github.com/authzed/spicedb@v1.32.1-0.20240520085336-ebda56537386/proto/internal/dispatch/v1/dispatch.proto (about) 1 syntax = "proto3"; 2 package dispatch.v1; 3 4 import "core/v1/core.proto"; 5 import "google/protobuf/duration.proto"; 6 import "google/protobuf/struct.proto"; 7 import "validate/validate.proto"; 8 9 option go_package = "github.com/authzed/spicedb/pkg/proto/dispatch/v1"; 10 11 service DispatchService { 12 rpc DispatchCheck(DispatchCheckRequest) returns (DispatchCheckResponse) {} 13 rpc DispatchExpand(DispatchExpandRequest) returns (DispatchExpandResponse) {} 14 15 rpc DispatchReachableResources(DispatchReachableResourcesRequest) returns (stream DispatchReachableResourcesResponse) {} 16 17 rpc DispatchLookupResources(DispatchLookupResourcesRequest) returns (stream DispatchLookupResourcesResponse) {} 18 rpc DispatchLookupSubjects(DispatchLookupSubjectsRequest) returns (stream DispatchLookupSubjectsResponse) {} 19 } 20 21 message DispatchCheckRequest { 22 enum DebugSetting { 23 NO_DEBUG = 0; 24 ENABLE_BASIC_DEBUGGING = 1; 25 ENABLE_TRACE_DEBUGGING = 2; 26 } 27 28 enum ResultsSetting { 29 REQUIRE_ALL_RESULTS = 0; 30 ALLOW_SINGLE_RESULT = 1; 31 } 32 33 ResolverMeta metadata = 1 [(validate.rules).message.required = true]; 34 35 core.v1.RelationReference resource_relation = 2 [(validate.rules).message.required = true]; 36 repeated string resource_ids = 3; 37 38 core.v1.ObjectAndRelation subject = 4 [(validate.rules).message.required = true]; 39 40 ResultsSetting results_setting = 5; 41 42 DebugSetting debug = 6; 43 } 44 45 message DispatchCheckResponse { 46 ResponseMeta metadata = 1; 47 map<string, ResourceCheckResult> results_by_resource_id = 2; 48 } 49 50 message ResourceCheckResult { 51 enum Membership { 52 UNKNOWN = 0; 53 NOT_MEMBER = 1; 54 MEMBER = 2; 55 CAVEATED_MEMBER = 3; 56 } 57 58 Membership membership = 1; 59 core.v1.CaveatExpression expression = 2; 60 repeated string missing_expr_fields = 3; 61 } 62 63 message DispatchExpandRequest { 64 enum ExpansionMode { 65 SHALLOW = 0; 66 RECURSIVE = 1; 67 } 68 69 ResolverMeta metadata = 1 [(validate.rules).message.required = true]; 70 71 core.v1.ObjectAndRelation resource_and_relation = 2 [(validate.rules).message.required = true]; 72 ExpansionMode expansion_mode = 3; 73 } 74 75 message DispatchExpandResponse { 76 ResponseMeta metadata = 1; 77 core.v1.RelationTupleTreeNode tree_node = 2; 78 } 79 80 message Cursor { 81 reserved 1; 82 repeated string sections = 2; 83 uint32 dispatch_version = 3; 84 } 85 86 message DispatchReachableResourcesRequest { 87 ResolverMeta metadata = 1 [(validate.rules).message.required = true]; 88 89 core.v1.RelationReference resource_relation = 2 [(validate.rules).message.required = true]; 90 core.v1.RelationReference subject_relation = 3 [(validate.rules).message.required = true]; 91 repeated string subject_ids = 4; 92 93 // optional_cursor, if the specified, is the cursor at which to resume returning results. Note 94 // that reachableresources can return duplicates. 95 Cursor optional_cursor = 5; 96 97 // optional_limit, if given, specifies a limit on the number of resources returned. 98 uint32 optional_limit = 6; 99 } 100 101 message ReachableResource { 102 enum ResultStatus { 103 /** 104 * REQUIRES_CHECK indicates that the resource is reachable but a Check is required to 105 * determine if the resource is actually found for the user. 106 */ 107 REQUIRES_CHECK = 0; 108 109 /** 110 * HAS_PERMISSION indicates that the resource is both reachable and found for the permission 111 * for the subject. 112 */ 113 HAS_PERMISSION = 1; 114 } 115 116 string resource_id = 1; 117 ResultStatus result_status = 2; 118 repeated string for_subject_ids = 3; 119 } 120 121 message DispatchReachableResourcesResponse { 122 ReachableResource resource = 1; 123 ResponseMeta metadata = 2; 124 Cursor after_response_cursor = 3; 125 } 126 127 message DispatchLookupResourcesRequest { 128 ResolverMeta metadata = 1 [(validate.rules).message.required = true]; 129 130 core.v1.RelationReference object_relation = 2 [(validate.rules).message.required = true]; 131 core.v1.ObjectAndRelation subject = 3 [(validate.rules).message.required = true]; 132 google.protobuf.Struct context = 5; 133 134 // optional_limit, if given, specifies a limit on the number of resources returned. 135 uint32 optional_limit = 4; 136 137 // optional_cursor, if the specified, is the cursor at which to resume returning results. Note 138 // that lookupresources can return duplicates. 139 Cursor optional_cursor = 6; 140 } 141 142 message ResolvedResource { 143 enum Permissionship { 144 UNKNOWN = 0; 145 HAS_PERMISSION = 1; 146 CONDITIONALLY_HAS_PERMISSION = 2; 147 } 148 149 string resource_id = 1; 150 Permissionship permissionship = 2; 151 repeated string missing_required_context = 3; 152 } 153 154 message DispatchLookupResourcesResponse { 155 ResponseMeta metadata = 1; 156 ResolvedResource resolved_resource = 2; 157 Cursor after_response_cursor = 3; 158 } 159 160 message DispatchLookupSubjectsRequest { 161 ResolverMeta metadata = 1 [(validate.rules).message.required = true]; 162 163 core.v1.RelationReference resource_relation = 2 [(validate.rules).message.required = true]; 164 repeated string resource_ids = 3; 165 166 core.v1.RelationReference subject_relation = 4 167 [ (validate.rules).message.required = true ]; 168 169 // optional_limit, if given, specifies a limit on the number of subjects returned. Note that the number 170 // returned may be less than this count. 171 uint32 optional_limit = 5; 172 173 // optional_cursor, if the specified, is the cursor at which to resume returning results. Note 174 // that lookupsubjects can return duplicates. 175 Cursor optional_cursor = 6; 176 } 177 178 message FoundSubject { 179 string subject_id = 1; 180 core.v1.CaveatExpression caveat_expression = 2; 181 repeated FoundSubject excluded_subjects = 3; 182 } 183 184 message FoundSubjects { 185 repeated FoundSubject found_subjects = 1; 186 } 187 188 message DispatchLookupSubjectsResponse { 189 map<string, FoundSubjects> found_subjects_by_resource_id = 1; 190 ResponseMeta metadata = 2; 191 Cursor after_response_cursor = 3; 192 } 193 194 message ResolverMeta { 195 string at_revision = 1 [(validate.rules).string = {max_bytes: 1024}]; 196 uint32 depth_remaining = 2 [(validate.rules).uint32.gt = 0]; 197 string request_id = 3 [deprecated = true]; 198 bytes traversal_bloom = 4 [(validate.rules).bytes = {max_len: 1024}]; 199 } 200 201 message ResponseMeta { 202 uint32 dispatch_count = 1; 203 uint32 depth_required = 2; 204 uint32 cached_dispatch_count = 3; 205 206 reserved 4, 5; 207 208 DebugInformation debug_info = 6; 209 } 210 211 message DebugInformation { 212 CheckDebugTrace check = 1; 213 } 214 215 message CheckDebugTrace { 216 enum RelationType { 217 UNKNOWN = 0; 218 RELATION = 1; 219 PERMISSION = 2; 220 } 221 222 DispatchCheckRequest request = 1; 223 RelationType resource_relation_type = 2; 224 map<string, ResourceCheckResult> results = 3; 225 bool is_cached_result = 4; 226 repeated CheckDebugTrace sub_problems = 5; 227 google.protobuf.Duration duration = 6; 228 }