diff --git a/docs/openapiv2/apidocs.swagger.json b/docs/openapiv2/apidocs.swagger.json index b7cb2682..39941d6e 100644 --- a/docs/openapiv2/apidocs.swagger.json +++ b/docs/openapiv2/apidocs.swagger.json @@ -76,6 +76,12 @@ "schema": { "$ref": "#/definitions/InternalErrorMessageResponse" } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/Status" + } } }, "parameters": [ @@ -102,6 +108,12 @@ "description": "Create a unique OpenFGA store which will be used to store authorization models and relationship tuples.", "operationId": "CreateStore", "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/CreateStoreResponse" + } + }, "201": { "description": "A successful response.", "schema": { @@ -143,6 +155,12 @@ "schema": { "$ref": "#/definitions/InternalErrorMessageResponse" } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/Status" + } } }, "parameters": [ @@ -207,6 +225,12 @@ "schema": { "$ref": "#/definitions/InternalErrorMessageResponse" } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/Status" + } } }, "parameters": [ @@ -226,8 +250,17 @@ "description": "Delete an OpenFGA store. This does not delete the data associated with the store, like tuples or authorization models.", "operationId": "DeleteStore", "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/DeleteStoreResponse" + } + }, "204": { - "description": "A successful response." + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/DeleteStoreResponse" + } }, "400": { "description": "Request failed due to invalid input.", @@ -264,6 +297,12 @@ "schema": { "$ref": "#/definitions/InternalErrorMessageResponse" } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/Status" + } } }, "parameters": [ @@ -326,6 +365,12 @@ "schema": { "$ref": "#/definitions/InternalErrorMessageResponse" } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/Status" + } } }, "parameters": [ @@ -351,8 +396,17 @@ "description": "The WriteAssertions API will upsert new assertions for an authorization model id, or overwrite the existing ones. An assertion is an object that contains a tuple key, and the expectation of whether a call to the Check API of that tuple key will return true or false. ", "operationId": "WriteAssertions", "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/WriteAssertionsResponse" + } + }, "204": { - "description": "A successful response." + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/WriteAssertionsResponse" + } }, "400": { "description": "Request failed due to invalid input.", @@ -389,6 +443,12 @@ "schema": { "$ref": "#/definitions/InternalErrorMessageResponse" } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/Status" + } } }, "parameters": [ @@ -478,6 +538,12 @@ "schema": { "$ref": "#/definitions/InternalErrorMessageResponse" } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/Status" + } } }, "parameters": [ @@ -510,6 +576,12 @@ "description": "The WriteAuthorizationModel API will add a new authorization model to a store.\nEach item in the `type_definitions` array is a type definition as specified in the field `type_definition`.\nThe response will return the authorization model's ID in the `id` field.\n\n## Example\nTo add an authorization model with `user` and `document` type definitions, call POST authorization-models API with the body: \n```json\n{\n \"type_definitions\":[\n {\n \"type\":\"user\"\n },\n {\n \"type\":\"document\",\n \"relations\":{\n \"reader\":{\n \"union\":{\n \"child\":[\n {\n \"this\":{}\n },\n {\n \"computedUserset\":{\n \"object\":\"\",\n \"relation\":\"writer\"\n }\n }\n ]\n }\n },\n \"writer\":{\n \"this\":{}\n }\n }\n }\n ]\n}\n```\nOpenFGA's response will include the version id for this authorization model, which will look like \n```\n{\"authorization_model_id\": \"01G50QVV17PECNVAHX1GG4Y5NC\"}\n```\n", "operationId": "WriteAuthorizationModel", "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/WriteAuthorizationModelResponse" + } + }, "201": { "description": "A successful response.", "schema": { @@ -551,6 +623,12 @@ "schema": { "$ref": "#/definitions/InternalErrorMessageResponse" } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/Status" + } } }, "parameters": [ @@ -644,6 +722,12 @@ "schema": { "$ref": "#/definitions/InternalErrorMessageResponse" } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/Status" + } } }, "parameters": [ @@ -712,6 +796,12 @@ "schema": { "$ref": "#/definitions/InternalErrorMessageResponse" } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/Status" + } } }, "parameters": [ @@ -793,6 +883,12 @@ "schema": { "$ref": "#/definitions/InternalErrorMessageResponse" } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/Status" + } } }, "parameters": [ @@ -888,6 +984,12 @@ "schema": { "$ref": "#/definitions/InternalErrorMessageResponse" } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/Status" + } } }, "parameters": [ @@ -926,7 +1028,7 @@ "/stores/{store_id}/list-objects": { "post": { "summary": "List all objects of the given type that the user has a relation with", - "description": "The ListObjects API returns a list of all the objects of the given type that the user has a relation with.\n To arrive at a result, the API uses: an authorization model, explicit tuples written through the Write API, contextual tuples present in the request, and implicit tuples that exist by virtue of applying set theory (such as `document:2021-budget#viewer@document:2021-budget#viewer`; the set of users who are viewers of `document:2021-budget` are the set of users who are the viewers of `document:2021-budget`).\nAn `authorization_model_id` may be specified in the body. If it is not specified, the latest authorization model ID will be used. It is strongly recommended to specify authorization model id for better performance.\nYou may also specify `contextual_tuples` that will be treated as regular tuples. Each of these tuples may have an associated `condition`.\nYou may also provide a `context` object that will be used to evaluate the conditioned tuples in the system. It is strongly recommended to provide a value for all the input parameters of all the conditions, to ensure that all tuples be evaluated correctly.\nThe response will contain the related objects in an array in the \"objects\" field of the response and they will be strings in the object format `:` (e.g. \"document:roadmap\").\nThe number of objects in the response array will be limited by the execution timeout specified in the flag OPENFGA_LIST_OBJECTS_DEADLINE and by the upper bound specified in the flag OPENFGA_LIST_OBJECTS_MAX_RESULTS, whichever is hit first.\nThe objects given will not be sorted, and therefore two identical calls can give a given different set of objects.", + "description": "The ListObjects API returns a list of all the objects of the given type that the user has a relation with.\n To arrive at a result, the API uses: an authorization model, explicit tuples written through the Write API, contextual tuples present in the request, and implicit tuples that exist by virtue of applying set theory (such as `document:2021-budget#viewer@document:2021-budget#viewer`; the set of users who are viewers of `document:2021-budget` are the set of users who are the viewers of `document:2021-budget`).\nAn `authorization_model_id` may be specified in the body. If it is not specified, the latest authorization model ID will be used. It is strongly recommended to specify authorization model id for better performance.\nYou may also specify `contextual_tuples` that will be treated as regular tuples. Each of these tuples may have an associated `condition`.\nYou may also provide a `context` object that will be used to evaluate the conditioned tuples in the system. It is strongly recommended to provide a value for all the input parameters of all the conditions, to ensure that all tuples be evaluated correctly.\nThe response will contain the related objects in an array in the \"objects\" field of the response and they will be strings in the object format `\u003ctype\u003e:\u003cid\u003e` (e.g. \"document:roadmap\").\nThe number of objects in the response array will be limited by the execution timeout specified in the flag OPENFGA_LIST_OBJECTS_DEADLINE and by the upper bound specified in the flag OPENFGA_LIST_OBJECTS_MAX_RESULTS, whichever is hit first.\nThe objects given will not be sorted, and therefore two identical calls can give a given different set of objects.", "operationId": "ListObjects", "responses": { "200": { @@ -970,6 +1072,12 @@ "schema": { "$ref": "#/definitions/InternalErrorMessageResponse" } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/Status" + } } }, "parameters": [ @@ -1072,6 +1180,12 @@ "schema": { "$ref": "#/definitions/InternalErrorMessageResponse" } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/Status" + } } }, "parameters": [ @@ -1189,6 +1303,12 @@ "schema": { "$ref": "#/definitions/InternalErrorMessageResponse" } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/Status" + } } }, "parameters": [ @@ -1282,6 +1402,12 @@ "schema": { "$ref": "#/definitions/InternalErrorMessageResponse" } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/Status" + } } }, "parameters": [ @@ -1384,6 +1510,12 @@ "schema": { "$ref": "#/definitions/InternalErrorMessageResponse" } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/Status" + } } }, "parameters": [ @@ -1453,6 +1585,9 @@ }, "expectation": { "type": "boolean" + }, + "contextual_tuples": { + "$ref": "#/definitions/ContextualTupleKeys" } }, "required": [ @@ -2478,7 +2613,7 @@ "example": "employee" } }, - "description": "Type bound public access.\n\nNormally represented using the `:*` syntax\n\n`employee:*` represents every object of type `employee`, including those not currently present in the system\n\nSee https://openfga.dev/docs/concepts#what-is-type-bound-public-access", + "description": "Type bound public access.\n\nNormally represented using the `\u003ctype\u003e:*` syntax\n\n`employee:*` represents every object of type `employee`, including those not currently present in the system\n\nSee https://openfga.dev/docs/concepts#what-is-type-bound-public-access", "required": [ "type" ] @@ -2648,7 +2783,7 @@ "example": "member" } }, - "description": "Userset.\n\nA set or group of users, represented in the `:#` format\n\n`group:fga#member` represents all members of group FGA, not to be confused by `group:fga` which represents the group itself as a specific object.\n\nSee: https://openfga.dev/docs/modeling/building-blocks/usersets#what-is-a-userset", + "description": "Userset.\n\nA set or group of users, represented in the `\u003ctype\u003e:\u003cid\u003e#\u003crelation\u003e` format\n\n`group:fga#member` represents all members of group FGA, not to be confused by `group:fga` which represents the group itself as a specific object.\n\nSee: https://openfga.dev/docs/modeling/building-blocks/usersets#what-is-a-userset", "required": [ "type", "id", diff --git a/openfga/v1/openfga.proto b/openfga/v1/openfga.proto index fbefd7e5..75f81c3f 100644 --- a/openfga/v1/openfga.proto +++ b/openfga/v1/openfga.proto @@ -112,6 +112,7 @@ message RelationshipCondition { google.protobuf.Struct context = 2; } + message TupleKeyWithoutCondition { string user = 1 [ (google.api.field_behavior) = REQUIRED, diff --git a/openfga/v1/openfga_service.proto b/openfga/v1/openfga_service.proto index 67cdd3fe..3db0fa9c 100644 --- a/openfga/v1/openfga_service.proto +++ b/openfga/v1/openfga_service.proto @@ -1560,6 +1560,10 @@ message Assertion { json_name = "expectation", (google.api.field_behavior) = REQUIRED ]; + + openfga.v1.ContextualTupleKeys contextual_tuples = 3 [ + json_name = "contextual_tuples" + ]; } message Assertions { diff --git a/proto/go.mod b/proto/go.mod index 9e36a96f..d77e38fa 100644 --- a/proto/go.mod +++ b/proto/go.mod @@ -1,20 +1,18 @@ -module github.com/openfga/api/proto +module go.buf.build/openfga/go/openfga/api -go 1.21.3 +go 1.22.2 require ( - github.com/envoyproxy/protoc-gen-validate v1.0.2 + github.com/envoyproxy/protoc-gen-validate v1.0.4 github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 - google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe - google.golang.org/grpc v1.61.0 - google.golang.org/protobuf v1.33.0 + google.golang.org/genproto/googleapis/api v0.0.0-20240506185236-b8a5c65736ae + google.golang.org/grpc v1.63.2 + google.golang.org/protobuf v1.34.1 ) require ( - github.com/golang/protobuf v1.5.3 // indirect - golang.org/x/net v0.20.0 // indirect - golang.org/x/sys v0.16.0 // indirect + golang.org/x/net v0.21.0 // indirect + golang.org/x/sys v0.17.0 // indirect golang.org/x/text v0.14.0 // indirect - google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 // indirect ) diff --git a/proto/go.sum b/proto/go.sum index acf36327..2ab985c6 100644 --- a/proto/go.sum +++ b/proto/go.sum @@ -1,29 +1,20 @@ -github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA= -github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A= +github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 h1:/c3QmbOGMGTOumP2iT/rCwB7b0QDGLKzqOmktBjT+Is= github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1/go.mod h1:5SN9VR2LTsRFsrEC6FHgRbTWrTHu6tqPeKxEQv15giM= -golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= -golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= -golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= -golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac h1:ZL/Teoy/ZGnzyrqK/Optxxp2pmVh+fmJ97slxSRyzUg= -google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac/go.mod h1:+Rvu7ElI+aLzyDQhpHMFMMltsD6m7nqpuWDd2CwJw3k= -google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe h1:0poefMBYvYbs7g5UkjS6HcxBPaTRAmznle9jnxYoAI8= -google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe h1:bQnxqljG/wqi4NTXu2+DJ3n7APcEA882QZ1JvhQAq9o= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s= -google.golang.org/grpc v1.61.0 h1:TOvOcuXn30kRao+gfcvsebNEa5iZIiLkisYEkf7R7o0= -google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/genproto/googleapis/api v0.0.0-20240506185236-b8a5c65736ae h1:AH34z6WAGVNkllnKs5raNq3yRq93VnjBG6rpfub/jYk= +google.golang.org/genproto/googleapis/api v0.0.0-20240506185236-b8a5c65736ae/go.mod h1:FfiGhwUm6CJviekPrc0oJ+7h29e+DmWU6UtjX0ZvI7Y= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 h1:DujSIu+2tC9Ht0aPNA7jgj23Iq8Ewi5sgkQ++wdvonE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= +google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM= +google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA= +google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= +google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= diff --git a/proto/openfga/v1/openfga_service.pb.go b/proto/openfga/v1/openfga_service.pb.go index 8730e975..b67d3aae 100644 --- a/proto/openfga/v1/openfga_service.pb.go +++ b/proto/openfga/v1/openfga_service.pb.go @@ -2542,8 +2542,9 @@ type Assertion struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - TupleKey *AssertionTupleKey `protobuf:"bytes,1,opt,name=tuple_key,proto3" json:"tuple_key,omitempty"` - Expectation bool `protobuf:"varint,2,opt,name=expectation,proto3" json:"expectation,omitempty"` + TupleKey *AssertionTupleKey `protobuf:"bytes,1,opt,name=tuple_key,proto3" json:"tuple_key,omitempty"` + Expectation bool `protobuf:"varint,2,opt,name=expectation,proto3" json:"expectation,omitempty"` + ContextualTuples *ContextualTupleKeys `protobuf:"bytes,3,opt,name=contextual_tuples,proto3" json:"contextual_tuples,omitempty"` } func (x *Assertion) Reset() { @@ -2592,6 +2593,13 @@ func (x *Assertion) GetExpectation() bool { return false } +func (x *Assertion) GetContextualTuples() *ContextualTupleKeys { + if x != nil { + return x.ContextualTuples + } + return nil +} + type Assertions struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -3334,15 +3342,20 @@ var file_openfga_v1_openfga_service_proto_rawDesc = []byte{ 0x28, 0x09, 0x42, 0x2b, 0x92, 0x41, 0x10, 0x4a, 0x0b, 0x22, 0x75, 0x73, 0x65, 0x72, 0x3a, 0x61, 0x6e, 0x6e, 0x65, 0x22, 0x78, 0x80, 0x04, 0xe0, 0x41, 0x02, 0xfa, 0x42, 0x12, 0x72, 0x10, 0x32, 0x0e, 0x5e, 0x5b, 0x5e, 0x5c, 0x73, 0x5d, 0x7b, 0x32, 0x2c, 0x35, 0x31, 0x32, 0x7d, 0x24, 0x52, - 0x04, 0x75, 0x73, 0x65, 0x72, 0x22, 0x7c, 0x0a, 0x09, 0x41, 0x73, 0x73, 0x65, 0x72, 0x74, 0x69, - 0x6f, 0x6e, 0x12, 0x48, 0x0a, 0x09, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x66, 0x67, 0x61, 0x2e, - 0x76, 0x31, 0x2e, 0x41, 0x73, 0x73, 0x65, 0x72, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, - 0x65, 0x4b, 0x65, 0x79, 0x42, 0x0b, 0xe0, 0x41, 0x02, 0xfa, 0x42, 0x05, 0x8a, 0x01, 0x02, 0x10, - 0x01, 0x52, 0x09, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x12, 0x25, 0x0a, 0x0b, - 0x65, 0x78, 0x70, 0x65, 0x63, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x08, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0b, 0x65, 0x78, 0x70, 0x65, 0x63, 0x74, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x22, 0x48, 0x0a, 0x0a, 0x41, 0x73, 0x73, 0x65, 0x72, 0x74, 0x69, 0x6f, 0x6e, + 0x04, 0x75, 0x73, 0x65, 0x72, 0x22, 0xcb, 0x01, 0x0a, 0x09, 0x41, 0x73, 0x73, 0x65, 0x72, 0x74, + 0x69, 0x6f, 0x6e, 0x12, 0x48, 0x0a, 0x09, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x5f, 0x6b, 0x65, 0x79, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x66, 0x67, 0x61, + 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x73, 0x73, 0x65, 0x72, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, + 0x6c, 0x65, 0x4b, 0x65, 0x79, 0x42, 0x0b, 0xe0, 0x41, 0x02, 0xfa, 0x42, 0x05, 0x8a, 0x01, 0x02, + 0x10, 0x01, 0x52, 0x09, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x12, 0x25, 0x0a, + 0x0b, 0x65, 0x78, 0x70, 0x65, 0x63, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x08, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0b, 0x65, 0x78, 0x70, 0x65, 0x63, 0x74, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4d, 0x0a, 0x11, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x75, + 0x61, 0x6c, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x1f, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x66, 0x67, 0x61, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6f, 0x6e, + 0x74, 0x65, 0x78, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x4b, 0x65, 0x79, 0x73, + 0x52, 0x11, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x75, 0x61, 0x6c, 0x5f, 0x74, 0x75, 0x70, + 0x6c, 0x65, 0x73, 0x22, 0x48, 0x0a, 0x0a, 0x41, 0x73, 0x73, 0x65, 0x72, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x3a, 0x0a, 0x0a, 0x61, 0x73, 0x73, 0x65, 0x72, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x66, 0x67, 0x61, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x73, 0x73, 0x65, 0x72, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0xe0, 0x41, @@ -5012,49 +5025,50 @@ var file_openfga_v1_openfga_service_proto_depIdxs = []int32{ 52, // 38: openfga.v1.ListStoresRequest.page_size:type_name -> google.protobuf.Int32Value 60, // 39: openfga.v1.ListStoresResponse.stores:type_name -> openfga.v1.Store 41, // 40: openfga.v1.Assertion.tuple_key:type_name -> openfga.v1.AssertionTupleKey - 42, // 41: openfga.v1.Assertions.assertions:type_name -> openfga.v1.Assertion - 61, // 42: openfga.v1.WriteAuthorizationModelRequest.ConditionsEntry.value:type_name -> openfga.v1.Condition - 6, // 43: openfga.v1.OpenFGAService.Read:input_type -> openfga.v1.ReadRequest - 11, // 44: openfga.v1.OpenFGAService.Write:input_type -> openfga.v1.WriteRequest - 13, // 45: openfga.v1.OpenFGAService.Check:input_type -> openfga.v1.CheckRequest - 16, // 46: openfga.v1.OpenFGAService.Expand:input_type -> openfga.v1.ExpandRequest - 23, // 47: openfga.v1.OpenFGAService.ReadAuthorizationModels:input_type -> openfga.v1.ReadAuthorizationModelsRequest - 19, // 48: openfga.v1.OpenFGAService.ReadAuthorizationModel:input_type -> openfga.v1.ReadAuthorizationModelRequest - 21, // 49: openfga.v1.OpenFGAService.WriteAuthorizationModel:input_type -> openfga.v1.WriteAuthorizationModelRequest - 25, // 50: openfga.v1.OpenFGAService.WriteAssertions:input_type -> openfga.v1.WriteAssertionsRequest - 27, // 51: openfga.v1.OpenFGAService.ReadAssertions:input_type -> openfga.v1.ReadAssertionsRequest - 29, // 52: openfga.v1.OpenFGAService.ReadChanges:input_type -> openfga.v1.ReadChangesRequest - 31, // 53: openfga.v1.OpenFGAService.CreateStore:input_type -> openfga.v1.CreateStoreRequest - 33, // 54: openfga.v1.OpenFGAService.UpdateStore:input_type -> openfga.v1.UpdateStoreRequest - 35, // 55: openfga.v1.OpenFGAService.DeleteStore:input_type -> openfga.v1.DeleteStoreRequest - 37, // 56: openfga.v1.OpenFGAService.GetStore:input_type -> openfga.v1.GetStoreRequest - 39, // 57: openfga.v1.OpenFGAService.ListStores:input_type -> openfga.v1.ListStoresRequest - 4, // 58: openfga.v1.OpenFGAService.StreamedListObjects:input_type -> openfga.v1.StreamedListObjectsRequest - 0, // 59: openfga.v1.OpenFGAService.ListObjects:input_type -> openfga.v1.ListObjectsRequest - 2, // 60: openfga.v1.OpenFGAService.ListUsers:input_type -> openfga.v1.ListUsersRequest - 8, // 61: openfga.v1.OpenFGAService.Read:output_type -> openfga.v1.ReadResponse - 12, // 62: openfga.v1.OpenFGAService.Write:output_type -> openfga.v1.WriteResponse - 15, // 63: openfga.v1.OpenFGAService.Check:output_type -> openfga.v1.CheckResponse - 18, // 64: openfga.v1.OpenFGAService.Expand:output_type -> openfga.v1.ExpandResponse - 24, // 65: openfga.v1.OpenFGAService.ReadAuthorizationModels:output_type -> openfga.v1.ReadAuthorizationModelsResponse - 20, // 66: openfga.v1.OpenFGAService.ReadAuthorizationModel:output_type -> openfga.v1.ReadAuthorizationModelResponse - 22, // 67: openfga.v1.OpenFGAService.WriteAuthorizationModel:output_type -> openfga.v1.WriteAuthorizationModelResponse - 26, // 68: openfga.v1.OpenFGAService.WriteAssertions:output_type -> openfga.v1.WriteAssertionsResponse - 28, // 69: openfga.v1.OpenFGAService.ReadAssertions:output_type -> openfga.v1.ReadAssertionsResponse - 30, // 70: openfga.v1.OpenFGAService.ReadChanges:output_type -> openfga.v1.ReadChangesResponse - 32, // 71: openfga.v1.OpenFGAService.CreateStore:output_type -> openfga.v1.CreateStoreResponse - 34, // 72: openfga.v1.OpenFGAService.UpdateStore:output_type -> openfga.v1.UpdateStoreResponse - 36, // 73: openfga.v1.OpenFGAService.DeleteStore:output_type -> openfga.v1.DeleteStoreResponse - 38, // 74: openfga.v1.OpenFGAService.GetStore:output_type -> openfga.v1.GetStoreResponse - 40, // 75: openfga.v1.OpenFGAService.ListStores:output_type -> openfga.v1.ListStoresResponse - 5, // 76: openfga.v1.OpenFGAService.StreamedListObjects:output_type -> openfga.v1.StreamedListObjectsResponse - 1, // 77: openfga.v1.OpenFGAService.ListObjects:output_type -> openfga.v1.ListObjectsResponse - 3, // 78: openfga.v1.OpenFGAService.ListUsers:output_type -> openfga.v1.ListUsersResponse - 61, // [61:79] is the sub-list for method output_type - 43, // [43:61] is the sub-list for method input_type - 43, // [43:43] is the sub-list for extension type_name - 43, // [43:43] is the sub-list for extension extendee - 0, // [0:43] is the sub-list for field type_name + 45, // 41: openfga.v1.Assertion.contextual_tuples:type_name -> openfga.v1.ContextualTupleKeys + 42, // 42: openfga.v1.Assertions.assertions:type_name -> openfga.v1.Assertion + 61, // 43: openfga.v1.WriteAuthorizationModelRequest.ConditionsEntry.value:type_name -> openfga.v1.Condition + 6, // 44: openfga.v1.OpenFGAService.Read:input_type -> openfga.v1.ReadRequest + 11, // 45: openfga.v1.OpenFGAService.Write:input_type -> openfga.v1.WriteRequest + 13, // 46: openfga.v1.OpenFGAService.Check:input_type -> openfga.v1.CheckRequest + 16, // 47: openfga.v1.OpenFGAService.Expand:input_type -> openfga.v1.ExpandRequest + 23, // 48: openfga.v1.OpenFGAService.ReadAuthorizationModels:input_type -> openfga.v1.ReadAuthorizationModelsRequest + 19, // 49: openfga.v1.OpenFGAService.ReadAuthorizationModel:input_type -> openfga.v1.ReadAuthorizationModelRequest + 21, // 50: openfga.v1.OpenFGAService.WriteAuthorizationModel:input_type -> openfga.v1.WriteAuthorizationModelRequest + 25, // 51: openfga.v1.OpenFGAService.WriteAssertions:input_type -> openfga.v1.WriteAssertionsRequest + 27, // 52: openfga.v1.OpenFGAService.ReadAssertions:input_type -> openfga.v1.ReadAssertionsRequest + 29, // 53: openfga.v1.OpenFGAService.ReadChanges:input_type -> openfga.v1.ReadChangesRequest + 31, // 54: openfga.v1.OpenFGAService.CreateStore:input_type -> openfga.v1.CreateStoreRequest + 33, // 55: openfga.v1.OpenFGAService.UpdateStore:input_type -> openfga.v1.UpdateStoreRequest + 35, // 56: openfga.v1.OpenFGAService.DeleteStore:input_type -> openfga.v1.DeleteStoreRequest + 37, // 57: openfga.v1.OpenFGAService.GetStore:input_type -> openfga.v1.GetStoreRequest + 39, // 58: openfga.v1.OpenFGAService.ListStores:input_type -> openfga.v1.ListStoresRequest + 4, // 59: openfga.v1.OpenFGAService.StreamedListObjects:input_type -> openfga.v1.StreamedListObjectsRequest + 0, // 60: openfga.v1.OpenFGAService.ListObjects:input_type -> openfga.v1.ListObjectsRequest + 2, // 61: openfga.v1.OpenFGAService.ListUsers:input_type -> openfga.v1.ListUsersRequest + 8, // 62: openfga.v1.OpenFGAService.Read:output_type -> openfga.v1.ReadResponse + 12, // 63: openfga.v1.OpenFGAService.Write:output_type -> openfga.v1.WriteResponse + 15, // 64: openfga.v1.OpenFGAService.Check:output_type -> openfga.v1.CheckResponse + 18, // 65: openfga.v1.OpenFGAService.Expand:output_type -> openfga.v1.ExpandResponse + 24, // 66: openfga.v1.OpenFGAService.ReadAuthorizationModels:output_type -> openfga.v1.ReadAuthorizationModelsResponse + 20, // 67: openfga.v1.OpenFGAService.ReadAuthorizationModel:output_type -> openfga.v1.ReadAuthorizationModelResponse + 22, // 68: openfga.v1.OpenFGAService.WriteAuthorizationModel:output_type -> openfga.v1.WriteAuthorizationModelResponse + 26, // 69: openfga.v1.OpenFGAService.WriteAssertions:output_type -> openfga.v1.WriteAssertionsResponse + 28, // 70: openfga.v1.OpenFGAService.ReadAssertions:output_type -> openfga.v1.ReadAssertionsResponse + 30, // 71: openfga.v1.OpenFGAService.ReadChanges:output_type -> openfga.v1.ReadChangesResponse + 32, // 72: openfga.v1.OpenFGAService.CreateStore:output_type -> openfga.v1.CreateStoreResponse + 34, // 73: openfga.v1.OpenFGAService.UpdateStore:output_type -> openfga.v1.UpdateStoreResponse + 36, // 74: openfga.v1.OpenFGAService.DeleteStore:output_type -> openfga.v1.DeleteStoreResponse + 38, // 75: openfga.v1.OpenFGAService.GetStore:output_type -> openfga.v1.GetStoreResponse + 40, // 76: openfga.v1.OpenFGAService.ListStores:output_type -> openfga.v1.ListStoresResponse + 5, // 77: openfga.v1.OpenFGAService.StreamedListObjects:output_type -> openfga.v1.StreamedListObjectsResponse + 1, // 78: openfga.v1.OpenFGAService.ListObjects:output_type -> openfga.v1.ListObjectsResponse + 3, // 79: openfga.v1.OpenFGAService.ListUsers:output_type -> openfga.v1.ListUsersResponse + 62, // [62:80] is the sub-list for method output_type + 44, // [44:62] is the sub-list for method input_type + 44, // [44:44] is the sub-list for extension type_name + 44, // [44:44] is the sub-list for extension extendee + 0, // [0:44] is the sub-list for field type_name } func init() { file_openfga_v1_openfga_service_proto_init() } diff --git a/proto/openfga/v1/openfga_service.pb.validate.go b/proto/openfga/v1/openfga_service.pb.validate.go index d87f72d9..4ddf6fb6 100644 --- a/proto/openfga/v1/openfga_service.pb.validate.go +++ b/proto/openfga/v1/openfga_service.pb.validate.go @@ -6447,6 +6447,35 @@ func (m *Assertion) validate(all bool) error { // no validation rules for Expectation + if all { + switch v := interface{}(m.GetContextualTuples()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, AssertionValidationError{ + field: "ContextualTuples", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, AssertionValidationError{ + field: "ContextualTuples", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetContextualTuples()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return AssertionValidationError{ + field: "ContextualTuples", + reason: "embedded message failed validation", + cause: err, + } + } + } + if len(errors) > 0 { return AssertionMultiError(errors) }