From 31589cf0b5249416d4703ec448b3f749638dce91 Mon Sep 17 00:00:00 2001 From: robinbraemer Date: Fri, 13 Nov 2020 20:54:11 +0100 Subject: [PATCH 01/21] chore: make all go packages internal Exposing nothing by default to keep our package API slim and later decide what to expose via `pkg`. --- cmd/relationtuple/create.go | 2 +- cmd/relationtuple/get.go | 2 +- cmd/serve.go | 8 ++++---- {check => internal/check}/engine.go | 2 +- {check => internal/check}/engine_test.go | 6 +++--- {check => internal/check}/handler.go | 4 ++-- .../driver}/configuration/provider.go | 0 .../driver}/configuration/provider_viper.go | 0 {driver => internal/driver}/driver.go | 2 +- {driver => internal/driver}/driver_default.go | 2 +- {driver => internal/driver}/registry.go | 4 ++-- {driver => internal/driver}/registry_default.go | 12 ++++++------ {expand => internal/expand}/engine.go | 2 +- {expand => internal/expand}/engine_test.go | 6 +++--- {expand => internal/expand}/handler.go | 4 ++-- {expand => internal/expand}/tree.go | 2 +- {persistence => internal/persistence}/definitions.go | 2 +- .../persistence}/memory/definitions.go | 2 +- .../persistence}/memory/relationtuples.go | 4 ++-- .../persistence}/memory/relationtuples_test.go | 2 +- .../relationtuple}/REQUIREMENTS.md | 0 .../relationtuple}/definitions.go | 2 +- .../relationtuple}/grpc_server.go | 2 +- {relationtuple => internal/relationtuple}/handler.go | 2 +- .../relationtuple}/relationtuple.pb.go | 0 .../relationtuple}/relationtuple.proto | 0 .../relationtuple}/relationtuple_grpc.pb.go | 0 {x => internal/x}/pagination.go | 0 {x => internal/x}/registry.go | 0 29 files changed, 37 insertions(+), 37 deletions(-) rename {check => internal/check}/engine.go (97%) rename {check => internal/check}/engine_test.go (98%) rename {check => internal/check}/handler.go (93%) rename {driver => internal/driver}/configuration/provider.go (100%) rename {driver => internal/driver}/configuration/provider_viper.go (100%) rename {driver => internal/driver}/driver.go (63%) rename {driver => internal/driver}/driver_default.go (93%) rename {driver => internal/driver}/registry.go (91%) rename {driver => internal/driver}/registry_default.go (79%) rename {expand => internal/expand}/engine.go (96%) rename {expand => internal/expand}/engine_test.go (97%) rename {expand => internal/expand}/handler.go (92%) rename {expand => internal/expand}/tree.go (95%) rename {persistence => internal/persistence}/definitions.go (64%) rename {persistence => internal/persistence}/memory/definitions.go (84%) rename {persistence => internal/persistence}/memory/relationtuples.go (96%) rename {persistence => internal/persistence}/memory/relationtuples_test.go (98%) rename {relationtuple => internal/relationtuple}/REQUIREMENTS.md (100%) rename {relationtuple => internal/relationtuple}/definitions.go (99%) rename {relationtuple => internal/relationtuple}/grpc_server.go (97%) rename {relationtuple => internal/relationtuple}/handler.go (97%) rename {relationtuple => internal/relationtuple}/relationtuple.pb.go (100%) rename {relationtuple => internal/relationtuple}/relationtuple.proto (100%) rename {relationtuple => internal/relationtuple}/relationtuple_grpc.pb.go (100%) rename {x => internal/x}/pagination.go (100%) rename {x => internal/x}/registry.go (100%) diff --git a/cmd/relationtuple/create.go b/cmd/relationtuple/create.go index 58a571b35..5662cf4b7 100644 --- a/cmd/relationtuple/create.go +++ b/cmd/relationtuple/create.go @@ -7,7 +7,7 @@ import ( "io" "os" - "github.com/ory/keto/relationtuple" + "github.com/ory/keto/internal/relationtuple" "github.com/spf13/cobra" diff --git a/cmd/relationtuple/get.go b/cmd/relationtuple/get.go index c93a1fd79..25be4750e 100644 --- a/cmd/relationtuple/get.go +++ b/cmd/relationtuple/get.go @@ -5,7 +5,7 @@ import ( "fmt" "strings" - "github.com/ory/keto/relationtuple" + "github.com/ory/keto/internal/relationtuple" "github.com/spf13/pflag" diff --git a/cmd/serve.go b/cmd/serve.go index 4a0cb7311..52d05400d 100644 --- a/cmd/serve.go +++ b/cmd/serve.go @@ -21,9 +21,9 @@ import ( "os" "sync" - "github.com/ory/keto/expand" + "github.com/ory/keto/internal/expand" - "github.com/ory/keto/check" + "github.com/ory/keto/internal/check" "github.com/julienschmidt/httprouter" "github.com/spf13/cobra" @@ -31,8 +31,8 @@ import ( "github.com/ory/graceful" - "github.com/ory/keto/driver" - "github.com/ory/keto/relationtuple" + "github.com/ory/keto/internal/driver" + "github.com/ory/keto/internal/relationtuple" "github.com/ory/x/viperx" diff --git a/check/engine.go b/internal/check/engine.go similarity index 97% rename from check/engine.go rename to internal/check/engine.go index 6ac859d22..8c5f14380 100644 --- a/check/engine.go +++ b/internal/check/engine.go @@ -5,7 +5,7 @@ import ( "fmt" "os" - "github.com/ory/keto/relationtuple" + "github.com/ory/keto/internal/relationtuple" ) type ( diff --git a/check/engine_test.go b/internal/check/engine_test.go similarity index 98% rename from check/engine_test.go rename to internal/check/engine_test.go index 383660189..c31eb4610 100644 --- a/check/engine_test.go +++ b/internal/check/engine_test.go @@ -4,14 +4,14 @@ import ( "context" "testing" - "github.com/ory/keto/relationtuple" + "github.com/ory/keto/internal/relationtuple" - "github.com/ory/keto/check" + "github.com/ory/keto/internal/check" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/ory/keto/driver" + "github.com/ory/keto/internal/driver" ) func TestEngine(t *testing.T) { diff --git a/check/handler.go b/internal/check/handler.go similarity index 93% rename from check/handler.go rename to internal/check/handler.go index d8e3fb839..b3c2ccb07 100644 --- a/check/handler.go +++ b/internal/check/handler.go @@ -3,11 +3,11 @@ package check import ( "net/http" - "github.com/ory/keto/relationtuple" + "github.com/ory/keto/internal/relationtuple" "github.com/julienschmidt/httprouter" - "github.com/ory/keto/x" + "github.com/ory/keto/internal/x" ) type ( diff --git a/driver/configuration/provider.go b/internal/driver/configuration/provider.go similarity index 100% rename from driver/configuration/provider.go rename to internal/driver/configuration/provider.go diff --git a/driver/configuration/provider_viper.go b/internal/driver/configuration/provider_viper.go similarity index 100% rename from driver/configuration/provider_viper.go rename to internal/driver/configuration/provider_viper.go diff --git a/driver/driver.go b/internal/driver/driver.go similarity index 63% rename from driver/driver.go rename to internal/driver/driver.go index f36494844..7cef9b5e0 100644 --- a/driver/driver.go +++ b/internal/driver/driver.go @@ -1,6 +1,6 @@ package driver -import "github.com/ory/keto/driver/configuration" +import "github.com/ory/keto/internal/driver/configuration" type Driver interface { Configuration() configuration.Provider diff --git a/driver/driver_default.go b/internal/driver/driver_default.go similarity index 93% rename from driver/driver_default.go rename to internal/driver/driver_default.go index 50afc7a34..a3a546d3c 100644 --- a/driver/driver_default.go +++ b/internal/driver/driver_default.go @@ -3,7 +3,7 @@ package driver import ( "github.com/ory/x/logrusx" - "github.com/ory/keto/driver/configuration" + "github.com/ory/keto/internal/driver/configuration" ) type DefaultDriver struct { diff --git a/driver/registry.go b/internal/driver/registry.go similarity index 91% rename from driver/registry.go rename to internal/driver/registry.go index 9f4c54f39..5f4f45bea 100644 --- a/driver/registry.go +++ b/internal/driver/registry.go @@ -8,8 +8,8 @@ import ( "github.com/ory/x/logrusx" "github.com/ory/x/tracing" - "github.com/ory/keto/driver/configuration" - "github.com/ory/keto/x" + "github.com/ory/keto/internal/driver/configuration" + "github.com/ory/keto/internal/x" ) type Registry interface { diff --git a/driver/registry_default.go b/internal/driver/registry_default.go similarity index 79% rename from driver/registry_default.go rename to internal/driver/registry_default.go index ef6355033..d01f68d34 100644 --- a/driver/registry_default.go +++ b/internal/driver/registry_default.go @@ -4,15 +4,15 @@ import ( "github.com/ory/herodot" "github.com/ory/x/logrusx" - "github.com/ory/keto/persistence" + "github.com/ory/keto/internal/persistence" - "github.com/ory/keto/expand" + "github.com/ory/keto/internal/expand" - "github.com/ory/keto/check" + "github.com/ory/keto/internal/check" - "github.com/ory/keto/persistence/memory" - "github.com/ory/keto/relationtuple" - "github.com/ory/keto/x" + "github.com/ory/keto/internal/persistence/memory" + "github.com/ory/keto/internal/relationtuple" + "github.com/ory/keto/internal/x" ) var _ relationtuple.ManagerProvider = &RegistryDefault{} diff --git a/expand/engine.go b/internal/expand/engine.go similarity index 96% rename from expand/engine.go rename to internal/expand/engine.go index 6db3fecda..39a014666 100644 --- a/expand/engine.go +++ b/internal/expand/engine.go @@ -3,7 +3,7 @@ package expand import ( "context" - "github.com/ory/keto/relationtuple" + "github.com/ory/keto/internal/relationtuple" ) type ( diff --git a/expand/engine_test.go b/internal/expand/engine_test.go similarity index 97% rename from expand/engine_test.go rename to internal/expand/engine_test.go index 7c218840b..d1d7bc44f 100644 --- a/expand/engine_test.go +++ b/internal/expand/engine_test.go @@ -4,14 +4,14 @@ import ( "context" "testing" - "github.com/ory/keto/relationtuple" + "github.com/ory/keto/internal/relationtuple" - "github.com/ory/keto/expand" + "github.com/ory/keto/internal/expand" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/ory/keto/driver" + "github.com/ory/keto/internal/driver" ) func newTestEngine(_ *testing.T) (*driver.RegistryDefault, *expand.Engine) { diff --git a/expand/handler.go b/internal/expand/handler.go similarity index 92% rename from expand/handler.go rename to internal/expand/handler.go index cc4728b7a..f1452f3f7 100644 --- a/expand/handler.go +++ b/internal/expand/handler.go @@ -4,11 +4,11 @@ import ( "net/http" "strconv" - "github.com/ory/keto/relationtuple" + "github.com/ory/keto/internal/relationtuple" "github.com/julienschmidt/httprouter" - "github.com/ory/keto/x" + "github.com/ory/keto/internal/x" ) type ( diff --git a/expand/tree.go b/internal/expand/tree.go similarity index 95% rename from expand/tree.go rename to internal/expand/tree.go index 4dad3ad73..17ae3c4f2 100644 --- a/expand/tree.go +++ b/internal/expand/tree.go @@ -3,7 +3,7 @@ package expand import ( "errors" - "github.com/ory/keto/relationtuple" + "github.com/ory/keto/internal/relationtuple" ) type ( diff --git a/persistence/definitions.go b/internal/persistence/definitions.go similarity index 64% rename from persistence/definitions.go rename to internal/persistence/definitions.go index 425f0cf0a..245b09fc1 100644 --- a/persistence/definitions.go +++ b/internal/persistence/definitions.go @@ -1,7 +1,7 @@ package persistence import ( - "github.com/ory/keto/relationtuple" + "github.com/ory/keto/internal/relationtuple" ) type Persister interface { diff --git a/persistence/memory/definitions.go b/internal/persistence/memory/definitions.go similarity index 84% rename from persistence/memory/definitions.go rename to internal/persistence/memory/definitions.go index 83bf9d26e..0fa3810b6 100644 --- a/persistence/memory/definitions.go +++ b/internal/persistence/memory/definitions.go @@ -3,7 +3,7 @@ package memory import ( "sync" - "github.com/ory/keto/relationtuple" + "github.com/ory/keto/internal/relationtuple" ) type Persister struct { diff --git a/persistence/memory/relationtuples.go b/internal/persistence/memory/relationtuples.go similarity index 96% rename from persistence/memory/relationtuples.go rename to internal/persistence/memory/relationtuples.go index 0635c618e..2a15d2695 100644 --- a/persistence/memory/relationtuples.go +++ b/internal/persistence/memory/relationtuples.go @@ -3,9 +3,9 @@ package memory import ( "context" - "github.com/ory/keto/x" + "github.com/ory/keto/internal/x" - "github.com/ory/keto/relationtuple" + "github.com/ory/keto/internal/relationtuple" ) type ( diff --git a/persistence/memory/relationtuples_test.go b/internal/persistence/memory/relationtuples_test.go similarity index 98% rename from persistence/memory/relationtuples_test.go rename to internal/persistence/memory/relationtuples_test.go index b0e210778..d94335be9 100644 --- a/persistence/memory/relationtuples_test.go +++ b/internal/persistence/memory/relationtuples_test.go @@ -5,7 +5,7 @@ import ( "fmt" "testing" - "github.com/ory/keto/relationtuple" + "github.com/ory/keto/internal/relationtuple" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/relationtuple/REQUIREMENTS.md b/internal/relationtuple/REQUIREMENTS.md similarity index 100% rename from relationtuple/REQUIREMENTS.md rename to internal/relationtuple/REQUIREMENTS.md diff --git a/relationtuple/definitions.go b/internal/relationtuple/definitions.go similarity index 99% rename from relationtuple/definitions.go rename to internal/relationtuple/definitions.go index 1a36a569e..49b501645 100644 --- a/relationtuple/definitions.go +++ b/internal/relationtuple/definitions.go @@ -5,7 +5,7 @@ import ( "fmt" "strings" - "github.com/ory/keto/x" + "github.com/ory/keto/internal/x" "github.com/tidwall/gjson" diff --git a/relationtuple/grpc_server.go b/internal/relationtuple/grpc_server.go similarity index 97% rename from relationtuple/grpc_server.go rename to internal/relationtuple/grpc_server.go index ff6d4dfed..b62ad12c7 100644 --- a/relationtuple/grpc_server.go +++ b/internal/relationtuple/grpc_server.go @@ -3,7 +3,7 @@ package relationtuple import ( "context" - "github.com/ory/keto/x" + "github.com/ory/keto/internal/x" ) var _ RelationTupleServiceServer = &Server{} diff --git a/relationtuple/handler.go b/internal/relationtuple/handler.go similarity index 97% rename from relationtuple/handler.go rename to internal/relationtuple/handler.go index 8917c7f17..0b8fb1cc5 100644 --- a/relationtuple/handler.go +++ b/internal/relationtuple/handler.go @@ -9,7 +9,7 @@ import ( "github.com/ory/herodot" - "github.com/ory/keto/x" + "github.com/ory/keto/internal/x" ) type ( diff --git a/relationtuple/relationtuple.pb.go b/internal/relationtuple/relationtuple.pb.go similarity index 100% rename from relationtuple/relationtuple.pb.go rename to internal/relationtuple/relationtuple.pb.go diff --git a/relationtuple/relationtuple.proto b/internal/relationtuple/relationtuple.proto similarity index 100% rename from relationtuple/relationtuple.proto rename to internal/relationtuple/relationtuple.proto diff --git a/relationtuple/relationtuple_grpc.pb.go b/internal/relationtuple/relationtuple_grpc.pb.go similarity index 100% rename from relationtuple/relationtuple_grpc.pb.go rename to internal/relationtuple/relationtuple_grpc.pb.go diff --git a/x/pagination.go b/internal/x/pagination.go similarity index 100% rename from x/pagination.go rename to internal/x/pagination.go diff --git a/x/registry.go b/internal/x/registry.go similarity index 100% rename from x/registry.go rename to internal/x/registry.go From a2176cc5783ebea78db921958f446cbc36173e60 Mon Sep 17 00:00:00 2001 From: robinbraemer Date: Sat, 14 Nov 2020 00:16:16 +0100 Subject: [PATCH 02/21] feat: first WIP draft of the Keto APIs using bufbuild --- Makefile | 13 +- api/google/api/client.pb.go | 218 ++++++ api/google/api/client.proto | 99 +++ api/keto/README.md | 9 + api/keto/authz/admin/v1/admin_service.pb.go | 82 ++ api/keto/authz/admin/v1/admin_service.proto | 20 + .../authz/admin/v1/admin_service_grpc.pb.go | 54 ++ api/keto/authz/node/v1/node_service.pb.go | 77 ++ api/keto/authz/node/v1/node_service.proto | 28 + .../authz/node/v1/node_service_grpc.pb.go | 54 ++ api/keto/authz/v1/acl.pb.go | 454 +++++++++++ api/keto/authz/v1/acl.proto | 58 ++ api/keto/authz/v1/acl_service.pb.go | 709 ++++++++++++++++++ api/keto/authz/v1/acl_service.proto | 89 +++ api/keto/authz/v1/acl_service_grpc.pb.go | 388 ++++++++++ buf.gen.yaml | 8 + buf.yaml | 10 + 17 files changed, 2367 insertions(+), 3 deletions(-) create mode 100644 api/google/api/client.pb.go create mode 100644 api/google/api/client.proto create mode 100644 api/keto/README.md create mode 100644 api/keto/authz/admin/v1/admin_service.pb.go create mode 100644 api/keto/authz/admin/v1/admin_service.proto create mode 100644 api/keto/authz/admin/v1/admin_service_grpc.pb.go create mode 100644 api/keto/authz/node/v1/node_service.pb.go create mode 100644 api/keto/authz/node/v1/node_service.proto create mode 100644 api/keto/authz/node/v1/node_service_grpc.pb.go create mode 100644 api/keto/authz/v1/acl.pb.go create mode 100644 api/keto/authz/v1/acl.proto create mode 100644 api/keto/authz/v1/acl_service.pb.go create mode 100644 api/keto/authz/v1/acl_service.proto create mode 100644 api/keto/authz/v1/acl_service_grpc.pb.go create mode 100644 buf.gen.yaml create mode 100644 buf.yaml diff --git a/Makefile b/Makefile index 12d4ba5b0..0028d62ba 100644 --- a/Makefile +++ b/Makefile @@ -64,6 +64,13 @@ docker: deps rm keto packr clean -.PHONY: gen-protobuf -gen-protobuf: - protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative relationtuple/*.proto +.PHONY: buf-gen +buf-gen: + buf generate + +.PHONY: gen-client +gen-client: + echo "TODO: generate gapic client at ./client" + +.PHONY: gen-api +gen-api: buf-gen gen-client \ No newline at end of file diff --git a/api/google/api/client.pb.go b/api/google/api/client.pb.go new file mode 100644 index 000000000..e7928010b --- /dev/null +++ b/api/google/api/client.pb.go @@ -0,0 +1,218 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.25.0 +// protoc v3.13.0 +// source: google/api/client.proto + +package annotations + +import ( + proto "github.com/golang/protobuf/proto" + descriptor "github.com/golang/protobuf/protoc-gen-go/descriptor" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 + +var file_google_api_client_proto_extTypes = []protoimpl.ExtensionInfo{ + { + ExtendedType: (*descriptor.MethodOptions)(nil), + ExtensionType: ([]string)(nil), + Field: 1051, + Name: "google.api.method_signature", + Tag: "bytes,1051,rep,name=method_signature", + Filename: "google/api/client.proto", + }, + { + ExtendedType: (*descriptor.ServiceOptions)(nil), + ExtensionType: (*string)(nil), + Field: 1049, + Name: "google.api.default_host", + Tag: "bytes,1049,opt,name=default_host", + Filename: "google/api/client.proto", + }, + { + ExtendedType: (*descriptor.ServiceOptions)(nil), + ExtensionType: (*string)(nil), + Field: 1050, + Name: "google.api.oauth_scopes", + Tag: "bytes,1050,opt,name=oauth_scopes", + Filename: "google/api/client.proto", + }, +} + +// Extension fields to descriptor.MethodOptions. +var ( + // A definition of a client library method signature. + // + // In client libraries, each proto RPC corresponds to one or more methods + // which the end user is able to call, and calls the underlying RPC. + // Normally, this method receives a single argument (a struct or instance + // corresponding to the RPC request object). Defining this field will + // add one or more overloads providing flattened or simpler method signatures + // in some languages. + // + // The fields on the method signature are provided as a comma-separated + // string. + // + // For example, the proto RPC and annotation: + // + // rpc CreateSubscription(CreateSubscriptionRequest) + // returns (Subscription) { + // option (google.api.method_signature) = "name,topic"; + // } + // + // Would add the following Java overload (in addition to the method accepting + // the request object): + // + // public final Subscription createSubscription(String name, String topic) + // + // The following backwards-compatibility guidelines apply: + // + // * Adding this annotation to an unannotated method is backwards + // compatible. + // * Adding this annotation to a method which already has existing + // method signature annotations is backwards compatible if and only if + // the new method signature annotation is last in the sequence. + // * Modifying or removing an existing method signature annotation is + // a breaking change. + // * Re-ordering existing method signature annotations is a breaking + // change. + // + // repeated string method_signature = 1051; + E_MethodSignature = &file_google_api_client_proto_extTypes[0] +) + +// Extension fields to descriptor.ServiceOptions. +var ( + // The hostname for this service. + // This should be specified with no prefix or protocol. + // + // Example: + // + // service Foo { + // option (google.api.default_host) = "foo.googleapi.com"; + // ... + // } + // + // optional string default_host = 1049; + E_DefaultHost = &file_google_api_client_proto_extTypes[1] + // OAuth scopes needed for the client. + // + // Example: + // + // service Foo { + // option (google.api.oauth_scopes) = \ + // "https://www.googleapis.com/auth/cloud-platform"; + // ... + // } + // + // If there is more than one scope, use a comma-separated string: + // + // Example: + // + // service Foo { + // option (google.api.oauth_scopes) = \ + // "https://www.googleapis.com/auth/cloud-platform," + // "https://www.googleapis.com/auth/monitoring"; + // ... + // } + // + // optional string oauth_scopes = 1050; + E_OauthScopes = &file_google_api_client_proto_extTypes[2] +) + +var File_google_api_client_proto protoreflect.FileDescriptor + +var file_google_api_client_proto_rawDesc = []byte{ + 0x0a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0a, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x61, 0x70, 0x69, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, + 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x3a, 0x4a, 0x0a, 0x10, 0x6d, 0x65, 0x74, 0x68, 0x6f, + 0x64, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x12, 0x1e, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, + 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9b, 0x08, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x0f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, + 0x75, 0x72, 0x65, 0x3a, 0x43, 0x0a, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x68, + 0x6f, 0x73, 0x74, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x99, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x66, + 0x61, 0x75, 0x6c, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x3a, 0x43, 0x0a, 0x0c, 0x6f, 0x61, 0x75, 0x74, + 0x68, 0x5f, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9a, 0x08, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0b, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x42, 0x69, 0x0a, + 0x0e, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x42, + 0x0b, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x41, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, + 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x3b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0xa2, 0x02, 0x04, 0x47, 0x41, 0x50, 0x49, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var file_google_api_client_proto_goTypes = []interface{}{ + (*descriptor.MethodOptions)(nil), // 0: google.protobuf.MethodOptions + (*descriptor.ServiceOptions)(nil), // 1: google.protobuf.ServiceOptions +} +var file_google_api_client_proto_depIdxs = []int32{ + 0, // 0: google.api.method_signature:extendee -> google.protobuf.MethodOptions + 1, // 1: google.api.default_host:extendee -> google.protobuf.ServiceOptions + 1, // 2: google.api.oauth_scopes:extendee -> google.protobuf.ServiceOptions + 3, // [3:3] is the sub-list for method output_type + 3, // [3:3] is the sub-list for method input_type + 3, // [3:3] is the sub-list for extension type_name + 0, // [0:3] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_google_api_client_proto_init() } +func file_google_api_client_proto_init() { + if File_google_api_client_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_google_api_client_proto_rawDesc, + NumEnums: 0, + NumMessages: 0, + NumExtensions: 3, + NumServices: 0, + }, + GoTypes: file_google_api_client_proto_goTypes, + DependencyIndexes: file_google_api_client_proto_depIdxs, + ExtensionInfos: file_google_api_client_proto_extTypes, + }.Build() + File_google_api_client_proto = out.File + file_google_api_client_proto_rawDesc = nil + file_google_api_client_proto_goTypes = nil + file_google_api_client_proto_depIdxs = nil +} diff --git a/api/google/api/client.proto b/api/google/api/client.proto new file mode 100644 index 000000000..7baa4457d --- /dev/null +++ b/api/google/api/client.proto @@ -0,0 +1,99 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.api; + +import "google/protobuf/descriptor.proto"; + +option go_package = "google.golang.org/genproto/googleapis/api/annotations;annotations"; +option java_multiple_files = true; +option java_outer_classname = "ClientProto"; +option java_package = "com.google.api"; +option objc_class_prefix = "GAPI"; + +extend google.protobuf.MethodOptions { + // A definition of a client library method signature. + // + // In client libraries, each proto RPC corresponds to one or more methods + // which the end user is able to call, and calls the underlying RPC. + // Normally, this method receives a single argument (a struct or instance + // corresponding to the RPC request object). Defining this field will + // add one or more overloads providing flattened or simpler method signatures + // in some languages. + // + // The fields on the method signature are provided as a comma-separated + // string. + // + // For example, the proto RPC and annotation: + // + // rpc CreateSubscription(CreateSubscriptionRequest) + // returns (Subscription) { + // option (google.api.method_signature) = "name,topic"; + // } + // + // Would add the following Java overload (in addition to the method accepting + // the request object): + // + // public final Subscription createSubscription(String name, String topic) + // + // The following backwards-compatibility guidelines apply: + // + // * Adding this annotation to an unannotated method is backwards + // compatible. + // * Adding this annotation to a method which already has existing + // method signature annotations is backwards compatible if and only if + // the new method signature annotation is last in the sequence. + // * Modifying or removing an existing method signature annotation is + // a breaking change. + // * Re-ordering existing method signature annotations is a breaking + // change. + repeated string method_signature = 1051; +} + +extend google.protobuf.ServiceOptions { + // The hostname for this service. + // This should be specified with no prefix or protocol. + // + // Example: + // + // service Foo { + // option (google.api.default_host) = "foo.googleapi.com"; + // ... + // } + string default_host = 1049; + + // OAuth scopes needed for the client. + // + // Example: + // + // service Foo { + // option (google.api.oauth_scopes) = \ + // "https://www.googleapis.com/auth/cloud-platform"; + // ... + // } + // + // If there is more than one scope, use a comma-separated string: + // + // Example: + // + // service Foo { + // option (google.api.oauth_scopes) = \ + // "https://www.googleapis.com/auth/cloud-platform," + // "https://www.googleapis.com/auth/monitoring"; + // ... + // } + string oauth_scopes = 1050; +} \ No newline at end of file diff --git a/api/keto/README.md b/api/keto/README.md new file mode 100644 index 000000000..d24deb202 --- /dev/null +++ b/api/keto/README.md @@ -0,0 +1,9 @@ +# Note + +ORY Keto is still a `sandbox` project. +This makes the included api version `v1` subject +to have breaking changes until the `v1.0.0` release of Keto! + +> - AuthZ – **Authorization** is establishing privilege +> - AuthN – Authentication is establishing the identity, which Keto does not do. +> - See [ORY Hydra](https://github.com/ory/hydra). diff --git a/api/keto/authz/admin/v1/admin_service.pb.go b/api/keto/authz/admin/v1/admin_service.pb.go new file mode 100644 index 000000000..0c658d613 --- /dev/null +++ b/api/keto/authz/admin/v1/admin_service.pb.go @@ -0,0 +1,82 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.25.0 +// protoc v3.13.0 +// source: keto/authz/admin/v1/admin_service.proto + +package admin + +import ( + proto "github.com/golang/protobuf/proto" + _ "google.golang.org/genproto/googleapis/api/annotations" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 + +var File_keto_authz_admin_v1_admin_service_proto protoreflect.FileDescriptor + +var file_keto_authz_admin_v1_admin_service_proto_rawDesc = []byte{ + 0x0a, 0x27, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2f, 0x61, 0x64, 0x6d, + 0x69, 0x6e, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x5f, 0x73, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x6b, 0x65, 0x74, 0x6f, 0x2e, + 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x76, 0x31, 0x1a, 0x17, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, + 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x32, 0x27, 0x0a, 0x0c, 0x41, 0x64, 0x6d, 0x69, 0x6e, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, + 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, + 0x42, 0x91, 0x01, 0x0a, 0x1a, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, + 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x76, 0x31, 0x42, + 0x0a, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x31, 0x67, + 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, + 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, + 0x7a, 0x2f, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x64, 0x6d, 0x69, 0x6e, + 0xaa, 0x02, 0x17, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x75, 0x74, 0x68, + 0x7a, 0x2e, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x17, 0x4f, 0x72, 0x79, + 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x5c, 0x41, 0x64, 0x6d, 0x69, + 0x6e, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var file_keto_authz_admin_v1_admin_service_proto_goTypes = []interface{}{} +var file_keto_authz_admin_v1_admin_service_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_keto_authz_admin_v1_admin_service_proto_init() } +func file_keto_authz_admin_v1_admin_service_proto_init() { + if File_keto_authz_admin_v1_admin_service_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_keto_authz_admin_v1_admin_service_proto_rawDesc, + NumEnums: 0, + NumMessages: 0, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_keto_authz_admin_v1_admin_service_proto_goTypes, + DependencyIndexes: file_keto_authz_admin_v1_admin_service_proto_depIdxs, + }.Build() + File_keto_authz_admin_v1_admin_service_proto = out.File + file_keto_authz_admin_v1_admin_service_proto_rawDesc = nil + file_keto_authz_admin_v1_admin_service_proto_goTypes = nil + file_keto_authz_admin_v1_admin_service_proto_depIdxs = nil +} diff --git a/api/keto/authz/admin/v1/admin_service.proto b/api/keto/authz/admin/v1/admin_service.proto new file mode 100644 index 000000000..4f931f50f --- /dev/null +++ b/api/keto/authz/admin/v1/admin_service.proto @@ -0,0 +1,20 @@ +syntax = "proto3"; + +package keto.authz.admin.v1; + +import "google/api/client.proto"; + +option go_package = "github.com/ory/keto/api/keto/authz/admin/v1;admin"; +option csharp_namespace = "Ory.Keto.Authz.Admin.V1"; +option java_multiple_files = true; +option java_outer_classname = "AdminProto"; +option java_package = "sh.ory.keto.authz.admin.v1"; +option php_namespace = "Ory\\Keto\\Authz\\Admin\\V1"; + +// The admin service for doing administrative tasks in the ACL system. +service AdminService { + option (google.api.default_host) = "keto.exampleapis.com"; + + // ...RPCs are coming here in (near) future... +} + diff --git a/api/keto/authz/admin/v1/admin_service_grpc.pb.go b/api/keto/authz/admin/v1/admin_service_grpc.pb.go new file mode 100644 index 000000000..54e9018ef --- /dev/null +++ b/api/keto/authz/admin/v1/admin_service_grpc.pb.go @@ -0,0 +1,54 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. + +package admin + +import ( + grpc "google.golang.org/grpc" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion7 + +// AdminServiceClient is the client API for AdminService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type AdminServiceClient interface { +} + +type adminServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewAdminServiceClient(cc grpc.ClientConnInterface) AdminServiceClient { + return &adminServiceClient{cc} +} + +// AdminServiceServer is the server API for AdminService service. +// All implementations should embed UnimplementedAdminServiceServer +// for forward compatibility +type AdminServiceServer interface { +} + +// UnimplementedAdminServiceServer should be embedded to have forward compatible implementations. +type UnimplementedAdminServiceServer struct { +} + +// UnsafeAdminServiceServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to AdminServiceServer will +// result in compilation errors. +type UnsafeAdminServiceServer interface { + mustEmbedUnimplementedAdminServiceServer() +} + +func RegisterAdminServiceServer(s grpc.ServiceRegistrar, srv AdminServiceServer) { + s.RegisterService(&_AdminService_serviceDesc, srv) +} + +var _AdminService_serviceDesc = grpc.ServiceDesc{ + ServiceName: "keto.authz.admin.v1.AdminService", + HandlerType: (*AdminServiceServer)(nil), + Methods: []grpc.MethodDesc{}, + Streams: []grpc.StreamDesc{}, + Metadata: "keto/authz/admin/v1/admin_service.proto", +} diff --git a/api/keto/authz/node/v1/node_service.pb.go b/api/keto/authz/node/v1/node_service.pb.go new file mode 100644 index 000000000..ca64f16c3 --- /dev/null +++ b/api/keto/authz/node/v1/node_service.pb.go @@ -0,0 +1,77 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.25.0 +// protoc v3.13.0 +// source: keto/authz/node/v1/node_service.proto + +package node + +import ( + proto "github.com/golang/protobuf/proto" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 + +var File_keto_authz_node_v1_node_service_proto protoreflect.FileDescriptor + +var file_keto_authz_node_v1_node_service_proto_rawDesc = []byte{ + 0x0a, 0x25, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2f, 0x6e, 0x6f, 0x64, + 0x65, 0x2f, 0x76, 0x31, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, + 0x74, 0x68, 0x7a, 0x2e, 0x6e, 0x6f, 0x64, 0x65, 0x2e, 0x76, 0x31, 0x32, 0x0d, 0x0a, 0x0b, 0x4e, + 0x6f, 0x64, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x42, 0x8b, 0x01, 0x0a, 0x19, 0x73, + 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, + 0x2e, 0x6e, 0x6f, 0x64, 0x65, 0x2e, 0x76, 0x31, 0x42, 0x09, 0x4e, 0x6f, 0x64, 0x65, 0x50, 0x72, + 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, + 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, + 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2f, 0x76, + 0x31, 0x3b, 0x6e, 0x6f, 0x64, 0x65, 0xaa, 0x02, 0x16, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, + 0x6f, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x2e, 0x56, 0x31, 0xca, + 0x02, 0x16, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x75, 0x74, 0x68, 0x7a, + 0x5c, 0x4e, 0x6f, 0x64, 0x65, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var file_keto_authz_node_v1_node_service_proto_goTypes = []interface{}{} +var file_keto_authz_node_v1_node_service_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_keto_authz_node_v1_node_service_proto_init() } +func file_keto_authz_node_v1_node_service_proto_init() { + if File_keto_authz_node_v1_node_service_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_keto_authz_node_v1_node_service_proto_rawDesc, + NumEnums: 0, + NumMessages: 0, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_keto_authz_node_v1_node_service_proto_goTypes, + DependencyIndexes: file_keto_authz_node_v1_node_service_proto_depIdxs, + }.Build() + File_keto_authz_node_v1_node_service_proto = out.File + file_keto_authz_node_v1_node_service_proto_rawDesc = nil + file_keto_authz_node_v1_node_service_proto_goTypes = nil + file_keto_authz_node_v1_node_service_proto_depIdxs = nil +} diff --git a/api/keto/authz/node/v1/node_service.proto b/api/keto/authz/node/v1/node_service.proto new file mode 100644 index 000000000..4537b1eac --- /dev/null +++ b/api/keto/authz/node/v1/node_service.proto @@ -0,0 +1,28 @@ +syntax = "proto3"; + +package keto.authz.node.v1; + +option go_package = "github.com/ory/keto/api/keto/authz/node/v1;node"; +option csharp_namespace = "Ory.Keto.Authz.Node.V1"; +option java_multiple_files = true; +option java_outer_classname = "NodeProto"; +option java_package = "sh.ory.keto.authz.node.v1"; +option php_namespace = "Ory\\Keto\\Authz\\Node\\V1"; + +// The internal service for intercommunication +// between ACL servers in a cluster. +// +// Implementing this service principally allows any program +// in the network to participate as a node in an ACL cluster. +service NodeService { + // ...RPCs for inter-node-communication are coming here... + // + // e.g.: + // - the expand API to load off deep checks to other nodes + // - we can attach meta to CheckResponses to gain greater knowledge of relationships + // and measure statistics to integrate with Prometheus and Grafana + // - schema node election + // - replace groupcache's normal http server with protobuf grpc protocol!!! + // - https://github.com/mailgun/groupcache/blob/8672aac324c41ba3909ad69e1a76b678894d378b/http.go#L160 +} + diff --git a/api/keto/authz/node/v1/node_service_grpc.pb.go b/api/keto/authz/node/v1/node_service_grpc.pb.go new file mode 100644 index 000000000..d9d515abb --- /dev/null +++ b/api/keto/authz/node/v1/node_service_grpc.pb.go @@ -0,0 +1,54 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. + +package node + +import ( + grpc "google.golang.org/grpc" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion7 + +// NodeServiceClient is the client API for NodeService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type NodeServiceClient interface { +} + +type nodeServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewNodeServiceClient(cc grpc.ClientConnInterface) NodeServiceClient { + return &nodeServiceClient{cc} +} + +// NodeServiceServer is the server API for NodeService service. +// All implementations should embed UnimplementedNodeServiceServer +// for forward compatibility +type NodeServiceServer interface { +} + +// UnimplementedNodeServiceServer should be embedded to have forward compatible implementations. +type UnimplementedNodeServiceServer struct { +} + +// UnsafeNodeServiceServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to NodeServiceServer will +// result in compilation errors. +type UnsafeNodeServiceServer interface { + mustEmbedUnimplementedNodeServiceServer() +} + +func RegisterNodeServiceServer(s grpc.ServiceRegistrar, srv NodeServiceServer) { + s.RegisterService(&_NodeService_serviceDesc, srv) +} + +var _NodeService_serviceDesc = grpc.ServiceDesc{ + ServiceName: "keto.authz.node.v1.NodeService", + HandlerType: (*NodeServiceServer)(nil), + Methods: []grpc.MethodDesc{}, + Streams: []grpc.StreamDesc{}, + Metadata: "keto/authz/node/v1/node_service.proto", +} diff --git a/api/keto/authz/v1/acl.pb.go b/api/keto/authz/v1/acl.pb.go new file mode 100644 index 000000000..c7daf7d69 --- /dev/null +++ b/api/keto/authz/v1/acl.pb.go @@ -0,0 +1,454 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.25.0 +// protoc v3.13.0 +// source: keto/authz/v1/acl.proto + +package authz + +import ( + proto "github.com/golang/protobuf/proto" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 + +// RelationTuple relates an Object with a Subject. +// +// While a tuple reflects a relationship between Object +// and Subject, they do not completely define the effective ACLs. +type RelationTuple struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The object related by this tuple. + Object *Object `protobuf:"bytes,1,opt,name=object,proto3" json:"object,omitempty"` + // The relation between an Object and a Subject. + Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` + // The subject related by this tuple. + // It either is a concrete subject id or + // or a subject set expanding to more Subjects. + Subject *Subject `protobuf:"bytes,3,opt,name=subject,proto3" json:"subject,omitempty"` +} + +func (x *RelationTuple) Reset() { + *x = RelationTuple{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_authz_v1_acl_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RelationTuple) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RelationTuple) ProtoMessage() {} + +func (x *RelationTuple) ProtoReflect() protoreflect.Message { + mi := &file_keto_authz_v1_acl_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RelationTuple.ProtoReflect.Descriptor instead. +func (*RelationTuple) Descriptor() ([]byte, []int) { + return file_keto_authz_v1_acl_proto_rawDescGZIP(), []int{0} +} + +func (x *RelationTuple) GetObject() *Object { + if x != nil { + return x.Object + } + return nil +} + +func (x *RelationTuple) GetRelation() string { + if x != nil { + return x.Relation + } + return "" +} + +func (x *RelationTuple) GetSubject() *Subject { + if x != nil { + return x.Subject + } + return nil +} + +// Object is an object in a namespace +// referenced by a RelationTuple or SubjectSet. +// +// It represents a "resource" or "digital object". +type Object struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The namespace of the object. + // This effectively is the namespace of the whole RelationTuple. + Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` + // The object id. + Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` +} + +func (x *Object) Reset() { + *x = Object{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_authz_v1_acl_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Object) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Object) ProtoMessage() {} + +func (x *Object) ProtoReflect() protoreflect.Message { + mi := &file_keto_authz_v1_acl_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Object.ProtoReflect.Descriptor instead. +func (*Object) Descriptor() ([]byte, []int) { + return file_keto_authz_v1_acl_proto_rawDescGZIP(), []int{1} +} + +func (x *Object) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + +func (x *Object) GetId() string { + if x != nil { + return x.Id + } + return "" +} + +// Subject is either a concrete subject id or +// a subject set expanding to more Subjects. +type Subject struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Types that are assignable to Type: + // *Subject_SubjectId + // *Subject_SubjectSet + Type isSubject_Type `protobuf_oneof:"type"` +} + +func (x *Subject) Reset() { + *x = Subject{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_authz_v1_acl_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Subject) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Subject) ProtoMessage() {} + +func (x *Subject) ProtoReflect() protoreflect.Message { + mi := &file_keto_authz_v1_acl_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Subject.ProtoReflect.Descriptor instead. +func (*Subject) Descriptor() ([]byte, []int) { + return file_keto_authz_v1_acl_proto_rawDescGZIP(), []int{2} +} + +func (m *Subject) GetType() isSubject_Type { + if m != nil { + return m.Type + } + return nil +} + +func (x *Subject) GetSubjectId() string { + if x, ok := x.GetType().(*Subject_SubjectId); ok { + return x.SubjectId + } + return "" +} + +func (x *Subject) GetSubjectSet() *SubjectSet { + if x, ok := x.GetType().(*Subject_SubjectSet); ok { + return x.SubjectSet + } + return nil +} + +type isSubject_Type interface { + isSubject_Type() +} + +type Subject_SubjectId struct { + // The concrete id of the subject. + SubjectId string `protobuf:"bytes,1,opt,name=subject_id,json=subjectId,proto3,oneof"` +} + +type Subject_SubjectSet struct { + // The subject set that expands to more Subjects. + SubjectSet *SubjectSet `protobuf:"bytes,2,opt,name=subject_set,json=subjectSet,proto3,oneof"` +} + +func (*Subject_SubjectId) isSubject_Type() {} + +func (*Subject_SubjectSet) isSubject_Type() {} + +// SubjectSet refers to all subjects which have +// the same `relation` to an `object`. +type SubjectSet struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The object selected by the subjects. + Object *Object `protobuf:"bytes,1,opt,name=object,proto3" json:"object,omitempty"` + // The relation to the object by the subjects. + Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` +} + +func (x *SubjectSet) Reset() { + *x = SubjectSet{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_authz_v1_acl_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SubjectSet) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SubjectSet) ProtoMessage() {} + +func (x *SubjectSet) ProtoReflect() protoreflect.Message { + mi := &file_keto_authz_v1_acl_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SubjectSet.ProtoReflect.Descriptor instead. +func (*SubjectSet) Descriptor() ([]byte, []int) { + return file_keto_authz_v1_acl_proto_rawDescGZIP(), []int{3} +} + +func (x *SubjectSet) GetObject() *Object { + if x != nil { + return x.Object + } + return nil +} + +func (x *SubjectSet) GetRelation() string { + if x != nil { + return x.Relation + } + return "" +} + +var File_keto_authz_v1_acl_proto protoreflect.FileDescriptor + +var file_keto_authz_v1_acl_proto_rawDesc = []byte{ + 0x0a, 0x17, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2f, 0x76, 0x31, 0x2f, + 0x61, 0x63, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0d, 0x6b, 0x65, 0x74, 0x6f, 0x2e, + 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x22, 0x8c, 0x01, 0x0a, 0x0d, 0x52, 0x65, 0x6c, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x12, 0x2d, 0x0a, 0x06, 0x6f, 0x62, + 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x6b, 0x65, 0x74, + 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, + 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x30, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, + 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x07, + 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x22, 0x36, 0x0a, 0x06, 0x4f, 0x62, 0x6a, 0x65, 0x63, + 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, + 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x22, + 0x70, 0x0a, 0x07, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1f, 0x0a, 0x0a, 0x73, 0x75, + 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, + 0x52, 0x09, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x3c, 0x0a, 0x0b, 0x73, + 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x19, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, + 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x48, 0x00, 0x52, 0x0a, 0x73, + 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x42, 0x06, 0x0a, 0x04, 0x74, 0x79, 0x70, + 0x65, 0x22, 0x57, 0x0a, 0x0a, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x12, + 0x2d, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x15, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, + 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, + 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x79, 0x0a, 0x14, 0x73, 0x68, + 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, + 0x76, 0x31, 0x42, 0x0a, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, + 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, + 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, + 0x75, 0x74, 0x68, 0x7a, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x75, 0x74, 0x68, 0x7a, 0xaa, 0x02, 0x11, + 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x56, + 0x31, 0xca, 0x02, 0x11, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x75, 0x74, + 0x68, 0x7a, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_keto_authz_v1_acl_proto_rawDescOnce sync.Once + file_keto_authz_v1_acl_proto_rawDescData = file_keto_authz_v1_acl_proto_rawDesc +) + +func file_keto_authz_v1_acl_proto_rawDescGZIP() []byte { + file_keto_authz_v1_acl_proto_rawDescOnce.Do(func() { + file_keto_authz_v1_acl_proto_rawDescData = protoimpl.X.CompressGZIP(file_keto_authz_v1_acl_proto_rawDescData) + }) + return file_keto_authz_v1_acl_proto_rawDescData +} + +var file_keto_authz_v1_acl_proto_msgTypes = make([]protoimpl.MessageInfo, 4) +var file_keto_authz_v1_acl_proto_goTypes = []interface{}{ + (*RelationTuple)(nil), // 0: keto.authz.v1.RelationTuple + (*Object)(nil), // 1: keto.authz.v1.Object + (*Subject)(nil), // 2: keto.authz.v1.Subject + (*SubjectSet)(nil), // 3: keto.authz.v1.SubjectSet +} +var file_keto_authz_v1_acl_proto_depIdxs = []int32{ + 1, // 0: keto.authz.v1.RelationTuple.object:type_name -> keto.authz.v1.Object + 2, // 1: keto.authz.v1.RelationTuple.subject:type_name -> keto.authz.v1.Subject + 3, // 2: keto.authz.v1.Subject.subject_set:type_name -> keto.authz.v1.SubjectSet + 1, // 3: keto.authz.v1.SubjectSet.object:type_name -> keto.authz.v1.Object + 4, // [4:4] is the sub-list for method output_type + 4, // [4:4] is the sub-list for method input_type + 4, // [4:4] is the sub-list for extension type_name + 4, // [4:4] is the sub-list for extension extendee + 0, // [0:4] is the sub-list for field type_name +} + +func init() { file_keto_authz_v1_acl_proto_init() } +func file_keto_authz_v1_acl_proto_init() { + if File_keto_authz_v1_acl_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_keto_authz_v1_acl_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RelationTuple); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_authz_v1_acl_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Object); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_authz_v1_acl_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Subject); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_authz_v1_acl_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SubjectSet); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + file_keto_authz_v1_acl_proto_msgTypes[2].OneofWrappers = []interface{}{ + (*Subject_SubjectId)(nil), + (*Subject_SubjectSet)(nil), + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_keto_authz_v1_acl_proto_rawDesc, + NumEnums: 0, + NumMessages: 4, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_keto_authz_v1_acl_proto_goTypes, + DependencyIndexes: file_keto_authz_v1_acl_proto_depIdxs, + MessageInfos: file_keto_authz_v1_acl_proto_msgTypes, + }.Build() + File_keto_authz_v1_acl_proto = out.File + file_keto_authz_v1_acl_proto_rawDesc = nil + file_keto_authz_v1_acl_proto_goTypes = nil + file_keto_authz_v1_acl_proto_depIdxs = nil +} diff --git a/api/keto/authz/v1/acl.proto b/api/keto/authz/v1/acl.proto new file mode 100644 index 000000000..062c62092 --- /dev/null +++ b/api/keto/authz/v1/acl.proto @@ -0,0 +1,58 @@ +syntax = "proto3"; + +package keto.authz.v1; + +option go_package = "github.com/ory/keto/api/keto/authz/v1;authz"; +option csharp_namespace = "Ory.Keto.Authz.V1"; +option java_multiple_files = true; +option java_outer_classname = "AuthzProto"; +option java_package = "sh.ory.keto.authz.v1"; +option php_namespace = "Ory\\Keto\\Authz\\V1"; + + +// RelationTuple relates an Object with a Subject. +// +// While a tuple reflects a relationship between Object +// and Subject, they do not completely define the effective ACLs. +message RelationTuple { + // The object related by this tuple. + Object object = 1; + // The relation between an Object and a Subject. + string relation = 2; + // The subject related by this tuple. + // It either is a concrete subject id or + // or a subject set expanding to more Subjects. + Subject subject = 3; +} + +// Object is an object in a namespace +// referenced by a RelationTuple or SubjectSet. +// +// It represents a "resource" or "digital object". +message Object { + // The namespace of the object. + // This effectively is the namespace of the whole RelationTuple. + string namespace = 1; + // The object id. + string id = 2; +} + +// Subject is either a concrete subject id or +// a subject set expanding to more Subjects. +message Subject { + oneof type { + // The concrete id of the subject. + string subject_id = 1; + // The subject set that expands to more Subjects. + SubjectSet subject_set = 2; + } +} + +// SubjectSet refers to all subjects which have +// the same `relation` to an `object`. +message SubjectSet { + // The object selected by the subjects. + Object object = 1; + // The relation to the object by the subjects. + string relation = 2; +} diff --git a/api/keto/authz/v1/acl_service.pb.go b/api/keto/authz/v1/acl_service.pb.go new file mode 100644 index 000000000..80d8f3886 --- /dev/null +++ b/api/keto/authz/v1/acl_service.pb.go @@ -0,0 +1,709 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.25.0 +// protoc v3.13.0 +// source: keto/authz/v1/acl_service.proto + +package authz + +import ( + proto "github.com/golang/protobuf/proto" + _ "google.golang.org/genproto/googleapis/api/annotations" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 + +type CheckRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The related object in this check. + Object *Object `protobuf:"bytes,1,opt,name=object,proto3" json:"object,omitempty"` + // The relation this check. + Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` + // The concrete subject id to check. + SubjectId string `protobuf:"bytes,3,opt,name=subject_id,json=subjectId,proto3" json:"subject_id,omitempty"` +} + +func (x *CheckRequest) Reset() { + *x = CheckRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_authz_v1_acl_service_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CheckRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CheckRequest) ProtoMessage() {} + +func (x *CheckRequest) ProtoReflect() protoreflect.Message { + mi := &file_keto_authz_v1_acl_service_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CheckRequest.ProtoReflect.Descriptor instead. +func (*CheckRequest) Descriptor() ([]byte, []int) { + return file_keto_authz_v1_acl_service_proto_rawDescGZIP(), []int{0} +} + +func (x *CheckRequest) GetObject() *Object { + if x != nil { + return x.Object + } + return nil +} + +func (x *CheckRequest) GetRelation() string { + if x != nil { + return x.Relation + } + return "" +} + +func (x *CheckRequest) GetSubjectId() string { + if x != nil { + return x.SubjectId + } + return "" +} + +type CheckResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // True if the specified subject id + // is related to the requested Object. + Allowed bool `protobuf:"varint,1,opt,name=allowed,proto3" json:"allowed,omitempty"` +} + +func (x *CheckResponse) Reset() { + *x = CheckResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_authz_v1_acl_service_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CheckResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CheckResponse) ProtoMessage() {} + +func (x *CheckResponse) ProtoReflect() protoreflect.Message { + mi := &file_keto_authz_v1_acl_service_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CheckResponse.ProtoReflect.Descriptor instead. +func (*CheckResponse) Descriptor() ([]byte, []int) { + return file_keto_authz_v1_acl_service_proto_rawDescGZIP(), []int{1} +} + +func (x *CheckResponse) GetAllowed() bool { + if x != nil { + return x.Allowed + } + return false +} + +type ReadRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *ReadRequest) Reset() { + *x = ReadRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_authz_v1_acl_service_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ReadRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ReadRequest) ProtoMessage() {} + +func (x *ReadRequest) ProtoReflect() protoreflect.Message { + mi := &file_keto_authz_v1_acl_service_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ReadRequest.ProtoReflect.Descriptor instead. +func (*ReadRequest) Descriptor() ([]byte, []int) { + return file_keto_authz_v1_acl_service_proto_rawDescGZIP(), []int{2} +} + +type ReadResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *ReadResponse) Reset() { + *x = ReadResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_authz_v1_acl_service_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ReadResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ReadResponse) ProtoMessage() {} + +func (x *ReadResponse) ProtoReflect() protoreflect.Message { + mi := &file_keto_authz_v1_acl_service_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ReadResponse.ProtoReflect.Descriptor instead. +func (*ReadResponse) Descriptor() ([]byte, []int) { + return file_keto_authz_v1_acl_service_proto_rawDescGZIP(), []int{3} +} + +type WatchRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *WatchRequest) Reset() { + *x = WatchRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_authz_v1_acl_service_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *WatchRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WatchRequest) ProtoMessage() {} + +func (x *WatchRequest) ProtoReflect() protoreflect.Message { + mi := &file_keto_authz_v1_acl_service_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WatchRequest.ProtoReflect.Descriptor instead. +func (*WatchRequest) Descriptor() ([]byte, []int) { + return file_keto_authz_v1_acl_service_proto_rawDescGZIP(), []int{4} +} + +type WatchResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *WatchResponse) Reset() { + *x = WatchResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_authz_v1_acl_service_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *WatchResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WatchResponse) ProtoMessage() {} + +func (x *WatchResponse) ProtoReflect() protoreflect.Message { + mi := &file_keto_authz_v1_acl_service_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WatchResponse.ProtoReflect.Descriptor instead. +func (*WatchResponse) Descriptor() ([]byte, []int) { + return file_keto_authz_v1_acl_service_proto_rawDescGZIP(), []int{5} +} + +type WriteRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *WriteRequest) Reset() { + *x = WriteRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_authz_v1_acl_service_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *WriteRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WriteRequest) ProtoMessage() {} + +func (x *WriteRequest) ProtoReflect() protoreflect.Message { + mi := &file_keto_authz_v1_acl_service_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WriteRequest.ProtoReflect.Descriptor instead. +func (*WriteRequest) Descriptor() ([]byte, []int) { + return file_keto_authz_v1_acl_service_proto_rawDescGZIP(), []int{6} +} + +type WriteResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *WriteResponse) Reset() { + *x = WriteResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_authz_v1_acl_service_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *WriteResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WriteResponse) ProtoMessage() {} + +func (x *WriteResponse) ProtoReflect() protoreflect.Message { + mi := &file_keto_authz_v1_acl_service_proto_msgTypes[7] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WriteResponse.ProtoReflect.Descriptor instead. +func (*WriteResponse) Descriptor() ([]byte, []int) { + return file_keto_authz_v1_acl_service_proto_rawDescGZIP(), []int{7} +} + +type DeleteRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *DeleteRequest) Reset() { + *x = DeleteRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_authz_v1_acl_service_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DeleteRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DeleteRequest) ProtoMessage() {} + +func (x *DeleteRequest) ProtoReflect() protoreflect.Message { + mi := &file_keto_authz_v1_acl_service_proto_msgTypes[8] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DeleteRequest.ProtoReflect.Descriptor instead. +func (*DeleteRequest) Descriptor() ([]byte, []int) { + return file_keto_authz_v1_acl_service_proto_rawDescGZIP(), []int{8} +} + +type DeleteResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *DeleteResponse) Reset() { + *x = DeleteResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_authz_v1_acl_service_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DeleteResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DeleteResponse) ProtoMessage() {} + +func (x *DeleteResponse) ProtoReflect() protoreflect.Message { + mi := &file_keto_authz_v1_acl_service_proto_msgTypes[9] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DeleteResponse.ProtoReflect.Descriptor instead. +func (*DeleteResponse) Descriptor() ([]byte, []int) { + return file_keto_authz_v1_acl_service_proto_rawDescGZIP(), []int{9} +} + +var File_keto_authz_v1_acl_service_proto protoreflect.FileDescriptor + +var file_keto_authz_v1_acl_service_proto_rawDesc = []byte{ + 0x0a, 0x1f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2f, 0x76, 0x31, 0x2f, + 0x61, 0x63, 0x6c, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x12, 0x0d, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, + 0x1a, 0x17, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2f, 0x76, 0x31, 0x2f, + 0x61, 0x63, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x22, 0x78, 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x12, 0x2d, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, + 0x76, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, + 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1d, 0x0a, + 0x0a, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x09, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x22, 0x29, 0x0a, 0x0d, + 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, + 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, + 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x22, 0x0d, 0x0a, 0x0b, 0x52, 0x65, 0x61, 0x64, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0e, 0x0a, 0x0c, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x0e, 0x0a, 0x0c, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0f, 0x0a, 0x0d, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x0e, 0x0a, 0x0c, 0x57, 0x72, 0x69, 0x74, 0x65, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0f, 0x0a, 0x0d, 0x57, 0x72, 0x69, 0x74, 0x65, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x0f, 0x0a, 0x0d, 0x44, 0x65, 0x6c, 0x65, + 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x10, 0x0a, 0x0e, 0x44, 0x65, 0x6c, + 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0x6b, 0x0a, 0x0c, 0x43, + 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x42, 0x0a, 0x05, 0x43, + 0x68, 0x65, 0x63, 0x6b, 0x12, 0x1b, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, + 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x1c, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, + 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, + 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x32, 0x67, 0x0a, 0x0b, 0x52, 0x65, 0x61, 0x64, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x3f, 0x0a, 0x04, 0x52, 0x65, 0x61, 0x64, 0x12, + 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, + 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1b, 0x2e, 0x6b, 0x65, + 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x61, 0x64, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, + 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, + 0x6d, 0x32, 0x6b, 0x0a, 0x0c, 0x57, 0x61, 0x74, 0x63, 0x68, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x12, 0x42, 0x0a, 0x05, 0x57, 0x61, 0x74, 0x63, 0x68, 0x12, 0x1b, 0x2e, 0x6b, 0x65, 0x74, + 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x61, 0x74, 0x63, 0x68, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, + 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x32, 0xb2, + 0x01, 0x0a, 0x0c, 0x57, 0x72, 0x69, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, + 0x42, 0x0a, 0x05, 0x57, 0x72, 0x69, 0x74, 0x65, 0x12, 0x1b, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, + 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, + 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x12, 0x45, 0x0a, 0x06, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x1c, 0x2e, + 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, + 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x6b, 0x65, + 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, + 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, + 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, + 0x63, 0x6f, 0x6d, 0x42, 0x79, 0x0a, 0x14, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, + 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x42, 0x0a, 0x41, 0x75, 0x74, + 0x68, 0x7a, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, + 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, + 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2f, 0x76, 0x31, + 0x3b, 0x61, 0x75, 0x74, 0x68, 0x7a, 0xaa, 0x02, 0x11, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, + 0x6f, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x11, 0x4f, 0x72, 0x79, + 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x5c, 0x56, 0x31, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_keto_authz_v1_acl_service_proto_rawDescOnce sync.Once + file_keto_authz_v1_acl_service_proto_rawDescData = file_keto_authz_v1_acl_service_proto_rawDesc +) + +func file_keto_authz_v1_acl_service_proto_rawDescGZIP() []byte { + file_keto_authz_v1_acl_service_proto_rawDescOnce.Do(func() { + file_keto_authz_v1_acl_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_keto_authz_v1_acl_service_proto_rawDescData) + }) + return file_keto_authz_v1_acl_service_proto_rawDescData +} + +var file_keto_authz_v1_acl_service_proto_msgTypes = make([]protoimpl.MessageInfo, 10) +var file_keto_authz_v1_acl_service_proto_goTypes = []interface{}{ + (*CheckRequest)(nil), // 0: keto.authz.v1.CheckRequest + (*CheckResponse)(nil), // 1: keto.authz.v1.CheckResponse + (*ReadRequest)(nil), // 2: keto.authz.v1.ReadRequest + (*ReadResponse)(nil), // 3: keto.authz.v1.ReadResponse + (*WatchRequest)(nil), // 4: keto.authz.v1.WatchRequest + (*WatchResponse)(nil), // 5: keto.authz.v1.WatchResponse + (*WriteRequest)(nil), // 6: keto.authz.v1.WriteRequest + (*WriteResponse)(nil), // 7: keto.authz.v1.WriteResponse + (*DeleteRequest)(nil), // 8: keto.authz.v1.DeleteRequest + (*DeleteResponse)(nil), // 9: keto.authz.v1.DeleteResponse + (*Object)(nil), // 10: keto.authz.v1.Object +} +var file_keto_authz_v1_acl_service_proto_depIdxs = []int32{ + 10, // 0: keto.authz.v1.CheckRequest.object:type_name -> keto.authz.v1.Object + 0, // 1: keto.authz.v1.CheckService.Check:input_type -> keto.authz.v1.CheckRequest + 2, // 2: keto.authz.v1.ReadService.Read:input_type -> keto.authz.v1.ReadRequest + 4, // 3: keto.authz.v1.WatchService.Watch:input_type -> keto.authz.v1.WatchRequest + 6, // 4: keto.authz.v1.WriteService.Write:input_type -> keto.authz.v1.WriteRequest + 8, // 5: keto.authz.v1.WriteService.Delete:input_type -> keto.authz.v1.DeleteRequest + 1, // 6: keto.authz.v1.CheckService.Check:output_type -> keto.authz.v1.CheckResponse + 3, // 7: keto.authz.v1.ReadService.Read:output_type -> keto.authz.v1.ReadResponse + 5, // 8: keto.authz.v1.WatchService.Watch:output_type -> keto.authz.v1.WatchResponse + 7, // 9: keto.authz.v1.WriteService.Write:output_type -> keto.authz.v1.WriteResponse + 9, // 10: keto.authz.v1.WriteService.Delete:output_type -> keto.authz.v1.DeleteResponse + 6, // [6:11] is the sub-list for method output_type + 1, // [1:6] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_keto_authz_v1_acl_service_proto_init() } +func file_keto_authz_v1_acl_service_proto_init() { + if File_keto_authz_v1_acl_service_proto != nil { + return + } + file_keto_authz_v1_acl_proto_init() + if !protoimpl.UnsafeEnabled { + file_keto_authz_v1_acl_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CheckRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_authz_v1_acl_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CheckResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_authz_v1_acl_service_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ReadRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_authz_v1_acl_service_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ReadResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_authz_v1_acl_service_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*WatchRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_authz_v1_acl_service_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*WatchResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_authz_v1_acl_service_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*WriteRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_authz_v1_acl_service_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*WriteResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_authz_v1_acl_service_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DeleteRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_authz_v1_acl_service_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DeleteResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_keto_authz_v1_acl_service_proto_rawDesc, + NumEnums: 0, + NumMessages: 10, + NumExtensions: 0, + NumServices: 4, + }, + GoTypes: file_keto_authz_v1_acl_service_proto_goTypes, + DependencyIndexes: file_keto_authz_v1_acl_service_proto_depIdxs, + MessageInfos: file_keto_authz_v1_acl_service_proto_msgTypes, + }.Build() + File_keto_authz_v1_acl_service_proto = out.File + file_keto_authz_v1_acl_service_proto_rawDesc = nil + file_keto_authz_v1_acl_service_proto_goTypes = nil + file_keto_authz_v1_acl_service_proto_depIdxs = nil +} diff --git a/api/keto/authz/v1/acl_service.proto b/api/keto/authz/v1/acl_service.proto new file mode 100644 index 000000000..f4ab15b96 --- /dev/null +++ b/api/keto/authz/v1/acl_service.proto @@ -0,0 +1,89 @@ +syntax = "proto3"; + +package keto.authz.v1; + +import "keto/authz/v1/acl.proto"; +import "google/api/client.proto"; + +option go_package = "github.com/ory/keto/api/keto/authz/v1;authz"; +option csharp_namespace = "Ory.Keto.Authz.V1"; +option java_multiple_files = true; +option java_outer_classname = "AuthzProto"; +option java_package = "sh.ory.keto.authz.v1"; +option php_namespace = "Ory\\Keto\\Authz\\V1"; + +// The service that performs authorization checks +// based on the stored Access Control Lists. +service CheckService { + option (google.api.default_host) = "keto.exampleapis.com"; + // Check performs an authorization check. + rpc Check(CheckRequest) returns (CheckResponse); +} + +message CheckRequest { + // The related object in this check. + Object object = 1; + // The relation this check. + string relation = 2; + // The concrete subject id to check. + string subject_id = 3; + // TODO Needs more investigation of the Zanzibar paper (2.4.4 Check) + // + // If specified requests to perform + // the check on only near up to-date ACLs. + // + // *This recommended for low latency and where checks + // are allowed to perform on ACLs that are a bit stale + // (stale => not up to date, but still only differs some + // millis or seconds). + // + // If not specified performs the check on most up to-date + // ACLs in case it is strictly required to do so. + // + // Optional. + // TODO string zookie = 4; +} + +message CheckResponse { + // True if the specified subject id + // is related to the requested Object. + bool allowed = 1; +} + +// The service to query Access Control Lists. +service ReadService { + option (google.api.default_host) = "keto.exampleapis.com"; + // Read lookups relation tuples. + rpc Read(ReadRequest) returns (ReadResponse); +} + +message ReadRequest {} +message ReadResponse {} + +// The service to watch for changes in the system, +// such as for Access Control Lists and namespace configs. +service WatchService { + option (google.api.default_host) = "keto.exampleapis.com"; + // Watches and filters for changes in the ACL system. + rpc Watch(WatchRequest) returns (WatchResponse); +} + +message WatchRequest {} +message WatchResponse {} + +// The write service to create and delete Access Control Lists. +service WriteService { + option (google.api.default_host) = "keto.exampleapis.com"; + // Writes one or more relation tuples + // in a single transaction. + rpc Write(WriteRequest) returns (WriteResponse); + // Deletes one or more matching relation tuples + // in a single transaction. + rpc Delete(DeleteRequest) returns (DeleteResponse); +} + +message WriteRequest {} +message WriteResponse {} + +message DeleteRequest {} +message DeleteResponse {} \ No newline at end of file diff --git a/api/keto/authz/v1/acl_service_grpc.pb.go b/api/keto/authz/v1/acl_service_grpc.pb.go new file mode 100644 index 000000000..d0ab181c2 --- /dev/null +++ b/api/keto/authz/v1/acl_service_grpc.pb.go @@ -0,0 +1,388 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. + +package authz + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion7 + +// CheckServiceClient is the client API for CheckService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type CheckServiceClient interface { + // Check performs an authorization check. + Check(ctx context.Context, in *CheckRequest, opts ...grpc.CallOption) (*CheckResponse, error) +} + +type checkServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewCheckServiceClient(cc grpc.ClientConnInterface) CheckServiceClient { + return &checkServiceClient{cc} +} + +func (c *checkServiceClient) Check(ctx context.Context, in *CheckRequest, opts ...grpc.CallOption) (*CheckResponse, error) { + out := new(CheckResponse) + err := c.cc.Invoke(ctx, "/keto.authz.v1.CheckService/Check", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// CheckServiceServer is the server API for CheckService service. +// All implementations should embed UnimplementedCheckServiceServer +// for forward compatibility +type CheckServiceServer interface { + // Check performs an authorization check. + Check(context.Context, *CheckRequest) (*CheckResponse, error) +} + +// UnimplementedCheckServiceServer should be embedded to have forward compatible implementations. +type UnimplementedCheckServiceServer struct { +} + +func (UnimplementedCheckServiceServer) Check(context.Context, *CheckRequest) (*CheckResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Check not implemented") +} + +// UnsafeCheckServiceServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to CheckServiceServer will +// result in compilation errors. +type UnsafeCheckServiceServer interface { + mustEmbedUnimplementedCheckServiceServer() +} + +func RegisterCheckServiceServer(s grpc.ServiceRegistrar, srv CheckServiceServer) { + s.RegisterService(&_CheckService_serviceDesc, srv) +} + +func _CheckService_Check_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CheckRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CheckServiceServer).Check(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/keto.authz.v1.CheckService/Check", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CheckServiceServer).Check(ctx, req.(*CheckRequest)) + } + return interceptor(ctx, in, info, handler) +} + +var _CheckService_serviceDesc = grpc.ServiceDesc{ + ServiceName: "keto.authz.v1.CheckService", + HandlerType: (*CheckServiceServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Check", + Handler: _CheckService_Check_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "keto/authz/v1/acl_service.proto", +} + +// ReadServiceClient is the client API for ReadService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type ReadServiceClient interface { + // Read lookups relation tuples. + Read(ctx context.Context, in *ReadRequest, opts ...grpc.CallOption) (*ReadResponse, error) +} + +type readServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewReadServiceClient(cc grpc.ClientConnInterface) ReadServiceClient { + return &readServiceClient{cc} +} + +func (c *readServiceClient) Read(ctx context.Context, in *ReadRequest, opts ...grpc.CallOption) (*ReadResponse, error) { + out := new(ReadResponse) + err := c.cc.Invoke(ctx, "/keto.authz.v1.ReadService/Read", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// ReadServiceServer is the server API for ReadService service. +// All implementations should embed UnimplementedReadServiceServer +// for forward compatibility +type ReadServiceServer interface { + // Read lookups relation tuples. + Read(context.Context, *ReadRequest) (*ReadResponse, error) +} + +// UnimplementedReadServiceServer should be embedded to have forward compatible implementations. +type UnimplementedReadServiceServer struct { +} + +func (UnimplementedReadServiceServer) Read(context.Context, *ReadRequest) (*ReadResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Read not implemented") +} + +// UnsafeReadServiceServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to ReadServiceServer will +// result in compilation errors. +type UnsafeReadServiceServer interface { + mustEmbedUnimplementedReadServiceServer() +} + +func RegisterReadServiceServer(s grpc.ServiceRegistrar, srv ReadServiceServer) { + s.RegisterService(&_ReadService_serviceDesc, srv) +} + +func _ReadService_Read_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ReadRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ReadServiceServer).Read(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/keto.authz.v1.ReadService/Read", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ReadServiceServer).Read(ctx, req.(*ReadRequest)) + } + return interceptor(ctx, in, info, handler) +} + +var _ReadService_serviceDesc = grpc.ServiceDesc{ + ServiceName: "keto.authz.v1.ReadService", + HandlerType: (*ReadServiceServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Read", + Handler: _ReadService_Read_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "keto/authz/v1/acl_service.proto", +} + +// WatchServiceClient is the client API for WatchService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type WatchServiceClient interface { + // Watches and filters for changes in the ACL system. + Watch(ctx context.Context, in *WatchRequest, opts ...grpc.CallOption) (*WatchResponse, error) +} + +type watchServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewWatchServiceClient(cc grpc.ClientConnInterface) WatchServiceClient { + return &watchServiceClient{cc} +} + +func (c *watchServiceClient) Watch(ctx context.Context, in *WatchRequest, opts ...grpc.CallOption) (*WatchResponse, error) { + out := new(WatchResponse) + err := c.cc.Invoke(ctx, "/keto.authz.v1.WatchService/Watch", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// WatchServiceServer is the server API for WatchService service. +// All implementations should embed UnimplementedWatchServiceServer +// for forward compatibility +type WatchServiceServer interface { + // Watches and filters for changes in the ACL system. + Watch(context.Context, *WatchRequest) (*WatchResponse, error) +} + +// UnimplementedWatchServiceServer should be embedded to have forward compatible implementations. +type UnimplementedWatchServiceServer struct { +} + +func (UnimplementedWatchServiceServer) Watch(context.Context, *WatchRequest) (*WatchResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Watch not implemented") +} + +// UnsafeWatchServiceServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to WatchServiceServer will +// result in compilation errors. +type UnsafeWatchServiceServer interface { + mustEmbedUnimplementedWatchServiceServer() +} + +func RegisterWatchServiceServer(s grpc.ServiceRegistrar, srv WatchServiceServer) { + s.RegisterService(&_WatchService_serviceDesc, srv) +} + +func _WatchService_Watch_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(WatchRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(WatchServiceServer).Watch(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/keto.authz.v1.WatchService/Watch", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(WatchServiceServer).Watch(ctx, req.(*WatchRequest)) + } + return interceptor(ctx, in, info, handler) +} + +var _WatchService_serviceDesc = grpc.ServiceDesc{ + ServiceName: "keto.authz.v1.WatchService", + HandlerType: (*WatchServiceServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Watch", + Handler: _WatchService_Watch_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "keto/authz/v1/acl_service.proto", +} + +// WriteServiceClient is the client API for WriteService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type WriteServiceClient interface { + // Writes one or more relation tuples + // in a single transaction. + Write(ctx context.Context, in *WriteRequest, opts ...grpc.CallOption) (*WriteResponse, error) + // Deletes one or more matching relation tuples + // in a single transaction. + Delete(ctx context.Context, in *DeleteRequest, opts ...grpc.CallOption) (*DeleteResponse, error) +} + +type writeServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewWriteServiceClient(cc grpc.ClientConnInterface) WriteServiceClient { + return &writeServiceClient{cc} +} + +func (c *writeServiceClient) Write(ctx context.Context, in *WriteRequest, opts ...grpc.CallOption) (*WriteResponse, error) { + out := new(WriteResponse) + err := c.cc.Invoke(ctx, "/keto.authz.v1.WriteService/Write", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *writeServiceClient) Delete(ctx context.Context, in *DeleteRequest, opts ...grpc.CallOption) (*DeleteResponse, error) { + out := new(DeleteResponse) + err := c.cc.Invoke(ctx, "/keto.authz.v1.WriteService/Delete", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// WriteServiceServer is the server API for WriteService service. +// All implementations should embed UnimplementedWriteServiceServer +// for forward compatibility +type WriteServiceServer interface { + // Writes one or more relation tuples + // in a single transaction. + Write(context.Context, *WriteRequest) (*WriteResponse, error) + // Deletes one or more matching relation tuples + // in a single transaction. + Delete(context.Context, *DeleteRequest) (*DeleteResponse, error) +} + +// UnimplementedWriteServiceServer should be embedded to have forward compatible implementations. +type UnimplementedWriteServiceServer struct { +} + +func (UnimplementedWriteServiceServer) Write(context.Context, *WriteRequest) (*WriteResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Write not implemented") +} +func (UnimplementedWriteServiceServer) Delete(context.Context, *DeleteRequest) (*DeleteResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Delete not implemented") +} + +// UnsafeWriteServiceServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to WriteServiceServer will +// result in compilation errors. +type UnsafeWriteServiceServer interface { + mustEmbedUnimplementedWriteServiceServer() +} + +func RegisterWriteServiceServer(s grpc.ServiceRegistrar, srv WriteServiceServer) { + s.RegisterService(&_WriteService_serviceDesc, srv) +} + +func _WriteService_Write_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(WriteRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(WriteServiceServer).Write(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/keto.authz.v1.WriteService/Write", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(WriteServiceServer).Write(ctx, req.(*WriteRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _WriteService_Delete_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(WriteServiceServer).Delete(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/keto.authz.v1.WriteService/Delete", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(WriteServiceServer).Delete(ctx, req.(*DeleteRequest)) + } + return interceptor(ctx, in, info, handler) +} + +var _WriteService_serviceDesc = grpc.ServiceDesc{ + ServiceName: "keto.authz.v1.WriteService", + HandlerType: (*WriteServiceServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Write", + Handler: _WriteService_Write_Handler, + }, + { + MethodName: "Delete", + Handler: _WriteService_Delete_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "keto/authz/v1/acl_service.proto", +} diff --git a/buf.gen.yaml b/buf.gen.yaml new file mode 100644 index 000000000..90b5a5063 --- /dev/null +++ b/buf.gen.yaml @@ -0,0 +1,8 @@ +version: v1beta1 +plugins: + - name: go + out: api + opt: paths=source_relative + - name: go-grpc + out: api + opt: paths=source_relative,require_unimplemented_servers=false \ No newline at end of file diff --git a/buf.yaml b/buf.yaml new file mode 100644 index 000000000..f681601de --- /dev/null +++ b/buf.yaml @@ -0,0 +1,10 @@ +version: v1beta1 +build: + roots: + - api +lint: + use: + - DEFAULT +breaking: + use: + - PACKAGE \ No newline at end of file From 2289c30f04629fe00e5d4699417fb6703d6103c8 Mon Sep 17 00:00:00 2001 From: robinbraemer Date: Sat, 14 Nov 2020 12:48:07 +0100 Subject: [PATCH 03/21] document api layout --- Makefile | 4 +- api/keto/README.md | 38 ++- api/keto/abac/README.md | 2 + api/keto/acl/admin/v1/admin_service.pb.go | 82 +++++ .../admin/v1/admin_service.proto | 8 +- .../admin/v1/admin_service_grpc.pb.go | 2 +- api/keto/acl/node/v1/node_service.pb.go | 77 +++++ .../{authz => acl}/node/v1/node_service.proto | 8 +- .../node/v1/node_service_grpc.pb.go | 2 +- api/keto/{authz => acl}/v1/acl.pb.go | 169 +++++----- api/keto/{authz => acl}/v1/acl.proto | 12 +- api/keto/{authz => acl}/v1/acl_service.pb.go | 307 +++++++++--------- api/keto/{authz => acl}/v1/acl_service.proto | 16 +- .../{authz => acl}/v1/acl_service_grpc.pb.go | 38 +-- api/keto/authz/admin/v1/admin_service.pb.go | 82 ----- api/keto/authz/node/v1/node_service.pb.go | 77 ----- api/keto/rbac/README.md | 2 + buf.gen.yaml => buf/api/buf.gen.yaml | 0 buf.yaml => buf/api/buf.yaml | 0 19 files changed, 478 insertions(+), 448 deletions(-) create mode 100644 api/keto/abac/README.md create mode 100644 api/keto/acl/admin/v1/admin_service.pb.go rename api/keto/{authz => acl}/admin/v1/admin_service.proto (61%) rename api/keto/{authz => acl}/admin/v1/admin_service_grpc.pb.go (96%) create mode 100644 api/keto/acl/node/v1/node_service.pb.go rename api/keto/{authz => acl}/node/v1/node_service.proto (79%) rename api/keto/{authz => acl}/node/v1/node_service_grpc.pb.go (96%) rename api/keto/{authz => acl}/v1/acl.pb.go (58%) rename api/keto/{authz => acl}/v1/acl.proto (83%) rename api/keto/{authz => acl}/v1/acl_service.pb.go (52%) rename api/keto/{authz => acl}/v1/acl_service.proto (87%) rename api/keto/{authz => acl}/v1/acl_service_grpc.pb.go (92%) delete mode 100644 api/keto/authz/admin/v1/admin_service.pb.go delete mode 100644 api/keto/authz/node/v1/node_service.pb.go create mode 100644 api/keto/rbac/README.md rename buf.gen.yaml => buf/api/buf.gen.yaml (100%) rename buf.yaml => buf/api/buf.yaml (100%) diff --git a/Makefile b/Makefile index 0028d62ba..9f5d2b69c 100644 --- a/Makefile +++ b/Makefile @@ -66,7 +66,9 @@ docker: deps .PHONY: buf-gen buf-gen: - buf generate + buf generate \ + --config buf/api/buf.yaml \ + --template buf/api/buf.gen.yaml .PHONY: gen-client gen-client: diff --git a/api/keto/README.md b/api/keto/README.md index d24deb202..2767f7ac9 100644 --- a/api/keto/README.md +++ b/api/keto/README.md @@ -1,9 +1,37 @@ -# Note +# Notes -ORY Keto is still a `sandbox` project. +> ORY Keto is still a `sandbox` project. This makes the included api version `v1` subject to have breaking changes until the `v1.0.0` release of Keto! -> - AuthZ – **Authorization** is establishing privilege -> - AuthN – Authentication is establishing the identity, which Keto does not do. -> - See [ORY Hydra](https://github.com/ory/hydra). +This directory contains the ProtoBuf & gRPC definitions +for the Access Control APIs. + +This includes: +- ACL +- Soon: + - RBAC + - ABAC + +**ACL is the flexible and scalable "base system" +where all other access control schemes built upon.** + +## Directory layout + +```shell script +keto +└── acl / rbac / abac +    ├── node +    │   └── v1 - Intercommunication API (cluster internal) +    ├── admin +    │   └── v1 - Admin API definitions +    └── v1 - "Base" API definitions +``` + +- `admin` - API for critical administrative tasks + - namespace config management + - retrieval of cluster system statistics / analysis + - etc. +- `base/v1` - Base APIs / models + - read/write/watch/... services +- `node` - Intercommunication of cluster nodes \ No newline at end of file diff --git a/api/keto/abac/README.md b/api/keto/abac/README.md new file mode 100644 index 000000000..01b10d9b4 --- /dev/null +++ b/api/keto/abac/README.md @@ -0,0 +1,2 @@ +# coming soon +Built upon [ACL](../acl). \ No newline at end of file diff --git a/api/keto/acl/admin/v1/admin_service.pb.go b/api/keto/acl/admin/v1/admin_service.pb.go new file mode 100644 index 000000000..92c0b1e21 --- /dev/null +++ b/api/keto/acl/admin/v1/admin_service.pb.go @@ -0,0 +1,82 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.25.0 +// protoc v3.13.0 +// source: keto/acl/admin/v1/admin_service.proto + +package admin + +import ( + proto "github.com/golang/protobuf/proto" + _ "google.golang.org/genproto/googleapis/api/annotations" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 + +var File_keto_acl_admin_v1_admin_service_proto protoreflect.FileDescriptor + +var file_keto_acl_admin_v1_admin_service_proto_rawDesc = []byte{ + 0x0a, 0x25, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x61, 0x64, 0x6d, 0x69, 0x6e, + 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, + 0x74, 0x68, 0x7a, 0x2e, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x76, 0x31, 0x1a, 0x17, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x32, 0x27, 0x0a, 0x0c, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, 0x89, + 0x01, 0x0a, 0x18, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, + 0x63, 0x6c, 0x2e, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x76, 0x31, 0x42, 0x0a, 0x41, 0x64, 0x6d, + 0x69, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2f, 0x67, 0x69, 0x74, 0x68, 0x75, + 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, + 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x61, 0x64, 0x6d, 0x69, + 0x6e, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0xaa, 0x02, 0x15, 0x4f, 0x72, 0x79, + 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x2e, + 0x56, 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, + 0x6c, 0x5c, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, +} + +var file_keto_acl_admin_v1_admin_service_proto_goTypes = []interface{}{} +var file_keto_acl_admin_v1_admin_service_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_keto_acl_admin_v1_admin_service_proto_init() } +func file_keto_acl_admin_v1_admin_service_proto_init() { + if File_keto_acl_admin_v1_admin_service_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_keto_acl_admin_v1_admin_service_proto_rawDesc, + NumEnums: 0, + NumMessages: 0, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_keto_acl_admin_v1_admin_service_proto_goTypes, + DependencyIndexes: file_keto_acl_admin_v1_admin_service_proto_depIdxs, + }.Build() + File_keto_acl_admin_v1_admin_service_proto = out.File + file_keto_acl_admin_v1_admin_service_proto_rawDesc = nil + file_keto_acl_admin_v1_admin_service_proto_goTypes = nil + file_keto_acl_admin_v1_admin_service_proto_depIdxs = nil +} diff --git a/api/keto/authz/admin/v1/admin_service.proto b/api/keto/acl/admin/v1/admin_service.proto similarity index 61% rename from api/keto/authz/admin/v1/admin_service.proto rename to api/keto/acl/admin/v1/admin_service.proto index 4f931f50f..c8553363a 100644 --- a/api/keto/authz/admin/v1/admin_service.proto +++ b/api/keto/acl/admin/v1/admin_service.proto @@ -4,12 +4,12 @@ package keto.authz.admin.v1; import "google/api/client.proto"; -option go_package = "github.com/ory/keto/api/keto/authz/admin/v1;admin"; -option csharp_namespace = "Ory.Keto.Authz.Admin.V1"; +option go_package = "github.com/ory/keto/api/keto/acl/admin/v1;admin"; +option csharp_namespace = "Ory.Keto.Acl.Admin.V1"; option java_multiple_files = true; option java_outer_classname = "AdminProto"; -option java_package = "sh.ory.keto.authz.admin.v1"; -option php_namespace = "Ory\\Keto\\Authz\\Admin\\V1"; +option java_package = "sh.ory.keto.acl.admin.v1"; +option php_namespace = "Ory\\Keto\\Acl\\Admin\\V1"; // The admin service for doing administrative tasks in the ACL system. service AdminService { diff --git a/api/keto/authz/admin/v1/admin_service_grpc.pb.go b/api/keto/acl/admin/v1/admin_service_grpc.pb.go similarity index 96% rename from api/keto/authz/admin/v1/admin_service_grpc.pb.go rename to api/keto/acl/admin/v1/admin_service_grpc.pb.go index 54e9018ef..a23e04f79 100644 --- a/api/keto/authz/admin/v1/admin_service_grpc.pb.go +++ b/api/keto/acl/admin/v1/admin_service_grpc.pb.go @@ -50,5 +50,5 @@ var _AdminService_serviceDesc = grpc.ServiceDesc{ HandlerType: (*AdminServiceServer)(nil), Methods: []grpc.MethodDesc{}, Streams: []grpc.StreamDesc{}, - Metadata: "keto/authz/admin/v1/admin_service.proto", + Metadata: "keto/acl/admin/v1/admin_service.proto", } diff --git a/api/keto/acl/node/v1/node_service.pb.go b/api/keto/acl/node/v1/node_service.pb.go new file mode 100644 index 000000000..55d54ec66 --- /dev/null +++ b/api/keto/acl/node/v1/node_service.pb.go @@ -0,0 +1,77 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.25.0 +// protoc v3.13.0 +// source: keto/acl/node/v1/node_service.proto + +package node + +import ( + proto "github.com/golang/protobuf/proto" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 + +var File_keto_acl_node_v1_node_service_proto protoreflect.FileDescriptor + +var file_keto_acl_node_v1_node_service_proto_rawDesc = []byte{ + 0x0a, 0x23, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2f, + 0x76, 0x31, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, + 0x7a, 0x2e, 0x6e, 0x6f, 0x64, 0x65, 0x2e, 0x76, 0x31, 0x32, 0x0d, 0x0a, 0x0b, 0x4e, 0x6f, 0x64, + 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x42, 0x83, 0x01, 0x0a, 0x17, 0x73, 0x68, 0x2e, + 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x6e, 0x6f, 0x64, + 0x65, 0x2e, 0x76, 0x31, 0x42, 0x09, 0x4e, 0x6f, 0x64, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, + 0x01, 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, + 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, + 0x61, 0x63, 0x6c, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2f, 0x76, 0x31, 0x3b, 0x6e, 0x6f, 0x64, 0x65, + 0xaa, 0x02, 0x14, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, + 0x4e, 0x6f, 0x64, 0x65, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x14, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, + 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x4e, 0x6f, 0x64, 0x65, 0x5c, 0x56, 0x31, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var file_keto_acl_node_v1_node_service_proto_goTypes = []interface{}{} +var file_keto_acl_node_v1_node_service_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_keto_acl_node_v1_node_service_proto_init() } +func file_keto_acl_node_v1_node_service_proto_init() { + if File_keto_acl_node_v1_node_service_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_keto_acl_node_v1_node_service_proto_rawDesc, + NumEnums: 0, + NumMessages: 0, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_keto_acl_node_v1_node_service_proto_goTypes, + DependencyIndexes: file_keto_acl_node_v1_node_service_proto_depIdxs, + }.Build() + File_keto_acl_node_v1_node_service_proto = out.File + file_keto_acl_node_v1_node_service_proto_rawDesc = nil + file_keto_acl_node_v1_node_service_proto_goTypes = nil + file_keto_acl_node_v1_node_service_proto_depIdxs = nil +} diff --git a/api/keto/authz/node/v1/node_service.proto b/api/keto/acl/node/v1/node_service.proto similarity index 79% rename from api/keto/authz/node/v1/node_service.proto rename to api/keto/acl/node/v1/node_service.proto index 4537b1eac..b1042825f 100644 --- a/api/keto/authz/node/v1/node_service.proto +++ b/api/keto/acl/node/v1/node_service.proto @@ -2,12 +2,12 @@ syntax = "proto3"; package keto.authz.node.v1; -option go_package = "github.com/ory/keto/api/keto/authz/node/v1;node"; -option csharp_namespace = "Ory.Keto.Authz.Node.V1"; +option go_package = "github.com/ory/keto/api/keto/acl/node/v1;node"; +option csharp_namespace = "Ory.Keto.Acl.Node.V1"; option java_multiple_files = true; option java_outer_classname = "NodeProto"; -option java_package = "sh.ory.keto.authz.node.v1"; -option php_namespace = "Ory\\Keto\\Authz\\Node\\V1"; +option java_package = "sh.ory.keto.acl.node.v1"; +option php_namespace = "Ory\\Keto\\Acl\\Node\\V1"; // The internal service for intercommunication // between ACL servers in a cluster. diff --git a/api/keto/authz/node/v1/node_service_grpc.pb.go b/api/keto/acl/node/v1/node_service_grpc.pb.go similarity index 96% rename from api/keto/authz/node/v1/node_service_grpc.pb.go rename to api/keto/acl/node/v1/node_service_grpc.pb.go index d9d515abb..98cf32db1 100644 --- a/api/keto/authz/node/v1/node_service_grpc.pb.go +++ b/api/keto/acl/node/v1/node_service_grpc.pb.go @@ -50,5 +50,5 @@ var _NodeService_serviceDesc = grpc.ServiceDesc{ HandlerType: (*NodeServiceServer)(nil), Methods: []grpc.MethodDesc{}, Streams: []grpc.StreamDesc{}, - Metadata: "keto/authz/node/v1/node_service.proto", + Metadata: "keto/acl/node/v1/node_service.proto", } diff --git a/api/keto/authz/v1/acl.pb.go b/api/keto/acl/v1/acl.pb.go similarity index 58% rename from api/keto/authz/v1/acl.pb.go rename to api/keto/acl/v1/acl.pb.go index c7daf7d69..fcf5a42f5 100644 --- a/api/keto/authz/v1/acl.pb.go +++ b/api/keto/acl/v1/acl.pb.go @@ -2,9 +2,9 @@ // versions: // protoc-gen-go v1.25.0 // protoc v3.13.0 -// source: keto/authz/v1/acl.proto +// source: keto/acl/v1/acl.proto -package authz +package acl import ( proto "github.com/golang/protobuf/proto" @@ -47,7 +47,7 @@ type RelationTuple struct { func (x *RelationTuple) Reset() { *x = RelationTuple{} if protoimpl.UnsafeEnabled { - mi := &file_keto_authz_v1_acl_proto_msgTypes[0] + mi := &file_keto_acl_v1_acl_proto_msgTypes[0] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -60,7 +60,7 @@ func (x *RelationTuple) String() string { func (*RelationTuple) ProtoMessage() {} func (x *RelationTuple) ProtoReflect() protoreflect.Message { - mi := &file_keto_authz_v1_acl_proto_msgTypes[0] + mi := &file_keto_acl_v1_acl_proto_msgTypes[0] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -73,7 +73,7 @@ func (x *RelationTuple) ProtoReflect() protoreflect.Message { // Deprecated: Use RelationTuple.ProtoReflect.Descriptor instead. func (*RelationTuple) Descriptor() ([]byte, []int) { - return file_keto_authz_v1_acl_proto_rawDescGZIP(), []int{0} + return file_keto_acl_v1_acl_proto_rawDescGZIP(), []int{0} } func (x *RelationTuple) GetObject() *Object { @@ -116,7 +116,7 @@ type Object struct { func (x *Object) Reset() { *x = Object{} if protoimpl.UnsafeEnabled { - mi := &file_keto_authz_v1_acl_proto_msgTypes[1] + mi := &file_keto_acl_v1_acl_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -129,7 +129,7 @@ func (x *Object) String() string { func (*Object) ProtoMessage() {} func (x *Object) ProtoReflect() protoreflect.Message { - mi := &file_keto_authz_v1_acl_proto_msgTypes[1] + mi := &file_keto_acl_v1_acl_proto_msgTypes[1] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -142,7 +142,7 @@ func (x *Object) ProtoReflect() protoreflect.Message { // Deprecated: Use Object.ProtoReflect.Descriptor instead. func (*Object) Descriptor() ([]byte, []int) { - return file_keto_authz_v1_acl_proto_rawDescGZIP(), []int{1} + return file_keto_acl_v1_acl_proto_rawDescGZIP(), []int{1} } func (x *Object) GetNamespace() string { @@ -175,7 +175,7 @@ type Subject struct { func (x *Subject) Reset() { *x = Subject{} if protoimpl.UnsafeEnabled { - mi := &file_keto_authz_v1_acl_proto_msgTypes[2] + mi := &file_keto_acl_v1_acl_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -188,7 +188,7 @@ func (x *Subject) String() string { func (*Subject) ProtoMessage() {} func (x *Subject) ProtoReflect() protoreflect.Message { - mi := &file_keto_authz_v1_acl_proto_msgTypes[2] + mi := &file_keto_acl_v1_acl_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -201,7 +201,7 @@ func (x *Subject) ProtoReflect() protoreflect.Message { // Deprecated: Use Subject.ProtoReflect.Descriptor instead. func (*Subject) Descriptor() ([]byte, []int) { - return file_keto_authz_v1_acl_proto_rawDescGZIP(), []int{2} + return file_keto_acl_v1_acl_proto_rawDescGZIP(), []int{2} } func (m *Subject) GetType() isSubject_Type { @@ -259,7 +259,7 @@ type SubjectSet struct { func (x *SubjectSet) Reset() { *x = SubjectSet{} if protoimpl.UnsafeEnabled { - mi := &file_keto_authz_v1_acl_proto_msgTypes[3] + mi := &file_keto_acl_v1_acl_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -272,7 +272,7 @@ func (x *SubjectSet) String() string { func (*SubjectSet) ProtoMessage() {} func (x *SubjectSet) ProtoReflect() protoreflect.Message { - mi := &file_keto_authz_v1_acl_proto_msgTypes[3] + mi := &file_keto_acl_v1_acl_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -285,7 +285,7 @@ func (x *SubjectSet) ProtoReflect() protoreflect.Message { // Deprecated: Use SubjectSet.ProtoReflect.Descriptor instead. func (*SubjectSet) Descriptor() ([]byte, []int) { - return file_keto_authz_v1_acl_proto_rawDescGZIP(), []int{3} + return file_keto_acl_v1_acl_proto_rawDescGZIP(), []int{3} } func (x *SubjectSet) GetObject() *Object { @@ -302,71 +302,70 @@ func (x *SubjectSet) GetRelation() string { return "" } -var File_keto_authz_v1_acl_proto protoreflect.FileDescriptor - -var file_keto_authz_v1_acl_proto_rawDesc = []byte{ - 0x0a, 0x17, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2f, 0x76, 0x31, 0x2f, - 0x61, 0x63, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0d, 0x6b, 0x65, 0x74, 0x6f, 0x2e, - 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x22, 0x8c, 0x01, 0x0a, 0x0d, 0x52, 0x65, 0x6c, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x12, 0x2d, 0x0a, 0x06, 0x6f, 0x62, - 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x6b, 0x65, 0x74, - 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, - 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x30, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, - 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x07, - 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x22, 0x36, 0x0a, 0x06, 0x4f, 0x62, 0x6a, 0x65, 0x63, - 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, - 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x22, - 0x70, 0x0a, 0x07, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1f, 0x0a, 0x0a, 0x73, 0x75, - 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, - 0x52, 0x09, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x3c, 0x0a, 0x0b, 0x73, - 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x19, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, - 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x48, 0x00, 0x52, 0x0a, 0x73, - 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x42, 0x06, 0x0a, 0x04, 0x74, 0x79, 0x70, - 0x65, 0x22, 0x57, 0x0a, 0x0a, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x12, - 0x2d, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x15, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, - 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, - 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x79, 0x0a, 0x14, 0x73, 0x68, - 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, - 0x76, 0x31, 0x42, 0x0a, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, - 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, +var File_keto_acl_v1_acl_proto protoreflect.FileDescriptor + +var file_keto_acl_v1_acl_proto_rawDesc = []byte{ + 0x0a, 0x15, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x63, + 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0b, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, + 0x6c, 0x2e, 0x76, 0x31, 0x22, 0x88, 0x01, 0x0a, 0x0d, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x12, 0x2b, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, + 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, + 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, + 0x2e, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x14, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x53, + 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x22, + 0x36, 0x0a, 0x06, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, + 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, + 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x22, 0x6e, 0x0a, 0x07, 0x53, 0x75, 0x62, 0x6a, 0x65, + 0x63, 0x74, 0x12, 0x1f, 0x0a, 0x0a, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x09, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, + 0x74, 0x49, 0x64, 0x12, 0x3a, 0x0a, 0x0b, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x73, + 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, + 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, + 0x74, 0x48, 0x00, 0x52, 0x0a, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x42, + 0x06, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x22, 0x55, 0x0a, 0x0a, 0x53, 0x75, 0x62, 0x6a, 0x65, + 0x63, 0x74, 0x53, 0x65, 0x74, 0x12, 0x2b, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, + 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, + 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x6d, + 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, + 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x08, 0x41, 0x63, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, + 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, - 0x75, 0x74, 0x68, 0x7a, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x75, 0x74, 0x68, 0x7a, 0xaa, 0x02, 0x11, - 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x56, - 0x31, 0xca, 0x02, 0x11, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x75, 0x74, - 0x68, 0x7a, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x2e, + 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, 0x4f, 0x72, + 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( - file_keto_authz_v1_acl_proto_rawDescOnce sync.Once - file_keto_authz_v1_acl_proto_rawDescData = file_keto_authz_v1_acl_proto_rawDesc + file_keto_acl_v1_acl_proto_rawDescOnce sync.Once + file_keto_acl_v1_acl_proto_rawDescData = file_keto_acl_v1_acl_proto_rawDesc ) -func file_keto_authz_v1_acl_proto_rawDescGZIP() []byte { - file_keto_authz_v1_acl_proto_rawDescOnce.Do(func() { - file_keto_authz_v1_acl_proto_rawDescData = protoimpl.X.CompressGZIP(file_keto_authz_v1_acl_proto_rawDescData) +func file_keto_acl_v1_acl_proto_rawDescGZIP() []byte { + file_keto_acl_v1_acl_proto_rawDescOnce.Do(func() { + file_keto_acl_v1_acl_proto_rawDescData = protoimpl.X.CompressGZIP(file_keto_acl_v1_acl_proto_rawDescData) }) - return file_keto_authz_v1_acl_proto_rawDescData + return file_keto_acl_v1_acl_proto_rawDescData } -var file_keto_authz_v1_acl_proto_msgTypes = make([]protoimpl.MessageInfo, 4) -var file_keto_authz_v1_acl_proto_goTypes = []interface{}{ - (*RelationTuple)(nil), // 0: keto.authz.v1.RelationTuple - (*Object)(nil), // 1: keto.authz.v1.Object - (*Subject)(nil), // 2: keto.authz.v1.Subject - (*SubjectSet)(nil), // 3: keto.authz.v1.SubjectSet +var file_keto_acl_v1_acl_proto_msgTypes = make([]protoimpl.MessageInfo, 4) +var file_keto_acl_v1_acl_proto_goTypes = []interface{}{ + (*RelationTuple)(nil), // 0: keto.acl.v1.RelationTuple + (*Object)(nil), // 1: keto.acl.v1.Object + (*Subject)(nil), // 2: keto.acl.v1.Subject + (*SubjectSet)(nil), // 3: keto.acl.v1.SubjectSet } -var file_keto_authz_v1_acl_proto_depIdxs = []int32{ - 1, // 0: keto.authz.v1.RelationTuple.object:type_name -> keto.authz.v1.Object - 2, // 1: keto.authz.v1.RelationTuple.subject:type_name -> keto.authz.v1.Subject - 3, // 2: keto.authz.v1.Subject.subject_set:type_name -> keto.authz.v1.SubjectSet - 1, // 3: keto.authz.v1.SubjectSet.object:type_name -> keto.authz.v1.Object +var file_keto_acl_v1_acl_proto_depIdxs = []int32{ + 1, // 0: keto.acl.v1.RelationTuple.object:type_name -> keto.acl.v1.Object + 2, // 1: keto.acl.v1.RelationTuple.subject:type_name -> keto.acl.v1.Subject + 3, // 2: keto.acl.v1.Subject.subject_set:type_name -> keto.acl.v1.SubjectSet + 1, // 3: keto.acl.v1.SubjectSet.object:type_name -> keto.acl.v1.Object 4, // [4:4] is the sub-list for method output_type 4, // [4:4] is the sub-list for method input_type 4, // [4:4] is the sub-list for extension type_name @@ -374,13 +373,13 @@ var file_keto_authz_v1_acl_proto_depIdxs = []int32{ 0, // [0:4] is the sub-list for field type_name } -func init() { file_keto_authz_v1_acl_proto_init() } -func file_keto_authz_v1_acl_proto_init() { - if File_keto_authz_v1_acl_proto != nil { +func init() { file_keto_acl_v1_acl_proto_init() } +func file_keto_acl_v1_acl_proto_init() { + if File_keto_acl_v1_acl_proto != nil { return } if !protoimpl.UnsafeEnabled { - file_keto_authz_v1_acl_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + file_keto_acl_v1_acl_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*RelationTuple); i { case 0: return &v.state @@ -392,7 +391,7 @@ func file_keto_authz_v1_acl_proto_init() { return nil } } - file_keto_authz_v1_acl_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + file_keto_acl_v1_acl_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Object); i { case 0: return &v.state @@ -404,7 +403,7 @@ func file_keto_authz_v1_acl_proto_init() { return nil } } - file_keto_authz_v1_acl_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + file_keto_acl_v1_acl_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Subject); i { case 0: return &v.state @@ -416,7 +415,7 @@ func file_keto_authz_v1_acl_proto_init() { return nil } } - file_keto_authz_v1_acl_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + file_keto_acl_v1_acl_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*SubjectSet); i { case 0: return &v.state @@ -429,7 +428,7 @@ func file_keto_authz_v1_acl_proto_init() { } } } - file_keto_authz_v1_acl_proto_msgTypes[2].OneofWrappers = []interface{}{ + file_keto_acl_v1_acl_proto_msgTypes[2].OneofWrappers = []interface{}{ (*Subject_SubjectId)(nil), (*Subject_SubjectSet)(nil), } @@ -437,18 +436,18 @@ func file_keto_authz_v1_acl_proto_init() { out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_keto_authz_v1_acl_proto_rawDesc, + RawDescriptor: file_keto_acl_v1_acl_proto_rawDesc, NumEnums: 0, NumMessages: 4, NumExtensions: 0, NumServices: 0, }, - GoTypes: file_keto_authz_v1_acl_proto_goTypes, - DependencyIndexes: file_keto_authz_v1_acl_proto_depIdxs, - MessageInfos: file_keto_authz_v1_acl_proto_msgTypes, + GoTypes: file_keto_acl_v1_acl_proto_goTypes, + DependencyIndexes: file_keto_acl_v1_acl_proto_depIdxs, + MessageInfos: file_keto_acl_v1_acl_proto_msgTypes, }.Build() - File_keto_authz_v1_acl_proto = out.File - file_keto_authz_v1_acl_proto_rawDesc = nil - file_keto_authz_v1_acl_proto_goTypes = nil - file_keto_authz_v1_acl_proto_depIdxs = nil + File_keto_acl_v1_acl_proto = out.File + file_keto_acl_v1_acl_proto_rawDesc = nil + file_keto_acl_v1_acl_proto_goTypes = nil + file_keto_acl_v1_acl_proto_depIdxs = nil } diff --git a/api/keto/authz/v1/acl.proto b/api/keto/acl/v1/acl.proto similarity index 83% rename from api/keto/authz/v1/acl.proto rename to api/keto/acl/v1/acl.proto index 062c62092..a15f9ad24 100644 --- a/api/keto/authz/v1/acl.proto +++ b/api/keto/acl/v1/acl.proto @@ -1,13 +1,13 @@ syntax = "proto3"; -package keto.authz.v1; +package keto.acl.v1; -option go_package = "github.com/ory/keto/api/keto/authz/v1;authz"; -option csharp_namespace = "Ory.Keto.Authz.V1"; +option go_package = "github.com/ory/keto/api/keto/acl/v1;acl"; +option csharp_namespace = "Ory.Keto.Acl.V1"; option java_multiple_files = true; -option java_outer_classname = "AuthzProto"; -option java_package = "sh.ory.keto.authz.v1"; -option php_namespace = "Ory\\Keto\\Authz\\V1"; +option java_outer_classname = "AclProto"; +option java_package = "sh.ory.keto.acl.v1"; +option php_namespace = "Ory\\Keto\\Acl\\V1"; // RelationTuple relates an Object with a Subject. diff --git a/api/keto/authz/v1/acl_service.pb.go b/api/keto/acl/v1/acl_service.pb.go similarity index 52% rename from api/keto/authz/v1/acl_service.pb.go rename to api/keto/acl/v1/acl_service.pb.go index 80d8f3886..83d901631 100644 --- a/api/keto/authz/v1/acl_service.pb.go +++ b/api/keto/acl/v1/acl_service.pb.go @@ -2,9 +2,9 @@ // versions: // protoc-gen-go v1.25.0 // protoc v3.13.0 -// source: keto/authz/v1/acl_service.proto +// source: keto/acl/v1/acl_service.proto -package authz +package acl import ( proto "github.com/golang/protobuf/proto" @@ -42,7 +42,7 @@ type CheckRequest struct { func (x *CheckRequest) Reset() { *x = CheckRequest{} if protoimpl.UnsafeEnabled { - mi := &file_keto_authz_v1_acl_service_proto_msgTypes[0] + mi := &file_keto_acl_v1_acl_service_proto_msgTypes[0] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -55,7 +55,7 @@ func (x *CheckRequest) String() string { func (*CheckRequest) ProtoMessage() {} func (x *CheckRequest) ProtoReflect() protoreflect.Message { - mi := &file_keto_authz_v1_acl_service_proto_msgTypes[0] + mi := &file_keto_acl_v1_acl_service_proto_msgTypes[0] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -68,7 +68,7 @@ func (x *CheckRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use CheckRequest.ProtoReflect.Descriptor instead. func (*CheckRequest) Descriptor() ([]byte, []int) { - return file_keto_authz_v1_acl_service_proto_rawDescGZIP(), []int{0} + return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{0} } func (x *CheckRequest) GetObject() *Object { @@ -105,7 +105,7 @@ type CheckResponse struct { func (x *CheckResponse) Reset() { *x = CheckResponse{} if protoimpl.UnsafeEnabled { - mi := &file_keto_authz_v1_acl_service_proto_msgTypes[1] + mi := &file_keto_acl_v1_acl_service_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -118,7 +118,7 @@ func (x *CheckResponse) String() string { func (*CheckResponse) ProtoMessage() {} func (x *CheckResponse) ProtoReflect() protoreflect.Message { - mi := &file_keto_authz_v1_acl_service_proto_msgTypes[1] + mi := &file_keto_acl_v1_acl_service_proto_msgTypes[1] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -131,7 +131,7 @@ func (x *CheckResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use CheckResponse.ProtoReflect.Descriptor instead. func (*CheckResponse) Descriptor() ([]byte, []int) { - return file_keto_authz_v1_acl_service_proto_rawDescGZIP(), []int{1} + return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{1} } func (x *CheckResponse) GetAllowed() bool { @@ -150,7 +150,7 @@ type ReadRequest struct { func (x *ReadRequest) Reset() { *x = ReadRequest{} if protoimpl.UnsafeEnabled { - mi := &file_keto_authz_v1_acl_service_proto_msgTypes[2] + mi := &file_keto_acl_v1_acl_service_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -163,7 +163,7 @@ func (x *ReadRequest) String() string { func (*ReadRequest) ProtoMessage() {} func (x *ReadRequest) ProtoReflect() protoreflect.Message { - mi := &file_keto_authz_v1_acl_service_proto_msgTypes[2] + mi := &file_keto_acl_v1_acl_service_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -176,7 +176,7 @@ func (x *ReadRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use ReadRequest.ProtoReflect.Descriptor instead. func (*ReadRequest) Descriptor() ([]byte, []int) { - return file_keto_authz_v1_acl_service_proto_rawDescGZIP(), []int{2} + return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{2} } type ReadResponse struct { @@ -188,7 +188,7 @@ type ReadResponse struct { func (x *ReadResponse) Reset() { *x = ReadResponse{} if protoimpl.UnsafeEnabled { - mi := &file_keto_authz_v1_acl_service_proto_msgTypes[3] + mi := &file_keto_acl_v1_acl_service_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -201,7 +201,7 @@ func (x *ReadResponse) String() string { func (*ReadResponse) ProtoMessage() {} func (x *ReadResponse) ProtoReflect() protoreflect.Message { - mi := &file_keto_authz_v1_acl_service_proto_msgTypes[3] + mi := &file_keto_acl_v1_acl_service_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -214,7 +214,7 @@ func (x *ReadResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use ReadResponse.ProtoReflect.Descriptor instead. func (*ReadResponse) Descriptor() ([]byte, []int) { - return file_keto_authz_v1_acl_service_proto_rawDescGZIP(), []int{3} + return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{3} } type WatchRequest struct { @@ -226,7 +226,7 @@ type WatchRequest struct { func (x *WatchRequest) Reset() { *x = WatchRequest{} if protoimpl.UnsafeEnabled { - mi := &file_keto_authz_v1_acl_service_proto_msgTypes[4] + mi := &file_keto_acl_v1_acl_service_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -239,7 +239,7 @@ func (x *WatchRequest) String() string { func (*WatchRequest) ProtoMessage() {} func (x *WatchRequest) ProtoReflect() protoreflect.Message { - mi := &file_keto_authz_v1_acl_service_proto_msgTypes[4] + mi := &file_keto_acl_v1_acl_service_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -252,7 +252,7 @@ func (x *WatchRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use WatchRequest.ProtoReflect.Descriptor instead. func (*WatchRequest) Descriptor() ([]byte, []int) { - return file_keto_authz_v1_acl_service_proto_rawDescGZIP(), []int{4} + return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{4} } type WatchResponse struct { @@ -264,7 +264,7 @@ type WatchResponse struct { func (x *WatchResponse) Reset() { *x = WatchResponse{} if protoimpl.UnsafeEnabled { - mi := &file_keto_authz_v1_acl_service_proto_msgTypes[5] + mi := &file_keto_acl_v1_acl_service_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -277,7 +277,7 @@ func (x *WatchResponse) String() string { func (*WatchResponse) ProtoMessage() {} func (x *WatchResponse) ProtoReflect() protoreflect.Message { - mi := &file_keto_authz_v1_acl_service_proto_msgTypes[5] + mi := &file_keto_acl_v1_acl_service_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -290,7 +290,7 @@ func (x *WatchResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use WatchResponse.ProtoReflect.Descriptor instead. func (*WatchResponse) Descriptor() ([]byte, []int) { - return file_keto_authz_v1_acl_service_proto_rawDescGZIP(), []int{5} + return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{5} } type WriteRequest struct { @@ -302,7 +302,7 @@ type WriteRequest struct { func (x *WriteRequest) Reset() { *x = WriteRequest{} if protoimpl.UnsafeEnabled { - mi := &file_keto_authz_v1_acl_service_proto_msgTypes[6] + mi := &file_keto_acl_v1_acl_service_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -315,7 +315,7 @@ func (x *WriteRequest) String() string { func (*WriteRequest) ProtoMessage() {} func (x *WriteRequest) ProtoReflect() protoreflect.Message { - mi := &file_keto_authz_v1_acl_service_proto_msgTypes[6] + mi := &file_keto_acl_v1_acl_service_proto_msgTypes[6] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -328,7 +328,7 @@ func (x *WriteRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use WriteRequest.ProtoReflect.Descriptor instead. func (*WriteRequest) Descriptor() ([]byte, []int) { - return file_keto_authz_v1_acl_service_proto_rawDescGZIP(), []int{6} + return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{6} } type WriteResponse struct { @@ -340,7 +340,7 @@ type WriteResponse struct { func (x *WriteResponse) Reset() { *x = WriteResponse{} if protoimpl.UnsafeEnabled { - mi := &file_keto_authz_v1_acl_service_proto_msgTypes[7] + mi := &file_keto_acl_v1_acl_service_proto_msgTypes[7] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -353,7 +353,7 @@ func (x *WriteResponse) String() string { func (*WriteResponse) ProtoMessage() {} func (x *WriteResponse) ProtoReflect() protoreflect.Message { - mi := &file_keto_authz_v1_acl_service_proto_msgTypes[7] + mi := &file_keto_acl_v1_acl_service_proto_msgTypes[7] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -366,7 +366,7 @@ func (x *WriteResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use WriteResponse.ProtoReflect.Descriptor instead. func (*WriteResponse) Descriptor() ([]byte, []int) { - return file_keto_authz_v1_acl_service_proto_rawDescGZIP(), []int{7} + return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{7} } type DeleteRequest struct { @@ -378,7 +378,7 @@ type DeleteRequest struct { func (x *DeleteRequest) Reset() { *x = DeleteRequest{} if protoimpl.UnsafeEnabled { - mi := &file_keto_authz_v1_acl_service_proto_msgTypes[8] + mi := &file_keto_acl_v1_acl_service_proto_msgTypes[8] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -391,7 +391,7 @@ func (x *DeleteRequest) String() string { func (*DeleteRequest) ProtoMessage() {} func (x *DeleteRequest) ProtoReflect() protoreflect.Message { - mi := &file_keto_authz_v1_acl_service_proto_msgTypes[8] + mi := &file_keto_acl_v1_acl_service_proto_msgTypes[8] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -404,7 +404,7 @@ func (x *DeleteRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use DeleteRequest.ProtoReflect.Descriptor instead. func (*DeleteRequest) Descriptor() ([]byte, []int) { - return file_keto_authz_v1_acl_service_proto_rawDescGZIP(), []int{8} + return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{8} } type DeleteResponse struct { @@ -416,7 +416,7 @@ type DeleteResponse struct { func (x *DeleteResponse) Reset() { *x = DeleteResponse{} if protoimpl.UnsafeEnabled { - mi := &file_keto_authz_v1_acl_service_proto_msgTypes[9] + mi := &file_keto_acl_v1_acl_service_proto_msgTypes[9] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -429,7 +429,7 @@ func (x *DeleteResponse) String() string { func (*DeleteResponse) ProtoMessage() {} func (x *DeleteResponse) ProtoReflect() protoreflect.Message { - mi := &file_keto_authz_v1_acl_service_proto_msgTypes[9] + mi := &file_keto_acl_v1_acl_service_proto_msgTypes[9] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -442,117 +442,114 @@ func (x *DeleteResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use DeleteResponse.ProtoReflect.Descriptor instead. func (*DeleteResponse) Descriptor() ([]byte, []int) { - return file_keto_authz_v1_acl_service_proto_rawDescGZIP(), []int{9} -} - -var File_keto_authz_v1_acl_service_proto protoreflect.FileDescriptor - -var file_keto_authz_v1_acl_service_proto_rawDesc = []byte{ - 0x0a, 0x1f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2f, 0x76, 0x31, 0x2f, - 0x61, 0x63, 0x6c, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x12, 0x0d, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, - 0x1a, 0x17, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2f, 0x76, 0x31, 0x2f, - 0x61, 0x63, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x22, 0x78, 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x12, 0x2d, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, - 0x76, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, - 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1d, 0x0a, - 0x0a, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x09, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x22, 0x29, 0x0a, 0x0d, - 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, - 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, - 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x22, 0x0d, 0x0a, 0x0b, 0x52, 0x65, 0x61, 0x64, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0e, 0x0a, 0x0c, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x0e, 0x0a, 0x0c, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0f, 0x0a, 0x0d, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x0e, 0x0a, 0x0c, 0x57, 0x72, 0x69, 0x74, 0x65, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0f, 0x0a, 0x0d, 0x57, 0x72, 0x69, 0x74, 0x65, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x0f, 0x0a, 0x0d, 0x44, 0x65, 0x6c, 0x65, - 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x10, 0x0a, 0x0e, 0x44, 0x65, 0x6c, - 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0x6b, 0x0a, 0x0c, 0x43, - 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x42, 0x0a, 0x05, 0x43, - 0x68, 0x65, 0x63, 0x6b, 0x12, 0x1b, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, - 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x1a, 0x1c, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, - 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, - 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x32, 0x67, 0x0a, 0x0b, 0x52, 0x65, 0x61, 0x64, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x3f, 0x0a, 0x04, 0x52, 0x65, 0x61, 0x64, 0x12, - 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, - 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1b, 0x2e, 0x6b, 0x65, - 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x61, 0x64, + return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{9} +} + +var File_keto_acl_v1_acl_service_proto protoreflect.FileDescriptor + +var file_keto_acl_v1_acl_service_proto_rawDesc = []byte{ + 0x0a, 0x1d, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x63, + 0x6c, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x0b, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x1a, 0x15, 0x6b, 0x65, + 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x63, 0x6c, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, + 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x76, 0x0a, 0x0c, + 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2b, 0x0a, 0x06, + 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x6b, + 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, + 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, + 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x75, 0x62, 0x6a, 0x65, + 0x63, 0x74, 0x49, 0x64, 0x22, 0x29, 0x0a, 0x0d, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x22, + 0x0d, 0x0a, 0x0b, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0e, + 0x0a, 0x0c, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x0e, + 0x0a, 0x0c, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0f, + 0x0a, 0x0d, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, + 0x0e, 0x0a, 0x0c, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, + 0x0f, 0x0a, 0x0d, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x22, 0x0f, 0x0a, 0x0d, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x22, 0x10, 0x0a, 0x0e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x32, 0x67, 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x12, 0x3e, 0x0a, 0x05, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x19, 0x2e, 0x6b, + 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, + 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, + 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x32, 0x63, 0x0a, 0x0b, + 0x52, 0x65, 0x61, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x3b, 0x0a, 0x04, 0x52, + 0x65, 0x61, 0x64, 0x12, 0x18, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, + 0x31, 0x2e, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, + 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, - 0x6d, 0x32, 0x6b, 0x0a, 0x0c, 0x57, 0x61, 0x74, 0x63, 0x68, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x12, 0x42, 0x0a, 0x05, 0x57, 0x61, 0x74, 0x63, 0x68, 0x12, 0x1b, 0x2e, 0x6b, 0x65, 0x74, - 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x61, 0x74, 0x63, 0x68, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, - 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x32, 0xb2, - 0x01, 0x0a, 0x0c, 0x57, 0x72, 0x69, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, - 0x42, 0x0a, 0x05, 0x57, 0x72, 0x69, 0x74, 0x65, 0x12, 0x1b, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, - 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, - 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x12, 0x45, 0x0a, 0x06, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x1c, 0x2e, - 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, - 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x6b, 0x65, - 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, - 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, - 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, - 0x63, 0x6f, 0x6d, 0x42, 0x79, 0x0a, 0x14, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, - 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x42, 0x0a, 0x41, 0x75, 0x74, - 0x68, 0x7a, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, + 0x6d, 0x32, 0x67, 0x0a, 0x0c, 0x57, 0x61, 0x74, 0x63, 0x68, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x12, 0x3e, 0x0a, 0x05, 0x57, 0x61, 0x74, 0x63, 0x68, 0x12, 0x19, 0x2e, 0x6b, 0x65, 0x74, + 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, + 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, + 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x32, 0xaa, 0x01, 0x0a, 0x0c, 0x57, + 0x72, 0x69, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x3e, 0x0a, 0x05, 0x57, + 0x72, 0x69, 0x74, 0x65, 0x12, 0x19, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, + 0x76, 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x72, + 0x69, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x41, 0x0a, 0x06, 0x44, + 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, + 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x1b, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, + 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, + 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, + 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, 0x6d, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, + 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x08, 0x41, + 0x63, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, - 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2f, 0x76, 0x31, - 0x3b, 0x61, 0x75, 0x74, 0x68, 0x7a, 0xaa, 0x02, 0x11, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, - 0x6f, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x11, 0x4f, 0x72, 0x79, - 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x5c, 0x56, 0x31, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, + 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, + 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, + 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( - file_keto_authz_v1_acl_service_proto_rawDescOnce sync.Once - file_keto_authz_v1_acl_service_proto_rawDescData = file_keto_authz_v1_acl_service_proto_rawDesc + file_keto_acl_v1_acl_service_proto_rawDescOnce sync.Once + file_keto_acl_v1_acl_service_proto_rawDescData = file_keto_acl_v1_acl_service_proto_rawDesc ) -func file_keto_authz_v1_acl_service_proto_rawDescGZIP() []byte { - file_keto_authz_v1_acl_service_proto_rawDescOnce.Do(func() { - file_keto_authz_v1_acl_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_keto_authz_v1_acl_service_proto_rawDescData) +func file_keto_acl_v1_acl_service_proto_rawDescGZIP() []byte { + file_keto_acl_v1_acl_service_proto_rawDescOnce.Do(func() { + file_keto_acl_v1_acl_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_keto_acl_v1_acl_service_proto_rawDescData) }) - return file_keto_authz_v1_acl_service_proto_rawDescData -} - -var file_keto_authz_v1_acl_service_proto_msgTypes = make([]protoimpl.MessageInfo, 10) -var file_keto_authz_v1_acl_service_proto_goTypes = []interface{}{ - (*CheckRequest)(nil), // 0: keto.authz.v1.CheckRequest - (*CheckResponse)(nil), // 1: keto.authz.v1.CheckResponse - (*ReadRequest)(nil), // 2: keto.authz.v1.ReadRequest - (*ReadResponse)(nil), // 3: keto.authz.v1.ReadResponse - (*WatchRequest)(nil), // 4: keto.authz.v1.WatchRequest - (*WatchResponse)(nil), // 5: keto.authz.v1.WatchResponse - (*WriteRequest)(nil), // 6: keto.authz.v1.WriteRequest - (*WriteResponse)(nil), // 7: keto.authz.v1.WriteResponse - (*DeleteRequest)(nil), // 8: keto.authz.v1.DeleteRequest - (*DeleteResponse)(nil), // 9: keto.authz.v1.DeleteResponse - (*Object)(nil), // 10: keto.authz.v1.Object -} -var file_keto_authz_v1_acl_service_proto_depIdxs = []int32{ - 10, // 0: keto.authz.v1.CheckRequest.object:type_name -> keto.authz.v1.Object - 0, // 1: keto.authz.v1.CheckService.Check:input_type -> keto.authz.v1.CheckRequest - 2, // 2: keto.authz.v1.ReadService.Read:input_type -> keto.authz.v1.ReadRequest - 4, // 3: keto.authz.v1.WatchService.Watch:input_type -> keto.authz.v1.WatchRequest - 6, // 4: keto.authz.v1.WriteService.Write:input_type -> keto.authz.v1.WriteRequest - 8, // 5: keto.authz.v1.WriteService.Delete:input_type -> keto.authz.v1.DeleteRequest - 1, // 6: keto.authz.v1.CheckService.Check:output_type -> keto.authz.v1.CheckResponse - 3, // 7: keto.authz.v1.ReadService.Read:output_type -> keto.authz.v1.ReadResponse - 5, // 8: keto.authz.v1.WatchService.Watch:output_type -> keto.authz.v1.WatchResponse - 7, // 9: keto.authz.v1.WriteService.Write:output_type -> keto.authz.v1.WriteResponse - 9, // 10: keto.authz.v1.WriteService.Delete:output_type -> keto.authz.v1.DeleteResponse + return file_keto_acl_v1_acl_service_proto_rawDescData +} + +var file_keto_acl_v1_acl_service_proto_msgTypes = make([]protoimpl.MessageInfo, 10) +var file_keto_acl_v1_acl_service_proto_goTypes = []interface{}{ + (*CheckRequest)(nil), // 0: keto.acl.v1.CheckRequest + (*CheckResponse)(nil), // 1: keto.acl.v1.CheckResponse + (*ReadRequest)(nil), // 2: keto.acl.v1.ReadRequest + (*ReadResponse)(nil), // 3: keto.acl.v1.ReadResponse + (*WatchRequest)(nil), // 4: keto.acl.v1.WatchRequest + (*WatchResponse)(nil), // 5: keto.acl.v1.WatchResponse + (*WriteRequest)(nil), // 6: keto.acl.v1.WriteRequest + (*WriteResponse)(nil), // 7: keto.acl.v1.WriteResponse + (*DeleteRequest)(nil), // 8: keto.acl.v1.DeleteRequest + (*DeleteResponse)(nil), // 9: keto.acl.v1.DeleteResponse + (*Object)(nil), // 10: keto.acl.v1.Object +} +var file_keto_acl_v1_acl_service_proto_depIdxs = []int32{ + 10, // 0: keto.acl.v1.CheckRequest.object:type_name -> keto.acl.v1.Object + 0, // 1: keto.acl.v1.CheckService.Check:input_type -> keto.acl.v1.CheckRequest + 2, // 2: keto.acl.v1.ReadService.Read:input_type -> keto.acl.v1.ReadRequest + 4, // 3: keto.acl.v1.WatchService.Watch:input_type -> keto.acl.v1.WatchRequest + 6, // 4: keto.acl.v1.WriteService.Write:input_type -> keto.acl.v1.WriteRequest + 8, // 5: keto.acl.v1.WriteService.Delete:input_type -> keto.acl.v1.DeleteRequest + 1, // 6: keto.acl.v1.CheckService.Check:output_type -> keto.acl.v1.CheckResponse + 3, // 7: keto.acl.v1.ReadService.Read:output_type -> keto.acl.v1.ReadResponse + 5, // 8: keto.acl.v1.WatchService.Watch:output_type -> keto.acl.v1.WatchResponse + 7, // 9: keto.acl.v1.WriteService.Write:output_type -> keto.acl.v1.WriteResponse + 9, // 10: keto.acl.v1.WriteService.Delete:output_type -> keto.acl.v1.DeleteResponse 6, // [6:11] is the sub-list for method output_type 1, // [1:6] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name @@ -560,14 +557,14 @@ var file_keto_authz_v1_acl_service_proto_depIdxs = []int32{ 0, // [0:1] is the sub-list for field type_name } -func init() { file_keto_authz_v1_acl_service_proto_init() } -func file_keto_authz_v1_acl_service_proto_init() { - if File_keto_authz_v1_acl_service_proto != nil { +func init() { file_keto_acl_v1_acl_service_proto_init() } +func file_keto_acl_v1_acl_service_proto_init() { + if File_keto_acl_v1_acl_service_proto != nil { return } - file_keto_authz_v1_acl_proto_init() + file_keto_acl_v1_acl_proto_init() if !protoimpl.UnsafeEnabled { - file_keto_authz_v1_acl_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + file_keto_acl_v1_acl_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*CheckRequest); i { case 0: return &v.state @@ -579,7 +576,7 @@ func file_keto_authz_v1_acl_service_proto_init() { return nil } } - file_keto_authz_v1_acl_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + file_keto_acl_v1_acl_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*CheckResponse); i { case 0: return &v.state @@ -591,7 +588,7 @@ func file_keto_authz_v1_acl_service_proto_init() { return nil } } - file_keto_authz_v1_acl_service_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + file_keto_acl_v1_acl_service_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*ReadRequest); i { case 0: return &v.state @@ -603,7 +600,7 @@ func file_keto_authz_v1_acl_service_proto_init() { return nil } } - file_keto_authz_v1_acl_service_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + file_keto_acl_v1_acl_service_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*ReadResponse); i { case 0: return &v.state @@ -615,7 +612,7 @@ func file_keto_authz_v1_acl_service_proto_init() { return nil } } - file_keto_authz_v1_acl_service_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + file_keto_acl_v1_acl_service_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*WatchRequest); i { case 0: return &v.state @@ -627,7 +624,7 @@ func file_keto_authz_v1_acl_service_proto_init() { return nil } } - file_keto_authz_v1_acl_service_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + file_keto_acl_v1_acl_service_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*WatchResponse); i { case 0: return &v.state @@ -639,7 +636,7 @@ func file_keto_authz_v1_acl_service_proto_init() { return nil } } - file_keto_authz_v1_acl_service_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + file_keto_acl_v1_acl_service_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*WriteRequest); i { case 0: return &v.state @@ -651,7 +648,7 @@ func file_keto_authz_v1_acl_service_proto_init() { return nil } } - file_keto_authz_v1_acl_service_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + file_keto_acl_v1_acl_service_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*WriteResponse); i { case 0: return &v.state @@ -663,7 +660,7 @@ func file_keto_authz_v1_acl_service_proto_init() { return nil } } - file_keto_authz_v1_acl_service_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + file_keto_acl_v1_acl_service_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*DeleteRequest); i { case 0: return &v.state @@ -675,7 +672,7 @@ func file_keto_authz_v1_acl_service_proto_init() { return nil } } - file_keto_authz_v1_acl_service_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + file_keto_acl_v1_acl_service_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*DeleteResponse); i { case 0: return &v.state @@ -692,18 +689,18 @@ func file_keto_authz_v1_acl_service_proto_init() { out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_keto_authz_v1_acl_service_proto_rawDesc, + RawDescriptor: file_keto_acl_v1_acl_service_proto_rawDesc, NumEnums: 0, NumMessages: 10, NumExtensions: 0, NumServices: 4, }, - GoTypes: file_keto_authz_v1_acl_service_proto_goTypes, - DependencyIndexes: file_keto_authz_v1_acl_service_proto_depIdxs, - MessageInfos: file_keto_authz_v1_acl_service_proto_msgTypes, + GoTypes: file_keto_acl_v1_acl_service_proto_goTypes, + DependencyIndexes: file_keto_acl_v1_acl_service_proto_depIdxs, + MessageInfos: file_keto_acl_v1_acl_service_proto_msgTypes, }.Build() - File_keto_authz_v1_acl_service_proto = out.File - file_keto_authz_v1_acl_service_proto_rawDesc = nil - file_keto_authz_v1_acl_service_proto_goTypes = nil - file_keto_authz_v1_acl_service_proto_depIdxs = nil + File_keto_acl_v1_acl_service_proto = out.File + file_keto_acl_v1_acl_service_proto_rawDesc = nil + file_keto_acl_v1_acl_service_proto_goTypes = nil + file_keto_acl_v1_acl_service_proto_depIdxs = nil } diff --git a/api/keto/authz/v1/acl_service.proto b/api/keto/acl/v1/acl_service.proto similarity index 87% rename from api/keto/authz/v1/acl_service.proto rename to api/keto/acl/v1/acl_service.proto index f4ab15b96..47e1f3d78 100644 --- a/api/keto/authz/v1/acl_service.proto +++ b/api/keto/acl/v1/acl_service.proto @@ -1,16 +1,16 @@ syntax = "proto3"; -package keto.authz.v1; +package keto.acl.v1; -import "keto/authz/v1/acl.proto"; +import "keto/acl/v1/acl.proto"; import "google/api/client.proto"; -option go_package = "github.com/ory/keto/api/keto/authz/v1;authz"; -option csharp_namespace = "Ory.Keto.Authz.V1"; +option go_package = "github.com/ory/keto/api/keto/acl/v1;acl"; +option csharp_namespace = "Ory.Keto.Acl.V1"; option java_multiple_files = true; -option java_outer_classname = "AuthzProto"; -option java_package = "sh.ory.keto.authz.v1"; -option php_namespace = "Ory\\Keto\\Authz\\V1"; +option java_outer_classname = "AclProto"; +option java_package = "sh.ory.keto.acl.v1"; +option php_namespace = "Ory\\Keto\\Acl\\V1"; // The service that performs authorization checks // based on the stored Access Control Lists. @@ -41,7 +41,7 @@ message CheckRequest { // ACLs in case it is strictly required to do so. // // Optional. - // TODO string zookie = 4; + // TODO bytes zookie = 4; } message CheckResponse { diff --git a/api/keto/authz/v1/acl_service_grpc.pb.go b/api/keto/acl/v1/acl_service_grpc.pb.go similarity index 92% rename from api/keto/authz/v1/acl_service_grpc.pb.go rename to api/keto/acl/v1/acl_service_grpc.pb.go index d0ab181c2..03aeff676 100644 --- a/api/keto/authz/v1/acl_service_grpc.pb.go +++ b/api/keto/acl/v1/acl_service_grpc.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. -package authz +package acl import ( context "context" @@ -31,7 +31,7 @@ func NewCheckServiceClient(cc grpc.ClientConnInterface) CheckServiceClient { func (c *checkServiceClient) Check(ctx context.Context, in *CheckRequest, opts ...grpc.CallOption) (*CheckResponse, error) { out := new(CheckResponse) - err := c.cc.Invoke(ctx, "/keto.authz.v1.CheckService/Check", in, out, opts...) + err := c.cc.Invoke(ctx, "/keto.acl.v1.CheckService/Check", in, out, opts...) if err != nil { return nil, err } @@ -75,7 +75,7 @@ func _CheckService_Check_Handler(srv interface{}, ctx context.Context, dec func( } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/keto.authz.v1.CheckService/Check", + FullMethod: "/keto.acl.v1.CheckService/Check", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(CheckServiceServer).Check(ctx, req.(*CheckRequest)) @@ -84,7 +84,7 @@ func _CheckService_Check_Handler(srv interface{}, ctx context.Context, dec func( } var _CheckService_serviceDesc = grpc.ServiceDesc{ - ServiceName: "keto.authz.v1.CheckService", + ServiceName: "keto.acl.v1.CheckService", HandlerType: (*CheckServiceServer)(nil), Methods: []grpc.MethodDesc{ { @@ -93,7 +93,7 @@ var _CheckService_serviceDesc = grpc.ServiceDesc{ }, }, Streams: []grpc.StreamDesc{}, - Metadata: "keto/authz/v1/acl_service.proto", + Metadata: "keto/acl/v1/acl_service.proto", } // ReadServiceClient is the client API for ReadService service. @@ -114,7 +114,7 @@ func NewReadServiceClient(cc grpc.ClientConnInterface) ReadServiceClient { func (c *readServiceClient) Read(ctx context.Context, in *ReadRequest, opts ...grpc.CallOption) (*ReadResponse, error) { out := new(ReadResponse) - err := c.cc.Invoke(ctx, "/keto.authz.v1.ReadService/Read", in, out, opts...) + err := c.cc.Invoke(ctx, "/keto.acl.v1.ReadService/Read", in, out, opts...) if err != nil { return nil, err } @@ -158,7 +158,7 @@ func _ReadService_Read_Handler(srv interface{}, ctx context.Context, dec func(in } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/keto.authz.v1.ReadService/Read", + FullMethod: "/keto.acl.v1.ReadService/Read", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(ReadServiceServer).Read(ctx, req.(*ReadRequest)) @@ -167,7 +167,7 @@ func _ReadService_Read_Handler(srv interface{}, ctx context.Context, dec func(in } var _ReadService_serviceDesc = grpc.ServiceDesc{ - ServiceName: "keto.authz.v1.ReadService", + ServiceName: "keto.acl.v1.ReadService", HandlerType: (*ReadServiceServer)(nil), Methods: []grpc.MethodDesc{ { @@ -176,7 +176,7 @@ var _ReadService_serviceDesc = grpc.ServiceDesc{ }, }, Streams: []grpc.StreamDesc{}, - Metadata: "keto/authz/v1/acl_service.proto", + Metadata: "keto/acl/v1/acl_service.proto", } // WatchServiceClient is the client API for WatchService service. @@ -197,7 +197,7 @@ func NewWatchServiceClient(cc grpc.ClientConnInterface) WatchServiceClient { func (c *watchServiceClient) Watch(ctx context.Context, in *WatchRequest, opts ...grpc.CallOption) (*WatchResponse, error) { out := new(WatchResponse) - err := c.cc.Invoke(ctx, "/keto.authz.v1.WatchService/Watch", in, out, opts...) + err := c.cc.Invoke(ctx, "/keto.acl.v1.WatchService/Watch", in, out, opts...) if err != nil { return nil, err } @@ -241,7 +241,7 @@ func _WatchService_Watch_Handler(srv interface{}, ctx context.Context, dec func( } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/keto.authz.v1.WatchService/Watch", + FullMethod: "/keto.acl.v1.WatchService/Watch", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(WatchServiceServer).Watch(ctx, req.(*WatchRequest)) @@ -250,7 +250,7 @@ func _WatchService_Watch_Handler(srv interface{}, ctx context.Context, dec func( } var _WatchService_serviceDesc = grpc.ServiceDesc{ - ServiceName: "keto.authz.v1.WatchService", + ServiceName: "keto.acl.v1.WatchService", HandlerType: (*WatchServiceServer)(nil), Methods: []grpc.MethodDesc{ { @@ -259,7 +259,7 @@ var _WatchService_serviceDesc = grpc.ServiceDesc{ }, }, Streams: []grpc.StreamDesc{}, - Metadata: "keto/authz/v1/acl_service.proto", + Metadata: "keto/acl/v1/acl_service.proto", } // WriteServiceClient is the client API for WriteService service. @@ -284,7 +284,7 @@ func NewWriteServiceClient(cc grpc.ClientConnInterface) WriteServiceClient { func (c *writeServiceClient) Write(ctx context.Context, in *WriteRequest, opts ...grpc.CallOption) (*WriteResponse, error) { out := new(WriteResponse) - err := c.cc.Invoke(ctx, "/keto.authz.v1.WriteService/Write", in, out, opts...) + err := c.cc.Invoke(ctx, "/keto.acl.v1.WriteService/Write", in, out, opts...) if err != nil { return nil, err } @@ -293,7 +293,7 @@ func (c *writeServiceClient) Write(ctx context.Context, in *WriteRequest, opts . func (c *writeServiceClient) Delete(ctx context.Context, in *DeleteRequest, opts ...grpc.CallOption) (*DeleteResponse, error) { out := new(DeleteResponse) - err := c.cc.Invoke(ctx, "/keto.authz.v1.WriteService/Delete", in, out, opts...) + err := c.cc.Invoke(ctx, "/keto.acl.v1.WriteService/Delete", in, out, opts...) if err != nil { return nil, err } @@ -344,7 +344,7 @@ func _WriteService_Write_Handler(srv interface{}, ctx context.Context, dec func( } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/keto.authz.v1.WriteService/Write", + FullMethod: "/keto.acl.v1.WriteService/Write", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(WriteServiceServer).Write(ctx, req.(*WriteRequest)) @@ -362,7 +362,7 @@ func _WriteService_Delete_Handler(srv interface{}, ctx context.Context, dec func } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/keto.authz.v1.WriteService/Delete", + FullMethod: "/keto.acl.v1.WriteService/Delete", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(WriteServiceServer).Delete(ctx, req.(*DeleteRequest)) @@ -371,7 +371,7 @@ func _WriteService_Delete_Handler(srv interface{}, ctx context.Context, dec func } var _WriteService_serviceDesc = grpc.ServiceDesc{ - ServiceName: "keto.authz.v1.WriteService", + ServiceName: "keto.acl.v1.WriteService", HandlerType: (*WriteServiceServer)(nil), Methods: []grpc.MethodDesc{ { @@ -384,5 +384,5 @@ var _WriteService_serviceDesc = grpc.ServiceDesc{ }, }, Streams: []grpc.StreamDesc{}, - Metadata: "keto/authz/v1/acl_service.proto", + Metadata: "keto/acl/v1/acl_service.proto", } diff --git a/api/keto/authz/admin/v1/admin_service.pb.go b/api/keto/authz/admin/v1/admin_service.pb.go deleted file mode 100644 index 0c658d613..000000000 --- a/api/keto/authz/admin/v1/admin_service.pb.go +++ /dev/null @@ -1,82 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.25.0 -// protoc v3.13.0 -// source: keto/authz/admin/v1/admin_service.proto - -package admin - -import ( - proto "github.com/golang/protobuf/proto" - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// This is a compile-time assertion that a sufficiently up-to-date version -// of the legacy proto package is being used. -const _ = proto.ProtoPackageIsVersion4 - -var File_keto_authz_admin_v1_admin_service_proto protoreflect.FileDescriptor - -var file_keto_authz_admin_v1_admin_service_proto_rawDesc = []byte{ - 0x0a, 0x27, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2f, 0x61, 0x64, 0x6d, - 0x69, 0x6e, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x5f, 0x73, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x6b, 0x65, 0x74, 0x6f, 0x2e, - 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x76, 0x31, 0x1a, 0x17, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, - 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x32, 0x27, 0x0a, 0x0c, 0x41, 0x64, 0x6d, 0x69, 0x6e, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, - 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, - 0x42, 0x91, 0x01, 0x0a, 0x1a, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, - 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x76, 0x31, 0x42, - 0x0a, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x31, 0x67, - 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, - 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, - 0x7a, 0x2f, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x64, 0x6d, 0x69, 0x6e, - 0xaa, 0x02, 0x17, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x75, 0x74, 0x68, - 0x7a, 0x2e, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x17, 0x4f, 0x72, 0x79, - 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x5c, 0x41, 0x64, 0x6d, 0x69, - 0x6e, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var file_keto_authz_admin_v1_admin_service_proto_goTypes = []interface{}{} -var file_keto_authz_admin_v1_admin_service_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_keto_authz_admin_v1_admin_service_proto_init() } -func file_keto_authz_admin_v1_admin_service_proto_init() { - if File_keto_authz_admin_v1_admin_service_proto != nil { - return - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_keto_authz_admin_v1_admin_service_proto_rawDesc, - NumEnums: 0, - NumMessages: 0, - NumExtensions: 0, - NumServices: 1, - }, - GoTypes: file_keto_authz_admin_v1_admin_service_proto_goTypes, - DependencyIndexes: file_keto_authz_admin_v1_admin_service_proto_depIdxs, - }.Build() - File_keto_authz_admin_v1_admin_service_proto = out.File - file_keto_authz_admin_v1_admin_service_proto_rawDesc = nil - file_keto_authz_admin_v1_admin_service_proto_goTypes = nil - file_keto_authz_admin_v1_admin_service_proto_depIdxs = nil -} diff --git a/api/keto/authz/node/v1/node_service.pb.go b/api/keto/authz/node/v1/node_service.pb.go deleted file mode 100644 index ca64f16c3..000000000 --- a/api/keto/authz/node/v1/node_service.pb.go +++ /dev/null @@ -1,77 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.25.0 -// protoc v3.13.0 -// source: keto/authz/node/v1/node_service.proto - -package node - -import ( - proto "github.com/golang/protobuf/proto" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// This is a compile-time assertion that a sufficiently up-to-date version -// of the legacy proto package is being used. -const _ = proto.ProtoPackageIsVersion4 - -var File_keto_authz_node_v1_node_service_proto protoreflect.FileDescriptor - -var file_keto_authz_node_v1_node_service_proto_rawDesc = []byte{ - 0x0a, 0x25, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2f, 0x6e, 0x6f, 0x64, - 0x65, 0x2f, 0x76, 0x31, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, - 0x74, 0x68, 0x7a, 0x2e, 0x6e, 0x6f, 0x64, 0x65, 0x2e, 0x76, 0x31, 0x32, 0x0d, 0x0a, 0x0b, 0x4e, - 0x6f, 0x64, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x42, 0x8b, 0x01, 0x0a, 0x19, 0x73, - 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, - 0x2e, 0x6e, 0x6f, 0x64, 0x65, 0x2e, 0x76, 0x31, 0x42, 0x09, 0x4e, 0x6f, 0x64, 0x65, 0x50, 0x72, - 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, - 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2f, 0x76, - 0x31, 0x3b, 0x6e, 0x6f, 0x64, 0x65, 0xaa, 0x02, 0x16, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, - 0x6f, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x2e, 0x56, 0x31, 0xca, - 0x02, 0x16, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x75, 0x74, 0x68, 0x7a, - 0x5c, 0x4e, 0x6f, 0x64, 0x65, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var file_keto_authz_node_v1_node_service_proto_goTypes = []interface{}{} -var file_keto_authz_node_v1_node_service_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_keto_authz_node_v1_node_service_proto_init() } -func file_keto_authz_node_v1_node_service_proto_init() { - if File_keto_authz_node_v1_node_service_proto != nil { - return - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_keto_authz_node_v1_node_service_proto_rawDesc, - NumEnums: 0, - NumMessages: 0, - NumExtensions: 0, - NumServices: 1, - }, - GoTypes: file_keto_authz_node_v1_node_service_proto_goTypes, - DependencyIndexes: file_keto_authz_node_v1_node_service_proto_depIdxs, - }.Build() - File_keto_authz_node_v1_node_service_proto = out.File - file_keto_authz_node_v1_node_service_proto_rawDesc = nil - file_keto_authz_node_v1_node_service_proto_goTypes = nil - file_keto_authz_node_v1_node_service_proto_depIdxs = nil -} diff --git a/api/keto/rbac/README.md b/api/keto/rbac/README.md new file mode 100644 index 000000000..01b10d9b4 --- /dev/null +++ b/api/keto/rbac/README.md @@ -0,0 +1,2 @@ +# coming soon +Built upon [ACL](../acl). \ No newline at end of file diff --git a/buf.gen.yaml b/buf/api/buf.gen.yaml similarity index 100% rename from buf.gen.yaml rename to buf/api/buf.gen.yaml diff --git a/buf.yaml b/buf/api/buf.yaml similarity index 100% rename from buf.yaml rename to buf/api/buf.yaml From 0f0879e166c7b712444ca9c189cd9d77a72aff62 Mon Sep 17 00:00:00 2001 From: robinbraemer Date: Sat, 14 Nov 2020 15:55:15 +0100 Subject: [PATCH 04/21] improve WriteService & ReadService --- api/keto/acl/v1/acl.pb.go | 62 +-- api/keto/acl/v1/acl.proto | 2 + api/keto/acl/v1/acl_service.pb.go | 579 ++++++++++++++++--------- api/keto/acl/v1/acl_service.proto | 96 +++- api/keto/acl/v1/acl_service_grpc.pb.go | 134 ++---- 5 files changed, 539 insertions(+), 334 deletions(-) diff --git a/api/keto/acl/v1/acl.pb.go b/api/keto/acl/v1/acl.pb.go index fcf5a42f5..bdc762b46 100644 --- a/api/keto/acl/v1/acl.pb.go +++ b/api/keto/acl/v1/acl.pb.go @@ -42,6 +42,8 @@ type RelationTuple struct { // It either is a concrete subject id or // or a subject set expanding to more Subjects. Subject *Subject `protobuf:"bytes,3,opt,name=subject,proto3" json:"subject,omitempty"` + // Used to perform a consistent read-modify-write. + Etag string `protobuf:"bytes,4,opt,name=etag,proto3" json:"etag,omitempty"` } func (x *RelationTuple) Reset() { @@ -97,6 +99,13 @@ func (x *RelationTuple) GetSubject() *Subject { return nil } +func (x *RelationTuple) GetEtag() string { + if x != nil { + return x.Etag + } + return "" +} + // Object is an object in a namespace // referenced by a RelationTuple or SubjectSet. // @@ -307,7 +316,7 @@ var File_keto_acl_v1_acl_proto protoreflect.FileDescriptor var file_keto_acl_v1_acl_proto_rawDesc = []byte{ 0x0a, 0x15, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x63, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0b, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, - 0x6c, 0x2e, 0x76, 0x31, 0x22, 0x88, 0x01, 0x0a, 0x0d, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, + 0x6c, 0x2e, 0x76, 0x31, 0x22, 0x9c, 0x01, 0x0a, 0x0d, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x12, 0x2b, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, @@ -315,31 +324,32 @@ var file_keto_acl_v1_acl_proto_rawDesc = []byte{ 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2e, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x53, - 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x22, - 0x36, 0x0a, 0x06, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, - 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, - 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x22, 0x6e, 0x0a, 0x07, 0x53, 0x75, 0x62, 0x6a, 0x65, - 0x63, 0x74, 0x12, 0x1f, 0x0a, 0x0a, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x09, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, - 0x74, 0x49, 0x64, 0x12, 0x3a, 0x0a, 0x0b, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x73, - 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, - 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, - 0x74, 0x48, 0x00, 0x52, 0x0a, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x42, - 0x06, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x22, 0x55, 0x0a, 0x0a, 0x53, 0x75, 0x62, 0x6a, 0x65, - 0x63, 0x74, 0x53, 0x65, 0x74, 0x12, 0x2b, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, - 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, - 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x6d, - 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, - 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x08, 0x41, 0x63, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, - 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, - 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, - 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x2e, - 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, 0x4f, 0x72, - 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, + 0x12, 0x0a, 0x04, 0x65, 0x74, 0x61, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x65, + 0x74, 0x61, 0x67, 0x22, 0x36, 0x0a, 0x06, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1c, 0x0a, + 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, + 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x22, 0x6e, 0x0a, 0x07, 0x53, + 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1f, 0x0a, 0x0a, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, + 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x09, 0x73, 0x75, + 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x3a, 0x0a, 0x0b, 0x73, 0x75, 0x62, 0x6a, 0x65, + 0x63, 0x74, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x6b, + 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, + 0x63, 0x74, 0x53, 0x65, 0x74, 0x48, 0x00, 0x52, 0x0a, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, + 0x53, 0x65, 0x74, 0x42, 0x06, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x22, 0x55, 0x0a, 0x0a, 0x53, + 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x12, 0x2b, 0x0a, 0x06, 0x6f, 0x62, 0x6a, + 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x6b, 0x65, 0x74, 0x6f, + 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, + 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x42, 0x6d, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, + 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x08, 0x41, 0x63, 0x6c, 0x50, 0x72, 0x6f, + 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, + 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, + 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, + 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, + 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/api/keto/acl/v1/acl.proto b/api/keto/acl/v1/acl.proto index a15f9ad24..10a69baf0 100644 --- a/api/keto/acl/v1/acl.proto +++ b/api/keto/acl/v1/acl.proto @@ -23,6 +23,8 @@ message RelationTuple { // It either is a concrete subject id or // or a subject set expanding to more Subjects. Subject subject = 3; + // Used to perform a consistent read-modify-write. + string etag = 4; } // Object is an object in a namespace diff --git a/api/keto/acl/v1/acl_service.pb.go b/api/keto/acl/v1/acl_service.pb.go index 83d901631..e67368c78 100644 --- a/api/keto/acl/v1/acl_service.pb.go +++ b/api/keto/acl/v1/acl_service.pb.go @@ -26,6 +26,72 @@ const ( // of the legacy proto package is being used. const _ = proto.ProtoPackageIsVersion4 +type RelationTupleWriteDelta_Action int32 + +const ( + // Unspecified. + // The `WriteRelationTuples` RPC ignores this + // RelationTupleWriteDelta if no action is specified. + RelationTupleWriteDelta_ACTION_UNSPECIFIED RelationTupleWriteDelta_Action = 0 + // Insertion or if already exists, update of the RelationTuple. + RelationTupleWriteDelta_UPSERT RelationTupleWriteDelta_Action = 1 + // Insertion of the RelationTuple. + // The `WriteRelationTuples` RPC errors if the RelationTuple already exists. + RelationTupleWriteDelta_INSERT RelationTupleWriteDelta_Action = 2 + // Update of the existing RelationTuple. + // The `WriteRelationTuples` RPC errors if the RelationTuple does not exist. + RelationTupleWriteDelta_UPDATE RelationTupleWriteDelta_Action = 3 + // Deletion of the RelationTuple. + // The `WriteRelationTuples` RPC is silent and does not error in case + // the RelationTuple does not exist. + RelationTupleWriteDelta_DELETE RelationTupleWriteDelta_Action = 4 +) + +// Enum value maps for RelationTupleWriteDelta_Action. +var ( + RelationTupleWriteDelta_Action_name = map[int32]string{ + 0: "ACTION_UNSPECIFIED", + 1: "UPSERT", + 2: "INSERT", + 3: "UPDATE", + 4: "DELETE", + } + RelationTupleWriteDelta_Action_value = map[string]int32{ + "ACTION_UNSPECIFIED": 0, + "UPSERT": 1, + "INSERT": 2, + "UPDATE": 3, + "DELETE": 4, + } +) + +func (x RelationTupleWriteDelta_Action) Enum() *RelationTupleWriteDelta_Action { + p := new(RelationTupleWriteDelta_Action) + *p = x + return p +} + +func (x RelationTupleWriteDelta_Action) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (RelationTupleWriteDelta_Action) Descriptor() protoreflect.EnumDescriptor { + return file_keto_acl_v1_acl_service_proto_enumTypes[0].Descriptor() +} + +func (RelationTupleWriteDelta_Action) Type() protoreflect.EnumType { + return &file_keto_acl_v1_acl_service_proto_enumTypes[0] +} + +func (x RelationTupleWriteDelta_Action) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use RelationTupleWriteDelta_Action.Descriptor instead. +func (RelationTupleWriteDelta_Action) EnumDescriptor() ([]byte, []int) { + return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{7, 0} +} + type CheckRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -37,6 +103,20 @@ type CheckRequest struct { Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` // The concrete subject id to check. SubjectId string `protobuf:"bytes,3,opt,name=subject_id,json=subjectId,proto3" json:"subject_id,omitempty"` + // Optional. The least snapshot time of the used + // serverside data to compute the response of this check. + // + // If specified requests to perform + // the check on only near up to-date ACLs. + // + // *This recommended for low latency and where checks + // are allowed to perform on ACLs that are a bit stale + // (stale => not up to date, but still only differs some + // millis or seconds). + // + // If not specified performs the check on most up to-date + // ACLs in case it is strictly required to do so. + Zookie []byte `protobuf:"bytes,4,opt,name=zookie,proto3" json:"zookie,omitempty"` } func (x *CheckRequest) Reset() { @@ -92,6 +172,13 @@ func (x *CheckRequest) GetSubjectId() string { return "" } +func (x *CheckRequest) GetZookie() []byte { + if x != nil { + return x.Zookie + } + return nil +} + type CheckResponse struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -141,14 +228,33 @@ func (x *CheckResponse) GetAllowed() bool { return false } -type ReadRequest struct { +type ListRelationTuplesRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields -} -func (x *ReadRequest) Reset() { - *x = ReadRequest{} + // The filter to query for relation tuples. + // If none specified + // TODO RelationTuple listing and querying is a quite more involved task than only passing in a Query structure + // TODO e.g. filter by namespace, object, relation, subject, commit_time (create time) in combination with logical OR/AND operators + // TODO See https://google.aip.dev/160 + // TODO We should use an expression engine for evaluation and SQL query building + Filter string `protobuf:"bytes,1,opt,name=filter,proto3" json:"filter,omitempty"` + // The ordering of the queried relation tuples. + // TODO See https://google.aip.dev/132 + OrderBy string `protobuf:"bytes,2,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"` + // Optional. The least snapshot time of + // the used serverside data in the response. + Zookie []byte `protobuf:"bytes,3,opt,name=zookie,proto3" json:"zookie,omitempty"` + // Optional. The maximum number of RelationTuples to return in the response. + PageSize int32 `protobuf:"varint,4,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"` + // Optional. A pagination token returned from a previous call to `ListRelationTuples` + // that indicates where this listing should continue from. + PageToken string `protobuf:"bytes,5,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"` +} + +func (x *ListRelationTuplesRequest) Reset() { + *x = ListRelationTuplesRequest{} if protoimpl.UnsafeEnabled { mi := &file_keto_acl_v1_acl_service_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -156,13 +262,13 @@ func (x *ReadRequest) Reset() { } } -func (x *ReadRequest) String() string { +func (x *ListRelationTuplesRequest) String() string { return protoimpl.X.MessageStringOf(x) } -func (*ReadRequest) ProtoMessage() {} +func (*ListRelationTuplesRequest) ProtoMessage() {} -func (x *ReadRequest) ProtoReflect() protoreflect.Message { +func (x *ListRelationTuplesRequest) ProtoReflect() protoreflect.Message { mi := &file_keto_acl_v1_acl_service_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -174,19 +280,60 @@ func (x *ReadRequest) ProtoReflect() protoreflect.Message { return mi.MessageOf(x) } -// Deprecated: Use ReadRequest.ProtoReflect.Descriptor instead. -func (*ReadRequest) Descriptor() ([]byte, []int) { +// Deprecated: Use ListRelationTuplesRequest.ProtoReflect.Descriptor instead. +func (*ListRelationTuplesRequest) Descriptor() ([]byte, []int) { return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{2} } -type ReadResponse struct { +func (x *ListRelationTuplesRequest) GetFilter() string { + if x != nil { + return x.Filter + } + return "" +} + +func (x *ListRelationTuplesRequest) GetOrderBy() string { + if x != nil { + return x.OrderBy + } + return "" +} + +func (x *ListRelationTuplesRequest) GetZookie() []byte { + if x != nil { + return x.Zookie + } + return nil +} + +func (x *ListRelationTuplesRequest) GetPageSize() int32 { + if x != nil { + return x.PageSize + } + return 0 +} + +func (x *ListRelationTuplesRequest) GetPageToken() string { + if x != nil { + return x.PageToken + } + return "" +} + +type ListRelationTuplesResponse struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields + + // The relation tuples matching the list request. + RelationTuples []*RelationTuple `protobuf:"bytes,1,rep,name=relation_tuples,json=relationTuples,proto3" json:"relation_tuples,omitempty"` + // Optional. A pagination token returned from a previous call to `ListRelationTuples` + // that indicates where this listing should continue from. + NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"` } -func (x *ReadResponse) Reset() { - *x = ReadResponse{} +func (x *ListRelationTuplesResponse) Reset() { + *x = ListRelationTuplesResponse{} if protoimpl.UnsafeEnabled { mi := &file_keto_acl_v1_acl_service_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -194,13 +341,13 @@ func (x *ReadResponse) Reset() { } } -func (x *ReadResponse) String() string { +func (x *ListRelationTuplesResponse) String() string { return protoimpl.X.MessageStringOf(x) } -func (*ReadResponse) ProtoMessage() {} +func (*ListRelationTuplesResponse) ProtoMessage() {} -func (x *ReadResponse) ProtoReflect() protoreflect.Message { +func (x *ListRelationTuplesResponse) ProtoReflect() protoreflect.Message { mi := &file_keto_acl_v1_acl_service_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -212,19 +359,33 @@ func (x *ReadResponse) ProtoReflect() protoreflect.Message { return mi.MessageOf(x) } -// Deprecated: Use ReadResponse.ProtoReflect.Descriptor instead. -func (*ReadResponse) Descriptor() ([]byte, []int) { +// Deprecated: Use ListRelationTuplesResponse.ProtoReflect.Descriptor instead. +func (*ListRelationTuplesResponse) Descriptor() ([]byte, []int) { return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{3} } -type WatchRequest struct { +func (x *ListRelationTuplesResponse) GetRelationTuples() []*RelationTuple { + if x != nil { + return x.RelationTuples + } + return nil +} + +func (x *ListRelationTuplesResponse) GetNextPageToken() string { + if x != nil { + return x.NextPageToken + } + return "" +} + +type WatchRelationTuplesRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields } -func (x *WatchRequest) Reset() { - *x = WatchRequest{} +func (x *WatchRelationTuplesRequest) Reset() { + *x = WatchRelationTuplesRequest{} if protoimpl.UnsafeEnabled { mi := &file_keto_acl_v1_acl_service_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -232,13 +393,13 @@ func (x *WatchRequest) Reset() { } } -func (x *WatchRequest) String() string { +func (x *WatchRelationTuplesRequest) String() string { return protoimpl.X.MessageStringOf(x) } -func (*WatchRequest) ProtoMessage() {} +func (*WatchRelationTuplesRequest) ProtoMessage() {} -func (x *WatchRequest) ProtoReflect() protoreflect.Message { +func (x *WatchRelationTuplesRequest) ProtoReflect() protoreflect.Message { mi := &file_keto_acl_v1_acl_service_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -250,19 +411,19 @@ func (x *WatchRequest) ProtoReflect() protoreflect.Message { return mi.MessageOf(x) } -// Deprecated: Use WatchRequest.ProtoReflect.Descriptor instead. -func (*WatchRequest) Descriptor() ([]byte, []int) { +// Deprecated: Use WatchRelationTuplesRequest.ProtoReflect.Descriptor instead. +func (*WatchRelationTuplesRequest) Descriptor() ([]byte, []int) { return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{4} } -type WatchResponse struct { +type WatchRelationTuplesResponse struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields } -func (x *WatchResponse) Reset() { - *x = WatchResponse{} +func (x *WatchRelationTuplesResponse) Reset() { + *x = WatchRelationTuplesResponse{} if protoimpl.UnsafeEnabled { mi := &file_keto_acl_v1_acl_service_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -270,13 +431,13 @@ func (x *WatchResponse) Reset() { } } -func (x *WatchResponse) String() string { +func (x *WatchRelationTuplesResponse) String() string { return protoimpl.X.MessageStringOf(x) } -func (*WatchResponse) ProtoMessage() {} +func (*WatchRelationTuplesResponse) ProtoMessage() {} -func (x *WatchResponse) ProtoReflect() protoreflect.Message { +func (x *WatchRelationTuplesResponse) ProtoReflect() protoreflect.Message { mi := &file_keto_acl_v1_acl_service_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -288,19 +449,27 @@ func (x *WatchResponse) ProtoReflect() protoreflect.Message { return mi.MessageOf(x) } -// Deprecated: Use WatchResponse.ProtoReflect.Descriptor instead. -func (*WatchResponse) Descriptor() ([]byte, []int) { +// Deprecated: Use WatchRelationTuplesResponse.ProtoReflect.Descriptor instead. +func (*WatchRelationTuplesResponse) Descriptor() ([]byte, []int) { return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{5} } -type WriteRequest struct { +type WriteRelationTuplesRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields + + // The write delta for the relation tuples operated in one single transaction. + // Either all actions commit or no change takes effect on error. + // + // The tuple's etag is used for a consistent read-modify-write request flow. + // If the etag is not present, the tuple is not validated against the state + // of the serverside tuple and get operated anyway. + RelationTupleDeltas []*RelationTupleWriteDelta `protobuf:"bytes,1,rep,name=relation_tuple_deltas,json=relationTupleDeltas,proto3" json:"relation_tuple_deltas,omitempty"` } -func (x *WriteRequest) Reset() { - *x = WriteRequest{} +func (x *WriteRelationTuplesRequest) Reset() { + *x = WriteRelationTuplesRequest{} if protoimpl.UnsafeEnabled { mi := &file_keto_acl_v1_acl_service_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -308,13 +477,13 @@ func (x *WriteRequest) Reset() { } } -func (x *WriteRequest) String() string { +func (x *WriteRelationTuplesRequest) String() string { return protoimpl.X.MessageStringOf(x) } -func (*WriteRequest) ProtoMessage() {} +func (*WriteRelationTuplesRequest) ProtoMessage() {} -func (x *WriteRequest) ProtoReflect() protoreflect.Message { +func (x *WriteRelationTuplesRequest) ProtoReflect() protoreflect.Message { mi := &file_keto_acl_v1_acl_service_proto_msgTypes[6] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -326,19 +495,29 @@ func (x *WriteRequest) ProtoReflect() protoreflect.Message { return mi.MessageOf(x) } -// Deprecated: Use WriteRequest.ProtoReflect.Descriptor instead. -func (*WriteRequest) Descriptor() ([]byte, []int) { +// Deprecated: Use WriteRelationTuplesRequest.ProtoReflect.Descriptor instead. +func (*WriteRelationTuplesRequest) Descriptor() ([]byte, []int) { return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{6} } -type WriteResponse struct { +func (x *WriteRelationTuplesRequest) GetRelationTupleDeltas() []*RelationTupleWriteDelta { + if x != nil { + return x.RelationTupleDeltas + } + return nil +} + +type RelationTupleWriteDelta struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields + + // The target RelationTuple. + RelationTuple *RelationTuple `protobuf:"bytes,1,opt,name=relation_tuple,json=relationTuple,proto3" json:"relation_tuple,omitempty"` } -func (x *WriteResponse) Reset() { - *x = WriteResponse{} +func (x *RelationTupleWriteDelta) Reset() { + *x = RelationTupleWriteDelta{} if protoimpl.UnsafeEnabled { mi := &file_keto_acl_v1_acl_service_proto_msgTypes[7] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -346,13 +525,13 @@ func (x *WriteResponse) Reset() { } } -func (x *WriteResponse) String() string { +func (x *RelationTupleWriteDelta) String() string { return protoimpl.X.MessageStringOf(x) } -func (*WriteResponse) ProtoMessage() {} +func (*RelationTupleWriteDelta) ProtoMessage() {} -func (x *WriteResponse) ProtoReflect() protoreflect.Message { +func (x *RelationTupleWriteDelta) ProtoReflect() protoreflect.Message { mi := &file_keto_acl_v1_acl_service_proto_msgTypes[7] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -364,72 +543,41 @@ func (x *WriteResponse) ProtoReflect() protoreflect.Message { return mi.MessageOf(x) } -// Deprecated: Use WriteResponse.ProtoReflect.Descriptor instead. -func (*WriteResponse) Descriptor() ([]byte, []int) { +// Deprecated: Use RelationTupleWriteDelta.ProtoReflect.Descriptor instead. +func (*RelationTupleWriteDelta) Descriptor() ([]byte, []int) { return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{7} } -type DeleteRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields -} - -func (x *DeleteRequest) Reset() { - *x = DeleteRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_acl_service_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DeleteRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DeleteRequest) ProtoMessage() {} - -func (x *DeleteRequest) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_acl_service_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms +func (x *RelationTupleWriteDelta) GetRelationTuple() *RelationTuple { + if x != nil { + return x.RelationTuple } - return mi.MessageOf(x) -} - -// Deprecated: Use DeleteRequest.ProtoReflect.Descriptor instead. -func (*DeleteRequest) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{8} + return nil } -type DeleteResponse struct { +type WriteRelationTuplesResponse struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields } -func (x *DeleteResponse) Reset() { - *x = DeleteResponse{} +func (x *WriteRelationTuplesResponse) Reset() { + *x = WriteRelationTuplesResponse{} if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_acl_service_proto_msgTypes[9] + mi := &file_keto_acl_v1_acl_service_proto_msgTypes[8] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } -func (x *DeleteResponse) String() string { +func (x *WriteRelationTuplesResponse) String() string { return protoimpl.X.MessageStringOf(x) } -func (*DeleteResponse) ProtoMessage() {} +func (*WriteRelationTuplesResponse) ProtoMessage() {} -func (x *DeleteResponse) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_acl_service_proto_msgTypes[9] +func (x *WriteRelationTuplesResponse) ProtoReflect() protoreflect.Message { + mi := &file_keto_acl_v1_acl_service_proto_msgTypes[8] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -440,9 +588,9 @@ func (x *DeleteResponse) ProtoReflect() protoreflect.Message { return mi.MessageOf(x) } -// Deprecated: Use DeleteResponse.ProtoReflect.Descriptor instead. -func (*DeleteResponse) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{9} +// Deprecated: Use WriteRelationTuplesResponse.ProtoReflect.Descriptor instead. +func (*WriteRelationTuplesResponse) Descriptor() ([]byte, []int) { + return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{8} } var File_keto_acl_v1_acl_service_proto protoreflect.FileDescriptor @@ -453,63 +601,104 @@ var file_keto_acl_v1_acl_service_proto_rawDesc = []byte{ 0x0b, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x1a, 0x15, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x63, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, - 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x76, 0x0a, 0x0c, - 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2b, 0x0a, 0x06, - 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x6b, - 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, - 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, - 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x75, 0x62, 0x6a, 0x65, - 0x63, 0x74, 0x49, 0x64, 0x22, 0x29, 0x0a, 0x0d, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x22, - 0x0d, 0x0a, 0x0b, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0e, - 0x0a, 0x0c, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x0e, - 0x0a, 0x0c, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0f, - 0x0a, 0x0d, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, - 0x0e, 0x0a, 0x0c, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, - 0x0f, 0x0a, 0x0d, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x22, 0x0f, 0x0a, 0x0d, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x22, 0x10, 0x0a, 0x0e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x32, 0x67, 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x12, 0x3e, 0x0a, 0x05, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x19, 0x2e, 0x6b, - 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, - 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, - 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x32, 0x63, 0x0a, 0x0b, - 0x52, 0x65, 0x61, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x3b, 0x0a, 0x04, 0x52, - 0x65, 0x61, 0x64, 0x12, 0x18, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, - 0x31, 0x2e, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, - 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x61, 0x64, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, - 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, - 0x6d, 0x32, 0x67, 0x0a, 0x0c, 0x57, 0x61, 0x74, 0x63, 0x68, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x12, 0x3e, 0x0a, 0x05, 0x57, 0x61, 0x74, 0x63, 0x68, 0x12, 0x19, 0x2e, 0x6b, 0x65, 0x74, - 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, - 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, - 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x32, 0xaa, 0x01, 0x0a, 0x0c, 0x57, - 0x72, 0x69, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x3e, 0x0a, 0x05, 0x57, - 0x72, 0x69, 0x74, 0x65, 0x12, 0x19, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, - 0x76, 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, - 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x72, - 0x69, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x41, 0x0a, 0x06, 0x44, - 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, - 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x1a, 0x1b, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, - 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, + 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x8e, 0x01, 0x0a, + 0x0c, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2b, 0x0a, + 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, + 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, + 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, + 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, + 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, + 0x74, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x75, 0x62, 0x6a, + 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x7a, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x7a, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x22, 0x29, 0x0a, + 0x0d, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, + 0x0a, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x22, 0xa2, 0x01, 0x0a, 0x19, 0x4c, 0x69, 0x73, + 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x19, + 0x0a, 0x08, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x5f, 0x62, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x42, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x7a, 0x6f, 0x6f, + 0x6b, 0x69, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x7a, 0x6f, 0x6f, 0x6b, 0x69, + 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x70, 0x61, 0x67, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x1d, + 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x05, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x89, 0x01, + 0x0a, 0x1a, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, + 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x43, 0x0a, 0x0f, + 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x18, + 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, + 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, + 0x65, 0x52, 0x0e, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, + 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, + 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6e, 0x65, 0x78, 0x74, + 0x50, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x1c, 0x0a, 0x1a, 0x57, 0x61, 0x74, + 0x63, 0x68, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x1d, 0x0a, 0x1b, 0x57, 0x61, 0x74, 0x63, 0x68, + 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x76, 0x0a, 0x1a, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, + 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x12, 0x58, 0x0a, 0x15, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x5f, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x73, 0x18, 0x01, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, + 0x31, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x57, + 0x72, 0x69, 0x74, 0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x52, 0x13, 0x72, 0x65, 0x6c, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x73, 0x22, 0xae, + 0x01, 0x0a, 0x17, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, + 0x57, 0x72, 0x69, 0x74, 0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x12, 0x41, 0x0a, 0x0e, 0x72, 0x65, + 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, + 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x52, 0x0d, + 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x22, 0x50, 0x0a, + 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x43, 0x54, 0x49, 0x4f, + 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, + 0x0a, 0x0a, 0x06, 0x55, 0x50, 0x53, 0x45, 0x52, 0x54, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x49, + 0x4e, 0x53, 0x45, 0x52, 0x54, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x50, 0x44, 0x41, 0x54, + 0x45, 0x10, 0x03, 0x12, 0x0a, 0x0a, 0x06, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x04, 0x22, + 0x1d, 0x0a, 0x1b, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0x67, + 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x3e, + 0x0a, 0x05, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x19, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, + 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, + 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, + 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, + 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x32, 0x8d, 0x01, 0x0a, 0x0b, 0x52, 0x65, 0x61, 0x64, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x65, 0x0a, 0x12, 0x4c, 0x69, 0x73, 0x74, 0x52, + 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, 0x26, 0x2e, + 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, + 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, + 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, - 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, 0x6d, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, - 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x08, 0x41, - 0x63, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, - 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, - 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, - 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, - 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, - 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x32, 0x91, 0x01, 0x0a, 0x0c, 0x57, 0x61, 0x74, 0x63, + 0x68, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x68, 0x0a, 0x13, 0x57, 0x61, 0x74, 0x63, + 0x68, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, + 0x27, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x61, + 0x74, 0x63, 0x68, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, + 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, + 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x6c, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x32, 0x91, 0x01, 0x0a, 0x0c, + 0x57, 0x72, 0x69, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x68, 0x0a, 0x13, + 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, + 0x6c, 0x65, 0x73, 0x12, 0x27, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, + 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, + 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x6b, + 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, + 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, + 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, + 0x6d, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, + 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x08, 0x41, 0x63, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, + 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, + 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, + 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, 0x79, + 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, 0x4f, + 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -524,37 +713,40 @@ func file_keto_acl_v1_acl_service_proto_rawDescGZIP() []byte { return file_keto_acl_v1_acl_service_proto_rawDescData } -var file_keto_acl_v1_acl_service_proto_msgTypes = make([]protoimpl.MessageInfo, 10) +var file_keto_acl_v1_acl_service_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_keto_acl_v1_acl_service_proto_msgTypes = make([]protoimpl.MessageInfo, 9) var file_keto_acl_v1_acl_service_proto_goTypes = []interface{}{ - (*CheckRequest)(nil), // 0: keto.acl.v1.CheckRequest - (*CheckResponse)(nil), // 1: keto.acl.v1.CheckResponse - (*ReadRequest)(nil), // 2: keto.acl.v1.ReadRequest - (*ReadResponse)(nil), // 3: keto.acl.v1.ReadResponse - (*WatchRequest)(nil), // 4: keto.acl.v1.WatchRequest - (*WatchResponse)(nil), // 5: keto.acl.v1.WatchResponse - (*WriteRequest)(nil), // 6: keto.acl.v1.WriteRequest - (*WriteResponse)(nil), // 7: keto.acl.v1.WriteResponse - (*DeleteRequest)(nil), // 8: keto.acl.v1.DeleteRequest - (*DeleteResponse)(nil), // 9: keto.acl.v1.DeleteResponse - (*Object)(nil), // 10: keto.acl.v1.Object + (RelationTupleWriteDelta_Action)(0), // 0: keto.acl.v1.RelationTupleWriteDelta.Action + (*CheckRequest)(nil), // 1: keto.acl.v1.CheckRequest + (*CheckResponse)(nil), // 2: keto.acl.v1.CheckResponse + (*ListRelationTuplesRequest)(nil), // 3: keto.acl.v1.ListRelationTuplesRequest + (*ListRelationTuplesResponse)(nil), // 4: keto.acl.v1.ListRelationTuplesResponse + (*WatchRelationTuplesRequest)(nil), // 5: keto.acl.v1.WatchRelationTuplesRequest + (*WatchRelationTuplesResponse)(nil), // 6: keto.acl.v1.WatchRelationTuplesResponse + (*WriteRelationTuplesRequest)(nil), // 7: keto.acl.v1.WriteRelationTuplesRequest + (*RelationTupleWriteDelta)(nil), // 8: keto.acl.v1.RelationTupleWriteDelta + (*WriteRelationTuplesResponse)(nil), // 9: keto.acl.v1.WriteRelationTuplesResponse + (*Object)(nil), // 10: keto.acl.v1.Object + (*RelationTuple)(nil), // 11: keto.acl.v1.RelationTuple } var file_keto_acl_v1_acl_service_proto_depIdxs = []int32{ 10, // 0: keto.acl.v1.CheckRequest.object:type_name -> keto.acl.v1.Object - 0, // 1: keto.acl.v1.CheckService.Check:input_type -> keto.acl.v1.CheckRequest - 2, // 2: keto.acl.v1.ReadService.Read:input_type -> keto.acl.v1.ReadRequest - 4, // 3: keto.acl.v1.WatchService.Watch:input_type -> keto.acl.v1.WatchRequest - 6, // 4: keto.acl.v1.WriteService.Write:input_type -> keto.acl.v1.WriteRequest - 8, // 5: keto.acl.v1.WriteService.Delete:input_type -> keto.acl.v1.DeleteRequest - 1, // 6: keto.acl.v1.CheckService.Check:output_type -> keto.acl.v1.CheckResponse - 3, // 7: keto.acl.v1.ReadService.Read:output_type -> keto.acl.v1.ReadResponse - 5, // 8: keto.acl.v1.WatchService.Watch:output_type -> keto.acl.v1.WatchResponse - 7, // 9: keto.acl.v1.WriteService.Write:output_type -> keto.acl.v1.WriteResponse - 9, // 10: keto.acl.v1.WriteService.Delete:output_type -> keto.acl.v1.DeleteResponse - 6, // [6:11] is the sub-list for method output_type - 1, // [1:6] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name + 11, // 1: keto.acl.v1.ListRelationTuplesResponse.relation_tuples:type_name -> keto.acl.v1.RelationTuple + 8, // 2: keto.acl.v1.WriteRelationTuplesRequest.relation_tuple_deltas:type_name -> keto.acl.v1.RelationTupleWriteDelta + 11, // 3: keto.acl.v1.RelationTupleWriteDelta.relation_tuple:type_name -> keto.acl.v1.RelationTuple + 1, // 4: keto.acl.v1.CheckService.Check:input_type -> keto.acl.v1.CheckRequest + 3, // 5: keto.acl.v1.ReadService.ListRelationTuples:input_type -> keto.acl.v1.ListRelationTuplesRequest + 5, // 6: keto.acl.v1.WatchService.WatchRelationTuples:input_type -> keto.acl.v1.WatchRelationTuplesRequest + 7, // 7: keto.acl.v1.WriteService.WriteRelationTuples:input_type -> keto.acl.v1.WriteRelationTuplesRequest + 2, // 8: keto.acl.v1.CheckService.Check:output_type -> keto.acl.v1.CheckResponse + 4, // 9: keto.acl.v1.ReadService.ListRelationTuples:output_type -> keto.acl.v1.ListRelationTuplesResponse + 6, // 10: keto.acl.v1.WatchService.WatchRelationTuples:output_type -> keto.acl.v1.WatchRelationTuplesResponse + 9, // 11: keto.acl.v1.WriteService.WriteRelationTuples:output_type -> keto.acl.v1.WriteRelationTuplesResponse + 8, // [8:12] is the sub-list for method output_type + 4, // [4:8] is the sub-list for method input_type + 4, // [4:4] is the sub-list for extension type_name + 4, // [4:4] is the sub-list for extension extendee + 0, // [0:4] is the sub-list for field type_name } func init() { file_keto_acl_v1_acl_service_proto_init() } @@ -589,7 +781,7 @@ func file_keto_acl_v1_acl_service_proto_init() { } } file_keto_acl_v1_acl_service_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ReadRequest); i { + switch v := v.(*ListRelationTuplesRequest); i { case 0: return &v.state case 1: @@ -601,7 +793,7 @@ func file_keto_acl_v1_acl_service_proto_init() { } } file_keto_acl_v1_acl_service_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ReadResponse); i { + switch v := v.(*ListRelationTuplesResponse); i { case 0: return &v.state case 1: @@ -613,7 +805,7 @@ func file_keto_acl_v1_acl_service_proto_init() { } } file_keto_acl_v1_acl_service_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WatchRequest); i { + switch v := v.(*WatchRelationTuplesRequest); i { case 0: return &v.state case 1: @@ -625,7 +817,7 @@ func file_keto_acl_v1_acl_service_proto_init() { } } file_keto_acl_v1_acl_service_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WatchResponse); i { + switch v := v.(*WatchRelationTuplesResponse); i { case 0: return &v.state case 1: @@ -637,7 +829,7 @@ func file_keto_acl_v1_acl_service_proto_init() { } } file_keto_acl_v1_acl_service_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WriteRequest); i { + switch v := v.(*WriteRelationTuplesRequest); i { case 0: return &v.state case 1: @@ -649,7 +841,7 @@ func file_keto_acl_v1_acl_service_proto_init() { } } file_keto_acl_v1_acl_service_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WriteResponse); i { + switch v := v.(*RelationTupleWriteDelta); i { case 0: return &v.state case 1: @@ -661,19 +853,7 @@ func file_keto_acl_v1_acl_service_proto_init() { } } file_keto_acl_v1_acl_service_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DeleteRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keto_acl_v1_acl_service_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DeleteResponse); i { + switch v := v.(*WriteRelationTuplesResponse); i { case 0: return &v.state case 1: @@ -690,13 +870,14 @@ func file_keto_acl_v1_acl_service_proto_init() { File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_keto_acl_v1_acl_service_proto_rawDesc, - NumEnums: 0, - NumMessages: 10, + NumEnums: 1, + NumMessages: 9, NumExtensions: 0, NumServices: 4, }, GoTypes: file_keto_acl_v1_acl_service_proto_goTypes, DependencyIndexes: file_keto_acl_v1_acl_service_proto_depIdxs, + EnumInfos: file_keto_acl_v1_acl_service_proto_enumTypes, MessageInfos: file_keto_acl_v1_acl_service_proto_msgTypes, }.Build() File_keto_acl_v1_acl_service_proto = out.File diff --git a/api/keto/acl/v1/acl_service.proto b/api/keto/acl/v1/acl_service.proto index 47e1f3d78..11aa22e00 100644 --- a/api/keto/acl/v1/acl_service.proto +++ b/api/keto/acl/v1/acl_service.proto @@ -27,7 +27,8 @@ message CheckRequest { string relation = 2; // The concrete subject id to check. string subject_id = 3; - // TODO Needs more investigation of the Zanzibar paper (2.4.4 Check) + // Optional. The least snapshot time of the used + // serverside data to compute the response of this check. // // If specified requests to perform // the check on only near up to-date ACLs. @@ -39,9 +40,7 @@ message CheckRequest { // // If not specified performs the check on most up to-date // ACLs in case it is strictly required to do so. - // - // Optional. - // TODO bytes zookie = 4; + bytes zookie = 4; } message CheckResponse { @@ -53,37 +52,92 @@ message CheckResponse { // The service to query Access Control Lists. service ReadService { option (google.api.default_host) = "keto.exampleapis.com"; - // Read lookups relation tuples. - rpc Read(ReadRequest) returns (ReadResponse); + // Lists ACL relation tuples. + rpc ListRelationTuples(ListRelationTuplesRequest) returns (ListRelationTuplesResponse); } -message ReadRequest {} -message ReadResponse {} +message ListRelationTuplesRequest { + // The filter to query for relation tuples. + // If none specified + // TODO RelationTuple listing and querying is a quite more involved task than only passing in a Query structure + // TODO e.g. filter by namespace, object, relation, subject, commit_time (create time) in combination with logical OR/AND operators + // TODO See https://google.aip.dev/160 + // TODO We should use an expression engine for evaluation and SQL query building + string filter = 1; + // The ordering of the queried relation tuples. + // TODO See https://google.aip.dev/132 + string order_by = 2; + // Optional. The least snapshot time of + // the used serverside data in the response. + bytes zookie = 3; + // Optional. The maximum number of RelationTuples to return in the response. + int32 page_size = 4; + // Optional. A pagination token returned from a previous call to `ListRelationTuples` + // that indicates where this listing should continue from. + string page_token = 5; + +} +message ListRelationTuplesResponse { + // The relation tuples matching the list request. + repeated RelationTuple relation_tuples = 1; + // Optional. A pagination token returned from a previous call to `ListRelationTuples` + // that indicates where this listing should continue from. + string next_page_token = 2; +} // The service to watch for changes in the system, // such as for Access Control Lists and namespace configs. service WatchService { option (google.api.default_host) = "keto.exampleapis.com"; // Watches and filters for changes in the ACL system. - rpc Watch(WatchRequest) returns (WatchResponse); + rpc WatchRelationTuples(WatchRelationTuplesRequest) returns (WatchRelationTuplesResponse); } -message WatchRequest {} -message WatchResponse {} +message WatchRelationTuplesRequest {} +message WatchRelationTuplesResponse {} // The write service to create and delete Access Control Lists. service WriteService { option (google.api.default_host) = "keto.exampleapis.com"; - // Writes one or more relation tuples - // in a single transaction. - rpc Write(WriteRequest) returns (WriteResponse); - // Deletes one or more matching relation tuples - // in a single transaction. - rpc Delete(DeleteRequest) returns (DeleteResponse); + // Writes one or more relation tuples in a single transaction. + rpc WriteRelationTuples(WriteRelationTuplesRequest) returns (WriteRelationTuplesResponse); +} + +message WriteRelationTuplesRequest { + // The write delta for the relation tuples operated in one single transaction. + // Either all actions commit or no change takes effect on error. + // + // The tuple's etag is used for a consistent read-modify-write request flow. + // If the etag is not present, the tuple is not validated against the state + // of the serverside tuple and get operated anyway. + repeated RelationTupleWriteDelta relation_tuple_deltas = 1; } -message WriteRequest {} -message WriteResponse {} +message RelationTupleWriteDelta { + enum Action { + // Unspecified. + // The `WriteRelationTuples` RPC ignores this + // RelationTupleWriteDelta if no action is specified. + ACTION_UNSPECIFIED = 0; + + // Insertion or if already exists, update of the RelationTuple. + UPSERT = 1; + + // Insertion of the RelationTuple. + // The `WriteRelationTuples` RPC errors if the RelationTuple already exists. + INSERT = 2; + + // Update of the existing RelationTuple. + // The `WriteRelationTuples` RPC errors if the RelationTuple does not exist. + UPDATE = 3; + + // Deletion of the RelationTuple. + // The `WriteRelationTuples` RPC is silent and does not error in case + // the RelationTuple does not exist. + DELETE = 4; + } + // The target RelationTuple. + RelationTuple relation_tuple = 1; +} -message DeleteRequest {} -message DeleteResponse {} \ No newline at end of file +message WriteRelationTuplesResponse {} \ No newline at end of file diff --git a/api/keto/acl/v1/acl_service_grpc.pb.go b/api/keto/acl/v1/acl_service_grpc.pb.go index 03aeff676..af671810e 100644 --- a/api/keto/acl/v1/acl_service_grpc.pb.go +++ b/api/keto/acl/v1/acl_service_grpc.pb.go @@ -100,8 +100,8 @@ var _CheckService_serviceDesc = grpc.ServiceDesc{ // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. type ReadServiceClient interface { - // Read lookups relation tuples. - Read(ctx context.Context, in *ReadRequest, opts ...grpc.CallOption) (*ReadResponse, error) + // Lists ACL relation tuples. + ListRelationTuples(ctx context.Context, in *ListRelationTuplesRequest, opts ...grpc.CallOption) (*ListRelationTuplesResponse, error) } type readServiceClient struct { @@ -112,9 +112,9 @@ func NewReadServiceClient(cc grpc.ClientConnInterface) ReadServiceClient { return &readServiceClient{cc} } -func (c *readServiceClient) Read(ctx context.Context, in *ReadRequest, opts ...grpc.CallOption) (*ReadResponse, error) { - out := new(ReadResponse) - err := c.cc.Invoke(ctx, "/keto.acl.v1.ReadService/Read", in, out, opts...) +func (c *readServiceClient) ListRelationTuples(ctx context.Context, in *ListRelationTuplesRequest, opts ...grpc.CallOption) (*ListRelationTuplesResponse, error) { + out := new(ListRelationTuplesResponse) + err := c.cc.Invoke(ctx, "/keto.acl.v1.ReadService/ListRelationTuples", in, out, opts...) if err != nil { return nil, err } @@ -125,16 +125,16 @@ func (c *readServiceClient) Read(ctx context.Context, in *ReadRequest, opts ...g // All implementations should embed UnimplementedReadServiceServer // for forward compatibility type ReadServiceServer interface { - // Read lookups relation tuples. - Read(context.Context, *ReadRequest) (*ReadResponse, error) + // Lists ACL relation tuples. + ListRelationTuples(context.Context, *ListRelationTuplesRequest) (*ListRelationTuplesResponse, error) } // UnimplementedReadServiceServer should be embedded to have forward compatible implementations. type UnimplementedReadServiceServer struct { } -func (UnimplementedReadServiceServer) Read(context.Context, *ReadRequest) (*ReadResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Read not implemented") +func (UnimplementedReadServiceServer) ListRelationTuples(context.Context, *ListRelationTuplesRequest) (*ListRelationTuplesResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ListRelationTuples not implemented") } // UnsafeReadServiceServer may be embedded to opt out of forward compatibility for this service. @@ -148,20 +148,20 @@ func RegisterReadServiceServer(s grpc.ServiceRegistrar, srv ReadServiceServer) { s.RegisterService(&_ReadService_serviceDesc, srv) } -func _ReadService_Read_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(ReadRequest) +func _ReadService_ListRelationTuples_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ListRelationTuplesRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(ReadServiceServer).Read(ctx, in) + return srv.(ReadServiceServer).ListRelationTuples(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/keto.acl.v1.ReadService/Read", + FullMethod: "/keto.acl.v1.ReadService/ListRelationTuples", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(ReadServiceServer).Read(ctx, req.(*ReadRequest)) + return srv.(ReadServiceServer).ListRelationTuples(ctx, req.(*ListRelationTuplesRequest)) } return interceptor(ctx, in, info, handler) } @@ -171,8 +171,8 @@ var _ReadService_serviceDesc = grpc.ServiceDesc{ HandlerType: (*ReadServiceServer)(nil), Methods: []grpc.MethodDesc{ { - MethodName: "Read", - Handler: _ReadService_Read_Handler, + MethodName: "ListRelationTuples", + Handler: _ReadService_ListRelationTuples_Handler, }, }, Streams: []grpc.StreamDesc{}, @@ -184,7 +184,7 @@ var _ReadService_serviceDesc = grpc.ServiceDesc{ // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. type WatchServiceClient interface { // Watches and filters for changes in the ACL system. - Watch(ctx context.Context, in *WatchRequest, opts ...grpc.CallOption) (*WatchResponse, error) + WatchRelationTuples(ctx context.Context, in *WatchRelationTuplesRequest, opts ...grpc.CallOption) (*WatchRelationTuplesResponse, error) } type watchServiceClient struct { @@ -195,9 +195,9 @@ func NewWatchServiceClient(cc grpc.ClientConnInterface) WatchServiceClient { return &watchServiceClient{cc} } -func (c *watchServiceClient) Watch(ctx context.Context, in *WatchRequest, opts ...grpc.CallOption) (*WatchResponse, error) { - out := new(WatchResponse) - err := c.cc.Invoke(ctx, "/keto.acl.v1.WatchService/Watch", in, out, opts...) +func (c *watchServiceClient) WatchRelationTuples(ctx context.Context, in *WatchRelationTuplesRequest, opts ...grpc.CallOption) (*WatchRelationTuplesResponse, error) { + out := new(WatchRelationTuplesResponse) + err := c.cc.Invoke(ctx, "/keto.acl.v1.WatchService/WatchRelationTuples", in, out, opts...) if err != nil { return nil, err } @@ -209,15 +209,15 @@ func (c *watchServiceClient) Watch(ctx context.Context, in *WatchRequest, opts . // for forward compatibility type WatchServiceServer interface { // Watches and filters for changes in the ACL system. - Watch(context.Context, *WatchRequest) (*WatchResponse, error) + WatchRelationTuples(context.Context, *WatchRelationTuplesRequest) (*WatchRelationTuplesResponse, error) } // UnimplementedWatchServiceServer should be embedded to have forward compatible implementations. type UnimplementedWatchServiceServer struct { } -func (UnimplementedWatchServiceServer) Watch(context.Context, *WatchRequest) (*WatchResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Watch not implemented") +func (UnimplementedWatchServiceServer) WatchRelationTuples(context.Context, *WatchRelationTuplesRequest) (*WatchRelationTuplesResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method WatchRelationTuples not implemented") } // UnsafeWatchServiceServer may be embedded to opt out of forward compatibility for this service. @@ -231,20 +231,20 @@ func RegisterWatchServiceServer(s grpc.ServiceRegistrar, srv WatchServiceServer) s.RegisterService(&_WatchService_serviceDesc, srv) } -func _WatchService_Watch_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(WatchRequest) +func _WatchService_WatchRelationTuples_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(WatchRelationTuplesRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(WatchServiceServer).Watch(ctx, in) + return srv.(WatchServiceServer).WatchRelationTuples(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/keto.acl.v1.WatchService/Watch", + FullMethod: "/keto.acl.v1.WatchService/WatchRelationTuples", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(WatchServiceServer).Watch(ctx, req.(*WatchRequest)) + return srv.(WatchServiceServer).WatchRelationTuples(ctx, req.(*WatchRelationTuplesRequest)) } return interceptor(ctx, in, info, handler) } @@ -254,8 +254,8 @@ var _WatchService_serviceDesc = grpc.ServiceDesc{ HandlerType: (*WatchServiceServer)(nil), Methods: []grpc.MethodDesc{ { - MethodName: "Watch", - Handler: _WatchService_Watch_Handler, + MethodName: "WatchRelationTuples", + Handler: _WatchService_WatchRelationTuples_Handler, }, }, Streams: []grpc.StreamDesc{}, @@ -266,12 +266,8 @@ var _WatchService_serviceDesc = grpc.ServiceDesc{ // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. type WriteServiceClient interface { - // Writes one or more relation tuples - // in a single transaction. - Write(ctx context.Context, in *WriteRequest, opts ...grpc.CallOption) (*WriteResponse, error) - // Deletes one or more matching relation tuples - // in a single transaction. - Delete(ctx context.Context, in *DeleteRequest, opts ...grpc.CallOption) (*DeleteResponse, error) + // Writes one or more relation tuples in a single transaction. + WriteRelationTuples(ctx context.Context, in *WriteRelationTuplesRequest, opts ...grpc.CallOption) (*WriteRelationTuplesResponse, error) } type writeServiceClient struct { @@ -282,18 +278,9 @@ func NewWriteServiceClient(cc grpc.ClientConnInterface) WriteServiceClient { return &writeServiceClient{cc} } -func (c *writeServiceClient) Write(ctx context.Context, in *WriteRequest, opts ...grpc.CallOption) (*WriteResponse, error) { - out := new(WriteResponse) - err := c.cc.Invoke(ctx, "/keto.acl.v1.WriteService/Write", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *writeServiceClient) Delete(ctx context.Context, in *DeleteRequest, opts ...grpc.CallOption) (*DeleteResponse, error) { - out := new(DeleteResponse) - err := c.cc.Invoke(ctx, "/keto.acl.v1.WriteService/Delete", in, out, opts...) +func (c *writeServiceClient) WriteRelationTuples(ctx context.Context, in *WriteRelationTuplesRequest, opts ...grpc.CallOption) (*WriteRelationTuplesResponse, error) { + out := new(WriteRelationTuplesResponse) + err := c.cc.Invoke(ctx, "/keto.acl.v1.WriteService/WriteRelationTuples", in, out, opts...) if err != nil { return nil, err } @@ -304,23 +291,16 @@ func (c *writeServiceClient) Delete(ctx context.Context, in *DeleteRequest, opts // All implementations should embed UnimplementedWriteServiceServer // for forward compatibility type WriteServiceServer interface { - // Writes one or more relation tuples - // in a single transaction. - Write(context.Context, *WriteRequest) (*WriteResponse, error) - // Deletes one or more matching relation tuples - // in a single transaction. - Delete(context.Context, *DeleteRequest) (*DeleteResponse, error) + // Writes one or more relation tuples in a single transaction. + WriteRelationTuples(context.Context, *WriteRelationTuplesRequest) (*WriteRelationTuplesResponse, error) } // UnimplementedWriteServiceServer should be embedded to have forward compatible implementations. type UnimplementedWriteServiceServer struct { } -func (UnimplementedWriteServiceServer) Write(context.Context, *WriteRequest) (*WriteResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Write not implemented") -} -func (UnimplementedWriteServiceServer) Delete(context.Context, *DeleteRequest) (*DeleteResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Delete not implemented") +func (UnimplementedWriteServiceServer) WriteRelationTuples(context.Context, *WriteRelationTuplesRequest) (*WriteRelationTuplesResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method WriteRelationTuples not implemented") } // UnsafeWriteServiceServer may be embedded to opt out of forward compatibility for this service. @@ -334,38 +314,20 @@ func RegisterWriteServiceServer(s grpc.ServiceRegistrar, srv WriteServiceServer) s.RegisterService(&_WriteService_serviceDesc, srv) } -func _WriteService_Write_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(WriteRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(WriteServiceServer).Write(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/keto.acl.v1.WriteService/Write", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(WriteServiceServer).Write(ctx, req.(*WriteRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _WriteService_Delete_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DeleteRequest) +func _WriteService_WriteRelationTuples_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(WriteRelationTuplesRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(WriteServiceServer).Delete(ctx, in) + return srv.(WriteServiceServer).WriteRelationTuples(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/keto.acl.v1.WriteService/Delete", + FullMethod: "/keto.acl.v1.WriteService/WriteRelationTuples", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(WriteServiceServer).Delete(ctx, req.(*DeleteRequest)) + return srv.(WriteServiceServer).WriteRelationTuples(ctx, req.(*WriteRelationTuplesRequest)) } return interceptor(ctx, in, info, handler) } @@ -375,12 +337,8 @@ var _WriteService_serviceDesc = grpc.ServiceDesc{ HandlerType: (*WriteServiceServer)(nil), Methods: []grpc.MethodDesc{ { - MethodName: "Write", - Handler: _WriteService_Write_Handler, - }, - { - MethodName: "Delete", - Handler: _WriteService_Delete_Handler, + MethodName: "WriteRelationTuples", + Handler: _WriteService_WriteRelationTuples_Handler, }, }, Streams: []grpc.StreamDesc{}, From 4aed11fcf8ba3d2d865b8de3a61730b8cda51d45 Mon Sep 17 00:00:00 2001 From: robinbraemer Date: Sat, 14 Nov 2020 16:32:56 +0100 Subject: [PATCH 05/21] fix lint errors & split services into their own .proto --- Makefile | 28 +- api/keto/acl/admin/v1/admin_service.pb.go | 31 +- api/keto/acl/admin/v1/admin_service.proto | 2 +- .../acl/admin/v1/admin_service_grpc.pb.go | 2 +- api/keto/acl/node/v1/node_service.pb.go | 24 +- api/keto/acl/node/v1/node_service.proto | 2 +- api/keto/acl/node/v1/node_service_grpc.pb.go | 2 +- api/keto/acl/v1/acl_service.pb.go | 887 ------------------ api/keto/acl/v1/acl_service.proto | 143 --- api/keto/acl/v1/acl_service_grpc.pb.go | 346 ------- api/keto/acl/v1/check_service.pb.go | 281 ++++++ api/keto/acl/v1/check_service.proto | 50 + api/keto/acl/v1/check_service_grpc.pb.go | 97 ++ api/keto/acl/v1/read_service.pb.go | 306 ++++++ api/keto/acl/v1/read_service.proto | 51 + api/keto/acl/v1/read_service_grpc.pb.go | 97 ++ api/keto/acl/v1/watch_service.pb.go | 216 +++++ api/keto/acl/v1/watch_service.proto | 26 + api/keto/acl/v1/watch_service_grpc.pb.go | 124 +++ api/keto/acl/v1/write_service.pb.go | 379 ++++++++ api/keto/acl/v1/write_service.proto | 59 ++ api/keto/acl/v1/write_service_grpc.pb.go | 97 ++ buf/api/buf.yaml | 5 + 23 files changed, 1841 insertions(+), 1414 deletions(-) delete mode 100644 api/keto/acl/v1/acl_service.pb.go delete mode 100644 api/keto/acl/v1/acl_service.proto delete mode 100644 api/keto/acl/v1/acl_service_grpc.pb.go create mode 100644 api/keto/acl/v1/check_service.pb.go create mode 100644 api/keto/acl/v1/check_service.proto create mode 100644 api/keto/acl/v1/check_service_grpc.pb.go create mode 100644 api/keto/acl/v1/read_service.pb.go create mode 100644 api/keto/acl/v1/read_service.proto create mode 100644 api/keto/acl/v1/read_service_grpc.pb.go create mode 100644 api/keto/acl/v1/watch_service.pb.go create mode 100644 api/keto/acl/v1/watch_service.proto create mode 100644 api/keto/acl/v1/watch_service_grpc.pb.go create mode 100644 api/keto/acl/v1/write_service.pb.go create mode 100644 api/keto/acl/v1/write_service.proto create mode 100644 api/keto/acl/v1/write_service_grpc.pb.go diff --git a/Makefile b/Makefile index 9f5d2b69c..92eebd633 100644 --- a/Makefile +++ b/Makefile @@ -64,15 +64,31 @@ docker: deps rm keto packr clean +# +# Generate APIs and client stubs from the definitions +# .PHONY: buf-gen buf-gen: buf generate \ --config buf/api/buf.yaml \ - --template buf/api/buf.gen.yaml + --template buf/api/buf.gen.yaml \ + && \ + echo "TODO: generate gapic client at ./client" \ + && \ + echo "All code was generated successfully!" -.PHONY: gen-client -gen-client: - echo "TODO: generate gapic client at ./client" +# +# Lint API definitions +# +.PHONY: buf-lint +buf-lint: + buf check lint \ + --config buf/api/buf.yaml \ + && \ + echo "All lint checks passed successfully!" -.PHONY: gen-api -gen-api: buf-gen gen-client \ No newline at end of file +# +# Generate after linting succeeded +# +.PHONY: buf +buf: buf-lint buf-gen \ No newline at end of file diff --git a/api/keto/acl/admin/v1/admin_service.pb.go b/api/keto/acl/admin/v1/admin_service.pb.go index 92c0b1e21..6d779b2ac 100644 --- a/api/keto/acl/admin/v1/admin_service.pb.go +++ b/api/keto/acl/admin/v1/admin_service.pb.go @@ -30,22 +30,21 @@ var File_keto_acl_admin_v1_admin_service_proto protoreflect.FileDescriptor var file_keto_acl_admin_v1_admin_service_proto_rawDesc = []byte{ 0x0a, 0x25, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, - 0x74, 0x68, 0x7a, 0x2e, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x76, 0x31, 0x1a, 0x17, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x32, 0x27, 0x0a, 0x0c, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, 0x89, - 0x01, 0x0a, 0x18, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, - 0x63, 0x6c, 0x2e, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x76, 0x31, 0x42, 0x0a, 0x41, 0x64, 0x6d, - 0x69, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2f, 0x67, 0x69, 0x74, 0x68, 0x75, - 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, - 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x61, 0x64, 0x6d, 0x69, - 0x6e, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0xaa, 0x02, 0x15, 0x4f, 0x72, 0x79, - 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x2e, - 0x56, 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, - 0x6c, 0x5c, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x11, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, + 0x6c, 0x2e, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x76, 0x31, 0x1a, 0x17, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x32, 0x27, 0x0a, 0x0c, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, + 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, 0x89, 0x01, 0x0a, + 0x18, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, + 0x2e, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x76, 0x31, 0x42, 0x0a, 0x41, 0x64, 0x6d, 0x69, 0x6e, + 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, + 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, + 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2f, + 0x76, 0x31, 0x3b, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0xaa, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x2e, 0x4b, + 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x56, 0x31, + 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, + 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var file_keto_acl_admin_v1_admin_service_proto_goTypes = []interface{}{} diff --git a/api/keto/acl/admin/v1/admin_service.proto b/api/keto/acl/admin/v1/admin_service.proto index c8553363a..9edbdbc4c 100644 --- a/api/keto/acl/admin/v1/admin_service.proto +++ b/api/keto/acl/admin/v1/admin_service.proto @@ -1,6 +1,6 @@ syntax = "proto3"; -package keto.authz.admin.v1; +package keto.acl.admin.v1; import "google/api/client.proto"; diff --git a/api/keto/acl/admin/v1/admin_service_grpc.pb.go b/api/keto/acl/admin/v1/admin_service_grpc.pb.go index a23e04f79..623a8d391 100644 --- a/api/keto/acl/admin/v1/admin_service_grpc.pb.go +++ b/api/keto/acl/admin/v1/admin_service_grpc.pb.go @@ -46,7 +46,7 @@ func RegisterAdminServiceServer(s grpc.ServiceRegistrar, srv AdminServiceServer) } var _AdminService_serviceDesc = grpc.ServiceDesc{ - ServiceName: "keto.authz.admin.v1.AdminService", + ServiceName: "keto.acl.admin.v1.AdminService", HandlerType: (*AdminServiceServer)(nil), Methods: []grpc.MethodDesc{}, Streams: []grpc.StreamDesc{}, diff --git a/api/keto/acl/node/v1/node_service.pb.go b/api/keto/acl/node/v1/node_service.pb.go index 55d54ec66..b5fb86e7b 100644 --- a/api/keto/acl/node/v1/node_service.pb.go +++ b/api/keto/acl/node/v1/node_service.pb.go @@ -29,18 +29,18 @@ var File_keto_acl_node_v1_node_service_proto protoreflect.FileDescriptor var file_keto_acl_node_v1_node_service_proto_rawDesc = []byte{ 0x0a, 0x23, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2f, 0x76, 0x31, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, - 0x7a, 0x2e, 0x6e, 0x6f, 0x64, 0x65, 0x2e, 0x76, 0x31, 0x32, 0x0d, 0x0a, 0x0b, 0x4e, 0x6f, 0x64, - 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x42, 0x83, 0x01, 0x0a, 0x17, 0x73, 0x68, 0x2e, - 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x6e, 0x6f, 0x64, - 0x65, 0x2e, 0x76, 0x31, 0x42, 0x09, 0x4e, 0x6f, 0x64, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, - 0x01, 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, - 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, - 0x61, 0x63, 0x6c, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2f, 0x76, 0x31, 0x3b, 0x6e, 0x6f, 0x64, 0x65, - 0xaa, 0x02, 0x14, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, - 0x4e, 0x6f, 0x64, 0x65, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x14, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, - 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x4e, 0x6f, 0x64, 0x65, 0x5c, 0x56, 0x31, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x10, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, + 0x6e, 0x6f, 0x64, 0x65, 0x2e, 0x76, 0x31, 0x32, 0x0d, 0x0a, 0x0b, 0x4e, 0x6f, 0x64, 0x65, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x42, 0x83, 0x01, 0x0a, 0x17, 0x73, 0x68, 0x2e, 0x6f, 0x72, + 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x6e, 0x6f, 0x64, 0x65, 0x2e, + 0x76, 0x31, 0x42, 0x09, 0x4e, 0x6f, 0x64, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, + 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, + 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, + 0x6c, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2f, 0x76, 0x31, 0x3b, 0x6e, 0x6f, 0x64, 0x65, 0xaa, 0x02, + 0x14, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x4e, 0x6f, + 0x64, 0x65, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x14, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, + 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x4e, 0x6f, 0x64, 0x65, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x33, } var file_keto_acl_node_v1_node_service_proto_goTypes = []interface{}{} diff --git a/api/keto/acl/node/v1/node_service.proto b/api/keto/acl/node/v1/node_service.proto index b1042825f..50eaef054 100644 --- a/api/keto/acl/node/v1/node_service.proto +++ b/api/keto/acl/node/v1/node_service.proto @@ -1,6 +1,6 @@ syntax = "proto3"; -package keto.authz.node.v1; +package keto.acl.node.v1; option go_package = "github.com/ory/keto/api/keto/acl/node/v1;node"; option csharp_namespace = "Ory.Keto.Acl.Node.V1"; diff --git a/api/keto/acl/node/v1/node_service_grpc.pb.go b/api/keto/acl/node/v1/node_service_grpc.pb.go index 98cf32db1..85757812c 100644 --- a/api/keto/acl/node/v1/node_service_grpc.pb.go +++ b/api/keto/acl/node/v1/node_service_grpc.pb.go @@ -46,7 +46,7 @@ func RegisterNodeServiceServer(s grpc.ServiceRegistrar, srv NodeServiceServer) { } var _NodeService_serviceDesc = grpc.ServiceDesc{ - ServiceName: "keto.authz.node.v1.NodeService", + ServiceName: "keto.acl.node.v1.NodeService", HandlerType: (*NodeServiceServer)(nil), Methods: []grpc.MethodDesc{}, Streams: []grpc.StreamDesc{}, diff --git a/api/keto/acl/v1/acl_service.pb.go b/api/keto/acl/v1/acl_service.pb.go deleted file mode 100644 index e67368c78..000000000 --- a/api/keto/acl/v1/acl_service.pb.go +++ /dev/null @@ -1,887 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.25.0 -// protoc v3.13.0 -// source: keto/acl/v1/acl_service.proto - -package acl - -import ( - proto "github.com/golang/protobuf/proto" - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// This is a compile-time assertion that a sufficiently up-to-date version -// of the legacy proto package is being used. -const _ = proto.ProtoPackageIsVersion4 - -type RelationTupleWriteDelta_Action int32 - -const ( - // Unspecified. - // The `WriteRelationTuples` RPC ignores this - // RelationTupleWriteDelta if no action is specified. - RelationTupleWriteDelta_ACTION_UNSPECIFIED RelationTupleWriteDelta_Action = 0 - // Insertion or if already exists, update of the RelationTuple. - RelationTupleWriteDelta_UPSERT RelationTupleWriteDelta_Action = 1 - // Insertion of the RelationTuple. - // The `WriteRelationTuples` RPC errors if the RelationTuple already exists. - RelationTupleWriteDelta_INSERT RelationTupleWriteDelta_Action = 2 - // Update of the existing RelationTuple. - // The `WriteRelationTuples` RPC errors if the RelationTuple does not exist. - RelationTupleWriteDelta_UPDATE RelationTupleWriteDelta_Action = 3 - // Deletion of the RelationTuple. - // The `WriteRelationTuples` RPC is silent and does not error in case - // the RelationTuple does not exist. - RelationTupleWriteDelta_DELETE RelationTupleWriteDelta_Action = 4 -) - -// Enum value maps for RelationTupleWriteDelta_Action. -var ( - RelationTupleWriteDelta_Action_name = map[int32]string{ - 0: "ACTION_UNSPECIFIED", - 1: "UPSERT", - 2: "INSERT", - 3: "UPDATE", - 4: "DELETE", - } - RelationTupleWriteDelta_Action_value = map[string]int32{ - "ACTION_UNSPECIFIED": 0, - "UPSERT": 1, - "INSERT": 2, - "UPDATE": 3, - "DELETE": 4, - } -) - -func (x RelationTupleWriteDelta_Action) Enum() *RelationTupleWriteDelta_Action { - p := new(RelationTupleWriteDelta_Action) - *p = x - return p -} - -func (x RelationTupleWriteDelta_Action) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (RelationTupleWriteDelta_Action) Descriptor() protoreflect.EnumDescriptor { - return file_keto_acl_v1_acl_service_proto_enumTypes[0].Descriptor() -} - -func (RelationTupleWriteDelta_Action) Type() protoreflect.EnumType { - return &file_keto_acl_v1_acl_service_proto_enumTypes[0] -} - -func (x RelationTupleWriteDelta_Action) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use RelationTupleWriteDelta_Action.Descriptor instead. -func (RelationTupleWriteDelta_Action) EnumDescriptor() ([]byte, []int) { - return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{7, 0} -} - -type CheckRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The related object in this check. - Object *Object `protobuf:"bytes,1,opt,name=object,proto3" json:"object,omitempty"` - // The relation this check. - Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` - // The concrete subject id to check. - SubjectId string `protobuf:"bytes,3,opt,name=subject_id,json=subjectId,proto3" json:"subject_id,omitempty"` - // Optional. The least snapshot time of the used - // serverside data to compute the response of this check. - // - // If specified requests to perform - // the check on only near up to-date ACLs. - // - // *This recommended for low latency and where checks - // are allowed to perform on ACLs that are a bit stale - // (stale => not up to date, but still only differs some - // millis or seconds). - // - // If not specified performs the check on most up to-date - // ACLs in case it is strictly required to do so. - Zookie []byte `protobuf:"bytes,4,opt,name=zookie,proto3" json:"zookie,omitempty"` -} - -func (x *CheckRequest) Reset() { - *x = CheckRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_acl_service_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CheckRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CheckRequest) ProtoMessage() {} - -func (x *CheckRequest) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_acl_service_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CheckRequest.ProtoReflect.Descriptor instead. -func (*CheckRequest) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{0} -} - -func (x *CheckRequest) GetObject() *Object { - if x != nil { - return x.Object - } - return nil -} - -func (x *CheckRequest) GetRelation() string { - if x != nil { - return x.Relation - } - return "" -} - -func (x *CheckRequest) GetSubjectId() string { - if x != nil { - return x.SubjectId - } - return "" -} - -func (x *CheckRequest) GetZookie() []byte { - if x != nil { - return x.Zookie - } - return nil -} - -type CheckResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // True if the specified subject id - // is related to the requested Object. - Allowed bool `protobuf:"varint,1,opt,name=allowed,proto3" json:"allowed,omitempty"` -} - -func (x *CheckResponse) Reset() { - *x = CheckResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_acl_service_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CheckResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CheckResponse) ProtoMessage() {} - -func (x *CheckResponse) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_acl_service_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CheckResponse.ProtoReflect.Descriptor instead. -func (*CheckResponse) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{1} -} - -func (x *CheckResponse) GetAllowed() bool { - if x != nil { - return x.Allowed - } - return false -} - -type ListRelationTuplesRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The filter to query for relation tuples. - // If none specified - // TODO RelationTuple listing and querying is a quite more involved task than only passing in a Query structure - // TODO e.g. filter by namespace, object, relation, subject, commit_time (create time) in combination with logical OR/AND operators - // TODO See https://google.aip.dev/160 - // TODO We should use an expression engine for evaluation and SQL query building - Filter string `protobuf:"bytes,1,opt,name=filter,proto3" json:"filter,omitempty"` - // The ordering of the queried relation tuples. - // TODO See https://google.aip.dev/132 - OrderBy string `protobuf:"bytes,2,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"` - // Optional. The least snapshot time of - // the used serverside data in the response. - Zookie []byte `protobuf:"bytes,3,opt,name=zookie,proto3" json:"zookie,omitempty"` - // Optional. The maximum number of RelationTuples to return in the response. - PageSize int32 `protobuf:"varint,4,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"` - // Optional. A pagination token returned from a previous call to `ListRelationTuples` - // that indicates where this listing should continue from. - PageToken string `protobuf:"bytes,5,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"` -} - -func (x *ListRelationTuplesRequest) Reset() { - *x = ListRelationTuplesRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_acl_service_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ListRelationTuplesRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ListRelationTuplesRequest) ProtoMessage() {} - -func (x *ListRelationTuplesRequest) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_acl_service_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ListRelationTuplesRequest.ProtoReflect.Descriptor instead. -func (*ListRelationTuplesRequest) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{2} -} - -func (x *ListRelationTuplesRequest) GetFilter() string { - if x != nil { - return x.Filter - } - return "" -} - -func (x *ListRelationTuplesRequest) GetOrderBy() string { - if x != nil { - return x.OrderBy - } - return "" -} - -func (x *ListRelationTuplesRequest) GetZookie() []byte { - if x != nil { - return x.Zookie - } - return nil -} - -func (x *ListRelationTuplesRequest) GetPageSize() int32 { - if x != nil { - return x.PageSize - } - return 0 -} - -func (x *ListRelationTuplesRequest) GetPageToken() string { - if x != nil { - return x.PageToken - } - return "" -} - -type ListRelationTuplesResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The relation tuples matching the list request. - RelationTuples []*RelationTuple `protobuf:"bytes,1,rep,name=relation_tuples,json=relationTuples,proto3" json:"relation_tuples,omitempty"` - // Optional. A pagination token returned from a previous call to `ListRelationTuples` - // that indicates where this listing should continue from. - NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"` -} - -func (x *ListRelationTuplesResponse) Reset() { - *x = ListRelationTuplesResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_acl_service_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ListRelationTuplesResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ListRelationTuplesResponse) ProtoMessage() {} - -func (x *ListRelationTuplesResponse) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_acl_service_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ListRelationTuplesResponse.ProtoReflect.Descriptor instead. -func (*ListRelationTuplesResponse) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{3} -} - -func (x *ListRelationTuplesResponse) GetRelationTuples() []*RelationTuple { - if x != nil { - return x.RelationTuples - } - return nil -} - -func (x *ListRelationTuplesResponse) GetNextPageToken() string { - if x != nil { - return x.NextPageToken - } - return "" -} - -type WatchRelationTuplesRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields -} - -func (x *WatchRelationTuplesRequest) Reset() { - *x = WatchRelationTuplesRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_acl_service_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *WatchRelationTuplesRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*WatchRelationTuplesRequest) ProtoMessage() {} - -func (x *WatchRelationTuplesRequest) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_acl_service_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use WatchRelationTuplesRequest.ProtoReflect.Descriptor instead. -func (*WatchRelationTuplesRequest) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{4} -} - -type WatchRelationTuplesResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields -} - -func (x *WatchRelationTuplesResponse) Reset() { - *x = WatchRelationTuplesResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_acl_service_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *WatchRelationTuplesResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*WatchRelationTuplesResponse) ProtoMessage() {} - -func (x *WatchRelationTuplesResponse) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_acl_service_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use WatchRelationTuplesResponse.ProtoReflect.Descriptor instead. -func (*WatchRelationTuplesResponse) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{5} -} - -type WriteRelationTuplesRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The write delta for the relation tuples operated in one single transaction. - // Either all actions commit or no change takes effect on error. - // - // The tuple's etag is used for a consistent read-modify-write request flow. - // If the etag is not present, the tuple is not validated against the state - // of the serverside tuple and get operated anyway. - RelationTupleDeltas []*RelationTupleWriteDelta `protobuf:"bytes,1,rep,name=relation_tuple_deltas,json=relationTupleDeltas,proto3" json:"relation_tuple_deltas,omitempty"` -} - -func (x *WriteRelationTuplesRequest) Reset() { - *x = WriteRelationTuplesRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_acl_service_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *WriteRelationTuplesRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*WriteRelationTuplesRequest) ProtoMessage() {} - -func (x *WriteRelationTuplesRequest) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_acl_service_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use WriteRelationTuplesRequest.ProtoReflect.Descriptor instead. -func (*WriteRelationTuplesRequest) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{6} -} - -func (x *WriteRelationTuplesRequest) GetRelationTupleDeltas() []*RelationTupleWriteDelta { - if x != nil { - return x.RelationTupleDeltas - } - return nil -} - -type RelationTupleWriteDelta struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The target RelationTuple. - RelationTuple *RelationTuple `protobuf:"bytes,1,opt,name=relation_tuple,json=relationTuple,proto3" json:"relation_tuple,omitempty"` -} - -func (x *RelationTupleWriteDelta) Reset() { - *x = RelationTupleWriteDelta{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_acl_service_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *RelationTupleWriteDelta) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*RelationTupleWriteDelta) ProtoMessage() {} - -func (x *RelationTupleWriteDelta) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_acl_service_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use RelationTupleWriteDelta.ProtoReflect.Descriptor instead. -func (*RelationTupleWriteDelta) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{7} -} - -func (x *RelationTupleWriteDelta) GetRelationTuple() *RelationTuple { - if x != nil { - return x.RelationTuple - } - return nil -} - -type WriteRelationTuplesResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields -} - -func (x *WriteRelationTuplesResponse) Reset() { - *x = WriteRelationTuplesResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_acl_service_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *WriteRelationTuplesResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*WriteRelationTuplesResponse) ProtoMessage() {} - -func (x *WriteRelationTuplesResponse) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_acl_service_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use WriteRelationTuplesResponse.ProtoReflect.Descriptor instead. -func (*WriteRelationTuplesResponse) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_acl_service_proto_rawDescGZIP(), []int{8} -} - -var File_keto_acl_v1_acl_service_proto protoreflect.FileDescriptor - -var file_keto_acl_v1_acl_service_proto_rawDesc = []byte{ - 0x0a, 0x1d, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x63, - 0x6c, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x0b, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x1a, 0x15, 0x6b, 0x65, - 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x63, 0x6c, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, - 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x8e, 0x01, 0x0a, - 0x0c, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2b, 0x0a, - 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, - 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, - 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, - 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, - 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, - 0x74, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x75, 0x62, 0x6a, - 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x7a, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x7a, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x22, 0x29, 0x0a, - 0x0d, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, - 0x0a, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x22, 0xa2, 0x01, 0x0a, 0x19, 0x4c, 0x69, 0x73, - 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x19, - 0x0a, 0x08, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x5f, 0x62, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x42, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x7a, 0x6f, 0x6f, - 0x6b, 0x69, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x7a, 0x6f, 0x6f, 0x6b, 0x69, - 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x70, 0x61, 0x67, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x1d, - 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x05, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x89, 0x01, - 0x0a, 0x1a, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, - 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x43, 0x0a, 0x0f, - 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x18, - 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, - 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, - 0x65, 0x52, 0x0e, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, - 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, - 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6e, 0x65, 0x78, 0x74, - 0x50, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x1c, 0x0a, 0x1a, 0x57, 0x61, 0x74, - 0x63, 0x68, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x1d, 0x0a, 0x1b, 0x57, 0x61, 0x74, 0x63, 0x68, - 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x76, 0x0a, 0x1a, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, - 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x12, 0x58, 0x0a, 0x15, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x5f, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x73, 0x18, 0x01, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, - 0x31, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x57, - 0x72, 0x69, 0x74, 0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x52, 0x13, 0x72, 0x65, 0x6c, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x73, 0x22, 0xae, - 0x01, 0x0a, 0x17, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, - 0x57, 0x72, 0x69, 0x74, 0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x12, 0x41, 0x0a, 0x0e, 0x72, 0x65, - 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, - 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x52, 0x0d, - 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x22, 0x50, 0x0a, - 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x43, 0x54, 0x49, 0x4f, - 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, - 0x0a, 0x0a, 0x06, 0x55, 0x50, 0x53, 0x45, 0x52, 0x54, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x49, - 0x4e, 0x53, 0x45, 0x52, 0x54, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x50, 0x44, 0x41, 0x54, - 0x45, 0x10, 0x03, 0x12, 0x0a, 0x0a, 0x06, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x04, 0x22, - 0x1d, 0x0a, 0x1b, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0x67, - 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x3e, - 0x0a, 0x05, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x19, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, - 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, - 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, - 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, - 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x32, 0x8d, 0x01, 0x0a, 0x0b, 0x52, 0x65, 0x61, 0x64, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x65, 0x0a, 0x12, 0x4c, 0x69, 0x73, 0x74, 0x52, - 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, 0x26, 0x2e, - 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, - 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, - 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, - 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, - 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x32, 0x91, 0x01, 0x0a, 0x0c, 0x57, 0x61, 0x74, 0x63, - 0x68, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x68, 0x0a, 0x13, 0x57, 0x61, 0x74, 0x63, - 0x68, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, - 0x27, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x61, - 0x74, 0x63, 0x68, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, - 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, - 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x6c, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x32, 0x91, 0x01, 0x0a, 0x0c, - 0x57, 0x72, 0x69, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x68, 0x0a, 0x13, - 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, - 0x6c, 0x65, 0x73, 0x12, 0x27, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, - 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, - 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x6b, - 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, - 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, - 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, - 0x6d, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, - 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x08, 0x41, 0x63, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, - 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, - 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, - 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, 0x79, - 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, 0x4f, - 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_keto_acl_v1_acl_service_proto_rawDescOnce sync.Once - file_keto_acl_v1_acl_service_proto_rawDescData = file_keto_acl_v1_acl_service_proto_rawDesc -) - -func file_keto_acl_v1_acl_service_proto_rawDescGZIP() []byte { - file_keto_acl_v1_acl_service_proto_rawDescOnce.Do(func() { - file_keto_acl_v1_acl_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_keto_acl_v1_acl_service_proto_rawDescData) - }) - return file_keto_acl_v1_acl_service_proto_rawDescData -} - -var file_keto_acl_v1_acl_service_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_keto_acl_v1_acl_service_proto_msgTypes = make([]protoimpl.MessageInfo, 9) -var file_keto_acl_v1_acl_service_proto_goTypes = []interface{}{ - (RelationTupleWriteDelta_Action)(0), // 0: keto.acl.v1.RelationTupleWriteDelta.Action - (*CheckRequest)(nil), // 1: keto.acl.v1.CheckRequest - (*CheckResponse)(nil), // 2: keto.acl.v1.CheckResponse - (*ListRelationTuplesRequest)(nil), // 3: keto.acl.v1.ListRelationTuplesRequest - (*ListRelationTuplesResponse)(nil), // 4: keto.acl.v1.ListRelationTuplesResponse - (*WatchRelationTuplesRequest)(nil), // 5: keto.acl.v1.WatchRelationTuplesRequest - (*WatchRelationTuplesResponse)(nil), // 6: keto.acl.v1.WatchRelationTuplesResponse - (*WriteRelationTuplesRequest)(nil), // 7: keto.acl.v1.WriteRelationTuplesRequest - (*RelationTupleWriteDelta)(nil), // 8: keto.acl.v1.RelationTupleWriteDelta - (*WriteRelationTuplesResponse)(nil), // 9: keto.acl.v1.WriteRelationTuplesResponse - (*Object)(nil), // 10: keto.acl.v1.Object - (*RelationTuple)(nil), // 11: keto.acl.v1.RelationTuple -} -var file_keto_acl_v1_acl_service_proto_depIdxs = []int32{ - 10, // 0: keto.acl.v1.CheckRequest.object:type_name -> keto.acl.v1.Object - 11, // 1: keto.acl.v1.ListRelationTuplesResponse.relation_tuples:type_name -> keto.acl.v1.RelationTuple - 8, // 2: keto.acl.v1.WriteRelationTuplesRequest.relation_tuple_deltas:type_name -> keto.acl.v1.RelationTupleWriteDelta - 11, // 3: keto.acl.v1.RelationTupleWriteDelta.relation_tuple:type_name -> keto.acl.v1.RelationTuple - 1, // 4: keto.acl.v1.CheckService.Check:input_type -> keto.acl.v1.CheckRequest - 3, // 5: keto.acl.v1.ReadService.ListRelationTuples:input_type -> keto.acl.v1.ListRelationTuplesRequest - 5, // 6: keto.acl.v1.WatchService.WatchRelationTuples:input_type -> keto.acl.v1.WatchRelationTuplesRequest - 7, // 7: keto.acl.v1.WriteService.WriteRelationTuples:input_type -> keto.acl.v1.WriteRelationTuplesRequest - 2, // 8: keto.acl.v1.CheckService.Check:output_type -> keto.acl.v1.CheckResponse - 4, // 9: keto.acl.v1.ReadService.ListRelationTuples:output_type -> keto.acl.v1.ListRelationTuplesResponse - 6, // 10: keto.acl.v1.WatchService.WatchRelationTuples:output_type -> keto.acl.v1.WatchRelationTuplesResponse - 9, // 11: keto.acl.v1.WriteService.WriteRelationTuples:output_type -> keto.acl.v1.WriteRelationTuplesResponse - 8, // [8:12] is the sub-list for method output_type - 4, // [4:8] is the sub-list for method input_type - 4, // [4:4] is the sub-list for extension type_name - 4, // [4:4] is the sub-list for extension extendee - 0, // [0:4] is the sub-list for field type_name -} - -func init() { file_keto_acl_v1_acl_service_proto_init() } -func file_keto_acl_v1_acl_service_proto_init() { - if File_keto_acl_v1_acl_service_proto != nil { - return - } - file_keto_acl_v1_acl_proto_init() - if !protoimpl.UnsafeEnabled { - file_keto_acl_v1_acl_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CheckRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keto_acl_v1_acl_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CheckResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keto_acl_v1_acl_service_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ListRelationTuplesRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keto_acl_v1_acl_service_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ListRelationTuplesResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keto_acl_v1_acl_service_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WatchRelationTuplesRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keto_acl_v1_acl_service_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WatchRelationTuplesResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keto_acl_v1_acl_service_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WriteRelationTuplesRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keto_acl_v1_acl_service_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RelationTupleWriteDelta); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keto_acl_v1_acl_service_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WriteRelationTuplesResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_keto_acl_v1_acl_service_proto_rawDesc, - NumEnums: 1, - NumMessages: 9, - NumExtensions: 0, - NumServices: 4, - }, - GoTypes: file_keto_acl_v1_acl_service_proto_goTypes, - DependencyIndexes: file_keto_acl_v1_acl_service_proto_depIdxs, - EnumInfos: file_keto_acl_v1_acl_service_proto_enumTypes, - MessageInfos: file_keto_acl_v1_acl_service_proto_msgTypes, - }.Build() - File_keto_acl_v1_acl_service_proto = out.File - file_keto_acl_v1_acl_service_proto_rawDesc = nil - file_keto_acl_v1_acl_service_proto_goTypes = nil - file_keto_acl_v1_acl_service_proto_depIdxs = nil -} diff --git a/api/keto/acl/v1/acl_service.proto b/api/keto/acl/v1/acl_service.proto deleted file mode 100644 index 11aa22e00..000000000 --- a/api/keto/acl/v1/acl_service.proto +++ /dev/null @@ -1,143 +0,0 @@ -syntax = "proto3"; - -package keto.acl.v1; - -import "keto/acl/v1/acl.proto"; -import "google/api/client.proto"; - -option go_package = "github.com/ory/keto/api/keto/acl/v1;acl"; -option csharp_namespace = "Ory.Keto.Acl.V1"; -option java_multiple_files = true; -option java_outer_classname = "AclProto"; -option java_package = "sh.ory.keto.acl.v1"; -option php_namespace = "Ory\\Keto\\Acl\\V1"; - -// The service that performs authorization checks -// based on the stored Access Control Lists. -service CheckService { - option (google.api.default_host) = "keto.exampleapis.com"; - // Check performs an authorization check. - rpc Check(CheckRequest) returns (CheckResponse); -} - -message CheckRequest { - // The related object in this check. - Object object = 1; - // The relation this check. - string relation = 2; - // The concrete subject id to check. - string subject_id = 3; - // Optional. The least snapshot time of the used - // serverside data to compute the response of this check. - // - // If specified requests to perform - // the check on only near up to-date ACLs. - // - // *This recommended for low latency and where checks - // are allowed to perform on ACLs that are a bit stale - // (stale => not up to date, but still only differs some - // millis or seconds). - // - // If not specified performs the check on most up to-date - // ACLs in case it is strictly required to do so. - bytes zookie = 4; -} - -message CheckResponse { - // True if the specified subject id - // is related to the requested Object. - bool allowed = 1; -} - -// The service to query Access Control Lists. -service ReadService { - option (google.api.default_host) = "keto.exampleapis.com"; - // Lists ACL relation tuples. - rpc ListRelationTuples(ListRelationTuplesRequest) returns (ListRelationTuplesResponse); -} - -message ListRelationTuplesRequest { - // The filter to query for relation tuples. - // If none specified - // TODO RelationTuple listing and querying is a quite more involved task than only passing in a Query structure - // TODO e.g. filter by namespace, object, relation, subject, commit_time (create time) in combination with logical OR/AND operators - // TODO See https://google.aip.dev/160 - // TODO We should use an expression engine for evaluation and SQL query building - string filter = 1; - // The ordering of the queried relation tuples. - // TODO See https://google.aip.dev/132 - string order_by = 2; - // Optional. The least snapshot time of - // the used serverside data in the response. - bytes zookie = 3; - // Optional. The maximum number of RelationTuples to return in the response. - int32 page_size = 4; - // Optional. A pagination token returned from a previous call to `ListRelationTuples` - // that indicates where this listing should continue from. - string page_token = 5; - -} -message ListRelationTuplesResponse { - // The relation tuples matching the list request. - repeated RelationTuple relation_tuples = 1; - // Optional. A pagination token returned from a previous call to `ListRelationTuples` - // that indicates where this listing should continue from. - string next_page_token = 2; -} - -// The service to watch for changes in the system, -// such as for Access Control Lists and namespace configs. -service WatchService { - option (google.api.default_host) = "keto.exampleapis.com"; - // Watches and filters for changes in the ACL system. - rpc WatchRelationTuples(WatchRelationTuplesRequest) returns (WatchRelationTuplesResponse); -} - -message WatchRelationTuplesRequest {} -message WatchRelationTuplesResponse {} - -// The write service to create and delete Access Control Lists. -service WriteService { - option (google.api.default_host) = "keto.exampleapis.com"; - // Writes one or more relation tuples in a single transaction. - rpc WriteRelationTuples(WriteRelationTuplesRequest) returns (WriteRelationTuplesResponse); -} - -message WriteRelationTuplesRequest { - // The write delta for the relation tuples operated in one single transaction. - // Either all actions commit or no change takes effect on error. - // - // The tuple's etag is used for a consistent read-modify-write request flow. - // If the etag is not present, the tuple is not validated against the state - // of the serverside tuple and get operated anyway. - repeated RelationTupleWriteDelta relation_tuple_deltas = 1; -} - -message RelationTupleWriteDelta { - enum Action { - // Unspecified. - // The `WriteRelationTuples` RPC ignores this - // RelationTupleWriteDelta if no action is specified. - ACTION_UNSPECIFIED = 0; - - // Insertion or if already exists, update of the RelationTuple. - UPSERT = 1; - - // Insertion of the RelationTuple. - // The `WriteRelationTuples` RPC errors if the RelationTuple already exists. - INSERT = 2; - - // Update of the existing RelationTuple. - // The `WriteRelationTuples` RPC errors if the RelationTuple does not exist. - UPDATE = 3; - - // Deletion of the RelationTuple. - // The `WriteRelationTuples` RPC is silent and does not error in case - // the RelationTuple does not exist. - DELETE = 4; - } - // The target RelationTuple. - RelationTuple relation_tuple = 1; -} - -message WriteRelationTuplesResponse {} \ No newline at end of file diff --git a/api/keto/acl/v1/acl_service_grpc.pb.go b/api/keto/acl/v1/acl_service_grpc.pb.go deleted file mode 100644 index af671810e..000000000 --- a/api/keto/acl/v1/acl_service_grpc.pb.go +++ /dev/null @@ -1,346 +0,0 @@ -// Code generated by protoc-gen-go-grpc. DO NOT EDIT. - -package acl - -import ( - context "context" - grpc "google.golang.org/grpc" - codes "google.golang.org/grpc/codes" - status "google.golang.org/grpc/status" -) - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion7 - -// CheckServiceClient is the client API for CheckService service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. -type CheckServiceClient interface { - // Check performs an authorization check. - Check(ctx context.Context, in *CheckRequest, opts ...grpc.CallOption) (*CheckResponse, error) -} - -type checkServiceClient struct { - cc grpc.ClientConnInterface -} - -func NewCheckServiceClient(cc grpc.ClientConnInterface) CheckServiceClient { - return &checkServiceClient{cc} -} - -func (c *checkServiceClient) Check(ctx context.Context, in *CheckRequest, opts ...grpc.CallOption) (*CheckResponse, error) { - out := new(CheckResponse) - err := c.cc.Invoke(ctx, "/keto.acl.v1.CheckService/Check", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// CheckServiceServer is the server API for CheckService service. -// All implementations should embed UnimplementedCheckServiceServer -// for forward compatibility -type CheckServiceServer interface { - // Check performs an authorization check. - Check(context.Context, *CheckRequest) (*CheckResponse, error) -} - -// UnimplementedCheckServiceServer should be embedded to have forward compatible implementations. -type UnimplementedCheckServiceServer struct { -} - -func (UnimplementedCheckServiceServer) Check(context.Context, *CheckRequest) (*CheckResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Check not implemented") -} - -// UnsafeCheckServiceServer may be embedded to opt out of forward compatibility for this service. -// Use of this interface is not recommended, as added methods to CheckServiceServer will -// result in compilation errors. -type UnsafeCheckServiceServer interface { - mustEmbedUnimplementedCheckServiceServer() -} - -func RegisterCheckServiceServer(s grpc.ServiceRegistrar, srv CheckServiceServer) { - s.RegisterService(&_CheckService_serviceDesc, srv) -} - -func _CheckService_Check_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CheckRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CheckServiceServer).Check(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/keto.acl.v1.CheckService/Check", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CheckServiceServer).Check(ctx, req.(*CheckRequest)) - } - return interceptor(ctx, in, info, handler) -} - -var _CheckService_serviceDesc = grpc.ServiceDesc{ - ServiceName: "keto.acl.v1.CheckService", - HandlerType: (*CheckServiceServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "Check", - Handler: _CheckService_Check_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "keto/acl/v1/acl_service.proto", -} - -// ReadServiceClient is the client API for ReadService service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. -type ReadServiceClient interface { - // Lists ACL relation tuples. - ListRelationTuples(ctx context.Context, in *ListRelationTuplesRequest, opts ...grpc.CallOption) (*ListRelationTuplesResponse, error) -} - -type readServiceClient struct { - cc grpc.ClientConnInterface -} - -func NewReadServiceClient(cc grpc.ClientConnInterface) ReadServiceClient { - return &readServiceClient{cc} -} - -func (c *readServiceClient) ListRelationTuples(ctx context.Context, in *ListRelationTuplesRequest, opts ...grpc.CallOption) (*ListRelationTuplesResponse, error) { - out := new(ListRelationTuplesResponse) - err := c.cc.Invoke(ctx, "/keto.acl.v1.ReadService/ListRelationTuples", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// ReadServiceServer is the server API for ReadService service. -// All implementations should embed UnimplementedReadServiceServer -// for forward compatibility -type ReadServiceServer interface { - // Lists ACL relation tuples. - ListRelationTuples(context.Context, *ListRelationTuplesRequest) (*ListRelationTuplesResponse, error) -} - -// UnimplementedReadServiceServer should be embedded to have forward compatible implementations. -type UnimplementedReadServiceServer struct { -} - -func (UnimplementedReadServiceServer) ListRelationTuples(context.Context, *ListRelationTuplesRequest) (*ListRelationTuplesResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method ListRelationTuples not implemented") -} - -// UnsafeReadServiceServer may be embedded to opt out of forward compatibility for this service. -// Use of this interface is not recommended, as added methods to ReadServiceServer will -// result in compilation errors. -type UnsafeReadServiceServer interface { - mustEmbedUnimplementedReadServiceServer() -} - -func RegisterReadServiceServer(s grpc.ServiceRegistrar, srv ReadServiceServer) { - s.RegisterService(&_ReadService_serviceDesc, srv) -} - -func _ReadService_ListRelationTuples_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(ListRelationTuplesRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(ReadServiceServer).ListRelationTuples(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/keto.acl.v1.ReadService/ListRelationTuples", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(ReadServiceServer).ListRelationTuples(ctx, req.(*ListRelationTuplesRequest)) - } - return interceptor(ctx, in, info, handler) -} - -var _ReadService_serviceDesc = grpc.ServiceDesc{ - ServiceName: "keto.acl.v1.ReadService", - HandlerType: (*ReadServiceServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "ListRelationTuples", - Handler: _ReadService_ListRelationTuples_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "keto/acl/v1/acl_service.proto", -} - -// WatchServiceClient is the client API for WatchService service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. -type WatchServiceClient interface { - // Watches and filters for changes in the ACL system. - WatchRelationTuples(ctx context.Context, in *WatchRelationTuplesRequest, opts ...grpc.CallOption) (*WatchRelationTuplesResponse, error) -} - -type watchServiceClient struct { - cc grpc.ClientConnInterface -} - -func NewWatchServiceClient(cc grpc.ClientConnInterface) WatchServiceClient { - return &watchServiceClient{cc} -} - -func (c *watchServiceClient) WatchRelationTuples(ctx context.Context, in *WatchRelationTuplesRequest, opts ...grpc.CallOption) (*WatchRelationTuplesResponse, error) { - out := new(WatchRelationTuplesResponse) - err := c.cc.Invoke(ctx, "/keto.acl.v1.WatchService/WatchRelationTuples", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// WatchServiceServer is the server API for WatchService service. -// All implementations should embed UnimplementedWatchServiceServer -// for forward compatibility -type WatchServiceServer interface { - // Watches and filters for changes in the ACL system. - WatchRelationTuples(context.Context, *WatchRelationTuplesRequest) (*WatchRelationTuplesResponse, error) -} - -// UnimplementedWatchServiceServer should be embedded to have forward compatible implementations. -type UnimplementedWatchServiceServer struct { -} - -func (UnimplementedWatchServiceServer) WatchRelationTuples(context.Context, *WatchRelationTuplesRequest) (*WatchRelationTuplesResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method WatchRelationTuples not implemented") -} - -// UnsafeWatchServiceServer may be embedded to opt out of forward compatibility for this service. -// Use of this interface is not recommended, as added methods to WatchServiceServer will -// result in compilation errors. -type UnsafeWatchServiceServer interface { - mustEmbedUnimplementedWatchServiceServer() -} - -func RegisterWatchServiceServer(s grpc.ServiceRegistrar, srv WatchServiceServer) { - s.RegisterService(&_WatchService_serviceDesc, srv) -} - -func _WatchService_WatchRelationTuples_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(WatchRelationTuplesRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(WatchServiceServer).WatchRelationTuples(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/keto.acl.v1.WatchService/WatchRelationTuples", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(WatchServiceServer).WatchRelationTuples(ctx, req.(*WatchRelationTuplesRequest)) - } - return interceptor(ctx, in, info, handler) -} - -var _WatchService_serviceDesc = grpc.ServiceDesc{ - ServiceName: "keto.acl.v1.WatchService", - HandlerType: (*WatchServiceServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "WatchRelationTuples", - Handler: _WatchService_WatchRelationTuples_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "keto/acl/v1/acl_service.proto", -} - -// WriteServiceClient is the client API for WriteService service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. -type WriteServiceClient interface { - // Writes one or more relation tuples in a single transaction. - WriteRelationTuples(ctx context.Context, in *WriteRelationTuplesRequest, opts ...grpc.CallOption) (*WriteRelationTuplesResponse, error) -} - -type writeServiceClient struct { - cc grpc.ClientConnInterface -} - -func NewWriteServiceClient(cc grpc.ClientConnInterface) WriteServiceClient { - return &writeServiceClient{cc} -} - -func (c *writeServiceClient) WriteRelationTuples(ctx context.Context, in *WriteRelationTuplesRequest, opts ...grpc.CallOption) (*WriteRelationTuplesResponse, error) { - out := new(WriteRelationTuplesResponse) - err := c.cc.Invoke(ctx, "/keto.acl.v1.WriteService/WriteRelationTuples", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// WriteServiceServer is the server API for WriteService service. -// All implementations should embed UnimplementedWriteServiceServer -// for forward compatibility -type WriteServiceServer interface { - // Writes one or more relation tuples in a single transaction. - WriteRelationTuples(context.Context, *WriteRelationTuplesRequest) (*WriteRelationTuplesResponse, error) -} - -// UnimplementedWriteServiceServer should be embedded to have forward compatible implementations. -type UnimplementedWriteServiceServer struct { -} - -func (UnimplementedWriteServiceServer) WriteRelationTuples(context.Context, *WriteRelationTuplesRequest) (*WriteRelationTuplesResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method WriteRelationTuples not implemented") -} - -// UnsafeWriteServiceServer may be embedded to opt out of forward compatibility for this service. -// Use of this interface is not recommended, as added methods to WriteServiceServer will -// result in compilation errors. -type UnsafeWriteServiceServer interface { - mustEmbedUnimplementedWriteServiceServer() -} - -func RegisterWriteServiceServer(s grpc.ServiceRegistrar, srv WriteServiceServer) { - s.RegisterService(&_WriteService_serviceDesc, srv) -} - -func _WriteService_WriteRelationTuples_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(WriteRelationTuplesRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(WriteServiceServer).WriteRelationTuples(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/keto.acl.v1.WriteService/WriteRelationTuples", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(WriteServiceServer).WriteRelationTuples(ctx, req.(*WriteRelationTuplesRequest)) - } - return interceptor(ctx, in, info, handler) -} - -var _WriteService_serviceDesc = grpc.ServiceDesc{ - ServiceName: "keto.acl.v1.WriteService", - HandlerType: (*WriteServiceServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "WriteRelationTuples", - Handler: _WriteService_WriteRelationTuples_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "keto/acl/v1/acl_service.proto", -} diff --git a/api/keto/acl/v1/check_service.pb.go b/api/keto/acl/v1/check_service.pb.go new file mode 100644 index 000000000..937542670 --- /dev/null +++ b/api/keto/acl/v1/check_service.pb.go @@ -0,0 +1,281 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.25.0 +// protoc v3.13.0 +// source: keto/acl/v1/check_service.proto + +package acl + +import ( + proto "github.com/golang/protobuf/proto" + _ "google.golang.org/genproto/googleapis/api/annotations" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 + +type CheckRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The related object in this check. + Object *Object `protobuf:"bytes,1,opt,name=object,proto3" json:"object,omitempty"` + // The relation this check. + Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` + // The concrete subject id to check. + SubjectId string `protobuf:"bytes,3,opt,name=subject_id,json=subjectId,proto3" json:"subject_id,omitempty"` + // Optional. The least snapshot time of the used + // serverside data to compute the response of this check. + // + // If specified requests to perform + // the check on only near up to-date ACLs. + // + // *This recommended for low latency and where checks + // are allowed to perform on ACLs that are a bit stale + // (stale => not up to date, but still only differs some + // millis or seconds). + // + // If not specified performs the check on most up to-date + // ACLs in case it is strictly required to do so. + Zookie []byte `protobuf:"bytes,4,opt,name=zookie,proto3" json:"zookie,omitempty"` +} + +func (x *CheckRequest) Reset() { + *x = CheckRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_acl_v1_check_service_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CheckRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CheckRequest) ProtoMessage() {} + +func (x *CheckRequest) ProtoReflect() protoreflect.Message { + mi := &file_keto_acl_v1_check_service_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CheckRequest.ProtoReflect.Descriptor instead. +func (*CheckRequest) Descriptor() ([]byte, []int) { + return file_keto_acl_v1_check_service_proto_rawDescGZIP(), []int{0} +} + +func (x *CheckRequest) GetObject() *Object { + if x != nil { + return x.Object + } + return nil +} + +func (x *CheckRequest) GetRelation() string { + if x != nil { + return x.Relation + } + return "" +} + +func (x *CheckRequest) GetSubjectId() string { + if x != nil { + return x.SubjectId + } + return "" +} + +func (x *CheckRequest) GetZookie() []byte { + if x != nil { + return x.Zookie + } + return nil +} + +type CheckResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // True if the specified subject id + // is related to the requested Object. + Allowed bool `protobuf:"varint,1,opt,name=allowed,proto3" json:"allowed,omitempty"` +} + +func (x *CheckResponse) Reset() { + *x = CheckResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_acl_v1_check_service_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CheckResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CheckResponse) ProtoMessage() {} + +func (x *CheckResponse) ProtoReflect() protoreflect.Message { + mi := &file_keto_acl_v1_check_service_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CheckResponse.ProtoReflect.Descriptor instead. +func (*CheckResponse) Descriptor() ([]byte, []int) { + return file_keto_acl_v1_check_service_proto_rawDescGZIP(), []int{1} +} + +func (x *CheckResponse) GetAllowed() bool { + if x != nil { + return x.Allowed + } + return false +} + +var File_keto_acl_v1_check_service_proto protoreflect.FileDescriptor + +var file_keto_acl_v1_check_service_proto_rawDesc = []byte{ + 0x0a, 0x1f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x63, 0x68, + 0x65, 0x63, 0x6b, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x12, 0x0b, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x1a, 0x15, + 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x63, 0x6c, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, + 0x69, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x8e, + 0x01, 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, + 0x2b, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x13, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, + 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, + 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, + 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x75, 0x62, 0x6a, + 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x75, + 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x7a, 0x6f, 0x6f, 0x6b, 0x69, + 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x7a, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x22, + 0x29, 0x0a, 0x0d, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x12, 0x18, 0x0a, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x32, 0x67, 0x0a, 0x0c, 0x43, 0x68, + 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x3e, 0x0a, 0x05, 0x43, 0x68, + 0x65, 0x63, 0x6b, 0x12, 0x19, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, + 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, + 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x68, 0x65, + 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, + 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, + 0x63, 0x6f, 0x6d, 0x42, 0x6d, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, + 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x08, 0x41, 0x63, 0x6c, 0x50, 0x72, + 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, + 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, + 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, + 0x0f, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, + 0xca, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, + 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_keto_acl_v1_check_service_proto_rawDescOnce sync.Once + file_keto_acl_v1_check_service_proto_rawDescData = file_keto_acl_v1_check_service_proto_rawDesc +) + +func file_keto_acl_v1_check_service_proto_rawDescGZIP() []byte { + file_keto_acl_v1_check_service_proto_rawDescOnce.Do(func() { + file_keto_acl_v1_check_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_keto_acl_v1_check_service_proto_rawDescData) + }) + return file_keto_acl_v1_check_service_proto_rawDescData +} + +var file_keto_acl_v1_check_service_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_keto_acl_v1_check_service_proto_goTypes = []interface{}{ + (*CheckRequest)(nil), // 0: keto.acl.v1.CheckRequest + (*CheckResponse)(nil), // 1: keto.acl.v1.CheckResponse + (*Object)(nil), // 2: keto.acl.v1.Object +} +var file_keto_acl_v1_check_service_proto_depIdxs = []int32{ + 2, // 0: keto.acl.v1.CheckRequest.object:type_name -> keto.acl.v1.Object + 0, // 1: keto.acl.v1.CheckService.Check:input_type -> keto.acl.v1.CheckRequest + 1, // 2: keto.acl.v1.CheckService.Check:output_type -> keto.acl.v1.CheckResponse + 2, // [2:3] is the sub-list for method output_type + 1, // [1:2] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_keto_acl_v1_check_service_proto_init() } +func file_keto_acl_v1_check_service_proto_init() { + if File_keto_acl_v1_check_service_proto != nil { + return + } + file_keto_acl_v1_acl_proto_init() + if !protoimpl.UnsafeEnabled { + file_keto_acl_v1_check_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CheckRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_acl_v1_check_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CheckResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_keto_acl_v1_check_service_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_keto_acl_v1_check_service_proto_goTypes, + DependencyIndexes: file_keto_acl_v1_check_service_proto_depIdxs, + MessageInfos: file_keto_acl_v1_check_service_proto_msgTypes, + }.Build() + File_keto_acl_v1_check_service_proto = out.File + file_keto_acl_v1_check_service_proto_rawDesc = nil + file_keto_acl_v1_check_service_proto_goTypes = nil + file_keto_acl_v1_check_service_proto_depIdxs = nil +} diff --git a/api/keto/acl/v1/check_service.proto b/api/keto/acl/v1/check_service.proto new file mode 100644 index 000000000..e17b15145 --- /dev/null +++ b/api/keto/acl/v1/check_service.proto @@ -0,0 +1,50 @@ +syntax = "proto3"; + +package keto.acl.v1; + +import "keto/acl/v1/acl.proto"; +import "google/api/client.proto"; + +option go_package = "github.com/ory/keto/api/keto/acl/v1;acl"; +option csharp_namespace = "Ory.Keto.Acl.V1"; +option java_multiple_files = true; +option java_outer_classname = "AclProto"; +option java_package = "sh.ory.keto.acl.v1"; +option php_namespace = "Ory\\Keto\\Acl\\V1"; + +// The service that performs authorization checks +// based on the stored Access Control Lists. +service CheckService { + option (google.api.default_host) = "keto.exampleapis.com"; + // Check performs an authorization check. + rpc Check(CheckRequest) returns (CheckResponse); +} + +message CheckRequest { + // The related object in this check. + Object object = 1; + // The relation this check. + string relation = 2; + // The concrete subject id to check. + string subject_id = 3; + // Optional. The least snapshot time of the used + // serverside data to compute the response of this check. + // + // If specified requests to perform + // the check on only near up to-date ACLs. + // + // *This recommended for low latency and where checks + // are allowed to perform on ACLs that are a bit stale + // (stale => not up to date, but still only differs some + // millis or seconds). + // + // If not specified performs the check on most up to-date + // ACLs in case it is strictly required to do so. + bytes zookie = 4; +} + +message CheckResponse { + // True if the specified subject id + // is related to the requested Object. + bool allowed = 1; +} \ No newline at end of file diff --git a/api/keto/acl/v1/check_service_grpc.pb.go b/api/keto/acl/v1/check_service_grpc.pb.go new file mode 100644 index 000000000..a98242936 --- /dev/null +++ b/api/keto/acl/v1/check_service_grpc.pb.go @@ -0,0 +1,97 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. + +package acl + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion7 + +// CheckServiceClient is the client API for CheckService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type CheckServiceClient interface { + // Check performs an authorization check. + Check(ctx context.Context, in *CheckRequest, opts ...grpc.CallOption) (*CheckResponse, error) +} + +type checkServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewCheckServiceClient(cc grpc.ClientConnInterface) CheckServiceClient { + return &checkServiceClient{cc} +} + +func (c *checkServiceClient) Check(ctx context.Context, in *CheckRequest, opts ...grpc.CallOption) (*CheckResponse, error) { + out := new(CheckResponse) + err := c.cc.Invoke(ctx, "/keto.acl.v1.CheckService/Check", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// CheckServiceServer is the server API for CheckService service. +// All implementations should embed UnimplementedCheckServiceServer +// for forward compatibility +type CheckServiceServer interface { + // Check performs an authorization check. + Check(context.Context, *CheckRequest) (*CheckResponse, error) +} + +// UnimplementedCheckServiceServer should be embedded to have forward compatible implementations. +type UnimplementedCheckServiceServer struct { +} + +func (UnimplementedCheckServiceServer) Check(context.Context, *CheckRequest) (*CheckResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Check not implemented") +} + +// UnsafeCheckServiceServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to CheckServiceServer will +// result in compilation errors. +type UnsafeCheckServiceServer interface { + mustEmbedUnimplementedCheckServiceServer() +} + +func RegisterCheckServiceServer(s grpc.ServiceRegistrar, srv CheckServiceServer) { + s.RegisterService(&_CheckService_serviceDesc, srv) +} + +func _CheckService_Check_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CheckRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CheckServiceServer).Check(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/keto.acl.v1.CheckService/Check", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CheckServiceServer).Check(ctx, req.(*CheckRequest)) + } + return interceptor(ctx, in, info, handler) +} + +var _CheckService_serviceDesc = grpc.ServiceDesc{ + ServiceName: "keto.acl.v1.CheckService", + HandlerType: (*CheckServiceServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Check", + Handler: _CheckService_Check_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "keto/acl/v1/check_service.proto", +} diff --git a/api/keto/acl/v1/read_service.pb.go b/api/keto/acl/v1/read_service.pb.go new file mode 100644 index 000000000..c94c40042 --- /dev/null +++ b/api/keto/acl/v1/read_service.pb.go @@ -0,0 +1,306 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.25.0 +// protoc v3.13.0 +// source: keto/acl/v1/read_service.proto + +package acl + +import ( + proto "github.com/golang/protobuf/proto" + _ "google.golang.org/genproto/googleapis/api/annotations" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 + +type ListRelationTuplesRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The filter to query for relation tuples. + // If none specified + // TODO RelationTuple listing and querying is a quite more involved task than only passing in a Query structure + // TODO e.g. filter by namespace, object, relation, subject, commit_time (create time) in combination with logical OR/AND operators + // TODO See https://google.aip.dev/160 + // TODO We should use an expression engine for evaluation and SQL query building + Filter string `protobuf:"bytes,1,opt,name=filter,proto3" json:"filter,omitempty"` + // The ordering of the queried relation tuples. + // TODO See https://google.aip.dev/132 + OrderBy string `protobuf:"bytes,2,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"` + // Optional. The least snapshot time of + // the used serverside data in the response. + Zookie []byte `protobuf:"bytes,3,opt,name=zookie,proto3" json:"zookie,omitempty"` + // Optional. The maximum number of RelationTuples to return in the response. + PageSize int32 `protobuf:"varint,4,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"` + // Optional. A pagination token returned from a previous call to `ListRelationTuples` + // that indicates where this listing should continue from. + PageToken string `protobuf:"bytes,5,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"` +} + +func (x *ListRelationTuplesRequest) Reset() { + *x = ListRelationTuplesRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_acl_v1_read_service_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ListRelationTuplesRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListRelationTuplesRequest) ProtoMessage() {} + +func (x *ListRelationTuplesRequest) ProtoReflect() protoreflect.Message { + mi := &file_keto_acl_v1_read_service_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListRelationTuplesRequest.ProtoReflect.Descriptor instead. +func (*ListRelationTuplesRequest) Descriptor() ([]byte, []int) { + return file_keto_acl_v1_read_service_proto_rawDescGZIP(), []int{0} +} + +func (x *ListRelationTuplesRequest) GetFilter() string { + if x != nil { + return x.Filter + } + return "" +} + +func (x *ListRelationTuplesRequest) GetOrderBy() string { + if x != nil { + return x.OrderBy + } + return "" +} + +func (x *ListRelationTuplesRequest) GetZookie() []byte { + if x != nil { + return x.Zookie + } + return nil +} + +func (x *ListRelationTuplesRequest) GetPageSize() int32 { + if x != nil { + return x.PageSize + } + return 0 +} + +func (x *ListRelationTuplesRequest) GetPageToken() string { + if x != nil { + return x.PageToken + } + return "" +} + +// The response of a ReadService.ListRelationTuples rpc. +type ListRelationTuplesResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The relation tuples matching the list request. + RelationTuples []*RelationTuple `protobuf:"bytes,1,rep,name=relation_tuples,json=relationTuples,proto3" json:"relation_tuples,omitempty"` + // Optional. A pagination token returned from a previous call to `ListRelationTuples` + // that indicates where this listing should continue from. + NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"` +} + +func (x *ListRelationTuplesResponse) Reset() { + *x = ListRelationTuplesResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_acl_v1_read_service_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ListRelationTuplesResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListRelationTuplesResponse) ProtoMessage() {} + +func (x *ListRelationTuplesResponse) ProtoReflect() protoreflect.Message { + mi := &file_keto_acl_v1_read_service_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListRelationTuplesResponse.ProtoReflect.Descriptor instead. +func (*ListRelationTuplesResponse) Descriptor() ([]byte, []int) { + return file_keto_acl_v1_read_service_proto_rawDescGZIP(), []int{1} +} + +func (x *ListRelationTuplesResponse) GetRelationTuples() []*RelationTuple { + if x != nil { + return x.RelationTuples + } + return nil +} + +func (x *ListRelationTuplesResponse) GetNextPageToken() string { + if x != nil { + return x.NextPageToken + } + return "" +} + +var File_keto_acl_v1_read_service_proto protoreflect.FileDescriptor + +var file_keto_acl_v1_read_service_proto_rawDesc = []byte{ + 0x0a, 0x1e, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x72, 0x65, + 0x61, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x12, 0x0b, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x1a, 0x15, 0x6b, + 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x63, 0x6c, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, + 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xa2, 0x01, + 0x0a, 0x19, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, + 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x66, + 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x66, 0x69, 0x6c, + 0x74, 0x65, 0x72, 0x12, 0x19, 0x0a, 0x08, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x5f, 0x62, 0x79, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x42, 0x79, 0x12, 0x16, + 0x0a, 0x06, 0x7a, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, + 0x7a, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, + 0x69, 0x7a, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x70, 0x61, 0x67, 0x65, 0x53, + 0x69, 0x7a, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, + 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, + 0x65, 0x6e, 0x22, 0x89, 0x01, 0x0a, 0x1a, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x12, 0x43, 0x0a, 0x0f, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, + 0x70, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, + 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x52, 0x0e, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x70, + 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0d, 0x6e, 0x65, 0x78, 0x74, 0x50, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x32, 0x8d, + 0x01, 0x0a, 0x0b, 0x52, 0x65, 0x61, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x65, + 0x0a, 0x12, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, + 0x70, 0x6c, 0x65, 0x73, 0x12, 0x26, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, + 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, + 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, 0x6b, + 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, + 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, 0x6d, + 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, + 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x08, 0x41, 0x63, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, + 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, + 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, + 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x2e, + 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, 0x4f, 0x72, + 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_keto_acl_v1_read_service_proto_rawDescOnce sync.Once + file_keto_acl_v1_read_service_proto_rawDescData = file_keto_acl_v1_read_service_proto_rawDesc +) + +func file_keto_acl_v1_read_service_proto_rawDescGZIP() []byte { + file_keto_acl_v1_read_service_proto_rawDescOnce.Do(func() { + file_keto_acl_v1_read_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_keto_acl_v1_read_service_proto_rawDescData) + }) + return file_keto_acl_v1_read_service_proto_rawDescData +} + +var file_keto_acl_v1_read_service_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_keto_acl_v1_read_service_proto_goTypes = []interface{}{ + (*ListRelationTuplesRequest)(nil), // 0: keto.acl.v1.ListRelationTuplesRequest + (*ListRelationTuplesResponse)(nil), // 1: keto.acl.v1.ListRelationTuplesResponse + (*RelationTuple)(nil), // 2: keto.acl.v1.RelationTuple +} +var file_keto_acl_v1_read_service_proto_depIdxs = []int32{ + 2, // 0: keto.acl.v1.ListRelationTuplesResponse.relation_tuples:type_name -> keto.acl.v1.RelationTuple + 0, // 1: keto.acl.v1.ReadService.ListRelationTuples:input_type -> keto.acl.v1.ListRelationTuplesRequest + 1, // 2: keto.acl.v1.ReadService.ListRelationTuples:output_type -> keto.acl.v1.ListRelationTuplesResponse + 2, // [2:3] is the sub-list for method output_type + 1, // [1:2] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_keto_acl_v1_read_service_proto_init() } +func file_keto_acl_v1_read_service_proto_init() { + if File_keto_acl_v1_read_service_proto != nil { + return + } + file_keto_acl_v1_acl_proto_init() + if !protoimpl.UnsafeEnabled { + file_keto_acl_v1_read_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ListRelationTuplesRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_acl_v1_read_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ListRelationTuplesResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_keto_acl_v1_read_service_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_keto_acl_v1_read_service_proto_goTypes, + DependencyIndexes: file_keto_acl_v1_read_service_proto_depIdxs, + MessageInfos: file_keto_acl_v1_read_service_proto_msgTypes, + }.Build() + File_keto_acl_v1_read_service_proto = out.File + file_keto_acl_v1_read_service_proto_rawDesc = nil + file_keto_acl_v1_read_service_proto_goTypes = nil + file_keto_acl_v1_read_service_proto_depIdxs = nil +} diff --git a/api/keto/acl/v1/read_service.proto b/api/keto/acl/v1/read_service.proto new file mode 100644 index 000000000..d63c27d83 --- /dev/null +++ b/api/keto/acl/v1/read_service.proto @@ -0,0 +1,51 @@ +syntax = "proto3"; + +package keto.acl.v1; + +import "keto/acl/v1/acl.proto"; +import "google/api/client.proto"; + +option go_package = "github.com/ory/keto/api/keto/acl/v1;acl"; +option csharp_namespace = "Ory.Keto.Acl.V1"; +option java_multiple_files = true; +option java_outer_classname = "AclProto"; +option java_package = "sh.ory.keto.acl.v1"; +option php_namespace = "Ory\\Keto\\Acl\\V1"; + +// The service to query Access Control Lists. +service ReadService { + option (google.api.default_host) = "keto.exampleapis.com"; + // Lists ACL relation tuples. + rpc ListRelationTuples(ListRelationTuplesRequest) returns (ListRelationTuplesResponse); +} + +message ListRelationTuplesRequest { + // The filter to query for relation tuples. + // If none specified + // TODO RelationTuple listing and querying is a quite more involved task than only passing in a Query structure + // TODO e.g. filter by namespace, object, relation, subject, commit_time (create time) in combination with logical OR/AND operators + // TODO See https://google.aip.dev/160 + // TODO We should use an expression engine for evaluation and SQL query building + string filter = 1; + // The ordering of the queried relation tuples. + // TODO See https://google.aip.dev/132 + string order_by = 2; + // Optional. The least snapshot time of + // the used serverside data in the response. + bytes zookie = 3; + // Optional. The maximum number of RelationTuples to return in the response. + int32 page_size = 4; + // Optional. A pagination token returned from a previous call to `ListRelationTuples` + // that indicates where this listing should continue from. + string page_token = 5; + +} + +// The response of a ReadService.ListRelationTuples rpc. +message ListRelationTuplesResponse { + // The relation tuples matching the list request. + repeated RelationTuple relation_tuples = 1; + // Optional. A pagination token returned from a previous call to `ListRelationTuples` + // that indicates where this listing should continue from. + string next_page_token = 2; +} \ No newline at end of file diff --git a/api/keto/acl/v1/read_service_grpc.pb.go b/api/keto/acl/v1/read_service_grpc.pb.go new file mode 100644 index 000000000..9ca5b0f55 --- /dev/null +++ b/api/keto/acl/v1/read_service_grpc.pb.go @@ -0,0 +1,97 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. + +package acl + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion7 + +// ReadServiceClient is the client API for ReadService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type ReadServiceClient interface { + // Lists ACL relation tuples. + ListRelationTuples(ctx context.Context, in *ListRelationTuplesRequest, opts ...grpc.CallOption) (*ListRelationTuplesResponse, error) +} + +type readServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewReadServiceClient(cc grpc.ClientConnInterface) ReadServiceClient { + return &readServiceClient{cc} +} + +func (c *readServiceClient) ListRelationTuples(ctx context.Context, in *ListRelationTuplesRequest, opts ...grpc.CallOption) (*ListRelationTuplesResponse, error) { + out := new(ListRelationTuplesResponse) + err := c.cc.Invoke(ctx, "/keto.acl.v1.ReadService/ListRelationTuples", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// ReadServiceServer is the server API for ReadService service. +// All implementations should embed UnimplementedReadServiceServer +// for forward compatibility +type ReadServiceServer interface { + // Lists ACL relation tuples. + ListRelationTuples(context.Context, *ListRelationTuplesRequest) (*ListRelationTuplesResponse, error) +} + +// UnimplementedReadServiceServer should be embedded to have forward compatible implementations. +type UnimplementedReadServiceServer struct { +} + +func (UnimplementedReadServiceServer) ListRelationTuples(context.Context, *ListRelationTuplesRequest) (*ListRelationTuplesResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ListRelationTuples not implemented") +} + +// UnsafeReadServiceServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to ReadServiceServer will +// result in compilation errors. +type UnsafeReadServiceServer interface { + mustEmbedUnimplementedReadServiceServer() +} + +func RegisterReadServiceServer(s grpc.ServiceRegistrar, srv ReadServiceServer) { + s.RegisterService(&_ReadService_serviceDesc, srv) +} + +func _ReadService_ListRelationTuples_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ListRelationTuplesRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ReadServiceServer).ListRelationTuples(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/keto.acl.v1.ReadService/ListRelationTuples", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ReadServiceServer).ListRelationTuples(ctx, req.(*ListRelationTuplesRequest)) + } + return interceptor(ctx, in, info, handler) +} + +var _ReadService_serviceDesc = grpc.ServiceDesc{ + ServiceName: "keto.acl.v1.ReadService", + HandlerType: (*ReadServiceServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "ListRelationTuples", + Handler: _ReadService_ListRelationTuples_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "keto/acl/v1/read_service.proto", +} diff --git a/api/keto/acl/v1/watch_service.pb.go b/api/keto/acl/v1/watch_service.pb.go new file mode 100644 index 000000000..7fdb493ef --- /dev/null +++ b/api/keto/acl/v1/watch_service.pb.go @@ -0,0 +1,216 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.25.0 +// protoc v3.13.0 +// source: keto/acl/v1/watch_service.proto + +package acl + +import ( + proto "github.com/golang/protobuf/proto" + _ "google.golang.org/genproto/googleapis/api/annotations" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 + +// TODO WatchRelationTuplesRequest +type WatchRelationTuplesRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *WatchRelationTuplesRequest) Reset() { + *x = WatchRelationTuplesRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_acl_v1_watch_service_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *WatchRelationTuplesRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WatchRelationTuplesRequest) ProtoMessage() {} + +func (x *WatchRelationTuplesRequest) ProtoReflect() protoreflect.Message { + mi := &file_keto_acl_v1_watch_service_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WatchRelationTuplesRequest.ProtoReflect.Descriptor instead. +func (*WatchRelationTuplesRequest) Descriptor() ([]byte, []int) { + return file_keto_acl_v1_watch_service_proto_rawDescGZIP(), []int{0} +} + +// TODO WatchRelationTuplesResponse +type WatchRelationTuplesResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *WatchRelationTuplesResponse) Reset() { + *x = WatchRelationTuplesResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_acl_v1_watch_service_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *WatchRelationTuplesResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WatchRelationTuplesResponse) ProtoMessage() {} + +func (x *WatchRelationTuplesResponse) ProtoReflect() protoreflect.Message { + mi := &file_keto_acl_v1_watch_service_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WatchRelationTuplesResponse.ProtoReflect.Descriptor instead. +func (*WatchRelationTuplesResponse) Descriptor() ([]byte, []int) { + return file_keto_acl_v1_watch_service_proto_rawDescGZIP(), []int{1} +} + +var File_keto_acl_v1_watch_service_proto protoreflect.FileDescriptor + +var file_keto_acl_v1_watch_service_proto_rawDesc = []byte{ + 0x0a, 0x1f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x77, 0x61, + 0x74, 0x63, 0x68, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x12, 0x0b, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x1a, 0x15, + 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x63, 0x6c, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, + 0x69, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x1c, + 0x0a, 0x1a, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, + 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x1d, 0x0a, 0x1b, + 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, + 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0x93, 0x01, 0x0a, 0x0c, + 0x57, 0x61, 0x74, 0x63, 0x68, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x6a, 0x0a, 0x13, + 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, + 0x6c, 0x65, 0x73, 0x12, 0x27, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, + 0x31, 0x2e, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, + 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x6b, + 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x61, 0x74, 0x63, 0x68, + 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x30, 0x01, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, + 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, + 0x6d, 0x42, 0x6d, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, + 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x08, 0x41, 0x63, 0x6c, 0x50, 0x72, 0x6f, 0x74, + 0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, + 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, + 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, + 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, + 0x0f, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, + 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_keto_acl_v1_watch_service_proto_rawDescOnce sync.Once + file_keto_acl_v1_watch_service_proto_rawDescData = file_keto_acl_v1_watch_service_proto_rawDesc +) + +func file_keto_acl_v1_watch_service_proto_rawDescGZIP() []byte { + file_keto_acl_v1_watch_service_proto_rawDescOnce.Do(func() { + file_keto_acl_v1_watch_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_keto_acl_v1_watch_service_proto_rawDescData) + }) + return file_keto_acl_v1_watch_service_proto_rawDescData +} + +var file_keto_acl_v1_watch_service_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_keto_acl_v1_watch_service_proto_goTypes = []interface{}{ + (*WatchRelationTuplesRequest)(nil), // 0: keto.acl.v1.WatchRelationTuplesRequest + (*WatchRelationTuplesResponse)(nil), // 1: keto.acl.v1.WatchRelationTuplesResponse +} +var file_keto_acl_v1_watch_service_proto_depIdxs = []int32{ + 0, // 0: keto.acl.v1.WatchService.WatchRelationTuples:input_type -> keto.acl.v1.WatchRelationTuplesRequest + 1, // 1: keto.acl.v1.WatchService.WatchRelationTuples:output_type -> keto.acl.v1.WatchRelationTuplesResponse + 1, // [1:2] is the sub-list for method output_type + 0, // [0:1] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_keto_acl_v1_watch_service_proto_init() } +func file_keto_acl_v1_watch_service_proto_init() { + if File_keto_acl_v1_watch_service_proto != nil { + return + } + file_keto_acl_v1_acl_proto_init() + if !protoimpl.UnsafeEnabled { + file_keto_acl_v1_watch_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*WatchRelationTuplesRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_acl_v1_watch_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*WatchRelationTuplesResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_keto_acl_v1_watch_service_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_keto_acl_v1_watch_service_proto_goTypes, + DependencyIndexes: file_keto_acl_v1_watch_service_proto_depIdxs, + MessageInfos: file_keto_acl_v1_watch_service_proto_msgTypes, + }.Build() + File_keto_acl_v1_watch_service_proto = out.File + file_keto_acl_v1_watch_service_proto_rawDesc = nil + file_keto_acl_v1_watch_service_proto_goTypes = nil + file_keto_acl_v1_watch_service_proto_depIdxs = nil +} diff --git a/api/keto/acl/v1/watch_service.proto b/api/keto/acl/v1/watch_service.proto new file mode 100644 index 000000000..26b9580fa --- /dev/null +++ b/api/keto/acl/v1/watch_service.proto @@ -0,0 +1,26 @@ +syntax = "proto3"; + +package keto.acl.v1; + +import "keto/acl/v1/acl.proto"; +import "google/api/client.proto"; + +option go_package = "github.com/ory/keto/api/keto/acl/v1;acl"; +option csharp_namespace = "Ory.Keto.Acl.V1"; +option java_multiple_files = true; +option java_outer_classname = "AclProto"; +option java_package = "sh.ory.keto.acl.v1"; +option php_namespace = "Ory\\Keto\\Acl\\V1"; + +// The service to watch for changes in the system, +// such as for Access Control Lists and namespace configs. +service WatchService { + option (google.api.default_host) = "keto.exampleapis.com"; + // Watches and filters for changes in the ACL system. + rpc WatchRelationTuples(WatchRelationTuplesRequest) returns (stream WatchRelationTuplesResponse); +} + +// TODO WatchRelationTuplesRequest +message WatchRelationTuplesRequest {} +// TODO WatchRelationTuplesResponse +message WatchRelationTuplesResponse {} \ No newline at end of file diff --git a/api/keto/acl/v1/watch_service_grpc.pb.go b/api/keto/acl/v1/watch_service_grpc.pb.go new file mode 100644 index 000000000..317152a46 --- /dev/null +++ b/api/keto/acl/v1/watch_service_grpc.pb.go @@ -0,0 +1,124 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. + +package acl + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion7 + +// WatchServiceClient is the client API for WatchService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type WatchServiceClient interface { + // Watches and filters for changes in the ACL system. + WatchRelationTuples(ctx context.Context, in *WatchRelationTuplesRequest, opts ...grpc.CallOption) (WatchService_WatchRelationTuplesClient, error) +} + +type watchServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewWatchServiceClient(cc grpc.ClientConnInterface) WatchServiceClient { + return &watchServiceClient{cc} +} + +func (c *watchServiceClient) WatchRelationTuples(ctx context.Context, in *WatchRelationTuplesRequest, opts ...grpc.CallOption) (WatchService_WatchRelationTuplesClient, error) { + stream, err := c.cc.NewStream(ctx, &_WatchService_serviceDesc.Streams[0], "/keto.acl.v1.WatchService/WatchRelationTuples", opts...) + if err != nil { + return nil, err + } + x := &watchServiceWatchRelationTuplesClient{stream} + if err := x.ClientStream.SendMsg(in); err != nil { + return nil, err + } + if err := x.ClientStream.CloseSend(); err != nil { + return nil, err + } + return x, nil +} + +type WatchService_WatchRelationTuplesClient interface { + Recv() (*WatchRelationTuplesResponse, error) + grpc.ClientStream +} + +type watchServiceWatchRelationTuplesClient struct { + grpc.ClientStream +} + +func (x *watchServiceWatchRelationTuplesClient) Recv() (*WatchRelationTuplesResponse, error) { + m := new(WatchRelationTuplesResponse) + if err := x.ClientStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} + +// WatchServiceServer is the server API for WatchService service. +// All implementations should embed UnimplementedWatchServiceServer +// for forward compatibility +type WatchServiceServer interface { + // Watches and filters for changes in the ACL system. + WatchRelationTuples(*WatchRelationTuplesRequest, WatchService_WatchRelationTuplesServer) error +} + +// UnimplementedWatchServiceServer should be embedded to have forward compatible implementations. +type UnimplementedWatchServiceServer struct { +} + +func (UnimplementedWatchServiceServer) WatchRelationTuples(*WatchRelationTuplesRequest, WatchService_WatchRelationTuplesServer) error { + return status.Errorf(codes.Unimplemented, "method WatchRelationTuples not implemented") +} + +// UnsafeWatchServiceServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to WatchServiceServer will +// result in compilation errors. +type UnsafeWatchServiceServer interface { + mustEmbedUnimplementedWatchServiceServer() +} + +func RegisterWatchServiceServer(s grpc.ServiceRegistrar, srv WatchServiceServer) { + s.RegisterService(&_WatchService_serviceDesc, srv) +} + +func _WatchService_WatchRelationTuples_Handler(srv interface{}, stream grpc.ServerStream) error { + m := new(WatchRelationTuplesRequest) + if err := stream.RecvMsg(m); err != nil { + return err + } + return srv.(WatchServiceServer).WatchRelationTuples(m, &watchServiceWatchRelationTuplesServer{stream}) +} + +type WatchService_WatchRelationTuplesServer interface { + Send(*WatchRelationTuplesResponse) error + grpc.ServerStream +} + +type watchServiceWatchRelationTuplesServer struct { + grpc.ServerStream +} + +func (x *watchServiceWatchRelationTuplesServer) Send(m *WatchRelationTuplesResponse) error { + return x.ServerStream.SendMsg(m) +} + +var _WatchService_serviceDesc = grpc.ServiceDesc{ + ServiceName: "keto.acl.v1.WatchService", + HandlerType: (*WatchServiceServer)(nil), + Methods: []grpc.MethodDesc{}, + Streams: []grpc.StreamDesc{ + { + StreamName: "WatchRelationTuples", + Handler: _WatchService_WatchRelationTuples_Handler, + ServerStreams: true, + }, + }, + Metadata: "keto/acl/v1/watch_service.proto", +} diff --git a/api/keto/acl/v1/write_service.pb.go b/api/keto/acl/v1/write_service.pb.go new file mode 100644 index 000000000..2e02d1a8f --- /dev/null +++ b/api/keto/acl/v1/write_service.pb.go @@ -0,0 +1,379 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.25.0 +// protoc v3.13.0 +// source: keto/acl/v1/write_service.proto + +package acl + +import ( + proto "github.com/golang/protobuf/proto" + _ "google.golang.org/genproto/googleapis/api/annotations" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 + +type RelationTupleWriteDelta_Action int32 + +const ( + // Unspecified. + // The `WriteRelationTuples` rpc ignores this + // RelationTupleWriteDelta if no action is specified. + RelationTupleWriteDelta_ACTION_UNSPECIFIED RelationTupleWriteDelta_Action = 0 + // Insertion or if already exists, update of the RelationTuple. + RelationTupleWriteDelta_UPSERT RelationTupleWriteDelta_Action = 1 + // Insertion of the RelationTuple. + // The `WriteRelationTuples` rpc errors if the RelationTuple already exists. + RelationTupleWriteDelta_INSERT RelationTupleWriteDelta_Action = 2 + // Update of the existing RelationTuple. + // The `WriteRelationTuples` rpc errors if the RelationTuple does not exist. + RelationTupleWriteDelta_UPDATE RelationTupleWriteDelta_Action = 3 + // Deletion of the RelationTuple. + // The `WriteRelationTuples` rpc is silent and does not error in case + // the RelationTuple does not exist. + RelationTupleWriteDelta_DELETE RelationTupleWriteDelta_Action = 4 +) + +// Enum value maps for RelationTupleWriteDelta_Action. +var ( + RelationTupleWriteDelta_Action_name = map[int32]string{ + 0: "ACTION_UNSPECIFIED", + 1: "UPSERT", + 2: "INSERT", + 3: "UPDATE", + 4: "DELETE", + } + RelationTupleWriteDelta_Action_value = map[string]int32{ + "ACTION_UNSPECIFIED": 0, + "UPSERT": 1, + "INSERT": 2, + "UPDATE": 3, + "DELETE": 4, + } +) + +func (x RelationTupleWriteDelta_Action) Enum() *RelationTupleWriteDelta_Action { + p := new(RelationTupleWriteDelta_Action) + *p = x + return p +} + +func (x RelationTupleWriteDelta_Action) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (RelationTupleWriteDelta_Action) Descriptor() protoreflect.EnumDescriptor { + return file_keto_acl_v1_write_service_proto_enumTypes[0].Descriptor() +} + +func (RelationTupleWriteDelta_Action) Type() protoreflect.EnumType { + return &file_keto_acl_v1_write_service_proto_enumTypes[0] +} + +func (x RelationTupleWriteDelta_Action) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use RelationTupleWriteDelta_Action.Descriptor instead. +func (RelationTupleWriteDelta_Action) EnumDescriptor() ([]byte, []int) { + return file_keto_acl_v1_write_service_proto_rawDescGZIP(), []int{1, 0} +} + +type WriteRelationTuplesRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The write delta for the relation tuples operated in one single transaction. + // Either all actions commit or no change takes effect on error. + // + // The tuple's etag is used for a consistent read-modify-write request flow. + // If the etag is not present, the tuple is not validated against the state + // of the serverside tuple and get operated anyway. + RelationTupleDeltas []*RelationTupleWriteDelta `protobuf:"bytes,1,rep,name=relation_tuple_deltas,json=relationTupleDeltas,proto3" json:"relation_tuple_deltas,omitempty"` +} + +func (x *WriteRelationTuplesRequest) Reset() { + *x = WriteRelationTuplesRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_acl_v1_write_service_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *WriteRelationTuplesRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WriteRelationTuplesRequest) ProtoMessage() {} + +func (x *WriteRelationTuplesRequest) ProtoReflect() protoreflect.Message { + mi := &file_keto_acl_v1_write_service_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WriteRelationTuplesRequest.ProtoReflect.Descriptor instead. +func (*WriteRelationTuplesRequest) Descriptor() ([]byte, []int) { + return file_keto_acl_v1_write_service_proto_rawDescGZIP(), []int{0} +} + +func (x *WriteRelationTuplesRequest) GetRelationTupleDeltas() []*RelationTupleWriteDelta { + if x != nil { + return x.RelationTupleDeltas + } + return nil +} + +type RelationTupleWriteDelta struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The target RelationTuple. + RelationTuple *RelationTuple `protobuf:"bytes,1,opt,name=relation_tuple,json=relationTuple,proto3" json:"relation_tuple,omitempty"` +} + +func (x *RelationTupleWriteDelta) Reset() { + *x = RelationTupleWriteDelta{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_acl_v1_write_service_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RelationTupleWriteDelta) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RelationTupleWriteDelta) ProtoMessage() {} + +func (x *RelationTupleWriteDelta) ProtoReflect() protoreflect.Message { + mi := &file_keto_acl_v1_write_service_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RelationTupleWriteDelta.ProtoReflect.Descriptor instead. +func (*RelationTupleWriteDelta) Descriptor() ([]byte, []int) { + return file_keto_acl_v1_write_service_proto_rawDescGZIP(), []int{1} +} + +func (x *RelationTupleWriteDelta) GetRelationTuple() *RelationTuple { + if x != nil { + return x.RelationTuple + } + return nil +} + +type WriteRelationTuplesResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *WriteRelationTuplesResponse) Reset() { + *x = WriteRelationTuplesResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_acl_v1_write_service_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *WriteRelationTuplesResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WriteRelationTuplesResponse) ProtoMessage() {} + +func (x *WriteRelationTuplesResponse) ProtoReflect() protoreflect.Message { + mi := &file_keto_acl_v1_write_service_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WriteRelationTuplesResponse.ProtoReflect.Descriptor instead. +func (*WriteRelationTuplesResponse) Descriptor() ([]byte, []int) { + return file_keto_acl_v1_write_service_proto_rawDescGZIP(), []int{2} +} + +var File_keto_acl_v1_write_service_proto protoreflect.FileDescriptor + +var file_keto_acl_v1_write_service_proto_rawDesc = []byte{ + 0x0a, 0x1f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x77, 0x72, + 0x69, 0x74, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x12, 0x0b, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x1a, 0x15, + 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x63, 0x6c, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, + 0x69, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x76, + 0x0a, 0x1a, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, + 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x58, 0x0a, 0x15, + 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x5f, 0x64, + 0x65, 0x6c, 0x74, 0x61, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x6b, 0x65, + 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x57, 0x72, 0x69, 0x74, 0x65, 0x44, 0x65, 0x6c, 0x74, + 0x61, 0x52, 0x13, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, + 0x44, 0x65, 0x6c, 0x74, 0x61, 0x73, 0x22, 0xae, 0x01, 0x0a, 0x17, 0x52, 0x65, 0x6c, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x57, 0x72, 0x69, 0x74, 0x65, 0x44, 0x65, 0x6c, + 0x74, 0x61, 0x12, 0x41, 0x0a, 0x0e, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, + 0x75, 0x70, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, + 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x52, 0x0d, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x54, 0x75, 0x70, 0x6c, 0x65, 0x22, 0x50, 0x0a, 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, + 0x16, 0x0a, 0x12, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, + 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x50, 0x53, 0x45, 0x52, + 0x54, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x49, 0x4e, 0x53, 0x45, 0x52, 0x54, 0x10, 0x02, 0x12, + 0x0a, 0x0a, 0x06, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x10, 0x03, 0x12, 0x0a, 0x0a, 0x06, 0x44, + 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x04, 0x22, 0x1d, 0x0a, 0x1b, 0x57, 0x72, 0x69, 0x74, 0x65, + 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0x91, 0x01, 0x0a, 0x0c, 0x57, 0x72, 0x69, 0x74, 0x65, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x68, 0x0a, 0x13, 0x57, 0x72, 0x69, 0x74, 0x65, + 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, 0x27, + 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x72, 0x69, + 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, + 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, + 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, 0x6d, 0x0a, 0x12, 0x73, 0x68, + 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, + 0x42, 0x08, 0x41, 0x63, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, + 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, + 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, + 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, + 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, + 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, +} + +var ( + file_keto_acl_v1_write_service_proto_rawDescOnce sync.Once + file_keto_acl_v1_write_service_proto_rawDescData = file_keto_acl_v1_write_service_proto_rawDesc +) + +func file_keto_acl_v1_write_service_proto_rawDescGZIP() []byte { + file_keto_acl_v1_write_service_proto_rawDescOnce.Do(func() { + file_keto_acl_v1_write_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_keto_acl_v1_write_service_proto_rawDescData) + }) + return file_keto_acl_v1_write_service_proto_rawDescData +} + +var file_keto_acl_v1_write_service_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_keto_acl_v1_write_service_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_keto_acl_v1_write_service_proto_goTypes = []interface{}{ + (RelationTupleWriteDelta_Action)(0), // 0: keto.acl.v1.RelationTupleWriteDelta.Action + (*WriteRelationTuplesRequest)(nil), // 1: keto.acl.v1.WriteRelationTuplesRequest + (*RelationTupleWriteDelta)(nil), // 2: keto.acl.v1.RelationTupleWriteDelta + (*WriteRelationTuplesResponse)(nil), // 3: keto.acl.v1.WriteRelationTuplesResponse + (*RelationTuple)(nil), // 4: keto.acl.v1.RelationTuple +} +var file_keto_acl_v1_write_service_proto_depIdxs = []int32{ + 2, // 0: keto.acl.v1.WriteRelationTuplesRequest.relation_tuple_deltas:type_name -> keto.acl.v1.RelationTupleWriteDelta + 4, // 1: keto.acl.v1.RelationTupleWriteDelta.relation_tuple:type_name -> keto.acl.v1.RelationTuple + 1, // 2: keto.acl.v1.WriteService.WriteRelationTuples:input_type -> keto.acl.v1.WriteRelationTuplesRequest + 3, // 3: keto.acl.v1.WriteService.WriteRelationTuples:output_type -> keto.acl.v1.WriteRelationTuplesResponse + 3, // [3:4] is the sub-list for method output_type + 2, // [2:3] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_keto_acl_v1_write_service_proto_init() } +func file_keto_acl_v1_write_service_proto_init() { + if File_keto_acl_v1_write_service_proto != nil { + return + } + file_keto_acl_v1_acl_proto_init() + if !protoimpl.UnsafeEnabled { + file_keto_acl_v1_write_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*WriteRelationTuplesRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_acl_v1_write_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RelationTupleWriteDelta); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_acl_v1_write_service_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*WriteRelationTuplesResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_keto_acl_v1_write_service_proto_rawDesc, + NumEnums: 1, + NumMessages: 3, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_keto_acl_v1_write_service_proto_goTypes, + DependencyIndexes: file_keto_acl_v1_write_service_proto_depIdxs, + EnumInfos: file_keto_acl_v1_write_service_proto_enumTypes, + MessageInfos: file_keto_acl_v1_write_service_proto_msgTypes, + }.Build() + File_keto_acl_v1_write_service_proto = out.File + file_keto_acl_v1_write_service_proto_rawDesc = nil + file_keto_acl_v1_write_service_proto_goTypes = nil + file_keto_acl_v1_write_service_proto_depIdxs = nil +} diff --git a/api/keto/acl/v1/write_service.proto b/api/keto/acl/v1/write_service.proto new file mode 100644 index 000000000..864d50cf0 --- /dev/null +++ b/api/keto/acl/v1/write_service.proto @@ -0,0 +1,59 @@ +syntax = "proto3"; + +package keto.acl.v1; + +import "keto/acl/v1/acl.proto"; +import "google/api/client.proto"; + +option go_package = "github.com/ory/keto/api/keto/acl/v1;acl"; +option csharp_namespace = "Ory.Keto.Acl.V1"; +option java_multiple_files = true; +option java_outer_classname = "AclProto"; +option java_package = "sh.ory.keto.acl.v1"; +option php_namespace = "Ory\\Keto\\Acl\\V1"; + +// The write service to create and delete Access Control Lists. +service WriteService { + option (google.api.default_host) = "keto.exampleapis.com"; + // Writes one or more relation tuples in a single transaction. + rpc WriteRelationTuples(WriteRelationTuplesRequest) returns (WriteRelationTuplesResponse); +} + +message WriteRelationTuplesRequest { + // The write delta for the relation tuples operated in one single transaction. + // Either all actions commit or no change takes effect on error. + // + // The tuple's etag is used for a consistent read-modify-write request flow. + // If the etag is not present, the tuple is not validated against the state + // of the serverside tuple and get operated anyway. + repeated RelationTupleWriteDelta relation_tuple_deltas = 1; +} + +message RelationTupleWriteDelta { + enum Action { + // Unspecified. + // The `WriteRelationTuples` rpc ignores this + // RelationTupleWriteDelta if no action is specified. + ACTION_UNSPECIFIED = 0; + + // Insertion or if already exists, update of the RelationTuple. + UPSERT = 1; + + // Insertion of the RelationTuple. + // The `WriteRelationTuples` rpc errors if the RelationTuple already exists. + INSERT = 2; + + // Update of the existing RelationTuple. + // The `WriteRelationTuples` rpc errors if the RelationTuple does not exist. + UPDATE = 3; + + // Deletion of the RelationTuple. + // The `WriteRelationTuples` rpc is silent and does not error in case + // the RelationTuple does not exist. + DELETE = 4; + } + // The target RelationTuple. + RelationTuple relation_tuple = 1; +} + +message WriteRelationTuplesResponse {} \ No newline at end of file diff --git a/api/keto/acl/v1/write_service_grpc.pb.go b/api/keto/acl/v1/write_service_grpc.pb.go new file mode 100644 index 000000000..d202f5efc --- /dev/null +++ b/api/keto/acl/v1/write_service_grpc.pb.go @@ -0,0 +1,97 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. + +package acl + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion7 + +// WriteServiceClient is the client API for WriteService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type WriteServiceClient interface { + // Writes one or more relation tuples in a single transaction. + WriteRelationTuples(ctx context.Context, in *WriteRelationTuplesRequest, opts ...grpc.CallOption) (*WriteRelationTuplesResponse, error) +} + +type writeServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewWriteServiceClient(cc grpc.ClientConnInterface) WriteServiceClient { + return &writeServiceClient{cc} +} + +func (c *writeServiceClient) WriteRelationTuples(ctx context.Context, in *WriteRelationTuplesRequest, opts ...grpc.CallOption) (*WriteRelationTuplesResponse, error) { + out := new(WriteRelationTuplesResponse) + err := c.cc.Invoke(ctx, "/keto.acl.v1.WriteService/WriteRelationTuples", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// WriteServiceServer is the server API for WriteService service. +// All implementations should embed UnimplementedWriteServiceServer +// for forward compatibility +type WriteServiceServer interface { + // Writes one or more relation tuples in a single transaction. + WriteRelationTuples(context.Context, *WriteRelationTuplesRequest) (*WriteRelationTuplesResponse, error) +} + +// UnimplementedWriteServiceServer should be embedded to have forward compatible implementations. +type UnimplementedWriteServiceServer struct { +} + +func (UnimplementedWriteServiceServer) WriteRelationTuples(context.Context, *WriteRelationTuplesRequest) (*WriteRelationTuplesResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method WriteRelationTuples not implemented") +} + +// UnsafeWriteServiceServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to WriteServiceServer will +// result in compilation errors. +type UnsafeWriteServiceServer interface { + mustEmbedUnimplementedWriteServiceServer() +} + +func RegisterWriteServiceServer(s grpc.ServiceRegistrar, srv WriteServiceServer) { + s.RegisterService(&_WriteService_serviceDesc, srv) +} + +func _WriteService_WriteRelationTuples_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(WriteRelationTuplesRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(WriteServiceServer).WriteRelationTuples(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/keto.acl.v1.WriteService/WriteRelationTuples", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(WriteServiceServer).WriteRelationTuples(ctx, req.(*WriteRelationTuplesRequest)) + } + return interceptor(ctx, in, info, handler) +} + +var _WriteService_serviceDesc = grpc.ServiceDesc{ + ServiceName: "keto.acl.v1.WriteService", + HandlerType: (*WriteServiceServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "WriteRelationTuples", + Handler: _WriteService_WriteRelationTuples_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "keto/acl/v1/write_service.proto", +} diff --git a/buf/api/buf.yaml b/buf/api/buf.yaml index f681601de..3541e274b 100644 --- a/buf/api/buf.yaml +++ b/buf/api/buf.yaml @@ -5,6 +5,11 @@ build: lint: use: - DEFAULT + ignore: + - google + ignore_only: + ENUM_VALUE_PREFIX: + - keto/acl/v1/write_service.proto breaking: use: - PACKAGE \ No newline at end of file From c8b04c349e011fc74ca5f759b5377018dd12cb51 Mon Sep 17 00:00:00 2001 From: robinbraemer Date: Sat, 14 Nov 2020 16:41:41 +0100 Subject: [PATCH 06/21] correct java_outer_classname --- api/keto/acl/admin/v1/admin_service.proto | 2 +- api/keto/acl/node/v1/node_service.proto | 2 +- api/keto/acl/v1/check_service.proto | 2 +- api/keto/acl/v1/read_service.proto | 2 +- api/keto/acl/v1/watch_service.proto | 2 +- api/keto/acl/v1/write_service.proto | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/api/keto/acl/admin/v1/admin_service.proto b/api/keto/acl/admin/v1/admin_service.proto index 9edbdbc4c..61e0409ec 100644 --- a/api/keto/acl/admin/v1/admin_service.proto +++ b/api/keto/acl/admin/v1/admin_service.proto @@ -7,7 +7,7 @@ import "google/api/client.proto"; option go_package = "github.com/ory/keto/api/keto/acl/admin/v1;admin"; option csharp_namespace = "Ory.Keto.Acl.Admin.V1"; option java_multiple_files = true; -option java_outer_classname = "AdminProto"; +option java_outer_classname = "AdminServiceProto"; option java_package = "sh.ory.keto.acl.admin.v1"; option php_namespace = "Ory\\Keto\\Acl\\Admin\\V1"; diff --git a/api/keto/acl/node/v1/node_service.proto b/api/keto/acl/node/v1/node_service.proto index 50eaef054..6c6b4932e 100644 --- a/api/keto/acl/node/v1/node_service.proto +++ b/api/keto/acl/node/v1/node_service.proto @@ -5,7 +5,7 @@ package keto.acl.node.v1; option go_package = "github.com/ory/keto/api/keto/acl/node/v1;node"; option csharp_namespace = "Ory.Keto.Acl.Node.V1"; option java_multiple_files = true; -option java_outer_classname = "NodeProto"; +option java_outer_classname = "NodeServiceProto"; option java_package = "sh.ory.keto.acl.node.v1"; option php_namespace = "Ory\\Keto\\Acl\\Node\\V1"; diff --git a/api/keto/acl/v1/check_service.proto b/api/keto/acl/v1/check_service.proto index e17b15145..6be412c5e 100644 --- a/api/keto/acl/v1/check_service.proto +++ b/api/keto/acl/v1/check_service.proto @@ -8,7 +8,7 @@ import "google/api/client.proto"; option go_package = "github.com/ory/keto/api/keto/acl/v1;acl"; option csharp_namespace = "Ory.Keto.Acl.V1"; option java_multiple_files = true; -option java_outer_classname = "AclProto"; +option java_outer_classname = "CheckServiceProto"; option java_package = "sh.ory.keto.acl.v1"; option php_namespace = "Ory\\Keto\\Acl\\V1"; diff --git a/api/keto/acl/v1/read_service.proto b/api/keto/acl/v1/read_service.proto index d63c27d83..e8ad22b75 100644 --- a/api/keto/acl/v1/read_service.proto +++ b/api/keto/acl/v1/read_service.proto @@ -8,7 +8,7 @@ import "google/api/client.proto"; option go_package = "github.com/ory/keto/api/keto/acl/v1;acl"; option csharp_namespace = "Ory.Keto.Acl.V1"; option java_multiple_files = true; -option java_outer_classname = "AclProto"; +option java_outer_classname = "ReadServiceProto"; option java_package = "sh.ory.keto.acl.v1"; option php_namespace = "Ory\\Keto\\Acl\\V1"; diff --git a/api/keto/acl/v1/watch_service.proto b/api/keto/acl/v1/watch_service.proto index 26b9580fa..2bb199f0b 100644 --- a/api/keto/acl/v1/watch_service.proto +++ b/api/keto/acl/v1/watch_service.proto @@ -8,7 +8,7 @@ import "google/api/client.proto"; option go_package = "github.com/ory/keto/api/keto/acl/v1;acl"; option csharp_namespace = "Ory.Keto.Acl.V1"; option java_multiple_files = true; -option java_outer_classname = "AclProto"; +option java_outer_classname = "WatchServiceProto"; option java_package = "sh.ory.keto.acl.v1"; option php_namespace = "Ory\\Keto\\Acl\\V1"; diff --git a/api/keto/acl/v1/write_service.proto b/api/keto/acl/v1/write_service.proto index 864d50cf0..d1890bc24 100644 --- a/api/keto/acl/v1/write_service.proto +++ b/api/keto/acl/v1/write_service.proto @@ -8,7 +8,7 @@ import "google/api/client.proto"; option go_package = "github.com/ory/keto/api/keto/acl/v1;acl"; option csharp_namespace = "Ory.Keto.Acl.V1"; option java_multiple_files = true; -option java_outer_classname = "AclProto"; +option java_outer_classname = "WatchServiceProto"; option java_package = "sh.ory.keto.acl.v1"; option php_namespace = "Ory\\Keto\\Acl\\V1"; From 4b104d1586ab839b3fe12ca9a7c54585e96a43c0 Mon Sep 17 00:00:00 2001 From: robinbraemer Date: Mon, 16 Nov 2020 19:47:09 +0100 Subject: [PATCH 07/21] more comments & important improves --- api/keto/acl/admin/v1/admin_service.pb.go | 19 +- api/keto/acl/node/v1/node_service.pb.go | 18 +- api/keto/acl/v1/acl.pb.go | 100 ++++---- api/keto/acl/v1/acl.proto | 19 +- api/keto/acl/v1/check_service.pb.go | 101 +++++--- api/keto/acl/v1/check_service.proto | 47 ++-- api/keto/acl/v1/read_service.pb.go | 270 ++++++++++++++++------ api/keto/acl/v1/read_service.proto | 63 +++-- api/keto/acl/v1/watch_service.pb.go | 17 +- api/keto/acl/v1/write_service.pb.go | 40 +++- api/keto/acl/v1/write_service.proto | 13 +- 11 files changed, 475 insertions(+), 232 deletions(-) diff --git a/api/keto/acl/admin/v1/admin_service.pb.go b/api/keto/acl/admin/v1/admin_service.pb.go index 6d779b2ac..950cd2fe4 100644 --- a/api/keto/acl/admin/v1/admin_service.pb.go +++ b/api/keto/acl/admin/v1/admin_service.pb.go @@ -35,16 +35,17 @@ var file_keto_acl_admin_v1_admin_service_proto_rawDesc = []byte{ 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x32, 0x27, 0x0a, 0x0c, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, - 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, 0x89, 0x01, 0x0a, + 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, 0x90, 0x01, 0x0a, 0x18, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, - 0x2e, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x76, 0x31, 0x42, 0x0a, 0x41, 0x64, 0x6d, 0x69, 0x6e, - 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, - 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2f, - 0x76, 0x31, 0x3b, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0xaa, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x2e, 0x4b, - 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x56, 0x31, - 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, - 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x2e, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x76, 0x31, 0x42, 0x11, 0x41, 0x64, 0x6d, 0x69, 0x6e, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2f, + 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, + 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, + 0x2f, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0xaa, + 0x02, 0x15, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x41, + 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, + 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x5c, 0x56, 0x31, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var file_keto_acl_admin_v1_admin_service_proto_goTypes = []interface{}{} diff --git a/api/keto/acl/node/v1/node_service.pb.go b/api/keto/acl/node/v1/node_service.pb.go index b5fb86e7b..40a0e0396 100644 --- a/api/keto/acl/node/v1/node_service.pb.go +++ b/api/keto/acl/node/v1/node_service.pb.go @@ -31,16 +31,16 @@ var file_keto_acl_node_v1_node_service_proto_rawDesc = []byte{ 0x76, 0x31, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x10, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x6e, 0x6f, 0x64, 0x65, 0x2e, 0x76, 0x31, 0x32, 0x0d, 0x0a, 0x0b, 0x4e, 0x6f, 0x64, 0x65, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x42, 0x83, 0x01, 0x0a, 0x17, 0x73, 0x68, 0x2e, 0x6f, 0x72, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x42, 0x8a, 0x01, 0x0a, 0x17, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x6e, 0x6f, 0x64, 0x65, 0x2e, - 0x76, 0x31, 0x42, 0x09, 0x4e, 0x6f, 0x64, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, - 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, - 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, - 0x6c, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2f, 0x76, 0x31, 0x3b, 0x6e, 0x6f, 0x64, 0x65, 0xaa, 0x02, - 0x14, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x4e, 0x6f, - 0x64, 0x65, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x14, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, - 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x4e, 0x6f, 0x64, 0x65, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x33, + 0x76, 0x31, 0x42, 0x10, 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, + 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, + 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, + 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2f, 0x76, 0x31, + 0x3b, 0x6e, 0x6f, 0x64, 0x65, 0xaa, 0x02, 0x14, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, + 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x14, 0x4f, + 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x4e, 0x6f, 0x64, 0x65, + 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var file_keto_acl_node_v1_node_service_proto_goTypes = []interface{}{} diff --git a/api/keto/acl/v1/acl.pb.go b/api/keto/acl/v1/acl.pb.go index bdc762b46..364f3e9a5 100644 --- a/api/keto/acl/v1/acl.pb.go +++ b/api/keto/acl/v1/acl.pb.go @@ -39,10 +39,10 @@ type RelationTuple struct { // The relation between an Object and a Subject. Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` // The subject related by this tuple. - // It either is a concrete subject id or - // or a subject set expanding to more Subjects. + // A Subject either represents a concrete subject id or + // a SubjectSet that expands to more Subjects. Subject *Subject `protobuf:"bytes,3,opt,name=subject,proto3" json:"subject,omitempty"` - // Used to perform a consistent read-modify-write. + // Used to perform a consistent read-modify-write (lock). Etag string `protobuf:"bytes,4,opt,name=etag,proto3" json:"etag,omitempty"` } @@ -175,10 +175,12 @@ type Subject struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // Types that are assignable to Type: - // *Subject_SubjectId - // *Subject_SubjectSet - Type isSubject_Type `protobuf_oneof:"type"` + // The reference of this abstract subject. + // + // Types that are assignable to Ref: + // *Subject_Id + // *Subject_Set + Ref isSubject_Ref `protobuf_oneof:"ref"` } func (x *Subject) Reset() { @@ -213,47 +215,49 @@ func (*Subject) Descriptor() ([]byte, []int) { return file_keto_acl_v1_acl_proto_rawDescGZIP(), []int{2} } -func (m *Subject) GetType() isSubject_Type { +func (m *Subject) GetRef() isSubject_Ref { if m != nil { - return m.Type + return m.Ref } return nil } -func (x *Subject) GetSubjectId() string { - if x, ok := x.GetType().(*Subject_SubjectId); ok { - return x.SubjectId +func (x *Subject) GetId() string { + if x, ok := x.GetRef().(*Subject_Id); ok { + return x.Id } return "" } -func (x *Subject) GetSubjectSet() *SubjectSet { - if x, ok := x.GetType().(*Subject_SubjectSet); ok { - return x.SubjectSet +func (x *Subject) GetSet() *SubjectSet { + if x, ok := x.GetRef().(*Subject_Set); ok { + return x.Set } return nil } -type isSubject_Type interface { - isSubject_Type() +type isSubject_Ref interface { + isSubject_Ref() } -type Subject_SubjectId struct { - // The concrete id of the subject. - SubjectId string `protobuf:"bytes,1,opt,name=subject_id,json=subjectId,proto3,oneof"` +type Subject_Id struct { + // A concrete id of the subject. + Id string `protobuf:"bytes,1,opt,name=id,proto3,oneof"` } -type Subject_SubjectSet struct { - // The subject set that expands to more Subjects. - SubjectSet *SubjectSet `protobuf:"bytes,2,opt,name=subject_set,json=subjectSet,proto3,oneof"` +type Subject_Set struct { + // A subject set that expands to more Subjects + // (used for inheritance). + Set *SubjectSet `protobuf:"bytes,2,opt,name=set,proto3,oneof"` } -func (*Subject_SubjectId) isSubject_Type() {} +func (*Subject_Id) isSubject_Ref() {} -func (*Subject_SubjectSet) isSubject_Type() {} +func (*Subject_Set) isSubject_Ref() {} // SubjectSet refers to all subjects which have // the same `relation` to an `object`. +// Also used for inheritance. type SubjectSet struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -329,27 +333,25 @@ var file_keto_acl_v1_acl_proto_rawDesc = []byte{ 0x74, 0x61, 0x67, 0x22, 0x36, 0x0a, 0x06, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, - 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x22, 0x6e, 0x0a, 0x07, 0x53, - 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1f, 0x0a, 0x0a, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, - 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x09, 0x73, 0x75, - 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x3a, 0x0a, 0x0b, 0x73, 0x75, 0x62, 0x6a, 0x65, - 0x63, 0x74, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x6b, - 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, - 0x63, 0x74, 0x53, 0x65, 0x74, 0x48, 0x00, 0x52, 0x0a, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, - 0x53, 0x65, 0x74, 0x42, 0x06, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x22, 0x55, 0x0a, 0x0a, 0x53, - 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x12, 0x2b, 0x0a, 0x06, 0x6f, 0x62, 0x6a, - 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x6b, 0x65, 0x74, 0x6f, - 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, - 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x42, 0x6d, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, - 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x08, 0x41, 0x63, 0x6c, 0x50, 0x72, 0x6f, - 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, - 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, - 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, - 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, - 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x22, 0x4f, 0x0a, 0x07, 0x53, + 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x10, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x48, 0x00, 0x52, 0x02, 0x69, 0x64, 0x12, 0x2b, 0x0a, 0x03, 0x73, 0x65, 0x74, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, + 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x48, 0x00, + 0x52, 0x03, 0x73, 0x65, 0x74, 0x42, 0x05, 0x0a, 0x03, 0x72, 0x65, 0x66, 0x22, 0x55, 0x0a, 0x0a, + 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x12, 0x2b, 0x0a, 0x06, 0x6f, 0x62, + 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x6b, 0x65, 0x74, + 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, + 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x42, 0x6d, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, + 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x08, 0x41, 0x63, 0x6c, 0x50, 0x72, + 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, + 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, + 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, + 0x0f, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, + 0xca, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, + 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -374,7 +376,7 @@ var file_keto_acl_v1_acl_proto_goTypes = []interface{}{ var file_keto_acl_v1_acl_proto_depIdxs = []int32{ 1, // 0: keto.acl.v1.RelationTuple.object:type_name -> keto.acl.v1.Object 2, // 1: keto.acl.v1.RelationTuple.subject:type_name -> keto.acl.v1.Subject - 3, // 2: keto.acl.v1.Subject.subject_set:type_name -> keto.acl.v1.SubjectSet + 3, // 2: keto.acl.v1.Subject.set:type_name -> keto.acl.v1.SubjectSet 1, // 3: keto.acl.v1.SubjectSet.object:type_name -> keto.acl.v1.Object 4, // [4:4] is the sub-list for method output_type 4, // [4:4] is the sub-list for method input_type @@ -439,8 +441,8 @@ func file_keto_acl_v1_acl_proto_init() { } } file_keto_acl_v1_acl_proto_msgTypes[2].OneofWrappers = []interface{}{ - (*Subject_SubjectId)(nil), - (*Subject_SubjectSet)(nil), + (*Subject_Id)(nil), + (*Subject_Set)(nil), } type x struct{} out := protoimpl.TypeBuilder{ diff --git a/api/keto/acl/v1/acl.proto b/api/keto/acl/v1/acl.proto index 10a69baf0..8bac93410 100644 --- a/api/keto/acl/v1/acl.proto +++ b/api/keto/acl/v1/acl.proto @@ -20,10 +20,10 @@ message RelationTuple { // The relation between an Object and a Subject. string relation = 2; // The subject related by this tuple. - // It either is a concrete subject id or - // or a subject set expanding to more Subjects. + // A Subject either represents a concrete subject id or + // a SubjectSet that expands to more Subjects. Subject subject = 3; - // Used to perform a consistent read-modify-write. + // Used to perform a consistent read-modify-write (lock). string etag = 4; } @@ -42,16 +42,19 @@ message Object { // Subject is either a concrete subject id or // a subject set expanding to more Subjects. message Subject { - oneof type { - // The concrete id of the subject. - string subject_id = 1; - // The subject set that expands to more Subjects. - SubjectSet subject_set = 2; + // The reference of this abstract subject. + oneof ref { + // A concrete id of the subject. + string id = 1; + // A subject set that expands to more Subjects + // (used for inheritance). + SubjectSet set = 2; } } // SubjectSet refers to all subjects which have // the same `relation` to an `object`. +// Also used for inheritance. message SubjectSet { // The object selected by the subjects. Object object = 1; diff --git a/api/keto/acl/v1/check_service.pb.go b/api/keto/acl/v1/check_service.pb.go index 937542670..08997d361 100644 --- a/api/keto/acl/v1/check_service.pb.go +++ b/api/keto/acl/v1/check_service.pb.go @@ -26,6 +26,8 @@ const ( // of the legacy proto package is being used. const _ = proto.ProtoPackageIsVersion4 +// The request for a CheckService.Check rpc. +// Checks whether a specific subject is related to an object. type CheckRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -37,20 +39,25 @@ type CheckRequest struct { Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` // The concrete subject id to check. SubjectId string `protobuf:"bytes,3,opt,name=subject_id,json=subjectId,proto3" json:"subject_id,omitempty"` - // Optional. The least snapshot time of the used - // serverside data to compute the response of this check. + // Optional. The staleness bound of this check. // - // If specified requests to perform - // the check on only near up to-date ACLs. + // It specifies the clients last known snapshot token + // that the server uses to only check against ACLs newer + // than specified token snapshot in order to compute the + // result of this check. // - // *This recommended for low latency and where checks - // are allowed to perform on ACLs that are a bit stale - // (stale => not up to date, but still only differs some - // millis or seconds). + // Leave this field blank if... + // - your application strictly requires to act on up-to-date data + // - your application not yet has a snaptoken on the related data (e.g. user) // - // If not specified performs the check on most up to-date - // ACLs in case it is strictly required to do so. - Zookie []byte `protobuf:"bytes,4,opt,name=zookie,proto3" json:"zookie,omitempty"` + // If the specified token is too old, the server tries to fallback and + // find the best snapshot token to perform the check using least stale + // ACLs that very likely already got replicated. + // + // *It is recommended to perform checks using slightly stale + // data (e.g. token older than 3-10 seconds) for minimum latency + // and where the application is allowed to accept slightly off checks. + Snaptoken []byte `protobuf:"bytes,4,opt,name=snaptoken,proto3" json:"snaptoken,omitempty"` } func (x *CheckRequest) Reset() { @@ -106,21 +113,35 @@ func (x *CheckRequest) GetSubjectId() string { return "" } -func (x *CheckRequest) GetZookie() []byte { +func (x *CheckRequest) GetSnaptoken() []byte { if x != nil { - return x.Zookie + return x.Snaptoken } return nil } +// The response for a CheckService.Check rpc. type CheckResponse struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // True if the specified subject id - // is related to the requested Object. + // Whether the specified subject (id) + // is related to the requested object. + // + // It is false by default if no ACL matches. Allowed bool `protobuf:"varint,1,opt,name=allowed,proto3" json:"allowed,omitempty"` + // The last known snapshot token ONLY specified if + // the request had not specified a snaptoken, + // since this performed a "content-change request" + // and consistently fetched the last known snapshot token. + // + // This field is not set if the request had specified a snaptoken! + // + // If set, clients should cache and use this token + // for subsequent requests to have minimal latency, + // but allow slightly stale responses (only some milliseconds or seconds). + Snaptoken []byte `protobuf:"bytes,2,opt,name=snaptoken,proto3" json:"snaptoken,omitempty"` } func (x *CheckResponse) Reset() { @@ -162,6 +183,13 @@ func (x *CheckResponse) GetAllowed() bool { return false } +func (x *CheckResponse) GetSnaptoken() []byte { + if x != nil { + return x.Snaptoken + } + return nil +} + var File_keto_acl_v1_check_service_proto protoreflect.FileDescriptor var file_keto_acl_v1_check_service_proto_rawDesc = []byte{ @@ -170,7 +198,7 @@ var file_keto_acl_v1_check_service_proto_rawDesc = []byte{ 0x6f, 0x12, 0x0b, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x1a, 0x15, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x63, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, - 0x69, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x8e, + 0x69, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x94, 0x01, 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2b, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, @@ -178,25 +206,28 @@ var file_keto_acl_v1_check_service_proto_rawDesc = []byte{ 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x75, - 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x7a, 0x6f, 0x6f, 0x6b, 0x69, - 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x7a, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x22, - 0x29, 0x0a, 0x0d, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x12, 0x18, 0x0a, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x08, 0x52, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x32, 0x67, 0x0a, 0x0c, 0x43, 0x68, - 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x3e, 0x0a, 0x05, 0x43, 0x68, - 0x65, 0x63, 0x6b, 0x12, 0x19, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, - 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, - 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x68, 0x65, - 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, - 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, - 0x63, 0x6f, 0x6d, 0x42, 0x6d, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, - 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x08, 0x41, 0x63, 0x6c, 0x50, 0x72, - 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, - 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, - 0x0f, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, - 0xca, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, - 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, + 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, + 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x47, 0x0a, 0x0d, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, + 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, + 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x32, 0x67, + 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x3e, + 0x0a, 0x05, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x19, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, + 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, + 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, + 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, + 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, 0x76, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, + 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x11, 0x43, + 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, + 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, + 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, + 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, + 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, + 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/api/keto/acl/v1/check_service.proto b/api/keto/acl/v1/check_service.proto index 6be412c5e..6ce24474c 100644 --- a/api/keto/acl/v1/check_service.proto +++ b/api/keto/acl/v1/check_service.proto @@ -20,6 +20,8 @@ service CheckService { rpc Check(CheckRequest) returns (CheckResponse); } +// The request for a CheckService.Check rpc. +// Checks whether a specific subject is related to an object. message CheckRequest { // The related object in this check. Object object = 1; @@ -27,24 +29,43 @@ message CheckRequest { string relation = 2; // The concrete subject id to check. string subject_id = 3; - // Optional. The least snapshot time of the used - // serverside data to compute the response of this check. + // Optional. The staleness bound of this check. // - // If specified requests to perform - // the check on only near up to-date ACLs. + // It specifies the clients last known snapshot token + // that the server uses to only check against ACLs newer + // than specified token snapshot in order to compute the + // result of this check. // - // *This recommended for low latency and where checks - // are allowed to perform on ACLs that are a bit stale - // (stale => not up to date, but still only differs some - // millis or seconds). + // Leave this field blank if... + // - your application strictly requires to act on up-to-date data + // - your application not yet has a snaptoken on the related data (e.g. user) // - // If not specified performs the check on most up to-date - // ACLs in case it is strictly required to do so. - bytes zookie = 4; + // If the specified token is too old, the server tries to fallback and + // find the best snapshot token to perform the check using least stale + // ACLs that very likely already got replicated. + // + // *It is recommended to perform checks using slightly stale + // data (e.g. token older than 3-10 seconds) for minimum latency + // and where the application is allowed to accept slightly off checks. + bytes snaptoken = 4; } +// The response for a CheckService.Check rpc. message CheckResponse { - // True if the specified subject id - // is related to the requested Object. + // Whether the specified subject (id) + // is related to the requested object. + // + // It is false by default if no ACL matches. bool allowed = 1; + // The last known snapshot token ONLY specified if + // the request had not specified a snaptoken, + // since this performed a "content-change request" + // and consistently fetched the last known snapshot token. + // + // This field is not set if the request had specified a snaptoken! + // + // If set, clients should cache and use this token + // for subsequent requests to have minimal latency, + // but allow slightly stale responses (only some milliseconds or seconds). + bytes snaptoken = 2; } \ No newline at end of file diff --git a/api/keto/acl/v1/read_service.pb.go b/api/keto/acl/v1/read_service.pb.go index c94c40042..b169ebcbf 100644 --- a/api/keto/acl/v1/read_service.pb.go +++ b/api/keto/acl/v1/read_service.pb.go @@ -9,6 +9,7 @@ package acl import ( proto "github.com/golang/protobuf/proto" _ "google.golang.org/genproto/googleapis/api/annotations" + field_mask "google.golang.org/genproto/protobuf/field_mask" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" @@ -26,28 +27,34 @@ const ( // of the legacy proto package is being used. const _ = proto.ProtoPackageIsVersion4 +// Request for ReadService.ListRelationTuples rpc. +// See ListRelationTuplesRequest_Query for more querying details. type ListRelationTuplesRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // The filter to query for relation tuples. - // If none specified - // TODO RelationTuple listing and querying is a quite more involved task than only passing in a Query structure - // TODO e.g. filter by namespace, object, relation, subject, commit_time (create time) in combination with logical OR/AND operators - // TODO See https://google.aip.dev/160 - // TODO We should use an expression engine for evaluation and SQL query building - Filter string `protobuf:"bytes,1,opt,name=filter,proto3" json:"filter,omitempty"` - // The ordering of the queried relation tuples. - // TODO See https://google.aip.dev/132 - OrderBy string `protobuf:"bytes,2,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"` - // Optional. The least snapshot time of - // the used serverside data in the response. - Zookie []byte `protobuf:"bytes,3,opt,name=zookie,proto3" json:"zookie,omitempty"` - // Optional. The maximum number of RelationTuples to return in the response. + // All field constraints are concatenated + // with a logical AND operator. + // An unspecified field specifies a `*` wildcard match. + Query *ListRelationTuplesRequest_Query `protobuf:"bytes,1,opt,name=query,proto3" json:"query,omitempty"` + // Optional. The list of fields to be expanded + // in the RelationTuple list returned in `ListRelationTuplesResponse`. + // Leaving this field unspecified means all fields are expanded. + // + // Available fields: + // "object", "relation", "subject", + // "object.namespace","object.id", + // "subject.id", "subject.set" + ExpandMask *field_mask.FieldMask `protobuf:"bytes,2,opt,name=expand_mask,json=expandMask,proto3" json:"expand_mask,omitempty"` + // Optional. The snapshot token for this read. + Snaptoken []byte `protobuf:"bytes,3,opt,name=snaptoken,proto3" json:"snaptoken,omitempty"` + // Optional. The maximum number of + // RelationTuples to return in the response. PageSize int32 `protobuf:"varint,4,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"` - // Optional. A pagination token returned from a previous call to `ListRelationTuples` - // that indicates where this listing should continue from. + // Optional. A pagination token returned from + // a previous call to `ListRelationTuples` that + // indicates where this listing should continue from. PageToken string `protobuf:"bytes,5,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"` } @@ -83,23 +90,23 @@ func (*ListRelationTuplesRequest) Descriptor() ([]byte, []int) { return file_keto_acl_v1_read_service_proto_rawDescGZIP(), []int{0} } -func (x *ListRelationTuplesRequest) GetFilter() string { +func (x *ListRelationTuplesRequest) GetQuery() *ListRelationTuplesRequest_Query { if x != nil { - return x.Filter + return x.Query } - return "" + return nil } -func (x *ListRelationTuplesRequest) GetOrderBy() string { +func (x *ListRelationTuplesRequest) GetExpandMask() *field_mask.FieldMask { if x != nil { - return x.OrderBy + return x.ExpandMask } - return "" + return nil } -func (x *ListRelationTuplesRequest) GetZookie() []byte { +func (x *ListRelationTuplesRequest) GetSnaptoken() []byte { if x != nil { - return x.Zookie + return x.Snaptoken } return nil } @@ -128,6 +135,10 @@ type ListRelationTuplesResponse struct { RelationTuples []*RelationTuple `protobuf:"bytes,1,rep,name=relation_tuples,json=relationTuples,proto3" json:"relation_tuples,omitempty"` // Optional. A pagination token returned from a previous call to `ListRelationTuples` // that indicates where this listing should continue from. + // + // All fields of the subsequent ListRelationTuplesRequest request + // using this `next_page_token` as the `page_token` are ignored and + // CAN be left blank, since the request's data is baked in this `next_page_token`. NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"` } @@ -177,6 +188,83 @@ func (x *ListRelationTuplesResponse) GetNextPageToken() string { return "" } +// The query for listing relation tuples. +// Clients can specify any optional field to +// partially filter for specific relation tuples. +// +// Example use cases: +// - object only: display a list of all rules of one object +// - relation only: get all groups that have members; e.g. get all directories that have content +// - object & relation: display all subjects that have e.g. write relation +// - subject & relation: display all groups a subject belongs to/display all objects a subject has access to +// - object & relation & subject: check whether the relation tuple already exists, before writing it +// +type ListRelationTuplesRequest_Query struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Optional. + Object *Object `protobuf:"bytes,1,opt,name=object,proto3" json:"object,omitempty"` + // Optional. + Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` + // Optional. + Subject *Subject `protobuf:"bytes,3,opt,name=subject,proto3" json:"subject,omitempty"` +} + +func (x *ListRelationTuplesRequest_Query) Reset() { + *x = ListRelationTuplesRequest_Query{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_acl_v1_read_service_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ListRelationTuplesRequest_Query) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListRelationTuplesRequest_Query) ProtoMessage() {} + +func (x *ListRelationTuplesRequest_Query) ProtoReflect() protoreflect.Message { + mi := &file_keto_acl_v1_read_service_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListRelationTuplesRequest_Query.ProtoReflect.Descriptor instead. +func (*ListRelationTuplesRequest_Query) Descriptor() ([]byte, []int) { + return file_keto_acl_v1_read_service_proto_rawDescGZIP(), []int{0, 0} +} + +func (x *ListRelationTuplesRequest_Query) GetObject() *Object { + if x != nil { + return x.Object + } + return nil +} + +func (x *ListRelationTuplesRequest_Query) GetRelation() string { + if x != nil { + return x.Relation + } + return "" +} + +func (x *ListRelationTuplesRequest_Query) GetSubject() *Subject { + if x != nil { + return x.Subject + } + return nil +} + var File_keto_acl_v1_read_service_proto protoreflect.FileDescriptor var file_keto_acl_v1_read_service_proto_rawDesc = []byte{ @@ -185,43 +273,59 @@ var file_keto_acl_v1_read_service_proto_rawDesc = []byte{ 0x12, 0x0b, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x1a, 0x15, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x63, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, - 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xa2, 0x01, - 0x0a, 0x19, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, - 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x66, - 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x66, 0x69, 0x6c, - 0x74, 0x65, 0x72, 0x12, 0x19, 0x0a, 0x08, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x5f, 0x62, 0x79, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x42, 0x79, 0x12, 0x16, - 0x0a, 0x06, 0x7a, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, - 0x7a, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, - 0x69, 0x7a, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x70, 0x61, 0x67, 0x65, 0x53, - 0x69, 0x7a, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, - 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, - 0x65, 0x6e, 0x22, 0x89, 0x01, 0x0a, 0x1a, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x12, 0x43, 0x0a, 0x0f, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, - 0x70, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, - 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x52, 0x0e, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x70, - 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0d, 0x6e, 0x65, 0x78, 0x74, 0x50, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x32, 0x8d, - 0x01, 0x0a, 0x0b, 0x52, 0x65, 0x61, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x65, - 0x0a, 0x12, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, - 0x70, 0x6c, 0x65, 0x73, 0x12, 0x26, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, - 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, - 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, 0x6b, + 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x66, + 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, + 0xf9, 0x02, 0x0a, 0x19, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x42, 0x0a, + 0x05, 0x71, 0x75, 0x65, 0x72, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, - 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, 0x6d, - 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, - 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x08, 0x41, 0x63, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, - 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, - 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, - 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x2e, - 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, 0x4f, 0x72, - 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x05, 0x71, 0x75, 0x65, 0x72, + 0x79, 0x12, 0x3b, 0x0a, 0x0b, 0x65, 0x78, 0x70, 0x61, 0x6e, 0x64, 0x5f, 0x6d, 0x61, 0x73, 0x6b, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4d, 0x61, + 0x73, 0x6b, 0x52, 0x0a, 0x65, 0x78, 0x70, 0x61, 0x6e, 0x64, 0x4d, 0x61, 0x73, 0x6b, 0x12, 0x1c, + 0x0a, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x0c, 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1b, 0x0a, 0x09, + 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, + 0x08, 0x70, 0x61, 0x67, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x67, + 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, + 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x1a, 0x80, 0x01, 0x0a, 0x05, 0x51, 0x75, 0x65, + 0x72, 0x79, 0x12, 0x2b, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, + 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, + 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2e, 0x0a, 0x07, 0x73, + 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6b, + 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, + 0x63, 0x74, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x22, 0x89, 0x01, 0x0a, 0x1a, + 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, + 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x43, 0x0a, 0x0f, 0x72, 0x65, + 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, + 0x31, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x52, + 0x0e, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, + 0x26, 0x0a, 0x0f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, + 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6e, 0x65, 0x78, 0x74, 0x50, 0x61, + 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x32, 0x8d, 0x01, 0x0a, 0x0b, 0x52, 0x65, 0x61, 0x64, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x65, 0x0a, 0x12, 0x4c, 0x69, 0x73, 0x74, 0x52, + 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, 0x26, 0x2e, + 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, + 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, + 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, + 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, + 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, 0x75, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, + 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x10, 0x52, + 0x65, 0x61, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, + 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, + 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, + 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, 0x79, + 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, 0x4f, + 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -236,21 +340,29 @@ func file_keto_acl_v1_read_service_proto_rawDescGZIP() []byte { return file_keto_acl_v1_read_service_proto_rawDescData } -var file_keto_acl_v1_read_service_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_keto_acl_v1_read_service_proto_msgTypes = make([]protoimpl.MessageInfo, 3) var file_keto_acl_v1_read_service_proto_goTypes = []interface{}{ - (*ListRelationTuplesRequest)(nil), // 0: keto.acl.v1.ListRelationTuplesRequest - (*ListRelationTuplesResponse)(nil), // 1: keto.acl.v1.ListRelationTuplesResponse - (*RelationTuple)(nil), // 2: keto.acl.v1.RelationTuple + (*ListRelationTuplesRequest)(nil), // 0: keto.acl.v1.ListRelationTuplesRequest + (*ListRelationTuplesResponse)(nil), // 1: keto.acl.v1.ListRelationTuplesResponse + (*ListRelationTuplesRequest_Query)(nil), // 2: keto.acl.v1.ListRelationTuplesRequest.Query + (*field_mask.FieldMask)(nil), // 3: google.protobuf.FieldMask + (*RelationTuple)(nil), // 4: keto.acl.v1.RelationTuple + (*Object)(nil), // 5: keto.acl.v1.Object + (*Subject)(nil), // 6: keto.acl.v1.Subject } var file_keto_acl_v1_read_service_proto_depIdxs = []int32{ - 2, // 0: keto.acl.v1.ListRelationTuplesResponse.relation_tuples:type_name -> keto.acl.v1.RelationTuple - 0, // 1: keto.acl.v1.ReadService.ListRelationTuples:input_type -> keto.acl.v1.ListRelationTuplesRequest - 1, // 2: keto.acl.v1.ReadService.ListRelationTuples:output_type -> keto.acl.v1.ListRelationTuplesResponse - 2, // [2:3] is the sub-list for method output_type - 1, // [1:2] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name + 2, // 0: keto.acl.v1.ListRelationTuplesRequest.query:type_name -> keto.acl.v1.ListRelationTuplesRequest.Query + 3, // 1: keto.acl.v1.ListRelationTuplesRequest.expand_mask:type_name -> google.protobuf.FieldMask + 4, // 2: keto.acl.v1.ListRelationTuplesResponse.relation_tuples:type_name -> keto.acl.v1.RelationTuple + 5, // 3: keto.acl.v1.ListRelationTuplesRequest.Query.object:type_name -> keto.acl.v1.Object + 6, // 4: keto.acl.v1.ListRelationTuplesRequest.Query.subject:type_name -> keto.acl.v1.Subject + 0, // 5: keto.acl.v1.ReadService.ListRelationTuples:input_type -> keto.acl.v1.ListRelationTuplesRequest + 1, // 6: keto.acl.v1.ReadService.ListRelationTuples:output_type -> keto.acl.v1.ListRelationTuplesResponse + 6, // [6:7] is the sub-list for method output_type + 5, // [5:6] is the sub-list for method input_type + 5, // [5:5] is the sub-list for extension type_name + 5, // [5:5] is the sub-list for extension extendee + 0, // [0:5] is the sub-list for field type_name } func init() { file_keto_acl_v1_read_service_proto_init() } @@ -284,6 +396,18 @@ func file_keto_acl_v1_read_service_proto_init() { return nil } } + file_keto_acl_v1_read_service_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ListRelationTuplesRequest_Query); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } } type x struct{} out := protoimpl.TypeBuilder{ @@ -291,7 +415,7 @@ func file_keto_acl_v1_read_service_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_keto_acl_v1_read_service_proto_rawDesc, NumEnums: 0, - NumMessages: 2, + NumMessages: 3, NumExtensions: 0, NumServices: 1, }, diff --git a/api/keto/acl/v1/read_service.proto b/api/keto/acl/v1/read_service.proto index e8ad22b75..7618bc85c 100644 --- a/api/keto/acl/v1/read_service.proto +++ b/api/keto/acl/v1/read_service.proto @@ -4,6 +4,7 @@ package keto.acl.v1; import "keto/acl/v1/acl.proto"; import "google/api/client.proto"; +import "google/protobuf/field_mask.proto"; option go_package = "github.com/ory/keto/api/keto/acl/v1;acl"; option csharp_namespace = "Ory.Keto.Acl.V1"; @@ -19,26 +20,50 @@ service ReadService { rpc ListRelationTuples(ListRelationTuplesRequest) returns (ListRelationTuplesResponse); } +// Request for ReadService.ListRelationTuples rpc. +// See ListRelationTuplesRequest_Query for more querying details. message ListRelationTuplesRequest { - // The filter to query for relation tuples. - // If none specified - // TODO RelationTuple listing and querying is a quite more involved task than only passing in a Query structure - // TODO e.g. filter by namespace, object, relation, subject, commit_time (create time) in combination with logical OR/AND operators - // TODO See https://google.aip.dev/160 - // TODO We should use an expression engine for evaluation and SQL query building - string filter = 1; - // The ordering of the queried relation tuples. - // TODO See https://google.aip.dev/132 - string order_by = 2; - // Optional. The least snapshot time of - // the used serverside data in the response. - bytes zookie = 3; - // Optional. The maximum number of RelationTuples to return in the response. + // The query for listing relation tuples. + // Clients can specify any optional field to + // partially filter for specific relation tuples. + // + // Example use cases: + // - object only: display a list of all rules of one object + // - relation only: get all groups that have members; e.g. get all directories that have content + // - object & relation: display all subjects that have e.g. write relation + // - subject & relation: display all groups a subject belongs to/display all objects a subject has access to + // - object & relation & subject: check whether the relation tuple already exists, before writing it + // + message Query { + // Optional. + Object object = 1; + // Optional. + string relation = 2; + // Optional. + Subject subject = 3; + } + // All field constraints are concatenated + // with a logical AND operator. + // An unspecified field specifies a `*` wildcard match. + Query query = 1; + // Optional. The list of fields to be expanded + // in the RelationTuple list returned in `ListRelationTuplesResponse`. + // Leaving this field unspecified means all fields are expanded. + // + // Available fields: + // "object", "relation", "subject", + // "object.namespace","object.id", + // "subject.id", "subject.set" + google.protobuf.FieldMask expand_mask = 2; + // Optional. The snapshot token for this read. + bytes snaptoken = 3; + // Optional. The maximum number of + // RelationTuples to return in the response. int32 page_size = 4; - // Optional. A pagination token returned from a previous call to `ListRelationTuples` - // that indicates where this listing should continue from. + // Optional. A pagination token returned from + // a previous call to `ListRelationTuples` that + // indicates where this listing should continue from. string page_token = 5; - } // The response of a ReadService.ListRelationTuples rpc. @@ -47,5 +72,9 @@ message ListRelationTuplesResponse { repeated RelationTuple relation_tuples = 1; // Optional. A pagination token returned from a previous call to `ListRelationTuples` // that indicates where this listing should continue from. + // + // All fields of the subsequent ListRelationTuplesRequest request + // using this `next_page_token` as the `page_token` are ignored and + // CAN be left blank, since the request's data is baked in this `next_page_token`. string next_page_token = 2; } \ No newline at end of file diff --git a/api/keto/acl/v1/watch_service.pb.go b/api/keto/acl/v1/watch_service.pb.go index 7fdb493ef..281b44a7c 100644 --- a/api/keto/acl/v1/watch_service.pb.go +++ b/api/keto/acl/v1/watch_service.pb.go @@ -126,14 +126,15 @@ var file_keto_acl_v1_watch_service_proto_rawDesc = []byte{ 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x30, 0x01, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, - 0x6d, 0x42, 0x6d, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, - 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x08, 0x41, 0x63, 0x6c, 0x50, 0x72, 0x6f, 0x74, - 0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, - 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, - 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, - 0x0f, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, - 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6d, 0x42, 0x76, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, + 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x11, 0x57, 0x61, 0x74, 0x63, 0x68, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, + 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, + 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, + 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, + 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, + 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, } var ( diff --git a/api/keto/acl/v1/write_service.pb.go b/api/keto/acl/v1/write_service.pb.go index 2e02d1a8f..9c042e84c 100644 --- a/api/keto/acl/v1/write_service.pb.go +++ b/api/keto/acl/v1/write_service.pb.go @@ -92,6 +92,7 @@ func (RelationTupleWriteDelta_Action) EnumDescriptor() ([]byte, []int) { return file_keto_acl_v1_write_service_proto_rawDescGZIP(), []int{1, 0} } +// The request of a WriteService.WriteRelationTuples rpc. type WriteRelationTuplesRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -145,6 +146,7 @@ func (x *WriteRelationTuplesRequest) GetRelationTupleDeltas() []*RelationTupleWr return nil } +// Write-delta for a WriteRelationTuplesRequest. type RelationTupleWriteDelta struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -193,10 +195,19 @@ func (x *RelationTupleWriteDelta) GetRelationTuple() *RelationTuple { return nil } +// The response of a WriteService.WriteRelationTuples rpc. type WriteRelationTuplesResponse struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields + + // The list of the new latest snapshot tokens of the affected RelationTuple, + // with the same index as specified in the `relation_tuple_deltas` field of + // the WriteRelationTuplesRequest request. + // + // The snaptoken is nil at the same index + // if the RelationTupleWriteDelta_Action was DELETE. + Snaptokens [][]byte `protobuf:"bytes,1,rep,name=snaptokens,proto3" json:"snaptokens,omitempty"` } func (x *WriteRelationTuplesResponse) Reset() { @@ -231,6 +242,13 @@ func (*WriteRelationTuplesResponse) Descriptor() ([]byte, []int) { return file_keto_acl_v1_write_service_proto_rawDescGZIP(), []int{2} } +func (x *WriteRelationTuplesResponse) GetSnaptokens() [][]byte { + if x != nil { + return x.Snaptokens + } + return nil +} + var File_keto_acl_v1_write_service_proto protoreflect.FileDescriptor var file_keto_acl_v1_write_service_proto_rawDesc = []byte{ @@ -258,9 +276,11 @@ var file_keto_acl_v1_write_service_proto_rawDesc = []byte{ 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x50, 0x53, 0x45, 0x52, 0x54, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x49, 0x4e, 0x53, 0x45, 0x52, 0x54, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x10, 0x03, 0x12, 0x0a, 0x0a, 0x06, 0x44, - 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x04, 0x22, 0x1d, 0x0a, 0x1b, 0x57, 0x72, 0x69, 0x74, 0x65, + 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x04, 0x22, 0x3d, 0x0a, 0x1b, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0x91, 0x01, 0x0a, 0x0c, 0x57, 0x72, 0x69, 0x74, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, + 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x0a, 0x73, 0x6e, 0x61, 0x70, + 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x32, 0x91, 0x01, 0x0a, 0x0c, 0x57, 0x72, 0x69, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x68, 0x0a, 0x13, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, 0x27, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x72, 0x69, @@ -269,15 +289,15 @@ var file_keto_acl_v1_write_service_proto_rawDesc = []byte{ 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, - 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, 0x6d, 0x0a, 0x12, 0x73, 0x68, + 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, 0x76, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, - 0x42, 0x08, 0x41, 0x63, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, - 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, - 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, - 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, - 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, - 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, + 0x42, 0x11, 0x57, 0x61, 0x74, 0x63, 0x68, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, + 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, + 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, + 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, + 0x0f, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, + 0xca, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, + 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/api/keto/acl/v1/write_service.proto b/api/keto/acl/v1/write_service.proto index d1890bc24..f39753dfb 100644 --- a/api/keto/acl/v1/write_service.proto +++ b/api/keto/acl/v1/write_service.proto @@ -19,6 +19,7 @@ service WriteService { rpc WriteRelationTuples(WriteRelationTuplesRequest) returns (WriteRelationTuplesResponse); } +// The request of a WriteService.WriteRelationTuples rpc. message WriteRelationTuplesRequest { // The write delta for the relation tuples operated in one single transaction. // Either all actions commit or no change takes effect on error. @@ -29,6 +30,7 @@ message WriteRelationTuplesRequest { repeated RelationTupleWriteDelta relation_tuple_deltas = 1; } +// Write-delta for a WriteRelationTuplesRequest. message RelationTupleWriteDelta { enum Action { // Unspecified. @@ -56,4 +58,13 @@ message RelationTupleWriteDelta { RelationTuple relation_tuple = 1; } -message WriteRelationTuplesResponse {} \ No newline at end of file +// The response of a WriteService.WriteRelationTuples rpc. +message WriteRelationTuplesResponse { + // The list of the new latest snapshot tokens of the affected RelationTuple, + // with the same index as specified in the `relation_tuple_deltas` field of + // the WriteRelationTuplesRequest request. + // + // The snaptoken is nil at the same index + // if the RelationTupleWriteDelta_Action was DELETE. + repeated bytes snaptokens = 1; +} \ No newline at end of file From 94c13478ec363ae68eeb2248865d4ad27f4e79e8 Mon Sep 17 00:00:00 2001 From: robinbraemer Date: Tue, 17 Nov 2020 12:54:01 +0100 Subject: [PATCH 08/21] update comments & remove ABAC --- api/keto/README.md | 10 ++-------- api/keto/abac/README.md | 2 -- api/keto/acl/v1/check_service.pb.go | 2 +- api/keto/acl/v1/check_service.proto | 2 +- api/keto/acl/v1/write_service.pb.go | 22 ++++++++++++++-------- api/keto/acl/v1/write_service.proto | 22 ++++++++++++++-------- api/keto/rbac/README.md | 2 +- 7 files changed, 33 insertions(+), 29 deletions(-) delete mode 100644 api/keto/abac/README.md diff --git a/api/keto/README.md b/api/keto/README.md index 2767f7ac9..9d683f9e8 100644 --- a/api/keto/README.md +++ b/api/keto/README.md @@ -6,21 +6,15 @@ to have breaking changes until the `v1.0.0` release of Keto! This directory contains the ProtoBuf & gRPC definitions for the Access Control APIs. - -This includes: -- ACL -- Soon: - - RBAC - - ABAC **ACL is the flexible and scalable "base system" -where all other access control schemes built upon.** +all other access control schemes built upon.** ## Directory layout ```shell script keto -└── acl / rbac / abac +└── acl / rbac / ...    ├── node    │   └── v1 - Intercommunication API (cluster internal)    ├── admin diff --git a/api/keto/abac/README.md b/api/keto/abac/README.md deleted file mode 100644 index 01b10d9b4..000000000 --- a/api/keto/abac/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# coming soon -Built upon [ACL](../acl). \ No newline at end of file diff --git a/api/keto/acl/v1/check_service.pb.go b/api/keto/acl/v1/check_service.pb.go index 08997d361..39f29e160 100644 --- a/api/keto/acl/v1/check_service.pb.go +++ b/api/keto/acl/v1/check_service.pb.go @@ -50,7 +50,7 @@ type CheckRequest struct { // - your application strictly requires to act on up-to-date data // - your application not yet has a snaptoken on the related data (e.g. user) // - // If the specified token is too old, the server tries to fallback and + // If the specified token is too old, the server falls back and tries to // find the best snapshot token to perform the check using least stale // ACLs that very likely already got replicated. // diff --git a/api/keto/acl/v1/check_service.proto b/api/keto/acl/v1/check_service.proto index 6ce24474c..36240c986 100644 --- a/api/keto/acl/v1/check_service.proto +++ b/api/keto/acl/v1/check_service.proto @@ -40,7 +40,7 @@ message CheckRequest { // - your application strictly requires to act on up-to-date data // - your application not yet has a snaptoken on the related data (e.g. user) // - // If the specified token is too old, the server tries to fallback and + // If the specified token is too old, the server falls back and tries to // find the best snapshot token to perform the check using least stale // ACLs that very likely already got replicated. // diff --git a/api/keto/acl/v1/write_service.pb.go b/api/keto/acl/v1/write_service.pb.go index 9c042e84c..3e695d74e 100644 --- a/api/keto/acl/v1/write_service.pb.go +++ b/api/keto/acl/v1/write_service.pb.go @@ -31,19 +31,25 @@ type RelationTupleWriteDelta_Action int32 const ( // Unspecified. // The `WriteRelationTuples` rpc ignores this - // RelationTupleWriteDelta if no action is specified. + // RelationTupleWriteDelta if an action unspecified. RelationTupleWriteDelta_ACTION_UNSPECIFIED RelationTupleWriteDelta_Action = 0 - // Insertion or if already exists, update of the RelationTuple. + // Like INSERT with the exception that if the RelationTuple + // already exists performs an UPDATE instead. RelationTupleWriteDelta_UPSERT RelationTupleWriteDelta_Action = 1 - // Insertion of the RelationTuple. - // The `WriteRelationTuples` rpc errors if the RelationTuple already exists. + // Insertion of a new RelationTuple. + // + // The `WriteRelationTuples` rpc errors if the + // specified RelationTuple already exists. RelationTupleWriteDelta_INSERT RelationTupleWriteDelta_Action = 2 - // Update of the existing RelationTuple. - // The `WriteRelationTuples` rpc errors if the RelationTuple does not exist. + // Update of the existing RelationTuple with + // the intend to refresh its snapshot token. + // + // The `WriteRelationTuples` rpc errors if the + // specified RelationTuple was not found. RelationTupleWriteDelta_UPDATE RelationTupleWriteDelta_Action = 3 // Deletion of the RelationTuple. - // The `WriteRelationTuples` rpc is silent and does not error in case - // the RelationTuple does not exist. + // The `WriteRelationTuples` rpc returns NO error + // if the specified RelationTuple was not found. RelationTupleWriteDelta_DELETE RelationTupleWriteDelta_Action = 4 ) diff --git a/api/keto/acl/v1/write_service.proto b/api/keto/acl/v1/write_service.proto index f39753dfb..1a8e42fd6 100644 --- a/api/keto/acl/v1/write_service.proto +++ b/api/keto/acl/v1/write_service.proto @@ -35,23 +35,29 @@ message RelationTupleWriteDelta { enum Action { // Unspecified. // The `WriteRelationTuples` rpc ignores this - // RelationTupleWriteDelta if no action is specified. + // RelationTupleWriteDelta if an action unspecified. ACTION_UNSPECIFIED = 0; - // Insertion or if already exists, update of the RelationTuple. + // Like INSERT with the exception that if the RelationTuple + // already exists performs an UPDATE instead. UPSERT = 1; - // Insertion of the RelationTuple. - // The `WriteRelationTuples` rpc errors if the RelationTuple already exists. + // Insertion of a new RelationTuple. + // + // The `WriteRelationTuples` rpc errors if the + // specified RelationTuple already exists. INSERT = 2; - // Update of the existing RelationTuple. - // The `WriteRelationTuples` rpc errors if the RelationTuple does not exist. + // Update of the existing RelationTuple with + // the intend to refresh its snapshot token. + // + // The `WriteRelationTuples` rpc errors if the + // specified RelationTuple was not found. UPDATE = 3; // Deletion of the RelationTuple. - // The `WriteRelationTuples` rpc is silent and does not error in case - // the RelationTuple does not exist. + // The `WriteRelationTuples` rpc returns NO error + // if the specified RelationTuple was not found. DELETE = 4; } // The target RelationTuple. diff --git a/api/keto/rbac/README.md b/api/keto/rbac/README.md index 01b10d9b4..028d95b5f 100644 --- a/api/keto/rbac/README.md +++ b/api/keto/rbac/README.md @@ -1,2 +1,2 @@ -# coming soon +# Maybe coming soon Built upon [ACL](../acl). \ No newline at end of file From ae750db7ac339a4d67e3d1f2be1977122fc1381d Mon Sep 17 00:00:00 2001 From: robinbraemer Date: Tue, 17 Nov 2020 12:55:00 +0100 Subject: [PATCH 09/21] fix comment --- api/keto/acl/v1/write_service.proto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/keto/acl/v1/write_service.proto b/api/keto/acl/v1/write_service.proto index 1a8e42fd6..ee74a3e8b 100644 --- a/api/keto/acl/v1/write_service.proto +++ b/api/keto/acl/v1/write_service.proto @@ -35,7 +35,7 @@ message RelationTupleWriteDelta { enum Action { // Unspecified. // The `WriteRelationTuples` rpc ignores this - // RelationTupleWriteDelta if an action unspecified. + // RelationTupleWriteDelta if an action was unspecified. ACTION_UNSPECIFIED = 0; // Like INSERT with the exception that if the RelationTuple From 2e756f47e46e8990773d0c890eb7584ce2a7957c Mon Sep 17 00:00:00 2001 From: robinbraemer Date: Tue, 17 Nov 2020 16:30:15 +0100 Subject: [PATCH 10/21] remove google proto --- api/google/api/client.pb.go | 218 ---------------------- api/google/api/client.proto | 99 ---------- api/keto/acl/admin/v1/admin_service.pb.go | 28 ++- api/keto/acl/admin/v1/admin_service.proto | 4 - api/keto/acl/v1/check_service.pb.go | 60 +++--- api/keto/acl/v1/check_service.proto | 2 - api/keto/acl/v1/read_service.pb.go | 104 +++++------ api/keto/acl/v1/read_service.proto | 2 - api/keto/acl/v1/watch_service.pb.go | 45 ++--- api/keto/acl/v1/watch_service.proto | 2 - api/keto/acl/v1/write_service.pb.go | 84 ++++----- api/keto/acl/v1/write_service.proto | 2 - 12 files changed, 150 insertions(+), 500 deletions(-) delete mode 100644 api/google/api/client.pb.go delete mode 100644 api/google/api/client.proto diff --git a/api/google/api/client.pb.go b/api/google/api/client.pb.go deleted file mode 100644 index e7928010b..000000000 --- a/api/google/api/client.pb.go +++ /dev/null @@ -1,218 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.25.0 -// protoc v3.13.0 -// source: google/api/client.proto - -package annotations - -import ( - proto "github.com/golang/protobuf/proto" - descriptor "github.com/golang/protobuf/protoc-gen-go/descriptor" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// This is a compile-time assertion that a sufficiently up-to-date version -// of the legacy proto package is being used. -const _ = proto.ProtoPackageIsVersion4 - -var file_google_api_client_proto_extTypes = []protoimpl.ExtensionInfo{ - { - ExtendedType: (*descriptor.MethodOptions)(nil), - ExtensionType: ([]string)(nil), - Field: 1051, - Name: "google.api.method_signature", - Tag: "bytes,1051,rep,name=method_signature", - Filename: "google/api/client.proto", - }, - { - ExtendedType: (*descriptor.ServiceOptions)(nil), - ExtensionType: (*string)(nil), - Field: 1049, - Name: "google.api.default_host", - Tag: "bytes,1049,opt,name=default_host", - Filename: "google/api/client.proto", - }, - { - ExtendedType: (*descriptor.ServiceOptions)(nil), - ExtensionType: (*string)(nil), - Field: 1050, - Name: "google.api.oauth_scopes", - Tag: "bytes,1050,opt,name=oauth_scopes", - Filename: "google/api/client.proto", - }, -} - -// Extension fields to descriptor.MethodOptions. -var ( - // A definition of a client library method signature. - // - // In client libraries, each proto RPC corresponds to one or more methods - // which the end user is able to call, and calls the underlying RPC. - // Normally, this method receives a single argument (a struct or instance - // corresponding to the RPC request object). Defining this field will - // add one or more overloads providing flattened or simpler method signatures - // in some languages. - // - // The fields on the method signature are provided as a comma-separated - // string. - // - // For example, the proto RPC and annotation: - // - // rpc CreateSubscription(CreateSubscriptionRequest) - // returns (Subscription) { - // option (google.api.method_signature) = "name,topic"; - // } - // - // Would add the following Java overload (in addition to the method accepting - // the request object): - // - // public final Subscription createSubscription(String name, String topic) - // - // The following backwards-compatibility guidelines apply: - // - // * Adding this annotation to an unannotated method is backwards - // compatible. - // * Adding this annotation to a method which already has existing - // method signature annotations is backwards compatible if and only if - // the new method signature annotation is last in the sequence. - // * Modifying or removing an existing method signature annotation is - // a breaking change. - // * Re-ordering existing method signature annotations is a breaking - // change. - // - // repeated string method_signature = 1051; - E_MethodSignature = &file_google_api_client_proto_extTypes[0] -) - -// Extension fields to descriptor.ServiceOptions. -var ( - // The hostname for this service. - // This should be specified with no prefix or protocol. - // - // Example: - // - // service Foo { - // option (google.api.default_host) = "foo.googleapi.com"; - // ... - // } - // - // optional string default_host = 1049; - E_DefaultHost = &file_google_api_client_proto_extTypes[1] - // OAuth scopes needed for the client. - // - // Example: - // - // service Foo { - // option (google.api.oauth_scopes) = \ - // "https://www.googleapis.com/auth/cloud-platform"; - // ... - // } - // - // If there is more than one scope, use a comma-separated string: - // - // Example: - // - // service Foo { - // option (google.api.oauth_scopes) = \ - // "https://www.googleapis.com/auth/cloud-platform," - // "https://www.googleapis.com/auth/monitoring"; - // ... - // } - // - // optional string oauth_scopes = 1050; - E_OauthScopes = &file_google_api_client_proto_extTypes[2] -) - -var File_google_api_client_proto protoreflect.FileDescriptor - -var file_google_api_client_proto_rawDesc = []byte{ - 0x0a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0a, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x61, 0x70, 0x69, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, - 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x3a, 0x4a, 0x0a, 0x10, 0x6d, 0x65, 0x74, 0x68, 0x6f, - 0x64, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x12, 0x1e, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, - 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9b, 0x08, 0x20, 0x03, - 0x28, 0x09, 0x52, 0x0f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, - 0x75, 0x72, 0x65, 0x3a, 0x43, 0x0a, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x68, - 0x6f, 0x73, 0x74, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x99, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x66, - 0x61, 0x75, 0x6c, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x3a, 0x43, 0x0a, 0x0c, 0x6f, 0x61, 0x75, 0x74, - 0x68, 0x5f, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9a, 0x08, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0b, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x42, 0x69, 0x0a, - 0x0e, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x42, - 0x0b, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x41, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, - 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x3b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x73, 0xa2, 0x02, 0x04, 0x47, 0x41, 0x50, 0x49, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var file_google_api_client_proto_goTypes = []interface{}{ - (*descriptor.MethodOptions)(nil), // 0: google.protobuf.MethodOptions - (*descriptor.ServiceOptions)(nil), // 1: google.protobuf.ServiceOptions -} -var file_google_api_client_proto_depIdxs = []int32{ - 0, // 0: google.api.method_signature:extendee -> google.protobuf.MethodOptions - 1, // 1: google.api.default_host:extendee -> google.protobuf.ServiceOptions - 1, // 2: google.api.oauth_scopes:extendee -> google.protobuf.ServiceOptions - 3, // [3:3] is the sub-list for method output_type - 3, // [3:3] is the sub-list for method input_type - 3, // [3:3] is the sub-list for extension type_name - 0, // [0:3] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_google_api_client_proto_init() } -func file_google_api_client_proto_init() { - if File_google_api_client_proto != nil { - return - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_google_api_client_proto_rawDesc, - NumEnums: 0, - NumMessages: 0, - NumExtensions: 3, - NumServices: 0, - }, - GoTypes: file_google_api_client_proto_goTypes, - DependencyIndexes: file_google_api_client_proto_depIdxs, - ExtensionInfos: file_google_api_client_proto_extTypes, - }.Build() - File_google_api_client_proto = out.File - file_google_api_client_proto_rawDesc = nil - file_google_api_client_proto_goTypes = nil - file_google_api_client_proto_depIdxs = nil -} diff --git a/api/google/api/client.proto b/api/google/api/client.proto deleted file mode 100644 index 7baa4457d..000000000 --- a/api/google/api/client.proto +++ /dev/null @@ -1,99 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.api; - -import "google/protobuf/descriptor.proto"; - -option go_package = "google.golang.org/genproto/googleapis/api/annotations;annotations"; -option java_multiple_files = true; -option java_outer_classname = "ClientProto"; -option java_package = "com.google.api"; -option objc_class_prefix = "GAPI"; - -extend google.protobuf.MethodOptions { - // A definition of a client library method signature. - // - // In client libraries, each proto RPC corresponds to one or more methods - // which the end user is able to call, and calls the underlying RPC. - // Normally, this method receives a single argument (a struct or instance - // corresponding to the RPC request object). Defining this field will - // add one or more overloads providing flattened or simpler method signatures - // in some languages. - // - // The fields on the method signature are provided as a comma-separated - // string. - // - // For example, the proto RPC and annotation: - // - // rpc CreateSubscription(CreateSubscriptionRequest) - // returns (Subscription) { - // option (google.api.method_signature) = "name,topic"; - // } - // - // Would add the following Java overload (in addition to the method accepting - // the request object): - // - // public final Subscription createSubscription(String name, String topic) - // - // The following backwards-compatibility guidelines apply: - // - // * Adding this annotation to an unannotated method is backwards - // compatible. - // * Adding this annotation to a method which already has existing - // method signature annotations is backwards compatible if and only if - // the new method signature annotation is last in the sequence. - // * Modifying or removing an existing method signature annotation is - // a breaking change. - // * Re-ordering existing method signature annotations is a breaking - // change. - repeated string method_signature = 1051; -} - -extend google.protobuf.ServiceOptions { - // The hostname for this service. - // This should be specified with no prefix or protocol. - // - // Example: - // - // service Foo { - // option (google.api.default_host) = "foo.googleapi.com"; - // ... - // } - string default_host = 1049; - - // OAuth scopes needed for the client. - // - // Example: - // - // service Foo { - // option (google.api.oauth_scopes) = \ - // "https://www.googleapis.com/auth/cloud-platform"; - // ... - // } - // - // If there is more than one scope, use a comma-separated string: - // - // Example: - // - // service Foo { - // option (google.api.oauth_scopes) = \ - // "https://www.googleapis.com/auth/cloud-platform," - // "https://www.googleapis.com/auth/monitoring"; - // ... - // } - string oauth_scopes = 1050; -} \ No newline at end of file diff --git a/api/keto/acl/admin/v1/admin_service.pb.go b/api/keto/acl/admin/v1/admin_service.pb.go index 950cd2fe4..ce01badc6 100644 --- a/api/keto/acl/admin/v1/admin_service.pb.go +++ b/api/keto/acl/admin/v1/admin_service.pb.go @@ -8,7 +8,6 @@ package admin import ( proto "github.com/golang/protobuf/proto" - _ "google.golang.org/genproto/googleapis/api/annotations" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" @@ -31,21 +30,18 @@ var file_keto_acl_admin_v1_admin_service_proto_rawDesc = []byte{ 0x0a, 0x25, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x11, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, - 0x6c, 0x2e, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x76, 0x31, 0x1a, 0x17, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x32, 0x27, 0x0a, 0x0c, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, - 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, 0x90, 0x01, 0x0a, - 0x18, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, - 0x2e, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x76, 0x31, 0x42, 0x11, 0x41, 0x64, 0x6d, 0x69, 0x6e, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2f, - 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, - 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, - 0x2f, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0xaa, - 0x02, 0x15, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x41, - 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, - 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x5c, 0x56, 0x31, 0x62, - 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6c, 0x2e, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x76, 0x31, 0x32, 0x0e, 0x0a, 0x0c, 0x41, 0x64, + 0x6d, 0x69, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x42, 0x90, 0x01, 0x0a, 0x18, 0x73, + 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x61, + 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x76, 0x31, 0x42, 0x11, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2f, 0x67, 0x69, + 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, + 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x61, + 0x64, 0x6d, 0x69, 0x6e, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0xaa, 0x02, 0x15, + 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x41, 0x64, 0x6d, + 0x69, 0x6e, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, + 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, } var file_keto_acl_admin_v1_admin_service_proto_goTypes = []interface{}{} diff --git a/api/keto/acl/admin/v1/admin_service.proto b/api/keto/acl/admin/v1/admin_service.proto index 61e0409ec..5cf8218de 100644 --- a/api/keto/acl/admin/v1/admin_service.proto +++ b/api/keto/acl/admin/v1/admin_service.proto @@ -2,8 +2,6 @@ syntax = "proto3"; package keto.acl.admin.v1; -import "google/api/client.proto"; - option go_package = "github.com/ory/keto/api/keto/acl/admin/v1;admin"; option csharp_namespace = "Ory.Keto.Acl.Admin.V1"; option java_multiple_files = true; @@ -13,8 +11,6 @@ option php_namespace = "Ory\\Keto\\Acl\\Admin\\V1"; // The admin service for doing administrative tasks in the ACL system. service AdminService { - option (google.api.default_host) = "keto.exampleapis.com"; - // ...RPCs are coming here in (near) future... } diff --git a/api/keto/acl/v1/check_service.pb.go b/api/keto/acl/v1/check_service.pb.go index 39f29e160..96c6414f7 100644 --- a/api/keto/acl/v1/check_service.pb.go +++ b/api/keto/acl/v1/check_service.pb.go @@ -8,7 +8,6 @@ package acl import ( proto "github.com/golang/protobuf/proto" - _ "google.golang.org/genproto/googleapis/api/annotations" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" @@ -197,37 +196,34 @@ var file_keto_acl_v1_check_service_proto_rawDesc = []byte{ 0x65, 0x63, 0x6b, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0b, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x1a, 0x15, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x63, 0x6c, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, - 0x69, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x94, - 0x01, 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, - 0x2b, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x13, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, - 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, - 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, - 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x75, 0x62, 0x6a, - 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x75, - 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, - 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, - 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x47, 0x0a, 0x0d, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, - 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, - 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x32, 0x67, - 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x3e, - 0x0a, 0x05, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x19, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, - 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, - 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, - 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, - 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, 0x76, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, - 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x11, 0x43, - 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, - 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, - 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, - 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, - 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, - 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, - 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x94, 0x01, 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2b, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, + 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, + 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, + 0x1d, 0x0a, 0x0a, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x1c, + 0x0a, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x0c, 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x47, 0x0a, 0x0d, + 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, + 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, + 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, + 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, + 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x32, 0x4e, 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x3e, 0x0a, 0x05, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x19, + 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x68, 0x65, + 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, + 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x76, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, + 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x11, 0x43, 0x68, 0x65, + 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, + 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, + 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, + 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x2e, + 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, 0x4f, 0x72, + 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/api/keto/acl/v1/check_service.proto b/api/keto/acl/v1/check_service.proto index 36240c986..45faf1a6d 100644 --- a/api/keto/acl/v1/check_service.proto +++ b/api/keto/acl/v1/check_service.proto @@ -3,7 +3,6 @@ syntax = "proto3"; package keto.acl.v1; import "keto/acl/v1/acl.proto"; -import "google/api/client.proto"; option go_package = "github.com/ory/keto/api/keto/acl/v1;acl"; option csharp_namespace = "Ory.Keto.Acl.V1"; @@ -15,7 +14,6 @@ option php_namespace = "Ory\\Keto\\Acl\\V1"; // The service that performs authorization checks // based on the stored Access Control Lists. service CheckService { - option (google.api.default_host) = "keto.exampleapis.com"; // Check performs an authorization check. rpc Check(CheckRequest) returns (CheckResponse); } diff --git a/api/keto/acl/v1/read_service.pb.go b/api/keto/acl/v1/read_service.pb.go index b169ebcbf..554c33406 100644 --- a/api/keto/acl/v1/read_service.pb.go +++ b/api/keto/acl/v1/read_service.pb.go @@ -8,7 +8,6 @@ package acl import ( proto "github.com/golang/protobuf/proto" - _ "google.golang.org/genproto/googleapis/api/annotations" field_mask "google.golang.org/genproto/protobuf/field_mask" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" @@ -272,60 +271,57 @@ var file_keto_acl_v1_read_service_proto_rawDesc = []byte{ 0x61, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0b, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x1a, 0x15, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x63, 0x6c, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, - 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x66, - 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0xf9, 0x02, 0x0a, 0x19, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x42, 0x0a, - 0x05, 0x71, 0x75, 0x65, 0x72, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x6b, - 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, + 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x6d, 0x61, 0x73, 0x6b, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf9, 0x02, 0x0a, 0x19, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x05, 0x71, 0x75, 0x65, 0x72, - 0x79, 0x12, 0x3b, 0x0a, 0x0b, 0x65, 0x78, 0x70, 0x61, 0x6e, 0x64, 0x5f, 0x6d, 0x61, 0x73, 0x6b, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4d, 0x61, - 0x73, 0x6b, 0x52, 0x0a, 0x65, 0x78, 0x70, 0x61, 0x6e, 0x64, 0x4d, 0x61, 0x73, 0x6b, 0x12, 0x1c, - 0x0a, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1b, 0x0a, 0x09, - 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, - 0x08, 0x70, 0x61, 0x67, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x67, - 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, - 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x1a, 0x80, 0x01, 0x0a, 0x05, 0x51, 0x75, 0x65, - 0x72, 0x79, 0x12, 0x2b, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, - 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, - 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2e, 0x0a, 0x07, 0x73, - 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6b, - 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, - 0x63, 0x74, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x22, 0x89, 0x01, 0x0a, 0x1a, - 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, - 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x43, 0x0a, 0x0f, 0x72, 0x65, - 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, - 0x31, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x52, - 0x0e, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, - 0x26, 0x0a, 0x0f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, - 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6e, 0x65, 0x78, 0x74, 0x50, 0x61, - 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x32, 0x8d, 0x01, 0x0a, 0x0b, 0x52, 0x65, 0x61, 0x64, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x65, 0x0a, 0x12, 0x4c, 0x69, 0x73, 0x74, 0x52, - 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, 0x26, 0x2e, - 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, - 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, - 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x17, - 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, - 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, 0x75, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, - 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x10, 0x52, - 0x65, 0x61, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, - 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, - 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, - 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, 0x79, - 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, 0x4f, - 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x75, 0x65, 0x73, 0x74, 0x12, 0x42, 0x0a, 0x05, 0x71, 0x75, 0x65, 0x72, 0x79, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, + 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, + 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x51, 0x75, 0x65, 0x72, + 0x79, 0x52, 0x05, 0x71, 0x75, 0x65, 0x72, 0x79, 0x12, 0x3b, 0x0a, 0x0b, 0x65, 0x78, 0x70, 0x61, + 0x6e, 0x64, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4d, 0x61, 0x73, 0x6b, 0x52, 0x0a, 0x65, 0x78, 0x70, 0x61, 0x6e, + 0x64, 0x4d, 0x61, 0x73, 0x6b, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, + 0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, + 0x6b, 0x65, 0x6e, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x70, 0x61, 0x67, 0x65, 0x53, 0x69, 0x7a, 0x65, + 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x1a, + 0x80, 0x01, 0x0a, 0x05, 0x51, 0x75, 0x65, 0x72, 0x79, 0x12, 0x2b, 0x0a, 0x06, 0x6f, 0x62, 0x6a, + 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x6b, 0x65, 0x74, 0x6f, + 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, + 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x12, 0x2e, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, + 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, + 0x63, 0x74, 0x22, 0x89, 0x01, 0x0a, 0x1a, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x12, 0x43, 0x0a, 0x0f, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, + 0x70, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, + 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x52, 0x0e, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x70, + 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0d, 0x6e, 0x65, 0x78, 0x74, 0x50, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x32, 0x74, + 0x0a, 0x0b, 0x52, 0x65, 0x61, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x65, 0x0a, + 0x12, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, + 0x6c, 0x65, 0x73, 0x12, 0x26, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, + 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, + 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, 0x6b, 0x65, + 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, + 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x75, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, + 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x10, 0x52, 0x65, 0x61, 0x64, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27, + 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, + 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, + 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, + 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x5c, + 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x33, } var ( diff --git a/api/keto/acl/v1/read_service.proto b/api/keto/acl/v1/read_service.proto index 7618bc85c..cdf6f622b 100644 --- a/api/keto/acl/v1/read_service.proto +++ b/api/keto/acl/v1/read_service.proto @@ -3,7 +3,6 @@ syntax = "proto3"; package keto.acl.v1; import "keto/acl/v1/acl.proto"; -import "google/api/client.proto"; import "google/protobuf/field_mask.proto"; option go_package = "github.com/ory/keto/api/keto/acl/v1;acl"; @@ -15,7 +14,6 @@ option php_namespace = "Ory\\Keto\\Acl\\V1"; // The service to query Access Control Lists. service ReadService { - option (google.api.default_host) = "keto.exampleapis.com"; // Lists ACL relation tuples. rpc ListRelationTuples(ListRelationTuplesRequest) returns (ListRelationTuplesResponse); } diff --git a/api/keto/acl/v1/watch_service.pb.go b/api/keto/acl/v1/watch_service.pb.go index 281b44a7c..13adf4b5c 100644 --- a/api/keto/acl/v1/watch_service.pb.go +++ b/api/keto/acl/v1/watch_service.pb.go @@ -8,7 +8,6 @@ package acl import ( proto "github.com/golang/protobuf/proto" - _ "google.golang.org/genproto/googleapis/api/annotations" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" @@ -111,30 +110,26 @@ var file_keto_acl_v1_watch_service_proto_rawDesc = []byte{ 0x74, 0x63, 0x68, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0b, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x1a, 0x15, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x63, 0x6c, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, - 0x69, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x1c, - 0x0a, 0x1a, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, - 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x1d, 0x0a, 0x1b, - 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, - 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0x93, 0x01, 0x0a, 0x0c, - 0x57, 0x61, 0x74, 0x63, 0x68, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x6a, 0x0a, 0x13, - 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, - 0x6c, 0x65, 0x73, 0x12, 0x27, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, - 0x31, 0x2e, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, - 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x6b, - 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x61, 0x74, 0x63, 0x68, - 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x30, 0x01, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, - 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, - 0x6d, 0x42, 0x76, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, - 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x11, 0x57, 0x61, 0x74, 0x63, 0x68, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, - 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, - 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, - 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, - 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, - 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x1c, 0x0a, 0x1a, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, + 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x22, 0x1d, 0x0a, 0x1b, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x6c, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x32, 0x7a, 0x0a, 0x0c, 0x57, 0x61, 0x74, 0x63, 0x68, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x12, 0x6a, 0x0a, 0x13, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x6c, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, 0x27, 0x2e, 0x6b, 0x65, 0x74, 0x6f, + 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x6c, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, + 0x2e, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, + 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x30, 0x01, 0x42, 0x76, + 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, + 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x11, 0x57, 0x61, 0x74, 0x63, 0x68, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, + 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, + 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, + 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, + 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, + 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/api/keto/acl/v1/watch_service.proto b/api/keto/acl/v1/watch_service.proto index 2bb199f0b..aa5bb4ab3 100644 --- a/api/keto/acl/v1/watch_service.proto +++ b/api/keto/acl/v1/watch_service.proto @@ -3,7 +3,6 @@ syntax = "proto3"; package keto.acl.v1; import "keto/acl/v1/acl.proto"; -import "google/api/client.proto"; option go_package = "github.com/ory/keto/api/keto/acl/v1;acl"; option csharp_namespace = "Ory.Keto.Acl.V1"; @@ -15,7 +14,6 @@ option php_namespace = "Ory\\Keto\\Acl\\V1"; // The service to watch for changes in the system, // such as for Access Control Lists and namespace configs. service WatchService { - option (google.api.default_host) = "keto.exampleapis.com"; // Watches and filters for changes in the ACL system. rpc WatchRelationTuples(WatchRelationTuplesRequest) returns (stream WatchRelationTuplesResponse); } diff --git a/api/keto/acl/v1/write_service.pb.go b/api/keto/acl/v1/write_service.pb.go index 3e695d74e..b60129ceb 100644 --- a/api/keto/acl/v1/write_service.pb.go +++ b/api/keto/acl/v1/write_service.pb.go @@ -8,7 +8,6 @@ package acl import ( proto "github.com/golang/protobuf/proto" - _ "google.golang.org/genproto/googleapis/api/annotations" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" @@ -31,7 +30,7 @@ type RelationTupleWriteDelta_Action int32 const ( // Unspecified. // The `WriteRelationTuples` rpc ignores this - // RelationTupleWriteDelta if an action unspecified. + // RelationTupleWriteDelta if an action was unspecified. RelationTupleWriteDelta_ACTION_UNSPECIFIED RelationTupleWriteDelta_Action = 0 // Like INSERT with the exception that if the RelationTuple // already exists performs an UPDATE instead. @@ -262,48 +261,45 @@ var file_keto_acl_v1_write_service_proto_rawDesc = []byte{ 0x69, 0x74, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0b, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x1a, 0x15, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x63, 0x6c, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, - 0x69, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x76, - 0x0a, 0x1a, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, - 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x58, 0x0a, 0x15, - 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x5f, 0x64, - 0x65, 0x6c, 0x74, 0x61, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x6b, 0x65, - 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x57, 0x72, 0x69, 0x74, 0x65, 0x44, 0x65, 0x6c, 0x74, - 0x61, 0x52, 0x13, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, - 0x44, 0x65, 0x6c, 0x74, 0x61, 0x73, 0x22, 0xae, 0x01, 0x0a, 0x17, 0x52, 0x65, 0x6c, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x57, 0x72, 0x69, 0x74, 0x65, 0x44, 0x65, 0x6c, - 0x74, 0x61, 0x12, 0x41, 0x0a, 0x0e, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, - 0x75, 0x70, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, - 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x52, 0x0d, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x54, 0x75, 0x70, 0x6c, 0x65, 0x22, 0x50, 0x0a, 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, - 0x16, 0x0a, 0x12, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, - 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x50, 0x53, 0x45, 0x52, - 0x54, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x49, 0x4e, 0x53, 0x45, 0x52, 0x54, 0x10, 0x02, 0x12, - 0x0a, 0x0a, 0x06, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x10, 0x03, 0x12, 0x0a, 0x0a, 0x06, 0x44, - 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x04, 0x22, 0x3d, 0x0a, 0x1b, 0x57, 0x72, 0x69, 0x74, 0x65, - 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, - 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x0a, 0x73, 0x6e, 0x61, 0x70, - 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x32, 0x91, 0x01, 0x0a, 0x0c, 0x57, 0x72, 0x69, 0x74, 0x65, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x68, 0x0a, 0x13, 0x57, 0x72, 0x69, 0x74, 0x65, - 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, 0x27, - 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x72, 0x69, - 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, - 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x1a, 0x17, 0xca, 0x41, 0x14, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, - 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, 0x76, 0x0a, 0x12, 0x73, 0x68, - 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, - 0x42, 0x11, 0x57, 0x61, 0x74, 0x63, 0x68, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, - 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, - 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, - 0x0f, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, - 0xca, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, - 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x76, 0x0a, 0x1a, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, + 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x12, 0x58, 0x0a, 0x15, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, + 0x74, 0x75, 0x70, 0x6c, 0x65, 0x5f, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x73, 0x18, 0x01, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, + 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x57, 0x72, + 0x69, 0x74, 0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x52, 0x13, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x73, 0x22, 0xae, 0x01, + 0x0a, 0x17, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x57, + 0x72, 0x69, 0x74, 0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x12, 0x41, 0x0a, 0x0e, 0x72, 0x65, 0x6c, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, + 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x52, 0x0d, 0x72, + 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x22, 0x50, 0x0a, 0x06, + 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, + 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0a, + 0x0a, 0x06, 0x55, 0x50, 0x53, 0x45, 0x52, 0x54, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x49, 0x4e, + 0x53, 0x45, 0x52, 0x54, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, + 0x10, 0x03, 0x12, 0x0a, 0x0a, 0x06, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x04, 0x22, 0x3d, + 0x0a, 0x1b, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, + 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1e, 0x0a, + 0x0a, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, + 0x0c, 0x52, 0x0a, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x32, 0x78, 0x0a, + 0x0c, 0x57, 0x72, 0x69, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x68, 0x0a, + 0x13, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, + 0x70, 0x6c, 0x65, 0x73, 0x12, 0x27, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, + 0x76, 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, + 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, + 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x76, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, + 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x11, 0x57, + 0x61, 0x74, 0x63, 0x68, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, + 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, + 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, + 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, + 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, + 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/api/keto/acl/v1/write_service.proto b/api/keto/acl/v1/write_service.proto index ee74a3e8b..c3014c23b 100644 --- a/api/keto/acl/v1/write_service.proto +++ b/api/keto/acl/v1/write_service.proto @@ -3,7 +3,6 @@ syntax = "proto3"; package keto.acl.v1; import "keto/acl/v1/acl.proto"; -import "google/api/client.proto"; option go_package = "github.com/ory/keto/api/keto/acl/v1;acl"; option csharp_namespace = "Ory.Keto.Acl.V1"; @@ -14,7 +13,6 @@ option php_namespace = "Ory\\Keto\\Acl\\V1"; // The write service to create and delete Access Control Lists. service WriteService { - option (google.api.default_host) = "keto.exampleapis.com"; // Writes one or more relation tuples in a single transaction. rpc WriteRelationTuples(WriteRelationTuplesRequest) returns (WriteRelationTuplesResponse); } From d2cd210ba1336ddacb331848dbd3710a76674cf9 Mon Sep 17 00:00:00 2001 From: robinbraemer Date: Tue, 17 Nov 2020 16:30:28 +0100 Subject: [PATCH 11/21] add new line --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 92eebd633..fbc829877 100644 --- a/Makefile +++ b/Makefile @@ -91,4 +91,4 @@ buf-lint: # Generate after linting succeeded # .PHONY: buf -buf: buf-lint buf-gen \ No newline at end of file +buf: buf-lint buf-gen From 4d2c847bacf8e7fee35dadfcd7faf3de454d5e80 Mon Sep 17 00:00:00 2001 From: robinbraemer Date: Tue, 17 Nov 2020 18:05:49 +0100 Subject: [PATCH 12/21] move v1 to v1alpha1 --- api/keto/README.md | 10 +- api/keto/acl/admin/v1/admin_service.pb.go | 78 --- api/keto/acl/admin/v1/admin_service.proto | 16 - .../acl/admin/v1/admin_service_grpc.pb.go | 54 -- .../acl/admin/v1alpha1/admin_service.proto | 16 + api/keto/acl/node/v1/node_service.pb.go | 77 --- api/keto/acl/node/v1/node_service_grpc.pb.go | 54 -- .../node/{v1 => v1alpha1}/node_service.proto | 10 +- api/keto/acl/v1/acl.pb.go | 465 ------------------ api/keto/acl/v1/check_service.pb.go | 308 ------------ api/keto/acl/v1/check_service_grpc.pb.go | 97 ---- api/keto/acl/v1/read_service.pb.go | 426 ---------------- api/keto/acl/v1/read_service_grpc.pb.go | 97 ---- api/keto/acl/v1/watch_service.pb.go | 212 -------- api/keto/acl/v1/watch_service_grpc.pb.go | 124 ----- api/keto/acl/v1/write_service.pb.go | 401 --------------- api/keto/acl/v1/write_service_grpc.pb.go | 97 ---- api/keto/acl/{v1 => v1alpha1}/acl.proto | 10 +- .../acl/{v1 => v1alpha1}/check_service.proto | 20 +- .../acl/{v1 => v1alpha1}/read_service.proto | 12 +- .../acl/{v1 => v1alpha1}/watch_service.proto | 12 +- .../acl/{v1 => v1alpha1}/write_service.proto | 12 +- 22 files changed, 61 insertions(+), 2547 deletions(-) delete mode 100644 api/keto/acl/admin/v1/admin_service.pb.go delete mode 100644 api/keto/acl/admin/v1/admin_service.proto delete mode 100644 api/keto/acl/admin/v1/admin_service_grpc.pb.go create mode 100644 api/keto/acl/admin/v1alpha1/admin_service.proto delete mode 100644 api/keto/acl/node/v1/node_service.pb.go delete mode 100644 api/keto/acl/node/v1/node_service_grpc.pb.go rename api/keto/acl/node/{v1 => v1alpha1}/node_service.proto (75%) delete mode 100644 api/keto/acl/v1/acl.pb.go delete mode 100644 api/keto/acl/v1/check_service.pb.go delete mode 100644 api/keto/acl/v1/check_service_grpc.pb.go delete mode 100644 api/keto/acl/v1/read_service.pb.go delete mode 100644 api/keto/acl/v1/read_service_grpc.pb.go delete mode 100644 api/keto/acl/v1/watch_service.pb.go delete mode 100644 api/keto/acl/v1/watch_service_grpc.pb.go delete mode 100644 api/keto/acl/v1/write_service.pb.go delete mode 100644 api/keto/acl/v1/write_service_grpc.pb.go rename api/keto/acl/{v1 => v1alpha1}/acl.proto (86%) rename api/keto/acl/{v1 => v1alpha1}/check_service.proto (80%) rename api/keto/acl/{v1 => v1alpha1}/read_service.proto (90%) rename api/keto/acl/{v1 => v1alpha1}/watch_service.proto (65%) rename api/keto/acl/{v1 => v1alpha1}/write_service.proto (89%) diff --git a/api/keto/README.md b/api/keto/README.md index 9d683f9e8..3b492025a 100644 --- a/api/keto/README.md +++ b/api/keto/README.md @@ -1,8 +1,12 @@ # Notes -> ORY Keto is still a `sandbox` project. -This makes the included api version `v1` subject -to have breaking changes until the `v1.0.0` release of Keto! +> ORY Keto is still a `sandbox` project and +the included APIs are unstable until we reach `v1` +and release `v1.0.0` of Keto! +> +> Older API versions, such as `v1alpha1`, will still +> get support for a reasonable amount of time after release +> of `v1`! This directory contains the ProtoBuf & gRPC definitions for the Access Control APIs. diff --git a/api/keto/acl/admin/v1/admin_service.pb.go b/api/keto/acl/admin/v1/admin_service.pb.go deleted file mode 100644 index ce01badc6..000000000 --- a/api/keto/acl/admin/v1/admin_service.pb.go +++ /dev/null @@ -1,78 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.25.0 -// protoc v3.13.0 -// source: keto/acl/admin/v1/admin_service.proto - -package admin - -import ( - proto "github.com/golang/protobuf/proto" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// This is a compile-time assertion that a sufficiently up-to-date version -// of the legacy proto package is being used. -const _ = proto.ProtoPackageIsVersion4 - -var File_keto_acl_admin_v1_admin_service_proto protoreflect.FileDescriptor - -var file_keto_acl_admin_v1_admin_service_proto_rawDesc = []byte{ - 0x0a, 0x25, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x61, 0x64, 0x6d, 0x69, 0x6e, - 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x11, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, - 0x6c, 0x2e, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x76, 0x31, 0x32, 0x0e, 0x0a, 0x0c, 0x41, 0x64, - 0x6d, 0x69, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x42, 0x90, 0x01, 0x0a, 0x18, 0x73, - 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x61, - 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x76, 0x31, 0x42, 0x11, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2f, 0x67, 0x69, - 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, - 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x61, - 0x64, 0x6d, 0x69, 0x6e, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0xaa, 0x02, 0x15, - 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x41, 0x64, 0x6d, - 0x69, 0x6e, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, - 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var file_keto_acl_admin_v1_admin_service_proto_goTypes = []interface{}{} -var file_keto_acl_admin_v1_admin_service_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_keto_acl_admin_v1_admin_service_proto_init() } -func file_keto_acl_admin_v1_admin_service_proto_init() { - if File_keto_acl_admin_v1_admin_service_proto != nil { - return - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_keto_acl_admin_v1_admin_service_proto_rawDesc, - NumEnums: 0, - NumMessages: 0, - NumExtensions: 0, - NumServices: 1, - }, - GoTypes: file_keto_acl_admin_v1_admin_service_proto_goTypes, - DependencyIndexes: file_keto_acl_admin_v1_admin_service_proto_depIdxs, - }.Build() - File_keto_acl_admin_v1_admin_service_proto = out.File - file_keto_acl_admin_v1_admin_service_proto_rawDesc = nil - file_keto_acl_admin_v1_admin_service_proto_goTypes = nil - file_keto_acl_admin_v1_admin_service_proto_depIdxs = nil -} diff --git a/api/keto/acl/admin/v1/admin_service.proto b/api/keto/acl/admin/v1/admin_service.proto deleted file mode 100644 index 5cf8218de..000000000 --- a/api/keto/acl/admin/v1/admin_service.proto +++ /dev/null @@ -1,16 +0,0 @@ -syntax = "proto3"; - -package keto.acl.admin.v1; - -option go_package = "github.com/ory/keto/api/keto/acl/admin/v1;admin"; -option csharp_namespace = "Ory.Keto.Acl.Admin.V1"; -option java_multiple_files = true; -option java_outer_classname = "AdminServiceProto"; -option java_package = "sh.ory.keto.acl.admin.v1"; -option php_namespace = "Ory\\Keto\\Acl\\Admin\\V1"; - -// The admin service for doing administrative tasks in the ACL system. -service AdminService { - // ...RPCs are coming here in (near) future... -} - diff --git a/api/keto/acl/admin/v1/admin_service_grpc.pb.go b/api/keto/acl/admin/v1/admin_service_grpc.pb.go deleted file mode 100644 index 623a8d391..000000000 --- a/api/keto/acl/admin/v1/admin_service_grpc.pb.go +++ /dev/null @@ -1,54 +0,0 @@ -// Code generated by protoc-gen-go-grpc. DO NOT EDIT. - -package admin - -import ( - grpc "google.golang.org/grpc" -) - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion7 - -// AdminServiceClient is the client API for AdminService service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. -type AdminServiceClient interface { -} - -type adminServiceClient struct { - cc grpc.ClientConnInterface -} - -func NewAdminServiceClient(cc grpc.ClientConnInterface) AdminServiceClient { - return &adminServiceClient{cc} -} - -// AdminServiceServer is the server API for AdminService service. -// All implementations should embed UnimplementedAdminServiceServer -// for forward compatibility -type AdminServiceServer interface { -} - -// UnimplementedAdminServiceServer should be embedded to have forward compatible implementations. -type UnimplementedAdminServiceServer struct { -} - -// UnsafeAdminServiceServer may be embedded to opt out of forward compatibility for this service. -// Use of this interface is not recommended, as added methods to AdminServiceServer will -// result in compilation errors. -type UnsafeAdminServiceServer interface { - mustEmbedUnimplementedAdminServiceServer() -} - -func RegisterAdminServiceServer(s grpc.ServiceRegistrar, srv AdminServiceServer) { - s.RegisterService(&_AdminService_serviceDesc, srv) -} - -var _AdminService_serviceDesc = grpc.ServiceDesc{ - ServiceName: "keto.acl.admin.v1.AdminService", - HandlerType: (*AdminServiceServer)(nil), - Methods: []grpc.MethodDesc{}, - Streams: []grpc.StreamDesc{}, - Metadata: "keto/acl/admin/v1/admin_service.proto", -} diff --git a/api/keto/acl/admin/v1alpha1/admin_service.proto b/api/keto/acl/admin/v1alpha1/admin_service.proto new file mode 100644 index 000000000..2273a65b3 --- /dev/null +++ b/api/keto/acl/admin/v1alpha1/admin_service.proto @@ -0,0 +1,16 @@ +syntax = "proto3"; + +package keto.acl.admin.v1alpha1; + +option go_package = "github.com/ory/keto/api/keto/acl/admin/v1alpha1;admin"; +option csharp_namespace = "Ory.Keto.Acl.Admin.V1Alpha1"; +option java_multiple_files = true; +option java_outer_classname = "AdminServiceProto"; +option java_package = "sh.ory.keto.acl.admin.v1alpha1"; +option php_namespace = "Ory\\Keto\\Acl\\Admin\\V1alpha1"; + +// The admin service for administrative tasks in the ACL system. +service AdminService { + // ...RPCs are coming here in (near) future... +} + diff --git a/api/keto/acl/node/v1/node_service.pb.go b/api/keto/acl/node/v1/node_service.pb.go deleted file mode 100644 index 40a0e0396..000000000 --- a/api/keto/acl/node/v1/node_service.pb.go +++ /dev/null @@ -1,77 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.25.0 -// protoc v3.13.0 -// source: keto/acl/node/v1/node_service.proto - -package node - -import ( - proto "github.com/golang/protobuf/proto" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// This is a compile-time assertion that a sufficiently up-to-date version -// of the legacy proto package is being used. -const _ = proto.ProtoPackageIsVersion4 - -var File_keto_acl_node_v1_node_service_proto protoreflect.FileDescriptor - -var file_keto_acl_node_v1_node_service_proto_rawDesc = []byte{ - 0x0a, 0x23, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2f, - 0x76, 0x31, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x10, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, - 0x6e, 0x6f, 0x64, 0x65, 0x2e, 0x76, 0x31, 0x32, 0x0d, 0x0a, 0x0b, 0x4e, 0x6f, 0x64, 0x65, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x42, 0x8a, 0x01, 0x0a, 0x17, 0x73, 0x68, 0x2e, 0x6f, 0x72, - 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x6e, 0x6f, 0x64, 0x65, 0x2e, - 0x76, 0x31, 0x42, 0x10, 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, - 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, - 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2f, 0x76, 0x31, - 0x3b, 0x6e, 0x6f, 0x64, 0x65, 0xaa, 0x02, 0x14, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, - 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x14, 0x4f, - 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x4e, 0x6f, 0x64, 0x65, - 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var file_keto_acl_node_v1_node_service_proto_goTypes = []interface{}{} -var file_keto_acl_node_v1_node_service_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_keto_acl_node_v1_node_service_proto_init() } -func file_keto_acl_node_v1_node_service_proto_init() { - if File_keto_acl_node_v1_node_service_proto != nil { - return - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_keto_acl_node_v1_node_service_proto_rawDesc, - NumEnums: 0, - NumMessages: 0, - NumExtensions: 0, - NumServices: 1, - }, - GoTypes: file_keto_acl_node_v1_node_service_proto_goTypes, - DependencyIndexes: file_keto_acl_node_v1_node_service_proto_depIdxs, - }.Build() - File_keto_acl_node_v1_node_service_proto = out.File - file_keto_acl_node_v1_node_service_proto_rawDesc = nil - file_keto_acl_node_v1_node_service_proto_goTypes = nil - file_keto_acl_node_v1_node_service_proto_depIdxs = nil -} diff --git a/api/keto/acl/node/v1/node_service_grpc.pb.go b/api/keto/acl/node/v1/node_service_grpc.pb.go deleted file mode 100644 index 85757812c..000000000 --- a/api/keto/acl/node/v1/node_service_grpc.pb.go +++ /dev/null @@ -1,54 +0,0 @@ -// Code generated by protoc-gen-go-grpc. DO NOT EDIT. - -package node - -import ( - grpc "google.golang.org/grpc" -) - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion7 - -// NodeServiceClient is the client API for NodeService service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. -type NodeServiceClient interface { -} - -type nodeServiceClient struct { - cc grpc.ClientConnInterface -} - -func NewNodeServiceClient(cc grpc.ClientConnInterface) NodeServiceClient { - return &nodeServiceClient{cc} -} - -// NodeServiceServer is the server API for NodeService service. -// All implementations should embed UnimplementedNodeServiceServer -// for forward compatibility -type NodeServiceServer interface { -} - -// UnimplementedNodeServiceServer should be embedded to have forward compatible implementations. -type UnimplementedNodeServiceServer struct { -} - -// UnsafeNodeServiceServer may be embedded to opt out of forward compatibility for this service. -// Use of this interface is not recommended, as added methods to NodeServiceServer will -// result in compilation errors. -type UnsafeNodeServiceServer interface { - mustEmbedUnimplementedNodeServiceServer() -} - -func RegisterNodeServiceServer(s grpc.ServiceRegistrar, srv NodeServiceServer) { - s.RegisterService(&_NodeService_serviceDesc, srv) -} - -var _NodeService_serviceDesc = grpc.ServiceDesc{ - ServiceName: "keto.acl.node.v1.NodeService", - HandlerType: (*NodeServiceServer)(nil), - Methods: []grpc.MethodDesc{}, - Streams: []grpc.StreamDesc{}, - Metadata: "keto/acl/node/v1/node_service.proto", -} diff --git a/api/keto/acl/node/v1/node_service.proto b/api/keto/acl/node/v1alpha1/node_service.proto similarity index 75% rename from api/keto/acl/node/v1/node_service.proto rename to api/keto/acl/node/v1alpha1/node_service.proto index 6c6b4932e..00db52aa9 100644 --- a/api/keto/acl/node/v1/node_service.proto +++ b/api/keto/acl/node/v1alpha1/node_service.proto @@ -1,13 +1,13 @@ syntax = "proto3"; -package keto.acl.node.v1; +package keto.acl.node.v1alpha1; -option go_package = "github.com/ory/keto/api/keto/acl/node/v1;node"; -option csharp_namespace = "Ory.Keto.Acl.Node.V1"; +option go_package = "github.com/ory/keto/api/keto/acl/node/v1alpha1;node"; +option csharp_namespace = "Ory.Keto.Acl.Node.V1Alpha1"; option java_multiple_files = true; option java_outer_classname = "NodeServiceProto"; -option java_package = "sh.ory.keto.acl.node.v1"; -option php_namespace = "Ory\\Keto\\Acl\\Node\\V1"; +option java_package = "sh.ory.keto.acl.node.v1alpha1"; +option php_namespace = "Ory\\Keto\\Acl\\Node\\V1alpha1"; // The internal service for intercommunication // between ACL servers in a cluster. diff --git a/api/keto/acl/v1/acl.pb.go b/api/keto/acl/v1/acl.pb.go deleted file mode 100644 index 364f3e9a5..000000000 --- a/api/keto/acl/v1/acl.pb.go +++ /dev/null @@ -1,465 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.25.0 -// protoc v3.13.0 -// source: keto/acl/v1/acl.proto - -package acl - -import ( - proto "github.com/golang/protobuf/proto" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// This is a compile-time assertion that a sufficiently up-to-date version -// of the legacy proto package is being used. -const _ = proto.ProtoPackageIsVersion4 - -// RelationTuple relates an Object with a Subject. -// -// While a tuple reflects a relationship between Object -// and Subject, they do not completely define the effective ACLs. -type RelationTuple struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The object related by this tuple. - Object *Object `protobuf:"bytes,1,opt,name=object,proto3" json:"object,omitempty"` - // The relation between an Object and a Subject. - Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` - // The subject related by this tuple. - // A Subject either represents a concrete subject id or - // a SubjectSet that expands to more Subjects. - Subject *Subject `protobuf:"bytes,3,opt,name=subject,proto3" json:"subject,omitempty"` - // Used to perform a consistent read-modify-write (lock). - Etag string `protobuf:"bytes,4,opt,name=etag,proto3" json:"etag,omitempty"` -} - -func (x *RelationTuple) Reset() { - *x = RelationTuple{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_acl_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *RelationTuple) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*RelationTuple) ProtoMessage() {} - -func (x *RelationTuple) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_acl_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use RelationTuple.ProtoReflect.Descriptor instead. -func (*RelationTuple) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_acl_proto_rawDescGZIP(), []int{0} -} - -func (x *RelationTuple) GetObject() *Object { - if x != nil { - return x.Object - } - return nil -} - -func (x *RelationTuple) GetRelation() string { - if x != nil { - return x.Relation - } - return "" -} - -func (x *RelationTuple) GetSubject() *Subject { - if x != nil { - return x.Subject - } - return nil -} - -func (x *RelationTuple) GetEtag() string { - if x != nil { - return x.Etag - } - return "" -} - -// Object is an object in a namespace -// referenced by a RelationTuple or SubjectSet. -// -// It represents a "resource" or "digital object". -type Object struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The namespace of the object. - // This effectively is the namespace of the whole RelationTuple. - Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` - // The object id. - Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` -} - -func (x *Object) Reset() { - *x = Object{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_acl_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Object) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Object) ProtoMessage() {} - -func (x *Object) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_acl_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Object.ProtoReflect.Descriptor instead. -func (*Object) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_acl_proto_rawDescGZIP(), []int{1} -} - -func (x *Object) GetNamespace() string { - if x != nil { - return x.Namespace - } - return "" -} - -func (x *Object) GetId() string { - if x != nil { - return x.Id - } - return "" -} - -// Subject is either a concrete subject id or -// a subject set expanding to more Subjects. -type Subject struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The reference of this abstract subject. - // - // Types that are assignable to Ref: - // *Subject_Id - // *Subject_Set - Ref isSubject_Ref `protobuf_oneof:"ref"` -} - -func (x *Subject) Reset() { - *x = Subject{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_acl_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Subject) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Subject) ProtoMessage() {} - -func (x *Subject) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_acl_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Subject.ProtoReflect.Descriptor instead. -func (*Subject) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_acl_proto_rawDescGZIP(), []int{2} -} - -func (m *Subject) GetRef() isSubject_Ref { - if m != nil { - return m.Ref - } - return nil -} - -func (x *Subject) GetId() string { - if x, ok := x.GetRef().(*Subject_Id); ok { - return x.Id - } - return "" -} - -func (x *Subject) GetSet() *SubjectSet { - if x, ok := x.GetRef().(*Subject_Set); ok { - return x.Set - } - return nil -} - -type isSubject_Ref interface { - isSubject_Ref() -} - -type Subject_Id struct { - // A concrete id of the subject. - Id string `protobuf:"bytes,1,opt,name=id,proto3,oneof"` -} - -type Subject_Set struct { - // A subject set that expands to more Subjects - // (used for inheritance). - Set *SubjectSet `protobuf:"bytes,2,opt,name=set,proto3,oneof"` -} - -func (*Subject_Id) isSubject_Ref() {} - -func (*Subject_Set) isSubject_Ref() {} - -// SubjectSet refers to all subjects which have -// the same `relation` to an `object`. -// Also used for inheritance. -type SubjectSet struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The object selected by the subjects. - Object *Object `protobuf:"bytes,1,opt,name=object,proto3" json:"object,omitempty"` - // The relation to the object by the subjects. - Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` -} - -func (x *SubjectSet) Reset() { - *x = SubjectSet{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_acl_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SubjectSet) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SubjectSet) ProtoMessage() {} - -func (x *SubjectSet) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_acl_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SubjectSet.ProtoReflect.Descriptor instead. -func (*SubjectSet) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_acl_proto_rawDescGZIP(), []int{3} -} - -func (x *SubjectSet) GetObject() *Object { - if x != nil { - return x.Object - } - return nil -} - -func (x *SubjectSet) GetRelation() string { - if x != nil { - return x.Relation - } - return "" -} - -var File_keto_acl_v1_acl_proto protoreflect.FileDescriptor - -var file_keto_acl_v1_acl_proto_rawDesc = []byte{ - 0x0a, 0x15, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x63, - 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0b, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, - 0x6c, 0x2e, 0x76, 0x31, 0x22, 0x9c, 0x01, 0x0a, 0x0d, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x12, 0x2b, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, - 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, - 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, - 0x2e, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x14, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x53, - 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, - 0x12, 0x0a, 0x04, 0x65, 0x74, 0x61, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x65, - 0x74, 0x61, 0x67, 0x22, 0x36, 0x0a, 0x06, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1c, 0x0a, - 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, - 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x22, 0x4f, 0x0a, 0x07, 0x53, - 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x10, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x48, 0x00, 0x52, 0x02, 0x69, 0x64, 0x12, 0x2b, 0x0a, 0x03, 0x73, 0x65, 0x74, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, - 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x48, 0x00, - 0x52, 0x03, 0x73, 0x65, 0x74, 0x42, 0x05, 0x0a, 0x03, 0x72, 0x65, 0x66, 0x22, 0x55, 0x0a, 0x0a, - 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x12, 0x2b, 0x0a, 0x06, 0x6f, 0x62, - 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x6b, 0x65, 0x74, - 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, - 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x42, 0x6d, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, - 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x08, 0x41, 0x63, 0x6c, 0x50, 0x72, - 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, - 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, - 0x0f, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, - 0xca, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, - 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_keto_acl_v1_acl_proto_rawDescOnce sync.Once - file_keto_acl_v1_acl_proto_rawDescData = file_keto_acl_v1_acl_proto_rawDesc -) - -func file_keto_acl_v1_acl_proto_rawDescGZIP() []byte { - file_keto_acl_v1_acl_proto_rawDescOnce.Do(func() { - file_keto_acl_v1_acl_proto_rawDescData = protoimpl.X.CompressGZIP(file_keto_acl_v1_acl_proto_rawDescData) - }) - return file_keto_acl_v1_acl_proto_rawDescData -} - -var file_keto_acl_v1_acl_proto_msgTypes = make([]protoimpl.MessageInfo, 4) -var file_keto_acl_v1_acl_proto_goTypes = []interface{}{ - (*RelationTuple)(nil), // 0: keto.acl.v1.RelationTuple - (*Object)(nil), // 1: keto.acl.v1.Object - (*Subject)(nil), // 2: keto.acl.v1.Subject - (*SubjectSet)(nil), // 3: keto.acl.v1.SubjectSet -} -var file_keto_acl_v1_acl_proto_depIdxs = []int32{ - 1, // 0: keto.acl.v1.RelationTuple.object:type_name -> keto.acl.v1.Object - 2, // 1: keto.acl.v1.RelationTuple.subject:type_name -> keto.acl.v1.Subject - 3, // 2: keto.acl.v1.Subject.set:type_name -> keto.acl.v1.SubjectSet - 1, // 3: keto.acl.v1.SubjectSet.object:type_name -> keto.acl.v1.Object - 4, // [4:4] is the sub-list for method output_type - 4, // [4:4] is the sub-list for method input_type - 4, // [4:4] is the sub-list for extension type_name - 4, // [4:4] is the sub-list for extension extendee - 0, // [0:4] is the sub-list for field type_name -} - -func init() { file_keto_acl_v1_acl_proto_init() } -func file_keto_acl_v1_acl_proto_init() { - if File_keto_acl_v1_acl_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_keto_acl_v1_acl_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RelationTuple); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keto_acl_v1_acl_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Object); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keto_acl_v1_acl_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Subject); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keto_acl_v1_acl_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SubjectSet); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_keto_acl_v1_acl_proto_msgTypes[2].OneofWrappers = []interface{}{ - (*Subject_Id)(nil), - (*Subject_Set)(nil), - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_keto_acl_v1_acl_proto_rawDesc, - NumEnums: 0, - NumMessages: 4, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_keto_acl_v1_acl_proto_goTypes, - DependencyIndexes: file_keto_acl_v1_acl_proto_depIdxs, - MessageInfos: file_keto_acl_v1_acl_proto_msgTypes, - }.Build() - File_keto_acl_v1_acl_proto = out.File - file_keto_acl_v1_acl_proto_rawDesc = nil - file_keto_acl_v1_acl_proto_goTypes = nil - file_keto_acl_v1_acl_proto_depIdxs = nil -} diff --git a/api/keto/acl/v1/check_service.pb.go b/api/keto/acl/v1/check_service.pb.go deleted file mode 100644 index 96c6414f7..000000000 --- a/api/keto/acl/v1/check_service.pb.go +++ /dev/null @@ -1,308 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.25.0 -// protoc v3.13.0 -// source: keto/acl/v1/check_service.proto - -package acl - -import ( - proto "github.com/golang/protobuf/proto" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// This is a compile-time assertion that a sufficiently up-to-date version -// of the legacy proto package is being used. -const _ = proto.ProtoPackageIsVersion4 - -// The request for a CheckService.Check rpc. -// Checks whether a specific subject is related to an object. -type CheckRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The related object in this check. - Object *Object `protobuf:"bytes,1,opt,name=object,proto3" json:"object,omitempty"` - // The relation this check. - Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` - // The concrete subject id to check. - SubjectId string `protobuf:"bytes,3,opt,name=subject_id,json=subjectId,proto3" json:"subject_id,omitempty"` - // Optional. The staleness bound of this check. - // - // It specifies the clients last known snapshot token - // that the server uses to only check against ACLs newer - // than specified token snapshot in order to compute the - // result of this check. - // - // Leave this field blank if... - // - your application strictly requires to act on up-to-date data - // - your application not yet has a snaptoken on the related data (e.g. user) - // - // If the specified token is too old, the server falls back and tries to - // find the best snapshot token to perform the check using least stale - // ACLs that very likely already got replicated. - // - // *It is recommended to perform checks using slightly stale - // data (e.g. token older than 3-10 seconds) for minimum latency - // and where the application is allowed to accept slightly off checks. - Snaptoken []byte `protobuf:"bytes,4,opt,name=snaptoken,proto3" json:"snaptoken,omitempty"` -} - -func (x *CheckRequest) Reset() { - *x = CheckRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_check_service_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CheckRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CheckRequest) ProtoMessage() {} - -func (x *CheckRequest) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_check_service_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CheckRequest.ProtoReflect.Descriptor instead. -func (*CheckRequest) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_check_service_proto_rawDescGZIP(), []int{0} -} - -func (x *CheckRequest) GetObject() *Object { - if x != nil { - return x.Object - } - return nil -} - -func (x *CheckRequest) GetRelation() string { - if x != nil { - return x.Relation - } - return "" -} - -func (x *CheckRequest) GetSubjectId() string { - if x != nil { - return x.SubjectId - } - return "" -} - -func (x *CheckRequest) GetSnaptoken() []byte { - if x != nil { - return x.Snaptoken - } - return nil -} - -// The response for a CheckService.Check rpc. -type CheckResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Whether the specified subject (id) - // is related to the requested object. - // - // It is false by default if no ACL matches. - Allowed bool `protobuf:"varint,1,opt,name=allowed,proto3" json:"allowed,omitempty"` - // The last known snapshot token ONLY specified if - // the request had not specified a snaptoken, - // since this performed a "content-change request" - // and consistently fetched the last known snapshot token. - // - // This field is not set if the request had specified a snaptoken! - // - // If set, clients should cache and use this token - // for subsequent requests to have minimal latency, - // but allow slightly stale responses (only some milliseconds or seconds). - Snaptoken []byte `protobuf:"bytes,2,opt,name=snaptoken,proto3" json:"snaptoken,omitempty"` -} - -func (x *CheckResponse) Reset() { - *x = CheckResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_check_service_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CheckResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CheckResponse) ProtoMessage() {} - -func (x *CheckResponse) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_check_service_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CheckResponse.ProtoReflect.Descriptor instead. -func (*CheckResponse) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_check_service_proto_rawDescGZIP(), []int{1} -} - -func (x *CheckResponse) GetAllowed() bool { - if x != nil { - return x.Allowed - } - return false -} - -func (x *CheckResponse) GetSnaptoken() []byte { - if x != nil { - return x.Snaptoken - } - return nil -} - -var File_keto_acl_v1_check_service_proto protoreflect.FileDescriptor - -var file_keto_acl_v1_check_service_proto_rawDesc = []byte{ - 0x0a, 0x1f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x63, 0x68, - 0x65, 0x63, 0x6b, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x12, 0x0b, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x1a, 0x15, - 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x63, 0x6c, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x94, 0x01, 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2b, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, - 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, - 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, - 0x1d, 0x0a, 0x0a, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x1c, - 0x0a, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x47, 0x0a, 0x0d, - 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, - 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, - 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, - 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, - 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x32, 0x4e, 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x3e, 0x0a, 0x05, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x19, - 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x68, 0x65, - 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, - 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x76, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, - 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x11, 0x43, 0x68, 0x65, - 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, - 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, - 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, - 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x2e, - 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, 0x4f, 0x72, - 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_keto_acl_v1_check_service_proto_rawDescOnce sync.Once - file_keto_acl_v1_check_service_proto_rawDescData = file_keto_acl_v1_check_service_proto_rawDesc -) - -func file_keto_acl_v1_check_service_proto_rawDescGZIP() []byte { - file_keto_acl_v1_check_service_proto_rawDescOnce.Do(func() { - file_keto_acl_v1_check_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_keto_acl_v1_check_service_proto_rawDescData) - }) - return file_keto_acl_v1_check_service_proto_rawDescData -} - -var file_keto_acl_v1_check_service_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_keto_acl_v1_check_service_proto_goTypes = []interface{}{ - (*CheckRequest)(nil), // 0: keto.acl.v1.CheckRequest - (*CheckResponse)(nil), // 1: keto.acl.v1.CheckResponse - (*Object)(nil), // 2: keto.acl.v1.Object -} -var file_keto_acl_v1_check_service_proto_depIdxs = []int32{ - 2, // 0: keto.acl.v1.CheckRequest.object:type_name -> keto.acl.v1.Object - 0, // 1: keto.acl.v1.CheckService.Check:input_type -> keto.acl.v1.CheckRequest - 1, // 2: keto.acl.v1.CheckService.Check:output_type -> keto.acl.v1.CheckResponse - 2, // [2:3] is the sub-list for method output_type - 1, // [1:2] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_keto_acl_v1_check_service_proto_init() } -func file_keto_acl_v1_check_service_proto_init() { - if File_keto_acl_v1_check_service_proto != nil { - return - } - file_keto_acl_v1_acl_proto_init() - if !protoimpl.UnsafeEnabled { - file_keto_acl_v1_check_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CheckRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keto_acl_v1_check_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CheckResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_keto_acl_v1_check_service_proto_rawDesc, - NumEnums: 0, - NumMessages: 2, - NumExtensions: 0, - NumServices: 1, - }, - GoTypes: file_keto_acl_v1_check_service_proto_goTypes, - DependencyIndexes: file_keto_acl_v1_check_service_proto_depIdxs, - MessageInfos: file_keto_acl_v1_check_service_proto_msgTypes, - }.Build() - File_keto_acl_v1_check_service_proto = out.File - file_keto_acl_v1_check_service_proto_rawDesc = nil - file_keto_acl_v1_check_service_proto_goTypes = nil - file_keto_acl_v1_check_service_proto_depIdxs = nil -} diff --git a/api/keto/acl/v1/check_service_grpc.pb.go b/api/keto/acl/v1/check_service_grpc.pb.go deleted file mode 100644 index a98242936..000000000 --- a/api/keto/acl/v1/check_service_grpc.pb.go +++ /dev/null @@ -1,97 +0,0 @@ -// Code generated by protoc-gen-go-grpc. DO NOT EDIT. - -package acl - -import ( - context "context" - grpc "google.golang.org/grpc" - codes "google.golang.org/grpc/codes" - status "google.golang.org/grpc/status" -) - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion7 - -// CheckServiceClient is the client API for CheckService service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. -type CheckServiceClient interface { - // Check performs an authorization check. - Check(ctx context.Context, in *CheckRequest, opts ...grpc.CallOption) (*CheckResponse, error) -} - -type checkServiceClient struct { - cc grpc.ClientConnInterface -} - -func NewCheckServiceClient(cc grpc.ClientConnInterface) CheckServiceClient { - return &checkServiceClient{cc} -} - -func (c *checkServiceClient) Check(ctx context.Context, in *CheckRequest, opts ...grpc.CallOption) (*CheckResponse, error) { - out := new(CheckResponse) - err := c.cc.Invoke(ctx, "/keto.acl.v1.CheckService/Check", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// CheckServiceServer is the server API for CheckService service. -// All implementations should embed UnimplementedCheckServiceServer -// for forward compatibility -type CheckServiceServer interface { - // Check performs an authorization check. - Check(context.Context, *CheckRequest) (*CheckResponse, error) -} - -// UnimplementedCheckServiceServer should be embedded to have forward compatible implementations. -type UnimplementedCheckServiceServer struct { -} - -func (UnimplementedCheckServiceServer) Check(context.Context, *CheckRequest) (*CheckResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Check not implemented") -} - -// UnsafeCheckServiceServer may be embedded to opt out of forward compatibility for this service. -// Use of this interface is not recommended, as added methods to CheckServiceServer will -// result in compilation errors. -type UnsafeCheckServiceServer interface { - mustEmbedUnimplementedCheckServiceServer() -} - -func RegisterCheckServiceServer(s grpc.ServiceRegistrar, srv CheckServiceServer) { - s.RegisterService(&_CheckService_serviceDesc, srv) -} - -func _CheckService_Check_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CheckRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CheckServiceServer).Check(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/keto.acl.v1.CheckService/Check", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CheckServiceServer).Check(ctx, req.(*CheckRequest)) - } - return interceptor(ctx, in, info, handler) -} - -var _CheckService_serviceDesc = grpc.ServiceDesc{ - ServiceName: "keto.acl.v1.CheckService", - HandlerType: (*CheckServiceServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "Check", - Handler: _CheckService_Check_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "keto/acl/v1/check_service.proto", -} diff --git a/api/keto/acl/v1/read_service.pb.go b/api/keto/acl/v1/read_service.pb.go deleted file mode 100644 index 554c33406..000000000 --- a/api/keto/acl/v1/read_service.pb.go +++ /dev/null @@ -1,426 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.25.0 -// protoc v3.13.0 -// source: keto/acl/v1/read_service.proto - -package acl - -import ( - proto "github.com/golang/protobuf/proto" - field_mask "google.golang.org/genproto/protobuf/field_mask" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// This is a compile-time assertion that a sufficiently up-to-date version -// of the legacy proto package is being used. -const _ = proto.ProtoPackageIsVersion4 - -// Request for ReadService.ListRelationTuples rpc. -// See ListRelationTuplesRequest_Query for more querying details. -type ListRelationTuplesRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // All field constraints are concatenated - // with a logical AND operator. - // An unspecified field specifies a `*` wildcard match. - Query *ListRelationTuplesRequest_Query `protobuf:"bytes,1,opt,name=query,proto3" json:"query,omitempty"` - // Optional. The list of fields to be expanded - // in the RelationTuple list returned in `ListRelationTuplesResponse`. - // Leaving this field unspecified means all fields are expanded. - // - // Available fields: - // "object", "relation", "subject", - // "object.namespace","object.id", - // "subject.id", "subject.set" - ExpandMask *field_mask.FieldMask `protobuf:"bytes,2,opt,name=expand_mask,json=expandMask,proto3" json:"expand_mask,omitempty"` - // Optional. The snapshot token for this read. - Snaptoken []byte `protobuf:"bytes,3,opt,name=snaptoken,proto3" json:"snaptoken,omitempty"` - // Optional. The maximum number of - // RelationTuples to return in the response. - PageSize int32 `protobuf:"varint,4,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"` - // Optional. A pagination token returned from - // a previous call to `ListRelationTuples` that - // indicates where this listing should continue from. - PageToken string `protobuf:"bytes,5,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"` -} - -func (x *ListRelationTuplesRequest) Reset() { - *x = ListRelationTuplesRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_read_service_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ListRelationTuplesRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ListRelationTuplesRequest) ProtoMessage() {} - -func (x *ListRelationTuplesRequest) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_read_service_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ListRelationTuplesRequest.ProtoReflect.Descriptor instead. -func (*ListRelationTuplesRequest) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_read_service_proto_rawDescGZIP(), []int{0} -} - -func (x *ListRelationTuplesRequest) GetQuery() *ListRelationTuplesRequest_Query { - if x != nil { - return x.Query - } - return nil -} - -func (x *ListRelationTuplesRequest) GetExpandMask() *field_mask.FieldMask { - if x != nil { - return x.ExpandMask - } - return nil -} - -func (x *ListRelationTuplesRequest) GetSnaptoken() []byte { - if x != nil { - return x.Snaptoken - } - return nil -} - -func (x *ListRelationTuplesRequest) GetPageSize() int32 { - if x != nil { - return x.PageSize - } - return 0 -} - -func (x *ListRelationTuplesRequest) GetPageToken() string { - if x != nil { - return x.PageToken - } - return "" -} - -// The response of a ReadService.ListRelationTuples rpc. -type ListRelationTuplesResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The relation tuples matching the list request. - RelationTuples []*RelationTuple `protobuf:"bytes,1,rep,name=relation_tuples,json=relationTuples,proto3" json:"relation_tuples,omitempty"` - // Optional. A pagination token returned from a previous call to `ListRelationTuples` - // that indicates where this listing should continue from. - // - // All fields of the subsequent ListRelationTuplesRequest request - // using this `next_page_token` as the `page_token` are ignored and - // CAN be left blank, since the request's data is baked in this `next_page_token`. - NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"` -} - -func (x *ListRelationTuplesResponse) Reset() { - *x = ListRelationTuplesResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_read_service_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ListRelationTuplesResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ListRelationTuplesResponse) ProtoMessage() {} - -func (x *ListRelationTuplesResponse) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_read_service_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ListRelationTuplesResponse.ProtoReflect.Descriptor instead. -func (*ListRelationTuplesResponse) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_read_service_proto_rawDescGZIP(), []int{1} -} - -func (x *ListRelationTuplesResponse) GetRelationTuples() []*RelationTuple { - if x != nil { - return x.RelationTuples - } - return nil -} - -func (x *ListRelationTuplesResponse) GetNextPageToken() string { - if x != nil { - return x.NextPageToken - } - return "" -} - -// The query for listing relation tuples. -// Clients can specify any optional field to -// partially filter for specific relation tuples. -// -// Example use cases: -// - object only: display a list of all rules of one object -// - relation only: get all groups that have members; e.g. get all directories that have content -// - object & relation: display all subjects that have e.g. write relation -// - subject & relation: display all groups a subject belongs to/display all objects a subject has access to -// - object & relation & subject: check whether the relation tuple already exists, before writing it -// -type ListRelationTuplesRequest_Query struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Optional. - Object *Object `protobuf:"bytes,1,opt,name=object,proto3" json:"object,omitempty"` - // Optional. - Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` - // Optional. - Subject *Subject `protobuf:"bytes,3,opt,name=subject,proto3" json:"subject,omitempty"` -} - -func (x *ListRelationTuplesRequest_Query) Reset() { - *x = ListRelationTuplesRequest_Query{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_read_service_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ListRelationTuplesRequest_Query) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ListRelationTuplesRequest_Query) ProtoMessage() {} - -func (x *ListRelationTuplesRequest_Query) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_read_service_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ListRelationTuplesRequest_Query.ProtoReflect.Descriptor instead. -func (*ListRelationTuplesRequest_Query) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_read_service_proto_rawDescGZIP(), []int{0, 0} -} - -func (x *ListRelationTuplesRequest_Query) GetObject() *Object { - if x != nil { - return x.Object - } - return nil -} - -func (x *ListRelationTuplesRequest_Query) GetRelation() string { - if x != nil { - return x.Relation - } - return "" -} - -func (x *ListRelationTuplesRequest_Query) GetSubject() *Subject { - if x != nil { - return x.Subject - } - return nil -} - -var File_keto_acl_v1_read_service_proto protoreflect.FileDescriptor - -var file_keto_acl_v1_read_service_proto_rawDesc = []byte{ - 0x0a, 0x1e, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x72, 0x65, - 0x61, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x12, 0x0b, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x1a, 0x15, 0x6b, - 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x63, 0x6c, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x6d, 0x61, 0x73, 0x6b, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf9, 0x02, 0x0a, 0x19, 0x4c, 0x69, 0x73, 0x74, 0x52, - 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x12, 0x42, 0x0a, 0x05, 0x71, 0x75, 0x65, 0x72, 0x79, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, - 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, - 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x51, 0x75, 0x65, 0x72, - 0x79, 0x52, 0x05, 0x71, 0x75, 0x65, 0x72, 0x79, 0x12, 0x3b, 0x0a, 0x0b, 0x65, 0x78, 0x70, 0x61, - 0x6e, 0x64, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4d, 0x61, 0x73, 0x6b, 0x52, 0x0a, 0x65, 0x78, 0x70, 0x61, 0x6e, - 0x64, 0x4d, 0x61, 0x73, 0x6b, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, - 0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, - 0x6b, 0x65, 0x6e, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x70, 0x61, 0x67, 0x65, 0x53, 0x69, 0x7a, 0x65, - 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x1a, - 0x80, 0x01, 0x0a, 0x05, 0x51, 0x75, 0x65, 0x72, 0x79, 0x12, 0x2b, 0x0a, 0x06, 0x6f, 0x62, 0x6a, - 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x6b, 0x65, 0x74, 0x6f, - 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, - 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x12, 0x2e, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, - 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, - 0x63, 0x74, 0x22, 0x89, 0x01, 0x0a, 0x1a, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x12, 0x43, 0x0a, 0x0f, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, - 0x70, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, - 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x52, 0x0e, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x70, - 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0d, 0x6e, 0x65, 0x78, 0x74, 0x50, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x32, 0x74, - 0x0a, 0x0b, 0x52, 0x65, 0x61, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x65, 0x0a, - 0x12, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, - 0x6c, 0x65, 0x73, 0x12, 0x26, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, - 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, - 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, 0x6b, 0x65, - 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, - 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x75, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, - 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x10, 0x52, 0x65, 0x61, 0x64, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27, - 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, - 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, - 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, - 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x5c, - 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, -} - -var ( - file_keto_acl_v1_read_service_proto_rawDescOnce sync.Once - file_keto_acl_v1_read_service_proto_rawDescData = file_keto_acl_v1_read_service_proto_rawDesc -) - -func file_keto_acl_v1_read_service_proto_rawDescGZIP() []byte { - file_keto_acl_v1_read_service_proto_rawDescOnce.Do(func() { - file_keto_acl_v1_read_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_keto_acl_v1_read_service_proto_rawDescData) - }) - return file_keto_acl_v1_read_service_proto_rawDescData -} - -var file_keto_acl_v1_read_service_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_keto_acl_v1_read_service_proto_goTypes = []interface{}{ - (*ListRelationTuplesRequest)(nil), // 0: keto.acl.v1.ListRelationTuplesRequest - (*ListRelationTuplesResponse)(nil), // 1: keto.acl.v1.ListRelationTuplesResponse - (*ListRelationTuplesRequest_Query)(nil), // 2: keto.acl.v1.ListRelationTuplesRequest.Query - (*field_mask.FieldMask)(nil), // 3: google.protobuf.FieldMask - (*RelationTuple)(nil), // 4: keto.acl.v1.RelationTuple - (*Object)(nil), // 5: keto.acl.v1.Object - (*Subject)(nil), // 6: keto.acl.v1.Subject -} -var file_keto_acl_v1_read_service_proto_depIdxs = []int32{ - 2, // 0: keto.acl.v1.ListRelationTuplesRequest.query:type_name -> keto.acl.v1.ListRelationTuplesRequest.Query - 3, // 1: keto.acl.v1.ListRelationTuplesRequest.expand_mask:type_name -> google.protobuf.FieldMask - 4, // 2: keto.acl.v1.ListRelationTuplesResponse.relation_tuples:type_name -> keto.acl.v1.RelationTuple - 5, // 3: keto.acl.v1.ListRelationTuplesRequest.Query.object:type_name -> keto.acl.v1.Object - 6, // 4: keto.acl.v1.ListRelationTuplesRequest.Query.subject:type_name -> keto.acl.v1.Subject - 0, // 5: keto.acl.v1.ReadService.ListRelationTuples:input_type -> keto.acl.v1.ListRelationTuplesRequest - 1, // 6: keto.acl.v1.ReadService.ListRelationTuples:output_type -> keto.acl.v1.ListRelationTuplesResponse - 6, // [6:7] is the sub-list for method output_type - 5, // [5:6] is the sub-list for method input_type - 5, // [5:5] is the sub-list for extension type_name - 5, // [5:5] is the sub-list for extension extendee - 0, // [0:5] is the sub-list for field type_name -} - -func init() { file_keto_acl_v1_read_service_proto_init() } -func file_keto_acl_v1_read_service_proto_init() { - if File_keto_acl_v1_read_service_proto != nil { - return - } - file_keto_acl_v1_acl_proto_init() - if !protoimpl.UnsafeEnabled { - file_keto_acl_v1_read_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ListRelationTuplesRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keto_acl_v1_read_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ListRelationTuplesResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keto_acl_v1_read_service_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ListRelationTuplesRequest_Query); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_keto_acl_v1_read_service_proto_rawDesc, - NumEnums: 0, - NumMessages: 3, - NumExtensions: 0, - NumServices: 1, - }, - GoTypes: file_keto_acl_v1_read_service_proto_goTypes, - DependencyIndexes: file_keto_acl_v1_read_service_proto_depIdxs, - MessageInfos: file_keto_acl_v1_read_service_proto_msgTypes, - }.Build() - File_keto_acl_v1_read_service_proto = out.File - file_keto_acl_v1_read_service_proto_rawDesc = nil - file_keto_acl_v1_read_service_proto_goTypes = nil - file_keto_acl_v1_read_service_proto_depIdxs = nil -} diff --git a/api/keto/acl/v1/read_service_grpc.pb.go b/api/keto/acl/v1/read_service_grpc.pb.go deleted file mode 100644 index 9ca5b0f55..000000000 --- a/api/keto/acl/v1/read_service_grpc.pb.go +++ /dev/null @@ -1,97 +0,0 @@ -// Code generated by protoc-gen-go-grpc. DO NOT EDIT. - -package acl - -import ( - context "context" - grpc "google.golang.org/grpc" - codes "google.golang.org/grpc/codes" - status "google.golang.org/grpc/status" -) - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion7 - -// ReadServiceClient is the client API for ReadService service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. -type ReadServiceClient interface { - // Lists ACL relation tuples. - ListRelationTuples(ctx context.Context, in *ListRelationTuplesRequest, opts ...grpc.CallOption) (*ListRelationTuplesResponse, error) -} - -type readServiceClient struct { - cc grpc.ClientConnInterface -} - -func NewReadServiceClient(cc grpc.ClientConnInterface) ReadServiceClient { - return &readServiceClient{cc} -} - -func (c *readServiceClient) ListRelationTuples(ctx context.Context, in *ListRelationTuplesRequest, opts ...grpc.CallOption) (*ListRelationTuplesResponse, error) { - out := new(ListRelationTuplesResponse) - err := c.cc.Invoke(ctx, "/keto.acl.v1.ReadService/ListRelationTuples", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// ReadServiceServer is the server API for ReadService service. -// All implementations should embed UnimplementedReadServiceServer -// for forward compatibility -type ReadServiceServer interface { - // Lists ACL relation tuples. - ListRelationTuples(context.Context, *ListRelationTuplesRequest) (*ListRelationTuplesResponse, error) -} - -// UnimplementedReadServiceServer should be embedded to have forward compatible implementations. -type UnimplementedReadServiceServer struct { -} - -func (UnimplementedReadServiceServer) ListRelationTuples(context.Context, *ListRelationTuplesRequest) (*ListRelationTuplesResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method ListRelationTuples not implemented") -} - -// UnsafeReadServiceServer may be embedded to opt out of forward compatibility for this service. -// Use of this interface is not recommended, as added methods to ReadServiceServer will -// result in compilation errors. -type UnsafeReadServiceServer interface { - mustEmbedUnimplementedReadServiceServer() -} - -func RegisterReadServiceServer(s grpc.ServiceRegistrar, srv ReadServiceServer) { - s.RegisterService(&_ReadService_serviceDesc, srv) -} - -func _ReadService_ListRelationTuples_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(ListRelationTuplesRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(ReadServiceServer).ListRelationTuples(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/keto.acl.v1.ReadService/ListRelationTuples", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(ReadServiceServer).ListRelationTuples(ctx, req.(*ListRelationTuplesRequest)) - } - return interceptor(ctx, in, info, handler) -} - -var _ReadService_serviceDesc = grpc.ServiceDesc{ - ServiceName: "keto.acl.v1.ReadService", - HandlerType: (*ReadServiceServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "ListRelationTuples", - Handler: _ReadService_ListRelationTuples_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "keto/acl/v1/read_service.proto", -} diff --git a/api/keto/acl/v1/watch_service.pb.go b/api/keto/acl/v1/watch_service.pb.go deleted file mode 100644 index 13adf4b5c..000000000 --- a/api/keto/acl/v1/watch_service.pb.go +++ /dev/null @@ -1,212 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.25.0 -// protoc v3.13.0 -// source: keto/acl/v1/watch_service.proto - -package acl - -import ( - proto "github.com/golang/protobuf/proto" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// This is a compile-time assertion that a sufficiently up-to-date version -// of the legacy proto package is being used. -const _ = proto.ProtoPackageIsVersion4 - -// TODO WatchRelationTuplesRequest -type WatchRelationTuplesRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields -} - -func (x *WatchRelationTuplesRequest) Reset() { - *x = WatchRelationTuplesRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_watch_service_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *WatchRelationTuplesRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*WatchRelationTuplesRequest) ProtoMessage() {} - -func (x *WatchRelationTuplesRequest) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_watch_service_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use WatchRelationTuplesRequest.ProtoReflect.Descriptor instead. -func (*WatchRelationTuplesRequest) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_watch_service_proto_rawDescGZIP(), []int{0} -} - -// TODO WatchRelationTuplesResponse -type WatchRelationTuplesResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields -} - -func (x *WatchRelationTuplesResponse) Reset() { - *x = WatchRelationTuplesResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_watch_service_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *WatchRelationTuplesResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*WatchRelationTuplesResponse) ProtoMessage() {} - -func (x *WatchRelationTuplesResponse) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_watch_service_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use WatchRelationTuplesResponse.ProtoReflect.Descriptor instead. -func (*WatchRelationTuplesResponse) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_watch_service_proto_rawDescGZIP(), []int{1} -} - -var File_keto_acl_v1_watch_service_proto protoreflect.FileDescriptor - -var file_keto_acl_v1_watch_service_proto_rawDesc = []byte{ - 0x0a, 0x1f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x77, 0x61, - 0x74, 0x63, 0x68, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x12, 0x0b, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x1a, 0x15, - 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x63, 0x6c, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x1c, 0x0a, 0x1a, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, - 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x22, 0x1d, 0x0a, 0x1b, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x6c, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x32, 0x7a, 0x0a, 0x0c, 0x57, 0x61, 0x74, 0x63, 0x68, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x12, 0x6a, 0x0a, 0x13, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x6c, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, 0x27, 0x2e, 0x6b, 0x65, 0x74, 0x6f, - 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x6c, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, - 0x2e, 0x57, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, - 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x30, 0x01, 0x42, 0x76, - 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, - 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x11, 0x57, 0x61, 0x74, 0x63, 0x68, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, - 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, - 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, - 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, - 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, - 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_keto_acl_v1_watch_service_proto_rawDescOnce sync.Once - file_keto_acl_v1_watch_service_proto_rawDescData = file_keto_acl_v1_watch_service_proto_rawDesc -) - -func file_keto_acl_v1_watch_service_proto_rawDescGZIP() []byte { - file_keto_acl_v1_watch_service_proto_rawDescOnce.Do(func() { - file_keto_acl_v1_watch_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_keto_acl_v1_watch_service_proto_rawDescData) - }) - return file_keto_acl_v1_watch_service_proto_rawDescData -} - -var file_keto_acl_v1_watch_service_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_keto_acl_v1_watch_service_proto_goTypes = []interface{}{ - (*WatchRelationTuplesRequest)(nil), // 0: keto.acl.v1.WatchRelationTuplesRequest - (*WatchRelationTuplesResponse)(nil), // 1: keto.acl.v1.WatchRelationTuplesResponse -} -var file_keto_acl_v1_watch_service_proto_depIdxs = []int32{ - 0, // 0: keto.acl.v1.WatchService.WatchRelationTuples:input_type -> keto.acl.v1.WatchRelationTuplesRequest - 1, // 1: keto.acl.v1.WatchService.WatchRelationTuples:output_type -> keto.acl.v1.WatchRelationTuplesResponse - 1, // [1:2] is the sub-list for method output_type - 0, // [0:1] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_keto_acl_v1_watch_service_proto_init() } -func file_keto_acl_v1_watch_service_proto_init() { - if File_keto_acl_v1_watch_service_proto != nil { - return - } - file_keto_acl_v1_acl_proto_init() - if !protoimpl.UnsafeEnabled { - file_keto_acl_v1_watch_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WatchRelationTuplesRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keto_acl_v1_watch_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WatchRelationTuplesResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_keto_acl_v1_watch_service_proto_rawDesc, - NumEnums: 0, - NumMessages: 2, - NumExtensions: 0, - NumServices: 1, - }, - GoTypes: file_keto_acl_v1_watch_service_proto_goTypes, - DependencyIndexes: file_keto_acl_v1_watch_service_proto_depIdxs, - MessageInfos: file_keto_acl_v1_watch_service_proto_msgTypes, - }.Build() - File_keto_acl_v1_watch_service_proto = out.File - file_keto_acl_v1_watch_service_proto_rawDesc = nil - file_keto_acl_v1_watch_service_proto_goTypes = nil - file_keto_acl_v1_watch_service_proto_depIdxs = nil -} diff --git a/api/keto/acl/v1/watch_service_grpc.pb.go b/api/keto/acl/v1/watch_service_grpc.pb.go deleted file mode 100644 index 317152a46..000000000 --- a/api/keto/acl/v1/watch_service_grpc.pb.go +++ /dev/null @@ -1,124 +0,0 @@ -// Code generated by protoc-gen-go-grpc. DO NOT EDIT. - -package acl - -import ( - context "context" - grpc "google.golang.org/grpc" - codes "google.golang.org/grpc/codes" - status "google.golang.org/grpc/status" -) - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion7 - -// WatchServiceClient is the client API for WatchService service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. -type WatchServiceClient interface { - // Watches and filters for changes in the ACL system. - WatchRelationTuples(ctx context.Context, in *WatchRelationTuplesRequest, opts ...grpc.CallOption) (WatchService_WatchRelationTuplesClient, error) -} - -type watchServiceClient struct { - cc grpc.ClientConnInterface -} - -func NewWatchServiceClient(cc grpc.ClientConnInterface) WatchServiceClient { - return &watchServiceClient{cc} -} - -func (c *watchServiceClient) WatchRelationTuples(ctx context.Context, in *WatchRelationTuplesRequest, opts ...grpc.CallOption) (WatchService_WatchRelationTuplesClient, error) { - stream, err := c.cc.NewStream(ctx, &_WatchService_serviceDesc.Streams[0], "/keto.acl.v1.WatchService/WatchRelationTuples", opts...) - if err != nil { - return nil, err - } - x := &watchServiceWatchRelationTuplesClient{stream} - if err := x.ClientStream.SendMsg(in); err != nil { - return nil, err - } - if err := x.ClientStream.CloseSend(); err != nil { - return nil, err - } - return x, nil -} - -type WatchService_WatchRelationTuplesClient interface { - Recv() (*WatchRelationTuplesResponse, error) - grpc.ClientStream -} - -type watchServiceWatchRelationTuplesClient struct { - grpc.ClientStream -} - -func (x *watchServiceWatchRelationTuplesClient) Recv() (*WatchRelationTuplesResponse, error) { - m := new(WatchRelationTuplesResponse) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} - -// WatchServiceServer is the server API for WatchService service. -// All implementations should embed UnimplementedWatchServiceServer -// for forward compatibility -type WatchServiceServer interface { - // Watches and filters for changes in the ACL system. - WatchRelationTuples(*WatchRelationTuplesRequest, WatchService_WatchRelationTuplesServer) error -} - -// UnimplementedWatchServiceServer should be embedded to have forward compatible implementations. -type UnimplementedWatchServiceServer struct { -} - -func (UnimplementedWatchServiceServer) WatchRelationTuples(*WatchRelationTuplesRequest, WatchService_WatchRelationTuplesServer) error { - return status.Errorf(codes.Unimplemented, "method WatchRelationTuples not implemented") -} - -// UnsafeWatchServiceServer may be embedded to opt out of forward compatibility for this service. -// Use of this interface is not recommended, as added methods to WatchServiceServer will -// result in compilation errors. -type UnsafeWatchServiceServer interface { - mustEmbedUnimplementedWatchServiceServer() -} - -func RegisterWatchServiceServer(s grpc.ServiceRegistrar, srv WatchServiceServer) { - s.RegisterService(&_WatchService_serviceDesc, srv) -} - -func _WatchService_WatchRelationTuples_Handler(srv interface{}, stream grpc.ServerStream) error { - m := new(WatchRelationTuplesRequest) - if err := stream.RecvMsg(m); err != nil { - return err - } - return srv.(WatchServiceServer).WatchRelationTuples(m, &watchServiceWatchRelationTuplesServer{stream}) -} - -type WatchService_WatchRelationTuplesServer interface { - Send(*WatchRelationTuplesResponse) error - grpc.ServerStream -} - -type watchServiceWatchRelationTuplesServer struct { - grpc.ServerStream -} - -func (x *watchServiceWatchRelationTuplesServer) Send(m *WatchRelationTuplesResponse) error { - return x.ServerStream.SendMsg(m) -} - -var _WatchService_serviceDesc = grpc.ServiceDesc{ - ServiceName: "keto.acl.v1.WatchService", - HandlerType: (*WatchServiceServer)(nil), - Methods: []grpc.MethodDesc{}, - Streams: []grpc.StreamDesc{ - { - StreamName: "WatchRelationTuples", - Handler: _WatchService_WatchRelationTuples_Handler, - ServerStreams: true, - }, - }, - Metadata: "keto/acl/v1/watch_service.proto", -} diff --git a/api/keto/acl/v1/write_service.pb.go b/api/keto/acl/v1/write_service.pb.go deleted file mode 100644 index b60129ceb..000000000 --- a/api/keto/acl/v1/write_service.pb.go +++ /dev/null @@ -1,401 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.25.0 -// protoc v3.13.0 -// source: keto/acl/v1/write_service.proto - -package acl - -import ( - proto "github.com/golang/protobuf/proto" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// This is a compile-time assertion that a sufficiently up-to-date version -// of the legacy proto package is being used. -const _ = proto.ProtoPackageIsVersion4 - -type RelationTupleWriteDelta_Action int32 - -const ( - // Unspecified. - // The `WriteRelationTuples` rpc ignores this - // RelationTupleWriteDelta if an action was unspecified. - RelationTupleWriteDelta_ACTION_UNSPECIFIED RelationTupleWriteDelta_Action = 0 - // Like INSERT with the exception that if the RelationTuple - // already exists performs an UPDATE instead. - RelationTupleWriteDelta_UPSERT RelationTupleWriteDelta_Action = 1 - // Insertion of a new RelationTuple. - // - // The `WriteRelationTuples` rpc errors if the - // specified RelationTuple already exists. - RelationTupleWriteDelta_INSERT RelationTupleWriteDelta_Action = 2 - // Update of the existing RelationTuple with - // the intend to refresh its snapshot token. - // - // The `WriteRelationTuples` rpc errors if the - // specified RelationTuple was not found. - RelationTupleWriteDelta_UPDATE RelationTupleWriteDelta_Action = 3 - // Deletion of the RelationTuple. - // The `WriteRelationTuples` rpc returns NO error - // if the specified RelationTuple was not found. - RelationTupleWriteDelta_DELETE RelationTupleWriteDelta_Action = 4 -) - -// Enum value maps for RelationTupleWriteDelta_Action. -var ( - RelationTupleWriteDelta_Action_name = map[int32]string{ - 0: "ACTION_UNSPECIFIED", - 1: "UPSERT", - 2: "INSERT", - 3: "UPDATE", - 4: "DELETE", - } - RelationTupleWriteDelta_Action_value = map[string]int32{ - "ACTION_UNSPECIFIED": 0, - "UPSERT": 1, - "INSERT": 2, - "UPDATE": 3, - "DELETE": 4, - } -) - -func (x RelationTupleWriteDelta_Action) Enum() *RelationTupleWriteDelta_Action { - p := new(RelationTupleWriteDelta_Action) - *p = x - return p -} - -func (x RelationTupleWriteDelta_Action) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (RelationTupleWriteDelta_Action) Descriptor() protoreflect.EnumDescriptor { - return file_keto_acl_v1_write_service_proto_enumTypes[0].Descriptor() -} - -func (RelationTupleWriteDelta_Action) Type() protoreflect.EnumType { - return &file_keto_acl_v1_write_service_proto_enumTypes[0] -} - -func (x RelationTupleWriteDelta_Action) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use RelationTupleWriteDelta_Action.Descriptor instead. -func (RelationTupleWriteDelta_Action) EnumDescriptor() ([]byte, []int) { - return file_keto_acl_v1_write_service_proto_rawDescGZIP(), []int{1, 0} -} - -// The request of a WriteService.WriteRelationTuples rpc. -type WriteRelationTuplesRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The write delta for the relation tuples operated in one single transaction. - // Either all actions commit or no change takes effect on error. - // - // The tuple's etag is used for a consistent read-modify-write request flow. - // If the etag is not present, the tuple is not validated against the state - // of the serverside tuple and get operated anyway. - RelationTupleDeltas []*RelationTupleWriteDelta `protobuf:"bytes,1,rep,name=relation_tuple_deltas,json=relationTupleDeltas,proto3" json:"relation_tuple_deltas,omitempty"` -} - -func (x *WriteRelationTuplesRequest) Reset() { - *x = WriteRelationTuplesRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_write_service_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *WriteRelationTuplesRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*WriteRelationTuplesRequest) ProtoMessage() {} - -func (x *WriteRelationTuplesRequest) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_write_service_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use WriteRelationTuplesRequest.ProtoReflect.Descriptor instead. -func (*WriteRelationTuplesRequest) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_write_service_proto_rawDescGZIP(), []int{0} -} - -func (x *WriteRelationTuplesRequest) GetRelationTupleDeltas() []*RelationTupleWriteDelta { - if x != nil { - return x.RelationTupleDeltas - } - return nil -} - -// Write-delta for a WriteRelationTuplesRequest. -type RelationTupleWriteDelta struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The target RelationTuple. - RelationTuple *RelationTuple `protobuf:"bytes,1,opt,name=relation_tuple,json=relationTuple,proto3" json:"relation_tuple,omitempty"` -} - -func (x *RelationTupleWriteDelta) Reset() { - *x = RelationTupleWriteDelta{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_write_service_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *RelationTupleWriteDelta) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*RelationTupleWriteDelta) ProtoMessage() {} - -func (x *RelationTupleWriteDelta) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_write_service_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use RelationTupleWriteDelta.ProtoReflect.Descriptor instead. -func (*RelationTupleWriteDelta) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_write_service_proto_rawDescGZIP(), []int{1} -} - -func (x *RelationTupleWriteDelta) GetRelationTuple() *RelationTuple { - if x != nil { - return x.RelationTuple - } - return nil -} - -// The response of a WriteService.WriteRelationTuples rpc. -type WriteRelationTuplesResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The list of the new latest snapshot tokens of the affected RelationTuple, - // with the same index as specified in the `relation_tuple_deltas` field of - // the WriteRelationTuplesRequest request. - // - // The snaptoken is nil at the same index - // if the RelationTupleWriteDelta_Action was DELETE. - Snaptokens [][]byte `protobuf:"bytes,1,rep,name=snaptokens,proto3" json:"snaptokens,omitempty"` -} - -func (x *WriteRelationTuplesResponse) Reset() { - *x = WriteRelationTuplesResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1_write_service_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *WriteRelationTuplesResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*WriteRelationTuplesResponse) ProtoMessage() {} - -func (x *WriteRelationTuplesResponse) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1_write_service_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use WriteRelationTuplesResponse.ProtoReflect.Descriptor instead. -func (*WriteRelationTuplesResponse) Descriptor() ([]byte, []int) { - return file_keto_acl_v1_write_service_proto_rawDescGZIP(), []int{2} -} - -func (x *WriteRelationTuplesResponse) GetSnaptokens() [][]byte { - if x != nil { - return x.Snaptokens - } - return nil -} - -var File_keto_acl_v1_write_service_proto protoreflect.FileDescriptor - -var file_keto_acl_v1_write_service_proto_rawDesc = []byte{ - 0x0a, 0x1f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x77, 0x72, - 0x69, 0x74, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x12, 0x0b, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x1a, 0x15, - 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x63, 0x6c, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x76, 0x0a, 0x1a, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, - 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x12, 0x58, 0x0a, 0x15, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, - 0x74, 0x75, 0x70, 0x6c, 0x65, 0x5f, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x73, 0x18, 0x01, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, - 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x57, 0x72, - 0x69, 0x74, 0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x52, 0x13, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x73, 0x22, 0xae, 0x01, - 0x0a, 0x17, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x57, - 0x72, 0x69, 0x74, 0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x12, 0x41, 0x0a, 0x0e, 0x72, 0x65, 0x6c, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, - 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x52, 0x0d, 0x72, - 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x22, 0x50, 0x0a, 0x06, - 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, - 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0a, - 0x0a, 0x06, 0x55, 0x50, 0x53, 0x45, 0x52, 0x54, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x49, 0x4e, - 0x53, 0x45, 0x52, 0x54, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, - 0x10, 0x03, 0x12, 0x0a, 0x0a, 0x06, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x04, 0x22, 0x3d, - 0x0a, 0x1b, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, - 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1e, 0x0a, - 0x0a, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, - 0x0c, 0x52, 0x0a, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x32, 0x78, 0x0a, - 0x0c, 0x57, 0x72, 0x69, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x68, 0x0a, - 0x13, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, - 0x70, 0x6c, 0x65, 0x73, 0x12, 0x27, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, - 0x76, 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, - 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, - 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x76, 0x0a, 0x12, 0x73, 0x68, 0x2e, 0x6f, 0x72, - 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x42, 0x11, 0x57, - 0x61, 0x74, 0x63, 0x68, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, - 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, - 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, - 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x0f, 0x4f, 0x72, - 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, - 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x62, - 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_keto_acl_v1_write_service_proto_rawDescOnce sync.Once - file_keto_acl_v1_write_service_proto_rawDescData = file_keto_acl_v1_write_service_proto_rawDesc -) - -func file_keto_acl_v1_write_service_proto_rawDescGZIP() []byte { - file_keto_acl_v1_write_service_proto_rawDescOnce.Do(func() { - file_keto_acl_v1_write_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_keto_acl_v1_write_service_proto_rawDescData) - }) - return file_keto_acl_v1_write_service_proto_rawDescData -} - -var file_keto_acl_v1_write_service_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_keto_acl_v1_write_service_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_keto_acl_v1_write_service_proto_goTypes = []interface{}{ - (RelationTupleWriteDelta_Action)(0), // 0: keto.acl.v1.RelationTupleWriteDelta.Action - (*WriteRelationTuplesRequest)(nil), // 1: keto.acl.v1.WriteRelationTuplesRequest - (*RelationTupleWriteDelta)(nil), // 2: keto.acl.v1.RelationTupleWriteDelta - (*WriteRelationTuplesResponse)(nil), // 3: keto.acl.v1.WriteRelationTuplesResponse - (*RelationTuple)(nil), // 4: keto.acl.v1.RelationTuple -} -var file_keto_acl_v1_write_service_proto_depIdxs = []int32{ - 2, // 0: keto.acl.v1.WriteRelationTuplesRequest.relation_tuple_deltas:type_name -> keto.acl.v1.RelationTupleWriteDelta - 4, // 1: keto.acl.v1.RelationTupleWriteDelta.relation_tuple:type_name -> keto.acl.v1.RelationTuple - 1, // 2: keto.acl.v1.WriteService.WriteRelationTuples:input_type -> keto.acl.v1.WriteRelationTuplesRequest - 3, // 3: keto.acl.v1.WriteService.WriteRelationTuples:output_type -> keto.acl.v1.WriteRelationTuplesResponse - 3, // [3:4] is the sub-list for method output_type - 2, // [2:3] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name -} - -func init() { file_keto_acl_v1_write_service_proto_init() } -func file_keto_acl_v1_write_service_proto_init() { - if File_keto_acl_v1_write_service_proto != nil { - return - } - file_keto_acl_v1_acl_proto_init() - if !protoimpl.UnsafeEnabled { - file_keto_acl_v1_write_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WriteRelationTuplesRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keto_acl_v1_write_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RelationTupleWriteDelta); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keto_acl_v1_write_service_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WriteRelationTuplesResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_keto_acl_v1_write_service_proto_rawDesc, - NumEnums: 1, - NumMessages: 3, - NumExtensions: 0, - NumServices: 1, - }, - GoTypes: file_keto_acl_v1_write_service_proto_goTypes, - DependencyIndexes: file_keto_acl_v1_write_service_proto_depIdxs, - EnumInfos: file_keto_acl_v1_write_service_proto_enumTypes, - MessageInfos: file_keto_acl_v1_write_service_proto_msgTypes, - }.Build() - File_keto_acl_v1_write_service_proto = out.File - file_keto_acl_v1_write_service_proto_rawDesc = nil - file_keto_acl_v1_write_service_proto_goTypes = nil - file_keto_acl_v1_write_service_proto_depIdxs = nil -} diff --git a/api/keto/acl/v1/write_service_grpc.pb.go b/api/keto/acl/v1/write_service_grpc.pb.go deleted file mode 100644 index d202f5efc..000000000 --- a/api/keto/acl/v1/write_service_grpc.pb.go +++ /dev/null @@ -1,97 +0,0 @@ -// Code generated by protoc-gen-go-grpc. DO NOT EDIT. - -package acl - -import ( - context "context" - grpc "google.golang.org/grpc" - codes "google.golang.org/grpc/codes" - status "google.golang.org/grpc/status" -) - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion7 - -// WriteServiceClient is the client API for WriteService service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. -type WriteServiceClient interface { - // Writes one or more relation tuples in a single transaction. - WriteRelationTuples(ctx context.Context, in *WriteRelationTuplesRequest, opts ...grpc.CallOption) (*WriteRelationTuplesResponse, error) -} - -type writeServiceClient struct { - cc grpc.ClientConnInterface -} - -func NewWriteServiceClient(cc grpc.ClientConnInterface) WriteServiceClient { - return &writeServiceClient{cc} -} - -func (c *writeServiceClient) WriteRelationTuples(ctx context.Context, in *WriteRelationTuplesRequest, opts ...grpc.CallOption) (*WriteRelationTuplesResponse, error) { - out := new(WriteRelationTuplesResponse) - err := c.cc.Invoke(ctx, "/keto.acl.v1.WriteService/WriteRelationTuples", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// WriteServiceServer is the server API for WriteService service. -// All implementations should embed UnimplementedWriteServiceServer -// for forward compatibility -type WriteServiceServer interface { - // Writes one or more relation tuples in a single transaction. - WriteRelationTuples(context.Context, *WriteRelationTuplesRequest) (*WriteRelationTuplesResponse, error) -} - -// UnimplementedWriteServiceServer should be embedded to have forward compatible implementations. -type UnimplementedWriteServiceServer struct { -} - -func (UnimplementedWriteServiceServer) WriteRelationTuples(context.Context, *WriteRelationTuplesRequest) (*WriteRelationTuplesResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method WriteRelationTuples not implemented") -} - -// UnsafeWriteServiceServer may be embedded to opt out of forward compatibility for this service. -// Use of this interface is not recommended, as added methods to WriteServiceServer will -// result in compilation errors. -type UnsafeWriteServiceServer interface { - mustEmbedUnimplementedWriteServiceServer() -} - -func RegisterWriteServiceServer(s grpc.ServiceRegistrar, srv WriteServiceServer) { - s.RegisterService(&_WriteService_serviceDesc, srv) -} - -func _WriteService_WriteRelationTuples_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(WriteRelationTuplesRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(WriteServiceServer).WriteRelationTuples(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/keto.acl.v1.WriteService/WriteRelationTuples", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(WriteServiceServer).WriteRelationTuples(ctx, req.(*WriteRelationTuplesRequest)) - } - return interceptor(ctx, in, info, handler) -} - -var _WriteService_serviceDesc = grpc.ServiceDesc{ - ServiceName: "keto.acl.v1.WriteService", - HandlerType: (*WriteServiceServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "WriteRelationTuples", - Handler: _WriteService_WriteRelationTuples_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "keto/acl/v1/write_service.proto", -} diff --git a/api/keto/acl/v1/acl.proto b/api/keto/acl/v1alpha1/acl.proto similarity index 86% rename from api/keto/acl/v1/acl.proto rename to api/keto/acl/v1alpha1/acl.proto index 8bac93410..f491def84 100644 --- a/api/keto/acl/v1/acl.proto +++ b/api/keto/acl/v1alpha1/acl.proto @@ -1,13 +1,13 @@ syntax = "proto3"; -package keto.acl.v1; +package keto.acl.v1alpha1; -option go_package = "github.com/ory/keto/api/keto/acl/v1;acl"; -option csharp_namespace = "Ory.Keto.Acl.V1"; +option go_package = "github.com/ory/keto/api/keto/acl/v1alpha1;acl"; +option csharp_namespace = "Ory.Keto.Acl.V1Alpha1"; option java_multiple_files = true; option java_outer_classname = "AclProto"; -option java_package = "sh.ory.keto.acl.v1"; -option php_namespace = "Ory\\Keto\\Acl\\V1"; +option java_package = "sh.ory.keto.acl.v1alpha1"; +option php_namespace = "Ory\\Keto\\Acl\\V1alpha1"; // RelationTuple relates an Object with a Subject. diff --git a/api/keto/acl/v1/check_service.proto b/api/keto/acl/v1alpha1/check_service.proto similarity index 80% rename from api/keto/acl/v1/check_service.proto rename to api/keto/acl/v1alpha1/check_service.proto index 45faf1a6d..6a7239fbe 100644 --- a/api/keto/acl/v1/check_service.proto +++ b/api/keto/acl/v1alpha1/check_service.proto @@ -1,15 +1,15 @@ syntax = "proto3"; -package keto.acl.v1; +package keto.acl.v1alpha1; -import "keto/acl/v1/acl.proto"; +import "keto/acl/v1alpha1/acl.proto"; -option go_package = "github.com/ory/keto/api/keto/acl/v1;acl"; -option csharp_namespace = "Ory.Keto.Acl.V1"; +option go_package = "github.com/ory/keto/api/keto/acl/v1alpha1;acl"; +option csharp_namespace = "Ory.Keto.Acl.V1Alpha1"; option java_multiple_files = true; option java_outer_classname = "CheckServiceProto"; -option java_package = "sh.ory.keto.acl.v1"; -option php_namespace = "Ory\\Keto\\Acl\\V1"; +option java_package = "sh.ory.keto.acl.v1alpha1"; +option php_namespace = "Ory\\Keto\\Acl\\V1alpha1"; // The service that performs authorization checks // based on the stored Access Control Lists. @@ -25,18 +25,18 @@ message CheckRequest { Object object = 1; // The relation this check. string relation = 2; - // The concrete subject id to check. - string subject_id = 3; + // The subject to check. + Subject subject = 3; // Optional. The staleness bound of this check. // // It specifies the clients last known snapshot token // that the server uses to only check against ACLs newer - // than specified token snapshot in order to compute the + // than specified snapshot token in order to compute the // result of this check. // // Leave this field blank if... // - your application strictly requires to act on up-to-date data - // - your application not yet has a snaptoken on the related data (e.g. user) + // - your application not yet has a snaptoken for your related data (e.g. user) // // If the specified token is too old, the server falls back and tries to // find the best snapshot token to perform the check using least stale diff --git a/api/keto/acl/v1/read_service.proto b/api/keto/acl/v1alpha1/read_service.proto similarity index 90% rename from api/keto/acl/v1/read_service.proto rename to api/keto/acl/v1alpha1/read_service.proto index cdf6f622b..315c2df44 100644 --- a/api/keto/acl/v1/read_service.proto +++ b/api/keto/acl/v1alpha1/read_service.proto @@ -1,16 +1,16 @@ syntax = "proto3"; -package keto.acl.v1; +package keto.acl.v1alpha1; -import "keto/acl/v1/acl.proto"; +import "keto/acl/v1alpha1/acl.proto"; import "google/protobuf/field_mask.proto"; -option go_package = "github.com/ory/keto/api/keto/acl/v1;acl"; -option csharp_namespace = "Ory.Keto.Acl.V1"; +option go_package = "github.com/ory/keto/api/keto/acl/v1alpha1;acl"; +option csharp_namespace = "Ory.Keto.Acl.V1Alpha1"; option java_multiple_files = true; option java_outer_classname = "ReadServiceProto"; -option java_package = "sh.ory.keto.acl.v1"; -option php_namespace = "Ory\\Keto\\Acl\\V1"; +option java_package = "sh.ory.keto.acl.v1alpha1"; +option php_namespace = "Ory\\Keto\\Acl\\V1alpha1"; // The service to query Access Control Lists. service ReadService { diff --git a/api/keto/acl/v1/watch_service.proto b/api/keto/acl/v1alpha1/watch_service.proto similarity index 65% rename from api/keto/acl/v1/watch_service.proto rename to api/keto/acl/v1alpha1/watch_service.proto index aa5bb4ab3..66f651454 100644 --- a/api/keto/acl/v1/watch_service.proto +++ b/api/keto/acl/v1alpha1/watch_service.proto @@ -1,15 +1,15 @@ syntax = "proto3"; -package keto.acl.v1; +package keto.acl.v1alpha1; -import "keto/acl/v1/acl.proto"; +import "keto/acl/v1alpha1/acl.proto"; -option go_package = "github.com/ory/keto/api/keto/acl/v1;acl"; -option csharp_namespace = "Ory.Keto.Acl.V1"; +option go_package = "github.com/ory/keto/api/keto/acl/v1alpha1;acl"; +option csharp_namespace = "Ory.Keto.Acl.V1Alpha1"; option java_multiple_files = true; option java_outer_classname = "WatchServiceProto"; -option java_package = "sh.ory.keto.acl.v1"; -option php_namespace = "Ory\\Keto\\Acl\\V1"; +option java_package = "sh.ory.keto.acl.v1alpha1"; +option php_namespace = "Ory\\Keto\\Acl\\V1alpha1"; // The service to watch for changes in the system, // such as for Access Control Lists and namespace configs. diff --git a/api/keto/acl/v1/write_service.proto b/api/keto/acl/v1alpha1/write_service.proto similarity index 89% rename from api/keto/acl/v1/write_service.proto rename to api/keto/acl/v1alpha1/write_service.proto index c3014c23b..d4d9c8c75 100644 --- a/api/keto/acl/v1/write_service.proto +++ b/api/keto/acl/v1alpha1/write_service.proto @@ -1,15 +1,15 @@ syntax = "proto3"; -package keto.acl.v1; +package keto.acl.v1alpha1; -import "keto/acl/v1/acl.proto"; +import "keto/acl/v1alpha1/acl.proto"; -option go_package = "github.com/ory/keto/api/keto/acl/v1;acl"; -option csharp_namespace = "Ory.Keto.Acl.V1"; +option go_package = "github.com/ory/keto/api/keto/acl/v1alpha1;acl"; +option csharp_namespace = "Ory.Keto.Acl.V1Alpha1"; option java_multiple_files = true; option java_outer_classname = "WatchServiceProto"; -option java_package = "sh.ory.keto.acl.v1"; -option php_namespace = "Ory\\Keto\\Acl\\V1"; +option java_package = "sh.ory.keto.acl.v1alpha1"; +option php_namespace = "Ory\\Keto\\Acl\\V1alpha1"; // The write service to create and delete Access Control Lists. service WriteService { From 393a639a085b8a296facf9e03415b33efe72280c Mon Sep 17 00:00:00 2001 From: robinbraemer Date: Tue, 17 Nov 2020 18:06:10 +0100 Subject: [PATCH 13/21] remove watch service for now --- api/keto/acl/v1alpha1/watch_service.proto | 24 ----------------------- 1 file changed, 24 deletions(-) delete mode 100644 api/keto/acl/v1alpha1/watch_service.proto diff --git a/api/keto/acl/v1alpha1/watch_service.proto b/api/keto/acl/v1alpha1/watch_service.proto deleted file mode 100644 index 66f651454..000000000 --- a/api/keto/acl/v1alpha1/watch_service.proto +++ /dev/null @@ -1,24 +0,0 @@ -syntax = "proto3"; - -package keto.acl.v1alpha1; - -import "keto/acl/v1alpha1/acl.proto"; - -option go_package = "github.com/ory/keto/api/keto/acl/v1alpha1;acl"; -option csharp_namespace = "Ory.Keto.Acl.V1Alpha1"; -option java_multiple_files = true; -option java_outer_classname = "WatchServiceProto"; -option java_package = "sh.ory.keto.acl.v1alpha1"; -option php_namespace = "Ory\\Keto\\Acl\\V1alpha1"; - -// The service to watch for changes in the system, -// such as for Access Control Lists and namespace configs. -service WatchService { - // Watches and filters for changes in the ACL system. - rpc WatchRelationTuples(WatchRelationTuplesRequest) returns (stream WatchRelationTuplesResponse); -} - -// TODO WatchRelationTuplesRequest -message WatchRelationTuplesRequest {} -// TODO WatchRelationTuplesResponse -message WatchRelationTuplesResponse {} \ No newline at end of file From db6c6f69d001fb82deba9d35a416bf61f10c5d02 Mon Sep 17 00:00:00 2001 From: robinbraemer Date: Tue, 17 Nov 2020 19:42:42 +0100 Subject: [PATCH 14/21] update CheckRequest --- .../acl/admin/v1alpha1/admin_service.pb.go | 80 +++ .../admin/v1alpha1/admin_service_grpc.pb.go | 54 ++ api/keto/acl/node/v1alpha1/node_service.pb.go | 79 +++ .../acl/node/v1alpha1/node_service_grpc.pb.go | 54 ++ api/keto/acl/v1alpha1/acl.pb.go | 469 ++++++++++++++++++ api/keto/acl/v1alpha1/check_service.pb.go | 336 +++++++++++++ api/keto/acl/v1alpha1/check_service.proto | 46 +- .../acl/v1alpha1/check_service_grpc.pb.go | 97 ++++ api/keto/acl/v1alpha1/read_service.pb.go | 431 ++++++++++++++++ api/keto/acl/v1alpha1/read_service_grpc.pb.go | 97 ++++ api/keto/acl/v1alpha1/write_service.pb.go | 405 +++++++++++++++ .../acl/v1alpha1/write_service_grpc.pb.go | 97 ++++ buf/api/buf.yaml | 2 +- 13 files changed, 2229 insertions(+), 18 deletions(-) create mode 100644 api/keto/acl/admin/v1alpha1/admin_service.pb.go create mode 100644 api/keto/acl/admin/v1alpha1/admin_service_grpc.pb.go create mode 100644 api/keto/acl/node/v1alpha1/node_service.pb.go create mode 100644 api/keto/acl/node/v1alpha1/node_service_grpc.pb.go create mode 100644 api/keto/acl/v1alpha1/acl.pb.go create mode 100644 api/keto/acl/v1alpha1/check_service.pb.go create mode 100644 api/keto/acl/v1alpha1/check_service_grpc.pb.go create mode 100644 api/keto/acl/v1alpha1/read_service.pb.go create mode 100644 api/keto/acl/v1alpha1/read_service_grpc.pb.go create mode 100644 api/keto/acl/v1alpha1/write_service.pb.go create mode 100644 api/keto/acl/v1alpha1/write_service_grpc.pb.go diff --git a/api/keto/acl/admin/v1alpha1/admin_service.pb.go b/api/keto/acl/admin/v1alpha1/admin_service.pb.go new file mode 100644 index 000000000..a2e7dbffd --- /dev/null +++ b/api/keto/acl/admin/v1alpha1/admin_service.pb.go @@ -0,0 +1,80 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.25.0 +// protoc v3.13.0 +// source: keto/acl/admin/v1alpha1/admin_service.proto + +package admin + +import ( + proto "github.com/golang/protobuf/proto" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 + +var File_keto_acl_admin_v1alpha1_admin_service_proto protoreflect.FileDescriptor + +var file_keto_acl_admin_v1alpha1_admin_service_proto_rawDesc = []byte{ + 0x0a, 0x2b, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x61, 0x64, 0x6d, 0x69, 0x6e, + 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x5f, + 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x17, 0x6b, + 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x32, 0x0e, 0x0a, 0x0c, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x42, 0xa8, 0x01, 0x0a, 0x1e, 0x73, 0x68, 0x2e, 0x6f, 0x72, + 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x61, 0x64, 0x6d, 0x69, 0x6e, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x11, 0x41, 0x64, 0x6d, 0x69, 0x6e, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x35, + 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, + 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, + 0x2f, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, + 0x61, 0x64, 0x6d, 0x69, 0x6e, 0xaa, 0x02, 0x1b, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, + 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x56, 0x31, 0x41, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0xca, 0x02, 0x1b, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, + 0x63, 0x6c, 0x5c, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var file_keto_acl_admin_v1alpha1_admin_service_proto_goTypes = []interface{}{} +var file_keto_acl_admin_v1alpha1_admin_service_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_keto_acl_admin_v1alpha1_admin_service_proto_init() } +func file_keto_acl_admin_v1alpha1_admin_service_proto_init() { + if File_keto_acl_admin_v1alpha1_admin_service_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_keto_acl_admin_v1alpha1_admin_service_proto_rawDesc, + NumEnums: 0, + NumMessages: 0, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_keto_acl_admin_v1alpha1_admin_service_proto_goTypes, + DependencyIndexes: file_keto_acl_admin_v1alpha1_admin_service_proto_depIdxs, + }.Build() + File_keto_acl_admin_v1alpha1_admin_service_proto = out.File + file_keto_acl_admin_v1alpha1_admin_service_proto_rawDesc = nil + file_keto_acl_admin_v1alpha1_admin_service_proto_goTypes = nil + file_keto_acl_admin_v1alpha1_admin_service_proto_depIdxs = nil +} diff --git a/api/keto/acl/admin/v1alpha1/admin_service_grpc.pb.go b/api/keto/acl/admin/v1alpha1/admin_service_grpc.pb.go new file mode 100644 index 000000000..6b06582e2 --- /dev/null +++ b/api/keto/acl/admin/v1alpha1/admin_service_grpc.pb.go @@ -0,0 +1,54 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. + +package admin + +import ( + grpc "google.golang.org/grpc" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion7 + +// AdminServiceClient is the client API for AdminService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type AdminServiceClient interface { +} + +type adminServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewAdminServiceClient(cc grpc.ClientConnInterface) AdminServiceClient { + return &adminServiceClient{cc} +} + +// AdminServiceServer is the server API for AdminService service. +// All implementations should embed UnimplementedAdminServiceServer +// for forward compatibility +type AdminServiceServer interface { +} + +// UnimplementedAdminServiceServer should be embedded to have forward compatible implementations. +type UnimplementedAdminServiceServer struct { +} + +// UnsafeAdminServiceServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to AdminServiceServer will +// result in compilation errors. +type UnsafeAdminServiceServer interface { + mustEmbedUnimplementedAdminServiceServer() +} + +func RegisterAdminServiceServer(s grpc.ServiceRegistrar, srv AdminServiceServer) { + s.RegisterService(&_AdminService_serviceDesc, srv) +} + +var _AdminService_serviceDesc = grpc.ServiceDesc{ + ServiceName: "keto.acl.admin.v1alpha1.AdminService", + HandlerType: (*AdminServiceServer)(nil), + Methods: []grpc.MethodDesc{}, + Streams: []grpc.StreamDesc{}, + Metadata: "keto/acl/admin/v1alpha1/admin_service.proto", +} diff --git a/api/keto/acl/node/v1alpha1/node_service.pb.go b/api/keto/acl/node/v1alpha1/node_service.pb.go new file mode 100644 index 000000000..72ba49ad0 --- /dev/null +++ b/api/keto/acl/node/v1alpha1/node_service.pb.go @@ -0,0 +1,79 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.25.0 +// protoc v3.13.0 +// source: keto/acl/node/v1alpha1/node_service.proto + +package node + +import ( + proto "github.com/golang/protobuf/proto" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 + +var File_keto_acl_node_v1alpha1_node_service_proto protoreflect.FileDescriptor + +var file_keto_acl_node_v1alpha1_node_service_proto_rawDesc = []byte{ + 0x0a, 0x29, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2f, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x73, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x16, 0x6b, 0x65, 0x74, + 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x6e, 0x6f, 0x64, 0x65, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0x32, 0x0d, 0x0a, 0x0b, 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x42, 0xa2, 0x01, 0x0a, 0x1d, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, + 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x6e, 0x6f, 0x64, 0x65, 0x2e, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x31, 0x42, 0x10, 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x33, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, + 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2f, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6e, 0x6f, 0x64, 0x65, 0xaa, 0x02, 0x1a, + 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x4e, 0x6f, 0x64, + 0x65, 0x2e, 0x56, 0x31, 0x41, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1a, 0x4f, 0x72, 0x79, + 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x4e, 0x6f, 0x64, 0x65, 0x5c, 0x56, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var file_keto_acl_node_v1alpha1_node_service_proto_goTypes = []interface{}{} +var file_keto_acl_node_v1alpha1_node_service_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_keto_acl_node_v1alpha1_node_service_proto_init() } +func file_keto_acl_node_v1alpha1_node_service_proto_init() { + if File_keto_acl_node_v1alpha1_node_service_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_keto_acl_node_v1alpha1_node_service_proto_rawDesc, + NumEnums: 0, + NumMessages: 0, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_keto_acl_node_v1alpha1_node_service_proto_goTypes, + DependencyIndexes: file_keto_acl_node_v1alpha1_node_service_proto_depIdxs, + }.Build() + File_keto_acl_node_v1alpha1_node_service_proto = out.File + file_keto_acl_node_v1alpha1_node_service_proto_rawDesc = nil + file_keto_acl_node_v1alpha1_node_service_proto_goTypes = nil + file_keto_acl_node_v1alpha1_node_service_proto_depIdxs = nil +} diff --git a/api/keto/acl/node/v1alpha1/node_service_grpc.pb.go b/api/keto/acl/node/v1alpha1/node_service_grpc.pb.go new file mode 100644 index 000000000..bffeae44c --- /dev/null +++ b/api/keto/acl/node/v1alpha1/node_service_grpc.pb.go @@ -0,0 +1,54 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. + +package node + +import ( + grpc "google.golang.org/grpc" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion7 + +// NodeServiceClient is the client API for NodeService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type NodeServiceClient interface { +} + +type nodeServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewNodeServiceClient(cc grpc.ClientConnInterface) NodeServiceClient { + return &nodeServiceClient{cc} +} + +// NodeServiceServer is the server API for NodeService service. +// All implementations should embed UnimplementedNodeServiceServer +// for forward compatibility +type NodeServiceServer interface { +} + +// UnimplementedNodeServiceServer should be embedded to have forward compatible implementations. +type UnimplementedNodeServiceServer struct { +} + +// UnsafeNodeServiceServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to NodeServiceServer will +// result in compilation errors. +type UnsafeNodeServiceServer interface { + mustEmbedUnimplementedNodeServiceServer() +} + +func RegisterNodeServiceServer(s grpc.ServiceRegistrar, srv NodeServiceServer) { + s.RegisterService(&_NodeService_serviceDesc, srv) +} + +var _NodeService_serviceDesc = grpc.ServiceDesc{ + ServiceName: "keto.acl.node.v1alpha1.NodeService", + HandlerType: (*NodeServiceServer)(nil), + Methods: []grpc.MethodDesc{}, + Streams: []grpc.StreamDesc{}, + Metadata: "keto/acl/node/v1alpha1/node_service.proto", +} diff --git a/api/keto/acl/v1alpha1/acl.pb.go b/api/keto/acl/v1alpha1/acl.pb.go new file mode 100644 index 000000000..45c9067dc --- /dev/null +++ b/api/keto/acl/v1alpha1/acl.pb.go @@ -0,0 +1,469 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.25.0 +// protoc v3.13.0 +// source: keto/acl/v1alpha1/acl.proto + +package acl + +import ( + proto "github.com/golang/protobuf/proto" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 + +// RelationTuple relates an Object with a Subject. +// +// While a tuple reflects a relationship between Object +// and Subject, they do not completely define the effective ACLs. +type RelationTuple struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The object related by this tuple. + Object *Object `protobuf:"bytes,1,opt,name=object,proto3" json:"object,omitempty"` + // The relation between an Object and a Subject. + Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` + // The subject related by this tuple. + // A Subject either represents a concrete subject id or + // a SubjectSet that expands to more Subjects. + Subject *Subject `protobuf:"bytes,3,opt,name=subject,proto3" json:"subject,omitempty"` + // Used to perform a consistent read-modify-write (lock). + Etag string `protobuf:"bytes,4,opt,name=etag,proto3" json:"etag,omitempty"` +} + +func (x *RelationTuple) Reset() { + *x = RelationTuple{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RelationTuple) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RelationTuple) ProtoMessage() {} + +func (x *RelationTuple) ProtoReflect() protoreflect.Message { + mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RelationTuple.ProtoReflect.Descriptor instead. +func (*RelationTuple) Descriptor() ([]byte, []int) { + return file_keto_acl_v1alpha1_acl_proto_rawDescGZIP(), []int{0} +} + +func (x *RelationTuple) GetObject() *Object { + if x != nil { + return x.Object + } + return nil +} + +func (x *RelationTuple) GetRelation() string { + if x != nil { + return x.Relation + } + return "" +} + +func (x *RelationTuple) GetSubject() *Subject { + if x != nil { + return x.Subject + } + return nil +} + +func (x *RelationTuple) GetEtag() string { + if x != nil { + return x.Etag + } + return "" +} + +// Object is an object in a namespace +// referenced by a RelationTuple or SubjectSet. +// +// It represents a "resource" or "digital object". +type Object struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The namespace of the object. + // This effectively is the namespace of the whole RelationTuple. + Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` + // The object id. + Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` +} + +func (x *Object) Reset() { + *x = Object{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Object) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Object) ProtoMessage() {} + +func (x *Object) ProtoReflect() protoreflect.Message { + mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Object.ProtoReflect.Descriptor instead. +func (*Object) Descriptor() ([]byte, []int) { + return file_keto_acl_v1alpha1_acl_proto_rawDescGZIP(), []int{1} +} + +func (x *Object) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + +func (x *Object) GetId() string { + if x != nil { + return x.Id + } + return "" +} + +// Subject is either a concrete subject id or +// a subject set expanding to more Subjects. +type Subject struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The reference of this abstract subject. + // + // Types that are assignable to Ref: + // *Subject_Id + // *Subject_Set + Ref isSubject_Ref `protobuf_oneof:"ref"` +} + +func (x *Subject) Reset() { + *x = Subject{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Subject) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Subject) ProtoMessage() {} + +func (x *Subject) ProtoReflect() protoreflect.Message { + mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Subject.ProtoReflect.Descriptor instead. +func (*Subject) Descriptor() ([]byte, []int) { + return file_keto_acl_v1alpha1_acl_proto_rawDescGZIP(), []int{2} +} + +func (m *Subject) GetRef() isSubject_Ref { + if m != nil { + return m.Ref + } + return nil +} + +func (x *Subject) GetId() string { + if x, ok := x.GetRef().(*Subject_Id); ok { + return x.Id + } + return "" +} + +func (x *Subject) GetSet() *SubjectSet { + if x, ok := x.GetRef().(*Subject_Set); ok { + return x.Set + } + return nil +} + +type isSubject_Ref interface { + isSubject_Ref() +} + +type Subject_Id struct { + // A concrete id of the subject. + Id string `protobuf:"bytes,1,opt,name=id,proto3,oneof"` +} + +type Subject_Set struct { + // A subject set that expands to more Subjects + // (used for inheritance). + Set *SubjectSet `protobuf:"bytes,2,opt,name=set,proto3,oneof"` +} + +func (*Subject_Id) isSubject_Ref() {} + +func (*Subject_Set) isSubject_Ref() {} + +// SubjectSet refers to all subjects which have +// the same `relation` to an `object`. +// Also used for inheritance. +type SubjectSet struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The object selected by the subjects. + Object *Object `protobuf:"bytes,1,opt,name=object,proto3" json:"object,omitempty"` + // The relation to the object by the subjects. + Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` +} + +func (x *SubjectSet) Reset() { + *x = SubjectSet{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SubjectSet) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SubjectSet) ProtoMessage() {} + +func (x *SubjectSet) ProtoReflect() protoreflect.Message { + mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SubjectSet.ProtoReflect.Descriptor instead. +func (*SubjectSet) Descriptor() ([]byte, []int) { + return file_keto_acl_v1alpha1_acl_proto_rawDescGZIP(), []int{3} +} + +func (x *SubjectSet) GetObject() *Object { + if x != nil { + return x.Object + } + return nil +} + +func (x *SubjectSet) GetRelation() string { + if x != nil { + return x.Relation + } + return "" +} + +var File_keto_acl_v1alpha1_acl_proto protoreflect.FileDescriptor + +var file_keto_acl_v1alpha1_acl_proto_rawDesc = []byte{ + 0x0a, 0x1b, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0x2f, 0x61, 0x63, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x11, 0x6b, + 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, + 0x22, 0xa8, 0x01, 0x0a, 0x0d, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, + 0x6c, 0x65, 0x12, 0x31, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, + 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x12, 0x34, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x07, + 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x65, 0x74, 0x61, 0x67, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x65, 0x74, 0x61, 0x67, 0x22, 0x36, 0x0a, 0x06, 0x4f, + 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, + 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, + 0x61, 0x63, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x02, 0x69, 0x64, 0x22, 0x55, 0x0a, 0x07, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x10, + 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x02, 0x69, 0x64, + 0x12, 0x31, 0x0a, 0x03, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, + 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x48, 0x00, 0x52, 0x03, + 0x73, 0x65, 0x74, 0x42, 0x05, 0x0a, 0x03, 0x72, 0x65, 0x66, 0x22, 0x5b, 0x0a, 0x0a, 0x53, 0x75, + 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x12, 0x31, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, + 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, + 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4f, 0x62, 0x6a, + 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, + 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, + 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x85, 0x01, 0x0a, 0x18, 0x73, 0x68, 0x2e, 0x6f, + 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x31, 0x42, 0x08, 0x41, 0x63, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, + 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, + 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, + 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, + 0x02, 0x15, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, + 0x31, 0x41, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, + 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_keto_acl_v1alpha1_acl_proto_rawDescOnce sync.Once + file_keto_acl_v1alpha1_acl_proto_rawDescData = file_keto_acl_v1alpha1_acl_proto_rawDesc +) + +func file_keto_acl_v1alpha1_acl_proto_rawDescGZIP() []byte { + file_keto_acl_v1alpha1_acl_proto_rawDescOnce.Do(func() { + file_keto_acl_v1alpha1_acl_proto_rawDescData = protoimpl.X.CompressGZIP(file_keto_acl_v1alpha1_acl_proto_rawDescData) + }) + return file_keto_acl_v1alpha1_acl_proto_rawDescData +} + +var file_keto_acl_v1alpha1_acl_proto_msgTypes = make([]protoimpl.MessageInfo, 4) +var file_keto_acl_v1alpha1_acl_proto_goTypes = []interface{}{ + (*RelationTuple)(nil), // 0: keto.acl.v1alpha1.RelationTuple + (*Object)(nil), // 1: keto.acl.v1alpha1.Object + (*Subject)(nil), // 2: keto.acl.v1alpha1.Subject + (*SubjectSet)(nil), // 3: keto.acl.v1alpha1.SubjectSet +} +var file_keto_acl_v1alpha1_acl_proto_depIdxs = []int32{ + 1, // 0: keto.acl.v1alpha1.RelationTuple.object:type_name -> keto.acl.v1alpha1.Object + 2, // 1: keto.acl.v1alpha1.RelationTuple.subject:type_name -> keto.acl.v1alpha1.Subject + 3, // 2: keto.acl.v1alpha1.Subject.set:type_name -> keto.acl.v1alpha1.SubjectSet + 1, // 3: keto.acl.v1alpha1.SubjectSet.object:type_name -> keto.acl.v1alpha1.Object + 4, // [4:4] is the sub-list for method output_type + 4, // [4:4] is the sub-list for method input_type + 4, // [4:4] is the sub-list for extension type_name + 4, // [4:4] is the sub-list for extension extendee + 0, // [0:4] is the sub-list for field type_name +} + +func init() { file_keto_acl_v1alpha1_acl_proto_init() } +func file_keto_acl_v1alpha1_acl_proto_init() { + if File_keto_acl_v1alpha1_acl_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_keto_acl_v1alpha1_acl_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RelationTuple); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_acl_v1alpha1_acl_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Object); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_acl_v1alpha1_acl_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Subject); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_acl_v1alpha1_acl_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SubjectSet); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + file_keto_acl_v1alpha1_acl_proto_msgTypes[2].OneofWrappers = []interface{}{ + (*Subject_Id)(nil), + (*Subject_Set)(nil), + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_keto_acl_v1alpha1_acl_proto_rawDesc, + NumEnums: 0, + NumMessages: 4, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_keto_acl_v1alpha1_acl_proto_goTypes, + DependencyIndexes: file_keto_acl_v1alpha1_acl_proto_depIdxs, + MessageInfos: file_keto_acl_v1alpha1_acl_proto_msgTypes, + }.Build() + File_keto_acl_v1alpha1_acl_proto = out.File + file_keto_acl_v1alpha1_acl_proto_rawDesc = nil + file_keto_acl_v1alpha1_acl_proto_goTypes = nil + file_keto_acl_v1alpha1_acl_proto_depIdxs = nil +} diff --git a/api/keto/acl/v1alpha1/check_service.pb.go b/api/keto/acl/v1alpha1/check_service.pb.go new file mode 100644 index 000000000..39f6f101c --- /dev/null +++ b/api/keto/acl/v1alpha1/check_service.pb.go @@ -0,0 +1,336 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.25.0 +// protoc v3.13.0 +// source: keto/acl/v1alpha1/check_service.proto + +package acl + +import ( + proto "github.com/golang/protobuf/proto" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 + +// The request for a CheckService.Check rpc. +// Checks whether a specific subject is related to an object. +type CheckRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The related object in this check. + Object *Object `protobuf:"bytes,1,opt,name=object,proto3" json:"object,omitempty"` + // The relation between the Object and the Subject. + Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` + // The related subject to check against. + Subject *Subject `protobuf:"bytes,3,opt,name=subject,proto3" json:"subject,omitempty"` + // Set this field to `true` in case your application + // needs to authorize depending on up to date ACLs, + // also called a "content-change check". + // + // If set to `true` the `snaptoken` field is ignored, + // the check is evaluated at the latest snapshot + // (globally consistent) and the response includes a + // snaptoken for clients to store along with object + // contents that can be used for subsequent checks + // of the same content version. + // + // Example use case: + // - You need to authorize a user to modify/delete some resource + // and it is unacceptable that if the permission to do that had + // just been revoked some seconds ago so that the change had not + // yet been fully replicated to all availability zones. + Latest bool `protobuf:"varint,4,opt,name=latest,proto3" json:"latest,omitempty"` + // Optional. Like reads, a check is always evaluated at a + // consistent snapshot no earlier than the given snaptoken. + // + // Leave this field blank if you want to evaluate the check + // based on eventually consistent ACLs, benefiting from very + // low latency, but possibly slightly stale results. + // + // If the specified token is too old and no longer known, + // the server falls back as if no snaptoken had been specified. + // + // If not specified the server tries to evaluate the check + // on the best snapshot version where it is very likely that + // ACLs had already been replicated to all availability zones. + Snaptoken []byte `protobuf:"bytes,5,opt,name=snaptoken,proto3" json:"snaptoken,omitempty"` +} + +func (x *CheckRequest) Reset() { + *x = CheckRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_acl_v1alpha1_check_service_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CheckRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CheckRequest) ProtoMessage() {} + +func (x *CheckRequest) ProtoReflect() protoreflect.Message { + mi := &file_keto_acl_v1alpha1_check_service_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CheckRequest.ProtoReflect.Descriptor instead. +func (*CheckRequest) Descriptor() ([]byte, []int) { + return file_keto_acl_v1alpha1_check_service_proto_rawDescGZIP(), []int{0} +} + +func (x *CheckRequest) GetObject() *Object { + if x != nil { + return x.Object + } + return nil +} + +func (x *CheckRequest) GetRelation() string { + if x != nil { + return x.Relation + } + return "" +} + +func (x *CheckRequest) GetSubject() *Subject { + if x != nil { + return x.Subject + } + return nil +} + +func (x *CheckRequest) GetLatest() bool { + if x != nil { + return x.Latest + } + return false +} + +func (x *CheckRequest) GetSnaptoken() []byte { + if x != nil { + return x.Snaptoken + } + return nil +} + +// The response for a CheckService.Check rpc. +type CheckResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Whether the specified subject (id) + // is related to the requested object. + // + // It is false by default if no ACL matches. + Allowed bool `protobuf:"varint,1,opt,name=allowed,proto3" json:"allowed,omitempty"` + // The last known snapshot token ONLY specified if + // the request had not specified a snaptoken, + // since this performed a "content-change request" + // and consistently fetched the last known snapshot token. + // + // This field is not set if the request had specified a snaptoken! + // + // If set, clients should cache and use this token + // for subsequent requests to have minimal latency, + // but allow slightly stale responses (only some milliseconds or seconds). + Snaptoken []byte `protobuf:"bytes,2,opt,name=snaptoken,proto3" json:"snaptoken,omitempty"` +} + +func (x *CheckResponse) Reset() { + *x = CheckResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_acl_v1alpha1_check_service_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CheckResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CheckResponse) ProtoMessage() {} + +func (x *CheckResponse) ProtoReflect() protoreflect.Message { + mi := &file_keto_acl_v1alpha1_check_service_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CheckResponse.ProtoReflect.Descriptor instead. +func (*CheckResponse) Descriptor() ([]byte, []int) { + return file_keto_acl_v1alpha1_check_service_proto_rawDescGZIP(), []int{1} +} + +func (x *CheckResponse) GetAllowed() bool { + if x != nil { + return x.Allowed + } + return false +} + +func (x *CheckResponse) GetSnaptoken() []byte { + if x != nil { + return x.Snaptoken + } + return nil +} + +var File_keto_acl_v1alpha1_check_service_proto protoreflect.FileDescriptor + +var file_keto_acl_v1alpha1_check_service_proto_rawDesc = []byte{ + 0x0a, 0x25, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0x2f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x11, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, + 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x1b, 0x6b, 0x65, 0x74, 0x6f, + 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x61, 0x63, + 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc9, 0x01, 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, + 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x31, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, + 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, + 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4f, 0x62, 0x6a, + 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, + 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, + 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x34, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, + 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, + 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x75, 0x62, + 0x6a, 0x65, 0x63, 0x74, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x16, 0x0a, + 0x06, 0x6c, 0x61, 0x74, 0x65, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x6c, + 0x61, 0x74, 0x65, 0x73, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, + 0x65, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, + 0x6b, 0x65, 0x6e, 0x22, 0x47, 0x0a, 0x0d, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x12, 0x1c, + 0x0a, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0c, 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x32, 0x5a, 0x0a, 0x0c, + 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x4a, 0x0a, 0x05, + 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x1f, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, + 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x8e, 0x01, 0x0a, 0x18, 0x73, 0x68, 0x2e, + 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x11, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, + 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, + 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x2e, + 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0x41, 0x6c, 0x70, 0x68, 0x61, + 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, + 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, +} + +var ( + file_keto_acl_v1alpha1_check_service_proto_rawDescOnce sync.Once + file_keto_acl_v1alpha1_check_service_proto_rawDescData = file_keto_acl_v1alpha1_check_service_proto_rawDesc +) + +func file_keto_acl_v1alpha1_check_service_proto_rawDescGZIP() []byte { + file_keto_acl_v1alpha1_check_service_proto_rawDescOnce.Do(func() { + file_keto_acl_v1alpha1_check_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_keto_acl_v1alpha1_check_service_proto_rawDescData) + }) + return file_keto_acl_v1alpha1_check_service_proto_rawDescData +} + +var file_keto_acl_v1alpha1_check_service_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_keto_acl_v1alpha1_check_service_proto_goTypes = []interface{}{ + (*CheckRequest)(nil), // 0: keto.acl.v1alpha1.CheckRequest + (*CheckResponse)(nil), // 1: keto.acl.v1alpha1.CheckResponse + (*Object)(nil), // 2: keto.acl.v1alpha1.Object + (*Subject)(nil), // 3: keto.acl.v1alpha1.Subject +} +var file_keto_acl_v1alpha1_check_service_proto_depIdxs = []int32{ + 2, // 0: keto.acl.v1alpha1.CheckRequest.object:type_name -> keto.acl.v1alpha1.Object + 3, // 1: keto.acl.v1alpha1.CheckRequest.subject:type_name -> keto.acl.v1alpha1.Subject + 0, // 2: keto.acl.v1alpha1.CheckService.Check:input_type -> keto.acl.v1alpha1.CheckRequest + 1, // 3: keto.acl.v1alpha1.CheckService.Check:output_type -> keto.acl.v1alpha1.CheckResponse + 3, // [3:4] is the sub-list for method output_type + 2, // [2:3] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_keto_acl_v1alpha1_check_service_proto_init() } +func file_keto_acl_v1alpha1_check_service_proto_init() { + if File_keto_acl_v1alpha1_check_service_proto != nil { + return + } + file_keto_acl_v1alpha1_acl_proto_init() + if !protoimpl.UnsafeEnabled { + file_keto_acl_v1alpha1_check_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CheckRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_acl_v1alpha1_check_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CheckResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_keto_acl_v1alpha1_check_service_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_keto_acl_v1alpha1_check_service_proto_goTypes, + DependencyIndexes: file_keto_acl_v1alpha1_check_service_proto_depIdxs, + MessageInfos: file_keto_acl_v1alpha1_check_service_proto_msgTypes, + }.Build() + File_keto_acl_v1alpha1_check_service_proto = out.File + file_keto_acl_v1alpha1_check_service_proto_rawDesc = nil + file_keto_acl_v1alpha1_check_service_proto_goTypes = nil + file_keto_acl_v1alpha1_check_service_proto_depIdxs = nil +} diff --git a/api/keto/acl/v1alpha1/check_service.proto b/api/keto/acl/v1alpha1/check_service.proto index 6a7239fbe..2b19cc2e9 100644 --- a/api/keto/acl/v1alpha1/check_service.proto +++ b/api/keto/acl/v1alpha1/check_service.proto @@ -23,29 +23,41 @@ service CheckService { message CheckRequest { // The related object in this check. Object object = 1; - // The relation this check. + // The relation between the Object and the Subject. string relation = 2; - // The subject to check. + // The related subject to check against. Subject subject = 3; - // Optional. The staleness bound of this check. + // Set this field to `true` in case your application + // needs to authorize depending on up to date ACLs, + // also called a "content-change check". // - // It specifies the clients last known snapshot token - // that the server uses to only check against ACLs newer - // than specified snapshot token in order to compute the - // result of this check. + // If set to `true` the `snaptoken` field is ignored, + // the check is evaluated at the latest snapshot + // (globally consistent) and the response includes a + // snaptoken for clients to store along with object + // contents that can be used for subsequent checks + // of the same content version. // - // Leave this field blank if... - // - your application strictly requires to act on up-to-date data - // - your application not yet has a snaptoken for your related data (e.g. user) + // Example use case: + // - You need to authorize a user to modify/delete some resource + // and it is unacceptable that if the permission to do that had + // just been revoked some seconds ago so that the change had not + // yet been fully replicated to all availability zones. + bool latest = 4; + // Optional. Like reads, a check is always evaluated at a + // consistent snapshot no earlier than the given snaptoken. // - // If the specified token is too old, the server falls back and tries to - // find the best snapshot token to perform the check using least stale - // ACLs that very likely already got replicated. + // Leave this field blank if you want to evaluate the check + // based on eventually consistent ACLs, benefiting from very + // low latency, but possibly slightly stale results. // - // *It is recommended to perform checks using slightly stale - // data (e.g. token older than 3-10 seconds) for minimum latency - // and where the application is allowed to accept slightly off checks. - bytes snaptoken = 4; + // If the specified token is too old and no longer known, + // the server falls back as if no snaptoken had been specified. + // + // If not specified the server tries to evaluate the check + // on the best snapshot version where it is very likely that + // ACLs had already been replicated to all availability zones. + bytes snaptoken = 5; } // The response for a CheckService.Check rpc. diff --git a/api/keto/acl/v1alpha1/check_service_grpc.pb.go b/api/keto/acl/v1alpha1/check_service_grpc.pb.go new file mode 100644 index 000000000..593b106e4 --- /dev/null +++ b/api/keto/acl/v1alpha1/check_service_grpc.pb.go @@ -0,0 +1,97 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. + +package acl + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion7 + +// CheckServiceClient is the client API for CheckService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type CheckServiceClient interface { + // Check performs an authorization check. + Check(ctx context.Context, in *CheckRequest, opts ...grpc.CallOption) (*CheckResponse, error) +} + +type checkServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewCheckServiceClient(cc grpc.ClientConnInterface) CheckServiceClient { + return &checkServiceClient{cc} +} + +func (c *checkServiceClient) Check(ctx context.Context, in *CheckRequest, opts ...grpc.CallOption) (*CheckResponse, error) { + out := new(CheckResponse) + err := c.cc.Invoke(ctx, "/keto.acl.v1alpha1.CheckService/Check", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// CheckServiceServer is the server API for CheckService service. +// All implementations should embed UnimplementedCheckServiceServer +// for forward compatibility +type CheckServiceServer interface { + // Check performs an authorization check. + Check(context.Context, *CheckRequest) (*CheckResponse, error) +} + +// UnimplementedCheckServiceServer should be embedded to have forward compatible implementations. +type UnimplementedCheckServiceServer struct { +} + +func (UnimplementedCheckServiceServer) Check(context.Context, *CheckRequest) (*CheckResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Check not implemented") +} + +// UnsafeCheckServiceServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to CheckServiceServer will +// result in compilation errors. +type UnsafeCheckServiceServer interface { + mustEmbedUnimplementedCheckServiceServer() +} + +func RegisterCheckServiceServer(s grpc.ServiceRegistrar, srv CheckServiceServer) { + s.RegisterService(&_CheckService_serviceDesc, srv) +} + +func _CheckService_Check_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CheckRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CheckServiceServer).Check(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/keto.acl.v1alpha1.CheckService/Check", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CheckServiceServer).Check(ctx, req.(*CheckRequest)) + } + return interceptor(ctx, in, info, handler) +} + +var _CheckService_serviceDesc = grpc.ServiceDesc{ + ServiceName: "keto.acl.v1alpha1.CheckService", + HandlerType: (*CheckServiceServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Check", + Handler: _CheckService_Check_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "keto/acl/v1alpha1/check_service.proto", +} diff --git a/api/keto/acl/v1alpha1/read_service.pb.go b/api/keto/acl/v1alpha1/read_service.pb.go new file mode 100644 index 000000000..eb35d8839 --- /dev/null +++ b/api/keto/acl/v1alpha1/read_service.pb.go @@ -0,0 +1,431 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.25.0 +// protoc v3.13.0 +// source: keto/acl/v1alpha1/read_service.proto + +package acl + +import ( + proto "github.com/golang/protobuf/proto" + field_mask "google.golang.org/genproto/protobuf/field_mask" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 + +// Request for ReadService.ListRelationTuples rpc. +// See ListRelationTuplesRequest_Query for more querying details. +type ListRelationTuplesRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // All field constraints are concatenated + // with a logical AND operator. + // An unspecified field specifies a `*` wildcard match. + Query *ListRelationTuplesRequest_Query `protobuf:"bytes,1,opt,name=query,proto3" json:"query,omitempty"` + // Optional. The list of fields to be expanded + // in the RelationTuple list returned in `ListRelationTuplesResponse`. + // Leaving this field unspecified means all fields are expanded. + // + // Available fields: + // "object", "relation", "subject", + // "object.namespace","object.id", + // "subject.id", "subject.set" + ExpandMask *field_mask.FieldMask `protobuf:"bytes,2,opt,name=expand_mask,json=expandMask,proto3" json:"expand_mask,omitempty"` + // Optional. The snapshot token for this read. + Snaptoken []byte `protobuf:"bytes,3,opt,name=snaptoken,proto3" json:"snaptoken,omitempty"` + // Optional. The maximum number of + // RelationTuples to return in the response. + PageSize int32 `protobuf:"varint,4,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"` + // Optional. A pagination token returned from + // a previous call to `ListRelationTuples` that + // indicates where this listing should continue from. + PageToken string `protobuf:"bytes,5,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"` +} + +func (x *ListRelationTuplesRequest) Reset() { + *x = ListRelationTuplesRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_acl_v1alpha1_read_service_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ListRelationTuplesRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListRelationTuplesRequest) ProtoMessage() {} + +func (x *ListRelationTuplesRequest) ProtoReflect() protoreflect.Message { + mi := &file_keto_acl_v1alpha1_read_service_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListRelationTuplesRequest.ProtoReflect.Descriptor instead. +func (*ListRelationTuplesRequest) Descriptor() ([]byte, []int) { + return file_keto_acl_v1alpha1_read_service_proto_rawDescGZIP(), []int{0} +} + +func (x *ListRelationTuplesRequest) GetQuery() *ListRelationTuplesRequest_Query { + if x != nil { + return x.Query + } + return nil +} + +func (x *ListRelationTuplesRequest) GetExpandMask() *field_mask.FieldMask { + if x != nil { + return x.ExpandMask + } + return nil +} + +func (x *ListRelationTuplesRequest) GetSnaptoken() []byte { + if x != nil { + return x.Snaptoken + } + return nil +} + +func (x *ListRelationTuplesRequest) GetPageSize() int32 { + if x != nil { + return x.PageSize + } + return 0 +} + +func (x *ListRelationTuplesRequest) GetPageToken() string { + if x != nil { + return x.PageToken + } + return "" +} + +// The response of a ReadService.ListRelationTuples rpc. +type ListRelationTuplesResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The relation tuples matching the list request. + RelationTuples []*RelationTuple `protobuf:"bytes,1,rep,name=relation_tuples,json=relationTuples,proto3" json:"relation_tuples,omitempty"` + // Optional. A pagination token returned from a previous call to `ListRelationTuples` + // that indicates where this listing should continue from. + // + // All fields of the subsequent ListRelationTuplesRequest request + // using this `next_page_token` as the `page_token` are ignored and + // CAN be left blank, since the request's data is baked in this `next_page_token`. + NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"` +} + +func (x *ListRelationTuplesResponse) Reset() { + *x = ListRelationTuplesResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_acl_v1alpha1_read_service_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ListRelationTuplesResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListRelationTuplesResponse) ProtoMessage() {} + +func (x *ListRelationTuplesResponse) ProtoReflect() protoreflect.Message { + mi := &file_keto_acl_v1alpha1_read_service_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListRelationTuplesResponse.ProtoReflect.Descriptor instead. +func (*ListRelationTuplesResponse) Descriptor() ([]byte, []int) { + return file_keto_acl_v1alpha1_read_service_proto_rawDescGZIP(), []int{1} +} + +func (x *ListRelationTuplesResponse) GetRelationTuples() []*RelationTuple { + if x != nil { + return x.RelationTuples + } + return nil +} + +func (x *ListRelationTuplesResponse) GetNextPageToken() string { + if x != nil { + return x.NextPageToken + } + return "" +} + +// The query for listing relation tuples. +// Clients can specify any optional field to +// partially filter for specific relation tuples. +// +// Example use cases: +// - object only: display a list of all rules of one object +// - relation only: get all groups that have members; e.g. get all directories that have content +// - object & relation: display all subjects that have e.g. write relation +// - subject & relation: display all groups a subject belongs to/display all objects a subject has access to +// - object & relation & subject: check whether the relation tuple already exists, before writing it +// +type ListRelationTuplesRequest_Query struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Optional. + Object *Object `protobuf:"bytes,1,opt,name=object,proto3" json:"object,omitempty"` + // Optional. + Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` + // Optional. + Subject *Subject `protobuf:"bytes,3,opt,name=subject,proto3" json:"subject,omitempty"` +} + +func (x *ListRelationTuplesRequest_Query) Reset() { + *x = ListRelationTuplesRequest_Query{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_acl_v1alpha1_read_service_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ListRelationTuplesRequest_Query) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListRelationTuplesRequest_Query) ProtoMessage() {} + +func (x *ListRelationTuplesRequest_Query) ProtoReflect() protoreflect.Message { + mi := &file_keto_acl_v1alpha1_read_service_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListRelationTuplesRequest_Query.ProtoReflect.Descriptor instead. +func (*ListRelationTuplesRequest_Query) Descriptor() ([]byte, []int) { + return file_keto_acl_v1alpha1_read_service_proto_rawDescGZIP(), []int{0, 0} +} + +func (x *ListRelationTuplesRequest_Query) GetObject() *Object { + if x != nil { + return x.Object + } + return nil +} + +func (x *ListRelationTuplesRequest_Query) GetRelation() string { + if x != nil { + return x.Relation + } + return "" +} + +func (x *ListRelationTuplesRequest_Query) GetSubject() *Subject { + if x != nil { + return x.Subject + } + return nil +} + +var File_keto_acl_v1alpha1_read_service_proto protoreflect.FileDescriptor + +var file_keto_acl_v1alpha1_read_service_proto_rawDesc = []byte{ + 0x0a, 0x24, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0x2f, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x11, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x1b, 0x6b, 0x65, 0x74, 0x6f, 0x2f, + 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x61, 0x63, 0x6c, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x6d, 0x61, + 0x73, 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x8b, 0x03, 0x0a, 0x19, 0x4c, 0x69, 0x73, + 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x48, 0x0a, 0x05, 0x71, 0x75, 0x65, 0x72, 0x79, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, + 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x05, 0x71, 0x75, 0x65, 0x72, 0x79, + 0x12, 0x3b, 0x0a, 0x0b, 0x65, 0x78, 0x70, 0x61, 0x6e, 0x64, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4d, 0x61, 0x73, + 0x6b, 0x52, 0x0a, 0x65, 0x78, 0x70, 0x61, 0x6e, 0x64, 0x4d, 0x61, 0x73, 0x6b, 0x12, 0x1c, 0x0a, + 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, + 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1b, 0x0a, 0x09, 0x70, + 0x61, 0x67, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, + 0x70, 0x61, 0x67, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, + 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, + 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x1a, 0x8c, 0x01, 0x0a, 0x05, 0x51, 0x75, 0x65, 0x72, + 0x79, 0x12, 0x31, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x19, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, + 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x12, 0x34, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x07, 0x73, + 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x22, 0x8f, 0x01, 0x0a, 0x1a, 0x4c, 0x69, 0x73, 0x74, 0x52, + 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x49, 0x0a, 0x0f, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, + 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x31, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, + 0x52, 0x0e, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, + 0x12, 0x26, 0x0a, 0x0f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, + 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6e, 0x65, 0x78, 0x74, 0x50, + 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x32, 0x80, 0x01, 0x0a, 0x0b, 0x52, 0x65, 0x61, + 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x71, 0x0a, 0x12, 0x4c, 0x69, 0x73, 0x74, + 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, 0x2c, + 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, + 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2d, 0x2e, 0x6b, + 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, + 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, + 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x8d, 0x01, 0x0a, 0x18, + 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x10, 0x52, 0x65, 0x61, 0x64, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2d, 0x67, 0x69, + 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, + 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x15, 0x4f, 0x72, + 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0x41, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, + 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x33, +} + +var ( + file_keto_acl_v1alpha1_read_service_proto_rawDescOnce sync.Once + file_keto_acl_v1alpha1_read_service_proto_rawDescData = file_keto_acl_v1alpha1_read_service_proto_rawDesc +) + +func file_keto_acl_v1alpha1_read_service_proto_rawDescGZIP() []byte { + file_keto_acl_v1alpha1_read_service_proto_rawDescOnce.Do(func() { + file_keto_acl_v1alpha1_read_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_keto_acl_v1alpha1_read_service_proto_rawDescData) + }) + return file_keto_acl_v1alpha1_read_service_proto_rawDescData +} + +var file_keto_acl_v1alpha1_read_service_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_keto_acl_v1alpha1_read_service_proto_goTypes = []interface{}{ + (*ListRelationTuplesRequest)(nil), // 0: keto.acl.v1alpha1.ListRelationTuplesRequest + (*ListRelationTuplesResponse)(nil), // 1: keto.acl.v1alpha1.ListRelationTuplesResponse + (*ListRelationTuplesRequest_Query)(nil), // 2: keto.acl.v1alpha1.ListRelationTuplesRequest.Query + (*field_mask.FieldMask)(nil), // 3: google.protobuf.FieldMask + (*RelationTuple)(nil), // 4: keto.acl.v1alpha1.RelationTuple + (*Object)(nil), // 5: keto.acl.v1alpha1.Object + (*Subject)(nil), // 6: keto.acl.v1alpha1.Subject +} +var file_keto_acl_v1alpha1_read_service_proto_depIdxs = []int32{ + 2, // 0: keto.acl.v1alpha1.ListRelationTuplesRequest.query:type_name -> keto.acl.v1alpha1.ListRelationTuplesRequest.Query + 3, // 1: keto.acl.v1alpha1.ListRelationTuplesRequest.expand_mask:type_name -> google.protobuf.FieldMask + 4, // 2: keto.acl.v1alpha1.ListRelationTuplesResponse.relation_tuples:type_name -> keto.acl.v1alpha1.RelationTuple + 5, // 3: keto.acl.v1alpha1.ListRelationTuplesRequest.Query.object:type_name -> keto.acl.v1alpha1.Object + 6, // 4: keto.acl.v1alpha1.ListRelationTuplesRequest.Query.subject:type_name -> keto.acl.v1alpha1.Subject + 0, // 5: keto.acl.v1alpha1.ReadService.ListRelationTuples:input_type -> keto.acl.v1alpha1.ListRelationTuplesRequest + 1, // 6: keto.acl.v1alpha1.ReadService.ListRelationTuples:output_type -> keto.acl.v1alpha1.ListRelationTuplesResponse + 6, // [6:7] is the sub-list for method output_type + 5, // [5:6] is the sub-list for method input_type + 5, // [5:5] is the sub-list for extension type_name + 5, // [5:5] is the sub-list for extension extendee + 0, // [0:5] is the sub-list for field type_name +} + +func init() { file_keto_acl_v1alpha1_read_service_proto_init() } +func file_keto_acl_v1alpha1_read_service_proto_init() { + if File_keto_acl_v1alpha1_read_service_proto != nil { + return + } + file_keto_acl_v1alpha1_acl_proto_init() + if !protoimpl.UnsafeEnabled { + file_keto_acl_v1alpha1_read_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ListRelationTuplesRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_acl_v1alpha1_read_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ListRelationTuplesResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_acl_v1alpha1_read_service_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ListRelationTuplesRequest_Query); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_keto_acl_v1alpha1_read_service_proto_rawDesc, + NumEnums: 0, + NumMessages: 3, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_keto_acl_v1alpha1_read_service_proto_goTypes, + DependencyIndexes: file_keto_acl_v1alpha1_read_service_proto_depIdxs, + MessageInfos: file_keto_acl_v1alpha1_read_service_proto_msgTypes, + }.Build() + File_keto_acl_v1alpha1_read_service_proto = out.File + file_keto_acl_v1alpha1_read_service_proto_rawDesc = nil + file_keto_acl_v1alpha1_read_service_proto_goTypes = nil + file_keto_acl_v1alpha1_read_service_proto_depIdxs = nil +} diff --git a/api/keto/acl/v1alpha1/read_service_grpc.pb.go b/api/keto/acl/v1alpha1/read_service_grpc.pb.go new file mode 100644 index 000000000..d1d3bd601 --- /dev/null +++ b/api/keto/acl/v1alpha1/read_service_grpc.pb.go @@ -0,0 +1,97 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. + +package acl + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion7 + +// ReadServiceClient is the client API for ReadService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type ReadServiceClient interface { + // Lists ACL relation tuples. + ListRelationTuples(ctx context.Context, in *ListRelationTuplesRequest, opts ...grpc.CallOption) (*ListRelationTuplesResponse, error) +} + +type readServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewReadServiceClient(cc grpc.ClientConnInterface) ReadServiceClient { + return &readServiceClient{cc} +} + +func (c *readServiceClient) ListRelationTuples(ctx context.Context, in *ListRelationTuplesRequest, opts ...grpc.CallOption) (*ListRelationTuplesResponse, error) { + out := new(ListRelationTuplesResponse) + err := c.cc.Invoke(ctx, "/keto.acl.v1alpha1.ReadService/ListRelationTuples", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// ReadServiceServer is the server API for ReadService service. +// All implementations should embed UnimplementedReadServiceServer +// for forward compatibility +type ReadServiceServer interface { + // Lists ACL relation tuples. + ListRelationTuples(context.Context, *ListRelationTuplesRequest) (*ListRelationTuplesResponse, error) +} + +// UnimplementedReadServiceServer should be embedded to have forward compatible implementations. +type UnimplementedReadServiceServer struct { +} + +func (UnimplementedReadServiceServer) ListRelationTuples(context.Context, *ListRelationTuplesRequest) (*ListRelationTuplesResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ListRelationTuples not implemented") +} + +// UnsafeReadServiceServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to ReadServiceServer will +// result in compilation errors. +type UnsafeReadServiceServer interface { + mustEmbedUnimplementedReadServiceServer() +} + +func RegisterReadServiceServer(s grpc.ServiceRegistrar, srv ReadServiceServer) { + s.RegisterService(&_ReadService_serviceDesc, srv) +} + +func _ReadService_ListRelationTuples_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ListRelationTuplesRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ReadServiceServer).ListRelationTuples(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/keto.acl.v1alpha1.ReadService/ListRelationTuples", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ReadServiceServer).ListRelationTuples(ctx, req.(*ListRelationTuplesRequest)) + } + return interceptor(ctx, in, info, handler) +} + +var _ReadService_serviceDesc = grpc.ServiceDesc{ + ServiceName: "keto.acl.v1alpha1.ReadService", + HandlerType: (*ReadServiceServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "ListRelationTuples", + Handler: _ReadService_ListRelationTuples_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "keto/acl/v1alpha1/read_service.proto", +} diff --git a/api/keto/acl/v1alpha1/write_service.pb.go b/api/keto/acl/v1alpha1/write_service.pb.go new file mode 100644 index 000000000..73c41c1b6 --- /dev/null +++ b/api/keto/acl/v1alpha1/write_service.pb.go @@ -0,0 +1,405 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.25.0 +// protoc v3.13.0 +// source: keto/acl/v1alpha1/write_service.proto + +package acl + +import ( + proto "github.com/golang/protobuf/proto" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 + +type RelationTupleWriteDelta_Action int32 + +const ( + // Unspecified. + // The `WriteRelationTuples` rpc ignores this + // RelationTupleWriteDelta if an action was unspecified. + RelationTupleWriteDelta_ACTION_UNSPECIFIED RelationTupleWriteDelta_Action = 0 + // Like INSERT with the exception that if the RelationTuple + // already exists performs an UPDATE instead. + RelationTupleWriteDelta_UPSERT RelationTupleWriteDelta_Action = 1 + // Insertion of a new RelationTuple. + // + // The `WriteRelationTuples` rpc errors if the + // specified RelationTuple already exists. + RelationTupleWriteDelta_INSERT RelationTupleWriteDelta_Action = 2 + // Update of the existing RelationTuple with + // the intend to refresh its snapshot token. + // + // The `WriteRelationTuples` rpc errors if the + // specified RelationTuple was not found. + RelationTupleWriteDelta_UPDATE RelationTupleWriteDelta_Action = 3 + // Deletion of the RelationTuple. + // The `WriteRelationTuples` rpc returns NO error + // if the specified RelationTuple was not found. + RelationTupleWriteDelta_DELETE RelationTupleWriteDelta_Action = 4 +) + +// Enum value maps for RelationTupleWriteDelta_Action. +var ( + RelationTupleWriteDelta_Action_name = map[int32]string{ + 0: "ACTION_UNSPECIFIED", + 1: "UPSERT", + 2: "INSERT", + 3: "UPDATE", + 4: "DELETE", + } + RelationTupleWriteDelta_Action_value = map[string]int32{ + "ACTION_UNSPECIFIED": 0, + "UPSERT": 1, + "INSERT": 2, + "UPDATE": 3, + "DELETE": 4, + } +) + +func (x RelationTupleWriteDelta_Action) Enum() *RelationTupleWriteDelta_Action { + p := new(RelationTupleWriteDelta_Action) + *p = x + return p +} + +func (x RelationTupleWriteDelta_Action) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (RelationTupleWriteDelta_Action) Descriptor() protoreflect.EnumDescriptor { + return file_keto_acl_v1alpha1_write_service_proto_enumTypes[0].Descriptor() +} + +func (RelationTupleWriteDelta_Action) Type() protoreflect.EnumType { + return &file_keto_acl_v1alpha1_write_service_proto_enumTypes[0] +} + +func (x RelationTupleWriteDelta_Action) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use RelationTupleWriteDelta_Action.Descriptor instead. +func (RelationTupleWriteDelta_Action) EnumDescriptor() ([]byte, []int) { + return file_keto_acl_v1alpha1_write_service_proto_rawDescGZIP(), []int{1, 0} +} + +// The request of a WriteService.WriteRelationTuples rpc. +type WriteRelationTuplesRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The write delta for the relation tuples operated in one single transaction. + // Either all actions commit or no change takes effect on error. + // + // The tuple's etag is used for a consistent read-modify-write request flow. + // If the etag is not present, the tuple is not validated against the state + // of the serverside tuple and get operated anyway. + RelationTupleDeltas []*RelationTupleWriteDelta `protobuf:"bytes,1,rep,name=relation_tuple_deltas,json=relationTupleDeltas,proto3" json:"relation_tuple_deltas,omitempty"` +} + +func (x *WriteRelationTuplesRequest) Reset() { + *x = WriteRelationTuplesRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_acl_v1alpha1_write_service_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *WriteRelationTuplesRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WriteRelationTuplesRequest) ProtoMessage() {} + +func (x *WriteRelationTuplesRequest) ProtoReflect() protoreflect.Message { + mi := &file_keto_acl_v1alpha1_write_service_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WriteRelationTuplesRequest.ProtoReflect.Descriptor instead. +func (*WriteRelationTuplesRequest) Descriptor() ([]byte, []int) { + return file_keto_acl_v1alpha1_write_service_proto_rawDescGZIP(), []int{0} +} + +func (x *WriteRelationTuplesRequest) GetRelationTupleDeltas() []*RelationTupleWriteDelta { + if x != nil { + return x.RelationTupleDeltas + } + return nil +} + +// Write-delta for a WriteRelationTuplesRequest. +type RelationTupleWriteDelta struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The target RelationTuple. + RelationTuple *RelationTuple `protobuf:"bytes,1,opt,name=relation_tuple,json=relationTuple,proto3" json:"relation_tuple,omitempty"` +} + +func (x *RelationTupleWriteDelta) Reset() { + *x = RelationTupleWriteDelta{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_acl_v1alpha1_write_service_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RelationTupleWriteDelta) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RelationTupleWriteDelta) ProtoMessage() {} + +func (x *RelationTupleWriteDelta) ProtoReflect() protoreflect.Message { + mi := &file_keto_acl_v1alpha1_write_service_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RelationTupleWriteDelta.ProtoReflect.Descriptor instead. +func (*RelationTupleWriteDelta) Descriptor() ([]byte, []int) { + return file_keto_acl_v1alpha1_write_service_proto_rawDescGZIP(), []int{1} +} + +func (x *RelationTupleWriteDelta) GetRelationTuple() *RelationTuple { + if x != nil { + return x.RelationTuple + } + return nil +} + +// The response of a WriteService.WriteRelationTuples rpc. +type WriteRelationTuplesResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The list of the new latest snapshot tokens of the affected RelationTuple, + // with the same index as specified in the `relation_tuple_deltas` field of + // the WriteRelationTuplesRequest request. + // + // The snaptoken is nil at the same index + // if the RelationTupleWriteDelta_Action was DELETE. + Snaptokens [][]byte `protobuf:"bytes,1,rep,name=snaptokens,proto3" json:"snaptokens,omitempty"` +} + +func (x *WriteRelationTuplesResponse) Reset() { + *x = WriteRelationTuplesResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_keto_acl_v1alpha1_write_service_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *WriteRelationTuplesResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WriteRelationTuplesResponse) ProtoMessage() {} + +func (x *WriteRelationTuplesResponse) ProtoReflect() protoreflect.Message { + mi := &file_keto_acl_v1alpha1_write_service_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WriteRelationTuplesResponse.ProtoReflect.Descriptor instead. +func (*WriteRelationTuplesResponse) Descriptor() ([]byte, []int) { + return file_keto_acl_v1alpha1_write_service_proto_rawDescGZIP(), []int{2} +} + +func (x *WriteRelationTuplesResponse) GetSnaptokens() [][]byte { + if x != nil { + return x.Snaptokens + } + return nil +} + +var File_keto_acl_v1alpha1_write_service_proto protoreflect.FileDescriptor + +var file_keto_acl_v1alpha1_write_service_proto_rawDesc = []byte{ + 0x0a, 0x25, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0x2f, 0x77, 0x72, 0x69, 0x74, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x11, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, + 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x1b, 0x6b, 0x65, 0x74, 0x6f, + 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x61, 0x63, + 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x7c, 0x0a, 0x1a, 0x57, 0x72, 0x69, 0x74, 0x65, + 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x5e, 0x0a, 0x15, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x5f, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x73, 0x18, 0x01, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x57, 0x72, 0x69, 0x74, 0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, + 0x52, 0x13, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x44, + 0x65, 0x6c, 0x74, 0x61, 0x73, 0x22, 0xb4, 0x01, 0x0a, 0x17, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x57, 0x72, 0x69, 0x74, 0x65, 0x44, 0x65, 0x6c, 0x74, + 0x61, 0x12, 0x47, 0x0a, 0x0e, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, + 0x70, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x6b, 0x65, 0x74, 0x6f, + 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x65, + 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x52, 0x0d, 0x72, 0x65, 0x6c, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x22, 0x50, 0x0a, 0x06, 0x41, 0x63, + 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, + 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, + 0x55, 0x50, 0x53, 0x45, 0x52, 0x54, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x49, 0x4e, 0x53, 0x45, + 0x52, 0x54, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x10, 0x03, + 0x12, 0x0a, 0x0a, 0x06, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x04, 0x22, 0x3d, 0x0a, 0x1b, + 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, + 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x73, + 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0c, 0x52, + 0x0a, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x32, 0x84, 0x01, 0x0a, 0x0c, + 0x57, 0x72, 0x69, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x74, 0x0a, 0x13, + 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, + 0x6c, 0x65, 0x73, 0x12, 0x2d, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x2e, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x42, 0x8e, 0x01, 0x0a, 0x18, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, + 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, + 0x11, 0x57, 0x61, 0x74, 0x63, 0x68, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, + 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, + 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, + 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, + 0x63, 0x6c, 0x2e, 0x56, 0x31, 0x41, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, + 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_keto_acl_v1alpha1_write_service_proto_rawDescOnce sync.Once + file_keto_acl_v1alpha1_write_service_proto_rawDescData = file_keto_acl_v1alpha1_write_service_proto_rawDesc +) + +func file_keto_acl_v1alpha1_write_service_proto_rawDescGZIP() []byte { + file_keto_acl_v1alpha1_write_service_proto_rawDescOnce.Do(func() { + file_keto_acl_v1alpha1_write_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_keto_acl_v1alpha1_write_service_proto_rawDescData) + }) + return file_keto_acl_v1alpha1_write_service_proto_rawDescData +} + +var file_keto_acl_v1alpha1_write_service_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_keto_acl_v1alpha1_write_service_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_keto_acl_v1alpha1_write_service_proto_goTypes = []interface{}{ + (RelationTupleWriteDelta_Action)(0), // 0: keto.acl.v1alpha1.RelationTupleWriteDelta.Action + (*WriteRelationTuplesRequest)(nil), // 1: keto.acl.v1alpha1.WriteRelationTuplesRequest + (*RelationTupleWriteDelta)(nil), // 2: keto.acl.v1alpha1.RelationTupleWriteDelta + (*WriteRelationTuplesResponse)(nil), // 3: keto.acl.v1alpha1.WriteRelationTuplesResponse + (*RelationTuple)(nil), // 4: keto.acl.v1alpha1.RelationTuple +} +var file_keto_acl_v1alpha1_write_service_proto_depIdxs = []int32{ + 2, // 0: keto.acl.v1alpha1.WriteRelationTuplesRequest.relation_tuple_deltas:type_name -> keto.acl.v1alpha1.RelationTupleWriteDelta + 4, // 1: keto.acl.v1alpha1.RelationTupleWriteDelta.relation_tuple:type_name -> keto.acl.v1alpha1.RelationTuple + 1, // 2: keto.acl.v1alpha1.WriteService.WriteRelationTuples:input_type -> keto.acl.v1alpha1.WriteRelationTuplesRequest + 3, // 3: keto.acl.v1alpha1.WriteService.WriteRelationTuples:output_type -> keto.acl.v1alpha1.WriteRelationTuplesResponse + 3, // [3:4] is the sub-list for method output_type + 2, // [2:3] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_keto_acl_v1alpha1_write_service_proto_init() } +func file_keto_acl_v1alpha1_write_service_proto_init() { + if File_keto_acl_v1alpha1_write_service_proto != nil { + return + } + file_keto_acl_v1alpha1_acl_proto_init() + if !protoimpl.UnsafeEnabled { + file_keto_acl_v1alpha1_write_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*WriteRelationTuplesRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_acl_v1alpha1_write_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RelationTupleWriteDelta); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keto_acl_v1alpha1_write_service_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*WriteRelationTuplesResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_keto_acl_v1alpha1_write_service_proto_rawDesc, + NumEnums: 1, + NumMessages: 3, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_keto_acl_v1alpha1_write_service_proto_goTypes, + DependencyIndexes: file_keto_acl_v1alpha1_write_service_proto_depIdxs, + EnumInfos: file_keto_acl_v1alpha1_write_service_proto_enumTypes, + MessageInfos: file_keto_acl_v1alpha1_write_service_proto_msgTypes, + }.Build() + File_keto_acl_v1alpha1_write_service_proto = out.File + file_keto_acl_v1alpha1_write_service_proto_rawDesc = nil + file_keto_acl_v1alpha1_write_service_proto_goTypes = nil + file_keto_acl_v1alpha1_write_service_proto_depIdxs = nil +} diff --git a/api/keto/acl/v1alpha1/write_service_grpc.pb.go b/api/keto/acl/v1alpha1/write_service_grpc.pb.go new file mode 100644 index 000000000..958c194e1 --- /dev/null +++ b/api/keto/acl/v1alpha1/write_service_grpc.pb.go @@ -0,0 +1,97 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. + +package acl + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion7 + +// WriteServiceClient is the client API for WriteService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type WriteServiceClient interface { + // Writes one or more relation tuples in a single transaction. + WriteRelationTuples(ctx context.Context, in *WriteRelationTuplesRequest, opts ...grpc.CallOption) (*WriteRelationTuplesResponse, error) +} + +type writeServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewWriteServiceClient(cc grpc.ClientConnInterface) WriteServiceClient { + return &writeServiceClient{cc} +} + +func (c *writeServiceClient) WriteRelationTuples(ctx context.Context, in *WriteRelationTuplesRequest, opts ...grpc.CallOption) (*WriteRelationTuplesResponse, error) { + out := new(WriteRelationTuplesResponse) + err := c.cc.Invoke(ctx, "/keto.acl.v1alpha1.WriteService/WriteRelationTuples", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// WriteServiceServer is the server API for WriteService service. +// All implementations should embed UnimplementedWriteServiceServer +// for forward compatibility +type WriteServiceServer interface { + // Writes one or more relation tuples in a single transaction. + WriteRelationTuples(context.Context, *WriteRelationTuplesRequest) (*WriteRelationTuplesResponse, error) +} + +// UnimplementedWriteServiceServer should be embedded to have forward compatible implementations. +type UnimplementedWriteServiceServer struct { +} + +func (UnimplementedWriteServiceServer) WriteRelationTuples(context.Context, *WriteRelationTuplesRequest) (*WriteRelationTuplesResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method WriteRelationTuples not implemented") +} + +// UnsafeWriteServiceServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to WriteServiceServer will +// result in compilation errors. +type UnsafeWriteServiceServer interface { + mustEmbedUnimplementedWriteServiceServer() +} + +func RegisterWriteServiceServer(s grpc.ServiceRegistrar, srv WriteServiceServer) { + s.RegisterService(&_WriteService_serviceDesc, srv) +} + +func _WriteService_WriteRelationTuples_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(WriteRelationTuplesRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(WriteServiceServer).WriteRelationTuples(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/keto.acl.v1alpha1.WriteService/WriteRelationTuples", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(WriteServiceServer).WriteRelationTuples(ctx, req.(*WriteRelationTuplesRequest)) + } + return interceptor(ctx, in, info, handler) +} + +var _WriteService_serviceDesc = grpc.ServiceDesc{ + ServiceName: "keto.acl.v1alpha1.WriteService", + HandlerType: (*WriteServiceServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "WriteRelationTuples", + Handler: _WriteService_WriteRelationTuples_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "keto/acl/v1alpha1/write_service.proto", +} diff --git a/buf/api/buf.yaml b/buf/api/buf.yaml index 3541e274b..3ceba64be 100644 --- a/buf/api/buf.yaml +++ b/buf/api/buf.yaml @@ -9,7 +9,7 @@ lint: - google ignore_only: ENUM_VALUE_PREFIX: - - keto/acl/v1/write_service.proto + - keto/acl/v1alpha1/write_service.proto breaking: use: - PACKAGE \ No newline at end of file From 3f45059477362cfe02907be06fc395def382bcf1 Mon Sep 17 00:00:00 2001 From: Robin Date: Thu, 19 Nov 2020 12:06:30 +0100 Subject: [PATCH 15/21] update object comments --- api/keto/acl/v1alpha1/acl.pb.go | 6 ++---- api/keto/acl/v1alpha1/acl.proto | 6 ++---- api/keto/acl/v1alpha1/read_service.pb.go | 3 ++- api/keto/acl/v1alpha1/read_service.proto | 3 ++- 4 files changed, 8 insertions(+), 10 deletions(-) diff --git a/api/keto/acl/v1alpha1/acl.pb.go b/api/keto/acl/v1alpha1/acl.pb.go index 45c9067dc..c1b02aa4c 100644 --- a/api/keto/acl/v1alpha1/acl.pb.go +++ b/api/keto/acl/v1alpha1/acl.pb.go @@ -106,10 +106,8 @@ func (x *RelationTuple) GetEtag() string { return "" } -// Object is an object in a namespace -// referenced by a RelationTuple or SubjectSet. -// -// It represents a "resource" or "digital object". +// Object represents a "resource/digital object" in a namespace. +// A RelationTuple relates a Subject to an Object. type Object struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache diff --git a/api/keto/acl/v1alpha1/acl.proto b/api/keto/acl/v1alpha1/acl.proto index f491def84..d51884b21 100644 --- a/api/keto/acl/v1alpha1/acl.proto +++ b/api/keto/acl/v1alpha1/acl.proto @@ -27,10 +27,8 @@ message RelationTuple { string etag = 4; } -// Object is an object in a namespace -// referenced by a RelationTuple or SubjectSet. -// -// It represents a "resource" or "digital object". +// Object represents a "resource/digital object" in a namespace. +// A RelationTuple relates a Subject to an Object. message Object { // The namespace of the object. // This effectively is the namespace of the whole RelationTuple. diff --git a/api/keto/acl/v1alpha1/read_service.pb.go b/api/keto/acl/v1alpha1/read_service.pb.go index eb35d8839..c12bccb42 100644 --- a/api/keto/acl/v1alpha1/read_service.pb.go +++ b/api/keto/acl/v1alpha1/read_service.pb.go @@ -203,7 +203,8 @@ type ListRelationTuplesRequest_Query struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // Optional. + // The `namespace` field in the Object is required. + // The Object's `id` field is optional. Object *Object `protobuf:"bytes,1,opt,name=object,proto3" json:"object,omitempty"` // Optional. Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` diff --git a/api/keto/acl/v1alpha1/read_service.proto b/api/keto/acl/v1alpha1/read_service.proto index 315c2df44..7301757bf 100644 --- a/api/keto/acl/v1alpha1/read_service.proto +++ b/api/keto/acl/v1alpha1/read_service.proto @@ -33,7 +33,8 @@ message ListRelationTuplesRequest { // - object & relation & subject: check whether the relation tuple already exists, before writing it // message Query { - // Optional. + // The `namespace` field in the Object is required. + // The Object's `id` field is optional. Object object = 1; // Optional. string relation = 2; From 5425b726116f37929744a38c56001d5c5f0c2bd2 Mon Sep 17 00:00:00 2001 From: Robin Date: Thu, 19 Nov 2020 17:50:37 +0100 Subject: [PATCH 16/21] flatten object --- api/keto/acl/v1alpha1/acl.pb.go | 134 ++++++++++++---------- api/keto/acl/v1alpha1/acl.proto | 20 ++-- api/keto/acl/v1alpha1/check_service.pb.go | 128 +++++++++++---------- api/keto/acl/v1alpha1/check_service.proto | 21 ++-- api/keto/acl/v1alpha1/read_service.pb.go | 122 +++++++++++--------- api/keto/acl/v1alpha1/read_service.proto | 15 ++- 6 files changed, 241 insertions(+), 199 deletions(-) diff --git a/api/keto/acl/v1alpha1/acl.pb.go b/api/keto/acl/v1alpha1/acl.pb.go index c1b02aa4c..dea2233f7 100644 --- a/api/keto/acl/v1alpha1/acl.pb.go +++ b/api/keto/acl/v1alpha1/acl.pb.go @@ -34,16 +34,17 @@ type RelationTuple struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields + // The namespace this relation tuple lives in. + Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` // The object related by this tuple. - Object *Object `protobuf:"bytes,1,opt,name=object,proto3" json:"object,omitempty"` + // It is naturally in the namespace of the tuple. + Object string `protobuf:"bytes,2,opt,name=object,proto3" json:"object,omitempty"` // The relation between an Object and a Subject. - Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` + Relation string `protobuf:"bytes,3,opt,name=relation,proto3" json:"relation,omitempty"` // The subject related by this tuple. // A Subject either represents a concrete subject id or // a SubjectSet that expands to more Subjects. - Subject *Subject `protobuf:"bytes,3,opt,name=subject,proto3" json:"subject,omitempty"` - // Used to perform a consistent read-modify-write (lock). - Etag string `protobuf:"bytes,4,opt,name=etag,proto3" json:"etag,omitempty"` + Subject *Subject `protobuf:"bytes,4,opt,name=subject,proto3" json:"subject,omitempty"` } func (x *RelationTuple) Reset() { @@ -78,11 +79,18 @@ func (*RelationTuple) Descriptor() ([]byte, []int) { return file_keto_acl_v1alpha1_acl_proto_rawDescGZIP(), []int{0} } -func (x *RelationTuple) GetObject() *Object { +func (x *RelationTuple) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + +func (x *RelationTuple) GetObject() string { if x != nil { return x.Object } - return nil + return "" } func (x *RelationTuple) GetRelation() string { @@ -99,13 +107,6 @@ func (x *RelationTuple) GetSubject() *Subject { return nil } -func (x *RelationTuple) GetEtag() string { - if x != nil { - return x.Etag - } - return "" -} - // Object represents a "resource/digital object" in a namespace. // A RelationTuple relates a Subject to an Object. type Object struct { @@ -255,16 +256,19 @@ func (*Subject_Set) isSubject_Ref() {} // SubjectSet refers to all subjects which have // the same `relation` to an `object`. -// Also used for inheritance. +// It is also used for inheritance. type SubjectSet struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields + // The namespace of the object and relation + // referenced in this subject set. + Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` // The object selected by the subjects. - Object *Object `protobuf:"bytes,1,opt,name=object,proto3" json:"object,omitempty"` + Object string `protobuf:"bytes,2,opt,name=object,proto3" json:"object,omitempty"` // The relation to the object by the subjects. - Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` + Relation string `protobuf:"bytes,3,opt,name=relation,proto3" json:"relation,omitempty"` } func (x *SubjectSet) Reset() { @@ -299,11 +303,18 @@ func (*SubjectSet) Descriptor() ([]byte, []int) { return file_keto_acl_v1alpha1_acl_proto_rawDescGZIP(), []int{3} } -func (x *SubjectSet) GetObject() *Object { +func (x *SubjectSet) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + +func (x *SubjectSet) GetObject() string { if x != nil { return x.Object } - return nil + return "" } func (x *SubjectSet) GetRelation() string { @@ -319,41 +330,40 @@ var file_keto_acl_v1alpha1_acl_proto_rawDesc = []byte{ 0x0a, 0x1b, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x61, 0x63, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x11, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, - 0x22, 0xa8, 0x01, 0x0a, 0x0d, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, - 0x6c, 0x65, 0x12, 0x31, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, - 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x12, 0x34, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x07, - 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x65, 0x74, 0x61, 0x67, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x65, 0x74, 0x61, 0x67, 0x22, 0x36, 0x0a, 0x06, 0x4f, - 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, - 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, - 0x61, 0x63, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x02, 0x69, 0x64, 0x22, 0x55, 0x0a, 0x07, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x10, - 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x02, 0x69, 0x64, - 0x12, 0x31, 0x0a, 0x03, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, - 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x48, 0x00, 0x52, 0x03, - 0x73, 0x65, 0x74, 0x42, 0x05, 0x0a, 0x03, 0x72, 0x65, 0x66, 0x22, 0x5b, 0x0a, 0x0a, 0x53, 0x75, - 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x12, 0x31, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, - 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, - 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4f, 0x62, 0x6a, - 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, - 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, - 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x85, 0x01, 0x0a, 0x18, 0x73, 0x68, 0x2e, 0x6f, - 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x31, 0x42, 0x08, 0x41, 0x63, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, - 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, - 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, - 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, - 0x02, 0x15, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, - 0x31, 0x41, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, - 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, - 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x22, 0x97, 0x01, 0x0a, 0x0d, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, + 0x6c, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, + 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x34, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, + 0x74, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x22, 0x36, 0x0a, 0x06, 0x4f, 0x62, + 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, + 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, + 0x63, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, + 0x69, 0x64, 0x22, 0x55, 0x0a, 0x07, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x10, 0x0a, + 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x02, 0x69, 0x64, 0x12, + 0x31, 0x0a, 0x03, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x6b, + 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, + 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x48, 0x00, 0x52, 0x03, 0x73, + 0x65, 0x74, 0x42, 0x05, 0x0a, 0x03, 0x72, 0x65, 0x66, 0x22, 0x5e, 0x0a, 0x0a, 0x53, 0x75, 0x62, + 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, + 0x70, 0x61, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, + 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, + 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x85, 0x01, 0x0a, 0x18, 0x73, 0x68, + 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x08, 0x41, 0x63, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, + 0x50, 0x01, 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, + 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, + 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x61, 0x63, + 0x6c, 0xaa, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, + 0x2e, 0x56, 0x31, 0x41, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, + 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -376,15 +386,13 @@ var file_keto_acl_v1alpha1_acl_proto_goTypes = []interface{}{ (*SubjectSet)(nil), // 3: keto.acl.v1alpha1.SubjectSet } var file_keto_acl_v1alpha1_acl_proto_depIdxs = []int32{ - 1, // 0: keto.acl.v1alpha1.RelationTuple.object:type_name -> keto.acl.v1alpha1.Object - 2, // 1: keto.acl.v1alpha1.RelationTuple.subject:type_name -> keto.acl.v1alpha1.Subject - 3, // 2: keto.acl.v1alpha1.Subject.set:type_name -> keto.acl.v1alpha1.SubjectSet - 1, // 3: keto.acl.v1alpha1.SubjectSet.object:type_name -> keto.acl.v1alpha1.Object - 4, // [4:4] is the sub-list for method output_type - 4, // [4:4] is the sub-list for method input_type - 4, // [4:4] is the sub-list for extension type_name - 4, // [4:4] is the sub-list for extension extendee - 0, // [0:4] is the sub-list for field type_name + 2, // 0: keto.acl.v1alpha1.RelationTuple.subject:type_name -> keto.acl.v1alpha1.Subject + 3, // 1: keto.acl.v1alpha1.Subject.set:type_name -> keto.acl.v1alpha1.SubjectSet + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name } func init() { file_keto_acl_v1alpha1_acl_proto_init() } diff --git a/api/keto/acl/v1alpha1/acl.proto b/api/keto/acl/v1alpha1/acl.proto index d51884b21..d7355527a 100644 --- a/api/keto/acl/v1alpha1/acl.proto +++ b/api/keto/acl/v1alpha1/acl.proto @@ -15,16 +15,17 @@ option php_namespace = "Ory\\Keto\\Acl\\V1alpha1"; // While a tuple reflects a relationship between Object // and Subject, they do not completely define the effective ACLs. message RelationTuple { + // The namespace this relation tuple lives in. + string namespace = 1; // The object related by this tuple. - Object object = 1; + // It is naturally in the namespace of the tuple. + string object = 2; // The relation between an Object and a Subject. - string relation = 2; + string relation = 3; // The subject related by this tuple. // A Subject either represents a concrete subject id or // a SubjectSet that expands to more Subjects. - Subject subject = 3; - // Used to perform a consistent read-modify-write (lock). - string etag = 4; + Subject subject = 4; } // Object represents a "resource/digital object" in a namespace. @@ -52,10 +53,13 @@ message Subject { // SubjectSet refers to all subjects which have // the same `relation` to an `object`. -// Also used for inheritance. +// It is also used for inheritance. message SubjectSet { + // The namespace of the object and relation + // referenced in this subject set. + string namespace = 1; // The object selected by the subjects. - Object object = 1; + string object = 2; // The relation to the object by the subjects. - string relation = 2; + string relation = 3; } diff --git a/api/keto/acl/v1alpha1/check_service.pb.go b/api/keto/acl/v1alpha1/check_service.pb.go index 39f6f101c..07623835d 100644 --- a/api/keto/acl/v1alpha1/check_service.pb.go +++ b/api/keto/acl/v1alpha1/check_service.pb.go @@ -32,12 +32,19 @@ type CheckRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields + // The namespace to evaluate the check. + // + // Note: If you use the expand API and the check + // evaluates a RelationTuple specifying a SubjectSet as + // subject or due to a rewrite rule in a namespace config + // this check request may involve other namespaces automatically. + Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` // The related object in this check. - Object *Object `protobuf:"bytes,1,opt,name=object,proto3" json:"object,omitempty"` + Object string `protobuf:"bytes,2,opt,name=object,proto3" json:"object,omitempty"` // The relation between the Object and the Subject. - Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` + Relation string `protobuf:"bytes,3,opt,name=relation,proto3" json:"relation,omitempty"` // The related subject to check against. - Subject *Subject `protobuf:"bytes,3,opt,name=subject,proto3" json:"subject,omitempty"` + Subject *Subject `protobuf:"bytes,4,opt,name=subject,proto3" json:"subject,omitempty"` // Set this field to `true` in case your application // needs to authorize depending on up to date ACLs, // also called a "content-change check". @@ -54,7 +61,7 @@ type CheckRequest struct { // and it is unacceptable that if the permission to do that had // just been revoked some seconds ago so that the change had not // yet been fully replicated to all availability zones. - Latest bool `protobuf:"varint,4,opt,name=latest,proto3" json:"latest,omitempty"` + Latest bool `protobuf:"varint,5,opt,name=latest,proto3" json:"latest,omitempty"` // Optional. Like reads, a check is always evaluated at a // consistent snapshot no earlier than the given snaptoken. // @@ -68,7 +75,7 @@ type CheckRequest struct { // If not specified the server tries to evaluate the check // on the best snapshot version where it is very likely that // ACLs had already been replicated to all availability zones. - Snaptoken []byte `protobuf:"bytes,5,opt,name=snaptoken,proto3" json:"snaptoken,omitempty"` + Snaptoken string `protobuf:"bytes,6,opt,name=snaptoken,proto3" json:"snaptoken,omitempty"` } func (x *CheckRequest) Reset() { @@ -103,11 +110,18 @@ func (*CheckRequest) Descriptor() ([]byte, []int) { return file_keto_acl_v1alpha1_check_service_proto_rawDescGZIP(), []int{0} } -func (x *CheckRequest) GetObject() *Object { +func (x *CheckRequest) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + +func (x *CheckRequest) GetObject() string { if x != nil { return x.Object } - return nil + return "" } func (x *CheckRequest) GetRelation() string { @@ -131,11 +145,11 @@ func (x *CheckRequest) GetLatest() bool { return false } -func (x *CheckRequest) GetSnaptoken() []byte { +func (x *CheckRequest) GetSnaptoken() string { if x != nil { return x.Snaptoken } - return nil + return "" } // The response for a CheckService.Check rpc. @@ -157,9 +171,9 @@ type CheckResponse struct { // This field is not set if the request had specified a snaptoken! // // If set, clients should cache and use this token - // for subsequent requests to have minimal latency, + // for subsequent requests to have minimal latency, // but allow slightly stale responses (only some milliseconds or seconds). - Snaptoken []byte `protobuf:"bytes,2,opt,name=snaptoken,proto3" json:"snaptoken,omitempty"` + Snaptoken string `protobuf:"bytes,2,opt,name=snaptoken,proto3" json:"snaptoken,omitempty"` } func (x *CheckResponse) Reset() { @@ -201,11 +215,11 @@ func (x *CheckResponse) GetAllowed() bool { return false } -func (x *CheckResponse) GetSnaptoken() []byte { +func (x *CheckResponse) GetSnaptoken() string { if x != nil { return x.Snaptoken } - return nil + return "" } var File_keto_acl_v1alpha1_check_service_proto protoreflect.FileDescriptor @@ -216,40 +230,40 @@ var file_keto_acl_v1alpha1_check_service_proto_rawDesc = []byte{ 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x11, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x1b, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x61, 0x63, - 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc9, 0x01, 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, - 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x31, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, - 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, - 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4f, 0x62, 0x6a, - 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, - 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, - 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x34, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, - 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, - 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x75, 0x62, - 0x6a, 0x65, 0x63, 0x74, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x16, 0x0a, - 0x06, 0x6c, 0x61, 0x74, 0x65, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x6c, - 0x61, 0x74, 0x65, 0x73, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, - 0x65, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, - 0x6b, 0x65, 0x6e, 0x22, 0x47, 0x0a, 0x0d, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x12, 0x1c, - 0x0a, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x32, 0x5a, 0x0a, 0x0c, - 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x4a, 0x0a, 0x05, - 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x1f, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, - 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, - 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x8e, 0x01, 0x0a, 0x18, 0x73, 0x68, 0x2e, - 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x11, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, - 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, - 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x2e, - 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0x41, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, - 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, + 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xcc, 0x01, 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, + 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, + 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, + 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, + 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x34, 0x0a, 0x07, 0x73, 0x75, + 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, + 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, + 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, + 0x12, 0x16, 0x0a, 0x06, 0x6c, 0x61, 0x74, 0x65, 0x73, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x06, 0x6c, 0x61, 0x74, 0x65, 0x73, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x6e, 0x61, 0x70, + 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x6e, 0x61, + 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x47, 0x0a, 0x0d, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, + 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, + 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x32, + 0x5a, 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, + 0x4a, 0x0a, 0x05, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x1f, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, + 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x68, 0x65, + 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x6b, 0x65, 0x74, 0x6f, + 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x68, + 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x8e, 0x01, 0x0a, 0x18, + 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x11, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2d, 0x67, + 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, + 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x15, 0x4f, + 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0x41, 0x6c, + 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, + 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -268,19 +282,17 @@ var file_keto_acl_v1alpha1_check_service_proto_msgTypes = make([]protoimpl.Messa var file_keto_acl_v1alpha1_check_service_proto_goTypes = []interface{}{ (*CheckRequest)(nil), // 0: keto.acl.v1alpha1.CheckRequest (*CheckResponse)(nil), // 1: keto.acl.v1alpha1.CheckResponse - (*Object)(nil), // 2: keto.acl.v1alpha1.Object - (*Subject)(nil), // 3: keto.acl.v1alpha1.Subject + (*Subject)(nil), // 2: keto.acl.v1alpha1.Subject } var file_keto_acl_v1alpha1_check_service_proto_depIdxs = []int32{ - 2, // 0: keto.acl.v1alpha1.CheckRequest.object:type_name -> keto.acl.v1alpha1.Object - 3, // 1: keto.acl.v1alpha1.CheckRequest.subject:type_name -> keto.acl.v1alpha1.Subject - 0, // 2: keto.acl.v1alpha1.CheckService.Check:input_type -> keto.acl.v1alpha1.CheckRequest - 1, // 3: keto.acl.v1alpha1.CheckService.Check:output_type -> keto.acl.v1alpha1.CheckResponse - 3, // [3:4] is the sub-list for method output_type - 2, // [2:3] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name + 2, // 0: keto.acl.v1alpha1.CheckRequest.subject:type_name -> keto.acl.v1alpha1.Subject + 0, // 1: keto.acl.v1alpha1.CheckService.Check:input_type -> keto.acl.v1alpha1.CheckRequest + 1, // 2: keto.acl.v1alpha1.CheckService.Check:output_type -> keto.acl.v1alpha1.CheckResponse + 2, // [2:3] is the sub-list for method output_type + 1, // [1:2] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name } func init() { file_keto_acl_v1alpha1_check_service_proto_init() } diff --git a/api/keto/acl/v1alpha1/check_service.proto b/api/keto/acl/v1alpha1/check_service.proto index 2b19cc2e9..d4d0b094b 100644 --- a/api/keto/acl/v1alpha1/check_service.proto +++ b/api/keto/acl/v1alpha1/check_service.proto @@ -21,12 +21,19 @@ service CheckService { // The request for a CheckService.Check rpc. // Checks whether a specific subject is related to an object. message CheckRequest { + // The namespace to evaluate the check. + // + // Note: If you use the expand API and the check + // evaluates a RelationTuple specifying a SubjectSet as + // subject or due to a rewrite rule in a namespace config + // this check request may involve other namespaces automatically. + string namespace = 1; // The related object in this check. - Object object = 1; + string object = 2; // The relation between the Object and the Subject. - string relation = 2; + string relation = 3; // The related subject to check against. - Subject subject = 3; + Subject subject = 4; // Set this field to `true` in case your application // needs to authorize depending on up to date ACLs, // also called a "content-change check". @@ -43,7 +50,7 @@ message CheckRequest { // and it is unacceptable that if the permission to do that had // just been revoked some seconds ago so that the change had not // yet been fully replicated to all availability zones. - bool latest = 4; + bool latest = 5; // Optional. Like reads, a check is always evaluated at a // consistent snapshot no earlier than the given snaptoken. // @@ -57,7 +64,7 @@ message CheckRequest { // If not specified the server tries to evaluate the check // on the best snapshot version where it is very likely that // ACLs had already been replicated to all availability zones. - bytes snaptoken = 5; + string snaptoken = 6; } // The response for a CheckService.Check rpc. @@ -75,7 +82,7 @@ message CheckResponse { // This field is not set if the request had specified a snaptoken! // // If set, clients should cache and use this token - // for subsequent requests to have minimal latency, + // for subsequent requests to have minimal latency, // but allow slightly stale responses (only some milliseconds or seconds). - bytes snaptoken = 2; + string snaptoken = 2; } \ No newline at end of file diff --git a/api/keto/acl/v1alpha1/read_service.pb.go b/api/keto/acl/v1alpha1/read_service.pb.go index c12bccb42..24c71d21e 100644 --- a/api/keto/acl/v1alpha1/read_service.pb.go +++ b/api/keto/acl/v1alpha1/read_service.pb.go @@ -35,7 +35,9 @@ type ListRelationTuplesRequest struct { // All field constraints are concatenated // with a logical AND operator. - // An unspecified field specifies a `*` wildcard match. + // + // The RelationTuple list from ListRelationTuplesResponse + // is ordered from the newest RelationTuple to the oldest. Query *ListRelationTuplesRequest_Query `protobuf:"bytes,1,opt,name=query,proto3" json:"query,omitempty"` // Optional. The list of fields to be expanded // in the RelationTuple list returned in `ListRelationTuplesResponse`. @@ -203,13 +205,14 @@ type ListRelationTuplesRequest_Query struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // The `namespace` field in the Object is required. - // The Object's `id` field is optional. - Object *Object `protobuf:"bytes,1,opt,name=object,proto3" json:"object,omitempty"` + // Required. The namespace to query. + Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` + // Optional. + Object string `protobuf:"bytes,2,opt,name=object,proto3" json:"object,omitempty"` // Optional. - Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` + Relation string `protobuf:"bytes,3,opt,name=relation,proto3" json:"relation,omitempty"` // Optional. - Subject *Subject `protobuf:"bytes,3,opt,name=subject,proto3" json:"subject,omitempty"` + Subject *Subject `protobuf:"bytes,4,opt,name=subject,proto3" json:"subject,omitempty"` } func (x *ListRelationTuplesRequest_Query) Reset() { @@ -244,11 +247,18 @@ func (*ListRelationTuplesRequest_Query) Descriptor() ([]byte, []int) { return file_keto_acl_v1alpha1_read_service_proto_rawDescGZIP(), []int{0, 0} } -func (x *ListRelationTuplesRequest_Query) GetObject() *Object { +func (x *ListRelationTuplesRequest_Query) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + +func (x *ListRelationTuplesRequest_Query) GetObject() string { if x != nil { return x.Object } - return nil + return "" } func (x *ListRelationTuplesRequest_Query) GetRelation() string { @@ -275,7 +285,7 @@ var file_keto_acl_v1alpha1_read_service_proto_rawDesc = []byte{ 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x61, 0x63, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x6d, 0x61, - 0x73, 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x8b, 0x03, 0x0a, 0x19, 0x4c, 0x69, 0x73, + 0x73, 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x8e, 0x03, 0x0a, 0x19, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x48, 0x0a, 0x05, 0x71, 0x75, 0x65, 0x72, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, @@ -291,43 +301,43 @@ var file_keto_acl_v1alpha1_read_service_proto_rawDesc = []byte{ 0x61, 0x67, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x70, 0x61, 0x67, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, - 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x1a, 0x8c, 0x01, 0x0a, 0x05, 0x51, 0x75, 0x65, 0x72, - 0x79, 0x12, 0x31, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x19, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, - 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x12, 0x34, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x07, 0x73, - 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x22, 0x8f, 0x01, 0x0a, 0x1a, 0x4c, 0x69, 0x73, 0x74, 0x52, - 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x49, 0x0a, 0x0f, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, - 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x31, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, - 0x52, 0x0e, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, - 0x12, 0x26, 0x0a, 0x0f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, - 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6e, 0x65, 0x78, 0x74, 0x50, - 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x32, 0x80, 0x01, 0x0a, 0x0b, 0x52, 0x65, 0x61, - 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x71, 0x0a, 0x12, 0x4c, 0x69, 0x73, 0x74, - 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, 0x2c, - 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, - 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2d, 0x2e, 0x6b, - 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, - 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, - 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x8d, 0x01, 0x0a, 0x18, - 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x10, 0x52, 0x65, 0x61, 0x64, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2d, 0x67, 0x69, - 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, - 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x15, 0x4f, 0x72, - 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0x41, 0x6c, 0x70, - 0x68, 0x61, 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, - 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, + 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x1a, 0x8f, 0x01, 0x0a, 0x05, 0x51, 0x75, 0x65, 0x72, + 0x79, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, + 0x16, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x12, 0x34, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, + 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x22, 0x8f, 0x01, 0x0a, 0x1a, 0x4c, 0x69, + 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x49, 0x0a, 0x0f, 0x72, 0x65, 0x6c, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x20, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, + 0x70, 0x6c, 0x65, 0x52, 0x0e, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, + 0x6c, 0x65, 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x70, 0x61, 0x67, 0x65, + 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6e, 0x65, + 0x78, 0x74, 0x50, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x32, 0x80, 0x01, 0x0a, 0x0b, + 0x52, 0x65, 0x61, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x71, 0x0a, 0x12, 0x4c, + 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, + 0x73, 0x12, 0x2c, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x2d, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x8d, + 0x01, 0x0a, 0x18, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, + 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x10, 0x52, 0x65, 0x61, + 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, + 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, + 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, + 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, + 0x15, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, + 0x41, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, + 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -349,22 +359,20 @@ var file_keto_acl_v1alpha1_read_service_proto_goTypes = []interface{}{ (*ListRelationTuplesRequest_Query)(nil), // 2: keto.acl.v1alpha1.ListRelationTuplesRequest.Query (*field_mask.FieldMask)(nil), // 3: google.protobuf.FieldMask (*RelationTuple)(nil), // 4: keto.acl.v1alpha1.RelationTuple - (*Object)(nil), // 5: keto.acl.v1alpha1.Object - (*Subject)(nil), // 6: keto.acl.v1alpha1.Subject + (*Subject)(nil), // 5: keto.acl.v1alpha1.Subject } var file_keto_acl_v1alpha1_read_service_proto_depIdxs = []int32{ 2, // 0: keto.acl.v1alpha1.ListRelationTuplesRequest.query:type_name -> keto.acl.v1alpha1.ListRelationTuplesRequest.Query 3, // 1: keto.acl.v1alpha1.ListRelationTuplesRequest.expand_mask:type_name -> google.protobuf.FieldMask 4, // 2: keto.acl.v1alpha1.ListRelationTuplesResponse.relation_tuples:type_name -> keto.acl.v1alpha1.RelationTuple - 5, // 3: keto.acl.v1alpha1.ListRelationTuplesRequest.Query.object:type_name -> keto.acl.v1alpha1.Object - 6, // 4: keto.acl.v1alpha1.ListRelationTuplesRequest.Query.subject:type_name -> keto.acl.v1alpha1.Subject - 0, // 5: keto.acl.v1alpha1.ReadService.ListRelationTuples:input_type -> keto.acl.v1alpha1.ListRelationTuplesRequest - 1, // 6: keto.acl.v1alpha1.ReadService.ListRelationTuples:output_type -> keto.acl.v1alpha1.ListRelationTuplesResponse - 6, // [6:7] is the sub-list for method output_type - 5, // [5:6] is the sub-list for method input_type - 5, // [5:5] is the sub-list for extension type_name - 5, // [5:5] is the sub-list for extension extendee - 0, // [0:5] is the sub-list for field type_name + 5, // 3: keto.acl.v1alpha1.ListRelationTuplesRequest.Query.subject:type_name -> keto.acl.v1alpha1.Subject + 0, // 4: keto.acl.v1alpha1.ReadService.ListRelationTuples:input_type -> keto.acl.v1alpha1.ListRelationTuplesRequest + 1, // 5: keto.acl.v1alpha1.ReadService.ListRelationTuples:output_type -> keto.acl.v1alpha1.ListRelationTuplesResponse + 5, // [5:6] is the sub-list for method output_type + 4, // [4:5] is the sub-list for method input_type + 4, // [4:4] is the sub-list for extension type_name + 4, // [4:4] is the sub-list for extension extendee + 0, // [0:4] is the sub-list for field type_name } func init() { file_keto_acl_v1alpha1_read_service_proto_init() } diff --git a/api/keto/acl/v1alpha1/read_service.proto b/api/keto/acl/v1alpha1/read_service.proto index 7301757bf..191e8855b 100644 --- a/api/keto/acl/v1alpha1/read_service.proto +++ b/api/keto/acl/v1alpha1/read_service.proto @@ -33,17 +33,20 @@ message ListRelationTuplesRequest { // - object & relation & subject: check whether the relation tuple already exists, before writing it // message Query { - // The `namespace` field in the Object is required. - // The Object's `id` field is optional. - Object object = 1; + // Required. The namespace to query. + string namespace = 1; // Optional. - string relation = 2; + string object = 2; // Optional. - Subject subject = 3; + string relation = 3; + // Optional. + Subject subject = 4; } // All field constraints are concatenated // with a logical AND operator. - // An unspecified field specifies a `*` wildcard match. + // + // The RelationTuple list from ListRelationTuplesResponse + // is ordered from the newest RelationTuple to the oldest. Query query = 1; // Optional. The list of fields to be expanded // in the RelationTuple list returned in `ListRelationTuplesResponse`. From 456adfd5b44d9fcdf387295b47519c3a6cdd7f1a Mon Sep 17 00:00:00 2001 From: Robin Date: Thu, 19 Nov 2020 17:51:08 +0100 Subject: [PATCH 17/21] INSERT & DELETE actions only --- api/keto/acl/v1alpha1/write_service.pb.go | 81 +++++++++-------------- api/keto/acl/v1alpha1/write_service.proto | 22 ++---- 2 files changed, 36 insertions(+), 67 deletions(-) diff --git a/api/keto/acl/v1alpha1/write_service.pb.go b/api/keto/acl/v1alpha1/write_service.pb.go index 73c41c1b6..15f846d86 100644 --- a/api/keto/acl/v1alpha1/write_service.pb.go +++ b/api/keto/acl/v1alpha1/write_service.pb.go @@ -32,23 +32,11 @@ const ( // The `WriteRelationTuples` rpc ignores this // RelationTupleWriteDelta if an action was unspecified. RelationTupleWriteDelta_ACTION_UNSPECIFIED RelationTupleWriteDelta_Action = 0 - // Like INSERT with the exception that if the RelationTuple - // already exists performs an UPDATE instead. - RelationTupleWriteDelta_UPSERT RelationTupleWriteDelta_Action = 1 // Insertion of a new RelationTuple. - // - // The `WriteRelationTuples` rpc errors if the - // specified RelationTuple already exists. - RelationTupleWriteDelta_INSERT RelationTupleWriteDelta_Action = 2 - // Update of the existing RelationTuple with - // the intend to refresh its snapshot token. - // - // The `WriteRelationTuples` rpc errors if the - // specified RelationTuple was not found. - RelationTupleWriteDelta_UPDATE RelationTupleWriteDelta_Action = 3 + // It is ignored if already existing. + RelationTupleWriteDelta_INSERT RelationTupleWriteDelta_Action = 1 // Deletion of the RelationTuple. - // The `WriteRelationTuples` rpc returns NO error - // if the specified RelationTuple was not found. + // It is ignored if it does not exist. RelationTupleWriteDelta_DELETE RelationTupleWriteDelta_Action = 4 ) @@ -56,16 +44,12 @@ const ( var ( RelationTupleWriteDelta_Action_name = map[int32]string{ 0: "ACTION_UNSPECIFIED", - 1: "UPSERT", - 2: "INSERT", - 3: "UPDATE", + 1: "INSERT", 4: "DELETE", } RelationTupleWriteDelta_Action_value = map[string]int32{ "ACTION_UNSPECIFIED": 0, - "UPSERT": 1, - "INSERT": 2, - "UPDATE": 3, + "INSERT": 1, "DELETE": 4, } ) @@ -212,7 +196,7 @@ type WriteRelationTuplesResponse struct { // // The snaptoken is nil at the same index // if the RelationTupleWriteDelta_Action was DELETE. - Snaptokens [][]byte `protobuf:"bytes,1,rep,name=snaptokens,proto3" json:"snaptokens,omitempty"` + Snaptokens []string `protobuf:"bytes,1,rep,name=snaptokens,proto3" json:"snaptokens,omitempty"` } func (x *WriteRelationTuplesResponse) Reset() { @@ -247,7 +231,7 @@ func (*WriteRelationTuplesResponse) Descriptor() ([]byte, []int) { return file_keto_acl_v1alpha1_write_service_proto_rawDescGZIP(), []int{2} } -func (x *WriteRelationTuplesResponse) GetSnaptokens() [][]byte { +func (x *WriteRelationTuplesResponse) GetSnaptokens() []string { if x != nil { return x.Snaptokens } @@ -270,40 +254,39 @@ var file_keto_acl_v1alpha1_write_service_proto_rawDesc = []byte{ 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x57, 0x72, 0x69, 0x74, 0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x52, 0x13, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x44, - 0x65, 0x6c, 0x74, 0x61, 0x73, 0x22, 0xb4, 0x01, 0x0a, 0x17, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, + 0x65, 0x6c, 0x74, 0x61, 0x73, 0x22, 0x9c, 0x01, 0x0a, 0x17, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x57, 0x72, 0x69, 0x74, 0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x12, 0x47, 0x0a, 0x0e, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x52, 0x0d, 0x72, 0x65, 0x6c, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x22, 0x50, 0x0a, 0x06, 0x41, 0x63, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x22, 0x38, 0x0a, 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, - 0x55, 0x50, 0x53, 0x45, 0x52, 0x54, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x49, 0x4e, 0x53, 0x45, - 0x52, 0x54, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x10, 0x03, - 0x12, 0x0a, 0x0a, 0x06, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x04, 0x22, 0x3d, 0x0a, 0x1b, - 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, - 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x73, - 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0c, 0x52, - 0x0a, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x32, 0x84, 0x01, 0x0a, 0x0c, - 0x57, 0x72, 0x69, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x74, 0x0a, 0x13, + 0x49, 0x4e, 0x53, 0x45, 0x52, 0x54, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x44, 0x45, 0x4c, 0x45, + 0x54, 0x45, 0x10, 0x04, 0x22, 0x3d, 0x0a, 0x1b, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, + 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, + 0x65, 0x6e, 0x73, 0x32, 0x84, 0x01, 0x0a, 0x0c, 0x57, 0x72, 0x69, 0x74, 0x65, 0x53, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x12, 0x74, 0x0a, 0x13, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, 0x2d, 0x2e, 0x6b, 0x65, + 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, - 0x6c, 0x65, 0x73, 0x12, 0x2d, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x2e, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x42, 0x8e, 0x01, 0x0a, 0x18, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, - 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, - 0x11, 0x57, 0x61, 0x74, 0x63, 0x68, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, - 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, - 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, - 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, - 0x63, 0x6c, 0x2e, 0x56, 0x31, 0x41, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, - 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2e, 0x2e, 0x6b, 0x65, 0x74, + 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x57, + 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, + 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x8e, 0x01, 0x0a, 0x18, 0x73, + 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x11, 0x57, 0x61, 0x74, 0x63, 0x68, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2d, 0x67, 0x69, + 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, + 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x15, 0x4f, 0x72, + 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0x41, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, + 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x33, } var ( diff --git a/api/keto/acl/v1alpha1/write_service.proto b/api/keto/acl/v1alpha1/write_service.proto index d4d9c8c75..b12e5a508 100644 --- a/api/keto/acl/v1alpha1/write_service.proto +++ b/api/keto/acl/v1alpha1/write_service.proto @@ -36,26 +36,12 @@ message RelationTupleWriteDelta { // RelationTupleWriteDelta if an action was unspecified. ACTION_UNSPECIFIED = 0; - // Like INSERT with the exception that if the RelationTuple - // already exists performs an UPDATE instead. - UPSERT = 1; - // Insertion of a new RelationTuple. - // - // The `WriteRelationTuples` rpc errors if the - // specified RelationTuple already exists. - INSERT = 2; - - // Update of the existing RelationTuple with - // the intend to refresh its snapshot token. - // - // The `WriteRelationTuples` rpc errors if the - // specified RelationTuple was not found. - UPDATE = 3; + // It is ignored if already existing. + INSERT = 1; // Deletion of the RelationTuple. - // The `WriteRelationTuples` rpc returns NO error - // if the specified RelationTuple was not found. + // It is ignored if it does not exist. DELETE = 4; } // The target RelationTuple. @@ -70,5 +56,5 @@ message WriteRelationTuplesResponse { // // The snaptoken is nil at the same index // if the RelationTupleWriteDelta_Action was DELETE. - repeated bytes snaptokens = 1; + repeated string snaptokens = 1; } \ No newline at end of file From db1c755c4244697e52e3b5e5fc01659a3972579c Mon Sep 17 00:00:00 2001 From: Robin Date: Thu, 19 Nov 2020 17:58:58 +0100 Subject: [PATCH 18/21] fix snaptoken type --- api/keto/acl/v1alpha1/read_service.proto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/keto/acl/v1alpha1/read_service.proto b/api/keto/acl/v1alpha1/read_service.proto index 191e8855b..938dd2f07 100644 --- a/api/keto/acl/v1alpha1/read_service.proto +++ b/api/keto/acl/v1alpha1/read_service.proto @@ -58,7 +58,7 @@ message ListRelationTuplesRequest { // "subject.id", "subject.set" google.protobuf.FieldMask expand_mask = 2; // Optional. The snapshot token for this read. - bytes snaptoken = 3; + string snaptoken = 3; // Optional. The maximum number of // RelationTuples to return in the response. int32 page_size = 4; From e7440c9bb5e8181482a723343f135a539e50a604 Mon Sep 17 00:00:00 2001 From: Robin Date: Thu, 19 Nov 2020 18:01:12 +0100 Subject: [PATCH 19/21] regenerate proto --- api/keto/acl/v1alpha1/read_service.pb.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/api/keto/acl/v1alpha1/read_service.pb.go b/api/keto/acl/v1alpha1/read_service.pb.go index 24c71d21e..45e21e0cc 100644 --- a/api/keto/acl/v1alpha1/read_service.pb.go +++ b/api/keto/acl/v1alpha1/read_service.pb.go @@ -49,7 +49,7 @@ type ListRelationTuplesRequest struct { // "subject.id", "subject.set" ExpandMask *field_mask.FieldMask `protobuf:"bytes,2,opt,name=expand_mask,json=expandMask,proto3" json:"expand_mask,omitempty"` // Optional. The snapshot token for this read. - Snaptoken []byte `protobuf:"bytes,3,opt,name=snaptoken,proto3" json:"snaptoken,omitempty"` + Snaptoken string `protobuf:"bytes,3,opt,name=snaptoken,proto3" json:"snaptoken,omitempty"` // Optional. The maximum number of // RelationTuples to return in the response. PageSize int32 `protobuf:"varint,4,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"` @@ -105,11 +105,11 @@ func (x *ListRelationTuplesRequest) GetExpandMask() *field_mask.FieldMask { return nil } -func (x *ListRelationTuplesRequest) GetSnaptoken() []byte { +func (x *ListRelationTuplesRequest) GetSnaptoken() string { if x != nil { return x.Snaptoken } - return nil + return "" } func (x *ListRelationTuplesRequest) GetPageSize() int32 { @@ -296,7 +296,7 @@ var file_keto_acl_v1alpha1_read_service_proto_rawDesc = []byte{ 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4d, 0x61, 0x73, 0x6b, 0x52, 0x0a, 0x65, 0x78, 0x70, 0x61, 0x6e, 0x64, 0x4d, 0x61, 0x73, 0x6b, 0x12, 0x1c, 0x0a, - 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, + 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x70, 0x61, 0x67, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, From 4219c6a07b17f33f76e5b5edec2fe8f21754671d Mon Sep 17 00:00:00 2001 From: Robin Date: Thu, 19 Nov 2020 18:04:58 +0100 Subject: [PATCH 20/21] remove Object message --- api/keto/acl/v1alpha1/acl.pb.go | 148 ++++++++------------------------ api/keto/acl/v1alpha1/acl.proto | 10 --- 2 files changed, 36 insertions(+), 122 deletions(-) diff --git a/api/keto/acl/v1alpha1/acl.pb.go b/api/keto/acl/v1alpha1/acl.pb.go index dea2233f7..e4ffe1730 100644 --- a/api/keto/acl/v1alpha1/acl.pb.go +++ b/api/keto/acl/v1alpha1/acl.pb.go @@ -107,66 +107,6 @@ func (x *RelationTuple) GetSubject() *Subject { return nil } -// Object represents a "resource/digital object" in a namespace. -// A RelationTuple relates a Subject to an Object. -type Object struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The namespace of the object. - // This effectively is the namespace of the whole RelationTuple. - Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` - // The object id. - Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` -} - -func (x *Object) Reset() { - *x = Object{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Object) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Object) ProtoMessage() {} - -func (x *Object) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Object.ProtoReflect.Descriptor instead. -func (*Object) Descriptor() ([]byte, []int) { - return file_keto_acl_v1alpha1_acl_proto_rawDescGZIP(), []int{1} -} - -func (x *Object) GetNamespace() string { - if x != nil { - return x.Namespace - } - return "" -} - -func (x *Object) GetId() string { - if x != nil { - return x.Id - } - return "" -} - // Subject is either a concrete subject id or // a subject set expanding to more Subjects. type Subject struct { @@ -185,7 +125,7 @@ type Subject struct { func (x *Subject) Reset() { *x = Subject{} if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[2] + mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -198,7 +138,7 @@ func (x *Subject) String() string { func (*Subject) ProtoMessage() {} func (x *Subject) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[2] + mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[1] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -211,7 +151,7 @@ func (x *Subject) ProtoReflect() protoreflect.Message { // Deprecated: Use Subject.ProtoReflect.Descriptor instead. func (*Subject) Descriptor() ([]byte, []int) { - return file_keto_acl_v1alpha1_acl_proto_rawDescGZIP(), []int{2} + return file_keto_acl_v1alpha1_acl_proto_rawDescGZIP(), []int{1} } func (m *Subject) GetRef() isSubject_Ref { @@ -274,7 +214,7 @@ type SubjectSet struct { func (x *SubjectSet) Reset() { *x = SubjectSet{} if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[3] + mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -287,7 +227,7 @@ func (x *SubjectSet) String() string { func (*SubjectSet) ProtoMessage() {} func (x *SubjectSet) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[3] + mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -300,7 +240,7 @@ func (x *SubjectSet) ProtoReflect() protoreflect.Message { // Deprecated: Use SubjectSet.ProtoReflect.Descriptor instead. func (*SubjectSet) Descriptor() ([]byte, []int) { - return file_keto_acl_v1alpha1_acl_proto_rawDescGZIP(), []int{3} + return file_keto_acl_v1alpha1_acl_proto_rawDescGZIP(), []int{2} } func (x *SubjectSet) GetNamespace() string { @@ -339,31 +279,28 @@ var file_keto_acl_v1alpha1_acl_proto_rawDesc = []byte{ 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x34, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, - 0x74, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x22, 0x36, 0x0a, 0x06, 0x4f, 0x62, - 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, - 0x63, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, - 0x69, 0x64, 0x22, 0x55, 0x0a, 0x07, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x10, 0x0a, - 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x02, 0x69, 0x64, 0x12, - 0x31, 0x0a, 0x03, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x6b, - 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, - 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x48, 0x00, 0x52, 0x03, 0x73, - 0x65, 0x74, 0x42, 0x05, 0x0a, 0x03, 0x72, 0x65, 0x66, 0x22, 0x5e, 0x0a, 0x0a, 0x53, 0x75, 0x62, - 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, - 0x70, 0x61, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, - 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, - 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x85, 0x01, 0x0a, 0x18, 0x73, 0x68, - 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x08, 0x41, 0x63, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, - 0x50, 0x01, 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, - 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, - 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x61, 0x63, - 0x6c, 0xaa, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, - 0x2e, 0x56, 0x31, 0x41, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, - 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x74, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x22, 0x55, 0x0a, 0x07, 0x53, 0x75, + 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x10, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x48, 0x00, 0x52, 0x02, 0x69, 0x64, 0x12, 0x31, 0x0a, 0x03, 0x73, 0x65, 0x74, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, + 0x53, 0x65, 0x74, 0x48, 0x00, 0x52, 0x03, 0x73, 0x65, 0x74, 0x42, 0x05, 0x0a, 0x03, 0x72, 0x65, + 0x66, 0x22, 0x5e, 0x0a, 0x0a, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x12, + 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x16, 0x0a, + 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6f, + 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x42, 0x85, 0x01, 0x0a, 0x18, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, + 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x08, + 0x41, 0x63, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, + 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, + 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x2e, + 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0x41, 0x6c, 0x70, 0x68, 0x61, + 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, + 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, } var ( @@ -378,16 +315,15 @@ func file_keto_acl_v1alpha1_acl_proto_rawDescGZIP() []byte { return file_keto_acl_v1alpha1_acl_proto_rawDescData } -var file_keto_acl_v1alpha1_acl_proto_msgTypes = make([]protoimpl.MessageInfo, 4) +var file_keto_acl_v1alpha1_acl_proto_msgTypes = make([]protoimpl.MessageInfo, 3) var file_keto_acl_v1alpha1_acl_proto_goTypes = []interface{}{ (*RelationTuple)(nil), // 0: keto.acl.v1alpha1.RelationTuple - (*Object)(nil), // 1: keto.acl.v1alpha1.Object - (*Subject)(nil), // 2: keto.acl.v1alpha1.Subject - (*SubjectSet)(nil), // 3: keto.acl.v1alpha1.SubjectSet + (*Subject)(nil), // 1: keto.acl.v1alpha1.Subject + (*SubjectSet)(nil), // 2: keto.acl.v1alpha1.SubjectSet } var file_keto_acl_v1alpha1_acl_proto_depIdxs = []int32{ - 2, // 0: keto.acl.v1alpha1.RelationTuple.subject:type_name -> keto.acl.v1alpha1.Subject - 3, // 1: keto.acl.v1alpha1.Subject.set:type_name -> keto.acl.v1alpha1.SubjectSet + 1, // 0: keto.acl.v1alpha1.RelationTuple.subject:type_name -> keto.acl.v1alpha1.Subject + 2, // 1: keto.acl.v1alpha1.Subject.set:type_name -> keto.acl.v1alpha1.SubjectSet 2, // [2:2] is the sub-list for method output_type 2, // [2:2] is the sub-list for method input_type 2, // [2:2] is the sub-list for extension type_name @@ -414,18 +350,6 @@ func file_keto_acl_v1alpha1_acl_proto_init() { } } file_keto_acl_v1alpha1_acl_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Object); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keto_acl_v1alpha1_acl_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Subject); i { case 0: return &v.state @@ -437,7 +361,7 @@ func file_keto_acl_v1alpha1_acl_proto_init() { return nil } } - file_keto_acl_v1alpha1_acl_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + file_keto_acl_v1alpha1_acl_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*SubjectSet); i { case 0: return &v.state @@ -450,7 +374,7 @@ func file_keto_acl_v1alpha1_acl_proto_init() { } } } - file_keto_acl_v1alpha1_acl_proto_msgTypes[2].OneofWrappers = []interface{}{ + file_keto_acl_v1alpha1_acl_proto_msgTypes[1].OneofWrappers = []interface{}{ (*Subject_Id)(nil), (*Subject_Set)(nil), } @@ -460,7 +384,7 @@ func file_keto_acl_v1alpha1_acl_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_keto_acl_v1alpha1_acl_proto_rawDesc, NumEnums: 0, - NumMessages: 4, + NumMessages: 3, NumExtensions: 0, NumServices: 0, }, diff --git a/api/keto/acl/v1alpha1/acl.proto b/api/keto/acl/v1alpha1/acl.proto index d7355527a..89ac980a7 100644 --- a/api/keto/acl/v1alpha1/acl.proto +++ b/api/keto/acl/v1alpha1/acl.proto @@ -28,16 +28,6 @@ message RelationTuple { Subject subject = 4; } -// Object represents a "resource/digital object" in a namespace. -// A RelationTuple relates a Subject to an Object. -message Object { - // The namespace of the object. - // This effectively is the namespace of the whole RelationTuple. - string namespace = 1; - // The object id. - string id = 2; -} - // Subject is either a concrete subject id or // a subject set expanding to more Subjects. message Subject { From 63eec13fb3a95db85e6b9b28e22ade6cfa80802f Mon Sep 17 00:00:00 2001 From: zepatrik Date: Fri, 20 Nov 2020 10:12:34 +0100 Subject: [PATCH 21/21] chore: cosmetic improvements --- api/keto/acl/v1alpha1/check_service.proto | 2 +- api/keto/acl/v1alpha1/read_service.proto | 8 ++++---- api/keto/acl/v1alpha1/write_service.proto | 2 +- buf/api/buf.gen.yaml | 2 +- buf/api/buf.yaml | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/api/keto/acl/v1alpha1/check_service.proto b/api/keto/acl/v1alpha1/check_service.proto index d4d0b094b..d5a5563d8 100644 --- a/api/keto/acl/v1alpha1/check_service.proto +++ b/api/keto/acl/v1alpha1/check_service.proto @@ -85,4 +85,4 @@ message CheckResponse { // for subsequent requests to have minimal latency, // but allow slightly stale responses (only some milliseconds or seconds). string snaptoken = 2; -} \ No newline at end of file +} diff --git a/api/keto/acl/v1alpha1/read_service.proto b/api/keto/acl/v1alpha1/read_service.proto index 938dd2f07..d4c22271c 100644 --- a/api/keto/acl/v1alpha1/read_service.proto +++ b/api/keto/acl/v1alpha1/read_service.proto @@ -54,8 +54,8 @@ message ListRelationTuplesRequest { // // Available fields: // "object", "relation", "subject", - // "object.namespace","object.id", - // "subject.id", "subject.set" + // "namespace", "subject.id", "subject.namespace", + // "subject.object", "subject.relation" google.protobuf.FieldMask expand_mask = 2; // Optional. The snapshot token for this read. string snaptoken = 3; @@ -64,7 +64,7 @@ message ListRelationTuplesRequest { int32 page_size = 4; // Optional. A pagination token returned from // a previous call to `ListRelationTuples` that - // indicates where this listing should continue from. + // indicates where the page should start at. string page_token = 5; } @@ -79,4 +79,4 @@ message ListRelationTuplesResponse { // using this `next_page_token` as the `page_token` are ignored and // CAN be left blank, since the request's data is baked in this `next_page_token`. string next_page_token = 2; -} \ No newline at end of file +} diff --git a/api/keto/acl/v1alpha1/write_service.proto b/api/keto/acl/v1alpha1/write_service.proto index b12e5a508..c74e19a0d 100644 --- a/api/keto/acl/v1alpha1/write_service.proto +++ b/api/keto/acl/v1alpha1/write_service.proto @@ -57,4 +57,4 @@ message WriteRelationTuplesResponse { // The snaptoken is nil at the same index // if the RelationTupleWriteDelta_Action was DELETE. repeated string snaptokens = 1; -} \ No newline at end of file +} diff --git a/buf/api/buf.gen.yaml b/buf/api/buf.gen.yaml index 90b5a5063..31849f68d 100644 --- a/buf/api/buf.gen.yaml +++ b/buf/api/buf.gen.yaml @@ -5,4 +5,4 @@ plugins: opt: paths=source_relative - name: go-grpc out: api - opt: paths=source_relative,require_unimplemented_servers=false \ No newline at end of file + opt: paths=source_relative,require_unimplemented_servers=false diff --git a/buf/api/buf.yaml b/buf/api/buf.yaml index 3ceba64be..7bb1f0d75 100644 --- a/buf/api/buf.yaml +++ b/buf/api/buf.yaml @@ -12,4 +12,4 @@ lint: - keto/acl/v1alpha1/write_service.proto breaking: use: - - PACKAGE \ No newline at end of file + - PACKAGE