- | entities |
- authorization.Entity |
+ actions |
+ policy.Action |
repeated |
|
@@ -4297,8 +4513,8 @@ ResolveEntitiesRequest
- ResolveEntitiesResponse
- Example: Get idp attributes for bob and alice
{
"entity_representations": [
{
"idp_entity_id": "e1",
"additional_props": {"someAttr1":"someValue1"}
},
{
"idp_entity_id": "e2",
"additional_props": {"someAttr2":"someValue2"}
}
]
}
+ EntityEntitlements.ActionsPerAttributeValueFqnEntry
+
+
+
+
+
+
+ EntityIdentifier
+ The EntityIdentifier specifies the actor in an entitlement or decision request - the PE, NPE, or PE+NPE being authorized.
The abstraction houses the distinct entity types, PE and/or NPE combinations, or a registered resource value
being treated as an entity in entitlement/authorization decisioning.
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
+
+ | entity_chain |
+ entity.EntityChain |
+ |
+ chain of one or more entities |
+
+
+
+ | registered_resource_value_fqn |
+ string |
+ |
+ fully qualified name of the registered resource value stored in platform policy, where in
+this case the resource acts as and represents a single entity for authorization/entitlement decisioning |
+
+
+
+ | token |
+ entity.Token |
+ |
+ access token (JWT), which is used to create an entity chain (comprising one or more entities) |
+
+
+
+
+
+
+
+
+
+ GetDecisionBulkRequest
+ Is access allowed?
1. Multiplexing of a Decision request
This is a more performant bulk request for complex decisioning (i.e. multiple entity chains or actions on
multiple resources)
+
+
+
+
+
+
+
+
+ GetDecisionBulkResponse
+
+
+
+
+
+
+
+
+
+ GetDecisionMultiResourceRequest
+ Can the identified entity/entities access?
1. one entity reference (actor)
2. one action
3. multiple resources
Note: this is a more performant bulk request for multiple resource decisions
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
+
+ | entity_identifier |
+ EntityIdentifier |
+ |
+ an entity must be identified for authorization decisioning |
+
+
+
+ | action |
+ policy.Action |
+ |
+ name on action is required |
+
+
+
+ | resources |
+ Resource |
+ repeated |
+ |
+
+
+
+
+
+
+
+
+
+ GetDecisionMultiResourceResponse
+
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
+
+ | all_permitted |
+ google.protobuf.BoolValue |
+ |
+ convenience flag indicating global resource decisions result (permit/deny) |
+
+
+
+ | resource_decisions |
+ ResourceDecision |
+ repeated |
+ individual resource decisions |
+
+
+
+
+
+
+
+
+
+ GetDecisionRequest
+ Can the identified entity/entities access?
1. one entity reference (actor)
2. one action
3. one resource
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
+
+ | entity_identifier |
+ EntityIdentifier |
+ |
+ an entity must be identified for authorization decisioning |
+
+
+
+ | action |
+ policy.Action |
+ |
+ name on action is required |
+
+
+
+ | resource |
+ Resource |
+ |
+ |
+
+
+
+
+
+
+
+
+
+ GetDecisionResponse
+
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
+
+ | decision |
+ ResourceDecision |
+ |
+ decision on the resource
+
+optional list of obligations represented in URI format
+repeated string obligations = 2; |
+
+
+
+
+
+
+
+
+
+ GetEntitlementsRequest
+ What is permitted to the identified entity/entities (actor), broken down as permitted actions on attribute value FQNs?
Note: the v1 API parameter 'scope' has been dropped, and it is recommended to use
GetDecision if the resource is known
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
+
+ | entity_identifier |
+ EntityIdentifier |
+ |
+ an entity must be identified for entitlement decisioning |
+
+
+
+ | with_comprehensive_hierarchy |
+ bool |
+ optional |
+ optional parameter to return all entitled values for attribute definitions with hierarchy rules, propagating
+down the hierarchical values instead of returning solely the value that is directly entitled |
+
+
+
+
+
+
+
+
+
+ GetEntitlementsResponse
+
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
+
+ | entitlements |
+ EntityEntitlements |
+ repeated |
+ |
+
+
+
+
+
+
+
+
+
+ Resource
+ Either a set of attribute values (such as those on a TDF) or a registered resource value
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
+
+ | ephemeral_id |
+ string |
+ |
+ ephemeral id for tracking between request and response |
+
+
+
+ | attribute_values |
+ Resource.AttributeValues |
+ |
+ |
+
+
+
+ | registered_resource_value_fqn |
+ string |
+ |
+ |
+
+
+
+
+
+
+
+
+
+ Resource.AttributeValues
+
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
+
+ | fqns |
+ string |
+ repeated |
+ |
+
+
+
+
+
+
+
+
+
+ ResourceDecision
+
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
+
+ | ephemeral_resource_id |
+ string |
+ |
+ ephemeral id for tracking between request and response |
+
+
+
+ | decision |
+ Decision |
+ |
+ decision result |
+
+
+
+
+
+
+
+
+
+
+
+ Decision
+
+
+
+ | Name | Number | Description |
+
+
+
+
+ | DECISION_UNSPECIFIED |
+ 0 |
+ |
+
+
+
+ | DECISION_DENY |
+ 1 |
+ |
+
+
+
+ | DECISION_PERMIT |
+ 2 |
+ DECISION_OBLIGATED = 3; |
+
+
+
+
+
+
+
+
+
+ AuthorizationService
+
+
+
+
+
+
+
+
entityresolution/entity_resolution.proto
Top
+
CreateEntityChainFromJwtRequest
+ Example: Get Entity chains for tokens aaaaaa and bbbbbb
{
"tokens": [
"aaaaaaa",
"bbbbbbbb"
]
}
+
+
+
+
+
+
+
+
+ CreateEntityChainFromJwtResponse
+ Example: Return the entity chains from the provided tokens
{
"entity_chains": [
{
"id": "tok1",
"entities": [
{
"clientId": "client1"
}
]
},
{
"id": "tok2",
"entities": [
{
"userName": "alice",
"clientId": "client2"
}
]
}
]
}
+
+
+
+
+
+
+
+
+ EntityNotFoundError
+
+
+
+
+
+
+
+
+
+ EntityRepresentation
+
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
+
+ | additional_props |
+ google.protobuf.Struct |
+ repeated |
+ |
+
+
+
+ | original_id |
+ string |
+ |
+ ephemeral entity id from the request |
+
+
+
+
+
+
+
+
+
+ ResolveEntitiesRequest
+ Example: Get idp attributes for bob and alice (both represented using an email address
{
"entities": [
{
"id": "e1",
"emailAddress": "bob@example.org"
},
{
"id": "e2",
"emailAddress": "alice@example.org"
}
]
}
+
+
+
+
+
+
+
+
+ ResolveEntitiesResponse
+ Example: Get idp attributes for bob and alice
{
"entity_representations": [
{
"idp_entity_id": "e1",
"additional_props": {"someAttr1":"someValue1"}
},
{
"idp_entity_id": "e2",
"additional_props": {"someAttr2":"someValue2"}
}
]
}
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
+
+ | entity_representations |
+ EntityRepresentation |
repeated |
|
@@ -4393,6 +5241,218 @@ Methods with HTTP bindings
+
+
entityresolution/v2/entity_resolution.proto
Top
+
CreateEntityChainsFromTokensRequest
+ Create an entity chain for each token (JWT) in the request.
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
+
+ | tokens |
+ entity.Token |
+ repeated |
+ |
+
+
+
+
+
+
+
+
+
+ CreateEntityChainsFromTokensResponse
+
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
+
+ | entity_chains |
+ entity.EntityChain |
+ repeated |
+ |
+
+
+
+
+
+
+
+
+
+ EntityNotFoundError
+
+
+
+
+
+
+
+
+
+ EntityRepresentation
+
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
+
+ | original_id |
+ string |
+ |
+ ephemeral entity id from the request |
+
+
+
+ | additional_props |
+ google.protobuf.Struct |
+ repeated |
+ |
+
+
+
+
+
+
+
+
+
+ ResolveEntitiesRequest
+ Resolve a set of entities to their representations.
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
+
+ | entities |
+ entity.Entity |
+ repeated |
+ |
+
+
+
+
+
+
+
+
+
+ ResolveEntitiesResponse
+
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
+
+ | entity_representations |
+ EntityRepresentation |
+ repeated |
+ |
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ EntityResolutionService
+
+
+
+
+
+
diff --git a/docs/openapi/authorization/authorization.swagger.json b/docs/openapi/authorization/authorization.swagger.json
index 16b31595aa..5f9b787c93 100644
--- a/docs/openapi/authorization/authorization.swagger.json
+++ b/docs/openapi/authorization/authorization.swagger.json
@@ -115,24 +115,6 @@
"default": "STANDARD_ACTION_UNSPECIFIED",
"title": "- STANDARD_ACTION_DECRYPT: Deprecated\nMigrate to 'read' action name\n - STANDARD_ACTION_TRANSMIT: Deprecated\nMigrate to 'create' action name"
},
- "DecisionResponseDecision": {
- "type": "string",
- "enum": [
- "DECISION_UNSPECIFIED",
- "DECISION_DENY",
- "DECISION_PERMIT"
- ],
- "default": "DECISION_UNSPECIFIED"
- },
- "EntityCategory": {
- "type": "string",
- "enum": [
- "CATEGORY_UNSPECIFIED",
- "CATEGORY_SUBJECT",
- "CATEGORY_ENVIRONMENT"
- ],
- "default": "CATEGORY_UNSPECIFIED"
- },
"authorizationDecisionRequest": {
"type": "object",
"properties": {
@@ -177,7 +159,7 @@
"title": "Action of the decision response"
},
"decision": {
- "$ref": "#/definitions/DecisionResponseDecision",
+ "$ref": "#/definitions/authorizationDecisionResponseDecision",
"title": "The decision response"
},
"obligations": {
@@ -191,6 +173,15 @@
"description": "Results:\n- bob has permitted authorization to transmit for a resource defined by attr-set-1 attributes and has a watermark obligation\n- bob has denied authorization to transmit a for a resource defined by attr-set-2 attributes\n- alice has permitted authorization to transmit for a resource defined by attr-set-1 attributes\n- alice has denied authorization to transmit a for a resource defined by attr-set-2 attributes\n\n{\n\"entityChainId\": \"ec1\",\n\"resourceAttributesId\": \"attr-set-1\",\n\"decision\": \"DECISION_PERMIT\",\n\"obligations\": [\n\"http://www.example.org/obligation/watermark\"\n]\n},\n{\n\"entityChainId\": \"ec1\",\n\"resourceAttributesId\": \"attr-set-2\",\n\"decision\": \"DECISION_PERMIT\"\n},\n{\n\"entityChainId\": \"ec2\",\n\"resourceAttributesId\": \"attr-set-1\",\n\"decision\": \"DECISION_PERMIT\"\n},\n{\n\"entityChainId\": \"ec2\",\n\"resourceAttributesId\": \"attr-set-2\",\n\"decision\": \"DECISION_DENY\"\n}",
"title": "Example response for a Decision Request - Do Bob (represented by entity chain ec1)\nand Alice (represented by entity chain ec2) have TRANSMIT authorization for\n2 resources; resource1 (attr-set-1) defined by attributes foo:bar resource2 (attr-set-2) defined by attribute foo:bar, color:red ?"
},
+ "authorizationDecisionResponseDecision": {
+ "type": "string",
+ "enum": [
+ "DECISION_UNSPECIFIED",
+ "DECISION_DENY",
+ "DECISION_PERMIT"
+ ],
+ "default": "DECISION_UNSPECIFIED"
+ },
"authorizationEntity": {
"type": "object",
"properties": {
@@ -221,11 +212,20 @@
"type": "string"
},
"category": {
- "$ref": "#/definitions/EntityCategory"
+ "$ref": "#/definitions/authorizationEntityCategory"
}
},
"title": "PE (Person Entity) or NPE (Non-Person Entity)"
},
+ "authorizationEntityCategory": {
+ "type": "string",
+ "enum": [
+ "CATEGORY_UNSPECIFIED",
+ "CATEGORY_SUBJECT",
+ "CATEGORY_ENVIRONMENT"
+ ],
+ "default": "CATEGORY_UNSPECIFIED"
+ },
"authorizationEntityChain": {
"type": "object",
"properties": {
diff --git a/docs/openapi/authorization/v2/authorization.swagger.json b/docs/openapi/authorization/v2/authorization.swagger.json
new file mode 100644
index 0000000000..a1e5daaac9
--- /dev/null
+++ b/docs/openapi/authorization/v2/authorization.swagger.json
@@ -0,0 +1,341 @@
+{
+ "swagger": "2.0",
+ "info": {
+ "title": "authorization/v2/authorization.proto",
+ "version": "version not set"
+ },
+ "tags": [
+ {
+ "name": "AuthorizationService"
+ }
+ ],
+ "consumes": [
+ "application/json"
+ ],
+ "produces": [
+ "application/json"
+ ],
+ "paths": {},
+ "definitions": {
+ "ActionStandardAction": {
+ "type": "string",
+ "enum": [
+ "STANDARD_ACTION_UNSPECIFIED",
+ "STANDARD_ACTION_DECRYPT",
+ "STANDARD_ACTION_TRANSMIT"
+ ],
+ "default": "STANDARD_ACTION_UNSPECIFIED",
+ "title": "- STANDARD_ACTION_DECRYPT: Deprecated\nMigrate to 'read' action name\n - STANDARD_ACTION_TRANSMIT: Deprecated\nMigrate to 'create' action name"
+ },
+ "EntityEntitlementsActionsList": {
+ "type": "object",
+ "properties": {
+ "actions": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "$ref": "#/definitions/policyAction"
+ }
+ }
+ }
+ },
+ "ResourceAttributeValues": {
+ "type": "object",
+ "properties": {
+ "fqns": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
+ },
+ "authorizationv2Decision": {
+ "type": "string",
+ "enum": [
+ "DECISION_UNSPECIFIED",
+ "DECISION_DENY",
+ "DECISION_PERMIT"
+ ],
+ "default": "DECISION_UNSPECIFIED",
+ "title": "- DECISION_PERMIT: DECISION_OBLIGATED = 3;"
+ },
+ "authorizationv2EntityEntitlements": {
+ "type": "object",
+ "properties": {
+ "ephemeralId": {
+ "type": "string",
+ "title": "ephemeral id for tracking between request and response"
+ },
+ "actionsPerAttributeValueFqn": {
+ "type": "object",
+ "additionalProperties": {
+ "$ref": "#/definitions/EntityEntitlementsActionsList"
+ }
+ }
+ },
+ "title": "Entitlements for a given entity, mapping each attribute value FQN to any entitled actions[]"
+ },
+ "authorizationv2GetEntitlementsResponse": {
+ "type": "object",
+ "properties": {
+ "entitlements": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "$ref": "#/definitions/authorizationv2EntityEntitlements"
+ }
+ }
+ }
+ },
+ "commonMetadata": {
+ "type": "object",
+ "properties": {
+ "createdAt": {
+ "type": "string",
+ "format": "date-time",
+ "title": "created_at set by server (entity who created will recorded in an audit event)"
+ },
+ "updatedAt": {
+ "type": "string",
+ "format": "date-time",
+ "title": "updated_at set by server (entity who updated will recorded in an audit event)"
+ },
+ "labels": {
+ "type": "object",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "title": "optional short description"
+ }
+ },
+ "title": "Struct to uniquely identify a resource with optional additional metadata"
+ },
+ "entityEntity": {
+ "type": "object",
+ "properties": {
+ "ephemeralId": {
+ "type": "string",
+ "title": "ephemeral id for tracking between request and response"
+ },
+ "emailAddress": {
+ "type": "string"
+ },
+ "userName": {
+ "type": "string"
+ },
+ "claims": {
+ "$ref": "#/definitions/protobufAny",
+ "title": "used by ERS claims mode"
+ },
+ "clientId": {
+ "type": "string"
+ },
+ "category": {
+ "$ref": "#/definitions/entityEntityCategory"
+ }
+ },
+ "title": "PE (Person Entity) or NPE (Non-Person Entity)"
+ },
+ "entityEntityCategory": {
+ "type": "string",
+ "enum": [
+ "CATEGORY_UNSPECIFIED",
+ "CATEGORY_SUBJECT",
+ "CATEGORY_ENVIRONMENT"
+ ],
+ "default": "CATEGORY_UNSPECIFIED"
+ },
+ "entityEntityChain": {
+ "type": "object",
+ "properties": {
+ "ephemeralId": {
+ "type": "string",
+ "title": "ephemeral id for tracking between request and response"
+ },
+ "entities": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "$ref": "#/definitions/entityEntity"
+ }
+ }
+ },
+ "title": "A set of related PE and NPE"
+ },
+ "entityToken": {
+ "type": "object",
+ "properties": {
+ "ephemeralId": {
+ "type": "string",
+ "title": "ephemeral id for tracking between request and response"
+ },
+ "jwt": {
+ "type": "string",
+ "title": "the token"
+ }
+ }
+ },
+ "policyAction": {
+ "type": "object",
+ "properties": {
+ "id": {
+ "type": "string",
+ "title": "Generated uuid in database"
+ },
+ "standard": {
+ "$ref": "#/definitions/ActionStandardAction",
+ "title": "Deprecated"
+ },
+ "custom": {
+ "type": "string",
+ "title": "Deprecated"
+ },
+ "name": {
+ "type": "string"
+ },
+ "metadata": {
+ "$ref": "#/definitions/commonMetadata"
+ }
+ },
+ "title": "An action an entity can take"
+ },
+ "protobufAny": {
+ "type": "object",
+ "properties": {
+ "@type": {
+ "type": "string",
+ "description": "A URL/resource name that uniquely identifies the type of the serialized\nprotocol buffer message. This string must contain at least\none \"/\" character. The last segment of the URL's path must represent\nthe fully qualified name of the type (as in\n`path/google.protobuf.Duration`). The name should be in a canonical form\n(e.g., leading \".\" is not accepted).\n\nIn practice, teams usually precompile into the binary all types that they\nexpect it to use in the context of Any. However, for URLs which use the\nscheme `http`, `https`, or no scheme, one can optionally set up a type\nserver that maps type URLs to message definitions as follows:\n\n* If no scheme is provided, `https` is assumed.\n* An HTTP GET on the URL must yield a [google.protobuf.Type][]\n value in binary format, or produce an error.\n* Applications are allowed to cache lookup results based on the\n URL, or have them precompiled into a binary to avoid any\n lookup. Therefore, binary compatibility needs to be preserved\n on changes to types. (Use versioned type names to manage\n breaking changes.)\n\nNote: this functionality is not currently available in the official\nprotobuf release, and it is not used for type URLs beginning with\ntype.googleapis.com. As of May 2023, there are no widely used type server\nimplementations and no plans to implement one.\n\nSchemes other than `http`, `https` (or the empty scheme) might be\nused with implementation specific semantics."
+ }
+ },
+ "additionalProperties": {},
+ "description": "`Any` contains an arbitrary serialized protocol buffer message along with a\nURL that describes the type of the serialized message.\n\nProtobuf library provides support to pack/unpack Any values in the form\nof utility functions or additional generated methods of the Any type.\n\nExample 1: Pack and unpack a message in C++.\n\n Foo foo = ...;\n Any any;\n any.PackFrom(foo);\n ...\n if (any.UnpackTo(\u0026foo)) {\n ...\n }\n\nExample 2: Pack and unpack a message in Java.\n\n Foo foo = ...;\n Any any = Any.pack(foo);\n ...\n if (any.is(Foo.class)) {\n foo = any.unpack(Foo.class);\n }\n // or ...\n if (any.isSameTypeAs(Foo.getDefaultInstance())) {\n foo = any.unpack(Foo.getDefaultInstance());\n }\n\n Example 3: Pack and unpack a message in Python.\n\n foo = Foo(...)\n any = Any()\n any.Pack(foo)\n ...\n if any.Is(Foo.DESCRIPTOR):\n any.Unpack(foo)\n ...\n\n Example 4: Pack and unpack a message in Go\n\n foo := \u0026pb.Foo{...}\n any, err := anypb.New(foo)\n if err != nil {\n ...\n }\n ...\n foo := \u0026pb.Foo{}\n if err := any.UnmarshalTo(foo); err != nil {\n ...\n }\n\nThe pack methods provided by protobuf library will by default use\n'type.googleapis.com/full.type.name' as the type URL and the unpack\nmethods only use the fully qualified type name after the last '/'\nin the type URL, for example \"foo.bar.com/x/y.z\" will yield type\nname \"y.z\".\n\nJSON\n====\nThe JSON representation of an `Any` value uses the regular\nrepresentation of the deserialized, embedded message, with an\nadditional field `@type` which contains the type URL. Example:\n\n package google.profile;\n message Person {\n string first_name = 1;\n string last_name = 2;\n }\n\n {\n \"@type\": \"type.googleapis.com/google.profile.Person\",\n \"firstName\": \u003cstring\u003e,\n \"lastName\": \u003cstring\u003e\n }\n\nIf the embedded message type is well-known and has a custom JSON\nrepresentation, that representation will be embedded adding a field\n`value` which holds the custom JSON in addition to the `@type`\nfield. Example (for message [google.protobuf.Duration][]):\n\n {\n \"@type\": \"type.googleapis.com/google.protobuf.Duration\",\n \"value\": \"1.212s\"\n }"
+ },
+ "rpcStatus": {
+ "type": "object",
+ "properties": {
+ "code": {
+ "type": "integer",
+ "format": "int32"
+ },
+ "message": {
+ "type": "string"
+ },
+ "details": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "$ref": "#/definitions/protobufAny"
+ }
+ }
+ }
+ },
+ "v2EntityIdentifier": {
+ "type": "object",
+ "properties": {
+ "entityChain": {
+ "$ref": "#/definitions/entityEntityChain",
+ "title": "chain of one or more entities"
+ },
+ "registeredResourceValueFqn": {
+ "type": "string",
+ "title": "fully qualified name of the registered resource value stored in platform policy, where in\nthis case the resource acts as and represents a single entity for authorization/entitlement decisioning"
+ },
+ "token": {
+ "$ref": "#/definitions/entityToken",
+ "title": "access token (JWT), which is used to create an entity chain (comprising one or more entities)"
+ }
+ },
+ "description": "The EntityIdentifier specifies the actor in an entitlement or decision request - the PE, NPE, or PE+NPE being authorized.\nThe abstraction houses the distinct entity types, PE and/or NPE combinations, or a registered resource value\nbeing treated as an entity in entitlement/authorization decisioning."
+ },
+ "v2GetDecisionBulkResponse": {
+ "type": "object",
+ "properties": {
+ "decisionResponses": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "$ref": "#/definitions/v2GetDecisionMultiResourceResponse"
+ }
+ }
+ }
+ },
+ "v2GetDecisionMultiResourceRequest": {
+ "type": "object",
+ "properties": {
+ "entityIdentifier": {
+ "$ref": "#/definitions/v2EntityIdentifier",
+ "title": "an entity must be identified for authorization decisioning"
+ },
+ "action": {
+ "$ref": "#/definitions/policyAction",
+ "title": "name on action is required"
+ },
+ "resources": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "$ref": "#/definitions/v2Resource"
+ }
+ }
+ },
+ "title": "Can the identified entity/entities access?\n1. one entity reference (actor)\n2. one action\n3. multiple resources\nNote: this is a more performant bulk request for multiple resource decisions"
+ },
+ "v2GetDecisionMultiResourceResponse": {
+ "type": "object",
+ "properties": {
+ "allPermitted": {
+ "type": "boolean",
+ "title": "convenience flag indicating global resource decisions result (permit/deny)"
+ },
+ "resourceDecisions": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "$ref": "#/definitions/v2ResourceDecision"
+ },
+ "title": "individual resource decisions"
+ }
+ }
+ },
+ "v2GetDecisionResponse": {
+ "type": "object",
+ "properties": {
+ "decision": {
+ "$ref": "#/definitions/v2ResourceDecision",
+ "description": "optional list of obligations represented in URI format\n repeated string obligations = 2;",
+ "title": "decision on the resource"
+ }
+ }
+ },
+ "v2Resource": {
+ "type": "object",
+ "properties": {
+ "ephemeralId": {
+ "type": "string",
+ "title": "ephemeral id for tracking between request and response"
+ },
+ "attributeValues": {
+ "$ref": "#/definitions/ResourceAttributeValues"
+ },
+ "registeredResourceValueFqn": {
+ "type": "string"
+ }
+ },
+ "title": "Either a set of attribute values (such as those on a TDF) or a registered resource value"
+ },
+ "v2ResourceDecision": {
+ "type": "object",
+ "properties": {
+ "ephemeralResourceId": {
+ "type": "string",
+ "title": "ephemeral id for tracking between request and response"
+ },
+ "decision": {
+ "$ref": "#/definitions/authorizationv2Decision",
+ "title": "decision result"
+ }
+ }
+ }
+ }
+}
diff --git a/docs/openapi/entity/entity.swagger.json b/docs/openapi/entity/entity.swagger.json
new file mode 100644
index 0000000000..3256109c9a
--- /dev/null
+++ b/docs/openapi/entity/entity.swagger.json
@@ -0,0 +1,46 @@
+{
+ "swagger": "2.0",
+ "info": {
+ "title": "entity/entity.proto",
+ "version": "version not set"
+ },
+ "consumes": [
+ "application/json"
+ ],
+ "produces": [
+ "application/json"
+ ],
+ "paths": {},
+ "definitions": {
+ "protobufAny": {
+ "type": "object",
+ "properties": {
+ "@type": {
+ "type": "string",
+ "description": "A URL/resource name that uniquely identifies the type of the serialized\nprotocol buffer message. This string must contain at least\none \"/\" character. The last segment of the URL's path must represent\nthe fully qualified name of the type (as in\n`path/google.protobuf.Duration`). The name should be in a canonical form\n(e.g., leading \".\" is not accepted).\n\nIn practice, teams usually precompile into the binary all types that they\nexpect it to use in the context of Any. However, for URLs which use the\nscheme `http`, `https`, or no scheme, one can optionally set up a type\nserver that maps type URLs to message definitions as follows:\n\n* If no scheme is provided, `https` is assumed.\n* An HTTP GET on the URL must yield a [google.protobuf.Type][]\n value in binary format, or produce an error.\n* Applications are allowed to cache lookup results based on the\n URL, or have them precompiled into a binary to avoid any\n lookup. Therefore, binary compatibility needs to be preserved\n on changes to types. (Use versioned type names to manage\n breaking changes.)\n\nNote: this functionality is not currently available in the official\nprotobuf release, and it is not used for type URLs beginning with\ntype.googleapis.com. As of May 2023, there are no widely used type server\nimplementations and no plans to implement one.\n\nSchemes other than `http`, `https` (or the empty scheme) might be\nused with implementation specific semantics."
+ }
+ },
+ "additionalProperties": {},
+ "description": "`Any` contains an arbitrary serialized protocol buffer message along with a\nURL that describes the type of the serialized message.\n\nProtobuf library provides support to pack/unpack Any values in the form\nof utility functions or additional generated methods of the Any type.\n\nExample 1: Pack and unpack a message in C++.\n\n Foo foo = ...;\n Any any;\n any.PackFrom(foo);\n ...\n if (any.UnpackTo(\u0026foo)) {\n ...\n }\n\nExample 2: Pack and unpack a message in Java.\n\n Foo foo = ...;\n Any any = Any.pack(foo);\n ...\n if (any.is(Foo.class)) {\n foo = any.unpack(Foo.class);\n }\n // or ...\n if (any.isSameTypeAs(Foo.getDefaultInstance())) {\n foo = any.unpack(Foo.getDefaultInstance());\n }\n\n Example 3: Pack and unpack a message in Python.\n\n foo = Foo(...)\n any = Any()\n any.Pack(foo)\n ...\n if any.Is(Foo.DESCRIPTOR):\n any.Unpack(foo)\n ...\n\n Example 4: Pack and unpack a message in Go\n\n foo := \u0026pb.Foo{...}\n any, err := anypb.New(foo)\n if err != nil {\n ...\n }\n ...\n foo := \u0026pb.Foo{}\n if err := any.UnmarshalTo(foo); err != nil {\n ...\n }\n\nThe pack methods provided by protobuf library will by default use\n'type.googleapis.com/full.type.name' as the type URL and the unpack\nmethods only use the fully qualified type name after the last '/'\nin the type URL, for example \"foo.bar.com/x/y.z\" will yield type\nname \"y.z\".\n\nJSON\n====\nThe JSON representation of an `Any` value uses the regular\nrepresentation of the deserialized, embedded message, with an\nadditional field `@type` which contains the type URL. Example:\n\n package google.profile;\n message Person {\n string first_name = 1;\n string last_name = 2;\n }\n\n {\n \"@type\": \"type.googleapis.com/google.profile.Person\",\n \"firstName\": \u003cstring\u003e,\n \"lastName\": \u003cstring\u003e\n }\n\nIf the embedded message type is well-known and has a custom JSON\nrepresentation, that representation will be embedded adding a field\n`value` which holds the custom JSON in addition to the `@type`\nfield. Example (for message [google.protobuf.Duration][]):\n\n {\n \"@type\": \"type.googleapis.com/google.protobuf.Duration\",\n \"value\": \"1.212s\"\n }"
+ },
+ "rpcStatus": {
+ "type": "object",
+ "properties": {
+ "code": {
+ "type": "integer",
+ "format": "int32"
+ },
+ "message": {
+ "type": "string"
+ },
+ "details": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "$ref": "#/definitions/protobufAny"
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/docs/openapi/entityresolution/entity_resolution.swagger.json b/docs/openapi/entityresolution/entity_resolution.swagger.json
index 45cb881517..8e179b635f 100644
--- a/docs/openapi/entityresolution/entity_resolution.swagger.json
+++ b/docs/openapi/entityresolution/entity_resolution.swagger.json
@@ -82,15 +82,6 @@
}
},
"definitions": {
- "EntityCategory": {
- "type": "string",
- "enum": [
- "CATEGORY_UNSPECIFIED",
- "CATEGORY_SUBJECT",
- "CATEGORY_ENVIRONMENT"
- ],
- "default": "CATEGORY_UNSPECIFIED"
- },
"authorizationEntity": {
"type": "object",
"properties": {
@@ -121,11 +112,20 @@
"type": "string"
},
"category": {
- "$ref": "#/definitions/EntityCategory"
+ "$ref": "#/definitions/authorizationEntityCategory"
}
},
"title": "PE (Person Entity) or NPE (Non-Person Entity)"
},
+ "authorizationEntityCategory": {
+ "type": "string",
+ "enum": [
+ "CATEGORY_UNSPECIFIED",
+ "CATEGORY_SUBJECT",
+ "CATEGORY_ENVIRONMENT"
+ ],
+ "default": "CATEGORY_UNSPECIFIED"
+ },
"authorizationEntityChain": {
"type": "object",
"properties": {
diff --git a/docs/openapi/entityresolution/v2/entity_resolution.swagger.json b/docs/openapi/entityresolution/v2/entity_resolution.swagger.json
new file mode 100644
index 0000000000..8c24c517f9
--- /dev/null
+++ b/docs/openapi/entityresolution/v2/entity_resolution.swagger.json
@@ -0,0 +1,163 @@
+{
+ "swagger": "2.0",
+ "info": {
+ "title": "entityresolution/v2/entity_resolution.proto",
+ "version": "version not set"
+ },
+ "tags": [
+ {
+ "name": "EntityResolutionService"
+ }
+ ],
+ "consumes": [
+ "application/json"
+ ],
+ "produces": [
+ "application/json"
+ ],
+ "paths": {},
+ "definitions": {
+ "entityEntity": {
+ "type": "object",
+ "properties": {
+ "ephemeralId": {
+ "type": "string",
+ "title": "ephemeral id for tracking between request and response"
+ },
+ "emailAddress": {
+ "type": "string"
+ },
+ "userName": {
+ "type": "string"
+ },
+ "claims": {
+ "$ref": "#/definitions/protobufAny",
+ "title": "used by ERS claims mode"
+ },
+ "clientId": {
+ "type": "string"
+ },
+ "category": {
+ "$ref": "#/definitions/entityEntityCategory"
+ }
+ },
+ "title": "PE (Person Entity) or NPE (Non-Person Entity)"
+ },
+ "entityEntityCategory": {
+ "type": "string",
+ "enum": [
+ "CATEGORY_UNSPECIFIED",
+ "CATEGORY_SUBJECT",
+ "CATEGORY_ENVIRONMENT"
+ ],
+ "default": "CATEGORY_UNSPECIFIED"
+ },
+ "entityEntityChain": {
+ "type": "object",
+ "properties": {
+ "ephemeralId": {
+ "type": "string",
+ "title": "ephemeral id for tracking between request and response"
+ },
+ "entities": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "$ref": "#/definitions/entityEntity"
+ }
+ }
+ },
+ "title": "A set of related PE and NPE"
+ },
+ "entityToken": {
+ "type": "object",
+ "properties": {
+ "ephemeralId": {
+ "type": "string",
+ "title": "ephemeral id for tracking between request and response"
+ },
+ "jwt": {
+ "type": "string",
+ "title": "the token"
+ }
+ }
+ },
+ "entityresolutionv2EntityRepresentation": {
+ "type": "object",
+ "properties": {
+ "originalId": {
+ "type": "string",
+ "title": "ephemeral entity id from the request"
+ },
+ "additionalProps": {
+ "type": "array",
+ "items": {
+ "type": "object"
+ }
+ }
+ }
+ },
+ "entityresolutionv2ResolveEntitiesResponse": {
+ "type": "object",
+ "properties": {
+ "entityRepresentations": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "$ref": "#/definitions/entityresolutionv2EntityRepresentation"
+ }
+ }
+ }
+ },
+ "protobufAny": {
+ "type": "object",
+ "properties": {
+ "@type": {
+ "type": "string",
+ "description": "A URL/resource name that uniquely identifies the type of the serialized\nprotocol buffer message. This string must contain at least\none \"/\" character. The last segment of the URL's path must represent\nthe fully qualified name of the type (as in\n`path/google.protobuf.Duration`). The name should be in a canonical form\n(e.g., leading \".\" is not accepted).\n\nIn practice, teams usually precompile into the binary all types that they\nexpect it to use in the context of Any. However, for URLs which use the\nscheme `http`, `https`, or no scheme, one can optionally set up a type\nserver that maps type URLs to message definitions as follows:\n\n* If no scheme is provided, `https` is assumed.\n* An HTTP GET on the URL must yield a [google.protobuf.Type][]\n value in binary format, or produce an error.\n* Applications are allowed to cache lookup results based on the\n URL, or have them precompiled into a binary to avoid any\n lookup. Therefore, binary compatibility needs to be preserved\n on changes to types. (Use versioned type names to manage\n breaking changes.)\n\nNote: this functionality is not currently available in the official\nprotobuf release, and it is not used for type URLs beginning with\ntype.googleapis.com. As of May 2023, there are no widely used type server\nimplementations and no plans to implement one.\n\nSchemes other than `http`, `https` (or the empty scheme) might be\nused with implementation specific semantics."
+ }
+ },
+ "additionalProperties": {},
+ "description": "`Any` contains an arbitrary serialized protocol buffer message along with a\nURL that describes the type of the serialized message.\n\nProtobuf library provides support to pack/unpack Any values in the form\nof utility functions or additional generated methods of the Any type.\n\nExample 1: Pack and unpack a message in C++.\n\n Foo foo = ...;\n Any any;\n any.PackFrom(foo);\n ...\n if (any.UnpackTo(\u0026foo)) {\n ...\n }\n\nExample 2: Pack and unpack a message in Java.\n\n Foo foo = ...;\n Any any = Any.pack(foo);\n ...\n if (any.is(Foo.class)) {\n foo = any.unpack(Foo.class);\n }\n // or ...\n if (any.isSameTypeAs(Foo.getDefaultInstance())) {\n foo = any.unpack(Foo.getDefaultInstance());\n }\n\n Example 3: Pack and unpack a message in Python.\n\n foo = Foo(...)\n any = Any()\n any.Pack(foo)\n ...\n if any.Is(Foo.DESCRIPTOR):\n any.Unpack(foo)\n ...\n\n Example 4: Pack and unpack a message in Go\n\n foo := \u0026pb.Foo{...}\n any, err := anypb.New(foo)\n if err != nil {\n ...\n }\n ...\n foo := \u0026pb.Foo{}\n if err := any.UnmarshalTo(foo); err != nil {\n ...\n }\n\nThe pack methods provided by protobuf library will by default use\n'type.googleapis.com/full.type.name' as the type URL and the unpack\nmethods only use the fully qualified type name after the last '/'\nin the type URL, for example \"foo.bar.com/x/y.z\" will yield type\nname \"y.z\".\n\nJSON\n====\nThe JSON representation of an `Any` value uses the regular\nrepresentation of the deserialized, embedded message, with an\nadditional field `@type` which contains the type URL. Example:\n\n package google.profile;\n message Person {\n string first_name = 1;\n string last_name = 2;\n }\n\n {\n \"@type\": \"type.googleapis.com/google.profile.Person\",\n \"firstName\": \u003cstring\u003e,\n \"lastName\": \u003cstring\u003e\n }\n\nIf the embedded message type is well-known and has a custom JSON\nrepresentation, that representation will be embedded adding a field\n`value` which holds the custom JSON in addition to the `@type`\nfield. Example (for message [google.protobuf.Duration][]):\n\n {\n \"@type\": \"type.googleapis.com/google.protobuf.Duration\",\n \"value\": \"1.212s\"\n }"
+ },
+ "protobufNullValue": {
+ "type": "string",
+ "enum": [
+ "NULL_VALUE"
+ ],
+ "default": "NULL_VALUE",
+ "description": "`NullValue` is a singleton enumeration to represent the null value for the\n`Value` type union.\n\nThe JSON representation for `NullValue` is JSON `null`.\n\n - NULL_VALUE: Null value."
+ },
+ "rpcStatus": {
+ "type": "object",
+ "properties": {
+ "code": {
+ "type": "integer",
+ "format": "int32"
+ },
+ "message": {
+ "type": "string"
+ },
+ "details": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "$ref": "#/definitions/protobufAny"
+ }
+ }
+ }
+ },
+ "v2CreateEntityChainsFromTokensResponse": {
+ "type": "object",
+ "properties": {
+ "entityChains": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "$ref": "#/definitions/entityEntityChain"
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/protocol/go/authorization/v2/authorization.pb.go b/protocol/go/authorization/v2/authorization.pb.go
new file mode 100644
index 0000000000..cecabe0934
--- /dev/null
+++ b/protocol/go/authorization/v2/authorization.pb.go
@@ -0,0 +1,1437 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// protoc-gen-go v1.33.0
+// protoc (unknown)
+// source: authorization/v2/authorization.proto
+
+package authorizationv2
+
+import (
+ _ "buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate"
+ entity "github.com/opentdf/platform/protocol/go/entity"
+ policy "github.com/opentdf/platform/protocol/go/policy"
+ protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+ protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+ wrapperspb "google.golang.org/protobuf/types/known/wrapperspb"
+ reflect "reflect"
+ sync "sync"
+)
+
+const (
+ // Verify that this generated code is sufficiently up-to-date.
+ _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+ // Verify that runtime/protoimpl is sufficiently up-to-date.
+ _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type Decision int32
+
+const (
+ Decision_DECISION_UNSPECIFIED Decision = 0
+ Decision_DECISION_DENY Decision = 1
+ Decision_DECISION_PERMIT Decision = 2 // DECISION_OBLIGATED = 3;
+)
+
+// Enum value maps for Decision.
+var (
+ Decision_name = map[int32]string{
+ 0: "DECISION_UNSPECIFIED",
+ 1: "DECISION_DENY",
+ 2: "DECISION_PERMIT",
+ }
+ Decision_value = map[string]int32{
+ "DECISION_UNSPECIFIED": 0,
+ "DECISION_DENY": 1,
+ "DECISION_PERMIT": 2,
+ }
+)
+
+func (x Decision) Enum() *Decision {
+ p := new(Decision)
+ *p = x
+ return p
+}
+
+func (x Decision) String() string {
+ return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (Decision) Descriptor() protoreflect.EnumDescriptor {
+ return file_authorization_v2_authorization_proto_enumTypes[0].Descriptor()
+}
+
+func (Decision) Type() protoreflect.EnumType {
+ return &file_authorization_v2_authorization_proto_enumTypes[0]
+}
+
+func (x Decision) Number() protoreflect.EnumNumber {
+ return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use Decision.Descriptor instead.
+func (Decision) EnumDescriptor() ([]byte, []int) {
+ return file_authorization_v2_authorization_proto_rawDescGZIP(), []int{0}
+}
+
+// The EntityIdentifier specifies the actor in an entitlement or decision request - the PE, NPE, or PE+NPE being authorized.
+// The abstraction houses the distinct entity types, PE and/or NPE combinations, or a registered resource value
+// being treated as an entity in entitlement/authorization decisioning.
+type EntityIdentifier struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // Types that are assignable to Identifier:
+ //
+ // *EntityIdentifier_EntityChain
+ // *EntityIdentifier_RegisteredResourceValueFqn
+ // *EntityIdentifier_Token
+ Identifier isEntityIdentifier_Identifier `protobuf_oneof:"identifier"`
+}
+
+func (x *EntityIdentifier) Reset() {
+ *x = EntityIdentifier{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[0]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *EntityIdentifier) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EntityIdentifier) ProtoMessage() {}
+
+func (x *EntityIdentifier) ProtoReflect() protoreflect.Message {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[0]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use EntityIdentifier.ProtoReflect.Descriptor instead.
+func (*EntityIdentifier) Descriptor() ([]byte, []int) {
+ return file_authorization_v2_authorization_proto_rawDescGZIP(), []int{0}
+}
+
+func (m *EntityIdentifier) GetIdentifier() isEntityIdentifier_Identifier {
+ if m != nil {
+ return m.Identifier
+ }
+ return nil
+}
+
+func (x *EntityIdentifier) GetEntityChain() *entity.EntityChain {
+ if x, ok := x.GetIdentifier().(*EntityIdentifier_EntityChain); ok {
+ return x.EntityChain
+ }
+ return nil
+}
+
+func (x *EntityIdentifier) GetRegisteredResourceValueFqn() string {
+ if x, ok := x.GetIdentifier().(*EntityIdentifier_RegisteredResourceValueFqn); ok {
+ return x.RegisteredResourceValueFqn
+ }
+ return ""
+}
+
+func (x *EntityIdentifier) GetToken() *entity.Token {
+ if x, ok := x.GetIdentifier().(*EntityIdentifier_Token); ok {
+ return x.Token
+ }
+ return nil
+}
+
+type isEntityIdentifier_Identifier interface {
+ isEntityIdentifier_Identifier()
+}
+
+type EntityIdentifier_EntityChain struct {
+ // chain of one or more entities
+ EntityChain *entity.EntityChain `protobuf:"bytes,1,opt,name=entity_chain,json=entityChain,proto3,oneof"`
+}
+
+type EntityIdentifier_RegisteredResourceValueFqn struct {
+ // fully qualified name of the registered resource value stored in platform policy, where in
+ // this case the resource acts as and represents a single entity for authorization/entitlement decisioning
+ RegisteredResourceValueFqn string `protobuf:"bytes,2,opt,name=registered_resource_value_fqn,json=registeredResourceValueFqn,proto3,oneof"`
+}
+
+type EntityIdentifier_Token struct {
+ // access token (JWT), which is used to create an entity chain (comprising one or more entities)
+ Token *entity.Token `protobuf:"bytes,3,opt,name=token,proto3,oneof"`
+}
+
+func (*EntityIdentifier_EntityChain) isEntityIdentifier_Identifier() {}
+
+func (*EntityIdentifier_RegisteredResourceValueFqn) isEntityIdentifier_Identifier() {}
+
+func (*EntityIdentifier_Token) isEntityIdentifier_Identifier() {}
+
+// Entitlements for a given entity, mapping each attribute value FQN to any entitled actions[]
+type EntityEntitlements struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // ephemeral id for tracking between request and response
+ EphemeralId string `protobuf:"bytes,1,opt,name=ephemeral_id,json=ephemeralId,proto3" json:"ephemeral_id,omitempty"`
+ ActionsPerAttributeValueFqn map[string]*EntityEntitlements_ActionsList `protobuf:"bytes,2,rep,name=actions_per_attribute_value_fqn,json=actionsPerAttributeValueFqn,proto3" json:"actions_per_attribute_value_fqn,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+}
+
+func (x *EntityEntitlements) Reset() {
+ *x = EntityEntitlements{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[1]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *EntityEntitlements) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EntityEntitlements) ProtoMessage() {}
+
+func (x *EntityEntitlements) ProtoReflect() protoreflect.Message {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[1]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use EntityEntitlements.ProtoReflect.Descriptor instead.
+func (*EntityEntitlements) Descriptor() ([]byte, []int) {
+ return file_authorization_v2_authorization_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *EntityEntitlements) GetEphemeralId() string {
+ if x != nil {
+ return x.EphemeralId
+ }
+ return ""
+}
+
+func (x *EntityEntitlements) GetActionsPerAttributeValueFqn() map[string]*EntityEntitlements_ActionsList {
+ if x != nil {
+ return x.ActionsPerAttributeValueFqn
+ }
+ return nil
+}
+
+// Either a set of attribute values (such as those on a TDF) or a registered resource value
+type Resource struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // ephemeral id for tracking between request and response
+ EphemeralId string `protobuf:"bytes,1,opt,name=ephemeral_id,json=ephemeralId,proto3" json:"ephemeral_id,omitempty"`
+ // Types that are assignable to Resource:
+ //
+ // *Resource_AttributeValues_
+ // *Resource_RegisteredResourceValueFqn
+ Resource isResource_Resource `protobuf_oneof:"resource"`
+}
+
+func (x *Resource) Reset() {
+ *x = Resource{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[2]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *Resource) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Resource) ProtoMessage() {}
+
+func (x *Resource) ProtoReflect() protoreflect.Message {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[2]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use Resource.ProtoReflect.Descriptor instead.
+func (*Resource) Descriptor() ([]byte, []int) {
+ return file_authorization_v2_authorization_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *Resource) GetEphemeralId() string {
+ if x != nil {
+ return x.EphemeralId
+ }
+ return ""
+}
+
+func (m *Resource) GetResource() isResource_Resource {
+ if m != nil {
+ return m.Resource
+ }
+ return nil
+}
+
+func (x *Resource) GetAttributeValues() *Resource_AttributeValues {
+ if x, ok := x.GetResource().(*Resource_AttributeValues_); ok {
+ return x.AttributeValues
+ }
+ return nil
+}
+
+func (x *Resource) GetRegisteredResourceValueFqn() string {
+ if x, ok := x.GetResource().(*Resource_RegisteredResourceValueFqn); ok {
+ return x.RegisteredResourceValueFqn
+ }
+ return ""
+}
+
+type isResource_Resource interface {
+ isResource_Resource()
+}
+
+type Resource_AttributeValues_ struct {
+ AttributeValues *Resource_AttributeValues `protobuf:"bytes,2,opt,name=attribute_values,json=attributeValues,proto3,oneof"`
+}
+
+type Resource_RegisteredResourceValueFqn struct {
+ RegisteredResourceValueFqn string `protobuf:"bytes,3,opt,name=registered_resource_value_fqn,json=registeredResourceValueFqn,proto3,oneof"`
+}
+
+func (*Resource_AttributeValues_) isResource_Resource() {}
+
+func (*Resource_RegisteredResourceValueFqn) isResource_Resource() {}
+
+type ResourceDecision struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // ephemeral id for tracking between request and response
+ EphemeralResourceId string `protobuf:"bytes,1,opt,name=ephemeral_resource_id,json=ephemeralResourceId,proto3" json:"ephemeral_resource_id,omitempty"`
+ // decision result
+ Decision Decision `protobuf:"varint,2,opt,name=decision,proto3,enum=authorization.v2.Decision" json:"decision,omitempty"`
+}
+
+func (x *ResourceDecision) Reset() {
+ *x = ResourceDecision{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[3]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *ResourceDecision) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResourceDecision) ProtoMessage() {}
+
+func (x *ResourceDecision) ProtoReflect() protoreflect.Message {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[3]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResourceDecision.ProtoReflect.Descriptor instead.
+func (*ResourceDecision) Descriptor() ([]byte, []int) {
+ return file_authorization_v2_authorization_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *ResourceDecision) GetEphemeralResourceId() string {
+ if x != nil {
+ return x.EphemeralResourceId
+ }
+ return ""
+}
+
+func (x *ResourceDecision) GetDecision() Decision {
+ if x != nil {
+ return x.Decision
+ }
+ return Decision_DECISION_UNSPECIFIED
+}
+
+// Can the identified entity/entities access?
+// 1. one entity reference (actor)
+// 2. one action
+// 3. one resource
+type GetDecisionRequest struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // an entity must be identified for authorization decisioning
+ EntityIdentifier *EntityIdentifier `protobuf:"bytes,1,opt,name=entity_identifier,json=entityIdentifier,proto3" json:"entity_identifier,omitempty"`
+ // name on action is required
+ Action *policy.Action `protobuf:"bytes,2,opt,name=action,proto3" json:"action,omitempty"`
+ Resource *Resource `protobuf:"bytes,3,opt,name=resource,proto3" json:"resource,omitempty"`
+}
+
+func (x *GetDecisionRequest) Reset() {
+ *x = GetDecisionRequest{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[4]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *GetDecisionRequest) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetDecisionRequest) ProtoMessage() {}
+
+func (x *GetDecisionRequest) ProtoReflect() protoreflect.Message {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[4]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetDecisionRequest.ProtoReflect.Descriptor instead.
+func (*GetDecisionRequest) Descriptor() ([]byte, []int) {
+ return file_authorization_v2_authorization_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *GetDecisionRequest) GetEntityIdentifier() *EntityIdentifier {
+ if x != nil {
+ return x.EntityIdentifier
+ }
+ return nil
+}
+
+func (x *GetDecisionRequest) GetAction() *policy.Action {
+ if x != nil {
+ return x.Action
+ }
+ return nil
+}
+
+func (x *GetDecisionRequest) GetResource() *Resource {
+ if x != nil {
+ return x.Resource
+ }
+ return nil
+}
+
+type GetDecisionResponse struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // decision on the resource
+ Decision *ResourceDecision `protobuf:"bytes,1,opt,name=decision,proto3" json:"decision,omitempty"`
+}
+
+func (x *GetDecisionResponse) Reset() {
+ *x = GetDecisionResponse{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[5]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *GetDecisionResponse) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetDecisionResponse) ProtoMessage() {}
+
+func (x *GetDecisionResponse) ProtoReflect() protoreflect.Message {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[5]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetDecisionResponse.ProtoReflect.Descriptor instead.
+func (*GetDecisionResponse) Descriptor() ([]byte, []int) {
+ return file_authorization_v2_authorization_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *GetDecisionResponse) GetDecision() *ResourceDecision {
+ if x != nil {
+ return x.Decision
+ }
+ return nil
+}
+
+// Can the identified entity/entities access?
+// 1. one entity reference (actor)
+// 2. one action
+// 3. multiple resources
+// Note: this is a more performant bulk request for multiple resource decisions
+type GetDecisionMultiResourceRequest struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // an entity must be identified for authorization decisioning
+ EntityIdentifier *EntityIdentifier `protobuf:"bytes,1,opt,name=entity_identifier,json=entityIdentifier,proto3" json:"entity_identifier,omitempty"`
+ // name on action is required
+ Action *policy.Action `protobuf:"bytes,2,opt,name=action,proto3" json:"action,omitempty"`
+ Resources []*Resource `protobuf:"bytes,3,rep,name=resources,proto3" json:"resources,omitempty"`
+}
+
+func (x *GetDecisionMultiResourceRequest) Reset() {
+ *x = GetDecisionMultiResourceRequest{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[6]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *GetDecisionMultiResourceRequest) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetDecisionMultiResourceRequest) ProtoMessage() {}
+
+func (x *GetDecisionMultiResourceRequest) ProtoReflect() protoreflect.Message {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[6]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetDecisionMultiResourceRequest.ProtoReflect.Descriptor instead.
+func (*GetDecisionMultiResourceRequest) Descriptor() ([]byte, []int) {
+ return file_authorization_v2_authorization_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *GetDecisionMultiResourceRequest) GetEntityIdentifier() *EntityIdentifier {
+ if x != nil {
+ return x.EntityIdentifier
+ }
+ return nil
+}
+
+func (x *GetDecisionMultiResourceRequest) GetAction() *policy.Action {
+ if x != nil {
+ return x.Action
+ }
+ return nil
+}
+
+func (x *GetDecisionMultiResourceRequest) GetResources() []*Resource {
+ if x != nil {
+ return x.Resources
+ }
+ return nil
+}
+
+type GetDecisionMultiResourceResponse struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // convenience flag indicating global resource decisions result (permit/deny)
+ AllPermitted *wrapperspb.BoolValue `protobuf:"bytes,1,opt,name=all_permitted,json=allPermitted,proto3" json:"all_permitted,omitempty"`
+ // individual resource decisions
+ ResourceDecisions []*ResourceDecision `protobuf:"bytes,2,rep,name=resource_decisions,json=resourceDecisions,proto3" json:"resource_decisions,omitempty"`
+}
+
+func (x *GetDecisionMultiResourceResponse) Reset() {
+ *x = GetDecisionMultiResourceResponse{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[7]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *GetDecisionMultiResourceResponse) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetDecisionMultiResourceResponse) ProtoMessage() {}
+
+func (x *GetDecisionMultiResourceResponse) ProtoReflect() protoreflect.Message {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[7]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetDecisionMultiResourceResponse.ProtoReflect.Descriptor instead.
+func (*GetDecisionMultiResourceResponse) Descriptor() ([]byte, []int) {
+ return file_authorization_v2_authorization_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *GetDecisionMultiResourceResponse) GetAllPermitted() *wrapperspb.BoolValue {
+ if x != nil {
+ return x.AllPermitted
+ }
+ return nil
+}
+
+func (x *GetDecisionMultiResourceResponse) GetResourceDecisions() []*ResourceDecision {
+ if x != nil {
+ return x.ResourceDecisions
+ }
+ return nil
+}
+
+// Is access allowed?
+// 1. Multiplexing of a Decision request
+// This is a more performant bulk request for complex decisioning (i.e. multiple entity chains or actions on
+// multiple resources)
+type GetDecisionBulkRequest struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ DecisionRequests []*GetDecisionMultiResourceRequest `protobuf:"bytes,1,rep,name=decision_requests,json=decisionRequests,proto3" json:"decision_requests,omitempty"`
+}
+
+func (x *GetDecisionBulkRequest) Reset() {
+ *x = GetDecisionBulkRequest{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[8]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *GetDecisionBulkRequest) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetDecisionBulkRequest) ProtoMessage() {}
+
+func (x *GetDecisionBulkRequest) ProtoReflect() protoreflect.Message {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[8]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetDecisionBulkRequest.ProtoReflect.Descriptor instead.
+func (*GetDecisionBulkRequest) Descriptor() ([]byte, []int) {
+ return file_authorization_v2_authorization_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *GetDecisionBulkRequest) GetDecisionRequests() []*GetDecisionMultiResourceRequest {
+ if x != nil {
+ return x.DecisionRequests
+ }
+ return nil
+}
+
+type GetDecisionBulkResponse struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ DecisionResponses []*GetDecisionMultiResourceResponse `protobuf:"bytes,1,rep,name=decision_responses,json=decisionResponses,proto3" json:"decision_responses,omitempty"`
+}
+
+func (x *GetDecisionBulkResponse) Reset() {
+ *x = GetDecisionBulkResponse{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[9]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *GetDecisionBulkResponse) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetDecisionBulkResponse) ProtoMessage() {}
+
+func (x *GetDecisionBulkResponse) ProtoReflect() protoreflect.Message {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[9]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetDecisionBulkResponse.ProtoReflect.Descriptor instead.
+func (*GetDecisionBulkResponse) Descriptor() ([]byte, []int) {
+ return file_authorization_v2_authorization_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *GetDecisionBulkResponse) GetDecisionResponses() []*GetDecisionMultiResourceResponse {
+ if x != nil {
+ return x.DecisionResponses
+ }
+ return nil
+}
+
+// What is permitted to the identified entity/entities (actor), broken down as permitted actions on attribute value FQNs?
+//
+// Note: the v1 API parameter 'scope' has been dropped, and it is recommended to use
+// GetDecision if the resource is known
+type GetEntitlementsRequest struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // an entity must be identified for entitlement decisioning
+ EntityIdentifier *EntityIdentifier `protobuf:"bytes,1,opt,name=entity_identifier,json=entityIdentifier,proto3" json:"entity_identifier,omitempty"`
+ // optional parameter to return all entitled values for attribute definitions with hierarchy rules, propagating
+ // down the hierarchical values instead of returning solely the value that is directly entitled
+ WithComprehensiveHierarchy *bool `protobuf:"varint,2,opt,name=with_comprehensive_hierarchy,json=withComprehensiveHierarchy,proto3,oneof" json:"with_comprehensive_hierarchy,omitempty"`
+}
+
+func (x *GetEntitlementsRequest) Reset() {
+ *x = GetEntitlementsRequest{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[10]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *GetEntitlementsRequest) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetEntitlementsRequest) ProtoMessage() {}
+
+func (x *GetEntitlementsRequest) ProtoReflect() protoreflect.Message {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[10]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetEntitlementsRequest.ProtoReflect.Descriptor instead.
+func (*GetEntitlementsRequest) Descriptor() ([]byte, []int) {
+ return file_authorization_v2_authorization_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *GetEntitlementsRequest) GetEntityIdentifier() *EntityIdentifier {
+ if x != nil {
+ return x.EntityIdentifier
+ }
+ return nil
+}
+
+func (x *GetEntitlementsRequest) GetWithComprehensiveHierarchy() bool {
+ if x != nil && x.WithComprehensiveHierarchy != nil {
+ return *x.WithComprehensiveHierarchy
+ }
+ return false
+}
+
+type GetEntitlementsResponse struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ Entitlements []*EntityEntitlements `protobuf:"bytes,1,rep,name=entitlements,proto3" json:"entitlements,omitempty"`
+}
+
+func (x *GetEntitlementsResponse) Reset() {
+ *x = GetEntitlementsResponse{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[11]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *GetEntitlementsResponse) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetEntitlementsResponse) ProtoMessage() {}
+
+func (x *GetEntitlementsResponse) ProtoReflect() protoreflect.Message {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[11]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetEntitlementsResponse.ProtoReflect.Descriptor instead.
+func (*GetEntitlementsResponse) Descriptor() ([]byte, []int) {
+ return file_authorization_v2_authorization_proto_rawDescGZIP(), []int{11}
+}
+
+func (x *GetEntitlementsResponse) GetEntitlements() []*EntityEntitlements {
+ if x != nil {
+ return x.Entitlements
+ }
+ return nil
+}
+
+type EntityEntitlements_ActionsList struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ Actions []*policy.Action `protobuf:"bytes,1,rep,name=actions,proto3" json:"actions,omitempty"`
+}
+
+func (x *EntityEntitlements_ActionsList) Reset() {
+ *x = EntityEntitlements_ActionsList{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[12]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *EntityEntitlements_ActionsList) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EntityEntitlements_ActionsList) ProtoMessage() {}
+
+func (x *EntityEntitlements_ActionsList) ProtoReflect() protoreflect.Message {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[12]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use EntityEntitlements_ActionsList.ProtoReflect.Descriptor instead.
+func (*EntityEntitlements_ActionsList) Descriptor() ([]byte, []int) {
+ return file_authorization_v2_authorization_proto_rawDescGZIP(), []int{1, 0}
+}
+
+func (x *EntityEntitlements_ActionsList) GetActions() []*policy.Action {
+ if x != nil {
+ return x.Actions
+ }
+ return nil
+}
+
+type Resource_AttributeValues struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ Fqns []string `protobuf:"bytes,1,rep,name=fqns,proto3" json:"fqns,omitempty"`
+}
+
+func (x *Resource_AttributeValues) Reset() {
+ *x = Resource_AttributeValues{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[14]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *Resource_AttributeValues) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Resource_AttributeValues) ProtoMessage() {}
+
+func (x *Resource_AttributeValues) ProtoReflect() protoreflect.Message {
+ mi := &file_authorization_v2_authorization_proto_msgTypes[14]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use Resource_AttributeValues.ProtoReflect.Descriptor instead.
+func (*Resource_AttributeValues) Descriptor() ([]byte, []int) {
+ return file_authorization_v2_authorization_proto_rawDescGZIP(), []int{2, 0}
+}
+
+func (x *Resource_AttributeValues) GetFqns() []string {
+ if x != nil {
+ return x.Fqns
+ }
+ return nil
+}
+
+var File_authorization_v2_authorization_proto protoreflect.FileDescriptor
+
+var file_authorization_v2_authorization_proto_rawDesc = []byte{
+ 0x0a, 0x24, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f,
+ 0x76, 0x32, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+ 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x10, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
+ 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x32, 0x1a, 0x1b, 0x62, 0x75, 0x66, 0x2f, 0x76, 0x61,
+ 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2e,
+ 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x13, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2f, 0x65, 0x6e,
+ 0x74, 0x69, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67,
+ 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70,
+ 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x14, 0x70, 0x6f, 0x6c, 0x69,
+ 0x63, 0x79, 0x2f, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+ 0x22, 0x9a, 0x03, 0x0a, 0x10, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x49, 0x64, 0x65, 0x6e, 0x74,
+ 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0xa2, 0x01, 0x0a, 0x0c, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79,
+ 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x65,
+ 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x43, 0x68, 0x61, 0x69,
+ 0x6e, 0x42, 0x68, 0xba, 0x48, 0x65, 0xba, 0x01, 0x62, 0x0a, 0x15, 0x65, 0x6e, 0x74, 0x69, 0x74,
+ 0x79, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64,
+ 0x12, 0x19, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x69, 0x65, 0x73, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20,
+ 0x62, 0x65, 0x20, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x64, 0x1a, 0x2e, 0x68, 0x61, 0x73,
+ 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x69, 0x65, 0x73, 0x29, 0x20,
+ 0x26, 0x26, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x69, 0x65, 0x73,
+ 0x2e, 0x73, 0x69, 0x7a, 0x65, 0x28, 0x29, 0x20, 0x3e, 0x20, 0x30, 0x48, 0x00, 0x52, 0x0b, 0x65,
+ 0x6e, 0x74, 0x69, 0x74, 0x79, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x12, 0x4f, 0x0a, 0x1d, 0x72, 0x65,
+ 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
+ 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x66, 0x71, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28,
+ 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0x72, 0x05, 0x10, 0x01, 0x88, 0x01, 0x01, 0x48, 0x00, 0x52,
+ 0x1a, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75,
+ 0x72, 0x63, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x46, 0x71, 0x6e, 0x12, 0x7b, 0x0a, 0x05, 0x74,
+ 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x65, 0x6e, 0x74,
+ 0x69, 0x74, 0x79, 0x2e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x42, 0x54, 0xba, 0x48, 0x51, 0xba, 0x01,
+ 0x4e, 0x0a, 0x0e, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65,
+ 0x64, 0x12, 0x16, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65,
+ 0x20, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x64, 0x1a, 0x24, 0x68, 0x61, 0x73, 0x28, 0x74,
+ 0x68, 0x69, 0x73, 0x2e, 0x6a, 0x77, 0x74, 0x29, 0x20, 0x26, 0x26, 0x20, 0x74, 0x68, 0x69, 0x73,
+ 0x2e, 0x6a, 0x77, 0x74, 0x2e, 0x73, 0x69, 0x7a, 0x65, 0x28, 0x29, 0x20, 0x3e, 0x20, 0x30, 0x48,
+ 0x00, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x42, 0x13, 0x0a, 0x0a, 0x69, 0x64, 0x65, 0x6e,
+ 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x05, 0xba, 0x48, 0x02, 0x08, 0x01, 0x22, 0x81, 0x03,
+ 0x0a, 0x12, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x6d,
+ 0x65, 0x6e, 0x74, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x65, 0x70, 0x68, 0x65, 0x6d, 0x65, 0x72, 0x61,
+ 0x6c, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x65, 0x70, 0x68, 0x65,
+ 0x6d, 0x65, 0x72, 0x61, 0x6c, 0x49, 0x64, 0x12, 0x8b, 0x01, 0x0a, 0x1f, 0x61, 0x63, 0x74, 0x69,
+ 0x6f, 0x6e, 0x73, 0x5f, 0x70, 0x65, 0x72, 0x5f, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74,
+ 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x66, 0x71, 0x6e, 0x18, 0x02, 0x20, 0x03, 0x28,
+ 0x0b, 0x32, 0x45, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f,
+ 0x6e, 0x2e, 0x76, 0x32, 0x2e, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x45, 0x6e, 0x74, 0x69, 0x74,
+ 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x50,
+ 0x65, 0x72, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65,
+ 0x46, 0x71, 0x6e, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x1b, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+ 0x73, 0x50, 0x65, 0x72, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c,
+ 0x75, 0x65, 0x46, 0x71, 0x6e, 0x1a, 0x37, 0x0a, 0x0b, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+ 0x4c, 0x69, 0x73, 0x74, 0x12, 0x28, 0x0a, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18,
+ 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x41,
+ 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x80,
+ 0x01, 0x0a, 0x20, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x50, 0x65, 0x72, 0x41, 0x74, 0x74,
+ 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x46, 0x71, 0x6e, 0x45, 0x6e,
+ 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+ 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x46, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02,
+ 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61,
+ 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x32, 0x2e, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x45, 0x6e,
+ 0x74, 0x69, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x6f,
+ 0x6e, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38,
+ 0x01, 0x22, 0xfe, 0x01, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x21,
+ 0x0a, 0x0c, 0x65, 0x70, 0x68, 0x65, 0x6d, 0x65, 0x72, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x18, 0x01,
+ 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x65, 0x70, 0x68, 0x65, 0x6d, 0x65, 0x72, 0x61, 0x6c, 0x49,
+ 0x64, 0x12, 0x57, 0x0a, 0x10, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x5f, 0x76,
+ 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x61, 0x75,
+ 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x32, 0x2e, 0x52,
+ 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74,
+ 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x48, 0x00, 0x52, 0x0f, 0x61, 0x74, 0x74, 0x72, 0x69,
+ 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x12, 0x43, 0x0a, 0x1d, 0x72, 0x65,
+ 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
+ 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x66, 0x71, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28,
+ 0x09, 0x48, 0x00, 0x52, 0x1a, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x65, 0x64, 0x52,
+ 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x46, 0x71, 0x6e, 0x1a,
+ 0x25, 0x0a, 0x0f, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75,
+ 0x65, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x71, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09,
+ 0x52, 0x04, 0x66, 0x71, 0x6e, 0x73, 0x42, 0x0a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72,
+ 0x63, 0x65, 0x22, 0x7e, 0x0a, 0x10, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x44, 0x65,
+ 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x15, 0x65, 0x70, 0x68, 0x65, 0x6d, 0x65,
+ 0x72, 0x61, 0x6c, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18,
+ 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x65, 0x70, 0x68, 0x65, 0x6d, 0x65, 0x72, 0x61, 0x6c,
+ 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x64, 0x12, 0x36, 0x0a, 0x08, 0x64, 0x65,
+ 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x61,
+ 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x32, 0x2e,
+ 0x44, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x64, 0x65, 0x63, 0x69, 0x73, 0x69,
+ 0x6f, 0x6e, 0x22, 0xc4, 0x02, 0x0a, 0x12, 0x47, 0x65, 0x74, 0x44, 0x65, 0x63, 0x69, 0x73, 0x69,
+ 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x57, 0x0a, 0x11, 0x65, 0x6e, 0x74,
+ 0x69, 0x74, 0x79, 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x18, 0x01,
+ 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61,
+ 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x32, 0x2e, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x49, 0x64,
+ 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x42, 0x06, 0xba, 0x48, 0x03, 0xc8, 0x01, 0x01,
+ 0x52, 0x10, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69,
+ 0x65, 0x72, 0x12, 0x2e, 0x0a, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01,
+ 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x41, 0x63, 0x74, 0x69,
+ 0x6f, 0x6e, 0x42, 0x06, 0xba, 0x48, 0x03, 0xc8, 0x01, 0x01, 0x52, 0x06, 0x61, 0x63, 0x74, 0x69,
+ 0x6f, 0x6e, 0x12, 0x3e, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x03,
+ 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61,
+ 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x32, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
+ 0x42, 0x06, 0xba, 0x48, 0x03, 0xc8, 0x01, 0x01, 0x52, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72,
+ 0x63, 0x65, 0x3a, 0x65, 0xba, 0x48, 0x62, 0x1a, 0x60, 0x0a, 0x29, 0x67, 0x65, 0x74, 0x5f, 0x64,
+ 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e,
+ 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x72, 0x65, 0x71, 0x75,
+ 0x69, 0x72, 0x65, 0x64, 0x12, 0x1c, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x6e, 0x61, 0x6d,
+ 0x65, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64,
+ 0x65, 0x64, 0x1a, 0x15, 0x68, 0x61, 0x73, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x61, 0x63, 0x74,
+ 0x69, 0x6f, 0x6e, 0x2e, 0x6e, 0x61, 0x6d, 0x65, 0x29, 0x22, 0x55, 0x0a, 0x13, 0x47, 0x65, 0x74,
+ 0x44, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+ 0x12, 0x3e, 0x0a, 0x08, 0x64, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01,
+ 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69,
+ 0x6f, 0x6e, 0x2e, 0x76, 0x32, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x44, 0x65,
+ 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x64, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e,
+ 0x22, 0xde, 0x02, 0x0a, 0x1f, 0x47, 0x65, 0x74, 0x44, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e,
+ 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71,
+ 0x75, 0x65, 0x73, 0x74, 0x12, 0x57, 0x0a, 0x11, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x69,
+ 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
+ 0x22, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e,
+ 0x76, 0x32, 0x2e, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66,
+ 0x69, 0x65, 0x72, 0x42, 0x06, 0xba, 0x48, 0x03, 0xc8, 0x01, 0x01, 0x52, 0x10, 0x65, 0x6e, 0x74,
+ 0x69, 0x74, 0x79, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x2e, 0x0a,
+ 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e,
+ 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x06, 0xba,
+ 0x48, 0x03, 0xc8, 0x01, 0x01, 0x52, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x45, 0x0a,
+ 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b,
+ 0x32, 0x1a, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+ 0x2e, 0x76, 0x32, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x42, 0x0b, 0xba, 0x48,
+ 0x08, 0xc8, 0x01, 0x01, 0x92, 0x01, 0x02, 0x08, 0x01, 0x52, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75,
+ 0x72, 0x63, 0x65, 0x73, 0x3a, 0x6b, 0xba, 0x48, 0x68, 0x1a, 0x66, 0x0a, 0x2f, 0x67, 0x65, 0x74,
+ 0x5f, 0x64, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x5f,
+ 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6e,
+ 0x61, 0x6d, 0x65, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x12, 0x1c, 0x61, 0x63,
+ 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x6e, 0x61, 0x6d, 0x65, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62,
+ 0x65, 0x20, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x64, 0x1a, 0x15, 0x68, 0x61, 0x73, 0x28,
+ 0x74, 0x68, 0x69, 0x73, 0x2e, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x6e, 0x61, 0x6d, 0x65,
+ 0x29, 0x22, 0xb6, 0x01, 0x0a, 0x20, 0x47, 0x65, 0x74, 0x44, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f,
+ 0x6e, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65,
+ 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3f, 0x0a, 0x0d, 0x61, 0x6c, 0x6c, 0x5f, 0x70, 0x65,
+ 0x72, 0x6d, 0x69, 0x74, 0x74, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e,
+ 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+ 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0c, 0x61, 0x6c, 0x6c, 0x50, 0x65,
+ 0x72, 0x6d, 0x69, 0x74, 0x74, 0x65, 0x64, 0x12, 0x51, 0x0a, 0x12, 0x72, 0x65, 0x73, 0x6f, 0x75,
+ 0x72, 0x63, 0x65, 0x5f, 0x64, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20,
+ 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74,
+ 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x32, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x44,
+ 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x11, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
+ 0x65, 0x44, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x78, 0x0a, 0x16, 0x47, 0x65,
+ 0x74, 0x44, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x42, 0x75, 0x6c, 0x6b, 0x52, 0x65, 0x71,
+ 0x75, 0x65, 0x73, 0x74, 0x12, 0x5e, 0x0a, 0x11, 0x64, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e,
+ 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
+ 0x31, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e,
+ 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x44, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x4d, 0x75,
+ 0x6c, 0x74, 0x69, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65,
+ 0x73, 0x74, 0x52, 0x10, 0x64, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75,
+ 0x65, 0x73, 0x74, 0x73, 0x22, 0x7c, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x44, 0x65, 0x63, 0x69, 0x73,
+ 0x69, 0x6f, 0x6e, 0x42, 0x75, 0x6c, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12,
+ 0x61, 0x0a, 0x12, 0x64, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x70,
+ 0x6f, 0x6e, 0x73, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x61, 0x75,
+ 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x32, 0x2e, 0x47,
+ 0x65, 0x74, 0x44, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x52,
+ 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x52,
+ 0x11, 0x64, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+ 0x65, 0x73, 0x22, 0xd9, 0x01, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x6c,
+ 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x57, 0x0a,
+ 0x11, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69,
+ 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x6f,
+ 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x32, 0x2e, 0x45, 0x6e, 0x74, 0x69,
+ 0x74, 0x79, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x42, 0x06, 0xba, 0x48,
+ 0x03, 0xc8, 0x01, 0x01, 0x52, 0x10, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x49, 0x64, 0x65, 0x6e,
+ 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x45, 0x0a, 0x1c, 0x77, 0x69, 0x74, 0x68, 0x5f, 0x63,
+ 0x6f, 0x6d, 0x70, 0x72, 0x65, 0x68, 0x65, 0x6e, 0x73, 0x69, 0x76, 0x65, 0x5f, 0x68, 0x69, 0x65,
+ 0x72, 0x61, 0x72, 0x63, 0x68, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x1a,
+ 0x77, 0x69, 0x74, 0x68, 0x43, 0x6f, 0x6d, 0x70, 0x72, 0x65, 0x68, 0x65, 0x6e, 0x73, 0x69, 0x76,
+ 0x65, 0x48, 0x69, 0x65, 0x72, 0x61, 0x72, 0x63, 0x68, 0x79, 0x88, 0x01, 0x01, 0x42, 0x1f, 0x0a,
+ 0x1d, 0x5f, 0x77, 0x69, 0x74, 0x68, 0x5f, 0x63, 0x6f, 0x6d, 0x70, 0x72, 0x65, 0x68, 0x65, 0x6e,
+ 0x73, 0x69, 0x76, 0x65, 0x5f, 0x68, 0x69, 0x65, 0x72, 0x61, 0x72, 0x63, 0x68, 0x79, 0x22, 0x63,
+ 0x0a, 0x17, 0x47, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x74,
+ 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x48, 0x0a, 0x0c, 0x65, 0x6e, 0x74,
+ 0x69, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
+ 0x24, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e,
+ 0x76, 0x32, 0x2e, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x6c, 0x65,
+ 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x0c, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x6d, 0x65,
+ 0x6e, 0x74, 0x73, 0x2a, 0x4c, 0x0a, 0x08, 0x44, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x12,
+ 0x18, 0x0a, 0x14, 0x44, 0x45, 0x43, 0x49, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50,
+ 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x44, 0x45, 0x43,
+ 0x49, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x44, 0x45, 0x4e, 0x59, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f,
+ 0x44, 0x45, 0x43, 0x49, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x50, 0x45, 0x52, 0x4d, 0x49, 0x54, 0x10,
+ 0x02, 0x32, 0xce, 0x03, 0x0a, 0x14, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74,
+ 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x5c, 0x0a, 0x0b, 0x47, 0x65,
+ 0x74, 0x44, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x24, 0x2e, 0x61, 0x75, 0x74, 0x68,
+ 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74,
+ 0x44, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+ 0x25, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e,
+ 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x44, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65,
+ 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x83, 0x01, 0x0a, 0x18, 0x47, 0x65, 0x74,
+ 0x44, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x52, 0x65, 0x73,
+ 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x31, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
+ 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x44, 0x65, 0x63, 0x69,
+ 0x73, 0x69, 0x6f, 0x6e, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
+ 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x32, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x6f,
+ 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x44,
+ 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x52, 0x65, 0x73, 0x6f,
+ 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x68,
+ 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x44, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x42, 0x75, 0x6c,
+ 0x6b, 0x12, 0x28, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f,
+ 0x6e, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x44, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e,
+ 0x42, 0x75, 0x6c, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x29, 0x2e, 0x61, 0x75,
+ 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x32, 0x2e, 0x47,
+ 0x65, 0x74, 0x44, 0x65, 0x63, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x42, 0x75, 0x6c, 0x6b, 0x52, 0x65,
+ 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x68, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x45,
+ 0x6e, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x28, 0x2e, 0x61, 0x75,
+ 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x32, 0x2e, 0x47,
+ 0x65, 0x74, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x65,
+ 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x29, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
+ 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x69,
+ 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+ 0x22, 0x00, 0x42, 0xd5, 0x01, 0x0a, 0x14, 0x63, 0x6f, 0x6d, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x6f,
+ 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x32, 0x42, 0x12, 0x41, 0x75, 0x74,
+ 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
+ 0x01, 0x5a, 0x48, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70,
+ 0x65, 0x6e, 0x74, 0x64, 0x66, 0x2f, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2f, 0x70,
+ 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x67, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x6f,
+ 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x76, 0x32, 0x3b, 0x61, 0x75, 0x74, 0x68,
+ 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x76, 0x32, 0xa2, 0x02, 0x03, 0x41, 0x58,
+ 0x58, 0xaa, 0x02, 0x10, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f,
+ 0x6e, 0x2e, 0x56, 0x32, 0xca, 0x02, 0x10, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61,
+ 0x74, 0x69, 0x6f, 0x6e, 0x5c, 0x56, 0x32, 0xe2, 0x02, 0x1c, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
+ 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5c, 0x56, 0x32, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65,
+ 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x11, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
+ 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
+ 0x6f, 0x33,
+}
+
+var (
+ file_authorization_v2_authorization_proto_rawDescOnce sync.Once
+ file_authorization_v2_authorization_proto_rawDescData = file_authorization_v2_authorization_proto_rawDesc
+)
+
+func file_authorization_v2_authorization_proto_rawDescGZIP() []byte {
+ file_authorization_v2_authorization_proto_rawDescOnce.Do(func() {
+ file_authorization_v2_authorization_proto_rawDescData = protoimpl.X.CompressGZIP(file_authorization_v2_authorization_proto_rawDescData)
+ })
+ return file_authorization_v2_authorization_proto_rawDescData
+}
+
+var file_authorization_v2_authorization_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_authorization_v2_authorization_proto_msgTypes = make([]protoimpl.MessageInfo, 15)
+var file_authorization_v2_authorization_proto_goTypes = []interface{}{
+ (Decision)(0), // 0: authorization.v2.Decision
+ (*EntityIdentifier)(nil), // 1: authorization.v2.EntityIdentifier
+ (*EntityEntitlements)(nil), // 2: authorization.v2.EntityEntitlements
+ (*Resource)(nil), // 3: authorization.v2.Resource
+ (*ResourceDecision)(nil), // 4: authorization.v2.ResourceDecision
+ (*GetDecisionRequest)(nil), // 5: authorization.v2.GetDecisionRequest
+ (*GetDecisionResponse)(nil), // 6: authorization.v2.GetDecisionResponse
+ (*GetDecisionMultiResourceRequest)(nil), // 7: authorization.v2.GetDecisionMultiResourceRequest
+ (*GetDecisionMultiResourceResponse)(nil), // 8: authorization.v2.GetDecisionMultiResourceResponse
+ (*GetDecisionBulkRequest)(nil), // 9: authorization.v2.GetDecisionBulkRequest
+ (*GetDecisionBulkResponse)(nil), // 10: authorization.v2.GetDecisionBulkResponse
+ (*GetEntitlementsRequest)(nil), // 11: authorization.v2.GetEntitlementsRequest
+ (*GetEntitlementsResponse)(nil), // 12: authorization.v2.GetEntitlementsResponse
+ (*EntityEntitlements_ActionsList)(nil), // 13: authorization.v2.EntityEntitlements.ActionsList
+ nil, // 14: authorization.v2.EntityEntitlements.ActionsPerAttributeValueFqnEntry
+ (*Resource_AttributeValues)(nil), // 15: authorization.v2.Resource.AttributeValues
+ (*entity.EntityChain)(nil), // 16: entity.EntityChain
+ (*entity.Token)(nil), // 17: entity.Token
+ (*policy.Action)(nil), // 18: policy.Action
+ (*wrapperspb.BoolValue)(nil), // 19: google.protobuf.BoolValue
+}
+var file_authorization_v2_authorization_proto_depIdxs = []int32{
+ 16, // 0: authorization.v2.EntityIdentifier.entity_chain:type_name -> entity.EntityChain
+ 17, // 1: authorization.v2.EntityIdentifier.token:type_name -> entity.Token
+ 14, // 2: authorization.v2.EntityEntitlements.actions_per_attribute_value_fqn:type_name -> authorization.v2.EntityEntitlements.ActionsPerAttributeValueFqnEntry
+ 15, // 3: authorization.v2.Resource.attribute_values:type_name -> authorization.v2.Resource.AttributeValues
+ 0, // 4: authorization.v2.ResourceDecision.decision:type_name -> authorization.v2.Decision
+ 1, // 5: authorization.v2.GetDecisionRequest.entity_identifier:type_name -> authorization.v2.EntityIdentifier
+ 18, // 6: authorization.v2.GetDecisionRequest.action:type_name -> policy.Action
+ 3, // 7: authorization.v2.GetDecisionRequest.resource:type_name -> authorization.v2.Resource
+ 4, // 8: authorization.v2.GetDecisionResponse.decision:type_name -> authorization.v2.ResourceDecision
+ 1, // 9: authorization.v2.GetDecisionMultiResourceRequest.entity_identifier:type_name -> authorization.v2.EntityIdentifier
+ 18, // 10: authorization.v2.GetDecisionMultiResourceRequest.action:type_name -> policy.Action
+ 3, // 11: authorization.v2.GetDecisionMultiResourceRequest.resources:type_name -> authorization.v2.Resource
+ 19, // 12: authorization.v2.GetDecisionMultiResourceResponse.all_permitted:type_name -> google.protobuf.BoolValue
+ 4, // 13: authorization.v2.GetDecisionMultiResourceResponse.resource_decisions:type_name -> authorization.v2.ResourceDecision
+ 7, // 14: authorization.v2.GetDecisionBulkRequest.decision_requests:type_name -> authorization.v2.GetDecisionMultiResourceRequest
+ 8, // 15: authorization.v2.GetDecisionBulkResponse.decision_responses:type_name -> authorization.v2.GetDecisionMultiResourceResponse
+ 1, // 16: authorization.v2.GetEntitlementsRequest.entity_identifier:type_name -> authorization.v2.EntityIdentifier
+ 2, // 17: authorization.v2.GetEntitlementsResponse.entitlements:type_name -> authorization.v2.EntityEntitlements
+ 18, // 18: authorization.v2.EntityEntitlements.ActionsList.actions:type_name -> policy.Action
+ 13, // 19: authorization.v2.EntityEntitlements.ActionsPerAttributeValueFqnEntry.value:type_name -> authorization.v2.EntityEntitlements.ActionsList
+ 5, // 20: authorization.v2.AuthorizationService.GetDecision:input_type -> authorization.v2.GetDecisionRequest
+ 7, // 21: authorization.v2.AuthorizationService.GetDecisionMultiResource:input_type -> authorization.v2.GetDecisionMultiResourceRequest
+ 9, // 22: authorization.v2.AuthorizationService.GetDecisionBulk:input_type -> authorization.v2.GetDecisionBulkRequest
+ 11, // 23: authorization.v2.AuthorizationService.GetEntitlements:input_type -> authorization.v2.GetEntitlementsRequest
+ 6, // 24: authorization.v2.AuthorizationService.GetDecision:output_type -> authorization.v2.GetDecisionResponse
+ 8, // 25: authorization.v2.AuthorizationService.GetDecisionMultiResource:output_type -> authorization.v2.GetDecisionMultiResourceResponse
+ 10, // 26: authorization.v2.AuthorizationService.GetDecisionBulk:output_type -> authorization.v2.GetDecisionBulkResponse
+ 12, // 27: authorization.v2.AuthorizationService.GetEntitlements:output_type -> authorization.v2.GetEntitlementsResponse
+ 24, // [24:28] is the sub-list for method output_type
+ 20, // [20:24] is the sub-list for method input_type
+ 20, // [20:20] is the sub-list for extension type_name
+ 20, // [20:20] is the sub-list for extension extendee
+ 0, // [0:20] is the sub-list for field type_name
+}
+
+func init() { file_authorization_v2_authorization_proto_init() }
+func file_authorization_v2_authorization_proto_init() {
+ if File_authorization_v2_authorization_proto != nil {
+ return
+ }
+ if !protoimpl.UnsafeEnabled {
+ file_authorization_v2_authorization_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*EntityIdentifier); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_authorization_v2_authorization_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*EntityEntitlements); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_authorization_v2_authorization_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*Resource); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_authorization_v2_authorization_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*ResourceDecision); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_authorization_v2_authorization_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*GetDecisionRequest); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_authorization_v2_authorization_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*GetDecisionResponse); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_authorization_v2_authorization_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*GetDecisionMultiResourceRequest); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_authorization_v2_authorization_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*GetDecisionMultiResourceResponse); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_authorization_v2_authorization_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*GetDecisionBulkRequest); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_authorization_v2_authorization_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*GetDecisionBulkResponse); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_authorization_v2_authorization_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*GetEntitlementsRequest); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_authorization_v2_authorization_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*GetEntitlementsResponse); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_authorization_v2_authorization_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*EntityEntitlements_ActionsList); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_authorization_v2_authorization_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*Resource_AttributeValues); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ }
+ file_authorization_v2_authorization_proto_msgTypes[0].OneofWrappers = []interface{}{
+ (*EntityIdentifier_EntityChain)(nil),
+ (*EntityIdentifier_RegisteredResourceValueFqn)(nil),
+ (*EntityIdentifier_Token)(nil),
+ }
+ file_authorization_v2_authorization_proto_msgTypes[2].OneofWrappers = []interface{}{
+ (*Resource_AttributeValues_)(nil),
+ (*Resource_RegisteredResourceValueFqn)(nil),
+ }
+ file_authorization_v2_authorization_proto_msgTypes[10].OneofWrappers = []interface{}{}
+ type x struct{}
+ out := protoimpl.TypeBuilder{
+ File: protoimpl.DescBuilder{
+ GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+ RawDescriptor: file_authorization_v2_authorization_proto_rawDesc,
+ NumEnums: 1,
+ NumMessages: 15,
+ NumExtensions: 0,
+ NumServices: 1,
+ },
+ GoTypes: file_authorization_v2_authorization_proto_goTypes,
+ DependencyIndexes: file_authorization_v2_authorization_proto_depIdxs,
+ EnumInfos: file_authorization_v2_authorization_proto_enumTypes,
+ MessageInfos: file_authorization_v2_authorization_proto_msgTypes,
+ }.Build()
+ File_authorization_v2_authorization_proto = out.File
+ file_authorization_v2_authorization_proto_rawDesc = nil
+ file_authorization_v2_authorization_proto_goTypes = nil
+ file_authorization_v2_authorization_proto_depIdxs = nil
+}
diff --git a/protocol/go/authorization/v2/authorization_grpc.pb.go b/protocol/go/authorization/v2/authorization_grpc.pb.go
new file mode 100644
index 0000000000..f08f0b1def
--- /dev/null
+++ b/protocol/go/authorization/v2/authorization_grpc.pb.go
@@ -0,0 +1,220 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.3.0
+// - protoc (unknown)
+// source: authorization/v2/authorization.proto
+
+package authorizationv2
+
+import (
+ context "context"
+ grpc "google.golang.org/grpc"
+ codes "google.golang.org/grpc/codes"
+ status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.32.0 or later.
+const _ = grpc.SupportPackageIsVersion7
+
+const (
+ AuthorizationService_GetDecision_FullMethodName = "/authorization.v2.AuthorizationService/GetDecision"
+ AuthorizationService_GetDecisionMultiResource_FullMethodName = "/authorization.v2.AuthorizationService/GetDecisionMultiResource"
+ AuthorizationService_GetDecisionBulk_FullMethodName = "/authorization.v2.AuthorizationService/GetDecisionBulk"
+ AuthorizationService_GetEntitlements_FullMethodName = "/authorization.v2.AuthorizationService/GetEntitlements"
+)
+
+// AuthorizationServiceClient is the client API for AuthorizationService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type AuthorizationServiceClient interface {
+ GetDecision(ctx context.Context, in *GetDecisionRequest, opts ...grpc.CallOption) (*GetDecisionResponse, error)
+ GetDecisionMultiResource(ctx context.Context, in *GetDecisionMultiResourceRequest, opts ...grpc.CallOption) (*GetDecisionMultiResourceResponse, error)
+ GetDecisionBulk(ctx context.Context, in *GetDecisionBulkRequest, opts ...grpc.CallOption) (*GetDecisionBulkResponse, error)
+ GetEntitlements(ctx context.Context, in *GetEntitlementsRequest, opts ...grpc.CallOption) (*GetEntitlementsResponse, error)
+}
+
+type authorizationServiceClient struct {
+ cc grpc.ClientConnInterface
+}
+
+func NewAuthorizationServiceClient(cc grpc.ClientConnInterface) AuthorizationServiceClient {
+ return &authorizationServiceClient{cc}
+}
+
+func (c *authorizationServiceClient) GetDecision(ctx context.Context, in *GetDecisionRequest, opts ...grpc.CallOption) (*GetDecisionResponse, error) {
+ out := new(GetDecisionResponse)
+ err := c.cc.Invoke(ctx, AuthorizationService_GetDecision_FullMethodName, in, out, opts...)
+ if err != nil {
+ return nil, err
+ }
+ return out, nil
+}
+
+func (c *authorizationServiceClient) GetDecisionMultiResource(ctx context.Context, in *GetDecisionMultiResourceRequest, opts ...grpc.CallOption) (*GetDecisionMultiResourceResponse, error) {
+ out := new(GetDecisionMultiResourceResponse)
+ err := c.cc.Invoke(ctx, AuthorizationService_GetDecisionMultiResource_FullMethodName, in, out, opts...)
+ if err != nil {
+ return nil, err
+ }
+ return out, nil
+}
+
+func (c *authorizationServiceClient) GetDecisionBulk(ctx context.Context, in *GetDecisionBulkRequest, opts ...grpc.CallOption) (*GetDecisionBulkResponse, error) {
+ out := new(GetDecisionBulkResponse)
+ err := c.cc.Invoke(ctx, AuthorizationService_GetDecisionBulk_FullMethodName, in, out, opts...)
+ if err != nil {
+ return nil, err
+ }
+ return out, nil
+}
+
+func (c *authorizationServiceClient) GetEntitlements(ctx context.Context, in *GetEntitlementsRequest, opts ...grpc.CallOption) (*GetEntitlementsResponse, error) {
+ out := new(GetEntitlementsResponse)
+ err := c.cc.Invoke(ctx, AuthorizationService_GetEntitlements_FullMethodName, in, out, opts...)
+ if err != nil {
+ return nil, err
+ }
+ return out, nil
+}
+
+// AuthorizationServiceServer is the server API for AuthorizationService service.
+// All implementations must embed UnimplementedAuthorizationServiceServer
+// for forward compatibility
+type AuthorizationServiceServer interface {
+ GetDecision(context.Context, *GetDecisionRequest) (*GetDecisionResponse, error)
+ GetDecisionMultiResource(context.Context, *GetDecisionMultiResourceRequest) (*GetDecisionMultiResourceResponse, error)
+ GetDecisionBulk(context.Context, *GetDecisionBulkRequest) (*GetDecisionBulkResponse, error)
+ GetEntitlements(context.Context, *GetEntitlementsRequest) (*GetEntitlementsResponse, error)
+ mustEmbedUnimplementedAuthorizationServiceServer()
+}
+
+// UnimplementedAuthorizationServiceServer must be embedded to have forward compatible implementations.
+type UnimplementedAuthorizationServiceServer struct {
+}
+
+func (UnimplementedAuthorizationServiceServer) GetDecision(context.Context, *GetDecisionRequest) (*GetDecisionResponse, error) {
+ return nil, status.Errorf(codes.Unimplemented, "method GetDecision not implemented")
+}
+func (UnimplementedAuthorizationServiceServer) GetDecisionMultiResource(context.Context, *GetDecisionMultiResourceRequest) (*GetDecisionMultiResourceResponse, error) {
+ return nil, status.Errorf(codes.Unimplemented, "method GetDecisionMultiResource not implemented")
+}
+func (UnimplementedAuthorizationServiceServer) GetDecisionBulk(context.Context, *GetDecisionBulkRequest) (*GetDecisionBulkResponse, error) {
+ return nil, status.Errorf(codes.Unimplemented, "method GetDecisionBulk not implemented")
+}
+func (UnimplementedAuthorizationServiceServer) GetEntitlements(context.Context, *GetEntitlementsRequest) (*GetEntitlementsResponse, error) {
+ return nil, status.Errorf(codes.Unimplemented, "method GetEntitlements not implemented")
+}
+func (UnimplementedAuthorizationServiceServer) mustEmbedUnimplementedAuthorizationServiceServer() {}
+
+// UnsafeAuthorizationServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to AuthorizationServiceServer will
+// result in compilation errors.
+type UnsafeAuthorizationServiceServer interface {
+ mustEmbedUnimplementedAuthorizationServiceServer()
+}
+
+func RegisterAuthorizationServiceServer(s grpc.ServiceRegistrar, srv AuthorizationServiceServer) {
+ s.RegisterService(&AuthorizationService_ServiceDesc, srv)
+}
+
+func _AuthorizationService_GetDecision_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+ in := new(GetDecisionRequest)
+ if err := dec(in); err != nil {
+ return nil, err
+ }
+ if interceptor == nil {
+ return srv.(AuthorizationServiceServer).GetDecision(ctx, in)
+ }
+ info := &grpc.UnaryServerInfo{
+ Server: srv,
+ FullMethod: AuthorizationService_GetDecision_FullMethodName,
+ }
+ handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+ return srv.(AuthorizationServiceServer).GetDecision(ctx, req.(*GetDecisionRequest))
+ }
+ return interceptor(ctx, in, info, handler)
+}
+
+func _AuthorizationService_GetDecisionMultiResource_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+ in := new(GetDecisionMultiResourceRequest)
+ if err := dec(in); err != nil {
+ return nil, err
+ }
+ if interceptor == nil {
+ return srv.(AuthorizationServiceServer).GetDecisionMultiResource(ctx, in)
+ }
+ info := &grpc.UnaryServerInfo{
+ Server: srv,
+ FullMethod: AuthorizationService_GetDecisionMultiResource_FullMethodName,
+ }
+ handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+ return srv.(AuthorizationServiceServer).GetDecisionMultiResource(ctx, req.(*GetDecisionMultiResourceRequest))
+ }
+ return interceptor(ctx, in, info, handler)
+}
+
+func _AuthorizationService_GetDecisionBulk_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+ in := new(GetDecisionBulkRequest)
+ if err := dec(in); err != nil {
+ return nil, err
+ }
+ if interceptor == nil {
+ return srv.(AuthorizationServiceServer).GetDecisionBulk(ctx, in)
+ }
+ info := &grpc.UnaryServerInfo{
+ Server: srv,
+ FullMethod: AuthorizationService_GetDecisionBulk_FullMethodName,
+ }
+ handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+ return srv.(AuthorizationServiceServer).GetDecisionBulk(ctx, req.(*GetDecisionBulkRequest))
+ }
+ return interceptor(ctx, in, info, handler)
+}
+
+func _AuthorizationService_GetEntitlements_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+ in := new(GetEntitlementsRequest)
+ if err := dec(in); err != nil {
+ return nil, err
+ }
+ if interceptor == nil {
+ return srv.(AuthorizationServiceServer).GetEntitlements(ctx, in)
+ }
+ info := &grpc.UnaryServerInfo{
+ Server: srv,
+ FullMethod: AuthorizationService_GetEntitlements_FullMethodName,
+ }
+ handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+ return srv.(AuthorizationServiceServer).GetEntitlements(ctx, req.(*GetEntitlementsRequest))
+ }
+ return interceptor(ctx, in, info, handler)
+}
+
+// AuthorizationService_ServiceDesc is the grpc.ServiceDesc for AuthorizationService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var AuthorizationService_ServiceDesc = grpc.ServiceDesc{
+ ServiceName: "authorization.v2.AuthorizationService",
+ HandlerType: (*AuthorizationServiceServer)(nil),
+ Methods: []grpc.MethodDesc{
+ {
+ MethodName: "GetDecision",
+ Handler: _AuthorizationService_GetDecision_Handler,
+ },
+ {
+ MethodName: "GetDecisionMultiResource",
+ Handler: _AuthorizationService_GetDecisionMultiResource_Handler,
+ },
+ {
+ MethodName: "GetDecisionBulk",
+ Handler: _AuthorizationService_GetDecisionBulk_Handler,
+ },
+ {
+ MethodName: "GetEntitlements",
+ Handler: _AuthorizationService_GetEntitlements_Handler,
+ },
+ },
+ Streams: []grpc.StreamDesc{},
+ Metadata: "authorization/v2/authorization.proto",
+}
diff --git a/protocol/go/authorization/v2/authorizationv2connect/authorization.connect.go b/protocol/go/authorization/v2/authorizationv2connect/authorization.connect.go
new file mode 100644
index 0000000000..43bd8db6de
--- /dev/null
+++ b/protocol/go/authorization/v2/authorizationv2connect/authorization.connect.go
@@ -0,0 +1,204 @@
+// Code generated by protoc-gen-connect-go. DO NOT EDIT.
+//
+// Source: authorization/v2/authorization.proto
+
+package authorizationv2connect
+
+import (
+ connect "connectrpc.com/connect"
+ context "context"
+ errors "errors"
+ v2 "github.com/opentdf/platform/protocol/go/authorization/v2"
+ http "net/http"
+ strings "strings"
+)
+
+// This is a compile-time assertion to ensure that this generated file and the connect package are
+// compatible. If you get a compiler error that this constant is not defined, this code was
+// generated with a version of connect newer than the one compiled into your binary. You can fix the
+// problem by either regenerating this code with an older version of connect or updating the connect
+// version compiled into your binary.
+const _ = connect.IsAtLeastVersion1_13_0
+
+const (
+ // AuthorizationServiceName is the fully-qualified name of the AuthorizationService service.
+ AuthorizationServiceName = "authorization.v2.AuthorizationService"
+)
+
+// These constants are the fully-qualified names of the RPCs defined in this package. They're
+// exposed at runtime as Spec.Procedure and as the final two segments of the HTTP route.
+//
+// Note that these are different from the fully-qualified method names used by
+// google.golang.org/protobuf/reflect/protoreflect. To convert from these constants to
+// reflection-formatted method names, remove the leading slash and convert the remaining slash to a
+// period.
+const (
+ // AuthorizationServiceGetDecisionProcedure is the fully-qualified name of the
+ // AuthorizationService's GetDecision RPC.
+ AuthorizationServiceGetDecisionProcedure = "/authorization.v2.AuthorizationService/GetDecision"
+ // AuthorizationServiceGetDecisionMultiResourceProcedure is the fully-qualified name of the
+ // AuthorizationService's GetDecisionMultiResource RPC.
+ AuthorizationServiceGetDecisionMultiResourceProcedure = "/authorization.v2.AuthorizationService/GetDecisionMultiResource"
+ // AuthorizationServiceGetDecisionBulkProcedure is the fully-qualified name of the
+ // AuthorizationService's GetDecisionBulk RPC.
+ AuthorizationServiceGetDecisionBulkProcedure = "/authorization.v2.AuthorizationService/GetDecisionBulk"
+ // AuthorizationServiceGetEntitlementsProcedure is the fully-qualified name of the
+ // AuthorizationService's GetEntitlements RPC.
+ AuthorizationServiceGetEntitlementsProcedure = "/authorization.v2.AuthorizationService/GetEntitlements"
+)
+
+// These variables are the protoreflect.Descriptor objects for the RPCs defined in this package.
+var (
+ authorizationServiceServiceDescriptor = v2.File_authorization_v2_authorization_proto.Services().ByName("AuthorizationService")
+ authorizationServiceGetDecisionMethodDescriptor = authorizationServiceServiceDescriptor.Methods().ByName("GetDecision")
+ authorizationServiceGetDecisionMultiResourceMethodDescriptor = authorizationServiceServiceDescriptor.Methods().ByName("GetDecisionMultiResource")
+ authorizationServiceGetDecisionBulkMethodDescriptor = authorizationServiceServiceDescriptor.Methods().ByName("GetDecisionBulk")
+ authorizationServiceGetEntitlementsMethodDescriptor = authorizationServiceServiceDescriptor.Methods().ByName("GetEntitlements")
+)
+
+// AuthorizationServiceClient is a client for the authorization.v2.AuthorizationService service.
+type AuthorizationServiceClient interface {
+ GetDecision(context.Context, *connect.Request[v2.GetDecisionRequest]) (*connect.Response[v2.GetDecisionResponse], error)
+ GetDecisionMultiResource(context.Context, *connect.Request[v2.GetDecisionMultiResourceRequest]) (*connect.Response[v2.GetDecisionMultiResourceResponse], error)
+ GetDecisionBulk(context.Context, *connect.Request[v2.GetDecisionBulkRequest]) (*connect.Response[v2.GetDecisionBulkResponse], error)
+ GetEntitlements(context.Context, *connect.Request[v2.GetEntitlementsRequest]) (*connect.Response[v2.GetEntitlementsResponse], error)
+}
+
+// NewAuthorizationServiceClient constructs a client for the authorization.v2.AuthorizationService
+// service. By default, it uses the Connect protocol with the binary Protobuf Codec, asks for
+// gzipped responses, and sends uncompressed requests. To use the gRPC or gRPC-Web protocols, supply
+// the connect.WithGRPC() or connect.WithGRPCWeb() options.
+//
+// The URL supplied here should be the base URL for the Connect or gRPC server (for example,
+// http://api.acme.com or https://acme.com/grpc).
+func NewAuthorizationServiceClient(httpClient connect.HTTPClient, baseURL string, opts ...connect.ClientOption) AuthorizationServiceClient {
+ baseURL = strings.TrimRight(baseURL, "/")
+ return &authorizationServiceClient{
+ getDecision: connect.NewClient[v2.GetDecisionRequest, v2.GetDecisionResponse](
+ httpClient,
+ baseURL+AuthorizationServiceGetDecisionProcedure,
+ connect.WithSchema(authorizationServiceGetDecisionMethodDescriptor),
+ connect.WithClientOptions(opts...),
+ ),
+ getDecisionMultiResource: connect.NewClient[v2.GetDecisionMultiResourceRequest, v2.GetDecisionMultiResourceResponse](
+ httpClient,
+ baseURL+AuthorizationServiceGetDecisionMultiResourceProcedure,
+ connect.WithSchema(authorizationServiceGetDecisionMultiResourceMethodDescriptor),
+ connect.WithClientOptions(opts...),
+ ),
+ getDecisionBulk: connect.NewClient[v2.GetDecisionBulkRequest, v2.GetDecisionBulkResponse](
+ httpClient,
+ baseURL+AuthorizationServiceGetDecisionBulkProcedure,
+ connect.WithSchema(authorizationServiceGetDecisionBulkMethodDescriptor),
+ connect.WithClientOptions(opts...),
+ ),
+ getEntitlements: connect.NewClient[v2.GetEntitlementsRequest, v2.GetEntitlementsResponse](
+ httpClient,
+ baseURL+AuthorizationServiceGetEntitlementsProcedure,
+ connect.WithSchema(authorizationServiceGetEntitlementsMethodDescriptor),
+ connect.WithClientOptions(opts...),
+ ),
+ }
+}
+
+// authorizationServiceClient implements AuthorizationServiceClient.
+type authorizationServiceClient struct {
+ getDecision *connect.Client[v2.GetDecisionRequest, v2.GetDecisionResponse]
+ getDecisionMultiResource *connect.Client[v2.GetDecisionMultiResourceRequest, v2.GetDecisionMultiResourceResponse]
+ getDecisionBulk *connect.Client[v2.GetDecisionBulkRequest, v2.GetDecisionBulkResponse]
+ getEntitlements *connect.Client[v2.GetEntitlementsRequest, v2.GetEntitlementsResponse]
+}
+
+// GetDecision calls authorization.v2.AuthorizationService.GetDecision.
+func (c *authorizationServiceClient) GetDecision(ctx context.Context, req *connect.Request[v2.GetDecisionRequest]) (*connect.Response[v2.GetDecisionResponse], error) {
+ return c.getDecision.CallUnary(ctx, req)
+}
+
+// GetDecisionMultiResource calls authorization.v2.AuthorizationService.GetDecisionMultiResource.
+func (c *authorizationServiceClient) GetDecisionMultiResource(ctx context.Context, req *connect.Request[v2.GetDecisionMultiResourceRequest]) (*connect.Response[v2.GetDecisionMultiResourceResponse], error) {
+ return c.getDecisionMultiResource.CallUnary(ctx, req)
+}
+
+// GetDecisionBulk calls authorization.v2.AuthorizationService.GetDecisionBulk.
+func (c *authorizationServiceClient) GetDecisionBulk(ctx context.Context, req *connect.Request[v2.GetDecisionBulkRequest]) (*connect.Response[v2.GetDecisionBulkResponse], error) {
+ return c.getDecisionBulk.CallUnary(ctx, req)
+}
+
+// GetEntitlements calls authorization.v2.AuthorizationService.GetEntitlements.
+func (c *authorizationServiceClient) GetEntitlements(ctx context.Context, req *connect.Request[v2.GetEntitlementsRequest]) (*connect.Response[v2.GetEntitlementsResponse], error) {
+ return c.getEntitlements.CallUnary(ctx, req)
+}
+
+// AuthorizationServiceHandler is an implementation of the authorization.v2.AuthorizationService
+// service.
+type AuthorizationServiceHandler interface {
+ GetDecision(context.Context, *connect.Request[v2.GetDecisionRequest]) (*connect.Response[v2.GetDecisionResponse], error)
+ GetDecisionMultiResource(context.Context, *connect.Request[v2.GetDecisionMultiResourceRequest]) (*connect.Response[v2.GetDecisionMultiResourceResponse], error)
+ GetDecisionBulk(context.Context, *connect.Request[v2.GetDecisionBulkRequest]) (*connect.Response[v2.GetDecisionBulkResponse], error)
+ GetEntitlements(context.Context, *connect.Request[v2.GetEntitlementsRequest]) (*connect.Response[v2.GetEntitlementsResponse], error)
+}
+
+// NewAuthorizationServiceHandler builds an HTTP handler from the service implementation. It returns
+// the path on which to mount the handler and the handler itself.
+//
+// By default, handlers support the Connect, gRPC, and gRPC-Web protocols with the binary Protobuf
+// and JSON codecs. They also support gzip compression.
+func NewAuthorizationServiceHandler(svc AuthorizationServiceHandler, opts ...connect.HandlerOption) (string, http.Handler) {
+ authorizationServiceGetDecisionHandler := connect.NewUnaryHandler(
+ AuthorizationServiceGetDecisionProcedure,
+ svc.GetDecision,
+ connect.WithSchema(authorizationServiceGetDecisionMethodDescriptor),
+ connect.WithHandlerOptions(opts...),
+ )
+ authorizationServiceGetDecisionMultiResourceHandler := connect.NewUnaryHandler(
+ AuthorizationServiceGetDecisionMultiResourceProcedure,
+ svc.GetDecisionMultiResource,
+ connect.WithSchema(authorizationServiceGetDecisionMultiResourceMethodDescriptor),
+ connect.WithHandlerOptions(opts...),
+ )
+ authorizationServiceGetDecisionBulkHandler := connect.NewUnaryHandler(
+ AuthorizationServiceGetDecisionBulkProcedure,
+ svc.GetDecisionBulk,
+ connect.WithSchema(authorizationServiceGetDecisionBulkMethodDescriptor),
+ connect.WithHandlerOptions(opts...),
+ )
+ authorizationServiceGetEntitlementsHandler := connect.NewUnaryHandler(
+ AuthorizationServiceGetEntitlementsProcedure,
+ svc.GetEntitlements,
+ connect.WithSchema(authorizationServiceGetEntitlementsMethodDescriptor),
+ connect.WithHandlerOptions(opts...),
+ )
+ return "/authorization.v2.AuthorizationService/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ switch r.URL.Path {
+ case AuthorizationServiceGetDecisionProcedure:
+ authorizationServiceGetDecisionHandler.ServeHTTP(w, r)
+ case AuthorizationServiceGetDecisionMultiResourceProcedure:
+ authorizationServiceGetDecisionMultiResourceHandler.ServeHTTP(w, r)
+ case AuthorizationServiceGetDecisionBulkProcedure:
+ authorizationServiceGetDecisionBulkHandler.ServeHTTP(w, r)
+ case AuthorizationServiceGetEntitlementsProcedure:
+ authorizationServiceGetEntitlementsHandler.ServeHTTP(w, r)
+ default:
+ http.NotFound(w, r)
+ }
+ })
+}
+
+// UnimplementedAuthorizationServiceHandler returns CodeUnimplemented from all methods.
+type UnimplementedAuthorizationServiceHandler struct{}
+
+func (UnimplementedAuthorizationServiceHandler) GetDecision(context.Context, *connect.Request[v2.GetDecisionRequest]) (*connect.Response[v2.GetDecisionResponse], error) {
+ return nil, connect.NewError(connect.CodeUnimplemented, errors.New("authorization.v2.AuthorizationService.GetDecision is not implemented"))
+}
+
+func (UnimplementedAuthorizationServiceHandler) GetDecisionMultiResource(context.Context, *connect.Request[v2.GetDecisionMultiResourceRequest]) (*connect.Response[v2.GetDecisionMultiResourceResponse], error) {
+ return nil, connect.NewError(connect.CodeUnimplemented, errors.New("authorization.v2.AuthorizationService.GetDecisionMultiResource is not implemented"))
+}
+
+func (UnimplementedAuthorizationServiceHandler) GetDecisionBulk(context.Context, *connect.Request[v2.GetDecisionBulkRequest]) (*connect.Response[v2.GetDecisionBulkResponse], error) {
+ return nil, connect.NewError(connect.CodeUnimplemented, errors.New("authorization.v2.AuthorizationService.GetDecisionBulk is not implemented"))
+}
+
+func (UnimplementedAuthorizationServiceHandler) GetEntitlements(context.Context, *connect.Request[v2.GetEntitlementsRequest]) (*connect.Response[v2.GetEntitlementsResponse], error) {
+ return nil, connect.NewError(connect.CodeUnimplemented, errors.New("authorization.v2.AuthorizationService.GetEntitlements is not implemented"))
+}
diff --git a/protocol/go/entity/entity.pb.go b/protocol/go/entity/entity.pb.go
new file mode 100644
index 0000000000..05a24b9e2d
--- /dev/null
+++ b/protocol/go/entity/entity.pb.go
@@ -0,0 +1,470 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// protoc-gen-go v1.33.0
+// protoc (unknown)
+// source: entity/entity.proto
+
+package entity
+
+import (
+ _ "buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate"
+ protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+ protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+ anypb "google.golang.org/protobuf/types/known/anypb"
+ reflect "reflect"
+ sync "sync"
+)
+
+const (
+ // Verify that this generated code is sufficiently up-to-date.
+ _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+ // Verify that runtime/protoimpl is sufficiently up-to-date.
+ _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type Entity_Category int32
+
+const (
+ Entity_CATEGORY_UNSPECIFIED Entity_Category = 0
+ Entity_CATEGORY_SUBJECT Entity_Category = 1
+ Entity_CATEGORY_ENVIRONMENT Entity_Category = 2
+)
+
+// Enum value maps for Entity_Category.
+var (
+ Entity_Category_name = map[int32]string{
+ 0: "CATEGORY_UNSPECIFIED",
+ 1: "CATEGORY_SUBJECT",
+ 2: "CATEGORY_ENVIRONMENT",
+ }
+ Entity_Category_value = map[string]int32{
+ "CATEGORY_UNSPECIFIED": 0,
+ "CATEGORY_SUBJECT": 1,
+ "CATEGORY_ENVIRONMENT": 2,
+ }
+)
+
+func (x Entity_Category) Enum() *Entity_Category {
+ p := new(Entity_Category)
+ *p = x
+ return p
+}
+
+func (x Entity_Category) String() string {
+ return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (Entity_Category) Descriptor() protoreflect.EnumDescriptor {
+ return file_entity_entity_proto_enumTypes[0].Descriptor()
+}
+
+func (Entity_Category) Type() protoreflect.EnumType {
+ return &file_entity_entity_proto_enumTypes[0]
+}
+
+func (x Entity_Category) Number() protoreflect.EnumNumber {
+ return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use Entity_Category.Descriptor instead.
+func (Entity_Category) EnumDescriptor() ([]byte, []int) {
+ return file_entity_entity_proto_rawDescGZIP(), []int{1, 0}
+}
+
+type Token struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // ephemeral id for tracking between request and response
+ EphemeralId string `protobuf:"bytes,1,opt,name=ephemeral_id,json=ephemeralId,proto3" json:"ephemeral_id,omitempty"`
+ // the token
+ Jwt string `protobuf:"bytes,2,opt,name=jwt,proto3" json:"jwt,omitempty"`
+}
+
+func (x *Token) Reset() {
+ *x = Token{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_entity_entity_proto_msgTypes[0]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *Token) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Token) ProtoMessage() {}
+
+func (x *Token) ProtoReflect() protoreflect.Message {
+ mi := &file_entity_entity_proto_msgTypes[0]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use Token.ProtoReflect.Descriptor instead.
+func (*Token) Descriptor() ([]byte, []int) {
+ return file_entity_entity_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Token) GetEphemeralId() string {
+ if x != nil {
+ return x.EphemeralId
+ }
+ return ""
+}
+
+func (x *Token) GetJwt() string {
+ if x != nil {
+ return x.Jwt
+ }
+ return ""
+}
+
+// PE (Person Entity) or NPE (Non-Person Entity)
+type Entity struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // ephemeral id for tracking between request and response
+ EphemeralId string `protobuf:"bytes,1,opt,name=ephemeral_id,json=ephemeralId,proto3" json:"ephemeral_id,omitempty"`
+ // Standard entity types supported by the platform, one of which must be set
+ //
+ // Types that are assignable to EntityType:
+ //
+ // *Entity_EmailAddress
+ // *Entity_UserName
+ // *Entity_Claims
+ // *Entity_ClientId
+ EntityType isEntity_EntityType `protobuf_oneof:"entity_type"`
+ Category Entity_Category `protobuf:"varint,11,opt,name=category,proto3,enum=entity.Entity_Category" json:"category,omitempty"`
+}
+
+func (x *Entity) Reset() {
+ *x = Entity{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_entity_entity_proto_msgTypes[1]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *Entity) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Entity) ProtoMessage() {}
+
+func (x *Entity) ProtoReflect() protoreflect.Message {
+ mi := &file_entity_entity_proto_msgTypes[1]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use Entity.ProtoReflect.Descriptor instead.
+func (*Entity) Descriptor() ([]byte, []int) {
+ return file_entity_entity_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *Entity) GetEphemeralId() string {
+ if x != nil {
+ return x.EphemeralId
+ }
+ return ""
+}
+
+func (m *Entity) GetEntityType() isEntity_EntityType {
+ if m != nil {
+ return m.EntityType
+ }
+ return nil
+}
+
+func (x *Entity) GetEmailAddress() string {
+ if x, ok := x.GetEntityType().(*Entity_EmailAddress); ok {
+ return x.EmailAddress
+ }
+ return ""
+}
+
+func (x *Entity) GetUserName() string {
+ if x, ok := x.GetEntityType().(*Entity_UserName); ok {
+ return x.UserName
+ }
+ return ""
+}
+
+func (x *Entity) GetClaims() *anypb.Any {
+ if x, ok := x.GetEntityType().(*Entity_Claims); ok {
+ return x.Claims
+ }
+ return nil
+}
+
+func (x *Entity) GetClientId() string {
+ if x, ok := x.GetEntityType().(*Entity_ClientId); ok {
+ return x.ClientId
+ }
+ return ""
+}
+
+func (x *Entity) GetCategory() Entity_Category {
+ if x != nil {
+ return x.Category
+ }
+ return Entity_CATEGORY_UNSPECIFIED
+}
+
+type isEntity_EntityType interface {
+ isEntity_EntityType()
+}
+
+type Entity_EmailAddress struct {
+ EmailAddress string `protobuf:"bytes,2,opt,name=email_address,json=emailAddress,proto3,oneof"`
+}
+
+type Entity_UserName struct {
+ UserName string `protobuf:"bytes,3,opt,name=user_name,json=userName,proto3,oneof"`
+}
+
+type Entity_Claims struct {
+ // used by ERS claims mode
+ Claims *anypb.Any `protobuf:"bytes,4,opt,name=claims,proto3,oneof"`
+}
+
+type Entity_ClientId struct {
+ ClientId string `protobuf:"bytes,5,opt,name=client_id,json=clientId,proto3,oneof"`
+}
+
+func (*Entity_EmailAddress) isEntity_EntityType() {}
+
+func (*Entity_UserName) isEntity_EntityType() {}
+
+func (*Entity_Claims) isEntity_EntityType() {}
+
+func (*Entity_ClientId) isEntity_EntityType() {}
+
+// A set of related PE and NPE
+type EntityChain struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // ephemeral id for tracking between request and response
+ EphemeralId string `protobuf:"bytes,1,opt,name=ephemeral_id,json=ephemeralId,proto3" json:"ephemeral_id,omitempty"`
+ Entities []*Entity `protobuf:"bytes,2,rep,name=entities,proto3" json:"entities,omitempty"`
+}
+
+func (x *EntityChain) Reset() {
+ *x = EntityChain{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_entity_entity_proto_msgTypes[2]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *EntityChain) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EntityChain) ProtoMessage() {}
+
+func (x *EntityChain) ProtoReflect() protoreflect.Message {
+ mi := &file_entity_entity_proto_msgTypes[2]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use EntityChain.ProtoReflect.Descriptor instead.
+func (*EntityChain) Descriptor() ([]byte, []int) {
+ return file_entity_entity_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *EntityChain) GetEphemeralId() string {
+ if x != nil {
+ return x.EphemeralId
+ }
+ return ""
+}
+
+func (x *EntityChain) GetEntities() []*Entity {
+ if x != nil {
+ return x.Entities
+ }
+ return nil
+}
+
+var File_entity_entity_proto protoreflect.FileDescriptor
+
+var file_entity_entity_proto_rawDesc = []byte{
+ 0x0a, 0x13, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2f, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e,
+ 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x06, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x1a, 0x1b, 0x62,
+ 0x75, 0x66, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2f, 0x76, 0x61, 0x6c, 0x69,
+ 0x64, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67,
+ 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x61, 0x6e, 0x79, 0x2e,
+ 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x44, 0x0a, 0x05, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x21,
+ 0x0a, 0x0c, 0x65, 0x70, 0x68, 0x65, 0x6d, 0x65, 0x72, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x18, 0x01,
+ 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x65, 0x70, 0x68, 0x65, 0x6d, 0x65, 0x72, 0x61, 0x6c, 0x49,
+ 0x64, 0x12, 0x18, 0x0a, 0x03, 0x6a, 0x77, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x06,
+ 0xba, 0x48, 0x03, 0xc8, 0x01, 0x01, 0x52, 0x03, 0x6a, 0x77, 0x74, 0x22, 0xda, 0x02, 0x0a, 0x06,
+ 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x21, 0x0a, 0x0c, 0x65, 0x70, 0x68, 0x65, 0x6d, 0x65,
+ 0x72, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x65, 0x70,
+ 0x68, 0x65, 0x6d, 0x65, 0x72, 0x61, 0x6c, 0x49, 0x64, 0x12, 0x25, 0x0a, 0x0d, 0x65, 0x6d, 0x61,
+ 0x69, 0x6c, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+ 0x48, 0x00, 0x52, 0x0c, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73,
+ 0x12, 0x1d, 0x0a, 0x09, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20,
+ 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12,
+ 0x2e, 0x0a, 0x06, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32,
+ 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+ 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x48, 0x00, 0x52, 0x06, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x73, 0x12,
+ 0x1d, 0x0a, 0x09, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01,
+ 0x28, 0x09, 0x48, 0x00, 0x52, 0x08, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x33,
+ 0x0a, 0x08, 0x63, 0x61, 0x74, 0x65, 0x67, 0x6f, 0x72, 0x79, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0e,
+ 0x32, 0x17, 0x2e, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79,
+ 0x2e, 0x43, 0x61, 0x74, 0x65, 0x67, 0x6f, 0x72, 0x79, 0x52, 0x08, 0x63, 0x61, 0x74, 0x65, 0x67,
+ 0x6f, 0x72, 0x79, 0x22, 0x54, 0x0a, 0x08, 0x43, 0x61, 0x74, 0x65, 0x67, 0x6f, 0x72, 0x79, 0x12,
+ 0x18, 0x0a, 0x14, 0x43, 0x41, 0x54, 0x45, 0x47, 0x4f, 0x52, 0x59, 0x5f, 0x55, 0x4e, 0x53, 0x50,
+ 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x43, 0x41, 0x54,
+ 0x45, 0x47, 0x4f, 0x52, 0x59, 0x5f, 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x10, 0x01, 0x12,
+ 0x18, 0x0a, 0x14, 0x43, 0x41, 0x54, 0x45, 0x47, 0x4f, 0x52, 0x59, 0x5f, 0x45, 0x4e, 0x56, 0x49,
+ 0x52, 0x4f, 0x4e, 0x4d, 0x45, 0x4e, 0x54, 0x10, 0x02, 0x42, 0x0d, 0x0a, 0x0b, 0x65, 0x6e, 0x74,
+ 0x69, 0x74, 0x79, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x22, 0x5c, 0x0a, 0x0b, 0x45, 0x6e, 0x74, 0x69,
+ 0x74, 0x79, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x12, 0x21, 0x0a, 0x0c, 0x65, 0x70, 0x68, 0x65, 0x6d,
+ 0x65, 0x72, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x65,
+ 0x70, 0x68, 0x65, 0x6d, 0x65, 0x72, 0x61, 0x6c, 0x49, 0x64, 0x12, 0x2a, 0x0a, 0x08, 0x65, 0x6e,
+ 0x74, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x65,
+ 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x08, 0x65, 0x6e,
+ 0x74, 0x69, 0x74, 0x69, 0x65, 0x73, 0x42, 0x81, 0x01, 0x0a, 0x0a, 0x63, 0x6f, 0x6d, 0x2e, 0x65,
+ 0x6e, 0x74, 0x69, 0x74, 0x79, 0x42, 0x0b, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x50, 0x72, 0x6f,
+ 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d,
+ 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x64, 0x66, 0x2f, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72,
+ 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x67, 0x6f, 0x2f, 0x65, 0x6e,
+ 0x74, 0x69, 0x74, 0x79, 0xa2, 0x02, 0x03, 0x45, 0x58, 0x58, 0xaa, 0x02, 0x06, 0x45, 0x6e, 0x74,
+ 0x69, 0x74, 0x79, 0xca, 0x02, 0x06, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0xe2, 0x02, 0x12, 0x45,
+ 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74,
+ 0x61, 0xea, 0x02, 0x06, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
+ 0x6f, 0x33,
+}
+
+var (
+ file_entity_entity_proto_rawDescOnce sync.Once
+ file_entity_entity_proto_rawDescData = file_entity_entity_proto_rawDesc
+)
+
+func file_entity_entity_proto_rawDescGZIP() []byte {
+ file_entity_entity_proto_rawDescOnce.Do(func() {
+ file_entity_entity_proto_rawDescData = protoimpl.X.CompressGZIP(file_entity_entity_proto_rawDescData)
+ })
+ return file_entity_entity_proto_rawDescData
+}
+
+var file_entity_entity_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_entity_entity_proto_msgTypes = make([]protoimpl.MessageInfo, 3)
+var file_entity_entity_proto_goTypes = []interface{}{
+ (Entity_Category)(0), // 0: entity.Entity.Category
+ (*Token)(nil), // 1: entity.Token
+ (*Entity)(nil), // 2: entity.Entity
+ (*EntityChain)(nil), // 3: entity.EntityChain
+ (*anypb.Any)(nil), // 4: google.protobuf.Any
+}
+var file_entity_entity_proto_depIdxs = []int32{
+ 4, // 0: entity.Entity.claims:type_name -> google.protobuf.Any
+ 0, // 1: entity.Entity.category:type_name -> entity.Entity.Category
+ 2, // 2: entity.EntityChain.entities:type_name -> entity.Entity
+ 3, // [3:3] is the sub-list for method output_type
+ 3, // [3:3] is the sub-list for method input_type
+ 3, // [3:3] is the sub-list for extension type_name
+ 3, // [3:3] is the sub-list for extension extendee
+ 0, // [0:3] is the sub-list for field type_name
+}
+
+func init() { file_entity_entity_proto_init() }
+func file_entity_entity_proto_init() {
+ if File_entity_entity_proto != nil {
+ return
+ }
+ if !protoimpl.UnsafeEnabled {
+ file_entity_entity_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*Token); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_entity_entity_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*Entity); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_entity_entity_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*EntityChain); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ }
+ file_entity_entity_proto_msgTypes[1].OneofWrappers = []interface{}{
+ (*Entity_EmailAddress)(nil),
+ (*Entity_UserName)(nil),
+ (*Entity_Claims)(nil),
+ (*Entity_ClientId)(nil),
+ }
+ type x struct{}
+ out := protoimpl.TypeBuilder{
+ File: protoimpl.DescBuilder{
+ GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+ RawDescriptor: file_entity_entity_proto_rawDesc,
+ NumEnums: 1,
+ NumMessages: 3,
+ NumExtensions: 0,
+ NumServices: 0,
+ },
+ GoTypes: file_entity_entity_proto_goTypes,
+ DependencyIndexes: file_entity_entity_proto_depIdxs,
+ EnumInfos: file_entity_entity_proto_enumTypes,
+ MessageInfos: file_entity_entity_proto_msgTypes,
+ }.Build()
+ File_entity_entity_proto = out.File
+ file_entity_entity_proto_rawDesc = nil
+ file_entity_entity_proto_goTypes = nil
+ file_entity_entity_proto_depIdxs = nil
+}
diff --git a/protocol/go/entityresolution/v2/entity_resolution.pb.go b/protocol/go/entityresolution/v2/entity_resolution.pb.go
new file mode 100644
index 0000000000..cc2dd7c0c9
--- /dev/null
+++ b/protocol/go/entityresolution/v2/entity_resolution.pb.go
@@ -0,0 +1,576 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// protoc-gen-go v1.33.0
+// protoc (unknown)
+// source: entityresolution/v2/entity_resolution.proto
+
+package entityresolutionv2
+
+import (
+ _ "buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate"
+ entity "github.com/opentdf/platform/protocol/go/entity"
+ protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+ protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+ anypb "google.golang.org/protobuf/types/known/anypb"
+ structpb "google.golang.org/protobuf/types/known/structpb"
+ reflect "reflect"
+ sync "sync"
+)
+
+const (
+ // Verify that this generated code is sufficiently up-to-date.
+ _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+ // Verify that runtime/protoimpl is sufficiently up-to-date.
+ _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type EntityRepresentation struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // ephemeral entity id from the request
+ OriginalId string `protobuf:"bytes,1,opt,name=original_id,json=originalId,proto3" json:"original_id,omitempty"`
+ AdditionalProps []*structpb.Struct `protobuf:"bytes,2,rep,name=additional_props,json=additionalProps,proto3" json:"additional_props,omitempty"`
+}
+
+func (x *EntityRepresentation) Reset() {
+ *x = EntityRepresentation{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_entityresolution_v2_entity_resolution_proto_msgTypes[0]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *EntityRepresentation) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EntityRepresentation) ProtoMessage() {}
+
+func (x *EntityRepresentation) ProtoReflect() protoreflect.Message {
+ mi := &file_entityresolution_v2_entity_resolution_proto_msgTypes[0]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use EntityRepresentation.ProtoReflect.Descriptor instead.
+func (*EntityRepresentation) Descriptor() ([]byte, []int) {
+ return file_entityresolution_v2_entity_resolution_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *EntityRepresentation) GetOriginalId() string {
+ if x != nil {
+ return x.OriginalId
+ }
+ return ""
+}
+
+func (x *EntityRepresentation) GetAdditionalProps() []*structpb.Struct {
+ if x != nil {
+ return x.AdditionalProps
+ }
+ return nil
+}
+
+// Resolve a set of entities to their representations.
+type ResolveEntitiesRequest struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ Entities []*entity.Entity `protobuf:"bytes,1,rep,name=entities,proto3" json:"entities,omitempty"`
+}
+
+func (x *ResolveEntitiesRequest) Reset() {
+ *x = ResolveEntitiesRequest{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_entityresolution_v2_entity_resolution_proto_msgTypes[1]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *ResolveEntitiesRequest) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResolveEntitiesRequest) ProtoMessage() {}
+
+func (x *ResolveEntitiesRequest) ProtoReflect() protoreflect.Message {
+ mi := &file_entityresolution_v2_entity_resolution_proto_msgTypes[1]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResolveEntitiesRequest.ProtoReflect.Descriptor instead.
+func (*ResolveEntitiesRequest) Descriptor() ([]byte, []int) {
+ return file_entityresolution_v2_entity_resolution_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *ResolveEntitiesRequest) GetEntities() []*entity.Entity {
+ if x != nil {
+ return x.Entities
+ }
+ return nil
+}
+
+type ResolveEntitiesResponse struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ EntityRepresentations []*EntityRepresentation `protobuf:"bytes,1,rep,name=entity_representations,json=entityRepresentations,proto3" json:"entity_representations,omitempty"`
+}
+
+func (x *ResolveEntitiesResponse) Reset() {
+ *x = ResolveEntitiesResponse{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_entityresolution_v2_entity_resolution_proto_msgTypes[2]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *ResolveEntitiesResponse) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResolveEntitiesResponse) ProtoMessage() {}
+
+func (x *ResolveEntitiesResponse) ProtoReflect() protoreflect.Message {
+ mi := &file_entityresolution_v2_entity_resolution_proto_msgTypes[2]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResolveEntitiesResponse.ProtoReflect.Descriptor instead.
+func (*ResolveEntitiesResponse) Descriptor() ([]byte, []int) {
+ return file_entityresolution_v2_entity_resolution_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *ResolveEntitiesResponse) GetEntityRepresentations() []*EntityRepresentation {
+ if x != nil {
+ return x.EntityRepresentations
+ }
+ return nil
+}
+
+type EntityNotFoundError struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ Code int32 `protobuf:"varint,1,opt,name=code,proto3" json:"code,omitempty"`
+ Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
+ Details []*anypb.Any `protobuf:"bytes,3,rep,name=details,proto3" json:"details,omitempty"`
+ Entity string `protobuf:"bytes,4,opt,name=entity,proto3" json:"entity,omitempty"`
+}
+
+func (x *EntityNotFoundError) Reset() {
+ *x = EntityNotFoundError{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_entityresolution_v2_entity_resolution_proto_msgTypes[3]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *EntityNotFoundError) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EntityNotFoundError) ProtoMessage() {}
+
+func (x *EntityNotFoundError) ProtoReflect() protoreflect.Message {
+ mi := &file_entityresolution_v2_entity_resolution_proto_msgTypes[3]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use EntityNotFoundError.ProtoReflect.Descriptor instead.
+func (*EntityNotFoundError) Descriptor() ([]byte, []int) {
+ return file_entityresolution_v2_entity_resolution_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *EntityNotFoundError) GetCode() int32 {
+ if x != nil {
+ return x.Code
+ }
+ return 0
+}
+
+func (x *EntityNotFoundError) GetMessage() string {
+ if x != nil {
+ return x.Message
+ }
+ return ""
+}
+
+func (x *EntityNotFoundError) GetDetails() []*anypb.Any {
+ if x != nil {
+ return x.Details
+ }
+ return nil
+}
+
+func (x *EntityNotFoundError) GetEntity() string {
+ if x != nil {
+ return x.Entity
+ }
+ return ""
+}
+
+// Create an entity chain for each token (JWT) in the request.
+type CreateEntityChainsFromTokensRequest struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ Tokens []*entity.Token `protobuf:"bytes,1,rep,name=tokens,proto3" json:"tokens,omitempty"`
+}
+
+func (x *CreateEntityChainsFromTokensRequest) Reset() {
+ *x = CreateEntityChainsFromTokensRequest{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_entityresolution_v2_entity_resolution_proto_msgTypes[4]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *CreateEntityChainsFromTokensRequest) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CreateEntityChainsFromTokensRequest) ProtoMessage() {}
+
+func (x *CreateEntityChainsFromTokensRequest) ProtoReflect() protoreflect.Message {
+ mi := &file_entityresolution_v2_entity_resolution_proto_msgTypes[4]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use CreateEntityChainsFromTokensRequest.ProtoReflect.Descriptor instead.
+func (*CreateEntityChainsFromTokensRequest) Descriptor() ([]byte, []int) {
+ return file_entityresolution_v2_entity_resolution_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *CreateEntityChainsFromTokensRequest) GetTokens() []*entity.Token {
+ if x != nil {
+ return x.Tokens
+ }
+ return nil
+}
+
+type CreateEntityChainsFromTokensResponse struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ EntityChains []*entity.EntityChain `protobuf:"bytes,1,rep,name=entity_chains,json=entityChains,proto3" json:"entity_chains,omitempty"`
+}
+
+func (x *CreateEntityChainsFromTokensResponse) Reset() {
+ *x = CreateEntityChainsFromTokensResponse{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_entityresolution_v2_entity_resolution_proto_msgTypes[5]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *CreateEntityChainsFromTokensResponse) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CreateEntityChainsFromTokensResponse) ProtoMessage() {}
+
+func (x *CreateEntityChainsFromTokensResponse) ProtoReflect() protoreflect.Message {
+ mi := &file_entityresolution_v2_entity_resolution_proto_msgTypes[5]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use CreateEntityChainsFromTokensResponse.ProtoReflect.Descriptor instead.
+func (*CreateEntityChainsFromTokensResponse) Descriptor() ([]byte, []int) {
+ return file_entityresolution_v2_entity_resolution_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *CreateEntityChainsFromTokensResponse) GetEntityChains() []*entity.EntityChain {
+ if x != nil {
+ return x.EntityChains
+ }
+ return nil
+}
+
+var File_entityresolution_v2_entity_resolution_proto protoreflect.FileDescriptor
+
+var file_entityresolution_v2_entity_resolution_proto_rawDesc = []byte{
+ 0x0a, 0x2b, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69,
+ 0x6f, 0x6e, 0x2f, 0x76, 0x32, 0x2f, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x72, 0x65, 0x73,
+ 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x65,
+ 0x6e, 0x74, 0x69, 0x74, 0x79, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x2e,
+ 0x76, 0x32, 0x1a, 0x1b, 0x62, 0x75, 0x66, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65,
+ 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a,
+ 0x13, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2f, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x70,
+ 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f,
+ 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x61, 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a,
+ 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+ 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x7b, 0x0a,
+ 0x14, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x65, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74,
+ 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61,
+ 0x6c, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6f, 0x72, 0x69, 0x67,
+ 0x69, 0x6e, 0x61, 0x6c, 0x49, 0x64, 0x12, 0x42, 0x0a, 0x10, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69,
+ 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b,
+ 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+ 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x0f, 0x61, 0x64, 0x64, 0x69, 0x74,
+ 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x50, 0x72, 0x6f, 0x70, 0x73, 0x22, 0x51, 0x0a, 0x16, 0x52, 0x65,
+ 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x69, 0x65, 0x73, 0x52, 0x65, 0x71,
+ 0x75, 0x65, 0x73, 0x74, 0x12, 0x37, 0x0a, 0x08, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x69, 0x65, 0x73,
+ 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e,
+ 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x42, 0x0b, 0xba, 0x48, 0x08, 0xc8, 0x01, 0x01, 0x92, 0x01,
+ 0x02, 0x08, 0x01, 0x52, 0x08, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x69, 0x65, 0x73, 0x22, 0x7b, 0x0a,
+ 0x17, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x69, 0x65, 0x73,
+ 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x60, 0x0a, 0x16, 0x65, 0x6e, 0x74, 0x69,
+ 0x74, 0x79, 0x5f, 0x72, 0x65, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f,
+ 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x65, 0x6e, 0x74, 0x69, 0x74,
+ 0x79, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x32, 0x2e, 0x45,
+ 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x65, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x61, 0x74,
+ 0x69, 0x6f, 0x6e, 0x52, 0x15, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x65, 0x70, 0x72, 0x65,
+ 0x73, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x8b, 0x01, 0x0a, 0x13, 0x45,
+ 0x6e, 0x74, 0x69, 0x74, 0x79, 0x4e, 0x6f, 0x74, 0x46, 0x6f, 0x75, 0x6e, 0x64, 0x45, 0x72, 0x72,
+ 0x6f, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05,
+ 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67,
+ 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
+ 0x12, 0x2e, 0x0a, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28,
+ 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+ 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73,
+ 0x12, 0x16, 0x0a, 0x06, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09,
+ 0x52, 0x06, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x22, 0x4c, 0x0a, 0x23, 0x43, 0x72, 0x65, 0x61,
+ 0x74, 0x65, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x73, 0x46, 0x72,
+ 0x6f, 0x6d, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
+ 0x25, 0x0a, 0x06, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
+ 0x0d, 0x2e, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x06,
+ 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x22, 0x60, 0x0a, 0x24, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65,
+ 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x73, 0x46, 0x72, 0x6f, 0x6d,
+ 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x38,
+ 0x0a, 0x0d, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x73, 0x18,
+ 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x45,
+ 0x6e, 0x74, 0x69, 0x74, 0x79, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x0c, 0x65, 0x6e, 0x74, 0x69,
+ 0x74, 0x79, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x73, 0x32, 0xa1, 0x02, 0x0a, 0x17, 0x45, 0x6e, 0x74,
+ 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72,
+ 0x76, 0x69, 0x63, 0x65, 0x12, 0x6e, 0x0a, 0x0f, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x45,
+ 0x6e, 0x74, 0x69, 0x74, 0x69, 0x65, 0x73, 0x12, 0x2b, 0x2e, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79,
+ 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x32, 0x2e, 0x52, 0x65,
+ 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x69, 0x65, 0x73, 0x52, 0x65, 0x71,
+ 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2c, 0x2e, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x72, 0x65, 0x73,
+ 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x32, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x6c,
+ 0x76, 0x65, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x69, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+ 0x73, 0x65, 0x22, 0x00, 0x12, 0x95, 0x01, 0x0a, 0x1c, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x45,
+ 0x6e, 0x74, 0x69, 0x74, 0x79, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x73, 0x46, 0x72, 0x6f, 0x6d, 0x54,
+ 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x12, 0x38, 0x2e, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x72, 0x65,
+ 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x32, 0x2e, 0x43, 0x72, 0x65, 0x61,
+ 0x74, 0x65, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x73, 0x46, 0x72,
+ 0x6f, 0x6d, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+ 0x39, 0x2e, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69,
+ 0x6f, 0x6e, 0x2e, 0x76, 0x32, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x45, 0x6e, 0x74, 0x69,
+ 0x74, 0x79, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x73, 0x46, 0x72, 0x6f, 0x6d, 0x54, 0x6f, 0x6b, 0x65,
+ 0x6e, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0xed, 0x01, 0x0a,
+ 0x17, 0x63, 0x6f, 0x6d, 0x2e, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x72, 0x65, 0x73, 0x6f, 0x6c,
+ 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x32, 0x42, 0x15, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79,
+ 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
+ 0x01, 0x5a, 0x4e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70,
+ 0x65, 0x6e, 0x74, 0x64, 0x66, 0x2f, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2f, 0x70,
+ 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x67, 0x6f, 0x2f, 0x65, 0x6e, 0x74, 0x69, 0x74,
+ 0x79, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x76, 0x32, 0x3b, 0x65,
+ 0x6e, 0x74, 0x69, 0x74, 0x79, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x76,
+ 0x32, 0xa2, 0x02, 0x03, 0x45, 0x58, 0x58, 0xaa, 0x02, 0x13, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79,
+ 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x56, 0x32, 0xca, 0x02, 0x13,
+ 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e,
+ 0x5c, 0x56, 0x32, 0xe2, 0x02, 0x1f, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x72, 0x65, 0x73, 0x6f,
+ 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x5c, 0x56, 0x32, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74,
+ 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x14, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x72, 0x65,
+ 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x06, 0x70, 0x72,
+ 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+ file_entityresolution_v2_entity_resolution_proto_rawDescOnce sync.Once
+ file_entityresolution_v2_entity_resolution_proto_rawDescData = file_entityresolution_v2_entity_resolution_proto_rawDesc
+)
+
+func file_entityresolution_v2_entity_resolution_proto_rawDescGZIP() []byte {
+ file_entityresolution_v2_entity_resolution_proto_rawDescOnce.Do(func() {
+ file_entityresolution_v2_entity_resolution_proto_rawDescData = protoimpl.X.CompressGZIP(file_entityresolution_v2_entity_resolution_proto_rawDescData)
+ })
+ return file_entityresolution_v2_entity_resolution_proto_rawDescData
+}
+
+var file_entityresolution_v2_entity_resolution_proto_msgTypes = make([]protoimpl.MessageInfo, 6)
+var file_entityresolution_v2_entity_resolution_proto_goTypes = []interface{}{
+ (*EntityRepresentation)(nil), // 0: entityresolution.v2.EntityRepresentation
+ (*ResolveEntitiesRequest)(nil), // 1: entityresolution.v2.ResolveEntitiesRequest
+ (*ResolveEntitiesResponse)(nil), // 2: entityresolution.v2.ResolveEntitiesResponse
+ (*EntityNotFoundError)(nil), // 3: entityresolution.v2.EntityNotFoundError
+ (*CreateEntityChainsFromTokensRequest)(nil), // 4: entityresolution.v2.CreateEntityChainsFromTokensRequest
+ (*CreateEntityChainsFromTokensResponse)(nil), // 5: entityresolution.v2.CreateEntityChainsFromTokensResponse
+ (*structpb.Struct)(nil), // 6: google.protobuf.Struct
+ (*entity.Entity)(nil), // 7: entity.Entity
+ (*anypb.Any)(nil), // 8: google.protobuf.Any
+ (*entity.Token)(nil), // 9: entity.Token
+ (*entity.EntityChain)(nil), // 10: entity.EntityChain
+}
+var file_entityresolution_v2_entity_resolution_proto_depIdxs = []int32{
+ 6, // 0: entityresolution.v2.EntityRepresentation.additional_props:type_name -> google.protobuf.Struct
+ 7, // 1: entityresolution.v2.ResolveEntitiesRequest.entities:type_name -> entity.Entity
+ 0, // 2: entityresolution.v2.ResolveEntitiesResponse.entity_representations:type_name -> entityresolution.v2.EntityRepresentation
+ 8, // 3: entityresolution.v2.EntityNotFoundError.details:type_name -> google.protobuf.Any
+ 9, // 4: entityresolution.v2.CreateEntityChainsFromTokensRequest.tokens:type_name -> entity.Token
+ 10, // 5: entityresolution.v2.CreateEntityChainsFromTokensResponse.entity_chains:type_name -> entity.EntityChain
+ 1, // 6: entityresolution.v2.EntityResolutionService.ResolveEntities:input_type -> entityresolution.v2.ResolveEntitiesRequest
+ 4, // 7: entityresolution.v2.EntityResolutionService.CreateEntityChainsFromTokens:input_type -> entityresolution.v2.CreateEntityChainsFromTokensRequest
+ 2, // 8: entityresolution.v2.EntityResolutionService.ResolveEntities:output_type -> entityresolution.v2.ResolveEntitiesResponse
+ 5, // 9: entityresolution.v2.EntityResolutionService.CreateEntityChainsFromTokens:output_type -> entityresolution.v2.CreateEntityChainsFromTokensResponse
+ 8, // [8:10] is the sub-list for method output_type
+ 6, // [6:8] is the sub-list for method input_type
+ 6, // [6:6] is the sub-list for extension type_name
+ 6, // [6:6] is the sub-list for extension extendee
+ 0, // [0:6] is the sub-list for field type_name
+}
+
+func init() { file_entityresolution_v2_entity_resolution_proto_init() }
+func file_entityresolution_v2_entity_resolution_proto_init() {
+ if File_entityresolution_v2_entity_resolution_proto != nil {
+ return
+ }
+ if !protoimpl.UnsafeEnabled {
+ file_entityresolution_v2_entity_resolution_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*EntityRepresentation); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_entityresolution_v2_entity_resolution_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*ResolveEntitiesRequest); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_entityresolution_v2_entity_resolution_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*ResolveEntitiesResponse); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_entityresolution_v2_entity_resolution_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*EntityNotFoundError); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_entityresolution_v2_entity_resolution_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*CreateEntityChainsFromTokensRequest); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_entityresolution_v2_entity_resolution_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*CreateEntityChainsFromTokensResponse); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ }
+ type x struct{}
+ out := protoimpl.TypeBuilder{
+ File: protoimpl.DescBuilder{
+ GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+ RawDescriptor: file_entityresolution_v2_entity_resolution_proto_rawDesc,
+ NumEnums: 0,
+ NumMessages: 6,
+ NumExtensions: 0,
+ NumServices: 1,
+ },
+ GoTypes: file_entityresolution_v2_entity_resolution_proto_goTypes,
+ DependencyIndexes: file_entityresolution_v2_entity_resolution_proto_depIdxs,
+ MessageInfos: file_entityresolution_v2_entity_resolution_proto_msgTypes,
+ }.Build()
+ File_entityresolution_v2_entity_resolution_proto = out.File
+ file_entityresolution_v2_entity_resolution_proto_rawDesc = nil
+ file_entityresolution_v2_entity_resolution_proto_goTypes = nil
+ file_entityresolution_v2_entity_resolution_proto_depIdxs = nil
+}
diff --git a/protocol/go/entityresolution/v2/entity_resolution_grpc.pb.go b/protocol/go/entityresolution/v2/entity_resolution_grpc.pb.go
new file mode 100644
index 0000000000..13f92df221
--- /dev/null
+++ b/protocol/go/entityresolution/v2/entity_resolution_grpc.pb.go
@@ -0,0 +1,147 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.3.0
+// - protoc (unknown)
+// source: entityresolution/v2/entity_resolution.proto
+
+package entityresolutionv2
+
+import (
+ context "context"
+ grpc "google.golang.org/grpc"
+ codes "google.golang.org/grpc/codes"
+ status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.32.0 or later.
+const _ = grpc.SupportPackageIsVersion7
+
+const (
+ EntityResolutionService_ResolveEntities_FullMethodName = "/entityresolution.v2.EntityResolutionService/ResolveEntities"
+ EntityResolutionService_CreateEntityChainsFromTokens_FullMethodName = "/entityresolution.v2.EntityResolutionService/CreateEntityChainsFromTokens"
+)
+
+// EntityResolutionServiceClient is the client API for EntityResolutionService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type EntityResolutionServiceClient interface {
+ ResolveEntities(ctx context.Context, in *ResolveEntitiesRequest, opts ...grpc.CallOption) (*ResolveEntitiesResponse, error)
+ CreateEntityChainsFromTokens(ctx context.Context, in *CreateEntityChainsFromTokensRequest, opts ...grpc.CallOption) (*CreateEntityChainsFromTokensResponse, error)
+}
+
+type entityResolutionServiceClient struct {
+ cc grpc.ClientConnInterface
+}
+
+func NewEntityResolutionServiceClient(cc grpc.ClientConnInterface) EntityResolutionServiceClient {
+ return &entityResolutionServiceClient{cc}
+}
+
+func (c *entityResolutionServiceClient) ResolveEntities(ctx context.Context, in *ResolveEntitiesRequest, opts ...grpc.CallOption) (*ResolveEntitiesResponse, error) {
+ out := new(ResolveEntitiesResponse)
+ err := c.cc.Invoke(ctx, EntityResolutionService_ResolveEntities_FullMethodName, in, out, opts...)
+ if err != nil {
+ return nil, err
+ }
+ return out, nil
+}
+
+func (c *entityResolutionServiceClient) CreateEntityChainsFromTokens(ctx context.Context, in *CreateEntityChainsFromTokensRequest, opts ...grpc.CallOption) (*CreateEntityChainsFromTokensResponse, error) {
+ out := new(CreateEntityChainsFromTokensResponse)
+ err := c.cc.Invoke(ctx, EntityResolutionService_CreateEntityChainsFromTokens_FullMethodName, in, out, opts...)
+ if err != nil {
+ return nil, err
+ }
+ return out, nil
+}
+
+// EntityResolutionServiceServer is the server API for EntityResolutionService service.
+// All implementations must embed UnimplementedEntityResolutionServiceServer
+// for forward compatibility
+type EntityResolutionServiceServer interface {
+ ResolveEntities(context.Context, *ResolveEntitiesRequest) (*ResolveEntitiesResponse, error)
+ CreateEntityChainsFromTokens(context.Context, *CreateEntityChainsFromTokensRequest) (*CreateEntityChainsFromTokensResponse, error)
+ mustEmbedUnimplementedEntityResolutionServiceServer()
+}
+
+// UnimplementedEntityResolutionServiceServer must be embedded to have forward compatible implementations.
+type UnimplementedEntityResolutionServiceServer struct {
+}
+
+func (UnimplementedEntityResolutionServiceServer) ResolveEntities(context.Context, *ResolveEntitiesRequest) (*ResolveEntitiesResponse, error) {
+ return nil, status.Errorf(codes.Unimplemented, "method ResolveEntities not implemented")
+}
+func (UnimplementedEntityResolutionServiceServer) CreateEntityChainsFromTokens(context.Context, *CreateEntityChainsFromTokensRequest) (*CreateEntityChainsFromTokensResponse, error) {
+ return nil, status.Errorf(codes.Unimplemented, "method CreateEntityChainsFromTokens not implemented")
+}
+func (UnimplementedEntityResolutionServiceServer) mustEmbedUnimplementedEntityResolutionServiceServer() {
+}
+
+// UnsafeEntityResolutionServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to EntityResolutionServiceServer will
+// result in compilation errors.
+type UnsafeEntityResolutionServiceServer interface {
+ mustEmbedUnimplementedEntityResolutionServiceServer()
+}
+
+func RegisterEntityResolutionServiceServer(s grpc.ServiceRegistrar, srv EntityResolutionServiceServer) {
+ s.RegisterService(&EntityResolutionService_ServiceDesc, srv)
+}
+
+func _EntityResolutionService_ResolveEntities_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+ in := new(ResolveEntitiesRequest)
+ if err := dec(in); err != nil {
+ return nil, err
+ }
+ if interceptor == nil {
+ return srv.(EntityResolutionServiceServer).ResolveEntities(ctx, in)
+ }
+ info := &grpc.UnaryServerInfo{
+ Server: srv,
+ FullMethod: EntityResolutionService_ResolveEntities_FullMethodName,
+ }
+ handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+ return srv.(EntityResolutionServiceServer).ResolveEntities(ctx, req.(*ResolveEntitiesRequest))
+ }
+ return interceptor(ctx, in, info, handler)
+}
+
+func _EntityResolutionService_CreateEntityChainsFromTokens_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+ in := new(CreateEntityChainsFromTokensRequest)
+ if err := dec(in); err != nil {
+ return nil, err
+ }
+ if interceptor == nil {
+ return srv.(EntityResolutionServiceServer).CreateEntityChainsFromTokens(ctx, in)
+ }
+ info := &grpc.UnaryServerInfo{
+ Server: srv,
+ FullMethod: EntityResolutionService_CreateEntityChainsFromTokens_FullMethodName,
+ }
+ handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+ return srv.(EntityResolutionServiceServer).CreateEntityChainsFromTokens(ctx, req.(*CreateEntityChainsFromTokensRequest))
+ }
+ return interceptor(ctx, in, info, handler)
+}
+
+// EntityResolutionService_ServiceDesc is the grpc.ServiceDesc for EntityResolutionService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var EntityResolutionService_ServiceDesc = grpc.ServiceDesc{
+ ServiceName: "entityresolution.v2.EntityResolutionService",
+ HandlerType: (*EntityResolutionServiceServer)(nil),
+ Methods: []grpc.MethodDesc{
+ {
+ MethodName: "ResolveEntities",
+ Handler: _EntityResolutionService_ResolveEntities_Handler,
+ },
+ {
+ MethodName: "CreateEntityChainsFromTokens",
+ Handler: _EntityResolutionService_CreateEntityChainsFromTokens_Handler,
+ },
+ },
+ Streams: []grpc.StreamDesc{},
+ Metadata: "entityresolution/v2/entity_resolution.proto",
+}
diff --git a/protocol/go/entityresolution/v2/entityresolutionv2connect/entity_resolution.connect.go b/protocol/go/entityresolution/v2/entityresolutionv2connect/entity_resolution.connect.go
new file mode 100644
index 0000000000..8ceee1587a
--- /dev/null
+++ b/protocol/go/entityresolution/v2/entityresolutionv2connect/entity_resolution.connect.go
@@ -0,0 +1,147 @@
+// Code generated by protoc-gen-connect-go. DO NOT EDIT.
+//
+// Source: entityresolution/v2/entity_resolution.proto
+
+package entityresolutionv2connect
+
+import (
+ connect "connectrpc.com/connect"
+ context "context"
+ errors "errors"
+ v2 "github.com/opentdf/platform/protocol/go/entityresolution/v2"
+ http "net/http"
+ strings "strings"
+)
+
+// This is a compile-time assertion to ensure that this generated file and the connect package are
+// compatible. If you get a compiler error that this constant is not defined, this code was
+// generated with a version of connect newer than the one compiled into your binary. You can fix the
+// problem by either regenerating this code with an older version of connect or updating the connect
+// version compiled into your binary.
+const _ = connect.IsAtLeastVersion1_13_0
+
+const (
+ // EntityResolutionServiceName is the fully-qualified name of the EntityResolutionService service.
+ EntityResolutionServiceName = "entityresolution.v2.EntityResolutionService"
+)
+
+// These constants are the fully-qualified names of the RPCs defined in this package. They're
+// exposed at runtime as Spec.Procedure and as the final two segments of the HTTP route.
+//
+// Note that these are different from the fully-qualified method names used by
+// google.golang.org/protobuf/reflect/protoreflect. To convert from these constants to
+// reflection-formatted method names, remove the leading slash and convert the remaining slash to a
+// period.
+const (
+ // EntityResolutionServiceResolveEntitiesProcedure is the fully-qualified name of the
+ // EntityResolutionService's ResolveEntities RPC.
+ EntityResolutionServiceResolveEntitiesProcedure = "/entityresolution.v2.EntityResolutionService/ResolveEntities"
+ // EntityResolutionServiceCreateEntityChainsFromTokensProcedure is the fully-qualified name of the
+ // EntityResolutionService's CreateEntityChainsFromTokens RPC.
+ EntityResolutionServiceCreateEntityChainsFromTokensProcedure = "/entityresolution.v2.EntityResolutionService/CreateEntityChainsFromTokens"
+)
+
+// These variables are the protoreflect.Descriptor objects for the RPCs defined in this package.
+var (
+ entityResolutionServiceServiceDescriptor = v2.File_entityresolution_v2_entity_resolution_proto.Services().ByName("EntityResolutionService")
+ entityResolutionServiceResolveEntitiesMethodDescriptor = entityResolutionServiceServiceDescriptor.Methods().ByName("ResolveEntities")
+ entityResolutionServiceCreateEntityChainsFromTokensMethodDescriptor = entityResolutionServiceServiceDescriptor.Methods().ByName("CreateEntityChainsFromTokens")
+)
+
+// EntityResolutionServiceClient is a client for the entityresolution.v2.EntityResolutionService
+// service.
+type EntityResolutionServiceClient interface {
+ ResolveEntities(context.Context, *connect.Request[v2.ResolveEntitiesRequest]) (*connect.Response[v2.ResolveEntitiesResponse], error)
+ CreateEntityChainsFromTokens(context.Context, *connect.Request[v2.CreateEntityChainsFromTokensRequest]) (*connect.Response[v2.CreateEntityChainsFromTokensResponse], error)
+}
+
+// NewEntityResolutionServiceClient constructs a client for the
+// entityresolution.v2.EntityResolutionService service. By default, it uses the Connect protocol
+// with the binary Protobuf Codec, asks for gzipped responses, and sends uncompressed requests. To
+// use the gRPC or gRPC-Web protocols, supply the connect.WithGRPC() or connect.WithGRPCWeb()
+// options.
+//
+// The URL supplied here should be the base URL for the Connect or gRPC server (for example,
+// http://api.acme.com or https://acme.com/grpc).
+func NewEntityResolutionServiceClient(httpClient connect.HTTPClient, baseURL string, opts ...connect.ClientOption) EntityResolutionServiceClient {
+ baseURL = strings.TrimRight(baseURL, "/")
+ return &entityResolutionServiceClient{
+ resolveEntities: connect.NewClient[v2.ResolveEntitiesRequest, v2.ResolveEntitiesResponse](
+ httpClient,
+ baseURL+EntityResolutionServiceResolveEntitiesProcedure,
+ connect.WithSchema(entityResolutionServiceResolveEntitiesMethodDescriptor),
+ connect.WithClientOptions(opts...),
+ ),
+ createEntityChainsFromTokens: connect.NewClient[v2.CreateEntityChainsFromTokensRequest, v2.CreateEntityChainsFromTokensResponse](
+ httpClient,
+ baseURL+EntityResolutionServiceCreateEntityChainsFromTokensProcedure,
+ connect.WithSchema(entityResolutionServiceCreateEntityChainsFromTokensMethodDescriptor),
+ connect.WithClientOptions(opts...),
+ ),
+ }
+}
+
+// entityResolutionServiceClient implements EntityResolutionServiceClient.
+type entityResolutionServiceClient struct {
+ resolveEntities *connect.Client[v2.ResolveEntitiesRequest, v2.ResolveEntitiesResponse]
+ createEntityChainsFromTokens *connect.Client[v2.CreateEntityChainsFromTokensRequest, v2.CreateEntityChainsFromTokensResponse]
+}
+
+// ResolveEntities calls entityresolution.v2.EntityResolutionService.ResolveEntities.
+func (c *entityResolutionServiceClient) ResolveEntities(ctx context.Context, req *connect.Request[v2.ResolveEntitiesRequest]) (*connect.Response[v2.ResolveEntitiesResponse], error) {
+ return c.resolveEntities.CallUnary(ctx, req)
+}
+
+// CreateEntityChainsFromTokens calls
+// entityresolution.v2.EntityResolutionService.CreateEntityChainsFromTokens.
+func (c *entityResolutionServiceClient) CreateEntityChainsFromTokens(ctx context.Context, req *connect.Request[v2.CreateEntityChainsFromTokensRequest]) (*connect.Response[v2.CreateEntityChainsFromTokensResponse], error) {
+ return c.createEntityChainsFromTokens.CallUnary(ctx, req)
+}
+
+// EntityResolutionServiceHandler is an implementation of the
+// entityresolution.v2.EntityResolutionService service.
+type EntityResolutionServiceHandler interface {
+ ResolveEntities(context.Context, *connect.Request[v2.ResolveEntitiesRequest]) (*connect.Response[v2.ResolveEntitiesResponse], error)
+ CreateEntityChainsFromTokens(context.Context, *connect.Request[v2.CreateEntityChainsFromTokensRequest]) (*connect.Response[v2.CreateEntityChainsFromTokensResponse], error)
+}
+
+// NewEntityResolutionServiceHandler builds an HTTP handler from the service implementation. It
+// returns the path on which to mount the handler and the handler itself.
+//
+// By default, handlers support the Connect, gRPC, and gRPC-Web protocols with the binary Protobuf
+// and JSON codecs. They also support gzip compression.
+func NewEntityResolutionServiceHandler(svc EntityResolutionServiceHandler, opts ...connect.HandlerOption) (string, http.Handler) {
+ entityResolutionServiceResolveEntitiesHandler := connect.NewUnaryHandler(
+ EntityResolutionServiceResolveEntitiesProcedure,
+ svc.ResolveEntities,
+ connect.WithSchema(entityResolutionServiceResolveEntitiesMethodDescriptor),
+ connect.WithHandlerOptions(opts...),
+ )
+ entityResolutionServiceCreateEntityChainsFromTokensHandler := connect.NewUnaryHandler(
+ EntityResolutionServiceCreateEntityChainsFromTokensProcedure,
+ svc.CreateEntityChainsFromTokens,
+ connect.WithSchema(entityResolutionServiceCreateEntityChainsFromTokensMethodDescriptor),
+ connect.WithHandlerOptions(opts...),
+ )
+ return "/entityresolution.v2.EntityResolutionService/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ switch r.URL.Path {
+ case EntityResolutionServiceResolveEntitiesProcedure:
+ entityResolutionServiceResolveEntitiesHandler.ServeHTTP(w, r)
+ case EntityResolutionServiceCreateEntityChainsFromTokensProcedure:
+ entityResolutionServiceCreateEntityChainsFromTokensHandler.ServeHTTP(w, r)
+ default:
+ http.NotFound(w, r)
+ }
+ })
+}
+
+// UnimplementedEntityResolutionServiceHandler returns CodeUnimplemented from all methods.
+type UnimplementedEntityResolutionServiceHandler struct{}
+
+func (UnimplementedEntityResolutionServiceHandler) ResolveEntities(context.Context, *connect.Request[v2.ResolveEntitiesRequest]) (*connect.Response[v2.ResolveEntitiesResponse], error) {
+ return nil, connect.NewError(connect.CodeUnimplemented, errors.New("entityresolution.v2.EntityResolutionService.ResolveEntities is not implemented"))
+}
+
+func (UnimplementedEntityResolutionServiceHandler) CreateEntityChainsFromTokens(context.Context, *connect.Request[v2.CreateEntityChainsFromTokensRequest]) (*connect.Response[v2.CreateEntityChainsFromTokensResponse], error) {
+ return nil, connect.NewError(connect.CodeUnimplemented, errors.New("entityresolution.v2.EntityResolutionService.CreateEntityChainsFromTokens is not implemented"))
+}
diff --git a/service/authorization/v2/authorization.proto b/service/authorization/v2/authorization.proto
new file mode 100644
index 0000000000..4eba195ad5
--- /dev/null
+++ b/service/authorization/v2/authorization.proto
@@ -0,0 +1,166 @@
+syntax = "proto3";
+
+package authorization.v2;
+
+import "buf/validate/validate.proto";
+import "entity/entity.proto";
+import "google/protobuf/wrappers.proto";
+import "policy/objects.proto";
+
+enum Decision {
+ DECISION_UNSPECIFIED = 0;
+ DECISION_DENY = 1;
+ DECISION_PERMIT = 2;
+ // DECISION_OBLIGATED = 3;
+}
+
+// The EntityIdentifier specifies the actor in an entitlement or decision request - the PE, NPE, or PE+NPE being authorized.
+// The abstraction houses the distinct entity types, PE and/or NPE combinations, or a registered resource value
+// being treated as an entity in entitlement/authorization decisioning.
+message EntityIdentifier {
+ oneof identifier {
+ option (buf.validate.oneof).required = true;
+
+ // chain of one or more entities
+ entity.EntityChain entity_chain = 1 [(buf.validate.field).cel = {
+ id: "entity_chain_required"
+ message: "entities must be provided"
+ expression: "has(this.entities) && this.entities.size() > 0"
+ }];
+
+ // fully qualified name of the registered resource value stored in platform policy, where in
+ // this case the resource acts as and represents a single entity for authorization/entitlement decisioning
+ string registered_resource_value_fqn = 2 [
+ (buf.validate.field).string = {
+ min_len: 1
+ uri: true
+ }
+ ];
+
+ // access token (JWT), which is used to create an entity chain (comprising one or more entities)
+ entity.Token token = 3 [(buf.validate.field).cel = {
+ id: "token_required"
+ message: "token must be provided"
+ expression: "has(this.jwt) && this.jwt.size() > 0"
+ }];
+ }
+}
+
+// Entitlements for a given entity, mapping each attribute value FQN to any entitled actions[]
+message EntityEntitlements {
+ message ActionsList {
+ repeated policy.Action actions = 1;
+ }
+
+ // ephemeral id for tracking between request and response
+ string ephemeral_id = 1;
+ map actions_per_attribute_value_fqn = 2;
+}
+
+// Either a set of attribute values (such as those on a TDF) or a registered resource value
+message Resource {
+ // ephemeral id for tracking between request and response
+ string ephemeral_id = 1;
+
+ message AttributeValues {
+ repeated string fqns = 1;
+ }
+
+ oneof resource {
+ AttributeValues attribute_values = 2;
+ string registered_resource_value_fqn = 3;
+ }
+}
+
+message ResourceDecision {
+ // ephemeral id for tracking between request and response
+ string ephemeral_resource_id = 1;
+ // decision result
+ Decision decision = 2;
+}
+
+// Can the identified entity/entities access?
+// 1. one entity reference (actor)
+// 2. one action
+// 3. one resource
+message GetDecisionRequest {
+ // an entity must be identified for authorization decisioning
+ EntityIdentifier entity_identifier = 1 [(buf.validate.field).required = true];
+ // name on action is required
+ policy.Action action = 2 [(buf.validate.field).required = true];
+ Resource resource = 3 [(buf.validate.field).required = true];
+
+ option (buf.validate.message).cel = {
+ id: "get_decision_request.action_name_required"
+ message: "action.name must be provided"
+ expression: "has(this.action.name)"
+ };
+}
+message GetDecisionResponse {
+ // decision on the resource
+ ResourceDecision decision = 1;
+ // optional list of obligations represented in URI format
+ // repeated string obligations = 2;
+}
+
+// Can the identified entity/entities access?
+// 1. one entity reference (actor)
+// 2. one action
+// 3. multiple resources
+// Note: this is a more performant bulk request for multiple resource decisions
+message GetDecisionMultiResourceRequest {
+ // an entity must be identified for authorization decisioning
+ EntityIdentifier entity_identifier = 1 [(buf.validate.field).required = true];
+ // name on action is required
+ policy.Action action = 2 [(buf.validate.field).required = true];
+ repeated Resource resources = 3 [
+ (buf.validate.field).required = true,
+ (buf.validate.field).repeated = {min_items: 1}
+ ];
+
+ option (buf.validate.message).cel = {
+ id: "get_decision_multi_request.action_name_required"
+ message: "action.name must be provided"
+ expression: "has(this.action.name)"
+ };
+}
+message GetDecisionMultiResourceResponse {
+ // convenience flag indicating global resource decisions result (permit/deny)
+ google.protobuf.BoolValue all_permitted = 1;
+ // individual resource decisions
+ repeated ResourceDecision resource_decisions = 2;
+}
+
+// Is access allowed?
+// 1. Multiplexing of a Decision request
+// This is a more performant bulk request for complex decisioning (i.e. multiple entity chains or actions on
+// multiple resources)
+message GetDecisionBulkRequest {
+ repeated GetDecisionMultiResourceRequest decision_requests = 1;
+}
+message GetDecisionBulkResponse {
+ repeated GetDecisionMultiResourceResponse decision_responses = 1;
+}
+
+// What is permitted to the identified entity/entities (actor), broken down as permitted actions on attribute value FQNs?
+//
+// Note: the v1 API parameter 'scope' has been dropped, and it is recommended to use
+// GetDecision if the resource is known
+message GetEntitlementsRequest {
+ // an entity must be identified for entitlement decisioning
+ EntityIdentifier entity_identifier = 1 [(buf.validate.field).required = true];
+ // optional parameter to return all entitled values for attribute definitions with hierarchy rules, propagating
+ // down the hierarchical values instead of returning solely the value that is directly entitled
+ optional bool with_comprehensive_hierarchy = 2;
+}
+message GetEntitlementsResponse {
+ repeated EntityEntitlements entitlements = 1;
+}
+
+service AuthorizationService {
+ rpc GetDecision(GetDecisionRequest) returns (GetDecisionResponse) {}
+ rpc GetDecisionMultiResource(GetDecisionMultiResourceRequest) returns (GetDecisionMultiResourceResponse) {}
+ rpc GetDecisionBulk(GetDecisionBulkRequest) returns (GetDecisionBulkResponse) {}
+
+ rpc GetEntitlements(GetEntitlementsRequest) returns (GetEntitlementsResponse) {}
+}
diff --git a/service/entity/entity.proto b/service/entity/entity.proto
new file mode 100644
index 0000000000..b807bef9d4
--- /dev/null
+++ b/service/entity/entity.proto
@@ -0,0 +1,41 @@
+syntax = "proto3";
+
+package entity;
+
+import "buf/validate/validate.proto";
+import "google/protobuf/any.proto";
+
+message Token {
+ // ephemeral id for tracking between request and response
+ string ephemeral_id = 1;
+ // the token
+ string jwt = 2 [(buf.validate.field).required = true];
+}
+
+// PE (Person Entity) or NPE (Non-Person Entity)
+message Entity {
+ // ephemeral id for tracking between request and response
+ string ephemeral_id = 1;
+
+ // Standard entity types supported by the platform, one of which must be set
+ oneof entity_type {
+ string email_address = 2;
+ string user_name = 3;
+ // used by ERS claims mode
+ google.protobuf.Any claims = 4;
+ string client_id = 5;
+ }
+ enum Category {
+ CATEGORY_UNSPECIFIED = 0;
+ CATEGORY_SUBJECT = 1;
+ CATEGORY_ENVIRONMENT = 2;
+ }
+ Category category = 11;
+}
+
+// A set of related PE and NPE
+message EntityChain {
+ // ephemeral id for tracking between request and response
+ string ephemeral_id = 1;
+ repeated Entity entities = 2;
+}
diff --git a/service/entityresolution/v2/entity_resolution.proto b/service/entityresolution/v2/entity_resolution.proto
new file mode 100644
index 0000000000..7dffbf3ef9
--- /dev/null
+++ b/service/entityresolution/v2/entity_resolution.proto
@@ -0,0 +1,46 @@
+syntax = "proto3";
+
+package entityresolution.v2;
+
+import "buf/validate/validate.proto";
+import "entity/entity.proto";
+import "google/protobuf/any.proto";
+import "google/protobuf/struct.proto";
+
+message EntityRepresentation {
+ // ephemeral entity id from the request
+ string original_id = 1;
+ repeated google.protobuf.Struct additional_props = 2;
+}
+
+// Resolve a set of entities to their representations.
+message ResolveEntitiesRequest {
+ repeated entity.Entity entities = 1 [
+ (buf.validate.field).required = true,
+ (buf.validate.field).repeated = {min_items: 1}
+ ];
+}
+message ResolveEntitiesResponse {
+ repeated EntityRepresentation entity_representations = 1;
+}
+
+message EntityNotFoundError {
+ int32 code = 1;
+ string message = 2;
+ repeated google.protobuf.Any details = 3;
+ string entity = 4;
+}
+
+// Create an entity chain for each token (JWT) in the request.
+message CreateEntityChainsFromTokensRequest {
+ repeated entity.Token tokens = 1;
+}
+
+message CreateEntityChainsFromTokensResponse {
+ repeated entity.EntityChain entity_chains = 1;
+}
+
+service EntityResolutionService {
+ rpc ResolveEntities(ResolveEntitiesRequest) returns (ResolveEntitiesResponse) {}
+ rpc CreateEntityChainsFromTokens(CreateEntityChainsFromTokensRequest) returns (CreateEntityChainsFromTokensResponse) {}
+}