blob: 27c028ad118281256c4b3e7b6acccf980e22b3c8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
syntax = "proto3";
package authzed.api.v1alpha1;
option go_package = "github.com/authzed/authzed-go/proto/authzed/api/v1alpha1";
option java_package = "com.authzed.api.v1alpha1";
import "google/api/annotations.proto";
import "validate/validate.proto";
import "authzed/api/v1/core.proto";
// WatchResourcesService is used to receive a stream of updates for resources of a
// specific (resource type, permission, subject) combination.
service WatchResourcesService {
// WatchResources initiates a watch for permission changes for the provided
// (resource type, permission, subject) pair.
rpc WatchResources(WatchResourcesRequest)
returns (stream WatchResourcesResponse) {
option (google.api.http) = {
post: "/v1alpha1/lookupwatch"
body: "*"
};
}
}
// WatchResourcesRequest starts a watch for specific permission updates
// for the given resource and subject types.
message WatchResourcesRequest {
// resource_object_type is the type of resource object for which we will
// watch for changes.
string resource_object_type = 1 [ (validate.rules).string = {
pattern : "^([a-z][a-z0-9_]{1,61}[a-z0-9]/)?[a-z][a-z0-9_]{1,62}[a-z0-9]$",
max_bytes : 128,
} ];
// permission is the name of the permission or relation for which we will
// watch for changes.
string permission = 2 [ (validate.rules).string = {
pattern : "^[a-z][a-z0-9_]{1,62}[a-z0-9]$",
max_bytes : 64,
} ];
// subject_object_type is the type of the subject resource for which we will
// watch for changes.
string subject_object_type = 3;
// optional_subject_relation allows you to specify a group of subjects to watch
// for a given subject type.
string optional_subject_relation = 4;
authzed.api.v1.ZedToken optional_start_cursor = 5;
}
// PermissionUpdate represents a single permission update for a specific
// subject's permissions.
message PermissionUpdate {
// todo: work this into the v1 core API at some point since it's used
// across services.
enum Permissionship {
PERMISSIONSHIP_UNSPECIFIED = 0;
PERMISSIONSHIP_NO_PERMISSION = 1;
PERMISSIONSHIP_HAS_PERMISSION = 2;
}
// subject defines the subject resource whose permissions have changed.
authzed.api.v1.SubjectReference subject = 1;
// resource defines the specific object in the system.
authzed.api.v1.ObjectReference resource = 2;
string relation = 3;
Permissionship updated_permission = 4;
}
// WatchResourcesResponse enumerates the list of permission updates that have
// occurred as a result of one or more relationship updates.
message WatchResourcesResponse {
repeated PermissionUpdate updates = 1;
authzed.api.v1.ZedToken changes_through = 2;
}
|
