Simplified information about the resources that were rotated as part of the key rotation process.
+ | provider_config_id |
+ string |
+ |
+ Optional
-
-
-
- | Field | Type | Label | Description |
-
-
+Configuration ID for the key provider, if applicable
+
- | id |
- string |
+ legacy |
+ bool |
|
- The unique identifier of the policy object |
+ Optional
+
+Whether the key is a legacy key |
- | fqn |
- string |
+ metadata |
+ common.MetadataMutable |
|
- The fully qualified name of the policy object |
+ Common metadata
+
+Mutable metadata for the key |
@@ -11101,8 +11556,8 @@ MappedPolicyObject
- RotateKeyRequest
-
+ CreateKeyResponse
+ Response to a CreateKeyRequest, containing the created asymmetric key
@@ -11112,24 +11567,10 @@ RotateKeyRequest
- | id |
- string |
- |
- Current Active Key UUID |
-
-
-
- | key |
- KasKeyIdentifier |
- |
- Alternative way to specify the active key using KAS ID and Key ID |
-
-
-
- | new_key |
- RotateKeyRequest.NewKey |
+ kas_key |
+ policy.KasKey |
|
- Information about the new key to be rotated in |
+ The created asymmetric key for a KAS. |
@@ -11139,8 +11580,8 @@ RotateKeyRequest
- RotateKeyRequest.NewKey
- Nested message for specifying the new key details
+ CreatePublicKeyRequest
+
@@ -11150,54 +11591,24 @@ RotateKeyRequest.NewKey
- | key_id |
+ kas_id |
string |
|
Required |
- | algorithm |
- policy.Algorithm |
- |
- Required |
-
-
-
- | key_mode |
- policy.KeyMode |
- |
- Required |
-
-
-
- | public_key_ctx |
- policy.PublicKeyCtx |
- |
- Required |
-
-
-
- | private_key_ctx |
- policy.PrivateKeyCtx |
- |
- Required |
-
-
-
- | provider_config_id |
- string |
+ key |
+ policy.KasPublicKey |
|
- Conditionally Required.
-
-Validation handled by message-level CEL |
+ Required |
| metadata |
common.MetadataMutable |
|
- Common metadata fields |
+ Common metadata |
@@ -11207,8 +11618,8 @@ RotateKeyRequest.NewKey
- RotateKeyResponse
- Response message for the RotateKey request
+ CreatePublicKeyResponse
+
@@ -11218,17 +11629,10 @@ RotateKeyResponse
- | kas_key |
- policy.KasKey |
- |
- The newly rotated Kas Key |
-
-
-
- | rotated_resources |
- RotatedResources |
+ key |
+ policy.Key |
|
- All resources that were rotated as part of the key rotation process |
+ |
@@ -11238,8 +11642,8 @@ RotateKeyResponse
- RotatedResources
- All resources that were rotated as part of the key rotation process
+ DeactivatePublicKeyRequest
+
@@ -11249,30 +11653,33 @@ RotatedResources
- | rotated_out_key |
- policy.KasKey |
+ id |
+ string |
|
- The old key that was rotated out |
-
-
-
- | attribute_definition_mappings |
- ChangeMappings |
- repeated |
|
-
- | attribute_value_mappings |
- ChangeMappings |
- repeated |
- |
-
+
+
+
+
+
+
+
+ DeactivatePublicKeyResponse
+
+
+
+
+
+ | Field | Type | Label | Description |
+
+
- | namespace_mappings |
- ChangeMappings |
- repeated |
+ key |
+ policy.Key |
+ |
|
@@ -11283,8 +11690,8 @@ RotatedResources
- SetBaseKeyRequest
- Sets the specified key as the base key for the Key Access Server Note: The key must be active.
+ DeleteKeyAccessServerRequest
+
@@ -11297,14 +11704,7 @@ SetBaseKeyRequest
id |
string |
|
- Current Key UUID tp be set as default |
-
-
-
- | key |
- KasKeyIdentifier |
- |
- Alternative way to specify the key using KAS ID and Key ID |
+ Required |
@@ -11314,7 +11714,7 @@ SetBaseKeyRequest
- SetBaseKeyResponse
+ DeleteKeyAccessServerResponse
@@ -11325,17 +11725,41 @@ SetBaseKeyResponse
- | new_base_key |
- policy.SimpleKasKey |
+ key_access_server |
+ policy.KeyAccessServer |
|
- The key that was set as base |
+ |
+
+
+
+
+
+
+
+ GetBaseKeyRequest
+
+
+
+
+
+
+ GetBaseKeyResponse
+
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
- | previous_base_key |
+ base_key |
policy.SimpleKasKey |
|
- The previous base key, if any |
+ The current base key |
@@ -11345,7 +11769,7 @@ SetBaseKeyResponse
- UpdateKeyAccessServerRequest
+ GetKeyAccessServerRequest
@@ -11359,53 +11783,102 @@ UpdateKeyAccessServerRe
| id |
string |
|
- Required |
+ Deprecated. Deprecated |
- | uri |
+ kas_id |
string |
|
- Optional |
+ option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field |
- | public_key |
- policy.PublicKey |
+ name |
+ string |
|
- Deprecated
-Optional |
+ |
- | source_type |
- policy.SourceType |
+ uri |
+ string |
|
- Optional
-Using UNSPECIFIED will result in a successful update,
-but will not actually update the underlying source.
-You should not update KAS's from INTERNAL/EXTERNAL
-to unspecified. |
+ |
+
+
+
+
+
+
+
+
+ Fields with deprecated option
+
+
+
+ | Name |
+ Option |
+
+
- | name |
- string |
+ id |
+ true |
+
+
+
+
+
+
+
+
+
+ GetKeyAccessServerResponse
+
+
+
+
+
+
+
+
+
+ GetKeyRequest
+ Retrieve an existing asymmetric key from the Key Management System
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
- | metadata |
- common.MetadataMutable |
+ id |
+ string |
|
- Optional
-Common metadata |
+ The unique identifier of the key to retrieve |
- | metadata_update_behavior |
- common.MetadataUpdateEnum |
+ key |
+ KasKeyIdentifier |
|
|
@@ -11417,8 +11890,8 @@ UpdateKeyAccessServerRe
- UpdateKeyAccessServerResponse
-
+ GetKeyResponse
+ Response to a GetKeyRequest, containing the requested asymmetric key
@@ -11428,10 +11901,10 @@ UpdateKeyAccessServerR
- | key_access_server |
- policy.KeyAccessServer |
+ kas_key |
+ policy.KasKey |
|
- |
+ The requested asymmetric key for a KAS. |
@@ -11441,8 +11914,8 @@ UpdateKeyAccessServerR
- UpdateKeyRequest
- Update an existing asymmetric key in the Key Management System
+ GetPublicKeyRequest
+
@@ -11455,26 +11928,31 @@ UpdateKeyRequest
id |
string |
|
- Required
-
-The unique identifier of the key to update |
+ |
-
- | metadata |
- common.MetadataMutable |
- |
- Optional
-Common metadata
+
+ |
-Mutable metadata for the key
-
+
+
+
+
+ GetPublicKeyResponse
+
+
+
+
+
+ | Field | Type | Label | Description |
+
+
- | metadata_update_behavior |
- common.MetadataUpdateEnum |
+ key |
+ policy.Key |
|
- The behavior for updating the metadata |
+ |
@@ -11484,8 +11962,8 @@ UpdateKeyRequest
- UpdateKeyResponse
- Response to an UpdateKeyRequest, containing the updated asymmetric key
+ GrantedPolicyObject
+ Can be namespace, attribute definition, or value
@@ -11495,10 +11973,17 @@ UpdateKeyResponse
- | kas_key |
- policy.KasKey |
+ id |
+ string |
|
- The updated kas key |
+ |
+
+
+
+ | fqn |
+ string |
+ |
+ |
@@ -11508,8 +11993,8 @@ UpdateKeyResponse
- UpdatePublicKeyRequest
-
+ KasKeyIdentifier
+ Nested message for specifying the active key using KAS ID and Key ID
@@ -11547,7 +12038,7 @@ UpdatePublicKeyRequest
- UpdatePublicKeyResponse
+ KasKeysSort
@@ -11558,274 +12049,156 @@ UpdatePublicKeyResponse
- | key |
- policy.Key |
+ field |
+ SortKasKeysType |
+ |
+ |
+
+
+
+ | direction |
+ policy.SortDirection |
|
|
-
-
-
-
-
-
-
-
- SortKasKeysType
-
-
-
- | Name | Number | Description |
-
-
-
-
- | SORT_KAS_KEYS_TYPE_UNSPECIFIED |
- 0 |
- |
-
-
-
- | SORT_KAS_KEYS_TYPE_KEY_ID |
- 1 |
- |
-
-
-
- | SORT_KAS_KEYS_TYPE_CREATED_AT |
- 2 |
- |
-
-
-
- | SORT_KAS_KEYS_TYPE_UPDATED_AT |
- 3 |
- |
-
-
-
-
-
- SortKeyAccessServersType
-
-
-
- | Name | Number | Description |
-
-
-
-
- | SORT_KEY_ACCESS_SERVERS_TYPE_UNSPECIFIED |
- 0 |
- |
-
-
-
- | SORT_KEY_ACCESS_SERVERS_TYPE_NAME |
- 1 |
- |
-
-
-
- | SORT_KEY_ACCESS_SERVERS_TYPE_URI |
- 2 |
- |
-
-
-
- | SORT_KEY_ACCESS_SERVERS_TYPE_CREATED_AT |
- 3 |
- |
-
-
-
- | SORT_KEY_ACCESS_SERVERS_TYPE_UPDATED_AT |
- 4 |
- |
-
-
-
-
-
-
-
-
-
- KeyAccessServerRegistryService
-
-
+
-
-
- Methods with deprecated option
-
+
+
+
+ KeyAccessServerGrants
+ Deprecated
+
+
+
+
+
-
-
- Methods with idempotency_level option
-
+
+
+
+
+
+
-
- | Method Name |
- Option |
-
+ | Field | Type | Label | Description |
-
-
- | ListKeyAccessServers |
- NO_SIDE_EFFECTS |
-
-
-
- | GetKeyAccessServer |
- NO_SIDE_EFFECTS |
-
-
-
- | ListKeyAccessServerGrants |
- NO_SIDE_EFFECTS |
-
-
+
+
+ | field |
+ SortKeyAccessServersType |
+ |
+ |
+
+
+
+ | direction |
+ policy.SortDirection |
+ |
+ |
+
+
+
+
-
-
- policy/keymanagement/key_management.protoTop
- KeyMapping
+
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
+
+ | kid |
+ string |
+ |
+ |
+
+
+
+ | kas_uri |
+ string |
+ |
+ |
+
+
+
+ | namespace_mappings |
+ MappedPolicyObject |
+ repeated |
+ List of namespaces mapped to the key |
+
+
+
+ | attribute_mappings |
+ MappedPolicyObject |
+ repeated |
+ List of attribute definitions mapped to the key |
+
+
+
+ | value_mappings |
+ MappedPolicyObject |
+ repeated |
+ List of attribute values mapped to the key |
+
+
+
+
+
+
+
- CreateProviderConfigRequest
- Provider Configuration Requests and Response Messages
+ ListKeyAccessServerGrantsRequest
+ LIST of KAS Grants returns flat response of grants to all policy objects. It does not employ selectors for grants to specific policy objects or build the attribute tree relation. If grants to a known namespace, attribute, or value are needed, use the respective GET request to the specific policy object.
@@ -11835,34 +12208,40 @@ CreateProviderConfigRe
- | name |
+ kas_id |
string |
|
- Required
-The name of the key provider. (e.g. "AWS KMS Instance 1", "Google Cloud KMS Instance 2") |
+ Optional
+Filter LIST by ID of a registered Key Access Server.
+If neither is provided, grants from all registered KASs to policy attribute
+objects are returned. |
- | config_json |
- bytes |
+ kas_uri |
+ string |
|
- Required
-JSON configuration for the key provider. This is unique to individual key providers. |
+ Optional
+Filter LIST by URI of a registered Key Access Server.
+If none is provided, grants from all registered KASs to policy attribute
+objects are returned. |
- | manager |
+ kas_name |
string |
|
- Required
-The type of key manager (e.g. "aws", "gcp", "azure", "opentdf.io/basic") |
+ Optional
+Filter LIST by name of a registered Key Access Server.
+If none are provided, grants from all registered KASs to policy attribute
+objects are returned. |
- | metadata |
- common.MetadataMutable |
+ pagination |
+ policy.PageRequest |
|
- Common metadata |
+ Optional |
@@ -11872,8 +12251,8 @@ CreateProviderConfigRe
- CreateProviderConfigResponse
-
+ ListKeyAccessServerGrantsResponse
+ Deprecated
+
+
+ Fields with deprecated option
+
+
+
+ | Name |
+ Option |
+
+
+
+
+
+ | grants |
+ true |
+
+
+
+
+
+
- DeleteProviderConfigRequest
- In order to delete a provider configuration you must first delete all keys associated with the provider.
+ ListKeyAccessServersRequest
+
@@ -11907,10 +12314,21 @@ DeleteProviderConfigRe
- | id |
- string |
+ pagination |
+ policy.PageRequest |
|
- Required |
+ Optional |
+
+
+
+ | sort |
+ KeyAccessServersSort |
+ repeated |
+ Optional - CONSTRAINT: max 1 item
+Sort defaults:
+ - direction UNSPECIFIED defaults to DESC for the specified field
+ - field UNSPECIFIED defaults to created_at with the specified direction
+ - both UNSPECIFIED or sort omitted defaults to created_at DESC |
@@ -11920,7 +12338,7 @@ DeleteProviderConfigRe
- DeleteProviderConfigResponse
+ ListKeyAccessServersResponse
@@ -11931,8 +12349,15 @@ DeleteProviderConfigR
- | provider_config |
- policy.KeyProviderConfig |
+ key_access_servers |
+ policy.KeyAccessServer |
+ repeated |
+ |
+
+
+
+ | pagination |
+ policy.PageResponse |
|
|
@@ -11944,7 +12369,7 @@ DeleteProviderConfigR
- GetProviderConfigRequest
+ ListKeyMappingsRequest
@@ -11958,21 +12383,21 @@ GetProviderConfigRequest<
| id |
string |
|
- |
+ The unique identifier of the key to retrieve |
- | name |
- string |
+ key |
+ KasKeyIdentifier |
|
|
- | manager |
- string |
+ pagination |
+ policy.PageRequest |
|
- Optional - filter by manager type when searching by name |
+ Pagination request for the list of keys |
@@ -11982,7 +12407,7 @@ GetProviderConfigRequest<
- GetProviderConfigResponse
+ ListKeyMappingsResponse
@@ -11993,10 +12418,17 @@ GetProviderConfigRespons
- | provider_config |
- policy.KeyProviderConfig |
+ key_mappings |
+ KeyMapping |
+ repeated |
+ The list of key mappings |
+
+
+
+ | pagination |
+ policy.PageResponse |
|
- |
+ Pagination response for the list of keys |
@@ -12006,8 +12438,8 @@ GetProviderConfigRespons
- ListProviderConfigsRequest
-
+ ListKeysRequest
+ List all asymmetric keys managed by a specific Key Access Server or with a given algorithm
@@ -12016,11 +12448,61 @@ ListProviderConfigsRequ
+
+ | key_algorithm |
+ policy.Algorithm |
+ |
+ Filter keys by algorithm |
+
+
+
+ | kas_id |
+ string |
+ |
+ Filter keys by the KAS ID |
+
+
+
+ | kas_name |
+ string |
+ |
+ Filter keys by the KAS name |
+
+
+
+ | kas_uri |
+ string |
+ |
+ Filter keys by the KAS URI |
+
+
+
+ | legacy |
+ bool |
+ optional |
+ Optional
+
+Filter for legacy keys |
+
+
| pagination |
policy.PageRequest |
|
- Optional |
+ Optional
+
+Pagination request for the list of keys |
+
+
+
+ | sort |
+ KasKeysSort |
+ repeated |
+ Optional - CONSTRAINT: max 1 item
+Sort defaults:
+ - direction UNSPECIFIED defaults to DESC for the specified field
+ - field UNSPECIFIED defaults to created_at with the specified direction
+ - both UNSPECIFIED or sort omitted defaults to created_at DESC |
@@ -12030,8 +12512,8 @@ ListProviderConfigsRequ
- ListProviderConfigsResponse
-
+ ListKeysResponse
+ Response to a ListKeysRequest, containing the list of asymmetric keys and pagination information
@@ -12041,17 +12523,17 @@ ListProviderConfigsRes
- | provider_configs |
- policy.KeyProviderConfig |
+ kas_keys |
+ policy.KasKey |
repeated |
- |
+ The list of kas keys |
| pagination |
policy.PageResponse |
|
- |
+ Pagination response for the list of keys |
@@ -12061,7 +12543,7 @@ ListProviderConfigsRes
- UpdateProviderConfigRequest
+ ListPublicKeyMappingRequest
@@ -12072,46 +12554,38 @@ UpdateProviderConfigRe
- | id |
- string |
- |
- Required |
-
-
-
- | name |
+ kas_id |
string |
|
Optional |
- | config_json |
- bytes |
+ kas_name |
+ string |
|
Optional |
- | manager |
+ kas_uri |
string |
|
Optional |
- | metadata |
- common.MetadataMutable |
+ public_key_id |
+ string |
|
- Optional
-Common metadata |
+ Optional Public Key ID |
- | metadata_update_behavior |
- common.MetadataUpdateEnum |
+ pagination |
+ policy.PageRequest |
|
- |
+ Optional |
@@ -12121,7 +12595,7 @@ UpdateProviderConfigRe
- UpdateProviderConfigResponse
+ ListPublicKeyMappingResponse
@@ -12132,8 +12606,15 @@ UpdateProviderConfigR
- | provider_config |
- policy.KeyProviderConfig |
+ public_key_mappings |
+ ListPublicKeyMappingResponse.PublicKeyMapping |
+ repeated |
+ |
+
+
+
+ | pagination |
+ policy.PageResponse |
|
|
@@ -12145,70 +12626,8 @@ UpdateProviderConfigR
-
-
-
-
-
-
- KeyManagementService
+ ListPublicKeyMappingResponse.Association
-
-
-
-
-
-
- policy/namespaces/namespaces.protoTop
- AssignKeyAccessServerToNamespaceRequest
- Deprecated: utilize AssignPublicKeyToNamespaceRequest
@@ -12218,8 +12637,15 @@ AssignKeyAcce
- | namespace_key_access_server |
- NamespaceKeyAccessServer |
+ id |
+ string |
+ |
+ |
+
+
+
+ | fqn |
+ string |
|
|
@@ -12231,7 +12657,7 @@ AssignKeyAcce
- AssignKeyAccessServerToNamespaceResponse
+ ListPublicKeyMappingResponse.PublicKey
@@ -12242,33 +12668,30 @@
-
-
-
-
-
- AssignPublicKeyToNamespaceRequest
- Assign Key to Namespace
-
-
-
@@ -12303,7 +12747,7 @@ AssignPublicKeyToN
- CreateNamespaceRequest
+ ListPublicKeysRequest
@@ -12314,15 +12758,29 @@ CreateNamespaceRequest
- | name |
+ kas_id |
string |
|
- Required |
+ Optional |
- | metadata |
- common.MetadataMutable |
+ kas_name |
+ string |
+ |
+ Optional |
+
+
+
+ | kas_uri |
+ string |
+ |
+ Optional |
+
+
+
+ | pagination |
+ policy.PageRequest |
|
Optional |
@@ -12334,7 +12792,7 @@ CreateNamespaceRequest
- CreateNamespaceResponse
+ ListPublicKeysResponse
@@ -12345,8 +12803,15 @@ CreateNamespaceResponse
- | namespace |
- policy.Namespace |
+ keys |
+ policy.Key |
+ repeated |
+ |
+
+
+
+ | pagination |
+ policy.PageResponse |
|
|
@@ -12358,7 +12823,7 @@ CreateNamespaceResponse
- DeactivateNamespaceRequest
+ MappedPolicyObject
@@ -12372,7 +12837,14 @@ DeactivateNamespaceRequest
| id |
string |
|
- Required |
+ The unique identifier of the policy object |
+
+
+
+ | fqn |
+ string |
+ |
+ The fully qualified name of the policy object |
@@ -12382,14 +12854,7 @@ DeactivateNamespaceRequest
- DeactivateNamespaceResponse
-
-
-
-
-
-
- GetNamespaceRequest
+ RotateKeyRequest
@@ -12403,53 +12868,32 @@ GetNamespaceRequest
id |
string |
|
- Deprecated. Deprecated |
+ Current Active Key UUID |
- | namespace_id |
- string |
+ key |
+ KasKeyIdentifier |
|
- option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field |
+ Alternative way to specify the active key using KAS ID and Key ID |
- | fqn |
- string |
+ new_key |
+ RotateKeyRequest.NewKey |
|
- |
+ Information about the new key to be rotated in |
-
-
- Fields with deprecated option
-
-
-
- | Name |
- Option |
-
-
-
-
-
- | id |
- true |
-
-
-
-
-
-
- GetNamespaceResponse
-
+ RotateKeyRequest.NewKey
+ Nested message for specifying the new key details
@@ -12459,53 +12903,54 @@ GetNamespaceResponse
- | namespace |
- policy.Namespace |
+ key_id |
+ string |
|
- |
+ Required |
-
-
-
-
-
-
-
- ListNamespacesRequest
-
-
-
-
-
- | Field | Type | Label | Description |
-
-
+
+ | algorithm |
+ policy.Algorithm |
+ |
+ Required |
+
- | state |
- common.ActiveStateEnum |
+ key_mode |
+ policy.KeyMode |
|
- Optional
-ACTIVE by default when not specified |
+ Required |
- | pagination |
- policy.PageRequest |
+ public_key_ctx |
+ policy.PublicKeyCtx |
|
- Optional |
+ Required |
- | sort |
- NamespacesSort |
- repeated |
- Optional - CONSTRAINT: max 1 item
-Sort defaults:
- - direction UNSPECIFIED defaults to DESC for the specified field
- - field UNSPECIFIED defaults to created_at with the specified direction
- - both UNSPECIFIED or sort omitted defaults to created_at DESC |
+ private_key_ctx |
+ policy.PrivateKeyCtx |
+ |
+ Required |
+
+
+
+ | provider_config_id |
+ string |
+ |
+ Conditionally Required.
+
+Validation handled by message-level CEL |
+
+
+
+ | metadata |
+ common.MetadataMutable |
+ |
+ Common metadata fields |
@@ -12515,8 +12960,8 @@ ListNamespacesRequest
- ListNamespacesResponse
-
+ RotateKeyResponse
+ Response message for the RotateKey request
@@ -12526,17 +12971,17 @@ ListNamespacesResponse
- | namespaces |
- policy.Namespace |
- repeated |
- |
+ kas_key |
+ policy.KasKey |
+ |
+ The newly rotated Kas Key |
- | pagination |
- policy.PageResponse |
+ rotated_resources |
+ RotatedResources |
|
- |
+ All resources that were rotated as part of the key rotation process |
@@ -12546,8 +12991,8 @@ ListNamespacesResponse
- NamespaceKey
-
+ RotatedResources
+ All resources that were rotated as part of the key rotation process
@@ -12557,17 +13002,31 @@ NamespaceKey
- | namespace_id |
- string |
+ rotated_out_key |
+ policy.KasKey |
|
- Required |
+ The old key that was rotated out |
- | key_id |
- string |
- |
- Required (The id from the Asymmetric Key object) |
+ attribute_definition_mappings |
+ ChangeMappings |
+ repeated |
+ |
+
+
+
+ | attribute_value_mappings |
+ ChangeMappings |
+ repeated |
+ |
+
+
+
+ | namespace_mappings |
+ ChangeMappings |
+ repeated |
+ |
@@ -12577,8 +13036,8 @@ NamespaceKey
- NamespaceKeyAccessServer
- Deprecated
+ SetBaseKeyRequest
+ Sets the specified key as the base key for the Key Access Server Note: The key must be active.
@@ -12588,17 +13047,17 @@ NamespaceKeyAccessServer
- | namespace_id |
+ id |
string |
|
- Required |
+ Current Key UUID tp be set as default |
- | key_access_server_id |
- string |
+ key |
+ KasKeyIdentifier |
|
- Required |
+ Alternative way to specify the key using KAS ID and Key ID |
@@ -12608,7 +13067,7 @@ NamespaceKeyAccessServerNamespacesSort
+ SetBaseKeyResponse
@@ -12619,17 +13078,17 @@ NamespacesSort
- | field |
- SortNamespacesType |
+ new_base_key |
+ policy.SimpleKasKey |
|
- |
+ The key that was set as base |
- | direction |
- policy.SortDirection |
+ previous_base_key |
+ policy.SimpleKasKey |
|
- |
+ The previous base key, if any |
@@ -12639,8 +13098,8 @@ NamespacesSort
- RemoveKeyAccessServerFromNamespaceRequest
- Deprecated: utilize RemovePublicKeyFromNamespaceRequest
+ UpdateKeyAccessServerRequest
+
@@ -12650,8 +13109,56 @@ RemoveKeyAc
- | namespace_key_access_server |
- NamespaceKeyAccessServer |
+ id |
+ string |
+ |
+ Required |
+
+
+
+ | uri |
+ string |
+ |
+ Optional |
+
+
+
+ | public_key |
+ policy.PublicKey |
+ |
+ Deprecated
+Optional |
+
+
+
+ | source_type |
+ policy.SourceType |
+ |
+ Optional
+Using UNSPECIFIED will result in a successful update,
+but will not actually update the underlying source.
+You should not update KAS's from INTERNAL/EXTERNAL
+to unspecified. |
+
+
+
+ | name |
+ string |
+ |
+ Optional |
+
+
+
+ | metadata |
+ common.MetadataMutable |
+ |
+ Optional
+Common metadata |
+
+
+
+ | metadata_update_behavior |
+ common.MetadataUpdateEnum |
|
|
@@ -12663,7 +13170,7 @@ RemoveKeyAc
- RemoveKeyAccessServerFromNamespaceResponse
+ UpdateKeyAccessServerResponse
@@ -12674,8 +13181,8 @@ RemoveKeyA
- | namespace_key_access_server |
- NamespaceKeyAccessServer |
+ key_access_server |
+ policy.KeyAccessServer |
|
|
@@ -12687,8 +13194,8 @@ RemoveKeyA
- RemovePublicKeyFromNamespaceRequest
-
+ UpdateKeyRequest
+ Update an existing asymmetric key in the Key Management System
@@ -12698,10 +13205,29 @@ RemovePublicKeyFr
- | namespace_key |
- NamespaceKey |
+ id |
+ string |
|
- |
+ Required
+
+The unique identifier of the key to update |
+
+
+
+ | metadata |
+ common.MetadataMutable |
+ |
+ Optional
+Common metadata
+
+Mutable metadata for the key |
+
+
+
+ | metadata_update_behavior |
+ common.MetadataUpdateEnum |
+ |
+ The behavior for updating the metadata |
@@ -12711,8 +13237,8 @@ RemovePublicKeyFr
- RemovePublicKeyFromNamespaceResponse
-
+ UpdateKeyResponse
+ Response to an UpdateKeyRequest, containing the updated asymmetric key
@@ -12722,10 +13248,10 @@ RemovePublicKeyF
- | namespace_key |
- NamespaceKey |
+ kas_key |
+ policy.KasKey |
|
- |
+ The updated kas key |
@@ -12735,7 +13261,7 @@ RemovePublicKeyF
- UpdateNamespaceRequest
+ UpdatePublicKeyRequest
@@ -12756,7 +13282,8 @@ UpdateNamespaceRequest
metadata |
common.MetadataMutable |
|
- Optional |
+ Optional
+Common metadata |
@@ -12773,7 +13300,7 @@ UpdateNamespaceRequest
- UpdateNamespaceResponse
+ UpdatePublicKeyResponse
@@ -12784,8 +13311,8 @@ UpdateNamespaceResponse
- | namespace |
- policy.Namespace |
+ key |
+ policy.Key |
|
|
@@ -12799,7 +13326,7 @@ UpdateNamespaceResponse
- SortNamespacesType
+ SortKasKeysType
@@ -12808,31 +13335,66 @@ SortNamespacesType
- | SORT_NAMESPACES_TYPE_UNSPECIFIED |
+ SORT_KAS_KEYS_TYPE_UNSPECIFIED |
0 |
|
- | SORT_NAMESPACES_TYPE_NAME |
+ SORT_KAS_KEYS_TYPE_KEY_ID |
1 |
|
- | SORT_NAMESPACES_TYPE_FQN |
+ SORT_KAS_KEYS_TYPE_CREATED_AT |
2 |
|
- | SORT_NAMESPACES_TYPE_CREATED_AT |
+ SORT_KAS_KEYS_TYPE_UPDATED_AT |
3 |
|
+
+
+
+ SortKeyAccessServersType
+
+
+
+ | Name | Number | Description |
+
+
+
- | SORT_NAMESPACES_TYPE_UPDATED_AT |
+ SORT_KEY_ACCESS_SERVERS_TYPE_UNSPECIFIED |
+ 0 |
+ |
+
+
+
+ | SORT_KEY_ACCESS_SERVERS_TYPE_NAME |
+ 1 |
+ |
+
+
+
+ | SORT_KEY_ACCESS_SERVERS_TYPE_URI |
+ 2 |
+ |
+
+
+
+ | SORT_KEY_ACCESS_SERVERS_TYPE_CREATED_AT |
+ 3 |
+ |
+
+
+
+ | SORT_KEY_ACCESS_SERVERS_TYPE_UPDATED_AT |
4 |
|
@@ -12844,7 +13406,7 @@ SortNamespacesType
- NamespaceService
+ KeyAccessServerRegistryService
@@ -12853,68 +13415,102 @@ NamespaceService
- | GetNamespace |
- GetNamespaceRequest |
- GetNamespaceResponse |
+ ListKeyAccessServers |
+ ListKeyAccessServersRequest |
+ ListKeyAccessServersResponse |
|
- | ListNamespaces |
- ListNamespacesRequest |
- ListNamespacesResponse |
+ GetKeyAccessServer |
+ GetKeyAccessServerRequest |
+ GetKeyAccessServerResponse |
|
- | CreateNamespace |
- CreateNamespaceRequest |
- CreateNamespaceResponse |
+ CreateKeyAccessServer |
+ CreateKeyAccessServerRequest |
+ CreateKeyAccessServerResponse |
|
- | UpdateNamespace |
- UpdateNamespaceRequest |
- UpdateNamespaceResponse |
+ UpdateKeyAccessServer |
+ UpdateKeyAccessServerRequest |
+ UpdateKeyAccessServerResponse |
|
- | DeactivateNamespace |
- DeactivateNamespaceRequest |
- DeactivateNamespaceResponse |
+ DeleteKeyAccessServer |
+ DeleteKeyAccessServerRequest |
+ DeleteKeyAccessServerResponse |
|
- | AssignKeyAccessServerToNamespace |
- AssignKeyAccessServerToNamespaceRequest |
- AssignKeyAccessServerToNamespaceResponse |
- Deprecated: utilize AssignPublicKeyToNamespace |
+ ListKeyAccessServerGrants |
+ ListKeyAccessServerGrantsRequest |
+ ListKeyAccessServerGrantsResponse |
+ Deprecated |
+
+
+
+ | CreateKey |
+ CreateKeyRequest |
+ CreateKeyResponse |
+ KAS Key Management
+Request to create a new key in the Key Access Service. |
+
+
+
+ | GetKey |
+ GetKeyRequest |
+ GetKeyResponse |
+ Request to retrieve a key from the Key Access Service. |
+
+
+
+ | ListKeys |
+ ListKeysRequest |
+ ListKeysResponse |
+ Request to list keys in the Key Access Service. |
+
+
+
+ | UpdateKey |
+ UpdateKeyRequest |
+ UpdateKeyResponse |
+ Request to update a key in the Key Access Service. |
+
+
+
+ | RotateKey |
+ RotateKeyRequest |
+ RotateKeyResponse |
+ Request to rotate a key in the Key Access Service. |
- | RemoveKeyAccessServerFromNamespace |
- RemoveKeyAccessServerFromNamespaceRequest |
- RemoveKeyAccessServerFromNamespaceResponse |
- Deprecated: utilize RemovePublicKeyFromNamespace |
+ SetBaseKey |
+ SetBaseKeyRequest |
+ SetBaseKeyResponse |
+ Request to set the default a default kas key. |
- | AssignPublicKeyToNamespace |
- AssignPublicKeyToNamespaceRequest |
- AssignPublicKeyToNamespaceResponse |
- --------------------------------------*
-Namespace <> Key RPCs
---------------------------------------- |
+ GetBaseKey |
+ GetBaseKeyRequest |
+ GetBaseKeyResponse |
+ Get Default kas keys |
- | RemovePublicKeyFromNamespace |
- RemovePublicKeyFromNamespaceRequest |
- RemovePublicKeyFromNamespaceResponse |
- |
+ ListKeyMappings |
+ ListKeyMappingsRequest |
+ ListKeyMappingsResponse |
+ Request to list key mappings in the Key Access Service. |
@@ -12934,12 +13530,7 @@ Methods with deprecated option
- | AssignKeyAccessServerToNamespace |
- true |
-
-
-
- | RemoveKeyAccessServerFromNamespace |
+ ListKeyAccessServerGrants |
true |
@@ -12960,12 +13551,17 @@ Methods with idempotency_level option
- | GetNamespace |
+ ListKeyAccessServers |
NO_SIDE_EFFECTS |
- | ListNamespaces |
+ GetKeyAccessServer |
+ NO_SIDE_EFFECTS |
+
+
+
+ | ListKeyAccessServerGrants |
NO_SIDE_EFFECTS |
@@ -12974,224 +13570,15 @@ Methods with idempotency_level option
-
-
- policy/obligations/obligations.protoTop
- AddObligationTriggerRequest
- Obligation Triggers are owned by the namespace that owns the action and attribute value, which must be the same. In this way, a trigger can intentionally cross namespace boundaries: associating obligation values of a different namespace than the one that owns the action being taken or the attribute value.
-
-
-
-
-
-
-
-
- AddObligationTriggerResponse
-
-
-
-
-
-
-
-
-
- CreateObligationRequest
-
-
-
-
-
- | Field | Type | Label | Description |
-
-
-
-
- | namespace_id |
- string |
- |
- |
-
-
-
- | namespace_fqn |
- string |
- |
- |
-
-
-
- | name |
- string |
- |
- |
-
-
-
- | values |
- string |
- repeated |
- Optional |
-
-
-
- | metadata |
- common.MetadataMutable |
- |
- Optional
-Common metadata |
-
-
-
-
-
-
-
-
-
- CreateObligationResponse
-
-
-
-
-
-
-
-
-
- CreateObligationValueRequest
-
-
-
-
-
- | Field | Type | Label | Description |
-
-
-
-
- | obligation_id |
- string |
- |
- |
-
-
-
- | obligation_fqn |
- string |
- |
- |
-
-
-
- | value |
- string |
- |
- |
-
-
-
- | triggers |
- ValueTriggerRequest |
- repeated |
- Optional
-Combination of action and attribute_value that will trigger this obligation value policy decisioning. |
-
-
-
- | metadata |
- common.MetadataMutable |
- |
- Optional
-Common metadata |
-
-
-
-
-
-
+
+
+ policy/keymanagement/key_management.protoTop
+ CreateObligationValueResponse
-
+ CreateProviderConfigRequest
+ Provider Configuration Requests and Response Messages
@@ -13201,41 +13588,34 @@ CreateObligationValueR
- | value |
- policy.ObligationValue |
+ name |
+ string |
|
- |
+ Required
+The name of the key provider. (e.g. "AWS KMS Instance 1", "Google Cloud KMS Instance 2") |
-
-
-
-
-
-
-
- DeleteObligationRequest
-
-
-
-
-
- | Field | Type | Label | Description |
-
-
+
+ | config_json |
+ bytes |
+ |
+ Required
+JSON configuration for the key provider. This is unique to individual key providers. |
+
- | id |
+ manager |
string |
|
- |
+ Required
+The type of key manager (e.g. "aws", "gcp", "azure", "opentdf.io/basic") |
- | fqn |
- string |
+ metadata |
+ common.MetadataMutable |
|
- |
+ Common metadata |
@@ -13245,7 +13625,7 @@ DeleteObligationRequest
- DeleteObligationResponse
+ CreateProviderConfigResponse
@@ -13256,8 +13636,8 @@ DeleteObligationResponse
- | obligation |
- policy.Obligation |
+ provider_config |
+ policy.KeyProviderConfig |
|
|
@@ -13269,8 +13649,8 @@ DeleteObligationResponseDeleteObligationValueRequest
-
+ DeleteProviderConfigRequest
+ In order to delete a provider configuration you must first delete all keys associated with the provider.
@@ -13283,14 +13663,7 @@ DeleteObligationValueRe
| id |
string |
|
- |
-
-
-
- | fqn |
- string |
- |
- |
+ Required |
@@ -13300,7 +13673,7 @@ DeleteObligationValueRe
- DeleteObligationValueResponse
+ DeleteProviderConfigResponse
@@ -13311,8 +13684,8 @@ DeleteObligationValueR
- | value |
- policy.ObligationValue |
+ provider_config |
+ policy.KeyProviderConfig |
|
|
@@ -13324,7 +13697,7 @@ DeleteObligationValueR
- GetObligationRequest
+ GetProviderConfigRequest
@@ -13342,12 +13715,19 @@ GetObligationRequest
- | fqn |
+ name |
string |
|
|
+
+ | manager |
+ string |
+ |
+ Optional - filter by manager type when searching by name |
+
+
@@ -13355,7 +13735,7 @@ GetObligationRequest
- GetObligationResponse
+ GetProviderConfigResponse
@@ -13366,8 +13746,8 @@ GetObligationResponse
- | obligation |
- policy.Obligation |
+ provider_config |
+ policy.KeyProviderConfig |
|
|
@@ -13379,8 +13759,8 @@ GetObligationResponse
- GetObligationTriggerRequest
- Triggers
+ ListProviderConfigsRequest
+
@@ -13390,10 +13770,10 @@ GetObligationTriggerRequ
- | id |
- string |
+ pagination |
+ policy.PageRequest |
|
- Required |
+ Optional |
@@ -13403,7 +13783,7 @@ GetObligationTriggerRequ
- GetObligationTriggerResponse
+ ListProviderConfigsResponse
@@ -13414,8 +13794,15 @@ GetObligationTriggerRes
- | trigger |
- policy.ObligationTrigger |
+ provider_configs |
+ policy.KeyProviderConfig |
+ repeated |
+ |
+
+
+
+ | pagination |
+ policy.PageResponse |
|
|
@@ -13427,8 +13814,8 @@ GetObligationTriggerRes
- GetObligationValueRequest
- Values
+ UpdateProviderConfigRequest
+
@@ -13441,13 +13828,42 @@ GetObligationValueRequest<
| id |
string |
|
- |
+ Required |
- | fqn |
+ name |
+ string |
+ |
+ Optional |
+
+
+
+ | config_json |
+ bytes |
+ |
+ Optional |
+
+
+
+ | manager |
string |
|
+ Optional |
+
+
+
+ | metadata |
+ common.MetadataMutable |
+ |
+ Optional
+Common metadata |
+
+
+
+ | metadata_update_behavior |
+ common.MetadataUpdateEnum |
+ |
|
@@ -13458,7 +13874,7 @@ GetObligationValueRequest<
- GetObligationValueResponse
+ UpdateProviderConfigResponse
@@ -13469,8 +13885,8 @@ GetObligationValueRespons
- | value |
- policy.ObligationValue |
+ provider_config |
+ policy.KeyProviderConfig |
|
|
@@ -13482,8 +13898,70 @@ GetObligationValueRespons
- GetObligationValuesByFQNsRequest
+
+
+
+
+
+
+ KeyManagementService
+
+
+
+
+
+
+ policy/namespaces/namespaces.protoTop
+ AssignKeyAccessServerToNamespaceRequest
+ Deprecated: utilize AssignPublicKeyToNamespaceRequest
@@ -13493,9 +13971,9 @@ GetObligationValues
- | fqns |
- string |
- repeated |
+ namespace_key_access_server |
+ NamespaceKeyAccessServer |
+ |
|
@@ -13506,7 +13984,7 @@ GetObligationValues
- GetObligationValuesByFQNsResponse
+ AssignKeyAccessServerToNamespaceResponse
@@ -13517,9 +13995,9 @@ GetObligationValue
- | fqn_value_map |
- GetObligationValuesByFQNsResponse.FqnValueMapEntry |
- repeated |
+ namespace_key_access_server |
+ NamespaceKeyAccessServer |
+ |
|
@@ -13530,8 +14008,8 @@ GetObligationValue
- GetObligationValuesByFQNsResponse.FqnValueMapEntry
-
+ AssignPublicKeyToNamespaceRequest
+ Assign Key to Namespace
@@ -13541,15 +14019,32 @@
+
+
+
+
+
+ AssignPublicKeyToNamespaceResponse
+
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
- | value |
- policy.ObligationValue |
+ namespace_key |
+ NamespaceKey |
|
|
@@ -13561,7 +14056,7 @@ G
- GetObligationsByFQNsRequest
+ CreateNamespaceRequest
@@ -13572,10 +14067,17 @@ GetObligationsByFQNsRequ
- | fqns |
+ name |
string |
- repeated |
- |
+ |
+ Required |
+
+
+
+ | metadata |
+ common.MetadataMutable |
+ |
+ Optional |
@@ -13585,7 +14087,7 @@ GetObligationsByFQNsRequ
- GetObligationsByFQNsResponse
+ CreateNamespaceResponse
@@ -13596,9 +14098,9 @@ GetObligationsByFQNsRes
- | fqn_obligation_map |
- GetObligationsByFQNsResponse.FqnObligationMapEntry |
- repeated |
+ namespace |
+ policy.Namespace |
+ |
|
@@ -13609,7 +14111,7 @@ GetObligationsByFQNsRes
- GetObligationsByFQNsResponse.FqnObligationMapEntry
+ DeactivateNamespaceRequest
@@ -13620,17 +14122,10 @@ G
- | key |
+ id |
string |
|
- |
-
-
-
- | value |
- policy.Obligation |
- |
- |
+ Required |
@@ -13640,7 +14135,14 @@ G
- ListObligationTriggersRequest
+ DeactivateNamespaceResponse
+
+
+
+
+
+
+ GetNamespaceRequest
@@ -13651,34 +14153,55 @@ ListObligationTriggers
- | namespace_id |
+ id |
string |
|
- |
+ Deprecated. Deprecated |
- | namespace_fqn |
+ namespace_id |
string |
|
- |
+ option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field |
- | pagination |
- policy.PageRequest |
+ fqn |
+ string |
|
- Optional |
+ |
+
+
+ Fields with deprecated option
+
+
+
+ | Name |
+ Option |
+
+
+
+
+
+ | id |
+ true |
+
+
+
+
+
+
- ListObligationTriggersResponse
+ GetNamespaceResponse
@@ -13689,15 +14212,8 @@ ListObligationTrigger
- | triggers |
- policy.ObligationTrigger |
- repeated |
- |
-
-
-
- | pagination |
- policy.PageResponse |
+ namespace |
+ policy.Namespace |
|
|
@@ -13709,7 +14225,7 @@ ListObligationTrigger
- ListObligationsRequest
+ ListNamespacesRequest
@@ -13720,17 +14236,11 @@ ListObligationsRequest
- | namespace_id |
- string |
- |
- |
-
-
-
- | namespace_fqn |
- string |
+ state |
+ common.ActiveStateEnum |
|
- |
+ Optional
+ACTIVE by default when not specified |
@@ -13742,7 +14252,7 @@ ListObligationsRequest
| sort |
- ObligationsSort |
+ NamespacesSort |
repeated |
Optional - CONSTRAINT: max 1 item
Sort defaults:
@@ -13758,7 +14268,7 @@ ListObligationsRequest
- ListObligationsResponse
+ ListNamespacesResponse
@@ -13769,8 +14279,8 @@ ListObligationsResponse
|
- | obligations |
- policy.Obligation |
+ namespaces |
+ policy.Namespace |
repeated |
|
@@ -13789,7 +14299,7 @@ ListObligationsResponse
- ObligationsSort
+ NamespaceKey
@@ -13800,17 +14310,17 @@ ObligationsSort
- | field |
- SortObligationsType |
+ namespace_id |
+ string |
|
- |
+ Required |
- | direction |
- policy.SortDirection |
+ key_id |
+ string |
|
- |
+ Required (The id from the Asymmetric Key object) |
@@ -13820,8 +14330,8 @@ ObligationsSort
- RemoveObligationTriggerRequest
-
+ NamespaceKeyAccessServer
+ Deprecated
@@ -13831,7 +14341,14 @@ RemoveObligationTrigg
- | id |
+ namespace_id |
+ string |
+ |
+ Required |
+
+
+
+ | key_access_server_id |
string |
|
Required |
@@ -13844,7 +14361,7 @@ RemoveObligationTrigg
- RemoveObligationTriggerResponse
+ NamespacesSort
@@ -13855,8 +14372,15 @@ RemoveObligationTrig
- | trigger |
- policy.ObligationTrigger |
+ field |
+ SortNamespacesType |
+ |
+ |
+
+
+
+ | direction |
+ policy.SortDirection |
|
|
@@ -13868,8 +14392,8 @@ RemoveObligationTrig
- UpdateObligationRequest
-
+ RemoveKeyAccessServerFromNamespaceRequest
+ Deprecated: utilize RemovePublicKeyFromNamespaceRequest
@@ -13879,29 +14403,8 @@ UpdateObligationRequest
- | id |
- string |
- |
- Required |
-
-
-
- | name |
- string |
- |
- Optional |
-
-
-
- | metadata |
- common.MetadataMutable |
- |
- |
-
-
-
- | metadata_update_behavior |
- common.MetadataUpdateEnum |
+ namespace_key_access_server |
+ NamespaceKeyAccessServer |
|
|
@@ -13913,7 +14416,7 @@ UpdateObligationRequest
- UpdateObligationResponse
+ RemoveKeyAccessServerFromNamespaceResponse
@@ -13924,8 +14427,8 @@ UpdateObligationResponse
- | obligation |
- policy.Obligation |
+ namespace_key_access_server |
+ NamespaceKeyAccessServer |
|
|
@@ -13937,7 +14440,7 @@ UpdateObligationResponseUpdateObligationValueRequest
+ RemovePublicKeyFromNamespaceRequest
@@ -13948,38 +14451,32 @@ UpdateObligationValueRe
- | id |
- string |
- |
- Required |
-
-
-
- | value |
- string |
+ namespace_key |
+ NamespaceKey |
|
- Optional |
-
-
-
- | triggers |
- ValueTriggerRequest |
- repeated |
- Optional
-Obligation Triggers provided here will replace all existing records in the database. |
+ |
-
- | metadata |
- common.MetadataMutable |
- |
- Optional
-Common metadata |
-
+
+
+
+
+
+
+
+ RemovePublicKeyFromNamespaceResponse
+
+
+
+
+
+ | Field | Type | Label | Description |
+
+
- | metadata_update_behavior |
- common.MetadataUpdateEnum |
+ namespace_key |
+ NamespaceKey |
|
|
@@ -13991,7 +14488,7 @@ UpdateObligationValueRe
- UpdateObligationValueResponse
+ UpdateNamespaceRequest
@@ -14002,8 +14499,22 @@ UpdateObligationValueR
- | value |
- policy.ObligationValue |
+ id |
+ string |
+ |
+ Required |
+
+
+
+ | metadata |
+ common.MetadataMutable |
+ |
+ Optional |
+
+
+
+ | metadata_update_behavior |
+ common.MetadataUpdateEnum |
|
|
@@ -14015,7 +14526,7 @@ UpdateObligationValueR
- ValueTriggerRequest
+ UpdateNamespaceResponse
@@ -14026,24 +14537,10 @@ ValueTriggerRequest
- | action |
- common.IdNameIdentifier |
- |
- Required. The ID of the action that will trigger this obligation value policy decisioning. |
-
-
-
- | attribute_value |
- common.IdFqnIdentifier |
- |
- Required. The attribute value ID that will trigger this obligation value policy decisioning. |
-
-
-
- | context |
- policy.RequestContext |
+ namespace |
+ policy.Namespace |
|
- Optional. The request context for this obligation value policy decisioning. |
+ |
@@ -14055,7 +14552,7 @@ ValueTriggerRequest
- SortObligationsType
+ SortNamespacesType
@@ -14064,31 +14561,31 @@ SortObligationsType
- | SORT_OBLIGATIONS_TYPE_UNSPECIFIED |
+ SORT_NAMESPACES_TYPE_UNSPECIFIED |
0 |
|
- | SORT_OBLIGATIONS_TYPE_NAME |
+ SORT_NAMESPACES_TYPE_NAME |
1 |
|
- | SORT_OBLIGATIONS_TYPE_FQN |
+ SORT_NAMESPACES_TYPE_FQN |
2 |
|
- | SORT_OBLIGATIONS_TYPE_CREATED_AT |
+ SORT_NAMESPACES_TYPE_CREATED_AT |
3 |
|
- | SORT_OBLIGATIONS_TYPE_UPDATED_AT |
+ SORT_NAMESPACES_TYPE_UPDATED_AT |
4 |
|
@@ -14100,8 +14597,8 @@ SortObligationsType
- Service
- Obligation Service /
+ NamespaceService
+
| Method Name | Request Type | Response Type | Description |
@@ -14109,107 +14606,67 @@ Service
- | ListObligations |
- ListObligationsRequest |
- ListObligationsResponse |
- |
-
-
-
- | GetObligation |
- GetObligationRequest |
- GetObligationResponse |
- |
-
-
-
- | GetObligationsByFQNs |
- GetObligationsByFQNsRequest |
- GetObligationsByFQNsResponse |
- |
-
-
-
- | CreateObligation |
- CreateObligationRequest |
- CreateObligationResponse |
- |
-
-
-
- | UpdateObligation |
- UpdateObligationRequest |
- UpdateObligationResponse |
- |
-
-
-
- | DeleteObligation |
- DeleteObligationRequest |
- DeleteObligationResponse |
- |
-
-
-
- | GetObligationValue |
- GetObligationValueRequest |
- GetObligationValueResponse |
+ GetNamespace |
+ GetNamespaceRequest |
+ GetNamespaceResponse |
|
- | GetObligationValuesByFQNs |
- GetObligationValuesByFQNsRequest |
- GetObligationValuesByFQNsResponse |
+ ListNamespaces |
+ ListNamespacesRequest |
+ ListNamespacesResponse |
|
- | CreateObligationValue |
- CreateObligationValueRequest |
- CreateObligationValueResponse |
+ CreateNamespace |
+ CreateNamespaceRequest |
+ CreateNamespaceResponse |
|
- | UpdateObligationValue |
- UpdateObligationValueRequest |
- UpdateObligationValueResponse |
+ UpdateNamespace |
+ UpdateNamespaceRequest |
+ UpdateNamespaceResponse |
|
- | DeleteObligationValue |
- DeleteObligationValueRequest |
- DeleteObligationValueResponse |
+ DeactivateNamespace |
+ DeactivateNamespaceRequest |
+ DeactivateNamespaceResponse |
|
- | GetObligationTrigger |
- GetObligationTriggerRequest |
- GetObligationTriggerResponse |
- |
+ AssignKeyAccessServerToNamespace |
+ AssignKeyAccessServerToNamespaceRequest |
+ AssignKeyAccessServerToNamespaceResponse |
+ Deprecated: utilize AssignPublicKeyToNamespace |
- | AddObligationTrigger |
- AddObligationTriggerRequest |
- AddObligationTriggerResponse |
- |
+ RemoveKeyAccessServerFromNamespace |
+ RemoveKeyAccessServerFromNamespaceRequest |
+ RemoveKeyAccessServerFromNamespaceResponse |
+ Deprecated: utilize RemovePublicKeyFromNamespace |
- | RemoveObligationTrigger |
- RemoveObligationTriggerRequest |
- RemoveObligationTriggerResponse |
- |
+ AssignPublicKeyToNamespace |
+ AssignPublicKeyToNamespaceRequest |
+ AssignPublicKeyToNamespaceResponse |
+ --------------------------------------*
+Namespace <> Key RPCs
+--------------------------------------- |
- | ListObligationTriggers |
- ListObligationTriggersRequest |
- ListObligationTriggersResponse |
+ RemovePublicKeyFromNamespace |
+ RemovePublicKeyFromNamespaceRequest |
+ RemovePublicKeyFromNamespaceResponse |
|
@@ -14219,7 +14676,7 @@ Service
- Methods with idempotency_level option
+ Methods with deprecated option
@@ -14230,37 +14687,38 @@ Methods with idempotency_level option
- | ListObligations |
- NO_SIDE_EFFECTS |
-
-
-
- | GetObligation |
- NO_SIDE_EFFECTS |
-
-
-
- | GetObligationsByFQNs |
- NO_SIDE_EFFECTS |
+ AssignKeyAccessServerToNamespace |
+ true |
- | GetObligationValue |
- NO_SIDE_EFFECTS |
+ RemoveKeyAccessServerFromNamespace |
+ true |
+
+
+
+
+
+
+ Methods with idempotency_level option
+
+
- | GetObligationValuesByFQNs |
- NO_SIDE_EFFECTS |
+ Method Name |
+ Option |
+
+
- | GetObligationTrigger |
+ GetNamespace |
NO_SIDE_EFFECTS |
- | ListObligationTriggers |
+ ListNamespaces |
NO_SIDE_EFFECTS |
@@ -14271,13 +14729,13 @@ Methods with idempotency_level option
- policy/registeredresources/registered_resources.protoTop
+ policy/obligations/obligations.protoTop
ActionAttributeValue
-
+ AddObligationTriggerRequest
+ Obligation Triggers are owned by the namespace that owns the action and attribute value, which must be the same. In this way, a trigger can intentionally cross namespace boundaries: associating obligation values of a different namespace than the one that owns the action being taken or the attribute value.
+
+
+
+
+
+ AddObligationTriggerResponse
+
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
+
+ | trigger |
+ policy.ObligationTrigger |
|
|
@@ -14321,7 +14812,7 @@ ActionAttributeValueCreateRegisteredResourceRequest
+ CreateObligationRequest
@@ -14332,33 +14823,31 @@ CreateRegist
- | name |
+ namespace_id |
string |
|
- Required |
+ |
- | values |
+ namespace_fqn |
string |
- repeated |
- Optional
-Registered Resource Values (when provided) must be alphanumeric strings, allowing hyphens and underscores but not as the first or last character.
-The stored value will be normalized to lower case. |
+ |
+ |
- | namespace_id |
+ name |
string |
|
|
- | namespace_fqn |
+ values |
string |
- |
- |
+ repeated |
+ Optional |
@@ -14376,7 +14865,7 @@ CreateRegist
- CreateRegisteredResourceResponse
+ CreateObligationResponse
@@ -14387,8 +14876,8 @@ CreateRegis
- | resource |
- policy.RegisteredResource |
+ obligation |
+ policy.Obligation |
|
|
@@ -14400,7 +14889,7 @@ CreateRegis
- CreateRegisteredResourceValueRequest
+ CreateObligationValueRequest
@@ -14411,26 +14900,32 @@ CreateR
- | resource_id |
+ obligation_id |
string |
|
- Required |
+ |
+
+
+
+ | obligation_fqn |
+ string |
+ |
+ |
| value |
string |
|
- Required |
+ |
- | action_attribute_values |
- ActionAttributeValue |
+ triggers |
+ ValueTriggerRequest |
repeated |
Optional
-The associated Action <> AttributeValue combinations to be utilized in authorization/entitlement decisioning
-(i.e. action read -> attribute value https://example.com/attr/department/value/marketing) |
+Combination of action and attribute_value that will trigger this obligation value policy decisioning.
@@ -14448,7 +14943,7 @@ CreateR
- CreateRegisteredResourceValueResponse
+ CreateObligationValueResponse
@@ -14460,7 +14955,7 @@ Create
| value |
- policy.RegisteredResourceValue |
+ policy.ObligationValue |
|
|
@@ -14472,7 +14967,7 @@ Create
- DeleteRegisteredResourceRequest
+ DeleteObligationRequest
@@ -14486,7 +14981,14 @@ DeleteRegist
| id |
string |
|
- Required |
+ |
+
+
+
+ | fqn |
+ string |
+ |
+ |
@@ -14496,7 +14998,7 @@ DeleteRegist
- DeleteRegisteredResourceResponse
+ DeleteObligationResponse
@@ -14507,8 +15009,8 @@ DeleteRegis
- | resource |
- policy.RegisteredResource |
+ obligation |
+ policy.Obligation |
|
|
@@ -14520,7 +15022,7 @@ DeleteRegis
- DeleteRegisteredResourceValueRequest
+ DeleteObligationValueRequest
@@ -14534,7 +15036,14 @@ DeleteR
| id |
string |
|
- Required |
+ |
+
+
+
+ | fqn |
+ string |
+ |
+ |
@@ -14544,7 +15053,7 @@ DeleteR
- DeleteRegisteredResourceValueResponse
+ DeleteObligationValueResponse
@@ -14556,7 +15065,7 @@
@@ -14586,24 +15095,58 @@ GetRegisteredRe
- | name |
+ fqn |
string |
|
|
+
+
+
+
+
+
+
+ GetObligationResponse
+
+
+
+
+
+
+
+
+
+ GetObligationTriggerRequest
+ Triggers
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
- | namespace_id |
+ id |
string |
|
- |
+ Required |
@@ -14613,7 +15156,7 @@ GetRegisteredRe
- GetRegisteredResourceResponse
+ GetObligationTriggerResponse
@@ -14624,8 +15167,8 @@ GetRegisteredR
- | resource |
- policy.RegisteredResource |
+ trigger |
+ policy.ObligationTrigger |
|
|
@@ -14637,8 +15180,8 @@ GetRegisteredR
- GetRegisteredResourceValueRequest
-
+ GetObligationValueRequest
+ Values
@@ -14668,7 +15211,7 @@ GetRegiste
- GetRegisteredResourceValueResponse
+ GetObligationValueResponse
@@ -14680,7 +15223,7 @@ GetRegist
| value |
- policy.RegisteredResourceValue |
+ policy.ObligationValue |
|
|
@@ -14692,7 +15235,7 @@ GetRegist
- GetRegisteredResourceValuesByFQNsRequest
+ GetObligationValuesByFQNsRequest
@@ -14706,7 +15249,7 @@ Get
| fqns |
string |
repeated |
- Required |
+ |
@@ -14716,7 +15259,7 @@ Get
- GetRegisteredResourceValuesByFQNsResponse
+ GetObligationValuesByFQNsResponse
@@ -14728,7 +15271,7 @@
@@ -14759,7 +15302,7 @@ policy.RegisteredResourceValue
+ | policy.ObligationValue |
|
|
@@ -14771,7 +15314,7 @@ ListRegisteredResourceValuesRequest
+ GetObligationsByFQNsRequest
@@ -14782,10 +15325,96 @@ ListRegi
- | resource_id |
+ fqns |
+ string |
+ repeated |
+ |
+
+
+
+
+
+
+
+
+
+ GetObligationsByFQNsResponse
+
+
+
+
+
+
+
+
+
+ GetObligationsByFQNsResponse.FqnObligationMapEntry
+
+
+
+
+
+
+
+
+
+ ListObligationTriggersRequest
+
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
+
+ | namespace_id |
+ string |
+ |
+ |
+
+
+
+ | namespace_fqn |
+ string |
+ |
+ |
@@ -14802,7 +15431,7 @@ ListRegi
- ListRegisteredResourceValuesResponse
+ ListObligationTriggersResponse
@@ -14813,8 +15442,8 @@ ListReg
- | values |
- policy.RegisteredResourceValue |
+ triggers |
+ policy.ObligationTrigger |
repeated |
|
@@ -14833,7 +15462,7 @@ ListReg
- ListRegisteredResourcesRequest
+ ListObligationsRequest
@@ -14866,7 +15495,7 @@ ListRegistere
| sort |
- RegisteredResourcesSort |
+ ObligationsSort |
repeated |
Optional - CONSTRAINT: max 1 item
Sort defaults:
@@ -14882,7 +15511,7 @@ ListRegistere
- ListRegisteredResourcesResponse
+ ListObligationsResponse
@@ -14893,8 +15522,8 @@ |
+
- policy/resourcemapping/resource_mapping.protoTop
+ policy/registeredresources/registered_resources.protoTop
CreateResourceMappingGroupRequest
+ ActionAttributeValue
@@ -15241,12 +16040,50 @@ CreateResource
- | namespace_id |
+ action_id |
string |
|
- Required |
+ |
+
+
+
+ | action_name |
+ string |
+ |
+ |
+
+
+
+ | attribute_value_id |
+ string |
+ |
+ |
+
+
+
+ | attribute_value_fqn |
+ string |
+ |
+ |
+
+
+
+
+
+
+
+ CreateRegisteredResourceRequest
+
+
+
+
+
+ | Field | Type | Label | Description |
+
+
+
| name |
string |
@@ -15254,11 +16091,35 @@ CreateResource
Required |
+
+ | values |
+ string |
+ repeated |
+ Optional
+Registered Resource Values (when provided) must be alphanumeric strings, allowing hyphens and underscores but not as the first or last character.
+The stored value will be normalized to lower case. |
+
+
+
+ | namespace_id |
+ string |
+ |
+ |
+
+
+
+ | namespace_fqn |
+ string |
+ |
+ |
+
+
| metadata |
common.MetadataMutable |
|
- Common metadata |
+ Optional
+Common metadata |
@@ -15268,7 +16129,7 @@ CreateResource
- CreateResourceMappingGroupResponse
+ CreateRegisteredResourceResponse
@@ -15279,8 +16140,8 @@ CreateResourc
- | resource_mapping_group |
- policy.ResourceMappingGroup |
+ resource |
+ policy.RegisteredResource |
|
|
@@ -15292,7 +16153,7 @@ CreateResourc
- CreateResourceMappingRequest
+ CreateRegisteredResourceValueRequest
@@ -15303,31 +16164,34 @@ CreateResourceMappi
- | attribute_value_id |
+ resource_id |
string |
|
Required |
- | terms |
+ value |
string |
- repeated |
+ |
Required |
- | group_id |
- string |
- |
- Optional |
+ action_attribute_values |
+ ActionAttributeValue |
+ repeated |
+ Optional
+The associated Action <> AttributeValue combinations to be utilized in authorization/entitlement decisioning
+(i.e. action read -> attribute value https://example.com/attr/department/value/marketing) |
| metadata |
common.MetadataMutable |
|
- Optional |
+ Optional
+Common metadata |
@@ -15337,7 +16201,7 @@ CreateResourceMappi
- CreateResourceMappingResponse
+ CreateRegisteredResourceValueResponse
@@ -15348,8 +16212,8 @@ CreateResourceMapp
- | resource_mapping |
- policy.ResourceMapping |
+ value |
+ policy.RegisteredResourceValue |
|
|
@@ -15361,7 +16225,7 @@ CreateResourceMapp
- DeleteResourceMappingGroupRequest
+ DeleteRegisteredResourceRequest
@@ -15385,7 +16249,7 @@ DeleteResource
- DeleteResourceMappingGroupResponse
+ DeleteRegisteredResourceResponse
@@ -15396,8 +16260,8 @@ DeleteResourc
- | resource_mapping_group |
- policy.ResourceMappingGroup |
+ resource |
+ policy.RegisteredResource |
|
|
@@ -15409,7 +16273,7 @@ DeleteResourc
- DeleteResourceMappingRequest
+ DeleteRegisteredResourceValueRequest
@@ -15433,7 +16297,7 @@ DeleteResourceMappi
- DeleteResourceMappingResponse
+ DeleteRegisteredResourceValueResponse
@@ -15444,8 +16308,8 @@ DeleteResourceMapp
- | resource_mapping |
- policy.ResourceMapping |
+ value |
+ policy.RegisteredResourceValue |
|
|
@@ -15457,7 +16321,7 @@ DeleteResourceMapp
- GetResourceMappingGroupRequest
+ GetRegisteredResourceRequest
@@ -15471,7 +16335,28 @@ GetResourceMappin
| id |
string |
|
- Required |
+ |
+
+
+
+ | name |
+ string |
+ |
+ |
+
+
+
+ | namespace_fqn |
+ string |
+ |
+ |
+
+
+
+ | namespace_id |
+ string |
+ |
+ |
@@ -15481,7 +16366,7 @@ GetResourceMappin
- GetResourceMappingGroupResponse
+ GetRegisteredResourceResponse
@@ -15492,8 +16377,8 @@ GetResourceMappi
- | resource_mapping_group |
- policy.ResourceMappingGroup |
+ resource |
+ policy.RegisteredResource |
|
|
@@ -15505,7 +16390,7 @@ GetResourceMappi
- GetResourceMappingRequest
+ GetRegisteredResourceValueRequest
@@ -15519,7 +16404,14 @@ GetResourceMappingRequ
| id |
string |
|
- Required |
+ |
+
+
+
+ | fqn |
+ string |
+ |
+ |
@@ -15529,7 +16421,7 @@ GetResourceMappingRequ
- GetResourceMappingResponse
+ GetRegisteredResourceValueResponse
@@ -15540,8 +16432,8 @@ GetResourceMappingRes
- | resource_mapping |
- policy.ResourceMapping |
+ value |
+ policy.RegisteredResourceValue |
|
|
@@ -15553,7 +16445,7 @@ GetResourceMappingRes
- ListResourceMappingGroupsRequest
+ GetRegisteredResourceValuesByFQNsRequest
@@ -15564,17 +16456,10 @@ ListResourceMap
- | namespace_id |
+ fqns |
string |
- |
- Optional |
-
-
-
- | pagination |
- policy.PageRequest |
- |
- Optional |
+ repeated |
+ Required |
@@ -15584,7 +16469,7 @@ ListResourceMap
- ListResourceMappingGroupsResponse
+ GetRegisteredResourceValuesByFQNsResponse
@@ -15595,19 +16480,12 @@
@@ -15615,7 +16493,7 @@ ListResourceMa
- ListResourceMappingsByGroupFqnsRequest
+ GetRegisteredResourceValuesByFQNsResponse.FqnValueMapEntry
@@ -15626,11 +16504,17 @@ ListResou
- | fqns |
- string |
- repeated |
- Required
-Structure of the RM Group FQN is 'https://<namespace>/resm/<group name>' |
+ key |
+ string |
+ |
+ |
+
+
+
+ | value |
+ policy.RegisteredResourceValue |
+ |
+ |
@@ -15640,7 +16524,7 @@ ListResou
- ListResourceMappingsByGroupFqnsResponse
+ ListRegisteredResourceValuesRequest
@@ -15651,10 +16535,17 @@ ListReso
- | fqn_resource_mapping_groups |
- ListResourceMappingsByGroupFqnsResponse.FqnResourceMappingGroupsEntry |
- repeated |
- |
+ resource_id |
+ string |
+ |
+ Optional |
+
+
+
+ | pagination |
+ policy.PageRequest |
+ |
+ Optional |
@@ -15664,7 +16555,7 @@ ListReso
- ListResourceMappingsByGroupFqnsResponse.FqnResourceMappingGroupsEntry
+ ListRegisteredResourceValuesResponse
@@ -15675,15 +16566,15 @@
@@ -15706,10 +16597,17 @@ ListResourceMappings
- | group_id |
+ namespace_id |
string |
|
- Optional |
+ |
+
+
+
+ | namespace_fqn |
+ string |
+ |
+ |
@@ -15719,6 +16617,17 @@ ListResourceMappings
Optional |
+
+ | sort |
+ RegisteredResourcesSort |
+ repeated |
+ Optional - CONSTRAINT: max 1 item
+Sort defaults:
+ - direction UNSPECIFIED defaults to DESC for the specified field
+ - field UNSPECIFIED defaults to created_at with the specified direction
+ - both UNSPECIFIED or sort omitted defaults to created_at DESC |
+
+
@@ -15726,7 +16635,7 @@ ListResourceMappings
- ListResourceMappingsResponse
+ ListRegisteredResourcesResponse
@@ -15737,8 +16646,8 @@
+
- policy/subjectmapping/subject_mapping.protoTop
+ policy/resourcemapping/resource_mapping.protoTop
CreateSubjectConditionSetRequest
+ CreateResourceMappingGroupRequest
@@ -16103,24 +16994,24 @@ CreateSubjectCon
- | subject_condition_set |
- SubjectConditionSetCreate |
+ namespace_id |
+ string |
|
- |
+ Required |
- | namespace_id |
+ name |
string |
|
- |
+ Required |
- | namespace_fqn |
- string |
+ metadata |
+ common.MetadataMutable |
|
- |
+ Common metadata |
@@ -16130,7 +17021,7 @@ CreateSubjectCon
- CreateSubjectConditionSetResponse
+ CreateResourceMappingGroupResponse
@@ -16141,8 +17032,8 @@ CreateSubjectCo
- | subject_condition_set |
- policy.SubjectConditionSet |
+ resource_mapping_group |
+ policy.ResourceMappingGroup |
|
|
@@ -16154,7 +17045,7 @@ CreateSubjectCo
- CreateSubjectMappingRequest
+ CreateResourceMappingRequest
@@ -16168,46 +17059,21 @@ CreateSubjectMappingR
| attribute_value_id |
string |
|
- Required
-Attribute Value to be mapped to |
-
-
-
- | actions |
- policy.Action |
- repeated |
- Required
-The actions permitted by subjects in this mapping |
-
-
-
- | existing_subject_condition_set_id |
- string |
- |
- Either of the following:
-Reuse existing SubjectConditionSet (NOTE: prioritized over new_subject_condition_set) |
-
-
-
- | new_subject_condition_set |
- SubjectConditionSetCreate |
- |
- Create new SubjectConditionSet (NOTE: ignored if existing_subject_condition_set_id is provided) |
+ Required |
- | namespace_id |
+ terms |
string |
- |
- Optional
-Namespace ID or FQN for the subject mapping |
+ repeated |
+ Required |
- | namespace_fqn |
+ group_id |
string |
|
- |
+ Optional |
@@ -16224,7 +17090,7 @@ CreateSubjectMappingR
- CreateSubjectMappingResponse
+ CreateResourceMappingResponse
@@ -16235,8 +17101,8 @@ CreateSubjectMapping
- | subject_mapping |
- policy.SubjectMapping |
+ resource_mapping |
+ policy.ResourceMapping |
|
|
@@ -16248,38 +17114,7 @@ CreateSubjectMapping
- DeleteAllUnmappedSubjectConditionSetsRequest
- Prune any Subject Condition Sets not utilized within a Subject Mapping
-
-
-
-
-
- DeleteAllUnmappedSubjectConditionSetsResponse
-
-
-
-
-
- | Field | Type | Label | Description |
-
-
-
-
- | subject_condition_sets |
- policy.SubjectConditionSet |
- repeated |
- Only IDs of any deleted Subject Condition Set provided |
-
-
-
-
-
-
-
-
-
- DeleteSubjectConditionSetRequest
+ DeleteResourceMappingGroupRequest
@@ -16303,7 +17138,7 @@ DeleteSubjectCon
- DeleteSubjectConditionSetResponse
+ DeleteResourceMappingGroupResponse
@@ -16314,10 +17149,10 @@ DeleteSubjectCo
- | subject_condition_set |
- policy.SubjectConditionSet |
+ resource_mapping_group |
+ policy.ResourceMappingGroup |
|
- Only ID of deleted Subject Condition Set provided |
+ |
@@ -16327,7 +17162,7 @@ DeleteSubjectCo
- DeleteSubjectMappingRequest
+ DeleteResourceMappingRequest
@@ -16351,7 +17186,7 @@ DeleteSubjectMappingR
- DeleteSubjectMappingResponse
+ DeleteResourceMappingResponse
@@ -16362,10 +17197,10 @@ DeleteSubjectMapping
- | subject_mapping |
- policy.SubjectMapping |
+ resource_mapping |
+ policy.ResourceMapping |
|
- Only ID of the updated Subject Mapping provided |
+ |
@@ -16375,7 +17210,7 @@ DeleteSubjectMapping
- GetSubjectConditionSetRequest
+ GetResourceMappingGroupRequest
@@ -16399,7 +17234,7 @@ GetSubjectCondition
- GetSubjectConditionSetResponse
+ GetResourceMappingGroupResponse
@@ -16410,19 +17245,12 @@ GetSubjectConditio
- | subject_condition_set |
- policy.SubjectConditionSet |
+ resource_mapping_group |
+ policy.ResourceMappingGroup |
|
|
-
- | associated_subject_mappings |
- policy.SubjectMapping |
- repeated |
- contextualized Subject Mappings associated with this SubjectConditionSet |
-
-
@@ -16430,7 +17258,7 @@ GetSubjectConditio
- GetSubjectMappingRequest
+ GetResourceMappingRequest
@@ -16454,7 +17282,7 @@ GetSubjectMappingRequest
- GetSubjectMappingResponse
+ GetResourceMappingResponse
@@ -16465,8 +17293,8 @@ GetSubjectMappingRespon
- | subject_mapping |
- policy.SubjectMapping |
+ resource_mapping |
+ policy.ResourceMapping |
|
|
@@ -16478,7 +17306,7 @@ GetSubjectMappingRespon
- ListSubjectConditionSetsRequest
+ ListResourceMappingGroupsRequest
@@ -16492,14 +17320,7 @@ ListSubjectCondit
| namespace_id |
string |
|
- |
-
-
-
- | namespace_fqn |
- string |
- |
- |
+ Optional |
@@ -16509,17 +17330,6 @@ ListSubjectCondit
Optional |
-
- | sort |
- SubjectConditionSetsSort |
- repeated |
- Optional - CONSTRAINT: max 1 item
-Sort defaults:
- - direction UNSPECIFIED defaults to DESC for the specified field
- - field UNSPECIFIED defaults to created_at with the specified direction
- - both UNSPECIFIED or sort omitted defaults to created_at DESC |
-
-
@@ -16527,7 +17337,7 @@ ListSubjectCondit
- ListSubjectConditionSetsResponse
+ ListResourceMappingGroupsResponse
@@ -16538,8 +17348,8 @@ ListSubjectCondi
- | subject_condition_sets |
- policy.SubjectConditionSet |
+ resource_mapping_groups |
+ policy.ResourceMappingGroup |
repeated |
|
@@ -16558,7 +17368,7 @@ ListSubjectCondi
- ListSubjectMappingsRequest
+ ListResourceMappingsByGroupFqnsRequest
@@ -16569,35 +17379,11 @@ ListSubjectMappingsReq
- | namespace_id |
- string |
- |
- |
-
-
-
- | namespace_fqn |
+ fqns |
string |
- |
- |
-
-
-
- | pagination |
- policy.PageRequest |
- |
- Optional |
-
-
-
- | sort |
- SubjectMappingsSort |
repeated |
- Optional - CONSTRAINT: max 1 item
-Sort defaults:
- - direction UNSPECIFIED defaults to DESC for the specified field
- - field UNSPECIFIED defaults to created_at with the specified direction
- - both UNSPECIFIED or sort omitted defaults to created_at DESC |
+ Required
+Structure of the RM Group FQN is 'https://<namespace>/resm/<group name>' |
@@ -16607,7 +17393,7 @@ ListSubjectMappingsReq
- ListSubjectMappingsResponse
+ ListResourceMappingsByGroupFqnsResponse
@@ -16618,19 +17404,12 @@
@@ -16638,8 +17417,8 @@ ListSubjectMappingsRe
- MatchSubjectMappingsRequest
- MatchSubjectMappingsRequest liberally returns a list of SubjectMappings based on the provided SubjectProperties. The SubjectMappings are returned if an external selector field matches.
+ ListResourceMappingsByGroupFqnsResponse.FqnResourceMappingGroupsEntry
+
@@ -16649,33 +17428,16 @@ MatchSubjectMappingsR
- | subject_properties |
- policy.SubjectProperty |
- repeated |
- |
-
-
-
-
-
-
-
-
-
- MatchSubjectMappingsResponse
-
-
-
-
-
- | Field | Type | Label | Description |
-
-
+ key |
+ string |
+ |
+ |
+
- | subject_mappings |
- policy.SubjectMapping |
- repeated |
+ value |
+ ResourceMappingsByGroup |
+ |
|
@@ -16686,7 +17448,7 @@ MatchSubjectMappings
- SubjectConditionSetCreate
+ ListResourceMappingsRequest
@@ -16697,18 +17459,17 @@ SubjectConditionSetCrea
- | subject_sets |
- policy.SubjectSet |
- repeated |
- Required |
+ group_id |
+ string |
+ |
+ Optional |
- | metadata |
- common.MetadataMutable |
+ pagination |
+ policy.PageRequest |
|
- Optional
-Common metadata |
+ Optional |
@@ -16718,7 +17479,7 @@ SubjectConditionSetCrea
- SubjectConditionSetsSort
+ ListResourceMappingsResponse
@@ -16729,15 +17490,15 @@ SubjectConditionSetsSort
- | field |
- SortSubjectConditionSetsType |
- |
+ resource_mappings |
+ policy.ResourceMapping |
+ repeated |
|
- | direction |
- policy.SortDirection |
+ pagination |
+ policy.PageResponse |
|
|
@@ -16749,7 +17510,7 @@ SubjectConditionSetsSort
- SubjectMappingsSort
+ ResourceMappingsByGroup
@@ -16760,16 +17521,16 @@ SubjectMappingsSort
- | field |
- SortSubjectMappingsType |
+ group |
+ policy.ResourceMappingGroup |
|
|
- | direction |
- policy.SortDirection |
- |
+ mappings |
+ policy.ResourceMapping |
+ repeated |
|
@@ -16780,7 +17541,7 @@ SubjectMappingsSort
- UpdateSubjectConditionSetRequest
+ UpdateResourceMappingGroupRequest
@@ -16798,11 +17559,17 @@ UpdateSubjectCon
- | subject_sets |
- policy.SubjectSet |
- repeated |
- Optional
-If provided, replaces entire existing structure of Subject Sets, Condition Groups, & Conditions |
+ namespace_id |
+ string |
+ |
+ Optional |
+
+
+
+ | name |
+ string |
+ |
+ Optional |
@@ -16826,7 +17593,7 @@ UpdateSubjectCon
- UpdateSubjectConditionSetResponse
+ UpdateResourceMappingGroupResponse
@@ -16837,10 +17604,10 @@ UpdateSubjectCo
- | subject_condition_set |
- policy.SubjectConditionSet |
+ resource_mapping_group |
+ policy.ResourceMappingGroup |
|
- Only ID of updated Subject Condition Set provided |
+ |
@@ -16850,7 +17617,7 @@ UpdateSubjectCo
- UpdateSubjectMappingRequest
+ UpdateResourceMappingRequest
@@ -16868,26 +17635,32 @@ UpdateSubjectMappingR
- | subject_condition_set_id |
+ attribute_value_id |
string |
|
- Optional
-Replaces the existing SubjectConditionSet id with a new one |
+ Optional |
- | actions |
- policy.Action |
+ terms |
+ string |
repeated |
- Optional
-Replaces entire list of actions permitted by subjects |
+ Optional |
+
+
+
+ | group_id |
+ string |
+ |
+ Optional |
| metadata |
common.MetadataMutable |
|
- Common metadata |
+ Optional
+Common Metadata |
@@ -16904,7 +17677,7 @@ UpdateSubjectMappingR
- UpdateSubjectMappingResponse
+ UpdateResourceMappingResponse
@@ -16915,10 +17688,10 @@ UpdateSubjectMapping
- | subject_mapping |
- policy.SubjectMapping |
+ resource_mapping |
+ policy.ResourceMapping |
|
- Only ID of the updated Subject Mapping provided |
+ |
@@ -16930,70 +17703,12 @@ UpdateSubjectMapping
- SortSubjectConditionSetsType
-
-
-
- | Name | Number | Description |
-
-
-
-
- | SORT_SUBJECT_CONDITION_SETS_TYPE_UNSPECIFIED |
- 0 |
- |
-
-
-
- | SORT_SUBJECT_CONDITION_SETS_TYPE_CREATED_AT |
- 1 |
- |
-
-
-
- | SORT_SUBJECT_CONDITION_SETS_TYPE_UPDATED_AT |
- 2 |
- |
-
-
-
-
-
- SortSubjectMappingsType
-
-
-
- | Name | Number | Description |
-
-
-
-
- | SORT_SUBJECT_MAPPINGS_TYPE_UNSPECIFIED |
- 0 |
- |
-
-
-
- | SORT_SUBJECT_MAPPINGS_TYPE_CREATED_AT |
- 1 |
- |
-
-
-
- | SORT_SUBJECT_MAPPINGS_TYPE_UPDATED_AT |
- 2 |
- |
-
-
-
-
-
- SubjectMappingService
-
+ ResourceMappingService
+ Resource Mapping Groups
| Method Name | Request Type | Response Type | Description |
@@ -17001,86 +17716,79 @@ SubjectMappingService
- | MatchSubjectMappings |
- MatchSubjectMappingsRequest |
- MatchSubjectMappingsResponse |
- Find matching Subject Mappings for a given Subject |
-
-
-
- | ListSubjectMappings |
- ListSubjectMappingsRequest |
- ListSubjectMappingsResponse |
+ ListResourceMappingGroups |
+ ListResourceMappingGroupsRequest |
+ ListResourceMappingGroupsResponse |
|
- | GetSubjectMapping |
- GetSubjectMappingRequest |
- GetSubjectMappingResponse |
+ GetResourceMappingGroup |
+ GetResourceMappingGroupRequest |
+ GetResourceMappingGroupResponse |
|
- | CreateSubjectMapping |
- CreateSubjectMappingRequest |
- CreateSubjectMappingResponse |
+ CreateResourceMappingGroup |
+ CreateResourceMappingGroupRequest |
+ CreateResourceMappingGroupResponse |
|
- | UpdateSubjectMapping |
- UpdateSubjectMappingRequest |
- UpdateSubjectMappingResponse |
+ UpdateResourceMappingGroup |
+ UpdateResourceMappingGroupRequest |
+ UpdateResourceMappingGroupResponse |
|
- | DeleteSubjectMapping |
- DeleteSubjectMappingRequest |
- DeleteSubjectMappingResponse |
+ DeleteResourceMappingGroup |
+ DeleteResourceMappingGroupRequest |
+ DeleteResourceMappingGroupResponse |
|
- | ListSubjectConditionSets |
- ListSubjectConditionSetsRequest |
- ListSubjectConditionSetsResponse |
+ ListResourceMappings |
+ ListResourceMappingsRequest |
+ ListResourceMappingsResponse |
|
- | GetSubjectConditionSet |
- GetSubjectConditionSetRequest |
- GetSubjectConditionSetResponse |
+ ListResourceMappingsByGroupFqns |
+ ListResourceMappingsByGroupFqnsRequest |
+ ListResourceMappingsByGroupFqnsResponse |
|
- | CreateSubjectConditionSet |
- CreateSubjectConditionSetRequest |
- CreateSubjectConditionSetResponse |
+ GetResourceMapping |
+ GetResourceMappingRequest |
+ GetResourceMappingResponse |
|
- | UpdateSubjectConditionSet |
- UpdateSubjectConditionSetRequest |
- UpdateSubjectConditionSetResponse |
+ CreateResourceMapping |
+ CreateResourceMappingRequest |
+ CreateResourceMappingResponse |
|
- | DeleteSubjectConditionSet |
- DeleteSubjectConditionSetRequest |
- DeleteSubjectConditionSetResponse |
+ UpdateResourceMapping |
+ UpdateResourceMappingRequest |
+ UpdateResourceMappingResponse |
|
- | DeleteAllUnmappedSubjectConditionSets |
- DeleteAllUnmappedSubjectConditionSetsRequest |
- DeleteAllUnmappedSubjectConditionSetsResponse |
+ DeleteResourceMapping |
+ DeleteResourceMappingRequest |
+ DeleteResourceMappingResponse |
|
@@ -17101,22 +17809,27 @@ Methods with idempotency_level option
- | ListSubjectMappings |
+ ListResourceMappingGroups |
NO_SIDE_EFFECTS |
- | GetSubjectMapping |
+ GetResourceMappingGroup |
NO_SIDE_EFFECTS |
- | ListSubjectConditionSets |
+ ListResourceMappings |
NO_SIDE_EFFECTS |
- | GetSubjectConditionSet |
+ ListResourceMappingsByGroupFqns |
+ NO_SIDE_EFFECTS |
+
+
+
+ | GetResourceMapping |
NO_SIDE_EFFECTS |
diff --git a/docs/openapi/authorization/authorization.openapi.yaml b/docs/openapi/authorization/authorization.openapi.yaml
index 1f3648bae8..bc3a5104e6 100644
--- a/docs/openapi/authorization/authorization.openapi.yaml
+++ b/docs/openapi/authorization/authorization.openapi.yaml
@@ -133,6 +133,7 @@ components:
Example Request Get Decisions to answer the question - Do Bob (represented by entity chain ec1)
and Alice (represented by entity chain ec2) have TRANSMIT authorization for
2 resources; resource1 (attr-set-1) defined by attributes foo:bar resource2 (attr-set-2) defined by attribute foo:bar, color:red ?
+
{
"actions": [
{
@@ -204,11 +205,13 @@ components:
Example response for a Decision Request - Do Bob (represented by entity chain ec1)
and Alice (represented by entity chain ec2) have TRANSMIT authorization for
2 resources; resource1 (attr-set-1) defined by attributes foo:bar resource2 (attr-set-2) defined by attribute foo:bar, color:red ?
+
Results:
- bob has permitted authorization to transmit for a resource defined by attr-set-1 attributes and has a watermark obligation
- bob has denied authorization to transmit a for a resource defined by attr-set-2 attributes
- alice has permitted authorization to transmit for a resource defined by attr-set-1 attributes
- alice has denied authorization to transmit a for a resource defined by attr-set-2 attributes
+
{
"entityChainId": "ec1",
"resourceAttributesId": "attr-set-1",
@@ -420,7 +423,9 @@ components:
additionalProperties: false
description: |-
Request to get entitlements for one or more entities for an optional attribute scope
+
Example: Get entitlements for bob and alice (both represented using an email address
+
{
"entities": [
{
@@ -451,6 +456,7 @@ components:
additionalProperties: false
description: |-
Example Response for a request of : Get entitlements for bob and alice (both represented using an email address
+
{
"entitlements": [
{
@@ -522,6 +528,7 @@ components:
Example Request Get Decisions by Token to answer the question - Do Bob and client1 (represented by token tok1)
and Alice and client2 (represented by token tok2) have TRANSMIT authorization for
2 resources; resource1 (attr-set-1) defined by attributes foo:bar resource2 (attr-set-2) defined by attribute foo:bar, color:red ?
+
{
"actions": [
{
diff --git a/docs/openapi/policy/dynamicvaluemapping/dynamic_value_mapping.openapi.yaml b/docs/openapi/policy/dynamicvaluemapping/dynamic_value_mapping.openapi.yaml
new file mode 100644
index 0000000000..0c19ff5295
--- /dev/null
+++ b/docs/openapi/policy/dynamicvaluemapping/dynamic_value_mapping.openapi.yaml
@@ -0,0 +1,1454 @@
+openapi: 3.1.0
+info:
+ title: policy.dynamicvaluemapping
+paths:
+ /policy.dynamicvaluemapping.DynamicValueMappingService/CreateDynamicValueMapping:
+ post:
+ tags:
+ - policy.dynamicvaluemapping.DynamicValueMappingService
+ summary: CreateDynamicValueMapping
+ operationId: policy.dynamicvaluemapping.DynamicValueMappingService.CreateDynamicValueMapping
+ parameters:
+ - name: Connect-Protocol-Version
+ in: header
+ required: true
+ schema:
+ $ref: '#/components/schemas/connect-protocol-version'
+ - name: Connect-Timeout-Ms
+ in: header
+ schema:
+ $ref: '#/components/schemas/connect-timeout-header'
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/policy.dynamicvaluemapping.CreateDynamicValueMappingRequest'
+ required: true
+ responses:
+ default:
+ description: Error
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/connect.error'
+ "200":
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/policy.dynamicvaluemapping.CreateDynamicValueMappingResponse'
+ /policy.dynamicvaluemapping.DynamicValueMappingService/DeleteDynamicValueMapping:
+ post:
+ tags:
+ - policy.dynamicvaluemapping.DynamicValueMappingService
+ summary: DeleteDynamicValueMapping
+ operationId: policy.dynamicvaluemapping.DynamicValueMappingService.DeleteDynamicValueMapping
+ parameters:
+ - name: Connect-Protocol-Version
+ in: header
+ required: true
+ schema:
+ $ref: '#/components/schemas/connect-protocol-version'
+ - name: Connect-Timeout-Ms
+ in: header
+ schema:
+ $ref: '#/components/schemas/connect-timeout-header'
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/policy.dynamicvaluemapping.DeleteDynamicValueMappingRequest'
+ required: true
+ responses:
+ default:
+ description: Error
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/connect.error'
+ "200":
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/policy.dynamicvaluemapping.DeleteDynamicValueMappingResponse'
+ /policy.dynamicvaluemapping.DynamicValueMappingService/GetDynamicValueMapping:
+ post:
+ tags:
+ - policy.dynamicvaluemapping.DynamicValueMappingService
+ summary: GetDynamicValueMapping
+ operationId: policy.dynamicvaluemapping.DynamicValueMappingService.GetDynamicValueMapping
+ parameters:
+ - name: Connect-Protocol-Version
+ in: header
+ required: true
+ schema:
+ $ref: '#/components/schemas/connect-protocol-version'
+ - name: Connect-Timeout-Ms
+ in: header
+ schema:
+ $ref: '#/components/schemas/connect-timeout-header'
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/policy.dynamicvaluemapping.GetDynamicValueMappingRequest'
+ required: true
+ responses:
+ default:
+ description: Error
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/connect.error'
+ "200":
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/policy.dynamicvaluemapping.GetDynamicValueMappingResponse'
+ /policy.dynamicvaluemapping.DynamicValueMappingService/ListDynamicValueMappings:
+ post:
+ tags:
+ - policy.dynamicvaluemapping.DynamicValueMappingService
+ summary: ListDynamicValueMappings
+ operationId: policy.dynamicvaluemapping.DynamicValueMappingService.ListDynamicValueMappings
+ parameters:
+ - name: Connect-Protocol-Version
+ in: header
+ required: true
+ schema:
+ $ref: '#/components/schemas/connect-protocol-version'
+ - name: Connect-Timeout-Ms
+ in: header
+ schema:
+ $ref: '#/components/schemas/connect-timeout-header'
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/policy.dynamicvaluemapping.ListDynamicValueMappingsRequest'
+ required: true
+ responses:
+ default:
+ description: Error
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/connect.error'
+ "200":
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/policy.dynamicvaluemapping.ListDynamicValueMappingsResponse'
+ /policy.dynamicvaluemapping.DynamicValueMappingService/UpdateDynamicValueMapping:
+ post:
+ tags:
+ - policy.dynamicvaluemapping.DynamicValueMappingService
+ summary: UpdateDynamicValueMapping
+ operationId: policy.dynamicvaluemapping.DynamicValueMappingService.UpdateDynamicValueMapping
+ parameters:
+ - name: Connect-Protocol-Version
+ in: header
+ required: true
+ schema:
+ $ref: '#/components/schemas/connect-protocol-version'
+ - name: Connect-Timeout-Ms
+ in: header
+ schema:
+ $ref: '#/components/schemas/connect-timeout-header'
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/policy.dynamicvaluemapping.UpdateDynamicValueMappingRequest'
+ required: true
+ responses:
+ default:
+ description: Error
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/connect.error'
+ "200":
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/policy.dynamicvaluemapping.UpdateDynamicValueMappingResponse'
+components:
+ schemas:
+ common.Metadata:
+ type: object
+ properties:
+ createdAt:
+ title: created_at
+ description: created_at set by server (entity who created will recorded in an audit event)
+ $ref: '#/components/schemas/google.protobuf.Timestamp'
+ updatedAt:
+ title: updated_at
+ description: updated_at set by server (entity who updated will recorded in an audit event)
+ $ref: '#/components/schemas/google.protobuf.Timestamp'
+ labels:
+ type: object
+ title: labels
+ additionalProperties:
+ type: string
+ title: value
+ description: optional short description
+ title: Metadata
+ additionalProperties: false
+ description: Struct to uniquely identify a resource with optional additional metadata
+ common.Metadata.LabelsEntry:
+ type: object
+ properties:
+ key:
+ type: string
+ title: key
+ value:
+ type: string
+ title: value
+ title: LabelsEntry
+ additionalProperties: false
+ common.MetadataMutable:
+ type: object
+ properties:
+ labels:
+ type: object
+ title: labels
+ additionalProperties:
+ type: string
+ title: value
+ description: optional labels
+ title: MetadataMutable
+ additionalProperties: false
+ common.MetadataMutable.LabelsEntry:
+ type: object
+ properties:
+ key:
+ type: string
+ title: key
+ value:
+ type: string
+ title: value
+ title: LabelsEntry
+ additionalProperties: false
+ common.MetadataUpdateEnum:
+ type: string
+ title: MetadataUpdateEnum
+ enum:
+ - METADATA_UPDATE_ENUM_UNSPECIFIED
+ - METADATA_UPDATE_ENUM_EXTEND
+ - METADATA_UPDATE_ENUM_REPLACE
+ connect-protocol-version:
+ type: number
+ title: Connect-Protocol-Version
+ enum:
+ - 1
+ description: Define the version of the Connect protocol
+ const: 1
+ connect-timeout-header:
+ type: number
+ title: Connect-Timeout-Ms
+ description: Define the timeout, in ms
+ connect.error:
+ type: object
+ properties:
+ code:
+ type: string
+ examples:
+ - not_found
+ enum:
+ - canceled
+ - unknown
+ - invalid_argument
+ - deadline_exceeded
+ - not_found
+ - already_exists
+ - permission_denied
+ - resource_exhausted
+ - failed_precondition
+ - aborted
+ - out_of_range
+ - unimplemented
+ - internal
+ - unavailable
+ - data_loss
+ - unauthenticated
+ description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
+ message:
+ type: string
+ description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
+ details:
+ type: array
+ items:
+ $ref: '#/components/schemas/connect.error_details.Any'
+ description: A list of messages that carry the error details. There is no limit on the number of messages.
+ title: Connect Error
+ additionalProperties: true
+ description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation'
+ connect.error_details.Any:
+ type: object
+ properties:
+ type:
+ type: string
+ description: 'A URL that acts as a globally unique identifier for the type of the serialized message. For example: `type.googleapis.com/google.rpc.ErrorInfo`. This is used to determine the schema of the data in the `value` field and is the discriminator for the `debug` field.'
+ value:
+ type: string
+ format: binary
+ description: The Protobuf message, serialized as bytes and base64-encoded. The specific message type is identified by the `type` field.
+ debug:
+ oneOf:
+ - type: object
+ title: Any
+ additionalProperties: true
+ description: Detailed error information.
+ discriminator:
+ propertyName: type
+ title: Debug
+ description: Deserialized error detail payload. The 'type' field indicates the schema. This field is for easier debugging and should not be relied upon for application logic.
+ additionalProperties: true
+ description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message, with an additional debug field for ConnectRPC error details.
+ google.protobuf.BoolValue:
+ type: boolean
+ description: |-
+ Wrapper message for `bool`.
+
+ The JSON representation for `BoolValue` is JSON `true` and `false`.
+
+ Not recommended for use in new APIs, but still useful for legacy APIs and
+ has no plan to be removed.
+ google.protobuf.Timestamp:
+ type: string
+ examples:
+ - "2023-01-15T01:30:15.01Z"
+ - "2024-12-25T12:00:00Z"
+ format: date-time
+ description: |-
+ A Timestamp represents a point in time independent of any time zone or local
+ calendar, encoded as a count of seconds and fractions of seconds at
+ nanosecond resolution. The count is relative to an epoch at UTC midnight on
+ January 1, 1970, in the proleptic Gregorian calendar which extends the
+ Gregorian calendar backwards to year one.
+
+ All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap
+ second table is needed for interpretation, using a [24-hour linear
+ smear](https://developers.google.com/time/smear).
+
+ The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By
+ restricting to that range, we ensure that we can convert to and from [RFC
+ 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings.
+
+ # Examples
+
+ Example 1: Compute Timestamp from POSIX `time()`.
+
+ Timestamp timestamp;
+ timestamp.set_seconds(time(NULL));
+ timestamp.set_nanos(0);
+
+ Example 2: Compute Timestamp from POSIX `gettimeofday()`.
+
+ struct timeval tv;
+ gettimeofday(&tv, NULL);
+
+ Timestamp timestamp;
+ timestamp.set_seconds(tv.tv_sec);
+ timestamp.set_nanos(tv.tv_usec * 1000);
+
+ Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`.
+
+ FILETIME ft;
+ GetSystemTimeAsFileTime(&ft);
+ UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime;
+
+ // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z
+ // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z.
+ Timestamp timestamp;
+ timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL));
+ timestamp.set_nanos((INT32) ((ticks % 10000000) * 100));
+
+ Example 4: Compute Timestamp from Java `System.currentTimeMillis()`.
+
+ long millis = System.currentTimeMillis();
+
+ Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000)
+ .setNanos((int) ((millis % 1000) * 1000000)).build();
+
+ Example 5: Compute Timestamp from Java `Instant.now()`.
+
+ Instant now = Instant.now();
+
+ Timestamp timestamp =
+ Timestamp.newBuilder().setSeconds(now.getEpochSecond())
+ .setNanos(now.getNano()).build();
+
+ Example 6: Compute Timestamp from current time in Python.
+
+ timestamp = Timestamp()
+ timestamp.GetCurrentTime()
+
+ # JSON Mapping
+
+ In JSON format, the Timestamp type is encoded as a string in the
+ [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the
+ format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z"
+ where {year} is always expressed using four digits while {month}, {day},
+ {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional
+ seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution),
+ are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone
+ is required. A proto3 JSON serializer should always use UTC (as indicated by
+ "Z") when printing the Timestamp type and a proto3 JSON parser should be
+ able to accept both UTC and other timezones (as indicated by an offset).
+
+ For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past
+ 01:30 UTC on January 15, 2017.
+
+ In JavaScript, one can convert a Date object to this format using the
+ standard
+ [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString)
+ method. In Python, a standard `datetime.datetime` object can be converted
+ to this format using
+ [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with
+ the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use
+ the Joda Time's [`ISODateTimeFormat.dateTime()`](
+ http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime()
+ ) to obtain a formatter capable of generating timestamps in this format.
+ policy.Action:
+ type: object
+ allOf:
+ - properties:
+ id:
+ type: string
+ title: id
+ description: Generated uuid in database
+ name:
+ type: string
+ title: name
+ namespace:
+ title: namespace
+ description: Namespace context for this action
+ $ref: '#/components/schemas/policy.Namespace'
+ metadata:
+ title: metadata
+ $ref: '#/components/schemas/common.Metadata'
+ - oneOf:
+ - type: object
+ properties:
+ custom:
+ type: string
+ title: custom
+ description: Deprecated
+ title: custom
+ required:
+ - custom
+ - type: object
+ properties:
+ standard:
+ title: standard
+ description: Deprecated
+ $ref: '#/components/schemas/policy.Action.StandardAction'
+ title: standard
+ required:
+ - standard
+ title: Action
+ additionalProperties: false
+ description: An action an entity can take
+ policy.Action.StandardAction:
+ type: string
+ title: StandardAction
+ enum:
+ - STANDARD_ACTION_UNSPECIFIED
+ - STANDARD_ACTION_DECRYPT
+ - STANDARD_ACTION_TRANSMIT
+ policy.Algorithm:
+ type: string
+ title: Algorithm
+ enum:
+ - ALGORITHM_UNSPECIFIED
+ - ALGORITHM_RSA_2048
+ - ALGORITHM_RSA_4096
+ - ALGORITHM_EC_P256
+ - ALGORITHM_EC_P384
+ - ALGORITHM_EC_P521
+ - ALGORITHM_HPQT_XWING
+ - ALGORITHM_HPQT_SECP256R1_MLKEM768
+ - ALGORITHM_HPQT_SECP384R1_MLKEM1024
+ description: Supported key algorithms.
+ policy.Attribute:
+ type: object
+ properties:
+ id:
+ type: string
+ title: id
+ namespace:
+ title: namespace
+ description: namespace of the attribute
+ $ref: '#/components/schemas/policy.Namespace'
+ name:
+ type: string
+ title: name
+ description: attribute name
+ rule:
+ title: rule
+ description: attribute rule enum
+ $ref: '#/components/schemas/policy.AttributeRuleTypeEnum'
+ values:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.Value'
+ title: values
+ grants:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.KeyAccessServer'
+ title: grants
+ description: Deprecated KAS grants for the attribute. Use kas_keys instead.
+ fqn:
+ type: string
+ title: fqn
+ active:
+ title: active
+ description: active by default until explicitly deactivated
+ $ref: '#/components/schemas/google.protobuf.BoolValue'
+ kasKeys:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.SimpleKasKey'
+ title: kas_keys
+ description: Keys associated with the attribute
+ allowTraversal:
+ title: allow_traversal
+ description: |-
+ Whether or not we will use the attribute definition during encryption
+ if the attribute value is missing.
+ $ref: '#/components/schemas/google.protobuf.BoolValue'
+ metadata:
+ title: metadata
+ description: Common metadata
+ $ref: '#/components/schemas/common.Metadata'
+ title: Attribute
+ required:
+ - rule
+ additionalProperties: false
+ policy.AttributeRuleTypeEnum:
+ type: string
+ title: AttributeRuleTypeEnum
+ enum:
+ - ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED
+ - ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF
+ - ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF
+ - ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY
+ policy.Condition:
+ type: object
+ properties:
+ subjectExternalSelectorValue:
+ type: string
+ title: subject_external_selector_value
+ description: |-
+ a selector for a field value on a flattened Entity Representation (such as
+ from idP/LDAP)
+ operator:
+ title: operator
+ description: the evaluation operator of relation
+ $ref: '#/components/schemas/policy.SubjectMappingOperatorEnum'
+ subjectExternalValues:
+ type: array
+ items:
+ type: string
+ title: subject_external_values
+ minItems: 1
+ description: |-
+ list of comparison values for the result of applying the
+ subject_external_selector_value on a flattened Entity Representation
+ (Subject), evaluated by the operator
+ title: Condition
+ required:
+ - subjectExternalSelectorValue
+ - operator
+ additionalProperties: false
+ description: |-
+ *
+ A Condition defines a rule of
+ policy.ConditionBooleanTypeEnum:
+ type: string
+ title: ConditionBooleanTypeEnum
+ enum:
+ - CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED
+ - CONDITION_BOOLEAN_TYPE_ENUM_AND
+ - CONDITION_BOOLEAN_TYPE_ENUM_OR
+ policy.ConditionGroup:
+ type: object
+ properties:
+ conditions:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.Condition'
+ title: conditions
+ minItems: 1
+ booleanOperator:
+ title: boolean_operator
+ description: the boolean evaluation type across the conditions
+ $ref: '#/components/schemas/policy.ConditionBooleanTypeEnum'
+ title: ConditionGroup
+ required:
+ - booleanOperator
+ additionalProperties: false
+ description: A collection of Conditions evaluated by the boolean_operator provided
+ policy.DynamicValueMapping:
+ type: object
+ properties:
+ id:
+ type: string
+ title: id
+ attributeDefinition:
+ title: attribute_definition
+ description: the Attribute Definition whose values are entitled dynamically
+ $ref: '#/components/schemas/policy.Attribute'
+ valueResolver:
+ title: value_resolver
+ description: the dynamic resolver matched against the requested resource value segment
+ $ref: '#/components/schemas/policy.DynamicValueResolver'
+ subjectConditionSet:
+ title: subject_condition_set
+ description: |-
+ optional static pre-gate on the entity, evaluated with normal SubjectConditionSet
+ semantics (no dynamic overload). When present, both the gate and the resolver must
+ pass for entitlement.
+ $ref: '#/components/schemas/policy.SubjectConditionSet'
+ actions:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.Action'
+ title: actions
+ description: the actions permitted by subjects in this mapping
+ namespace:
+ title: namespace
+ description: the namespace containing this mapping
+ $ref: '#/components/schemas/policy.Namespace'
+ metadata:
+ title: metadata
+ $ref: '#/components/schemas/common.Metadata'
+ title: DynamicValueMapping
+ additionalProperties: false
+ description: |-
+ Dynamic Value Mapping: a Policy assigning permitted action(s) to
+ dynamically-requested values under an Attribute Definition. It raises entitlement
+ authority from a concrete Attribute Value to the Attribute Definition: at decision time
+ the value_resolver compares the requested resource value segment against the entity
+ representation, avoiding pre-provisioning a value + subject mapping per discrete value.
+ policy.DynamicValueOperatorEnum:
+ type: string
+ title: DynamicValueOperatorEnum
+ enum:
+ - DYNAMIC_VALUE_OPERATOR_ENUM_UNSPECIFIED
+ - DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN
+ - DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN_CONTAINS
+ description: |-
+ Operators for dynamic, definition-level value entitlement. Unlike
+ SubjectMappingOperatorEnum, whose right-hand operand is a static list authored into
+ policy, a DynamicValueOperatorEnum's right-hand operand is the requested resource's
+ attribute value segment, supplied at decision time. Each value is the inversion of its
+ static SubjectMappingOperatorEnum counterpart.
+ policy.DynamicValueResolver:
+ type: object
+ properties:
+ subjectExternalSelectorValue:
+ type: string
+ title: subject_external_selector_value
+ description: |-
+ a selector for a field value on a flattened Entity Representation (such as from
+ idP/LDAP), e.g. ".patientAssignments[]"
+ operator:
+ title: operator
+ description: the dynamic operator comparing the selector result to the resource value segment
+ $ref: '#/components/schemas/policy.DynamicValueOperatorEnum'
+ title: DynamicValueResolver
+ required:
+ - subjectExternalSelectorValue
+ - operator
+ additionalProperties: false
+ description: |-
+ Definition Value Resolver: the dynamic half of a DynamicValueMapping. It
+ resolves a selector against the entity representation and compares the result to the
+ requested resource value segment using a DynamicValueOperatorEnum.
+ policy.KasPublicKey:
+ type: object
+ properties:
+ pem:
+ type: string
+ title: pem
+ maxLength: 8192
+ minLength: 1
+ description: x509 ASN.1 content in PEM envelope, usually
+ kid:
+ type: string
+ title: kid
+ maxLength: 32
+ minLength: 1
+ description: A unique string identifier for this key
+ alg:
+ not:
+ enum:
+ - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED
+ title: alg
+ description: |-
+ A known algorithm type with any additional parameters encoded.
+ To start, these may be `rsa:2048` for RSA-based wrapping and
+ `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.
+ $ref: '#/components/schemas/policy.KasPublicKeyAlgEnum'
+ title: KasPublicKey
+ additionalProperties: false
+ description: |-
+ Deprecated
+ A KAS public key and some associated metadata for further identifcation
+ policy.KasPublicKeyAlgEnum:
+ type: string
+ title: KasPublicKeyAlgEnum
+ enum:
+ - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED
+ - KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048
+ - KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096
+ - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1
+ - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1
+ - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1
+ - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING
+ - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP256R1_MLKEM768
+ - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP384R1_MLKEM1024
+ policy.KasPublicKeySet:
+ type: object
+ properties:
+ keys:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.KasPublicKey'
+ title: keys
+ title: KasPublicKeySet
+ additionalProperties: false
+ description: |-
+ Deprecated
+ A list of known KAS public keys
+ policy.KeyAccessServer:
+ type: object
+ properties:
+ id:
+ type: string
+ title: id
+ uri:
+ type: string
+ title: uri
+ description: |
+ Address of a KAS instance
+ uri_format // URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.
+ publicKey:
+ title: public_key
+ description: 'Deprecated: KAS can have multiple key pairs'
+ $ref: '#/components/schemas/policy.PublicKey'
+ sourceType:
+ title: source_type
+ description: 'The source of the KAS: (INTERNAL, EXTERNAL)'
+ $ref: '#/components/schemas/policy.SourceType'
+ kasKeys:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.SimpleKasKey'
+ title: kas_keys
+ description: Kas keys associated with this KAS
+ name:
+ type: string
+ title: name
+ description: |-
+ Optional
+ Unique name of the KAS instance
+ metadata:
+ title: metadata
+ description: Common metadata
+ $ref: '#/components/schemas/common.Metadata'
+ title: KeyAccessServer
+ additionalProperties: false
+ description: Key Access Server Registry
+ policy.Namespace:
+ type: object
+ properties:
+ id:
+ type: string
+ title: id
+ description: generated uuid in database
+ name:
+ type: string
+ title: name
+ description: |-
+ used to partition Attribute Definitions, support by namespace AuthN and
+ enable federation
+ fqn:
+ type: string
+ title: fqn
+ active:
+ title: active
+ description: active by default until explicitly deactivated
+ $ref: '#/components/schemas/google.protobuf.BoolValue'
+ metadata:
+ title: metadata
+ $ref: '#/components/schemas/common.Metadata'
+ grants:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.KeyAccessServer'
+ title: grants
+ description: Deprecated KAS grants for the namespace. Use kas_keys instead.
+ kasKeys:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.SimpleKasKey'
+ title: kas_keys
+ description: Keys for the namespace
+ title: Namespace
+ additionalProperties: false
+ policy.Obligation:
+ type: object
+ properties:
+ id:
+ type: string
+ title: id
+ namespace:
+ title: namespace
+ $ref: '#/components/schemas/policy.Namespace'
+ name:
+ type: string
+ title: name
+ values:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.ObligationValue'
+ title: values
+ fqn:
+ type: string
+ title: fqn
+ metadata:
+ title: metadata
+ $ref: '#/components/schemas/common.Metadata'
+ title: Obligation
+ additionalProperties: false
+ policy.ObligationTrigger:
+ type: object
+ properties:
+ id:
+ type: string
+ title: id
+ obligationValue:
+ title: obligation_value
+ $ref: '#/components/schemas/policy.ObligationValue'
+ action:
+ title: action
+ $ref: '#/components/schemas/policy.Action'
+ attributeValue:
+ title: attribute_value
+ $ref: '#/components/schemas/policy.Value'
+ context:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.RequestContext'
+ title: context
+ namespace:
+ title: namespace
+ description: The source namespace for this trigger, derived from the attribute value and action.
+ $ref: '#/components/schemas/policy.Namespace'
+ metadata:
+ title: metadata
+ $ref: '#/components/schemas/common.Metadata'
+ title: ObligationTrigger
+ additionalProperties: false
+ policy.ObligationValue:
+ type: object
+ properties:
+ id:
+ type: string
+ title: id
+ obligation:
+ title: obligation
+ $ref: '#/components/schemas/policy.Obligation'
+ value:
+ type: string
+ title: value
+ triggers:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.ObligationTrigger'
+ title: triggers
+ fqn:
+ type: string
+ title: fqn
+ metadata:
+ title: metadata
+ $ref: '#/components/schemas/common.Metadata'
+ title: ObligationValue
+ additionalProperties: false
+ policy.PageRequest:
+ type: object
+ properties:
+ limit:
+ type: integer
+ title: limit
+ format: int32
+ description: |-
+ Optional
+ Set to configured default limit if not provided
+ Maximum limit set in platform config and enforced by services
+ offset:
+ type: integer
+ title: offset
+ format: int32
+ description: |-
+ Optional
+ Defaulted if not provided
+ title: PageRequest
+ additionalProperties: false
+ policy.PageResponse:
+ type: object
+ properties:
+ currentOffset:
+ type: integer
+ title: current_offset
+ format: int32
+ description: Requested pagination offset
+ nextOffset:
+ type: integer
+ title: next_offset
+ format: int32
+ description: |-
+ Calculated with request limit + offset or defaults
+ Empty when none remain after current page
+ total:
+ type: integer
+ title: total
+ format: int32
+ description: Total count of entire list
+ title: PageResponse
+ additionalProperties: false
+ policy.PolicyEnforcementPoint:
+ type: object
+ properties:
+ clientId:
+ type: string
+ title: client_id
+ minLength: 1
+ title: PolicyEnforcementPoint
+ additionalProperties: false
+ policy.PublicKey:
+ type: object
+ oneOf:
+ - type: object
+ properties:
+ cached:
+ title: cached
+ description: public key with additional information. Current preferred version
+ $ref: '#/components/schemas/policy.KasPublicKeySet'
+ title: cached
+ required:
+ - cached
+ - type: object
+ properties:
+ remote:
+ type: string
+ title: remote
+ description: |
+ kas public key url - optional since can also be retrieved via public key
+ uri_format // URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.
+ title: remote
+ required:
+ - remote
+ title: PublicKey
+ additionalProperties: false
+ description: Deprecated
+ policy.RequestContext:
+ type: object
+ properties:
+ pep:
+ title: pep
+ $ref: '#/components/schemas/policy.PolicyEnforcementPoint'
+ title: RequestContext
+ required:
+ - pep
+ additionalProperties: false
+ description: Holds the context needed for obligation fulfillment
+ policy.ResourceMapping:
+ type: object
+ properties:
+ id:
+ type: string
+ title: id
+ metadata:
+ title: metadata
+ $ref: '#/components/schemas/common.Metadata'
+ attributeValue:
+ title: attribute_value
+ $ref: '#/components/schemas/policy.Value'
+ terms:
+ type: array
+ items:
+ type: string
+ title: terms
+ group:
+ title: group
+ $ref: '#/components/schemas/policy.ResourceMappingGroup'
+ title: ResourceMapping
+ required:
+ - attributeValue
+ additionalProperties: false
+ description: |-
+ Resource Mappings (aka Access Control Resource Encodings aka ACRE) are
+ structures supporting the mapping of Resources and Attribute Values
+ policy.ResourceMappingGroup:
+ type: object
+ properties:
+ id:
+ type: string
+ title: id
+ namespaceId:
+ type: string
+ title: namespace_id
+ description: the namespace containing the group of resource mappings
+ name:
+ type: string
+ title: name
+ description: |-
+ the common name for the group of resource mappings, which must be unique
+ per namespace
+ fqn:
+ type: string
+ title: fqn
+ description: the fully qualified name of the resource mapping group
+ metadata:
+ title: metadata
+ description: Common metadata
+ $ref: '#/components/schemas/common.Metadata'
+ title: ResourceMappingGroup
+ required:
+ - namespaceId
+ - name
+ additionalProperties: false
+ description: |-
+ Resource Mapping Groups are namespaced collections of Resource Mappings
+ associated under a common group name.
+ policy.SimpleKasKey:
+ type: object
+ properties:
+ kasUri:
+ type: string
+ title: kas_uri
+ description: The URL of the Key Access Server
+ publicKey:
+ title: public_key
+ description: The public key of the Key that belongs to the KAS
+ $ref: '#/components/schemas/policy.SimpleKasPublicKey'
+ kasId:
+ type: string
+ title: kas_id
+ description: The ID of the Key Access Server
+ title: SimpleKasKey
+ additionalProperties: false
+ policy.SimpleKasPublicKey:
+ type: object
+ properties:
+ algorithm:
+ title: algorithm
+ $ref: '#/components/schemas/policy.Algorithm'
+ kid:
+ type: string
+ title: kid
+ pem:
+ type: string
+ title: pem
+ title: SimpleKasPublicKey
+ additionalProperties: false
+ policy.SortDirection:
+ type: string
+ title: SortDirection
+ enum:
+ - SORT_DIRECTION_UNSPECIFIED
+ - SORT_DIRECTION_ASC
+ - SORT_DIRECTION_DESC
+ description: |-
+ Sorting direction shared across list APIs.
+ When the 'sort' field is omitted or the chosen sort 'field' is UNSPECIFIED,
+ the endpoint's request message defines the default ordering; see the
+ specific List* request docs.
+ policy.SourceType:
+ type: string
+ title: SourceType
+ enum:
+ - SOURCE_TYPE_UNSPECIFIED
+ - SOURCE_TYPE_INTERNAL
+ - SOURCE_TYPE_EXTERNAL
+ description: |-
+ Describes whether this kas is managed by the organization or if they imported
+ the kas information from an external party. These two modes are necessary in order
+ to encrypt a tdf dek with an external parties kas public key.
+ policy.SubjectConditionSet:
+ type: object
+ properties:
+ id:
+ type: string
+ title: id
+ namespace:
+ title: namespace
+ description: |-
+ the namespace containing this subject condition set
+ possible this is empty in the case a subject condition set
+ has not been migrated to a namespace.
+ $ref: '#/components/schemas/policy.Namespace'
+ subjectSets:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.SubjectSet'
+ title: subject_sets
+ minItems: 1
+ metadata:
+ title: metadata
+ $ref: '#/components/schemas/common.Metadata'
+ title: SubjectConditionSet
+ additionalProperties: false
+ description: |-
+ A container for multiple Subject Sets, each containing Condition Groups, each
+ containing Conditions. Multiple Subject Sets in a SubjectConditionSet are
+ evaluated with AND logic. As each Subject Mapping has only one Attribute
+ Value, the SubjectConditionSet is reusable across multiple Subject Mappings /
+ Attribute Values and is an independent unit.
+ policy.SubjectMapping:
+ type: object
+ properties:
+ id:
+ type: string
+ title: id
+ attributeValue:
+ title: attribute_value
+ description: 'the Attribute Value mapped to; aka: "The Entity Entitlement Attribute"'
+ $ref: '#/components/schemas/policy.Value'
+ subjectConditionSet:
+ title: subject_condition_set
+ description: the reusable SubjectConditionSet mapped to the given Attribute Value
+ $ref: '#/components/schemas/policy.SubjectConditionSet'
+ actions:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.Action'
+ title: actions
+ description: The actions permitted by subjects in this mapping
+ namespace:
+ title: namespace
+ description: |-
+ the namespace containing this subject mapping
+ possible this is empty. If so that means
+ the Subject Mapping has not been migrated to a namespace.
+ $ref: '#/components/schemas/policy.Namespace'
+ metadata:
+ title: metadata
+ $ref: '#/components/schemas/common.Metadata'
+ title: SubjectMapping
+ additionalProperties: false
+ description: |-
+ Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute
+ value + action(s) combination
+ policy.SubjectMappingOperatorEnum:
+ type: string
+ title: SubjectMappingOperatorEnum
+ enum:
+ - SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED
+ - SUBJECT_MAPPING_OPERATOR_ENUM_IN
+ - SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN
+ - SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS
+ policy.SubjectSet:
+ type: object
+ properties:
+ conditionGroups:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.ConditionGroup'
+ title: condition_groups
+ minItems: 1
+ description: multiple Condition Groups are evaluated with AND logic
+ title: SubjectSet
+ additionalProperties: false
+ description: A collection of Condition Groups
+ policy.Value:
+ type: object
+ properties:
+ id:
+ type: string
+ title: id
+ description: generated uuid in database
+ attribute:
+ title: attribute
+ $ref: '#/components/schemas/policy.Attribute'
+ value:
+ type: string
+ title: value
+ grants:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.KeyAccessServer'
+ title: grants
+ description: Deprecated KAS grants for the value. Use kas_keys instead.
+ fqn:
+ type: string
+ title: fqn
+ active:
+ title: active
+ description: active by default until explicitly deactivated
+ $ref: '#/components/schemas/google.protobuf.BoolValue'
+ subjectMappings:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.SubjectMapping'
+ title: subject_mappings
+ description: subject mapping
+ kasKeys:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.SimpleKasKey'
+ title: kas_keys
+ resourceMappings:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.ResourceMapping'
+ title: resource_mappings
+ obligations:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.Obligation'
+ title: obligations
+ metadata:
+ title: metadata
+ description: Common metadata
+ $ref: '#/components/schemas/common.Metadata'
+ title: Value
+ additionalProperties: false
+ policy.dynamicvaluemapping.CreateDynamicValueMappingRequest:
+ type: object
+ allOf:
+ - oneOf:
+ - required:
+ - attributeDefinitionId
+ - required:
+ - attributeDefinitionFqn
+ properties:
+ attributeDefinitionId:
+ type: string
+ title: attribute_definition_id
+ format: uuid
+ attributeDefinitionFqn:
+ type: string
+ title: attribute_definition_fqn
+ minLength: 1
+ format: uri
+ valueResolver:
+ title: value_resolver
+ description: 'Required: the dynamic resolver comparing entity selector result to the resource value segment'
+ $ref: '#/components/schemas/policy.DynamicValueResolver'
+ actions:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.Action'
+ title: actions
+ minItems: 1
+ description: |
+ Required: actions permitted on a matched value
+ action_name_or_id_not_empty // Action name or ID must not be empty if provided
+ existingSubjectConditionSetId:
+ type: string
+ title: existing_subject_condition_set_id
+ description: |
+ Optional static pre-gate. Reuse an existing SubjectConditionSet (prioritized) ...
+ optional_uuid_format // Optional field must be a valid UUID
+ newSubjectConditionSet:
+ title: new_subject_condition_set
+ description: '... or create a new one (ignored if existing_subject_condition_set_id is provided)'
+ $ref: '#/components/schemas/policy.subjectmapping.SubjectConditionSetCreate'
+ namespaceId:
+ type: string
+ title: namespace_id
+ format: uuid
+ description: 'Optional: namespace ID or FQN for the mapping'
+ namespaceFqn:
+ type: string
+ title: namespace_fqn
+ minLength: 1
+ format: uri
+ metadata:
+ title: metadata
+ description: Optional
+ $ref: '#/components/schemas/common.MetadataMutable'
+ title: CreateDynamicValueMappingRequest
+ required:
+ - valueResolver
+ additionalProperties: false
+ policy.dynamicvaluemapping.CreateDynamicValueMappingResponse:
+ type: object
+ properties:
+ dynamicValueMapping:
+ title: dynamic_value_mapping
+ $ref: '#/components/schemas/policy.DynamicValueMapping'
+ title: CreateDynamicValueMappingResponse
+ additionalProperties: false
+ policy.dynamicvaluemapping.DeleteDynamicValueMappingRequest:
+ type: object
+ properties:
+ id:
+ type: string
+ title: id
+ format: uuid
+ description: Required
+ title: DeleteDynamicValueMappingRequest
+ additionalProperties: false
+ policy.dynamicvaluemapping.DeleteDynamicValueMappingResponse:
+ type: object
+ properties:
+ dynamicValueMapping:
+ title: dynamic_value_mapping
+ description: Only ID of the deleted mapping provided
+ $ref: '#/components/schemas/policy.DynamicValueMapping'
+ title: DeleteDynamicValueMappingResponse
+ additionalProperties: false
+ policy.dynamicvaluemapping.DynamicValueMappingsSort:
+ type: object
+ properties:
+ field:
+ title: field
+ $ref: '#/components/schemas/policy.dynamicvaluemapping.SortDynamicValueMappingsType'
+ direction:
+ title: direction
+ $ref: '#/components/schemas/policy.SortDirection'
+ title: DynamicValueMappingsSort
+ additionalProperties: false
+ policy.dynamicvaluemapping.GetDynamicValueMappingRequest:
+ type: object
+ properties:
+ id:
+ type: string
+ title: id
+ format: uuid
+ description: Required
+ title: GetDynamicValueMappingRequest
+ additionalProperties: false
+ policy.dynamicvaluemapping.GetDynamicValueMappingResponse:
+ type: object
+ properties:
+ dynamicValueMapping:
+ title: dynamic_value_mapping
+ $ref: '#/components/schemas/policy.DynamicValueMapping'
+ title: GetDynamicValueMappingResponse
+ additionalProperties: false
+ policy.dynamicvaluemapping.ListDynamicValueMappingsRequest:
+ type: object
+ properties:
+ namespaceId:
+ type: string
+ title: namespace_id
+ description: |
+ Optional
+ Namespace ID, or Attribute Definition ID to filter by
+ optional_uuid_format // Optional field must be a valid UUID
+ attributeDefinitionId:
+ type: string
+ title: attribute_definition_id
+ description: |
+ optional_uuid_format // Optional field must be a valid UUID
+ pagination:
+ title: pagination
+ description: Optional
+ $ref: '#/components/schemas/policy.PageRequest'
+ sort:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.dynamicvaluemapping.DynamicValueMappingsSort'
+ title: sort
+ maxItems: 1
+ description: 'Optional - CONSTRAINT: max 1 item'
+ title: ListDynamicValueMappingsRequest
+ additionalProperties: false
+ policy.dynamicvaluemapping.ListDynamicValueMappingsResponse:
+ type: object
+ properties:
+ dynamicValueMappings:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.DynamicValueMapping'
+ title: dynamic_value_mappings
+ pagination:
+ title: pagination
+ $ref: '#/components/schemas/policy.PageResponse'
+ title: ListDynamicValueMappingsResponse
+ additionalProperties: false
+ policy.dynamicvaluemapping.SortDynamicValueMappingsType:
+ type: string
+ title: SortDynamicValueMappingsType
+ enum:
+ - SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UNSPECIFIED
+ - SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_CREATED_AT
+ - SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UPDATED_AT
+ policy.dynamicvaluemapping.UpdateDynamicValueMappingRequest:
+ type: object
+ properties:
+ id:
+ type: string
+ title: id
+ format: uuid
+ description: Required
+ valueResolver:
+ title: value_resolver
+ description: 'Optional: replace the dynamic resolver'
+ $ref: '#/components/schemas/policy.DynamicValueResolver'
+ subjectConditionSetId:
+ type: string
+ title: subject_condition_set_id
+ description: |
+ Optional: replace the static pre-gate SubjectConditionSet by id
+ optional_uuid_format // Optional field must be a valid UUID
+ actions:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.Action'
+ title: actions
+ description: |
+ Optional: replace the entire list of actions
+ action_name_or_id_not_empty // Action name or ID must not be empty if provided
+ metadata:
+ title: metadata
+ description: Common metadata
+ $ref: '#/components/schemas/common.MetadataMutable'
+ metadataUpdateBehavior:
+ title: metadata_update_behavior
+ $ref: '#/components/schemas/common.MetadataUpdateEnum'
+ title: UpdateDynamicValueMappingRequest
+ additionalProperties: false
+ policy.dynamicvaluemapping.UpdateDynamicValueMappingResponse:
+ type: object
+ properties:
+ dynamicValueMapping:
+ title: dynamic_value_mapping
+ $ref: '#/components/schemas/policy.DynamicValueMapping'
+ title: UpdateDynamicValueMappingResponse
+ additionalProperties: false
+ policy.subjectmapping.SubjectConditionSetCreate:
+ type: object
+ properties:
+ subjectSets:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.SubjectSet'
+ title: subject_sets
+ minItems: 1
+ description: Required
+ metadata:
+ title: metadata
+ description: |-
+ Optional
+ Common metadata
+ $ref: '#/components/schemas/common.MetadataMutable'
+ title: SubjectConditionSetCreate
+ additionalProperties: false
+security: []
+tags:
+ - name: policy.dynamicvaluemapping.DynamicValueMappingService
diff --git a/docs/openapi/policy/objects.openapi.yaml b/docs/openapi/policy/objects.openapi.yaml
index 6bef650b76..2be6d6e904 100644
--- a/docs/openapi/policy/objects.openapi.yaml
+++ b/docs/openapi/policy/objects.openapi.yaml
@@ -368,6 +368,83 @@ components:
- booleanOperator
additionalProperties: false
description: A collection of Conditions evaluated by the boolean_operator provided
+ policy.DynamicValueMapping:
+ type: object
+ properties:
+ id:
+ type: string
+ title: id
+ attributeDefinition:
+ title: attribute_definition
+ description: the Attribute Definition whose values are entitled dynamically
+ $ref: '#/components/schemas/policy.Attribute'
+ valueResolver:
+ title: value_resolver
+ description: the dynamic resolver matched against the requested resource value segment
+ $ref: '#/components/schemas/policy.DynamicValueResolver'
+ subjectConditionSet:
+ title: subject_condition_set
+ description: |-
+ optional static pre-gate on the entity, evaluated with normal SubjectConditionSet
+ semantics (no dynamic overload). When present, both the gate and the resolver must
+ pass for entitlement.
+ $ref: '#/components/schemas/policy.SubjectConditionSet'
+ actions:
+ type: array
+ items:
+ $ref: '#/components/schemas/policy.Action'
+ title: actions
+ description: the actions permitted by subjects in this mapping
+ namespace:
+ title: namespace
+ description: the namespace containing this mapping
+ $ref: '#/components/schemas/policy.Namespace'
+ metadata:
+ title: metadata
+ $ref: '#/components/schemas/common.Metadata'
+ title: DynamicValueMapping
+ additionalProperties: false
+ description: |-
+ Dynamic Value Mapping: a Policy assigning permitted action(s) to
+ dynamically-requested values under an Attribute Definition. It raises entitlement
+ authority from a concrete Attribute Value to the Attribute Definition: at decision time
+ the value_resolver compares the requested resource value segment against the entity
+ representation, avoiding pre-provisioning a value + subject mapping per discrete value.
+ policy.DynamicValueOperatorEnum:
+ type: string
+ title: DynamicValueOperatorEnum
+ enum:
+ - DYNAMIC_VALUE_OPERATOR_ENUM_UNSPECIFIED
+ - DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN
+ - DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN_CONTAINS
+ description: |-
+ Operators for dynamic, definition-level value entitlement. Unlike
+ SubjectMappingOperatorEnum, whose right-hand operand is a static list authored into
+ policy, a DynamicValueOperatorEnum's right-hand operand is the requested resource's
+ attribute value segment, supplied at decision time. Each value is the inversion of its
+ static SubjectMappingOperatorEnum counterpart.
+ policy.DynamicValueResolver:
+ type: object
+ properties:
+ subjectExternalSelectorValue:
+ type: string
+ title: subject_external_selector_value
+ description: |-
+ a selector for a field value on a flattened Entity Representation (such as from
+ idP/LDAP), e.g. ".patientAssignments[]"
+ operator:
+ title: operator
+ description: the dynamic operator comparing the selector result to the resource value segment
+ $ref: '#/components/schemas/policy.DynamicValueOperatorEnum'
+ title: DynamicValueResolver
+ required:
+ - subjectExternalSelectorValue
+ - operator
+ additionalProperties: false
+ description: |-
+ Definition Value Resolver: the dynamic half of a DynamicValueMapping. It
+ resolves a selector against the entity representation and compares the result to the
+ requested resource value segment using a DynamicValueOperatorEnum.
policy.KasKey:
type: object
properties:
@@ -989,6 +1066,7 @@ components:
authoritative source such as an IDP (Identity Provider) or User Store.
Examples include such ADFS/LDAP, OKTA, etc. For now, a valid property must
contain both a selector expression & a resulting value.
+
The external_selector_value is a specifier to select a value from a flattened
external representation of an Entity (such as from idP/LDAP), and the
external_value is the value selected by the external_selector_value on that
diff --git a/docs/openapi/policy/subjectmapping/subject_mapping.openapi.yaml b/docs/openapi/policy/subjectmapping/subject_mapping.openapi.yaml
index 10e2ebeb84..a988610cbb 100644
--- a/docs/openapi/policy/subjectmapping/subject_mapping.openapi.yaml
+++ b/docs/openapi/policy/subjectmapping/subject_mapping.openapi.yaml
@@ -1348,6 +1348,7 @@ components:
authoritative source such as an IDP (Identity Provider) or User Store.
Examples include such ADFS/LDAP, OKTA, etc. For now, a valid property must
contain both a selector expression & a resulting value.
+
The external_selector_value is a specifier to select a value from a flattened
external representation of an Entity (such as from idP/LDAP), and the
external_value is the value selected by the external_selector_value on that
diff --git a/protocol/go/go.mod b/protocol/go/go.mod
index fe119565e9..e2668a8e74 100644
--- a/protocol/go/go.mod
+++ b/protocol/go/go.mod
@@ -2,6 +2,8 @@ module github.com/opentdf/platform/protocol/go
go 1.25.0
+toolchain go1.25.9
+
require (
buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20260415201107-50325440f8f2.1
connectrpc.com/connect v1.20.0
diff --git a/protocol/go/policy/dynamicvaluemapping/dynamic_value_mapping.pb.go b/protocol/go/policy/dynamicvaluemapping/dynamic_value_mapping.pb.go
new file mode 100644
index 0000000000..07d2e2d39e
--- /dev/null
+++ b/protocol/go/policy/dynamicvaluemapping/dynamic_value_mapping.pb.go
@@ -0,0 +1,1293 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// protoc-gen-go v1.33.0
+// protoc (unknown)
+// source: policy/dynamicvaluemapping/dynamic_value_mapping.proto
+
+package dynamicvaluemapping
+
+import (
+ _ "buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate"
+ common "github.com/opentdf/platform/protocol/go/common"
+ policy "github.com/opentdf/platform/protocol/go/policy"
+ subjectmapping "github.com/opentdf/platform/protocol/go/policy/subjectmapping"
+ protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+ protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+ reflect "reflect"
+ sync "sync"
+)
+
+const (
+ // Verify that this generated code is sufficiently up-to-date.
+ _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+ // Verify that runtime/protoimpl is sufficiently up-to-date.
+ _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type SortDynamicValueMappingsType int32
+
+const (
+ SortDynamicValueMappingsType_SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UNSPECIFIED SortDynamicValueMappingsType = 0
+ SortDynamicValueMappingsType_SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_CREATED_AT SortDynamicValueMappingsType = 1
+ SortDynamicValueMappingsType_SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UPDATED_AT SortDynamicValueMappingsType = 2
+)
+
+// Enum value maps for SortDynamicValueMappingsType.
+var (
+ SortDynamicValueMappingsType_name = map[int32]string{
+ 0: "SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UNSPECIFIED",
+ 1: "SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_CREATED_AT",
+ 2: "SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UPDATED_AT",
+ }
+ SortDynamicValueMappingsType_value = map[string]int32{
+ "SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UNSPECIFIED": 0,
+ "SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_CREATED_AT": 1,
+ "SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UPDATED_AT": 2,
+ }
+)
+
+func (x SortDynamicValueMappingsType) Enum() *SortDynamicValueMappingsType {
+ p := new(SortDynamicValueMappingsType)
+ *p = x
+ return p
+}
+
+func (x SortDynamicValueMappingsType) String() string {
+ return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (SortDynamicValueMappingsType) Descriptor() protoreflect.EnumDescriptor {
+ return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_enumTypes[0].Descriptor()
+}
+
+func (SortDynamicValueMappingsType) Type() protoreflect.EnumType {
+ return &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_enumTypes[0]
+}
+
+func (x SortDynamicValueMappingsType) Number() protoreflect.EnumNumber {
+ return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use SortDynamicValueMappingsType.Descriptor instead.
+func (SortDynamicValueMappingsType) EnumDescriptor() ([]byte, []int) {
+ return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{0}
+}
+
+type GetDynamicValueMappingRequest struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // Required
+ Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+}
+
+func (x *GetDynamicValueMappingRequest) Reset() {
+ *x = GetDynamicValueMappingRequest{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[0]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *GetDynamicValueMappingRequest) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetDynamicValueMappingRequest) ProtoMessage() {}
+
+func (x *GetDynamicValueMappingRequest) ProtoReflect() protoreflect.Message {
+ mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[0]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetDynamicValueMappingRequest.ProtoReflect.Descriptor instead.
+func (*GetDynamicValueMappingRequest) Descriptor() ([]byte, []int) {
+ return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *GetDynamicValueMappingRequest) GetId() string {
+ if x != nil {
+ return x.Id
+ }
+ return ""
+}
+
+type GetDynamicValueMappingResponse struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ DynamicValueMapping *policy.DynamicValueMapping `protobuf:"bytes,1,opt,name=dynamic_value_mapping,json=dynamicValueMapping,proto3" json:"dynamic_value_mapping,omitempty"`
+}
+
+func (x *GetDynamicValueMappingResponse) Reset() {
+ *x = GetDynamicValueMappingResponse{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[1]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *GetDynamicValueMappingResponse) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetDynamicValueMappingResponse) ProtoMessage() {}
+
+func (x *GetDynamicValueMappingResponse) ProtoReflect() protoreflect.Message {
+ mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[1]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetDynamicValueMappingResponse.ProtoReflect.Descriptor instead.
+func (*GetDynamicValueMappingResponse) Descriptor() ([]byte, []int) {
+ return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *GetDynamicValueMappingResponse) GetDynamicValueMapping() *policy.DynamicValueMapping {
+ if x != nil {
+ return x.DynamicValueMapping
+ }
+ return nil
+}
+
+type DynamicValueMappingsSort struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ Field SortDynamicValueMappingsType `protobuf:"varint,1,opt,name=field,proto3,enum=policy.dynamicvaluemapping.SortDynamicValueMappingsType" json:"field,omitempty"`
+ Direction policy.SortDirection `protobuf:"varint,2,opt,name=direction,proto3,enum=policy.SortDirection" json:"direction,omitempty"`
+}
+
+func (x *DynamicValueMappingsSort) Reset() {
+ *x = DynamicValueMappingsSort{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[2]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *DynamicValueMappingsSort) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DynamicValueMappingsSort) ProtoMessage() {}
+
+func (x *DynamicValueMappingsSort) ProtoReflect() protoreflect.Message {
+ mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[2]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use DynamicValueMappingsSort.ProtoReflect.Descriptor instead.
+func (*DynamicValueMappingsSort) Descriptor() ([]byte, []int) {
+ return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *DynamicValueMappingsSort) GetField() SortDynamicValueMappingsType {
+ if x != nil {
+ return x.Field
+ }
+ return SortDynamicValueMappingsType_SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UNSPECIFIED
+}
+
+func (x *DynamicValueMappingsSort) GetDirection() policy.SortDirection {
+ if x != nil {
+ return x.Direction
+ }
+ return policy.SortDirection(0)
+}
+
+type ListDynamicValueMappingsRequest struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // Optional
+ // Namespace ID, or Attribute Definition ID to filter by
+ NamespaceId string `protobuf:"bytes,1,opt,name=namespace_id,json=namespaceId,proto3" json:"namespace_id,omitempty"`
+ AttributeDefinitionId string `protobuf:"bytes,2,opt,name=attribute_definition_id,json=attributeDefinitionId,proto3" json:"attribute_definition_id,omitempty"`
+ // Optional
+ Pagination *policy.PageRequest `protobuf:"bytes,10,opt,name=pagination,proto3" json:"pagination,omitempty"`
+ // Optional - CONSTRAINT: max 1 item
+ Sort []*DynamicValueMappingsSort `protobuf:"bytes,11,rep,name=sort,proto3" json:"sort,omitempty"`
+}
+
+func (x *ListDynamicValueMappingsRequest) Reset() {
+ *x = ListDynamicValueMappingsRequest{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[3]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *ListDynamicValueMappingsRequest) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ListDynamicValueMappingsRequest) ProtoMessage() {}
+
+func (x *ListDynamicValueMappingsRequest) ProtoReflect() protoreflect.Message {
+ mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[3]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use ListDynamicValueMappingsRequest.ProtoReflect.Descriptor instead.
+func (*ListDynamicValueMappingsRequest) Descriptor() ([]byte, []int) {
+ return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *ListDynamicValueMappingsRequest) GetNamespaceId() string {
+ if x != nil {
+ return x.NamespaceId
+ }
+ return ""
+}
+
+func (x *ListDynamicValueMappingsRequest) GetAttributeDefinitionId() string {
+ if x != nil {
+ return x.AttributeDefinitionId
+ }
+ return ""
+}
+
+func (x *ListDynamicValueMappingsRequest) GetPagination() *policy.PageRequest {
+ if x != nil {
+ return x.Pagination
+ }
+ return nil
+}
+
+func (x *ListDynamicValueMappingsRequest) GetSort() []*DynamicValueMappingsSort {
+ if x != nil {
+ return x.Sort
+ }
+ return nil
+}
+
+type ListDynamicValueMappingsResponse struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ DynamicValueMappings []*policy.DynamicValueMapping `protobuf:"bytes,1,rep,name=dynamic_value_mappings,json=dynamicValueMappings,proto3" json:"dynamic_value_mappings,omitempty"`
+ Pagination *policy.PageResponse `protobuf:"bytes,10,opt,name=pagination,proto3" json:"pagination,omitempty"`
+}
+
+func (x *ListDynamicValueMappingsResponse) Reset() {
+ *x = ListDynamicValueMappingsResponse{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[4]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *ListDynamicValueMappingsResponse) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ListDynamicValueMappingsResponse) ProtoMessage() {}
+
+func (x *ListDynamicValueMappingsResponse) ProtoReflect() protoreflect.Message {
+ mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[4]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use ListDynamicValueMappingsResponse.ProtoReflect.Descriptor instead.
+func (*ListDynamicValueMappingsResponse) Descriptor() ([]byte, []int) {
+ return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *ListDynamicValueMappingsResponse) GetDynamicValueMappings() []*policy.DynamicValueMapping {
+ if x != nil {
+ return x.DynamicValueMappings
+ }
+ return nil
+}
+
+func (x *ListDynamicValueMappingsResponse) GetPagination() *policy.PageResponse {
+ if x != nil {
+ return x.Pagination
+ }
+ return nil
+}
+
+type CreateDynamicValueMappingRequest struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ AttributeDefinitionId string `protobuf:"bytes,1,opt,name=attribute_definition_id,json=attributeDefinitionId,proto3" json:"attribute_definition_id,omitempty"`
+ AttributeDefinitionFqn string `protobuf:"bytes,2,opt,name=attribute_definition_fqn,json=attributeDefinitionFqn,proto3" json:"attribute_definition_fqn,omitempty"`
+ // Required: the dynamic resolver comparing entity selector result to the resource value segment
+ ValueResolver *policy.DynamicValueResolver `protobuf:"bytes,3,opt,name=value_resolver,json=valueResolver,proto3" json:"value_resolver,omitempty"`
+ // Required: actions permitted on a matched value
+ Actions []*policy.Action `protobuf:"bytes,4,rep,name=actions,proto3" json:"actions,omitempty"`
+ // Optional static pre-gate. Reuse an existing SubjectConditionSet (prioritized) ...
+ ExistingSubjectConditionSetId string `protobuf:"bytes,5,opt,name=existing_subject_condition_set_id,json=existingSubjectConditionSetId,proto3" json:"existing_subject_condition_set_id,omitempty"`
+ // ... or create a new one (ignored if existing_subject_condition_set_id is provided)
+ NewSubjectConditionSet *subjectmapping.SubjectConditionSetCreate `protobuf:"bytes,6,opt,name=new_subject_condition_set,json=newSubjectConditionSet,proto3" json:"new_subject_condition_set,omitempty"`
+ // Optional: namespace ID or FQN for the mapping
+ NamespaceId string `protobuf:"bytes,7,opt,name=namespace_id,json=namespaceId,proto3" json:"namespace_id,omitempty"`
+ NamespaceFqn string `protobuf:"bytes,8,opt,name=namespace_fqn,json=namespaceFqn,proto3" json:"namespace_fqn,omitempty"`
+ // Optional
+ Metadata *common.MetadataMutable `protobuf:"bytes,100,opt,name=metadata,proto3" json:"metadata,omitempty"`
+}
+
+func (x *CreateDynamicValueMappingRequest) Reset() {
+ *x = CreateDynamicValueMappingRequest{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[5]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *CreateDynamicValueMappingRequest) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CreateDynamicValueMappingRequest) ProtoMessage() {}
+
+func (x *CreateDynamicValueMappingRequest) ProtoReflect() protoreflect.Message {
+ mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[5]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use CreateDynamicValueMappingRequest.ProtoReflect.Descriptor instead.
+func (*CreateDynamicValueMappingRequest) Descriptor() ([]byte, []int) {
+ return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *CreateDynamicValueMappingRequest) GetAttributeDefinitionId() string {
+ if x != nil {
+ return x.AttributeDefinitionId
+ }
+ return ""
+}
+
+func (x *CreateDynamicValueMappingRequest) GetAttributeDefinitionFqn() string {
+ if x != nil {
+ return x.AttributeDefinitionFqn
+ }
+ return ""
+}
+
+func (x *CreateDynamicValueMappingRequest) GetValueResolver() *policy.DynamicValueResolver {
+ if x != nil {
+ return x.ValueResolver
+ }
+ return nil
+}
+
+func (x *CreateDynamicValueMappingRequest) GetActions() []*policy.Action {
+ if x != nil {
+ return x.Actions
+ }
+ return nil
+}
+
+func (x *CreateDynamicValueMappingRequest) GetExistingSubjectConditionSetId() string {
+ if x != nil {
+ return x.ExistingSubjectConditionSetId
+ }
+ return ""
+}
+
+func (x *CreateDynamicValueMappingRequest) GetNewSubjectConditionSet() *subjectmapping.SubjectConditionSetCreate {
+ if x != nil {
+ return x.NewSubjectConditionSet
+ }
+ return nil
+}
+
+func (x *CreateDynamicValueMappingRequest) GetNamespaceId() string {
+ if x != nil {
+ return x.NamespaceId
+ }
+ return ""
+}
+
+func (x *CreateDynamicValueMappingRequest) GetNamespaceFqn() string {
+ if x != nil {
+ return x.NamespaceFqn
+ }
+ return ""
+}
+
+func (x *CreateDynamicValueMappingRequest) GetMetadata() *common.MetadataMutable {
+ if x != nil {
+ return x.Metadata
+ }
+ return nil
+}
+
+type CreateDynamicValueMappingResponse struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ DynamicValueMapping *policy.DynamicValueMapping `protobuf:"bytes,1,opt,name=dynamic_value_mapping,json=dynamicValueMapping,proto3" json:"dynamic_value_mapping,omitempty"`
+}
+
+func (x *CreateDynamicValueMappingResponse) Reset() {
+ *x = CreateDynamicValueMappingResponse{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[6]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *CreateDynamicValueMappingResponse) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CreateDynamicValueMappingResponse) ProtoMessage() {}
+
+func (x *CreateDynamicValueMappingResponse) ProtoReflect() protoreflect.Message {
+ mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[6]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use CreateDynamicValueMappingResponse.ProtoReflect.Descriptor instead.
+func (*CreateDynamicValueMappingResponse) Descriptor() ([]byte, []int) {
+ return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *CreateDynamicValueMappingResponse) GetDynamicValueMapping() *policy.DynamicValueMapping {
+ if x != nil {
+ return x.DynamicValueMapping
+ }
+ return nil
+}
+
+type UpdateDynamicValueMappingRequest struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // Required
+ Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+ // Optional: replace the dynamic resolver
+ ValueResolver *policy.DynamicValueResolver `protobuf:"bytes,2,opt,name=value_resolver,json=valueResolver,proto3" json:"value_resolver,omitempty"`
+ // Optional: replace the static pre-gate SubjectConditionSet by id
+ SubjectConditionSetId string `protobuf:"bytes,3,opt,name=subject_condition_set_id,json=subjectConditionSetId,proto3" json:"subject_condition_set_id,omitempty"`
+ // Optional: replace the entire list of actions
+ Actions []*policy.Action `protobuf:"bytes,4,rep,name=actions,proto3" json:"actions,omitempty"`
+ // Common metadata
+ Metadata *common.MetadataMutable `protobuf:"bytes,100,opt,name=metadata,proto3" json:"metadata,omitempty"`
+ MetadataUpdateBehavior common.MetadataUpdateEnum `protobuf:"varint,101,opt,name=metadata_update_behavior,json=metadataUpdateBehavior,proto3,enum=common.MetadataUpdateEnum" json:"metadata_update_behavior,omitempty"`
+}
+
+func (x *UpdateDynamicValueMappingRequest) Reset() {
+ *x = UpdateDynamicValueMappingRequest{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[7]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *UpdateDynamicValueMappingRequest) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UpdateDynamicValueMappingRequest) ProtoMessage() {}
+
+func (x *UpdateDynamicValueMappingRequest) ProtoReflect() protoreflect.Message {
+ mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[7]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use UpdateDynamicValueMappingRequest.ProtoReflect.Descriptor instead.
+func (*UpdateDynamicValueMappingRequest) Descriptor() ([]byte, []int) {
+ return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *UpdateDynamicValueMappingRequest) GetId() string {
+ if x != nil {
+ return x.Id
+ }
+ return ""
+}
+
+func (x *UpdateDynamicValueMappingRequest) GetValueResolver() *policy.DynamicValueResolver {
+ if x != nil {
+ return x.ValueResolver
+ }
+ return nil
+}
+
+func (x *UpdateDynamicValueMappingRequest) GetSubjectConditionSetId() string {
+ if x != nil {
+ return x.SubjectConditionSetId
+ }
+ return ""
+}
+
+func (x *UpdateDynamicValueMappingRequest) GetActions() []*policy.Action {
+ if x != nil {
+ return x.Actions
+ }
+ return nil
+}
+
+func (x *UpdateDynamicValueMappingRequest) GetMetadata() *common.MetadataMutable {
+ if x != nil {
+ return x.Metadata
+ }
+ return nil
+}
+
+func (x *UpdateDynamicValueMappingRequest) GetMetadataUpdateBehavior() common.MetadataUpdateEnum {
+ if x != nil {
+ return x.MetadataUpdateBehavior
+ }
+ return common.MetadataUpdateEnum(0)
+}
+
+type UpdateDynamicValueMappingResponse struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ DynamicValueMapping *policy.DynamicValueMapping `protobuf:"bytes,1,opt,name=dynamic_value_mapping,json=dynamicValueMapping,proto3" json:"dynamic_value_mapping,omitempty"`
+}
+
+func (x *UpdateDynamicValueMappingResponse) Reset() {
+ *x = UpdateDynamicValueMappingResponse{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[8]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *UpdateDynamicValueMappingResponse) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UpdateDynamicValueMappingResponse) ProtoMessage() {}
+
+func (x *UpdateDynamicValueMappingResponse) ProtoReflect() protoreflect.Message {
+ mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[8]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use UpdateDynamicValueMappingResponse.ProtoReflect.Descriptor instead.
+func (*UpdateDynamicValueMappingResponse) Descriptor() ([]byte, []int) {
+ return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *UpdateDynamicValueMappingResponse) GetDynamicValueMapping() *policy.DynamicValueMapping {
+ if x != nil {
+ return x.DynamicValueMapping
+ }
+ return nil
+}
+
+type DeleteDynamicValueMappingRequest struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // Required
+ Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+}
+
+func (x *DeleteDynamicValueMappingRequest) Reset() {
+ *x = DeleteDynamicValueMappingRequest{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[9]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *DeleteDynamicValueMappingRequest) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DeleteDynamicValueMappingRequest) ProtoMessage() {}
+
+func (x *DeleteDynamicValueMappingRequest) ProtoReflect() protoreflect.Message {
+ mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[9]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use DeleteDynamicValueMappingRequest.ProtoReflect.Descriptor instead.
+func (*DeleteDynamicValueMappingRequest) Descriptor() ([]byte, []int) {
+ return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *DeleteDynamicValueMappingRequest) GetId() string {
+ if x != nil {
+ return x.Id
+ }
+ return ""
+}
+
+type DeleteDynamicValueMappingResponse struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // Only ID of the deleted mapping provided
+ DynamicValueMapping *policy.DynamicValueMapping `protobuf:"bytes,1,opt,name=dynamic_value_mapping,json=dynamicValueMapping,proto3" json:"dynamic_value_mapping,omitempty"`
+}
+
+func (x *DeleteDynamicValueMappingResponse) Reset() {
+ *x = DeleteDynamicValueMappingResponse{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[10]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *DeleteDynamicValueMappingResponse) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DeleteDynamicValueMappingResponse) ProtoMessage() {}
+
+func (x *DeleteDynamicValueMappingResponse) ProtoReflect() protoreflect.Message {
+ mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[10]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use DeleteDynamicValueMappingResponse.ProtoReflect.Descriptor instead.
+func (*DeleteDynamicValueMappingResponse) Descriptor() ([]byte, []int) {
+ return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *DeleteDynamicValueMappingResponse) GetDynamicValueMapping() *policy.DynamicValueMapping {
+ if x != nil {
+ return x.DynamicValueMapping
+ }
+ return nil
+}
+
+var File_policy_dynamicvaluemapping_dynamic_value_mapping_proto protoreflect.FileDescriptor
+
+var file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDesc = []byte{
+ 0x0a, 0x36, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2f, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63,
+ 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2f, 0x64, 0x79, 0x6e,
+ 0x61, 0x6d, 0x69, 0x63, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69,
+ 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1a, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79,
+ 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70,
+ 0x70, 0x69, 0x6e, 0x67, 0x1a, 0x1b, 0x62, 0x75, 0x66, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61,
+ 0x74, 0x65, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+ 0x6f, 0x1a, 0x13, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e,
+ 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x14, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2f, 0x6f,
+ 0x62, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x16, 0x70, 0x6f,
+ 0x6c, 0x69, 0x63, 0x79, 0x2f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73, 0x2e, 0x70,
+ 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2b, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2f, 0x73, 0x75, 0x62,
+ 0x6a, 0x65, 0x63, 0x74, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2f, 0x73, 0x75, 0x62, 0x6a,
+ 0x65, 0x63, 0x74, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+ 0x6f, 0x22, 0x39, 0x0a, 0x1d, 0x47, 0x65, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56,
+ 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65,
+ 0x73, 0x74, 0x12, 0x18, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08,
+ 0xba, 0x48, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x52, 0x02, 0x69, 0x64, 0x22, 0x71, 0x0a, 0x1e,
+ 0x47, 0x65, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d,
+ 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4f,
+ 0x0a, 0x15, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f,
+ 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e,
+ 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61,
+ 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x13, 0x64, 0x79, 0x6e, 0x61,
+ 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x22,
+ 0xb3, 0x01, 0x0a, 0x18, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65,
+ 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x53, 0x6f, 0x72, 0x74, 0x12, 0x58, 0x0a, 0x05,
+ 0x66, 0x69, 0x65, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x70, 0x6f,
+ 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75,
+ 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x53, 0x6f, 0x72, 0x74, 0x44, 0x79, 0x6e,
+ 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67,
+ 0x73, 0x54, 0x79, 0x70, 0x65, 0x42, 0x08, 0xba, 0x48, 0x05, 0x82, 0x01, 0x02, 0x10, 0x01, 0x52,
+ 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x12, 0x3d, 0x0a, 0x09, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74,
+ 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x70, 0x6f, 0x6c, 0x69,
+ 0x63, 0x79, 0x2e, 0x53, 0x6f, 0x72, 0x74, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+ 0x42, 0x08, 0xba, 0x48, 0x05, 0x82, 0x01, 0x02, 0x10, 0x01, 0x52, 0x09, 0x64, 0x69, 0x72, 0x65,
+ 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xf3, 0x04, 0x0a, 0x1f, 0x4c, 0x69, 0x73, 0x74, 0x44, 0x79,
+ 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e,
+ 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0xd7, 0x01, 0x0a, 0x0c, 0x6e, 0x61,
+ 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+ 0x42, 0xb3, 0x01, 0xba, 0x48, 0xaf, 0x01, 0xba, 0x01, 0xab, 0x01, 0x0a, 0x14, 0x6f, 0x70, 0x74,
+ 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x75, 0x75, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61,
+ 0x74, 0x12, 0x23, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x20, 0x66, 0x69, 0x65, 0x6c,
+ 0x64, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x61, 0x20, 0x76, 0x61, 0x6c, 0x69,
+ 0x64, 0x20, 0x55, 0x55, 0x49, 0x44, 0x1a, 0x6e, 0x73, 0x69, 0x7a, 0x65, 0x28, 0x74, 0x68, 0x69,
+ 0x73, 0x29, 0x20, 0x3d, 0x3d, 0x20, 0x30, 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e,
+ 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x28, 0x27, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66,
+ 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x38, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41,
+ 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d,
+ 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46,
+ 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d,
+ 0x7b, 0x31, 0x32, 0x7d, 0x27, 0x29, 0x52, 0x0b, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63,
+ 0x65, 0x49, 0x64, 0x12, 0xec, 0x01, 0x0a, 0x17, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74,
+ 0x65, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18,
+ 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0xb3, 0x01, 0xba, 0x48, 0xaf, 0x01, 0xba, 0x01, 0xab, 0x01,
+ 0x0a, 0x14, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x75, 0x75, 0x69, 0x64, 0x5f,
+ 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x23, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c,
+ 0x20, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x61,
+ 0x20, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x20, 0x55, 0x55, 0x49, 0x44, 0x1a, 0x6e, 0x73, 0x69, 0x7a,
+ 0x65, 0x28, 0x74, 0x68, 0x69, 0x73, 0x29, 0x20, 0x3d, 0x3d, 0x20, 0x30, 0x20, 0x7c, 0x7c, 0x20,
+ 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x28, 0x27, 0x5b, 0x30,
+ 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x38, 0x7d, 0x2d, 0x5b, 0x30, 0x2d,
+ 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39,
+ 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61,
+ 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d,
+ 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x31, 0x32, 0x7d, 0x27, 0x29, 0x52, 0x15, 0x61, 0x74, 0x74,
+ 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e,
+ 0x49, 0x64, 0x12, 0x33, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+ 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e,
+ 0x50, 0x61, 0x67, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x52, 0x0a, 0x70, 0x61, 0x67,
+ 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x52, 0x0a, 0x04, 0x73, 0x6f, 0x72, 0x74, 0x18,
+ 0x0b, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64,
+ 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69,
+ 0x6e, 0x67, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d,
+ 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x53, 0x6f, 0x72, 0x74, 0x42, 0x08, 0xba, 0x48, 0x05,
+ 0x92, 0x01, 0x02, 0x10, 0x01, 0x52, 0x04, 0x73, 0x6f, 0x72, 0x74, 0x22, 0xab, 0x01, 0x0a, 0x20,
+ 0x4c, 0x69, 0x73, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65,
+ 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+ 0x12, 0x51, 0x0a, 0x16, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x5f, 0x76, 0x61, 0x6c, 0x75,
+ 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b,
+ 0x32, 0x1b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69,
+ 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x14, 0x64,
+ 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69,
+ 0x6e, 0x67, 0x73, 0x12, 0x34, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f,
+ 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79,
+ 0x2e, 0x50, 0x61, 0x67, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x52, 0x0a, 0x70,
+ 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x90, 0x08, 0x0a, 0x20, 0x43, 0x72,
+ 0x65, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65,
+ 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x40,
+ 0x0a, 0x17, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x5f, 0x64, 0x65, 0x66, 0x69,
+ 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42,
+ 0x08, 0xba, 0x48, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x52, 0x15, 0x61, 0x74, 0x74, 0x72, 0x69,
+ 0x62, 0x75, 0x74, 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x64,
+ 0x12, 0x44, 0x0a, 0x18, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x5f, 0x64, 0x65,
+ 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x66, 0x71, 0x6e, 0x18, 0x02, 0x20, 0x01,
+ 0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0x72, 0x05, 0x10, 0x01, 0x88, 0x01, 0x01, 0x52, 0x16,
+ 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74,
+ 0x69, 0x6f, 0x6e, 0x46, 0x71, 0x6e, 0x12, 0x4b, 0x0a, 0x0e, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f,
+ 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c,
+ 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56,
+ 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x42, 0x06, 0xba, 0x48,
+ 0x03, 0xc8, 0x01, 0x01, 0x52, 0x0d, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c,
+ 0x76, 0x65, 0x72, 0x12, 0xb8, 0x01, 0x0a, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18,
+ 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x41,
+ 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x8d, 0x01, 0xba, 0x48, 0x89, 0x01, 0xba, 0x01, 0x80, 0x01,
+ 0x0a, 0x1b, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x6f, 0x72,
+ 0x5f, 0x69, 0x64, 0x5f, 0x6e, 0x6f, 0x74, 0x5f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x2f, 0x41,
+ 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x6e, 0x61, 0x6d, 0x65, 0x20, 0x6f, 0x72, 0x20, 0x49, 0x44,
+ 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x6e, 0x6f, 0x74, 0x20, 0x62, 0x65, 0x20, 0x65, 0x6d, 0x70,
+ 0x74, 0x79, 0x20, 0x69, 0x66, 0x20, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x64, 0x1a, 0x30,
+ 0x74, 0x68, 0x69, 0x73, 0x2e, 0x61, 0x6c, 0x6c, 0x28, 0x69, 0x74, 0x65, 0x6d, 0x2c, 0x20, 0x69,
+ 0x74, 0x65, 0x6d, 0x2e, 0x6e, 0x61, 0x6d, 0x65, 0x20, 0x21, 0x3d, 0x20, 0x27, 0x27, 0x20, 0x7c,
+ 0x7c, 0x20, 0x69, 0x74, 0x65, 0x6d, 0x2e, 0x69, 0x64, 0x20, 0x21, 0x3d, 0x20, 0x27, 0x27, 0x29,
+ 0x92, 0x01, 0x02, 0x08, 0x01, 0x52, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0xfe,
+ 0x01, 0x0a, 0x21, 0x65, 0x78, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x75, 0x62, 0x6a,
+ 0x65, 0x63, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65,
+ 0x74, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x42, 0xb3, 0x01, 0xba, 0x48, 0xaf,
+ 0x01, 0xba, 0x01, 0xab, 0x01, 0x0a, 0x14, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f,
+ 0x75, 0x75, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x23, 0x4f, 0x70, 0x74,
+ 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x20, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x6d, 0x75, 0x73, 0x74,
+ 0x20, 0x62, 0x65, 0x20, 0x61, 0x20, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x20, 0x55, 0x55, 0x49, 0x44,
+ 0x1a, 0x6e, 0x73, 0x69, 0x7a, 0x65, 0x28, 0x74, 0x68, 0x69, 0x73, 0x29, 0x20, 0x3d, 0x3d, 0x20,
+ 0x30, 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65,
+ 0x73, 0x28, 0x27, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x38,
+ 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d,
+ 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d,
+ 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b,
+ 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x31, 0x32, 0x7d, 0x27, 0x29,
+ 0x52, 0x1d, 0x65, 0x78, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x67, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63,
+ 0x74, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x49, 0x64, 0x12,
+ 0x6b, 0x0a, 0x19, 0x6e, 0x65, 0x77, 0x5f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x63,
+ 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x06, 0x20, 0x01,
+ 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x73, 0x75, 0x62, 0x6a,
+ 0x65, 0x63, 0x74, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65,
+ 0x63, 0x74, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x43, 0x72,
+ 0x65, 0x61, 0x74, 0x65, 0x52, 0x16, 0x6e, 0x65, 0x77, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74,
+ 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x12, 0x2b, 0x0a, 0x0c,
+ 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x07, 0x20, 0x01,
+ 0x28, 0x09, 0x42, 0x08, 0xba, 0x48, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x52, 0x0b, 0x6e, 0x61,
+ 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x49, 0x64, 0x12, 0x2f, 0x0a, 0x0d, 0x6e, 0x61, 0x6d,
+ 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x66, 0x71, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09,
+ 0x42, 0x0a, 0xba, 0x48, 0x07, 0x72, 0x05, 0x10, 0x01, 0x88, 0x01, 0x01, 0x52, 0x0c, 0x6e, 0x61,
+ 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x46, 0x71, 0x6e, 0x12, 0x33, 0x0a, 0x08, 0x6d, 0x65,
+ 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x64, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63,
+ 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4d, 0x75,
+ 0x74, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x3a,
+ 0x5b, 0xba, 0x48, 0x58, 0x22, 0x35, 0x0a, 0x17, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74,
+ 0x65, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x0a,
+ 0x18, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e,
+ 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x66, 0x71, 0x6e, 0x10, 0x01, 0x22, 0x1f, 0x0a, 0x0c, 0x6e,
+ 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x0a, 0x0d, 0x6e, 0x61, 0x6d,
+ 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x66, 0x71, 0x6e, 0x10, 0x00, 0x22, 0x74, 0x0a, 0x21,
+ 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c,
+ 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+ 0x65, 0x12, 0x4f, 0x0a, 0x15, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x5f, 0x76, 0x61, 0x6c,
+ 0x75, 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
+ 0x32, 0x1b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69,
+ 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x13, 0x64,
+ 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69,
+ 0x6e, 0x67, 0x22, 0xc6, 0x05, 0x0a, 0x20, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e,
+ 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67,
+ 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20,
+ 0x01, 0x28, 0x09, 0x42, 0x08, 0xba, 0x48, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x52, 0x02, 0x69,
+ 0x64, 0x12, 0x43, 0x0a, 0x0e, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x6c,
+ 0x76, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x70, 0x6f, 0x6c, 0x69,
+ 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52,
+ 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x52, 0x0d, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65,
+ 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x12, 0xed, 0x01, 0x0a, 0x18, 0x73, 0x75, 0x62, 0x6a, 0x65,
+ 0x63, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x74,
+ 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0xb3, 0x01, 0xba, 0x48, 0xaf, 0x01,
+ 0xba, 0x01, 0xab, 0x01, 0x0a, 0x14, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x75,
+ 0x75, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x23, 0x4f, 0x70, 0x74, 0x69,
+ 0x6f, 0x6e, 0x61, 0x6c, 0x20, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20,
+ 0x62, 0x65, 0x20, 0x61, 0x20, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x20, 0x55, 0x55, 0x49, 0x44, 0x1a,
+ 0x6e, 0x73, 0x69, 0x7a, 0x65, 0x28, 0x74, 0x68, 0x69, 0x73, 0x29, 0x20, 0x3d, 0x3d, 0x20, 0x30,
+ 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73,
+ 0x28, 0x27, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x38, 0x7d,
+ 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d,
+ 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b,
+ 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30,
+ 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x31, 0x32, 0x7d, 0x27, 0x29, 0x52,
+ 0x15, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f,
+ 0x6e, 0x53, 0x65, 0x74, 0x49, 0x64, 0x12, 0xc7, 0x01, 0x0a, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f,
+ 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63,
+ 0x79, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x9c, 0x01, 0xba, 0x48, 0x98, 0x01, 0xba,
+ 0x01, 0x94, 0x01, 0x0a, 0x1b, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65,
+ 0x5f, 0x6f, 0x72, 0x5f, 0x69, 0x64, 0x5f, 0x6e, 0x6f, 0x74, 0x5f, 0x65, 0x6d, 0x70, 0x74, 0x79,
+ 0x12, 0x2f, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x6e, 0x61, 0x6d, 0x65, 0x20, 0x6f, 0x72,
+ 0x20, 0x49, 0x44, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x6e, 0x6f, 0x74, 0x20, 0x62, 0x65, 0x20,
+ 0x65, 0x6d, 0x70, 0x74, 0x79, 0x20, 0x69, 0x66, 0x20, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65,
+ 0x64, 0x1a, 0x44, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x73, 0x69, 0x7a, 0x65, 0x28, 0x29, 0x20, 0x3d,
+ 0x3d, 0x20, 0x30, 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x61, 0x6c, 0x6c, 0x28,
+ 0x69, 0x74, 0x65, 0x6d, 0x2c, 0x20, 0x69, 0x74, 0x65, 0x6d, 0x2e, 0x6e, 0x61, 0x6d, 0x65, 0x20,
+ 0x21, 0x3d, 0x20, 0x27, 0x27, 0x20, 0x7c, 0x7c, 0x20, 0x69, 0x74, 0x65, 0x6d, 0x2e, 0x69, 0x64,
+ 0x20, 0x21, 0x3d, 0x20, 0x27, 0x27, 0x29, 0x52, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+ 0x12, 0x33, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x64, 0x20, 0x01,
+ 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61,
+ 0x64, 0x61, 0x74, 0x61, 0x4d, 0x75, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x08, 0x6d, 0x65, 0x74,
+ 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x54, 0x0a, 0x18, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74,
+ 0x61, 0x5f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f,
+ 0x72, 0x18, 0x65, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e,
+ 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x45,
+ 0x6e, 0x75, 0x6d, 0x52, 0x16, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x55, 0x70, 0x64,
+ 0x61, 0x74, 0x65, 0x42, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x22, 0x74, 0x0a, 0x21, 0x55,
+ 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75,
+ 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+ 0x12, 0x4f, 0x0a, 0x15, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x5f, 0x76, 0x61, 0x6c, 0x75,
+ 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
+ 0x1b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63,
+ 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x13, 0x64, 0x79,
+ 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e,
+ 0x67, 0x22, 0x3c, 0x0a, 0x20, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d,
+ 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65,
+ 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
+ 0x09, 0x42, 0x08, 0xba, 0x48, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x52, 0x02, 0x69, 0x64, 0x22,
+ 0x74, 0x0a, 0x21, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63,
+ 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70,
+ 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4f, 0x0a, 0x15, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x5f,
+ 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20,
+ 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e,
+ 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67,
+ 0x52, 0x13, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61,
+ 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2a, 0xb2, 0x01, 0x0a, 0x1c, 0x53, 0x6f, 0x72, 0x74, 0x44, 0x79,
+ 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e,
+ 0x67, 0x73, 0x54, 0x79, 0x70, 0x65, 0x12, 0x30, 0x0a, 0x2c, 0x53, 0x4f, 0x52, 0x54, 0x5f, 0x44,
+ 0x59, 0x4e, 0x41, 0x4d, 0x49, 0x43, 0x5f, 0x56, 0x41, 0x4c, 0x55, 0x45, 0x5f, 0x4d, 0x41, 0x50,
+ 0x50, 0x49, 0x4e, 0x47, 0x53, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45,
+ 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x2f, 0x0a, 0x2b, 0x53, 0x4f, 0x52, 0x54,
+ 0x5f, 0x44, 0x59, 0x4e, 0x41, 0x4d, 0x49, 0x43, 0x5f, 0x56, 0x41, 0x4c, 0x55, 0x45, 0x5f, 0x4d,
+ 0x41, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x53, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x43, 0x52, 0x45,
+ 0x41, 0x54, 0x45, 0x44, 0x5f, 0x41, 0x54, 0x10, 0x01, 0x12, 0x2f, 0x0a, 0x2b, 0x53, 0x4f, 0x52,
+ 0x54, 0x5f, 0x44, 0x59, 0x4e, 0x41, 0x4d, 0x49, 0x43, 0x5f, 0x56, 0x41, 0x4c, 0x55, 0x45, 0x5f,
+ 0x4d, 0x41, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x53, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x50,
+ 0x44, 0x41, 0x54, 0x45, 0x44, 0x5f, 0x41, 0x54, 0x10, 0x02, 0x32, 0xa7, 0x06, 0x0a, 0x1a, 0x44,
+ 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69,
+ 0x6e, 0x67, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x9a, 0x01, 0x0a, 0x18, 0x4c, 0x69,
+ 0x73, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61,
+ 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e,
+ 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70,
+ 0x69, 0x6e, 0x67, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56,
+ 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x65, 0x71, 0x75,
+ 0x65, 0x73, 0x74, 0x1a, 0x3c, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e,
+ 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67,
+ 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75,
+ 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+ 0x65, 0x22, 0x03, 0x90, 0x02, 0x01, 0x12, 0x94, 0x01, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x44, 0x79,
+ 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e,
+ 0x67, 0x12, 0x39, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d,
+ 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x47,
+ 0x65, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61,
+ 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3a, 0x2e, 0x70,
+ 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c,
+ 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x74, 0x44, 0x79, 0x6e,
+ 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67,
+ 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x03, 0x90, 0x02, 0x01, 0x12, 0x9a, 0x01,
+ 0x0a, 0x19, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56,
+ 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x3c, 0x2e, 0x70, 0x6f,
+ 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75,
+ 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44,
+ 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69,
+ 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3d, 0x2e, 0x70, 0x6f, 0x6c, 0x69,
+ 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d,
+ 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e,
+ 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67,
+ 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x9a, 0x01, 0x0a, 0x19, 0x55,
+ 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75,
+ 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x3c, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63,
+ 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61,
+ 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61,
+ 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52,
+ 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e,
+ 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70,
+ 0x69, 0x6e, 0x67, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69,
+ 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73,
+ 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x9a, 0x01, 0x0a, 0x19, 0x44, 0x65, 0x6c, 0x65,
+ 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61,
+ 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x3c, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64,
+ 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69,
+ 0x6e, 0x67, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63,
+ 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75,
+ 0x65, 0x73, 0x74, 0x1a, 0x3d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e,
+ 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67,
+ 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61,
+ 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+ 0x73, 0x65, 0x22, 0x00, 0x42, 0x87, 0x02, 0x0a, 0x1e, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x6f, 0x6c,
+ 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65,
+ 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x42, 0x18, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63,
+ 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x50, 0x72, 0x6f, 0x74,
+ 0x6f, 0x50, 0x01, 0x5a, 0x42, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
+ 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x64, 0x66, 0x2f, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d,
+ 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x67, 0x6f, 0x2f, 0x70, 0x6f, 0x6c,
+ 0x69, 0x63, 0x79, 0x2f, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65,
+ 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0xa2, 0x02, 0x03, 0x50, 0x44, 0x58, 0xaa, 0x02, 0x1a,
+ 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61,
+ 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0xca, 0x02, 0x1a, 0x50, 0x6f, 0x6c,
+ 0x69, 0x63, 0x79, 0x5c, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65,
+ 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0xe2, 0x02, 0x26, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
+ 0x5c, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70,
+ 0x70, 0x69, 0x6e, 0x67, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61,
+ 0xea, 0x02, 0x1b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x3a, 0x3a, 0x44, 0x79, 0x6e, 0x61, 0x6d,
+ 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x62, 0x06,
+ 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+ file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescOnce sync.Once
+ file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescData = file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDesc
+)
+
+func file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP() []byte {
+ file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescOnce.Do(func() {
+ file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescData = protoimpl.X.CompressGZIP(file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescData)
+ })
+ return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescData
+}
+
+var file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes = make([]protoimpl.MessageInfo, 11)
+var file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_goTypes = []interface{}{
+ (SortDynamicValueMappingsType)(0), // 0: policy.dynamicvaluemapping.SortDynamicValueMappingsType
+ (*GetDynamicValueMappingRequest)(nil), // 1: policy.dynamicvaluemapping.GetDynamicValueMappingRequest
+ (*GetDynamicValueMappingResponse)(nil), // 2: policy.dynamicvaluemapping.GetDynamicValueMappingResponse
+ (*DynamicValueMappingsSort)(nil), // 3: policy.dynamicvaluemapping.DynamicValueMappingsSort
+ (*ListDynamicValueMappingsRequest)(nil), // 4: policy.dynamicvaluemapping.ListDynamicValueMappingsRequest
+ (*ListDynamicValueMappingsResponse)(nil), // 5: policy.dynamicvaluemapping.ListDynamicValueMappingsResponse
+ (*CreateDynamicValueMappingRequest)(nil), // 6: policy.dynamicvaluemapping.CreateDynamicValueMappingRequest
+ (*CreateDynamicValueMappingResponse)(nil), // 7: policy.dynamicvaluemapping.CreateDynamicValueMappingResponse
+ (*UpdateDynamicValueMappingRequest)(nil), // 8: policy.dynamicvaluemapping.UpdateDynamicValueMappingRequest
+ (*UpdateDynamicValueMappingResponse)(nil), // 9: policy.dynamicvaluemapping.UpdateDynamicValueMappingResponse
+ (*DeleteDynamicValueMappingRequest)(nil), // 10: policy.dynamicvaluemapping.DeleteDynamicValueMappingRequest
+ (*DeleteDynamicValueMappingResponse)(nil), // 11: policy.dynamicvaluemapping.DeleteDynamicValueMappingResponse
+ (*policy.DynamicValueMapping)(nil), // 12: policy.DynamicValueMapping
+ (policy.SortDirection)(0), // 13: policy.SortDirection
+ (*policy.PageRequest)(nil), // 14: policy.PageRequest
+ (*policy.PageResponse)(nil), // 15: policy.PageResponse
+ (*policy.DynamicValueResolver)(nil), // 16: policy.DynamicValueResolver
+ (*policy.Action)(nil), // 17: policy.Action
+ (*subjectmapping.SubjectConditionSetCreate)(nil), // 18: policy.subjectmapping.SubjectConditionSetCreate
+ (*common.MetadataMutable)(nil), // 19: common.MetadataMutable
+ (common.MetadataUpdateEnum)(0), // 20: common.MetadataUpdateEnum
+}
+var file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_depIdxs = []int32{
+ 12, // 0: policy.dynamicvaluemapping.GetDynamicValueMappingResponse.dynamic_value_mapping:type_name -> policy.DynamicValueMapping
+ 0, // 1: policy.dynamicvaluemapping.DynamicValueMappingsSort.field:type_name -> policy.dynamicvaluemapping.SortDynamicValueMappingsType
+ 13, // 2: policy.dynamicvaluemapping.DynamicValueMappingsSort.direction:type_name -> policy.SortDirection
+ 14, // 3: policy.dynamicvaluemapping.ListDynamicValueMappingsRequest.pagination:type_name -> policy.PageRequest
+ 3, // 4: policy.dynamicvaluemapping.ListDynamicValueMappingsRequest.sort:type_name -> policy.dynamicvaluemapping.DynamicValueMappingsSort
+ 12, // 5: policy.dynamicvaluemapping.ListDynamicValueMappingsResponse.dynamic_value_mappings:type_name -> policy.DynamicValueMapping
+ 15, // 6: policy.dynamicvaluemapping.ListDynamicValueMappingsResponse.pagination:type_name -> policy.PageResponse
+ 16, // 7: policy.dynamicvaluemapping.CreateDynamicValueMappingRequest.value_resolver:type_name -> policy.DynamicValueResolver
+ 17, // 8: policy.dynamicvaluemapping.CreateDynamicValueMappingRequest.actions:type_name -> policy.Action
+ 18, // 9: policy.dynamicvaluemapping.CreateDynamicValueMappingRequest.new_subject_condition_set:type_name -> policy.subjectmapping.SubjectConditionSetCreate
+ 19, // 10: policy.dynamicvaluemapping.CreateDynamicValueMappingRequest.metadata:type_name -> common.MetadataMutable
+ 12, // 11: policy.dynamicvaluemapping.CreateDynamicValueMappingResponse.dynamic_value_mapping:type_name -> policy.DynamicValueMapping
+ 16, // 12: policy.dynamicvaluemapping.UpdateDynamicValueMappingRequest.value_resolver:type_name -> policy.DynamicValueResolver
+ 17, // 13: policy.dynamicvaluemapping.UpdateDynamicValueMappingRequest.actions:type_name -> policy.Action
+ 19, // 14: policy.dynamicvaluemapping.UpdateDynamicValueMappingRequest.metadata:type_name -> common.MetadataMutable
+ 20, // 15: policy.dynamicvaluemapping.UpdateDynamicValueMappingRequest.metadata_update_behavior:type_name -> common.MetadataUpdateEnum
+ 12, // 16: policy.dynamicvaluemapping.UpdateDynamicValueMappingResponse.dynamic_value_mapping:type_name -> policy.DynamicValueMapping
+ 12, // 17: policy.dynamicvaluemapping.DeleteDynamicValueMappingResponse.dynamic_value_mapping:type_name -> policy.DynamicValueMapping
+ 4, // 18: policy.dynamicvaluemapping.DynamicValueMappingService.ListDynamicValueMappings:input_type -> policy.dynamicvaluemapping.ListDynamicValueMappingsRequest
+ 1, // 19: policy.dynamicvaluemapping.DynamicValueMappingService.GetDynamicValueMapping:input_type -> policy.dynamicvaluemapping.GetDynamicValueMappingRequest
+ 6, // 20: policy.dynamicvaluemapping.DynamicValueMappingService.CreateDynamicValueMapping:input_type -> policy.dynamicvaluemapping.CreateDynamicValueMappingRequest
+ 8, // 21: policy.dynamicvaluemapping.DynamicValueMappingService.UpdateDynamicValueMapping:input_type -> policy.dynamicvaluemapping.UpdateDynamicValueMappingRequest
+ 10, // 22: policy.dynamicvaluemapping.DynamicValueMappingService.DeleteDynamicValueMapping:input_type -> policy.dynamicvaluemapping.DeleteDynamicValueMappingRequest
+ 5, // 23: policy.dynamicvaluemapping.DynamicValueMappingService.ListDynamicValueMappings:output_type -> policy.dynamicvaluemapping.ListDynamicValueMappingsResponse
+ 2, // 24: policy.dynamicvaluemapping.DynamicValueMappingService.GetDynamicValueMapping:output_type -> policy.dynamicvaluemapping.GetDynamicValueMappingResponse
+ 7, // 25: policy.dynamicvaluemapping.DynamicValueMappingService.CreateDynamicValueMapping:output_type -> policy.dynamicvaluemapping.CreateDynamicValueMappingResponse
+ 9, // 26: policy.dynamicvaluemapping.DynamicValueMappingService.UpdateDynamicValueMapping:output_type -> policy.dynamicvaluemapping.UpdateDynamicValueMappingResponse
+ 11, // 27: policy.dynamicvaluemapping.DynamicValueMappingService.DeleteDynamicValueMapping:output_type -> policy.dynamicvaluemapping.DeleteDynamicValueMappingResponse
+ 23, // [23:28] is the sub-list for method output_type
+ 18, // [18:23] is the sub-list for method input_type
+ 18, // [18:18] is the sub-list for extension type_name
+ 18, // [18:18] is the sub-list for extension extendee
+ 0, // [0:18] is the sub-list for field type_name
+}
+
+func init() { file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_init() }
+func file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_init() {
+ if File_policy_dynamicvaluemapping_dynamic_value_mapping_proto != nil {
+ return
+ }
+ if !protoimpl.UnsafeEnabled {
+ file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*GetDynamicValueMappingRequest); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*GetDynamicValueMappingResponse); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*DynamicValueMappingsSort); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*ListDynamicValueMappingsRequest); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*ListDynamicValueMappingsResponse); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*CreateDynamicValueMappingRequest); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*CreateDynamicValueMappingResponse); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*UpdateDynamicValueMappingRequest); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*UpdateDynamicValueMappingResponse); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*DeleteDynamicValueMappingRequest); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*DeleteDynamicValueMappingResponse); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ }
+ type x struct{}
+ out := protoimpl.TypeBuilder{
+ File: protoimpl.DescBuilder{
+ GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+ RawDescriptor: file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDesc,
+ NumEnums: 1,
+ NumMessages: 11,
+ NumExtensions: 0,
+ NumServices: 1,
+ },
+ GoTypes: file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_goTypes,
+ DependencyIndexes: file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_depIdxs,
+ EnumInfos: file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_enumTypes,
+ MessageInfos: file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes,
+ }.Build()
+ File_policy_dynamicvaluemapping_dynamic_value_mapping_proto = out.File
+ file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDesc = nil
+ file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_goTypes = nil
+ file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_depIdxs = nil
+}
diff --git a/protocol/go/policy/dynamicvaluemapping/dynamic_value_mapping_grpc.pb.go b/protocol/go/policy/dynamicvaluemapping/dynamic_value_mapping_grpc.pb.go
new file mode 100644
index 0000000000..513595f0ef
--- /dev/null
+++ b/protocol/go/policy/dynamicvaluemapping/dynamic_value_mapping_grpc.pb.go
@@ -0,0 +1,258 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.3.0
+// - protoc (unknown)
+// source: policy/dynamicvaluemapping/dynamic_value_mapping.proto
+
+package dynamicvaluemapping
+
+import (
+ context "context"
+ grpc "google.golang.org/grpc"
+ codes "google.golang.org/grpc/codes"
+ status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.32.0 or later.
+const _ = grpc.SupportPackageIsVersion7
+
+const (
+ DynamicValueMappingService_ListDynamicValueMappings_FullMethodName = "/policy.dynamicvaluemapping.DynamicValueMappingService/ListDynamicValueMappings"
+ DynamicValueMappingService_GetDynamicValueMapping_FullMethodName = "/policy.dynamicvaluemapping.DynamicValueMappingService/GetDynamicValueMapping"
+ DynamicValueMappingService_CreateDynamicValueMapping_FullMethodName = "/policy.dynamicvaluemapping.DynamicValueMappingService/CreateDynamicValueMapping"
+ DynamicValueMappingService_UpdateDynamicValueMapping_FullMethodName = "/policy.dynamicvaluemapping.DynamicValueMappingService/UpdateDynamicValueMapping"
+ DynamicValueMappingService_DeleteDynamicValueMapping_FullMethodName = "/policy.dynamicvaluemapping.DynamicValueMappingService/DeleteDynamicValueMapping"
+)
+
+// DynamicValueMappingServiceClient is the client API for DynamicValueMappingService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type DynamicValueMappingServiceClient interface {
+ ListDynamicValueMappings(ctx context.Context, in *ListDynamicValueMappingsRequest, opts ...grpc.CallOption) (*ListDynamicValueMappingsResponse, error)
+ GetDynamicValueMapping(ctx context.Context, in *GetDynamicValueMappingRequest, opts ...grpc.CallOption) (*GetDynamicValueMappingResponse, error)
+ CreateDynamicValueMapping(ctx context.Context, in *CreateDynamicValueMappingRequest, opts ...grpc.CallOption) (*CreateDynamicValueMappingResponse, error)
+ UpdateDynamicValueMapping(ctx context.Context, in *UpdateDynamicValueMappingRequest, opts ...grpc.CallOption) (*UpdateDynamicValueMappingResponse, error)
+ DeleteDynamicValueMapping(ctx context.Context, in *DeleteDynamicValueMappingRequest, opts ...grpc.CallOption) (*DeleteDynamicValueMappingResponse, error)
+}
+
+type dynamicValueMappingServiceClient struct {
+ cc grpc.ClientConnInterface
+}
+
+func NewDynamicValueMappingServiceClient(cc grpc.ClientConnInterface) DynamicValueMappingServiceClient {
+ return &dynamicValueMappingServiceClient{cc}
+}
+
+func (c *dynamicValueMappingServiceClient) ListDynamicValueMappings(ctx context.Context, in *ListDynamicValueMappingsRequest, opts ...grpc.CallOption) (*ListDynamicValueMappingsResponse, error) {
+ out := new(ListDynamicValueMappingsResponse)
+ err := c.cc.Invoke(ctx, DynamicValueMappingService_ListDynamicValueMappings_FullMethodName, in, out, opts...)
+ if err != nil {
+ return nil, err
+ }
+ return out, nil
+}
+
+func (c *dynamicValueMappingServiceClient) GetDynamicValueMapping(ctx context.Context, in *GetDynamicValueMappingRequest, opts ...grpc.CallOption) (*GetDynamicValueMappingResponse, error) {
+ out := new(GetDynamicValueMappingResponse)
+ err := c.cc.Invoke(ctx, DynamicValueMappingService_GetDynamicValueMapping_FullMethodName, in, out, opts...)
+ if err != nil {
+ return nil, err
+ }
+ return out, nil
+}
+
+func (c *dynamicValueMappingServiceClient) CreateDynamicValueMapping(ctx context.Context, in *CreateDynamicValueMappingRequest, opts ...grpc.CallOption) (*CreateDynamicValueMappingResponse, error) {
+ out := new(CreateDynamicValueMappingResponse)
+ err := c.cc.Invoke(ctx, DynamicValueMappingService_CreateDynamicValueMapping_FullMethodName, in, out, opts...)
+ if err != nil {
+ return nil, err
+ }
+ return out, nil
+}
+
+func (c *dynamicValueMappingServiceClient) UpdateDynamicValueMapping(ctx context.Context, in *UpdateDynamicValueMappingRequest, opts ...grpc.CallOption) (*UpdateDynamicValueMappingResponse, error) {
+ out := new(UpdateDynamicValueMappingResponse)
+ err := c.cc.Invoke(ctx, DynamicValueMappingService_UpdateDynamicValueMapping_FullMethodName, in, out, opts...)
+ if err != nil {
+ return nil, err
+ }
+ return out, nil
+}
+
+func (c *dynamicValueMappingServiceClient) DeleteDynamicValueMapping(ctx context.Context, in *DeleteDynamicValueMappingRequest, opts ...grpc.CallOption) (*DeleteDynamicValueMappingResponse, error) {
+ out := new(DeleteDynamicValueMappingResponse)
+ err := c.cc.Invoke(ctx, DynamicValueMappingService_DeleteDynamicValueMapping_FullMethodName, in, out, opts...)
+ if err != nil {
+ return nil, err
+ }
+ return out, nil
+}
+
+// DynamicValueMappingServiceServer is the server API for DynamicValueMappingService service.
+// All implementations must embed UnimplementedDynamicValueMappingServiceServer
+// for forward compatibility
+type DynamicValueMappingServiceServer interface {
+ ListDynamicValueMappings(context.Context, *ListDynamicValueMappingsRequest) (*ListDynamicValueMappingsResponse, error)
+ GetDynamicValueMapping(context.Context, *GetDynamicValueMappingRequest) (*GetDynamicValueMappingResponse, error)
+ CreateDynamicValueMapping(context.Context, *CreateDynamicValueMappingRequest) (*CreateDynamicValueMappingResponse, error)
+ UpdateDynamicValueMapping(context.Context, *UpdateDynamicValueMappingRequest) (*UpdateDynamicValueMappingResponse, error)
+ DeleteDynamicValueMapping(context.Context, *DeleteDynamicValueMappingRequest) (*DeleteDynamicValueMappingResponse, error)
+ mustEmbedUnimplementedDynamicValueMappingServiceServer()
+}
+
+// UnimplementedDynamicValueMappingServiceServer must be embedded to have forward compatible implementations.
+type UnimplementedDynamicValueMappingServiceServer struct {
+}
+
+func (UnimplementedDynamicValueMappingServiceServer) ListDynamicValueMappings(context.Context, *ListDynamicValueMappingsRequest) (*ListDynamicValueMappingsResponse, error) {
+ return nil, status.Errorf(codes.Unimplemented, "method ListDynamicValueMappings not implemented")
+}
+func (UnimplementedDynamicValueMappingServiceServer) GetDynamicValueMapping(context.Context, *GetDynamicValueMappingRequest) (*GetDynamicValueMappingResponse, error) {
+ return nil, status.Errorf(codes.Unimplemented, "method GetDynamicValueMapping not implemented")
+}
+func (UnimplementedDynamicValueMappingServiceServer) CreateDynamicValueMapping(context.Context, *CreateDynamicValueMappingRequest) (*CreateDynamicValueMappingResponse, error) {
+ return nil, status.Errorf(codes.Unimplemented, "method CreateDynamicValueMapping not implemented")
+}
+func (UnimplementedDynamicValueMappingServiceServer) UpdateDynamicValueMapping(context.Context, *UpdateDynamicValueMappingRequest) (*UpdateDynamicValueMappingResponse, error) {
+ return nil, status.Errorf(codes.Unimplemented, "method UpdateDynamicValueMapping not implemented")
+}
+func (UnimplementedDynamicValueMappingServiceServer) DeleteDynamicValueMapping(context.Context, *DeleteDynamicValueMappingRequest) (*DeleteDynamicValueMappingResponse, error) {
+ return nil, status.Errorf(codes.Unimplemented, "method DeleteDynamicValueMapping not implemented")
+}
+func (UnimplementedDynamicValueMappingServiceServer) mustEmbedUnimplementedDynamicValueMappingServiceServer() {
+}
+
+// UnsafeDynamicValueMappingServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to DynamicValueMappingServiceServer will
+// result in compilation errors.
+type UnsafeDynamicValueMappingServiceServer interface {
+ mustEmbedUnimplementedDynamicValueMappingServiceServer()
+}
+
+func RegisterDynamicValueMappingServiceServer(s grpc.ServiceRegistrar, srv DynamicValueMappingServiceServer) {
+ s.RegisterService(&DynamicValueMappingService_ServiceDesc, srv)
+}
+
+func _DynamicValueMappingService_ListDynamicValueMappings_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+ in := new(ListDynamicValueMappingsRequest)
+ if err := dec(in); err != nil {
+ return nil, err
+ }
+ if interceptor == nil {
+ return srv.(DynamicValueMappingServiceServer).ListDynamicValueMappings(ctx, in)
+ }
+ info := &grpc.UnaryServerInfo{
+ Server: srv,
+ FullMethod: DynamicValueMappingService_ListDynamicValueMappings_FullMethodName,
+ }
+ handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+ return srv.(DynamicValueMappingServiceServer).ListDynamicValueMappings(ctx, req.(*ListDynamicValueMappingsRequest))
+ }
+ return interceptor(ctx, in, info, handler)
+}
+
+func _DynamicValueMappingService_GetDynamicValueMapping_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+ in := new(GetDynamicValueMappingRequest)
+ if err := dec(in); err != nil {
+ return nil, err
+ }
+ if interceptor == nil {
+ return srv.(DynamicValueMappingServiceServer).GetDynamicValueMapping(ctx, in)
+ }
+ info := &grpc.UnaryServerInfo{
+ Server: srv,
+ FullMethod: DynamicValueMappingService_GetDynamicValueMapping_FullMethodName,
+ }
+ handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+ return srv.(DynamicValueMappingServiceServer).GetDynamicValueMapping(ctx, req.(*GetDynamicValueMappingRequest))
+ }
+ return interceptor(ctx, in, info, handler)
+}
+
+func _DynamicValueMappingService_CreateDynamicValueMapping_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+ in := new(CreateDynamicValueMappingRequest)
+ if err := dec(in); err != nil {
+ return nil, err
+ }
+ if interceptor == nil {
+ return srv.(DynamicValueMappingServiceServer).CreateDynamicValueMapping(ctx, in)
+ }
+ info := &grpc.UnaryServerInfo{
+ Server: srv,
+ FullMethod: DynamicValueMappingService_CreateDynamicValueMapping_FullMethodName,
+ }
+ handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+ return srv.(DynamicValueMappingServiceServer).CreateDynamicValueMapping(ctx, req.(*CreateDynamicValueMappingRequest))
+ }
+ return interceptor(ctx, in, info, handler)
+}
+
+func _DynamicValueMappingService_UpdateDynamicValueMapping_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+ in := new(UpdateDynamicValueMappingRequest)
+ if err := dec(in); err != nil {
+ return nil, err
+ }
+ if interceptor == nil {
+ return srv.(DynamicValueMappingServiceServer).UpdateDynamicValueMapping(ctx, in)
+ }
+ info := &grpc.UnaryServerInfo{
+ Server: srv,
+ FullMethod: DynamicValueMappingService_UpdateDynamicValueMapping_FullMethodName,
+ }
+ handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+ return srv.(DynamicValueMappingServiceServer).UpdateDynamicValueMapping(ctx, req.(*UpdateDynamicValueMappingRequest))
+ }
+ return interceptor(ctx, in, info, handler)
+}
+
+func _DynamicValueMappingService_DeleteDynamicValueMapping_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+ in := new(DeleteDynamicValueMappingRequest)
+ if err := dec(in); err != nil {
+ return nil, err
+ }
+ if interceptor == nil {
+ return srv.(DynamicValueMappingServiceServer).DeleteDynamicValueMapping(ctx, in)
+ }
+ info := &grpc.UnaryServerInfo{
+ Server: srv,
+ FullMethod: DynamicValueMappingService_DeleteDynamicValueMapping_FullMethodName,
+ }
+ handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+ return srv.(DynamicValueMappingServiceServer).DeleteDynamicValueMapping(ctx, req.(*DeleteDynamicValueMappingRequest))
+ }
+ return interceptor(ctx, in, info, handler)
+}
+
+// DynamicValueMappingService_ServiceDesc is the grpc.ServiceDesc for DynamicValueMappingService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var DynamicValueMappingService_ServiceDesc = grpc.ServiceDesc{
+ ServiceName: "policy.dynamicvaluemapping.DynamicValueMappingService",
+ HandlerType: (*DynamicValueMappingServiceServer)(nil),
+ Methods: []grpc.MethodDesc{
+ {
+ MethodName: "ListDynamicValueMappings",
+ Handler: _DynamicValueMappingService_ListDynamicValueMappings_Handler,
+ },
+ {
+ MethodName: "GetDynamicValueMapping",
+ Handler: _DynamicValueMappingService_GetDynamicValueMapping_Handler,
+ },
+ {
+ MethodName: "CreateDynamicValueMapping",
+ Handler: _DynamicValueMappingService_CreateDynamicValueMapping_Handler,
+ },
+ {
+ MethodName: "UpdateDynamicValueMapping",
+ Handler: _DynamicValueMappingService_UpdateDynamicValueMapping_Handler,
+ },
+ {
+ MethodName: "DeleteDynamicValueMapping",
+ Handler: _DynamicValueMappingService_DeleteDynamicValueMapping_Handler,
+ },
+ },
+ Streams: []grpc.StreamDesc{},
+ Metadata: "policy/dynamicvaluemapping/dynamic_value_mapping.proto",
+}
diff --git a/protocol/go/policy/dynamicvaluemapping/dynamicvaluemappingconnect/dynamic_value_mapping.connect.go b/protocol/go/policy/dynamicvaluemapping/dynamicvaluemappingconnect/dynamic_value_mapping.connect.go
new file mode 100644
index 0000000000..dfe90334f5
--- /dev/null
+++ b/protocol/go/policy/dynamicvaluemapping/dynamicvaluemappingconnect/dynamic_value_mapping.connect.go
@@ -0,0 +1,238 @@
+// Code generated by protoc-gen-connect-go. DO NOT EDIT.
+//
+// Source: policy/dynamicvaluemapping/dynamic_value_mapping.proto
+
+package dynamicvaluemappingconnect
+
+import (
+ connect "connectrpc.com/connect"
+ context "context"
+ errors "errors"
+ dynamicvaluemapping "github.com/opentdf/platform/protocol/go/policy/dynamicvaluemapping"
+ http "net/http"
+ strings "strings"
+)
+
+// This is a compile-time assertion to ensure that this generated file and the connect package are
+// compatible. If you get a compiler error that this constant is not defined, this code was
+// generated with a version of connect newer than the one compiled into your binary. You can fix the
+// problem by either regenerating this code with an older version of connect or updating the connect
+// version compiled into your binary.
+const _ = connect.IsAtLeastVersion1_13_0
+
+const (
+ // DynamicValueMappingServiceName is the fully-qualified name of the DynamicValueMappingService
+ // service.
+ DynamicValueMappingServiceName = "policy.dynamicvaluemapping.DynamicValueMappingService"
+)
+
+// These constants are the fully-qualified names of the RPCs defined in this package. They're
+// exposed at runtime as Spec.Procedure and as the final two segments of the HTTP route.
+//
+// Note that these are different from the fully-qualified method names used by
+// google.golang.org/protobuf/reflect/protoreflect. To convert from these constants to
+// reflection-formatted method names, remove the leading slash and convert the remaining slash to a
+// period.
+const (
+ // DynamicValueMappingServiceListDynamicValueMappingsProcedure is the fully-qualified name of the
+ // DynamicValueMappingService's ListDynamicValueMappings RPC.
+ DynamicValueMappingServiceListDynamicValueMappingsProcedure = "/policy.dynamicvaluemapping.DynamicValueMappingService/ListDynamicValueMappings"
+ // DynamicValueMappingServiceGetDynamicValueMappingProcedure is the fully-qualified name of the
+ // DynamicValueMappingService's GetDynamicValueMapping RPC.
+ DynamicValueMappingServiceGetDynamicValueMappingProcedure = "/policy.dynamicvaluemapping.DynamicValueMappingService/GetDynamicValueMapping"
+ // DynamicValueMappingServiceCreateDynamicValueMappingProcedure is the fully-qualified name of the
+ // DynamicValueMappingService's CreateDynamicValueMapping RPC.
+ DynamicValueMappingServiceCreateDynamicValueMappingProcedure = "/policy.dynamicvaluemapping.DynamicValueMappingService/CreateDynamicValueMapping"
+ // DynamicValueMappingServiceUpdateDynamicValueMappingProcedure is the fully-qualified name of the
+ // DynamicValueMappingService's UpdateDynamicValueMapping RPC.
+ DynamicValueMappingServiceUpdateDynamicValueMappingProcedure = "/policy.dynamicvaluemapping.DynamicValueMappingService/UpdateDynamicValueMapping"
+ // DynamicValueMappingServiceDeleteDynamicValueMappingProcedure is the fully-qualified name of the
+ // DynamicValueMappingService's DeleteDynamicValueMapping RPC.
+ DynamicValueMappingServiceDeleteDynamicValueMappingProcedure = "/policy.dynamicvaluemapping.DynamicValueMappingService/DeleteDynamicValueMapping"
+)
+
+// DynamicValueMappingServiceClient is a client for the
+// policy.dynamicvaluemapping.DynamicValueMappingService service.
+type DynamicValueMappingServiceClient interface {
+ ListDynamicValueMappings(context.Context, *connect.Request[dynamicvaluemapping.ListDynamicValueMappingsRequest]) (*connect.Response[dynamicvaluemapping.ListDynamicValueMappingsResponse], error)
+ GetDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.GetDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.GetDynamicValueMappingResponse], error)
+ CreateDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.CreateDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.CreateDynamicValueMappingResponse], error)
+ UpdateDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.UpdateDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.UpdateDynamicValueMappingResponse], error)
+ DeleteDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.DeleteDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.DeleteDynamicValueMappingResponse], error)
+}
+
+// NewDynamicValueMappingServiceClient constructs a client for the
+// policy.dynamicvaluemapping.DynamicValueMappingService service. By default, it uses the Connect
+// protocol with the binary Protobuf Codec, asks for gzipped responses, and sends uncompressed
+// requests. To use the gRPC or gRPC-Web protocols, supply the connect.WithGRPC() or
+// connect.WithGRPCWeb() options.
+//
+// The URL supplied here should be the base URL for the Connect or gRPC server (for example,
+// http://api.acme.com or https://acme.com/grpc).
+func NewDynamicValueMappingServiceClient(httpClient connect.HTTPClient, baseURL string, opts ...connect.ClientOption) DynamicValueMappingServiceClient {
+ baseURL = strings.TrimRight(baseURL, "/")
+ dynamicValueMappingServiceMethods := dynamicvaluemapping.File_policy_dynamicvaluemapping_dynamic_value_mapping_proto.Services().ByName("DynamicValueMappingService").Methods()
+ return &dynamicValueMappingServiceClient{
+ listDynamicValueMappings: connect.NewClient[dynamicvaluemapping.ListDynamicValueMappingsRequest, dynamicvaluemapping.ListDynamicValueMappingsResponse](
+ httpClient,
+ baseURL+DynamicValueMappingServiceListDynamicValueMappingsProcedure,
+ connect.WithSchema(dynamicValueMappingServiceMethods.ByName("ListDynamicValueMappings")),
+ connect.WithIdempotency(connect.IdempotencyNoSideEffects),
+ connect.WithClientOptions(opts...),
+ ),
+ getDynamicValueMapping: connect.NewClient[dynamicvaluemapping.GetDynamicValueMappingRequest, dynamicvaluemapping.GetDynamicValueMappingResponse](
+ httpClient,
+ baseURL+DynamicValueMappingServiceGetDynamicValueMappingProcedure,
+ connect.WithSchema(dynamicValueMappingServiceMethods.ByName("GetDynamicValueMapping")),
+ connect.WithIdempotency(connect.IdempotencyNoSideEffects),
+ connect.WithClientOptions(opts...),
+ ),
+ createDynamicValueMapping: connect.NewClient[dynamicvaluemapping.CreateDynamicValueMappingRequest, dynamicvaluemapping.CreateDynamicValueMappingResponse](
+ httpClient,
+ baseURL+DynamicValueMappingServiceCreateDynamicValueMappingProcedure,
+ connect.WithSchema(dynamicValueMappingServiceMethods.ByName("CreateDynamicValueMapping")),
+ connect.WithClientOptions(opts...),
+ ),
+ updateDynamicValueMapping: connect.NewClient[dynamicvaluemapping.UpdateDynamicValueMappingRequest, dynamicvaluemapping.UpdateDynamicValueMappingResponse](
+ httpClient,
+ baseURL+DynamicValueMappingServiceUpdateDynamicValueMappingProcedure,
+ connect.WithSchema(dynamicValueMappingServiceMethods.ByName("UpdateDynamicValueMapping")),
+ connect.WithClientOptions(opts...),
+ ),
+ deleteDynamicValueMapping: connect.NewClient[dynamicvaluemapping.DeleteDynamicValueMappingRequest, dynamicvaluemapping.DeleteDynamicValueMappingResponse](
+ httpClient,
+ baseURL+DynamicValueMappingServiceDeleteDynamicValueMappingProcedure,
+ connect.WithSchema(dynamicValueMappingServiceMethods.ByName("DeleteDynamicValueMapping")),
+ connect.WithClientOptions(opts...),
+ ),
+ }
+}
+
+// dynamicValueMappingServiceClient implements DynamicValueMappingServiceClient.
+type dynamicValueMappingServiceClient struct {
+ listDynamicValueMappings *connect.Client[dynamicvaluemapping.ListDynamicValueMappingsRequest, dynamicvaluemapping.ListDynamicValueMappingsResponse]
+ getDynamicValueMapping *connect.Client[dynamicvaluemapping.GetDynamicValueMappingRequest, dynamicvaluemapping.GetDynamicValueMappingResponse]
+ createDynamicValueMapping *connect.Client[dynamicvaluemapping.CreateDynamicValueMappingRequest, dynamicvaluemapping.CreateDynamicValueMappingResponse]
+ updateDynamicValueMapping *connect.Client[dynamicvaluemapping.UpdateDynamicValueMappingRequest, dynamicvaluemapping.UpdateDynamicValueMappingResponse]
+ deleteDynamicValueMapping *connect.Client[dynamicvaluemapping.DeleteDynamicValueMappingRequest, dynamicvaluemapping.DeleteDynamicValueMappingResponse]
+}
+
+// ListDynamicValueMappings calls
+// policy.dynamicvaluemapping.DynamicValueMappingService.ListDynamicValueMappings.
+func (c *dynamicValueMappingServiceClient) ListDynamicValueMappings(ctx context.Context, req *connect.Request[dynamicvaluemapping.ListDynamicValueMappingsRequest]) (*connect.Response[dynamicvaluemapping.ListDynamicValueMappingsResponse], error) {
+ return c.listDynamicValueMappings.CallUnary(ctx, req)
+}
+
+// GetDynamicValueMapping calls
+// policy.dynamicvaluemapping.DynamicValueMappingService.GetDynamicValueMapping.
+func (c *dynamicValueMappingServiceClient) GetDynamicValueMapping(ctx context.Context, req *connect.Request[dynamicvaluemapping.GetDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.GetDynamicValueMappingResponse], error) {
+ return c.getDynamicValueMapping.CallUnary(ctx, req)
+}
+
+// CreateDynamicValueMapping calls
+// policy.dynamicvaluemapping.DynamicValueMappingService.CreateDynamicValueMapping.
+func (c *dynamicValueMappingServiceClient) CreateDynamicValueMapping(ctx context.Context, req *connect.Request[dynamicvaluemapping.CreateDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.CreateDynamicValueMappingResponse], error) {
+ return c.createDynamicValueMapping.CallUnary(ctx, req)
+}
+
+// UpdateDynamicValueMapping calls
+// policy.dynamicvaluemapping.DynamicValueMappingService.UpdateDynamicValueMapping.
+func (c *dynamicValueMappingServiceClient) UpdateDynamicValueMapping(ctx context.Context, req *connect.Request[dynamicvaluemapping.UpdateDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.UpdateDynamicValueMappingResponse], error) {
+ return c.updateDynamicValueMapping.CallUnary(ctx, req)
+}
+
+// DeleteDynamicValueMapping calls
+// policy.dynamicvaluemapping.DynamicValueMappingService.DeleteDynamicValueMapping.
+func (c *dynamicValueMappingServiceClient) DeleteDynamicValueMapping(ctx context.Context, req *connect.Request[dynamicvaluemapping.DeleteDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.DeleteDynamicValueMappingResponse], error) {
+ return c.deleteDynamicValueMapping.CallUnary(ctx, req)
+}
+
+// DynamicValueMappingServiceHandler is an implementation of the
+// policy.dynamicvaluemapping.DynamicValueMappingService service.
+type DynamicValueMappingServiceHandler interface {
+ ListDynamicValueMappings(context.Context, *connect.Request[dynamicvaluemapping.ListDynamicValueMappingsRequest]) (*connect.Response[dynamicvaluemapping.ListDynamicValueMappingsResponse], error)
+ GetDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.GetDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.GetDynamicValueMappingResponse], error)
+ CreateDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.CreateDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.CreateDynamicValueMappingResponse], error)
+ UpdateDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.UpdateDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.UpdateDynamicValueMappingResponse], error)
+ DeleteDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.DeleteDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.DeleteDynamicValueMappingResponse], error)
+}
+
+// NewDynamicValueMappingServiceHandler builds an HTTP handler from the service implementation. It
+// returns the path on which to mount the handler and the handler itself.
+//
+// By default, handlers support the Connect, gRPC, and gRPC-Web protocols with the binary Protobuf
+// and JSON codecs. They also support gzip compression.
+func NewDynamicValueMappingServiceHandler(svc DynamicValueMappingServiceHandler, opts ...connect.HandlerOption) (string, http.Handler) {
+ dynamicValueMappingServiceMethods := dynamicvaluemapping.File_policy_dynamicvaluemapping_dynamic_value_mapping_proto.Services().ByName("DynamicValueMappingService").Methods()
+ dynamicValueMappingServiceListDynamicValueMappingsHandler := connect.NewUnaryHandler(
+ DynamicValueMappingServiceListDynamicValueMappingsProcedure,
+ svc.ListDynamicValueMappings,
+ connect.WithSchema(dynamicValueMappingServiceMethods.ByName("ListDynamicValueMappings")),
+ connect.WithIdempotency(connect.IdempotencyNoSideEffects),
+ connect.WithHandlerOptions(opts...),
+ )
+ dynamicValueMappingServiceGetDynamicValueMappingHandler := connect.NewUnaryHandler(
+ DynamicValueMappingServiceGetDynamicValueMappingProcedure,
+ svc.GetDynamicValueMapping,
+ connect.WithSchema(dynamicValueMappingServiceMethods.ByName("GetDynamicValueMapping")),
+ connect.WithIdempotency(connect.IdempotencyNoSideEffects),
+ connect.WithHandlerOptions(opts...),
+ )
+ dynamicValueMappingServiceCreateDynamicValueMappingHandler := connect.NewUnaryHandler(
+ DynamicValueMappingServiceCreateDynamicValueMappingProcedure,
+ svc.CreateDynamicValueMapping,
+ connect.WithSchema(dynamicValueMappingServiceMethods.ByName("CreateDynamicValueMapping")),
+ connect.WithHandlerOptions(opts...),
+ )
+ dynamicValueMappingServiceUpdateDynamicValueMappingHandler := connect.NewUnaryHandler(
+ DynamicValueMappingServiceUpdateDynamicValueMappingProcedure,
+ svc.UpdateDynamicValueMapping,
+ connect.WithSchema(dynamicValueMappingServiceMethods.ByName("UpdateDynamicValueMapping")),
+ connect.WithHandlerOptions(opts...),
+ )
+ dynamicValueMappingServiceDeleteDynamicValueMappingHandler := connect.NewUnaryHandler(
+ DynamicValueMappingServiceDeleteDynamicValueMappingProcedure,
+ svc.DeleteDynamicValueMapping,
+ connect.WithSchema(dynamicValueMappingServiceMethods.ByName("DeleteDynamicValueMapping")),
+ connect.WithHandlerOptions(opts...),
+ )
+ return "/policy.dynamicvaluemapping.DynamicValueMappingService/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ switch r.URL.Path {
+ case DynamicValueMappingServiceListDynamicValueMappingsProcedure:
+ dynamicValueMappingServiceListDynamicValueMappingsHandler.ServeHTTP(w, r)
+ case DynamicValueMappingServiceGetDynamicValueMappingProcedure:
+ dynamicValueMappingServiceGetDynamicValueMappingHandler.ServeHTTP(w, r)
+ case DynamicValueMappingServiceCreateDynamicValueMappingProcedure:
+ dynamicValueMappingServiceCreateDynamicValueMappingHandler.ServeHTTP(w, r)
+ case DynamicValueMappingServiceUpdateDynamicValueMappingProcedure:
+ dynamicValueMappingServiceUpdateDynamicValueMappingHandler.ServeHTTP(w, r)
+ case DynamicValueMappingServiceDeleteDynamicValueMappingProcedure:
+ dynamicValueMappingServiceDeleteDynamicValueMappingHandler.ServeHTTP(w, r)
+ default:
+ http.NotFound(w, r)
+ }
+ })
+}
+
+// UnimplementedDynamicValueMappingServiceHandler returns CodeUnimplemented from all methods.
+type UnimplementedDynamicValueMappingServiceHandler struct{}
+
+func (UnimplementedDynamicValueMappingServiceHandler) ListDynamicValueMappings(context.Context, *connect.Request[dynamicvaluemapping.ListDynamicValueMappingsRequest]) (*connect.Response[dynamicvaluemapping.ListDynamicValueMappingsResponse], error) {
+ return nil, connect.NewError(connect.CodeUnimplemented, errors.New("policy.dynamicvaluemapping.DynamicValueMappingService.ListDynamicValueMappings is not implemented"))
+}
+
+func (UnimplementedDynamicValueMappingServiceHandler) GetDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.GetDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.GetDynamicValueMappingResponse], error) {
+ return nil, connect.NewError(connect.CodeUnimplemented, errors.New("policy.dynamicvaluemapping.DynamicValueMappingService.GetDynamicValueMapping is not implemented"))
+}
+
+func (UnimplementedDynamicValueMappingServiceHandler) CreateDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.CreateDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.CreateDynamicValueMappingResponse], error) {
+ return nil, connect.NewError(connect.CodeUnimplemented, errors.New("policy.dynamicvaluemapping.DynamicValueMappingService.CreateDynamicValueMapping is not implemented"))
+}
+
+func (UnimplementedDynamicValueMappingServiceHandler) UpdateDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.UpdateDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.UpdateDynamicValueMappingResponse], error) {
+ return nil, connect.NewError(connect.CodeUnimplemented, errors.New("policy.dynamicvaluemapping.DynamicValueMappingService.UpdateDynamicValueMapping is not implemented"))
+}
+
+func (UnimplementedDynamicValueMappingServiceHandler) DeleteDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.DeleteDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.DeleteDynamicValueMappingResponse], error) {
+ return nil, connect.NewError(connect.CodeUnimplemented, errors.New("policy.dynamicvaluemapping.DynamicValueMappingService.DeleteDynamicValueMapping is not implemented"))
+}
diff --git a/protocol/go/policy/objects.pb.go b/protocol/go/policy/objects.pb.go
index b9eda84a37..4d90965eda 100644
--- a/protocol/go/policy/objects.pb.go
+++ b/protocol/go/policy/objects.pb.go
@@ -180,6 +180,64 @@ func (ConditionBooleanTypeEnum) EnumDescriptor() ([]byte, []int) {
return file_policy_objects_proto_rawDescGZIP(), []int{2}
}
+// Operators for dynamic, definition-level value entitlement. Unlike
+// SubjectMappingOperatorEnum, whose right-hand operand is a static list authored into
+// policy, a DynamicValueOperatorEnum's right-hand operand is the requested resource's
+// attribute value segment, supplied at decision time. Each value is the inversion of its
+// static SubjectMappingOperatorEnum counterpart.
+type DynamicValueOperatorEnum int32
+
+const (
+ DynamicValueOperatorEnum_DYNAMIC_VALUE_OPERATOR_ENUM_UNSPECIFIED DynamicValueOperatorEnum = 0
+ // true when the requested resource value segment equals one of the values resolved by
+ // the selector against the entity representation (inversion of IN)
+ DynamicValueOperatorEnum_DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN DynamicValueOperatorEnum = 1
+ // true when one of the selector-resolved entity values contains the requested resource
+ // value segment as a substring (inversion of IN_CONTAINS)
+ DynamicValueOperatorEnum_DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN_CONTAINS DynamicValueOperatorEnum = 2
+)
+
+// Enum value maps for DynamicValueOperatorEnum.
+var (
+ DynamicValueOperatorEnum_name = map[int32]string{
+ 0: "DYNAMIC_VALUE_OPERATOR_ENUM_UNSPECIFIED",
+ 1: "DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN",
+ 2: "DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN_CONTAINS",
+ }
+ DynamicValueOperatorEnum_value = map[string]int32{
+ "DYNAMIC_VALUE_OPERATOR_ENUM_UNSPECIFIED": 0,
+ "DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN": 1,
+ "DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN_CONTAINS": 2,
+ }
+)
+
+func (x DynamicValueOperatorEnum) Enum() *DynamicValueOperatorEnum {
+ p := new(DynamicValueOperatorEnum)
+ *p = x
+ return p
+}
+
+func (x DynamicValueOperatorEnum) String() string {
+ return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (DynamicValueOperatorEnum) Descriptor() protoreflect.EnumDescriptor {
+ return file_policy_objects_proto_enumTypes[3].Descriptor()
+}
+
+func (DynamicValueOperatorEnum) Type() protoreflect.EnumType {
+ return &file_policy_objects_proto_enumTypes[3]
+}
+
+func (x DynamicValueOperatorEnum) Number() protoreflect.EnumNumber {
+ return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use DynamicValueOperatorEnum.Descriptor instead.
+func (DynamicValueOperatorEnum) EnumDescriptor() ([]byte, []int) {
+ return file_policy_objects_proto_rawDescGZIP(), []int{3}
+}
+
// Describes whether this kas is managed by the organization or if they imported
// the kas information from an external party. These two modes are necessary in order
// to encrypt a tdf dek with an external parties kas public key.
@@ -218,11 +276,11 @@ func (x SourceType) String() string {
}
func (SourceType) Descriptor() protoreflect.EnumDescriptor {
- return file_policy_objects_proto_enumTypes[3].Descriptor()
+ return file_policy_objects_proto_enumTypes[4].Descriptor()
}
func (SourceType) Type() protoreflect.EnumType {
- return &file_policy_objects_proto_enumTypes[3]
+ return &file_policy_objects_proto_enumTypes[4]
}
func (x SourceType) Number() protoreflect.EnumNumber {
@@ -231,7 +289,7 @@ func (x SourceType) Number() protoreflect.EnumNumber {
// Deprecated: Use SourceType.Descriptor instead.
func (SourceType) EnumDescriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{3}
+ return file_policy_objects_proto_rawDescGZIP(), []int{4}
}
type KasPublicKeyAlgEnum int32
@@ -285,11 +343,11 @@ func (x KasPublicKeyAlgEnum) String() string {
}
func (KasPublicKeyAlgEnum) Descriptor() protoreflect.EnumDescriptor {
- return file_policy_objects_proto_enumTypes[4].Descriptor()
+ return file_policy_objects_proto_enumTypes[5].Descriptor()
}
func (KasPublicKeyAlgEnum) Type() protoreflect.EnumType {
- return &file_policy_objects_proto_enumTypes[4]
+ return &file_policy_objects_proto_enumTypes[5]
}
func (x KasPublicKeyAlgEnum) Number() protoreflect.EnumNumber {
@@ -298,7 +356,7 @@ func (x KasPublicKeyAlgEnum) Number() protoreflect.EnumNumber {
// Deprecated: Use KasPublicKeyAlgEnum.Descriptor instead.
func (KasPublicKeyAlgEnum) EnumDescriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{4}
+ return file_policy_objects_proto_rawDescGZIP(), []int{5}
}
// Supported key algorithms.
@@ -353,11 +411,11 @@ func (x Algorithm) String() string {
}
func (Algorithm) Descriptor() protoreflect.EnumDescriptor {
- return file_policy_objects_proto_enumTypes[5].Descriptor()
+ return file_policy_objects_proto_enumTypes[6].Descriptor()
}
func (Algorithm) Type() protoreflect.EnumType {
- return &file_policy_objects_proto_enumTypes[5]
+ return &file_policy_objects_proto_enumTypes[6]
}
func (x Algorithm) Number() protoreflect.EnumNumber {
@@ -366,7 +424,7 @@ func (x Algorithm) Number() protoreflect.EnumNumber {
// Deprecated: Use Algorithm.Descriptor instead.
func (Algorithm) EnumDescriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{5}
+ return file_policy_objects_proto_rawDescGZIP(), []int{6}
}
// The status of the key
@@ -403,11 +461,11 @@ func (x KeyStatus) String() string {
}
func (KeyStatus) Descriptor() protoreflect.EnumDescriptor {
- return file_policy_objects_proto_enumTypes[6].Descriptor()
+ return file_policy_objects_proto_enumTypes[7].Descriptor()
}
func (KeyStatus) Type() protoreflect.EnumType {
- return &file_policy_objects_proto_enumTypes[6]
+ return &file_policy_objects_proto_enumTypes[7]
}
func (x KeyStatus) Number() protoreflect.EnumNumber {
@@ -416,7 +474,7 @@ func (x KeyStatus) Number() protoreflect.EnumNumber {
// Deprecated: Use KeyStatus.Descriptor instead.
func (KeyStatus) EnumDescriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{6}
+ return file_policy_objects_proto_rawDescGZIP(), []int{7}
}
// Describes the management and operational mode of a cryptographic key.
@@ -472,11 +530,11 @@ func (x KeyMode) String() string {
}
func (KeyMode) Descriptor() protoreflect.EnumDescriptor {
- return file_policy_objects_proto_enumTypes[7].Descriptor()
+ return file_policy_objects_proto_enumTypes[8].Descriptor()
}
func (KeyMode) Type() protoreflect.EnumType {
- return &file_policy_objects_proto_enumTypes[7]
+ return &file_policy_objects_proto_enumTypes[8]
}
func (x KeyMode) Number() protoreflect.EnumNumber {
@@ -485,7 +543,7 @@ func (x KeyMode) Number() protoreflect.EnumNumber {
// Deprecated: Use KeyMode.Descriptor instead.
func (KeyMode) EnumDescriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{7}
+ return file_policy_objects_proto_rawDescGZIP(), []int{8}
}
type Action_StandardAction int32
@@ -525,11 +583,11 @@ func (x Action_StandardAction) String() string {
}
func (Action_StandardAction) Descriptor() protoreflect.EnumDescriptor {
- return file_policy_objects_proto_enumTypes[8].Descriptor()
+ return file_policy_objects_proto_enumTypes[9].Descriptor()
}
func (Action_StandardAction) Type() protoreflect.EnumType {
- return &file_policy_objects_proto_enumTypes[8]
+ return &file_policy_objects_proto_enumTypes[9]
}
func (x Action_StandardAction) Number() protoreflect.EnumNumber {
@@ -1331,6 +1389,174 @@ func (x *SubjectMapping) GetMetadata() *common.Metadata {
return nil
}
+// Definition Value Resolver: the dynamic half of a DynamicValueMapping. It
+// resolves a selector against the entity representation and compares the result to the
+// requested resource value segment using a DynamicValueOperatorEnum.
+type DynamicValueResolver struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // a selector for a field value on a flattened Entity Representation (such as from
+ // idP/LDAP), e.g. ".patientAssignments[]"
+ SubjectExternalSelectorValue string `protobuf:"bytes,1,opt,name=subject_external_selector_value,json=subjectExternalSelectorValue,proto3" json:"subject_external_selector_value,omitempty"`
+ // the dynamic operator comparing the selector result to the resource value segment
+ Operator DynamicValueOperatorEnum `protobuf:"varint,2,opt,name=operator,proto3,enum=policy.DynamicValueOperatorEnum" json:"operator,omitempty"`
+}
+
+func (x *DynamicValueResolver) Reset() {
+ *x = DynamicValueResolver{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_policy_objects_proto_msgTypes[8]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *DynamicValueResolver) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DynamicValueResolver) ProtoMessage() {}
+
+func (x *DynamicValueResolver) ProtoReflect() protoreflect.Message {
+ mi := &file_policy_objects_proto_msgTypes[8]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use DynamicValueResolver.ProtoReflect.Descriptor instead.
+func (*DynamicValueResolver) Descriptor() ([]byte, []int) {
+ return file_policy_objects_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *DynamicValueResolver) GetSubjectExternalSelectorValue() string {
+ if x != nil {
+ return x.SubjectExternalSelectorValue
+ }
+ return ""
+}
+
+func (x *DynamicValueResolver) GetOperator() DynamicValueOperatorEnum {
+ if x != nil {
+ return x.Operator
+ }
+ return DynamicValueOperatorEnum_DYNAMIC_VALUE_OPERATOR_ENUM_UNSPECIFIED
+}
+
+// Dynamic Value Mapping: a Policy assigning permitted action(s) to
+// dynamically-requested values under an Attribute Definition. It raises entitlement
+// authority from a concrete Attribute Value to the Attribute Definition: at decision time
+// the value_resolver compares the requested resource value segment against the entity
+// representation, avoiding pre-provisioning a value + subject mapping per discrete value.
+type DynamicValueMapping struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+ // the Attribute Definition whose values are entitled dynamically
+ AttributeDefinition *Attribute `protobuf:"bytes,2,opt,name=attribute_definition,json=attributeDefinition,proto3" json:"attribute_definition,omitempty"`
+ // the dynamic resolver matched against the requested resource value segment
+ ValueResolver *DynamicValueResolver `protobuf:"bytes,3,opt,name=value_resolver,json=valueResolver,proto3" json:"value_resolver,omitempty"`
+ // optional static pre-gate on the entity, evaluated with normal SubjectConditionSet
+ // semantics (no dynamic overload). When present, both the gate and the resolver must
+ // pass for entitlement.
+ SubjectConditionSet *SubjectConditionSet `protobuf:"bytes,4,opt,name=subject_condition_set,json=subjectConditionSet,proto3" json:"subject_condition_set,omitempty"`
+ // the actions permitted by subjects in this mapping
+ Actions []*Action `protobuf:"bytes,5,rep,name=actions,proto3" json:"actions,omitempty"`
+ // the namespace containing this mapping
+ Namespace *Namespace `protobuf:"bytes,6,opt,name=namespace,proto3" json:"namespace,omitempty"`
+ Metadata *common.Metadata `protobuf:"bytes,100,opt,name=metadata,proto3" json:"metadata,omitempty"`
+}
+
+func (x *DynamicValueMapping) Reset() {
+ *x = DynamicValueMapping{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_policy_objects_proto_msgTypes[9]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *DynamicValueMapping) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DynamicValueMapping) ProtoMessage() {}
+
+func (x *DynamicValueMapping) ProtoReflect() protoreflect.Message {
+ mi := &file_policy_objects_proto_msgTypes[9]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use DynamicValueMapping.ProtoReflect.Descriptor instead.
+func (*DynamicValueMapping) Descriptor() ([]byte, []int) {
+ return file_policy_objects_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *DynamicValueMapping) GetId() string {
+ if x != nil {
+ return x.Id
+ }
+ return ""
+}
+
+func (x *DynamicValueMapping) GetAttributeDefinition() *Attribute {
+ if x != nil {
+ return x.AttributeDefinition
+ }
+ return nil
+}
+
+func (x *DynamicValueMapping) GetValueResolver() *DynamicValueResolver {
+ if x != nil {
+ return x.ValueResolver
+ }
+ return nil
+}
+
+func (x *DynamicValueMapping) GetSubjectConditionSet() *SubjectConditionSet {
+ if x != nil {
+ return x.SubjectConditionSet
+ }
+ return nil
+}
+
+func (x *DynamicValueMapping) GetActions() []*Action {
+ if x != nil {
+ return x.Actions
+ }
+ return nil
+}
+
+func (x *DynamicValueMapping) GetNamespace() *Namespace {
+ if x != nil {
+ return x.Namespace
+ }
+ return nil
+}
+
+func (x *DynamicValueMapping) GetMetadata() *common.Metadata {
+ if x != nil {
+ return x.Metadata
+ }
+ return nil
+}
+
// *
// A Condition defines a rule of
@@ -1353,7 +1579,7 @@ type Condition struct {
func (x *Condition) Reset() {
*x = Condition{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[8]
+ mi := &file_policy_objects_proto_msgTypes[10]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -1366,7 +1592,7 @@ func (x *Condition) String() string {
func (*Condition) ProtoMessage() {}
func (x *Condition) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[8]
+ mi := &file_policy_objects_proto_msgTypes[10]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -1379,7 +1605,7 @@ func (x *Condition) ProtoReflect() protoreflect.Message {
// Deprecated: Use Condition.ProtoReflect.Descriptor instead.
func (*Condition) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{8}
+ return file_policy_objects_proto_rawDescGZIP(), []int{10}
}
func (x *Condition) GetSubjectExternalSelectorValue() string {
@@ -1417,7 +1643,7 @@ type ConditionGroup struct {
func (x *ConditionGroup) Reset() {
*x = ConditionGroup{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[9]
+ mi := &file_policy_objects_proto_msgTypes[11]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -1430,7 +1656,7 @@ func (x *ConditionGroup) String() string {
func (*ConditionGroup) ProtoMessage() {}
func (x *ConditionGroup) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[9]
+ mi := &file_policy_objects_proto_msgTypes[11]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -1443,7 +1669,7 @@ func (x *ConditionGroup) ProtoReflect() protoreflect.Message {
// Deprecated: Use ConditionGroup.ProtoReflect.Descriptor instead.
func (*ConditionGroup) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{9}
+ return file_policy_objects_proto_rawDescGZIP(), []int{11}
}
func (x *ConditionGroup) GetConditions() []*Condition {
@@ -1473,7 +1699,7 @@ type SubjectSet struct {
func (x *SubjectSet) Reset() {
*x = SubjectSet{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[10]
+ mi := &file_policy_objects_proto_msgTypes[12]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -1486,7 +1712,7 @@ func (x *SubjectSet) String() string {
func (*SubjectSet) ProtoMessage() {}
func (x *SubjectSet) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[10]
+ mi := &file_policy_objects_proto_msgTypes[12]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -1499,7 +1725,7 @@ func (x *SubjectSet) ProtoReflect() protoreflect.Message {
// Deprecated: Use SubjectSet.ProtoReflect.Descriptor instead.
func (*SubjectSet) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{10}
+ return file_policy_objects_proto_rawDescGZIP(), []int{12}
}
func (x *SubjectSet) GetConditionGroups() []*ConditionGroup {
@@ -1531,7 +1757,7 @@ type SubjectConditionSet struct {
func (x *SubjectConditionSet) Reset() {
*x = SubjectConditionSet{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[11]
+ mi := &file_policy_objects_proto_msgTypes[13]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -1544,7 +1770,7 @@ func (x *SubjectConditionSet) String() string {
func (*SubjectConditionSet) ProtoMessage() {}
func (x *SubjectConditionSet) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[11]
+ mi := &file_policy_objects_proto_msgTypes[13]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -1557,7 +1783,7 @@ func (x *SubjectConditionSet) ProtoReflect() protoreflect.Message {
// Deprecated: Use SubjectConditionSet.ProtoReflect.Descriptor instead.
func (*SubjectConditionSet) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{11}
+ return file_policy_objects_proto_rawDescGZIP(), []int{13}
}
func (x *SubjectConditionSet) GetId() string {
@@ -1610,7 +1836,7 @@ type SubjectProperty struct {
func (x *SubjectProperty) Reset() {
*x = SubjectProperty{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[12]
+ mi := &file_policy_objects_proto_msgTypes[14]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -1623,7 +1849,7 @@ func (x *SubjectProperty) String() string {
func (*SubjectProperty) ProtoMessage() {}
func (x *SubjectProperty) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[12]
+ mi := &file_policy_objects_proto_msgTypes[14]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -1636,7 +1862,7 @@ func (x *SubjectProperty) ProtoReflect() protoreflect.Message {
// Deprecated: Use SubjectProperty.ProtoReflect.Descriptor instead.
func (*SubjectProperty) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{12}
+ return file_policy_objects_proto_rawDescGZIP(), []int{14}
}
func (x *SubjectProperty) GetExternalSelectorValue() string {
@@ -1675,7 +1901,7 @@ type ResourceMappingGroup struct {
func (x *ResourceMappingGroup) Reset() {
*x = ResourceMappingGroup{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[13]
+ mi := &file_policy_objects_proto_msgTypes[15]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -1688,7 +1914,7 @@ func (x *ResourceMappingGroup) String() string {
func (*ResourceMappingGroup) ProtoMessage() {}
func (x *ResourceMappingGroup) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[13]
+ mi := &file_policy_objects_proto_msgTypes[15]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -1701,7 +1927,7 @@ func (x *ResourceMappingGroup) ProtoReflect() protoreflect.Message {
// Deprecated: Use ResourceMappingGroup.ProtoReflect.Descriptor instead.
func (*ResourceMappingGroup) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{13}
+ return file_policy_objects_proto_rawDescGZIP(), []int{15}
}
func (x *ResourceMappingGroup) GetId() string {
@@ -1756,7 +1982,7 @@ type ResourceMapping struct {
func (x *ResourceMapping) Reset() {
*x = ResourceMapping{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[14]
+ mi := &file_policy_objects_proto_msgTypes[16]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -1769,7 +1995,7 @@ func (x *ResourceMapping) String() string {
func (*ResourceMapping) ProtoMessage() {}
func (x *ResourceMapping) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[14]
+ mi := &file_policy_objects_proto_msgTypes[16]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -1782,7 +2008,7 @@ func (x *ResourceMapping) ProtoReflect() protoreflect.Message {
// Deprecated: Use ResourceMapping.ProtoReflect.Descriptor instead.
func (*ResourceMapping) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{14}
+ return file_policy_objects_proto_rawDescGZIP(), []int{16}
}
func (x *ResourceMapping) GetId() string {
@@ -1845,7 +2071,7 @@ type KeyAccessServer struct {
func (x *KeyAccessServer) Reset() {
*x = KeyAccessServer{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[15]
+ mi := &file_policy_objects_proto_msgTypes[17]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -1858,7 +2084,7 @@ func (x *KeyAccessServer) String() string {
func (*KeyAccessServer) ProtoMessage() {}
func (x *KeyAccessServer) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[15]
+ mi := &file_policy_objects_proto_msgTypes[17]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -1871,7 +2097,7 @@ func (x *KeyAccessServer) ProtoReflect() protoreflect.Message {
// Deprecated: Use KeyAccessServer.ProtoReflect.Descriptor instead.
func (*KeyAccessServer) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{15}
+ return file_policy_objects_proto_rawDescGZIP(), []int{17}
}
func (x *KeyAccessServer) GetId() string {
@@ -1941,7 +2167,7 @@ type Key struct {
func (x *Key) Reset() {
*x = Key{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[16]
+ mi := &file_policy_objects_proto_msgTypes[18]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -1954,7 +2180,7 @@ func (x *Key) String() string {
func (*Key) ProtoMessage() {}
func (x *Key) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[16]
+ mi := &file_policy_objects_proto_msgTypes[18]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -1967,7 +2193,7 @@ func (x *Key) ProtoReflect() protoreflect.Message {
// Deprecated: Use Key.ProtoReflect.Descriptor instead.
func (*Key) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{16}
+ return file_policy_objects_proto_rawDescGZIP(), []int{18}
}
func (x *Key) GetId() string {
@@ -2032,7 +2258,7 @@ type KasPublicKey struct {
func (x *KasPublicKey) Reset() {
*x = KasPublicKey{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[17]
+ mi := &file_policy_objects_proto_msgTypes[19]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -2045,7 +2271,7 @@ func (x *KasPublicKey) String() string {
func (*KasPublicKey) ProtoMessage() {}
func (x *KasPublicKey) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[17]
+ mi := &file_policy_objects_proto_msgTypes[19]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -2058,7 +2284,7 @@ func (x *KasPublicKey) ProtoReflect() protoreflect.Message {
// Deprecated: Use KasPublicKey.ProtoReflect.Descriptor instead.
func (*KasPublicKey) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{17}
+ return file_policy_objects_proto_rawDescGZIP(), []int{19}
}
func (x *KasPublicKey) GetPem() string {
@@ -2095,7 +2321,7 @@ type KasPublicKeySet struct {
func (x *KasPublicKeySet) Reset() {
*x = KasPublicKeySet{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[18]
+ mi := &file_policy_objects_proto_msgTypes[20]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -2108,7 +2334,7 @@ func (x *KasPublicKeySet) String() string {
func (*KasPublicKeySet) ProtoMessage() {}
func (x *KasPublicKeySet) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[18]
+ mi := &file_policy_objects_proto_msgTypes[20]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -2121,7 +2347,7 @@ func (x *KasPublicKeySet) ProtoReflect() protoreflect.Message {
// Deprecated: Use KasPublicKeySet.ProtoReflect.Descriptor instead.
func (*KasPublicKeySet) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{18}
+ return file_policy_objects_proto_rawDescGZIP(), []int{20}
}
func (x *KasPublicKeySet) GetKeys() []*KasPublicKey {
@@ -2147,7 +2373,7 @@ type PublicKey struct {
func (x *PublicKey) Reset() {
*x = PublicKey{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[19]
+ mi := &file_policy_objects_proto_msgTypes[21]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -2160,7 +2386,7 @@ func (x *PublicKey) String() string {
func (*PublicKey) ProtoMessage() {}
func (x *PublicKey) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[19]
+ mi := &file_policy_objects_proto_msgTypes[21]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -2173,7 +2399,7 @@ func (x *PublicKey) ProtoReflect() protoreflect.Message {
// Deprecated: Use PublicKey.ProtoReflect.Descriptor instead.
func (*PublicKey) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{19}
+ return file_policy_objects_proto_rawDescGZIP(), []int{21}
}
func (m *PublicKey) GetPublicKey() isPublicKey_PublicKey {
@@ -2231,7 +2457,7 @@ type RegisteredResource struct {
func (x *RegisteredResource) Reset() {
*x = RegisteredResource{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[20]
+ mi := &file_policy_objects_proto_msgTypes[22]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -2244,7 +2470,7 @@ func (x *RegisteredResource) String() string {
func (*RegisteredResource) ProtoMessage() {}
func (x *RegisteredResource) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[20]
+ mi := &file_policy_objects_proto_msgTypes[22]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -2257,7 +2483,7 @@ func (x *RegisteredResource) ProtoReflect() protoreflect.Message {
// Deprecated: Use RegisteredResource.ProtoReflect.Descriptor instead.
func (*RegisteredResource) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{20}
+ return file_policy_objects_proto_rawDescGZIP(), []int{22}
}
func (x *RegisteredResource) GetId() string {
@@ -2312,7 +2538,7 @@ type RegisteredResourceValue struct {
func (x *RegisteredResourceValue) Reset() {
*x = RegisteredResourceValue{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[21]
+ mi := &file_policy_objects_proto_msgTypes[23]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -2325,7 +2551,7 @@ func (x *RegisteredResourceValue) String() string {
func (*RegisteredResourceValue) ProtoMessage() {}
func (x *RegisteredResourceValue) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[21]
+ mi := &file_policy_objects_proto_msgTypes[23]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -2338,7 +2564,7 @@ func (x *RegisteredResourceValue) ProtoReflect() protoreflect.Message {
// Deprecated: Use RegisteredResourceValue.ProtoReflect.Descriptor instead.
func (*RegisteredResourceValue) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{21}
+ return file_policy_objects_proto_rawDescGZIP(), []int{23}
}
func (x *RegisteredResourceValue) GetId() string {
@@ -2394,7 +2620,7 @@ type PolicyEnforcementPoint struct {
func (x *PolicyEnforcementPoint) Reset() {
*x = PolicyEnforcementPoint{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[22]
+ mi := &file_policy_objects_proto_msgTypes[24]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -2407,7 +2633,7 @@ func (x *PolicyEnforcementPoint) String() string {
func (*PolicyEnforcementPoint) ProtoMessage() {}
func (x *PolicyEnforcementPoint) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[22]
+ mi := &file_policy_objects_proto_msgTypes[24]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -2420,7 +2646,7 @@ func (x *PolicyEnforcementPoint) ProtoReflect() protoreflect.Message {
// Deprecated: Use PolicyEnforcementPoint.ProtoReflect.Descriptor instead.
func (*PolicyEnforcementPoint) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{22}
+ return file_policy_objects_proto_rawDescGZIP(), []int{24}
}
func (x *PolicyEnforcementPoint) GetClientId() string {
@@ -2442,7 +2668,7 @@ type RequestContext struct {
func (x *RequestContext) Reset() {
*x = RequestContext{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[23]
+ mi := &file_policy_objects_proto_msgTypes[25]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -2455,7 +2681,7 @@ func (x *RequestContext) String() string {
func (*RequestContext) ProtoMessage() {}
func (x *RequestContext) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[23]
+ mi := &file_policy_objects_proto_msgTypes[25]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -2468,7 +2694,7 @@ func (x *RequestContext) ProtoReflect() protoreflect.Message {
// Deprecated: Use RequestContext.ProtoReflect.Descriptor instead.
func (*RequestContext) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{23}
+ return file_policy_objects_proto_rawDescGZIP(), []int{25}
}
func (x *RequestContext) GetPep() *PolicyEnforcementPoint {
@@ -2494,7 +2720,7 @@ type Obligation struct {
func (x *Obligation) Reset() {
*x = Obligation{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[24]
+ mi := &file_policy_objects_proto_msgTypes[26]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -2507,7 +2733,7 @@ func (x *Obligation) String() string {
func (*Obligation) ProtoMessage() {}
func (x *Obligation) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[24]
+ mi := &file_policy_objects_proto_msgTypes[26]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -2520,7 +2746,7 @@ func (x *Obligation) ProtoReflect() protoreflect.Message {
// Deprecated: Use Obligation.ProtoReflect.Descriptor instead.
func (*Obligation) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{24}
+ return file_policy_objects_proto_rawDescGZIP(), []int{26}
}
func (x *Obligation) GetId() string {
@@ -2581,7 +2807,7 @@ type ObligationValue struct {
func (x *ObligationValue) Reset() {
*x = ObligationValue{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[25]
+ mi := &file_policy_objects_proto_msgTypes[27]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -2594,7 +2820,7 @@ func (x *ObligationValue) String() string {
func (*ObligationValue) ProtoMessage() {}
func (x *ObligationValue) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[25]
+ mi := &file_policy_objects_proto_msgTypes[27]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -2607,7 +2833,7 @@ func (x *ObligationValue) ProtoReflect() protoreflect.Message {
// Deprecated: Use ObligationValue.ProtoReflect.Descriptor instead.
func (*ObligationValue) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{25}
+ return file_policy_objects_proto_rawDescGZIP(), []int{27}
}
func (x *ObligationValue) GetId() string {
@@ -2670,7 +2896,7 @@ type ObligationTrigger struct {
func (x *ObligationTrigger) Reset() {
*x = ObligationTrigger{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[26]
+ mi := &file_policy_objects_proto_msgTypes[28]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -2683,7 +2909,7 @@ func (x *ObligationTrigger) String() string {
func (*ObligationTrigger) ProtoMessage() {}
func (x *ObligationTrigger) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[26]
+ mi := &file_policy_objects_proto_msgTypes[28]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -2696,7 +2922,7 @@ func (x *ObligationTrigger) ProtoReflect() protoreflect.Message {
// Deprecated: Use ObligationTrigger.ProtoReflect.Descriptor instead.
func (*ObligationTrigger) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{26}
+ return file_policy_objects_proto_rawDescGZIP(), []int{28}
}
func (x *ObligationTrigger) GetId() string {
@@ -2761,7 +2987,7 @@ type KasKey struct {
func (x *KasKey) Reset() {
*x = KasKey{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[27]
+ mi := &file_policy_objects_proto_msgTypes[29]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -2774,7 +3000,7 @@ func (x *KasKey) String() string {
func (*KasKey) ProtoMessage() {}
func (x *KasKey) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[27]
+ mi := &file_policy_objects_proto_msgTypes[29]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -2787,7 +3013,7 @@ func (x *KasKey) ProtoReflect() protoreflect.Message {
// Deprecated: Use KasKey.ProtoReflect.Descriptor instead.
func (*KasKey) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{27}
+ return file_policy_objects_proto_rawDescGZIP(), []int{29}
}
func (x *KasKey) GetKasId() string {
@@ -2823,7 +3049,7 @@ type PublicKeyCtx struct {
func (x *PublicKeyCtx) Reset() {
*x = PublicKeyCtx{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[28]
+ mi := &file_policy_objects_proto_msgTypes[30]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -2836,7 +3062,7 @@ func (x *PublicKeyCtx) String() string {
func (*PublicKeyCtx) ProtoMessage() {}
func (x *PublicKeyCtx) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[28]
+ mi := &file_policy_objects_proto_msgTypes[30]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -2849,7 +3075,7 @@ func (x *PublicKeyCtx) ProtoReflect() protoreflect.Message {
// Deprecated: Use PublicKeyCtx.ProtoReflect.Descriptor instead.
func (*PublicKeyCtx) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{28}
+ return file_policy_objects_proto_rawDescGZIP(), []int{30}
}
func (x *PublicKeyCtx) GetPem() string {
@@ -2873,7 +3099,7 @@ type PrivateKeyCtx struct {
func (x *PrivateKeyCtx) Reset() {
*x = PrivateKeyCtx{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[29]
+ mi := &file_policy_objects_proto_msgTypes[31]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -2886,7 +3112,7 @@ func (x *PrivateKeyCtx) String() string {
func (*PrivateKeyCtx) ProtoMessage() {}
func (x *PrivateKeyCtx) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[29]
+ mi := &file_policy_objects_proto_msgTypes[31]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -2899,7 +3125,7 @@ func (x *PrivateKeyCtx) ProtoReflect() protoreflect.Message {
// Deprecated: Use PrivateKeyCtx.ProtoReflect.Descriptor instead.
func (*PrivateKeyCtx) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{29}
+ return file_policy_objects_proto_rawDescGZIP(), []int{31}
}
func (x *PrivateKeyCtx) GetKeyId() string {
@@ -2946,7 +3172,7 @@ type AsymmetricKey struct {
func (x *AsymmetricKey) Reset() {
*x = AsymmetricKey{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[30]
+ mi := &file_policy_objects_proto_msgTypes[32]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -2959,7 +3185,7 @@ func (x *AsymmetricKey) String() string {
func (*AsymmetricKey) ProtoMessage() {}
func (x *AsymmetricKey) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[30]
+ mi := &file_policy_objects_proto_msgTypes[32]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -2972,7 +3198,7 @@ func (x *AsymmetricKey) ProtoReflect() protoreflect.Message {
// Deprecated: Use AsymmetricKey.ProtoReflect.Descriptor instead.
func (*AsymmetricKey) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{30}
+ return file_policy_objects_proto_rawDescGZIP(), []int{32}
}
func (x *AsymmetricKey) GetId() string {
@@ -3063,7 +3289,7 @@ type SymmetricKey struct {
func (x *SymmetricKey) Reset() {
*x = SymmetricKey{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[31]
+ mi := &file_policy_objects_proto_msgTypes[33]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3076,7 +3302,7 @@ func (x *SymmetricKey) String() string {
func (*SymmetricKey) ProtoMessage() {}
func (x *SymmetricKey) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[31]
+ mi := &file_policy_objects_proto_msgTypes[33]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3089,7 +3315,7 @@ func (x *SymmetricKey) ProtoReflect() protoreflect.Message {
// Deprecated: Use SymmetricKey.ProtoReflect.Descriptor instead.
func (*SymmetricKey) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{31}
+ return file_policy_objects_proto_rawDescGZIP(), []int{33}
}
func (x *SymmetricKey) GetId() string {
@@ -3156,7 +3382,7 @@ type RegisteredResourceValue_ActionAttributeValue struct {
func (x *RegisteredResourceValue_ActionAttributeValue) Reset() {
*x = RegisteredResourceValue_ActionAttributeValue{}
if protoimpl.UnsafeEnabled {
- mi := &file_policy_objects_proto_msgTypes[32]
+ mi := &file_policy_objects_proto_msgTypes[34]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3169,7 +3395,7 @@ func (x *RegisteredResourceValue_ActionAttributeValue) String() string {
func (*RegisteredResourceValue_ActionAttributeValue) ProtoMessage() {}
func (x *RegisteredResourceValue_ActionAttributeValue) ProtoReflect() protoreflect.Message {
- mi := &file_policy_objects_proto_msgTypes[32]
+ mi := &file_policy_objects_proto_msgTypes[34]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3182,7 +3408,7 @@ func (x *RegisteredResourceValue_ActionAttributeValue) ProtoReflect() protorefle
// Deprecated: Use RegisteredResourceValue_ActionAttributeValue.ProtoReflect.Descriptor instead.
func (*RegisteredResourceValue_ActionAttributeValue) Descriptor() ([]byte, []int) {
- return file_policy_objects_proto_rawDescGZIP(), []int{21, 0}
+ return file_policy_objects_proto_rawDescGZIP(), []int{23, 0}
}
func (x *RegisteredResourceValue_ActionAttributeValue) GetId() string {
@@ -3367,6 +3593,42 @@ var file_policy_objects_proto_rawDesc = []byte{
0x61, 0x63, 0x65, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x2c,
0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x64, 0x20, 0x01, 0x28, 0x0b,
0x32, 0x10, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61,
+ 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x22, 0xb0, 0x01, 0x0a,
+ 0x14, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73,
+ 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x12, 0x4d, 0x0a, 0x1f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74,
+ 0x5f, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74,
+ 0x6f, 0x72, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x06,
+ 0xba, 0x48, 0x03, 0xc8, 0x01, 0x01, 0x52, 0x1c, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x45,
+ 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x56,
+ 0x61, 0x6c, 0x75, 0x65, 0x12, 0x49, 0x0a, 0x08, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72,
+ 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x20, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e,
+ 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4f, 0x70, 0x65, 0x72,
+ 0x61, 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x75, 0x6d, 0x42, 0x0b, 0xba, 0x48, 0x08, 0xc8, 0x01, 0x01,
+ 0x82, 0x01, 0x02, 0x10, 0x01, 0x52, 0x08, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x22,
+ 0x8a, 0x03, 0x0a, 0x13, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65,
+ 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20,
+ 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x44, 0x0a, 0x14, 0x61, 0x74, 0x74, 0x72, 0x69,
+ 0x62, 0x75, 0x74, 0x65, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18,
+ 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x41,
+ 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x13, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62,
+ 0x75, 0x74, 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x43, 0x0a,
+ 0x0e, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x18,
+ 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x44,
+ 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c,
+ 0x76, 0x65, 0x72, 0x52, 0x0d, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76,
+ 0x65, 0x72, 0x12, 0x4f, 0x0a, 0x15, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x63, 0x6f,
+ 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28,
+ 0x0b, 0x32, 0x1b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65,
+ 0x63, 0x74, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x52, 0x13,
+ 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e,
+ 0x53, 0x65, 0x74, 0x12, 0x28, 0x0a, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x05,
+ 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x41, 0x63,
+ 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x2f, 0x0a,
+ 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b,
+ 0x32, 0x11, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70,
+ 0x61, 0x63, 0x65, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x2c,
+ 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x64, 0x20, 0x01, 0x28, 0x0b,
+ 0x32, 0x10, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61,
0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x22, 0xe9, 0x01, 0x0a,
0x09, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4d, 0x0a, 0x1f, 0x73, 0x75,
0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x73,
@@ -3740,79 +4002,90 @@ var file_policy_objects_proto_rawDesc = []byte{
0x41, 0x4e, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x41, 0x4e, 0x44,
0x10, 0x01, 0x12, 0x22, 0x0a, 0x1e, 0x43, 0x4f, 0x4e, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f,
0x42, 0x4f, 0x4f, 0x4c, 0x45, 0x41, 0x4e, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55,
- 0x4d, 0x5f, 0x4f, 0x52, 0x10, 0x02, 0x2a, 0x5d, 0x0a, 0x0a, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65,
- 0x54, 0x79, 0x70, 0x65, 0x12, 0x1b, 0x0a, 0x17, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x54,
- 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10,
- 0x00, 0x12, 0x18, 0x0a, 0x14, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45,
- 0x5f, 0x49, 0x4e, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x53,
- 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x58, 0x54, 0x45, 0x52,
- 0x4e, 0x41, 0x4c, 0x10, 0x02, 0x2a, 0x9b, 0x03, 0x0a, 0x13, 0x4b, 0x61, 0x73, 0x50, 0x75, 0x62,
- 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x41, 0x6c, 0x67, 0x45, 0x6e, 0x75, 0x6d, 0x12, 0x27, 0x0a,
- 0x23, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f,
- 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49,
- 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x24, 0x0a, 0x20, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55,
+ 0x4d, 0x5f, 0x4f, 0x52, 0x10, 0x02, 0x2a, 0xb6, 0x01, 0x0a, 0x18, 0x44, 0x79, 0x6e, 0x61, 0x6d,
+ 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x45,
+ 0x6e, 0x75, 0x6d, 0x12, 0x2b, 0x0a, 0x27, 0x44, 0x59, 0x4e, 0x41, 0x4d, 0x49, 0x43, 0x5f, 0x56,
+ 0x41, 0x4c, 0x55, 0x45, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x45, 0x4e,
+ 0x55, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00,
+ 0x12, 0x31, 0x0a, 0x2d, 0x44, 0x59, 0x4e, 0x41, 0x4d, 0x49, 0x43, 0x5f, 0x56, 0x41, 0x4c, 0x55,
+ 0x45, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f,
+ 0x52, 0x45, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x56, 0x41, 0x4c, 0x55, 0x45, 0x5f, 0x49,
+ 0x4e, 0x10, 0x01, 0x12, 0x3a, 0x0a, 0x36, 0x44, 0x59, 0x4e, 0x41, 0x4d, 0x49, 0x43, 0x5f, 0x56,
+ 0x41, 0x4c, 0x55, 0x45, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x45, 0x4e,
+ 0x55, 0x4d, 0x5f, 0x52, 0x45, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x56, 0x41, 0x4c, 0x55,
+ 0x45, 0x5f, 0x49, 0x4e, 0x5f, 0x43, 0x4f, 0x4e, 0x54, 0x41, 0x49, 0x4e, 0x53, 0x10, 0x02, 0x2a,
+ 0x5d, 0x0a, 0x0a, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1b, 0x0a,
+ 0x17, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53,
+ 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x18, 0x0a, 0x14, 0x53, 0x4f,
+ 0x55, 0x52, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x45, 0x52, 0x4e,
+ 0x41, 0x4c, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x54,
+ 0x59, 0x50, 0x45, 0x5f, 0x45, 0x58, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x10, 0x02, 0x2a, 0x9b,
+ 0x03, 0x0a, 0x13, 0x4b, 0x61, 0x73, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x41,
+ 0x6c, 0x67, 0x45, 0x6e, 0x75, 0x6d, 0x12, 0x27, 0x0a, 0x23, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55,
0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55,
- 0x4d, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x10, 0x01, 0x12, 0x24, 0x0a, 0x20,
- 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41,
- 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x34, 0x30, 0x39, 0x36,
- 0x10, 0x02, 0x12, 0x28, 0x0a, 0x24, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43,
- 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x45, 0x43,
- 0x5f, 0x53, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x52, 0x31, 0x10, 0x05, 0x12, 0x28, 0x0a, 0x24,
- 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41,
- 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x33,
- 0x38, 0x34, 0x52, 0x31, 0x10, 0x06, 0x12, 0x28, 0x0a, 0x24, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55,
+ 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
+ 0x24, 0x0a, 0x20, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45,
+ 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x32,
+ 0x30, 0x34, 0x38, 0x10, 0x01, 0x12, 0x24, 0x0a, 0x20, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42,
+ 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d,
+ 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x10, 0x02, 0x12, 0x28, 0x0a, 0x24, 0x4b,
+ 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c,
+ 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x32, 0x35,
+ 0x36, 0x52, 0x31, 0x10, 0x05, 0x12, 0x28, 0x0a, 0x24, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42,
+ 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d,
+ 0x5f, 0x45, 0x43, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x33, 0x38, 0x34, 0x52, 0x31, 0x10, 0x06, 0x12,
+ 0x28, 0x0a, 0x24, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45,
+ 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x53, 0x45,
+ 0x43, 0x50, 0x35, 0x32, 0x31, 0x52, 0x31, 0x10, 0x07, 0x12, 0x26, 0x0a, 0x22, 0x4b, 0x41, 0x53,
+ 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f,
+ 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x48, 0x50, 0x51, 0x54, 0x5f, 0x58, 0x57, 0x49, 0x4e, 0x47, 0x10,
+ 0x0a, 0x12, 0x33, 0x0a, 0x2f, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f,
+ 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x48, 0x50, 0x51,
+ 0x54, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x52, 0x31, 0x5f, 0x4d, 0x4c, 0x4b, 0x45,
+ 0x4d, 0x37, 0x36, 0x38, 0x10, 0x0b, 0x12, 0x34, 0x0a, 0x30, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55,
0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55,
- 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x35, 0x32, 0x31, 0x52, 0x31, 0x10, 0x07,
- 0x12, 0x26, 0x0a, 0x22, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b,
- 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x48, 0x50, 0x51, 0x54,
- 0x5f, 0x58, 0x57, 0x49, 0x4e, 0x47, 0x10, 0x0a, 0x12, 0x33, 0x0a, 0x2f, 0x4b, 0x41, 0x53, 0x5f,
- 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45,
- 0x4e, 0x55, 0x4d, 0x5f, 0x48, 0x50, 0x51, 0x54, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36,
- 0x52, 0x31, 0x5f, 0x4d, 0x4c, 0x4b, 0x45, 0x4d, 0x37, 0x36, 0x38, 0x10, 0x0b, 0x12, 0x34, 0x0a,
- 0x30, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f,
- 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x48, 0x50, 0x51, 0x54, 0x5f, 0x53, 0x45,
- 0x43, 0x50, 0x33, 0x38, 0x34, 0x52, 0x31, 0x5f, 0x4d, 0x4c, 0x4b, 0x45, 0x4d, 0x31, 0x30, 0x32,
- 0x34, 0x10, 0x0c, 0x2a, 0x84, 0x02, 0x0a, 0x09, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68,
- 0x6d, 0x12, 0x19, 0x0a, 0x15, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x55,
- 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12,
- 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x32, 0x30,
- 0x34, 0x38, 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48,
- 0x4d, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x10, 0x02, 0x12, 0x15, 0x0a, 0x11,
- 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x50, 0x32, 0x35,
- 0x36, 0x10, 0x03, 0x12, 0x15, 0x0a, 0x11, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d,
- 0x5f, 0x45, 0x43, 0x5f, 0x50, 0x33, 0x38, 0x34, 0x10, 0x04, 0x12, 0x15, 0x0a, 0x11, 0x41, 0x4c,
- 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x50, 0x35, 0x32, 0x31, 0x10,
- 0x05, 0x12, 0x18, 0x0a, 0x14, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x48,
- 0x50, 0x51, 0x54, 0x5f, 0x58, 0x57, 0x49, 0x4e, 0x47, 0x10, 0x06, 0x12, 0x25, 0x0a, 0x21, 0x41,
+ 0x4d, 0x5f, 0x48, 0x50, 0x51, 0x54, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x33, 0x38, 0x34, 0x52, 0x31,
+ 0x5f, 0x4d, 0x4c, 0x4b, 0x45, 0x4d, 0x31, 0x30, 0x32, 0x34, 0x10, 0x0c, 0x2a, 0x84, 0x02, 0x0a,
+ 0x09, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x19, 0x0a, 0x15, 0x41, 0x4c,
+ 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46,
+ 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54,
+ 0x48, 0x4d, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x10, 0x01, 0x12, 0x16, 0x0a,
+ 0x12, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x34,
+ 0x30, 0x39, 0x36, 0x10, 0x02, 0x12, 0x15, 0x0a, 0x11, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54,
+ 0x48, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x50, 0x32, 0x35, 0x36, 0x10, 0x03, 0x12, 0x15, 0x0a, 0x11,
+ 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x50, 0x33, 0x38,
+ 0x34, 0x10, 0x04, 0x12, 0x15, 0x0a, 0x11, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d,
+ 0x5f, 0x45, 0x43, 0x5f, 0x50, 0x35, 0x32, 0x31, 0x10, 0x05, 0x12, 0x18, 0x0a, 0x14, 0x41, 0x4c,
+ 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x48, 0x50, 0x51, 0x54, 0x5f, 0x58, 0x57, 0x49,
+ 0x4e, 0x47, 0x10, 0x06, 0x12, 0x25, 0x0a, 0x21, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48,
+ 0x4d, 0x5f, 0x48, 0x50, 0x51, 0x54, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x52, 0x31,
+ 0x5f, 0x4d, 0x4c, 0x4b, 0x45, 0x4d, 0x37, 0x36, 0x38, 0x10, 0x07, 0x12, 0x26, 0x0a, 0x22, 0x41,
0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x48, 0x50, 0x51, 0x54, 0x5f, 0x53, 0x45,
- 0x43, 0x50, 0x32, 0x35, 0x36, 0x52, 0x31, 0x5f, 0x4d, 0x4c, 0x4b, 0x45, 0x4d, 0x37, 0x36, 0x38,
- 0x10, 0x07, 0x12, 0x26, 0x0a, 0x22, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f,
- 0x48, 0x50, 0x51, 0x54, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x33, 0x38, 0x34, 0x52, 0x31, 0x5f, 0x4d,
- 0x4c, 0x4b, 0x45, 0x4d, 0x31, 0x30, 0x32, 0x34, 0x10, 0x08, 0x2a, 0x56, 0x0a, 0x09, 0x4b, 0x65,
- 0x79, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x45, 0x59, 0x5f, 0x53,
- 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45,
- 0x44, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x4b, 0x45, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55,
- 0x53, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x56, 0x45, 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x45,
- 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x52, 0x4f, 0x54, 0x41, 0x54, 0x45, 0x44,
- 0x10, 0x02, 0x2a, 0x94, 0x01, 0x0a, 0x07, 0x4b, 0x65, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x18,
- 0x0a, 0x14, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45,
- 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x4b, 0x45, 0x59, 0x5f,
- 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x52, 0x4f, 0x4f, 0x54,
- 0x5f, 0x4b, 0x45, 0x59, 0x10, 0x01, 0x12, 0x1e, 0x0a, 0x1a, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f,
- 0x44, 0x45, 0x5f, 0x50, 0x52, 0x4f, 0x56, 0x49, 0x44, 0x45, 0x52, 0x5f, 0x52, 0x4f, 0x4f, 0x54,
- 0x5f, 0x4b, 0x45, 0x59, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f,
- 0x44, 0x45, 0x5f, 0x52, 0x45, 0x4d, 0x4f, 0x54, 0x45, 0x10, 0x03, 0x12, 0x1c, 0x0a, 0x18, 0x4b,
- 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b,
- 0x45, 0x59, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x04, 0x42, 0x82, 0x01, 0x0a, 0x0a, 0x63, 0x6f,
- 0x6d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x0c, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74,
- 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
- 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x64, 0x66, 0x2f, 0x70, 0x6c, 0x61,
- 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x67,
- 0x6f, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0xa2, 0x02, 0x03, 0x50, 0x58, 0x58, 0xaa, 0x02,
- 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0xca, 0x02, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
- 0xe2, 0x02, 0x12, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74,
- 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x62, 0x06,
- 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+ 0x43, 0x50, 0x33, 0x38, 0x34, 0x52, 0x31, 0x5f, 0x4d, 0x4c, 0x4b, 0x45, 0x4d, 0x31, 0x30, 0x32,
+ 0x34, 0x10, 0x08, 0x2a, 0x56, 0x0a, 0x09, 0x4b, 0x65, 0x79, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73,
+ 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x45, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55,
+ 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11,
+ 0x4b, 0x45, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x56,
+ 0x45, 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x45, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55,
+ 0x53, 0x5f, 0x52, 0x4f, 0x54, 0x41, 0x54, 0x45, 0x44, 0x10, 0x02, 0x2a, 0x94, 0x01, 0x0a, 0x07,
+ 0x4b, 0x65, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x45, 0x59, 0x5f, 0x4d,
+ 0x4f, 0x44, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10,
+ 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x43, 0x4f,
+ 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x52, 0x4f, 0x4f, 0x54, 0x5f, 0x4b, 0x45, 0x59, 0x10, 0x01, 0x12,
+ 0x1e, 0x0a, 0x1a, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x52, 0x4f, 0x56,
+ 0x49, 0x44, 0x45, 0x52, 0x5f, 0x52, 0x4f, 0x4f, 0x54, 0x5f, 0x4b, 0x45, 0x59, 0x10, 0x02, 0x12,
+ 0x13, 0x0a, 0x0f, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x52, 0x45, 0x4d, 0x4f,
+ 0x54, 0x45, 0x10, 0x03, 0x12, 0x1c, 0x0a, 0x18, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45,
+ 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x4f, 0x4e, 0x4c, 0x59,
+ 0x10, 0x04, 0x42, 0x82, 0x01, 0x0a, 0x0a, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63,
+ 0x79, 0x42, 0x0c, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
+ 0x01, 0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70,
+ 0x65, 0x6e, 0x74, 0x64, 0x66, 0x2f, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2f, 0x70,
+ 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x67, 0x6f, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63,
+ 0x79, 0xa2, 0x02, 0x03, 0x50, 0x58, 0x58, 0xaa, 0x02, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
+ 0xca, 0x02, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0xe2, 0x02, 0x12, 0x50, 0x6f, 0x6c, 0x69,
+ 0x63, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02,
+ 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
@@ -3827,148 +4100,158 @@ func file_policy_objects_proto_rawDescGZIP() []byte {
return file_policy_objects_proto_rawDescData
}
-var file_policy_objects_proto_enumTypes = make([]protoimpl.EnumInfo, 9)
-var file_policy_objects_proto_msgTypes = make([]protoimpl.MessageInfo, 33)
+var file_policy_objects_proto_enumTypes = make([]protoimpl.EnumInfo, 10)
+var file_policy_objects_proto_msgTypes = make([]protoimpl.MessageInfo, 35)
var file_policy_objects_proto_goTypes = []interface{}{
- (AttributeRuleTypeEnum)(0), // 0: policy.AttributeRuleTypeEnum
- (SubjectMappingOperatorEnum)(0), // 1: policy.SubjectMappingOperatorEnum
- (ConditionBooleanTypeEnum)(0), // 2: policy.ConditionBooleanTypeEnum
- (SourceType)(0), // 3: policy.SourceType
- (KasPublicKeyAlgEnum)(0), // 4: policy.KasPublicKeyAlgEnum
- (Algorithm)(0), // 5: policy.Algorithm
- (KeyStatus)(0), // 6: policy.KeyStatus
- (KeyMode)(0), // 7: policy.KeyMode
- (Action_StandardAction)(0), // 8: policy.Action.StandardAction
- (*SimpleKasPublicKey)(nil), // 9: policy.SimpleKasPublicKey
- (*SimpleKasKey)(nil), // 10: policy.SimpleKasKey
- (*KeyProviderConfig)(nil), // 11: policy.KeyProviderConfig
- (*Namespace)(nil), // 12: policy.Namespace
- (*Attribute)(nil), // 13: policy.Attribute
- (*Value)(nil), // 14: policy.Value
- (*Action)(nil), // 15: policy.Action
- (*SubjectMapping)(nil), // 16: policy.SubjectMapping
- (*Condition)(nil), // 17: policy.Condition
- (*ConditionGroup)(nil), // 18: policy.ConditionGroup
- (*SubjectSet)(nil), // 19: policy.SubjectSet
- (*SubjectConditionSet)(nil), // 20: policy.SubjectConditionSet
- (*SubjectProperty)(nil), // 21: policy.SubjectProperty
- (*ResourceMappingGroup)(nil), // 22: policy.ResourceMappingGroup
- (*ResourceMapping)(nil), // 23: policy.ResourceMapping
- (*KeyAccessServer)(nil), // 24: policy.KeyAccessServer
- (*Key)(nil), // 25: policy.Key
- (*KasPublicKey)(nil), // 26: policy.KasPublicKey
- (*KasPublicKeySet)(nil), // 27: policy.KasPublicKeySet
- (*PublicKey)(nil), // 28: policy.PublicKey
- (*RegisteredResource)(nil), // 29: policy.RegisteredResource
- (*RegisteredResourceValue)(nil), // 30: policy.RegisteredResourceValue
- (*PolicyEnforcementPoint)(nil), // 31: policy.PolicyEnforcementPoint
- (*RequestContext)(nil), // 32: policy.RequestContext
- (*Obligation)(nil), // 33: policy.Obligation
- (*ObligationValue)(nil), // 34: policy.ObligationValue
- (*ObligationTrigger)(nil), // 35: policy.ObligationTrigger
- (*KasKey)(nil), // 36: policy.KasKey
- (*PublicKeyCtx)(nil), // 37: policy.PublicKeyCtx
- (*PrivateKeyCtx)(nil), // 38: policy.PrivateKeyCtx
- (*AsymmetricKey)(nil), // 39: policy.AsymmetricKey
- (*SymmetricKey)(nil), // 40: policy.SymmetricKey
- (*RegisteredResourceValue_ActionAttributeValue)(nil), // 41: policy.RegisteredResourceValue.ActionAttributeValue
- (*common.Metadata)(nil), // 42: common.Metadata
- (*wrapperspb.BoolValue)(nil), // 43: google.protobuf.BoolValue
+ (AttributeRuleTypeEnum)(0), // 0: policy.AttributeRuleTypeEnum
+ (SubjectMappingOperatorEnum)(0), // 1: policy.SubjectMappingOperatorEnum
+ (ConditionBooleanTypeEnum)(0), // 2: policy.ConditionBooleanTypeEnum
+ (DynamicValueOperatorEnum)(0), // 3: policy.DynamicValueOperatorEnum
+ (SourceType)(0), // 4: policy.SourceType
+ (KasPublicKeyAlgEnum)(0), // 5: policy.KasPublicKeyAlgEnum
+ (Algorithm)(0), // 6: policy.Algorithm
+ (KeyStatus)(0), // 7: policy.KeyStatus
+ (KeyMode)(0), // 8: policy.KeyMode
+ (Action_StandardAction)(0), // 9: policy.Action.StandardAction
+ (*SimpleKasPublicKey)(nil), // 10: policy.SimpleKasPublicKey
+ (*SimpleKasKey)(nil), // 11: policy.SimpleKasKey
+ (*KeyProviderConfig)(nil), // 12: policy.KeyProviderConfig
+ (*Namespace)(nil), // 13: policy.Namespace
+ (*Attribute)(nil), // 14: policy.Attribute
+ (*Value)(nil), // 15: policy.Value
+ (*Action)(nil), // 16: policy.Action
+ (*SubjectMapping)(nil), // 17: policy.SubjectMapping
+ (*DynamicValueResolver)(nil), // 18: policy.DynamicValueResolver
+ (*DynamicValueMapping)(nil), // 19: policy.DynamicValueMapping
+ (*Condition)(nil), // 20: policy.Condition
+ (*ConditionGroup)(nil), // 21: policy.ConditionGroup
+ (*SubjectSet)(nil), // 22: policy.SubjectSet
+ (*SubjectConditionSet)(nil), // 23: policy.SubjectConditionSet
+ (*SubjectProperty)(nil), // 24: policy.SubjectProperty
+ (*ResourceMappingGroup)(nil), // 25: policy.ResourceMappingGroup
+ (*ResourceMapping)(nil), // 26: policy.ResourceMapping
+ (*KeyAccessServer)(nil), // 27: policy.KeyAccessServer
+ (*Key)(nil), // 28: policy.Key
+ (*KasPublicKey)(nil), // 29: policy.KasPublicKey
+ (*KasPublicKeySet)(nil), // 30: policy.KasPublicKeySet
+ (*PublicKey)(nil), // 31: policy.PublicKey
+ (*RegisteredResource)(nil), // 32: policy.RegisteredResource
+ (*RegisteredResourceValue)(nil), // 33: policy.RegisteredResourceValue
+ (*PolicyEnforcementPoint)(nil), // 34: policy.PolicyEnforcementPoint
+ (*RequestContext)(nil), // 35: policy.RequestContext
+ (*Obligation)(nil), // 36: policy.Obligation
+ (*ObligationValue)(nil), // 37: policy.ObligationValue
+ (*ObligationTrigger)(nil), // 38: policy.ObligationTrigger
+ (*KasKey)(nil), // 39: policy.KasKey
+ (*PublicKeyCtx)(nil), // 40: policy.PublicKeyCtx
+ (*PrivateKeyCtx)(nil), // 41: policy.PrivateKeyCtx
+ (*AsymmetricKey)(nil), // 42: policy.AsymmetricKey
+ (*SymmetricKey)(nil), // 43: policy.SymmetricKey
+ (*RegisteredResourceValue_ActionAttributeValue)(nil), // 44: policy.RegisteredResourceValue.ActionAttributeValue
+ (*common.Metadata)(nil), // 45: common.Metadata
+ (*wrapperspb.BoolValue)(nil), // 46: google.protobuf.BoolValue
}
var file_policy_objects_proto_depIdxs = []int32{
- 5, // 0: policy.SimpleKasPublicKey.algorithm:type_name -> policy.Algorithm
- 9, // 1: policy.SimpleKasKey.public_key:type_name -> policy.SimpleKasPublicKey
- 42, // 2: policy.KeyProviderConfig.metadata:type_name -> common.Metadata
- 43, // 3: policy.Namespace.active:type_name -> google.protobuf.BoolValue
- 42, // 4: policy.Namespace.metadata:type_name -> common.Metadata
- 24, // 5: policy.Namespace.grants:type_name -> policy.KeyAccessServer
- 10, // 6: policy.Namespace.kas_keys:type_name -> policy.SimpleKasKey
- 12, // 7: policy.Attribute.namespace:type_name -> policy.Namespace
+ 6, // 0: policy.SimpleKasPublicKey.algorithm:type_name -> policy.Algorithm
+ 10, // 1: policy.SimpleKasKey.public_key:type_name -> policy.SimpleKasPublicKey
+ 45, // 2: policy.KeyProviderConfig.metadata:type_name -> common.Metadata
+ 46, // 3: policy.Namespace.active:type_name -> google.protobuf.BoolValue
+ 45, // 4: policy.Namespace.metadata:type_name -> common.Metadata
+ 27, // 5: policy.Namespace.grants:type_name -> policy.KeyAccessServer
+ 11, // 6: policy.Namespace.kas_keys:type_name -> policy.SimpleKasKey
+ 13, // 7: policy.Attribute.namespace:type_name -> policy.Namespace
0, // 8: policy.Attribute.rule:type_name -> policy.AttributeRuleTypeEnum
- 14, // 9: policy.Attribute.values:type_name -> policy.Value
- 24, // 10: policy.Attribute.grants:type_name -> policy.KeyAccessServer
- 43, // 11: policy.Attribute.active:type_name -> google.protobuf.BoolValue
- 10, // 12: policy.Attribute.kas_keys:type_name -> policy.SimpleKasKey
- 43, // 13: policy.Attribute.allow_traversal:type_name -> google.protobuf.BoolValue
- 42, // 14: policy.Attribute.metadata:type_name -> common.Metadata
- 13, // 15: policy.Value.attribute:type_name -> policy.Attribute
- 24, // 16: policy.Value.grants:type_name -> policy.KeyAccessServer
- 43, // 17: policy.Value.active:type_name -> google.protobuf.BoolValue
- 16, // 18: policy.Value.subject_mappings:type_name -> policy.SubjectMapping
- 10, // 19: policy.Value.kas_keys:type_name -> policy.SimpleKasKey
- 23, // 20: policy.Value.resource_mappings:type_name -> policy.ResourceMapping
- 33, // 21: policy.Value.obligations:type_name -> policy.Obligation
- 42, // 22: policy.Value.metadata:type_name -> common.Metadata
- 8, // 23: policy.Action.standard:type_name -> policy.Action.StandardAction
- 12, // 24: policy.Action.namespace:type_name -> policy.Namespace
- 42, // 25: policy.Action.metadata:type_name -> common.Metadata
- 14, // 26: policy.SubjectMapping.attribute_value:type_name -> policy.Value
- 20, // 27: policy.SubjectMapping.subject_condition_set:type_name -> policy.SubjectConditionSet
- 15, // 28: policy.SubjectMapping.actions:type_name -> policy.Action
- 12, // 29: policy.SubjectMapping.namespace:type_name -> policy.Namespace
- 42, // 30: policy.SubjectMapping.metadata:type_name -> common.Metadata
- 1, // 31: policy.Condition.operator:type_name -> policy.SubjectMappingOperatorEnum
- 17, // 32: policy.ConditionGroup.conditions:type_name -> policy.Condition
- 2, // 33: policy.ConditionGroup.boolean_operator:type_name -> policy.ConditionBooleanTypeEnum
- 18, // 34: policy.SubjectSet.condition_groups:type_name -> policy.ConditionGroup
- 12, // 35: policy.SubjectConditionSet.namespace:type_name -> policy.Namespace
- 19, // 36: policy.SubjectConditionSet.subject_sets:type_name -> policy.SubjectSet
- 42, // 37: policy.SubjectConditionSet.metadata:type_name -> common.Metadata
- 42, // 38: policy.ResourceMappingGroup.metadata:type_name -> common.Metadata
- 42, // 39: policy.ResourceMapping.metadata:type_name -> common.Metadata
- 14, // 40: policy.ResourceMapping.attribute_value:type_name -> policy.Value
- 22, // 41: policy.ResourceMapping.group:type_name -> policy.ResourceMappingGroup
- 28, // 42: policy.KeyAccessServer.public_key:type_name -> policy.PublicKey
- 3, // 43: policy.KeyAccessServer.source_type:type_name -> policy.SourceType
- 10, // 44: policy.KeyAccessServer.kas_keys:type_name -> policy.SimpleKasKey
- 42, // 45: policy.KeyAccessServer.metadata:type_name -> common.Metadata
- 43, // 46: policy.Key.is_active:type_name -> google.protobuf.BoolValue
- 43, // 47: policy.Key.was_mapped:type_name -> google.protobuf.BoolValue
- 26, // 48: policy.Key.public_key:type_name -> policy.KasPublicKey
- 24, // 49: policy.Key.kas:type_name -> policy.KeyAccessServer
- 42, // 50: policy.Key.metadata:type_name -> common.Metadata
- 4, // 51: policy.KasPublicKey.alg:type_name -> policy.KasPublicKeyAlgEnum
- 26, // 52: policy.KasPublicKeySet.keys:type_name -> policy.KasPublicKey
- 27, // 53: policy.PublicKey.cached:type_name -> policy.KasPublicKeySet
- 30, // 54: policy.RegisteredResource.values:type_name -> policy.RegisteredResourceValue
- 12, // 55: policy.RegisteredResource.namespace:type_name -> policy.Namespace
- 42, // 56: policy.RegisteredResource.metadata:type_name -> common.Metadata
- 29, // 57: policy.RegisteredResourceValue.resource:type_name -> policy.RegisteredResource
- 41, // 58: policy.RegisteredResourceValue.action_attribute_values:type_name -> policy.RegisteredResourceValue.ActionAttributeValue
- 42, // 59: policy.RegisteredResourceValue.metadata:type_name -> common.Metadata
- 31, // 60: policy.RequestContext.pep:type_name -> policy.PolicyEnforcementPoint
- 12, // 61: policy.Obligation.namespace:type_name -> policy.Namespace
- 34, // 62: policy.Obligation.values:type_name -> policy.ObligationValue
- 42, // 63: policy.Obligation.metadata:type_name -> common.Metadata
- 33, // 64: policy.ObligationValue.obligation:type_name -> policy.Obligation
- 35, // 65: policy.ObligationValue.triggers:type_name -> policy.ObligationTrigger
- 42, // 66: policy.ObligationValue.metadata:type_name -> common.Metadata
- 34, // 67: policy.ObligationTrigger.obligation_value:type_name -> policy.ObligationValue
- 15, // 68: policy.ObligationTrigger.action:type_name -> policy.Action
- 14, // 69: policy.ObligationTrigger.attribute_value:type_name -> policy.Value
- 32, // 70: policy.ObligationTrigger.context:type_name -> policy.RequestContext
- 12, // 71: policy.ObligationTrigger.namespace:type_name -> policy.Namespace
- 42, // 72: policy.ObligationTrigger.metadata:type_name -> common.Metadata
- 39, // 73: policy.KasKey.key:type_name -> policy.AsymmetricKey
- 5, // 74: policy.AsymmetricKey.key_algorithm:type_name -> policy.Algorithm
- 6, // 75: policy.AsymmetricKey.key_status:type_name -> policy.KeyStatus
- 7, // 76: policy.AsymmetricKey.key_mode:type_name -> policy.KeyMode
- 37, // 77: policy.AsymmetricKey.public_key_ctx:type_name -> policy.PublicKeyCtx
- 38, // 78: policy.AsymmetricKey.private_key_ctx:type_name -> policy.PrivateKeyCtx
- 11, // 79: policy.AsymmetricKey.provider_config:type_name -> policy.KeyProviderConfig
- 42, // 80: policy.AsymmetricKey.metadata:type_name -> common.Metadata
- 6, // 81: policy.SymmetricKey.key_status:type_name -> policy.KeyStatus
- 7, // 82: policy.SymmetricKey.key_mode:type_name -> policy.KeyMode
- 11, // 83: policy.SymmetricKey.provider_config:type_name -> policy.KeyProviderConfig
- 42, // 84: policy.SymmetricKey.metadata:type_name -> common.Metadata
- 15, // 85: policy.RegisteredResourceValue.ActionAttributeValue.action:type_name -> policy.Action
- 14, // 86: policy.RegisteredResourceValue.ActionAttributeValue.attribute_value:type_name -> policy.Value
- 42, // 87: policy.RegisteredResourceValue.ActionAttributeValue.metadata:type_name -> common.Metadata
- 88, // [88:88] is the sub-list for method output_type
- 88, // [88:88] is the sub-list for method input_type
- 88, // [88:88] is the sub-list for extension type_name
- 88, // [88:88] is the sub-list for extension extendee
- 0, // [0:88] is the sub-list for field type_name
+ 15, // 9: policy.Attribute.values:type_name -> policy.Value
+ 27, // 10: policy.Attribute.grants:type_name -> policy.KeyAccessServer
+ 46, // 11: policy.Attribute.active:type_name -> google.protobuf.BoolValue
+ 11, // 12: policy.Attribute.kas_keys:type_name -> policy.SimpleKasKey
+ 46, // 13: policy.Attribute.allow_traversal:type_name -> google.protobuf.BoolValue
+ 45, // 14: policy.Attribute.metadata:type_name -> common.Metadata
+ 14, // 15: policy.Value.attribute:type_name -> policy.Attribute
+ 27, // 16: policy.Value.grants:type_name -> policy.KeyAccessServer
+ 46, // 17: policy.Value.active:type_name -> google.protobuf.BoolValue
+ 17, // 18: policy.Value.subject_mappings:type_name -> policy.SubjectMapping
+ 11, // 19: policy.Value.kas_keys:type_name -> policy.SimpleKasKey
+ 26, // 20: policy.Value.resource_mappings:type_name -> policy.ResourceMapping
+ 36, // 21: policy.Value.obligations:type_name -> policy.Obligation
+ 45, // 22: policy.Value.metadata:type_name -> common.Metadata
+ 9, // 23: policy.Action.standard:type_name -> policy.Action.StandardAction
+ 13, // 24: policy.Action.namespace:type_name -> policy.Namespace
+ 45, // 25: policy.Action.metadata:type_name -> common.Metadata
+ 15, // 26: policy.SubjectMapping.attribute_value:type_name -> policy.Value
+ 23, // 27: policy.SubjectMapping.subject_condition_set:type_name -> policy.SubjectConditionSet
+ 16, // 28: policy.SubjectMapping.actions:type_name -> policy.Action
+ 13, // 29: policy.SubjectMapping.namespace:type_name -> policy.Namespace
+ 45, // 30: policy.SubjectMapping.metadata:type_name -> common.Metadata
+ 3, // 31: policy.DynamicValueResolver.operator:type_name -> policy.DynamicValueOperatorEnum
+ 14, // 32: policy.DynamicValueMapping.attribute_definition:type_name -> policy.Attribute
+ 18, // 33: policy.DynamicValueMapping.value_resolver:type_name -> policy.DynamicValueResolver
+ 23, // 34: policy.DynamicValueMapping.subject_condition_set:type_name -> policy.SubjectConditionSet
+ 16, // 35: policy.DynamicValueMapping.actions:type_name -> policy.Action
+ 13, // 36: policy.DynamicValueMapping.namespace:type_name -> policy.Namespace
+ 45, // 37: policy.DynamicValueMapping.metadata:type_name -> common.Metadata
+ 1, // 38: policy.Condition.operator:type_name -> policy.SubjectMappingOperatorEnum
+ 20, // 39: policy.ConditionGroup.conditions:type_name -> policy.Condition
+ 2, // 40: policy.ConditionGroup.boolean_operator:type_name -> policy.ConditionBooleanTypeEnum
+ 21, // 41: policy.SubjectSet.condition_groups:type_name -> policy.ConditionGroup
+ 13, // 42: policy.SubjectConditionSet.namespace:type_name -> policy.Namespace
+ 22, // 43: policy.SubjectConditionSet.subject_sets:type_name -> policy.SubjectSet
+ 45, // 44: policy.SubjectConditionSet.metadata:type_name -> common.Metadata
+ 45, // 45: policy.ResourceMappingGroup.metadata:type_name -> common.Metadata
+ 45, // 46: policy.ResourceMapping.metadata:type_name -> common.Metadata
+ 15, // 47: policy.ResourceMapping.attribute_value:type_name -> policy.Value
+ 25, // 48: policy.ResourceMapping.group:type_name -> policy.ResourceMappingGroup
+ 31, // 49: policy.KeyAccessServer.public_key:type_name -> policy.PublicKey
+ 4, // 50: policy.KeyAccessServer.source_type:type_name -> policy.SourceType
+ 11, // 51: policy.KeyAccessServer.kas_keys:type_name -> policy.SimpleKasKey
+ 45, // 52: policy.KeyAccessServer.metadata:type_name -> common.Metadata
+ 46, // 53: policy.Key.is_active:type_name -> google.protobuf.BoolValue
+ 46, // 54: policy.Key.was_mapped:type_name -> google.protobuf.BoolValue
+ 29, // 55: policy.Key.public_key:type_name -> policy.KasPublicKey
+ 27, // 56: policy.Key.kas:type_name -> policy.KeyAccessServer
+ 45, // 57: policy.Key.metadata:type_name -> common.Metadata
+ 5, // 58: policy.KasPublicKey.alg:type_name -> policy.KasPublicKeyAlgEnum
+ 29, // 59: policy.KasPublicKeySet.keys:type_name -> policy.KasPublicKey
+ 30, // 60: policy.PublicKey.cached:type_name -> policy.KasPublicKeySet
+ 33, // 61: policy.RegisteredResource.values:type_name -> policy.RegisteredResourceValue
+ 13, // 62: policy.RegisteredResource.namespace:type_name -> policy.Namespace
+ 45, // 63: policy.RegisteredResource.metadata:type_name -> common.Metadata
+ 32, // 64: policy.RegisteredResourceValue.resource:type_name -> policy.RegisteredResource
+ 44, // 65: policy.RegisteredResourceValue.action_attribute_values:type_name -> policy.RegisteredResourceValue.ActionAttributeValue
+ 45, // 66: policy.RegisteredResourceValue.metadata:type_name -> common.Metadata
+ 34, // 67: policy.RequestContext.pep:type_name -> policy.PolicyEnforcementPoint
+ 13, // 68: policy.Obligation.namespace:type_name -> policy.Namespace
+ 37, // 69: policy.Obligation.values:type_name -> policy.ObligationValue
+ 45, // 70: policy.Obligation.metadata:type_name -> common.Metadata
+ 36, // 71: policy.ObligationValue.obligation:type_name -> policy.Obligation
+ 38, // 72: policy.ObligationValue.triggers:type_name -> policy.ObligationTrigger
+ 45, // 73: policy.ObligationValue.metadata:type_name -> common.Metadata
+ 37, // 74: policy.ObligationTrigger.obligation_value:type_name -> policy.ObligationValue
+ 16, // 75: policy.ObligationTrigger.action:type_name -> policy.Action
+ 15, // 76: policy.ObligationTrigger.attribute_value:type_name -> policy.Value
+ 35, // 77: policy.ObligationTrigger.context:type_name -> policy.RequestContext
+ 13, // 78: policy.ObligationTrigger.namespace:type_name -> policy.Namespace
+ 45, // 79: policy.ObligationTrigger.metadata:type_name -> common.Metadata
+ 42, // 80: policy.KasKey.key:type_name -> policy.AsymmetricKey
+ 6, // 81: policy.AsymmetricKey.key_algorithm:type_name -> policy.Algorithm
+ 7, // 82: policy.AsymmetricKey.key_status:type_name -> policy.KeyStatus
+ 8, // 83: policy.AsymmetricKey.key_mode:type_name -> policy.KeyMode
+ 40, // 84: policy.AsymmetricKey.public_key_ctx:type_name -> policy.PublicKeyCtx
+ 41, // 85: policy.AsymmetricKey.private_key_ctx:type_name -> policy.PrivateKeyCtx
+ 12, // 86: policy.AsymmetricKey.provider_config:type_name -> policy.KeyProviderConfig
+ 45, // 87: policy.AsymmetricKey.metadata:type_name -> common.Metadata
+ 7, // 88: policy.SymmetricKey.key_status:type_name -> policy.KeyStatus
+ 8, // 89: policy.SymmetricKey.key_mode:type_name -> policy.KeyMode
+ 12, // 90: policy.SymmetricKey.provider_config:type_name -> policy.KeyProviderConfig
+ 45, // 91: policy.SymmetricKey.metadata:type_name -> common.Metadata
+ 16, // 92: policy.RegisteredResourceValue.ActionAttributeValue.action:type_name -> policy.Action
+ 15, // 93: policy.RegisteredResourceValue.ActionAttributeValue.attribute_value:type_name -> policy.Value
+ 45, // 94: policy.RegisteredResourceValue.ActionAttributeValue.metadata:type_name -> common.Metadata
+ 95, // [95:95] is the sub-list for method output_type
+ 95, // [95:95] is the sub-list for method input_type
+ 95, // [95:95] is the sub-list for extension type_name
+ 95, // [95:95] is the sub-list for extension extendee
+ 0, // [0:95] is the sub-list for field type_name
}
func init() { file_policy_objects_proto_init() }
@@ -4074,7 +4357,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*Condition); i {
+ switch v := v.(*DynamicValueResolver); i {
case 0:
return &v.state
case 1:
@@ -4086,7 +4369,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*ConditionGroup); i {
+ switch v := v.(*DynamicValueMapping); i {
case 0:
return &v.state
case 1:
@@ -4098,7 +4381,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*SubjectSet); i {
+ switch v := v.(*Condition); i {
case 0:
return &v.state
case 1:
@@ -4110,7 +4393,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*SubjectConditionSet); i {
+ switch v := v.(*ConditionGroup); i {
case 0:
return &v.state
case 1:
@@ -4122,7 +4405,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*SubjectProperty); i {
+ switch v := v.(*SubjectSet); i {
case 0:
return &v.state
case 1:
@@ -4134,7 +4417,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*ResourceMappingGroup); i {
+ switch v := v.(*SubjectConditionSet); i {
case 0:
return &v.state
case 1:
@@ -4146,7 +4429,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*ResourceMapping); i {
+ switch v := v.(*SubjectProperty); i {
case 0:
return &v.state
case 1:
@@ -4158,7 +4441,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*KeyAccessServer); i {
+ switch v := v.(*ResourceMappingGroup); i {
case 0:
return &v.state
case 1:
@@ -4170,7 +4453,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*Key); i {
+ switch v := v.(*ResourceMapping); i {
case 0:
return &v.state
case 1:
@@ -4182,7 +4465,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*KasPublicKey); i {
+ switch v := v.(*KeyAccessServer); i {
case 0:
return &v.state
case 1:
@@ -4194,7 +4477,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*KasPublicKeySet); i {
+ switch v := v.(*Key); i {
case 0:
return &v.state
case 1:
@@ -4206,7 +4489,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*PublicKey); i {
+ switch v := v.(*KasPublicKey); i {
case 0:
return &v.state
case 1:
@@ -4218,7 +4501,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*RegisteredResource); i {
+ switch v := v.(*KasPublicKeySet); i {
case 0:
return &v.state
case 1:
@@ -4230,7 +4513,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*RegisteredResourceValue); i {
+ switch v := v.(*PublicKey); i {
case 0:
return &v.state
case 1:
@@ -4242,7 +4525,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*PolicyEnforcementPoint); i {
+ switch v := v.(*RegisteredResource); i {
case 0:
return &v.state
case 1:
@@ -4254,7 +4537,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*RequestContext); i {
+ switch v := v.(*RegisteredResourceValue); i {
case 0:
return &v.state
case 1:
@@ -4266,7 +4549,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*Obligation); i {
+ switch v := v.(*PolicyEnforcementPoint); i {
case 0:
return &v.state
case 1:
@@ -4278,7 +4561,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*ObligationValue); i {
+ switch v := v.(*RequestContext); i {
case 0:
return &v.state
case 1:
@@ -4290,7 +4573,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*ObligationTrigger); i {
+ switch v := v.(*Obligation); i {
case 0:
return &v.state
case 1:
@@ -4302,7 +4585,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[27].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*KasKey); i {
+ switch v := v.(*ObligationValue); i {
case 0:
return &v.state
case 1:
@@ -4314,7 +4597,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[28].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*PublicKeyCtx); i {
+ switch v := v.(*ObligationTrigger); i {
case 0:
return &v.state
case 1:
@@ -4326,7 +4609,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[29].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*PrivateKeyCtx); i {
+ switch v := v.(*KasKey); i {
case 0:
return &v.state
case 1:
@@ -4338,7 +4621,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[30].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*AsymmetricKey); i {
+ switch v := v.(*PublicKeyCtx); i {
case 0:
return &v.state
case 1:
@@ -4350,7 +4633,7 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[31].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*SymmetricKey); i {
+ switch v := v.(*PrivateKeyCtx); i {
case 0:
return &v.state
case 1:
@@ -4362,6 +4645,30 @@ func file_policy_objects_proto_init() {
}
}
file_policy_objects_proto_msgTypes[32].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*AsymmetricKey); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_policy_objects_proto_msgTypes[33].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*SymmetricKey); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_policy_objects_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*RegisteredResourceValue_ActionAttributeValue); i {
case 0:
return &v.state
@@ -4378,7 +4685,7 @@ func file_policy_objects_proto_init() {
(*Action_Standard)(nil),
(*Action_Custom)(nil),
}
- file_policy_objects_proto_msgTypes[19].OneofWrappers = []interface{}{
+ file_policy_objects_proto_msgTypes[21].OneofWrappers = []interface{}{
(*PublicKey_Remote)(nil),
(*PublicKey_Cached)(nil),
}
@@ -4387,8 +4694,8 @@ func file_policy_objects_proto_init() {
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: file_policy_objects_proto_rawDesc,
- NumEnums: 9,
- NumMessages: 33,
+ NumEnums: 10,
+ NumMessages: 35,
NumExtensions: 0,
NumServices: 0,
},
diff --git a/service/policy/dynamicvaluemapping/dynamic_value_mapping.proto b/service/policy/dynamicvaluemapping/dynamic_value_mapping.proto
new file mode 100644
index 0000000000..d7ff2ac5a1
--- /dev/null
+++ b/service/policy/dynamicvaluemapping/dynamic_value_mapping.proto
@@ -0,0 +1,171 @@
+syntax = "proto3";
+
+package policy.dynamicvaluemapping;
+
+import "buf/validate/validate.proto";
+import "common/common.proto";
+import "policy/objects.proto";
+import "policy/selectors.proto";
+import "policy/subjectmapping/subject_mapping.proto";
+
+/*
+ Dynamic Value Mapping CRUD operations
+
+ A DynamicValueMapping raises entitlement authority from a concrete AttributeValue to the
+ AttributeDefinition: at decision time the value_resolver compares the requested resource
+ value segment against the entity representation, avoiding pre-provisioning a value +
+ subject mapping per discrete value.
+*/
+
+message GetDynamicValueMappingRequest {
+ // Required
+ string id = 1 [(buf.validate.field).string.uuid = true];
+}
+message GetDynamicValueMappingResponse {
+ policy.DynamicValueMapping dynamic_value_mapping = 1;
+}
+
+enum SortDynamicValueMappingsType {
+ SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UNSPECIFIED = 0;
+ SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_CREATED_AT = 1;
+ SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UPDATED_AT = 2;
+}
+
+message DynamicValueMappingsSort {
+ SortDynamicValueMappingsType field = 1 [(buf.validate.field).enum.defined_only = true];
+ policy.SortDirection direction = 2 [(buf.validate.field).enum.defined_only = true];
+}
+
+message ListDynamicValueMappingsRequest {
+ // Optional
+ // Namespace ID, or Attribute Definition ID to filter by
+ string namespace_id = 1 [(buf.validate.field).cel = {
+ id: "optional_uuid_format"
+ message: "Optional field must be a valid UUID"
+ expression: "size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}')"
+ }];
+ string attribute_definition_id = 2 [(buf.validate.field).cel = {
+ id: "optional_uuid_format"
+ message: "Optional field must be a valid UUID"
+ expression: "size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}')"
+ }];
+
+ // Optional
+ policy.PageRequest pagination = 10;
+
+ // Optional - CONSTRAINT: max 1 item
+ repeated DynamicValueMappingsSort sort = 11 [(buf.validate.field).repeated.max_items = 1];
+}
+message ListDynamicValueMappingsResponse {
+ repeated policy.DynamicValueMapping dynamic_value_mappings = 1;
+
+ policy.PageResponse pagination = 10;
+}
+
+message CreateDynamicValueMappingRequest {
+ // Required: Attribute Definition ID or FQN to scope the mapping to
+ option (buf.validate.message).oneof = {
+ fields: ["attribute_definition_id", "attribute_definition_fqn"]
+ required: true
+ };
+ // Optional: Namespace ID or FQN to scope the mapping to
+ option (buf.validate.message).oneof = {
+ fields: ["namespace_id", "namespace_fqn"]
+ required: false
+ };
+
+ string attribute_definition_id = 1 [(buf.validate.field).string.uuid = true];
+ string attribute_definition_fqn = 2 [
+ (buf.validate.field).string = {
+ min_len: 1
+ uri: true
+ }
+ ];
+
+ // Required: the dynamic resolver comparing entity selector result to the resource value segment
+ policy.DynamicValueResolver value_resolver = 3 [(buf.validate.field).required = true];
+
+ // Required: actions permitted on a matched value
+ repeated policy.Action actions = 4 [
+ (buf.validate.field).repeated.min_items = 1,
+ (buf.validate.field).cel = {
+ id: "action_name_or_id_not_empty"
+ message: "Action name or ID must not be empty if provided"
+ expression: "this.all(item, item.name != '' || item.id != '')"
+ }
+ ];
+
+ // Optional static pre-gate. Reuse an existing SubjectConditionSet (prioritized) ...
+ string existing_subject_condition_set_id = 5 [(buf.validate.field).cel = {
+ id: "optional_uuid_format"
+ message: "Optional field must be a valid UUID"
+ expression: "size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}')"
+ }];
+ // ... or create a new one (ignored if existing_subject_condition_set_id is provided)
+ policy.subjectmapping.SubjectConditionSetCreate new_subject_condition_set = 6;
+
+ // Optional: namespace ID or FQN for the mapping
+ string namespace_id = 7 [(buf.validate.field).string.uuid = true];
+ string namespace_fqn = 8 [
+ (buf.validate.field).string = {
+ min_len: 1
+ uri: true
+ }
+ ];
+
+ // Optional
+ common.MetadataMutable metadata = 100;
+}
+message CreateDynamicValueMappingResponse {
+ policy.DynamicValueMapping dynamic_value_mapping = 1;
+}
+
+message UpdateDynamicValueMappingRequest {
+ // Required
+ string id = 1 [(buf.validate.field).string.uuid = true];
+
+ // Optional: replace the dynamic resolver
+ policy.DynamicValueResolver value_resolver = 2;
+
+ // Optional: replace the static pre-gate SubjectConditionSet by id
+ string subject_condition_set_id = 3 [(buf.validate.field).cel = {
+ id: "optional_uuid_format"
+ message: "Optional field must be a valid UUID"
+ expression: "size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}')"
+ }];
+
+ // Optional: replace the entire list of actions
+ repeated policy.Action actions = 4 [(buf.validate.field).cel = {
+ id: "action_name_or_id_not_empty"
+ message: "Action name or ID must not be empty if provided"
+ expression: "this.size() == 0 || this.all(item, item.name != '' || item.id != '')"
+ }];
+
+ // Common metadata
+ common.MetadataMutable metadata = 100;
+ common.MetadataUpdateEnum metadata_update_behavior = 101;
+}
+message UpdateDynamicValueMappingResponse {
+ policy.DynamicValueMapping dynamic_value_mapping = 1;
+}
+
+message DeleteDynamicValueMappingRequest {
+ // Required
+ string id = 1 [(buf.validate.field).string.uuid = true];
+}
+message DeleteDynamicValueMappingResponse {
+ // Only ID of the deleted mapping provided
+ policy.DynamicValueMapping dynamic_value_mapping = 1;
+}
+
+service DynamicValueMappingService {
+ rpc ListDynamicValueMappings(ListDynamicValueMappingsRequest) returns (ListDynamicValueMappingsResponse) {
+ option idempotency_level = NO_SIDE_EFFECTS;
+ }
+ rpc GetDynamicValueMapping(GetDynamicValueMappingRequest) returns (GetDynamicValueMappingResponse) {
+ option idempotency_level = NO_SIDE_EFFECTS;
+ }
+ rpc CreateDynamicValueMapping(CreateDynamicValueMappingRequest) returns (CreateDynamicValueMappingResponse) {}
+ rpc UpdateDynamicValueMapping(UpdateDynamicValueMappingRequest) returns (UpdateDynamicValueMappingResponse) {}
+ rpc DeleteDynamicValueMapping(DeleteDynamicValueMappingRequest) returns (DeleteDynamicValueMappingResponse) {}
+}
diff --git a/service/policy/objects.proto b/service/policy/objects.proto
index 3e6ee4d794..adac99663c 100644
--- a/service/policy/objects.proto
+++ b/service/policy/objects.proto
@@ -180,6 +180,21 @@ enum ConditionBooleanTypeEnum {
CONDITION_BOOLEAN_TYPE_ENUM_OR = 2;
}
+// Operators for dynamic, definition-level value entitlement. Unlike
+// SubjectMappingOperatorEnum, whose right-hand operand is a static list authored into
+// policy, a DynamicValueOperatorEnum's right-hand operand is the requested resource's
+// attribute value segment, supplied at decision time. Each value is the inversion of its
+// static SubjectMappingOperatorEnum counterpart.
+enum DynamicValueOperatorEnum {
+ DYNAMIC_VALUE_OPERATOR_ENUM_UNSPECIFIED = 0;
+ // true when the requested resource value segment equals one of the values resolved by
+ // the selector against the entity representation (inversion of IN)
+ DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN = 1;
+ // true when one of the selector-resolved entity values contains the requested resource
+ // value segment as a substring (inversion of IN_CONTAINS)
+ DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN_CONTAINS = 2;
+}
+
/*
Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute
value + action(s) combination
@@ -204,6 +219,53 @@ message SubjectMapping {
common.Metadata metadata = 100;
}
+/*
+ Definition Value Resolver: the dynamic half of a DynamicValueMapping. It
+ resolves a selector against the entity representation and compares the result to the
+ requested resource value segment using a DynamicValueOperatorEnum.
+*/
+message DynamicValueResolver {
+ // a selector for a field value on a flattened Entity Representation (such as from
+ // idP/LDAP), e.g. ".patientAssignments[]"
+ string subject_external_selector_value = 1 [(buf.validate.field).required = true];
+
+ // the dynamic operator comparing the selector result to the resource value segment
+ DynamicValueOperatorEnum operator = 2 [
+ (buf.validate.field).enum.defined_only = true,
+ (buf.validate.field).required = true
+ ];
+}
+
+/*
+ Dynamic Value Mapping: a Policy assigning permitted action(s) to
+ dynamically-requested values under an Attribute Definition. It raises entitlement
+ authority from a concrete Attribute Value to the Attribute Definition: at decision time
+ the value_resolver compares the requested resource value segment against the entity
+ representation, avoiding pre-provisioning a value + subject mapping per discrete value.
+*/
+message DynamicValueMapping {
+ string id = 1;
+
+ // the Attribute Definition whose values are entitled dynamically
+ Attribute attribute_definition = 2;
+
+ // the dynamic resolver matched against the requested resource value segment
+ DynamicValueResolver value_resolver = 3;
+
+ // optional static pre-gate on the entity, evaluated with normal SubjectConditionSet
+ // semantics (no dynamic overload). When present, both the gate and the resolver must
+ // pass for entitlement.
+ SubjectConditionSet subject_condition_set = 4;
+
+ // the actions permitted by subjects in this mapping
+ repeated Action actions = 5;
+
+ // the namespace containing this mapping
+ Namespace namespace = 6;
+
+ common.Metadata metadata = 100;
+}
+
/**
A Condition defines a rule of
|