@authzed/authzed-node
Version:
authzed client for nodejs
1,200 lines • 58.9 kB
TypeScript
import { ServiceType } from "@protobuf-ts/runtime-rpc";
import type { BinaryWriteOptions } from "@protobuf-ts/runtime";
import type { IBinaryWriter } from "@protobuf-ts/runtime";
import type { BinaryReadOptions } from "@protobuf-ts/runtime";
import type { IBinaryReader } from "@protobuf-ts/runtime";
import type { PartialMessage } from "@protobuf-ts/runtime";
import { MessageType } from "@protobuf-ts/runtime";
import { PermissionRelationshipTree } from "./core.js";
import { Status } from "../../../google/rpc/status.js";
import { Timestamp } from "../../../google/protobuf/timestamp.js";
import { DebugInformation } from "./debug.js";
import { PartialCaveatInfo } from "./core.js";
import { SubjectReference } from "./core.js";
import { ObjectReference } from "./core.js";
import { Struct } from "../../../google/protobuf/struct.js";
import { RelationshipUpdate } from "./core.js";
import { Relationship } from "./core.js";
import { Cursor } from "./core.js";
import { ZedToken } from "./core.js";
/**
* Consistency will define how a request is handled by the backend.
* By defining a consistency requirement, and a token at which those
* requirements should be applied, where applicable.
*
* @generated from protobuf message authzed.api.v1.Consistency
*/
export interface Consistency {
/**
* @generated from protobuf oneof: requirement
*/
requirement: {
oneofKind: "minimizeLatency";
/**
* minimize_latency indicates that the latency for the call should be
* minimized by having the system select the fastest snapshot available.
*
* @generated from protobuf field: bool minimize_latency = 1;
*/
minimizeLatency: boolean;
} | {
oneofKind: "atLeastAsFresh";
/**
* at_least_as_fresh indicates that all data used in the API call must be
* *at least as fresh* as that found in the ZedToken; more recent data might
* be used if available or faster.
*
* @generated from protobuf field: authzed.api.v1.ZedToken at_least_as_fresh = 2;
*/
atLeastAsFresh: ZedToken;
} | {
oneofKind: "atExactSnapshot";
/**
* at_exact_snapshot indicates that all data used in the API call must be
* *at the given* snapshot in time; if the snapshot is no longer available,
* an error will be returned to the caller.
*
* @generated from protobuf field: authzed.api.v1.ZedToken at_exact_snapshot = 3;
*/
atExactSnapshot: ZedToken;
} | {
oneofKind: "fullyConsistent";
/**
* fully_consistent indicates that all data used in the API call *must* be
* at the most recent snapshot found.
*
* NOTE: using this method can be *quite slow*, so unless there is a need to
* do so, it is recommended to use `at_least_as_fresh` with a stored
* ZedToken.
*
* @generated from protobuf field: bool fully_consistent = 4;
*/
fullyConsistent: boolean;
} | {
oneofKind: undefined;
};
}
/**
* RelationshipFilter is a collection of filters which when applied to a
* relationship will return relationships that have exactly matching fields.
*
* All fields are optional and if left unspecified will not filter relationships,
* but at least one field must be specified.
*
* NOTE: The performance of the API will be affected by the selection of fields
* on which to filter. If a field is not indexed, the performance of the API
* can be significantly slower.
*
* @generated from protobuf message authzed.api.v1.RelationshipFilter
*/
export interface RelationshipFilter {
/**
* resource_type is the *optional* resource type of the relationship.
* NOTE: It is not prefixed with "optional_" for legacy compatibility.
*
* @generated from protobuf field: string resource_type = 1;
*/
resourceType: string;
/**
* optional_resource_id is the *optional* resource ID of the relationship.
* If specified, optional_resource_id_prefix cannot be specified.
*
* @generated from protobuf field: string optional_resource_id = 2;
*/
optionalResourceId: string;
/**
* optional_resource_id_prefix is the *optional* prefix for the resource ID of the relationship.
* If specified, optional_resource_id cannot be specified.
*
* @generated from protobuf field: string optional_resource_id_prefix = 5;
*/
optionalResourceIdPrefix: string;
/**
* relation is the *optional* relation of the relationship.
*
* @generated from protobuf field: string optional_relation = 3;
*/
optionalRelation: string;
/**
* optional_subject_filter is the optional filter for the subjects of the relationships.
*
* @generated from protobuf field: authzed.api.v1.SubjectFilter optional_subject_filter = 4;
*/
optionalSubjectFilter?: SubjectFilter;
}
/**
* SubjectFilter specifies a filter on the subject of a relationship.
*
* subject_type is required and all other fields are optional, and will not
* impose any additional requirements if left unspecified.
*
* @generated from protobuf message authzed.api.v1.SubjectFilter
*/
export interface SubjectFilter {
/**
* @generated from protobuf field: string subject_type = 1;
*/
subjectType: string;
/**
* @generated from protobuf field: string optional_subject_id = 2;
*/
optionalSubjectId: string;
/**
* @generated from protobuf field: authzed.api.v1.SubjectFilter.RelationFilter optional_relation = 3;
*/
optionalRelation?: SubjectFilter_RelationFilter;
}
/**
* @generated from protobuf message authzed.api.v1.SubjectFilter.RelationFilter
*/
export interface SubjectFilter_RelationFilter {
/**
* @generated from protobuf field: string relation = 1;
*/
relation: string;
}
/**
* ReadRelationshipsRequest specifies one or more filters used to read matching
* relationships within the system.
*
* @generated from protobuf message authzed.api.v1.ReadRelationshipsRequest
*/
export interface ReadRelationshipsRequest {
/**
* @generated from protobuf field: authzed.api.v1.Consistency consistency = 1;
*/
consistency?: Consistency;
/**
* relationship_filter defines the filter to be applied to the relationships
* to be returned.
*
* @generated from protobuf field: authzed.api.v1.RelationshipFilter relationship_filter = 2;
*/
relationshipFilter?: RelationshipFilter;
/**
* optional_limit, if non-zero, specifies the limit on the number of relationships to return
* before the stream is closed on the server side. By default, the stream will continue
* resolving relationships until exhausted or the stream is closed due to the client or a
* network issue.
*
* @generated from protobuf field: uint32 optional_limit = 3;
*/
optionalLimit: number;
/**
* optional_cursor, if specified, indicates the cursor after which results should resume being returned.
* The cursor can be found on the ReadRelationshipsResponse object.
*
* @generated from protobuf field: authzed.api.v1.Cursor optional_cursor = 4;
*/
optionalCursor?: Cursor;
}
/**
* ReadRelationshipsResponse contains a Relationship found that matches the
* specified relationship filter(s). A instance of this response message will
* be streamed to the client for each relationship found.
*
* @generated from protobuf message authzed.api.v1.ReadRelationshipsResponse
*/
export interface ReadRelationshipsResponse {
/**
* read_at is the ZedToken at which the relationship was found.
*
* @generated from protobuf field: authzed.api.v1.ZedToken read_at = 1;
*/
readAt?: ZedToken;
/**
* relationship is the found relationship.
*
* @generated from protobuf field: authzed.api.v1.Relationship relationship = 2;
*/
relationship?: Relationship;
/**
* after_result_cursor holds a cursor that can be used to resume the ReadRelationships stream after this
* result.
*
* @generated from protobuf field: authzed.api.v1.Cursor after_result_cursor = 3;
*/
afterResultCursor?: Cursor;
}
/**
* Precondition specifies how and the existence or absence of certain
* relationships as expressed through the accompanying filter should affect
* whether or not the operation proceeds.
*
* MUST_NOT_MATCH will fail the parent request if any relationships match the
* relationships filter.
* MUST_MATCH will fail the parent request if there are no
* relationships that match the filter.
*
* @generated from protobuf message authzed.api.v1.Precondition
*/
export interface Precondition {
/**
* @generated from protobuf field: authzed.api.v1.Precondition.Operation operation = 1;
*/
operation: Precondition_Operation;
/**
* @generated from protobuf field: authzed.api.v1.RelationshipFilter filter = 2;
*/
filter?: RelationshipFilter;
}
/**
* @generated from protobuf enum authzed.api.v1.Precondition.Operation
*/
export declare enum Precondition_Operation {
/**
* @generated from protobuf enum value: OPERATION_UNSPECIFIED = 0;
*/
UNSPECIFIED = 0,
/**
* @generated from protobuf enum value: OPERATION_MUST_NOT_MATCH = 1;
*/
MUST_NOT_MATCH = 1,
/**
* @generated from protobuf enum value: OPERATION_MUST_MATCH = 2;
*/
MUST_MATCH = 2
}
/**
* WriteRelationshipsRequest contains a list of Relationship mutations that
* should be applied to the service. If the optional_preconditions parameter
* is included, all of the specified preconditions must also be satisfied before
* the write will be committed. All updates will be applied transactionally,
* and if any preconditions fail, the entire transaction will be reverted.
*
* @generated from protobuf message authzed.api.v1.WriteRelationshipsRequest
*/
export interface WriteRelationshipsRequest {
/**
* @generated from protobuf field: repeated authzed.api.v1.RelationshipUpdate updates = 1;
*/
updates: RelationshipUpdate[];
/**
* @generated from protobuf field: repeated authzed.api.v1.Precondition optional_preconditions = 2;
*/
optionalPreconditions: Precondition[];
/**
* optional_transaction_metadata is an optional field that can be used to store metadata about the transaction.
* If specified, this metadata will be supplied in the WatchResponse for the updates associated with this
* transaction.
*
* @generated from protobuf field: google.protobuf.Struct optional_transaction_metadata = 3;
*/
optionalTransactionMetadata?: Struct;
}
/**
* @generated from protobuf message authzed.api.v1.WriteRelationshipsResponse
*/
export interface WriteRelationshipsResponse {
/**
* @generated from protobuf field: authzed.api.v1.ZedToken written_at = 1;
*/
writtenAt?: ZedToken;
}
/**
* DeleteRelationshipsRequest specifies which Relationships should be deleted,
* requesting the delete of *ALL* relationships that match the specified
* filters. If the optional_preconditions parameter is included, all of the
* specified preconditions must also be satisfied before the delete will be
* executed.
*
* @generated from protobuf message authzed.api.v1.DeleteRelationshipsRequest
*/
export interface DeleteRelationshipsRequest {
/**
* @generated from protobuf field: authzed.api.v1.RelationshipFilter relationship_filter = 1;
*/
relationshipFilter?: RelationshipFilter;
/**
* @generated from protobuf field: repeated authzed.api.v1.Precondition optional_preconditions = 2;
*/
optionalPreconditions: Precondition[];
/**
* optional_limit, if non-zero, specifies the limit on the number of relationships to be deleted.
* If there are more matching relationships found to be deleted than the limit specified here,
* the deletion call will fail with an error to prevent partial deletion. If partial deletion
* is needed, specify below that partial deletion is allowed. Partial deletions can be used
* in a loop to delete large amounts of relationships in a *non-transactional* manner.
*
* @generated from protobuf field: uint32 optional_limit = 3;
*/
optionalLimit: number;
/**
* optional_allow_partial_deletions, if true and a limit is specified, will delete matching found
* relationships up to the count specified in optional_limit, and no more.
*
* @generated from protobuf field: bool optional_allow_partial_deletions = 4;
*/
optionalAllowPartialDeletions: boolean;
/**
* optional_transaction_metadata is an optional field that can be used to store metadata about the transaction.
* If specified, this metadata will be supplied in the WatchResponse for the deletions associated with
* this transaction.
*
* @generated from protobuf field: google.protobuf.Struct optional_transaction_metadata = 5;
*/
optionalTransactionMetadata?: Struct;
}
/**
* @generated from protobuf message authzed.api.v1.DeleteRelationshipsResponse
*/
export interface DeleteRelationshipsResponse {
/**
* deleted_at is the revision at which the relationships were deleted.
*
* @generated from protobuf field: authzed.api.v1.ZedToken deleted_at = 1;
*/
deletedAt?: ZedToken;
/**
* deletion_progress is an enumeration of the possible outcomes that occurred when attempting to delete the specified relationships.
*
* @generated from protobuf field: authzed.api.v1.DeleteRelationshipsResponse.DeletionProgress deletion_progress = 2;
*/
deletionProgress: DeleteRelationshipsResponse_DeletionProgress;
/**
* relationships_deleted_count is the number of relationships that were deleted.
*
* @generated from protobuf field: uint64 relationships_deleted_count = 3;
*/
relationshipsDeletedCount: string;
}
/**
* @generated from protobuf enum authzed.api.v1.DeleteRelationshipsResponse.DeletionProgress
*/
export declare enum DeleteRelationshipsResponse_DeletionProgress {
/**
* @generated from protobuf enum value: DELETION_PROGRESS_UNSPECIFIED = 0;
*/
UNSPECIFIED = 0,
/**
* DELETION_PROGRESS_COMPLETE indicates that all remaining relationships matching the filter
* were deleted. Will be returned even if no relationships were deleted.
*
* @generated from protobuf enum value: DELETION_PROGRESS_COMPLETE = 1;
*/
COMPLETE = 1,
/**
* DELETION_PROGRESS_PARTIAL indicates that a subset of the relationships matching the filter
* were deleted. Only returned if optional_allow_partial_deletions was true, an optional_limit was
* specified, and there existed more relationships matching the filter than optional_limit would allow.
* Once all remaining relationships have been deleted, DELETION_PROGRESS_COMPLETE will be returned.
*
* @generated from protobuf enum value: DELETION_PROGRESS_PARTIAL = 2;
*/
PARTIAL = 2
}
/**
* CheckPermissionRequest issues a check on whether a subject has a permission
* or is a member of a relation, on a specific resource.
*
* @generated from protobuf message authzed.api.v1.CheckPermissionRequest
*/
export interface CheckPermissionRequest {
/**
* @generated from protobuf field: authzed.api.v1.Consistency consistency = 1;
*/
consistency?: Consistency;
/**
* resource is the resource on which to check the permission or relation.
*
* @generated from protobuf field: authzed.api.v1.ObjectReference resource = 2;
*/
resource?: ObjectReference;
/**
* permission is the name of the permission (or relation) on which to execute
* the check.
*
* @generated from protobuf field: string permission = 3;
*/
permission: string;
/**
* subject is the subject that will be checked for the permission or relation.
*
* @generated from protobuf field: authzed.api.v1.SubjectReference subject = 4;
*/
subject?: SubjectReference;
/**
* context consists of named values that are injected into the caveat evaluation context
*
* @generated from protobuf field: google.protobuf.Struct context = 5;
*/
context?: Struct;
/**
* with_tracing, if true, indicates that the response should include a debug trace.
* This can be useful for debugging and performance analysis, but adds a small amount
* of compute overhead to the request.
*
* @generated from protobuf field: bool with_tracing = 6;
*/
withTracing: boolean;
}
/**
* @generated from protobuf message authzed.api.v1.CheckPermissionResponse
*/
export interface CheckPermissionResponse {
/**
* @generated from protobuf field: authzed.api.v1.ZedToken checked_at = 1;
*/
checkedAt?: ZedToken;
/**
* Permissionship communicates whether or not the subject has the requested
* permission or has a relationship with the given resource, over the given
* relation.
*
* This value will be authzed.api.v1.PERMISSIONSHIP_HAS_PERMISSION if the
* requested subject is a member of the computed permission set or there
* exists a relationship with the requested relation from the given resource
* to the given subject.
*
* @generated from protobuf field: authzed.api.v1.CheckPermissionResponse.Permissionship permissionship = 2;
*/
permissionship: CheckPermissionResponse_Permissionship;
/**
* partial_caveat_info holds information of a partially-evaluated caveated response
*
* @generated from protobuf field: authzed.api.v1.PartialCaveatInfo partial_caveat_info = 3;
*/
partialCaveatInfo?: PartialCaveatInfo;
/**
* debug_trace is the debugging trace of this check, if requested.
*
* @generated from protobuf field: authzed.api.v1.DebugInformation debug_trace = 4;
*/
debugTrace?: DebugInformation;
/**
* optional_expires_at is the time at which at least one of the relationships used to
* compute this result, expires (if any). This is *not* related to the caching window.
*
* @generated from protobuf field: google.protobuf.Timestamp optional_expires_at = 5;
*/
optionalExpiresAt?: Timestamp;
}
/**
* @generated from protobuf enum authzed.api.v1.CheckPermissionResponse.Permissionship
*/
export declare enum CheckPermissionResponse_Permissionship {
/**
* @generated from protobuf enum value: PERMISSIONSHIP_UNSPECIFIED = 0;
*/
UNSPECIFIED = 0,
/**
* @generated from protobuf enum value: PERMISSIONSHIP_NO_PERMISSION = 1;
*/
NO_PERMISSION = 1,
/**
* @generated from protobuf enum value: PERMISSIONSHIP_HAS_PERMISSION = 2;
*/
HAS_PERMISSION = 2,
/**
* @generated from protobuf enum value: PERMISSIONSHIP_CONDITIONAL_PERMISSION = 3;
*/
CONDITIONAL_PERMISSION = 3
}
/**
* CheckBulkPermissionsRequest issues a check on whether a subject has permission
* or is a member of a relation on a specific resource for each item in the list.
*
* The ordering of the items in the response is maintained in the response.
* Checks with the same subject/permission will automatically be batched for performance optimization.
*
* @generated from protobuf message authzed.api.v1.CheckBulkPermissionsRequest
*/
export interface CheckBulkPermissionsRequest {
/**
* @generated from protobuf field: authzed.api.v1.Consistency consistency = 1;
*/
consistency?: Consistency;
/**
* @generated from protobuf field: repeated authzed.api.v1.CheckBulkPermissionsRequestItem items = 2;
*/
items: CheckBulkPermissionsRequestItem[];
/**
* with_tracing, if true, indicates that each response should include a debug trace.
* This can be useful for debugging and performance analysis, but adds a small amount
* of compute overhead to the request.
*
* @generated from protobuf field: bool with_tracing = 3;
*/
withTracing: boolean;
}
/**
* @generated from protobuf message authzed.api.v1.CheckBulkPermissionsRequestItem
*/
export interface CheckBulkPermissionsRequestItem {
/**
* @generated from protobuf field: authzed.api.v1.ObjectReference resource = 1;
*/
resource?: ObjectReference;
/**
* @generated from protobuf field: string permission = 2;
*/
permission: string;
/**
* @generated from protobuf field: authzed.api.v1.SubjectReference subject = 3;
*/
subject?: SubjectReference;
/**
* @generated from protobuf field: google.protobuf.Struct context = 4;
*/
context?: Struct;
}
/**
* @generated from protobuf message authzed.api.v1.CheckBulkPermissionsResponse
*/
export interface CheckBulkPermissionsResponse {
/**
* @generated from protobuf field: authzed.api.v1.ZedToken checked_at = 1;
*/
checkedAt?: ZedToken;
/**
* @generated from protobuf field: repeated authzed.api.v1.CheckBulkPermissionsPair pairs = 2;
*/
pairs: CheckBulkPermissionsPair[];
}
/**
* @generated from protobuf message authzed.api.v1.CheckBulkPermissionsPair
*/
export interface CheckBulkPermissionsPair {
/**
* @generated from protobuf field: authzed.api.v1.CheckBulkPermissionsRequestItem request = 1;
*/
request?: CheckBulkPermissionsRequestItem;
/**
* @generated from protobuf oneof: response
*/
response: {
oneofKind: "item";
/**
* @generated from protobuf field: authzed.api.v1.CheckBulkPermissionsResponseItem item = 2;
*/
item: CheckBulkPermissionsResponseItem;
} | {
oneofKind: "error";
/**
* @generated from protobuf field: google.rpc.Status error = 3;
*/
error: Status;
} | {
oneofKind: undefined;
};
}
/**
* @generated from protobuf message authzed.api.v1.CheckBulkPermissionsResponseItem
*/
export interface CheckBulkPermissionsResponseItem {
/**
* @generated from protobuf field: authzed.api.v1.CheckPermissionResponse.Permissionship permissionship = 1;
*/
permissionship: CheckPermissionResponse_Permissionship;
/**
* @generated from protobuf field: authzed.api.v1.PartialCaveatInfo partial_caveat_info = 2;
*/
partialCaveatInfo?: PartialCaveatInfo;
/**
* debug_trace is the debugging trace of this check, if requested.
*
* @generated from protobuf field: authzed.api.v1.DebugInformation debug_trace = 3;
*/
debugTrace?: DebugInformation;
}
/**
* ExpandPermissionTreeRequest returns a tree representing the expansion of all
* relationships found accessible from a permission or relation on a particular
* resource.
*
* ExpandPermissionTreeRequest is typically used to determine the full set of
* subjects with a permission, along with the relationships that grant said
* access.
*
* @generated from protobuf message authzed.api.v1.ExpandPermissionTreeRequest
*/
export interface ExpandPermissionTreeRequest {
/**
* @generated from protobuf field: authzed.api.v1.Consistency consistency = 1;
*/
consistency?: Consistency;
/**
* resource is the resource over which to run the expansion.
*
* @generated from protobuf field: authzed.api.v1.ObjectReference resource = 2;
*/
resource?: ObjectReference;
/**
* permission is the name of the permission or relation over which to run the
* expansion for the resource.
*
* @generated from protobuf field: string permission = 3;
*/
permission: string;
}
/**
* @generated from protobuf message authzed.api.v1.ExpandPermissionTreeResponse
*/
export interface ExpandPermissionTreeResponse {
/**
* @generated from protobuf field: authzed.api.v1.ZedToken expanded_at = 1;
*/
expandedAt?: ZedToken;
/**
* tree_root is a tree structure whose leaf nodes are subjects, and
* intermediate nodes represent the various operations (union, intersection,
* exclusion) to reach those subjects.
*
* @generated from protobuf field: authzed.api.v1.PermissionRelationshipTree tree_root = 2;
*/
treeRoot?: PermissionRelationshipTree;
}
/**
* LookupResourcesRequest performs a lookup of all resources of a particular
* kind on which the subject has the specified permission or the relation in
* which the subject exists, streaming back the IDs of those resources.
*
* @generated from protobuf message authzed.api.v1.LookupResourcesRequest
*/
export interface LookupResourcesRequest {
/**
* @generated from protobuf field: authzed.api.v1.Consistency consistency = 1;
*/
consistency?: Consistency;
/**
* resource_object_type is the type of resource object for which the IDs will
* be returned.
*
* @generated from protobuf field: string resource_object_type = 2;
*/
resourceObjectType: string;
/**
* permission is the name of the permission or relation for which the subject
* must Check.
*
* @generated from protobuf field: string permission = 3;
*/
permission: string;
/**
* subject is the subject with access to the resources.
*
* @generated from protobuf field: authzed.api.v1.SubjectReference subject = 4;
*/
subject?: SubjectReference;
/**
* context consists of named values that are injected into the caveat evaluation context
*
* @generated from protobuf field: google.protobuf.Struct context = 5;
*/
context?: Struct;
/**
* optional_limit, if non-zero, specifies the limit on the number of resources to return
* before the stream is closed on the server side. By default, the stream will continue
* resolving resources until exhausted or the stream is closed due to the client or a
* network issue.
*
* @generated from protobuf field: uint32 optional_limit = 6;
*/
optionalLimit: number;
/**
* optional_cursor, if specified, indicates the cursor after which results should resume being returned.
* The cursor can be found on the LookupResourcesResponse object.
*
* @generated from protobuf field: authzed.api.v1.Cursor optional_cursor = 7;
*/
optionalCursor?: Cursor;
}
/**
* LookupResourcesResponse contains a single matching resource object ID for the
* requested object type, permission, and subject.
*
* @generated from protobuf message authzed.api.v1.LookupResourcesResponse
*/
export interface LookupResourcesResponse {
/**
* looked_up_at is the ZedToken at which the resource was found.
*
* @generated from protobuf field: authzed.api.v1.ZedToken looked_up_at = 1;
*/
lookedUpAt?: ZedToken;
/**
* resource_object_id is the object ID of the found resource.
*
* @generated from protobuf field: string resource_object_id = 2;
*/
resourceObjectId: string;
/**
* permissionship indicates whether the response was partially evaluated or not
*
* @generated from protobuf field: authzed.api.v1.LookupPermissionship permissionship = 3;
*/
permissionship: LookupPermissionship;
/**
* partial_caveat_info holds information of a partially-evaluated caveated response
*
* @generated from protobuf field: authzed.api.v1.PartialCaveatInfo partial_caveat_info = 4;
*/
partialCaveatInfo?: PartialCaveatInfo;
/**
* after_result_cursor holds a cursor that can be used to resume the LookupResources stream after this
* result.
*
* @generated from protobuf field: authzed.api.v1.Cursor after_result_cursor = 5;
*/
afterResultCursor?: Cursor;
}
/**
* LookupSubjectsRequest performs a lookup of all subjects of a particular
* kind for which the subject has the specified permission or the relation in
* which the subject exists, streaming back the IDs of those subjects.
*
* @generated from protobuf message authzed.api.v1.LookupSubjectsRequest
*/
export interface LookupSubjectsRequest {
/**
* @generated from protobuf field: authzed.api.v1.Consistency consistency = 1;
*/
consistency?: Consistency;
/**
* resource is the resource for which all matching subjects for the permission
* or relation will be returned.
*
* @generated from protobuf field: authzed.api.v1.ObjectReference resource = 2;
*/
resource?: ObjectReference;
/**
* permission is the name of the permission (or relation) for which to find
* the subjects.
*
* @generated from protobuf field: string permission = 3;
*/
permission: string;
/**
* subject_object_type is the type of subject object for which the IDs will
* be returned.
*
* @generated from protobuf field: string subject_object_type = 4;
*/
subjectObjectType: string;
/**
* optional_subject_relation is the optional relation for the subject.
*
* @generated from protobuf field: string optional_subject_relation = 5;
*/
optionalSubjectRelation: string;
/**
* context consists of named values that are injected into the caveat evaluation context
*
* @generated from protobuf field: google.protobuf.Struct context = 6;
*/
context?: Struct;
/**
* optional_concrete_limit, if non-zero, specifies the limit on the number of
* *concrete* (non-wildcard) subjects to return before the stream is closed on the
* server side. With the default value of zero, the stream will continue resolving
* concrete subjects until exhausted or the stream is closed due to the client or
* a network issue.
*
* NOTE: Wildcard subjects ("*") have special treatment when cursors and limits are used. Because
* wildcards can apply to *any* concrete subjects, if a wildcard subject is found within the dataset,
* a wildcard subject can be returned for *all* LookupSubjects calls, regardless of the cursor or
* limit.
*
* For example, if wildcards are requested, a wildcard subject exists, there is a specified limit
* of 10 concrete subjects, and at least 10 concrete subjects exist, the API will return 11 subjects
* in total: the 10 concrete + the wildcard
*
* Furthermore, if a wildcard has a set of exclusions generated by the dataset,
* the exclusions *will respect the cursor* and only a *partial* set of exclusions will be returned
* for each invocation of the API.
*
* ***IT IS UP TO THE CALLER IN THIS CASE TO COMBINE THE EXCLUSIONS IF DESIRED***
*
* @generated from protobuf field: uint32 optional_concrete_limit = 7;
*/
optionalConcreteLimit: number;
/**
* optional_cursor, if specified, indicates the cursor after which results should resume being returned.
* The cursor can be found on the LookupSubjectsResponse object.
*
* NOTE: See above for notes about how cursors interact with wildcard subjects.
*
* @generated from protobuf field: authzed.api.v1.Cursor optional_cursor = 8;
*/
optionalCursor?: Cursor;
/**
* wildcard_option specifies whether wildcards should be returned by LookupSubjects.
* For backwards compatibility, defaults to WILDCARD_OPTION_INCLUDE_WILDCARDS if unspecified.
*
* @generated from protobuf field: authzed.api.v1.LookupSubjectsRequest.WildcardOption wildcard_option = 9;
*/
wildcardOption: LookupSubjectsRequest_WildcardOption;
}
/**
* @generated from protobuf enum authzed.api.v1.LookupSubjectsRequest.WildcardOption
*/
export declare enum LookupSubjectsRequest_WildcardOption {
/**
* @generated from protobuf enum value: WILDCARD_OPTION_UNSPECIFIED = 0;
*/
UNSPECIFIED = 0,
/**
* @generated from protobuf enum value: WILDCARD_OPTION_INCLUDE_WILDCARDS = 1;
*/
INCLUDE_WILDCARDS = 1,
/**
* @generated from protobuf enum value: WILDCARD_OPTION_EXCLUDE_WILDCARDS = 2;
*/
EXCLUDE_WILDCARDS = 2
}
/**
* LookupSubjectsResponse contains a single matching subject object ID for the
* requested subject object type on the permission or relation.
*
* @generated from protobuf message authzed.api.v1.LookupSubjectsResponse
*/
export interface LookupSubjectsResponse {
/**
* @generated from protobuf field: authzed.api.v1.ZedToken looked_up_at = 1;
*/
lookedUpAt?: ZedToken;
/**
* subject_object_id is the Object ID of the subject found. May be a `*` if
* a wildcard was found.
* deprecated: use `subject`
*
* @deprecated
* @generated from protobuf field: string subject_object_id = 2 [deprecated = true];
*/
subjectObjectId: string;
/**
* excluded_subject_ids are the Object IDs of the subjects excluded. This list
* will only contain object IDs if `subject_object_id` is a wildcard (`*`) and
* will only be populated if exclusions exist from the wildcard.
* deprecated: use `excluded_subjects`
*
* @deprecated
* @generated from protobuf field: repeated string excluded_subject_ids = 3 [deprecated = true];
*/
excludedSubjectIds: string[];
/**
* permissionship indicates whether the response was partially evaluated or not
* deprecated: use `subject.permissionship`
*
* @deprecated
* @generated from protobuf field: authzed.api.v1.LookupPermissionship permissionship = 4 [deprecated = true];
*/
permissionship: LookupPermissionship;
/**
* partial_caveat_info holds information of a partially-evaluated caveated response
* deprecated: use `subject.partial_caveat_info`
*
* @deprecated
* @generated from protobuf field: authzed.api.v1.PartialCaveatInfo partial_caveat_info = 5 [deprecated = true];
*/
partialCaveatInfo?: PartialCaveatInfo;
/**
* subject is the subject found, along with its permissionship.
*
* @generated from protobuf field: authzed.api.v1.ResolvedSubject subject = 6;
*/
subject?: ResolvedSubject;
/**
* excluded_subjects are the subjects excluded. This list
* will only contain subjects if `subject.subject_object_id` is a wildcard (`*`) and
* will only be populated if exclusions exist from the wildcard.
*
* @generated from protobuf field: repeated authzed.api.v1.ResolvedSubject excluded_subjects = 7;
*/
excludedSubjects: ResolvedSubject[];
/**
* after_result_cursor holds a cursor that can be used to resume the LookupSubjects stream after this
* result.
*
* @generated from protobuf field: authzed.api.v1.Cursor after_result_cursor = 8;
*/
afterResultCursor?: Cursor;
}
/**
* ResolvedSubject is a single subject resolved within LookupSubjects.
*
* @generated from protobuf message authzed.api.v1.ResolvedSubject
*/
export interface ResolvedSubject {
/**
* subject_object_id is the Object ID of the subject found. May be a `*` if
* a wildcard was found.
*
* @generated from protobuf field: string subject_object_id = 1;
*/
subjectObjectId: string;
/**
* permissionship indicates whether the response was partially evaluated or not
*
* @generated from protobuf field: authzed.api.v1.LookupPermissionship permissionship = 2;
*/
permissionship: LookupPermissionship;
/**
* partial_caveat_info holds information of a partially-evaluated caveated response
*
* @generated from protobuf field: authzed.api.v1.PartialCaveatInfo partial_caveat_info = 3;
*/
partialCaveatInfo?: PartialCaveatInfo;
}
/**
* ImportBulkRelationshipsRequest represents one batch of the streaming
* ImportBulkRelationships API. The maximum size is only limited by the backing
* datastore, and optimal size should be determined by the calling client
* experimentally. When ImportBulk is invoked and receives its first request message,
* a transaction is opened to import the relationships. All requests sent to the same
* invocation are executed under this single transaction. If a relationship already
* exists within the datastore, the entire transaction will fail with an error.
*
* @generated from protobuf message authzed.api.v1.ImportBulkRelationshipsRequest
*/
export interface ImportBulkRelationshipsRequest {
/**
* @generated from protobuf field: repeated authzed.api.v1.Relationship relationships = 1;
*/
relationships: Relationship[];
}
/**
* ImportBulkRelationshipsResponse is returned on successful completion of the
* bulk load stream, and contains the total number of relationships loaded.
*
* @generated from protobuf message authzed.api.v1.ImportBulkRelationshipsResponse
*/
export interface ImportBulkRelationshipsResponse {
/**
* @generated from protobuf field: uint64 num_loaded = 1;
*/
numLoaded: string;
}
/**
* ExportBulkRelationshipsRequest represents a resumable request for
* all relationships from the server.
*
* @generated from protobuf message authzed.api.v1.ExportBulkRelationshipsRequest
*/
export interface ExportBulkRelationshipsRequest {
/**
* @generated from protobuf field: authzed.api.v1.Consistency consistency = 1;
*/
consistency?: Consistency;
/**
* optional_limit, if non-zero, specifies the limit on the number of
* relationships the server can return in one page. By default, the server
* will pick a page size, and the server is free to choose a smaller size
* at will.
*
* @generated from protobuf field: uint32 optional_limit = 2;
*/
optionalLimit: number;
/**
* optional_cursor, if specified, indicates the cursor after which results
* should resume being returned. The cursor can be found on the
* BulkExportRelationshipsResponse object.
*
* @generated from protobuf field: authzed.api.v1.Cursor optional_cursor = 3;
*/
optionalCursor?: Cursor;
/**
* optional_relationship_filter, if specified, indicates the
* filter to apply to each relationship to be exported.
*
* @generated from protobuf field: authzed.api.v1.RelationshipFilter optional_relationship_filter = 4;
*/
optionalRelationshipFilter?: RelationshipFilter;
}
/**
* ExportBulkRelationshipsResponse is one page in a stream of relationship
* groups that meet the criteria specified by the originating request. The
* server will continue to stream back relationship groups as quickly as it can
* until all relationships have been transmitted back.
*
* @generated from protobuf message authzed.api.v1.ExportBulkRelationshipsResponse
*/
export interface ExportBulkRelationshipsResponse {
/**
* @generated from protobuf field: authzed.api.v1.Cursor after_result_cursor = 1;
*/
afterResultCursor?: Cursor;
/**
* @generated from protobuf field: repeated authzed.api.v1.Relationship relationships = 2;
*/
relationships: Relationship[];
}
/**
* LookupPermissionship represents whether a Lookup response was partially evaluated or not
*
* @generated from protobuf enum authzed.api.v1.LookupPermissionship
*/
export declare enum LookupPermissionship {
/**
* @generated from protobuf enum value: LOOKUP_PERMISSIONSHIP_UNSPECIFIED = 0;
*/
UNSPECIFIED = 0,
/**
* @generated from protobuf enum value: LOOKUP_PERMISSIONSHIP_HAS_PERMISSION = 1;
*/
HAS_PERMISSION = 1,
/**
* @generated from protobuf enum value: LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION = 2;
*/
CONDITIONAL_PERMISSION = 2
}
declare class Consistency$Type extends MessageType<Consistency> {
constructor();
create(value?: PartialMessage<Consistency>): Consistency;
internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: Consistency): Consistency;
internalBinaryWrite(message: Consistency, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter;
}
/**
* @generated MessageType for protobuf message authzed.api.v1.Consistency
*/
export declare const Consistency: Consistency$Type;
declare class RelationshipFilter$Type extends MessageType<RelationshipFilter> {
constructor();
create(value?: PartialMessage<RelationshipFilter>): RelationshipFilter;
internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: RelationshipFilter): RelationshipFilter;
internalBinaryWrite(message: RelationshipFilter, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter;
}
/**
* @generated MessageType for protobuf message authzed.api.v1.RelationshipFilter
*/
export declare const RelationshipFilter: RelationshipFilter$Type;
declare class SubjectFilter$Type extends MessageType<SubjectFilter> {
constructor();
create(value?: PartialMessage<SubjectFilter>): SubjectFilter;
internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: SubjectFilter): SubjectFilter;
internalBinaryWrite(message: SubjectFilter, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter;
}
/**
* @generated MessageType for protobuf message authzed.api.v1.SubjectFilter
*/
export declare const SubjectFilter: SubjectFilter$Type;
declare class SubjectFilter_RelationFilter$Type extends MessageType<SubjectFilter_RelationFilter> {
constructor();
create(value?: PartialMessage<SubjectFilter_RelationFilter>): SubjectFilter_RelationFilter;
internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: SubjectFilter_RelationFilter): SubjectFilter_RelationFilter;
internalBinaryWrite(message: SubjectFilter_RelationFilter, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter;
}
/**
* @generated MessageType for protobuf message authzed.api.v1.SubjectFilter.RelationFilter
*/
export declare const SubjectFilter_RelationFilter: SubjectFilter_RelationFilter$Type;
declare class ReadRelationshipsRequest$Type extends MessageType<ReadRelationshipsRequest> {
constructor();
create(value?: PartialMessage<ReadRelationshipsRequest>): ReadRelationshipsRequest;
internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: ReadRelationshipsRequest): ReadRelationshipsRequest;
internalBinaryWrite(message: ReadRelationshipsRequest, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter;
}
/**
* @generated MessageType for protobuf message authzed.api.v1.ReadRelationshipsRequest
*/
export declare const ReadRelationshipsRequest: ReadRelationshipsRequest$Type;
declare class ReadRelationshipsResponse$Type extends MessageType<ReadRelationshipsResponse> {
constructor();
create(value?: PartialMessage<ReadRelationshipsResponse>): ReadRelationshipsResponse;
internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: ReadRelationshipsResponse): ReadRelationshipsResponse;
internalBinaryWrite(message: ReadRelationshipsResponse, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter;
}
/**
* @generated MessageType for protobuf message authzed.api.v1.ReadRelationshipsResponse
*/
export declare const ReadRelationshipsResponse: ReadRelationshipsResponse$Type;
declare class Precondition$Type extends MessageType<Precondition> {
constructor();
create(value?: PartialMessage<Precondition>): Precondition;
internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: Precondition): Precondition;
internalBinaryWrite(message: Precondition, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter;
}
/**
* @generated MessageType for protobuf message authzed.api.v1.Precondition
*/
export declare const Precondition: Precondition$Type;
declare class WriteRelationshipsRequest$Type extends MessageType<WriteRelationshipsRequest> {
constructor();
create(value?: PartialMessage<WriteRelationshipsRequest>): WriteRelationshipsRequest;
internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: WriteRelationshipsRequest): WriteRelationshipsRequest;
internalBinaryWrite(message: WriteRelationshipsRequest, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter;
}
/**
* @generated MessageType for protobuf message authzed.api.v1.WriteRelationshipsRequest
*/
export declare const WriteRelationshipsRequest: WriteRelationshipsRequest$Type;
declare class WriteRelationshipsResponse$Type extends MessageType<WriteRelationshipsResponse> {
constructor();
create(value?: PartialMessage<WriteRelationshipsResponse>): WriteRelationshipsResponse;
internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: WriteRelationshipsResponse): WriteRelationshipsResponse;
internalBinaryWrite(message: WriteRelationshipsResponse, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter;
}
/**
* @generated MessageType for protobuf message authzed.api.v1.WriteRelationshipsResponse
*/
export declare const WriteRelationshipsResponse: WriteRelationshipsResponse$Type;
declare class DeleteRelationshipsRequest$Type extends MessageType<DeleteRelationshipsRequest> {
constructor();
create(value?: PartialMessage<DeleteRelationshipsRequest>): DeleteRelationshipsRequest;
internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: DeleteRelationshipsRequest): DeleteRelationshipsRequest;
internalBinaryWrite(message: DeleteRelationshipsRequest, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter;
}
/**
* @generated MessageType for protobuf message authzed.api.v1.DeleteRelationshipsRequest
*/
export declare const DeleteRelationshipsRequest: DeleteRelationshipsRequest$Type;
declare class DeleteRelationshipsResponse$Type extends MessageType<DeleteRelationshipsResponse> {
constructor();
create(value?: PartialMessage<DeleteRelationshipsResponse>): DeleteRelationshipsResponse;
internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: DeleteRelationshipsResponse): DeleteRelationshipsResponse;
internalBinaryWrite(message: DeleteRelationshipsResponse, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter;
}
/**
* @generated MessageType for protobuf message authzed.api.v1.DeleteRelationshipsResponse
*/
export declare const DeleteRelationshipsResponse: DeleteRelationshipsResponse$Type;
declare class CheckPermissionRequest$Type extends MessageType<CheckPermissionRequest> {
constructor();
create(value?: PartialMessage<CheckPermissionRequest>): CheckPermissionRequest;
internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: CheckPermissionRequest): CheckPermissionRequest;
internalBinaryWrite(message: CheckPermissionRequest, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter;
}
/**
* @generated MessageType for protobuf message authzed.api.v1.CheckPermissionRequest
*/
export declare const CheckPermissionRequest: CheckPermissionRequest$Type;
declare class CheckPermissionResponse$Type extends MessageType<CheckPermissionResponse> {
constructor();
create(value?: PartialMessage<CheckPermissionResponse>): CheckPermissionResponse;
internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: CheckPermissionResponse): CheckPermissionResponse;
internalBinaryWrite(message: CheckPermissionResponse, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter;
}
/**
* @generated MessageType for protobuf message authzed.api.v1.CheckPermissionResponse
*/
export declare const CheckPermissionResponse: CheckPermissionResponse$Type;
declare class CheckBulkPermissionsRequest$Type extends MessageType<CheckBulkPermissionsRequest> {
constructor();
create(value?: PartialMessage<CheckBulkPermissionsRequest>): CheckBulkPermissionsRequest;
internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: CheckBulkPermissionsRequest): CheckBulkPermissionsRequest;
internalBinaryWrite(message: CheckBulkPermissionsRequest, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter;
}
/**
* @generated MessageType for protobuf message authzed.api.v1.CheckBulkPermissionsRequest
*/
export declare const CheckBulkPermissionsRequest: CheckBulkPermissionsRequest$Type;
declare class CheckBulkPermissionsRequestItem$Type extends MessageType<CheckBulkPermissionsRequestItem> {
constructor();
create(value?: PartialMessage<CheckBulkPermissionsRequestItem>): CheckBulkPermissionsRequestItem;
internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: CheckBulkPermissionsRequestItem): CheckBulkPermissionsRequestItem;
internalBinaryWrite(message: CheckBulkPermissionsRequestItem, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter;
}
/**
* @generated MessageType for protobuf message authzed.api.v1.CheckBulkPermissionsRequestItem
*/
export declare const CheckBulkPermissionsRequestItem: CheckBulkPermissionsRequestItem$Type;
declare class CheckBulkPermissionsResponse$Type extends MessageType<CheckBulkPermissionsResponse> {
constructor();
create(value?: PartialMessage<CheckBulkPermissionsResponse>): CheckBulkPermissionsResponse;
internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: CheckBulkPermissionsResponse): CheckBulkPermissionsResponse;
internalBinaryWrite(message: CheckBulkPermissionsResponse, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter;
}
/**
* @generated MessageType for protobuf message authzed.api.v1.CheckBulkPermissionsResponse
*/
export declare const CheckBulkPermissionsResponse: CheckBulkPermissionsResp