diff --git a/docs/grpc/index.html b/docs/grpc/index.html index 1c026d88a2..62bd58f13c 100644 --- a/docs/grpc/index.html +++ b/docs/grpc/index.html @@ -10121,7 +10121,7 @@

SimpleKasPublicKey

algorithm - string + policy.Algorithm

diff --git a/docs/openapi/authorization/v2/authorization.openapi.yaml b/docs/openapi/authorization/v2/authorization.openapi.yaml index 3b17b6cffc..dc54df177d 100644 --- a/docs/openapi/authorization/v2/authorization.openapi.yaml +++ b/docs/openapi/authorization/v2/authorization.openapi.yaml @@ -405,6 +405,12 @@ components: - properties: attributeValues: title: attribute_values + description: |+ + if provided, resource.attribute_values must not be empty: + ``` + this.fqns.size() > 0 && this.fqns.all(item, item.isUri()) + ``` + $ref: '#/components/schemas/authorization.v2.Resource.AttributeValues' title: attribute_values required: @@ -413,6 +419,8 @@ components: registeredResourceValueFqn: type: string title: registered_resource_value_fqn + minLength: 1 + format: uri title: registered_resource_value_fqn required: - registeredResourceValueFqn @@ -571,9 +579,6 @@ components: Wrapper message for `bool`. The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. google.protobuf.Timestamp: type: string format: date-time diff --git a/docs/openapi/kas/kas.openapi.yaml b/docs/openapi/kas/kas.openapi.yaml index 7d68195fd6..25023a8a32 100644 --- a/docs/openapi/kas/kas.openapi.yaml +++ b/docs/openapi/kas/kas.openapi.yaml @@ -121,9 +121,6 @@ components: Wrapper message for `string`. The JSON representation for `StringValue` is JSON string. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. google.protobuf.Struct: type: object additionalProperties: diff --git a/docs/openapi/policy/actions/actions.openapi.yaml b/docs/openapi/policy/actions/actions.openapi.yaml index d5f7a782fb..1b883a4a00 100644 --- a/docs/openapi/policy/actions/actions.openapi.yaml +++ b/docs/openapi/policy/actions/actions.openapi.yaml @@ -327,9 +327,6 @@ components: Wrapper message for `bool`. The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. google.protobuf.Timestamp: type: string format: date-time diff --git a/docs/openapi/policy/attributes/attributes.openapi.yaml b/docs/openapi/policy/attributes/attributes.openapi.yaml index 0d5c839748..8c6239a57a 100644 --- a/docs/openapi/policy/attributes/attributes.openapi.yaml +++ b/docs/openapi/policy/attributes/attributes.openapi.yaml @@ -2,8 +2,8 @@ openapi: 3.1.0 info: title: policy.attributes paths: - /attributes: - get: + /policy.attributes.AttributesService/ListAttributes: + post: tags: - policy.attributes.AttributesService summary: ListAttributes @@ -13,54 +13,21 @@ paths: --------------------------------------- operationId: policy.attributes.AttributesService.ListAttributes parameters: - - name: state - in: query - description: |- - Optional - ACTIVE by default when not specified - schema: - title: state - description: |- - Optional - ACTIVE by default when not specified - $ref: '#/components/schemas/common.ActiveStateEnum' - - name: namespace - in: query - description: |- - Optional - Namespace ID or name - schema: - type: string - title: namespace - description: |- - Optional - Namespace ID or name - - name: pagination.limit - in: query - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services + - name: Connect-Protocol-Version + in: header + required: true schema: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - - name: pagination.offset - in: query - description: |- - Optional - Defaulted if not provided + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header schema: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.attributes.ListAttributesRequest' + required: true responses: default: description: Error @@ -74,16 +41,27 @@ paths: application/json: schema: $ref: '#/components/schemas/policy.attributes.ListAttributesResponse' + /policy.attributes.AttributesService/ListAttributeValues: post: tags: - policy.attributes.AttributesService - summary: CreateAttribute - operationId: policy.attributes.AttributesService.CreateAttribute + summary: ListAttributeValues + operationId: policy.attributes.AttributesService.ListAttributeValues + parameters: + - name: Connect-Protocol-Version + in: header + required: true + schema: + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' requestBody: content: application/json: schema: - $ref: '#/components/schemas/policy.attributes.CreateAttributeRequest' + $ref: '#/components/schemas/policy.attributes.ListAttributeValuesRequest' required: true responses: default: @@ -97,59 +75,29 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.attributes.CreateAttributeResponse' - /attributes/*/values: - get: + $ref: '#/components/schemas/policy.attributes.ListAttributeValuesResponse' + /policy.attributes.AttributesService/GetAttribute: + post: tags: - policy.attributes.AttributesService - summary: ListAttributeValues - operationId: policy.attributes.AttributesService.ListAttributeValues + summary: GetAttribute + operationId: policy.attributes.AttributesService.GetAttribute parameters: - - name: attributeId - in: query - description: Required - schema: - type: string - title: attribute_id - format: uuid - description: Required - - name: state - in: query - description: |- - Optional - ACTIVE by default when not specified - schema: - title: state - description: |- - Optional - ACTIVE by default when not specified - $ref: '#/components/schemas/common.ActiveStateEnum' - - name: pagination.limit - in: query - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services + - name: Connect-Protocol-Version + in: header + required: true schema: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - - name: pagination.offset - in: query - description: |- - Optional - Defaulted if not provided + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header schema: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.attributes.GetAttributeRequest' + required: true responses: default: description: Error @@ -162,39 +110,51 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.attributes.ListAttributeValuesResponse' - /attributes/{id}: + $ref: '#/components/schemas/policy.attributes.GetAttributeResponse' + /attributes/*/fqn: get: tags: - policy.attributes.AttributesService - summary: GetAttribute - operationId: policy.attributes.AttributesService.GetAttribute + summary: GetAttributeValuesByFqns + operationId: policy.attributes.AttributesService.GetAttributeValuesByFqns parameters: - - name: id - in: path - description: Deprecated - required: true + - name: fqns + in: query + description: |- + Required + Fully Qualified Names of attribute values (i.e. https:///attr//value/), normalized to lower case. schema: - type: string - title: id - format: uuid - description: Deprecated - deprecated: true - - name: attributeId + type: array + items: + type: string + maxItems: 250 + minItems: 1 + title: fqns + maxItems: 250 + minItems: 1 + description: |- + Required + Fully Qualified Names of attribute values (i.e. https:///attr//value/), normalized to lower case. + - name: withValue.withKeyAccessGrants in: query - description: 'option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field' schema: - type: string - title: attribute_id - format: uuid - description: 'option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field' - - name: fqn + type: boolean + title: with_key_access_grants + - name: withValue.withSubjectMaps in: query schema: - type: string - title: fqn - minLength: 1 - format: uri + type: boolean + title: with_subject_maps + - name: withValue.withResourceMaps + in: query + schema: + type: boolean + title: with_resource_maps + - name: withValue.withAttribute.withKeyAccessGrants + in: query + schema: + type: boolean + title: with_key_access_grants responses: default: description: Error @@ -207,22 +167,29 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.attributes.GetAttributeResponse' - delete: + $ref: '#/components/schemas/policy.attributes.GetAttributeValuesByFqnsResponse' + /policy.attributes.AttributesService/CreateAttribute: + post: tags: - policy.attributes.AttributesService - summary: DeactivateAttribute - operationId: policy.attributes.AttributesService.DeactivateAttribute + summary: CreateAttribute + operationId: policy.attributes.AttributesService.CreateAttribute parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.attributes.CreateAttributeRequest' + required: true responses: default: description: Error @@ -235,37 +202,28 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.attributes.DeactivateAttributeResponse' - patch: + $ref: '#/components/schemas/policy.attributes.CreateAttributeResponse' + /policy.attributes.AttributesService/UpdateAttribute: + post: tags: - policy.attributes.AttributesService summary: UpdateAttribute operationId: policy.attributes.AttributesService.UpdateAttribute parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' requestBody: content: application/json: schema: - type: object - properties: - metadata: - title: metadata - description: Optional - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateAttributeRequest - additionalProperties: false + $ref: '#/components/schemas/policy.attributes.UpdateAttributeRequest' required: true responses: default: @@ -280,50 +238,28 @@ paths: application/json: schema: $ref: '#/components/schemas/policy.attributes.UpdateAttributeResponse' - /attributes/*/fqn: - get: + /policy.attributes.AttributesService/DeactivateAttribute: + post: tags: - policy.attributes.AttributesService - summary: GetAttributeValuesByFqns - operationId: policy.attributes.AttributesService.GetAttributeValuesByFqns + summary: DeactivateAttribute + operationId: policy.attributes.AttributesService.DeactivateAttribute parameters: - - name: fqns - in: query - description: |- - Required - Fully Qualified Names of attribute values (i.e. https:///attr//value/), normalized to lower case. - schema: - type: array - items: - type: string - maxItems: 250 - minItems: 1 - title: fqns - maxItems: 250 - minItems: 1 - description: |- - Required - Fully Qualified Names of attribute values (i.e. https:///attr//value/), normalized to lower case. - - name: withValue.withKeyAccessGrants - in: query - schema: - type: boolean - title: with_key_access_grants - - name: withValue.withSubjectMaps - in: query - schema: - type: boolean - title: with_subject_maps - - name: withValue.withResourceMaps - in: query + - name: Connect-Protocol-Version + in: header + required: true schema: - type: boolean - title: with_resource_maps - - name: withValue.withAttribute.withKeyAccessGrants - in: query + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header schema: - type: boolean - title: with_key_access_grants + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.attributes.DeactivateAttributeRequest' + required: true responses: default: description: Error @@ -336,9 +272,9 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.attributes.GetAttributeValuesByFqnsResponse' - /attributes/*/values/{id}: - get: + $ref: '#/components/schemas/policy.attributes.DeactivateAttributeResponse' + /policy.attributes.AttributesService/GetAttributeValue: + post: tags: - policy.attributes.AttributesService summary: GetAttributeValue @@ -348,31 +284,21 @@ paths: --------------------------------------- operationId: policy.attributes.AttributesService.GetAttributeValue parameters: - - name: id - in: path - description: Deprecated + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Deprecated - deprecated: true - - name: valueId - in: query - description: 'option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field' - schema: - type: string - title: value_id - format: uuid - description: 'option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field' - - name: fqn - in: query + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header schema: - type: string - title: fqn - minLength: 1 - format: uri + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.attributes.GetAttributeValueRequest' + required: true responses: default: description: Error @@ -386,21 +312,28 @@ paths: application/json: schema: $ref: '#/components/schemas/policy.attributes.GetAttributeValueResponse' - delete: + /policy.attributes.AttributesService/CreateAttributeValue: + post: tags: - policy.attributes.AttributesService - summary: DeactivateAttributeValue - operationId: policy.attributes.AttributesService.DeactivateAttributeValue + summary: CreateAttributeValue + operationId: policy.attributes.AttributesService.CreateAttributeValue parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.attributes.CreateAttributeValueRequest' + required: true responses: default: description: Error @@ -413,39 +346,28 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.attributes.DeactivateAttributeValueResponse' - patch: + $ref: '#/components/schemas/policy.attributes.CreateAttributeValueResponse' + /policy.attributes.AttributesService/UpdateAttributeValue: + post: tags: - policy.attributes.AttributesService summary: UpdateAttributeValue operationId: policy.attributes.AttributesService.UpdateAttributeValue parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' requestBody: content: application/json: schema: - type: object - properties: - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateAttributeValueRequest - additionalProperties: false + $ref: '#/components/schemas/policy.attributes.UpdateAttributeValueRequest' required: true responses: default: @@ -460,49 +382,27 @@ paths: application/json: schema: $ref: '#/components/schemas/policy.attributes.UpdateAttributeValueResponse' - /attributes/{attribute_id}/values: + /policy.attributes.AttributesService/DeactivateAttributeValue: post: tags: - policy.attributes.AttributesService - summary: CreateAttributeValue - operationId: policy.attributes.AttributesService.CreateAttributeValue + summary: DeactivateAttributeValue + operationId: policy.attributes.AttributesService.DeactivateAttributeValue parameters: - - name: attribute_id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: attribute_id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' requestBody: content: application/json: schema: - type: object - properties: - value: - type: string - title: value - maxLength: 253 - description: |+ - Required - Attribute value must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored attribute value will be normalized to lower case.: - ``` - this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateAttributeValueRequest - required: - - value - additionalProperties: false + $ref: '#/components/schemas/policy.attributes.DeactivateAttributeValueRequest' required: true responses: default: @@ -516,8 +416,8 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.attributes.CreateAttributeValueResponse' - /attributes/keyaccessserver/grants: + $ref: '#/components/schemas/policy.attributes.DeactivateAttributeValueResponse' + /policy.attributes.AttributesService/AssignKeyAccessServerToAttribute: post: tags: - policy.attributes.AttributesService @@ -527,14 +427,22 @@ paths: Attribute <> Key Access Server RPCs --------------------------------------- operationId: policy.attributes.AttributesService.AssignKeyAccessServerToAttribute + parameters: + - name: Connect-Protocol-Version + in: header + required: true + schema: + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' requestBody: - description: Required content: application/json: schema: - title: attribute_key_access_server - description: Required - $ref: '#/components/schemas/policy.attributes.AttributeKeyAccessServer' + $ref: '#/components/schemas/policy.attributes.AssignKeyAccessServerToAttributeRequest' + required: true responses: default: description: Error @@ -548,28 +456,28 @@ paths: application/json: schema: $ref: '#/components/schemas/policy.attributes.AssignKeyAccessServerToAttributeResponse' - delete: + /policy.attributes.AttributesService/RemoveKeyAccessServerFromAttribute: + post: tags: - policy.attributes.AttributesService summary: RemoveKeyAccessServerFromAttribute operationId: policy.attributes.AttributesService.RemoveKeyAccessServerFromAttribute parameters: - - name: attributeKeyAccessServer.attributeId - in: query - description: Required + - name: Connect-Protocol-Version + in: header + required: true schema: - type: string - title: attribute_id - format: uuid - description: Required - - name: attributeKeyAccessServer.keyAccessServerId - in: query - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header schema: - type: string - title: key_access_server_id - format: uuid - description: Required + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.attributes.RemoveKeyAccessServerFromAttributeRequest' + required: true responses: default: description: Error @@ -583,20 +491,28 @@ paths: application/json: schema: $ref: '#/components/schemas/policy.attributes.RemoveKeyAccessServerFromAttributeResponse' - /attributes/values/keyaccessserver/grants: + /policy.attributes.AttributesService/AssignKeyAccessServerToValue: post: tags: - policy.attributes.AttributesService summary: AssignKeyAccessServerToValue operationId: policy.attributes.AttributesService.AssignKeyAccessServerToValue + parameters: + - name: Connect-Protocol-Version + in: header + required: true + schema: + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' requestBody: - description: Required content: application/json: schema: - title: value_key_access_server - description: Required - $ref: '#/components/schemas/policy.attributes.ValueKeyAccessServer' + $ref: '#/components/schemas/policy.attributes.AssignKeyAccessServerToValueRequest' + required: true responses: default: description: Error @@ -610,28 +526,28 @@ paths: application/json: schema: $ref: '#/components/schemas/policy.attributes.AssignKeyAccessServerToValueResponse' - delete: + /policy.attributes.AttributesService/RemoveKeyAccessServerFromValue: + post: tags: - policy.attributes.AttributesService summary: RemoveKeyAccessServerFromValue operationId: policy.attributes.AttributesService.RemoveKeyAccessServerFromValue parameters: - - name: valueKeyAccessServer.valueId - in: query - description: Required + - name: Connect-Protocol-Version + in: header + required: true schema: - type: string - title: value_id - format: uuid - description: Required - - name: valueKeyAccessServer.keyAccessServerId - in: query - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header schema: - type: string - title: key_access_server_id - format: uuid - description: Required + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.attributes.RemoveKeyAccessServerFromValueRequest' + required: true responses: default: description: Error @@ -944,9 +860,6 @@ components: Wrapper message for `bool`. The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. google.protobuf.Timestamp: type: string format: date-time diff --git a/docs/openapi/policy/kasregistry/key_access_server_registry.openapi.yaml b/docs/openapi/policy/kasregistry/key_access_server_registry.openapi.yaml index 68643cfc33..6fa230212c 100644 --- a/docs/openapi/policy/kasregistry/key_access_server_registry.openapi.yaml +++ b/docs/openapi/policy/kasregistry/key_access_server_registry.openapi.yaml @@ -48,16 +48,27 @@ paths: application/json: schema: $ref: '#/components/schemas/policy.kasregistry.ListKeyAccessServersResponse' + /policy.kasregistry.KeyAccessServerRegistryService/GetKeyAccessServer: post: tags: - policy.kasregistry.KeyAccessServerRegistryService - summary: CreateKeyAccessServer - operationId: policy.kasregistry.KeyAccessServerRegistryService.CreateKeyAccessServer + summary: GetKeyAccessServer + operationId: policy.kasregistry.KeyAccessServerRegistryService.GetKeyAccessServer + parameters: + - name: Connect-Protocol-Version + in: header + required: true + schema: + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' requestBody: content: application/json: schema: - $ref: '#/components/schemas/policy.kasregistry.CreateKeyAccessServerRequest' + $ref: '#/components/schemas/policy.kasregistry.GetKeyAccessServerRequest' required: true responses: default: @@ -71,45 +82,29 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.kasregistry.CreateKeyAccessServerResponse' - /key-access-servers/{id}: - get: + $ref: '#/components/schemas/policy.kasregistry.GetKeyAccessServerResponse' + /policy.kasregistry.KeyAccessServerRegistryService/CreateKeyAccessServer: + post: tags: - policy.kasregistry.KeyAccessServerRegistryService - summary: GetKeyAccessServer - operationId: policy.kasregistry.KeyAccessServerRegistryService.GetKeyAccessServer + summary: CreateKeyAccessServer + operationId: policy.kasregistry.KeyAccessServerRegistryService.CreateKeyAccessServer parameters: - - name: id - in: path - description: Deprecated + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Deprecated - deprecated: true - - name: kasId - in: query - description: 'option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field' - schema: - type: string - title: kas_id - format: uuid - description: 'option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field' - - name: name - in: query - schema: - type: string - title: name - minLength: 1 - - name: uri - in: query + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header schema: - type: string - title: uri - minLength: 1 - format: uri + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.kasregistry.CreateKeyAccessServerRequest' + required: true responses: default: description: Error @@ -122,22 +117,29 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.kasregistry.GetKeyAccessServerResponse' - delete: + $ref: '#/components/schemas/policy.kasregistry.CreateKeyAccessServerResponse' + /policy.kasregistry.KeyAccessServerRegistryService/UpdateKeyAccessServer: + post: tags: - policy.kasregistry.KeyAccessServerRegistryService - summary: DeleteKeyAccessServer - operationId: policy.kasregistry.KeyAccessServerRegistryService.DeleteKeyAccessServer + summary: UpdateKeyAccessServer + operationId: policy.kasregistry.KeyAccessServerRegistryService.UpdateKeyAccessServer parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.kasregistry.UpdateKeyAccessServerRequest' + required: true responses: default: description: Error @@ -150,75 +152,28 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.kasregistry.DeleteKeyAccessServerResponse' - patch: + $ref: '#/components/schemas/policy.kasregistry.UpdateKeyAccessServerResponse' + /policy.kasregistry.KeyAccessServerRegistryService/DeleteKeyAccessServer: + post: tags: - policy.kasregistry.KeyAccessServerRegistryService - summary: UpdateKeyAccessServer - operationId: policy.kasregistry.KeyAccessServerRegistryService.UpdateKeyAccessServer + summary: DeleteKeyAccessServer + operationId: policy.kasregistry.KeyAccessServerRegistryService.DeleteKeyAccessServer parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' requestBody: content: application/json: schema: - type: object - properties: - uri: - type: string - title: uri - description: |+ - Optional - Optional URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - size(this) == 0 || this.isUri() - ``` - - publicKey: - title: public_key - description: |- - Deprecated - Optional - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: |- - Optional - Using UNSPECIFIED will result in a successful update, - but will not actually update the underlying source. - You should not update KAS's from INTERNAL/EXTERNAL - to unspecified. - $ref: '#/components/schemas/policy.SourceType' - name: - type: string - title: name - maxLength: 253 - description: |+ - Optional - Registered KAS name must be an alphanumeric string, allowing hyphens, and underscores but not as the first or last character. The stored KAS name will be normalized to lower case.: - ``` - size(this) == 0 || this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateKeyAccessServerRequest - additionalProperties: false + $ref: '#/components/schemas/policy.kasregistry.DeleteKeyAccessServerRequest' required: true responses: default: @@ -232,102 +187,30 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.kasregistry.UpdateKeyAccessServerResponse' - /key-access-servers/grants: - get: + $ref: '#/components/schemas/policy.kasregistry.DeleteKeyAccessServerResponse' + /policy.kasregistry.KeyAccessServerRegistryService/ListKeyAccessServerGrants: + post: tags: - policy.kasregistry.KeyAccessServerRegistryService summary: ListKeyAccessServerGrants description: Deprecated operationId: policy.kasregistry.KeyAccessServerRegistryService.ListKeyAccessServerGrants parameters: - - name: kasId - in: query - description: |- - Optional - Filter LIST by ID of a registered Key Access Server. - If neither is provided, grants from all registered KASs to policy attribute - objects are returned. - schema: - type: string - title: kas_id - description: |+ - Optional - Filter LIST by ID of a registered Key Access Server. - If neither is provided, grants from all registered KASs to policy attribute - objects are returned. - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - - name: kasUri - in: query - description: |- - Optional - Filter LIST by URI of a registered Key Access Server. - If none is provided, grants from all registered KASs to policy attribute - objects are returned. - schema: - type: string - title: kas_uri - description: |+ - Optional - Filter LIST by URI of a registered Key Access Server. - If none is provided, grants from all registered KASs to policy attribute - objects are returned. - Optional URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - size(this) == 0 || this.isUri() - ``` - - - name: kasName - in: query - description: |- - Optional - Filter LIST by name of a registered Key Access Server. - If none are provided, grants from all registered KASs to policy attribute - objects are returned. - schema: - type: string - title: kas_name - maxLength: 253 - description: |+ - Optional - Filter LIST by name of a registered Key Access Server. - If none are provided, grants from all registered KASs to policy attribute - objects are returned. - Registered KAS name must be an alphanumeric string, allowing hyphens, and underscores but not as the first or last character. The stored KAS name will be normalized to lower case.: - ``` - size(this) == 0 || this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - - name: pagination.limit - in: query - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services + - name: Connect-Protocol-Version + in: header + required: true schema: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - - name: pagination.offset - in: query - description: |- - Optional - Defaulted if not provided + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header schema: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.kasregistry.ListKeyAccessServerGrantsRequest' + required: true responses: default: description: Error @@ -715,9 +598,6 @@ components: Wrapper message for `bool`. The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. google.protobuf.Timestamp: type: string format: date-time @@ -2008,8 +1888,8 @@ components: type: object properties: algorithm: - type: string title: algorithm + $ref: '#/components/schemas/policy.Algorithm' kid: type: string title: kid diff --git a/docs/openapi/policy/kasregistry/key_access_server_registry.swagger.json b/docs/openapi/policy/kasregistry/key_access_server_registry.swagger.json index 1160d01bdb..79471c3d73 100644 --- a/docs/openapi/policy/kasregistry/key_access_server_registry.swagger.json +++ b/docs/openapi/policy/kasregistry/key_access_server_registry.swagger.json @@ -387,7 +387,7 @@ "type": "object", "properties": { "algorithm": { - "type": "string" + "$ref": "#/definitions/policyAlgorithm" }, "kid": { "type": "string" diff --git a/docs/openapi/policy/namespaces/namespaces.openapi.yaml b/docs/openapi/policy/namespaces/namespaces.openapi.yaml index 434e09afae..3652c61aa5 100644 --- a/docs/openapi/policy/namespaces/namespaces.openapi.yaml +++ b/docs/openapi/policy/namespaces/namespaces.openapi.yaml @@ -2,38 +2,28 @@ openapi: 3.1.0 info: title: policy.namespaces paths: - /attributes/namespaces/{id}: - get: + /policy.namespaces.NamespaceService/GetNamespace: + post: tags: - policy.namespaces.NamespaceService summary: GetNamespace operationId: policy.namespaces.NamespaceService.GetNamespace parameters: - - name: id - in: path - description: Deprecated + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Deprecated - deprecated: true - - name: namespaceId - in: query - description: 'option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field' - schema: - type: string - title: namespace_id - format: uuid - description: 'option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field' - - name: fqn - in: query + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header schema: - type: string - title: fqn - minLength: 1 - format: uri + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.namespaces.GetNamespaceRequest' + required: true responses: default: description: Error @@ -47,21 +37,28 @@ paths: application/json: schema: $ref: '#/components/schemas/policy.namespaces.GetNamespaceResponse' - delete: + /policy.namespaces.NamespaceService/ListNamespaces: + post: tags: - policy.namespaces.NamespaceService - summary: DeactivateNamespace - operationId: policy.namespaces.NamespaceService.DeactivateNamespace + summary: ListNamespaces + operationId: policy.namespaces.NamespaceService.ListNamespaces parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.namespaces.ListNamespacesRequest' + required: true responses: default: description: Error @@ -74,37 +71,28 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.namespaces.DeactivateNamespaceResponse' - patch: + $ref: '#/components/schemas/policy.namespaces.ListNamespacesResponse' + /policy.namespaces.NamespaceService/CreateNamespace: + post: tags: - policy.namespaces.NamespaceService - summary: UpdateNamespace - operationId: policy.namespaces.NamespaceService.UpdateNamespace + summary: CreateNamespace + operationId: policy.namespaces.NamespaceService.CreateNamespace parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' requestBody: content: application/json: schema: - type: object - properties: - metadata: - title: metadata - description: Optional - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateNamespaceRequest - additionalProperties: false + $ref: '#/components/schemas/policy.namespaces.CreateNamespaceRequest' required: true responses: default: @@ -118,51 +106,29 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.namespaces.UpdateNamespaceResponse' - /attributes/namespaces: - get: + $ref: '#/components/schemas/policy.namespaces.CreateNamespaceResponse' + /policy.namespaces.NamespaceService/UpdateNamespace: + post: tags: - policy.namespaces.NamespaceService - summary: ListNamespaces - operationId: policy.namespaces.NamespaceService.ListNamespaces + summary: UpdateNamespace + operationId: policy.namespaces.NamespaceService.UpdateNamespace parameters: - - name: state - in: query - description: |- - Optional - ACTIVE by default when not specified - schema: - title: state - description: |- - Optional - ACTIVE by default when not specified - $ref: '#/components/schemas/common.ActiveStateEnum' - - name: pagination.limit - in: query - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services + - name: Connect-Protocol-Version + in: header + required: true schema: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - - name: pagination.offset - in: query - description: |- - Optional - Defaulted if not provided + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header schema: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.namespaces.UpdateNamespaceRequest' + required: true responses: default: description: Error @@ -175,17 +141,28 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.namespaces.ListNamespacesResponse' + $ref: '#/components/schemas/policy.namespaces.UpdateNamespaceResponse' + /policy.namespaces.NamespaceService/DeactivateNamespace: post: tags: - policy.namespaces.NamespaceService - summary: CreateNamespace - operationId: policy.namespaces.NamespaceService.CreateNamespace + summary: DeactivateNamespace + operationId: policy.namespaces.NamespaceService.DeactivateNamespace + parameters: + - name: Connect-Protocol-Version + in: header + required: true + schema: + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' requestBody: content: application/json: schema: - $ref: '#/components/schemas/policy.namespaces.CreateNamespaceRequest' + $ref: '#/components/schemas/policy.namespaces.DeactivateNamespaceRequest' required: true responses: default: @@ -199,8 +176,8 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.namespaces.CreateNamespaceResponse' - /attributes/namespaces/keyaccessserver/grants: + $ref: '#/components/schemas/policy.namespaces.DeactivateNamespaceResponse' + /policy.namespaces.NamespaceService/AssignKeyAccessServerToNamespace: post: tags: - policy.namespaces.NamespaceService @@ -210,12 +187,22 @@ paths: Namespace <> Key Access Server RPCs --------------------------------------- operationId: policy.namespaces.NamespaceService.AssignKeyAccessServerToNamespace + parameters: + - name: Connect-Protocol-Version + in: header + required: true + schema: + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' requestBody: content: application/json: schema: - title: namespace_key_access_server - $ref: '#/components/schemas/policy.namespaces.NamespaceKeyAccessServer' + $ref: '#/components/schemas/policy.namespaces.AssignKeyAccessServerToNamespaceRequest' + required: true responses: default: description: Error @@ -229,28 +216,28 @@ paths: application/json: schema: $ref: '#/components/schemas/policy.namespaces.AssignKeyAccessServerToNamespaceResponse' - delete: + /policy.namespaces.NamespaceService/RemoveKeyAccessServerFromNamespace: + post: tags: - policy.namespaces.NamespaceService summary: RemoveKeyAccessServerFromNamespace operationId: policy.namespaces.NamespaceService.RemoveKeyAccessServerFromNamespace parameters: - - name: namespaceKeyAccessServer.namespaceId - in: query - description: Required + - name: Connect-Protocol-Version + in: header + required: true schema: - type: string - title: namespace_id - format: uuid - description: Required - - name: namespaceKeyAccessServer.keyAccessServerId - in: query - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header schema: - type: string - title: key_access_server_id - format: uuid - description: Required + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.namespaces.RemoveKeyAccessServerFromNamespaceRequest' + required: true responses: default: description: Error @@ -467,9 +454,6 @@ components: Wrapper message for `bool`. The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. google.protobuf.Timestamp: type: string format: date-time diff --git a/docs/openapi/policy/objects.openapi.yaml b/docs/openapi/policy/objects.openapi.yaml index 0cc2454800..9a3f689ae2 100644 --- a/docs/openapi/policy/objects.openapi.yaml +++ b/docs/openapi/policy/objects.openapi.yaml @@ -122,9 +122,6 @@ components: Wrapper message for `bool`. The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. google.protobuf.Timestamp: type: string format: date-time diff --git a/docs/openapi/policy/registeredresources/registered_resources.openapi.yaml b/docs/openapi/policy/registeredresources/registered_resources.openapi.yaml index 20b25e51ce..24e40308d9 100644 --- a/docs/openapi/policy/registeredresources/registered_resources.openapi.yaml +++ b/docs/openapi/policy/registeredresources/registered_resources.openapi.yaml @@ -537,9 +537,6 @@ components: Wrapper message for `bool`. The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. google.protobuf.Timestamp: type: string format: date-time diff --git a/docs/openapi/policy/resourcemapping/resource_mapping.openapi.yaml b/docs/openapi/policy/resourcemapping/resource_mapping.openapi.yaml index 65c2ab9df8..58dd9e4fc8 100644 --- a/docs/openapi/policy/resourcemapping/resource_mapping.openapi.yaml +++ b/docs/openapi/policy/resourcemapping/resource_mapping.openapi.yaml @@ -2,52 +2,28 @@ openapi: 3.1.0 info: title: policy.resourcemapping paths: - /resource-mapping-groups: - get: + /policy.resourcemapping.ResourceMappingService/ListResourceMappingGroups: + post: tags: - policy.resourcemapping.ResourceMappingService summary: ListResourceMappingGroups operationId: policy.resourcemapping.ResourceMappingService.ListResourceMappingGroups parameters: - - name: namespaceId - in: query - description: Optional + - name: Connect-Protocol-Version + in: header + required: true schema: - type: string - title: namespace_id - description: |+ - Optional - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - - name: pagination.limit - in: query - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header schema: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - - name: pagination.offset - in: query - description: |- - Optional - Defaulted if not provided - schema: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.resourcemapping.ListResourceMappingGroupsRequest' + required: true responses: default: description: Error @@ -61,16 +37,27 @@ paths: application/json: schema: $ref: '#/components/schemas/policy.resourcemapping.ListResourceMappingGroupsResponse' + /policy.resourcemapping.ResourceMappingService/GetResourceMappingGroup: post: tags: - policy.resourcemapping.ResourceMappingService - summary: CreateResourceMappingGroup - operationId: policy.resourcemapping.ResourceMappingService.CreateResourceMappingGroup + summary: GetResourceMappingGroup + operationId: policy.resourcemapping.ResourceMappingService.GetResourceMappingGroup + parameters: + - name: Connect-Protocol-Version + in: header + required: true + schema: + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' requestBody: content: application/json: schema: - $ref: '#/components/schemas/policy.resourcemapping.CreateResourceMappingGroupRequest' + $ref: '#/components/schemas/policy.resourcemapping.GetResourceMappingGroupRequest' required: true responses: default: @@ -84,23 +71,29 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.resourcemapping.CreateResourceMappingGroupResponse' - /resource-mapping-groups/{id}: - get: + $ref: '#/components/schemas/policy.resourcemapping.GetResourceMappingGroupResponse' + /policy.resourcemapping.ResourceMappingService/CreateResourceMappingGroup: + post: tags: - policy.resourcemapping.ResourceMappingService - summary: GetResourceMappingGroup - operationId: policy.resourcemapping.ResourceMappingService.GetResourceMappingGroup + summary: CreateResourceMappingGroup + operationId: policy.resourcemapping.ResourceMappingService.CreateResourceMappingGroup parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.resourcemapping.CreateResourceMappingGroupRequest' + required: true responses: default: description: Error @@ -113,22 +106,29 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.resourcemapping.GetResourceMappingGroupResponse' - delete: + $ref: '#/components/schemas/policy.resourcemapping.CreateResourceMappingGroupResponse' + /policy.resourcemapping.ResourceMappingService/UpdateResourceMappingGroup: + post: tags: - policy.resourcemapping.ResourceMappingService - summary: DeleteResourceMappingGroup - operationId: policy.resourcemapping.ResourceMappingService.DeleteResourceMappingGroup + summary: UpdateResourceMappingGroup + operationId: policy.resourcemapping.ResourceMappingService.UpdateResourceMappingGroup parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.resourcemapping.UpdateResourceMappingGroupRequest' + required: true responses: default: description: Error @@ -141,58 +141,28 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.resourcemapping.DeleteResourceMappingGroupResponse' - patch: + $ref: '#/components/schemas/policy.resourcemapping.UpdateResourceMappingGroupResponse' + /policy.resourcemapping.ResourceMappingService/DeleteResourceMappingGroup: + post: tags: - policy.resourcemapping.ResourceMappingService - summary: UpdateResourceMappingGroup - operationId: policy.resourcemapping.ResourceMappingService.UpdateResourceMappingGroup + summary: DeleteResourceMappingGroup + operationId: policy.resourcemapping.ResourceMappingService.DeleteResourceMappingGroup parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' requestBody: content: application/json: schema: - type: object - properties: - namespaceId: - type: string - title: namespace_id - description: |+ - Optional - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - name: - type: string - title: name - maxLength: 253 - description: |+ - Optional - Optional field must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored group name will be normalized to lower case.: - ``` - size(this) == 0 || this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateResourceMappingGroupRequest - additionalProperties: false + $ref: '#/components/schemas/policy.resourcemapping.DeleteResourceMappingGroupRequest' required: true responses: default: @@ -206,53 +176,29 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.resourcemapping.UpdateResourceMappingGroupResponse' - /resource-mappings: - get: + $ref: '#/components/schemas/policy.resourcemapping.DeleteResourceMappingGroupResponse' + /policy.resourcemapping.ResourceMappingService/ListResourceMappings: + post: tags: - policy.resourcemapping.ResourceMappingService summary: ListResourceMappings operationId: policy.resourcemapping.ResourceMappingService.ListResourceMappings parameters: - - name: groupId - in: query - description: Optional - schema: - type: string - title: group_id - description: |+ - Optional - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - - name: pagination.limit - in: query - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services + - name: Connect-Protocol-Version + in: header + required: true schema: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - - name: pagination.offset - in: query - description: |- - Optional - Defaulted if not provided + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header schema: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.resourcemapping.ListResourceMappingsRequest' + required: true responses: default: description: Error @@ -266,16 +212,27 @@ paths: application/json: schema: $ref: '#/components/schemas/policy.resourcemapping.ListResourceMappingsResponse' + /policy.resourcemapping.ResourceMappingService/ListResourceMappingsByGroupFqns: post: tags: - policy.resourcemapping.ResourceMappingService - summary: CreateResourceMapping - operationId: policy.resourcemapping.ResourceMappingService.CreateResourceMapping + summary: ListResourceMappingsByGroupFqns + operationId: policy.resourcemapping.ResourceMappingService.ListResourceMappingsByGroupFqns + parameters: + - name: Connect-Protocol-Version + in: header + required: true + schema: + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' requestBody: content: application/json: schema: - $ref: '#/components/schemas/policy.resourcemapping.CreateResourceMappingRequest' + $ref: '#/components/schemas/policy.resourcemapping.ListResourceMappingsByGroupFqnsRequest' required: true responses: default: @@ -289,29 +246,29 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.resourcemapping.CreateResourceMappingResponse' - /resource-mappings/group-fqns: - get: + $ref: '#/components/schemas/policy.resourcemapping.ListResourceMappingsByGroupFqnsResponse' + /policy.resourcemapping.ResourceMappingService/GetResourceMapping: + post: tags: - policy.resourcemapping.ResourceMappingService - summary: ListResourceMappingsByGroupFqns - operationId: policy.resourcemapping.ResourceMappingService.ListResourceMappingsByGroupFqns + summary: GetResourceMapping + operationId: policy.resourcemapping.ResourceMappingService.GetResourceMapping parameters: - - name: fqns - in: query - description: |- - Required - Structure of the RM Group FQN is 'https:///resm/' + - name: Connect-Protocol-Version + in: header + required: true schema: - type: array - items: - type: string - minItems: 1 - title: fqns - minItems: 1 - description: |- - Required - Structure of the RM Group FQN is 'https:///resm/' + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.resourcemapping.GetResourceMappingRequest' + required: true responses: default: description: Error @@ -324,23 +281,29 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.resourcemapping.ListResourceMappingsByGroupFqnsResponse' - /resource-mappings/{id}: - get: + $ref: '#/components/schemas/policy.resourcemapping.GetResourceMappingResponse' + /policy.resourcemapping.ResourceMappingService/CreateResourceMapping: + post: tags: - policy.resourcemapping.ResourceMappingService - summary: GetResourceMapping - operationId: policy.resourcemapping.ResourceMappingService.GetResourceMapping + summary: CreateResourceMapping + operationId: policy.resourcemapping.ResourceMappingService.CreateResourceMapping parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.resourcemapping.CreateResourceMappingRequest' + required: true responses: default: description: Error @@ -353,22 +316,29 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.resourcemapping.GetResourceMappingResponse' - delete: + $ref: '#/components/schemas/policy.resourcemapping.CreateResourceMappingResponse' + /policy.resourcemapping.ResourceMappingService/UpdateResourceMapping: + post: tags: - policy.resourcemapping.ResourceMappingService - summary: DeleteResourceMapping - operationId: policy.resourcemapping.ResourceMappingService.DeleteResourceMapping + summary: UpdateResourceMapping + operationId: policy.resourcemapping.ResourceMappingService.UpdateResourceMapping parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.resourcemapping.UpdateResourceMappingRequest' + required: true responses: default: description: Error @@ -381,67 +351,28 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.resourcemapping.DeleteResourceMappingResponse' - patch: + $ref: '#/components/schemas/policy.resourcemapping.UpdateResourceMappingResponse' + /policy.resourcemapping.ResourceMappingService/DeleteResourceMapping: + post: tags: - policy.resourcemapping.ResourceMappingService - summary: UpdateResourceMapping - operationId: policy.resourcemapping.ResourceMappingService.UpdateResourceMapping + summary: DeleteResourceMapping + operationId: policy.resourcemapping.ResourceMappingService.DeleteResourceMapping parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' requestBody: content: application/json: schema: - type: object - properties: - attributeValueId: - type: string - title: attribute_value_id - description: |+ - Optional - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - terms: - type: array - items: - type: string - maxItems: 1000 - title: terms - maxItems: 1000 - description: Optional - groupId: - type: string - title: group_id - description: |+ - Optional - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - metadata: - title: metadata - description: |- - Optional - Common Metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateResourceMappingRequest - additionalProperties: false + $ref: '#/components/schemas/policy.resourcemapping.DeleteResourceMappingRequest' required: true responses: default: @@ -455,7 +386,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.resourcemapping.UpdateResourceMappingResponse' + $ref: '#/components/schemas/policy.resourcemapping.DeleteResourceMappingResponse' components: schemas: common.MetadataUpdateEnum: @@ -606,9 +537,6 @@ components: Wrapper message for `bool`. The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. google.protobuf.Timestamp: type: string format: date-time diff --git a/docs/openapi/policy/subjectmapping/subject_mapping.openapi.yaml b/docs/openapi/policy/subjectmapping/subject_mapping.openapi.yaml index 54d45ff943..1f997c651c 100644 --- a/docs/openapi/policy/subjectmapping/subject_mapping.openapi.yaml +++ b/docs/openapi/policy/subjectmapping/subject_mapping.openapi.yaml @@ -2,22 +2,29 @@ openapi: 3.1.0 info: title: policy.subjectmapping paths: - /subject-mappings/match: + /policy.subjectmapping.SubjectMappingService/MatchSubjectMappings: post: tags: - policy.subjectmapping.SubjectMappingService summary: MatchSubjectMappings description: Find matching Subject Mappings for a given Subject operationId: policy.subjectmapping.SubjectMappingService.MatchSubjectMappings + parameters: + - name: Connect-Protocol-Version + in: header + required: true + schema: + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' requestBody: content: application/json: schema: - type: array - items: - $ref: '#/components/schemas/policy.SubjectProperty' - title: subject_properties - minItems: 1 + $ref: '#/components/schemas/policy.subjectmapping.MatchSubjectMappingsRequest' + required: true responses: default: description: Error @@ -31,39 +38,28 @@ paths: application/json: schema: $ref: '#/components/schemas/policy.subjectmapping.MatchSubjectMappingsResponse' - /subject-mappings: - get: + /policy.subjectmapping.SubjectMappingService/ListSubjectMappings: + post: tags: - policy.subjectmapping.SubjectMappingService summary: ListSubjectMappings operationId: policy.subjectmapping.SubjectMappingService.ListSubjectMappings parameters: - - name: pagination.limit - in: query - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services + - name: Connect-Protocol-Version + in: header + required: true schema: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - - name: pagination.offset - in: query - description: |- - Optional - Defaulted if not provided + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header schema: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.subjectmapping.ListSubjectMappingsRequest' + required: true responses: default: description: Error @@ -77,16 +73,27 @@ paths: application/json: schema: $ref: '#/components/schemas/policy.subjectmapping.ListSubjectMappingsResponse' + /policy.subjectmapping.SubjectMappingService/GetSubjectMapping: post: tags: - policy.subjectmapping.SubjectMappingService - summary: CreateSubjectMapping - operationId: policy.subjectmapping.SubjectMappingService.CreateSubjectMapping + summary: GetSubjectMapping + operationId: policy.subjectmapping.SubjectMappingService.GetSubjectMapping + parameters: + - name: Connect-Protocol-Version + in: header + required: true + schema: + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' requestBody: content: application/json: schema: - $ref: '#/components/schemas/policy.subjectmapping.CreateSubjectMappingRequest' + $ref: '#/components/schemas/policy.subjectmapping.GetSubjectMappingRequest' required: true responses: default: @@ -100,23 +107,29 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.subjectmapping.CreateSubjectMappingResponse' - /subject-mappings/{id}: - get: + $ref: '#/components/schemas/policy.subjectmapping.GetSubjectMappingResponse' + /policy.subjectmapping.SubjectMappingService/CreateSubjectMapping: + post: tags: - policy.subjectmapping.SubjectMappingService - summary: GetSubjectMapping - operationId: policy.subjectmapping.SubjectMappingService.GetSubjectMapping + summary: CreateSubjectMapping + operationId: policy.subjectmapping.SubjectMappingService.CreateSubjectMapping parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.subjectmapping.CreateSubjectMappingRequest' + required: true responses: default: description: Error @@ -129,22 +142,29 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.subjectmapping.GetSubjectMappingResponse' - delete: + $ref: '#/components/schemas/policy.subjectmapping.CreateSubjectMappingResponse' + /policy.subjectmapping.SubjectMappingService/UpdateSubjectMapping: + post: tags: - policy.subjectmapping.SubjectMappingService - summary: DeleteSubjectMapping - operationId: policy.subjectmapping.SubjectMappingService.DeleteSubjectMapping + summary: UpdateSubjectMapping + operationId: policy.subjectmapping.SubjectMappingService.UpdateSubjectMapping parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.subjectmapping.UpdateSubjectMappingRequest' + required: true responses: default: description: Error @@ -157,56 +177,28 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.subjectmapping.DeleteSubjectMappingResponse' - patch: + $ref: '#/components/schemas/policy.subjectmapping.UpdateSubjectMappingResponse' + /policy.subjectmapping.SubjectMappingService/DeleteSubjectMapping: + post: tags: - policy.subjectmapping.SubjectMappingService - summary: UpdateSubjectMapping - operationId: policy.subjectmapping.SubjectMappingService.UpdateSubjectMapping + summary: DeleteSubjectMapping + operationId: policy.subjectmapping.SubjectMappingService.DeleteSubjectMapping parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' requestBody: content: application/json: schema: - type: object - properties: - subjectConditionSetId: - type: string - title: subject_condition_set_id - description: |+ - Optional - Replaces the existing SubjectConditionSet id with a new one - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - description: |- - Optional - Replaces entire list of actions permitted by subjects - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateSubjectMappingRequest - additionalProperties: false + $ref: '#/components/schemas/policy.subjectmapping.DeleteSubjectMappingRequest' required: true responses: default: @@ -220,40 +212,29 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.subjectmapping.UpdateSubjectMappingResponse' - /subject-condition-sets: - get: + $ref: '#/components/schemas/policy.subjectmapping.DeleteSubjectMappingResponse' + /policy.subjectmapping.SubjectMappingService/ListSubjectConditionSets: + post: tags: - policy.subjectmapping.SubjectMappingService summary: ListSubjectConditionSets operationId: policy.subjectmapping.SubjectMappingService.ListSubjectConditionSets parameters: - - name: pagination.limit - in: query - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services + - name: Connect-Protocol-Version + in: header + required: true schema: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - - name: pagination.offset - in: query - description: |- - Optional - Defaulted if not provided + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header schema: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.subjectmapping.ListSubjectConditionSetsRequest' + required: true responses: default: description: Error @@ -267,16 +248,27 @@ paths: application/json: schema: $ref: '#/components/schemas/policy.subjectmapping.ListSubjectConditionSetsResponse' + /policy.subjectmapping.SubjectMappingService/GetSubjectConditionSet: post: tags: - policy.subjectmapping.SubjectMappingService - summary: CreateSubjectConditionSet - operationId: policy.subjectmapping.SubjectMappingService.CreateSubjectConditionSet + summary: GetSubjectConditionSet + operationId: policy.subjectmapping.SubjectMappingService.GetSubjectConditionSet + parameters: + - name: Connect-Protocol-Version + in: header + required: true + schema: + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' requestBody: content: application/json: schema: - $ref: '#/components/schemas/policy.subjectmapping.CreateSubjectConditionSetRequest' + $ref: '#/components/schemas/policy.subjectmapping.GetSubjectConditionSetRequest' required: true responses: default: @@ -290,23 +282,29 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.subjectmapping.CreateSubjectConditionSetResponse' - /subject-condition-sets/{id}: - get: + $ref: '#/components/schemas/policy.subjectmapping.GetSubjectConditionSetResponse' + /policy.subjectmapping.SubjectMappingService/CreateSubjectConditionSet: + post: tags: - policy.subjectmapping.SubjectMappingService - summary: GetSubjectConditionSet - operationId: policy.subjectmapping.SubjectMappingService.GetSubjectConditionSet + summary: CreateSubjectConditionSet + operationId: policy.subjectmapping.SubjectMappingService.CreateSubjectConditionSet parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.subjectmapping.CreateSubjectConditionSetRequest' + required: true responses: default: description: Error @@ -319,22 +317,29 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.subjectmapping.GetSubjectConditionSetResponse' - delete: + $ref: '#/components/schemas/policy.subjectmapping.CreateSubjectConditionSetResponse' + /policy.subjectmapping.SubjectMappingService/UpdateSubjectConditionSet: + post: tags: - policy.subjectmapping.SubjectMappingService - summary: DeleteSubjectConditionSet - operationId: policy.subjectmapping.SubjectMappingService.DeleteSubjectConditionSet + summary: UpdateSubjectConditionSet + operationId: policy.subjectmapping.SubjectMappingService.UpdateSubjectConditionSet parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.subjectmapping.UpdateSubjectConditionSetRequest' + required: true responses: default: description: Error @@ -347,45 +352,28 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.subjectmapping.DeleteSubjectConditionSetResponse' - patch: + $ref: '#/components/schemas/policy.subjectmapping.UpdateSubjectConditionSetResponse' + /policy.subjectmapping.SubjectMappingService/DeleteSubjectConditionSet: + post: tags: - policy.subjectmapping.SubjectMappingService - summary: UpdateSubjectConditionSet - operationId: policy.subjectmapping.SubjectMappingService.UpdateSubjectConditionSet + summary: DeleteSubjectConditionSet + operationId: policy.subjectmapping.SubjectMappingService.DeleteSubjectConditionSet parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' requestBody: content: application/json: schema: - type: object - properties: - subjectSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectSet' - title: subject_sets - description: |- - Optional - If provided, replaces entire existing structure of Subject Sets, Condition Groups, & Conditions - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateSubjectConditionSetRequest - additionalProperties: false + $ref: '#/components/schemas/policy.subjectmapping.DeleteSubjectConditionSetRequest' required: true responses: default: @@ -399,13 +387,29 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.subjectmapping.UpdateSubjectConditionSetResponse' - /subject-condition-sets/unmapped: - delete: + $ref: '#/components/schemas/policy.subjectmapping.DeleteSubjectConditionSetResponse' + /policy.subjectmapping.SubjectMappingService/DeleteAllUnmappedSubjectConditionSets: + post: tags: - policy.subjectmapping.SubjectMappingService summary: DeleteAllUnmappedSubjectConditionSets operationId: policy.subjectmapping.SubjectMappingService.DeleteAllUnmappedSubjectConditionSets + parameters: + - name: Connect-Protocol-Version + in: header + required: true + schema: + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.subjectmapping.DeleteAllUnmappedSubjectConditionSetsRequest' + required: true responses: default: description: Error @@ -569,9 +573,6 @@ components: Wrapper message for `bool`. The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. google.protobuf.Timestamp: type: string format: date-time @@ -1318,9 +1319,14 @@ components: $ref: '#/components/schemas/policy.Action' title: actions minItems: 1 - description: |- + description: |+ Required The actions permitted by subjects in this mapping + Action name or ID must not be empty if provided: + ``` + this.all(item, item.name != '' || item.id != '') + ``` + existingSubjectConditionSetId: type: string title: existing_subject_condition_set_id @@ -1590,9 +1596,14 @@ components: items: $ref: '#/components/schemas/policy.Action' title: actions - description: |- + description: |+ Optional Replaces entire list of actions permitted by subjects + Action name or ID must not be empty if provided: + ``` + this.size() == 0 || this.all(item, item.name != '' || item.id != '') + ``` + metadata: title: metadata description: Common metadata diff --git a/docs/openapi/policy/unsafe/unsafe.openapi.yaml b/docs/openapi/policy/unsafe/unsafe.openapi.yaml index a2ee41ddd6..4fbddc45b5 100644 --- a/docs/openapi/policy/unsafe/unsafe.openapi.yaml +++ b/docs/openapi/policy/unsafe/unsafe.openapi.yaml @@ -2,52 +2,8 @@ openapi: 3.1.0 info: title: policy.unsafe paths: - /unsafe/namespaces/{id}: - delete: - tags: - - policy.unsafe.UnsafeService - summary: UnsafeDeleteNamespace - operationId: policy.unsafe.UnsafeService.UnsafeDeleteNamespace - parameters: - - name: id - in: path - description: |- - Required - UUID of the Namespace - required: true - schema: - type: string - title: id - format: uuid - description: |- - Required - UUID of the Namespace - - name: fqn - in: query - description: |- - Required - Fully Qualified Name (FQN) of Namespace (i.e. https://), normalized to lower case. - required: true - schema: - type: string - title: fqn - description: |- - Required - Fully Qualified Name (FQN) of Namespace (i.e. https://), normalized to lower case. - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteNamespaceResponse' - patch: + /policy.unsafe.UnsafeService/UnsafeUpdateNamespace: + post: tags: - policy.unsafe.UnsafeService summary: UnsafeUpdateNamespace @@ -57,29 +13,21 @@ paths: --------------------------------------- operationId: policy.unsafe.UnsafeService.UnsafeUpdateNamespace parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required - - name: name - in: query - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header schema: - type: string - title: name - maxLength: 253 - description: |+ - Required - Namespace must be a valid hostname. It should include at least one dot, with each segment (label) starting and ending with an alphanumeric character. Each label must be 1 to 63 characters long, allowing hyphens but not as the first or last character. The top-level domain (the last segment after the final dot) must consist of at least two alphabetic characters. The stored namespace will be normalized to lower case.: - ``` - this.matches('^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,}$') - ``` - + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.unsafe.UnsafeUpdateNamespaceRequest' + required: true responses: default: description: Error @@ -93,22 +41,28 @@ paths: application/json: schema: $ref: '#/components/schemas/policy.unsafe.UnsafeUpdateNamespaceResponse' - /unsafe/namespaces/{id}/reactivate: + /policy.unsafe.UnsafeService/UnsafeReactivateNamespace: post: tags: - policy.unsafe.UnsafeService summary: UnsafeReactivateNamespace operationId: policy.unsafe.UnsafeService.UnsafeReactivateNamespace parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.unsafe.UnsafeReactivateNamespaceRequest' + required: true responses: default: description: Error @@ -122,38 +76,28 @@ paths: application/json: schema: $ref: '#/components/schemas/policy.unsafe.UnsafeReactivateNamespaceResponse' - /unsafe/attributes/{id}: - delete: + /policy.unsafe.UnsafeService/UnsafeDeleteNamespace: + post: tags: - policy.unsafe.UnsafeService - summary: UnsafeDeleteAttribute - operationId: policy.unsafe.UnsafeService.UnsafeDeleteAttribute + summary: UnsafeDeleteNamespace + operationId: policy.unsafe.UnsafeService.UnsafeDeleteNamespace parameters: - - name: id - in: path - description: |- - Required - UUID of the Attribute + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: |- - Required - UUID of the Attribute - - name: fqn - in: query - description: |- - Required - Fully Qualified Name (FQN) of Attribute Definition (i.e. https:///attr/), normalized to lower case. - required: true + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header schema: - type: string - title: fqn - description: |- - Required - Fully Qualified Name (FQN) of Attribute Definition (i.e. https:///attr/), normalized to lower case. + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteNamespaceRequest' + required: true responses: default: description: Error @@ -166,8 +110,9 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteAttributeResponse' - patch: + $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteNamespaceResponse' + /policy.unsafe.UnsafeService/UnsafeUpdateAttribute: + post: tags: - policy.unsafe.UnsafeService summary: UnsafeUpdateAttribute @@ -177,66 +122,21 @@ paths: --------------------------------------- operationId: policy.unsafe.UnsafeService.UnsafeUpdateAttribute parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required - - name: name - in: query - description: |- - Optional - WARNING!! - Updating the name of an Attribute will retroactively alter access to existing TDFs of the old and new Attribute name. - schema: - type: string - title: name - maxLength: 253 - description: |+ - Optional - WARNING!! - Updating the name of an Attribute will retroactively alter access to existing TDFs of the old and new Attribute name. - Attribute name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored attribute name will be normalized to lower case.: - ``` - size(this) > 0 ? this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') : true - ``` - - - name: rule - in: query - description: |- - Optional - WARNING!! - Updating the rule of an Attribute will retroactively alter access to existing TDFs of the Attribute name. - schema: - title: rule - description: |- - Optional - WARNING!! - Updating the rule of an Attribute will retroactively alter access to existing TDFs of the Attribute name. - $ref: '#/components/schemas/policy.AttributeRuleTypeEnum' - - name: valuesOrder - in: query - description: |- - Optional - WARNING!! - Unsafe reordering requires the full list of values in the new order they should be stored. Updating the order of values in a HIERARCHY-rule Attribute Definition - will retroactively alter access to existing TDFs containing those values. Replacing values on an attribute in place is not supported; values can be unsafely deleted - deleted, created, and unsafely re-ordered as necessary. + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header schema: - type: array - items: - type: string - title: values_order - description: |- - Optional - WARNING!! - Unsafe reordering requires the full list of values in the new order they should be stored. Updating the order of values in a HIERARCHY-rule Attribute Definition - will retroactively alter access to existing TDFs containing those values. Replacing values on an attribute in place is not supported; values can be unsafely deleted - deleted, created, and unsafely re-ordered as necessary. + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.unsafe.UnsafeUpdateAttributeRequest' + required: true responses: default: description: Error @@ -250,22 +150,28 @@ paths: application/json: schema: $ref: '#/components/schemas/policy.unsafe.UnsafeUpdateAttributeResponse' - /unsafe/attributes/{id}/reactivate: + /policy.unsafe.UnsafeService/UnsafeReactivateAttribute: post: tags: - policy.unsafe.UnsafeService summary: UnsafeReactivateAttribute operationId: policy.unsafe.UnsafeService.UnsafeReactivateAttribute parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.unsafe.UnsafeReactivateAttributeRequest' + required: true responses: default: description: Error @@ -279,38 +185,28 @@ paths: application/json: schema: $ref: '#/components/schemas/policy.unsafe.UnsafeReactivateAttributeResponse' - /unsafe/attributes/values/{id}: - delete: + /policy.unsafe.UnsafeService/UnsafeDeleteAttribute: + post: tags: - policy.unsafe.UnsafeService - summary: UnsafeDeleteAttributeValue - operationId: policy.unsafe.UnsafeService.UnsafeDeleteAttributeValue + summary: UnsafeDeleteAttribute + operationId: policy.unsafe.UnsafeService.UnsafeDeleteAttribute parameters: - - name: id - in: path - description: |- - Required - UUID of the Attribute Value + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: |- - Required - UUID of the Attribute Value - - name: fqn - in: query - description: |- - Required - Fully Qualified Name (FQN) of Attribute Value (i.e. https:///attr//value/), normalized to lower case. - required: true + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header schema: - type: string - title: fqn - description: |- - Required - Fully Qualified Name (FQN) of Attribute Value (i.e. https:///attr//value/), normalized to lower case. + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteAttributeRequest' + required: true responses: default: description: Error @@ -323,8 +219,9 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteAttributeValueResponse' - patch: + $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteAttributeResponse' + /policy.unsafe.UnsafeService/UnsafeUpdateAttributeValue: + post: tags: - policy.unsafe.UnsafeService summary: UnsafeUpdateAttributeValue @@ -334,29 +231,21 @@ paths: --------------------------------------- operationId: policy.unsafe.UnsafeService.UnsafeUpdateAttributeValue parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required - - name: value - in: query - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header schema: - type: string - title: value - maxLength: 253 - description: |+ - Required - Attribute Value must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored attribute value will be normalized to lower case.: - ``` - this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.unsafe.UnsafeUpdateAttributeValueRequest' + required: true responses: default: description: Error @@ -370,22 +259,28 @@ paths: application/json: schema: $ref: '#/components/schemas/policy.unsafe.UnsafeUpdateAttributeValueResponse' - /unsafe/attributes/values/{id}/reactivate: + /policy.unsafe.UnsafeService/UnsafeReactivateAttributeValue: post: tags: - policy.unsafe.UnsafeService summary: UnsafeReactivateAttributeValue operationId: policy.unsafe.UnsafeService.UnsafeReactivateAttributeValue parameters: - - name: id - in: path - description: Required + - name: Connect-Protocol-Version + in: header required: true schema: - type: string - title: id - format: uuid - description: Required + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.unsafe.UnsafeReactivateAttributeValueRequest' + required: true responses: default: description: Error @@ -399,6 +294,41 @@ paths: application/json: schema: $ref: '#/components/schemas/policy.unsafe.UnsafeReactivateAttributeValueResponse' + /policy.unsafe.UnsafeService/UnsafeDeleteAttributeValue: + post: + tags: + - policy.unsafe.UnsafeService + summary: UnsafeDeleteAttributeValue + operationId: policy.unsafe.UnsafeService.UnsafeDeleteAttributeValue + parameters: + - name: Connect-Protocol-Version + in: header + required: true + schema: + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteAttributeValueRequest' + required: true + responses: + default: + description: Error + content: + application/json: + schema: + $ref: '#/components/schemas/connect.error' + "200": + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteAttributeValueResponse' /policy.unsafe.UnsafeService/UnsafeDeleteKasKey: post: tags: @@ -558,9 +488,6 @@ components: Wrapper message for `bool`. The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. google.protobuf.Timestamp: type: string format: date-time @@ -1594,5 +1521,4 @@ tags: description: |- / / Unsafe Service - / IN FLIGHT AND NOT YET IMPLEMENTED! / diff --git a/protocol/go/policy/kasregistry/key_access_server_registry.pb.go b/protocol/go/policy/kasregistry/key_access_server_registry.pb.go index 4c9ee3eeb9..544ac8c208 100644 --- a/protocol/go/policy/kasregistry/key_access_server_registry.pb.go +++ b/protocol/go/policy/kasregistry/key_access_server_registry.pb.go @@ -2851,9 +2851,9 @@ type SimpleKasPublicKey struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Algorithm string `protobuf:"bytes,1,opt,name=algorithm,proto3" json:"algorithm,omitempty"` - Kid string `protobuf:"bytes,2,opt,name=kid,proto3" json:"kid,omitempty"` - Pem string `protobuf:"bytes,3,opt,name=pem,proto3" json:"pem,omitempty"` + Algorithm policy.Algorithm `protobuf:"varint,1,opt,name=algorithm,proto3,enum=policy.Algorithm" json:"algorithm,omitempty"` + Kid string `protobuf:"bytes,2,opt,name=kid,proto3" json:"kid,omitempty"` + Pem string `protobuf:"bytes,3,opt,name=pem,proto3" json:"pem,omitempty"` } func (x *SimpleKasPublicKey) Reset() { @@ -2888,11 +2888,11 @@ func (*SimpleKasPublicKey) Descriptor() ([]byte, []int) { return file_policy_kasregistry_key_access_server_registry_proto_rawDescGZIP(), []int{42} } -func (x *SimpleKasPublicKey) GetAlgorithm() string { +func (x *SimpleKasPublicKey) GetAlgorithm() policy.Algorithm { if x != nil { return x.Algorithm } - return "" + return policy.Algorithm(0) } func (x *SimpleKasPublicKey) GetKid() string { @@ -4174,144 +4174,145 @@ var file_policy_kasregistry_key_access_server_registry_proto_rawDesc = []byte{ 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x48, 0x00, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x42, 0x13, 0x0a, 0x0a, 0x61, 0x63, 0x74, 0x69, - 0x76, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x12, 0x05, 0xba, 0x48, 0x02, 0x08, 0x01, 0x22, 0x56, 0x0a, + 0x76, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x12, 0x05, 0xba, 0x48, 0x02, 0x08, 0x01, 0x22, 0x69, 0x0a, 0x12, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x4b, 0x61, 0x73, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, - 0x4b, 0x65, 0x79, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, - 0x6d, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, - 0x6b, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x65, 0x6d, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x03, 0x70, 0x65, 0x6d, 0x22, 0x6e, 0x0a, 0x0c, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x4b, - 0x61, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x17, 0x0a, 0x07, 0x6b, 0x61, 0x73, 0x5f, 0x75, 0x72, 0x69, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6b, 0x61, 0x73, 0x55, 0x72, 0x69, 0x12, 0x45, - 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, - 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x4b, 0x61, - 0x73, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x09, 0x70, 0x75, 0x62, 0x6c, - 0x69, 0x63, 0x4b, 0x65, 0x79, 0x22, 0x13, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, - 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x51, 0x0a, 0x12, 0x47, 0x65, - 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x12, 0x3b, 0x0a, 0x08, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, - 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x4b, 0x61, - 0x73, 0x4b, 0x65, 0x79, 0x52, 0x07, 0x62, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x22, 0xa6, 0x01, - 0x0a, 0x12, 0x53, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x42, 0x0a, 0x0c, 0x6e, 0x65, 0x77, 0x5f, 0x62, 0x61, 0x73, 0x65, - 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x70, 0x6f, 0x6c, - 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, - 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x52, 0x0a, 0x6e, 0x65, - 0x77, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x4c, 0x0a, 0x11, 0x70, 0x72, 0x65, 0x76, - 0x69, 0x6f, 0x75, 0x73, 0x5f, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, - 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x4b, - 0x61, 0x73, 0x4b, 0x65, 0x79, 0x52, 0x0f, 0x70, 0x72, 0x65, 0x76, 0x69, 0x6f, 0x75, 0x73, 0x42, - 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x32, 0xc4, 0x0b, 0x0a, 0x1e, 0x4b, 0x65, 0x79, 0x41, 0x63, - 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, - 0x72, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x99, 0x01, 0x0a, 0x14, 0x4c, 0x69, - 0x73, 0x74, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x73, 0x12, 0x2f, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, - 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x41, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x30, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, - 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, - 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x15, 0x12, 0x13, 0x2f, - 0x6b, 0x65, 0x79, 0x2d, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x2d, 0x73, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x73, 0x90, 0x02, 0x01, 0x12, 0x78, 0x0a, 0x12, 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x41, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x2d, 0x2e, 0x70, 0x6f, + 0x4b, 0x65, 0x79, 0x12, 0x2f, 0x0a, 0x09, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x11, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, + 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x52, 0x09, 0x61, 0x6c, 0x67, 0x6f, 0x72, + 0x69, 0x74, 0x68, 0x6d, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x6b, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x65, 0x6d, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x03, 0x70, 0x65, 0x6d, 0x22, 0x6e, 0x0a, 0x0c, 0x53, 0x69, 0x6d, 0x70, + 0x6c, 0x65, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x17, 0x0a, 0x07, 0x6b, 0x61, 0x73, 0x5f, + 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6b, 0x61, 0x73, 0x55, 0x72, + 0x69, 0x12, 0x45, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, + 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x69, 0x6d, 0x70, 0x6c, + 0x65, 0x4b, 0x61, 0x73, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x09, 0x70, + 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x22, 0x13, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x42, + 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x51, 0x0a, + 0x12, 0x47, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x12, 0x3b, 0x0a, 0x08, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, + 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x69, 0x6d, 0x70, 0x6c, + 0x65, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x52, 0x07, 0x62, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, + 0x22, 0xa6, 0x01, 0x0a, 0x12, 0x53, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x42, 0x0a, 0x0c, 0x6e, 0x65, 0x77, 0x5f, 0x62, + 0x61, 0x73, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, + 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, + 0x72, 0x79, 0x2e, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x52, + 0x0a, 0x6e, 0x65, 0x77, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x4c, 0x0a, 0x11, 0x70, + 0x72, 0x65, 0x76, 0x69, 0x6f, 0x75, 0x73, 0x5f, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x6b, 0x65, 0x79, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, + 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x69, 0x6d, 0x70, + 0x6c, 0x65, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x52, 0x0f, 0x70, 0x72, 0x65, 0x76, 0x69, 0x6f, + 0x75, 0x73, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x32, 0xc4, 0x0b, 0x0a, 0x1e, 0x4b, 0x65, + 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x67, + 0x69, 0x73, 0x74, 0x72, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x99, 0x01, 0x0a, + 0x14, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, + 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x2f, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, + 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x4b, + 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x30, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, + 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x69, 0x73, 0x74, + 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x15, + 0x12, 0x13, 0x2f, 0x6b, 0x65, 0x79, 0x2d, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x2d, 0x73, 0x65, + 0x72, 0x76, 0x65, 0x72, 0x73, 0x90, 0x02, 0x01, 0x12, 0x78, 0x0a, 0x12, 0x47, 0x65, 0x74, 0x4b, + 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x2d, + 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, + 0x74, 0x72, 0x79, 0x2e, 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, + 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2e, 0x2e, + 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, + 0x72, 0x79, 0x2e, 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x03, 0x90, + 0x02, 0x01, 0x12, 0x7e, 0x0a, 0x15, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x30, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, - 0x2e, 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2e, 0x2e, 0x70, 0x6f, 0x6c, - 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, - 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x03, 0x90, 0x02, 0x01, 0x12, - 0x7e, 0x0a, 0x15, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, - 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x30, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x43, 0x72, - 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x31, 0x2e, 0x70, 0x6f, 0x6c, - 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, - 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, - 0x7e, 0x0a, 0x15, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, - 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x30, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x70, - 0x64, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x31, 0x2e, 0x70, 0x6f, 0x6c, - 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, - 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, - 0x7e, 0x0a, 0x15, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, - 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x30, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x44, 0x65, - 0x6c, 0x65, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x31, 0x2e, 0x70, 0x6f, 0x6c, - 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, - 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, - 0x8d, 0x01, 0x0a, 0x19, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, - 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x73, 0x12, 0x34, 0x2e, + 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, + 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x31, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, - 0x72, 0x79, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, - 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x35, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, - 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, - 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x47, 0x72, 0x61, 0x6e, - 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x03, 0x90, 0x02, 0x01, 0x12, - 0x5a, 0x0a, 0x09, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x24, 0x2e, 0x70, - 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, - 0x79, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, - 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, - 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x51, 0x0a, 0x06, 0x47, - 0x65, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x21, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, - 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x65, 0x74, 0x4b, 0x65, - 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x65, - 0x74, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x57, - 0x0a, 0x08, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x73, 0x12, 0x23, 0x2e, 0x70, 0x6f, 0x6c, - 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, - 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x72, 0x79, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x22, 0x00, 0x12, 0x7e, 0x0a, 0x15, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x30, 0x2e, 0x70, 0x6f, + 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, + 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, + 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x31, 0x2e, + 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, + 0x72, 0x79, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x22, 0x00, 0x12, 0x7e, 0x0a, 0x15, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x30, 0x2e, 0x70, 0x6f, + 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, + 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, + 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x31, 0x2e, + 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, + 0x72, 0x79, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x22, 0x00, 0x12, 0x8d, 0x01, 0x0a, 0x19, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x41, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x73, + 0x12, 0x34, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, + 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x73, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x35, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, + 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x69, 0x73, 0x74, + 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x47, + 0x72, 0x61, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x03, 0x90, + 0x02, 0x01, 0x12, 0x5a, 0x0a, 0x09, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x24, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, - 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x5a, 0x0a, 0x09, 0x55, 0x70, 0x64, 0x61, 0x74, - 0x65, 0x4b, 0x65, 0x79, 0x12, 0x24, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, - 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, - 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x70, 0x6f, 0x6c, - 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, - 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x22, 0x00, 0x12, 0x5a, 0x0a, 0x09, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, - 0x12, 0x24, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, - 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, - 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x6f, 0x74, 0x61, - 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, - 0x5d, 0x0a, 0x0a, 0x53, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x25, 0x2e, + 0x73, 0x74, 0x72, 0x79, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, + 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, + 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x51, + 0x0a, 0x06, 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x21, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, + 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x65, + 0x74, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x70, 0x6f, + 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, + 0x2e, 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, + 0x00, 0x12, 0x57, 0x0a, 0x08, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x73, 0x12, 0x23, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, - 0x72, 0x79, 0x2e, 0x53, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, - 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x74, 0x42, 0x61, 0x73, - 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x5d, - 0x0a, 0x0a, 0x47, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x25, 0x2e, 0x70, - 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, - 0x79, 0x2e, 0x47, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, - 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, - 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0xdb, 0x01, - 0x0a, 0x16, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, - 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x42, 0x1c, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, - 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, - 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x64, 0x66, 0x2f, 0x70, 0x6c, 0x61, - 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x67, - 0x6f, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2f, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, - 0x73, 0x74, 0x72, 0x79, 0xa2, 0x02, 0x03, 0x50, 0x4b, 0x58, 0xaa, 0x02, 0x12, 0x50, 0x6f, 0x6c, - 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0xca, - 0x02, 0x12, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5c, 0x4b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, - 0x73, 0x74, 0x72, 0x79, 0xe2, 0x02, 0x1e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5c, 0x4b, 0x61, - 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, - 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x13, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x3a, 0x3a, - 0x4b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, + 0x72, 0x79, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x24, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, + 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x73, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x5a, 0x0a, 0x09, 0x55, 0x70, + 0x64, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x24, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x70, 0x64, + 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, + 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, + 0x72, 0x79, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x5a, 0x0a, 0x09, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, + 0x4b, 0x65, 0x79, 0x12, 0x24, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, + 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x4b, + 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x70, 0x6f, 0x6c, 0x69, + 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x52, + 0x6f, 0x74, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x22, 0x00, 0x12, 0x5d, 0x0a, 0x0a, 0x53, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, + 0x12, 0x25, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, + 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x74, + 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, + 0x00, 0x12, 0x5d, 0x0a, 0x0a, 0x47, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x12, + 0x25, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, + 0x73, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x65, 0x74, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, + 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x65, 0x74, 0x42, + 0x61, 0x73, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, + 0x42, 0xdb, 0x01, 0x0a, 0x16, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, + 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x42, 0x1c, 0x4b, 0x65, 0x79, + 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x67, 0x69, + 0x73, 0x74, 0x72, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3a, 0x67, 0x69, 0x74, + 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x64, 0x66, 0x2f, + 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, + 0x6c, 0x2f, 0x67, 0x6f, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2f, 0x6b, 0x61, 0x73, 0x72, + 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0xa2, 0x02, 0x03, 0x50, 0x4b, 0x58, 0xaa, 0x02, 0x12, + 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, + 0x72, 0x79, 0xca, 0x02, 0x12, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5c, 0x4b, 0x61, 0x73, 0x72, + 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0xe2, 0x02, 0x1e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x5c, 0x4b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x5c, 0x47, 0x50, 0x42, + 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x13, 0x50, 0x6f, 0x6c, 0x69, 0x63, + 0x79, 0x3a, 0x3a, 0x4b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -4455,51 +4456,52 @@ var file_policy_kasregistry_key_access_server_registry_proto_depIdxs = []int32{ 64, // 57: policy.kasregistry.RotateKeyResponse.kas_key:type_name -> policy.KasKey 39, // 58: policy.kasregistry.RotateKeyResponse.rotated_resources:type_name -> policy.kasregistry.RotatedResources 36, // 59: policy.kasregistry.SetBaseKeyRequest.key:type_name -> policy.kasregistry.KasKeyIdentifier - 42, // 60: policy.kasregistry.SimpleKasKey.public_key:type_name -> policy.kasregistry.SimpleKasPublicKey - 43, // 61: policy.kasregistry.GetBaseKeyResponse.base_key:type_name -> policy.kasregistry.SimpleKasKey - 43, // 62: policy.kasregistry.SetBaseKeyResponse.new_base_key:type_name -> policy.kasregistry.SimpleKasKey - 43, // 63: policy.kasregistry.SetBaseKeyResponse.previous_base_key:type_name -> policy.kasregistry.SimpleKasKey - 48, // 64: policy.kasregistry.ListPublicKeyMappingResponse.PublicKeyMapping.public_keys:type_name -> policy.kasregistry.ListPublicKeyMappingResponse.PublicKey - 59, // 65: policy.kasregistry.ListPublicKeyMappingResponse.PublicKey.key:type_name -> policy.Key - 49, // 66: policy.kasregistry.ListPublicKeyMappingResponse.PublicKey.values:type_name -> policy.kasregistry.ListPublicKeyMappingResponse.Association - 49, // 67: policy.kasregistry.ListPublicKeyMappingResponse.PublicKey.definitions:type_name -> policy.kasregistry.ListPublicKeyMappingResponse.Association - 49, // 68: policy.kasregistry.ListPublicKeyMappingResponse.PublicKey.namespaces:type_name -> policy.kasregistry.ListPublicKeyMappingResponse.Association - 60, // 69: policy.kasregistry.RotateKeyRequest.NewKey.algorithm:type_name -> policy.Algorithm - 61, // 70: policy.kasregistry.RotateKeyRequest.NewKey.key_mode:type_name -> policy.KeyMode - 62, // 71: policy.kasregistry.RotateKeyRequest.NewKey.public_key_ctx:type_name -> policy.PublicKeyCtx - 63, // 72: policy.kasregistry.RotateKeyRequest.NewKey.private_key_ctx:type_name -> policy.PrivateKeyCtx - 56, // 73: policy.kasregistry.RotateKeyRequest.NewKey.metadata:type_name -> common.MetadataMutable - 2, // 74: policy.kasregistry.KeyAccessServerRegistryService.ListKeyAccessServers:input_type -> policy.kasregistry.ListKeyAccessServersRequest - 0, // 75: policy.kasregistry.KeyAccessServerRegistryService.GetKeyAccessServer:input_type -> policy.kasregistry.GetKeyAccessServerRequest - 4, // 76: policy.kasregistry.KeyAccessServerRegistryService.CreateKeyAccessServer:input_type -> policy.kasregistry.CreateKeyAccessServerRequest - 6, // 77: policy.kasregistry.KeyAccessServerRegistryService.UpdateKeyAccessServer:input_type -> policy.kasregistry.UpdateKeyAccessServerRequest - 8, // 78: policy.kasregistry.KeyAccessServerRegistryService.DeleteKeyAccessServer:input_type -> policy.kasregistry.DeleteKeyAccessServerRequest - 26, // 79: policy.kasregistry.KeyAccessServerRegistryService.ListKeyAccessServerGrants:input_type -> policy.kasregistry.ListKeyAccessServerGrantsRequest - 28, // 80: policy.kasregistry.KeyAccessServerRegistryService.CreateKey:input_type -> policy.kasregistry.CreateKeyRequest - 30, // 81: policy.kasregistry.KeyAccessServerRegistryService.GetKey:input_type -> policy.kasregistry.GetKeyRequest - 32, // 82: policy.kasregistry.KeyAccessServerRegistryService.ListKeys:input_type -> policy.kasregistry.ListKeysRequest - 34, // 83: policy.kasregistry.KeyAccessServerRegistryService.UpdateKey:input_type -> policy.kasregistry.UpdateKeyRequest - 37, // 84: policy.kasregistry.KeyAccessServerRegistryService.RotateKey:input_type -> policy.kasregistry.RotateKeyRequest - 41, // 85: policy.kasregistry.KeyAccessServerRegistryService.SetBaseKey:input_type -> policy.kasregistry.SetBaseKeyRequest - 44, // 86: policy.kasregistry.KeyAccessServerRegistryService.GetBaseKey:input_type -> policy.kasregistry.GetBaseKeyRequest - 3, // 87: policy.kasregistry.KeyAccessServerRegistryService.ListKeyAccessServers:output_type -> policy.kasregistry.ListKeyAccessServersResponse - 1, // 88: policy.kasregistry.KeyAccessServerRegistryService.GetKeyAccessServer:output_type -> policy.kasregistry.GetKeyAccessServerResponse - 5, // 89: policy.kasregistry.KeyAccessServerRegistryService.CreateKeyAccessServer:output_type -> policy.kasregistry.CreateKeyAccessServerResponse - 7, // 90: policy.kasregistry.KeyAccessServerRegistryService.UpdateKeyAccessServer:output_type -> policy.kasregistry.UpdateKeyAccessServerResponse - 9, // 91: policy.kasregistry.KeyAccessServerRegistryService.DeleteKeyAccessServer:output_type -> policy.kasregistry.DeleteKeyAccessServerResponse - 27, // 92: policy.kasregistry.KeyAccessServerRegistryService.ListKeyAccessServerGrants:output_type -> policy.kasregistry.ListKeyAccessServerGrantsResponse - 29, // 93: policy.kasregistry.KeyAccessServerRegistryService.CreateKey:output_type -> policy.kasregistry.CreateKeyResponse - 31, // 94: policy.kasregistry.KeyAccessServerRegistryService.GetKey:output_type -> policy.kasregistry.GetKeyResponse - 33, // 95: policy.kasregistry.KeyAccessServerRegistryService.ListKeys:output_type -> policy.kasregistry.ListKeysResponse - 35, // 96: policy.kasregistry.KeyAccessServerRegistryService.UpdateKey:output_type -> policy.kasregistry.UpdateKeyResponse - 40, // 97: policy.kasregistry.KeyAccessServerRegistryService.RotateKey:output_type -> policy.kasregistry.RotateKeyResponse - 46, // 98: policy.kasregistry.KeyAccessServerRegistryService.SetBaseKey:output_type -> policy.kasregistry.SetBaseKeyResponse - 45, // 99: policy.kasregistry.KeyAccessServerRegistryService.GetBaseKey:output_type -> policy.kasregistry.GetBaseKeyResponse - 87, // [87:100] is the sub-list for method output_type - 74, // [74:87] is the sub-list for method input_type - 74, // [74:74] is the sub-list for extension type_name - 74, // [74:74] is the sub-list for extension extendee - 0, // [0:74] is the sub-list for field type_name + 60, // 60: policy.kasregistry.SimpleKasPublicKey.algorithm:type_name -> policy.Algorithm + 42, // 61: policy.kasregistry.SimpleKasKey.public_key:type_name -> policy.kasregistry.SimpleKasPublicKey + 43, // 62: policy.kasregistry.GetBaseKeyResponse.base_key:type_name -> policy.kasregistry.SimpleKasKey + 43, // 63: policy.kasregistry.SetBaseKeyResponse.new_base_key:type_name -> policy.kasregistry.SimpleKasKey + 43, // 64: policy.kasregistry.SetBaseKeyResponse.previous_base_key:type_name -> policy.kasregistry.SimpleKasKey + 48, // 65: policy.kasregistry.ListPublicKeyMappingResponse.PublicKeyMapping.public_keys:type_name -> policy.kasregistry.ListPublicKeyMappingResponse.PublicKey + 59, // 66: policy.kasregistry.ListPublicKeyMappingResponse.PublicKey.key:type_name -> policy.Key + 49, // 67: policy.kasregistry.ListPublicKeyMappingResponse.PublicKey.values:type_name -> policy.kasregistry.ListPublicKeyMappingResponse.Association + 49, // 68: policy.kasregistry.ListPublicKeyMappingResponse.PublicKey.definitions:type_name -> policy.kasregistry.ListPublicKeyMappingResponse.Association + 49, // 69: policy.kasregistry.ListPublicKeyMappingResponse.PublicKey.namespaces:type_name -> policy.kasregistry.ListPublicKeyMappingResponse.Association + 60, // 70: policy.kasregistry.RotateKeyRequest.NewKey.algorithm:type_name -> policy.Algorithm + 61, // 71: policy.kasregistry.RotateKeyRequest.NewKey.key_mode:type_name -> policy.KeyMode + 62, // 72: policy.kasregistry.RotateKeyRequest.NewKey.public_key_ctx:type_name -> policy.PublicKeyCtx + 63, // 73: policy.kasregistry.RotateKeyRequest.NewKey.private_key_ctx:type_name -> policy.PrivateKeyCtx + 56, // 74: policy.kasregistry.RotateKeyRequest.NewKey.metadata:type_name -> common.MetadataMutable + 2, // 75: policy.kasregistry.KeyAccessServerRegistryService.ListKeyAccessServers:input_type -> policy.kasregistry.ListKeyAccessServersRequest + 0, // 76: policy.kasregistry.KeyAccessServerRegistryService.GetKeyAccessServer:input_type -> policy.kasregistry.GetKeyAccessServerRequest + 4, // 77: policy.kasregistry.KeyAccessServerRegistryService.CreateKeyAccessServer:input_type -> policy.kasregistry.CreateKeyAccessServerRequest + 6, // 78: policy.kasregistry.KeyAccessServerRegistryService.UpdateKeyAccessServer:input_type -> policy.kasregistry.UpdateKeyAccessServerRequest + 8, // 79: policy.kasregistry.KeyAccessServerRegistryService.DeleteKeyAccessServer:input_type -> policy.kasregistry.DeleteKeyAccessServerRequest + 26, // 80: policy.kasregistry.KeyAccessServerRegistryService.ListKeyAccessServerGrants:input_type -> policy.kasregistry.ListKeyAccessServerGrantsRequest + 28, // 81: policy.kasregistry.KeyAccessServerRegistryService.CreateKey:input_type -> policy.kasregistry.CreateKeyRequest + 30, // 82: policy.kasregistry.KeyAccessServerRegistryService.GetKey:input_type -> policy.kasregistry.GetKeyRequest + 32, // 83: policy.kasregistry.KeyAccessServerRegistryService.ListKeys:input_type -> policy.kasregistry.ListKeysRequest + 34, // 84: policy.kasregistry.KeyAccessServerRegistryService.UpdateKey:input_type -> policy.kasregistry.UpdateKeyRequest + 37, // 85: policy.kasregistry.KeyAccessServerRegistryService.RotateKey:input_type -> policy.kasregistry.RotateKeyRequest + 41, // 86: policy.kasregistry.KeyAccessServerRegistryService.SetBaseKey:input_type -> policy.kasregistry.SetBaseKeyRequest + 44, // 87: policy.kasregistry.KeyAccessServerRegistryService.GetBaseKey:input_type -> policy.kasregistry.GetBaseKeyRequest + 3, // 88: policy.kasregistry.KeyAccessServerRegistryService.ListKeyAccessServers:output_type -> policy.kasregistry.ListKeyAccessServersResponse + 1, // 89: policy.kasregistry.KeyAccessServerRegistryService.GetKeyAccessServer:output_type -> policy.kasregistry.GetKeyAccessServerResponse + 5, // 90: policy.kasregistry.KeyAccessServerRegistryService.CreateKeyAccessServer:output_type -> policy.kasregistry.CreateKeyAccessServerResponse + 7, // 91: policy.kasregistry.KeyAccessServerRegistryService.UpdateKeyAccessServer:output_type -> policy.kasregistry.UpdateKeyAccessServerResponse + 9, // 92: policy.kasregistry.KeyAccessServerRegistryService.DeleteKeyAccessServer:output_type -> policy.kasregistry.DeleteKeyAccessServerResponse + 27, // 93: policy.kasregistry.KeyAccessServerRegistryService.ListKeyAccessServerGrants:output_type -> policy.kasregistry.ListKeyAccessServerGrantsResponse + 29, // 94: policy.kasregistry.KeyAccessServerRegistryService.CreateKey:output_type -> policy.kasregistry.CreateKeyResponse + 31, // 95: policy.kasregistry.KeyAccessServerRegistryService.GetKey:output_type -> policy.kasregistry.GetKeyResponse + 33, // 96: policy.kasregistry.KeyAccessServerRegistryService.ListKeys:output_type -> policy.kasregistry.ListKeysResponse + 35, // 97: policy.kasregistry.KeyAccessServerRegistryService.UpdateKey:output_type -> policy.kasregistry.UpdateKeyResponse + 40, // 98: policy.kasregistry.KeyAccessServerRegistryService.RotateKey:output_type -> policy.kasregistry.RotateKeyResponse + 46, // 99: policy.kasregistry.KeyAccessServerRegistryService.SetBaseKey:output_type -> policy.kasregistry.SetBaseKeyResponse + 45, // 100: policy.kasregistry.KeyAccessServerRegistryService.GetBaseKey:output_type -> policy.kasregistry.GetBaseKeyResponse + 88, // [88:101] is the sub-list for method output_type + 75, // [75:88] is the sub-list for method input_type + 75, // [75:75] is the sub-list for extension type_name + 75, // [75:75] is the sub-list for extension extendee + 0, // [0:75] is the sub-list for field type_name } func init() { file_policy_kasregistry_key_access_server_registry_proto_init() } diff --git a/service/integration/kas_registry_key_test.go b/service/integration/kas_registry_key_test.go index 5f953b04c7..3203e5f8e7 100644 --- a/service/integration/kas_registry_key_test.go +++ b/service/integration/kas_registry_key_test.go @@ -28,7 +28,7 @@ const ( validKeyID3 = "key_id_3" keyID4 = "key_id_4" notFoundKasUUID = "123e4567-e89b-12d3-a456-426614174000" - keyCtx = `eyJrZXkiOiJ2YWx1ZSJ9Cg==` + keyCtx = `YS1wZW0K` providerConfigID = "123e4567-e89b-12d3-a456-426614174000" rotateKey = "rotate_key" nonRotateKey = "non_rotate_key" @@ -903,6 +903,10 @@ func (s *KasRegistryKeySuite) Test_SetBaseKey_Insert_Success() { s.NotNil(newBaseKey) s.Nil(newBaseKey.GetPreviousBaseKey()) s.Equal(key.GetKasKey().GetKey().GetKeyId(), newBaseKey.GetNewBaseKey().GetPublicKey().GetKid()) + s.Equal(key.GetKasKey().GetKey().GetKeyAlgorithm(), newBaseKey.GetNewBaseKey().GetPublicKey().GetAlgorithm()) + decodedKeyCtx, err := base64.StdEncoding.DecodeString(keyCtx) + s.Require().NoError(err) + s.Equal(string(decodedKeyCtx), newBaseKey.GetNewBaseKey().GetPublicKey().GetPem()) } func (s *KasRegistryKeySuite) Test_SetBaseKey_CannotSetPublicKeyOnlyKey_Fails() { diff --git a/service/pkg/db/marshalHelpers.go b/service/pkg/db/marshalHelpers.go index b8f1fd8f68..5375f9b42b 100644 --- a/service/pkg/db/marshalHelpers.go +++ b/service/pkg/db/marshalHelpers.go @@ -1,11 +1,9 @@ package db import ( - "encoding/base64" "encoding/json" "errors" "fmt" - "strconv" "github.com/opentdf/platform/protocol/go/common" "github.com/opentdf/platform/protocol/go/policy" @@ -125,7 +123,7 @@ func KasKeysProtoJSON(keysJSON []byte) ([]*policy.KasKey, error) { return keys, nil } -func formatAlg(alg policy.Algorithm) (string, error) { +func FormatAlg(alg policy.Algorithm) (string, error) { switch alg { case policy.Algorithm_ALGORITHM_RSA_2048: return "rsa:2048", nil @@ -151,24 +149,6 @@ func UnmarshalSimpleKasKey(keysJSON []byte) (*kasregistry.SimpleKasKey, error) { if err := protojson.Unmarshal(keysJSON, key); err != nil { return nil, err } - - // In the db, this is stored as an integer, which is parsed to a string - // and then converted to the correct algorithm format. - alg, err := strconv.ParseInt(key.GetPublicKey().GetAlgorithm(), 10, 32) - if err != nil { - return nil, err - } - algorithm, err := formatAlg(policy.Algorithm(alg)) - if err != nil { - return nil, err - } - // The pem should always be present and base64 encoded, as it is required for creating a key. - pem, err := base64.StdEncoding.DecodeString(key.GetPublicKey().GetPem()) - if err != nil { - return nil, err - } - key.PublicKey.Pem = string(pem) - key.PublicKey.Algorithm = algorithm } return key, nil } diff --git a/service/policy/db/key_access_server_registry.go b/service/policy/db/key_access_server_registry.go index cad1a14050..de94d12aab 100644 --- a/service/policy/db/key_access_server_registry.go +++ b/service/policy/db/key_access_server_registry.go @@ -782,6 +782,19 @@ func (c PolicyDBClient) SetBaseKeyOnWellKnownConfig(ctx context.Context) error { return err } + if baseKey != nil { + algorithm, err := db.FormatAlg(baseKey.GetPublicKey().GetAlgorithm()) + if err != nil { + return fmt.Errorf("failed to format algorithm: %w", err) + } + publicKey, ok := keyMap["public_key"].(map[string]any) + if !ok { + return errors.New("failed to cast public_key") + } + publicKey["algorithm"] = algorithm + keyMap["public_key"] = publicKey + } + wellknownconfiguration.UpdateConfigurationBaseKey(keyMap) return nil } diff --git a/service/policy/db/query.sql b/service/policy/db/query.sql index d14589df90..a951564091 100644 --- a/service/policy/db/query.sql +++ b/service/policy/db/query.sql @@ -1727,9 +1727,9 @@ SELECT DISTINCT JSONB_BUILD_OBJECT( 'kas_uri', kas.uri, 'public_key', JSONB_BUILD_OBJECT( - 'algorithm', kask.key_algorithm::TEXT, + 'algorithm', kask.key_algorithm::INTEGER, 'kid', kask.key_id, - 'pem', kask.public_key_ctx ->> 'pem' + 'pem', CONVERT_FROM(DECODE(kask.public_key_ctx ->> 'pem', 'base64'), 'UTF8') ) ) AS base_keys FROM base_keys bk diff --git a/service/policy/db/query.sql.go b/service/policy/db/query.sql.go index 8d0f4b5206..b2ddb2a0ed 100644 --- a/service/policy/db/query.sql.go +++ b/service/policy/db/query.sql.go @@ -3431,9 +3431,9 @@ SELECT DISTINCT JSONB_BUILD_OBJECT( 'kas_uri', kas.uri, 'public_key', JSONB_BUILD_OBJECT( - 'algorithm', kask.key_algorithm::TEXT, + 'algorithm', kask.key_algorithm::INTEGER, 'kid', kask.key_id, - 'pem', kask.public_key_ctx ->> 'pem' + 'pem', CONVERT_FROM(DECODE(kask.public_key_ctx ->> 'pem', 'base64'), 'UTF8') ) ) AS base_keys FROM base_keys bk @@ -3449,9 +3449,9 @@ INNER JOIN key_access_servers kas ON kask.key_access_server_id = kas.id // DISTINCT JSONB_BUILD_OBJECT( // 'kas_uri', kas.uri, // 'public_key', JSONB_BUILD_OBJECT( -// 'algorithm', kask.key_algorithm::TEXT, +// 'algorithm', kask.key_algorithm::INTEGER, // 'kid', kask.key_id, -// 'pem', kask.public_key_ctx ->> 'pem' +// 'pem', CONVERT_FROM(DECODE(kask.public_key_ctx ->> 'pem', 'base64'), 'UTF8') // ) // ) AS base_keys // FROM base_keys bk diff --git a/service/policy/kasregistry/key_access_server_registry.proto b/service/policy/kasregistry/key_access_server_registry.proto index 6a1c32054d..f0d6d3e5a0 100644 --- a/service/policy/kasregistry/key_access_server_registry.proto +++ b/service/policy/kasregistry/key_access_server_registry.proto @@ -606,7 +606,7 @@ message SetBaseKeyRequest { } message SimpleKasPublicKey { - string algorithm = 1; + Algorithm algorithm = 1; string kid = 2; string pem = 3; }