 @@ public function offsetUnset($offset) public function __toString() { if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); } - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this)); } } diff --git a/sdk/php/swagger/lib/Model/Firewall.php b/sdk/php/swagger/lib/Model/Firewall.php deleted file mode 100644 index 94ddf6b0e..000000000 --- a/sdk/php/swagger/lib/Model/Firewall.php +++ /dev/null @@ -1,218 +0,0 @@ -container[$offset]); - } - - /** - * Gets offset. - * @param integer $offset Offset - * @return mixed - */ - public function offsetGet($offset) - { - return isset($this->container[$offset]) ? $this->container[$offset] : null; - } - - /** - * Sets value based on offset. - * @param integer $offset Offset - * @param mixed $value Value to be set - * @return void - */ - public function offsetSet($offset, $value) - { - if (is_null($offset)) { - $this->container[] = $value; - } else { - $this->container[$offset] = $value; - } - } - - /** - * Unsets offset. - * @param integer $offset Offset - * @return void - */ - public function offsetUnset($offset) - { - unset($this->container[$offset]); - } - - /** - * Gets the string presentation of the object - * @return string - */ - public function __toString() - { - if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); - } - - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); - } -} - - diff --git a/sdk/php/swagger/lib/Model/SwaggerGetPolicyParameters.php b/sdk/php/swagger/lib/Model/GetOryAccessControlPolicy.php similarity index 73% rename from sdk/php/swagger/lib/Model/SwaggerGetPolicyParameters.php rename to sdk/php/swagger/lib/Model/GetOryAccessControlPolicy.php index 32a74d6fc..b9073bbd6 100644 --- a/sdk/php/swagger/lib/Model/SwaggerGetPolicyParameters.php +++ b/sdk/php/swagger/lib/Model/GetOryAccessControlPolicy.php @@ -1,11 +1,11 @@ 'string', 'id' => 'string' ]; @@ -60,6 +61,7 @@ class SwaggerGetPolicyParameters implements ArrayAccess * @var string[] */ protected static $swaggerFormats = [ + 'flavor' => null, 'id' => null ]; @@ -78,6 +80,7 @@ public static function swaggerFormats() * @var string[] */ protected static $attributeMap = [ + 'flavor' => 'flavor', 'id' => 'id' ]; @@ -87,6 +90,7 @@ public static function swaggerFormats() * @var string[] */ protected static $setters = [ + 'flavor' => 'setFlavor', 'id' => 'setId' ]; @@ -96,6 +100,7 @@ public static function swaggerFormats() * @var string[] */ protected static $getters = [ + 'flavor' => 'getFlavor', 'id' => 'getId' ]; @@ -130,6 +135,7 @@ public static function getters() */ public function __construct(array $data = null) { + $this->container['flavor'] = isset($data['flavor']) ? $data['flavor'] : null; $this->container['id'] = isset($data['id']) ? $data['id'] : null; } @@ -142,6 +148,12 @@ public function listInvalidProperties() { $invalid_properties = []; + if ($this->container['flavor'] === null) { + $invalid_properties[] = "'flavor' can't be null"; + } + if ($this->container['id'] === null) { + $invalid_properties[] = "'id' can't be null"; + } return $invalid_properties; } @@ -154,10 +166,37 @@ public function listInvalidProperties() public function valid() { + if ($this->container['flavor'] === null) { + return false; + } + if ($this->container['id'] === null) { + return false; + } return true; } + /** + * Gets flavor + * @return string + */ + public function getFlavor() + { + return $this->container['flavor']; + } + + /** + * Sets flavor + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + * @return $this + */ + public function setFlavor($flavor) + { + $this->container['flavor'] = $flavor; + + return $this; + } + /** * Gets id * @return string @@ -169,7 +208,7 @@ public function getId() /** * Sets id - * @param string $id The id of the policy. in: path + * @param string $id The ID of the ORY Access Control Policy Role. in: path * @return $this */ public function setId($id) @@ -230,10 +269,10 @@ public function offsetUnset($offset) public function __toString() { if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); } - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this)); } } diff --git a/sdk/php/swagger/lib/Model/GetOryAccessControlPolicyRole.php b/sdk/php/swagger/lib/Model/GetOryAccessControlPolicyRole.php new file mode 100644 index 000000000..e690eff0e --- /dev/null +++ b/sdk/php/swagger/lib/Model/GetOryAccessControlPolicyRole.php @@ -0,0 +1,279 @@ + 'string', + 'id' => 'string' + ]; + + /** + * Array of property to format mappings. Used for (de)serialization + * @var string[] + */ + protected static $swaggerFormats = [ + 'flavor' => null, + 'id' => null + ]; + + public static function swaggerTypes() + { + return self::$swaggerTypes; + } + + public static function swaggerFormats() + { + return self::$swaggerFormats; + } + + /** + * Array of attributes where the key is the local name, and the value is the original name + * @var string[] + */ + protected static $attributeMap = [ + 'flavor' => 'flavor', + 'id' => 'id' + ]; + + + /** + * Array of attributes to setter functions (for deserialization of responses) + * @var string[] + */ + protected static $setters = [ + 'flavor' => 'setFlavor', + 'id' => 'setId' + ]; + + + /** + * Array of attributes to getter functions (for serialization of requests) + * @var string[] + */ + protected static $getters = [ + 'flavor' => 'getFlavor', + 'id' => 'getId' + ]; + + public static function attributeMap() + { + return self::$attributeMap; + } + + public static function setters() + { + return self::$setters; + } + + public static function getters() + { + return self::$getters; + } + + + + + + /** + * Associative array for storing property values + * @var mixed[] + */ + protected $container = []; + + /** + * Constructor + * @param mixed[] $data Associated array of property values initializing the model + */ + public function __construct(array $data = null) + { + $this->container['flavor'] = isset($data['flavor']) ? $data['flavor'] : null; + $this->container['id'] = isset($data['id']) ? $data['id'] : null; + } + + /** + * show all the invalid properties with reasons. + * + * @return array invalid properties with reasons + */ + public function listInvalidProperties() + { + $invalid_properties = []; + + if ($this->container['flavor'] === null) { + $invalid_properties[] = "'flavor' can't be null"; + } + if ($this->container['id'] === null) { + $invalid_properties[] = "'id' can't be null"; + } + return $invalid_properties; + } + + /** + * validate all the properties in the model + * return true if all passed + * + * @return bool True if all properties are valid + */ + public function valid() + { + + if ($this->container['flavor'] === null) { + return false; + } + if ($this->container['id'] === null) { + return false; + } + return true; + } + + + /** + * Gets flavor + * @return string + */ + public function getFlavor() + { + return $this->container['flavor']; + } + + /** + * Sets flavor + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + * @return $this + */ + public function setFlavor($flavor) + { + $this->container['flavor'] = $flavor; + + return $this; + } + + /** + * Gets id + * @return string + */ + public function getId() + { + return $this->container['id']; + } + + /** + * Sets id + * @param string $id The ID of the ORY Access Control Policy Role. in: path + * @return $this + */ + public function setId($id) + { + $this->container['id'] = $id; + + return $this; + } + /** + * Returns true if offset exists. False otherwise. + * @param integer $offset Offset + * @return boolean + */ + public function offsetExists($offset) + { + return isset($this->container[$offset]); + } + + /** + * Gets offset. + * @param integer $offset Offset + * @return mixed + */ + public function offsetGet($offset) + { + return isset($this->container[$offset]) ? $this->container[$offset] : null; + } + + /** + * Sets value based on offset. + * @param integer $offset Offset + * @param mixed $value Value to be set + * @return void + */ + public function offsetSet($offset, $value) + { + if (is_null($offset)) { + $this->container[] = $value; + } else { + $this->container[$offset] = $value; + } + } + + /** + * Unsets offset. + * @param integer $offset Offset + * @return void + */ + public function offsetUnset($offset) + { + unset($this->container[$offset]); + } + + /** + * Gets the string presentation of the object + * @return string + */ + public function __toString() + { + if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); + } + + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this)); + } +} + + diff --git a/sdk/php/swagger/lib/Model/Handler.php b/sdk/php/swagger/lib/Model/Handler.php deleted file mode 100644 index ac2e4cbd5..000000000 --- a/sdk/php/swagger/lib/Model/Handler.php +++ /dev/null @@ -1,267 +0,0 @@ - '\keto\SDK\Model\Writer', - 'manager' => '\keto\SDK\Model\Manager' - ]; - - /** - * Array of property to format mappings. Used for (de)serialization - * @var string[] - */ - protected static $swaggerFormats = [ - 'h' => null, - 'manager' => null - ]; - - public static function swaggerTypes() - { - return self::$swaggerTypes; - } - - public static function swaggerFormats() - { - return self::$swaggerFormats; - } - - /** - * Array of attributes where the key is the local name, and the value is the original name - * @var string[] - */ - protected static $attributeMap = [ - 'h' => 'H', - 'manager' => 'Manager' - ]; - - - /** - * Array of attributes to setter functions (for deserialization of responses) - * @var string[] - */ - protected static $setters = [ - 'h' => 'setH', - 'manager' => 'setManager' - ]; - - - /** - * Array of attributes to getter functions (for serialization of requests) - * @var string[] - */ - protected static $getters = [ - 'h' => 'getH', - 'manager' => 'getManager' - ]; - - public static function attributeMap() - { - return self::$attributeMap; - } - - public static function setters() - { - return self::$setters; - } - - public static function getters() - { - return self::$getters; - } - - - - - - /** - * Associative array for storing property values - * @var mixed[] - */ - protected $container = []; - - /** - * Constructor - * @param mixed[] $data Associated array of property values initializing the model - */ - public function __construct(array $data = null) - { - $this->container['h'] = isset($data['h']) ? $data['h'] : null; - $this->container['manager'] = isset($data['manager']) ? $data['manager'] : null; - } - - /** - * show all the invalid properties with reasons. - * - * @return array invalid properties with reasons - */ - public function listInvalidProperties() - { - $invalid_properties = []; - - return $invalid_properties; - } - - /** - * validate all the properties in the model - * return true if all passed - * - * @return bool True if all properties are valid - */ - public function valid() - { - - return true; - } - - - /** - * Gets h - * @return \keto\SDK\Model\Writer - */ - public function getH() - { - return $this->container['h']; - } - - /** - * Sets h - * @param \keto\SDK\Model\Writer $h - * @return $this - */ - public function setH($h) - { - $this->container['h'] = $h; - - return $this; - } - - /** - * Gets manager - * @return \keto\SDK\Model\Manager - */ - public function getManager() - { - return $this->container['manager']; - } - - /** - * Sets manager - * @param \keto\SDK\Model\Manager $manager - * @return $this - */ - public function setManager($manager) - { - $this->container['manager'] = $manager; - - return $this; - } - /** - * Returns true if offset exists. False otherwise. - * @param integer $offset Offset - * @return boolean - */ - public function offsetExists($offset) - { - return isset($this->container[$offset]); - } - - /** - * Gets offset. - * @param integer $offset Offset - * @return mixed - */ - public function offsetGet($offset) - { - return isset($this->container[$offset]) ? $this->container[$offset] : null; - } - - /** - * Sets value based on offset. - * @param integer $offset Offset - * @param mixed $value Value to be set - * @return void - */ - public function offsetSet($offset, $value) - { - if (is_null($offset)) { - $this->container[] = $value; - } else { - $this->container[$offset] = $value; - } - } - - /** - * Unsets offset. - * @param integer $offset Offset - * @return void - */ - public function offsetUnset($offset) - { - unset($this->container[$offset]); - } - - /** - * Gets the string presentation of the object - * @return string - */ - public function __toString() - { - if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); - } - - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); - } -} - - diff --git a/sdk/php/swagger/lib/Model/HealthNotReadyStatus.php b/sdk/php/swagger/lib/Model/HealthNotReadyStatus.php index 8c9ccdc1d..1b4f8c9cb 100644 --- a/sdk/php/swagger/lib/Model/HealthNotReadyStatus.php +++ b/sdk/php/swagger/lib/Model/HealthNotReadyStatus.php @@ -5,7 +5,7 @@ * PHP version 5 * * @category Class - * @package keto\SDK + * @package ketoSDK * @author Swaagger Codegen team * @link https://github.com/swagger-api/swagger-codegen */ @@ -14,7 +14,7 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git * */ @@ -25,7 +25,7 @@ * Do not edit the class manually. */ -namespace keto\SDK\Model; +namespace ketoSDK\Model; use \ArrayAccess; @@ -33,7 +33,7 @@ * HealthNotReadyStatus Class Doc Comment * * @category Class - * @package keto\SDK + * @package ketoSDK * @author Swagger Codegen team * @link https://github.com/swagger-api/swagger-codegen */ @@ -230,10 +230,10 @@ public function offsetUnset($offset) public function __toString() { if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); } - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this)); } } diff --git a/sdk/php/swagger/lib/Model/HealthStatus.php b/sdk/php/swagger/lib/Model/HealthStatus.php index dbb524790..2a4ad94b2 100644 --- a/sdk/php/swagger/lib/Model/HealthStatus.php +++ b/sdk/php/swagger/lib/Model/HealthStatus.php @@ -5,7 +5,7 @@ * PHP version 5 * * @category Class - * @package keto\SDK + * @package ketoSDK * @author Swaagger Codegen team * @link https://github.com/swagger-api/swagger-codegen */ @@ -14,7 +14,7 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git * */ @@ -25,7 +25,7 @@ * Do not edit the class manually. */ -namespace keto\SDK\Model; +namespace ketoSDK\Model; use \ArrayAccess; @@ -33,7 +33,7 @@ * HealthStatus Class Doc Comment * * @category Class - * @package keto\SDK + * @package ketoSDK * @author Swagger Codegen team * @link https://github.com/swagger-api/swagger-codegen */ @@ -230,10 +230,10 @@ public function offsetUnset($offset) public function __toString() { if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); } - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this)); } } diff --git a/sdk/php/swagger/lib/Model/InlineResponse500.php b/sdk/php/swagger/lib/Model/InlineResponse500.php index 165e2f404..b925648d5 100644 --- a/sdk/php/swagger/lib/Model/InlineResponse500.php +++ b/sdk/php/swagger/lib/Model/InlineResponse500.php @@ -5,7 +5,7 @@ * PHP version 5 * * @category Class - * @package keto\SDK + * @package ketoSDK * @author Swaagger Codegen team * @link https://github.com/swagger-api/swagger-codegen */ @@ -14,7 +14,7 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git * */ @@ -25,7 +25,7 @@ * Do not edit the class manually. */ -namespace keto\SDK\Model; +namespace ketoSDK\Model; use \ArrayAccess; @@ -33,7 +33,7 @@ * InlineResponse500 Class Doc Comment * * @category Class - * @package keto\SDK + * @package ketoSDK * @author Swagger Codegen team * @link https://github.com/swagger-api/swagger-codegen */ @@ -365,10 +365,10 @@ public function offsetUnset($offset) public function __toString() { if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); } - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this)); } } diff --git a/sdk/php/swagger/lib/Model/IntrospectionResponse.php b/sdk/php/swagger/lib/Model/IntrospectionResponse.php deleted file mode 100644 index 34ac54717..000000000 --- a/sdk/php/swagger/lib/Model/IntrospectionResponse.php +++ /dev/null @@ -1,537 +0,0 @@ - 'bool', - 'aud' => 'string[]', - 'client_id' => 'string', - 'exp' => 'int', - 'ext' => 'map[string,object]', - 'iat' => 'int', - 'iss' => 'string', - 'nbf' => 'int', - 'scope' => 'string', - 'sub' => 'string', - 'token_type' => 'string', - 'username' => 'string' - ]; - - /** - * Array of property to format mappings. Used for (de)serialization - * @var string[] - */ - protected static $swaggerFormats = [ - 'active' => null, - 'aud' => null, - 'client_id' => null, - 'exp' => 'int64', - 'ext' => null, - 'iat' => 'int64', - 'iss' => null, - 'nbf' => 'int64', - 'scope' => null, - 'sub' => null, - 'token_type' => null, - 'username' => null - ]; - - public static function swaggerTypes() - { - return self::$swaggerTypes; - } - - public static function swaggerFormats() - { - return self::$swaggerFormats; - } - - /** - * Array of attributes where the key is the local name, and the value is the original name - * @var string[] - */ - protected static $attributeMap = [ - 'active' => 'active', - 'aud' => 'aud', - 'client_id' => 'client_id', - 'exp' => 'exp', - 'ext' => 'ext', - 'iat' => 'iat', - 'iss' => 'iss', - 'nbf' => 'nbf', - 'scope' => 'scope', - 'sub' => 'sub', - 'token_type' => 'token_type', - 'username' => 'username' - ]; - - - /** - * Array of attributes to setter functions (for deserialization of responses) - * @var string[] - */ - protected static $setters = [ - 'active' => 'setActive', - 'aud' => 'setAud', - 'client_id' => 'setClientId', - 'exp' => 'setExp', - 'ext' => 'setExt', - 'iat' => 'setIat', - 'iss' => 'setIss', - 'nbf' => 'setNbf', - 'scope' => 'setScope', - 'sub' => 'setSub', - 'token_type' => 'setTokenType', - 'username' => 'setUsername' - ]; - - - /** - * Array of attributes to getter functions (for serialization of requests) - * @var string[] - */ - protected static $getters = [ - 'active' => 'getActive', - 'aud' => 'getAud', - 'client_id' => 'getClientId', - 'exp' => 'getExp', - 'ext' => 'getExt', - 'iat' => 'getIat', - 'iss' => 'getIss', - 'nbf' => 'getNbf', - 'scope' => 'getScope', - 'sub' => 'getSub', - 'token_type' => 'getTokenType', - 'username' => 'getUsername' - ]; - - public static function attributeMap() - { - return self::$attributeMap; - } - - public static function setters() - { - return self::$setters; - } - - public static function getters() - { - return self::$getters; - } - - - - - - /** - * Associative array for storing property values - * @var mixed[] - */ - protected $container = []; - - /** - * Constructor - * @param mixed[] $data Associated array of property values initializing the model - */ - public function __construct(array $data = null) - { - $this->container['active'] = isset($data['active']) ? $data['active'] : null; - $this->container['aud'] = isset($data['aud']) ? $data['aud'] : null; - $this->container['client_id'] = isset($data['client_id']) ? $data['client_id'] : null; - $this->container['exp'] = isset($data['exp']) ? $data['exp'] : null; - $this->container['ext'] = isset($data['ext']) ? $data['ext'] : null; - $this->container['iat'] = isset($data['iat']) ? $data['iat'] : null; - $this->container['iss'] = isset($data['iss']) ? $data['iss'] : null; - $this->container['nbf'] = isset($data['nbf']) ? $data['nbf'] : null; - $this->container['scope'] = isset($data['scope']) ? $data['scope'] : null; - $this->container['sub'] = isset($data['sub']) ? $data['sub'] : null; - $this->container['token_type'] = isset($data['token_type']) ? $data['token_type'] : null; - $this->container['username'] = isset($data['username']) ? $data['username'] : null; - } - - /** - * show all the invalid properties with reasons. - * - * @return array invalid properties with reasons - */ - public function listInvalidProperties() - { - $invalid_properties = []; - - return $invalid_properties; - } - - /** - * validate all the properties in the model - * return true if all passed - * - * @return bool True if all properties are valid - */ - public function valid() - { - - return true; - } - - - /** - * Gets active - * @return bool - */ - public function getActive() - { - return $this->container['active']; - } - - /** - * Sets active - * @param bool $active - * @return $this - */ - public function setActive($active) - { - $this->container['active'] = $active; - - return $this; - } - - /** - * Gets aud - * @return string[] - */ - public function getAud() - { - return $this->container['aud']; - } - - /** - * Sets aud - * @param string[] $aud - * @return $this - */ - public function setAud($aud) - { - $this->container['aud'] = $aud; - - return $this; - } - - /** - * Gets client_id - * @return string - */ - public function getClientId() - { - return $this->container['client_id']; - } - - /** - * Sets client_id - * @param string $client_id - * @return $this - */ - public function setClientId($client_id) - { - $this->container['client_id'] = $client_id; - - return $this; - } - - /** - * Gets exp - * @return int - */ - public function getExp() - { - return $this->container['exp']; - } - - /** - * Sets exp - * @param int $exp - * @return $this - */ - public function setExp($exp) - { - $this->container['exp'] = $exp; - - return $this; - } - - /** - * Gets ext - * @return map[string,object] - */ - public function getExt() - { - return $this->container['ext']; - } - - /** - * Sets ext - * @param map[string,object] $ext Session represents arbitrary session data. - * @return $this - */ - public function setExt($ext) - { - $this->container['ext'] = $ext; - - return $this; - } - - /** - * Gets iat - * @return int - */ - public function getIat() - { - return $this->container['iat']; - } - - /** - * Sets iat - * @param int $iat - * @return $this - */ - public function setIat($iat) - { - $this->container['iat'] = $iat; - - return $this; - } - - /** - * Gets iss - * @return string - */ - public function getIss() - { - return $this->container['iss']; - } - - /** - * Sets iss - * @param string $iss - * @return $this - */ - public function setIss($iss) - { - $this->container['iss'] = $iss; - - return $this; - } - - /** - * Gets nbf - * @return int - */ - public function getNbf() - { - return $this->container['nbf']; - } - - /** - * Sets nbf - * @param int $nbf - * @return $this - */ - public function setNbf($nbf) - { - $this->container['nbf'] = $nbf; - - return $this; - } - - /** - * Gets scope - * @return string - */ - public function getScope() - { - return $this->container['scope']; - } - - /** - * Sets scope - * @param string $scope - * @return $this - */ - public function setScope($scope) - { - $this->container['scope'] = $scope; - - return $this; - } - - /** - * Gets sub - * @return string - */ - public function getSub() - { - return $this->container['sub']; - } - - /** - * Sets sub - * @param string $sub Here, it's sub - * @return $this - */ - public function setSub($sub) - { - $this->container['sub'] = $sub; - - return $this; - } - - /** - * Gets token_type - * @return string - */ - public function getTokenType() - { - return $this->container['token_type']; - } - - /** - * Sets token_type - * @param string $token_type - * @return $this - */ - public function setTokenType($token_type) - { - $this->container['token_type'] = $token_type; - - return $this; - } - - /** - * Gets username - * @return string - */ - public function getUsername() - { - return $this->container['username']; - } - - /** - * Sets username - * @param string $username - * @return $this - */ - public function setUsername($username) - { - $this->container['username'] = $username; - - return $this; - } - /** - * Returns true if offset exists. False otherwise. - * @param integer $offset Offset - * @return boolean - */ - public function offsetExists($offset) - { - return isset($this->container[$offset]); - } - - /** - * Gets offset. - * @param integer $offset Offset - * @return mixed - */ - public function offsetGet($offset) - { - return isset($this->container[$offset]) ? $this->container[$offset] : null; - } - - /** - * Sets value based on offset. - * @param integer $offset Offset - * @param mixed $value Value to be set - * @return void - */ - public function offsetSet($offset, $value) - { - if (is_null($offset)) { - $this->container[] = $value; - } else { - $this->container[$offset] = $value; - } - } - - /** - * Unsets offset. - * @param integer $offset Offset - * @return void - */ - public function offsetUnset($offset) - { - unset($this->container[$offset]); - } - - /** - * Gets the string presentation of the object - * @return string - */ - public function __toString() - { - if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); - } - - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); - } -} - - diff --git a/sdk/php/swagger/lib/Model/SwaggerListPolicyParameters.php b/sdk/php/swagger/lib/Model/ListOryAccessControlPolicies.php similarity index 78% rename from sdk/php/swagger/lib/Model/SwaggerListPolicyParameters.php rename to sdk/php/swagger/lib/Model/ListOryAccessControlPolicies.php index d77221c9d..d5dfc477b 100644 --- a/sdk/php/swagger/lib/Model/SwaggerListPolicyParameters.php +++ b/sdk/php/swagger/lib/Model/ListOryAccessControlPolicies.php @@ -1,11 +1,11 @@ 'string', 'limit' => 'int', 'offset' => 'int' ]; @@ -61,6 +62,7 @@ class SwaggerListPolicyParameters implements ArrayAccess * @var string[] */ protected static $swaggerFormats = [ + 'flavor' => null, 'limit' => 'int64', 'offset' => 'int64' ]; @@ -80,6 +82,7 @@ public static function swaggerFormats() * @var string[] */ protected static $attributeMap = [ + 'flavor' => 'flavor', 'limit' => 'limit', 'offset' => 'offset' ]; @@ -90,6 +93,7 @@ public static function swaggerFormats() * @var string[] */ protected static $setters = [ + 'flavor' => 'setFlavor', 'limit' => 'setLimit', 'offset' => 'setOffset' ]; @@ -100,6 +104,7 @@ public static function swaggerFormats() * @var string[] */ protected static $getters = [ + 'flavor' => 'getFlavor', 'limit' => 'getLimit', 'offset' => 'getOffset' ]; @@ -135,6 +140,7 @@ public static function getters() */ public function __construct(array $data = null) { + $this->container['flavor'] = isset($data['flavor']) ? $data['flavor'] : null; $this->container['limit'] = isset($data['limit']) ? $data['limit'] : null; $this->container['offset'] = isset($data['offset']) ? $data['offset'] : null; } @@ -148,6 +154,9 @@ public function listInvalidProperties() { $invalid_properties = []; + if ($this->container['flavor'] === null) { + $invalid_properties[] = "'flavor' can't be null"; + } return $invalid_properties; } @@ -160,10 +169,34 @@ public function listInvalidProperties() public function valid() { + if ($this->container['flavor'] === null) { + return false; + } return true; } + /** + * Gets flavor + * @return string + */ + public function getFlavor() + { + return $this->container['flavor']; + } + + /** + * Sets flavor + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" in: path + * @return $this + */ + public function setFlavor($flavor) + { + $this->container['flavor'] = $flavor; + + return $this; + } + /** * Gets limit * @return int @@ -175,7 +208,7 @@ public function getLimit() /** * Sets limit - * @param int $limit The maximum amount of policies returned. in: query + * @param int $limit The maximum amount of policies returned. in: query * @return $this */ public function setLimit($limit) @@ -196,7 +229,7 @@ public function getOffset() /** * Sets offset - * @param int $offset The offset from where to start looking. in: query + * @param int $offset The offset from where to start looking. in: query * @return $this */ public function setOffset($offset) @@ -257,10 +290,10 @@ public function offsetUnset($offset) public function __toString() { if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); } - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this)); } } diff --git a/sdk/php/swagger/lib/Model/AuthenticationOAuth2ClientCredentialsRequest.php b/sdk/php/swagger/lib/Model/ListOryAccessControlPolicyRoles.php similarity index 65% rename from sdk/php/swagger/lib/Model/AuthenticationOAuth2ClientCredentialsRequest.php rename to sdk/php/swagger/lib/Model/ListOryAccessControlPolicyRoles.php index 6165677e0..767802bbb 100644 --- a/sdk/php/swagger/lib/Model/AuthenticationOAuth2ClientCredentialsRequest.php +++ b/sdk/php/swagger/lib/Model/ListOryAccessControlPolicyRoles.php @@ -1,11 +1,11 @@ 'string', - 'client_secret' => 'string', - 'scope' => 'string[]' + 'flavor' => 'string', + 'limit' => 'int', + 'offset' => 'int' ]; /** @@ -62,9 +62,9 @@ class AuthenticationOAuth2ClientCredentialsRequest implements ArrayAccess * @var string[] */ protected static $swaggerFormats = [ - 'client_id' => null, - 'client_secret' => null, - 'scope' => null + 'flavor' => null, + 'limit' => 'int64', + 'offset' => 'int64' ]; public static function swaggerTypes() @@ -82,9 +82,9 @@ public static function swaggerFormats() * @var string[] */ protected static $attributeMap = [ - 'client_id' => 'client_id', - 'client_secret' => 'client_secret', - 'scope' => 'scope' + 'flavor' => 'flavor', + 'limit' => 'limit', + 'offset' => 'offset' ]; @@ -93,9 +93,9 @@ public static function swaggerFormats() * @var string[] */ protected static $setters = [ - 'client_id' => 'setClientId', - 'client_secret' => 'setClientSecret', - 'scope' => 'setScope' + 'flavor' => 'setFlavor', + 'limit' => 'setLimit', + 'offset' => 'setOffset' ]; @@ -104,9 +104,9 @@ public static function swaggerFormats() * @var string[] */ protected static $getters = [ - 'client_id' => 'getClientId', - 'client_secret' => 'getClientSecret', - 'scope' => 'getScope' + 'flavor' => 'getFlavor', + 'limit' => 'getLimit', + 'offset' => 'getOffset' ]; public static function attributeMap() @@ -140,9 +140,9 @@ public static function getters() */ public function __construct(array $data = null) { - $this->container['client_id'] = isset($data['client_id']) ? $data['client_id'] : null; - $this->container['client_secret'] = isset($data['client_secret']) ? $data['client_secret'] : null; - $this->container['scope'] = isset($data['scope']) ? $data['scope'] : null; + $this->container['flavor'] = isset($data['flavor']) ? $data['flavor'] : null; + $this->container['limit'] = isset($data['limit']) ? $data['limit'] : null; + $this->container['offset'] = isset($data['offset']) ? $data['offset'] : null; } /** @@ -154,6 +154,9 @@ public function listInvalidProperties() { $invalid_properties = []; + if ($this->container['flavor'] === null) { + $invalid_properties[] = "'flavor' can't be null"; + } return $invalid_properties; } @@ -166,69 +169,72 @@ public function listInvalidProperties() public function valid() { + if ($this->container['flavor'] === null) { + return false; + } return true; } /** - * Gets client_id + * Gets flavor * @return string */ - public function getClientId() + public function getFlavor() { - return $this->container['client_id']; + return $this->container['flavor']; } /** - * Sets client_id - * @param string $client_id Token is the token to introspect. + * Sets flavor + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\" in: path * @return $this */ - public function setClientId($client_id) + public function setFlavor($flavor) { - $this->container['client_id'] = $client_id; + $this->container['flavor'] = $flavor; return $this; } /** - * Gets client_secret - * @return string + * Gets limit + * @return int */ - public function getClientSecret() + public function getLimit() { - return $this->container['client_secret']; + return $this->container['limit']; } /** - * Sets client_secret - * @param string $client_secret + * Sets limit + * @param int $limit The maximum amount of policies returned. in: query * @return $this */ - public function setClientSecret($client_secret) + public function setLimit($limit) { - $this->container['client_secret'] = $client_secret; + $this->container['limit'] = $limit; return $this; } /** - * Gets scope - * @return string[] + * Gets offset + * @return int */ - public function getScope() + public function getOffset() { - return $this->container['scope']; + return $this->container['offset']; } /** - * Sets scope - * @param string[] $scope Scope is an array of scopes that are required. + * Sets offset + * @param int $offset The offset from where to start looking. in: query * @return $this */ - public function setScope($scope) + public function setOffset($offset) { - $this->container['scope'] = $scope; + $this->container['offset'] = $offset; return $this; } @@ -284,10 +290,10 @@ public function offsetUnset($offset) public function __toString() { if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); } - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this)); } } diff --git a/sdk/php/swagger/lib/Model/OAuth2IntrospectionAuthentication.php b/sdk/php/swagger/lib/Model/OAuth2IntrospectionAuthentication.php deleted file mode 100644 index a492e05da..000000000 --- a/sdk/php/swagger/lib/Model/OAuth2IntrospectionAuthentication.php +++ /dev/null @@ -1,218 +0,0 @@ -container[$offset]); - } - - /** - * Gets offset. - * @param integer $offset Offset - * @return mixed - */ - public function offsetGet($offset) - { - return isset($this->container[$offset]) ? $this->container[$offset] : null; - } - - /** - * Sets value based on offset. - * @param integer $offset Offset - * @param mixed $value Value to be set - * @return void - */ - public function offsetSet($offset, $value) - { - if (is_null($offset)) { - $this->container[] = $value; - } else { - $this->container[$offset] = $value; - } - } - - /** - * Unsets offset. - * @param integer $offset Offset - * @return void - */ - public function offsetUnset($offset) - { - unset($this->container[$offset]); - } - - /** - * Gets the string presentation of the object - * @return string - */ - public function __toString() - { - if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); - } - - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); - } -} - - diff --git a/sdk/php/swagger/lib/Model/SwaggerCreatePolicyParameters.php b/sdk/php/swagger/lib/Model/OryAccessControlPolicies.php similarity index 86% rename from sdk/php/swagger/lib/Model/SwaggerCreatePolicyParameters.php rename to sdk/php/swagger/lib/Model/OryAccessControlPolicies.php index 7e7c75397..814354ef5 100644 --- a/sdk/php/swagger/lib/Model/SwaggerCreatePolicyParameters.php +++ b/sdk/php/swagger/lib/Model/OryAccessControlPolicies.php @@ -1,11 +1,11 @@ '\keto\SDK\Model\Policy' + 'body' => '\ketoSDK\Model\OryAccessControlPolicy[]' ]; /** @@ -160,7 +160,7 @@ public function valid() /** * Gets body - * @return \keto\SDK\Model\Policy + * @return \ketoSDK\Model\OryAccessControlPolicy[] */ public function getBody() { @@ -169,7 +169,7 @@ public function getBody() /** * Sets body - * @param \keto\SDK\Model\Policy $body + * @param \ketoSDK\Model\OryAccessControlPolicy[] $body in: body * @return $this */ public function setBody($body) @@ -230,10 +230,10 @@ public function offsetUnset($offset) public function __toString() { if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); } - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this)); } } diff --git a/sdk/php/swagger/lib/Model/Policy.php b/sdk/php/swagger/lib/Model/OryAccessControlPolicy.php similarity index 85% rename from sdk/php/swagger/lib/Model/Policy.php rename to sdk/php/swagger/lib/Model/OryAccessControlPolicy.php index ed0f13c9a..9f7ed1f0c 100644 --- a/sdk/php/swagger/lib/Model/Policy.php +++ b/sdk/php/swagger/lib/Model/OryAccessControlPolicy.php @@ -1,11 +1,11 @@ 'string[]', - 'conditions' => 'map[string,\keto\SDK\Model\PolicyConditions]', + 'conditions' => 'map[string,object][]', 'description' => 'string', 'effect' => 'string', 'id' => 'string', @@ -205,7 +205,7 @@ public function getActions() /** * Sets actions - * @param string[] $actions Actions impacted by the policy. + * @param string[] $actions Actions is an array representing all the actions this ORY Access Policy applies to. * @return $this */ public function setActions($actions) @@ -217,7 +217,7 @@ public function setActions($actions) /** * Gets conditions - * @return map[string,\keto\SDK\Model\PolicyConditions] + * @return map[string,object][] */ public function getConditions() { @@ -226,7 +226,7 @@ public function getConditions() /** * Sets conditions - * @param map[string,\keto\SDK\Model\PolicyConditions] $conditions Conditions under which the policy is active. + * @param map[string,object][] $conditions Conditions represents an array of conditions under which this ORY Access Policy is active. * @return $this */ public function setConditions($conditions) @@ -247,7 +247,7 @@ public function getDescription() /** * Sets description - * @param string $description Description of the policy. + * @param string $description Description is an optional, human-readable description. * @return $this */ public function setDescription($description) @@ -268,7 +268,7 @@ public function getEffect() /** * Sets effect - * @param string $effect Effect of the policy + * @param string $effect Effect is the effect of this ORY Access Policy. It can be \"allow\" or \"deny\". * @return $this */ public function setEffect($effect) @@ -289,7 +289,7 @@ public function getId() /** * Sets id - * @param string $id ID of the policy. + * @param string $id ID is the unique identifier of the ORY Access Policy. It is used to query, update, and remove the ORY Access Policy. * @return $this */ public function setId($id) @@ -310,7 +310,7 @@ public function getResources() /** * Sets resources - * @param string[] $resources Resources impacted by the policy. + * @param string[] $resources Resources is an array representing all the resources this ORY Access Policy applies to. * @return $this */ public function setResources($resources) @@ -331,7 +331,7 @@ public function getSubjects() /** * Sets subjects - * @param string[] $subjects Subjects impacted by the policy. + * @param string[] $subjects Subjects is an array representing all the subjects this ORY Access Policy applies to. * @return $this */ public function setSubjects($subjects) @@ -392,10 +392,10 @@ public function offsetUnset($offset) public function __toString() { if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); } - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this)); } } diff --git a/sdk/php/swagger/lib/Model/WardenSubjectAuthorizationRequest.php b/sdk/php/swagger/lib/Model/OryAccessControlPolicyAllowedInput.php similarity index 91% rename from sdk/php/swagger/lib/Model/WardenSubjectAuthorizationRequest.php rename to sdk/php/swagger/lib/Model/OryAccessControlPolicyAllowedInput.php index b6ddead87..3677ac074 100644 --- a/sdk/php/swagger/lib/Model/WardenSubjectAuthorizationRequest.php +++ b/sdk/php/swagger/lib/Model/OryAccessControlPolicyAllowedInput.php @@ -1,11 +1,11 @@ 'map[string,object]', - 'type' => 'string' - ]; - - /** - * Array of property to format mappings. Used for (de)serialization - * @var string[] - */ - protected static $swaggerFormats = [ - 'options' => null, - 'type' => null - ]; - - public static function swaggerTypes() - { - return self::$swaggerTypes; - } - - public static function swaggerFormats() - { - return self::$swaggerFormats; - } - - /** - * Array of attributes where the key is the local name, and the value is the original name - * @var string[] - */ - protected static $attributeMap = [ - 'options' => 'options', - 'type' => 'type' - ]; - - - /** - * Array of attributes to setter functions (for deserialization of responses) - * @var string[] - */ - protected static $setters = [ - 'options' => 'setOptions', - 'type' => 'setType' - ]; - - - /** - * Array of attributes to getter functions (for serialization of requests) - * @var string[] - */ - protected static $getters = [ - 'options' => 'getOptions', - 'type' => 'getType' - ]; - - public static function attributeMap() - { - return self::$attributeMap; - } - - public static function setters() - { - return self::$setters; - } - - public static function getters() - { - return self::$getters; - } - - - - - - /** - * Associative array for storing property values - * @var mixed[] - */ - protected $container = []; - - /** - * Constructor - * @param mixed[] $data Associated array of property values initializing the model - */ - public function __construct(array $data = null) - { - $this->container['options'] = isset($data['options']) ? $data['options'] : null; - $this->container['type'] = isset($data['type']) ? $data['type'] : null; - } - - /** - * show all the invalid properties with reasons. - * - * @return array invalid properties with reasons - */ - public function listInvalidProperties() - { - $invalid_properties = []; - - return $invalid_properties; - } - - /** - * validate all the properties in the model - * return true if all passed - * - * @return bool True if all properties are valid - */ - public function valid() - { - - return true; - } - - - /** - * Gets options - * @return map[string,object] - */ - public function getOptions() - { - return $this->container['options']; - } - - /** - * Sets options - * @param map[string,object] $options - * @return $this - */ - public function setOptions($options) - { - $this->container['options'] = $options; - - return $this; - } - - /** - * Gets type - * @return string - */ - public function getType() - { - return $this->container['type']; - } - - /** - * Sets type - * @param string $type - * @return $this - */ - public function setType($type) - { - $this->container['type'] = $type; - - return $this; - } - /** - * Returns true if offset exists. False otherwise. - * @param integer $offset Offset - * @return boolean - */ - public function offsetExists($offset) - { - return isset($this->container[$offset]); - } - - /** - * Gets offset. - * @param integer $offset Offset - * @return mixed - */ - public function offsetGet($offset) - { - return isset($this->container[$offset]) ? $this->container[$offset] : null; - } - - /** - * Sets value based on offset. - * @param integer $offset Offset - * @param mixed $value Value to be set - * @return void - */ - public function offsetSet($offset, $value) - { - if (is_null($offset)) { - $this->container[] = $value; - } else { - $this->container[$offset] = $value; - } - } - - /** - * Unsets offset. - * @param integer $offset Offset - * @return void - */ - public function offsetUnset($offset) - { - unset($this->container[$offset]); - } - - /** - * Gets the string presentation of the object - * @return string - */ - public function __toString() - { - if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); - } - - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); - } -} - - diff --git a/sdk/php/swagger/lib/Model/RemoveOryAccessControlPolicyRoleMembers.php b/sdk/php/swagger/lib/Model/RemoveOryAccessControlPolicyRoleMembers.php new file mode 100644 index 000000000..85281a2f9 --- /dev/null +++ b/sdk/php/swagger/lib/Model/RemoveOryAccessControlPolicyRoleMembers.php @@ -0,0 +1,306 @@ + '\ketoSDK\Model\RemoveOryAccessControlPolicyRoleMembersBody', + 'flavor' => 'string', + 'id' => 'string' + ]; + + /** + * Array of property to format mappings. Used for (de)serialization + * @var string[] + */ + protected static $swaggerFormats = [ + 'body' => null, + 'flavor' => null, + 'id' => null + ]; + + public static function swaggerTypes() + { + return self::$swaggerTypes; + } + + public static function swaggerFormats() + { + return self::$swaggerFormats; + } + + /** + * Array of attributes where the key is the local name, and the value is the original name + * @var string[] + */ + protected static $attributeMap = [ + 'body' => 'Body', + 'flavor' => 'flavor', + 'id' => 'id' + ]; + + + /** + * Array of attributes to setter functions (for deserialization of responses) + * @var string[] + */ + protected static $setters = [ + 'body' => 'setBody', + 'flavor' => 'setFlavor', + 'id' => 'setId' + ]; + + + /** + * Array of attributes to getter functions (for serialization of requests) + * @var string[] + */ + protected static $getters = [ + 'body' => 'getBody', + 'flavor' => 'getFlavor', + 'id' => 'getId' + ]; + + public static function attributeMap() + { + return self::$attributeMap; + } + + public static function setters() + { + return self::$setters; + } + + public static function getters() + { + return self::$getters; + } + + + + + + /** + * Associative array for storing property values + * @var mixed[] + */ + protected $container = []; + + /** + * Constructor + * @param mixed[] $data Associated array of property values initializing the model + */ + public function __construct(array $data = null) + { + $this->container['body'] = isset($data['body']) ? $data['body'] : null; + $this->container['flavor'] = isset($data['flavor']) ? $data['flavor'] : null; + $this->container['id'] = isset($data['id']) ? $data['id'] : null; + } + + /** + * show all the invalid properties with reasons. + * + * @return array invalid properties with reasons + */ + public function listInvalidProperties() + { + $invalid_properties = []; + + if ($this->container['flavor'] === null) { + $invalid_properties[] = "'flavor' can't be null"; + } + if ($this->container['id'] === null) { + $invalid_properties[] = "'id' can't be null"; + } + return $invalid_properties; + } + + /** + * validate all the properties in the model + * return true if all passed + * + * @return bool True if all properties are valid + */ + public function valid() + { + + if ($this->container['flavor'] === null) { + return false; + } + if ($this->container['id'] === null) { + return false; + } + return true; + } + + + /** + * Gets body + * @return \ketoSDK\Model\RemoveOryAccessControlPolicyRoleMembersBody + */ + public function getBody() + { + return $this->container['body']; + } + + /** + * Sets body + * @param \ketoSDK\Model\RemoveOryAccessControlPolicyRoleMembersBody $body + * @return $this + */ + public function setBody($body) + { + $this->container['body'] = $body; + + return $this; + } + + /** + * Gets flavor + * @return string + */ + public function getFlavor() + { + return $this->container['flavor']; + } + + /** + * Sets flavor + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + * @return $this + */ + public function setFlavor($flavor) + { + $this->container['flavor'] = $flavor; + + return $this; + } + + /** + * Gets id + * @return string + */ + public function getId() + { + return $this->container['id']; + } + + /** + * Sets id + * @param string $id The ID of the ORY Access Control Policy Role. in: path + * @return $this + */ + public function setId($id) + { + $this->container['id'] = $id; + + return $this; + } + /** + * Returns true if offset exists. False otherwise. + * @param integer $offset Offset + * @return boolean + */ + public function offsetExists($offset) + { + return isset($this->container[$offset]); + } + + /** + * Gets offset. + * @param integer $offset Offset + * @return mixed + */ + public function offsetGet($offset) + { + return isset($this->container[$offset]) ? $this->container[$offset] : null; + } + + /** + * Sets value based on offset. + * @param integer $offset Offset + * @param mixed $value Value to be set + * @return void + */ + public function offsetSet($offset, $value) + { + if (is_null($offset)) { + $this->container[] = $value; + } else { + $this->container[$offset] = $value; + } + } + + /** + * Unsets offset. + * @param integer $offset Offset + * @return void + */ + public function offsetUnset($offset) + { + unset($this->container[$offset]); + } + + /** + * Gets the string presentation of the object + * @return string + */ + public function __toString() + { + if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); + } + + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this)); + } +} + + diff --git a/sdk/php/swagger/lib/Model/RemoveOryAccessControlPolicyRoleMembersBody.php b/sdk/php/swagger/lib/Model/RemoveOryAccessControlPolicyRoleMembersBody.php new file mode 100644 index 000000000..a6935f769 --- /dev/null +++ b/sdk/php/swagger/lib/Model/RemoveOryAccessControlPolicyRoleMembersBody.php @@ -0,0 +1,240 @@ + 'string[]' + ]; + + /** + * Array of property to format mappings. Used for (de)serialization + * @var string[] + */ + protected static $swaggerFormats = [ + 'members' => null + ]; + + public static function swaggerTypes() + { + return self::$swaggerTypes; + } + + public static function swaggerFormats() + { + return self::$swaggerFormats; + } + + /** + * Array of attributes where the key is the local name, and the value is the original name + * @var string[] + */ + protected static $attributeMap = [ + 'members' => 'members' + ]; + + + /** + * Array of attributes to setter functions (for deserialization of responses) + * @var string[] + */ + protected static $setters = [ + 'members' => 'setMembers' + ]; + + + /** + * Array of attributes to getter functions (for serialization of requests) + * @var string[] + */ + protected static $getters = [ + 'members' => 'getMembers' + ]; + + public static function attributeMap() + { + return self::$attributeMap; + } + + public static function setters() + { + return self::$setters; + } + + public static function getters() + { + return self::$getters; + } + + + + + + /** + * Associative array for storing property values + * @var mixed[] + */ + protected $container = []; + + /** + * Constructor + * @param mixed[] $data Associated array of property values initializing the model + */ + public function __construct(array $data = null) + { + $this->container['members'] = isset($data['members']) ? $data['members'] : null; + } + + /** + * show all the invalid properties with reasons. + * + * @return array invalid properties with reasons + */ + public function listInvalidProperties() + { + $invalid_properties = []; + + return $invalid_properties; + } + + /** + * validate all the properties in the model + * return true if all passed + * + * @return bool True if all properties are valid + */ + public function valid() + { + + return true; + } + + + /** + * Gets members + * @return string[] + */ + public function getMembers() + { + return $this->container['members']; + } + + /** + * Sets members + * @param string[] $members The members to be removed. + * @return $this + */ + public function setMembers($members) + { + $this->container['members'] = $members; + + return $this; + } + /** + * Returns true if offset exists. False otherwise. + * @param integer $offset Offset + * @return boolean + */ + public function offsetExists($offset) + { + return isset($this->container[$offset]); + } + + /** + * Gets offset. + * @param integer $offset Offset + * @return mixed + */ + public function offsetGet($offset) + { + return isset($this->container[$offset]) ? $this->container[$offset] : null; + } + + /** + * Sets value based on offset. + * @param integer $offset Offset + * @param mixed $value Value to be set + * @return void + */ + public function offsetSet($offset, $value) + { + if (is_null($offset)) { + $this->container[] = $value; + } else { + $this->container[$offset] = $value; + } + } + + /** + * Unsets offset. + * @param integer $offset Offset + * @return void + */ + public function offsetUnset($offset) + { + unset($this->container[$offset]); + } + + /** + * Gets the string presentation of the object + * @return string + */ + public function __toString() + { + if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); + } + + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this)); + } +} + + diff --git a/sdk/php/swagger/lib/Model/SwaggerDoesWardenAllowTokenAccessRequestParameters.php b/sdk/php/swagger/lib/Model/SwaggerDoesWardenAllowTokenAccessRequestParameters.php deleted file mode 100644 index 8d7f640ed..000000000 --- a/sdk/php/swagger/lib/Model/SwaggerDoesWardenAllowTokenAccessRequestParameters.php +++ /dev/null @@ -1,240 +0,0 @@ - '\keto\SDK\Model\WardenOAuth2AccessTokenAuthorizationRequest' - ]; - - /** - * Array of property to format mappings. Used for (de)serialization - * @var string[] - */ - protected static $swaggerFormats = [ - 'body' => null - ]; - - public static function swaggerTypes() - { - return self::$swaggerTypes; - } - - public static function swaggerFormats() - { - return self::$swaggerFormats; - } - - /** - * Array of attributes where the key is the local name, and the value is the original name - * @var string[] - */ - protected static $attributeMap = [ - 'body' => 'Body' - ]; - - - /** - * Array of attributes to setter functions (for deserialization of responses) - * @var string[] - */ - protected static $setters = [ - 'body' => 'setBody' - ]; - - - /** - * Array of attributes to getter functions (for serialization of requests) - * @var string[] - */ - protected static $getters = [ - 'body' => 'getBody' - ]; - - public static function attributeMap() - { - return self::$attributeMap; - } - - public static function setters() - { - return self::$setters; - } - - public static function getters() - { - return self::$getters; - } - - - - - - /** - * Associative array for storing property values - * @var mixed[] - */ - protected $container = []; - - /** - * Constructor - * @param mixed[] $data Associated array of property values initializing the model - */ - public function __construct(array $data = null) - { - $this->container['body'] = isset($data['body']) ? $data['body'] : null; - } - - /** - * show all the invalid properties with reasons. - * - * @return array invalid properties with reasons - */ - public function listInvalidProperties() - { - $invalid_properties = []; - - return $invalid_properties; - } - - /** - * validate all the properties in the model - * return true if all passed - * - * @return bool True if all properties are valid - */ - public function valid() - { - - return true; - } - - - /** - * Gets body - * @return \keto\SDK\Model\WardenOAuth2AccessTokenAuthorizationRequest - */ - public function getBody() - { - return $this->container['body']; - } - - /** - * Sets body - * @param \keto\SDK\Model\WardenOAuth2AccessTokenAuthorizationRequest $body - * @return $this - */ - public function setBody($body) - { - $this->container['body'] = $body; - - return $this; - } - /** - * Returns true if offset exists. False otherwise. - * @param integer $offset Offset - * @return boolean - */ - public function offsetExists($offset) - { - return isset($this->container[$offset]); - } - - /** - * Gets offset. - * @param integer $offset Offset - * @return mixed - */ - public function offsetGet($offset) - { - return isset($this->container[$offset]) ? $this->container[$offset] : null; - } - - /** - * Sets value based on offset. - * @param integer $offset Offset - * @param mixed $value Value to be set - * @return void - */ - public function offsetSet($offset, $value) - { - if (is_null($offset)) { - $this->container[] = $value; - } else { - $this->container[$offset] = $value; - } - } - - /** - * Unsets offset. - * @param integer $offset Offset - * @return void - */ - public function offsetUnset($offset) - { - unset($this->container[$offset]); - } - - /** - * Gets the string presentation of the object - * @return string - */ - public function __toString() - { - if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); - } - - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); - } -} - - diff --git a/sdk/php/swagger/lib/Model/SwaggerListPolicyResponse.php b/sdk/php/swagger/lib/Model/SwaggerListPolicyResponse.php deleted file mode 100644 index 8c8bcb0c5..000000000 --- a/sdk/php/swagger/lib/Model/SwaggerListPolicyResponse.php +++ /dev/null @@ -1,241 +0,0 @@ - '\keto\SDK\Model\Policy[]' - ]; - - /** - * Array of property to format mappings. Used for (de)serialization - * @var string[] - */ - protected static $swaggerFormats = [ - 'body' => null - ]; - - public static function swaggerTypes() - { - return self::$swaggerTypes; - } - - public static function swaggerFormats() - { - return self::$swaggerFormats; - } - - /** - * Array of attributes where the key is the local name, and the value is the original name - * @var string[] - */ - protected static $attributeMap = [ - 'body' => 'Body' - ]; - - - /** - * Array of attributes to setter functions (for deserialization of responses) - * @var string[] - */ - protected static $setters = [ - 'body' => 'setBody' - ]; - - - /** - * Array of attributes to getter functions (for serialization of requests) - * @var string[] - */ - protected static $getters = [ - 'body' => 'getBody' - ]; - - public static function attributeMap() - { - return self::$attributeMap; - } - - public static function setters() - { - return self::$setters; - } - - public static function getters() - { - return self::$getters; - } - - - - - - /** - * Associative array for storing property values - * @var mixed[] - */ - protected $container = []; - - /** - * Constructor - * @param mixed[] $data Associated array of property values initializing the model - */ - public function __construct(array $data = null) - { - $this->container['body'] = isset($data['body']) ? $data['body'] : null; - } - - /** - * show all the invalid properties with reasons. - * - * @return array invalid properties with reasons - */ - public function listInvalidProperties() - { - $invalid_properties = []; - - return $invalid_properties; - } - - /** - * validate all the properties in the model - * return true if all passed - * - * @return bool True if all properties are valid - */ - public function valid() - { - - return true; - } - - - /** - * Gets body - * @return \keto\SDK\Model\Policy[] - */ - public function getBody() - { - return $this->container['body']; - } - - /** - * Sets body - * @param \keto\SDK\Model\Policy[] $body in: body type: array - * @return $this - */ - public function setBody($body) - { - $this->container['body'] = $body; - - return $this; - } - /** - * Returns true if offset exists. False otherwise. - * @param integer $offset Offset - * @return boolean - */ - public function offsetExists($offset) - { - return isset($this->container[$offset]); - } - - /** - * Gets offset. - * @param integer $offset Offset - * @return mixed - */ - public function offsetGet($offset) - { - return isset($this->container[$offset]) ? $this->container[$offset] : null; - } - - /** - * Sets value based on offset. - * @param integer $offset Offset - * @param mixed $value Value to be set - * @return void - */ - public function offsetSet($offset, $value) - { - if (is_null($offset)) { - $this->container[] = $value; - } else { - $this->container[$offset] = $value; - } - } - - /** - * Unsets offset. - * @param integer $offset Offset - * @return void - */ - public function offsetUnset($offset) - { - unset($this->container[$offset]); - } - - /** - * Gets the string presentation of the object - * @return string - */ - public function __toString() - { - if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); - } - - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); - } -} - - diff --git a/sdk/php/swagger/lib/Model/SwaggerWardenBaseRequest.php b/sdk/php/swagger/lib/Model/SwaggerWardenBaseRequest.php deleted file mode 100644 index 7cbd9cbed..000000000 --- a/sdk/php/swagger/lib/Model/SwaggerWardenBaseRequest.php +++ /dev/null @@ -1,295 +0,0 @@ - 'string', - 'context' => 'map[string,object]', - 'resource' => 'string' - ]; - - /** - * Array of property to format mappings. Used for (de)serialization - * @var string[] - */ - protected static $swaggerFormats = [ - 'action' => null, - 'context' => null, - 'resource' => null - ]; - - public static function swaggerTypes() - { - return self::$swaggerTypes; - } - - public static function swaggerFormats() - { - return self::$swaggerFormats; - } - - /** - * Array of attributes where the key is the local name, and the value is the original name - * @var string[] - */ - protected static $attributeMap = [ - 'action' => 'action', - 'context' => 'context', - 'resource' => 'resource' - ]; - - - /** - * Array of attributes to setter functions (for deserialization of responses) - * @var string[] - */ - protected static $setters = [ - 'action' => 'setAction', - 'context' => 'setContext', - 'resource' => 'setResource' - ]; - - - /** - * Array of attributes to getter functions (for serialization of requests) - * @var string[] - */ - protected static $getters = [ - 'action' => 'getAction', - 'context' => 'getContext', - 'resource' => 'getResource' - ]; - - public static function attributeMap() - { - return self::$attributeMap; - } - - public static function setters() - { - return self::$setters; - } - - public static function getters() - { - return self::$getters; - } - - - - - - /** - * Associative array for storing property values - * @var mixed[] - */ - protected $container = []; - - /** - * Constructor - * @param mixed[] $data Associated array of property values initializing the model - */ - public function __construct(array $data = null) - { - $this->container['action'] = isset($data['action']) ? $data['action'] : null; - $this->container['context'] = isset($data['context']) ? $data['context'] : null; - $this->container['resource'] = isset($data['resource']) ? $data['resource'] : null; - } - - /** - * show all the invalid properties with reasons. - * - * @return array invalid properties with reasons - */ - public function listInvalidProperties() - { - $invalid_properties = []; - - return $invalid_properties; - } - - /** - * validate all the properties in the model - * return true if all passed - * - * @return bool True if all properties are valid - */ - public function valid() - { - - return true; - } - - - /** - * Gets action - * @return string - */ - public function getAction() - { - return $this->container['action']; - } - - /** - * Sets action - * @param string $action Action is the action that is requested on the resource. - * @return $this - */ - public function setAction($action) - { - $this->container['action'] = $action; - - return $this; - } - - /** - * Gets context - * @return map[string,object] - */ - public function getContext() - { - return $this->container['context']; - } - - /** - * Sets context - * @param map[string,object] $context Context is the request's environmental context. - * @return $this - */ - public function setContext($context) - { - $this->container['context'] = $context; - - return $this; - } - - /** - * Gets resource - * @return string - */ - public function getResource() - { - return $this->container['resource']; - } - - /** - * Sets resource - * @param string $resource Resource is the resource that access is requested to. - * @return $this - */ - public function setResource($resource) - { - $this->container['resource'] = $resource; - - return $this; - } - /** - * Returns true if offset exists. False otherwise. - * @param integer $offset Offset - * @return boolean - */ - public function offsetExists($offset) - { - return isset($this->container[$offset]); - } - - /** - * Gets offset. - * @param integer $offset Offset - * @return mixed - */ - public function offsetGet($offset) - { - return isset($this->container[$offset]) ? $this->container[$offset] : null; - } - - /** - * Sets value based on offset. - * @param integer $offset Offset - * @param mixed $value Value to be set - * @return void - */ - public function offsetSet($offset, $value) - { - if (is_null($offset)) { - $this->container[] = $value; - } else { - $this->container[$offset] = $value; - } - } - - /** - * Unsets offset. - * @param integer $offset Offset - * @return void - */ - public function offsetUnset($offset) - { - unset($this->container[$offset]); - } - - /** - * Gets the string presentation of the object - * @return string - */ - public function __toString() - { - if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); - } - - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); - } -} - - diff --git a/sdk/php/swagger/lib/Model/SwaggerUpdatePolicyParameters.php b/sdk/php/swagger/lib/Model/UpsertOryAccessControlPolicy.php similarity index 76% rename from sdk/php/swagger/lib/Model/SwaggerUpdatePolicyParameters.php rename to sdk/php/swagger/lib/Model/UpsertOryAccessControlPolicy.php index 47f1b2579..dd31eb0c6 100644 --- a/sdk/php/swagger/lib/Model/SwaggerUpdatePolicyParameters.php +++ b/sdk/php/swagger/lib/Model/UpsertOryAccessControlPolicy.php @@ -1,11 +1,11 @@ '\keto\SDK\Model\Policy', - 'id' => 'string' + 'body' => '\ketoSDK\Model\OryAccessControlPolicy', + 'flavor' => 'string' ]; /** @@ -62,7 +62,7 @@ class SwaggerUpdatePolicyParameters implements ArrayAccess */ protected static $swaggerFormats = [ 'body' => null, - 'id' => null + 'flavor' => null ]; public static function swaggerTypes() @@ -81,7 +81,7 @@ public static function swaggerFormats() */ protected static $attributeMap = [ 'body' => 'Body', - 'id' => 'id' + 'flavor' => 'flavor' ]; @@ -91,7 +91,7 @@ public static function swaggerFormats() */ protected static $setters = [ 'body' => 'setBody', - 'id' => 'setId' + 'flavor' => 'setFlavor' ]; @@ -101,7 +101,7 @@ public static function swaggerFormats() */ protected static $getters = [ 'body' => 'getBody', - 'id' => 'getId' + 'flavor' => 'getFlavor' ]; public static function attributeMap() @@ -136,7 +136,7 @@ public static function getters() public function __construct(array $data = null) { $this->container['body'] = isset($data['body']) ? $data['body'] : null; - $this->container['id'] = isset($data['id']) ? $data['id'] : null; + $this->container['flavor'] = isset($data['flavor']) ? $data['flavor'] : null; } /** @@ -148,6 +148,9 @@ public function listInvalidProperties() { $invalid_properties = []; + if ($this->container['flavor'] === null) { + $invalid_properties[] = "'flavor' can't be null"; + } return $invalid_properties; } @@ -160,13 +163,16 @@ public function listInvalidProperties() public function valid() { + if ($this->container['flavor'] === null) { + return false; + } return true; } /** * Gets body - * @return \keto\SDK\Model\Policy + * @return \ketoSDK\Model\OryAccessControlPolicy */ public function getBody() { @@ -175,7 +181,7 @@ public function getBody() /** * Sets body - * @param \keto\SDK\Model\Policy $body + * @param \ketoSDK\Model\OryAccessControlPolicy $body * @return $this */ public function setBody($body) @@ -186,22 +192,22 @@ public function setBody($body) } /** - * Gets id + * Gets flavor * @return string */ - public function getId() + public function getFlavor() { - return $this->container['id']; + return $this->container['flavor']; } /** - * Sets id - * @param string $id The id of the policy. in: path + * Sets flavor + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path * @return $this */ - public function setId($id) + public function setFlavor($flavor) { - $this->container['id'] = $id; + $this->container['flavor'] = $flavor; return $this; } @@ -257,10 +263,10 @@ public function offsetUnset($offset) public function __toString() { if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); } - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this)); } } diff --git a/sdk/php/swagger/lib/Model/SwaggerDoesWardenAllowAccessRequestParameters.php b/sdk/php/swagger/lib/Model/UpsertOryAccessControlPolicyRole.php similarity index 72% rename from sdk/php/swagger/lib/Model/SwaggerDoesWardenAllowAccessRequestParameters.php rename to sdk/php/swagger/lib/Model/UpsertOryAccessControlPolicyRole.php index 8a64526ea..fd4256cc8 100644 --- a/sdk/php/swagger/lib/Model/SwaggerDoesWardenAllowAccessRequestParameters.php +++ b/sdk/php/swagger/lib/Model/UpsertOryAccessControlPolicyRole.php @@ -1,11 +1,11 @@ '\keto\SDK\Model\WardenSubjectAuthorizationRequest' + 'body' => '\ketoSDK\Model\OryAccessControlPolicyRole', + 'flavor' => 'string' ]; /** @@ -60,7 +61,8 @@ class SwaggerDoesWardenAllowAccessRequestParameters implements ArrayAccess * @var string[] */ protected static $swaggerFormats = [ - 'body' => null + 'body' => null, + 'flavor' => null ]; public static function swaggerTypes() @@ -78,7 +80,8 @@ public static function swaggerFormats() * @var string[] */ protected static $attributeMap = [ - 'body' => 'Body' + 'body' => 'Body', + 'flavor' => 'flavor' ]; @@ -87,7 +90,8 @@ public static function swaggerFormats() * @var string[] */ protected static $setters = [ - 'body' => 'setBody' + 'body' => 'setBody', + 'flavor' => 'setFlavor' ]; @@ -96,7 +100,8 @@ public static function swaggerFormats() * @var string[] */ protected static $getters = [ - 'body' => 'getBody' + 'body' => 'getBody', + 'flavor' => 'getFlavor' ]; public static function attributeMap() @@ -131,6 +136,7 @@ public static function getters() public function __construct(array $data = null) { $this->container['body'] = isset($data['body']) ? $data['body'] : null; + $this->container['flavor'] = isset($data['flavor']) ? $data['flavor'] : null; } /** @@ -142,6 +148,9 @@ public function listInvalidProperties() { $invalid_properties = []; + if ($this->container['flavor'] === null) { + $invalid_properties[] = "'flavor' can't be null"; + } return $invalid_properties; } @@ -154,13 +163,16 @@ public function listInvalidProperties() public function valid() { + if ($this->container['flavor'] === null) { + return false; + } return true; } /** * Gets body - * @return \keto\SDK\Model\WardenSubjectAuthorizationRequest + * @return \ketoSDK\Model\OryAccessControlPolicyRole */ public function getBody() { @@ -169,7 +181,7 @@ public function getBody() /** * Sets body - * @param \keto\SDK\Model\WardenSubjectAuthorizationRequest $body + * @param \ketoSDK\Model\OryAccessControlPolicyRole $body * @return $this */ public function setBody($body) @@ -178,6 +190,27 @@ public function setBody($body) return $this; } + + /** + * Gets flavor + * @return string + */ + public function getFlavor() + { + return $this->container['flavor']; + } + + /** + * Sets flavor + * @param string $flavor The ORY Access Control Policy flavor. Can be \"regex\" and \"exact\". in: path + * @return $this + */ + public function setFlavor($flavor) + { + $this->container['flavor'] = $flavor; + + return $this; + } /** * Returns true if offset exists. False otherwise. * @param integer $offset Offset @@ -230,10 +263,10 @@ public function offsetUnset($offset) public function __toString() { if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); } - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this)); } } diff --git a/sdk/php/swagger/lib/Model/Version.php b/sdk/php/swagger/lib/Model/Version.php index 265d6ce96..8638ae04b 100644 --- a/sdk/php/swagger/lib/Model/Version.php +++ b/sdk/php/swagger/lib/Model/Version.php @@ -5,7 +5,7 @@ * PHP version 5 * * @category Class - * @package keto\SDK + * @package ketoSDK * @author Swaagger Codegen team * @link https://github.com/swagger-api/swagger-codegen */ @@ -14,7 +14,7 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git * */ @@ -25,7 +25,7 @@ * Do not edit the class manually. */ -namespace keto\SDK\Model; +namespace ketoSDK\Model; use \ArrayAccess; @@ -33,7 +33,7 @@ * Version Class Doc Comment * * @category Class - * @package keto\SDK + * @package ketoSDK * @author Swagger Codegen team * @link https://github.com/swagger-api/swagger-codegen */ @@ -169,7 +169,7 @@ public function getVersion() /** * Sets version - * @param string $version + * @param string $version Version is the service's version. * @return $this */ public function setVersion($version) @@ -230,10 +230,10 @@ public function offsetUnset($offset) public function __toString() { if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); } - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); + return json_encode(\ketoSDK\ObjectSerializer::sanitizeForSerialization($this)); } } diff --git a/sdk/php/swagger/lib/Model/WardenOAuth2AccessTokenAuthorizationRequest.php b/sdk/php/swagger/lib/Model/WardenOAuth2AccessTokenAuthorizationRequest.php deleted file mode 100644 index c131d10f1..000000000 --- a/sdk/php/swagger/lib/Model/WardenOAuth2AccessTokenAuthorizationRequest.php +++ /dev/null @@ -1,348 +0,0 @@ - 'string', - 'context' => 'map[string,object]', - 'resource' => 'string', - 'scope' => 'string[]', - 'token' => 'string' - ]; - - /** - * Array of property to format mappings. Used for (de)serialization - * @var string[] - */ - protected static $swaggerFormats = [ - 'action' => null, - 'context' => null, - 'resource' => null, - 'scope' => null, - 'token' => null - ]; - - public static function swaggerTypes() - { - return self::$swaggerTypes; - } - - public static function swaggerFormats() - { - return self::$swaggerFormats; - } - - /** - * Array of attributes where the key is the local name, and the value is the original name - * @var string[] - */ - protected static $attributeMap = [ - 'action' => 'action', - 'context' => 'context', - 'resource' => 'resource', - 'scope' => 'scope', - 'token' => 'token' - ]; - - - /** - * Array of attributes to setter functions (for deserialization of responses) - * @var string[] - */ - protected static $setters = [ - 'action' => 'setAction', - 'context' => 'setContext', - 'resource' => 'setResource', - 'scope' => 'setScope', - 'token' => 'setToken' - ]; - - - /** - * Array of attributes to getter functions (for serialization of requests) - * @var string[] - */ - protected static $getters = [ - 'action' => 'getAction', - 'context' => 'getContext', - 'resource' => 'getResource', - 'scope' => 'getScope', - 'token' => 'getToken' - ]; - - public static function attributeMap() - { - return self::$attributeMap; - } - - public static function setters() - { - return self::$setters; - } - - public static function getters() - { - return self::$getters; - } - - - - - - /** - * Associative array for storing property values - * @var mixed[] - */ - protected $container = []; - - /** - * Constructor - * @param mixed[] $data Associated array of property values initializing the model - */ - public function __construct(array $data = null) - { - $this->container['action'] = isset($data['action']) ? $data['action'] : null; - $this->container['context'] = isset($data['context']) ? $data['context'] : null; - $this->container['resource'] = isset($data['resource']) ? $data['resource'] : null; - $this->container['scope'] = isset($data['scope']) ? $data['scope'] : null; - $this->container['token'] = isset($data['token']) ? $data['token'] : null; - } - - /** - * show all the invalid properties with reasons. - * - * @return array invalid properties with reasons - */ - public function listInvalidProperties() - { - $invalid_properties = []; - - return $invalid_properties; - } - - /** - * validate all the properties in the model - * return true if all passed - * - * @return bool True if all properties are valid - */ - public function valid() - { - - return true; - } - - - /** - * Gets action - * @return string - */ - public function getAction() - { - return $this->container['action']; - } - - /** - * Sets action - * @param string $action Action is the action that is requested on the resource. - * @return $this - */ - public function setAction($action) - { - $this->container['action'] = $action; - - return $this; - } - - /** - * Gets context - * @return map[string,object] - */ - public function getContext() - { - return $this->container['context']; - } - - /** - * Sets context - * @param map[string,object] $context Context is the request's environmental context. - * @return $this - */ - public function setContext($context) - { - $this->container['context'] = $context; - - return $this; - } - - /** - * Gets resource - * @return string - */ - public function getResource() - { - return $this->container['resource']; - } - - /** - * Sets resource - * @param string $resource Resource is the resource that access is requested to. - * @return $this - */ - public function setResource($resource) - { - $this->container['resource'] = $resource; - - return $this; - } - - /** - * Gets scope - * @return string[] - */ - public function getScope() - { - return $this->container['scope']; - } - - /** - * Sets scope - * @param string[] $scope Scope is an array of scopes that are required. - * @return $this - */ - public function setScope($scope) - { - $this->container['scope'] = $scope; - - return $this; - } - - /** - * Gets token - * @return string - */ - public function getToken() - { - return $this->container['token']; - } - - /** - * Sets token - * @param string $token Token is the token to introspect. - * @return $this - */ - public function setToken($token) - { - $this->container['token'] = $token; - - return $this; - } - /** - * Returns true if offset exists. False otherwise. - * @param integer $offset Offset - * @return boolean - */ - public function offsetExists($offset) - { - return isset($this->container[$offset]); - } - - /** - * Gets offset. - * @param integer $offset Offset - * @return mixed - */ - public function offsetGet($offset) - { - return isset($this->container[$offset]) ? $this->container[$offset] : null; - } - - /** - * Sets value based on offset. - * @param integer $offset Offset - * @param mixed $value Value to be set - * @return void - */ - public function offsetSet($offset, $value) - { - if (is_null($offset)) { - $this->container[] = $value; - } else { - $this->container[$offset] = $value; - } - } - - /** - * Unsets offset. - * @param integer $offset Offset - * @return void - */ - public function offsetUnset($offset) - { - unset($this->container[$offset]); - } - - /** - * Gets the string presentation of the object - * @return string - */ - public function __toString() - { - if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); - } - - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); - } -} - - diff --git a/sdk/php/swagger/lib/Model/WardenOAuth2AccessTokenAuthorizationResponse.php b/sdk/php/swagger/lib/Model/WardenOAuth2AccessTokenAuthorizationResponse.php deleted file mode 100644 index 2f6f571d5..000000000 --- a/sdk/php/swagger/lib/Model/WardenOAuth2AccessTokenAuthorizationResponse.php +++ /dev/null @@ -1,510 +0,0 @@ - 'bool', - 'aud' => 'string[]', - 'client_id' => 'string', - 'exp' => '\DateTime', - 'iat' => '\DateTime', - 'iss' => 'string', - 'nbf' => '\DateTime', - 'scope' => 'string', - 'session' => 'map[string,object]', - 'sub' => 'string', - 'username' => 'string' - ]; - - /** - * Array of property to format mappings. Used for (de)serialization - * @var string[] - */ - protected static $swaggerFormats = [ - 'allowed' => null, - 'aud' => null, - 'client_id' => null, - 'exp' => 'date-time', - 'iat' => 'date-time', - 'iss' => null, - 'nbf' => 'date-time', - 'scope' => null, - 'session' => null, - 'sub' => null, - 'username' => null - ]; - - public static function swaggerTypes() - { - return self::$swaggerTypes; - } - - public static function swaggerFormats() - { - return self::$swaggerFormats; - } - - /** - * Array of attributes where the key is the local name, and the value is the original name - * @var string[] - */ - protected static $attributeMap = [ - 'allowed' => 'allowed', - 'aud' => 'aud', - 'client_id' => 'client_id', - 'exp' => 'exp', - 'iat' => 'iat', - 'iss' => 'iss', - 'nbf' => 'nbf', - 'scope' => 'scope', - 'session' => 'session', - 'sub' => 'sub', - 'username' => 'username' - ]; - - - /** - * Array of attributes to setter functions (for deserialization of responses) - * @var string[] - */ - protected static $setters = [ - 'allowed' => 'setAllowed', - 'aud' => 'setAud', - 'client_id' => 'setClientId', - 'exp' => 'setExp', - 'iat' => 'setIat', - 'iss' => 'setIss', - 'nbf' => 'setNbf', - 'scope' => 'setScope', - 'session' => 'setSession', - 'sub' => 'setSub', - 'username' => 'setUsername' - ]; - - - /** - * Array of attributes to getter functions (for serialization of requests) - * @var string[] - */ - protected static $getters = [ - 'allowed' => 'getAllowed', - 'aud' => 'getAud', - 'client_id' => 'getClientId', - 'exp' => 'getExp', - 'iat' => 'getIat', - 'iss' => 'getIss', - 'nbf' => 'getNbf', - 'scope' => 'getScope', - 'session' => 'getSession', - 'sub' => 'getSub', - 'username' => 'getUsername' - ]; - - public static function attributeMap() - { - return self::$attributeMap; - } - - public static function setters() - { - return self::$setters; - } - - public static function getters() - { - return self::$getters; - } - - - - - - /** - * Associative array for storing property values - * @var mixed[] - */ - protected $container = []; - - /** - * Constructor - * @param mixed[] $data Associated array of property values initializing the model - */ - public function __construct(array $data = null) - { - $this->container['allowed'] = isset($data['allowed']) ? $data['allowed'] : null; - $this->container['aud'] = isset($data['aud']) ? $data['aud'] : null; - $this->container['client_id'] = isset($data['client_id']) ? $data['client_id'] : null; - $this->container['exp'] = isset($data['exp']) ? $data['exp'] : null; - $this->container['iat'] = isset($data['iat']) ? $data['iat'] : null; - $this->container['iss'] = isset($data['iss']) ? $data['iss'] : null; - $this->container['nbf'] = isset($data['nbf']) ? $data['nbf'] : null; - $this->container['scope'] = isset($data['scope']) ? $data['scope'] : null; - $this->container['session'] = isset($data['session']) ? $data['session'] : null; - $this->container['sub'] = isset($data['sub']) ? $data['sub'] : null; - $this->container['username'] = isset($data['username']) ? $data['username'] : null; - } - - /** - * show all the invalid properties with reasons. - * - * @return array invalid properties with reasons - */ - public function listInvalidProperties() - { - $invalid_properties = []; - - return $invalid_properties; - } - - /** - * validate all the properties in the model - * return true if all passed - * - * @return bool True if all properties are valid - */ - public function valid() - { - - return true; - } - - - /** - * Gets allowed - * @return bool - */ - public function getAllowed() - { - return $this->container['allowed']; - } - - /** - * Sets allowed - * @param bool $allowed Allowed is true if the request is allowed and false otherwise. - * @return $this - */ - public function setAllowed($allowed) - { - $this->container['allowed'] = $allowed; - - return $this; - } - - /** - * Gets aud - * @return string[] - */ - public function getAud() - { - return $this->container['aud']; - } - - /** - * Sets aud - * @param string[] $aud - * @return $this - */ - public function setAud($aud) - { - $this->container['aud'] = $aud; - - return $this; - } - - /** - * Gets client_id - * @return string - */ - public function getClientId() - { - return $this->container['client_id']; - } - - /** - * Sets client_id - * @param string $client_id ClientID is the id of the OAuth2 client that requested the token. - * @return $this - */ - public function setClientId($client_id) - { - $this->container['client_id'] = $client_id; - - return $this; - } - - /** - * Gets exp - * @return \DateTime - */ - public function getExp() - { - return $this->container['exp']; - } - - /** - * Sets exp - * @param \DateTime $exp ExpiresAt is the expiry timestamp. - * @return $this - */ - public function setExp($exp) - { - $this->container['exp'] = $exp; - - return $this; - } - - /** - * Gets iat - * @return \DateTime - */ - public function getIat() - { - return $this->container['iat']; - } - - /** - * Sets iat - * @param \DateTime $iat IssuedAt is the token creation time stamp. - * @return $this - */ - public function setIat($iat) - { - $this->container['iat'] = $iat; - - return $this; - } - - /** - * Gets iss - * @return string - */ - public function getIss() - { - return $this->container['iss']; - } - - /** - * Sets iss - * @param string $iss Issuer is the id of the issuer, typically an hydra instance. - * @return $this - */ - public function setIss($iss) - { - $this->container['iss'] = $iss; - - return $this; - } - - /** - * Gets nbf - * @return \DateTime - */ - public function getNbf() - { - return $this->container['nbf']; - } - - /** - * Sets nbf - * @param \DateTime $nbf - * @return $this - */ - public function setNbf($nbf) - { - $this->container['nbf'] = $nbf; - - return $this; - } - - /** - * Gets scope - * @return string - */ - public function getScope() - { - return $this->container['scope']; - } - - /** - * Sets scope - * @param string $scope GrantedScopes is a list of scopes that the subject authorized when asked for consent. - * @return $this - */ - public function setScope($scope) - { - $this->container['scope'] = $scope; - - return $this; - } - - /** - * Gets session - * @return map[string,object] - */ - public function getSession() - { - return $this->container['session']; - } - - /** - * Sets session - * @param map[string,object] $session Session represents arbitrary session data. - * @return $this - */ - public function setSession($session) - { - $this->container['session'] = $session; - - return $this; - } - - /** - * Gets sub - * @return string - */ - public function getSub() - { - return $this->container['sub']; - } - - /** - * Sets sub - * @param string $sub Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. - * @return $this - */ - public function setSub($sub) - { - $this->container['sub'] = $sub; - - return $this; - } - - /** - * Gets username - * @return string - */ - public function getUsername() - { - return $this->container['username']; - } - - /** - * Sets username - * @param string $username - * @return $this - */ - public function setUsername($username) - { - $this->container['username'] = $username; - - return $this; - } - /** - * Returns true if offset exists. False otherwise. - * @param integer $offset Offset - * @return boolean - */ - public function offsetExists($offset) - { - return isset($this->container[$offset]); - } - - /** - * Gets offset. - * @param integer $offset Offset - * @return mixed - */ - public function offsetGet($offset) - { - return isset($this->container[$offset]) ? $this->container[$offset] : null; - } - - /** - * Sets value based on offset. - * @param integer $offset Offset - * @param mixed $value Value to be set - * @return void - */ - public function offsetSet($offset, $value) - { - if (is_null($offset)) { - $this->container[] = $value; - } else { - $this->container[$offset] = $value; - } - } - - /** - * Unsets offset. - * @param integer $offset Offset - * @return void - */ - public function offsetUnset($offset) - { - unset($this->container[$offset]); - } - - /** - * Gets the string presentation of the object - * @return string - */ - public function __toString() - { - if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); - } - - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); - } -} - - diff --git a/sdk/php/swagger/lib/Model/WardenOAuth2ClientAuthorizationRequest.php b/sdk/php/swagger/lib/Model/WardenOAuth2ClientAuthorizationRequest.php deleted file mode 100644 index dcb06de85..000000000 --- a/sdk/php/swagger/lib/Model/WardenOAuth2ClientAuthorizationRequest.php +++ /dev/null @@ -1,375 +0,0 @@ - 'string', - 'client_id' => 'string', - 'client_secret' => 'string', - 'context' => 'map[string,object]', - 'resource' => 'string', - 'scope' => 'string[]' - ]; - - /** - * Array of property to format mappings. Used for (de)serialization - * @var string[] - */ - protected static $swaggerFormats = [ - 'action' => null, - 'client_id' => null, - 'client_secret' => null, - 'context' => null, - 'resource' => null, - 'scope' => null - ]; - - public static function swaggerTypes() - { - return self::$swaggerTypes; - } - - public static function swaggerFormats() - { - return self::$swaggerFormats; - } - - /** - * Array of attributes where the key is the local name, and the value is the original name - * @var string[] - */ - protected static $attributeMap = [ - 'action' => 'action', - 'client_id' => 'client_id', - 'client_secret' => 'client_secret', - 'context' => 'context', - 'resource' => 'resource', - 'scope' => 'scope' - ]; - - - /** - * Array of attributes to setter functions (for deserialization of responses) - * @var string[] - */ - protected static $setters = [ - 'action' => 'setAction', - 'client_id' => 'setClientId', - 'client_secret' => 'setClientSecret', - 'context' => 'setContext', - 'resource' => 'setResource', - 'scope' => 'setScope' - ]; - - - /** - * Array of attributes to getter functions (for serialization of requests) - * @var string[] - */ - protected static $getters = [ - 'action' => 'getAction', - 'client_id' => 'getClientId', - 'client_secret' => 'getClientSecret', - 'context' => 'getContext', - 'resource' => 'getResource', - 'scope' => 'getScope' - ]; - - public static function attributeMap() - { - return self::$attributeMap; - } - - public static function setters() - { - return self::$setters; - } - - public static function getters() - { - return self::$getters; - } - - - - - - /** - * Associative array for storing property values - * @var mixed[] - */ - protected $container = []; - - /** - * Constructor - * @param mixed[] $data Associated array of property values initializing the model - */ - public function __construct(array $data = null) - { - $this->container['action'] = isset($data['action']) ? $data['action'] : null; - $this->container['client_id'] = isset($data['client_id']) ? $data['client_id'] : null; - $this->container['client_secret'] = isset($data['client_secret']) ? $data['client_secret'] : null; - $this->container['context'] = isset($data['context']) ? $data['context'] : null; - $this->container['resource'] = isset($data['resource']) ? $data['resource'] : null; - $this->container['scope'] = isset($data['scope']) ? $data['scope'] : null; - } - - /** - * show all the invalid properties with reasons. - * - * @return array invalid properties with reasons - */ - public function listInvalidProperties() - { - $invalid_properties = []; - - return $invalid_properties; - } - - /** - * validate all the properties in the model - * return true if all passed - * - * @return bool True if all properties are valid - */ - public function valid() - { - - return true; - } - - - /** - * Gets action - * @return string - */ - public function getAction() - { - return $this->container['action']; - } - - /** - * Sets action - * @param string $action Action is the action that is requested on the resource. - * @return $this - */ - public function setAction($action) - { - $this->container['action'] = $action; - - return $this; - } - - /** - * Gets client_id - * @return string - */ - public function getClientId() - { - return $this->container['client_id']; - } - - /** - * Sets client_id - * @param string $client_id Token is the token to introspect. - * @return $this - */ - public function setClientId($client_id) - { - $this->container['client_id'] = $client_id; - - return $this; - } - - /** - * Gets client_secret - * @return string - */ - public function getClientSecret() - { - return $this->container['client_secret']; - } - - /** - * Sets client_secret - * @param string $client_secret - * @return $this - */ - public function setClientSecret($client_secret) - { - $this->container['client_secret'] = $client_secret; - - return $this; - } - - /** - * Gets context - * @return map[string,object] - */ - public function getContext() - { - return $this->container['context']; - } - - /** - * Sets context - * @param map[string,object] $context Context is the request's environmental context. - * @return $this - */ - public function setContext($context) - { - $this->container['context'] = $context; - - return $this; - } - - /** - * Gets resource - * @return string - */ - public function getResource() - { - return $this->container['resource']; - } - - /** - * Sets resource - * @param string $resource Resource is the resource that access is requested to. - * @return $this - */ - public function setResource($resource) - { - $this->container['resource'] = $resource; - - return $this; - } - - /** - * Gets scope - * @return string[] - */ - public function getScope() - { - return $this->container['scope']; - } - - /** - * Sets scope - * @param string[] $scope Scope is an array of scopes that are required. - * @return $this - */ - public function setScope($scope) - { - $this->container['scope'] = $scope; - - return $this; - } - /** - * Returns true if offset exists. False otherwise. - * @param integer $offset Offset - * @return boolean - */ - public function offsetExists($offset) - { - return isset($this->container[$offset]); - } - - /** - * Gets offset. - * @param integer $offset Offset - * @return mixed - */ - public function offsetGet($offset) - { - return isset($this->container[$offset]) ? $this->container[$offset] : null; - } - - /** - * Sets value based on offset. - * @param integer $offset Offset - * @param mixed $value Value to be set - * @return void - */ - public function offsetSet($offset, $value) - { - if (is_null($offset)) { - $this->container[] = $value; - } else { - $this->container[$offset] = $value; - } - } - - /** - * Unsets offset. - * @param integer $offset Offset - * @return void - */ - public function offsetUnset($offset) - { - unset($this->container[$offset]); - } - - /** - * Gets the string presentation of the object - * @return string - */ - public function __toString() - { - if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); - } - - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); - } -} - - diff --git a/sdk/php/swagger/lib/Model/WardenOAuth2ClientAuthorizationResponse.php b/sdk/php/swagger/lib/Model/WardenOAuth2ClientAuthorizationResponse.php deleted file mode 100644 index 3b16854d1..000000000 --- a/sdk/php/swagger/lib/Model/WardenOAuth2ClientAuthorizationResponse.php +++ /dev/null @@ -1,267 +0,0 @@ - 'bool', - 'sub' => 'string' - ]; - - /** - * Array of property to format mappings. Used for (de)serialization - * @var string[] - */ - protected static $swaggerFormats = [ - 'allowed' => null, - 'sub' => null - ]; - - public static function swaggerTypes() - { - return self::$swaggerTypes; - } - - public static function swaggerFormats() - { - return self::$swaggerFormats; - } - - /** - * Array of attributes where the key is the local name, and the value is the original name - * @var string[] - */ - protected static $attributeMap = [ - 'allowed' => 'allowed', - 'sub' => 'sub' - ]; - - - /** - * Array of attributes to setter functions (for deserialization of responses) - * @var string[] - */ - protected static $setters = [ - 'allowed' => 'setAllowed', - 'sub' => 'setSub' - ]; - - - /** - * Array of attributes to getter functions (for serialization of requests) - * @var string[] - */ - protected static $getters = [ - 'allowed' => 'getAllowed', - 'sub' => 'getSub' - ]; - - public static function attributeMap() - { - return self::$attributeMap; - } - - public static function setters() - { - return self::$setters; - } - - public static function getters() - { - return self::$getters; - } - - - - - - /** - * Associative array for storing property values - * @var mixed[] - */ - protected $container = []; - - /** - * Constructor - * @param mixed[] $data Associated array of property values initializing the model - */ - public function __construct(array $data = null) - { - $this->container['allowed'] = isset($data['allowed']) ? $data['allowed'] : null; - $this->container['sub'] = isset($data['sub']) ? $data['sub'] : null; - } - - /** - * show all the invalid properties with reasons. - * - * @return array invalid properties with reasons - */ - public function listInvalidProperties() - { - $invalid_properties = []; - - return $invalid_properties; - } - - /** - * validate all the properties in the model - * return true if all passed - * - * @return bool True if all properties are valid - */ - public function valid() - { - - return true; - } - - - /** - * Gets allowed - * @return bool - */ - public function getAllowed() - { - return $this->container['allowed']; - } - - /** - * Sets allowed - * @param bool $allowed Allowed is true if the request is allowed and false otherwise. - * @return $this - */ - public function setAllowed($allowed) - { - $this->container['allowed'] = $allowed; - - return $this; - } - - /** - * Gets sub - * @return string - */ - public function getSub() - { - return $this->container['sub']; - } - - /** - * Sets sub - * @param string $sub Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. - * @return $this - */ - public function setSub($sub) - { - $this->container['sub'] = $sub; - - return $this; - } - /** - * Returns true if offset exists. False otherwise. - * @param integer $offset Offset - * @return boolean - */ - public function offsetExists($offset) - { - return isset($this->container[$offset]); - } - - /** - * Gets offset. - * @param integer $offset Offset - * @return mixed - */ - public function offsetGet($offset) - { - return isset($this->container[$offset]) ? $this->container[$offset] : null; - } - - /** - * Sets value based on offset. - * @param integer $offset Offset - * @param mixed $value Value to be set - * @return void - */ - public function offsetSet($offset, $value) - { - if (is_null($offset)) { - $this->container[] = $value; - } else { - $this->container[$offset] = $value; - } - } - - /** - * Unsets offset. - * @param integer $offset Offset - * @return void - */ - public function offsetUnset($offset) - { - unset($this->container[$offset]); - } - - /** - * Gets the string presentation of the object - * @return string - */ - public function __toString() - { - if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); - } - - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); - } -} - - diff --git a/sdk/php/swagger/lib/Model/WardenSubjectAuthorizationResponse.php b/sdk/php/swagger/lib/Model/WardenSubjectAuthorizationResponse.php deleted file mode 100644 index e9834f52b..000000000 --- a/sdk/php/swagger/lib/Model/WardenSubjectAuthorizationResponse.php +++ /dev/null @@ -1,267 +0,0 @@ - 'bool', - 'sub' => 'string' - ]; - - /** - * Array of property to format mappings. Used for (de)serialization - * @var string[] - */ - protected static $swaggerFormats = [ - 'allowed' => null, - 'sub' => null - ]; - - public static function swaggerTypes() - { - return self::$swaggerTypes; - } - - public static function swaggerFormats() - { - return self::$swaggerFormats; - } - - /** - * Array of attributes where the key is the local name, and the value is the original name - * @var string[] - */ - protected static $attributeMap = [ - 'allowed' => 'allowed', - 'sub' => 'sub' - ]; - - - /** - * Array of attributes to setter functions (for deserialization of responses) - * @var string[] - */ - protected static $setters = [ - 'allowed' => 'setAllowed', - 'sub' => 'setSub' - ]; - - - /** - * Array of attributes to getter functions (for serialization of requests) - * @var string[] - */ - protected static $getters = [ - 'allowed' => 'getAllowed', - 'sub' => 'getSub' - ]; - - public static function attributeMap() - { - return self::$attributeMap; - } - - public static function setters() - { - return self::$setters; - } - - public static function getters() - { - return self::$getters; - } - - - - - - /** - * Associative array for storing property values - * @var mixed[] - */ - protected $container = []; - - /** - * Constructor - * @param mixed[] $data Associated array of property values initializing the model - */ - public function __construct(array $data = null) - { - $this->container['allowed'] = isset($data['allowed']) ? $data['allowed'] : null; - $this->container['sub'] = isset($data['sub']) ? $data['sub'] : null; - } - - /** - * show all the invalid properties with reasons. - * - * @return array invalid properties with reasons - */ - public function listInvalidProperties() - { - $invalid_properties = []; - - return $invalid_properties; - } - - /** - * validate all the properties in the model - * return true if all passed - * - * @return bool True if all properties are valid - */ - public function valid() - { - - return true; - } - - - /** - * Gets allowed - * @return bool - */ - public function getAllowed() - { - return $this->container['allowed']; - } - - /** - * Sets allowed - * @param bool $allowed Allowed is true if the request is allowed and false otherwise. - * @return $this - */ - public function setAllowed($allowed) - { - $this->container['allowed'] = $allowed; - - return $this; - } - - /** - * Gets sub - * @return string - */ - public function getSub() - { - return $this->container['sub']; - } - - /** - * Sets sub - * @param string $sub Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. - * @return $this - */ - public function setSub($sub) - { - $this->container['sub'] = $sub; - - return $this; - } - /** - * Returns true if offset exists. False otherwise. - * @param integer $offset Offset - * @return boolean - */ - public function offsetExists($offset) - { - return isset($this->container[$offset]); - } - - /** - * Gets offset. - * @param integer $offset Offset - * @return mixed - */ - public function offsetGet($offset) - { - return isset($this->container[$offset]) ? $this->container[$offset] : null; - } - - /** - * Sets value based on offset. - * @param integer $offset Offset - * @param mixed $value Value to be set - * @return void - */ - public function offsetSet($offset, $value) - { - if (is_null($offset)) { - $this->container[] = $value; - } else { - $this->container[$offset] = $value; - } - } - - /** - * Unsets offset. - * @param integer $offset Offset - * @return void - */ - public function offsetUnset($offset) - { - unset($this->container[$offset]); - } - - /** - * Gets the string presentation of the object - * @return string - */ - public function __toString() - { - if (defined('JSON_PRETTY_PRINT')) { // use JSON pretty print - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this), JSON_PRETTY_PRINT); - } - - return json_encode(\keto\SDK\ObjectSerializer::sanitizeForSerialization($this)); - } -} - - diff --git a/sdk/php/swagger/lib/ObjectSerializer.php b/sdk/php/swagger/lib/ObjectSerializer.php index 303c5b21b..6055cded1 100644 --- a/sdk/php/swagger/lib/ObjectSerializer.php +++ b/sdk/php/swagger/lib/ObjectSerializer.php @@ -5,7 +5,7 @@ * PHP version 5 * * @category Class - * @package keto\SDK + * @package ketoSDK * @author Swagger Codegen team * @link https://github.com/swagger-api/swagger-codegen */ @@ -14,7 +14,7 @@ * Package main ORY Keto * * OpenAPI spec version: Latest - * Contact: hi@ory.am + * Contact: hi@ory.sh * Generated by: https://github.com/swagger-api/swagger-codegen.git * */ @@ -25,13 +25,13 @@ * Do not edit the class manually. */ -namespace keto\SDK; +namespace ketoSDK; /** * ObjectSerializer Class Doc Comment * * @category Class - * @package keto\SDK + * @package ketoSDK * @author Swagger Codegen team * @link https://github.com/swagger-api/swagger-codegen */ @@ -286,7 +286,7 @@ public static function deserialize($data, $class, $httpHeaders = null) // If a discriminator is defined and points to a valid subclass, use it. $discriminator = $class::DISCRIMINATOR; if (!empty($discriminator) && isset($data->{$discriminator}) && is_string($data->{$discriminator})) { - $subclass = '\keto\SDK\Model\\' . $data->{$discriminator}; + $subclass = '\ketoSDK\Model\\' . $data->{$discriminator}; if (is_subclass_of($subclass, $class)) { $class = $subclass; } diff --git a/storage/handler.go b/storage/handler.go new file mode 100644 index 000000000..5f26695e6 --- /dev/null +++ b/storage/handler.go @@ -0,0 +1,118 @@ +package storage + +import ( + "context" + "net/http" + + "github.com/julienschmidt/httprouter" + + "github.com/ory/herodot" + "github.com/ory/x/pagination" +) + +type Handler struct { + s Manager + h herodot.Writer +} + +func NewHandler(s Manager, h herodot.Writer) *Handler { + return &Handler{ + s: s, + h: h, + } +} + +type GetRequest struct { + Collection string + Key string + Value interface{} +} + +func (h *Handler) Get(factory func(context.Context, *http.Request, httprouter.Params) (*GetRequest, error)) httprouter.Handle { + return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { + ctx := r.Context() + d, err := factory(ctx, r, ps) + if err != nil { + h.h.WriteError(w, r, err) + return + } + + if err := h.s.Get(ctx, d.Collection, d.Key, d.Value); err != nil { + h.h.WriteError(w, r, err) + return + } + + h.h.Write(w, r, d.Value) + } +} + +type DeleteRequest struct { + Collection string + Key string +} + +func (h *Handler) Delete(factory func(context.Context, *http.Request, httprouter.Params) (*DeleteRequest, error)) httprouter.Handle { + return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { + ctx := r.Context() + d, err := factory(ctx, r, ps) + if err != nil { + h.h.WriteError(w, r, err) + return + } + + if err := h.s.Delete(ctx, d.Collection, d.Key); err != nil { + h.h.WriteError(w, r, err) + return + } + + w.WriteHeader(http.StatusNoContent) + } +} + +type ListRequest struct { + Collection string + Value interface{} +} + +func (h *Handler) List(factory func(context.Context, *http.Request, httprouter.Params) (*ListRequest, error)) httprouter.Handle { + return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { + ctx := r.Context() + l, err := factory(ctx, r, ps) + if err != nil { + h.h.WriteError(w, r, err) + return + } + + limit, offset := pagination.Parse(r, 100, 0, 500) + if err := h.s.List(ctx, l.Collection, l.Value, limit, offset); err != nil { + h.h.WriteError(w, r, err) + return + } + + h.h.Write(w, r, l.Value) + } +} + +type UpsertRequest struct { + Collection string + Key string + Value interface{} +} + +func (h *Handler) Upsert(factory func(context.Context, *http.Request, httprouter.Params) (*UpsertRequest, error)) httprouter.Handle { + return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { + ctx := r.Context() + u, err := factory(ctx, r, ps) + if err != nil { + h.h.WriteError(w, r, err) + return + } + + if err := h.s.Upsert(ctx, u.Collection, u.Key, u.Value); err != nil { + h.h.WriteError(w, r, err) + return + } + + h.h.Write(w, r, u.Value) + } +} diff --git a/storage/handler_test.go b/storage/handler_test.go new file mode 100644 index 000000000..c510d1465 --- /dev/null +++ b/storage/handler_test.go @@ -0,0 +1,130 @@ +package storage + +import ( + "bytes" + "context" + "fmt" + "io/ioutil" + "net/http" + "net/http/httptest" + "testing" + + "github.com/julienschmidt/httprouter" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/ory/herodot" +) + +func TestCRUD(t *testing.T) { + for k, m := range map[string]Manager{ + "memory": NewMemoryManager(), + } { + t.Run(fmt.Sprintf("manager=%s", k), func(t *testing.T) { + h := NewHandler(m, herodot.NewJSONWriter(nil)) + i := &mockHandler{c: "tests", sh: h} + r := httprouter.New() + i.Register(r) + ts := httptest.NewServer(r) + defer ts.Close() + + t.Run("case=404", func(t *testing.T) { + res, err := ts.Client().Get(ts.URL + "/1234") + require.NoError(t, err) + res.Body.Close() + assert.Equal(t, http.StatusNotFound, res.StatusCode) + }) + + t.Run("case=create", func(t *testing.T) { + res, err := ts.Client().Post(ts.URL+"/?key=1234&value=bar", "application/json", bytes.NewBuffer(nil)) + require.NoError(t, err) + res.Body.Close() + assert.Equal(t, http.StatusOK, res.StatusCode) + }) + + t.Run("case=get", func(t *testing.T) { + res, err := ts.Client().Get(ts.URL + "/1234") + require.NoError(t, err) + assert.Equal(t, http.StatusOK, res.StatusCode) + b, err := ioutil.ReadAll(res.Body) + require.NoError(t, err) + res.Body.Close() + assert.Equal(t, `"bar"`, string(b)) + }) + + t.Run("case=list", func(t *testing.T) { + res, err := ts.Client().Get(ts.URL + "/") + require.NoError(t, err) + assert.Equal(t, http.StatusOK, res.StatusCode) + b, err := ioutil.ReadAll(res.Body) + require.NoError(t, err) + res.Body.Close() + assert.Equal(t, `["bar"]`, string(b)) + }) + + t.Run("case=delete", func(t *testing.T) { + req, err := http.NewRequest("DELETE", ts.URL+"/1234", nil) + require.NoError(t, err) + res, err := ts.Client().Do(req) + require.NoError(t, err) + res.Body.Close() + assert.Equal(t, http.StatusNoContent, res.StatusCode) + }) + + t.Run("case=list", func(t *testing.T) { + res, err := ts.Client().Get(ts.URL + "/") + require.NoError(t, err) + assert.Equal(t, http.StatusOK, res.StatusCode) + b, err := ioutil.ReadAll(res.Body) + require.NoError(t, err) + res.Body.Close() + assert.Equal(t, `[]`, string(b)) + }) + + }) + } +} + +type mockHandler struct { + c string + sh *Handler +} + +func (e *mockHandler) Register(r *httprouter.Router) { + r.POST("/", e.sh.Upsert(e.create)) + r.GET("/", e.sh.List(e.list)) + r.GET("/:id", e.sh.Get(e.get)) + r.DELETE("/:id", e.sh.Delete(e.delete)) +} + +func (e *mockHandler) create(ctx context.Context, r *http.Request, ps httprouter.Params) (*UpsertRequest, error) { + return &UpsertRequest{ + Collection: e.c, + Key: r.URL.Query().Get("key"), + Value: r.URL.Query().Get("value"), + }, nil +} + +func (e *mockHandler) list(ctx context.Context, r *http.Request, ps httprouter.Params) (*ListRequest, error) { + var p []string + return &ListRequest{ + Collection: e.c, + Value: &p, + }, nil +} + +func (e *mockHandler) delete(ctx context.Context, r *http.Request, ps httprouter.Params) (*DeleteRequest, error) { + return &DeleteRequest{ + Collection: e.c, + Key: ps.ByName("id"), + }, nil +} + +func (e *mockHandler) get(ctx context.Context, r *http.Request, ps httprouter.Params) (*GetRequest, error) { + var p string + return &GetRequest{ + Collection: e.c, + Key: ps.ByName("id"), + Value: &p, + }, nil +} diff --git a/storage/manager.go b/storage/manager.go new file mode 100644 index 000000000..0fe498ed8 --- /dev/null +++ b/storage/manager.go @@ -0,0 +1,84 @@ +package storage + +import ( + "bytes" + "context" + "encoding/json" + + "github.com/open-policy-agent/opa/storage" + "github.com/open-policy-agent/opa/storage/inmem" + "github.com/pkg/errors" +) + +type Manager interface { + Get(ctx context.Context, collection string, key string, value interface{}) error + List(ctx context.Context, collection string, value interface{}, limit, offset int) error + Upsert(ctx context.Context, collection string, key string, value interface{}) error + Delete(ctx context.Context, collection string, key string) error + Storage(ctx context.Context, schema string, collections []string) (storage.Store, error) +} + +func roundTrip(in, out interface{}) error { + var b bytes.Buffer + + if err := json.NewEncoder(&b).Encode(in); err != nil { + return errors.WithStack(err) + } + + dec := json.NewDecoder(&b) + dec.DisallowUnknownFields() + if err := dec.Decode(out); err != nil { + return errors.WithStack(err) + } + + return nil +} + +func toRegoStore(ctx context.Context, schema string, collections []string, query func(context.Context, string) ([]json.RawMessage, error)) (storage.Store, error) { + var s map[string]interface{} + dec := json.NewDecoder(bytes.NewBufferString(schema)) + dec.UseNumber() + if err := dec.Decode(&s); err != nil { + return nil, errors.WithStack(err) + } + + db := inmem.NewFromObject(s) + txn, err := db.NewTransaction(ctx, storage.WriteParams) + if err != nil { + return nil, errors.WithStack(err) + } + + for _, c := range collections { + path, ok := storage.ParsePath(c) + if !ok { + return nil, errors.Errorf("unable to parse storage path: %s", c) + } + + var val []interface{} + var b bytes.Buffer + + d, err := query(ctx, c) + if err != nil { + return nil, err + } + + if err := json.NewEncoder(&b).Encode(d); err != nil { + return nil, errors.WithStack(err) + } + + dec := json.NewDecoder(&b) + dec.UseNumber() + if err := dec.Decode(&val); err != nil { + return nil, errors.WithStack(err) + } + + if err := db.Write(ctx, txn, storage.AddOp, path, val); err != nil { + return nil, errors.WithStack(err) + } + } + + if err := db.Commit(ctx, txn); err != nil { + return nil, errors.WithStack(err) + } + return db, nil +} diff --git a/storage/manager_memory.go b/storage/manager_memory.go new file mode 100644 index 000000000..64621a84d --- /dev/null +++ b/storage/manager_memory.go @@ -0,0 +1,128 @@ +package storage + +import ( + "bytes" + "context" + "encoding/json" + "sync" + + "github.com/open-policy-agent/opa/storage" + "github.com/pkg/errors" + + "github.com/ory/herodot" + "github.com/ory/x/pagination" +) + +type MemoryManager struct { + sync.RWMutex + items map[string][]memoryItem +} + +type memoryItem struct { + Key string + Data json.RawMessage +} + +func NewMemoryManager() *MemoryManager { + return &MemoryManager{ + items: map[string][]memoryItem{}, + } +} + +func (m *MemoryManager) collection(collection string) []memoryItem { + m.RLock() + v, ok := m.items[collection] + m.RUnlock() + if !ok { + m.Lock() + v = []memoryItem{} + m.items[collection] = v + m.Unlock() + } + return v +} + +func (m *MemoryManager) Upsert(_ context.Context, collection, key string, value interface{}) error { + b := bytes.NewBuffer(nil) + if err := json.NewEncoder(b).Encode(value); err != nil { + return errors.WithStack(err) + } + + // no need to evaluate, just create collection if necessary. + m.collection(collection) + m.Lock() + m.items[collection] = append(m.items[collection], memoryItem{Key: key, Data: b.Bytes()}) + m.Unlock() + + return nil +} + +func (m *MemoryManager) List(ctx context.Context, collection string, value interface{}, limit, offset int) error { + c := m.collection(collection) + start, end := pagination.Index(limit, offset, len(c)) + items := m.list(ctx, collection)[start:end] + return roundTrip(&items, value) +} + +func (m *MemoryManager) list(ctx context.Context, collection string) []json.RawMessage { + c := m.collection(collection) + items := make([]json.RawMessage, len(c)) + + m.RLock() + for k, i := range c { + items[k] = i.Data + } + m.RUnlock() + + return items +} + +func (m *MemoryManager) Get(_ context.Context, collection, key string, value interface{}) error { + c := m.collection(collection) + + m.RLock() + defer m.RUnlock() + + var v []byte + for _, i := range c { + if i.Key == key { + v = i.Data + break + } + } + + if len(v) == 0 { + return errors.WithStack(&herodot.ErrNotFound) + } + + b := bytes.NewBuffer(v) + d := json.NewDecoder(b) + d.DisallowUnknownFields() + if err := d.Decode(value); err != nil { + return errors.WithStack(err) + } + + return nil +} + +func (m *MemoryManager) Delete(_ context.Context, collection, key string) error { + // no need to evaluate, just create collection if necessary. + m.collection(collection) + + m.Lock() + for k, i := range m.items[collection] { + if i.Key == key { + m.items[collection] = append(m.items[collection][:k], m.items[collection][k+1:]...) + break + } + } + m.Unlock() + + return nil +} + +func (m *MemoryManager) Storage(ctx context.Context, schema string, collections []string) (storage.Store, error) { + return toRegoStore(ctx, schema, collections, func(i context.Context, s string) ([]json.RawMessage, error) { + return m.list(i, s), nil + }) +} diff --git a/storage/manager_sql.go b/storage/manager_sql.go new file mode 100644 index 000000000..74f07e4be --- /dev/null +++ b/storage/manager_sql.go @@ -0,0 +1,167 @@ +package storage + +import ( + "bytes" + "context" + "encoding/json" + + "github.com/jmoiron/sqlx" + "github.com/open-policy-agent/opa/storage" + "github.com/pkg/errors" + "github.com/rubenv/sql-migrate" + + "github.com/ory/x/dbal" + "github.com/ory/x/sqlcon" +) + +type sqlItem struct { + Key string `db:"pkey"` + Collection string `db:"collection"` + Data string `db:"document"` +} + +var Migrations = map[string]*migrate.MemoryMigrationSource{ + dbal.DriverMySQL: { + Migrations: []*migrate.Migration{ + { + Id: "1", + Up: []string{ + `CREATE TABLE IF NOT EXISTS rego_data ( + id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, + collection VARCHAR(64) NOT NULL, + pkey VARCHAR(64) NOT NULL, + document JSON, + UNIQUE KEY rego_data_uidx_ck (collection, pkey) +)`, + }, + Down: []string{ + "DROP TABLE rego_data", + }, + }, + }, + }, + dbal.DriverPostgreSQL: { + Migrations: []*migrate.Migration{ + { + Id: "1", + Up: []string{ + `CREATE TABLE IF NOT EXISTS rego_data ( + id SERIAL PRIMARY KEY, + collection VARCHAR(64) NOT NULL, + pkey VARCHAR(64) NOT NULL, + document JSON +)`, + `CREATE UNIQUE INDEX rego_data_uidx_ck ON rego_data (collection, pkey)`, + }, + Down: []string{ + "DROP TABLE rego_data", + }, + }, + }, + }, +} + +type SQLManager struct { + db *sqlx.DB +} + +func NewSQLManager(db *sqlx.DB) *SQLManager { + return &SQLManager{ + db: db, + } +} + +func (m *SQLManager) CreateSchemas(db *sqlx.DB) (int, error) { + migrate.SetTable("keto_storage_migration") + n, err := migrate.Exec(db.DB, db.DriverName(), Migrations[dbal.MustCanonicalize(db.DriverName())], migrate.Up) + if err != nil { + return 0, errors.Wrapf(err, "could not migrate sql schema completely, applied only %d migrations", n) + } + return n, nil +} + +func (m *SQLManager) Upsert(ctx context.Context, collection, key string, value interface{}) error { + b := bytes.NewBuffer(nil) + if err := json.NewEncoder(b).Encode(value); err != nil { + return errors.WithStack(err) + } + + var query string + switch database := dbal.Canonicalize(m.db.DriverName()); database { + case dbal.DriverMySQL: + query = "INSERT INTO rego_data (pkey, collection, document) VALUES (:pkey, :collection, :document) ON DUPLICATE KEY UPDATE document=:document" + case dbal.DriverPostgreSQL: + query = `INSERT INTO rego_data (pkey, collection, document) VALUES (:pkey, :collection, :document) ON CONFLICT(collection, pkey) DO UPDATE SET document = :document` + default: + return errors.Errorf("unknown database driver: %s", m.db.DriverName()) + } + + if _, err := m.db.NamedExecContext(ctx, query, &sqlItem{ + Key: key, + Collection: collection, + Data: b.String(), + }); err != nil { + return errors.WithStack(err) + } + + return nil +} + +func (m *SQLManager) List(ctx context.Context, collection string, value interface{}, limit, offset int) error { + var items []string + if err := m.db.SelectContext( + ctx, + &items, + m.db.Rebind("SELECT document FROM rego_data WHERE collection=? ORDER BY id ASC LIMIT ? OFFSET ?"), collection, limit, offset, + ); err != nil { + return sqlcon.HandleError(err) + } + + ji := make([]json.RawMessage, len(items)) + for k, v := range items { + ji[k] = json.RawMessage(v) + } + + return roundTrip(&ji, value) +} + +func (m *SQLManager) Get(ctx context.Context, collection, key string, value interface{}) error { + query := "SELECT document FROM rego_data WHERE collection=? AND pkey=?" + var item string + if err := m.db.GetContext( + ctx, + &item, + m.db.Rebind(query), collection, key, + ); err != nil { + return sqlcon.HandleError(err) + } + + ji := json.RawMessage(item) + return roundTrip(&ji, value) +} + +func (m *SQLManager) Delete(ctx context.Context, collection, key string) error { + query := "DELETE FROM rego_data WHERE pkey=:pkey AND collection=:collection" + if _, err := m.db.NamedExecContext(ctx, query, &sqlItem{ + Key: key, + Collection: collection, + }); err != nil { + return errors.WithStack(err) + } + + return nil +} + +func (m *SQLManager) Storage(ctx context.Context, schema string, collections []string) (storage.Store, error) { + return toRegoStore(ctx, schema, collections, func(i context.Context, s string) ([]json.RawMessage, error) { + var items []json.RawMessage + if err := m.db.SelectContext( + ctx, + &items, + m.db.Rebind("SELECT document FROM rego_data WHERE collection=? ORDER BY id ASC"), s, + ); err != nil { + return nil, errors.WithStack(err) + } + return items, nil + }) +} diff --git a/storage/manager_test.go b/storage/manager_test.go new file mode 100644 index 000000000..e24126df8 --- /dev/null +++ b/storage/manager_test.go @@ -0,0 +1,145 @@ +package storage + +import ( + "context" + "flag" + "fmt" + "log" + "sync" + "testing" + + _ "github.com/go-sql-driver/mysql" + _ "github.com/lib/pq" + "github.com/open-policy-agent/opa/storage" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/ory/x/sqlcon/dockertest" +) + +var managers = map[string]Manager{ + "memory": NewMemoryManager(), +} +var m sync.Mutex + +func TestMain(m *testing.M) { + runner := dockertest.Register() + + flag.Parse() + if !testing.Short() { + dockertest.Parallel([]func(){ + connectToPG, + connectToMySQL, + }) + } + + runner.Exit(m.Run()) +} + +func connectToMySQL() { + db, err := dockertest.ConnectToTestMySQL() + if err != nil { + log.Fatalf("Could not connect to database: %v", err) + } + + s := NewSQLManager(db) + m.Lock() + managers["mysql"] = s + m.Unlock() + + if _, err := s.CreateSchemas(db); err != nil { + log.Fatalf("Unable to create schemas: %s", err) + } +} + +func connectToPG() { + db, err := dockertest.ConnectToTestPostgreSQL() + if err != nil { + log.Fatalf("Could not connect to database: %v", err) + } + + s := NewSQLManager(db) + m.Lock() + managers["postgres"] = s + m.Unlock() + + if _, err := s.CreateSchemas(db); err != nil { + log.Fatalf("Unable to create schemas: %s", err) + } +} + +func TestMemoryManager(t *testing.T) { + for k, m := range managers { + t.Run(fmt.Sprintf("manager=%s", k), func(t *testing.T) { + ctx := context.Background() + + require.Error(t, m.Get(ctx, "test", "string", nil)) + + t.Run("case=string", func(t *testing.T) { + var vs string + require.NoError(t, m.Upsert(ctx, "test", "string", "foobar")) + require.NoError(t, m.Get(ctx, "test", "string", &vs)) + assert.EqualValues(t, "foobar", vs) + }) + + t.Run("case=int", func(t *testing.T) { + var vs int + require.NoError(t, m.Upsert(ctx, "test", "int", 1234)) + require.NoError(t, m.Get(ctx, "test", "int", &vs)) + assert.EqualValues(t, 1234, vs) + }) + + t.Run("case=list", func(t *testing.T) { + for i := 0; i < 10; i++ { + require.NoError(t, m.Upsert(ctx, "test-list", fmt.Sprintf("list-%d", i), i)) + } + + var v int + require.NoError(t, m.Get(ctx, "test-list", "list-1", &v)) + assert.EqualValues(t, 1, v) + + var vs []int + require.NoError(t, m.List(ctx, "test-list", &vs, 10, 0)) + assert.Len(t, vs, 10) + assert.EqualValues(t, []int{0, 1, 2, 3, 4, 5, 6, 7, 8, 9}, vs) + + require.NoError(t, m.List(ctx, "test-list", &vs, 5, 5)) + assert.Len(t, vs, 5) + assert.EqualValues(t, []int{5, 6, 7, 8, 9}, vs) + }) + + t.Run("case=delete", func(t *testing.T) { + for i := 0; i < 10; i++ { + require.NoError(t, m.Upsert(ctx, "test-delete", fmt.Sprintf("delete-%d", i), i)) + + var v int + require.NoError(t, m.Get(ctx, "test-delete", fmt.Sprintf("delete-%d", i), &v)) + assert.EqualValues(t, i, v) + require.NoError(t, m.Delete(ctx, "test-delete", fmt.Sprintf("delete-%d", i))) + require.Error(t, m.Get(ctx, "test-delete", fmt.Sprintf("delete-%d", i), &v)) + } + }) + + t.Run("case=storage", func(t *testing.T) { + for i := 0; i < 2; i++ { + require.NoError(t, m.Upsert(ctx, "/tests/storage/bars", fmt.Sprintf("list-%d", i), fmt.Sprintf("a-%d", i))) + require.NoError(t, m.Upsert(ctx, "/tests/storage/foos", fmt.Sprintf("list-%d", i), fmt.Sprintf("b-%d", i))) + } + + s, err := m.Storage(ctx, `{"tests": {"storage": {"foos": [], "bars": []}}}`, []string{"/tests/storage/foos", "/tests/storage/bars"}) + require.NoError(t, err) + + tx, err := s.NewTransaction(ctx) + require.NoError(t, err) + + res, err := s.Read(ctx, tx, storage.MustParsePath("/tests/storage/bars")) + require.NoError(t, err) + assert.Equal(t, `[a-0 a-1]`, fmt.Sprintf("%s", res)) + + res, err = s.Read(ctx, tx, storage.MustParsePath("/tests/storage/foos")) + require.NoError(t, err) + assert.Equal(t, `[b-0 b-1]`, fmt.Sprintf("%s", res)) + }) + }) + } +} diff --git a/tests/stubs/policies.json b/tests/stubs/policies.json new file mode 100644 index 000000000..3a7e19cc6 --- /dev/null +++ b/tests/stubs/policies.json @@ -0,0 +1,34 @@ +[ + { + "id": "policy-1", + "subjects": [ + "peter-1", + "group-1" + ], + "resources": [ + "resources-11", + "resources-12" + ], + "actions": [ + "actions-11", + "actions-12" + ], + "effect": "allow" + }, + { + "id": "policy-2", + "subjects": [ + "peter-2", + "group-2" + ], + "resources": [ + "resources-11", + "resources-12" + ], + "actions": [ + "actions-11", + "actions-12" + ], + "effect": "allow" + } +] diff --git a/tests/stubs/roles.json b/tests/stubs/roles.json new file mode 100644 index 000000000..45e60080f --- /dev/null +++ b/tests/stubs/roles.json @@ -0,0 +1,4 @@ +[ + {"id": "role-1", "members": ["peter-1", "maria-1"]}, + {"id": "role-2", "members": ["peter-2", "maria-2"]} +] diff --git a/warden/audit_logger_logrus.go b/warden/audit_logger_logrus.go deleted file mode 100644 index 891f0e383..000000000 --- a/warden/audit_logger_logrus.go +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -package warden - -import ( - "strings" - - "github.com/ory/ladon" - "github.com/sirupsen/logrus" -) - -// AuditLoggerLogrus outputs information about granting or rejecting policies. -type AuditLoggerLogrus struct { - Logger logrus.FieldLogger -} - -func (a *AuditLoggerLogrus) logger() logrus.FieldLogger { - if a.Logger == nil { - a.Logger = logrus.New() - } - return a.Logger -} - -func (a *AuditLoggerLogrus) LogRejectedAccessRequest(r *ladon.Request, p ladon.Policies, d ladon.Policies) { - if len(d) > 1 { - allowed := joinPoliciesNames(d[0 : len(d)-1]) - denied := d[len(d)-1].GetID() - a.logger(). - WithField("action", r.Action). - WithField("resource", r.Resource). - WithField("subject", r.Subject). - WithField("allowed_by", allowed). - WithField("denied_by", denied). - Print("Some policies allow this request, but one forcefully rejected it") - } else if len(d) == 1 { - denied := d[len(d)-1].GetID() - a.logger(). - WithField("action", r.Action). - WithField("resource", r.Resource). - WithField("subject", r.Subject). - WithField("denied_by", denied). - Print("A policy forcefully rejected this request") - } else { - a.logger(). - WithField("action", r.Action). - WithField("resource", r.Resource). - WithField("subject", r.Subject). - Print("Because no policy was found for this request, it is rejected") - } -} - -func (a *AuditLoggerLogrus) LogGrantedAccessRequest(r *ladon.Request, p ladon.Policies, d ladon.Policies) { - a.logger(). - WithField("action", r.Action). - WithField("resource", r.Resource). - WithField("subject", r.Subject). - WithField("allowed_by", joinPoliciesNames(d)). - Print("One or more policies granted this request.") -} - -func joinPoliciesNames(policies ladon.Policies) string { - var names []string - for _, policy := range policies { - names = append(names, policy.GetID()) - } - return strings.Join(names, ", ") -} diff --git a/warden/doc.go b/warden/doc.go deleted file mode 100644 index 660d358d7..000000000 --- a/warden/doc.go +++ /dev/null @@ -1,158 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - */ - -// Package warden implements endpoints capable of making access control decisions based on Access Control Policies -package warden - -import ( - "github.com/ory/keto/authentication" -) - -// swagger:parameters isSubjectAuthorized -type swaggerDoesWardenAllowAccessRequestParameters struct { - // in: body - Body AccessRequest -} - -// swagger:parameters isOAuth2AccessTokenAuthorized -type swaggerDoesWardenAllowTokenAccessRequestParameters struct { - // in: body - Body swaggerWardenTokenAccessRequest -} - -// swagger:parameters isOAuth2ClientAuthorized -type swaggerDoesWardenAllowClientRequestParameters struct { - // in: body - Body swaggerWardenClientAccessRequest -} - -// swager:model authorizedBaseRequest -type swaggerWardenBaseRequest struct { - - // Resource is the resource that access is requested to. - Resource string `json:"resource"` - - // Action is the action that is requested on the resource. - Action string `json:"action"` - - // Context is the request's environmental context. - Context map[string]interface{} `json:"context"` -} - -// swagger:model wardenOAuth2AccessTokenAuthorizationRequest -type swaggerWardenTokenAccessRequest struct { - authentication.AuthenticationOAuth2IntrospectionRequest - swaggerWardenBaseRequest -} - -// swagger:model wardenOAuth2ClientAuthorizationRequest -type swaggerWardenClientAccessRequest struct { - authentication.AuthenticationOAuth2ClientCredentialsRequest - swaggerWardenBaseRequest -} - -// swagger:model wardenOAuth2AccessTokenAuthorizationResponse -type oauth2Authorization struct { - authentication.OAuth2Session -} - -// swagger:model wardenSubjectAuthorizationResponse -type subjectAuthorization struct { - authentication.DefaultSession -} - -// swagger:model wardenOAuth2ClientAuthorizationResponse -type oauth2ClientAuthorization struct { - authentication.DefaultSession -} - -// swagger:route POST /warden/oauth2/access-tokens/authorize warden isOAuth2AccessTokenAuthorized -// -// Check if an OAuth 2.0 access token is authorized to access a resource -// -// Checks if a token is valid and if the token subject is allowed to perform an action on a resource. -// This endpoint requires a token, a scope, a resource name, an action name and a context. -// -// -// If a token is expired/invalid, has not been granted the requested scope or the subject is not allowed to -// perform the action on the resource, this endpoint returns a 200 response with `{ "allowed": false }`. -// -// -// This endpoint passes all data from the upstream OAuth 2.0 token introspection endpoint. If you use ORY Hydra as an -// upstream OAuth 2.0 provider, data set through the `accessTokenExtra` field in the consent flow will be included in this -// response as well. -// -// Consumes: -// - application/json -// -// Produces: -// - application/json -// -// Schemes: http, https -// -// Responses: -// 200: wardenOAuth2AccessTokenAuthorizationResponse -// 401: genericError -// 403: genericError -// 500: genericError -func swaggerOAuth2AccessTokensMock() {} - -// swagger:route POST /warden/oauth2/clients/authorize warden isOAuth2ClientAuthorized -// -// Check if an OAuth 2.0 Client is authorized to access a resource -// -// Checks if an OAuth 2.0 Client provided the correct access credentials and and if the client is allowed to perform -// an action on a resource. This endpoint requires a client id, a client secret, a scope, a resource name, an action name and a context. -// -// Consumes: -// - application/json -// -// Produces: -// - application/json -// -// Schemes: http, https -// -// Responses: -// 200: wardenOAuth2ClientAuthorizationResponse -// 401: genericError -// 403: genericError -// 500: genericError -func swaggerOAuth2ClientsMock() {} - -// swagger:route POST /warden/subjects/authorize warden isSubjectAuthorized -// -// Check if a subject is authorized to access a resource -// -// Checks if a subject (e.g. user ID, API key, ...) is allowed to perform a certain action on a resource. -// -// Consumes: -// - application/json -// -// Produces: -// - application/json -// -// Schemes: http, https -// -// Responses: -// 200: wardenSubjectAuthorizationResponse -// 401: genericError -// 403: genericError -// 500: genericError -func swaggerSubjectMock() {} diff --git a/warden/handler.go b/warden/handler.go deleted file mode 100644 index 0b5029354..000000000 --- a/warden/handler.go +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - */ - -package warden - -import ( - "encoding/json" - "fmt" - "net/http" - - "bytes" - "io/ioutil" - - "github.com/julienschmidt/httprouter" - "github.com/ory/herodot" - "github.com/ory/keto/authentication" - "github.com/pkg/errors" -) - -const ( - AuthenticatorHandlerPath = "/warden/%s/authorize" - - // AllowedHandlerPath points to the access request validation endpoint. - //AllowedHandlerPath = "/warden/oauth2/access-tokens/authorize" - //AllowedHandlerPath = "/warden/oauth2/clients/authorize" - //AllowedHandlerPath = "/warden/subjects/authorize" - //AllowedHandlerPath = "/warden/jwt/authorize" - //AllowedHandlerPath = "/warden/saml/authorize" -) - -var notAllowed = struct { - Allowed bool `json:"allowed"` -}{Allowed: false} - -// Handler is capable of handling HTTP request and validating access tokens and access requests. -type Handler struct { - H herodot.Writer - Warden Firewall - - ResourcePrefix string - authenticators map[string]authentication.Authenticator -} - -func NewHandler(writer herodot.Writer, warden Firewall, authenticators map[string]authentication.Authenticator) *Handler { - h := &Handler{ - H: writer, - Warden: warden, - authenticators: authenticators, - } - - return h -} - -func (h *Handler) SetRoutes(r *httprouter.Router) { - for k, a := range h.authenticators { - r.POST(fmt.Sprintf(AuthenticatorHandlerPath, k), h.authorized(a)) - } -} - -func (h *Handler) authorized(authenticator authentication.Authenticator) func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { - return func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { - all, err := ioutil.ReadAll(r.Body) - if err != nil { - h.H.WriteError(w, r, errors.WithStack(err)) - return - } - - var ctx = r.Context() - r.Body = ioutil.NopCloser(bytes.NewReader(all)) - session, err := authenticator.Authenticate(r) - if err != nil && errors.Cause(err).Error() == authentication.ErrUnauthorized.Error() { - h.H.Write(w, r, ¬Allowed) - return - } else if err != nil { - h.H.WriteError(w, r, err) - return - } - - var access AccessRequest - if err := json.Unmarshal(all, &access); err != nil { - h.H.WriteError(w, r, errors.WithStack(err)) - return - } - - access.Subject = session.GetSubject() - if err := h.Warden.IsAllowed(ctx, &access); err != nil { - h.H.Write(w, r, ¬Allowed) - return - } - - session.GrantAccess() - h.H.Write(w, r, session) - } -} diff --git a/warden/helper_test.go b/warden/helper_test.go deleted file mode 100644 index 74bd27682..000000000 --- a/warden/helper_test.go +++ /dev/null @@ -1,137 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - */ - -package warden_test - -import ( - "os" - "testing" - - "github.com/ory/keto/role" - "github.com/ory/keto/warden" - "github.com/ory/ladon" - "github.com/ory/ladon/manager/memory" - "github.com/sirupsen/logrus" -) - -var ( - accessRequestTestCases = []struct { - req *warden.AccessRequest - expectErr bool - }{ - { - req: &warden.AccessRequest{ - Subject: "alice", - Resource: "other-thing", - Action: "create", - Context: ladon.Context{}, - }, - expectErr: true, - }, - { - req: &warden.AccessRequest{ - Subject: "alice", - Resource: "matrix", - Action: "delete", - Context: ladon.Context{}, - }, - expectErr: true, - }, - { - req: &warden.AccessRequest{ - Subject: "alice", - Resource: "matrix", - Action: "create", - Context: ladon.Context{}, - }, - expectErr: false, - }, - { - req: &warden.AccessRequest{ - Subject: "ken", - Resource: "forbidden_matrix", - Action: "create", - Context: ladon.Context{}, - }, - expectErr: true, - }, - { - req: &warden.AccessRequest{ - Subject: "ken", - Resource: "allowed_matrix", - Action: "create", - Context: ladon.Context{}, - }, - expectErr: false, - }, - } - wardens = map[string]warden.Firewall{} - ladonWarden = &ladon.Ladon{ - Manager: &memory.MemoryManager{ - Policies: map[string]ladon.Policy{ - "1": &ladon.DefaultPolicy{ - ID: "1", - Subjects: []string{"alice", "group1", "client"}, - Resources: []string{"matrix", "forbidden_matrix", "rn:hydra:token<.*>"}, - Actions: []string{"create", "decide"}, - Effect: ladon.AllowAccess, - }, - "2": &ladon.DefaultPolicy{ - ID: "2", - Subjects: []string{"siri"}, - Resources: []string{"<.*>"}, - Actions: []string{"decide"}, - Effect: ladon.AllowAccess, - }, - "3": &ladon.DefaultPolicy{ - ID: "3", - Subjects: []string{"group1"}, - Resources: []string{"forbidden_matrix", "rn:hydra:token<.*>"}, - Actions: []string{"create", "decide"}, - Effect: ladon.DenyAccess, - }, - "4": &ladon.DefaultPolicy{ - ID: "4", - Subjects: []string{"group1"}, - Resources: []string{"allowed_matrix", "rn:hydra:token<.*>"}, - Actions: []string{"create", "decide"}, - Effect: ladon.AllowAccess, - }, - }, - }, - } -) - -func TestMain(m *testing.M) { - wardens["local"] = &warden.Warden{ - L: logrus.New(), - Warden: ladonWarden, - Roles: &role.MemoryManager{ - Roles: map[string]role.Role{ - "group1": { - ID: "group1", - Members: []string{"ken"}, - }, - }, - }, - } - - os.Exit(m.Run()) -} diff --git a/warden/sdk_test.go b/warden/sdk_test.go deleted file mode 100644 index bea949bb3..000000000 --- a/warden/sdk_test.go +++ /dev/null @@ -1,154 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - */ - -package warden_test - -import ( - "fmt" - "net/http" - "net/http/httptest" - "testing" - "time" - - "github.com/julienschmidt/httprouter" - "github.com/ory/fosite" - "github.com/ory/herodot" - "github.com/ory/keto/authentication" - keto "github.com/ory/keto/sdk/go/keto/swagger" - "github.com/ory/keto/warden" - "github.com/ory/ladon" - "github.com/pkg/errors" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - "golang.org/x/oauth2" -) - -func setupMockOAuth2Introspection(t *testing.T) *httptest.Server { - h := herodot.NewJSONWriter(nil) - router := httprouter.New() - router.POST("/oauth2/token", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { - if u, p, ok := r.BasicAuth(); !ok || u != "client" || p != "secret" { - h.WriteError(w, r, errors.New("Basic auth failed")) - return - } - h.Write(w, r, oauth2.Token{ - AccessToken: "access_token", - TokenType: "bearer", - Expiry: time.Now().Add(time.Hour), - }) - }) - - router.POST("/oauth2/introspect", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { - if r.Header.Get("Authorization") != "Bearer access_token" { - h.WriteError(w, r, errors.Errorf("Auth failed: %s", r.Header.Get("Authorization"))) - return - } - - if err := r.ParseForm(); err != nil { - h.WriteError(w, r, err) - return - } - - if r.PostForm.Get("token") != "alice_token" && r.PostForm.Get("scope") != "fooscope" { - h.WriteError(w, r, errors.New("Req failed")) - return - } - - h.Write(w, r, authentication.IntrospectionResponse{ - Active: true, - Subject: "alice", - Scope: "fooscope", - }) - }) - return httptest.NewServer(router) -} - -func TestWardenSDK(t *testing.T) { - oauth2Server := setupMockOAuth2Introspection(t) - - router := httprouter.New() - - handler := warden.NewHandler(herodot.NewJSONWriter(nil), wardens["local"], map[string]authentication.Authenticator{ - "subjects": authentication.NewPlaintextAuthentication(), - "oauth2/access-tokens": authentication.NewOAuth2IntrospectionAuthentication( - "client", - "secret", - oauth2Server.URL+"/oauth2/token", - oauth2Server.URL+"/oauth2/introspect", - []string{""}, - fosite.HierarchicScopeStrategy, - ), - "oauth2/clients": authentication.NewOAuth2ClientCredentialsAuthentication( - oauth2Server.URL + "/oauth2/token", - ), - }) - handler.SetRoutes(router) - server := httptest.NewServer(router) - - client := keto.NewWardenApiWithBasePath(server.URL) - - t.Run("IsSubjectAuthorized", func(t *testing.T) { - for k, c := range accessRequestTestCases { - t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) { - result, response, err := client.IsSubjectAuthorized(keto.WardenSubjectAuthorizationRequest{ - Action: c.req.Action, - Resource: c.req.Resource, - Subject: c.req.Subject, - Context: c.req.Context, - }) - - require.NoError(t, err, "%s", response.Payload) - require.Equal(t, http.StatusOK, response.StatusCode) - assert.Equal(t, !c.expectErr, result.Allowed) - }) - } - }) - - t.Run("IsOAuth2AccessTokenAuthorized", func(t *testing.T) { - result, response, err := client.IsOAuth2AccessTokenAuthorized(keto.WardenOAuth2AccessTokenAuthorizationRequest{ - Resource: "matrix", - Action: "create", - Context: ladon.Context{}, - Token: "alice_token", - Scope: []string{"fooscope"}, - }) - - require.NoError(t, err, "%s", response.Payload) - require.Equal(t, http.StatusOK, response.StatusCode, "%s", response.Payload) - assert.True(t, result.Allowed) - assert.EqualValues(t, "alice", result.Sub) - }) - - t.Run("IsOAuth2ClientAuthorized", func(t *testing.T) { - result, response, err := client.IsOAuth2ClientAuthorized(keto.WardenOAuth2ClientAuthorizationRequest{ - Resource: "matrix", - Action: "create", - ClientId: "client", - ClientSecret: "secret", - Context: ladon.Context{}, - Scope: []string{"fooscope"}, - }) - - require.NoError(t, err, "%s", response.Payload) - require.Equal(t, http.StatusOK, response.StatusCode, "%s", response.Payload) - assert.True(t, result.Allowed) - assert.EqualValues(t, "client", result.Sub) - }) -} diff --git a/warden/warden.go b/warden/warden.go deleted file mode 100644 index da4275d51..000000000 --- a/warden/warden.go +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @Copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - * - */ - -// Package warden defines an API for validating access requests. -package warden - -import ( - "context" -) - -// AccessRequest is the warden's request object. -// -// swagger:model WardenSubjectAuthorizationRequest -type AccessRequest struct { - // Resource is the resource that access is requested to. - Resource string `json:"resource"` - - // Action is the action that is requested on the resource. - Action string `json:"action"` - - // Subejct is the subject that is requesting access. - Subject string `json:"subject"` - - // Context is the request's environmental context. - Context map[string]interface{} `json:"context"` -} - -// Firewall offers various validation strategies for access tokens. -type Firewall interface { - // IsAllowed uses policies to return nil if the access request can be fulfilled or an error if not. - // - // ctx, err := firewall.IsAllowed(context.Background(), &AccessRequest{ - // Subject: "alice", - // Resource: "matrix", - // Action: "create", - // Context: ladon.Context{}, - // }, "photos", "files") - // - // fmt.Sprintf("%s", ctx.Subject) - IsAllowed(ctx context.Context, accessRequest *AccessRequest) error -} diff --git a/warden/warden_local.go b/warden/warden_local.go deleted file mode 100644 index fef159194..000000000 --- a/warden/warden_local.go +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - */ - -package warden - -import ( - "context" - - "github.com/ory/fosite" - "github.com/ory/keto/role" - "github.com/ory/ladon" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" -) - -func NewWarden( - warden ladon.Warden, - roles role.Manager, - l logrus.FieldLogger) *Warden { - return &Warden{ - Warden: warden, - Roles: roles, - L: l, - } -} - -type Warden struct { - Warden ladon.Warden - Roles role.Manager - L logrus.FieldLogger -} - -func (w *Warden) IsAllowed(ctx context.Context, a *AccessRequest) error { - if err := w.isAllowed(ctx, &ladon.Request{ - Resource: a.Resource, - Action: a.Action, - Subject: a.Subject, - Context: a.Context, - }); err != nil { - w.L.WithFields(logrus.Fields{ - "subject": a.Subject, - "request": a, - "reason": "The policy decision point denied the request", - }).WithError(err).Infof("Access denied") - return err - } - - w.L.WithFields(logrus.Fields{ - "subject": a.Subject, - "request": a, - "reason": "The policy decision point allowed the request", - }).Infof("Access allowed") - return nil -} - -func (w *Warden) isAllowed(ctx context.Context, a *ladon.Request) error { - roles, err := w.Roles.FindRolesByMember(a.Subject, 10000, 0) - if err != nil { - return err - } - - errs := make([]error, len(roles)+1) - errs[0] = w.Warden.IsAllowed(&ladon.Request{ - Resource: a.Resource, - Action: a.Action, - Subject: a.Subject, - Context: a.Context, - }) - - for k, g := range roles { - errs[k+1] = w.Warden.IsAllowed(&ladon.Request{ - Resource: a.Resource, - Action: a.Action, - Subject: g.ID, - Context: a.Context, - }) - } - - for _, err := range errs { - if errors.Cause(err) == ladon.ErrRequestForcefullyDenied { - return errors.Wrap(fosite.ErrRequestForbidden, err.Error()) - } - } - - // If no one explicitly denies the access request (e.g. some group), it's ok to return with "access granted" - // if at least one of the decisions is positive (no error) - for _, err := range errs { - if err == nil { - return nil - } - } - - return errors.Wrap(fosite.ErrRequestForbidden, ladon.ErrRequestDenied.Error()) -} diff --git a/warden/warden_test.go b/warden/warden_test.go deleted file mode 100644 index d7f6273cc..000000000 --- a/warden/warden_test.go +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright © 2015-2018 Aeneas Rekkas - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * @author Aeneas Rekkas - * @copyright 2015-2018 Aeneas Rekkas - * @license Apache-2.0 - */ - -package warden_test - -import ( - "context" - "fmt" - "testing" - - "github.com/stretchr/testify/require" -) - -func TestAllowed(t *testing.T) { - for n, w := range wardens { - t.Run("warden="+n, func(t *testing.T) { - for k, c := range accessRequestTestCases { - t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) { - err := w.IsAllowed(context.Background(), c.req) - if c.expectErr { - require.Error(t, err) - } else { - require.NoError(t, err) - } - }) - } - }) - } -} diff --git a/x/response.go b/x/response.go new file mode 100644 index 000000000..ca5457e38 --- /dev/null +++ b/x/response.go @@ -0,0 +1,28 @@ +package x + +import ( + "bytes" + "io/ioutil" + "net/http" + "testing" + + "github.com/stretchr/testify/require" + + "github.com/ory/keto/sdk/go/keto/swagger" + "github.com/ory/x/cmdx" +) + +func CheckResponse(err error, expectedStatusCode int, response *swagger.APIResponse) { + var r *http.Response + if response != nil { + r = response.Response + r.Body = ioutil.NopCloser(bytes.NewBuffer(response.Payload)) + } + + cmdx.CheckResponse(err, expectedStatusCode, r) +} + +func CheckResponseTest(t *testing.T, err error, expectedStatusCode int, response *swagger.APIResponse) { + require.NoError(t, err, "%s %s: %s", response.Request.Method, response.RequestURL, response.Payload) + require.Equal(t, expectedStatusCode, response.StatusCode, "%s %s (%d): %s", response.Request.Method, response.RequestURL, response.StatusCode, response.Payload) +}