diff --git a/docs/grpc/index.html b/docs/grpc/index.html
index 252ab01f21..0c5d0e0e83 100644
--- a/docs/grpc/index.html
+++ b/docs/grpc/index.html
@@ -1478,7 +1478,7 @@ Attribute
Condition
- A Condition defines a rule of
Example: Subjects with a field selected by the flattened selector "'.division'" and a value of "Accounting" or "Marketing":
{
"subject_external_selector_value": "'.division'",
"operator": "SUBJECT_MAPPING_OPERATOR_ENUM_IN",
"subject_external_values" : ["Accounting", "Marketing"]
}
Example: Subjects that are not part of the Fantastic Four according to their alias field:
{
"subject_external_selector_value": "'.data[0].alias'",
"operator": "SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN",
"subject_external_values" : ["mister_fantastic", "the_thing", "human_torch", "invisible_woman"]
}
+ A Condition defines a rule of
diff --git a/docs/openapi/policy/attributes/attributes.swagger.json b/docs/openapi/policy/attributes/attributes.swagger.json
index 17e5248ca7..38f8f0896f 100644
--- a/docs/openapi/policy/attributes/attributes.swagger.json
+++ b/docs/openapi/policy/attributes/attributes.swagger.json
@@ -961,7 +961,6 @@
"title": "list of comparison values for the result of applying the subject_external_selector_value on a flattened Entity Representation (Subject), evaluated by the operator"
}
},
- "description": "Example: Subjects with a field selected by the flattened selector \"'.division'\" and a value of \"Accounting\" or \"Marketing\":\n{\n\"subject_external_selector_value\": \"'.division'\",\n\"operator\": \"SUBJECT_MAPPING_OPERATOR_ENUM_IN\",\n\"subject_external_values\" : [\"Accounting\", \"Marketing\"]\n}\n\nExample: Subjects that are not part of the Fantastic Four according to their alias field:\n{\n\"subject_external_selector_value\": \"'.data[0].alias'\",\n\"operator\": \"SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN\",\n\"subject_external_values\" : [\"mister_fantastic\", \"the_thing\", \"human_torch\", \"invisible_woman\"]\n}",
"title": "*\nA Condition defines a rule of \u003cthe value at the flattened 'selector value' location\u003e \u003coperator\u003e \u003csubject external values\u003e"
},
"policyConditionBooleanTypeEnum": {
diff --git a/docs/openapi/policy/resourcemapping/resource_mapping.swagger.json b/docs/openapi/policy/resourcemapping/resource_mapping.swagger.json
index bbf6573582..5e0f4a5c35 100644
--- a/docs/openapi/policy/resourcemapping/resource_mapping.swagger.json
+++ b/docs/openapi/policy/resourcemapping/resource_mapping.swagger.json
@@ -550,7 +550,6 @@
"title": "list of comparison values for the result of applying the subject_external_selector_value on a flattened Entity Representation (Subject), evaluated by the operator"
}
},
- "description": "Example: Subjects with a field selected by the flattened selector \"'.division'\" and a value of \"Accounting\" or \"Marketing\":\n{\n\"subject_external_selector_value\": \"'.division'\",\n\"operator\": \"SUBJECT_MAPPING_OPERATOR_ENUM_IN\",\n\"subject_external_values\" : [\"Accounting\", \"Marketing\"]\n}\n\nExample: Subjects that are not part of the Fantastic Four according to their alias field:\n{\n\"subject_external_selector_value\": \"'.data[0].alias'\",\n\"operator\": \"SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN\",\n\"subject_external_values\" : [\"mister_fantastic\", \"the_thing\", \"human_torch\", \"invisible_woman\"]\n}",
"title": "*\nA Condition defines a rule of \u003cthe value at the flattened 'selector value' location\u003e \u003coperator\u003e \u003csubject external values\u003e"
},
"policyConditionBooleanTypeEnum": {
diff --git a/docs/openapi/policy/subjectmapping/subject_mapping.swagger.json b/docs/openapi/policy/subjectmapping/subject_mapping.swagger.json
index 6afccc0327..9183c2dc1a 100644
--- a/docs/openapi/policy/subjectmapping/subject_mapping.swagger.json
+++ b/docs/openapi/policy/subjectmapping/subject_mapping.swagger.json
@@ -529,7 +529,6 @@
"title": "list of comparison values for the result of applying the subject_external_selector_value on a flattened Entity Representation (Subject), evaluated by the operator"
}
},
- "description": "Example: Subjects with a field selected by the flattened selector \"'.division'\" and a value of \"Accounting\" or \"Marketing\":\n{\n\"subject_external_selector_value\": \"'.division'\",\n\"operator\": \"SUBJECT_MAPPING_OPERATOR_ENUM_IN\",\n\"subject_external_values\" : [\"Accounting\", \"Marketing\"]\n}\n\nExample: Subjects that are not part of the Fantastic Four according to their alias field:\n{\n\"subject_external_selector_value\": \"'.data[0].alias'\",\n\"operator\": \"SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN\",\n\"subject_external_values\" : [\"mister_fantastic\", \"the_thing\", \"human_torch\", \"invisible_woman\"]\n}",
"title": "*\nA Condition defines a rule of \u003cthe value at the flattened 'selector value' location\u003e \u003coperator\u003e \u003csubject external values\u003e"
},
"policyConditionBooleanTypeEnum": {
diff --git a/docs/openapi/policy/unsafe/unsafe.swagger.json b/docs/openapi/policy/unsafe/unsafe.swagger.json
index 977e1a5823..6532e38346 100644
--- a/docs/openapi/policy/unsafe/unsafe.swagger.json
+++ b/docs/openapi/policy/unsafe/unsafe.swagger.json
@@ -475,7 +475,6 @@
"title": "list of comparison values for the result of applying the subject_external_selector_value on a flattened Entity Representation (Subject), evaluated by the operator"
}
},
- "description": "Example: Subjects with a field selected by the flattened selector \"'.division'\" and a value of \"Accounting\" or \"Marketing\":\n{\n\"subject_external_selector_value\": \"'.division'\",\n\"operator\": \"SUBJECT_MAPPING_OPERATOR_ENUM_IN\",\n\"subject_external_values\" : [\"Accounting\", \"Marketing\"]\n}\n\nExample: Subjects that are not part of the Fantastic Four according to their alias field:\n{\n\"subject_external_selector_value\": \"'.data[0].alias'\",\n\"operator\": \"SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN\",\n\"subject_external_values\" : [\"mister_fantastic\", \"the_thing\", \"human_torch\", \"invisible_woman\"]\n}",
"title": "*\nA Condition defines a rule of \u003cthe value at the flattened 'selector value' location\u003e \u003coperator\u003e \u003csubject external values\u003e"
},
"policyConditionBooleanTypeEnum": {
diff --git a/protocol/go/policy/objects.pb.go b/protocol/go/policy/objects.pb.go
index b705b35560..815e733790 100644
--- a/protocol/go/policy/objects.pb.go
+++ b/protocol/go/policy/objects.pb.go
@@ -772,20 +772,6 @@ func (x *SubjectMapping) GetMetadata() *common.Metadata {
// *
// A Condition defines a rule of
-//
-// Example: Subjects with a field selected by the flattened selector "'.division'" and a value of "Accounting" or "Marketing":
-// {
-// "subject_external_selector_value": "'.division'",
-// "operator": "SUBJECT_MAPPING_OPERATOR_ENUM_IN",
-// "subject_external_values" : ["Accounting", "Marketing"]
-// }
-//
-// Example: Subjects that are not part of the Fantastic Four according to their alias field:
-// {
-// "subject_external_selector_value": "'.data[0].alias'",
-// "operator": "SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN",
-// "subject_external_values" : ["mister_fantastic", "the_thing", "human_torch", "invisible_woman"]
-// }
type Condition struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
@@ -1651,164 +1637,163 @@ var file_policy_objects_proto_rawDesc = []byte{
0x65, 0x74, 0x73, 0x12, 0x2c, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18,
0x64, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d,
0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74,
- 0x61, 0x22, 0x84, 0x01, 0x0a, 0x0f, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x50, 0x72, 0x6f,
- 0x70, 0x65, 0x72, 0x74, 0x79, 0x12, 0x42, 0x0a, 0x17, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61,
- 0x6c, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65,
- 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0xc8, 0x01, 0x01, 0x72, 0x02,
- 0x10, 0x01, 0x52, 0x15, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x53, 0x65, 0x6c, 0x65,
- 0x63, 0x74, 0x6f, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x2d, 0x0a, 0x0e, 0x65, 0x78, 0x74,
- 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
- 0x09, 0x42, 0x06, 0xba, 0x48, 0x03, 0xc8, 0x01, 0x01, 0x52, 0x0d, 0x65, 0x78, 0x74, 0x65, 0x72,
- 0x6e, 0x61, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x9b, 0x01, 0x0a, 0x14, 0x52, 0x65, 0x73,
- 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x47, 0x72, 0x6f, 0x75,
- 0x70, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69,
- 0x64, 0x12, 0x29, 0x0a, 0x0c, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x69,
- 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x06, 0xba, 0x48, 0x03, 0xc8, 0x01, 0x01, 0x52,
- 0x0b, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x04,
- 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x06, 0xba, 0x48, 0x03, 0xc8,
- 0x01, 0x01, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x2c, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61,
+ 0x61, 0x22, 0x7c, 0x0a, 0x0f, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x50, 0x72, 0x6f, 0x70,
+ 0x65, 0x72, 0x74, 0x79, 0x12, 0x42, 0x0a, 0x17, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
+ 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18,
+ 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0xc8, 0x01, 0x01, 0x72, 0x02, 0x10,
+ 0x01, 0x52, 0x15, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x53, 0x65, 0x6c, 0x65, 0x63,
+ 0x74, 0x6f, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x65, 0x78, 0x74, 0x65,
+ 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+ 0x52, 0x0d, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22,
+ 0x9b, 0x01, 0x0a, 0x14, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4d, 0x61, 0x70, 0x70,
+ 0x69, 0x6e, 0x67, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01,
+ 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x29, 0x0a, 0x0c, 0x6e, 0x61, 0x6d, 0x65,
+ 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x06,
+ 0xba, 0x48, 0x03, 0xc8, 0x01, 0x01, 0x52, 0x0b, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63,
+ 0x65, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
+ 0x09, 0x42, 0x06, 0xba, 0x48, 0x03, 0xc8, 0x01, 0x01, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12,
+ 0x2c, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x64, 0x20, 0x01, 0x28,
+ 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64,
+ 0x61, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x22, 0xd9, 0x01,
+ 0x0a, 0x0f, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e,
+ 0x67, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69,
+ 0x64, 0x12, 0x2c, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20,
+ 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74,
+ 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12,
+ 0x3e, 0x0a, 0x0f, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x5f, 0x76, 0x61, 0x6c,
+ 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63,
+ 0x79, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x06, 0xba, 0x48, 0x03, 0xc8, 0x01, 0x01, 0x52,
+ 0x0e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12,
+ 0x14, 0x0a, 0x05, 0x74, 0x65, 0x72, 0x6d, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05,
+ 0x74, 0x65, 0x72, 0x6d, 0x73, 0x12, 0x32, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x05,
+ 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x52, 0x65,
+ 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x47, 0x72, 0x6f,
+ 0x75, 0x70, 0x52, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x22, 0x8a, 0x04, 0x0a, 0x0f, 0x4b, 0x65,
+ 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x0e, 0x0a,
+ 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x86, 0x03,
+ 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0xf3, 0x02, 0xba, 0x48,
+ 0xef, 0x02, 0xba, 0x01, 0xeb, 0x02, 0x0a, 0x0a, 0x75, 0x72, 0x69, 0x5f, 0x66, 0x6f, 0x72, 0x6d,
+ 0x61, 0x74, 0x12, 0xcf, 0x01, 0x55, 0x52, 0x49, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65,
+ 0x20, 0x61, 0x20, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x20, 0x55, 0x52, 0x4c, 0x20, 0x28, 0x65, 0x2e,
+ 0x67, 0x2e, 0x2c, 0x20, 0x27, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x64, 0x65, 0x6d,
+ 0x6f, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x27, 0x29, 0x20, 0x66, 0x6f, 0x6c, 0x6c, 0x6f, 0x77, 0x65,
+ 0x64, 0x20, 0x62, 0x79, 0x20, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x20,
+ 0x73, 0x65, 0x67, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x2e, 0x20, 0x45, 0x61, 0x63, 0x68, 0x20, 0x73,
+ 0x65, 0x67, 0x6d, 0x65, 0x6e, 0x74, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x73, 0x74, 0x61, 0x72,
+ 0x74, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x65, 0x6e, 0x64, 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x61,
+ 0x6e, 0x20, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x6e, 0x75, 0x6d, 0x65, 0x72, 0x69, 0x63, 0x20, 0x63,
+ 0x68, 0x61, 0x72, 0x61, 0x63, 0x74, 0x65, 0x72, 0x2c, 0x20, 0x63, 0x61, 0x6e, 0x20, 0x63, 0x6f,
+ 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x68, 0x79, 0x70, 0x68, 0x65, 0x6e, 0x73, 0x2c, 0x20, 0x61,
+ 0x6c, 0x70, 0x68, 0x61, 0x6e, 0x75, 0x6d, 0x65, 0x72, 0x69, 0x63, 0x20, 0x63, 0x68, 0x61, 0x72,
+ 0x61, 0x63, 0x74, 0x65, 0x72, 0x73, 0x2c, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x73, 0x6c, 0x61, 0x73,
+ 0x68, 0x65, 0x73, 0x2e, 0x1a, 0x8a, 0x01, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6d, 0x61, 0x74, 0x63,
+ 0x68, 0x65, 0x73, 0x28, 0x27, 0x5e, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x5b, 0x61,
+ 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30, 0x2d, 0x39, 0x5d, 0x28, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d,
+ 0x5a, 0x30, 0x2d, 0x39, 0x5c, 0x5c, 0x2d, 0x5d, 0x7b, 0x30, 0x2c, 0x36, 0x31, 0x7d, 0x5b, 0x61,
+ 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30, 0x2d, 0x39, 0x5d, 0x29, 0x3f, 0x28, 0x5c, 0x5c, 0x2e, 0x5b,
+ 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30, 0x2d, 0x39, 0x5d, 0x28, 0x5b, 0x61, 0x2d, 0x7a, 0x41,
+ 0x2d, 0x5a, 0x30, 0x2d, 0x39, 0x5c, 0x5c, 0x2d, 0x5d, 0x7b, 0x30, 0x2c, 0x36, 0x31, 0x7d, 0x5b,
+ 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30, 0x2d, 0x39, 0x5d, 0x29, 0x3f, 0x29, 0x2a, 0x28, 0x3a,
+ 0x5b, 0x30, 0x2d, 0x39, 0x5d, 0x2b, 0x29, 0x3f, 0x28, 0x2f, 0x2e, 0x2a, 0x29, 0x3f, 0x24, 0x27,
+ 0x29, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x30, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63,
+ 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x70, 0x6f, 0x6c,
+ 0x69, 0x63, 0x79, 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x09, 0x70,
+ 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x2c, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61,
0x64, 0x61, 0x74, 0x61, 0x18, 0x64, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x6f, 0x6d,
0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65,
- 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x22, 0xd9, 0x01, 0x0a, 0x0f, 0x52, 0x65, 0x73, 0x6f, 0x75,
- 0x72, 0x63, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64,
- 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x2c, 0x0a, 0x08, 0x6d, 0x65,
- 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63,
- 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x08,
- 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x3e, 0x0a, 0x0f, 0x61, 0x74, 0x74, 0x72,
- 0x69, 0x62, 0x75, 0x74, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
- 0x0b, 0x32, 0x0d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65,
- 0x42, 0x06, 0xba, 0x48, 0x03, 0xc8, 0x01, 0x01, 0x52, 0x0e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62,
- 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x65, 0x72, 0x6d,
- 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x74, 0x65, 0x72, 0x6d, 0x73, 0x12, 0x32,
- 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e,
- 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4d,
- 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x52, 0x05, 0x67, 0x72, 0x6f,
- 0x75, 0x70, 0x22, 0x8a, 0x04, 0x0a, 0x0f, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73,
- 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01,
- 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x86, 0x03, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x02,
- 0x20, 0x01, 0x28, 0x09, 0x42, 0xf3, 0x02, 0xba, 0x48, 0xef, 0x02, 0xba, 0x01, 0xeb, 0x02, 0x0a,
- 0x0a, 0x75, 0x72, 0x69, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0xcf, 0x01, 0x55, 0x52,
- 0x49, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x61, 0x20, 0x76, 0x61, 0x6c, 0x69,
- 0x64, 0x20, 0x55, 0x52, 0x4c, 0x20, 0x28, 0x65, 0x2e, 0x67, 0x2e, 0x2c, 0x20, 0x27, 0x68, 0x74,
- 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x64, 0x65, 0x6d, 0x6f, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x27,
- 0x29, 0x20, 0x66, 0x6f, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x20, 0x62, 0x79, 0x20, 0x61, 0x64,
- 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x20, 0x73, 0x65, 0x67, 0x6d, 0x65, 0x6e, 0x74,
- 0x73, 0x2e, 0x20, 0x45, 0x61, 0x63, 0x68, 0x20, 0x73, 0x65, 0x67, 0x6d, 0x65, 0x6e, 0x74, 0x20,
- 0x6d, 0x75, 0x73, 0x74, 0x20, 0x73, 0x74, 0x61, 0x72, 0x74, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x65,
- 0x6e, 0x64, 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x61, 0x6e, 0x20, 0x61, 0x6c, 0x70, 0x68, 0x61,
- 0x6e, 0x75, 0x6d, 0x65, 0x72, 0x69, 0x63, 0x20, 0x63, 0x68, 0x61, 0x72, 0x61, 0x63, 0x74, 0x65,
- 0x72, 0x2c, 0x20, 0x63, 0x61, 0x6e, 0x20, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x68,
- 0x79, 0x70, 0x68, 0x65, 0x6e, 0x73, 0x2c, 0x20, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x6e, 0x75, 0x6d,
- 0x65, 0x72, 0x69, 0x63, 0x20, 0x63, 0x68, 0x61, 0x72, 0x61, 0x63, 0x74, 0x65, 0x72, 0x73, 0x2c,
- 0x20, 0x61, 0x6e, 0x64, 0x20, 0x73, 0x6c, 0x61, 0x73, 0x68, 0x65, 0x73, 0x2e, 0x1a, 0x8a, 0x01,
- 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x28, 0x27, 0x5e, 0x68,
- 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30, 0x2d,
- 0x39, 0x5d, 0x28, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30, 0x2d, 0x39, 0x5c, 0x5c, 0x2d,
- 0x5d, 0x7b, 0x30, 0x2c, 0x36, 0x31, 0x7d, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30, 0x2d,
- 0x39, 0x5d, 0x29, 0x3f, 0x28, 0x5c, 0x5c, 0x2e, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30,
+ 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x22, 0x61, 0x0a, 0x0c, 0x4b, 0x61, 0x73, 0x50, 0x75, 0x62,
+ 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x65, 0x6d, 0x18, 0x01, 0x20,
+ 0x01, 0x28, 0x09, 0x52, 0x03, 0x70, 0x65, 0x6d, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x69, 0x64, 0x18,
+ 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x69, 0x64, 0x12, 0x2d, 0x0a, 0x03, 0x61, 0x6c,
+ 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79,
+ 0x2e, 0x4b, 0x61, 0x73, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x41, 0x6c, 0x67,
+ 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x03, 0x61, 0x6c, 0x67, 0x22, 0x3b, 0x0a, 0x0f, 0x4b, 0x61, 0x73,
+ 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x53, 0x65, 0x74, 0x12, 0x28, 0x0a, 0x04,
+ 0x6b, 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x70, 0x6f, 0x6c,
+ 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x61, 0x73, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79,
+ 0x52, 0x04, 0x6b, 0x65, 0x79, 0x73, 0x22, 0xe0, 0x03, 0x0a, 0x09, 0x50, 0x75, 0x62, 0x6c, 0x69,
+ 0x63, 0x4b, 0x65, 0x79, 0x12, 0x84, 0x03, 0x0a, 0x06, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x18,
+ 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0xe9, 0x02, 0xba, 0x48, 0xe5, 0x02, 0xba, 0x01, 0xe1, 0x02,
+ 0x0a, 0x0a, 0x75, 0x72, 0x69, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0xcf, 0x01, 0x55,
+ 0x52, 0x49, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x61, 0x20, 0x76, 0x61, 0x6c,
+ 0x69, 0x64, 0x20, 0x55, 0x52, 0x4c, 0x20, 0x28, 0x65, 0x2e, 0x67, 0x2e, 0x2c, 0x20, 0x27, 0x68,
+ 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x64, 0x65, 0x6d, 0x6f, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
+ 0x27, 0x29, 0x20, 0x66, 0x6f, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x20, 0x62, 0x79, 0x20, 0x61,
+ 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x20, 0x73, 0x65, 0x67, 0x6d, 0x65, 0x6e,
+ 0x74, 0x73, 0x2e, 0x20, 0x45, 0x61, 0x63, 0x68, 0x20, 0x73, 0x65, 0x67, 0x6d, 0x65, 0x6e, 0x74,
+ 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x73, 0x74, 0x61, 0x72, 0x74, 0x20, 0x61, 0x6e, 0x64, 0x20,
+ 0x65, 0x6e, 0x64, 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x61, 0x6e, 0x20, 0x61, 0x6c, 0x70, 0x68,
+ 0x61, 0x6e, 0x75, 0x6d, 0x65, 0x72, 0x69, 0x63, 0x20, 0x63, 0x68, 0x61, 0x72, 0x61, 0x63, 0x74,
+ 0x65, 0x72, 0x2c, 0x20, 0x63, 0x61, 0x6e, 0x20, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20,
+ 0x68, 0x79, 0x70, 0x68, 0x65, 0x6e, 0x73, 0x2c, 0x20, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x6e, 0x75,
+ 0x6d, 0x65, 0x72, 0x69, 0x63, 0x20, 0x63, 0x68, 0x61, 0x72, 0x61, 0x63, 0x74, 0x65, 0x72, 0x73,
+ 0x2c, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x73, 0x6c, 0x61, 0x73, 0x68, 0x65, 0x73, 0x2e, 0x1a, 0x80,
+ 0x01, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x28, 0x27, 0x5e,
+ 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30,
0x2d, 0x39, 0x5d, 0x28, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30, 0x2d, 0x39, 0x5c, 0x5c,
0x2d, 0x5d, 0x7b, 0x30, 0x2c, 0x36, 0x31, 0x7d, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30,
- 0x2d, 0x39, 0x5d, 0x29, 0x3f, 0x29, 0x2a, 0x28, 0x3a, 0x5b, 0x30, 0x2d, 0x39, 0x5d, 0x2b, 0x29,
- 0x3f, 0x28, 0x2f, 0x2e, 0x2a, 0x29, 0x3f, 0x24, 0x27, 0x29, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12,
- 0x30, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20,
- 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x75, 0x62,
- 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x09, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65,
- 0x79, 0x12, 0x2c, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x64, 0x20,
- 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74,
- 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x22,
- 0x61, 0x0a, 0x0c, 0x4b, 0x61, 0x73, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12,
- 0x10, 0x0a, 0x03, 0x70, 0x65, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x70, 0x65,
- 0x6d, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03,
- 0x6b, 0x69, 0x64, 0x12, 0x2d, 0x0a, 0x03, 0x61, 0x6c, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e,
- 0x32, 0x1b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x61, 0x73, 0x50, 0x75, 0x62,
- 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x41, 0x6c, 0x67, 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x03, 0x61,
- 0x6c, 0x67, 0x22, 0x3b, 0x0a, 0x0f, 0x4b, 0x61, 0x73, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b,
- 0x65, 0x79, 0x53, 0x65, 0x74, 0x12, 0x28, 0x0a, 0x04, 0x6b, 0x65, 0x79, 0x73, 0x18, 0x01, 0x20,
- 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x61, 0x73,
- 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x04, 0x6b, 0x65, 0x79, 0x73, 0x22,
- 0xe0, 0x03, 0x0a, 0x09, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x84, 0x03,
- 0x0a, 0x06, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0xe9,
- 0x02, 0xba, 0x48, 0xe5, 0x02, 0xba, 0x01, 0xe1, 0x02, 0x0a, 0x0a, 0x75, 0x72, 0x69, 0x5f, 0x66,
- 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0xcf, 0x01, 0x55, 0x52, 0x49, 0x20, 0x6d, 0x75, 0x73, 0x74,
- 0x20, 0x62, 0x65, 0x20, 0x61, 0x20, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x20, 0x55, 0x52, 0x4c, 0x20,
- 0x28, 0x65, 0x2e, 0x67, 0x2e, 0x2c, 0x20, 0x27, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f,
- 0x64, 0x65, 0x6d, 0x6f, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x27, 0x29, 0x20, 0x66, 0x6f, 0x6c, 0x6c,
- 0x6f, 0x77, 0x65, 0x64, 0x20, 0x62, 0x79, 0x20, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e,
- 0x61, 0x6c, 0x20, 0x73, 0x65, 0x67, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x2e, 0x20, 0x45, 0x61, 0x63,
- 0x68, 0x20, 0x73, 0x65, 0x67, 0x6d, 0x65, 0x6e, 0x74, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x73,
- 0x74, 0x61, 0x72, 0x74, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x65, 0x6e, 0x64, 0x20, 0x77, 0x69, 0x74,
- 0x68, 0x20, 0x61, 0x6e, 0x20, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x6e, 0x75, 0x6d, 0x65, 0x72, 0x69,
- 0x63, 0x20, 0x63, 0x68, 0x61, 0x72, 0x61, 0x63, 0x74, 0x65, 0x72, 0x2c, 0x20, 0x63, 0x61, 0x6e,
- 0x20, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x68, 0x79, 0x70, 0x68, 0x65, 0x6e, 0x73,
- 0x2c, 0x20, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x6e, 0x75, 0x6d, 0x65, 0x72, 0x69, 0x63, 0x20, 0x63,
- 0x68, 0x61, 0x72, 0x61, 0x63, 0x74, 0x65, 0x72, 0x73, 0x2c, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x73,
- 0x6c, 0x61, 0x73, 0x68, 0x65, 0x73, 0x2e, 0x1a, 0x80, 0x01, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6d,
- 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x28, 0x27, 0x5e, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f,
- 0x2f, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30, 0x2d, 0x39, 0x5d, 0x28, 0x5b, 0x61, 0x2d,
- 0x7a, 0x41, 0x2d, 0x5a, 0x30, 0x2d, 0x39, 0x5c, 0x5c, 0x2d, 0x5d, 0x7b, 0x30, 0x2c, 0x36, 0x31,
- 0x7d, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30, 0x2d, 0x39, 0x5d, 0x29, 0x3f, 0x28, 0x5c,
- 0x5c, 0x2e, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30, 0x2d, 0x39, 0x5d, 0x28, 0x5b, 0x61,
- 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30, 0x2d, 0x39, 0x5c, 0x5c, 0x2d, 0x5d, 0x7b, 0x30, 0x2c, 0x36,
- 0x31, 0x7d, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30, 0x2d, 0x39, 0x5d, 0x29, 0x3f, 0x29,
- 0x2a, 0x28, 0x2f, 0x2e, 0x2a, 0x29, 0x3f, 0x24, 0x27, 0x29, 0x48, 0x00, 0x52, 0x06, 0x72, 0x65,
- 0x6d, 0x6f, 0x74, 0x65, 0x12, 0x31, 0x0a, 0x06, 0x63, 0x61, 0x63, 0x68, 0x65, 0x64, 0x18, 0x03,
- 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x61,
- 0x73, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x53, 0x65, 0x74, 0x48, 0x00, 0x52,
- 0x06, 0x63, 0x61, 0x63, 0x68, 0x65, 0x64, 0x42, 0x0c, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69,
- 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x52, 0x05, 0x6c, 0x6f, 0x63,
- 0x61, 0x6c, 0x2a, 0xb3, 0x01, 0x0a, 0x15, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65,
- 0x52, 0x75, 0x6c, 0x65, 0x54, 0x79, 0x70, 0x65, 0x45, 0x6e, 0x75, 0x6d, 0x12, 0x28, 0x0a, 0x24,
- 0x41, 0x54, 0x54, 0x52, 0x49, 0x42, 0x55, 0x54, 0x45, 0x5f, 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x54,
+ 0x2d, 0x39, 0x5d, 0x29, 0x3f, 0x28, 0x5c, 0x5c, 0x2e, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a,
+ 0x30, 0x2d, 0x39, 0x5d, 0x28, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30, 0x2d, 0x39, 0x5c,
+ 0x5c, 0x2d, 0x5d, 0x7b, 0x30, 0x2c, 0x36, 0x31, 0x7d, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a,
+ 0x30, 0x2d, 0x39, 0x5d, 0x29, 0x3f, 0x29, 0x2a, 0x28, 0x2f, 0x2e, 0x2a, 0x29, 0x3f, 0x24, 0x27,
+ 0x29, 0x48, 0x00, 0x52, 0x06, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x12, 0x31, 0x0a, 0x06, 0x63,
+ 0x61, 0x63, 0x68, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x70, 0x6f,
+ 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x61, 0x73, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65,
+ 0x79, 0x53, 0x65, 0x74, 0x48, 0x00, 0x52, 0x06, 0x63, 0x61, 0x63, 0x68, 0x65, 0x64, 0x42, 0x0c,
+ 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x4a, 0x04, 0x08, 0x02,
+ 0x10, 0x03, 0x52, 0x05, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x2a, 0xb3, 0x01, 0x0a, 0x15, 0x41, 0x74,
+ 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x54, 0x79, 0x70, 0x65, 0x45,
+ 0x6e, 0x75, 0x6d, 0x12, 0x28, 0x0a, 0x24, 0x41, 0x54, 0x54, 0x52, 0x49, 0x42, 0x55, 0x54, 0x45,
+ 0x5f, 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f,
+ 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x23, 0x0a,
+ 0x1f, 0x41, 0x54, 0x54, 0x52, 0x49, 0x42, 0x55, 0x54, 0x45, 0x5f, 0x52, 0x55, 0x4c, 0x45, 0x5f,
+ 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x41, 0x4c, 0x4c, 0x5f, 0x4f, 0x46,
+ 0x10, 0x01, 0x12, 0x23, 0x0a, 0x1f, 0x41, 0x54, 0x54, 0x52, 0x49, 0x42, 0x55, 0x54, 0x45, 0x5f,
+ 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x41,
+ 0x4e, 0x59, 0x5f, 0x4f, 0x46, 0x10, 0x02, 0x12, 0x26, 0x0a, 0x22, 0x41, 0x54, 0x54, 0x52, 0x49,
+ 0x42, 0x55, 0x54, 0x45, 0x5f, 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45,
+ 0x4e, 0x55, 0x4d, 0x5f, 0x48, 0x49, 0x45, 0x52, 0x41, 0x52, 0x43, 0x48, 0x59, 0x10, 0x03, 0x2a,
+ 0xca, 0x01, 0x0a, 0x1a, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x61, 0x70, 0x70, 0x69,
+ 0x6e, 0x67, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x75, 0x6d, 0x12, 0x2d,
+ 0x0a, 0x29, 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x4d, 0x41, 0x50, 0x50, 0x49, 0x4e,
+ 0x47, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f,
+ 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x24, 0x0a,
+ 0x20, 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x4d, 0x41, 0x50, 0x50, 0x49, 0x4e, 0x47,
+ 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x49,
+ 0x4e, 0x10, 0x01, 0x12, 0x28, 0x0a, 0x24, 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x4d,
+ 0x41, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f,
+ 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x49, 0x4e, 0x10, 0x02, 0x12, 0x2d, 0x0a,
+ 0x29, 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x4d, 0x41, 0x50, 0x50, 0x49, 0x4e, 0x47,
+ 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x49,
+ 0x4e, 0x5f, 0x43, 0x4f, 0x4e, 0x54, 0x41, 0x49, 0x4e, 0x53, 0x10, 0x03, 0x2a, 0x90, 0x01, 0x0a,
+ 0x18, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x6f, 0x6f, 0x6c, 0x65, 0x61,
+ 0x6e, 0x54, 0x79, 0x70, 0x65, 0x45, 0x6e, 0x75, 0x6d, 0x12, 0x2b, 0x0a, 0x27, 0x43, 0x4f, 0x4e,
+ 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x42, 0x4f, 0x4f, 0x4c, 0x45, 0x41, 0x4e, 0x5f, 0x54,
0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49,
- 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x23, 0x0a, 0x1f, 0x41, 0x54, 0x54, 0x52, 0x49, 0x42,
- 0x55, 0x54, 0x45, 0x5f, 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e,
- 0x55, 0x4d, 0x5f, 0x41, 0x4c, 0x4c, 0x5f, 0x4f, 0x46, 0x10, 0x01, 0x12, 0x23, 0x0a, 0x1f, 0x41,
- 0x54, 0x54, 0x52, 0x49, 0x42, 0x55, 0x54, 0x45, 0x5f, 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x54, 0x59,
- 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x41, 0x4e, 0x59, 0x5f, 0x4f, 0x46, 0x10, 0x02,
- 0x12, 0x26, 0x0a, 0x22, 0x41, 0x54, 0x54, 0x52, 0x49, 0x42, 0x55, 0x54, 0x45, 0x5f, 0x52, 0x55,
- 0x4c, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x48, 0x49, 0x45,
- 0x52, 0x41, 0x52, 0x43, 0x48, 0x59, 0x10, 0x03, 0x2a, 0xca, 0x01, 0x0a, 0x1a, 0x53, 0x75, 0x62,
- 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x4f, 0x70, 0x65, 0x72, 0x61,
- 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x75, 0x6d, 0x12, 0x2d, 0x0a, 0x29, 0x53, 0x55, 0x42, 0x4a, 0x45,
- 0x43, 0x54, 0x5f, 0x4d, 0x41, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41,
- 0x54, 0x4f, 0x52, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49,
- 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x24, 0x0a, 0x20, 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43,
- 0x54, 0x5f, 0x4d, 0x41, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54,
- 0x4f, 0x52, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x49, 0x4e, 0x10, 0x01, 0x12, 0x28, 0x0a, 0x24,
- 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x4d, 0x41, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x5f,
- 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x4e, 0x4f,
- 0x54, 0x5f, 0x49, 0x4e, 0x10, 0x02, 0x12, 0x2d, 0x0a, 0x29, 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43,
- 0x54, 0x5f, 0x4d, 0x41, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54,
- 0x4f, 0x52, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x49, 0x4e, 0x5f, 0x43, 0x4f, 0x4e, 0x54, 0x41,
- 0x49, 0x4e, 0x53, 0x10, 0x03, 0x2a, 0x90, 0x01, 0x0a, 0x18, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74,
- 0x69, 0x6f, 0x6e, 0x42, 0x6f, 0x6f, 0x6c, 0x65, 0x61, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x45, 0x6e,
- 0x75, 0x6d, 0x12, 0x2b, 0x0a, 0x27, 0x43, 0x4f, 0x4e, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f,
- 0x42, 0x4f, 0x4f, 0x4c, 0x45, 0x41, 0x4e, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55,
- 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
- 0x23, 0x0a, 0x1f, 0x43, 0x4f, 0x4e, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x42, 0x4f, 0x4f,
- 0x4c, 0x45, 0x41, 0x4e, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x41,
- 0x4e, 0x44, 0x10, 0x01, 0x12, 0x22, 0x0a, 0x1e, 0x43, 0x4f, 0x4e, 0x44, 0x49, 0x54, 0x49, 0x4f,
- 0x4e, 0x5f, 0x42, 0x4f, 0x4f, 0x4c, 0x45, 0x41, 0x4e, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45,
- 0x4e, 0x55, 0x4d, 0x5f, 0x4f, 0x52, 0x10, 0x02, 0x2a, 0x9a, 0x01, 0x0a, 0x13, 0x4b, 0x61, 0x73,
- 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x41, 0x6c, 0x67, 0x45, 0x6e, 0x75, 0x6d,
- 0x12, 0x27, 0x0a, 0x23, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b,
- 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50,
- 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x24, 0x0a, 0x20, 0x4b, 0x41, 0x53,
- 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f,
- 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x10, 0x01, 0x12,
- 0x28, 0x0a, 0x24, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45,
- 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x53, 0x45,
- 0x43, 0x50, 0x32, 0x35, 0x36, 0x52, 0x31, 0x10, 0x05, 0x22, 0x04, 0x08, 0x02, 0x10, 0x04, 0x22,
- 0x04, 0x08, 0x06, 0x10, 0x64, 0x42, 0x82, 0x01, 0x0a, 0x0a, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x6f,
- 0x6c, 0x69, 0x63, 0x79, 0x42, 0x0c, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x50, 0x72, 0x6f,
- 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d,
- 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x64, 0x66, 0x2f, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72,
- 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x67, 0x6f, 0x2f, 0x70, 0x6f,
- 0x6c, 0x69, 0x63, 0x79, 0xa2, 0x02, 0x03, 0x50, 0x58, 0x58, 0xaa, 0x02, 0x06, 0x50, 0x6f, 0x6c,
- 0x69, 0x63, 0x79, 0xca, 0x02, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0xe2, 0x02, 0x12, 0x50,
- 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74,
- 0x61, 0xea, 0x02, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
- 0x6f, 0x33,
+ 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x23, 0x0a, 0x1f, 0x43, 0x4f, 0x4e, 0x44, 0x49, 0x54,
+ 0x49, 0x4f, 0x4e, 0x5f, 0x42, 0x4f, 0x4f, 0x4c, 0x45, 0x41, 0x4e, 0x5f, 0x54, 0x59, 0x50, 0x45,
+ 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x41, 0x4e, 0x44, 0x10, 0x01, 0x12, 0x22, 0x0a, 0x1e, 0x43,
+ 0x4f, 0x4e, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x42, 0x4f, 0x4f, 0x4c, 0x45, 0x41, 0x4e,
+ 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x4f, 0x52, 0x10, 0x02, 0x2a,
+ 0x9a, 0x01, 0x0a, 0x13, 0x4b, 0x61, 0x73, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79,
+ 0x41, 0x6c, 0x67, 0x45, 0x6e, 0x75, 0x6d, 0x12, 0x27, 0x0a, 0x23, 0x4b, 0x41, 0x53, 0x5f, 0x50,
+ 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e,
+ 0x55, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00,
+ 0x12, 0x24, 0x0a, 0x20, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b,
+ 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x52, 0x53, 0x41, 0x5f,
+ 0x32, 0x30, 0x34, 0x38, 0x10, 0x01, 0x12, 0x28, 0x0a, 0x24, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55,
+ 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55,
+ 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x52, 0x31, 0x10, 0x05,
+ 0x22, 0x04, 0x08, 0x02, 0x10, 0x04, 0x22, 0x04, 0x08, 0x06, 0x10, 0x64, 0x42, 0x82, 0x01, 0x0a,
+ 0x0a, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x0c, 0x4f, 0x62, 0x6a,
+ 0x65, 0x63, 0x74, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2e, 0x67, 0x69, 0x74,
+ 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x64, 0x66, 0x2f,
+ 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f,
+ 0x6c, 0x2f, 0x67, 0x6f, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0xa2, 0x02, 0x03, 0x50, 0x58,
+ 0x58, 0xaa, 0x02, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0xca, 0x02, 0x06, 0x50, 0x6f, 0x6c,
+ 0x69, 0x63, 0x79, 0xe2, 0x02, 0x12, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5c, 0x47, 0x50, 0x42,
+ 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63,
+ 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
diff --git a/service/integration/subject_mappings_test.go b/service/integration/subject_mappings_test.go
index c37c98a7e1..954dc786a4 100644
--- a/service/integration/subject_mappings_test.go
+++ b/service/integration/subject_mappings_test.go
@@ -17,6 +17,8 @@ type SubjectMappingsSuite struct {
suite.Suite
f fixtures.Fixtures
db fixtures.DBInterface
+ //nolint:containedctx // Only used for test suite
+ ctx context.Context
}
func (s *SubjectMappingsSuite) SetupSuite() {
@@ -25,6 +27,7 @@ func (s *SubjectMappingsSuite) SetupSuite() {
c.DB.Schema = "test_opentdf_subject_mappings"
s.db = fixtures.NewDBInterface(c)
s.f = fixtures.NewFixture(s.db)
+ s.ctx = context.Background()
s.f.Provision()
}
@@ -83,12 +86,12 @@ func (s *SubjectMappingsSuite) TestCreateSubjectMapping_ExistingSubjectCondition
Actions: []*policy.Action{aDecrypt, aTransmit},
}
- created, err := s.db.PolicyClient.CreateSubjectMapping(context.Background(), newSubjectMapping)
+ created, err := s.db.PolicyClient.CreateSubjectMapping(s.ctx, newSubjectMapping)
s.Require().NoError(err)
s.NotNil(created)
// verify the subject mapping was created
- sm, err := s.db.PolicyClient.GetSubjectMapping(context.Background(), created.GetId())
+ sm, err := s.db.PolicyClient.GetSubjectMapping(s.ctx, created.GetId())
s.Require().NoError(err)
s.Equal(newSubjectMapping.GetAttributeValueId(), sm.GetAttributeValue().GetId())
s.Equal(newSubjectMapping.GetExistingSubjectConditionSetId(), sm.GetSubjectConditionSet().GetId())
@@ -125,12 +128,12 @@ func (s *SubjectMappingsSuite) TestCreateSubjectMapping_NewSubjectConditionSet()
NewSubjectConditionSet: scs,
}
- created, err := s.db.PolicyClient.CreateSubjectMapping(context.Background(), newSubjectMapping)
+ created, err := s.db.PolicyClient.CreateSubjectMapping(s.ctx, newSubjectMapping)
s.Require().NoError(err)
s.NotNil(created)
// verify the new subject condition set created was returned properly
- sm, err := s.db.PolicyClient.GetSubjectMapping(context.Background(), created.GetId())
+ sm, err := s.db.PolicyClient.GetSubjectMapping(s.ctx, created.GetId())
s.Require().NoError(err)
s.NotNil(sm.GetSubjectConditionSet())
s.Equal(len(scs.GetSubjectSets()), len(sm.GetSubjectConditionSet().GetSubjectSets()))
@@ -156,7 +159,7 @@ func (s *SubjectMappingsSuite) TestCreateSubjectMapping_NonExistentAttributeValu
AttributeValueId: nonExistentAttributeValueUUID,
}
- created, err := s.db.PolicyClient.CreateSubjectMapping(context.Background(), newSubjectMapping)
+ created, err := s.db.PolicyClient.CreateSubjectMapping(s.ctx, newSubjectMapping)
s.Require().Error(err)
s.Nil(created)
s.Require().ErrorIs(err, db.ErrForeignKeyViolation)
@@ -171,7 +174,7 @@ func (s *SubjectMappingsSuite) TestCreateSubjectMapping_NonExistentSubjectCondit
ExistingSubjectConditionSetId: nonExistentSubjectSetID,
}
- created, err := s.db.PolicyClient.CreateSubjectMapping(context.Background(), newSubjectMapping)
+ created, err := s.db.PolicyClient.CreateSubjectMapping(s.ctx, newSubjectMapping)
s.Require().Error(err)
s.Nil(created)
s.Require().ErrorIs(err, db.ErrNotFound)
@@ -189,7 +192,7 @@ func (s *SubjectMappingsSuite) TestUpdateSubjectMapping_Actions() {
Actions: []*policy.Action{aTransmit, aCustomUpload},
ExistingSubjectConditionSetId: fixtureScs.ID,
}
- created, err := s.db.PolicyClient.CreateSubjectMapping(context.Background(), newSubjectMapping)
+ created, err := s.db.PolicyClient.CreateSubjectMapping(s.ctx, newSubjectMapping)
s.Require().NoError(err)
s.NotNil(created)
@@ -200,13 +203,13 @@ func (s *SubjectMappingsSuite) TestUpdateSubjectMapping_Actions() {
Actions: newActions,
}
- updated, err := s.db.PolicyClient.UpdateSubjectMapping(context.Background(), update)
+ updated, err := s.db.PolicyClient.UpdateSubjectMapping(s.ctx, update)
s.Require().NoError(err)
s.NotNil(updated)
s.Equal(created.GetId(), updated.GetId())
// verify the actions were updated but nothing else
- got, err := s.db.PolicyClient.GetSubjectMapping(context.Background(), created.GetId())
+ got, err := s.db.PolicyClient.GetSubjectMapping(s.ctx, created.GetId())
s.Require().NoError(err)
s.NotNil(got)
s.Equal(len(newActions), len(got.GetActions()))
@@ -233,7 +236,7 @@ func (s *SubjectMappingsSuite) TestUpdateSubjectMapping_SubjectConditionSetId()
ExistingSubjectConditionSetId: fixtureScs.ID,
}
- created, err := s.db.PolicyClient.CreateSubjectMapping(context.Background(), newSubjectMapping)
+ created, err := s.db.PolicyClient.CreateSubjectMapping(s.ctx, newSubjectMapping)
s.Require().NoError(err)
s.NotNil(created)
@@ -244,13 +247,13 @@ func (s *SubjectMappingsSuite) TestUpdateSubjectMapping_SubjectConditionSetId()
SubjectConditionSetId: newScs.ID,
}
- updated, err := s.db.PolicyClient.UpdateSubjectMapping(context.Background(), update)
+ updated, err := s.db.PolicyClient.UpdateSubjectMapping(s.ctx, update)
s.Require().NoError(err)
s.NotNil(updated)
s.Equal(created.GetId(), updated.GetId())
// verify the subject condition set was updated but nothing else
- got, err := s.db.PolicyClient.GetSubjectMapping(context.Background(), created.GetId())
+ got, err := s.db.PolicyClient.GetSubjectMapping(s.ctx, created.GetId())
s.Require().NoError(err)
s.NotNil(got)
s.Equal(newSubjectMapping.GetAttributeValueId(), got.GetAttributeValue().GetId())
@@ -271,7 +274,7 @@ func (s *SubjectMappingsSuite) TestUpdateSubjectMapping_UpdateAllAllowedFields()
ExistingSubjectConditionSetId: fixtureScs.ID,
}
- created, err := s.db.PolicyClient.CreateSubjectMapping(context.Background(), newSubjectMapping)
+ created, err := s.db.PolicyClient.CreateSubjectMapping(s.ctx, newSubjectMapping)
s.Require().NoError(err)
s.NotNil(created)
@@ -289,13 +292,13 @@ func (s *SubjectMappingsSuite) TestUpdateSubjectMapping_UpdateAllAllowedFields()
MetadataUpdateBehavior: common.MetadataUpdateEnum_METADATA_UPDATE_ENUM_EXTEND,
}
- updated, err := s.db.PolicyClient.UpdateSubjectMapping(context.Background(), update)
+ updated, err := s.db.PolicyClient.UpdateSubjectMapping(s.ctx, update)
s.Require().NoError(err)
s.NotNil(updated)
s.Equal(created.GetId(), updated.GetId())
// verify the subject mapping was updated
- got, err := s.db.PolicyClient.GetSubjectMapping(context.Background(), created.GetId())
+ got, err := s.db.PolicyClient.GetSubjectMapping(s.ctx, created.GetId())
s.Require().NoError(err)
s.NotNil(got)
s.Equal(created.GetId(), got.GetId())
@@ -315,7 +318,7 @@ func (s *SubjectMappingsSuite) TestUpdateSubjectMapping_NonExistentId_Fails() {
MetadataUpdateBehavior: common.MetadataUpdateEnum_METADATA_UPDATE_ENUM_REPLACE,
}
- sm, err := s.db.PolicyClient.UpdateSubjectMapping(context.Background(), update)
+ sm, err := s.db.PolicyClient.UpdateSubjectMapping(s.ctx, update)
s.Require().Error(err)
s.Nil(sm)
s.Require().ErrorIs(err, db.ErrNotFound)
@@ -327,7 +330,7 @@ func (s *SubjectMappingsSuite) TestUpdateSubjectMapping_NonExistentSubjectCondit
SubjectConditionSetId: nonExistentSubjectSetID,
}
- sm, err := s.db.PolicyClient.UpdateSubjectMapping(context.Background(), update)
+ sm, err := s.db.PolicyClient.UpdateSubjectMapping(s.ctx, update)
s.Require().Error(err)
s.Nil(sm)
s.Require().ErrorIs(err, db.ErrForeignKeyViolation)
@@ -336,7 +339,7 @@ func (s *SubjectMappingsSuite) TestUpdateSubjectMapping_NonExistentSubjectCondit
func (s *SubjectMappingsSuite) TestGetSubjectMapping() {
fixture := s.f.GetSubjectMappingKey("subject_mapping_subject_attribute2")
- sm, err := s.db.PolicyClient.GetSubjectMapping(context.Background(), fixture.ID)
+ sm, err := s.db.PolicyClient.GetSubjectMapping(s.ctx, fixture.ID)
s.Require().NoError(err)
s.NotNil(sm)
s.Equal(fixture.ID, sm.GetId())
@@ -355,7 +358,7 @@ func (s *SubjectMappingsSuite) TestGetSubjectMapping() {
s.Equal("custom:\""+fixture.Actions[i].Custom+"\"", a.String())
}
}
- got, err := s.db.PolicyClient.GetAttributeValue(context.Background(), fixture.AttributeValueID)
+ got, err := s.db.PolicyClient.GetAttributeValue(s.ctx, fixture.AttributeValueID)
s.Require().NoError(err)
s.NotNil(got)
s.Equal(fixture.AttributeValueID, got.GetId())
@@ -367,14 +370,14 @@ func (s *SubjectMappingsSuite) TestGetSubjectMapping() {
}
func (s *SubjectMappingsSuite) TestGetSubjectMapping_NonExistentId_Fails() {
- sm, err := s.db.PolicyClient.GetSubjectMapping(context.Background(), nonExistentSubjectMappingID)
+ sm, err := s.db.PolicyClient.GetSubjectMapping(s.ctx, nonExistentSubjectMappingID)
s.Require().Error(err)
s.Nil(sm)
s.Require().ErrorIs(err, db.ErrNotFound)
}
func (s *SubjectMappingsSuite) TestListSubjectMappings() {
- list, err := s.db.PolicyClient.ListSubjectMappings(context.Background())
+ list, err := s.db.PolicyClient.ListSubjectMappings(s.ctx)
s.Require().NoError(err)
s.NotNil(list)
@@ -423,22 +426,22 @@ func (s *SubjectMappingsSuite) TestDeleteSubjectMapping() {
ExistingSubjectConditionSetId: fixtureScs.ID,
}
- created, err := s.db.PolicyClient.CreateSubjectMapping(context.Background(), newSubjectMapping)
+ created, err := s.db.PolicyClient.CreateSubjectMapping(s.ctx, newSubjectMapping)
s.Require().NoError(err)
s.NotNil(created)
- deleted, err := s.db.PolicyClient.DeleteSubjectMapping(context.Background(), created.GetId())
+ deleted, err := s.db.PolicyClient.DeleteSubjectMapping(s.ctx, created.GetId())
s.Require().NoError(err)
s.NotNil(deleted)
- got, err := s.db.PolicyClient.GetSubjectMapping(context.Background(), created.GetId())
+ got, err := s.db.PolicyClient.GetSubjectMapping(s.ctx, created.GetId())
s.Require().Error(err)
s.Nil(got)
s.Require().ErrorIs(err, db.ErrNotFound)
}
func (s *SubjectMappingsSuite) TestDeleteSubjectMapping_WithNonExistentId_Fails() {
- deleted, err := s.db.PolicyClient.DeleteSubjectMapping(context.Background(), nonExistentSubjectMappingID)
+ deleted, err := s.db.PolicyClient.DeleteSubjectMapping(s.ctx, nonExistentSubjectMappingID)
s.Require().Error(err)
s.Nil(deleted)
s.Require().ErrorIs(err, db.ErrNotFound)
@@ -473,19 +476,19 @@ func (s *SubjectMappingsSuite) TestDeleteSubjectMapping_DoesNotDeleteSubjectCond
NewSubjectConditionSet: newScs,
}
- created, err := s.db.PolicyClient.CreateSubjectMapping(context.Background(), newSubjectMapping)
+ created, err := s.db.PolicyClient.CreateSubjectMapping(s.ctx, newSubjectMapping)
s.Require().NoError(err)
s.NotNil(created)
- sm, err := s.db.PolicyClient.GetSubjectMapping(context.Background(), created.GetId())
+ sm, err := s.db.PolicyClient.GetSubjectMapping(s.ctx, created.GetId())
s.Require().NoError(err)
s.NotNil(sm)
- deleted, err := s.db.PolicyClient.DeleteSubjectMapping(context.Background(), sm.GetId())
+ deleted, err := s.db.PolicyClient.DeleteSubjectMapping(s.ctx, sm.GetId())
s.Require().NoError(err)
s.NotNil(deleted)
s.NotZero(deleted.GetId())
- scs, err := s.db.PolicyClient.GetSubjectConditionSet(context.Background(), sm.GetSubjectConditionSet().GetId())
+ scs, err := s.db.PolicyClient.GetSubjectConditionSet(s.ctx, sm.GetSubjectConditionSet().GetId())
s.Require().NoError(err)
s.NotNil(scs)
s.Equal(sm.GetSubjectConditionSet().GetId(), scs.GetId())
@@ -515,7 +518,7 @@ func (s *SubjectMappingsSuite) TestCreateSubjectConditionSet() {
},
}
- scs, err := s.db.PolicyClient.CreateSubjectConditionSet(context.Background(), newConditionSet)
+ scs, err := s.db.PolicyClient.CreateSubjectConditionSet(s.ctx, newConditionSet)
s.Require().NoError(err)
s.NotNil(scs)
}
@@ -540,7 +543,7 @@ func (s *SubjectMappingsSuite) TestCreateSubjectConditionSetContains() {
},
}
- scs, err := s.db.PolicyClient.CreateSubjectConditionSet(context.Background(), newConditionSet)
+ scs, err := s.db.PolicyClient.CreateSubjectConditionSet(s.ctx, newConditionSet)
s.Require().NoError(err)
s.NotNil(scs)
}
@@ -548,7 +551,7 @@ func (s *SubjectMappingsSuite) TestCreateSubjectConditionSetContains() {
func (s *SubjectMappingsSuite) TestGetSubjectConditionSet_ById() {
fixture := s.f.GetSubjectConditionSetKey("subject_condition_set1")
- scs, err := s.db.PolicyClient.GetSubjectConditionSet(context.Background(), fixture.ID)
+ scs, err := s.db.PolicyClient.GetSubjectConditionSet(s.ctx, fixture.ID)
s.Require().NoError(err)
s.NotNil(scs)
s.Equal(fixture.ID, scs.GetId())
@@ -560,21 +563,21 @@ func (s *SubjectMappingsSuite) TestGetSubjectConditionSet_ById() {
}
func (s *SubjectMappingsSuite) TestGetSubjectConditionSet_WithNoId_Fails() {
- scs, err := s.db.PolicyClient.GetSubjectConditionSet(context.Background(), "")
+ scs, err := s.db.PolicyClient.GetSubjectConditionSet(s.ctx, "")
s.Require().Error(err)
s.Nil(scs)
s.Require().ErrorIs(err, db.ErrUUIDInvalid)
}
func (s *SubjectMappingsSuite) TestGetSubjectConditionSet_NonExistentId_Fails() {
- scs, err := s.db.PolicyClient.GetSubjectConditionSet(context.Background(), nonExistentSubjectSetID)
+ scs, err := s.db.PolicyClient.GetSubjectConditionSet(s.ctx, nonExistentSubjectSetID)
s.Require().Error(err)
s.Nil(scs)
s.Require().ErrorIs(err, db.ErrNotFound)
}
func (s *SubjectMappingsSuite) TestListSubjectConditionSet() {
- list, err := s.db.PolicyClient.ListSubjectConditionSets(context.Background())
+ list, err := s.db.PolicyClient.ListSubjectConditionSets(s.ctx)
s.Require().NoError(err)
s.NotNil(list)
@@ -612,23 +615,23 @@ func (s *SubjectMappingsSuite) TestDeleteSubjectConditionSet() {
SubjectSets: []*policy.SubjectSet{},
}
- created, err := s.db.PolicyClient.CreateSubjectConditionSet(context.Background(), newConditionSet)
+ created, err := s.db.PolicyClient.CreateSubjectConditionSet(s.ctx, newConditionSet)
s.Require().NoError(err)
s.NotNil(created)
- deleted, err := s.db.PolicyClient.DeleteSubjectConditionSet(context.Background(), created.GetId())
+ deleted, err := s.db.PolicyClient.DeleteSubjectConditionSet(s.ctx, created.GetId())
s.Require().NoError(err)
s.NotNil(deleted)
s.Equal(created.GetId(), deleted.GetId())
- got, err := s.db.PolicyClient.GetSubjectConditionSet(context.Background(), created.GetId())
+ got, err := s.db.PolicyClient.GetSubjectConditionSet(s.ctx, created.GetId())
s.Require().Error(err)
s.Nil(got)
s.Require().ErrorIs(err, db.ErrNotFound)
}
func (s *SubjectMappingsSuite) TestDeleteSubjectConditionSet_WithNonExistentId_Fails() {
- deleted, err := s.db.PolicyClient.DeleteSubjectConditionSet(context.Background(), nonExistentSubjectSetID)
+ deleted, err := s.db.PolicyClient.DeleteSubjectConditionSet(s.ctx, nonExistentSubjectSetID)
s.Require().Error(err)
s.Nil(deleted)
s.Require().ErrorIs(err, db.ErrNotFound)
@@ -641,7 +644,7 @@ func (s *SubjectMappingsSuite) TestUpdateSubjectConditionSet_NewSubjectSets() {
{},
},
}
- created, err := s.db.PolicyClient.CreateSubjectConditionSet(context.Background(), newConditionSet)
+ created, err := s.db.PolicyClient.CreateSubjectConditionSet(s.ctx, newConditionSet)
s.Require().NoError(err)
s.NotNil(created)
@@ -669,13 +672,13 @@ func (s *SubjectMappingsSuite) TestUpdateSubjectConditionSet_NewSubjectSets() {
MetadataUpdateBehavior: common.MetadataUpdateEnum_METADATA_UPDATE_ENUM_REPLACE,
}
- updated, err := s.db.PolicyClient.UpdateSubjectConditionSet(context.Background(), update)
+ updated, err := s.db.PolicyClient.UpdateSubjectConditionSet(s.ctx, update)
s.Require().NoError(err)
s.NotNil(updated)
s.Equal(created.GetId(), updated.GetId())
// verify the subject condition set was updated
- got, err := s.db.PolicyClient.GetSubjectConditionSet(context.Background(), created.GetId())
+ got, err := s.db.PolicyClient.GetSubjectConditionSet(s.ctx, created.GetId())
s.Require().NoError(err)
s.NotNil(got)
s.Equal(created.GetId(), got.GetId())
@@ -697,7 +700,7 @@ func (s *SubjectMappingsSuite) TestUpdateSubjectConditionSet_AllAllowedFields()
},
}
- created, err := s.db.PolicyClient.CreateSubjectConditionSet(context.Background(), newConditionSet)
+ created, err := s.db.PolicyClient.CreateSubjectConditionSet(s.ctx, newConditionSet)
s.Require().NoError(err)
s.NotNil(created)
@@ -728,13 +731,13 @@ func (s *SubjectMappingsSuite) TestUpdateSubjectConditionSet_AllAllowedFields()
Id: created.GetId(),
}
- updated, err := s.db.PolicyClient.UpdateSubjectConditionSet(context.Background(), update)
+ updated, err := s.db.PolicyClient.UpdateSubjectConditionSet(s.ctx, update)
s.Require().NoError(err)
s.NotNil(updated)
s.Equal(created.GetId(), updated.GetId())
// verify the subject condition set was updated
- got, err := s.db.PolicyClient.GetSubjectConditionSet(context.Background(), created.GetId())
+ got, err := s.db.PolicyClient.GetSubjectConditionSet(s.ctx, created.GetId())
s.Require().NoError(err)
s.NotNil(got)
s.Equal(created.GetId(), got.GetId())
@@ -763,7 +766,7 @@ func (s *SubjectMappingsSuite) TestUpdateSubjectConditionSet_ChangeOperator() {
},
}
- created, err := s.db.PolicyClient.CreateSubjectConditionSet(context.Background(), newConditionSet)
+ created, err := s.db.PolicyClient.CreateSubjectConditionSet(s.ctx, newConditionSet)
s.Require().NoError(err)
s.NotNil(created)
@@ -789,11 +792,11 @@ func (s *SubjectMappingsSuite) TestUpdateSubjectConditionSet_ChangeOperator() {
SubjectSets: newSS,
Id: created.GetId(),
}
- updated, err := s.db.PolicyClient.UpdateSubjectConditionSet(context.Background(), update)
+ updated, err := s.db.PolicyClient.UpdateSubjectConditionSet(s.ctx, update)
s.Require().NoError(err)
s.NotNil(updated)
- got, err := s.db.PolicyClient.GetSubjectConditionSet(context.Background(), created.GetId())
+ got, err := s.db.PolicyClient.GetSubjectConditionSet(s.ctx, created.GetId())
s.Require().NoError(err)
s.NotNil(got)
s.Equal(created.GetId(), got.GetId())
@@ -810,108 +813,178 @@ func (s *SubjectMappingsSuite) TestUpdateSubjectConditionSet_NonExistentId_Fails
SubjectSets: []*policy.SubjectSet{},
}
- updated, err := s.db.PolicyClient.UpdateSubjectConditionSet(context.Background(), update)
+ updated, err := s.db.PolicyClient.UpdateSubjectConditionSet(s.ctx, update)
s.Require().Error(err)
s.Nil(updated)
s.Require().ErrorIs(err, db.ErrNotFound)
}
-func (s *SubjectMappingsSuite) TestGetMatchedSubjectMappings_InOne() {
- fixtureScs := s.f.GetSubjectConditionSetKey("subject_condition_set1")
- externalSelectorValue := fixtureScs.Condition.SubjectSets[0].ConditionGroups[0].Conditions[0].SubjectExternalSelectorValue
- externalValues := fixtureScs.Condition.SubjectSets[0].ConditionGroups[0].Conditions[0].SubjectExternalValues
-
- props := []*policy.SubjectProperty{
- {
- ExternalSelectorValue: externalSelectorValue,
- ExternalValue: externalValues[0],
+func (s *SubjectMappingsSuite) TestGetMatchedSubjectMappings_SingleMatch() {
+ externalSelector := ".testing_matched_sm"
+ fixtureAttrValID := s.f.GetAttributeValueKey("example.com/attr/attr1/value/value1").ID
+ newScs := &subjectmapping.SubjectConditionSetCreate{
+ SubjectSets: []*policy.SubjectSet{
+ {
+ ConditionGroups: []*policy.ConditionGroup{
+ {
+ BooleanOperator: policy.ConditionBooleanTypeEnum_CONDITION_BOOLEAN_TYPE_ENUM_AND,
+ Conditions: []*policy.Condition{
+ {
+ SubjectExternalSelectorValue: externalSelector,
+ Operator: policy.SubjectMappingOperatorEnum_SUBJECT_MAPPING_OPERATOR_ENUM_IN,
+ SubjectExternalValues: []string{"match"},
+ },
+ },
+ },
+ },
+ },
},
}
+ aTransmit := fixtureActions[Transmit]
- sm, err := s.db.PolicyClient.GetMatchedSubjectMappings(context.Background(), props)
+ subjectMapping := &subjectmapping.CreateSubjectMappingRequest{
+ AttributeValueId: fixtureAttrValID,
+ Actions: []*policy.Action{aTransmit},
+ NewSubjectConditionSet: newScs,
+ }
+ created, err := s.db.PolicyClient.CreateSubjectMapping(s.ctx, subjectMapping)
s.Require().NoError(err)
- s.NotZero(sm)
- s.Equal(fixtureScs.ID, sm[0].GetSubjectConditionSet().GetId())
-}
-
-func (s *SubjectMappingsSuite) TestGetMatchedSubjectMappings_ReturnsNotInWhenMatches() {
- fixtureScs := s.f.GetSubjectConditionSetKey("subject_condition_simple_not_in")
- externalSelectorValue := fixtureScs.Condition.SubjectSets[0].ConditionGroups[0].Conditions[0].SubjectExternalSelectorValue
- externalValues := fixtureScs.Condition.SubjectSets[0].ConditionGroups[0].Conditions[0].SubjectExternalValues
+ s.NotNil(created)
props := []*policy.SubjectProperty{
{
- ExternalSelectorValue: externalSelectorValue,
- ExternalValue: externalValues[0],
+ ExternalSelectorValue: externalSelector,
},
}
- smList, err := s.db.PolicyClient.GetMatchedSubjectMappings(context.Background(), props)
+ smList, err := s.db.PolicyClient.GetMatchedSubjectMappings(s.ctx, props)
s.Require().NoError(err)
s.NotZero(smList)
- s.Equal(fixtureScs.ID, smList[0].GetSubjectConditionSet().GetId())
+ matched := smList[0]
+ s.Equal(created.GetId(), matched.GetId())
+ s.NotZero(matched.GetAttributeValue().GetId())
+ s.NotZero(matched.GetId())
+ s.NotNil(matched.GetActions())
}
-func (s *SubjectMappingsSuite) TestGetMatchedSubjectMappings_NotInOneMatch() {
- fixtureScs := s.f.GetSubjectConditionSetKey("subject_condition_simple_not_in")
- externalSelectorValue := fixtureScs.Condition.SubjectSets[0].ConditionGroups[0].Conditions[0].SubjectExternalSelectorValue
+func (s *SubjectMappingsSuite) TestGetMatchedSubjectMappings_IgnoresExternalValueInCondition() {
+ externalSelector := ".testing_unmatched_condition"
+ fixtureAttrValID := s.f.GetAttributeValueKey("example.com/attr/attr2/value/value2").ID
+ newScs := &subjectmapping.SubjectConditionSetCreate{
+ SubjectSets: []*policy.SubjectSet{
+ {
+ ConditionGroups: []*policy.ConditionGroup{
+ {
+ BooleanOperator: policy.ConditionBooleanTypeEnum_CONDITION_BOOLEAN_TYPE_ENUM_AND,
+ Conditions: []*policy.Condition{
+ {
+ SubjectExternalSelectorValue: externalSelector,
+ Operator: policy.SubjectMappingOperatorEnum_SUBJECT_MAPPING_OPERATOR_ENUM_IN,
+ SubjectExternalValues: []string{"idp_value"},
+ },
+ },
+ },
+ },
+ },
+ },
+ }
+ aTransmit := fixtureActions[Transmit]
- expectedMappedFixture := s.f.GetSubjectMappingKey("subject_mapping_subject_simple_not_in")
+ subjectMapping := &subjectmapping.CreateSubjectMappingRequest{
+ AttributeValueId: fixtureAttrValID,
+ Actions: []*policy.Action{aTransmit},
+ NewSubjectConditionSet: newScs,
+ }
+ created, err := s.db.PolicyClient.CreateSubjectMapping(s.ctx, subjectMapping)
+ s.Require().NoError(err)
+ s.NotNil(created)
props := []*policy.SubjectProperty{
{
- ExternalSelectorValue: externalSelectorValue,
- ExternalValue: "random_value",
+ ExternalSelectorValue: externalSelector,
+ ExternalValue: "unrelated",
},
}
- smList, err := s.db.PolicyClient.GetMatchedSubjectMappings(context.Background(), props)
+ smList, err := s.db.PolicyClient.GetMatchedSubjectMappings(s.ctx, props)
s.Require().NoError(err)
s.NotZero(smList)
- s.Require().Len(smList, 1)
- s.Equal(fixtureScs.ID, smList[0].GetSubjectConditionSet().GetId())
- s.Equal(expectedMappedFixture.ID, smList[0].GetId())
+ matched := smList[0]
+ s.Equal(created.GetId(), matched.GetId())
+ s.NotZero(matched.GetAttributeValue().GetId())
+ s.NotZero(matched.GetId())
+ s.NotNil(matched.GetActions())
}
-func (s *SubjectMappingsSuite) TestGetMatchedSubjectMappings_InMultiple() {
- simpleScs := s.f.GetSubjectConditionSetKey("subject_condition_simple_in")
- simpleexternalSelectorValue := simpleScs.Condition.SubjectSets[0].ConditionGroups[0].Conditions[0].SubjectExternalSelectorValue
- simpleExternalValues := simpleScs.Condition.SubjectSets[0].ConditionGroups[0].Conditions[0].SubjectExternalValues
+func (s *SubjectMappingsSuite) TestGetMatchedSubjectMappings_MultipleMatches() {
+ externalSelector1 := ".idp_field"
+ externalSelector2 := ".org.attributes[]"
+ // create a two subject mappings with different subject condition sets
+ fixtureAttrValID := s.f.GetAttributeValueKey("example.com/attr/attr2/value/value2").ID
+ newScs := &subjectmapping.SubjectConditionSetCreate{
+ SubjectSets: []*policy.SubjectSet{
+ {
+ ConditionGroups: []*policy.ConditionGroup{
+ {
+ BooleanOperator: policy.ConditionBooleanTypeEnum_CONDITION_BOOLEAN_TYPE_ENUM_AND,
+ Conditions: []*policy.Condition{
+ {
+ SubjectExternalSelectorValue: externalSelector1,
+ Operator: policy.SubjectMappingOperatorEnum_SUBJECT_MAPPING_OPERATOR_ENUM_IN,
+ SubjectExternalValues: []string{"idp_value"},
+ },
+ },
+ },
+ },
+ },
+ },
+ }
+ aTransmit := fixtureActions[Transmit]
- otherScs := s.f.GetSubjectConditionSetKey("subject_condition_set1")
- otherexternalSelectorValue := otherScs.Condition.SubjectSets[0].ConditionGroups[0].Conditions[0].SubjectExternalSelectorValue
- otherExternalValues := otherScs.Condition.SubjectSets[0].ConditionGroups[0].Conditions[0].SubjectExternalValues
+ subjectMapping := &subjectmapping.CreateSubjectMappingRequest{
+ AttributeValueId: fixtureAttrValID,
+ Actions: []*policy.Action{aTransmit},
+ NewSubjectConditionSet: newScs,
+ }
+
+ subjectMappingFirst, err := s.db.PolicyClient.CreateSubjectMapping(s.ctx, subjectMapping)
+ s.Require().NoError(err)
+ s.NotNil(subjectMappingFirst)
+
+ // create the second subject mapping with the second SCS
+ newScs.SubjectSets[0].ConditionGroups[0].Conditions[0].SubjectExternalSelectorValue = externalSelector2
+ subjectMapping.NewSubjectConditionSet = newScs
+
+ subjectMappingSecond, err := s.db.PolicyClient.CreateSubjectMapping(s.ctx, subjectMapping)
+ s.Require().NoError(err)
+ s.NotNil(subjectMappingSecond)
props := []*policy.SubjectProperty{
{
- ExternalSelectorValue: simpleexternalSelectorValue,
- ExternalValue: simpleExternalValues[0],
+ ExternalSelectorValue: externalSelector1,
},
{
- ExternalSelectorValue: otherexternalSelectorValue,
- ExternalValue: otherExternalValues[0],
+ ExternalSelectorValue: externalSelector2,
},
}
- gotEntitlements, err := s.db.PolicyClient.GetMatchedSubjectMappings(context.Background(), props)
+ candidateEntitlements, err := s.db.PolicyClient.GetMatchedSubjectMappings(s.ctx, props)
s.Require().NoError(err)
- s.NotZero(gotEntitlements)
- s.GreaterOrEqual(len(gotEntitlements), 2)
-
- mappedSimple := s.f.GetSubjectMappingKey("subject_mapping_subject_simple_in")
- foundMappedSimple := false
- mappedSubjectConditionSet1 := s.f.GetSubjectMappingKey("subject_mapping_subject_attribute1")
- foundMappedSubjectConditionSet1 := false
-
- for _, sm := range gotEntitlements {
- if sm.GetSubjectConditionSet().GetId() == mappedSimple.SubjectConditionSetID {
- foundMappedSimple = true
- } else if sm.GetSubjectConditionSet().GetId() == mappedSubjectConditionSet1.SubjectConditionSetID {
- foundMappedSubjectConditionSet1 = true
+ s.NotZero(candidateEntitlements)
+ s.GreaterOrEqual(len(candidateEntitlements), 2)
+
+ foundFirst := false
+ foundSecond := false
+
+ for _, sm := range candidateEntitlements {
+ if sm.GetId() == subjectMappingFirst.GetId() {
+ foundFirst = true
+ } else if sm.GetId() == subjectMappingSecond.GetId() {
+ foundSecond = true
}
}
- s.True(foundMappedSimple)
- s.True(foundMappedSubjectConditionSet1)
+ s.True(foundFirst)
+ s.True(foundSecond)
}
func (s *SubjectMappingsSuite) TestGetMatchedSubjectMappings_DeactivatedValueNotReturned() {
@@ -925,7 +998,7 @@ func (s *SubjectMappingsSuite) TestGetMatchedSubjectMappings_DeactivatedValueNot
Actions: []*policy.Action{aTransmit},
ExistingSubjectConditionSetId: fixtureScs.ID,
}
- sm, err := s.db.PolicyClient.CreateSubjectMapping(context.Background(), newSubjectMapping)
+ sm, err := s.db.PolicyClient.CreateSubjectMapping(s.ctx, newSubjectMapping)
s.Require().NoError(err)
s.NotNil(sm)
@@ -933,10 +1006,9 @@ func (s *SubjectMappingsSuite) TestGetMatchedSubjectMappings_DeactivatedValueNot
props := []*policy.SubjectProperty{
{
ExternalSelectorValue: fixtureScs.Condition.SubjectSets[0].ConditionGroups[0].Conditions[0].SubjectExternalSelectorValue,
- ExternalValue: fixtureScs.Condition.SubjectSets[0].ConditionGroups[0].Conditions[0].SubjectExternalValues[0],
},
}
- smList, err := s.db.PolicyClient.GetMatchedSubjectMappings(context.Background(), props)
+ smList, err := s.db.PolicyClient.GetMatchedSubjectMappings(s.ctx, props)
s.Require().NoError(err)
s.NotZero(smList)
@@ -948,80 +1020,133 @@ func (s *SubjectMappingsSuite) TestGetMatchedSubjectMappings_DeactivatedValueNot
}
}
-func (s *SubjectMappingsSuite) TestGetMatchedSubjectMappings_NotInMultiple() {
- fixtureScs := s.f.GetSubjectConditionSetKey("subject_condition_simple_not_in")
- externalSelectorValue := fixtureScs.Condition.SubjectSets[0].ConditionGroups[0].Conditions[0].SubjectExternalSelectorValue
- expectedMappedFixture := s.f.GetSubjectMappingKey("subject_mapping_subject_simple_not_in")
-
- otherFixtureScs := s.f.GetSubjectConditionSetKey("subject_condition_set3")
- otherexternalSelectorValue1 := otherFixtureScs.Condition.SubjectSets[0].ConditionGroups[1].Conditions[1].SubjectExternalSelectorValue
- otherExpectedMatchedFixture := s.f.GetSubjectMappingKey("subject_mapping_subject_attribute3")
+func (s *SubjectMappingsSuite) TestGetMatchedSubjectMappings_ConditionSetReusedByMultipleSubjectMappings() {
+ selector := ".hello_world"
+ toCreate := &subjectmapping.SubjectConditionSetCreate{
+ SubjectSets: []*policy.SubjectSet{
+ {
+ ConditionGroups: []*policy.ConditionGroup{
+ {
+ BooleanOperator: policy.ConditionBooleanTypeEnum_CONDITION_BOOLEAN_TYPE_ENUM_AND,
+ Conditions: []*policy.Condition{
+ {
+ SubjectExternalSelectorValue: selector,
+ Operator: policy.SubjectMappingOperatorEnum_SUBJECT_MAPPING_OPERATOR_ENUM_IN,
+ SubjectExternalValues: []string{"goodnight_moon"},
+ },
+ },
+ },
+ },
+ },
+ },
+ }
+ createdSCS, err := s.db.PolicyClient.CreateSubjectConditionSet(s.ctx, toCreate)
+ s.Require().NoError(err)
+ s.NotNil(createdSCS)
+
+ // Create two subject mappings across different values that reuse the same subject condition set
+ attrVal1 := s.f.GetAttributeValueKey("example.com/attr/attr1/value/value1").ID
+ sm1, err := s.db.PolicyClient.CreateSubjectMapping(s.ctx, &subjectmapping.CreateSubjectMappingRequest{
+ AttributeValueId: attrVal1,
+ ExistingSubjectConditionSetId: createdSCS.GetId(),
+ Actions: []*policy.Action{fixtureActions[Decrypt]},
+ })
+ s.Require().NoError(err)
+ s.NotNil(sm1)
+ attrVal2 := s.f.GetAttributeValueKey("example.com/attr/attr1/value/value2").ID
+ sm2, err := s.db.PolicyClient.CreateSubjectMapping(s.ctx, &subjectmapping.CreateSubjectMappingRequest{
+ AttributeValueId: attrVal2,
+ ExistingSubjectConditionSetId: createdSCS.GetId(),
+ Actions: []*policy.Action{fixtureActions[Transmit]},
+ })
+ s.Require().NoError(err)
+ s.NotNil(sm2)
+ // check matched subject mappings for the selector in the reused SCS
props := []*policy.SubjectProperty{
{
- ExternalSelectorValue: externalSelectorValue,
- ExternalValue: "random_value_definitely_not_in_fixtures",
- },
- {
- ExternalSelectorValue: otherexternalSelectorValue1,
- ExternalValue: "random_value_definitely_not_in_fixtures",
+ ExternalSelectorValue: selector,
},
}
- smList, err := s.db.PolicyClient.GetMatchedSubjectMappings(context.Background(), props)
+ smList, err := s.db.PolicyClient.GetMatchedSubjectMappings(s.ctx, props)
s.Require().NoError(err)
s.NotZero(smList)
- s.Len(smList, 3)
+ s.Len(smList, 2)
+ foundSm1 := false
+ foundSm2 := false
for _, sm := range smList {
- if sm.GetSubjectConditionSet().GetId() == fixtureScs.ID {
- s.Equal(expectedMappedFixture.ID, sm.GetId())
- } else if sm.GetSubjectConditionSet().GetId() == otherFixtureScs.ID {
- s.Equal(otherExpectedMatchedFixture.ID, sm.GetId())
+ smID := sm.GetId()
+ foundSCS := sm.GetSubjectConditionSet().GetId()
+ foundAttrVal := sm.GetAttributeValue().GetId()
+ s.Equal(foundSCS, createdSCS.GetId())
+ if smID == sm1.GetId() {
+ foundSm1 = true
+ s.Equal(sm1.GetAttributeValue().GetId(), foundAttrVal)
+ }
+ if smID == sm2.GetId() {
+ foundSm2 = true
+ s.Equal(sm2.GetAttributeValue().GetId(), foundAttrVal)
}
}
+ s.True(foundSm1)
+ s.True(foundSm2)
}
-func (s *SubjectMappingsSuite) TestGetMatchedSubjectMappings_InOneAndNotInASecond() {
- fixtureScs := s.f.GetSubjectConditionSetKey("subject_condition_simple_in")
- externalSelectorValue := fixtureScs.Condition.SubjectSets[0].ConditionGroups[0].Conditions[0].SubjectExternalSelectorValue
- externalValues := fixtureScs.Condition.SubjectSets[0].ConditionGroups[0].Conditions[0].SubjectExternalValues
- expectedMappedFixture := s.f.GetSubjectMappingKey("subject_mapping_subject_simple_in")
+func (s *SubjectMappingsSuite) TestGetMatchedSubjectMappings_OnlyMatchesOneProperty() {
+ selector := ".only_matches_one[]"
+ fixtureAttrValID := s.f.GetAttributeValueKey("example.com/attr/attr1/value/value2").ID
+ newScs := &subjectmapping.SubjectConditionSetCreate{
+ SubjectSets: []*policy.SubjectSet{
+ {
+ ConditionGroups: []*policy.ConditionGroup{
+ {
+ BooleanOperator: policy.ConditionBooleanTypeEnum_CONDITION_BOOLEAN_TYPE_ENUM_AND,
+ Conditions: []*policy.Condition{
+ {
+ SubjectExternalSelectorValue: selector,
+ Operator: policy.SubjectMappingOperatorEnum_SUBJECT_MAPPING_OPERATOR_ENUM_IN,
+ SubjectExternalValues: []string{"random_value"},
+ },
+ },
+ },
+ },
+ },
+ },
+ }
+
+ subjectMapping := &subjectmapping.CreateSubjectMappingRequest{
+ AttributeValueId: fixtureAttrValID,
+ Actions: []*policy.Action{fixtureActions[Transmit], fixtureActions[Decrypt]},
+ NewSubjectConditionSet: newScs,
+ }
- otherFixtureScs := s.f.GetSubjectConditionSetKey("subject_condition_simple_not_in")
- otherexternalSelectorValue := otherFixtureScs.Condition.SubjectSets[0].ConditionGroups[0].Conditions[0].SubjectExternalSelectorValue
- expectedMappedOtherFixture := s.f.GetSubjectMappingKey("subject_mapping_subject_simple_not_in")
+ createdSM, err := s.db.PolicyClient.CreateSubjectMapping(s.ctx, subjectMapping)
+ s.Require().NoError(err)
+ s.NotNil(createdSM)
props := []*policy.SubjectProperty{
{
- ExternalSelectorValue: externalSelectorValue,
- ExternalValue: externalValues[0],
+ ExternalSelectorValue: selector,
},
{
- ExternalSelectorValue: otherexternalSelectorValue,
- ExternalValue: "random_value_987654321",
+ ExternalSelectorValue: "random_value_987654321",
},
}
- smList, err := s.db.PolicyClient.GetMatchedSubjectMappings(context.Background(), props)
+ smList, err := s.db.PolicyClient.GetMatchedSubjectMappings(s.ctx, props)
s.Require().NoError(err)
- s.NotZero(smList)
- for _, sm := range smList {
- if sm.GetSubjectConditionSet().GetId() == fixtureScs.ID {
- s.Equal(expectedMappedFixture.ID, sm.GetId())
- } else if sm.GetSubjectConditionSet().GetId() == otherFixtureScs.ID {
- s.Equal(expectedMappedOtherFixture.ID, sm.GetId())
- }
- }
+ s.Len(smList, 1)
+ s.Equal(smList[0].GetId(), createdSM.GetId())
}
func (s *SubjectMappingsSuite) TestGetMatchedSubjectMappings_NonExistentField_ReturnsNoMappings() {
props := []*policy.SubjectProperty{
{
ExternalSelectorValue: ".non_existent_field[1]",
- ExternalValue: "non_existent_value",
},
}
- sm, err := s.db.PolicyClient.GetMatchedSubjectMappings(context.Background(), props)
+ sm, err := s.db.PolicyClient.GetMatchedSubjectMappings(s.ctx, props)
s.Require().NoError(err)
s.NotZero(sm)
s.Empty(sm)
@@ -1047,7 +1172,7 @@ func (s *SubjectMappingsSuite) TestUpdateSubjectConditionSet_MetadataVariations(
"new": newLabel,
}
- created, err := s.db.PolicyClient.CreateSubjectConditionSet(context.Background(), &subjectmapping.SubjectConditionSetCreate{
+ created, err := s.db.PolicyClient.CreateSubjectConditionSet(s.ctx, &subjectmapping.SubjectConditionSetCreate{
SubjectSets: []*policy.SubjectSet{
{},
},
@@ -1059,7 +1184,7 @@ func (s *SubjectMappingsSuite) TestUpdateSubjectConditionSet_MetadataVariations(
s.NotNil(created)
// update with no changes
- updatedWithoutChange, err := s.db.PolicyClient.UpdateSubjectConditionSet(context.Background(), &subjectmapping.UpdateSubjectConditionSetRequest{
+ updatedWithoutChange, err := s.db.PolicyClient.UpdateSubjectConditionSet(s.ctx, &subjectmapping.UpdateSubjectConditionSetRequest{
Id: created.GetId(),
})
s.Require().NoError(err)
@@ -1067,7 +1192,7 @@ func (s *SubjectMappingsSuite) TestUpdateSubjectConditionSet_MetadataVariations(
s.Equal(created.GetId(), updatedWithoutChange.GetId())
// update with changes
- updatedWithChange, err := s.db.PolicyClient.UpdateSubjectConditionSet(context.Background(), &subjectmapping.UpdateSubjectConditionSetRequest{
+ updatedWithChange, err := s.db.PolicyClient.UpdateSubjectConditionSet(s.ctx, &subjectmapping.UpdateSubjectConditionSetRequest{
Id: created.GetId(),
Metadata: &common.MetadataMutable{Labels: updateLabels},
MetadataUpdateBehavior: common.MetadataUpdateEnum_METADATA_UPDATE_ENUM_EXTEND,
@@ -1077,14 +1202,14 @@ func (s *SubjectMappingsSuite) TestUpdateSubjectConditionSet_MetadataVariations(
s.Equal(created.GetId(), updatedWithChange.GetId())
// verify the metadata was extended
- got, err := s.db.PolicyClient.GetSubjectConditionSet(context.Background(), created.GetId())
+ got, err := s.db.PolicyClient.GetSubjectConditionSet(s.ctx, created.GetId())
s.Require().NoError(err)
s.NotNil(got)
s.Equal(created.GetId(), got.GetId())
s.Equal(expectedLabels, got.GetMetadata().GetLabels())
// update with replace
- updatedWithReplace, err := s.db.PolicyClient.UpdateSubjectConditionSet(context.Background(), &subjectmapping.UpdateSubjectConditionSetRequest{
+ updatedWithReplace, err := s.db.PolicyClient.UpdateSubjectConditionSet(s.ctx, &subjectmapping.UpdateSubjectConditionSetRequest{
Id: created.GetId(),
Metadata: &common.MetadataMutable{Labels: labels},
MetadataUpdateBehavior: common.MetadataUpdateEnum_METADATA_UPDATE_ENUM_REPLACE,
@@ -1094,7 +1219,7 @@ func (s *SubjectMappingsSuite) TestUpdateSubjectConditionSet_MetadataVariations(
s.Equal(created.GetId(), updatedWithReplace.GetId())
// verify the metadata was replaced
- got, err = s.db.PolicyClient.GetSubjectConditionSet(context.Background(), created.GetId())
+ got, err = s.db.PolicyClient.GetSubjectConditionSet(s.ctx, created.GetId())
s.Require().NoError(err)
s.NotNil(got)
s.Equal(created.GetId(), got.GetId())
diff --git a/service/policy/db/query.sql b/service/policy/db/query.sql
index 89cc9f8bd4..2e939e9a38 100644
--- a/service/policy/db/query.sql
+++ b/service/policy/db/query.sql
@@ -695,10 +695,8 @@ GROUP BY av.id, sm.id, scs.id;
SELECT
sm.id,
sm.actions,
- JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', sm.metadata -> 'labels', 'created_at', sm.created_at, 'updated_at', sm.updated_at)) AS metadata,
JSON_BUILD_OBJECT(
'id', scs.id,
- 'metadata', JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', scs.metadata -> 'labels', 'created_at', scs.created_at, 'updated_at', scs.updated_at)),
'subject_sets', scs.condition
) AS subject_condition_set,
JSON_BUILD_OBJECT('id', av.id,'value', av.value,'active', av.active) AS attribute_value
@@ -709,9 +707,8 @@ LEFT JOIN attribute_namespaces ns ON ad.namespace_id = ns.id
LEFT JOIN subject_condition_set scs ON scs.id = sm.subject_condition_set_id
WHERE ns.active = true AND ad.active = true and av.active = true AND EXISTS (
SELECT 1
- FROM JSONB_ARRAY_ELEMENTS(scs.condition) AS ss, JSONB_ARRAY_ELEMENTS(ss->'condition_groups') AS cg, JSONB_ARRAY_ELEMENTS(cg->'conditions') AS each_condition
- WHERE (each_condition->>'subject_external_selector_value' = ANY(@selectors::TEXT[]))
-
+ FROM JSONB_ARRAY_ELEMENTS(scs.condition) AS ss, JSONB_ARRAY_ELEMENTS(ss->'conditionGroups') AS cg, JSONB_ARRAY_ELEMENTS(cg->'conditions') AS each_condition
+ WHERE (each_condition->>'subjectExternalSelectorValue' = ANY(@selectors::TEXT[]))
)
GROUP BY av.id, sm.id, scs.id;
diff --git a/service/policy/db/query.sql.go b/service/policy/db/query.sql.go
index 8b11bf96b3..3315335e7e 100644
--- a/service/policy/db/query.sql.go
+++ b/service/policy/db/query.sql.go
@@ -2003,10 +2003,8 @@ const matchSubjectMappings = `-- name: MatchSubjectMappings :many
SELECT
sm.id,
sm.actions,
- JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', sm.metadata -> 'labels', 'created_at', sm.created_at, 'updated_at', sm.updated_at)) AS metadata,
JSON_BUILD_OBJECT(
'id', scs.id,
- 'metadata', JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', scs.metadata -> 'labels', 'created_at', scs.created_at, 'updated_at', scs.updated_at)),
'subject_sets', scs.condition
) AS subject_condition_set,
JSON_BUILD_OBJECT('id', av.id,'value', av.value,'active', av.active) AS attribute_value
@@ -2017,9 +2015,8 @@ LEFT JOIN attribute_namespaces ns ON ad.namespace_id = ns.id
LEFT JOIN subject_condition_set scs ON scs.id = sm.subject_condition_set_id
WHERE ns.active = true AND ad.active = true and av.active = true AND EXISTS (
SELECT 1
- FROM JSONB_ARRAY_ELEMENTS(scs.condition) AS ss, JSONB_ARRAY_ELEMENTS(ss->'condition_groups') AS cg, JSONB_ARRAY_ELEMENTS(cg->'conditions') AS each_condition
- WHERE (each_condition->>'subject_external_selector_value' = ANY($1::TEXT[]))
-
+ FROM JSONB_ARRAY_ELEMENTS(scs.condition) AS ss, JSONB_ARRAY_ELEMENTS(ss->'conditionGroups') AS cg, JSONB_ARRAY_ELEMENTS(cg->'conditions') AS each_condition
+ WHERE (each_condition->>'subjectExternalSelectorValue' = ANY($1::TEXT[]))
)
GROUP BY av.id, sm.id, scs.id
`
@@ -2027,7 +2024,6 @@ GROUP BY av.id, sm.id, scs.id
type MatchSubjectMappingsRow struct {
ID string `json:"id"`
Actions []byte `json:"actions"`
- Metadata []byte `json:"metadata"`
SubjectConditionSet []byte `json:"subject_condition_set"`
AttributeValue []byte `json:"attribute_value"`
}
@@ -2037,10 +2033,8 @@ type MatchSubjectMappingsRow struct {
// SELECT
// sm.id,
// sm.actions,
-// JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', sm.metadata -> 'labels', 'created_at', sm.created_at, 'updated_at', sm.updated_at)) AS metadata,
// JSON_BUILD_OBJECT(
// 'id', scs.id,
-// 'metadata', JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', scs.metadata -> 'labels', 'created_at', scs.created_at, 'updated_at', scs.updated_at)),
// 'subject_sets', scs.condition
// ) AS subject_condition_set,
// JSON_BUILD_OBJECT('id', av.id,'value', av.value,'active', av.active) AS attribute_value
@@ -2051,9 +2045,8 @@ type MatchSubjectMappingsRow struct {
// LEFT JOIN subject_condition_set scs ON scs.id = sm.subject_condition_set_id
// WHERE ns.active = true AND ad.active = true and av.active = true AND EXISTS (
// SELECT 1
-// FROM JSONB_ARRAY_ELEMENTS(scs.condition) AS ss, JSONB_ARRAY_ELEMENTS(ss->'condition_groups') AS cg, JSONB_ARRAY_ELEMENTS(cg->'conditions') AS each_condition
-// WHERE (each_condition->>'subject_external_selector_value' = ANY($1::TEXT[]))
-//
+// FROM JSONB_ARRAY_ELEMENTS(scs.condition) AS ss, JSONB_ARRAY_ELEMENTS(ss->'conditionGroups') AS cg, JSONB_ARRAY_ELEMENTS(cg->'conditions') AS each_condition
+// WHERE (each_condition->>'subjectExternalSelectorValue' = ANY($1::TEXT[]))
// )
// GROUP BY av.id, sm.id, scs.id
func (q *Queries) MatchSubjectMappings(ctx context.Context, selectors []string) ([]MatchSubjectMappingsRow, error) {
@@ -2068,7 +2061,6 @@ func (q *Queries) MatchSubjectMappings(ctx context.Context, selectors []string)
if err := rows.Scan(
&i.ID,
&i.Actions,
- &i.Metadata,
&i.SubjectConditionSet,
&i.AttributeValue,
); err != nil {
diff --git a/service/policy/db/subject_mappings.go b/service/policy/db/subject_mappings.go
index 8172a02fba..7a552462a9 100644
--- a/service/policy/db/subject_mappings.go
+++ b/service/policy/db/subject_mappings.go
@@ -62,9 +62,7 @@ func marshalActionsProto(actions []*policy.Action) ([]byte, error) {
}
func unmarshalActionsProto(actionsJSON []byte, actions *[]*policy.Action) error {
- var (
- raw []json.RawMessage
- )
+ var raw []json.RawMessage
if actionsJSON != nil {
if err := json.Unmarshal(actionsJSON, &raw); err != nil {
@@ -428,8 +426,8 @@ func (c PolicyDBClient) DeleteSubjectMapping(ctx context.Context, id string) (*p
// GetMatchedSubjectMappings liberally returns a list of SubjectMappings based on the provided SubjectProperties.
// The SubjectMappings are returned if an external selector field matches.
//
-// NOTE: This relationship is sometimes called Entitlements or Subject Entitlements.
-// NOTE: if you have any issues, set the log level to 'debug' for more comprehensive context.
+// NOTE: Any matched SubjectMappings cannot entitle without resolution of the Condition Sets returned. Each contains
+// logic that must be applied to a subject Entity Representation to assure entitlement.
func (c PolicyDBClient) GetMatchedSubjectMappings(ctx context.Context, properties []*policy.SubjectProperty) ([]*policy.SubjectMapping, error) {
selectors := []string{}
for _, sp := range properties {
@@ -442,11 +440,6 @@ func (c PolicyDBClient) GetMatchedSubjectMappings(ctx context.Context, propertie
mappings := make([]*policy.SubjectMapping, len(list))
for i, sm := range list {
- metadata := &common.Metadata{}
- if err = unmarshalMetadata(sm.Metadata, metadata); err != nil {
- return nil, err
- }
-
av := &policy.Value{}
if err = unmarshalAttributeValue(sm.AttributeValue, av); err != nil {
return nil, err
@@ -457,16 +450,15 @@ func (c PolicyDBClient) GetMatchedSubjectMappings(ctx context.Context, propertie
return nil, err
}
- scs := policy.SubjectConditionSet{}
- if err = unmarshalSubjectConditionSet(sm.SubjectConditionSet, &scs); err != nil {
+ scs := &policy.SubjectConditionSet{}
+ if err = unmarshalSubjectConditionSet(sm.SubjectConditionSet, scs); err != nil {
return nil, err
}
mappings[i] = &policy.SubjectMapping{
Id: sm.ID,
- Metadata: metadata,
AttributeValue: av,
- SubjectConditionSet: &scs,
+ SubjectConditionSet: scs,
Actions: a,
}
}
diff --git a/service/policy/objects.proto b/service/policy/objects.proto
index e4c8d10c72..636fddc0f4 100644
--- a/service/policy/objects.proto
+++ b/service/policy/objects.proto
@@ -151,20 +151,6 @@ message SubjectMapping {
/**
A Condition defines a rule of
-
- Example: Subjects with a field selected by the flattened selector "'.division'" and a value of "Accounting" or "Marketing":
- {
- "subject_external_selector_value": "'.division'",
- "operator": "SUBJECT_MAPPING_OPERATOR_ENUM_IN",
- "subject_external_values" : ["Accounting", "Marketing"]
- }
-
- Example: Subjects that are not part of the Fantastic Four according to their alias field:
- {
- "subject_external_selector_value": "'.data[0].alias'",
- "operator": "SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN",
- "subject_external_values" : ["mister_fantastic", "the_thing", "human_torch", "invisible_woman"]
- }
*/
message Condition {
// a selector for a field value on a flattened Entity Representation (such as from idP/LDAP)
@@ -221,7 +207,7 @@ message SubjectConditionSet {
*/
message SubjectProperty {
string external_selector_value = 1 [(buf.validate.field).required = true, (buf.validate.field).string = {min_len: 1}];
- string external_value = 2 [(buf.validate.field).required = true];
+ string external_value = 2;
}
/*
diff --git a/service/policy/subjectmapping/subject_mapping_test.go b/service/policy/subjectmapping/subject_mapping_test.go
index 13b58ac928..9dc7123331 100644
--- a/service/policy/subjectmapping/subject_mapping_test.go
+++ b/service/policy/subjectmapping/subject_mapping_test.go
@@ -84,3 +84,15 @@ func Test_MatchSubjectMappingsRequest_Succeeds(t *testing.T) {
err := getValidator().Validate(req)
require.NoError(t, err)
}
+
+func Test_MatchSubjectMappingsRequest_EmptyExternalValue_Succeeds(t *testing.T) {
+ props := []*policy.SubjectProperty{
+ {
+ ExternalSelectorValue: ".some_field",
+ },
+ }
+ req := &subjectmapping.MatchSubjectMappingsRequest{SubjectProperties: props}
+
+ err := getValidator().Validate(req)
+ require.NoError(t, err)
+}