diff --git a/otdf-python-proto/proto-files/authorization/v2/authorization.proto b/otdf-python-proto/proto-files/authorization/v2/authorization.proto index 457aee4..83f9bd3 100644 --- a/otdf-python-proto/proto-files/authorization/v2/authorization.proto +++ b/otdf-python-proto/proto-files/authorization/v2/authorization.proto @@ -11,7 +11,6 @@ enum Decision { DECISION_UNSPECIFIED = 0; DECISION_DENY = 1; DECISION_PERMIT = 2; - // DECISION_OBLIGATED = 3; } // The EntityIdentifier specifies the actor in an entitlement or decision request - the PE, NPE, or PE+NPE being authorized. @@ -41,6 +40,13 @@ message EntityIdentifier { message: "token must be provided" expression: "has(this.jwt) && this.jwt.size() > 0" }]; + + // derive the entity from the request's authorization access token JWT, rather than passing in the body + google.protobuf.BoolValue with_request_token = 4 [(buf.validate.field).cel = { + id: "with_request_token_must_be_true" + message: "with_request_token must be true when set" + expression: "this == true" + }]; } } @@ -84,12 +90,17 @@ message ResourceDecision { string ephemeral_resource_id = 1; // decision result Decision decision = 2; + // obligations (fully qualified values) the PEP is required to fulfill on the given resource + // i.e. https:///obl//value/ + repeated string required_obligations = 3; } // Can the identified entity/entities access? // 1. one entity reference (actor) // 2. one action // 3. one resource +// +// If entitled, checks obligation policy: fulfillable obligations must satisfy all triggered. message GetDecisionRequest { // an entity must be identified for authorization decisioning EntityIdentifier entity_identifier = 1 [(buf.validate.field).required = true]; @@ -97,6 +108,14 @@ message GetDecisionRequest { policy.Action action = 2 [(buf.validate.field).required = true]; Resource resource = 3 [(buf.validate.field).required = true]; + // obligations (fully qualified values) the requester is capable of fulfilling + // i.e. https:///obl//value/ + repeated string fulfillable_obligation_fqns = 4 [(buf.validate.field).cel = { + id: "obligation_value_fqns_valid" + message: "if provided, fulfillable_obligation_fqns must be between 1 and 50 in count with all valid FQNs" + expression: "this.size() == 0 || (this.size() <= 50 && this.all(item, item.isUri()))" + }]; + option (buf.validate.message).cel = { id: "get_decision_request.action_name_required" message: "action.name must be provided" @@ -106,26 +125,33 @@ message GetDecisionRequest { message GetDecisionResponse { // decision on the resource ResourceDecision decision = 1; - // optional list of obligations represented in URI format - // repeated string obligations = 2; } // Can the identified entity/entities access? // 1. one entity reference (actor) // 2. one action // 3. multiple resources +// +// If entitled, checks obligation policy: fulfillable obligations must satisfy all triggered. +// // Note: this is a more performant bulk request for multiple resource decisions, up to 1000 per request message GetDecisionMultiResourceRequest { // an entity must be identified for authorization decisioning EntityIdentifier entity_identifier = 1 [(buf.validate.field).required = true]; // name on action is required policy.Action action = 2 [(buf.validate.field).required = true]; - repeated Resource resources = 3 [ - (buf.validate.field).repeated = { - min_items: 1 - max_items: 1000 - } - ]; + repeated Resource resources = 3 [(buf.validate.field).repeated = { + min_items: 1 + max_items: 1000 + }]; + + // obligations (fully qualified values) the requester is capable of fulfilling + // i.e. https:///obl//value/ + repeated string fulfillable_obligation_fqns = 4 [(buf.validate.field).cel = { + id: "obligation_value_fqns_valid" + message: "if provided, fulfillable_obligation_fqns must be between 1 and 50 in count with all valid FQNs" + expression: "this.size() == 0 || (this.size() <= 50 && this.all(item, item.isUri()))" + }]; option (buf.validate.message).cel = { id: "get_decision_multi_request.action_name_required" @@ -145,12 +171,10 @@ message GetDecisionMultiResourceResponse { // This is a more performant bulk request for complex decisioning (i.e. multiple entity chains or actions on // multiple resources) message GetDecisionBulkRequest { - repeated GetDecisionMultiResourceRequest decision_requests = 1 [ - (buf.validate.field).repeated = { - min_items: 1 - max_items: 200 - } - ]; + repeated GetDecisionMultiResourceRequest decision_requests = 1 [(buf.validate.field).repeated = { + min_items: 1 + max_items: 200 + }]; } message GetDecisionBulkResponse { repeated GetDecisionMultiResourceResponse decision_responses = 1; diff --git a/otdf-python-proto/proto-files/common/common.proto b/otdf-python-proto/proto-files/common/common.proto index 645235d..bb3af37 100644 --- a/otdf-python-proto/proto-files/common/common.proto +++ b/otdf-python-proto/proto-files/common/common.proto @@ -3,6 +3,30 @@ syntax = "proto3"; package common; import "google/protobuf/timestamp.proto"; +import "buf/validate/validate.proto"; + +message IdNameIdentifier { + option (buf.validate.message).oneof = { fields: ["id", "name"], required: true }; + string id = 1 [(buf.validate.field).string.uuid = true]; + string name = 2 [ + (buf.validate.field).string.min_len = 1, + (buf.validate.field).string.max_len = 253, + (buf.validate.field).cel = { + id: "name_format" + message: "Name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored name will be normalized to lower case." + expression: "this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$')" + } + ]; +} + +message IdFqnIdentifier { + option (buf.validate.message).oneof = { fields: ["id", "fqn"], required: true }; + string id = 1 [(buf.validate.field).string.uuid = true]; + string fqn = 2 [(buf.validate.field).string = { + min_len: 1 + uri: true + }]; +} // Struct to uniquely identify a resource with optional additional metadata message Metadata { diff --git a/otdf-python-proto/proto-files/entityresolution/v2/entity_resolution.proto b/otdf-python-proto/proto-files/entityresolution/v2/entity_resolution.proto index 7dffbf3..f37cd19 100644 --- a/otdf-python-proto/proto-files/entityresolution/v2/entity_resolution.proto +++ b/otdf-python-proto/proto-files/entityresolution/v2/entity_resolution.proto @@ -6,11 +6,20 @@ import "buf/validate/validate.proto"; import "entity/entity.proto"; import "google/protobuf/any.proto"; import "google/protobuf/struct.proto"; +import "authorization/v2/authorization.proto"; + +// Entity Entitlements that do not require subject mappings (experimental) +message DirectEntitlement { + string attribute_value_fqn = 1; + repeated string actions = 2; +} message EntityRepresentation { // ephemeral entity id from the request string original_id = 1; repeated google.protobuf.Struct additional_props = 2; + // direct entitlements applied to Entity (experimental) + repeated DirectEntitlement direct_entitlements = 3; } // Resolve a set of entities to their representations. @@ -34,6 +43,8 @@ message EntityNotFoundError { // Create an entity chain for each token (JWT) in the request. message CreateEntityChainsFromTokensRequest { repeated entity.Token tokens = 1; + // resources to consider for direct entitlements (experimental) + repeated authorization.v2.Resource resources = 2; } message CreateEntityChainsFromTokensResponse { diff --git a/otdf-python-proto/proto-files/kas/kas.proto b/otdf-python-proto/proto-files/kas/kas.proto index a19bc84..7563a25 100644 --- a/otdf-python-proto/proto-files/kas/kas.proto +++ b/otdf-python-proto/proto-files/kas/kas.proto @@ -31,52 +31,153 @@ message LegacyPublicKeyRequest { string algorithm = 1; } +// Policy binding ensures cryptographic integrity between policy and wrapped key +// Prevents policy tampering by binding the policy hash to the encrypted key message PolicyBinding { + // Cryptographic hashing algorithm used for policy binding + // Optional: ZTDF (when policy_binding is an object) + // Value: Always "HS256" (HMAC-SHA256) - other algorithms not supported + // Example: "HS256" string algorithm = 1 [json_name = "alg"]; + + // HMAC-SHA256 hash of the base64-encoded policy using the DEK as the secret key + // 4.2.2 TDFs are hex and base64 encoded before HMAC computation + // Required: ZTDF (when policy_binding is an object) + // Links the policy content to the wrapped DEK cryptographically via HMAC + // Computed as HMAC-SHA256(DEK, base64_policy) then hex-encoded and base64-encoded string hash = 2; } +// Key Access Object containing cryptographic material and metadata for TDF decryption message KeyAccess { + // Base64-encoded encrypted metadata containing additional key information + // Optional: Not used during KAS rewrap operations (client-side only) + // KAS service passes this through without processing or validation string encrypted_metadata = 1; + + // Policy binding ensuring cryptographic integrity between policy and wrapped key + // Required: ZTDF (contains hash and algorithm) + // Links the policy to the wrapped key cryptographically PolicyBinding policy_binding = 2; + + // Protocol identifier for the key access mechanism + // Optional: Defaults to 'kas' + // Typically: 'kas' for standard Key Access Service protocol + // Example: "kas" string protocol = 3; + + // Type of key wrapping used for the data encryption key + // Required: Always + // Values: 'wrapped' (RSA-wrapped for ZTDF), 'ec-wrapped' (experimental ECDH-wrapped) string key_type = 4 [json_name = "type"]; + + // URL of the Key Access Server that can unwrap this key + // Optional: May be omitted if KAS URL is known from context + // Used to route rewrap requests to the correct KAS instance + // Example: "https://kas.example.com" string kas_url = 5 [json_name = "url"]; + + // Key identifier for the KAS public key used for wrapping + // Optional: ZTDF (may specify which KAS key to use, required if present in the TDF) + // References a specific public key in the KAS key storage (either local keyring or KAS Registry service) + // Example: "k1", "ec-key-2024" string kid = 6; + + // Split identifier for key splitting scenarios + // Optional: ZTDF (used in advanced key splitting configurations) + // Used when keys are split across multiple parties for enhanced security string split_id = 7 [json_name = "sid"]; + + // Client-generated data encryption key wrapped by KAS + // Required: Always + // Contains the actual DEK encrypted with KAS's public key + // This is the core cryptographic material needed for TDF decryption bytes wrapped_key = 8; - // header is only used for NanoTDFs + + // Complete header containing all metadata and policy information (for formats that embed it) + // Optional: Not used by ZTDF (policy and metadata are separate) + // Contains magic bytes, version, algorithm, policy, and ephemeral key information bytes header = 9; - - // For wrapping with an ECDH derived key, when type=ec-wrapped. - // Should be a PEM-encoded PKCS#8 (asn.1) value. + + // Ephemeral public key for ECDH key derivation (ec-wrapped type only) + // Required: When key_type="ec-wrapped" (experimental ECDH-based ZTDF) + // Omitted: When key_type="wrapped" (RSA-based ZTDF) + // Should be a PEM-encoded PKCS#8 (ASN.1) formatted public key + // Used to derive the symmetric key for unwrapping the DEK string ephemeral_public_key = 10; } +// Bulk-style Rewrap request structure that is serialized into JSON and signed +// within a Rewrap flow. This message represents the unsigned payload that gets +// embedded in a JWT as the 'requestBody' claim and signed with a DPoP key. message UnsignedRewrapRequest { + // Policy metadata and content for a group of KeyAccessObjects message WithPolicy { + // An identifier unique within the scope of the rewrap request + // Used for mapping between request and response items. + // Required: Always + // Example: "policy", "policy-0", "policy-1" string id = 1; + + // Policy content - format varies by TDF type: + // ZTDF: Base64-encoded JSON policy object containing attributes and other policy data + // Required: ZTDF (base64-encoded policy JSON) string body = 2; } + + // Key Access Object wrapper with identifier message WithKeyAccessObject { + // Ephemeral, unique identifier for this KAO within the request + // Required: Always + // Example: "kao-0", "kao-1", "key-access-object-uuid" string key_access_object_id = 1; + + // The actual Key Access Object containing cryptographic material and metadata + // Required: Always KeyAccess key_access_object = 2; } + // Request grouping policy with associated key access objects message WithPolicyRequest { + // List of Key Access Objects associated with this policy + // Required: Always (at least one) + // Some formats require exactly one KAO per policy repeated WithKeyAccessObject key_access_objects = 1; + + // Policy information for this group of KAOs + // Required: Always WithPolicy policy = 2; + + // Cryptographic algorithm identifier for the TDF type + // Optional: Defaults to rsa:2048 if omitted + // Values: "ec:secp256r1" (EC-based), "rsa:2048" (RSA-based), "" (defaults to rsa:2048) + // Example: "ec:secp256r1" string algorithm = 3; } + // Client's public key in PEM format for establishing a session key + // Required: Always + // Used by KAS to generate an ephemeral session key for secure key exchange string client_public_key = 1; + + // List of policy requests to be processed + // Required: Always (at least one) + // Each request represents a policy with its associated key access objects repeated WithPolicyRequest requests = 2; - // Used for legacy non-bulk requests + // Deprecated: Legacy single Key Access Object + // Used for legacy non-bulk requests (v1 API) + // Modern clients should use the 'requests' field instead KeyAccess key_access = 3 [deprecated = true]; - // Used for legacy non-bulk requests + + // Deprecated: Legacy single policy + // Used for legacy non-bulk requests (v1 API) + // Modern clients should use the 'requests' field instead string policy = 4 [deprecated = true]; - // Used for legacy non-bulk requests + + // Deprecated: Legacy algorithm specification + // Used for legacy non-bulk requests (v1 API) + // Modern clients should use the 'requests' field instead string algorithm = 5 [deprecated = true]; } message PublicKeyRequest { @@ -90,34 +191,84 @@ message PublicKeyResponse { string kid = 2; } +// Request to rewrap (decrypt and re-encrypt) TDF keys for client access message RewrapRequest { reserved 2; reserved "bearer"; + + // A JWT signed by the DPoP (Demonstration of Proof of Possession) private key + // Required: Always + // Version differences: + // - v1 (legacy): Uses existing TDF spec schema in requestBody + // - v2 (bulk): Uses UnsignedRewrapRequest proto serialized as JSON in requestBody string signed_request_token = 1; } +// Result of a key access object rewrap operation message KeyAccessRewrapResult { + // Metadata associated with this KAO result (e.g., required obligations) + // Optional: May contain obligation requirements or other policy metadata + // Common keys: "X-Required-Obligations" with array of obligation FQNs map metadata = 1; + + // Identifier matching the key_access_object_id from the request + // Required: Always matches the ID from UnsignedRewrapRequest_WithKeyAccessObject string key_access_object_id = 2; + + // Status of the rewrap operation for this KAO + // Required: Always + // Values: "permit" (success), "fail" (failure) string status = 3; + + // Result of the rewrap operation - either success or error oneof result { + // Successfully rewrapped key encrypted with the session key + // Present when status="permit" + // Contains the DEK encrypted with the ephemeral session key bytes kas_wrapped_key = 4; + + // Error message when rewrap failed + // Present when status="fail" + // Human-readable description of the failure reason string error = 5; } } +// Result for all KAOs associated with a single policy message PolicyRewrapResult { + // Policy identifier matching the policy.id from the request + // Required: Always matches the ID from UnsignedRewrapRequest_WithPolicy string policy_id = 1; + + // Results for each KAO under this policy + // Required: One result per KAO in the original request repeated KeyAccessRewrapResult results = 2; } +// Response containing rewrapped keys and session information message RewrapResponse { + // Deprecated: Legacy metadata field + // Modern responses use metadata in individual KeyAccessRewrapResult map metadata = 1 [deprecated = true]; + + // Deprecated: Legacy single entity wrapped key + // Modern responses use kas_wrapped_key in KeyAccessRewrapResult bytes entity_wrapped_key = 2 [deprecated = true]; + + // KAS's ephemeral session public key in PEM format + // Required: For EC-based operations (key_type="ec-wrapped") + // Optional: Empty for RSA-based ZTDF (key_type="wrapped") + // Used by client to perform ECDH key agreement and decrypt the kas_wrapped_key values string session_public_key = 3; + + // Deprecated: Legacy schema version identifier + // Modern responses use implicit versioning string schema_version = 4 [deprecated = true]; - // New Rewrap API changes + + // Policy-grouped rewrap results for the bulk API + // Required: Modern v2 API responses + // Each PolicyRewrapResult contains results for all KAOs under that policy repeated PolicyRewrapResult responses = 5; } diff --git a/otdf-python-proto/proto-files/policy/attributes/attributes.proto b/otdf-python-proto/proto-files/policy/attributes/attributes.proto index 695feb2..9779643 100644 --- a/otdf-python-proto/proto-files/policy/attributes/attributes.proto +++ b/otdf-python-proto/proto-files/policy/attributes/attributes.proto @@ -5,6 +5,7 @@ package policy.attributes; import "buf/validate/validate.proto"; import "common/common.proto"; import "google/api/annotations.proto"; +import "google/protobuf/wrappers.proto"; import "policy/objects.proto"; import "policy/selectors.proto"; @@ -93,7 +94,7 @@ message GetAttributeRequest { message: "Either id or one of attribute_id or fqn must be set" }; - // Deprecated + // Deprecated: utilize identifier string id = 1 [ deprecated = true, (buf.validate.field).ignore = IGNORE_IF_ZERO_VALUE, @@ -145,6 +146,14 @@ message CreateAttributeRequest { } }]; + // Optional + // Setting allow_traversal=true allows TDF creation to be front-loaded, meaning a customer + // can create encrypted content with an attribute definitions key mapping before + // creating the attribute values needed to decrypt. + // Content will be able to be encrypted with missing attribute values, + // but will not be able to be decrypted until such attribute values exist. + google.protobuf.BoolValue allow_traversal = 5; + // Optional common.MetadataMutable metadata = 100; } @@ -189,7 +198,7 @@ message GetAttributeValueRequest { message: "Either id or one of value_id or fqn must be set" }; - // Deprecated + // Deprecated: utilize identifier string id = 1 [ deprecated = true, (buf.validate.field).ignore = IGNORE_IF_ZERO_VALUE, @@ -284,9 +293,8 @@ message GetAttributeValuesByFqnsRequest { max_items: 250 }]; - // Optional - // This attribute value selector is not used currently, but left here for future use. - policy.AttributeValueSelector with_value = 2; + reserved 2; + reserved "with_value"; } message GetAttributeValuesByFqnsResponse { message AttributeAndValue { @@ -301,6 +309,7 @@ message GetAttributeValuesByFqnsResponse { Assign Key Access Server (KAS Grant) to Attribute and Value */ +// Deprecated: utilize AssignPublicKeyToAttributeRequest message AssignKeyAccessServerToAttributeRequest { option deprecated = true; @@ -313,6 +322,7 @@ message AssignKeyAccessServerToAttributeResponse { AttributeKeyAccessServer attribute_key_access_server = 1; } +// Deprecated: utilize RemovePublicKeyFromAttributeRequest message RemoveKeyAccessServerFromAttributeRequest { option deprecated = true; // Required @@ -324,6 +334,7 @@ message RemoveKeyAccessServerFromAttributeResponse { AttributeKeyAccessServer attribute_key_access_server = 1; } +// Deprecated: utilize AssignPublicKeyToValueRequest message AssignKeyAccessServerToValueRequest { option deprecated = true; // Required @@ -335,6 +346,7 @@ message AssignKeyAccessServerToValueResponse { ValueKeyAccessServer value_key_access_server = 1; } +// Deprecated: utilize RemovePublicKeyFromValueRequest message RemoveKeyAccessServerFromValueRequest { option deprecated = true; // Required @@ -434,18 +446,22 @@ service AttributesService { /*--------------------------------------* * Attribute <> Key Access Server RPCs *---------------------------------------*/ + // Deprecated: utilize AssignPublicKeyToAttribute rpc AssignKeyAccessServerToAttribute(AssignKeyAccessServerToAttributeRequest) returns (AssignKeyAccessServerToAttributeResponse) { option deprecated = true; } + // Deprecated: utilize RemovePublicKeyFromAttribute rpc RemoveKeyAccessServerFromAttribute(RemoveKeyAccessServerFromAttributeRequest) returns (RemoveKeyAccessServerFromAttributeResponse) { option deprecated = true; } + // Deprecated: utilize AssignPublicKeyToValue rpc AssignKeyAccessServerToValue(AssignKeyAccessServerToValueRequest) returns (AssignKeyAccessServerToValueResponse) { option deprecated = true; } + // Deprecated: utilize RemovePublicKeyFromValue rpc RemoveKeyAccessServerFromValue(RemoveKeyAccessServerFromValueRequest) returns (RemoveKeyAccessServerFromValueResponse) { option deprecated = true; } diff --git a/otdf-python-proto/proto-files/policy/kasregistry/key_access_server_registry.proto b/otdf-python-proto/proto-files/policy/kasregistry/key_access_server_registry.proto index 01c92af..f7c4bdf 100644 --- a/otdf-python-proto/proto-files/policy/kasregistry/key_access_server_registry.proto +++ b/otdf-python-proto/proto-files/policy/kasregistry/key_access_server_registry.proto @@ -417,6 +417,8 @@ message CreateKeyRequest { PrivateKeyCtx private_key_ctx = 6; // Context or additional data specific to the private key, based on the key provider implementation // Optional string provider_config_id = 7; // Configuration ID for the key provider, if applicable + // Optional + bool legacy = 8; // Whether the key is a legacy key // Common metadata common.MetadataMutable metadata = 100; // Mutable metadata for the key } @@ -457,6 +459,9 @@ message ListKeysRequest { }]; // Filter keys by the KAS URI } + // Optional + optional bool legacy = 8; // Filter for legacy keys + // Optional policy.PageRequest pagination = 10; // Pagination request for the list of keys } diff --git a/otdf-python-proto/proto-files/policy/keymanagement/key_management.proto b/otdf-python-proto/proto-files/policy/keymanagement/key_management.proto index 56c2f54..43fe9b0 100644 --- a/otdf-python-proto/proto-files/policy/keymanagement/key_management.proto +++ b/otdf-python-proto/proto-files/policy/keymanagement/key_management.proto @@ -12,11 +12,14 @@ import "policy/selectors.proto"; */ message CreateProviderConfigRequest { // Required - // The name of the key provider. (e.g. "AWS KMS", "Google Cloud KMS", "Azure Key Vault") + // The name of the key provider. (e.g. "AWS KMS Instance 1", "Google Cloud KMS Instance 2") string name = 1 [(buf.validate.field).required = true]; // Required // JSON configuration for the key provider. This is unique to individual key providers. bytes config_json = 2 [(buf.validate.field).required = true]; + // Required + // The type of key manager (e.g. "aws", "gcp", "azure", "opentdf.io/basic") + string manager = 3 [(buf.validate.field).required = true]; // Common metadata common.MetadataMutable metadata = 100; @@ -32,6 +35,8 @@ message GetProviderConfigRequest { string id = 2 [(buf.validate.field).string.uuid = true]; string name = 3 [(buf.validate.field).string.min_len = 1]; } + // Optional - filter by manager type when searching by name + string manager = 4 [(buf.validate.field).required = false]; } message GetProviderConfigResponse { KeyProviderConfig provider_config = 1; @@ -54,6 +59,8 @@ message UpdateProviderConfigRequest { string name = 2 [(buf.validate.field).required = false]; // Optional bytes config_json = 3 [(buf.validate.field).required = false]; + // Optional + string manager = 4 [(buf.validate.field).required = false]; // Optional // Common metadata diff --git a/otdf-python-proto/proto-files/policy/namespaces/namespaces.proto b/otdf-python-proto/proto-files/policy/namespaces/namespaces.proto index 56f0908..163af22 100644 --- a/otdf-python-proto/proto-files/policy/namespaces/namespaces.proto +++ b/otdf-python-proto/proto-files/policy/namespaces/namespaces.proto @@ -133,7 +133,9 @@ message DeactivateNamespaceResponse {} Assign Key Access Server to Namespace */ +// Deprecated: utilize AssignPublicKeyToNamespaceRequest message AssignKeyAccessServerToNamespaceRequest { + option deprecated = true; NamespaceKeyAccessServer namespace_key_access_server = 1; } @@ -141,7 +143,9 @@ message AssignKeyAccessServerToNamespaceResponse { NamespaceKeyAccessServer namespace_key_access_server = 1; } +// Deprecated: utilize RemovePublicKeyFromNamespaceRequest message RemoveKeyAccessServerFromNamespaceRequest { + option deprecated = true; NamespaceKeyAccessServer namespace_key_access_server = 1; } @@ -168,6 +172,46 @@ message RemovePublicKeyFromNamespaceResponse { NamespaceKey namespace_key = 1; } +/* + Certificates +*/ + +// Maps a namespace to a certificate (similar to NamespaceKey pattern) +message NamespaceCertificate { + // Required - namespace identifier (id or fqn) + common.IdFqnIdentifier namespace = 1 [(buf.validate.field).required = true]; + // Required (The id from the Certificate object) + string certificate_id = 2 [ + (buf.validate.field).string.uuid = true, + (buf.validate.field).required = true + ]; +} + +message AssignCertificateToNamespaceRequest { + // Required - namespace identifier (id or fqn) + common.IdFqnIdentifier namespace = 1 [(buf.validate.field).required = true]; + // Required - PEM format certificate + string pem = 2 [(buf.validate.field).required = true]; + // Optional + common.MetadataMutable metadata = 100; +} + +message AssignCertificateToNamespaceResponse { + // The mapping of the namespace to the certificate. + NamespaceCertificate namespace_certificate = 1; + policy.Certificate certificate = 2; // Return the full certificate object for convenience +} + +message RemoveCertificateFromNamespaceRequest { + // The namespace and certificate to unassign. + NamespaceCertificate namespace_certificate = 1 [(buf.validate.field).required = true]; +} + +message RemoveCertificateFromNamespaceResponse { + // The unassigned namespace and certificate. + NamespaceCertificate namespace_certificate = 1; +} + service NamespaceService { rpc GetNamespace(GetNamespaceRequest) returns (GetNamespaceResponse) { option idempotency_level = NO_SIDE_EFFECTS; @@ -184,10 +228,12 @@ service NamespaceService { /*--------------------------------------* * Namespace <> Key Access Server RPCs *---------------------------------------*/ + // Deprecated: utilize AssignPublicKeyToNamespace rpc AssignKeyAccessServerToNamespace(AssignKeyAccessServerToNamespaceRequest) returns (AssignKeyAccessServerToNamespaceResponse) { option deprecated = true; } + // Deprecated: utilize RemovePublicKeyFromNamespace rpc RemoveKeyAccessServerFromNamespace(RemoveKeyAccessServerFromNamespaceRequest) returns (RemoveKeyAccessServerFromNamespaceResponse) { option deprecated = true; } @@ -197,4 +243,8 @@ service NamespaceService { *---------------------------------------*/ rpc AssignPublicKeyToNamespace(AssignPublicKeyToNamespaceRequest) returns (AssignPublicKeyToNamespaceResponse) {} rpc RemovePublicKeyFromNamespace(RemovePublicKeyFromNamespaceRequest) returns (RemovePublicKeyFromNamespaceResponse) {} + + // Namespace <> Certificate RPCs + rpc AssignCertificateToNamespace(AssignCertificateToNamespaceRequest) returns (AssignCertificateToNamespaceResponse) {} + rpc RemoveCertificateFromNamespace(RemoveCertificateFromNamespaceRequest) returns (RemoveCertificateFromNamespaceResponse) {} } diff --git a/otdf-python-proto/proto-files/policy/objects.proto b/otdf-python-proto/proto-files/policy/objects.proto index 9c7e854..30bd281 100644 --- a/otdf-python-proto/proto-files/policy/objects.proto +++ b/otdf-python-proto/proto-files/policy/objects.proto @@ -14,15 +14,16 @@ message SimpleKasPublicKey { } message SimpleKasKey { - string kas_uri = 1; // The URL of the Key Access Server - SimpleKasPublicKey public_key = 2; // The public key of the Key that belongs to the KAS - string kas_id = 3; // The ID of the Key Access Server -}; + string kas_uri = 1; // The URL of the Key Access Server + SimpleKasPublicKey public_key = 2; // The public key of the Key that belongs to the KAS + string kas_id = 3; // The ID of the Key Access Server +} message KeyProviderConfig { string id = 1; string name = 2; bytes config_json = 3; + string manager = 4; // Common metadata common.Metadata metadata = 100; @@ -47,6 +48,18 @@ message Namespace { // Keys for the namespace repeated SimpleKasKey kas_keys = 7; + + // Root certificates for chain of trust + repeated Certificate root_certs = 8; +} + +message Certificate { + // generated uuid in database + string id = 1; + // PEM format certificate + string pem = 2; + // Optional metadata. + common.Metadata metadata = 3; } message Attribute { @@ -77,6 +90,10 @@ message Attribute { //Keys associated with the attribute repeated SimpleKasKey kas_keys = 9; + // Whether or not we will use the attribute definition during encryption + // if the attribute value is missing. + google.protobuf.BoolValue allow_traversal = 10; + // Common metadata common.Metadata metadata = 100; } @@ -96,7 +113,7 @@ message Value { string value = 3; - // Deprecated + // Deprecated: no replacement reserved "members"; reserved 4; @@ -115,6 +132,8 @@ message Value { repeated ResourceMapping resource_mappings = 10; + repeated Obligation obligations = 11; + // Common metadata common.Metadata metadata = 100; } @@ -135,7 +154,7 @@ message Action { // Migrate to 'create' action name STANDARD_ACTION_TRANSMIT = 2; } - // Deprecated + // Deprecated: use 'name' instead oneof value { // Deprecated StandardAction standard = 1; @@ -328,7 +347,7 @@ message KeyAccessServer { ".*)?$')" }]; - // Deprecated + // Deprecated: KAS can have multiple key pairs PublicKey public_key = 3; // The source of the KAS: (INTERNAL, EXTERNAL) @@ -386,8 +405,8 @@ message KasPublicKey { }]; // A known algorithm type with any additional parameters encoded. - // To start, these may be `rsa:2048` for encrypting ZTDF files and - // `ec:secp256r1` for nanoTDF, but more formats may be added as needed. + // To start, these may be `rsa:2048` for RSA-based wrapping and + // `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed. KasPublicKeyAlgEnum alg = 3 [(buf.validate.field).enum = { defined_only: true not_in: [0] @@ -460,6 +479,17 @@ message RegisteredResourceValue { common.Metadata metadata = 100; } +message PolicyEnforcementPoint { + string client_id = 1 [ + (buf.validate.field).string = {min_len: 1} + ]; +} + +// Holds the context needed for obligation fulfillment +message RequestContext { + PolicyEnforcementPoint pep = 1 [(buf.validate.field).required = true]; +} + message Obligation { string id = 1; @@ -468,7 +498,9 @@ message Obligation { string name = 3; repeated ObligationValue values = 4; - + + string fqn = 5; + common.Metadata metadata = 100; } @@ -479,6 +511,10 @@ message ObligationValue { string value = 3; + repeated ObligationTrigger triggers = 4; + + string fqn = 5; + common.Metadata metadata = 100; } @@ -491,6 +527,8 @@ message ObligationTrigger { Value attribute_value = 4; + repeated RequestContext context = 5; + common.Metadata metadata = 100; } @@ -582,6 +620,8 @@ message AsymmetricKey { PrivateKeyCtx private_key_ctx = 7; // Specific structure based on key provider implementation // Optional KeyProviderConfig provider_config = 8; // Configuration for the key provider + // Optional + bool legacy = 9; // Indicates a key may be found in TDFs without key identifiers // Common metadata fields common.Metadata metadata = 100; diff --git a/otdf-python-proto/proto-files/policy/obligations/obligations.proto b/otdf-python-proto/proto-files/policy/obligations/obligations.proto index 2a61050..a2812b3 100644 --- a/otdf-python-proto/proto-files/policy/obligations/obligations.proto +++ b/otdf-python-proto/proto-files/policy/obligations/obligations.proto @@ -1,10 +1,10 @@ syntax = "proto3"; package policy.obligations; - import "common/common.proto"; import "policy/objects.proto"; import "policy/selectors.proto"; +import "buf/validate/validate.proto"; // import "google/protobuf/struct.proto"; /// @@ -13,10 +13,23 @@ import "policy/selectors.proto"; // Definitions message GetObligationRequest { - oneof identifier { - string id = 1; - string fqn = 2; - } + option (buf.validate.message).oneof = { fields: ["id", "fqn"], required: true }; + string id = 1 [(buf.validate.field).string.uuid = true]; + string fqn = 2 [ + (buf.validate.field).string = { + min_len : 1 + uri : true + } + ]; +} + +message ValueTriggerRequest { + // Required. The ID of the action that will trigger this obligation value policy decisioning. + common.IdNameIdentifier action = 1 [(buf.validate.field).required = true]; + // Required. The attribute value ID that will trigger this obligation value policy decisioning. + common.IdFqnIdentifier attribute_value = 2 [(buf.validate.field).required = true]; + // Optional. The request context for this obligation value policy decisioning. + policy.RequestContext context = 3; } message GetObligationResponse { @@ -24,7 +37,19 @@ message GetObligationResponse { } message GetObligationsByFQNsRequest { - repeated string fqns = 1; + repeated string fqns = 1 [ + (buf.validate.field).repeated = { + min_items: 1, + max_items: 250, + unique: true, + items: { + string: { + min_len: 1, + uri: true + } + }, + } + ]; } message GetObligationsByFQNsResponse { @@ -33,11 +58,38 @@ message GetObligationsByFQNsResponse { message CreateObligationRequest { // Required - oneof namespace_identifier { - string id = 1; - string fqn = 2; - } - string name = 3; + option (buf.validate.message).oneof = { fields: ["namespace_id", "namespace_fqn"], required: true }; + string namespace_id = 1 [(buf.validate.field).string.uuid = true]; + string namespace_fqn = 2 [ + (buf.validate.field).string = { + min_len : 1 + uri : true + } + ]; + string name = 3 [ + (buf.validate.field).required = true, + (buf.validate.field).string.max_len = 253, + (buf.validate.field).cel = { + id: "obligation_name_format", + message: "Obligation name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored name will be normalized to lower case.", + expression: "this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$')" + } + ]; + + // Optional + repeated string values = 4 [ + (buf.validate.field).repeated = { + min_items: 0, + unique: true, + items: { + string: { + max_len: 253, + pattern: "^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$" + } + } + } + ]; + // Optional // Common metadata common.MetadataMutable metadata = 100; @@ -49,10 +101,18 @@ message CreateObligationResponse { message UpdateObligationRequest { // Required - string id = 1; + string id = 1 [(buf.validate.field).string.uuid = true]; // Optional - string name = 2; + string name = 2 [ + (buf.validate.field).required = false, + (buf.validate.field).string.max_len = 253, + (buf.validate.field).cel = { + id: "obligation_name_format", + message: "Obligation name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored name will be normalized to lower case.", + expression: "size(this) > 0 ? this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') : true" + } + ]; common.MetadataMutable metadata = 100; common.MetadataUpdateEnum metadata_update_behavior = 101; } @@ -62,10 +122,14 @@ message UpdateObligationResponse { } message DeleteObligationRequest { - oneof identifier { - string id = 1; - string fqn = 2; - } + option (buf.validate.message).oneof = { fields: ["id", "fqn"], required: true }; + string id = 1 [(buf.validate.field).string.uuid = true]; + string fqn = 2 [ + (buf.validate.field).string = { + min_len : 1 + uri : true + } + ]; } message DeleteObligationResponse { @@ -75,10 +139,14 @@ message DeleteObligationResponse { message ListObligationsRequest { // Optional // Namespace ID or FQN - oneof namespace_identifier { - string id = 1; - string fqn = 2; - } + option (buf.validate.message).oneof = { fields: ["namespace_id", "namespace_fqn"], required: false }; + string namespace_id = 1 [(buf.validate.field).string.uuid = true]; + string namespace_fqn = 2 [ + (buf.validate.field).string = { + min_len : 1 + uri : true + } + ]; // Optional policy.PageRequest pagination = 10; @@ -92,10 +160,14 @@ message ListObligationsResponse { // Values message GetObligationValueRequest { - oneof identifier { - string id = 1; - string fqn = 2; - } + option (buf.validate.message).oneof = { fields: ["id", "fqn"], required: true }; + string id = 1 [(buf.validate.field).string.uuid = true]; + string fqn = 2 [ + (buf.validate.field).string = { + min_len : 1 + uri : true + } + ]; } message GetObligationValueResponse { @@ -103,7 +175,19 @@ message GetObligationValueResponse { } message GetObligationValuesByFQNsRequest { - repeated string fqns = 1; + repeated string fqns = 1 [ + (buf.validate.field).repeated = { + min_items: 1, + max_items: 250, + unique: true, + items: { + string: { + min_len: 1, + uri: true + } + }, + } + ]; } message GetObligationValuesByFQNsResponse { @@ -112,11 +196,27 @@ message GetObligationValuesByFQNsResponse { message CreateObligationValueRequest { // Required - oneof obligation_identifier { - string id = 1; - string fqn = 2; - } - string value = 3; + option (buf.validate.message).oneof = { fields: ["obligation_id", "obligation_fqn"], required: true }; + string obligation_id = 1 [(buf.validate.field).string.uuid = true]; + string obligation_fqn = 2 [ + (buf.validate.field).string = { + min_len : 1 + uri : true + } + ]; + string value = 3 [ + (buf.validate.field).required = true, + (buf.validate.field).string.max_len = 253, + (buf.validate.field).cel = { + id: "obligation_value_format", + message: "Obligation value must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored value will be normalized to lower case.", + expression: "this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$')" + } + ]; + + // Optional + // Combination of action and attribute_value that will trigger this obligation value policy decisioning. + repeated ValueTriggerRequest triggers = 4; // Optional // Common metadata @@ -129,10 +229,25 @@ message CreateObligationValueResponse { message UpdateObligationValueRequest { // Required - string id = 1; + string id = 1 [(buf.validate.field).string.uuid = true]; + + // Optional + string value = 2 [ + (buf.validate.field).required = false, + (buf.validate.field).string.max_len = 253, + (buf.validate.field).cel = { + id: "obligation_value_format", + message: "Obligation value must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored value will be normalized to lower case.", + expression: "size(this) > 0 ? this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') : true" + } + ]; // Optional - string value = 2; + // Obligation Triggers provided here will replace all existing records in the database. + repeated ValueTriggerRequest triggers = 3; + + // Optional + // Common metadata common.MetadataMutable metadata = 100; common.MetadataUpdateEnum metadata_update_behavior = 101; } @@ -142,10 +257,14 @@ message UpdateObligationValueResponse { } message DeleteObligationValueRequest { - oneof identifier { - string id = 1; - string fqn = 2; - } + option (buf.validate.message).oneof = { fields: ["id", "fqn"], required: true }; + string id = 1 [(buf.validate.field).string.uuid = true]; + string fqn = 2 [ + (buf.validate.field).string = { + min_len : 1 + uri : true + } + ]; } message DeleteObligationValueResponse { @@ -155,9 +274,16 @@ message DeleteObligationValueResponse { // Triggers message AddObligationTriggerRequest { // Required - string obligation_value_id = 1; - string action_id = 2; - string attribute_value_id = 3; + common.IdFqnIdentifier obligation_value = 1 [(buf.validate.field).required = true]; + // Required + common.IdNameIdentifier action = 2 [(buf.validate.field).required = true]; + // Required + common.IdFqnIdentifier attribute_value = 3 [(buf.validate.field).required = true]; + + // Optional + // The request context for this obligation value policy decisioning. + policy.RequestContext context = 4; + // Optional // Common metadata common.MetadataMutable metadata = 100; @@ -168,13 +294,35 @@ message AddObligationTriggerResponse { } message RemoveObligationTriggerRequest { - string id = 1; + // Required + string id = 1 [(buf.validate.field).string.uuid = true]; } message RemoveObligationTriggerResponse { policy.ObligationTrigger trigger = 1; } +message ListObligationTriggersRequest { + // Optional + option (buf.validate.message).oneof = { fields: ["namespace_id", "namespace_fqn"], required: false }; + string namespace_id = 1 [(buf.validate.field).string.uuid = true]; + string namespace_fqn = 2 [ + (buf.validate.field).string = { + min_len : 1 + uri : true + } + ]; + + // Optional + policy.PageRequest pagination = 10; +} + +message ListObligationTriggersResponse { + repeated policy.ObligationTrigger triggers = 1; + + policy.PageResponse pagination = 10; +} + // Fulfillers // message AddObligationFulfillerRequest { // // Required @@ -250,6 +398,10 @@ service Service { rpc RemoveObligationTrigger(RemoveObligationTriggerRequest) returns (RemoveObligationTriggerResponse) {} + rpc ListObligationTriggers(ListObligationTriggersRequest) returns (ListObligationTriggersResponse) { + option idempotency_level = NO_SIDE_EFFECTS; + } + /*--------------------------------------* * Fulfiller RPCs *--------------------------------------*/ diff --git a/otdf-python-proto/proto-files/policy/selectors.proto b/otdf-python-proto/proto-files/policy/selectors.proto index 5e717c6..704ac97 100644 --- a/otdf-python-proto/proto-files/policy/selectors.proto +++ b/otdf-python-proto/proto-files/policy/selectors.proto @@ -2,9 +2,10 @@ syntax = "proto3"; package policy; +// Deprecated: never utilized message AttributeNamespaceSelector { + // Deprecated message AttributeSelector { - // Deprecated bool with_key_access_grants = 1; message ValueSelector { // Deprecated @@ -17,6 +18,7 @@ message AttributeNamespaceSelector { AttributeSelector with_attributes = 10; } +// Deprecated: never utilized message AttributeDefinitionSelector { // Deprecated bool with_key_access_grants = 1; @@ -33,6 +35,7 @@ message AttributeDefinitionSelector { ValueSelector with_values = 11; } +// Deprecated: never utilized message AttributeValueSelector { // Deprecated bool with_key_access_grants = 1; diff --git a/otdf-python-proto/proto-files/policy/unsafe/unsafe.proto b/otdf-python-proto/proto-files/policy/unsafe/unsafe.proto index 5f9f906..86f8ab9 100644 --- a/otdf-python-proto/proto-files/policy/unsafe/unsafe.proto +++ b/otdf-python-proto/proto-files/policy/unsafe/unsafe.proto @@ -4,6 +4,7 @@ package policy.unsafe; import "buf/validate/validate.proto"; +import "google/protobuf/wrappers.proto"; import "policy/objects.proto"; // Namespaces Unsafe RPCs @@ -81,6 +82,12 @@ message UnsafeUpdateAttributeRequest { AttributeRuleTypeEnum rule = 3 [(buf.validate.field).enum.defined_only = true]; // Optional // WARNING!! + // Updating allow_traversal allows TDF creation to be front-loaded, meaning a customer + // can create encrypted content with an attribute definitions key mapping before + // creating the attribute values needed to decrypt. + google.protobuf.BoolValue allow_traversal = 5; + // Optional + // WARNING!! // Unsafe reordering requires the full list of values in the new order they should be stored. Updating the order of values in a HIERARCHY-rule Attribute Definition // will retroactively alter access to existing TDFs containing those values. Replacing values on an attribute in place is not supported; values can be unsafely deleted // deleted, created, and unsafely re-ordered as necessary. diff --git a/otdf-python-proto/scripts/generate_connect_proto.py b/otdf-python-proto/scripts/generate_connect_proto.py index d6d38a5..859751b 100644 --- a/otdf-python-proto/scripts/generate_connect_proto.py +++ b/otdf-python-proto/scripts/generate_connect_proto.py @@ -48,7 +48,7 @@ def check_dependencies() -> bool: def copy_opentdf_proto_files(proto_gen_dir: Path, git_tag: str | None = None) -> bool: """Clone OpenTDF platform repository and copy all proto files.""" - GIT_TAG = git_tag or "service/v0.8.0" + GIT_TAG = git_tag or "service/v0.12.0" REPO_URL = "https://github.com/opentdf/platform.git" temp_repo_dir = proto_gen_dir / "temp_platform_repo" @@ -142,15 +142,23 @@ def run_buf_generate(proto_gen_dir: Path) -> bool: print("Generating protobuf and Connect RPC files...") try: - # First, get the path to protoc-gen-connect-python - result = subprocess.run( - ["uv", "run", "which", "protoc-gen-connect-python"], - cwd=proto_gen_dir, - capture_output=True, - text=True, - check=True, - ) - connect_plugin_path = result.stdout.strip() + # Resolve the connect-python plugin path. The buf.gen.yaml uses a relative + # path (e.g. ../.venv/bin/protoc-gen-connect-python) that is correct for + # running buf directly, but we need an absolute path when rewriting the file. + # Try the known relative location first; fall back to searching the PATH. + candidate = ( + proto_gen_dir / ".." / ".venv" / "bin" / "protoc-gen-connect-python" + ).resolve() + if candidate.exists(): + connect_plugin_path = str(candidate) + else: + result = subprocess.run( + ["which", "protoc-gen-connect-python"], + capture_output=True, + text=True, + check=True, + ) + connect_plugin_path = result.stdout.strip() print(f"Using Connect plugin at: {connect_plugin_path}") # Update buf.gen.yaml with the correct absolute path for the local plugin, diff --git a/otdf-python-proto/src/otdf_python_proto/authorization/v2/authorization_pb2.py b/otdf-python-proto/src/otdf_python_proto/authorization/v2/authorization_pb2.py index 3c90f70..bed2caa 100644 --- a/otdf-python-proto/src/otdf_python_proto/authorization/v2/authorization_pb2.py +++ b/otdf-python-proto/src/otdf_python_proto/authorization/v2/authorization_pb2.py @@ -28,7 +28,7 @@ from policy import objects_pb2 as policy_dot_objects__pb2 -DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n$authorization/v2/authorization.proto\x12\x10\x61uthorization.v2\x1a\x1b\x62uf/validate/validate.proto\x1a\x13\x65ntity/entity.proto\x1a\x1egoogle/protobuf/wrappers.proto\x1a\x14policy/objects.proto\"\xd9\x03\n\x10\x45ntityIdentifier\x12\xe1\x01\n\x0c\x65ntity_chain\x18\x01 \x01(\x0b\x32\x13.entity.EntityChainB\xa6\x01\xbaH\xa2\x01\xba\x01\x9e\x01\n\x15\x65ntity_chain_required\x12\x37\x65ntities must be provided and between 1 and 10 in count\x1aLhas(this.entities) && this.entities.size() > 0 && this.entities.size() <= 10H\x00R\x0b\x65ntityChain\x12O\n\x1dregistered_resource_value_fqn\x18\x02 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01H\x00R\x1aregisteredResourceValueFqn\x12{\n\x05token\x18\x03 \x01(\x0b\x32\r.entity.TokenBT\xbaHQ\xba\x01N\n\x0etoken_required\x12\x16token must be provided\x1a$has(this.jwt) && this.jwt.size() > 0H\x00R\x05tokenB\x13\n\nidentifier\x12\x05\xbaH\x02\x08\x01\"\x81\x03\n\x12\x45ntityEntitlements\x12!\n\x0c\x65phemeral_id\x18\x01 \x01(\tR\x0b\x65phemeralId\x12\x8b\x01\n\x1f\x61\x63tions_per_attribute_value_fqn\x18\x02 \x03(\x0b\x32\x45.authorization.v2.EntityEntitlements.ActionsPerAttributeValueFqnEntryR\x1b\x61\x63tionsPerAttributeValueFqn\x1a\x37\n\x0b\x41\x63tionsList\x12(\n\x07\x61\x63tions\x18\x01 \x03(\x0b\x32\x0e.policy.ActionR\x07\x61\x63tions\x1a\x80\x01\n ActionsPerAttributeValueFqnEntry\x12\x10\n\x03key\x18\x01 \x01(\tR\x03key\x12\x46\n\x05value\x18\x02 \x01(\x0b\x32\x30.authorization.v2.EntityEntitlements.ActionsListR\x05value:\x02\x38\x01\"\xe4\x03\n\x08Resource\x12!\n\x0c\x65phemeral_id\x18\x01 \x01(\tR\x0b\x65phemeralId\x12\xb0\x02\n\x10\x61ttribute_values\x18\x02 \x01(\x0b\x32*.authorization.v2.Resource.AttributeValuesB\xd6\x01\xbaH\xd2\x01\xba\x01\xce\x01\n\x19\x61ttribute_values_required\x12\\if provided, resource.attribute_values must be between 1 and 20 in count with all valid FQNs\x1aSthis.fqns.size() > 0 && this.fqns.size() <= 20 && this.fqns.all(item, item.isUri())H\x00R\x0f\x61ttributeValues\x12O\n\x1dregistered_resource_value_fqn\x18\x03 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01H\x00R\x1aregisteredResourceValueFqn\x1a%\n\x0f\x41ttributeValues\x12\x12\n\x04\x66qns\x18\x01 \x03(\tR\x04\x66qnsB\n\n\x08resource\"~\n\x10ResourceDecision\x12\x32\n\x15\x65phemeral_resource_id\x18\x01 \x01(\tR\x13\x65phemeralResourceId\x12\x36\n\x08\x64\x65\x63ision\x18\x02 \x01(\x0e\x32\x1a.authorization.v2.DecisionR\x08\x64\x65\x63ision\"\xc4\x02\n\x12GetDecisionRequest\x12W\n\x11\x65ntity_identifier\x18\x01 \x01(\x0b\x32\".authorization.v2.EntityIdentifierB\x06\xbaH\x03\xc8\x01\x01R\x10\x65ntityIdentifier\x12.\n\x06\x61\x63tion\x18\x02 \x01(\x0b\x32\x0e.policy.ActionB\x06\xbaH\x03\xc8\x01\x01R\x06\x61\x63tion\x12>\n\x08resource\x18\x03 \x01(\x0b\x32\x1a.authorization.v2.ResourceB\x06\xbaH\x03\xc8\x01\x01R\x08resource:e\xbaHb\x1a`\n)get_decision_request.action_name_required\x12\x1c\x61\x63tion.name must be provided\x1a\x15has(this.action.name)\"U\n\x13GetDecisionResponse\x12>\n\x08\x64\x65\x63ision\x18\x01 \x01(\x0b\x32\".authorization.v2.ResourceDecisionR\x08\x64\x65\x63ision\"\xde\x02\n\x1fGetDecisionMultiResourceRequest\x12W\n\x11\x65ntity_identifier\x18\x01 \x01(\x0b\x32\".authorization.v2.EntityIdentifierB\x06\xbaH\x03\xc8\x01\x01R\x10\x65ntityIdentifier\x12.\n\x06\x61\x63tion\x18\x02 \x01(\x0b\x32\x0e.policy.ActionB\x06\xbaH\x03\xc8\x01\x01R\x06\x61\x63tion\x12\x45\n\tresources\x18\x03 \x03(\x0b\x32\x1a.authorization.v2.ResourceB\x0b\xbaH\x08\x92\x01\x05\x08\x01\x10\xe8\x07R\tresources:k\xbaHh\x1a\x66\n/get_decision_multi_request.action_name_required\x12\x1c\x61\x63tion.name must be provided\x1a\x15has(this.action.name)\"\xb6\x01\n GetDecisionMultiResourceResponse\x12?\n\rall_permitted\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValueR\x0c\x61llPermitted\x12Q\n\x12resource_decisions\x18\x02 \x03(\x0b\x32\".authorization.v2.ResourceDecisionR\x11resourceDecisions\"\x85\x01\n\x16GetDecisionBulkRequest\x12k\n\x11\x64\x65\x63ision_requests\x18\x01 \x03(\x0b\x32\x31.authorization.v2.GetDecisionMultiResourceRequestB\x0b\xbaH\x08\x92\x01\x05\x08\x01\x10\xc8\x01R\x10\x64\x65\x63isionRequests\"|\n\x17GetDecisionBulkResponse\x12\x61\n\x12\x64\x65\x63ision_responses\x18\x01 \x03(\x0b\x32\x32.authorization.v2.GetDecisionMultiResourceResponseR\x11\x64\x65\x63isionResponses\"\xd9\x01\n\x16GetEntitlementsRequest\x12W\n\x11\x65ntity_identifier\x18\x01 \x01(\x0b\x32\".authorization.v2.EntityIdentifierB\x06\xbaH\x03\xc8\x01\x01R\x10\x65ntityIdentifier\x12\x45\n\x1cwith_comprehensive_hierarchy\x18\x02 \x01(\x08H\x00R\x1awithComprehensiveHierarchy\x88\x01\x01\x42\x1f\n\x1d_with_comprehensive_hierarchy\"c\n\x17GetEntitlementsResponse\x12H\n\x0c\x65ntitlements\x18\x01 \x03(\x0b\x32$.authorization.v2.EntityEntitlementsR\x0c\x65ntitlements*L\n\x08\x44\x65\x63ision\x12\x18\n\x14\x44\x45\x43ISION_UNSPECIFIED\x10\x00\x12\x11\n\rDECISION_DENY\x10\x01\x12\x13\n\x0f\x44\x45\x43ISION_PERMIT\x10\x02\x32\xce\x03\n\x14\x41uthorizationService\x12\\\n\x0bGetDecision\x12$.authorization.v2.GetDecisionRequest\x1a%.authorization.v2.GetDecisionResponse\"\x00\x12\x83\x01\n\x18GetDecisionMultiResource\x12\x31.authorization.v2.GetDecisionMultiResourceRequest\x1a\x32.authorization.v2.GetDecisionMultiResourceResponse\"\x00\x12h\n\x0fGetDecisionBulk\x12(.authorization.v2.GetDecisionBulkRequest\x1a).authorization.v2.GetDecisionBulkResponse\"\x00\x12h\n\x0fGetEntitlements\x12(.authorization.v2.GetEntitlementsRequest\x1a).authorization.v2.GetEntitlementsResponse\"\x00\x42\x8b\x01\n\x14\x63om.authorization.v2B\x12\x41uthorizationProtoP\x01\xa2\x02\x03\x41XX\xaa\x02\x10\x41uthorization.V2\xca\x02\x10\x41uthorization\\V2\xe2\x02\x1c\x41uthorization\\V2\\GPBMetadata\xea\x02\x11\x41uthorization::V2b\x06proto3') +DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n$authorization/v2/authorization.proto\x12\x10\x61uthorization.v2\x1a\x1b\x62uf/validate/validate.proto\x1a\x13\x65ntity/entity.proto\x1a\x1egoogle/protobuf/wrappers.proto\x1a\x14policy/objects.proto\"\x87\x05\n\x10\x45ntityIdentifier\x12\xe1\x01\n\x0c\x65ntity_chain\x18\x01 \x01(\x0b\x32\x13.entity.EntityChainB\xa6\x01\xbaH\xa2\x01\xba\x01\x9e\x01\n\x15\x65ntity_chain_required\x12\x37\x65ntities must be provided and between 1 and 10 in count\x1aLhas(this.entities) && this.entities.size() > 0 && this.entities.size() <= 10H\x00R\x0b\x65ntityChain\x12O\n\x1dregistered_resource_value_fqn\x18\x02 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01H\x00R\x1aregisteredResourceValueFqn\x12{\n\x05token\x18\x03 \x01(\x0b\x32\r.entity.TokenBT\xbaHQ\xba\x01N\n\x0etoken_required\x12\x16token must be provided\x1a$has(this.jwt) && this.jwt.size() > 0H\x00R\x05token\x12\xab\x01\n\x12with_request_token\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.BoolValueB_\xbaH\\\xba\x01Y\n\x1fwith_request_token_must_be_true\x12(with_request_token must be true when set\x1a\x0cthis == trueH\x00R\x10withRequestTokenB\x13\n\nidentifier\x12\x05\xbaH\x02\x08\x01\"\x81\x03\n\x12\x45ntityEntitlements\x12!\n\x0c\x65phemeral_id\x18\x01 \x01(\tR\x0b\x65phemeralId\x12\x8b\x01\n\x1f\x61\x63tions_per_attribute_value_fqn\x18\x02 \x03(\x0b\x32\x45.authorization.v2.EntityEntitlements.ActionsPerAttributeValueFqnEntryR\x1b\x61\x63tionsPerAttributeValueFqn\x1a\x37\n\x0b\x41\x63tionsList\x12(\n\x07\x61\x63tions\x18\x01 \x03(\x0b\x32\x0e.policy.ActionR\x07\x61\x63tions\x1a\x80\x01\n ActionsPerAttributeValueFqnEntry\x12\x10\n\x03key\x18\x01 \x01(\tR\x03key\x12\x46\n\x05value\x18\x02 \x01(\x0b\x32\x30.authorization.v2.EntityEntitlements.ActionsListR\x05value:\x02\x38\x01\"\xe4\x03\n\x08Resource\x12!\n\x0c\x65phemeral_id\x18\x01 \x01(\tR\x0b\x65phemeralId\x12\xb0\x02\n\x10\x61ttribute_values\x18\x02 \x01(\x0b\x32*.authorization.v2.Resource.AttributeValuesB\xd6\x01\xbaH\xd2\x01\xba\x01\xce\x01\n\x19\x61ttribute_values_required\x12\\if provided, resource.attribute_values must be between 1 and 20 in count with all valid FQNs\x1aSthis.fqns.size() > 0 && this.fqns.size() <= 20 && this.fqns.all(item, item.isUri())H\x00R\x0f\x61ttributeValues\x12O\n\x1dregistered_resource_value_fqn\x18\x03 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01H\x00R\x1aregisteredResourceValueFqn\x1a%\n\x0f\x41ttributeValues\x12\x12\n\x04\x66qns\x18\x01 \x03(\tR\x04\x66qnsB\n\n\x08resource\"\xb1\x01\n\x10ResourceDecision\x12\x32\n\x15\x65phemeral_resource_id\x18\x01 \x01(\tR\x13\x65phemeralResourceId\x12\x36\n\x08\x64\x65\x63ision\x18\x02 \x01(\x0e\x32\x1a.authorization.v2.DecisionR\x08\x64\x65\x63ision\x12\x31\n\x14required_obligations\x18\x03 \x03(\tR\x13requiredObligations\"\xd6\x04\n\x12GetDecisionRequest\x12W\n\x11\x65ntity_identifier\x18\x01 \x01(\x0b\x32\".authorization.v2.EntityIdentifierB\x06\xbaH\x03\xc8\x01\x01R\x10\x65ntityIdentifier\x12.\n\x06\x61\x63tion\x18\x02 \x01(\x0b\x32\x0e.policy.ActionB\x06\xbaH\x03\xc8\x01\x01R\x06\x61\x63tion\x12>\n\x08resource\x18\x03 \x01(\x0b\x32\x1a.authorization.v2.ResourceB\x06\xbaH\x03\xc8\x01\x01R\x08resource\x12\x8f\x02\n\x1b\x66ulfillable_obligation_fqns\x18\x04 \x03(\tB\xce\x01\xbaH\xca\x01\xba\x01\xc6\x01\n\x1bobligation_value_fqns_valid\x12^if provided, fulfillable_obligation_fqns must be between 1 and 50 in count with all valid FQNs\x1aGthis.size() == 0 || (this.size() <= 50 && this.all(item, item.isUri()))R\x19\x66ulfillableObligationFqns:e\xbaHb\x1a`\n)get_decision_request.action_name_required\x12\x1c\x61\x63tion.name must be provided\x1a\x15has(this.action.name)\"U\n\x13GetDecisionResponse\x12>\n\x08\x64\x65\x63ision\x18\x01 \x01(\x0b\x32\".authorization.v2.ResourceDecisionR\x08\x64\x65\x63ision\"\xf0\x04\n\x1fGetDecisionMultiResourceRequest\x12W\n\x11\x65ntity_identifier\x18\x01 \x01(\x0b\x32\".authorization.v2.EntityIdentifierB\x06\xbaH\x03\xc8\x01\x01R\x10\x65ntityIdentifier\x12.\n\x06\x61\x63tion\x18\x02 \x01(\x0b\x32\x0e.policy.ActionB\x06\xbaH\x03\xc8\x01\x01R\x06\x61\x63tion\x12\x45\n\tresources\x18\x03 \x03(\x0b\x32\x1a.authorization.v2.ResourceB\x0b\xbaH\x08\x92\x01\x05\x08\x01\x10\xe8\x07R\tresources\x12\x8f\x02\n\x1b\x66ulfillable_obligation_fqns\x18\x04 \x03(\tB\xce\x01\xbaH\xca\x01\xba\x01\xc6\x01\n\x1bobligation_value_fqns_valid\x12^if provided, fulfillable_obligation_fqns must be between 1 and 50 in count with all valid FQNs\x1aGthis.size() == 0 || (this.size() <= 50 && this.all(item, item.isUri()))R\x19\x66ulfillableObligationFqns:k\xbaHh\x1a\x66\n/get_decision_multi_request.action_name_required\x12\x1c\x61\x63tion.name must be provided\x1a\x15has(this.action.name)\"\xb6\x01\n GetDecisionMultiResourceResponse\x12?\n\rall_permitted\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValueR\x0c\x61llPermitted\x12Q\n\x12resource_decisions\x18\x02 \x03(\x0b\x32\".authorization.v2.ResourceDecisionR\x11resourceDecisions\"\x85\x01\n\x16GetDecisionBulkRequest\x12k\n\x11\x64\x65\x63ision_requests\x18\x01 \x03(\x0b\x32\x31.authorization.v2.GetDecisionMultiResourceRequestB\x0b\xbaH\x08\x92\x01\x05\x08\x01\x10\xc8\x01R\x10\x64\x65\x63isionRequests\"|\n\x17GetDecisionBulkResponse\x12\x61\n\x12\x64\x65\x63ision_responses\x18\x01 \x03(\x0b\x32\x32.authorization.v2.GetDecisionMultiResourceResponseR\x11\x64\x65\x63isionResponses\"\xd9\x01\n\x16GetEntitlementsRequest\x12W\n\x11\x65ntity_identifier\x18\x01 \x01(\x0b\x32\".authorization.v2.EntityIdentifierB\x06\xbaH\x03\xc8\x01\x01R\x10\x65ntityIdentifier\x12\x45\n\x1cwith_comprehensive_hierarchy\x18\x02 \x01(\x08H\x00R\x1awithComprehensiveHierarchy\x88\x01\x01\x42\x1f\n\x1d_with_comprehensive_hierarchy\"c\n\x17GetEntitlementsResponse\x12H\n\x0c\x65ntitlements\x18\x01 \x03(\x0b\x32$.authorization.v2.EntityEntitlementsR\x0c\x65ntitlements*L\n\x08\x44\x65\x63ision\x12\x18\n\x14\x44\x45\x43ISION_UNSPECIFIED\x10\x00\x12\x11\n\rDECISION_DENY\x10\x01\x12\x13\n\x0f\x44\x45\x43ISION_PERMIT\x10\x02\x32\xce\x03\n\x14\x41uthorizationService\x12\\\n\x0bGetDecision\x12$.authorization.v2.GetDecisionRequest\x1a%.authorization.v2.GetDecisionResponse\"\x00\x12\x83\x01\n\x18GetDecisionMultiResource\x12\x31.authorization.v2.GetDecisionMultiResourceRequest\x1a\x32.authorization.v2.GetDecisionMultiResourceResponse\"\x00\x12h\n\x0fGetDecisionBulk\x12(.authorization.v2.GetDecisionBulkRequest\x1a).authorization.v2.GetDecisionBulkResponse\"\x00\x12h\n\x0fGetEntitlements\x12(.authorization.v2.GetEntitlementsRequest\x1a).authorization.v2.GetEntitlementsResponse\"\x00\x42\x8b\x01\n\x14\x63om.authorization.v2B\x12\x41uthorizationProtoP\x01\xa2\x02\x03\x41XX\xaa\x02\x10\x41uthorization.V2\xca\x02\x10\x41uthorization\\V2\xe2\x02\x1c\x41uthorization\\V2\\GPBMetadata\xea\x02\x11\x41uthorization::V2b\x06proto3') _globals = globals() _builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals) @@ -44,6 +44,8 @@ _globals['_ENTITYIDENTIFIER'].fields_by_name['registered_resource_value_fqn']._serialized_options = b'\272H\007r\005\020\001\210\001\001' _globals['_ENTITYIDENTIFIER'].fields_by_name['token']._loaded_options = None _globals['_ENTITYIDENTIFIER'].fields_by_name['token']._serialized_options = b'\272HQ\272\001N\n\016token_required\022\026token must be provided\032$has(this.jwt) && this.jwt.size() > 0' + _globals['_ENTITYIDENTIFIER'].fields_by_name['with_request_token']._loaded_options = None + _globals['_ENTITYIDENTIFIER'].fields_by_name['with_request_token']._serialized_options = b'\272H\\\272\001Y\n\037with_request_token_must_be_true\022(with_request_token must be true when set\032\014this == true' _globals['_ENTITYENTITLEMENTS_ACTIONSPERATTRIBUTEVALUEFQNENTRY']._loaded_options = None _globals['_ENTITYENTITLEMENTS_ACTIONSPERATTRIBUTEVALUEFQNENTRY']._serialized_options = b'8\001' _globals['_RESOURCE'].fields_by_name['attribute_values']._loaded_options = None @@ -56,6 +58,8 @@ _globals['_GETDECISIONREQUEST'].fields_by_name['action']._serialized_options = b'\272H\003\310\001\001' _globals['_GETDECISIONREQUEST'].fields_by_name['resource']._loaded_options = None _globals['_GETDECISIONREQUEST'].fields_by_name['resource']._serialized_options = b'\272H\003\310\001\001' + _globals['_GETDECISIONREQUEST'].fields_by_name['fulfillable_obligation_fqns']._loaded_options = None + _globals['_GETDECISIONREQUEST'].fields_by_name['fulfillable_obligation_fqns']._serialized_options = b'\272H\312\001\272\001\306\001\n\033obligation_value_fqns_valid\022^if provided, fulfillable_obligation_fqns must be between 1 and 50 in count with all valid FQNs\032Gthis.size() == 0 || (this.size() <= 50 && this.all(item, item.isUri()))' _globals['_GETDECISIONREQUEST']._loaded_options = None _globals['_GETDECISIONREQUEST']._serialized_options = b'\272Hb\032`\n)get_decision_request.action_name_required\022\034action.name must be provided\032\025has(this.action.name)' _globals['_GETDECISIONMULTIRESOURCEREQUEST'].fields_by_name['entity_identifier']._loaded_options = None @@ -64,44 +68,46 @@ _globals['_GETDECISIONMULTIRESOURCEREQUEST'].fields_by_name['action']._serialized_options = b'\272H\003\310\001\001' _globals['_GETDECISIONMULTIRESOURCEREQUEST'].fields_by_name['resources']._loaded_options = None _globals['_GETDECISIONMULTIRESOURCEREQUEST'].fields_by_name['resources']._serialized_options = b'\272H\010\222\001\005\010\001\020\350\007' + _globals['_GETDECISIONMULTIRESOURCEREQUEST'].fields_by_name['fulfillable_obligation_fqns']._loaded_options = None + _globals['_GETDECISIONMULTIRESOURCEREQUEST'].fields_by_name['fulfillable_obligation_fqns']._serialized_options = b'\272H\312\001\272\001\306\001\n\033obligation_value_fqns_valid\022^if provided, fulfillable_obligation_fqns must be between 1 and 50 in count with all valid FQNs\032Gthis.size() == 0 || (this.size() <= 50 && this.all(item, item.isUri()))' _globals['_GETDECISIONMULTIRESOURCEREQUEST']._loaded_options = None _globals['_GETDECISIONMULTIRESOURCEREQUEST']._serialized_options = b'\272Hh\032f\n/get_decision_multi_request.action_name_required\022\034action.name must be provided\032\025has(this.action.name)' _globals['_GETDECISIONBULKREQUEST'].fields_by_name['decision_requests']._loaded_options = None _globals['_GETDECISIONBULKREQUEST'].fields_by_name['decision_requests']._serialized_options = b'\272H\010\222\001\005\010\001\020\310\001' _globals['_GETENTITLEMENTSREQUEST'].fields_by_name['entity_identifier']._loaded_options = None _globals['_GETENTITLEMENTSREQUEST'].fields_by_name['entity_identifier']._serialized_options = b'\272H\003\310\001\001' - _globals['_DECISION']._serialized_start=3176 - _globals['_DECISION']._serialized_end=3252 + _globals['_DECISION']._serialized_start=3950 + _globals['_DECISION']._serialized_end=4026 _globals['_ENTITYIDENTIFIER']._serialized_start=163 - _globals['_ENTITYIDENTIFIER']._serialized_end=636 - _globals['_ENTITYENTITLEMENTS']._serialized_start=639 - _globals['_ENTITYENTITLEMENTS']._serialized_end=1024 - _globals['_ENTITYENTITLEMENTS_ACTIONSLIST']._serialized_start=838 - _globals['_ENTITYENTITLEMENTS_ACTIONSLIST']._serialized_end=893 - _globals['_ENTITYENTITLEMENTS_ACTIONSPERATTRIBUTEVALUEFQNENTRY']._serialized_start=896 - _globals['_ENTITYENTITLEMENTS_ACTIONSPERATTRIBUTEVALUEFQNENTRY']._serialized_end=1024 - _globals['_RESOURCE']._serialized_start=1027 - _globals['_RESOURCE']._serialized_end=1511 - _globals['_RESOURCE_ATTRIBUTEVALUES']._serialized_start=1462 - _globals['_RESOURCE_ATTRIBUTEVALUES']._serialized_end=1499 - _globals['_RESOURCEDECISION']._serialized_start=1513 - _globals['_RESOURCEDECISION']._serialized_end=1639 - _globals['_GETDECISIONREQUEST']._serialized_start=1642 - _globals['_GETDECISIONREQUEST']._serialized_end=1966 - _globals['_GETDECISIONRESPONSE']._serialized_start=1968 - _globals['_GETDECISIONRESPONSE']._serialized_end=2053 - _globals['_GETDECISIONMULTIRESOURCEREQUEST']._serialized_start=2056 - _globals['_GETDECISIONMULTIRESOURCEREQUEST']._serialized_end=2406 - _globals['_GETDECISIONMULTIRESOURCERESPONSE']._serialized_start=2409 - _globals['_GETDECISIONMULTIRESOURCERESPONSE']._serialized_end=2591 - _globals['_GETDECISIONBULKREQUEST']._serialized_start=2594 - _globals['_GETDECISIONBULKREQUEST']._serialized_end=2727 - _globals['_GETDECISIONBULKRESPONSE']._serialized_start=2729 - _globals['_GETDECISIONBULKRESPONSE']._serialized_end=2853 - _globals['_GETENTITLEMENTSREQUEST']._serialized_start=2856 - _globals['_GETENTITLEMENTSREQUEST']._serialized_end=3073 - _globals['_GETENTITLEMENTSRESPONSE']._serialized_start=3075 - _globals['_GETENTITLEMENTSRESPONSE']._serialized_end=3174 - _globals['_AUTHORIZATIONSERVICE']._serialized_start=3255 - _globals['_AUTHORIZATIONSERVICE']._serialized_end=3717 + _globals['_ENTITYIDENTIFIER']._serialized_end=810 + _globals['_ENTITYENTITLEMENTS']._serialized_start=813 + _globals['_ENTITYENTITLEMENTS']._serialized_end=1198 + _globals['_ENTITYENTITLEMENTS_ACTIONSLIST']._serialized_start=1012 + _globals['_ENTITYENTITLEMENTS_ACTIONSLIST']._serialized_end=1067 + _globals['_ENTITYENTITLEMENTS_ACTIONSPERATTRIBUTEVALUEFQNENTRY']._serialized_start=1070 + _globals['_ENTITYENTITLEMENTS_ACTIONSPERATTRIBUTEVALUEFQNENTRY']._serialized_end=1198 + _globals['_RESOURCE']._serialized_start=1201 + _globals['_RESOURCE']._serialized_end=1685 + _globals['_RESOURCE_ATTRIBUTEVALUES']._serialized_start=1636 + _globals['_RESOURCE_ATTRIBUTEVALUES']._serialized_end=1673 + _globals['_RESOURCEDECISION']._serialized_start=1688 + _globals['_RESOURCEDECISION']._serialized_end=1865 + _globals['_GETDECISIONREQUEST']._serialized_start=1868 + _globals['_GETDECISIONREQUEST']._serialized_end=2466 + _globals['_GETDECISIONRESPONSE']._serialized_start=2468 + _globals['_GETDECISIONRESPONSE']._serialized_end=2553 + _globals['_GETDECISIONMULTIRESOURCEREQUEST']._serialized_start=2556 + _globals['_GETDECISIONMULTIRESOURCEREQUEST']._serialized_end=3180 + _globals['_GETDECISIONMULTIRESOURCERESPONSE']._serialized_start=3183 + _globals['_GETDECISIONMULTIRESOURCERESPONSE']._serialized_end=3365 + _globals['_GETDECISIONBULKREQUEST']._serialized_start=3368 + _globals['_GETDECISIONBULKREQUEST']._serialized_end=3501 + _globals['_GETDECISIONBULKRESPONSE']._serialized_start=3503 + _globals['_GETDECISIONBULKRESPONSE']._serialized_end=3627 + _globals['_GETENTITLEMENTSREQUEST']._serialized_start=3630 + _globals['_GETENTITLEMENTSREQUEST']._serialized_end=3847 + _globals['_GETENTITLEMENTSRESPONSE']._serialized_start=3849 + _globals['_GETENTITLEMENTSRESPONSE']._serialized_end=3948 + _globals['_AUTHORIZATIONSERVICE']._serialized_start=4029 + _globals['_AUTHORIZATIONSERVICE']._serialized_end=4491 # @@protoc_insertion_point(module_scope) diff --git a/otdf-python-proto/src/otdf_python_proto/authorization/v2/authorization_pb2.pyi b/otdf-python-proto/src/otdf_python_proto/authorization/v2/authorization_pb2.pyi index 925685d..2cad49b 100644 --- a/otdf-python-proto/src/otdf_python_proto/authorization/v2/authorization_pb2.pyi +++ b/otdf-python-proto/src/otdf_python_proto/authorization/v2/authorization_pb2.pyi @@ -21,14 +21,16 @@ DECISION_DENY: Decision DECISION_PERMIT: Decision class EntityIdentifier(_message.Message): - __slots__ = ("entity_chain", "registered_resource_value_fqn", "token") + __slots__ = ("entity_chain", "registered_resource_value_fqn", "token", "with_request_token") ENTITY_CHAIN_FIELD_NUMBER: _ClassVar[int] REGISTERED_RESOURCE_VALUE_FQN_FIELD_NUMBER: _ClassVar[int] TOKEN_FIELD_NUMBER: _ClassVar[int] + WITH_REQUEST_TOKEN_FIELD_NUMBER: _ClassVar[int] entity_chain: _entity_pb2.EntityChain registered_resource_value_fqn: str token: _entity_pb2.Token - def __init__(self, entity_chain: _Optional[_Union[_entity_pb2.EntityChain, _Mapping]] = ..., registered_resource_value_fqn: _Optional[str] = ..., token: _Optional[_Union[_entity_pb2.Token, _Mapping]] = ...) -> None: ... + with_request_token: _wrappers_pb2.BoolValue + def __init__(self, entity_chain: _Optional[_Union[_entity_pb2.EntityChain, _Mapping]] = ..., registered_resource_value_fqn: _Optional[str] = ..., token: _Optional[_Union[_entity_pb2.Token, _Mapping]] = ..., with_request_token: _Optional[_Union[_wrappers_pb2.BoolValue, _Mapping]] = ...) -> None: ... class EntityEntitlements(_message.Message): __slots__ = ("ephemeral_id", "actions_per_attribute_value_fqn") @@ -66,22 +68,26 @@ class Resource(_message.Message): def __init__(self, ephemeral_id: _Optional[str] = ..., attribute_values: _Optional[_Union[Resource.AttributeValues, _Mapping]] = ..., registered_resource_value_fqn: _Optional[str] = ...) -> None: ... class ResourceDecision(_message.Message): - __slots__ = ("ephemeral_resource_id", "decision") + __slots__ = ("ephemeral_resource_id", "decision", "required_obligations") EPHEMERAL_RESOURCE_ID_FIELD_NUMBER: _ClassVar[int] DECISION_FIELD_NUMBER: _ClassVar[int] + REQUIRED_OBLIGATIONS_FIELD_NUMBER: _ClassVar[int] ephemeral_resource_id: str decision: Decision - def __init__(self, ephemeral_resource_id: _Optional[str] = ..., decision: _Optional[_Union[Decision, str]] = ...) -> None: ... + required_obligations: _containers.RepeatedScalarFieldContainer[str] + def __init__(self, ephemeral_resource_id: _Optional[str] = ..., decision: _Optional[_Union[Decision, str]] = ..., required_obligations: _Optional[_Iterable[str]] = ...) -> None: ... class GetDecisionRequest(_message.Message): - __slots__ = ("entity_identifier", "action", "resource") + __slots__ = ("entity_identifier", "action", "resource", "fulfillable_obligation_fqns") ENTITY_IDENTIFIER_FIELD_NUMBER: _ClassVar[int] ACTION_FIELD_NUMBER: _ClassVar[int] RESOURCE_FIELD_NUMBER: _ClassVar[int] + FULFILLABLE_OBLIGATION_FQNS_FIELD_NUMBER: _ClassVar[int] entity_identifier: EntityIdentifier action: _objects_pb2.Action resource: Resource - def __init__(self, entity_identifier: _Optional[_Union[EntityIdentifier, _Mapping]] = ..., action: _Optional[_Union[_objects_pb2.Action, _Mapping]] = ..., resource: _Optional[_Union[Resource, _Mapping]] = ...) -> None: ... + fulfillable_obligation_fqns: _containers.RepeatedScalarFieldContainer[str] + def __init__(self, entity_identifier: _Optional[_Union[EntityIdentifier, _Mapping]] = ..., action: _Optional[_Union[_objects_pb2.Action, _Mapping]] = ..., resource: _Optional[_Union[Resource, _Mapping]] = ..., fulfillable_obligation_fqns: _Optional[_Iterable[str]] = ...) -> None: ... class GetDecisionResponse(_message.Message): __slots__ = ("decision",) @@ -90,14 +96,16 @@ class GetDecisionResponse(_message.Message): def __init__(self, decision: _Optional[_Union[ResourceDecision, _Mapping]] = ...) -> None: ... class GetDecisionMultiResourceRequest(_message.Message): - __slots__ = ("entity_identifier", "action", "resources") + __slots__ = ("entity_identifier", "action", "resources", "fulfillable_obligation_fqns") ENTITY_IDENTIFIER_FIELD_NUMBER: _ClassVar[int] ACTION_FIELD_NUMBER: _ClassVar[int] RESOURCES_FIELD_NUMBER: _ClassVar[int] + FULFILLABLE_OBLIGATION_FQNS_FIELD_NUMBER: _ClassVar[int] entity_identifier: EntityIdentifier action: _objects_pb2.Action resources: _containers.RepeatedCompositeFieldContainer[Resource] - def __init__(self, entity_identifier: _Optional[_Union[EntityIdentifier, _Mapping]] = ..., action: _Optional[_Union[_objects_pb2.Action, _Mapping]] = ..., resources: _Optional[_Iterable[_Union[Resource, _Mapping]]] = ...) -> None: ... + fulfillable_obligation_fqns: _containers.RepeatedScalarFieldContainer[str] + def __init__(self, entity_identifier: _Optional[_Union[EntityIdentifier, _Mapping]] = ..., action: _Optional[_Union[_objects_pb2.Action, _Mapping]] = ..., resources: _Optional[_Iterable[_Union[Resource, _Mapping]]] = ..., fulfillable_obligation_fqns: _Optional[_Iterable[str]] = ...) -> None: ... class GetDecisionMultiResourceResponse(_message.Message): __slots__ = ("all_permitted", "resource_decisions") diff --git a/otdf-python-proto/src/otdf_python_proto/common/common_pb2.py b/otdf-python-proto/src/otdf_python_proto/common/common_pb2.py index 51caa90..960a3c3 100644 --- a/otdf-python-proto/src/otdf_python_proto/common/common_pb2.py +++ b/otdf-python-proto/src/otdf_python_proto/common/common_pb2.py @@ -23,9 +23,10 @@ from google.protobuf import timestamp_pb2 as google_dot_protobuf_dot_timestamp__pb2 +from buf.validate import validate_pb2 as buf_dot_validate_dot_validate__pb2 -DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x13\x63ommon/common.proto\x12\x06\x63ommon\x1a\x1fgoogle/protobuf/timestamp.proto\"\xf1\x01\n\x08Metadata\x12\x39\n\ncreated_at\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.TimestampR\tcreatedAt\x12\x39\n\nupdated_at\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampR\tupdatedAt\x12\x34\n\x06labels\x18\x03 \x03(\x0b\x32\x1c.common.Metadata.LabelsEntryR\x06labels\x1a\x39\n\x0bLabelsEntry\x12\x10\n\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n\x05value\x18\x02 \x01(\tR\x05value:\x02\x38\x01\"\x89\x01\n\x0fMetadataMutable\x12;\n\x06labels\x18\x03 \x03(\x0b\x32#.common.MetadataMutable.LabelsEntryR\x06labels\x1a\x39\n\x0bLabelsEntry\x12\x10\n\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n\x05value\x18\x02 \x01(\tR\x05value:\x02\x38\x01*}\n\x12MetadataUpdateEnum\x12$\n METADATA_UPDATE_ENUM_UNSPECIFIED\x10\x00\x12\x1f\n\x1bMETADATA_UPDATE_ENUM_EXTEND\x10\x01\x12 \n\x1cMETADATA_UPDATE_ENUM_REPLACE\x10\x02*\x8d\x01\n\x0f\x41\x63tiveStateEnum\x12!\n\x1d\x41\x43TIVE_STATE_ENUM_UNSPECIFIED\x10\x00\x12\x1c\n\x18\x41\x43TIVE_STATE_ENUM_ACTIVE\x10\x01\x12\x1e\n\x1a\x41\x43TIVE_STATE_ENUM_INACTIVE\x10\x02\x12\x19\n\x15\x41\x43TIVE_STATE_ENUM_ANY\x10\x03\x42Q\n\ncom.commonB\x0b\x43ommonProtoP\x01\xa2\x02\x03\x43XX\xaa\x02\x06\x43ommon\xca\x02\x06\x43ommon\xe2\x02\x12\x43ommon\\GPBMetadata\xea\x02\x06\x43ommonb\x06proto3') +DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x13\x63ommon/common.proto\x12\x06\x63ommon\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x1b\x62uf/validate/validate.proto\"\xd2\x02\n\x10IdNameIdentifier\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x90\x02\n\x04name\x18\x02 \x01(\tB\xfb\x01\xbaH\xf7\x01r\x05\x10\x01\x18\xfd\x01\xba\x01\xec\x01\n\x0bname_format\x12\x9f\x01Name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored name will be normalized to lower case.\x1a;this.matches(\'^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$\')R\x04name:\x11\xbaH\x0e\"\x0c\n\x02id\n\x04name\x10\x01\"[\n\x0fIdFqnIdentifier\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x1c\n\x03\x66qn\x18\x02 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01R\x03\x66qn:\x10\xbaH\r\"\x0b\n\x02id\n\x03\x66qn\x10\x01\"\xf1\x01\n\x08Metadata\x12\x39\n\ncreated_at\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.TimestampR\tcreatedAt\x12\x39\n\nupdated_at\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampR\tupdatedAt\x12\x34\n\x06labels\x18\x03 \x03(\x0b\x32\x1c.common.Metadata.LabelsEntryR\x06labels\x1a\x39\n\x0bLabelsEntry\x12\x10\n\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n\x05value\x18\x02 \x01(\tR\x05value:\x02\x38\x01\"\x89\x01\n\x0fMetadataMutable\x12;\n\x06labels\x18\x03 \x03(\x0b\x32#.common.MetadataMutable.LabelsEntryR\x06labels\x1a\x39\n\x0bLabelsEntry\x12\x10\n\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n\x05value\x18\x02 \x01(\tR\x05value:\x02\x38\x01*}\n\x12MetadataUpdateEnum\x12$\n METADATA_UPDATE_ENUM_UNSPECIFIED\x10\x00\x12\x1f\n\x1bMETADATA_UPDATE_ENUM_EXTEND\x10\x01\x12 \n\x1cMETADATA_UPDATE_ENUM_REPLACE\x10\x02*\x8d\x01\n\x0f\x41\x63tiveStateEnum\x12!\n\x1d\x41\x43TIVE_STATE_ENUM_UNSPECIFIED\x10\x00\x12\x1c\n\x18\x41\x43TIVE_STATE_ENUM_ACTIVE\x10\x01\x12\x1e\n\x1a\x41\x43TIVE_STATE_ENUM_INACTIVE\x10\x02\x12\x19\n\x15\x41\x43TIVE_STATE_ENUM_ANY\x10\x03\x42Q\n\ncom.commonB\x0b\x43ommonProtoP\x01\xa2\x02\x03\x43XX\xaa\x02\x06\x43ommon\xca\x02\x06\x43ommon\xe2\x02\x12\x43ommon\\GPBMetadata\xea\x02\x06\x43ommonb\x06proto3') _globals = globals() _builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals) @@ -33,20 +34,36 @@ if not _descriptor._USE_C_DESCRIPTORS: _globals['DESCRIPTOR']._loaded_options = None _globals['DESCRIPTOR']._serialized_options = b'\n\ncom.commonB\013CommonProtoP\001\242\002\003CXX\252\002\006Common\312\002\006Common\342\002\022Common\\GPBMetadata\352\002\006Common' + _globals['_IDNAMEIDENTIFIER'].fields_by_name['id']._loaded_options = None + _globals['_IDNAMEIDENTIFIER'].fields_by_name['id']._serialized_options = b'\272H\005r\003\260\001\001' + _globals['_IDNAMEIDENTIFIER'].fields_by_name['name']._loaded_options = None + _globals['_IDNAMEIDENTIFIER'].fields_by_name['name']._serialized_options = b'\272H\367\001r\005\020\001\030\375\001\272\001\354\001\n\013name_format\022\237\001Name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored name will be normalized to lower case.\032;this.matches(\'^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$\')' + _globals['_IDNAMEIDENTIFIER']._loaded_options = None + _globals['_IDNAMEIDENTIFIER']._serialized_options = b'\272H\016\"\014\n\002id\n\004name\020\001' + _globals['_IDFQNIDENTIFIER'].fields_by_name['id']._loaded_options = None + _globals['_IDFQNIDENTIFIER'].fields_by_name['id']._serialized_options = b'\272H\005r\003\260\001\001' + _globals['_IDFQNIDENTIFIER'].fields_by_name['fqn']._loaded_options = None + _globals['_IDFQNIDENTIFIER'].fields_by_name['fqn']._serialized_options = b'\272H\007r\005\020\001\210\001\001' + _globals['_IDFQNIDENTIFIER']._loaded_options = None + _globals['_IDFQNIDENTIFIER']._serialized_options = b'\272H\r\"\013\n\002id\n\003fqn\020\001' _globals['_METADATA_LABELSENTRY']._loaded_options = None _globals['_METADATA_LABELSENTRY']._serialized_options = b'8\001' _globals['_METADATAMUTABLE_LABELSENTRY']._loaded_options = None _globals['_METADATAMUTABLE_LABELSENTRY']._serialized_options = b'8\001' - _globals['_METADATAUPDATEENUM']._serialized_start=448 - _globals['_METADATAUPDATEENUM']._serialized_end=573 - _globals['_ACTIVESTATEENUM']._serialized_start=576 - _globals['_ACTIVESTATEENUM']._serialized_end=717 - _globals['_METADATA']._serialized_start=65 - _globals['_METADATA']._serialized_end=306 - _globals['_METADATA_LABELSENTRY']._serialized_start=249 - _globals['_METADATA_LABELSENTRY']._serialized_end=306 - _globals['_METADATAMUTABLE']._serialized_start=309 - _globals['_METADATAMUTABLE']._serialized_end=446 - _globals['_METADATAMUTABLE_LABELSENTRY']._serialized_start=249 - _globals['_METADATAMUTABLE_LABELSENTRY']._serialized_end=306 + _globals['_METADATAUPDATEENUM']._serialized_start=911 + _globals['_METADATAUPDATEENUM']._serialized_end=1036 + _globals['_ACTIVESTATEENUM']._serialized_start=1039 + _globals['_ACTIVESTATEENUM']._serialized_end=1180 + _globals['_IDNAMEIDENTIFIER']._serialized_start=94 + _globals['_IDNAMEIDENTIFIER']._serialized_end=432 + _globals['_IDFQNIDENTIFIER']._serialized_start=434 + _globals['_IDFQNIDENTIFIER']._serialized_end=525 + _globals['_METADATA']._serialized_start=528 + _globals['_METADATA']._serialized_end=769 + _globals['_METADATA_LABELSENTRY']._serialized_start=712 + _globals['_METADATA_LABELSENTRY']._serialized_end=769 + _globals['_METADATAMUTABLE']._serialized_start=772 + _globals['_METADATAMUTABLE']._serialized_end=909 + _globals['_METADATAMUTABLE_LABELSENTRY']._serialized_start=712 + _globals['_METADATAMUTABLE_LABELSENTRY']._serialized_end=769 # @@protoc_insertion_point(module_scope) diff --git a/otdf-python-proto/src/otdf_python_proto/common/common_pb2.pyi b/otdf-python-proto/src/otdf_python_proto/common/common_pb2.pyi index acd0f4e..4752bae 100644 --- a/otdf-python-proto/src/otdf_python_proto/common/common_pb2.pyi +++ b/otdf-python-proto/src/otdf_python_proto/common/common_pb2.pyi @@ -1,6 +1,7 @@ import datetime from google.protobuf import timestamp_pb2 as _timestamp_pb2 +from buf.validate import validate_pb2 as _validate_pb2 from google.protobuf.internal import containers as _containers from google.protobuf.internal import enum_type_wrapper as _enum_type_wrapper from google.protobuf import descriptor as _descriptor @@ -30,6 +31,22 @@ ACTIVE_STATE_ENUM_ACTIVE: ActiveStateEnum ACTIVE_STATE_ENUM_INACTIVE: ActiveStateEnum ACTIVE_STATE_ENUM_ANY: ActiveStateEnum +class IdNameIdentifier(_message.Message): + __slots__ = ("id", "name") + ID_FIELD_NUMBER: _ClassVar[int] + NAME_FIELD_NUMBER: _ClassVar[int] + id: str + name: str + def __init__(self, id: _Optional[str] = ..., name: _Optional[str] = ...) -> None: ... + +class IdFqnIdentifier(_message.Message): + __slots__ = ("id", "fqn") + ID_FIELD_NUMBER: _ClassVar[int] + FQN_FIELD_NUMBER: _ClassVar[int] + id: str + fqn: str + def __init__(self, id: _Optional[str] = ..., fqn: _Optional[str] = ...) -> None: ... + class Metadata(_message.Message): __slots__ = ("created_at", "updated_at", "labels") class LabelsEntry(_message.Message): diff --git a/otdf-python-proto/src/otdf_python_proto/entityresolution/v2/entity_resolution_pb2.py b/otdf-python-proto/src/otdf_python_proto/entityresolution/v2/entity_resolution_pb2.py index 84fed25..a7e69b9 100644 --- a/otdf-python-proto/src/otdf_python_proto/entityresolution/v2/entity_resolution_pb2.py +++ b/otdf-python-proto/src/otdf_python_proto/entityresolution/v2/entity_resolution_pb2.py @@ -26,9 +26,10 @@ from entity import entity_pb2 as entity_dot_entity__pb2 from google.protobuf import any_pb2 as google_dot_protobuf_dot_any__pb2 from google.protobuf import struct_pb2 as google_dot_protobuf_dot_struct__pb2 +from authorization.v2 import authorization_pb2 as authorization_dot_v2_dot_authorization__pb2 -DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n+entityresolution/v2/entity_resolution.proto\x12\x13\x65ntityresolution.v2\x1a\x1b\x62uf/validate/validate.proto\x1a\x13\x65ntity/entity.proto\x1a\x19google/protobuf/any.proto\x1a\x1cgoogle/protobuf/struct.proto\"{\n\x14\x45ntityRepresentation\x12\x1f\n\x0boriginal_id\x18\x01 \x01(\tR\noriginalId\x12\x42\n\x10\x61\x64\x64itional_props\x18\x02 \x03(\x0b\x32\x17.google.protobuf.StructR\x0f\x61\x64\x64itionalProps\"Q\n\x16ResolveEntitiesRequest\x12\x37\n\x08\x65ntities\x18\x01 \x03(\x0b\x32\x0e.entity.EntityB\x0b\xbaH\x08\x92\x01\x02\x08\x01\xc8\x01\x01R\x08\x65ntities\"{\n\x17ResolveEntitiesResponse\x12`\n\x16\x65ntity_representations\x18\x01 \x03(\x0b\x32).entityresolution.v2.EntityRepresentationR\x15\x65ntityRepresentations\"\x8b\x01\n\x13\x45ntityNotFoundError\x12\x12\n\x04\x63ode\x18\x01 \x01(\x05R\x04\x63ode\x12\x18\n\x07message\x18\x02 \x01(\tR\x07message\x12.\n\x07\x64\x65tails\x18\x03 \x03(\x0b\x32\x14.google.protobuf.AnyR\x07\x64\x65tails\x12\x16\n\x06\x65ntity\x18\x04 \x01(\tR\x06\x65ntity\"L\n#CreateEntityChainsFromTokensRequest\x12%\n\x06tokens\x18\x01 \x03(\x0b\x32\r.entity.TokenR\x06tokens\"`\n$CreateEntityChainsFromTokensResponse\x12\x38\n\rentity_chains\x18\x01 \x03(\x0b\x32\x13.entity.EntityChainR\x0c\x65ntityChains2\xa1\x02\n\x17\x45ntityResolutionService\x12n\n\x0fResolveEntities\x12+.entityresolution.v2.ResolveEntitiesRequest\x1a,.entityresolution.v2.ResolveEntitiesResponse\"\x00\x12\x95\x01\n\x1c\x43reateEntityChainsFromTokens\x12\x38.entityresolution.v2.CreateEntityChainsFromTokensRequest\x1a\x39.entityresolution.v2.CreateEntityChainsFromTokensResponse\"\x00\x42\x9d\x01\n\x17\x63om.entityresolution.v2B\x15\x45ntityResolutionProtoP\x01\xa2\x02\x03\x45XX\xaa\x02\x13\x45ntityresolution.V2\xca\x02\x13\x45ntityresolution\\V2\xe2\x02\x1f\x45ntityresolution\\V2\\GPBMetadata\xea\x02\x14\x45ntityresolution::V2b\x06proto3') +DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n+entityresolution/v2/entity_resolution.proto\x12\x13\x65ntityresolution.v2\x1a\x1b\x62uf/validate/validate.proto\x1a\x13\x65ntity/entity.proto\x1a\x19google/protobuf/any.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a$authorization/v2/authorization.proto\"]\n\x11\x44irectEntitlement\x12.\n\x13\x61ttribute_value_fqn\x18\x01 \x01(\tR\x11\x61ttributeValueFqn\x12\x18\n\x07\x61\x63tions\x18\x02 \x03(\tR\x07\x61\x63tions\"\xd4\x01\n\x14\x45ntityRepresentation\x12\x1f\n\x0boriginal_id\x18\x01 \x01(\tR\noriginalId\x12\x42\n\x10\x61\x64\x64itional_props\x18\x02 \x03(\x0b\x32\x17.google.protobuf.StructR\x0f\x61\x64\x64itionalProps\x12W\n\x13\x64irect_entitlements\x18\x03 \x03(\x0b\x32&.entityresolution.v2.DirectEntitlementR\x12\x64irectEntitlements\"Q\n\x16ResolveEntitiesRequest\x12\x37\n\x08\x65ntities\x18\x01 \x03(\x0b\x32\x0e.entity.EntityB\x0b\xbaH\x08\x92\x01\x02\x08\x01\xc8\x01\x01R\x08\x65ntities\"{\n\x17ResolveEntitiesResponse\x12`\n\x16\x65ntity_representations\x18\x01 \x03(\x0b\x32).entityresolution.v2.EntityRepresentationR\x15\x65ntityRepresentations\"\x8b\x01\n\x13\x45ntityNotFoundError\x12\x12\n\x04\x63ode\x18\x01 \x01(\x05R\x04\x63ode\x12\x18\n\x07message\x18\x02 \x01(\tR\x07message\x12.\n\x07\x64\x65tails\x18\x03 \x03(\x0b\x32\x14.google.protobuf.AnyR\x07\x64\x65tails\x12\x16\n\x06\x65ntity\x18\x04 \x01(\tR\x06\x65ntity\"\x86\x01\n#CreateEntityChainsFromTokensRequest\x12%\n\x06tokens\x18\x01 \x03(\x0b\x32\r.entity.TokenR\x06tokens\x12\x38\n\tresources\x18\x02 \x03(\x0b\x32\x1a.authorization.v2.ResourceR\tresources\"`\n$CreateEntityChainsFromTokensResponse\x12\x38\n\rentity_chains\x18\x01 \x03(\x0b\x32\x13.entity.EntityChainR\x0c\x65ntityChains2\xa1\x02\n\x17\x45ntityResolutionService\x12n\n\x0fResolveEntities\x12+.entityresolution.v2.ResolveEntitiesRequest\x1a,.entityresolution.v2.ResolveEntitiesResponse\"\x00\x12\x95\x01\n\x1c\x43reateEntityChainsFromTokens\x12\x38.entityresolution.v2.CreateEntityChainsFromTokensRequest\x1a\x39.entityresolution.v2.CreateEntityChainsFromTokensResponse\"\x00\x42\x9d\x01\n\x17\x63om.entityresolution.v2B\x15\x45ntityResolutionProtoP\x01\xa2\x02\x03\x45XX\xaa\x02\x13\x45ntityresolution.V2\xca\x02\x13\x45ntityresolution\\V2\xe2\x02\x1f\x45ntityresolution\\V2\\GPBMetadata\xea\x02\x14\x45ntityresolution::V2b\x06proto3') _globals = globals() _builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals) @@ -38,18 +39,20 @@ _globals['DESCRIPTOR']._serialized_options = b'\n\027com.entityresolution.v2B\025EntityResolutionProtoP\001\242\002\003EXX\252\002\023Entityresolution.V2\312\002\023Entityresolution\\V2\342\002\037Entityresolution\\V2\\GPBMetadata\352\002\024Entityresolution::V2' _globals['_RESOLVEENTITIESREQUEST'].fields_by_name['entities']._loaded_options = None _globals['_RESOLVEENTITIESREQUEST'].fields_by_name['entities']._serialized_options = b'\272H\010\222\001\002\010\001\310\001\001' - _globals['_ENTITYREPRESENTATION']._serialized_start=175 - _globals['_ENTITYREPRESENTATION']._serialized_end=298 - _globals['_RESOLVEENTITIESREQUEST']._serialized_start=300 - _globals['_RESOLVEENTITIESREQUEST']._serialized_end=381 - _globals['_RESOLVEENTITIESRESPONSE']._serialized_start=383 - _globals['_RESOLVEENTITIESRESPONSE']._serialized_end=506 - _globals['_ENTITYNOTFOUNDERROR']._serialized_start=509 - _globals['_ENTITYNOTFOUNDERROR']._serialized_end=648 - _globals['_CREATEENTITYCHAINSFROMTOKENSREQUEST']._serialized_start=650 - _globals['_CREATEENTITYCHAINSFROMTOKENSREQUEST']._serialized_end=726 - _globals['_CREATEENTITYCHAINSFROMTOKENSRESPONSE']._serialized_start=728 - _globals['_CREATEENTITYCHAINSFROMTOKENSRESPONSE']._serialized_end=824 - _globals['_ENTITYRESOLUTIONSERVICE']._serialized_start=827 - _globals['_ENTITYRESOLUTIONSERVICE']._serialized_end=1116 + _globals['_DIRECTENTITLEMENT']._serialized_start=213 + _globals['_DIRECTENTITLEMENT']._serialized_end=306 + _globals['_ENTITYREPRESENTATION']._serialized_start=309 + _globals['_ENTITYREPRESENTATION']._serialized_end=521 + _globals['_RESOLVEENTITIESREQUEST']._serialized_start=523 + _globals['_RESOLVEENTITIESREQUEST']._serialized_end=604 + _globals['_RESOLVEENTITIESRESPONSE']._serialized_start=606 + _globals['_RESOLVEENTITIESRESPONSE']._serialized_end=729 + _globals['_ENTITYNOTFOUNDERROR']._serialized_start=732 + _globals['_ENTITYNOTFOUNDERROR']._serialized_end=871 + _globals['_CREATEENTITYCHAINSFROMTOKENSREQUEST']._serialized_start=874 + _globals['_CREATEENTITYCHAINSFROMTOKENSREQUEST']._serialized_end=1008 + _globals['_CREATEENTITYCHAINSFROMTOKENSRESPONSE']._serialized_start=1010 + _globals['_CREATEENTITYCHAINSFROMTOKENSRESPONSE']._serialized_end=1106 + _globals['_ENTITYRESOLUTIONSERVICE']._serialized_start=1109 + _globals['_ENTITYRESOLUTIONSERVICE']._serialized_end=1398 # @@protoc_insertion_point(module_scope) diff --git a/otdf-python-proto/src/otdf_python_proto/entityresolution/v2/entity_resolution_pb2.pyi b/otdf-python-proto/src/otdf_python_proto/entityresolution/v2/entity_resolution_pb2.pyi index f6374cf..8c0dee6 100644 --- a/otdf-python-proto/src/otdf_python_proto/entityresolution/v2/entity_resolution_pb2.pyi +++ b/otdf-python-proto/src/otdf_python_proto/entityresolution/v2/entity_resolution_pb2.pyi @@ -2,6 +2,7 @@ from buf.validate import validate_pb2 as _validate_pb2 from entity import entity_pb2 as _entity_pb2 from google.protobuf import any_pb2 as _any_pb2 from google.protobuf import struct_pb2 as _struct_pb2 +from authorization.v2 import authorization_pb2 as _authorization_pb2 from google.protobuf.internal import containers as _containers from google.protobuf import descriptor as _descriptor from google.protobuf import message as _message @@ -10,13 +11,23 @@ from typing import ClassVar as _ClassVar, Optional as _Optional, Union as _Union DESCRIPTOR: _descriptor.FileDescriptor +class DirectEntitlement(_message.Message): + __slots__ = ("attribute_value_fqn", "actions") + ATTRIBUTE_VALUE_FQN_FIELD_NUMBER: _ClassVar[int] + ACTIONS_FIELD_NUMBER: _ClassVar[int] + attribute_value_fqn: str + actions: _containers.RepeatedScalarFieldContainer[str] + def __init__(self, attribute_value_fqn: _Optional[str] = ..., actions: _Optional[_Iterable[str]] = ...) -> None: ... + class EntityRepresentation(_message.Message): - __slots__ = ("original_id", "additional_props") + __slots__ = ("original_id", "additional_props", "direct_entitlements") ORIGINAL_ID_FIELD_NUMBER: _ClassVar[int] ADDITIONAL_PROPS_FIELD_NUMBER: _ClassVar[int] + DIRECT_ENTITLEMENTS_FIELD_NUMBER: _ClassVar[int] original_id: str additional_props: _containers.RepeatedCompositeFieldContainer[_struct_pb2.Struct] - def __init__(self, original_id: _Optional[str] = ..., additional_props: _Optional[_Iterable[_Union[_struct_pb2.Struct, _Mapping]]] = ...) -> None: ... + direct_entitlements: _containers.RepeatedCompositeFieldContainer[DirectEntitlement] + def __init__(self, original_id: _Optional[str] = ..., additional_props: _Optional[_Iterable[_Union[_struct_pb2.Struct, _Mapping]]] = ..., direct_entitlements: _Optional[_Iterable[_Union[DirectEntitlement, _Mapping]]] = ...) -> None: ... class ResolveEntitiesRequest(_message.Message): __slots__ = ("entities",) @@ -43,10 +54,12 @@ class EntityNotFoundError(_message.Message): def __init__(self, code: _Optional[int] = ..., message: _Optional[str] = ..., details: _Optional[_Iterable[_Union[_any_pb2.Any, _Mapping]]] = ..., entity: _Optional[str] = ...) -> None: ... class CreateEntityChainsFromTokensRequest(_message.Message): - __slots__ = ("tokens",) + __slots__ = ("tokens", "resources") TOKENS_FIELD_NUMBER: _ClassVar[int] + RESOURCES_FIELD_NUMBER: _ClassVar[int] tokens: _containers.RepeatedCompositeFieldContainer[_entity_pb2.Token] - def __init__(self, tokens: _Optional[_Iterable[_Union[_entity_pb2.Token, _Mapping]]] = ...) -> None: ... + resources: _containers.RepeatedCompositeFieldContainer[_authorization_pb2.Resource] + def __init__(self, tokens: _Optional[_Iterable[_Union[_entity_pb2.Token, _Mapping]]] = ..., resources: _Optional[_Iterable[_Union[_authorization_pb2.Resource, _Mapping]]] = ...) -> None: ... class CreateEntityChainsFromTokensResponse(_message.Message): __slots__ = ("entity_chains",) diff --git a/otdf-python-proto/src/otdf_python_proto/legacy_grpc/policy/attributes/attributes_pb2_grpc.py b/otdf-python-proto/src/otdf_python_proto/legacy_grpc/policy/attributes/attributes_pb2_grpc.py index 5920319..c720855 100644 --- a/otdf-python-proto/src/otdf_python_proto/legacy_grpc/policy/attributes/attributes_pb2_grpc.py +++ b/otdf-python-proto/src/otdf_python_proto/legacy_grpc/policy/attributes/attributes_pb2_grpc.py @@ -196,25 +196,30 @@ def AssignKeyAccessServerToAttribute(self, request, context): """--------------------------------------* Attribute <> Key Access Server RPCs --------------------------------------- + + Deprecated: utilize AssignPublicKeyToAttribute """ context.set_code(grpc.StatusCode.UNIMPLEMENTED) context.set_details('Method not implemented!') raise NotImplementedError('Method not implemented!') def RemoveKeyAccessServerFromAttribute(self, request, context): - """Missing associated documentation comment in .proto file.""" + """Deprecated: utilize RemovePublicKeyFromAttribute + """ context.set_code(grpc.StatusCode.UNIMPLEMENTED) context.set_details('Method not implemented!') raise NotImplementedError('Method not implemented!') def AssignKeyAccessServerToValue(self, request, context): - """Missing associated documentation comment in .proto file.""" + """Deprecated: utilize AssignPublicKeyToValue + """ context.set_code(grpc.StatusCode.UNIMPLEMENTED) context.set_details('Method not implemented!') raise NotImplementedError('Method not implemented!') def RemoveKeyAccessServerFromValue(self, request, context): - """Missing associated documentation comment in .proto file.""" + """Deprecated: utilize RemovePublicKeyFromValue + """ context.set_code(grpc.StatusCode.UNIMPLEMENTED) context.set_details('Method not implemented!') raise NotImplementedError('Method not implemented!') diff --git a/otdf-python-proto/src/otdf_python_proto/legacy_grpc/policy/namespaces/namespaces_pb2_grpc.py b/otdf-python-proto/src/otdf_python_proto/legacy_grpc/policy/namespaces/namespaces_pb2_grpc.py index 8ddc67d..f2a0684 100644 --- a/otdf-python-proto/src/otdf_python_proto/legacy_grpc/policy/namespaces/namespaces_pb2_grpc.py +++ b/otdf-python-proto/src/otdf_python_proto/legacy_grpc/policy/namespaces/namespaces_pb2_grpc.py @@ -59,6 +59,16 @@ def __init__(self, channel): request_serializer=policy_dot_namespaces_dot_namespaces__pb2.RemovePublicKeyFromNamespaceRequest.SerializeToString, response_deserializer=policy_dot_namespaces_dot_namespaces__pb2.RemovePublicKeyFromNamespaceResponse.FromString, _registered_method=True) + self.AssignCertificateToNamespace = channel.unary_unary( + '/policy.namespaces.NamespaceService/AssignCertificateToNamespace', + request_serializer=policy_dot_namespaces_dot_namespaces__pb2.AssignCertificateToNamespaceRequest.SerializeToString, + response_deserializer=policy_dot_namespaces_dot_namespaces__pb2.AssignCertificateToNamespaceResponse.FromString, + _registered_method=True) + self.RemoveCertificateFromNamespace = channel.unary_unary( + '/policy.namespaces.NamespaceService/RemoveCertificateFromNamespace', + request_serializer=policy_dot_namespaces_dot_namespaces__pb2.RemoveCertificateFromNamespaceRequest.SerializeToString, + response_deserializer=policy_dot_namespaces_dot_namespaces__pb2.RemoveCertificateFromNamespaceResponse.FromString, + _registered_method=True) class NamespaceServiceServicer(object): @@ -98,13 +108,16 @@ def AssignKeyAccessServerToNamespace(self, request, context): """--------------------------------------* Namespace <> Key Access Server RPCs --------------------------------------- + + Deprecated: utilize AssignPublicKeyToNamespace """ context.set_code(grpc.StatusCode.UNIMPLEMENTED) context.set_details('Method not implemented!') raise NotImplementedError('Method not implemented!') def RemoveKeyAccessServerFromNamespace(self, request, context): - """Missing associated documentation comment in .proto file.""" + """Deprecated: utilize RemovePublicKeyFromNamespace + """ context.set_code(grpc.StatusCode.UNIMPLEMENTED) context.set_details('Method not implemented!') raise NotImplementedError('Method not implemented!') @@ -124,6 +137,19 @@ def RemovePublicKeyFromNamespace(self, request, context): context.set_details('Method not implemented!') raise NotImplementedError('Method not implemented!') + def AssignCertificateToNamespace(self, request, context): + """Namespace <> Certificate RPCs + """ + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + + def RemoveCertificateFromNamespace(self, request, context): + """Missing associated documentation comment in .proto file.""" + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + def add_NamespaceServiceServicer_to_server(servicer, server): rpc_method_handlers = { @@ -172,6 +198,16 @@ def add_NamespaceServiceServicer_to_server(servicer, server): request_deserializer=policy_dot_namespaces_dot_namespaces__pb2.RemovePublicKeyFromNamespaceRequest.FromString, response_serializer=policy_dot_namespaces_dot_namespaces__pb2.RemovePublicKeyFromNamespaceResponse.SerializeToString, ), + 'AssignCertificateToNamespace': grpc.unary_unary_rpc_method_handler( + servicer.AssignCertificateToNamespace, + request_deserializer=policy_dot_namespaces_dot_namespaces__pb2.AssignCertificateToNamespaceRequest.FromString, + response_serializer=policy_dot_namespaces_dot_namespaces__pb2.AssignCertificateToNamespaceResponse.SerializeToString, + ), + 'RemoveCertificateFromNamespace': grpc.unary_unary_rpc_method_handler( + servicer.RemoveCertificateFromNamespace, + request_deserializer=policy_dot_namespaces_dot_namespaces__pb2.RemoveCertificateFromNamespaceRequest.FromString, + response_serializer=policy_dot_namespaces_dot_namespaces__pb2.RemoveCertificateFromNamespaceResponse.SerializeToString, + ), } generic_handler = grpc.method_handlers_generic_handler( 'policy.namespaces.NamespaceService', rpc_method_handlers) @@ -425,3 +461,57 @@ def RemovePublicKeyFromNamespace(request, timeout, metadata, _registered_method=True) + + @staticmethod + def AssignCertificateToNamespace(request, + target, + options=(), + channel_credentials=None, + call_credentials=None, + insecure=False, + compression=None, + wait_for_ready=None, + timeout=None, + metadata=None): + return grpc.experimental.unary_unary( + request, + target, + '/policy.namespaces.NamespaceService/AssignCertificateToNamespace', + policy_dot_namespaces_dot_namespaces__pb2.AssignCertificateToNamespaceRequest.SerializeToString, + policy_dot_namespaces_dot_namespaces__pb2.AssignCertificateToNamespaceResponse.FromString, + options, + channel_credentials, + insecure, + call_credentials, + compression, + wait_for_ready, + timeout, + metadata, + _registered_method=True) + + @staticmethod + def RemoveCertificateFromNamespace(request, + target, + options=(), + channel_credentials=None, + call_credentials=None, + insecure=False, + compression=None, + wait_for_ready=None, + timeout=None, + metadata=None): + return grpc.experimental.unary_unary( + request, + target, + '/policy.namespaces.NamespaceService/RemoveCertificateFromNamespace', + policy_dot_namespaces_dot_namespaces__pb2.RemoveCertificateFromNamespaceRequest.SerializeToString, + policy_dot_namespaces_dot_namespaces__pb2.RemoveCertificateFromNamespaceResponse.FromString, + options, + channel_credentials, + insecure, + call_credentials, + compression, + wait_for_ready, + timeout, + metadata, + _registered_method=True) diff --git a/otdf-python-proto/src/otdf_python_proto/legacy_grpc/policy/obligations/obligations_pb2_grpc.py b/otdf-python-proto/src/otdf_python_proto/legacy_grpc/policy/obligations/obligations_pb2_grpc.py index a168e34..957d7ae 100644 --- a/otdf-python-proto/src/otdf_python_proto/legacy_grpc/policy/obligations/obligations_pb2_grpc.py +++ b/otdf-python-proto/src/otdf_python_proto/legacy_grpc/policy/obligations/obligations_pb2_grpc.py @@ -104,6 +104,11 @@ def __init__(self, channel): request_serializer=policy_dot_obligations_dot_obligations__pb2.RemoveObligationTriggerRequest.SerializeToString, response_deserializer=policy_dot_obligations_dot_obligations__pb2.RemoveObligationTriggerResponse.FromString, _registered_method=True) + self.ListObligationTriggers = channel.unary_unary( + '/policy.obligations.Service/ListObligationTriggers', + request_serializer=policy_dot_obligations_dot_obligations__pb2.ListObligationTriggersRequest.SerializeToString, + response_deserializer=policy_dot_obligations_dot_obligations__pb2.ListObligationTriggersResponse.FromString, + _registered_method=True) class ServiceServicer(object): @@ -224,6 +229,12 @@ def RemoveObligationTrigger(self, request, context): context.set_details('Method not implemented!') raise NotImplementedError('Method not implemented!') + def ListObligationTriggers(self, request, context): + """Missing associated documentation comment in .proto file.""" + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + def add_ServiceServicer_to_server(servicer, server): rpc_method_handlers = { @@ -292,6 +303,11 @@ def add_ServiceServicer_to_server(servicer, server): request_deserializer=policy_dot_obligations_dot_obligations__pb2.RemoveObligationTriggerRequest.FromString, response_serializer=policy_dot_obligations_dot_obligations__pb2.RemoveObligationTriggerResponse.SerializeToString, ), + 'ListObligationTriggers': grpc.unary_unary_rpc_method_handler( + servicer.ListObligationTriggers, + request_deserializer=policy_dot_obligations_dot_obligations__pb2.ListObligationTriggersRequest.FromString, + response_serializer=policy_dot_obligations_dot_obligations__pb2.ListObligationTriggersResponse.SerializeToString, + ), } generic_handler = grpc.method_handlers_generic_handler( 'policy.obligations.Service', rpc_method_handlers) @@ -678,3 +694,30 @@ def RemoveObligationTrigger(request, timeout, metadata, _registered_method=True) + + @staticmethod + def ListObligationTriggers(request, + target, + options=(), + channel_credentials=None, + call_credentials=None, + insecure=False, + compression=None, + wait_for_ready=None, + timeout=None, + metadata=None): + return grpc.experimental.unary_unary( + request, + target, + '/policy.obligations.Service/ListObligationTriggers', + policy_dot_obligations_dot_obligations__pb2.ListObligationTriggersRequest.SerializeToString, + policy_dot_obligations_dot_obligations__pb2.ListObligationTriggersResponse.FromString, + options, + channel_credentials, + insecure, + call_credentials, + compression, + wait_for_ready, + timeout, + metadata, + _registered_method=True) diff --git a/otdf-python-proto/src/otdf_python_proto/policy/attributes/attributes_pb2.py b/otdf-python-proto/src/otdf_python_proto/policy/attributes/attributes_pb2.py index 801433a..2db58b3 100644 --- a/otdf-python-proto/src/otdf_python_proto/policy/attributes/attributes_pb2.py +++ b/otdf-python-proto/src/otdf_python_proto/policy/attributes/attributes_pb2.py @@ -25,11 +25,12 @@ from buf.validate import validate_pb2 as buf_dot_validate_dot_validate__pb2 from common import common_pb2 as common_dot_common__pb2 from google.api import annotations_pb2 as google_dot_api_dot_annotations__pb2 +from google.protobuf import wrappers_pb2 as google_dot_protobuf_dot_wrappers__pb2 from policy import objects_pb2 as policy_dot_objects__pb2 from policy import selectors_pb2 as policy_dot_selectors__pb2 -DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\"policy/attributes/attributes.proto\x12\x11policy.attributes\x1a\x1b\x62uf/validate/validate.proto\x1a\x13\x63ommon/common.proto\x1a\x1cgoogle/api/annotations.proto\x1a\x14policy/objects.proto\x1a\x16policy/selectors.proto\"\x86\x01\n\x18\x41ttributeKeyAccessServer\x12+\n\x0c\x61ttribute_id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x0b\x61ttributeId\x12\x39\n\x14key_access_server_id\x18\x02 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x11keyAccessServerId:\x02\x18\x01\"z\n\x14ValueKeyAccessServer\x12#\n\x08value_id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x07valueId\x12\x39\n\x14key_access_server_id\x18\x02 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x11keyAccessServerId:\x02\x18\x01\"b\n\x0c\x41ttributeKey\x12.\n\x0c\x61ttribute_id\x18\x01 \x01(\tB\x0b\xbaH\x08r\x03\xb0\x01\x01\xc8\x01\x01R\x0b\x61ttributeId\x12\"\n\x06key_id\x18\x02 \x01(\tB\x0b\xbaH\x08r\x03\xb0\x01\x01\xc8\x01\x01R\x05keyId\"V\n\x08ValueKey\x12&\n\x08value_id\x18\x01 \x01(\tB\x0b\xbaH\x08r\x03\xb0\x01\x01\xc8\x01\x01R\x07valueId\x12\"\n\x06key_id\x18\x02 \x01(\tB\x0b\xbaH\x08r\x03\xb0\x01\x01\xc8\x01\x01R\x05keyId\"\x99\x01\n\x15ListAttributesRequest\x12-\n\x05state\x18\x01 \x01(\x0e\x32\x17.common.ActiveStateEnumR\x05state\x12\x1c\n\tnamespace\x18\x02 \x01(\tR\tnamespace\x12\x33\n\npagination\x18\n \x01(\x0b\x32\x13.policy.PageRequestR\npagination\"\x81\x01\n\x16ListAttributesResponse\x12\x31\n\nattributes\x18\x01 \x03(\x0b\x32\x11.policy.AttributeR\nattributes\x12\x34\n\npagination\x18\n \x01(\x0b\x32\x14.policy.PageResponseR\npagination\"\xbe\x03\n\x13GetAttributeRequest\x12\x1d\n\x02id\x18\x01 \x01(\tB\r\x18\x01\xbaH\x08r\x03\xb0\x01\x01\xd8\x01\x01R\x02id\x12-\n\x0c\x61ttribute_id\x18\x02 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x0b\x61ttributeId\x12\x1e\n\x03\x66qn\x18\x03 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01H\x00R\x03\x66qn:\xaa\x02\xbaH\xa6\x02\x1a\xa2\x01\n\x10\x65xclusive_fields\x12PEither use deprecated \'id\' field or one of \'attribute_id\' or \'fqn\', but not both\x1a\n\x04rule\x18\x03 \x01(\x0e\x32\x1d.policy.AttributeRuleTypeEnumB\x0b\xbaH\x08\x82\x01\x02\x10\x01\xc8\x01\x01R\x04rule\x12V\n\x06values\x18\x04 \x03(\tB>\xbaH;\x92\x01\x38\x08\x00\x18\x01\"2r0\x18\xfd\x01\x32+^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$R\x06values\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\"J\n\x17\x43reateAttributeResponse\x12/\n\tattribute\x18\x01 \x01(\x0b\x32\x11.policy.AttributeR\tattribute\"\xbd\x01\n\x16UpdateAttributeRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\x12T\n\x18metadata_update_behavior\x18\x65 \x01(\x0e\x32\x1a.common.MetadataUpdateEnumR\x16metadataUpdateBehavior\"J\n\x17UpdateAttributeResponse\x12/\n\tattribute\x18\x01 \x01(\x0b\x32\x11.policy.AttributeR\tattribute\"6\n\x1a\x44\x65\x61\x63tivateAttributeRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\"N\n\x1b\x44\x65\x61\x63tivateAttributeResponse\x12/\n\tattribute\x18\x01 \x01(\x0b\x32\x11.policy.AttributeR\tattribute\"\xab\x03\n\x18GetAttributeValueRequest\x12\x1d\n\x02id\x18\x01 \x01(\tB\r\x18\x01\xbaH\x08r\x03\xb0\x01\x01\xd8\x01\x01R\x02id\x12%\n\x08value_id\x18\x02 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x07valueId\x12\x1e\n\x03\x66qn\x18\x03 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01H\x00R\x03\x66qn:\x9a\x02\xbaH\x96\x02\x1a\x9a\x01\n\x10\x65xclusive_fields\x12LEither use deprecated \'id\' field or one of \'value_id\' or \'fqn\', but not both\x1a\x38!(has(this.id) && (has(this.value_id) || has(this.fqn)))\x1aw\n\x0frequired_fields\x12/Either id or one of value_id or fqn must be set\x1a\x33has(this.id) || has(this.value_id) || has(this.fqn)B\x0c\n\nidentifier\"@\n\x19GetAttributeValueResponse\x12#\n\x05value\x18\x01 \x01(\x0b\x32\r.policy.ValueR\x05value\"\xad\x01\n\x1aListAttributeValuesRequest\x12+\n\x0c\x61ttribute_id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x0b\x61ttributeId\x12-\n\x05state\x18\x02 \x01(\x0e\x32\x17.common.ActiveStateEnumR\x05state\x12\x33\n\npagination\x18\n \x01(\x0b\x32\x13.policy.PageRequestR\npagination\"z\n\x1bListAttributeValuesResponse\x12%\n\x06values\x18\x01 \x03(\x0b\x32\r.policy.ValueR\x06values\x12\x34\n\npagination\x18\n \x01(\x0b\x32\x14.policy.PageResponseR\npagination\"\xc5\x03\n\x1b\x43reateAttributeValueRequest\x12+\n\x0c\x61ttribute_id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x0b\x61ttributeId\x12\xb4\x02\n\x05value\x18\x02 \x01(\tB\x9d\x02\xbaH\x99\x02r\x03\x18\xfd\x01\xba\x01\x8d\x02\n\x16\x61ttribute_value_format\x12\xb5\x01\x41ttribute value must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored attribute value will be normalized to lower case.\x1a;this.matches(\'^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$\')\xc8\x01\x01R\x05value\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadataJ\x04\x08\x03\x10\x04R\x07members\"C\n\x1c\x43reateAttributeValueResponse\x12#\n\x05value\x18\x01 \x01(\x0b\x32\r.policy.ValueR\x05value\"\xd1\x01\n\x1bUpdateAttributeValueRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\x12T\n\x18metadata_update_behavior\x18\x65 \x01(\x0e\x32\x1a.common.MetadataUpdateEnumR\x16metadataUpdateBehaviorJ\x04\x08\x04\x10\x05R\x07members\"C\n\x1cUpdateAttributeValueResponse\x12#\n\x05value\x18\x01 \x01(\x0b\x32\r.policy.ValueR\x05value\";\n\x1f\x44\x65\x61\x63tivateAttributeValueRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\"G\n DeactivateAttributeValueResponse\x12#\n\x05value\x18\x01 \x01(\x0b\x32\r.policy.ValueR\x05value\"\x81\x01\n\x1fGetAttributeValuesByFqnsRequest\x12\x1f\n\x04\x66qns\x18\x01 \x03(\tB\x0b\xbaH\x08\x92\x01\x05\x08\x01\x10\xfa\x01R\x04\x66qns\x12=\n\nwith_value\x18\x02 \x01(\x0b\x32\x1e.policy.AttributeValueSelectorR\twithValue\"\x9b\x03\n GetAttributeValuesByFqnsResponse\x12}\n\x14\x66qn_attribute_values\x18\x01 \x03(\x0b\x32K.policy.attributes.GetAttributeValuesByFqnsResponse.FqnAttributeValuesEntryR\x12\x66qnAttributeValues\x1ai\n\x11\x41ttributeAndValue\x12/\n\tattribute\x18\x01 \x01(\x0b\x32\x11.policy.AttributeR\tattribute\x12#\n\x05value\x18\x02 \x01(\x0b\x32\r.policy.ValueR\x05value\x1a\x8c\x01\n\x17\x46qnAttributeValuesEntry\x12\x10\n\x03key\x18\x01 \x01(\tR\x03key\x12[\n\x05value\x18\x02 \x01(\x0b\x32\x45.policy.attributes.GetAttributeValuesByFqnsResponse.AttributeAndValueR\x05value:\x02\x38\x01\"\x99\x01\n\'AssignKeyAccessServerToAttributeRequest\x12j\n\x1b\x61ttribute_key_access_server\x18\x01 \x01(\x0b\x32+.policy.attributes.AttributeKeyAccessServerR\x18\x61ttributeKeyAccessServer:\x02\x18\x01\"\x9a\x01\n(AssignKeyAccessServerToAttributeResponse\x12j\n\x1b\x61ttribute_key_access_server\x18\x01 \x01(\x0b\x32+.policy.attributes.AttributeKeyAccessServerR\x18\x61ttributeKeyAccessServer:\x02\x18\x01\"\x9b\x01\n)RemoveKeyAccessServerFromAttributeRequest\x12j\n\x1b\x61ttribute_key_access_server\x18\x01 \x01(\x0b\x32+.policy.attributes.AttributeKeyAccessServerR\x18\x61ttributeKeyAccessServer:\x02\x18\x01\"\x9c\x01\n*RemoveKeyAccessServerFromAttributeResponse\x12j\n\x1b\x61ttribute_key_access_server\x18\x01 \x01(\x0b\x32+.policy.attributes.AttributeKeyAccessServerR\x18\x61ttributeKeyAccessServer:\x02\x18\x01\"\x89\x01\n#AssignKeyAccessServerToValueRequest\x12^\n\x17value_key_access_server\x18\x01 \x01(\x0b\x32\'.policy.attributes.ValueKeyAccessServerR\x14valueKeyAccessServer:\x02\x18\x01\"\x8a\x01\n$AssignKeyAccessServerToValueResponse\x12^\n\x17value_key_access_server\x18\x01 \x01(\x0b\x32\'.policy.attributes.ValueKeyAccessServerR\x14valueKeyAccessServer:\x02\x18\x01\"\x8b\x01\n%RemoveKeyAccessServerFromValueRequest\x12^\n\x17value_key_access_server\x18\x01 \x01(\x0b\x32\'.policy.attributes.ValueKeyAccessServerR\x14valueKeyAccessServer:\x02\x18\x01\"\x8c\x01\n&RemoveKeyAccessServerFromValueResponse\x12^\n\x17value_key_access_server\x18\x01 \x01(\x0b\x32\'.policy.attributes.ValueKeyAccessServerR\x14valueKeyAccessServer:\x02\x18\x01\"q\n!AssignPublicKeyToAttributeRequest\x12L\n\rattribute_key\x18\x01 \x01(\x0b\x32\x1f.policy.attributes.AttributeKeyB\x06\xbaH\x03\xc8\x01\x01R\x0c\x61ttributeKey\"j\n\"AssignPublicKeyToAttributeResponse\x12\x44\n\rattribute_key\x18\x01 \x01(\x0b\x32\x1f.policy.attributes.AttributeKeyR\x0c\x61ttributeKey\"s\n#RemovePublicKeyFromAttributeRequest\x12L\n\rattribute_key\x18\x01 \x01(\x0b\x32\x1f.policy.attributes.AttributeKeyB\x06\xbaH\x03\xc8\x01\x01R\x0c\x61ttributeKey\"l\n$RemovePublicKeyFromAttributeResponse\x12\x44\n\rattribute_key\x18\x01 \x01(\x0b\x32\x1f.policy.attributes.AttributeKeyR\x0c\x61ttributeKey\"a\n\x1d\x41ssignPublicKeyToValueRequest\x12@\n\tvalue_key\x18\x01 \x01(\x0b\x32\x1b.policy.attributes.ValueKeyB\x06\xbaH\x03\xc8\x01\x01R\x08valueKey\"Z\n\x1e\x41ssignPublicKeyToValueResponse\x12\x38\n\tvalue_key\x18\x01 \x01(\x0b\x32\x1b.policy.attributes.ValueKeyR\x08valueKey\"c\n\x1fRemovePublicKeyFromValueRequest\x12@\n\tvalue_key\x18\x01 \x01(\x0b\x32\x1b.policy.attributes.ValueKeyB\x06\xbaH\x03\xc8\x01\x01R\x08valueKey\"\\\n RemovePublicKeyFromValueResponse\x12\x38\n\tvalue_key\x18\x01 \x01(\x0b\x32\x1b.policy.attributes.ValueKeyR\x08valueKey2\xf2\x13\n\x11\x41ttributesService\x12j\n\x0eListAttributes\x12(.policy.attributes.ListAttributesRequest\x1a).policy.attributes.ListAttributesResponse\"\x03\x90\x02\x01\x12y\n\x13ListAttributeValues\x12-.policy.attributes.ListAttributeValuesRequest\x1a..policy.attributes.ListAttributeValuesResponse\"\x03\x90\x02\x01\x12\x64\n\x0cGetAttribute\x12&.policy.attributes.GetAttributeRequest\x1a\'.policy.attributes.GetAttributeResponse\"\x03\x90\x02\x01\x12\xa1\x01\n\x18GetAttributeValuesByFqns\x12\x32.policy.attributes.GetAttributeValuesByFqnsRequest\x1a\x33.policy.attributes.GetAttributeValuesByFqnsResponse\"\x1c\x90\x02\x01\x82\xd3\xe4\x93\x02\x13\x12\x11/attributes/*/fqn\x12j\n\x0f\x43reateAttribute\x12).policy.attributes.CreateAttributeRequest\x1a*.policy.attributes.CreateAttributeResponse\"\x00\x12j\n\x0fUpdateAttribute\x12).policy.attributes.UpdateAttributeRequest\x1a*.policy.attributes.UpdateAttributeResponse\"\x00\x12v\n\x13\x44\x65\x61\x63tivateAttribute\x12-.policy.attributes.DeactivateAttributeRequest\x1a..policy.attributes.DeactivateAttributeResponse\"\x00\x12s\n\x11GetAttributeValue\x12+.policy.attributes.GetAttributeValueRequest\x1a,.policy.attributes.GetAttributeValueResponse\"\x03\x90\x02\x01\x12y\n\x14\x43reateAttributeValue\x12..policy.attributes.CreateAttributeValueRequest\x1a/.policy.attributes.CreateAttributeValueResponse\"\x00\x12y\n\x14UpdateAttributeValue\x12..policy.attributes.UpdateAttributeValueRequest\x1a/.policy.attributes.UpdateAttributeValueResponse\"\x00\x12\x85\x01\n\x18\x44\x65\x61\x63tivateAttributeValue\x12\x32.policy.attributes.DeactivateAttributeValueRequest\x1a\x33.policy.attributes.DeactivateAttributeValueResponse\"\x00\x12\xa0\x01\n AssignKeyAccessServerToAttribute\x12:.policy.attributes.AssignKeyAccessServerToAttributeRequest\x1a;.policy.attributes.AssignKeyAccessServerToAttributeResponse\"\x03\x88\x02\x01\x12\xa6\x01\n\"RemoveKeyAccessServerFromAttribute\x12<.policy.attributes.RemoveKeyAccessServerFromAttributeRequest\x1a=.policy.attributes.RemoveKeyAccessServerFromAttributeResponse\"\x03\x88\x02\x01\x12\x94\x01\n\x1c\x41ssignKeyAccessServerToValue\x12\x36.policy.attributes.AssignKeyAccessServerToValueRequest\x1a\x37.policy.attributes.AssignKeyAccessServerToValueResponse\"\x03\x88\x02\x01\x12\x9a\x01\n\x1eRemoveKeyAccessServerFromValue\x12\x38.policy.attributes.RemoveKeyAccessServerFromValueRequest\x1a\x39.policy.attributes.RemoveKeyAccessServerFromValueResponse\"\x03\x88\x02\x01\x12\x8b\x01\n\x1a\x41ssignPublicKeyToAttribute\x12\x34.policy.attributes.AssignPublicKeyToAttributeRequest\x1a\x35.policy.attributes.AssignPublicKeyToAttributeResponse\"\x00\x12\x91\x01\n\x1cRemovePublicKeyFromAttribute\x12\x36.policy.attributes.RemovePublicKeyFromAttributeRequest\x1a\x37.policy.attributes.RemovePublicKeyFromAttributeResponse\"\x00\x12\x7f\n\x16\x41ssignPublicKeyToValue\x12\x30.policy.attributes.AssignPublicKeyToValueRequest\x1a\x31.policy.attributes.AssignPublicKeyToValueResponse\"\x00\x12\x85\x01\n\x18RemovePublicKeyFromValue\x12\x32.policy.attributes.RemovePublicKeyFromValueRequest\x1a\x33.policy.attributes.RemovePublicKeyFromValueResponse\"\x00\x42\x8d\x01\n\x15\x63om.policy.attributesB\x0f\x41ttributesProtoP\x01\xa2\x02\x03PAX\xaa\x02\x11Policy.Attributes\xca\x02\x11Policy\\Attributes\xe2\x02\x1dPolicy\\Attributes\\GPBMetadata\xea\x02\x12Policy::Attributesb\x06proto3') +DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\"policy/attributes/attributes.proto\x12\x11policy.attributes\x1a\x1b\x62uf/validate/validate.proto\x1a\x13\x63ommon/common.proto\x1a\x1cgoogle/api/annotations.proto\x1a\x1egoogle/protobuf/wrappers.proto\x1a\x14policy/objects.proto\x1a\x16policy/selectors.proto\"\x86\x01\n\x18\x41ttributeKeyAccessServer\x12+\n\x0c\x61ttribute_id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x0b\x61ttributeId\x12\x39\n\x14key_access_server_id\x18\x02 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x11keyAccessServerId:\x02\x18\x01\"z\n\x14ValueKeyAccessServer\x12#\n\x08value_id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x07valueId\x12\x39\n\x14key_access_server_id\x18\x02 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x11keyAccessServerId:\x02\x18\x01\"b\n\x0c\x41ttributeKey\x12.\n\x0c\x61ttribute_id\x18\x01 \x01(\tB\x0b\xbaH\x08r\x03\xb0\x01\x01\xc8\x01\x01R\x0b\x61ttributeId\x12\"\n\x06key_id\x18\x02 \x01(\tB\x0b\xbaH\x08r\x03\xb0\x01\x01\xc8\x01\x01R\x05keyId\"V\n\x08ValueKey\x12&\n\x08value_id\x18\x01 \x01(\tB\x0b\xbaH\x08r\x03\xb0\x01\x01\xc8\x01\x01R\x07valueId\x12\"\n\x06key_id\x18\x02 \x01(\tB\x0b\xbaH\x08r\x03\xb0\x01\x01\xc8\x01\x01R\x05keyId\"\x99\x01\n\x15ListAttributesRequest\x12-\n\x05state\x18\x01 \x01(\x0e\x32\x17.common.ActiveStateEnumR\x05state\x12\x1c\n\tnamespace\x18\x02 \x01(\tR\tnamespace\x12\x33\n\npagination\x18\n \x01(\x0b\x32\x13.policy.PageRequestR\npagination\"\x81\x01\n\x16ListAttributesResponse\x12\x31\n\nattributes\x18\x01 \x03(\x0b\x32\x11.policy.AttributeR\nattributes\x12\x34\n\npagination\x18\n \x01(\x0b\x32\x14.policy.PageResponseR\npagination\"\xbe\x03\n\x13GetAttributeRequest\x12\x1d\n\x02id\x18\x01 \x01(\tB\r\x18\x01\xbaH\x08r\x03\xb0\x01\x01\xd8\x01\x01R\x02id\x12-\n\x0c\x61ttribute_id\x18\x02 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x0b\x61ttributeId\x12\x1e\n\x03\x66qn\x18\x03 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01H\x00R\x03\x66qn:\xaa\x02\xbaH\xa6\x02\x1a\xa2\x01\n\x10\x65xclusive_fields\x12PEither use deprecated \'id\' field or one of \'attribute_id\' or \'fqn\', but not both\x1a\n\x04rule\x18\x03 \x01(\x0e\x32\x1d.policy.AttributeRuleTypeEnumB\x0b\xbaH\x08\x82\x01\x02\x10\x01\xc8\x01\x01R\x04rule\x12V\n\x06values\x18\x04 \x03(\tB>\xbaH;\x92\x01\x38\x08\x00\x18\x01\"2r0\x18\xfd\x01\x32+^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$R\x06values\x12\x43\n\x0f\x61llow_traversal\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.BoolValueR\x0e\x61llowTraversal\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\"J\n\x17\x43reateAttributeResponse\x12/\n\tattribute\x18\x01 \x01(\x0b\x32\x11.policy.AttributeR\tattribute\"\xbd\x01\n\x16UpdateAttributeRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\x12T\n\x18metadata_update_behavior\x18\x65 \x01(\x0e\x32\x1a.common.MetadataUpdateEnumR\x16metadataUpdateBehavior\"J\n\x17UpdateAttributeResponse\x12/\n\tattribute\x18\x01 \x01(\x0b\x32\x11.policy.AttributeR\tattribute\"6\n\x1a\x44\x65\x61\x63tivateAttributeRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\"N\n\x1b\x44\x65\x61\x63tivateAttributeResponse\x12/\n\tattribute\x18\x01 \x01(\x0b\x32\x11.policy.AttributeR\tattribute\"\xab\x03\n\x18GetAttributeValueRequest\x12\x1d\n\x02id\x18\x01 \x01(\tB\r\x18\x01\xbaH\x08r\x03\xb0\x01\x01\xd8\x01\x01R\x02id\x12%\n\x08value_id\x18\x02 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x07valueId\x12\x1e\n\x03\x66qn\x18\x03 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01H\x00R\x03\x66qn:\x9a\x02\xbaH\x96\x02\x1a\x9a\x01\n\x10\x65xclusive_fields\x12LEither use deprecated \'id\' field or one of \'value_id\' or \'fqn\', but not both\x1a\x38!(has(this.id) && (has(this.value_id) || has(this.fqn)))\x1aw\n\x0frequired_fields\x12/Either id or one of value_id or fqn must be set\x1a\x33has(this.id) || has(this.value_id) || has(this.fqn)B\x0c\n\nidentifier\"@\n\x19GetAttributeValueResponse\x12#\n\x05value\x18\x01 \x01(\x0b\x32\r.policy.ValueR\x05value\"\xad\x01\n\x1aListAttributeValuesRequest\x12+\n\x0c\x61ttribute_id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x0b\x61ttributeId\x12-\n\x05state\x18\x02 \x01(\x0e\x32\x17.common.ActiveStateEnumR\x05state\x12\x33\n\npagination\x18\n \x01(\x0b\x32\x13.policy.PageRequestR\npagination\"z\n\x1bListAttributeValuesResponse\x12%\n\x06values\x18\x01 \x03(\x0b\x32\r.policy.ValueR\x06values\x12\x34\n\npagination\x18\n \x01(\x0b\x32\x14.policy.PageResponseR\npagination\"\xc5\x03\n\x1b\x43reateAttributeValueRequest\x12+\n\x0c\x61ttribute_id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x0b\x61ttributeId\x12\xb4\x02\n\x05value\x18\x02 \x01(\tB\x9d\x02\xbaH\x99\x02r\x03\x18\xfd\x01\xba\x01\x8d\x02\n\x16\x61ttribute_value_format\x12\xb5\x01\x41ttribute value must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored attribute value will be normalized to lower case.\x1a;this.matches(\'^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$\')\xc8\x01\x01R\x05value\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadataJ\x04\x08\x03\x10\x04R\x07members\"C\n\x1c\x43reateAttributeValueResponse\x12#\n\x05value\x18\x01 \x01(\x0b\x32\r.policy.ValueR\x05value\"\xd1\x01\n\x1bUpdateAttributeValueRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\x12T\n\x18metadata_update_behavior\x18\x65 \x01(\x0e\x32\x1a.common.MetadataUpdateEnumR\x16metadataUpdateBehaviorJ\x04\x08\x04\x10\x05R\x07members\"C\n\x1cUpdateAttributeValueResponse\x12#\n\x05value\x18\x01 \x01(\x0b\x32\r.policy.ValueR\x05value\";\n\x1f\x44\x65\x61\x63tivateAttributeValueRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\"G\n DeactivateAttributeValueResponse\x12#\n\x05value\x18\x01 \x01(\x0b\x32\r.policy.ValueR\x05value\"T\n\x1fGetAttributeValuesByFqnsRequest\x12\x1f\n\x04\x66qns\x18\x01 \x03(\tB\x0b\xbaH\x08\x92\x01\x05\x08\x01\x10\xfa\x01R\x04\x66qnsJ\x04\x08\x02\x10\x03R\nwith_value\"\x9b\x03\n GetAttributeValuesByFqnsResponse\x12}\n\x14\x66qn_attribute_values\x18\x01 \x03(\x0b\x32K.policy.attributes.GetAttributeValuesByFqnsResponse.FqnAttributeValuesEntryR\x12\x66qnAttributeValues\x1ai\n\x11\x41ttributeAndValue\x12/\n\tattribute\x18\x01 \x01(\x0b\x32\x11.policy.AttributeR\tattribute\x12#\n\x05value\x18\x02 \x01(\x0b\x32\r.policy.ValueR\x05value\x1a\x8c\x01\n\x17\x46qnAttributeValuesEntry\x12\x10\n\x03key\x18\x01 \x01(\tR\x03key\x12[\n\x05value\x18\x02 \x01(\x0b\x32\x45.policy.attributes.GetAttributeValuesByFqnsResponse.AttributeAndValueR\x05value:\x02\x38\x01\"\x99\x01\n\'AssignKeyAccessServerToAttributeRequest\x12j\n\x1b\x61ttribute_key_access_server\x18\x01 \x01(\x0b\x32+.policy.attributes.AttributeKeyAccessServerR\x18\x61ttributeKeyAccessServer:\x02\x18\x01\"\x9a\x01\n(AssignKeyAccessServerToAttributeResponse\x12j\n\x1b\x61ttribute_key_access_server\x18\x01 \x01(\x0b\x32+.policy.attributes.AttributeKeyAccessServerR\x18\x61ttributeKeyAccessServer:\x02\x18\x01\"\x9b\x01\n)RemoveKeyAccessServerFromAttributeRequest\x12j\n\x1b\x61ttribute_key_access_server\x18\x01 \x01(\x0b\x32+.policy.attributes.AttributeKeyAccessServerR\x18\x61ttributeKeyAccessServer:\x02\x18\x01\"\x9c\x01\n*RemoveKeyAccessServerFromAttributeResponse\x12j\n\x1b\x61ttribute_key_access_server\x18\x01 \x01(\x0b\x32+.policy.attributes.AttributeKeyAccessServerR\x18\x61ttributeKeyAccessServer:\x02\x18\x01\"\x89\x01\n#AssignKeyAccessServerToValueRequest\x12^\n\x17value_key_access_server\x18\x01 \x01(\x0b\x32\'.policy.attributes.ValueKeyAccessServerR\x14valueKeyAccessServer:\x02\x18\x01\"\x8a\x01\n$AssignKeyAccessServerToValueResponse\x12^\n\x17value_key_access_server\x18\x01 \x01(\x0b\x32\'.policy.attributes.ValueKeyAccessServerR\x14valueKeyAccessServer:\x02\x18\x01\"\x8b\x01\n%RemoveKeyAccessServerFromValueRequest\x12^\n\x17value_key_access_server\x18\x01 \x01(\x0b\x32\'.policy.attributes.ValueKeyAccessServerR\x14valueKeyAccessServer:\x02\x18\x01\"\x8c\x01\n&RemoveKeyAccessServerFromValueResponse\x12^\n\x17value_key_access_server\x18\x01 \x01(\x0b\x32\'.policy.attributes.ValueKeyAccessServerR\x14valueKeyAccessServer:\x02\x18\x01\"q\n!AssignPublicKeyToAttributeRequest\x12L\n\rattribute_key\x18\x01 \x01(\x0b\x32\x1f.policy.attributes.AttributeKeyB\x06\xbaH\x03\xc8\x01\x01R\x0c\x61ttributeKey\"j\n\"AssignPublicKeyToAttributeResponse\x12\x44\n\rattribute_key\x18\x01 \x01(\x0b\x32\x1f.policy.attributes.AttributeKeyR\x0c\x61ttributeKey\"s\n#RemovePublicKeyFromAttributeRequest\x12L\n\rattribute_key\x18\x01 \x01(\x0b\x32\x1f.policy.attributes.AttributeKeyB\x06\xbaH\x03\xc8\x01\x01R\x0c\x61ttributeKey\"l\n$RemovePublicKeyFromAttributeResponse\x12\x44\n\rattribute_key\x18\x01 \x01(\x0b\x32\x1f.policy.attributes.AttributeKeyR\x0c\x61ttributeKey\"a\n\x1d\x41ssignPublicKeyToValueRequest\x12@\n\tvalue_key\x18\x01 \x01(\x0b\x32\x1b.policy.attributes.ValueKeyB\x06\xbaH\x03\xc8\x01\x01R\x08valueKey\"Z\n\x1e\x41ssignPublicKeyToValueResponse\x12\x38\n\tvalue_key\x18\x01 \x01(\x0b\x32\x1b.policy.attributes.ValueKeyR\x08valueKey\"c\n\x1fRemovePublicKeyFromValueRequest\x12@\n\tvalue_key\x18\x01 \x01(\x0b\x32\x1b.policy.attributes.ValueKeyB\x06\xbaH\x03\xc8\x01\x01R\x08valueKey\"\\\n RemovePublicKeyFromValueResponse\x12\x38\n\tvalue_key\x18\x01 \x01(\x0b\x32\x1b.policy.attributes.ValueKeyR\x08valueKey2\xf2\x13\n\x11\x41ttributesService\x12j\n\x0eListAttributes\x12(.policy.attributes.ListAttributesRequest\x1a).policy.attributes.ListAttributesResponse\"\x03\x90\x02\x01\x12y\n\x13ListAttributeValues\x12-.policy.attributes.ListAttributeValuesRequest\x1a..policy.attributes.ListAttributeValuesResponse\"\x03\x90\x02\x01\x12\x64\n\x0cGetAttribute\x12&.policy.attributes.GetAttributeRequest\x1a\'.policy.attributes.GetAttributeResponse\"\x03\x90\x02\x01\x12\xa1\x01\n\x18GetAttributeValuesByFqns\x12\x32.policy.attributes.GetAttributeValuesByFqnsRequest\x1a\x33.policy.attributes.GetAttributeValuesByFqnsResponse\"\x1c\x90\x02\x01\x82\xd3\xe4\x93\x02\x13\x12\x11/attributes/*/fqn\x12j\n\x0f\x43reateAttribute\x12).policy.attributes.CreateAttributeRequest\x1a*.policy.attributes.CreateAttributeResponse\"\x00\x12j\n\x0fUpdateAttribute\x12).policy.attributes.UpdateAttributeRequest\x1a*.policy.attributes.UpdateAttributeResponse\"\x00\x12v\n\x13\x44\x65\x61\x63tivateAttribute\x12-.policy.attributes.DeactivateAttributeRequest\x1a..policy.attributes.DeactivateAttributeResponse\"\x00\x12s\n\x11GetAttributeValue\x12+.policy.attributes.GetAttributeValueRequest\x1a,.policy.attributes.GetAttributeValueResponse\"\x03\x90\x02\x01\x12y\n\x14\x43reateAttributeValue\x12..policy.attributes.CreateAttributeValueRequest\x1a/.policy.attributes.CreateAttributeValueResponse\"\x00\x12y\n\x14UpdateAttributeValue\x12..policy.attributes.UpdateAttributeValueRequest\x1a/.policy.attributes.UpdateAttributeValueResponse\"\x00\x12\x85\x01\n\x18\x44\x65\x61\x63tivateAttributeValue\x12\x32.policy.attributes.DeactivateAttributeValueRequest\x1a\x33.policy.attributes.DeactivateAttributeValueResponse\"\x00\x12\xa0\x01\n AssignKeyAccessServerToAttribute\x12:.policy.attributes.AssignKeyAccessServerToAttributeRequest\x1a;.policy.attributes.AssignKeyAccessServerToAttributeResponse\"\x03\x88\x02\x01\x12\xa6\x01\n\"RemoveKeyAccessServerFromAttribute\x12<.policy.attributes.RemoveKeyAccessServerFromAttributeRequest\x1a=.policy.attributes.RemoveKeyAccessServerFromAttributeResponse\"\x03\x88\x02\x01\x12\x94\x01\n\x1c\x41ssignKeyAccessServerToValue\x12\x36.policy.attributes.AssignKeyAccessServerToValueRequest\x1a\x37.policy.attributes.AssignKeyAccessServerToValueResponse\"\x03\x88\x02\x01\x12\x9a\x01\n\x1eRemoveKeyAccessServerFromValue\x12\x38.policy.attributes.RemoveKeyAccessServerFromValueRequest\x1a\x39.policy.attributes.RemoveKeyAccessServerFromValueResponse\"\x03\x88\x02\x01\x12\x8b\x01\n\x1a\x41ssignPublicKeyToAttribute\x12\x34.policy.attributes.AssignPublicKeyToAttributeRequest\x1a\x35.policy.attributes.AssignPublicKeyToAttributeResponse\"\x00\x12\x91\x01\n\x1cRemovePublicKeyFromAttribute\x12\x36.policy.attributes.RemovePublicKeyFromAttributeRequest\x1a\x37.policy.attributes.RemovePublicKeyFromAttributeResponse\"\x00\x12\x7f\n\x16\x41ssignPublicKeyToValue\x12\x30.policy.attributes.AssignPublicKeyToValueRequest\x1a\x31.policy.attributes.AssignPublicKeyToValueResponse\"\x00\x12\x85\x01\n\x18RemovePublicKeyFromValue\x12\x32.policy.attributes.RemovePublicKeyFromValueRequest\x1a\x33.policy.attributes.RemovePublicKeyFromValueResponse\"\x00\x42\x8d\x01\n\x15\x63om.policy.attributesB\x0f\x41ttributesProtoP\x01\xa2\x02\x03PAX\xaa\x02\x11Policy.Attributes\xca\x02\x11Policy\\Attributes\xe2\x02\x1dPolicy\\Attributes\\GPBMetadata\xea\x02\x12Policy::Attributesb\x06proto3') _globals = globals() _builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals) @@ -141,94 +142,94 @@ _globals['_ATTRIBUTESSERVICE'].methods_by_name['AssignKeyAccessServerToValue']._serialized_options = b'\210\002\001' _globals['_ATTRIBUTESSERVICE'].methods_by_name['RemoveKeyAccessServerFromValue']._loaded_options = None _globals['_ATTRIBUTESSERVICE'].methods_by_name['RemoveKeyAccessServerFromValue']._serialized_options = b'\210\002\001' - _globals['_ATTRIBUTEKEYACCESSSERVER']._serialized_start=184 - _globals['_ATTRIBUTEKEYACCESSSERVER']._serialized_end=318 - _globals['_VALUEKEYACCESSSERVER']._serialized_start=320 - _globals['_VALUEKEYACCESSSERVER']._serialized_end=442 - _globals['_ATTRIBUTEKEY']._serialized_start=444 - _globals['_ATTRIBUTEKEY']._serialized_end=542 - _globals['_VALUEKEY']._serialized_start=544 - _globals['_VALUEKEY']._serialized_end=630 - _globals['_LISTATTRIBUTESREQUEST']._serialized_start=633 - _globals['_LISTATTRIBUTESREQUEST']._serialized_end=786 - _globals['_LISTATTRIBUTESRESPONSE']._serialized_start=789 - _globals['_LISTATTRIBUTESRESPONSE']._serialized_end=918 - _globals['_GETATTRIBUTEREQUEST']._serialized_start=921 - _globals['_GETATTRIBUTEREQUEST']._serialized_end=1367 - _globals['_GETATTRIBUTERESPONSE']._serialized_start=1369 - _globals['_GETATTRIBUTERESPONSE']._serialized_end=1440 - _globals['_CREATEATTRIBUTEREQUEST']._serialized_start=1443 - _globals['_CREATEATTRIBUTEREQUEST']._serialized_end=2023 - _globals['_CREATEATTRIBUTERESPONSE']._serialized_start=2025 - _globals['_CREATEATTRIBUTERESPONSE']._serialized_end=2099 - _globals['_UPDATEATTRIBUTEREQUEST']._serialized_start=2102 - _globals['_UPDATEATTRIBUTEREQUEST']._serialized_end=2291 - _globals['_UPDATEATTRIBUTERESPONSE']._serialized_start=2293 - _globals['_UPDATEATTRIBUTERESPONSE']._serialized_end=2367 - _globals['_DEACTIVATEATTRIBUTEREQUEST']._serialized_start=2369 - _globals['_DEACTIVATEATTRIBUTEREQUEST']._serialized_end=2423 - _globals['_DEACTIVATEATTRIBUTERESPONSE']._serialized_start=2425 - _globals['_DEACTIVATEATTRIBUTERESPONSE']._serialized_end=2503 - _globals['_GETATTRIBUTEVALUEREQUEST']._serialized_start=2506 - _globals['_GETATTRIBUTEVALUEREQUEST']._serialized_end=2933 - _globals['_GETATTRIBUTEVALUERESPONSE']._serialized_start=2935 - _globals['_GETATTRIBUTEVALUERESPONSE']._serialized_end=2999 - _globals['_LISTATTRIBUTEVALUESREQUEST']._serialized_start=3002 - _globals['_LISTATTRIBUTEVALUESREQUEST']._serialized_end=3175 - _globals['_LISTATTRIBUTEVALUESRESPONSE']._serialized_start=3177 - _globals['_LISTATTRIBUTEVALUESRESPONSE']._serialized_end=3299 - _globals['_CREATEATTRIBUTEVALUEREQUEST']._serialized_start=3302 - _globals['_CREATEATTRIBUTEVALUEREQUEST']._serialized_end=3755 - _globals['_CREATEATTRIBUTEVALUERESPONSE']._serialized_start=3757 - _globals['_CREATEATTRIBUTEVALUERESPONSE']._serialized_end=3824 - _globals['_UPDATEATTRIBUTEVALUEREQUEST']._serialized_start=3827 - _globals['_UPDATEATTRIBUTEVALUEREQUEST']._serialized_end=4036 - _globals['_UPDATEATTRIBUTEVALUERESPONSE']._serialized_start=4038 - _globals['_UPDATEATTRIBUTEVALUERESPONSE']._serialized_end=4105 - _globals['_DEACTIVATEATTRIBUTEVALUEREQUEST']._serialized_start=4107 - _globals['_DEACTIVATEATTRIBUTEVALUEREQUEST']._serialized_end=4166 - _globals['_DEACTIVATEATTRIBUTEVALUERESPONSE']._serialized_start=4168 - _globals['_DEACTIVATEATTRIBUTEVALUERESPONSE']._serialized_end=4239 - _globals['_GETATTRIBUTEVALUESBYFQNSREQUEST']._serialized_start=4242 - _globals['_GETATTRIBUTEVALUESBYFQNSREQUEST']._serialized_end=4371 - _globals['_GETATTRIBUTEVALUESBYFQNSRESPONSE']._serialized_start=4374 - _globals['_GETATTRIBUTEVALUESBYFQNSRESPONSE']._serialized_end=4785 - _globals['_GETATTRIBUTEVALUESBYFQNSRESPONSE_ATTRIBUTEANDVALUE']._serialized_start=4537 - _globals['_GETATTRIBUTEVALUESBYFQNSRESPONSE_ATTRIBUTEANDVALUE']._serialized_end=4642 - _globals['_GETATTRIBUTEVALUESBYFQNSRESPONSE_FQNATTRIBUTEVALUESENTRY']._serialized_start=4645 - _globals['_GETATTRIBUTEVALUESBYFQNSRESPONSE_FQNATTRIBUTEVALUESENTRY']._serialized_end=4785 - _globals['_ASSIGNKEYACCESSSERVERTOATTRIBUTEREQUEST']._serialized_start=4788 - _globals['_ASSIGNKEYACCESSSERVERTOATTRIBUTEREQUEST']._serialized_end=4941 - _globals['_ASSIGNKEYACCESSSERVERTOATTRIBUTERESPONSE']._serialized_start=4944 - _globals['_ASSIGNKEYACCESSSERVERTOATTRIBUTERESPONSE']._serialized_end=5098 - _globals['_REMOVEKEYACCESSSERVERFROMATTRIBUTEREQUEST']._serialized_start=5101 - _globals['_REMOVEKEYACCESSSERVERFROMATTRIBUTEREQUEST']._serialized_end=5256 - _globals['_REMOVEKEYACCESSSERVERFROMATTRIBUTERESPONSE']._serialized_start=5259 - _globals['_REMOVEKEYACCESSSERVERFROMATTRIBUTERESPONSE']._serialized_end=5415 - _globals['_ASSIGNKEYACCESSSERVERTOVALUEREQUEST']._serialized_start=5418 - _globals['_ASSIGNKEYACCESSSERVERTOVALUEREQUEST']._serialized_end=5555 - _globals['_ASSIGNKEYACCESSSERVERTOVALUERESPONSE']._serialized_start=5558 - _globals['_ASSIGNKEYACCESSSERVERTOVALUERESPONSE']._serialized_end=5696 - _globals['_REMOVEKEYACCESSSERVERFROMVALUEREQUEST']._serialized_start=5699 - _globals['_REMOVEKEYACCESSSERVERFROMVALUEREQUEST']._serialized_end=5838 - _globals['_REMOVEKEYACCESSSERVERFROMVALUERESPONSE']._serialized_start=5841 - _globals['_REMOVEKEYACCESSSERVERFROMVALUERESPONSE']._serialized_end=5981 - _globals['_ASSIGNPUBLICKEYTOATTRIBUTEREQUEST']._serialized_start=5983 - _globals['_ASSIGNPUBLICKEYTOATTRIBUTEREQUEST']._serialized_end=6096 - _globals['_ASSIGNPUBLICKEYTOATTRIBUTERESPONSE']._serialized_start=6098 - _globals['_ASSIGNPUBLICKEYTOATTRIBUTERESPONSE']._serialized_end=6204 - _globals['_REMOVEPUBLICKEYFROMATTRIBUTEREQUEST']._serialized_start=6206 - _globals['_REMOVEPUBLICKEYFROMATTRIBUTEREQUEST']._serialized_end=6321 - _globals['_REMOVEPUBLICKEYFROMATTRIBUTERESPONSE']._serialized_start=6323 - _globals['_REMOVEPUBLICKEYFROMATTRIBUTERESPONSE']._serialized_end=6431 - _globals['_ASSIGNPUBLICKEYTOVALUEREQUEST']._serialized_start=6433 - _globals['_ASSIGNPUBLICKEYTOVALUEREQUEST']._serialized_end=6530 - _globals['_ASSIGNPUBLICKEYTOVALUERESPONSE']._serialized_start=6532 - _globals['_ASSIGNPUBLICKEYTOVALUERESPONSE']._serialized_end=6622 - _globals['_REMOVEPUBLICKEYFROMVALUEREQUEST']._serialized_start=6624 - _globals['_REMOVEPUBLICKEYFROMVALUEREQUEST']._serialized_end=6723 - _globals['_REMOVEPUBLICKEYFROMVALUERESPONSE']._serialized_start=6725 - _globals['_REMOVEPUBLICKEYFROMVALUERESPONSE']._serialized_end=6817 - _globals['_ATTRIBUTESSERVICE']._serialized_start=6820 - _globals['_ATTRIBUTESSERVICE']._serialized_end=9366 + _globals['_ATTRIBUTEKEYACCESSSERVER']._serialized_start=216 + _globals['_ATTRIBUTEKEYACCESSSERVER']._serialized_end=350 + _globals['_VALUEKEYACCESSSERVER']._serialized_start=352 + _globals['_VALUEKEYACCESSSERVER']._serialized_end=474 + _globals['_ATTRIBUTEKEY']._serialized_start=476 + _globals['_ATTRIBUTEKEY']._serialized_end=574 + _globals['_VALUEKEY']._serialized_start=576 + _globals['_VALUEKEY']._serialized_end=662 + _globals['_LISTATTRIBUTESREQUEST']._serialized_start=665 + _globals['_LISTATTRIBUTESREQUEST']._serialized_end=818 + _globals['_LISTATTRIBUTESRESPONSE']._serialized_start=821 + _globals['_LISTATTRIBUTESRESPONSE']._serialized_end=950 + _globals['_GETATTRIBUTEREQUEST']._serialized_start=953 + _globals['_GETATTRIBUTEREQUEST']._serialized_end=1399 + _globals['_GETATTRIBUTERESPONSE']._serialized_start=1401 + _globals['_GETATTRIBUTERESPONSE']._serialized_end=1472 + _globals['_CREATEATTRIBUTEREQUEST']._serialized_start=1475 + _globals['_CREATEATTRIBUTEREQUEST']._serialized_end=2124 + _globals['_CREATEATTRIBUTERESPONSE']._serialized_start=2126 + _globals['_CREATEATTRIBUTERESPONSE']._serialized_end=2200 + _globals['_UPDATEATTRIBUTEREQUEST']._serialized_start=2203 + _globals['_UPDATEATTRIBUTEREQUEST']._serialized_end=2392 + _globals['_UPDATEATTRIBUTERESPONSE']._serialized_start=2394 + _globals['_UPDATEATTRIBUTERESPONSE']._serialized_end=2468 + _globals['_DEACTIVATEATTRIBUTEREQUEST']._serialized_start=2470 + _globals['_DEACTIVATEATTRIBUTEREQUEST']._serialized_end=2524 + _globals['_DEACTIVATEATTRIBUTERESPONSE']._serialized_start=2526 + _globals['_DEACTIVATEATTRIBUTERESPONSE']._serialized_end=2604 + _globals['_GETATTRIBUTEVALUEREQUEST']._serialized_start=2607 + _globals['_GETATTRIBUTEVALUEREQUEST']._serialized_end=3034 + _globals['_GETATTRIBUTEVALUERESPONSE']._serialized_start=3036 + _globals['_GETATTRIBUTEVALUERESPONSE']._serialized_end=3100 + _globals['_LISTATTRIBUTEVALUESREQUEST']._serialized_start=3103 + _globals['_LISTATTRIBUTEVALUESREQUEST']._serialized_end=3276 + _globals['_LISTATTRIBUTEVALUESRESPONSE']._serialized_start=3278 + _globals['_LISTATTRIBUTEVALUESRESPONSE']._serialized_end=3400 + _globals['_CREATEATTRIBUTEVALUEREQUEST']._serialized_start=3403 + _globals['_CREATEATTRIBUTEVALUEREQUEST']._serialized_end=3856 + _globals['_CREATEATTRIBUTEVALUERESPONSE']._serialized_start=3858 + _globals['_CREATEATTRIBUTEVALUERESPONSE']._serialized_end=3925 + _globals['_UPDATEATTRIBUTEVALUEREQUEST']._serialized_start=3928 + _globals['_UPDATEATTRIBUTEVALUEREQUEST']._serialized_end=4137 + _globals['_UPDATEATTRIBUTEVALUERESPONSE']._serialized_start=4139 + _globals['_UPDATEATTRIBUTEVALUERESPONSE']._serialized_end=4206 + _globals['_DEACTIVATEATTRIBUTEVALUEREQUEST']._serialized_start=4208 + _globals['_DEACTIVATEATTRIBUTEVALUEREQUEST']._serialized_end=4267 + _globals['_DEACTIVATEATTRIBUTEVALUERESPONSE']._serialized_start=4269 + _globals['_DEACTIVATEATTRIBUTEVALUERESPONSE']._serialized_end=4340 + _globals['_GETATTRIBUTEVALUESBYFQNSREQUEST']._serialized_start=4342 + _globals['_GETATTRIBUTEVALUESBYFQNSREQUEST']._serialized_end=4426 + _globals['_GETATTRIBUTEVALUESBYFQNSRESPONSE']._serialized_start=4429 + _globals['_GETATTRIBUTEVALUESBYFQNSRESPONSE']._serialized_end=4840 + _globals['_GETATTRIBUTEVALUESBYFQNSRESPONSE_ATTRIBUTEANDVALUE']._serialized_start=4592 + _globals['_GETATTRIBUTEVALUESBYFQNSRESPONSE_ATTRIBUTEANDVALUE']._serialized_end=4697 + _globals['_GETATTRIBUTEVALUESBYFQNSRESPONSE_FQNATTRIBUTEVALUESENTRY']._serialized_start=4700 + _globals['_GETATTRIBUTEVALUESBYFQNSRESPONSE_FQNATTRIBUTEVALUESENTRY']._serialized_end=4840 + _globals['_ASSIGNKEYACCESSSERVERTOATTRIBUTEREQUEST']._serialized_start=4843 + _globals['_ASSIGNKEYACCESSSERVERTOATTRIBUTEREQUEST']._serialized_end=4996 + _globals['_ASSIGNKEYACCESSSERVERTOATTRIBUTERESPONSE']._serialized_start=4999 + _globals['_ASSIGNKEYACCESSSERVERTOATTRIBUTERESPONSE']._serialized_end=5153 + _globals['_REMOVEKEYACCESSSERVERFROMATTRIBUTEREQUEST']._serialized_start=5156 + _globals['_REMOVEKEYACCESSSERVERFROMATTRIBUTEREQUEST']._serialized_end=5311 + _globals['_REMOVEKEYACCESSSERVERFROMATTRIBUTERESPONSE']._serialized_start=5314 + _globals['_REMOVEKEYACCESSSERVERFROMATTRIBUTERESPONSE']._serialized_end=5470 + _globals['_ASSIGNKEYACCESSSERVERTOVALUEREQUEST']._serialized_start=5473 + _globals['_ASSIGNKEYACCESSSERVERTOVALUEREQUEST']._serialized_end=5610 + _globals['_ASSIGNKEYACCESSSERVERTOVALUERESPONSE']._serialized_start=5613 + _globals['_ASSIGNKEYACCESSSERVERTOVALUERESPONSE']._serialized_end=5751 + _globals['_REMOVEKEYACCESSSERVERFROMVALUEREQUEST']._serialized_start=5754 + _globals['_REMOVEKEYACCESSSERVERFROMVALUEREQUEST']._serialized_end=5893 + _globals['_REMOVEKEYACCESSSERVERFROMVALUERESPONSE']._serialized_start=5896 + _globals['_REMOVEKEYACCESSSERVERFROMVALUERESPONSE']._serialized_end=6036 + _globals['_ASSIGNPUBLICKEYTOATTRIBUTEREQUEST']._serialized_start=6038 + _globals['_ASSIGNPUBLICKEYTOATTRIBUTEREQUEST']._serialized_end=6151 + _globals['_ASSIGNPUBLICKEYTOATTRIBUTERESPONSE']._serialized_start=6153 + _globals['_ASSIGNPUBLICKEYTOATTRIBUTERESPONSE']._serialized_end=6259 + _globals['_REMOVEPUBLICKEYFROMATTRIBUTEREQUEST']._serialized_start=6261 + _globals['_REMOVEPUBLICKEYFROMATTRIBUTEREQUEST']._serialized_end=6376 + _globals['_REMOVEPUBLICKEYFROMATTRIBUTERESPONSE']._serialized_start=6378 + _globals['_REMOVEPUBLICKEYFROMATTRIBUTERESPONSE']._serialized_end=6486 + _globals['_ASSIGNPUBLICKEYTOVALUEREQUEST']._serialized_start=6488 + _globals['_ASSIGNPUBLICKEYTOVALUEREQUEST']._serialized_end=6585 + _globals['_ASSIGNPUBLICKEYTOVALUERESPONSE']._serialized_start=6587 + _globals['_ASSIGNPUBLICKEYTOVALUERESPONSE']._serialized_end=6677 + _globals['_REMOVEPUBLICKEYFROMVALUEREQUEST']._serialized_start=6679 + _globals['_REMOVEPUBLICKEYFROMVALUEREQUEST']._serialized_end=6778 + _globals['_REMOVEPUBLICKEYFROMVALUERESPONSE']._serialized_start=6780 + _globals['_REMOVEPUBLICKEYFROMVALUERESPONSE']._serialized_end=6872 + _globals['_ATTRIBUTESSERVICE']._serialized_start=6875 + _globals['_ATTRIBUTESSERVICE']._serialized_end=9421 # @@protoc_insertion_point(module_scope) diff --git a/otdf-python-proto/src/otdf_python_proto/policy/attributes/attributes_pb2.pyi b/otdf-python-proto/src/otdf_python_proto/policy/attributes/attributes_pb2.pyi index 5eadf6c..23a0123 100644 --- a/otdf-python-proto/src/otdf_python_proto/policy/attributes/attributes_pb2.pyi +++ b/otdf-python-proto/src/otdf_python_proto/policy/attributes/attributes_pb2.pyi @@ -1,6 +1,7 @@ from buf.validate import validate_pb2 as _validate_pb2 from common import common_pb2 as _common_pb2 from google.api import annotations_pb2 as _annotations_pb2 +from google.protobuf import wrappers_pb2 as _wrappers_pb2 from policy import objects_pb2 as _objects_pb2 from policy import selectors_pb2 as _selectors_pb2 from google.protobuf.internal import containers as _containers @@ -78,18 +79,20 @@ class GetAttributeResponse(_message.Message): def __init__(self, attribute: _Optional[_Union[_objects_pb2.Attribute, _Mapping]] = ...) -> None: ... class CreateAttributeRequest(_message.Message): - __slots__ = ("namespace_id", "name", "rule", "values", "metadata") + __slots__ = ("namespace_id", "name", "rule", "values", "allow_traversal", "metadata") NAMESPACE_ID_FIELD_NUMBER: _ClassVar[int] NAME_FIELD_NUMBER: _ClassVar[int] RULE_FIELD_NUMBER: _ClassVar[int] VALUES_FIELD_NUMBER: _ClassVar[int] + ALLOW_TRAVERSAL_FIELD_NUMBER: _ClassVar[int] METADATA_FIELD_NUMBER: _ClassVar[int] namespace_id: str name: str rule: _objects_pb2.AttributeRuleTypeEnum values: _containers.RepeatedScalarFieldContainer[str] + allow_traversal: _wrappers_pb2.BoolValue metadata: _common_pb2.MetadataMutable - def __init__(self, namespace_id: _Optional[str] = ..., name: _Optional[str] = ..., rule: _Optional[_Union[_objects_pb2.AttributeRuleTypeEnum, str]] = ..., values: _Optional[_Iterable[str]] = ..., metadata: _Optional[_Union[_common_pb2.MetadataMutable, _Mapping]] = ...) -> None: ... + def __init__(self, namespace_id: _Optional[str] = ..., name: _Optional[str] = ..., rule: _Optional[_Union[_objects_pb2.AttributeRuleTypeEnum, str]] = ..., values: _Optional[_Iterable[str]] = ..., allow_traversal: _Optional[_Union[_wrappers_pb2.BoolValue, _Mapping]] = ..., metadata: _Optional[_Union[_common_pb2.MetadataMutable, _Mapping]] = ...) -> None: ... class CreateAttributeResponse(_message.Message): __slots__ = ("attribute",) @@ -204,12 +207,10 @@ class DeactivateAttributeValueResponse(_message.Message): def __init__(self, value: _Optional[_Union[_objects_pb2.Value, _Mapping]] = ...) -> None: ... class GetAttributeValuesByFqnsRequest(_message.Message): - __slots__ = ("fqns", "with_value") + __slots__ = ("fqns",) FQNS_FIELD_NUMBER: _ClassVar[int] - WITH_VALUE_FIELD_NUMBER: _ClassVar[int] fqns: _containers.RepeatedScalarFieldContainer[str] - with_value: _selectors_pb2.AttributeValueSelector - def __init__(self, fqns: _Optional[_Iterable[str]] = ..., with_value: _Optional[_Union[_selectors_pb2.AttributeValueSelector, _Mapping]] = ...) -> None: ... + def __init__(self, fqns: _Optional[_Iterable[str]] = ...) -> None: ... class GetAttributeValuesByFqnsResponse(_message.Message): __slots__ = ("fqn_attribute_values",) diff --git a/otdf-python-proto/src/otdf_python_proto/policy/kasregistry/key_access_server_registry_pb2.py b/otdf-python-proto/src/otdf_python_proto/policy/kasregistry/key_access_server_registry_pb2.py index b53307d..82db3cc 100644 --- a/otdf-python-proto/src/otdf_python_proto/policy/kasregistry/key_access_server_registry_pb2.py +++ b/otdf-python-proto/src/otdf_python_proto/policy/kasregistry/key_access_server_registry_pb2.py @@ -29,7 +29,7 @@ from policy import selectors_pb2 as policy_dot_selectors__pb2 -DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n3policy/kasregistry/key_access_server_registry.proto\x12\x12policy.kasregistry\x1a\x1b\x62uf/validate/validate.proto\x1a\x13\x63ommon/common.proto\x1a\x1cgoogle/api/annotations.proto\x1a\x14policy/objects.proto\x1a\x16policy/selectors.proto\"\xe4\x03\n\x19GetKeyAccessServerRequest\x12\x1d\n\x02id\x18\x01 \x01(\tB\r\x18\x01\xbaH\x08r\x03\xb0\x01\x01\xd8\x01\x01R\x02id\x12!\n\x06kas_id\x18\x02 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x05kasId\x12\x1d\n\x04name\x18\x03 \x01(\tB\x07\xbaH\x04r\x02\x10\x01H\x00R\x04name\x12\x1e\n\x03uri\x18\x04 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01H\x00R\x03uri:\xb7\x02\xbaH\xb3\x02\x1a\xa8\x01\n\x10\x65xclusive_fields\x12JEither use deprecated \'id\' field or one of \'kas_id\' or \'uri\', but not both\x1aH!(has(this.id) && (has(this.kas_id) || has(this.uri) || has(this.name)))\x1a\x85\x01\n\x0frequired_fields\x12-Either id or one of kas_id or uri must be set\x1a\x43has(this.id) || has(this.kas_id) || has(this.uri) || has(this.name)B\x0c\n\nidentifier\"a\n\x1aGetKeyAccessServerResponse\x12\x43\n\x11key_access_server\x18\x01 \x01(\x0b\x32\x17.policy.KeyAccessServerR\x0fkeyAccessServer\"R\n\x1bListKeyAccessServersRequest\x12\x33\n\npagination\x18\n \x01(\x0b\x32\x13.policy.PageRequestR\npagination\"\x9b\x01\n\x1cListKeyAccessServersResponse\x12\x45\n\x12key_access_servers\x18\x01 \x03(\x0b\x32\x17.policy.KeyAccessServerR\x10keyAccessServers\x12\x34\n\npagination\x18\n \x01(\x0b\x32\x14.policy.PageResponseR\npagination\"\x95\x06\n\x1c\x43reateKeyAccessServerRequest\x12\x87\x02\n\x03uri\x18\x01 \x01(\tB\xf4\x01\xbaH\xf0\x01\xba\x01\xec\x01\n\nuri_format\x12\xcf\x01URI must be a valid URL (e.g., \'https://demo.com/\') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.\x1a\x0cthis.isUri()R\x03uri\x12\x30\n\npublic_key\x18\x02 \x01(\x0b\x32\x11.policy.PublicKeyR\tpublicKey\x12@\n\x0bsource_type\x18\x03 \x01(\x0e\x32\x12.policy.SourceTypeB\x0b\xbaH\x08\x82\x01\x02\x10\x01\xc8\x01\x00R\nsourceType\x12\xc1\x02\n\x04name\x18\x14 \x01(\tB\xac\x02\xbaH\xa8\x02r\x03\x18\xfd\x01\xba\x01\x9c\x02\n\x0fkas_name_format\x12\xb3\x01Registered KAS name must be an alphanumeric string, allowing hyphens, and underscores but not as the first or last character. The stored KAS name will be normalized to lower case.\x1aSsize(this) > 0 ? this.matches(\'^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$\') : true\xc8\x01\x00R\x04name\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\"d\n\x1d\x43reateKeyAccessServerResponse\x12\x43\n\x11key_access_server\x18\x01 \x01(\x0b\x32\x17.policy.KeyAccessServerR\x0fkeyAccessServer\"\xa5\x07\n\x1cUpdateKeyAccessServerRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\xac\x02\n\x03uri\x18\x02 \x01(\tB\x99\x02\xbaH\x95\x02\xba\x01\x91\x02\n\x13optional_uri_format\x12\xd8\x01Optional URI must be a valid URL (e.g., \'https://demo.com/\') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.\x1a\x1fsize(this) == 0 || this.isUri()R\x03uri\x12\x30\n\npublic_key\x18\x03 \x01(\x0b\x32\x11.policy.PublicKeyR\tpublicKey\x12@\n\x0bsource_type\x18\x04 \x01(\x0e\x32\x12.policy.SourceTypeB\x0b\xbaH\x08\x82\x01\x02\x10\x01\xc8\x01\x00R\nsourceType\x12\xbc\x02\n\x04name\x18\x14 \x01(\tB\xa7\x02\xbaH\xa3\x02r\x03\x18\xfd\x01\xba\x01\x97\x02\n\x0fkas_name_format\x12\xb3\x01Registered KAS name must be an alphanumeric string, allowing hyphens, and underscores but not as the first or last character. The stored KAS name will be normalized to lower case.\x1aNsize(this) == 0 || this.matches(\'^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$\')\xc8\x01\x00R\x04name\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\x12T\n\x18metadata_update_behavior\x18\x65 \x01(\x0e\x32\x1a.common.MetadataUpdateEnumR\x16metadataUpdateBehavior\"d\n\x1dUpdateKeyAccessServerResponse\x12\x43\n\x11key_access_server\x18\x01 \x01(\x0b\x32\x17.policy.KeyAccessServerR\x0fkeyAccessServer\"8\n\x1c\x44\x65leteKeyAccessServerRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\"d\n\x1d\x44\x65leteKeyAccessServerResponse\x12\x43\n\x11key_access_server\x18\x01 \x01(\x0b\x32\x17.policy.KeyAccessServerR\x0fkeyAccessServer\"7\n\x13GrantedPolicyObject\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x10\n\x03\x66qn\x18\x02 \x01(\tR\x03\x66qn\"\xd0\x02\n\x15KeyAccessServerGrants\x12\x43\n\x11key_access_server\x18\x01 \x01(\x0b\x32\x17.policy.KeyAccessServerR\x0fkeyAccessServer\x12R\n\x10namespace_grants\x18\x02 \x03(\x0b\x32\'.policy.kasregistry.GrantedPolicyObjectR\x0fnamespaceGrants\x12R\n\x10\x61ttribute_grants\x18\x03 \x03(\x0b\x32\'.policy.kasregistry.GrantedPolicyObjectR\x0f\x61ttributeGrants\x12J\n\x0cvalue_grants\x18\x04 \x03(\x0b\x32\'.policy.kasregistry.GrantedPolicyObjectR\x0bvalueGrants\"\x9e\x01\n\x16\x43reatePublicKeyRequest\x12\x1f\n\x06kas_id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x05kasId\x12.\n\x03key\x18\x02 \x01(\x0b\x32\x14.policy.KasPublicKeyB\x06\xbaH\x03\xc8\x01\x01R\x03key\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\"8\n\x17\x43reatePublicKeyResponse\x12\x1d\n\x03key\x18\x01 \x01(\x0b\x32\x0b.policy.KeyR\x03key\"?\n\x13GetPublicKeyRequest\x12\x1a\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x02idB\x0c\n\nidentifier\"5\n\x14GetPublicKeyResponse\x12\x1d\n\x03key\x18\x01 \x01(\x0b\x32\x0b.policy.KeyR\x03key\"\xca\x01\n\x15ListPublicKeysRequest\x12!\n\x06kas_id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x05kasId\x12$\n\x08kas_name\x18\x02 \x01(\tB\x07\xbaH\x04r\x02\x10\x01H\x00R\x07kasName\x12%\n\x07kas_uri\x18\x03 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01H\x00R\x06kasUri\x12\x33\n\npagination\x18\n \x01(\x0b\x32\x13.policy.PageRequestR\npaginationB\x0c\n\nkas_filter\"o\n\x16ListPublicKeysResponse\x12\x1f\n\x04keys\x18\x01 \x03(\x0b\x32\x0b.policy.KeyR\x04keys\x12\x34\n\npagination\x18\n \x01(\x0b\x32\x14.policy.PageResponseR\npagination\"\x81\x02\n\x1bListPublicKeyMappingRequest\x12!\n\x06kas_id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x05kasId\x12$\n\x08kas_name\x18\x02 \x01(\tB\x07\xbaH\x04r\x02\x10\x01H\x00R\x07kasName\x12%\n\x07kas_uri\x18\x03 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01H\x00R\x06kasUri\x12/\n\rpublic_key_id\x18\x04 \x01(\tB\x0b\xbaH\x08r\x03\xb0\x01\x01\xd8\x01\x01R\x0bpublicKeyId\x12\x33\n\npagination\x18\n \x01(\x0b\x32\x13.policy.PageRequestR\npaginationB\x0c\n\nkas_filter\"\xf6\x05\n\x1cListPublicKeyMappingResponse\x12q\n\x13public_key_mappings\x18\x01 \x03(\x0b\x32\x41.policy.kasregistry.ListPublicKeyMappingResponse.PublicKeyMappingR\x11publicKeyMappings\x12\x34\n\npagination\x18\n \x01(\x0b\x32\x14.policy.PageResponseR\npagination\x1a\xba\x01\n\x10PublicKeyMapping\x12\x15\n\x06kas_id\x18\x02 \x01(\tR\x05kasId\x12\x19\n\x08kas_name\x18\x03 \x01(\tR\x07kasName\x12\x17\n\x07kas_uri\x18\x04 \x01(\tR\x06kasUri\x12[\n\x0bpublic_keys\x18\x05 \x03(\x0b\x32:.policy.kasregistry.ListPublicKeyMappingResponse.PublicKeyR\npublicKeys\x1a\xbe\x02\n\tPublicKey\x12\x1d\n\x03key\x18\x01 \x01(\x0b\x32\x0b.policy.KeyR\x03key\x12T\n\x06values\x18\x06 \x03(\x0b\x32<.policy.kasregistry.ListPublicKeyMappingResponse.AssociationR\x06values\x12^\n\x0b\x64\x65\x66initions\x18\x07 \x03(\x0b\x32<.policy.kasregistry.ListPublicKeyMappingResponse.AssociationR\x0b\x64\x65\x66initions\x12\\\n\nnamespaces\x18\x08 \x03(\x0b\x32<.policy.kasregistry.ListPublicKeyMappingResponse.AssociationR\nnamespaces\x1a/\n\x0b\x41ssociation\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x10\n\x03\x66qn\x18\x02 \x01(\tR\x03\x66qn\"\xbd\x01\n\x16UpdatePublicKeyRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\x12T\n\x18metadata_update_behavior\x18\x65 \x01(\x0e\x32\x1a.common.MetadataUpdateEnumR\x16metadataUpdateBehavior\"8\n\x17UpdatePublicKeyResponse\x12\x1d\n\x03key\x18\x01 \x01(\x0b\x32\x0b.policy.KeyR\x03key\"6\n\x1a\x44\x65\x61\x63tivatePublicKeyRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\"<\n\x1b\x44\x65\x61\x63tivatePublicKeyResponse\x12\x1d\n\x03key\x18\x01 \x01(\x0b\x32\x0b.policy.KeyR\x03key\"4\n\x18\x41\x63tivatePublicKeyRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\":\n\x19\x41\x63tivatePublicKeyResponse\x12\x1d\n\x03key\x18\x01 \x01(\x0b\x32\x0b.policy.KeyR\x03key\"\xa5\x07\n ListKeyAccessServerGrantsRequest\x12\xcb\x01\n\x06kas_id\x18\x01 \x01(\tB\xb3\x01\xbaH\xaf\x01\xba\x01\xab\x01\n\x14optional_uuid_format\x12#Optional field must be a valid UUID\x1ansize(this) == 0 || this.matches(\'[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\')R\x05kasId\x12\xb3\x02\n\x07kas_uri\x18\x02 \x01(\tB\x99\x02\xbaH\x95\x02\xba\x01\x91\x02\n\x13optional_uri_format\x12\xd8\x01Optional URI must be a valid URL (e.g., \'https://demo.com/\') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.\x1a\x1fsize(this) == 0 || this.isUri()R\x06kasUri\x12\xc3\x02\n\x08kas_name\x18\x03 \x01(\tB\xa7\x02\xbaH\xa3\x02r\x03\x18\xfd\x01\xba\x01\x97\x02\n\x0fkas_name_format\x12\xb3\x01Registered KAS name must be an alphanumeric string, allowing hyphens, and underscores but not as the first or last character. The stored KAS name will be normalized to lower case.\x1aNsize(this) == 0 || this.matches(\'^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$\')\xc8\x01\x00R\x07kasName\x12\x33\n\npagination\x18\n \x01(\x0b\x32\x13.policy.PageRequestR\npagination:\x02\x18\x01\"\xa4\x01\n!ListKeyAccessServerGrantsResponse\x12\x45\n\x06grants\x18\x01 \x03(\x0b\x32).policy.kasregistry.KeyAccessServerGrantsB\x02\x18\x01R\x06grants\x12\x34\n\npagination\x18\n \x01(\x0b\x32\x14.policy.PageResponseR\npagination:\x02\x18\x01\"\xb4\x0c\n\x10\x43reateKeyRequest\x12\x1f\n\x06kas_id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x05kasId\x12\x1e\n\x06key_id\x18\x02 \x01(\tB\x07\xbaH\x04r\x02\x10\x01R\x05keyId\x12\xa4\x01\n\rkey_algorithm\x18\x03 \x01(\x0e\x32\x11.policy.AlgorithmBl\xbaHi\xba\x01\x66\n\x15key_algorithm_defined\x12\x34The key_algorithm must be one of the defined values.\x1a\x17this in [1, 2, 3, 4, 5]R\x0ckeyAlgorithm\x12\x93\x01\n\x08key_mode\x18\x04 \x01(\x0e\x32\x0f.policy.KeyModeBg\xbaHd\xba\x01\x61\n\x10key_mode_defined\x12\x35The key_mode must be one of the defined values (1-4).\x1a\x16this >= 1 && this <= 4R\x07keyMode\x12\x42\n\x0epublic_key_ctx\x18\x05 \x01(\x0b\x32\x14.policy.PublicKeyCtxB\x06\xbaH\x03\xc8\x01\x01R\x0cpublicKeyCtx\x12=\n\x0fprivate_key_ctx\x18\x06 \x01(\x0b\x32\x15.policy.PrivateKeyCtxR\rprivateKeyCtx\x12,\n\x12provider_config_id\x18\x07 \x01(\tR\x10providerConfigId\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata:\xbb\x07\xbaH\xb7\x07\x1a\x97\x03\n#private_key_ctx_optionally_required\x12\xbc\x01The wrapped_key is required if key_mode is KEY_MODE_CONFIG_ROOT_KEY or KEY_MODE_PROVIDER_ROOT_KEY. The wrapped_key must be empty if key_mode is KEY_MODE_REMOTE or KEY_MODE_PUBLIC_KEY_ONLY.\x1a\xb0\x01((this.key_mode == 1 || this.key_mode == 2) && this.private_key_ctx.wrapped_key != \'\') || ((this.key_mode == 3 || this.key_mode == 4) && this.private_key_ctx.wrapped_key == \'\')\x1a\xf4\x02\n&provider_config_id_optionally_required\x12\xa8\x01Provider config id is required if key_mode is KEY_MODE_PROVIDER_ROOT_KEY or KEY_MODE_REMOTE. It must be empty for KEY_MODE_CONFIG_ROOT_KEY and KEY_MODE_PUBLIC_KEY_ONLY.\x1a\x9e\x01((this.key_mode == 1 || this.key_mode == 4) && this.provider_config_id == \'\') || ((this.key_mode == 2 || this.key_mode == 3) && this.provider_config_id != \'\')\x1a\xa3\x01\n#private_key_ctx_for_public_key_only\x12Hprivate_key_ctx must not be set if key_mode is KEY_MODE_PUBLIC_KEY_ONLY.\x1a\x32!(this.key_mode == 4 && has(this.private_key_ctx))\"<\n\x11\x43reateKeyResponse\x12\'\n\x07kas_key\x18\x01 \x01(\x0b\x32\x0e.policy.KasKeyR\x06kasKey\"z\n\rGetKeyRequest\x12\x1a\n\x02id\x18\x02 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x02id\x12\x38\n\x03key\x18\x03 \x01(\x0b\x32$.policy.kasregistry.KasKeyIdentifierH\x00R\x03keyB\x13\n\nidentifier\x12\x05\xbaH\x02\x08\x01\"9\n\x0eGetKeyResponse\x12\'\n\x07kas_key\x18\x01 \x01(\x0b\x32\x0e.policy.KasKeyR\x06kasKey\"\xee\x02\n\x0fListKeysRequest\x12\xa7\x01\n\rkey_algorithm\x18\x01 \x01(\x0e\x32\x11.policy.AlgorithmBo\xbaHl\xba\x01i\n\x15key_algorithm_defined\x12\x34The key_algorithm must be one of the defined values.\x1a\x1athis in [0, 1, 2, 3, 4, 5]R\x0ckeyAlgorithm\x12!\n\x06kas_id\x18\x02 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x05kasId\x12$\n\x08kas_name\x18\x03 \x01(\tB\x07\xbaH\x04r\x02\x10\x01H\x00R\x07kasName\x12%\n\x07kas_uri\x18\x04 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01H\x00R\x06kasUri\x12\x33\n\npagination\x18\n \x01(\x0b\x32\x13.policy.PageRequestR\npaginationB\x0c\n\nkas_filter\"s\n\x10ListKeysResponse\x12)\n\x08kas_keys\x18\x01 \x03(\x0b\x32\x0e.policy.KasKeyR\x07kasKeys\x12\x34\n\npagination\x18\n \x01(\x0b\x32\x14.policy.PageResponseR\npagination\"\x86\x03\n\x10UpdateKeyRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\x12T\n\x18metadata_update_behavior\x18\x65 \x01(\x0e\x32\x1a.common.MetadataUpdateEnumR\x16metadataUpdateBehavior:\xcc\x01\xbaH\xc8\x01\x1a\xc5\x01\n\x18metadata_update_behavior\x12RMetadata update behavior must be either APPEND or REPLACE, when updating metadata.\x1aU((!has(this.metadata)) || (has(this.metadata) && this.metadata_update_behavior != 0))\"<\n\x11UpdateKeyResponse\x12\'\n\x07kas_key\x18\x01 \x01(\x0b\x32\x0e.policy.KasKeyR\x06kasKey\"\xa4\x01\n\x10KasKeyIdentifier\x12!\n\x06kas_id\x18\x02 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x05kasId\x12\x1d\n\x04name\x18\x03 \x01(\tB\x07\xbaH\x04r\x02\x10\x01H\x00R\x04name\x12\x1e\n\x03uri\x18\x04 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01H\x00R\x03uri\x12\x19\n\x03kid\x18\x05 \x01(\tB\x07\xbaH\x04r\x02\x10\x01R\x03kidB\x13\n\nidentifier\x12\x05\xbaH\x02\x08\x01\"\xe5\x0e\n\x10RotateKeyRequest\x12\x1a\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x02id\x12\x38\n\x03key\x18\x02 \x01(\x0b\x32$.policy.kasregistry.KasKeyIdentifierH\x00R\x03key\x12\x44\n\x07new_key\x18\x03 \x01(\x0b\x32+.policy.kasregistry.RotateKeyRequest.NewKeyR\x06newKey\x1a\xcf\x04\n\x06NewKey\x12\x1e\n\x06key_id\x18\x01 \x01(\tB\x07\xbaH\x04r\x02\x10\x01R\x05keyId\x12\x9d\x01\n\talgorithm\x18\x02 \x01(\x0e\x32\x11.policy.AlgorithmBl\xbaHi\xba\x01\x66\n\x15key_algorithm_defined\x12\x34The key_algorithm must be one of the defined values.\x1a\x17this in [1, 2, 3, 4, 5]R\talgorithm\x12\x9e\x01\n\x08key_mode\x18\x03 \x01(\x0e\x32\x0f.policy.KeyModeBr\xbaHo\x82\x01\x02\x10\x01\xba\x01g\n\x14new_key_mode_defined\x12\x39The new key_mode must be one of the defined values (1-4).\x1a\x14this in [1, 2, 3, 4]R\x07keyMode\x12\x42\n\x0epublic_key_ctx\x18\x04 \x01(\x0b\x32\x14.policy.PublicKeyCtxB\x06\xbaH\x03\xc8\x01\x01R\x0cpublicKeyCtx\x12=\n\x0fprivate_key_ctx\x18\x05 \x01(\x0b\x32\x15.policy.PrivateKeyCtxR\rprivateKeyCtx\x12,\n\x12provider_config_id\x18\x06 \x01(\tR\x10providerConfigId\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata:\xcd\x08\xbaH\xc9\x08\x1a\xd8\x03\n#private_key_ctx_optionally_required\x12\xcd\x01\x46or the new key, the wrapped_key is required if key_mode is KEY_MODE_CONFIG_ROOT_KEY or KEY_MODE_PROVIDER_ROOT_KEY. The wrapped_key must be empty if key_mode is KEY_MODE_REMOTE or KEY_MODE_PUBLIC_KEY_ONLY.\x1a\xe0\x01((this.new_key.key_mode == 1 || this.new_key.key_mode == 2) && this.new_key.private_key_ctx.wrapped_key != \'\') || ((this.new_key.key_mode == 3 || this.new_key.key_mode == 4) && this.new_key.private_key_ctx.wrapped_key == \'\')\x1a\xb5\x03\n&provider_config_id_optionally_required\x12\xb9\x01\x46or the new key, provider config id is required if key_mode is KEY_MODE_PROVIDER_ROOT_KEY or KEY_MODE_REMOTE. It must be empty for KEY_MODE_CONFIG_ROOT_KEY and KEY_MODE_PUBLIC_KEY_ONLY.\x1a\xce\x01((this.new_key.key_mode == 1 || this.new_key.key_mode == 4) && this.new_key.provider_config_id == \'\') || ((this.new_key.key_mode == 2 || this.new_key.key_mode == 3) && this.new_key.provider_config_id != \'\')\x1a\xb3\x01\n#private_key_ctx_for_public_key_only\x12Hprivate_key_ctx must not be set if key_mode is KEY_MODE_PUBLIC_KEY_ONLY.\x1a\x42!(this.new_key.key_mode == 4 && has(this.new_key.private_key_ctx))B\x13\n\nactive_key\x12\x05\xbaH\x02\x08\x01\"2\n\x0e\x43hangeMappings\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x10\n\x03\x66qn\x18\x02 \x01(\tR\x03\x66qn\"\xe3\x02\n\x10RotatedResources\x12\x36\n\x0frotated_out_key\x18\x01 \x01(\x0b\x32\x0e.policy.KasKeyR\rrotatedOutKey\x12\x66\n\x1d\x61ttribute_definition_mappings\x18\x02 \x03(\x0b\x32\".policy.kasregistry.ChangeMappingsR\x1b\x61ttributeDefinitionMappings\x12\\\n\x18\x61ttribute_value_mappings\x18\x03 \x03(\x0b\x32\".policy.kasregistry.ChangeMappingsR\x16\x61ttributeValueMappings\x12Q\n\x12namespace_mappings\x18\x04 \x03(\x0b\x32\".policy.kasregistry.ChangeMappingsR\x11namespaceMappings\"\x8f\x01\n\x11RotateKeyResponse\x12\'\n\x07kas_key\x18\x01 \x01(\x0b\x32\x0e.policy.KasKeyR\x06kasKey\x12Q\n\x11rotated_resources\x18\x02 \x01(\x0b\x32$.policy.kasregistry.RotatedResourcesR\x10rotatedResources\"~\n\x11SetBaseKeyRequest\x12\x1a\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x02id\x12\x38\n\x03key\x18\x02 \x01(\x0b\x32$.policy.kasregistry.KasKeyIdentifierH\x00R\x03keyB\x13\n\nactive_key\x12\x05\xbaH\x02\x08\x01\"\x13\n\x11GetBaseKeyRequest\"E\n\x12GetBaseKeyResponse\x12/\n\x08\x62\x61se_key\x18\x01 \x01(\x0b\x32\x14.policy.SimpleKasKeyR\x07\x62\x61seKey\"\x8e\x01\n\x12SetBaseKeyResponse\x12\x36\n\x0cnew_base_key\x18\x01 \x01(\x0b\x32\x14.policy.SimpleKasKeyR\nnewBaseKey\x12@\n\x11previous_base_key\x18\x02 \x01(\x0b\x32\x14.policy.SimpleKasKeyR\x0fpreviousBaseKey\"6\n\x12MappedPolicyObject\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x10\n\x03\x66qn\x18\x02 \x01(\tR\x03\x66qn\"\xb4\x02\n\nKeyMapping\x12\x10\n\x03kid\x18\x01 \x01(\tR\x03kid\x12\x17\n\x07kas_uri\x18\x02 \x01(\tR\x06kasUri\x12U\n\x12namespace_mappings\x18\x03 \x03(\x0b\x32&.policy.kasregistry.MappedPolicyObjectR\x11namespaceMappings\x12U\n\x12\x61ttribute_mappings\x18\x04 \x03(\x0b\x32&.policy.kasregistry.MappedPolicyObjectR\x11\x61ttributeMappings\x12M\n\x0evalue_mappings\x18\x05 \x03(\x0b\x32&.policy.kasregistry.MappedPolicyObjectR\rvalueMappings\"\xb8\x01\n\x16ListKeyMappingsRequest\x12\x1a\n\x02id\x18\x02 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x02id\x12\x38\n\x03key\x18\x03 \x01(\x0b\x32$.policy.kasregistry.KasKeyIdentifierH\x00R\x03key\x12\x33\n\npagination\x18\n \x01(\x0b\x32\x13.policy.PageRequestR\npaginationB\x13\n\nidentifier\x12\x05\xbaH\x02\x08\x00\"\x92\x01\n\x17ListKeyMappingsResponse\x12\x41\n\x0ckey_mappings\x18\x01 \x03(\x0b\x32\x1e.policy.kasregistry.KeyMappingR\x0bkeyMappings\x12\x34\n\npagination\x18\n \x01(\x0b\x32\x14.policy.PageResponseR\npagination2\xb5\x0c\n\x1eKeyAccessServerRegistryService\x12\x99\x01\n\x14ListKeyAccessServers\x12/.policy.kasregistry.ListKeyAccessServersRequest\x1a\x30.policy.kasregistry.ListKeyAccessServersResponse\"\x1e\x90\x02\x01\x82\xd3\xe4\x93\x02\x15\x12\x13/key-access-servers\x12x\n\x12GetKeyAccessServer\x12-.policy.kasregistry.GetKeyAccessServerRequest\x1a..policy.kasregistry.GetKeyAccessServerResponse\"\x03\x90\x02\x01\x12~\n\x15\x43reateKeyAccessServer\x12\x30.policy.kasregistry.CreateKeyAccessServerRequest\x1a\x31.policy.kasregistry.CreateKeyAccessServerResponse\"\x00\x12~\n\x15UpdateKeyAccessServer\x12\x30.policy.kasregistry.UpdateKeyAccessServerRequest\x1a\x31.policy.kasregistry.UpdateKeyAccessServerResponse\"\x00\x12~\n\x15\x44\x65leteKeyAccessServer\x12\x30.policy.kasregistry.DeleteKeyAccessServerRequest\x1a\x31.policy.kasregistry.DeleteKeyAccessServerResponse\"\x00\x12\x90\x01\n\x19ListKeyAccessServerGrants\x12\x34.policy.kasregistry.ListKeyAccessServerGrantsRequest\x1a\x35.policy.kasregistry.ListKeyAccessServerGrantsResponse\"\x06\x88\x02\x01\x90\x02\x01\x12Z\n\tCreateKey\x12$.policy.kasregistry.CreateKeyRequest\x1a%.policy.kasregistry.CreateKeyResponse\"\x00\x12Q\n\x06GetKey\x12!.policy.kasregistry.GetKeyRequest\x1a\".policy.kasregistry.GetKeyResponse\"\x00\x12W\n\x08ListKeys\x12#.policy.kasregistry.ListKeysRequest\x1a$.policy.kasregistry.ListKeysResponse\"\x00\x12Z\n\tUpdateKey\x12$.policy.kasregistry.UpdateKeyRequest\x1a%.policy.kasregistry.UpdateKeyResponse\"\x00\x12Z\n\tRotateKey\x12$.policy.kasregistry.RotateKeyRequest\x1a%.policy.kasregistry.RotateKeyResponse\"\x00\x12]\n\nSetBaseKey\x12%.policy.kasregistry.SetBaseKeyRequest\x1a&.policy.kasregistry.SetBaseKeyResponse\"\x00\x12]\n\nGetBaseKey\x12%.policy.kasregistry.GetBaseKeyRequest\x1a&.policy.kasregistry.GetBaseKeyResponse\"\x00\x12l\n\x0fListKeyMappings\x12*.policy.kasregistry.ListKeyMappingsRequest\x1a+.policy.kasregistry.ListKeyMappingsResponse\"\x00\x42\x9f\x01\n\x16\x63om.policy.kasregistryB\x1cKeyAccessServerRegistryProtoP\x01\xa2\x02\x03PKX\xaa\x02\x12Policy.Kasregistry\xca\x02\x12Policy\\Kasregistry\xe2\x02\x1ePolicy\\Kasregistry\\GPBMetadata\xea\x02\x13Policy::Kasregistryb\x06proto3') +DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n3policy/kasregistry/key_access_server_registry.proto\x12\x12policy.kasregistry\x1a\x1b\x62uf/validate/validate.proto\x1a\x13\x63ommon/common.proto\x1a\x1cgoogle/api/annotations.proto\x1a\x14policy/objects.proto\x1a\x16policy/selectors.proto\"\xe4\x03\n\x19GetKeyAccessServerRequest\x12\x1d\n\x02id\x18\x01 \x01(\tB\r\x18\x01\xbaH\x08r\x03\xb0\x01\x01\xd8\x01\x01R\x02id\x12!\n\x06kas_id\x18\x02 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x05kasId\x12\x1d\n\x04name\x18\x03 \x01(\tB\x07\xbaH\x04r\x02\x10\x01H\x00R\x04name\x12\x1e\n\x03uri\x18\x04 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01H\x00R\x03uri:\xb7\x02\xbaH\xb3\x02\x1a\xa8\x01\n\x10\x65xclusive_fields\x12JEither use deprecated \'id\' field or one of \'kas_id\' or \'uri\', but not both\x1aH!(has(this.id) && (has(this.kas_id) || has(this.uri) || has(this.name)))\x1a\x85\x01\n\x0frequired_fields\x12-Either id or one of kas_id or uri must be set\x1a\x43has(this.id) || has(this.kas_id) || has(this.uri) || has(this.name)B\x0c\n\nidentifier\"a\n\x1aGetKeyAccessServerResponse\x12\x43\n\x11key_access_server\x18\x01 \x01(\x0b\x32\x17.policy.KeyAccessServerR\x0fkeyAccessServer\"R\n\x1bListKeyAccessServersRequest\x12\x33\n\npagination\x18\n \x01(\x0b\x32\x13.policy.PageRequestR\npagination\"\x9b\x01\n\x1cListKeyAccessServersResponse\x12\x45\n\x12key_access_servers\x18\x01 \x03(\x0b\x32\x17.policy.KeyAccessServerR\x10keyAccessServers\x12\x34\n\npagination\x18\n \x01(\x0b\x32\x14.policy.PageResponseR\npagination\"\x95\x06\n\x1c\x43reateKeyAccessServerRequest\x12\x87\x02\n\x03uri\x18\x01 \x01(\tB\xf4\x01\xbaH\xf0\x01\xba\x01\xec\x01\n\nuri_format\x12\xcf\x01URI must be a valid URL (e.g., \'https://demo.com/\') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.\x1a\x0cthis.isUri()R\x03uri\x12\x30\n\npublic_key\x18\x02 \x01(\x0b\x32\x11.policy.PublicKeyR\tpublicKey\x12@\n\x0bsource_type\x18\x03 \x01(\x0e\x32\x12.policy.SourceTypeB\x0b\xbaH\x08\x82\x01\x02\x10\x01\xc8\x01\x00R\nsourceType\x12\xc1\x02\n\x04name\x18\x14 \x01(\tB\xac\x02\xbaH\xa8\x02r\x03\x18\xfd\x01\xba\x01\x9c\x02\n\x0fkas_name_format\x12\xb3\x01Registered KAS name must be an alphanumeric string, allowing hyphens, and underscores but not as the first or last character. The stored KAS name will be normalized to lower case.\x1aSsize(this) > 0 ? this.matches(\'^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$\') : true\xc8\x01\x00R\x04name\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\"d\n\x1d\x43reateKeyAccessServerResponse\x12\x43\n\x11key_access_server\x18\x01 \x01(\x0b\x32\x17.policy.KeyAccessServerR\x0fkeyAccessServer\"\xa5\x07\n\x1cUpdateKeyAccessServerRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\xac\x02\n\x03uri\x18\x02 \x01(\tB\x99\x02\xbaH\x95\x02\xba\x01\x91\x02\n\x13optional_uri_format\x12\xd8\x01Optional URI must be a valid URL (e.g., \'https://demo.com/\') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.\x1a\x1fsize(this) == 0 || this.isUri()R\x03uri\x12\x30\n\npublic_key\x18\x03 \x01(\x0b\x32\x11.policy.PublicKeyR\tpublicKey\x12@\n\x0bsource_type\x18\x04 \x01(\x0e\x32\x12.policy.SourceTypeB\x0b\xbaH\x08\x82\x01\x02\x10\x01\xc8\x01\x00R\nsourceType\x12\xbc\x02\n\x04name\x18\x14 \x01(\tB\xa7\x02\xbaH\xa3\x02r\x03\x18\xfd\x01\xba\x01\x97\x02\n\x0fkas_name_format\x12\xb3\x01Registered KAS name must be an alphanumeric string, allowing hyphens, and underscores but not as the first or last character. The stored KAS name will be normalized to lower case.\x1aNsize(this) == 0 || this.matches(\'^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$\')\xc8\x01\x00R\x04name\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\x12T\n\x18metadata_update_behavior\x18\x65 \x01(\x0e\x32\x1a.common.MetadataUpdateEnumR\x16metadataUpdateBehavior\"d\n\x1dUpdateKeyAccessServerResponse\x12\x43\n\x11key_access_server\x18\x01 \x01(\x0b\x32\x17.policy.KeyAccessServerR\x0fkeyAccessServer\"8\n\x1c\x44\x65leteKeyAccessServerRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\"d\n\x1d\x44\x65leteKeyAccessServerResponse\x12\x43\n\x11key_access_server\x18\x01 \x01(\x0b\x32\x17.policy.KeyAccessServerR\x0fkeyAccessServer\"7\n\x13GrantedPolicyObject\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x10\n\x03\x66qn\x18\x02 \x01(\tR\x03\x66qn\"\xd0\x02\n\x15KeyAccessServerGrants\x12\x43\n\x11key_access_server\x18\x01 \x01(\x0b\x32\x17.policy.KeyAccessServerR\x0fkeyAccessServer\x12R\n\x10namespace_grants\x18\x02 \x03(\x0b\x32\'.policy.kasregistry.GrantedPolicyObjectR\x0fnamespaceGrants\x12R\n\x10\x61ttribute_grants\x18\x03 \x03(\x0b\x32\'.policy.kasregistry.GrantedPolicyObjectR\x0f\x61ttributeGrants\x12J\n\x0cvalue_grants\x18\x04 \x03(\x0b\x32\'.policy.kasregistry.GrantedPolicyObjectR\x0bvalueGrants\"\x9e\x01\n\x16\x43reatePublicKeyRequest\x12\x1f\n\x06kas_id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x05kasId\x12.\n\x03key\x18\x02 \x01(\x0b\x32\x14.policy.KasPublicKeyB\x06\xbaH\x03\xc8\x01\x01R\x03key\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\"8\n\x17\x43reatePublicKeyResponse\x12\x1d\n\x03key\x18\x01 \x01(\x0b\x32\x0b.policy.KeyR\x03key\"?\n\x13GetPublicKeyRequest\x12\x1a\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x02idB\x0c\n\nidentifier\"5\n\x14GetPublicKeyResponse\x12\x1d\n\x03key\x18\x01 \x01(\x0b\x32\x0b.policy.KeyR\x03key\"\xca\x01\n\x15ListPublicKeysRequest\x12!\n\x06kas_id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x05kasId\x12$\n\x08kas_name\x18\x02 \x01(\tB\x07\xbaH\x04r\x02\x10\x01H\x00R\x07kasName\x12%\n\x07kas_uri\x18\x03 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01H\x00R\x06kasUri\x12\x33\n\npagination\x18\n \x01(\x0b\x32\x13.policy.PageRequestR\npaginationB\x0c\n\nkas_filter\"o\n\x16ListPublicKeysResponse\x12\x1f\n\x04keys\x18\x01 \x03(\x0b\x32\x0b.policy.KeyR\x04keys\x12\x34\n\npagination\x18\n \x01(\x0b\x32\x14.policy.PageResponseR\npagination\"\x81\x02\n\x1bListPublicKeyMappingRequest\x12!\n\x06kas_id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x05kasId\x12$\n\x08kas_name\x18\x02 \x01(\tB\x07\xbaH\x04r\x02\x10\x01H\x00R\x07kasName\x12%\n\x07kas_uri\x18\x03 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01H\x00R\x06kasUri\x12/\n\rpublic_key_id\x18\x04 \x01(\tB\x0b\xbaH\x08r\x03\xb0\x01\x01\xd8\x01\x01R\x0bpublicKeyId\x12\x33\n\npagination\x18\n \x01(\x0b\x32\x13.policy.PageRequestR\npaginationB\x0c\n\nkas_filter\"\xf6\x05\n\x1cListPublicKeyMappingResponse\x12q\n\x13public_key_mappings\x18\x01 \x03(\x0b\x32\x41.policy.kasregistry.ListPublicKeyMappingResponse.PublicKeyMappingR\x11publicKeyMappings\x12\x34\n\npagination\x18\n \x01(\x0b\x32\x14.policy.PageResponseR\npagination\x1a\xba\x01\n\x10PublicKeyMapping\x12\x15\n\x06kas_id\x18\x02 \x01(\tR\x05kasId\x12\x19\n\x08kas_name\x18\x03 \x01(\tR\x07kasName\x12\x17\n\x07kas_uri\x18\x04 \x01(\tR\x06kasUri\x12[\n\x0bpublic_keys\x18\x05 \x03(\x0b\x32:.policy.kasregistry.ListPublicKeyMappingResponse.PublicKeyR\npublicKeys\x1a\xbe\x02\n\tPublicKey\x12\x1d\n\x03key\x18\x01 \x01(\x0b\x32\x0b.policy.KeyR\x03key\x12T\n\x06values\x18\x06 \x03(\x0b\x32<.policy.kasregistry.ListPublicKeyMappingResponse.AssociationR\x06values\x12^\n\x0b\x64\x65\x66initions\x18\x07 \x03(\x0b\x32<.policy.kasregistry.ListPublicKeyMappingResponse.AssociationR\x0b\x64\x65\x66initions\x12\\\n\nnamespaces\x18\x08 \x03(\x0b\x32<.policy.kasregistry.ListPublicKeyMappingResponse.AssociationR\nnamespaces\x1a/\n\x0b\x41ssociation\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x10\n\x03\x66qn\x18\x02 \x01(\tR\x03\x66qn\"\xbd\x01\n\x16UpdatePublicKeyRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\x12T\n\x18metadata_update_behavior\x18\x65 \x01(\x0e\x32\x1a.common.MetadataUpdateEnumR\x16metadataUpdateBehavior\"8\n\x17UpdatePublicKeyResponse\x12\x1d\n\x03key\x18\x01 \x01(\x0b\x32\x0b.policy.KeyR\x03key\"6\n\x1a\x44\x65\x61\x63tivatePublicKeyRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\"<\n\x1b\x44\x65\x61\x63tivatePublicKeyResponse\x12\x1d\n\x03key\x18\x01 \x01(\x0b\x32\x0b.policy.KeyR\x03key\"4\n\x18\x41\x63tivatePublicKeyRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\":\n\x19\x41\x63tivatePublicKeyResponse\x12\x1d\n\x03key\x18\x01 \x01(\x0b\x32\x0b.policy.KeyR\x03key\"\xa5\x07\n ListKeyAccessServerGrantsRequest\x12\xcb\x01\n\x06kas_id\x18\x01 \x01(\tB\xb3\x01\xbaH\xaf\x01\xba\x01\xab\x01\n\x14optional_uuid_format\x12#Optional field must be a valid UUID\x1ansize(this) == 0 || this.matches(\'[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\')R\x05kasId\x12\xb3\x02\n\x07kas_uri\x18\x02 \x01(\tB\x99\x02\xbaH\x95\x02\xba\x01\x91\x02\n\x13optional_uri_format\x12\xd8\x01Optional URI must be a valid URL (e.g., \'https://demo.com/\') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.\x1a\x1fsize(this) == 0 || this.isUri()R\x06kasUri\x12\xc3\x02\n\x08kas_name\x18\x03 \x01(\tB\xa7\x02\xbaH\xa3\x02r\x03\x18\xfd\x01\xba\x01\x97\x02\n\x0fkas_name_format\x12\xb3\x01Registered KAS name must be an alphanumeric string, allowing hyphens, and underscores but not as the first or last character. The stored KAS name will be normalized to lower case.\x1aNsize(this) == 0 || this.matches(\'^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$\')\xc8\x01\x00R\x07kasName\x12\x33\n\npagination\x18\n \x01(\x0b\x32\x13.policy.PageRequestR\npagination:\x02\x18\x01\"\xa4\x01\n!ListKeyAccessServerGrantsResponse\x12\x45\n\x06grants\x18\x01 \x03(\x0b\x32).policy.kasregistry.KeyAccessServerGrantsB\x02\x18\x01R\x06grants\x12\x34\n\npagination\x18\n \x01(\x0b\x32\x14.policy.PageResponseR\npagination:\x02\x18\x01\"\xcc\x0c\n\x10\x43reateKeyRequest\x12\x1f\n\x06kas_id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x05kasId\x12\x1e\n\x06key_id\x18\x02 \x01(\tB\x07\xbaH\x04r\x02\x10\x01R\x05keyId\x12\xa4\x01\n\rkey_algorithm\x18\x03 \x01(\x0e\x32\x11.policy.AlgorithmBl\xbaHi\xba\x01\x66\n\x15key_algorithm_defined\x12\x34The key_algorithm must be one of the defined values.\x1a\x17this in [1, 2, 3, 4, 5]R\x0ckeyAlgorithm\x12\x93\x01\n\x08key_mode\x18\x04 \x01(\x0e\x32\x0f.policy.KeyModeBg\xbaHd\xba\x01\x61\n\x10key_mode_defined\x12\x35The key_mode must be one of the defined values (1-4).\x1a\x16this >= 1 && this <= 4R\x07keyMode\x12\x42\n\x0epublic_key_ctx\x18\x05 \x01(\x0b\x32\x14.policy.PublicKeyCtxB\x06\xbaH\x03\xc8\x01\x01R\x0cpublicKeyCtx\x12=\n\x0fprivate_key_ctx\x18\x06 \x01(\x0b\x32\x15.policy.PrivateKeyCtxR\rprivateKeyCtx\x12,\n\x12provider_config_id\x18\x07 \x01(\tR\x10providerConfigId\x12\x16\n\x06legacy\x18\x08 \x01(\x08R\x06legacy\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata:\xbb\x07\xbaH\xb7\x07\x1a\x97\x03\n#private_key_ctx_optionally_required\x12\xbc\x01The wrapped_key is required if key_mode is KEY_MODE_CONFIG_ROOT_KEY or KEY_MODE_PROVIDER_ROOT_KEY. The wrapped_key must be empty if key_mode is KEY_MODE_REMOTE or KEY_MODE_PUBLIC_KEY_ONLY.\x1a\xb0\x01((this.key_mode == 1 || this.key_mode == 2) && this.private_key_ctx.wrapped_key != \'\') || ((this.key_mode == 3 || this.key_mode == 4) && this.private_key_ctx.wrapped_key == \'\')\x1a\xf4\x02\n&provider_config_id_optionally_required\x12\xa8\x01Provider config id is required if key_mode is KEY_MODE_PROVIDER_ROOT_KEY or KEY_MODE_REMOTE. It must be empty for KEY_MODE_CONFIG_ROOT_KEY and KEY_MODE_PUBLIC_KEY_ONLY.\x1a\x9e\x01((this.key_mode == 1 || this.key_mode == 4) && this.provider_config_id == \'\') || ((this.key_mode == 2 || this.key_mode == 3) && this.provider_config_id != \'\')\x1a\xa3\x01\n#private_key_ctx_for_public_key_only\x12Hprivate_key_ctx must not be set if key_mode is KEY_MODE_PUBLIC_KEY_ONLY.\x1a\x32!(this.key_mode == 4 && has(this.private_key_ctx))\"<\n\x11\x43reateKeyResponse\x12\'\n\x07kas_key\x18\x01 \x01(\x0b\x32\x0e.policy.KasKeyR\x06kasKey\"z\n\rGetKeyRequest\x12\x1a\n\x02id\x18\x02 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x02id\x12\x38\n\x03key\x18\x03 \x01(\x0b\x32$.policy.kasregistry.KasKeyIdentifierH\x00R\x03keyB\x13\n\nidentifier\x12\x05\xbaH\x02\x08\x01\"9\n\x0eGetKeyResponse\x12\'\n\x07kas_key\x18\x01 \x01(\x0b\x32\x0e.policy.KasKeyR\x06kasKey\"\x96\x03\n\x0fListKeysRequest\x12\xa7\x01\n\rkey_algorithm\x18\x01 \x01(\x0e\x32\x11.policy.AlgorithmBo\xbaHl\xba\x01i\n\x15key_algorithm_defined\x12\x34The key_algorithm must be one of the defined values.\x1a\x1athis in [0, 1, 2, 3, 4, 5]R\x0ckeyAlgorithm\x12!\n\x06kas_id\x18\x02 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x05kasId\x12$\n\x08kas_name\x18\x03 \x01(\tB\x07\xbaH\x04r\x02\x10\x01H\x00R\x07kasName\x12%\n\x07kas_uri\x18\x04 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01H\x00R\x06kasUri\x12\x1b\n\x06legacy\x18\x08 \x01(\x08H\x01R\x06legacy\x88\x01\x01\x12\x33\n\npagination\x18\n \x01(\x0b\x32\x13.policy.PageRequestR\npaginationB\x0c\n\nkas_filterB\t\n\x07_legacy\"s\n\x10ListKeysResponse\x12)\n\x08kas_keys\x18\x01 \x03(\x0b\x32\x0e.policy.KasKeyR\x07kasKeys\x12\x34\n\npagination\x18\n \x01(\x0b\x32\x14.policy.PageResponseR\npagination\"\x86\x03\n\x10UpdateKeyRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\x12T\n\x18metadata_update_behavior\x18\x65 \x01(\x0e\x32\x1a.common.MetadataUpdateEnumR\x16metadataUpdateBehavior:\xcc\x01\xbaH\xc8\x01\x1a\xc5\x01\n\x18metadata_update_behavior\x12RMetadata update behavior must be either APPEND or REPLACE, when updating metadata.\x1aU((!has(this.metadata)) || (has(this.metadata) && this.metadata_update_behavior != 0))\"<\n\x11UpdateKeyResponse\x12\'\n\x07kas_key\x18\x01 \x01(\x0b\x32\x0e.policy.KasKeyR\x06kasKey\"\xa4\x01\n\x10KasKeyIdentifier\x12!\n\x06kas_id\x18\x02 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x05kasId\x12\x1d\n\x04name\x18\x03 \x01(\tB\x07\xbaH\x04r\x02\x10\x01H\x00R\x04name\x12\x1e\n\x03uri\x18\x04 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01H\x00R\x03uri\x12\x19\n\x03kid\x18\x05 \x01(\tB\x07\xbaH\x04r\x02\x10\x01R\x03kidB\x13\n\nidentifier\x12\x05\xbaH\x02\x08\x01\"\xe5\x0e\n\x10RotateKeyRequest\x12\x1a\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x02id\x12\x38\n\x03key\x18\x02 \x01(\x0b\x32$.policy.kasregistry.KasKeyIdentifierH\x00R\x03key\x12\x44\n\x07new_key\x18\x03 \x01(\x0b\x32+.policy.kasregistry.RotateKeyRequest.NewKeyR\x06newKey\x1a\xcf\x04\n\x06NewKey\x12\x1e\n\x06key_id\x18\x01 \x01(\tB\x07\xbaH\x04r\x02\x10\x01R\x05keyId\x12\x9d\x01\n\talgorithm\x18\x02 \x01(\x0e\x32\x11.policy.AlgorithmBl\xbaHi\xba\x01\x66\n\x15key_algorithm_defined\x12\x34The key_algorithm must be one of the defined values.\x1a\x17this in [1, 2, 3, 4, 5]R\talgorithm\x12\x9e\x01\n\x08key_mode\x18\x03 \x01(\x0e\x32\x0f.policy.KeyModeBr\xbaHo\x82\x01\x02\x10\x01\xba\x01g\n\x14new_key_mode_defined\x12\x39The new key_mode must be one of the defined values (1-4).\x1a\x14this in [1, 2, 3, 4]R\x07keyMode\x12\x42\n\x0epublic_key_ctx\x18\x04 \x01(\x0b\x32\x14.policy.PublicKeyCtxB\x06\xbaH\x03\xc8\x01\x01R\x0cpublicKeyCtx\x12=\n\x0fprivate_key_ctx\x18\x05 \x01(\x0b\x32\x15.policy.PrivateKeyCtxR\rprivateKeyCtx\x12,\n\x12provider_config_id\x18\x06 \x01(\tR\x10providerConfigId\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata:\xcd\x08\xbaH\xc9\x08\x1a\xd8\x03\n#private_key_ctx_optionally_required\x12\xcd\x01\x46or the new key, the wrapped_key is required if key_mode is KEY_MODE_CONFIG_ROOT_KEY or KEY_MODE_PROVIDER_ROOT_KEY. The wrapped_key must be empty if key_mode is KEY_MODE_REMOTE or KEY_MODE_PUBLIC_KEY_ONLY.\x1a\xe0\x01((this.new_key.key_mode == 1 || this.new_key.key_mode == 2) && this.new_key.private_key_ctx.wrapped_key != \'\') || ((this.new_key.key_mode == 3 || this.new_key.key_mode == 4) && this.new_key.private_key_ctx.wrapped_key == \'\')\x1a\xb5\x03\n&provider_config_id_optionally_required\x12\xb9\x01\x46or the new key, provider config id is required if key_mode is KEY_MODE_PROVIDER_ROOT_KEY or KEY_MODE_REMOTE. It must be empty for KEY_MODE_CONFIG_ROOT_KEY and KEY_MODE_PUBLIC_KEY_ONLY.\x1a\xce\x01((this.new_key.key_mode == 1 || this.new_key.key_mode == 4) && this.new_key.provider_config_id == \'\') || ((this.new_key.key_mode == 2 || this.new_key.key_mode == 3) && this.new_key.provider_config_id != \'\')\x1a\xb3\x01\n#private_key_ctx_for_public_key_only\x12Hprivate_key_ctx must not be set if key_mode is KEY_MODE_PUBLIC_KEY_ONLY.\x1a\x42!(this.new_key.key_mode == 4 && has(this.new_key.private_key_ctx))B\x13\n\nactive_key\x12\x05\xbaH\x02\x08\x01\"2\n\x0e\x43hangeMappings\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x10\n\x03\x66qn\x18\x02 \x01(\tR\x03\x66qn\"\xe3\x02\n\x10RotatedResources\x12\x36\n\x0frotated_out_key\x18\x01 \x01(\x0b\x32\x0e.policy.KasKeyR\rrotatedOutKey\x12\x66\n\x1d\x61ttribute_definition_mappings\x18\x02 \x03(\x0b\x32\".policy.kasregistry.ChangeMappingsR\x1b\x61ttributeDefinitionMappings\x12\\\n\x18\x61ttribute_value_mappings\x18\x03 \x03(\x0b\x32\".policy.kasregistry.ChangeMappingsR\x16\x61ttributeValueMappings\x12Q\n\x12namespace_mappings\x18\x04 \x03(\x0b\x32\".policy.kasregistry.ChangeMappingsR\x11namespaceMappings\"\x8f\x01\n\x11RotateKeyResponse\x12\'\n\x07kas_key\x18\x01 \x01(\x0b\x32\x0e.policy.KasKeyR\x06kasKey\x12Q\n\x11rotated_resources\x18\x02 \x01(\x0b\x32$.policy.kasregistry.RotatedResourcesR\x10rotatedResources\"~\n\x11SetBaseKeyRequest\x12\x1a\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x02id\x12\x38\n\x03key\x18\x02 \x01(\x0b\x32$.policy.kasregistry.KasKeyIdentifierH\x00R\x03keyB\x13\n\nactive_key\x12\x05\xbaH\x02\x08\x01\"\x13\n\x11GetBaseKeyRequest\"E\n\x12GetBaseKeyResponse\x12/\n\x08\x62\x61se_key\x18\x01 \x01(\x0b\x32\x14.policy.SimpleKasKeyR\x07\x62\x61seKey\"\x8e\x01\n\x12SetBaseKeyResponse\x12\x36\n\x0cnew_base_key\x18\x01 \x01(\x0b\x32\x14.policy.SimpleKasKeyR\nnewBaseKey\x12@\n\x11previous_base_key\x18\x02 \x01(\x0b\x32\x14.policy.SimpleKasKeyR\x0fpreviousBaseKey\"6\n\x12MappedPolicyObject\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x10\n\x03\x66qn\x18\x02 \x01(\tR\x03\x66qn\"\xb4\x02\n\nKeyMapping\x12\x10\n\x03kid\x18\x01 \x01(\tR\x03kid\x12\x17\n\x07kas_uri\x18\x02 \x01(\tR\x06kasUri\x12U\n\x12namespace_mappings\x18\x03 \x03(\x0b\x32&.policy.kasregistry.MappedPolicyObjectR\x11namespaceMappings\x12U\n\x12\x61ttribute_mappings\x18\x04 \x03(\x0b\x32&.policy.kasregistry.MappedPolicyObjectR\x11\x61ttributeMappings\x12M\n\x0evalue_mappings\x18\x05 \x03(\x0b\x32&.policy.kasregistry.MappedPolicyObjectR\rvalueMappings\"\xb8\x01\n\x16ListKeyMappingsRequest\x12\x1a\n\x02id\x18\x02 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x02id\x12\x38\n\x03key\x18\x03 \x01(\x0b\x32$.policy.kasregistry.KasKeyIdentifierH\x00R\x03key\x12\x33\n\npagination\x18\n \x01(\x0b\x32\x13.policy.PageRequestR\npaginationB\x13\n\nidentifier\x12\x05\xbaH\x02\x08\x00\"\x92\x01\n\x17ListKeyMappingsResponse\x12\x41\n\x0ckey_mappings\x18\x01 \x03(\x0b\x32\x1e.policy.kasregistry.KeyMappingR\x0bkeyMappings\x12\x34\n\npagination\x18\n \x01(\x0b\x32\x14.policy.PageResponseR\npagination2\xb5\x0c\n\x1eKeyAccessServerRegistryService\x12\x99\x01\n\x14ListKeyAccessServers\x12/.policy.kasregistry.ListKeyAccessServersRequest\x1a\x30.policy.kasregistry.ListKeyAccessServersResponse\"\x1e\x90\x02\x01\x82\xd3\xe4\x93\x02\x15\x12\x13/key-access-servers\x12x\n\x12GetKeyAccessServer\x12-.policy.kasregistry.GetKeyAccessServerRequest\x1a..policy.kasregistry.GetKeyAccessServerResponse\"\x03\x90\x02\x01\x12~\n\x15\x43reateKeyAccessServer\x12\x30.policy.kasregistry.CreateKeyAccessServerRequest\x1a\x31.policy.kasregistry.CreateKeyAccessServerResponse\"\x00\x12~\n\x15UpdateKeyAccessServer\x12\x30.policy.kasregistry.UpdateKeyAccessServerRequest\x1a\x31.policy.kasregistry.UpdateKeyAccessServerResponse\"\x00\x12~\n\x15\x44\x65leteKeyAccessServer\x12\x30.policy.kasregistry.DeleteKeyAccessServerRequest\x1a\x31.policy.kasregistry.DeleteKeyAccessServerResponse\"\x00\x12\x90\x01\n\x19ListKeyAccessServerGrants\x12\x34.policy.kasregistry.ListKeyAccessServerGrantsRequest\x1a\x35.policy.kasregistry.ListKeyAccessServerGrantsResponse\"\x06\x88\x02\x01\x90\x02\x01\x12Z\n\tCreateKey\x12$.policy.kasregistry.CreateKeyRequest\x1a%.policy.kasregistry.CreateKeyResponse\"\x00\x12Q\n\x06GetKey\x12!.policy.kasregistry.GetKeyRequest\x1a\".policy.kasregistry.GetKeyResponse\"\x00\x12W\n\x08ListKeys\x12#.policy.kasregistry.ListKeysRequest\x1a$.policy.kasregistry.ListKeysResponse\"\x00\x12Z\n\tUpdateKey\x12$.policy.kasregistry.UpdateKeyRequest\x1a%.policy.kasregistry.UpdateKeyResponse\"\x00\x12Z\n\tRotateKey\x12$.policy.kasregistry.RotateKeyRequest\x1a%.policy.kasregistry.RotateKeyResponse\"\x00\x12]\n\nSetBaseKey\x12%.policy.kasregistry.SetBaseKeyRequest\x1a&.policy.kasregistry.SetBaseKeyResponse\"\x00\x12]\n\nGetBaseKey\x12%.policy.kasregistry.GetBaseKeyRequest\x1a&.policy.kasregistry.GetBaseKeyResponse\"\x00\x12l\n\x0fListKeyMappings\x12*.policy.kasregistry.ListKeyMappingsRequest\x1a+.policy.kasregistry.ListKeyMappingsResponse\"\x00\x42\x9f\x01\n\x16\x63om.policy.kasregistryB\x1cKeyAccessServerRegistryProtoP\x01\xa2\x02\x03PKX\xaa\x02\x12Policy.Kasregistry\xca\x02\x12Policy\\Kasregistry\xe2\x02\x1ePolicy\\Kasregistry\\GPBMetadata\xea\x02\x13Policy::Kasregistryb\x06proto3') _globals = globals() _builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals) @@ -230,49 +230,49 @@ _globals['_LISTKEYACCESSSERVERGRANTSRESPONSE']._serialized_start=6614 _globals['_LISTKEYACCESSSERVERGRANTSRESPONSE']._serialized_end=6778 _globals['_CREATEKEYREQUEST']._serialized_start=6781 - _globals['_CREATEKEYREQUEST']._serialized_end=8369 - _globals['_CREATEKEYRESPONSE']._serialized_start=8371 - _globals['_CREATEKEYRESPONSE']._serialized_end=8431 - _globals['_GETKEYREQUEST']._serialized_start=8433 - _globals['_GETKEYREQUEST']._serialized_end=8555 - _globals['_GETKEYRESPONSE']._serialized_start=8557 - _globals['_GETKEYRESPONSE']._serialized_end=8614 - _globals['_LISTKEYSREQUEST']._serialized_start=8617 - _globals['_LISTKEYSREQUEST']._serialized_end=8983 - _globals['_LISTKEYSRESPONSE']._serialized_start=8985 - _globals['_LISTKEYSRESPONSE']._serialized_end=9100 - _globals['_UPDATEKEYREQUEST']._serialized_start=9103 - _globals['_UPDATEKEYREQUEST']._serialized_end=9493 - _globals['_UPDATEKEYRESPONSE']._serialized_start=9495 - _globals['_UPDATEKEYRESPONSE']._serialized_end=9555 - _globals['_KASKEYIDENTIFIER']._serialized_start=9558 - _globals['_KASKEYIDENTIFIER']._serialized_end=9722 - _globals['_ROTATEKEYREQUEST']._serialized_start=9725 - _globals['_ROTATEKEYREQUEST']._serialized_end=11618 - _globals['_ROTATEKEYREQUEST_NEWKEY']._serialized_start=9902 - _globals['_ROTATEKEYREQUEST_NEWKEY']._serialized_end=10493 - _globals['_CHANGEMAPPINGS']._serialized_start=11620 - _globals['_CHANGEMAPPINGS']._serialized_end=11670 - _globals['_ROTATEDRESOURCES']._serialized_start=11673 - _globals['_ROTATEDRESOURCES']._serialized_end=12028 - _globals['_ROTATEKEYRESPONSE']._serialized_start=12031 - _globals['_ROTATEKEYRESPONSE']._serialized_end=12174 - _globals['_SETBASEKEYREQUEST']._serialized_start=12176 - _globals['_SETBASEKEYREQUEST']._serialized_end=12302 - _globals['_GETBASEKEYREQUEST']._serialized_start=12304 - _globals['_GETBASEKEYREQUEST']._serialized_end=12323 - _globals['_GETBASEKEYRESPONSE']._serialized_start=12325 - _globals['_GETBASEKEYRESPONSE']._serialized_end=12394 - _globals['_SETBASEKEYRESPONSE']._serialized_start=12397 - _globals['_SETBASEKEYRESPONSE']._serialized_end=12539 - _globals['_MAPPEDPOLICYOBJECT']._serialized_start=12541 - _globals['_MAPPEDPOLICYOBJECT']._serialized_end=12595 - _globals['_KEYMAPPING']._serialized_start=12598 - _globals['_KEYMAPPING']._serialized_end=12906 - _globals['_LISTKEYMAPPINGSREQUEST']._serialized_start=12909 - _globals['_LISTKEYMAPPINGSREQUEST']._serialized_end=13093 - _globals['_LISTKEYMAPPINGSRESPONSE']._serialized_start=13096 - _globals['_LISTKEYMAPPINGSRESPONSE']._serialized_end=13242 - _globals['_KEYACCESSSERVERREGISTRYSERVICE']._serialized_start=13245 - _globals['_KEYACCESSSERVERREGISTRYSERVICE']._serialized_end=14834 + _globals['_CREATEKEYREQUEST']._serialized_end=8393 + _globals['_CREATEKEYRESPONSE']._serialized_start=8395 + _globals['_CREATEKEYRESPONSE']._serialized_end=8455 + _globals['_GETKEYREQUEST']._serialized_start=8457 + _globals['_GETKEYREQUEST']._serialized_end=8579 + _globals['_GETKEYRESPONSE']._serialized_start=8581 + _globals['_GETKEYRESPONSE']._serialized_end=8638 + _globals['_LISTKEYSREQUEST']._serialized_start=8641 + _globals['_LISTKEYSREQUEST']._serialized_end=9047 + _globals['_LISTKEYSRESPONSE']._serialized_start=9049 + _globals['_LISTKEYSRESPONSE']._serialized_end=9164 + _globals['_UPDATEKEYREQUEST']._serialized_start=9167 + _globals['_UPDATEKEYREQUEST']._serialized_end=9557 + _globals['_UPDATEKEYRESPONSE']._serialized_start=9559 + _globals['_UPDATEKEYRESPONSE']._serialized_end=9619 + _globals['_KASKEYIDENTIFIER']._serialized_start=9622 + _globals['_KASKEYIDENTIFIER']._serialized_end=9786 + _globals['_ROTATEKEYREQUEST']._serialized_start=9789 + _globals['_ROTATEKEYREQUEST']._serialized_end=11682 + _globals['_ROTATEKEYREQUEST_NEWKEY']._serialized_start=9966 + _globals['_ROTATEKEYREQUEST_NEWKEY']._serialized_end=10557 + _globals['_CHANGEMAPPINGS']._serialized_start=11684 + _globals['_CHANGEMAPPINGS']._serialized_end=11734 + _globals['_ROTATEDRESOURCES']._serialized_start=11737 + _globals['_ROTATEDRESOURCES']._serialized_end=12092 + _globals['_ROTATEKEYRESPONSE']._serialized_start=12095 + _globals['_ROTATEKEYRESPONSE']._serialized_end=12238 + _globals['_SETBASEKEYREQUEST']._serialized_start=12240 + _globals['_SETBASEKEYREQUEST']._serialized_end=12366 + _globals['_GETBASEKEYREQUEST']._serialized_start=12368 + _globals['_GETBASEKEYREQUEST']._serialized_end=12387 + _globals['_GETBASEKEYRESPONSE']._serialized_start=12389 + _globals['_GETBASEKEYRESPONSE']._serialized_end=12458 + _globals['_SETBASEKEYRESPONSE']._serialized_start=12461 + _globals['_SETBASEKEYRESPONSE']._serialized_end=12603 + _globals['_MAPPEDPOLICYOBJECT']._serialized_start=12605 + _globals['_MAPPEDPOLICYOBJECT']._serialized_end=12659 + _globals['_KEYMAPPING']._serialized_start=12662 + _globals['_KEYMAPPING']._serialized_end=12970 + _globals['_LISTKEYMAPPINGSREQUEST']._serialized_start=12973 + _globals['_LISTKEYMAPPINGSREQUEST']._serialized_end=13157 + _globals['_LISTKEYMAPPINGSRESPONSE']._serialized_start=13160 + _globals['_LISTKEYMAPPINGSRESPONSE']._serialized_end=13306 + _globals['_KEYACCESSSERVERREGISTRYSERVICE']._serialized_start=13309 + _globals['_KEYACCESSSERVERREGISTRYSERVICE']._serialized_end=14898 # @@protoc_insertion_point(module_scope) diff --git a/otdf-python-proto/src/otdf_python_proto/policy/kasregistry/key_access_server_registry_pb2.pyi b/otdf-python-proto/src/otdf_python_proto/policy/kasregistry/key_access_server_registry_pb2.pyi index 31d6f3b..88a415d 100644 --- a/otdf-python-proto/src/otdf_python_proto/policy/kasregistry/key_access_server_registry_pb2.pyi +++ b/otdf-python-proto/src/otdf_python_proto/policy/kasregistry/key_access_server_registry_pb2.pyi @@ -279,7 +279,7 @@ class ListKeyAccessServerGrantsResponse(_message.Message): def __init__(self, grants: _Optional[_Iterable[_Union[KeyAccessServerGrants, _Mapping]]] = ..., pagination: _Optional[_Union[_selectors_pb2.PageResponse, _Mapping]] = ...) -> None: ... class CreateKeyRequest(_message.Message): - __slots__ = ("kas_id", "key_id", "key_algorithm", "key_mode", "public_key_ctx", "private_key_ctx", "provider_config_id", "metadata") + __slots__ = ("kas_id", "key_id", "key_algorithm", "key_mode", "public_key_ctx", "private_key_ctx", "provider_config_id", "legacy", "metadata") KAS_ID_FIELD_NUMBER: _ClassVar[int] KEY_ID_FIELD_NUMBER: _ClassVar[int] KEY_ALGORITHM_FIELD_NUMBER: _ClassVar[int] @@ -287,6 +287,7 @@ class CreateKeyRequest(_message.Message): PUBLIC_KEY_CTX_FIELD_NUMBER: _ClassVar[int] PRIVATE_KEY_CTX_FIELD_NUMBER: _ClassVar[int] PROVIDER_CONFIG_ID_FIELD_NUMBER: _ClassVar[int] + LEGACY_FIELD_NUMBER: _ClassVar[int] METADATA_FIELD_NUMBER: _ClassVar[int] kas_id: str key_id: str @@ -295,8 +296,9 @@ class CreateKeyRequest(_message.Message): public_key_ctx: _objects_pb2.PublicKeyCtx private_key_ctx: _objects_pb2.PrivateKeyCtx provider_config_id: str + legacy: bool metadata: _common_pb2.MetadataMutable - def __init__(self, kas_id: _Optional[str] = ..., key_id: _Optional[str] = ..., key_algorithm: _Optional[_Union[_objects_pb2.Algorithm, str]] = ..., key_mode: _Optional[_Union[_objects_pb2.KeyMode, str]] = ..., public_key_ctx: _Optional[_Union[_objects_pb2.PublicKeyCtx, _Mapping]] = ..., private_key_ctx: _Optional[_Union[_objects_pb2.PrivateKeyCtx, _Mapping]] = ..., provider_config_id: _Optional[str] = ..., metadata: _Optional[_Union[_common_pb2.MetadataMutable, _Mapping]] = ...) -> None: ... + def __init__(self, kas_id: _Optional[str] = ..., key_id: _Optional[str] = ..., key_algorithm: _Optional[_Union[_objects_pb2.Algorithm, str]] = ..., key_mode: _Optional[_Union[_objects_pb2.KeyMode, str]] = ..., public_key_ctx: _Optional[_Union[_objects_pb2.PublicKeyCtx, _Mapping]] = ..., private_key_ctx: _Optional[_Union[_objects_pb2.PrivateKeyCtx, _Mapping]] = ..., provider_config_id: _Optional[str] = ..., legacy: bool = ..., metadata: _Optional[_Union[_common_pb2.MetadataMutable, _Mapping]] = ...) -> None: ... class CreateKeyResponse(_message.Message): __slots__ = ("kas_key",) @@ -319,18 +321,20 @@ class GetKeyResponse(_message.Message): def __init__(self, kas_key: _Optional[_Union[_objects_pb2.KasKey, _Mapping]] = ...) -> None: ... class ListKeysRequest(_message.Message): - __slots__ = ("key_algorithm", "kas_id", "kas_name", "kas_uri", "pagination") + __slots__ = ("key_algorithm", "kas_id", "kas_name", "kas_uri", "legacy", "pagination") KEY_ALGORITHM_FIELD_NUMBER: _ClassVar[int] KAS_ID_FIELD_NUMBER: _ClassVar[int] KAS_NAME_FIELD_NUMBER: _ClassVar[int] KAS_URI_FIELD_NUMBER: _ClassVar[int] + LEGACY_FIELD_NUMBER: _ClassVar[int] PAGINATION_FIELD_NUMBER: _ClassVar[int] key_algorithm: _objects_pb2.Algorithm kas_id: str kas_name: str kas_uri: str + legacy: bool pagination: _selectors_pb2.PageRequest - def __init__(self, key_algorithm: _Optional[_Union[_objects_pb2.Algorithm, str]] = ..., kas_id: _Optional[str] = ..., kas_name: _Optional[str] = ..., kas_uri: _Optional[str] = ..., pagination: _Optional[_Union[_selectors_pb2.PageRequest, _Mapping]] = ...) -> None: ... + def __init__(self, key_algorithm: _Optional[_Union[_objects_pb2.Algorithm, str]] = ..., kas_id: _Optional[str] = ..., kas_name: _Optional[str] = ..., kas_uri: _Optional[str] = ..., legacy: bool = ..., pagination: _Optional[_Union[_selectors_pb2.PageRequest, _Mapping]] = ...) -> None: ... class ListKeysResponse(_message.Message): __slots__ = ("kas_keys", "pagination") diff --git a/otdf-python-proto/src/otdf_python_proto/policy/keymanagement/key_management_pb2.py b/otdf-python-proto/src/otdf_python_proto/policy/keymanagement/key_management_pb2.py index de3b629..0db3fd3 100644 --- a/otdf-python-proto/src/otdf_python_proto/policy/keymanagement/key_management_pb2.py +++ b/otdf-python-proto/src/otdf_python_proto/policy/keymanagement/key_management_pb2.py @@ -28,7 +28,7 @@ from policy import selectors_pb2 as policy_dot_selectors__pb2 -DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n)policy/keymanagement/key_management.proto\x12\x14policy.keymanagement\x1a\x1b\x62uf/validate/validate.proto\x1a\x13\x63ommon/common.proto\x1a\x14policy/objects.proto\x1a\x16policy/selectors.proto\"\x97\x01\n\x1b\x43reateProviderConfigRequest\x12\x1a\n\x04name\x18\x01 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x04name\x12\'\n\x0b\x63onfig_json\x18\x02 \x01(\x0c\x42\x06\xbaH\x03\xc8\x01\x01R\nconfigJson\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\"b\n\x1c\x43reateProviderConfigResponse\x12\x42\n\x0fprovider_config\x18\x01 \x01(\x0b\x32\x19.policy.KeyProviderConfigR\x0eproviderConfig\"j\n\x18GetProviderConfigRequest\x12\x1a\n\x02id\x18\x02 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x02id\x12\x1d\n\x04name\x18\x03 \x01(\tB\x07\xbaH\x04r\x02\x10\x01H\x00R\x04nameB\x13\n\nidentifier\x12\x05\xbaH\x02\x08\x01\"_\n\x19GetProviderConfigResponse\x12\x42\n\x0fprovider_config\x18\x01 \x01(\x0b\x32\x19.policy.KeyProviderConfigR\x0eproviderConfig\"Q\n\x1aListProviderConfigsRequest\x12\x33\n\npagination\x18\n \x01(\x0b\x32\x13.policy.PageRequestR\npagination\"\x99\x01\n\x1bListProviderConfigsResponse\x12\x44\n\x10provider_configs\x18\x01 \x03(\x0b\x32\x19.policy.KeyProviderConfigR\x0fproviderConfigs\x12\x34\n\npagination\x18\n \x01(\x0b\x32\x14.policy.PageResponseR\npagination\"\x87\x02\n\x1bUpdateProviderConfigRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x1a\n\x04name\x18\x02 \x01(\tB\x06\xbaH\x03\xc8\x01\x00R\x04name\x12\'\n\x0b\x63onfig_json\x18\x03 \x01(\x0c\x42\x06\xbaH\x03\xc8\x01\x00R\nconfigJson\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\x12T\n\x18metadata_update_behavior\x18\x65 \x01(\x0e\x32\x1a.common.MetadataUpdateEnumR\x16metadataUpdateBehavior\"b\n\x1cUpdateProviderConfigResponse\x12\x42\n\x0fprovider_config\x18\x01 \x01(\x0b\x32\x19.policy.KeyProviderConfigR\x0eproviderConfig\"7\n\x1b\x44\x65leteProviderConfigRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\"b\n\x1c\x44\x65leteProviderConfigResponse\x12\x42\n\x0fprovider_config\x18\x01 \x01(\x0b\x32\x19.policy.KeyProviderConfigR\x0eproviderConfig2\x8f\x05\n\x14KeyManagementService\x12\x7f\n\x14\x43reateProviderConfig\x12\x31.policy.keymanagement.CreateProviderConfigRequest\x1a\x32.policy.keymanagement.CreateProviderConfigResponse\"\x00\x12v\n\x11GetProviderConfig\x12..policy.keymanagement.GetProviderConfigRequest\x1a/.policy.keymanagement.GetProviderConfigResponse\"\x00\x12|\n\x13ListProviderConfigs\x12\x30.policy.keymanagement.ListProviderConfigsRequest\x1a\x31.policy.keymanagement.ListProviderConfigsResponse\"\x00\x12\x7f\n\x14UpdateProviderConfig\x12\x31.policy.keymanagement.UpdateProviderConfigRequest\x1a\x32.policy.keymanagement.UpdateProviderConfigResponse\"\x00\x12\x7f\n\x14\x44\x65leteProviderConfig\x12\x31.policy.keymanagement.DeleteProviderConfigRequest\x1a\x32.policy.keymanagement.DeleteProviderConfigResponse\"\x00\x42\x9f\x01\n\x18\x63om.policy.keymanagementB\x12KeyManagementProtoP\x01\xa2\x02\x03PKX\xaa\x02\x14Policy.Keymanagement\xca\x02\x14Policy\\Keymanagement\xe2\x02 Policy\\Keymanagement\\GPBMetadata\xea\x02\x15Policy::Keymanagementb\x06proto3') +DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n)policy/keymanagement/key_management.proto\x12\x14policy.keymanagement\x1a\x1b\x62uf/validate/validate.proto\x1a\x13\x63ommon/common.proto\x1a\x14policy/objects.proto\x1a\x16policy/selectors.proto\"\xb9\x01\n\x1b\x43reateProviderConfigRequest\x12\x1a\n\x04name\x18\x01 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x04name\x12\'\n\x0b\x63onfig_json\x18\x02 \x01(\x0c\x42\x06\xbaH\x03\xc8\x01\x01R\nconfigJson\x12 \n\x07manager\x18\x03 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x07manager\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\"b\n\x1c\x43reateProviderConfigResponse\x12\x42\n\x0fprovider_config\x18\x01 \x01(\x0b\x32\x19.policy.KeyProviderConfigR\x0eproviderConfig\"\x8c\x01\n\x18GetProviderConfigRequest\x12\x1a\n\x02id\x18\x02 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x02id\x12\x1d\n\x04name\x18\x03 \x01(\tB\x07\xbaH\x04r\x02\x10\x01H\x00R\x04name\x12 \n\x07manager\x18\x04 \x01(\tB\x06\xbaH\x03\xc8\x01\x00R\x07managerB\x13\n\nidentifier\x12\x05\xbaH\x02\x08\x01\"_\n\x19GetProviderConfigResponse\x12\x42\n\x0fprovider_config\x18\x01 \x01(\x0b\x32\x19.policy.KeyProviderConfigR\x0eproviderConfig\"Q\n\x1aListProviderConfigsRequest\x12\x33\n\npagination\x18\n \x01(\x0b\x32\x13.policy.PageRequestR\npagination\"\x99\x01\n\x1bListProviderConfigsResponse\x12\x44\n\x10provider_configs\x18\x01 \x03(\x0b\x32\x19.policy.KeyProviderConfigR\x0fproviderConfigs\x12\x34\n\npagination\x18\n \x01(\x0b\x32\x14.policy.PageResponseR\npagination\"\xa9\x02\n\x1bUpdateProviderConfigRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x1a\n\x04name\x18\x02 \x01(\tB\x06\xbaH\x03\xc8\x01\x00R\x04name\x12\'\n\x0b\x63onfig_json\x18\x03 \x01(\x0c\x42\x06\xbaH\x03\xc8\x01\x00R\nconfigJson\x12 \n\x07manager\x18\x04 \x01(\tB\x06\xbaH\x03\xc8\x01\x00R\x07manager\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\x12T\n\x18metadata_update_behavior\x18\x65 \x01(\x0e\x32\x1a.common.MetadataUpdateEnumR\x16metadataUpdateBehavior\"b\n\x1cUpdateProviderConfigResponse\x12\x42\n\x0fprovider_config\x18\x01 \x01(\x0b\x32\x19.policy.KeyProviderConfigR\x0eproviderConfig\"7\n\x1b\x44\x65leteProviderConfigRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\"b\n\x1c\x44\x65leteProviderConfigResponse\x12\x42\n\x0fprovider_config\x18\x01 \x01(\x0b\x32\x19.policy.KeyProviderConfigR\x0eproviderConfig2\x8f\x05\n\x14KeyManagementService\x12\x7f\n\x14\x43reateProviderConfig\x12\x31.policy.keymanagement.CreateProviderConfigRequest\x1a\x32.policy.keymanagement.CreateProviderConfigResponse\"\x00\x12v\n\x11GetProviderConfig\x12..policy.keymanagement.GetProviderConfigRequest\x1a/.policy.keymanagement.GetProviderConfigResponse\"\x00\x12|\n\x13ListProviderConfigs\x12\x30.policy.keymanagement.ListProviderConfigsRequest\x1a\x31.policy.keymanagement.ListProviderConfigsResponse\"\x00\x12\x7f\n\x14UpdateProviderConfig\x12\x31.policy.keymanagement.UpdateProviderConfigRequest\x1a\x32.policy.keymanagement.UpdateProviderConfigResponse\"\x00\x12\x7f\n\x14\x44\x65leteProviderConfig\x12\x31.policy.keymanagement.DeleteProviderConfigRequest\x1a\x32.policy.keymanagement.DeleteProviderConfigResponse\"\x00\x42\x9f\x01\n\x18\x63om.policy.keymanagementB\x12KeyManagementProtoP\x01\xa2\x02\x03PKX\xaa\x02\x14Policy.Keymanagement\xca\x02\x14Policy\\Keymanagement\xe2\x02 Policy\\Keymanagement\\GPBMetadata\xea\x02\x15Policy::Keymanagementb\x06proto3') _globals = globals() _builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals) @@ -40,40 +40,46 @@ _globals['_CREATEPROVIDERCONFIGREQUEST'].fields_by_name['name']._serialized_options = b'\272H\003\310\001\001' _globals['_CREATEPROVIDERCONFIGREQUEST'].fields_by_name['config_json']._loaded_options = None _globals['_CREATEPROVIDERCONFIGREQUEST'].fields_by_name['config_json']._serialized_options = b'\272H\003\310\001\001' + _globals['_CREATEPROVIDERCONFIGREQUEST'].fields_by_name['manager']._loaded_options = None + _globals['_CREATEPROVIDERCONFIGREQUEST'].fields_by_name['manager']._serialized_options = b'\272H\003\310\001\001' _globals['_GETPROVIDERCONFIGREQUEST'].oneofs_by_name['identifier']._loaded_options = None _globals['_GETPROVIDERCONFIGREQUEST'].oneofs_by_name['identifier']._serialized_options = b'\272H\002\010\001' _globals['_GETPROVIDERCONFIGREQUEST'].fields_by_name['id']._loaded_options = None _globals['_GETPROVIDERCONFIGREQUEST'].fields_by_name['id']._serialized_options = b'\272H\005r\003\260\001\001' _globals['_GETPROVIDERCONFIGREQUEST'].fields_by_name['name']._loaded_options = None _globals['_GETPROVIDERCONFIGREQUEST'].fields_by_name['name']._serialized_options = b'\272H\004r\002\020\001' + _globals['_GETPROVIDERCONFIGREQUEST'].fields_by_name['manager']._loaded_options = None + _globals['_GETPROVIDERCONFIGREQUEST'].fields_by_name['manager']._serialized_options = b'\272H\003\310\001\000' _globals['_UPDATEPROVIDERCONFIGREQUEST'].fields_by_name['id']._loaded_options = None _globals['_UPDATEPROVIDERCONFIGREQUEST'].fields_by_name['id']._serialized_options = b'\272H\005r\003\260\001\001' _globals['_UPDATEPROVIDERCONFIGREQUEST'].fields_by_name['name']._loaded_options = None _globals['_UPDATEPROVIDERCONFIGREQUEST'].fields_by_name['name']._serialized_options = b'\272H\003\310\001\000' _globals['_UPDATEPROVIDERCONFIGREQUEST'].fields_by_name['config_json']._loaded_options = None _globals['_UPDATEPROVIDERCONFIGREQUEST'].fields_by_name['config_json']._serialized_options = b'\272H\003\310\001\000' + _globals['_UPDATEPROVIDERCONFIGREQUEST'].fields_by_name['manager']._loaded_options = None + _globals['_UPDATEPROVIDERCONFIGREQUEST'].fields_by_name['manager']._serialized_options = b'\272H\003\310\001\000' _globals['_DELETEPROVIDERCONFIGREQUEST'].fields_by_name['id']._loaded_options = None _globals['_DELETEPROVIDERCONFIGREQUEST'].fields_by_name['id']._serialized_options = b'\272H\005r\003\260\001\001' _globals['_CREATEPROVIDERCONFIGREQUEST']._serialized_start=164 - _globals['_CREATEPROVIDERCONFIGREQUEST']._serialized_end=315 - _globals['_CREATEPROVIDERCONFIGRESPONSE']._serialized_start=317 - _globals['_CREATEPROVIDERCONFIGRESPONSE']._serialized_end=415 - _globals['_GETPROVIDERCONFIGREQUEST']._serialized_start=417 - _globals['_GETPROVIDERCONFIGREQUEST']._serialized_end=523 - _globals['_GETPROVIDERCONFIGRESPONSE']._serialized_start=525 - _globals['_GETPROVIDERCONFIGRESPONSE']._serialized_end=620 - _globals['_LISTPROVIDERCONFIGSREQUEST']._serialized_start=622 - _globals['_LISTPROVIDERCONFIGSREQUEST']._serialized_end=703 - _globals['_LISTPROVIDERCONFIGSRESPONSE']._serialized_start=706 - _globals['_LISTPROVIDERCONFIGSRESPONSE']._serialized_end=859 - _globals['_UPDATEPROVIDERCONFIGREQUEST']._serialized_start=862 - _globals['_UPDATEPROVIDERCONFIGREQUEST']._serialized_end=1125 - _globals['_UPDATEPROVIDERCONFIGRESPONSE']._serialized_start=1127 - _globals['_UPDATEPROVIDERCONFIGRESPONSE']._serialized_end=1225 - _globals['_DELETEPROVIDERCONFIGREQUEST']._serialized_start=1227 - _globals['_DELETEPROVIDERCONFIGREQUEST']._serialized_end=1282 - _globals['_DELETEPROVIDERCONFIGRESPONSE']._serialized_start=1284 - _globals['_DELETEPROVIDERCONFIGRESPONSE']._serialized_end=1382 - _globals['_KEYMANAGEMENTSERVICE']._serialized_start=1385 - _globals['_KEYMANAGEMENTSERVICE']._serialized_end=2040 + _globals['_CREATEPROVIDERCONFIGREQUEST']._serialized_end=349 + _globals['_CREATEPROVIDERCONFIGRESPONSE']._serialized_start=351 + _globals['_CREATEPROVIDERCONFIGRESPONSE']._serialized_end=449 + _globals['_GETPROVIDERCONFIGREQUEST']._serialized_start=452 + _globals['_GETPROVIDERCONFIGREQUEST']._serialized_end=592 + _globals['_GETPROVIDERCONFIGRESPONSE']._serialized_start=594 + _globals['_GETPROVIDERCONFIGRESPONSE']._serialized_end=689 + _globals['_LISTPROVIDERCONFIGSREQUEST']._serialized_start=691 + _globals['_LISTPROVIDERCONFIGSREQUEST']._serialized_end=772 + _globals['_LISTPROVIDERCONFIGSRESPONSE']._serialized_start=775 + _globals['_LISTPROVIDERCONFIGSRESPONSE']._serialized_end=928 + _globals['_UPDATEPROVIDERCONFIGREQUEST']._serialized_start=931 + _globals['_UPDATEPROVIDERCONFIGREQUEST']._serialized_end=1228 + _globals['_UPDATEPROVIDERCONFIGRESPONSE']._serialized_start=1230 + _globals['_UPDATEPROVIDERCONFIGRESPONSE']._serialized_end=1328 + _globals['_DELETEPROVIDERCONFIGREQUEST']._serialized_start=1330 + _globals['_DELETEPROVIDERCONFIGREQUEST']._serialized_end=1385 + _globals['_DELETEPROVIDERCONFIGRESPONSE']._serialized_start=1387 + _globals['_DELETEPROVIDERCONFIGRESPONSE']._serialized_end=1485 + _globals['_KEYMANAGEMENTSERVICE']._serialized_start=1488 + _globals['_KEYMANAGEMENTSERVICE']._serialized_end=2143 # @@protoc_insertion_point(module_scope) diff --git a/otdf-python-proto/src/otdf_python_proto/policy/keymanagement/key_management_pb2.pyi b/otdf-python-proto/src/otdf_python_proto/policy/keymanagement/key_management_pb2.pyi index 468d867..e5ef382 100644 --- a/otdf-python-proto/src/otdf_python_proto/policy/keymanagement/key_management_pb2.pyi +++ b/otdf-python-proto/src/otdf_python_proto/policy/keymanagement/key_management_pb2.pyi @@ -11,14 +11,16 @@ from typing import ClassVar as _ClassVar, Optional as _Optional, Union as _Union DESCRIPTOR: _descriptor.FileDescriptor class CreateProviderConfigRequest(_message.Message): - __slots__ = ("name", "config_json", "metadata") + __slots__ = ("name", "config_json", "manager", "metadata") NAME_FIELD_NUMBER: _ClassVar[int] CONFIG_JSON_FIELD_NUMBER: _ClassVar[int] + MANAGER_FIELD_NUMBER: _ClassVar[int] METADATA_FIELD_NUMBER: _ClassVar[int] name: str config_json: bytes + manager: str metadata: _common_pb2.MetadataMutable - def __init__(self, name: _Optional[str] = ..., config_json: _Optional[bytes] = ..., metadata: _Optional[_Union[_common_pb2.MetadataMutable, _Mapping]] = ...) -> None: ... + def __init__(self, name: _Optional[str] = ..., config_json: _Optional[bytes] = ..., manager: _Optional[str] = ..., metadata: _Optional[_Union[_common_pb2.MetadataMutable, _Mapping]] = ...) -> None: ... class CreateProviderConfigResponse(_message.Message): __slots__ = ("provider_config",) @@ -27,12 +29,14 @@ class CreateProviderConfigResponse(_message.Message): def __init__(self, provider_config: _Optional[_Union[_objects_pb2.KeyProviderConfig, _Mapping]] = ...) -> None: ... class GetProviderConfigRequest(_message.Message): - __slots__ = ("id", "name") + __slots__ = ("id", "name", "manager") ID_FIELD_NUMBER: _ClassVar[int] NAME_FIELD_NUMBER: _ClassVar[int] + MANAGER_FIELD_NUMBER: _ClassVar[int] id: str name: str - def __init__(self, id: _Optional[str] = ..., name: _Optional[str] = ...) -> None: ... + manager: str + def __init__(self, id: _Optional[str] = ..., name: _Optional[str] = ..., manager: _Optional[str] = ...) -> None: ... class GetProviderConfigResponse(_message.Message): __slots__ = ("provider_config",) @@ -55,18 +59,20 @@ class ListProviderConfigsResponse(_message.Message): def __init__(self, provider_configs: _Optional[_Iterable[_Union[_objects_pb2.KeyProviderConfig, _Mapping]]] = ..., pagination: _Optional[_Union[_selectors_pb2.PageResponse, _Mapping]] = ...) -> None: ... class UpdateProviderConfigRequest(_message.Message): - __slots__ = ("id", "name", "config_json", "metadata", "metadata_update_behavior") + __slots__ = ("id", "name", "config_json", "manager", "metadata", "metadata_update_behavior") ID_FIELD_NUMBER: _ClassVar[int] NAME_FIELD_NUMBER: _ClassVar[int] CONFIG_JSON_FIELD_NUMBER: _ClassVar[int] + MANAGER_FIELD_NUMBER: _ClassVar[int] METADATA_FIELD_NUMBER: _ClassVar[int] METADATA_UPDATE_BEHAVIOR_FIELD_NUMBER: _ClassVar[int] id: str name: str config_json: bytes + manager: str metadata: _common_pb2.MetadataMutable metadata_update_behavior: _common_pb2.MetadataUpdateEnum - def __init__(self, id: _Optional[str] = ..., name: _Optional[str] = ..., config_json: _Optional[bytes] = ..., metadata: _Optional[_Union[_common_pb2.MetadataMutable, _Mapping]] = ..., metadata_update_behavior: _Optional[_Union[_common_pb2.MetadataUpdateEnum, str]] = ...) -> None: ... + def __init__(self, id: _Optional[str] = ..., name: _Optional[str] = ..., config_json: _Optional[bytes] = ..., manager: _Optional[str] = ..., metadata: _Optional[_Union[_common_pb2.MetadataMutable, _Mapping]] = ..., metadata_update_behavior: _Optional[_Union[_common_pb2.MetadataUpdateEnum, str]] = ...) -> None: ... class UpdateProviderConfigResponse(_message.Message): __slots__ = ("provider_config",) diff --git a/otdf-python-proto/src/otdf_python_proto/policy/namespaces/namespaces_connect.py b/otdf-python-proto/src/otdf_python_proto/policy/namespaces/namespaces_connect.py index d923619..7b410aa 100644 --- a/otdf-python-proto/src/otdf_python_proto/policy/namespaces/namespaces_connect.py +++ b/otdf-python-proto/src/otdf_python_proto/policy/namespaces/namespaces_connect.py @@ -43,6 +43,12 @@ async def assign_public_key_to_namespace(self, request: policy_dot_namespaces_do async def remove_public_key_from_namespace(self, request: policy_dot_namespaces_dot_namespaces__pb2.RemovePublicKeyFromNamespaceRequest, ctx: RequestContext) -> policy_dot_namespaces_dot_namespaces__pb2.RemovePublicKeyFromNamespaceResponse: raise ConnectError(Code.UNIMPLEMENTED, "Not implemented") + async def assign_certificate_to_namespace(self, request: policy_dot_namespaces_dot_namespaces__pb2.AssignCertificateToNamespaceRequest, ctx: RequestContext) -> policy_dot_namespaces_dot_namespaces__pb2.AssignCertificateToNamespaceResponse: + raise ConnectError(Code.UNIMPLEMENTED, "Not implemented") + + async def remove_certificate_from_namespace(self, request: policy_dot_namespaces_dot_namespaces__pb2.RemoveCertificateFromNamespaceRequest, ctx: RequestContext) -> policy_dot_namespaces_dot_namespaces__pb2.RemoveCertificateFromNamespaceResponse: + raise ConnectError(Code.UNIMPLEMENTED, "Not implemented") + class NamespaceServiceASGIApplication(ConnectASGIApplication[NamespaceService]): def __init__(self, service: NamespaceService | AsyncGenerator[NamespaceService], *, interceptors: Iterable[Interceptor]=(), read_max_bytes: int | None = None) -> None: @@ -139,6 +145,26 @@ def __init__(self, service: NamespaceService | AsyncGenerator[NamespaceService], ), function=svc.remove_public_key_from_namespace, ), + "/policy.namespaces.NamespaceService/AssignCertificateToNamespace": Endpoint.unary( + method=MethodInfo( + name="AssignCertificateToNamespace", + service_name="policy.namespaces.NamespaceService", + input=policy_dot_namespaces_dot_namespaces__pb2.AssignCertificateToNamespaceRequest, + output=policy_dot_namespaces_dot_namespaces__pb2.AssignCertificateToNamespaceResponse, + idempotency_level=IdempotencyLevel.UNKNOWN, + ), + function=svc.assign_certificate_to_namespace, + ), + "/policy.namespaces.NamespaceService/RemoveCertificateFromNamespace": Endpoint.unary( + method=MethodInfo( + name="RemoveCertificateFromNamespace", + service_name="policy.namespaces.NamespaceService", + input=policy_dot_namespaces_dot_namespaces__pb2.RemoveCertificateFromNamespaceRequest, + output=policy_dot_namespaces_dot_namespaces__pb2.RemoveCertificateFromNamespaceResponse, + idempotency_level=IdempotencyLevel.UNKNOWN, + ), + function=svc.remove_certificate_from_namespace, + ), }, interceptors=interceptors, read_max_bytes=read_max_bytes, @@ -335,6 +361,46 @@ async def remove_public_key_from_namespace( timeout_ms=timeout_ms, ) + async def assign_certificate_to_namespace( + self, + request: policy_dot_namespaces_dot_namespaces__pb2.AssignCertificateToNamespaceRequest, + *, + headers: Headers | Mapping[str, str] | None = None, + timeout_ms: int | None = None, + ) -> policy_dot_namespaces_dot_namespaces__pb2.AssignCertificateToNamespaceResponse: + return await self.execute_unary( + request=request, + method=MethodInfo( + name="AssignCertificateToNamespace", + service_name="policy.namespaces.NamespaceService", + input=policy_dot_namespaces_dot_namespaces__pb2.AssignCertificateToNamespaceRequest, + output=policy_dot_namespaces_dot_namespaces__pb2.AssignCertificateToNamespaceResponse, + idempotency_level=IdempotencyLevel.UNKNOWN, + ), + headers=headers, + timeout_ms=timeout_ms, + ) + + async def remove_certificate_from_namespace( + self, + request: policy_dot_namespaces_dot_namespaces__pb2.RemoveCertificateFromNamespaceRequest, + *, + headers: Headers | Mapping[str, str] | None = None, + timeout_ms: int | None = None, + ) -> policy_dot_namespaces_dot_namespaces__pb2.RemoveCertificateFromNamespaceResponse: + return await self.execute_unary( + request=request, + method=MethodInfo( + name="RemoveCertificateFromNamespace", + service_name="policy.namespaces.NamespaceService", + input=policy_dot_namespaces_dot_namespaces__pb2.RemoveCertificateFromNamespaceRequest, + output=policy_dot_namespaces_dot_namespaces__pb2.RemoveCertificateFromNamespaceResponse, + idempotency_level=IdempotencyLevel.UNKNOWN, + ), + headers=headers, + timeout_ms=timeout_ms, + ) + class NamespaceServiceSync(Protocol): def get_namespace(self, request: policy_dot_namespaces_dot_namespaces__pb2.GetNamespaceRequest, ctx: RequestContext) -> policy_dot_namespaces_dot_namespaces__pb2.GetNamespaceResponse: @@ -355,6 +421,10 @@ def assign_public_key_to_namespace(self, request: policy_dot_namespaces_dot_name raise ConnectError(Code.UNIMPLEMENTED, "Not implemented") def remove_public_key_from_namespace(self, request: policy_dot_namespaces_dot_namespaces__pb2.RemovePublicKeyFromNamespaceRequest, ctx: RequestContext) -> policy_dot_namespaces_dot_namespaces__pb2.RemovePublicKeyFromNamespaceResponse: raise ConnectError(Code.UNIMPLEMENTED, "Not implemented") + def assign_certificate_to_namespace(self, request: policy_dot_namespaces_dot_namespaces__pb2.AssignCertificateToNamespaceRequest, ctx: RequestContext) -> policy_dot_namespaces_dot_namespaces__pb2.AssignCertificateToNamespaceResponse: + raise ConnectError(Code.UNIMPLEMENTED, "Not implemented") + def remove_certificate_from_namespace(self, request: policy_dot_namespaces_dot_namespaces__pb2.RemoveCertificateFromNamespaceRequest, ctx: RequestContext) -> policy_dot_namespaces_dot_namespaces__pb2.RemoveCertificateFromNamespaceResponse: + raise ConnectError(Code.UNIMPLEMENTED, "Not implemented") class NamespaceServiceWSGIApplication(ConnectWSGIApplication): @@ -451,6 +521,26 @@ def __init__(self, service: NamespaceServiceSync, interceptors: Iterable[Interce ), function=service.remove_public_key_from_namespace, ), + "/policy.namespaces.NamespaceService/AssignCertificateToNamespace": EndpointSync.unary( + method=MethodInfo( + name="AssignCertificateToNamespace", + service_name="policy.namespaces.NamespaceService", + input=policy_dot_namespaces_dot_namespaces__pb2.AssignCertificateToNamespaceRequest, + output=policy_dot_namespaces_dot_namespaces__pb2.AssignCertificateToNamespaceResponse, + idempotency_level=IdempotencyLevel.UNKNOWN, + ), + function=service.assign_certificate_to_namespace, + ), + "/policy.namespaces.NamespaceService/RemoveCertificateFromNamespace": EndpointSync.unary( + method=MethodInfo( + name="RemoveCertificateFromNamespace", + service_name="policy.namespaces.NamespaceService", + input=policy_dot_namespaces_dot_namespaces__pb2.RemoveCertificateFromNamespaceRequest, + output=policy_dot_namespaces_dot_namespaces__pb2.RemoveCertificateFromNamespaceResponse, + idempotency_level=IdempotencyLevel.UNKNOWN, + ), + function=service.remove_certificate_from_namespace, + ), }, interceptors=interceptors, read_max_bytes=read_max_bytes, @@ -646,3 +736,43 @@ def remove_public_key_from_namespace( headers=headers, timeout_ms=timeout_ms, ) + + def assign_certificate_to_namespace( + self, + request: policy_dot_namespaces_dot_namespaces__pb2.AssignCertificateToNamespaceRequest, + *, + headers: Headers | Mapping[str, str] | None = None, + timeout_ms: int | None = None, + ) -> policy_dot_namespaces_dot_namespaces__pb2.AssignCertificateToNamespaceResponse: + return self.execute_unary( + request=request, + method=MethodInfo( + name="AssignCertificateToNamespace", + service_name="policy.namespaces.NamespaceService", + input=policy_dot_namespaces_dot_namespaces__pb2.AssignCertificateToNamespaceRequest, + output=policy_dot_namespaces_dot_namespaces__pb2.AssignCertificateToNamespaceResponse, + idempotency_level=IdempotencyLevel.UNKNOWN, + ), + headers=headers, + timeout_ms=timeout_ms, + ) + + def remove_certificate_from_namespace( + self, + request: policy_dot_namespaces_dot_namespaces__pb2.RemoveCertificateFromNamespaceRequest, + *, + headers: Headers | Mapping[str, str] | None = None, + timeout_ms: int | None = None, + ) -> policy_dot_namespaces_dot_namespaces__pb2.RemoveCertificateFromNamespaceResponse: + return self.execute_unary( + request=request, + method=MethodInfo( + name="RemoveCertificateFromNamespace", + service_name="policy.namespaces.NamespaceService", + input=policy_dot_namespaces_dot_namespaces__pb2.RemoveCertificateFromNamespaceRequest, + output=policy_dot_namespaces_dot_namespaces__pb2.RemoveCertificateFromNamespaceResponse, + idempotency_level=IdempotencyLevel.UNKNOWN, + ), + headers=headers, + timeout_ms=timeout_ms, + ) diff --git a/otdf-python-proto/src/otdf_python_proto/policy/namespaces/namespaces_pb2.py b/otdf-python-proto/src/otdf_python_proto/policy/namespaces/namespaces_pb2.py index a35d741..8c23e7f 100644 --- a/otdf-python-proto/src/otdf_python_proto/policy/namespaces/namespaces_pb2.py +++ b/otdf-python-proto/src/otdf_python_proto/policy/namespaces/namespaces_pb2.py @@ -28,7 +28,7 @@ from policy import selectors_pb2 as policy_dot_selectors__pb2 -DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\"policy/namespaces/namespaces.proto\x12\x11policy.namespaces\x1a\x1b\x62uf/validate/validate.proto\x1a\x13\x63ommon/common.proto\x1a\x14policy/objects.proto\x1a\x16policy/selectors.proto\"\x86\x01\n\x18NamespaceKeyAccessServer\x12+\n\x0cnamespace_id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x0bnamespaceId\x12\x39\n\x14key_access_server_id\x18\x02 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x11keyAccessServerId:\x02\x18\x01\"b\n\x0cNamespaceKey\x12.\n\x0cnamespace_id\x18\x01 \x01(\tB\x0b\xbaH\x08r\x03\xb0\x01\x01\xc8\x01\x01R\x0bnamespaceId\x12\"\n\x06key_id\x18\x02 \x01(\tB\x0b\xbaH\x08r\x03\xb0\x01\x01\xc8\x01\x01R\x05keyId\"\xbe\x03\n\x13GetNamespaceRequest\x12\x1d\n\x02id\x18\x01 \x01(\tB\r\x18\x01\xbaH\x08r\x03\xb0\x01\x01\xd8\x01\x01R\x02id\x12-\n\x0cnamespace_id\x18\x02 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01H\x00R\x0bnamespaceId\x12\x1e\n\x03\x66qn\x18\x03 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01H\x00R\x03\x66qn:\xaa\x02\xbaH\xa6\x02\x1a\xa2\x01\n\x10\x65xclusive_fields\x12PEither use deprecated \'id\' field or one of \'namespace_id\' or \'fqn\', but not both\x1a None: ... + +class NamespaceCertificate(_message.Message): + __slots__ = ("namespace", "certificate_id") + NAMESPACE_FIELD_NUMBER: _ClassVar[int] + CERTIFICATE_ID_FIELD_NUMBER: _ClassVar[int] + namespace: _common_pb2.IdFqnIdentifier + certificate_id: str + def __init__(self, namespace: _Optional[_Union[_common_pb2.IdFqnIdentifier, _Mapping]] = ..., certificate_id: _Optional[str] = ...) -> None: ... + +class AssignCertificateToNamespaceRequest(_message.Message): + __slots__ = ("namespace", "pem", "metadata") + NAMESPACE_FIELD_NUMBER: _ClassVar[int] + PEM_FIELD_NUMBER: _ClassVar[int] + METADATA_FIELD_NUMBER: _ClassVar[int] + namespace: _common_pb2.IdFqnIdentifier + pem: str + metadata: _common_pb2.MetadataMutable + def __init__(self, namespace: _Optional[_Union[_common_pb2.IdFqnIdentifier, _Mapping]] = ..., pem: _Optional[str] = ..., metadata: _Optional[_Union[_common_pb2.MetadataMutable, _Mapping]] = ...) -> None: ... + +class AssignCertificateToNamespaceResponse(_message.Message): + __slots__ = ("namespace_certificate", "certificate") + NAMESPACE_CERTIFICATE_FIELD_NUMBER: _ClassVar[int] + CERTIFICATE_FIELD_NUMBER: _ClassVar[int] + namespace_certificate: NamespaceCertificate + certificate: _objects_pb2.Certificate + def __init__(self, namespace_certificate: _Optional[_Union[NamespaceCertificate, _Mapping]] = ..., certificate: _Optional[_Union[_objects_pb2.Certificate, _Mapping]] = ...) -> None: ... + +class RemoveCertificateFromNamespaceRequest(_message.Message): + __slots__ = ("namespace_certificate",) + NAMESPACE_CERTIFICATE_FIELD_NUMBER: _ClassVar[int] + namespace_certificate: NamespaceCertificate + def __init__(self, namespace_certificate: _Optional[_Union[NamespaceCertificate, _Mapping]] = ...) -> None: ... + +class RemoveCertificateFromNamespaceResponse(_message.Message): + __slots__ = ("namespace_certificate",) + NAMESPACE_CERTIFICATE_FIELD_NUMBER: _ClassVar[int] + namespace_certificate: NamespaceCertificate + def __init__(self, namespace_certificate: _Optional[_Union[NamespaceCertificate, _Mapping]] = ...) -> None: ... diff --git a/otdf-python-proto/src/otdf_python_proto/policy/objects_pb2.py b/otdf-python-proto/src/otdf_python_proto/policy/objects_pb2.py index bbac4bb..a4af58d 100644 --- a/otdf-python-proto/src/otdf_python_proto/policy/objects_pb2.py +++ b/otdf-python-proto/src/otdf_python_proto/policy/objects_pb2.py @@ -27,7 +27,7 @@ from google.protobuf import wrappers_pb2 as google_dot_protobuf_dot_wrappers__pb2 -DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x14policy/objects.proto\x12\x06policy\x1a\x1b\x62uf/validate/validate.proto\x1a\x13\x63ommon/common.proto\x1a\x1egoogle/protobuf/wrappers.proto\"i\n\x12SimpleKasPublicKey\x12/\n\talgorithm\x18\x01 \x01(\x0e\x32\x11.policy.AlgorithmR\talgorithm\x12\x10\n\x03kid\x18\x02 \x01(\tR\x03kid\x12\x10\n\x03pem\x18\x03 \x01(\tR\x03pem\"y\n\x0cSimpleKasKey\x12\x17\n\x07kas_uri\x18\x01 \x01(\tR\x06kasUri\x12\x39\n\npublic_key\x18\x02 \x01(\x0b\x32\x1a.policy.SimpleKasPublicKeyR\tpublicKey\x12\x15\n\x06kas_id\x18\x03 \x01(\tR\x05kasId\"\x86\x01\n\x11KeyProviderConfig\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n\x04name\x18\x02 \x01(\tR\x04name\x12\x1f\n\x0b\x63onfig_json\x18\x03 \x01(\x0cR\nconfigJson\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\x85\x02\n\tNamespace\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n\x04name\x18\x02 \x01(\tR\x04name\x12\x10\n\x03\x66qn\x18\x03 \x01(\tR\x03\x66qn\x12\x32\n\x06\x61\x63tive\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.BoolValueR\x06\x61\x63tive\x12,\n\x08metadata\x18\x05 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\x12/\n\x06grants\x18\x06 \x03(\x0b\x32\x17.policy.KeyAccessServerR\x06grants\x12/\n\x08kas_keys\x18\x07 \x03(\x0b\x32\x14.policy.SimpleKasKeyR\x07kasKeys\"\x9d\x03\n\tAttribute\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12/\n\tnamespace\x18\x02 \x01(\x0b\x32\x11.policy.NamespaceR\tnamespace\x12\x12\n\x04name\x18\x03 \x01(\tR\x04name\x12>\n\x04rule\x18\x04 \x01(\x0e\x32\x1d.policy.AttributeRuleTypeEnumB\x0b\xbaH\x08\x82\x01\x02\x10\x01\xc8\x01\x01R\x04rule\x12%\n\x06values\x18\x05 \x03(\x0b\x32\r.policy.ValueR\x06values\x12/\n\x06grants\x18\x06 \x03(\x0b\x32\x17.policy.KeyAccessServerR\x06grants\x12\x10\n\x03\x66qn\x18\x07 \x01(\tR\x03\x66qn\x12\x32\n\x06\x61\x63tive\x18\x08 \x01(\x0b\x32\x1a.google.protobuf.BoolValueR\x06\x61\x63tive\x12/\n\x08kas_keys\x18\t \x03(\x0b\x32\x14.policy.SimpleKasKeyR\x07kasKeys\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\xcc\x03\n\x05Value\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12/\n\tattribute\x18\x02 \x01(\x0b\x32\x11.policy.AttributeR\tattribute\x12\x14\n\x05value\x18\x03 \x01(\tR\x05value\x12/\n\x06grants\x18\x05 \x03(\x0b\x32\x17.policy.KeyAccessServerR\x06grants\x12\x10\n\x03\x66qn\x18\x06 \x01(\tR\x03\x66qn\x12\x32\n\x06\x61\x63tive\x18\x07 \x01(\x0b\x32\x1a.google.protobuf.BoolValueR\x06\x61\x63tive\x12\x41\n\x10subject_mappings\x18\x08 \x03(\x0b\x32\x16.policy.SubjectMappingR\x0fsubjectMappings\x12/\n\x08kas_keys\x18\t \x03(\x0b\x32\x14.policy.SimpleKasKeyR\x07kasKeys\x12\x44\n\x11resource_mappings\x18\n \x03(\x0b\x32\x17.policy.ResourceMappingR\x10resourceMappings\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadataJ\x04\x08\x04\x10\x05R\x07members\"\xa8\x02\n\x06\x41\x63tion\x12\x0e\n\x02id\x18\x03 \x01(\tR\x02id\x12;\n\x08standard\x18\x01 \x01(\x0e\x32\x1d.policy.Action.StandardActionH\x00R\x08standard\x12\x18\n\x06\x63ustom\x18\x02 \x01(\tH\x00R\x06\x63ustom\x12\x12\n\x04name\x18\x04 \x01(\tR\x04name\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"l\n\x0eStandardAction\x12\x1f\n\x1bSTANDARD_ACTION_UNSPECIFIED\x10\x00\x12\x1b\n\x17STANDARD_ACTION_DECRYPT\x10\x01\x12\x1c\n\x18STANDARD_ACTION_TRANSMIT\x10\x02\x42\x07\n\x05value\"\x81\x02\n\x0eSubjectMapping\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x36\n\x0f\x61ttribute_value\x18\x02 \x01(\x0b\x32\r.policy.ValueR\x0e\x61ttributeValue\x12O\n\x15subject_condition_set\x18\x03 \x01(\x0b\x32\x1b.policy.SubjectConditionSetR\x13subjectConditionSet\x12(\n\x07\x61\x63tions\x18\x04 \x03(\x0b\x32\x0e.policy.ActionR\x07\x61\x63tions\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\xe9\x01\n\tCondition\x12M\n\x1fsubject_external_selector_value\x18\x01 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x1csubjectExternalSelectorValue\x12K\n\x08operator\x18\x02 \x01(\x0e\x32\".policy.SubjectMappingOperatorEnumB\x0b\xbaH\x08\x82\x01\x02\x10\x01\xc8\x01\x01R\x08operator\x12@\n\x17subject_external_values\x18\x03 \x03(\tB\x08\xbaH\x05\x92\x01\x02\x08\x01R\x15subjectExternalValues\"\xa7\x01\n\x0e\x43onditionGroup\x12;\n\nconditions\x18\x01 \x03(\x0b\x32\x11.policy.ConditionB\x08\xbaH\x05\x92\x01\x02\x08\x01R\nconditions\x12X\n\x10\x62oolean_operator\x18\x02 \x01(\x0e\x32 .policy.ConditionBooleanTypeEnumB\x0b\xbaH\x08\x82\x01\x02\x10\x01\xc8\x01\x01R\x0f\x62ooleanOperator\"Y\n\nSubjectSet\x12K\n\x10\x63ondition_groups\x18\x01 \x03(\x0b\x32\x16.policy.ConditionGroupB\x08\xbaH\x05\x92\x01\x02\x08\x01R\x0f\x63onditionGroups\"\x94\x01\n\x13SubjectConditionSet\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12?\n\x0csubject_sets\x18\x03 \x03(\x0b\x32\x12.policy.SubjectSetB\x08\xbaH\x05\x92\x01\x02\x08\x01R\x0bsubjectSets\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"|\n\x0fSubjectProperty\x12\x42\n\x17\x65xternal_selector_value\x18\x01 \x01(\tB\n\xbaH\x07r\x02\x10\x01\xc8\x01\x01R\x15\x65xternalSelectorValue\x12%\n\x0e\x65xternal_value\x18\x02 \x01(\tR\rexternalValue\"\x9b\x01\n\x14ResourceMappingGroup\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12)\n\x0cnamespace_id\x18\x02 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x0bnamespaceId\x12\x1a\n\x04name\x18\x03 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x04name\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\xd9\x01\n\x0fResourceMapping\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12,\n\x08metadata\x18\x02 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\x12>\n\x0f\x61ttribute_value\x18\x03 \x01(\x0b\x32\r.policy.ValueB\x06\xbaH\x03\xc8\x01\x01R\x0e\x61ttributeValue\x12\x14\n\x05terms\x18\x04 \x03(\tR\x05terms\x12\x32\n\x05group\x18\x05 \x01(\x0b\x32\x1c.policy.ResourceMappingGroupR\x05group\"\x85\x05\n\x0fKeyAccessServer\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x87\x03\n\x03uri\x18\x02 \x01(\tB\xf4\x02\xbaH\xf0\x02\xba\x01\xec\x02\n\nuri_format\x12\xcf\x01URI must be a valid URL (e.g., \'https://demo.com/\') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.\x1a\x8b\x01this.matches(\'^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$\')R\x03uri\x12\x30\n\npublic_key\x18\x03 \x01(\x0b\x32\x11.policy.PublicKeyR\tpublicKey\x12\x33\n\x0bsource_type\x18\x04 \x01(\x0e\x32\x12.policy.SourceTypeR\nsourceType\x12/\n\x08kas_keys\x18\x05 \x03(\x0b\x32\x14.policy.SimpleKasKeyR\x07kasKeys\x12\x12\n\x04name\x18\x14 \x01(\tR\x04name\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\x97\x02\n\x03Key\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x37\n\tis_active\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValueR\x08isActive\x12\x39\n\nwas_mapped\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.BoolValueR\twasMapped\x12\x33\n\npublic_key\x18\x04 \x01(\x0b\x32\x14.policy.KasPublicKeyR\tpublicKey\x12)\n\x03kas\x18\x05 \x01(\x0b\x32\x17.policy.KeyAccessServerR\x03kas\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\x84\x01\n\x0cKasPublicKey\x12\x1c\n\x03pem\x18\x01 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x18\x80@R\x03pem\x12\x1b\n\x03kid\x18\x02 \x01(\tB\t\xbaH\x06r\x04\x10\x01\x18 R\x03kid\x12\x39\n\x03\x61lg\x18\x03 \x01(\x0e\x32\x1b.policy.KasPublicKeyAlgEnumB\n\xbaH\x07\x82\x01\x04\x10\x01 \x00R\x03\x61lg\";\n\x0fKasPublicKeySet\x12(\n\x04keys\x18\x01 \x03(\x0b\x32\x14.policy.KasPublicKeyR\x04keys\"\xe0\x03\n\tPublicKey\x12\x84\x03\n\x06remote\x18\x01 \x01(\tB\xe9\x02\xbaH\xe5\x02\xba\x01\xe1\x02\n\nuri_format\x12\xcf\x01URI must be a valid URL (e.g., \'https://demo.com/\') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.\x1a\x80\x01this.matches(\'^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$\')H\x00R\x06remote\x12\x31\n\x06\x63\x61\x63hed\x18\x03 \x01(\x0b\x32\x17.policy.KasPublicKeySetH\x00R\x06\x63\x61\x63hedB\x0c\n\npublic_keyJ\x04\x08\x02\x10\x03R\x05local\"\x9f\x01\n\x12RegisteredResource\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n\x04name\x18\x02 \x01(\tR\x04name\x12\x37\n\x06values\x18\x03 \x03(\x0b\x32\x1f.policy.RegisteredResourceValueR\x06values\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\xca\x03\n\x17RegisteredResourceValue\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x14\n\x05value\x18\x02 \x01(\tR\x05value\x12\x36\n\x08resource\x18\x03 \x01(\x0b\x32\x1a.policy.RegisteredResourceR\x08resource\x12l\n\x17\x61\x63tion_attribute_values\x18\x04 \x03(\x0b\x32\x34.policy.RegisteredResourceValue.ActionAttributeValueR\x15\x61\x63tionAttributeValues\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\x1a\xb4\x01\n\x14\x41\x63tionAttributeValue\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12&\n\x06\x61\x63tion\x18\x02 \x01(\x0b\x32\x0e.policy.ActionR\x06\x61\x63tion\x12\x36\n\x0f\x61ttribute_value\x18\x03 \x01(\x0b\x32\r.policy.ValueR\x0e\x61ttributeValue\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\xc0\x01\n\nObligation\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12/\n\tnamespace\x18\x02 \x01(\x0b\x32\x11.policy.NamespaceR\tnamespace\x12\x12\n\x04name\x18\x03 \x01(\tR\x04name\x12/\n\x06values\x18\x04 \x03(\x0b\x32\x17.policy.ObligationValueR\x06values\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\x99\x01\n\x0fObligationValue\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x32\n\nobligation\x18\x02 \x01(\x0b\x32\x12.policy.ObligationR\nobligation\x12\x14\n\x05value\x18\x03 \x01(\tR\x05value\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\xf5\x01\n\x11ObligationTrigger\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x42\n\x10obligation_value\x18\x02 \x01(\x0b\x32\x17.policy.ObligationValueR\x0fobligationValue\x12&\n\x06\x61\x63tion\x18\x03 \x01(\x0b\x32\x0e.policy.ActionR\x06\x61\x63tion\x12\x36\n\x0f\x61ttribute_value\x18\x04 \x01(\x0b\x32\r.policy.ValueR\x0e\x61ttributeValue\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"a\n\x06KasKey\x12\x15\n\x06kas_id\x18\x01 \x01(\tR\x05kasId\x12\'\n\x03key\x18\x02 \x01(\x0b\x32\x15.policy.AsymmetricKeyR\x03key\x12\x17\n\x07kas_uri\x18\x03 \x01(\tR\x06kasUri\")\n\x0cPublicKeyCtx\x12\x19\n\x03pem\x18\x01 \x01(\tB\x07\xbaH\x04r\x02\x10\x01R\x03pem\"P\n\rPrivateKeyCtx\x12\x1e\n\x06key_id\x18\x01 \x01(\tB\x07\xbaH\x04r\x02\x10\x01R\x05keyId\x12\x1f\n\x0bwrapped_key\x18\x02 \x01(\tR\nwrappedKey\"\xb9\x03\n\rAsymmetricKey\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x15\n\x06key_id\x18\x02 \x01(\tR\x05keyId\x12\x36\n\rkey_algorithm\x18\x03 \x01(\x0e\x32\x11.policy.AlgorithmR\x0ckeyAlgorithm\x12\x30\n\nkey_status\x18\x04 \x01(\x0e\x32\x11.policy.KeyStatusR\tkeyStatus\x12*\n\x08key_mode\x18\x05 \x01(\x0e\x32\x0f.policy.KeyModeR\x07keyMode\x12:\n\x0epublic_key_ctx\x18\x06 \x01(\x0b\x32\x14.policy.PublicKeyCtxR\x0cpublicKeyCtx\x12=\n\x0fprivate_key_ctx\x18\x07 \x01(\x0b\x32\x15.policy.PrivateKeyCtxR\rprivateKeyCtx\x12\x42\n\x0fprovider_config\x18\x08 \x01(\x0b\x32\x19.policy.KeyProviderConfigR\x0eproviderConfig\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\x9e\x02\n\x0cSymmetricKey\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x15\n\x06key_id\x18\x02 \x01(\tR\x05keyId\x12\x30\n\nkey_status\x18\x03 \x01(\x0e\x32\x11.policy.KeyStatusR\tkeyStatus\x12*\n\x08key_mode\x18\x04 \x01(\x0e\x32\x0f.policy.KeyModeR\x07keyMode\x12\x17\n\x07key_ctx\x18\x05 \x01(\x0cR\x06keyCtx\x12\x42\n\x0fprovider_config\x18\x06 \x01(\x0b\x32\x19.policy.KeyProviderConfigR\x0eproviderConfig\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata*\xb3\x01\n\x15\x41ttributeRuleTypeEnum\x12(\n$ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED\x10\x00\x12#\n\x1f\x41TTRIBUTE_RULE_TYPE_ENUM_ALL_OF\x10\x01\x12#\n\x1f\x41TTRIBUTE_RULE_TYPE_ENUM_ANY_OF\x10\x02\x12&\n\"ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY\x10\x03*\xca\x01\n\x1aSubjectMappingOperatorEnum\x12-\n)SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED\x10\x00\x12$\n SUBJECT_MAPPING_OPERATOR_ENUM_IN\x10\x01\x12(\n$SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN\x10\x02\x12-\n)SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS\x10\x03*\x90\x01\n\x18\x43onditionBooleanTypeEnum\x12+\n\'CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED\x10\x00\x12#\n\x1f\x43ONDITION_BOOLEAN_TYPE_ENUM_AND\x10\x01\x12\"\n\x1e\x43ONDITION_BOOLEAN_TYPE_ENUM_OR\x10\x02*]\n\nSourceType\x12\x1b\n\x17SOURCE_TYPE_UNSPECIFIED\x10\x00\x12\x18\n\x14SOURCE_TYPE_INTERNAL\x10\x01\x12\x18\n\x14SOURCE_TYPE_EXTERNAL\x10\x02*\x88\x02\n\x13KasPublicKeyAlgEnum\x12\'\n#KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED\x10\x00\x12$\n KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048\x10\x01\x12$\n KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096\x10\x02\x12(\n$KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1\x10\x05\x12(\n$KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1\x10\x06\x12(\n$KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1\x10\x07*\x9b\x01\n\tAlgorithm\x12\x19\n\x15\x41LGORITHM_UNSPECIFIED\x10\x00\x12\x16\n\x12\x41LGORITHM_RSA_2048\x10\x01\x12\x16\n\x12\x41LGORITHM_RSA_4096\x10\x02\x12\x15\n\x11\x41LGORITHM_EC_P256\x10\x03\x12\x15\n\x11\x41LGORITHM_EC_P384\x10\x04\x12\x15\n\x11\x41LGORITHM_EC_P521\x10\x05*V\n\tKeyStatus\x12\x1a\n\x16KEY_STATUS_UNSPECIFIED\x10\x00\x12\x15\n\x11KEY_STATUS_ACTIVE\x10\x01\x12\x16\n\x12KEY_STATUS_ROTATED\x10\x02*\x94\x01\n\x07KeyMode\x12\x18\n\x14KEY_MODE_UNSPECIFIED\x10\x00\x12\x1c\n\x18KEY_MODE_CONFIG_ROOT_KEY\x10\x01\x12\x1e\n\x1aKEY_MODE_PROVIDER_ROOT_KEY\x10\x02\x12\x13\n\x0fKEY_MODE_REMOTE\x10\x03\x12\x1c\n\x18KEY_MODE_PUBLIC_KEY_ONLY\x10\x04\x42R\n\ncom.policyB\x0cObjectsProtoP\x01\xa2\x02\x03PXX\xaa\x02\x06Policy\xca\x02\x06Policy\xe2\x02\x12Policy\\GPBMetadata\xea\x02\x06Policyb\x06proto3') +DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x14policy/objects.proto\x12\x06policy\x1a\x1b\x62uf/validate/validate.proto\x1a\x13\x63ommon/common.proto\x1a\x1egoogle/protobuf/wrappers.proto\"i\n\x12SimpleKasPublicKey\x12/\n\talgorithm\x18\x01 \x01(\x0e\x32\x11.policy.AlgorithmR\talgorithm\x12\x10\n\x03kid\x18\x02 \x01(\tR\x03kid\x12\x10\n\x03pem\x18\x03 \x01(\tR\x03pem\"y\n\x0cSimpleKasKey\x12\x17\n\x07kas_uri\x18\x01 \x01(\tR\x06kasUri\x12\x39\n\npublic_key\x18\x02 \x01(\x0b\x32\x1a.policy.SimpleKasPublicKeyR\tpublicKey\x12\x15\n\x06kas_id\x18\x03 \x01(\tR\x05kasId\"\xa0\x01\n\x11KeyProviderConfig\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n\x04name\x18\x02 \x01(\tR\x04name\x12\x1f\n\x0b\x63onfig_json\x18\x03 \x01(\x0cR\nconfigJson\x12\x18\n\x07manager\x18\x04 \x01(\tR\x07manager\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\xb9\x02\n\tNamespace\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n\x04name\x18\x02 \x01(\tR\x04name\x12\x10\n\x03\x66qn\x18\x03 \x01(\tR\x03\x66qn\x12\x32\n\x06\x61\x63tive\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.BoolValueR\x06\x61\x63tive\x12,\n\x08metadata\x18\x05 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\x12/\n\x06grants\x18\x06 \x03(\x0b\x32\x17.policy.KeyAccessServerR\x06grants\x12/\n\x08kas_keys\x18\x07 \x03(\x0b\x32\x14.policy.SimpleKasKeyR\x07kasKeys\x12\x32\n\nroot_certs\x18\x08 \x03(\x0b\x32\x13.policy.CertificateR\trootCerts\"]\n\x0b\x43\x65rtificate\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x10\n\x03pem\x18\x02 \x01(\tR\x03pem\x12,\n\x08metadata\x18\x03 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\xe2\x03\n\tAttribute\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12/\n\tnamespace\x18\x02 \x01(\x0b\x32\x11.policy.NamespaceR\tnamespace\x12\x12\n\x04name\x18\x03 \x01(\tR\x04name\x12>\n\x04rule\x18\x04 \x01(\x0e\x32\x1d.policy.AttributeRuleTypeEnumB\x0b\xbaH\x08\x82\x01\x02\x10\x01\xc8\x01\x01R\x04rule\x12%\n\x06values\x18\x05 \x03(\x0b\x32\r.policy.ValueR\x06values\x12/\n\x06grants\x18\x06 \x03(\x0b\x32\x17.policy.KeyAccessServerR\x06grants\x12\x10\n\x03\x66qn\x18\x07 \x01(\tR\x03\x66qn\x12\x32\n\x06\x61\x63tive\x18\x08 \x01(\x0b\x32\x1a.google.protobuf.BoolValueR\x06\x61\x63tive\x12/\n\x08kas_keys\x18\t \x03(\x0b\x32\x14.policy.SimpleKasKeyR\x07kasKeys\x12\x43\n\x0f\x61llow_traversal\x18\n \x01(\x0b\x32\x1a.google.protobuf.BoolValueR\x0e\x61llowTraversal\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\x82\x04\n\x05Value\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12/\n\tattribute\x18\x02 \x01(\x0b\x32\x11.policy.AttributeR\tattribute\x12\x14\n\x05value\x18\x03 \x01(\tR\x05value\x12/\n\x06grants\x18\x05 \x03(\x0b\x32\x17.policy.KeyAccessServerR\x06grants\x12\x10\n\x03\x66qn\x18\x06 \x01(\tR\x03\x66qn\x12\x32\n\x06\x61\x63tive\x18\x07 \x01(\x0b\x32\x1a.google.protobuf.BoolValueR\x06\x61\x63tive\x12\x41\n\x10subject_mappings\x18\x08 \x03(\x0b\x32\x16.policy.SubjectMappingR\x0fsubjectMappings\x12/\n\x08kas_keys\x18\t \x03(\x0b\x32\x14.policy.SimpleKasKeyR\x07kasKeys\x12\x44\n\x11resource_mappings\x18\n \x03(\x0b\x32\x17.policy.ResourceMappingR\x10resourceMappings\x12\x34\n\x0bobligations\x18\x0b \x03(\x0b\x32\x12.policy.ObligationR\x0bobligations\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadataJ\x04\x08\x04\x10\x05R\x07members\"\xa8\x02\n\x06\x41\x63tion\x12\x0e\n\x02id\x18\x03 \x01(\tR\x02id\x12;\n\x08standard\x18\x01 \x01(\x0e\x32\x1d.policy.Action.StandardActionH\x00R\x08standard\x12\x18\n\x06\x63ustom\x18\x02 \x01(\tH\x00R\x06\x63ustom\x12\x12\n\x04name\x18\x04 \x01(\tR\x04name\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"l\n\x0eStandardAction\x12\x1f\n\x1bSTANDARD_ACTION_UNSPECIFIED\x10\x00\x12\x1b\n\x17STANDARD_ACTION_DECRYPT\x10\x01\x12\x1c\n\x18STANDARD_ACTION_TRANSMIT\x10\x02\x42\x07\n\x05value\"\x81\x02\n\x0eSubjectMapping\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x36\n\x0f\x61ttribute_value\x18\x02 \x01(\x0b\x32\r.policy.ValueR\x0e\x61ttributeValue\x12O\n\x15subject_condition_set\x18\x03 \x01(\x0b\x32\x1b.policy.SubjectConditionSetR\x13subjectConditionSet\x12(\n\x07\x61\x63tions\x18\x04 \x03(\x0b\x32\x0e.policy.ActionR\x07\x61\x63tions\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\xe9\x01\n\tCondition\x12M\n\x1fsubject_external_selector_value\x18\x01 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x1csubjectExternalSelectorValue\x12K\n\x08operator\x18\x02 \x01(\x0e\x32\".policy.SubjectMappingOperatorEnumB\x0b\xbaH\x08\x82\x01\x02\x10\x01\xc8\x01\x01R\x08operator\x12@\n\x17subject_external_values\x18\x03 \x03(\tB\x08\xbaH\x05\x92\x01\x02\x08\x01R\x15subjectExternalValues\"\xa7\x01\n\x0e\x43onditionGroup\x12;\n\nconditions\x18\x01 \x03(\x0b\x32\x11.policy.ConditionB\x08\xbaH\x05\x92\x01\x02\x08\x01R\nconditions\x12X\n\x10\x62oolean_operator\x18\x02 \x01(\x0e\x32 .policy.ConditionBooleanTypeEnumB\x0b\xbaH\x08\x82\x01\x02\x10\x01\xc8\x01\x01R\x0f\x62ooleanOperator\"Y\n\nSubjectSet\x12K\n\x10\x63ondition_groups\x18\x01 \x03(\x0b\x32\x16.policy.ConditionGroupB\x08\xbaH\x05\x92\x01\x02\x08\x01R\x0f\x63onditionGroups\"\x94\x01\n\x13SubjectConditionSet\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12?\n\x0csubject_sets\x18\x03 \x03(\x0b\x32\x12.policy.SubjectSetB\x08\xbaH\x05\x92\x01\x02\x08\x01R\x0bsubjectSets\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"|\n\x0fSubjectProperty\x12\x42\n\x17\x65xternal_selector_value\x18\x01 \x01(\tB\n\xbaH\x07r\x02\x10\x01\xc8\x01\x01R\x15\x65xternalSelectorValue\x12%\n\x0e\x65xternal_value\x18\x02 \x01(\tR\rexternalValue\"\x9b\x01\n\x14ResourceMappingGroup\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12)\n\x0cnamespace_id\x18\x02 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x0bnamespaceId\x12\x1a\n\x04name\x18\x03 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x04name\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\xd9\x01\n\x0fResourceMapping\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12,\n\x08metadata\x18\x02 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\x12>\n\x0f\x61ttribute_value\x18\x03 \x01(\x0b\x32\r.policy.ValueB\x06\xbaH\x03\xc8\x01\x01R\x0e\x61ttributeValue\x12\x14\n\x05terms\x18\x04 \x03(\tR\x05terms\x12\x32\n\x05group\x18\x05 \x01(\x0b\x32\x1c.policy.ResourceMappingGroupR\x05group\"\x85\x05\n\x0fKeyAccessServer\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x87\x03\n\x03uri\x18\x02 \x01(\tB\xf4\x02\xbaH\xf0\x02\xba\x01\xec\x02\n\nuri_format\x12\xcf\x01URI must be a valid URL (e.g., \'https://demo.com/\') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.\x1a\x8b\x01this.matches(\'^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$\')R\x03uri\x12\x30\n\npublic_key\x18\x03 \x01(\x0b\x32\x11.policy.PublicKeyR\tpublicKey\x12\x33\n\x0bsource_type\x18\x04 \x01(\x0e\x32\x12.policy.SourceTypeR\nsourceType\x12/\n\x08kas_keys\x18\x05 \x03(\x0b\x32\x14.policy.SimpleKasKeyR\x07kasKeys\x12\x12\n\x04name\x18\x14 \x01(\tR\x04name\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\x97\x02\n\x03Key\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x37\n\tis_active\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValueR\x08isActive\x12\x39\n\nwas_mapped\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.BoolValueR\twasMapped\x12\x33\n\npublic_key\x18\x04 \x01(\x0b\x32\x14.policy.KasPublicKeyR\tpublicKey\x12)\n\x03kas\x18\x05 \x01(\x0b\x32\x17.policy.KeyAccessServerR\x03kas\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\x84\x01\n\x0cKasPublicKey\x12\x1c\n\x03pem\x18\x01 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x18\x80@R\x03pem\x12\x1b\n\x03kid\x18\x02 \x01(\tB\t\xbaH\x06r\x04\x10\x01\x18 R\x03kid\x12\x39\n\x03\x61lg\x18\x03 \x01(\x0e\x32\x1b.policy.KasPublicKeyAlgEnumB\n\xbaH\x07\x82\x01\x04\x10\x01 \x00R\x03\x61lg\";\n\x0fKasPublicKeySet\x12(\n\x04keys\x18\x01 \x03(\x0b\x32\x14.policy.KasPublicKeyR\x04keys\"\xe0\x03\n\tPublicKey\x12\x84\x03\n\x06remote\x18\x01 \x01(\tB\xe9\x02\xbaH\xe5\x02\xba\x01\xe1\x02\n\nuri_format\x12\xcf\x01URI must be a valid URL (e.g., \'https://demo.com/\') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.\x1a\x80\x01this.matches(\'^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$\')H\x00R\x06remote\x12\x31\n\x06\x63\x61\x63hed\x18\x03 \x01(\x0b\x32\x17.policy.KasPublicKeySetH\x00R\x06\x63\x61\x63hedB\x0c\n\npublic_keyJ\x04\x08\x02\x10\x03R\x05local\"\x9f\x01\n\x12RegisteredResource\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n\x04name\x18\x02 \x01(\tR\x04name\x12\x37\n\x06values\x18\x03 \x03(\x0b\x32\x1f.policy.RegisteredResourceValueR\x06values\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\xca\x03\n\x17RegisteredResourceValue\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x14\n\x05value\x18\x02 \x01(\tR\x05value\x12\x36\n\x08resource\x18\x03 \x01(\x0b\x32\x1a.policy.RegisteredResourceR\x08resource\x12l\n\x17\x61\x63tion_attribute_values\x18\x04 \x03(\x0b\x32\x34.policy.RegisteredResourceValue.ActionAttributeValueR\x15\x61\x63tionAttributeValues\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\x1a\xb4\x01\n\x14\x41\x63tionAttributeValue\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12&\n\x06\x61\x63tion\x18\x02 \x01(\x0b\x32\x0e.policy.ActionR\x06\x61\x63tion\x12\x36\n\x0f\x61ttribute_value\x18\x03 \x01(\x0b\x32\r.policy.ValueR\x0e\x61ttributeValue\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\">\n\x16PolicyEnforcementPoint\x12$\n\tclient_id\x18\x01 \x01(\tB\x07\xbaH\x04r\x02\x10\x01R\x08\x63lientId\"J\n\x0eRequestContext\x12\x38\n\x03pep\x18\x01 \x01(\x0b\x32\x1e.policy.PolicyEnforcementPointB\x06\xbaH\x03\xc8\x01\x01R\x03pep\"\xd2\x01\n\nObligation\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12/\n\tnamespace\x18\x02 \x01(\x0b\x32\x11.policy.NamespaceR\tnamespace\x12\x12\n\x04name\x18\x03 \x01(\tR\x04name\x12/\n\x06values\x18\x04 \x03(\x0b\x32\x17.policy.ObligationValueR\x06values\x12\x10\n\x03\x66qn\x18\x05 \x01(\tR\x03\x66qn\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\xe2\x01\n\x0fObligationValue\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x32\n\nobligation\x18\x02 \x01(\x0b\x32\x12.policy.ObligationR\nobligation\x12\x14\n\x05value\x18\x03 \x01(\tR\x05value\x12\x35\n\x08triggers\x18\x04 \x03(\x0b\x32\x19.policy.ObligationTriggerR\x08triggers\x12\x10\n\x03\x66qn\x18\x05 \x01(\tR\x03\x66qn\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\xa7\x02\n\x11ObligationTrigger\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x42\n\x10obligation_value\x18\x02 \x01(\x0b\x32\x17.policy.ObligationValueR\x0fobligationValue\x12&\n\x06\x61\x63tion\x18\x03 \x01(\x0b\x32\x0e.policy.ActionR\x06\x61\x63tion\x12\x36\n\x0f\x61ttribute_value\x18\x04 \x01(\x0b\x32\r.policy.ValueR\x0e\x61ttributeValue\x12\x30\n\x07\x63ontext\x18\x05 \x03(\x0b\x32\x16.policy.RequestContextR\x07\x63ontext\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"a\n\x06KasKey\x12\x15\n\x06kas_id\x18\x01 \x01(\tR\x05kasId\x12\'\n\x03key\x18\x02 \x01(\x0b\x32\x15.policy.AsymmetricKeyR\x03key\x12\x17\n\x07kas_uri\x18\x03 \x01(\tR\x06kasUri\")\n\x0cPublicKeyCtx\x12\x19\n\x03pem\x18\x01 \x01(\tB\x07\xbaH\x04r\x02\x10\x01R\x03pem\"P\n\rPrivateKeyCtx\x12\x1e\n\x06key_id\x18\x01 \x01(\tB\x07\xbaH\x04r\x02\x10\x01R\x05keyId\x12\x1f\n\x0bwrapped_key\x18\x02 \x01(\tR\nwrappedKey\"\xd1\x03\n\rAsymmetricKey\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x15\n\x06key_id\x18\x02 \x01(\tR\x05keyId\x12\x36\n\rkey_algorithm\x18\x03 \x01(\x0e\x32\x11.policy.AlgorithmR\x0ckeyAlgorithm\x12\x30\n\nkey_status\x18\x04 \x01(\x0e\x32\x11.policy.KeyStatusR\tkeyStatus\x12*\n\x08key_mode\x18\x05 \x01(\x0e\x32\x0f.policy.KeyModeR\x07keyMode\x12:\n\x0epublic_key_ctx\x18\x06 \x01(\x0b\x32\x14.policy.PublicKeyCtxR\x0cpublicKeyCtx\x12=\n\x0fprivate_key_ctx\x18\x07 \x01(\x0b\x32\x15.policy.PrivateKeyCtxR\rprivateKeyCtx\x12\x42\n\x0fprovider_config\x18\x08 \x01(\x0b\x32\x19.policy.KeyProviderConfigR\x0eproviderConfig\x12\x16\n\x06legacy\x18\t \x01(\x08R\x06legacy\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata\"\x9e\x02\n\x0cSymmetricKey\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x15\n\x06key_id\x18\x02 \x01(\tR\x05keyId\x12\x30\n\nkey_status\x18\x03 \x01(\x0e\x32\x11.policy.KeyStatusR\tkeyStatus\x12*\n\x08key_mode\x18\x04 \x01(\x0e\x32\x0f.policy.KeyModeR\x07keyMode\x12\x17\n\x07key_ctx\x18\x05 \x01(\x0cR\x06keyCtx\x12\x42\n\x0fprovider_config\x18\x06 \x01(\x0b\x32\x19.policy.KeyProviderConfigR\x0eproviderConfig\x12,\n\x08metadata\x18\x64 \x01(\x0b\x32\x10.common.MetadataR\x08metadata*\xb3\x01\n\x15\x41ttributeRuleTypeEnum\x12(\n$ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED\x10\x00\x12#\n\x1f\x41TTRIBUTE_RULE_TYPE_ENUM_ALL_OF\x10\x01\x12#\n\x1f\x41TTRIBUTE_RULE_TYPE_ENUM_ANY_OF\x10\x02\x12&\n\"ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY\x10\x03*\xca\x01\n\x1aSubjectMappingOperatorEnum\x12-\n)SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED\x10\x00\x12$\n SUBJECT_MAPPING_OPERATOR_ENUM_IN\x10\x01\x12(\n$SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN\x10\x02\x12-\n)SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS\x10\x03*\x90\x01\n\x18\x43onditionBooleanTypeEnum\x12+\n\'CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED\x10\x00\x12#\n\x1f\x43ONDITION_BOOLEAN_TYPE_ENUM_AND\x10\x01\x12\"\n\x1e\x43ONDITION_BOOLEAN_TYPE_ENUM_OR\x10\x02*]\n\nSourceType\x12\x1b\n\x17SOURCE_TYPE_UNSPECIFIED\x10\x00\x12\x18\n\x14SOURCE_TYPE_INTERNAL\x10\x01\x12\x18\n\x14SOURCE_TYPE_EXTERNAL\x10\x02*\x88\x02\n\x13KasPublicKeyAlgEnum\x12\'\n#KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED\x10\x00\x12$\n KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048\x10\x01\x12$\n KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096\x10\x02\x12(\n$KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1\x10\x05\x12(\n$KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1\x10\x06\x12(\n$KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1\x10\x07*\x9b\x01\n\tAlgorithm\x12\x19\n\x15\x41LGORITHM_UNSPECIFIED\x10\x00\x12\x16\n\x12\x41LGORITHM_RSA_2048\x10\x01\x12\x16\n\x12\x41LGORITHM_RSA_4096\x10\x02\x12\x15\n\x11\x41LGORITHM_EC_P256\x10\x03\x12\x15\n\x11\x41LGORITHM_EC_P384\x10\x04\x12\x15\n\x11\x41LGORITHM_EC_P521\x10\x05*V\n\tKeyStatus\x12\x1a\n\x16KEY_STATUS_UNSPECIFIED\x10\x00\x12\x15\n\x11KEY_STATUS_ACTIVE\x10\x01\x12\x16\n\x12KEY_STATUS_ROTATED\x10\x02*\x94\x01\n\x07KeyMode\x12\x18\n\x14KEY_MODE_UNSPECIFIED\x10\x00\x12\x1c\n\x18KEY_MODE_CONFIG_ROOT_KEY\x10\x01\x12\x1e\n\x1aKEY_MODE_PROVIDER_ROOT_KEY\x10\x02\x12\x13\n\x0fKEY_MODE_REMOTE\x10\x03\x12\x1c\n\x18KEY_MODE_PUBLIC_KEY_ONLY\x10\x04\x42R\n\ncom.policyB\x0cObjectsProtoP\x01\xa2\x02\x03PXX\xaa\x02\x06Policy\xca\x02\x06Policy\xe2\x02\x12Policy\\GPBMetadata\xea\x02\x06Policyb\x06proto3') _globals = globals() _builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals) @@ -69,88 +69,98 @@ _globals['_KASPUBLICKEY'].fields_by_name['alg']._serialized_options = b'\272H\007\202\001\004\020\001 \000' _globals['_PUBLICKEY'].fields_by_name['remote']._loaded_options = None _globals['_PUBLICKEY'].fields_by_name['remote']._serialized_options = b'\272H\345\002\272\001\341\002\n\nuri_format\022\317\001URI must be a valid URL (e.g., \'https://demo.com/\') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.\032\200\001this.matches(\'^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$\')' + _globals['_POLICYENFORCEMENTPOINT'].fields_by_name['client_id']._loaded_options = None + _globals['_POLICYENFORCEMENTPOINT'].fields_by_name['client_id']._serialized_options = b'\272H\004r\002\020\001' + _globals['_REQUESTCONTEXT'].fields_by_name['pep']._loaded_options = None + _globals['_REQUESTCONTEXT'].fields_by_name['pep']._serialized_options = b'\272H\003\310\001\001' _globals['_PUBLICKEYCTX'].fields_by_name['pem']._loaded_options = None _globals['_PUBLICKEYCTX'].fields_by_name['pem']._serialized_options = b'\272H\004r\002\020\001' _globals['_PRIVATEKEYCTX'].fields_by_name['key_id']._loaded_options = None _globals['_PRIVATEKEYCTX'].fields_by_name['key_id']._serialized_options = b'\272H\004r\002\020\001' - _globals['_ATTRIBUTERULETYPEENUM']._serialized_start=7124 - _globals['_ATTRIBUTERULETYPEENUM']._serialized_end=7303 - _globals['_SUBJECTMAPPINGOPERATORENUM']._serialized_start=7306 - _globals['_SUBJECTMAPPINGOPERATORENUM']._serialized_end=7508 - _globals['_CONDITIONBOOLEANTYPEENUM']._serialized_start=7511 - _globals['_CONDITIONBOOLEANTYPEENUM']._serialized_end=7655 - _globals['_SOURCETYPE']._serialized_start=7657 - _globals['_SOURCETYPE']._serialized_end=7750 - _globals['_KASPUBLICKEYALGENUM']._serialized_start=7753 - _globals['_KASPUBLICKEYALGENUM']._serialized_end=8017 - _globals['_ALGORITHM']._serialized_start=8020 - _globals['_ALGORITHM']._serialized_end=8175 - _globals['_KEYSTATUS']._serialized_start=8177 - _globals['_KEYSTATUS']._serialized_end=8263 - _globals['_KEYMODE']._serialized_start=8266 - _globals['_KEYMODE']._serialized_end=8414 + _globals['_ATTRIBUTERULETYPEENUM']._serialized_start=7725 + _globals['_ATTRIBUTERULETYPEENUM']._serialized_end=7904 + _globals['_SUBJECTMAPPINGOPERATORENUM']._serialized_start=7907 + _globals['_SUBJECTMAPPINGOPERATORENUM']._serialized_end=8109 + _globals['_CONDITIONBOOLEANTYPEENUM']._serialized_start=8112 + _globals['_CONDITIONBOOLEANTYPEENUM']._serialized_end=8256 + _globals['_SOURCETYPE']._serialized_start=8258 + _globals['_SOURCETYPE']._serialized_end=8351 + _globals['_KASPUBLICKEYALGENUM']._serialized_start=8354 + _globals['_KASPUBLICKEYALGENUM']._serialized_end=8618 + _globals['_ALGORITHM']._serialized_start=8621 + _globals['_ALGORITHM']._serialized_end=8776 + _globals['_KEYSTATUS']._serialized_start=8778 + _globals['_KEYSTATUS']._serialized_end=8864 + _globals['_KEYMODE']._serialized_start=8867 + _globals['_KEYMODE']._serialized_end=9015 _globals['_SIMPLEKASPUBLICKEY']._serialized_start=114 _globals['_SIMPLEKASPUBLICKEY']._serialized_end=219 _globals['_SIMPLEKASKEY']._serialized_start=221 _globals['_SIMPLEKASKEY']._serialized_end=342 _globals['_KEYPROVIDERCONFIG']._serialized_start=345 - _globals['_KEYPROVIDERCONFIG']._serialized_end=479 - _globals['_NAMESPACE']._serialized_start=482 - _globals['_NAMESPACE']._serialized_end=743 - _globals['_ATTRIBUTE']._serialized_start=746 - _globals['_ATTRIBUTE']._serialized_end=1159 - _globals['_VALUE']._serialized_start=1162 - _globals['_VALUE']._serialized_end=1622 - _globals['_ACTION']._serialized_start=1625 - _globals['_ACTION']._serialized_end=1921 - _globals['_ACTION_STANDARDACTION']._serialized_start=1804 - _globals['_ACTION_STANDARDACTION']._serialized_end=1912 - _globals['_SUBJECTMAPPING']._serialized_start=1924 - _globals['_SUBJECTMAPPING']._serialized_end=2181 - _globals['_CONDITION']._serialized_start=2184 - _globals['_CONDITION']._serialized_end=2417 - _globals['_CONDITIONGROUP']._serialized_start=2420 - _globals['_CONDITIONGROUP']._serialized_end=2587 - _globals['_SUBJECTSET']._serialized_start=2589 - _globals['_SUBJECTSET']._serialized_end=2678 - _globals['_SUBJECTCONDITIONSET']._serialized_start=2681 - _globals['_SUBJECTCONDITIONSET']._serialized_end=2829 - _globals['_SUBJECTPROPERTY']._serialized_start=2831 - _globals['_SUBJECTPROPERTY']._serialized_end=2955 - _globals['_RESOURCEMAPPINGGROUP']._serialized_start=2958 - _globals['_RESOURCEMAPPINGGROUP']._serialized_end=3113 - _globals['_RESOURCEMAPPING']._serialized_start=3116 - _globals['_RESOURCEMAPPING']._serialized_end=3333 - _globals['_KEYACCESSSERVER']._serialized_start=3336 - _globals['_KEYACCESSSERVER']._serialized_end=3981 - _globals['_KEY']._serialized_start=3984 - _globals['_KEY']._serialized_end=4263 - _globals['_KASPUBLICKEY']._serialized_start=4266 - _globals['_KASPUBLICKEY']._serialized_end=4398 - _globals['_KASPUBLICKEYSET']._serialized_start=4400 - _globals['_KASPUBLICKEYSET']._serialized_end=4459 - _globals['_PUBLICKEY']._serialized_start=4462 - _globals['_PUBLICKEY']._serialized_end=4942 - _globals['_REGISTEREDRESOURCE']._serialized_start=4945 - _globals['_REGISTEREDRESOURCE']._serialized_end=5104 - _globals['_REGISTEREDRESOURCEVALUE']._serialized_start=5107 - _globals['_REGISTEREDRESOURCEVALUE']._serialized_end=5565 - _globals['_REGISTEREDRESOURCEVALUE_ACTIONATTRIBUTEVALUE']._serialized_start=5385 - _globals['_REGISTEREDRESOURCEVALUE_ACTIONATTRIBUTEVALUE']._serialized_end=5565 - _globals['_OBLIGATION']._serialized_start=5568 - _globals['_OBLIGATION']._serialized_end=5760 - _globals['_OBLIGATIONVALUE']._serialized_start=5763 - _globals['_OBLIGATIONVALUE']._serialized_end=5916 - _globals['_OBLIGATIONTRIGGER']._serialized_start=5919 - _globals['_OBLIGATIONTRIGGER']._serialized_end=6164 - _globals['_KASKEY']._serialized_start=6166 - _globals['_KASKEY']._serialized_end=6263 - _globals['_PUBLICKEYCTX']._serialized_start=6265 - _globals['_PUBLICKEYCTX']._serialized_end=6306 - _globals['_PRIVATEKEYCTX']._serialized_start=6308 - _globals['_PRIVATEKEYCTX']._serialized_end=6388 - _globals['_ASYMMETRICKEY']._serialized_start=6391 - _globals['_ASYMMETRICKEY']._serialized_end=6832 - _globals['_SYMMETRICKEY']._serialized_start=6835 - _globals['_SYMMETRICKEY']._serialized_end=7121 + _globals['_KEYPROVIDERCONFIG']._serialized_end=505 + _globals['_NAMESPACE']._serialized_start=508 + _globals['_NAMESPACE']._serialized_end=821 + _globals['_CERTIFICATE']._serialized_start=823 + _globals['_CERTIFICATE']._serialized_end=916 + _globals['_ATTRIBUTE']._serialized_start=919 + _globals['_ATTRIBUTE']._serialized_end=1401 + _globals['_VALUE']._serialized_start=1404 + _globals['_VALUE']._serialized_end=1918 + _globals['_ACTION']._serialized_start=1921 + _globals['_ACTION']._serialized_end=2217 + _globals['_ACTION_STANDARDACTION']._serialized_start=2100 + _globals['_ACTION_STANDARDACTION']._serialized_end=2208 + _globals['_SUBJECTMAPPING']._serialized_start=2220 + _globals['_SUBJECTMAPPING']._serialized_end=2477 + _globals['_CONDITION']._serialized_start=2480 + _globals['_CONDITION']._serialized_end=2713 + _globals['_CONDITIONGROUP']._serialized_start=2716 + _globals['_CONDITIONGROUP']._serialized_end=2883 + _globals['_SUBJECTSET']._serialized_start=2885 + _globals['_SUBJECTSET']._serialized_end=2974 + _globals['_SUBJECTCONDITIONSET']._serialized_start=2977 + _globals['_SUBJECTCONDITIONSET']._serialized_end=3125 + _globals['_SUBJECTPROPERTY']._serialized_start=3127 + _globals['_SUBJECTPROPERTY']._serialized_end=3251 + _globals['_RESOURCEMAPPINGGROUP']._serialized_start=3254 + _globals['_RESOURCEMAPPINGGROUP']._serialized_end=3409 + _globals['_RESOURCEMAPPING']._serialized_start=3412 + _globals['_RESOURCEMAPPING']._serialized_end=3629 + _globals['_KEYACCESSSERVER']._serialized_start=3632 + _globals['_KEYACCESSSERVER']._serialized_end=4277 + _globals['_KEY']._serialized_start=4280 + _globals['_KEY']._serialized_end=4559 + _globals['_KASPUBLICKEY']._serialized_start=4562 + _globals['_KASPUBLICKEY']._serialized_end=4694 + _globals['_KASPUBLICKEYSET']._serialized_start=4696 + _globals['_KASPUBLICKEYSET']._serialized_end=4755 + _globals['_PUBLICKEY']._serialized_start=4758 + _globals['_PUBLICKEY']._serialized_end=5238 + _globals['_REGISTEREDRESOURCE']._serialized_start=5241 + _globals['_REGISTEREDRESOURCE']._serialized_end=5400 + _globals['_REGISTEREDRESOURCEVALUE']._serialized_start=5403 + _globals['_REGISTEREDRESOURCEVALUE']._serialized_end=5861 + _globals['_REGISTEREDRESOURCEVALUE_ACTIONATTRIBUTEVALUE']._serialized_start=5681 + _globals['_REGISTEREDRESOURCEVALUE_ACTIONATTRIBUTEVALUE']._serialized_end=5861 + _globals['_POLICYENFORCEMENTPOINT']._serialized_start=5863 + _globals['_POLICYENFORCEMENTPOINT']._serialized_end=5925 + _globals['_REQUESTCONTEXT']._serialized_start=5927 + _globals['_REQUESTCONTEXT']._serialized_end=6001 + _globals['_OBLIGATION']._serialized_start=6004 + _globals['_OBLIGATION']._serialized_end=6214 + _globals['_OBLIGATIONVALUE']._serialized_start=6217 + _globals['_OBLIGATIONVALUE']._serialized_end=6443 + _globals['_OBLIGATIONTRIGGER']._serialized_start=6446 + _globals['_OBLIGATIONTRIGGER']._serialized_end=6741 + _globals['_KASKEY']._serialized_start=6743 + _globals['_KASKEY']._serialized_end=6840 + _globals['_PUBLICKEYCTX']._serialized_start=6842 + _globals['_PUBLICKEYCTX']._serialized_end=6883 + _globals['_PRIVATEKEYCTX']._serialized_start=6885 + _globals['_PRIVATEKEYCTX']._serialized_end=6965 + _globals['_ASYMMETRICKEY']._serialized_start=6968 + _globals['_ASYMMETRICKEY']._serialized_end=7433 + _globals['_SYMMETRICKEY']._serialized_start=7436 + _globals['_SYMMETRICKEY']._serialized_end=7722 # @@protoc_insertion_point(module_scope) diff --git a/otdf-python-proto/src/otdf_python_proto/policy/objects_pb2.pyi b/otdf-python-proto/src/otdf_python_proto/policy/objects_pb2.pyi index d34158a..e61efa3 100644 --- a/otdf-python-proto/src/otdf_python_proto/policy/objects_pb2.pyi +++ b/otdf-python-proto/src/otdf_python_proto/policy/objects_pb2.pyi @@ -123,19 +123,21 @@ class SimpleKasKey(_message.Message): def __init__(self, kas_uri: _Optional[str] = ..., public_key: _Optional[_Union[SimpleKasPublicKey, _Mapping]] = ..., kas_id: _Optional[str] = ...) -> None: ... class KeyProviderConfig(_message.Message): - __slots__ = ("id", "name", "config_json", "metadata") + __slots__ = ("id", "name", "config_json", "manager", "metadata") ID_FIELD_NUMBER: _ClassVar[int] NAME_FIELD_NUMBER: _ClassVar[int] CONFIG_JSON_FIELD_NUMBER: _ClassVar[int] + MANAGER_FIELD_NUMBER: _ClassVar[int] METADATA_FIELD_NUMBER: _ClassVar[int] id: str name: str config_json: bytes + manager: str metadata: _common_pb2.Metadata - def __init__(self, id: _Optional[str] = ..., name: _Optional[str] = ..., config_json: _Optional[bytes] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ... + def __init__(self, id: _Optional[str] = ..., name: _Optional[str] = ..., config_json: _Optional[bytes] = ..., manager: _Optional[str] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ... class Namespace(_message.Message): - __slots__ = ("id", "name", "fqn", "active", "metadata", "grants", "kas_keys") + __slots__ = ("id", "name", "fqn", "active", "metadata", "grants", "kas_keys", "root_certs") ID_FIELD_NUMBER: _ClassVar[int] NAME_FIELD_NUMBER: _ClassVar[int] FQN_FIELD_NUMBER: _ClassVar[int] @@ -143,6 +145,7 @@ class Namespace(_message.Message): METADATA_FIELD_NUMBER: _ClassVar[int] GRANTS_FIELD_NUMBER: _ClassVar[int] KAS_KEYS_FIELD_NUMBER: _ClassVar[int] + ROOT_CERTS_FIELD_NUMBER: _ClassVar[int] id: str name: str fqn: str @@ -150,10 +153,21 @@ class Namespace(_message.Message): metadata: _common_pb2.Metadata grants: _containers.RepeatedCompositeFieldContainer[KeyAccessServer] kas_keys: _containers.RepeatedCompositeFieldContainer[SimpleKasKey] - def __init__(self, id: _Optional[str] = ..., name: _Optional[str] = ..., fqn: _Optional[str] = ..., active: _Optional[_Union[_wrappers_pb2.BoolValue, _Mapping]] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ..., grants: _Optional[_Iterable[_Union[KeyAccessServer, _Mapping]]] = ..., kas_keys: _Optional[_Iterable[_Union[SimpleKasKey, _Mapping]]] = ...) -> None: ... + root_certs: _containers.RepeatedCompositeFieldContainer[Certificate] + def __init__(self, id: _Optional[str] = ..., name: _Optional[str] = ..., fqn: _Optional[str] = ..., active: _Optional[_Union[_wrappers_pb2.BoolValue, _Mapping]] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ..., grants: _Optional[_Iterable[_Union[KeyAccessServer, _Mapping]]] = ..., kas_keys: _Optional[_Iterable[_Union[SimpleKasKey, _Mapping]]] = ..., root_certs: _Optional[_Iterable[_Union[Certificate, _Mapping]]] = ...) -> None: ... + +class Certificate(_message.Message): + __slots__ = ("id", "pem", "metadata") + ID_FIELD_NUMBER: _ClassVar[int] + PEM_FIELD_NUMBER: _ClassVar[int] + METADATA_FIELD_NUMBER: _ClassVar[int] + id: str + pem: str + metadata: _common_pb2.Metadata + def __init__(self, id: _Optional[str] = ..., pem: _Optional[str] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ... class Attribute(_message.Message): - __slots__ = ("id", "namespace", "name", "rule", "values", "grants", "fqn", "active", "kas_keys", "metadata") + __slots__ = ("id", "namespace", "name", "rule", "values", "grants", "fqn", "active", "kas_keys", "allow_traversal", "metadata") ID_FIELD_NUMBER: _ClassVar[int] NAMESPACE_FIELD_NUMBER: _ClassVar[int] NAME_FIELD_NUMBER: _ClassVar[int] @@ -163,6 +177,7 @@ class Attribute(_message.Message): FQN_FIELD_NUMBER: _ClassVar[int] ACTIVE_FIELD_NUMBER: _ClassVar[int] KAS_KEYS_FIELD_NUMBER: _ClassVar[int] + ALLOW_TRAVERSAL_FIELD_NUMBER: _ClassVar[int] METADATA_FIELD_NUMBER: _ClassVar[int] id: str namespace: Namespace @@ -173,11 +188,12 @@ class Attribute(_message.Message): fqn: str active: _wrappers_pb2.BoolValue kas_keys: _containers.RepeatedCompositeFieldContainer[SimpleKasKey] + allow_traversal: _wrappers_pb2.BoolValue metadata: _common_pb2.Metadata - def __init__(self, id: _Optional[str] = ..., namespace: _Optional[_Union[Namespace, _Mapping]] = ..., name: _Optional[str] = ..., rule: _Optional[_Union[AttributeRuleTypeEnum, str]] = ..., values: _Optional[_Iterable[_Union[Value, _Mapping]]] = ..., grants: _Optional[_Iterable[_Union[KeyAccessServer, _Mapping]]] = ..., fqn: _Optional[str] = ..., active: _Optional[_Union[_wrappers_pb2.BoolValue, _Mapping]] = ..., kas_keys: _Optional[_Iterable[_Union[SimpleKasKey, _Mapping]]] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ... + def __init__(self, id: _Optional[str] = ..., namespace: _Optional[_Union[Namespace, _Mapping]] = ..., name: _Optional[str] = ..., rule: _Optional[_Union[AttributeRuleTypeEnum, str]] = ..., values: _Optional[_Iterable[_Union[Value, _Mapping]]] = ..., grants: _Optional[_Iterable[_Union[KeyAccessServer, _Mapping]]] = ..., fqn: _Optional[str] = ..., active: _Optional[_Union[_wrappers_pb2.BoolValue, _Mapping]] = ..., kas_keys: _Optional[_Iterable[_Union[SimpleKasKey, _Mapping]]] = ..., allow_traversal: _Optional[_Union[_wrappers_pb2.BoolValue, _Mapping]] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ... class Value(_message.Message): - __slots__ = ("id", "attribute", "value", "grants", "fqn", "active", "subject_mappings", "kas_keys", "resource_mappings", "metadata") + __slots__ = ("id", "attribute", "value", "grants", "fqn", "active", "subject_mappings", "kas_keys", "resource_mappings", "obligations", "metadata") ID_FIELD_NUMBER: _ClassVar[int] ATTRIBUTE_FIELD_NUMBER: _ClassVar[int] VALUE_FIELD_NUMBER: _ClassVar[int] @@ -187,6 +203,7 @@ class Value(_message.Message): SUBJECT_MAPPINGS_FIELD_NUMBER: _ClassVar[int] KAS_KEYS_FIELD_NUMBER: _ClassVar[int] RESOURCE_MAPPINGS_FIELD_NUMBER: _ClassVar[int] + OBLIGATIONS_FIELD_NUMBER: _ClassVar[int] METADATA_FIELD_NUMBER: _ClassVar[int] id: str attribute: Attribute @@ -197,8 +214,9 @@ class Value(_message.Message): subject_mappings: _containers.RepeatedCompositeFieldContainer[SubjectMapping] kas_keys: _containers.RepeatedCompositeFieldContainer[SimpleKasKey] resource_mappings: _containers.RepeatedCompositeFieldContainer[ResourceMapping] + obligations: _containers.RepeatedCompositeFieldContainer[Obligation] metadata: _common_pb2.Metadata - def __init__(self, id: _Optional[str] = ..., attribute: _Optional[_Union[Attribute, _Mapping]] = ..., value: _Optional[str] = ..., grants: _Optional[_Iterable[_Union[KeyAccessServer, _Mapping]]] = ..., fqn: _Optional[str] = ..., active: _Optional[_Union[_wrappers_pb2.BoolValue, _Mapping]] = ..., subject_mappings: _Optional[_Iterable[_Union[SubjectMapping, _Mapping]]] = ..., kas_keys: _Optional[_Iterable[_Union[SimpleKasKey, _Mapping]]] = ..., resource_mappings: _Optional[_Iterable[_Union[ResourceMapping, _Mapping]]] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ... + def __init__(self, id: _Optional[str] = ..., attribute: _Optional[_Union[Attribute, _Mapping]] = ..., value: _Optional[str] = ..., grants: _Optional[_Iterable[_Union[KeyAccessServer, _Mapping]]] = ..., fqn: _Optional[str] = ..., active: _Optional[_Union[_wrappers_pb2.BoolValue, _Mapping]] = ..., subject_mappings: _Optional[_Iterable[_Union[SubjectMapping, _Mapping]]] = ..., kas_keys: _Optional[_Iterable[_Union[SimpleKasKey, _Mapping]]] = ..., resource_mappings: _Optional[_Iterable[_Union[ResourceMapping, _Mapping]]] = ..., obligations: _Optional[_Iterable[_Union[Obligation, _Mapping]]] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ... class Action(_message.Message): __slots__ = ("id", "standard", "custom", "name", "metadata") @@ -399,45 +417,65 @@ class RegisteredResourceValue(_message.Message): metadata: _common_pb2.Metadata def __init__(self, id: _Optional[str] = ..., value: _Optional[str] = ..., resource: _Optional[_Union[RegisteredResource, _Mapping]] = ..., action_attribute_values: _Optional[_Iterable[_Union[RegisteredResourceValue.ActionAttributeValue, _Mapping]]] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ... +class PolicyEnforcementPoint(_message.Message): + __slots__ = ("client_id",) + CLIENT_ID_FIELD_NUMBER: _ClassVar[int] + client_id: str + def __init__(self, client_id: _Optional[str] = ...) -> None: ... + +class RequestContext(_message.Message): + __slots__ = ("pep",) + PEP_FIELD_NUMBER: _ClassVar[int] + pep: PolicyEnforcementPoint + def __init__(self, pep: _Optional[_Union[PolicyEnforcementPoint, _Mapping]] = ...) -> None: ... + class Obligation(_message.Message): - __slots__ = ("id", "namespace", "name", "values", "metadata") + __slots__ = ("id", "namespace", "name", "values", "fqn", "metadata") ID_FIELD_NUMBER: _ClassVar[int] NAMESPACE_FIELD_NUMBER: _ClassVar[int] NAME_FIELD_NUMBER: _ClassVar[int] VALUES_FIELD_NUMBER: _ClassVar[int] + FQN_FIELD_NUMBER: _ClassVar[int] METADATA_FIELD_NUMBER: _ClassVar[int] id: str namespace: Namespace name: str values: _containers.RepeatedCompositeFieldContainer[ObligationValue] + fqn: str metadata: _common_pb2.Metadata - def __init__(self, id: _Optional[str] = ..., namespace: _Optional[_Union[Namespace, _Mapping]] = ..., name: _Optional[str] = ..., values: _Optional[_Iterable[_Union[ObligationValue, _Mapping]]] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ... + def __init__(self, id: _Optional[str] = ..., namespace: _Optional[_Union[Namespace, _Mapping]] = ..., name: _Optional[str] = ..., values: _Optional[_Iterable[_Union[ObligationValue, _Mapping]]] = ..., fqn: _Optional[str] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ... class ObligationValue(_message.Message): - __slots__ = ("id", "obligation", "value", "metadata") + __slots__ = ("id", "obligation", "value", "triggers", "fqn", "metadata") ID_FIELD_NUMBER: _ClassVar[int] OBLIGATION_FIELD_NUMBER: _ClassVar[int] VALUE_FIELD_NUMBER: _ClassVar[int] + TRIGGERS_FIELD_NUMBER: _ClassVar[int] + FQN_FIELD_NUMBER: _ClassVar[int] METADATA_FIELD_NUMBER: _ClassVar[int] id: str obligation: Obligation value: str + triggers: _containers.RepeatedCompositeFieldContainer[ObligationTrigger] + fqn: str metadata: _common_pb2.Metadata - def __init__(self, id: _Optional[str] = ..., obligation: _Optional[_Union[Obligation, _Mapping]] = ..., value: _Optional[str] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ... + def __init__(self, id: _Optional[str] = ..., obligation: _Optional[_Union[Obligation, _Mapping]] = ..., value: _Optional[str] = ..., triggers: _Optional[_Iterable[_Union[ObligationTrigger, _Mapping]]] = ..., fqn: _Optional[str] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ... class ObligationTrigger(_message.Message): - __slots__ = ("id", "obligation_value", "action", "attribute_value", "metadata") + __slots__ = ("id", "obligation_value", "action", "attribute_value", "context", "metadata") ID_FIELD_NUMBER: _ClassVar[int] OBLIGATION_VALUE_FIELD_NUMBER: _ClassVar[int] ACTION_FIELD_NUMBER: _ClassVar[int] ATTRIBUTE_VALUE_FIELD_NUMBER: _ClassVar[int] + CONTEXT_FIELD_NUMBER: _ClassVar[int] METADATA_FIELD_NUMBER: _ClassVar[int] id: str obligation_value: ObligationValue action: Action attribute_value: Value + context: _containers.RepeatedCompositeFieldContainer[RequestContext] metadata: _common_pb2.Metadata - def __init__(self, id: _Optional[str] = ..., obligation_value: _Optional[_Union[ObligationValue, _Mapping]] = ..., action: _Optional[_Union[Action, _Mapping]] = ..., attribute_value: _Optional[_Union[Value, _Mapping]] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ... + def __init__(self, id: _Optional[str] = ..., obligation_value: _Optional[_Union[ObligationValue, _Mapping]] = ..., action: _Optional[_Union[Action, _Mapping]] = ..., attribute_value: _Optional[_Union[Value, _Mapping]] = ..., context: _Optional[_Iterable[_Union[RequestContext, _Mapping]]] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ... class KasKey(_message.Message): __slots__ = ("kas_id", "key", "kas_uri") @@ -464,7 +502,7 @@ class PrivateKeyCtx(_message.Message): def __init__(self, key_id: _Optional[str] = ..., wrapped_key: _Optional[str] = ...) -> None: ... class AsymmetricKey(_message.Message): - __slots__ = ("id", "key_id", "key_algorithm", "key_status", "key_mode", "public_key_ctx", "private_key_ctx", "provider_config", "metadata") + __slots__ = ("id", "key_id", "key_algorithm", "key_status", "key_mode", "public_key_ctx", "private_key_ctx", "provider_config", "legacy", "metadata") ID_FIELD_NUMBER: _ClassVar[int] KEY_ID_FIELD_NUMBER: _ClassVar[int] KEY_ALGORITHM_FIELD_NUMBER: _ClassVar[int] @@ -473,6 +511,7 @@ class AsymmetricKey(_message.Message): PUBLIC_KEY_CTX_FIELD_NUMBER: _ClassVar[int] PRIVATE_KEY_CTX_FIELD_NUMBER: _ClassVar[int] PROVIDER_CONFIG_FIELD_NUMBER: _ClassVar[int] + LEGACY_FIELD_NUMBER: _ClassVar[int] METADATA_FIELD_NUMBER: _ClassVar[int] id: str key_id: str @@ -482,8 +521,9 @@ class AsymmetricKey(_message.Message): public_key_ctx: PublicKeyCtx private_key_ctx: PrivateKeyCtx provider_config: KeyProviderConfig + legacy: bool metadata: _common_pb2.Metadata - def __init__(self, id: _Optional[str] = ..., key_id: _Optional[str] = ..., key_algorithm: _Optional[_Union[Algorithm, str]] = ..., key_status: _Optional[_Union[KeyStatus, str]] = ..., key_mode: _Optional[_Union[KeyMode, str]] = ..., public_key_ctx: _Optional[_Union[PublicKeyCtx, _Mapping]] = ..., private_key_ctx: _Optional[_Union[PrivateKeyCtx, _Mapping]] = ..., provider_config: _Optional[_Union[KeyProviderConfig, _Mapping]] = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ... + def __init__(self, id: _Optional[str] = ..., key_id: _Optional[str] = ..., key_algorithm: _Optional[_Union[Algorithm, str]] = ..., key_status: _Optional[_Union[KeyStatus, str]] = ..., key_mode: _Optional[_Union[KeyMode, str]] = ..., public_key_ctx: _Optional[_Union[PublicKeyCtx, _Mapping]] = ..., private_key_ctx: _Optional[_Union[PrivateKeyCtx, _Mapping]] = ..., provider_config: _Optional[_Union[KeyProviderConfig, _Mapping]] = ..., legacy: bool = ..., metadata: _Optional[_Union[_common_pb2.Metadata, _Mapping]] = ...) -> None: ... class SymmetricKey(_message.Message): __slots__ = ("id", "key_id", "key_status", "key_mode", "key_ctx", "provider_config", "metadata") diff --git a/otdf-python-proto/src/otdf_python_proto/policy/obligations/obligations_connect.py b/otdf-python-proto/src/otdf_python_proto/policy/obligations/obligations_connect.py index 0c2b088..728502d 100644 --- a/otdf-python-proto/src/otdf_python_proto/policy/obligations/obligations_connect.py +++ b/otdf-python-proto/src/otdf_python_proto/policy/obligations/obligations_connect.py @@ -55,6 +55,9 @@ async def add_obligation_trigger(self, request: policy_dot_obligations_dot_oblig async def remove_obligation_trigger(self, request: policy_dot_obligations_dot_obligations__pb2.RemoveObligationTriggerRequest, ctx: RequestContext) -> policy_dot_obligations_dot_obligations__pb2.RemoveObligationTriggerResponse: raise ConnectError(Code.UNIMPLEMENTED, "Not implemented") + async def list_obligation_triggers(self, request: policy_dot_obligations_dot_obligations__pb2.ListObligationTriggersRequest, ctx: RequestContext) -> policy_dot_obligations_dot_obligations__pb2.ListObligationTriggersResponse: + raise ConnectError(Code.UNIMPLEMENTED, "Not implemented") + class ServiceASGIApplication(ConnectASGIApplication[Service]): def __init__(self, service: Service | AsyncGenerator[Service], *, interceptors: Iterable[Interceptor]=(), read_max_bytes: int | None = None) -> None: @@ -191,6 +194,16 @@ def __init__(self, service: Service | AsyncGenerator[Service], *, interceptors: ), function=svc.remove_obligation_trigger, ), + "/policy.obligations.Service/ListObligationTriggers": Endpoint.unary( + method=MethodInfo( + name="ListObligationTriggers", + service_name="policy.obligations.Service", + input=policy_dot_obligations_dot_obligations__pb2.ListObligationTriggersRequest, + output=policy_dot_obligations_dot_obligations__pb2.ListObligationTriggersResponse, + idempotency_level=IdempotencyLevel.NO_SIDE_EFFECTS, + ), + function=svc.list_obligation_triggers, + ), }, interceptors=interceptors, read_max_bytes=read_max_bytes, @@ -473,6 +486,28 @@ async def remove_obligation_trigger( timeout_ms=timeout_ms, ) + async def list_obligation_triggers( + self, + request: policy_dot_obligations_dot_obligations__pb2.ListObligationTriggersRequest, + *, + headers: Headers | Mapping[str, str] | None = None, + timeout_ms: int | None = None, + use_get: bool = False, + ) -> policy_dot_obligations_dot_obligations__pb2.ListObligationTriggersResponse: + return await self.execute_unary( + request=request, + method=MethodInfo( + name="ListObligationTriggers", + service_name="policy.obligations.Service", + input=policy_dot_obligations_dot_obligations__pb2.ListObligationTriggersRequest, + output=policy_dot_obligations_dot_obligations__pb2.ListObligationTriggersResponse, + idempotency_level=IdempotencyLevel.NO_SIDE_EFFECTS, + ), + headers=headers, + timeout_ms=timeout_ms, + use_get=use_get, + ) + class ServiceSync(Protocol): def list_obligations(self, request: policy_dot_obligations_dot_obligations__pb2.ListObligationsRequest, ctx: RequestContext) -> policy_dot_obligations_dot_obligations__pb2.ListObligationsResponse: @@ -501,6 +536,8 @@ def add_obligation_trigger(self, request: policy_dot_obligations_dot_obligations raise ConnectError(Code.UNIMPLEMENTED, "Not implemented") def remove_obligation_trigger(self, request: policy_dot_obligations_dot_obligations__pb2.RemoveObligationTriggerRequest, ctx: RequestContext) -> policy_dot_obligations_dot_obligations__pb2.RemoveObligationTriggerResponse: raise ConnectError(Code.UNIMPLEMENTED, "Not implemented") + def list_obligation_triggers(self, request: policy_dot_obligations_dot_obligations__pb2.ListObligationTriggersRequest, ctx: RequestContext) -> policy_dot_obligations_dot_obligations__pb2.ListObligationTriggersResponse: + raise ConnectError(Code.UNIMPLEMENTED, "Not implemented") class ServiceWSGIApplication(ConnectWSGIApplication): @@ -637,6 +674,16 @@ def __init__(self, service: ServiceSync, interceptors: Iterable[InterceptorSync] ), function=service.remove_obligation_trigger, ), + "/policy.obligations.Service/ListObligationTriggers": EndpointSync.unary( + method=MethodInfo( + name="ListObligationTriggers", + service_name="policy.obligations.Service", + input=policy_dot_obligations_dot_obligations__pb2.ListObligationTriggersRequest, + output=policy_dot_obligations_dot_obligations__pb2.ListObligationTriggersResponse, + idempotency_level=IdempotencyLevel.NO_SIDE_EFFECTS, + ), + function=service.list_obligation_triggers, + ), }, interceptors=interceptors, read_max_bytes=read_max_bytes, @@ -918,3 +965,25 @@ def remove_obligation_trigger( headers=headers, timeout_ms=timeout_ms, ) + + def list_obligation_triggers( + self, + request: policy_dot_obligations_dot_obligations__pb2.ListObligationTriggersRequest, + *, + headers: Headers | Mapping[str, str] | None = None, + timeout_ms: int | None = None, + use_get: bool = False, + ) -> policy_dot_obligations_dot_obligations__pb2.ListObligationTriggersResponse: + return self.execute_unary( + request=request, + method=MethodInfo( + name="ListObligationTriggers", + service_name="policy.obligations.Service", + input=policy_dot_obligations_dot_obligations__pb2.ListObligationTriggersRequest, + output=policy_dot_obligations_dot_obligations__pb2.ListObligationTriggersResponse, + idempotency_level=IdempotencyLevel.NO_SIDE_EFFECTS, + ), + headers=headers, + timeout_ms=timeout_ms, + use_get=use_get, + ) diff --git a/otdf-python-proto/src/otdf_python_proto/policy/obligations/obligations_pb2.py b/otdf-python-proto/src/otdf_python_proto/policy/obligations/obligations_pb2.py index 9a723c2..c62e729 100644 --- a/otdf-python-proto/src/otdf_python_proto/policy/obligations/obligations_pb2.py +++ b/otdf-python-proto/src/otdf_python_proto/policy/obligations/obligations_pb2.py @@ -25,9 +25,10 @@ from common import common_pb2 as common_dot_common__pb2 from policy import objects_pb2 as policy_dot_objects__pb2 from policy import selectors_pb2 as policy_dot_selectors__pb2 +from buf.validate import validate_pb2 as buf_dot_validate_dot_validate__pb2 -DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n$policy/obligations/obligations.proto\x12\x12policy.obligations\x1a\x13\x63ommon/common.proto\x1a\x14policy/objects.proto\x1a\x16policy/selectors.proto\"J\n\x14GetObligationRequest\x12\x10\n\x02id\x18\x01 \x01(\tH\x00R\x02id\x12\x12\n\x03\x66qn\x18\x02 \x01(\tH\x00R\x03\x66qnB\x0c\n\nidentifier\"K\n\x15GetObligationResponse\x12\x32\n\nobligation\x18\x01 \x01(\x0b\x32\x12.policy.ObligationR\nobligation\"1\n\x1bGetObligationsByFQNsRequest\x12\x12\n\x04\x66qns\x18\x01 \x03(\tR\x04\x66qns\"\xed\x01\n\x1cGetObligationsByFQNsResponse\x12t\n\x12\x66qn_obligation_map\x18\x01 \x03(\x0b\x32\x46.policy.obligations.GetObligationsByFQNsResponse.FqnObligationMapEntryR\x10\x66qnObligationMap\x1aW\n\x15\x46qnObligationMapEntry\x12\x10\n\x03key\x18\x01 \x01(\tR\x03key\x12(\n\x05value\x18\x02 \x01(\x0b\x32\x12.policy.ObligationR\x05value:\x02\x38\x01\"\xa0\x01\n\x17\x43reateObligationRequest\x12\x10\n\x02id\x18\x01 \x01(\tH\x00R\x02id\x12\x12\n\x03\x66qn\x18\x02 \x01(\tH\x00R\x03\x66qn\x12\x12\n\x04name\x18\x03 \x01(\tR\x04name\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadataB\x16\n\x14namespace_identifier\"N\n\x18\x43reateObligationResponse\x12\x32\n\nobligation\x18\x01 \x01(\x0b\x32\x12.policy.ObligationR\nobligation\"\xc8\x01\n\x17UpdateObligationRequest\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n\x04name\x18\x02 \x01(\tR\x04name\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\x12T\n\x18metadata_update_behavior\x18\x65 \x01(\x0e\x32\x1a.common.MetadataUpdateEnumR\x16metadataUpdateBehavior\"N\n\x18UpdateObligationResponse\x12\x32\n\nobligation\x18\x01 \x01(\x0b\x32\x12.policy.ObligationR\nobligation\"M\n\x17\x44\x65leteObligationRequest\x12\x10\n\x02id\x18\x01 \x01(\tH\x00R\x02id\x12\x12\n\x03\x66qn\x18\x02 \x01(\tH\x00R\x03\x66qnB\x0c\n\nidentifier\"N\n\x18\x44\x65leteObligationResponse\x12\x32\n\nobligation\x18\x01 \x01(\x0b\x32\x12.policy.ObligationR\nobligation\"\x8b\x01\n\x16ListObligationsRequest\x12\x10\n\x02id\x18\x01 \x01(\tH\x00R\x02id\x12\x12\n\x03\x66qn\x18\x02 \x01(\tH\x00R\x03\x66qn\x12\x33\n\npagination\x18\n \x01(\x0b\x32\x13.policy.PageRequestR\npaginationB\x16\n\x14namespace_identifier\"\x85\x01\n\x17ListObligationsResponse\x12\x34\n\x0bobligations\x18\x01 \x03(\x0b\x32\x12.policy.ObligationR\x0bobligations\x12\x34\n\npagination\x18\n \x01(\x0b\x32\x14.policy.PageResponseR\npagination\"O\n\x19GetObligationValueRequest\x12\x10\n\x02id\x18\x01 \x01(\tH\x00R\x02id\x12\x12\n\x03\x66qn\x18\x02 \x01(\tH\x00R\x03\x66qnB\x0c\n\nidentifier\"K\n\x1aGetObligationValueResponse\x12-\n\x05value\x18\x01 \x01(\x0b\x32\x17.policy.ObligationValueR\x05value\"6\n GetObligationValuesByFQNsRequest\x12\x12\n\x04\x66qns\x18\x01 \x03(\tR\x04\x66qns\"\xe8\x01\n!GetObligationValuesByFQNsResponse\x12j\n\rfqn_value_map\x18\x01 \x03(\x0b\x32\x46.policy.obligations.GetObligationValuesByFQNsResponse.FqnValueMapEntryR\x0b\x66qnValueMap\x1aW\n\x10\x46qnValueMapEntry\x12\x10\n\x03key\x18\x01 \x01(\tR\x03key\x12-\n\x05value\x18\x02 \x01(\x0b\x32\x17.policy.ObligationValueR\x05value:\x02\x38\x01\"\xa8\x01\n\x1c\x43reateObligationValueRequest\x12\x10\n\x02id\x18\x01 \x01(\tH\x00R\x02id\x12\x12\n\x03\x66qn\x18\x02 \x01(\tH\x00R\x03\x66qn\x12\x14\n\x05value\x18\x03 \x01(\tR\x05value\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadataB\x17\n\x15obligation_identifier\"N\n\x1d\x43reateObligationValueResponse\x12-\n\x05value\x18\x01 \x01(\x0b\x32\x17.policy.ObligationValueR\x05value\"\xcf\x01\n\x1cUpdateObligationValueRequest\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\x12\x14\n\x05value\x18\x02 \x01(\tR\x05value\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\x12T\n\x18metadata_update_behavior\x18\x65 \x01(\x0e\x32\x1a.common.MetadataUpdateEnumR\x16metadataUpdateBehavior\"N\n\x1dUpdateObligationValueResponse\x12-\n\x05value\x18\x01 \x01(\x0b\x32\x17.policy.ObligationValueR\x05value\"R\n\x1c\x44\x65leteObligationValueRequest\x12\x10\n\x02id\x18\x01 \x01(\tH\x00R\x02id\x12\x12\n\x03\x66qn\x18\x02 \x01(\tH\x00R\x03\x66qnB\x0c\n\nidentifier\"N\n\x1d\x44\x65leteObligationValueResponse\x12-\n\x05value\x18\x01 \x01(\x0b\x32\x17.policy.ObligationValueR\x05value\"\xcd\x01\n\x1b\x41\x64\x64ObligationTriggerRequest\x12.\n\x13obligation_value_id\x18\x01 \x01(\tR\x11obligationValueId\x12\x1b\n\taction_id\x18\x02 \x01(\tR\x08\x61\x63tionId\x12,\n\x12\x61ttribute_value_id\x18\x03 \x01(\tR\x10\x61ttributeValueId\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\"S\n\x1c\x41\x64\x64ObligationTriggerResponse\x12\x33\n\x07trigger\x18\x01 \x01(\x0b\x32\x19.policy.ObligationTriggerR\x07trigger\"0\n\x1eRemoveObligationTriggerRequest\x12\x0e\n\x02id\x18\x01 \x01(\tR\x02id\"V\n\x1fRemoveObligationTriggerResponse\x12\x33\n\x07trigger\x18\x01 \x01(\x0b\x32\x19.policy.ObligationTriggerR\x07trigger2\xc6\x0c\n\x07Service\x12o\n\x0fListObligations\x12*.policy.obligations.ListObligationsRequest\x1a+.policy.obligations.ListObligationsResponse\"\x03\x90\x02\x01\x12i\n\rGetObligation\x12(.policy.obligations.GetObligationRequest\x1a).policy.obligations.GetObligationResponse\"\x03\x90\x02\x01\x12~\n\x14GetObligationsByFQNs\x12/.policy.obligations.GetObligationsByFQNsRequest\x1a\x30.policy.obligations.GetObligationsByFQNsResponse\"\x03\x90\x02\x01\x12o\n\x10\x43reateObligation\x12+.policy.obligations.CreateObligationRequest\x1a,.policy.obligations.CreateObligationResponse\"\x00\x12o\n\x10UpdateObligation\x12+.policy.obligations.UpdateObligationRequest\x1a,.policy.obligations.UpdateObligationResponse\"\x00\x12o\n\x10\x44\x65leteObligation\x12+.policy.obligations.DeleteObligationRequest\x1a,.policy.obligations.DeleteObligationResponse\"\x00\x12x\n\x12GetObligationValue\x12-.policy.obligations.GetObligationValueRequest\x1a..policy.obligations.GetObligationValueResponse\"\x03\x90\x02\x01\x12\x8d\x01\n\x19GetObligationValuesByFQNs\x12\x34.policy.obligations.GetObligationValuesByFQNsRequest\x1a\x35.policy.obligations.GetObligationValuesByFQNsResponse\"\x03\x90\x02\x01\x12~\n\x15\x43reateObligationValue\x12\x30.policy.obligations.CreateObligationValueRequest\x1a\x31.policy.obligations.CreateObligationValueResponse\"\x00\x12~\n\x15UpdateObligationValue\x12\x30.policy.obligations.UpdateObligationValueRequest\x1a\x31.policy.obligations.UpdateObligationValueResponse\"\x00\x12~\n\x15\x44\x65leteObligationValue\x12\x30.policy.obligations.DeleteObligationValueRequest\x1a\x31.policy.obligations.DeleteObligationValueResponse\"\x00\x12{\n\x14\x41\x64\x64ObligationTrigger\x12/.policy.obligations.AddObligationTriggerRequest\x1a\x30.policy.obligations.AddObligationTriggerResponse\"\x00\x12\x84\x01\n\x17RemoveObligationTrigger\x12\x32.policy.obligations.RemoveObligationTriggerRequest\x1a\x33.policy.obligations.RemoveObligationTriggerResponse\"\x00\x42\x93\x01\n\x16\x63om.policy.obligationsB\x10ObligationsProtoP\x01\xa2\x02\x03POX\xaa\x02\x12Policy.Obligations\xca\x02\x12Policy\\Obligations\xe2\x02\x1ePolicy\\Obligations\\GPBMetadata\xea\x02\x13Policy::Obligationsb\x06proto3') +DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n$policy/obligations/obligations.proto\x12\x12policy.obligations\x1a\x13\x63ommon/common.proto\x1a\x14policy/objects.proto\x1a\x16policy/selectors.proto\x1a\x1b\x62uf/validate/validate.proto\"`\n\x14GetObligationRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x1c\n\x03\x66qn\x18\x02 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01R\x03\x66qn:\x10\xbaH\r\"\x0b\n\x02id\n\x03\x66qn\x10\x01\"\xcb\x01\n\x13ValueTriggerRequest\x12\x38\n\x06\x61\x63tion\x18\x01 \x01(\x0b\x32\x18.common.IdNameIdentifierB\x06\xbaH\x03\xc8\x01\x01R\x06\x61\x63tion\x12H\n\x0f\x61ttribute_value\x18\x02 \x01(\x0b\x32\x17.common.IdFqnIdentifierB\x06\xbaH\x03\xc8\x01\x01R\x0e\x61ttributeValue\x12\x30\n\x07\x63ontext\x18\x03 \x01(\x0b\x32\x16.policy.RequestContextR\x07\x63ontext\"K\n\x15GetObligationResponse\x12\x32\n\nobligation\x18\x01 \x01(\x0b\x32\x12.policy.ObligationR\nobligation\"I\n\x1bGetObligationsByFQNsRequest\x12*\n\x04\x66qns\x18\x01 \x03(\tB\x16\xbaH\x13\x92\x01\x10\x08\x01\x10\xfa\x01\x18\x01\"\x07r\x05\x10\x01\x88\x01\x01R\x04\x66qns\"\xed\x01\n\x1cGetObligationsByFQNsResponse\x12t\n\x12\x66qn_obligation_map\x18\x01 \x03(\x0b\x32\x46.policy.obligations.GetObligationsByFQNsResponse.FqnObligationMapEntryR\x10\x66qnObligationMap\x1aW\n\x15\x46qnObligationMapEntry\x12\x10\n\x03key\x18\x01 \x01(\tR\x03key\x12(\n\x05value\x18\x02 \x01(\x0b\x32\x12.policy.ObligationR\x05value:\x02\x38\x01\"\xd4\x04\n\x17\x43reateObligationRequest\x12+\n\x0cnamespace_id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x0bnamespaceId\x12/\n\rnamespace_fqn\x18\x02 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01R\x0cnamespaceFqn\x12\xa7\x02\n\x04name\x18\x03 \x01(\tB\x92\x02\xbaH\x8e\x02r\x03\x18\xfd\x01\xba\x01\x82\x02\n\x16obligation_name_format\x12\xaa\x01Obligation name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored name will be normalized to lower case.\x1a;this.matches(\'^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$\')\xc8\x01\x01R\x04name\x12V\n\x06values\x18\x04 \x03(\tB>\xbaH;\x92\x01\x38\x08\x00\x18\x01\"2r0\x18\xfd\x01\x32+^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$R\x06values\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata:$\xbaH!\"\x1f\n\x0cnamespace_id\n\rnamespace_fqn\x10\x01\"N\n\x18\x43reateObligationResponse\x12\x32\n\nobligation\x18\x01 \x01(\x0b\x32\x12.policy.ObligationR\nobligation\"\x80\x04\n\x17UpdateObligationRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\xbf\x02\n\x04name\x18\x02 \x01(\tB\xaa\x02\xbaH\xa6\x02r\x03\x18\xfd\x01\xba\x01\x9a\x02\n\x16obligation_name_format\x12\xaa\x01Obligation name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored name will be normalized to lower case.\x1aSsize(this) > 0 ? this.matches(\'^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$\') : true\xc8\x01\x00R\x04name\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\x12T\n\x18metadata_update_behavior\x18\x65 \x01(\x0e\x32\x1a.common.MetadataUpdateEnumR\x16metadataUpdateBehavior\"N\n\x18UpdateObligationResponse\x12\x32\n\nobligation\x18\x01 \x01(\x0b\x32\x12.policy.ObligationR\nobligation\"c\n\x17\x44\x65leteObligationRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x1c\n\x03\x66qn\x18\x02 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01R\x03\x66qn:\x10\xbaH\r\"\x0b\n\x02id\n\x03\x66qn\x10\x01\"N\n\x18\x44\x65leteObligationResponse\x12\x32\n\nobligation\x18\x01 \x01(\x0b\x32\x12.policy.ObligationR\nobligation\"\xd1\x01\n\x16ListObligationsRequest\x12+\n\x0cnamespace_id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x0bnamespaceId\x12/\n\rnamespace_fqn\x18\x02 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01R\x0cnamespaceFqn\x12\x33\n\npagination\x18\n \x01(\x0b\x32\x13.policy.PageRequestR\npagination:$\xbaH!\"\x1f\n\x0cnamespace_id\n\rnamespace_fqn\x10\x00\"\x85\x01\n\x17ListObligationsResponse\x12\x34\n\x0bobligations\x18\x01 \x03(\x0b\x32\x12.policy.ObligationR\x0bobligations\x12\x34\n\npagination\x18\n \x01(\x0b\x32\x14.policy.PageResponseR\npagination\"e\n\x19GetObligationValueRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x1c\n\x03\x66qn\x18\x02 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01R\x03\x66qn:\x10\xbaH\r\"\x0b\n\x02id\n\x03\x66qn\x10\x01\"K\n\x1aGetObligationValueResponse\x12-\n\x05value\x18\x01 \x01(\x0b\x32\x17.policy.ObligationValueR\x05value\"N\n GetObligationValuesByFQNsRequest\x12*\n\x04\x66qns\x18\x01 \x03(\tB\x16\xbaH\x13\x92\x01\x10\x08\x01\x10\xfa\x01\x18\x01\"\x07r\x05\x10\x01\x88\x01\x01R\x04\x66qns\"\xe8\x01\n!GetObligationValuesByFQNsResponse\x12j\n\rfqn_value_map\x18\x01 \x03(\x0b\x32\x46.policy.obligations.GetObligationValuesByFQNsResponse.FqnValueMapEntryR\x0b\x66qnValueMap\x1aW\n\x10\x46qnValueMapEntry\x12\x10\n\x03key\x18\x01 \x01(\tR\x03key\x12-\n\x05value\x18\x02 \x01(\x0b\x32\x17.policy.ObligationValueR\x05value:\x02\x38\x01\"\xd1\x04\n\x1c\x43reateObligationValueRequest\x12-\n\robligation_id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x0cobligationId\x12\x31\n\x0eobligation_fqn\x18\x02 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01R\robligationFqn\x12\xac\x02\n\x05value\x18\x03 \x01(\tB\x95\x02\xbaH\x91\x02r\x03\x18\xfd\x01\xba\x01\x85\x02\n\x17obligation_value_format\x12\xac\x01Obligation value must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored value will be normalized to lower case.\x1a;this.matches(\'^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$\')\xc8\x01\x01R\x05value\x12\x43\n\x08triggers\x18\x04 \x03(\x0b\x32\'.policy.obligations.ValueTriggerRequestR\x08triggers\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata:&\xbaH#\"!\n\robligation_id\n\x0eobligation_fqn\x10\x01\"N\n\x1d\x43reateObligationValueResponse\x12-\n\x05value\x18\x01 \x01(\x0b\x32\x17.policy.ObligationValueR\x05value\"\xcf\x04\n\x1cUpdateObligationValueRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\xc4\x02\n\x05value\x18\x02 \x01(\tB\xad\x02\xbaH\xa9\x02r\x03\x18\xfd\x01\xba\x01\x9d\x02\n\x17obligation_value_format\x12\xac\x01Obligation value must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored value will be normalized to lower case.\x1aSsize(this) > 0 ? this.matches(\'^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$\') : true\xc8\x01\x00R\x05value\x12\x43\n\x08triggers\x18\x03 \x03(\x0b\x32\'.policy.obligations.ValueTriggerRequestR\x08triggers\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\x12T\n\x18metadata_update_behavior\x18\x65 \x01(\x0e\x32\x1a.common.MetadataUpdateEnumR\x16metadataUpdateBehavior\"N\n\x1dUpdateObligationValueResponse\x12-\n\x05value\x18\x01 \x01(\x0b\x32\x17.policy.ObligationValueR\x05value\"h\n\x1c\x44\x65leteObligationValueRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x1c\n\x03\x66qn\x18\x02 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01R\x03\x66qn:\x10\xbaH\r\"\x0b\n\x02id\n\x03\x66qn\x10\x01\"N\n\x1d\x44\x65leteObligationValueResponse\x12-\n\x05value\x18\x01 \x01(\x0b\x32\x17.policy.ObligationValueR\x05value\"\xd4\x02\n\x1b\x41\x64\x64ObligationTriggerRequest\x12J\n\x10obligation_value\x18\x01 \x01(\x0b\x32\x17.common.IdFqnIdentifierB\x06\xbaH\x03\xc8\x01\x01R\x0fobligationValue\x12\x38\n\x06\x61\x63tion\x18\x02 \x01(\x0b\x32\x18.common.IdNameIdentifierB\x06\xbaH\x03\xc8\x01\x01R\x06\x61\x63tion\x12H\n\x0f\x61ttribute_value\x18\x03 \x01(\x0b\x32\x17.common.IdFqnIdentifierB\x06\xbaH\x03\xc8\x01\x01R\x0e\x61ttributeValue\x12\x30\n\x07\x63ontext\x18\x04 \x01(\x0b\x32\x16.policy.RequestContextR\x07\x63ontext\x12\x33\n\x08metadata\x18\x64 \x01(\x0b\x32\x17.common.MetadataMutableR\x08metadata\"S\n\x1c\x41\x64\x64ObligationTriggerResponse\x12\x33\n\x07trigger\x18\x01 \x01(\x0b\x32\x19.policy.ObligationTriggerR\x07trigger\":\n\x1eRemoveObligationTriggerRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\"V\n\x1fRemoveObligationTriggerResponse\x12\x33\n\x07trigger\x18\x01 \x01(\x0b\x32\x19.policy.ObligationTriggerR\x07trigger\"\xd8\x01\n\x1dListObligationTriggersRequest\x12+\n\x0cnamespace_id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x0bnamespaceId\x12/\n\rnamespace_fqn\x18\x02 \x01(\tB\n\xbaH\x07r\x05\x10\x01\x88\x01\x01R\x0cnamespaceFqn\x12\x33\n\npagination\x18\n \x01(\x0b\x32\x13.policy.PageRequestR\npagination:$\xbaH!\"\x1f\n\x0cnamespace_id\n\rnamespace_fqn\x10\x00\"\x8d\x01\n\x1eListObligationTriggersResponse\x12\x35\n\x08triggers\x18\x01 \x03(\x0b\x32\x19.policy.ObligationTriggerR\x08triggers\x12\x34\n\npagination\x18\n \x01(\x0b\x32\x14.policy.PageResponseR\npagination2\xcd\r\n\x07Service\x12o\n\x0fListObligations\x12*.policy.obligations.ListObligationsRequest\x1a+.policy.obligations.ListObligationsResponse\"\x03\x90\x02\x01\x12i\n\rGetObligation\x12(.policy.obligations.GetObligationRequest\x1a).policy.obligations.GetObligationResponse\"\x03\x90\x02\x01\x12~\n\x14GetObligationsByFQNs\x12/.policy.obligations.GetObligationsByFQNsRequest\x1a\x30.policy.obligations.GetObligationsByFQNsResponse\"\x03\x90\x02\x01\x12o\n\x10\x43reateObligation\x12+.policy.obligations.CreateObligationRequest\x1a,.policy.obligations.CreateObligationResponse\"\x00\x12o\n\x10UpdateObligation\x12+.policy.obligations.UpdateObligationRequest\x1a,.policy.obligations.UpdateObligationResponse\"\x00\x12o\n\x10\x44\x65leteObligation\x12+.policy.obligations.DeleteObligationRequest\x1a,.policy.obligations.DeleteObligationResponse\"\x00\x12x\n\x12GetObligationValue\x12-.policy.obligations.GetObligationValueRequest\x1a..policy.obligations.GetObligationValueResponse\"\x03\x90\x02\x01\x12\x8d\x01\n\x19GetObligationValuesByFQNs\x12\x34.policy.obligations.GetObligationValuesByFQNsRequest\x1a\x35.policy.obligations.GetObligationValuesByFQNsResponse\"\x03\x90\x02\x01\x12~\n\x15\x43reateObligationValue\x12\x30.policy.obligations.CreateObligationValueRequest\x1a\x31.policy.obligations.CreateObligationValueResponse\"\x00\x12~\n\x15UpdateObligationValue\x12\x30.policy.obligations.UpdateObligationValueRequest\x1a\x31.policy.obligations.UpdateObligationValueResponse\"\x00\x12~\n\x15\x44\x65leteObligationValue\x12\x30.policy.obligations.DeleteObligationValueRequest\x1a\x31.policy.obligations.DeleteObligationValueResponse\"\x00\x12{\n\x14\x41\x64\x64ObligationTrigger\x12/.policy.obligations.AddObligationTriggerRequest\x1a\x30.policy.obligations.AddObligationTriggerResponse\"\x00\x12\x84\x01\n\x17RemoveObligationTrigger\x12\x32.policy.obligations.RemoveObligationTriggerRequest\x1a\x33.policy.obligations.RemoveObligationTriggerResponse\"\x00\x12\x84\x01\n\x16ListObligationTriggers\x12\x31.policy.obligations.ListObligationTriggersRequest\x1a\x32.policy.obligations.ListObligationTriggersResponse\"\x03\x90\x02\x01\x42\x93\x01\n\x16\x63om.policy.obligationsB\x10ObligationsProtoP\x01\xa2\x02\x03POX\xaa\x02\x12Policy.Obligations\xca\x02\x12Policy\\Obligations\xe2\x02\x1ePolicy\\Obligations\\GPBMetadata\xea\x02\x13Policy::Obligationsb\x06proto3') _globals = globals() _builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals) @@ -35,10 +36,88 @@ if not _descriptor._USE_C_DESCRIPTORS: _globals['DESCRIPTOR']._loaded_options = None _globals['DESCRIPTOR']._serialized_options = b'\n\026com.policy.obligationsB\020ObligationsProtoP\001\242\002\003POX\252\002\022Policy.Obligations\312\002\022Policy\\Obligations\342\002\036Policy\\Obligations\\GPBMetadata\352\002\023Policy::Obligations' + _globals['_GETOBLIGATIONREQUEST'].fields_by_name['id']._loaded_options = None + _globals['_GETOBLIGATIONREQUEST'].fields_by_name['id']._serialized_options = b'\272H\005r\003\260\001\001' + _globals['_GETOBLIGATIONREQUEST'].fields_by_name['fqn']._loaded_options = None + _globals['_GETOBLIGATIONREQUEST'].fields_by_name['fqn']._serialized_options = b'\272H\007r\005\020\001\210\001\001' + _globals['_GETOBLIGATIONREQUEST']._loaded_options = None + _globals['_GETOBLIGATIONREQUEST']._serialized_options = b'\272H\r\"\013\n\002id\n\003fqn\020\001' + _globals['_VALUETRIGGERREQUEST'].fields_by_name['action']._loaded_options = None + _globals['_VALUETRIGGERREQUEST'].fields_by_name['action']._serialized_options = b'\272H\003\310\001\001' + _globals['_VALUETRIGGERREQUEST'].fields_by_name['attribute_value']._loaded_options = None + _globals['_VALUETRIGGERREQUEST'].fields_by_name['attribute_value']._serialized_options = b'\272H\003\310\001\001' + _globals['_GETOBLIGATIONSBYFQNSREQUEST'].fields_by_name['fqns']._loaded_options = None + _globals['_GETOBLIGATIONSBYFQNSREQUEST'].fields_by_name['fqns']._serialized_options = b'\272H\023\222\001\020\010\001\020\372\001\030\001\"\007r\005\020\001\210\001\001' _globals['_GETOBLIGATIONSBYFQNSRESPONSE_FQNOBLIGATIONMAPENTRY']._loaded_options = None _globals['_GETOBLIGATIONSBYFQNSRESPONSE_FQNOBLIGATIONMAPENTRY']._serialized_options = b'8\001' + _globals['_CREATEOBLIGATIONREQUEST'].fields_by_name['namespace_id']._loaded_options = None + _globals['_CREATEOBLIGATIONREQUEST'].fields_by_name['namespace_id']._serialized_options = b'\272H\005r\003\260\001\001' + _globals['_CREATEOBLIGATIONREQUEST'].fields_by_name['namespace_fqn']._loaded_options = None + _globals['_CREATEOBLIGATIONREQUEST'].fields_by_name['namespace_fqn']._serialized_options = b'\272H\007r\005\020\001\210\001\001' + _globals['_CREATEOBLIGATIONREQUEST'].fields_by_name['name']._loaded_options = None + _globals['_CREATEOBLIGATIONREQUEST'].fields_by_name['name']._serialized_options = b'\272H\216\002r\003\030\375\001\272\001\202\002\n\026obligation_name_format\022\252\001Obligation name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored name will be normalized to lower case.\032;this.matches(\'^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$\')\310\001\001' + _globals['_CREATEOBLIGATIONREQUEST'].fields_by_name['values']._loaded_options = None + _globals['_CREATEOBLIGATIONREQUEST'].fields_by_name['values']._serialized_options = b'\272H;\222\0018\010\000\030\001\"2r0\030\375\0012+^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$' + _globals['_CREATEOBLIGATIONREQUEST']._loaded_options = None + _globals['_CREATEOBLIGATIONREQUEST']._serialized_options = b'\272H!\"\037\n\014namespace_id\n\rnamespace_fqn\020\001' + _globals['_UPDATEOBLIGATIONREQUEST'].fields_by_name['id']._loaded_options = None + _globals['_UPDATEOBLIGATIONREQUEST'].fields_by_name['id']._serialized_options = b'\272H\005r\003\260\001\001' + _globals['_UPDATEOBLIGATIONREQUEST'].fields_by_name['name']._loaded_options = None + _globals['_UPDATEOBLIGATIONREQUEST'].fields_by_name['name']._serialized_options = b'\272H\246\002r\003\030\375\001\272\001\232\002\n\026obligation_name_format\022\252\001Obligation name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored name will be normalized to lower case.\032Ssize(this) > 0 ? this.matches(\'^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$\') : true\310\001\000' + _globals['_DELETEOBLIGATIONREQUEST'].fields_by_name['id']._loaded_options = None + _globals['_DELETEOBLIGATIONREQUEST'].fields_by_name['id']._serialized_options = b'\272H\005r\003\260\001\001' + _globals['_DELETEOBLIGATIONREQUEST'].fields_by_name['fqn']._loaded_options = None + _globals['_DELETEOBLIGATIONREQUEST'].fields_by_name['fqn']._serialized_options = b'\272H\007r\005\020\001\210\001\001' + _globals['_DELETEOBLIGATIONREQUEST']._loaded_options = None + _globals['_DELETEOBLIGATIONREQUEST']._serialized_options = b'\272H\r\"\013\n\002id\n\003fqn\020\001' + _globals['_LISTOBLIGATIONSREQUEST'].fields_by_name['namespace_id']._loaded_options = None + _globals['_LISTOBLIGATIONSREQUEST'].fields_by_name['namespace_id']._serialized_options = b'\272H\005r\003\260\001\001' + _globals['_LISTOBLIGATIONSREQUEST'].fields_by_name['namespace_fqn']._loaded_options = None + _globals['_LISTOBLIGATIONSREQUEST'].fields_by_name['namespace_fqn']._serialized_options = b'\272H\007r\005\020\001\210\001\001' + _globals['_LISTOBLIGATIONSREQUEST']._loaded_options = None + _globals['_LISTOBLIGATIONSREQUEST']._serialized_options = b'\272H!\"\037\n\014namespace_id\n\rnamespace_fqn\020\000' + _globals['_GETOBLIGATIONVALUEREQUEST'].fields_by_name['id']._loaded_options = None + _globals['_GETOBLIGATIONVALUEREQUEST'].fields_by_name['id']._serialized_options = b'\272H\005r\003\260\001\001' + _globals['_GETOBLIGATIONVALUEREQUEST'].fields_by_name['fqn']._loaded_options = None + _globals['_GETOBLIGATIONVALUEREQUEST'].fields_by_name['fqn']._serialized_options = b'\272H\007r\005\020\001\210\001\001' + _globals['_GETOBLIGATIONVALUEREQUEST']._loaded_options = None + _globals['_GETOBLIGATIONVALUEREQUEST']._serialized_options = b'\272H\r\"\013\n\002id\n\003fqn\020\001' + _globals['_GETOBLIGATIONVALUESBYFQNSREQUEST'].fields_by_name['fqns']._loaded_options = None + _globals['_GETOBLIGATIONVALUESBYFQNSREQUEST'].fields_by_name['fqns']._serialized_options = b'\272H\023\222\001\020\010\001\020\372\001\030\001\"\007r\005\020\001\210\001\001' _globals['_GETOBLIGATIONVALUESBYFQNSRESPONSE_FQNVALUEMAPENTRY']._loaded_options = None _globals['_GETOBLIGATIONVALUESBYFQNSRESPONSE_FQNVALUEMAPENTRY']._serialized_options = b'8\001' + _globals['_CREATEOBLIGATIONVALUEREQUEST'].fields_by_name['obligation_id']._loaded_options = None + _globals['_CREATEOBLIGATIONVALUEREQUEST'].fields_by_name['obligation_id']._serialized_options = b'\272H\005r\003\260\001\001' + _globals['_CREATEOBLIGATIONVALUEREQUEST'].fields_by_name['obligation_fqn']._loaded_options = None + _globals['_CREATEOBLIGATIONVALUEREQUEST'].fields_by_name['obligation_fqn']._serialized_options = b'\272H\007r\005\020\001\210\001\001' + _globals['_CREATEOBLIGATIONVALUEREQUEST'].fields_by_name['value']._loaded_options = None + _globals['_CREATEOBLIGATIONVALUEREQUEST'].fields_by_name['value']._serialized_options = b'\272H\221\002r\003\030\375\001\272\001\205\002\n\027obligation_value_format\022\254\001Obligation value must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored value will be normalized to lower case.\032;this.matches(\'^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$\')\310\001\001' + _globals['_CREATEOBLIGATIONVALUEREQUEST']._loaded_options = None + _globals['_CREATEOBLIGATIONVALUEREQUEST']._serialized_options = b'\272H#\"!\n\robligation_id\n\016obligation_fqn\020\001' + _globals['_UPDATEOBLIGATIONVALUEREQUEST'].fields_by_name['id']._loaded_options = None + _globals['_UPDATEOBLIGATIONVALUEREQUEST'].fields_by_name['id']._serialized_options = b'\272H\005r\003\260\001\001' + _globals['_UPDATEOBLIGATIONVALUEREQUEST'].fields_by_name['value']._loaded_options = None + _globals['_UPDATEOBLIGATIONVALUEREQUEST'].fields_by_name['value']._serialized_options = b'\272H\251\002r\003\030\375\001\272\001\235\002\n\027obligation_value_format\022\254\001Obligation value must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored value will be normalized to lower case.\032Ssize(this) > 0 ? this.matches(\'^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$\') : true\310\001\000' + _globals['_DELETEOBLIGATIONVALUEREQUEST'].fields_by_name['id']._loaded_options = None + _globals['_DELETEOBLIGATIONVALUEREQUEST'].fields_by_name['id']._serialized_options = b'\272H\005r\003\260\001\001' + _globals['_DELETEOBLIGATIONVALUEREQUEST'].fields_by_name['fqn']._loaded_options = None + _globals['_DELETEOBLIGATIONVALUEREQUEST'].fields_by_name['fqn']._serialized_options = b'\272H\007r\005\020\001\210\001\001' + _globals['_DELETEOBLIGATIONVALUEREQUEST']._loaded_options = None + _globals['_DELETEOBLIGATIONVALUEREQUEST']._serialized_options = b'\272H\r\"\013\n\002id\n\003fqn\020\001' + _globals['_ADDOBLIGATIONTRIGGERREQUEST'].fields_by_name['obligation_value']._loaded_options = None + _globals['_ADDOBLIGATIONTRIGGERREQUEST'].fields_by_name['obligation_value']._serialized_options = b'\272H\003\310\001\001' + _globals['_ADDOBLIGATIONTRIGGERREQUEST'].fields_by_name['action']._loaded_options = None + _globals['_ADDOBLIGATIONTRIGGERREQUEST'].fields_by_name['action']._serialized_options = b'\272H\003\310\001\001' + _globals['_ADDOBLIGATIONTRIGGERREQUEST'].fields_by_name['attribute_value']._loaded_options = None + _globals['_ADDOBLIGATIONTRIGGERREQUEST'].fields_by_name['attribute_value']._serialized_options = b'\272H\003\310\001\001' + _globals['_REMOVEOBLIGATIONTRIGGERREQUEST'].fields_by_name['id']._loaded_options = None + _globals['_REMOVEOBLIGATIONTRIGGERREQUEST'].fields_by_name['id']._serialized_options = b'\272H\005r\003\260\001\001' + _globals['_LISTOBLIGATIONTRIGGERSREQUEST'].fields_by_name['namespace_id']._loaded_options = None + _globals['_LISTOBLIGATIONTRIGGERSREQUEST'].fields_by_name['namespace_id']._serialized_options = b'\272H\005r\003\260\001\001' + _globals['_LISTOBLIGATIONTRIGGERSREQUEST'].fields_by_name['namespace_fqn']._loaded_options = None + _globals['_LISTOBLIGATIONTRIGGERSREQUEST'].fields_by_name['namespace_fqn']._serialized_options = b'\272H\007r\005\020\001\210\001\001' + _globals['_LISTOBLIGATIONTRIGGERSREQUEST']._loaded_options = None + _globals['_LISTOBLIGATIONTRIGGERSREQUEST']._serialized_options = b'\272H!\"\037\n\014namespace_id\n\rnamespace_fqn\020\000' _globals['_SERVICE'].methods_by_name['ListObligations']._loaded_options = None _globals['_SERVICE'].methods_by_name['ListObligations']._serialized_options = b'\220\002\001' _globals['_SERVICE'].methods_by_name['GetObligation']._loaded_options = None @@ -49,62 +128,70 @@ _globals['_SERVICE'].methods_by_name['GetObligationValue']._serialized_options = b'\220\002\001' _globals['_SERVICE'].methods_by_name['GetObligationValuesByFQNs']._loaded_options = None _globals['_SERVICE'].methods_by_name['GetObligationValuesByFQNs']._serialized_options = b'\220\002\001' - _globals['_GETOBLIGATIONREQUEST']._serialized_start=127 - _globals['_GETOBLIGATIONREQUEST']._serialized_end=201 - _globals['_GETOBLIGATIONRESPONSE']._serialized_start=203 - _globals['_GETOBLIGATIONRESPONSE']._serialized_end=278 - _globals['_GETOBLIGATIONSBYFQNSREQUEST']._serialized_start=280 - _globals['_GETOBLIGATIONSBYFQNSREQUEST']._serialized_end=329 - _globals['_GETOBLIGATIONSBYFQNSRESPONSE']._serialized_start=332 - _globals['_GETOBLIGATIONSBYFQNSRESPONSE']._serialized_end=569 - _globals['_GETOBLIGATIONSBYFQNSRESPONSE_FQNOBLIGATIONMAPENTRY']._serialized_start=482 - _globals['_GETOBLIGATIONSBYFQNSRESPONSE_FQNOBLIGATIONMAPENTRY']._serialized_end=569 - _globals['_CREATEOBLIGATIONREQUEST']._serialized_start=572 - _globals['_CREATEOBLIGATIONREQUEST']._serialized_end=732 - _globals['_CREATEOBLIGATIONRESPONSE']._serialized_start=734 - _globals['_CREATEOBLIGATIONRESPONSE']._serialized_end=812 - _globals['_UPDATEOBLIGATIONREQUEST']._serialized_start=815 - _globals['_UPDATEOBLIGATIONREQUEST']._serialized_end=1015 - _globals['_UPDATEOBLIGATIONRESPONSE']._serialized_start=1017 - _globals['_UPDATEOBLIGATIONRESPONSE']._serialized_end=1095 - _globals['_DELETEOBLIGATIONREQUEST']._serialized_start=1097 - _globals['_DELETEOBLIGATIONREQUEST']._serialized_end=1174 - _globals['_DELETEOBLIGATIONRESPONSE']._serialized_start=1176 - _globals['_DELETEOBLIGATIONRESPONSE']._serialized_end=1254 - _globals['_LISTOBLIGATIONSREQUEST']._serialized_start=1257 - _globals['_LISTOBLIGATIONSREQUEST']._serialized_end=1396 - _globals['_LISTOBLIGATIONSRESPONSE']._serialized_start=1399 - _globals['_LISTOBLIGATIONSRESPONSE']._serialized_end=1532 - _globals['_GETOBLIGATIONVALUEREQUEST']._serialized_start=1534 - _globals['_GETOBLIGATIONVALUEREQUEST']._serialized_end=1613 - _globals['_GETOBLIGATIONVALUERESPONSE']._serialized_start=1615 - _globals['_GETOBLIGATIONVALUERESPONSE']._serialized_end=1690 - _globals['_GETOBLIGATIONVALUESBYFQNSREQUEST']._serialized_start=1692 - _globals['_GETOBLIGATIONVALUESBYFQNSREQUEST']._serialized_end=1746 - _globals['_GETOBLIGATIONVALUESBYFQNSRESPONSE']._serialized_start=1749 - _globals['_GETOBLIGATIONVALUESBYFQNSRESPONSE']._serialized_end=1981 - _globals['_GETOBLIGATIONVALUESBYFQNSRESPONSE_FQNVALUEMAPENTRY']._serialized_start=1894 - _globals['_GETOBLIGATIONVALUESBYFQNSRESPONSE_FQNVALUEMAPENTRY']._serialized_end=1981 - _globals['_CREATEOBLIGATIONVALUEREQUEST']._serialized_start=1984 - _globals['_CREATEOBLIGATIONVALUEREQUEST']._serialized_end=2152 - _globals['_CREATEOBLIGATIONVALUERESPONSE']._serialized_start=2154 - _globals['_CREATEOBLIGATIONVALUERESPONSE']._serialized_end=2232 - _globals['_UPDATEOBLIGATIONVALUEREQUEST']._serialized_start=2235 - _globals['_UPDATEOBLIGATIONVALUEREQUEST']._serialized_end=2442 - _globals['_UPDATEOBLIGATIONVALUERESPONSE']._serialized_start=2444 - _globals['_UPDATEOBLIGATIONVALUERESPONSE']._serialized_end=2522 - _globals['_DELETEOBLIGATIONVALUEREQUEST']._serialized_start=2524 - _globals['_DELETEOBLIGATIONVALUEREQUEST']._serialized_end=2606 - _globals['_DELETEOBLIGATIONVALUERESPONSE']._serialized_start=2608 - _globals['_DELETEOBLIGATIONVALUERESPONSE']._serialized_end=2686 - _globals['_ADDOBLIGATIONTRIGGERREQUEST']._serialized_start=2689 - _globals['_ADDOBLIGATIONTRIGGERREQUEST']._serialized_end=2894 - _globals['_ADDOBLIGATIONTRIGGERRESPONSE']._serialized_start=2896 - _globals['_ADDOBLIGATIONTRIGGERRESPONSE']._serialized_end=2979 - _globals['_REMOVEOBLIGATIONTRIGGERREQUEST']._serialized_start=2981 - _globals['_REMOVEOBLIGATIONTRIGGERREQUEST']._serialized_end=3029 - _globals['_REMOVEOBLIGATIONTRIGGERRESPONSE']._serialized_start=3031 - _globals['_REMOVEOBLIGATIONTRIGGERRESPONSE']._serialized_end=3117 - _globals['_SERVICE']._serialized_start=3120 - _globals['_SERVICE']._serialized_end=4726 + _globals['_SERVICE'].methods_by_name['ListObligationTriggers']._loaded_options = None + _globals['_SERVICE'].methods_by_name['ListObligationTriggers']._serialized_options = b'\220\002\001' + _globals['_GETOBLIGATIONREQUEST']._serialized_start=156 + _globals['_GETOBLIGATIONREQUEST']._serialized_end=252 + _globals['_VALUETRIGGERREQUEST']._serialized_start=255 + _globals['_VALUETRIGGERREQUEST']._serialized_end=458 + _globals['_GETOBLIGATIONRESPONSE']._serialized_start=460 + _globals['_GETOBLIGATIONRESPONSE']._serialized_end=535 + _globals['_GETOBLIGATIONSBYFQNSREQUEST']._serialized_start=537 + _globals['_GETOBLIGATIONSBYFQNSREQUEST']._serialized_end=610 + _globals['_GETOBLIGATIONSBYFQNSRESPONSE']._serialized_start=613 + _globals['_GETOBLIGATIONSBYFQNSRESPONSE']._serialized_end=850 + _globals['_GETOBLIGATIONSBYFQNSRESPONSE_FQNOBLIGATIONMAPENTRY']._serialized_start=763 + _globals['_GETOBLIGATIONSBYFQNSRESPONSE_FQNOBLIGATIONMAPENTRY']._serialized_end=850 + _globals['_CREATEOBLIGATIONREQUEST']._serialized_start=853 + _globals['_CREATEOBLIGATIONREQUEST']._serialized_end=1449 + _globals['_CREATEOBLIGATIONRESPONSE']._serialized_start=1451 + _globals['_CREATEOBLIGATIONRESPONSE']._serialized_end=1529 + _globals['_UPDATEOBLIGATIONREQUEST']._serialized_start=1532 + _globals['_UPDATEOBLIGATIONREQUEST']._serialized_end=2044 + _globals['_UPDATEOBLIGATIONRESPONSE']._serialized_start=2046 + _globals['_UPDATEOBLIGATIONRESPONSE']._serialized_end=2124 + _globals['_DELETEOBLIGATIONREQUEST']._serialized_start=2126 + _globals['_DELETEOBLIGATIONREQUEST']._serialized_end=2225 + _globals['_DELETEOBLIGATIONRESPONSE']._serialized_start=2227 + _globals['_DELETEOBLIGATIONRESPONSE']._serialized_end=2305 + _globals['_LISTOBLIGATIONSREQUEST']._serialized_start=2308 + _globals['_LISTOBLIGATIONSREQUEST']._serialized_end=2517 + _globals['_LISTOBLIGATIONSRESPONSE']._serialized_start=2520 + _globals['_LISTOBLIGATIONSRESPONSE']._serialized_end=2653 + _globals['_GETOBLIGATIONVALUEREQUEST']._serialized_start=2655 + _globals['_GETOBLIGATIONVALUEREQUEST']._serialized_end=2756 + _globals['_GETOBLIGATIONVALUERESPONSE']._serialized_start=2758 + _globals['_GETOBLIGATIONVALUERESPONSE']._serialized_end=2833 + _globals['_GETOBLIGATIONVALUESBYFQNSREQUEST']._serialized_start=2835 + _globals['_GETOBLIGATIONVALUESBYFQNSREQUEST']._serialized_end=2913 + _globals['_GETOBLIGATIONVALUESBYFQNSRESPONSE']._serialized_start=2916 + _globals['_GETOBLIGATIONVALUESBYFQNSRESPONSE']._serialized_end=3148 + _globals['_GETOBLIGATIONVALUESBYFQNSRESPONSE_FQNVALUEMAPENTRY']._serialized_start=3061 + _globals['_GETOBLIGATIONVALUESBYFQNSRESPONSE_FQNVALUEMAPENTRY']._serialized_end=3148 + _globals['_CREATEOBLIGATIONVALUEREQUEST']._serialized_start=3151 + _globals['_CREATEOBLIGATIONVALUEREQUEST']._serialized_end=3744 + _globals['_CREATEOBLIGATIONVALUERESPONSE']._serialized_start=3746 + _globals['_CREATEOBLIGATIONVALUERESPONSE']._serialized_end=3824 + _globals['_UPDATEOBLIGATIONVALUEREQUEST']._serialized_start=3827 + _globals['_UPDATEOBLIGATIONVALUEREQUEST']._serialized_end=4418 + _globals['_UPDATEOBLIGATIONVALUERESPONSE']._serialized_start=4420 + _globals['_UPDATEOBLIGATIONVALUERESPONSE']._serialized_end=4498 + _globals['_DELETEOBLIGATIONVALUEREQUEST']._serialized_start=4500 + _globals['_DELETEOBLIGATIONVALUEREQUEST']._serialized_end=4604 + _globals['_DELETEOBLIGATIONVALUERESPONSE']._serialized_start=4606 + _globals['_DELETEOBLIGATIONVALUERESPONSE']._serialized_end=4684 + _globals['_ADDOBLIGATIONTRIGGERREQUEST']._serialized_start=4687 + _globals['_ADDOBLIGATIONTRIGGERREQUEST']._serialized_end=5027 + _globals['_ADDOBLIGATIONTRIGGERRESPONSE']._serialized_start=5029 + _globals['_ADDOBLIGATIONTRIGGERRESPONSE']._serialized_end=5112 + _globals['_REMOVEOBLIGATIONTRIGGERREQUEST']._serialized_start=5114 + _globals['_REMOVEOBLIGATIONTRIGGERREQUEST']._serialized_end=5172 + _globals['_REMOVEOBLIGATIONTRIGGERRESPONSE']._serialized_start=5174 + _globals['_REMOVEOBLIGATIONTRIGGERRESPONSE']._serialized_end=5260 + _globals['_LISTOBLIGATIONTRIGGERSREQUEST']._serialized_start=5263 + _globals['_LISTOBLIGATIONTRIGGERSREQUEST']._serialized_end=5479 + _globals['_LISTOBLIGATIONTRIGGERSRESPONSE']._serialized_start=5482 + _globals['_LISTOBLIGATIONTRIGGERSRESPONSE']._serialized_end=5623 + _globals['_SERVICE']._serialized_start=5626 + _globals['_SERVICE']._serialized_end=7367 # @@protoc_insertion_point(module_scope) diff --git a/otdf-python-proto/src/otdf_python_proto/policy/obligations/obligations_pb2.pyi b/otdf-python-proto/src/otdf_python_proto/policy/obligations/obligations_pb2.pyi index 00ba1d7..895d17d 100644 --- a/otdf-python-proto/src/otdf_python_proto/policy/obligations/obligations_pb2.pyi +++ b/otdf-python-proto/src/otdf_python_proto/policy/obligations/obligations_pb2.pyi @@ -1,6 +1,7 @@ from common import common_pb2 as _common_pb2 from policy import objects_pb2 as _objects_pb2 from policy import selectors_pb2 as _selectors_pb2 +from buf.validate import validate_pb2 as _validate_pb2 from google.protobuf.internal import containers as _containers from google.protobuf import descriptor as _descriptor from google.protobuf import message as _message @@ -17,6 +18,16 @@ class GetObligationRequest(_message.Message): fqn: str def __init__(self, id: _Optional[str] = ..., fqn: _Optional[str] = ...) -> None: ... +class ValueTriggerRequest(_message.Message): + __slots__ = ("action", "attribute_value", "context") + ACTION_FIELD_NUMBER: _ClassVar[int] + ATTRIBUTE_VALUE_FIELD_NUMBER: _ClassVar[int] + CONTEXT_FIELD_NUMBER: _ClassVar[int] + action: _common_pb2.IdNameIdentifier + attribute_value: _common_pb2.IdFqnIdentifier + context: _objects_pb2.RequestContext + def __init__(self, action: _Optional[_Union[_common_pb2.IdNameIdentifier, _Mapping]] = ..., attribute_value: _Optional[_Union[_common_pb2.IdFqnIdentifier, _Mapping]] = ..., context: _Optional[_Union[_objects_pb2.RequestContext, _Mapping]] = ...) -> None: ... + class GetObligationResponse(_message.Message): __slots__ = ("obligation",) OBLIGATION_FIELD_NUMBER: _ClassVar[int] @@ -43,16 +54,18 @@ class GetObligationsByFQNsResponse(_message.Message): def __init__(self, fqn_obligation_map: _Optional[_Mapping[str, _objects_pb2.Obligation]] = ...) -> None: ... class CreateObligationRequest(_message.Message): - __slots__ = ("id", "fqn", "name", "metadata") - ID_FIELD_NUMBER: _ClassVar[int] - FQN_FIELD_NUMBER: _ClassVar[int] + __slots__ = ("namespace_id", "namespace_fqn", "name", "values", "metadata") + NAMESPACE_ID_FIELD_NUMBER: _ClassVar[int] + NAMESPACE_FQN_FIELD_NUMBER: _ClassVar[int] NAME_FIELD_NUMBER: _ClassVar[int] + VALUES_FIELD_NUMBER: _ClassVar[int] METADATA_FIELD_NUMBER: _ClassVar[int] - id: str - fqn: str + namespace_id: str + namespace_fqn: str name: str + values: _containers.RepeatedScalarFieldContainer[str] metadata: _common_pb2.MetadataMutable - def __init__(self, id: _Optional[str] = ..., fqn: _Optional[str] = ..., name: _Optional[str] = ..., metadata: _Optional[_Union[_common_pb2.MetadataMutable, _Mapping]] = ...) -> None: ... + def __init__(self, namespace_id: _Optional[str] = ..., namespace_fqn: _Optional[str] = ..., name: _Optional[str] = ..., values: _Optional[_Iterable[str]] = ..., metadata: _Optional[_Union[_common_pb2.MetadataMutable, _Mapping]] = ...) -> None: ... class CreateObligationResponse(_message.Message): __slots__ = ("obligation",) @@ -93,14 +106,14 @@ class DeleteObligationResponse(_message.Message): def __init__(self, obligation: _Optional[_Union[_objects_pb2.Obligation, _Mapping]] = ...) -> None: ... class ListObligationsRequest(_message.Message): - __slots__ = ("id", "fqn", "pagination") - ID_FIELD_NUMBER: _ClassVar[int] - FQN_FIELD_NUMBER: _ClassVar[int] + __slots__ = ("namespace_id", "namespace_fqn", "pagination") + NAMESPACE_ID_FIELD_NUMBER: _ClassVar[int] + NAMESPACE_FQN_FIELD_NUMBER: _ClassVar[int] PAGINATION_FIELD_NUMBER: _ClassVar[int] - id: str - fqn: str + namespace_id: str + namespace_fqn: str pagination: _selectors_pb2.PageRequest - def __init__(self, id: _Optional[str] = ..., fqn: _Optional[str] = ..., pagination: _Optional[_Union[_selectors_pb2.PageRequest, _Mapping]] = ...) -> None: ... + def __init__(self, namespace_id: _Optional[str] = ..., namespace_fqn: _Optional[str] = ..., pagination: _Optional[_Union[_selectors_pb2.PageRequest, _Mapping]] = ...) -> None: ... class ListObligationsResponse(_message.Message): __slots__ = ("obligations", "pagination") @@ -144,16 +157,18 @@ class GetObligationValuesByFQNsResponse(_message.Message): def __init__(self, fqn_value_map: _Optional[_Mapping[str, _objects_pb2.ObligationValue]] = ...) -> None: ... class CreateObligationValueRequest(_message.Message): - __slots__ = ("id", "fqn", "value", "metadata") - ID_FIELD_NUMBER: _ClassVar[int] - FQN_FIELD_NUMBER: _ClassVar[int] + __slots__ = ("obligation_id", "obligation_fqn", "value", "triggers", "metadata") + OBLIGATION_ID_FIELD_NUMBER: _ClassVar[int] + OBLIGATION_FQN_FIELD_NUMBER: _ClassVar[int] VALUE_FIELD_NUMBER: _ClassVar[int] + TRIGGERS_FIELD_NUMBER: _ClassVar[int] METADATA_FIELD_NUMBER: _ClassVar[int] - id: str - fqn: str + obligation_id: str + obligation_fqn: str value: str + triggers: _containers.RepeatedCompositeFieldContainer[ValueTriggerRequest] metadata: _common_pb2.MetadataMutable - def __init__(self, id: _Optional[str] = ..., fqn: _Optional[str] = ..., value: _Optional[str] = ..., metadata: _Optional[_Union[_common_pb2.MetadataMutable, _Mapping]] = ...) -> None: ... + def __init__(self, obligation_id: _Optional[str] = ..., obligation_fqn: _Optional[str] = ..., value: _Optional[str] = ..., triggers: _Optional[_Iterable[_Union[ValueTriggerRequest, _Mapping]]] = ..., metadata: _Optional[_Union[_common_pb2.MetadataMutable, _Mapping]] = ...) -> None: ... class CreateObligationValueResponse(_message.Message): __slots__ = ("value",) @@ -162,16 +177,18 @@ class CreateObligationValueResponse(_message.Message): def __init__(self, value: _Optional[_Union[_objects_pb2.ObligationValue, _Mapping]] = ...) -> None: ... class UpdateObligationValueRequest(_message.Message): - __slots__ = ("id", "value", "metadata", "metadata_update_behavior") + __slots__ = ("id", "value", "triggers", "metadata", "metadata_update_behavior") ID_FIELD_NUMBER: _ClassVar[int] VALUE_FIELD_NUMBER: _ClassVar[int] + TRIGGERS_FIELD_NUMBER: _ClassVar[int] METADATA_FIELD_NUMBER: _ClassVar[int] METADATA_UPDATE_BEHAVIOR_FIELD_NUMBER: _ClassVar[int] id: str value: str + triggers: _containers.RepeatedCompositeFieldContainer[ValueTriggerRequest] metadata: _common_pb2.MetadataMutable metadata_update_behavior: _common_pb2.MetadataUpdateEnum - def __init__(self, id: _Optional[str] = ..., value: _Optional[str] = ..., metadata: _Optional[_Union[_common_pb2.MetadataMutable, _Mapping]] = ..., metadata_update_behavior: _Optional[_Union[_common_pb2.MetadataUpdateEnum, str]] = ...) -> None: ... + def __init__(self, id: _Optional[str] = ..., value: _Optional[str] = ..., triggers: _Optional[_Iterable[_Union[ValueTriggerRequest, _Mapping]]] = ..., metadata: _Optional[_Union[_common_pb2.MetadataMutable, _Mapping]] = ..., metadata_update_behavior: _Optional[_Union[_common_pb2.MetadataUpdateEnum, str]] = ...) -> None: ... class UpdateObligationValueResponse(_message.Message): __slots__ = ("value",) @@ -194,16 +211,18 @@ class DeleteObligationValueResponse(_message.Message): def __init__(self, value: _Optional[_Union[_objects_pb2.ObligationValue, _Mapping]] = ...) -> None: ... class AddObligationTriggerRequest(_message.Message): - __slots__ = ("obligation_value_id", "action_id", "attribute_value_id", "metadata") - OBLIGATION_VALUE_ID_FIELD_NUMBER: _ClassVar[int] - ACTION_ID_FIELD_NUMBER: _ClassVar[int] - ATTRIBUTE_VALUE_ID_FIELD_NUMBER: _ClassVar[int] + __slots__ = ("obligation_value", "action", "attribute_value", "context", "metadata") + OBLIGATION_VALUE_FIELD_NUMBER: _ClassVar[int] + ACTION_FIELD_NUMBER: _ClassVar[int] + ATTRIBUTE_VALUE_FIELD_NUMBER: _ClassVar[int] + CONTEXT_FIELD_NUMBER: _ClassVar[int] METADATA_FIELD_NUMBER: _ClassVar[int] - obligation_value_id: str - action_id: str - attribute_value_id: str + obligation_value: _common_pb2.IdFqnIdentifier + action: _common_pb2.IdNameIdentifier + attribute_value: _common_pb2.IdFqnIdentifier + context: _objects_pb2.RequestContext metadata: _common_pb2.MetadataMutable - def __init__(self, obligation_value_id: _Optional[str] = ..., action_id: _Optional[str] = ..., attribute_value_id: _Optional[str] = ..., metadata: _Optional[_Union[_common_pb2.MetadataMutable, _Mapping]] = ...) -> None: ... + def __init__(self, obligation_value: _Optional[_Union[_common_pb2.IdFqnIdentifier, _Mapping]] = ..., action: _Optional[_Union[_common_pb2.IdNameIdentifier, _Mapping]] = ..., attribute_value: _Optional[_Union[_common_pb2.IdFqnIdentifier, _Mapping]] = ..., context: _Optional[_Union[_objects_pb2.RequestContext, _Mapping]] = ..., metadata: _Optional[_Union[_common_pb2.MetadataMutable, _Mapping]] = ...) -> None: ... class AddObligationTriggerResponse(_message.Message): __slots__ = ("trigger",) @@ -222,3 +241,21 @@ class RemoveObligationTriggerResponse(_message.Message): TRIGGER_FIELD_NUMBER: _ClassVar[int] trigger: _objects_pb2.ObligationTrigger def __init__(self, trigger: _Optional[_Union[_objects_pb2.ObligationTrigger, _Mapping]] = ...) -> None: ... + +class ListObligationTriggersRequest(_message.Message): + __slots__ = ("namespace_id", "namespace_fqn", "pagination") + NAMESPACE_ID_FIELD_NUMBER: _ClassVar[int] + NAMESPACE_FQN_FIELD_NUMBER: _ClassVar[int] + PAGINATION_FIELD_NUMBER: _ClassVar[int] + namespace_id: str + namespace_fqn: str + pagination: _selectors_pb2.PageRequest + def __init__(self, namespace_id: _Optional[str] = ..., namespace_fqn: _Optional[str] = ..., pagination: _Optional[_Union[_selectors_pb2.PageRequest, _Mapping]] = ...) -> None: ... + +class ListObligationTriggersResponse(_message.Message): + __slots__ = ("triggers", "pagination") + TRIGGERS_FIELD_NUMBER: _ClassVar[int] + PAGINATION_FIELD_NUMBER: _ClassVar[int] + triggers: _containers.RepeatedCompositeFieldContainer[_objects_pb2.ObligationTrigger] + pagination: _selectors_pb2.PageResponse + def __init__(self, triggers: _Optional[_Iterable[_Union[_objects_pb2.ObligationTrigger, _Mapping]]] = ..., pagination: _Optional[_Union[_selectors_pb2.PageResponse, _Mapping]] = ...) -> None: ... diff --git a/otdf-python-proto/src/otdf_python_proto/policy/unsafe/unsafe_pb2.py b/otdf-python-proto/src/otdf_python_proto/policy/unsafe/unsafe_pb2.py index a105fd9..b1977c1 100644 --- a/otdf-python-proto/src/otdf_python_proto/policy/unsafe/unsafe_pb2.py +++ b/otdf-python-proto/src/otdf_python_proto/policy/unsafe/unsafe_pb2.py @@ -23,10 +23,11 @@ from buf.validate import validate_pb2 as buf_dot_validate_dot_validate__pb2 +from google.protobuf import wrappers_pb2 as google_dot_protobuf_dot_wrappers__pb2 from policy import objects_pb2 as policy_dot_objects__pb2 -DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x1apolicy/unsafe/unsafe.proto\x12\rpolicy.unsafe\x1a\x1b\x62uf/validate/validate.proto\x1a\x14policy/objects.proto\"\xeb\x04\n\x1cUnsafeUpdateNamespaceRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\xb0\x04\n\x04name\x18\x02 \x01(\tB\x9b\x04\xbaH\x97\x04r\x03\x18\xfd\x01\xba\x01\x8e\x04\n\x15namespace_name_format\x12\xa1\x03Namespace must be a valid hostname. It should include at least one dot, with each segment (label) starting and ending with an alphanumeric character. Each label must be 1 to 63 characters long, allowing hyphens but not as the first or last character. The top-level domain (the last segment after the final dot) must consist of at least two alphabetic characters. The stored namespace will be normalized to lower case.\x1aQthis.matches(\'^([a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?\\\\.)+[a-zA-Z]{2,}$\')R\x04name\"P\n\x1dUnsafeUpdateNamespaceResponse\x12/\n\tnamespace\x18\x01 \x01(\x0b\x32\x11.policy.NamespaceR\tnamespace\"<\n UnsafeReactivateNamespaceRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\"T\n!UnsafeReactivateNamespaceResponse\x12/\n\tnamespace\x18\x01 \x01(\x0b\x32\x11.policy.NamespaceR\tnamespace\"R\n\x1cUnsafeDeleteNamespaceRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x18\n\x03\x66qn\x18\x02 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x03\x66qn\"P\n\x1dUnsafeDeleteNamespaceResponse\x12/\n\tnamespace\x18\x01 \x01(\x0b\x32\x11.policy.NamespaceR\tnamespace\"\xe2\x03\n\x1cUnsafeUpdateAttributeRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\xc7\x02\n\x04name\x18\x02 \x01(\tB\xb2\x02\xbaH\xae\x02r\x03\x18\xfd\x01\xba\x01\xa2\x02\n\x15\x61ttribute_name_format\x12\xb3\x01\x41ttribute name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored attribute name will be normalized to lower case.\x1aSsize(this) > 0 ? this.matches(\'^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$\') : true\xc8\x01\x00R\x04name\x12;\n\x04rule\x18\x03 \x01(\x0e\x32\x1d.policy.AttributeRuleTypeEnumB\x08\xbaH\x05\x82\x01\x02\x10\x01R\x04rule\x12!\n\x0cvalues_order\x18\x04 \x03(\tR\x0bvaluesOrder\"P\n\x1dUnsafeUpdateAttributeResponse\x12/\n\tattribute\x18\x01 \x01(\x0b\x32\x11.policy.AttributeR\tattribute\"<\n UnsafeReactivateAttributeRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\"T\n!UnsafeReactivateAttributeResponse\x12/\n\tattribute\x18\x01 \x01(\x0b\x32\x11.policy.AttributeR\tattribute\"R\n\x1cUnsafeDeleteAttributeRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x18\n\x03\x66qn\x18\x02 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x03\x66qn\"P\n\x1dUnsafeDeleteAttributeResponse\x12/\n\tattribute\x18\x01 \x01(\x0b\x32\x11.policy.AttributeR\tattribute\"\xe7\x02\n!UnsafeUpdateAttributeValueRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\xa7\x02\n\x05value\x18\x02 \x01(\tB\x90\x02\xbaH\x8c\x02r\x03\x18\xfd\x01\xba\x01\x83\x02\n\x0cvalue_format\x12\xb5\x01\x41ttribute Value must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored attribute value will be normalized to lower case.\x1a;this.matches(\'^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$\')R\x05value\"I\n\"UnsafeUpdateAttributeValueResponse\x12#\n\x05value\x18\x01 \x01(\x0b\x32\r.policy.ValueR\x05value\"A\n%UnsafeReactivateAttributeValueRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\"M\n&UnsafeReactivateAttributeValueResponse\x12#\n\x05value\x18\x01 \x01(\x0b\x32\r.policy.ValueR\x05value\"W\n!UnsafeDeleteAttributeValueRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x18\n\x03\x66qn\x18\x02 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x03\x66qn\"I\n\"UnsafeDeleteAttributeValueResponse\x12#\n\x05value\x18\x01 \x01(\x0b\x32\r.policy.ValueR\x05value\"p\n\x19UnsafeDeleteKasKeyRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x18\n\x03kid\x18\x02 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x03kid\x12\x1f\n\x07kas_uri\x18\x03 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x06kasUri\">\n\x1aUnsafeDeleteKasKeyResponse\x12 \n\x03key\x18\x01 \x01(\x0b\x32\x0e.policy.KasKeyR\x03key2\xf8\t\n\rUnsafeService\x12t\n\x15UnsafeUpdateNamespace\x12+.policy.unsafe.UnsafeUpdateNamespaceRequest\x1a,.policy.unsafe.UnsafeUpdateNamespaceResponse\"\x00\x12\x80\x01\n\x19UnsafeReactivateNamespace\x12/.policy.unsafe.UnsafeReactivateNamespaceRequest\x1a\x30.policy.unsafe.UnsafeReactivateNamespaceResponse\"\x00\x12t\n\x15UnsafeDeleteNamespace\x12+.policy.unsafe.UnsafeDeleteNamespaceRequest\x1a,.policy.unsafe.UnsafeDeleteNamespaceResponse\"\x00\x12t\n\x15UnsafeUpdateAttribute\x12+.policy.unsafe.UnsafeUpdateAttributeRequest\x1a,.policy.unsafe.UnsafeUpdateAttributeResponse\"\x00\x12\x80\x01\n\x19UnsafeReactivateAttribute\x12/.policy.unsafe.UnsafeReactivateAttributeRequest\x1a\x30.policy.unsafe.UnsafeReactivateAttributeResponse\"\x00\x12t\n\x15UnsafeDeleteAttribute\x12+.policy.unsafe.UnsafeDeleteAttributeRequest\x1a,.policy.unsafe.UnsafeDeleteAttributeResponse\"\x00\x12\x83\x01\n\x1aUnsafeUpdateAttributeValue\x12\x30.policy.unsafe.UnsafeUpdateAttributeValueRequest\x1a\x31.policy.unsafe.UnsafeUpdateAttributeValueResponse\"\x00\x12\x8f\x01\n\x1eUnsafeReactivateAttributeValue\x12\x34.policy.unsafe.UnsafeReactivateAttributeValueRequest\x1a\x35.policy.unsafe.UnsafeReactivateAttributeValueResponse\"\x00\x12\x83\x01\n\x1aUnsafeDeleteAttributeValue\x12\x30.policy.unsafe.UnsafeDeleteAttributeValueRequest\x1a\x31.policy.unsafe.UnsafeDeleteAttributeValueResponse\"\x00\x12k\n\x12UnsafeDeleteKasKey\x12(.policy.unsafe.UnsafeDeleteKasKeyRequest\x1a).policy.unsafe.UnsafeDeleteKasKeyResponse\"\x00\x42u\n\x11\x63om.policy.unsafeB\x0bUnsafeProtoP\x01\xa2\x02\x03PUX\xaa\x02\rPolicy.Unsafe\xca\x02\rPolicy\\Unsafe\xe2\x02\x19Policy\\Unsafe\\GPBMetadata\xea\x02\x0ePolicy::Unsafeb\x06proto3') +DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x1apolicy/unsafe/unsafe.proto\x12\rpolicy.unsafe\x1a\x1b\x62uf/validate/validate.proto\x1a\x1egoogle/protobuf/wrappers.proto\x1a\x14policy/objects.proto\"\xeb\x04\n\x1cUnsafeUpdateNamespaceRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\xb0\x04\n\x04name\x18\x02 \x01(\tB\x9b\x04\xbaH\x97\x04r\x03\x18\xfd\x01\xba\x01\x8e\x04\n\x15namespace_name_format\x12\xa1\x03Namespace must be a valid hostname. It should include at least one dot, with each segment (label) starting and ending with an alphanumeric character. Each label must be 1 to 63 characters long, allowing hyphens but not as the first or last character. The top-level domain (the last segment after the final dot) must consist of at least two alphabetic characters. The stored namespace will be normalized to lower case.\x1aQthis.matches(\'^([a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?\\\\.)+[a-zA-Z]{2,}$\')R\x04name\"P\n\x1dUnsafeUpdateNamespaceResponse\x12/\n\tnamespace\x18\x01 \x01(\x0b\x32\x11.policy.NamespaceR\tnamespace\"<\n UnsafeReactivateNamespaceRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\"T\n!UnsafeReactivateNamespaceResponse\x12/\n\tnamespace\x18\x01 \x01(\x0b\x32\x11.policy.NamespaceR\tnamespace\"R\n\x1cUnsafeDeleteNamespaceRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x18\n\x03\x66qn\x18\x02 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x03\x66qn\"P\n\x1dUnsafeDeleteNamespaceResponse\x12/\n\tnamespace\x18\x01 \x01(\x0b\x32\x11.policy.NamespaceR\tnamespace\"\xa7\x04\n\x1cUnsafeUpdateAttributeRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\xc7\x02\n\x04name\x18\x02 \x01(\tB\xb2\x02\xbaH\xae\x02r\x03\x18\xfd\x01\xba\x01\xa2\x02\n\x15\x61ttribute_name_format\x12\xb3\x01\x41ttribute name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored attribute name will be normalized to lower case.\x1aSsize(this) > 0 ? this.matches(\'^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$\') : true\xc8\x01\x00R\x04name\x12;\n\x04rule\x18\x03 \x01(\x0e\x32\x1d.policy.AttributeRuleTypeEnumB\x08\xbaH\x05\x82\x01\x02\x10\x01R\x04rule\x12\x43\n\x0f\x61llow_traversal\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.BoolValueR\x0e\x61llowTraversal\x12!\n\x0cvalues_order\x18\x04 \x03(\tR\x0bvaluesOrder\"P\n\x1dUnsafeUpdateAttributeResponse\x12/\n\tattribute\x18\x01 \x01(\x0b\x32\x11.policy.AttributeR\tattribute\"<\n UnsafeReactivateAttributeRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\"T\n!UnsafeReactivateAttributeResponse\x12/\n\tattribute\x18\x01 \x01(\x0b\x32\x11.policy.AttributeR\tattribute\"R\n\x1cUnsafeDeleteAttributeRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x18\n\x03\x66qn\x18\x02 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x03\x66qn\"P\n\x1dUnsafeDeleteAttributeResponse\x12/\n\tattribute\x18\x01 \x01(\x0b\x32\x11.policy.AttributeR\tattribute\"\xe7\x02\n!UnsafeUpdateAttributeValueRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\xa7\x02\n\x05value\x18\x02 \x01(\tB\x90\x02\xbaH\x8c\x02r\x03\x18\xfd\x01\xba\x01\x83\x02\n\x0cvalue_format\x12\xb5\x01\x41ttribute Value must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored attribute value will be normalized to lower case.\x1a;this.matches(\'^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$\')R\x05value\"I\n\"UnsafeUpdateAttributeValueResponse\x12#\n\x05value\x18\x01 \x01(\x0b\x32\r.policy.ValueR\x05value\"A\n%UnsafeReactivateAttributeValueRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\"M\n&UnsafeReactivateAttributeValueResponse\x12#\n\x05value\x18\x01 \x01(\x0b\x32\r.policy.ValueR\x05value\"W\n!UnsafeDeleteAttributeValueRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x18\n\x03\x66qn\x18\x02 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x03\x66qn\"I\n\"UnsafeDeleteAttributeValueResponse\x12#\n\x05value\x18\x01 \x01(\x0b\x32\r.policy.ValueR\x05value\"p\n\x19UnsafeDeleteKasKeyRequest\x12\x18\n\x02id\x18\x01 \x01(\tB\x08\xbaH\x05r\x03\xb0\x01\x01R\x02id\x12\x18\n\x03kid\x18\x02 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x03kid\x12\x1f\n\x07kas_uri\x18\x03 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x06kasUri\">\n\x1aUnsafeDeleteKasKeyResponse\x12 \n\x03key\x18\x01 \x01(\x0b\x32\x0e.policy.KasKeyR\x03key2\xf8\t\n\rUnsafeService\x12t\n\x15UnsafeUpdateNamespace\x12+.policy.unsafe.UnsafeUpdateNamespaceRequest\x1a,.policy.unsafe.UnsafeUpdateNamespaceResponse\"\x00\x12\x80\x01\n\x19UnsafeReactivateNamespace\x12/.policy.unsafe.UnsafeReactivateNamespaceRequest\x1a\x30.policy.unsafe.UnsafeReactivateNamespaceResponse\"\x00\x12t\n\x15UnsafeDeleteNamespace\x12+.policy.unsafe.UnsafeDeleteNamespaceRequest\x1a,.policy.unsafe.UnsafeDeleteNamespaceResponse\"\x00\x12t\n\x15UnsafeUpdateAttribute\x12+.policy.unsafe.UnsafeUpdateAttributeRequest\x1a,.policy.unsafe.UnsafeUpdateAttributeResponse\"\x00\x12\x80\x01\n\x19UnsafeReactivateAttribute\x12/.policy.unsafe.UnsafeReactivateAttributeRequest\x1a\x30.policy.unsafe.UnsafeReactivateAttributeResponse\"\x00\x12t\n\x15UnsafeDeleteAttribute\x12+.policy.unsafe.UnsafeDeleteAttributeRequest\x1a,.policy.unsafe.UnsafeDeleteAttributeResponse\"\x00\x12\x83\x01\n\x1aUnsafeUpdateAttributeValue\x12\x30.policy.unsafe.UnsafeUpdateAttributeValueRequest\x1a\x31.policy.unsafe.UnsafeUpdateAttributeValueResponse\"\x00\x12\x8f\x01\n\x1eUnsafeReactivateAttributeValue\x12\x34.policy.unsafe.UnsafeReactivateAttributeValueRequest\x1a\x35.policy.unsafe.UnsafeReactivateAttributeValueResponse\"\x00\x12\x83\x01\n\x1aUnsafeDeleteAttributeValue\x12\x30.policy.unsafe.UnsafeDeleteAttributeValueRequest\x1a\x31.policy.unsafe.UnsafeDeleteAttributeValueResponse\"\x00\x12k\n\x12UnsafeDeleteKasKey\x12(.policy.unsafe.UnsafeDeleteKasKeyRequest\x1a).policy.unsafe.UnsafeDeleteKasKeyResponse\"\x00\x42u\n\x11\x63om.policy.unsafeB\x0bUnsafeProtoP\x01\xa2\x02\x03PUX\xaa\x02\rPolicy.Unsafe\xca\x02\rPolicy\\Unsafe\xe2\x02\x19Policy\\Unsafe\\GPBMetadata\xea\x02\x0ePolicy::Unsafeb\x06proto3') _globals = globals() _builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals) @@ -72,46 +73,46 @@ _globals['_UNSAFEDELETEKASKEYREQUEST'].fields_by_name['kid']._serialized_options = b'\272H\003\310\001\001' _globals['_UNSAFEDELETEKASKEYREQUEST'].fields_by_name['kas_uri']._loaded_options = None _globals['_UNSAFEDELETEKASKEYREQUEST'].fields_by_name['kas_uri']._serialized_options = b'\272H\003\310\001\001' - _globals['_UNSAFEUPDATENAMESPACEREQUEST']._serialized_start=97 - _globals['_UNSAFEUPDATENAMESPACEREQUEST']._serialized_end=716 - _globals['_UNSAFEUPDATENAMESPACERESPONSE']._serialized_start=718 - _globals['_UNSAFEUPDATENAMESPACERESPONSE']._serialized_end=798 - _globals['_UNSAFEREACTIVATENAMESPACEREQUEST']._serialized_start=800 - _globals['_UNSAFEREACTIVATENAMESPACEREQUEST']._serialized_end=860 - _globals['_UNSAFEREACTIVATENAMESPACERESPONSE']._serialized_start=862 - _globals['_UNSAFEREACTIVATENAMESPACERESPONSE']._serialized_end=946 - _globals['_UNSAFEDELETENAMESPACEREQUEST']._serialized_start=948 - _globals['_UNSAFEDELETENAMESPACEREQUEST']._serialized_end=1030 - _globals['_UNSAFEDELETENAMESPACERESPONSE']._serialized_start=1032 - _globals['_UNSAFEDELETENAMESPACERESPONSE']._serialized_end=1112 - _globals['_UNSAFEUPDATEATTRIBUTEREQUEST']._serialized_start=1115 - _globals['_UNSAFEUPDATEATTRIBUTEREQUEST']._serialized_end=1597 - _globals['_UNSAFEUPDATEATTRIBUTERESPONSE']._serialized_start=1599 - _globals['_UNSAFEUPDATEATTRIBUTERESPONSE']._serialized_end=1679 - _globals['_UNSAFEREACTIVATEATTRIBUTEREQUEST']._serialized_start=1681 - _globals['_UNSAFEREACTIVATEATTRIBUTEREQUEST']._serialized_end=1741 - _globals['_UNSAFEREACTIVATEATTRIBUTERESPONSE']._serialized_start=1743 - _globals['_UNSAFEREACTIVATEATTRIBUTERESPONSE']._serialized_end=1827 - _globals['_UNSAFEDELETEATTRIBUTEREQUEST']._serialized_start=1829 - _globals['_UNSAFEDELETEATTRIBUTEREQUEST']._serialized_end=1911 - _globals['_UNSAFEDELETEATTRIBUTERESPONSE']._serialized_start=1913 - _globals['_UNSAFEDELETEATTRIBUTERESPONSE']._serialized_end=1993 - _globals['_UNSAFEUPDATEATTRIBUTEVALUEREQUEST']._serialized_start=1996 - _globals['_UNSAFEUPDATEATTRIBUTEVALUEREQUEST']._serialized_end=2355 - _globals['_UNSAFEUPDATEATTRIBUTEVALUERESPONSE']._serialized_start=2357 - _globals['_UNSAFEUPDATEATTRIBUTEVALUERESPONSE']._serialized_end=2430 - _globals['_UNSAFEREACTIVATEATTRIBUTEVALUEREQUEST']._serialized_start=2432 - _globals['_UNSAFEREACTIVATEATTRIBUTEVALUEREQUEST']._serialized_end=2497 - _globals['_UNSAFEREACTIVATEATTRIBUTEVALUERESPONSE']._serialized_start=2499 - _globals['_UNSAFEREACTIVATEATTRIBUTEVALUERESPONSE']._serialized_end=2576 - _globals['_UNSAFEDELETEATTRIBUTEVALUEREQUEST']._serialized_start=2578 - _globals['_UNSAFEDELETEATTRIBUTEVALUEREQUEST']._serialized_end=2665 - _globals['_UNSAFEDELETEATTRIBUTEVALUERESPONSE']._serialized_start=2667 - _globals['_UNSAFEDELETEATTRIBUTEVALUERESPONSE']._serialized_end=2740 - _globals['_UNSAFEDELETEKASKEYREQUEST']._serialized_start=2742 - _globals['_UNSAFEDELETEKASKEYREQUEST']._serialized_end=2854 - _globals['_UNSAFEDELETEKASKEYRESPONSE']._serialized_start=2856 - _globals['_UNSAFEDELETEKASKEYRESPONSE']._serialized_end=2918 - _globals['_UNSAFESERVICE']._serialized_start=2921 - _globals['_UNSAFESERVICE']._serialized_end=4193 + _globals['_UNSAFEUPDATENAMESPACEREQUEST']._serialized_start=129 + _globals['_UNSAFEUPDATENAMESPACEREQUEST']._serialized_end=748 + _globals['_UNSAFEUPDATENAMESPACERESPONSE']._serialized_start=750 + _globals['_UNSAFEUPDATENAMESPACERESPONSE']._serialized_end=830 + _globals['_UNSAFEREACTIVATENAMESPACEREQUEST']._serialized_start=832 + _globals['_UNSAFEREACTIVATENAMESPACEREQUEST']._serialized_end=892 + _globals['_UNSAFEREACTIVATENAMESPACERESPONSE']._serialized_start=894 + _globals['_UNSAFEREACTIVATENAMESPACERESPONSE']._serialized_end=978 + _globals['_UNSAFEDELETENAMESPACEREQUEST']._serialized_start=980 + _globals['_UNSAFEDELETENAMESPACEREQUEST']._serialized_end=1062 + _globals['_UNSAFEDELETENAMESPACERESPONSE']._serialized_start=1064 + _globals['_UNSAFEDELETENAMESPACERESPONSE']._serialized_end=1144 + _globals['_UNSAFEUPDATEATTRIBUTEREQUEST']._serialized_start=1147 + _globals['_UNSAFEUPDATEATTRIBUTEREQUEST']._serialized_end=1698 + _globals['_UNSAFEUPDATEATTRIBUTERESPONSE']._serialized_start=1700 + _globals['_UNSAFEUPDATEATTRIBUTERESPONSE']._serialized_end=1780 + _globals['_UNSAFEREACTIVATEATTRIBUTEREQUEST']._serialized_start=1782 + _globals['_UNSAFEREACTIVATEATTRIBUTEREQUEST']._serialized_end=1842 + _globals['_UNSAFEREACTIVATEATTRIBUTERESPONSE']._serialized_start=1844 + _globals['_UNSAFEREACTIVATEATTRIBUTERESPONSE']._serialized_end=1928 + _globals['_UNSAFEDELETEATTRIBUTEREQUEST']._serialized_start=1930 + _globals['_UNSAFEDELETEATTRIBUTEREQUEST']._serialized_end=2012 + _globals['_UNSAFEDELETEATTRIBUTERESPONSE']._serialized_start=2014 + _globals['_UNSAFEDELETEATTRIBUTERESPONSE']._serialized_end=2094 + _globals['_UNSAFEUPDATEATTRIBUTEVALUEREQUEST']._serialized_start=2097 + _globals['_UNSAFEUPDATEATTRIBUTEVALUEREQUEST']._serialized_end=2456 + _globals['_UNSAFEUPDATEATTRIBUTEVALUERESPONSE']._serialized_start=2458 + _globals['_UNSAFEUPDATEATTRIBUTEVALUERESPONSE']._serialized_end=2531 + _globals['_UNSAFEREACTIVATEATTRIBUTEVALUEREQUEST']._serialized_start=2533 + _globals['_UNSAFEREACTIVATEATTRIBUTEVALUEREQUEST']._serialized_end=2598 + _globals['_UNSAFEREACTIVATEATTRIBUTEVALUERESPONSE']._serialized_start=2600 + _globals['_UNSAFEREACTIVATEATTRIBUTEVALUERESPONSE']._serialized_end=2677 + _globals['_UNSAFEDELETEATTRIBUTEVALUEREQUEST']._serialized_start=2679 + _globals['_UNSAFEDELETEATTRIBUTEVALUEREQUEST']._serialized_end=2766 + _globals['_UNSAFEDELETEATTRIBUTEVALUERESPONSE']._serialized_start=2768 + _globals['_UNSAFEDELETEATTRIBUTEVALUERESPONSE']._serialized_end=2841 + _globals['_UNSAFEDELETEKASKEYREQUEST']._serialized_start=2843 + _globals['_UNSAFEDELETEKASKEYREQUEST']._serialized_end=2955 + _globals['_UNSAFEDELETEKASKEYRESPONSE']._serialized_start=2957 + _globals['_UNSAFEDELETEKASKEYRESPONSE']._serialized_end=3019 + _globals['_UNSAFESERVICE']._serialized_start=3022 + _globals['_UNSAFESERVICE']._serialized_end=4294 # @@protoc_insertion_point(module_scope) diff --git a/otdf-python-proto/src/otdf_python_proto/policy/unsafe/unsafe_pb2.pyi b/otdf-python-proto/src/otdf_python_proto/policy/unsafe/unsafe_pb2.pyi index c8a11e3..bc2e48d 100644 --- a/otdf-python-proto/src/otdf_python_proto/policy/unsafe/unsafe_pb2.pyi +++ b/otdf-python-proto/src/otdf_python_proto/policy/unsafe/unsafe_pb2.pyi @@ -1,4 +1,5 @@ from buf.validate import validate_pb2 as _validate_pb2 +from google.protobuf import wrappers_pb2 as _wrappers_pb2 from policy import objects_pb2 as _objects_pb2 from google.protobuf.internal import containers as _containers from google.protobuf import descriptor as _descriptor @@ -49,16 +50,18 @@ class UnsafeDeleteNamespaceResponse(_message.Message): def __init__(self, namespace: _Optional[_Union[_objects_pb2.Namespace, _Mapping]] = ...) -> None: ... class UnsafeUpdateAttributeRequest(_message.Message): - __slots__ = ("id", "name", "rule", "values_order") + __slots__ = ("id", "name", "rule", "allow_traversal", "values_order") ID_FIELD_NUMBER: _ClassVar[int] NAME_FIELD_NUMBER: _ClassVar[int] RULE_FIELD_NUMBER: _ClassVar[int] + ALLOW_TRAVERSAL_FIELD_NUMBER: _ClassVar[int] VALUES_ORDER_FIELD_NUMBER: _ClassVar[int] id: str name: str rule: _objects_pb2.AttributeRuleTypeEnum + allow_traversal: _wrappers_pb2.BoolValue values_order: _containers.RepeatedScalarFieldContainer[str] - def __init__(self, id: _Optional[str] = ..., name: _Optional[str] = ..., rule: _Optional[_Union[_objects_pb2.AttributeRuleTypeEnum, str]] = ..., values_order: _Optional[_Iterable[str]] = ...) -> None: ... + def __init__(self, id: _Optional[str] = ..., name: _Optional[str] = ..., rule: _Optional[_Union[_objects_pb2.AttributeRuleTypeEnum, str]] = ..., allow_traversal: _Optional[_Union[_wrappers_pb2.BoolValue, _Mapping]] = ..., values_order: _Optional[_Iterable[str]] = ...) -> None: ... class UnsafeUpdateAttributeResponse(_message.Message): __slots__ = ("attribute",) diff --git a/otdf-python-proto/tests/test_generate_connect_proto.py b/otdf-python-proto/tests/test_generate_connect_proto.py index d54b66a..3eb00a0 100644 --- a/otdf-python-proto/tests/test_generate_connect_proto.py +++ b/otdf-python-proto/tests/test_generate_connect_proto.py @@ -172,7 +172,7 @@ def fake_run(cmd, **kwargs): git_cmd = next(c for c in captured if c[0] == "git") branch_idx = git_cmd.index("--branch") default_tag = git_cmd[branch_idx + 1] - assert default_tag == "service/v0.8.0" + assert default_tag == "service/v0.12.0" class TestArgParsing: