diff --git a/buf.gen.yaml b/buf.gen.yaml index 262048a..3ab6df6 100644 --- a/buf.gen.yaml +++ b/buf.gen.yaml @@ -9,4 +9,4 @@ plugins: - client_grpc1 inputs: # This SHA refers to the v1.41.0 commit with deprecated APIs removed - - module: "buf.build/authzed/api:v1.45.4" + - module: "buf.build/authzed/api:v1.53.0" diff --git a/src/authzedapi/authzed/api/materialize/v0/relationships.grpc-client.ts b/src/authzedapi/authzed/api/materialize/v0/relationships.grpc-client.ts new file mode 100644 index 0000000..598a03e --- /dev/null +++ b/src/authzedapi/authzed/api/materialize/v0/relationships.grpc-client.ts @@ -0,0 +1,42 @@ +// @generated by protobuf-ts 2.9.1 with parameter generate_dependencies,long_type_string,client_grpc1 +// @generated from protobuf file "authzed/api/materialize/v0/relationships.proto" (package "authzed.api.materialize.v0", syntax proto3) +// tslint:disable +import { RelationshipsService } from "./relationships.js"; +import type { BinaryWriteOptions } from "@protobuf-ts/runtime"; +import type { BinaryReadOptions } from "@protobuf-ts/runtime"; +import type { ExperimentalCountRelationshipsByFilterResponse } from "./relationships.js"; +import type { ExperimentalCountRelationshipsByFilterRequest } from "./relationships.js"; +import * as grpc from "@grpc/grpc-js"; +/** + * @generated from protobuf service authzed.api.materialize.v0.RelationshipsService + */ +export interface IRelationshipsServiceClient { + /** + * EXPERIMENTAL: CountRelationships returns the count of relationships for a given filter. + * + * @generated from protobuf rpc: ExperimentalCountRelationshipsByFilter(authzed.api.materialize.v0.ExperimentalCountRelationshipsByFilterRequest) returns (authzed.api.materialize.v0.ExperimentalCountRelationshipsByFilterResponse); + */ + experimentalCountRelationshipsByFilter(input: ExperimentalCountRelationshipsByFilterRequest, metadata: grpc.Metadata, options: grpc.CallOptions, callback: (err: grpc.ServiceError | null, value?: ExperimentalCountRelationshipsByFilterResponse) => void): grpc.ClientUnaryCall; + experimentalCountRelationshipsByFilter(input: ExperimentalCountRelationshipsByFilterRequest, metadata: grpc.Metadata, callback: (err: grpc.ServiceError | null, value?: ExperimentalCountRelationshipsByFilterResponse) => void): grpc.ClientUnaryCall; + experimentalCountRelationshipsByFilter(input: ExperimentalCountRelationshipsByFilterRequest, options: grpc.CallOptions, callback: (err: grpc.ServiceError | null, value?: ExperimentalCountRelationshipsByFilterResponse) => void): grpc.ClientUnaryCall; + experimentalCountRelationshipsByFilter(input: ExperimentalCountRelationshipsByFilterRequest, callback: (err: grpc.ServiceError | null, value?: ExperimentalCountRelationshipsByFilterResponse) => void): grpc.ClientUnaryCall; +} +/** + * @generated from protobuf service authzed.api.materialize.v0.RelationshipsService + */ +export class RelationshipsServiceClient extends grpc.Client implements IRelationshipsServiceClient { + private readonly _binaryOptions: Partial; + constructor(address: string, credentials: grpc.ChannelCredentials, options: grpc.ClientOptions = {}, binaryOptions: Partial = {}) { + super(address, credentials, options); + this._binaryOptions = binaryOptions; + } + /** + * EXPERIMENTAL: CountRelationships returns the count of relationships for a given filter. + * + * @generated from protobuf rpc: ExperimentalCountRelationshipsByFilter(authzed.api.materialize.v0.ExperimentalCountRelationshipsByFilterRequest) returns (authzed.api.materialize.v0.ExperimentalCountRelationshipsByFilterResponse); + */ + experimentalCountRelationshipsByFilter(input: ExperimentalCountRelationshipsByFilterRequest, metadata: grpc.Metadata | grpc.CallOptions | ((err: grpc.ServiceError | null, value?: ExperimentalCountRelationshipsByFilterResponse) => void), options?: grpc.CallOptions | ((err: grpc.ServiceError | null, value?: ExperimentalCountRelationshipsByFilterResponse) => void), callback?: ((err: grpc.ServiceError | null, value?: ExperimentalCountRelationshipsByFilterResponse) => void)): grpc.ClientUnaryCall { + const method = RelationshipsService.methods[0]; + return this.makeUnaryRequest(`/${RelationshipsService.typeName}/${method.name}`, (value: ExperimentalCountRelationshipsByFilterRequest): Buffer => Buffer.from(method.I.toBinary(value, this._binaryOptions)), (value: Buffer): ExperimentalCountRelationshipsByFilterResponse => method.O.fromBinary(value, this._binaryOptions), input, (metadata as any), (options as any), (callback as any)); + } +} diff --git a/src/authzedapi/authzed/api/materialize/v0/relationships.ts b/src/authzedapi/authzed/api/materialize/v0/relationships.ts new file mode 100644 index 0000000..28b1c1c --- /dev/null +++ b/src/authzedapi/authzed/api/materialize/v0/relationships.ts @@ -0,0 +1,151 @@ +// @generated by protobuf-ts 2.9.1 with parameter generate_dependencies,long_type_string,client_grpc1 +// @generated from protobuf file "authzed/api/materialize/v0/relationships.proto" (package "authzed.api.materialize.v0", syntax proto3) +// tslint:disable +import { ServiceType } from "@protobuf-ts/runtime-rpc"; +import type { BinaryWriteOptions } from "@protobuf-ts/runtime"; +import type { IBinaryWriter } from "@protobuf-ts/runtime"; +import { WireType } from "@protobuf-ts/runtime"; +import type { BinaryReadOptions } from "@protobuf-ts/runtime"; +import type { IBinaryReader } from "@protobuf-ts/runtime"; +import { UnknownFieldHandler } from "@protobuf-ts/runtime"; +import type { PartialMessage } from "@protobuf-ts/runtime"; +import { reflectionMergePartial } from "@protobuf-ts/runtime"; +import { MESSAGE_TYPE } from "@protobuf-ts/runtime"; +import { MessageType } from "@protobuf-ts/runtime"; +import { ZedToken } from "../../v1/core.js"; +import { RelationshipFilter } from "../../v1/permission_service.js"; +/** + * @generated from protobuf message authzed.api.materialize.v0.ExperimentalCountRelationshipsByFilterRequest + */ +export interface ExperimentalCountRelationshipsByFilterRequest { + /** + * relationship_filter specifies the filter to apply when counting relationships. + * + * @generated from protobuf field: authzed.api.v1.RelationshipFilter relationship_filter = 1; + */ + relationshipFilter?: RelationshipFilter; +} +/** + * @generated from protobuf message authzed.api.materialize.v0.ExperimentalCountRelationshipsByFilterResponse + */ +export interface ExperimentalCountRelationshipsByFilterResponse { + /** + * relationship_count is the count of relationships that match the filter. + * + * @generated from protobuf field: uint64 relationship_count = 1; + */ + relationshipCount: string; + /** + * read_at is the ZedToken at which the relationship count applies. + * + * @generated from protobuf field: authzed.api.v1.ZedToken read_at = 2; + */ + readAt?: ZedToken; +} +// @generated message type with reflection information, may provide speed optimized methods +class ExperimentalCountRelationshipsByFilterRequest$Type extends MessageType { + constructor() { + super("authzed.api.materialize.v0.ExperimentalCountRelationshipsByFilterRequest", [ + { no: 1, name: "relationship_filter", kind: "message", T: () => RelationshipFilter, options: { "buf.validate.field": { required: true }, "validate.rules": { message: { required: true } } } } + ]); + } + create(value?: PartialMessage): ExperimentalCountRelationshipsByFilterRequest { + const message = {}; + globalThis.Object.defineProperty(message, MESSAGE_TYPE, { enumerable: false, value: this }); + if (value !== undefined) + reflectionMergePartial(this, message, value); + return message; + } + internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: ExperimentalCountRelationshipsByFilterRequest): ExperimentalCountRelationshipsByFilterRequest { + let message = target ?? this.create(), end = reader.pos + length; + while (reader.pos < end) { + let [fieldNo, wireType] = reader.tag(); + switch (fieldNo) { + case /* authzed.api.v1.RelationshipFilter relationship_filter */ 1: + message.relationshipFilter = RelationshipFilter.internalBinaryRead(reader, reader.uint32(), options, message.relationshipFilter); + break; + default: + let u = options.readUnknownField; + if (u === "throw") + throw new globalThis.Error(`Unknown field ${fieldNo} (wire type ${wireType}) for ${this.typeName}`); + let d = reader.skip(wireType); + if (u !== false) + (u === true ? UnknownFieldHandler.onRead : u)(this.typeName, message, fieldNo, wireType, d); + } + } + return message; + } + internalBinaryWrite(message: ExperimentalCountRelationshipsByFilterRequest, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter { + /* authzed.api.v1.RelationshipFilter relationship_filter = 1; */ + if (message.relationshipFilter) + RelationshipFilter.internalBinaryWrite(message.relationshipFilter, writer.tag(1, WireType.LengthDelimited).fork(), options).join(); + let u = options.writeUnknownFields; + if (u !== false) + (u == true ? UnknownFieldHandler.onWrite : u)(this.typeName, message, writer); + return writer; + } +} +/** + * @generated MessageType for protobuf message authzed.api.materialize.v0.ExperimentalCountRelationshipsByFilterRequest + */ +export const ExperimentalCountRelationshipsByFilterRequest = new ExperimentalCountRelationshipsByFilterRequest$Type(); +// @generated message type with reflection information, may provide speed optimized methods +class ExperimentalCountRelationshipsByFilterResponse$Type extends MessageType { + constructor() { + super("authzed.api.materialize.v0.ExperimentalCountRelationshipsByFilterResponse", [ + { no: 1, name: "relationship_count", kind: "scalar", T: 4 /*ScalarType.UINT64*/ }, + { no: 2, name: "read_at", kind: "message", T: () => ZedToken, options: { "buf.validate.field": { required: true }, "validate.rules": { message: { required: true } } } } + ]); + } + create(value?: PartialMessage): ExperimentalCountRelationshipsByFilterResponse { + const message = { relationshipCount: "0" }; + globalThis.Object.defineProperty(message, MESSAGE_TYPE, { enumerable: false, value: this }); + if (value !== undefined) + reflectionMergePartial(this, message, value); + return message; + } + internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: ExperimentalCountRelationshipsByFilterResponse): ExperimentalCountRelationshipsByFilterResponse { + let message = target ?? this.create(), end = reader.pos + length; + while (reader.pos < end) { + let [fieldNo, wireType] = reader.tag(); + switch (fieldNo) { + case /* uint64 relationship_count */ 1: + message.relationshipCount = reader.uint64().toString(); + break; + case /* authzed.api.v1.ZedToken read_at */ 2: + message.readAt = ZedToken.internalBinaryRead(reader, reader.uint32(), options, message.readAt); + break; + default: + let u = options.readUnknownField; + if (u === "throw") + throw new globalThis.Error(`Unknown field ${fieldNo} (wire type ${wireType}) for ${this.typeName}`); + let d = reader.skip(wireType); + if (u !== false) + (u === true ? UnknownFieldHandler.onRead : u)(this.typeName, message, fieldNo, wireType, d); + } + } + return message; + } + internalBinaryWrite(message: ExperimentalCountRelationshipsByFilterResponse, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter { + /* uint64 relationship_count = 1; */ + if (message.relationshipCount !== "0") + writer.tag(1, WireType.Varint).uint64(message.relationshipCount); + /* authzed.api.v1.ZedToken read_at = 2; */ + if (message.readAt) + ZedToken.internalBinaryWrite(message.readAt, writer.tag(2, WireType.LengthDelimited).fork(), options).join(); + let u = options.writeUnknownFields; + if (u !== false) + (u == true ? UnknownFieldHandler.onWrite : u)(this.typeName, message, writer); + return writer; + } +} +/** + * @generated MessageType for protobuf message authzed.api.materialize.v0.ExperimentalCountRelationshipsByFilterResponse + */ +export const ExperimentalCountRelationshipsByFilterResponse = new ExperimentalCountRelationshipsByFilterResponse$Type(); +/** + * @generated ServiceType for protobuf service authzed.api.materialize.v0.RelationshipsService + */ +export const RelationshipsService = new ServiceType("authzed.api.materialize.v0.RelationshipsService", [ + { name: "ExperimentalCountRelationshipsByFilter", options: {}, I: ExperimentalCountRelationshipsByFilterRequest, O: ExperimentalCountRelationshipsByFilterResponse } +]); diff --git a/src/authzedapi/authzed/api/materialize/v0/watchpermissions.grpc-client.ts b/src/authzedapi/authzed/api/materialize/v0/watchpermissions.grpc-client.ts index b80b929..e3213e1 100644 --- a/src/authzedapi/authzed/api/materialize/v0/watchpermissions.grpc-client.ts +++ b/src/authzedapi/authzed/api/materialize/v0/watchpermissions.grpc-client.ts @@ -28,6 +28,7 @@ export interface IWatchPermissionsServiceClient { * is only recommended when performing the set intersections of WatchPermissionSets in the client side is not viable * or there is a strict application requirement to use consume the computed permissions. * + * @deprecated * @generated from protobuf rpc: WatchPermissions(authzed.api.materialize.v0.WatchPermissionsRequest) returns (stream authzed.api.materialize.v0.WatchPermissionsResponse); */ watchPermissions(input: WatchPermissionsRequest, metadata?: grpc.Metadata, options?: grpc.CallOptions): grpc.ClientReadableStream; @@ -59,6 +60,7 @@ export class WatchPermissionsServiceClient extends grpc.Client implements IWatch * is only recommended when performing the set intersections of WatchPermissionSets in the client side is not viable * or there is a strict application requirement to use consume the computed permissions. * + * @deprecated * @generated from protobuf rpc: WatchPermissions(authzed.api.materialize.v0.WatchPermissionsRequest) returns (stream authzed.api.materialize.v0.WatchPermissionsResponse); */ watchPermissions(input: WatchPermissionsRequest, metadata?: grpc.Metadata | grpc.CallOptions, options?: grpc.CallOptions): grpc.ClientReadableStream { diff --git a/src/authzedapi/authzed/api/materialize/v0/watchpermissionsets.ts b/src/authzedapi/authzed/api/materialize/v0/watchpermissionsets.ts index fcbbfba..0d5fd67 100644 --- a/src/authzedapi/authzed/api/materialize/v0/watchpermissionsets.ts +++ b/src/authzedapi/authzed/api/materialize/v0/watchpermissionsets.ts @@ -12,6 +12,8 @@ import type { PartialMessage } from "@protobuf-ts/runtime"; import { reflectionMergePartial } from "@protobuf-ts/runtime"; import { MESSAGE_TYPE } from "@protobuf-ts/runtime"; import { MessageType } from "@protobuf-ts/runtime"; +import { Timestamp } from "../../../../google/protobuf/timestamp.js"; +import { WatchedPermission } from "./watchpermissions.js"; import { ZedToken } from "../../v1/core.js"; /** * @generated from protobuf message authzed.api.materialize.v0.WatchPermissionSetsRequest @@ -308,6 +310,12 @@ export interface BreakingSchemaChange { * @generated from protobuf field: authzed.api.v1.ZedToken change_at = 1; */ changeAt?: ZedToken; + /** + * affected_permissions lists all the watched permissions that were directly affected by the breaking schema change. + * + * @generated from protobuf field: repeated authzed.api.materialize.v0.WatchedPermission affected_permissions = 2; + */ + affectedPermissions: WatchedPermission[]; } /** * @generated from protobuf message authzed.api.materialize.v0.DownloadPermissionSetsRequest @@ -348,6 +356,21 @@ export interface DownloadPermissionSetsResponse { * @generated from protobuf field: repeated authzed.api.materialize.v0.File files = 1; */ files: File[]; + /** + * timestamp represents the time associated with the returned data revision. + * + * @generated from protobuf field: google.protobuf.Timestamp timestamp = 2; + */ + timestamp?: Timestamp; + /** + * at_revision is the snapshot revision the returned files were produced at, + * encoded as a ZedToken. Consumers should pass this token to + * WatchPermissionSets as optional_starting_after to resume the stream + * immediately after the snapshot without leaving gaps in event history. + * + * @generated from protobuf field: authzed.api.v1.ZedToken at_revision = 3; + */ + atRevision?: ZedToken; } // @generated message type with reflection information, may provide speed optimized methods class WatchPermissionSetsRequest$Type extends MessageType { @@ -927,11 +950,12 @@ export const LookupPermissionSetsRequired = new LookupPermissionSetsRequired$Typ class BreakingSchemaChange$Type extends MessageType { constructor() { super("authzed.api.materialize.v0.BreakingSchemaChange", [ - { no: 1, name: "change_at", kind: "message", T: () => ZedToken } + { no: 1, name: "change_at", kind: "message", T: () => ZedToken }, + { no: 2, name: "affected_permissions", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => WatchedPermission } ]); } create(value?: PartialMessage): BreakingSchemaChange { - const message = {}; + const message = { affectedPermissions: [] }; globalThis.Object.defineProperty(message, MESSAGE_TYPE, { enumerable: false, value: this }); if (value !== undefined) reflectionMergePartial(this, message, value); @@ -945,6 +969,9 @@ class BreakingSchemaChange$Type extends MessageType { case /* authzed.api.v1.ZedToken change_at */ 1: message.changeAt = ZedToken.internalBinaryRead(reader, reader.uint32(), options, message.changeAt); break; + case /* repeated authzed.api.materialize.v0.WatchedPermission affected_permissions */ 2: + message.affectedPermissions.push(WatchedPermission.internalBinaryRead(reader, reader.uint32(), options)); + break; default: let u = options.readUnknownField; if (u === "throw") @@ -960,6 +987,9 @@ class BreakingSchemaChange$Type extends MessageType { /* authzed.api.v1.ZedToken change_at = 1; */ if (message.changeAt) ZedToken.internalBinaryWrite(message.changeAt, writer.tag(1, WireType.LengthDelimited).fork(), options).join(); + /* repeated authzed.api.materialize.v0.WatchedPermission affected_permissions = 2; */ + for (let i = 0; i < message.affectedPermissions.length; i++) + WatchedPermission.internalBinaryWrite(message.affectedPermissions[i], writer.tag(2, WireType.LengthDelimited).fork(), options).join(); let u = options.writeUnknownFields; if (u !== false) (u == true ? UnknownFieldHandler.onWrite : u)(this.typeName, message, writer); @@ -1075,7 +1105,9 @@ export const File = new File$Type(); class DownloadPermissionSetsResponse$Type extends MessageType { constructor() { super("authzed.api.materialize.v0.DownloadPermissionSetsResponse", [ - { no: 1, name: "files", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => File } + { no: 1, name: "files", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => File }, + { no: 2, name: "timestamp", kind: "message", T: () => Timestamp }, + { no: 3, name: "at_revision", kind: "message", T: () => ZedToken } ]); } create(value?: PartialMessage): DownloadPermissionSetsResponse { @@ -1093,6 +1125,12 @@ class DownloadPermissionSetsResponse$Type extends MessageType { constructor() { super("authzed.api.v1.AlgebraicSubjectSet", [ { no: 1, name: "operation", kind: "enum", T: () => ["authzed.api.v1.AlgebraicSubjectSet.Operation", AlgebraicSubjectSet_Operation, "OPERATION_"], options: { "buf.validate.field": { enum: { definedOnly: true, notIn: [0] } }, "validate.rules": { enum: { definedOnly: true, notIn: [0] } } } }, - { no: 2, name: "children", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => PermissionRelationshipTree, options: { "buf.validate.field": { repeated: { items: { required: true } } }, "validate.rules": { repeated: { items: { message: { required: true } } } } } } + { no: 2, name: "children", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => PermissionRelationshipTree, options: { "validate.rules": { repeated: { items: { message: { required: true } } } } } } ]); } create(value?: PartialMessage): AlgebraicSubjectSet { diff --git a/src/authzedapi/authzed/api/v1/error_reason.ts b/src/authzedapi/authzed/api/v1/error_reason.ts index c12d53e..727b06e 100644 --- a/src/authzedapi/authzed/api/v1/error_reason.ts +++ b/src/authzedapi/authzed/api/v1/error_reason.ts @@ -503,5 +503,21 @@ export enum ErrorReason { * * @generated from protobuf enum value: ERROR_REASON_TRANSACTION_METADATA_TOO_LARGE = 29; */ - TRANSACTION_METADATA_TOO_LARGE = 29 + TRANSACTION_METADATA_TOO_LARGE = 29, + /** + * The request failed because the datastore has not been migrated. + * This typically indicates that the `spicedb datastore migrate` command + * has not been run against the backing database. + * + * Example of an ErrorInfo: + * + * { + * "reason": "ERROR_REASON_DATASTORE_NOT_MIGRATED", + * "domain": "authzed.com", + * "metadata": {} + * } + * + * @generated from protobuf enum value: ERROR_REASON_DATASTORE_NOT_MIGRATED = 30; + */ + DATASTORE_NOT_MIGRATED = 30 } diff --git a/src/authzedapi/authzed/api/v1/experimental_service.ts b/src/authzedapi/authzed/api/v1/experimental_service.ts index 9bd9cac..2c2167e 100644 --- a/src/authzedapi/authzed/api/v1/experimental_service.ts +++ b/src/authzedapi/authzed/api/v1/experimental_service.ts @@ -1121,7 +1121,7 @@ class BulkCheckPermissionRequest$Type extends MessageType Consistency }, - { no: 2, name: "items", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => BulkCheckPermissionRequestItem, options: { "buf.validate.field": { repeated: { items: { required: true } } }, "validate.rules": { repeated: { items: { message: { required: true } } } } } } + { no: 2, name: "items", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => BulkCheckPermissionRequestItem, options: { "validate.rules": { repeated: { items: { message: { required: true } } } } } } ]); } create(value?: PartialMessage): BulkCheckPermissionRequest { @@ -1243,7 +1243,7 @@ class BulkCheckPermissionResponse$Type extends MessageType ZedToken, options: { "buf.validate.field": { required: false }, "validate.rules": { message: { required: false } } } }, - { no: 2, name: "pairs", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => BulkCheckPermissionPair, options: { "buf.validate.field": { repeated: { items: { required: true } } }, "validate.rules": { repeated: { items: { message: { required: true } } } } } } + { no: 2, name: "pairs", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => BulkCheckPermissionPair, options: { "validate.rules": { repeated: { items: { message: { required: true } } } } } } ]); } create(value?: PartialMessage): BulkCheckPermissionResponse { @@ -1417,7 +1417,7 @@ export const BulkCheckPermissionResponseItem = new BulkCheckPermissionResponseIt class BulkImportRelationshipsRequest$Type extends MessageType { constructor() { super("authzed.api.v1.BulkImportRelationshipsRequest", [ - { no: 1, name: "relationships", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => Relationship, options: { "buf.validate.field": { repeated: { items: { required: true } } }, "validate.rules": { repeated: { items: { message: { required: true } } } } } } + { no: 1, name: "relationships", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => Relationship, options: { "validate.rules": { repeated: { items: { message: { required: true } } } } } } ]); } create(value?: PartialMessage): BulkImportRelationshipsRequest { diff --git a/src/authzedapi/authzed/api/v1/permission_service.ts b/src/authzedapi/authzed/api/v1/permission_service.ts index 32f1eb7..61c9f4d 100644 --- a/src/authzedapi/authzed/api/v1/permission_service.ts +++ b/src/authzedapi/authzed/api/v1/permission_service.ts @@ -483,18 +483,32 @@ export interface CheckPermissionResponse { */ export enum CheckPermissionResponse_Permissionship { /** + * PERMISSIONSHIP_UNSPECIFIED is the default value and should not be used or + * relied upon. Servers should not return this value. + * * @generated from protobuf enum value: PERMISSIONSHIP_UNSPECIFIED = 0; */ UNSPECIFIED = 0, /** + * PERMISSIONSHIP_NO_PERMISSION indicates that the subject does not have the + * requested permission on the resource. + * * @generated from protobuf enum value: PERMISSIONSHIP_NO_PERMISSION = 1; */ NO_PERMISSION = 1, /** + * PERMISSIONSHIP_HAS_PERMISSION indicates that the subject has the requested + * permission on the resource. + * * @generated from protobuf enum value: PERMISSIONSHIP_HAS_PERMISSION = 2; */ HAS_PERMISSION = 2, /** + * PERMISSIONSHIP_CONDITIONAL_PERMISSION indicates that the subject has the + * requested permission on the resource, but only if a caveat condition is met. + * The `partial_caveat_info` field in the response should contain the missing + * context fields that must be provided to fully evaluate the caveat. + * * @generated from protobuf enum value: PERMISSIONSHIP_CONDITIONAL_PERMISSION = 3; */ CONDITIONAL_PERMISSION = 3 @@ -707,6 +721,16 @@ export interface LookupResourcesRequest { * @generated from protobuf field: authzed.api.v1.Cursor optional_cursor = 7; */ optionalCursor?: Cursor; + /** + * + * with_debug, if true, indicates that the response should return debug information + * if present and available. For now, ONLY enables debugging of maximum recursion depth + * errors, with additional context being returned in error details, but this may be + * extended in the future. + * + * @generated from protobuf field: bool with_debug = 8; + */ + withDebug: boolean; } /** * LookupResourcesResponse contains a single matching resource object ID for the @@ -801,9 +825,8 @@ export interface LookupSubjectsRequest { */ optionalConcreteLimit: number; /** - * optional_cursor is currently unimplemented for LookupSubjects - * and will be ignored as of SpiceDB version 1.40.1. This will - * be implemented in a future version of SpiceDB. + * optional_cursor is not currently supported for LookupSubjects and this + * field will be ignored. Cursoring support will be added in a future version. * * @generated from protobuf field: authzed.api.v1.Cursor optional_cursor = 8; */ @@ -1017,14 +1040,25 @@ export interface ExportBulkRelationshipsResponse { */ export enum LookupPermissionship { /** + * LOOKUP_PERMISSIONSHIP_UNSPECIFIED is the default value and should not be used or + * relied upon. Servers should not return this value. + * * @generated from protobuf enum value: LOOKUP_PERMISSIONSHIP_UNSPECIFIED = 0; */ UNSPECIFIED = 0, /** + * LOOKUP_PERMISSIONSHIP_HAS_PERMISSION indicates that the subject has permission + * on the resource with no missing caveat context. + * * @generated from protobuf enum value: LOOKUP_PERMISSIONSHIP_HAS_PERMISSION = 1; */ HAS_PERMISSION = 1, /** + * LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION indicates that the subject has + * permission on the resource, but only if a caveat condition is met. The + * `partial_caveat_info` field in the response should contain the missing context + * fields that must be provided to fully evaluate the caveat. + * * @generated from protobuf enum value: LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION = 2; */ CONDITIONAL_PERMISSION = 2 @@ -1479,8 +1513,8 @@ export const Precondition = new Precondition$Type(); class WriteRelationshipsRequest$Type extends MessageType { constructor() { super("authzed.api.v1.WriteRelationshipsRequest", [ - { no: 1, name: "updates", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => RelationshipUpdate, options: { "buf.validate.field": { repeated: { items: { required: true } } }, "validate.rules": { repeated: { items: { message: { required: true } } } } } }, - { no: 2, name: "optional_preconditions", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => Precondition, options: { "buf.validate.field": { repeated: { items: { required: true } } }, "validate.rules": { repeated: { items: { message: { required: true } } } } } }, + { no: 1, name: "updates", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => RelationshipUpdate, options: { "validate.rules": { repeated: { items: { message: { required: true } } } } } }, + { no: 2, name: "optional_preconditions", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => Precondition, options: { "validate.rules": { repeated: { items: { message: { required: true } } } } } }, { no: 3, name: "optional_transaction_metadata", kind: "message", T: () => Struct, options: { "buf.validate.field": { required: false }, "validate.rules": { message: { required: false } } } } ]); } @@ -1588,7 +1622,7 @@ class DeleteRelationshipsRequest$Type extends MessageType RelationshipFilter, options: { "buf.validate.field": { required: true }, "validate.rules": { message: { required: true } } } }, - { no: 2, name: "optional_preconditions", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => Precondition, options: { "buf.validate.field": { repeated: { items: { required: true } } }, "validate.rules": { repeated: { items: { message: { required: true } } } } } }, + { no: 2, name: "optional_preconditions", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => Precondition, options: { "validate.rules": { repeated: { items: { message: { required: true } } } } } }, { no: 3, name: "optional_limit", kind: "scalar", T: 13 /*ScalarType.UINT32*/, options: { "buf.validate.field": { uint32: { gte: 0 } }, "validate.rules": { uint32: { gte: 0 } } } }, { no: 4, name: "optional_allow_partial_deletions", kind: "scalar", T: 8 /*ScalarType.BOOL*/ }, { no: 5, name: "optional_transaction_metadata", kind: "message", T: () => Struct, options: { "buf.validate.field": { required: false }, "validate.rules": { message: { required: false } } } } @@ -1881,7 +1915,7 @@ class CheckBulkPermissionsRequest$Type extends MessageType Consistency }, - { no: 2, name: "items", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => CheckBulkPermissionsRequestItem, options: { "buf.validate.field": { repeated: { items: { required: true } } }, "validate.rules": { repeated: { items: { message: { required: true } } } } } }, + { no: 2, name: "items", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => CheckBulkPermissionsRequestItem, options: { "validate.rules": { repeated: { items: { message: { required: true } } } } } }, { no: 3, name: "with_tracing", kind: "scalar", T: 8 /*ScalarType.BOOL*/ } ]); } @@ -2010,7 +2044,7 @@ class CheckBulkPermissionsResponse$Type extends MessageType ZedToken, options: { "buf.validate.field": { required: false }, "validate.rules": { message: { required: false } } } }, - { no: 2, name: "pairs", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => CheckBulkPermissionsPair, options: { "buf.validate.field": { repeated: { items: { required: true } } }, "validate.rules": { repeated: { items: { message: { required: true } } } } } } + { no: 2, name: "pairs", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => CheckBulkPermissionsPair, options: { "validate.rules": { repeated: { items: { message: { required: true } } } } } } ]); } create(value?: PartialMessage): CheckBulkPermissionsResponse { @@ -2312,11 +2346,12 @@ class LookupResourcesRequest$Type extends MessageType { { no: 4, name: "subject", kind: "message", T: () => SubjectReference, options: { "buf.validate.field": { required: true }, "validate.rules": { message: { required: true } } } }, { no: 5, name: "context", kind: "message", T: () => Struct, options: { "buf.validate.field": { required: false }, "validate.rules": { message: { required: false } } } }, { no: 6, name: "optional_limit", kind: "scalar", T: 13 /*ScalarType.UINT32*/, options: { "buf.validate.field": { uint32: { gte: 0 } }, "validate.rules": { uint32: { gte: 0 } } } }, - { no: 7, name: "optional_cursor", kind: "message", T: () => Cursor } + { no: 7, name: "optional_cursor", kind: "message", T: () => Cursor }, + { no: 8, name: "with_debug", kind: "scalar", T: 8 /*ScalarType.BOOL*/ } ]); } create(value?: PartialMessage): LookupResourcesRequest { - const message = { resourceObjectType: "", permission: "", optionalLimit: 0 }; + const message = { resourceObjectType: "", permission: "", optionalLimit: 0, withDebug: false }; globalThis.Object.defineProperty(message, MESSAGE_TYPE, { enumerable: false, value: this }); if (value !== undefined) reflectionMergePartial(this, message, value); @@ -2348,6 +2383,9 @@ class LookupResourcesRequest$Type extends MessageType { case /* authzed.api.v1.Cursor optional_cursor */ 7: message.optionalCursor = Cursor.internalBinaryRead(reader, reader.uint32(), options, message.optionalCursor); break; + case /* bool with_debug */ 8: + message.withDebug = reader.bool(); + break; default: let u = options.readUnknownField; if (u === "throw") @@ -2381,6 +2419,9 @@ class LookupResourcesRequest$Type extends MessageType { /* authzed.api.v1.Cursor optional_cursor = 7; */ if (message.optionalCursor) Cursor.internalBinaryWrite(message.optionalCursor, writer.tag(7, WireType.LengthDelimited).fork(), options).join(); + /* bool with_debug = 8; */ + if (message.withDebug !== false) + writer.tag(8, WireType.Varint).bool(message.withDebug); let u = options.writeUnknownFields; if (u !== false) (u == true ? UnknownFieldHandler.onWrite : u)(this.typeName, message, writer); @@ -2730,7 +2771,7 @@ export const ResolvedSubject = new ResolvedSubject$Type(); class ImportBulkRelationshipsRequest$Type extends MessageType { constructor() { super("authzed.api.v1.ImportBulkRelationshipsRequest", [ - { no: 1, name: "relationships", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => Relationship, options: { "buf.validate.field": { repeated: { items: { required: true } } }, "validate.rules": { repeated: { items: { message: { required: true } } } } } } + { no: 1, name: "relationships", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => Relationship, options: { "validate.rules": { repeated: { items: { message: { required: true } } } } } } ]); } create(value?: PartialMessage): ImportBulkRelationshipsRequest {