diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 040ca34..b17768d 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -23,6 +23,8 @@ jobs: - name: Install dependencies run: npm ci + - name: Download latest OpenAPI specs + run: npm run update-vendored-yaml - name: Build website run: npm run build diff --git a/.gitignore b/.gitignore index 7fcc537..5654a4c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ # Generated content from OpenAPI specs +specs/ specs-processed/ -docs/OpenAPI-clients/ +docs/reference/OpenAPI-clients/ # Generated content (legacy - can be removed if no longer used) docs/SDK-Samples/ diff --git a/docs/reference/index.mdx b/docs/reference/index.mdx index 844e6f0..3d52c4c 100644 --- a/docs/reference/index.mdx +++ b/docs/reference/index.mdx @@ -17,7 +17,7 @@ Complete API documentation, specifications, CLI commands, SDK references, and co { name: "Platform APIs", description: "Complete REST API reference for all OpenTDF platform services including policy management, authorization, and key access.", - url: "/OpenAPI-clients", + url: "/reference/OpenAPI-clients", }, { name: "Specifications", diff --git a/specs/authorization/authorization.openapi.yaml b/specs/authorization/authorization.openapi.yaml deleted file mode 100644 index 582d539..0000000 --- a/specs/authorization/authorization.openapi.yaml +++ /dev/null @@ -1,838 +0,0 @@ -openapi: 3.1.0 -info: - title: authorization -paths: - /v1/authorization: - post: - tags: - - authorization.AuthorizationService - summary: GetDecisions - operationId: authorization.AuthorizationService.GetDecisions - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.GetDecisionsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.GetDecisionsResponse' - /v1/token/authorization: - post: - tags: - - authorization.AuthorizationService - summary: GetDecisionsByToken - operationId: authorization.AuthorizationService.GetDecisionsByToken - parameters: - - name: decisionRequests.actions.id - in: query - description: Generated uuid in database - schema: - type: string - title: id - description: Generated uuid in database - - name: decisionRequests.actions.standard - in: query - description: Deprecated - schema: - title: standard - description: Deprecated - $ref: '#/components/schemas/policy.Action.StandardAction' - - name: decisionRequests.actions.custom - in: query - description: Deprecated - schema: - type: string - title: custom - description: Deprecated - - name: decisionRequests.actions.name - in: query - schema: - type: string - title: name - - name: decisionRequests.actions.metadata.createdAt.seconds - in: query - description: |- - Represents seconds of UTC time since Unix epoch - 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - 9999-12-31T23:59:59Z inclusive. - schema: - type: - - integer - - string - title: seconds - format: int64 - description: |- - Represents seconds of UTC time since Unix epoch - 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - 9999-12-31T23:59:59Z inclusive. - - name: decisionRequests.actions.metadata.createdAt.nanos - in: query - description: |- - Non-negative fractions of a second at nanosecond resolution. Negative - second values with fractions must still have non-negative nanos values - that count forward in time. Must be from 0 to 999,999,999 - inclusive. - schema: - type: integer - title: nanos - format: int32 - description: |- - Non-negative fractions of a second at nanosecond resolution. Negative - second values with fractions must still have non-negative nanos values - that count forward in time. Must be from 0 to 999,999,999 - inclusive. - - name: decisionRequests.actions.metadata.labels.key - in: query - schema: - type: string - title: key - - name: decisionRequests.actions.metadata.labels.value - in: query - schema: - type: string - title: value - - name: decisionRequests.tokens.id - in: query - description: ephemeral id for tracking between request and response - schema: - type: string - title: id - description: ephemeral id for tracking between request and response - - name: decisionRequests.tokens.jwt - in: query - description: the token - schema: - type: string - title: jwt - description: the token - - name: decisionRequests.resourceAttributes.resourceAttributesId - in: query - schema: - type: string - title: resource_attributes_id - - name: decisionRequests.resourceAttributes.attributeValueFqns - in: query - schema: - type: array - items: - type: string - title: attribute_value_fqns - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.GetDecisionsByTokenResponse' - /v1/entitlements: - post: - tags: - - authorization.AuthorizationService - summary: GetEntitlements - operationId: authorization.AuthorizationService.GetEntitlements - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.GetEntitlementsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.GetEntitlementsResponse' -components: - schemas: - authorization.DecisionResponse.Decision: - type: string - title: Decision - enum: - - DECISION_UNSPECIFIED - - DECISION_DENY - - DECISION_PERMIT - authorization.Entity.Category: - type: string - title: Category - enum: - - CATEGORY_UNSPECIFIED - - CATEGORY_SUBJECT - - CATEGORY_ENVIRONMENT - policy.Action.StandardAction: - type: string - title: StandardAction - enum: - - STANDARD_ACTION_UNSPECIFIED - - STANDARD_ACTION_DECRYPT - - STANDARD_ACTION_TRANSMIT - authorization.DecisionRequest: - type: object - properties: - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - entityChains: - type: array - items: - $ref: '#/components/schemas/authorization.EntityChain' - title: entity_chains - resourceAttributes: - type: array - items: - $ref: '#/components/schemas/authorization.ResourceAttribute' - title: resource_attributes - title: DecisionRequest - additionalProperties: false - description: |- - Example Request Get Decisions to answer the question - Do Bob (represented by entity chain ec1) - and Alice (represented by entity chain ec2) have TRANSMIT authorization for - 2 resources; resource1 (attr-set-1) defined by attributes foo:bar resource2 (attr-set-2) defined by attribute foo:bar, color:red ? - - { - "actions": [ - { - "standard": "STANDARD_ACTION_TRANSMIT" - } - ], - "entityChains": [ - { - "id": "ec1", - "entities": [ - { - "emailAddress": "bob@example.org" - } - ] - }, - { - "id": "ec2", - "entities": [ - { - "userName": "alice@example.org" - } - ] - } - ], - "resourceAttributes": [ - { - "resourceAttributeId": "attr-set-1", - "attributeFqns": [ - "https://www.example.org/attr/foo/value/value1" - ] - }, - { - "resourceAttributeId": "attr-set-2", - "attributeFqns": [ - "https://example.net/attr/attr1/value/value1", - "https://example.net/attr/attr1/value/value2" - ] - } - ] - } - authorization.DecisionResponse: - type: object - properties: - entityChainId: - type: string - title: entity_chain_id - description: ephemeral entity chain id from the request - resourceAttributesId: - type: string - title: resource_attributes_id - description: ephemeral resource attributes id from the request - action: - title: action - description: Action of the decision response - $ref: '#/components/schemas/policy.Action' - decision: - title: decision - description: The decision response - $ref: '#/components/schemas/authorization.DecisionResponse.Decision' - obligations: - type: array - items: - type: string - title: obligations - description: optional list of obligations represented in URI format - title: DecisionResponse - additionalProperties: false - description: |- - Example response for a Decision Request - Do Bob (represented by entity chain ec1) - and Alice (represented by entity chain ec2) have TRANSMIT authorization for - 2 resources; resource1 (attr-set-1) defined by attributes foo:bar resource2 (attr-set-2) defined by attribute foo:bar, color:red ? - - Results: - - bob has permitted authorization to transmit for a resource defined by attr-set-1 attributes and has a watermark obligation - - bob has denied authorization to transmit a for a resource defined by attr-set-2 attributes - - alice has permitted authorization to transmit for a resource defined by attr-set-1 attributes - - alice has denied authorization to transmit a for a resource defined by attr-set-2 attributes - - { - "entityChainId": "ec1", - "resourceAttributesId": "attr-set-1", - "decision": "DECISION_PERMIT", - "obligations": [ - "http://www.example.org/obligation/watermark" - ] - }, - { - "entityChainId": "ec1", - "resourceAttributesId": "attr-set-2", - "decision": "DECISION_PERMIT" - }, - { - "entityChainId": "ec2", - "resourceAttributesId": "attr-set-1", - "decision": "DECISION_PERMIT" - }, - { - "entityChainId": "ec2", - "resourceAttributesId": "attr-set-2", - "decision": "DECISION_DENY" - } - authorization.Entity: - type: object - oneOf: - - properties: - claims: - title: claims - $ref: '#/components/schemas/google.protobuf.Any' - title: claims - required: - - claims - - properties: - clientId: - type: string - title: client_id - title: client_id - required: - - clientId - - properties: - custom: - title: custom - $ref: '#/components/schemas/authorization.EntityCustom' - title: custom - required: - - custom - - properties: - emailAddress: - type: string - title: email_address - description: one of the entity options must be set - title: email_address - required: - - emailAddress - - properties: - remoteClaimsUrl: - type: string - title: remote_claims_url - title: remote_claims_url - required: - - remoteClaimsUrl - - properties: - userName: - type: string - title: user_name - title: user_name - required: - - userName - - properties: - uuid: - type: string - title: uuid - title: uuid - required: - - uuid - properties: - id: - type: string - title: id - description: ephemeral id for tracking between request and response - category: - title: category - $ref: '#/components/schemas/authorization.Entity.Category' - title: Entity - additionalProperties: false - description: PE (Person Entity) or NPE (Non-Person Entity) - authorization.EntityChain: - type: object - properties: - id: - type: string - title: id - description: ephemeral id for tracking between request and response - entities: - type: array - items: - $ref: '#/components/schemas/authorization.Entity' - title: entities - title: EntityChain - additionalProperties: false - description: A set of related PE and NPE - authorization.EntityCustom: - type: object - properties: - extension: - title: extension - $ref: '#/components/schemas/google.protobuf.Any' - title: EntityCustom - additionalProperties: false - description: Entity type for custom entities beyond the standard types - authorization.EntityEntitlements: - type: object - properties: - entityId: - type: string - title: entity_id - attributeValueFqns: - type: array - items: - type: string - title: attribute_value_fqns - title: EntityEntitlements - additionalProperties: false - authorization.GetDecisionsByTokenRequest: - type: object - properties: - decisionRequests: - type: array - items: - $ref: '#/components/schemas/authorization.TokenDecisionRequest' - title: decision_requests - title: GetDecisionsByTokenRequest - additionalProperties: false - authorization.GetDecisionsByTokenResponse: - type: object - properties: - decisionResponses: - type: array - items: - $ref: '#/components/schemas/authorization.DecisionResponse' - title: decision_responses - title: GetDecisionsByTokenResponse - additionalProperties: false - authorization.GetDecisionsRequest: - type: object - properties: - decisionRequests: - type: array - items: - $ref: '#/components/schemas/authorization.DecisionRequest' - title: decision_requests - title: GetDecisionsRequest - additionalProperties: false - authorization.GetDecisionsResponse: - type: object - properties: - decisionResponses: - type: array - items: - $ref: '#/components/schemas/authorization.DecisionResponse' - title: decision_responses - title: GetDecisionsResponse - additionalProperties: false - authorization.GetEntitlementsRequest: - type: object - properties: - entities: - type: array - items: - $ref: '#/components/schemas/authorization.Entity' - title: entities - description: list of requested entities - scope: - title: scope - description: optional attribute fqn as a scope - nullable: true - $ref: '#/components/schemas/authorization.ResourceAttribute' - withComprehensiveHierarchy: - type: boolean - title: with_comprehensive_hierarchy - description: optional parameter to return a full list of entitlements - returns lower hierarchy attributes - nullable: true - title: GetEntitlementsRequest - additionalProperties: false - description: |- - Request to get entitlements for one or more entities for an optional attribute scope - - Example: Get entitlements for bob and alice (both represented using an email address - - { - "entities": [ - { - "id": "e1", - "emailAddress": "bob@example.org" - }, - { - "id": "e2", - "emailAddress": "alice@example.org" - } - ], - "scope": { - "attributeFqns": [ - "https://example.net/attr/attr1/value/value1", - "https://example.net/attr/attr1/value/value2" - ] - } - } - authorization.GetEntitlementsResponse: - type: object - properties: - entitlements: - type: array - items: - $ref: '#/components/schemas/authorization.EntityEntitlements' - title: entitlements - title: GetEntitlementsResponse - additionalProperties: false - description: |- - Example Response for a request of : Get entitlements for bob and alice (both represented using an email address - - { - "entitlements": [ - { - "entityId": "e1", - "attributeValueReferences": [ - { - "attributeFqn": "http://www.example.org/attr/foo/value/bar" - } - ] - }, - { - "entityId": "e2", - "attributeValueReferences": [ - { - "attributeFqn": "http://www.example.org/attr/color/value/red" - } - ] - } - ] - } - authorization.ResourceAttribute: - type: object - properties: - resourceAttributesId: - type: string - title: resource_attributes_id - attributeValueFqns: - type: array - items: - type: string - title: attribute_value_fqns - title: ResourceAttribute - additionalProperties: false - description: A logical bucket of attributes belonging to a "Resource" - authorization.Token: - type: object - properties: - id: - type: string - title: id - description: ephemeral id for tracking between request and response - jwt: - type: string - title: jwt - description: the token - title: Token - additionalProperties: false - authorization.TokenDecisionRequest: - type: object - properties: - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - tokens: - type: array - items: - $ref: '#/components/schemas/authorization.Token' - title: tokens - resourceAttributes: - type: array - items: - $ref: '#/components/schemas/authorization.ResourceAttribute' - title: resource_attributes - title: TokenDecisionRequest - additionalProperties: false - description: |- - Example Request Get Decisions by Token to answer the question - Do Bob and client1 (represented by token tok1) - and Alice and client2 (represented by token tok2) have TRANSMIT authorization for - 2 resources; resource1 (attr-set-1) defined by attributes foo:bar resource2 (attr-set-2) defined by attribute foo:bar, color:red ? - - { - "actions": [ - { - "standard": "STANDARD_ACTION_TRANSMIT" - } - ], - "tokens": [ - { - "id": "tok1", - "jwt": .... - }, - { - "id": "tok2", - "jwt": ..... - } - ], - "resourceAttributes": [ - { - "attributeFqns": [ - "https://www.example.org/attr/foo/value/value1" - ] - }, - { - "attributeFqns": [ - "https://example.net/attr/attr1/value/value1", - "https://example.net/attr/attr1/value/value2" - ] - } - ] - } - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.Action: - type: object - oneOf: - - properties: - custom: - type: string - title: custom - description: Deprecated - title: custom - required: - - custom - - properties: - standard: - title: standard - description: Deprecated - $ref: '#/components/schemas/policy.Action.StandardAction' - title: standard - required: - - standard - properties: - id: - type: string - title: id - description: Generated uuid in database - name: - type: string - title: name - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Action - additionalProperties: false - description: An action an entity can take - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' -security: [] -tags: - - name: authorization.AuthorizationService diff --git a/specs/authorization/v2/authorization.openapi.yaml b/specs/authorization/v2/authorization.openapi.yaml deleted file mode 100644 index 270fde5..0000000 --- a/specs/authorization/v2/authorization.openapi.yaml +++ /dev/null @@ -1,813 +0,0 @@ -openapi: 3.1.0 -info: - title: authorization.v2 -paths: - /authorization.v2.AuthorizationService/GetDecision: - post: - tags: - - authorization.v2.AuthorizationService - summary: GetDecision - operationId: authorization.v2.AuthorizationService.GetDecision - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.v2.GetDecisionRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.v2.GetDecisionResponse' - /authorization.v2.AuthorizationService/GetDecisionMultiResource: - post: - tags: - - authorization.v2.AuthorizationService - summary: GetDecisionMultiResource - operationId: authorization.v2.AuthorizationService.GetDecisionMultiResource - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.v2.GetDecisionMultiResourceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.v2.GetDecisionMultiResourceResponse' - /authorization.v2.AuthorizationService/GetDecisionBulk: - post: - tags: - - authorization.v2.AuthorizationService - summary: GetDecisionBulk - operationId: authorization.v2.AuthorizationService.GetDecisionBulk - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.v2.GetDecisionBulkRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.v2.GetDecisionBulkResponse' - /authorization.v2.AuthorizationService/GetEntitlements: - post: - tags: - - authorization.v2.AuthorizationService - summary: GetEntitlements - operationId: authorization.v2.AuthorizationService.GetEntitlements - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.v2.GetEntitlementsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.v2.GetEntitlementsResponse' -components: - schemas: - authorization.v2.Decision: - type: string - title: Decision - enum: - - DECISION_UNSPECIFIED - - DECISION_DENY - - DECISION_PERMIT - entity.Entity.Category: - type: string - title: Category - enum: - - CATEGORY_UNSPECIFIED - - CATEGORY_SUBJECT - - CATEGORY_ENVIRONMENT - policy.Action.StandardAction: - type: string - title: StandardAction - enum: - - STANDARD_ACTION_UNSPECIFIED - - STANDARD_ACTION_DECRYPT - - STANDARD_ACTION_TRANSMIT - authorization.v2.EntityEntitlements: - type: object - properties: - ephemeralId: - type: string - title: ephemeral_id - description: ephemeral id for tracking between request and response - actionsPerAttributeValueFqn: - type: object - title: actions_per_attribute_value_fqn - additionalProperties: - title: value - $ref: '#/components/schemas/authorization.v2.EntityEntitlements.ActionsList' - title: EntityEntitlements - additionalProperties: false - description: Entitlements for a given entity, mapping each attribute value FQN to any entitled actions[] - authorization.v2.EntityEntitlements.ActionsList: - type: object - properties: - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - title: ActionsList - additionalProperties: false - authorization.v2.EntityEntitlements.ActionsPerAttributeValueFqnEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/authorization.v2.EntityEntitlements.ActionsList' - title: ActionsPerAttributeValueFqnEntry - additionalProperties: false - authorization.v2.EntityIdentifier: - type: object - oneOf: - - properties: - entityChain: - title: entity_chain - description: |+ - chain of one or more entities and at most 10 - entities must be provided and between 1 and 10 in count: - ``` - has(this.entities) && this.entities.size() > 0 && this.entities.size() <= 10 - ``` - - $ref: '#/components/schemas/entity.EntityChain' - title: entity_chain - required: - - entityChain - - properties: - registeredResourceValueFqn: - type: string - title: registered_resource_value_fqn - minLength: 1 - format: uri - description: |- - fully qualified name of the registered resource value stored in platform policy, where in - this case the resource acts as and represents a single entity for authorization/entitlement decisioning - title: registered_resource_value_fqn - required: - - registeredResourceValueFqn - - properties: - token: - title: token - description: |+ - access token (JWT), which is used to create an entity chain (comprising one or more entities) - token must be provided: - ``` - has(this.jwt) && this.jwt.size() > 0 - ``` - - $ref: '#/components/schemas/entity.Token' - title: token - required: - - token - title: EntityIdentifier - additionalProperties: false - description: |- - The EntityIdentifier specifies the actor in an entitlement or decision request - the PE, NPE, or PE+NPE being authorized. - The abstraction houses the distinct entity types, PE and/or NPE combinations, or a registered resource value - being treated as an entity in entitlement/authorization decisioning. - authorization.v2.GetDecisionBulkRequest: - type: object - properties: - decisionRequests: - type: array - items: - $ref: '#/components/schemas/authorization.v2.GetDecisionMultiResourceRequest' - title: decision_requests - maxItems: 200 - minItems: 1 - title: GetDecisionBulkRequest - additionalProperties: false - description: |- - Is access allowed? - 1. Multiplexing of a Decision request - This is a more performant bulk request for complex decisioning (i.e. multiple entity chains or actions on - multiple resources) - authorization.v2.GetDecisionBulkResponse: - type: object - properties: - decisionResponses: - type: array - items: - $ref: '#/components/schemas/authorization.v2.GetDecisionMultiResourceResponse' - title: decision_responses - title: GetDecisionBulkResponse - additionalProperties: false - authorization.v2.GetDecisionMultiResourceRequest: - type: object - properties: - entityIdentifier: - title: entity_identifier - description: an entity must be identified for authorization decisioning - $ref: '#/components/schemas/authorization.v2.EntityIdentifier' - action: - title: action - description: name on action is required - $ref: '#/components/schemas/policy.Action' - resources: - type: array - items: - $ref: '#/components/schemas/authorization.v2.Resource' - title: resources - maxItems: 1000 - minItems: 1 - fulfillableObligationFqns: - type: array - items: - type: string - description: |+ - if provided, fulfillable_obligation_fqns must be between 1 and 50 in count with all valid FQNs: - ``` - this.size() == 0 || (this.size() <= 50 && this.all(item, item.isUri())) - ``` - - title: fulfillable_obligation_fqns - description: |+ - obligations (fully qualified values) the requester is capable of fulfilling - i.e. https:///obl//value/ - if provided, fulfillable_obligation_fqns must be between 1 and 50 in count with all valid FQNs: - ``` - this.size() == 0 || (this.size() <= 50 && this.all(item, item.isUri())) - ``` - - title: GetDecisionMultiResourceRequest - required: - - entityIdentifier - - action - additionalProperties: false - description: |+ - Can the identified entity/entities access? - 1. one entity reference (actor) - 2. one action - 3. multiple resources - - If entitled, checks obligation policy: fulfillable obligations must satisfy all triggered. - - Note: this is a more performant bulk request for multiple resource decisions, up to 1000 per request - action.name must be provided: - ``` - has(this.action.name) - ``` - - authorization.v2.GetDecisionMultiResourceResponse: - type: object - properties: - allPermitted: - title: all_permitted - description: convenience flag indicating global resource decisions result (permit/deny) - $ref: '#/components/schemas/google.protobuf.BoolValue' - resourceDecisions: - type: array - items: - $ref: '#/components/schemas/authorization.v2.ResourceDecision' - title: resource_decisions - description: individual resource decisions - title: GetDecisionMultiResourceResponse - additionalProperties: false - authorization.v2.GetDecisionRequest: - type: object - properties: - entityIdentifier: - title: entity_identifier - description: an entity must be identified for authorization decisioning - $ref: '#/components/schemas/authorization.v2.EntityIdentifier' - action: - title: action - description: name on action is required - $ref: '#/components/schemas/policy.Action' - resource: - title: resource - $ref: '#/components/schemas/authorization.v2.Resource' - fulfillableObligationFqns: - type: array - items: - type: string - description: |+ - if provided, fulfillable_obligation_fqns must be between 1 and 50 in count with all valid FQNs: - ``` - this.size() == 0 || (this.size() <= 50 && this.all(item, item.isUri())) - ``` - - title: fulfillable_obligation_fqns - description: |+ - obligations (fully qualified values) the requester is capable of fulfilling - i.e. https:///obl//value/ - if provided, fulfillable_obligation_fqns must be between 1 and 50 in count with all valid FQNs: - ``` - this.size() == 0 || (this.size() <= 50 && this.all(item, item.isUri())) - ``` - - title: GetDecisionRequest - required: - - entityIdentifier - - action - - resource - additionalProperties: false - description: |+ - Can the identified entity/entities access? - 1. one entity reference (actor) - 2. one action - 3. one resource - - If entitled, checks obligation policy: fulfillable obligations must satisfy all triggered. - action.name must be provided: - ``` - has(this.action.name) - ``` - - authorization.v2.GetDecisionResponse: - type: object - properties: - decision: - title: decision - description: decision on the resource - $ref: '#/components/schemas/authorization.v2.ResourceDecision' - title: GetDecisionResponse - additionalProperties: false - authorization.v2.GetEntitlementsRequest: - type: object - properties: - entityIdentifier: - title: entity_identifier - description: an entity must be identified for entitlement decisioning - $ref: '#/components/schemas/authorization.v2.EntityIdentifier' - withComprehensiveHierarchy: - type: boolean - title: with_comprehensive_hierarchy - description: |- - optional parameter to return all entitled values for attribute definitions with hierarchy rules, propagating - down the hierarchical values instead of returning solely the value that is directly entitled - nullable: true - title: GetEntitlementsRequest - required: - - entityIdentifier - additionalProperties: false - description: |- - What is permitted to the identified entity/entities (actor), broken down as permitted actions on attribute value FQNs? - - Note: the v1 API parameter 'scope' has been dropped, and it is recommended to use - GetDecision if the resource is known - authorization.v2.GetEntitlementsResponse: - type: object - properties: - entitlements: - type: array - items: - $ref: '#/components/schemas/authorization.v2.EntityEntitlements' - title: entitlements - title: GetEntitlementsResponse - additionalProperties: false - authorization.v2.Resource: - type: object - oneOf: - - properties: - attributeValues: - title: attribute_values - description: |+ - a set of attribute value FQNs, such as those on a TDF, between 1 and 20 in count - if provided, resource.attribute_values must be between 1 and 20 in count with all valid FQNs: - ``` - this.fqns.size() > 0 && this.fqns.size() <= 20 && this.fqns.all(item, item.isUri()) - ``` - - $ref: '#/components/schemas/authorization.v2.Resource.AttributeValues' - title: attribute_values - required: - - attributeValues - - properties: - registeredResourceValueFqn: - type: string - title: registered_resource_value_fqn - minLength: 1 - format: uri - description: fully qualified name of the registered resource value stored in platform policy - title: registered_resource_value_fqn - required: - - registeredResourceValueFqn - properties: - ephemeralId: - type: string - title: ephemeral_id - description: ephemeral id for tracking between request and response - title: Resource - additionalProperties: false - description: Either a set of attribute values (such as those on a TDF) or a registered resource value - authorization.v2.Resource.AttributeValues: - type: object - properties: - fqns: - type: array - items: - type: string - title: fqns - title: AttributeValues - additionalProperties: false - authorization.v2.ResourceDecision: - type: object - properties: - ephemeralResourceId: - type: string - title: ephemeral_resource_id - description: ephemeral id for tracking between request and response - decision: - title: decision - description: decision result - $ref: '#/components/schemas/authorization.v2.Decision' - requiredObligations: - type: array - items: - type: string - title: required_obligations - description: |- - obligations (fully qualified values) the PEP is required to fulfill on the given resource - i.e. https:///obl//value/ - title: ResourceDecision - additionalProperties: false - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - entity.Entity: - type: object - oneOf: - - properties: - claims: - title: claims - description: used by ERS claims mode - $ref: '#/components/schemas/google.protobuf.Any' - title: claims - required: - - claims - - properties: - clientId: - type: string - title: client_id - title: client_id - required: - - clientId - - properties: - emailAddress: - type: string - title: email_address - title: email_address - required: - - emailAddress - - properties: - userName: - type: string - title: user_name - title: user_name - required: - - userName - properties: - ephemeralId: - type: string - title: ephemeral_id - description: ephemeral id for tracking between request and response - category: - title: category - $ref: '#/components/schemas/entity.Entity.Category' - title: Entity - additionalProperties: false - description: PE (Person Entity) or NPE (Non-Person Entity) - entity.EntityChain: - type: object - properties: - ephemeralId: - type: string - title: ephemeral_id - description: ephemeral id for tracking between request and response - entities: - type: array - items: - $ref: '#/components/schemas/entity.Entity' - title: entities - title: EntityChain - additionalProperties: false - description: A set of related PE and NPE - entity.Token: - type: object - properties: - ephemeralId: - type: string - title: ephemeral_id - description: ephemeral id for tracking between request and response - jwt: - type: string - title: jwt - description: the token - title: Token - required: - - jwt - additionalProperties: false - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. - google.protobuf.BoolValue: - type: boolean - description: |- - Wrapper message for `bool`. - - The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.Action: - type: object - oneOf: - - properties: - custom: - type: string - title: custom - description: Deprecated - title: custom - required: - - custom - - properties: - standard: - title: standard - description: Deprecated - $ref: '#/components/schemas/policy.Action.StandardAction' - title: standard - required: - - standard - properties: - id: - type: string - title: id - description: Generated uuid in database - name: - type: string - title: name - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Action - additionalProperties: false - description: An action an entity can take - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' -security: [] -tags: - - name: authorization.v2.AuthorizationService diff --git a/specs/bookstore.yaml b/specs/bookstore.yaml deleted file mode 100644 index a012b81..0000000 --- a/specs/bookstore.yaml +++ /dev/null @@ -1,718 +0,0 @@ -openapi: 3.0.0 -servers: - - url: https://api.examplebookstore.com/v1 - description: Production server - - url: https://sandbox.api.examplebookstore.com/v1 - description: Sandbox server - - url: http://localhost:4010 - description: Local development mock server -info: - title: Bookstore API - version: 1.0.0 - description: | - Welcome to the Bookstore API. This API provides access to a rich collection of books, author details, and genre classifications. - You can use this API to browse our catalog, search for specific titles, and manage book-related data. - - ## Key Features: - * Access detailed information about books, including titles, ISBNs, authors, and genres. - * Manage author profiles and their literary works. - * Explore books categorized by various genres. - - This specification is written in OpenAPI 3.0.0 format. - contact: - name: Bookstore API Support - email: support@examplebookstore.com - url: https://developer.examplebookstore.com/support - license: - name: Apache 2.0 - url: "http://www.apache.org/licenses/LICENSE-2.0.html" - x-logo: - url: "https://examplebookstore.com/assets/logo.png" - altText: "Bookstore Logo" -tags: - - name: Books - description: Operations related to books in the catalog. - x-displayName: Books - - name: Authors - description: Operations related to book authors. - x-displayName: Authors - - name: Genres - description: Operations related to book genres. - x-displayName: Genres - - name: Schema-Book - x-displayName: Book Schema - description: | - - - name: Schema-Author - x-displayName: Author Schema - description: | - - - name: Schema-Genre - x-displayName: Genre Schema - description: | - -x-tagGroups: - - name: Core Resources - tags: - - Books - - Authors - - Genres - - name: Data Models - tags: - - Schema-Book - - Schema-Author - - Schema-Genre -paths: - /books: - get: - tags: - - Books - summary: List all books - description: Retrieves a paginated list of all books in the catalog. Supports filtering by genre and author. - operationId: listBooks - parameters: - - name: limit - in: query - description: Maximum number of books to return. - required: false - schema: - type: integer - format: int32 - default: 20 - minimum: 1 - maximum: 100 - - name: offset - in: query - description: Number of books to skip for pagination. - required: false - schema: - type: integer - format: int32 - default: 0 - minimum: 0 - - name: genreId - in: query - description: Filter books by a specific genre ID. - required: false - schema: - type: string - format: uuid - - name: authorId - in: query - description: Filter books by a specific author ID. - required: false - schema: - type: string - format: uuid - responses: - "200": - description: A list of books. - content: - application/json: - schema: - type: array - items: - $ref: "#/components/schemas/Book" - "400": - description: Invalid query parameters. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - post: - tags: - - Books - summary: Add a new book - description: Adds a new book to the catalog. - operationId: createBook - requestBody: - description: Book object to be added. - required: true - content: - application/json: - schema: - $ref: "#/components/schemas/BookInput" - responses: - "201": - description: Book created successfully. - content: - application/json: - schema: - $ref: "#/components/schemas/Book" - "400": - description: Invalid input data for the book. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - "409": - description: A book with the same ISBN already exists. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - "/books/{bookId}": - parameters: - - name: bookId - in: path - required: true - description: Unique identifier of the book. - schema: - type: string - format: uuid - get: - tags: - - Books - summary: Get book by ID - description: Retrieves detailed information for a specific book. - operationId: getBookById - responses: - "200": - description: Detailed information about the book. - content: - application/json: - schema: - $ref: "#/components/schemas/Book" - "404": - description: Book not found. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - put: - tags: - - Books - summary: Update an existing book - description: Updates the information for an existing book. - operationId: updateBook - requestBody: - description: Book object with updated information. - required: true - content: - application/json: - schema: - $ref: "#/components/schemas/BookInput" - responses: - "200": - description: Book updated successfully. - content: - application/json: - schema: - $ref: "#/components/schemas/Book" - "400": - description: Invalid input data for the book. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - "404": - description: Book not found. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - delete: - tags: - - Books - summary: Delete a book - description: Removes a book from the catalog. - operationId: deleteBook - responses: - "204": - description: Book deleted successfully. - "404": - description: Book not found. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - /authors: - get: - tags: - - Authors - summary: List all authors - description: Retrieves a list of all authors. - operationId: listAuthors - parameters: - - name: limit - in: query - description: Maximum number of authors to return. - required: false - schema: - type: integer - format: int32 - default: 20 - - name: offset - in: query - description: Number of authors to skip for pagination. - required: false - schema: - type: integer - format: int32 - default: 0 - responses: - "200": - description: A list of authors. - content: - application/json: - schema: - type: array - items: - $ref: "#/components/schemas/Author" - post: - tags: - - Authors - summary: Add a new author - description: Adds a new author to the system. - operationId: createAuthor - requestBody: - description: Author object to be added. - required: true - content: - application/json: - schema: - $ref: "#/components/schemas/AuthorInput" - responses: - "201": - description: Author created successfully. - content: - application/json: - schema: - $ref: "#/components/schemas/Author" - "400": - description: Invalid input data for the author. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - "/authors/{authorId}": - parameters: - - name: authorId - in: path - required: true - description: Unique identifier of the author. - schema: - type: string - format: uuid - get: - tags: - - Authors - summary: Get author by ID - description: Retrieves detailed information for a specific author. - operationId: getAuthorById - responses: - "200": - description: Detailed information about the author. - content: - application/json: - schema: - $ref: "#/components/schemas/Author" - "404": - description: Author not found. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - put: - tags: - - Authors - summary: Update an existing author - description: Updates the information for an existing author. - operationId: updateAuthor - requestBody: - description: Author object with updated information. - required: true - content: - application/json: - schema: - $ref: "#/components/schemas/AuthorInput" - responses: - "200": - description: Author updated successfully. - content: - application/json: - schema: - $ref: "#/components/schemas/Author" - "400": - description: Invalid input data for the author. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - "404": - description: Author not found. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - delete: - tags: - - Authors - summary: Delete an author - description: Removes an author from the system. Associated books may need to be handled or re-assigned. - operationId: deleteAuthor - responses: - "204": - description: Author deleted successfully. - "404": - description: Author not found. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - /genres: - get: - tags: - - Genres - summary: List all genres - description: Retrieves a list of all book genres. - operationId: listGenres - responses: - "200": - description: A list of genres. - content: - application/json: - schema: - type: array - items: - $ref: "#/components/schemas/Genre" - post: - tags: - - Genres - summary: Add a new genre - description: Adds a new genre to the system. - operationId: createGenre - requestBody: - description: Genre object to be added. - required: true - content: - application/json: - schema: - $ref: "#/components/schemas/GenreInput" - responses: - "201": - description: Genre created successfully. - content: - application/json: - schema: - $ref: "#/components/schemas/Genre" - "400": - description: Invalid input data for the genre. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - "409": - description: A genre with the same name already exists. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - "/genres/{genreId}": - parameters: - - name: genreId - in: path - required: true - description: Unique identifier of the genre. - schema: - type: string - format: uuid - get: - tags: - - Genres - summary: Get genre by ID - description: Retrieves detailed information for a specific genre. - operationId: getGenreById - responses: - "200": - description: Detailed information about the genre. - content: - application/json: - schema: - $ref: "#/components/schemas/Genre" - "404": - description: Genre not found. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - put: - tags: - - Genres - summary: Update an existing genre - description: Updates the information for an existing genre. - operationId: updateGenre - requestBody: - description: Genre object with updated information. - required: true - content: - application/json: - schema: - $ref: "#/components/schemas/GenreInput" - responses: - "200": - description: Genre updated successfully. - content: - application/json: - schema: - $ref: "#/components/schemas/Genre" - "400": - description: Invalid input data for the genre. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - "404": - description: Genre not found. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - delete: - tags: - - Genres - summary: Delete a genre - description: Removes a genre from the system. - operationId: deleteGenre - responses: - "204": - description: Genre deleted successfully. - "404": - description: Genre not found. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" -components: - schemas: - Book: - type: object - required: - - id - - title - - isbn - - authorIds - - genreIds - properties: - id: - type: string - format: uuid - description: Unique identifier for the book. - readOnly: true - example: "d290f1ee-6c54-4b01-90e6-d701748f0851" - title: - type: string - description: The title of the book. - example: "The Great Novel" - isbn: - type: string - description: International Standard Book Number. - example: "978-3-16-148410-0" - publicationDate: - type: string - format: date - description: The date the book was published. - example: "2023-05-15" - description: - type: string - description: A short summary or description of the book. - example: "An epic tale of adventure and discovery." - coverImageUrl: - type: string - format: url - description: URL to the book's cover image. - example: "https://examplebookstore.com/covers/great-novel.jpg" - authorIds: - type: array - description: List of author IDs associated with this book. - items: - type: string - format: uuid - example: "a1b2c3d4-e5f6-7890-1234-567890abcdef" - genreIds: - type: array - description: List of genre IDs this book belongs to. - items: - type: string - format: uuid - example: "f0e1d2c3-b4a5-6789-0123-456789abcdef" - BookInput: - type: object - required: - - title - - isbn - - authorIds - - genreIds - properties: - title: - type: string - description: The title of the book. - example: "The Great Novel" - isbn: - type: string - description: International Standard Book Number. - example: "978-3-16-148410-0" - publicationDate: - type: string - format: date - description: The date the book was published. - example: "2023-05-15" - description: - type: string - description: A short summary or description of the book. - example: "An epic tale of adventure and discovery." - coverImageUrl: - type: string - format: url - description: URL to the book's cover image. - example: "https://examplebookstore.com/covers/great-novel.jpg" - authorIds: - type: array - description: List of author IDs associated with this book. - items: - type: string - format: uuid - example: "a1b2c3d4-e5f6-7890-1234-567890abcdef" - genreIds: - type: array - description: List of genre IDs this book belongs to. - items: - type: string - format: uuid - example: "f0e1d2c3-b4a5-6789-0123-456789abcdef" - Author: - type: object - required: - - id - - firstName - - lastName - properties: - id: - type: string - format: uuid - description: Unique identifier for the author. - readOnly: true - example: "a1b2c3d4-e5f6-7890-1234-567890abcdef" - firstName: - type: string - description: Author's first name. - example: "Jane" - lastName: - type: string - description: Author's last name. - example: "Doe" - biography: - type: string - description: A short biography of the author. - example: "Jane Doe is a renowned author of contemporary fiction." - birthDate: - type: string - format: date - description: Author's date of birth. - example: "1980-01-20" - AuthorInput: - type: object - required: - - firstName - - lastName - properties: - firstName: - type: string - description: Author's first name. - example: "Jane" - lastName: - type: string - description: Author's last name. - example: "Doe" - biography: - type: string - description: A short biography of the author. - example: "Jane Doe is a renowned author of contemporary fiction." - birthDate: - type: string - format: date - description: Author's date of birth. - example: "1980-01-20" - Genre: - type: object - required: - - id - - name - properties: - id: - type: string - format: uuid - description: Unique identifier for the genre. - readOnly: true - example: "f0e1d2c3-b4a5-6789-0123-456789abcdef" - name: - type: string - description: The name of the genre. - example: "Science Fiction" - description: - type: string - description: A brief description of the genre. - example: "Literature that explores imaginative concepts based on scientific or technological advancements." - GenreInput: - type: object - required: - - name - properties: - name: - type: string - description: The name of the genre. - example: "Science Fiction" - description: - type: string - description: A brief description of the genre. - example: "Literature that explores imaginative concepts based on scientific or technological advancements." - Error: - type: object - required: - - code - - message - properties: - code: - type: string - description: An error code. - example: "NOT_FOUND" - message: - type: string - description: A human-readable error message. - example: "The requested resource was not found." - details: - type: object - additionalProperties: true - description: Additional details about the error. - securitySchemes: - ApiKeyAuth: - type: apiKey - in: header - name: X-API-KEY - description: API key for authentication. Use `test-api-key` for testing purposes. - BearerAuth: - type: http - scheme: bearer - bearerFormat: JWT - description: Bearer token for authentication using JWT. - OAuth2Flow: - type: oauth2 - description: OAuth2 authentication for accessing protected resources. - flows: - authorizationCode: - authorizationUrl: https://auth.examplebookstore.com/oauth/authorize - tokenUrl: https://auth.examplebookstore.com/oauth/token - scopes: - "books:read": Read access to books - "books:write": Write access to books - "authors:read": Read access to authors - "authors:write": Write access to authors - "genres:read": Read access to genres - "genres:write": Write access to genres -security: - - ApiKeyAuth: [] - - BearerAuth: [] - - OAuth2Flow: - - "books:read" - - "authors:read" - - "genres:read" \ No newline at end of file diff --git a/specs/common/common.openapi.yaml b/specs/common/common.openapi.yaml deleted file mode 100644 index b19945f..0000000 --- a/specs/common/common.openapi.yaml +++ /dev/null @@ -1,171 +0,0 @@ -openapi: 3.1.0 -info: - title: common -paths: {} -components: - schemas: - common.ActiveStateEnum: - type: string - title: ActiveStateEnum - enum: - - ACTIVE_STATE_ENUM_UNSPECIFIED - - ACTIVE_STATE_ENUM_ACTIVE - - ACTIVE_STATE_ENUM_INACTIVE - - ACTIVE_STATE_ENUM_ANY - description: 'buflint ENUM_VALUE_PREFIX: to make sure that C++ scoping rules aren''t violated when users add new enum values to an enum in a given package' - common.MetadataUpdateEnum: - type: string - title: MetadataUpdateEnum - enum: - - METADATA_UPDATE_ENUM_UNSPECIFIED - - METADATA_UPDATE_ENUM_EXTEND - - METADATA_UPDATE_ENUM_REPLACE - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - common.MetadataMutable: - type: object - properties: - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional labels - title: MetadataMutable - additionalProperties: false - common.MetadataMutable.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.Timestamp: - type: string - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. -security: [] diff --git a/specs/entity/entity.openapi.yaml b/specs/entity/entity.openapi.yaml deleted file mode 100644 index 6484c86..0000000 --- a/specs/entity/entity.openapi.yaml +++ /dev/null @@ -1,100 +0,0 @@ -openapi: 3.1.0 -info: - title: entity -paths: {} -components: - schemas: - entity.Entity.Category: - type: string - title: Category - enum: - - CATEGORY_UNSPECIFIED - - CATEGORY_SUBJECT - - CATEGORY_ENVIRONMENT - entity.Entity: - type: object - oneOf: - - properties: - claims: - title: claims - description: used by ERS claims mode - $ref: '#/components/schemas/google.protobuf.Any' - title: claims - required: - - claims - - properties: - clientId: - type: string - title: client_id - title: client_id - required: - - clientId - - properties: - emailAddress: - type: string - title: email_address - title: email_address - required: - - emailAddress - - properties: - userName: - type: string - title: user_name - title: user_name - required: - - userName - properties: - ephemeralId: - type: string - title: ephemeral_id - description: ephemeral id for tracking between request and response - category: - title: category - $ref: '#/components/schemas/entity.Entity.Category' - title: Entity - additionalProperties: false - description: PE (Person Entity) or NPE (Non-Person Entity) - entity.EntityChain: - type: object - properties: - ephemeralId: - type: string - title: ephemeral_id - description: ephemeral id for tracking between request and response - entities: - type: array - items: - $ref: '#/components/schemas/entity.Entity' - title: entities - title: EntityChain - additionalProperties: false - description: A set of related PE and NPE - entity.Token: - type: object - properties: - ephemeralId: - type: string - title: ephemeral_id - description: ephemeral id for tracking between request and response - jwt: - type: string - title: jwt - description: the token - title: Token - required: - - jwt - additionalProperties: false - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] diff --git a/specs/entityresolution/entity_resolution.openapi.yaml b/specs/entityresolution/entity_resolution.openapi.yaml deleted file mode 100644 index d89cbda..0000000 --- a/specs/entityresolution/entity_resolution.openapi.yaml +++ /dev/null @@ -1,424 +0,0 @@ -openapi: 3.1.0 -info: - title: entityresolution -paths: - /entityresolution/resolve: - post: - tags: - - entityresolution.EntityResolutionService - summary: ResolveEntities - description: 'Deprecated: use v2 ResolveEntities instead' - operationId: entityresolution.EntityResolutionService.ResolveEntities - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/entityresolution.ResolveEntitiesRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/entityresolution.ResolveEntitiesResponse' - /entityresolution/entitychain: - post: - tags: - - entityresolution.EntityResolutionService - summary: CreateEntityChainFromJwt - description: 'Deprecated: use v2 CreateEntityChainsFromTokens instead' - operationId: entityresolution.EntityResolutionService.CreateEntityChainFromJwt - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/entityresolution.CreateEntityChainFromJwtRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/entityresolution.CreateEntityChainFromJwtResponse' -components: - schemas: - authorization.Entity.Category: - type: string - title: Category - enum: - - CATEGORY_UNSPECIFIED - - CATEGORY_SUBJECT - - CATEGORY_ENVIRONMENT - google.protobuf.NullValue: - type: string - title: NullValue - enum: - - NULL_VALUE - description: |- - `NullValue` is a singleton enumeration to represent the null value for the - `Value` type union. - - The JSON representation for `NullValue` is JSON `null`. - authorization.Entity: - type: object - oneOf: - - properties: - claims: - title: claims - $ref: '#/components/schemas/google.protobuf.Any' - title: claims - required: - - claims - - properties: - clientId: - type: string - title: client_id - title: client_id - required: - - clientId - - properties: - custom: - title: custom - $ref: '#/components/schemas/authorization.EntityCustom' - title: custom - required: - - custom - - properties: - emailAddress: - type: string - title: email_address - description: one of the entity options must be set - title: email_address - required: - - emailAddress - - properties: - remoteClaimsUrl: - type: string - title: remote_claims_url - title: remote_claims_url - required: - - remoteClaimsUrl - - properties: - userName: - type: string - title: user_name - title: user_name - required: - - userName - - properties: - uuid: - type: string - title: uuid - title: uuid - required: - - uuid - properties: - id: - type: string - title: id - description: ephemeral id for tracking between request and response - category: - title: category - $ref: '#/components/schemas/authorization.Entity.Category' - title: Entity - additionalProperties: false - description: PE (Person Entity) or NPE (Non-Person Entity) - authorization.EntityChain: - type: object - properties: - id: - type: string - title: id - description: ephemeral id for tracking between request and response - entities: - type: array - items: - $ref: '#/components/schemas/authorization.Entity' - title: entities - title: EntityChain - additionalProperties: false - description: A set of related PE and NPE - authorization.EntityCustom: - type: object - properties: - extension: - title: extension - $ref: '#/components/schemas/google.protobuf.Any' - title: EntityCustom - additionalProperties: false - description: Entity type for custom entities beyond the standard types - authorization.Token: - type: object - properties: - id: - type: string - title: id - description: ephemeral id for tracking between request and response - jwt: - type: string - title: jwt - description: the token - title: Token - additionalProperties: false - entityresolution.CreateEntityChainFromJwtRequest: - type: object - properties: - tokens: - type: array - items: - $ref: '#/components/schemas/authorization.Token' - title: tokens - title: CreateEntityChainFromJwtRequest - additionalProperties: false - description: |- - Example: Get Entity chains for tokens aaaaaa and bbbbbb - { - "tokens": [ - "aaaaaaa", - "bbbbbbbb" - ] - } - entityresolution.CreateEntityChainFromJwtResponse: - type: object - properties: - entityChains: - type: array - items: - $ref: '#/components/schemas/authorization.EntityChain' - title: entity_chains - title: CreateEntityChainFromJwtResponse - additionalProperties: false - description: |- - Example: Return the entity chains from the provided tokens - { - "entity_chains": [ - { - "id": "tok1", - "entities": [ - { - "clientId": "client1" - } - ] - }, - { - "id": "tok2", - "entities": [ - { - "userName": "alice", - "clientId": "client2" - } - ] - } - ] - } - entityresolution.EntityNotFoundError: - type: object - properties: - code: - type: integer - title: code - format: int32 - message: - type: string - title: message - details: - type: array - items: - $ref: '#/components/schemas/google.protobuf.Any' - title: details - entity: - type: string - title: entity - title: EntityNotFoundError - additionalProperties: false - entityresolution.EntityRepresentation: - type: object - properties: - additionalProps: - type: array - items: - $ref: '#/components/schemas/google.protobuf.Struct' - title: additional_props - originalId: - type: string - title: original_id - description: ephemeral entity id from the request - title: EntityRepresentation - additionalProperties: false - entityresolution.ResolveEntitiesRequest: - type: object - properties: - entities: - type: array - items: - $ref: '#/components/schemas/authorization.Entity' - title: entities - title: ResolveEntitiesRequest - additionalProperties: false - description: |- - Example: Get idp attributes for bob and alice (both represented using an email address - { - "entities": [ - { - "id": "e1", - "emailAddress": "bob@example.org" - }, - { - "id": "e2", - "emailAddress": "alice@example.org" - } - ] - } - entityresolution.ResolveEntitiesResponse: - type: object - properties: - entityRepresentations: - type: array - items: - $ref: '#/components/schemas/entityresolution.EntityRepresentation' - title: entity_representations - title: ResolveEntitiesResponse - additionalProperties: false - description: |- - Example: Get idp attributes for bob and alice - { - "entity_representations": [ - { - "idp_entity_id": "e1", - "additional_props": {"someAttr1":"someValue1"} - }, - { - "idp_entity_id": "e2", - "additional_props": {"someAttr2":"someValue2"} - } - ] - } - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. - google.protobuf.ListValue: - type: object - properties: - values: - type: array - items: - $ref: '#/components/schemas/google.protobuf.Value' - title: values - description: Repeated field of dynamically typed values. - title: ListValue - additionalProperties: false - description: |- - `ListValue` is a wrapper around a repeated field of values. - - The JSON representation for `ListValue` is JSON array. - google.protobuf.Struct: - type: object - additionalProperties: - $ref: '#/components/schemas/google.protobuf.Value' - description: |- - `Struct` represents a structured data value, consisting of fields - which map to dynamically typed values. In some languages, `Struct` - might be supported by a native representation. For example, in - scripting languages like JS a struct is represented as an - object. The details of that representation are described together - with the proto support for the language. - - The JSON representation for `Struct` is JSON object. - google.protobuf.Struct.FieldsEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/google.protobuf.Value' - title: FieldsEntry - additionalProperties: false - google.protobuf.Value: - oneOf: - - type: "null" - - type: number - - type: string - - type: boolean - - type: array - - type: object - additionalProperties: true - description: |- - `Value` represents a dynamically typed value which can be either - null, a number, a string, a boolean, a recursive struct value, or a - list of values. A producer of value is expected to set one of these - variants. Absence of any variant indicates an error. - - The JSON representation for `Value` is JSON value. - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' -security: [] -tags: - - name: entityresolution.EntityResolutionService diff --git a/specs/entityresolution/v2/entity_resolution.openapi.yaml b/specs/entityresolution/v2/entity_resolution.openapi.yaml deleted file mode 100644 index c4a839f..0000000 --- a/specs/entityresolution/v2/entity_resolution.openapi.yaml +++ /dev/null @@ -1,360 +0,0 @@ -openapi: 3.1.0 -info: - title: entityresolution.v2 -paths: - /entityresolution.v2.EntityResolutionService/ResolveEntities: - post: - tags: - - entityresolution.v2.EntityResolutionService - summary: ResolveEntities - operationId: entityresolution.v2.EntityResolutionService.ResolveEntities - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/entityresolution.v2.ResolveEntitiesRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/entityresolution.v2.ResolveEntitiesResponse' - /entityresolution.v2.EntityResolutionService/CreateEntityChainsFromTokens: - post: - tags: - - entityresolution.v2.EntityResolutionService - summary: CreateEntityChainsFromTokens - operationId: entityresolution.v2.EntityResolutionService.CreateEntityChainsFromTokens - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/entityresolution.v2.CreateEntityChainsFromTokensRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/entityresolution.v2.CreateEntityChainsFromTokensResponse' -components: - schemas: - entity.Entity.Category: - type: string - title: Category - enum: - - CATEGORY_UNSPECIFIED - - CATEGORY_SUBJECT - - CATEGORY_ENVIRONMENT - google.protobuf.NullValue: - type: string - title: NullValue - enum: - - NULL_VALUE - description: |- - `NullValue` is a singleton enumeration to represent the null value for the - `Value` type union. - - The JSON representation for `NullValue` is JSON `null`. - entity.Entity: - type: object - oneOf: - - properties: - claims: - title: claims - description: used by ERS claims mode - $ref: '#/components/schemas/google.protobuf.Any' - title: claims - required: - - claims - - properties: - clientId: - type: string - title: client_id - title: client_id - required: - - clientId - - properties: - emailAddress: - type: string - title: email_address - title: email_address - required: - - emailAddress - - properties: - userName: - type: string - title: user_name - title: user_name - required: - - userName - properties: - ephemeralId: - type: string - title: ephemeral_id - description: ephemeral id for tracking between request and response - category: - title: category - $ref: '#/components/schemas/entity.Entity.Category' - title: Entity - additionalProperties: false - description: PE (Person Entity) or NPE (Non-Person Entity) - entity.EntityChain: - type: object - properties: - ephemeralId: - type: string - title: ephemeral_id - description: ephemeral id for tracking between request and response - entities: - type: array - items: - $ref: '#/components/schemas/entity.Entity' - title: entities - title: EntityChain - additionalProperties: false - description: A set of related PE and NPE - entity.Token: - type: object - properties: - ephemeralId: - type: string - title: ephemeral_id - description: ephemeral id for tracking between request and response - jwt: - type: string - title: jwt - description: the token - title: Token - required: - - jwt - additionalProperties: false - entityresolution.v2.CreateEntityChainsFromTokensRequest: - type: object - properties: - tokens: - type: array - items: - $ref: '#/components/schemas/entity.Token' - title: tokens - title: CreateEntityChainsFromTokensRequest - additionalProperties: false - description: Create an entity chain for each token (JWT) in the request. - entityresolution.v2.CreateEntityChainsFromTokensResponse: - type: object - properties: - entityChains: - type: array - items: - $ref: '#/components/schemas/entity.EntityChain' - title: entity_chains - title: CreateEntityChainsFromTokensResponse - additionalProperties: false - entityresolution.v2.EntityNotFoundError: - type: object - properties: - code: - type: integer - title: code - format: int32 - message: - type: string - title: message - details: - type: array - items: - $ref: '#/components/schemas/google.protobuf.Any' - title: details - entity: - type: string - title: entity - title: EntityNotFoundError - additionalProperties: false - entityresolution.v2.EntityRepresentation: - type: object - properties: - originalId: - type: string - title: original_id - description: ephemeral entity id from the request - additionalProps: - type: array - items: - $ref: '#/components/schemas/google.protobuf.Struct' - title: additional_props - title: EntityRepresentation - additionalProperties: false - entityresolution.v2.ResolveEntitiesRequest: - type: object - properties: - entities: - type: array - items: - $ref: '#/components/schemas/entity.Entity' - title: entities - minItems: 1 - title: ResolveEntitiesRequest - required: - - entities - additionalProperties: false - description: Resolve a set of entities to their representations. - entityresolution.v2.ResolveEntitiesResponse: - type: object - properties: - entityRepresentations: - type: array - items: - $ref: '#/components/schemas/entityresolution.v2.EntityRepresentation' - title: entity_representations - title: ResolveEntitiesResponse - additionalProperties: false - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. - google.protobuf.ListValue: - type: object - properties: - values: - type: array - items: - $ref: '#/components/schemas/google.protobuf.Value' - title: values - description: Repeated field of dynamically typed values. - title: ListValue - additionalProperties: false - description: |- - `ListValue` is a wrapper around a repeated field of values. - - The JSON representation for `ListValue` is JSON array. - google.protobuf.Struct: - type: object - additionalProperties: - $ref: '#/components/schemas/google.protobuf.Value' - description: |- - `Struct` represents a structured data value, consisting of fields - which map to dynamically typed values. In some languages, `Struct` - might be supported by a native representation. For example, in - scripting languages like JS a struct is represented as an - object. The details of that representation are described together - with the proto support for the language. - - The JSON representation for `Struct` is JSON object. - google.protobuf.Struct.FieldsEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/google.protobuf.Value' - title: FieldsEntry - additionalProperties: false - google.protobuf.Value: - oneOf: - - type: "null" - - type: number - - type: string - - type: boolean - - type: array - - type: object - additionalProperties: true - description: |- - `Value` represents a dynamically typed value which can be either - null, a number, a string, a boolean, a recursive struct value, or a - list of values. A producer of value is expected to set one of these - variants. Absence of any variant indicates an error. - - The JSON representation for `Value` is JSON value. - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' -security: [] -tags: - - name: entityresolution.v2.EntityResolutionService diff --git a/specs/kas/kas.openapi.yaml b/specs/kas/kas.openapi.yaml deleted file mode 100644 index 681fa23..0000000 --- a/specs/kas/kas.openapi.yaml +++ /dev/null @@ -1,503 +0,0 @@ -openapi: 3.1.0 -info: - title: kas -paths: - /kas/v2/kas_public_key: - get: - tags: - - kas.AccessService - summary: PublicKey - operationId: kas.AccessService.PublicKey - parameters: - - name: algorithm - in: query - schema: - type: string - title: algorithm - - name: fmt - in: query - schema: - type: string - title: fmt - - name: v - in: query - schema: - type: string - title: v - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/kas.PublicKeyResponse' - /kas/kas_public_key: - get: - tags: - - kas.AccessService - summary: LegacyPublicKey - description: |- - Endpoint intended for gRPC Gateway's REST endpoint to provide v1 compatibility with older TDF clients - - This endpoint is not recommended for use in new applications, prefer the v2 endpoint ('PublicKey') instead. - - buf:lint:ignore RPC_RESPONSE_STANDARD_NAME - operationId: kas.AccessService.LegacyPublicKey - parameters: - - name: algorithm - in: query - schema: - type: string - title: algorithm - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/google.protobuf.StringValue' - /kas/v2/rewrap: - post: - tags: - - kas.AccessService - summary: Rewrap - operationId: kas.AccessService.Rewrap - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/kas.RewrapRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/kas.RewrapResponse' -components: - schemas: - google.protobuf.NullValue: - type: string - title: NullValue - enum: - - NULL_VALUE - description: |- - `NullValue` is a singleton enumeration to represent the null value for the - `Value` type union. - - The JSON representation for `NullValue` is JSON `null`. - google.protobuf.ListValue: - type: object - properties: - values: - type: array - items: - $ref: '#/components/schemas/google.protobuf.Value' - title: values - description: Repeated field of dynamically typed values. - title: ListValue - additionalProperties: false - description: |- - `ListValue` is a wrapper around a repeated field of values. - - The JSON representation for `ListValue` is JSON array. - google.protobuf.StringValue: - type: string - description: |- - Wrapper message for `string`. - - The JSON representation for `StringValue` is JSON string. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Struct: - type: object - additionalProperties: - $ref: '#/components/schemas/google.protobuf.Value' - description: |- - `Struct` represents a structured data value, consisting of fields - which map to dynamically typed values. In some languages, `Struct` - might be supported by a native representation. For example, in - scripting languages like JS a struct is represented as an - object. The details of that representation are described together - with the proto support for the language. - - The JSON representation for `Struct` is JSON object. - google.protobuf.Struct.FieldsEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/google.protobuf.Value' - title: FieldsEntry - additionalProperties: false - google.protobuf.Value: - oneOf: - - type: "null" - - type: number - - type: string - - type: boolean - - type: array - - type: object - additionalProperties: true - description: |- - `Value` represents a dynamically typed value which can be either - null, a number, a string, a boolean, a recursive struct value, or a - list of values. A producer of value is expected to set one of these - variants. Absence of any variant indicates an error. - - The JSON representation for `Value` is JSON value. - kas.InfoRequest: - type: object - title: InfoRequest - additionalProperties: false - description: Intentionally empty. May include features later. - kas.InfoResponse: - type: object - properties: - version: - type: string - title: version - title: InfoResponse - additionalProperties: false - description: Service application level metadata - kas.KeyAccess: - type: object - properties: - encryptedMetadata: - type: string - title: encrypted_metadata - policyBinding: - title: policy_binding - $ref: '#/components/schemas/kas.PolicyBinding' - protocol: - type: string - title: protocol - type: - type: string - title: key_type - url: - type: string - title: kas_url - kid: - type: string - title: kid - sid: - type: string - title: split_id - wrappedKey: - type: string - title: wrapped_key - format: byte - header: - type: string - title: header - format: byte - description: header is only used for NanoTDFs - ephemeralPublicKey: - type: string - title: ephemeral_public_key - description: |- - For wrapping with an ECDH derived key, when type=ec-wrapped. - Should be a PEM-encoded PKCS#8 (asn.1) value. - title: KeyAccess - additionalProperties: false - kas.KeyAccessRewrapResult: - type: object - oneOf: - - properties: - error: - type: string - title: error - title: error - required: - - error - - properties: - kasWrappedKey: - type: string - title: kas_wrapped_key - format: byte - title: kas_wrapped_key - required: - - kasWrappedKey - properties: - metadata: - type: object - title: metadata - additionalProperties: - title: value - $ref: '#/components/schemas/google.protobuf.Value' - keyAccessObjectId: - type: string - title: key_access_object_id - status: - type: string - title: status - title: KeyAccessRewrapResult - additionalProperties: false - kas.KeyAccessRewrapResult.MetadataEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/google.protobuf.Value' - title: MetadataEntry - additionalProperties: false - kas.LegacyPublicKeyRequest: - type: object - properties: - algorithm: - type: string - title: algorithm - title: LegacyPublicKeyRequest - additionalProperties: false - kas.PolicyBinding: - type: object - properties: - alg: - type: string - title: algorithm - hash: - type: string - title: hash - title: PolicyBinding - additionalProperties: false - kas.PolicyRewrapResult: - type: object - properties: - policyId: - type: string - title: policy_id - results: - type: array - items: - $ref: '#/components/schemas/kas.KeyAccessRewrapResult' - title: results - title: PolicyRewrapResult - additionalProperties: false - kas.PublicKeyRequest: - type: object - properties: - algorithm: - type: string - title: algorithm - fmt: - type: string - title: fmt - v: - type: string - title: v - title: PublicKeyRequest - additionalProperties: false - kas.PublicKeyResponse: - type: object - properties: - publicKey: - type: string - title: public_key - kid: - type: string - title: kid - title: PublicKeyResponse - additionalProperties: false - kas.RewrapRequest: - type: object - properties: - signedRequestToken: - type: string - title: signed_request_token - title: RewrapRequest - additionalProperties: false - kas.RewrapResponse: - type: object - properties: - metadata: - type: object - title: metadata - additionalProperties: - title: value - $ref: '#/components/schemas/google.protobuf.Value' - deprecated: true - entityWrappedKey: - type: string - title: entity_wrapped_key - format: byte - deprecated: true - sessionPublicKey: - type: string - title: session_public_key - schemaVersion: - type: string - title: schema_version - deprecated: true - responses: - type: array - items: - $ref: '#/components/schemas/kas.PolicyRewrapResult' - title: responses - description: New Rewrap API changes - title: RewrapResponse - additionalProperties: false - kas.RewrapResponse.MetadataEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/google.protobuf.Value' - title: MetadataEntry - additionalProperties: false - kas.UnsignedRewrapRequest: - type: object - properties: - clientPublicKey: - type: string - title: client_public_key - requests: - type: array - items: - $ref: '#/components/schemas/kas.UnsignedRewrapRequest.WithPolicyRequest' - title: requests - keyAccess: - title: key_access - description: Used for legacy non-bulk requests - deprecated: true - $ref: '#/components/schemas/kas.KeyAccess' - policy: - type: string - title: policy - description: Used for legacy non-bulk requests - deprecated: true - algorithm: - type: string - title: algorithm - description: Used for legacy non-bulk requests - deprecated: true - title: UnsignedRewrapRequest - additionalProperties: false - kas.UnsignedRewrapRequest.WithKeyAccessObject: - type: object - properties: - keyAccessObjectId: - type: string - title: key_access_object_id - keyAccessObject: - title: key_access_object - $ref: '#/components/schemas/kas.KeyAccess' - title: WithKeyAccessObject - additionalProperties: false - kas.UnsignedRewrapRequest.WithPolicy: - type: object - properties: - id: - type: string - title: id - body: - type: string - title: body - title: WithPolicy - additionalProperties: false - kas.UnsignedRewrapRequest.WithPolicyRequest: - type: object - properties: - keyAccessObjects: - type: array - items: - $ref: '#/components/schemas/kas.UnsignedRewrapRequest.WithKeyAccessObject' - title: key_access_objects - policy: - title: policy - $ref: '#/components/schemas/kas.UnsignedRewrapRequest.WithPolicy' - algorithm: - type: string - title: algorithm - title: WithPolicyRequest - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: kas.AccessService - description: Get app info from the root path diff --git a/specs/petstore.yaml b/specs/petstore.yaml deleted file mode 100644 index c31ac04..0000000 --- a/specs/petstore.yaml +++ /dev/null @@ -1,1271 +0,0 @@ -openapi: 3.0.0 -servers: - - url: https://petstore.swagger.io/v2 - description: Default server - - url: https://petstore.swagger.io/sandbox - description: Sandbox server - - url: http://127.0.0.1:4010 - description: Prism Mock API (local) -info: - description: | - This is a sample server Petstore server. - You can find out more about Swagger at - [http://swagger.io](http://swagger.io) or on [irc.freenode.net, #swagger](http://swagger.io/irc/). - For this sample, you can use the api key `special-key` to test the authorization filters. - - ## Introduction - This API is documented in **OpenAPI format** and is based on - [Petstore sample](http://petstore.swagger.io/) provided by [swagger.io](http://swagger.io) team. - It was **extended** to illustrate features of [generator-openapi-repo](https://github.com/Rebilly/generator-openapi-repo) - tool and [ReDoc](https://github.com/Redocly/redoc) documentation. In addition to standard - OpenAPI syntax we use a few [vendor extensions](https://github.com/Redocly/redoc/blob/master/docs/redoc-vendor-extensions.md). - - ## OpenAPI Specification - This API is documented in **OpenAPI format** and is based on - [Petstore sample](http://petstore.swagger.io/) provided by [swagger.io](http://swagger.io) team. - It was **extended** to illustrate features of [generator-openapi-repo](https://github.com/Rebilly/generator-openapi-repo) - tool and [ReDoc](https://github.com/Redocly/redoc) documentation. In addition to standard - OpenAPI syntax we use a few [vendor extensions](https://github.com/Redocly/redoc/blob/master/docs/redoc-vendor-extensions.md). - - ## Cross-Origin Resource Sharing - This API features Cross-Origin Resource Sharing (CORS) implemented in compliance with [W3C spec](https://www.w3.org/TR/cors/). - And that allows cross-domain communication from the browser. - All responses have a wildcard same-origin which makes them completely public and accessible to everyone, including any code on any site. - - ## Authentication - - Petstore offers two forms of authentication: - - API Key - - OAuth2 - - OAuth2 - an open protocol to allow secure authorization in a simple - and standard method from web, mobile and desktop applications. - - version: 2.0.0 - title: Swagger Petstore YAML - termsOfService: "http://swagger.io/terms/" - contact: - name: API Support - email: apiteam@swagger.io - url: https://github.com/Redocly/redoc - x-logo: - url: "https://redocly.github.io/redoc/petstore-logo.png" - altText: Petstore logo - x-dark-logo: - url: "/img/petstore-logo-dark.png" - altText: "Petstore dark logo" - license: - name: Apache 2.0 - url: "http://www.apache.org/licenses/LICENSE-2.0.html" -externalDocs: - description: Find out how to create Github repo for your OpenAPI spec. - url: "https://github.com/Rebilly/generator-openapi-repo" -tags: - - name: pet - description: Everything about your Pets - x-displayName: Pets - - name: store - description: Access to Petstore orders - x-displayName: Petstore Orders - - name: user - description: Operations about user - x-displayName: Users - - name: pet_model - x-displayName: The Pet Model - description: | - - - name: store_model - x-displayName: The Order Model - description: | - -x-tagGroups: - - name: General - tags: - - pet - - store - - name: User Management - tags: - - user - - name: Models - tags: - - pet_model - - store_model -paths: - /pet: - parameters: - - name: Accept-Language - in: header - description: "The language you prefer for messages. Supported values are en-AU, en-CA, en-GB, en-US" - example: en-US - required: false - schema: - type: string - default: en-AU - - name: cookieParam - in: cookie - description: Some cookie - required: true - schema: - type: integer - format: int64 - post: - tags: - - pet - summary: Add a new pet to the store - description: Add new pet to the store inventory. - operationId: addPet - responses: - "405": - description: Invalid input - security: - - petstore_auth: - - "write:pets" - - "read:pets" - - api_key: [] - - ApiKeyAuth: [] - - BasicAuth: [] - - BearerAuth: [] - - OAuth2: [] - - OpenID: [] - - x-codeSamples: - - lang: "C#" - source: | - PetStore.v1.Pet pet = new PetStore.v1.Pet(); - pet.setApiKey("your api key"); - pet.petType = PetStore.v1.Pet.TYPE_DOG; - pet.name = "Rex"; - // set other fields - PetStoreResponse response = pet.create(); - if (response.statusCode == HttpStatusCode.Created) - { - // Successfully created - } - else - { - // Something wrong -- check response for errors - Console.WriteLine(response.getRawResponse()); - } - - lang: PHP - label: Custom - source: | - $form = new \PetStore\Entities\Pet(); - $form->setPetType("Dog"); - $form->setName("Rex"); - // set other fields - try { - $pet = $client->pets()->create($form); - } catch (UnprocessableEntityException $e) { - var_dump($e->getErrors()); - } - requestBody: - $ref: "#/components/requestBodies/Pet" - put: - tags: - - pet - summary: Update an existing pet - description: "" - operationId: updatePet - responses: - "400": - description: Invalid ID supplied - "404": - description: Pet not found - "405": - description: Validation exception - security: - - petstore_auth: - - "write:pets" - - "read:pets" - x-codeSamples: - - lang: PHP - source: | - $form = new \PetStore\Entities\Pet(); - $form->setPetId(1); - $form->setPetType("Dog"); - $form->setName("Rex"); - // set other fields - try { - $pet = $client->pets()->update($form); - } catch (UnprocessableEntityException $e) { - var_dump($e->getErrors()); - } - requestBody: - $ref: "#/components/requestBodies/Pet" - "/pet/{petId}": - get: - tags: - - pet - summary: Find pet by ID - description: Returns a single pet - operationId: getPetById - parameters: - - name: petId - in: path - description: ID of pet to return - required: true - deprecated: true - schema: - type: integer - format: int64 - responses: - "200": - description: successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/Pet" - application/xml: - schema: - $ref: "#/components/schemas/Pet" - - "400": - description: Invalid ID supplied - "404": - description: Pet not found - security: - - api_key: [] - post: - tags: - - pet - summary: Updates a pet in the store with form data - description: "" - operationId: updatePetWithForm - parameters: - - name: petId - in: path - description: ID of pet that needs to be updated - required: true - schema: - type: integer - format: int64 - responses: - "405": - description: Invalid input - security: - - petstore_auth: - - "write:pets" - - "read:pets" - requestBody: - content: - application/x-www-form-urlencoded: - schema: - type: object - properties: - name: - description: Updated name of the pet - type: string - status: - description: Updated status of the pet - type: string - delete: - tags: - - pet - summary: Deletes a pet - description: "" - operationId: deletePet - parameters: - - name: api_key - in: header - required: false - schema: - type: string - example: "Bearer " - - name: petId - in: path - description: Pet id to delete - required: true - schema: - type: integer - format: int64 - responses: - "400": - description: Invalid pet value - security: - - petstore_auth: - - "write:pets" - - "read:pets" - "/pet/{petId}/uploadImage": - post: - tags: - - pet - summary: uploads an image - description: "" - operationId: uploadFile - parameters: - - name: petId - in: path - description: ID of pet to update - required: true - schema: - type: integer - format: int64 - responses: - "200": - description: successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/ApiResponse" - security: - - petstore_auth: - - "write:pets" - - "read:pets" - requestBody: - content: - application/octet-stream: - schema: - type: string - format: binary - /pet/findByStatus: - get: - tags: - - pet - summary: Finds Pets by status - description: Multiple status values can be provided with comma separated strings - operationId: findPetsByStatus - parameters: - - name: status - in: query - description: Status values that need to be considered for filter - required: true - style: form - schema: - type: array - minItems: 1 - maxItems: 3 - items: - type: string - enum: - - available - - pending - - sold - default: available - responses: - "200": - description: successful operation - content: - application/json: - schema: - type: array - items: - $ref: "#/components/schemas/Pet" - application/xml: - schema: - type: array - items: - $ref: "#/components/schemas/Pet" - "400": - description: Invalid status value - security: - - api_key: [] - /pet/findByTags: - get: - tags: - - pet - summary: Finds Pets by tags - description: >- - Multiple tags can be provided with comma separated strings. Use tag1, - tag2, tag3 for testing. - operationId: findPetsByTags - deprecated: true - parameters: - - name: tags - in: query - description: Tags to filter by - required: true - style: form - schema: - type: array - items: - type: string - responses: - "200": - description: successful operation - content: - application/json: - schema: - type: array - items: - $ref: "#/components/schemas/Pet" - application/xml: - schema: - type: array - items: - $ref: "#/components/schemas/Pet" - "400": - description: Invalid tag value - security: - - petstore_auth: - - "write:pets" - - "read:pets" - /store/inventory: - get: - tags: - - store - summary: Returns pet inventories by status - description: Returns a map of status codes to quantities - operationId: getInventory - responses: - "200": - description: successful operation - content: - application/json: - schema: - type: object - additionalProperties: - type: integer - format: int32 - security: - - api_key: [] - /store/order: - post: - tags: - - store - summary: Place an order for a pet - description: "" - operationId: placeOrder - responses: - "200": - description: successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/Order" - application/xml: - schema: - $ref: "#/components/schemas/Order" - "400": - description: Invalid Order - content: - application/json: - example: - status: 400 - message: "Invalid Order" - requestBody: - content: - application/json: - schema: - $ref: "#/components/schemas/Order" - examples: - OrderDelivered: - summary: Order delivered - value: - quantity: 4 - shipDate: 2022-10-12 - status: delivered - requestId: 444-4444-444-4444 - OrderPlaced: - summary: Order placed - value: - quantity: 10 - shipDate: 2022-10-01 - status: placed - requestId: 111-222-333-444 - OrderApproved: - summary: Order approved - value: - quantity: 1000 - shipDate: 2022-09-01 - status: approved - requestId: 000-111-222-333 - description: order placed for purchasing the pet - required: true - "/store/order/{orderId}": - get: - tags: - - store - summary: Find purchase order by ID - description: >- - For valid response try integer IDs with value <= 5 or > 10. Other values - will generated exceptions - operationId: getOrderById - parameters: - - name: orderId - in: path - description: ID of pet that needs to be fetched - required: true - schema: - type: integer - format: int64 - minimum: 1 - maximum: 5 - responses: - "200": - description: successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/Order" - application/xml: - schema: - $ref: "#/components/schemas/Order" - "400": - description: Invalid ID supplied - "404": - description: Order not found - delete: - tags: - - store - summary: Delete purchase order by ID - description: >- - For valid response try integer IDs with value < 1000. Anything above - 1000 or nonintegers will generate API errors - operationId: deleteOrder - parameters: - - name: orderId - in: path - description: ID of the order that needs to be deleted - required: true - schema: - type: string - minimum: 1 - responses: - "400": - description: Invalid ID supplied - "404": - description: Order not found - /store/subscribe: - post: - tags: - - store - summary: Subscribe to the Store events - description: Add subscription for a store events - requestBody: - content: - application/json: - schema: - type: object - properties: - callbackUrl: - type: string - format: uri - description: This URL will be called by the server when the desired event will occur - example: https://myserver.com/send/callback/here - eventName: - type: string - description: Event name for the subscription - enum: - - orderInProgress - - orderShipped - - orderDelivered - example: orderInProgress - required: - - callbackUrl - - eventName - responses: - "201": - description: Subscription added - content: - application/json: - schema: - type: object - properties: - subscriptionId: - type: string - example: AAA-123-BBB-456 - callbacks: - orderInProgress: - "{$request.body#/callbackUrl}?event={$request.body#/eventName}": - servers: - - url: //callback-url.path-level/v1 - description: Path level server 1 - - url: //callback-url.path-level/v2 - description: Path level server 2 - post: - summary: Order in Progress (Summary) - description: A callback triggered every time an Order is updated status to "inProgress" (Description) - externalDocs: - description: Find out more - url: "https://more-details.com/demo" - requestBody: - content: - application/json: - schema: - type: object - properties: - orderId: - type: string - example: "123" - timestamp: - type: string - format: date-time - example: "2018-10-19T16:46:45Z" - status: - type: string - example: "inProgress" - application/xml: - schema: - type: object - properties: - orderId: - type: string - example: "123" - example: | - - - 123 - inProgress - 2018-10-19T16:46:45Z - - responses: - "200": - description: Callback successfully processed and no retries will be performed - content: - application/json: - schema: - type: object - properties: - someProp: - type: string - example: "123" - "299": - description: Response for cancelling subscription - "500": - description: Callback processing failed and retries will be performed - x-codeSamples: - - lang: "C#" - source: | - PetStore.v1.Pet pet = new PetStore.v1.Pet(); - pet.setApiKey("your api key"); - pet.petType = PetStore.v1.Pet.TYPE_DOG; - pet.name = "Rex"; - // set other fields - PetStoreResponse response = pet.create(); - if (response.statusCode == HttpStatusCode.Created) - { - // Successfully created - } - else - { - // Something wrong -- check response for errors - Console.WriteLine(response.getRawResponse()); - } - - lang: PHP - source: | - $form = new \PetStore\Entities\Pet(); - $form->setPetType("Dog"); - $form->setName("Rex"); - // set other fields - try { - $pet = $client->pets()->create($form); - } catch (UnprocessableEntityException $e) { - var_dump($e->getErrors()); - } - put: - description: Order in Progress (Only Description) - servers: - - url: //callback-url.operation-level/v1 - description: Operation level server 1 (Operation override) - - url: //callback-url.operation-level/v2 - description: Operation level server 2 (Operation override) - requestBody: - content: - application/json: - schema: - type: object - properties: - orderId: - type: string - example: "123" - timestamp: - type: string - format: date-time - example: "2018-10-19T16:46:45Z" - status: - type: string - example: "inProgress" - application/xml: - schema: - type: object - properties: - orderId: - type: string - example: "123" - example: | - - - 123 - inProgress - 2018-10-19T16:46:45Z - - responses: - "200": - description: Callback successfully processed and no retries will be performed - content: - application/json: - schema: - type: object - properties: - someProp: - type: string - example: "123" - orderShipped: - "{$request.body#/callbackUrl}?event={$request.body#/eventName}": - post: - description: A callback triggered every time an Order is shipped to the recipient - requestBody: - content: - application/json: - schema: - type: object - properties: - orderId: - type: string - example: "123" - timestamp: - type: string - format: date-time - example: "2018-10-19T16:46:45Z" - estimatedDeliveryDate: - type: string - format: date-time - example: "2018-11-11T16:00:00Z" - responses: - "200": - description: Callback successfully processed and no retries will be performed - orderDelivered: - "http://notificationServer.com?url={$request.body#/callbackUrl}&event={$request.body#/eventName}": - post: - deprecated: true - summary: Order delivered - description: A callback triggered every time an Order is delivered to the recipient - requestBody: - content: - application/json: - schema: - type: object - properties: - orderId: - type: string - example: "123" - timestamp: - type: string - format: date-time - example: "2018-10-19T16:46:45Z" - responses: - "200": - description: Callback successfully processed and no retries will be performed - /user: - post: - tags: - - user - summary: Create user - description: This can only be done by the logged in user. - operationId: createUser - responses: - default: - description: successful operation - requestBody: - content: - application/json: - schema: - $ref: "#/components/schemas/User" - description: Created user object - required: true - "/user/{username}": - get: - tags: - - user - summary: Get user by user name - description: "" - operationId: getUserByName - parameters: - - name: username - in: path - description: "The name that needs to be fetched. Use user1 for testing. " - required: true - schema: - type: string - responses: - "200": - description: successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/User" - application/xml: - schema: - $ref: "#/components/schemas/User" - "400": - description: Invalid username supplied - "404": - description: User not found - put: - tags: - - user - summary: Updated user - description: This can only be done by the logged in user. - operationId: updateUser - parameters: - - name: username - in: path - description: name that need to be deleted - required: true - schema: - type: string - responses: - "400": - description: Invalid user supplied - "404": - description: User not found - requestBody: - content: - application/json: - schema: - $ref: "#/components/schemas/User" - description: Updated user object - required: true - delete: - tags: - - user - summary: Delete user - description: This can only be done by the logged in user. - operationId: deleteUser - parameters: - - name: username - in: path - description: The name that needs to be deleted - required: true - schema: - type: string - responses: - "400": - description: Invalid username supplied - "404": - description: User not found - /user/createWithArray: - post: - tags: - - user - summary: Creates list of users with given input array - description: "" - operationId: createUsersWithArrayInput - responses: - default: - description: successful operation - requestBody: - $ref: "#/components/requestBodies/UserArray" - /user/createWithList: - post: - tags: - - user - summary: Creates list of users with given input list - description: "" - operationId: createUsersWithListInput - responses: - default: - description: successful operation - requestBody: - $ref: "#/components/requestBodies/UserArray" - /user/login: - get: - tags: - - user - summary: Logs user into the system - description: "" - operationId: loginUser - parameters: - - name: username - in: query - description: The user name for login - required: true - schema: - type: string - - name: password - in: query - description: The password for login in clear text - required: true - schema: - type: string - responses: - "200": - description: successful operation - headers: - X-Rate-Limit: - description: calls per hour allowed by the user - schema: - type: integer - format: int32 - X-Expires-After: - description: date in UTC when token expires - schema: - type: string - format: date-time - content: - application/json: - schema: - type: string - examples: - response: - value: OK - application/xml: - schema: - type: string - examples: - response: - value: OK - text/plain: - examples: - response: - value: OK - "400": - description: Invalid username/password supplied - /user/logout: - get: - tags: - - user - summary: Logs out current logged in user session - description: "" - operationId: logoutUser - responses: - default: - description: successful operation -components: - schemas: - ApiResponse: - type: object - properties: - code: - type: integer - format: int32 - type: - type: string - message: - type: string - Cat: - x-tags: - - pet - description: A representation of a cat - allOf: - - $ref: "#/components/schemas/Pet" - - type: object - properties: - huntingSkill: - type: string - description: The measured skill for hunting - default: lazy - example: adventurous - enum: - - clueless - - lazy - - adventurous - - aggressive - required: - - huntingSkill - Category: - type: object - properties: - id: - description: Category ID - allOf: - - $ref: "#/components/schemas/Id" - name: - description: Category name - type: string - minLength: 1 - sub: - description: Test Sub Category - type: object - properties: - prop1: - type: string - description: Dumb Property - xml: - name: Category - Dog: - description: A representation of a dog - allOf: - - $ref: "#/components/schemas/Pet" - - type: object - properties: - packSize: - type: integer - format: int32 - description: The size of the pack the dog is from - default: 1 - minimum: 1 - required: - - packSize - HoneyBee: - description: A representation of a honey bee - allOf: - - $ref: "#/components/schemas/Pet" - - type: object - properties: - honeyPerDay: - type: number - description: Average amount of honey produced per day in ounces - example: 3.14 - multipleOf: .01 - default: 0 - required: - - honeyPerDay - Id: - type: integer - format: int64 - readOnly: true - Order: - type: object - properties: - id: - description: Order ID - allOf: - - $ref: "#/components/schemas/Id" - petId: - description: Pet ID - allOf: - - $ref: "#/components/schemas/Id" - quantity: - type: integer - format: int32 - minimum: 1 - default: 1 - shipDate: - description: Estimated ship date - type: string - format: date-time - status: - type: string - description: Order Status - enum: - - placed - - approved - - delivered - complete: - description: Indicates whenever order was completed or not - type: boolean - default: false - readOnly: true - requestId: - description: Unique Request Id - type: string - writeOnly: true - xml: - name: Order - Pet: - type: object - required: - - name - - photoUrls - - tags - discriminator: - propertyName: petType - mapping: - cat: "#/components/schemas/Cat" - dog: "#/components/schemas/Dog" - bee: "#/components/schemas/HoneyBee" - properties: - id: - externalDocs: - description: "Find more info here" - url: "https://example.com" - description: Pet ID - allOf: - - $ref: "#/components/schemas/Id" - category: - description: Categories this pet belongs to - allOf: - - $ref: "#/components/schemas/Category" - name: - description: The name given to a pet - type: string - example: Guru - photoUrls: - description: The list of URL to a cute photos featuring pet - type: array - maxItems: 20 - xml: - name: photoUrl - wrapped: true - items: - type: string - format: url - friend: - allOf: - - $ref: "#/components/schemas/Pet" - tags: - description: Tags attached to the pet - type: array - minItems: 1 - xml: - name: tag - wrapped: true - items: - $ref: "#/components/schemas/Tag" - status: - type: string - description: Pet status in the store - enum: - - available - - pending - - sold - petType: - description: Type of a pet - type: string - oneOf: - - $ref: "#/components/schemas/Cat" - - $ref: "#/components/schemas/Dog" - - $ref: "#/components/schemas/HoneyBee" - xml: - name: Pet - Tag: - type: object - properties: - id: - description: Tag ID - allOf: - - $ref: "#/components/schemas/Id" - name: - description: Tag name - type: string - minLength: 1 - xml: - name: Tag - User: - type: object - properties: - id: - $ref: "#/components/schemas/Id" - pet: - oneOf: - - $ref: "#/components/schemas/Pet" - - $ref: "#/components/schemas/Tag" - username: - description: User supplied username - type: string - minLength: 4 - example: John78 - firstName: - description: User first name - type: string - minLength: 1 - example: John - lastName: - description: User last name - type: string - minLength: 1 - example: Smith - email: - description: User email address - type: string - format: email - example: john.smith@example.com - password: - type: string - description: >- - User password, MUST contain a mix of upper and lower case letters, - as well as digits - format: password - minLength: 8 - pattern: "/(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])/" - example: drowssaP123 - phone: - description: User phone number in international format - type: string - pattern: '/^\+(?:[0-9]-?){6,14}[0-9]$/' - example: +1-202-555-0192 - userStatus: - description: User status - type: integer - format: int32 - xml: - name: User - requestBodies: - Pet: - content: - application/json: - schema: - allOf: - - description: My Pet - title: Pettie - - $ref: "#/components/schemas/Pet" - example: - category: - name: Great Dane - sub: - prop1: Just a test property - name: Pepper - photoUrls: - - https://assets.orvis.com/is/image/orvisprd/great-dane - tags: - - name: Great Danes - status: pending - petType: - huntingSkill: lazy - application/xml: - schema: - type: "object" - properties: - name: - type: string - description: hooray - description: Pet object that needs to be added to the store - required: true - UserArray: - content: - application/json: - schema: - type: array - items: - $ref: "#/components/schemas/User" - description: List of user object - required: true - securitySchemes: - petstore_auth: - description: | - Get access to data while protecting your account credentials. - OAuth2 is also a safer and more secure way to give you access. - type: oauth2 - flows: - implicit: - authorizationUrl: "http://petstore.swagger.io/api/oauth/dialog" - scopes: - "write:pets": modify pets in your account - "read:pets": read your pets - api_key: - description: > - For this sample, you can use the api key `special-key` to test the - authorization filters. - type: apiKey - name: api_key - in: header - BasicAuth: - type: http - scheme: basic - BearerAuth: - type: http - scheme: bearer - ApiKeyAuth: - type: apiKey - in: header - name: X-API-Key - OpenID: - type: openIdConnect - openIdConnectUrl: https://example.com/.well-known/openid-configuration - OAuth2: - type: oauth2 - flows: - authorizationCode: - authorizationUrl: https://example.com/oauth/authorize - tokenUrl: https://example.com/oauth/token - scopes: - read: Grants read access - write: Grants write access - admin: Grants access to admin operations -x-webhooks: - newPet: - post: - summary: New pet - description: Information about a new pet in the systems - operationId: newPet - tags: - - pet - requestBody: - content: - application/json: - schema: - $ref: "#/components/schemas/Pet" - responses: - "200": - description: Return a 200 status to indicate that the data was received successfully diff --git a/specs/policy/actions/actions.openapi.yaml b/specs/policy/actions/actions.openapi.yaml deleted file mode 100644 index ffe40af..0000000 --- a/specs/policy/actions/actions.openapi.yaml +++ /dev/null @@ -1,1255 +0,0 @@ -openapi: 3.1.0 -info: - title: policy.actions -paths: - /policy.actions.ActionService/GetAction: - post: - tags: - - policy.actions.ActionService - summary: GetAction - operationId: policy.actions.ActionService.GetAction - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.actions.GetActionRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.actions.GetActionResponse' - /policy.actions.ActionService/ListActions: - post: - tags: - - policy.actions.ActionService - summary: ListActions - operationId: policy.actions.ActionService.ListActions - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.actions.ListActionsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.actions.ListActionsResponse' - /policy.actions.ActionService/CreateAction: - post: - tags: - - policy.actions.ActionService - summary: CreateAction - operationId: policy.actions.ActionService.CreateAction - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.actions.CreateActionRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.actions.CreateActionResponse' - /policy.actions.ActionService/UpdateAction: - post: - tags: - - policy.actions.ActionService - summary: UpdateAction - operationId: policy.actions.ActionService.UpdateAction - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.actions.UpdateActionRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.actions.UpdateActionResponse' - /policy.actions.ActionService/DeleteAction: - post: - tags: - - policy.actions.ActionService - summary: DeleteAction - operationId: policy.actions.ActionService.DeleteAction - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.actions.DeleteActionRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.actions.DeleteActionResponse' -components: - schemas: - common.MetadataUpdateEnum: - type: string - title: MetadataUpdateEnum - enum: - - METADATA_UPDATE_ENUM_UNSPECIFIED - - METADATA_UPDATE_ENUM_EXTEND - - METADATA_UPDATE_ENUM_REPLACE - policy.Action.StandardAction: - type: string - title: StandardAction - enum: - - STANDARD_ACTION_UNSPECIFIED - - STANDARD_ACTION_DECRYPT - - STANDARD_ACTION_TRANSMIT - policy.Algorithm: - type: string - title: Algorithm - enum: - - ALGORITHM_UNSPECIFIED - - ALGORITHM_RSA_2048 - - ALGORITHM_RSA_4096 - - ALGORITHM_EC_P256 - - ALGORITHM_EC_P384 - - ALGORITHM_EC_P521 - description: Supported key algorithms. - policy.AttributeRuleTypeEnum: - type: string - title: AttributeRuleTypeEnum - enum: - - ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED - - ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF - - ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF - - ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY - policy.ConditionBooleanTypeEnum: - type: string - title: ConditionBooleanTypeEnum - enum: - - CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED - - CONDITION_BOOLEAN_TYPE_ENUM_AND - - CONDITION_BOOLEAN_TYPE_ENUM_OR - policy.KasPublicKeyAlgEnum: - type: string - title: KasPublicKeyAlgEnum - enum: - - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048 - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 - policy.SourceType: - type: string - title: SourceType - enum: - - SOURCE_TYPE_UNSPECIFIED - - SOURCE_TYPE_INTERNAL - - SOURCE_TYPE_EXTERNAL - description: |- - Describes whether this kas is managed by the organization or if they imported - the kas information from an external party. These two modes are necessary in order - to encrypt a tdf dek with an external parties kas public key. - policy.SubjectMappingOperatorEnum: - type: string - title: SubjectMappingOperatorEnum - enum: - - SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED - - SUBJECT_MAPPING_OPERATOR_ENUM_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - common.MetadataMutable: - type: object - properties: - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional labels - title: MetadataMutable - additionalProperties: false - common.MetadataMutable.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.BoolValue: - type: boolean - description: |- - Wrapper message for `bool`. - - The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.Action: - type: object - oneOf: - - properties: - custom: - type: string - title: custom - description: Deprecated - title: custom - required: - - custom - - properties: - standard: - title: standard - description: Deprecated - $ref: '#/components/schemas/policy.Action.StandardAction' - title: standard - required: - - standard - properties: - id: - type: string - title: id - description: Generated uuid in database - name: - type: string - title: name - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Action - additionalProperties: false - description: An action an entity can take - policy.Attribute: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - description: namespace of the attribute - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - description: attribute name - rule: - title: rule - description: attribute rule enum - $ref: '#/components/schemas/policy.AttributeRuleTypeEnum' - values: - type: array - items: - $ref: '#/components/schemas/policy.Value' - title: values - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the attribute. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys associated with the attribute - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Attribute - required: - - rule - additionalProperties: false - policy.Condition: - type: object - properties: - subjectExternalSelectorValue: - type: string - title: subject_external_selector_value - description: |- - a selector for a field value on a flattened Entity Representation (such as - from idP/LDAP) - operator: - title: operator - description: the evaluation operator of relation - $ref: '#/components/schemas/policy.SubjectMappingOperatorEnum' - subjectExternalValues: - type: array - items: - type: string - minItems: 1 - title: subject_external_values - minItems: 1 - description: |- - list of comparison values for the result of applying the - subject_external_selector_value on a flattened Entity Representation - (Subject), evaluated by the operator - title: Condition - required: - - subjectExternalSelectorValue - - operator - additionalProperties: false - description: |- - * - A Condition defines a rule of - policy.ConditionGroup: - type: object - properties: - conditions: - type: array - items: - $ref: '#/components/schemas/policy.Condition' - title: conditions - minItems: 1 - booleanOperator: - title: boolean_operator - description: the boolean evaluation type across the conditions - $ref: '#/components/schemas/policy.ConditionBooleanTypeEnum' - title: ConditionGroup - required: - - booleanOperator - additionalProperties: false - description: A collection of Conditions evaluated by the boolean_operator provided - policy.KasPublicKey: - type: object - properties: - pem: - type: string - title: pem - maxLength: 8192 - minLength: 1 - description: x509 ASN.1 content in PEM envelope, usually - kid: - type: string - title: kid - maxLength: 32 - minLength: 1 - description: A unique string identifier for this key - alg: - not: - enum: - - 0 - title: alg - description: |- - A known algorithm type with any additional parameters encoded. - To start, these may be `rsa:2048` for encrypting ZTDF files and - `ec:secp256r1` for nanoTDF, but more formats may be added as needed. - $ref: '#/components/schemas/policy.KasPublicKeyAlgEnum' - title: KasPublicKey - additionalProperties: false - description: |- - Deprecated - A KAS public key and some associated metadata for further identifcation - policy.KasPublicKeySet: - type: object - properties: - keys: - type: array - items: - $ref: '#/components/schemas/policy.KasPublicKey' - title: keys - title: KasPublicKeySet - additionalProperties: false - description: |- - Deprecated - A list of known KAS public keys - policy.KeyAccessServer: - type: object - properties: - id: - type: string - title: id - uri: - type: string - title: uri - description: |+ - Address of a KAS instance - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$') - ``` - - publicKey: - title: public_key - description: Deprecated - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: 'The source of the KAS: (INTERNAL, EXTERNAL)' - $ref: '#/components/schemas/policy.SourceType' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Kas keys associated with this KAS - name: - type: string - title: name - description: |- - Optional - Unique name of the KAS instance - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyAccessServer - additionalProperties: false - description: Key Access Server Registry - policy.Namespace: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - name: - type: string - title: name - description: |- - used to partition Attribute Definitions, support by namespace AuthN and - enable federation - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the namespace. Use kas_keys instead. - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys for the namespace - title: Namespace - additionalProperties: false - policy.Obligation: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - values: - type: array - items: - $ref: '#/components/schemas/policy.ObligationValue' - title: values - fqn: - type: string - title: fqn - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Obligation - additionalProperties: false - policy.ObligationTrigger: - type: object - properties: - id: - type: string - title: id - obligationValue: - title: obligation_value - $ref: '#/components/schemas/policy.ObligationValue' - action: - title: action - $ref: '#/components/schemas/policy.Action' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - context: - type: array - items: - $ref: '#/components/schemas/policy.RequestContext' - title: context - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: ObligationTrigger - additionalProperties: false - policy.ObligationValue: - type: object - properties: - id: - type: string - title: id - obligation: - title: obligation - $ref: '#/components/schemas/policy.Obligation' - value: - type: string - title: value - triggers: - type: array - items: - $ref: '#/components/schemas/policy.ObligationTrigger' - title: triggers - fqn: - type: string - title: fqn - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: ObligationValue - additionalProperties: false - policy.PageRequest: - type: object - properties: - limit: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - offset: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided - title: PageRequest - additionalProperties: false - policy.PageResponse: - type: object - properties: - currentOffset: - type: integer - title: current_offset - format: int32 - description: Requested pagination offset - nextOffset: - type: integer - title: next_offset - format: int32 - description: |- - Calculated with request limit + offset or defaults - Empty when none remain after current page - total: - type: integer - title: total - format: int32 - description: Total count of entire list - title: PageResponse - additionalProperties: false - policy.PolicyEnforcementPoint: - type: object - properties: - clientId: - type: string - title: client_id - minLength: 1 - title: PolicyEnforcementPoint - additionalProperties: false - policy.PublicKey: - type: object - oneOf: - - properties: - cached: - title: cached - description: public key with additional information. Current preferred version - $ref: '#/components/schemas/policy.KasPublicKeySet' - title: cached - required: - - cached - - properties: - remote: - type: string - title: remote - description: |+ - kas public key url - optional since can also be retrieved via public key - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$') - ``` - - title: remote - required: - - remote - title: PublicKey - additionalProperties: false - description: Deprecated - policy.RequestContext: - type: object - properties: - pep: - title: pep - $ref: '#/components/schemas/policy.PolicyEnforcementPoint' - title: RequestContext - required: - - pep - additionalProperties: false - description: Holds the context needed for obligation fulfillment - policy.ResourceMapping: - type: object - properties: - id: - type: string - title: id - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - terms: - type: array - items: - type: string - title: terms - group: - title: group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: ResourceMapping - required: - - attributeValue - additionalProperties: false - description: |- - Resource Mappings (aka Access Control Resource Encodings aka ACRE) are - structures supporting the mapping of Resources and Attribute Values - policy.ResourceMappingGroup: - type: object - properties: - id: - type: string - title: id - namespaceId: - type: string - title: namespace_id - description: the namespace containing the group of resource mappings - name: - type: string - title: name - description: |- - the common name for the group of resource mappings, which must be unique - per namespace - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: ResourceMappingGroup - required: - - namespaceId - - name - additionalProperties: false - description: |- - Resource Mapping Groups are namespaced collections of Resource Mappings - associated under a common group name. - policy.SimpleKasKey: - type: object - properties: - kasUri: - type: string - title: kas_uri - description: The URL of the Key Access Server - publicKey: - title: public_key - description: The public key of the Key that belongs to the KAS - $ref: '#/components/schemas/policy.SimpleKasPublicKey' - kasId: - type: string - title: kas_id - description: The ID of the Key Access Server - title: SimpleKasKey - additionalProperties: false - policy.SimpleKasPublicKey: - type: object - properties: - algorithm: - title: algorithm - $ref: '#/components/schemas/policy.Algorithm' - kid: - type: string - title: kid - pem: - type: string - title: pem - title: SimpleKasPublicKey - additionalProperties: false - policy.SubjectConditionSet: - type: object - properties: - id: - type: string - title: id - subjectSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectSet' - title: subject_sets - minItems: 1 - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectConditionSet - additionalProperties: false - description: |- - A container for multiple Subject Sets, each containing Condition Groups, each - containing Conditions. Multiple Subject Sets in a SubjectConditionSet are - evaluated with AND logic. As each Subject Mapping has only one Attribute - Value, the SubjectConditionSet is reusable across multiple Subject Mappings / - Attribute Values and is an independent unit. - policy.SubjectMapping: - type: object - properties: - id: - type: string - title: id - attributeValue: - title: attribute_value - description: 'the Attribute Value mapped to; aka: "The Entity Entitlement Attribute"' - $ref: '#/components/schemas/policy.Value' - subjectConditionSet: - title: subject_condition_set - description: the reusable SubjectConditionSet mapped to the given Attribute Value - $ref: '#/components/schemas/policy.SubjectConditionSet' - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - description: The actions permitted by subjects in this mapping - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectMapping - additionalProperties: false - description: |- - Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute - value + action(s) combination - policy.SubjectSet: - type: object - properties: - conditionGroups: - type: array - items: - $ref: '#/components/schemas/policy.ConditionGroup' - title: condition_groups - minItems: 1 - description: multiple Condition Groups are evaluated with AND logic - title: SubjectSet - additionalProperties: false - description: A collection of Condition Groups - policy.Value: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - value: - type: string - title: value - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the value. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - subjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: subject_mappings - description: subject mapping - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - resourceMappings: - type: array - items: - $ref: '#/components/schemas/policy.ResourceMapping' - title: resource_mappings - obligations: - type: array - items: - $ref: '#/components/schemas/policy.Obligation' - title: obligations - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Value - additionalProperties: false - policy.actions.CreateActionRequest: - type: object - properties: - name: - type: string - title: name - maxLength: 253 - description: |+ - Required - Action name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored action name will be normalized to lower case.: - ``` - this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - metadata: - title: metadata - description: Optional - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateActionRequest - required: - - name - additionalProperties: false - description: |- - Create a new Custom action name with optional metadata. - Creation of Standard actions is not supported. - policy.actions.CreateActionResponse: - type: object - properties: - action: - title: action - $ref: '#/components/schemas/policy.Action' - title: CreateActionResponse - additionalProperties: false - policy.actions.DeleteActionRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeleteActionRequest - additionalProperties: false - description: 'Custom only: deletion of Standard actions is not supported.' - policy.actions.DeleteActionResponse: - type: object - properties: - action: - title: action - $ref: '#/components/schemas/policy.Action' - title: DeleteActionResponse - additionalProperties: false - policy.actions.GetActionRequest: - type: object - oneOf: - - properties: - id: - type: string - title: id - format: uuid - title: id - required: - - id - - properties: - name: - type: string - title: name - maxLength: 253 - description: |+ - Action name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored action name will be normalized to lower case.: - ``` - this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - title: name - required: - - name - title: GetActionRequest - additionalProperties: false - policy.actions.GetActionResponse: - type: object - properties: - action: - title: action - $ref: '#/components/schemas/policy.Action' - subjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: subject_mappings - description: Subject Mappings driving entitlement to the action - title: GetActionResponse - additionalProperties: false - policy.actions.ListActionsRequest: - type: object - properties: - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListActionsRequest - additionalProperties: false - policy.actions.ListActionsResponse: - type: object - properties: - actionsStandard: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions_standard - actionsCustom: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions_custom - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListActionsResponse - additionalProperties: false - policy.actions.UpdateActionRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - name: - type: string - title: name - maxLength: 253 - description: |+ - Optional - Custom actions only: replaces the existing action name - Action name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored action name will be normalized to lower case.: - ``` - size(this) == 0 || this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateActionRequest - additionalProperties: false - description: |- - Metadata may be updated for either Custom or Standard actions. - Names may only be updated for Custom actions. - policy.actions.UpdateActionResponse: - type: object - properties: - action: - title: action - $ref: '#/components/schemas/policy.Action' - title: UpdateActionResponse - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: policy.actions.ActionService diff --git a/specs/policy/attributes/attributes.openapi.yaml b/specs/policy/attributes/attributes.openapi.yaml deleted file mode 100644 index dad552b..0000000 --- a/specs/policy/attributes/attributes.openapi.yaml +++ /dev/null @@ -1,2292 +0,0 @@ -openapi: 3.1.0 -info: - title: policy.attributes -paths: - /policy.attributes.AttributesService/ListAttributes: - post: - tags: - - policy.attributes.AttributesService - summary: ListAttributes - description: |- - --------------------------------------* - Attribute RPCs - --------------------------------------- - operationId: policy.attributes.AttributesService.ListAttributes - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.ListAttributesRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.ListAttributesResponse' - /policy.attributes.AttributesService/ListAttributeValues: - post: - tags: - - policy.attributes.AttributesService - summary: ListAttributeValues - operationId: policy.attributes.AttributesService.ListAttributeValues - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.ListAttributeValuesRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.ListAttributeValuesResponse' - /policy.attributes.AttributesService/GetAttribute: - post: - tags: - - policy.attributes.AttributesService - summary: GetAttribute - operationId: policy.attributes.AttributesService.GetAttribute - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.GetAttributeRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.GetAttributeResponse' - /attributes/*/fqn: - get: - tags: - - policy.attributes.AttributesService - summary: GetAttributeValuesByFqns - operationId: policy.attributes.AttributesService.GetAttributeValuesByFqns - parameters: - - name: fqns - in: query - description: |- - Required - Fully Qualified Names of attribute values (i.e. https:///attr//value/), normalized to lower case. - schema: - type: array - items: - type: string - maxItems: 250 - minItems: 1 - title: fqns - maxItems: 250 - minItems: 1 - description: |- - Required - Fully Qualified Names of attribute values (i.e. https:///attr//value/), normalized to lower case. - - name: withValue.withKeyAccessGrants - in: query - description: Deprecated - schema: - type: boolean - title: with_key_access_grants - description: Deprecated - - name: withValue.withSubjectMaps - in: query - schema: - type: boolean - title: with_subject_maps - - name: withValue.withResourceMaps - in: query - schema: - type: boolean - title: with_resource_maps - - name: withValue.withAttribute.withKeyAccessGrants - in: query - description: Deprecated - schema: - type: boolean - title: with_key_access_grants - description: Deprecated - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.GetAttributeValuesByFqnsResponse' - /policy.attributes.AttributesService/CreateAttribute: - post: - tags: - - policy.attributes.AttributesService - summary: CreateAttribute - operationId: policy.attributes.AttributesService.CreateAttribute - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.CreateAttributeRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.CreateAttributeResponse' - /policy.attributes.AttributesService/UpdateAttribute: - post: - tags: - - policy.attributes.AttributesService - summary: UpdateAttribute - operationId: policy.attributes.AttributesService.UpdateAttribute - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.UpdateAttributeRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.UpdateAttributeResponse' - /policy.attributes.AttributesService/DeactivateAttribute: - post: - tags: - - policy.attributes.AttributesService - summary: DeactivateAttribute - operationId: policy.attributes.AttributesService.DeactivateAttribute - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.DeactivateAttributeRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.DeactivateAttributeResponse' - /policy.attributes.AttributesService/GetAttributeValue: - post: - tags: - - policy.attributes.AttributesService - summary: GetAttributeValue - description: |- - --------------------------------------* - Value RPCs - --------------------------------------- - operationId: policy.attributes.AttributesService.GetAttributeValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.GetAttributeValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.GetAttributeValueResponse' - /policy.attributes.AttributesService/CreateAttributeValue: - post: - tags: - - policy.attributes.AttributesService - summary: CreateAttributeValue - operationId: policy.attributes.AttributesService.CreateAttributeValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.CreateAttributeValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.CreateAttributeValueResponse' - /policy.attributes.AttributesService/UpdateAttributeValue: - post: - tags: - - policy.attributes.AttributesService - summary: UpdateAttributeValue - operationId: policy.attributes.AttributesService.UpdateAttributeValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.UpdateAttributeValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.UpdateAttributeValueResponse' - /policy.attributes.AttributesService/DeactivateAttributeValue: - post: - tags: - - policy.attributes.AttributesService - summary: DeactivateAttributeValue - operationId: policy.attributes.AttributesService.DeactivateAttributeValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.DeactivateAttributeValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.DeactivateAttributeValueResponse' - /policy.attributes.AttributesService/AssignKeyAccessServerToAttribute: - post: - tags: - - policy.attributes.AttributesService - summary: AssignKeyAccessServerToAttribute - description: |- - --------------------------------------* - Attribute <> Key Access Server RPCs - --------------------------------------- - operationId: policy.attributes.AttributesService.AssignKeyAccessServerToAttribute - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.AssignKeyAccessServerToAttributeRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.AssignKeyAccessServerToAttributeResponse' - deprecated: true - /policy.attributes.AttributesService/RemoveKeyAccessServerFromAttribute: - post: - tags: - - policy.attributes.AttributesService - summary: RemoveKeyAccessServerFromAttribute - operationId: policy.attributes.AttributesService.RemoveKeyAccessServerFromAttribute - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.RemoveKeyAccessServerFromAttributeRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.RemoveKeyAccessServerFromAttributeResponse' - deprecated: true - /policy.attributes.AttributesService/AssignKeyAccessServerToValue: - post: - tags: - - policy.attributes.AttributesService - summary: AssignKeyAccessServerToValue - operationId: policy.attributes.AttributesService.AssignKeyAccessServerToValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.AssignKeyAccessServerToValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.AssignKeyAccessServerToValueResponse' - deprecated: true - /policy.attributes.AttributesService/RemoveKeyAccessServerFromValue: - post: - tags: - - policy.attributes.AttributesService - summary: RemoveKeyAccessServerFromValue - operationId: policy.attributes.AttributesService.RemoveKeyAccessServerFromValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.RemoveKeyAccessServerFromValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.RemoveKeyAccessServerFromValueResponse' - deprecated: true - /policy.attributes.AttributesService/AssignPublicKeyToAttribute: - post: - tags: - - policy.attributes.AttributesService - summary: AssignPublicKeyToAttribute - operationId: policy.attributes.AttributesService.AssignPublicKeyToAttribute - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.AssignPublicKeyToAttributeRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.AssignPublicKeyToAttributeResponse' - /policy.attributes.AttributesService/RemovePublicKeyFromAttribute: - post: - tags: - - policy.attributes.AttributesService - summary: RemovePublicKeyFromAttribute - operationId: policy.attributes.AttributesService.RemovePublicKeyFromAttribute - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.RemovePublicKeyFromAttributeRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.RemovePublicKeyFromAttributeResponse' - /policy.attributes.AttributesService/AssignPublicKeyToValue: - post: - tags: - - policy.attributes.AttributesService - summary: AssignPublicKeyToValue - operationId: policy.attributes.AttributesService.AssignPublicKeyToValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.AssignPublicKeyToValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.AssignPublicKeyToValueResponse' - /policy.attributes.AttributesService/RemovePublicKeyFromValue: - post: - tags: - - policy.attributes.AttributesService - summary: RemovePublicKeyFromValue - operationId: policy.attributes.AttributesService.RemovePublicKeyFromValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.RemovePublicKeyFromValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.RemovePublicKeyFromValueResponse' -components: - schemas: - common.ActiveStateEnum: - type: string - title: ActiveStateEnum - enum: - - ACTIVE_STATE_ENUM_UNSPECIFIED - - ACTIVE_STATE_ENUM_ACTIVE - - ACTIVE_STATE_ENUM_INACTIVE - - ACTIVE_STATE_ENUM_ANY - description: 'buflint ENUM_VALUE_PREFIX: to make sure that C++ scoping rules aren''t violated when users add new enum values to an enum in a given package' - common.MetadataUpdateEnum: - type: string - title: MetadataUpdateEnum - enum: - - METADATA_UPDATE_ENUM_UNSPECIFIED - - METADATA_UPDATE_ENUM_EXTEND - - METADATA_UPDATE_ENUM_REPLACE - policy.Action.StandardAction: - type: string - title: StandardAction - enum: - - STANDARD_ACTION_UNSPECIFIED - - STANDARD_ACTION_DECRYPT - - STANDARD_ACTION_TRANSMIT - policy.Algorithm: - type: string - title: Algorithm - enum: - - ALGORITHM_UNSPECIFIED - - ALGORITHM_RSA_2048 - - ALGORITHM_RSA_4096 - - ALGORITHM_EC_P256 - - ALGORITHM_EC_P384 - - ALGORITHM_EC_P521 - description: Supported key algorithms. - policy.AttributeRuleTypeEnum: - type: string - title: AttributeRuleTypeEnum - enum: - - ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED - - ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF - - ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF - - ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY - policy.ConditionBooleanTypeEnum: - type: string - title: ConditionBooleanTypeEnum - enum: - - CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED - - CONDITION_BOOLEAN_TYPE_ENUM_AND - - CONDITION_BOOLEAN_TYPE_ENUM_OR - policy.KasPublicKeyAlgEnum: - type: string - title: KasPublicKeyAlgEnum - enum: - - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048 - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 - policy.SourceType: - type: string - title: SourceType - enum: - - SOURCE_TYPE_UNSPECIFIED - - SOURCE_TYPE_INTERNAL - - SOURCE_TYPE_EXTERNAL - description: |- - Describes whether this kas is managed by the organization or if they imported - the kas information from an external party. These two modes are necessary in order - to encrypt a tdf dek with an external parties kas public key. - policy.SubjectMappingOperatorEnum: - type: string - title: SubjectMappingOperatorEnum - enum: - - SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED - - SUBJECT_MAPPING_OPERATOR_ENUM_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - common.MetadataMutable: - type: object - properties: - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional labels - title: MetadataMutable - additionalProperties: false - common.MetadataMutable.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.BoolValue: - type: boolean - description: |- - Wrapper message for `bool`. - - The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.Action: - type: object - oneOf: - - properties: - custom: - type: string - title: custom - description: Deprecated - title: custom - required: - - custom - - properties: - standard: - title: standard - description: Deprecated - $ref: '#/components/schemas/policy.Action.StandardAction' - title: standard - required: - - standard - properties: - id: - type: string - title: id - description: Generated uuid in database - name: - type: string - title: name - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Action - additionalProperties: false - description: An action an entity can take - policy.Attribute: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - description: namespace of the attribute - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - description: attribute name - rule: - title: rule - description: attribute rule enum - $ref: '#/components/schemas/policy.AttributeRuleTypeEnum' - values: - type: array - items: - $ref: '#/components/schemas/policy.Value' - title: values - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the attribute. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys associated with the attribute - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Attribute - required: - - rule - additionalProperties: false - policy.AttributeValueSelector: - type: object - properties: - withKeyAccessGrants: - type: boolean - title: with_key_access_grants - description: Deprecated - withSubjectMaps: - type: boolean - title: with_subject_maps - withResourceMaps: - type: boolean - title: with_resource_maps - withAttribute: - title: with_attribute - $ref: '#/components/schemas/policy.AttributeValueSelector.AttributeSelector' - title: AttributeValueSelector - additionalProperties: false - policy.AttributeValueSelector.AttributeSelector: - type: object - properties: - withKeyAccessGrants: - type: boolean - title: with_key_access_grants - description: Deprecated - withNamespace: - title: with_namespace - $ref: '#/components/schemas/policy.AttributeValueSelector.AttributeSelector.NamespaceSelector' - title: AttributeSelector - additionalProperties: false - policy.AttributeValueSelector.AttributeSelector.NamespaceSelector: - type: object - title: NamespaceSelector - additionalProperties: false - policy.Condition: - type: object - properties: - subjectExternalSelectorValue: - type: string - title: subject_external_selector_value - description: |- - a selector for a field value on a flattened Entity Representation (such as - from idP/LDAP) - operator: - title: operator - description: the evaluation operator of relation - $ref: '#/components/schemas/policy.SubjectMappingOperatorEnum' - subjectExternalValues: - type: array - items: - type: string - minItems: 1 - title: subject_external_values - minItems: 1 - description: |- - list of comparison values for the result of applying the - subject_external_selector_value on a flattened Entity Representation - (Subject), evaluated by the operator - title: Condition - required: - - subjectExternalSelectorValue - - operator - additionalProperties: false - description: |- - * - A Condition defines a rule of - policy.ConditionGroup: - type: object - properties: - conditions: - type: array - items: - $ref: '#/components/schemas/policy.Condition' - title: conditions - minItems: 1 - booleanOperator: - title: boolean_operator - description: the boolean evaluation type across the conditions - $ref: '#/components/schemas/policy.ConditionBooleanTypeEnum' - title: ConditionGroup - required: - - booleanOperator - additionalProperties: false - description: A collection of Conditions evaluated by the boolean_operator provided - policy.KasPublicKey: - type: object - properties: - pem: - type: string - title: pem - maxLength: 8192 - minLength: 1 - description: x509 ASN.1 content in PEM envelope, usually - kid: - type: string - title: kid - maxLength: 32 - minLength: 1 - description: A unique string identifier for this key - alg: - not: - enum: - - 0 - title: alg - description: |- - A known algorithm type with any additional parameters encoded. - To start, these may be `rsa:2048` for encrypting ZTDF files and - `ec:secp256r1` for nanoTDF, but more formats may be added as needed. - $ref: '#/components/schemas/policy.KasPublicKeyAlgEnum' - title: KasPublicKey - additionalProperties: false - description: |- - Deprecated - A KAS public key and some associated metadata for further identifcation - policy.KasPublicKeySet: - type: object - properties: - keys: - type: array - items: - $ref: '#/components/schemas/policy.KasPublicKey' - title: keys - title: KasPublicKeySet - additionalProperties: false - description: |- - Deprecated - A list of known KAS public keys - policy.KeyAccessServer: - type: object - properties: - id: - type: string - title: id - uri: - type: string - title: uri - description: |+ - Address of a KAS instance - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$') - ``` - - publicKey: - title: public_key - description: Deprecated - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: 'The source of the KAS: (INTERNAL, EXTERNAL)' - $ref: '#/components/schemas/policy.SourceType' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Kas keys associated with this KAS - name: - type: string - title: name - description: |- - Optional - Unique name of the KAS instance - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyAccessServer - additionalProperties: false - description: Key Access Server Registry - policy.Namespace: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - name: - type: string - title: name - description: |- - used to partition Attribute Definitions, support by namespace AuthN and - enable federation - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the namespace. Use kas_keys instead. - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys for the namespace - title: Namespace - additionalProperties: false - policy.Obligation: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - values: - type: array - items: - $ref: '#/components/schemas/policy.ObligationValue' - title: values - fqn: - type: string - title: fqn - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Obligation - additionalProperties: false - policy.ObligationTrigger: - type: object - properties: - id: - type: string - title: id - obligationValue: - title: obligation_value - $ref: '#/components/schemas/policy.ObligationValue' - action: - title: action - $ref: '#/components/schemas/policy.Action' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - context: - type: array - items: - $ref: '#/components/schemas/policy.RequestContext' - title: context - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: ObligationTrigger - additionalProperties: false - policy.ObligationValue: - type: object - properties: - id: - type: string - title: id - obligation: - title: obligation - $ref: '#/components/schemas/policy.Obligation' - value: - type: string - title: value - triggers: - type: array - items: - $ref: '#/components/schemas/policy.ObligationTrigger' - title: triggers - fqn: - type: string - title: fqn - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: ObligationValue - additionalProperties: false - policy.PageRequest: - type: object - properties: - limit: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - offset: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided - title: PageRequest - additionalProperties: false - policy.PageResponse: - type: object - properties: - currentOffset: - type: integer - title: current_offset - format: int32 - description: Requested pagination offset - nextOffset: - type: integer - title: next_offset - format: int32 - description: |- - Calculated with request limit + offset or defaults - Empty when none remain after current page - total: - type: integer - title: total - format: int32 - description: Total count of entire list - title: PageResponse - additionalProperties: false - policy.PolicyEnforcementPoint: - type: object - properties: - clientId: - type: string - title: client_id - minLength: 1 - title: PolicyEnforcementPoint - additionalProperties: false - policy.PublicKey: - type: object - oneOf: - - properties: - cached: - title: cached - description: public key with additional information. Current preferred version - $ref: '#/components/schemas/policy.KasPublicKeySet' - title: cached - required: - - cached - - properties: - remote: - type: string - title: remote - description: |+ - kas public key url - optional since can also be retrieved via public key - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$') - ``` - - title: remote - required: - - remote - title: PublicKey - additionalProperties: false - description: Deprecated - policy.RequestContext: - type: object - properties: - pep: - title: pep - $ref: '#/components/schemas/policy.PolicyEnforcementPoint' - title: RequestContext - required: - - pep - additionalProperties: false - description: Holds the context needed for obligation fulfillment - policy.ResourceMapping: - type: object - properties: - id: - type: string - title: id - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - terms: - type: array - items: - type: string - title: terms - group: - title: group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: ResourceMapping - required: - - attributeValue - additionalProperties: false - description: |- - Resource Mappings (aka Access Control Resource Encodings aka ACRE) are - structures supporting the mapping of Resources and Attribute Values - policy.ResourceMappingGroup: - type: object - properties: - id: - type: string - title: id - namespaceId: - type: string - title: namespace_id - description: the namespace containing the group of resource mappings - name: - type: string - title: name - description: |- - the common name for the group of resource mappings, which must be unique - per namespace - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: ResourceMappingGroup - required: - - namespaceId - - name - additionalProperties: false - description: |- - Resource Mapping Groups are namespaced collections of Resource Mappings - associated under a common group name. - policy.SimpleKasKey: - type: object - properties: - kasUri: - type: string - title: kas_uri - description: The URL of the Key Access Server - publicKey: - title: public_key - description: The public key of the Key that belongs to the KAS - $ref: '#/components/schemas/policy.SimpleKasPublicKey' - kasId: - type: string - title: kas_id - description: The ID of the Key Access Server - title: SimpleKasKey - additionalProperties: false - policy.SimpleKasPublicKey: - type: object - properties: - algorithm: - title: algorithm - $ref: '#/components/schemas/policy.Algorithm' - kid: - type: string - title: kid - pem: - type: string - title: pem - title: SimpleKasPublicKey - additionalProperties: false - policy.SubjectConditionSet: - type: object - properties: - id: - type: string - title: id - subjectSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectSet' - title: subject_sets - minItems: 1 - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectConditionSet - additionalProperties: false - description: |- - A container for multiple Subject Sets, each containing Condition Groups, each - containing Conditions. Multiple Subject Sets in a SubjectConditionSet are - evaluated with AND logic. As each Subject Mapping has only one Attribute - Value, the SubjectConditionSet is reusable across multiple Subject Mappings / - Attribute Values and is an independent unit. - policy.SubjectMapping: - type: object - properties: - id: - type: string - title: id - attributeValue: - title: attribute_value - description: 'the Attribute Value mapped to; aka: "The Entity Entitlement Attribute"' - $ref: '#/components/schemas/policy.Value' - subjectConditionSet: - title: subject_condition_set - description: the reusable SubjectConditionSet mapped to the given Attribute Value - $ref: '#/components/schemas/policy.SubjectConditionSet' - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - description: The actions permitted by subjects in this mapping - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectMapping - additionalProperties: false - description: |- - Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute - value + action(s) combination - policy.SubjectSet: - type: object - properties: - conditionGroups: - type: array - items: - $ref: '#/components/schemas/policy.ConditionGroup' - title: condition_groups - minItems: 1 - description: multiple Condition Groups are evaluated with AND logic - title: SubjectSet - additionalProperties: false - description: A collection of Condition Groups - policy.Value: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - value: - type: string - title: value - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the value. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - subjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: subject_mappings - description: subject mapping - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - resourceMappings: - type: array - items: - $ref: '#/components/schemas/policy.ResourceMapping' - title: resource_mappings - obligations: - type: array - items: - $ref: '#/components/schemas/policy.Obligation' - title: obligations - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Value - additionalProperties: false - policy.attributes.AssignKeyAccessServerToAttributeRequest: - type: object - properties: - attributeKeyAccessServer: - title: attribute_key_access_server - description: Required - $ref: '#/components/schemas/policy.attributes.AttributeKeyAccessServer' - title: AssignKeyAccessServerToAttributeRequest - additionalProperties: false - policy.attributes.AssignKeyAccessServerToAttributeResponse: - type: object - properties: - attributeKeyAccessServer: - title: attribute_key_access_server - $ref: '#/components/schemas/policy.attributes.AttributeKeyAccessServer' - title: AssignKeyAccessServerToAttributeResponse - additionalProperties: false - policy.attributes.AssignKeyAccessServerToValueRequest: - type: object - properties: - valueKeyAccessServer: - title: value_key_access_server - description: Required - $ref: '#/components/schemas/policy.attributes.ValueKeyAccessServer' - title: AssignKeyAccessServerToValueRequest - additionalProperties: false - policy.attributes.AssignKeyAccessServerToValueResponse: - type: object - properties: - valueKeyAccessServer: - title: value_key_access_server - $ref: '#/components/schemas/policy.attributes.ValueKeyAccessServer' - title: AssignKeyAccessServerToValueResponse - additionalProperties: false - policy.attributes.AssignPublicKeyToAttributeRequest: - type: object - properties: - attributeKey: - title: attribute_key - description: Required - $ref: '#/components/schemas/policy.attributes.AttributeKey' - title: AssignPublicKeyToAttributeRequest - required: - - attributeKey - additionalProperties: false - policy.attributes.AssignPublicKeyToAttributeResponse: - type: object - properties: - attributeKey: - title: attribute_key - description: Required - $ref: '#/components/schemas/policy.attributes.AttributeKey' - title: AssignPublicKeyToAttributeResponse - additionalProperties: false - policy.attributes.AssignPublicKeyToValueRequest: - type: object - properties: - valueKey: - title: value_key - description: Required - $ref: '#/components/schemas/policy.attributes.ValueKey' - title: AssignPublicKeyToValueRequest - required: - - valueKey - additionalProperties: false - policy.attributes.AssignPublicKeyToValueResponse: - type: object - properties: - valueKey: - title: value_key - description: Required - $ref: '#/components/schemas/policy.attributes.ValueKey' - title: AssignPublicKeyToValueResponse - additionalProperties: false - policy.attributes.AttributeKey: - type: object - properties: - attributeId: - type: string - title: attribute_id - format: uuid - description: Required - keyId: - type: string - title: key_id - format: uuid - description: Required - title: AttributeKey - required: - - attributeId - - keyId - additionalProperties: false - policy.attributes.AttributeKeyAccessServer: - type: object - properties: - attributeId: - type: string - title: attribute_id - format: uuid - description: Required - keyAccessServerId: - type: string - title: key_access_server_id - format: uuid - description: Required - title: AttributeKeyAccessServer - additionalProperties: false - description: Deprecated - policy.attributes.CreateAttributeRequest: - type: object - properties: - namespaceId: - type: string - title: namespace_id - format: uuid - description: Required - name: - type: string - title: name - maxLength: 253 - description: |+ - Required - Attribute name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored attribute name will be normalized to lower case.: - ``` - this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - rule: - title: rule - description: Required - $ref: '#/components/schemas/policy.AttributeRuleTypeEnum' - values: - type: array - items: - type: string - maxLength: 253 - pattern: ^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$ - uniqueItems: true - title: values - uniqueItems: true - description: |- - Optional - Attribute values (when provided) must be alphanumeric strings, allowing hyphens and underscores but not as the first or last character. - The stored attribute value will be normalized to lower case. - metadata: - title: metadata - description: Optional - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateAttributeRequest - required: - - name - - rule - additionalProperties: false - policy.attributes.CreateAttributeResponse: - type: object - properties: - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - title: CreateAttributeResponse - additionalProperties: false - policy.attributes.CreateAttributeValueRequest: - type: object - properties: - attributeId: - type: string - title: attribute_id - format: uuid - description: Required - value: - type: string - title: value - maxLength: 253 - description: |+ - Required - Attribute value must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored attribute value will be normalized to lower case.: - ``` - this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateAttributeValueRequest - required: - - value - additionalProperties: false - policy.attributes.CreateAttributeValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.Value' - title: CreateAttributeValueResponse - additionalProperties: false - policy.attributes.DeactivateAttributeRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeactivateAttributeRequest - additionalProperties: false - policy.attributes.DeactivateAttributeResponse: - type: object - properties: - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - title: DeactivateAttributeResponse - additionalProperties: false - policy.attributes.DeactivateAttributeValueRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeactivateAttributeValueRequest - additionalProperties: false - policy.attributes.DeactivateAttributeValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.Value' - title: DeactivateAttributeValueResponse - additionalProperties: false - policy.attributes.GetAttributeRequest: - type: object - oneOf: - - properties: - attributeId: - type: string - title: attribute_id - format: uuid - description: 'option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field' - title: attribute_id - required: - - attributeId - - properties: - fqn: - type: string - title: fqn - minLength: 1 - format: uri - title: fqn - required: - - fqn - properties: - id: - type: string - title: id - format: uuid - description: Deprecated - deprecated: true - title: GetAttributeRequest - additionalProperties: false - description: |+ - Either use deprecated 'id' field or one of 'attribute_id' or 'fqn', but not both: - ``` - !(has(this.id) && (has(this.attribute_id) || has(this.fqn))) - ``` - - Either id or one of attribute_id or fqn must be set: - ``` - has(this.id) || has(this.attribute_id) || has(this.fqn) - ``` - - policy.attributes.GetAttributeResponse: - type: object - properties: - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - title: GetAttributeResponse - additionalProperties: false - policy.attributes.GetAttributeValueRequest: - type: object - oneOf: - - properties: - fqn: - type: string - title: fqn - minLength: 1 - format: uri - title: fqn - required: - - fqn - - properties: - valueId: - type: string - title: value_id - format: uuid - description: 'option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field' - title: value_id - required: - - valueId - properties: - id: - type: string - title: id - format: uuid - description: Deprecated - deprecated: true - title: GetAttributeValueRequest - additionalProperties: false - description: |+ - / - / Value RPC messages - / - Either use deprecated 'id' field or one of 'value_id' or 'fqn', but not both: - ``` - !(has(this.id) && (has(this.value_id) || has(this.fqn))) - ``` - - Either id or one of value_id or fqn must be set: - ``` - has(this.id) || has(this.value_id) || has(this.fqn) - ``` - - policy.attributes.GetAttributeValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.Value' - title: GetAttributeValueResponse - additionalProperties: false - policy.attributes.GetAttributeValuesByFqnsRequest: - type: object - properties: - fqns: - type: array - items: - type: string - maxItems: 250 - minItems: 1 - title: fqns - maxItems: 250 - minItems: 1 - description: |- - Required - Fully Qualified Names of attribute values (i.e. https:///attr//value/), normalized to lower case. - withValue: - title: with_value - description: |- - Optional - This attribute value selector is not used currently, but left here for future use. - $ref: '#/components/schemas/policy.AttributeValueSelector' - title: GetAttributeValuesByFqnsRequest - additionalProperties: false - policy.attributes.GetAttributeValuesByFqnsResponse: - type: object - properties: - fqnAttributeValues: - type: object - title: fqn_attribute_values - additionalProperties: - title: value - $ref: '#/components/schemas/policy.attributes.GetAttributeValuesByFqnsResponse.AttributeAndValue' - description: map of FQNs to complete attributes and the one selected value - title: GetAttributeValuesByFqnsResponse - additionalProperties: false - policy.attributes.GetAttributeValuesByFqnsResponse.AttributeAndValue: - type: object - properties: - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - value: - title: value - $ref: '#/components/schemas/policy.Value' - title: AttributeAndValue - additionalProperties: false - policy.attributes.GetAttributeValuesByFqnsResponse.FqnAttributeValuesEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/policy.attributes.GetAttributeValuesByFqnsResponse.AttributeAndValue' - title: FqnAttributeValuesEntry - additionalProperties: false - policy.attributes.ListAttributeValuesRequest: - type: object - properties: - attributeId: - type: string - title: attribute_id - format: uuid - description: Required - state: - title: state - description: |- - Optional - ACTIVE by default when not specified - $ref: '#/components/schemas/common.ActiveStateEnum' - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListAttributeValuesRequest - additionalProperties: false - policy.attributes.ListAttributeValuesResponse: - type: object - properties: - values: - type: array - items: - $ref: '#/components/schemas/policy.Value' - title: values - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListAttributeValuesResponse - additionalProperties: false - policy.attributes.ListAttributesRequest: - type: object - properties: - state: - title: state - description: |- - Optional - ACTIVE by default when not specified - $ref: '#/components/schemas/common.ActiveStateEnum' - namespace: - type: string - title: namespace - description: |- - Optional - Namespace ID or name - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListAttributesRequest - additionalProperties: false - policy.attributes.ListAttributesResponse: - type: object - properties: - attributes: - type: array - items: - $ref: '#/components/schemas/policy.Attribute' - title: attributes - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListAttributesResponse - additionalProperties: false - policy.attributes.RemoveKeyAccessServerFromAttributeRequest: - type: object - properties: - attributeKeyAccessServer: - title: attribute_key_access_server - description: Required - $ref: '#/components/schemas/policy.attributes.AttributeKeyAccessServer' - title: RemoveKeyAccessServerFromAttributeRequest - additionalProperties: false - policy.attributes.RemoveKeyAccessServerFromAttributeResponse: - type: object - properties: - attributeKeyAccessServer: - title: attribute_key_access_server - $ref: '#/components/schemas/policy.attributes.AttributeKeyAccessServer' - title: RemoveKeyAccessServerFromAttributeResponse - additionalProperties: false - policy.attributes.RemoveKeyAccessServerFromValueRequest: - type: object - properties: - valueKeyAccessServer: - title: value_key_access_server - description: Required - $ref: '#/components/schemas/policy.attributes.ValueKeyAccessServer' - title: RemoveKeyAccessServerFromValueRequest - additionalProperties: false - policy.attributes.RemoveKeyAccessServerFromValueResponse: - type: object - properties: - valueKeyAccessServer: - title: value_key_access_server - $ref: '#/components/schemas/policy.attributes.ValueKeyAccessServer' - title: RemoveKeyAccessServerFromValueResponse - additionalProperties: false - policy.attributes.RemovePublicKeyFromAttributeRequest: - type: object - properties: - attributeKey: - title: attribute_key - description: Required - $ref: '#/components/schemas/policy.attributes.AttributeKey' - title: RemovePublicKeyFromAttributeRequest - required: - - attributeKey - additionalProperties: false - policy.attributes.RemovePublicKeyFromAttributeResponse: - type: object - properties: - attributeKey: - title: attribute_key - description: Required - $ref: '#/components/schemas/policy.attributes.AttributeKey' - title: RemovePublicKeyFromAttributeResponse - additionalProperties: false - policy.attributes.RemovePublicKeyFromValueRequest: - type: object - properties: - valueKey: - title: value_key - description: Required - $ref: '#/components/schemas/policy.attributes.ValueKey' - title: RemovePublicKeyFromValueRequest - required: - - valueKey - additionalProperties: false - policy.attributes.RemovePublicKeyFromValueResponse: - type: object - properties: - valueKey: - title: value_key - description: Required - $ref: '#/components/schemas/policy.attributes.ValueKey' - title: RemovePublicKeyFromValueResponse - additionalProperties: false - policy.attributes.UpdateAttributeRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - metadata: - title: metadata - description: Optional - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateAttributeRequest - additionalProperties: false - policy.attributes.UpdateAttributeResponse: - type: object - properties: - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - title: UpdateAttributeResponse - additionalProperties: false - policy.attributes.UpdateAttributeValueRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateAttributeValueRequest - additionalProperties: false - policy.attributes.UpdateAttributeValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.Value' - title: UpdateAttributeValueResponse - additionalProperties: false - policy.attributes.ValueKey: - type: object - properties: - valueId: - type: string - title: value_id - format: uuid - description: Required - keyId: - type: string - title: key_id - format: uuid - description: Required (The id listed in the AsymmetricKeys object) - title: ValueKey - required: - - valueId - - keyId - additionalProperties: false - policy.attributes.ValueKeyAccessServer: - type: object - properties: - valueId: - type: string - title: value_id - format: uuid - description: Required - keyAccessServerId: - type: string - title: key_access_server_id - format: uuid - description: Required - title: ValueKeyAccessServer - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: policy.attributes.AttributesService - description: |- - / - / Attribute Service - / diff --git a/specs/policy/kasregistry/key_access_server_registry.openapi.yaml b/specs/policy/kasregistry/key_access_server_registry.openapi.yaml deleted file mode 100644 index 5e103fb..0000000 --- a/specs/policy/kasregistry/key_access_server_registry.openapi.yaml +++ /dev/null @@ -1,2233 +0,0 @@ -openapi: 3.1.0 -info: - title: policy.kasregistry -paths: - /key-access-servers: - get: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: ListKeyAccessServers - operationId: policy.kasregistry.KeyAccessServerRegistryService.ListKeyAccessServers - parameters: - - name: pagination.limit - in: query - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - schema: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - - name: pagination.offset - in: query - description: |- - Optional - Defaulted if not provided - schema: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.ListKeyAccessServersResponse' - /policy.kasregistry.KeyAccessServerRegistryService/GetKeyAccessServer: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: GetKeyAccessServer - operationId: policy.kasregistry.KeyAccessServerRegistryService.GetKeyAccessServer - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.GetKeyAccessServerRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.GetKeyAccessServerResponse' - /policy.kasregistry.KeyAccessServerRegistryService/CreateKeyAccessServer: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: CreateKeyAccessServer - operationId: policy.kasregistry.KeyAccessServerRegistryService.CreateKeyAccessServer - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.CreateKeyAccessServerRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.CreateKeyAccessServerResponse' - /policy.kasregistry.KeyAccessServerRegistryService/UpdateKeyAccessServer: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: UpdateKeyAccessServer - operationId: policy.kasregistry.KeyAccessServerRegistryService.UpdateKeyAccessServer - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.UpdateKeyAccessServerRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.UpdateKeyAccessServerResponse' - /policy.kasregistry.KeyAccessServerRegistryService/DeleteKeyAccessServer: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: DeleteKeyAccessServer - operationId: policy.kasregistry.KeyAccessServerRegistryService.DeleteKeyAccessServer - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.DeleteKeyAccessServerRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.DeleteKeyAccessServerResponse' - /policy.kasregistry.KeyAccessServerRegistryService/ListKeyAccessServerGrants: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: ListKeyAccessServerGrants - description: Deprecated - operationId: policy.kasregistry.KeyAccessServerRegistryService.ListKeyAccessServerGrants - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.ListKeyAccessServerGrantsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.ListKeyAccessServerGrantsResponse' - deprecated: true - /policy.kasregistry.KeyAccessServerRegistryService/CreateKey: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: CreateKey - description: |- - KAS Key Management - Request to create a new key in the Key Access Service. - operationId: policy.kasregistry.KeyAccessServerRegistryService.CreateKey - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.CreateKeyRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.CreateKeyResponse' - /policy.kasregistry.KeyAccessServerRegistryService/GetKey: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: GetKey - description: Request to retrieve a key from the Key Access Service. - operationId: policy.kasregistry.KeyAccessServerRegistryService.GetKey - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.GetKeyRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.GetKeyResponse' - /policy.kasregistry.KeyAccessServerRegistryService/ListKeys: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: ListKeys - description: Request to list keys in the Key Access Service. - operationId: policy.kasregistry.KeyAccessServerRegistryService.ListKeys - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.ListKeysRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.ListKeysResponse' - /policy.kasregistry.KeyAccessServerRegistryService/UpdateKey: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: UpdateKey - description: Request to update a key in the Key Access Service. - operationId: policy.kasregistry.KeyAccessServerRegistryService.UpdateKey - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.UpdateKeyRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.UpdateKeyResponse' - /policy.kasregistry.KeyAccessServerRegistryService/RotateKey: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: RotateKey - description: Request to rotate a key in the Key Access Service. - operationId: policy.kasregistry.KeyAccessServerRegistryService.RotateKey - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.RotateKeyRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.RotateKeyResponse' - /policy.kasregistry.KeyAccessServerRegistryService/SetBaseKey: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: SetBaseKey - description: Request to set the default a default kas key. - operationId: policy.kasregistry.KeyAccessServerRegistryService.SetBaseKey - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.SetBaseKeyRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.SetBaseKeyResponse' - /policy.kasregistry.KeyAccessServerRegistryService/GetBaseKey: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: GetBaseKey - description: Get Default kas keys - operationId: policy.kasregistry.KeyAccessServerRegistryService.GetBaseKey - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.GetBaseKeyRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.GetBaseKeyResponse' - /policy.kasregistry.KeyAccessServerRegistryService/ListKeyMappings: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: ListKeyMappings - description: Request to list key mappings in the Key Access Service. - operationId: policy.kasregistry.KeyAccessServerRegistryService.ListKeyMappings - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.ListKeyMappingsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.ListKeyMappingsResponse' -components: - schemas: - common.MetadataUpdateEnum: - type: string - title: MetadataUpdateEnum - enum: - - METADATA_UPDATE_ENUM_UNSPECIFIED - - METADATA_UPDATE_ENUM_EXTEND - - METADATA_UPDATE_ENUM_REPLACE - policy.Algorithm: - type: string - title: Algorithm - enum: - - ALGORITHM_UNSPECIFIED - - ALGORITHM_RSA_2048 - - ALGORITHM_RSA_4096 - - ALGORITHM_EC_P256 - - ALGORITHM_EC_P384 - - ALGORITHM_EC_P521 - description: Supported key algorithms. - policy.KasPublicKeyAlgEnum: - type: string - title: KasPublicKeyAlgEnum - enum: - - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048 - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 - policy.KeyMode: - type: string - title: KeyMode - enum: - - KEY_MODE_UNSPECIFIED - - KEY_MODE_CONFIG_ROOT_KEY - - KEY_MODE_PROVIDER_ROOT_KEY - - KEY_MODE_REMOTE - - KEY_MODE_PUBLIC_KEY_ONLY - description: Describes the management and operational mode of a cryptographic key. - policy.KeyStatus: - type: string - title: KeyStatus - enum: - - KEY_STATUS_UNSPECIFIED - - KEY_STATUS_ACTIVE - - KEY_STATUS_ROTATED - description: The status of the key - policy.SourceType: - type: string - title: SourceType - enum: - - SOURCE_TYPE_UNSPECIFIED - - SOURCE_TYPE_INTERNAL - - SOURCE_TYPE_EXTERNAL - description: |- - Describes whether this kas is managed by the organization or if they imported - the kas information from an external party. These two modes are necessary in order - to encrypt a tdf dek with an external parties kas public key. - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - common.MetadataMutable: - type: object - properties: - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional labels - title: MetadataMutable - additionalProperties: false - common.MetadataMutable.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.BoolValue: - type: boolean - description: |- - Wrapper message for `bool`. - - The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.AsymmetricKey: - type: object - properties: - id: - type: string - title: id - description: Required - keyId: - type: string - title: key_id - description: Required - keyAlgorithm: - title: key_algorithm - description: Required - $ref: '#/components/schemas/policy.Algorithm' - keyStatus: - title: key_status - description: Required - $ref: '#/components/schemas/policy.KeyStatus' - keyMode: - title: key_mode - description: Required Specifies how the key is managed (local or remote) - $ref: '#/components/schemas/policy.KeyMode' - publicKeyCtx: - title: public_key_ctx - description: Required Specific structure based on key provider implementation - $ref: '#/components/schemas/policy.PublicKeyCtx' - privateKeyCtx: - title: private_key_ctx - description: Optional Specific structure based on key provider implementation - $ref: '#/components/schemas/policy.PrivateKeyCtx' - providerConfig: - title: provider_config - description: Optional Configuration for the key provider - $ref: '#/components/schemas/policy.KeyProviderConfig' - legacy: - type: boolean - title: legacy - description: Optional Indicates a key may be found in TDFs without key identifiers - metadata: - title: metadata - description: Common metadata fields - $ref: '#/components/schemas/common.Metadata' - title: AsymmetricKey - additionalProperties: false - policy.KasKey: - type: object - properties: - kasId: - type: string - title: kas_id - key: - title: key - $ref: '#/components/schemas/policy.AsymmetricKey' - kasUri: - type: string - title: kas_uri - title: KasKey - additionalProperties: false - policy.KasPublicKey: - type: object - properties: - pem: - type: string - title: pem - maxLength: 8192 - minLength: 1 - description: x509 ASN.1 content in PEM envelope, usually - kid: - type: string - title: kid - maxLength: 32 - minLength: 1 - description: A unique string identifier for this key - alg: - not: - enum: - - 0 - title: alg - description: |- - A known algorithm type with any additional parameters encoded. - To start, these may be `rsa:2048` for encrypting ZTDF files and - `ec:secp256r1` for nanoTDF, but more formats may be added as needed. - $ref: '#/components/schemas/policy.KasPublicKeyAlgEnum' - title: KasPublicKey - additionalProperties: false - description: |- - Deprecated - A KAS public key and some associated metadata for further identifcation - policy.KasPublicKeySet: - type: object - properties: - keys: - type: array - items: - $ref: '#/components/schemas/policy.KasPublicKey' - title: keys - title: KasPublicKeySet - additionalProperties: false - description: |- - Deprecated - A list of known KAS public keys - policy.Key: - type: object - properties: - id: - type: string - title: id - description: the database record ID, not the key ID (`kid`) - isActive: - title: is_active - $ref: '#/components/schemas/google.protobuf.BoolValue' - wasMapped: - title: was_mapped - $ref: '#/components/schemas/google.protobuf.BoolValue' - publicKey: - title: public_key - $ref: '#/components/schemas/policy.KasPublicKey' - kas: - title: kas - $ref: '#/components/schemas/policy.KeyAccessServer' - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Key - additionalProperties: false - policy.KeyAccessServer: - type: object - properties: - id: - type: string - title: id - uri: - type: string - title: uri - description: |+ - Address of a KAS instance - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$') - ``` - - publicKey: - title: public_key - description: Deprecated - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: 'The source of the KAS: (INTERNAL, EXTERNAL)' - $ref: '#/components/schemas/policy.SourceType' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Kas keys associated with this KAS - name: - type: string - title: name - description: |- - Optional - Unique name of the KAS instance - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyAccessServer - additionalProperties: false - description: Key Access Server Registry - policy.KeyProviderConfig: - type: object - properties: - id: - type: string - title: id - name: - type: string - title: name - configJson: - type: string - title: config_json - format: byte - manager: - type: string - title: manager - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyProviderConfig - additionalProperties: false - policy.PageRequest: - type: object - properties: - limit: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - offset: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided - title: PageRequest - additionalProperties: false - policy.PageResponse: - type: object - properties: - currentOffset: - type: integer - title: current_offset - format: int32 - description: Requested pagination offset - nextOffset: - type: integer - title: next_offset - format: int32 - description: |- - Calculated with request limit + offset or defaults - Empty when none remain after current page - total: - type: integer - title: total - format: int32 - description: Total count of entire list - title: PageResponse - additionalProperties: false - policy.PrivateKeyCtx: - type: object - properties: - keyId: - type: string - title: key_id - minLength: 1 - description: Required Key ID for the symmetric key wrapping this key. - wrappedKey: - type: string - title: wrapped_key - description: Optional Base64 encoded wrapped key. Conditionally required if key_mode is LOCAL. Should not be present if key_mode is REMOTE. - title: PrivateKeyCtx - additionalProperties: false - policy.PublicKey: - type: object - oneOf: - - properties: - cached: - title: cached - description: public key with additional information. Current preferred version - $ref: '#/components/schemas/policy.KasPublicKeySet' - title: cached - required: - - cached - - properties: - remote: - type: string - title: remote - description: |+ - kas public key url - optional since can also be retrieved via public key - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$') - ``` - - title: remote - required: - - remote - title: PublicKey - additionalProperties: false - description: Deprecated - policy.PublicKeyCtx: - type: object - properties: - pem: - type: string - title: pem - minLength: 1 - description: Required Base64 encoded public key in PEM format - title: PublicKeyCtx - additionalProperties: false - policy.SimpleKasKey: - type: object - properties: - kasUri: - type: string - title: kas_uri - description: The URL of the Key Access Server - publicKey: - title: public_key - description: The public key of the Key that belongs to the KAS - $ref: '#/components/schemas/policy.SimpleKasPublicKey' - kasId: - type: string - title: kas_id - description: The ID of the Key Access Server - title: SimpleKasKey - additionalProperties: false - policy.SimpleKasPublicKey: - type: object - properties: - algorithm: - title: algorithm - $ref: '#/components/schemas/policy.Algorithm' - kid: - type: string - title: kid - pem: - type: string - title: pem - title: SimpleKasPublicKey - additionalProperties: false - policy.kasregistry.ActivatePublicKeyRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - title: ActivatePublicKeyRequest - additionalProperties: false - policy.kasregistry.ActivatePublicKeyResponse: - type: object - properties: - key: - title: key - $ref: '#/components/schemas/policy.Key' - title: ActivatePublicKeyResponse - additionalProperties: false - policy.kasregistry.ChangeMappings: - type: object - properties: - id: - type: string - title: id - fqn: - type: string - title: fqn - title: ChangeMappings - additionalProperties: false - description: |- - * - Simplified information about the resources that were rotated as part of the key rotation process. - policy.kasregistry.CreateKeyAccessServerRequest: - type: object - properties: - uri: - type: string - title: uri - description: |+ - Required - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.isUri() - ``` - - publicKey: - title: public_key - description: Deprecated - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: Optional - $ref: '#/components/schemas/policy.SourceType' - name: - type: string - title: name - maxLength: 253 - description: |+ - Optional - Registered KAS name must be an alphanumeric string, allowing hyphens, and underscores but not as the first or last character. The stored KAS name will be normalized to lower case.: - ``` - size(this) > 0 ? this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') : true - ``` - - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateKeyAccessServerRequest - additionalProperties: false - policy.kasregistry.CreateKeyAccessServerResponse: - type: object - properties: - keyAccessServer: - title: key_access_server - $ref: '#/components/schemas/policy.KeyAccessServer' - title: CreateKeyAccessServerResponse - additionalProperties: false - policy.kasregistry.CreateKeyRequest: - type: object - properties: - kasId: - type: string - title: kas_id - format: uuid - description: Required The unique identifier of the Key Access Server - keyId: - type: string - title: key_id - minLength: 1 - description: Required A user-defined identifier for the key - keyAlgorithm: - title: key_algorithm - description: |+ - Required The algorithm to be used for the key - The key_algorithm must be one of the defined values.: - ``` - this in [1, 2, 3, 4, 5] - ``` - - $ref: '#/components/schemas/policy.Algorithm' - keyMode: - title: key_mode - description: |+ - Required The mode of the key (e.g., local or external) - The key_mode must be one of the defined values (1-4).: - ``` - this >= 1 && this <= 4 - ``` - - $ref: '#/components/schemas/policy.KeyMode' - publicKeyCtx: - title: public_key_ctx - description: Required Context or additional data specific to the public key, based on the key provider implementation - $ref: '#/components/schemas/policy.PublicKeyCtx' - privateKeyCtx: - title: private_key_ctx - description: Conditionally Required Context or additional data specific to the private key, based on the key provider implementation - $ref: '#/components/schemas/policy.PrivateKeyCtx' - providerConfigId: - type: string - title: provider_config_id - description: Optional Configuration ID for the key provider, if applicable - legacy: - type: boolean - title: legacy - description: Optional Whether the key is a legacy key - metadata: - title: metadata - description: Common metadata Mutable metadata for the key - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateKeyRequest - required: - - publicKeyCtx - additionalProperties: false - description: |+ - Create a new asymmetric key for the specified Key Access Server (KAS) - The wrapped_key is required if key_mode is KEY_MODE_CONFIG_ROOT_KEY or KEY_MODE_PROVIDER_ROOT_KEY. The wrapped_key must be empty if key_mode is KEY_MODE_REMOTE or KEY_MODE_PUBLIC_KEY_ONLY.: - ``` - ((this.key_mode == 1 || this.key_mode == 2) && this.private_key_ctx.wrapped_key != '') || ((this.key_mode == 3 || this.key_mode == 4) && this.private_key_ctx.wrapped_key == '') - ``` - - Provider config id is required if key_mode is KEY_MODE_PROVIDER_ROOT_KEY or KEY_MODE_REMOTE. It must be empty for KEY_MODE_CONFIG_ROOT_KEY and KEY_MODE_PUBLIC_KEY_ONLY.: - ``` - ((this.key_mode == 1 || this.key_mode == 4) && this.provider_config_id == '') || ((this.key_mode == 2 || this.key_mode == 3) && this.provider_config_id != '') - ``` - - private_key_ctx must not be set if key_mode is KEY_MODE_PUBLIC_KEY_ONLY.: - ``` - !(this.key_mode == 4 && has(this.private_key_ctx)) - ``` - - policy.kasregistry.CreateKeyResponse: - type: object - properties: - kasKey: - title: kas_key - description: The created asymmetric key for a KAS. - $ref: '#/components/schemas/policy.KasKey' - title: CreateKeyResponse - additionalProperties: false - description: Response to a CreateKeyRequest, containing the created asymmetric key - policy.kasregistry.CreatePublicKeyRequest: - type: object - properties: - kasId: - type: string - title: kas_id - format: uuid - description: Required - key: - title: key - description: Required - $ref: '#/components/schemas/policy.KasPublicKey' - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - title: CreatePublicKeyRequest - required: - - key - additionalProperties: false - policy.kasregistry.CreatePublicKeyResponse: - type: object - properties: - key: - title: key - $ref: '#/components/schemas/policy.Key' - title: CreatePublicKeyResponse - additionalProperties: false - policy.kasregistry.DeactivatePublicKeyRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - title: DeactivatePublicKeyRequest - additionalProperties: false - policy.kasregistry.DeactivatePublicKeyResponse: - type: object - properties: - key: - title: key - $ref: '#/components/schemas/policy.Key' - title: DeactivatePublicKeyResponse - additionalProperties: false - policy.kasregistry.DeleteKeyAccessServerRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeleteKeyAccessServerRequest - additionalProperties: false - policy.kasregistry.DeleteKeyAccessServerResponse: - type: object - properties: - keyAccessServer: - title: key_access_server - $ref: '#/components/schemas/policy.KeyAccessServer' - title: DeleteKeyAccessServerResponse - additionalProperties: false - policy.kasregistry.GetBaseKeyRequest: - type: object - title: GetBaseKeyRequest - additionalProperties: false - policy.kasregistry.GetBaseKeyResponse: - type: object - properties: - baseKey: - title: base_key - description: The current base key - $ref: '#/components/schemas/policy.SimpleKasKey' - title: GetBaseKeyResponse - additionalProperties: false - policy.kasregistry.GetKeyAccessServerRequest: - type: object - oneOf: - - properties: - kasId: - type: string - title: kas_id - format: uuid - description: 'option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field' - title: kas_id - required: - - kasId - - properties: - name: - type: string - title: name - minLength: 1 - title: name - required: - - name - - properties: - uri: - type: string - title: uri - minLength: 1 - format: uri - title: uri - required: - - uri - properties: - id: - type: string - title: id - format: uuid - description: Deprecated - deprecated: true - title: GetKeyAccessServerRequest - additionalProperties: false - description: |+ - Either use deprecated 'id' field or one of 'kas_id' or 'uri', but not both: - ``` - !(has(this.id) && (has(this.kas_id) || has(this.uri) || has(this.name))) - ``` - - Either id or one of kas_id or uri must be set: - ``` - has(this.id) || has(this.kas_id) || has(this.uri) || has(this.name) - ``` - - policy.kasregistry.GetKeyAccessServerResponse: - type: object - properties: - keyAccessServer: - title: key_access_server - $ref: '#/components/schemas/policy.KeyAccessServer' - title: GetKeyAccessServerResponse - additionalProperties: false - policy.kasregistry.GetKeyRequest: - type: object - oneOf: - - properties: - id: - type: string - title: id - format: uuid - description: The unique identifier of the key to retrieve - title: id - required: - - id - - properties: - key: - title: key - $ref: '#/components/schemas/policy.kasregistry.KasKeyIdentifier' - title: key - required: - - key - title: GetKeyRequest - additionalProperties: false - description: Retrieve an existing asymmetric key from the Key Management System - policy.kasregistry.GetKeyResponse: - type: object - properties: - kasKey: - title: kas_key - description: The requested asymmetric key for a KAS. - $ref: '#/components/schemas/policy.KasKey' - title: GetKeyResponse - additionalProperties: false - description: Response to a GetKeyRequest, containing the requested asymmetric key - policy.kasregistry.GetPublicKeyRequest: - type: object - oneOf: - - properties: - id: - type: string - title: id - format: uuid - title: id - required: - - id - title: GetPublicKeyRequest - additionalProperties: false - policy.kasregistry.GetPublicKeyResponse: - type: object - properties: - key: - title: key - $ref: '#/components/schemas/policy.Key' - title: GetPublicKeyResponse - additionalProperties: false - policy.kasregistry.GrantedPolicyObject: - type: object - properties: - id: - type: string - title: id - fqn: - type: string - title: fqn - title: GrantedPolicyObject - additionalProperties: false - description: Can be namespace, attribute definition, or value - policy.kasregistry.KasKeyIdentifier: - type: object - oneOf: - - properties: - kasId: - type: string - title: kas_id - format: uuid - title: kas_id - required: - - kasId - - properties: - name: - type: string - title: name - minLength: 1 - title: name - required: - - name - - properties: - uri: - type: string - title: uri - minLength: 1 - format: uri - title: uri - required: - - uri - properties: - kid: - type: string - title: kid - minLength: 1 - description: Required Key ID of the key in question - title: KasKeyIdentifier - additionalProperties: false - description: Nested message for specifying the active key using KAS ID and Key ID - policy.kasregistry.KeyAccessServerGrants: - type: object - properties: - keyAccessServer: - title: key_access_server - $ref: '#/components/schemas/policy.KeyAccessServer' - namespaceGrants: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.GrantedPolicyObject' - title: namespace_grants - attributeGrants: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.GrantedPolicyObject' - title: attribute_grants - valueGrants: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.GrantedPolicyObject' - title: value_grants - title: KeyAccessServerGrants - additionalProperties: false - description: Deprecated - policy.kasregistry.KeyMapping: - type: object - properties: - kid: - type: string - title: kid - kasUri: - type: string - title: kas_uri - namespaceMappings: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.MappedPolicyObject' - title: namespace_mappings - description: List of namespaces mapped to the key - attributeMappings: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.MappedPolicyObject' - title: attribute_mappings - description: List of attribute definitions mapped to the key - valueMappings: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.MappedPolicyObject' - title: value_mappings - description: List of attribute values mapped to the key - title: KeyMapping - additionalProperties: false - policy.kasregistry.ListKeyAccessServerGrantsRequest: - type: object - properties: - kasId: - type: string - title: kas_id - description: |+ - Optional - Filter LIST by ID of a registered Key Access Server. - If neither is provided, grants from all registered KASs to policy attribute - objects are returned. - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - kasUri: - type: string - title: kas_uri - description: |+ - Optional - Filter LIST by URI of a registered Key Access Server. - If none is provided, grants from all registered KASs to policy attribute - objects are returned. - Optional URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - size(this) == 0 || this.isUri() - ``` - - kasName: - type: string - title: kas_name - maxLength: 253 - description: |+ - Optional - Filter LIST by name of a registered Key Access Server. - If none are provided, grants from all registered KASs to policy attribute - objects are returned. - Registered KAS name must be an alphanumeric string, allowing hyphens, and underscores but not as the first or last character. The stored KAS name will be normalized to lower case.: - ``` - size(this) == 0 || this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListKeyAccessServerGrantsRequest - additionalProperties: false - description: |- - LIST of KAS Grants returns flat response of grants to all policy objects. It - does not employ selectors for grants to specific policy objects or build the - attribute tree relation. If grants to a known namespace, attribute, or value - are needed, use the respective GET request to the specific policy object. - policy.kasregistry.ListKeyAccessServerGrantsResponse: - type: object - properties: - grants: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.KeyAccessServerGrants' - title: grants - deprecated: true - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListKeyAccessServerGrantsResponse - additionalProperties: false - description: Deprecated - policy.kasregistry.ListKeyAccessServersRequest: - type: object - properties: - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListKeyAccessServersRequest - additionalProperties: false - policy.kasregistry.ListKeyAccessServersResponse: - type: object - properties: - keyAccessServers: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: key_access_servers - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListKeyAccessServersResponse - additionalProperties: false - policy.kasregistry.ListKeyMappingsRequest: - type: object - oneOf: - - properties: - id: - type: string - title: id - format: uuid - description: The unique identifier of the key to retrieve - title: id - required: - - id - - properties: - key: - title: key - $ref: '#/components/schemas/policy.kasregistry.KasKeyIdentifier' - title: key - required: - - key - properties: - pagination: - title: pagination - description: Pagination request for the list of keys - $ref: '#/components/schemas/policy.PageRequest' - title: ListKeyMappingsRequest - additionalProperties: false - policy.kasregistry.ListKeyMappingsResponse: - type: object - properties: - keyMappings: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.KeyMapping' - title: key_mappings - description: The list of key mappings - pagination: - title: pagination - description: Pagination response for the list of keys - $ref: '#/components/schemas/policy.PageResponse' - title: ListKeyMappingsResponse - additionalProperties: false - policy.kasregistry.ListKeysRequest: - type: object - oneOf: - - properties: - kasId: - type: string - title: kas_id - format: uuid - description: Filter keys by the KAS ID - title: kas_id - required: - - kasId - - properties: - kasName: - type: string - title: kas_name - minLength: 1 - description: Filter keys by the KAS name - title: kas_name - required: - - kasName - - properties: - kasUri: - type: string - title: kas_uri - minLength: 1 - format: uri - description: Filter keys by the KAS URI - title: kas_uri - required: - - kasUri - properties: - keyAlgorithm: - title: key_algorithm - description: |+ - Filter keys by algorithm - The key_algorithm must be one of the defined values.: - ``` - this in [0, 1, 2, 3, 4, 5] - ``` - - $ref: '#/components/schemas/policy.Algorithm' - legacy: - type: boolean - title: legacy - description: Optional Filter for legacy keys - nullable: true - pagination: - title: pagination - description: Optional Pagination request for the list of keys - $ref: '#/components/schemas/policy.PageRequest' - title: ListKeysRequest - additionalProperties: false - description: List all asymmetric keys managed by a specific Key Access Server or with a given algorithm - policy.kasregistry.ListKeysResponse: - type: object - properties: - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.KasKey' - title: kas_keys - description: The list of kas keys - pagination: - title: pagination - description: Pagination response for the list of keys - $ref: '#/components/schemas/policy.PageResponse' - title: ListKeysResponse - additionalProperties: false - description: Response to a ListKeysRequest, containing the list of asymmetric keys and pagination information - policy.kasregistry.ListPublicKeyMappingRequest: - type: object - oneOf: - - properties: - kasId: - type: string - title: kas_id - format: uuid - description: Optional - title: kas_id - required: - - kasId - - properties: - kasName: - type: string - title: kas_name - minLength: 1 - description: Optional - title: kas_name - required: - - kasName - - properties: - kasUri: - type: string - title: kas_uri - minLength: 1 - format: uri - description: Optional - title: kas_uri - required: - - kasUri - properties: - publicKeyId: - type: string - title: public_key_id - format: uuid - description: Optional Public Key ID - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListPublicKeyMappingRequest - additionalProperties: false - policy.kasregistry.ListPublicKeyMappingResponse: - type: object - properties: - publicKeyMappings: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.ListPublicKeyMappingResponse.PublicKeyMapping' - title: public_key_mappings - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListPublicKeyMappingResponse - additionalProperties: false - policy.kasregistry.ListPublicKeyMappingResponse.Association: - type: object - properties: - id: - type: string - title: id - fqn: - type: string - title: fqn - title: Association - additionalProperties: false - policy.kasregistry.ListPublicKeyMappingResponse.PublicKey: - type: object - properties: - key: - title: key - $ref: '#/components/schemas/policy.Key' - values: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.ListPublicKeyMappingResponse.Association' - title: values - definitions: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.ListPublicKeyMappingResponse.Association' - title: definitions - namespaces: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.ListPublicKeyMappingResponse.Association' - title: namespaces - title: PublicKey - additionalProperties: false - policy.kasregistry.ListPublicKeyMappingResponse.PublicKeyMapping: - type: object - properties: - kasId: - type: string - title: kas_id - kasName: - type: string - title: kas_name - kasUri: - type: string - title: kas_uri - publicKeys: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.ListPublicKeyMappingResponse.PublicKey' - title: public_keys - title: PublicKeyMapping - additionalProperties: false - policy.kasregistry.ListPublicKeysRequest: - type: object - oneOf: - - properties: - kasId: - type: string - title: kas_id - format: uuid - description: Optional - title: kas_id - required: - - kasId - - properties: - kasName: - type: string - title: kas_name - minLength: 1 - description: Optional - title: kas_name - required: - - kasName - - properties: - kasUri: - type: string - title: kas_uri - minLength: 1 - format: uri - description: Optional - title: kas_uri - required: - - kasUri - properties: - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListPublicKeysRequest - additionalProperties: false - policy.kasregistry.ListPublicKeysResponse: - type: object - properties: - keys: - type: array - items: - $ref: '#/components/schemas/policy.Key' - title: keys - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListPublicKeysResponse - additionalProperties: false - policy.kasregistry.MappedPolicyObject: - type: object - properties: - id: - type: string - title: id - description: The unique identifier of the policy object - fqn: - type: string - title: fqn - description: The fully qualified name of the policy object - title: MappedPolicyObject - additionalProperties: false - policy.kasregistry.RotateKeyRequest: - type: object - oneOf: - - properties: - id: - type: string - title: id - format: uuid - description: Current Active Key UUID - title: id - required: - - id - - properties: - key: - title: key - description: Alternative way to specify the active key using KAS ID and Key ID - $ref: '#/components/schemas/policy.kasregistry.KasKeyIdentifier' - title: key - required: - - key - properties: - newKey: - title: new_key - description: Information about the new key to be rotated in - $ref: '#/components/schemas/policy.kasregistry.RotateKeyRequest.NewKey' - title: RotateKeyRequest - additionalProperties: false - description: |+ - For the new key, the wrapped_key is required if key_mode is KEY_MODE_CONFIG_ROOT_KEY or KEY_MODE_PROVIDER_ROOT_KEY. The wrapped_key must be empty if key_mode is KEY_MODE_REMOTE or KEY_MODE_PUBLIC_KEY_ONLY.: - ``` - ((this.new_key.key_mode == 1 || this.new_key.key_mode == 2) && this.new_key.private_key_ctx.wrapped_key != '') || ((this.new_key.key_mode == 3 || this.new_key.key_mode == 4) && this.new_key.private_key_ctx.wrapped_key == '') - ``` - - For the new key, provider config id is required if key_mode is KEY_MODE_PROVIDER_ROOT_KEY or KEY_MODE_REMOTE. It must be empty for KEY_MODE_CONFIG_ROOT_KEY and KEY_MODE_PUBLIC_KEY_ONLY.: - ``` - ((this.new_key.key_mode == 1 || this.new_key.key_mode == 4) && this.new_key.provider_config_id == '') || ((this.new_key.key_mode == 2 || this.new_key.key_mode == 3) && this.new_key.provider_config_id != '') - ``` - - private_key_ctx must not be set if key_mode is KEY_MODE_PUBLIC_KEY_ONLY.: - ``` - !(this.new_key.key_mode == 4 && has(this.new_key.private_key_ctx)) - ``` - - policy.kasregistry.RotateKeyRequest.NewKey: - type: object - properties: - keyId: - type: string - title: key_id - minLength: 1 - description: Required - algorithm: - title: algorithm - description: |+ - Required - The key_algorithm must be one of the defined values.: - ``` - this in [1, 2, 3, 4, 5] - ``` - - $ref: '#/components/schemas/policy.Algorithm' - keyMode: - title: key_mode - description: |+ - Required - The new key_mode must be one of the defined values (1-4).: - ``` - this in [1, 2, 3, 4] - ``` - - $ref: '#/components/schemas/policy.KeyMode' - publicKeyCtx: - title: public_key_ctx - description: Required - $ref: '#/components/schemas/policy.PublicKeyCtx' - privateKeyCtx: - title: private_key_ctx - description: Required - $ref: '#/components/schemas/policy.PrivateKeyCtx' - providerConfigId: - type: string - title: provider_config_id - description: Conditionally Required. Validation handled by message-level CEL - metadata: - title: metadata - description: Common metadata fields - $ref: '#/components/schemas/common.MetadataMutable' - title: NewKey - required: - - publicKeyCtx - additionalProperties: false - description: Nested message for specifying the new key details - policy.kasregistry.RotateKeyResponse: - type: object - properties: - kasKey: - title: kas_key - description: The newly rotated Kas Key - $ref: '#/components/schemas/policy.KasKey' - rotatedResources: - title: rotated_resources - description: All resources that were rotated as part of the key rotation process - $ref: '#/components/schemas/policy.kasregistry.RotatedResources' - title: RotateKeyResponse - additionalProperties: false - description: Response message for the RotateKey request - policy.kasregistry.RotatedResources: - type: object - properties: - rotatedOutKey: - title: rotated_out_key - description: The old key that was rotated out - $ref: '#/components/schemas/policy.KasKey' - attributeDefinitionMappings: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.ChangeMappings' - title: attribute_definition_mappings - attributeValueMappings: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.ChangeMappings' - title: attribute_value_mappings - namespaceMappings: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.ChangeMappings' - title: namespace_mappings - title: RotatedResources - additionalProperties: false - description: All resources that were rotated as part of the key rotation process - policy.kasregistry.SetBaseKeyRequest: - type: object - oneOf: - - properties: - id: - type: string - title: id - format: uuid - description: Current Key UUID tp be set as default - title: id - required: - - id - - properties: - key: - title: key - description: Alternative way to specify the key using KAS ID and Key ID - $ref: '#/components/schemas/policy.kasregistry.KasKeyIdentifier' - title: key - required: - - key - title: SetBaseKeyRequest - additionalProperties: false - description: |- - Sets the specified key as the base key for the Key Access Server - Note: The key must be active. - policy.kasregistry.SetBaseKeyResponse: - type: object - properties: - newBaseKey: - title: new_base_key - description: The key that was set as base - $ref: '#/components/schemas/policy.SimpleKasKey' - previousBaseKey: - title: previous_base_key - description: The previous base key, if any - $ref: '#/components/schemas/policy.SimpleKasKey' - title: SetBaseKeyResponse - additionalProperties: false - policy.kasregistry.UpdateKeyAccessServerRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - uri: - type: string - title: uri - description: |+ - Optional - Optional URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - size(this) == 0 || this.isUri() - ``` - - publicKey: - title: public_key - description: |- - Deprecated - Optional - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: |- - Optional - Using UNSPECIFIED will result in a successful update, - but will not actually update the underlying source. - You should not update KAS's from INTERNAL/EXTERNAL - to unspecified. - $ref: '#/components/schemas/policy.SourceType' - name: - type: string - title: name - maxLength: 253 - description: |+ - Optional - Registered KAS name must be an alphanumeric string, allowing hyphens, and underscores but not as the first or last character. The stored KAS name will be normalized to lower case.: - ``` - size(this) == 0 || this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateKeyAccessServerRequest - additionalProperties: false - policy.kasregistry.UpdateKeyAccessServerResponse: - type: object - properties: - keyAccessServer: - title: key_access_server - $ref: '#/components/schemas/policy.KeyAccessServer' - title: UpdateKeyAccessServerResponse - additionalProperties: false - policy.kasregistry.UpdateKeyRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required The unique identifier of the key to update - metadata: - title: metadata - description: |- - Optional - Common metadata Mutable metadata for the key - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - description: The behavior for updating the metadata - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateKeyRequest - additionalProperties: false - description: |+ - Update an existing asymmetric key in the Key Management System - Metadata update behavior must be either APPEND or REPLACE, when updating metadata.: - ``` - ((!has(this.metadata)) || (has(this.metadata) && this.metadata_update_behavior != 0)) - ``` - - policy.kasregistry.UpdateKeyResponse: - type: object - properties: - kasKey: - title: kas_key - description: The updated kas key - $ref: '#/components/schemas/policy.KasKey' - title: UpdateKeyResponse - additionalProperties: false - description: Response to an UpdateKeyRequest, containing the updated asymmetric key - policy.kasregistry.UpdatePublicKeyRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdatePublicKeyRequest - additionalProperties: false - policy.kasregistry.UpdatePublicKeyResponse: - type: object - properties: - key: - title: key - $ref: '#/components/schemas/policy.Key' - title: UpdatePublicKeyResponse - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: policy.kasregistry.KeyAccessServerRegistryService diff --git a/specs/policy/keymanagement/key_management.openapi.yaml b/specs/policy/keymanagement/key_management.openapi.yaml deleted file mode 100644 index 61a3e43..0000000 --- a/specs/policy/keymanagement/key_management.openapi.yaml +++ /dev/null @@ -1,622 +0,0 @@ -openapi: 3.1.0 -info: - title: policy.keymanagement -paths: - /policy.keymanagement.KeyManagementService/CreateProviderConfig: - post: - tags: - - policy.keymanagement.KeyManagementService - summary: CreateProviderConfig - description: |- - Key Management - Provider Management - operationId: policy.keymanagement.KeyManagementService.CreateProviderConfig - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.keymanagement.CreateProviderConfigRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.keymanagement.CreateProviderConfigResponse' - /policy.keymanagement.KeyManagementService/GetProviderConfig: - post: - tags: - - policy.keymanagement.KeyManagementService - summary: GetProviderConfig - operationId: policy.keymanagement.KeyManagementService.GetProviderConfig - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.keymanagement.GetProviderConfigRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.keymanagement.GetProviderConfigResponse' - /policy.keymanagement.KeyManagementService/ListProviderConfigs: - post: - tags: - - policy.keymanagement.KeyManagementService - summary: ListProviderConfigs - operationId: policy.keymanagement.KeyManagementService.ListProviderConfigs - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.keymanagement.ListProviderConfigsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.keymanagement.ListProviderConfigsResponse' - /policy.keymanagement.KeyManagementService/UpdateProviderConfig: - post: - tags: - - policy.keymanagement.KeyManagementService - summary: UpdateProviderConfig - operationId: policy.keymanagement.KeyManagementService.UpdateProviderConfig - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.keymanagement.UpdateProviderConfigRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.keymanagement.UpdateProviderConfigResponse' - /policy.keymanagement.KeyManagementService/DeleteProviderConfig: - post: - tags: - - policy.keymanagement.KeyManagementService - summary: DeleteProviderConfig - operationId: policy.keymanagement.KeyManagementService.DeleteProviderConfig - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.keymanagement.DeleteProviderConfigRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.keymanagement.DeleteProviderConfigResponse' -components: - schemas: - common.MetadataUpdateEnum: - type: string - title: MetadataUpdateEnum - enum: - - METADATA_UPDATE_ENUM_UNSPECIFIED - - METADATA_UPDATE_ENUM_EXTEND - - METADATA_UPDATE_ENUM_REPLACE - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - common.MetadataMutable: - type: object - properties: - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional labels - title: MetadataMutable - additionalProperties: false - common.MetadataMutable.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.KeyProviderConfig: - type: object - properties: - id: - type: string - title: id - name: - type: string - title: name - configJson: - type: string - title: config_json - format: byte - manager: - type: string - title: manager - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyProviderConfig - additionalProperties: false - policy.PageRequest: - type: object - properties: - limit: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - offset: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided - title: PageRequest - additionalProperties: false - policy.PageResponse: - type: object - properties: - currentOffset: - type: integer - title: current_offset - format: int32 - description: Requested pagination offset - nextOffset: - type: integer - title: next_offset - format: int32 - description: |- - Calculated with request limit + offset or defaults - Empty when none remain after current page - total: - type: integer - title: total - format: int32 - description: Total count of entire list - title: PageResponse - additionalProperties: false - policy.keymanagement.CreateProviderConfigRequest: - type: object - properties: - name: - type: string - title: name - description: |- - Required - The name of the key provider. (e.g. "AWS KMS Instance 1", "Google Cloud KMS Instance 2") - configJson: - type: string - title: config_json - format: byte - description: |- - Required - JSON configuration for the key provider. This is unique to individual key providers. - manager: - type: string - title: manager - description: |- - Required - The type of key manager (e.g. "aws", "gcp", "azure", "opentdf.io/basic") - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateProviderConfigRequest - required: - - name - - configJson - - manager - additionalProperties: false - description: Provider Configuration Requests and Response Messages - policy.keymanagement.CreateProviderConfigResponse: - type: object - properties: - providerConfig: - title: provider_config - $ref: '#/components/schemas/policy.KeyProviderConfig' - title: CreateProviderConfigResponse - additionalProperties: false - policy.keymanagement.DeleteProviderConfigRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeleteProviderConfigRequest - additionalProperties: false - description: In order to delete a provider configuration you must first delete all keys associated with the provider. - policy.keymanagement.DeleteProviderConfigResponse: - type: object - properties: - providerConfig: - title: provider_config - $ref: '#/components/schemas/policy.KeyProviderConfig' - title: DeleteProviderConfigResponse - additionalProperties: false - policy.keymanagement.GetProviderConfigRequest: - type: object - oneOf: - - properties: - id: - type: string - title: id - format: uuid - title: id - required: - - id - - properties: - name: - type: string - title: name - minLength: 1 - title: name - required: - - name - properties: - manager: - type: string - title: manager - description: Optional - filter by manager type when searching by name - title: GetProviderConfigRequest - additionalProperties: false - policy.keymanagement.GetProviderConfigResponse: - type: object - properties: - providerConfig: - title: provider_config - $ref: '#/components/schemas/policy.KeyProviderConfig' - title: GetProviderConfigResponse - additionalProperties: false - policy.keymanagement.ListProviderConfigsRequest: - type: object - properties: - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListProviderConfigsRequest - additionalProperties: false - policy.keymanagement.ListProviderConfigsResponse: - type: object - properties: - providerConfigs: - type: array - items: - $ref: '#/components/schemas/policy.KeyProviderConfig' - title: provider_configs - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListProviderConfigsResponse - additionalProperties: false - policy.keymanagement.UpdateProviderConfigRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - name: - type: string - title: name - description: Optional - configJson: - type: string - title: config_json - format: byte - description: Optional - manager: - type: string - title: manager - description: Optional - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateProviderConfigRequest - additionalProperties: false - policy.keymanagement.UpdateProviderConfigResponse: - type: object - properties: - providerConfig: - title: provider_config - $ref: '#/components/schemas/policy.KeyProviderConfig' - title: UpdateProviderConfigResponse - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: policy.keymanagement.KeyManagementService diff --git a/specs/policy/namespaces/namespaces.openapi.yaml b/specs/policy/namespaces/namespaces.openapi.yaml deleted file mode 100644 index e5c3dfa..0000000 --- a/specs/policy/namespaces/namespaces.openapi.yaml +++ /dev/null @@ -1,1072 +0,0 @@ -openapi: 3.1.0 -info: - title: policy.namespaces -paths: - /policy.namespaces.NamespaceService/GetNamespace: - post: - tags: - - policy.namespaces.NamespaceService - summary: GetNamespace - operationId: policy.namespaces.NamespaceService.GetNamespace - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.GetNamespaceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.GetNamespaceResponse' - /policy.namespaces.NamespaceService/ListNamespaces: - post: - tags: - - policy.namespaces.NamespaceService - summary: ListNamespaces - operationId: policy.namespaces.NamespaceService.ListNamespaces - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.ListNamespacesRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.ListNamespacesResponse' - /policy.namespaces.NamespaceService/CreateNamespace: - post: - tags: - - policy.namespaces.NamespaceService - summary: CreateNamespace - operationId: policy.namespaces.NamespaceService.CreateNamespace - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.CreateNamespaceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.CreateNamespaceResponse' - /policy.namespaces.NamespaceService/UpdateNamespace: - post: - tags: - - policy.namespaces.NamespaceService - summary: UpdateNamespace - operationId: policy.namespaces.NamespaceService.UpdateNamespace - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.UpdateNamespaceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.UpdateNamespaceResponse' - /policy.namespaces.NamespaceService/DeactivateNamespace: - post: - tags: - - policy.namespaces.NamespaceService - summary: DeactivateNamespace - operationId: policy.namespaces.NamespaceService.DeactivateNamespace - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.DeactivateNamespaceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.DeactivateNamespaceResponse' - /policy.namespaces.NamespaceService/AssignKeyAccessServerToNamespace: - post: - tags: - - policy.namespaces.NamespaceService - summary: AssignKeyAccessServerToNamespace - description: |- - --------------------------------------* - Namespace <> Key Access Server RPCs - --------------------------------------- - operationId: policy.namespaces.NamespaceService.AssignKeyAccessServerToNamespace - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.AssignKeyAccessServerToNamespaceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.AssignKeyAccessServerToNamespaceResponse' - deprecated: true - /policy.namespaces.NamespaceService/RemoveKeyAccessServerFromNamespace: - post: - tags: - - policy.namespaces.NamespaceService - summary: RemoveKeyAccessServerFromNamespace - operationId: policy.namespaces.NamespaceService.RemoveKeyAccessServerFromNamespace - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.RemoveKeyAccessServerFromNamespaceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.RemoveKeyAccessServerFromNamespaceResponse' - deprecated: true - /policy.namespaces.NamespaceService/AssignPublicKeyToNamespace: - post: - tags: - - policy.namespaces.NamespaceService - summary: AssignPublicKeyToNamespace - description: |- - --------------------------------------* - Namespace <> Key RPCs - --------------------------------------- - operationId: policy.namespaces.NamespaceService.AssignPublicKeyToNamespace - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.AssignPublicKeyToNamespaceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.AssignPublicKeyToNamespaceResponse' - /policy.namespaces.NamespaceService/RemovePublicKeyFromNamespace: - post: - tags: - - policy.namespaces.NamespaceService - summary: RemovePublicKeyFromNamespace - operationId: policy.namespaces.NamespaceService.RemovePublicKeyFromNamespace - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.RemovePublicKeyFromNamespaceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.RemovePublicKeyFromNamespaceResponse' -components: - schemas: - common.ActiveStateEnum: - type: string - title: ActiveStateEnum - enum: - - ACTIVE_STATE_ENUM_UNSPECIFIED - - ACTIVE_STATE_ENUM_ACTIVE - - ACTIVE_STATE_ENUM_INACTIVE - - ACTIVE_STATE_ENUM_ANY - description: 'buflint ENUM_VALUE_PREFIX: to make sure that C++ scoping rules aren''t violated when users add new enum values to an enum in a given package' - common.MetadataUpdateEnum: - type: string - title: MetadataUpdateEnum - enum: - - METADATA_UPDATE_ENUM_UNSPECIFIED - - METADATA_UPDATE_ENUM_EXTEND - - METADATA_UPDATE_ENUM_REPLACE - policy.Algorithm: - type: string - title: Algorithm - enum: - - ALGORITHM_UNSPECIFIED - - ALGORITHM_RSA_2048 - - ALGORITHM_RSA_4096 - - ALGORITHM_EC_P256 - - ALGORITHM_EC_P384 - - ALGORITHM_EC_P521 - description: Supported key algorithms. - policy.KasPublicKeyAlgEnum: - type: string - title: KasPublicKeyAlgEnum - enum: - - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048 - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 - policy.SourceType: - type: string - title: SourceType - enum: - - SOURCE_TYPE_UNSPECIFIED - - SOURCE_TYPE_INTERNAL - - SOURCE_TYPE_EXTERNAL - description: |- - Describes whether this kas is managed by the organization or if they imported - the kas information from an external party. These two modes are necessary in order - to encrypt a tdf dek with an external parties kas public key. - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - common.MetadataMutable: - type: object - properties: - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional labels - title: MetadataMutable - additionalProperties: false - common.MetadataMutable.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.BoolValue: - type: boolean - description: |- - Wrapper message for `bool`. - - The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.KasPublicKey: - type: object - properties: - pem: - type: string - title: pem - maxLength: 8192 - minLength: 1 - description: x509 ASN.1 content in PEM envelope, usually - kid: - type: string - title: kid - maxLength: 32 - minLength: 1 - description: A unique string identifier for this key - alg: - not: - enum: - - 0 - title: alg - description: |- - A known algorithm type with any additional parameters encoded. - To start, these may be `rsa:2048` for encrypting ZTDF files and - `ec:secp256r1` for nanoTDF, but more formats may be added as needed. - $ref: '#/components/schemas/policy.KasPublicKeyAlgEnum' - title: KasPublicKey - additionalProperties: false - description: |- - Deprecated - A KAS public key and some associated metadata for further identifcation - policy.KasPublicKeySet: - type: object - properties: - keys: - type: array - items: - $ref: '#/components/schemas/policy.KasPublicKey' - title: keys - title: KasPublicKeySet - additionalProperties: false - description: |- - Deprecated - A list of known KAS public keys - policy.KeyAccessServer: - type: object - properties: - id: - type: string - title: id - uri: - type: string - title: uri - description: |+ - Address of a KAS instance - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$') - ``` - - publicKey: - title: public_key - description: Deprecated - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: 'The source of the KAS: (INTERNAL, EXTERNAL)' - $ref: '#/components/schemas/policy.SourceType' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Kas keys associated with this KAS - name: - type: string - title: name - description: |- - Optional - Unique name of the KAS instance - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyAccessServer - additionalProperties: false - description: Key Access Server Registry - policy.Namespace: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - name: - type: string - title: name - description: |- - used to partition Attribute Definitions, support by namespace AuthN and - enable federation - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the namespace. Use kas_keys instead. - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys for the namespace - title: Namespace - additionalProperties: false - policy.PageRequest: - type: object - properties: - limit: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - offset: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided - title: PageRequest - additionalProperties: false - policy.PageResponse: - type: object - properties: - currentOffset: - type: integer - title: current_offset - format: int32 - description: Requested pagination offset - nextOffset: - type: integer - title: next_offset - format: int32 - description: |- - Calculated with request limit + offset or defaults - Empty when none remain after current page - total: - type: integer - title: total - format: int32 - description: Total count of entire list - title: PageResponse - additionalProperties: false - policy.PublicKey: - type: object - oneOf: - - properties: - cached: - title: cached - description: public key with additional information. Current preferred version - $ref: '#/components/schemas/policy.KasPublicKeySet' - title: cached - required: - - cached - - properties: - remote: - type: string - title: remote - description: |+ - kas public key url - optional since can also be retrieved via public key - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$') - ``` - - title: remote - required: - - remote - title: PublicKey - additionalProperties: false - description: Deprecated - policy.SimpleKasKey: - type: object - properties: - kasUri: - type: string - title: kas_uri - description: The URL of the Key Access Server - publicKey: - title: public_key - description: The public key of the Key that belongs to the KAS - $ref: '#/components/schemas/policy.SimpleKasPublicKey' - kasId: - type: string - title: kas_id - description: The ID of the Key Access Server - title: SimpleKasKey - additionalProperties: false - policy.SimpleKasPublicKey: - type: object - properties: - algorithm: - title: algorithm - $ref: '#/components/schemas/policy.Algorithm' - kid: - type: string - title: kid - pem: - type: string - title: pem - title: SimpleKasPublicKey - additionalProperties: false - policy.namespaces.AssignKeyAccessServerToNamespaceRequest: - type: object - properties: - namespaceKeyAccessServer: - title: namespace_key_access_server - $ref: '#/components/schemas/policy.namespaces.NamespaceKeyAccessServer' - title: AssignKeyAccessServerToNamespaceRequest - additionalProperties: false - policy.namespaces.AssignKeyAccessServerToNamespaceResponse: - type: object - properties: - namespaceKeyAccessServer: - title: namespace_key_access_server - $ref: '#/components/schemas/policy.namespaces.NamespaceKeyAccessServer' - title: AssignKeyAccessServerToNamespaceResponse - additionalProperties: false - policy.namespaces.AssignPublicKeyToNamespaceRequest: - type: object - properties: - namespaceKey: - title: namespace_key - $ref: '#/components/schemas/policy.namespaces.NamespaceKey' - title: AssignPublicKeyToNamespaceRequest - required: - - namespaceKey - additionalProperties: false - description: Assign Key to Namespace - policy.namespaces.AssignPublicKeyToNamespaceResponse: - type: object - properties: - namespaceKey: - title: namespace_key - $ref: '#/components/schemas/policy.namespaces.NamespaceKey' - title: AssignPublicKeyToNamespaceResponse - additionalProperties: false - policy.namespaces.CreateNamespaceRequest: - type: object - properties: - name: - type: string - title: name - maxLength: 253 - description: |+ - Required - Namespace must be a valid hostname. It should include at least one dot, with each segment (label) starting and ending with an alphanumeric character. Each label must be 1 to 63 characters long, allowing hyphens but not as the first or last character. The top-level domain (the last segment after the final dot) must consist of at least two alphabetic characters. The stored namespace will be normalized to lower case.: - ``` - this.matches('^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,}$') - ``` - - metadata: - title: metadata - description: Optional - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateNamespaceRequest - required: - - name - additionalProperties: false - policy.namespaces.CreateNamespaceResponse: - type: object - properties: - namespace: - title: namespace - $ref: '#/components/schemas/policy.Namespace' - title: CreateNamespaceResponse - additionalProperties: false - policy.namespaces.DeactivateNamespaceRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeactivateNamespaceRequest - additionalProperties: false - policy.namespaces.DeactivateNamespaceResponse: - type: object - title: DeactivateNamespaceResponse - additionalProperties: false - policy.namespaces.GetNamespaceRequest: - type: object - oneOf: - - properties: - fqn: - type: string - title: fqn - minLength: 1 - format: uri - title: fqn - required: - - fqn - - properties: - namespaceId: - type: string - title: namespace_id - format: uuid - description: 'option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field' - title: namespace_id - required: - - namespaceId - properties: - id: - type: string - title: id - format: uuid - description: Deprecated - deprecated: true - title: GetNamespaceRequest - additionalProperties: false - description: |+ - Either use deprecated 'id' field or one of 'namespace_id' or 'fqn', but not both: - ``` - !(has(this.id) && (has(this.namespace_id) || has(this.fqn))) - ``` - - Either id or one of namespace_id or fqn must be set: - ``` - has(this.id) || has(this.namespace_id) || has(this.fqn) - ``` - - policy.namespaces.GetNamespaceResponse: - type: object - properties: - namespace: - title: namespace - $ref: '#/components/schemas/policy.Namespace' - title: GetNamespaceResponse - additionalProperties: false - policy.namespaces.ListNamespacesRequest: - type: object - properties: - state: - title: state - description: |- - Optional - ACTIVE by default when not specified - $ref: '#/components/schemas/common.ActiveStateEnum' - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListNamespacesRequest - additionalProperties: false - policy.namespaces.ListNamespacesResponse: - type: object - properties: - namespaces: - type: array - items: - $ref: '#/components/schemas/policy.Namespace' - title: namespaces - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListNamespacesResponse - additionalProperties: false - policy.namespaces.NamespaceKey: - type: object - properties: - namespaceId: - type: string - title: namespace_id - format: uuid - description: Required - keyId: - type: string - title: key_id - format: uuid - description: Required (The id from the Asymmetric Key object) - title: NamespaceKey - required: - - namespaceId - - keyId - additionalProperties: false - policy.namespaces.NamespaceKeyAccessServer: - type: object - properties: - namespaceId: - type: string - title: namespace_id - format: uuid - description: Required - keyAccessServerId: - type: string - title: key_access_server_id - format: uuid - description: Required - title: NamespaceKeyAccessServer - additionalProperties: false - description: Deprecated - policy.namespaces.RemoveKeyAccessServerFromNamespaceRequest: - type: object - properties: - namespaceKeyAccessServer: - title: namespace_key_access_server - $ref: '#/components/schemas/policy.namespaces.NamespaceKeyAccessServer' - title: RemoveKeyAccessServerFromNamespaceRequest - additionalProperties: false - policy.namespaces.RemoveKeyAccessServerFromNamespaceResponse: - type: object - properties: - namespaceKeyAccessServer: - title: namespace_key_access_server - $ref: '#/components/schemas/policy.namespaces.NamespaceKeyAccessServer' - title: RemoveKeyAccessServerFromNamespaceResponse - additionalProperties: false - policy.namespaces.RemovePublicKeyFromNamespaceRequest: - type: object - properties: - namespaceKey: - title: namespace_key - $ref: '#/components/schemas/policy.namespaces.NamespaceKey' - title: RemovePublicKeyFromNamespaceRequest - required: - - namespaceKey - additionalProperties: false - policy.namespaces.RemovePublicKeyFromNamespaceResponse: - type: object - properties: - namespaceKey: - title: namespace_key - $ref: '#/components/schemas/policy.namespaces.NamespaceKey' - title: RemovePublicKeyFromNamespaceResponse - additionalProperties: false - policy.namespaces.UpdateNamespaceRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - metadata: - title: metadata - description: Optional - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateNamespaceRequest - additionalProperties: false - policy.namespaces.UpdateNamespaceResponse: - type: object - properties: - namespace: - title: namespace - $ref: '#/components/schemas/policy.Namespace' - title: UpdateNamespaceResponse - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: policy.namespaces.NamespaceService diff --git a/specs/policy/objects.openapi.yaml b/specs/policy/objects.openapi.yaml deleted file mode 100644 index e65c942..0000000 --- a/specs/policy/objects.openapi.yaml +++ /dev/null @@ -1,1054 +0,0 @@ -openapi: 3.1.0 -info: - title: policy -paths: {} -components: - schemas: - policy.Action.StandardAction: - type: string - title: StandardAction - enum: - - STANDARD_ACTION_UNSPECIFIED - - STANDARD_ACTION_DECRYPT - - STANDARD_ACTION_TRANSMIT - policy.Algorithm: - type: string - title: Algorithm - enum: - - ALGORITHM_UNSPECIFIED - - ALGORITHM_RSA_2048 - - ALGORITHM_RSA_4096 - - ALGORITHM_EC_P256 - - ALGORITHM_EC_P384 - - ALGORITHM_EC_P521 - description: Supported key algorithms. - policy.AttributeRuleTypeEnum: - type: string - title: AttributeRuleTypeEnum - enum: - - ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED - - ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF - - ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF - - ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY - policy.ConditionBooleanTypeEnum: - type: string - title: ConditionBooleanTypeEnum - enum: - - CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED - - CONDITION_BOOLEAN_TYPE_ENUM_AND - - CONDITION_BOOLEAN_TYPE_ENUM_OR - policy.KasPublicKeyAlgEnum: - type: string - title: KasPublicKeyAlgEnum - enum: - - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048 - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 - policy.KeyMode: - type: string - title: KeyMode - enum: - - KEY_MODE_UNSPECIFIED - - KEY_MODE_CONFIG_ROOT_KEY - - KEY_MODE_PROVIDER_ROOT_KEY - - KEY_MODE_REMOTE - - KEY_MODE_PUBLIC_KEY_ONLY - description: Describes the management and operational mode of a cryptographic key. - policy.KeyStatus: - type: string - title: KeyStatus - enum: - - KEY_STATUS_UNSPECIFIED - - KEY_STATUS_ACTIVE - - KEY_STATUS_ROTATED - description: The status of the key - policy.SourceType: - type: string - title: SourceType - enum: - - SOURCE_TYPE_UNSPECIFIED - - SOURCE_TYPE_INTERNAL - - SOURCE_TYPE_EXTERNAL - description: |- - Describes whether this kas is managed by the organization or if they imported - the kas information from an external party. These two modes are necessary in order - to encrypt a tdf dek with an external parties kas public key. - policy.SubjectMappingOperatorEnum: - type: string - title: SubjectMappingOperatorEnum - enum: - - SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED - - SUBJECT_MAPPING_OPERATOR_ENUM_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.BoolValue: - type: boolean - description: |- - Wrapper message for `bool`. - - The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.Action: - type: object - oneOf: - - properties: - custom: - type: string - title: custom - description: Deprecated - title: custom - required: - - custom - - properties: - standard: - title: standard - description: Deprecated - $ref: '#/components/schemas/policy.Action.StandardAction' - title: standard - required: - - standard - properties: - id: - type: string - title: id - description: Generated uuid in database - name: - type: string - title: name - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Action - additionalProperties: false - description: An action an entity can take - policy.AsymmetricKey: - type: object - properties: - id: - type: string - title: id - description: Required - keyId: - type: string - title: key_id - description: Required - keyAlgorithm: - title: key_algorithm - description: Required - $ref: '#/components/schemas/policy.Algorithm' - keyStatus: - title: key_status - description: Required - $ref: '#/components/schemas/policy.KeyStatus' - keyMode: - title: key_mode - description: Required Specifies how the key is managed (local or remote) - $ref: '#/components/schemas/policy.KeyMode' - publicKeyCtx: - title: public_key_ctx - description: Required Specific structure based on key provider implementation - $ref: '#/components/schemas/policy.PublicKeyCtx' - privateKeyCtx: - title: private_key_ctx - description: Optional Specific structure based on key provider implementation - $ref: '#/components/schemas/policy.PrivateKeyCtx' - providerConfig: - title: provider_config - description: Optional Configuration for the key provider - $ref: '#/components/schemas/policy.KeyProviderConfig' - legacy: - type: boolean - title: legacy - description: Optional Indicates a key may be found in TDFs without key identifiers - metadata: - title: metadata - description: Common metadata fields - $ref: '#/components/schemas/common.Metadata' - title: AsymmetricKey - additionalProperties: false - policy.Attribute: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - description: namespace of the attribute - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - description: attribute name - rule: - title: rule - description: attribute rule enum - $ref: '#/components/schemas/policy.AttributeRuleTypeEnum' - values: - type: array - items: - $ref: '#/components/schemas/policy.Value' - title: values - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the attribute. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys associated with the attribute - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Attribute - required: - - rule - additionalProperties: false - policy.Condition: - type: object - properties: - subjectExternalSelectorValue: - type: string - title: subject_external_selector_value - description: |- - a selector for a field value on a flattened Entity Representation (such as - from idP/LDAP) - operator: - title: operator - description: the evaluation operator of relation - $ref: '#/components/schemas/policy.SubjectMappingOperatorEnum' - subjectExternalValues: - type: array - items: - type: string - minItems: 1 - title: subject_external_values - minItems: 1 - description: |- - list of comparison values for the result of applying the - subject_external_selector_value on a flattened Entity Representation - (Subject), evaluated by the operator - title: Condition - required: - - subjectExternalSelectorValue - - operator - additionalProperties: false - description: |- - * - A Condition defines a rule of - policy.ConditionGroup: - type: object - properties: - conditions: - type: array - items: - $ref: '#/components/schemas/policy.Condition' - title: conditions - minItems: 1 - booleanOperator: - title: boolean_operator - description: the boolean evaluation type across the conditions - $ref: '#/components/schemas/policy.ConditionBooleanTypeEnum' - title: ConditionGroup - required: - - booleanOperator - additionalProperties: false - description: A collection of Conditions evaluated by the boolean_operator provided - policy.KasKey: - type: object - properties: - kasId: - type: string - title: kas_id - key: - title: key - $ref: '#/components/schemas/policy.AsymmetricKey' - kasUri: - type: string - title: kas_uri - title: KasKey - additionalProperties: false - policy.KasPublicKey: - type: object - properties: - pem: - type: string - title: pem - maxLength: 8192 - minLength: 1 - description: x509 ASN.1 content in PEM envelope, usually - kid: - type: string - title: kid - maxLength: 32 - minLength: 1 - description: A unique string identifier for this key - alg: - not: - enum: - - 0 - title: alg - description: |- - A known algorithm type with any additional parameters encoded. - To start, these may be `rsa:2048` for encrypting ZTDF files and - `ec:secp256r1` for nanoTDF, but more formats may be added as needed. - $ref: '#/components/schemas/policy.KasPublicKeyAlgEnum' - title: KasPublicKey - additionalProperties: false - description: |- - Deprecated - A KAS public key and some associated metadata for further identifcation - policy.KasPublicKeySet: - type: object - properties: - keys: - type: array - items: - $ref: '#/components/schemas/policy.KasPublicKey' - title: keys - title: KasPublicKeySet - additionalProperties: false - description: |- - Deprecated - A list of known KAS public keys - policy.Key: - type: object - properties: - id: - type: string - title: id - description: the database record ID, not the key ID (`kid`) - isActive: - title: is_active - $ref: '#/components/schemas/google.protobuf.BoolValue' - wasMapped: - title: was_mapped - $ref: '#/components/schemas/google.protobuf.BoolValue' - publicKey: - title: public_key - $ref: '#/components/schemas/policy.KasPublicKey' - kas: - title: kas - $ref: '#/components/schemas/policy.KeyAccessServer' - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Key - additionalProperties: false - policy.KeyAccessServer: - type: object - properties: - id: - type: string - title: id - uri: - type: string - title: uri - description: |+ - Address of a KAS instance - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$') - ``` - - publicKey: - title: public_key - description: Deprecated - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: 'The source of the KAS: (INTERNAL, EXTERNAL)' - $ref: '#/components/schemas/policy.SourceType' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Kas keys associated with this KAS - name: - type: string - title: name - description: |- - Optional - Unique name of the KAS instance - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyAccessServer - additionalProperties: false - description: Key Access Server Registry - policy.KeyProviderConfig: - type: object - properties: - id: - type: string - title: id - name: - type: string - title: name - configJson: - type: string - title: config_json - format: byte - manager: - type: string - title: manager - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyProviderConfig - additionalProperties: false - policy.Namespace: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - name: - type: string - title: name - description: |- - used to partition Attribute Definitions, support by namespace AuthN and - enable federation - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the namespace. Use kas_keys instead. - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys for the namespace - title: Namespace - additionalProperties: false - policy.Obligation: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - values: - type: array - items: - $ref: '#/components/schemas/policy.ObligationValue' - title: values - fqn: - type: string - title: fqn - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Obligation - additionalProperties: false - policy.ObligationTrigger: - type: object - properties: - id: - type: string - title: id - obligationValue: - title: obligation_value - $ref: '#/components/schemas/policy.ObligationValue' - action: - title: action - $ref: '#/components/schemas/policy.Action' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - context: - type: array - items: - $ref: '#/components/schemas/policy.RequestContext' - title: context - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: ObligationTrigger - additionalProperties: false - policy.ObligationValue: - type: object - properties: - id: - type: string - title: id - obligation: - title: obligation - $ref: '#/components/schemas/policy.Obligation' - value: - type: string - title: value - triggers: - type: array - items: - $ref: '#/components/schemas/policy.ObligationTrigger' - title: triggers - fqn: - type: string - title: fqn - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: ObligationValue - additionalProperties: false - policy.PolicyEnforcementPoint: - type: object - properties: - clientId: - type: string - title: client_id - minLength: 1 - title: PolicyEnforcementPoint - additionalProperties: false - policy.PrivateKeyCtx: - type: object - properties: - keyId: - type: string - title: key_id - minLength: 1 - description: Required Key ID for the symmetric key wrapping this key. - wrappedKey: - type: string - title: wrapped_key - description: Optional Base64 encoded wrapped key. Conditionally required if key_mode is LOCAL. Should not be present if key_mode is REMOTE. - title: PrivateKeyCtx - additionalProperties: false - policy.PublicKey: - type: object - oneOf: - - properties: - cached: - title: cached - description: public key with additional information. Current preferred version - $ref: '#/components/schemas/policy.KasPublicKeySet' - title: cached - required: - - cached - - properties: - remote: - type: string - title: remote - description: |+ - kas public key url - optional since can also be retrieved via public key - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$') - ``` - - title: remote - required: - - remote - title: PublicKey - additionalProperties: false - description: Deprecated - policy.PublicKeyCtx: - type: object - properties: - pem: - type: string - title: pem - minLength: 1 - description: Required Base64 encoded public key in PEM format - title: PublicKeyCtx - additionalProperties: false - policy.RegisteredResource: - type: object - properties: - id: - type: string - title: id - name: - type: string - title: name - values: - type: array - items: - $ref: '#/components/schemas/policy.RegisteredResourceValue' - title: values - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: RegisteredResource - additionalProperties: false - policy.RegisteredResourceValue: - type: object - properties: - id: - type: string - title: id - value: - type: string - title: value - resource: - title: resource - $ref: '#/components/schemas/policy.RegisteredResource' - actionAttributeValues: - type: array - items: - $ref: '#/components/schemas/policy.RegisteredResourceValue.ActionAttributeValue' - title: action_attribute_values - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: RegisteredResourceValue - additionalProperties: false - policy.RegisteredResourceValue.ActionAttributeValue: - type: object - properties: - id: - type: string - title: id - action: - title: action - $ref: '#/components/schemas/policy.Action' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: ActionAttributeValue - additionalProperties: false - policy.RequestContext: - type: object - properties: - pep: - title: pep - $ref: '#/components/schemas/policy.PolicyEnforcementPoint' - title: RequestContext - required: - - pep - additionalProperties: false - description: Holds the context needed for obligation fulfillment - policy.ResourceMapping: - type: object - properties: - id: - type: string - title: id - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - terms: - type: array - items: - type: string - title: terms - group: - title: group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: ResourceMapping - required: - - attributeValue - additionalProperties: false - description: |- - Resource Mappings (aka Access Control Resource Encodings aka ACRE) are - structures supporting the mapping of Resources and Attribute Values - policy.ResourceMappingGroup: - type: object - properties: - id: - type: string - title: id - namespaceId: - type: string - title: namespace_id - description: the namespace containing the group of resource mappings - name: - type: string - title: name - description: |- - the common name for the group of resource mappings, which must be unique - per namespace - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: ResourceMappingGroup - required: - - namespaceId - - name - additionalProperties: false - description: |- - Resource Mapping Groups are namespaced collections of Resource Mappings - associated under a common group name. - policy.SimpleKasKey: - type: object - properties: - kasUri: - type: string - title: kas_uri - description: The URL of the Key Access Server - publicKey: - title: public_key - description: The public key of the Key that belongs to the KAS - $ref: '#/components/schemas/policy.SimpleKasPublicKey' - kasId: - type: string - title: kas_id - description: The ID of the Key Access Server - title: SimpleKasKey - additionalProperties: false - policy.SimpleKasPublicKey: - type: object - properties: - algorithm: - title: algorithm - $ref: '#/components/schemas/policy.Algorithm' - kid: - type: string - title: kid - pem: - type: string - title: pem - title: SimpleKasPublicKey - additionalProperties: false - policy.SubjectConditionSet: - type: object - properties: - id: - type: string - title: id - subjectSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectSet' - title: subject_sets - minItems: 1 - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectConditionSet - additionalProperties: false - description: |- - A container for multiple Subject Sets, each containing Condition Groups, each - containing Conditions. Multiple Subject Sets in a SubjectConditionSet are - evaluated with AND logic. As each Subject Mapping has only one Attribute - Value, the SubjectConditionSet is reusable across multiple Subject Mappings / - Attribute Values and is an independent unit. - policy.SubjectMapping: - type: object - properties: - id: - type: string - title: id - attributeValue: - title: attribute_value - description: 'the Attribute Value mapped to; aka: "The Entity Entitlement Attribute"' - $ref: '#/components/schemas/policy.Value' - subjectConditionSet: - title: subject_condition_set - description: the reusable SubjectConditionSet mapped to the given Attribute Value - $ref: '#/components/schemas/policy.SubjectConditionSet' - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - description: The actions permitted by subjects in this mapping - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectMapping - additionalProperties: false - description: |- - Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute - value + action(s) combination - policy.SubjectProperty: - type: object - properties: - externalSelectorValue: - type: string - title: external_selector_value - minLength: 1 - externalValue: - type: string - title: external_value - title: SubjectProperty - required: - - externalSelectorValue - additionalProperties: false - description: |- - A property of a Subject/Entity as its selector expression -> value result - pair. This would mirror external user attributes retrieved from an - authoritative source such as an IDP (Identity Provider) or User Store. - Examples include such ADFS/LDAP, OKTA, etc. For now, a valid property must - contain both a selector expression & a resulting value. - - The external_selector_value is a specifier to select a value from a flattened - external representation of an Entity (such as from idP/LDAP), and the - external_value is the value selected by the external_selector_value on that - Entity Representation (Subject Context). These mirror the Condition. - policy.SubjectSet: - type: object - properties: - conditionGroups: - type: array - items: - $ref: '#/components/schemas/policy.ConditionGroup' - title: condition_groups - minItems: 1 - description: multiple Condition Groups are evaluated with AND logic - title: SubjectSet - additionalProperties: false - description: A collection of Condition Groups - policy.SymmetricKey: - type: object - properties: - id: - type: string - title: id - keyId: - type: string - title: key_id - keyStatus: - title: key_status - $ref: '#/components/schemas/policy.KeyStatus' - keyMode: - title: key_mode - description: Specifies how the key is managed (local or remote) - $ref: '#/components/schemas/policy.KeyMode' - keyCtx: - type: string - title: key_ctx - format: byte - description: Specific structure based on key provider implementation - providerConfig: - title: provider_config - description: Configuration for the key provider - $ref: '#/components/schemas/policy.KeyProviderConfig' - metadata: - title: metadata - description: Common metadata fields - $ref: '#/components/schemas/common.Metadata' - title: SymmetricKey - additionalProperties: false - policy.Value: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - value: - type: string - title: value - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the value. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - subjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: subject_mappings - description: subject mapping - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - resourceMappings: - type: array - items: - $ref: '#/components/schemas/policy.ResourceMapping' - title: resource_mappings - obligations: - type: array - items: - $ref: '#/components/schemas/policy.Obligation' - title: obligations - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Value - additionalProperties: false -security: [] diff --git a/specs/policy/obligations/obligations.openapi.yaml b/specs/policy/obligations/obligations.openapi.yaml deleted file mode 100644 index 456ea7f..0000000 --- a/specs/policy/obligations/obligations.openapi.yaml +++ /dev/null @@ -1,1873 +0,0 @@ -openapi: 3.1.0 -info: - title: policy.obligations -paths: - /policy.obligations.Service/ListObligations: - post: - tags: - - policy.obligations.Service - summary: ListObligations - operationId: policy.obligations.Service.ListObligations - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.ListObligationsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.ListObligationsResponse' - /policy.obligations.Service/GetObligation: - post: - tags: - - policy.obligations.Service - summary: GetObligation - operationId: policy.obligations.Service.GetObligation - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.GetObligationRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.GetObligationResponse' - /policy.obligations.Service/GetObligationsByFQNs: - post: - tags: - - policy.obligations.Service - summary: GetObligationsByFQNs - operationId: policy.obligations.Service.GetObligationsByFQNs - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.GetObligationsByFQNsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.GetObligationsByFQNsResponse' - /policy.obligations.Service/CreateObligation: - post: - tags: - - policy.obligations.Service - summary: CreateObligation - operationId: policy.obligations.Service.CreateObligation - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.CreateObligationRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.CreateObligationResponse' - /policy.obligations.Service/UpdateObligation: - post: - tags: - - policy.obligations.Service - summary: UpdateObligation - operationId: policy.obligations.Service.UpdateObligation - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.UpdateObligationRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.UpdateObligationResponse' - /policy.obligations.Service/DeleteObligation: - post: - tags: - - policy.obligations.Service - summary: DeleteObligation - operationId: policy.obligations.Service.DeleteObligation - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.DeleteObligationRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.DeleteObligationResponse' - /policy.obligations.Service/GetObligationValue: - post: - tags: - - policy.obligations.Service - summary: GetObligationValue - operationId: policy.obligations.Service.GetObligationValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.GetObligationValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.GetObligationValueResponse' - /policy.obligations.Service/GetObligationValuesByFQNs: - post: - tags: - - policy.obligations.Service - summary: GetObligationValuesByFQNs - operationId: policy.obligations.Service.GetObligationValuesByFQNs - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.GetObligationValuesByFQNsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.GetObligationValuesByFQNsResponse' - /policy.obligations.Service/CreateObligationValue: - post: - tags: - - policy.obligations.Service - summary: CreateObligationValue - operationId: policy.obligations.Service.CreateObligationValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.CreateObligationValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.CreateObligationValueResponse' - /policy.obligations.Service/UpdateObligationValue: - post: - tags: - - policy.obligations.Service - summary: UpdateObligationValue - operationId: policy.obligations.Service.UpdateObligationValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.UpdateObligationValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.UpdateObligationValueResponse' - /policy.obligations.Service/DeleteObligationValue: - post: - tags: - - policy.obligations.Service - summary: DeleteObligationValue - operationId: policy.obligations.Service.DeleteObligationValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.DeleteObligationValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.DeleteObligationValueResponse' - /policy.obligations.Service/AddObligationTrigger: - post: - tags: - - policy.obligations.Service - summary: AddObligationTrigger - operationId: policy.obligations.Service.AddObligationTrigger - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.AddObligationTriggerRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.AddObligationTriggerResponse' - /policy.obligations.Service/RemoveObligationTrigger: - post: - tags: - - policy.obligations.Service - summary: RemoveObligationTrigger - operationId: policy.obligations.Service.RemoveObligationTrigger - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.RemoveObligationTriggerRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.RemoveObligationTriggerResponse' -components: - schemas: - common.MetadataUpdateEnum: - type: string - title: MetadataUpdateEnum - enum: - - METADATA_UPDATE_ENUM_UNSPECIFIED - - METADATA_UPDATE_ENUM_EXTEND - - METADATA_UPDATE_ENUM_REPLACE - policy.Action.StandardAction: - type: string - title: StandardAction - enum: - - STANDARD_ACTION_UNSPECIFIED - - STANDARD_ACTION_DECRYPT - - STANDARD_ACTION_TRANSMIT - policy.Algorithm: - type: string - title: Algorithm - enum: - - ALGORITHM_UNSPECIFIED - - ALGORITHM_RSA_2048 - - ALGORITHM_RSA_4096 - - ALGORITHM_EC_P256 - - ALGORITHM_EC_P384 - - ALGORITHM_EC_P521 - description: Supported key algorithms. - policy.AttributeRuleTypeEnum: - type: string - title: AttributeRuleTypeEnum - enum: - - ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED - - ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF - - ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF - - ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY - policy.ConditionBooleanTypeEnum: - type: string - title: ConditionBooleanTypeEnum - enum: - - CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED - - CONDITION_BOOLEAN_TYPE_ENUM_AND - - CONDITION_BOOLEAN_TYPE_ENUM_OR - policy.KasPublicKeyAlgEnum: - type: string - title: KasPublicKeyAlgEnum - enum: - - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048 - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 - policy.SourceType: - type: string - title: SourceType - enum: - - SOURCE_TYPE_UNSPECIFIED - - SOURCE_TYPE_INTERNAL - - SOURCE_TYPE_EXTERNAL - description: |- - Describes whether this kas is managed by the organization or if they imported - the kas information from an external party. These two modes are necessary in order - to encrypt a tdf dek with an external parties kas public key. - policy.SubjectMappingOperatorEnum: - type: string - title: SubjectMappingOperatorEnum - enum: - - SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED - - SUBJECT_MAPPING_OPERATOR_ENUM_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS - common.IdFqnIdentifier: - type: object - properties: - id: - type: string - title: id - format: uuid - fqn: - type: string - title: fqn - minLength: 1 - format: uri - title: IdFqnIdentifier - additionalProperties: false - common.IdNameIdentifier: - type: object - properties: - id: - type: string - title: id - format: uuid - name: - type: string - title: name - maxLength: 253 - minLength: 1 - description: |+ - Name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored name will be normalized to lower case.: - ``` - this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - title: IdNameIdentifier - additionalProperties: false - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - common.MetadataMutable: - type: object - properties: - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional labels - title: MetadataMutable - additionalProperties: false - common.MetadataMutable.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.BoolValue: - type: boolean - description: |- - Wrapper message for `bool`. - - The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.Action: - type: object - oneOf: - - properties: - custom: - type: string - title: custom - description: Deprecated - title: custom - required: - - custom - - properties: - standard: - title: standard - description: Deprecated - $ref: '#/components/schemas/policy.Action.StandardAction' - title: standard - required: - - standard - properties: - id: - type: string - title: id - description: Generated uuid in database - name: - type: string - title: name - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Action - additionalProperties: false - description: An action an entity can take - policy.Attribute: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - description: namespace of the attribute - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - description: attribute name - rule: - title: rule - description: attribute rule enum - $ref: '#/components/schemas/policy.AttributeRuleTypeEnum' - values: - type: array - items: - $ref: '#/components/schemas/policy.Value' - title: values - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the attribute. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys associated with the attribute - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Attribute - required: - - rule - additionalProperties: false - policy.Condition: - type: object - properties: - subjectExternalSelectorValue: - type: string - title: subject_external_selector_value - description: |- - a selector for a field value on a flattened Entity Representation (such as - from idP/LDAP) - operator: - title: operator - description: the evaluation operator of relation - $ref: '#/components/schemas/policy.SubjectMappingOperatorEnum' - subjectExternalValues: - type: array - items: - type: string - minItems: 1 - title: subject_external_values - minItems: 1 - description: |- - list of comparison values for the result of applying the - subject_external_selector_value on a flattened Entity Representation - (Subject), evaluated by the operator - title: Condition - required: - - subjectExternalSelectorValue - - operator - additionalProperties: false - description: |- - * - A Condition defines a rule of - policy.ConditionGroup: - type: object - properties: - conditions: - type: array - items: - $ref: '#/components/schemas/policy.Condition' - title: conditions - minItems: 1 - booleanOperator: - title: boolean_operator - description: the boolean evaluation type across the conditions - $ref: '#/components/schemas/policy.ConditionBooleanTypeEnum' - title: ConditionGroup - required: - - booleanOperator - additionalProperties: false - description: A collection of Conditions evaluated by the boolean_operator provided - policy.KasPublicKey: - type: object - properties: - pem: - type: string - title: pem - maxLength: 8192 - minLength: 1 - description: x509 ASN.1 content in PEM envelope, usually - kid: - type: string - title: kid - maxLength: 32 - minLength: 1 - description: A unique string identifier for this key - alg: - not: - enum: - - 0 - title: alg - description: |- - A known algorithm type with any additional parameters encoded. - To start, these may be `rsa:2048` for encrypting ZTDF files and - `ec:secp256r1` for nanoTDF, but more formats may be added as needed. - $ref: '#/components/schemas/policy.KasPublicKeyAlgEnum' - title: KasPublicKey - additionalProperties: false - description: |- - Deprecated - A KAS public key and some associated metadata for further identifcation - policy.KasPublicKeySet: - type: object - properties: - keys: - type: array - items: - $ref: '#/components/schemas/policy.KasPublicKey' - title: keys - title: KasPublicKeySet - additionalProperties: false - description: |- - Deprecated - A list of known KAS public keys - policy.KeyAccessServer: - type: object - properties: - id: - type: string - title: id - uri: - type: string - title: uri - description: |+ - Address of a KAS instance - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$') - ``` - - publicKey: - title: public_key - description: Deprecated - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: 'The source of the KAS: (INTERNAL, EXTERNAL)' - $ref: '#/components/schemas/policy.SourceType' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Kas keys associated with this KAS - name: - type: string - title: name - description: |- - Optional - Unique name of the KAS instance - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyAccessServer - additionalProperties: false - description: Key Access Server Registry - policy.Namespace: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - name: - type: string - title: name - description: |- - used to partition Attribute Definitions, support by namespace AuthN and - enable federation - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the namespace. Use kas_keys instead. - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys for the namespace - title: Namespace - additionalProperties: false - policy.Obligation: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - values: - type: array - items: - $ref: '#/components/schemas/policy.ObligationValue' - title: values - fqn: - type: string - title: fqn - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Obligation - additionalProperties: false - policy.ObligationTrigger: - type: object - properties: - id: - type: string - title: id - obligationValue: - title: obligation_value - $ref: '#/components/schemas/policy.ObligationValue' - action: - title: action - $ref: '#/components/schemas/policy.Action' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - context: - type: array - items: - $ref: '#/components/schemas/policy.RequestContext' - title: context - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: ObligationTrigger - additionalProperties: false - policy.ObligationValue: - type: object - properties: - id: - type: string - title: id - obligation: - title: obligation - $ref: '#/components/schemas/policy.Obligation' - value: - type: string - title: value - triggers: - type: array - items: - $ref: '#/components/schemas/policy.ObligationTrigger' - title: triggers - fqn: - type: string - title: fqn - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: ObligationValue - additionalProperties: false - policy.PageRequest: - type: object - properties: - limit: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - offset: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided - title: PageRequest - additionalProperties: false - policy.PageResponse: - type: object - properties: - currentOffset: - type: integer - title: current_offset - format: int32 - description: Requested pagination offset - nextOffset: - type: integer - title: next_offset - format: int32 - description: |- - Calculated with request limit + offset or defaults - Empty when none remain after current page - total: - type: integer - title: total - format: int32 - description: Total count of entire list - title: PageResponse - additionalProperties: false - policy.PolicyEnforcementPoint: - type: object - properties: - clientId: - type: string - title: client_id - minLength: 1 - title: PolicyEnforcementPoint - additionalProperties: false - policy.PublicKey: - type: object - oneOf: - - properties: - cached: - title: cached - description: public key with additional information. Current preferred version - $ref: '#/components/schemas/policy.KasPublicKeySet' - title: cached - required: - - cached - - properties: - remote: - type: string - title: remote - description: |+ - kas public key url - optional since can also be retrieved via public key - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$') - ``` - - title: remote - required: - - remote - title: PublicKey - additionalProperties: false - description: Deprecated - policy.RequestContext: - type: object - properties: - pep: - title: pep - $ref: '#/components/schemas/policy.PolicyEnforcementPoint' - title: RequestContext - required: - - pep - additionalProperties: false - description: Holds the context needed for obligation fulfillment - policy.ResourceMapping: - type: object - properties: - id: - type: string - title: id - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - terms: - type: array - items: - type: string - title: terms - group: - title: group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: ResourceMapping - required: - - attributeValue - additionalProperties: false - description: |- - Resource Mappings (aka Access Control Resource Encodings aka ACRE) are - structures supporting the mapping of Resources and Attribute Values - policy.ResourceMappingGroup: - type: object - properties: - id: - type: string - title: id - namespaceId: - type: string - title: namespace_id - description: the namespace containing the group of resource mappings - name: - type: string - title: name - description: |- - the common name for the group of resource mappings, which must be unique - per namespace - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: ResourceMappingGroup - required: - - namespaceId - - name - additionalProperties: false - description: |- - Resource Mapping Groups are namespaced collections of Resource Mappings - associated under a common group name. - policy.SimpleKasKey: - type: object - properties: - kasUri: - type: string - title: kas_uri - description: The URL of the Key Access Server - publicKey: - title: public_key - description: The public key of the Key that belongs to the KAS - $ref: '#/components/schemas/policy.SimpleKasPublicKey' - kasId: - type: string - title: kas_id - description: The ID of the Key Access Server - title: SimpleKasKey - additionalProperties: false - policy.SimpleKasPublicKey: - type: object - properties: - algorithm: - title: algorithm - $ref: '#/components/schemas/policy.Algorithm' - kid: - type: string - title: kid - pem: - type: string - title: pem - title: SimpleKasPublicKey - additionalProperties: false - policy.SubjectConditionSet: - type: object - properties: - id: - type: string - title: id - subjectSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectSet' - title: subject_sets - minItems: 1 - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectConditionSet - additionalProperties: false - description: |- - A container for multiple Subject Sets, each containing Condition Groups, each - containing Conditions. Multiple Subject Sets in a SubjectConditionSet are - evaluated with AND logic. As each Subject Mapping has only one Attribute - Value, the SubjectConditionSet is reusable across multiple Subject Mappings / - Attribute Values and is an independent unit. - policy.SubjectMapping: - type: object - properties: - id: - type: string - title: id - attributeValue: - title: attribute_value - description: 'the Attribute Value mapped to; aka: "The Entity Entitlement Attribute"' - $ref: '#/components/schemas/policy.Value' - subjectConditionSet: - title: subject_condition_set - description: the reusable SubjectConditionSet mapped to the given Attribute Value - $ref: '#/components/schemas/policy.SubjectConditionSet' - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - description: The actions permitted by subjects in this mapping - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectMapping - additionalProperties: false - description: |- - Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute - value + action(s) combination - policy.SubjectSet: - type: object - properties: - conditionGroups: - type: array - items: - $ref: '#/components/schemas/policy.ConditionGroup' - title: condition_groups - minItems: 1 - description: multiple Condition Groups are evaluated with AND logic - title: SubjectSet - additionalProperties: false - description: A collection of Condition Groups - policy.Value: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - value: - type: string - title: value - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the value. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - subjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: subject_mappings - description: subject mapping - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - resourceMappings: - type: array - items: - $ref: '#/components/schemas/policy.ResourceMapping' - title: resource_mappings - obligations: - type: array - items: - $ref: '#/components/schemas/policy.Obligation' - title: obligations - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Value - additionalProperties: false - policy.obligations.AddObligationTriggerRequest: - type: object - properties: - obligationValue: - title: obligation_value - description: Required - $ref: '#/components/schemas/common.IdFqnIdentifier' - action: - title: action - description: Required - $ref: '#/components/schemas/common.IdNameIdentifier' - attributeValue: - title: attribute_value - description: Required - $ref: '#/components/schemas/common.IdFqnIdentifier' - context: - title: context - description: |- - Optional - The request context for this obligation value policy decisioning. - $ref: '#/components/schemas/policy.RequestContext' - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - title: AddObligationTriggerRequest - required: - - obligationValue - - action - - attributeValue - additionalProperties: false - description: Triggers - policy.obligations.AddObligationTriggerResponse: - type: object - properties: - trigger: - title: trigger - $ref: '#/components/schemas/policy.ObligationTrigger' - title: AddObligationTriggerResponse - additionalProperties: false - policy.obligations.CreateObligationRequest: - type: object - properties: - namespaceId: - type: string - title: namespace_id - format: uuid - namespaceFqn: - type: string - title: namespace_fqn - minLength: 1 - format: uri - name: - type: string - title: name - maxLength: 253 - description: |+ - Obligation name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored name will be normalized to lower case.: - ``` - this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - values: - type: array - items: - type: string - maxLength: 253 - pattern: ^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$ - uniqueItems: true - title: values - uniqueItems: true - description: Optional - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateObligationRequest - required: - - name - additionalProperties: false - policy.obligations.CreateObligationResponse: - type: object - properties: - obligation: - title: obligation - $ref: '#/components/schemas/policy.Obligation' - title: CreateObligationResponse - additionalProperties: false - policy.obligations.CreateObligationValueRequest: - type: object - properties: - obligationId: - type: string - title: obligation_id - format: uuid - obligationFqn: - type: string - title: obligation_fqn - minLength: 1 - format: uri - value: - type: string - title: value - maxLength: 253 - description: |+ - Obligation value must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored value will be normalized to lower case.: - ``` - this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - triggers: - type: array - items: - $ref: '#/components/schemas/policy.obligations.ValueTriggerRequest' - title: triggers - description: |- - Optional - Combination of action and attribute_value that will trigger this obligation value policy decisioning. - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateObligationValueRequest - required: - - value - additionalProperties: false - policy.obligations.CreateObligationValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.ObligationValue' - title: CreateObligationValueResponse - additionalProperties: false - policy.obligations.DeleteObligationRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - fqn: - type: string - title: fqn - minLength: 1 - format: uri - title: DeleteObligationRequest - additionalProperties: false - policy.obligations.DeleteObligationResponse: - type: object - properties: - obligation: - title: obligation - $ref: '#/components/schemas/policy.Obligation' - title: DeleteObligationResponse - additionalProperties: false - policy.obligations.DeleteObligationValueRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - fqn: - type: string - title: fqn - minLength: 1 - format: uri - title: DeleteObligationValueRequest - additionalProperties: false - policy.obligations.DeleteObligationValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.ObligationValue' - title: DeleteObligationValueResponse - additionalProperties: false - policy.obligations.GetObligationRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - fqn: - type: string - title: fqn - minLength: 1 - format: uri - title: GetObligationRequest - additionalProperties: false - description: Definitions - policy.obligations.GetObligationResponse: - type: object - properties: - obligation: - title: obligation - $ref: '#/components/schemas/policy.Obligation' - title: GetObligationResponse - additionalProperties: false - policy.obligations.GetObligationValueRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - fqn: - type: string - title: fqn - minLength: 1 - format: uri - title: GetObligationValueRequest - additionalProperties: false - description: Values - policy.obligations.GetObligationValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.ObligationValue' - title: GetObligationValueResponse - additionalProperties: false - policy.obligations.GetObligationValuesByFQNsRequest: - type: object - properties: - fqns: - type: array - items: - type: string - minLength: 1 - format: uri - maxItems: 250 - minItems: 1 - uniqueItems: true - title: fqns - maxItems: 250 - minItems: 1 - uniqueItems: true - title: GetObligationValuesByFQNsRequest - additionalProperties: false - policy.obligations.GetObligationValuesByFQNsResponse: - type: object - properties: - fqnValueMap: - type: object - title: fqn_value_map - additionalProperties: - title: value - $ref: '#/components/schemas/policy.ObligationValue' - title: GetObligationValuesByFQNsResponse - additionalProperties: false - policy.obligations.GetObligationValuesByFQNsResponse.FqnValueMapEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/policy.ObligationValue' - title: FqnValueMapEntry - additionalProperties: false - policy.obligations.GetObligationsByFQNsRequest: - type: object - properties: - fqns: - type: array - items: - type: string - minLength: 1 - format: uri - maxItems: 250 - minItems: 1 - uniqueItems: true - title: fqns - maxItems: 250 - minItems: 1 - uniqueItems: true - title: GetObligationsByFQNsRequest - additionalProperties: false - policy.obligations.GetObligationsByFQNsResponse: - type: object - properties: - fqnObligationMap: - type: object - title: fqn_obligation_map - additionalProperties: - title: value - $ref: '#/components/schemas/policy.Obligation' - title: GetObligationsByFQNsResponse - additionalProperties: false - policy.obligations.GetObligationsByFQNsResponse.FqnObligationMapEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/policy.Obligation' - title: FqnObligationMapEntry - additionalProperties: false - policy.obligations.ListObligationsRequest: - type: object - properties: - namespaceId: - type: string - title: namespace_id - format: uuid - namespaceFqn: - type: string - title: namespace_fqn - minLength: 1 - format: uri - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListObligationsRequest - additionalProperties: false - policy.obligations.ListObligationsResponse: - type: object - properties: - obligations: - type: array - items: - $ref: '#/components/schemas/policy.Obligation' - title: obligations - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListObligationsResponse - additionalProperties: false - policy.obligations.RemoveObligationTriggerRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: RemoveObligationTriggerRequest - additionalProperties: false - policy.obligations.RemoveObligationTriggerResponse: - type: object - properties: - trigger: - title: trigger - $ref: '#/components/schemas/policy.ObligationTrigger' - title: RemoveObligationTriggerResponse - additionalProperties: false - policy.obligations.UpdateObligationRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - name: - type: string - title: name - maxLength: 253 - description: |+ - Optional - Obligation name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored name will be normalized to lower case.: - ``` - size(this) > 0 ? this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') : true - ``` - - metadata: - title: metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateObligationRequest - additionalProperties: false - policy.obligations.UpdateObligationResponse: - type: object - properties: - obligation: - title: obligation - $ref: '#/components/schemas/policy.Obligation' - title: UpdateObligationResponse - additionalProperties: false - policy.obligations.UpdateObligationValueRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - value: - type: string - title: value - maxLength: 253 - description: |+ - Optional - Obligation value must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored value will be normalized to lower case.: - ``` - size(this) > 0 ? this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') : true - ``` - - triggers: - type: array - items: - $ref: '#/components/schemas/policy.obligations.ValueTriggerRequest' - title: triggers - description: |- - Optional - Obligation Triggers provided here will replace all existing records in the database. - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateObligationValueRequest - additionalProperties: false - policy.obligations.UpdateObligationValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.ObligationValue' - title: UpdateObligationValueResponse - additionalProperties: false - policy.obligations.ValueTriggerRequest: - type: object - properties: - action: - title: action - description: Required. The ID of the action that will trigger this obligation value policy decisioning. - $ref: '#/components/schemas/common.IdNameIdentifier' - attributeValue: - title: attribute_value - description: Required. The attribute value ID that will trigger this obligation value policy decisioning. - $ref: '#/components/schemas/common.IdFqnIdentifier' - context: - title: context - description: Optional. The request context for this obligation value policy decisioning. - $ref: '#/components/schemas/policy.RequestContext' - title: ValueTriggerRequest - required: - - action - - attributeValue - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: policy.obligations.Service - description: |- - / - / Obligation Service - / diff --git a/specs/policy/registeredresources/registered_resources.openapi.yaml b/specs/policy/registeredresources/registered_resources.openapi.yaml deleted file mode 100644 index 75b03e5..0000000 --- a/specs/policy/registeredresources/registered_resources.openapi.yaml +++ /dev/null @@ -1,1779 +0,0 @@ -openapi: 3.1.0 -info: - title: policy.registeredresources -paths: - /policy.registeredresources.RegisteredResourcesService/CreateRegisteredResource: - post: - tags: - - policy.registeredresources.RegisteredResourcesService - summary: CreateRegisteredResource - operationId: policy.registeredresources.RegisteredResourcesService.CreateRegisteredResource - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.CreateRegisteredResourceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.CreateRegisteredResourceResponse' - /policy.registeredresources.RegisteredResourcesService/GetRegisteredResource: - post: - tags: - - policy.registeredresources.RegisteredResourcesService - summary: GetRegisteredResource - operationId: policy.registeredresources.RegisteredResourcesService.GetRegisteredResource - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.GetRegisteredResourceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.GetRegisteredResourceResponse' - /policy.registeredresources.RegisteredResourcesService/ListRegisteredResources: - post: - tags: - - policy.registeredresources.RegisteredResourcesService - summary: ListRegisteredResources - operationId: policy.registeredresources.RegisteredResourcesService.ListRegisteredResources - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.ListRegisteredResourcesRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.ListRegisteredResourcesResponse' - /policy.registeredresources.RegisteredResourcesService/UpdateRegisteredResource: - post: - tags: - - policy.registeredresources.RegisteredResourcesService - summary: UpdateRegisteredResource - operationId: policy.registeredresources.RegisteredResourcesService.UpdateRegisteredResource - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.UpdateRegisteredResourceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.UpdateRegisteredResourceResponse' - /policy.registeredresources.RegisteredResourcesService/DeleteRegisteredResource: - post: - tags: - - policy.registeredresources.RegisteredResourcesService - summary: DeleteRegisteredResource - operationId: policy.registeredresources.RegisteredResourcesService.DeleteRegisteredResource - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.DeleteRegisteredResourceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.DeleteRegisteredResourceResponse' - /policy.registeredresources.RegisteredResourcesService/CreateRegisteredResourceValue: - post: - tags: - - policy.registeredresources.RegisteredResourcesService - summary: CreateRegisteredResourceValue - operationId: policy.registeredresources.RegisteredResourcesService.CreateRegisteredResourceValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.CreateRegisteredResourceValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.CreateRegisteredResourceValueResponse' - /policy.registeredresources.RegisteredResourcesService/GetRegisteredResourceValue: - post: - tags: - - policy.registeredresources.RegisteredResourcesService - summary: GetRegisteredResourceValue - operationId: policy.registeredresources.RegisteredResourcesService.GetRegisteredResourceValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.GetRegisteredResourceValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.GetRegisteredResourceValueResponse' - /policy.registeredresources.RegisteredResourcesService/GetRegisteredResourceValuesByFQNs: - post: - tags: - - policy.registeredresources.RegisteredResourcesService - summary: GetRegisteredResourceValuesByFQNs - operationId: policy.registeredresources.RegisteredResourcesService.GetRegisteredResourceValuesByFQNs - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.GetRegisteredResourceValuesByFQNsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.GetRegisteredResourceValuesByFQNsResponse' - /policy.registeredresources.RegisteredResourcesService/ListRegisteredResourceValues: - post: - tags: - - policy.registeredresources.RegisteredResourcesService - summary: ListRegisteredResourceValues - operationId: policy.registeredresources.RegisteredResourcesService.ListRegisteredResourceValues - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.ListRegisteredResourceValuesRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.ListRegisteredResourceValuesResponse' - /policy.registeredresources.RegisteredResourcesService/UpdateRegisteredResourceValue: - post: - tags: - - policy.registeredresources.RegisteredResourcesService - summary: UpdateRegisteredResourceValue - operationId: policy.registeredresources.RegisteredResourcesService.UpdateRegisteredResourceValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.UpdateRegisteredResourceValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.UpdateRegisteredResourceValueResponse' - /policy.registeredresources.RegisteredResourcesService/DeleteRegisteredResourceValue: - post: - tags: - - policy.registeredresources.RegisteredResourcesService - summary: DeleteRegisteredResourceValue - operationId: policy.registeredresources.RegisteredResourcesService.DeleteRegisteredResourceValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.DeleteRegisteredResourceValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.DeleteRegisteredResourceValueResponse' -components: - schemas: - common.MetadataUpdateEnum: - type: string - title: MetadataUpdateEnum - enum: - - METADATA_UPDATE_ENUM_UNSPECIFIED - - METADATA_UPDATE_ENUM_EXTEND - - METADATA_UPDATE_ENUM_REPLACE - policy.Action.StandardAction: - type: string - title: StandardAction - enum: - - STANDARD_ACTION_UNSPECIFIED - - STANDARD_ACTION_DECRYPT - - STANDARD_ACTION_TRANSMIT - policy.Algorithm: - type: string - title: Algorithm - enum: - - ALGORITHM_UNSPECIFIED - - ALGORITHM_RSA_2048 - - ALGORITHM_RSA_4096 - - ALGORITHM_EC_P256 - - ALGORITHM_EC_P384 - - ALGORITHM_EC_P521 - description: Supported key algorithms. - policy.AttributeRuleTypeEnum: - type: string - title: AttributeRuleTypeEnum - enum: - - ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED - - ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF - - ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF - - ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY - policy.ConditionBooleanTypeEnum: - type: string - title: ConditionBooleanTypeEnum - enum: - - CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED - - CONDITION_BOOLEAN_TYPE_ENUM_AND - - CONDITION_BOOLEAN_TYPE_ENUM_OR - policy.KasPublicKeyAlgEnum: - type: string - title: KasPublicKeyAlgEnum - enum: - - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048 - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 - policy.SourceType: - type: string - title: SourceType - enum: - - SOURCE_TYPE_UNSPECIFIED - - SOURCE_TYPE_INTERNAL - - SOURCE_TYPE_EXTERNAL - description: |- - Describes whether this kas is managed by the organization or if they imported - the kas information from an external party. These two modes are necessary in order - to encrypt a tdf dek with an external parties kas public key. - policy.SubjectMappingOperatorEnum: - type: string - title: SubjectMappingOperatorEnum - enum: - - SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED - - SUBJECT_MAPPING_OPERATOR_ENUM_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - common.MetadataMutable: - type: object - properties: - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional labels - title: MetadataMutable - additionalProperties: false - common.MetadataMutable.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.BoolValue: - type: boolean - description: |- - Wrapper message for `bool`. - - The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.Action: - type: object - oneOf: - - properties: - custom: - type: string - title: custom - description: Deprecated - title: custom - required: - - custom - - properties: - standard: - title: standard - description: Deprecated - $ref: '#/components/schemas/policy.Action.StandardAction' - title: standard - required: - - standard - properties: - id: - type: string - title: id - description: Generated uuid in database - name: - type: string - title: name - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Action - additionalProperties: false - description: An action an entity can take - policy.Attribute: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - description: namespace of the attribute - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - description: attribute name - rule: - title: rule - description: attribute rule enum - $ref: '#/components/schemas/policy.AttributeRuleTypeEnum' - values: - type: array - items: - $ref: '#/components/schemas/policy.Value' - title: values - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the attribute. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys associated with the attribute - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Attribute - required: - - rule - additionalProperties: false - policy.Condition: - type: object - properties: - subjectExternalSelectorValue: - type: string - title: subject_external_selector_value - description: |- - a selector for a field value on a flattened Entity Representation (such as - from idP/LDAP) - operator: - title: operator - description: the evaluation operator of relation - $ref: '#/components/schemas/policy.SubjectMappingOperatorEnum' - subjectExternalValues: - type: array - items: - type: string - minItems: 1 - title: subject_external_values - minItems: 1 - description: |- - list of comparison values for the result of applying the - subject_external_selector_value on a flattened Entity Representation - (Subject), evaluated by the operator - title: Condition - required: - - subjectExternalSelectorValue - - operator - additionalProperties: false - description: |- - * - A Condition defines a rule of - policy.ConditionGroup: - type: object - properties: - conditions: - type: array - items: - $ref: '#/components/schemas/policy.Condition' - title: conditions - minItems: 1 - booleanOperator: - title: boolean_operator - description: the boolean evaluation type across the conditions - $ref: '#/components/schemas/policy.ConditionBooleanTypeEnum' - title: ConditionGroup - required: - - booleanOperator - additionalProperties: false - description: A collection of Conditions evaluated by the boolean_operator provided - policy.KasPublicKey: - type: object - properties: - pem: - type: string - title: pem - maxLength: 8192 - minLength: 1 - description: x509 ASN.1 content in PEM envelope, usually - kid: - type: string - title: kid - maxLength: 32 - minLength: 1 - description: A unique string identifier for this key - alg: - not: - enum: - - 0 - title: alg - description: |- - A known algorithm type with any additional parameters encoded. - To start, these may be `rsa:2048` for encrypting ZTDF files and - `ec:secp256r1` for nanoTDF, but more formats may be added as needed. - $ref: '#/components/schemas/policy.KasPublicKeyAlgEnum' - title: KasPublicKey - additionalProperties: false - description: |- - Deprecated - A KAS public key and some associated metadata for further identifcation - policy.KasPublicKeySet: - type: object - properties: - keys: - type: array - items: - $ref: '#/components/schemas/policy.KasPublicKey' - title: keys - title: KasPublicKeySet - additionalProperties: false - description: |- - Deprecated - A list of known KAS public keys - policy.KeyAccessServer: - type: object - properties: - id: - type: string - title: id - uri: - type: string - title: uri - description: |+ - Address of a KAS instance - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$') - ``` - - publicKey: - title: public_key - description: Deprecated - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: 'The source of the KAS: (INTERNAL, EXTERNAL)' - $ref: '#/components/schemas/policy.SourceType' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Kas keys associated with this KAS - name: - type: string - title: name - description: |- - Optional - Unique name of the KAS instance - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyAccessServer - additionalProperties: false - description: Key Access Server Registry - policy.Namespace: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - name: - type: string - title: name - description: |- - used to partition Attribute Definitions, support by namespace AuthN and - enable federation - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the namespace. Use kas_keys instead. - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys for the namespace - title: Namespace - additionalProperties: false - policy.Obligation: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - values: - type: array - items: - $ref: '#/components/schemas/policy.ObligationValue' - title: values - fqn: - type: string - title: fqn - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Obligation - additionalProperties: false - policy.ObligationTrigger: - type: object - properties: - id: - type: string - title: id - obligationValue: - title: obligation_value - $ref: '#/components/schemas/policy.ObligationValue' - action: - title: action - $ref: '#/components/schemas/policy.Action' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - context: - type: array - items: - $ref: '#/components/schemas/policy.RequestContext' - title: context - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: ObligationTrigger - additionalProperties: false - policy.ObligationValue: - type: object - properties: - id: - type: string - title: id - obligation: - title: obligation - $ref: '#/components/schemas/policy.Obligation' - value: - type: string - title: value - triggers: - type: array - items: - $ref: '#/components/schemas/policy.ObligationTrigger' - title: triggers - fqn: - type: string - title: fqn - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: ObligationValue - additionalProperties: false - policy.PageRequest: - type: object - properties: - limit: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - offset: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided - title: PageRequest - additionalProperties: false - policy.PageResponse: - type: object - properties: - currentOffset: - type: integer - title: current_offset - format: int32 - description: Requested pagination offset - nextOffset: - type: integer - title: next_offset - format: int32 - description: |- - Calculated with request limit + offset or defaults - Empty when none remain after current page - total: - type: integer - title: total - format: int32 - description: Total count of entire list - title: PageResponse - additionalProperties: false - policy.PolicyEnforcementPoint: - type: object - properties: - clientId: - type: string - title: client_id - minLength: 1 - title: PolicyEnforcementPoint - additionalProperties: false - policy.PublicKey: - type: object - oneOf: - - properties: - cached: - title: cached - description: public key with additional information. Current preferred version - $ref: '#/components/schemas/policy.KasPublicKeySet' - title: cached - required: - - cached - - properties: - remote: - type: string - title: remote - description: |+ - kas public key url - optional since can also be retrieved via public key - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$') - ``` - - title: remote - required: - - remote - title: PublicKey - additionalProperties: false - description: Deprecated - policy.RegisteredResource: - type: object - properties: - id: - type: string - title: id - name: - type: string - title: name - values: - type: array - items: - $ref: '#/components/schemas/policy.RegisteredResourceValue' - title: values - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: RegisteredResource - additionalProperties: false - policy.RegisteredResourceValue: - type: object - properties: - id: - type: string - title: id - value: - type: string - title: value - resource: - title: resource - $ref: '#/components/schemas/policy.RegisteredResource' - actionAttributeValues: - type: array - items: - $ref: '#/components/schemas/policy.RegisteredResourceValue.ActionAttributeValue' - title: action_attribute_values - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: RegisteredResourceValue - additionalProperties: false - policy.RegisteredResourceValue.ActionAttributeValue: - type: object - properties: - id: - type: string - title: id - action: - title: action - $ref: '#/components/schemas/policy.Action' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: ActionAttributeValue - additionalProperties: false - policy.RequestContext: - type: object - properties: - pep: - title: pep - $ref: '#/components/schemas/policy.PolicyEnforcementPoint' - title: RequestContext - required: - - pep - additionalProperties: false - description: Holds the context needed for obligation fulfillment - policy.ResourceMapping: - type: object - properties: - id: - type: string - title: id - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - terms: - type: array - items: - type: string - title: terms - group: - title: group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: ResourceMapping - required: - - attributeValue - additionalProperties: false - description: |- - Resource Mappings (aka Access Control Resource Encodings aka ACRE) are - structures supporting the mapping of Resources and Attribute Values - policy.ResourceMappingGroup: - type: object - properties: - id: - type: string - title: id - namespaceId: - type: string - title: namespace_id - description: the namespace containing the group of resource mappings - name: - type: string - title: name - description: |- - the common name for the group of resource mappings, which must be unique - per namespace - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: ResourceMappingGroup - required: - - namespaceId - - name - additionalProperties: false - description: |- - Resource Mapping Groups are namespaced collections of Resource Mappings - associated under a common group name. - policy.SimpleKasKey: - type: object - properties: - kasUri: - type: string - title: kas_uri - description: The URL of the Key Access Server - publicKey: - title: public_key - description: The public key of the Key that belongs to the KAS - $ref: '#/components/schemas/policy.SimpleKasPublicKey' - kasId: - type: string - title: kas_id - description: The ID of the Key Access Server - title: SimpleKasKey - additionalProperties: false - policy.SimpleKasPublicKey: - type: object - properties: - algorithm: - title: algorithm - $ref: '#/components/schemas/policy.Algorithm' - kid: - type: string - title: kid - pem: - type: string - title: pem - title: SimpleKasPublicKey - additionalProperties: false - policy.SubjectConditionSet: - type: object - properties: - id: - type: string - title: id - subjectSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectSet' - title: subject_sets - minItems: 1 - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectConditionSet - additionalProperties: false - description: |- - A container for multiple Subject Sets, each containing Condition Groups, each - containing Conditions. Multiple Subject Sets in a SubjectConditionSet are - evaluated with AND logic. As each Subject Mapping has only one Attribute - Value, the SubjectConditionSet is reusable across multiple Subject Mappings / - Attribute Values and is an independent unit. - policy.SubjectMapping: - type: object - properties: - id: - type: string - title: id - attributeValue: - title: attribute_value - description: 'the Attribute Value mapped to; aka: "The Entity Entitlement Attribute"' - $ref: '#/components/schemas/policy.Value' - subjectConditionSet: - title: subject_condition_set - description: the reusable SubjectConditionSet mapped to the given Attribute Value - $ref: '#/components/schemas/policy.SubjectConditionSet' - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - description: The actions permitted by subjects in this mapping - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectMapping - additionalProperties: false - description: |- - Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute - value + action(s) combination - policy.SubjectSet: - type: object - properties: - conditionGroups: - type: array - items: - $ref: '#/components/schemas/policy.ConditionGroup' - title: condition_groups - minItems: 1 - description: multiple Condition Groups are evaluated with AND logic - title: SubjectSet - additionalProperties: false - description: A collection of Condition Groups - policy.Value: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - value: - type: string - title: value - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the value. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - subjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: subject_mappings - description: subject mapping - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - resourceMappings: - type: array - items: - $ref: '#/components/schemas/policy.ResourceMapping' - title: resource_mappings - obligations: - type: array - items: - $ref: '#/components/schemas/policy.Obligation' - title: obligations - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Value - additionalProperties: false - policy.registeredresources.ActionAttributeValue: - type: object - allOf: - - oneOf: - - properties: - actionId: - type: string - title: action_id - format: uuid - title: action_id - required: - - actionId - - properties: - actionName: - type: string - title: action_name - maxLength: 253 - description: |+ - Action name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored action name will be normalized to lower case.: - ``` - this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - title: action_name - required: - - actionName - - oneOf: - - properties: - attributeValueFqn: - type: string - title: attribute_value_fqn - minLength: 1 - format: uri - title: attribute_value_fqn - required: - - attributeValueFqn - - properties: - attributeValueId: - type: string - title: attribute_value_id - format: uuid - title: attribute_value_id - required: - - attributeValueId - title: ActionAttributeValue - additionalProperties: false - policy.registeredresources.CreateRegisteredResourceRequest: - type: object - properties: - name: - type: string - title: name - maxLength: 253 - description: |+ - Required - Registered Resource Name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored name will be normalized to lower case.: - ``` - this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - values: - type: array - items: - type: string - maxLength: 253 - pattern: ^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$ - uniqueItems: true - title: values - uniqueItems: true - description: "Optional \n Registered Resource Values (when provided) must be alphanumeric strings, allowing hyphens and underscores but not as the first or last character.\n The stored value will be normalized to lower case." - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateRegisteredResourceRequest - required: - - name - additionalProperties: false - policy.registeredresources.CreateRegisteredResourceResponse: - type: object - properties: - resource: - title: resource - $ref: '#/components/schemas/policy.RegisteredResource' - title: CreateRegisteredResourceResponse - additionalProperties: false - policy.registeredresources.CreateRegisteredResourceValueRequest: - type: object - properties: - resourceId: - type: string - title: resource_id - format: uuid - description: Required - value: - type: string - title: value - maxLength: 253 - description: |+ - Required - Registered Resource Value must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored value will be normalized to lower case.: - ``` - this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - actionAttributeValues: - type: array - items: - $ref: '#/components/schemas/policy.registeredresources.ActionAttributeValue' - title: action_attribute_values - description: |- - Optional - The associated Action <> AttributeValue combinations to be utilized in authorization/entitlement decisioning - (i.e. action read -> attribute value https://example.com/attr/department/value/marketing) - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateRegisteredResourceValueRequest - required: - - value - additionalProperties: false - policy.registeredresources.CreateRegisteredResourceValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.RegisteredResourceValue' - title: CreateRegisteredResourceValueResponse - additionalProperties: false - policy.registeredresources.DeleteRegisteredResourceRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeleteRegisteredResourceRequest - additionalProperties: false - policy.registeredresources.DeleteRegisteredResourceResponse: - type: object - properties: - resource: - title: resource - $ref: '#/components/schemas/policy.RegisteredResource' - title: DeleteRegisteredResourceResponse - additionalProperties: false - policy.registeredresources.DeleteRegisteredResourceValueRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeleteRegisteredResourceValueRequest - additionalProperties: false - policy.registeredresources.DeleteRegisteredResourceValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.RegisteredResourceValue' - title: DeleteRegisteredResourceValueResponse - additionalProperties: false - policy.registeredresources.GetRegisteredResourceRequest: - type: object - oneOf: - - properties: - id: - type: string - title: id - format: uuid - title: id - required: - - id - - properties: - name: - type: string - title: name - maxLength: 253 - description: |+ - Registered Resource Name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored name will be normalized to lower case.: - ``` - size(this) > 0 ? this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') : true - ``` - - title: name - required: - - name - title: GetRegisteredResourceRequest - additionalProperties: false - policy.registeredresources.GetRegisteredResourceResponse: - type: object - properties: - resource: - title: resource - $ref: '#/components/schemas/policy.RegisteredResource' - title: GetRegisteredResourceResponse - additionalProperties: false - policy.registeredresources.GetRegisteredResourceValueRequest: - type: object - oneOf: - - properties: - fqn: - type: string - title: fqn - minLength: 1 - format: uri - title: fqn - required: - - fqn - - properties: - id: - type: string - title: id - format: uuid - title: id - required: - - id - title: GetRegisteredResourceValueRequest - additionalProperties: false - policy.registeredresources.GetRegisteredResourceValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.RegisteredResourceValue' - title: GetRegisteredResourceValueResponse - additionalProperties: false - policy.registeredresources.GetRegisteredResourceValuesByFQNsRequest: - type: object - properties: - fqns: - type: array - items: - type: string - minLength: 1 - format: uri - minItems: 1 - uniqueItems: true - title: fqns - minItems: 1 - uniqueItems: true - description: Required - title: GetRegisteredResourceValuesByFQNsRequest - additionalProperties: false - policy.registeredresources.GetRegisteredResourceValuesByFQNsResponse: - type: object - properties: - fqnValueMap: - type: object - title: fqn_value_map - additionalProperties: - title: value - $ref: '#/components/schemas/policy.RegisteredResourceValue' - title: GetRegisteredResourceValuesByFQNsResponse - additionalProperties: false - policy.registeredresources.GetRegisteredResourceValuesByFQNsResponse.FqnValueMapEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/policy.RegisteredResourceValue' - title: FqnValueMapEntry - additionalProperties: false - policy.registeredresources.ListRegisteredResourceValuesRequest: - type: object - properties: - resourceId: - type: string - title: resource_id - description: |+ - Optional - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListRegisteredResourceValuesRequest - additionalProperties: false - policy.registeredresources.ListRegisteredResourceValuesResponse: - type: object - properties: - values: - type: array - items: - $ref: '#/components/schemas/policy.RegisteredResourceValue' - title: values - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListRegisteredResourceValuesResponse - additionalProperties: false - policy.registeredresources.ListRegisteredResourcesRequest: - type: object - properties: - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListRegisteredResourcesRequest - additionalProperties: false - policy.registeredresources.ListRegisteredResourcesResponse: - type: object - properties: - resources: - type: array - items: - $ref: '#/components/schemas/policy.RegisteredResource' - title: resources - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListRegisteredResourcesResponse - additionalProperties: false - policy.registeredresources.UpdateRegisteredResourceRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - name: - type: string - title: name - maxLength: 253 - description: |+ - Optional - Registered Resource Name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored name will be normalized to lower case.: - ``` - size(this) > 0 ? this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') : true - ``` - - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateRegisteredResourceRequest - additionalProperties: false - policy.registeredresources.UpdateRegisteredResourceResponse: - type: object - properties: - resource: - title: resource - $ref: '#/components/schemas/policy.RegisteredResource' - title: UpdateRegisteredResourceResponse - additionalProperties: false - policy.registeredresources.UpdateRegisteredResourceValueRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - value: - type: string - title: value - maxLength: 253 - description: |+ - Optional - Registered Resource Value must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored value will be normalized to lower case.: - ``` - size(this) > 0 ? this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') : true - ``` - - actionAttributeValues: - type: array - items: - $ref: '#/components/schemas/policy.registeredresources.ActionAttributeValue' - title: action_attribute_values - description: |- - Optional - Action Attribute Values provided here will replace all existing records in the database. To delete all action attribute values, set this field to an empty list. - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateRegisteredResourceValueRequest - additionalProperties: false - policy.registeredresources.UpdateRegisteredResourceValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.RegisteredResourceValue' - title: UpdateRegisteredResourceValueResponse - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: policy.registeredresources.RegisteredResourcesService - description: Registered Resources diff --git a/specs/policy/resourcemapping/resource_mapping.openapi.yaml b/specs/policy/resourcemapping/resource_mapping.openapi.yaml deleted file mode 100644 index a547dff..0000000 --- a/specs/policy/resourcemapping/resource_mapping.openapi.yaml +++ /dev/null @@ -1,1663 +0,0 @@ -openapi: 3.1.0 -info: - title: policy.resourcemapping -paths: - /policy.resourcemapping.ResourceMappingService/ListResourceMappingGroups: - post: - tags: - - policy.resourcemapping.ResourceMappingService - summary: ListResourceMappingGroups - operationId: policy.resourcemapping.ResourceMappingService.ListResourceMappingGroups - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.ListResourceMappingGroupsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.ListResourceMappingGroupsResponse' - /policy.resourcemapping.ResourceMappingService/GetResourceMappingGroup: - post: - tags: - - policy.resourcemapping.ResourceMappingService - summary: GetResourceMappingGroup - operationId: policy.resourcemapping.ResourceMappingService.GetResourceMappingGroup - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.GetResourceMappingGroupRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.GetResourceMappingGroupResponse' - /policy.resourcemapping.ResourceMappingService/CreateResourceMappingGroup: - post: - tags: - - policy.resourcemapping.ResourceMappingService - summary: CreateResourceMappingGroup - operationId: policy.resourcemapping.ResourceMappingService.CreateResourceMappingGroup - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.CreateResourceMappingGroupRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.CreateResourceMappingGroupResponse' - /policy.resourcemapping.ResourceMappingService/UpdateResourceMappingGroup: - post: - tags: - - policy.resourcemapping.ResourceMappingService - summary: UpdateResourceMappingGroup - operationId: policy.resourcemapping.ResourceMappingService.UpdateResourceMappingGroup - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.UpdateResourceMappingGroupRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.UpdateResourceMappingGroupResponse' - /policy.resourcemapping.ResourceMappingService/DeleteResourceMappingGroup: - post: - tags: - - policy.resourcemapping.ResourceMappingService - summary: DeleteResourceMappingGroup - operationId: policy.resourcemapping.ResourceMappingService.DeleteResourceMappingGroup - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.DeleteResourceMappingGroupRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.DeleteResourceMappingGroupResponse' - /policy.resourcemapping.ResourceMappingService/ListResourceMappings: - post: - tags: - - policy.resourcemapping.ResourceMappingService - summary: ListResourceMappings - operationId: policy.resourcemapping.ResourceMappingService.ListResourceMappings - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.ListResourceMappingsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.ListResourceMappingsResponse' - /policy.resourcemapping.ResourceMappingService/ListResourceMappingsByGroupFqns: - post: - tags: - - policy.resourcemapping.ResourceMappingService - summary: ListResourceMappingsByGroupFqns - operationId: policy.resourcemapping.ResourceMappingService.ListResourceMappingsByGroupFqns - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.ListResourceMappingsByGroupFqnsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.ListResourceMappingsByGroupFqnsResponse' - /policy.resourcemapping.ResourceMappingService/GetResourceMapping: - post: - tags: - - policy.resourcemapping.ResourceMappingService - summary: GetResourceMapping - operationId: policy.resourcemapping.ResourceMappingService.GetResourceMapping - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.GetResourceMappingRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.GetResourceMappingResponse' - /policy.resourcemapping.ResourceMappingService/CreateResourceMapping: - post: - tags: - - policy.resourcemapping.ResourceMappingService - summary: CreateResourceMapping - operationId: policy.resourcemapping.ResourceMappingService.CreateResourceMapping - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.CreateResourceMappingRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.CreateResourceMappingResponse' - /policy.resourcemapping.ResourceMappingService/UpdateResourceMapping: - post: - tags: - - policy.resourcemapping.ResourceMappingService - summary: UpdateResourceMapping - operationId: policy.resourcemapping.ResourceMappingService.UpdateResourceMapping - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.UpdateResourceMappingRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.UpdateResourceMappingResponse' - /policy.resourcemapping.ResourceMappingService/DeleteResourceMapping: - post: - tags: - - policy.resourcemapping.ResourceMappingService - summary: DeleteResourceMapping - operationId: policy.resourcemapping.ResourceMappingService.DeleteResourceMapping - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.DeleteResourceMappingRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.DeleteResourceMappingResponse' -components: - schemas: - common.MetadataUpdateEnum: - type: string - title: MetadataUpdateEnum - enum: - - METADATA_UPDATE_ENUM_UNSPECIFIED - - METADATA_UPDATE_ENUM_EXTEND - - METADATA_UPDATE_ENUM_REPLACE - policy.Action.StandardAction: - type: string - title: StandardAction - enum: - - STANDARD_ACTION_UNSPECIFIED - - STANDARD_ACTION_DECRYPT - - STANDARD_ACTION_TRANSMIT - policy.Algorithm: - type: string - title: Algorithm - enum: - - ALGORITHM_UNSPECIFIED - - ALGORITHM_RSA_2048 - - ALGORITHM_RSA_4096 - - ALGORITHM_EC_P256 - - ALGORITHM_EC_P384 - - ALGORITHM_EC_P521 - description: Supported key algorithms. - policy.AttributeRuleTypeEnum: - type: string - title: AttributeRuleTypeEnum - enum: - - ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED - - ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF - - ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF - - ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY - policy.ConditionBooleanTypeEnum: - type: string - title: ConditionBooleanTypeEnum - enum: - - CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED - - CONDITION_BOOLEAN_TYPE_ENUM_AND - - CONDITION_BOOLEAN_TYPE_ENUM_OR - policy.KasPublicKeyAlgEnum: - type: string - title: KasPublicKeyAlgEnum - enum: - - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048 - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 - policy.SourceType: - type: string - title: SourceType - enum: - - SOURCE_TYPE_UNSPECIFIED - - SOURCE_TYPE_INTERNAL - - SOURCE_TYPE_EXTERNAL - description: |- - Describes whether this kas is managed by the organization or if they imported - the kas information from an external party. These two modes are necessary in order - to encrypt a tdf dek with an external parties kas public key. - policy.SubjectMappingOperatorEnum: - type: string - title: SubjectMappingOperatorEnum - enum: - - SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED - - SUBJECT_MAPPING_OPERATOR_ENUM_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - common.MetadataMutable: - type: object - properties: - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional labels - title: MetadataMutable - additionalProperties: false - common.MetadataMutable.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.BoolValue: - type: boolean - description: |- - Wrapper message for `bool`. - - The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.Action: - type: object - oneOf: - - properties: - custom: - type: string - title: custom - description: Deprecated - title: custom - required: - - custom - - properties: - standard: - title: standard - description: Deprecated - $ref: '#/components/schemas/policy.Action.StandardAction' - title: standard - required: - - standard - properties: - id: - type: string - title: id - description: Generated uuid in database - name: - type: string - title: name - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Action - additionalProperties: false - description: An action an entity can take - policy.Attribute: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - description: namespace of the attribute - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - description: attribute name - rule: - title: rule - description: attribute rule enum - $ref: '#/components/schemas/policy.AttributeRuleTypeEnum' - values: - type: array - items: - $ref: '#/components/schemas/policy.Value' - title: values - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the attribute. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys associated with the attribute - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Attribute - required: - - rule - additionalProperties: false - policy.Condition: - type: object - properties: - subjectExternalSelectorValue: - type: string - title: subject_external_selector_value - description: |- - a selector for a field value on a flattened Entity Representation (such as - from idP/LDAP) - operator: - title: operator - description: the evaluation operator of relation - $ref: '#/components/schemas/policy.SubjectMappingOperatorEnum' - subjectExternalValues: - type: array - items: - type: string - minItems: 1 - title: subject_external_values - minItems: 1 - description: |- - list of comparison values for the result of applying the - subject_external_selector_value on a flattened Entity Representation - (Subject), evaluated by the operator - title: Condition - required: - - subjectExternalSelectorValue - - operator - additionalProperties: false - description: |- - * - A Condition defines a rule of - policy.ConditionGroup: - type: object - properties: - conditions: - type: array - items: - $ref: '#/components/schemas/policy.Condition' - title: conditions - minItems: 1 - booleanOperator: - title: boolean_operator - description: the boolean evaluation type across the conditions - $ref: '#/components/schemas/policy.ConditionBooleanTypeEnum' - title: ConditionGroup - required: - - booleanOperator - additionalProperties: false - description: A collection of Conditions evaluated by the boolean_operator provided - policy.KasPublicKey: - type: object - properties: - pem: - type: string - title: pem - maxLength: 8192 - minLength: 1 - description: x509 ASN.1 content in PEM envelope, usually - kid: - type: string - title: kid - maxLength: 32 - minLength: 1 - description: A unique string identifier for this key - alg: - not: - enum: - - 0 - title: alg - description: |- - A known algorithm type with any additional parameters encoded. - To start, these may be `rsa:2048` for encrypting ZTDF files and - `ec:secp256r1` for nanoTDF, but more formats may be added as needed. - $ref: '#/components/schemas/policy.KasPublicKeyAlgEnum' - title: KasPublicKey - additionalProperties: false - description: |- - Deprecated - A KAS public key and some associated metadata for further identifcation - policy.KasPublicKeySet: - type: object - properties: - keys: - type: array - items: - $ref: '#/components/schemas/policy.KasPublicKey' - title: keys - title: KasPublicKeySet - additionalProperties: false - description: |- - Deprecated - A list of known KAS public keys - policy.KeyAccessServer: - type: object - properties: - id: - type: string - title: id - uri: - type: string - title: uri - description: |+ - Address of a KAS instance - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$') - ``` - - publicKey: - title: public_key - description: Deprecated - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: 'The source of the KAS: (INTERNAL, EXTERNAL)' - $ref: '#/components/schemas/policy.SourceType' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Kas keys associated with this KAS - name: - type: string - title: name - description: |- - Optional - Unique name of the KAS instance - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyAccessServer - additionalProperties: false - description: Key Access Server Registry - policy.Namespace: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - name: - type: string - title: name - description: |- - used to partition Attribute Definitions, support by namespace AuthN and - enable federation - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the namespace. Use kas_keys instead. - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys for the namespace - title: Namespace - additionalProperties: false - policy.Obligation: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - values: - type: array - items: - $ref: '#/components/schemas/policy.ObligationValue' - title: values - fqn: - type: string - title: fqn - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Obligation - additionalProperties: false - policy.ObligationTrigger: - type: object - properties: - id: - type: string - title: id - obligationValue: - title: obligation_value - $ref: '#/components/schemas/policy.ObligationValue' - action: - title: action - $ref: '#/components/schemas/policy.Action' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - context: - type: array - items: - $ref: '#/components/schemas/policy.RequestContext' - title: context - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: ObligationTrigger - additionalProperties: false - policy.ObligationValue: - type: object - properties: - id: - type: string - title: id - obligation: - title: obligation - $ref: '#/components/schemas/policy.Obligation' - value: - type: string - title: value - triggers: - type: array - items: - $ref: '#/components/schemas/policy.ObligationTrigger' - title: triggers - fqn: - type: string - title: fqn - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: ObligationValue - additionalProperties: false - policy.PageRequest: - type: object - properties: - limit: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - offset: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided - title: PageRequest - additionalProperties: false - policy.PageResponse: - type: object - properties: - currentOffset: - type: integer - title: current_offset - format: int32 - description: Requested pagination offset - nextOffset: - type: integer - title: next_offset - format: int32 - description: |- - Calculated with request limit + offset or defaults - Empty when none remain after current page - total: - type: integer - title: total - format: int32 - description: Total count of entire list - title: PageResponse - additionalProperties: false - policy.PolicyEnforcementPoint: - type: object - properties: - clientId: - type: string - title: client_id - minLength: 1 - title: PolicyEnforcementPoint - additionalProperties: false - policy.PublicKey: - type: object - oneOf: - - properties: - cached: - title: cached - description: public key with additional information. Current preferred version - $ref: '#/components/schemas/policy.KasPublicKeySet' - title: cached - required: - - cached - - properties: - remote: - type: string - title: remote - description: |+ - kas public key url - optional since can also be retrieved via public key - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$') - ``` - - title: remote - required: - - remote - title: PublicKey - additionalProperties: false - description: Deprecated - policy.RequestContext: - type: object - properties: - pep: - title: pep - $ref: '#/components/schemas/policy.PolicyEnforcementPoint' - title: RequestContext - required: - - pep - additionalProperties: false - description: Holds the context needed for obligation fulfillment - policy.ResourceMapping: - type: object - properties: - id: - type: string - title: id - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - terms: - type: array - items: - type: string - title: terms - group: - title: group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: ResourceMapping - required: - - attributeValue - additionalProperties: false - description: |- - Resource Mappings (aka Access Control Resource Encodings aka ACRE) are - structures supporting the mapping of Resources and Attribute Values - policy.ResourceMappingGroup: - type: object - properties: - id: - type: string - title: id - namespaceId: - type: string - title: namespace_id - description: the namespace containing the group of resource mappings - name: - type: string - title: name - description: |- - the common name for the group of resource mappings, which must be unique - per namespace - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: ResourceMappingGroup - required: - - namespaceId - - name - additionalProperties: false - description: |- - Resource Mapping Groups are namespaced collections of Resource Mappings - associated under a common group name. - policy.SimpleKasKey: - type: object - properties: - kasUri: - type: string - title: kas_uri - description: The URL of the Key Access Server - publicKey: - title: public_key - description: The public key of the Key that belongs to the KAS - $ref: '#/components/schemas/policy.SimpleKasPublicKey' - kasId: - type: string - title: kas_id - description: The ID of the Key Access Server - title: SimpleKasKey - additionalProperties: false - policy.SimpleKasPublicKey: - type: object - properties: - algorithm: - title: algorithm - $ref: '#/components/schemas/policy.Algorithm' - kid: - type: string - title: kid - pem: - type: string - title: pem - title: SimpleKasPublicKey - additionalProperties: false - policy.SubjectConditionSet: - type: object - properties: - id: - type: string - title: id - subjectSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectSet' - title: subject_sets - minItems: 1 - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectConditionSet - additionalProperties: false - description: |- - A container for multiple Subject Sets, each containing Condition Groups, each - containing Conditions. Multiple Subject Sets in a SubjectConditionSet are - evaluated with AND logic. As each Subject Mapping has only one Attribute - Value, the SubjectConditionSet is reusable across multiple Subject Mappings / - Attribute Values and is an independent unit. - policy.SubjectMapping: - type: object - properties: - id: - type: string - title: id - attributeValue: - title: attribute_value - description: 'the Attribute Value mapped to; aka: "The Entity Entitlement Attribute"' - $ref: '#/components/schemas/policy.Value' - subjectConditionSet: - title: subject_condition_set - description: the reusable SubjectConditionSet mapped to the given Attribute Value - $ref: '#/components/schemas/policy.SubjectConditionSet' - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - description: The actions permitted by subjects in this mapping - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectMapping - additionalProperties: false - description: |- - Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute - value + action(s) combination - policy.SubjectSet: - type: object - properties: - conditionGroups: - type: array - items: - $ref: '#/components/schemas/policy.ConditionGroup' - title: condition_groups - minItems: 1 - description: multiple Condition Groups are evaluated with AND logic - title: SubjectSet - additionalProperties: false - description: A collection of Condition Groups - policy.Value: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - value: - type: string - title: value - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the value. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - subjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: subject_mappings - description: subject mapping - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - resourceMappings: - type: array - items: - $ref: '#/components/schemas/policy.ResourceMapping' - title: resource_mappings - obligations: - type: array - items: - $ref: '#/components/schemas/policy.Obligation' - title: obligations - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Value - additionalProperties: false - policy.resourcemapping.CreateResourceMappingGroupRequest: - type: object - properties: - namespaceId: - type: string - title: namespace_id - format: uuid - description: Required - name: - type: string - title: name - description: Required - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateResourceMappingGroupRequest - required: - - name - additionalProperties: false - policy.resourcemapping.CreateResourceMappingGroupResponse: - type: object - properties: - resourceMappingGroup: - title: resource_mapping_group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: CreateResourceMappingGroupResponse - additionalProperties: false - policy.resourcemapping.CreateResourceMappingRequest: - type: object - properties: - attributeValueId: - type: string - title: attribute_value_id - format: uuid - description: Required - terms: - type: array - items: - type: string - maxItems: 1000 - minItems: 1 - title: terms - maxItems: 1000 - minItems: 1 - description: Required - groupId: - type: string - title: group_id - description: |+ - Optional - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - metadata: - title: metadata - description: Optional - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateResourceMappingRequest - additionalProperties: false - policy.resourcemapping.CreateResourceMappingResponse: - type: object - properties: - resourceMapping: - title: resource_mapping - $ref: '#/components/schemas/policy.ResourceMapping' - title: CreateResourceMappingResponse - additionalProperties: false - policy.resourcemapping.DeleteResourceMappingGroupRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeleteResourceMappingGroupRequest - additionalProperties: false - policy.resourcemapping.DeleteResourceMappingGroupResponse: - type: object - properties: - resourceMappingGroup: - title: resource_mapping_group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: DeleteResourceMappingGroupResponse - additionalProperties: false - policy.resourcemapping.DeleteResourceMappingRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeleteResourceMappingRequest - additionalProperties: false - policy.resourcemapping.DeleteResourceMappingResponse: - type: object - properties: - resourceMapping: - title: resource_mapping - $ref: '#/components/schemas/policy.ResourceMapping' - title: DeleteResourceMappingResponse - additionalProperties: false - policy.resourcemapping.GetResourceMappingGroupRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: GetResourceMappingGroupRequest - additionalProperties: false - policy.resourcemapping.GetResourceMappingGroupResponse: - type: object - properties: - resourceMappingGroup: - title: resource_mapping_group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: GetResourceMappingGroupResponse - additionalProperties: false - policy.resourcemapping.GetResourceMappingRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: GetResourceMappingRequest - additionalProperties: false - policy.resourcemapping.GetResourceMappingResponse: - type: object - properties: - resourceMapping: - title: resource_mapping - $ref: '#/components/schemas/policy.ResourceMapping' - title: GetResourceMappingResponse - additionalProperties: false - policy.resourcemapping.ListResourceMappingGroupsRequest: - type: object - properties: - namespaceId: - type: string - title: namespace_id - description: |+ - Optional - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListResourceMappingGroupsRequest - additionalProperties: false - policy.resourcemapping.ListResourceMappingGroupsResponse: - type: object - properties: - resourceMappingGroups: - type: array - items: - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: resource_mapping_groups - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListResourceMappingGroupsResponse - additionalProperties: false - policy.resourcemapping.ListResourceMappingsByGroupFqnsRequest: - type: object - properties: - fqns: - type: array - items: - type: string - minItems: 1 - title: fqns - minItems: 1 - description: |- - Required - Structure of the RM Group FQN is 'https:///resm/' - title: ListResourceMappingsByGroupFqnsRequest - additionalProperties: false - policy.resourcemapping.ListResourceMappingsByGroupFqnsResponse: - type: object - properties: - fqnResourceMappingGroups: - type: object - title: fqn_resource_mapping_groups - additionalProperties: - title: value - $ref: '#/components/schemas/policy.resourcemapping.ResourceMappingsByGroup' - title: ListResourceMappingsByGroupFqnsResponse - additionalProperties: false - policy.resourcemapping.ListResourceMappingsByGroupFqnsResponse.FqnResourceMappingGroupsEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/policy.resourcemapping.ResourceMappingsByGroup' - title: FqnResourceMappingGroupsEntry - additionalProperties: false - policy.resourcemapping.ListResourceMappingsRequest: - type: object - properties: - groupId: - type: string - title: group_id - description: |+ - Optional - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListResourceMappingsRequest - additionalProperties: false - policy.resourcemapping.ListResourceMappingsResponse: - type: object - properties: - resourceMappings: - type: array - items: - $ref: '#/components/schemas/policy.ResourceMapping' - title: resource_mappings - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListResourceMappingsResponse - additionalProperties: false - policy.resourcemapping.ResourceMappingsByGroup: - type: object - properties: - group: - title: group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - mappings: - type: array - items: - $ref: '#/components/schemas/policy.ResourceMapping' - title: mappings - title: ResourceMappingsByGroup - additionalProperties: false - policy.resourcemapping.UpdateResourceMappingGroupRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - namespaceId: - type: string - title: namespace_id - description: |+ - Optional - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - name: - type: string - title: name - maxLength: 253 - description: |+ - Optional - Optional field must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored group name will be normalized to lower case.: - ``` - size(this) == 0 || this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateResourceMappingGroupRequest - additionalProperties: false - policy.resourcemapping.UpdateResourceMappingGroupResponse: - type: object - properties: - resourceMappingGroup: - title: resource_mapping_group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: UpdateResourceMappingGroupResponse - additionalProperties: false - policy.resourcemapping.UpdateResourceMappingRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - attributeValueId: - type: string - title: attribute_value_id - description: |+ - Optional - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - terms: - type: array - items: - type: string - maxItems: 1000 - title: terms - maxItems: 1000 - description: Optional - groupId: - type: string - title: group_id - description: |+ - Optional - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - metadata: - title: metadata - description: |- - Optional - Common Metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateResourceMappingRequest - additionalProperties: false - policy.resourcemapping.UpdateResourceMappingResponse: - type: object - properties: - resourceMapping: - title: resource_mapping - $ref: '#/components/schemas/policy.ResourceMapping' - title: UpdateResourceMappingResponse - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: policy.resourcemapping.ResourceMappingService - description: Resource Mapping Groups diff --git a/specs/policy/selectors.openapi.yaml b/specs/policy/selectors.openapi.yaml deleted file mode 100644 index 3a43030..0000000 --- a/specs/policy/selectors.openapi.yaml +++ /dev/null @@ -1,152 +0,0 @@ -openapi: 3.1.0 -info: - title: policy -paths: {} -components: - schemas: - policy.AttributeDefinitionSelector: - type: object - properties: - withKeyAccessGrants: - type: boolean - title: with_key_access_grants - description: Deprecated - withNamespace: - title: with_namespace - $ref: '#/components/schemas/policy.AttributeDefinitionSelector.NamespaceSelector' - withValues: - title: with_values - $ref: '#/components/schemas/policy.AttributeDefinitionSelector.ValueSelector' - title: AttributeDefinitionSelector - additionalProperties: false - policy.AttributeDefinitionSelector.NamespaceSelector: - type: object - title: NamespaceSelector - additionalProperties: false - policy.AttributeDefinitionSelector.ValueSelector: - type: object - properties: - withKeyAccessGrants: - type: boolean - title: with_key_access_grants - description: Deprecated - withSubjectMaps: - type: boolean - title: with_subject_maps - withResourceMaps: - type: boolean - title: with_resource_maps - title: ValueSelector - additionalProperties: false - policy.AttributeNamespaceSelector: - type: object - properties: - withAttributes: - title: with_attributes - $ref: '#/components/schemas/policy.AttributeNamespaceSelector.AttributeSelector' - title: AttributeNamespaceSelector - additionalProperties: false - policy.AttributeNamespaceSelector.AttributeSelector: - type: object - properties: - withKeyAccessGrants: - type: boolean - title: with_key_access_grants - description: Deprecated - withValues: - title: with_values - $ref: '#/components/schemas/policy.AttributeNamespaceSelector.AttributeSelector.ValueSelector' - title: AttributeSelector - additionalProperties: false - policy.AttributeNamespaceSelector.AttributeSelector.ValueSelector: - type: object - properties: - withKeyAccessGrants: - type: boolean - title: with_key_access_grants - description: Deprecated - withSubjectMaps: - type: boolean - title: with_subject_maps - withResourceMaps: - type: boolean - title: with_resource_maps - title: ValueSelector - additionalProperties: false - policy.AttributeValueSelector: - type: object - properties: - withKeyAccessGrants: - type: boolean - title: with_key_access_grants - description: Deprecated - withSubjectMaps: - type: boolean - title: with_subject_maps - withResourceMaps: - type: boolean - title: with_resource_maps - withAttribute: - title: with_attribute - $ref: '#/components/schemas/policy.AttributeValueSelector.AttributeSelector' - title: AttributeValueSelector - additionalProperties: false - policy.AttributeValueSelector.AttributeSelector: - type: object - properties: - withKeyAccessGrants: - type: boolean - title: with_key_access_grants - description: Deprecated - withNamespace: - title: with_namespace - $ref: '#/components/schemas/policy.AttributeValueSelector.AttributeSelector.NamespaceSelector' - title: AttributeSelector - additionalProperties: false - policy.AttributeValueSelector.AttributeSelector.NamespaceSelector: - type: object - title: NamespaceSelector - additionalProperties: false - policy.PageRequest: - type: object - properties: - limit: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - offset: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided - title: PageRequest - additionalProperties: false - policy.PageResponse: - type: object - properties: - currentOffset: - type: integer - title: current_offset - format: int32 - description: Requested pagination offset - nextOffset: - type: integer - title: next_offset - format: int32 - description: |- - Calculated with request limit + offset or defaults - Empty when none remain after current page - total: - type: integer - title: total - format: int32 - description: Total count of entire list - title: PageResponse - additionalProperties: false -security: [] diff --git a/specs/policy/subjectmapping/subject_mapping.openapi.yaml b/specs/policy/subjectmapping/subject_mapping.openapi.yaml deleted file mode 100644 index 585aec2..0000000 --- a/specs/policy/subjectmapping/subject_mapping.openapi.yaml +++ /dev/null @@ -1,1703 +0,0 @@ -openapi: 3.1.0 -info: - title: policy.subjectmapping -paths: - /policy.subjectmapping.SubjectMappingService/MatchSubjectMappings: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: MatchSubjectMappings - description: Find matching Subject Mappings for a given Subject - operationId: policy.subjectmapping.SubjectMappingService.MatchSubjectMappings - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.MatchSubjectMappingsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.MatchSubjectMappingsResponse' - /policy.subjectmapping.SubjectMappingService/ListSubjectMappings: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: ListSubjectMappings - operationId: policy.subjectmapping.SubjectMappingService.ListSubjectMappings - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.ListSubjectMappingsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.ListSubjectMappingsResponse' - /policy.subjectmapping.SubjectMappingService/GetSubjectMapping: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: GetSubjectMapping - operationId: policy.subjectmapping.SubjectMappingService.GetSubjectMapping - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.GetSubjectMappingRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.GetSubjectMappingResponse' - /policy.subjectmapping.SubjectMappingService/CreateSubjectMapping: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: CreateSubjectMapping - operationId: policy.subjectmapping.SubjectMappingService.CreateSubjectMapping - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.CreateSubjectMappingRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.CreateSubjectMappingResponse' - /policy.subjectmapping.SubjectMappingService/UpdateSubjectMapping: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: UpdateSubjectMapping - operationId: policy.subjectmapping.SubjectMappingService.UpdateSubjectMapping - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.UpdateSubjectMappingRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.UpdateSubjectMappingResponse' - /policy.subjectmapping.SubjectMappingService/DeleteSubjectMapping: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: DeleteSubjectMapping - operationId: policy.subjectmapping.SubjectMappingService.DeleteSubjectMapping - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.DeleteSubjectMappingRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.DeleteSubjectMappingResponse' - /policy.subjectmapping.SubjectMappingService/ListSubjectConditionSets: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: ListSubjectConditionSets - operationId: policy.subjectmapping.SubjectMappingService.ListSubjectConditionSets - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.ListSubjectConditionSetsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.ListSubjectConditionSetsResponse' - /policy.subjectmapping.SubjectMappingService/GetSubjectConditionSet: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: GetSubjectConditionSet - operationId: policy.subjectmapping.SubjectMappingService.GetSubjectConditionSet - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.GetSubjectConditionSetRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.GetSubjectConditionSetResponse' - /policy.subjectmapping.SubjectMappingService/CreateSubjectConditionSet: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: CreateSubjectConditionSet - operationId: policy.subjectmapping.SubjectMappingService.CreateSubjectConditionSet - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.CreateSubjectConditionSetRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.CreateSubjectConditionSetResponse' - /policy.subjectmapping.SubjectMappingService/UpdateSubjectConditionSet: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: UpdateSubjectConditionSet - operationId: policy.subjectmapping.SubjectMappingService.UpdateSubjectConditionSet - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.UpdateSubjectConditionSetRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.UpdateSubjectConditionSetResponse' - /policy.subjectmapping.SubjectMappingService/DeleteSubjectConditionSet: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: DeleteSubjectConditionSet - operationId: policy.subjectmapping.SubjectMappingService.DeleteSubjectConditionSet - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.DeleteSubjectConditionSetRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.DeleteSubjectConditionSetResponse' - /policy.subjectmapping.SubjectMappingService/DeleteAllUnmappedSubjectConditionSets: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: DeleteAllUnmappedSubjectConditionSets - operationId: policy.subjectmapping.SubjectMappingService.DeleteAllUnmappedSubjectConditionSets - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.DeleteAllUnmappedSubjectConditionSetsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.DeleteAllUnmappedSubjectConditionSetsResponse' -components: - schemas: - common.MetadataUpdateEnum: - type: string - title: MetadataUpdateEnum - enum: - - METADATA_UPDATE_ENUM_UNSPECIFIED - - METADATA_UPDATE_ENUM_EXTEND - - METADATA_UPDATE_ENUM_REPLACE - policy.Action.StandardAction: - type: string - title: StandardAction - enum: - - STANDARD_ACTION_UNSPECIFIED - - STANDARD_ACTION_DECRYPT - - STANDARD_ACTION_TRANSMIT - policy.Algorithm: - type: string - title: Algorithm - enum: - - ALGORITHM_UNSPECIFIED - - ALGORITHM_RSA_2048 - - ALGORITHM_RSA_4096 - - ALGORITHM_EC_P256 - - ALGORITHM_EC_P384 - - ALGORITHM_EC_P521 - description: Supported key algorithms. - policy.AttributeRuleTypeEnum: - type: string - title: AttributeRuleTypeEnum - enum: - - ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED - - ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF - - ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF - - ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY - policy.ConditionBooleanTypeEnum: - type: string - title: ConditionBooleanTypeEnum - enum: - - CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED - - CONDITION_BOOLEAN_TYPE_ENUM_AND - - CONDITION_BOOLEAN_TYPE_ENUM_OR - policy.KasPublicKeyAlgEnum: - type: string - title: KasPublicKeyAlgEnum - enum: - - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048 - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 - policy.SourceType: - type: string - title: SourceType - enum: - - SOURCE_TYPE_UNSPECIFIED - - SOURCE_TYPE_INTERNAL - - SOURCE_TYPE_EXTERNAL - description: |- - Describes whether this kas is managed by the organization or if they imported - the kas information from an external party. These two modes are necessary in order - to encrypt a tdf dek with an external parties kas public key. - policy.SubjectMappingOperatorEnum: - type: string - title: SubjectMappingOperatorEnum - enum: - - SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED - - SUBJECT_MAPPING_OPERATOR_ENUM_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - common.MetadataMutable: - type: object - properties: - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional labels - title: MetadataMutable - additionalProperties: false - common.MetadataMutable.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.BoolValue: - type: boolean - description: |- - Wrapper message for `bool`. - - The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.Action: - type: object - oneOf: - - properties: - custom: - type: string - title: custom - description: Deprecated - title: custom - required: - - custom - - properties: - standard: - title: standard - description: Deprecated - $ref: '#/components/schemas/policy.Action.StandardAction' - title: standard - required: - - standard - properties: - id: - type: string - title: id - description: Generated uuid in database - name: - type: string - title: name - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Action - additionalProperties: false - description: An action an entity can take - policy.Attribute: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - description: namespace of the attribute - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - description: attribute name - rule: - title: rule - description: attribute rule enum - $ref: '#/components/schemas/policy.AttributeRuleTypeEnum' - values: - type: array - items: - $ref: '#/components/schemas/policy.Value' - title: values - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the attribute. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys associated with the attribute - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Attribute - required: - - rule - additionalProperties: false - policy.Condition: - type: object - properties: - subjectExternalSelectorValue: - type: string - title: subject_external_selector_value - description: |- - a selector for a field value on a flattened Entity Representation (such as - from idP/LDAP) - operator: - title: operator - description: the evaluation operator of relation - $ref: '#/components/schemas/policy.SubjectMappingOperatorEnum' - subjectExternalValues: - type: array - items: - type: string - minItems: 1 - title: subject_external_values - minItems: 1 - description: |- - list of comparison values for the result of applying the - subject_external_selector_value on a flattened Entity Representation - (Subject), evaluated by the operator - title: Condition - required: - - subjectExternalSelectorValue - - operator - additionalProperties: false - description: |- - * - A Condition defines a rule of - policy.ConditionGroup: - type: object - properties: - conditions: - type: array - items: - $ref: '#/components/schemas/policy.Condition' - title: conditions - minItems: 1 - booleanOperator: - title: boolean_operator - description: the boolean evaluation type across the conditions - $ref: '#/components/schemas/policy.ConditionBooleanTypeEnum' - title: ConditionGroup - required: - - booleanOperator - additionalProperties: false - description: A collection of Conditions evaluated by the boolean_operator provided - policy.KasPublicKey: - type: object - properties: - pem: - type: string - title: pem - maxLength: 8192 - minLength: 1 - description: x509 ASN.1 content in PEM envelope, usually - kid: - type: string - title: kid - maxLength: 32 - minLength: 1 - description: A unique string identifier for this key - alg: - not: - enum: - - 0 - title: alg - description: |- - A known algorithm type with any additional parameters encoded. - To start, these may be `rsa:2048` for encrypting ZTDF files and - `ec:secp256r1` for nanoTDF, but more formats may be added as needed. - $ref: '#/components/schemas/policy.KasPublicKeyAlgEnum' - title: KasPublicKey - additionalProperties: false - description: |- - Deprecated - A KAS public key and some associated metadata for further identifcation - policy.KasPublicKeySet: - type: object - properties: - keys: - type: array - items: - $ref: '#/components/schemas/policy.KasPublicKey' - title: keys - title: KasPublicKeySet - additionalProperties: false - description: |- - Deprecated - A list of known KAS public keys - policy.KeyAccessServer: - type: object - properties: - id: - type: string - title: id - uri: - type: string - title: uri - description: |+ - Address of a KAS instance - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$') - ``` - - publicKey: - title: public_key - description: Deprecated - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: 'The source of the KAS: (INTERNAL, EXTERNAL)' - $ref: '#/components/schemas/policy.SourceType' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Kas keys associated with this KAS - name: - type: string - title: name - description: |- - Optional - Unique name of the KAS instance - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyAccessServer - additionalProperties: false - description: Key Access Server Registry - policy.Namespace: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - name: - type: string - title: name - description: |- - used to partition Attribute Definitions, support by namespace AuthN and - enable federation - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the namespace. Use kas_keys instead. - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys for the namespace - title: Namespace - additionalProperties: false - policy.Obligation: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - values: - type: array - items: - $ref: '#/components/schemas/policy.ObligationValue' - title: values - fqn: - type: string - title: fqn - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Obligation - additionalProperties: false - policy.ObligationTrigger: - type: object - properties: - id: - type: string - title: id - obligationValue: - title: obligation_value - $ref: '#/components/schemas/policy.ObligationValue' - action: - title: action - $ref: '#/components/schemas/policy.Action' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - context: - type: array - items: - $ref: '#/components/schemas/policy.RequestContext' - title: context - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: ObligationTrigger - additionalProperties: false - policy.ObligationValue: - type: object - properties: - id: - type: string - title: id - obligation: - title: obligation - $ref: '#/components/schemas/policy.Obligation' - value: - type: string - title: value - triggers: - type: array - items: - $ref: '#/components/schemas/policy.ObligationTrigger' - title: triggers - fqn: - type: string - title: fqn - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: ObligationValue - additionalProperties: false - policy.PageRequest: - type: object - properties: - limit: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - offset: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided - title: PageRequest - additionalProperties: false - policy.PageResponse: - type: object - properties: - currentOffset: - type: integer - title: current_offset - format: int32 - description: Requested pagination offset - nextOffset: - type: integer - title: next_offset - format: int32 - description: |- - Calculated with request limit + offset or defaults - Empty when none remain after current page - total: - type: integer - title: total - format: int32 - description: Total count of entire list - title: PageResponse - additionalProperties: false - policy.PolicyEnforcementPoint: - type: object - properties: - clientId: - type: string - title: client_id - minLength: 1 - title: PolicyEnforcementPoint - additionalProperties: false - policy.PublicKey: - type: object - oneOf: - - properties: - cached: - title: cached - description: public key with additional information. Current preferred version - $ref: '#/components/schemas/policy.KasPublicKeySet' - title: cached - required: - - cached - - properties: - remote: - type: string - title: remote - description: |+ - kas public key url - optional since can also be retrieved via public key - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$') - ``` - - title: remote - required: - - remote - title: PublicKey - additionalProperties: false - description: Deprecated - policy.RequestContext: - type: object - properties: - pep: - title: pep - $ref: '#/components/schemas/policy.PolicyEnforcementPoint' - title: RequestContext - required: - - pep - additionalProperties: false - description: Holds the context needed for obligation fulfillment - policy.ResourceMapping: - type: object - properties: - id: - type: string - title: id - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - terms: - type: array - items: - type: string - title: terms - group: - title: group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: ResourceMapping - required: - - attributeValue - additionalProperties: false - description: |- - Resource Mappings (aka Access Control Resource Encodings aka ACRE) are - structures supporting the mapping of Resources and Attribute Values - policy.ResourceMappingGroup: - type: object - properties: - id: - type: string - title: id - namespaceId: - type: string - title: namespace_id - description: the namespace containing the group of resource mappings - name: - type: string - title: name - description: |- - the common name for the group of resource mappings, which must be unique - per namespace - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: ResourceMappingGroup - required: - - namespaceId - - name - additionalProperties: false - description: |- - Resource Mapping Groups are namespaced collections of Resource Mappings - associated under a common group name. - policy.SimpleKasKey: - type: object - properties: - kasUri: - type: string - title: kas_uri - description: The URL of the Key Access Server - publicKey: - title: public_key - description: The public key of the Key that belongs to the KAS - $ref: '#/components/schemas/policy.SimpleKasPublicKey' - kasId: - type: string - title: kas_id - description: The ID of the Key Access Server - title: SimpleKasKey - additionalProperties: false - policy.SimpleKasPublicKey: - type: object - properties: - algorithm: - title: algorithm - $ref: '#/components/schemas/policy.Algorithm' - kid: - type: string - title: kid - pem: - type: string - title: pem - title: SimpleKasPublicKey - additionalProperties: false - policy.SubjectConditionSet: - type: object - properties: - id: - type: string - title: id - subjectSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectSet' - title: subject_sets - minItems: 1 - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectConditionSet - additionalProperties: false - description: |- - A container for multiple Subject Sets, each containing Condition Groups, each - containing Conditions. Multiple Subject Sets in a SubjectConditionSet are - evaluated with AND logic. As each Subject Mapping has only one Attribute - Value, the SubjectConditionSet is reusable across multiple Subject Mappings / - Attribute Values and is an independent unit. - policy.SubjectMapping: - type: object - properties: - id: - type: string - title: id - attributeValue: - title: attribute_value - description: 'the Attribute Value mapped to; aka: "The Entity Entitlement Attribute"' - $ref: '#/components/schemas/policy.Value' - subjectConditionSet: - title: subject_condition_set - description: the reusable SubjectConditionSet mapped to the given Attribute Value - $ref: '#/components/schemas/policy.SubjectConditionSet' - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - description: The actions permitted by subjects in this mapping - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectMapping - additionalProperties: false - description: |- - Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute - value + action(s) combination - policy.SubjectProperty: - type: object - properties: - externalSelectorValue: - type: string - title: external_selector_value - minLength: 1 - externalValue: - type: string - title: external_value - title: SubjectProperty - required: - - externalSelectorValue - additionalProperties: false - description: |- - A property of a Subject/Entity as its selector expression -> value result - pair. This would mirror external user attributes retrieved from an - authoritative source such as an IDP (Identity Provider) or User Store. - Examples include such ADFS/LDAP, OKTA, etc. For now, a valid property must - contain both a selector expression & a resulting value. - - The external_selector_value is a specifier to select a value from a flattened - external representation of an Entity (such as from idP/LDAP), and the - external_value is the value selected by the external_selector_value on that - Entity Representation (Subject Context). These mirror the Condition. - policy.SubjectSet: - type: object - properties: - conditionGroups: - type: array - items: - $ref: '#/components/schemas/policy.ConditionGroup' - title: condition_groups - minItems: 1 - description: multiple Condition Groups are evaluated with AND logic - title: SubjectSet - additionalProperties: false - description: A collection of Condition Groups - policy.Value: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - value: - type: string - title: value - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the value. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - subjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: subject_mappings - description: subject mapping - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - resourceMappings: - type: array - items: - $ref: '#/components/schemas/policy.ResourceMapping' - title: resource_mappings - obligations: - type: array - items: - $ref: '#/components/schemas/policy.Obligation' - title: obligations - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Value - additionalProperties: false - policy.subjectmapping.CreateSubjectConditionSetRequest: - type: object - properties: - subjectConditionSet: - title: subject_condition_set - $ref: '#/components/schemas/policy.subjectmapping.SubjectConditionSetCreate' - title: CreateSubjectConditionSetRequest - required: - - subjectConditionSet - additionalProperties: false - policy.subjectmapping.CreateSubjectConditionSetResponse: - type: object - properties: - subjectConditionSet: - title: subject_condition_set - $ref: '#/components/schemas/policy.SubjectConditionSet' - title: CreateSubjectConditionSetResponse - additionalProperties: false - policy.subjectmapping.CreateSubjectMappingRequest: - type: object - properties: - attributeValueId: - type: string - title: attribute_value_id - format: uuid - description: |- - Required - Attribute Value to be mapped to - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - minItems: 1 - description: |+ - Required - The actions permitted by subjects in this mapping - Action name or ID must not be empty if provided: - ``` - this.all(item, item.name != '' || item.id != '') - ``` - - existingSubjectConditionSetId: - type: string - title: existing_subject_condition_set_id - description: |+ - Either of the following: - Reuse existing SubjectConditionSet (NOTE: prioritized over new_subject_condition_set) - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - newSubjectConditionSet: - title: new_subject_condition_set - description: 'Create new SubjectConditionSet (NOTE: ignored if existing_subject_condition_set_id is provided)' - $ref: '#/components/schemas/policy.subjectmapping.SubjectConditionSetCreate' - metadata: - title: metadata - description: Optional - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateSubjectMappingRequest - additionalProperties: false - policy.subjectmapping.CreateSubjectMappingResponse: - type: object - properties: - subjectMapping: - title: subject_mapping - $ref: '#/components/schemas/policy.SubjectMapping' - title: CreateSubjectMappingResponse - additionalProperties: false - policy.subjectmapping.DeleteAllUnmappedSubjectConditionSetsRequest: - type: object - title: DeleteAllUnmappedSubjectConditionSetsRequest - additionalProperties: false - description: Prune any Subject Condition Sets not utilized within a Subject Mapping - policy.subjectmapping.DeleteAllUnmappedSubjectConditionSetsResponse: - type: object - properties: - subjectConditionSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectConditionSet' - title: subject_condition_sets - description: Only IDs of any deleted Subject Condition Set provided - title: DeleteAllUnmappedSubjectConditionSetsResponse - additionalProperties: false - policy.subjectmapping.DeleteSubjectConditionSetRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeleteSubjectConditionSetRequest - additionalProperties: false - policy.subjectmapping.DeleteSubjectConditionSetResponse: - type: object - properties: - subjectConditionSet: - title: subject_condition_set - description: Only ID of deleted Subject Condition Set provided - $ref: '#/components/schemas/policy.SubjectConditionSet' - title: DeleteSubjectConditionSetResponse - additionalProperties: false - policy.subjectmapping.DeleteSubjectMappingRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeleteSubjectMappingRequest - additionalProperties: false - policy.subjectmapping.DeleteSubjectMappingResponse: - type: object - properties: - subjectMapping: - title: subject_mapping - description: Only ID of the updated Subject Mapping provided - $ref: '#/components/schemas/policy.SubjectMapping' - title: DeleteSubjectMappingResponse - additionalProperties: false - policy.subjectmapping.GetSubjectConditionSetRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: GetSubjectConditionSetRequest - additionalProperties: false - policy.subjectmapping.GetSubjectConditionSetResponse: - type: object - properties: - subjectConditionSet: - title: subject_condition_set - $ref: '#/components/schemas/policy.SubjectConditionSet' - associatedSubjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: associated_subject_mappings - description: contextualized Subject Mappings associated with this SubjectConditionSet - title: GetSubjectConditionSetResponse - additionalProperties: false - policy.subjectmapping.GetSubjectMappingRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: GetSubjectMappingRequest - additionalProperties: false - policy.subjectmapping.GetSubjectMappingResponse: - type: object - properties: - subjectMapping: - title: subject_mapping - $ref: '#/components/schemas/policy.SubjectMapping' - title: GetSubjectMappingResponse - additionalProperties: false - policy.subjectmapping.ListSubjectConditionSetsRequest: - type: object - properties: - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListSubjectConditionSetsRequest - additionalProperties: false - policy.subjectmapping.ListSubjectConditionSetsResponse: - type: object - properties: - subjectConditionSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectConditionSet' - title: subject_condition_sets - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListSubjectConditionSetsResponse - additionalProperties: false - policy.subjectmapping.ListSubjectMappingsRequest: - type: object - properties: - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListSubjectMappingsRequest - additionalProperties: false - policy.subjectmapping.ListSubjectMappingsResponse: - type: object - properties: - subjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: subject_mappings - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListSubjectMappingsResponse - additionalProperties: false - policy.subjectmapping.MatchSubjectMappingsRequest: - type: object - properties: - subjectProperties: - type: array - items: - $ref: '#/components/schemas/policy.SubjectProperty' - title: subject_properties - minItems: 1 - title: MatchSubjectMappingsRequest - additionalProperties: false - description: |- - MatchSubjectMappingsRequest liberally returns a list of SubjectMappings based on the provided SubjectProperties. - The SubjectMappings are returned if an external selector field matches. - policy.subjectmapping.MatchSubjectMappingsResponse: - type: object - properties: - subjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: subject_mappings - title: MatchSubjectMappingsResponse - additionalProperties: false - policy.subjectmapping.SubjectConditionSetCreate: - type: object - properties: - subjectSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectSet' - title: subject_sets - minItems: 1 - description: Required - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - title: SubjectConditionSetCreate - additionalProperties: false - policy.subjectmapping.UpdateSubjectConditionSetRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - subjectSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectSet' - title: subject_sets - description: |- - Optional - If provided, replaces entire existing structure of Subject Sets, Condition Groups, & Conditions - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateSubjectConditionSetRequest - additionalProperties: false - policy.subjectmapping.UpdateSubjectConditionSetResponse: - type: object - properties: - subjectConditionSet: - title: subject_condition_set - description: Only ID of updated Subject Condition Set provided - $ref: '#/components/schemas/policy.SubjectConditionSet' - title: UpdateSubjectConditionSetResponse - additionalProperties: false - policy.subjectmapping.UpdateSubjectMappingRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - subjectConditionSetId: - type: string - title: subject_condition_set_id - description: |+ - Optional - Replaces the existing SubjectConditionSet id with a new one - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - description: |+ - Optional - Replaces entire list of actions permitted by subjects - Action name or ID must not be empty if provided: - ``` - this.size() == 0 || this.all(item, item.name != '' || item.id != '') - ``` - - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateSubjectMappingRequest - additionalProperties: false - policy.subjectmapping.UpdateSubjectMappingResponse: - type: object - properties: - subjectMapping: - title: subject_mapping - description: Only ID of the updated Subject Mapping provided - $ref: '#/components/schemas/policy.SubjectMapping' - title: UpdateSubjectMappingResponse - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: policy.subjectmapping.SubjectMappingService diff --git a/specs/policy/unsafe/unsafe.openapi.yaml b/specs/policy/unsafe/unsafe.openapi.yaml deleted file mode 100644 index 4ff4ed8..0000000 --- a/specs/policy/unsafe/unsafe.openapi.yaml +++ /dev/null @@ -1,1658 +0,0 @@ -openapi: 3.1.0 -info: - title: policy.unsafe -paths: - /policy.unsafe.UnsafeService/UnsafeUpdateNamespace: - post: - tags: - - policy.unsafe.UnsafeService - summary: UnsafeUpdateNamespace - description: |- - --------------------------------------* - Namespace RPCs - --------------------------------------- - operationId: policy.unsafe.UnsafeService.UnsafeUpdateNamespace - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeUpdateNamespaceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeUpdateNamespaceResponse' - /policy.unsafe.UnsafeService/UnsafeReactivateNamespace: - post: - tags: - - policy.unsafe.UnsafeService - summary: UnsafeReactivateNamespace - operationId: policy.unsafe.UnsafeService.UnsafeReactivateNamespace - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeReactivateNamespaceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeReactivateNamespaceResponse' - /policy.unsafe.UnsafeService/UnsafeDeleteNamespace: - post: - tags: - - policy.unsafe.UnsafeService - summary: UnsafeDeleteNamespace - operationId: policy.unsafe.UnsafeService.UnsafeDeleteNamespace - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteNamespaceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteNamespaceResponse' - /policy.unsafe.UnsafeService/UnsafeUpdateAttribute: - post: - tags: - - policy.unsafe.UnsafeService - summary: UnsafeUpdateAttribute - description: |- - --------------------------------------* - Attribute RPCs - --------------------------------------- - operationId: policy.unsafe.UnsafeService.UnsafeUpdateAttribute - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeUpdateAttributeRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeUpdateAttributeResponse' - /policy.unsafe.UnsafeService/UnsafeReactivateAttribute: - post: - tags: - - policy.unsafe.UnsafeService - summary: UnsafeReactivateAttribute - operationId: policy.unsafe.UnsafeService.UnsafeReactivateAttribute - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeReactivateAttributeRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeReactivateAttributeResponse' - /policy.unsafe.UnsafeService/UnsafeDeleteAttribute: - post: - tags: - - policy.unsafe.UnsafeService - summary: UnsafeDeleteAttribute - operationId: policy.unsafe.UnsafeService.UnsafeDeleteAttribute - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteAttributeRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteAttributeResponse' - /policy.unsafe.UnsafeService/UnsafeUpdateAttributeValue: - post: - tags: - - policy.unsafe.UnsafeService - summary: UnsafeUpdateAttributeValue - description: |- - --------------------------------------* - Value RPCs - --------------------------------------- - operationId: policy.unsafe.UnsafeService.UnsafeUpdateAttributeValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeUpdateAttributeValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeUpdateAttributeValueResponse' - /policy.unsafe.UnsafeService/UnsafeReactivateAttributeValue: - post: - tags: - - policy.unsafe.UnsafeService - summary: UnsafeReactivateAttributeValue - operationId: policy.unsafe.UnsafeService.UnsafeReactivateAttributeValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeReactivateAttributeValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeReactivateAttributeValueResponse' - /policy.unsafe.UnsafeService/UnsafeDeleteAttributeValue: - post: - tags: - - policy.unsafe.UnsafeService - summary: UnsafeDeleteAttributeValue - operationId: policy.unsafe.UnsafeService.UnsafeDeleteAttributeValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteAttributeValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteAttributeValueResponse' - /policy.unsafe.UnsafeService/UnsafeDeleteKasKey: - post: - tags: - - policy.unsafe.UnsafeService - summary: UnsafeDeleteKasKey - description: |- - --------------------------------------* - Kas Key RPCs - --------------------------------------- - operationId: policy.unsafe.UnsafeService.UnsafeDeleteKasKey - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteKasKeyRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteKasKeyResponse' -components: - schemas: - policy.Action.StandardAction: - type: string - title: StandardAction - enum: - - STANDARD_ACTION_UNSPECIFIED - - STANDARD_ACTION_DECRYPT - - STANDARD_ACTION_TRANSMIT - policy.Algorithm: - type: string - title: Algorithm - enum: - - ALGORITHM_UNSPECIFIED - - ALGORITHM_RSA_2048 - - ALGORITHM_RSA_4096 - - ALGORITHM_EC_P256 - - ALGORITHM_EC_P384 - - ALGORITHM_EC_P521 - description: Supported key algorithms. - policy.AttributeRuleTypeEnum: - type: string - title: AttributeRuleTypeEnum - enum: - - ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED - - ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF - - ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF - - ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY - policy.ConditionBooleanTypeEnum: - type: string - title: ConditionBooleanTypeEnum - enum: - - CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED - - CONDITION_BOOLEAN_TYPE_ENUM_AND - - CONDITION_BOOLEAN_TYPE_ENUM_OR - policy.KasPublicKeyAlgEnum: - type: string - title: KasPublicKeyAlgEnum - enum: - - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048 - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 - policy.KeyMode: - type: string - title: KeyMode - enum: - - KEY_MODE_UNSPECIFIED - - KEY_MODE_CONFIG_ROOT_KEY - - KEY_MODE_PROVIDER_ROOT_KEY - - KEY_MODE_REMOTE - - KEY_MODE_PUBLIC_KEY_ONLY - description: Describes the management and operational mode of a cryptographic key. - policy.KeyStatus: - type: string - title: KeyStatus - enum: - - KEY_STATUS_UNSPECIFIED - - KEY_STATUS_ACTIVE - - KEY_STATUS_ROTATED - description: The status of the key - policy.SourceType: - type: string - title: SourceType - enum: - - SOURCE_TYPE_UNSPECIFIED - - SOURCE_TYPE_INTERNAL - - SOURCE_TYPE_EXTERNAL - description: |- - Describes whether this kas is managed by the organization or if they imported - the kas information from an external party. These two modes are necessary in order - to encrypt a tdf dek with an external parties kas public key. - policy.SubjectMappingOperatorEnum: - type: string - title: SubjectMappingOperatorEnum - enum: - - SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED - - SUBJECT_MAPPING_OPERATOR_ENUM_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.BoolValue: - type: boolean - description: |- - Wrapper message for `bool`. - - The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.Action: - type: object - oneOf: - - properties: - custom: - type: string - title: custom - description: Deprecated - title: custom - required: - - custom - - properties: - standard: - title: standard - description: Deprecated - $ref: '#/components/schemas/policy.Action.StandardAction' - title: standard - required: - - standard - properties: - id: - type: string - title: id - description: Generated uuid in database - name: - type: string - title: name - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Action - additionalProperties: false - description: An action an entity can take - policy.AsymmetricKey: - type: object - properties: - id: - type: string - title: id - description: Required - keyId: - type: string - title: key_id - description: Required - keyAlgorithm: - title: key_algorithm - description: Required - $ref: '#/components/schemas/policy.Algorithm' - keyStatus: - title: key_status - description: Required - $ref: '#/components/schemas/policy.KeyStatus' - keyMode: - title: key_mode - description: Required Specifies how the key is managed (local or remote) - $ref: '#/components/schemas/policy.KeyMode' - publicKeyCtx: - title: public_key_ctx - description: Required Specific structure based on key provider implementation - $ref: '#/components/schemas/policy.PublicKeyCtx' - privateKeyCtx: - title: private_key_ctx - description: Optional Specific structure based on key provider implementation - $ref: '#/components/schemas/policy.PrivateKeyCtx' - providerConfig: - title: provider_config - description: Optional Configuration for the key provider - $ref: '#/components/schemas/policy.KeyProviderConfig' - legacy: - type: boolean - title: legacy - description: Optional Indicates a key may be found in TDFs without key identifiers - metadata: - title: metadata - description: Common metadata fields - $ref: '#/components/schemas/common.Metadata' - title: AsymmetricKey - additionalProperties: false - policy.Attribute: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - description: namespace of the attribute - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - description: attribute name - rule: - title: rule - description: attribute rule enum - $ref: '#/components/schemas/policy.AttributeRuleTypeEnum' - values: - type: array - items: - $ref: '#/components/schemas/policy.Value' - title: values - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the attribute. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys associated with the attribute - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Attribute - required: - - rule - additionalProperties: false - policy.Condition: - type: object - properties: - subjectExternalSelectorValue: - type: string - title: subject_external_selector_value - description: |- - a selector for a field value on a flattened Entity Representation (such as - from idP/LDAP) - operator: - title: operator - description: the evaluation operator of relation - $ref: '#/components/schemas/policy.SubjectMappingOperatorEnum' - subjectExternalValues: - type: array - items: - type: string - minItems: 1 - title: subject_external_values - minItems: 1 - description: |- - list of comparison values for the result of applying the - subject_external_selector_value on a flattened Entity Representation - (Subject), evaluated by the operator - title: Condition - required: - - subjectExternalSelectorValue - - operator - additionalProperties: false - description: |- - * - A Condition defines a rule of - policy.ConditionGroup: - type: object - properties: - conditions: - type: array - items: - $ref: '#/components/schemas/policy.Condition' - title: conditions - minItems: 1 - booleanOperator: - title: boolean_operator - description: the boolean evaluation type across the conditions - $ref: '#/components/schemas/policy.ConditionBooleanTypeEnum' - title: ConditionGroup - required: - - booleanOperator - additionalProperties: false - description: A collection of Conditions evaluated by the boolean_operator provided - policy.KasKey: - type: object - properties: - kasId: - type: string - title: kas_id - key: - title: key - $ref: '#/components/schemas/policy.AsymmetricKey' - kasUri: - type: string - title: kas_uri - title: KasKey - additionalProperties: false - policy.KasPublicKey: - type: object - properties: - pem: - type: string - title: pem - maxLength: 8192 - minLength: 1 - description: x509 ASN.1 content in PEM envelope, usually - kid: - type: string - title: kid - maxLength: 32 - minLength: 1 - description: A unique string identifier for this key - alg: - not: - enum: - - 0 - title: alg - description: |- - A known algorithm type with any additional parameters encoded. - To start, these may be `rsa:2048` for encrypting ZTDF files and - `ec:secp256r1` for nanoTDF, but more formats may be added as needed. - $ref: '#/components/schemas/policy.KasPublicKeyAlgEnum' - title: KasPublicKey - additionalProperties: false - description: |- - Deprecated - A KAS public key and some associated metadata for further identifcation - policy.KasPublicKeySet: - type: object - properties: - keys: - type: array - items: - $ref: '#/components/schemas/policy.KasPublicKey' - title: keys - title: KasPublicKeySet - additionalProperties: false - description: |- - Deprecated - A list of known KAS public keys - policy.KeyAccessServer: - type: object - properties: - id: - type: string - title: id - uri: - type: string - title: uri - description: |+ - Address of a KAS instance - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$') - ``` - - publicKey: - title: public_key - description: Deprecated - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: 'The source of the KAS: (INTERNAL, EXTERNAL)' - $ref: '#/components/schemas/policy.SourceType' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Kas keys associated with this KAS - name: - type: string - title: name - description: |- - Optional - Unique name of the KAS instance - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyAccessServer - additionalProperties: false - description: Key Access Server Registry - policy.KeyProviderConfig: - type: object - properties: - id: - type: string - title: id - name: - type: string - title: name - configJson: - type: string - title: config_json - format: byte - manager: - type: string - title: manager - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyProviderConfig - additionalProperties: false - policy.Namespace: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - name: - type: string - title: name - description: |- - used to partition Attribute Definitions, support by namespace AuthN and - enable federation - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the namespace. Use kas_keys instead. - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys for the namespace - title: Namespace - additionalProperties: false - policy.Obligation: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - values: - type: array - items: - $ref: '#/components/schemas/policy.ObligationValue' - title: values - fqn: - type: string - title: fqn - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Obligation - additionalProperties: false - policy.ObligationTrigger: - type: object - properties: - id: - type: string - title: id - obligationValue: - title: obligation_value - $ref: '#/components/schemas/policy.ObligationValue' - action: - title: action - $ref: '#/components/schemas/policy.Action' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - context: - type: array - items: - $ref: '#/components/schemas/policy.RequestContext' - title: context - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: ObligationTrigger - additionalProperties: false - policy.ObligationValue: - type: object - properties: - id: - type: string - title: id - obligation: - title: obligation - $ref: '#/components/schemas/policy.Obligation' - value: - type: string - title: value - triggers: - type: array - items: - $ref: '#/components/schemas/policy.ObligationTrigger' - title: triggers - fqn: - type: string - title: fqn - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: ObligationValue - additionalProperties: false - policy.PolicyEnforcementPoint: - type: object - properties: - clientId: - type: string - title: client_id - minLength: 1 - title: PolicyEnforcementPoint - additionalProperties: false - policy.PrivateKeyCtx: - type: object - properties: - keyId: - type: string - title: key_id - minLength: 1 - description: Required Key ID for the symmetric key wrapping this key. - wrappedKey: - type: string - title: wrapped_key - description: Optional Base64 encoded wrapped key. Conditionally required if key_mode is LOCAL. Should not be present if key_mode is REMOTE. - title: PrivateKeyCtx - additionalProperties: false - policy.PublicKey: - type: object - oneOf: - - properties: - cached: - title: cached - description: public key with additional information. Current preferred version - $ref: '#/components/schemas/policy.KasPublicKeySet' - title: cached - required: - - cached - - properties: - remote: - type: string - title: remote - description: |+ - kas public key url - optional since can also be retrieved via public key - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$') - ``` - - title: remote - required: - - remote - title: PublicKey - additionalProperties: false - description: Deprecated - policy.PublicKeyCtx: - type: object - properties: - pem: - type: string - title: pem - minLength: 1 - description: Required Base64 encoded public key in PEM format - title: PublicKeyCtx - additionalProperties: false - policy.RequestContext: - type: object - properties: - pep: - title: pep - $ref: '#/components/schemas/policy.PolicyEnforcementPoint' - title: RequestContext - required: - - pep - additionalProperties: false - description: Holds the context needed for obligation fulfillment - policy.ResourceMapping: - type: object - properties: - id: - type: string - title: id - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - terms: - type: array - items: - type: string - title: terms - group: - title: group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: ResourceMapping - required: - - attributeValue - additionalProperties: false - description: |- - Resource Mappings (aka Access Control Resource Encodings aka ACRE) are - structures supporting the mapping of Resources and Attribute Values - policy.ResourceMappingGroup: - type: object - properties: - id: - type: string - title: id - namespaceId: - type: string - title: namespace_id - description: the namespace containing the group of resource mappings - name: - type: string - title: name - description: |- - the common name for the group of resource mappings, which must be unique - per namespace - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: ResourceMappingGroup - required: - - namespaceId - - name - additionalProperties: false - description: |- - Resource Mapping Groups are namespaced collections of Resource Mappings - associated under a common group name. - policy.SimpleKasKey: - type: object - properties: - kasUri: - type: string - title: kas_uri - description: The URL of the Key Access Server - publicKey: - title: public_key - description: The public key of the Key that belongs to the KAS - $ref: '#/components/schemas/policy.SimpleKasPublicKey' - kasId: - type: string - title: kas_id - description: The ID of the Key Access Server - title: SimpleKasKey - additionalProperties: false - policy.SimpleKasPublicKey: - type: object - properties: - algorithm: - title: algorithm - $ref: '#/components/schemas/policy.Algorithm' - kid: - type: string - title: kid - pem: - type: string - title: pem - title: SimpleKasPublicKey - additionalProperties: false - policy.SubjectConditionSet: - type: object - properties: - id: - type: string - title: id - subjectSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectSet' - title: subject_sets - minItems: 1 - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectConditionSet - additionalProperties: false - description: |- - A container for multiple Subject Sets, each containing Condition Groups, each - containing Conditions. Multiple Subject Sets in a SubjectConditionSet are - evaluated with AND logic. As each Subject Mapping has only one Attribute - Value, the SubjectConditionSet is reusable across multiple Subject Mappings / - Attribute Values and is an independent unit. - policy.SubjectMapping: - type: object - properties: - id: - type: string - title: id - attributeValue: - title: attribute_value - description: 'the Attribute Value mapped to; aka: "The Entity Entitlement Attribute"' - $ref: '#/components/schemas/policy.Value' - subjectConditionSet: - title: subject_condition_set - description: the reusable SubjectConditionSet mapped to the given Attribute Value - $ref: '#/components/schemas/policy.SubjectConditionSet' - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - description: The actions permitted by subjects in this mapping - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectMapping - additionalProperties: false - description: |- - Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute - value + action(s) combination - policy.SubjectSet: - type: object - properties: - conditionGroups: - type: array - items: - $ref: '#/components/schemas/policy.ConditionGroup' - title: condition_groups - minItems: 1 - description: multiple Condition Groups are evaluated with AND logic - title: SubjectSet - additionalProperties: false - description: A collection of Condition Groups - policy.Value: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - value: - type: string - title: value - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the value. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - subjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: subject_mappings - description: subject mapping - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - resourceMappings: - type: array - items: - $ref: '#/components/schemas/policy.ResourceMapping' - title: resource_mappings - obligations: - type: array - items: - $ref: '#/components/schemas/policy.Obligation' - title: obligations - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Value - additionalProperties: false - policy.unsafe.UnsafeDeleteAttributeRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: |- - Required - UUID of the Attribute - fqn: - type: string - title: fqn - description: |- - Required - Fully Qualified Name (FQN) of Attribute Definition (i.e. https:///attr/), normalized to lower case. - title: UnsafeDeleteAttributeRequest - required: - - fqn - additionalProperties: false - description: |- - WARNING!! - Deleting an Attribute will free up the Attribute name for reuse, which can introduce an access path to existing TDFs containing the deleted Attribute name. - Values under this Attribute will be cascadingly deleted. - Any KAS Grants associated with this Attribute will be cascadingly deleted. - policy.unsafe.UnsafeDeleteAttributeResponse: - type: object - properties: - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - title: UnsafeDeleteAttributeResponse - additionalProperties: false - policy.unsafe.UnsafeDeleteAttributeValueRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: |- - Required - UUID of the Attribute Value - fqn: - type: string - title: fqn - description: |- - Required - Fully Qualified Name (FQN) of Attribute Value (i.e. https:///attr//value/), normalized to lower case. - title: UnsafeDeleteAttributeValueRequest - required: - - fqn - additionalProperties: false - description: |- - WARNING!! - Deleting an Attribute Value will free up the Attribute Value for reuse, which can introduce an access path to existing TDFs containing the deleted Attribute Value. - Any KAS Grants associated with this Attribute Value will be cascadingly deleted. - policy.unsafe.UnsafeDeleteAttributeValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.Value' - title: UnsafeDeleteAttributeValueResponse - additionalProperties: false - policy.unsafe.UnsafeDeleteKasKeyRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: |- - Required - UUID of the Key - kid: - type: string - title: kid - description: |- - Required - The key id assigned to this key (Ex: "key-1") - kasUri: - type: string - title: kas_uri - description: |- - Required - The kas uri for which this key belongs (Ex: "https://kas.example.com:8080") - title: UnsafeDeleteKasKeyRequest - required: - - kid - - kasUri - additionalProperties: false - description: |- - WARNING!! - Deleting a key will make it so that ANY TDF that was encrypted with this key cannot be decrypted by the platform. - policy.unsafe.UnsafeDeleteKasKeyResponse: - type: object - properties: - key: - title: key - $ref: '#/components/schemas/policy.KasKey' - title: UnsafeDeleteKasKeyResponse - additionalProperties: false - policy.unsafe.UnsafeDeleteNamespaceRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: |- - Required - UUID of the Namespace - fqn: - type: string - title: fqn - description: |- - Required - Fully Qualified Name (FQN) of Namespace (i.e. https://), normalized to lower case. - title: UnsafeDeleteNamespaceRequest - required: - - fqn - additionalProperties: false - description: |- - WARNING!! - Deleting a Namespace will free up the Attribute Namespace, Definitions, and Values for reuse, which can introduce an access path to existing TDFs containing the deleted policy. - Definitions and their Values under this Namespace will be cascadingly deleted. - policy.unsafe.UnsafeDeleteNamespaceResponse: - type: object - properties: - namespace: - title: namespace - $ref: '#/components/schemas/policy.Namespace' - title: UnsafeDeleteNamespaceResponse - additionalProperties: false - policy.unsafe.UnsafeReactivateAttributeRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: UnsafeReactivateAttributeRequest - additionalProperties: false - description: |- - WARNING!! - Reactivating an Attribute can potentially open up an access path to existing TDFs containing the Attribute name. - Active state of any Values under this Attribute Definition will NOT be changed. - policy.unsafe.UnsafeReactivateAttributeResponse: - type: object - properties: - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - title: UnsafeReactivateAttributeResponse - additionalProperties: false - policy.unsafe.UnsafeReactivateAttributeValueRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: UnsafeReactivateAttributeValueRequest - additionalProperties: false - description: |- - WARNING!! - Reactivating an Attribute Value can potentially open up an access path to existing TDFs containing the Attribute Value. - policy.unsafe.UnsafeReactivateAttributeValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.Value' - title: UnsafeReactivateAttributeValueResponse - additionalProperties: false - policy.unsafe.UnsafeReactivateNamespaceRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: UnsafeReactivateNamespaceRequest - additionalProperties: false - description: |- - WARNING!! - Reactivating a Namespace can potentially open up an access path to existing TDFs containing any Attributes under the Namespace. - Active state of any Definitions and their Values under this Namespace will NOT be changed. - policy.unsafe.UnsafeReactivateNamespaceResponse: - type: object - properties: - namespace: - title: namespace - $ref: '#/components/schemas/policy.Namespace' - title: UnsafeReactivateNamespaceResponse - additionalProperties: false - policy.unsafe.UnsafeUpdateAttributeRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - name: - type: string - title: name - maxLength: 253 - description: |+ - Optional - WARNING!! - Updating the name of an Attribute will retroactively alter access to existing TDFs of the old and new Attribute name. - Attribute name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored attribute name will be normalized to lower case.: - ``` - size(this) > 0 ? this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') : true - ``` - - rule: - title: rule - description: |- - Optional - WARNING!! - Updating the rule of an Attribute will retroactively alter access to existing TDFs of the Attribute name. - $ref: '#/components/schemas/policy.AttributeRuleTypeEnum' - valuesOrder: - type: array - items: - type: string - title: values_order - description: |- - Optional - WARNING!! - Unsafe reordering requires the full list of values in the new order they should be stored. Updating the order of values in a HIERARCHY-rule Attribute Definition - will retroactively alter access to existing TDFs containing those values. Replacing values on an attribute in place is not supported; values can be unsafely deleted - deleted, created, and unsafely re-ordered as necessary. - title: UnsafeUpdateAttributeRequest - additionalProperties: false - description: |- - WARNING!! - Updating an Attribute can have dangerous consequences. Use with caution. - policy.unsafe.UnsafeUpdateAttributeResponse: - type: object - properties: - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - title: UnsafeUpdateAttributeResponse - additionalProperties: false - policy.unsafe.UnsafeUpdateAttributeValueRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - value: - type: string - title: value - maxLength: 253 - description: |+ - Required - Attribute Value must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored attribute value will be normalized to lower case.: - ``` - this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - title: UnsafeUpdateAttributeValueRequest - additionalProperties: false - description: |- - WARNING!! - Updating an Attribute Value will retroactively alter access to existing TDFs containing the old and new Attribute Value. - policy.unsafe.UnsafeUpdateAttributeValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.Value' - title: UnsafeUpdateAttributeValueResponse - additionalProperties: false - policy.unsafe.UnsafeUpdateNamespaceRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - name: - type: string - title: name - maxLength: 253 - description: |+ - Required - Namespace must be a valid hostname. It should include at least one dot, with each segment (label) starting and ending with an alphanumeric character. Each label must be 1 to 63 characters long, allowing hyphens but not as the first or last character. The top-level domain (the last segment after the final dot) must consist of at least two alphabetic characters. The stored namespace will be normalized to lower case.: - ``` - this.matches('^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,}$') - ``` - - title: UnsafeUpdateNamespaceRequest - additionalProperties: false - description: |- - WARNING!! - Updating the Namespace of an Attribute will retroactively alter access to existing TDFs of the old and new Namespace name. - Existing Attribute Definitions and their Values under the Namespace will now be associated with the new Namespace name. - policy.unsafe.UnsafeUpdateNamespaceResponse: - type: object - properties: - namespace: - title: namespace - $ref: '#/components/schemas/policy.Namespace' - title: UnsafeUpdateNamespaceResponse - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: policy.unsafe.UnsafeService - description: |- - / - / Unsafe Service - / diff --git a/specs/wellknownconfiguration/wellknown_configuration.openapi.yaml b/specs/wellknownconfiguration/wellknown_configuration.openapi.yaml deleted file mode 100644 index dcac72a..0000000 --- a/specs/wellknownconfiguration/wellknown_configuration.openapi.yaml +++ /dev/null @@ -1,184 +0,0 @@ -openapi: 3.1.0 -info: - title: wellknownconfiguration -paths: - /.well-known/opentdf-configuration: - get: - tags: - - wellknownconfiguration.WellKnownService - summary: GetWellKnownConfiguration - operationId: wellknownconfiguration.WellKnownService.GetWellKnownConfiguration - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/wellknownconfiguration.GetWellKnownConfigurationResponse' -components: - schemas: - google.protobuf.NullValue: - type: string - title: NullValue - enum: - - NULL_VALUE - description: |- - `NullValue` is a singleton enumeration to represent the null value for the - `Value` type union. - - The JSON representation for `NullValue` is JSON `null`. - google.protobuf.ListValue: - type: object - properties: - values: - type: array - items: - $ref: '#/components/schemas/google.protobuf.Value' - title: values - description: Repeated field of dynamically typed values. - title: ListValue - additionalProperties: false - description: |- - `ListValue` is a wrapper around a repeated field of values. - - The JSON representation for `ListValue` is JSON array. - google.protobuf.Struct: - type: object - additionalProperties: - $ref: '#/components/schemas/google.protobuf.Value' - description: |- - `Struct` represents a structured data value, consisting of fields - which map to dynamically typed values. In some languages, `Struct` - might be supported by a native representation. For example, in - scripting languages like JS a struct is represented as an - object. The details of that representation are described together - with the proto support for the language. - - The JSON representation for `Struct` is JSON object. - google.protobuf.Struct.FieldsEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/google.protobuf.Value' - title: FieldsEntry - additionalProperties: false - google.protobuf.Value: - oneOf: - - type: "null" - - type: number - - type: string - - type: boolean - - type: array - - type: object - additionalProperties: true - description: |- - `Value` represents a dynamically typed value which can be either - null, a number, a string, a boolean, a recursive struct value, or a - list of values. A producer of value is expected to set one of these - variants. Absence of any variant indicates an error. - - The JSON representation for `Value` is JSON value. - wellknownconfiguration.GetWellKnownConfigurationRequest: - type: object - title: GetWellKnownConfigurationRequest - additionalProperties: false - wellknownconfiguration.GetWellKnownConfigurationResponse: - type: object - properties: - configuration: - title: configuration - $ref: '#/components/schemas/google.protobuf.Struct' - title: GetWellKnownConfigurationResponse - additionalProperties: false - wellknownconfiguration.WellKnownConfig: - type: object - properties: - configuration: - type: object - title: configuration - additionalProperties: - title: value - $ref: '#/components/schemas/google.protobuf.Struct' - title: WellKnownConfig - additionalProperties: false - wellknownconfiguration.WellKnownConfig.ConfigurationEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/google.protobuf.Struct' - title: ConfigurationEntry - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: wellknownconfiguration.WellKnownService diff --git a/src/openapi/preprocessing.ts b/src/openapi/preprocessing.ts index 1e41098..072632a 100644 --- a/src/openapi/preprocessing.ts +++ b/src/openapi/preprocessing.ts @@ -25,7 +25,7 @@ const specsProcessedDir = path.join(repoRoot, 'specs-processed'); const ADD_TIMESTAMP_TO_DESCRIPTION = false; // The location prefix of built OpenAPI documentation -const OUTPUT_PREFIX = path.join(repoRoot, 'docs', 'OpenAPI-clients'); +const OUTPUT_PREFIX = path.join(repoRoot, 'docs', 'reference', 'OpenAPI-clients'); // The index page for OpenAPI documentation, to support bookmarking & sharing the URL const OPENAPI_INDEX_PAGE = `${OUTPUT_PREFIX}/index.md`;