acl

package
v0.6.0-alpha.1.pre.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 1, 2021 License: Apache-2.0 Imports: 9 Imported by: 3

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	NodeType_name = map[int32]string{
		0: "NODE_TYPE_UNSPECIFIED",
		1: "NODE_TYPE_UNION",
		2: "NODE_TYPE_EXCLUSION",
		3: "NODE_TYPE_INTERSECTION",
		4: "NODE_TYPE_LEAF",
	}
	NodeType_value = map[string]int32{
		"NODE_TYPE_UNSPECIFIED":  0,
		"NODE_TYPE_UNION":        1,
		"NODE_TYPE_EXCLUSION":    2,
		"NODE_TYPE_INTERSECTION": 3,
		"NODE_TYPE_LEAF":         4,
	}
)

Enum value maps for NodeType.

View Source 
var (
	RelationTupleDelta_Action_name = map[int32]string{
		0: "ACTION_UNSPECIFIED",
		1: "INSERT",
		2: "DELETE",
	}
	RelationTupleDelta_Action_value = map[string]int32{
		"ACTION_UNSPECIFIED": 0,
		"INSERT":             1,
		"DELETE":             2,
	}
)

Enum value maps for RelationTupleDelta_Action.

View Source 
var CheckService_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "ory.keto.acl.v1alpha1.CheckService",
	HandlerType: (*CheckServiceServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "Check",
			Handler:    _CheckService_Check_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "ory/keto/acl/v1alpha1/check_service.proto",
}

CheckService_ServiceDesc is the grpc.ServiceDesc for CheckService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source 
var ExpandService_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "ory.keto.acl.v1alpha1.ExpandService",
	HandlerType: (*ExpandServiceServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "Expand",
			Handler:    _ExpandService_Expand_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "ory/keto/acl/v1alpha1/expand_service.proto",
}

ExpandService_ServiceDesc is the grpc.ServiceDesc for ExpandService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source 
var File_ory_keto_acl_v1alpha1_acl_proto protoreflect.FileDescriptor
View Source 
var File_ory_keto_acl_v1alpha1_check_service_proto protoreflect.FileDescriptor
View Source 
var File_ory_keto_acl_v1alpha1_expand_service_proto protoreflect.FileDescriptor
View Source 
var File_ory_keto_acl_v1alpha1_read_service_proto protoreflect.FileDescriptor
View Source 
var File_ory_keto_acl_v1alpha1_version_proto protoreflect.FileDescriptor
View Source 
var File_ory_keto_acl_v1alpha1_write_service_proto protoreflect.FileDescriptor
View Source 
var ReadService_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "ory.keto.acl.v1alpha1.ReadService",
	HandlerType: (*ReadServiceServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "ListRelationTuples",
			Handler:    _ReadService_ListRelationTuples_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "ory/keto/acl/v1alpha1/read_service.proto",
}

ReadService_ServiceDesc is the grpc.ServiceDesc for ReadService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source 
var VersionService_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "ory.keto.acl.v1alpha1.VersionService",
	HandlerType: (*VersionServiceServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "GetVersion",
			Handler:    _VersionService_GetVersion_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "ory/keto/acl/v1alpha1/version.proto",
}

VersionService_ServiceDesc is the grpc.ServiceDesc for VersionService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source 
var WriteService_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "ory.keto.acl.v1alpha1.WriteService",
	HandlerType: (*WriteServiceServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "TransactRelationTuples",
			Handler:    _WriteService_TransactRelationTuples_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "ory/keto/acl/v1alpha1/write_service.proto",
}

WriteService_ServiceDesc is the grpc.ServiceDesc for WriteService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

Functions

func RegisterCheckServiceServer 

func RegisterCheckServiceServer(s grpc.ServiceRegistrar, srv CheckServiceServer)

func RegisterExpandServiceServer 

func RegisterExpandServiceServer(s grpc.ServiceRegistrar, srv ExpandServiceServer)

func RegisterReadServiceServer 

func RegisterReadServiceServer(s grpc.ServiceRegistrar, srv ReadServiceServer)

func RegisterVersionServiceServer 

func RegisterVersionServiceServer(s grpc.ServiceRegistrar, srv VersionServiceServer)

func RegisterWriteServiceServer 

func RegisterWriteServiceServer(s grpc.ServiceRegistrar, srv WriteServiceServer)

Types

type CheckRequest 

type CheckRequest struct {

	// The namespace to evaluate the check.
	//
	// Note: If you use the expand-API and the check
	// evaluates a RelationTuple specifying a SubjectSet as
	// subject or due to a rewrite rule in a namespace config
	// this check request may involve other namespaces automatically.
	Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"`
	// The related object in this check.
	Object string `protobuf:"bytes,2,opt,name=object,proto3" json:"object,omitempty"`
	// The relation between the Object and the Subject.
	Relation string `protobuf:"bytes,3,opt,name=relation,proto3" json:"relation,omitempty"`
	// The related subject in this check.
	Subject *Subject `protobuf:"bytes,4,opt,name=subject,proto3" json:"subject,omitempty"`
	// This field is not implemented yet and has no effect.
	// <!--
	// Set this field to `true` in case your application
	// needs to authorize depending on up to date ACLs,
	// also called a "content-change check".
	//
	// If set to `true` the `snaptoken` field is ignored,
	// the check is evaluated at the latest snapshot
	// (globally consistent) and the response includes a
	// snaptoken for clients to store along with object
	// contents that can be used for subsequent checks
	// of the same content version.
	//
	// Example use case:
	//  - You need to authorize a user to modify/delete some resource
	//    and it is unacceptable that if the permission to do that had
	//    just been revoked some seconds ago so that the change had not
	//    yet been fully replicated to all availability zones.
	// -->
	Latest bool `protobuf:"varint,5,opt,name=latest,proto3" json:"latest,omitempty"`
	// This field is not implemented yet and has no effect.
	// <!--
	// Optional. Like reads, a check is always evaluated at a
	// consistent snapshot no earlier than the given snaptoken.
	//
	// Leave this field blank if you want to evaluate the check
	// based on eventually consistent ACLs, benefiting from very
	// low latency, but possibly slightly stale results.
	//
	// If the specified token is too old and no longer known,
	// the server falls back as if no snaptoken had been specified.
	//
	// If not specified the server tries to evaluate the check
	// on the best snapshot version where it is very likely that
	// ACLs had already been replicated to all availability zones.
	// -->
	Snaptoken string `protobuf:"bytes,6,opt,name=snaptoken,proto3" json:"snaptoken,omitempty"`
	// contains filtered or unexported fields
}

The request for a CheckService.Check RPC. Checks whether a specific subject is related to an object.

func (*CheckRequest) Descriptor deprecated 

func (*CheckRequest) Descriptor() ([]byte, []int)

Deprecated: Use CheckRequest.ProtoReflect.Descriptor instead.

func (*CheckRequest) GetLatest 

func (x *CheckRequest) GetLatest() bool

func (*CheckRequest) GetNamespace 

func (x *CheckRequest) GetNamespace() string

func (*CheckRequest) GetObject 

func (x *CheckRequest) GetObject() string

func (*CheckRequest) GetRelation 

func (x *CheckRequest) GetRelation() string

func (*CheckRequest) GetSnaptoken 

func (x *CheckRequest) GetSnaptoken() string

func (*CheckRequest) GetSubject 

func (x *CheckRequest) GetSubject() *Subject

func (*CheckRequest) ProtoMessage 

func (*CheckRequest) ProtoMessage()

func (*CheckRequest) ProtoReflect 

func (x *CheckRequest) ProtoReflect() protoreflect.Message

func (*CheckRequest) Reset 

func (x *CheckRequest) Reset()

func (*CheckRequest) String 

func (x *CheckRequest) String() string

type CheckResponse 

type CheckResponse struct {

	// Whether the specified subject (id)
	// is related to the requested object.
	//
	// It is false by default if no ACL matches.
	Allowed bool `protobuf:"varint,1,opt,name=allowed,proto3" json:"allowed,omitempty"`
	// This field is not implemented yet and has no effect.
	// <!--
	// The last known snapshot token ONLY specified if
	// the request had not specified a snaptoken,
	// since this performed a "content-change request"
	// and consistently fetched the last known snapshot token.
	//
	// This field is not set if the request had specified a snaptoken!
	//
	// If set, clients should cache and use this token
	// for subsequent requests to have minimal latency,
	// but allow slightly stale responses (only some milliseconds or seconds).
	// -->
	Snaptoken string `protobuf:"bytes,2,opt,name=snaptoken,proto3" json:"snaptoken,omitempty"`
	// contains filtered or unexported fields
}

The response for a CheckService.Check rpc.

func (*CheckResponse) Descriptor deprecated 

func (*CheckResponse) Descriptor() ([]byte, []int)

Deprecated: Use CheckResponse.ProtoReflect.Descriptor instead.

func (*CheckResponse) GetAllowed 

func (x *CheckResponse) GetAllowed() bool

func (*CheckResponse) GetSnaptoken 

func (x *CheckResponse) GetSnaptoken() string

func (*CheckResponse) ProtoMessage 

func (*CheckResponse) ProtoMessage()

func (*CheckResponse) ProtoReflect 

func (x *CheckResponse) ProtoReflect() protoreflect.Message

func (*CheckResponse) Reset 

func (x *CheckResponse) Reset()

func (*CheckResponse) String 

func (x *CheckResponse) String() string

type CheckServiceClient 

type CheckServiceClient interface {
	// Performs an authorization check.
	Check(ctx context.Context, in *CheckRequest, opts ...grpc.CallOption) (*CheckResponse, error)
}

CheckServiceClient is the client API for CheckService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewCheckServiceClient 

func NewCheckServiceClient(cc grpc.ClientConnInterface) CheckServiceClient

type CheckServiceServer 

type CheckServiceServer interface {
	// Performs an authorization check.
	Check(context.Context, *CheckRequest) (*CheckResponse, error)
}

CheckServiceServer is the server API for CheckService service. All implementations should embed UnimplementedCheckServiceServer for forward compatibility

type ExpandRequest 

type ExpandRequest struct {

	// The subject to expand.
	Subject *Subject `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"`
	// The maximum depth of tree to build.
	// It is important to set this parameter to a meaningful
	// value. Ponder how deep you really want to display this.
	MaxDepth int32 `protobuf:"varint,2,opt,name=max_depth,json=maxDepth,proto3" json:"max_depth,omitempty"`
	// This field is not implemented yet and has no effect.
	// <!--
	// Optional. Like reads, a expand is always evaluated at a
	// consistent snapshot no earlier than the given snaptoken.
	//
	// Leave this field blank if you want to expand
	// based on eventually consistent ACLs, benefiting from very
	// low latency, but possibly slightly stale results.
	//
	// If the specified token is too old and no longer known,
	// the server falls back as if no snaptoken had been specified.
	//
	// If not specified the server tries to build the tree
	// on the best snapshot version where it is very likely that
	// ACLs had already been replicated to all availability zones.
	// -->
	Snaptoken string `protobuf:"bytes,3,opt,name=snaptoken,proto3" json:"snaptoken,omitempty"`
	// contains filtered or unexported fields
}

The request for an ExpandService.Expand RPC. Expands the given subject set.

func (*ExpandRequest) Descriptor deprecated 

func (*ExpandRequest) Descriptor() ([]byte, []int)

Deprecated: Use ExpandRequest.ProtoReflect.Descriptor instead.

func (*ExpandRequest) GetMaxDepth 

func (x *ExpandRequest) GetMaxDepth() int32

func (*ExpandRequest) GetSnaptoken 

func (x *ExpandRequest) GetSnaptoken() string

func (*ExpandRequest) GetSubject 

func (x *ExpandRequest) GetSubject() *Subject

func (*ExpandRequest) ProtoMessage 

func (*ExpandRequest) ProtoMessage()

func (*ExpandRequest) ProtoReflect 

func (x *ExpandRequest) ProtoReflect() protoreflect.Message

func (*ExpandRequest) Reset 

func (x *ExpandRequest) Reset()

func (*ExpandRequest) String 

func (x *ExpandRequest) String() string

type ExpandResponse 

type ExpandResponse struct {

	// The tree the requested subject set expands to.
	// The requested subject set is the subject of the root.
	//
	// This field can be nil in some circumstances.
	Tree *SubjectTree `protobuf:"bytes,1,opt,name=tree,proto3" json:"tree,omitempty"`
	// contains filtered or unexported fields
}

The response for a ExpandService.Expand RPC.

func (*ExpandResponse) Descriptor deprecated 

func (*ExpandResponse) Descriptor() ([]byte, []int)

Deprecated: Use ExpandResponse.ProtoReflect.Descriptor instead.

func (*ExpandResponse) GetTree 

func (x *ExpandResponse) GetTree() *SubjectTree

func (*ExpandResponse) ProtoMessage 

func (*ExpandResponse) ProtoMessage()

func (*ExpandResponse) ProtoReflect 

func (x *ExpandResponse) ProtoReflect() protoreflect.Message

func (*ExpandResponse) Reset 

func (x *ExpandResponse) Reset()

func (*ExpandResponse) String 

func (x *ExpandResponse) String() string

type ExpandServiceClient 

type ExpandServiceClient interface {
	// Expands the subject set into a tree of subjects.
	Expand(ctx context.Context, in *ExpandRequest, opts ...grpc.CallOption) (*ExpandResponse, error)
}

ExpandServiceClient is the client API for ExpandService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewExpandServiceClient 

func NewExpandServiceClient(cc grpc.ClientConnInterface) ExpandServiceClient

type ExpandServiceServer 

type ExpandServiceServer interface {
	// Expands the subject set into a tree of subjects.
	Expand(context.Context, *ExpandRequest) (*ExpandResponse, error)
}

ExpandServiceServer is the server API for ExpandService service. All implementations should embed UnimplementedExpandServiceServer for forward compatibility

type GetVersionRequest 

type GetVersionRequest struct {
	// contains filtered or unexported fields
}

Request for the VersionService.GetVersion RPC.

func (*GetVersionRequest) Descriptor deprecated 

func (*GetVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetVersionRequest.ProtoReflect.Descriptor instead.

func (*GetVersionRequest) ProtoMessage 

func (*GetVersionRequest) ProtoMessage()

func (*GetVersionRequest) ProtoReflect 

func (x *GetVersionRequest) ProtoReflect() protoreflect.Message

func (*GetVersionRequest) Reset 

func (x *GetVersionRequest) Reset()

func (*GetVersionRequest) String 

func (x *GetVersionRequest) String() string

type GetVersionResponse 

type GetVersionResponse struct {

	// The version string of the Ory Keto instance.
	Version string `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"`
	// contains filtered or unexported fields
}

Response of the VersionService.GetVersion RPC.

func (*GetVersionResponse) Descriptor deprecated 

func (*GetVersionResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetVersionResponse.ProtoReflect.Descriptor instead.

func (*GetVersionResponse) GetVersion 

func (x *GetVersionResponse) GetVersion() string

func (*GetVersionResponse) ProtoMessage 

func (*GetVersionResponse) ProtoMessage()

func (*GetVersionResponse) ProtoReflect 

func (x *GetVersionResponse) ProtoReflect() protoreflect.Message

func (*GetVersionResponse) Reset 

func (x *GetVersionResponse) Reset()

func (*GetVersionResponse) String 

func (x *GetVersionResponse) String() string

type ListRelationTuplesRequest 

type ListRelationTuplesRequest struct {

	// All query constraints are concatenated
	// with a logical AND operator.
	//
	// The RelationTuple list from ListRelationTuplesResponse
	// is ordered from the newest RelationTuple to the oldest.
	Query *ListRelationTuplesRequest_Query `protobuf:"bytes,1,opt,name=query,proto3" json:"query,omitempty"`
	// This field is not implemented yet and has no effect.
	// <!--
	// Optional. The list of fields to be expanded
	// in the RelationTuple list returned in `ListRelationTuplesResponse`.
	// Leaving this field unspecified means all fields are expanded.
	//
	// Available fields:
	// "object", "relation", "subject",
	// "namespace", "subject.id", "subject.namespace",
	// "subject.object", "subject.relation"
	// -->
	ExpandMask *field_mask.FieldMask `protobuf:"bytes,2,opt,name=expand_mask,json=expandMask,proto3" json:"expand_mask,omitempty"`
	// This field is not implemented yet and has no effect.
	// <!--
	// Optional. The snapshot token for this read.
	// -->
	Snaptoken string `protobuf:"bytes,3,opt,name=snaptoken,proto3" json:"snaptoken,omitempty"`
	// Optional. The maximum number of
	// RelationTuples to return in the response.
	//
	// Default: 100
	PageSize int32 `protobuf:"varint,4,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. An opaque pagination token returned from
	// a previous call to `ListRelationTuples` that
	// indicates where the page should start at.
	//
	// An empty token denotes the first page. All successive
	// pages require the token from the previous page.
	PageToken string `protobuf:"bytes,5,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// contains filtered or unexported fields
}

Request for ReadService.ListRelationTuples RPC. See `ListRelationTuplesRequest_Query` for how to filter the query.

func (*ListRelationTuplesRequest) Descriptor deprecated 

func (*ListRelationTuplesRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListRelationTuplesRequest.ProtoReflect.Descriptor instead.

func (*ListRelationTuplesRequest) GetExpandMask 

func (x *ListRelationTuplesRequest) GetExpandMask() *field_mask.FieldMask

func (*ListRelationTuplesRequest) GetPageSize 

func (x *ListRelationTuplesRequest) GetPageSize() int32

func (*ListRelationTuplesRequest) GetPageToken 

func (x *ListRelationTuplesRequest) GetPageToken() string

func (*ListRelationTuplesRequest) GetQuery 

func (x *ListRelationTuplesRequest) GetQuery() *ListRelationTuplesRequest_Query

func (*ListRelationTuplesRequest) GetSnaptoken 

func (x *ListRelationTuplesRequest) GetSnaptoken() string

func (*ListRelationTuplesRequest) ProtoMessage 

func (*ListRelationTuplesRequest) ProtoMessage()

func (*ListRelationTuplesRequest) ProtoReflect 

func (x *ListRelationTuplesRequest) ProtoReflect() protoreflect.Message

func (*ListRelationTuplesRequest) Reset 

func (x *ListRelationTuplesRequest) Reset()

func (*ListRelationTuplesRequest) String 

func (x *ListRelationTuplesRequest) String() string

type ListRelationTuplesRequest_Query 

type ListRelationTuplesRequest_Query struct {

	// Required. The namespace to query.
	Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"`
	// Optional. The object to query for.
	Object string `protobuf:"bytes,2,opt,name=object,proto3" json:"object,omitempty"`
	// Optional. The relation to query for.
	Relation string `protobuf:"bytes,3,opt,name=relation,proto3" json:"relation,omitempty"`
	// Optional. The subject to query for.
	Subject *Subject `protobuf:"bytes,4,opt,name=subject,proto3" json:"subject,omitempty"`
	// contains filtered or unexported fields
}

The query for listing relation tuples. Clients can specify any optional field to partially filter for specific relation tuples.

Example use cases (namespace is always required):

  • object only: display a list of all permissions referring to a specific object
  • relation only: get all groups that have members; get all directories that have content
  • object & relation: display all subjects that have a specific permission relation
  • subject & relation: display all groups a subject belongs to; display all objects a subject has access to
  • object & relation & subject: check whether the relation tuple already exists

func (*ListRelationTuplesRequest_Query) Descriptor deprecated 

func (*ListRelationTuplesRequest_Query) Descriptor() ([]byte, []int)

Deprecated: Use ListRelationTuplesRequest_Query.ProtoReflect.Descriptor instead.

func (*ListRelationTuplesRequest_Query) GetNamespace 

func (x *ListRelationTuplesRequest_Query) GetNamespace() string

func (*ListRelationTuplesRequest_Query) GetObject 

func (x *ListRelationTuplesRequest_Query) GetObject() string

func (*ListRelationTuplesRequest_Query) GetRelation 

func (x *ListRelationTuplesRequest_Query) GetRelation() string

func (*ListRelationTuplesRequest_Query) GetSubject 

func (x *ListRelationTuplesRequest_Query) GetSubject() *Subject

func (*ListRelationTuplesRequest_Query) ProtoMessage 

func (*ListRelationTuplesRequest_Query) ProtoMessage()

func (*ListRelationTuplesRequest_Query) ProtoReflect 

func (x *ListRelationTuplesRequest_Query) ProtoReflect() protoreflect.Message

func (*ListRelationTuplesRequest_Query) Reset 

func (x *ListRelationTuplesRequest_Query) Reset()

func (*ListRelationTuplesRequest_Query) String 

func (x *ListRelationTuplesRequest_Query) String() string

type ListRelationTuplesResponse 

type ListRelationTuplesResponse struct {

	// The relation tuples matching the list request.
	RelationTuples []*RelationTuple `protobuf:"bytes,1,rep,name=relation_tuples,json=relationTuples,proto3" json:"relation_tuples,omitempty"`
	// The token required to get the next page.
	// Please use the `is_last_page` field to determine whether
	// this was the last page.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// Whether this is the last page. Using the `next_page_token`
	// in a subsequent request if this field is true will return an error.
	IsLastPage bool `protobuf:"varint,3,opt,name=is_last_page,json=isLastPage,proto3" json:"is_last_page,omitempty"`
	// contains filtered or unexported fields
}

The response of a ReadService.ListRelationTuples RPC.

func (*ListRelationTuplesResponse) Descriptor deprecated 

func (*ListRelationTuplesResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListRelationTuplesResponse.ProtoReflect.Descriptor instead.

func (*ListRelationTuplesResponse) GetIsLastPage 

func (x *ListRelationTuplesResponse) GetIsLastPage() bool

func (*ListRelationTuplesResponse) GetNextPageToken 

func (x *ListRelationTuplesResponse) GetNextPageToken() string

func (*ListRelationTuplesResponse) GetRelationTuples 

func (x *ListRelationTuplesResponse) GetRelationTuples() []*RelationTuple

func (*ListRelationTuplesResponse) ProtoMessage 

func (*ListRelationTuplesResponse) ProtoMessage()

func (*ListRelationTuplesResponse) ProtoReflect 

func (x *ListRelationTuplesResponse) ProtoReflect() protoreflect.Message

func (*ListRelationTuplesResponse) Reset 

func (x *ListRelationTuplesResponse) Reset()

func (*ListRelationTuplesResponse) String 

func (x *ListRelationTuplesResponse) String() string

type NodeType 

type NodeType int32
const (
	NodeType_NODE_TYPE_UNSPECIFIED NodeType = 0
	// This node expands to a union of all children.
	NodeType_NODE_TYPE_UNION NodeType = 1
	// Not implemented yet.
	NodeType_NODE_TYPE_EXCLUSION NodeType = 2
	// Not implemented yet.
	NodeType_NODE_TYPE_INTERSECTION NodeType = 3
	// This node is a leaf and contains no children.
	// Its subject is a `SubjectID` unless `max_depth` was reached.
	NodeType_NODE_TYPE_LEAF NodeType = 4
)

func (NodeType) Descriptor 

func (NodeType) Descriptor() protoreflect.EnumDescriptor

func (NodeType) Enum 

func (x NodeType) Enum() *NodeType

func (NodeType) EnumDescriptor deprecated 

func (NodeType) EnumDescriptor() ([]byte, []int)

Deprecated: Use NodeType.Descriptor instead.

func (NodeType) Number 

func (x NodeType) Number() protoreflect.EnumNumber

func (NodeType) String 

func (x NodeType) String() string

func (NodeType) Type 

func (NodeType) Type() protoreflect.EnumType

type ReadServiceClient 

type ReadServiceClient interface {
	// Lists ACL relation tuples.
	ListRelationTuples(ctx context.Context, in *ListRelationTuplesRequest, opts ...grpc.CallOption) (*ListRelationTuplesResponse, error)
}

ReadServiceClient is the client API for ReadService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewReadServiceClient 

func NewReadServiceClient(cc grpc.ClientConnInterface) ReadServiceClient

type ReadServiceServer 

type ReadServiceServer interface {
	// Lists ACL relation tuples.
	ListRelationTuples(context.Context, *ListRelationTuplesRequest) (*ListRelationTuplesResponse, error)
}

ReadServiceServer is the server API for ReadService service. All implementations should embed UnimplementedReadServiceServer for forward compatibility

type RelationTuple 

type RelationTuple struct {

	// The namespace this relation tuple lives in.
	Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"`
	// The object related by this tuple.
	// It is an object in the namespace of the tuple.
	Object string `protobuf:"bytes,2,opt,name=object,proto3" json:"object,omitempty"`
	// The relation between an Object and a Subject.
	Relation string `protobuf:"bytes,3,opt,name=relation,proto3" json:"relation,omitempty"`
	// The subject related by this tuple.
	// A Subject either represents a concrete subject id or
	// a `SubjectSet` that expands to more Subjects.
	Subject *Subject `protobuf:"bytes,4,opt,name=subject,proto3" json:"subject,omitempty"`
	// contains filtered or unexported fields
}

RelationTuple defines a relation between an Object and a Subject.

func (*RelationTuple) Descriptor deprecated 

func (*RelationTuple) Descriptor() ([]byte, []int)

Deprecated: Use RelationTuple.ProtoReflect.Descriptor instead.

func (*RelationTuple) GetNamespace 

func (x *RelationTuple) GetNamespace() string

func (*RelationTuple) GetObject 

func (x *RelationTuple) GetObject() string

func (*RelationTuple) GetRelation 

func (x *RelationTuple) GetRelation() string

func (*RelationTuple) GetSubject 

func (x *RelationTuple) GetSubject() *Subject

func (*RelationTuple) ProtoMessage 

func (*RelationTuple) ProtoMessage()

func (*RelationTuple) ProtoReflect 

func (x *RelationTuple) ProtoReflect() protoreflect.Message

func (*RelationTuple) Reset 

func (x *RelationTuple) Reset()

func (*RelationTuple) String 

func (x *RelationTuple) String() string

type RelationTupleDelta 

type RelationTupleDelta struct {

	// The action to do on the RelationTuple.
	Action RelationTupleDelta_Action `protobuf:"varint,1,opt,name=action,proto3,enum=ory.keto.acl.v1alpha1.RelationTupleDelta_Action" json:"action,omitempty"`
	// The target RelationTuple.
	RelationTuple *RelationTuple `protobuf:"bytes,2,opt,name=relation_tuple,json=relationTuple,proto3" json:"relation_tuple,omitempty"`
	// contains filtered or unexported fields
}

Write-delta for a TransactRelationTuplesRequest.

func (*RelationTupleDelta) Descriptor deprecated 

func (*RelationTupleDelta) Descriptor() ([]byte, []int)

Deprecated: Use RelationTupleDelta.ProtoReflect.Descriptor instead.

func (*RelationTupleDelta) GetAction 

func (x *RelationTupleDelta) GetAction() RelationTupleDelta_Action

func (*RelationTupleDelta) GetRelationTuple 

func (x *RelationTupleDelta) GetRelationTuple() *RelationTuple

func (*RelationTupleDelta) ProtoMessage 

func (*RelationTupleDelta) ProtoMessage()

func (*RelationTupleDelta) ProtoReflect 

func (x *RelationTupleDelta) ProtoReflect() protoreflect.Message

func (*RelationTupleDelta) Reset 

func (x *RelationTupleDelta) Reset()

func (*RelationTupleDelta) String 

func (x *RelationTupleDelta) String() string

type RelationTupleDelta_Action 

type RelationTupleDelta_Action int32
const (
	// Unspecified.
	// The `TransactRelationTuples` RPC ignores this
	// RelationTupleDelta if an action was unspecified.
	RelationTupleDelta_ACTION_UNSPECIFIED RelationTupleDelta_Action = 0
	// Insertion of a new RelationTuple.
	// It is ignored if already existing.
	RelationTupleDelta_INSERT RelationTupleDelta_Action = 1
	// Deletion of the RelationTuple.
	// It is ignored if it does not exist.
	RelationTupleDelta_DELETE RelationTupleDelta_Action = 2
)

func (RelationTupleDelta_Action) Descriptor 

func (RelationTupleDelta_Action) Descriptor() protoreflect.EnumDescriptor

func (RelationTupleDelta_Action) Enum 

func (x RelationTupleDelta_Action) Enum() *RelationTupleDelta_Action

func (RelationTupleDelta_Action) EnumDescriptor deprecated 

func (RelationTupleDelta_Action) EnumDescriptor() ([]byte, []int)

Deprecated: Use RelationTupleDelta_Action.Descriptor instead.

func (RelationTupleDelta_Action) Number 

func (x RelationTupleDelta_Action) Number() protoreflect.EnumNumber

func (RelationTupleDelta_Action) String 

func (x RelationTupleDelta_Action) String() string

func (RelationTupleDelta_Action) Type 

func (RelationTupleDelta_Action) Type() protoreflect.EnumType

type Subject 

type Subject struct {

	// The reference of this abstract subject.
	//
	// Types that are assignable to Ref:
	//	*Subject_Id
	//	*Subject_Set
	Ref isSubject_Ref `protobuf_oneof:"ref"`
	// contains filtered or unexported fields
}

Subject is either a concrete subject id or a `SubjectSet` expanding to more Subjects.

func (*Subject) Descriptor deprecated 

func (*Subject) Descriptor() ([]byte, []int)

Deprecated: Use Subject.ProtoReflect.Descriptor instead.

func (*Subject) GetId 

func (x *Subject) GetId() string

func (*Subject) GetRef 

func (m *Subject) GetRef() isSubject_Ref

func (*Subject) GetSet 

func (x *Subject) GetSet() *SubjectSet

func (*Subject) ProtoMessage 

func (*Subject) ProtoMessage()

func (*Subject) ProtoReflect 

func (x *Subject) ProtoReflect() protoreflect.Message

func (*Subject) Reset 

func (x *Subject) Reset()

func (*Subject) String 

func (x *Subject) String() string

type SubjectSet 

type SubjectSet struct {

	// The namespace of the object and relation
	// referenced in this subject set.
	Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"`
	// The object related by this subject set.
	Object string `protobuf:"bytes,2,opt,name=object,proto3" json:"object,omitempty"`
	// The relation between the object and the subjects.
	Relation string `protobuf:"bytes,3,opt,name=relation,proto3" json:"relation,omitempty"`
	// contains filtered or unexported fields
}

SubjectSet refers to all subjects who have the same `relation` on an `object`.

func (*SubjectSet) Descriptor deprecated 

func (*SubjectSet) Descriptor() ([]byte, []int)

Deprecated: Use SubjectSet.ProtoReflect.Descriptor instead.

func (*SubjectSet) GetNamespace 

func (x *SubjectSet) GetNamespace() string

func (*SubjectSet) GetObject 

func (x *SubjectSet) GetObject() string

func (*SubjectSet) GetRelation 

func (x *SubjectSet) GetRelation() string

func (*SubjectSet) ProtoMessage 

func (*SubjectSet) ProtoMessage()

func (*SubjectSet) ProtoReflect 

func (x *SubjectSet) ProtoReflect() protoreflect.Message

func (*SubjectSet) Reset 

func (x *SubjectSet) Reset()

func (*SubjectSet) String 

func (x *SubjectSet) String() string

type SubjectTree 

type SubjectTree struct {

	// The type of the node.
	NodeType NodeType `protobuf:"varint,1,opt,name=node_type,json=nodeType,proto3,enum=ory.keto.acl.v1alpha1.NodeType" json:"node_type,omitempty"`
	// The subject this node represents.
	Subject *Subject `protobuf:"bytes,2,opt,name=subject,proto3" json:"subject,omitempty"`
	// The children of this node.
	//
	// This is never set if `node_type` == `NODE_TYPE_LEAF`.
	Children []*SubjectTree `protobuf:"bytes,3,rep,name=children,proto3" json:"children,omitempty"`
	// contains filtered or unexported fields
}

func (*SubjectTree) Descriptor deprecated 

func (*SubjectTree) Descriptor() ([]byte, []int)

Deprecated: Use SubjectTree.ProtoReflect.Descriptor instead.

func (*SubjectTree) GetChildren 

func (x *SubjectTree) GetChildren() []*SubjectTree

func (*SubjectTree) GetNodeType 

func (x *SubjectTree) GetNodeType() NodeType

func (*SubjectTree) GetSubject 

func (x *SubjectTree) GetSubject() *Subject

func (*SubjectTree) ProtoMessage 

func (*SubjectTree) ProtoMessage()

func (*SubjectTree) ProtoReflect 

func (x *SubjectTree) ProtoReflect() protoreflect.Message

func (*SubjectTree) Reset 

func (x *SubjectTree) Reset()

func (*SubjectTree) String 

func (x *SubjectTree) String() string

type Subject_Id 

type Subject_Id struct {
	// A concrete id of the subject.
	Id string `protobuf:"bytes,1,opt,name=id,proto3,oneof"`
}

type Subject_Set 

type Subject_Set struct {
	// A subject set that expands to more Subjects.
	// More information are available under [concepts](../concepts/subjects.mdx).
	Set *SubjectSet `protobuf:"bytes,2,opt,name=set,proto3,oneof"`
}

type TransactRelationTuplesRequest 

type TransactRelationTuplesRequest struct {

	// The write delta for the relation tuples operated in one single transaction.
	// Either all actions succeed or no change takes effect on error.
	RelationTupleDeltas []*RelationTupleDelta `protobuf:"bytes,1,rep,name=relation_tuple_deltas,json=relationTupleDeltas,proto3" json:"relation_tuple_deltas,omitempty"`
	// contains filtered or unexported fields
}

The request of a WriteService.TransactRelationTuples RPC.

func (*TransactRelationTuplesRequest) Descriptor deprecated 

func (*TransactRelationTuplesRequest) Descriptor() ([]byte, []int)

Deprecated: Use TransactRelationTuplesRequest.ProtoReflect.Descriptor instead.

func (*TransactRelationTuplesRequest) GetRelationTupleDeltas 

func (x *TransactRelationTuplesRequest) GetRelationTupleDeltas() []*RelationTupleDelta

func (*TransactRelationTuplesRequest) ProtoMessage 

func (*TransactRelationTuplesRequest) ProtoMessage()

func (*TransactRelationTuplesRequest) ProtoReflect 

func (x *TransactRelationTuplesRequest) ProtoReflect() protoreflect.Message

func (*TransactRelationTuplesRequest) Reset 

func (x *TransactRelationTuplesRequest) Reset()

func (*TransactRelationTuplesRequest) String 

func (x *TransactRelationTuplesRequest) String() string

type TransactRelationTuplesResponse 

type TransactRelationTuplesResponse struct {

	// This field is not implemented yet and has no effect.
	// <!--
	// The list of the new latest snapshot tokens of the affected RelationTuple,
	// with the same index as specified in the `relation_tuple_deltas` field of
	// the TransactRelationTuplesRequest request.
	//
	// If the RelationTupleDelta_Action was DELETE
	// the snaptoken is empty at the same index.
	// -->
	Snaptokens []string `protobuf:"bytes,1,rep,name=snaptokens,proto3" json:"snaptokens,omitempty"`
	// contains filtered or unexported fields
}

The response of a WriteService.TransactRelationTuples rpc.

func (*TransactRelationTuplesResponse) Descriptor deprecated 

func (*TransactRelationTuplesResponse) Descriptor() ([]byte, []int)

Deprecated: Use TransactRelationTuplesResponse.ProtoReflect.Descriptor instead.

func (*TransactRelationTuplesResponse) GetSnaptokens 

func (x *TransactRelationTuplesResponse) GetSnaptokens() []string

func (*TransactRelationTuplesResponse) ProtoMessage 

func (*TransactRelationTuplesResponse) ProtoMessage()

func (*TransactRelationTuplesResponse) ProtoReflect 

func (x *TransactRelationTuplesResponse) ProtoReflect() protoreflect.Message

func (*TransactRelationTuplesResponse) Reset 

func (x *TransactRelationTuplesResponse) Reset()

func (*TransactRelationTuplesResponse) String 

func (x *TransactRelationTuplesResponse) String() string

type UnimplementedCheckServiceServer 

type UnimplementedCheckServiceServer struct {
}

UnimplementedCheckServiceServer should be embedded to have forward compatible implementations.

func (UnimplementedCheckServiceServer) Check 

func (UnimplementedCheckServiceServer) Check(context.Context, *CheckRequest) (*CheckResponse, error)

type UnimplementedExpandServiceServer 

type UnimplementedExpandServiceServer struct {
}

UnimplementedExpandServiceServer should be embedded to have forward compatible implementations.

func (UnimplementedExpandServiceServer) Expand 

func (UnimplementedExpandServiceServer) Expand(context.Context, *ExpandRequest) (*ExpandResponse, error)

type UnimplementedReadServiceServer 

type UnimplementedReadServiceServer struct {
}

UnimplementedReadServiceServer should be embedded to have forward compatible implementations.

func (UnimplementedReadServiceServer) ListRelationTuples 

func (UnimplementedReadServiceServer) ListRelationTuples(context.Context, *ListRelationTuplesRequest) (*ListRelationTuplesResponse, error)

type UnimplementedVersionServiceServer 

type UnimplementedVersionServiceServer struct {
}

UnimplementedVersionServiceServer should be embedded to have forward compatible implementations.

func (UnimplementedVersionServiceServer) GetVersion 

func (UnimplementedVersionServiceServer) GetVersion(context.Context, *GetVersionRequest) (*GetVersionResponse, error)

type UnimplementedWriteServiceServer 

type UnimplementedWriteServiceServer struct {
}

UnimplementedWriteServiceServer should be embedded to have forward compatible implementations.

func (UnimplementedWriteServiceServer) TransactRelationTuples 

func (UnimplementedWriteServiceServer) TransactRelationTuples(context.Context, *TransactRelationTuplesRequest) (*TransactRelationTuplesResponse, error)

type UnsafeCheckServiceServer 

type UnsafeCheckServiceServer interface {
	// contains filtered or unexported methods
}

UnsafeCheckServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to CheckServiceServer will result in compilation errors.

type UnsafeExpandServiceServer 

type UnsafeExpandServiceServer interface {
	// contains filtered or unexported methods
}

UnsafeExpandServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to ExpandServiceServer will result in compilation errors.

type UnsafeReadServiceServer 

type UnsafeReadServiceServer interface {
	// contains filtered or unexported methods
}

UnsafeReadServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to ReadServiceServer will result in compilation errors.

type UnsafeVersionServiceServer 

type UnsafeVersionServiceServer interface {
	// contains filtered or unexported methods
}

UnsafeVersionServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to VersionServiceServer will result in compilation errors.

type UnsafeWriteServiceServer 

type UnsafeWriteServiceServer interface {
	// contains filtered or unexported methods
}

UnsafeWriteServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to WriteServiceServer will result in compilation errors.

type VersionServiceClient 

type VersionServiceClient interface {
	// Returns the version of the Ory Keto instance.
	GetVersion(ctx context.Context, in *GetVersionRequest, opts ...grpc.CallOption) (*GetVersionResponse, error)
}

VersionServiceClient is the client API for VersionService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewVersionServiceClient 

func NewVersionServiceClient(cc grpc.ClientConnInterface) VersionServiceClient

type VersionServiceServer 

type VersionServiceServer interface {
	// Returns the version of the Ory Keto instance.
	GetVersion(context.Context, *GetVersionRequest) (*GetVersionResponse, error)
}

VersionServiceServer is the server API for VersionService service. All implementations should embed UnimplementedVersionServiceServer for forward compatibility

type WriteServiceClient 

type WriteServiceClient interface {
	// Writes one or more relation tuples in a single transaction.
	TransactRelationTuples(ctx context.Context, in *TransactRelationTuplesRequest, opts ...grpc.CallOption) (*TransactRelationTuplesResponse, error)
}

WriteServiceClient is the client API for WriteService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewWriteServiceClient 

func NewWriteServiceClient(cc grpc.ClientConnInterface) WriteServiceClient

type WriteServiceServer 

type WriteServiceServer interface {
	// Writes one or more relation tuples in a single transaction.
	TransactRelationTuples(context.Context, *TransactRelationTuplesRequest) (*TransactRelationTuplesResponse, error)
}

WriteServiceServer is the server API for WriteService service. All implementations should embed UnimplementedWriteServiceServer for forward compatibility

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.