diff --git a/README.md b/README.md index aff0e92..9468145 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,6 @@ ## Access Service -This repo contains protobuf definitions for the OpenID AuthZEN Access Service. The current implementation reflects the [Authorization API 1.0 – draft 02](https://openid.github.io/authzen/) specification. +This repo contains protobuf definitions for the OpenID AuthZEN Access Service. The current implementation reflects the [Authorization API 1.0 – draft 03](https://openid.github.io/authzen/) specification. -All builds are published to the [buf.build/auzthzen/access](https://buf.build/authzen/access) registry, where one can [browse](https://buf.build/authzen/access/docs/v0.1.0-02:authzen.access.v1) the definitions or [generate](https://buf.build/authzen/access/sdks/v0.1.0-02:protobuf) server and client language bindings. +All builds are published to the [buf.build/auzthzen/access](https://buf.build/authzen/access) registry, where one can [browse](https://buf.build/authzen/access/docs/v0.1.0-02:authzen.access.v1) the definitions or [generate](https://buf.build/authzen/access/sdks/v0.1.0-03:protobuf) server and client language bindings. diff --git a/buf.lock b/buf.lock index f9d4024..95ba90a 100644 --- a/buf.lock +++ b/buf.lock @@ -2,8 +2,8 @@ version: v2 deps: - name: buf.build/googleapis/googleapis - commit: e93e34f48be043dab55be31b4b47f458 - digest: b5:cebe5dfac5f7d67c55296f37ad9d368dba8d9862777e69d5d99eb1d72dc95fa68cd6323b483ca42cf70e66060002c1bc36e1f5f754b217a5c771c108eb243dbf + commit: 546238c53f7340c6a2a6099fb863bc1b + digest: b5:e017bbf31a3f912e2b969c03c3aa711f466cfe104f510865d1a8ede1be490240aabd4cca5865459a0f15222747284395f98afc094b0fd086e8917a5a7bdd9db0 - name: buf.build/grpc-ecosystem/grpc-gateway commit: 4c5ba75caaf84e928b7137ae5c18c26a digest: b5:c113e62fb3b29289af785866cae062b55ec8ae19ab3f08f3004098928fbca657730a06810b2012951294326b95669547194fa84476b9e9b688d4f8bf77a0691d diff --git a/makefile b/makefile index d814c84..2491a09 100644 --- a/makefile +++ b/makefile @@ -50,6 +50,11 @@ buf-lint: @echo -e "$(ATTN_COLOR)==> $@ $(NO_COLOR)" @${EXT_BIN_DIR}/buf lint +.PHONY: buf-format +buf-format: + @echo -e "$(ATTN_COLOR)==> $@ $(NO_COLOR)" + @${EXT_BIN_DIR}/buf format --write + .PHONY: buf-breaking buf-breaking: @echo -e "$(ATTN_COLOR)==> $@ $(NO_COLOR)" diff --git a/proto/access/v1/access.proto b/proto/access/v1/access.proto index 88a998f..9909a07 100644 --- a/proto/access/v1/access.proto +++ b/proto/access/v1/access.proto @@ -3,7 +3,6 @@ syntax = "proto3"; package authzen.access.v1; import "google/api/annotations.proto"; -import "google/api/field_behavior.proto"; import "google/protobuf/struct.proto"; import "protoc-gen-openapiv2/options/annotations.proto"; @@ -11,7 +10,7 @@ option go_package = "github.com/authzen/access/v1;access"; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = { info: { title: "OpenID AuthZen Access Service" - version: "1.0.0-2" + version: "1.0.0-3" contact: { name: "" url: "" @@ -25,7 +24,7 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = { external_docs: { url: "https://openid.github.io/authzen/" - description: "Authorization API 1.0 - draft 02" + description: "Authorization API 1.0 - draft 03" } schemes: HTTP @@ -81,20 +80,68 @@ service Access { deprecated: false }; } + + // subject search + rpc SubjectSearch(SubjectSearchRequest) returns (SubjectSearchResponse) { + option (google.api.http) = { + post: "/access/v1/search/subject" + body: "*" + }; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "authzen" + summary: "Subject Search API" + description: "TBD." + operation_id: "openid.authzen.access.v1.search.subject.post" + deprecated: false + }; + } + + // resource search + rpc ResourceSearch(ResourceSearchRequest) returns (ResourceSearchResponse) { + option (google.api.http) = { + post: "/access/v1/search/resource" + body: "*" + }; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "authzen" + summary: "Resource Search API" + description: "TBD." + operation_id: "openid.authzen.access.v1.search.post" + deprecated: false + }; + } + + // action search + rpc ActionSearch(ActionSearchRequest) returns (ActionSearchResponse) { + option (google.api.http) = { + post: "/access/v1/search/action" + body: "*" + }; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "authzen" + summary: "Action Search API" + description: "TBD." + operation_id: "openid.authzen.access.v1.search.action.post" + deprecated: false + }; + } } +// https://openid.github.io/authzen/#name-the-access-evaluation-api-r message EvaluationRequest { - Subject subject = 1 [(google.api.field_behavior) = REQUIRED]; - Action action = 2 [(google.api.field_behavior) = REQUIRED]; - Resource resource = 3 [(google.api.field_behavior) = REQUIRED]; + Subject subject = 1; + Action action = 2; + Resource resource = 3; google.protobuf.Struct context = 4; } +// https://openid.github.io/authzen/#name-the-access-evaluation-api-re message EvaluationResponse { - bool decision = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; - google.protobuf.Struct context = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; + bool decision = 1; + google.protobuf.Struct context = 2; } +// https://openid.github.io/authzen/#name-the-access-evaluations-api- message EvaluationsRequest { Subject subject = 1; Action action = 2; @@ -104,23 +151,76 @@ message EvaluationsRequest { google.protobuf.Struct options = 6; } +// https://openid.github.io/authzen/#name-access-evaluations-api-resp message EvaluationsResponse { repeated EvaluationResponse decisions = 1; } +// https://openid.github.io/authzen/#name-the-subject-search-api-requ +message SubjectSearchRequest { + Subject subject = 1; + Action action = 2; + Resource resource = 3; + google.protobuf.Struct context = 4; + Page page = 5; +} + +// https://openid.github.io/authzen/#name-the-subject-search-api-resp +message SubjectSearchResponse { + repeated Subject results = 1; + Page page = 2; +} + +// https://openid.github.io/authzen/#name-the-resource-search-api-req +message ResourceSearchRequest { + Subject subject = 1; + Action action = 2; + Resource resource = 3; + google.protobuf.Struct context = 4; + Page page = 5; +} + +// https://openid.github.io/authzen/#name-the-resource-search-api-res +message ResourceSearchResponse { + repeated Resource results = 1; + Page page = 2; +} + +// https://openid.github.io/authzen/#name-the-action-search-api-reque +message ActionSearchRequest { + Subject subject = 1; + Action action = 2; + Resource resource = 3; + google.protobuf.Struct context = 4; + Page page = 5; +} + +// https://openid.github.io/authzen/#name-the-action-search-api-respo +message ActionSearchResponse { + repeated Action results = 1; + Page page = 2; +} + +// https://openid.github.io/authzen/#name-subject message Subject { - string type = 1 [(google.api.field_behavior) = REQUIRED]; - string id = 2 [(google.api.field_behavior) = REQUIRED]; + string type = 1; + string id = 2; google.protobuf.Struct properties = 3; } +// https://openid.github.io/authzen/#name-action message Action { - string name = 1 [(google.api.field_behavior) = REQUIRED]; + string name = 1; google.protobuf.Struct properties = 2; } +// https://openid.github.io/authzen/#name-resource message Resource { - string type = 1 [(google.api.field_behavior) = REQUIRED]; - string id = 2 [(google.api.field_behavior) = REQUIRED]; + string type = 1; + string id = 2; google.protobuf.Struct properties = 3; } + +message Page { + string next_token = 1; +}