diff options
| author | benj <benj@rse8.com> | 2022-12-30 15:57:36 -0800 |
|---|---|---|
| committer | benj <benj@rse8.com> | 2022-12-30 15:57:36 -0800 |
| commit | 8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3 (patch) | |
| tree | 1ff85fd9fbd94a5559f9dbac755973fd58b31f28 /crates/secd/proto/authzed/api/v1alpha1/schema.proto | |
| parent | f0ea9ecd17b03605d747044874a26e1bd52c0ee1 (diff) | |
| download | secdiam-8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3.tar secdiam-8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3.tar.gz secdiam-8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3.tar.bz2 secdiam-8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3.tar.lz secdiam-8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3.tar.xz secdiam-8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3.tar.zst secdiam-8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3.zip | |
impl authZ write and check (depends on spicedb for now)
Diffstat (limited to 'crates/secd/proto/authzed/api/v1alpha1/schema.proto')
| -rw-r--r-- | crates/secd/proto/authzed/api/v1alpha1/schema.proto | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/crates/secd/proto/authzed/api/v1alpha1/schema.proto b/crates/secd/proto/authzed/api/v1alpha1/schema.proto new file mode 100644 index 0000000..969ecdb --- /dev/null +++ b/crates/secd/proto/authzed/api/v1alpha1/schema.proto @@ -0,0 +1,68 @@ +syntax = "proto3"; +package authzed.api.v1alpha1; + +option go_package = "github.com/authzed/authzed-go/proto/authzed/api/v1alpha1"; +option java_package = "com.authzed.api.v1alpha1"; + +import "validate/validate.proto"; + +// SchemaService implements operations on a Permissions System's Schema. +service SchemaService { + // Read returns the current Object Definitions for a Permissions System. + // + // Errors include: + // - INVALID_ARGUMENT: a provided value has failed to semantically validate + // - NOT_FOUND: one of the Object Definitions being requested does not exist + rpc ReadSchema(ReadSchemaRequest) returns (ReadSchemaResponse) {} + + // Write overwrites the current Object Definitions for a Permissions System. + // + // Any Object Definitions that exist, but are not included will be deleted. + rpc WriteSchema(WriteSchemaRequest) returns (WriteSchemaResponse) {} +} + +// ReadSchemaRequest is the required data to read Object Definitions from +// a Schema. +message ReadSchemaRequest { + // The list of names of the Object Definitions that are being requested. + // + // These names must be fully qualified with their namespace (e.g. + // myblog/post). + repeated string object_definitions_names = 1 [ (validate.rules).repeated .items.string = { + pattern: "^([a-z][a-z0-9_]{1,62}[a-z0-9]/)?[a-z][a-z0-9_]{1,62}[a-z0-9]$", + max_bytes: 128, + } ]; +} + +// ReadSchemaResponse is the resulting data after having read the Object +// Definitions from a Schema. +message ReadSchemaResponse { + // The Object Definitions that were requested. + repeated string object_definitions = 1; + + // The computed revision of the returned object definitions. + string computed_definitions_revision = 2; +} + +// WriteSchemaRequest is the required data used to "upsert" the Schema of a +// Permissions System. +message WriteSchemaRequest { + // The Schema containing one or more Object Definitions that will be written + // to the Permissions System. + string schema = 1 [ (validate.rules).string.max_bytes = 262144 ]; // 256KiB + + // If specified, the existing revision of object definitions in the schema that must be present for + // the write to succeed. If the revision specified differs (i.e. the underlying schema has changed), + // the write call will fail with a FAILED_PRECONDITION error. + string optional_definitions_revision_precondition = 2; +} + +// WriteSchemaResponse is the resulting data after having written a Schema to +// a Permissions System. +message WriteSchemaResponse { + // The names of the Object Definitions that were written. + repeated string object_definitions_names = 1; + + // The computed revision of the written object definitions. + string computed_definitions_revision = 2; +} |