fix: add back grants to listAttributesByDefOrValueFqns

service/policy/db/query.sql

@@ -457,9 +457,19 @@ WITH target_definition AS (
         ad.rule,
         ad.active,
         ad.values_order,
+        JSONB_AGG(
+	        DISTINCT JSONB_BUILD_OBJECT(
+	            'id', kas.id,
+	            'uri', kas.uri,
+                'name', kas.name,
+	            'public_key', kas.public_key
+	        )
+	    ) FILTER (WHERE kas.id IS NOT NULL) AS grants,
         defk.keys AS keys
     FROM attribute_fqns fqns
     INNER JOIN attribute_definitions ad ON fqns.attribute_id = ad.id
+    LEFT JOIN attribute_definition_key_access_grants adkag ON ad.id = adkag.attribute_definition_id
+    LEFT JOIN key_access_servers kas ON adkag.key_access_server_id = kas.id
     LEFT JOIN (
         SELECT
             k.definition_id,
@@ -491,11 +501,21 @@ namespaces AS (
 			'name', n.name,
 			'active', n.active,
 	        'fqn', fqns.fqn,
+            'grants', JSONB_AGG(
+	            DISTINCT JSONB_BUILD_OBJECT(
+	                'id', kas.id,
+	                'uri', kas.uri,
+                    'name', kas.name,
+	                'public_key', kas.public_key
+	            )
+	        ) FILTER (WHERE kas.id IS NOT NULL),
             'kas_keys', nmp_keys.keys
     	) AS namespace
 	FROM target_definition td
 	INNER JOIN attribute_namespaces n ON td.namespace_id = n.id
 	INNER JOIN attribute_fqns fqns ON n.id = fqns.namespace_id
+    LEFT JOIN attribute_namespace_key_access_grants ankag ON n.id = ankag.namespace_id
+	LEFT JOIN key_access_servers kas ON ankag.key_access_server_id = kas.id
     LEFT JOIN (
         SELECT
             k.namespace_id,
@@ -519,6 +539,23 @@ namespaces AS (
 		AND (fqns.attribute_id IS NULL AND fqns.value_id IS NULL)
 	GROUP BY n.id, fqns.fqn, nmp_keys.keys
 ),
+value_grants AS (
+	SELECT
+		av.id,
+		JSON_AGG(
+			DISTINCT JSONB_BUILD_OBJECT(
+				'id', kas.id,
+                'uri', kas.uri,
+                'name', kas.name,
+                'public_key', kas.public_key
+            )
+		) FILTER (WHERE kas.id IS NOT NULL) AS grants
+	FROM target_definition td
+	LEFT JOIN attribute_values av on td.id = av.attribute_definition_id
+	LEFT JOIN attribute_value_key_access_grants avkag ON av.id = avkag.attribute_value_id
+	LEFT JOIN key_access_servers kas ON avkag.key_access_server_id = kas.id
+	GROUP BY av.id
+),
 value_subject_mappings AS (
 	SELECT
 		av.id,
@@ -583,6 +620,7 @@ values AS (
 	            'value', av.value,
 	            'active', av.active,
 	            'fqn', fqns.fqn,
+                'grants', avg.grants,
 	            'subject_mappings', avsm.sub_maps,
                 'resource_mappings', avrm.res_maps,
                 'kas_keys', value_keys.keys
@@ -592,6 +630,7 @@ values AS (
 	FROM target_definition td
 	LEFT JOIN attribute_values av ON td.id = av.attribute_definition_id
 	LEFT JOIN attribute_fqns fqns ON av.id = fqns.value_id
+    LEFT JOIN value_grants avg ON av.id = avg.id
 	LEFT JOIN value_subject_mappings avsm ON av.id = avsm.id
     LEFT JOIN value_resource_mappings avrm ON av.id = avrm.id
     LEFT JOIN (
@@ -624,6 +663,7 @@ SELECT
 	n.namespace,
 	fqns.fqn,
 	values.values,
+    td.grants,
     td.keys
 FROM target_definition td
 INNER JOIN attribute_fqns fqns ON td.id = fqns.attribute_id