From 56f5c105e6eea389a96a360af04fc6c9874ff391 Mon Sep 17 00:00:00 2001
From: jakedoublev <jake.vanvorhis@virtru.com>
Date: Thu, 18 Jan 2024 13:54:49 -0800
Subject: [PATCH 1/3] fix Timestamp proto type value in PolicyMetadata

---
 proto/common/common.proto | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/proto/common/common.proto b/proto/common/common.proto
index a996463b84..bd5f1cb5e1 100644
--- a/proto/common/common.proto
+++ b/proto/common/common.proto
@@ -3,13 +3,14 @@ syntax = "proto3";
 package common;
 
 import "buf/validate/validate.proto";
+import "google/protobuf/timestamp.proto";
 
 // Struct to uniquely identify a resource with optional additional metadata
 message PolicyMetadata {
   // created_at set by server (entity who created will recorded in an audit event)
-  Timestamp created_at = 1;
+  google.protobuf.Timestamp created_at = 1;
   // updated_at set by server (entity who updated will recorded in an audit event)
-  Timestamp updated_at = 2;
+  google.protobuf.Timestamp updated_at = 2;
   // optional short description
   map<string, string> labels = 3;
   // optional long description

From 0c29950f678a5f959c097d221558dfa1dc0ad6cb Mon Sep 17 00:00:00 2001
From: jakedoublev <jake.vanvorhis@virtru.com>
Date: Thu, 18 Jan 2024 17:17:43 -0800
Subject: [PATCH 2/3] simplify attributes.proto according to ERD

---
 proto/attributes/attributes.proto | 198 +++++++++++++++++++++---------
 1 file changed, 138 insertions(+), 60 deletions(-)

diff --git a/proto/attributes/attributes.proto b/proto/attributes/attributes.proto
index 601b884e2b..1e5a2c8494 100644
--- a/proto/attributes/attributes.proto
+++ b/proto/attributes/attributes.proto
@@ -8,12 +8,12 @@ import "google/api/annotations.proto";
 
 message Attribute {
   // Namespace namespace = 1;
-  AttributeDefinition definition = 1;
-  AttributeDefinitionValue value = 2;
+  Definition definition = 1;
+  repeated Value value = 2;
 }
 
 // Attribute Definition
-message AttributeDefinition {
+message Definition {
   enum AttributeRuleType {
     UNSPECIFIED = 0;
     ALL_OF = 1;
@@ -40,7 +40,7 @@ message AttributeDefinition {
 }
 
 // Definition of a single attribute value
-message AttributeDefinitionValue {
+message Value {
   common.PolicyMetadata metadata = 1;
 
   // generated uuid in database
@@ -57,12 +57,12 @@ message AttributeDefinitionValue {
   string attribute_public_key = 6;
 }
 
-message AttributeDefinitionKeyAccessGrant {
+message DefinitionKeyAccessGrant {
   string attribute_definition_id = 1;
   string key_access_servers_id = 2;
 }
 
-message AttributeValueKeyAccessGrant {
+message ValueKeyAccessGrant {
   string attribute_value_id = 1;
   string key_access_servers_id = 2;
 }
@@ -72,117 +72,195 @@ message AttributeValueKeyAccessGrant {
 */
 
 message GetAttributeRequest {
-  string id = 1 [(buf.validate.field).required = true];
+  string definitionId = 1 [(buf.validate.field).required = true];
 }
 message GetAttributeResponse {
   Attribute attribute = 1;
 }
 
 message ListAttributesRequest {}
-
 message ListAttributesResponse {
   repeated Attribute attributes = 1;
 }
 
-message CreateAttributeDefinitionRequest {
-  AttributeDefinition definition = 1 [(buf.validate.field).required = true];
-}
-message CreateAttributeDefinitionResponse {}
-
-message UpdateAttributeDefinitionRequest {
+message GetDefinitionRequest {
   string id = 1 [(buf.validate.field).required = true];
-  AttributeDefinition definition = 2 [(buf.validate.field).required = true];
 }
-message UpdateAttributeResponse {}
+message GetDefinitionResponse {
+  Definition definition = 1;
+}
 
-message DeleteAttributeRequest {
-  int32 id = 1 [(buf.validate.field).required = true];
+message ListDefinitionsRequest {}
+message ListDefinitionsResponse {
+  repeated Definition definitions = 1;
 }
-message DeleteAttributeResponse {}
 
-message GetAttributeGroupRequest {
-  int32 id = 1 [(buf.validate.field).required = true];
+message CreateDefinitionRequest {
+  Definition definition = 1 [(buf.validate.field).required = true];
 }
+message CreateDefinitionResponse {}
 
-message GetAttributeGroupResponse {
-  AttributeGroup group = 1;
+message UpdateDefinitionRequest {
+  string id = 1 [(buf.validate.field).required = true];
+  Definition definition = 2 [(buf.validate.field).required = true];
 }
+message UpdateDefinitionResponse {}
 
-message ListAttributeGroupsRequest {
-  common.ResourceSelector selector = 1;
+message DeleteDefinitionRequest {
+  string id = 1 [(buf.validate.field).required = true];
 }
+message DeleteDefinitionResponse {}
 
-message ListAttributeGroupsResponse {
-  repeated AttributeGroup groups = 1;
+message GetValueRequest {
+  string id = 1 [(buf.validate.field).required = true];
+}
+message GetValueResponse {
+  Value value = 1;
 }
 
-message CreateAttributeGroupRequest {
-  AttributeGroup group = 1 [(buf.validate.field).required = true];
+message ListValuesRequest {}
+message ListValuesResponse {
+  repeated Value values = 1;
 }
 
-message CreateAttributeGroupResponse {}
+message CreateValueRequest {
+  Value value = 1 [(buf.validate.field).required = true];
+}
+message CreateValueResponse {}
 
-message UpdateAttributeGroupRequest {
-  int32 id = 1 [(buf.validate.field).required = true];
-  AttributeGroup group = 2 [(buf.validate.field).required = true];
+message UpdateValueRequest {
+  string id = 1 [(buf.validate.field).required = true];
+  Value value = 2 [(buf.validate.field).required = true];
 }
-message UpdateAttributeGroupResponse {}
+message UpdateValueResponse {}
 
-message DeleteAttributeGroupRequest {
-  int32 id = 1 [(buf.validate.field).required = true];
+message DeleteValueRequest {
+  string id = 1 [(buf.validate.field).required = true];
 }
-message DeleteAttributeGroupResponse {}
+message DeleteValueResponse {}
+
+// message GetAttributeGroupRequest {
+//   int32 id = 1 [(buf.validate.field).required = true];
+// }
+
+// message GetAttributeGroupResponse {
+//   AttributeGroup group = 1;
+// }
+
+// message ListAttributeGroupsRequest {
+//   common.ResourceSelector selector = 1;
+// }
+
+// message ListAttributeGroupsResponse {
+//   repeated AttributeGroup groups = 1;
+// }
+
+// message CreateAttributeGroupRequest {
+//   AttributeGroup group = 1 [(buf.validate.field).required = true];
+// }
+
+// message CreateAttributeGroupResponse {}
+
+// message UpdateAttributeGroupRequest {
+//   int32 id = 1 [(buf.validate.field).required = true];
+//   AttributeGroup group = 2 [(buf.validate.field).required = true];
+// }
+// message UpdateAttributeGroupResponse {}
+
+// message DeleteAttributeGroupRequest {
+//   int32 id = 1 [(buf.validate.field).required = true];
+// }
+// message DeleteAttributeGroupResponse {}
 
 service AttributesService {
+  /** Attribute (Definition & Value(s)) read-only convenience functions **/
   rpc GetAttribute(GetAttributeRequest) returns (GetAttributeResponse) {
-    option (google.api.http) = {get: "/v1/attribute/definitions/{id}"};
+    option (google.api.http) = {get: "/attribute/definitions/{id}"};
   }
 
-  rpc GetAttributeGroup(GetAttributeGroupRequest) returns (GetAttributeGroupResponse) {
-    option (google.api.http) = {get: "/v1/attribute/groups/{id}"};
+  rpc ListAttributes(ListAttributesRequest) returns (ListAttributesResponse) {
+    option (google.api.http) = {get: "/attribute/definitions"};
   }
 
-  rpc ListAttributes(ListAttributesRequest) returns (ListAttributesResponse) {
-    option (google.api.http) = {get: "/v1/attribute/definitions"};
+  /** Attribute Definition **/
+  rpc GetDefinition(GetDefinitionRequest) returns (GetDefinitionResponse) {
+    option (google.api.http) = {get: "/attribute/definitions/{id}"};
   }
 
-  rpc ListAttributeGroups(ListAttributeGroupsRequest) returns (ListAttributeGroupsResponse) {
-    option (google.api.http) = {get: "/v1/attribute/groups"};
+  rpc ListDefinitions(ListDefinitionsRequest) returns (ListDefinitionsResponse) {
+    option (google.api.http) = {get: "/attribute/definitions"};
   }
 
-  rpc CreateAttribute(CreateAttributeRequest) returns (CreateAttributeResponse) {
+  rpc CreateDefinition(CreateDefinitionRequest) returns (CreateDefinitionResponse) {
     option (google.api.http) = {
-      post: "/v1/attributes/definitions"
+      post: "/attribute/definitions"
       body: "definition"
     };
   }
 
-  rpc CreateAttributeGroup(CreateAttributeGroupRequest) returns (CreateAttributeGroupResponse) {
+  rpc UpdateDefinition(UpdateDefinitionRequest) returns (UpdateDefinitionResponse) {
     option (google.api.http) = {
-      post: "/v1/attributes/groups"
-      body: "group"
+      post: "/attribute/definitions/{id}"
+      body: "definition"
     };
   }
 
-  rpc UpdateAttribute(UpdateAttributeRequest) returns (UpdateAttributeResponse) {
+  rpc DeleteDefinition(DeleteDefinitionRequest) returns (DeleteDefinitionResponse) {
+    option (google.api.http) = {delete: "/attribute/definitions/{id}"};
+  }
+
+  /** Attribute Value **/
+
+  rpc GetValue(GetValueRequest) returns (GetValueResponse) {
+    option (google.api.http) = {get: "/attribute/values/{id}"};
+  }
+
+  rpc ListValues(ListValuesRequest) returns (ListValuesResponse) {
+    option (google.api.http) = {get: "/attribute/values"};
+  }
+
+  rpc CreateValue(CreateValueRequest) returns (CreateValueResponse) {
     option (google.api.http) = {
-      post: "/v1/attribute/definitions/{id}"
-      body: "definition"
+      post: "/attribute/values"
+      body: "value"
     };
   }
 
-  rpc UpdateAttributeGroup(UpdateAttributeGroupRequest) returns (UpdateAttributeGroupResponse) {
+  rpc UpdateValue(UpdateValueRequest) returns (UpdateValueResponse) {
     option (google.api.http) = {
-      post: "/v1/attribute/groups/{id}"
-      body: "group"
+      post: "/attribute/values/{id}"
+      body: "value"
     };
   }
 
-  rpc DeleteAttribute(DeleteAttributeRequest) returns (DeleteAttributeResponse) {
-    option (google.api.http) = {delete: "/v1/attribute/definitions/{id}"};
+  rpc DeleteValue(DeleteValueRequest) returns (DeleteValueResponse) {
+    option (google.api.http) = {delete: "/attribute/values/{id}"};
   }
 
-  rpc DeleteAttributeGroup(DeleteAttributeGroupRequest) returns (DeleteAttributeGroupResponse) {
-    option (google.api.http) = {delete: "/v1/attribute/groups/{id}"};
-  }
+  /** Attribute Groups **/
+  // rpc GetAttributeGroup(GetAttributeGroupRequest) returns (GetAttributeGroupResponse) {
+  //   option (google.api.http) = {get: "/attribute/groups/{id}"};
+  // }
+
+  // rpc ListAttributeGroups(ListAttributeGroupsRequest) returns (ListAttributeGroupsResponse) {
+  //   option (google.api.http) = {get: "/attribute/groups"};
+  // }
+
+  // rpc CreateAttributeGroup(CreateAttributeGroupRequest) returns (CreateAttributeGroupResponse) {
+  //   option (google.api.http) = {
+  //     post: "/attributes/groups"
+  //     body: "group"
+  //   };
+  // }
+
+  // rpc UpdateAttributeGroup(UpdateAttributeGroupRequest) returns (UpdateAttributeGroupResponse) {
+  //   option (google.api.http) = {
+  //     post: "/attribute/groups/{id}"
+  //     body: "group"
+  //   };
+  // }
+
+  // rpc DeleteAttributeGroup(DeleteAttributeGroupRequest) returns (DeleteAttributeGroupResponse) {
+  //   option (google.api.http) = {delete: "/attribute/groups/{id}"};
+  // }
 }

From a59669f8eec7c3cc30e483cc27191f0c03737e93 Mon Sep 17 00:00:00 2001
From: jakedoublev <jake.vanvorhis@virtru.com>
Date: Thu, 18 Jan 2024 17:33:52 -0800
Subject: [PATCH 3/3] provide grpcurl examples for attributes and respond with
 created/updated values in those rpc flows

---
 proto/attributes/attributes.proto | 125 ++++++++++++++++++++++++++++--
 1 file changed, 120 insertions(+), 5 deletions(-)

diff --git a/proto/attributes/attributes.proto b/proto/attributes/attributes.proto
index 1e5a2c8494..31793bca92 100644
--- a/proto/attributes/attributes.proto
+++ b/proto/attributes/attributes.proto
@@ -9,7 +9,7 @@ import "google/api/annotations.proto";
 message Attribute {
   // Namespace namespace = 1;
   Definition definition = 1;
-  repeated Value value = 2;
+  repeated Value values = 2;
 }
 
 // Attribute Definition
@@ -98,13 +98,17 @@ message ListDefinitionsResponse {
 message CreateDefinitionRequest {
   Definition definition = 1 [(buf.validate.field).required = true];
 }
-message CreateDefinitionResponse {}
+message CreateDefinitionResponse {
+  Definition definition = 1;
+}
 
 message UpdateDefinitionRequest {
   string id = 1 [(buf.validate.field).required = true];
   Definition definition = 2 [(buf.validate.field).required = true];
 }
-message UpdateDefinitionResponse {}
+message UpdateDefinitionResponse {
+  Definition definition = 1;
+}
 
 message DeleteDefinitionRequest {
   string id = 1 [(buf.validate.field).required = true];
@@ -126,13 +130,17 @@ message ListValuesResponse {
 message CreateValueRequest {
   Value value = 1 [(buf.validate.field).required = true];
 }
-message CreateValueResponse {}
+message CreateValueResponse {
+  Value value = 1;
+}
 
 message UpdateValueRequest {
   string id = 1 [(buf.validate.field).required = true];
   Value value = 2 [(buf.validate.field).required = true];
 }
-message UpdateValueResponse {}
+message UpdateValueResponse {
+  Value value = 1;
+}
 
 message DeleteValueRequest {
   string id = 1 [(buf.validate.field).required = true];
@@ -264,3 +272,110 @@ service AttributesService {
   //   option (google.api.http) = {delete: "/attribute/groups/{id}"};
   // }
 }
+
+
+/*
+
+  Attribute Service Examples
+
+  CREATE a definition:
+    Request:
+        grpcurl -plaintext -d @ localhost:9000 attributes.AttributesService/CreateDefinition <<EOM
+        {
+          "definition": {
+            "namespace_id": "namespace-uuid",
+            "name": "relto",
+            "rule": "ALL_OF"
+          },
+          "metadata": {
+            "labels": {
+              "origin": "Country of Origin"
+            },
+            "description": "The relto attribute is used to describe the relationship of the resource to the country of origin."
+          }
+        }
+        EOM
+    Response:
+        {
+          "definition": {
+            "metadata": {
+              "created_at": "2020-07-28T20:20:20.000Z",
+              "updated_at": "2020-07-28T20:20:20.000Z",
+              "labels": {
+                "origin": "Country of Origin"
+              },
+              "description": "The relto attribute is used to describe the relationship of the resource to the country of origin."
+            },
+            "id": "relto-attribute-uuid",
+            "namespace_id": "namespace-uuid",
+            "name": "relto",
+            "rule": "ALL_OF"
+          }
+        }
+
+  Now CREATE two values assigned to it:
+    Request:
+        grpcurl -plaintext -d @ localhost:9000 attributes.AttributesService/CreateValue <<EOM
+        {
+          "value": {
+            "attribute_definition_id": "relto-attribute-uuid",
+            "value": "USA"
+          }
+        }
+        EOM
+        grpcurl -plaintext -d @ localhost:9000 attributes.AttributesService/CreateValue <<EOM
+        {
+          "value": {
+            "attribute_definition_id": "relto-attribute-uuid",
+            "value": "GBR"
+          }
+        }
+  
+  Now LIST all Attribute Definitions & their associated Value(s):
+    Request:
+        grpcurl -plaintext -d @ localhost:9000 attributes.AttributesService/ListAttributes <<EOM
+        {}
+        EOM
+    Response:
+        {
+          "attributes": [
+            {
+              "definition": {
+                "metadata": {
+                  "created_at": "2020-07-28T20:20:20.000Z",
+                  "updated_at": "2020-07-28T20:20:20.000Z",
+                  "labels": {
+                    "origin": "Country of Origin"
+                  },
+                  "description": "The relto attribute is used to describe the relationship of the resource to the country of origin."
+                },
+                "id": "relto-attribute-uuid",
+                "namespace_id": "namespace-uuid",
+                "name": "relto",
+                "rule": "ALL_OF"
+              },
+              "values": [
+                {
+                  "metadata": {
+                    "created_at": "2020-07-28T20:20:20.000Z",
+                    "updated_at": "2020-07-28T20:20:20.000Z"
+                  },
+                  "id": "relto-attribute-value-uuid",
+                  "attribute_definition_id": "relto-attribute-uuid",
+                  "value": "USA"
+                },
+                {
+                  "metadata": {
+                    "created_at": "2020-07-28T20:20:20.000Z",
+                    "updated_at": "2020-07-28T20:20:20.000Z"
+                  },
+                  "id": "relto-attribute-value-uuid",
+                  "attribute_definition_id": "relto-attribute-uuid",
+                  "value": "GBR"
+                }
+              ]
+            }
+          ]
+        }
+
+*/
\ No newline at end of file