fix(protos): authorization service's ResourceAttribute message should map to updated platform policy schema

README.md

@@ -49,26 +49,31 @@ This should bring up a grpc server on port **9000** and http server on port **80
 ```bash
   grpcurl -plaintext localhost:9000 list
 
-  attributes.AttributesService
+  authorization.AuthorizationService
   grpc.reflection.v1.ServerReflection
   grpc.reflection.v1alpha.ServerReflection
   kasregistry.KeyAccessServerRegistryService
-  namespaces.NamespaceService
-  resourcemapping.ResourceMappingService
-  subjectmapping.SubjectMappingService
-
-  grpcurl -plaintext localhost:9000 list attributes.AttributesService
-
-  attributes.AttributesService.CreateAttribute
-  attributes.AttributesService.CreateAttributeValue
-  attributes.AttributesService.DeleteAttribute
-  attributes.AttributesService.DeleteAttributeValue
-  attributes.AttributesService.GetAttribute
-  attributes.AttributesService.GetAttributeValue
-  attributes.AttributesService.ListAttributeValues
-  attributes.AttributesService.ListAttributes
-  attributes.AttributesService.UpdateAttribute
-  attributes.AttributesService.UpdateAttributeValue
+  policy.attributes.AttributesService
+  policy.namespaces.NamespaceService
+  policy.resourcemapping.ResourceMappingService
+  policy.subjectmapping.SubjectMappingService
+
+  grpcurl -plaintext localhost:9000 list policy.attributes.AttributesService
+
+  policy.attributes.AttributesService.AssignKeyAccessServerToAttribute
+  policy.attributes.AttributesService.AssignKeyAccessServerToValue
+  policy.attributes.AttributesService.CreateAttribute
+  policy.attributes.AttributesService.CreateAttributeValue
+  policy.attributes.AttributesService.DeactivateAttribute
+  policy.attributes.AttributesService.DeactivateAttributeValue
+  policy.attributes.AttributesService.GetAttribute
+  policy.attributes.AttributesService.GetAttributeValue
+  policy.attributes.AttributesService.ListAttributeValues
+  policy.attributes.AttributesService.ListAttributes
+  policy.attributes.AttributesService.RemoveKeyAccessServerFromAttribute
+  policy.attributes.AttributesService.RemoveKeyAccessServerFromValue
+  policy.attributes.AttributesService.UpdateAttribute
+  policy.attributes.AttributesService.UpdateAttributeValue
 ```
 
 Create Attribute

docs/grpc/index.html

@@ -223,7 +223,7 @@ <h2>Table of Contents</h2>
                 </li>
 
                 <li>
-                  <a href="#authorization.ResourceAttributes"><span class="badge">M</span>ResourceAttributes</a>
+                  <a href="#authorization.ResourceAttribute"><span class="badge">M</span>ResourceAttribute</a>
                 </li>
 
 
@@ -730,7 +730,7 @@ <h3 id="authorization.Action">Action</h3>
 
 
         <h3 id="authorization.DecisionRequest">DecisionRequest</h3>
-        <p>Example Request Get Decisions to answer the question -  Do Bob (represented by entity chain ec1)</p><p>and Alice (represented by entity chain ec2) have TRANSMIT authorization for</p><p>2 resources; resource1 (attr-set-1) defined by attributes foo:bar  resource2 (attr-set-2) defined by attribute foo:bar, color:red ?</p><p>{</p><p>"actions": [</p><p>{</p><p>"standard": "STANDARD_ACTION_TRANSMIT"</p><p>}</p><p>],</p><p>"entityChains": [</p><p>{</p><p>"id": "ec1",</p><p>"entities": [</p><p>{</p><p>"emailAddress": "[email protected]"</p><p>}</p><p>]</p><p>},</p><p>{</p><p>"id": "ec2",</p><p>"entities": [</p><p>{</p><p>"userName": "[email protected]"</p><p>}</p><p>]</p><p>}</p><p>],</p><p>"resourceAttributes": [</p><p>{</p><p>"id": "attr-set-1",</p><p>"attributeValueReferences": [</p><p>{</p><p>"attributeFqn": "http://www.example.org/attr/foo/value/bar"</p><p>}</p><p>]</p><p>},</p><p>{</p><p>"id": "request-set-2",</p><p>"attributeValueReferences": [</p><p>{</p><p>"attributeFqn": "http://www.example.org/attr/foo/value/bar"</p><p>},</p><p>{</p><p>"attributeFqn": "http://www.example.org/attr/color/value/red"</p><p>}</p><p>]</p><p>}</p><p>]</p><p>}</p>
+        <p>Example Request Get Decisions to answer the question -  Do Bob (represented by entity chain ec1)</p><p>and Alice (represented by entity chain ec2) have TRANSMIT authorization for</p><p>2 resources; resource1 (attr-set-1) defined by attributes foo:bar  resource2 (attr-set-2) defined by attribute foo:bar, color:red ?</p><p>{</p><p>"actions": [</p><p>{</p><p>"standard": "STANDARD_ACTION_TRANSMIT"</p><p>}</p><p>],</p><p>"entityChains": [</p><p>{</p><p>"id": "ec1",</p><p>"entities": [</p><p>{</p><p>"emailAddress": "[email protected]"</p><p>}</p><p>]</p><p>},</p><p>{</p><p>"id": "ec2",</p><p>"entities": [</p><p>{</p><p>"userName": "[email protected]"</p><p>}</p><p>]</p><p>}</p><p>],</p><p>"resourceAttributes": [</p><p>{</p><p>"attributeValueReferences": [</p><p>{</p><p>"attributeFqn": "http://www.example.org/attr/foo/value/bar"</p><p>}</p><p>]</p><p>},</p><p>{</p><p>"attributeValueReferences": [</p><p>{</p><p>"attributeFqn": "http://www.example.org/attr/foo/value/bar"</p><p>},</p><p>{</p><p>"attributeFqn": "http://www.example.org/attr/color/value/red"</p><p>}</p><p>]</p><p>}</p><p>]</p><p>}</p>
 
 
           <table class="field-table">
@@ -755,7 +755,7 @@ <h3 id="authorization.DecisionRequest">DecisionRequest</h3>
 
                 <tr>
                   <td>resource_attributes</td>
-                  <td><a href="#authorization.ResourceAttributes">ResourceAttributes</a></td>
+                  <td><a href="#authorization.ResourceAttribute">ResourceAttribute</a></td>
                   <td>repeated</td>
                   <td><p> </p></td>
                 </tr>
@@ -1038,7 +1038,7 @@ <h3 id="authorization.GetEntitlementsRequest">GetEntitlementsRequest</h3>
 
                 <tr>
                   <td>scope</td>
-                  <td><a href="#authorization.ResourceAttributes">ResourceAttributes</a></td>
+                  <td><a href="#authorization.ResourceAttribute">ResourceAttribute</a></td>
                   <td>optional</td>
                   <td><p>optional attribute fqn as a scope </p></td>
                 </tr>
@@ -1074,7 +1074,7 @@ <h3 id="authorization.GetEntitlementsResponse">GetEntitlementsResponse</h3>
 
 
 
-        <h3 id="authorization.ResourceAttributes">ResourceAttributes</h3>
+        <h3 id="authorization.ResourceAttribute">ResourceAttribute</h3>
         <p>A logical bucket of attributes belonging to a "Resource"</p>
 
 
@@ -1085,14 +1085,7 @@ <h3 id="authorization.ResourceAttributes">ResourceAttributes</h3>
             <tbody>
 
                 <tr>
-                  <td>id</td>
-                  <td><a href="#string">string</a></td>
-                  <td></td>
-                  <td><p> </p></td>
-                </tr>
-
-                <tr>
-                  <td>attribute_id</td>
+                  <td>attribute_fqns</td>
                   <td><a href="#string">string</a></td>
                   <td>repeated</td>
                   <td><p> </p></td>

docs/openapi/authorization/authorization.swagger.json

@@ -57,13 +57,7 @@
         },
         "parameters": [
           {
-            "name": "scope.id",
-            "in": "query",
-            "required": false,
-            "type": "string"
-          },
-          {
-            "name": "scope.attributeId",
+            "name": "scope.attributeFqns",
             "in": "query",
             "required": false,
             "type": "array",
@@ -132,11 +126,11 @@
           "type": "array",
           "items": {
             "type": "object",
-            "$ref": "#/definitions/authorizationResourceAttributes"
+            "$ref": "#/definitions/authorizationResourceAttribute"
           }
         }
       },
-      "description": "{\n\"actions\": [\n{\n\"standard\": \"STANDARD_ACTION_TRANSMIT\"\n}\n],\n\"entityChains\": [\n{\n\"id\": \"ec1\",\n\"entities\": [\n{\n\"emailAddress\": \"[email protected]\"\n}\n]\n},\n{\n\"id\": \"ec2\",\n\"entities\": [\n{\n\"userName\": \"[email protected]\"\n}\n]\n}\n],\n\"resourceAttributes\": [\n{\n\"id\": \"attr-set-1\",\n\"attributeValueReferences\": [\n{\n\"attributeFqn\": \"http://www.example.org/attr/foo/value/bar\"\n}\n]\n},\n{\n\"id\": \"request-set-2\",\n\"attributeValueReferences\": [\n{\n\"attributeFqn\": \"http://www.example.org/attr/foo/value/bar\"\n},\n{\n\"attributeFqn\": \"http://www.example.org/attr/color/value/red\"\n}\n]\n}\n]\n}",
+      "description": "{\n\"actions\": [\n{\n\"standard\": \"STANDARD_ACTION_TRANSMIT\"\n}\n],\n\"entityChains\": [\n{\n\"id\": \"ec1\",\n\"entities\": [\n{\n\"emailAddress\": \"[email protected]\"\n}\n]\n},\n{\n\"id\": \"ec2\",\n\"entities\": [\n{\n\"userName\": \"[email protected]\"\n}\n]\n}\n],\n\"resourceAttributes\": [\n{\n\"attributeValueReferences\": [\n{\n\"attributeFqn\": \"http://www.example.org/attr/foo/value/bar\"\n}\n]\n},\n{\n\"attributeValueReferences\": [\n{\n\"attributeFqn\": \"http://www.example.org/attr/foo/value/bar\"\n},\n{\n\"attributeFqn\": \"http://www.example.org/attr/color/value/red\"\n}\n]\n}\n]\n}",
       "title": "Example Request Get Decisions to answer the question -  Do Bob (represented by entity chain ec1)\nand Alice (represented by entity chain ec2) have TRANSMIT authorization for\n2 resources; resource1 (attr-set-1) defined by attributes foo:bar  resource2 (attr-set-2) defined by attribute foo:bar, color:red ?"
     },
     "authorizationDecisionResponse": {
@@ -263,13 +257,10 @@
       "description": "{\n\"entitlements\":  [\n{\n\"entityId\":  \"e1\",\n\"attributeValueReferences\":  [\n{\n\"attributeFqn\":  \"http://www.example.org/attr/foo/value/bar\"\n}\n]\n},\n{\n\"entityId\":  \"e2\",\n\"attributeValueReferences\":  [\n{\n\"attributeFqn\":  \"http://www.example.org/attr/color/value/red\"\n}\n]\n}\n]\n}",
       "title": "Example Response for a request of : Get entitlements for bob and alice (both represented using an email address"
     },
-    "authorizationResourceAttributes": {
+    "authorizationResourceAttribute": {
       "type": "object",
       "properties": {
-        "id": {
-          "type": "string"
-        },
-        "attributeId": {
+        "attributeFqns": {
           "type": "array",
           "items": {
             "type": "string"

examples/cmd/authorization.go

@@ -43,8 +43,8 @@ func authorizationExamples(examplesConfig *ExampleConfig) error {
 	}}
 
 	// TODO Get attribute value ids
-	tradeSecretAttributeValueId := "replaceme"
-	openAttributeValueId := "Open"
+	tradeSecretAttributeValueFqn := "https://namespace.com/attr/attr_name/val/replaceme"
+	openAttributeValueFqn := "https://open.io/attr/attr_name/val/open"
 
 	slog.Info("Getting decision for bob and alice for transmit action on resource set with trade secret and resource" +
 		" set with trade secret + open attribute values")
@@ -53,10 +53,9 @@ func authorizationExamples(examplesConfig *ExampleConfig) error {
 	drs = append(drs, &authorization.DecisionRequest{
 		Actions:      actions,
 		EntityChains: entityChains,
-		ResourceAttributes: []*authorization.ResourceAttributes{
-			{Id: "request-set-1", AttributeId: []string{tradeSecretAttributeValueId}}, // request-set-1 is arbitrary tracking id
-			{Id: "request-set-2", AttributeId: []string{tradeSecretAttributeValueId, openAttributeValueId}},
-		}, // request-set-2 is arbitrary tracking id
+		ResourceAttributes: []*authorization.ResourceAttribute{
+			{AttributeFqns: []string{tradeSecretAttributeValueFqn, openAttributeValueFqn}},
+		},
 	})
 
 	decisionRequest := &authorization.GetDecisionsRequest{DecisionRequests: drs}