diff --git a/Makefile b/Makefile index 85c7cb2d4..09561a843 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ NAME="github.com/odpf/guardian" LAST_COMMIT := $(shell git rev-parse --short HEAD) LAST_TAG := "$(shell git rev-list --tags --max-count=1)" APP_VERSION := "$(shell git describe --tags ${LAST_TAG})-next" -PROTON_COMMIT := "60db5133e25d38a650d1e4960416320e2dbfe83a" +PROTON_COMMIT := "56bd199aa0b81bc71d60e461592c88c80a1330ba" .PHONY: all build test clean dist vet proto install diff --git a/api/handler/v1beta1/access.go b/api/handler/v1beta1/access.go new file mode 100644 index 000000000..716ced4be --- /dev/null +++ b/api/handler/v1beta1/access.go @@ -0,0 +1,156 @@ +package v1beta1 + +import ( + "context" + "errors" + + guardianv1beta1 "github.com/odpf/guardian/api/proto/odpf/guardian/v1beta1" + "github.com/odpf/guardian/core/access" + "github.com/odpf/guardian/domain" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" +) + +func (s *GRPCServer) ListAccesses(ctx context.Context, req *guardianv1beta1.ListAccessesRequest) (*guardianv1beta1.ListAccessesResponse, error) { + filter := domain.ListAccessesFilter{ + Statuses: req.GetStatuses(), + AccountIDs: req.GetAccountIds(), + AccountTypes: req.GetAccountTypes(), + ResourceIDs: req.GetResourceIds(), + Roles: req.GetRoles(), + ProviderTypes: req.GetProviderTypes(), + ProviderURNs: req.GetProviderUrns(), + ResourceTypes: req.GetResourceTypes(), + ResourceURNs: req.GetResourceUrns(), + CreatedBy: req.GetCreatedBy(), + } + accesses, err := s.listAccesses(ctx, filter) + if err != nil { + return nil, err + } + + return &guardianv1beta1.ListAccessesResponse{ + Accesses: accesses, + }, nil +} + +func (s *GRPCServer) ListUserAccesses(ctx context.Context, req *guardianv1beta1.ListUserAccessesRequest) (*guardianv1beta1.ListUserAccessesResponse, error) { + user, err := s.getUser(ctx) + if err != nil { + return nil, status.Error(codes.Unauthenticated, "failed to get metadata: user") + } + + filter := domain.ListAccessesFilter{ + Statuses: req.GetStatuses(), + AccountIDs: req.GetAccountIds(), + AccountTypes: req.GetAccountTypes(), + ResourceIDs: req.GetResourceIds(), + Roles: req.GetRoles(), + ProviderTypes: req.GetProviderTypes(), + ProviderURNs: req.GetProviderUrns(), + ResourceTypes: req.GetResourceTypes(), + ResourceURNs: req.GetResourceUrns(), + CreatedBy: user, + } + accesses, err := s.listAccesses(ctx, filter) + if err != nil { + return nil, err + } + + return &guardianv1beta1.ListUserAccessesResponse{ + Accesses: accesses, + }, nil +} + +func (s *GRPCServer) GetAccess(ctx context.Context, req *guardianv1beta1.GetAccessRequest) (*guardianv1beta1.GetAccessResponse, error) { + a, err := s.accessService.GetByID(ctx, req.GetId()) + if err != nil { + if errors.Is(err, access.ErrAccessNotFound) { + return nil, status.Errorf(codes.NotFound, "access %q not found: %v", req.GetId(), err) + } + return nil, status.Errorf(codes.Internal, "failed to get access details: %v", err) + } + + accessProto, err := s.adapter.ToAccessProto(a) + if err != nil { + return nil, status.Errorf(codes.Internal, "failed to parse access: %v", err) + } + + return &guardianv1beta1.GetAccessResponse{ + Access: accessProto, + }, nil +} + +func (s *GRPCServer) RevokeAccess(ctx context.Context, req *guardianv1beta1.RevokeAccessRequest) (*guardianv1beta1.RevokeAccessResponse, error) { + actor, err := s.getUser(ctx) + if err != nil { + return nil, status.Error(codes.Unauthenticated, "failed to get metadata: actor") + } + + a, err := s.accessService.Revoke(ctx, req.GetId(), actor, req.GetReason()) + if err != nil { + if errors.Is(err, access.ErrAccessNotFound) { + return nil, status.Error(codes.NotFound, "access not found") + } + return nil, status.Errorf(codes.Internal, "failed to revoke access: %v", err) + } + + accessProto, err := s.adapter.ToAccessProto(a) + if err != nil { + return nil, status.Errorf(codes.Internal, "failed to parse access: %v", err) + } + + return &guardianv1beta1.RevokeAccessResponse{ + Access: accessProto, + }, nil +} + +func (s *GRPCServer) RevokeAccesses(ctx context.Context, req *guardianv1beta1.RevokeAccessesRequest) (*guardianv1beta1.RevokeAccessesResponse, error) { + actor, err := s.getUser(ctx) + if err != nil { + return nil, status.Error(codes.Unauthenticated, "failed to get metadata: actor") + } + + filter := domain.RevokeAccessesFilter{ + AccountIDs: req.GetAccountIds(), + ProviderTypes: req.GetProviderTypes(), + ProviderURNs: req.GetProviderUrns(), + ResourceTypes: req.GetResourceTypes(), + ResourceURNs: req.GetResourceUrns(), + } + accesses, err := s.accessService.BulkRevoke(ctx, filter, actor, req.GetReason()) + if err != nil { + return nil, status.Error(codes.Internal, "failed to revoke accesses in bulk") + } + + var accessesProto []*guardianv1beta1.Access + for _, a := range accesses { + accessProto, err := s.adapter.ToAccessProto(a) + if err != nil { + return nil, status.Errorf(codes.Internal, "failed to parse access: %v", err) + } + accessesProto = append(accessesProto, accessProto) + } + + return &guardianv1beta1.RevokeAccessesResponse{ + Accesses: accessesProto, + }, nil +} + +func (s *GRPCServer) listAccesses(ctx context.Context, filter domain.ListAccessesFilter) ([]*guardianv1beta1.Access, error) { + accesses, err := s.accessService.List(ctx, filter) + if err != nil { + return nil, status.Errorf(codes.Internal, "failed to list accesses: %v", err) + } + + var accessProtos []*guardianv1beta1.Access + for i, a := range accesses { + accessProto, err := s.adapter.ToAccessProto(&accesses[i]) + if err != nil { + return nil, status.Errorf(codes.Internal, "failed to parse access %q: %v", a.ID, err) + } + accessProtos = append(accessProtos, accessProto) + } + + return accessProtos, nil +} diff --git a/api/handler/v1beta1/access_test.go b/api/handler/v1beta1/access_test.go new file mode 100644 index 000000000..2016f17ba --- /dev/null +++ b/api/handler/v1beta1/access_test.go @@ -0,0 +1,253 @@ +package v1beta1_test + +import ( + "context" + "errors" + "time" + + guardianv1beta1 "github.com/odpf/guardian/api/proto/odpf/guardian/v1beta1" + "github.com/odpf/guardian/core/access" + "github.com/odpf/guardian/domain" + "github.com/stretchr/testify/mock" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + "google.golang.org/protobuf/types/known/timestamppb" +) + +func (s *GrpcHandlersSuite) TestListAccesses() { + s.Run("should return list of access on success", func() { + s.setup() + timeNow := time.Now() + + dummyAccesses := []domain.Access{ + { + ID: "test-id", + Status: "test-status", + AccountID: "test-account-id", + AccountType: "test-account-type", + ResourceID: "test-resource-id", + Permissions: []string{"test-permission"}, + ExpirationDate: &timeNow, + AppealID: "test-appeal-id", + RevokedBy: "test-revoked-by", + RevokedAt: &timeNow, + RevokeReason: "test-revoke-reason", + CreatedAt: timeNow, + UpdatedAt: timeNow, + Resource: &domain.Resource{ + ID: "test-resource-id", + }, + Appeal: &domain.Appeal{ + ID: "test-appeal-id", + }, + }, + } + expectedResponse := &guardianv1beta1.ListAccessesResponse{ + Accesses: []*guardianv1beta1.Access{ + { + Id: "test-id", + Status: "test-status", + AccountId: "test-account-id", + AccountType: "test-account-type", + ResourceId: "test-resource-id", + Permissions: []string{"test-permission"}, + ExpirationDate: timestamppb.New(timeNow), + AppealId: "test-appeal-id", + RevokedBy: "test-revoked-by", + RevokedAt: timestamppb.New(timeNow), + RevokeReason: "test-revoke-reason", + CreatedAt: timestamppb.New(timeNow), + UpdatedAt: timestamppb.New(timeNow), + Resource: &guardianv1beta1.Resource{ + Id: "test-resource-id", + }, + Appeal: &guardianv1beta1.Appeal{ + Id: "test-appeal-id", + }, + }, + }, + } + expectedFilter := domain.ListAccessesFilter{ + Statuses: []string{"test-status"}, + AccountIDs: []string{"test-account-id"}, + AccountTypes: []string{"test-account-type"}, + ResourceIDs: []string{"test-resource-id"}, + } + s.accessService.EXPECT(). + List(mock.AnythingOfType("*context.emptyCtx"), expectedFilter). + Return(dummyAccesses, nil).Once() + + req := &guardianv1beta1.ListAccessesRequest{ + Statuses: expectedFilter.Statuses, + AccountIds: expectedFilter.AccountIDs, + AccountTypes: expectedFilter.AccountTypes, + ResourceIds: expectedFilter.ResourceIDs, + } + res, err := s.grpcServer.ListAccesses(context.Background(), req) + + s.NoError(err) + s.Equal(expectedResponse, res) + s.accessService.AssertExpectations(s.T()) + }) + + s.Run("should return error if service returns an error", func() { + s.setup() + + expectedError := errors.New("unexpected error") + s.accessService.EXPECT(). + List(mock.AnythingOfType("*context.emptyCtx"), mock.AnythingOfType("domain.ListAccessesFilter")). + Return(nil, expectedError).Once() + + req := &guardianv1beta1.ListAccessesRequest{} + res, err := s.grpcServer.ListAccesses(context.Background(), req) + + s.Equal(codes.Internal, status.Code(err)) + s.Nil(res) + s.accessService.AssertExpectations(s.T()) + }) + + s.Run("should return error if there is an error when parsing the access", func() { + s.setup() + + expectedAccesses := []domain.Access{ + { + Resource: &domain.Resource{ + Details: map[string]interface{}{ + "foo": make(chan int), // invalid value + }, + }, + }, + } + s.accessService.EXPECT(). + List(mock.AnythingOfType("*context.emptyCtx"), mock.AnythingOfType("domain.ListAccessesFilter")). + Return(expectedAccesses, nil).Once() + + req := &guardianv1beta1.ListAccessesRequest{} + res, err := s.grpcServer.ListAccesses(context.Background(), req) + + s.Equal(codes.Internal, status.Code(err)) + s.Nil(res) + s.accessService.AssertExpectations(s.T()) + }) +} + +func (s *GrpcHandlersSuite) TestGetAccess() { + s.Run("should return access details on succes", func() { + s.setup() + timeNow := time.Now() + + accessID := "test-id" + dummyAccess := &domain.Access{ + ID: accessID, + Status: "test-status", + AccountID: "test-account-id", + AccountType: "test-account-type", + ResourceID: "test-resource-id", + Permissions: []string{"test-permission"}, + ExpirationDate: &timeNow, + AppealID: "test-appeal-id", + RevokedBy: "test-revoked-by", + RevokedAt: &timeNow, + RevokeReason: "test-revoke-reason", + CreatedAt: timeNow, + UpdatedAt: timeNow, + Resource: &domain.Resource{ + ID: "test-resource-id", + }, + Appeal: &domain.Appeal{ + ID: "test-appeal-id", + }, + } + expectedResponse := &guardianv1beta1.GetAccessResponse{ + Access: &guardianv1beta1.Access{ + Id: accessID, + Status: "test-status", + AccountId: "test-account-id", + AccountType: "test-account-type", + ResourceId: "test-resource-id", + Permissions: []string{"test-permission"}, + ExpirationDate: timestamppb.New(timeNow), + AppealId: "test-appeal-id", + RevokedBy: "test-revoked-by", + RevokedAt: timestamppb.New(timeNow), + RevokeReason: "test-revoke-reason", + CreatedAt: timestamppb.New(timeNow), + UpdatedAt: timestamppb.New(timeNow), + Resource: &guardianv1beta1.Resource{ + Id: "test-resource-id", + }, + Appeal: &guardianv1beta1.Appeal{ + Id: "test-appeal-id", + }, + }, + } + s.accessService.EXPECT(). + GetByID(mock.AnythingOfType("*context.emptyCtx"), accessID). + Return(dummyAccess, nil).Once() + + req := &guardianv1beta1.GetAccessRequest{Id: accessID} + res, err := s.grpcServer.GetAccess(context.Background(), req) + + s.NoError(err) + s.Equal(expectedResponse, res) + s.accessService.AssertExpectations(s.T()) + }) + + s.Run("should return error if access service returns an error", func() { + testCases := []struct { + name string + expectedError error + expectedCode codes.Code + }{ + { + "should return not found error if record not found", + access.ErrAccessNotFound, + codes.NotFound, + }, + { + "should return internal error if there's an unexpected error", + errors.New("unexpected error"), + codes.Internal, + }, + } + + for _, tc := range testCases { + s.Run(tc.name, func() { + s.setup() + + s.accessService.EXPECT(). + GetByID(mock.AnythingOfType("*context.emptyCtx"), mock.AnythingOfType("string")). + Return(nil, tc.expectedError).Once() + + req := &guardianv1beta1.GetAccessRequest{Id: "test-id"} + res, err := s.grpcServer.GetAccess(context.Background(), req) + + s.Equal(tc.expectedCode, status.Code(err)) + s.Nil(res) + s.accessService.AssertExpectations(s.T()) + }) + } + }) + + s.Run("should return error if there is an error when parsing the access", func() { + s.setup() + + expectedAccess := &domain.Access{ + Resource: &domain.Resource{ + Details: map[string]interface{}{ + "foo": make(chan int), // invalid value + }, + }, + } + s.accessService.EXPECT(). + GetByID(mock.AnythingOfType("*context.emptyCtx"), mock.AnythingOfType("string")). + Return(expectedAccess, nil).Once() + + req := &guardianv1beta1.GetAccessRequest{Id: "test-id"} + res, err := s.grpcServer.GetAccess(context.Background(), req) + + s.Equal(codes.Internal, status.Code(err)) + s.Nil(res) + s.accessService.AssertExpectations(s.T()) + }) +} diff --git a/api/handler/v1beta1/adapter.go b/api/handler/v1beta1/adapter.go index 01a540bea..798865b6b 100644 --- a/api/handler/v1beta1/adapter.go +++ b/api/handler/v1beta1/adapter.go @@ -1,6 +1,8 @@ package v1beta1 import ( + "fmt" + "github.com/mitchellh/mapstructure" guardianv1beta1 "github.com/odpf/guardian/api/proto/odpf/guardian/v1beta1" "github.com/odpf/guardian/domain" @@ -549,6 +551,12 @@ func (a *adapter) ToAppealProto(appeal *domain.Appeal) (*guardianv1beta1.Appeal, appealProto.RevokedAt = timestamppb.New(appeal.RevokedAt) } + accessProto, err := a.ToAccessProto(appeal.Access) + if err != nil { + return nil, fmt.Errorf("parsing access: %w", err) + } + appealProto.Access = accessProto + return appealProto, nil } @@ -618,6 +626,55 @@ func (a *adapter) ToApprovalProto(approval *domain.Approval) (*guardianv1beta1.A return approvalProto, nil } +func (a *adapter) ToAccessProto(access *domain.Access) (*guardianv1beta1.Access, error) { + if access == nil { + return nil, nil + } + + accessProto := &guardianv1beta1.Access{ + Id: access.ID, + Status: string(access.Status), + AccountId: access.AccountID, + AccountType: access.AccountType, + ResourceId: access.ResourceID, + Role: access.Role, + Permissions: access.Permissions, + AppealId: access.AppealID, + RevokedBy: access.RevokedBy, + RevokeReason: access.RevokeReason, + CreatedBy: access.CreatedBy, + } + + if access.ExpirationDate != nil { + accessProto.ExpirationDate = timestamppb.New(*access.ExpirationDate) + } + if access.RevokedAt != nil { + accessProto.RevokedAt = timestamppb.New(*access.RevokedAt) + } + if !access.CreatedAt.IsZero() { + accessProto.CreatedAt = timestamppb.New(access.CreatedAt) + } + if !access.UpdatedAt.IsZero() { + accessProto.UpdatedAt = timestamppb.New(access.UpdatedAt) + } + if access.Resource != nil { + resourceProto, err := a.ToResourceProto(access.Resource) + if err != nil { + return nil, fmt.Errorf("parsing resource: %w", err) + } + accessProto.Resource = resourceProto + } + if access.Appeal != nil { + appealProto, err := a.ToAppealProto(access.Appeal) + if err != nil { + return nil, fmt.Errorf("parsing appeal: %w", err) + } + accessProto.Appeal = appealProto + } + + return accessProto, nil +} + func (a *adapter) fromConditionProto(c *guardianv1beta1.Condition) *domain.Condition { if c == nil { return nil diff --git a/api/handler/v1beta1/appeal.go b/api/handler/v1beta1/appeal.go index e747dd09c..c9520e4c1 100644 --- a/api/handler/v1beta1/appeal.go +++ b/api/handler/v1beta1/appeal.go @@ -166,7 +166,7 @@ func (s *GRPCServer) RevokeAppeal(ctx context.Context, req *guardianv1beta1.Revo case appeal.ErrAppealNotFound: return nil, status.Errorf(codes.NotFound, "appeal not found: %v", id) default: - return nil, status.Errorf(codes.Internal, "failed to cancel appeal: %v", err) + return nil, status.Errorf(codes.Internal, "failed to revoke appeal: %v", err) } } diff --git a/api/handler/v1beta1/grpc.go b/api/handler/v1beta1/grpc.go index 2502ab2c3..a9b509853 100644 --- a/api/handler/v1beta1/grpc.go +++ b/api/handler/v1beta1/grpc.go @@ -1,15 +1,10 @@ -//go:generate mockery --name=resourceService --exported --with-expecter -//go:generate mockery --name=providerService --exported --with-expecter -//go:generate mockery --name=policyService --exported --with-expecter -//go:generate mockery --name=appealService --exported --with-expecter -//go:generate mockery --name=approvalService --exported --with-expecter - package v1beta1 import ( "context" "errors" + "github.com/odpf/guardian/core/access" "github.com/odpf/guardian/core/appeal" guardianv1beta1 "github.com/odpf/guardian/api/proto/odpf/guardian/v1beta1" @@ -36,8 +31,11 @@ type ProtoAdapter interface { ToAppealProto(*domain.Appeal) (*guardianv1beta1.Appeal, error) FromCreateAppealProto(*guardianv1beta1.CreateAppealRequest, string) ([]*domain.Appeal, error) ToApprovalProto(*domain.Approval) (*guardianv1beta1.Approval, error) + + ToAccessProto(*domain.Access) (*guardianv1beta1.Access, error) } +//go:generate mockery --name=resourceService --exported --with-expecter type resourceService interface { Find(context.Context, map[string]interface{}) ([]*domain.Resource, error) GetOne(string) (*domain.Resource, error) @@ -48,6 +46,7 @@ type resourceService interface { BatchDelete(context.Context, []string) error } +//go:generate mockery --name=providerService --exported --with-expecter type providerService interface { Create(context.Context, *domain.Provider) error Find(context.Context) ([]*domain.Provider, error) @@ -58,11 +57,12 @@ type providerService interface { FetchResources(context.Context) error GetRoles(ctx context.Context, id, resourceType string) ([]*domain.Role, error) ValidateAppeal(context.Context, *domain.Appeal, *domain.Provider) error - GrantAccess(context.Context, *domain.Appeal) error - RevokeAccess(context.Context, *domain.Appeal) error + GrantAccess(context.Context, domain.Access) error + RevokeAccess(context.Context, domain.Access) error Delete(context.Context, string) error } +//go:generate mockery --name=policyService --exported --with-expecter type policyService interface { Create(context.Context, *domain.Policy) error Find(context.Context) ([]*domain.Policy, error) @@ -70,6 +70,7 @@ type policyService interface { Update(context.Context, *domain.Policy) error } +//go:generate mockery --name=appealService --exported --with-expecter type appealService interface { GetByID(context.Context, string) (*domain.Appeal, error) Find(context.Context, *domain.ListAppealsFilter) ([]*domain.Appeal, error) @@ -82,18 +83,28 @@ type appealService interface { DeleteApprover(ctx context.Context, appealID, approvalID, email string) (*domain.Appeal, error) } +//go:generate mockery --name=approvalService --exported --with-expecter type approvalService interface { ListApprovals(context.Context, *domain.ListApprovalsFilter) ([]*domain.Approval, error) BulkInsert(context.Context, []*domain.Approval) error AdvanceApproval(context.Context, *domain.Appeal) error } +//go:generate mockery --name=accessService --exported --with-expecter +type accessService interface { + List(context.Context, domain.ListAccessesFilter) ([]domain.Access, error) + GetByID(context.Context, string) (*domain.Access, error) + Revoke(ctx context.Context, id, actor, reason string, opts ...access.Option) (*domain.Access, error) + BulkRevoke(ctx context.Context, filter domain.RevokeAccessesFilter, actor, reason string) ([]*domain.Access, error) +} + type GRPCServer struct { resourceService resourceService providerService providerService policyService policyService appealService appealService approvalService approvalService + accessService accessService adapter ProtoAdapter authenticatedUserHeaderKey string @@ -107,6 +118,7 @@ func NewGRPCServer( policyService policyService, appealService appealService, approvalService approvalService, + accessService accessService, adapter ProtoAdapter, authenticatedUserHeaderKey string, ) *GRPCServer { @@ -116,6 +128,7 @@ func NewGRPCServer( policyService: policyService, appealService: appealService, approvalService: approvalService, + accessService: accessService, adapter: adapter, authenticatedUserHeaderKey: authenticatedUserHeaderKey, } diff --git a/api/handler/v1beta1/grpc_test.go b/api/handler/v1beta1/grpc_test.go index b9be7de28..16b43326d 100644 --- a/api/handler/v1beta1/grpc_test.go +++ b/api/handler/v1beta1/grpc_test.go @@ -16,6 +16,7 @@ type GrpcHandlersSuite struct { policyService *mocks.PolicyService appealService *mocks.AppealService approvalService *mocks.ApprovalService + accessService *mocks.AccessService grpcServer *v1beta1.GRPCServer authenticatedUserHeaderKey string @@ -31,6 +32,7 @@ func (s *GrpcHandlersSuite) setup() { s.policyService = new(mocks.PolicyService) s.appealService = new(mocks.AppealService) s.approvalService = new(mocks.ApprovalService) + s.accessService = new(mocks.AccessService) s.authenticatedUserHeaderKey = "test-header-key" s.grpcServer = v1beta1.NewGRPCServer( s.resourceService, @@ -38,6 +40,7 @@ func (s *GrpcHandlersSuite) setup() { s.policyService, s.appealService, s.approvalService, + s.accessService, v1beta1.NewAdapter(), s.authenticatedUserHeaderKey, ) diff --git a/api/handler/v1beta1/mocks/accessService.go b/api/handler/v1beta1/mocks/accessService.go new file mode 100644 index 000000000..c9aa03ff2 --- /dev/null +++ b/api/handler/v1beta1/mocks/accessService.go @@ -0,0 +1,233 @@ +// Code generated by mockery v2.10.0. DO NOT EDIT. + +package mocks + +import ( + context "context" + + access "github.com/odpf/guardian/core/access" + + domain "github.com/odpf/guardian/domain" + + mock "github.com/stretchr/testify/mock" +) + +// AccessService is an autogenerated mock type for the accessService type +type AccessService struct { + mock.Mock +} + +type AccessService_Expecter struct { + mock *mock.Mock +} + +func (_m *AccessService) EXPECT() *AccessService_Expecter { + return &AccessService_Expecter{mock: &_m.Mock} +} + +// BulkRevoke provides a mock function with given fields: ctx, filter, actor, reason +func (_m *AccessService) BulkRevoke(ctx context.Context, filter domain.RevokeAccessesFilter, actor string, reason string) ([]*domain.Access, error) { + ret := _m.Called(ctx, filter, actor, reason) + + var r0 []*domain.Access + if rf, ok := ret.Get(0).(func(context.Context, domain.RevokeAccessesFilter, string, string) []*domain.Access); ok { + r0 = rf(ctx, filter, actor, reason) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]*domain.Access) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, domain.RevokeAccessesFilter, string, string) error); ok { + r1 = rf(ctx, filter, actor, reason) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// AccessService_BulkRevoke_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'BulkRevoke' +type AccessService_BulkRevoke_Call struct { + *mock.Call +} + +// BulkRevoke is a helper method to define mock.On call +// - ctx context.Context +// - filter domain.RevokeAccessesFilter +// - actor string +// - reason string +func (_e *AccessService_Expecter) BulkRevoke(ctx interface{}, filter interface{}, actor interface{}, reason interface{}) *AccessService_BulkRevoke_Call { + return &AccessService_BulkRevoke_Call{Call: _e.mock.On("BulkRevoke", ctx, filter, actor, reason)} +} + +func (_c *AccessService_BulkRevoke_Call) Run(run func(ctx context.Context, filter domain.RevokeAccessesFilter, actor string, reason string)) *AccessService_BulkRevoke_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(domain.RevokeAccessesFilter), args[2].(string), args[3].(string)) + }) + return _c +} + +func (_c *AccessService_BulkRevoke_Call) Return(_a0 []*domain.Access, _a1 error) *AccessService_BulkRevoke_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +// GetByID provides a mock function with given fields: _a0, _a1 +func (_m *AccessService) GetByID(_a0 context.Context, _a1 string) (*domain.Access, error) { + ret := _m.Called(_a0, _a1) + + var r0 *domain.Access + if rf, ok := ret.Get(0).(func(context.Context, string) *domain.Access); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*domain.Access) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, string) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// AccessService_GetByID_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetByID' +type AccessService_GetByID_Call struct { + *mock.Call +} + +// GetByID is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 string +func (_e *AccessService_Expecter) GetByID(_a0 interface{}, _a1 interface{}) *AccessService_GetByID_Call { + return &AccessService_GetByID_Call{Call: _e.mock.On("GetByID", _a0, _a1)} +} + +func (_c *AccessService_GetByID_Call) Run(run func(_a0 context.Context, _a1 string)) *AccessService_GetByID_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(string)) + }) + return _c +} + +func (_c *AccessService_GetByID_Call) Return(_a0 *domain.Access, _a1 error) *AccessService_GetByID_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +// List provides a mock function with given fields: _a0, _a1 +func (_m *AccessService) List(_a0 context.Context, _a1 domain.ListAccessesFilter) ([]domain.Access, error) { + ret := _m.Called(_a0, _a1) + + var r0 []domain.Access + if rf, ok := ret.Get(0).(func(context.Context, domain.ListAccessesFilter) []domain.Access); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]domain.Access) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, domain.ListAccessesFilter) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// AccessService_List_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'List' +type AccessService_List_Call struct { + *mock.Call +} + +// List is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 domain.ListAccessesFilter +func (_e *AccessService_Expecter) List(_a0 interface{}, _a1 interface{}) *AccessService_List_Call { + return &AccessService_List_Call{Call: _e.mock.On("List", _a0, _a1)} +} + +func (_c *AccessService_List_Call) Run(run func(_a0 context.Context, _a1 domain.ListAccessesFilter)) *AccessService_List_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(domain.ListAccessesFilter)) + }) + return _c +} + +func (_c *AccessService_List_Call) Return(_a0 []domain.Access, _a1 error) *AccessService_List_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +// Revoke provides a mock function with given fields: ctx, id, actor, reason, opts +func (_m *AccessService) Revoke(ctx context.Context, id string, actor string, reason string, opts ...access.Option) (*domain.Access, error) { + _va := make([]interface{}, len(opts)) + for _i := range opts { + _va[_i] = opts[_i] + } + var _ca []interface{} + _ca = append(_ca, ctx, id, actor, reason) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + var r0 *domain.Access + if rf, ok := ret.Get(0).(func(context.Context, string, string, string, ...access.Option) *domain.Access); ok { + r0 = rf(ctx, id, actor, reason, opts...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*domain.Access) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, string, string, string, ...access.Option) error); ok { + r1 = rf(ctx, id, actor, reason, opts...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// AccessService_Revoke_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Revoke' +type AccessService_Revoke_Call struct { + *mock.Call +} + +// Revoke is a helper method to define mock.On call +// - ctx context.Context +// - id string +// - actor string +// - reason string +// - opts ...access.Option +func (_e *AccessService_Expecter) Revoke(ctx interface{}, id interface{}, actor interface{}, reason interface{}, opts ...interface{}) *AccessService_Revoke_Call { + return &AccessService_Revoke_Call{Call: _e.mock.On("Revoke", + append([]interface{}{ctx, id, actor, reason}, opts...)...)} +} + +func (_c *AccessService_Revoke_Call) Run(run func(ctx context.Context, id string, actor string, reason string, opts ...access.Option)) *AccessService_Revoke_Call { + _c.Call.Run(func(args mock.Arguments) { + variadicArgs := make([]access.Option, len(args)-4) + for i, a := range args[4:] { + if a != nil { + variadicArgs[i] = a.(access.Option) + } + } + run(args[0].(context.Context), args[1].(string), args[2].(string), args[3].(string), variadicArgs...) + }) + return _c +} + +func (_c *AccessService_Revoke_Call) Return(_a0 *domain.Access, _a1 error) *AccessService_Revoke_Call { + _c.Call.Return(_a0, _a1) + return _c +} diff --git a/api/handler/v1beta1/mocks/appealService.go b/api/handler/v1beta1/mocks/appealService.go index 7f9415152..6788184a2 100644 --- a/api/handler/v1beta1/mocks/appealService.go +++ b/api/handler/v1beta1/mocks/appealService.go @@ -74,6 +74,55 @@ func (_c *AppealService_AddApprover_Call) Return(_a0 *domain.Appeal, _a1 error) return _c } +// BulkRevoke provides a mock function with given fields: ctx, filters, actor, reason +func (_m *AppealService) BulkRevoke(ctx context.Context, filters *domain.RevokeAppealsFilter, actor string, reason string) ([]*domain.Appeal, error) { + ret := _m.Called(ctx, filters, actor, reason) + + var r0 []*domain.Appeal + if rf, ok := ret.Get(0).(func(context.Context, *domain.RevokeAppealsFilter, string, string) []*domain.Appeal); ok { + r0 = rf(ctx, filters, actor, reason) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]*domain.Appeal) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, *domain.RevokeAppealsFilter, string, string) error); ok { + r1 = rf(ctx, filters, actor, reason) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// AppealService_BulkRevoke_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'BulkRevoke' +type AppealService_BulkRevoke_Call struct { + *mock.Call +} + +// BulkRevoke is a helper method to define mock.On call +// - ctx context.Context +// - filters *domain.RevokeAppealsFilter +// - actor string +// - reason string +func (_e *AppealService_Expecter) BulkRevoke(ctx interface{}, filters interface{}, actor interface{}, reason interface{}) *AppealService_BulkRevoke_Call { + return &AppealService_BulkRevoke_Call{Call: _e.mock.On("BulkRevoke", ctx, filters, actor, reason)} +} + +func (_c *AppealService_BulkRevoke_Call) Run(run func(ctx context.Context, filters *domain.RevokeAppealsFilter, actor string, reason string)) *AppealService_BulkRevoke_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(*domain.RevokeAppealsFilter), args[2].(string), args[3].(string)) + }) + return _c +} + +func (_c *AppealService_BulkRevoke_Call) Return(_a0 []*domain.Appeal, _a1 error) *AppealService_BulkRevoke_Call { + _c.Call.Return(_a0, _a1) + return _c +} + // Cancel provides a mock function with given fields: _a0, _a1 func (_m *AppealService) Cancel(_a0 context.Context, _a1 string) (*domain.Appeal, error) { ret := _m.Called(_a0, _a1) @@ -387,28 +436,6 @@ func (_m *AppealService) Revoke(ctx context.Context, id string, actor string, re return r0, r1 } -func (_m *AppealService) BulkRevoke(ctx context.Context, filters *domain.RevokeAppealsFilter, actor, reason string) ([]*domain.Appeal, error) { - ret := _m.Called(ctx, filters, actor, reason) - - var r0 []*domain.Appeal - if rf, ok := ret.Get(0).(func(context.Context, *domain.RevokeAppealsFilter, string, string) []*domain.Appeal); ok { - r0 = rf(ctx, filters, actor, reason) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).([]*domain.Appeal) - } - } - - var r1 error - if rf, ok := ret.Get(1).(func(context.Context, *domain.RevokeAppealsFilter, string, string) error); ok { - r1 = rf(ctx, filters, actor, reason) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - // AppealService_Revoke_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Revoke' type AppealService_Revoke_Call struct { *mock.Call diff --git a/api/handler/v1beta1/mocks/providerService.go b/api/handler/v1beta1/mocks/providerService.go index d8ae9ca6a..28c838625 100644 --- a/api/handler/v1beta1/mocks/providerService.go +++ b/api/handler/v1beta1/mocks/providerService.go @@ -371,11 +371,11 @@ func (_c *ProviderService_GetTypes_Call) Return(_a0 []domain.ProviderType, _a1 e } // GrantAccess provides a mock function with given fields: _a0, _a1 -func (_m *ProviderService) GrantAccess(_a0 context.Context, _a1 *domain.Appeal) error { +func (_m *ProviderService) GrantAccess(_a0 context.Context, _a1 domain.Access) error { ret := _m.Called(_a0, _a1) var r0 error - if rf, ok := ret.Get(0).(func(context.Context, *domain.Appeal) error); ok { + if rf, ok := ret.Get(0).(func(context.Context, domain.Access) error); ok { r0 = rf(_a0, _a1) } else { r0 = ret.Error(0) @@ -391,14 +391,14 @@ type ProviderService_GrantAccess_Call struct { // GrantAccess is a helper method to define mock.On call // - _a0 context.Context -// - _a1 *domain.Appeal +// - _a1 domain.Access func (_e *ProviderService_Expecter) GrantAccess(_a0 interface{}, _a1 interface{}) *ProviderService_GrantAccess_Call { return &ProviderService_GrantAccess_Call{Call: _e.mock.On("GrantAccess", _a0, _a1)} } -func (_c *ProviderService_GrantAccess_Call) Run(run func(_a0 context.Context, _a1 *domain.Appeal)) *ProviderService_GrantAccess_Call { +func (_c *ProviderService_GrantAccess_Call) Run(run func(_a0 context.Context, _a1 domain.Access)) *ProviderService_GrantAccess_Call { _c.Call.Run(func(args mock.Arguments) { - run(args[0].(context.Context), args[1].(*domain.Appeal)) + run(args[0].(context.Context), args[1].(domain.Access)) }) return _c } @@ -409,11 +409,11 @@ func (_c *ProviderService_GrantAccess_Call) Return(_a0 error) *ProviderService_G } // RevokeAccess provides a mock function with given fields: _a0, _a1 -func (_m *ProviderService) RevokeAccess(_a0 context.Context, _a1 *domain.Appeal) error { +func (_m *ProviderService) RevokeAccess(_a0 context.Context, _a1 domain.Access) error { ret := _m.Called(_a0, _a1) var r0 error - if rf, ok := ret.Get(0).(func(context.Context, *domain.Appeal) error); ok { + if rf, ok := ret.Get(0).(func(context.Context, domain.Access) error); ok { r0 = rf(_a0, _a1) } else { r0 = ret.Error(0) @@ -429,14 +429,14 @@ type ProviderService_RevokeAccess_Call struct { // RevokeAccess is a helper method to define mock.On call // - _a0 context.Context -// - _a1 *domain.Appeal +// - _a1 domain.Access func (_e *ProviderService_Expecter) RevokeAccess(_a0 interface{}, _a1 interface{}) *ProviderService_RevokeAccess_Call { return &ProviderService_RevokeAccess_Call{Call: _e.mock.On("RevokeAccess", _a0, _a1)} } -func (_c *ProviderService_RevokeAccess_Call) Run(run func(_a0 context.Context, _a1 *domain.Appeal)) *ProviderService_RevokeAccess_Call { +func (_c *ProviderService_RevokeAccess_Call) Run(run func(_a0 context.Context, _a1 domain.Access)) *ProviderService_RevokeAccess_Call { _c.Call.Run(func(args mock.Arguments) { - run(args[0].(context.Context), args[1].(*domain.Appeal)) + run(args[0].(context.Context), args[1].(domain.Access)) }) return _c } diff --git a/api/proto/odpf/guardian/v1beta1/guardian.pb.go b/api/proto/odpf/guardian/v1beta1/guardian.pb.go index 9b0cd7009..2c029c34a 100644 --- a/api/proto/odpf/guardian/v1beta1/guardian.pb.go +++ b/api/proto/odpf/guardian/v1beta1/guardian.pb.go @@ -2971,6 +2971,660 @@ func (x *DeleteApproverResponse) GetAppeal() *Appeal { return nil } +type ListAccessesRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Statuses []string `protobuf:"bytes,1,rep,name=statuses,proto3" json:"statuses,omitempty"` + AccountIds []string `protobuf:"bytes,2,rep,name=account_ids,json=accountIds,proto3" json:"account_ids,omitempty"` + AccountTypes []string `protobuf:"bytes,3,rep,name=account_types,json=accountTypes,proto3" json:"account_types,omitempty"` + ResourceIds []string `protobuf:"bytes,4,rep,name=resource_ids,json=resourceIds,proto3" json:"resource_ids,omitempty"` + ProviderTypes []string `protobuf:"bytes,5,rep,name=provider_types,json=providerTypes,proto3" json:"provider_types,omitempty"` + ProviderUrns []string `protobuf:"bytes,6,rep,name=provider_urns,json=providerUrns,proto3" json:"provider_urns,omitempty"` + ResourceTypes []string `protobuf:"bytes,7,rep,name=resource_types,json=resourceTypes,proto3" json:"resource_types,omitempty"` + ResourceUrns []string `protobuf:"bytes,8,rep,name=resource_urns,json=resourceUrns,proto3" json:"resource_urns,omitempty"` + Roles []string `protobuf:"bytes,9,rep,name=roles,proto3" json:"roles,omitempty"` + CreatedBy string `protobuf:"bytes,10,opt,name=created_by,json=createdBy,proto3" json:"created_by,omitempty"` +} + +func (x *ListAccessesRequest) Reset() { + *x = ListAccessesRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[56] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ListAccessesRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListAccessesRequest) ProtoMessage() {} + +func (x *ListAccessesRequest) ProtoReflect() protoreflect.Message { + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[56] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListAccessesRequest.ProtoReflect.Descriptor instead. +func (*ListAccessesRequest) Descriptor() ([]byte, []int) { + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{56} +} + +func (x *ListAccessesRequest) GetStatuses() []string { + if x != nil { + return x.Statuses + } + return nil +} + +func (x *ListAccessesRequest) GetAccountIds() []string { + if x != nil { + return x.AccountIds + } + return nil +} + +func (x *ListAccessesRequest) GetAccountTypes() []string { + if x != nil { + return x.AccountTypes + } + return nil +} + +func (x *ListAccessesRequest) GetResourceIds() []string { + if x != nil { + return x.ResourceIds + } + return nil +} + +func (x *ListAccessesRequest) GetProviderTypes() []string { + if x != nil { + return x.ProviderTypes + } + return nil +} + +func (x *ListAccessesRequest) GetProviderUrns() []string { + if x != nil { + return x.ProviderUrns + } + return nil +} + +func (x *ListAccessesRequest) GetResourceTypes() []string { + if x != nil { + return x.ResourceTypes + } + return nil +} + +func (x *ListAccessesRequest) GetResourceUrns() []string { + if x != nil { + return x.ResourceUrns + } + return nil +} + +func (x *ListAccessesRequest) GetRoles() []string { + if x != nil { + return x.Roles + } + return nil +} + +func (x *ListAccessesRequest) GetCreatedBy() string { + if x != nil { + return x.CreatedBy + } + return "" +} + +type ListAccessesResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Accesses []*Access `protobuf:"bytes,1,rep,name=accesses,proto3" json:"accesses,omitempty"` +} + +func (x *ListAccessesResponse) Reset() { + *x = ListAccessesResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[57] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ListAccessesResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListAccessesResponse) ProtoMessage() {} + +func (x *ListAccessesResponse) ProtoReflect() protoreflect.Message { + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[57] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListAccessesResponse.ProtoReflect.Descriptor instead. +func (*ListAccessesResponse) Descriptor() ([]byte, []int) { + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{57} +} + +func (x *ListAccessesResponse) GetAccesses() []*Access { + if x != nil { + return x.Accesses + } + return nil +} + +type ListUserAccessesRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Statuses []string `protobuf:"bytes,1,rep,name=statuses,proto3" json:"statuses,omitempty"` + AccountIds []string `protobuf:"bytes,2,rep,name=account_ids,json=accountIds,proto3" json:"account_ids,omitempty"` + AccountTypes []string `protobuf:"bytes,3,rep,name=account_types,json=accountTypes,proto3" json:"account_types,omitempty"` + ResourceIds []string `protobuf:"bytes,4,rep,name=resource_ids,json=resourceIds,proto3" json:"resource_ids,omitempty"` + ProviderTypes []string `protobuf:"bytes,5,rep,name=provider_types,json=providerTypes,proto3" json:"provider_types,omitempty"` + ProviderUrns []string `protobuf:"bytes,6,rep,name=provider_urns,json=providerUrns,proto3" json:"provider_urns,omitempty"` + ResourceTypes []string `protobuf:"bytes,7,rep,name=resource_types,json=resourceTypes,proto3" json:"resource_types,omitempty"` + ResourceUrns []string `protobuf:"bytes,8,rep,name=resource_urns,json=resourceUrns,proto3" json:"resource_urns,omitempty"` + Roles []string `protobuf:"bytes,9,rep,name=roles,proto3" json:"roles,omitempty"` +} + +func (x *ListUserAccessesRequest) Reset() { + *x = ListUserAccessesRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[58] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ListUserAccessesRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListUserAccessesRequest) ProtoMessage() {} + +func (x *ListUserAccessesRequest) ProtoReflect() protoreflect.Message { + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[58] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListUserAccessesRequest.ProtoReflect.Descriptor instead. +func (*ListUserAccessesRequest) Descriptor() ([]byte, []int) { + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{58} +} + +func (x *ListUserAccessesRequest) GetStatuses() []string { + if x != nil { + return x.Statuses + } + return nil +} + +func (x *ListUserAccessesRequest) GetAccountIds() []string { + if x != nil { + return x.AccountIds + } + return nil +} + +func (x *ListUserAccessesRequest) GetAccountTypes() []string { + if x != nil { + return x.AccountTypes + } + return nil +} + +func (x *ListUserAccessesRequest) GetResourceIds() []string { + if x != nil { + return x.ResourceIds + } + return nil +} + +func (x *ListUserAccessesRequest) GetProviderTypes() []string { + if x != nil { + return x.ProviderTypes + } + return nil +} + +func (x *ListUserAccessesRequest) GetProviderUrns() []string { + if x != nil { + return x.ProviderUrns + } + return nil +} + +func (x *ListUserAccessesRequest) GetResourceTypes() []string { + if x != nil { + return x.ResourceTypes + } + return nil +} + +func (x *ListUserAccessesRequest) GetResourceUrns() []string { + if x != nil { + return x.ResourceUrns + } + return nil +} + +func (x *ListUserAccessesRequest) GetRoles() []string { + if x != nil { + return x.Roles + } + return nil +} + +type ListUserAccessesResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Accesses []*Access `protobuf:"bytes,1,rep,name=accesses,proto3" json:"accesses,omitempty"` +} + +func (x *ListUserAccessesResponse) Reset() { + *x = ListUserAccessesResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[59] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ListUserAccessesResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListUserAccessesResponse) ProtoMessage() {} + +func (x *ListUserAccessesResponse) ProtoReflect() protoreflect.Message { + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[59] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListUserAccessesResponse.ProtoReflect.Descriptor instead. +func (*ListUserAccessesResponse) Descriptor() ([]byte, []int) { + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{59} +} + +func (x *ListUserAccessesResponse) GetAccesses() []*Access { + if x != nil { + return x.Accesses + } + return nil +} + +type GetAccessRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` +} + +func (x *GetAccessRequest) Reset() { + *x = GetAccessRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[60] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *GetAccessRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GetAccessRequest) ProtoMessage() {} + +func (x *GetAccessRequest) ProtoReflect() protoreflect.Message { + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[60] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GetAccessRequest.ProtoReflect.Descriptor instead. +func (*GetAccessRequest) Descriptor() ([]byte, []int) { + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{60} +} + +func (x *GetAccessRequest) GetId() string { + if x != nil { + return x.Id + } + return "" +} + +type GetAccessResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Access *Access `protobuf:"bytes,1,opt,name=access,proto3" json:"access,omitempty"` +} + +func (x *GetAccessResponse) Reset() { + *x = GetAccessResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[61] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *GetAccessResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GetAccessResponse) ProtoMessage() {} + +func (x *GetAccessResponse) ProtoReflect() protoreflect.Message { + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[61] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GetAccessResponse.ProtoReflect.Descriptor instead. +func (*GetAccessResponse) Descriptor() ([]byte, []int) { + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{61} +} + +func (x *GetAccessResponse) GetAccess() *Access { + if x != nil { + return x.Access + } + return nil +} + +type RevokeAccessRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + Reason string `protobuf:"bytes,2,opt,name=reason,proto3" json:"reason,omitempty"` +} + +func (x *RevokeAccessRequest) Reset() { + *x = RevokeAccessRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[62] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RevokeAccessRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RevokeAccessRequest) ProtoMessage() {} + +func (x *RevokeAccessRequest) ProtoReflect() protoreflect.Message { + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[62] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RevokeAccessRequest.ProtoReflect.Descriptor instead. +func (*RevokeAccessRequest) Descriptor() ([]byte, []int) { + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{62} +} + +func (x *RevokeAccessRequest) GetId() string { + if x != nil { + return x.Id + } + return "" +} + +func (x *RevokeAccessRequest) GetReason() string { + if x != nil { + return x.Reason + } + return "" +} + +type RevokeAccessResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Access *Access `protobuf:"bytes,1,opt,name=access,proto3" json:"access,omitempty"` +} + +func (x *RevokeAccessResponse) Reset() { + *x = RevokeAccessResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[63] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RevokeAccessResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RevokeAccessResponse) ProtoMessage() {} + +func (x *RevokeAccessResponse) ProtoReflect() protoreflect.Message { + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[63] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RevokeAccessResponse.ProtoReflect.Descriptor instead. +func (*RevokeAccessResponse) Descriptor() ([]byte, []int) { + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{63} +} + +func (x *RevokeAccessResponse) GetAccess() *Access { + if x != nil { + return x.Access + } + return nil +} + +type RevokeAccessesRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + AccountIds []string `protobuf:"bytes,1,rep,name=account_ids,json=accountIds,proto3" json:"account_ids,omitempty"` + ProviderTypes []string `protobuf:"bytes,2,rep,name=provider_types,json=providerTypes,proto3" json:"provider_types,omitempty"` + ProviderUrns []string `protobuf:"bytes,3,rep,name=provider_urns,json=providerUrns,proto3" json:"provider_urns,omitempty"` + ResourceTypes []string `protobuf:"bytes,4,rep,name=resource_types,json=resourceTypes,proto3" json:"resource_types,omitempty"` + ResourceUrns []string `protobuf:"bytes,5,rep,name=resource_urns,json=resourceUrns,proto3" json:"resource_urns,omitempty"` + Reason string `protobuf:"bytes,6,opt,name=reason,proto3" json:"reason,omitempty"` +} + +func (x *RevokeAccessesRequest) Reset() { + *x = RevokeAccessesRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[64] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RevokeAccessesRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RevokeAccessesRequest) ProtoMessage() {} + +func (x *RevokeAccessesRequest) ProtoReflect() protoreflect.Message { + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[64] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RevokeAccessesRequest.ProtoReflect.Descriptor instead. +func (*RevokeAccessesRequest) Descriptor() ([]byte, []int) { + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{64} +} + +func (x *RevokeAccessesRequest) GetAccountIds() []string { + if x != nil { + return x.AccountIds + } + return nil +} + +func (x *RevokeAccessesRequest) GetProviderTypes() []string { + if x != nil { + return x.ProviderTypes + } + return nil +} + +func (x *RevokeAccessesRequest) GetProviderUrns() []string { + if x != nil { + return x.ProviderUrns + } + return nil +} + +func (x *RevokeAccessesRequest) GetResourceTypes() []string { + if x != nil { + return x.ResourceTypes + } + return nil +} + +func (x *RevokeAccessesRequest) GetResourceUrns() []string { + if x != nil { + return x.ResourceUrns + } + return nil +} + +func (x *RevokeAccessesRequest) GetReason() string { + if x != nil { + return x.Reason + } + return "" +} + +type RevokeAccessesResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Accesses []*Access `protobuf:"bytes,1,rep,name=accesses,proto3" json:"accesses,omitempty"` +} + +func (x *RevokeAccessesResponse) Reset() { + *x = RevokeAccessesResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[65] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RevokeAccessesResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RevokeAccessesResponse) ProtoMessage() {} + +func (x *RevokeAccessesResponse) ProtoReflect() protoreflect.Message { + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[65] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RevokeAccessesResponse.ProtoReflect.Descriptor instead. +func (*RevokeAccessesResponse) Descriptor() ([]byte, []int) { + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{65} +} + +func (x *RevokeAccessesResponse) GetAccesses() []*Access { + if x != nil { + return x.Accesses + } + return nil +} + type Role struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -2985,7 +3639,7 @@ type Role struct { func (x *Role) Reset() { *x = Role{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[56] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[66] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2998,7 +3652,7 @@ func (x *Role) String() string { func (*Role) ProtoMessage() {} func (x *Role) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[56] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[66] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3011,7 +3665,7 @@ func (x *Role) ProtoReflect() protoreflect.Message { // Deprecated: Use Role.ProtoReflect.Descriptor instead. func (*Role) Descriptor() ([]byte, []int) { - return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{56} + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{66} } func (x *Role) GetId() string { @@ -3054,7 +3708,7 @@ type PolicyConfig struct { func (x *PolicyConfig) Reset() { *x = PolicyConfig{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[57] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[67] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3067,7 +3721,7 @@ func (x *PolicyConfig) String() string { func (*PolicyConfig) ProtoMessage() {} func (x *PolicyConfig) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[57] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[67] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3080,7 +3734,7 @@ func (x *PolicyConfig) ProtoReflect() protoreflect.Message { // Deprecated: Use PolicyConfig.ProtoReflect.Descriptor instead. func (*PolicyConfig) Descriptor() ([]byte, []int) { - return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{57} + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{67} } func (x *PolicyConfig) GetId() string { @@ -3114,7 +3768,7 @@ type ProviderConfig struct { func (x *ProviderConfig) Reset() { *x = ProviderConfig{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[58] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[68] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3127,7 +3781,7 @@ func (x *ProviderConfig) String() string { func (*ProviderConfig) ProtoMessage() {} func (x *ProviderConfig) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[58] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[68] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3140,7 +3794,7 @@ func (x *ProviderConfig) ProtoReflect() protoreflect.Message { // Deprecated: Use ProviderConfig.ProtoReflect.Descriptor instead. func (*ProviderConfig) Descriptor() ([]byte, []int) { - return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{58} + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{68} } func (x *ProviderConfig) GetType() string { @@ -3209,7 +3863,7 @@ type Provider struct { func (x *Provider) Reset() { *x = Provider{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[59] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[69] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3222,7 +3876,7 @@ func (x *Provider) String() string { func (*Provider) ProtoMessage() {} func (x *Provider) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[59] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[69] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3235,7 +3889,7 @@ func (x *Provider) ProtoReflect() protoreflect.Message { // Deprecated: Use Provider.ProtoReflect.Descriptor instead. func (*Provider) Descriptor() ([]byte, []int) { - return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{59} + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{69} } func (x *Provider) GetId() string { @@ -3292,7 +3946,7 @@ type ProviderType struct { func (x *ProviderType) Reset() { *x = ProviderType{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[60] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[70] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3305,7 +3959,7 @@ func (x *ProviderType) String() string { func (*ProviderType) ProtoMessage() {} func (x *ProviderType) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[60] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[70] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3318,7 +3972,7 @@ func (x *ProviderType) ProtoReflect() protoreflect.Message { // Deprecated: Use ProviderType.ProtoReflect.Descriptor instead. func (*ProviderType) Descriptor() ([]byte, []int) { - return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{60} + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{70} } func (x *ProviderType) GetName() string { @@ -3347,7 +4001,7 @@ type Condition struct { func (x *Condition) Reset() { *x = Condition{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[61] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[71] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3360,7 +4014,7 @@ func (x *Condition) String() string { func (*Condition) ProtoMessage() {} func (x *Condition) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[61] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[71] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3373,7 +4027,7 @@ func (x *Condition) ProtoReflect() protoreflect.Message { // Deprecated: Use Condition.ProtoReflect.Descriptor instead. func (*Condition) Descriptor() ([]byte, []int) { - return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{61} + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{71} } func (x *Condition) GetField() string { @@ -3396,12 +4050,13 @@ type PolicyAppealConfig struct { unknownFields protoimpl.UnknownFields DurationOptions []*PolicyAppealConfig_DurationOptions `protobuf:"bytes,1,rep,name=duration_options,json=durationOptions,proto3" json:"duration_options,omitempty"` + AllowOnBehalf bool `protobuf:"varint,2,opt,name=allow_on_behalf,json=allowOnBehalf,proto3" json:"allow_on_behalf,omitempty"` } func (x *PolicyAppealConfig) Reset() { *x = PolicyAppealConfig{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[62] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[72] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3414,7 +4069,7 @@ func (x *PolicyAppealConfig) String() string { func (*PolicyAppealConfig) ProtoMessage() {} func (x *PolicyAppealConfig) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[62] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[72] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3427,7 +4082,7 @@ func (x *PolicyAppealConfig) ProtoReflect() protoreflect.Message { // Deprecated: Use PolicyAppealConfig.ProtoReflect.Descriptor instead. func (*PolicyAppealConfig) Descriptor() ([]byte, []int) { - return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{62} + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{72} } func (x *PolicyAppealConfig) GetDurationOptions() []*PolicyAppealConfig_DurationOptions { @@ -3437,6 +4092,13 @@ func (x *PolicyAppealConfig) GetDurationOptions() []*PolicyAppealConfig_Duration return nil } +func (x *PolicyAppealConfig) GetAllowOnBehalf() bool { + if x != nil { + return x.AllowOnBehalf + } + return false +} + // Policy is a configurable steps for appeal's approval type Policy struct { state protoimpl.MessageState @@ -3458,7 +4120,7 @@ type Policy struct { func (x *Policy) Reset() { *x = Policy{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[63] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[73] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3471,7 +4133,7 @@ func (x *Policy) String() string { func (*Policy) ProtoMessage() {} func (x *Policy) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[63] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[73] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3484,7 +4146,7 @@ func (x *Policy) ProtoReflect() protoreflect.Message { // Deprecated: Use Policy.ProtoReflect.Descriptor instead. func (*Policy) Descriptor() ([]byte, []int) { - return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{63} + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{73} } func (x *Policy) GetId() string { @@ -3569,7 +4231,7 @@ type AppealOptions struct { func (x *AppealOptions) Reset() { *x = AppealOptions{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[64] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[74] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3582,7 +4244,7 @@ func (x *AppealOptions) String() string { func (*AppealOptions) ProtoMessage() {} func (x *AppealOptions) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[64] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[74] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3595,7 +4257,7 @@ func (x *AppealOptions) ProtoReflect() protoreflect.Message { // Deprecated: Use AppealOptions.ProtoReflect.Descriptor instead. func (*AppealOptions) Descriptor() ([]byte, []int) { - return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{64} + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{74} } func (x *AppealOptions) GetExpirationDate() *timestamppb.Timestamp { @@ -3639,12 +4301,13 @@ type Appeal struct { CreatedBy string `protobuf:"bytes,19,opt,name=created_by,json=createdBy,proto3" json:"created_by,omitempty"` Creator *structpb.Value `protobuf:"bytes,20,opt,name=creator,proto3" json:"creator,omitempty"` Permissions []string `protobuf:"bytes,21,rep,name=permissions,proto3" json:"permissions,omitempty"` + Access *Access `protobuf:"bytes,22,opt,name=access,proto3" json:"access,omitempty"` } func (x *Appeal) Reset() { *x = Appeal{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[65] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[75] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3657,7 +4320,7 @@ func (x *Appeal) String() string { func (*Appeal) ProtoMessage() {} func (x *Appeal) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[65] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[75] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3670,7 +4333,7 @@ func (x *Appeal) ProtoReflect() protoreflect.Message { // Deprecated: Use Appeal.ProtoReflect.Descriptor instead. func (*Appeal) Descriptor() ([]byte, []int) { - return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{65} + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{75} } func (x *Appeal) GetId() string { @@ -3820,6 +4483,13 @@ func (x *Appeal) GetPermissions() []string { return nil } +func (x *Appeal) GetAccess() *Access { + if x != nil { + return x.Access + } + return nil +} + // Approval is an approval item that generated in an appeal based on the selected policy type Approval struct { state protoimpl.MessageState @@ -3843,7 +4513,7 @@ type Approval struct { func (x *Approval) Reset() { *x = Approval{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[66] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[76] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3856,7 +4526,7 @@ func (x *Approval) String() string { func (*Approval) ProtoMessage() {} func (x *Approval) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[66] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[76] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3869,7 +4539,7 @@ func (x *Approval) ProtoReflect() protoreflect.Message { // Deprecated: Use Approval.ProtoReflect.Descriptor instead. func (*Approval) Descriptor() ([]byte, []int) { - return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{66} + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{76} } func (x *Approval) GetId() string { @@ -3978,7 +4648,7 @@ type Resource struct { func (x *Resource) Reset() { *x = Resource{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[67] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[77] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3991,7 +4661,7 @@ func (x *Resource) String() string { func (*Resource) ProtoMessage() {} func (x *Resource) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[67] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[77] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4004,7 +4674,7 @@ func (x *Resource) ProtoReflect() protoreflect.Message { // Deprecated: Use Resource.ProtoReflect.Descriptor instead. func (*Resource) Descriptor() ([]byte, []int) { - return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{67} + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{77} } func (x *Resource) GetId() string { @@ -4084,6 +4754,181 @@ func (x *Resource) GetIsDeleted() bool { return false } +type Access struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + Status string `protobuf:"bytes,2,opt,name=status,proto3" json:"status,omitempty"` + AccountId string `protobuf:"bytes,3,opt,name=account_id,json=accountId,proto3" json:"account_id,omitempty"` + AccountType string `protobuf:"bytes,4,opt,name=account_type,json=accountType,proto3" json:"account_type,omitempty"` + ResourceId string `protobuf:"bytes,5,opt,name=resource_id,json=resourceId,proto3" json:"resource_id,omitempty"` + Role string `protobuf:"bytes,6,opt,name=role,proto3" json:"role,omitempty"` + Permissions []string `protobuf:"bytes,7,rep,name=permissions,proto3" json:"permissions,omitempty"` + ExpirationDate *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=expiration_date,json=expirationDate,proto3" json:"expiration_date,omitempty"` + AppealId string `protobuf:"bytes,9,opt,name=appeal_id,json=appealId,proto3" json:"appeal_id,omitempty"` + RevokedBy string `protobuf:"bytes,10,opt,name=revoked_by,json=revokedBy,proto3" json:"revoked_by,omitempty"` + RevokedAt *timestamppb.Timestamp `protobuf:"bytes,11,opt,name=revoked_at,json=revokedAt,proto3" json:"revoked_at,omitempty"` + RevokeReason string `protobuf:"bytes,12,opt,name=revoke_reason,json=revokeReason,proto3" json:"revoke_reason,omitempty"` + CreatedBy string `protobuf:"bytes,13,opt,name=created_by,json=createdBy,proto3" json:"created_by,omitempty"` + CreatedAt *timestamppb.Timestamp `protobuf:"bytes,14,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"` + UpdatedAt *timestamppb.Timestamp `protobuf:"bytes,15,opt,name=updated_at,json=updatedAt,proto3" json:"updated_at,omitempty"` + Resource *Resource `protobuf:"bytes,16,opt,name=resource,proto3" json:"resource,omitempty"` + Appeal *Appeal `protobuf:"bytes,17,opt,name=appeal,proto3" json:"appeal,omitempty"` +} + +func (x *Access) Reset() { + *x = Access{} + if protoimpl.UnsafeEnabled { + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[78] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Access) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Access) ProtoMessage() {} + +func (x *Access) ProtoReflect() protoreflect.Message { + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[78] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Access.ProtoReflect.Descriptor instead. +func (*Access) Descriptor() ([]byte, []int) { + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{78} +} + +func (x *Access) GetId() string { + if x != nil { + return x.Id + } + return "" +} + +func (x *Access) GetStatus() string { + if x != nil { + return x.Status + } + return "" +} + +func (x *Access) GetAccountId() string { + if x != nil { + return x.AccountId + } + return "" +} + +func (x *Access) GetAccountType() string { + if x != nil { + return x.AccountType + } + return "" +} + +func (x *Access) GetResourceId() string { + if x != nil { + return x.ResourceId + } + return "" +} + +func (x *Access) GetRole() string { + if x != nil { + return x.Role + } + return "" +} + +func (x *Access) GetPermissions() []string { + if x != nil { + return x.Permissions + } + return nil +} + +func (x *Access) GetExpirationDate() *timestamppb.Timestamp { + if x != nil { + return x.ExpirationDate + } + return nil +} + +func (x *Access) GetAppealId() string { + if x != nil { + return x.AppealId + } + return "" +} + +func (x *Access) GetRevokedBy() string { + if x != nil { + return x.RevokedBy + } + return "" +} + +func (x *Access) GetRevokedAt() *timestamppb.Timestamp { + if x != nil { + return x.RevokedAt + } + return nil +} + +func (x *Access) GetRevokeReason() string { + if x != nil { + return x.RevokeReason + } + return "" +} + +func (x *Access) GetCreatedBy() string { + if x != nil { + return x.CreatedBy + } + return "" +} + +func (x *Access) GetCreatedAt() *timestamppb.Timestamp { + if x != nil { + return x.CreatedAt + } + return nil +} + +func (x *Access) GetUpdatedAt() *timestamppb.Timestamp { + if x != nil { + return x.UpdatedAt + } + return nil +} + +func (x *Access) GetResource() *Resource { + if x != nil { + return x.Resource + } + return nil +} + +func (x *Access) GetAppeal() *Appeal { + if x != nil { + return x.Appeal + } + return nil +} + type RevokeAppealRequest_Reason struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -4095,7 +4940,7 @@ type RevokeAppealRequest_Reason struct { func (x *RevokeAppealRequest_Reason) Reset() { *x = RevokeAppealRequest_Reason{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[68] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[79] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4108,7 +4953,7 @@ func (x *RevokeAppealRequest_Reason) String() string { func (*RevokeAppealRequest_Reason) ProtoMessage() {} func (x *RevokeAppealRequest_Reason) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[68] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[79] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4145,7 +4990,7 @@ type CreateAppealRequest_Resource struct { func (x *CreateAppealRequest_Resource) Reset() { *x = CreateAppealRequest_Resource{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[69] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[80] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4158,7 +5003,7 @@ func (x *CreateAppealRequest_Resource) String() string { func (*CreateAppealRequest_Resource) ProtoMessage() {} func (x *CreateAppealRequest_Resource) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[69] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[80] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4214,7 +5059,7 @@ type UpdateApprovalRequest_Action struct { func (x *UpdateApprovalRequest_Action) Reset() { *x = UpdateApprovalRequest_Action{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[70] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[81] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4227,7 +5072,7 @@ func (x *UpdateApprovalRequest_Action) String() string { func (*UpdateApprovalRequest_Action) ProtoMessage() {} func (x *UpdateApprovalRequest_Action) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[70] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[81] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4269,7 +5114,7 @@ type ProviderConfig_AppealConfig struct { func (x *ProviderConfig_AppealConfig) Reset() { *x = ProviderConfig_AppealConfig{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[72] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[83] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4282,7 +5127,7 @@ func (x *ProviderConfig_AppealConfig) String() string { func (*ProviderConfig_AppealConfig) ProtoMessage() {} func (x *ProviderConfig_AppealConfig) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[72] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[83] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4295,7 +5140,7 @@ func (x *ProviderConfig_AppealConfig) ProtoReflect() protoreflect.Message { // Deprecated: Use ProviderConfig_AppealConfig.ProtoReflect.Descriptor instead. func (*ProviderConfig_AppealConfig) Descriptor() ([]byte, []int) { - return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{58, 1} + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{68, 1} } func (x *ProviderConfig_AppealConfig) GetAllowPermanentAccess() bool { @@ -4325,7 +5170,7 @@ type ProviderConfig_ResourceConfig struct { func (x *ProviderConfig_ResourceConfig) Reset() { *x = ProviderConfig_ResourceConfig{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[73] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[84] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4338,7 +5183,7 @@ func (x *ProviderConfig_ResourceConfig) String() string { func (*ProviderConfig_ResourceConfig) ProtoMessage() {} func (x *ProviderConfig_ResourceConfig) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[73] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[84] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4351,7 +5196,7 @@ func (x *ProviderConfig_ResourceConfig) ProtoReflect() protoreflect.Message { // Deprecated: Use ProviderConfig_ResourceConfig.ProtoReflect.Descriptor instead. func (*ProviderConfig_ResourceConfig) Descriptor() ([]byte, []int) { - return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{58, 2} + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{68, 2} } func (x *ProviderConfig_ResourceConfig) GetType() string { @@ -4386,7 +5231,7 @@ type Condition_MatchCondition struct { func (x *Condition_MatchCondition) Reset() { *x = Condition_MatchCondition{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[74] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[85] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4399,7 +5244,7 @@ func (x *Condition_MatchCondition) String() string { func (*Condition_MatchCondition) ProtoMessage() {} func (x *Condition_MatchCondition) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[74] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[85] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4412,7 +5257,7 @@ func (x *Condition_MatchCondition) ProtoReflect() protoreflect.Message { // Deprecated: Use Condition_MatchCondition.ProtoReflect.Descriptor instead. func (*Condition_MatchCondition) Descriptor() ([]byte, []int) { - return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{61, 0} + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{71, 0} } func (x *Condition_MatchCondition) GetEq() *structpb.Value { @@ -4434,7 +5279,7 @@ type PolicyAppealConfig_DurationOptions struct { func (x *PolicyAppealConfig_DurationOptions) Reset() { *x = PolicyAppealConfig_DurationOptions{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[75] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[86] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4447,7 +5292,7 @@ func (x *PolicyAppealConfig_DurationOptions) String() string { func (*PolicyAppealConfig_DurationOptions) ProtoMessage() {} func (x *PolicyAppealConfig_DurationOptions) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[75] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[86] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4460,7 +5305,7 @@ func (x *PolicyAppealConfig_DurationOptions) ProtoReflect() protoreflect.Message // Deprecated: Use PolicyAppealConfig_DurationOptions.ProtoReflect.Descriptor instead. func (*PolicyAppealConfig_DurationOptions) Descriptor() ([]byte, []int) { - return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{62, 0} + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{72, 0} } func (x *PolicyAppealConfig_DurationOptions) GetName() string { @@ -4495,7 +5340,7 @@ type Policy_ApprovalStep struct { func (x *Policy_ApprovalStep) Reset() { *x = Policy_ApprovalStep{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[76] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[87] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4508,7 +5353,7 @@ func (x *Policy_ApprovalStep) String() string { func (*Policy_ApprovalStep) ProtoMessage() {} func (x *Policy_ApprovalStep) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[76] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[87] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4521,7 +5366,7 @@ func (x *Policy_ApprovalStep) ProtoReflect() protoreflect.Message { // Deprecated: Use Policy_ApprovalStep.ProtoReflect.Descriptor instead. func (*Policy_ApprovalStep) Descriptor() ([]byte, []int) { - return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{63, 0} + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{73, 0} } func (x *Policy_ApprovalStep) GetName() string { @@ -4592,7 +5437,7 @@ type Policy_Requirement struct { func (x *Policy_Requirement) Reset() { *x = Policy_Requirement{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[78] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[89] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4605,7 +5450,7 @@ func (x *Policy_Requirement) String() string { func (*Policy_Requirement) ProtoMessage() {} func (x *Policy_Requirement) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[78] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[89] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4618,7 +5463,7 @@ func (x *Policy_Requirement) ProtoReflect() protoreflect.Message { // Deprecated: Use Policy_Requirement.ProtoReflect.Descriptor instead. func (*Policy_Requirement) Descriptor() ([]byte, []int) { - return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{63, 2} + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{73, 2} } func (x *Policy_Requirement) GetOn() *Policy_Requirement_RequirementTrigger { @@ -4648,7 +5493,7 @@ type Policy_IAM struct { func (x *Policy_IAM) Reset() { *x = Policy_IAM{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[79] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[90] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4661,7 +5506,7 @@ func (x *Policy_IAM) String() string { func (*Policy_IAM) ProtoMessage() {} func (x *Policy_IAM) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[79] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[90] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4674,7 +5519,7 @@ func (x *Policy_IAM) ProtoReflect() protoreflect.Message { // Deprecated: Use Policy_IAM.ProtoReflect.Descriptor instead. func (*Policy_IAM) Descriptor() ([]byte, []int) { - return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{63, 3} + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{73, 3} } func (x *Policy_IAM) GetProvider() string { @@ -4714,7 +5559,7 @@ type Policy_Requirement_RequirementTrigger struct { func (x *Policy_Requirement_RequirementTrigger) Reset() { *x = Policy_Requirement_RequirementTrigger{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[80] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[91] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4727,7 +5572,7 @@ func (x *Policy_Requirement_RequirementTrigger) String() string { func (*Policy_Requirement_RequirementTrigger) ProtoMessage() {} func (x *Policy_Requirement_RequirementTrigger) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[80] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[91] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4740,7 +5585,7 @@ func (x *Policy_Requirement_RequirementTrigger) ProtoReflect() protoreflect.Mess // Deprecated: Use Policy_Requirement_RequirementTrigger.ProtoReflect.Descriptor instead. func (*Policy_Requirement_RequirementTrigger) Descriptor() ([]byte, []int) { - return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{63, 2, 0} + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{73, 2, 0} } func (x *Policy_Requirement_RequirementTrigger) GetProviderType() string { @@ -4799,7 +5644,7 @@ type Policy_Requirement_AdditionalAppeal struct { func (x *Policy_Requirement_AdditionalAppeal) Reset() { *x = Policy_Requirement_AdditionalAppeal{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[81] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[92] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4812,7 +5657,7 @@ func (x *Policy_Requirement_AdditionalAppeal) String() string { func (*Policy_Requirement_AdditionalAppeal) ProtoMessage() {} func (x *Policy_Requirement_AdditionalAppeal) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[81] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[92] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4825,7 +5670,7 @@ func (x *Policy_Requirement_AdditionalAppeal) ProtoReflect() protoreflect.Messag // Deprecated: Use Policy_Requirement_AdditionalAppeal.ProtoReflect.Descriptor instead. func (*Policy_Requirement_AdditionalAppeal) Descriptor() ([]byte, []int) { - return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{63, 2, 1} + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{73, 2, 1} } func (x *Policy_Requirement_AdditionalAppeal) GetResource() *Policy_Requirement_AdditionalAppeal_ResourceIdentifier { @@ -4871,7 +5716,7 @@ type Policy_Requirement_AdditionalAppeal_ResourceIdentifier struct { func (x *Policy_Requirement_AdditionalAppeal_ResourceIdentifier) Reset() { *x = Policy_Requirement_AdditionalAppeal_ResourceIdentifier{} if protoimpl.UnsafeEnabled { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[82] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[93] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4884,7 +5729,7 @@ func (x *Policy_Requirement_AdditionalAppeal_ResourceIdentifier) String() string func (*Policy_Requirement_AdditionalAppeal_ResourceIdentifier) ProtoMessage() {} func (x *Policy_Requirement_AdditionalAppeal_ResourceIdentifier) ProtoReflect() protoreflect.Message { - mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[82] + mi := &file_odpf_guardian_v1beta1_guardian_proto_msgTypes[93] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4897,7 +5742,7 @@ func (x *Policy_Requirement_AdditionalAppeal_ResourceIdentifier) ProtoReflect() // Deprecated: Use Policy_Requirement_AdditionalAppeal_ResourceIdentifier.ProtoReflect.Descriptor instead. func (*Policy_Requirement_AdditionalAppeal_ResourceIdentifier) Descriptor() ([]byte, []int) { - return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{63, 2, 1, 0} + return file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP(), []int{73, 2, 1, 0} } func (x *Policy_Requirement_AdditionalAppeal_ResourceIdentifier) GetProviderType() string { @@ -5287,292 +6132,388 @@ var file_odpf_guardian_v1beta1_guardian_proto_rawDesc = []byte{ 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x52, 0x06, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x22, - 0x86, 0x01, 0x0a, 0x04, 0x52, 0x6f, 0x6c, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, - 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x38, - 0x0a, 0x0b, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0b, 0x70, 0x65, 0x72, - 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x38, 0x0a, 0x0c, 0x50, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, - 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, - 0x6f, 0x6e, 0x22, 0xf0, 0x05, 0x0a, 0x0e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6e, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6e, 0x12, 0x49, 0x0a, 0x06, 0x6c, - 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x6f, 0x64, - 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, - 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x38, 0x0a, 0x0b, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, - 0x74, 0x69, 0x61, 0x6c, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x52, 0x0b, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, - 0x12, 0x4a, 0x0a, 0x06, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x32, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, - 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x43, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x12, 0x52, 0x0a, 0x09, - 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x34, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, - 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, - 0x12, 0x32, 0x0a, 0x15, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x61, 0x63, 0x63, 0x6f, - 0x75, 0x6e, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, - 0x13, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x54, - 0x79, 0x70, 0x65, 0x73, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, - 0x8c, 0x01, 0x0a, 0x0c, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x12, 0x34, 0x0a, 0x16, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x61, 0x6e, - 0x65, 0x6e, 0x74, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x14, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x50, 0x65, 0x72, 0x6d, 0x61, 0x6e, 0x65, 0x6e, 0x74, - 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x46, 0x0a, 0x20, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, - 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x65, 0x78, - 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x1c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x41, 0x63, 0x74, 0x69, 0x76, 0x65, 0x41, 0x63, 0x63, - 0x65, 0x73, 0x73, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x1a, 0x94, - 0x01, 0x0a, 0x0e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x3b, 0x0a, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, - 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x70, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x12, 0x31, 0x0a, 0x05, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x1b, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, - 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x52, 0x6f, 0x6c, 0x65, 0x52, 0x05, - 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x22, 0xf5, 0x01, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, - 0x65, 0x72, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, - 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6e, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6e, 0x12, 0x3d, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, - 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, - 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x39, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, - 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, - 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, - 0x41, 0x74, 0x12, 0x39, 0x0a, 0x0a, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, - 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, - 0x6d, 0x70, 0x52, 0x09, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x22, 0x49, 0x0a, - 0x0c, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, - 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x74, 0x79, - 0x70, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x72, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x73, 0x22, 0xa2, 0x01, 0x0a, 0x09, 0x43, 0x6f, 0x6e, - 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x12, 0x45, 0x0a, 0x05, - 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x6f, 0x64, + 0xe7, 0x02, 0x0a, 0x13, 0x4c, 0x69, 0x73, 0x74, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x65, 0x73, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x74, 0x61, 0x74, 0x75, + 0x73, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x73, 0x74, 0x61, 0x74, 0x75, + 0x73, 0x65, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x69, + 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, + 0x74, 0x49, 0x64, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, + 0x74, 0x79, 0x70, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x61, 0x63, 0x63, + 0x6f, 0x75, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x65, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, + 0x0b, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x64, 0x73, 0x12, 0x25, 0x0a, 0x0e, + 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x18, 0x05, + 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x54, 0x79, + 0x70, 0x65, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, + 0x75, 0x72, 0x6e, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x70, 0x72, 0x6f, 0x76, + 0x69, 0x64, 0x65, 0x72, 0x55, 0x72, 0x6e, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x72, 0x65, 0x73, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, + 0x52, 0x0d, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x73, 0x12, + 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x75, 0x72, 0x6e, 0x73, + 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x55, 0x72, 0x6e, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x18, 0x09, 0x20, + 0x03, 0x28, 0x09, 0x52, 0x05, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x72, + 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x62, 0x79, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, + 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x42, 0x79, 0x22, 0x51, 0x0a, 0x14, 0x4c, 0x69, 0x73, + 0x74, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x12, 0x39, 0x0a, 0x08, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x01, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, + 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x41, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x52, 0x08, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x65, 0x73, 0x22, 0xcc, 0x02, 0x0a, + 0x17, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x65, + 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x74, 0x61, 0x74, + 0x75, 0x73, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x73, 0x74, 0x61, 0x74, + 0x75, 0x73, 0x65, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, + 0x69, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x63, 0x63, 0x6f, 0x75, + 0x6e, 0x74, 0x49, 0x64, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, + 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x61, 0x63, + 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x65, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, + 0x52, 0x0b, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x64, 0x73, 0x12, 0x25, 0x0a, + 0x0e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x18, + 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x54, + 0x79, 0x70, 0x65, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, + 0x5f, 0x75, 0x72, 0x6e, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x70, 0x72, 0x6f, + 0x76, 0x69, 0x64, 0x65, 0x72, 0x55, 0x72, 0x6e, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x72, 0x65, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, + 0x09, 0x52, 0x0d, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x73, + 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x75, 0x72, 0x6e, + 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x55, 0x72, 0x6e, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x18, 0x09, + 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x22, 0x55, 0x0a, 0x18, 0x4c, + 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x65, 0x73, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x39, 0x0a, 0x08, 0x61, 0x63, 0x63, 0x65, 0x73, + 0x73, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x6f, 0x64, 0x70, 0x66, + 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, + 0x31, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x08, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, + 0x65, 0x73, 0x22, 0x22, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x22, 0x4a, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x41, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x35, 0x0a, 0x06, 0x61, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x4d, 0x61, - 0x74, 0x63, 0x68, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x6d, 0x61, - 0x74, 0x63, 0x68, 0x1a, 0x38, 0x0a, 0x0e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x43, 0x6f, 0x6e, 0x64, - 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x26, 0x0a, 0x02, 0x65, 0x71, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x02, 0x65, 0x71, 0x22, 0xb7, 0x01, - 0x0a, 0x12, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x43, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x12, 0x64, 0x0a, 0x10, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x39, - 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, - 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x41, 0x70, 0x70, - 0x65, 0x61, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x0f, 0x64, 0x75, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x3b, 0x0a, 0x0f, 0x44, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x12, 0x0a, - 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x80, 0x0f, 0x0a, 0x06, 0x50, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, - 0x69, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0d, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x20, 0x0a, 0x0b, - 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x40, - 0x0a, 0x05, 0x73, 0x74, 0x65, 0x70, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, - 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x41, 0x70, 0x70, - 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x53, 0x74, 0x65, 0x70, 0x52, 0x05, 0x73, 0x74, 0x65, 0x70, 0x73, - 0x12, 0x41, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x29, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, - 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, - 0x65, 0x6c, 0x73, 0x12, 0x39, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, + 0x74, 0x61, 0x31, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x06, 0x61, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x22, 0x3d, 0x0a, 0x13, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x41, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, + 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, + 0x6e, 0x22, 0x4d, 0x0a, 0x14, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, + 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x35, 0x0a, 0x06, 0x61, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x6f, 0x64, 0x70, 0x66, + 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, + 0x31, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x06, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, + 0x22, 0xe8, 0x01, 0x0a, 0x15, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, + 0x73, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x63, + 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, + 0x0a, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x64, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x70, + 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x18, 0x02, 0x20, + 0x03, 0x28, 0x09, 0x52, 0x0d, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x54, 0x79, 0x70, + 0x65, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x75, + 0x72, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x70, 0x72, 0x6f, 0x76, 0x69, + 0x64, 0x65, 0x72, 0x55, 0x72, 0x6e, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x72, 0x65, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, + 0x0d, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x73, 0x12, 0x23, + 0x0a, 0x0d, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x75, 0x72, 0x6e, 0x73, 0x18, + 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, + 0x72, 0x6e, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x06, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x53, 0x0a, 0x16, 0x52, + 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x65, 0x73, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x39, 0x0a, 0x08, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x65, + 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, + 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, + 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x08, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x65, 0x73, + 0x22, 0x86, 0x01, 0x0a, 0x04, 0x52, 0x6f, 0x6c, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, + 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, + 0x38, 0x0a, 0x0b, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0b, 0x70, 0x65, + 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x38, 0x0a, 0x0c, 0x50, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, + 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, + 0x69, 0x6f, 0x6e, 0x22, 0xf0, 0x05, 0x0a, 0x0e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, + 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, + 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6e, 0x12, 0x49, 0x0a, 0x06, + 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x6f, + 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, + 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x38, 0x0a, 0x0b, 0x63, 0x72, 0x65, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x56, + 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0b, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, + 0x73, 0x12, 0x4a, 0x0a, 0x06, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x32, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, + 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, + 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x12, 0x52, 0x0a, + 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x34, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, + 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, + 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x73, 0x12, 0x32, 0x0a, 0x15, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x61, 0x63, 0x63, + 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, + 0x52, 0x13, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, + 0x54, 0x79, 0x70, 0x65, 0x73, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, + 0x1a, 0x8c, 0x01, 0x0a, 0x0c, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x12, 0x34, 0x0a, 0x16, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x61, + 0x6e, 0x65, 0x6e, 0x74, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x14, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x50, 0x65, 0x72, 0x6d, 0x61, 0x6e, 0x65, 0x6e, + 0x74, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x46, 0x0a, 0x20, 0x61, 0x6c, 0x6c, 0x6f, 0x77, + 0x5f, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x65, + 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x1c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x41, 0x63, 0x74, 0x69, 0x76, 0x65, 0x41, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x1a, + 0x94, 0x01, 0x0a, 0x0e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x3b, 0x0a, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, + 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x70, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x12, 0x31, 0x0a, 0x05, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, + 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x52, 0x6f, 0x6c, 0x65, 0x52, + 0x05, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x22, 0xf5, 0x01, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x76, 0x69, + 0x64, 0x65, 0x72, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6e, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6e, 0x12, 0x3d, 0x0a, 0x06, 0x63, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x6f, 0x64, 0x70, 0x66, + 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, + 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x39, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, + 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, + 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, + 0x64, 0x41, 0x74, 0x12, 0x39, 0x0a, 0x0a, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, - 0x61, 0x6d, 0x70, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x39, - 0x0a, 0x0a, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x07, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, - 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x4d, 0x0a, 0x0c, 0x72, 0x65, 0x71, - 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x29, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, - 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x52, - 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x0c, 0x72, 0x65, 0x71, 0x75, - 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x33, 0x0a, 0x03, 0x69, 0x61, 0x6d, 0x18, - 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, - 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x49, 0x41, 0x4d, 0x52, 0x03, 0x69, 0x61, 0x6d, 0x12, 0x41, 0x0a, - 0x06, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, - 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x41, 0x70, 0x70, 0x65, - 0x61, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, - 0x1a, 0xff, 0x01, 0x0a, 0x0c, 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x53, 0x74, 0x65, - 0x70, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, - 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, - 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x21, 0x0a, 0x0c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, - 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x61, - 0x6c, 0x6c, 0x6f, 0x77, 0x46, 0x61, 0x69, 0x6c, 0x65, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x77, 0x68, - 0x65, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x77, 0x68, 0x65, 0x6e, 0x12, 0x1a, - 0x0a, 0x08, 0x73, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x08, 0x73, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x1d, 0x0a, 0x0a, 0x61, 0x70, - 0x70, 0x72, 0x6f, 0x76, 0x65, 0x5f, 0x69, 0x66, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, - 0x61, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x65, 0x49, 0x66, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x70, 0x70, - 0x72, 0x6f, 0x76, 0x65, 0x72, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x61, 0x70, - 0x70, 0x72, 0x6f, 0x76, 0x65, 0x72, 0x73, 0x12, 0x29, 0x0a, 0x10, 0x72, 0x65, 0x6a, 0x65, 0x63, - 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0f, 0x72, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x61, 0x73, - 0x6f, 0x6e, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, - 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0xd4, 0x06, - 0x0a, 0x0b, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x4c, 0x0a, - 0x02, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x6f, 0x64, 0x70, 0x66, - 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, - 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, - 0x54, 0x72, 0x69, 0x67, 0x67, 0x65, 0x72, 0x52, 0x02, 0x6f, 0x6e, 0x12, 0x54, 0x0a, 0x07, 0x61, - 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x6f, + 0x61, 0x6d, 0x70, 0x52, 0x09, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x22, 0x49, + 0x0a, 0x0c, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, + 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, + 0x6d, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x74, + 0x79, 0x70, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x72, 0x65, 0x73, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x73, 0x22, 0xa2, 0x01, 0x0a, 0x09, 0x43, 0x6f, + 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x12, 0x45, 0x0a, + 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x52, 0x65, 0x71, 0x75, - 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x41, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, - 0x61, 0x6c, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x52, 0x07, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, - 0x73, 0x1a, 0xfa, 0x01, 0x0a, 0x12, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, - 0x74, 0x54, 0x72, 0x69, 0x67, 0x67, 0x65, 0x72, 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x72, 0x6f, 0x76, - 0x69, 0x64, 0x65, 0x72, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0c, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x12, 0x21, 0x0a, - 0x0c, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x75, 0x72, 0x6e, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x0b, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x55, 0x72, 0x6e, - 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x74, 0x79, 0x70, - 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x5f, 0x75, 0x72, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x72, 0x65, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x72, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x6f, 0x6c, 0x65, - 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x72, 0x6f, 0x6c, 0x65, 0x12, 0x40, 0x0a, 0x0a, - 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x20, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, - 0x6f, 0x6e, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0xa3, - 0x03, 0x0a, 0x10, 0x41, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x41, 0x70, 0x70, - 0x65, 0x61, 0x6c, 0x12, 0x69, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4d, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, + 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x4d, + 0x61, 0x74, 0x63, 0x68, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x6d, + 0x61, 0x74, 0x63, 0x68, 0x1a, 0x38, 0x0a, 0x0e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x43, 0x6f, 0x6e, + 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x26, 0x0a, 0x02, 0x65, 0x71, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x02, 0x65, 0x71, 0x22, 0xdf, + 0x01, 0x0a, 0x12, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x64, 0x0a, 0x10, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x39, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, + 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x41, 0x70, + 0x70, 0x65, 0x61, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x0f, 0x64, 0x75, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x61, + 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x6f, 0x6e, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x6c, 0x66, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x4f, 0x6e, 0x42, 0x65, 0x68, + 0x61, 0x6c, 0x66, 0x1a, 0x3b, 0x0a, 0x0f, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, + 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x22, 0x80, 0x0f, 0x0a, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, + 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x76, + 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x76, 0x65, + 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, + 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, + 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x40, 0x0a, 0x05, 0x73, 0x74, 0x65, 0x70, 0x73, + 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, + 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x53, 0x74, + 0x65, 0x70, 0x52, 0x05, 0x73, 0x74, 0x65, 0x70, 0x73, 0x12, 0x41, 0x0a, 0x06, 0x6c, 0x61, 0x62, + 0x65, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x6f, 0x64, 0x70, 0x66, + 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, + 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x39, 0x0a, 0x0a, + 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x63, 0x72, + 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x39, 0x0a, 0x0a, 0x75, 0x70, 0x64, 0x61, 0x74, + 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, + 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, + 0x41, 0x74, 0x12, 0x4d, 0x0a, 0x0c, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, + 0x74, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, + 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, + 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, + 0x65, 0x6e, 0x74, 0x52, 0x0c, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, + 0x73, 0x12, 0x33, 0x0a, 0x03, 0x69, 0x61, 0x6d, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, + 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, + 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x49, 0x41, + 0x4d, 0x52, 0x03, 0x69, 0x61, 0x6d, 0x12, 0x41, 0x0a, 0x06, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, + 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, + 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x52, 0x06, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x1a, 0xff, 0x01, 0x0a, 0x0c, 0x41, 0x70, + 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x53, 0x74, 0x65, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, + 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x20, + 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, + 0x12, 0x21, 0x0a, 0x0c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x65, 0x64, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x46, 0x61, 0x69, + 0x6c, 0x65, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x77, 0x68, 0x65, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x04, 0x77, 0x68, 0x65, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x74, 0x72, 0x61, 0x74, + 0x65, 0x67, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x74, 0x72, 0x61, 0x74, + 0x65, 0x67, 0x79, 0x12, 0x1d, 0x0a, 0x0a, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x65, 0x5f, 0x69, + 0x66, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x65, + 0x49, 0x66, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x65, 0x72, 0x73, 0x18, + 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x65, 0x72, 0x73, + 0x12, 0x29, 0x0a, 0x10, 0x72, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, + 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x72, 0x65, 0x6a, 0x65, + 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, + 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, + 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0xd4, 0x06, 0x0a, 0x0b, 0x52, 0x65, 0x71, 0x75, 0x69, + 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x4c, 0x0a, 0x02, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, + 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, + 0x79, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x52, 0x65, + 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x54, 0x72, 0x69, 0x67, 0x67, 0x65, 0x72, + 0x52, 0x02, 0x6f, 0x6e, 0x12, 0x54, 0x0a, 0x07, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x18, + 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x41, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x41, 0x70, 0x70, 0x65, 0x61, - 0x6c, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, - 0x66, 0x69, 0x65, 0x72, 0x52, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x12, - 0x0a, 0x04, 0x72, 0x6f, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x72, 0x6f, - 0x6c, 0x65, 0x12, 0x3e, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, - 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x41, 0x70, 0x70, 0x65, - 0x61, 0x6c, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, - 0x6e, 0x73, 0x12, 0x3b, 0x0a, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, - 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x1a, - 0x92, 0x01, 0x0a, 0x12, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x64, 0x65, 0x6e, - 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, - 0x65, 0x72, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x70, - 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x70, - 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x75, 0x72, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0b, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x55, 0x72, 0x6e, 0x12, 0x12, - 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, - 0x70, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x03, 0x75, 0x72, 0x6e, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x02, 0x69, 0x64, 0x1a, 0xd3, 0x01, 0x0a, 0x03, 0x49, 0x41, 0x4d, 0x12, 0x1a, 0x0a, 0x08, - 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, - 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x2e, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, - 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x45, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, - 0x6d, 0x61, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, - 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x49, 0x41, 0x4d, 0x2e, 0x53, 0x63, 0x68, 0x65, - 0x6d, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x1a, - 0x39, 0x0a, 0x0b, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, - 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, - 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x70, 0x0a, 0x0d, 0x41, 0x70, - 0x70, 0x65, 0x61, 0x6c, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x65, - 0x78, 0x70, 0x69, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x64, 0x61, 0x74, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, - 0x52, 0x0e, 0x65, 0x78, 0x70, 0x69, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x61, 0x74, 0x65, - 0x12, 0x1a, 0x0a, 0x08, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x08, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xc0, 0x07, 0x0a, - 0x06, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x72, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x72, 0x65, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x6f, 0x6c, - 0x69, 0x63, 0x79, 0x49, 0x64, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5f, - 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0d, 0x70, - 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, - 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, - 0x61, 0x74, 0x75, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, - 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, - 0x74, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x6f, 0x6c, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x04, 0x72, 0x6f, 0x6c, 0x65, 0x12, 0x3e, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, - 0x6e, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, - 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2e, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, - 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x41, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, - 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, - 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, - 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x3b, 0x0a, 0x08, 0x72, 0x65, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6f, + 0x6c, 0x52, 0x07, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x1a, 0xfa, 0x01, 0x0a, 0x12, 0x52, + 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x54, 0x72, 0x69, 0x67, 0x67, 0x65, + 0x72, 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x74, 0x79, + 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, + 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, + 0x65, 0x72, 0x5f, 0x75, 0x72, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x70, 0x72, + 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x55, 0x72, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0c, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x21, + 0x0a, 0x0c, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x75, 0x72, 0x6e, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x72, + 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x6f, 0x6c, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x04, 0x72, 0x6f, 0x6c, 0x65, 0x12, 0x40, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, + 0x6f, 0x6e, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x6f, 0x64, 0x70, 0x66, + 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, + 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x63, 0x6f, 0x6e, + 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0xa3, 0x03, 0x0a, 0x10, 0x41, 0x64, 0x64, 0x69, + 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x12, 0x69, 0x0a, 0x08, + 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4d, + 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, + 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x52, 0x65, + 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x41, 0x64, 0x64, 0x69, 0x74, 0x69, + 0x6f, 0x6e, 0x61, 0x6c, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x52, 0x08, 0x72, + 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x6f, 0x6c, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x72, 0x6f, 0x6c, 0x65, 0x12, 0x3e, 0x0a, 0x07, 0x6f, + 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x08, 0x72, - 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x3d, 0x0a, 0x09, 0x61, 0x70, 0x70, 0x72, 0x6f, - 0x76, 0x61, 0x6c, 0x73, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6f, 0x64, 0x70, - 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x2e, 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x52, 0x09, 0x61, 0x70, 0x70, - 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x73, 0x12, 0x39, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, - 0x64, 0x5f, 0x61, 0x74, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, - 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, - 0x74, 0x12, 0x39, 0x0a, 0x0a, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, - 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, - 0x70, 0x52, 0x09, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x1d, 0x0a, 0x0a, - 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x5f, 0x62, 0x79, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x42, 0x79, 0x12, 0x39, 0x0a, 0x0a, 0x72, - 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x72, 0x65, 0x76, - 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x74, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, - 0x5f, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x10, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x72, - 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x31, 0x0a, 0x07, 0x64, - 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, - 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x21, - 0x0a, 0x0c, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x12, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x54, 0x79, 0x70, - 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x62, 0x79, 0x18, - 0x13, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x42, 0x79, - 0x12, 0x30, 0x0a, 0x07, 0x63, 0x72, 0x65, 0x61, 0x74, 0x6f, 0x72, 0x18, 0x14, 0x20, 0x01, 0x28, + 0x65, 0x74, 0x61, 0x31, 0x2e, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x4f, 0x70, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x3b, 0x0a, 0x06, 0x70, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x6f, 0x64, + 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, + 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x52, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x1a, 0x92, 0x01, 0x0a, 0x12, 0x52, 0x65, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, + 0x23, 0x0a, 0x0d, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x74, 0x79, 0x70, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, + 0x54, 0x79, 0x70, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, + 0x5f, 0x75, 0x72, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x70, 0x72, 0x6f, 0x76, + 0x69, 0x64, 0x65, 0x72, 0x55, 0x72, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, + 0x72, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6e, 0x12, 0x0e, 0x0a, + 0x02, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x1a, 0xd3, 0x01, + 0x0a, 0x03, 0x49, 0x41, 0x4d, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, + 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, + 0x72, 0x12, 0x2e, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x07, 0x63, 0x72, 0x65, 0x61, 0x74, - 0x6f, 0x72, 0x12, 0x20, 0x0a, 0x0b, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, - 0x73, 0x18, 0x15, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0b, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, - 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, + 0x62, 0x75, 0x66, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x12, 0x45, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x18, 0x03, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x2d, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, + 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x2e, 0x49, 0x41, 0x4d, 0x2e, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x1a, 0x39, 0x0a, 0x0b, 0x53, 0x63, 0x68, 0x65, + 0x6d, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, + 0x02, 0x38, 0x01, 0x22, 0x70, 0x0a, 0x0d, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x4f, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x65, 0x78, 0x70, 0x69, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x5f, 0x64, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0e, 0x65, 0x78, 0x70, 0x69, 0x72, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x61, 0x74, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x64, 0x75, 0x72, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x64, 0x75, 0x72, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xf7, 0x07, 0x0a, 0x06, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, + 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, + 0x12, 0x1f, 0x0a, 0x0b, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, + 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x12, 0x25, + 0x0a, 0x0e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0d, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x56, 0x65, + 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x1d, 0x0a, + 0x0a, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x09, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, + 0x72, 0x6f, 0x6c, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x72, 0x6f, 0x6c, 0x65, + 0x12, 0x3e, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x24, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, + 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, + 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, + 0x12, 0x41, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x29, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, + 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x2e, + 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, + 0x65, 0x6c, 0x73, 0x12, 0x3b, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, + 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, + 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x52, 0x65, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x12, 0x3d, 0x0a, 0x09, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x73, 0x18, 0x0b, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, + 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x41, 0x70, 0x70, 0x72, + 0x6f, 0x76, 0x61, 0x6c, 0x52, 0x09, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x73, 0x12, + 0x39, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x0c, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, + 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x39, 0x0a, 0x0a, 0x75, 0x70, + 0x64, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x75, 0x70, 0x64, 0x61, + 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, + 0x5f, 0x62, 0x79, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, + 0x65, 0x64, 0x42, 0x79, 0x12, 0x39, 0x0a, 0x0a, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x5f, + 0x61, 0x74, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, + 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x74, 0x12, + 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x5f, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, + 0x18, 0x10, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x52, 0x65, + 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x31, 0x0a, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, + 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x07, + 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x61, 0x63, 0x63, 0x6f, 0x75, + 0x6e, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x12, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, + 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x72, + 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x62, 0x79, 0x18, 0x13, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, + 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x42, 0x79, 0x12, 0x30, 0x0a, 0x07, 0x63, 0x72, 0x65, + 0x61, 0x74, 0x6f, 0x72, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x56, 0x61, 0x6c, + 0x75, 0x65, 0x52, 0x07, 0x63, 0x72, 0x65, 0x61, 0x74, 0x6f, 0x72, 0x12, 0x20, 0x0a, 0x0b, 0x70, + 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x15, 0x20, 0x03, 0x28, 0x09, + 0x52, 0x0b, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x35, 0x0a, + 0x06, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x16, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, + 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, + 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x06, 0x61, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, @@ -5632,278 +6573,366 @@ var file_odpf_guardian_v1beta1_guardian_proto_rawDesc = []byte{ 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x32, 0x9c, 0x21, 0x0a, 0x0f, 0x47, 0x75, - 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x86, 0x01, - 0x0a, 0x0d, 0x4c, 0x69, 0x73, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x12, - 0x2b, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, - 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x50, 0x72, 0x6f, 0x76, - 0x69, 0x64, 0x65, 0x72, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2c, 0x2e, 0x6f, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xb3, 0x05, 0x0a, 0x06, 0x41, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x02, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x1d, 0x0a, 0x0a, + 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x09, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x21, 0x0a, 0x0c, 0x61, + 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0b, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1f, + 0x0a, 0x0b, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0a, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x64, 0x12, + 0x12, 0x0a, 0x04, 0x72, 0x6f, 0x6c, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x72, + 0x6f, 0x6c, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, + 0x6e, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0b, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, + 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x65, 0x78, 0x70, 0x69, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x5f, 0x64, 0x61, 0x74, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0e, 0x65, 0x78, 0x70, 0x69, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x61, 0x74, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x61, 0x70, + 0x70, 0x65, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x61, + 0x70, 0x70, 0x65, 0x61, 0x6c, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x72, 0x65, 0x76, 0x6f, 0x6b, + 0x65, 0x64, 0x5f, 0x62, 0x79, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x72, 0x65, 0x76, + 0x6f, 0x6b, 0x65, 0x64, 0x42, 0x79, 0x12, 0x39, 0x0a, 0x0a, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, + 0x64, 0x5f, 0x61, 0x74, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, + 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, + 0x74, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x5f, 0x72, 0x65, 0x61, 0x73, + 0x6f, 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, + 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, + 0x64, 0x5f, 0x62, 0x79, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, + 0x74, 0x65, 0x64, 0x42, 0x79, 0x12, 0x39, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, + 0x5f, 0x61, 0x74, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, + 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, + 0x12, 0x39, 0x0a, 0x0a, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x0f, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, + 0x52, 0x09, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x3b, 0x0a, 0x08, 0x72, + 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, + 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, + 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x08, + 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x35, 0x0a, 0x06, 0x61, 0x70, 0x70, 0x65, + 0x61, 0x6c, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, + 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, + 0x2e, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x52, 0x06, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x32, + 0xe4, 0x26, 0x0a, 0x0f, 0x47, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x12, 0x86, 0x01, 0x0a, 0x0d, 0x4c, 0x69, 0x73, 0x74, 0x50, 0x72, 0x6f, 0x76, + 0x69, 0x64, 0x65, 0x72, 0x73, 0x12, 0x2b, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, + 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, + 0x73, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x2c, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, + 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x50, + 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x22, 0x1a, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x14, 0x12, 0x12, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, + 0x61, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x12, 0x85, 0x01, 0x0a, + 0x0b, 0x47, 0x65, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x29, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, - 0x72, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1a, 0x82, 0xd3, 0xe4, 0x93, - 0x02, 0x14, 0x12, 0x12, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, 0x72, 0x6f, - 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x12, 0x85, 0x01, 0x0a, 0x0b, 0x47, 0x65, 0x74, 0x50, 0x72, - 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x29, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, - 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x47, - 0x65, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x1a, 0x2a, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, - 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x50, 0x72, 0x6f, - 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1f, 0x82, - 0xd3, 0xe4, 0x93, 0x02, 0x19, 0x12, 0x17, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, - 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x12, 0x95, - 0x01, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x54, 0x79, - 0x70, 0x65, 0x73, 0x12, 0x2e, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, - 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x50, - 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, - 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x50, - 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x20, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1a, 0x12, 0x18, 0x2f, 0x76, - 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, - 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x12, 0x91, 0x01, 0x0a, 0x0e, 0x43, 0x72, 0x65, 0x61, 0x74, - 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x2c, 0x2e, 0x6f, 0x64, 0x70, 0x66, - 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2d, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, + 0x65, 0x74, 0x61, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2a, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, - 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x22, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1c, 0x22, 0x12, - 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, - 0x72, 0x73, 0x3a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0xcf, 0x01, 0x0a, 0x0e, 0x55, - 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x2c, 0x2e, - 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, - 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2d, 0x2e, 0x6f, 0x64, - 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, - 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x60, 0x82, 0xd3, 0xe4, 0x93, - 0x02, 0x5a, 0x1a, 0x17, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, 0x72, 0x6f, - 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x3a, 0x06, 0x63, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x5a, 0x37, 0x1a, 0x2d, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, - 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x2f, 0x7b, 0x63, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x7d, 0x2f, 0x7b, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, - 0x75, 0x72, 0x6e, 0x7d, 0x3a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x8e, 0x01, 0x0a, - 0x0e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, + 0x47, 0x65, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x22, 0x1f, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x19, 0x12, 0x17, 0x2f, 0x76, 0x31, + 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x2f, + 0x7b, 0x69, 0x64, 0x7d, 0x12, 0x95, 0x01, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x50, 0x72, 0x6f, 0x76, + 0x69, 0x64, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x73, 0x12, 0x2e, 0x2e, 0x6f, 0x64, 0x70, 0x66, + 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, + 0x31, 0x2e, 0x47, 0x65, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x54, 0x79, 0x70, + 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x6f, 0x64, 0x70, 0x66, + 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, + 0x31, 0x2e, 0x47, 0x65, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x54, 0x79, 0x70, + 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x20, 0x82, 0xd3, 0xe4, 0x93, + 0x02, 0x1a, 0x12, 0x18, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, 0x72, 0x6f, + 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x12, 0x91, 0x01, 0x0a, + 0x0e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x2c, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, - 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x50, 0x72, + 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2d, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, - 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1f, 0x82, 0xd3, - 0xe4, 0x93, 0x02, 0x19, 0x2a, 0x17, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, - 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x12, 0x9f, 0x01, - 0x0a, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x6f, 0x6c, 0x65, 0x73, 0x12, 0x27, 0x2e, 0x6f, 0x64, + 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, + 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x22, 0x82, 0xd3, + 0xe4, 0x93, 0x02, 0x1c, 0x22, 0x12, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, + 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x3a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x12, 0xcf, 0x01, 0x0a, 0x0e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, + 0x64, 0x65, 0x72, 0x12, 0x2c, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, + 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, + 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x2d, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, + 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, + 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x22, 0x60, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x5a, 0x1a, 0x17, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, + 0x61, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x2f, 0x7b, 0x69, 0x64, + 0x7d, 0x3a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5a, 0x37, 0x1a, 0x2d, 0x2f, 0x76, 0x31, + 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x2f, + 0x7b, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x7d, 0x2f, 0x7b, 0x63, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x75, 0x72, 0x6e, 0x7d, 0x3a, 0x06, 0x63, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x12, 0x8e, 0x01, 0x0a, 0x0e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x50, 0x72, 0x6f, + 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x2c, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, + 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x44, 0x65, + 0x6c, 0x65, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x2d, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, + 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, + 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x22, 0x1f, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x19, 0x2a, 0x17, 0x2f, 0x76, 0x31, 0x62, + 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x2f, 0x7b, + 0x69, 0x64, 0x7d, 0x12, 0x9f, 0x01, 0x0a, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x6f, 0x6c, 0x65, + 0x73, 0x12, 0x27, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, + 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x6f, + 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x6f, 0x64, 0x70, + 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, + 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x6f, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x3f, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x39, 0x12, 0x37, 0x2f, 0x76, + 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, + 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2f, + 0x7b, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x7d, 0x2f, + 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x12, 0x82, 0x01, 0x0a, 0x0c, 0x4c, 0x69, 0x73, 0x74, 0x50, 0x6f, + 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x12, 0x2a, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, + 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, + 0x69, 0x73, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, + 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x50, + 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, + 0x19, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x13, 0x12, 0x11, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, + 0x31, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x12, 0x91, 0x01, 0x0a, 0x09, 0x47, + 0x65, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x27, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, + 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, + 0x2e, 0x47, 0x65, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x28, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, + 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x50, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x31, 0x82, 0xd3, 0xe4, + 0x93, 0x02, 0x2b, 0x12, 0x29, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, 0x6f, + 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x2f, 0x76, 0x65, 0x72, 0x73, + 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x7b, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x7d, 0x12, 0x8a, + 0x01, 0x0a, 0x0c, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, + 0x2a, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, + 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x50, 0x6f, + 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x6f, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, - 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, - 0x74, 0x52, 0x6f, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x3f, - 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x39, 0x12, 0x37, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x2f, - 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2f, 0x7b, 0x72, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x7d, 0x2f, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x12, - 0x82, 0x01, 0x0a, 0x0c, 0x4c, 0x69, 0x73, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, - 0x12, 0x2a, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x50, 0x6f, 0x6c, - 0x69, 0x63, 0x69, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x6f, + 0x74, 0x61, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x21, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1b, + 0x22, 0x11, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, + 0x69, 0x65, 0x73, 0x3a, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x8f, 0x01, 0x0a, 0x0c, + 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x2a, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, - 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x19, 0x82, 0xd3, 0xe4, 0x93, 0x02, - 0x13, 0x12, 0x11, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, 0x6f, 0x6c, 0x69, - 0x63, 0x69, 0x65, 0x73, 0x12, 0x91, 0x01, 0x0a, 0x09, 0x47, 0x65, 0x74, 0x50, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x12, 0x27, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, - 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x50, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x6f, 0x64, - 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x31, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x2b, 0x12, 0x29, 0x2f, + 0x65, 0x74, 0x61, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, + 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, + 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, + 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x26, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x20, 0x1a, 0x16, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, - 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x2f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x7b, - 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x7d, 0x12, 0x8a, 0x01, 0x0a, 0x0c, 0x43, 0x72, 0x65, - 0x61, 0x74, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x2a, 0x2e, 0x6f, 0x64, 0x70, 0x66, - 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, - 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x72, - 0x65, 0x61, 0x74, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x22, 0x21, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1b, 0x22, 0x11, 0x2f, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x3a, 0x06, 0x70, - 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x8f, 0x01, 0x0a, 0x0c, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, - 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x2a, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, - 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x55, - 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, - 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, - 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, - 0x26, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x20, 0x1a, 0x16, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x3a, - 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0xbe, 0x01, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x50, - 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x50, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x73, - 0x12, 0x32, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x50, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x50, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x1a, 0x33, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, - 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x47, 0x65, 0x74, - 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x50, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, - 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x3d, 0x82, 0xd3, 0xe4, 0x93, 0x02, - 0x37, 0x12, 0x35, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, 0x6f, 0x6c, 0x69, - 0x63, 0x69, 0x65, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x2f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, - 0x6e, 0x73, 0x2f, 0x7b, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x7d, 0x2f, 0x70, 0x72, 0x65, - 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x12, 0x86, 0x01, 0x0a, 0x0d, 0x4c, 0x69, 0x73, - 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x2b, 0x2e, 0x6f, 0x64, 0x70, + 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x3a, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0xbe, 0x01, + 0x0a, 0x14, 0x47, 0x65, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x50, 0x72, 0x65, 0x66, 0x65, + 0x72, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x12, 0x32, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, + 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x47, + 0x65, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x50, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, + 0x63, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x33, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2c, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, + 0x61, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x50, 0x72, 0x65, 0x66, + 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, + 0x3d, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x37, 0x12, 0x35, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, + 0x31, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x2f, + 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x7b, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, + 0x6e, 0x7d, 0x2f, 0x70, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x12, 0x86, + 0x01, 0x0a, 0x0d, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, + 0x12, 0x2b, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, + 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2c, 0x2e, + 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, + 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1a, 0x82, 0xd3, 0xe4, + 0x93, 0x02, 0x14, 0x12, 0x12, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x72, 0x65, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x85, 0x01, 0x0a, 0x0b, 0x47, 0x65, 0x74, 0x52, + 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x29, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, - 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1a, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x14, 0x12, 0x12, 0x2f, - 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x73, 0x12, 0x85, 0x01, 0x0a, 0x0b, 0x47, 0x65, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x12, 0x29, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, - 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x52, 0x65, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2a, 0x2e, 0x6f, - 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1f, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x19, - 0x12, 0x17, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x12, 0x98, 0x01, 0x0a, 0x0e, 0x55, 0x70, - 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x2c, 0x2e, 0x6f, - 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2d, 0x2e, 0x6f, 0x64, 0x70, + 0x47, 0x65, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x2a, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, + 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x52, 0x65, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1f, + 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x19, 0x12, 0x17, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, + 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x12, + 0x98, 0x01, 0x0a, 0x0e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x12, 0x2c, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, + 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, + 0x65, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x1a, 0x2d, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, + 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, + 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, + 0x29, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x23, 0x1a, 0x17, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, + 0x31, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, + 0x3a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x8e, 0x01, 0x0a, 0x0e, 0x44, + 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x2c, 0x2e, + 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, + 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2d, 0x2e, 0x6f, 0x64, + 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, + 0x74, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1f, 0x82, 0xd3, 0xe4, 0x93, + 0x02, 0x19, 0x2a, 0x17, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x72, 0x65, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x12, 0x8d, 0x01, 0x0a, 0x0f, + 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x12, + 0x2d, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, + 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, + 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2e, + 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, + 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x41, + 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1b, + 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x15, 0x12, 0x13, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, + 0x2f, 0x6d, 0x65, 0x2f, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x12, 0x7e, 0x0a, 0x0b, 0x4c, + 0x69, 0x73, 0x74, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x12, 0x29, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x29, 0x82, 0xd3, 0xe4, 0x93, 0x02, - 0x23, 0x1a, 0x17, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x72, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x3a, 0x08, 0x72, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x12, 0x8e, 0x01, 0x0a, 0x0e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, - 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x2c, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, - 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, - 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2d, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, - 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x44, 0x65, - 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1f, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x19, 0x2a, 0x17, 0x2f, 0x76, - 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, - 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x12, 0x8d, 0x01, 0x0a, 0x0f, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, - 0x65, 0x72, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x12, 0x2d, 0x2e, 0x6f, 0x64, 0x70, 0x66, - 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, - 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2e, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, + 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2a, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, + 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, + 0x73, 0x74, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x22, 0x18, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x12, 0x12, 0x10, 0x2f, 0x76, 0x31, 0x62, 0x65, + 0x74, 0x61, 0x31, 0x2f, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x12, 0x7d, 0x0a, 0x09, 0x47, + 0x65, 0x74, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x12, 0x27, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1b, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x15, - 0x12, 0x13, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x6d, 0x65, 0x2f, 0x61, 0x70, - 0x70, 0x65, 0x61, 0x6c, 0x73, 0x12, 0x7e, 0x0a, 0x0b, 0x4c, 0x69, 0x73, 0x74, 0x41, 0x70, 0x70, - 0x65, 0x61, 0x6c, 0x73, 0x12, 0x29, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, - 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, - 0x74, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, - 0x2a, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, - 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x41, 0x70, 0x70, 0x65, - 0x61, 0x6c, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x18, 0x82, 0xd3, 0xe4, - 0x93, 0x02, 0x12, 0x12, 0x10, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x61, 0x70, - 0x70, 0x65, 0x61, 0x6c, 0x73, 0x12, 0x7d, 0x0a, 0x09, 0x47, 0x65, 0x74, 0x41, 0x70, 0x70, 0x65, - 0x61, 0x6c, 0x12, 0x27, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, - 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x70, - 0x70, 0x65, 0x61, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x6f, 0x64, + 0x2e, 0x47, 0x65, 0x74, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x28, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, + 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x70, 0x70, + 0x65, 0x61, 0x6c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1d, 0x82, 0xd3, 0xe4, + 0x93, 0x02, 0x17, 0x12, 0x15, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x61, 0x70, + 0x70, 0x65, 0x61, 0x6c, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x12, 0x8d, 0x01, 0x0a, 0x0c, 0x43, + 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x12, 0x2a, 0x2e, 0x6f, 0x64, + 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, + 0x74, 0x61, 0x31, 0x2e, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, + 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, + 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x24, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1e, 0x1a, 0x1c, 0x2f, 0x76, + 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x2f, 0x7b, + 0x69, 0x64, 0x7d, 0x2f, 0x63, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x12, 0x98, 0x01, 0x0a, 0x0c, 0x52, + 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x12, 0x2a, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x52, 0x65, 0x73, + 0x74, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, + 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, + 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x2f, 0x88, 0x02, 0x01, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x26, 0x1a, + 0x1c, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, + 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x2f, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x3a, 0x06, 0x72, + 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x84, 0x01, 0x0a, 0x0c, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, + 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x12, 0x2a, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, + 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, + 0x72, 0x65, 0x61, 0x74, 0x65, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, + 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, + 0x65, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, + 0x1b, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x15, 0x22, 0x10, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, + 0x31, 0x2f, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x3a, 0x01, 0x2a, 0x12, 0x95, 0x01, 0x0a, + 0x11, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, + 0x6c, 0x73, 0x12, 0x2f, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, + 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, + 0x73, 0x65, 0x72, 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x73, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x30, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, + 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, + 0x55, 0x73, 0x65, 0x72, 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1d, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x17, 0x12, 0x15, 0x2f, + 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x6d, 0x65, 0x2f, 0x61, 0x70, 0x70, 0x72, 0x6f, + 0x76, 0x61, 0x6c, 0x73, 0x12, 0x86, 0x01, 0x0a, 0x0d, 0x4c, 0x69, 0x73, 0x74, 0x41, 0x70, 0x70, + 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x73, 0x12, 0x2b, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, + 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, + 0x69, 0x73, 0x74, 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x73, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x2c, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, + 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, + 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x22, 0x1a, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x14, 0x12, 0x12, 0x2f, 0x76, 0x31, 0x62, 0x65, + 0x74, 0x61, 0x31, 0x2f, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x73, 0x12, 0xae, 0x01, + 0x0a, 0x0e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, + 0x12, 0x2c, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, + 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, + 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2d, + 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, + 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x70, 0x70, + 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x3f, 0x82, + 0xd3, 0xe4, 0x93, 0x02, 0x39, 0x22, 0x2f, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, + 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x2f, 0x61, 0x70, 0x70, + 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x73, 0x2f, 0x7b, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, + 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x7d, 0x3a, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0xaf, + 0x01, 0x0a, 0x0b, 0x41, 0x64, 0x64, 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x29, + 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, + 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x41, 0x64, 0x64, 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, + 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2a, 0x2e, 0x6f, 0x64, 0x70, 0x66, + 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, + 0x31, 0x2e, 0x41, 0x64, 0x64, 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x49, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x43, 0x22, 0x3e, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x2f, - 0x7b, 0x69, 0x64, 0x7d, 0x12, 0x8d, 0x01, 0x0a, 0x0c, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x41, - 0x70, 0x70, 0x65, 0x61, 0x6c, 0x12, 0x2a, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, - 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x61, - 0x6e, 0x63, 0x65, 0x6c, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x1a, 0x2b, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, - 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, - 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x24, - 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1e, 0x1a, 0x1c, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2f, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x2f, 0x63, 0x61, - 0x6e, 0x63, 0x65, 0x6c, 0x12, 0x95, 0x01, 0x0a, 0x0c, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x41, - 0x70, 0x70, 0x65, 0x61, 0x6c, 0x12, 0x2a, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, - 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x52, 0x65, - 0x76, 0x6f, 0x6b, 0x65, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x7b, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x7d, 0x2f, 0x61, 0x70, 0x70, 0x72, + 0x6f, 0x76, 0x61, 0x6c, 0x73, 0x2f, 0x7b, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x5f, + 0x69, 0x64, 0x7d, 0x2f, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x65, 0x72, 0x73, 0x3a, 0x01, 0x2a, + 0x12, 0xbd, 0x01, 0x0a, 0x0e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x41, 0x70, 0x70, 0x72, 0x6f, + 0x76, 0x65, 0x72, 0x12, 0x2c, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, + 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, + 0x74, 0x65, 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x2d, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, + 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, + 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x22, 0x4e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x48, 0x2a, 0x46, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, + 0x61, 0x31, 0x2f, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x2f, 0x7b, 0x61, 0x70, 0x70, 0x65, + 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x7d, 0x2f, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x73, + 0x2f, 0x7b, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x7d, 0x2f, 0x61, + 0x70, 0x70, 0x72, 0x6f, 0x76, 0x65, 0x72, 0x73, 0x2f, 0x7b, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x7d, + 0x12, 0x91, 0x01, 0x0a, 0x0d, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x41, 0x70, 0x70, 0x65, 0x61, + 0x6c, 0x73, 0x12, 0x2b, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, + 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, + 0x65, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x2c, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, + 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x41, 0x70, + 0x70, 0x65, 0x61, 0x6c, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x25, 0x88, + 0x02, 0x01, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1c, 0x22, 0x17, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, + 0x61, 0x31, 0x2f, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x2f, 0x72, 0x65, 0x76, 0x6f, 0x6b, + 0x65, 0x3a, 0x01, 0x2a, 0x12, 0x82, 0x01, 0x0a, 0x0c, 0x4c, 0x69, 0x73, 0x74, 0x41, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x2a, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, + 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, + 0x73, 0x74, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, - 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, - 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x2c, - 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x26, 0x1a, 0x1c, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2f, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x2f, 0x72, 0x65, - 0x76, 0x6f, 0x6b, 0x65, 0x3a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x84, 0x01, 0x0a, - 0x0c, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x12, 0x2a, 0x2e, - 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x41, 0x70, 0x70, 0x65, - 0x61, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x6f, 0x64, 0x70, 0x66, - 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1b, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x15, 0x22, 0x10, - 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, - 0x3a, 0x01, 0x2a, 0x12, 0x95, 0x01, 0x0a, 0x11, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, - 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x73, 0x12, 0x2f, 0x2e, 0x6f, 0x64, 0x70, 0x66, - 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, - 0x61, 0x6c, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x30, 0x2e, 0x6f, 0x64, 0x70, - 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x41, 0x70, 0x70, 0x72, 0x6f, - 0x76, 0x61, 0x6c, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1d, 0x82, 0xd3, - 0xe4, 0x93, 0x02, 0x17, 0x12, 0x15, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x6d, - 0x65, 0x2f, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x73, 0x12, 0x86, 0x01, 0x0a, 0x0d, - 0x4c, 0x69, 0x73, 0x74, 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x73, 0x12, 0x2b, 0x2e, - 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, - 0x61, 0x6c, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2c, 0x2e, 0x6f, 0x64, 0x70, + 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x41, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x19, + 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x13, 0x12, 0x11, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, + 0x2f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x91, 0x01, 0x0a, 0x10, 0x4c, 0x69, + 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x2e, + 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, + 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x41, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, + 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, + 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x41, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, + 0x1c, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x16, 0x12, 0x14, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, + 0x31, 0x2f, 0x6d, 0x65, 0x2f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x7e, 0x0a, + 0x09, 0x47, 0x65, 0x74, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x27, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x73, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1a, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x14, - 0x12, 0x12, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x61, 0x70, 0x70, 0x72, 0x6f, - 0x76, 0x61, 0x6c, 0x73, 0x12, 0xae, 0x01, 0x0a, 0x0e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, - 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x12, 0x2c, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, - 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, - 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2d, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, - 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x55, 0x70, - 0x64, 0x61, 0x74, 0x65, 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x3f, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x39, 0x22, 0x2f, 0x2f, 0x76, - 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x2f, 0x7b, - 0x69, 0x64, 0x7d, 0x2f, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x73, 0x2f, 0x7b, 0x61, - 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x7d, 0x3a, 0x06, 0x61, - 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0xaf, 0x01, 0x0a, 0x0b, 0x41, 0x64, 0x64, 0x41, 0x70, 0x70, - 0x72, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x29, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, - 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x41, 0x64, - 0x64, 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x2a, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x41, 0x64, 0x64, 0x41, 0x70, 0x70, 0x72, - 0x6f, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x49, 0x82, 0xd3, - 0xe4, 0x93, 0x02, 0x43, 0x22, 0x3e, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x61, - 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x2f, 0x7b, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x5f, 0x69, - 0x64, 0x7d, 0x2f, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x73, 0x2f, 0x7b, 0x61, 0x70, - 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x7d, 0x2f, 0x61, 0x70, 0x70, 0x72, 0x6f, - 0x76, 0x65, 0x72, 0x73, 0x3a, 0x01, 0x2a, 0x12, 0xbd, 0x01, 0x0a, 0x0e, 0x44, 0x65, 0x6c, 0x65, - 0x74, 0x65, 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x2c, 0x2e, 0x6f, 0x64, 0x70, + 0x61, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, + 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x41, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1e, 0x82, + 0xd3, 0xe4, 0x93, 0x02, 0x18, 0x12, 0x16, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, + 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x65, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x12, 0x91, 0x01, + 0x0a, 0x0c, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x2a, + 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, + 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x41, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x65, - 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2d, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, - 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x41, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x65, 0x72, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x4e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x48, 0x2a, - 0x46, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, - 0x73, 0x2f, 0x7b, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x7d, 0x2f, 0x61, 0x70, - 0x70, 0x72, 0x6f, 0x76, 0x61, 0x6c, 0x73, 0x2f, 0x7b, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x61, - 0x6c, 0x5f, 0x69, 0x64, 0x7d, 0x2f, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x76, 0x65, 0x72, 0x73, 0x2f, - 0x7b, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x7d, 0x12, 0x8e, 0x01, 0x0a, 0x0d, 0x52, 0x65, 0x76, 0x6f, - 0x6b, 0x65, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x12, 0x2b, 0x2e, 0x6f, 0x64, 0x70, 0x66, - 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2c, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, - 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x52, - 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x41, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x22, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1c, 0x22, 0x17, 0x2f, 0x76, - 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x61, 0x70, 0x70, 0x65, 0x61, 0x6c, 0x73, 0x2f, 0x72, - 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x3a, 0x01, 0x2a, 0x42, 0x48, 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, - 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x64, 0x70, 0x66, 0x2f, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x6e, 0x2f, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2f, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x3b, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x92, 0x41, 0x0c, 0x12, 0x07, 0x32, 0x05, 0x30, 0x2e, 0x31, 0x2e, 0x30, 0x2a, - 0x01, 0x01, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x61, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x28, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x22, 0x1a, + 0x1d, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, + 0x65, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x2f, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x3a, 0x01, + 0x2a, 0x12, 0x92, 0x01, 0x0a, 0x0e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x41, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x65, 0x73, 0x12, 0x2c, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, + 0x64, 0x69, 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x76, + 0x6f, 0x6b, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x2d, 0x2e, 0x6f, 0x64, 0x70, 0x66, 0x2e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, + 0x61, 0x6e, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, + 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x22, 0x23, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1d, 0x1a, 0x18, 0x2f, 0x76, 0x31, 0x62, 0x65, + 0x74, 0x61, 0x31, 0x2f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x65, 0x73, 0x2f, 0x72, 0x65, 0x76, + 0x6f, 0x6b, 0x65, 0x3a, 0x01, 0x2a, 0x42, 0x48, 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x64, 0x70, 0x66, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x6e, + 0x2f, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, + 0x31, 0x3b, 0x67, 0x75, 0x61, 0x72, 0x64, 0x69, 0x61, 0x6e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, + 0x31, 0x92, 0x41, 0x0c, 0x12, 0x07, 0x32, 0x05, 0x30, 0x2e, 0x31, 0x2e, 0x30, 0x2a, 0x01, 0x01, + 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -5918,7 +6947,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_rawDescGZIP() []byte { return file_odpf_guardian_v1beta1_guardian_proto_rawDescData } -var file_odpf_guardian_v1beta1_guardian_proto_msgTypes = make([]protoimpl.MessageInfo, 86) +var file_odpf_guardian_v1beta1_guardian_proto_msgTypes = make([]protoimpl.MessageInfo, 97) var file_odpf_guardian_v1beta1_guardian_proto_goTypes = []interface{}{ (*ListProvidersRequest)(nil), // 0: odpf.guardian.v1beta1.ListProvidersRequest (*ListProvidersResponse)(nil), // 1: odpf.guardian.v1beta1.ListProvidersResponse @@ -5976,183 +7005,216 @@ var file_odpf_guardian_v1beta1_guardian_proto_goTypes = []interface{}{ (*AddApproverResponse)(nil), // 53: odpf.guardian.v1beta1.AddApproverResponse (*DeleteApproverRequest)(nil), // 54: odpf.guardian.v1beta1.DeleteApproverRequest (*DeleteApproverResponse)(nil), // 55: odpf.guardian.v1beta1.DeleteApproverResponse - (*Role)(nil), // 56: odpf.guardian.v1beta1.Role - (*PolicyConfig)(nil), // 57: odpf.guardian.v1beta1.PolicyConfig - (*ProviderConfig)(nil), // 58: odpf.guardian.v1beta1.ProviderConfig - (*Provider)(nil), // 59: odpf.guardian.v1beta1.Provider - (*ProviderType)(nil), // 60: odpf.guardian.v1beta1.ProviderType - (*Condition)(nil), // 61: odpf.guardian.v1beta1.Condition - (*PolicyAppealConfig)(nil), // 62: odpf.guardian.v1beta1.PolicyAppealConfig - (*Policy)(nil), // 63: odpf.guardian.v1beta1.Policy - (*AppealOptions)(nil), // 64: odpf.guardian.v1beta1.AppealOptions - (*Appeal)(nil), // 65: odpf.guardian.v1beta1.Appeal - (*Approval)(nil), // 66: odpf.guardian.v1beta1.Approval - (*Resource)(nil), // 67: odpf.guardian.v1beta1.Resource - (*RevokeAppealRequest_Reason)(nil), // 68: odpf.guardian.v1beta1.RevokeAppealRequest.Reason - (*CreateAppealRequest_Resource)(nil), // 69: odpf.guardian.v1beta1.CreateAppealRequest.Resource - (*UpdateApprovalRequest_Action)(nil), // 70: odpf.guardian.v1beta1.UpdateApprovalRequest.Action - nil, // 71: odpf.guardian.v1beta1.ProviderConfig.LabelsEntry - (*ProviderConfig_AppealConfig)(nil), // 72: odpf.guardian.v1beta1.ProviderConfig.AppealConfig - (*ProviderConfig_ResourceConfig)(nil), // 73: odpf.guardian.v1beta1.ProviderConfig.ResourceConfig - (*Condition_MatchCondition)(nil), // 74: odpf.guardian.v1beta1.Condition.MatchCondition - (*PolicyAppealConfig_DurationOptions)(nil), // 75: odpf.guardian.v1beta1.PolicyAppealConfig.DurationOptions - (*Policy_ApprovalStep)(nil), // 76: odpf.guardian.v1beta1.Policy.ApprovalStep - nil, // 77: odpf.guardian.v1beta1.Policy.LabelsEntry - (*Policy_Requirement)(nil), // 78: odpf.guardian.v1beta1.Policy.Requirement - (*Policy_IAM)(nil), // 79: odpf.guardian.v1beta1.Policy.IAM - (*Policy_Requirement_RequirementTrigger)(nil), // 80: odpf.guardian.v1beta1.Policy.Requirement.RequirementTrigger - (*Policy_Requirement_AdditionalAppeal)(nil), // 81: odpf.guardian.v1beta1.Policy.Requirement.AdditionalAppeal - (*Policy_Requirement_AdditionalAppeal_ResourceIdentifier)(nil), // 82: odpf.guardian.v1beta1.Policy.Requirement.AdditionalAppeal.ResourceIdentifier - nil, // 83: odpf.guardian.v1beta1.Policy.IAM.SchemaEntry - nil, // 84: odpf.guardian.v1beta1.Appeal.LabelsEntry - nil, // 85: odpf.guardian.v1beta1.Resource.LabelsEntry - (*structpb.Value)(nil), // 86: google.protobuf.Value - (*timestamppb.Timestamp)(nil), // 87: google.protobuf.Timestamp - (*structpb.Struct)(nil), // 88: google.protobuf.Struct + (*ListAccessesRequest)(nil), // 56: odpf.guardian.v1beta1.ListAccessesRequest + (*ListAccessesResponse)(nil), // 57: odpf.guardian.v1beta1.ListAccessesResponse + (*ListUserAccessesRequest)(nil), // 58: odpf.guardian.v1beta1.ListUserAccessesRequest + (*ListUserAccessesResponse)(nil), // 59: odpf.guardian.v1beta1.ListUserAccessesResponse + (*GetAccessRequest)(nil), // 60: odpf.guardian.v1beta1.GetAccessRequest + (*GetAccessResponse)(nil), // 61: odpf.guardian.v1beta1.GetAccessResponse + (*RevokeAccessRequest)(nil), // 62: odpf.guardian.v1beta1.RevokeAccessRequest + (*RevokeAccessResponse)(nil), // 63: odpf.guardian.v1beta1.RevokeAccessResponse + (*RevokeAccessesRequest)(nil), // 64: odpf.guardian.v1beta1.RevokeAccessesRequest + (*RevokeAccessesResponse)(nil), // 65: odpf.guardian.v1beta1.RevokeAccessesResponse + (*Role)(nil), // 66: odpf.guardian.v1beta1.Role + (*PolicyConfig)(nil), // 67: odpf.guardian.v1beta1.PolicyConfig + (*ProviderConfig)(nil), // 68: odpf.guardian.v1beta1.ProviderConfig + (*Provider)(nil), // 69: odpf.guardian.v1beta1.Provider + (*ProviderType)(nil), // 70: odpf.guardian.v1beta1.ProviderType + (*Condition)(nil), // 71: odpf.guardian.v1beta1.Condition + (*PolicyAppealConfig)(nil), // 72: odpf.guardian.v1beta1.PolicyAppealConfig + (*Policy)(nil), // 73: odpf.guardian.v1beta1.Policy + (*AppealOptions)(nil), // 74: odpf.guardian.v1beta1.AppealOptions + (*Appeal)(nil), // 75: odpf.guardian.v1beta1.Appeal + (*Approval)(nil), // 76: odpf.guardian.v1beta1.Approval + (*Resource)(nil), // 77: odpf.guardian.v1beta1.Resource + (*Access)(nil), // 78: odpf.guardian.v1beta1.Access + (*RevokeAppealRequest_Reason)(nil), // 79: odpf.guardian.v1beta1.RevokeAppealRequest.Reason + (*CreateAppealRequest_Resource)(nil), // 80: odpf.guardian.v1beta1.CreateAppealRequest.Resource + (*UpdateApprovalRequest_Action)(nil), // 81: odpf.guardian.v1beta1.UpdateApprovalRequest.Action + nil, // 82: odpf.guardian.v1beta1.ProviderConfig.LabelsEntry + (*ProviderConfig_AppealConfig)(nil), // 83: odpf.guardian.v1beta1.ProviderConfig.AppealConfig + (*ProviderConfig_ResourceConfig)(nil), // 84: odpf.guardian.v1beta1.ProviderConfig.ResourceConfig + (*Condition_MatchCondition)(nil), // 85: odpf.guardian.v1beta1.Condition.MatchCondition + (*PolicyAppealConfig_DurationOptions)(nil), // 86: odpf.guardian.v1beta1.PolicyAppealConfig.DurationOptions + (*Policy_ApprovalStep)(nil), // 87: odpf.guardian.v1beta1.Policy.ApprovalStep + nil, // 88: odpf.guardian.v1beta1.Policy.LabelsEntry + (*Policy_Requirement)(nil), // 89: odpf.guardian.v1beta1.Policy.Requirement + (*Policy_IAM)(nil), // 90: odpf.guardian.v1beta1.Policy.IAM + (*Policy_Requirement_RequirementTrigger)(nil), // 91: odpf.guardian.v1beta1.Policy.Requirement.RequirementTrigger + (*Policy_Requirement_AdditionalAppeal)(nil), // 92: odpf.guardian.v1beta1.Policy.Requirement.AdditionalAppeal + (*Policy_Requirement_AdditionalAppeal_ResourceIdentifier)(nil), // 93: odpf.guardian.v1beta1.Policy.Requirement.AdditionalAppeal.ResourceIdentifier + nil, // 94: odpf.guardian.v1beta1.Policy.IAM.SchemaEntry + nil, // 95: odpf.guardian.v1beta1.Appeal.LabelsEntry + nil, // 96: odpf.guardian.v1beta1.Resource.LabelsEntry + (*structpb.Value)(nil), // 97: google.protobuf.Value + (*timestamppb.Timestamp)(nil), // 98: google.protobuf.Timestamp + (*structpb.Struct)(nil), // 99: google.protobuf.Struct } var file_odpf_guardian_v1beta1_guardian_proto_depIdxs = []int32{ - 59, // 0: odpf.guardian.v1beta1.ListProvidersResponse.providers:type_name -> odpf.guardian.v1beta1.Provider - 59, // 1: odpf.guardian.v1beta1.GetProviderResponse.provider:type_name -> odpf.guardian.v1beta1.Provider - 60, // 2: odpf.guardian.v1beta1.GetProviderTypesResponse.provider_types:type_name -> odpf.guardian.v1beta1.ProviderType - 58, // 3: odpf.guardian.v1beta1.CreateProviderRequest.config:type_name -> odpf.guardian.v1beta1.ProviderConfig - 59, // 4: odpf.guardian.v1beta1.CreateProviderResponse.provider:type_name -> odpf.guardian.v1beta1.Provider - 58, // 5: odpf.guardian.v1beta1.UpdateProviderRequest.config:type_name -> odpf.guardian.v1beta1.ProviderConfig - 59, // 6: odpf.guardian.v1beta1.UpdateProviderResponse.provider:type_name -> odpf.guardian.v1beta1.Provider - 56, // 7: odpf.guardian.v1beta1.ListRolesResponse.roles:type_name -> odpf.guardian.v1beta1.Role - 63, // 8: odpf.guardian.v1beta1.ListPoliciesResponse.policies:type_name -> odpf.guardian.v1beta1.Policy - 62, // 9: odpf.guardian.v1beta1.GetPolicyPreferencesResponse.appeal:type_name -> odpf.guardian.v1beta1.PolicyAppealConfig - 63, // 10: odpf.guardian.v1beta1.GetPolicyResponse.policy:type_name -> odpf.guardian.v1beta1.Policy - 63, // 11: odpf.guardian.v1beta1.CreatePolicyRequest.policy:type_name -> odpf.guardian.v1beta1.Policy - 63, // 12: odpf.guardian.v1beta1.CreatePolicyResponse.policy:type_name -> odpf.guardian.v1beta1.Policy - 63, // 13: odpf.guardian.v1beta1.UpdatePolicyRequest.policy:type_name -> odpf.guardian.v1beta1.Policy - 63, // 14: odpf.guardian.v1beta1.UpdatePolicyResponse.policy:type_name -> odpf.guardian.v1beta1.Policy - 67, // 15: odpf.guardian.v1beta1.ListResourcesResponse.resources:type_name -> odpf.guardian.v1beta1.Resource - 67, // 16: odpf.guardian.v1beta1.GetResourceResponse.resource:type_name -> odpf.guardian.v1beta1.Resource - 67, // 17: odpf.guardian.v1beta1.UpdateResourceRequest.resource:type_name -> odpf.guardian.v1beta1.Resource - 67, // 18: odpf.guardian.v1beta1.UpdateResourceResponse.resource:type_name -> odpf.guardian.v1beta1.Resource - 65, // 19: odpf.guardian.v1beta1.ListUserAppealsResponse.appeals:type_name -> odpf.guardian.v1beta1.Appeal - 65, // 20: odpf.guardian.v1beta1.ListAppealsResponse.appeals:type_name -> odpf.guardian.v1beta1.Appeal - 65, // 21: odpf.guardian.v1beta1.GetAppealResponse.appeal:type_name -> odpf.guardian.v1beta1.Appeal - 65, // 22: odpf.guardian.v1beta1.CancelAppealResponse.appeal:type_name -> odpf.guardian.v1beta1.Appeal - 68, // 23: odpf.guardian.v1beta1.RevokeAppealRequest.reason:type_name -> odpf.guardian.v1beta1.RevokeAppealRequest.Reason - 65, // 24: odpf.guardian.v1beta1.RevokeAppealResponse.appeal:type_name -> odpf.guardian.v1beta1.Appeal - 65, // 25: odpf.guardian.v1beta1.RevokeAppealsResponse.appeals:type_name -> odpf.guardian.v1beta1.Appeal - 69, // 26: odpf.guardian.v1beta1.CreateAppealRequest.resources:type_name -> odpf.guardian.v1beta1.CreateAppealRequest.Resource - 65, // 27: odpf.guardian.v1beta1.CreateAppealResponse.appeals:type_name -> odpf.guardian.v1beta1.Appeal - 66, // 28: odpf.guardian.v1beta1.ListUserApprovalsResponse.approvals:type_name -> odpf.guardian.v1beta1.Approval - 66, // 29: odpf.guardian.v1beta1.ListApprovalsResponse.approvals:type_name -> odpf.guardian.v1beta1.Approval - 70, // 30: odpf.guardian.v1beta1.UpdateApprovalRequest.action:type_name -> odpf.guardian.v1beta1.UpdateApprovalRequest.Action - 65, // 31: odpf.guardian.v1beta1.UpdateApprovalResponse.appeal:type_name -> odpf.guardian.v1beta1.Appeal - 65, // 32: odpf.guardian.v1beta1.AddApproverResponse.appeal:type_name -> odpf.guardian.v1beta1.Appeal - 65, // 33: odpf.guardian.v1beta1.DeleteApproverResponse.appeal:type_name -> odpf.guardian.v1beta1.Appeal - 86, // 34: odpf.guardian.v1beta1.Role.permissions:type_name -> google.protobuf.Value - 71, // 35: odpf.guardian.v1beta1.ProviderConfig.labels:type_name -> odpf.guardian.v1beta1.ProviderConfig.LabelsEntry - 86, // 36: odpf.guardian.v1beta1.ProviderConfig.credentials:type_name -> google.protobuf.Value - 72, // 37: odpf.guardian.v1beta1.ProviderConfig.appeal:type_name -> odpf.guardian.v1beta1.ProviderConfig.AppealConfig - 73, // 38: odpf.guardian.v1beta1.ProviderConfig.resources:type_name -> odpf.guardian.v1beta1.ProviderConfig.ResourceConfig - 58, // 39: odpf.guardian.v1beta1.Provider.config:type_name -> odpf.guardian.v1beta1.ProviderConfig - 87, // 40: odpf.guardian.v1beta1.Provider.created_at:type_name -> google.protobuf.Timestamp - 87, // 41: odpf.guardian.v1beta1.Provider.updated_at:type_name -> google.protobuf.Timestamp - 74, // 42: odpf.guardian.v1beta1.Condition.match:type_name -> odpf.guardian.v1beta1.Condition.MatchCondition - 75, // 43: odpf.guardian.v1beta1.PolicyAppealConfig.duration_options:type_name -> odpf.guardian.v1beta1.PolicyAppealConfig.DurationOptions - 76, // 44: odpf.guardian.v1beta1.Policy.steps:type_name -> odpf.guardian.v1beta1.Policy.ApprovalStep - 77, // 45: odpf.guardian.v1beta1.Policy.labels:type_name -> odpf.guardian.v1beta1.Policy.LabelsEntry - 87, // 46: odpf.guardian.v1beta1.Policy.created_at:type_name -> google.protobuf.Timestamp - 87, // 47: odpf.guardian.v1beta1.Policy.updated_at:type_name -> google.protobuf.Timestamp - 78, // 48: odpf.guardian.v1beta1.Policy.requirements:type_name -> odpf.guardian.v1beta1.Policy.Requirement - 79, // 49: odpf.guardian.v1beta1.Policy.iam:type_name -> odpf.guardian.v1beta1.Policy.IAM - 62, // 50: odpf.guardian.v1beta1.Policy.appeal:type_name -> odpf.guardian.v1beta1.PolicyAppealConfig - 87, // 51: odpf.guardian.v1beta1.AppealOptions.expiration_date:type_name -> google.protobuf.Timestamp - 64, // 52: odpf.guardian.v1beta1.Appeal.options:type_name -> odpf.guardian.v1beta1.AppealOptions - 84, // 53: odpf.guardian.v1beta1.Appeal.labels:type_name -> odpf.guardian.v1beta1.Appeal.LabelsEntry - 67, // 54: odpf.guardian.v1beta1.Appeal.resource:type_name -> odpf.guardian.v1beta1.Resource - 66, // 55: odpf.guardian.v1beta1.Appeal.approvals:type_name -> odpf.guardian.v1beta1.Approval - 87, // 56: odpf.guardian.v1beta1.Appeal.created_at:type_name -> google.protobuf.Timestamp - 87, // 57: odpf.guardian.v1beta1.Appeal.updated_at:type_name -> google.protobuf.Timestamp - 87, // 58: odpf.guardian.v1beta1.Appeal.revoked_at:type_name -> google.protobuf.Timestamp - 88, // 59: odpf.guardian.v1beta1.Appeal.details:type_name -> google.protobuf.Struct - 86, // 60: odpf.guardian.v1beta1.Appeal.creator:type_name -> google.protobuf.Value - 65, // 61: odpf.guardian.v1beta1.Approval.appeal:type_name -> odpf.guardian.v1beta1.Appeal - 87, // 62: odpf.guardian.v1beta1.Approval.created_at:type_name -> google.protobuf.Timestamp - 87, // 63: odpf.guardian.v1beta1.Approval.updated_at:type_name -> google.protobuf.Timestamp - 88, // 64: odpf.guardian.v1beta1.Resource.details:type_name -> google.protobuf.Struct - 85, // 65: odpf.guardian.v1beta1.Resource.labels:type_name -> odpf.guardian.v1beta1.Resource.LabelsEntry - 87, // 66: odpf.guardian.v1beta1.Resource.created_at:type_name -> google.protobuf.Timestamp - 87, // 67: odpf.guardian.v1beta1.Resource.updated_at:type_name -> google.protobuf.Timestamp - 88, // 68: odpf.guardian.v1beta1.CreateAppealRequest.Resource.options:type_name -> google.protobuf.Struct - 88, // 69: odpf.guardian.v1beta1.CreateAppealRequest.Resource.details:type_name -> google.protobuf.Struct - 57, // 70: odpf.guardian.v1beta1.ProviderConfig.ResourceConfig.policy:type_name -> odpf.guardian.v1beta1.PolicyConfig - 56, // 71: odpf.guardian.v1beta1.ProviderConfig.ResourceConfig.roles:type_name -> odpf.guardian.v1beta1.Role - 86, // 72: odpf.guardian.v1beta1.Condition.MatchCondition.eq:type_name -> google.protobuf.Value - 80, // 73: odpf.guardian.v1beta1.Policy.Requirement.on:type_name -> odpf.guardian.v1beta1.Policy.Requirement.RequirementTrigger - 81, // 74: odpf.guardian.v1beta1.Policy.Requirement.appeals:type_name -> odpf.guardian.v1beta1.Policy.Requirement.AdditionalAppeal - 86, // 75: odpf.guardian.v1beta1.Policy.IAM.config:type_name -> google.protobuf.Value - 83, // 76: odpf.guardian.v1beta1.Policy.IAM.schema:type_name -> odpf.guardian.v1beta1.Policy.IAM.SchemaEntry - 61, // 77: odpf.guardian.v1beta1.Policy.Requirement.RequirementTrigger.conditions:type_name -> odpf.guardian.v1beta1.Condition - 82, // 78: odpf.guardian.v1beta1.Policy.Requirement.AdditionalAppeal.resource:type_name -> odpf.guardian.v1beta1.Policy.Requirement.AdditionalAppeal.ResourceIdentifier - 64, // 79: odpf.guardian.v1beta1.Policy.Requirement.AdditionalAppeal.options:type_name -> odpf.guardian.v1beta1.AppealOptions - 57, // 80: odpf.guardian.v1beta1.Policy.Requirement.AdditionalAppeal.policy:type_name -> odpf.guardian.v1beta1.PolicyConfig - 0, // 81: odpf.guardian.v1beta1.GuardianService.ListProviders:input_type -> odpf.guardian.v1beta1.ListProvidersRequest - 2, // 82: odpf.guardian.v1beta1.GuardianService.GetProvider:input_type -> odpf.guardian.v1beta1.GetProviderRequest - 4, // 83: odpf.guardian.v1beta1.GuardianService.GetProviderTypes:input_type -> odpf.guardian.v1beta1.GetProviderTypesRequest - 6, // 84: odpf.guardian.v1beta1.GuardianService.CreateProvider:input_type -> odpf.guardian.v1beta1.CreateProviderRequest - 8, // 85: odpf.guardian.v1beta1.GuardianService.UpdateProvider:input_type -> odpf.guardian.v1beta1.UpdateProviderRequest - 10, // 86: odpf.guardian.v1beta1.GuardianService.DeleteProvider:input_type -> odpf.guardian.v1beta1.DeleteProviderRequest - 12, // 87: odpf.guardian.v1beta1.GuardianService.ListRoles:input_type -> odpf.guardian.v1beta1.ListRolesRequest - 14, // 88: odpf.guardian.v1beta1.GuardianService.ListPolicies:input_type -> odpf.guardian.v1beta1.ListPoliciesRequest - 16, // 89: odpf.guardian.v1beta1.GuardianService.GetPolicy:input_type -> odpf.guardian.v1beta1.GetPolicyRequest - 20, // 90: odpf.guardian.v1beta1.GuardianService.CreatePolicy:input_type -> odpf.guardian.v1beta1.CreatePolicyRequest - 22, // 91: odpf.guardian.v1beta1.GuardianService.UpdatePolicy:input_type -> odpf.guardian.v1beta1.UpdatePolicyRequest - 17, // 92: odpf.guardian.v1beta1.GuardianService.GetPolicyPreferences:input_type -> odpf.guardian.v1beta1.GetPolicyPreferencesRequest - 24, // 93: odpf.guardian.v1beta1.GuardianService.ListResources:input_type -> odpf.guardian.v1beta1.ListResourcesRequest - 26, // 94: odpf.guardian.v1beta1.GuardianService.GetResource:input_type -> odpf.guardian.v1beta1.GetResourceRequest - 28, // 95: odpf.guardian.v1beta1.GuardianService.UpdateResource:input_type -> odpf.guardian.v1beta1.UpdateResourceRequest - 30, // 96: odpf.guardian.v1beta1.GuardianService.DeleteResource:input_type -> odpf.guardian.v1beta1.DeleteResourceRequest - 32, // 97: odpf.guardian.v1beta1.GuardianService.ListUserAppeals:input_type -> odpf.guardian.v1beta1.ListUserAppealsRequest - 34, // 98: odpf.guardian.v1beta1.GuardianService.ListAppeals:input_type -> odpf.guardian.v1beta1.ListAppealsRequest - 36, // 99: odpf.guardian.v1beta1.GuardianService.GetAppeal:input_type -> odpf.guardian.v1beta1.GetAppealRequest - 38, // 100: odpf.guardian.v1beta1.GuardianService.CancelAppeal:input_type -> odpf.guardian.v1beta1.CancelAppealRequest - 40, // 101: odpf.guardian.v1beta1.GuardianService.RevokeAppeal:input_type -> odpf.guardian.v1beta1.RevokeAppealRequest - 44, // 102: odpf.guardian.v1beta1.GuardianService.CreateAppeal:input_type -> odpf.guardian.v1beta1.CreateAppealRequest - 46, // 103: odpf.guardian.v1beta1.GuardianService.ListUserApprovals:input_type -> odpf.guardian.v1beta1.ListUserApprovalsRequest - 48, // 104: odpf.guardian.v1beta1.GuardianService.ListApprovals:input_type -> odpf.guardian.v1beta1.ListApprovalsRequest - 50, // 105: odpf.guardian.v1beta1.GuardianService.UpdateApproval:input_type -> odpf.guardian.v1beta1.UpdateApprovalRequest - 52, // 106: odpf.guardian.v1beta1.GuardianService.AddApprover:input_type -> odpf.guardian.v1beta1.AddApproverRequest - 54, // 107: odpf.guardian.v1beta1.GuardianService.DeleteApprover:input_type -> odpf.guardian.v1beta1.DeleteApproverRequest - 42, // 108: odpf.guardian.v1beta1.GuardianService.RevokeAppeals:input_type -> odpf.guardian.v1beta1.RevokeAppealsRequest - 1, // 109: odpf.guardian.v1beta1.GuardianService.ListProviders:output_type -> odpf.guardian.v1beta1.ListProvidersResponse - 3, // 110: odpf.guardian.v1beta1.GuardianService.GetProvider:output_type -> odpf.guardian.v1beta1.GetProviderResponse - 5, // 111: odpf.guardian.v1beta1.GuardianService.GetProviderTypes:output_type -> odpf.guardian.v1beta1.GetProviderTypesResponse - 7, // 112: odpf.guardian.v1beta1.GuardianService.CreateProvider:output_type -> odpf.guardian.v1beta1.CreateProviderResponse - 9, // 113: odpf.guardian.v1beta1.GuardianService.UpdateProvider:output_type -> odpf.guardian.v1beta1.UpdateProviderResponse - 11, // 114: odpf.guardian.v1beta1.GuardianService.DeleteProvider:output_type -> odpf.guardian.v1beta1.DeleteProviderResponse - 13, // 115: odpf.guardian.v1beta1.GuardianService.ListRoles:output_type -> odpf.guardian.v1beta1.ListRolesResponse - 15, // 116: odpf.guardian.v1beta1.GuardianService.ListPolicies:output_type -> odpf.guardian.v1beta1.ListPoliciesResponse - 19, // 117: odpf.guardian.v1beta1.GuardianService.GetPolicy:output_type -> odpf.guardian.v1beta1.GetPolicyResponse - 21, // 118: odpf.guardian.v1beta1.GuardianService.CreatePolicy:output_type -> odpf.guardian.v1beta1.CreatePolicyResponse - 23, // 119: odpf.guardian.v1beta1.GuardianService.UpdatePolicy:output_type -> odpf.guardian.v1beta1.UpdatePolicyResponse - 18, // 120: odpf.guardian.v1beta1.GuardianService.GetPolicyPreferences:output_type -> odpf.guardian.v1beta1.GetPolicyPreferencesResponse - 25, // 121: odpf.guardian.v1beta1.GuardianService.ListResources:output_type -> odpf.guardian.v1beta1.ListResourcesResponse - 27, // 122: odpf.guardian.v1beta1.GuardianService.GetResource:output_type -> odpf.guardian.v1beta1.GetResourceResponse - 29, // 123: odpf.guardian.v1beta1.GuardianService.UpdateResource:output_type -> odpf.guardian.v1beta1.UpdateResourceResponse - 31, // 124: odpf.guardian.v1beta1.GuardianService.DeleteResource:output_type -> odpf.guardian.v1beta1.DeleteResourceResponse - 33, // 125: odpf.guardian.v1beta1.GuardianService.ListUserAppeals:output_type -> odpf.guardian.v1beta1.ListUserAppealsResponse - 35, // 126: odpf.guardian.v1beta1.GuardianService.ListAppeals:output_type -> odpf.guardian.v1beta1.ListAppealsResponse - 37, // 127: odpf.guardian.v1beta1.GuardianService.GetAppeal:output_type -> odpf.guardian.v1beta1.GetAppealResponse - 39, // 128: odpf.guardian.v1beta1.GuardianService.CancelAppeal:output_type -> odpf.guardian.v1beta1.CancelAppealResponse - 41, // 129: odpf.guardian.v1beta1.GuardianService.RevokeAppeal:output_type -> odpf.guardian.v1beta1.RevokeAppealResponse - 45, // 130: odpf.guardian.v1beta1.GuardianService.CreateAppeal:output_type -> odpf.guardian.v1beta1.CreateAppealResponse - 47, // 131: odpf.guardian.v1beta1.GuardianService.ListUserApprovals:output_type -> odpf.guardian.v1beta1.ListUserApprovalsResponse - 49, // 132: odpf.guardian.v1beta1.GuardianService.ListApprovals:output_type -> odpf.guardian.v1beta1.ListApprovalsResponse - 51, // 133: odpf.guardian.v1beta1.GuardianService.UpdateApproval:output_type -> odpf.guardian.v1beta1.UpdateApprovalResponse - 53, // 134: odpf.guardian.v1beta1.GuardianService.AddApprover:output_type -> odpf.guardian.v1beta1.AddApproverResponse - 55, // 135: odpf.guardian.v1beta1.GuardianService.DeleteApprover:output_type -> odpf.guardian.v1beta1.DeleteApproverResponse - 43, // 136: odpf.guardian.v1beta1.GuardianService.RevokeAppeals:output_type -> odpf.guardian.v1beta1.RevokeAppealsResponse - 109, // [109:137] is the sub-list for method output_type - 81, // [81:109] is the sub-list for method input_type - 81, // [81:81] is the sub-list for extension type_name - 81, // [81:81] is the sub-list for extension extendee - 0, // [0:81] is the sub-list for field type_name + 69, // 0: odpf.guardian.v1beta1.ListProvidersResponse.providers:type_name -> odpf.guardian.v1beta1.Provider + 69, // 1: odpf.guardian.v1beta1.GetProviderResponse.provider:type_name -> odpf.guardian.v1beta1.Provider + 70, // 2: odpf.guardian.v1beta1.GetProviderTypesResponse.provider_types:type_name -> odpf.guardian.v1beta1.ProviderType + 68, // 3: odpf.guardian.v1beta1.CreateProviderRequest.config:type_name -> odpf.guardian.v1beta1.ProviderConfig + 69, // 4: odpf.guardian.v1beta1.CreateProviderResponse.provider:type_name -> odpf.guardian.v1beta1.Provider + 68, // 5: odpf.guardian.v1beta1.UpdateProviderRequest.config:type_name -> odpf.guardian.v1beta1.ProviderConfig + 69, // 6: odpf.guardian.v1beta1.UpdateProviderResponse.provider:type_name -> odpf.guardian.v1beta1.Provider + 66, // 7: odpf.guardian.v1beta1.ListRolesResponse.roles:type_name -> odpf.guardian.v1beta1.Role + 73, // 8: odpf.guardian.v1beta1.ListPoliciesResponse.policies:type_name -> odpf.guardian.v1beta1.Policy + 72, // 9: odpf.guardian.v1beta1.GetPolicyPreferencesResponse.appeal:type_name -> odpf.guardian.v1beta1.PolicyAppealConfig + 73, // 10: odpf.guardian.v1beta1.GetPolicyResponse.policy:type_name -> odpf.guardian.v1beta1.Policy + 73, // 11: odpf.guardian.v1beta1.CreatePolicyRequest.policy:type_name -> odpf.guardian.v1beta1.Policy + 73, // 12: odpf.guardian.v1beta1.CreatePolicyResponse.policy:type_name -> odpf.guardian.v1beta1.Policy + 73, // 13: odpf.guardian.v1beta1.UpdatePolicyRequest.policy:type_name -> odpf.guardian.v1beta1.Policy + 73, // 14: odpf.guardian.v1beta1.UpdatePolicyResponse.policy:type_name -> odpf.guardian.v1beta1.Policy + 77, // 15: odpf.guardian.v1beta1.ListResourcesResponse.resources:type_name -> odpf.guardian.v1beta1.Resource + 77, // 16: odpf.guardian.v1beta1.GetResourceResponse.resource:type_name -> odpf.guardian.v1beta1.Resource + 77, // 17: odpf.guardian.v1beta1.UpdateResourceRequest.resource:type_name -> odpf.guardian.v1beta1.Resource + 77, // 18: odpf.guardian.v1beta1.UpdateResourceResponse.resource:type_name -> odpf.guardian.v1beta1.Resource + 75, // 19: odpf.guardian.v1beta1.ListUserAppealsResponse.appeals:type_name -> odpf.guardian.v1beta1.Appeal + 75, // 20: odpf.guardian.v1beta1.ListAppealsResponse.appeals:type_name -> odpf.guardian.v1beta1.Appeal + 75, // 21: odpf.guardian.v1beta1.GetAppealResponse.appeal:type_name -> odpf.guardian.v1beta1.Appeal + 75, // 22: odpf.guardian.v1beta1.CancelAppealResponse.appeal:type_name -> odpf.guardian.v1beta1.Appeal + 79, // 23: odpf.guardian.v1beta1.RevokeAppealRequest.reason:type_name -> odpf.guardian.v1beta1.RevokeAppealRequest.Reason + 75, // 24: odpf.guardian.v1beta1.RevokeAppealResponse.appeal:type_name -> odpf.guardian.v1beta1.Appeal + 75, // 25: odpf.guardian.v1beta1.RevokeAppealsResponse.appeals:type_name -> odpf.guardian.v1beta1.Appeal + 80, // 26: odpf.guardian.v1beta1.CreateAppealRequest.resources:type_name -> odpf.guardian.v1beta1.CreateAppealRequest.Resource + 75, // 27: odpf.guardian.v1beta1.CreateAppealResponse.appeals:type_name -> odpf.guardian.v1beta1.Appeal + 76, // 28: odpf.guardian.v1beta1.ListUserApprovalsResponse.approvals:type_name -> odpf.guardian.v1beta1.Approval + 76, // 29: odpf.guardian.v1beta1.ListApprovalsResponse.approvals:type_name -> odpf.guardian.v1beta1.Approval + 81, // 30: odpf.guardian.v1beta1.UpdateApprovalRequest.action:type_name -> odpf.guardian.v1beta1.UpdateApprovalRequest.Action + 75, // 31: odpf.guardian.v1beta1.UpdateApprovalResponse.appeal:type_name -> odpf.guardian.v1beta1.Appeal + 75, // 32: odpf.guardian.v1beta1.AddApproverResponse.appeal:type_name -> odpf.guardian.v1beta1.Appeal + 75, // 33: odpf.guardian.v1beta1.DeleteApproverResponse.appeal:type_name -> odpf.guardian.v1beta1.Appeal + 78, // 34: odpf.guardian.v1beta1.ListAccessesResponse.accesses:type_name -> odpf.guardian.v1beta1.Access + 78, // 35: odpf.guardian.v1beta1.ListUserAccessesResponse.accesses:type_name -> odpf.guardian.v1beta1.Access + 78, // 36: odpf.guardian.v1beta1.GetAccessResponse.access:type_name -> odpf.guardian.v1beta1.Access + 78, // 37: odpf.guardian.v1beta1.RevokeAccessResponse.access:type_name -> odpf.guardian.v1beta1.Access + 78, // 38: odpf.guardian.v1beta1.RevokeAccessesResponse.accesses:type_name -> odpf.guardian.v1beta1.Access + 97, // 39: odpf.guardian.v1beta1.Role.permissions:type_name -> google.protobuf.Value + 82, // 40: odpf.guardian.v1beta1.ProviderConfig.labels:type_name -> odpf.guardian.v1beta1.ProviderConfig.LabelsEntry + 97, // 41: odpf.guardian.v1beta1.ProviderConfig.credentials:type_name -> google.protobuf.Value + 83, // 42: odpf.guardian.v1beta1.ProviderConfig.appeal:type_name -> odpf.guardian.v1beta1.ProviderConfig.AppealConfig + 84, // 43: odpf.guardian.v1beta1.ProviderConfig.resources:type_name -> odpf.guardian.v1beta1.ProviderConfig.ResourceConfig + 68, // 44: odpf.guardian.v1beta1.Provider.config:type_name -> odpf.guardian.v1beta1.ProviderConfig + 98, // 45: odpf.guardian.v1beta1.Provider.created_at:type_name -> google.protobuf.Timestamp + 98, // 46: odpf.guardian.v1beta1.Provider.updated_at:type_name -> google.protobuf.Timestamp + 85, // 47: odpf.guardian.v1beta1.Condition.match:type_name -> odpf.guardian.v1beta1.Condition.MatchCondition + 86, // 48: odpf.guardian.v1beta1.PolicyAppealConfig.duration_options:type_name -> odpf.guardian.v1beta1.PolicyAppealConfig.DurationOptions + 87, // 49: odpf.guardian.v1beta1.Policy.steps:type_name -> odpf.guardian.v1beta1.Policy.ApprovalStep + 88, // 50: odpf.guardian.v1beta1.Policy.labels:type_name -> odpf.guardian.v1beta1.Policy.LabelsEntry + 98, // 51: odpf.guardian.v1beta1.Policy.created_at:type_name -> google.protobuf.Timestamp + 98, // 52: odpf.guardian.v1beta1.Policy.updated_at:type_name -> google.protobuf.Timestamp + 89, // 53: odpf.guardian.v1beta1.Policy.requirements:type_name -> odpf.guardian.v1beta1.Policy.Requirement + 90, // 54: odpf.guardian.v1beta1.Policy.iam:type_name -> odpf.guardian.v1beta1.Policy.IAM + 72, // 55: odpf.guardian.v1beta1.Policy.appeal:type_name -> odpf.guardian.v1beta1.PolicyAppealConfig + 98, // 56: odpf.guardian.v1beta1.AppealOptions.expiration_date:type_name -> google.protobuf.Timestamp + 74, // 57: odpf.guardian.v1beta1.Appeal.options:type_name -> odpf.guardian.v1beta1.AppealOptions + 95, // 58: odpf.guardian.v1beta1.Appeal.labels:type_name -> odpf.guardian.v1beta1.Appeal.LabelsEntry + 77, // 59: odpf.guardian.v1beta1.Appeal.resource:type_name -> odpf.guardian.v1beta1.Resource + 76, // 60: odpf.guardian.v1beta1.Appeal.approvals:type_name -> odpf.guardian.v1beta1.Approval + 98, // 61: odpf.guardian.v1beta1.Appeal.created_at:type_name -> google.protobuf.Timestamp + 98, // 62: odpf.guardian.v1beta1.Appeal.updated_at:type_name -> google.protobuf.Timestamp + 98, // 63: odpf.guardian.v1beta1.Appeal.revoked_at:type_name -> google.protobuf.Timestamp + 99, // 64: odpf.guardian.v1beta1.Appeal.details:type_name -> google.protobuf.Struct + 97, // 65: odpf.guardian.v1beta1.Appeal.creator:type_name -> google.protobuf.Value + 78, // 66: odpf.guardian.v1beta1.Appeal.access:type_name -> odpf.guardian.v1beta1.Access + 75, // 67: odpf.guardian.v1beta1.Approval.appeal:type_name -> odpf.guardian.v1beta1.Appeal + 98, // 68: odpf.guardian.v1beta1.Approval.created_at:type_name -> google.protobuf.Timestamp + 98, // 69: odpf.guardian.v1beta1.Approval.updated_at:type_name -> google.protobuf.Timestamp + 99, // 70: odpf.guardian.v1beta1.Resource.details:type_name -> google.protobuf.Struct + 96, // 71: odpf.guardian.v1beta1.Resource.labels:type_name -> odpf.guardian.v1beta1.Resource.LabelsEntry + 98, // 72: odpf.guardian.v1beta1.Resource.created_at:type_name -> google.protobuf.Timestamp + 98, // 73: odpf.guardian.v1beta1.Resource.updated_at:type_name -> google.protobuf.Timestamp + 98, // 74: odpf.guardian.v1beta1.Access.expiration_date:type_name -> google.protobuf.Timestamp + 98, // 75: odpf.guardian.v1beta1.Access.revoked_at:type_name -> google.protobuf.Timestamp + 98, // 76: odpf.guardian.v1beta1.Access.created_at:type_name -> google.protobuf.Timestamp + 98, // 77: odpf.guardian.v1beta1.Access.updated_at:type_name -> google.protobuf.Timestamp + 77, // 78: odpf.guardian.v1beta1.Access.resource:type_name -> odpf.guardian.v1beta1.Resource + 75, // 79: odpf.guardian.v1beta1.Access.appeal:type_name -> odpf.guardian.v1beta1.Appeal + 99, // 80: odpf.guardian.v1beta1.CreateAppealRequest.Resource.options:type_name -> google.protobuf.Struct + 99, // 81: odpf.guardian.v1beta1.CreateAppealRequest.Resource.details:type_name -> google.protobuf.Struct + 67, // 82: odpf.guardian.v1beta1.ProviderConfig.ResourceConfig.policy:type_name -> odpf.guardian.v1beta1.PolicyConfig + 66, // 83: odpf.guardian.v1beta1.ProviderConfig.ResourceConfig.roles:type_name -> odpf.guardian.v1beta1.Role + 97, // 84: odpf.guardian.v1beta1.Condition.MatchCondition.eq:type_name -> google.protobuf.Value + 91, // 85: odpf.guardian.v1beta1.Policy.Requirement.on:type_name -> odpf.guardian.v1beta1.Policy.Requirement.RequirementTrigger + 92, // 86: odpf.guardian.v1beta1.Policy.Requirement.appeals:type_name -> odpf.guardian.v1beta1.Policy.Requirement.AdditionalAppeal + 97, // 87: odpf.guardian.v1beta1.Policy.IAM.config:type_name -> google.protobuf.Value + 94, // 88: odpf.guardian.v1beta1.Policy.IAM.schema:type_name -> odpf.guardian.v1beta1.Policy.IAM.SchemaEntry + 71, // 89: odpf.guardian.v1beta1.Policy.Requirement.RequirementTrigger.conditions:type_name -> odpf.guardian.v1beta1.Condition + 93, // 90: odpf.guardian.v1beta1.Policy.Requirement.AdditionalAppeal.resource:type_name -> odpf.guardian.v1beta1.Policy.Requirement.AdditionalAppeal.ResourceIdentifier + 74, // 91: odpf.guardian.v1beta1.Policy.Requirement.AdditionalAppeal.options:type_name -> odpf.guardian.v1beta1.AppealOptions + 67, // 92: odpf.guardian.v1beta1.Policy.Requirement.AdditionalAppeal.policy:type_name -> odpf.guardian.v1beta1.PolicyConfig + 0, // 93: odpf.guardian.v1beta1.GuardianService.ListProviders:input_type -> odpf.guardian.v1beta1.ListProvidersRequest + 2, // 94: odpf.guardian.v1beta1.GuardianService.GetProvider:input_type -> odpf.guardian.v1beta1.GetProviderRequest + 4, // 95: odpf.guardian.v1beta1.GuardianService.GetProviderTypes:input_type -> odpf.guardian.v1beta1.GetProviderTypesRequest + 6, // 96: odpf.guardian.v1beta1.GuardianService.CreateProvider:input_type -> odpf.guardian.v1beta1.CreateProviderRequest + 8, // 97: odpf.guardian.v1beta1.GuardianService.UpdateProvider:input_type -> odpf.guardian.v1beta1.UpdateProviderRequest + 10, // 98: odpf.guardian.v1beta1.GuardianService.DeleteProvider:input_type -> odpf.guardian.v1beta1.DeleteProviderRequest + 12, // 99: odpf.guardian.v1beta1.GuardianService.ListRoles:input_type -> odpf.guardian.v1beta1.ListRolesRequest + 14, // 100: odpf.guardian.v1beta1.GuardianService.ListPolicies:input_type -> odpf.guardian.v1beta1.ListPoliciesRequest + 16, // 101: odpf.guardian.v1beta1.GuardianService.GetPolicy:input_type -> odpf.guardian.v1beta1.GetPolicyRequest + 20, // 102: odpf.guardian.v1beta1.GuardianService.CreatePolicy:input_type -> odpf.guardian.v1beta1.CreatePolicyRequest + 22, // 103: odpf.guardian.v1beta1.GuardianService.UpdatePolicy:input_type -> odpf.guardian.v1beta1.UpdatePolicyRequest + 17, // 104: odpf.guardian.v1beta1.GuardianService.GetPolicyPreferences:input_type -> odpf.guardian.v1beta1.GetPolicyPreferencesRequest + 24, // 105: odpf.guardian.v1beta1.GuardianService.ListResources:input_type -> odpf.guardian.v1beta1.ListResourcesRequest + 26, // 106: odpf.guardian.v1beta1.GuardianService.GetResource:input_type -> odpf.guardian.v1beta1.GetResourceRequest + 28, // 107: odpf.guardian.v1beta1.GuardianService.UpdateResource:input_type -> odpf.guardian.v1beta1.UpdateResourceRequest + 30, // 108: odpf.guardian.v1beta1.GuardianService.DeleteResource:input_type -> odpf.guardian.v1beta1.DeleteResourceRequest + 32, // 109: odpf.guardian.v1beta1.GuardianService.ListUserAppeals:input_type -> odpf.guardian.v1beta1.ListUserAppealsRequest + 34, // 110: odpf.guardian.v1beta1.GuardianService.ListAppeals:input_type -> odpf.guardian.v1beta1.ListAppealsRequest + 36, // 111: odpf.guardian.v1beta1.GuardianService.GetAppeal:input_type -> odpf.guardian.v1beta1.GetAppealRequest + 38, // 112: odpf.guardian.v1beta1.GuardianService.CancelAppeal:input_type -> odpf.guardian.v1beta1.CancelAppealRequest + 40, // 113: odpf.guardian.v1beta1.GuardianService.RevokeAppeal:input_type -> odpf.guardian.v1beta1.RevokeAppealRequest + 44, // 114: odpf.guardian.v1beta1.GuardianService.CreateAppeal:input_type -> odpf.guardian.v1beta1.CreateAppealRequest + 46, // 115: odpf.guardian.v1beta1.GuardianService.ListUserApprovals:input_type -> odpf.guardian.v1beta1.ListUserApprovalsRequest + 48, // 116: odpf.guardian.v1beta1.GuardianService.ListApprovals:input_type -> odpf.guardian.v1beta1.ListApprovalsRequest + 50, // 117: odpf.guardian.v1beta1.GuardianService.UpdateApproval:input_type -> odpf.guardian.v1beta1.UpdateApprovalRequest + 52, // 118: odpf.guardian.v1beta1.GuardianService.AddApprover:input_type -> odpf.guardian.v1beta1.AddApproverRequest + 54, // 119: odpf.guardian.v1beta1.GuardianService.DeleteApprover:input_type -> odpf.guardian.v1beta1.DeleteApproverRequest + 42, // 120: odpf.guardian.v1beta1.GuardianService.RevokeAppeals:input_type -> odpf.guardian.v1beta1.RevokeAppealsRequest + 56, // 121: odpf.guardian.v1beta1.GuardianService.ListAccesses:input_type -> odpf.guardian.v1beta1.ListAccessesRequest + 58, // 122: odpf.guardian.v1beta1.GuardianService.ListUserAccesses:input_type -> odpf.guardian.v1beta1.ListUserAccessesRequest + 60, // 123: odpf.guardian.v1beta1.GuardianService.GetAccess:input_type -> odpf.guardian.v1beta1.GetAccessRequest + 62, // 124: odpf.guardian.v1beta1.GuardianService.RevokeAccess:input_type -> odpf.guardian.v1beta1.RevokeAccessRequest + 64, // 125: odpf.guardian.v1beta1.GuardianService.RevokeAccesses:input_type -> odpf.guardian.v1beta1.RevokeAccessesRequest + 1, // 126: odpf.guardian.v1beta1.GuardianService.ListProviders:output_type -> odpf.guardian.v1beta1.ListProvidersResponse + 3, // 127: odpf.guardian.v1beta1.GuardianService.GetProvider:output_type -> odpf.guardian.v1beta1.GetProviderResponse + 5, // 128: odpf.guardian.v1beta1.GuardianService.GetProviderTypes:output_type -> odpf.guardian.v1beta1.GetProviderTypesResponse + 7, // 129: odpf.guardian.v1beta1.GuardianService.CreateProvider:output_type -> odpf.guardian.v1beta1.CreateProviderResponse + 9, // 130: odpf.guardian.v1beta1.GuardianService.UpdateProvider:output_type -> odpf.guardian.v1beta1.UpdateProviderResponse + 11, // 131: odpf.guardian.v1beta1.GuardianService.DeleteProvider:output_type -> odpf.guardian.v1beta1.DeleteProviderResponse + 13, // 132: odpf.guardian.v1beta1.GuardianService.ListRoles:output_type -> odpf.guardian.v1beta1.ListRolesResponse + 15, // 133: odpf.guardian.v1beta1.GuardianService.ListPolicies:output_type -> odpf.guardian.v1beta1.ListPoliciesResponse + 19, // 134: odpf.guardian.v1beta1.GuardianService.GetPolicy:output_type -> odpf.guardian.v1beta1.GetPolicyResponse + 21, // 135: odpf.guardian.v1beta1.GuardianService.CreatePolicy:output_type -> odpf.guardian.v1beta1.CreatePolicyResponse + 23, // 136: odpf.guardian.v1beta1.GuardianService.UpdatePolicy:output_type -> odpf.guardian.v1beta1.UpdatePolicyResponse + 18, // 137: odpf.guardian.v1beta1.GuardianService.GetPolicyPreferences:output_type -> odpf.guardian.v1beta1.GetPolicyPreferencesResponse + 25, // 138: odpf.guardian.v1beta1.GuardianService.ListResources:output_type -> odpf.guardian.v1beta1.ListResourcesResponse + 27, // 139: odpf.guardian.v1beta1.GuardianService.GetResource:output_type -> odpf.guardian.v1beta1.GetResourceResponse + 29, // 140: odpf.guardian.v1beta1.GuardianService.UpdateResource:output_type -> odpf.guardian.v1beta1.UpdateResourceResponse + 31, // 141: odpf.guardian.v1beta1.GuardianService.DeleteResource:output_type -> odpf.guardian.v1beta1.DeleteResourceResponse + 33, // 142: odpf.guardian.v1beta1.GuardianService.ListUserAppeals:output_type -> odpf.guardian.v1beta1.ListUserAppealsResponse + 35, // 143: odpf.guardian.v1beta1.GuardianService.ListAppeals:output_type -> odpf.guardian.v1beta1.ListAppealsResponse + 37, // 144: odpf.guardian.v1beta1.GuardianService.GetAppeal:output_type -> odpf.guardian.v1beta1.GetAppealResponse + 39, // 145: odpf.guardian.v1beta1.GuardianService.CancelAppeal:output_type -> odpf.guardian.v1beta1.CancelAppealResponse + 41, // 146: odpf.guardian.v1beta1.GuardianService.RevokeAppeal:output_type -> odpf.guardian.v1beta1.RevokeAppealResponse + 45, // 147: odpf.guardian.v1beta1.GuardianService.CreateAppeal:output_type -> odpf.guardian.v1beta1.CreateAppealResponse + 47, // 148: odpf.guardian.v1beta1.GuardianService.ListUserApprovals:output_type -> odpf.guardian.v1beta1.ListUserApprovalsResponse + 49, // 149: odpf.guardian.v1beta1.GuardianService.ListApprovals:output_type -> odpf.guardian.v1beta1.ListApprovalsResponse + 51, // 150: odpf.guardian.v1beta1.GuardianService.UpdateApproval:output_type -> odpf.guardian.v1beta1.UpdateApprovalResponse + 53, // 151: odpf.guardian.v1beta1.GuardianService.AddApprover:output_type -> odpf.guardian.v1beta1.AddApproverResponse + 55, // 152: odpf.guardian.v1beta1.GuardianService.DeleteApprover:output_type -> odpf.guardian.v1beta1.DeleteApproverResponse + 43, // 153: odpf.guardian.v1beta1.GuardianService.RevokeAppeals:output_type -> odpf.guardian.v1beta1.RevokeAppealsResponse + 57, // 154: odpf.guardian.v1beta1.GuardianService.ListAccesses:output_type -> odpf.guardian.v1beta1.ListAccessesResponse + 59, // 155: odpf.guardian.v1beta1.GuardianService.ListUserAccesses:output_type -> odpf.guardian.v1beta1.ListUserAccessesResponse + 61, // 156: odpf.guardian.v1beta1.GuardianService.GetAccess:output_type -> odpf.guardian.v1beta1.GetAccessResponse + 63, // 157: odpf.guardian.v1beta1.GuardianService.RevokeAccess:output_type -> odpf.guardian.v1beta1.RevokeAccessResponse + 65, // 158: odpf.guardian.v1beta1.GuardianService.RevokeAccesses:output_type -> odpf.guardian.v1beta1.RevokeAccessesResponse + 126, // [126:159] is the sub-list for method output_type + 93, // [93:126] is the sub-list for method input_type + 93, // [93:93] is the sub-list for extension type_name + 93, // [93:93] is the sub-list for extension extendee + 0, // [0:93] is the sub-list for field type_name } func init() { file_odpf_guardian_v1beta1_guardian_proto_init() } @@ -6834,7 +7896,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[56].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Role); i { + switch v := v.(*ListAccessesRequest); i { case 0: return &v.state case 1: @@ -6846,7 +7908,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[57].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PolicyConfig); i { + switch v := v.(*ListAccessesResponse); i { case 0: return &v.state case 1: @@ -6858,7 +7920,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[58].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ProviderConfig); i { + switch v := v.(*ListUserAccessesRequest); i { case 0: return &v.state case 1: @@ -6870,7 +7932,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[59].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Provider); i { + switch v := v.(*ListUserAccessesResponse); i { case 0: return &v.state case 1: @@ -6882,7 +7944,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[60].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ProviderType); i { + switch v := v.(*GetAccessRequest); i { case 0: return &v.state case 1: @@ -6894,7 +7956,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[61].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Condition); i { + switch v := v.(*GetAccessResponse); i { case 0: return &v.state case 1: @@ -6906,7 +7968,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[62].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PolicyAppealConfig); i { + switch v := v.(*RevokeAccessRequest); i { case 0: return &v.state case 1: @@ -6918,7 +7980,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[63].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Policy); i { + switch v := v.(*RevokeAccessResponse); i { case 0: return &v.state case 1: @@ -6930,7 +7992,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[64].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AppealOptions); i { + switch v := v.(*RevokeAccessesRequest); i { case 0: return &v.state case 1: @@ -6942,7 +8004,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[65].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Appeal); i { + switch v := v.(*RevokeAccessesResponse); i { case 0: return &v.state case 1: @@ -6954,7 +8016,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[66].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Approval); i { + switch v := v.(*Role); i { case 0: return &v.state case 1: @@ -6966,7 +8028,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[67].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Resource); i { + switch v := v.(*PolicyConfig); i { case 0: return &v.state case 1: @@ -6978,7 +8040,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[68].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RevokeAppealRequest_Reason); i { + switch v := v.(*ProviderConfig); i { case 0: return &v.state case 1: @@ -6990,7 +8052,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[69].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CreateAppealRequest_Resource); i { + switch v := v.(*Provider); i { case 0: return &v.state case 1: @@ -7002,7 +8064,19 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[70].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UpdateApprovalRequest_Action); i { + switch v := v.(*ProviderType); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_odpf_guardian_v1beta1_guardian_proto_msgTypes[71].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Condition); i { case 0: return &v.state case 1: @@ -7014,7 +8088,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[72].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ProviderConfig_AppealConfig); i { + switch v := v.(*PolicyAppealConfig); i { case 0: return &v.state case 1: @@ -7026,7 +8100,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[73].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ProviderConfig_ResourceConfig); i { + switch v := v.(*Policy); i { case 0: return &v.state case 1: @@ -7038,7 +8112,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[74].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Condition_MatchCondition); i { + switch v := v.(*AppealOptions); i { case 0: return &v.state case 1: @@ -7050,7 +8124,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[75].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PolicyAppealConfig_DurationOptions); i { + switch v := v.(*Appeal); i { case 0: return &v.state case 1: @@ -7062,7 +8136,19 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[76].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Policy_ApprovalStep); i { + switch v := v.(*Approval); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_odpf_guardian_v1beta1_guardian_proto_msgTypes[77].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Resource); i { case 0: return &v.state case 1: @@ -7074,7 +8160,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[78].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Policy_Requirement); i { + switch v := v.(*Access); i { case 0: return &v.state case 1: @@ -7086,7 +8172,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[79].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Policy_IAM); i { + switch v := v.(*RevokeAppealRequest_Reason); i { case 0: return &v.state case 1: @@ -7098,7 +8184,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[80].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Policy_Requirement_RequirementTrigger); i { + switch v := v.(*CreateAppealRequest_Resource); i { case 0: return &v.state case 1: @@ -7110,6 +8196,114 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { } } file_odpf_guardian_v1beta1_guardian_proto_msgTypes[81].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UpdateApprovalRequest_Action); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_odpf_guardian_v1beta1_guardian_proto_msgTypes[83].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ProviderConfig_AppealConfig); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_odpf_guardian_v1beta1_guardian_proto_msgTypes[84].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ProviderConfig_ResourceConfig); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_odpf_guardian_v1beta1_guardian_proto_msgTypes[85].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Condition_MatchCondition); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_odpf_guardian_v1beta1_guardian_proto_msgTypes[86].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PolicyAppealConfig_DurationOptions); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_odpf_guardian_v1beta1_guardian_proto_msgTypes[87].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Policy_ApprovalStep); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_odpf_guardian_v1beta1_guardian_proto_msgTypes[89].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Policy_Requirement); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_odpf_guardian_v1beta1_guardian_proto_msgTypes[90].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Policy_IAM); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_odpf_guardian_v1beta1_guardian_proto_msgTypes[91].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Policy_Requirement_RequirementTrigger); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_odpf_guardian_v1beta1_guardian_proto_msgTypes[92].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Policy_Requirement_AdditionalAppeal); i { case 0: return &v.state @@ -7121,7 +8315,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { return nil } } - file_odpf_guardian_v1beta1_guardian_proto_msgTypes[82].Exporter = func(v interface{}, i int) interface{} { + file_odpf_guardian_v1beta1_guardian_proto_msgTypes[93].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Policy_Requirement_AdditionalAppeal_ResourceIdentifier); i { case 0: return &v.state @@ -7140,7 +8334,7 @@ func file_odpf_guardian_v1beta1_guardian_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_odpf_guardian_v1beta1_guardian_proto_rawDesc, NumEnums: 0, - NumMessages: 86, + NumMessages: 97, NumExtensions: 0, NumServices: 1, }, diff --git a/api/proto/odpf/guardian/v1beta1/guardian.pb.gw.go b/api/proto/odpf/guardian/v1beta1/guardian.pb.gw.go index d7c64ccc3..1805fff8d 100644 --- a/api/proto/odpf/guardian/v1beta1/guardian.pb.gw.go +++ b/api/proto/odpf/guardian/v1beta1/guardian.pb.gw.go @@ -1575,6 +1575,232 @@ func local_request_GuardianService_RevokeAppeals_0(ctx context.Context, marshale } +var ( + filter_GuardianService_ListAccesses_0 = &utilities.DoubleArray{Encoding: map[string]int{}, Base: []int(nil), Check: []int(nil)} +) + +func request_GuardianService_ListAccesses_0(ctx context.Context, marshaler runtime.Marshaler, client GuardianServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq ListAccessesRequest + var metadata runtime.ServerMetadata + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_GuardianService_ListAccesses_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.ListAccesses(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_GuardianService_ListAccesses_0(ctx context.Context, marshaler runtime.Marshaler, server GuardianServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq ListAccessesRequest + var metadata runtime.ServerMetadata + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_GuardianService_ListAccesses_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := server.ListAccesses(ctx, &protoReq) + return msg, metadata, err + +} + +var ( + filter_GuardianService_ListUserAccesses_0 = &utilities.DoubleArray{Encoding: map[string]int{}, Base: []int(nil), Check: []int(nil)} +) + +func request_GuardianService_ListUserAccesses_0(ctx context.Context, marshaler runtime.Marshaler, client GuardianServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq ListUserAccessesRequest + var metadata runtime.ServerMetadata + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_GuardianService_ListUserAccesses_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.ListUserAccesses(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_GuardianService_ListUserAccesses_0(ctx context.Context, marshaler runtime.Marshaler, server GuardianServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq ListUserAccessesRequest + var metadata runtime.ServerMetadata + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_GuardianService_ListUserAccesses_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := server.ListUserAccesses(ctx, &protoReq) + return msg, metadata, err + +} + +func request_GuardianService_GetAccess_0(ctx context.Context, marshaler runtime.Marshaler, client GuardianServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq GetAccessRequest + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["id"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "id") + } + + protoReq.Id, err = runtime.String(val) + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "id", err) + } + + msg, err := client.GetAccess(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_GuardianService_GetAccess_0(ctx context.Context, marshaler runtime.Marshaler, server GuardianServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq GetAccessRequest + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["id"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "id") + } + + protoReq.Id, err = runtime.String(val) + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "id", err) + } + + msg, err := server.GetAccess(ctx, &protoReq) + return msg, metadata, err + +} + +func request_GuardianService_RevokeAccess_0(ctx context.Context, marshaler runtime.Marshaler, client GuardianServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RevokeAccessRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["id"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "id") + } + + protoReq.Id, err = runtime.String(val) + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "id", err) + } + + msg, err := client.RevokeAccess(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_GuardianService_RevokeAccess_0(ctx context.Context, marshaler runtime.Marshaler, server GuardianServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RevokeAccessRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["id"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "id") + } + + protoReq.Id, err = runtime.String(val) + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "id", err) + } + + msg, err := server.RevokeAccess(ctx, &protoReq) + return msg, metadata, err + +} + +func request_GuardianService_RevokeAccesses_0(ctx context.Context, marshaler runtime.Marshaler, client GuardianServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RevokeAccessesRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.RevokeAccesses(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_GuardianService_RevokeAccesses_0(ctx context.Context, marshaler runtime.Marshaler, server GuardianServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RevokeAccessesRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := server.RevokeAccesses(ctx, &protoReq) + return msg, metadata, err + +} + // RegisterGuardianServiceHandlerServer registers the http handlers for service GuardianService to "mux". // UnaryRPC :call GuardianServiceServer directly. // StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. @@ -2248,6 +2474,121 @@ func RegisterGuardianServiceHandlerServer(ctx context.Context, mux *runtime.Serv }) + mux.Handle("GET", pattern_GuardianService_ListAccesses_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req, "/odpf.guardian.v1beta1.GuardianService/ListAccesses", runtime.WithHTTPPathPattern("/v1beta1/accesses")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_GuardianService_ListAccesses_0(rctx, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_GuardianService_ListAccesses_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("GET", pattern_GuardianService_ListUserAccesses_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req, "/odpf.guardian.v1beta1.GuardianService/ListUserAccesses", runtime.WithHTTPPathPattern("/v1beta1/me/accesses")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_GuardianService_ListUserAccesses_0(rctx, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_GuardianService_ListUserAccesses_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("GET", pattern_GuardianService_GetAccess_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req, "/odpf.guardian.v1beta1.GuardianService/GetAccess", runtime.WithHTTPPathPattern("/v1beta1/accesses/{id}")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_GuardianService_GetAccess_0(rctx, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_GuardianService_GetAccess_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("PUT", pattern_GuardianService_RevokeAccess_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req, "/odpf.guardian.v1beta1.GuardianService/RevokeAccess", runtime.WithHTTPPathPattern("/v1beta1/accesses/{id}/revoke")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_GuardianService_RevokeAccess_0(rctx, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_GuardianService_RevokeAccess_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("PUT", pattern_GuardianService_RevokeAccesses_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req, "/odpf.guardian.v1beta1.GuardianService/RevokeAccesses", runtime.WithHTTPPathPattern("/v1beta1/accesses/revoke")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_GuardianService_RevokeAccesses_0(rctx, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_GuardianService_RevokeAccesses_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + return nil } @@ -2869,6 +3210,106 @@ func RegisterGuardianServiceHandlerClient(ctx context.Context, mux *runtime.Serv }) + mux.Handle("GET", pattern_GuardianService_ListAccesses_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req, "/odpf.guardian.v1beta1.GuardianService/ListAccesses", runtime.WithHTTPPathPattern("/v1beta1/accesses")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_GuardianService_ListAccesses_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_GuardianService_ListAccesses_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("GET", pattern_GuardianService_ListUserAccesses_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req, "/odpf.guardian.v1beta1.GuardianService/ListUserAccesses", runtime.WithHTTPPathPattern("/v1beta1/me/accesses")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_GuardianService_ListUserAccesses_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_GuardianService_ListUserAccesses_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("GET", pattern_GuardianService_GetAccess_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req, "/odpf.guardian.v1beta1.GuardianService/GetAccess", runtime.WithHTTPPathPattern("/v1beta1/accesses/{id}")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_GuardianService_GetAccess_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_GuardianService_GetAccess_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("PUT", pattern_GuardianService_RevokeAccess_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req, "/odpf.guardian.v1beta1.GuardianService/RevokeAccess", runtime.WithHTTPPathPattern("/v1beta1/accesses/{id}/revoke")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_GuardianService_RevokeAccess_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_GuardianService_RevokeAccess_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("PUT", pattern_GuardianService_RevokeAccesses_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req, "/odpf.guardian.v1beta1.GuardianService/RevokeAccesses", runtime.WithHTTPPathPattern("/v1beta1/accesses/revoke")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_GuardianService_RevokeAccesses_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_GuardianService_RevokeAccesses_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + return nil } @@ -2930,6 +3371,16 @@ var ( pattern_GuardianService_DeleteApprover_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 1, 0, 4, 1, 5, 2, 2, 3, 1, 0, 4, 1, 5, 4, 2, 5, 1, 0, 4, 1, 5, 6}, []string{"v1beta1", "appeals", "appeal_id", "approvals", "approval_id", "approvers", "email"}, "")) pattern_GuardianService_RevokeAppeals_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"v1beta1", "appeals", "revoke"}, "")) + + pattern_GuardianService_ListAccesses_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1}, []string{"v1beta1", "accesses"}, "")) + + pattern_GuardianService_ListUserAccesses_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"v1beta1", "me", "accesses"}, "")) + + pattern_GuardianService_GetAccess_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 1, 0, 4, 1, 5, 2}, []string{"v1beta1", "accesses", "id"}, "")) + + pattern_GuardianService_RevokeAccess_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 1, 0, 4, 1, 5, 2, 2, 3}, []string{"v1beta1", "accesses", "id", "revoke"}, "")) + + pattern_GuardianService_RevokeAccesses_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"v1beta1", "accesses", "revoke"}, "")) ) var ( @@ -2990,4 +3441,14 @@ var ( forward_GuardianService_DeleteApprover_0 = runtime.ForwardResponseMessage forward_GuardianService_RevokeAppeals_0 = runtime.ForwardResponseMessage + + forward_GuardianService_ListAccesses_0 = runtime.ForwardResponseMessage + + forward_GuardianService_ListUserAccesses_0 = runtime.ForwardResponseMessage + + forward_GuardianService_GetAccess_0 = runtime.ForwardResponseMessage + + forward_GuardianService_RevokeAccess_0 = runtime.ForwardResponseMessage + + forward_GuardianService_RevokeAccesses_0 = runtime.ForwardResponseMessage ) diff --git a/api/proto/odpf/guardian/v1beta1/guardian_grpc.pb.go b/api/proto/odpf/guardian/v1beta1/guardian_grpc.pb.go index 36449dac5..d7d41185b 100644 --- a/api/proto/odpf/guardian/v1beta1/guardian_grpc.pb.go +++ b/api/proto/odpf/guardian/v1beta1/guardian_grpc.pb.go @@ -38,6 +38,7 @@ type GuardianServiceClient interface { ListAppeals(ctx context.Context, in *ListAppealsRequest, opts ...grpc.CallOption) (*ListAppealsResponse, error) GetAppeal(ctx context.Context, in *GetAppealRequest, opts ...grpc.CallOption) (*GetAppealResponse, error) CancelAppeal(ctx context.Context, in *CancelAppealRequest, opts ...grpc.CallOption) (*CancelAppealResponse, error) + // Deprecated: Do not use. RevokeAppeal(ctx context.Context, in *RevokeAppealRequest, opts ...grpc.CallOption) (*RevokeAppealResponse, error) CreateAppeal(ctx context.Context, in *CreateAppealRequest, opts ...grpc.CallOption) (*CreateAppealResponse, error) ListUserApprovals(ctx context.Context, in *ListUserApprovalsRequest, opts ...grpc.CallOption) (*ListUserApprovalsResponse, error) @@ -45,7 +46,13 @@ type GuardianServiceClient interface { UpdateApproval(ctx context.Context, in *UpdateApprovalRequest, opts ...grpc.CallOption) (*UpdateApprovalResponse, error) AddApprover(ctx context.Context, in *AddApproverRequest, opts ...grpc.CallOption) (*AddApproverResponse, error) DeleteApprover(ctx context.Context, in *DeleteApproverRequest, opts ...grpc.CallOption) (*DeleteApproverResponse, error) + // Deprecated: Do not use. RevokeAppeals(ctx context.Context, in *RevokeAppealsRequest, opts ...grpc.CallOption) (*RevokeAppealsResponse, error) + ListAccesses(ctx context.Context, in *ListAccessesRequest, opts ...grpc.CallOption) (*ListAccessesResponse, error) + ListUserAccesses(ctx context.Context, in *ListUserAccessesRequest, opts ...grpc.CallOption) (*ListUserAccessesResponse, error) + GetAccess(ctx context.Context, in *GetAccessRequest, opts ...grpc.CallOption) (*GetAccessResponse, error) + RevokeAccess(ctx context.Context, in *RevokeAccessRequest, opts ...grpc.CallOption) (*RevokeAccessResponse, error) + RevokeAccesses(ctx context.Context, in *RevokeAccessesRequest, opts ...grpc.CallOption) (*RevokeAccessesResponse, error) } type guardianServiceClient struct { @@ -236,6 +243,7 @@ func (c *guardianServiceClient) CancelAppeal(ctx context.Context, in *CancelAppe return out, nil } +// Deprecated: Do not use. func (c *guardianServiceClient) RevokeAppeal(ctx context.Context, in *RevokeAppealRequest, opts ...grpc.CallOption) (*RevokeAppealResponse, error) { out := new(RevokeAppealResponse) err := c.cc.Invoke(ctx, "/odpf.guardian.v1beta1.GuardianService/RevokeAppeal", in, out, opts...) @@ -299,6 +307,7 @@ func (c *guardianServiceClient) DeleteApprover(ctx context.Context, in *DeleteAp return out, nil } +// Deprecated: Do not use. func (c *guardianServiceClient) RevokeAppeals(ctx context.Context, in *RevokeAppealsRequest, opts ...grpc.CallOption) (*RevokeAppealsResponse, error) { out := new(RevokeAppealsResponse) err := c.cc.Invoke(ctx, "/odpf.guardian.v1beta1.GuardianService/RevokeAppeals", in, out, opts...) @@ -308,6 +317,51 @@ func (c *guardianServiceClient) RevokeAppeals(ctx context.Context, in *RevokeApp return out, nil } +func (c *guardianServiceClient) ListAccesses(ctx context.Context, in *ListAccessesRequest, opts ...grpc.CallOption) (*ListAccessesResponse, error) { + out := new(ListAccessesResponse) + err := c.cc.Invoke(ctx, "/odpf.guardian.v1beta1.GuardianService/ListAccesses", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *guardianServiceClient) ListUserAccesses(ctx context.Context, in *ListUserAccessesRequest, opts ...grpc.CallOption) (*ListUserAccessesResponse, error) { + out := new(ListUserAccessesResponse) + err := c.cc.Invoke(ctx, "/odpf.guardian.v1beta1.GuardianService/ListUserAccesses", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *guardianServiceClient) GetAccess(ctx context.Context, in *GetAccessRequest, opts ...grpc.CallOption) (*GetAccessResponse, error) { + out := new(GetAccessResponse) + err := c.cc.Invoke(ctx, "/odpf.guardian.v1beta1.GuardianService/GetAccess", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *guardianServiceClient) RevokeAccess(ctx context.Context, in *RevokeAccessRequest, opts ...grpc.CallOption) (*RevokeAccessResponse, error) { + out := new(RevokeAccessResponse) + err := c.cc.Invoke(ctx, "/odpf.guardian.v1beta1.GuardianService/RevokeAccess", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *guardianServiceClient) RevokeAccesses(ctx context.Context, in *RevokeAccessesRequest, opts ...grpc.CallOption) (*RevokeAccessesResponse, error) { + out := new(RevokeAccessesResponse) + err := c.cc.Invoke(ctx, "/odpf.guardian.v1beta1.GuardianService/RevokeAccesses", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + // GuardianServiceServer is the server API for GuardianService service. // All implementations must embed UnimplementedGuardianServiceServer // for forward compatibility @@ -332,6 +386,7 @@ type GuardianServiceServer interface { ListAppeals(context.Context, *ListAppealsRequest) (*ListAppealsResponse, error) GetAppeal(context.Context, *GetAppealRequest) (*GetAppealResponse, error) CancelAppeal(context.Context, *CancelAppealRequest) (*CancelAppealResponse, error) + // Deprecated: Do not use. RevokeAppeal(context.Context, *RevokeAppealRequest) (*RevokeAppealResponse, error) CreateAppeal(context.Context, *CreateAppealRequest) (*CreateAppealResponse, error) ListUserApprovals(context.Context, *ListUserApprovalsRequest) (*ListUserApprovalsResponse, error) @@ -339,7 +394,13 @@ type GuardianServiceServer interface { UpdateApproval(context.Context, *UpdateApprovalRequest) (*UpdateApprovalResponse, error) AddApprover(context.Context, *AddApproverRequest) (*AddApproverResponse, error) DeleteApprover(context.Context, *DeleteApproverRequest) (*DeleteApproverResponse, error) + // Deprecated: Do not use. RevokeAppeals(context.Context, *RevokeAppealsRequest) (*RevokeAppealsResponse, error) + ListAccesses(context.Context, *ListAccessesRequest) (*ListAccessesResponse, error) + ListUserAccesses(context.Context, *ListUserAccessesRequest) (*ListUserAccessesResponse, error) + GetAccess(context.Context, *GetAccessRequest) (*GetAccessResponse, error) + RevokeAccess(context.Context, *RevokeAccessRequest) (*RevokeAccessResponse, error) + RevokeAccesses(context.Context, *RevokeAccessesRequest) (*RevokeAccessesResponse, error) mustEmbedUnimplementedGuardianServiceServer() } @@ -431,6 +492,21 @@ func (UnimplementedGuardianServiceServer) DeleteApprover(context.Context, *Delet func (UnimplementedGuardianServiceServer) RevokeAppeals(context.Context, *RevokeAppealsRequest) (*RevokeAppealsResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method RevokeAppeals not implemented") } +func (UnimplementedGuardianServiceServer) ListAccesses(context.Context, *ListAccessesRequest) (*ListAccessesResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ListAccesses not implemented") +} +func (UnimplementedGuardianServiceServer) ListUserAccesses(context.Context, *ListUserAccessesRequest) (*ListUserAccessesResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ListUserAccesses not implemented") +} +func (UnimplementedGuardianServiceServer) GetAccess(context.Context, *GetAccessRequest) (*GetAccessResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetAccess not implemented") +} +func (UnimplementedGuardianServiceServer) RevokeAccess(context.Context, *RevokeAccessRequest) (*RevokeAccessResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method RevokeAccess not implemented") +} +func (UnimplementedGuardianServiceServer) RevokeAccesses(context.Context, *RevokeAccessesRequest) (*RevokeAccessesResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method RevokeAccesses not implemented") +} func (UnimplementedGuardianServiceServer) mustEmbedUnimplementedGuardianServiceServer() {} // UnsafeGuardianServiceServer may be embedded to opt out of forward compatibility for this service. @@ -948,6 +1024,96 @@ func _GuardianService_RevokeAppeals_Handler(srv interface{}, ctx context.Context return interceptor(ctx, in, info, handler) } +func _GuardianService_ListAccesses_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ListAccessesRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(GuardianServiceServer).ListAccesses(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/odpf.guardian.v1beta1.GuardianService/ListAccesses", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(GuardianServiceServer).ListAccesses(ctx, req.(*ListAccessesRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _GuardianService_ListUserAccesses_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ListUserAccessesRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(GuardianServiceServer).ListUserAccesses(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/odpf.guardian.v1beta1.GuardianService/ListUserAccesses", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(GuardianServiceServer).ListUserAccesses(ctx, req.(*ListUserAccessesRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _GuardianService_GetAccess_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetAccessRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(GuardianServiceServer).GetAccess(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/odpf.guardian.v1beta1.GuardianService/GetAccess", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(GuardianServiceServer).GetAccess(ctx, req.(*GetAccessRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _GuardianService_RevokeAccess_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(RevokeAccessRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(GuardianServiceServer).RevokeAccess(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/odpf.guardian.v1beta1.GuardianService/RevokeAccess", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(GuardianServiceServer).RevokeAccess(ctx, req.(*RevokeAccessRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _GuardianService_RevokeAccesses_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(RevokeAccessesRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(GuardianServiceServer).RevokeAccesses(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/odpf.guardian.v1beta1.GuardianService/RevokeAccesses", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(GuardianServiceServer).RevokeAccesses(ctx, req.(*RevokeAccessesRequest)) + } + return interceptor(ctx, in, info, handler) +} + // GuardianService_ServiceDesc is the grpc.ServiceDesc for GuardianService service. // It's only intended for direct use with grpc.RegisterService, // and not to be introspected or modified (even as a copy) @@ -1067,6 +1233,26 @@ var GuardianService_ServiceDesc = grpc.ServiceDesc{ MethodName: "RevokeAppeals", Handler: _GuardianService_RevokeAppeals_Handler, }, + { + MethodName: "ListAccesses", + Handler: _GuardianService_ListAccesses_Handler, + }, + { + MethodName: "ListUserAccesses", + Handler: _GuardianService_ListUserAccesses_Handler, + }, + { + MethodName: "GetAccess", + Handler: _GuardianService_GetAccess_Handler, + }, + { + MethodName: "RevokeAccess", + Handler: _GuardianService_RevokeAccess_Handler, + }, + { + MethodName: "RevokeAccesses", + Handler: _GuardianService_RevokeAccesses_Handler, + }, }, Streams: []grpc.StreamDesc{}, Metadata: "odpf/guardian/v1beta1/guardian.proto", diff --git a/core/access/errors.go b/core/access/errors.go new file mode 100644 index 000000000..3db6d41a5 --- /dev/null +++ b/core/access/errors.go @@ -0,0 +1,8 @@ +package access + +import "errors" + +var ( + ErrEmptyIDParam = errors.New("access id can't be empty") + ErrAccessNotFound = errors.New("access not found") +) diff --git a/core/access/mocks/auditLogger.go b/core/access/mocks/auditLogger.go new file mode 100644 index 000000000..421d831ee --- /dev/null +++ b/core/access/mocks/auditLogger.go @@ -0,0 +1,61 @@ +// Code generated by mockery v2.10.0. DO NOT EDIT. + +package mocks + +import ( + context "context" + + mock "github.com/stretchr/testify/mock" +) + +// AuditLogger is an autogenerated mock type for the auditLogger type +type AuditLogger struct { + mock.Mock +} + +type AuditLogger_Expecter struct { + mock *mock.Mock +} + +func (_m *AuditLogger) EXPECT() *AuditLogger_Expecter { + return &AuditLogger_Expecter{mock: &_m.Mock} +} + +// Log provides a mock function with given fields: ctx, action, data +func (_m *AuditLogger) Log(ctx context.Context, action string, data interface{}) error { + ret := _m.Called(ctx, action, data) + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, string, interface{}) error); ok { + r0 = rf(ctx, action, data) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// AuditLogger_Log_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Log' +type AuditLogger_Log_Call struct { + *mock.Call +} + +// Log is a helper method to define mock.On call +// - ctx context.Context +// - action string +// - data interface{} +func (_e *AuditLogger_Expecter) Log(ctx interface{}, action interface{}, data interface{}) *AuditLogger_Log_Call { + return &AuditLogger_Log_Call{Call: _e.mock.On("Log", ctx, action, data)} +} + +func (_c *AuditLogger_Log_Call) Run(run func(ctx context.Context, action string, data interface{})) *AuditLogger_Log_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(string), args[2].(interface{})) + }) + return _c +} + +func (_c *AuditLogger_Log_Call) Return(_a0 error) *AuditLogger_Log_Call { + _c.Call.Return(_a0) + return _c +} diff --git a/core/access/mocks/notifier.go b/core/access/mocks/notifier.go new file mode 100644 index 000000000..4d905c766 --- /dev/null +++ b/core/access/mocks/notifier.go @@ -0,0 +1,60 @@ +// Code generated by mockery v2.10.0. DO NOT EDIT. + +package mocks + +import ( + domain "github.com/odpf/guardian/domain" + mock "github.com/stretchr/testify/mock" +) + +// Notifier is an autogenerated mock type for the notifier type +type Notifier struct { + mock.Mock +} + +type Notifier_Expecter struct { + mock *mock.Mock +} + +func (_m *Notifier) EXPECT() *Notifier_Expecter { + return &Notifier_Expecter{mock: &_m.Mock} +} + +// Notify provides a mock function with given fields: _a0 +func (_m *Notifier) Notify(_a0 []domain.Notification) []error { + ret := _m.Called(_a0) + + var r0 []error + if rf, ok := ret.Get(0).(func([]domain.Notification) []error); ok { + r0 = rf(_a0) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]error) + } + } + + return r0 +} + +// Notifier_Notify_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Notify' +type Notifier_Notify_Call struct { + *mock.Call +} + +// Notify is a helper method to define mock.On call +// - _a0 []domain.Notification +func (_e *Notifier_Expecter) Notify(_a0 interface{}) *Notifier_Notify_Call { + return &Notifier_Notify_Call{Call: _e.mock.On("Notify", _a0)} +} + +func (_c *Notifier_Notify_Call) Run(run func(_a0 []domain.Notification)) *Notifier_Notify_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].([]domain.Notification)) + }) + return _c +} + +func (_c *Notifier_Notify_Call) Return(_a0 []error) *Notifier_Notify_Call { + _c.Call.Return(_a0) + return _c +} diff --git a/core/access/mocks/providerService.go b/core/access/mocks/providerService.go new file mode 100644 index 000000000..ce82fc58c --- /dev/null +++ b/core/access/mocks/providerService.go @@ -0,0 +1,61 @@ +// Code generated by mockery v2.10.0. DO NOT EDIT. + +package mocks + +import ( + context "context" + + domain "github.com/odpf/guardian/domain" + mock "github.com/stretchr/testify/mock" +) + +// ProviderService is an autogenerated mock type for the providerService type +type ProviderService struct { + mock.Mock +} + +type ProviderService_Expecter struct { + mock *mock.Mock +} + +func (_m *ProviderService) EXPECT() *ProviderService_Expecter { + return &ProviderService_Expecter{mock: &_m.Mock} +} + +// RevokeAccess provides a mock function with given fields: _a0, _a1 +func (_m *ProviderService) RevokeAccess(_a0 context.Context, _a1 domain.Access) error { + ret := _m.Called(_a0, _a1) + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, domain.Access) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// ProviderService_RevokeAccess_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RevokeAccess' +type ProviderService_RevokeAccess_Call struct { + *mock.Call +} + +// RevokeAccess is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 domain.Access +func (_e *ProviderService_Expecter) RevokeAccess(_a0 interface{}, _a1 interface{}) *ProviderService_RevokeAccess_Call { + return &ProviderService_RevokeAccess_Call{Call: _e.mock.On("RevokeAccess", _a0, _a1)} +} + +func (_c *ProviderService_RevokeAccess_Call) Run(run func(_a0 context.Context, _a1 domain.Access)) *ProviderService_RevokeAccess_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(domain.Access)) + }) + return _c +} + +func (_c *ProviderService_RevokeAccess_Call) Return(_a0 error) *ProviderService_RevokeAccess_Call { + _c.Call.Return(_a0) + return _c +} diff --git a/core/access/mocks/repository.go b/core/access/mocks/repository.go new file mode 100644 index 000000000..51c275cb1 --- /dev/null +++ b/core/access/mocks/repository.go @@ -0,0 +1,155 @@ +// Code generated by mockery v2.10.0. DO NOT EDIT. + +package mocks + +import ( + context "context" + + domain "github.com/odpf/guardian/domain" + mock "github.com/stretchr/testify/mock" +) + +// Repository is an autogenerated mock type for the repository type +type Repository struct { + mock.Mock +} + +type Repository_Expecter struct { + mock *mock.Mock +} + +func (_m *Repository) EXPECT() *Repository_Expecter { + return &Repository_Expecter{mock: &_m.Mock} +} + +// GetByID provides a mock function with given fields: _a0, _a1 +func (_m *Repository) GetByID(_a0 context.Context, _a1 string) (*domain.Access, error) { + ret := _m.Called(_a0, _a1) + + var r0 *domain.Access + if rf, ok := ret.Get(0).(func(context.Context, string) *domain.Access); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*domain.Access) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, string) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// Repository_GetByID_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetByID' +type Repository_GetByID_Call struct { + *mock.Call +} + +// GetByID is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 string +func (_e *Repository_Expecter) GetByID(_a0 interface{}, _a1 interface{}) *Repository_GetByID_Call { + return &Repository_GetByID_Call{Call: _e.mock.On("GetByID", _a0, _a1)} +} + +func (_c *Repository_GetByID_Call) Run(run func(_a0 context.Context, _a1 string)) *Repository_GetByID_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(string)) + }) + return _c +} + +func (_c *Repository_GetByID_Call) Return(_a0 *domain.Access, _a1 error) *Repository_GetByID_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +// List provides a mock function with given fields: _a0, _a1 +func (_m *Repository) List(_a0 context.Context, _a1 domain.ListAccessesFilter) ([]domain.Access, error) { + ret := _m.Called(_a0, _a1) + + var r0 []domain.Access + if rf, ok := ret.Get(0).(func(context.Context, domain.ListAccessesFilter) []domain.Access); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]domain.Access) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, domain.ListAccessesFilter) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// Repository_List_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'List' +type Repository_List_Call struct { + *mock.Call +} + +// List is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 domain.ListAccessesFilter +func (_e *Repository_Expecter) List(_a0 interface{}, _a1 interface{}) *Repository_List_Call { + return &Repository_List_Call{Call: _e.mock.On("List", _a0, _a1)} +} + +func (_c *Repository_List_Call) Run(run func(_a0 context.Context, _a1 domain.ListAccessesFilter)) *Repository_List_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(domain.ListAccessesFilter)) + }) + return _c +} + +func (_c *Repository_List_Call) Return(_a0 []domain.Access, _a1 error) *Repository_List_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +// Update provides a mock function with given fields: _a0, _a1 +func (_m *Repository) Update(_a0 context.Context, _a1 *domain.Access) error { + ret := _m.Called(_a0, _a1) + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, *domain.Access) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// Repository_Update_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Update' +type Repository_Update_Call struct { + *mock.Call +} + +// Update is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 *domain.Access +func (_e *Repository_Expecter) Update(_a0 interface{}, _a1 interface{}) *Repository_Update_Call { + return &Repository_Update_Call{Call: _e.mock.On("Update", _a0, _a1)} +} + +func (_c *Repository_Update_Call) Run(run func(_a0 context.Context, _a1 *domain.Access)) *Repository_Update_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(*domain.Access)) + }) + return _c +} + +func (_c *Repository_Update_Call) Return(_a0 error) *Repository_Update_Call { + _c.Call.Return(_a0) + return _c +} diff --git a/core/access/option.go b/core/access/option.go new file mode 100644 index 000000000..0a0d85f35 --- /dev/null +++ b/core/access/option.go @@ -0,0 +1,32 @@ +package access + +type options struct { + skipNotification bool + skipRevokeInProvider bool +} + +type Option func(*options) + +func SkipNotifications() Option { + return func(opts *options) { + opts.skipNotification = true + } +} + +func SkipRevokeAccessInProvider() Option { + return func(opts *options) { + opts.skipRevokeInProvider = true + } +} + +func (s *Service) getOptions(opts ...Option) options { + o := options{ + skipNotification: false, + skipRevokeInProvider: false, + } + + for _, fn := range opts { + fn(&o) + } + return o +} diff --git a/core/access/service.go b/core/access/service.go new file mode 100644 index 000000000..02873b8b7 --- /dev/null +++ b/core/access/service.go @@ -0,0 +1,271 @@ +package access + +import ( + "context" + "fmt" + "time" + + "github.com/go-playground/validator/v10" + "github.com/odpf/guardian/domain" + "github.com/odpf/guardian/plugins/notifiers" + "github.com/odpf/salt/log" +) + +const ( + AuditKeyRevoke = "access.revoke" +) + +//go:generate mockery --name=repository --exported --with-expecter +type repository interface { + List(context.Context, domain.ListAccessesFilter) ([]domain.Access, error) + GetByID(context.Context, string) (*domain.Access, error) + Update(context.Context, *domain.Access) error +} + +//go:generate mockery --name=providerService --exported --with-expecter +type providerService interface { + RevokeAccess(context.Context, domain.Access) error +} + +//go:generate mockery --name=auditLogger --exported --with-expecter +type auditLogger interface { + Log(ctx context.Context, action string, data interface{}) error +} + +//go:generate mockery --name=notifier --exported --with-expecter +type notifier interface { + notifiers.Client +} + +type accessCreation struct { + AppealStatus string `validate:"required,eq=active"` + AccountID string `validate:"required"` + AccountType string `validate:"required"` + ResourceID string `validate:"required"` +} + +type Service struct { + repo repository + providerService providerService + + notifier notifier + validator *validator.Validate + logger log.Logger + auditLogger auditLogger +} + +type ServiceDeps struct { + Repository repository + ProviderService providerService + + Notifier notifier + Validator *validator.Validate + Logger log.Logger + AuditLogger auditLogger +} + +func NewService(deps ServiceDeps) *Service { + return &Service{ + repo: deps.Repository, + providerService: deps.ProviderService, + + notifier: deps.Notifier, + validator: deps.Validator, + logger: deps.Logger, + auditLogger: deps.AuditLogger, + } +} + +func (s *Service) List(ctx context.Context, filter domain.ListAccessesFilter) ([]domain.Access, error) { + return s.repo.List(ctx, filter) +} + +func (s *Service) GetByID(ctx context.Context, id string) (*domain.Access, error) { + if id == "" { + return nil, ErrEmptyIDParam + } + return s.repo.GetByID(ctx, id) +} + +func (s *Service) Prepare(ctx context.Context, appeal domain.Appeal) (*domain.Access, error) { + if err := s.validator.Struct(accessCreation{ + AppealStatus: appeal.Status, + AccountID: appeal.AccountID, + AccountType: appeal.AccountType, + ResourceID: appeal.ResourceID, + }); err != nil { + return nil, fmt.Errorf("validating appeal: %w", err) + } + + return appeal.ToAccess() +} + +func (s *Service) Revoke(ctx context.Context, id, actor, reason string, opts ...Option) (*domain.Access, error) { + access, err := s.GetByID(ctx, id) + if err != nil { + return nil, fmt.Errorf("getting access details: %w", err) + } + + revokedAccess := &domain.Access{} + *revokedAccess = *access + if err := access.Revoke(actor, reason); err != nil { + return nil, err + } + // TODO: remove below logic in future release when appeal no longer for managing access + if access.Appeal != nil { + if err := access.Appeal.Revoke(actor, reason); err != nil { + return nil, fmt.Errorf("updating appeal status: %s", err) + } + } + if err := s.repo.Update(ctx, access); err != nil { + return nil, fmt.Errorf("updating access record in db: %w", err) + } + + options := s.getOptions(opts...) + + if !options.skipRevokeInProvider { + if err := s.providerService.RevokeAccess(ctx, *access); err != nil { + if err := s.repo.Update(ctx, access); err != nil { + return nil, fmt.Errorf("failed to rollback access status: %w", err) + } + return nil, fmt.Errorf("removing access in provider: %w", err) + } + } + + if !options.skipNotification { + if errs := s.notifier.Notify([]domain.Notification{{ + User: access.Appeal.CreatedBy, + Message: domain.NotificationMessage{ + Type: domain.NotificationTypeAccessRevoked, + Variables: map[string]interface{}{ + "resource_name": fmt.Sprintf("%s (%s: %s)", access.Resource.Name, access.Resource.ProviderType, access.Resource.URN), + "role": access.Appeal.Role, + "account_type": access.AccountType, + "account_id": access.AccountID, + }, + }, + }}); errs != nil { + for _, err1 := range errs { + s.logger.Error("failed to send notifications", "error", err1.Error()) + } + } + } + + if err := s.auditLogger.Log(ctx, AuditKeyRevoke, map[string]interface{}{ + "access_id": id, + "reason": reason, + }); err != nil { + s.logger.Error("failed to record audit log", "error", err) + } + + return access, nil +} + +func (s *Service) BulkRevoke(ctx context.Context, filter domain.RevokeAccessesFilter, actor, reason string) ([]*domain.Access, error) { + if filter.AccountIDs == nil || len(filter.AccountIDs) == 0 { + return nil, fmt.Errorf("account_ids is required") + } + + accesses, err := s.List(ctx, domain.ListAccessesFilter{ + Statuses: []string{domain.AppealStatusActive}, + AccountIDs: filter.AccountIDs, + ProviderTypes: filter.ProviderTypes, + ProviderURNs: filter.ProviderURNs, + ResourceTypes: filter.ResourceTypes, + ResourceURNs: filter.ResourceURNs, + }) + if err != nil { + return nil, fmt.Errorf("listing active accesses: %w", err) + } + if len(accesses) == 0 { + return nil, nil + } + + result := make([]*domain.Access, 0) + batchSize := 10 + timeLimiter := make(chan int, batchSize) + + for i := 1; i <= batchSize; i++ { + timeLimiter <- i + } + + go func() { + for range time.Tick(1 * time.Second) { + for i := 1; i <= batchSize; i++ { + timeLimiter <- i + } + } + }() + + totalRequests := len(accesses) + done := make(chan *domain.Access, totalRequests) + resourceAccessMap := make(map[string][]*domain.Access, 0) + + for i, access := range accesses { + var resourceAccesses []*domain.Access + var ok bool + if resourceAccesses, ok = resourceAccessMap[access.ResourceID]; ok { + resourceAccesses = append(resourceAccesses, &accesses[i]) + } else { + resourceAccesses = []*domain.Access{&accesses[i]} + } + resourceAccessMap[access.ResourceID] = resourceAccesses + } + + for _, resourceAccesses := range resourceAccessMap { + go s.expiredInActiveUserAccess(ctx, timeLimiter, done, actor, reason, resourceAccesses) + } + + var successRevoke []string + var failedRevoke []string + for { + select { + case access := <-done: + if access.Status == domain.AccessStatusInactive { + successRevoke = append(successRevoke, access.ID) + } else { + failedRevoke = append(failedRevoke, access.ID) + } + result = append(result, access) + if len(result) == totalRequests { + s.logger.Info("successful access revocation", "count", len(successRevoke), "ids", successRevoke) + s.logger.Info("failed access revocation", "count", len(failedRevoke), "ids", failedRevoke) + return result, nil + } + } + } +} + +func (s *Service) expiredInActiveUserAccess(ctx context.Context, timeLimiter chan int, done chan *domain.Access, actor string, reason string, accesses []*domain.Access) { + for _, access := range accesses { + <-timeLimiter + + revokedAccess := &domain.Access{} + *revokedAccess = *access + if err := revokedAccess.Revoke(actor, reason); err != nil { + s.logger.Error("failed to revoke access", "id", access.ID, "error", err) + return + } + // TODO: remove below logic in future release when appeal no longer for managing access + if err := access.Appeal.Revoke(actor, reason); err != nil { + s.logger.Error("updating appeal status", "id", access.Appeal.ID, "error", err) + return + } + + if err := s.providerService.RevokeAccess(ctx, *access); err != nil { + done <- access + s.logger.Error("failed to revoke access in provider", "id", access.ID, "error", err) + return + } + + revokedAccess.Status = domain.AccessStatusInactive + if err := s.repo.Update(ctx, revokedAccess); err != nil { + done <- access + s.logger.Error("failed to update access-revoke status", "id", access.ID, "error", err) + return + } else { + done <- revokedAccess + s.logger.Info("access revoked", "id", access.ID) + } + } +} diff --git a/core/access/service_test.go b/core/access/service_test.go new file mode 100644 index 000000000..872342520 --- /dev/null +++ b/core/access/service_test.go @@ -0,0 +1,112 @@ +package access_test + +import ( + "context" + "errors" + "testing" + + "github.com/google/uuid" + "github.com/odpf/guardian/core/access" + "github.com/odpf/guardian/core/access/mocks" + "github.com/odpf/guardian/domain" + "github.com/odpf/salt/log" + "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/suite" +) + +type ServiceTestSuite struct { + suite.Suite + mockRepository *mocks.Repository + service *access.Service +} + +func TestService(t *testing.T) { + suite.Run(t, new(ServiceTestSuite)) +} + +func (s *ServiceTestSuite) setup() { + s.mockRepository = new(mocks.Repository) + s.service = access.NewService(access.ServiceDeps{ + Repository: s.mockRepository, + Logger: log.NewNoop(), + }) +} + +func (s *ServiceTestSuite) TestList() { + s.Run("should return list of access on success", func() { + s.setup() + + filter := domain.ListAccessesFilter{} + expectedAccesses := []domain.Access{} + s.mockRepository.EXPECT(). + List(mock.AnythingOfType("*context.emptyCtx"), filter). + Return(expectedAccesses, nil).Once() + + accesses, err := s.service.List(context.Background(), filter) + + s.NoError(err) + s.Equal(expectedAccesses, accesses) + s.mockRepository.AssertExpectations(s.T()) + }) + + s.Run("should return error if repository returns an error", func() { + s.setup() + + expectedError := errors.New("unexpected error") + s.mockRepository.EXPECT(). + List(mock.AnythingOfType("*context.emptyCtx"), mock.AnythingOfType("domain.ListAccessesFilter")). + Return(nil, expectedError).Once() + + accesses, err := s.service.List(context.Background(), domain.ListAccessesFilter{}) + + s.ErrorIs(err, expectedError) + s.Nil(accesses) + s.mockRepository.AssertExpectations(s.T()) + }) +} + +func (s *ServiceTestSuite) TestGetByID() { + s.Run("should return access details on success", func() { + s.setup() + + id := uuid.New().String() + expectedAccess := &domain.Access{} + s.mockRepository.EXPECT(). + GetByID(mock.AnythingOfType("*context.emptyCtx"), id). + Return(expectedAccess, nil). + Once() + + access, err := s.service.GetByID(context.Background(), id) + + s.NoError(err) + s.Equal(expectedAccess, access) + s.mockRepository.AssertExpectations(s.T()) + }) + + s.Run("should return error if id param is empty", func() { + s.setup() + + expectedError := access.ErrEmptyIDParam + + access, err := s.service.GetByID(context.Background(), "") + + s.ErrorIs(err, expectedError) + s.Nil(access) + s.mockRepository.AssertExpectations(s.T()) + }) + + s.Run("should return error if repository returns an error", func() { + s.setup() + + expectedError := errors.New("unexpected error") + s.mockRepository.EXPECT(). + GetByID(mock.AnythingOfType("*context.emptyCtx"), mock.AnythingOfType("string")). + Return(nil, expectedError).Once() + + access, err := s.service.GetByID(context.Background(), "test-id") + + s.ErrorIs(err, expectedError) + s.Nil(access) + s.mockRepository.AssertExpectations(s.T()) + }) +} diff --git a/core/appeal/errors.go b/core/appeal/errors.go index 9ed9f18e4..c9b7dfd89 100644 --- a/core/appeal/errors.go +++ b/core/appeal/errors.go @@ -15,7 +15,7 @@ var ( ErrAppealDuplicate = errors.New("appeal with the same resource and role already exists") ErrAppealInvalidExtensionDuration = errors.New("invalid appeal extension duration") ErrAppealFoundActiveAccess = errors.New("user still have an active access") - ErrAppealNotEligibleForExtension = errors.New("appeal is not eligible for extension") + ErrAccessNotEligibleForExtension = errors.New("existing access is not eligible for extension") ErrCannotCreateAppealForOtherUser = errors.New("creating appeal for other individual user (account_type=\"user\") is not allowed") ErrApprovalDependencyIsBlocked = errors.New("found previous approval step that is still in blocked") diff --git a/core/appeal/mocks/accessService.go b/core/appeal/mocks/accessService.go new file mode 100644 index 000000000..dcfb70db6 --- /dev/null +++ b/core/appeal/mocks/accessService.go @@ -0,0 +1,184 @@ +// Code generated by mockery v2.10.0. DO NOT EDIT. + +package mocks + +import ( + access "github.com/odpf/guardian/core/access" + + context "context" + + domain "github.com/odpf/guardian/domain" + + mock "github.com/stretchr/testify/mock" +) + +// AccessService is an autogenerated mock type for the accessService type +type AccessService struct { + mock.Mock +} + +type AccessService_Expecter struct { + mock *mock.Mock +} + +func (_m *AccessService) EXPECT() *AccessService_Expecter { + return &AccessService_Expecter{mock: &_m.Mock} +} + +// List provides a mock function with given fields: _a0, _a1 +func (_m *AccessService) List(_a0 context.Context, _a1 domain.ListAccessesFilter) ([]domain.Access, error) { + ret := _m.Called(_a0, _a1) + + var r0 []domain.Access + if rf, ok := ret.Get(0).(func(context.Context, domain.ListAccessesFilter) []domain.Access); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]domain.Access) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, domain.ListAccessesFilter) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// AccessService_List_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'List' +type AccessService_List_Call struct { + *mock.Call +} + +// List is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 domain.ListAccessesFilter +func (_e *AccessService_Expecter) List(_a0 interface{}, _a1 interface{}) *AccessService_List_Call { + return &AccessService_List_Call{Call: _e.mock.On("List", _a0, _a1)} +} + +func (_c *AccessService_List_Call) Run(run func(_a0 context.Context, _a1 domain.ListAccessesFilter)) *AccessService_List_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(domain.ListAccessesFilter)) + }) + return _c +} + +func (_c *AccessService_List_Call) Return(_a0 []domain.Access, _a1 error) *AccessService_List_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +// Prepare provides a mock function with given fields: _a0, _a1 +func (_m *AccessService) Prepare(_a0 context.Context, _a1 domain.Appeal) (*domain.Access, error) { + ret := _m.Called(_a0, _a1) + + var r0 *domain.Access + if rf, ok := ret.Get(0).(func(context.Context, domain.Appeal) *domain.Access); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*domain.Access) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, domain.Appeal) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// AccessService_Prepare_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Prepare' +type AccessService_Prepare_Call struct { + *mock.Call +} + +// Prepare is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 domain.Appeal +func (_e *AccessService_Expecter) Prepare(_a0 interface{}, _a1 interface{}) *AccessService_Prepare_Call { + return &AccessService_Prepare_Call{Call: _e.mock.On("Prepare", _a0, _a1)} +} + +func (_c *AccessService_Prepare_Call) Run(run func(_a0 context.Context, _a1 domain.Appeal)) *AccessService_Prepare_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(domain.Appeal)) + }) + return _c +} + +func (_c *AccessService_Prepare_Call) Return(_a0 *domain.Access, _a1 error) *AccessService_Prepare_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +// Revoke provides a mock function with given fields: ctx, id, actor, reason, opts +func (_m *AccessService) Revoke(ctx context.Context, id string, actor string, reason string, opts ...access.Option) (*domain.Access, error) { + _va := make([]interface{}, len(opts)) + for _i := range opts { + _va[_i] = opts[_i] + } + var _ca []interface{} + _ca = append(_ca, ctx, id, actor, reason) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + var r0 *domain.Access + if rf, ok := ret.Get(0).(func(context.Context, string, string, string, ...access.Option) *domain.Access); ok { + r0 = rf(ctx, id, actor, reason, opts...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*domain.Access) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, string, string, string, ...access.Option) error); ok { + r1 = rf(ctx, id, actor, reason, opts...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// AccessService_Revoke_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Revoke' +type AccessService_Revoke_Call struct { + *mock.Call +} + +// Revoke is a helper method to define mock.On call +// - ctx context.Context +// - id string +// - actor string +// - reason string +// - opts ...access.Option +func (_e *AccessService_Expecter) Revoke(ctx interface{}, id interface{}, actor interface{}, reason interface{}, opts ...interface{}) *AccessService_Revoke_Call { + return &AccessService_Revoke_Call{Call: _e.mock.On("Revoke", + append([]interface{}{ctx, id, actor, reason}, opts...)...)} +} + +func (_c *AccessService_Revoke_Call) Run(run func(ctx context.Context, id string, actor string, reason string, opts ...access.Option)) *AccessService_Revoke_Call { + _c.Call.Run(func(args mock.Arguments) { + variadicArgs := make([]access.Option, len(args)-4) + for i, a := range args[4:] { + if a != nil { + variadicArgs[i] = a.(access.Option) + } + } + run(args[0].(context.Context), args[1].(string), args[2].(string), args[3].(string), variadicArgs...) + }) + return _c +} + +func (_c *AccessService_Revoke_Call) Return(_a0 *domain.Access, _a1 error) *AccessService_Revoke_Call { + _c.Call.Return(_a0, _a1) + return _c +} diff --git a/core/appeal/mocks/iamManager.go b/core/appeal/mocks/iamManager.go index 23091e744..e9fc6a444 100644 --- a/core/appeal/mocks/iamManager.go +++ b/core/appeal/mocks/iamManager.go @@ -12,6 +12,14 @@ type IamManager struct { mock.Mock } +type IamManager_Expecter struct { + mock *mock.Mock +} + +func (_m *IamManager) EXPECT() *IamManager_Expecter { + return &IamManager_Expecter{mock: &_m.Mock} +} + // GetClient provides a mock function with given fields: _a0 func (_m *IamManager) GetClient(_a0 domain.SensitiveConfig) (domain.IAMClient, error) { ret := _m.Called(_a0) @@ -35,6 +43,29 @@ func (_m *IamManager) GetClient(_a0 domain.SensitiveConfig) (domain.IAMClient, e return r0, r1 } +// IamManager_GetClient_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetClient' +type IamManager_GetClient_Call struct { + *mock.Call +} + +// GetClient is a helper method to define mock.On call +// - _a0 domain.SensitiveConfig +func (_e *IamManager_Expecter) GetClient(_a0 interface{}) *IamManager_GetClient_Call { + return &IamManager_GetClient_Call{Call: _e.mock.On("GetClient", _a0)} +} + +func (_c *IamManager_GetClient_Call) Run(run func(_a0 domain.SensitiveConfig)) *IamManager_GetClient_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(domain.SensitiveConfig)) + }) + return _c +} + +func (_c *IamManager_GetClient_Call) Return(_a0 domain.IAMClient, _a1 error) *IamManager_GetClient_Call { + _c.Call.Return(_a0, _a1) + return _c +} + // ParseConfig provides a mock function with given fields: _a0 func (_m *IamManager) ParseConfig(_a0 *domain.IAMConfig) (domain.SensitiveConfig, error) { ret := _m.Called(_a0) @@ -57,3 +88,26 @@ func (_m *IamManager) ParseConfig(_a0 *domain.IAMConfig) (domain.SensitiveConfig return r0, r1 } + +// IamManager_ParseConfig_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ParseConfig' +type IamManager_ParseConfig_Call struct { + *mock.Call +} + +// ParseConfig is a helper method to define mock.On call +// - _a0 *domain.IAMConfig +func (_e *IamManager_Expecter) ParseConfig(_a0 interface{}) *IamManager_ParseConfig_Call { + return &IamManager_ParseConfig_Call{Call: _e.mock.On("ParseConfig", _a0)} +} + +func (_c *IamManager_ParseConfig_Call) Run(run func(_a0 *domain.IAMConfig)) *IamManager_ParseConfig_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(*domain.IAMConfig)) + }) + return _c +} + +func (_c *IamManager_ParseConfig_Call) Return(_a0 domain.SensitiveConfig, _a1 error) *IamManager_ParseConfig_Call { + _c.Call.Return(_a0, _a1) + return _c +} diff --git a/core/appeal/mocks/policyService.go b/core/appeal/mocks/policyService.go index 26092dbb0..ce7b67be3 100644 --- a/core/appeal/mocks/policyService.go +++ b/core/appeal/mocks/policyService.go @@ -14,6 +14,14 @@ type PolicyService struct { mock.Mock } +type PolicyService_Expecter struct { + mock *mock.Mock +} + +func (_m *PolicyService) EXPECT() *PolicyService_Expecter { + return &PolicyService_Expecter{mock: &_m.Mock} +} + // Find provides a mock function with given fields: _a0 func (_m *PolicyService) Find(_a0 context.Context) ([]*domain.Policy, error) { ret := _m.Called(_a0) @@ -37,6 +45,29 @@ func (_m *PolicyService) Find(_a0 context.Context) ([]*domain.Policy, error) { return r0, r1 } +// PolicyService_Find_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Find' +type PolicyService_Find_Call struct { + *mock.Call +} + +// Find is a helper method to define mock.On call +// - _a0 context.Context +func (_e *PolicyService_Expecter) Find(_a0 interface{}) *PolicyService_Find_Call { + return &PolicyService_Find_Call{Call: _e.mock.On("Find", _a0)} +} + +func (_c *PolicyService_Find_Call) Run(run func(_a0 context.Context)) *PolicyService_Find_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context)) + }) + return _c +} + +func (_c *PolicyService_Find_Call) Return(_a0 []*domain.Policy, _a1 error) *PolicyService_Find_Call { + _c.Call.Return(_a0, _a1) + return _c +} + // GetOne provides a mock function with given fields: _a0, _a1, _a2 func (_m *PolicyService) GetOne(_a0 context.Context, _a1 string, _a2 uint) (*domain.Policy, error) { ret := _m.Called(_a0, _a1, _a2) @@ -59,3 +90,28 @@ func (_m *PolicyService) GetOne(_a0 context.Context, _a1 string, _a2 uint) (*dom return r0, r1 } + +// PolicyService_GetOne_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetOne' +type PolicyService_GetOne_Call struct { + *mock.Call +} + +// GetOne is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 string +// - _a2 uint +func (_e *PolicyService_Expecter) GetOne(_a0 interface{}, _a1 interface{}, _a2 interface{}) *PolicyService_GetOne_Call { + return &PolicyService_GetOne_Call{Call: _e.mock.On("GetOne", _a0, _a1, _a2)} +} + +func (_c *PolicyService_GetOne_Call) Run(run func(_a0 context.Context, _a1 string, _a2 uint)) *PolicyService_GetOne_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(string), args[2].(uint)) + }) + return _c +} + +func (_c *PolicyService_GetOne_Call) Return(_a0 *domain.Policy, _a1 error) *PolicyService_GetOne_Call { + _c.Call.Return(_a0, _a1) + return _c +} diff --git a/core/appeal/mocks/providerService.go b/core/appeal/mocks/providerService.go index cbc68e6f5..8723fc23a 100644 --- a/core/appeal/mocks/providerService.go +++ b/core/appeal/mocks/providerService.go @@ -14,6 +14,14 @@ type ProviderService struct { mock.Mock } +type ProviderService_Expecter struct { + mock *mock.Mock +} + +func (_m *ProviderService) EXPECT() *ProviderService_Expecter { + return &ProviderService_Expecter{mock: &_m.Mock} +} + // Find provides a mock function with given fields: _a0 func (_m *ProviderService) Find(_a0 context.Context) ([]*domain.Provider, error) { ret := _m.Called(_a0) @@ -37,6 +45,29 @@ func (_m *ProviderService) Find(_a0 context.Context) ([]*domain.Provider, error) return r0, r1 } +// ProviderService_Find_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Find' +type ProviderService_Find_Call struct { + *mock.Call +} + +// Find is a helper method to define mock.On call +// - _a0 context.Context +func (_e *ProviderService_Expecter) Find(_a0 interface{}) *ProviderService_Find_Call { + return &ProviderService_Find_Call{Call: _e.mock.On("Find", _a0)} +} + +func (_c *ProviderService_Find_Call) Run(run func(_a0 context.Context)) *ProviderService_Find_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context)) + }) + return _c +} + +func (_c *ProviderService_Find_Call) Return(_a0 []*domain.Provider, _a1 error) *ProviderService_Find_Call { + _c.Call.Return(_a0, _a1) + return _c +} + // GetPermissions provides a mock function with given fields: _a0, _a1, _a2, _a3 func (_m *ProviderService) GetPermissions(_a0 context.Context, _a1 *domain.ProviderConfig, _a2 string, _a3 string) ([]interface{}, error) { ret := _m.Called(_a0, _a1, _a2, _a3) @@ -60,12 +91,38 @@ func (_m *ProviderService) GetPermissions(_a0 context.Context, _a1 *domain.Provi return r0, r1 } +// ProviderService_GetPermissions_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetPermissions' +type ProviderService_GetPermissions_Call struct { + *mock.Call +} + +// GetPermissions is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 *domain.ProviderConfig +// - _a2 string +// - _a3 string +func (_e *ProviderService_Expecter) GetPermissions(_a0 interface{}, _a1 interface{}, _a2 interface{}, _a3 interface{}) *ProviderService_GetPermissions_Call { + return &ProviderService_GetPermissions_Call{Call: _e.mock.On("GetPermissions", _a0, _a1, _a2, _a3)} +} + +func (_c *ProviderService_GetPermissions_Call) Run(run func(_a0 context.Context, _a1 *domain.ProviderConfig, _a2 string, _a3 string)) *ProviderService_GetPermissions_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(*domain.ProviderConfig), args[2].(string), args[3].(string)) + }) + return _c +} + +func (_c *ProviderService_GetPermissions_Call) Return(_a0 []interface{}, _a1 error) *ProviderService_GetPermissions_Call { + _c.Call.Return(_a0, _a1) + return _c +} + // GrantAccess provides a mock function with given fields: _a0, _a1 -func (_m *ProviderService) GrantAccess(_a0 context.Context, _a1 *domain.Appeal) error { +func (_m *ProviderService) GrantAccess(_a0 context.Context, _a1 domain.Access) error { ret := _m.Called(_a0, _a1) var r0 error - if rf, ok := ret.Get(0).(func(context.Context, *domain.Appeal) error); ok { + if rf, ok := ret.Get(0).(func(context.Context, domain.Access) error); ok { r0 = rf(_a0, _a1) } else { r0 = ret.Error(0) @@ -74,12 +131,36 @@ func (_m *ProviderService) GrantAccess(_a0 context.Context, _a1 *domain.Appeal) return r0 } +// ProviderService_GrantAccess_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GrantAccess' +type ProviderService_GrantAccess_Call struct { + *mock.Call +} + +// GrantAccess is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 domain.Access +func (_e *ProviderService_Expecter) GrantAccess(_a0 interface{}, _a1 interface{}) *ProviderService_GrantAccess_Call { + return &ProviderService_GrantAccess_Call{Call: _e.mock.On("GrantAccess", _a0, _a1)} +} + +func (_c *ProviderService_GrantAccess_Call) Run(run func(_a0 context.Context, _a1 domain.Access)) *ProviderService_GrantAccess_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(domain.Access)) + }) + return _c +} + +func (_c *ProviderService_GrantAccess_Call) Return(_a0 error) *ProviderService_GrantAccess_Call { + _c.Call.Return(_a0) + return _c +} + // RevokeAccess provides a mock function with given fields: _a0, _a1 -func (_m *ProviderService) RevokeAccess(_a0 context.Context, _a1 *domain.Appeal) error { +func (_m *ProviderService) RevokeAccess(_a0 context.Context, _a1 domain.Access) error { ret := _m.Called(_a0, _a1) var r0 error - if rf, ok := ret.Get(0).(func(context.Context, *domain.Appeal) error); ok { + if rf, ok := ret.Get(0).(func(context.Context, domain.Access) error); ok { r0 = rf(_a0, _a1) } else { r0 = ret.Error(0) @@ -88,6 +169,30 @@ func (_m *ProviderService) RevokeAccess(_a0 context.Context, _a1 *domain.Appeal) return r0 } +// ProviderService_RevokeAccess_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RevokeAccess' +type ProviderService_RevokeAccess_Call struct { + *mock.Call +} + +// RevokeAccess is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 domain.Access +func (_e *ProviderService_Expecter) RevokeAccess(_a0 interface{}, _a1 interface{}) *ProviderService_RevokeAccess_Call { + return &ProviderService_RevokeAccess_Call{Call: _e.mock.On("RevokeAccess", _a0, _a1)} +} + +func (_c *ProviderService_RevokeAccess_Call) Run(run func(_a0 context.Context, _a1 domain.Access)) *ProviderService_RevokeAccess_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(domain.Access)) + }) + return _c +} + +func (_c *ProviderService_RevokeAccess_Call) Return(_a0 error) *ProviderService_RevokeAccess_Call { + _c.Call.Return(_a0) + return _c +} + // ValidateAppeal provides a mock function with given fields: _a0, _a1, _a2 func (_m *ProviderService) ValidateAppeal(_a0 context.Context, _a1 *domain.Appeal, _a2 *domain.Provider) error { ret := _m.Called(_a0, _a1, _a2) @@ -101,3 +206,28 @@ func (_m *ProviderService) ValidateAppeal(_a0 context.Context, _a1 *domain.Appea return r0 } + +// ProviderService_ValidateAppeal_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ValidateAppeal' +type ProviderService_ValidateAppeal_Call struct { + *mock.Call +} + +// ValidateAppeal is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 *domain.Appeal +// - _a2 *domain.Provider +func (_e *ProviderService_Expecter) ValidateAppeal(_a0 interface{}, _a1 interface{}, _a2 interface{}) *ProviderService_ValidateAppeal_Call { + return &ProviderService_ValidateAppeal_Call{Call: _e.mock.On("ValidateAppeal", _a0, _a1, _a2)} +} + +func (_c *ProviderService_ValidateAppeal_Call) Run(run func(_a0 context.Context, _a1 *domain.Appeal, _a2 *domain.Provider)) *ProviderService_ValidateAppeal_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(*domain.Appeal), args[2].(*domain.Provider)) + }) + return _c +} + +func (_c *ProviderService_ValidateAppeal_Call) Return(_a0 error) *ProviderService_ValidateAppeal_Call { + _c.Call.Return(_a0) + return _c +} diff --git a/core/appeal/mocks/resourceService.go b/core/appeal/mocks/resourceService.go index 71a3dc9a0..3e4c00f68 100644 --- a/core/appeal/mocks/resourceService.go +++ b/core/appeal/mocks/resourceService.go @@ -14,6 +14,14 @@ type ResourceService struct { mock.Mock } +type ResourceService_Expecter struct { + mock *mock.Mock +} + +func (_m *ResourceService) EXPECT() *ResourceService_Expecter { + return &ResourceService_Expecter{mock: &_m.Mock} +} + // Find provides a mock function with given fields: _a0, _a1 func (_m *ResourceService) Find(_a0 context.Context, _a1 map[string]interface{}) ([]*domain.Resource, error) { ret := _m.Called(_a0, _a1) @@ -37,6 +45,30 @@ func (_m *ResourceService) Find(_a0 context.Context, _a1 map[string]interface{}) return r0, r1 } +// ResourceService_Find_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Find' +type ResourceService_Find_Call struct { + *mock.Call +} + +// Find is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 map[string]interface{} +func (_e *ResourceService_Expecter) Find(_a0 interface{}, _a1 interface{}) *ResourceService_Find_Call { + return &ResourceService_Find_Call{Call: _e.mock.On("Find", _a0, _a1)} +} + +func (_c *ResourceService_Find_Call) Run(run func(_a0 context.Context, _a1 map[string]interface{})) *ResourceService_Find_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(map[string]interface{})) + }) + return _c +} + +func (_c *ResourceService_Find_Call) Return(_a0 []*domain.Resource, _a1 error) *ResourceService_Find_Call { + _c.Call.Return(_a0, _a1) + return _c +} + // Get provides a mock function with given fields: _a0, _a1 func (_m *ResourceService) Get(_a0 context.Context, _a1 *domain.ResourceIdentifier) (*domain.Resource, error) { ret := _m.Called(_a0, _a1) @@ -59,3 +91,27 @@ func (_m *ResourceService) Get(_a0 context.Context, _a1 *domain.ResourceIdentifi return r0, r1 } + +// ResourceService_Get_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Get' +type ResourceService_Get_Call struct { + *mock.Call +} + +// Get is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 *domain.ResourceIdentifier +func (_e *ResourceService_Expecter) Get(_a0 interface{}, _a1 interface{}) *ResourceService_Get_Call { + return &ResourceService_Get_Call{Call: _e.mock.On("Get", _a0, _a1)} +} + +func (_c *ResourceService_Get_Call) Run(run func(_a0 context.Context, _a1 *domain.ResourceIdentifier)) *ResourceService_Get_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(*domain.ResourceIdentifier)) + }) + return _c +} + +func (_c *ResourceService_Get_Call) Return(_a0 *domain.Resource, _a1 error) *ResourceService_Get_Call { + _c.Call.Return(_a0, _a1) + return _c +} diff --git a/core/appeal/service.go b/core/appeal/service.go index e1a4a4d48..4114c6bfa 100644 --- a/core/appeal/service.go +++ b/core/appeal/service.go @@ -1,12 +1,3 @@ -//go:generate mockery --name=repository --exported --with-expecter -//go:generate mockery --name=iamManager --exported -//go:generate mockery --name=notifier --exported --with-expecter -//go:generate mockery --name=policyService --exported -//go:generate mockery --name=approvalService --exported --with-expecter -//go:generate mockery --name=providerService --exported -//go:generate mockery --name=resourceService --exported -//go:generate mockery --name=auditLogger --exported --with-expecter - package appeal import ( @@ -18,6 +9,7 @@ import ( "time" "github.com/go-playground/validator/v10" + "github.com/odpf/guardian/core/access" "github.com/odpf/guardian/domain" "github.com/odpf/guardian/pkg/evaluator" "github.com/odpf/guardian/plugins/notifiers" @@ -34,10 +26,13 @@ const ( AuditKeyExtend = "appeal.extend" AuditKeyAddApprover = "appeal.addApprover" AuditKeyDeleteApprover = "appeal.deleteApprover" + + RevokeReasonForExtension = "Automatically revoked for access extension" ) var TimeNow = time.Now +//go:generate mockery --name=repository --exported --with-expecter type repository interface { BulkUpsert([]*domain.Appeal) error Find(*domain.ListAppealsFilter) ([]*domain.Appeal, error) @@ -45,38 +40,52 @@ type repository interface { Update(*domain.Appeal) error } +//go:generate mockery --name=iamManager --exported --with-expecter type iamManager interface { domain.IAMManager } +//go:generate mockery --name=notifier --exported --with-expecter type notifier interface { notifiers.Client } +//go:generate mockery --name=policyService --exported --with-expecter type policyService interface { Find(context.Context) ([]*domain.Policy, error) GetOne(context.Context, string, uint) (*domain.Policy, error) } +//go:generate mockery --name=approvalService --exported --with-expecter type approvalService interface { AdvanceApproval(context.Context, *domain.Appeal) error AddApprover(ctx context.Context, approvalID, email string) error DeleteApprover(ctx context.Context, approvalID, email string) error } +//go:generate mockery --name=providerService --exported --with-expecter type providerService interface { Find(context.Context) ([]*domain.Provider, error) - GrantAccess(context.Context, *domain.Appeal) error - RevokeAccess(context.Context, *domain.Appeal) error + GrantAccess(context.Context, domain.Access) error + RevokeAccess(context.Context, domain.Access) error ValidateAppeal(context.Context, *domain.Appeal, *domain.Provider) error GetPermissions(context.Context, *domain.ProviderConfig, string, string) ([]interface{}, error) } +//go:generate mockery --name=resourceService --exported --with-expecter type resourceService interface { Find(context.Context, map[string]interface{}) ([]*domain.Resource, error) Get(context.Context, *domain.ResourceIdentifier) (*domain.Resource, error) } +//go:generate mockery --name=accessService --exported --with-expecter +type accessService interface { + List(context.Context, domain.ListAccessesFilter) ([]domain.Access, error) + Prepare(context.Context, domain.Appeal) (*domain.Access, error) + Revoke(ctx context.Context, id, actor, reason string, opts ...access.Option) (*domain.Access, error) +} + +//go:generate mockery --name=auditLogger --exported --with-expecter type auditLogger interface { Log(ctx context.Context, action string, data interface{}) error } @@ -99,6 +108,7 @@ type ServiceDeps struct { ResourceService resourceService ProviderService providerService PolicyService policyService + AccessService accessService IAMManager iamManager Notifier notifier @@ -114,6 +124,7 @@ type Service struct { resourceService resourceService providerService providerService policyService policyService + accessService accessService iam domain.IAMManager notifier notifier @@ -132,6 +143,7 @@ func NewService(deps ServiceDeps) *Service { deps.ResourceService, deps.ProviderService, deps.PolicyService, + deps.AccessService, deps.IAMManager, deps.Notifier, @@ -181,19 +193,17 @@ func (s *Service) Create(ctx context.Context, appeals []*domain.Appeal, opts ... return err } - appealsGroupedByStatus, err := s.getAppealsMapGroupedByStatus([]string{ - domain.AppealStatusPending, - domain.AppealStatusActive, - }) + pendingAppeals, err := s.getPendingAppealsMap() if err != nil { - return err + return fmt.Errorf("listing pending appeals: %w", err) + } + activeAccesses, err := s.getActiveAccessesMap(ctx) + if err != nil { + return fmt.Errorf("listing active accesses: %w", err) } - pendingAppeals := appealsGroupedByStatus[domain.AppealStatusPending] - activeAppeals := appealsGroupedByStatus[domain.AppealStatusActive] notifications := []domain.Notification{} - var oldExtendedAppeals []*domain.Appeal for _, appeal := range appeals { appeal.SetDefaults() @@ -208,12 +218,8 @@ func (s *Service) Create(ctx context.Context, appeals []*domain.Appeal, opts ... return fmt.Errorf("retrieving provider: %w", err) } - ok, err := s.isEligibleToExtend(appeal, provider, activeAppeals) - if err != nil { - return fmt.Errorf("checking appeal extension eligibility: %w", err) - } - if !ok { - return ErrAppealNotEligibleForExtension + if err := s.checkExtensionEligibility(appeal, provider, activeAccesses); err != nil { + return fmt.Errorf("checking access extension eligibility: %w", err) } if err := s.providerService.ValidateAppeal(ctx, appeal, provider); err != nil { @@ -259,26 +265,25 @@ func (s *Service) Create(ctx context.Context, appeals []*domain.Appeal, opts ... for _, approval := range appeal.Approvals { if approval.Index == len(appeal.Approvals)-1 && approval.Status == domain.ApprovalStatusApproved { - var oldExtendedAppeal *domain.Appeal - activeAppeals, err := s.repo.Find(&domain.ListAppealsFilter{ - AccountID: appeal.AccountID, - ResourceID: appeal.ResourceID, - Role: appeal.Role, - Statuses: []string{domain.AppealStatusActive}, - }) + newAccess, revokedAccess, err := s.prepareAccess(ctx, appeal) if err != nil { - return fmt.Errorf("unable to retrieve existing active appeal from db: %w", err) + return fmt.Errorf("preparing access: %w", err) } - - if len(activeAppeals) > 0 { - oldExtendedAppeal = activeAppeals[0] - oldExtendedAppeal.Terminate() - oldExtendedAppeals = append(oldExtendedAppeals, oldExtendedAppeal) + newAccess.Resource = appeal.Resource + appeal.Access = newAccess + if revokedAccess != nil { + if _, err := s.accessService.Revoke(ctx, revokedAccess.ID, domain.SystemActorName, RevokeReasonForExtension, + access.SkipNotifications(), + access.SkipRevokeAccessInProvider(), + ); err != nil { + return fmt.Errorf("revoking previous access: %w", err) + } + } else { + if err := s.CreateAccess(ctx, appeal); err != nil { + return fmt.Errorf("granting access: %w", err) + } } - if err := s.CreateAccess(ctx, appeal, opts...); err != nil { - return fmt.Errorf("creating access: %w", err) - } notifications = append(notifications, domain.Notification{ User: appeal.CreatedBy, Message: domain.NotificationMessage{ @@ -293,12 +298,7 @@ func (s *Service) Create(ctx context.Context, appeals []*domain.Appeal, opts ... } } - var appealsToUpdate []*domain.Appeal - - appealsToUpdate = append(appealsToUpdate, appeals...) - appealsToUpdate = append(appealsToUpdate, oldExtendedAppeals...) - - if err := s.repo.BulkUpsert(appealsToUpdate); err != nil { + if err := s.repo.BulkUpsert(appeals); err != nil { return fmt.Errorf("inserting appeals into db: %w", err) } @@ -393,37 +393,31 @@ func (s *Service) MakeAction(ctx context.Context, approvalAction domain.Approval } if appeal.Status == domain.AppealStatusActive { - var oldExtendedAppeal *domain.Appeal - activeAppeals, err := s.repo.Find(&domain.ListAppealsFilter{ - AccountID: appeal.AccountID, - ResourceID: appeal.ResourceID, - Role: appeal.Role, - Statuses: []string{domain.AppealStatusActive}, - }) + newAccess, revokedAccess, err := s.prepareAccess(ctx, appeal) if err != nil { - return nil, fmt.Errorf("unable to retrieve existing active appeal from db: %w", err) + return nil, fmt.Errorf("preparing access: %w", err) } - if len(activeAppeals) > 0 { - oldExtendedAppeal = activeAppeals[0] - oldExtendedAppeal.Terminate() - if err := s.repo.Update(oldExtendedAppeal); err != nil { - return nil, fmt.Errorf("failed to update existing active appeal: %w", err) + newAccess.Resource = appeal.Resource + appeal.Access = newAccess + if revokedAccess != nil { + if _, err := s.accessService.Revoke(ctx, revokedAccess.ID, domain.SystemActorName, RevokeReasonForExtension, + access.SkipNotifications(), + access.SkipRevokeAccessInProvider(), + ); err != nil { + return nil, fmt.Errorf("revoking previous access: %w", err) } } else { if err := s.CreateAccess(ctx, appeal); err != nil { - return nil, err + return nil, fmt.Errorf("granting access: %w", err) } } - - if err := appeal.Activate(); err != nil { - return nil, fmt.Errorf("activating appeal: %w", err) - } } + if err := s.repo.Update(appeal); err != nil { - if err := s.providerService.RevokeAccess(ctx, appeal); err != nil { - return nil, err + if err := s.providerService.RevokeAccess(ctx, *appeal.Access); err != nil { + return nil, fmt.Errorf("revoking access: %w", err) } - return nil, err + return nil, fmt.Errorf("updating appeal: %w", err) } notifications := []domain.Notification{} @@ -513,16 +507,19 @@ func (s *Service) Revoke(ctx context.Context, id string, actor, reason string) ( revokedAppeal := &domain.Appeal{} *revokedAppeal = *appeal - revokedAppeal.Status = domain.AppealStatusTerminated - revokedAppeal.RevokedAt = s.TimeNow() - revokedAppeal.RevokedBy = actor - revokedAppeal.RevokeReason = reason + if err := revokedAppeal.Revoke(actor, reason); err != nil { + return nil, err + } + appeal.Access.Resource = appeal.Resource + if err := appeal.Access.Revoke(actor, reason); err != nil { + return nil, fmt.Errorf("updating access status: %s", err) + } if err := s.repo.Update(revokedAppeal); err != nil { return nil, err } - if err := s.providerService.RevokeAccess(ctx, appeal); err != nil { + if err := s.providerService.RevokeAccess(ctx, *appeal.Access); err != nil { if err := s.repo.Update(appeal); err != nil { return nil, err } @@ -562,6 +559,7 @@ func (s *Service) BulkRevoke(ctx context.Context, filters *domain.RevokeAppealsF } result := make([]*domain.Appeal, 0) + // TODO: list access appeals, err := s.Find(ctx, &domain.ListAppealsFilter{ Statuses: []string{domain.AppealStatusActive}, AccountIDs: filters.AccountIDs, @@ -616,7 +614,7 @@ func (s *Service) BulkRevoke(ctx context.Context, filters *domain.RevokeAppealsF var failedRevoke []string for { select { - case appeal, _ := <-done: + case appeal := <-done: if appeal.Status == domain.AppealStatusTerminated { successRevoke = append(successRevoke, appeal.ID) } else { @@ -638,17 +636,22 @@ func (s *Service) expiredInActiveUserAppeal(ctx context.Context, timeLimiter cha revokedAppeal := &domain.Appeal{} *revokedAppeal = *appeal - revokedAppeal.RevokedAt = s.TimeNow() - revokedAppeal.RevokedBy = actor - revokedAppeal.RevokeReason = reason + if err := revokedAppeal.Revoke(actor, reason); err != nil { + s.logger.Error("failed to update appeal status", "id", appeal.ID, "error", err) + return + } + revokedAppeal.Access.Resource = appeal.Resource + if err := revokedAppeal.Access.Revoke(actor, reason); err != nil { + s.logger.Error("failed to update access status", "id", revokedAppeal.Access.ID, "error", err) + return + } - if err := s.providerService.RevokeAccess(ctx, appeal); err != nil { + if err := s.providerService.RevokeAccess(ctx, *appeal.Access); err != nil { done <- appeal s.logger.Error("failed to revoke appeal-access in provider", "id", appeal.ID, "error", err) return } - revokedAppeal.Status = domain.AppealStatusTerminated if err := s.repo.Update(revokedAppeal); err != nil { done <- appeal s.logger.Error("failed to update appeal-revoke status", "id", appeal.ID, "error", err) @@ -789,30 +792,51 @@ func (s *Service) getApproval(appealID, approvalID string) (*domain.Appeal, *dom return appeal, approval, nil } -// getAppealsMapGroupedByStatus returns map[status]map[account_id]map[resource_id]map[role]*domain.Appeal, error -func (s *Service) getAppealsMapGroupedByStatus(statuses []string) (map[string]map[string]map[string]map[string]*domain.Appeal, error) { - appeals, err := s.repo.Find(&domain.ListAppealsFilter{Statuses: statuses}) +// getPendingAppealsMap returns map[account_id]map[resource_id]map[role]*domain.Appeal, error +func (s *Service) getPendingAppealsMap() (map[string]map[string]map[string]*domain.Appeal, error) { + appeals, err := s.repo.Find(&domain.ListAppealsFilter{ + Statuses: []string{domain.AppealStatusPending}, + }) if err != nil { return nil, err } - appealsMap := map[string]map[string]map[string]map[string]*domain.Appeal{} + appealsMap := map[string]map[string]map[string]*domain.Appeal{} for _, a := range appeals { - if appealsMap[a.Status] == nil { - appealsMap[a.Status] = map[string]map[string]map[string]*domain.Appeal{} + if appealsMap[a.AccountID] == nil { + appealsMap[a.AccountID] = map[string]map[string]*domain.Appeal{} } - if appealsMap[a.Status][a.AccountID] == nil { - appealsMap[a.Status][a.AccountID] = map[string]map[string]*domain.Appeal{} + if appealsMap[a.AccountID][a.ResourceID] == nil { + appealsMap[a.AccountID][a.ResourceID] = map[string]*domain.Appeal{} } - if appealsMap[a.Status][a.AccountID][a.ResourceID] == nil { - appealsMap[a.Status][a.AccountID][a.ResourceID] = map[string]*domain.Appeal{} - } - appealsMap[a.Status][a.AccountID][a.ResourceID][a.Role] = a + appealsMap[a.AccountID][a.ResourceID][a.Role] = a } return appealsMap, nil } +func (s *Service) getActiveAccessesMap(ctx context.Context) (map[string]map[string]map[string]*domain.Access, error) { + accesses, err := s.accessService.List(ctx, domain.ListAccessesFilter{ + Statuses: []string{string(domain.AccessStatusActive)}, + }) + if err != nil { + return nil, err + } + + accessesMap := map[string]map[string]map[string]*domain.Access{} + for i, a := range accesses { + if accessesMap[a.AccountID] == nil { + accessesMap[a.AccountID] = map[string]map[string]*domain.Access{} + } + if accessesMap[a.AccountID][a.ResourceID] == nil { + accessesMap[a.AccountID][a.ResourceID] = map[string]*domain.Access{} + } + accessesMap[a.AccountID][a.ResourceID][a.Role] = &accesses[i] + } + + return accessesMap, nil +} + func (s *Service) getResourcesMap(ctx context.Context, ids []string) (map[string]*domain.Resource, error) { filters := map[string]interface{}{"ids": ids} resources, err := s.resourceService.Find(ctx, filters) @@ -1077,6 +1101,7 @@ func (s *Service) handleAppealRequirements(ctx context.Context, a *domain.Appeal } func (s *Service) CreateAccess(ctx context.Context, a *domain.Appeal, opts ...CreateAppealOption) error { + // TODO: rename to GrantAccess policy := a.Policy if policy == nil { p, err := s.policyService.GetOne(ctx, a.PolicyID, a.PolicyVersion) @@ -1098,45 +1123,34 @@ func (s *Service) CreateAccess(ctx context.Context, a *domain.Appeal, opts ...Cr } } - if err := s.providerService.GrantAccess(ctx, a); err != nil { + if err := s.providerService.GrantAccess(ctx, *a.Access); err != nil { return fmt.Errorf("granting access: %w", err) } - if err := a.Activate(); err != nil { - return fmt.Errorf("activating appeal: %w", err) - } - return nil } -func (s *Service) isEligibleToExtend(a *domain.Appeal, p *domain.Provider, activeAppealsMap map[string]map[string]map[string]*domain.Appeal) (bool, error) { - if activeAppealsMap[a.AccountID] != nil && - activeAppealsMap[a.AccountID][a.ResourceID] != nil && - activeAppealsMap[a.AccountID][a.ResourceID][a.Role] != nil { +func (s *Service) checkExtensionEligibility(a *domain.Appeal, p *domain.Provider, activeAccesses map[string]map[string]map[string]*domain.Access) error { + if activeAccesses[a.AccountID] != nil && + activeAccesses[a.AccountID][a.ResourceID] != nil && + activeAccesses[a.AccountID][a.ResourceID][a.Role] != nil { if p.Config.Appeal != nil { if p.Config.Appeal.AllowActiveAccessExtensionIn == "" { - return false, ErrAppealFoundActiveAccess + return ErrAppealFoundActiveAccess } - duration, err := time.ParseDuration(p.Config.Appeal.AllowActiveAccessExtensionIn) + extensionDurationRule, err := time.ParseDuration(p.Config.Appeal.AllowActiveAccessExtensionIn) if err != nil { - return false, fmt.Errorf("%v: %v: %v", ErrAppealInvalidExtensionDuration, p.Config.Appeal.AllowActiveAccessExtensionIn, err) + return fmt.Errorf("%w: %v: %v", ErrAppealInvalidExtensionDuration, p.Config.Appeal.AllowActiveAccessExtensionIn, err) } - now := s.TimeNow() - appeal := activeAppealsMap[a.AccountID][a.ResourceID][a.Role] - var isEligibleForExtension bool - if appeal.Options != nil && appeal.Options.ExpirationDate != nil { - activeAppealExpDate := appeal.Options.ExpirationDate - isEligibleForExtension = activeAppealExpDate.Sub(now) <= duration - } else { - isEligibleForExtension = true + access := activeAccesses[a.AccountID][a.ResourceID][a.Role] + if !access.IsEligibleForExtension(extensionDurationRule) { + return ErrAccessNotEligibleForExtension } - return isEligibleForExtension, nil } } - - return true, nil + return nil } func getPolicy(a *domain.Appeal, p *domain.Provider, policiesMap map[string]map[uint]*domain.Policy) (*domain.Policy, error) { @@ -1247,3 +1261,33 @@ func (s *Service) getPermissions(ctx context.Context, pc *domain.ProviderConfig, } return strPermissions, nil } + +func (s *Service) prepareAccess(ctx context.Context, appeal *domain.Appeal) (newAccess *domain.Access, deactivatedAccess *domain.Access, err error) { + activeAccesses, err := s.accessService.List(ctx, domain.ListAccessesFilter{ + AccountIDs: []string{appeal.AccountID}, + ResourceIDs: []string{appeal.ResourceID}, + Statuses: []string{string(domain.AccessStatusActive)}, + Permissions: appeal.Permissions, + }) + if err != nil { + return nil, nil, fmt.Errorf("unable to retrieve existing active accesses: %w", err) + } + + if len(activeAccesses) > 0 { + deactivatedAccess = &activeAccesses[0] + if err := deactivatedAccess.Revoke(domain.SystemActorName, "Extended to a new access"); err != nil { + return nil, nil, fmt.Errorf("revoking previous access: %w", err) + } + } + + if err := appeal.Activate(); err != nil { + return nil, nil, fmt.Errorf("activating appeal: %w", err) + } + + access, err := s.accessService.Prepare(ctx, *appeal) + if err != nil { + return nil, nil, err + } + + return access, deactivatedAccess, nil +} diff --git a/core/appeal/service_test.go b/core/appeal/service_test.go index 16bfd353e..e8ec35fda 100644 --- a/core/appeal/service_test.go +++ b/core/appeal/service_test.go @@ -25,6 +25,7 @@ type ServiceTestSuite struct { mockResourceService *appealmocks.ResourceService mockProviderService *appealmocks.ProviderService mockPolicyService *appealmocks.PolicyService + mockAccessService *appealmocks.AccessService mockIAMManager *appealmocks.IamManager mockIAMClient *mocks.IAMClient mockNotifier *appealmocks.Notifier @@ -34,12 +35,13 @@ type ServiceTestSuite struct { now time.Time } -func (s *ServiceTestSuite) SetupTest() { +func (s *ServiceTestSuite) setup() { s.mockRepository = new(appealmocks.Repository) s.mockApprovalService = new(appealmocks.ApprovalService) s.mockResourceService = new(appealmocks.ResourceService) s.mockProviderService = new(appealmocks.ProviderService) s.mockPolicyService = new(appealmocks.PolicyService) + s.mockAccessService = new(appealmocks.AccessService) s.mockIAMManager = new(appealmocks.IamManager) s.mockIAMClient = new(mocks.IAMClient) s.mockNotifier = new(appealmocks.Notifier) @@ -52,6 +54,7 @@ func (s *ServiceTestSuite) SetupTest() { s.mockResourceService, s.mockProviderService, s.mockPolicyService, + s.mockAccessService, s.mockIAMManager, s.mockNotifier, validator.New(), @@ -65,6 +68,10 @@ func (s *ServiceTestSuite) SetupTest() { s.service = service } +func (s *ServiceTestSuite) SetupTest() { + s.setup() +} + func (s *ServiceTestSuite) TestGetByID() { s.Run("should return error if id is empty/0", func() { expectedError := appeal.ErrAppealIDEmptyParam @@ -181,7 +188,7 @@ func (s *ServiceTestSuite) TestCreate() { actualError := s.service.Create(context.Background(), []*domain.Appeal{}) - s.EqualError(actualError, expectedError.Error()) + s.ErrorIs(actualError, expectedError) s.mockRepository.AssertExpectations(s.T()) }) @@ -218,6 +225,7 @@ func (s *ServiceTestSuite) TestCreate() { providers []*domain.Provider policies []*domain.Policy existingAppeals []*domain.Appeal + activeAccesses []domain.Access callMockValidateAppeal bool expectedAppealValidationError error callMockGetPermissions bool @@ -282,12 +290,11 @@ func (s *ServiceTestSuite) TestCreate() { ProviderType: testProvider.Type, ProviderURN: testProvider.URN, }}, - existingAppeals: []*domain.Appeal{{ - CreatedBy: "test-user", + activeAccesses: []domain.Access{{ AccountID: "test-user", ResourceID: "1", Role: "test-role", - Status: domain.AppealStatusActive, + Status: domain.AccessStatusActive, }}, appeals: []*domain.Appeal{{ CreatedBy: "test-user", @@ -305,12 +312,11 @@ func (s *ServiceTestSuite) TestCreate() { ProviderType: testProvider.Type, ProviderURN: testProvider.URN, }}, - existingAppeals: []*domain.Appeal{{ - CreatedBy: "test-user", + activeAccesses: []domain.Access{{ AccountID: "test-user", ResourceID: "1", Role: "test-role", - Status: domain.AppealStatusActive, + Status: domain.AccessStatusActive, }}, appeals: []*domain.Appeal{{ CreatedBy: "test-user", @@ -337,15 +343,12 @@ func (s *ServiceTestSuite) TestCreate() { ProviderType: testProvider.Type, ProviderURN: testProvider.URN, }}, - existingAppeals: []*domain.Appeal{{ - CreatedBy: "test-user", - AccountID: "test-user", - ResourceID: "1", - Role: "test-role", - Status: domain.AppealStatusActive, - Options: &domain.AppealOptions{ - ExpirationDate: &expDate, - }, + activeAccesses: []domain.Access{{ + AccountID: "test-user", + ResourceID: "1", + Role: "test-role", + Status: domain.AccessStatusActive, + ExpirationDate: &expDate, }}, appeals: []*domain.Appeal{{ CreatedBy: "test-user", @@ -363,7 +366,7 @@ func (s *ServiceTestSuite) TestCreate() { }, }, }}, - expectedError: appeal.ErrAppealNotEligibleForExtension, + expectedError: appeal.ErrAccessNotEligibleForExtension, }, { name: "provider urn not found", @@ -529,6 +532,9 @@ func (s *ServiceTestSuite) TestCreate() { s.mockProviderService.On("Find", mock.Anything).Return(tc.providers, nil).Once() s.mockPolicyService.On("Find", mock.Anything).Return(tc.policies, nil).Once() s.mockRepository.On("Find", mock.Anything).Return(tc.existingAppeals, nil).Once() + s.mockAccessService.EXPECT(). + List(mock.AnythingOfType("*context.emptyCtx"), mock.AnythingOfType("domain.ListAccessesFilter")). + Return(tc.activeAccesses, nil).Once() if tc.callMockValidateAppeal { s.mockProviderService.On("ValidateAppeal", mock.Anything, mock.Anything, mock.Anything).Return(tc.expectedAppealValidationError).Once() } @@ -551,10 +557,14 @@ func (s *ServiceTestSuite) TestCreate() { expectedProviders := []*domain.Provider{} expectedPolicies := []*domain.Policy{} expectedPendingAppeals := []*domain.Appeal{} + expectedActiveAccesses := []domain.Access{} s.mockResourceService.On("Find", mock.Anything, mock.Anything).Return(expectedResources, nil).Once() s.mockProviderService.On("Find", mock.Anything).Return(expectedProviders, nil).Once() s.mockPolicyService.On("Find", mock.Anything).Return(expectedPolicies, nil).Once() s.mockRepository.On("Find", mock.Anything).Return(expectedPendingAppeals, nil).Once() + s.mockAccessService.EXPECT(). + List(mock.AnythingOfType("*context.emptyCtx"), mock.AnythingOfType("domain.ListAccessesFilter")). + Return(expectedActiveAccesses, nil).Once() expectedError := errors.New("repository error") s.mockRepository.On("BulkUpsert", mock.Anything).Return(expectedError).Once() @@ -608,21 +618,21 @@ func (s *ServiceTestSuite) TestCreate() { }, } expDate := timeNow.Add(23 * time.Hour) - currentActiveAppeal := &domain.Appeal{ - ID: "99", - AccountID: accountID, - ResourceID: "2", - Resource: &domain.Resource{ - ID: "2", - URN: "urn", - }, - Role: "role_id", - Status: domain.AppealStatusActive, - Options: &domain.AppealOptions{ + expectedExistingAppeals := []*domain.Appeal{} + expectedActiveAccesses := []domain.Access{ + { + ID: "99", + AccountID: accountID, + ResourceID: "2", + Resource: &domain.Resource{ + ID: "2", + URN: "urn", + }, + Role: "role_id", + Status: domain.AccessStatusActive, ExpirationDate: &expDate, }, } - expectedExistingAppeals := []*domain.Appeal{currentActiveAppeal} policies := []*domain.Policy{ { ID: "policy_1", @@ -764,12 +774,14 @@ func (s *ServiceTestSuite) TestCreate() { s.mockProviderService.On("Find", mock.Anything).Return(providers, nil).Once() s.mockPolicyService.On("Find", mock.Anything).Return(policies, nil).Once() expectedExistingAppealsFilters := &domain.ListAppealsFilter{ - Statuses: []string{ - domain.AppealStatusPending, - domain.AppealStatusActive, - }, + Statuses: []string{domain.AppealStatusPending}, } s.mockRepository.On("Find", expectedExistingAppealsFilters).Return(expectedExistingAppeals, nil).Once() + s.mockAccessService.EXPECT(). + List(mock.AnythingOfType("*context.emptyCtx"), domain.ListAccessesFilter{ + Statuses: []string{string(domain.AccessStatusActive)}, + }). + Return(expectedActiveAccesses, nil).Once() s.mockProviderService.On("ValidateAppeal", mock.Anything, mock.Anything, mock.Anything).Return(nil) s.mockProviderService.On("GetPermissions", mock.Anything, mock.Anything, "resource_type_1", "role_id"). Return([]interface{}{"test-permission-1"}, nil) @@ -891,6 +903,9 @@ func (s *ServiceTestSuite) TestCreate() { s.mockProviderService.On("Find", mock.Anything).Return([]*domain.Provider{dummyProvider}, nil).Once() s.mockPolicyService.On("Find", mock.Anything).Return([]*domain.Policy{dummyPolicy, overriddingPolicy}, nil).Once() s.mockRepository.On("Find", mock.Anything).Return([]*domain.Appeal{}, nil).Once() + s.mockAccessService.EXPECT(). + List(mock.AnythingOfType("*context.emptyCtx"), mock.AnythingOfType("domain.ListAccessesFilter")). + Return([]domain.Access{}, nil).Once() s.mockProviderService.On("ValidateAppeal", mock.Anything, mock.Anything, mock.Anything).Return(nil) s.mockProviderService.On("GetPermissions", mock.Anything, dummyProvider.Config, dummyResource.Type, input.Role). Return(dummyProvider.Config.Resources[0].Roles[0].Permissions, nil) @@ -912,6 +927,8 @@ func (s *ServiceTestSuite) TestCreate() { } func (s *ServiceTestSuite) TestCreateAppeal__WithExistingAppealAndWithAutoApprovalSteps() { + s.setup() + timeNow := time.Now() appeal.TimeNow = func() time.Time { return timeNow @@ -961,7 +978,8 @@ func (s *ServiceTestSuite) TestCreateAppeal__WithExistingAppealAndWithAutoApprov }, } - currentActiveAppeal := &domain.Appeal{ + expectedExistingAppeals := []*domain.Appeal{} + currentActiveAccess := domain.Access{ ID: "99", AccountID: accountID, ResourceID: "1", @@ -969,11 +987,10 @@ func (s *ServiceTestSuite) TestCreateAppeal__WithExistingAppealAndWithAutoApprov ID: "1", URN: "urn", }, - Role: "role_id", - Status: domain.AppealStatusActive, - Options: nil, + Role: "role_id", + Status: domain.AppealStatusActive, } - expectedExistingAppeals := []*domain.Appeal{currentActiveAppeal} + expectedExistingAccesses := []domain.Access{currentActiveAccess} policies := []*domain.Policy{ { @@ -1023,6 +1040,15 @@ func (s *ServiceTestSuite) TestCreateAppeal__WithExistingAppealAndWithAutoApprov PolicyVersion: 1, }, }, + Access: &domain.Access{ + ResourceID: r, + Status: domain.AccessStatusActive, + AccountID: accountID, + AccountType: domain.DefaultAppealAccountType, + Role: "role_id", + Permissions: []string{"test-permission"}, + Resource: resources[i], + }, }) } @@ -1050,6 +1076,15 @@ func (s *ServiceTestSuite) TestCreateAppeal__WithExistingAppealAndWithAutoApprov PolicyVersion: 1, }, }, + Access: &domain.Access{ + ResourceID: "1", + Status: domain.AccessStatusActive, + AccountID: accountID, + AccountType: domain.DefaultAppealAccountType, + Role: "role_id", + Permissions: []string{"test-permission"}, + Resource: resources[0], + }, }, } @@ -1071,19 +1106,20 @@ func (s *ServiceTestSuite) TestCreateAppeal__WithExistingAppealAndWithAutoApprov s.mockProviderService.On("Find", mock.Anything).Return(providers, nil).Once() s.mockPolicyService.On("Find", mock.Anything).Return(policies, nil).Once() expectedExistingAppealsFilters := &domain.ListAppealsFilter{ - Statuses: []string{ - domain.AppealStatusPending, - domain.AppealStatusActive, - }, + Statuses: []string{domain.AppealStatusPending}, } s.mockRepository.On("Find", expectedExistingAppealsFilters).Return(expectedExistingAppeals, nil).Once() + s.mockAccessService.EXPECT(). + List(mock.AnythingOfType("*context.emptyCtx"), domain.ListAccessesFilter{ + Statuses: []string{domain.AppealStatusActive}, + }). + Return(expectedExistingAccesses, nil).Once() s.mockProviderService.On("ValidateAppeal", mock.Anything, mock.Anything, mock.Anything).Return(nil) s.mockProviderService.On("GetPermissions", mock.Anything, mock.Anything, mock.Anything, mock.Anything). Return([]interface{}{"test-permission"}, nil) s.mockIAMManager.On("ParseConfig", mock.Anything, mock.Anything).Return(nil, nil) s.mockIAMManager.On("GetClient", mock.Anything).Return(s.mockIAMClient, nil) s.mockIAMClient.On("GetUser", accountID).Return(expectedCreatorUser, nil) - s.mockApprovalService.On("AdvanceApproval", mock.Anything, appeals[0]). Return(nil). Run(func(args mock.Arguments) { @@ -1092,28 +1128,37 @@ func (s *ServiceTestSuite) TestCreateAppeal__WithExistingAppealAndWithAutoApprov ap.Approvals[0].Status = domain.ApprovalStatusApproved }) - expectedExistingActiveAppealsFilters := &domain.ListAppealsFilter{ - AccountID: "test@email.com", - ResourceID: "1", - Role: "role_id", - Statuses: []string{domain.AppealStatusActive}, + s.mockAccessService.EXPECT(). + List(mock.AnythingOfType("*context.emptyCtx"), domain.ListAccessesFilter{ + AccountIDs: []string{accountID}, + ResourceIDs: []string{"1"}, + Statuses: []string{string(domain.AccessStatusActive)}, + Permissions: []string{"test-permission"}, + }).Return(expectedExistingAccesses, nil).Once() + preparedAccess := &domain.Access{ + Status: domain.AccessStatusActive, + AccountID: accountID, + AccountType: domain.DefaultAppealAccountType, + ResourceID: "1", + Role: "role_id", + Permissions: []string{"test-permission"}, } - s.mockRepository.On("Find", expectedExistingActiveAppealsFilters).Return(expectedExistingAppeals, nil).Once() - - terminatedAppeal := expectedExistingAppeals[0] - terminatedAppeal.Terminate() + s.mockAccessService.EXPECT(). + Prepare(mock.AnythingOfType("*context.emptyCtx"), mock.AnythingOfType("domain.Appeal")). + Return(preparedAccess, nil).Once() + s.mockAccessService.EXPECT(). + Revoke(mock.AnythingOfType("*context.emptyCtx"), currentActiveAccess.ID, domain.SystemActorName, appeal.RevokeReasonForExtension, + mock.AnythingOfType("access.Option"), mock.AnythingOfType("access.Option"), + ). + Return(preparedAccess, nil).Once() s.mockPolicyService.On("GetOne", mock.Anything, "policy_1", uint(1)).Return(policies[0], nil).Once() s.mockResourceService.On("Get", mock.Anything, appeals[0].Resource).Return(resources[0], nil).Once() s.mockProviderService.On("GrantAccess", mock.Anything, appeals[0]).Return(nil).Once() - var appealsToUpdate []*domain.Appeal - appealsToUpdate = append(appealsToUpdate, expectedAppealsInsertionParam...) - appealsToUpdate = append(appealsToUpdate, terminatedAppeal) - s.mockRepository. - On("BulkUpsert", appealsToUpdate). + On("BulkUpsert", expectedAppealsInsertionParam). Return(nil). Run(func(args mock.Arguments) { appeals := args.Get(0).([]*domain.Appeal) @@ -1133,8 +1178,8 @@ func (s *ServiceTestSuite) TestCreateAppeal__WithExistingAppealAndWithAutoApprov actualError := s.service.Create(context.Background(), appeals) - s.Equal(expectedResult, appeals) s.Nil(actualError) + s.Equal(expectedResult, appeals) } func (s *ServiceTestSuite) MakeAction() { @@ -1919,6 +1964,11 @@ func (s *ServiceTestSuite) TestRevoke() { ID: "1", URN: "urn", }, + Status: domain.AppealStatusActive, + Access: &domain.Access{ + Status: domain.AccessStatusActive, + AccountID: "test-account-id", + }, } s.Run("should return error if got any while updating appeal", func() { @@ -1947,20 +1997,18 @@ func (s *ServiceTestSuite) TestRevoke() { s.Run("should return appeal and nil error on success", func() { s.mockRepository.On("GetByID", appealID).Return(appealDetails, nil).Once() - expectedAppeal := &domain.Appeal{} - *expectedAppeal = *appealDetails - expectedAppeal.Status = domain.AppealStatusTerminated - expectedAppeal.RevokedAt = s.now - expectedAppeal.RevokedBy = actor - expectedAppeal.RevokeReason = reason - s.mockRepository.On("Update", expectedAppeal).Return(nil).Once() - s.mockProviderService.On("RevokeAccess", mock.Anything, appealDetails).Return(nil).Once() + s.mockRepository.On("Update", mock.AnythingOfType("*domain.Appeal")).Return(nil).Once() + s.mockProviderService.On("RevokeAccess", mock.Anything, mock.AnythingOfType("domain.Access")).Return(nil).Once() s.mockNotifier.On("Notify", mock.Anything).Return(nil).Once() s.mockAuditLogger.On("Log", mock.Anything, appeal.AuditKeyRevoke, mock.Anything).Return(nil).Once() actualResult, actualError := s.service.Revoke(context.Background(), appealID, actor, reason) - s.Equal(expectedAppeal, actualResult) + s.mockRepository.AssertExpectations(s.T()) + s.mockProviderService.AssertExpectations(s.T()) + s.Equal(domain.AppealStatusTerminated, actualResult.Status) + s.Equal(actor, actualResult.RevokedBy) + s.Equal(reason, actualResult.RevokeReason) s.Nil(actualError) }) } diff --git a/core/provider/mocks/client.go b/core/provider/mocks/client.go index c0ee7a639..54d016f79 100644 --- a/core/provider/mocks/client.go +++ b/core/provider/mocks/client.go @@ -126,11 +126,11 @@ func (_m *Client) GetType() string { } // GrantAccess provides a mock function with given fields: _a0, _a1 -func (_m *Client) GrantAccess(_a0 *domain.ProviderConfig, _a1 *domain.Appeal) error { +func (_m *Client) GrantAccess(_a0 *domain.ProviderConfig, _a1 domain.Access) error { ret := _m.Called(_a0, _a1) var r0 error - if rf, ok := ret.Get(0).(func(*domain.ProviderConfig, *domain.Appeal) error); ok { + if rf, ok := ret.Get(0).(func(*domain.ProviderConfig, domain.Access) error); ok { r0 = rf(_a0, _a1) } else { r0 = ret.Error(0) @@ -140,11 +140,11 @@ func (_m *Client) GrantAccess(_a0 *domain.ProviderConfig, _a1 *domain.Appeal) er } // RevokeAccess provides a mock function with given fields: _a0, _a1 -func (_m *Client) RevokeAccess(_a0 *domain.ProviderConfig, _a1 *domain.Appeal) error { +func (_m *Client) RevokeAccess(_a0 *domain.ProviderConfig, _a1 domain.Access) error { ret := _m.Called(_a0, _a1) var r0 error - if rf, ok := ret.Get(0).(func(*domain.ProviderConfig, *domain.Appeal) error); ok { + if rf, ok := ret.Get(0).(func(*domain.ProviderConfig, domain.Access) error); ok { r0 = rf(_a0, _a1) } else { r0 = ret.Error(0) diff --git a/core/provider/service.go b/core/provider/service.go index a88511b98..9768fe87f 100644 --- a/core/provider/service.go +++ b/core/provider/service.go @@ -284,8 +284,8 @@ func (s *Service) ValidateAppeal(ctx context.Context, a *domain.Appeal, p *domai return nil } -func (s *Service) GrantAccess(ctx context.Context, a *domain.Appeal) error { - if err := s.validateAppealParam(a); err != nil { +func (s *Service) GrantAccess(ctx context.Context, a domain.Access) error { + if err := s.validateAccessParam(a); err != nil { return err } @@ -302,8 +302,8 @@ func (s *Service) GrantAccess(ctx context.Context, a *domain.Appeal) error { return c.GrantAccess(p.Config, a) } -func (s *Service) RevokeAccess(ctx context.Context, a *domain.Appeal) error { - if err := s.validateAppealParam(a); err != nil { +func (s *Service) RevokeAccess(ctx context.Context, a domain.Access) error { + if err := s.validateAccessParam(a); err != nil { return err } @@ -318,8 +318,6 @@ func (s *Service) RevokeAccess(ctx context.Context, a *domain.Appeal) error { } return c.RevokeAccess(p.Config, a) - // TODO: handle if permission for the given user with the given role is not found - // handle the resolution for the appeal status } func (s *Service) Delete(ctx context.Context, id string) error { @@ -430,6 +428,13 @@ func (s *Service) validateAppealParam(a *domain.Appeal) error { return nil } +func (s *Service) validateAccessParam(a domain.Access) error { + if a.Resource == nil { + return ErrNilResource + } + return nil +} + func (s *Service) getClient(pType string) Client { return s.clients[pType] } diff --git a/core/provider/service_test.go b/core/provider/service_test.go index f5481abec..0b66e4a39 100644 --- a/core/provider/service_test.go +++ b/core/provider/service_test.go @@ -314,15 +314,11 @@ func (s *ServiceTestSuite) TestFetchResources() { func (s *ServiceTestSuite) TestGrantAccess() { s.Run("should return error if got error on appeal param validation", func() { testCases := []struct { - appealParam *domain.Appeal + appealParam domain.Access expectedError error }{ { - appealParam: nil, - expectedError: provider.ErrNilAppeal, - }, - { - appealParam: &domain.Appeal{}, + appealParam: domain.Access{}, expectedError: provider.ErrNilResource, }, } @@ -333,7 +329,7 @@ func (s *ServiceTestSuite) TestGrantAccess() { }) s.Run("should return error if provider is not exists", func() { - appeal := &domain.Appeal{ + appeal := domain.Access{ Resource: &domain.Resource{ ProviderType: "invalid-provider-type", }, @@ -343,7 +339,7 @@ func (s *ServiceTestSuite) TestGrantAccess() { s.EqualError(actualError, expectedError.Error()) }) - validAppeal := &domain.Appeal{ + validAppeal := domain.Access{ Resource: &domain.Resource{ ProviderType: mockProviderType, ProviderURN: "urn", @@ -412,15 +408,11 @@ func (s *ServiceTestSuite) TestGrantAccess() { func (s *ServiceTestSuite) TestRevokeAccess() { s.Run("should return error if got error on appeal param validation", func() { testCases := []struct { - appealParam *domain.Appeal + appealParam domain.Access expectedError error }{ { - appealParam: nil, - expectedError: provider.ErrNilAppeal, - }, - { - appealParam: &domain.Appeal{}, + appealParam: domain.Access{}, expectedError: provider.ErrNilResource, }, } @@ -431,7 +423,7 @@ func (s *ServiceTestSuite) TestRevokeAccess() { }) s.Run("should return error if provider is not exists", func() { - appeal := &domain.Appeal{ + appeal := domain.Access{ Resource: &domain.Resource{ ProviderType: "invalid-provider-type", }, @@ -441,7 +433,7 @@ func (s *ServiceTestSuite) TestRevokeAccess() { s.EqualError(actualError, expectedError.Error()) }) - validAppeal := &domain.Appeal{ + validAppeal := domain.Access{ Resource: &domain.Resource{ ProviderType: mockProviderType, ProviderURN: "urn", diff --git a/domain/access.go b/domain/access.go new file mode 100644 index 000000000..990e72189 --- /dev/null +++ b/domain/access.go @@ -0,0 +1,79 @@ +package domain + +import ( + "errors" + "time" +) + +type AccessStatus string + +const ( + AccessStatusActive AccessStatus = "active" + AccessStatusInactive AccessStatus = "inactive" +) + +type Access struct { + ID string + Status AccessStatus + AccountID string + AccountType string + ResourceID string + Role string + Permissions []string + ExpirationDate *time.Time + AppealID string + RevokedBy string + RevokedAt *time.Time + RevokeReason string + CreatedBy string + CreatedAt time.Time + UpdatedAt time.Time + + Resource *Resource `json:"resource" yaml:"resource"` + Appeal *Appeal `json:"appeal" yaml:"appeal"` +} + +func (a Access) IsEligibleForExtension(extensionDurationRule time.Duration) bool { + if a.ExpirationDate != nil && !a.ExpirationDate.IsZero() { + return time.Until(*a.ExpirationDate) <= extensionDurationRule + } + return true +} + +func (a *Access) Revoke(actor, reason string) error { + if a == nil { + return errors.New("access is nil") + } + if actor == "" { + return errors.New("actor shouldn't be empty") + } + + a.Status = AccessStatusInactive + a.RevokedBy = actor + a.RevokeReason = reason + now := time.Now() + a.RevokedAt = &now + return nil +} + +type ListAccessesFilter struct { + Statuses []string + AccountIDs []string + AccountTypes []string + ResourceIDs []string + Roles []string + Permissions []string + ProviderTypes []string + ProviderURNs []string + ResourceTypes []string + ResourceURNs []string + CreatedBy string +} + +type RevokeAccessesFilter struct { + AccountIDs []string `validate:"omitempty,required"` + ProviderTypes []string `validate:"omitempty,min=1"` + ProviderURNs []string `validate:"omitempty,min=1"` + ResourceTypes []string `validate:"omitempty,min=1"` + ResourceURNs []string `validate:"omitempty,min=1"` +} diff --git a/domain/appeal.go b/domain/appeal.go index d5ccac0ab..c27084843 100644 --- a/domain/appeal.go +++ b/domain/appeal.go @@ -1,6 +1,8 @@ package domain import ( + "errors" + "fmt" "time" ) @@ -49,6 +51,7 @@ type Appeal struct { Policy *Policy `json:"-" yaml:"-"` Resource *Resource `json:"resource,omitempty" yaml:"resource,omitempty"` Approvals []*Approval `json:"approvals,omitempty" yaml:"approvals,omitempty"` + Access *Access `json:"access,omitempty" yaml:"access,omitempty"` CreatedAt time.Time `json:"created_at,omitempty" yaml:"created_at,omitempty"` UpdatedAt time.Time `json:"updated_at,omitempty" yaml:"updated_at,omitempty"` @@ -103,6 +106,21 @@ func (a *Appeal) Terminate() { a.Status = AppealStatusTerminated } +func (a *Appeal) Revoke(actor, reason string) error { + if a == nil { + return errors.New("apppeal is nil") + } + if actor == "" { + return errors.New("actor shouldn't be empty") + } + + a.Status = AppealStatusTerminated + a.RevokedBy = actor + a.RevokeReason = reason + a.RevokedAt = time.Now() + return nil +} + func (a *Appeal) SetDefaults() { if a.AccountType == "" { a.AccountType = DefaultAppealAccountType @@ -118,6 +136,29 @@ func (a *Appeal) GetApproval(id string) *Approval { return nil } +func (a Appeal) ToAccess() (*Access, error) { + access := &Access{ + Status: AccessStatusActive, + AccountID: a.AccountID, + AccountType: a.AccountType, + ResourceID: a.ResourceID, + Role: a.Role, + Permissions: a.Permissions, + AppealID: a.ID, + } + + if a.Options != nil && a.Options.Duration != "" { + duration, err := time.ParseDuration(a.Options.Duration) + if err != nil { + return nil, fmt.Errorf("parsing duration %q: %w", a.Options.Duration, err) + } + expDate := time.Now().Add(duration) + access.ExpirationDate = &expDate + } + + return access, nil +} + type ApprovalActionType string const ( diff --git a/internal/server/server.go b/internal/server/server.go index 6479cc2df..2e71d066b 100644 --- a/internal/server/server.go +++ b/internal/server/server.go @@ -118,6 +118,7 @@ func RunServer(config *Config) error { services.PolicyService, services.AppealService, services.ApprovalService, + services.AccessService, protoAdapter, config.AuthenticatedUserHeaderKey, )) diff --git a/internal/server/services.go b/internal/server/services.go index 143e0f64b..ea21b3d0e 100644 --- a/internal/server/services.go +++ b/internal/server/services.go @@ -6,6 +6,7 @@ import ( "github.com/go-playground/validator/v10" "github.com/google/uuid" "github.com/odpf/guardian/core" + "github.com/odpf/guardian/core/access" "github.com/odpf/guardian/core/appeal" "github.com/odpf/guardian/core/approval" "github.com/odpf/guardian/core/policy" @@ -34,6 +35,7 @@ type Services struct { PolicyService *policy.Service ApprovalService *approval.Service AppealService *appeal.Service + AccessService *access.Service } type ServiceDeps struct { @@ -87,6 +89,7 @@ func InitServices(deps ServiceDeps) (*Services, error) { resourceRepository := postgres.NewResourceRepository(store.DB()) appealRepository := postgres.NewAppealRepository(store.DB()) approvalRepository := postgres.NewApprovalRepository(store.DB()) + accessRepository := postgres.NewAccessRepository(store.DB()) providerClients := []provider.Client{ bigquery.NewProvider(domain.ProviderTypeBigQuery, deps.Crypto), @@ -126,12 +129,21 @@ func InitServices(deps ServiceDeps) (*Services, error) { Repository: approvalRepository, PolicyService: policyService, }) + accessService := access.NewService(access.ServiceDeps{ + Repository: accessRepository, + ProviderService: providerService, + Notifier: deps.Notifier, + Logger: deps.Logger, + Validator: deps.Validator, + AuditLogger: auditLogger, + }) appealService := appeal.NewService(appeal.ServiceDeps{ Repository: appealRepository, ResourceService: resourceService, ApprovalService: approvalService, ProviderService: providerService, PolicyService: policyService, + AccessService: accessService, IAMManager: iamManager, Notifier: deps.Notifier, Validator: deps.Validator, @@ -145,5 +157,6 @@ func InitServices(deps ServiceDeps) (*Services, error) { policyService, approvalService, appealService, + accessService, }, nil } diff --git a/internal/store/postgres/access_repository.go b/internal/store/postgres/access_repository.go new file mode 100644 index 000000000..2874dc1d3 --- /dev/null +++ b/internal/store/postgres/access_repository.go @@ -0,0 +1,114 @@ +package postgres + +import ( + "context" + "errors" + "fmt" + + "github.com/lib/pq" + "github.com/odpf/guardian/core/access" + "github.com/odpf/guardian/domain" + "github.com/odpf/guardian/internal/store/postgres/model" + "gorm.io/gorm" +) + +type AccessRepository struct { + db *gorm.DB +} + +func NewAccessRepository(db *gorm.DB) *AccessRepository { + return &AccessRepository{db} +} + +func (r *AccessRepository) List(ctx context.Context, filter domain.ListAccessesFilter) ([]domain.Access, error) { + db := r.db.WithContext(ctx) + if filter.AccountIDs != nil { + db = db.Where(`"accesses"."account_id" IN ?`, filter.AccountIDs) + } + if filter.AccountTypes != nil { + db = db.Where(`"accesses"."account_type" IN ?`, filter.AccountTypes) + } + if filter.ResourceIDs != nil { + db = db.Where(`"accesses"."resource_id" IN ?`, filter.ResourceIDs) + } + if filter.Statuses != nil { + db = db.Where(`"accesses"."status" IN ?`, filter.Statuses) + } + if filter.Roles != nil { + db = db.Where(`"accesses"."role" IN ?`, filter.Roles) + } + if filter.Permissions != nil { + db = db.Where(`"accesses"."permissions" @> ?`, pq.StringArray(filter.Permissions)) + } + if filter.CreatedBy != "" { + db = db.Where(`"accesses"."created_by" = ?`, filter.CreatedBy) + } + if filter.ProviderTypes != nil { + db = db.Where(`"Resource"."provider_type" IN ?`, filter.ProviderTypes) + } + if filter.ProviderURNs != nil { + db = db.Where(`"Resource"."provider_urn" IN ?`, filter.ProviderURNs) + } + if filter.ResourceTypes != nil { + db = db.Where(`"Resource"."type" IN ?`, filter.ResourceTypes) + } + if filter.ResourceURNs != nil { + db = db.Where(`"Resource"."urn" IN ?`, filter.ResourceURNs) + } + + var models []model.Access + if err := db.Joins("Resource").Joins("Appeal").Find(&models).Error; err != nil { + return nil, err + } + + var accesses []domain.Access + for _, m := range models { + a, err := m.ToDomain() + if err != nil { + return nil, fmt.Errorf("parsing access %q: %w", a.ID, err) + } + accesses = append(accesses, *a) + } + + return accesses, nil +} + +func (r *AccessRepository) GetByID(ctx context.Context, id string) (*domain.Access, error) { + m := new(model.Access) + if err := r.db.WithContext(ctx).Joins("Resource").Joins("Appeal").First(&m, `"accesses"."id" = ?`, id).Error; err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + return nil, access.ErrAccessNotFound + } + return nil, err + } + + a, err := m.ToDomain() + if err != nil { + return nil, fmt.Errorf("parsing access %q: %w", a.ID, err) + } + return a, nil +} + +func (r *AccessRepository) Update(ctx context.Context, a *domain.Access) error { + if a == nil || a.ID == "" { + return access.ErrEmptyIDParam + } + + m := new(model.Access) + if err := m.FromDomain(*a); err != nil { + return fmt.Errorf("parsing access payload: %w", err) + } + + return r.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error { + if err := tx.Model(m).Updates(*m).Error; err != nil { + return err + } + + newAccess, err := m.ToDomain() + if err != nil { + return fmt.Errorf("parsing access: %w", err) + } + *a = *newAccess + return nil + }) +} diff --git a/internal/store/postgres/access_repository_test.go b/internal/store/postgres/access_repository_test.go new file mode 100644 index 000000000..66ba0a203 --- /dev/null +++ b/internal/store/postgres/access_repository_test.go @@ -0,0 +1,197 @@ +package postgres_test + +import ( + "context" + "database/sql" + "database/sql/driver" + "errors" + "fmt" + "regexp" + "strings" + "testing" + "time" + + "github.com/DATA-DOG/go-sqlmock" + "github.com/google/uuid" + "github.com/lib/pq" + "github.com/odpf/guardian/core/access" + "github.com/odpf/guardian/domain" + "github.com/odpf/guardian/internal/store/postgres" + "github.com/odpf/guardian/mocks" + "github.com/stretchr/testify/suite" + "gorm.io/gorm" +) + +type AccessRepositoryTestSuite struct { + suite.Suite + sqldb *sql.DB + dbmock sqlmock.Sqlmock + repository *postgres.AccessRepository + + timeNow time.Time + columnNames []string +} + +func TestAccessRepository(t *testing.T) { + suite.Run(t, new(AccessRepositoryTestSuite)) +} + +func (s *AccessRepositoryTestSuite) setup() { + db, mock, err := mocks.NewStore() + s.Require().NoError(err) + sqldb, err := db.DB() + s.Require().NoError(err) + s.dbmock = mock + s.sqldb = sqldb + s.repository = postgres.NewAccessRepository(db) + + s.timeNow = time.Now() + s.columnNames = []string{ + "id", "status", "account_id", "account_type", "resource_id", "role", "permissions", + "expiration_date", "appeal_id", "revoked_by", "revoked_at", "revoke_reason", + "created_by", "created_at", "updated_at", + } +} + +func (s *AccessRepositoryTestSuite) toRow(a domain.Access) []driver.Value { + permissions := fmt.Sprintf("{%s}", strings.Join(a.Permissions, ",")) + return []driver.Value{ + a.ID, a.Status, a.AccountID, a.AccountType, a.ResourceID, a.Role, permissions, + a.ExpirationDate, a.AppealID, a.RevokedBy, a.RevokedAt, a.RevokeReason, + a.CreatedBy, a.CreatedAt, a.UpdatedAt, + } +} + +func (s *AccessRepositoryTestSuite) TestList() { + s.Run("should return list of access on success", func() { + s.setup() + + expectedAccesses := []domain.Access{ + { + ID: uuid.New().String(), + Status: "test-status", + AccountID: "test-account-id", + AccountType: "test-account-type", + ResourceID: uuid.New().String(), + Role: "test-role", + Permissions: []string{"test-permission"}, + ExpirationDate: &s.timeNow, + AppealID: uuid.New().String(), + RevokedBy: "test-revoked-by", + RevokedAt: &s.timeNow, + RevokeReason: "test-revoke-reason", + CreatedAt: s.timeNow, + UpdatedAt: s.timeNow, + }, + } + expectedQuery := regexp.QuoteMeta(`SELECT "accesses"."id","accesses"."status","accesses"."account_id","accesses"."account_type","accesses"."resource_id","accesses"."role","accesses"."permissions","accesses"."expiration_date","accesses"."appeal_id","accesses"."revoked_by","accesses"."revoked_at","accesses"."revoke_reason","accesses"."created_by","accesses"."created_at","accesses"."updated_at","accesses"."deleted_at","Resource"."id" AS "Resource__id","Resource"."provider_type" AS "Resource__provider_type","Resource"."provider_urn" AS "Resource__provider_urn","Resource"."type" AS "Resource__type","Resource"."urn" AS "Resource__urn","Resource"."name" AS "Resource__name","Resource"."details" AS "Resource__details","Resource"."labels" AS "Resource__labels","Resource"."created_at" AS "Resource__created_at","Resource"."updated_at" AS "Resource__updated_at","Resource"."deleted_at" AS "Resource__deleted_at","Resource"."is_deleted" AS "Resource__is_deleted","Appeal"."id" AS "Appeal__id","Appeal"."resource_id" AS "Appeal__resource_id","Appeal"."policy_id" AS "Appeal__policy_id","Appeal"."policy_version" AS "Appeal__policy_version","Appeal"."status" AS "Appeal__status","Appeal"."account_id" AS "Appeal__account_id","Appeal"."account_type" AS "Appeal__account_type","Appeal"."created_by" AS "Appeal__created_by","Appeal"."creator" AS "Appeal__creator","Appeal"."role" AS "Appeal__role","Appeal"."permissions" AS "Appeal__permissions","Appeal"."options" AS "Appeal__options","Appeal"."labels" AS "Appeal__labels","Appeal"."details" AS "Appeal__details","Appeal"."revoked_by" AS "Appeal__revoked_by","Appeal"."revoked_at" AS "Appeal__revoked_at","Appeal"."revoke_reason" AS "Appeal__revoke_reason","Appeal"."created_at" AS "Appeal__created_at","Appeal"."updated_at" AS "Appeal__updated_at","Appeal"."deleted_at" AS "Appeal__deleted_at" FROM "accesses" LEFT JOIN "resources" "Resource" ON "accesses"."resource_id" = "Resource"."id" LEFT JOIN "appeals" "Appeal" ON "accesses"."appeal_id" = "Appeal"."id" WHERE "accesses"."account_id" IN ($1) AND "accesses"."account_type" IN ($2) AND "accesses"."resource_id" IN ($3) AND "accesses"."status" IN ($4) AND "accesses"."role" IN ($5) AND "accesses"."permissions" @> $6 AND "accesses"."created_by" = $7 AND "Resource"."provider_type" IN ($8) AND "Resource"."provider_urn" IN ($9) AND "Resource"."type" IN ($10) AND "Resource"."urn" IN ($11) AND "accesses"."deleted_at" IS NULL`) + expectedRows := sqlmock.NewRows(s.columnNames).AddRow(s.toRow(expectedAccesses[0])...) + s.dbmock.ExpectQuery(expectedQuery). + WithArgs( + "test-account-id", + "test-account-type", + "test-resource-id", + "test-status", + "test-role", + pq.StringArray([]string{"test-permission"}), + "test-created-by", + "test-provider-type", + "test-provider-urn", + "test-resource-type", + "test-resource-urn", + ). + WillReturnRows(expectedRows) + + accesses, err := s.repository.List(context.Background(), domain.ListAccessesFilter{ + Statuses: []string{"test-status"}, + AccountIDs: []string{"test-account-id"}, + AccountTypes: []string{"test-account-type"}, + ResourceIDs: []string{"test-resource-id"}, + Roles: []string{"test-role"}, + Permissions: []string{"test-permission"}, + ProviderTypes: []string{"test-provider-type"}, + ProviderURNs: []string{"test-provider-urn"}, + ResourceTypes: []string{"test-resource-type"}, + ResourceURNs: []string{"test-resource-urn"}, + CreatedBy: "test-created-by", + }) + + s.NoError(err) + s.Equal(expectedAccesses, accesses) + s.NoError(s.dbmock.ExpectationsWereMet()) + }) + + s.Run("sould return error if db returns an error", func() { + s.setup() + + expectedError := errors.New("db error") + s.dbmock.ExpectQuery(".*").WillReturnError(expectedError) + + accesses, err := s.repository.List(context.Background(), domain.ListAccessesFilter{}) + + s.ErrorIs(err, expectedError) + s.Nil(accesses) + s.NoError(s.dbmock.ExpectationsWereMet()) + }) +} + +func (s *AccessRepositoryTestSuite) TestGetByID() { + s.Run("should return access details on success", func() { + s.setup() + + expectedID := uuid.New().String() + expectedAccess := &domain.Access{ + ID: expectedID, + Status: "test-status", + AccountID: "test-account-id", + AccountType: "test-account-type", + ResourceID: uuid.New().String(), + Role: "test-role", + Permissions: []string{"test-permission"}, + ExpirationDate: &s.timeNow, + AppealID: uuid.New().String(), + RevokedBy: "test-revoked-by", + RevokedAt: &s.timeNow, + RevokeReason: "test-revoke-reason", + CreatedAt: s.timeNow, + UpdatedAt: s.timeNow, + } + expectedQuery := regexp.QuoteMeta(`SELECT "accesses"."id","accesses"."status","accesses"."account_id","accesses"."account_type","accesses"."resource_id","accesses"."role","accesses"."permissions","accesses"."expiration_date","accesses"."appeal_id","accesses"."revoked_by","accesses"."revoked_at","accesses"."revoke_reason","accesses"."created_by","accesses"."created_at","accesses"."updated_at","accesses"."deleted_at","Resource"."id" AS "Resource__id","Resource"."provider_type" AS "Resource__provider_type","Resource"."provider_urn" AS "Resource__provider_urn","Resource"."type" AS "Resource__type","Resource"."urn" AS "Resource__urn","Resource"."name" AS "Resource__name","Resource"."details" AS "Resource__details","Resource"."labels" AS "Resource__labels","Resource"."created_at" AS "Resource__created_at","Resource"."updated_at" AS "Resource__updated_at","Resource"."deleted_at" AS "Resource__deleted_at","Resource"."is_deleted" AS "Resource__is_deleted","Appeal"."id" AS "Appeal__id","Appeal"."resource_id" AS "Appeal__resource_id","Appeal"."policy_id" AS "Appeal__policy_id","Appeal"."policy_version" AS "Appeal__policy_version","Appeal"."status" AS "Appeal__status","Appeal"."account_id" AS "Appeal__account_id","Appeal"."account_type" AS "Appeal__account_type","Appeal"."created_by" AS "Appeal__created_by","Appeal"."creator" AS "Appeal__creator","Appeal"."role" AS "Appeal__role","Appeal"."permissions" AS "Appeal__permissions","Appeal"."options" AS "Appeal__options","Appeal"."labels" AS "Appeal__labels","Appeal"."details" AS "Appeal__details","Appeal"."revoked_by" AS "Appeal__revoked_by","Appeal"."revoked_at" AS "Appeal__revoked_at","Appeal"."revoke_reason" AS "Appeal__revoke_reason","Appeal"."created_at" AS "Appeal__created_at","Appeal"."updated_at" AS "Appeal__updated_at","Appeal"."deleted_at" AS "Appeal__deleted_at" FROM "accesses" LEFT JOIN "resources" "Resource" ON "accesses"."resource_id" = "Resource"."id" LEFT JOIN "appeals" "Appeal" ON "accesses"."appeal_id" = "Appeal"."id" WHERE "accesses"."id" = $1 AND "accesses"."deleted_at" IS NULL ORDER BY "accesses"."id" LIMIT 1`) + expectedRows := sqlmock.NewRows(s.columnNames).AddRow(s.toRow(*expectedAccess)...) + s.dbmock.ExpectQuery(expectedQuery). + WithArgs(expectedID). + WillReturnRows(expectedRows) + + access, err := s.repository.GetByID(context.Background(), expectedID) + + s.NoError(err) + s.Equal(expectedAccess, access) + s.NoError(s.dbmock.ExpectationsWereMet()) + }) + + s.Run("should return not found error if record not found", func() { + s.setup() + + expectedError := gorm.ErrRecordNotFound + s.dbmock.ExpectQuery(".*").WillReturnError(expectedError) + + actualAccess, err := s.repository.GetByID(context.Background(), "") + + s.ErrorIs(err, access.ErrAccessNotFound) + s.Nil(actualAccess) + s.NoError(s.dbmock.ExpectationsWereMet()) + }) + + s.Run("should return error if db returns an error", func() { + s.setup() + + expectedError := errors.New("db error") + s.dbmock.ExpectQuery(".*").WillReturnError(expectedError) + + access, err := s.repository.GetByID(context.Background(), "") + + s.ErrorIs(err, expectedError) + s.Nil(access) + s.NoError(s.dbmock.ExpectationsWereMet()) + }) +} diff --git a/internal/store/postgres/appeal_repository.go b/internal/store/postgres/appeal_repository.go index fa37fe9e5..775343a93 100644 --- a/internal/store/postgres/appeal_repository.go +++ b/internal/store/postgres/appeal_repository.go @@ -41,6 +41,7 @@ func (r *AppealRepository) GetByID(id string) (*domain.Appeal, error) { }). Preload("Approvals.Approvers"). Preload("Resource"). + Preload("Access"). First(&m, "id = ?", id). Error; err != nil { if errors.Is(err, gorm.ErrRecordNotFound) { @@ -74,16 +75,16 @@ func (r *AppealRepository) Find(filters *domain.ListAppealsFilter) ([]*domain.Ap accounts = append(accounts, filters.AccountIDs...) } if len(accounts) > 0 { - db = db.Where(`"account_id" IN ?`, accounts) + db = db.Where(`"appeals"."account_id" IN ?`, accounts) } if filters.Statuses != nil { - db = db.Where(`"status" IN ?`, filters.Statuses) + db = db.Where(`"appeals"."status" IN ?`, filters.Statuses) } if filters.ResourceID != "" { - db = db.Where(`"resource_id" = ?`, filters.ResourceID) + db = db.Where(`"appeals"."resource_id" = ?`, filters.ResourceID) } if filters.Role != "" { - db = db.Where(`"role" = ?`, filters.Role) + db = db.Where(`"appeals"."role" = ?`, filters.Role) } if !filters.ExpirationDateLessThan.IsZero() { db = db.Where(`"options" -> 'expiration_date' < ?`, filters.ExpirationDateLessThan) @@ -112,7 +113,7 @@ func (r *AppealRepository) Find(filters *domain.ListAppealsFilter) ([]*domain.Ap } var models []*model.Appeal - if err := db.Find(&models).Error; err != nil { + if err := db.Joins("Access").Find(&models).Error; err != nil { return nil, err } diff --git a/internal/store/postgres/appeal_repository_test.go b/internal/store/postgres/appeal_repository_test.go index 3d976a54b..d46819744 100644 --- a/internal/store/postgres/appeal_repository_test.go +++ b/internal/store/postgres/appeal_repository_test.go @@ -29,6 +29,7 @@ type AppealRepositoryTestSuite struct { repository *postgres.AppealRepository columnNames []string + accessColumnNames []string approvalColumnNames []string approverColumnNames []string resourceColumnNames []string @@ -58,6 +59,11 @@ func (s *AppealRepositoryTestSuite) SetupTest() { "created_at", "updated_at", } + s.accessColumnNames = []string{ + "id", "status", "account_id", "account_type", "resource_id", "role", "permissions", + "expiration_date", "appeal_id", "revoked_by", "revoked_at", "revoke_reason", + "created_by", "created_at", "updated_at", + } s.approvalColumnNames = []string{ "id", "name", @@ -199,6 +205,18 @@ func (s *AppealRepositoryTestSuite) TestGetByID() { }, CreatedAt: timeNow, UpdatedAt: timeNow, + Access: &domain.Access{ + ID: uuid.NewString(), + AppealID: expectedID, + Status: "test-status", + AccountID: "test-account-id", + AccountType: "test-account-type", + ResourceID: uuid.NewString(), + Role: "test-role", + Permissions: []string{"test-permission"}, + CreatedAt: timeNow, + UpdatedAt: timeNow, + }, }, }, } @@ -228,6 +246,29 @@ func (s *AppealRepositoryTestSuite) TestGetByID() { WithArgs(tc.expectedID). WillReturnRows(expectedRows) + expectedAccessesPreloadQuery := regexp.QuoteMeta(`SELECT * FROM "accesses" WHERE "accesses"."appeal_id" = $1 AND "accesses"."deleted_at" IS NULL`) + expectedAccessRows := sqlmock.NewRows(s.accessColumnNames).AddRow( + tc.expectedRecord.Access.ID, + tc.expectedRecord.Access.Status, + tc.expectedRecord.Access.AccountID, + tc.expectedRecord.Access.AccountType, + tc.expectedRecord.Access.ResourceID, + tc.expectedRecord.Access.Role, + fmt.Sprintf("{%s}", strings.Join(tc.expectedRecord.Access.Permissions, ",")), + tc.expectedRecord.Access.ExpirationDate, + tc.expectedRecord.Access.AppealID, + tc.expectedRecord.Access.RevokedBy, + tc.expectedRecord.Access.RevokedAt, + tc.expectedRecord.Access.RevokeReason, + tc.expectedRecord.Access.CreatedBy, + tc.expectedRecord.Access.CreatedAt, + tc.expectedRecord.Access.UpdatedAt, + ) + s.dbmock. + ExpectQuery(expectedAccessesPreloadQuery). + WithArgs(tc.expectedID). + WillReturnRows(expectedAccessRows) + expectedApprovalsPreloadQuery := regexp.QuoteMeta(`SELECT * FROM "approvals" WHERE "approvals"."appeal_id" = $1 AND "approvals"."deleted_at" IS NULL`) expectedApprovalRows := sqlmock.NewRows(s.approvalColumnNames) for _, a := range tc.expectedRecord.Approvals { @@ -301,7 +342,7 @@ func (s *AppealRepositoryTestSuite) TestFind() { }) s.Run("should run query based on filters", func() { - selectAppealsJoinsWithResourceSql := `SELECT "appeals"."id","appeals"."resource_id","appeals"."policy_id","appeals"."policy_version","appeals"."status","appeals"."account_id","appeals"."account_type","appeals"."created_by","appeals"."creator","appeals"."role","appeals"."permissions","appeals"."options","appeals"."labels","appeals"."details","appeals"."revoked_by","appeals"."revoked_at","appeals"."revoke_reason","appeals"."created_at","appeals"."updated_at","appeals"."deleted_at","Resource"."id" AS "Resource__id","Resource"."provider_type" AS "Resource__provider_type","Resource"."provider_urn" AS "Resource__provider_urn","Resource"."type" AS "Resource__type","Resource"."urn" AS "Resource__urn","Resource"."name" AS "Resource__name","Resource"."details" AS "Resource__details","Resource"."labels" AS "Resource__labels","Resource"."created_at" AS "Resource__created_at","Resource"."updated_at" AS "Resource__updated_at","Resource"."deleted_at" AS "Resource__deleted_at","Resource"."is_deleted" AS "Resource__is_deleted" FROM "appeals" LEFT JOIN "resources" "Resource" ON "appeals"."resource_id" = "Resource"."id" WHERE` + selectAppealsJoinsWithResourceSql := `SELECT "appeals"."id","appeals"."resource_id","appeals"."policy_id","appeals"."policy_version","appeals"."status","appeals"."account_id","appeals"."account_type","appeals"."created_by","appeals"."creator","appeals"."role","appeals"."permissions","appeals"."options","appeals"."labels","appeals"."details","appeals"."revoked_by","appeals"."revoked_at","appeals"."revoke_reason","appeals"."created_at","appeals"."updated_at","appeals"."deleted_at","Resource"."id" AS "Resource__id","Resource"."provider_type" AS "Resource__provider_type","Resource"."provider_urn" AS "Resource__provider_urn","Resource"."type" AS "Resource__type","Resource"."urn" AS "Resource__urn","Resource"."name" AS "Resource__name","Resource"."details" AS "Resource__details","Resource"."labels" AS "Resource__labels","Resource"."created_at" AS "Resource__created_at","Resource"."updated_at" AS "Resource__updated_at","Resource"."deleted_at" AS "Resource__deleted_at","Resource"."is_deleted" AS "Resource__is_deleted","Access"."id" AS "Access__id","Access"."status" AS "Access__status","Access"."account_id" AS "Access__account_id","Access"."account_type" AS "Access__account_type","Access"."resource_id" AS "Access__resource_id","Access"."role" AS "Access__role","Access"."permissions" AS "Access__permissions","Access"."expiration_date" AS "Access__expiration_date","Access"."appeal_id" AS "Access__appeal_id","Access"."revoked_by" AS "Access__revoked_by","Access"."revoked_at" AS "Access__revoked_at","Access"."revoke_reason" AS "Access__revoke_reason","Access"."created_by" AS "Access__created_by","Access"."created_at" AS "Access__created_at","Access"."updated_at" AS "Access__updated_at","Access"."deleted_at" AS "Access__deleted_at" FROM "appeals" LEFT JOIN "resources" "Resource" ON "appeals"."resource_id" = "Resource"."id" LEFT JOIN "accesses" "Access" ON "appeals"."id" = "Access"."appeal_id" WHERE` timeNow := time.Now() testCases := []struct { filters *domain.ListAppealsFilter @@ -323,35 +364,35 @@ func (s *AppealRepositoryTestSuite) TestFind() { filters: &domain.ListAppealsFilter{ AccountIDs: []string{"user@email.com"}, }, - expectedClauseQuery: `"account_id" IN ($1) AND "appeals"."deleted_at" IS NULL`, + expectedClauseQuery: `"appeals"."account_id" IN ($1) AND "appeals"."deleted_at" IS NULL`, expectedArgs: []driver.Value{"user@email.com"}, }, { filters: &domain.ListAppealsFilter{ AccountID: "user@email.com", }, - expectedClauseQuery: `"account_id" IN ($1) AND "appeals"."deleted_at" IS NULL`, + expectedClauseQuery: `"appeals"."account_id" IN ($1) AND "appeals"."deleted_at" IS NULL`, expectedArgs: []driver.Value{"user@email.com"}, }, { filters: &domain.ListAppealsFilter{ Statuses: []string{domain.AppealStatusActive, domain.AppealStatusTerminated}, }, - expectedClauseQuery: `"status" IN ($1,$2) AND "appeals"."deleted_at" IS NULL`, + expectedClauseQuery: `"appeals"."status" IN ($1,$2) AND "appeals"."deleted_at" IS NULL`, expectedArgs: []driver.Value{domain.AppealStatusActive, domain.AppealStatusTerminated}, }, { filters: &domain.ListAppealsFilter{ ResourceID: "1", }, - expectedClauseQuery: `"resource_id" = $1 AND "appeals"."deleted_at" IS NULL`, + expectedClauseQuery: `"appeals"."resource_id" = $1 AND "appeals"."deleted_at" IS NULL`, expectedArgs: []driver.Value{"1"}, }, { filters: &domain.ListAppealsFilter{ Role: "test-role", }, - expectedClauseQuery: `"role" = $1 AND "appeals"."deleted_at" IS NULL`, + expectedClauseQuery: `"appeals"."role" = $1 AND "appeals"."deleted_at" IS NULL`, expectedArgs: []driver.Value{"test-role"}, }, { @@ -476,7 +517,7 @@ func (s *AppealRepositoryTestSuite) TestFind() { }) s.Run("should return records on success", func() { - expectedQuery := regexp.QuoteMeta(`SELECT "appeals"."id","appeals"."resource_id","appeals"."policy_id","appeals"."policy_version","appeals"."status","appeals"."account_id","appeals"."account_type","appeals"."created_by","appeals"."creator","appeals"."role","appeals"."permissions","appeals"."options","appeals"."labels","appeals"."details","appeals"."revoked_by","appeals"."revoked_at","appeals"."revoke_reason","appeals"."created_at","appeals"."updated_at","appeals"."deleted_at","Resource"."id" AS "Resource__id","Resource"."provider_type" AS "Resource__provider_type","Resource"."provider_urn" AS "Resource__provider_urn","Resource"."type" AS "Resource__type","Resource"."urn" AS "Resource__urn","Resource"."name" AS "Resource__name","Resource"."details" AS "Resource__details","Resource"."labels" AS "Resource__labels","Resource"."created_at" AS "Resource__created_at","Resource"."updated_at" AS "Resource__updated_at","Resource"."deleted_at" AS "Resource__deleted_at","Resource"."is_deleted" AS "Resource__is_deleted" FROM "appeals" LEFT JOIN "resources" "Resource" ON "appeals"."resource_id" = "Resource"."id" WHERE "appeals"."deleted_at" IS NULL`) + expectedQuery := regexp.QuoteMeta(`SELECT "appeals"."id","appeals"."resource_id","appeals"."policy_id","appeals"."policy_version","appeals"."status","appeals"."account_id","appeals"."account_type","appeals"."created_by","appeals"."creator","appeals"."role","appeals"."permissions","appeals"."options","appeals"."labels","appeals"."details","appeals"."revoked_by","appeals"."revoked_at","appeals"."revoke_reason","appeals"."created_at","appeals"."updated_at","appeals"."deleted_at","Resource"."id" AS "Resource__id","Resource"."provider_type" AS "Resource__provider_type","Resource"."provider_urn" AS "Resource__provider_urn","Resource"."type" AS "Resource__type","Resource"."urn" AS "Resource__urn","Resource"."name" AS "Resource__name","Resource"."details" AS "Resource__details","Resource"."labels" AS "Resource__labels","Resource"."created_at" AS "Resource__created_at","Resource"."updated_at" AS "Resource__updated_at","Resource"."deleted_at" AS "Resource__deleted_at","Resource"."is_deleted" AS "Resource__is_deleted","Access"."id" AS "Access__id","Access"."status" AS "Access__status","Access"."account_id" AS "Access__account_id","Access"."account_type" AS "Access__account_type","Access"."resource_id" AS "Access__resource_id","Access"."role" AS "Access__role","Access"."permissions" AS "Access__permissions","Access"."expiration_date" AS "Access__expiration_date","Access"."appeal_id" AS "Access__appeal_id","Access"."revoked_by" AS "Access__revoked_by","Access"."revoked_at" AS "Access__revoked_at","Access"."revoke_reason" AS "Access__revoke_reason","Access"."created_by" AS "Access__created_by","Access"."created_at" AS "Access__created_at","Access"."updated_at" AS "Access__updated_at","Access"."deleted_at" AS "Access__deleted_at" FROM "appeals" LEFT JOIN "resources" "Resource" ON "appeals"."resource_id" = "Resource"."id" LEFT JOIN "accesses" "Access" ON "appeals"."id" = "Access"."appeal_id" WHERE "appeals"."deleted_at" IS NULL`) resourceID1 := uuid.New().String() resourceID2 := uuid.New().String() expectedRecords := []*domain.Appeal{ @@ -495,6 +536,12 @@ func (s *AppealRepositoryTestSuite) TestFind() { Status: domain.AppealStatusPending, AccountID: "user@email.com", Role: "role_name", + Permissions: []string{"test-permission"}, + Access: &domain.Access{ + ID: uuid.NewString(), + Status: "test-status", + Permissions: []string{"test-permission"}, + }, }, { ID: uuid.New().String(), @@ -511,12 +558,21 @@ func (s *AppealRepositoryTestSuite) TestFind() { Status: domain.AppealStatusPending, AccountID: "user@email.com", Role: "role_name", + Permissions: []string{"test-permission"}, + Access: &domain.Access{ + ID: uuid.NewString(), + Status: "test-status", + Permissions: []string{"test-permission"}, + }, }, } aggregatedColumns := s.columnNames for _, c := range s.resourceColumnNames { aggregatedColumns = append(aggregatedColumns, fmt.Sprintf("Resource__%s", c)) } + for _, c := range s.accessColumnNames { + aggregatedColumns = append(aggregatedColumns, fmt.Sprintf("Access__%s", c)) + } expectedRows := sqlmock.NewRows(aggregatedColumns) for _, r := range expectedRecords { expectedRows.AddRow( @@ -548,6 +604,11 @@ func (s *AppealRepositoryTestSuite) TestFind() { "null", r.Resource.CreatedAt, r.Resource.UpdatedAt, + + // access + r.Access.ID, r.Access.Status, r.Access.AccountID, r.Access.AccountType, r.Access.ResourceID, r.Access.Role, fmt.Sprintf("{%s}", strings.Join(r.Access.Permissions, ",")), + r.Access.ExpirationDate, r.Access.AppealID, r.Access.RevokedBy, r.Access.RevokedAt, r.Access.RevokeReason, + r.Access.CreatedBy, r.Access.CreatedAt, r.Access.UpdatedAt, ) } s.dbmock. diff --git a/internal/store/postgres/migrations/000007_create_access_table.down.sql b/internal/store/postgres/migrations/000007_create_access_table.down.sql new file mode 100644 index 000000000..36292ffde --- /dev/null +++ b/internal/store/postgres/migrations/000007_create_access_table.down.sql @@ -0,0 +1 @@ +DROP TABLE IF EXISTS "accesses"; diff --git a/internal/store/postgres/migrations/000007_create_access_table.up.sql b/internal/store/postgres/migrations/000007_create_access_table.up.sql new file mode 100644 index 000000000..2de78f476 --- /dev/null +++ b/internal/store/postgres/migrations/000007_create_access_table.up.sql @@ -0,0 +1,64 @@ +CREATE TABLE IF NOT EXISTS "accesses" ( + "id" uuid DEFAULT uuid_generate_v4(), + "status" text, + "account_id" text, + "account_type" text, + "resource_id" uuid, + "role" text, + "permissions" text [], + "expiration_date" timestamptz, + "appeal_id" uuid, + "revoked_by" text, + "revoked_at" timestamptz, + "revoke_reason" text, + "created_by" text, + "created_at" timestamptz, + "updated_at" timestamptz, + "deleted_at" timestamptz, + PRIMARY KEY ("id"), + CONSTRAINT "fk_accesses_resource" FOREIGN KEY ("resource_id") REFERENCES "resources"("id"), + CONSTRAINT "fk_accesses_appeal" FOREIGN KEY ("appeal_id") REFERENCES "appeals"("id") +); + +CREATE INDEX IF NOT EXISTS "idx_accesses_deleted_at" ON "accesses" ("deleted_at"); + +INSERT INTO + "accesses" ( + "status", + "account_id", + "account_type", + "resource_id", + "role", + "permissions", + "expiration_date", + "appeal_id", + "revoked_by", + "revoked_at", + "revoke_reason", + "created_by", + "created_at", + "updated_at" + ) +SELECT + CASE + WHEN status = 'active' THEN 'active' + WHEN status = 'terminated' THEN 'inactive' + END AS "status", + "account_id", + "account_type", + "resource_id", + "role", + "permissions", + ("options" ->> 'expiration_date') :: TIMESTAMP WITH TIME ZONE AS "expiration_date", + "id" AS "appeal_id", + "revoked_by", + "revoked_at", + "revoke_reason", + "created_by", + NOW() AS "created_at", + NOW() AS "updated_at" +FROM + "appeals" +WHERE + status = 'active' + OR status = 'terminated'; \ No newline at end of file diff --git a/internal/store/postgres/model/access.go b/internal/store/postgres/model/access.go new file mode 100644 index 000000000..0ebdff249 --- /dev/null +++ b/internal/store/postgres/model/access.go @@ -0,0 +1,124 @@ +package model + +import ( + "fmt" + "time" + + "github.com/google/uuid" + "github.com/lib/pq" + "github.com/odpf/guardian/domain" + "gorm.io/gorm" +) + +type Access struct { + ID uuid.UUID `gorm:"type:uuid;primaryKey;default:uuid_generate_v4()"` + Status string + AccountID string + AccountType string + ResourceID string + Role string + Permissions pq.StringArray `gorm:"type:text[]"` + ExpirationDate time.Time + AppealID string + RevokedBy string + RevokedAt time.Time + RevokeReason string + CreatedBy string + CreatedAt time.Time `gorm:"autoCreateTime"` + UpdatedAt time.Time `gorm:"autoUpdateTime"` + DeletedAt gorm.DeletedAt `gorm:"index"` + + Resource *Resource `gorm:"ForeignKey:ResourceID;References:ID"` + Appeal *Appeal `gorm:"ForeignKey:AppealID;References:ID"` +} + +func (m *Access) FromDomain(a domain.Access) error { + if a.ID != "" { + uuid, err := uuid.Parse(a.ID) + if err != nil { + return fmt.Errorf("parsing uuid: %w", err) + } + m.ID = uuid + } + + if a.Resource != nil { + r := new(Resource) + if err := r.FromDomain(a.Resource); err != nil { + return fmt.Errorf("parsing resource: %w", err) + } + m.Resource = r + } + + if a.Appeal != nil { + appeal := new(Appeal) + if err := appeal.FromDomain(a.Appeal); err != nil { + return fmt.Errorf("parsing appeal: %w", err) + } + m.Appeal = appeal + } + + if a.ExpirationDate != nil { + m.ExpirationDate = *a.ExpirationDate + } + + if a.RevokedAt != nil { + m.RevokedAt = *a.RevokedAt + } + + m.Status = string(a.Status) + m.AccountID = a.AccountID + m.AccountType = a.AccountType + m.ResourceID = a.ResourceID + m.Role = a.Role + m.Permissions = pq.StringArray(a.Permissions) + m.AppealID = a.AppealID + m.RevokedBy = a.RevokedBy + m.RevokeReason = a.RevokeReason + m.CreatedBy = a.CreatedBy + m.CreatedAt = a.CreatedAt + m.UpdatedAt = a.UpdatedAt + return nil +} + +func (m Access) ToDomain() (*domain.Access, error) { + access := &domain.Access{ + ID: m.ID.String(), + Status: domain.AccessStatus(m.Status), + AccountID: m.AccountID, + AccountType: m.AccountType, + ResourceID: m.ResourceID, + Role: m.Role, + Permissions: []string(m.Permissions), + AppealID: m.AppealID, + RevokedBy: m.RevokedBy, + RevokeReason: m.RevokeReason, + CreatedBy: m.CreatedBy, + CreatedAt: m.CreatedAt, + UpdatedAt: m.UpdatedAt, + } + + if m.Resource != nil { + r, err := m.Resource.ToDomain() + if err != nil { + return nil, fmt.Errorf("parsing resource: %w", err) + } + access.Resource = r + } + + if m.Appeal != nil { + a, err := m.Appeal.ToDomain() + if err != nil { + return nil, fmt.Errorf("parsing appeal: %w", err) + } + access.Appeal = a + } + + if !m.ExpirationDate.IsZero() { + access.ExpirationDate = &m.ExpirationDate + } + if !m.RevokedAt.IsZero() { + access.RevokedAt = &m.RevokedAt + } + + return access, nil +} diff --git a/internal/store/postgres/model/appeal.go b/internal/store/postgres/model/appeal.go index 2e9e247d4..d2f951208 100644 --- a/internal/store/postgres/model/appeal.go +++ b/internal/store/postgres/model/appeal.go @@ -36,6 +36,7 @@ type Appeal struct { Resource *Resource `gorm:"ForeignKey:ResourceID;References:ID"` Policy Policy `gorm:"ForeignKey:PolicyID,PolicyVersion;References:ID,Version"` Approvals []*Approval + Access *Access CreatedAt time.Time `gorm:"autoCreateTime"` UpdatedAt time.Time `gorm:"autoUpdateTime"` @@ -83,6 +84,14 @@ func (m *Appeal) FromDomain(a *domain.Appeal) error { m.Resource = r } + if a.Access != nil { + access := new(Access) + if err := access.FromDomain(*a.Access); err != nil { + return fmt.Errorf("parsing access: %w", err) + } + m.Access = access + } + var id uuid.UUID if a.ID != "" { uuid, err := uuid.Parse(a.ID) @@ -165,6 +174,15 @@ func (m *Appeal) ToDomain() (*domain.Appeal, error) { resource = r } + var access *domain.Access + if m.Access != nil { + a, err := m.Access.ToDomain() + if err != nil { + return nil, fmt.Errorf("parsing access: %w", err) + } + access = a + } + return &domain.Appeal{ ID: m.ID.String(), ResourceID: m.ResourceID, @@ -185,6 +203,7 @@ func (m *Appeal) ToDomain() (*domain.Appeal, error) { Labels: labels, Approvals: approvals, Resource: resource, + Access: access, CreatedAt: m.CreatedAt, UpdatedAt: m.UpdatedAt, }, nil diff --git a/plugins/providers/bigquery/mocks/BigQueryClient.go b/plugins/providers/bigquery/mocks/BigQueryClient.go new file mode 100644 index 000000000..141edf47d --- /dev/null +++ b/plugins/providers/bigquery/mocks/BigQueryClient.go @@ -0,0 +1,325 @@ +// Code generated by mockery v2.10.0. DO NOT EDIT. + +package mocks + +import ( + context "context" + + bigquery "github.com/odpf/guardian/plugins/providers/bigquery" + + gobigquery "cloud.google.com/go/bigquery" + + mock "github.com/stretchr/testify/mock" +) + +// BigQueryClient is an autogenerated mock type for the BigQueryClient type +type BigQueryClient struct { + mock.Mock +} + +type BigQueryClient_Expecter struct { + mock *mock.Mock +} + +func (_m *BigQueryClient) EXPECT() *BigQueryClient_Expecter { + return &BigQueryClient_Expecter{mock: &_m.Mock} +} + +// GetDatasets provides a mock function with given fields: _a0 +func (_m *BigQueryClient) GetDatasets(_a0 context.Context) ([]*bigquery.Dataset, error) { + ret := _m.Called(_a0) + + var r0 []*bigquery.Dataset + if rf, ok := ret.Get(0).(func(context.Context) []*bigquery.Dataset); ok { + r0 = rf(_a0) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]*bigquery.Dataset) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context) error); ok { + r1 = rf(_a0) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// BigQueryClient_GetDatasets_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetDatasets' +type BigQueryClient_GetDatasets_Call struct { + *mock.Call +} + +// GetDatasets is a helper method to define mock.On call +// - _a0 context.Context +func (_e *BigQueryClient_Expecter) GetDatasets(_a0 interface{}) *BigQueryClient_GetDatasets_Call { + return &BigQueryClient_GetDatasets_Call{Call: _e.mock.On("GetDatasets", _a0)} +} + +func (_c *BigQueryClient_GetDatasets_Call) Run(run func(_a0 context.Context)) *BigQueryClient_GetDatasets_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context)) + }) + return _c +} + +func (_c *BigQueryClient_GetDatasets_Call) Return(_a0 []*bigquery.Dataset, _a1 error) *BigQueryClient_GetDatasets_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +// GetTables provides a mock function with given fields: ctx, datasetID +func (_m *BigQueryClient) GetTables(ctx context.Context, datasetID string) ([]*bigquery.Table, error) { + ret := _m.Called(ctx, datasetID) + + var r0 []*bigquery.Table + if rf, ok := ret.Get(0).(func(context.Context, string) []*bigquery.Table); ok { + r0 = rf(ctx, datasetID) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]*bigquery.Table) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, string) error); ok { + r1 = rf(ctx, datasetID) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// BigQueryClient_GetTables_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetTables' +type BigQueryClient_GetTables_Call struct { + *mock.Call +} + +// GetTables is a helper method to define mock.On call +// - ctx context.Context +// - datasetID string +func (_e *BigQueryClient_Expecter) GetTables(ctx interface{}, datasetID interface{}) *BigQueryClient_GetTables_Call { + return &BigQueryClient_GetTables_Call{Call: _e.mock.On("GetTables", ctx, datasetID)} +} + +func (_c *BigQueryClient_GetTables_Call) Run(run func(ctx context.Context, datasetID string)) *BigQueryClient_GetTables_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(string)) + }) + return _c +} + +func (_c *BigQueryClient_GetTables_Call) Return(_a0 []*bigquery.Table, _a1 error) *BigQueryClient_GetTables_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +// GrantDatasetAccess provides a mock function with given fields: ctx, d, user, role +func (_m *BigQueryClient) GrantDatasetAccess(ctx context.Context, d *bigquery.Dataset, user string, role string) error { + ret := _m.Called(ctx, d, user, role) + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, *bigquery.Dataset, string, string) error); ok { + r0 = rf(ctx, d, user, role) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// BigQueryClient_GrantDatasetAccess_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GrantDatasetAccess' +type BigQueryClient_GrantDatasetAccess_Call struct { + *mock.Call +} + +// GrantDatasetAccess is a helper method to define mock.On call +// - ctx context.Context +// - d *bigquery.Dataset +// - user string +// - role string +func (_e *BigQueryClient_Expecter) GrantDatasetAccess(ctx interface{}, d interface{}, user interface{}, role interface{}) *BigQueryClient_GrantDatasetAccess_Call { + return &BigQueryClient_GrantDatasetAccess_Call{Call: _e.mock.On("GrantDatasetAccess", ctx, d, user, role)} +} + +func (_c *BigQueryClient_GrantDatasetAccess_Call) Run(run func(ctx context.Context, d *bigquery.Dataset, user string, role string)) *BigQueryClient_GrantDatasetAccess_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(*bigquery.Dataset), args[2].(string), args[3].(string)) + }) + return _c +} + +func (_c *BigQueryClient_GrantDatasetAccess_Call) Return(_a0 error) *BigQueryClient_GrantDatasetAccess_Call { + _c.Call.Return(_a0) + return _c +} + +// GrantTableAccess provides a mock function with given fields: ctx, t, accountType, accountID, role +func (_m *BigQueryClient) GrantTableAccess(ctx context.Context, t *bigquery.Table, accountType string, accountID string, role string) error { + ret := _m.Called(ctx, t, accountType, accountID, role) + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, *bigquery.Table, string, string, string) error); ok { + r0 = rf(ctx, t, accountType, accountID, role) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// BigQueryClient_GrantTableAccess_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GrantTableAccess' +type BigQueryClient_GrantTableAccess_Call struct { + *mock.Call +} + +// GrantTableAccess is a helper method to define mock.On call +// - ctx context.Context +// - t *bigquery.Table +// - accountType string +// - accountID string +// - role string +func (_e *BigQueryClient_Expecter) GrantTableAccess(ctx interface{}, t interface{}, accountType interface{}, accountID interface{}, role interface{}) *BigQueryClient_GrantTableAccess_Call { + return &BigQueryClient_GrantTableAccess_Call{Call: _e.mock.On("GrantTableAccess", ctx, t, accountType, accountID, role)} +} + +func (_c *BigQueryClient_GrantTableAccess_Call) Run(run func(ctx context.Context, t *bigquery.Table, accountType string, accountID string, role string)) *BigQueryClient_GrantTableAccess_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(*bigquery.Table), args[2].(string), args[3].(string), args[4].(string)) + }) + return _c +} + +func (_c *BigQueryClient_GrantTableAccess_Call) Return(_a0 error) *BigQueryClient_GrantTableAccess_Call { + _c.Call.Return(_a0) + return _c +} + +// ResolveDatasetRole provides a mock function with given fields: role +func (_m *BigQueryClient) ResolveDatasetRole(role string) (gobigquery.AccessRole, error) { + ret := _m.Called(role) + + var r0 gobigquery.AccessRole + if rf, ok := ret.Get(0).(func(string) gobigquery.AccessRole); ok { + r0 = rf(role) + } else { + r0 = ret.Get(0).(gobigquery.AccessRole) + } + + var r1 error + if rf, ok := ret.Get(1).(func(string) error); ok { + r1 = rf(role) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// BigQueryClient_ResolveDatasetRole_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ResolveDatasetRole' +type BigQueryClient_ResolveDatasetRole_Call struct { + *mock.Call +} + +// ResolveDatasetRole is a helper method to define mock.On call +// - role string +func (_e *BigQueryClient_Expecter) ResolveDatasetRole(role interface{}) *BigQueryClient_ResolveDatasetRole_Call { + return &BigQueryClient_ResolveDatasetRole_Call{Call: _e.mock.On("ResolveDatasetRole", role)} +} + +func (_c *BigQueryClient_ResolveDatasetRole_Call) Run(run func(role string)) *BigQueryClient_ResolveDatasetRole_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(string)) + }) + return _c +} + +func (_c *BigQueryClient_ResolveDatasetRole_Call) Return(_a0 gobigquery.AccessRole, _a1 error) *BigQueryClient_ResolveDatasetRole_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +// RevokeDatasetAccess provides a mock function with given fields: ctx, d, user, role +func (_m *BigQueryClient) RevokeDatasetAccess(ctx context.Context, d *bigquery.Dataset, user string, role string) error { + ret := _m.Called(ctx, d, user, role) + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, *bigquery.Dataset, string, string) error); ok { + r0 = rf(ctx, d, user, role) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// BigQueryClient_RevokeDatasetAccess_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RevokeDatasetAccess' +type BigQueryClient_RevokeDatasetAccess_Call struct { + *mock.Call +} + +// RevokeDatasetAccess is a helper method to define mock.On call +// - ctx context.Context +// - d *bigquery.Dataset +// - user string +// - role string +func (_e *BigQueryClient_Expecter) RevokeDatasetAccess(ctx interface{}, d interface{}, user interface{}, role interface{}) *BigQueryClient_RevokeDatasetAccess_Call { + return &BigQueryClient_RevokeDatasetAccess_Call{Call: _e.mock.On("RevokeDatasetAccess", ctx, d, user, role)} +} + +func (_c *BigQueryClient_RevokeDatasetAccess_Call) Run(run func(ctx context.Context, d *bigquery.Dataset, user string, role string)) *BigQueryClient_RevokeDatasetAccess_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(*bigquery.Dataset), args[2].(string), args[3].(string)) + }) + return _c +} + +func (_c *BigQueryClient_RevokeDatasetAccess_Call) Return(_a0 error) *BigQueryClient_RevokeDatasetAccess_Call { + _c.Call.Return(_a0) + return _c +} + +// RevokeTableAccess provides a mock function with given fields: ctx, t, accountType, accountID, role +func (_m *BigQueryClient) RevokeTableAccess(ctx context.Context, t *bigquery.Table, accountType string, accountID string, role string) error { + ret := _m.Called(ctx, t, accountType, accountID, role) + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, *bigquery.Table, string, string, string) error); ok { + r0 = rf(ctx, t, accountType, accountID, role) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// BigQueryClient_RevokeTableAccess_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RevokeTableAccess' +type BigQueryClient_RevokeTableAccess_Call struct { + *mock.Call +} + +// RevokeTableAccess is a helper method to define mock.On call +// - ctx context.Context +// - t *bigquery.Table +// - accountType string +// - accountID string +// - role string +func (_e *BigQueryClient_Expecter) RevokeTableAccess(ctx interface{}, t interface{}, accountType interface{}, accountID interface{}, role interface{}) *BigQueryClient_RevokeTableAccess_Call { + return &BigQueryClient_RevokeTableAccess_Call{Call: _e.mock.On("RevokeTableAccess", ctx, t, accountType, accountID, role)} +} + +func (_c *BigQueryClient_RevokeTableAccess_Call) Run(run func(ctx context.Context, t *bigquery.Table, accountType string, accountID string, role string)) *BigQueryClient_RevokeTableAccess_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(*bigquery.Table), args[2].(string), args[3].(string), args[4].(string)) + }) + return _c +} + +func (_c *BigQueryClient_RevokeTableAccess_Call) Return(_a0 error) *BigQueryClient_RevokeTableAccess_Call { + _c.Call.Return(_a0) + return _c +} diff --git a/plugins/providers/bigquery/provider.go b/plugins/providers/bigquery/provider.go index e8794ad71..9957befb3 100644 --- a/plugins/providers/bigquery/provider.go +++ b/plugins/providers/bigquery/provider.go @@ -93,7 +93,7 @@ func (p *Provider) GetResources(pc *domain.ProviderConfig) ([]*domain.Resource, return resources, nil } -func (p *Provider) GrantAccess(pc *domain.ProviderConfig, a *domain.Appeal) error { +func (p *Provider) GrantAccess(pc *domain.ProviderConfig, a domain.Access) error { if err := validateProviderConfigAndAppealParams(pc, a); err != nil { return err } @@ -146,7 +146,7 @@ func (p *Provider) GrantAccess(pc *domain.ProviderConfig, a *domain.Appeal) erro return ErrInvalidResourceType } -func (p *Provider) RevokeAccess(pc *domain.ProviderConfig, a *domain.Appeal) error { +func (p *Provider) RevokeAccess(pc *domain.ProviderConfig, a domain.Access) error { if err := validateProviderConfigAndAppealParams(pc, a); err != nil { return err } @@ -226,13 +226,10 @@ func (p *Provider) getBigQueryClient(credentials Credentials) (BigQueryClient, e return client, nil } -func validateProviderConfigAndAppealParams(pc *domain.ProviderConfig, a *domain.Appeal) error { +func validateProviderConfigAndAppealParams(pc *domain.ProviderConfig, a domain.Access) error { if pc == nil { return ErrNilProviderConfig } - if a == nil { - return ErrNilAppeal - } if a.Resource == nil { return ErrNilResource } @@ -245,7 +242,7 @@ func validateProviderConfigAndAppealParams(pc *domain.ProviderConfig, a *domain. return nil } -func getPermissions(a *domain.Appeal) []Permission { +func getPermissions(a domain.Access) []Permission { var permissions []Permission for _, p := range a.Permissions { permissions = append(permissions, Permission(p)) diff --git a/plugins/providers/bigquery/provider_test.go b/plugins/providers/bigquery/provider_test.go index 7246b1207..8e82c167c 100644 --- a/plugins/providers/bigquery/provider_test.go +++ b/plugins/providers/bigquery/provider_test.go @@ -350,7 +350,7 @@ func TestGrantAccess(t *testing.T) { testCases := []struct { name string providerConfig *domain.ProviderConfig - appeal *domain.Appeal + access domain.Access expectedError error }{ { @@ -363,16 +363,7 @@ func TestGrantAccess(t *testing.T) { URN: "test-URN", AllowedAccountTypes: []string{"user", "serviceAccount"}, }, - appeal: nil, - expectedError: bigquery.ErrNilAppeal, - }, - { - providerConfig: &domain.ProviderConfig{ - Type: "bigquery", - URN: "test-URN", - AllowedAccountTypes: []string{"user", "serviceAccount"}, - }, - appeal: &domain.Appeal{ + access: domain.Access{ ID: "test-appeal-id", AccountType: "user", }, @@ -384,7 +375,7 @@ func TestGrantAccess(t *testing.T) { URN: "test-URN-1", AllowedAccountTypes: []string{"user", "serviceAccount"}, }, - appeal: &domain.Appeal{ + access: domain.Access{ ID: "test-appeal-id", AccountType: "user", Resource: &domain.Resource{ @@ -400,7 +391,7 @@ func TestGrantAccess(t *testing.T) { URN: "test-URN-1", AllowedAccountTypes: []string{"user", "serviceAccount"}, }, - appeal: &domain.Appeal{ + access: domain.Access{ ID: "test-appeal-id", AccountType: "user", Resource: &domain.Resource{ @@ -416,7 +407,7 @@ func TestGrantAccess(t *testing.T) { for _, tc := range testCases { p := initProvider() pc := tc.providerConfig - a := tc.appeal + a := tc.access actualError := p.GrantAccess(pc, a) assert.EqualError(t, actualError, tc.expectedError.Error()) @@ -440,7 +431,7 @@ func TestGrantAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -484,7 +475,7 @@ func TestGrantAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Role: "VIEWER", Resource: &domain.Resource{ ProviderType: "bigquery", @@ -535,7 +526,7 @@ func TestGrantAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Role: "VIEWER", Resource: &domain.Resource{ ProviderType: "bigquery", @@ -588,7 +579,7 @@ func TestGrantAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Role: "VIEWER", Resource: &domain.Resource{ URN: "p_id:d_id.t_id", @@ -615,7 +606,7 @@ func TestRevokeAccess(t *testing.T) { t.Run("should return error if Provider Config or Appeal doesn't have required parameters", func(t *testing.T) { testCases := []struct { providerConfig *domain.ProviderConfig - appeal *domain.Appeal + access domain.Access expectedError error }{ { @@ -628,16 +619,7 @@ func TestRevokeAccess(t *testing.T) { URN: "test-URN", AllowedAccountTypes: []string{"user", "serviceAccount"}, }, - appeal: nil, - expectedError: bigquery.ErrNilAppeal, - }, - { - providerConfig: &domain.ProviderConfig{ - Type: "bigquery", - URN: "test-URN", - AllowedAccountTypes: []string{"user", "serviceAccount"}, - }, - appeal: &domain.Appeal{ + access: domain.Access{ ID: "test-appeal-id", AccountType: "user", }, @@ -649,7 +631,7 @@ func TestRevokeAccess(t *testing.T) { URN: "test-URN-1", AllowedAccountTypes: []string{"user", "serviceAccount"}, }, - appeal: &domain.Appeal{ + access: domain.Access{ ID: "test-appeal-id", AccountType: "user", Resource: &domain.Resource{ @@ -665,7 +647,7 @@ func TestRevokeAccess(t *testing.T) { URN: "test-URN-1", AllowedAccountTypes: []string{"user", "serviceAccount"}, }, - appeal: &domain.Appeal{ + access: domain.Access{ ID: "test-appeal-id", AccountType: "user", Resource: &domain.Resource{ @@ -681,7 +663,7 @@ func TestRevokeAccess(t *testing.T) { for _, tc := range testCases { p := initProvider() pc := tc.providerConfig - a := tc.appeal + a := tc.access actualError := p.RevokeAccess(pc, a) assert.EqualError(t, actualError, tc.expectedError.Error()) @@ -705,7 +687,7 @@ func TestRevokeAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -749,7 +731,7 @@ func TestRevokeAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Role: "VIEWER", Resource: &domain.Resource{ ProviderType: "bigquery", @@ -800,7 +782,7 @@ func TestRevokeAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Role: "VIEWER", Resource: &domain.Resource{ ProviderType: "bigquery", @@ -852,7 +834,7 @@ func TestRevokeAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Role: "VIEWER", Resource: &domain.Resource{ URN: "p_id:d_id.t_id", diff --git a/plugins/providers/client.go b/plugins/providers/client.go index efa91c774..d7008ed79 100644 --- a/plugins/providers/client.go +++ b/plugins/providers/client.go @@ -6,8 +6,8 @@ type Client interface { GetType() string CreateConfig(*domain.ProviderConfig) error GetResources(pc *domain.ProviderConfig) ([]*domain.Resource, error) - GrantAccess(*domain.ProviderConfig, *domain.Appeal) error - RevokeAccess(*domain.ProviderConfig, *domain.Appeal) error + GrantAccess(*domain.ProviderConfig, domain.Access) error + RevokeAccess(*domain.ProviderConfig, domain.Access) error GetRoles(pc *domain.ProviderConfig, resourceType string) ([]*domain.Role, error) GetAccountTypes() []string } diff --git a/plugins/providers/gcloudiam/provider.go b/plugins/providers/gcloudiam/provider.go index 251dfd86f..d04309849 100644 --- a/plugins/providers/gcloudiam/provider.go +++ b/plugins/providers/gcloudiam/provider.go @@ -76,7 +76,7 @@ func (p *Provider) GetResources(pc *domain.ProviderConfig) ([]*domain.Resource, }, nil } -func (p *Provider) GrantAccess(pc *domain.ProviderConfig, a *domain.Appeal) error { +func (p *Provider) GrantAccess(pc *domain.ProviderConfig, a domain.Access) error { // TODO: validate provider config and appeal var creds Credentials @@ -105,7 +105,7 @@ func (p *Provider) GrantAccess(pc *domain.ProviderConfig, a *domain.Appeal) erro return ErrInvalidResourceType } -func (p *Provider) RevokeAccess(pc *domain.ProviderConfig, a *domain.Appeal) error { +func (p *Provider) RevokeAccess(pc *domain.ProviderConfig, a domain.Access) error { var creds Credentials if err := mapstructure.Decode(pc.Credentials, &creds); err != nil { return err diff --git a/plugins/providers/gcloudiam/provider_test.go b/plugins/providers/gcloudiam/provider_test.go index 884dd0f4f..62c67afd0 100644 --- a/plugins/providers/gcloudiam/provider_test.go +++ b/plugins/providers/gcloudiam/provider_test.go @@ -400,7 +400,7 @@ func TestGrantAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -430,7 +430,7 @@ func TestGrantAccess(t *testing.T) { ResourceName: "projects/test-resource-name", }, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -473,7 +473,7 @@ func TestGrantAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: gcloudiam.ResourceTypeProject, URN: "999", @@ -522,7 +522,7 @@ func TestGrantAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: gcloudiam.ResourceTypeProject, URN: "test-role", @@ -560,7 +560,7 @@ func TestRevokeAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -603,7 +603,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: gcloudiam.ResourceTypeProject, URN: "999", @@ -652,7 +652,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: gcloudiam.ResourceTypeProject, URN: "test-role", diff --git a/plugins/providers/gcs/mocks/Crypto.go b/plugins/providers/gcs/mocks/Crypto.go index 6ec12f5d9..bb7be8860 100644 --- a/plugins/providers/gcs/mocks/Crypto.go +++ b/plugins/providers/gcs/mocks/Crypto.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.14.0. DO NOT EDIT. +// Code generated by mockery v2.10.0. DO NOT EDIT. package mocks @@ -104,18 +104,3 @@ func (_c *Crypto_Encrypt_Call) Return(_a0 string, _a1 error) *Crypto_Encrypt_Cal _c.Call.Return(_a0, _a1) return _c } - -type mockConstructorTestingTNewCrypto interface { - mock.TestingT - Cleanup(func()) -} - -// NewCrypto creates a new instance of Crypto. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -func NewCrypto(t mockConstructorTestingTNewCrypto) *Crypto { - mock := &Crypto{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/plugins/providers/gcs/mocks/GCSClient.go b/plugins/providers/gcs/mocks/GCSClient.go index fa424e7aa..86f06ca4a 100644 --- a/plugins/providers/gcs/mocks/GCSClient.go +++ b/plugins/providers/gcs/mocks/GCSClient.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.14.0. DO NOT EDIT. +// Code generated by mockery v2.10.0. DO NOT EDIT. package mocks @@ -150,18 +150,3 @@ func (_c *GCSClient_RevokeBucketAccess_Call) Return(_a0 error) *GCSClient_Revoke _c.Call.Return(_a0) return _c } - -type mockConstructorTestingTNewGCSClient interface { - mock.TestingT - Cleanup(func()) -} - -// NewGCSClient creates a new instance of GCSClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -func NewGCSClient(t mockConstructorTestingTNewGCSClient) *GCSClient { - mock := &GCSClient{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/plugins/providers/gcs/provider.go b/plugins/providers/gcs/provider.go index 62ad3f0c4..db78bb297 100644 --- a/plugins/providers/gcs/provider.go +++ b/plugins/providers/gcs/provider.go @@ -95,7 +95,7 @@ func (p *Provider) GetType() string { return p.typeName } -func (p *Provider) GrantAccess(pc *domain.ProviderConfig, a *domain.Appeal) error { +func (p *Provider) GrantAccess(pc *domain.ProviderConfig, a domain.Access) error { if err := validateProviderConfigAndAppealParams(pc, a); err != nil { return fmt.Errorf("invalid provider/appeal config: %w", err) } @@ -136,7 +136,7 @@ func (p *Provider) GrantAccess(pc *domain.ProviderConfig, a *domain.Appeal) erro return ErrInvalidResourceType } -func (p *Provider) RevokeAccess(pc *domain.ProviderConfig, a *domain.Appeal) error { +func (p *Provider) RevokeAccess(pc *domain.ProviderConfig, a domain.Access) error { if err := validateProviderConfigAndAppealParams(pc, a); err != nil { return fmt.Errorf("invalid provider/appeal config: %w", err) } @@ -186,13 +186,10 @@ func (p *Provider) GetAccountTypes() []string { return []string{AccountTypeUser, AccountTypeServiceAccount, AccountTypeGroup, AccountTypeDomain} } -func validateProviderConfigAndAppealParams(pc *domain.ProviderConfig, a *domain.Appeal) error { +func validateProviderConfigAndAppealParams(pc *domain.ProviderConfig, a domain.Access) error { if pc == nil { return ErrNilProviderConfig } - if a == nil { - return ErrNilAppeal - } if a.Resource == nil { return ErrNilResource } @@ -205,7 +202,7 @@ func validateProviderConfigAndAppealParams(pc *domain.ProviderConfig, a *domain. return nil } -func getPermissions(a *domain.Appeal) []Permission { +func getPermissions(a domain.Access) []Permission { var permissions []Permission for _, p := range a.Permissions { permissions = append(permissions, Permission(p)) diff --git a/plugins/providers/gcs/provider_test.go b/plugins/providers/gcs/provider_test.go index f7bd93c34..7a8d25921 100644 --- a/plugins/providers/gcs/provider_test.go +++ b/plugins/providers/gcs/provider_test.go @@ -275,7 +275,7 @@ func TestGrantAccess(t *testing.T) { testCases := []struct { name string providerConfig *domain.ProviderConfig - appeal *domain.Appeal + access domain.Access expectedError error }{ { @@ -283,16 +283,6 @@ func TestGrantAccess(t *testing.T) { providerConfig: nil, expectedError: fmt.Errorf("invalid provider/appeal config: %w", gcs.ErrNilProviderConfig), }, - { - name: "nil appeal config", - providerConfig: &domain.ProviderConfig{ - Type: domain.ProviderTypeGCS, - URN: "test-URN", - AllowedAccountTypes: []string{"user", "serviceAccount"}, - }, - appeal: nil, - expectedError: fmt.Errorf("invalid provider/appeal config: %w", gcs.ErrNilAppeal), - }, { name: "nil resource config", providerConfig: &domain.ProviderConfig{ @@ -300,7 +290,7 @@ func TestGrantAccess(t *testing.T) { URN: "test-URN", AllowedAccountTypes: []string{"user", "serviceAccount"}, }, - appeal: &domain.Appeal{ + access: domain.Access{ ID: "test-appeal-id", AccountType: "user", }, @@ -313,7 +303,7 @@ func TestGrantAccess(t *testing.T) { URN: "test-URN-1", AllowedAccountTypes: []string{"user", "serviceAccount"}, }, - appeal: &domain.Appeal{ + access: domain.Access{ ID: "test-appeal-id", AccountType: "user", Resource: &domain.Resource{ @@ -330,7 +320,7 @@ func TestGrantAccess(t *testing.T) { URN: "test-URN-1", AllowedAccountTypes: []string{"user", "serviceAccount"}, }, - appeal: &domain.Appeal{ + access: domain.Access{ ID: "test-appeal-id", AccountType: "user", Resource: &domain.Resource{ @@ -347,7 +337,7 @@ func TestGrantAccess(t *testing.T) { t.Run(tc.name, func(t *testing.T) { p := initProvider() pc := tc.providerConfig - a := tc.appeal + a := tc.access actualError := p.GrantAccess(pc, a) assert.EqualError(t, actualError, tc.expectedError.Error()) @@ -372,7 +362,7 @@ func TestGrantAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -416,7 +406,7 @@ func TestGrantAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Role: "Storage Legacy Bucket Writer", Resource: &domain.Resource{ URN: "test-bucket-name", @@ -467,7 +457,7 @@ func TestGrantAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Role: "Storage Legacy Bucket Writer", Resource: &domain.Resource{ URN: "test-bucket-name", @@ -525,7 +515,7 @@ func TestGrantAccess(t *testing.T) { }, } - a := &domain.Appeal{ + a := domain.Access{ Role: "Storage Legacy Bucket Writer", Resource: &domain.Resource{ URN: "test-bucket-name", @@ -553,7 +543,7 @@ func TestRevokeAccess(t *testing.T) { testCases := []struct { name string providerConfig *domain.ProviderConfig - appeal *domain.Appeal + access domain.Access expectedError error }{ { @@ -561,16 +551,6 @@ func TestRevokeAccess(t *testing.T) { providerConfig: nil, expectedError: fmt.Errorf("invalid provider/appeal config: %w", gcs.ErrNilProviderConfig), }, - { - name: "nil appeal config", - providerConfig: &domain.ProviderConfig{ - Type: domain.ProviderTypeGCS, - URN: "test-URN", - AllowedAccountTypes: []string{"user", "serviceAccount"}, - }, - appeal: nil, - expectedError: fmt.Errorf("invalid provider/appeal config: %w", gcs.ErrNilAppeal), - }, { name: "nil resource config", providerConfig: &domain.ProviderConfig{ @@ -578,7 +558,7 @@ func TestRevokeAccess(t *testing.T) { URN: "test-URN", AllowedAccountTypes: []string{"user", "serviceAccount"}, }, - appeal: &domain.Appeal{ + access: domain.Access{ ID: "test-appeal-id", AccountType: "user", }, @@ -591,7 +571,7 @@ func TestRevokeAccess(t *testing.T) { URN: "test-URN-1", AllowedAccountTypes: []string{"user", "serviceAccount"}, }, - appeal: &domain.Appeal{ + access: domain.Access{ ID: "test-appeal-id", AccountType: "user", Resource: &domain.Resource{ @@ -608,7 +588,7 @@ func TestRevokeAccess(t *testing.T) { URN: "test-URN-1", AllowedAccountTypes: []string{"user", "serviceAccount"}, }, - appeal: &domain.Appeal{ + access: domain.Access{ ID: "test-appeal-id", AccountType: "user", Resource: &domain.Resource{ @@ -625,7 +605,7 @@ func TestRevokeAccess(t *testing.T) { t.Run(tc.name, func(t *testing.T) { p := initProvider() pc := tc.providerConfig - a := tc.appeal + a := tc.access actualError := p.RevokeAccess(pc, a) assert.EqualError(t, actualError, tc.expectedError.Error()) @@ -650,7 +630,7 @@ func TestRevokeAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -694,7 +674,7 @@ func TestRevokeAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Role: "Storage Legacy Bucket Writer", Resource: &domain.Resource{ URN: "test-bucket-name", @@ -745,7 +725,7 @@ func TestRevokeAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Role: "Storage Legacy Bucket Writer", Resource: &domain.Resource{ URN: "test-bucket-name", @@ -803,7 +783,7 @@ func TestRevokeAccess(t *testing.T) { }, } - a := &domain.Appeal{ + a := domain.Access{ Role: "Storage Legacy Bucket Writer", Resource: &domain.Resource{ URN: "test-bucket-name", diff --git a/plugins/providers/grafana/provider.go b/plugins/providers/grafana/provider.go index 2f22cde7e..33f77b82f 100644 --- a/plugins/providers/grafana/provider.go +++ b/plugins/providers/grafana/provider.go @@ -68,7 +68,7 @@ func (p *provider) GetResources(pc *domain.ProviderConfig) ([]*domain.Resource, return resources, nil } -func (p *provider) GrantAccess(pc *domain.ProviderConfig, a *domain.Appeal) error { +func (p *provider) GrantAccess(pc *domain.ProviderConfig, a domain.Access) error { var creds Credentials if err := mapstructure.Decode(pc.Credentials, &creds); err != nil { return err @@ -97,7 +97,7 @@ func (p *provider) GrantAccess(pc *domain.ProviderConfig, a *domain.Appeal) erro return ErrInvalidResourceType } -func (p *provider) RevokeAccess(pc *domain.ProviderConfig, a *domain.Appeal) error { +func (p *provider) RevokeAccess(pc *domain.ProviderConfig, a domain.Access) error { var creds Credentials if err := mapstructure.Decode(pc.Credentials, &creds); err != nil { return err @@ -160,7 +160,7 @@ func (p *provider) getClient(providerURN string, credentials Credentials) (Grafa return client, nil } -func getPermissions(a *domain.Appeal) []Permission { +func getPermissions(a domain.Access) []Permission { var permissions []Permission for _, p := range a.Permissions { permissions = append(permissions, Permission(p)) diff --git a/plugins/providers/grafana/provider_test.go b/plugins/providers/grafana/provider_test.go index ca1d5a377..4cb916f88 100644 --- a/plugins/providers/grafana/provider_test.go +++ b/plugins/providers/grafana/provider_test.go @@ -331,7 +331,7 @@ func TestGrantAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -367,7 +367,7 @@ func TestGrantAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -405,7 +405,7 @@ func TestGrantAccess(t *testing.T) { }, URN: "test-urn", } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -448,7 +448,7 @@ func TestGrantAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: grafana.ResourceTypeDashboard, URN: "999", @@ -498,7 +498,7 @@ func TestGrantAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: grafana.ResourceTypeDashboard, URN: "999", @@ -536,7 +536,7 @@ func TestRevokeAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -572,7 +572,7 @@ func TestRevokeAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -610,7 +610,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: "test-urn", } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -653,7 +653,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: grafana.ResourceTypeDashboard, URN: "999", @@ -704,7 +704,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: grafana.ResourceTypeDashboard, URN: "999", diff --git a/plugins/providers/metabase/provider.go b/plugins/providers/metabase/provider.go index d30c10780..6396c400e 100644 --- a/plugins/providers/metabase/provider.go +++ b/plugins/providers/metabase/provider.go @@ -199,7 +199,7 @@ func (p *provider) addTables(pc *domain.ProviderConfig, databases []*Database, r return resources } -func (p *provider) GrantAccess(pc *domain.ProviderConfig, a *domain.Appeal) error { +func (p *provider) GrantAccess(pc *domain.ProviderConfig, a domain.Access) error { // TODO: validate provider config and appeal var creds Credentials @@ -275,7 +275,7 @@ func (p *provider) GrantAccess(pc *domain.ProviderConfig, a *domain.Appeal) erro return ErrInvalidResourceType } -func (p *provider) RevokeAccess(pc *domain.ProviderConfig, a *domain.Appeal) error { +func (p *provider) RevokeAccess(pc *domain.ProviderConfig, a domain.Access) error { var creds Credentials if err := mapstructure.Decode(pc.Credentials, &creds); err != nil { return err @@ -371,7 +371,7 @@ func (p *provider) getClient(providerURN string, credentials Credentials) (Metab return client, nil } -func getPermissions(a *domain.Appeal) []Permission { +func getPermissions(a domain.Access) []Permission { var permissions []Permission for _, p := range a.Permissions { permissions = append(permissions, Permission(p)) diff --git a/plugins/providers/metabase/provider_test.go b/plugins/providers/metabase/provider_test.go index 989be048e..557bba7fd 100644 --- a/plugins/providers/metabase/provider_test.go +++ b/plugins/providers/metabase/provider_test.go @@ -453,7 +453,7 @@ func TestGrantAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -489,7 +489,7 @@ func TestGrantAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -527,7 +527,7 @@ func TestGrantAccess(t *testing.T) { }, URN: "test-urn", } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -577,7 +577,7 @@ func TestGrantAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: metabase.ResourceTypeDatabase, URN: "database:999", @@ -635,7 +635,7 @@ func TestGrantAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: metabase.ResourceTypeDatabase, URN: "database:999", @@ -692,7 +692,7 @@ func TestGrantAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: metabase.ResourceTypeCollection, URN: "collection:999", @@ -751,7 +751,7 @@ func TestGrantAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: metabase.ResourceTypeCollection, URN: "collection:999", @@ -807,7 +807,7 @@ func TestGrantAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: metabase.ResourceTypeGroup, URN: "group:999", @@ -861,7 +861,7 @@ func TestGrantAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: metabase.ResourceTypeGroup, URN: "group:999", @@ -920,7 +920,7 @@ func TestGrantAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: metabase.ResourceTypeTable, URN: "table:999.1000", @@ -983,7 +983,7 @@ func TestGrantAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: metabase.ResourceTypeTable, URN: "table:999.1000", @@ -1024,7 +1024,7 @@ func TestRevokeAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -1060,7 +1060,7 @@ func TestRevokeAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -1098,7 +1098,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: "test-urn", } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -1142,7 +1142,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: metabase.ResourceTypeDatabase, URN: "database:999", @@ -1193,7 +1193,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: metabase.ResourceTypeDatabase, URN: "database:999", @@ -1245,7 +1245,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: metabase.ResourceTypeCollection, URN: "collection:999", @@ -1297,7 +1297,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: metabase.ResourceTypeCollection, URN: "collection:999", @@ -1349,7 +1349,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: metabase.ResourceTypeGroup, URN: "group:999", @@ -1397,7 +1397,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: metabase.ResourceTypeTable, URN: "table:999.1000", @@ -1453,7 +1453,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: metabase.ResourceTypeTable, URN: "table:999.1000", diff --git a/plugins/providers/noop/provider.go b/plugins/providers/noop/provider.go index 3374b2824..9024257bb 100644 --- a/plugins/providers/noop/provider.go +++ b/plugins/providers/noop/provider.go @@ -79,11 +79,11 @@ func (p *Provider) GetResources(pc *domain.ProviderConfig) ([]*domain.Resource, }, nil } -func (p *Provider) GrantAccess(*domain.ProviderConfig, *domain.Appeal) error { +func (p *Provider) GrantAccess(*domain.ProviderConfig, domain.Access) error { return nil } -func (p *Provider) RevokeAccess(*domain.ProviderConfig, *domain.Appeal) error { +func (p *Provider) RevokeAccess(*domain.ProviderConfig, domain.Access) error { return nil } diff --git a/plugins/providers/noop/provider_test.go b/plugins/providers/noop/provider_test.go index cdd6f7ff2..f7cfabe6d 100644 --- a/plugins/providers/noop/provider_test.go +++ b/plugins/providers/noop/provider_test.go @@ -223,7 +223,7 @@ func TestGrantAccess(t *testing.T) { t.Run("should return nil", func(t *testing.T) { p := initProvider() - actualError := p.GrantAccess(nil, nil) + actualError := p.GrantAccess(nil, domain.Access{}) assert.NoError(t, actualError) }) @@ -233,7 +233,7 @@ func TestRevokeAccess(t *testing.T) { t.Run("should return nil", func(t *testing.T) { p := initProvider() - actualError := p.RevokeAccess(nil, nil) + actualError := p.RevokeAccess(nil, domain.Access{}) assert.NoError(t, actualError) }) diff --git a/plugins/providers/tableau/provider.go b/plugins/providers/tableau/provider.go index 16ab75f6b..f50273524 100644 --- a/plugins/providers/tableau/provider.go +++ b/plugins/providers/tableau/provider.go @@ -122,7 +122,7 @@ func (p *provider) GetResources(pc *domain.ProviderConfig) ([]*domain.Resource, return resources, nil } -func (p *provider) GrantAccess(pc *domain.ProviderConfig, a *domain.Appeal) error { +func (p *provider) GrantAccess(pc *domain.ProviderConfig, a domain.Access) error { var creds Credentials if err := mapstructure.Decode(pc.Credentials, &creds); err != nil { return err @@ -234,7 +234,7 @@ func (p *provider) GrantAccess(pc *domain.ProviderConfig, a *domain.Appeal) erro return ErrInvalidResourceType } -func (p *provider) RevokeAccess(pc *domain.ProviderConfig, a *domain.Appeal) error { +func (p *provider) RevokeAccess(pc *domain.ProviderConfig, a domain.Access) error { var creds Credentials if err := mapstructure.Decode(pc.Credentials, &creds); err != nil { return err @@ -375,7 +375,7 @@ func (p *provider) getClient(providerURN string, credentials Credentials) (Table return client, nil } -func getPermissions(a *domain.Appeal) []Permission { +func getPermissions(a domain.Access) []Permission { var permissions []Permission for _, p := range a.Permissions { permissions = append(permissions, toPermission(p)) diff --git a/plugins/providers/tableau/provider_test.go b/plugins/providers/tableau/provider_test.go index c0ff244a1..b39bc792e 100644 --- a/plugins/providers/tableau/provider_test.go +++ b/plugins/providers/tableau/provider_test.go @@ -663,7 +663,7 @@ func TestGrantAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -703,7 +703,7 @@ func TestGrantAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -745,7 +745,7 @@ func TestGrantAccess(t *testing.T) { }, URN: "test-urn", } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -801,7 +801,7 @@ func TestGrantAccess(t *testing.T) { testcases := []struct { pc *domain.ProviderConfig name string - a *domain.Appeal + a domain.Access }{ { pc: &domain.ProviderConfig{ @@ -815,7 +815,7 @@ func TestGrantAccess(t *testing.T) { URN: providerURN, }, name: "Provider Config with Site Role Permissions", - a: &domain.Appeal{ + a: domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeWorkbook, URN: "999", @@ -837,7 +837,7 @@ func TestGrantAccess(t *testing.T) { URN: providerURN, }, name: "Provider Config with Workook Permissions without site role permission", - a: &domain.Appeal{ + a: domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeWorkbook, URN: "999", @@ -898,7 +898,7 @@ func TestGrantAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeWorkbook, URN: "workbook-id", @@ -961,7 +961,7 @@ func TestGrantAccess(t *testing.T) { testcases := []struct { pc *domain.ProviderConfig name string - a *domain.Appeal + a domain.Access }{ { pc: &domain.ProviderConfig{ @@ -975,7 +975,7 @@ func TestGrantAccess(t *testing.T) { URN: providerURN, }, name: "Provider Config to Update Site Role Permissions", - a: &domain.Appeal{ + a: domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeFlow, URN: "999", @@ -997,7 +997,7 @@ func TestGrantAccess(t *testing.T) { URN: providerURN, }, name: "Provider Config with to Grant Flow Permission", - a: &domain.Appeal{ + a: domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeFlow, URN: "999", @@ -1058,7 +1058,7 @@ func TestGrantAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeFlow, URN: "flow-id", @@ -1121,7 +1121,7 @@ func TestGrantAccess(t *testing.T) { testcases := []struct { pc *domain.ProviderConfig name string - a *domain.Appeal + a domain.Access }{ { pc: &domain.ProviderConfig{ @@ -1135,7 +1135,7 @@ func TestGrantAccess(t *testing.T) { URN: providerURN, }, name: "Provider Config to Update Site Role Permissions", - a: &domain.Appeal{ + a: domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeView, URN: "999", @@ -1157,7 +1157,7 @@ func TestGrantAccess(t *testing.T) { URN: providerURN, }, name: "Provider Config with to Grant View Permission", - a: &domain.Appeal{ + a: domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeView, URN: "999", @@ -1218,7 +1218,7 @@ func TestGrantAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeView, URN: "view-id", @@ -1280,7 +1280,7 @@ func TestGrantAccess(t *testing.T) { testcases := []struct { pc *domain.ProviderConfig name string - a *domain.Appeal + a domain.Access }{ { pc: &domain.ProviderConfig{ @@ -1294,7 +1294,7 @@ func TestGrantAccess(t *testing.T) { URN: providerURN, }, name: "Provider Config to Update Site Role Permissions", - a: &domain.Appeal{ + a: domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeMetric, URN: "999", @@ -1316,7 +1316,7 @@ func TestGrantAccess(t *testing.T) { URN: providerURN, }, name: "Provider Config with to Grant Metric Permission", - a: &domain.Appeal{ + a: domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeMetric, URN: "999", @@ -1377,7 +1377,7 @@ func TestGrantAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeMetric, URN: "metric-id", @@ -1440,7 +1440,7 @@ func TestGrantAccess(t *testing.T) { testcases := []struct { pc *domain.ProviderConfig name string - a *domain.Appeal + a domain.Access }{ { pc: &domain.ProviderConfig{ @@ -1454,7 +1454,7 @@ func TestGrantAccess(t *testing.T) { URN: providerURN, }, name: "Provider Config to Update Site Role Permissions", - a: &domain.Appeal{ + a: domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeDataSource, URN: "999", @@ -1476,7 +1476,7 @@ func TestGrantAccess(t *testing.T) { URN: providerURN, }, name: "Provider Config with to Grant DataSource Permission", - a: &domain.Appeal{ + a: domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeDataSource, URN: "999", @@ -1537,7 +1537,7 @@ func TestGrantAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeDataSource, URN: "datasource-id", @@ -1579,7 +1579,7 @@ func TestRevokeAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -1619,7 +1619,7 @@ func TestRevokeAccess(t *testing.T) { }, }, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -1661,7 +1661,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: "test-urn", } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: "test-type", }, @@ -1709,7 +1709,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeWorkbook, URN: "999", @@ -1764,7 +1764,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeWorkbook, URN: "workbook-id", @@ -1818,7 +1818,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeFlow, URN: "999", @@ -1874,7 +1874,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeFlow, URN: "flow-id", @@ -1928,7 +1928,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeView, URN: "99", @@ -1984,7 +1984,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeView, URN: "view-id", @@ -2038,7 +2038,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeMetric, URN: "99", @@ -2094,7 +2094,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeMetric, URN: "metric-id", @@ -2148,7 +2148,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeDataSource, URN: "99", @@ -2204,7 +2204,7 @@ func TestRevokeAccess(t *testing.T) { }, URN: providerURN, } - a := &domain.Appeal{ + a := domain.Access{ Resource: &domain.Resource{ Type: tableau.ResourceTypeDataSource, URN: "datasource-id",