diff options
Diffstat (limited to 'crates/secd/proto/authzed/api/v1alpha1/watchresources_service.proto')
| -rw-r--r-- | crates/secd/proto/authzed/api/v1alpha1/watchresources_service.proto | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/crates/secd/proto/authzed/api/v1alpha1/watchresources_service.proto b/crates/secd/proto/authzed/api/v1alpha1/watchresources_service.proto new file mode 100644 index 0000000..27c028a --- /dev/null +++ b/crates/secd/proto/authzed/api/v1alpha1/watchresources_service.proto @@ -0,0 +1,83 @@ +syntax = "proto3"; +package authzed.api.v1alpha1; + +option go_package = "github.com/authzed/authzed-go/proto/authzed/api/v1alpha1"; +option java_package = "com.authzed.api.v1alpha1"; + +import "google/api/annotations.proto"; +import "validate/validate.proto"; + +import "authzed/api/v1/core.proto"; + +// WatchResourcesService is used to receive a stream of updates for resources of a +// specific (resource type, permission, subject) combination. +service WatchResourcesService { + + // WatchResources initiates a watch for permission changes for the provided + // (resource type, permission, subject) pair. + rpc WatchResources(WatchResourcesRequest) + returns (stream WatchResourcesResponse) { + option (google.api.http) = { + post: "/v1alpha1/lookupwatch" + body: "*" + }; + } +} + +// WatchResourcesRequest starts a watch for specific permission updates +// for the given resource and subject types. +message WatchResourcesRequest { + + // resource_object_type is the type of resource object for which we will + // watch for changes. + string resource_object_type = 1 [ (validate.rules).string = { + pattern : "^([a-z][a-z0-9_]{1,61}[a-z0-9]/)?[a-z][a-z0-9_]{1,62}[a-z0-9]$", + max_bytes : 128, + } ]; + + // permission is the name of the permission or relation for which we will + // watch for changes. + string permission = 2 [ (validate.rules).string = { + pattern : "^[a-z][a-z0-9_]{1,62}[a-z0-9]$", + max_bytes : 64, + } ]; + + // subject_object_type is the type of the subject resource for which we will + // watch for changes. + string subject_object_type = 3; + + // optional_subject_relation allows you to specify a group of subjects to watch + // for a given subject type. + string optional_subject_relation = 4; + + authzed.api.v1.ZedToken optional_start_cursor = 5; +} + +// PermissionUpdate represents a single permission update for a specific +// subject's permissions. +message PermissionUpdate { + + // todo: work this into the v1 core API at some point since it's used + // across services. + enum Permissionship { + PERMISSIONSHIP_UNSPECIFIED = 0; + PERMISSIONSHIP_NO_PERMISSION = 1; + PERMISSIONSHIP_HAS_PERMISSION = 2; + } + + // subject defines the subject resource whose permissions have changed. + authzed.api.v1.SubjectReference subject = 1; + + // resource defines the specific object in the system. + authzed.api.v1.ObjectReference resource = 2; + + string relation = 3; + Permissionship updated_permission = 4; +} + +// WatchResourcesResponse enumerates the list of permission updates that have +// occurred as a result of one or more relationship updates. +message WatchResourcesResponse { + repeated PermissionUpdate updates = 1; + authzed.api.v1.ZedToken changes_through = 2; +}
\ No newline at end of file |