From 337ce4709e0e2d9e314828bb16f05049bc413351 Mon Sep 17 00:00:00 2001 From: zepatrik Date: Thu, 19 Nov 2020 12:51:43 +0100 Subject: [PATCH] fix: externalize namespace parameter --- api/keto/acl/v1alpha1/acl.pb.go | 223 ++++++++-------------- api/keto/acl/v1alpha1/acl.proto | 35 ++-- api/keto/acl/v1alpha1/check_service.pb.go | 112 ++++++----- api/keto/acl/v1alpha1/check_service.proto | 11 +- api/keto/acl/v1alpha1/read_service.pb.go | 115 +++++------ api/keto/acl/v1alpha1/read_service.proto | 8 +- 6 files changed, 228 insertions(+), 276 deletions(-) diff --git a/api/keto/acl/v1alpha1/acl.pb.go b/api/keto/acl/v1alpha1/acl.pb.go index 45c9067dc..ff5a1b2a2 100644 --- a/api/keto/acl/v1alpha1/acl.pb.go +++ b/api/keto/acl/v1alpha1/acl.pb.go @@ -34,16 +34,20 @@ type RelationTuple struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // The object related by this tuple. - Object *Object `protobuf:"bytes,1,opt,name=object,proto3" json:"object,omitempty"` + // The namespace this relation tuple lives in. + Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` + // The object referenced by this tuple. Is inherently in the + // namespace of the tuple. + ObjectId string `protobuf:"bytes,2,opt,name=object_id,json=objectId,proto3" json:"object_id,omitempty"` // The relation between an Object and a Subject. - Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` + Relation string `protobuf:"bytes,3,opt,name=relation,proto3" json:"relation,omitempty"` // The subject related by this tuple. // A Subject either represents a concrete subject id or // a SubjectSet that expands to more Subjects. - Subject *Subject `protobuf:"bytes,3,opt,name=subject,proto3" json:"subject,omitempty"` - // Used to perform a consistent read-modify-write (lock). - Etag string `protobuf:"bytes,4,opt,name=etag,proto3" json:"etag,omitempty"` + Subject *Subject `protobuf:"bytes,4,opt,name=subject,proto3" json:"subject,omitempty"` + // Used to perform a consistent operation (read-modify-write) + // by ensuring no changes where made between steps. + Etag string `protobuf:"bytes,5,opt,name=etag,proto3" json:"etag,omitempty"` } func (x *RelationTuple) Reset() { @@ -78,11 +82,18 @@ func (*RelationTuple) Descriptor() ([]byte, []int) { return file_keto_acl_v1alpha1_acl_proto_rawDescGZIP(), []int{0} } -func (x *RelationTuple) GetObject() *Object { +func (x *RelationTuple) GetNamespace() string { if x != nil { - return x.Object + return x.Namespace } - return nil + return "" +} + +func (x *RelationTuple) GetObjectId() string { + if x != nil { + return x.ObjectId + } + return "" } func (x *RelationTuple) GetRelation() string { @@ -106,68 +117,6 @@ func (x *RelationTuple) GetEtag() string { return "" } -// Object is an object in a namespace -// referenced by a RelationTuple or SubjectSet. -// -// It represents a "resource" or "digital object". -type Object struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The namespace of the object. - // This effectively is the namespace of the whole RelationTuple. - Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` - // The object id. - Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` -} - -func (x *Object) Reset() { - *x = Object{} - if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Object) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Object) ProtoMessage() {} - -func (x *Object) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Object.ProtoReflect.Descriptor instead. -func (*Object) Descriptor() ([]byte, []int) { - return file_keto_acl_v1alpha1_acl_proto_rawDescGZIP(), []int{1} -} - -func (x *Object) GetNamespace() string { - if x != nil { - return x.Namespace - } - return "" -} - -func (x *Object) GetId() string { - if x != nil { - return x.Id - } - return "" -} - // Subject is either a concrete subject id or // a subject set expanding to more Subjects. type Subject struct { @@ -186,7 +135,7 @@ type Subject struct { func (x *Subject) Reset() { *x = Subject{} if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[2] + mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -199,7 +148,7 @@ func (x *Subject) String() string { func (*Subject) ProtoMessage() {} func (x *Subject) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[2] + mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[1] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -212,7 +161,7 @@ func (x *Subject) ProtoReflect() protoreflect.Message { // Deprecated: Use Subject.ProtoReflect.Descriptor instead. func (*Subject) Descriptor() ([]byte, []int) { - return file_keto_acl_v1alpha1_acl_proto_rawDescGZIP(), []int{2} + return file_keto_acl_v1alpha1_acl_proto_rawDescGZIP(), []int{1} } func (m *Subject) GetRef() isSubject_Ref { @@ -263,16 +212,19 @@ type SubjectSet struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields + // The namespace of the object and relation referenced + // in this subject set. + Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` // The object selected by the subjects. - Object *Object `protobuf:"bytes,1,opt,name=object,proto3" json:"object,omitempty"` + ObjectId string `protobuf:"bytes,2,opt,name=object_id,json=objectId,proto3" json:"object_id,omitempty"` // The relation to the object by the subjects. - Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` + Relation string `protobuf:"bytes,3,opt,name=relation,proto3" json:"relation,omitempty"` } func (x *SubjectSet) Reset() { *x = SubjectSet{} if protoimpl.UnsafeEnabled { - mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[3] + mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -285,7 +237,7 @@ func (x *SubjectSet) String() string { func (*SubjectSet) ProtoMessage() {} func (x *SubjectSet) ProtoReflect() protoreflect.Message { - mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[3] + mi := &file_keto_acl_v1alpha1_acl_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -298,14 +250,21 @@ func (x *SubjectSet) ProtoReflect() protoreflect.Message { // Deprecated: Use SubjectSet.ProtoReflect.Descriptor instead. func (*SubjectSet) Descriptor() ([]byte, []int) { - return file_keto_acl_v1alpha1_acl_proto_rawDescGZIP(), []int{3} + return file_keto_acl_v1alpha1_acl_proto_rawDescGZIP(), []int{2} } -func (x *SubjectSet) GetObject() *Object { +func (x *SubjectSet) GetNamespace() string { if x != nil { - return x.Object + return x.Namespace } - return nil + return "" +} + +func (x *SubjectSet) GetObjectId() string { + if x != nil { + return x.ObjectId + } + return "" } func (x *SubjectSet) GetRelation() string { @@ -321,41 +280,38 @@ var file_keto_acl_v1alpha1_acl_proto_rawDesc = []byte{ 0x0a, 0x1b, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x61, 0x63, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x11, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, - 0x22, 0xa8, 0x01, 0x0a, 0x0d, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, - 0x6c, 0x65, 0x12, 0x31, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, - 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x12, 0x34, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x07, - 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x65, 0x74, 0x61, 0x67, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x65, 0x74, 0x61, 0x67, 0x22, 0x36, 0x0a, 0x06, 0x4f, - 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, - 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, - 0x61, 0x63, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x02, 0x69, 0x64, 0x22, 0x55, 0x0a, 0x07, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x10, + 0x22, 0xb0, 0x01, 0x0a, 0x0d, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, + 0x6c, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, + 0x12, 0x1b, 0x0a, 0x09, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x08, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x1a, 0x0a, + 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x34, 0x0a, 0x07, 0x73, 0x75, 0x62, + 0x6a, 0x65, 0x63, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, + 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, + 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, + 0x12, 0x0a, 0x04, 0x65, 0x74, 0x61, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x65, + 0x74, 0x61, 0x67, 0x22, 0x55, 0x0a, 0x07, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x10, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x02, 0x69, 0x64, 0x12, 0x31, 0x0a, 0x03, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x48, 0x00, 0x52, 0x03, - 0x73, 0x65, 0x74, 0x42, 0x05, 0x0a, 0x03, 0x72, 0x65, 0x66, 0x22, 0x5b, 0x0a, 0x0a, 0x53, 0x75, - 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x12, 0x31, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, - 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, - 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4f, 0x62, 0x6a, - 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, - 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, - 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x85, 0x01, 0x0a, 0x18, 0x73, 0x68, 0x2e, 0x6f, - 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x31, 0x42, 0x08, 0x41, 0x63, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, - 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, - 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, - 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, - 0x02, 0x15, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, - 0x31, 0x41, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, - 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, - 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x73, 0x65, 0x74, 0x42, 0x05, 0x0a, 0x03, 0x72, 0x65, 0x66, 0x22, 0x63, 0x0a, 0x0a, 0x53, 0x75, + 0x62, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x65, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, + 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, + 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, + 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6f, 0x62, 0x6a, 0x65, 0x63, + 0x74, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, + 0x85, 0x01, 0x0a, 0x18, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, + 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x08, 0x41, 0x63, + 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, + 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, + 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0x41, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, + 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -370,23 +326,20 @@ func file_keto_acl_v1alpha1_acl_proto_rawDescGZIP() []byte { return file_keto_acl_v1alpha1_acl_proto_rawDescData } -var file_keto_acl_v1alpha1_acl_proto_msgTypes = make([]protoimpl.MessageInfo, 4) +var file_keto_acl_v1alpha1_acl_proto_msgTypes = make([]protoimpl.MessageInfo, 3) var file_keto_acl_v1alpha1_acl_proto_goTypes = []interface{}{ (*RelationTuple)(nil), // 0: keto.acl.v1alpha1.RelationTuple - (*Object)(nil), // 1: keto.acl.v1alpha1.Object - (*Subject)(nil), // 2: keto.acl.v1alpha1.Subject - (*SubjectSet)(nil), // 3: keto.acl.v1alpha1.SubjectSet + (*Subject)(nil), // 1: keto.acl.v1alpha1.Subject + (*SubjectSet)(nil), // 2: keto.acl.v1alpha1.SubjectSet } var file_keto_acl_v1alpha1_acl_proto_depIdxs = []int32{ - 1, // 0: keto.acl.v1alpha1.RelationTuple.object:type_name -> keto.acl.v1alpha1.Object - 2, // 1: keto.acl.v1alpha1.RelationTuple.subject:type_name -> keto.acl.v1alpha1.Subject - 3, // 2: keto.acl.v1alpha1.Subject.set:type_name -> keto.acl.v1alpha1.SubjectSet - 1, // 3: keto.acl.v1alpha1.SubjectSet.object:type_name -> keto.acl.v1alpha1.Object - 4, // [4:4] is the sub-list for method output_type - 4, // [4:4] is the sub-list for method input_type - 4, // [4:4] is the sub-list for extension type_name - 4, // [4:4] is the sub-list for extension extendee - 0, // [0:4] is the sub-list for field type_name + 1, // 0: keto.acl.v1alpha1.RelationTuple.subject:type_name -> keto.acl.v1alpha1.Subject + 2, // 1: keto.acl.v1alpha1.Subject.set:type_name -> keto.acl.v1alpha1.SubjectSet + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name } func init() { file_keto_acl_v1alpha1_acl_proto_init() } @@ -408,18 +361,6 @@ func file_keto_acl_v1alpha1_acl_proto_init() { } } file_keto_acl_v1alpha1_acl_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Object); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keto_acl_v1alpha1_acl_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Subject); i { case 0: return &v.state @@ -431,7 +372,7 @@ func file_keto_acl_v1alpha1_acl_proto_init() { return nil } } - file_keto_acl_v1alpha1_acl_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + file_keto_acl_v1alpha1_acl_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*SubjectSet); i { case 0: return &v.state @@ -444,7 +385,7 @@ func file_keto_acl_v1alpha1_acl_proto_init() { } } } - file_keto_acl_v1alpha1_acl_proto_msgTypes[2].OneofWrappers = []interface{}{ + file_keto_acl_v1alpha1_acl_proto_msgTypes[1].OneofWrappers = []interface{}{ (*Subject_Id)(nil), (*Subject_Set)(nil), } @@ -454,7 +395,7 @@ func file_keto_acl_v1alpha1_acl_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_keto_acl_v1alpha1_acl_proto_rawDesc, NumEnums: 0, - NumMessages: 4, + NumMessages: 3, NumExtensions: 0, NumServices: 0, }, diff --git a/api/keto/acl/v1alpha1/acl.proto b/api/keto/acl/v1alpha1/acl.proto index f491def84..c02067743 100644 --- a/api/keto/acl/v1alpha1/acl.proto +++ b/api/keto/acl/v1alpha1/acl.proto @@ -15,28 +15,20 @@ option php_namespace = "Ory\\Keto\\Acl\\V1alpha1"; // While a tuple reflects a relationship between Object // and Subject, they do not completely define the effective ACLs. message RelationTuple { - // The object related by this tuple. - Object object = 1; + // The namespace this relation tuple lives in. + string namespace = 1; + // The object referenced by this tuple. Is inherently in the + // namespace of the tuple. + string object_id = 2; // The relation between an Object and a Subject. - string relation = 2; + string relation = 3; // The subject related by this tuple. // A Subject either represents a concrete subject id or // a SubjectSet that expands to more Subjects. - Subject subject = 3; - // Used to perform a consistent read-modify-write (lock). - string etag = 4; -} - -// Object is an object in a namespace -// referenced by a RelationTuple or SubjectSet. -// -// It represents a "resource" or "digital object". -message Object { - // The namespace of the object. - // This effectively is the namespace of the whole RelationTuple. - string namespace = 1; - // The object id. - string id = 2; + Subject subject = 4; + // Used to perform a consistent operation (read-modify-write) + // by ensuring no changes where made between steps. + string etag = 5; } // Subject is either a concrete subject id or @@ -56,8 +48,11 @@ message Subject { // the same `relation` to an `object`. // Also used for inheritance. message SubjectSet { + // The namespace of the object and relation referenced + // in this subject set. + string namespace = 1; // The object selected by the subjects. - Object object = 1; + string object_id = 2; // The relation to the object by the subjects. - string relation = 2; + string relation = 3; } diff --git a/api/keto/acl/v1alpha1/check_service.pb.go b/api/keto/acl/v1alpha1/check_service.pb.go index 39f6f101c..079187bc4 100644 --- a/api/keto/acl/v1alpha1/check_service.pb.go +++ b/api/keto/acl/v1alpha1/check_service.pb.go @@ -32,12 +32,13 @@ type CheckRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields + Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` // The related object in this check. - Object *Object `protobuf:"bytes,1,opt,name=object,proto3" json:"object,omitempty"` + ObjectId string `protobuf:"bytes,2,opt,name=object_id,json=objectId,proto3" json:"object_id,omitempty"` // The relation between the Object and the Subject. - Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` + Relation string `protobuf:"bytes,3,opt,name=relation,proto3" json:"relation,omitempty"` // The related subject to check against. - Subject *Subject `protobuf:"bytes,3,opt,name=subject,proto3" json:"subject,omitempty"` + Subject *Subject `protobuf:"bytes,4,opt,name=subject,proto3" json:"subject,omitempty"` // Set this field to `true` in case your application // needs to authorize depending on up to date ACLs, // also called a "content-change check". @@ -54,7 +55,7 @@ type CheckRequest struct { // and it is unacceptable that if the permission to do that had // just been revoked some seconds ago so that the change had not // yet been fully replicated to all availability zones. - Latest bool `protobuf:"varint,4,opt,name=latest,proto3" json:"latest,omitempty"` + Latest bool `protobuf:"varint,5,opt,name=latest,proto3" json:"latest,omitempty"` // Optional. Like reads, a check is always evaluated at a // consistent snapshot no earlier than the given snaptoken. // @@ -68,7 +69,7 @@ type CheckRequest struct { // If not specified the server tries to evaluate the check // on the best snapshot version where it is very likely that // ACLs had already been replicated to all availability zones. - Snaptoken []byte `protobuf:"bytes,5,opt,name=snaptoken,proto3" json:"snaptoken,omitempty"` + Snaptoken []byte `protobuf:"bytes,6,opt,name=snaptoken,proto3" json:"snaptoken,omitempty"` } func (x *CheckRequest) Reset() { @@ -103,11 +104,18 @@ func (*CheckRequest) Descriptor() ([]byte, []int) { return file_keto_acl_v1alpha1_check_service_proto_rawDescGZIP(), []int{0} } -func (x *CheckRequest) GetObject() *Object { +func (x *CheckRequest) GetNamespace() string { if x != nil { - return x.Object + return x.Namespace } - return nil + return "" +} + +func (x *CheckRequest) GetObjectId() string { + if x != nil { + return x.ObjectId + } + return "" } func (x *CheckRequest) GetRelation() string { @@ -216,40 +224,40 @@ var file_keto_acl_v1alpha1_check_service_proto_rawDesc = []byte{ 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x11, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x1b, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x61, 0x63, - 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc9, 0x01, 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, - 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x31, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, - 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, - 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4f, 0x62, 0x6a, - 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, - 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, - 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x34, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, - 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, - 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x75, 0x62, - 0x6a, 0x65, 0x63, 0x74, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x16, 0x0a, - 0x06, 0x6c, 0x61, 0x74, 0x65, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x6c, - 0x61, 0x74, 0x65, 0x73, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, - 0x65, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, - 0x6b, 0x65, 0x6e, 0x22, 0x47, 0x0a, 0x0d, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x12, 0x1c, - 0x0a, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x32, 0x5a, 0x0a, 0x0c, - 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x4a, 0x0a, 0x05, - 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x1f, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, - 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, - 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x8e, 0x01, 0x0a, 0x18, 0x73, 0x68, 0x2e, - 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x11, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, - 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, - 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x2e, - 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0x41, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, - 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, + 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xd1, 0x01, 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, + 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, + 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, + 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, + 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6f, 0x62, 0x6a, 0x65, 0x63, + 0x74, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, + 0x34, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x07, 0x73, 0x75, + 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x6c, 0x61, 0x74, 0x65, 0x73, 0x74, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x6c, 0x61, 0x74, 0x65, 0x73, 0x74, 0x12, 0x1c, 0x0a, + 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, + 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x47, 0x0a, 0x0d, 0x43, + 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, + 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x61, + 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, + 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, + 0x6f, 0x6b, 0x65, 0x6e, 0x32, 0x5a, 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x12, 0x4a, 0x0a, 0x05, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x1f, 0x2e, + 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, + 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x42, 0x8e, 0x01, 0x0a, 0x18, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, + 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x11, 0x43, + 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, + 0x50, 0x01, 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, + 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, + 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x61, 0x63, + 0x6c, 0xaa, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, + 0x2e, 0x56, 0x31, 0x41, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, + 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -268,19 +276,17 @@ var file_keto_acl_v1alpha1_check_service_proto_msgTypes = make([]protoimpl.Messa var file_keto_acl_v1alpha1_check_service_proto_goTypes = []interface{}{ (*CheckRequest)(nil), // 0: keto.acl.v1alpha1.CheckRequest (*CheckResponse)(nil), // 1: keto.acl.v1alpha1.CheckResponse - (*Object)(nil), // 2: keto.acl.v1alpha1.Object - (*Subject)(nil), // 3: keto.acl.v1alpha1.Subject + (*Subject)(nil), // 2: keto.acl.v1alpha1.Subject } var file_keto_acl_v1alpha1_check_service_proto_depIdxs = []int32{ - 2, // 0: keto.acl.v1alpha1.CheckRequest.object:type_name -> keto.acl.v1alpha1.Object - 3, // 1: keto.acl.v1alpha1.CheckRequest.subject:type_name -> keto.acl.v1alpha1.Subject - 0, // 2: keto.acl.v1alpha1.CheckService.Check:input_type -> keto.acl.v1alpha1.CheckRequest - 1, // 3: keto.acl.v1alpha1.CheckService.Check:output_type -> keto.acl.v1alpha1.CheckResponse - 3, // [3:4] is the sub-list for method output_type - 2, // [2:3] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name + 2, // 0: keto.acl.v1alpha1.CheckRequest.subject:type_name -> keto.acl.v1alpha1.Subject + 0, // 1: keto.acl.v1alpha1.CheckService.Check:input_type -> keto.acl.v1alpha1.CheckRequest + 1, // 2: keto.acl.v1alpha1.CheckService.Check:output_type -> keto.acl.v1alpha1.CheckResponse + 2, // [2:3] is the sub-list for method output_type + 1, // [1:2] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name } func init() { file_keto_acl_v1alpha1_check_service_proto_init() } diff --git a/api/keto/acl/v1alpha1/check_service.proto b/api/keto/acl/v1alpha1/check_service.proto index 2b19cc2e9..73b44eb12 100644 --- a/api/keto/acl/v1alpha1/check_service.proto +++ b/api/keto/acl/v1alpha1/check_service.proto @@ -21,12 +21,13 @@ service CheckService { // The request for a CheckService.Check rpc. // Checks whether a specific subject is related to an object. message CheckRequest { + string namespace = 1; // The related object in this check. - Object object = 1; + string object_id = 2; // The relation between the Object and the Subject. - string relation = 2; + string relation = 3; // The related subject to check against. - Subject subject = 3; + Subject subject = 4; // Set this field to `true` in case your application // needs to authorize depending on up to date ACLs, // also called a "content-change check". @@ -43,7 +44,7 @@ message CheckRequest { // and it is unacceptable that if the permission to do that had // just been revoked some seconds ago so that the change had not // yet been fully replicated to all availability zones. - bool latest = 4; + bool latest = 5; // Optional. Like reads, a check is always evaluated at a // consistent snapshot no earlier than the given snaptoken. // @@ -57,7 +58,7 @@ message CheckRequest { // If not specified the server tries to evaluate the check // on the best snapshot version where it is very likely that // ACLs had already been replicated to all availability zones. - bytes snaptoken = 5; + bytes snaptoken = 6; } // The response for a CheckService.Check rpc. diff --git a/api/keto/acl/v1alpha1/read_service.pb.go b/api/keto/acl/v1alpha1/read_service.pb.go index eb35d8839..f02420a89 100644 --- a/api/keto/acl/v1alpha1/read_service.pb.go +++ b/api/keto/acl/v1alpha1/read_service.pb.go @@ -203,12 +203,14 @@ type ListRelationTuplesRequest_Query struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields + // Required. + Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` // Optional. - Object *Object `protobuf:"bytes,1,opt,name=object,proto3" json:"object,omitempty"` + ObjectId string `protobuf:"bytes,2,opt,name=object_id,json=objectId,proto3" json:"object_id,omitempty"` // Optional. - Relation string `protobuf:"bytes,2,opt,name=relation,proto3" json:"relation,omitempty"` + Relation string `protobuf:"bytes,3,opt,name=relation,proto3" json:"relation,omitempty"` // Optional. - Subject *Subject `protobuf:"bytes,3,opt,name=subject,proto3" json:"subject,omitempty"` + Subject *Subject `protobuf:"bytes,4,opt,name=subject,proto3" json:"subject,omitempty"` } func (x *ListRelationTuplesRequest_Query) Reset() { @@ -243,11 +245,18 @@ func (*ListRelationTuplesRequest_Query) Descriptor() ([]byte, []int) { return file_keto_acl_v1alpha1_read_service_proto_rawDescGZIP(), []int{0, 0} } -func (x *ListRelationTuplesRequest_Query) GetObject() *Object { +func (x *ListRelationTuplesRequest_Query) GetNamespace() string { if x != nil { - return x.Object + return x.Namespace } - return nil + return "" +} + +func (x *ListRelationTuplesRequest_Query) GetObjectId() string { + if x != nil { + return x.ObjectId + } + return "" } func (x *ListRelationTuplesRequest_Query) GetRelation() string { @@ -274,7 +283,7 @@ var file_keto_acl_v1alpha1_read_service_proto_rawDesc = []byte{ 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x61, 0x63, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x6d, 0x61, - 0x73, 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x8b, 0x03, 0x0a, 0x19, 0x4c, 0x69, 0x73, + 0x73, 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x93, 0x03, 0x0a, 0x19, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x48, 0x0a, 0x05, 0x71, 0x75, 0x65, 0x72, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, @@ -290,43 +299,43 @@ var file_keto_acl_v1alpha1_read_service_proto_rawDesc = []byte{ 0x61, 0x67, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x70, 0x61, 0x67, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, - 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x1a, 0x8c, 0x01, 0x0a, 0x05, 0x51, 0x75, 0x65, 0x72, - 0x79, 0x12, 0x31, 0x0a, 0x06, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x19, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, 0x6f, 0x62, - 0x6a, 0x65, 0x63, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x12, 0x34, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x07, 0x73, - 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x22, 0x8f, 0x01, 0x0a, 0x1a, 0x4c, 0x69, 0x73, 0x74, 0x52, - 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x49, 0x0a, 0x0f, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, - 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x31, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, - 0x52, 0x0e, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, - 0x12, 0x26, 0x0a, 0x0f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, - 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6e, 0x65, 0x78, 0x74, 0x50, - 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x32, 0x80, 0x01, 0x0a, 0x0b, 0x52, 0x65, 0x61, - 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x71, 0x0a, 0x12, 0x4c, 0x69, 0x73, 0x74, - 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, 0x2c, - 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, - 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2d, 0x2e, 0x6b, + 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x1a, 0x94, 0x01, 0x0a, 0x05, 0x51, 0x75, 0x65, 0x72, + 0x79, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, + 0x1b, 0x0a, 0x09, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x08, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x08, + 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, + 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x34, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, + 0x65, 0x63, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x65, 0x74, 0x6f, + 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x75, + 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x22, 0x8f, + 0x01, 0x0a, 0x1a, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, + 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x49, 0x0a, + 0x0f, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x73, + 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, + 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x52, 0x0e, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x6e, 0x65, 0x78, 0x74, + 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0d, 0x6e, 0x65, 0x78, 0x74, 0x50, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, + 0x32, 0x80, 0x01, 0x0a, 0x0b, 0x52, 0x65, 0x61, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x12, 0x71, 0x0a, 0x12, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, 0x2c, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, + 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, + 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2d, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x42, 0x8d, 0x01, 0x0a, 0x18, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, - 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, - 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x8d, 0x01, 0x0a, 0x18, - 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x61, 0x63, 0x6c, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x10, 0x52, 0x65, 0x61, 0x64, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2d, 0x67, 0x69, - 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, - 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x15, 0x4f, 0x72, - 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, 0x63, 0x6c, 0x2e, 0x56, 0x31, 0x41, 0x6c, 0x70, - 0x68, 0x61, 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, - 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, + 0x42, 0x10, 0x52, 0x65, 0x61, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, + 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6b, 0x65, + 0x74, 0x6f, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, + 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x15, 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x41, + 0x63, 0x6c, 0x2e, 0x56, 0x31, 0x41, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x15, 0x4f, 0x72, + 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x41, 0x63, 0x6c, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -348,22 +357,20 @@ var file_keto_acl_v1alpha1_read_service_proto_goTypes = []interface{}{ (*ListRelationTuplesRequest_Query)(nil), // 2: keto.acl.v1alpha1.ListRelationTuplesRequest.Query (*field_mask.FieldMask)(nil), // 3: google.protobuf.FieldMask (*RelationTuple)(nil), // 4: keto.acl.v1alpha1.RelationTuple - (*Object)(nil), // 5: keto.acl.v1alpha1.Object - (*Subject)(nil), // 6: keto.acl.v1alpha1.Subject + (*Subject)(nil), // 5: keto.acl.v1alpha1.Subject } var file_keto_acl_v1alpha1_read_service_proto_depIdxs = []int32{ 2, // 0: keto.acl.v1alpha1.ListRelationTuplesRequest.query:type_name -> keto.acl.v1alpha1.ListRelationTuplesRequest.Query 3, // 1: keto.acl.v1alpha1.ListRelationTuplesRequest.expand_mask:type_name -> google.protobuf.FieldMask 4, // 2: keto.acl.v1alpha1.ListRelationTuplesResponse.relation_tuples:type_name -> keto.acl.v1alpha1.RelationTuple - 5, // 3: keto.acl.v1alpha1.ListRelationTuplesRequest.Query.object:type_name -> keto.acl.v1alpha1.Object - 6, // 4: keto.acl.v1alpha1.ListRelationTuplesRequest.Query.subject:type_name -> keto.acl.v1alpha1.Subject - 0, // 5: keto.acl.v1alpha1.ReadService.ListRelationTuples:input_type -> keto.acl.v1alpha1.ListRelationTuplesRequest - 1, // 6: keto.acl.v1alpha1.ReadService.ListRelationTuples:output_type -> keto.acl.v1alpha1.ListRelationTuplesResponse - 6, // [6:7] is the sub-list for method output_type - 5, // [5:6] is the sub-list for method input_type - 5, // [5:5] is the sub-list for extension type_name - 5, // [5:5] is the sub-list for extension extendee - 0, // [0:5] is the sub-list for field type_name + 5, // 3: keto.acl.v1alpha1.ListRelationTuplesRequest.Query.subject:type_name -> keto.acl.v1alpha1.Subject + 0, // 4: keto.acl.v1alpha1.ReadService.ListRelationTuples:input_type -> keto.acl.v1alpha1.ListRelationTuplesRequest + 1, // 5: keto.acl.v1alpha1.ReadService.ListRelationTuples:output_type -> keto.acl.v1alpha1.ListRelationTuplesResponse + 5, // [5:6] is the sub-list for method output_type + 4, // [4:5] is the sub-list for method input_type + 4, // [4:4] is the sub-list for extension type_name + 4, // [4:4] is the sub-list for extension extendee + 0, // [0:4] is the sub-list for field type_name } func init() { file_keto_acl_v1alpha1_read_service_proto_init() } diff --git a/api/keto/acl/v1alpha1/read_service.proto b/api/keto/acl/v1alpha1/read_service.proto index 315c2df44..70d906477 100644 --- a/api/keto/acl/v1alpha1/read_service.proto +++ b/api/keto/acl/v1alpha1/read_service.proto @@ -33,12 +33,14 @@ message ListRelationTuplesRequest { // - object & relation & subject: check whether the relation tuple already exists, before writing it // message Query { + // Required. + string namespace = 1; // Optional. - Object object = 1; + string object_id = 2; // Optional. - string relation = 2; + string relation = 3; // Optional. - Subject subject = 3; + Subject subject = 4; } // All field constraints are concatenated // with a logical AND operator.