diff --git a/buf.lock b/buf.lock index f382f01..9356b4e 100644 --- a/buf.lock +++ b/buf.lock @@ -9,8 +9,8 @@ deps: - remote: buf.build owner: cerbos repository: cerbos-api - commit: e27328ec963d4f538a5c970aeec688b8 - digest: shake256:71ab15742b3a474818482b0104f9b7377d7e722f2ad0a149db42abf257ed88c6043f9763ec651bfe6836b56f834bce54c52399c9f77ac77fe161d510d63e341b + commit: c8b08ec4750649b290124ee2f3f3544f + digest: shake256:1665ae91a4043dedbb3658b4d51da44b95ae94ae2bb54ac11ab662a1a3c47c2630763f97b1a7827fa18bef0f8c84c807626e37e538841efba1aea1f62a45b94e - remote: buf.build owner: googleapis repository: googleapis diff --git a/composer.lock b/composer.lock index 2dfdea6..f01d6c5 100644 --- a/composer.lock +++ b/composer.lock @@ -551,16 +551,16 @@ }, { "name": "composer/pcre", - "version": "3.1.3", + "version": "3.1.4", "source": { "type": "git", "url": "https://github.com/composer/pcre.git", - "reference": "5b16e25a5355f1f3afdfc2f954a0a80aec4826a8" + "reference": "04229f163664973f68f38f6f73d917799168ef24" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/composer/pcre/zipball/5b16e25a5355f1f3afdfc2f954a0a80aec4826a8", - "reference": "5b16e25a5355f1f3afdfc2f954a0a80aec4826a8", + "url": "https://api.github.com/repos/composer/pcre/zipball/04229f163664973f68f38f6f73d917799168ef24", + "reference": "04229f163664973f68f38f6f73d917799168ef24", "shasum": "" }, "require": { @@ -602,7 +602,7 @@ ], "support": { "issues": "https://github.com/composer/pcre/issues", - "source": "https://github.com/composer/pcre/tree/3.1.3" + "source": "https://github.com/composer/pcre/tree/3.1.4" }, "funding": [ { @@ -618,7 +618,7 @@ "type": "tidelift" } ], - "time": "2024-03-19T10:26:25+00:00" + "time": "2024-05-27T13:40:54+00:00" }, { "name": "composer/semver", @@ -1015,16 +1015,16 @@ }, { "name": "myclabs/deep-copy", - "version": "1.11.1", + "version": "1.12.0", "source": { "type": "git", "url": "https://github.com/myclabs/DeepCopy.git", - "reference": "7284c22080590fb39f2ffa3e9057f10a4ddd0e0c" + "reference": "3a6b9a42cd8f8771bd4295d13e1423fa7f3d942c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/7284c22080590fb39f2ffa3e9057f10a4ddd0e0c", - "reference": "7284c22080590fb39f2ffa3e9057f10a4ddd0e0c", + "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/3a6b9a42cd8f8771bd4295d13e1423fa7f3d942c", + "reference": "3a6b9a42cd8f8771bd4295d13e1423fa7f3d942c", "shasum": "" }, "require": { @@ -1032,11 +1032,12 @@ }, "conflict": { "doctrine/collections": "<1.6.8", - "doctrine/common": "<2.13.3 || >=3,<3.2.2" + "doctrine/common": "<2.13.3 || >=3 <3.2.2" }, "require-dev": { "doctrine/collections": "^1.6.8", "doctrine/common": "^2.13.3 || ^3.2.2", + "phpspec/prophecy": "^1.10", "phpunit/phpunit": "^7.5.20 || ^8.5.23 || ^9.5.13" }, "type": "library", @@ -1062,7 +1063,7 @@ ], "support": { "issues": "https://github.com/myclabs/DeepCopy/issues", - "source": "https://github.com/myclabs/DeepCopy/tree/1.11.1" + "source": "https://github.com/myclabs/DeepCopy/tree/1.12.0" }, "funding": [ { @@ -1070,7 +1071,7 @@ "type": "tidelift" } ], - "time": "2023-03-08T13:26:56+00:00" + "time": "2024-06-12T14:39:25+00:00" }, { "name": "netresearch/jsonmapper", @@ -1413,16 +1414,16 @@ }, { "name": "phpdocumentor/reflection-docblock", - "version": "5.4.0", + "version": "5.4.1", "source": { "type": "git", "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git", - "reference": "298d2febfe79d03fe714eb871d5538da55205b1a" + "reference": "9d07b3f7fdcf5efec5d1609cba3c19c5ea2bdc9c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/298d2febfe79d03fe714eb871d5538da55205b1a", - "reference": "298d2febfe79d03fe714eb871d5538da55205b1a", + "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/9d07b3f7fdcf5efec5d1609cba3c19c5ea2bdc9c", + "reference": "9d07b3f7fdcf5efec5d1609cba3c19c5ea2bdc9c", "shasum": "" }, "require": { @@ -1471,9 +1472,9 @@ "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.", "support": { "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues", - "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.4.0" + "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.4.1" }, - "time": "2024-04-09T21:13:58+00:00" + "time": "2024-05-21T05:55:05+00:00" }, { "name": "phpdocumentor/type-resolver", @@ -1535,16 +1536,16 @@ }, { "name": "phpstan/phpdoc-parser", - "version": "1.29.0", + "version": "1.29.1", "source": { "type": "git", "url": "https://github.com/phpstan/phpdoc-parser.git", - "reference": "536889f2b340489d328f5ffb7b02bb6b183ddedc" + "reference": "fcaefacf2d5c417e928405b71b400d4ce10daaf4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/536889f2b340489d328f5ffb7b02bb6b183ddedc", - "reference": "536889f2b340489d328f5ffb7b02bb6b183ddedc", + "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/fcaefacf2d5c417e928405b71b400d4ce10daaf4", + "reference": "fcaefacf2d5c417e928405b71b400d4ce10daaf4", "shasum": "" }, "require": { @@ -1576,22 +1577,22 @@ "description": "PHPDoc parser with support for nullable, intersection and generic types", "support": { "issues": "https://github.com/phpstan/phpdoc-parser/issues", - "source": "https://github.com/phpstan/phpdoc-parser/tree/1.29.0" + "source": "https://github.com/phpstan/phpdoc-parser/tree/1.29.1" }, - "time": "2024-05-06T12:04:23+00:00" + "time": "2024-05-31T08:52:43+00:00" }, { "name": "phpstan/phpstan", - "version": "1.11.4", + "version": "1.11.5", "source": { "type": "git", "url": "https://github.com/phpstan/phpstan.git", - "reference": "9100a76ce8015b9aa7125b9171ae3a76887b6c82" + "reference": "490f0ae1c92b082f154681d7849aee776a7c1443" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpstan/phpstan/zipball/9100a76ce8015b9aa7125b9171ae3a76887b6c82", - "reference": "9100a76ce8015b9aa7125b9171ae3a76887b6c82", + "url": "https://api.github.com/repos/phpstan/phpstan/zipball/490f0ae1c92b082f154681d7849aee776a7c1443", + "reference": "490f0ae1c92b082f154681d7849aee776a7c1443", "shasum": "" }, "require": { @@ -1636,7 +1637,7 @@ "type": "github" } ], - "time": "2024-06-06T12:19:22+00:00" + "time": "2024-06-17T15:10:54+00:00" }, { "name": "phpunit/php-code-coverage", @@ -1961,16 +1962,16 @@ }, { "name": "phpunit/phpunit", - "version": "10.5.20", + "version": "10.5.24", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/phpunit.git", - "reference": "547d314dc24ec1e177720d45c6263fb226cc2ae3" + "reference": "5f124e3e3e561006047b532fd0431bf5bb6b9015" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/547d314dc24ec1e177720d45c6263fb226cc2ae3", - "reference": "547d314dc24ec1e177720d45c6263fb226cc2ae3", + "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/5f124e3e3e561006047b532fd0431bf5bb6b9015", + "reference": "5f124e3e3e561006047b532fd0431bf5bb6b9015", "shasum": "" }, "require": { @@ -2042,7 +2043,7 @@ "support": { "issues": "https://github.com/sebastianbergmann/phpunit/issues", "security": "https://github.com/sebastianbergmann/phpunit/security/policy", - "source": "https://github.com/sebastianbergmann/phpunit/tree/10.5.20" + "source": "https://github.com/sebastianbergmann/phpunit/tree/10.5.24" }, "funding": [ { @@ -2058,7 +2059,7 @@ "type": "tidelift" } ], - "time": "2024-04-24T06:32:35+00:00" + "time": "2024-06-20T13:09:54+00:00" }, { "name": "psr/container", @@ -3149,16 +3150,16 @@ }, { "name": "symfony/console", - "version": "v7.0.7", + "version": "v7.1.1", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "c981e0e9380ce9f146416bde3150c79197ce9986" + "reference": "9b008f2d7b21c74ef4d0c3de6077a642bc55ece3" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/c981e0e9380ce9f146416bde3150c79197ce9986", - "reference": "c981e0e9380ce9f146416bde3150c79197ce9986", + "url": "https://api.github.com/repos/symfony/console/zipball/9b008f2d7b21c74ef4d0c3de6077a642bc55ece3", + "reference": "9b008f2d7b21c74ef4d0c3de6077a642bc55ece3", "shasum": "" }, "require": { @@ -3222,7 +3223,7 @@ "terminal" ], "support": { - "source": "https://github.com/symfony/console/tree/v7.0.7" + "source": "https://github.com/symfony/console/tree/v7.1.1" }, "funding": [ { @@ -3238,7 +3239,7 @@ "type": "tidelift" } ], - "time": "2024-04-18T09:29:19+00:00" + "time": "2024-05-31T14:57:53+00:00" }, { "name": "symfony/deprecation-contracts", @@ -3309,22 +3310,24 @@ }, { "name": "symfony/filesystem", - "version": "v7.0.7", + "version": "v7.1.1", "source": { "type": "git", "url": "https://github.com/symfony/filesystem.git", - "reference": "cc168be6fbdcdf3401f50ae863ee3818ed4338f5" + "reference": "802e87002f919296c9f606457d9fa327a0b3d6b2" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/filesystem/zipball/cc168be6fbdcdf3401f50ae863ee3818ed4338f5", - "reference": "cc168be6fbdcdf3401f50ae863ee3818ed4338f5", + "url": "https://api.github.com/repos/symfony/filesystem/zipball/802e87002f919296c9f606457d9fa327a0b3d6b2", + "reference": "802e87002f919296c9f606457d9fa327a0b3d6b2", "shasum": "" }, "require": { "php": ">=8.2", "symfony/polyfill-ctype": "~1.8", - "symfony/polyfill-mbstring": "~1.8", + "symfony/polyfill-mbstring": "~1.8" + }, + "require-dev": { "symfony/process": "^6.4|^7.0" }, "type": "library", @@ -3353,7 +3356,7 @@ "description": "Provides basic utilities for the filesystem", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/filesystem/tree/v7.0.7" + "source": "https://github.com/symfony/filesystem/tree/v7.1.1" }, "funding": [ { @@ -3369,20 +3372,20 @@ "type": "tidelift" } ], - "time": "2024-04-18T09:29:19+00:00" + "time": "2024-05-31T14:57:53+00:00" }, { "name": "symfony/polyfill-ctype", - "version": "v1.29.0", + "version": "v1.30.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-ctype.git", - "reference": "ef4d7e442ca910c4764bce785146269b30cb5fc4" + "reference": "0424dff1c58f028c451efff2045f5d92410bd540" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/ef4d7e442ca910c4764bce785146269b30cb5fc4", - "reference": "ef4d7e442ca910c4764bce785146269b30cb5fc4", + "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/0424dff1c58f028c451efff2045f5d92410bd540", + "reference": "0424dff1c58f028c451efff2045f5d92410bd540", "shasum": "" }, "require": { @@ -3432,7 +3435,7 @@ "portable" ], "support": { - "source": "https://github.com/symfony/polyfill-ctype/tree/v1.29.0" + "source": "https://github.com/symfony/polyfill-ctype/tree/v1.30.0" }, "funding": [ { @@ -3448,20 +3451,20 @@ "type": "tidelift" } ], - "time": "2024-01-29T20:11:03+00:00" + "time": "2024-05-31T15:07:36+00:00" }, { "name": "symfony/polyfill-intl-grapheme", - "version": "v1.29.0", + "version": "v1.30.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-intl-grapheme.git", - "reference": "32a9da87d7b3245e09ac426c83d334ae9f06f80f" + "reference": "64647a7c30b2283f5d49b874d84a18fc22054b7a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/32a9da87d7b3245e09ac426c83d334ae9f06f80f", - "reference": "32a9da87d7b3245e09ac426c83d334ae9f06f80f", + "url": "https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/64647a7c30b2283f5d49b874d84a18fc22054b7a", + "reference": "64647a7c30b2283f5d49b874d84a18fc22054b7a", "shasum": "" }, "require": { @@ -3510,7 +3513,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.29.0" + "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.30.0" }, "funding": [ { @@ -3526,20 +3529,20 @@ "type": "tidelift" } ], - "time": "2024-01-29T20:11:03+00:00" + "time": "2024-05-31T15:07:36+00:00" }, { "name": "symfony/polyfill-intl-normalizer", - "version": "v1.29.0", + "version": "v1.30.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-intl-normalizer.git", - "reference": "bc45c394692b948b4d383a08d7753968bed9a83d" + "reference": "a95281b0be0d9ab48050ebd988b967875cdb9fdb" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/bc45c394692b948b4d383a08d7753968bed9a83d", - "reference": "bc45c394692b948b4d383a08d7753968bed9a83d", + "url": "https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/a95281b0be0d9ab48050ebd988b967875cdb9fdb", + "reference": "a95281b0be0d9ab48050ebd988b967875cdb9fdb", "shasum": "" }, "require": { @@ -3591,7 +3594,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.29.0" + "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.30.0" }, "funding": [ { @@ -3607,20 +3610,20 @@ "type": "tidelift" } ], - "time": "2024-01-29T20:11:03+00:00" + "time": "2024-05-31T15:07:36+00:00" }, { "name": "symfony/polyfill-mbstring", - "version": "v1.29.0", + "version": "v1.30.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-mbstring.git", - "reference": "9773676c8a1bb1f8d4340a62efe641cf76eda7ec" + "reference": "fd22ab50000ef01661e2a31d850ebaa297f8e03c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/9773676c8a1bb1f8d4340a62efe641cf76eda7ec", - "reference": "9773676c8a1bb1f8d4340a62efe641cf76eda7ec", + "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/fd22ab50000ef01661e2a31d850ebaa297f8e03c", + "reference": "fd22ab50000ef01661e2a31d850ebaa297f8e03c", "shasum": "" }, "require": { @@ -3671,68 +3674,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.29.0" - }, - "funding": [ - { - "url": "https://symfony.com/sponsor", - "type": "custom" - }, - { - "url": "https://github.com/fabpot", - "type": "github" - }, - { - "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", - "type": "tidelift" - } - ], - "time": "2024-01-29T20:11:03+00:00" - }, - { - "name": "symfony/process", - "version": "v7.0.7", - "source": { - "type": "git", - "url": "https://github.com/symfony/process.git", - "reference": "3839e56b94dd1dbd13235d27504e66baf23faba0" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/symfony/process/zipball/3839e56b94dd1dbd13235d27504e66baf23faba0", - "reference": "3839e56b94dd1dbd13235d27504e66baf23faba0", - "shasum": "" - }, - "require": { - "php": ">=8.2" - }, - "type": "library", - "autoload": { - "psr-4": { - "Symfony\\Component\\Process\\": "" - }, - "exclude-from-classmap": [ - "/Tests/" - ] - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Fabien Potencier", - "email": "fabien@symfony.com" - }, - { - "name": "Symfony Community", - "homepage": "https://symfony.com/contributors" - } - ], - "description": "Executes commands in sub-processes", - "homepage": "https://symfony.com", - "support": { - "source": "https://github.com/symfony/process/tree/v7.0.7" + "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.30.0" }, "funding": [ { @@ -3748,7 +3690,7 @@ "type": "tidelift" } ], - "time": "2024-04-18T09:29:19+00:00" + "time": "2024-06-19T12:30:46+00:00" }, { "name": "symfony/service-contracts", @@ -3835,16 +3777,16 @@ }, { "name": "symfony/string", - "version": "v7.0.7", + "version": "v7.1.1", "source": { "type": "git", "url": "https://github.com/symfony/string.git", - "reference": "e405b5424dc2528e02e31ba26b83a79fd4eb8f63" + "reference": "60bc311c74e0af215101235aa6f471bcbc032df2" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/string/zipball/e405b5424dc2528e02e31ba26b83a79fd4eb8f63", - "reference": "e405b5424dc2528e02e31ba26b83a79fd4eb8f63", + "url": "https://api.github.com/repos/symfony/string/zipball/60bc311c74e0af215101235aa6f471bcbc032df2", + "reference": "60bc311c74e0af215101235aa6f471bcbc032df2", "shasum": "" }, "require": { @@ -3858,6 +3800,7 @@ "symfony/translation-contracts": "<2.5" }, "require-dev": { + "symfony/emoji": "^7.1", "symfony/error-handler": "^6.4|^7.0", "symfony/http-client": "^6.4|^7.0", "symfony/intl": "^6.4|^7.0", @@ -3901,7 +3844,7 @@ "utf8" ], "support": { - "source": "https://github.com/symfony/string/tree/v7.0.7" + "source": "https://github.com/symfony/string/tree/v7.1.1" }, "funding": [ { @@ -3917,7 +3860,7 @@ "type": "tidelift" } ], - "time": "2024-04-18T09:29:19+00:00" + "time": "2024-06-04T06:40:14+00:00" }, { "name": "theseer/tokenizer", @@ -3971,16 +3914,16 @@ }, { "name": "vimeo/psalm", - "version": "5.24.0", + "version": "5.25.0", "source": { "type": "git", "url": "https://github.com/vimeo/psalm.git", - "reference": "462c80e31c34e58cc4f750c656be3927e80e550e" + "reference": "01a8eb06b9e9cc6cfb6a320bf9fb14331919d505" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/vimeo/psalm/zipball/462c80e31c34e58cc4f750c656be3927e80e550e", - "reference": "462c80e31c34e58cc4f750c656be3927e80e550e", + "url": "https://api.github.com/repos/vimeo/psalm/zipball/01a8eb06b9e9cc6cfb6a320bf9fb14331919d505", + "reference": "01a8eb06b9e9cc6cfb6a320bf9fb14331919d505", "shasum": "" }, "require": { @@ -4077,7 +4020,7 @@ "issues": "https://github.com/vimeo/psalm/issues", "source": "https://github.com/vimeo/psalm" }, - "time": "2024-05-01T19:32:08+00:00" + "time": "2024-06-16T15:08:35+00:00" }, { "name": "webmozart/assert", diff --git a/protos/cerbos/engine/v1/engine.proto b/protos/cerbos/engine/v1/engine.proto index 022b818..f56a5db 100644 --- a/protos/cerbos/engine/v1/engine.proto +++ b/protos/cerbos/engine/v1/engine.proto @@ -35,7 +35,7 @@ message PlanResourcesInput { (buf.validate.field).string = {pattern: "^[[:word:]]*$"}, (google.api.field_behavior) = OPTIONAL, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - description: "The policy version to use to evaluate this request. If not specified, will default to the server-configured default version.", + description: "The policy version to use to evaluate this request. If not specified, will default to the server-configured default version." pattern: "^[[:word:]]*$" example: "\"default\"" } @@ -135,9 +135,9 @@ message CheckInput { ]; repeated string actions = 4 [ (buf.validate.field).repeated = { - unique: true, - items { - string {min_len: 1} + unique: true + items: { + string: {min_len: 1} } }, (google.api.field_behavior) = REQUIRED @@ -177,8 +177,8 @@ message Resource { (buf.validate.field).string = {min_len: 1}, (google.api.field_behavior) = REQUIRED, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - description: "Name of the resource kind being accessed.", - example: "\"album:photo\"", + description: "Name of the resource kind being accessed." + example: "\"album:photo\"" } ]; string policy_version = 2 [ @@ -244,10 +244,10 @@ message Principal { ]; repeated string roles = 3 [ (buf.validate.field).repeated = { - unique: true, - min_items: 1, - items { - string {min_len: 1} + unique: true + min_items: 1 + items: { + string: {min_len: 1} } }, (buf.validate.field).required = true, diff --git a/protos/cerbos/policy/v1/policy.proto b/protos/cerbos/policy/v1/policy.proto index cd97f2f..2d4a49b 100644 --- a/protos/cerbos/policy/v1/policy.proto +++ b/protos/cerbos/policy/v1/policy.proto @@ -58,9 +58,9 @@ message ResourcePolicy { (buf.validate.field).string = {pattern: "^[[:word:]]+$"} ]; repeated string import_derived_roles = 3 [(buf.validate.field).repeated = { - unique: true, - items { - string {pattern: "^[[:word:]\\-\\.]+$"} + unique: true + items: { + string: {pattern: "^[[:word:]\\-\\.]+$"} } }]; repeated ResourceRule rules = 4; @@ -72,24 +72,24 @@ message ResourcePolicy { message ResourceRule { repeated string actions = 1 [ (buf.validate.field).repeated = { - min_items: 1, - unique: true, - items { - string {min_len: 1} + min_items: 1 + unique: true + items: { + string: {min_len: 1} } }, (buf.validate.field).required = true ]; repeated string derived_roles = 2 [(buf.validate.field).repeated = { - unique: true, - items { - string {pattern: "^[[:word:]\\-\\.]+$"} + unique: true + items: { + string: {pattern: "^[[:word:]\\-\\.]+$"} } }]; repeated string roles = 3 [(buf.validate.field).repeated = { - unique: true, - items { - string {min_len: 1} + unique: true + items: { + string: {min_len: 1} } }]; Condition condition = 4; @@ -154,7 +154,7 @@ message DerivedRoles { string name = 1 [ (buf.validate.field).required = true, (buf.validate.field).string = { - pattern: "^[[:word:]\\-\\.]+$", + pattern: "^[[:word:]\\-\\.]+$" min_len: 1 } ]; @@ -172,10 +172,10 @@ message RoleDef { ]; repeated string parent_roles = 2 [ (buf.validate.field).repeated = { - unique: true, - min_items: 1, - items { - string {min_len: 1} + unique: true + min_items: 1 + items: { + string: {min_len: 1} } }, (buf.validate.field).required = true @@ -187,7 +187,7 @@ message ExportVariables { string name = 1 [ (buf.validate.field).required = true, (buf.validate.field).string = { - pattern: "^[[:word:]\\-\\.]+$", + pattern: "^[[:word:]\\-\\.]+$" min_len: 1 } ]; @@ -196,9 +196,9 @@ message ExportVariables { message Variables { repeated string import = 1 [(buf.validate.field).repeated = { - unique: true, - items { - string {pattern: "^[[:word:]\\-\\.]+$"} + unique: true + items: { + string: {pattern: "^[[:word:]\\-\\.]+$"} } }]; map local = 2; @@ -243,10 +243,10 @@ message Schemas { message IgnoreWhen { repeated string actions = 1 [ (buf.validate.field).repeated = { - unique: true, - min_items: 1, - items { - string {min_len: 1} + unique: true + min_items: 1 + items: { + string: {min_len: 1} } }, (buf.validate.field).required = true @@ -311,8 +311,8 @@ message TestTable { message Input { repeated string principals = 1 [ (buf.validate.field).repeated = { - min_items: 1, - unique: true, + min_items: 1 + unique: true items: { string: {min_len: 1} } @@ -321,8 +321,8 @@ message TestTable { ]; repeated string resources = 2 [ (buf.validate.field).repeated = { - min_items: 1, - unique: true, + min_items: 1 + unique: true items: { string: {min_len: 1} } @@ -331,8 +331,8 @@ message TestTable { ]; repeated string actions = 3 [ (buf.validate.field).repeated = { - min_items: 1, - unique: true, + min_items: 1 + unique: true items: { string: {min_len: 1} } @@ -364,10 +364,10 @@ message TestTable { ]; map actions = 3 [ (buf.validate.field).map = { - min_pairs: 1, + min_pairs: 1 keys: { string: {min_len: 1} - }, + } values: { enum: { in: [ @@ -424,10 +424,10 @@ message Test { cerbos.engine.v1.CheckInput input = 5 [(buf.validate.field).required = true]; map expected = 6 [ (buf.validate.field).map = { - min_pairs: 1, + min_pairs: 1 keys: { string: {min_len: 1} - }, + } values: { enum: { in: [ diff --git a/protos/cerbos/request/v1/request.proto b/protos/cerbos/request/v1/request.proto index db591c8..2874b54 100644 --- a/protos/cerbos/request/v1/request.proto +++ b/protos/cerbos/request/v1/request.proto @@ -66,10 +66,10 @@ message CheckResourceSetRequest { }]; repeated string actions = 2 [ (buf.validate.field).repeated = { - unique: true, - min_items: 1, - items { - string {min_len: 1} + unique: true + min_items: 1 + items: { + string: {min_len: 1} } }, (buf.validate.field).required = true, @@ -111,7 +111,7 @@ message ResourceSet { (buf.validate.field).string.pattern = "^[[:word:]]*$", (google.api.field_behavior) = OPTIONAL, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - description: "The policy version to use to evaluate this request. If not specified, will default to the server-configured default version.", + description: "The policy version to use to evaluate this request. If not specified, will default to the server-configured default version." pattern: "^[[:word:]]*$" example: "\"default\"" } @@ -121,7 +121,7 @@ message ResourceSet { (buf.validate.field).required = true, (google.api.field_behavior) = REQUIRED, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - description: "Set of resource instances to check. Each instance must be keyed by an application-specific unique identifier.", + description: "Set of resource instances to check. Each instance must be keyed by an application-specific unique identifier." min_properties: 1 example: "{\"XX125\":{\"attr\":{\"owner\":\"bugs_bunny\", \"public\": false, \"flagged\": false}}, \"XX225\":{\"attr\":{\"owner\":\"daffy_duck\", \"public\": true, \"flagged\": false}}}" } @@ -153,10 +153,10 @@ message CheckResourceBatchRequest { message BatchEntry { repeated string actions = 1 [ (buf.validate.field).repeated = { - unique: true, - min_items: 1, - items { - string {min_len: 1} + unique: true + min_items: 1 + items: { + string: {min_len: 1} } }, (buf.validate.field).required = true, @@ -205,10 +205,10 @@ message CheckResourcesRequest { message ResourceEntry { repeated string actions = 1 [ (buf.validate.field).repeated = { - unique: true, - min_items: 1, - items { - string {min_len: 1} + unique: true + min_items: 1 + items: { + string: {min_len: 1} } }, (buf.validate.field).required = true, @@ -267,12 +267,12 @@ message AuxData { description: "JWT from the original request" example: "\"eyJhbGciOiJFUzM4NCIsImtpZCI6IjE5TGZaYXRFZGc4M1lOYzVyMjNndU1KcXJuND0iLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiY2VyYm9zLWp3dC10ZXN0cyJdLCJjdXN0b21BcnJheSI6WyJBIiwiQiIsIkMiXSwiY3VzdG9tSW50Ijo0MiwiY3VzdG9tTWFwIjp7IkEiOiJBQSIsIkIiOiJCQiIsIkMiOiJDQyJ9LCJjdXN0b21TdHJpbmciOiJmb29iYXIiLCJleHAiOjE5NDk5MzQwMzksImlzcyI6ImNlcmJvcy10ZXN0LXN1aXRlIn0.WN_tOScSpd_EI-P5EI1YlagxEgExSfBjAtcrgcF6lyWj1lGpR_GKx9goZEp2p_t5AVWXN_bjz_sMUmJdJa4cVd55Qm1miR-FKu6oNRHnSEWdMFmnArwPw-YDJWfylLFX\"" extensions: { - key: "x-fill-example"; - value {bool_value: false} + key: "x-fill-example" + value: {bool_value: false} } extensions: { - key: "x-example-show-value"; - value {bool_value: false} + key: "x-example-show-value" + value: {bool_value: false} } } ]; @@ -280,12 +280,12 @@ message AuxData { description: "Key ID to use when decoding the token (defined in the Cerbos server configuration)" example: "\"my-keyset\"" extensions: { - key: "x-fill-example"; - value {bool_value: false} + key: "x-fill-example" + value: {bool_value: false} } extensions: { - key: "x-example-show-value"; - value {bool_value: false} + key: "x-example-show-value" + value: {bool_value: false} } }]; } @@ -302,7 +302,7 @@ message File { bytes contents = 2 [ (buf.validate.field).bytes = { - min_len: 1, + min_len: 1 max_len: 1048576 }, (buf.validate.field).required = true, @@ -319,7 +319,7 @@ message PlaygroundValidateRequest { repeated File files = 2 [ (buf.validate.field).repeated = { - min_items: 1, + min_items: 1 max_items: 30 }, (buf.validate.field).required = true, @@ -341,7 +341,7 @@ message PlaygroundTestRequest { repeated File files = 2 [ (buf.validate.field).repeated = { - min_items: 1, + min_items: 1 max_items: 30 }, (buf.validate.field).required = true, @@ -363,7 +363,7 @@ message PlaygroundEvaluateRequest { repeated File files = 2 [ (buf.validate.field).repeated = { - min_items: 1, + min_items: 1 max_items: 30 }, (buf.validate.field).required = true, @@ -387,11 +387,11 @@ message PlaygroundEvaluateRequest { repeated string actions = 5 [ (buf.validate.field).repeated = { - unique: true, - min_items: 1, - max_items: 50, - items { - string {min_len: 1} + unique: true + min_items: 1 + max_items: 50 + items: { + string: {min_len: 1} } }, (buf.validate.field).required = true, @@ -416,7 +416,7 @@ message PlaygroundProxyRequest { repeated File files = 2 [ (buf.validate.field).repeated = { - min_items: 1, + min_items: 1 max_items: 30 }, (buf.validate.field).required = true, @@ -444,7 +444,7 @@ message AddOrUpdatePolicyRequest { repeated cerbos.policy.v1.Policy policies = 1 [ (buf.validate.field).repeated = { - min_items: 1, + min_items: 1 max_items: 100 }, (buf.validate.field).required = true, @@ -557,9 +557,9 @@ message ListPoliciesRequest { repeated string policy_id = 5 [ (google.api.field_behavior) = OPTIONAL, (buf.validate.field).repeated = { - max_items: 25, - items { - string {min_len: 1} + max_items: 25 + items: { + string: {min_len: 1} } }, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { @@ -576,10 +576,10 @@ message GetPolicyRequest { repeated string id = 1 [ (google.api.field_behavior) = REQUIRED, (buf.validate.field).repeated = { - unique: true, - min_items: 1, - items { - string {min_len: 1} + unique: true + min_items: 1 + items: { + string: {min_len: 1} } }, (buf.validate.field).required = true, @@ -597,10 +597,10 @@ message DisablePolicyRequest { repeated string id = 1 [ (google.api.field_behavior) = REQUIRED, (buf.validate.field).repeated = { - unique: true, - min_items: 1, - items { - string {min_len: 1} + unique: true + min_items: 1 + items: { + string: {min_len: 1} } }, (buf.validate.field).required = true, @@ -618,10 +618,10 @@ message EnablePolicyRequest { repeated string id = 1 [ (google.api.field_behavior) = REQUIRED, (buf.validate.field).repeated = { - unique: true, - min_items: 1, - items { - string {min_len: 1} + unique: true + min_items: 1 + items: { + string: {min_len: 1} } }, (buf.validate.field).required = true, @@ -655,9 +655,9 @@ message InspectPoliciesRequest { repeated string policy_id = 5 [ (google.api.field_behavior) = OPTIONAL, (buf.validate.field).repeated = { - max_items: 25, - items { - string {min_len: 1} + max_items: 25 + items: { + string: {min_len: 1} } }, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { @@ -675,7 +675,7 @@ message AddOrUpdateSchemaRequest { repeated cerbos.schema.v1.Schema schemas = 1 [ (google.api.field_behavior) = REQUIRED, (buf.validate.field).repeated = { - min_items: 1, + min_items: 1 max_items: 100 }, (buf.validate.field).required = true, @@ -700,11 +700,11 @@ message GetSchemaRequest { repeated string id = 1 [ (google.api.field_behavior) = REQUIRED, (buf.validate.field).repeated = { - unique: true, - min_items: 1, - items { - string { - min_len: 1, + unique: true + min_items: 1 + items: { + string: { + min_len: 1 max_len: 255 } } @@ -724,11 +724,11 @@ message DeleteSchemaRequest { repeated string id = 1 [ (google.api.field_behavior) = REQUIRED, (buf.validate.field).repeated = { - unique: true, - min_items: 1, - items { - string { - min_len: 1, + unique: true + min_items: 1 + items: { + string: { + min_len: 1 max_len: 255 } } diff --git a/protos/cerbos/response/v1/response.proto b/protos/cerbos/response/v1/response.proto index 732750e..6cf787b 100644 --- a/protos/cerbos/response/v1/response.proto +++ b/protos/cerbos/response/v1/response.proto @@ -51,7 +51,7 @@ message PlanResourcesResponse { }]; string policy_version = 4 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - description: "The policy version.", + description: "The policy version." example: "\"default\"" }]; @@ -193,8 +193,8 @@ message CheckResourcesResponse { example: "\"XX125\"" }]; string kind = 2 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - description: "Name of the resource kind being accessed.", - example: "\"album:photo\"", + description: "Name of the resource kind being accessed." + example: "\"album:photo\"" }]; string policy_version = 3 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { description: @@ -445,6 +445,19 @@ message InspectPoliciesResponse { json_schema: {description: "Inspect policies response"} }; + message DerivedRole { + enum Kind { + KIND_UNSPECIFIED = 0; + KIND_UNDEFINED = 1; + KIND_EXPORTED = 2; + KIND_IMPORTED = 3; + } + + string name = 1 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "Derived role name defined in the policy."}]; + Kind kind = 2 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "Kind of the derived role defined in the policy."}]; + string source = 3 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "Source of the derived role defined in the policy."}]; + } + message Variable { enum Kind { KIND_UNSPECIFIED = 0; @@ -463,8 +476,10 @@ message InspectPoliciesResponse { } message Result { - repeated string actions = 1 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "Actions defined in the policy"}]; - repeated Variable variables = 2 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "Variables defined in the policy"}]; + repeated string actions = 1 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "Actions defined in the policy."}]; + repeated Variable variables = 2 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "Variables referenced in the policy."}]; + string policy_id = 3 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "For blob, disk, and git stores policy ID is the file name. For other stores it is ../."}]; + repeated DerivedRole derived_roles = 4 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "Derived roles referenced in the policy."}]; } map results = 1; diff --git a/protos/cerbos/schema/v1/schema.proto b/protos/cerbos/schema/v1/schema.proto index 853a002..a15fde9 100644 --- a/protos/cerbos/schema/v1/schema.proto +++ b/protos/cerbos/schema/v1/schema.proto @@ -30,7 +30,7 @@ message Schema { (google.api.field_behavior) = REQUIRED, (buf.validate.field).required = true, (buf.validate.field).string = { - min_len: 1, + min_len: 1 max_len: 255 }, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { diff --git a/protos/cerbos/svc/v1/svc.proto b/protos/cerbos/svc/v1/svc.proto index f416442..7eefa37 100644 --- a/protos/cerbos/svc/v1/svc.proto +++ b/protos/cerbos/svc/v1/svc.proto @@ -16,23 +16,23 @@ option go_package = "github.com/cerbos/cerbos/api/genpb/cerbos/svc/v1;svcv1"; option java_package = "dev.cerbos.api.v1.svc"; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = { info: { - title: "Cerbos"; - version: "latest"; + title: "Cerbos" + version: "latest" contact: { - name: "Cerbos"; - url: "https://cerbos.dev"; - email: "info@cerbos.dev"; - }; - }; - schemes: HTTPS; - consumes: "application/json"; - produces: "application/json"; + name: "Cerbos" + url: "https://cerbos.dev" + email: "info@cerbos.dev" + } + } + schemes: HTTPS + consumes: "application/json" + produces: "application/json" security_definitions: { security: { - key: "BasicAuth"; + key: "BasicAuth" value: {type: TYPE_BASIC} } - }; + } }; service CerbosService { @@ -40,7 +40,7 @@ service CerbosService { rpc CheckResourceSet(cerbos.request.v1.CheckResourceSetRequest) returns (cerbos.response.v1.CheckResourceSetResponse) { option (google.api.http) = { - post: "/api/check", + post: "/api/check" body: "*" }; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { @@ -52,7 +52,7 @@ service CerbosService { rpc CheckResourceBatch(cerbos.request.v1.CheckResourceBatchRequest) returns (cerbos.response.v1.CheckResourceBatchResponse) { option (google.api.http) = { - post: "/api/check_resource_batch", + post: "/api/check_resource_batch" body: "*" }; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { @@ -64,7 +64,7 @@ service CerbosService { rpc CheckResources(cerbos.request.v1.CheckResourcesRequest) returns (cerbos.response.v1.CheckResourcesResponse) { option (google.api.http) = { - post: "/api/check/resources", + post: "/api/check/resources" body: "*" }; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { @@ -83,7 +83,7 @@ service CerbosService { rpc PlanResources(cerbos.request.v1.PlanResourcesRequest) returns (cerbos.response.v1.PlanResourcesResponse) { option (google.api.http) = { - post: "/api/plan/resources", + post: "/api/plan/resources" body: "*" }; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { @@ -98,19 +98,19 @@ service CerbosAdminService { rpc AddOrUpdatePolicy(cerbos.request.v1.AddOrUpdatePolicyRequest) returns (cerbos.response.v1.AddOrUpdatePolicyResponse) { option (google.api.http) = { - post: "/admin/policy", - body: "*", + post: "/admin/policy" + body: "*" additional_bindings: { - put: "/admin/policy", + put: "/admin/policy" body: "*" } }; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { - summary: "Add or update policies", + summary: "Add or update policies" security: { security_requirement: { - key: "BasicAuth"; - value: {}; + key: "BasicAuth" + value: {} } } }; @@ -119,11 +119,11 @@ service CerbosAdminService { rpc InspectPolicies(cerbos.request.v1.InspectPoliciesRequest) returns (cerbos.response.v1.InspectPoliciesResponse) { option (google.api.http) = {get: "/admin/policies/inspect"}; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { - summary: "Inspect policies in the store", + summary: "Inspect policies" security: { security_requirement: { - key: "BasicAuth"; - value: {}; + key: "BasicAuth" + value: {} } } }; @@ -132,11 +132,11 @@ service CerbosAdminService { rpc ListPolicies(cerbos.request.v1.ListPoliciesRequest) returns (cerbos.response.v1.ListPoliciesResponse) { option (google.api.http) = {get: "/admin/policies"}; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { - summary: "List policies", + summary: "List policies" security: { security_requirement: { - key: "BasicAuth"; - value: {}; + key: "BasicAuth" + value: {} } } }; @@ -145,11 +145,11 @@ service CerbosAdminService { rpc GetPolicy(cerbos.request.v1.GetPolicyRequest) returns (cerbos.response.v1.GetPolicyResponse) { option (google.api.http) = {get: "/admin/policy"}; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { - summary: "Get policy", + summary: "Get policy" security: { security_requirement: { - key: "BasicAuth"; - value: {}; + key: "BasicAuth" + value: {} } } }; @@ -157,19 +157,19 @@ service CerbosAdminService { rpc DisablePolicy(cerbos.request.v1.DisablePolicyRequest) returns (cerbos.response.v1.DisablePolicyResponse) { option (google.api.http) = { - post: "/admin/policy/disable", + post: "/admin/policy/disable" additional_bindings: { - put: "/admin/policy/disable", + put: "/admin/policy/disable" body: "*" - }, + } additional_bindings: {delete: "/admin/policy"} }; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { - summary: "Disable policy", + summary: "Disable policy" security: { security_requirement: { - key: "BasicAuth"; - value: {}; + key: "BasicAuth" + value: {} } } }; @@ -177,18 +177,18 @@ service CerbosAdminService { rpc EnablePolicy(cerbos.request.v1.EnablePolicyRequest) returns (cerbos.response.v1.EnablePolicyResponse) { option (google.api.http) = { - post: "/admin/policy/enable", + post: "/admin/policy/enable" additional_bindings: { - put: "/admin/policy/enable", + put: "/admin/policy/enable" body: "*" } }; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { - summary: "Enable policy", + summary: "Enable policy" security: { security_requirement: { - key: "BasicAuth"; - value: {}; + key: "BasicAuth" + value: {} } } }; @@ -197,11 +197,11 @@ service CerbosAdminService { rpc ListAuditLogEntries(cerbos.request.v1.ListAuditLogEntriesRequest) returns (stream cerbos.response.v1.ListAuditLogEntriesResponse) { option (google.api.http) = {get: "/admin/auditlog/list/{kind}"}; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { - summary: "List audit log entries", + summary: "List audit log entries" security: { security_requirement: { - key: "BasicAuth"; - value: {}; + key: "BasicAuth" + value: {} } } }; @@ -209,19 +209,19 @@ service CerbosAdminService { rpc AddOrUpdateSchema(cerbos.request.v1.AddOrUpdateSchemaRequest) returns (cerbos.response.v1.AddOrUpdateSchemaResponse) { option (google.api.http) = { - post: "/admin/schema", - body: "*", + post: "/admin/schema" + body: "*" additional_bindings: { - put: "/admin/schema", + put: "/admin/schema" body: "*" } }; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { - summary: "Add or update schema", + summary: "Add or update schema" security: { security_requirement: { - key: "BasicAuth"; - value: {}; + key: "BasicAuth" + value: {} } } }; @@ -230,11 +230,11 @@ service CerbosAdminService { rpc ListSchemas(cerbos.request.v1.ListSchemasRequest) returns (cerbos.response.v1.ListSchemasResponse) { option (google.api.http) = {get: "/admin/schemas"}; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { - summary: "List schemas", + summary: "List schemas" security: { security_requirement: { - key: "BasicAuth"; - value: {}; + key: "BasicAuth" + value: {} } } }; @@ -243,11 +243,11 @@ service CerbosAdminService { rpc GetSchema(cerbos.request.v1.GetSchemaRequest) returns (cerbos.response.v1.GetSchemaResponse) { option (google.api.http) = {get: "/admin/schema"}; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { - summary: "Get schema", + summary: "Get schema" security: { security_requirement: { - key: "BasicAuth"; - value: {}; + key: "BasicAuth" + value: {} } } }; @@ -256,11 +256,11 @@ service CerbosAdminService { rpc DeleteSchema(cerbos.request.v1.DeleteSchemaRequest) returns (cerbos.response.v1.DeleteSchemaResponse) { option (google.api.http) = {delete: "/admin/schema"}; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { - summary: "Delete schema", + summary: "Delete schema" security: { security_requirement: { - key: "BasicAuth"; - value: {}; + key: "BasicAuth" + value: {} } } }; @@ -269,11 +269,11 @@ service CerbosAdminService { rpc ReloadStore(cerbos.request.v1.ReloadStoreRequest) returns (cerbos.response.v1.ReloadStoreResponse) { option (google.api.http) = {get: "/admin/store/reload"}; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { - summary: "Reload store", + summary: "Reload store" security: { security_requirement: { - key: "BasicAuth"; - value: {}; + key: "BasicAuth" + value: {} } } }; @@ -285,28 +285,28 @@ service CerbosPlaygroundService { rpc PlaygroundValidate(cerbos.request.v1.PlaygroundValidateRequest) returns (cerbos.response.v1.PlaygroundValidateResponse) { option (google.api.http) = { - post: "/api/playground/validate", + post: "/api/playground/validate" body: "*" }; } rpc PlaygroundTest(cerbos.request.v1.PlaygroundTestRequest) returns (cerbos.response.v1.PlaygroundTestResponse) { option (google.api.http) = { - post: "/api/playground/test", + post: "/api/playground/test" body: "*" }; } rpc PlaygroundEvaluate(cerbos.request.v1.PlaygroundEvaluateRequest) returns (cerbos.response.v1.PlaygroundEvaluateResponse) { option (google.api.http) = { - post: "/api/playground/evaluate", + post: "/api/playground/evaluate" body: "*" }; } rpc PlaygroundProxy(cerbos.request.v1.PlaygroundProxyRequest) returns (cerbos.response.v1.PlaygroundProxyResponse) { option (google.api.http) = { - post: "/api/playground/proxy", + post: "/api/playground/proxy" body: "*" }; } diff --git a/src/Cerbos/Response/V1/InspectPoliciesResponse/DerivedRole.php b/src/Cerbos/Response/V1/InspectPoliciesResponse/DerivedRole.php new file mode 100644 index 0000000..59e8b62 --- /dev/null +++ b/src/Cerbos/Response/V1/InspectPoliciesResponse/DerivedRole.php @@ -0,0 +1,115 @@ +cerbos.response.v1.InspectPoliciesResponse.DerivedRole + */ +class DerivedRole extends \Google\Protobuf\Internal\Message +{ + /** + * Generated from protobuf field string name = 1 [json_name = "name", (.grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + */ + protected $name = ''; + /** + * Generated from protobuf field .cerbos.response.v1.InspectPoliciesResponse.DerivedRole.Kind kind = 2 [json_name = "kind", (.grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + */ + protected $kind = 0; + /** + * Generated from protobuf field string source = 3 [json_name = "source", (.grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + */ + protected $source = ''; + + /** + * Constructor. + * + * @param array $data { + * Optional. Data for populating the Message object. + * + * @type string $name + * @type int $kind + * @type string $source + * } + */ + public function __construct($data = NULL) { + \GPBMetadata\Cerbos\Response\V1\Response::initOnce(); + parent::__construct($data); + } + + /** + * Generated from protobuf field string name = 1 [json_name = "name", (.grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + * @return string + */ + public function getName() + { + return $this->name; + } + + /** + * Generated from protobuf field string name = 1 [json_name = "name", (.grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + * @param string $var + * @return $this + */ + public function setName($var) + { + GPBUtil::checkString($var, True); + $this->name = $var; + + return $this; + } + + /** + * Generated from protobuf field .cerbos.response.v1.InspectPoliciesResponse.DerivedRole.Kind kind = 2 [json_name = "kind", (.grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + * @return int + */ + public function getKind() + { + return $this->kind; + } + + /** + * Generated from protobuf field .cerbos.response.v1.InspectPoliciesResponse.DerivedRole.Kind kind = 2 [json_name = "kind", (.grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + * @param int $var + * @return $this + */ + public function setKind($var) + { + GPBUtil::checkEnum($var, \Cerbos\Response\V1\InspectPoliciesResponse\DerivedRole\Kind::class); + $this->kind = $var; + + return $this; + } + + /** + * Generated from protobuf field string source = 3 [json_name = "source", (.grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + * @return string + */ + public function getSource() + { + return $this->source; + } + + /** + * Generated from protobuf field string source = 3 [json_name = "source", (.grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + * @param string $var + * @return $this + */ + public function setSource($var) + { + GPBUtil::checkString($var, True); + $this->source = $var; + + return $this; + } + +} + +// Adding a class alias for backwards compatibility with the previous class name. +class_alias(DerivedRole::class, \Cerbos\Response\V1\InspectPoliciesResponse_DerivedRole::class); + diff --git a/src/Cerbos/Response/V1/InspectPoliciesResponse/DerivedRole/Kind.php b/src/Cerbos/Response/V1/InspectPoliciesResponse/DerivedRole/Kind.php new file mode 100644 index 0000000..68d5cf2 --- /dev/null +++ b/src/Cerbos/Response/V1/InspectPoliciesResponse/DerivedRole/Kind.php @@ -0,0 +1,61 @@ +cerbos.response.v1.InspectPoliciesResponse.DerivedRole.Kind + */ +class Kind +{ + /** + * Generated from protobuf enum KIND_UNSPECIFIED = 0; + */ + const KIND_UNSPECIFIED = 0; + /** + * Generated from protobuf enum KIND_UNDEFINED = 1; + */ + const KIND_UNDEFINED = 1; + /** + * Generated from protobuf enum KIND_EXPORTED = 2; + */ + const KIND_EXPORTED = 2; + /** + * Generated from protobuf enum KIND_IMPORTED = 3; + */ + const KIND_IMPORTED = 3; + + private static $valueToName = [ + self::KIND_UNSPECIFIED => 'KIND_UNSPECIFIED', + self::KIND_UNDEFINED => 'KIND_UNDEFINED', + self::KIND_EXPORTED => 'KIND_EXPORTED', + self::KIND_IMPORTED => 'KIND_IMPORTED', + ]; + + public static function name($value) + { + if (!isset(self::$valueToName[$value])) { + throw new UnexpectedValueException(sprintf( + 'Enum %s has no name defined for value %s', __CLASS__, $value)); + } + return self::$valueToName[$value]; + } + + + public static function value($name) + { + $const = __CLASS__ . '::' . strtoupper($name); + if (!defined($const)) { + throw new UnexpectedValueException(sprintf( + 'Enum %s has no value defined for name %s', __CLASS__, $name)); + } + return constant($const); + } +} + +// Adding a class alias for backwards compatibility with the previous class name. +class_alias(Kind::class, \Cerbos\Response\V1\InspectPoliciesResponse_DerivedRole_Kind::class); + diff --git a/src/Cerbos/Response/V1/InspectPoliciesResponse/Result.php b/src/Cerbos/Response/V1/InspectPoliciesResponse/Result.php index 86df45c..f19b19f 100644 --- a/src/Cerbos/Response/V1/InspectPoliciesResponse/Result.php +++ b/src/Cerbos/Response/V1/InspectPoliciesResponse/Result.php @@ -21,6 +21,14 @@ class Result extends \Google\Protobuf\Internal\Message * Generated from protobuf field repeated .cerbos.response.v1.InspectPoliciesResponse.Variable variables = 2 [json_name = "variables", (.grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { */ private $variables; + /** + * Generated from protobuf field string policy_id = 3 [json_name = "policyId", (.grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + */ + protected $policy_id = ''; + /** + * Generated from protobuf field repeated .cerbos.response.v1.InspectPoliciesResponse.DerivedRole derived_roles = 4 [json_name = "derivedRoles", (.grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + */ + private $derived_roles; /** * Constructor. @@ -30,6 +38,8 @@ class Result extends \Google\Protobuf\Internal\Message * * @type array|\Google\Protobuf\Internal\RepeatedField $actions * @type array<\Cerbos\Response\V1\InspectPoliciesResponse\Variable>|\Google\Protobuf\Internal\RepeatedField $variables + * @type string $policy_id + * @type array<\Cerbos\Response\V1\InspectPoliciesResponse\DerivedRole>|\Google\Protobuf\Internal\RepeatedField $derived_roles * } */ public function __construct($data = NULL) { @@ -81,6 +91,50 @@ public function setVariables($var) return $this; } + /** + * Generated from protobuf field string policy_id = 3 [json_name = "policyId", (.grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + * @return string + */ + public function getPolicyId() + { + return $this->policy_id; + } + + /** + * Generated from protobuf field string policy_id = 3 [json_name = "policyId", (.grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + * @param string $var + * @return $this + */ + public function setPolicyId($var) + { + GPBUtil::checkString($var, True); + $this->policy_id = $var; + + return $this; + } + + /** + * Generated from protobuf field repeated .cerbos.response.v1.InspectPoliciesResponse.DerivedRole derived_roles = 4 [json_name = "derivedRoles", (.grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + * @return \Google\Protobuf\Internal\RepeatedField + */ + public function getDerivedRoles() + { + return $this->derived_roles; + } + + /** + * Generated from protobuf field repeated .cerbos.response.v1.InspectPoliciesResponse.DerivedRole derived_roles = 4 [json_name = "derivedRoles", (.grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + * @param array<\Cerbos\Response\V1\InspectPoliciesResponse\DerivedRole>|\Google\Protobuf\Internal\RepeatedField $var + * @return $this + */ + public function setDerivedRoles($var) + { + $arr = GPBUtil::checkRepeatedField($var, \Google\Protobuf\Internal\GPBType::MESSAGE, \Cerbos\Response\V1\InspectPoliciesResponse\DerivedRole::class); + $this->derived_roles = $arr; + + return $this; + } + } // Adding a class alias for backwards compatibility with the previous class name. diff --git a/src/GPBMetadata/Cerbos/Response/V1/Response.php b/src/GPBMetadata/Cerbos/Response/V1/Response.php index 10133ad..fb9c47f 100644 --- a/src/GPBMetadata/Cerbos/Response/V1/Response.php +++ b/src/GPBMetadata/Cerbos/Response/V1/Response.php @@ -23,7 +23,7 @@ public static function initOnce() { \GPBMetadata\ProtocGenOpenapiv2\Options\Annotations::initOnce(); $pool->internalAddGeneratedFile( ' -c +h !cerbos/response/v1/response.protocerbos.response.v1cerbos/effect/v1/effect.protocerbos/engine/v1/engine.protocerbos/policy/v1/policy.protocerbos/schema/v1/schema.protogoogle/protobuf/empty.proto.protoc-gen-openapiv2/options/annotations.proto" PlanResourcesResponseo @@ -197,9 +197,18 @@ public static function initOnce() { 2Disable policy response"` EnablePolicyResponse) enabled_policies ( RenabledPolicies:A -2Enable policy response" +2Enable policy response" InspectPoliciesResponseR -results ( 28.cerbos.response.v1.InspectPoliciesResponse.ResultsEntryRresults +results ( 28.cerbos.response.v1.InspectPoliciesResponse.ResultsEntryRresults + DerivedRoleA +name ( B-A*2(Derived role name defined in the policy.Rname +kind (2<.cerbos.response.v1.InspectPoliciesResponse.DerivedRole.KindB4A12/Kind of the derived role defined in the policy.RkindN +source ( B6A321Source of the derived role defined in the policy.Rsource"V +Kind +KIND_UNSPECIFIED +KIND_UNDEFINED + KIND_EXPORTED + KIND_IMPORTED Variable= name ( B)A&2$Variable name defined in the policy.RnameK value ( B5A220Raw value of the variable defined in the policy.Rvalue @@ -213,10 +222,12 @@ public static function initOnce() { KIND_LOCAL KIND_UNDEFINED - KIND_UNKNOWN -Result< -actions ( B"A2Actions defined in the policyRactionsx - variables ( 24.cerbos.response.v1.InspectPoliciesResponse.VariableB$A!2Variables defined in the policyR variablesn + KIND_UNKNOWN +Result= +actions ( B#A 2Actions defined in the policy.Ractions| + variables ( 24.cerbos.response.v1.InspectPoliciesResponse.VariableB(A%2#Variables referenced in the policy.R variables + policy_id ( BwAt2rFor blob, disk, and git stores policy ID is the file name. For other stores it is ../.RpolicyId + derived_roles ( 27.cerbos.response.v1.InspectPoliciesResponse.DerivedRoleB,A)2\'Derived roles referenced in the policy.R derivedRolesn ResultsEntry key ( RkeyH value ( 22.cerbos.response.v1.InspectPoliciesResponse.ResultRvalue:8: A diff --git a/src/GPBMetadata/Cerbos/Svc/V1/Svc.php b/src/GPBMetadata/Cerbos/Svc/V1/Svc.php index 6b7cce8..f09fc26 100644 Binary files a/src/GPBMetadata/Cerbos/Svc/V1/Svc.php and b/src/GPBMetadata/Cerbos/Svc/V1/Svc.php differ